CN104794430B - A kind of method and system of fingerprint decryption - Google Patents
A kind of method and system of fingerprint decryption Download PDFInfo
- Publication number
- CN104794430B CN104794430B CN201510133060.5A CN201510133060A CN104794430B CN 104794430 B CN104794430 B CN 104794430B CN 201510133060 A CN201510133060 A CN 201510133060A CN 104794430 B CN104794430 B CN 104794430B
- Authority
- CN
- China
- Prior art keywords
- decrypted
- data
- module
- security module
- fingerprint
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 28
- 230000005540 biological transmission Effects 0.000 claims description 22
- 238000004891 communication Methods 0.000 description 25
- 238000010586 diagram Methods 0.000 description 14
- 238000012795 verification Methods 0.000 description 5
- 238000012360 testing method Methods 0.000 description 4
- 241000700605 Viruses Species 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 238000004590 computer program Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
Abstract
The invention discloses a kind of fingerprint decryption methods, comprising: obtains user fingerprints by fingerprint identification module;The user fingerprints are sent to security module;User fingerprints are verified according to preset verifying fingerprint by the security module, the verifying fingerprint is stored in the security module;When being verified, data to be decrypted are decrypted.Using the present invention, verifying is compared with the user fingerprints that fingerprint identification module is sent in the verifying fingerprint being preset in security module by security module, when being verified, data to be decrypted are decrypted, the risk that preset verifying fingerprint is distorted is reduced, the safety of data is improved.
Description
Technical field
The present invention relates to the method and systems that field of data encryption more particularly to a kind of fingerprint are decrypted.
Background technique
With the development of science and technology, a large amount of data need to transmit and store.In order to guarantee that data are being transmitted or deposited
It prevents other people from stealing during storage and leads to secret leakage, generally require that these data are encrypted.Currently, data
The mode of encryption is more and more diversified, for example, fingerprint recognition, personal recognition, iris recognition, face recognition etc..
Fingerprint refers to the convex recessed uneven streakline generated of the positive surface skin of the finger tips of people.The regular arrangement of streakline is formed
Different line types.Starting point, terminal, binding site and the bifurcation of streakline, the referred to as details of fingerprint.Fingerprint is a man day
It is born with and spends the remaining years till death constant.Because of confidentiality with higher, more applies in encrypting and deciphering system encrypting fingerprint.
Currently, process is decrypted after in fingerprint recognition in application processor, and answers in existing encrypting and deciphering system
With processor when carrying out fingerprint recognition, the verifying fingerprint for obtaining user fingerprints from other disparate modules respectively and prestoring is needed,
Application processor from other modules obtain verifying fingerprint during, verifying fingerprint often have the risk distorted, reduce number
According to safety.
Summary of the invention
The technical problem to be solved by the embodiment of the invention is that providing a kind of method and system of fingerprint decryption, pass through
Verifying is compared with the user fingerprints that fingerprint identification module is sent in the verifying fingerprint being pre-stored in security module by security module,
When being verified, data to be decrypted are decrypted, the risk that the verifying fingerprint prestored is distorted is reduced, improves number
According to safety.
In order to solve the above-mentioned technical problem, first aspect of the embodiment of the present invention discloses a kind of fingerprint decryption method, comprising:
User fingerprints are obtained by fingerprint identification module;
The user fingerprints are sent to security module;
User fingerprints are verified according to preset verifying fingerprint by the security module, the verifying fingerprint is stored in institute
It states in security module;
When being verified, data to be decrypted are decrypted.
Second aspect of the embodiment of the present invention discloses a kind of fingerprint decryption system, comprising:
Fingerprint obtains module, for obtaining user fingerprints by fingerprint identification module;
First sending module obtains user fingerprints that module obtains to security module for sending the fingerprint;
Authentication module, for verifying first sending module according to preset verifying fingerprint by the security module
The user fingerprints sent, the verifying fingerprint are stored in the security module;
Deciphering module, for when the authentication module is verified, data to be decrypted to be decrypted.
