WO2019010669A1 - 一种身份合法性验证的方法、装置及系统 - Google Patents

一种身份合法性验证的方法、装置及系统 Download PDF

Info

Publication number
WO2019010669A1
WO2019010669A1 PCT/CN2017/092797 CN2017092797W WO2019010669A1 WO 2019010669 A1 WO2019010669 A1 WO 2019010669A1 CN 2017092797 W CN2017092797 W CN 2017092797W WO 2019010669 A1 WO2019010669 A1 WO 2019010669A1
Authority
WO
WIPO (PCT)
Prior art keywords
electronic
private key
biometric data
access control
biometric
Prior art date
Application number
PCT/CN2017/092797
Other languages
English (en)
French (fr)
Inventor
唐杰
Original Assignee
深圳市汇顶科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市汇顶科技股份有限公司 filed Critical 深圳市汇顶科技股份有限公司
Priority to EP17917393.5A priority Critical patent/EP3525181B1/en
Priority to CN201780000633.4A priority patent/CN109643473A/zh
Priority to PCT/CN2017/092797 priority patent/WO2019010669A1/zh
Publication of WO2019010669A1 publication Critical patent/WO2019010669A1/zh
Priority to US16/404,788 priority patent/US10644887B2/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00563Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys using personal physical data of the operator, e.g. finger prints, retinal images, voicepatterns
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00817Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00857Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the data carrier can be programmed
    • GPHYSICS
    • G08SIGNALLING
    • G08CTRANSMISSION SYSTEMS FOR MEASURED VALUES, CONTROL OR SIMILAR SIGNALS
    • G08C17/00Arrangements for transmitting signals characterised by the use of a wireless electrical link
    • G08C17/02Arrangements for transmitting signals characterised by the use of a wireless electrical link using a radio link
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0847Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving identity based encryption [IBE] schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/80Services using short range communication, e.g. near-field communication [NFC], radio-frequency identification [RFID] or low energy communication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/06Arrangements for sorting, selecting, merging, or comparing data on individual record carriers
    • G06F7/08Sorting, i.e. grouping record carriers in numerical or other ordered sequence according to the classification of at least some of the information they carry
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00309Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks
    • G07C2009/00412Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys operated with bidirectional data transmission between data carrier and locks the transmitted data signal being encrypted
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/00174Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
    • G07C9/00817Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed
    • G07C2009/00825Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys where the code of the lock can be programmed remotely by lines or wireless communication
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C2209/00Indexing scheme relating to groups G07C9/00 - G07C9/38
    • G07C2209/02Access control comprising means for the enrolment of users
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C2209/00Indexing scheme relating to groups G07C9/00 - G07C9/38
    • G07C2209/08With time considerations, e.g. temporary activation, valid time window or time limitations