Implement the embodiment of the present invention, by security module by the verifying fingerprint being pre-stored in security module and fingerprint recognition mould
Verifying is compared in the user fingerprints that block is sent, and when being verified, data to be decrypted are decrypted.The embodiment of the present invention
It has the following beneficial effects:
1, the verifying fingerprint prestored is stored in security module, is carried out fingerprint comparison verifying by security module, is reduced
The risk that the verifying fingerprint prestored is distorted;It avoids the verifying fingerprint that will be prestored in security module and is sent to the progress of other modules
The risk distorted during fingerprint comparison solves the skill that verifying fingerprint is distorted during transmission in the prior art
Art problem;
2, key storage is decrypted the data to be decrypted received by security module, avoids in security module
The risk that key is leaked during transmission;
3, when other modules in addition to security module are by Virus entry, can not obtain stored in security module it is close
Key, can not distort the verifying fingerprint prestored, improve Information Security.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is a kind of flow diagram of embodiment of fingerprint decryption method provided in an embodiment of the present invention;
Fig. 2 is the flow diagram of another embodiment of fingerprint decryption method provided by the invention;
Fig. 3 is the flow diagram of the another embodiment of fingerprint decryption method provided by the invention;
Fig. 4 is a kind of structural schematic diagram of embodiment of fingerprint decryption system provided in an embodiment of the present invention;
Fig. 5 is the structural schematic diagram of another embodiment of fingerprint decryption system provided by the invention;
Fig. 6 is the structural schematic diagram of the another embodiment of fingerprint decryption system provided by the invention;
Fig. 7 is a kind of structural schematic diagram of embodiment of fingerprint decryption device provided in an embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
It should be noted that the term used in embodiments of the present invention is only merely for the mesh of description specific embodiment
, it is not intended to limit the invention." the one of the embodiment of the present invention and singular used in the attached claims
Kind ", " described " and "the" are also intended to including most forms, unless the context clearly indicates other meaning.It is also understood that this
Term "and/or" used herein refers to and includes one or more associated any or all possible group for listing project
It closes.
It is a kind of flow diagram of embodiment of fingerprint decryption method provided in an embodiment of the present invention, the party referring to Fig. 1
Method includes:
Step S102: user fingerprints are obtained by fingerprint identification module;
Specifically, fingerprint identification module (Finger Print Verification, FP) including but not limited to scratch type,
Push type can collect the fingerprint of user by fingerprint identification module.For example, user A can be contacted by modes such as touches
When fingerprint identification module, fingerprint identification module can acquire the fingerprint for getting user A.
Step S104: the user fingerprints are sent to security module;
Specifically, the step S102 user fingerprints got are sent to security module (Secure Element, SE).Peace
Full module and fingerprint identification module can carry out communication connection by communication interface.For example, fingerprint identification module can pass through SPI
Collected user fingerprints are sent to security module by interface.
It should be noted that the communication interface in each embodiment of the present invention connects including but not limited to SPI interface, SDIO
Mouth, MIPI interface etc..
Step S106: user fingerprints are verified according to preset verifying fingerprint by the security module, the verifying refers to
Line is stored in the security module;
Specifically, security module can receive the verifying fingerprint that user pre-enters, and security module is also possible to from other
The verifying fingerprint obtained in module, security module can store verifying fingerprint.Security module can meet step S104
The user fingerprints received are compared with pre-stored verifying fingerprint.When the user fingerprints that security module receives with deposit in advance
When the verifying fingerprint of storage is identical or part is identical, it is believed that be verified.For example, security module can be stored in advance
The verifying fingerprint of user A input, when security module receives the user fingerprints of fingerprint identification module transmission, security module can be with
By user fingerprints with verifying fingerprint be compared, when user fingerprints with verify fingerprint it is identical when or have 98% it is identical when,
It is considered that being verified.
It is obstructed out-of-date when verifying, current operation can be terminated, can be different in practical application, here with no restrictions.When testing
When card passes through, step S108 can be executed.
Step S108: when being verified, data to be decrypted are decrypted;
Specifically, when step S106 verifying fingerprint passes through, system can be to the data to be decrypted obtained from memory
It is decrypted.Key is stored in security module, key is corresponding with data to be decrypted.When need to data to be decrypted into
When row decryption, key can be obtained from security module, ciphertext data can be treated and be decrypted, the number after being decrypted
According to.
Referring to fig. 2, be fingerprint decryption method provided by the invention another embodiment flow diagram, this method packet
It includes:
Step S202: the data to be decrypted are obtained from memory;
Specifically, data to be decrypted are stored in memory.System can get number to be decrypted from memory
According to.
Step S204: data to be decrypted are sent to security module;
Specifically, the data to be decrypted that can be got with step S202 are sent to application processor (Application
Processor, AP), application processor can be by the data forwarding to be decrypted to security module.It can pass through between module
Communication interface is communicatively coupled.For example, data to be decrypted can be sent to using processing by memory by SDIO interface
Data to be decrypted are sent to security module by SPI interface or SDIO interface by device, application processor.
Step S206: user fingerprints are obtained by fingerprint identification module;
Specifically, fingerprint identification module (Finger Print Verification, FP) including but not limited to scratch type,
Push type can collect the fingerprint of user by fingerprint identification module.For example, user A can be contacted by modes such as touches
When fingerprint identification module, fingerprint identification module can acquire the fingerprint for getting user A.