Definitions

  • the embodiments of the present application relate to the field of information security technologies, and in particular, to a method, device, and system for identity legality verification.
  • Fingerprint recognition refers to a technique of using biometric technology to identify and analyze the fingerprint characteristics of a target. Since the fingerprint is unique, the identification of the fingerprint feature can be used to determine personal information, which is rapidly developing in related fields such as security and management. In order to realize fingerprint recognition, a dedicated fingerprint identification device needs to be configured and set in a fixed position, thereby causing the user's fingerprint information to easily remain on the dedicated fingerprint identification device, which presents a security risk.
  • one of the technical problems solved by the embodiments of the present application is to provide a method for verifying identity legality to overcome the above technical problems in the prior art.
  • the first aspect of the present application provides a method for verifying identity legality, which is applied to an electronic terminal that communicates with an access control, including:
  • the second aspect of the present application provides a method for verifying identity legality, which is applied to an access control for communicating with an electronic terminal, including:
  • the electronic private key is paired with a pre-stored electronic public key for identity legality verification.
  • the third aspect of the present application provides an apparatus for verifying identity legality, which is applied to an electronic terminal that communicates with an access control, including:
  • a biometric acquisition module for collecting biometric data
  • a first processing module configured to generate an electronic private key according to the biometric data
  • a first communication module configured to send the electronic private key to the access control, and enable the access control to perform identity legality verification according to the electronic private key.
  • the fourth aspect of the present application provides an apparatus for verifying identity legality, including:
  • a second communication module configured to receive an electronic private key sent by the electronic terminal
  • the second processing module is configured to pair the electronic private key with a pre-stored electronic public key for identity legality verification.
  • an identity legality verification system comprising the apparatus of the third aspect and the apparatus of the fourth aspect.
  • the method, device and system for verifying identity legality in the embodiments of the present application complete user identity authentication by collecting user fingerprint data on the electronic terminal and performing data interaction with the access control, thereby avoiding dedicated
  • the fingerprint identification device is set at a specific location, and the fingerprint information of the user is no longer left on the fingerprint recognition device, which brings convenience to the user and enhances security.
  • FIG. 1 is a flowchart of a method for verifying identity legality according to Embodiment 1 of the present application
  • FIG. 2 is a flowchart of a method for verifying identity legality according to Embodiment 2 of the present application
  • FIG. 3 is a flowchart of a method for authenticating identity legality according to Embodiment 3 of the present application.
  • FIG. 4 is a structural diagram of an apparatus for verifying identity legality according to Embodiment 4 of the present application.
  • FIG. 5 is a structural diagram of an apparatus for verifying identity legality according to Embodiment 5 of the present application.
  • FIG. 6 is a structural diagram of a system for identity legality verification according to Embodiment 6 of the present application.
  • FIG. 1 is a flowchart of an identity legality verification method according to Embodiment 1 of the present application.
  • the embodiment is applied to an electronic terminal that communicates with the access control, and includes the following steps:
  • S101 Collect biometric data.
  • the biometric acquisition mode is set on an electronic terminal such as a smart phone.
  • the group such as a fingerprint collection module, collects biometric data such as fingerprint data of a user.
  • the electronic terminals herein include, but are not limited to, a smart phone and a tablet.
  • the embodiment and the following embodiments use a smart phone as an example to illustrate the solution of the present application. It should be noted that the description herein is merely illustrative and should not be construed as limiting the scope of the application.
  • the fingerprint collection module may be a biometric acquisition module based on electric field induction.
  • the biometric data is biometric electric field data.
  • the fingerprint acquisition module may also be a biometric acquisition module based on optical induction.
  • the biometric data is biometric image data.
  • the biometric data here is mainly a pattern of fingerprint lines, but it is not excluded that only the detailed feature points of the user including the fingerprint texture, such as the valley feature points, are acquired from the pattern of the fingerprint texture.
  • S102 Generate an electronic private key according to the biometric data.
  • the string corresponds to the time period one by one, that is, any time period uniquely corresponds to a string.
  • the time interval of the time period can be set according to specific needs, for example, set to 60 seconds, that is, one string generated within 60 seconds, and another string generated in the next 60 seconds. Different time periods correspond to different strings.
  • the first array has a unique correspondence with the biometric data, and the first array corresponding to different users is different, and the mapping function between the biometric data and the first array is different for different users, so that the generated electronic private key is generated.
  • Unique only one user.
  • the string in the first array is used as an electronic private key, which does not contain biometric data. Even if the string in the first array is obtained by others, the user's private information cannot be obtained according to the obtained string. Such as the pattern of fingerprint lines.
  • the biometric data of different users is different.
  • the corresponding first array is different for different users, thus ensuring the uniqueness of the electronic private key.
  • S103 Send the electronic private key to the access control, so that the access control performs identity legality verification according to the electronic private key.
  • the electronic private key in order to prevent the electronic private key from being intercepted during transmission, it is used for identity verification, and is mainly used to unlock the access control to illegally enter the secure area.
  • the method After generating the electronic private key according to the biometric data, The method further includes encrypting the electronic private key on the electronic terminal, and sending the encrypted electronic private key to the access control through the communication module on the electronic terminal. In this way, the leakage of user privacy data is avoided, and security is enhanced.
  • FIG. 2 is a flowchart of an identity legality verification method according to Embodiment 2 of the present application.
  • the electronic terminal when the electronic terminal matches the access control, the electronic terminal automatically starts the biometric collection module to enable the user to complete the identity verification method.
  • This embodiment further includes the following steps before step S101 of the first embodiment:
  • the module for completing communication with the access control on the electronic terminal is a wireless communication module, including a Bluetooth communication module or a visible light communication module or an infrared communication module.
  • the communication module of the access control is a wireless communication module, including a Bluetooth communication module or a visible light communication module or an infrared communication module.
  • the solution of this embodiment is described by taking a Bluetooth communication module as an example.
  • the pairing process only needs to be done once. After the pairing is completed, the electronic terminal, such as the smart phone, will remember the Bluetooth communication module paired with it, and there is no need to re-operate the pairing again in the future. At the same time, most of the current smart phones have Bluetooth communication modules, so there is no need to purchase equipment and materials, and no additional cost.
  • the Bluetooth communication module of the smart phone is matched with the Bluetooth communication module of the access control, thereby realizing the wireless connection between the electronic terminal and the access control. For example, when the wireless communication module of the smart phone and the wireless communication module of the access control enter the effective communication distance, the smart phone automatically starts the wireless communication module to pair with the wireless communication module of the access control.
  • the Bluetooth communication module of the electronic terminal detects the Bluetooth communication module of the access control and connects with the Bluetooth communication module of the access control
  • the biometric management page is loaded on the electronic terminal and the collection prompt item is loaded, prompting the user to input the fingerprint, and starting the biometric collection mode. group.
  • the user can generate the corresponding electronic private key by pressing the finger on the biometric collection module for the electronic terminal to collect the biometric data of the user.
  • the biometric collection module is a fingerprint acquisition module based on optical sensing, and correspondingly, the biometric data is biometric image data.
  • the biometric acquisition module is a fingerprint acquisition module based on electric field induction, and correspondingly, the biometric data is biometric electric field data.
  • the collected biometric data is a fingerprint pattern
  • break points, bifurcation points and turning points on the fingerprint pattern there are break points, bifurcation points and turning points on the fingerprint pattern, and these break points, bifurcation points and turning points are used as features for identifying the fingerprint pattern. Therefore, these break points, bifurcation points, and turning points are extracted from the collected fingerprint patterns, that is, effective biometric data is generated based on the biometric data, and an electronic private key is generated based on the valid biometric data.
  • the identity legality verification method applied to the electronic terminal in the above embodiment of the present application completes the user identity authentication by collecting user fingerprint data on the electronic terminal and interacting with the access control, thereby avoiding setting the dedicated fingerprint identification device in the At a specific location, the fingerprint information of the user is no longer left on the fingerprint recognition device, which brings convenience to the user and enhances security.
  • FIG. 3 it is a flowchart of an identity legality verification method according to Embodiment 3 of the present application. This embodiment is applied to the access control and includes the following steps:
  • S301 Receive an electronic private key sent by the electronic terminal.
  • the access control When the electronic terminal is matched with the access control, the access control will receive the electronic private key sent by the electronic terminal.
  • the electronic private key has a one-to-one correspondence with the user.
  • the electronic public key containing the biometric data is stored in advance in the access control, and the electronic public key is generated by the electronic terminal.
  • the electronic terminal After collecting the biometric data of the user, the electronic terminal establishes a function mapping relationship between the biometric data and the second array including the plurality of character strings, and sorts the plurality of strings and reads them through the time pointer, and the characters to be read out