Step S208: the user fingerprints are sent to security module;
Specifically, the step S206 user fingerprints got are sent to security module (Secure Element, SE).Peace
Full module and fingerprint identification module can carry out communication connection by communication interface.For example, by SPI interface, by fingerprint recognition
The user fingerprints that module is got are sent to security module.
Step S210: user fingerprints are verified according to preset verifying fingerprint by the security module, the verifying refers to
Line is stored in the security module;
Specifically, security module can receive the verifying fingerprint that user pre-enters, and security module is also possible to from other
The verifying fingerprint obtained in module, security module can store verifying fingerprint.Security module can meet step S208
The user fingerprints received are compared with pre-stored verifying fingerprint.When the user fingerprints that security module receives with deposit in advance
When the verifying fingerprint of storage is identical or part is identical, it is believed that be verified.For example, security module can be stored in advance
The verifying fingerprint of user A input, when security module receives the user fingerprints of fingerprint identification module transmission, security module can be with
By user fingerprints with verifying fingerprint be compared, when user fingerprints with verify fingerprint it is identical when or have 98% it is identical when,
It is considered that being verified.
It is obstructed out-of-date when verifying, current operation can be terminated, can be different in practical application, here with no restrictions.When testing
When card passes through, step S212 can be executed.
Step S212: it is decrypted by security module data to be decrypted according to the key pair prestored, institute
Key storage is stated in the security module;
Specifically, when step S210 verifying fingerprint passes through, system can be to the data to be decrypted obtained from memory
It is decrypted.Key is stored in security module, key is corresponding with data to be decrypted.When need to data to be decrypted into
When row decryption, key can be obtained from security module, and be decrypted by key pair data to be decrypted, be decrypted
Data afterwards.
For example, being stored in security module in the corresponding key " 0x28a246d3 " of data " hello " or security module
It is stored with the corresponding key " 0x6a43ad90 " of data " hello ".After user's checking fingerprint passes through, security module can basis
The key " 0x28a246d3 " of storage is treated ciphertext data " hello " and is decrypted.Or after user's checking fingerprint passes through, peace
Full module can treat ciphertext data " hello " according to the key " 0x6a43ad90 " of storage and be decrypted.
It is understood that before data are decrypted in security module, security module can generate in advance, it is close to store
Key.For example, security module is available to arrive be-encrypted data, and security module can read random number when encrypting to data
And key is generated, security module can store the key of generation.For example, security module receives be-encrypted data " you
It is good " after, it reads random number and generates key " 0x28a246d3 ", security module can be by the key of data " hello "
" 0x28a246d3 " is stored, and encrypted data " hello " can be " 0x456f04d ".For another example security module receives
To after be-encrypted data " hello ", reads random number and generate key " 0x6a43ad90 ", security module can be by data
The key " 0x6a43ad90 " of " hello " is stored, and encrypted data " hello " can be " 0x4b50e7a6 ".
Step S214: the data after decryption are sent to by application processor by the security module;
Specifically, the data after being decrypted after data to be decrypted being decrypted according to step S212 security module.
Data after decryption can be sent to application processor by communication interface by security module.For example, security module can pass through SPI
Data after decryption are sent to application processor by interface or SDIO interface.
Application processor can be exported the data after decryption by communication interface.For example, application processor can be with
Data " hello " after decryption are exported by terminal display.The terminal is including but not limited to mobile phone, computer, a
The electronic equipments such as people's computer, wrist-watch.
It is the flow diagram of the another embodiment of fingerprint decryption method provided by the invention, this method packet referring to Fig. 3
It includes:
Step S302: the data to be decrypted are obtained from memory;
Specifically, data to be decrypted are stored in memory.System can get number to be decrypted from memory
According to.
Step S304: user fingerprints are obtained by fingerprint identification module;
Specifically, fingerprint identification module (Finger Print Verification, FP) including but not limited to scratch type,
Push type can collect the fingerprint of user by fingerprint identification module.For example, user A can be contacted by modes such as touches
When fingerprint identification module, fingerprint identification module can acquire the fingerprint for getting user A.
Step S306: the user fingerprints are sent to security module;
Specifically, the step S304 user fingerprints got are sent to security module (Secure Element, SE).Peace
Full module and fingerprint identification module can carry out communication connection by communication interface.For example, by SPI interface, by fingerprint recognition
The user fingerprints that module is got are sent to security module.
Step S308: user fingerprints are verified according to preset verifying fingerprint by the security module, the verifying refers to
Line is stored in the security module;
Specifically, security module can receive the verifying fingerprint that user pre-enters, and security module is also possible to from other
The verifying fingerprint obtained in module, security module can store verifying fingerprint.Security module can meet step S306
The user fingerprints received are compared with pre-stored verifying fingerprint.When the user fingerprints that security module receives with deposit in advance
When the verifying fingerprint of storage is identical or part is identical, it is believed that be verified.For example, security module can be stored in advance
The verifying fingerprint of user A input, when security module receives the user fingerprints of fingerprint identification module transmission, security module can be with
By user fingerprints with verifying fingerprint be compared, when user fingerprints with verify fingerprint it is identical when or have 98% it is identical when,
It is considered that being verified.
It is obstructed out-of-date when verifying, current operation can be terminated, can be different in practical application, here with no restrictions.When testing
When card passes through, step S310 can be executed.
Step S310: the key of storage is sent to application processor by the security module;
Specifically, key is stored in security module, key is corresponding with data to be decrypted.When needing to be decrypted
When data are decrypted, application processor can first obtain the data to be decrypted of memory transmission, and application processor can be sent
The request of data key to be decrypted is obtained to security module, security module can send the close of data to be decrypted according to the request
Key is to application processor.Application processor can be decrypted by key pair data to be decrypted, the number after being decrypted
According to.The corresponding key of data to be decrypted can be sent to application processor (Application by communication interface by security module
Processor,AP).For example, data " you to be decrypted that application processor can be sent by SDIO interface memory
It is good ", application processor can send the request for obtaining the key of data " hello " to be decrypted by SPI interface or SDIO interface
To security module, security module can pass through SPI interface or SDIO interface for data " you to be decrypted according to the request
Corresponding key " 0x728a246d " is sent to application processor well ".
It is understood that before data are decrypted in security module, security module can generate in advance, it is close to store
Key.For example, security module is available to arrive be-encrypted data, and security module can read random number when encrypting to data
And key is generated, security module can store the key of generation.For example, security module receives be-encrypted data " you
It is good " after, it reads random number and generates key " 0x28a246d3 ", security module can be by the key of data " hello "
" 0x28a246d3 " is stored, and encrypted data " hello " can be " 0x456f04d ".For another example security module receives
To after be-encrypted data " hello ", reads random number and generate key " 0x6a43ad90 ", security module can be by data
The key " 0x6a43ad90 " of " hello " is stored, and encrypted data " hello " can be " 0x4b50e7a6 ".
Step S312: the application processor is according to the key, the data to be decrypted that will be obtained from memory
It is decrypted;
Specifically, the key that application processor can be obtained according to step S310, to the number to be decrypted obtained from memory
According to being decrypted.It is decrypted for example, application processor can treat ciphertext data " hello " according to key " 0x28a246d3 ",
Data " hello " after obtaining decryption;For another example application processor can treat ciphertext data according to key " 0x6a43ad90 "
" hello " is decrypted, the data " hello " after obtaining decryption.
Application processor can be exported the data after decryption by communication interface.For example, application processor can be with
Data " hello " after decryption are exported by terminal display.The terminal is including but not limited to mobile phone, computer, a
The electronic equipments such as people's computer, wrist-watch.
It referring to fig. 4, is a kind of structural schematic diagram of embodiment of fingerprint decryption system provided in an embodiment of the present invention,
In, as shown in figure 4, the fingerprint decryption system 50 may include: that fingerprint obtains module 502, the first sending module 504, verifying mould
Block 506, deciphering module 508, wherein
Fingerprint obtains module 502, for obtaining user fingerprints by fingerprint identification module;Fingerprint identification module (Finger
Print Verification, FP) including but not limited to scratch type, push type, use can be collected by fingerprint identification module
The fingerprint at family.For example, fingerprint identification module can acquire when user A can contact fingerprint identification module by modes such as touches
Get the fingerprint of user A.
First sending module 504 obtains user fingerprints that module 502 obtains to safe mould for sending the fingerprint
Block;Fingerprint can be obtained into the user fingerprints that module 502 is got and be sent to security module (Secure Element, SE).Peace
Full module and fingerprint identification module can carry out communication connection by communication interface.For example, fingerprint identification module can pass through SPI
Collected user fingerprints are sent to security module by interface.
Authentication module 506 is sent for verifying described first according to preset verifying fingerprint by the security module
The user fingerprints that module is sent;Security module can receive the verifying fingerprint that user pre-enters, and security module can also be with
It is that verifying fingerprint is got from other modules, security module can store verifying fingerprint.Security module can will lead to
The user fingerprints that the first sending module 504 receives are crossed to be compared with pre-stored verifying fingerprint.When security module receives
The user fingerprints arrived with when pre-stored verifying fingerprint is identical or part is identical, it is believed that be verified.For example,
The verifying fingerprint of user A input can be stored in advance in security module, when security module receives the use of fingerprint identification module transmission
When the fingerprint of family, security module user fingerprints can be compared with verifying fingerprint, when user fingerprints and the verifying complete phase of fingerprint
Simultaneously or have 98% it is identical when, it is believed that be verified.