  • the string is used as an electronic public key, or the read character string is deformed, and the deformed character string is used as an electronic public key.
  • the access control stores the electronic public key.
  • the biometric data is used as a fingerprint pattern, that is, the user needs to collect the fingerprint data (fingerprint pattern) of the user through an electronic device such as a smart phone.
  • the access control receives the electronic public key sent by the smart phone and stores it for matching with the electronic private key described above to verify the validity of the user's identity.
  • the access control only stores the electronic public key of the corresponding user, and does not store the fingerprint data of the user, so that the fingerprint data leakage of the user is further avoided, thereby enhancing security. That is, the access control locally stores only the electronic public key without storing biometric data.
  • the access control can also extract the effective biometrics of the fingerprint data, that is, the break point, the bifurcation point, and the turning point of the fingerprint pattern, and generate an electronic public key according to the break point, the bifurcation point, and the turning point of the fingerprint pattern.
  • the electronic terminal can encrypt the electronic private key
  • the electronic private key received by the access control is an electronic private key encrypted by the electronic terminal
  • the access control decrypts the encrypted electronic private key, and decrypts the encrypted electronic private key.
  • the electronic private key is matched with the electronic public key of the access control store. If the match is successful, it is determined that the identity of the user is legal, so the fingerprint data of the user can be used to unlock the access control. If the match fails, it is determined that the identity of the user is illegal, and the fingerprint data of the user cannot be used to unlock the access control.
  • the matching process between the decrypted electronic private key and the electronic public key is: firstly generating a pairing certificate according to the decrypted electronic private key and the electronic public key stored in the access control, and the algorithm for generating the pairing certificate is pre-stored in the access control
  • the generation algorithm corresponds to the generation algorithm of the paired voucher
  • the voucher verification rule is pre-stored at the same time.
  • the pairing credential matches the credential verification rule, if the verification result is successful, the user's identity is legal, and the electronic private key sent by the user through the electronic device can be used to unlock the access control, and at the same time, unlock the access control and allow User access.
  • the verification result fails, the user's identity is invalid.
  • the electronic private key sent by the user through the electronic device cannot be used to unlock the access control. At the same time, the user is not allowed to pass without unlocking the access control.
  • FIG. 4 is a structural diagram of an apparatus for verifying identity legality according to Embodiment 4 of the present application.
  • the apparatus for verifying identity legality mainly refers to an electronic terminal that takes a smart phone as an example.
  • the identity legality verification apparatus of this embodiment includes a biometrics collection module 401, a first processing module 402, and a first communication module 403.
  • the biometric feature collection module 401 is configured to collect biometric data of the user
  • the first processing module 402 is configured to identify and process the collected biometric data, and generate an electronic private key, where the first communication module 403 is used for access control.
  • the communication module is connected and performs data interaction, such as sending an electronic private key to the access control.
  • the first communication module 403 may specifically be a wireless communication chip such as a Bluetooth chip.
  • the first processing module 402 is further configured to perform texture feature recognition on the collected biometric data, or perform texture feature recognition on the collected biometric electric field data.
  • the communication module 403 of the electronic terminal detects the communication module of the access control within the effective communication distance, the communication module is paired with the access control, and when the communication module with the access control is successfully paired, the biometric management is loaded on the electronic terminal.
  • the page loads the collection prompt item, and starts the biometric collection module 401 set on the electronic terminal to collect the biometric data.
  • the first processing module 402 further includes a setup submodule and a selection submodule.
  • the establishing submodule is configured to establish a function mapping relationship between the biometric data and the first array comprising the plurality of character strings
  • the selecting submodule is configured to sort the plurality of strings and read out through the time pointer, and the characters to be read out
  • the string is used as an electronic private key, or the read string is transformed, and the deformed string is used as an electronic private key.
  • FIG. 5 is a structural diagram of an apparatus for verifying identity legality according to Embodiment 5 of the present application.
  • the device for identity legality verification may be an access control.
  • the identity legality verification apparatus in this implementation includes a second communication module 501 and a second processing module 502.
  • the second communication module 501 corresponds to the first communication module 403 in the fourth embodiment, and is mainly used for matching with the communication chip of the electronic terminal. Connecting, and performing data interaction, the second communication module 501 can also be a Bluetooth module.
  • the second processing module 502 is configured to: pair the locally stored electronic public key with the electronic private key to perform legality verification on the identity of the user according to the biometric data.
  • the electronic public key is generated by the electronic terminal.
  • biometric data is pre-acquired by the electronic terminal
  • a function mapping relationship between the biometric data and the second array including the plurality of character strings is established, and the plurality of character strings are sorted and read by the time pointer, and the readout is performed.
  • the string is used as an electronic public key, or the read string is deformed, and the deformed string is used as an electronic public key.
  • the second processing module 502 includes a generating sub-module and a verifying sub-module.
  • the generating submodule is configured to generate a pairing credential according to the decrypted electronic private key and the electronic public key stored locally by the access control
  • the verifying submodule is configured to verify the pairing credential according to the preset credential verification rule, and perform the identity of the user according to the verification result. Legality verification.
  • FIG. 6 is a structural diagram of an identity legality verification system according to Embodiment 6 of the present application.
  • the identity legality verification system of the present embodiment includes the electronic terminal 601 in the above-described fourth embodiment and related embodiments, and the access control 602 in the fifth embodiment and related embodiments.
  • the electronic terminal 601 collects biometric data through the biometric collection module, and identifies and processes the collected biometric data, generates an electronic private key, and encrypts the electronic private key, and stores the electronic public key and the electronic private key in the access control 602. Pairing, verifying the legality of the user's identity corresponding to the biometric data, ensuring that the user's private data is not leaked, and enhancing the security of the access control.
  • the electronic terminal of the embodiment of the present application exists in various forms, including but not limited to:
  • Mobile communication devices These devices are characterized by mobile communication functions and are mainly aimed at providing voice and data communication.
  • Such terminals include: smart phones (such as iPhone), multimedia phones, functional phones, and low-end phones.
  • Ultra-mobile personal computer equipment This type of equipment belongs to the category of personal computers, has computing and processing functions, and generally has mobile Internet access.
  • Such terminals include: PDAs, MIDs, and UMPC devices, such as the iPad.
  • Portable entertainment devices These devices can display and play multimedia content. Such devices include: audio, video players (such as iPod), handheld game consoles, e-books, and smart toys and portable car navigation devices.
  • the server consists of a processor, a hard disk, a memory, a system bus, etc.
  • the server is similar to a general-purpose computer architecture, but because of the need to provide highly reliable services, processing power and stability High reliability in terms of reliability, security, scalability, and manageability.
  • the device embodiments described above are merely illustrative, wherein the modules described as separate components may or may not be physically separate, and the components displayed as modules may or may not be physical modules, ie may be located A place, or it can be distributed to multiple network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the embodiment. Those of ordinary skill in the art can understand and implement without deliberate labor.
  • a machine-readable medium includes read only memory (ROM), random access memory (RAM), magnetic disk storage media, optical storage media, flash storage media, electrical, optical, acoustic, or other forms of propagation signals (eg, carrier waves) , infrared signal, digital signal, etc.), the computer software product includes a number of instructions for making a computer device ( The method described in various parts of the various embodiments or embodiments is performed by a personal computer, server, or network device.
  • embodiments of the embodiments of the present application can be provided as a method, apparatus (device), or computer program product. Therefore, the embodiments of the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware. Moreover, embodiments of the present application can take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) including computer usable program code.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • Embodiments of the present application are described with reference to flowchart illustrations and/or block diagrams of methods, apparatus, and computer program products according to embodiments of the present application. It will be understood that each flow and/or block of the flowchart illustrations and/or FIG.
  • These computer program instructions can be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing device to produce a machine for the execution of instructions for execution by a processor of a computer or other programmable data processing device.
  • the computer program instructions can also be stored in a computer readable memory that can direct a computer or other programmable data processing device to operate in a particular manner, such that the instructions stored in the computer readable memory produce an article of manufacture comprising the instruction device.
  • the apparatus implements the functions specified in one or more blocks of a flow or a flow and/or block diagram of the flowchart.
  • These computer program instructions can also be loaded onto a computer or other programmable data processing device. Having a series of operational steps performed on a computer or other programmable device to produce computer-implemented processing such that instructions executed on a computer or other programmable device are provided for implementing one or more processes and/or block diagrams in the flowchart. The steps of a function specified in a box or multiple boxes.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Telephone Function (AREA)
  • Collating Specific Patterns (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)