It is obstructed out-of-date when verifying, current operation can be terminated, can be different in practical application, here with no restrictions.When testing
When card passes through, deciphering module 508 can be triggered.
Deciphering module 508, for when the authentication module 506 is verified, data to be decrypted to be decrypted.Peace
It is stored with key in full module, key is corresponding with data to be decrypted.It, can when needing that data to be decrypted are decrypted
To obtain key from security module, ciphertext data can be treated and be decrypted, the data after being decrypted.For example, peace
It is stored in full module in the corresponding key " 0x28a246d3 " of data " hello " or security module and is stored with data
" hello " corresponding key " 0x6a43ad90 ".After user's checking fingerprint passes through, it can be obtained from security module to be decrypted
The key " 0x28a246d3 " of data " hello " is treated ciphertext data " hello " by key " 0x28a246d3 " and is decrypted.
Or after user's checking fingerprint passes through, the key of data to be decrypted " hello " can be obtained from security module
" 0x6a43ad90 " treats ciphertext data " hello " by key " 0x6a43ad90 " and is decrypted.
It is understood that before data are decrypted in security module, security module can generate in advance, it is close to store
Key.For example, security module is available to arrive be-encrypted data, and security module can read random number when encrypting to data
And key is generated, security module can store the key of generation.For example, security module receives be-encrypted data " you
It is good " after, it reads random number and generates key " 0x28a246d3 ", security module can be by the key of data " hello "
" 0x28a246d3 " is stored, and encrypted data " hello " can be " 0x456f04d ".For another example security module receives
To after be-encrypted data " hello ", reads random number and generate key " 0x6a43ad90 ", security module can be by data
The key " 0x6a43ad90 " of " hello " is stored, and encrypted data " hello " can be " 0x4b50e7a6 ".
It is the structural schematic diagram of another embodiment of fingerprint decryption system provided by the invention, wherein such as Fig. 5 referring to Fig. 5
Shown, which includes that fingerprint obtains module 502, the first sending module 504, authentication module 506, deciphering module
It can also include obtaining module 510, the second sending module 512, third sending module 514 except 508, in which:
Module 510 is obtained, for being obtained before data to be decrypted are decrypted in the deciphering module from memory
The data to be decrypted;Data to be decrypted are stored in memory.System can get to be decrypted from memory
Data.
Second sending module 512, for sending the data to be decrypted for obtaining the acquisition of module 510 to the peace
Full module.
Further, second sending module may include the first transmission unit and the second transmission unit, in which:
First transmission unit, for the data to be decrypted to be sent to application processor.First transmission unit can be with
It will acquire module 510 and be sent to application processor (Application by the data to be decrypted that memory is got
Processor, AP), it can be communicatively coupled by communication interface between memory and application processor.For example, memory
Data to be decrypted can be sent to application processor by SDIO interface.
The data to be decrypted are sent to the security module for the application processor by the second transmission unit.
Application processor can be by the data forwarding to be decrypted to security module, can be by logical between memory and security module
Communication interface is communicatively coupled.For example, application processor can be sent out data to be decrypted by SPI interface or SDIO interface
It send to security module.
Third sending module 514, for passing through after data to be decrypted are decrypted in the deciphering module 508
Data after decryption are sent to application processor by the security module.Deciphering module 508 is by security module to be decrypted
Data decrypted after being decrypted after data.Data after decryption can be sent to application by communication interface by security module
Processor.For example, the data after decryption can be sent to using processing by security module by SPI interface or SDIO interface
Device.
It is understood that application processor can be exported the data after decryption by communication interface.For example, answering
The data " hello " after decryption can be exported by terminal display with processor.The terminal is including but not limited to hand
The electronic equipments such as machine, computer, PC, wrist-watch.
It is the structural schematic diagram of the another embodiment of fingerprint decryption system provided by the invention, wherein such as Fig. 6 referring to Fig. 6
Shown, which includes that fingerprint obtains module 502, the first sending module 504, authentication module 506, deciphering module
508, wherein
The deciphering module 508 may include third transmission unit and decryption unit, in which:
The key of storage is sent to application processor for the security module by third transmission unit;In security module
It is stored with key, key is corresponding with data to be decrypted.When needing that data to be decrypted are decrypted, application processor
The data to be decrypted of memory transmission can be first obtained, application processor, which can be sent, obtains the request of data key to be decrypted extremely
Security module, security module can be according to the keys for requesting transmission data to be decrypted to application processor.Application processor
It can be decrypted by key pair data to be decrypted, the data after being decrypted.Security module can be connect by communication
The corresponding key of data to be decrypted is sent to application processor (Application Processor, AP) by mouth.For example, using
The data to be decrypted " hello " that processor can be sent by SDIO interface memory, application processor can pass through SPI
Interface or SDIO interface send the request for obtaining the key of data " hello " to be decrypted to security module, and security module can root
The corresponding key " 0x28a246d3 " of data " hello " to be decrypted is sent out by SPI interface or SDIO interface according to the request
It send to application processor.It is understood that before data are decrypted in security module, security module can generate in advance,
Store key.For example, security module is available to arrive be-encrypted data, and security module can be read when encrypting to data
Random number simultaneously generates key, and security module can store the key of generation.For example, security module receives number to be encrypted
After " hello ", reads random number and generate key " 0x28a246d3 ", security module can be by the key of data " hello "
" 0x28a246d3 " is stored.For another example reading random number and life after security module receives be-encrypted data " hello "
At key " 0x6a43ad90 ", security module can be stored the key " 0x6a43ad90 " of data " hello ".
Decryption unit, it is described to be decrypted by what is obtained from memory for the application processor according to the key
Data are decrypted.The key that application processor can be obtained according to third transmission unit, it is to be decrypted to what is obtained from memory
Data are decrypted.It is solved for example, application processor can treat ciphertext data " hello " according to key " 0x28a246d3 "
Close, after obtaining decryption data " hello ".
It is understood that application processor can be exported the data after decryption by communication interface.For example, answering
The data " hello " after decryption can be exported by terminal display with processor.The terminal is including but not limited to hand
The electronic equipments such as machine, computer, PC, wrist-watch.
It is a kind of structural schematic diagram of embodiment of fingerprint decryption device provided in an embodiment of the present invention referring to Fig. 7.Its
In, as shown in fig. 7, the equipment may include: fingerprint identification module 702, security module 704, application processor 706, memory
708, input equipment 710, output equipment 712, in which:
Input equipment 710 is including but not limited to keyboard, touch screen etc..User can input triggering by input equipment 701 and refer to
It enables.For example, user can pass through the instruction etc. of touch-screen input ciphertext data.For another example user can be clicked by keyboard wait solve
The picture to be decrypted is decrypted in close picture, triggering equipment.
Application processor 706 can obtain the data by encryption from memory 708.Application processor 706 can incite somebody to action
The encryption data of acquisition is sent in security module 704 by communication interface.It should be noted that in each embodiment of the present invention
Communication interface including but not limited to SPI interface, SDIO interface, MIPI interface etc..For example, application processor 706 can pass through
SDIO interface obtains the data by encryption from memory 708, and will be by encryption by SPI interface or SDIO interface
Data are sent to security module 704.
Application processor 706 can send fingerprint collecting instruction to (the Finger Print of fingerprint identification module 702
Verification, FP), fingerprint identification module 702 can collect the fingerprint of user according to fingerprint collecting instruction;Fingerprint recognition
Module 702 is including but not limited to scratch type, push type.
Security module 704 can receive the fingerprint that fingerprint identification module 702 collects user by communication interface.It needs
Bright, the communication interface in each embodiment of the present invention is including but not limited to SPI interface, SDIO interface, MIPI interface etc..Example
Such as, security module 704 can receive the fingerprint that fingerprint identification module 702 collects user by SPI interface.Security module 704
It can have store function, security module 704 can will be stored from the collected user fingerprints of fingerprint identification module 702.
Security module 704 can will be compared from the collected user fingerprints of fingerprint identification module 702 with the verifying fingerprint prestored, when
After fingerprint comparison success, security module 704 can extract the key pair prestored data to be decrypted and be decrypted.
Application processor 706 can receive the data after security module 704 is decrypted by communication interface.For example, at application
Managing device 706 can be by the data after SPI interface or the decryption of SDIO interface security module 704.
Application processor 706 can trigger output equipment 712 and export the data after decryption.Output equipment 712 wraps
Contain but be not limited to display, loudspeaker etc..For example, passing through the data after mobile phone screen display decryption.For another example being raised by mobile phone
Voice etc. after the output decryption of sound device.
It should be noted that the specific embodiment of the present embodiment can be with reference to above-mentioned Fig. 1 to Fig. 6 embodiment, here not
It repeats again.