Abstract

本申请实施例提供一种身份合法性验证的方法,属于信息安全技术领域。其中应用于电子终端的身份合法性验证的方法包括:采集生物特征数据;根据所述生物特征数据生成电子私钥;将所述电子私钥发送至所述门禁,令所述门禁根据所述电子私钥进行身份合法性验证。本申请避免了将专用的指纹识别设备设置在特定位置,进而避免了指纹识别设备上留有用户的指纹数据,在给用户带来方便的同时增强了安全性。

Description

一种身份合法性验证的方法、装置及系统 技术领域
本申请实施例涉及信息安全技术领域,尤其涉及一种身份合法性验证的方法、装置及系统。
背景技术
传统的门禁通常需要通过刷IC卡、输入密码、呼叫等方式来开门,这些方式无一例外需要零距离操作。对于使用IC卡的方式,经常出现遗失补办、易被复制等麻烦,这不仅增加了管理难度,增加了成本,安全性也备受考验。同样的,对于输入密码的方式,由于密码容易泄露,门禁的安全性难以保证。基于传统门禁的种种缺陷,带有指纹识别技术的门禁系统应用而生。
指纹识别是指利用生物识别技术,对目标的指纹特征进行识别分析处理后进行判断的一种技术。由于指纹具有唯一性,对指纹特征的识别可以被用来确定个人信息,其在安全性、管理性等相关领域发展迅速。为了实现指纹识别,需要配置专用的指纹识别设备,并设置在固定的位置,由此造成用户的指纹信息容易留在专用的指纹识别设备上,存在安全隐患。
发明内容
有鉴于此,本申请实施例所解决的技术问题之一在于提供一种身份合法性验证的方法,用以克服现有技术中的上述技术问题。
基于上述目的,本申请的第一方面,提供一种身份合法性验证的方法,应用于与门禁进行通讯的电子终端,包括:
采集生物特征数据;
根据所述生物特征数据生成电子私钥;
将所述电子私钥发送至所述门禁,令所述门禁根据所述电子私钥进行身份合法性验证。
基于上述目的,本申请的第二方面,提供一种身份合法性验证的方法,应用于与电子终端进行通讯的门禁,包括:
接收电子终端发送的电子私钥;
将所述电子私钥与预先存储的电子公钥进行配对,以进行身份合法性验证。
基于上述目的,本申请的第三方面,提供一种身份合法性验证的装置,应用于与门禁进行通讯的电子终端,包括:
生物特征采集模组,用于采集生物特征数据;
第一处理模块,用于根据所述生物特征数据生成电子私钥;
第一通讯模块,用于将所述电子私钥发送至所述门禁,令所述门禁根据所述电子私钥进行身份合法性验证。
基于上述目的,本申请的第四方面,提供一种身份合法性验证的装置,包括:
第二通讯模块,用于接收电子终端发送的电子私钥;
第二处理模块,用于将所述电子私钥与预先存储的电子公钥进行配对,以进行身份合法性验证。
基于上述目的,在本申请的第五方面,还提供一种身份合法性验证系统,包括上述第三方面的装置和第四方面的装置。
由以上技术方案可见,本申请实施例的身份合法性验证的方法、装置及系统,通过在电子终端上采集用户指纹数据,并与门禁进行数据交互,完成用户的身份认证,避免了将专用的指纹识别设备设置在特定位置,同时指纹识别设备上不再留有用户的指纹信息,给用户带来方便的同时增强了安全性。
附图说明
为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请实施例中记载的一些实施例,对于本领域普通技术人员来讲,还可以根据这些附图获得其他的附图。
图1为本申请实施例一的身份合法性验证的方法的流程图;
图2为本申请实施例二的身份合法性验证的方法的流程图;
图3为本申请实施例三的身份合法性验证的方法的流程图;
图4为本申请实施例四的身份合法性验证的装置的结构图;
图5为本申请实施例五的身份合法性验证的装置的结构图;
图6为本申请实施例六的身份合法性验证的系统的结构图。
具体实施方式
当然,实施本申请实施例的任一技术方案必不一定需要同时达到以上的所有优点。
为了使本领域的人员更好地理解本申请实施例中的技术方案,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅是本申请实施例一部分实施例,而不是全部的实施例。基于本申请实施例中的实施例,本领域普通技术人员所获得的所有其他实施例,都应当属于本申请实施例保护的范围。
下面结合本申请实施例附图进一步说明本申请实施例具体实现。
如图1所示,为本申请实施例一的身份合法性验证方法的流程图。本实施例应用于与门禁进行通讯的电子终端,包括以下步骤:
S101:采集生物特征数据。
在本实施例中,通过设置在电子终端比如智能手机上的生物特征采集模 组,比如指纹采集模组,采集生物特征数据如用户的指纹数据,这里的电子终端包括但不限于智能手机和平板电脑,本实施例及以下实施例以智能手机为例对本申请的方案进行说明,需要指出的是,这里的说明仅仅起到示例性的作用,而不应当被理解为对本申请方案的限定。
随着科技的发展,指纹芯片的价格越来越低,智能手机搭载指纹芯片的期望也越来越高,通过指纹采集模组采集用户的指纹数据也越来越容易实现,在本实施例及以下实施例中,指纹采集模组可以是基于电场感应的生物特征采集模组,对应地,生物特征数据为生物特征电场数据;同时,指纹采集模组也可以是基于光学感应的生物特征采集模组,对应地,生物特征数据为生物特征图像数据。这里的生物特征数据主要为指纹纹路的图案,但并不排除只从在该指纹纹路的图案中获取用户包括指纹纹路的细节特征点,比如谷脊特征点等。
S102:根据生物特征数据生成电子私钥。
建立生物特征数据与第一数组之间的函数映射关系,其中,第一数组为包含多个字符串的集合,将多个字符串排序后通过时间指针读出,即第一数组中的数据即字符串与时间段一一对应,也即任一时间段唯一对应一个字符串。时间段的时间间隔可以根据具体需要设置,比如,设置为60秒,即在60秒内生成的一个字符串,在下一个60秒为另一个字符串。不同的时间段对应的字符串不同。这里第一数组与生物特征数据具有唯一对应关系,不同用户对应的第一数组不同,且对于不同用户,生物特征数据与第一数组之间的映射函数也不同,这样,使得生成的电子私钥具有唯一性,只对应一个用户。显而易见的,将第一数组中的字符串作为电子私钥,其并不包含生物特征数据,即使第一数组中的字符串被他人获取,也不能根据被获取的字符串得到用户的私人信息,比如指纹纹路的图案。
不同用户的生物特征数据不同,同时,对于不同的用户,其对应的第一数组不同,因此保证了电子私钥的唯一性。
S103:将电子私钥发送至门禁,令门禁根据电子私钥进行身份合法性验证。
在本实施例中,为了防止所述电子私钥在传输过程中被截获,被用于身份验证,主要是被用来解锁门禁以非法进入安全区域,在根据生物特征数据生成电子私钥之后,还包括,在电子终端上对电子私钥进行加密,并将加密后的电子私钥通过电子终端上的通讯模块发送至门禁。这样,避免了用户隐私数据的泄露,增强了安全性。
如图2所示,为本申请实施例二的身份合法性验证方法的流程图。本实施例为电子终端与门禁匹配时,电子终端自动启动生物特征采集模组以使用户完成身份验证的方法流程图。本实施例在实施例一的步骤S101之前还包括以下步骤:
S201:在有效通讯距离内检测到门禁的无线通讯模块时,与门禁的无线通讯模块进行配对。
在本实施例中,电子终端上完成与门禁之间的通讯的模块为无线通讯模块,包括蓝牙通讯模块或者可见光通讯模块或者红外通讯模块。对应的,门禁的通讯模块为无线通讯模块,包括蓝牙通讯模块或者可见光通讯模块或者红外通讯模块。在本实施中,以蓝牙通讯模块为例对本实施例的方案加以说明。
因蓝牙特有的特点,配对过程只需一次,配对完成后电子终端,比如智能手机会记住与之配对的蓝牙通讯模块,以后就不用再次重新操作配对。同时,目前的智能手机,绝大多数带有蓝牙通讯模块,不用另外购置设备和材料,无需增加成本。当带有蓝牙通讯模块的智能手机靠近门禁一定范围内时,智能手机的蓝牙通讯模块与门禁的蓝牙通讯模块完成匹配,实现了电子终端与门禁的无线连接。比如在所述智能手机的无线通讯模块与门禁的无线通讯模块进入有效通讯距离内时,智能手机自动启动无线通讯模块与门禁的无线通讯模块进行配对。
S202:启动生物特征采集模组。
当电子终端的蓝牙通讯模块检测到门禁的蓝牙通讯模块并与门禁的蓝牙通讯模块连接后,在电子终端上加载生物特征管理页面并加载采集提示项,提示用户输入指纹,并启动生物特征采集模组。用户可以通过将手指按压在生物特征采集模组上供电子终端采集用户的生物特征数据,进而生成对应的电子私钥。
可选的,在本实施例中,生物特征采集模组为基于光学感应的指纹采集模组,对应地,生物特征数据为生物特征图像数据。或者,生物特征采集模组为基于电场感应的指纹采集模组,对应地,生物特征数据为生物特征电场数据。当采集到的生物特征数据为指纹图案时,指纹图案上会有中断点、分叉点和转折点,这些中断点、分叉点和转折点被用作识别指纹图案的特征。因此,要在采集到的指纹图案中提取这些中断点、分叉点和转折点,即根据生物特征数据生成有效生物特征数据,并根据这些有效生物特征数据生成电子私钥。
本申请上述实施例的应用于电子终端的身份合法性验证方法,通过在电子终端上采集用户指纹数据,并与门禁进行数据交互,完成用户的身份认证,避免了将专用的指纹识别设备设置在特定位置,同时指纹识别设备上不再留有用户的指纹信息,给用户带来方便的同时增强了安全性。
如图3所示,为本申请实施例三的身份合法性验证方法的流程图。本实施例应用于门禁,包括以下步骤:
S301:接收电子终端发送的电子私钥。
当电子终端与门禁完成匹配后,门禁会接收电子终端发送的电子私钥。电子私钥与用户存在一一对应的关系。
S302:将电子私钥与预先存储的电子公钥进行配对,以进行身份合法性验证。
需要指出的是,用户在能够解锁门禁之前,需要在门禁注册其个人信息。 在本实施例中,将包含生物特征数据的电子公钥预先存储在门禁中,电子公钥由电子终端生成。电子终端在采集用户的生物特征数据后,建立生物特征数据与包含多个字符串的第二数组之间的函数映射关系,将多个字符串排序后通过时间指针读出,将读出的字符串作为电子公钥,或者,对读出的字符串进行变形,将变形后的字符串作为电子公钥。门禁存储电子公钥。以生物特征数据为指纹图案加以说明,即用户需要先通过电子设备比如智能手机采集用户的指纹数据(指纹图案),
生成电子公钥,并将该电子公钥发送至门禁;门禁接收智能手机发送的电子公钥并存储,以用作和上述的电子私钥进行匹配,来对用户的身份进行合法性验证。这样,实现了门禁只存储有对应用户的电子公钥,而没有存储用户的指纹数据,这样进一步的避免了用户的指纹数据泄露,从而增强了安全性。即门禁本地只存储所述电子公钥,而不存储生物特征数据。在本实施例中,门禁还可以提取指纹数据的有效生物特征,即指纹图案的中断点、分叉点和转折点,并根据指纹图案的中断点、分叉点和转折点生成电子公钥。
此外,由于电子终端可以对电子私钥进行加密,因此,当门禁接收到的电子私钥为经过电子终端加密的电子私钥时,门禁对加密后的电子私钥进行解密,并将解密后的电子私钥与门禁存储的电子公钥进行匹配。如果匹配成功,则判定该用户的身份合法,因此该用户的指纹数据可以被用于解锁门禁。如果匹配失败,则判定该用户的身份不合法,该用户的指纹数据不能被用于解锁门禁。
具体的,解密后的电子私钥与所述电子公钥的匹配过程为:先根据解密后的电子私钥和门禁本地存储的电子公钥生成配对凭证,生成配对凭证的算法为预先存储在门禁的生成算法,对应于配对凭证的生成算法,门禁同时预先存储有凭证验证规则,当生成配对凭证后,根据预先设定的凭证验证规则,验证配对凭证,根据验证结果,对用户的身份进行合法性验证。当配对凭证与凭证验证规则匹配时,则判定验证结果成功,则说明用户的身份合法,用户通过电子设备发送的电子私钥能够用于解锁门禁,同时,解锁门禁,允许 用户通行。当验证结果失败时,则说明用户的身份不合法,用户通过电子设备发送的电子私钥不能用于解锁门禁,同时,不解锁门禁,则不允许用户通行。
如图4所示,为本申请实施例四的身份合法性验证的装置的结构图。在本实施例中,所述身份合法性验证的装置主要指以智能手机为例的电子终端。本实施例的身份合法性验证装置包括生物特征采集模组401、第一处理模块402和第一通讯模块403。其中,生物特征采集模组401用于采集用户的生物特征数据,第一处理模块402用于对采集到的生物特征数据进行识别处理,并生成电子私钥,第一通讯模块403用于与门禁的通讯模块连接并进行数据交互,如将电子私钥发送至门禁。第一通讯模块403具体可以为无线通讯芯片比如蓝牙芯片。