In conclusion providing a kind of method and system of fingerprint decryption by implementing the embodiment of the present invention, passing through safe mould
Verifying is compared with the user fingerprints that fingerprint identification module is sent in the verifying fingerprint being pre-stored in security module by block, works as verifying
By when, data to be decrypted are decrypted.The embodiment of the present invention has the following beneficial effects:
1, the verifying fingerprint prestored is stored in security module, is carried out fingerprint comparison verifying by security module, is reduced
The risk that the verifying fingerprint prestored is distorted;It avoids the verifying fingerprint that will be prestored in security module and is sent to the progress of other modules
The risk distorted during fingerprint comparison solves the skill that verifying fingerprint is distorted during transmission in the prior art
Art problem;
2, key storage is decrypted the data to be decrypted received by security module, avoids in security module
The risk that key is leaked during transmission;
3, when other modules in addition to security module are by Virus entry, can not obtain stored in security module it is close
Key, can not distort the verifying fingerprint prestored, improve Information Security.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the program can be stored in a computer-readable storage medium
In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic
Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access
Memory, RAM) etc..
Above disclosed is only a preferred embodiment of the present invention, cannot limit the power of the present invention with this certainly
Sharp range, those skilled in the art can understand all or part of the processes for realizing the above embodiment, and weighs according to the present invention
Benefit requires made equivalent variations, still belongs to the scope covered by the invention.
Claims (10)
1. a kind of fingerprint decryption method characterized by comprising
User fingerprints are obtained by fingerprint identification module;
The user fingerprints are sent to security module;
Preset verifying fingerprint is compared with the user fingerprints by the security module, the verifying fingerprint is stored in
In the security module;
When the preset verifying fingerprint with the user fingerprints are identical or part is identical when, to data to be decrypted into
Row decryption;
It is wherein, described that data to be decrypted are decrypted, comprising:
It is decrypted by security module data to be decrypted according to the key pair prestored, the key storage is in institute
It states in security module.
2. the method as described in claim 1, which is characterized in that the data to be decrypted are stored in memory, described right
Before data to be decrypted are decrypted, further includes:
The data to be decrypted are obtained from the memory;
The data to be decrypted are sent to the security module.
3. method according to claim 2, which is characterized in that described to send the data to be decrypted to the safe mould
Block, comprising:
The data to be decrypted are sent to application processor;
The data to be decrypted are sent to the security module by the application processor.
4. the method as described in claim 1, which is characterized in that it is described data to be decrypted are decrypted after, further includes:
The data after decryption are sent to application processor by the security module.
5. the method as described in claim 1, which is characterized in that described that data to be decrypted are decrypted, comprising:
The key of storage is sent to application processor by the security module;
The data to be decrypted obtained from memory are decrypted according to the key for the application processor.
6. a kind of fingerprint decryption system characterized by comprising
Fingerprint obtains module, for obtaining user fingerprints by fingerprint identification module;
First sending module obtains user fingerprints that module obtains to security module for sending the fingerprint;
Authentication module, for will be described in preset verifying fingerprint and first sending module send by the security module
User fingerprints are compared, and the verifying fingerprint is stored in the security module;
Deciphering module, for when the preset verifying fingerprint with the user fingerprints are identical or part is identical when, it is right
Data to be decrypted are decrypted;
Wherein, the deciphering module specifically includes:
It is decrypted by security module data to be decrypted according to the key pair prestored, the key storage is in institute
It states in security module.
7. system as claimed in claim 6, which is characterized in that the system also includes:
Obtain module, for before data to be decrypted are decrypted in the deciphering module, from memory obtain it is described to
The data of decryption;
Second sending module, for sending the data to be decrypted for obtaining module acquisition to the security module.
8. system as claimed in claim 7, which is characterized in that second sending module includes:
First transmission unit, for the data to be decrypted to be sent to application processor;
The data to be decrypted are sent to the security module for the application processor by the second transmission unit.
9. system as claimed in claim 6, which is characterized in that the system also includes:
Third sending module, for passing through the safe mould after data to be decrypted are decrypted in the deciphering module
Data after decryption are sent to application processor by block.