此外,第一处理模块402还具体用于对采集到的生物特征数据进行纹理特征识别,或者,对采集到的生物特征电场数据进行纹理特征识别。
并且,当电子终端的第一通讯模块403在有效通讯距离内检测到门禁的通讯模块时,与门禁的通讯模块进行配对,当与门禁的通讯模块成功配对时,在电子终端上加载生物特征管理页面加载采集提示项,启动设置在电子终端上的生物特征采集模组401采集生物特征数据。
作为本申请的一个实施例,第一处理模块402还包括建立子模块和选择子模块。建立子模块用于建立生物特征数据与包含多个字符串的第一数组之间的函数映射关系,选择子模块用于将上述多个字符串排序后通过时间指针读出,将读出的字符串作为电子私钥,或者,对读出的字符串进行变形,将变形后的字符串作为电子私钥。
如图5所示,为本申请实施例五的身份合法性验证的装置的结构图。在本实施例中,身份合法性验证的装置可以是门禁。本实施中的身份合法性验证装置包括第二通讯模块501和第二处理模块502。第二通讯模块501对应于实施例四中的第一通讯模块403,其主要用于与电子终端的通讯芯片匹配 连接,并进行数据交互,第二通讯模块501同样可以为蓝牙模块。第二处理模块502用于:根据本地存储的电子公钥与电子私钥进行配对,以根据所述生物特征数据对用户的身份进行合法性验证。
此外,电子公钥由电子终端生成。在通过电子终端预先采集所述生物特征数据后,建立生物特征数据与包含多个字符串的第二数组之间的函数映射关系,将多个字符串排序后通过时间指针读出,将读出的字符串作为电子公钥,或者,对读出的字符串进行变形,将变形后的字符串作为电子公钥。
在本申请的一些具体实施例中,第二处理模块502包括生成子模块和验证子模块。生成子模块用于根据解密后的电子私钥和门禁本地存储的电子公钥生成配对凭证,验证子模块用于根据预设的凭证验证规则,验证配对凭证,根据验证结果,对用户的身份进行合法性验证。
如图6所示,为本申请实施例六的身份合法性验证系统的结构图。本实施的身份合法性验证系统包括上述实施例四以及相关实施例中的电子终端601以及实施例五以及相关实施例中的门禁602。
电子终端601通过生物特征采集模组采集生物特征数据,并对采集到的生物特征数据进行识别处理,生成电子私钥并对电子私钥进行加密,门禁602中存储的电子公钥与电子私钥进行配对,对生物特征数据对应的用户的身份进行合法性验证,保证了用户的私人数据不被泄露,同时增强了门禁的安全性。
上述产品可执行本申请实施例所提供的方法,具备执行方法相应的功能模块和有益效果。未在本实施例中详尽描述的技术细节,可参见本申请实施例所提供的方法。
本申请实施例的电子终端以多种形式存在,包括但不限于:
(1)移动通信设备:这类设备的特点是具备移动通信功能,并且以提供话音、数据通信为主要目标。这类终端包括:智能手机(例如iPhone)、多媒体手机、功能性手机,以及低端手机等。
(2)超移动个人计算机设备:这类设备属于个人计算机的范畴,有计算和处理功能,一般也具备移动上网特性。这类终端包括:PDA、MID和UMPC设备等,例如iPad。
(3)便携式娱乐设备:这类设备可以显示和播放多媒体内容。该类设备包括:音频、视频播放器(例如iPod),掌上游戏机,电子书,以及智能玩具和便携式车载导航设备。
(4)服务器:提供计算服务的设备,服务器的构成包括处理器、硬盘、内存、系统总线等,服务器和通用的计算机架构类似,但是由于需要提供高可靠的服务,因此在处理能力、稳定性、可靠性、安全性、可扩展性、可管理性等方面要求较高。
(5)其他具有数据交互功能的电子装置。
以上所描述的装置实施例仅仅是示意性的,其中所述作为分离部件说明的模块可以是或者也可以不是物理上分开的,作为模块显示的部件可以是或者也可以不是物理模块,即可以位于一个地方,或者也可以分布到多个网络模块上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。本领域普通技术人员在不付出创造性的劳动的情况下,即可以理解并实施。
通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到各实施方式可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件。基于这样的理解,上述技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品可以存储在计算机可读存储介质中,所述计算机可读记录介质包括用于以计算机(例如计算机)可读的形式存储或传送信息的任何机制。例如,机器可读介质包括只读存储器(ROM)、随机存取存储器(RAM)、磁盘存储介质、光存储介质、闪速存储介质、电、光、声或其他形式的传播信号(例如,载波、红外信号、数字信号等)等,该计算机软件产品包括若干指令用以使得一台计算机设备(可 以是个人计算机,服务器,或者网络设备等)执行各个实施例或者实施例的某些部分所述的方法。
最后应说明的是:以上实施例仅用以说明本申请实施例的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围。
本领域的技术人员应明白,本申请实施例的实施例可提供为方法、装置(设备)、或计算机程序产品。因此,本申请实施例可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请实施例可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。
本申请实施例是参照根据本申请实施例的方法、装置(设备)和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上, 使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。

Claims (24)

  1. 一种身份合法性验证的方法,应用于与门禁进行通讯的电子终端,其特征在于,所述方法包括:
    采集生物特征数据;
    根据所述生物特征数据生成电子私钥;
    将所述电子私钥发送至所述门禁,令所述门禁根据所述电子私钥进行身份合法性验证。
  2. 根据权利要求1所述的方法,其特征在于,所述采集生物特征数据包括:通过设置在电子终端上的生物特征采集模组采集生物特征数据。
  3. 根据权利要求2所述的方法,其特征在于,所述生物特征采集模组为基于光学感应的生物特征采集模组,对应地,所述生物特征数据为生物特征图像数据。
  4. 根据权利要求2所述的方法,其特征在于,所述生物特征采集模组为基于电场感应的生物特征采集模组,对应地,所述生物特征数据为生物特征电场数据。
  5. 根据权利要求1-4任一项所述的方法,其特征在于,在所述采集生物特征数据之前,还包括:
    在有效通讯距离内检测到门禁的无线通讯模块时,与所述门禁的无线通讯模块进行配对。
  6. 根据权利要求1所述的方法,其特征在于,所述根据所述生物特征数据生成电子私钥包括:
    根据所述生物特征数据生成有效生物特征数据,并根据所述有效生物特征数据生成电子私钥。
  7. 根据权利要求1所述的方法,其特征在于,所述根据所述生物特征数据生成电子私钥包括:
    建立所述生物特征数据与包含多个字符串的第一数组之间的函数映射关 系;
    将所述多个字符串排序后通过时间指针读出,将读出的字符串作为电子私钥,或者,对读出的字符串进行变形,将变形后的字符串作为电子私钥。
  8. 根据权利要求1-7任一项所述的方法,其特征在于,所述将所述电子私钥发送至所述门禁包括:通过蓝牙将所述电子私钥发送至所述门禁。
  9. 一种身份合法性验证的方法,应用于与电子终端进行通讯的门禁,其特征在于,包括:
    接收电子终端发送的电子私钥;
    将所述电子私钥与预先存储的电子公钥进行配对,以进行身份合法性验证。
  10. 根据权利要求9所述的方法,其特征在于,在所述接收电子终端发送的电子私钥之前,还包括:
    接收电子终端发送的电子公钥,并存储。
  11. 根据权利要求10所述的方法,其特征在于,所述电子公钥的生成为所述电子终端在采集生物特征数据后,建立所述生物特征数据与包含多个字符串的第二数组的之间的函数映射关系;
    将所述多个字符串排序后通过时间指针读出,将读出的字符串作为电子公钥,或者,对读出的字符串进行变形,将变形后的字符串作为电子公钥。
  12. 根据权利要求9所述的方法,其特征在于,所述将所述电子私钥与预先存储的电子公钥进行配对包括:
    根据所述电子私钥和预先存储的电子公钥生成配对凭证;
    根据预设的凭证验证规则,验证所述配对凭证,以进行身份合法性验证。
  13. 一种身份合法性验证的装置,其特征在于,应用于与门禁进行通讯的电子终端,包括:
    生物特征采集模组,用于采集生物特征数据;
    第一处理模块,用于根据所述生物特征数据生成电子私钥;
    第一通讯模块,用于将所述电子私钥发送至所述门禁,令所述门禁根据 所述电子私钥进行身份合法性验证。
  14. 根据权利要求13所述的装置,其特征在于,所述生物特征采集模组为基于光学感应的生物特征采集模组,对应地,所述生物特征数据为生物特征图像数据。
  15. 根据权利要求13所述的装置,其特征在于,所述生物特征采集模组为基于电场感应的生物特征采集模组,对应地,所述生物特征数据为生物特征电场数据。
  16. 根据权利要求13-15任一项所述的装置,其特征在于,所述第一通讯模块还用于:在有效通讯距离内检测到门禁的无线通讯模块时,与所述门禁的无线通讯模块进行配对。
  17. 根据权利要求13所述的装置,其特征在于,所述第一处理模块还用于:根据所述生物特征数据生成有效生物特征数据,并根据所述有效生物特征数据生成电子私钥。
  18. 根据权利要求13所述的装置,其特征在于,所述第一处理模块包括:
    建立子模块,用于建立所述生物特征数据与包含多个字符串的第一数组之间的函数映射关系;
    选择子模块,用于将所述多个字符串排序后通过时间指针读出,将读出的字符串作为电子私钥,或者,对读出的字符串进行变形,将变形后的字符串作为电子私钥。
  19. 根据权利要求13-18任一项所述的装置,其特征在于,所述第一通讯模块为蓝牙芯片,所述蓝牙芯片用于将所述电子私钥发送至所述门禁。
  20. 一种身份合法性验证的装置,其特征在于,应用于与电子终端进行通讯的门禁,包括:
    第二通讯模块,用于接收电子终端发送的电子私钥;
    第二处理模块,用于将所述电子私钥与预先存储的电子公钥进行配对,以进行身份合法性验证。
  21. 根据权利要求20所述的装置,其特征在于,所述第二通讯模块还用 于接收电子终端发送的电子公钥。
  22. 根据权利要求21所述的装置,其特征在于,所述电子公钥的生成为所述电子终端在采集生物特征数据后,建立所述生物特征数据与包含多个字符串的第二数组的之间的函数映射关系;将所述多个字符串排序后通过时间指针读出,将读出的字符串作为电子公钥,或者,对读出的字符串进行变形,将变形后的字符串作为电子公钥。
  23. 根据权利要求20所述的装置,其特征在于,所述第二处理模块包括:
    生成子模块,用于根据所述电子私钥和预先存储的电子公钥生成配对凭证;
    验证子模块,用于根据预设的凭证验证规则,验证所述配对凭证,以进行身份合法性验证。
  24. 一种身份合法性验证系统,其特征在于,包括如权利要求13-19任意一项所述的装置和如利要求20-23任意一项所述的装置。
PCT/CN2017/092797 2017-07-13 2017-07-13 一种身份合法性验证的方法、装置及系统 WO2019010669A1 (zh)

Priority Applications (4)

Application Number Priority Date Filing Date Title
EP17917393.5A EP3525181B1 (en) 2017-07-13 2017-07-13 Identity validity verification method and electronic terminal
CN201780000633.4A CN109643473A (zh) 2017-07-13 2017-07-13 一种身份合法性验证的方法、装置及系统
PCT/CN2017/092797 WO2019010669A1 (zh) 2017-07-13 2017-07-13 一种身份合法性验证的方法、装置及系统
US16/404,788 US10644887B2 (en) 2017-07-13 2019-05-07 Identity validity verification method, apparatus and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/092797 WO2019010669A1 (zh) 2017-07-13 2017-07-13 一种身份合法性验证的方法、装置及系统

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US16/404,788 Continuation US10644887B2 (en) 2017-07-13 2019-05-07 Identity validity verification method, apparatus and system

Publications (1)

Publication Number Publication Date
WO2019010669A1 true WO2019010669A1 (zh) 2019-01-17

Family

ID=65000987

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/092797 WO2019010669A1 (zh) 2017-07-13 2017-07-13 一种身份合法性验证的方法、装置及系统

Country Status (4)

Country Link
US (1) US10644887B2 (zh)
EP (1) EP3525181B1 (zh)
CN (1) CN109643473A (zh)
WO (1) WO2019010669A1 (zh)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110740216A (zh) * 2019-11-07 2020-01-31 江苏英索纳智能科技有限公司 基于手机蓝牙的控制开关
CN111651742A (zh) * 2020-04-29 2020-09-11 华为技术有限公司 验证用户身份的方法、电子设备和系统

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110782565A (zh) * 2019-11-07 2020-02-11 上海庆科信息技术有限公司 一种无线识别指纹装置及智能锁设备
CN110995410A (zh) * 2019-11-12 2020-04-10 杭州云萃流图网络科技有限公司 一种公钥和私钥的生成方法、装置、设备以及介质
CN113450465A (zh) * 2020-03-27 2021-09-28 阿里巴巴集团控股有限公司 核验设备
CN112884958A (zh) * 2021-02-02 2021-06-01 福建随行软件有限公司 一种电子凭证识别方法及门禁设备
CN115162892B (zh) * 2022-07-14 2023-09-12 重庆昕晟环保科技有限公司 一种防泄密控制装置
CN115242509B (zh) * 2022-07-22 2023-10-17 河南警察学院 一种基于数据分析的网络接入用身份验证系统

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101321069A (zh) * 2008-06-23 2008-12-10 刘洪利 手机生物身份证明制作、认证方法及其认证系统
CN203165055U (zh) * 2013-03-05 2013-08-28 深圳市亚略特生物识别科技有限公司 门禁遥控器
CN105991287A (zh) * 2015-02-26 2016-10-05 阿里巴巴集团控股有限公司 一种签名数据的生成及指纹认证请求方法及装置
CN205788363U (zh) * 2016-05-25 2016-12-07 象山赛柏斯智能科技有限公司 一种多重认证智能家居门禁系统
US20170078260A1 (en) * 2015-09-11 2017-03-16 I-Ting Shen Control System Operable by Mobile Devices

Family Cites Families (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7499548B2 (en) * 2003-06-24 2009-03-03 Intel Corporation Terminal authentication in a wireless network
US20070239994A1 (en) * 2006-04-05 2007-10-11 Kulkarni Vinod K Bio-metric encryption key generator
US9858401B2 (en) * 2011-08-09 2018-01-02 Biogy, Inc. Securing transactions against cyberattacks
CN202600802U (zh) 2012-03-31 2012-12-12 深圳光启创新技术有限公司 基于手机指纹识别的光控门禁系统
US9473494B2 (en) * 2014-01-09 2016-10-18 Fujitsu Limited Access credentials using biometrically generated public/private key pairs
CH709804B1 (de) * 2014-06-23 2018-12-28 Legic Identsystems Ag Elektronische Zugangskontrollvorrichtung und Zugangskontrollverfahren.
CN109147109A (zh) * 2015-03-10 2019-01-04 阿里巴巴集团控股有限公司 锁具、移动终端、锁具控制方法及锁具控制系统
CN105894628B (zh) * 2016-03-31 2019-01-22 宇龙计算机通信科技(深圳)有限公司 信息处理方法、装置和系统、移动终端、智能锁
US10469486B2 (en) * 2016-04-08 2019-11-05 University Of Maryland Method and apparatus for authenticating device and for sending/receiving encrypted information
US10404464B2 (en) * 2016-08-22 2019-09-03 Mastercard International Incorporated Method and system for secure FIDO development kit with embedded hardware
CN106340104B (zh) * 2016-08-31 2018-08-03 谢志豪 一种密码锁、密码锁控制系统及方法
CN106652141A (zh) * 2016-12-30 2017-05-10 北京拜克洛克科技有限公司 一种自行车开锁方法、系统及装置

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101321069A (zh) * 2008-06-23 2008-12-10 刘洪利 手机生物身份证明制作、认证方法及其认证系统
CN203165055U (zh) * 2013-03-05 2013-08-28 深圳市亚略特生物识别科技有限公司 门禁遥控器
CN105991287A (zh) * 2015-02-26 2016-10-05 阿里巴巴集团控股有限公司 一种签名数据的生成及指纹认证请求方法及装置
US20170078260A1 (en) * 2015-09-11 2017-03-16 I-Ting Shen Control System Operable by Mobile Devices
CN205788363U (zh) * 2016-05-25 2016-12-07 象山赛柏斯智能科技有限公司 一种多重认证智能家居门禁系统

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP3525181A4 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110740216A (zh) * 2019-11-07 2020-01-31 江苏英索纳智能科技有限公司 基于手机蓝牙的控制开关
CN111651742A (zh) * 2020-04-29 2020-09-11 华为技术有限公司 验证用户身份的方法、电子设备和系统
WO2021218466A1 (zh) * 2020-04-29 2021-11-04 华为技术有限公司 验证用户身份的方法、电子设备和系统

Also Published As

Publication number Publication date
EP3525181A4 (en) 2019-11-27
US20190260589A1 (en) 2019-08-22
CN109643473A (zh) 2019-04-16
EP3525181A1 (en) 2019-08-14
EP3525181B1 (en) 2021-04-21
US10644887B2 (en) 2020-05-05

Similar Documents

Publication Publication Date Title
US12113912B2 (en) Electronic authentication device and method using blockchain
WO2019010669A1 (zh) 一种身份合法性验证的方法、装置及系统
WO2017197974A1 (zh) 一种基于生物特征的安全认证方法、装置及电子设备
US8572713B2 (en) Universal authentication token
KR100992573B1 (ko) 휴대단말기를 이용한 인증 방법 및 시스템
JP5859953B2 (ja) 生体認証システム、通信端末装置、生体認証装置、および生体認証方法
JP2018532301A (ja) 本人認証方法及び装置
US20080305769A1 (en) Device Method & System For Facilitating Mobile Transactions
CN105868970B (zh) 一种认证方法和电子设备
CN106157025A (zh) 基于身份证的移动终端安全支付方法及系统
US9124571B1 (en) Network authentication method for secure user identity verification
JP5303407B2 (ja) 生体認証システム、携帯端末、半導体素子、および情報処理サーバ
JP2018205906A5 (zh)
JP7309261B2 (ja) 生体決済機器の認証方法、生体決済機器の認証装置、コンピュータ機器、及びコンピュータプログラム
EP3206329B1 (en) Security check method, device, terminal and server
CN110290134A (zh) 一种身份认证方法、装置、存储介质及处理器
CN110807624A (zh) 一种数字货币硬件冷钱包系统及其交易方法
CN106487758B (zh) 一种数据安全签名方法、业务终端以及私钥备份服务器
JP2011165102A (ja) 生体認証システムおよび携帯端末
CN117981272A (zh) 去中心化零信任身份核实认证系统及方法
US20200302088A1 (en) Electronic device for managing personal information and operating method thereof
US20170372306A1 (en) Payment by mobile device secured by f-puf
TWI696963B (zh) 票證發行與入場驗證系統與方法及使用於票證發行與入場驗證系統之用戶終端裝置
KR101936941B1 (ko) 생체인증을 이용한 전자결재 시스템, 방법 및 프로그램
JP2002278939A (ja) ユーザ認証方法、ユーザ認証システム、認証装置及びサービス提供装置

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17917393

Country of ref document: EP

Kind code of ref document: A1

ENP Entry into the national phase

Ref document number: 2017917393

Country of ref document: EP

Effective date: 20190510

NENP Non-entry into the national phase

Ref country code: DE