10. system as claimed in claim 6, which is characterized in that the deciphering module includes:
The key of storage is sent to application processor for the security module by third transmission unit;
Decryption unit, for the application processor according to the key, the data to be decrypted that will be obtained from memory
It is decrypted.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510133060.5A CN104794430B (en) | 2015-03-25 | 2015-03-25 | A kind of method and system of fingerprint decryption |
PCT/CN2015/082993 WO2016150023A1 (en) | 2015-03-25 | 2015-06-30 | Fingerprint decrypting method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510133060.5A CN104794430B (en) | 2015-03-25 | 2015-03-25 | A kind of method and system of fingerprint decryption |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104794430A CN104794430A (en) | 2015-07-22 |
CN104794430B true CN104794430B (en) | 2019-04-12 |
Family
ID=53559218
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510133060.5A Active CN104794430B (en) | 2015-03-25 | 2015-03-25 | A kind of method and system of fingerprint decryption |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN104794430B (en) |
WO (1) | WO2016150023A1 (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106295368A (en) * | 2016-08-17 | 2017-01-04 | 四川长虹通信科技有限公司 | The data security protection method of a kind of mobile terminal and system |
CN114598466A (en) * | 2022-03-08 | 2022-06-07 | 山东云海国创云计算装备产业创新中心有限公司 | Production data processing method and device, computer equipment and storage medium |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1885315A (en) * | 2006-05-26 | 2006-12-27 | 上海一维科技有限公司 | Embedded single secure chip biological fingerprint recognition system and method thereof |
WO2009083528A1 (en) * | 2007-12-21 | 2009-07-09 | Thales | Method and system for generating stable biometric data |
CN202045900U (en) * | 2010-12-07 | 2011-11-23 | 东莞宝元数控科技有限公司 | Positioning mechanism of machine tool |
CN102273128A (en) * | 2008-12-08 | 2011-12-07 | 茂福公司 | Identification or authorisation method, and associated system and secure module |
CN202433919U (en) * | 2011-12-06 | 2012-09-12 | 四川久远新方向智能科技有限公司 | High-accuracy fingerprint identifier |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN202049500U (en) * | 2011-05-12 | 2011-11-23 | 国民技术股份有限公司 | Fingerprint identification system based on TCM (trusted cryptography module) |
-
2015
- 2015-03-25 CN CN201510133060.5A patent/CN104794430B/en active Active
- 2015-06-30 WO PCT/CN2015/082993 patent/WO2016150023A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1885315A (en) * | 2006-05-26 | 2006-12-27 | 上海一维科技有限公司 | Embedded single secure chip biological fingerprint recognition system and method thereof |
WO2009083528A1 (en) * | 2007-12-21 | 2009-07-09 | Thales | Method and system for generating stable biometric data |
CN102273128A (en) * | 2008-12-08 | 2011-12-07 | 茂福公司 | Identification or authorisation method, and associated system and secure module |
CN202045900U (en) * | 2010-12-07 | 2011-11-23 | 东莞宝元数控科技有限公司 | Positioning mechanism of machine tool |
CN202433919U (en) * | 2011-12-06 | 2012-09-12 | 四川久远新方向智能科技有限公司 | High-accuracy fingerprint identifier |
Also Published As
Publication number | Publication date |
---|---|
CN104794430A (en) | 2015-07-22 |
WO2016150023A1 (en) | 2016-09-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102542449B (en) | A kind of radio communication device and payment authentication method | |
CN107592308A (en) | A kind of two server multiple-factor authentication method towards mobile payment scene | |
CN105574963B (en) | A kind of gate inhibition's verification method and door control terminal | |
CN105554741A (en) | Communication information transmission method and system, and apparatus | |
CN101488111A (en) | Identification authentication method and system | |
CN102945526A (en) | Device and method for improving online payment security of mobile equipment | |
CN102201137A (en) | Network security terminal, and interaction system and method based on terminal | |
CN104468937A (en) | Data encryption and decryption methods and devices for mobile terminal and protection system | |
CN105405185A (en) | Safety verifying method and apparatus thereof | |
CN101819614A (en) | System and method for enhancing network transaction safety by utilizing voice verification USBKey | |
CN108401494B (en) | Method and system for transmitting data | |
CN104065648B (en) | A kind of data processing method of voice call | |
CN103366278A (en) | Method and system for processing operation request | |
CN110278083A (en) | ID authentication request treating method and apparatus, equipment replacement method and apparatus | |
CN109600296A (en) | A kind of certificate chain instant communicating system and its application method | |
CN107818253A (en) | Face template data inputting control method and Related product | |
CN101652782A (en) | Communication terminal device, communication device, electronic card, method for a communication terminal device and method for a communication device for providing a verification | |
CN104883686A (en) | Mobile terminal safety certificate method, device, system and wearable equipment | |
CN109005144A (en) | A kind of identity identifying method, equipment, medium and system | |
CN104794430B (en) | A kind of method and system of fingerprint decryption | |
CN202206419U (en) | Network security terminal and interactive system based on terminal | |
CN107026735A (en) | Method and managed devices that a kind of password is automatically entered | |
CN112425116A (en) | Intelligent door lock wireless communication method, intelligent door lock, gateway and communication equipment | |
CN115776413B (en) | Iris encryption-based data transmission method and system | |
CN107046524A (en) | It is a kind of based on ultrasonic wave use intelligent entrance guard method and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
EXSB | Decision made by sipo to initiate substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |