CN108064376A

CN108064376A - System starts method of calibration and system, electronic equipment and computer storage media

Info

Publication number: CN108064376A
Application number: CN201780001742.8A
Authority: CN
Inventors: 孔维国; 王兵; 陈洪; 孙文彬
Original assignee: Shenzhen Huiding Technology Co Ltd
Current assignee: Shenzhen Goodix Technology Co Ltd
Priority date: 2017-11-20
Filing date: 2017-11-20
Publication date: 2018-05-22
Also published as: WO2019095357A1

Abstract

This application discloses a kind of computer storage media, electronic equipment, system startup method of calibration and system, methods to include：Start pre start-up operation environment, the first fingerprint that pre start-up operation environment is installed on by operation drives, and obtains the user fingerprints of active user's input；Fingerprint template in the user fingerprints and currently stored template data is subjected to fingerprint matching, obtains matching result；According to matching result, the authorization check under pre start-up operation environment is carried out.The technical solution that the application provides can effectively improve efficiency and the accuracy of fingerprint matching, and then reduce system and start taking for verification, and improve the accuracy and reliability of verification.

Description

System starts method of calibration and system, electronic equipment and computer storage media

Technical field

This application involves computer software fields more particularly to a kind of system to start method of calibration and system, electronic equipment And computer storage media.

Background technology

With electronic equipments such as tablet computer, PC (personal computer, abbreviation PC), laptops Popularization, user also proposed requirement to the performance and security of electronic equipment.Current scheme is, in the operation of electronic equipment Before system starts, first pass through and start pre start-up operation environment, such as basic input output system (Basic Input Output System, abbreviation BIOS), unified Extensible Firmware Interface " (Unified Extensible Firmware Interface, Abbreviation UEFI) etc., it is responsible for doing the work such as hardware-initiated and detection in start, carries out initialization detection and loading, improves behaviour Make the startup speed and stability of system.

Under pre start-up operation environment, in order to ensure secure user data, it usually needs carry out system and start verification.Pre- Under start-up operation environment, the general authorization check that user is completed using password.In the prior art, in order to improve the convenient of verification Property, it can also be by carrying out living things feature recognition, such as fingerprint recognition progress authorization check.Specifically, fingerprint equipment is being equipped with, Such as on the electronic equipment of fingerprint sensor, user can carry out fingerprint matching by pressing fingerprint module, realize user right Verification.

Above-mentioned fingerprint recognition of the prior art and matching are usually completed by the integrated chip in fingerprint sensor, that is, are being referred to Fingerprint matching (Match on Chip, MOC) is carried out on line sensor chip, correspondingly, can basis under pre start-up operation environment Whether the fingerprint matching of fingerprint sensor successfully carries out authorization check.But due to integrated limitation, fingerprint sensor integrates The processing capacity of chip is usually weaker, this will influence the complexity for installing and being stored in the algorithm for recognizing fingerprint in integrated chip And computational accuracy, and then system is caused to start the time-consuming longer of verification, and can generate that template optimized loss is big, fingerprint matching is accurate The problems such as exactness is not high.

The content of the invention

This application provides a kind of systems to start method of calibration and system, electronic equipment and computer storage media, is used for It solves existing system and starts the technical issues of checkschema depends on fingerprint sensor, influences the efficiency verified and accuracy.

The first aspect of the application is to provide for a kind of system and starts method of calibration, including：Start pre start-up operation ring Border, the first fingerprint that pre start-up operation environment is installed on by operation drive, and obtain the user fingerprints of active user's input；By institute It states user fingerprints and carries out fingerprint matching with the fingerprint template in currently stored template data, obtain matching result；According to matching As a result, carry out the authorization check under pre start-up operation environment.

The second aspect of the application is to provide for a kind of system and starts check system, including：First acquisition module, is used for Start pre start-up operation environment, the first fingerprint that pre start-up operation environment is installed on by operation drives, and it is defeated to obtain active user The user fingerprints entered；Matching module, for the fingerprint template in the user fingerprints and currently stored template data to be carried out Fingerprint matching obtains matching result；First correction verification module, for according to matching result, carrying out the power under pre start-up operation environment Limit verification.

The third aspect of the application is to provide for a kind of electronic equipment, including：At least one processor and memory；Institute State memory storage computer executed instructions；The computer execution that at least one processor performs the memory storage refers to Order, to perform method as described before.

The fourth aspect of the application is to provide for a kind of computer storage media, is stored in the computer storage media Program instruction, described program instruction realize method as described before when being executed by processor.

The system that the application provides starts method of calibration and system, electronic equipment and computer storage media, is closed starting After start-up operation environment, the fingerprint that pre start-up operation environment is installed on by operation drives, and realizes following scheme：It obtains current User fingerprints input by user, and fingerprint matching is carried out according to fingerprint template, authorization check is carried out according to matching result.The fingerprint Driving is installed under pre start-up operation environment, and fingerprint matching is carried out after the startup of pre start-up operation environment, therefore can utilize electricity The hardware unit of sub- equipment carries out fingerprint matching, and since the hardware unit processing capacity of electronic equipment is powerful, better performances can It supports more complicated and accurate algorithm and processing, therefore the efficiency and accurately of fingerprint matching can be effectively improved by this programme Degree, and then reduce system and start taking for verification, and improve the accuracy and reliability of verification.

Description of the drawings

In order to illustrate more clearly of the technical solution in the embodiment of the present application, make required in being described below to embodiment Attached drawing is briefly described, it should be apparent that, the accompanying drawings in the following description is only some embodiments of the present application, for For those of ordinary skill in the art, other attached drawings are can also be obtained according to these attached drawings.

Figure 1A is the flow diagram that a kind of system that the embodiment of the present application one provides starts method of calibration；

Figure 1B is the system structure composition schematic diagram of UEFI；

Fig. 1 C and Fig. 1 D are the startup stage schematic diagram of UEFI；

Fig. 1 E~Fig. 1 G are the flow diagram that the system that the embodiment of the present application one provides starts method of calibration；

Fig. 1 H are a kind of data format schematic diagram for template data that the embodiment of the present application provides；

Fig. 1 I are that a kind of data encryption of template data handles schematic diagram；

Fig. 2A~Fig. 2 E are the flow diagram that the system that the embodiment of the present application two provides starts method of calibration；

Fig. 3 A and Fig. 3 B are respectively the procedure chart and interaction figure of UEFI stage fingerprint matchings；

Fig. 3 C are a kind of system architecture of the embodiment of the present application three；

Fig. 3 D are the basic structure of WBF in the embodiment of the present application three；

Fig. 3 E are the data Stored Procedure in the embodiment of the present application three；

Fig. 3 F are the interaction figure of Windows operating system stage fingerprint matching；

Fig. 3 G are the interaction figure between operating system and the driving of the second fingerprint

Fig. 4 A~Fig. 4 B are the structure diagram that the system that the embodiment of the present application four provides starts check system；

Fig. 5 is the structure diagram that the system that the embodiment of the present application five provides starts check system.

Specific embodiment

To make the purpose, technical scheme and advantage of the embodiment of the present application clearer, below in conjunction with the embodiment of the present application In attached drawing, the technical solution in the embodiment of the present application is clearly and completely described, it is clear that described embodiment is Some embodiments of the present application, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art All other embodiments obtained shall fall in the protection scope of this application.

Unless otherwise defined, all of technologies and scientific terms used here by the article and the technical field of the application is belonged to The normally understood meaning of technical staff is identical.The term used in the description of the present application is intended merely to description tool herein The purpose of the embodiment of body, it is not intended that in limitation the application.Term as used herein "and/or" includes one or more phases The arbitrary and all combination of the Listed Items of pass.Below in conjunction with the accompanying drawings, some embodiments of the application are made specifically It is bright.In the case where there is no conflict, the feature in following embodiment and embodiment can be mutually combined.

The noun involved by the application is explained first：

PBA：Pre-Boot Authentication carry out authenticating user identification before System guides；

MOH：Match on HOST are matched in host side, and the storage of fingerprint template data, the processing of finger print data all exist Host side is completed；

MOC：Match on Chip are matched in die terminals, and fingerprint template, data acquisition, data processing are all complete in die terminals Into；

TEE：Trusted Execute Environment, credible performing environment；

UEFI/EFI：Extend Firmware Interface, a kind of firmware interface technology of general high scalability, Start self-test, the initialization of equipment at the beginning of guiding for electronic equipment, and load operating system；

WBF：Windows Biometric Framework, Windows biological identification technology frames；

Figure 1A is the flow diagram that a kind of system that the embodiment of the present application one provides starts method of calibration；Refer to the attached drawing 1A It understands, present embodiments provides a kind of system and start method of calibration, which starts method of calibration for rapidly and accurately realizing System under pre start-up operation environment starts verification, includes specifically, the system starts method of calibration：

101：Start pre start-up operation environment, the first fingerprint that pre start-up operation environment is installed on by operation drives, and obtains The user fingerprints that active user is taken to input；

102：Fingerprint template in the user fingerprints and currently stored template data is subjected to fingerprint matching, acquisition With result；

103：According to matching result, the authorization check under pre start-up operation environment is carried out.

Specifically, the executive agent that the system starts method of calibration, which can be system, starts check system.In practical application In, which, which starts check system, to be realized by program code, which starts check system or be stored with phase The medium for performing code is closed, for example, USB flash disk etc.；Alternatively, it can also be to integrate or be equipped with correlation to hold that the system, which starts check system, The entity apparatus of line code, for example, chip, intelligent terminal, computer and various electronic equipments.

Wherein, pre start-up operation environment refers to carry out equipment self-inspection, initialization loading early period in electronic equipment starting The stage of operations is waited, current pre start-up operation environment usually has BIOS, UEFI etc..For example, as shown in Figure 1B, Tu1BWei The system structure composition schematic diagram of UEFI is, it is necessary to which explanation, the scheme of the present embodiment can be adapted for any pre start-up operation Environment is not limited herein.Here the authorization check under pre start-up operation environment is referred in pre start-up operation Environmental phase carry out user's checking, if being proved to be successful subsequently can start-up operation system, otherwise, refuse start-up operation system, To ensure the safe handling of electronic equipment, the use of disabled user is prevented.Optionally, in order to further improve the security, it is actual In, after os starting, user's checking, i.e. stepping under operating system can also be still provided for before login user account Record verification.

In practical application, the first fingerprint driving in this programme can be the program being previously written, which can be by journey Sequence personnel write in advance, when the driving of the first fingerprint is run, can accordingly perform a series of flows, and the flow based on execution can be with The fingerprint of active user's input is obtained, and fingerprint matching is carried out according to the template data of storage, and then completes pre start-up operation ring Authorization check under border.Specifically, the driving of the first fingerprint is installed on pre start-up operation environment, after the startup of pre start-up operation environment Operation, therefore its flow is by the hardware unit of electronic equipment, such as master central processor (Central Processing Unit, abbreviation CPU) and random access memory (Random Access Memory, RAM) execution, its can be utilized powerful Computing capability and process performance improve the efficiency and accuracy of fingerprint matching.

Specifically, the execution condition of the first fingerprint driving can be true according to the system loads situation under pre start-up operation environment It is fixed, it can ensure that the driving of the first fingerprint performs the condition needed for fingerprint recognition.It is illustrated with UEFI, the driving of the first fingerprint can To work in driving performing environment (abbreviation DXE) stage of UEFI.Specifically, as shown in Figure 1 C, Fig. 1 C are the startup rank of UEFI Section schematic diagram, as shown in the figure, UEFI has multiple startup stages, the detailed process in each stage may be referred to UEFI SPEC or Other UEFI data.In this example, the first fingerprint, which drives, works in the DXE phase of UEFI, and most system equipments have been at this time Initialization, can work normally, possess more operation resource, be suitble to the execution of the first fingerprint driving.As shown in figure iD, scheme " the fingerprint driving " of middle DXE phase is the first fingerprint driving in the UEFI stages that the present embodiment is realized.Specifically, UEFI can be with It is driven by the way that the Interface Controller that the first fingerprint drives is called to run the first fingerprint.

In practical application, template data is usually the data of user's typing registered in advance.Correspondingly, refer to be previously-completed Line is registered, in order to the fingerprint recognition in subsequent survey scheme.As referring to figure 1E, Fig. 1 E are provided another for the embodiment of the present application one A kind of system starts the flow diagram of method of calibration, and on the basis of foregoing any embodiment, the method further includes：

104：According to the registration request of user, the fingerprint management program of operating system is installed on by operation, obtains user First fingerprint of typing；

105：Using first fingerprint as fingerprint template, assembling obtains and stores the template data.

With actual scene for example：The flow of fingerprint register can be in operating system (Operating System, abbreviation OS carried out after) starting.When user is desired with fingerprint register, registration flow can be triggered by performing corresponding user's operation Journey, after user triggers register flow path, operating system can pass through the fingerprint management under operating system according to the registration request of user Program, prompts user's typing fingerprint on a display screen, and the finger for needing typing fingerprint is pressed against finger by user according to display reminding On the fingerprint module of line sensor, operating system obtains the fingerprint of user's typing by fingerprint sensor；Using fingerprint as fingerprint Template obtains template data by carrying out data assembling, and further, the template data that storage assembling obtains completes fingerprint note Volume.

Specifically, the process of user's registration can generate several template datas, optionally, the template data for assembling acquisition can be with It is stored in the motherboard flash of fingerprint sensor, the hard disk that operating system is safeguarded and pre start-up operation environment maintenance at least One.Specifically, the method for calibration based on this programme, the storage mode of template data is more flexible, can both be stored in fingerprint Sensor can also be stored in the hard disk of operating system maintenance, and the mainboard that can also be stored in pre start-up operation environment maintenance dodges In depositing.Hard disk mentioned here includes but not limited to hard disk drive (Hard Disk Drive, abbreviation HDD), solid state disk (Solid State Drives, abbreviation SSD) etc..In addition, the motherboard flash includes but not limited to the plug-in large capacity of mainboard FLASH flash memories.

For example, template data can be stored in hard disk or motherboard flash, involves a need to use template data Flow, such as the authorization check under pre start-up operation environment and the login authentication under operating system can (referring to aftermentioned embodiment) To share the template data, further, if by template data storage in a hard disk, can be write direct in registration process hard It, can be by calling pre start-up operation environment, for example, during the operation of UEFI if template data is stored in motherboard flash by disk On the mainboard FLASH that (abbreviation RT) service interface write-in UEFI is safeguarded.Alternatively, again for example, template data can also be deposited Storage is in hard disk and motherboard flash.Present embodiment can improve the security of data by backup, in Missing data or damage In the case of, ensure that system starts the reliability of verification.Under the present embodiment, in order to further improve the convenient of data acquisition Property, data distribution can be carried out.Specifically, the template data needed for authorization check under pre start-up operation environment can be from mainboard FLASH is obtained, and the template data needed for login authentication under operating system can be obtained from hard disk.

Present embodiment the characteristics of being performed with reference to the fingerprint recognition of this programme by the device hardware of electronic equipment, is led to The flexible storage mode of template data is crossed, the memory space of template data can be effectively improved, and improves the speed of data transmission Degree starts taking for inspection so as to be further reduced system, improves efficiency.

Specifically, each corresponding fingerprint template of fingerprint can have it is multiple.As an example it is assumed that the finger that user currently registers Line is the fingerprint of left index finger, and the fingerprint template of the left index finger of typing can have multiple in registration process, for example, main body refers to Line, edge fingerprint etc., correspondingly, above-mentioned multiple fingerprint templates can obtain in a manner that multiple typing gathers.By this reality The mode of applying can improve the matched accuracy of fingerprint recognition.

In practical application, after os starting, the fingerprint driving take over fingerprint sensor under operating system is responsible for Instruction transmission and communication interaction between fingerprint sensor, correspondingly, user can be by the fingerprint installed in operating system Management software, for example, what the application (abbreviation FMA) or separate hardware business (abbreviation IHV) in the fingerprint management that OS is carried drove FMA, addition or deletion template data, the template data include but not limited to fingerprint template.Specifically, the fingerprint in this programme The flow of registration can combine current fingerprint register technology and realize.Using OS as Windows for example, the fingerprint in this programme The flow of registration can combine the related procedure of Windows Hello services, and the present embodiment is not limited herein.It needs Illustrate, it is only a kind of enforceable mode enumerated that the citing that Windows is carried out is combined in this programme, and this programme is not only fitted For Windows, other operating systems, such as Android, Linux etc. can be applicable to.

In practical application, fingerprint template can be also used for user account in addition to it can be used for carrying out Authority Verification Identification logs in.Optionally, as shown in fig. 1F, Fig. 1 F are that another system that the embodiment of the present application one provides starts method of calibration Flow diagram, on the basis of Fig. 1 E illustrated embodiments, the template data can include the corresponding finger of each user account Line template；

Correspondingly, 105 can specifically include：

1051：Using first fingerprint as the corresponding fingerprint template of the user account of the user, by by described One fingerprint and the user account of the user are bound, and assembling obtains the template data.

With actual scene for example：Operating system can pass through the finger under operating system according to the registration request of user Line management program, prompts user's typing fingerprint on a display screen, user according to display reminding will need the finger of typing fingerprint by It is pressed on the fingerprint module of fingerprint sensor, operating system obtains the fingerprint of user's typing by fingerprint sensor；Fingerprint is made For fingerprint template, further, operating system can also obtain the user account currently logged in or may be used also for new user To establish the user account of the user, and then using the fingerprint of typing as the corresponding fingerprint template of the user account of the user, tool Body, can be by the way that fingerprint and user account to be bound, assembling obtains template data.Correspondingly, in present embodiment Template data includes the corresponding fingerprint template of each user account.In practical application, each user account can correspond at least one Fingerprint template.

Present embodiment during fingerprint register, establishes the correspondence between user account and fingerprint template, after It is continuous corresponding user account to be logged according to the result of fingerprint recognition, improve the convenience of system check.

In addition, in order to further improve the security of system check, as shown in Figure 1 G, Fig. 1 G carry for the embodiment of the present application one Another system supplied starts the flow diagram of method of calibration, described on the basis of Fig. 1 E or Fig. 1 F illustrated embodiments Template data further includes the corresponding electronic device identification of each fingerprint template；

Correspondingly, 105 can specifically include：

1052：Using first fingerprint and current electronic device identification as the corresponding equipment mark of first fingerprint Know, by the way that first fingerprint and current electronic device identification are bound, assembling obtains the template data.

With actual scene for example：Operating system prompts user's typing fingerprint, Yong Hugen according to the registration request of user According to prompting typing fingerprint, operating system obtains the fingerprint of user's typing by fingerprint sensor；Using fingerprint as fingerprint template, into One step, operating system can also obtain current electronic device identification, and electronic device identification mentioned here is used for current Electronic equipment uniquely characterized, for example, the electronic device identification can include fingerprint sensor mark and/or The mark of device hardware, the device hardware can include but is not limited to be integrated in the mark of the master cpu in current electronic device Know.Subsequently, using the fingerprint of typing as fingerprint template, fingerprint and electronic device identification are bound, assembling obtains template number According to.It, can be according to fingerprint in template data and the binding relationship of electronic equipment, with reference to the use currently gathered when subsequently being verified Family fingerprint and current electronic device identification carry out verification certification, it is assumed that mismatch, can take various ways verify or Refusal performs the mode of follow-up process, avoids illegally logging in, and improves security.Correspondingly, the template data in present embodiment Including the corresponding electronic device identification of each fingerprint template, so as to identify whether the electronic equipment that user currently logs in changes, Further improve the security that system starts verification.Optionally, template data can also be updated and is safeguarded.

In addition for example, when present embodiment is combined implementation with the embodiment shown in Fig. 1 F, each template data The data of middle storage can include fingerprint template, corresponding user account and the corresponding electronic device identification of user's typing, Correspondingly, needing to bind above-mentioned data during data assembling, correspondence is established.Specifically, as shown in fig. 1H, Fig. 1 H are A kind of data format schematic diagram for template data that the embodiment of the present application provides, in the figure illustrated embodiment, each template number According to the mark including fingerprint sensor, the mark of CPU, the mark of user account and fingerprint template data.In addition, present embodiment In can also be directed to each fingerprint template corresponding fingerprint, i.e. fingerprint ID are set.Subsequently, needing to some fingerprint template When being characterized, it need to only provide the fingerprint of the fingerprint template, this embodiment party without transmission fingerprint template data in itself Formula can either reduce the data volume of data processing, can also further improve the security in data transmission procedure.

In practical application, since user fingerprints data belong to crucial sensitive data, deposited during fingerprint register When storing up template data, it will usually be stored after data are encrypted.Encrypted method can there are many, for example, utilizing cryptography Template data is encrypted in related algorithm.For concrete example, the base of any embodiment in aforementioned fingerprint registration process On plinth, the storage template data, can specifically include described in 105：

The HMAC values of the template data are calculated using hmac algorithm；

The template data and the HMAC values are encrypted using aes algorithm, store encrypted template data.

Specifically, HMAC refers to the relevant Hash operation message authentication code of key, hmac algorithm is then using hash algorithm, with one A key and a message are input, generate an eap-message digest as output.It, can be according to default secret in present embodiment Using the secret key and template data as inputting, the HMAC values of template data are calculated by hmac algorithm for key；To template data Further using aes algorithm to template data, i.e. the HMAC values of clear data and template data are encrypted, obtain HMAC values Encrypted template data is stored.For example, as shown in Figure 1 I, Fig. 1 I are that a kind of data encryption of template data is handled Schematic diagram, it can be seen that after template data assembling finishes, the HMAC values for being calculated all data using hmac algorithm first are ensured The authenticity and integrity of data, then clear data and HMAC values are input to together in aes algorithm again obtain it is encrypted Template data.

By present embodiment, store, can further ensure that after algorithm process is encrypted to template data The security of template data, and then improve the safety and reliability that system starts verification.

Specifically, the matching result in this programme can be determined according to fingerprint matching success or not.Specific decision condition It can be set as needed.It is exemplified below：

It is the situation of failure for matching result, in the base of foregoing any embodiment as a kind of enforceable mode On plinth, 102 can specifically include：

Fingerprint template in the user fingerprints and currently stored template data is subjected to fingerprint matching, if fingerprint matching Failure then judges the matching result for failure.

In present embodiment, after the user fingerprints that verification gathers in the process are matched with fingerprint template, if fingerprint With failure, then matching result is judged for failure, i.e., judge that matching result for failure, can be protected effectively as long as fingerprint matching failure Demonstrate,prove the security of verification.

It is the situation of failure still for matching result, in foregoing any embodiment as another enforceable mode On the basis of, 102 can specifically include：

Fingerprint template in the user fingerprints and currently stored template data is subjected to fingerprint matching, if fingerprint matching Failure then returns and performs described the step of obtaining the user fingerprints that active user inputs；

If the number that fingerprint matching continuously fails reaches default first threshold, judge the matching result for failure.

In present embodiment, after the user fingerprints that verification gathers in the process are matched with fingerprint template, if fingerprint With failure, then fingerprint is gathered again and carries out fingerprint matching, only when the number of continuous fingerprint matching reaches certain number when side Judge that matching result for failure, can avoid verifying failure caused by maloperation, on the basis of safety, ensure the steady of verification Qualitative and reliability.

It is successful situation for matching result, in foregoing any embodiment as another enforceable mode On the basis of, 102 can specifically include：

Fingerprint template in the user fingerprints and currently stored template data is subjected to fingerprint matching, if the user Fingerprint and the success of any fingerprint template matches, then judge the matching result for success.

In present embodiment, after the user fingerprints that verification gathers in the process are matched with fingerprint template, if fingerprint With success, then matching result is judged for success, can improve the efficiency that system starts verification.

In practical application, the start background process order of electronic equipment is to first carry out pre start-up operation environment, to be set The operations such as standby self-test and user right verification, last pre start-up operation environment is responsible for starting native operating sys-tern, and is grasping Make to provide it RT services after system starts.The fingerprint recognition for being used to carry out system drive authorization check in this programme is in master It is carried out in control, i.e., the scheme (Match on Host, abbreviation MOH) of fingerprint matching is carried out in master control.

This programme combination UEFI is illustrated：In practical application, when this programme is applied to UEFI, Ke Yi The new Fingerprint UEFI Driver modules of exploitation inside UEFI, a variety of services which is provided using UEFI, and to The login management module of UEFI is known as Login Controller modules, provides fingerprint identity validation related service.Wherein Login Controller modules are responsible for the authenticating user identification of UEFI startup stages；Fingerprint UEFI Driver will also be responsible for driving fingerprint sensor normal operation in addition to providing service to login management module, read fingerprint mould Plate data, acquisition fingerprint image, fingerprint matching etc..

Specifically, the Login Controller modules of UEFI can call the correlation of Fingerprint UEFI Driver Interface, it is desirable that user completes the authorization check under pre start-up operation environment by carrying out fingerprint identity validation.Fingerprint Next UEFI Driver will gather fingerprint image, read template data and perform fingerprint matching algorithm, finally output matching knot Fruit.In practical application, according to the situation of matching result, corresponding subsequent operation flow can be set.For example, if matching As a result it is that successfully, then Fingerprint UEFI Driver can store matching result and inform Login Controller moulds Block- matching success.If matching result is failure, Fingerprint UEFI Driver can inform Login It fails to match for Controller modules, then by other verification modes, such as by user's input validation password, carry out pretrigger Authorization check under operating environment.

System provided in this embodiment starts method of calibration, after starting on start-up operation environment, is installed by running It is driven in the fingerprint of pre start-up operation environment, realizes following scheme：The user fingerprints of active user's input are obtained, and according to fingerprint Template carries out fingerprint matching, and authorization check is carried out based on matching result.Fingerprint driving is installed under pre start-up operation environment, Pre start-up operation environment carries out fingerprint matching after starting, therefore can carry out fingerprint matching using the hardware unit of electronic equipment, Since the hardware unit processing capacity of electronic equipment is powerful, better performances can support more complicated and accurate algorithm and place It manages, therefore efficiency and the accuracy of fingerprint matching can be effectively improved by this programme, and then reduce system and start taking for verification, And improve the accuracy and reliability of verification.

In practical application, the verification in system starting process is in addition to the authorization check under pre start-up operation environment, usually The authorization check in operating system stage can be also carried out after os starting.Based on aforementioned schemes, can in advance be opened by obtaining Matching result under dynamic operating environment conveniently and efficiently realizes the authorization check in operating system stage.

Fig. 2A starts the flow diagram of method of calibration, refer to the attached drawing 2A for a kind of system that the embodiment of the present application two provides It understands, on the basis of embodiment one, after 102, can also include：

201：Store the matching result；

Correspondingly, it can also include after 103：

202：Start-up operation system, the second fingerprint that operating system is installed on by operation drive, and obtain the matching knot Fruit；

203：According to the matching result, the login authentication under operating system is carried out.

Login authentication under operating system mentioned here refers to the user's checking carried out before login user account. It is appreciated that based on bio-identification, for example, the user's checking security that fingerprint recognition carries out is higher, if pre start-up operation environment Under matching result be the legal identity for being successfully then able to demonstrate that active user, therefore the user's checking under subsequent operation system can With the matching result under reference pre start-up operation environment, to improve system starting efficiency.As a kind of enforceable mode, 203 Can specifically it include：If the matching result is successfully, to load operating system.That is, if matching result is successfully, Login authentication under decision system is by and then loading operating system, completing start.In practical application, in this programme The program that second fingerprint drives or is previously written, the program can in advance be write by program staff, when the second fingerprint drives It is dynamic when being run, a series of flows can be accordingly performed, the flow based on execution can obtain what is obtained under pre start-up operation environment Matching result, and the login authentication under operating system is carried out according to matching.Specifically, the driving of the second fingerprint is installed on operation system System, the flow performed can equally be performed by the hardware unit of electronic equipment, such as master cpu and RAM.

With actual scene for example：After the completion of the authorization check of pre start-up operation environment, it is assumed that verify successfully, here Described verification success not only includes verifying success by the matched mode of aforementioned fingerprint, can also include through aforementioned fingerprint The mode matched somebody with somebody verifies failure but verifies successful situation otherwise, then start-up operation system, meeting after os starting The driving of the second fingerprint is performed, so as to perform the matching result for obtaining pre start-up operation environmental phase, carries out stepping under operating system The step of record verification.

In practical application, same electronic equipment may have multiple using user, it is possible to which there are multiple user accounts.Accordingly , the login authentication under the operating system includes but not limited to merely be authenticated login user identity, can also include The user account for currently needing to log in is identified.Correspondingly, on the basis of embodiment two, the template data includes each The corresponding fingerprint template of user account；The matching result further includes the mark with the matched fingerprint template of the user fingerprints；

Correspondingly, 203 can specifically include：

If the matching result is successfully, according to the template data, fingerprint template pair in the matching result is logged in The user account answered, and load operating system.

Wherein, the fingerprint template is identified as the arbitrary information that can uniquely characterize fingerprint template, for example, the mark Know can be fingerprint template data in itself, or with the one-to-one fingerprint ID of fingerprint template, the form of fingerprint ID can be with There are many, such as number, character etc..

Login authentication in the present embodiment under operating system, be based on the matching result obtained under pre start-up operation environment into Capable, it is operated again there is no need to user so that user, only need to be on fingerprint sensor in whole system starts checking procedure Input a fingerprint, you can complete the authorization check under pre start-up operation environment and the login authentication under operating system, realize one Key is started shooting (Pre-Boot Authentication, abbreviation PBA), reduces the operating procedure of user's manual entry account, is reduced OS start-up studies carry out finger print identifying in pre start-up operation environmental phase using the computing capability of electronic equipment master control, and can Directly to log in corresponding user account after pre start-up operation environmental phase loads OS, fingerprint matching speed is fast, template data Storage limitation is small, so as to improving the speed of fingerprint identity recognition verification, reducing accuracy of system identification and refusing sincere, raising user's body It tests.System startup mentioned in this programme includes electronic equipment and starts by off-mode, also including electronic equipment by with Householder moves to be started into the unlock after lock-out state, as long as in short, system is related to pre start-up operation environment rank during starting The method of calibration of this programme offer can be used in the startup verification of section.

Specifically, after operating system is activated, is driven by running the second fingerprint, obtain and obtained under pre start-up operation environment Matching result.Optionally, the mode of acquisition can there are many.

As the first embodiment, in pre start-up operation environmental phase, after matching result is obtained, pass through operation the One fingerprint drives, and matching result can be stored in fingerprint sensor, correspondingly, being passed during the driving operation of the second fingerprint from fingerprint Matching result is obtained in sensor.Specifically, as shown in Figure 2 B, Fig. 2 B are that another system that the embodiment of the present application two provides starts The flow diagram of method of calibration, on the basis of embodiment two, 201 can specifically include：

2011：The matching result is stored to fingerprint sensor.

With actual scene for example：Under pre start-up operation environmental phase, use is obtained by running the driving of the first fingerprint The fingerprint of family input, and fingerprint matching is carried out according to fingerprint template, obtain matching result；It is driven afterwards by running the first fingerprint The matching result is stored into fingerprint sensor；Subsequently, when the second fingerprint driving under OS is run, it can obtain and be stored in first Matching result in fingerprint sensor carries out the login authentication under operating system.

Optionally, when matching result is stored in fingerprint sensor, the method that operating system obtains matching result can have It is a variety of.As a kind of embodiment, as shown in Figure 2 C, on the basis of Fig. 2 B illustrated embodiments, pass through fortune described in 202 Row is installed on the second fingerprint driving of operating system, obtains the matching result, can specifically include：

2021：Escape way is established according to security protocol, and passes through the escape way, acquisition is stored in the fingerprint and passes The matching result in sensor.

Specifically, by running the second fingerprints procedure, operating system first passes through security protocol, is built between fingerprint sensor Reliable escape way is found, for example, safe transmission layer protocol (abbreviation TLS) passage, then by this escape way from fingerprint sensing Device obtains matching result.

Present embodiment carries out the data transmission of matching result by the escape way between foundation and fingerprint sensor, So as to ensure that system starts the security of verification.

As another embodiment, as shown in Figure 2 D, on the basis of Fig. 2 B illustrated embodiments, described in 202 The second fingerprint that operating system is installed on by operation drives, and obtains the matching result, can specifically include：

2022：According to the secret information that operating system and fingerprint sensor are shared, the random number of generation is sent to fingerprint Sensor, so that the fingerprint sensor utilizes default message checking algorithm to the secret information, the random number and sheet The matching result of ground storage is handled, and obtains verification data；

2023：Matching result and the verification data that fingerprint sensor returns are received, according to the verification data, using described The matching result that message checking algorithm returns to fingerprint sensor is verified, if being verified, fingerprint sensor is returned Matching result as the matching result.

Present embodiment transmits data in non-security channel, at the same using cryptography means protection data authenticity and Integrality, and Replay Attack etc. can be resisted.Specifically, operating system and fingerprint sensor can shared secret information in advance, Such as wildcard (abbreviation PSK), the secret information can be preset.When operating system needs to obtain from fingerprint sensor When taking matching result, by running the second fingerprints procedure, operating system can send to fingerprint sensor and order, which carries The random number of operating system generation, fingerprint sensor utilize secret information, random number and matching result input message checking algorithm In, such as the Hash functions (Message Authentication Codes, abbreviation MAC) with privacy key, for another example HMAC Algorithm obtains verification data, such as MAC data；Fingerprint sensor then by matching result in clear text manner with MAC data one It rises and is sent to operating system, operating system can verify the authenticity and integrity of matching result, the embodiment party by MAC data In formula Replay Attack, assuring data security can also be defendd using random number.

Present embodiment is transmitted after being encrypted by pair data transmitted between fingerprint sensor, so as to ensure to be System starts the security of verification.

As second of embodiment, in pre start-up operation environmental phase, after matching result is obtained, pass through operation the One fingerprint drives, and can be stored in matching result in the addressable region of pre start-up operation environment, correspondingly, the second fingerprint drives Matching result is obtained from the region by pre start-up operation environment during dynamic operation.Specifically, as shown in Figure 2 E, Fig. 2 E are this Shen Please another system that provides of embodiment two start the flow diagram of method of calibration, on the basis of embodiment two, 201 is specific It can include：

2012：The matching result is stored to the accessible area of the pre start-up operation environment；

Correspondingly, the second fingerprint for being installed on operating system described in 202 by operation drives, the matching knot is obtained Fruit can specifically include：

2024：The RT provided using pre start-up operation environment is serviced, and obtains the matching knot stored in the accessible area Fruit.

With actual scene for example：Under pre start-up operation environmental phase, use is obtained by running the driving of the first fingerprint The fingerprint of family input, and fingerprint matching is carried out according to fingerprint template, obtain matching result；It is driven afterwards by running the first fingerprint The matching result is stored into the addressable region of pre start-up operation environment；Subsequently, the second fingerprint driving under operating system During operation, can indicate pre start-up operation environment provided by interface service, for example, UEFI provide RT service acquisitions With result and give operating system.

In practical application, after os starting, according to the matching result under pre start-up operation environment, phase can be taken The processing answered.For example, if the matching result of pre start-up operation environmental phase is successfully and operating system obtains effectively Matching result, the matching result include the mark with the fingerprint template of fingerprint matching input by user, then are driven in the second fingerprint Driving under, operating system can according to the framework of operating system require Organization Matching as a result, to log in corresponding user account.This Outside, if again requiring that verification user identity after being initially powered up, for example, user's active screen locking unlocks again after logging in, it is assumed that The authorization check under pre start-up operation environment need not be carried out, then can be carried out according to arbitrary login authentication flow under operating system Login authentication.Likewise, if the matching result failure of pre start-up operation environmental phase, operating system can require to hold again Once common finger print identification verification, the method for general fingerprint authentication mentioned here may be referred to existing fingerprint body to row Part verification flow.

System provided in this embodiment starts method of calibration, after start-up operation system, is driven by running the second fingerprint The matching result obtained under pre start-up operation environment is obtained, and the login authentication under operating system is carried out according to the matching result, It is operated again without user, finger print identifying is carried out using the computing capability of electronic equipment master control in pre start-up operation environmental phase, And corresponding user account can be directly logged in after pre start-up operation environmental phase loads OS, fingerprint matching speed is fast, mould The storage limitation of plate data is small, so as to improving the speed of fingerprint identity recognition verification, reducing accuracy of system identification and refusing sincere, raising use It experiences at family.

In the following, by taking embodiment three as an example, with reference to Windows operating system and UEFI, this programme is illustrated, is had The flow interaction of body can combine the related content of aforementioned schemes：

Wherein, Fig. 3 A and Fig. 3 B are respectively the procedure chart and interaction figure of UEFI stage fingerprint matchings, as shown in the figure, UEFI is opened After dynamic, authenticating user identification is carried out by the interface that the first fingerprint is called to drive.Specifically, if verification passes through, UEFI is touched Start-up operation system is sent out, while in one embodiment, the driving of the first fingerprint can also assemble matching result, consign to fingerprint Sensor.

In practical application, foregoing flow interaction can be performed based on the system architecture shown in Fig. 3 C.Specifically, the system Relatively independent module includes operating system OS, UEFI and fingerprint sensor in framework.Operating system in this example specifically may be used To be 10 systems of Windows, which possesses built-in WBF frames, and the fingerprint driving of Windows 10 is needed under the frame Exploitation.Specifically, the basic structure of WBF is as shown in Figure 3D.

1. that shown in Fig. 3 D is sensor adapter Sensor Adapter；, be 2. engine adapter Engine Adapter, 3. it is storage adapter Storage Adapter, current WBF can provide the primary realization of this three parts, but In the present solution, it needs to develop Engine Adapter therein and Storage Adapter again.In practical application, Engine Adapter in this programme can perform the processing of related algorithm and finger print data in TEE environment, to ensure number According to security.Optional again, Storage Adapter can distinguish storing template data in hard disk and motherboard flash, specifically Stored Procedure can be as shown in FIGURE 3 E.

In addition, Storage Adapter can also handle related data, optionally, Storage under TEE environment Adapter can to the data in need being stored in hard disk first encrypt after store again.

Correspondingly, with reference to previous embodiment, on the basis of any embodiment being related in aforementioned fingerprint registration process, institute Operating system is stated as Windows operating system；Correspondingly, the storage template data, can specifically include：Pass through installation The template data is encrypted in storage adapter under windows bio-identifications service (Biometric Service), And encrypted template data is stored to the sudden strain of a muscle of the hard disk and/or the pre start-up operation environment maintenance safeguarded to operating system It deposits.

4. in Fig. 3 D is user's space driving, be responsible for the operation of control fingerprint sensor, this part is the present embodiment base In WBF frames module newly developed.The sensitive data that the module is related to can equally perform under TEE environment.It is specifically, above-mentioned Data interaction under related to TEE environment, may be employed communication mode as defined in TEE.

Specifically, Fig. 3 F are the interaction figure of Windows operating system stage fingerprint matching, as shown in the figure.In operating system Fingerprint driving operation after, user's space in operating system, which drives, to be established first under TEE environment between fingerprint sensor Safe lane, afterwards utilize the safe lane read matching result.This result is then submitted to Engine Adapter's TEE environment, and by Engine Adapter result is submitted finally to realize the corresponding user of the fingerprint to Windows operating system The login of account.Correspondingly, with reference to previous embodiment, on the basis of Fig. 2 C illustrated embodiments, the operating system is Windows operating system；Correspondingly, 2021 can specifically include：

By being mounted on the sensor adapter under the service of windows bio-identifications under wudfHost.exe User's space driving sends instruction, and the user's space driving is controlled to establish the safety between its TEE environment and fingerprint sensor Channel, and pass through the matching result that escape way acquisition is stored in the fingerprint sensor and be sent to and be mounted on Engine adapter under the service of windows bio-identifications, so that the matching result is submitted to operation by the engine adapter System.Further, inside Windows operating system, the interaction figure between operating system and the driving of the second fingerprint is as schemed Shown in 3G.

Related content in the present embodiment can refer to the related content in preceding method embodiment, and details are not described herein.

Fig. 4 A are the structure diagram that a kind of system that the embodiment of the present application four provides starts check system；Refer to the attached drawing 4A It understands, which, which starts check system, includes：

For starting pre start-up operation environment, pre start-up operation environment is installed on by operation for first acquisition module 41 First fingerprint drives, and obtains the user fingerprints of active user's input；

Matching module 42, for the fingerprint template in the user fingerprints and currently stored template data to be carried out fingerprint Matching obtains matching result；

First correction verification module 43, for according to matching result, carrying out the authorization check under pre start-up operation environment.

In practical application, which, which starts check system, to be realized by program code, which starts check system Or the related medium for performing code is stored with, for example, USB flash disk etc.；Alternatively, it can also be collection that the system, which starts check system, Into or the related entity apparatus for performing code is installed, for example, chip, intelligent terminal, computer and various electronic equipments. Wherein, pre start-up operation environment includes but not limited to BIOS, UEFI etc..It should be noted that the scheme of the present embodiment can fit For any pre start-up operation environment, it is not limited herein.System structure with reference to shown in Fig. 3 C for example, One acquisition module 41,42 and first correction verification module 43 of matching module can be driven real by the UEFI fingerprints under UEFI frameworks It is existing.For example, it is respectively the first acquisition module 41, matching module that UEFI fingerprints, which drive the step performed by corresponding executable instruction, 42 and the first step performed by correction verification module 43.

In practical application, template data is usually the data of user's typing registered in advance.Correspondingly, refer to be previously-completed Line is registered, in order to the fingerprint recognition in subsequent survey scheme.As shown in Figure 4 B, Fig. 4 B are provided another for the embodiment of the present application four A kind of system starts the structure diagram of check system, on the basis of foregoing any embodiment, the system also includes：

For the registration request according to user, the fingerprint management journey of operating system is installed on by operation for registration module 44 Sequence obtains the first fingerprint of user's typing；

First memory module 45 is additionally operable to using first fingerprint as fingerprint template, and assembling obtains and stores the mould Plate data.

With actual scene for example：When user is desired with fingerprint register, after register flow path being triggered, mould is registered Block 44 passes through the fingerprint management program under operating system, the fingerprint of acquisition user's typing according to the registration request of user；First deposits Module 45 is stored up using fingerprint as fingerprint template, template data, further, the first memory module are obtained by carrying out data assembling The template data that 45 storage assemblings obtain, completes fingerprint register.Optionally, fingerprint can be stored in by assembling the template data of acquisition It is at least one in the motherboard flash of sensor, the hard disk that operating system is safeguarded and pre start-up operation environment maintenance.With reference to figure For example, 44 and first memory module 45 of registration module can pass through the fingerprint management program under OS to system structure shown in 3C It realizes.I.e. the flow of fingerprint register carries out after OS startups, specifically, in a kind of embodiment for storing registered fingerprint, it can Finger print data is stored the motherboard flash safeguarded to UEFI, fingerprint management program can be by with logging in what is managed under UEFI The storage of finger print data is realized in data interaction.

In practical application, fingerprint template can be also used for user account in addition to it can be used for carrying out Authority Verification Identification logs in.Optionally, on the basis of Fig. 4 B illustrated embodiments, the template data can include each user account and correspond to Fingerprint template；Correspondingly, the first memory module 45, specifically for the user account using first fingerprint as the user Corresponding fingerprint template, by the way that the user account of first fingerprint and the user is bound, assembling obtains the template number According to.

With actual scene for example：Registration module 44 passes through the fingerprint under operating system according to the registration request of user Management program obtains the fingerprint of user's typing；First memory module 45 is using fingerprint as fingerprint template, and further, first deposits Storage module 45 can also be by the way that fingerprint and user account be bound, and assembling obtains template data.Correspondingly, present embodiment In template data include the corresponding fingerprint template of each user account.In practical application, each user account can correspond at least One fingerprint template.

In addition, in order to further improve the security of system check, any embodiment in foregoing two kinds of embodiments On the basis of, the template data further includes the corresponding electronic device identification of each fingerprint template；Correspondingly, the first memory module 45, specifically for using first fingerprint and current electronic device identification as the corresponding device identification of first fingerprint, By the way that first fingerprint and current electronic device identification are bound, assembling obtains the template data.

With actual scene for example：Registration module 44 is according to the registration request of user, the fingerprint of acquisition user's typing；The One memory module 45 obtains current electronic device identification, using the fingerprint of typing as fingerprint template, by fingerprint and electronic equipment Mark is bound, and assembling obtains template data.Correspondingly, the template data in present embodiment is corresponded to including each fingerprint template Electronic device identification.

In practical application, since user fingerprints data belong to crucial sensitive data, deposited during fingerprint register When storing up template data, it will usually be stored after data are encrypted.For example, any implementation in aforementioned fingerprint registration process On the basis of mode, the first memory module 45 includes：Encryption unit, for calculating the template data using hmac algorithm HMAC values；The encryption unit is also used for aes algorithm and the template data and the HMAC values is encrypted；First Memory module 45, specifically for storing encrypted template data.

Specifically, encryption unit, using the secret key and template data as input, passes through hmac algorithm according to default secret key Calculate the HMAC values of template data；Encryption unit to the HMAC values of template data further using aes algorithm to template data, That is the HMAC values of clear data and template data are encrypted, and the first memory module 45 obtains encrypted template data and carries out Storage.

With reference to the content of previous embodiment three, by taking Windows operating system as an example, in any that aforementioned fingerprint registration is related to On the basis of embodiment, the operating system is Windows operating system；First memory module 45, specifically for passing through peace The template data is encrypted in storage adapter under the service of windows bio-identifications, and by encrypted template Data store the motherboard flash to the hard disk of operating system maintenance and/or the pre start-up operation environment maintenance.It is specifically, our Matching result in case can be determined according to fingerprint matching success or not.Specific decision condition can be set as needed.Under Face is illustrated：

It is the situation of failure for matching result, in the base of foregoing any embodiment as a kind of enforceable mode On plinth, matching module 42, specifically for the user fingerprints and the fingerprint template in currently stored template data are referred to Line matches, if fingerprint matching fails, judges the matching result for failure.

It is the situation of failure still for matching result, in foregoing any embodiment as another enforceable mode On the basis of, matching module 42 includes：Matching unit, for by the finger in the user fingerprints and currently stored template data Line template carries out fingerprint matching, if fingerprint matching fails, returns and performs the user fingerprints for obtaining active user's input Step；Identifying unit if the number for fingerprint matching continuously to fail reaches default first threshold, judges the matching knot Fruit is failure.

It is successful situation for matching result, in foregoing any embodiment as another enforceable mode On the basis of, matching module 42, specifically for the fingerprint template in the user fingerprints and currently stored template data is carried out Fingerprint matching, if the user fingerprints and the success of any fingerprint template matches, judge the matching result for success.

System provided in this embodiment starts check system, after starting on start-up operation environment, is installed by running It is driven in the fingerprint of pre start-up operation environment, realizes following scheme：The user fingerprints of active user's input are obtained, and according to fingerprint Template carries out fingerprint matching, and authorization check is carried out based on matching result.Fingerprint driving is installed under pre start-up operation environment, Pre start-up operation environment carries out fingerprint matching after starting, therefore can carry out fingerprint matching using the hardware unit of electronic equipment, Since the hardware unit processing capacity of electronic equipment is powerful, better performances can support more complicated and accurate algorithm and place It manages, therefore efficiency and the accuracy of fingerprint matching can be effectively improved by this programme, and then reduce system and start taking for verification, And improve the accuracy and reliability of verification.

Fig. 5 is the structure diagram that a kind of system that the embodiment of the present application five provides starts check system, and refer to the attached drawing 5 can Know, on the basis of example IV, the system also includes：

Second memory module 51, for will be in the user fingerprints and currently stored template data in matching module 42 Fingerprint template carries out fingerprint matching, after obtaining matching result, stores the matching result；

Second acquisition module 52, for, according to matching result, being carried out in the first correction verification module 43 under pre start-up operation environment Authorization check after, start-up operation system, by operation be installed on operating system the second fingerprint drive, obtain the matching As a result；

Second correction verification module 53, for according to the matching result, carrying out the login authentication under operating system.

With actual scene for example：After the completion of the authorization check of pre start-up operation environment, the second acquisition module 52 opens Operating system is moved, the second acquisition module 52 can perform the driving of the second fingerprint after os starting, so as to perform acquisition pretrigger The matching result in operating environment stage, the second correction verification module 53 carry out the login authentication under operating system.With reference to shown in Fig. 3 C For example, the second memory module 51 can be realized system structure by UEFI fingerprints driving under UEFI, the second acquisition module 52 It can be driven and realized by the OS fingerprints under OS with the second correction verification module 53.

Login authentication under the operating system includes but not limited to merely be authenticated user identity, can also include The user account for currently needing to log in is identified.Correspondingly, on the basis of embodiment five, the template data includes each The corresponding fingerprint template of user account；The matching result further includes the mark with the matched fingerprint template of the user fingerprints； Correspondingly, the second correction verification module 53, if being successfully, according to the template data, to log in institute specifically for the matching result The corresponding user account of fingerprint template in matching result is stated, and loads operating system.

As the first embodiment, in pre start-up operation environmental phase, after matching result is obtained, pass through operation the One fingerprint drives, and matching result can be stored in fingerprint sensor, correspondingly, being passed during the driving operation of the second fingerprint from fingerprint Matching result is obtained in sensor.Specifically, on the basis of embodiment five, the second memory module 51, specifically for by described It is stored with result to fingerprint sensor.

With actual scene for example：Under pre start-up operation environmental phase, obtained by running the first fingerprint driving first Modulus block 41 obtains fingerprint input by user, and matching module 42 carries out fingerprint matching according to fingerprint template, obtains matching result；It By running the first fingerprint the second memory module 51 is driven to store the matching result into fingerprint sensor afterwards；Subsequently, under OS The driving operation of the second fingerprint when, the second acquisition module 52 obtains the matching result being stored in fingerprint sensor first, second Correction verification module 53 carries out the login authentication under operating system.

Optionally, when matching result is stored in fingerprint sensor, the method that operating system obtains matching result can have It is a variety of.As a kind of embodiment, on the basis of the first embodiment, the second acquisition module 52, specifically for root Escape way is established according to security protocol, and passes through the escape way, obtains described be stored in the fingerprint sensor With result.

With reference to the content of previous embodiment three, by taking windows operating systems as an example, on the basis of the above embodiment, The operating system is Windows operating system；Second acquisition module 52, specifically for being known by being mounted on windows biologies Sensor adapter under not servicing sends instruction to the user's space driving under wudfHost.exe, controls the use The safe lane between its TEE environment and fingerprint sensor is established in the driving of family space, and is passed through the escape way and obtained storage The matching result in the fingerprint sensor is sent to the engine adaptation under the service of windows bio-identifications Device, so that the matching result is submitted to operating system by the engine adapter.Present embodiment is passed by establishing with fingerprint Escape way between sensor carries out the data transmission of matching result, so as to ensure that system starts the security of verification.

As another embodiment, on the basis of the first embodiment, the second acquisition module 52 is specific to use In the secret information shared according to operating system and fingerprint sensor, the random number of generation is sent to fingerprint sensor, so that The fingerprint sensor is using default message checking algorithm to the secret information, the random number and the matching being locally stored As a result handled, obtain verification data；Second acquisition module 52, also particularly useful for the matching knot for receiving fingerprint sensor return Fruit and verification data, according to the verification data, the matching result returned using the message checking algorithm to fingerprint sensor It is verified, if being verified, the matching result that fingerprint sensor is returned is as the matching result.

As second of embodiment, in pre start-up operation environmental phase, after matching result is obtained, pass through operation the One fingerprint drives, and can be stored in matching result in the addressable region of pre start-up operation environment, correspondingly, the second fingerprint drives Matching result is obtained from the region by pre start-up operation environment during dynamic operation.Specifically, on the basis of embodiment five, the Two memory modules 51, specifically for storing the matching result to the accessible area of the pre start-up operation environment；Second Acquisition module 52 is serviced specifically for the RT provided using pre start-up operation environment, obtains what is stored in the accessible area Matching result.

System provided in this embodiment starts check system, after start-up operation system, is driven by running the second fingerprint The matching result obtained under pre start-up operation environment is obtained, and the login authentication under operating system is carried out according to the matching result, It is operated again without user, finger print identifying is carried out using the computing capability of electronic equipment master control in pre start-up operation environmental phase, And corresponding user account can be directly logged in after pre start-up operation environmental phase loads OS, fingerprint matching speed is fast, mould The storage limitation of plate data is small, so as to improving the speed of fingerprint identity recognition verification, reducing accuracy of system identification and refusing sincere, raising use It experiences at family.

The embodiment of the present application six also provides a kind of computer storage media, which can include：USB flash disk, Mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), the various media that can store program code such as disk or CD, specifically, being deposited in the computer storage media Program instruction is contained, the system that program instruction is used in above-described embodiment starts method of calibration.

The embodiment of the present application seven provides a kind of electronic equipment, which includes at least one processor and memory, For memory for storing computer executed instructions, the number of processor can be one or more, and can work alone or synergistically Make, processor is used to perform the computer executed instructions of the memory storage, to realize that the system in above-described embodiment starts Method of calibration.

Technical solution, technical characteristic in above each embodiment in the case where not colliding can it is independent or It is combined, as long as without departing from the cognitive range of those skilled in the art, belongs to the equivalent implementation in the application protection domain Example.

In several embodiments provided herein, it should be understood that disclosed related system and method, Ke Yitong Other modes are crossed to realize.For example, system embodiment described above is only schematical, for example, the module or list The division of member is only a kind of division of logic function, can there is other dividing mode in actual implementation, for example, multiple units or Component may be combined or can be integrated into another system or some features can be ignored or does not perform.It is another, it shows Show or the mutual coupling, direct-coupling or communication connection that discusses can be by some interfaces, between system or unit Coupling or communication connection are connect, can be electrical, machinery or other forms.

If the integrated unit is realized in the form of SFU software functional unit and is independent production marketing or use When, it can be stored in a computer read/write memory medium.Based on such understanding, the technical solution of the application is substantially The part to contribute in other words to the prior art or all or part of the technical solution can be in the form of software products It embodies, which is stored in a storage medium, is used including some instructions so that computer disposal Device (processor) performs all or part of step of each embodiment the method for the application.And foregoing storage medium bag It includes：USB flash disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), the various media that can store program code such as disk or CD.

The foregoing is merely embodiments herein, not thereby limit the scope of the claims of the application, every to utilize this Shen Please the equivalent structure or equivalent flow shift made of specification and accompanying drawing content, be directly or indirectly used in other relevant skills Art field, is similarly included in the scope of patent protection of the application.

Finally it should be noted that：Various embodiments above is only to illustrate the technical solution of the application, rather than its limitations；To the greatest extent Pipe is described in detail the application with reference to foregoing embodiments, it will be understood by those of ordinary skill in the art that：Its according to Can so modify to the technical solution recorded in foregoing embodiments either to which part or all technical characteristic into Row equivalent substitution；And these modifications or replacement, the essence of appropriate technical solution is not made to depart from each embodiment technology of the application The scope of scheme.

Claims

1. a kind of system starts method of calibration, which is characterized in that including：

Start pre start-up operation environment, the first fingerprint that pre start-up operation environment is installed on by operation drives, and obtains current use The user fingerprints of family input；

Fingerprint template in the user fingerprints and currently stored template data is subjected to fingerprint matching, obtains matching result；

According to matching result, the authorization check under pre start-up operation environment is carried out.

2. according to the method described in claim 1, it is characterized in that, the method further includes：

According to the registration request of user, the fingerprint management program of operating system is installed on by operation, obtains the of user's typing One fingerprint；

Using first fingerprint as fingerprint template, assembling obtains and stores the template data.

3. according to the method described in claim 2, it is characterized in that, the template data includes the corresponding fingerprint of each user account Template；It is described that using first fingerprint as fingerprint template, assembling obtains the template data, including：

Using first fingerprint as the corresponding fingerprint template of the user account of the user, by by first fingerprint and institute The user account binding of user is stated, assembling obtains the template data.

4. according to the method in claim 2 or 3, which is characterized in that the template data further includes each fingerprint template and corresponds to Electronic device identification；It is described that using first fingerprint as fingerprint template, assembling obtains the template data, including：

Using first fingerprint and current electronic device identification as the corresponding device identification of first fingerprint, by by institute The first fingerprint and the binding of current electronic device identification are stated, assembling obtains the template data.

5. according to the method described in claim 4, it is characterized in that, the electronic device identification includes what is installed in electronic equipment The mark of fingerprint sensor and/or the mark of device hardware.

6. according to the method any one of claim 2-5, which is characterized in that the storage template data, including：

The HMAC values of the template data are calculated using hmac algorithm；

7. according to the method any one of claim 2-6, which is characterized in that the operating system operates for Windows System；The storage template data, including：

The template data is encrypted by the storage adapter being mounted under the service of windows bio-identifications, and will be added Template data after close stores the motherboard flash to the hard disk of operating system maintenance and/or the pre start-up operation environment maintenance.

8. according to the described method of any one of claim 1-7, which is characterized in that the template data is stored in fingerprint sensing It is at least one in the motherboard flash of device, the hard disk that operating system is safeguarded and pre start-up operation environment maintenance.

9. according to the method any one of claim 1-8, which is characterized in that it is described by the user fingerprints with currently depositing Fingerprint template in the template data of storage carries out fingerprint matching, obtains matching result, including：

Fingerprint template in the user fingerprints and currently stored template data is subjected to fingerprint matching, if fingerprint matching is lost It loses, then judges the matching result for failure.

10. according to the method any one of claim 1-8, which is characterized in that described by the user fingerprints and current Fingerprint template in the template data of storage carries out fingerprint matching, obtains matching result, including：

Fingerprint template in the user fingerprints and currently stored template data is subjected to fingerprint matching, if fingerprint matching is lost It loses, then returns and perform described the step of obtaining the user fingerprints that active user inputs；

11. according to the method any one of claim 1-10, which is characterized in that described by the user fingerprints and current Fingerprint template in the template data of storage carries out fingerprint matching, obtains matching result, including：

Fingerprint template in the user fingerprints and currently stored template data is subjected to fingerprint matching, if the user fingerprints With the success of any fingerprint template matches, then judge the matching result for success.

12. according to the method any one of claim 1-11, which is characterized in that described by the user fingerprints and current Fingerprint template in the template data of storage carries out fingerprint matching, after obtaining matching result, further includes：

Store the matching result；

It is described according to matching result, after carrying out the authorization check under pre start-up operation environment, further include：

Start-up operation system, the second fingerprint that operating system is installed on by operation drive, and obtain the matching result；

According to the matching result, the login authentication under operating system is carried out.

13. according to the method for claim 12, which is characterized in that the template data includes the corresponding finger of each user account Line template；The matching result further includes the mark with the matched fingerprint template of the user fingerprints；

It is described that login authentication under operating system is carried out according to the matching result, including：

If the matching result is successfully, according to the template data, it is corresponding to log in fingerprint template in the matching result User account, and load operating system.

14. the method according to claim 12 or 13, which is characterized in that the storage matching result, including：

The matching result is stored to fingerprint sensor.

15. according to the method for claim 14, which is characterized in that second finger that operating system is installed on by operation Line drives, and obtains the matching result, including：

Escape way is established according to security protocol, and passes through the escape way, acquisition is stored in the fingerprint sensor The matching result.

16. according to the method for claim 15, which is characterized in that the operating system is Windows operating system；It is described Escape way is established according to security protocol, and passes through the escape way, acquisition is stored in described in the fingerprint sensor Matching result, including：

By being mounted on the sensor adapter under the service of windows bio-identifications to the user under wudfHost.exe Space driving sends instruction, and the user's space driving is controlled to establish the safe lane between its TEE environment and fingerprint sensor, And pass through the matching result that the escape way acquisition is stored in the fingerprint sensor and be sent to mounted on windows Engine adapter under bio-identification service, so that the matching result is submitted to operating system by the engine adapter.

17. according to the method for claim 14, which is characterized in that second finger that operating system is installed on by operation Line drives, and obtains the matching result, including：

According to the secret information that operating system and fingerprint sensor are shared, the random number of generation is sent to fingerprint sensor, with Make the fingerprint sensor using default message checking algorithm to the secret information, the random number and being locally stored It is handled with result, obtains verification data；

Matching result and the verification data that fingerprint sensor returns are received, according to the verification data, is verified using the message The matching result that algorithm returns to fingerprint sensor is verified, if being verified, by the matching knot of fingerprint sensor return Fruit is as the matching result.

18. the method according to claim 12 or 13, which is characterized in that the storage matching result, including：

The matching result is stored to the accessible area of the pre start-up operation environment；

Second fingerprint that operating system is installed on by operation drives, and obtains the matching result, including：

RT is serviced during the operation provided using pre start-up operation environment, obtains the matching result stored in the accessible area.

19. according to the method any one of claim 1-18, which is characterized in that the pre start-up operation environment is UEFI。

20. a kind of system starts check system, which is characterized in that including：

For starting pre start-up operation environment, the first finger of pre start-up operation environment is installed on by operation for first acquisition module Line drives, and obtains the user fingerprints of active user's input；

Matching module, for the fingerprint template in the user fingerprints and currently stored template data to be carried out fingerprint matching, Obtain matching result；

First correction verification module, for according to matching result, carrying out the authorization check under pre start-up operation environment.

21. system according to claim 20, which is characterized in that the system also includes：

Registration module for the registration request according to user, the fingerprint management program of operating system is installed on by operation, is obtained First fingerprint of user's typing；

First memory module is additionally operable to using first fingerprint as fingerprint template, and assembling obtains and stores the template data.

22. system according to claim 21, which is characterized in that the template data includes the corresponding finger of each user account Line template；

First memory module, specifically for using first fingerprint as the corresponding fingerprint mould of the user account of the user Plate, by the way that the user account of first fingerprint and the user is bound, assembling obtains the template data.

23. the system according to claim 21 or 22, which is characterized in that the template data further includes each fingerprint template pair The electronic device identification answered；

First memory module, specifically for first fingerprint and current electronic device identification are referred to as described first The corresponding device identification of line, by the way that first fingerprint and current electronic device identification are bound, assembling obtains the template Data.

24. system according to claim 23, which is characterized in that the electronic device identification includes installing in electronic equipment The mark of fingerprint sensor and/or the mark of device hardware.

25. according to the system any one of claim 21-24, which is characterized in that first memory module includes：

Encryption unit, for calculating the HMAC values of the template data using hmac algorithm；

The encryption unit is also used for aes algorithm and the template data and the HMAC values is encrypted；

First memory module, specifically for storing encrypted template data.

26. according to the system any one of claim 21-25, which is characterized in that the operating system is grasped for Windows Make system；

First memory module, specifically for by being mounted on the storage adapter under the service of windows bio-identifications to institute It states template data to be encrypted, and encrypted template data is stored to operating system to the hard disk safeguarded and/or described pre- is opened The motherboard flash that dynamic operating environment is safeguarded.

27. according to the system any one of claim 20-26, which is characterized in that the template data is stored in fingerprint It is at least one in the motherboard flash of sensor, the hard disk that operating system is safeguarded and pre start-up operation environment maintenance.

28. according to the system any one of claim 20-27, which is characterized in that

The matching module, specifically for the user fingerprints and the fingerprint template in currently stored template data are referred to Line matches, if fingerprint matching fails, judges the matching result for failure.

29. according to the system any one of claim 20-27, which is characterized in that the matching module includes：

Matching unit, for the fingerprint template in the user fingerprints and currently stored template data to be carried out fingerprint matching, If fingerprint matching fails, return and perform described the step of obtaining the user fingerprints that active user inputs；

Identifying unit if the number for fingerprint matching continuously to fail reaches default first threshold, judges the matching knot Fruit is failure.

30. according to the system any one of claim 20-29, which is characterized in that

The matching module, specifically for the user fingerprints and the fingerprint template in currently stored template data are referred to Line matches, if the user fingerprints and the success of any fingerprint template matches, judge the matching result for success.

31. according to the system any one of claim 20-30, which is characterized in that the system also includes：

Second memory module, in the matching module by the fingerprint in the user fingerprints and currently stored template data Template carries out fingerprint matching, after obtaining matching result, stores the matching result；

Second acquisition module, for, according to matching result, carrying out the power under pre start-up operation environment in first correction verification module After limit verification, start-up operation system, the second fingerprint that operating system is installed on by operation drives, and obtains the matching knot Fruit；

Second correction verification module, for according to the matching result, carrying out the login authentication under operating system.

32. system according to claim 31, which is characterized in that the template data includes the corresponding finger of each user account Line template；The matching result further includes the mark with the matched fingerprint template of the user fingerprints；

Second correction verification module, if being successfully, according to the template data, described in login specifically for the matching result The corresponding user account of fingerprint template in matching result, and load operating system.

33. the system according to claim 31 or 32, which is characterized in that

Second memory module, specifically for storing the matching result to fingerprint sensor.

34. system according to claim 33, which is characterized in that

Second acquisition module specifically for establishing escape way according to security protocol, and passes through the escape way, obtains The matching result being stored in the fingerprint sensor.

35. system according to claim 34, which is characterized in that the operating system is Wind ows operating systems；

Second acquisition module, specifically for by be mounted on windows bio-identifications service under sensor adapter to User's space driving under wudfHost.exe sends instruction, and the user's space driving is controlled to establish its TEE environment Safe lane between fingerprint sensor, and pass through escape way acquisition be stored in it is described in the fingerprint sensor Matching result is sent to the engine adapter under the service of windows bio-identifications, so that the engine adapter is by institute It states matching result and submits to operating system.

36. system according to claim 33, which is characterized in that

Second acquisition module, specifically for the secret information shared according to operating system and fingerprint sensor, by generation Random number is sent to fingerprint sensor, so that the fingerprint sensor believes the secret using default message checking algorithm Breath, the random number and the matching result that is locally stored are handled, and obtain verification data；

Second acquisition module, also particularly useful for matching result and the verification data that fingerprint sensor returns is received, according to institute Verification data is stated, the matching result returned using the message checking algorithm to fingerprint sensor is verified, if being verified, The matching result that then fingerprint sensor is returned is as the matching result.

37. the system according to claim 31 or 32, which is characterized in that

Second memory module, specifically for storing the matching result to the addressable area of the pre start-up operation environment Domain；

Second acquisition module is serviced specifically for RT when utilizing the operation of pre start-up operation environment offer, can described in acquisition The matching result stored in access region.

38. according to the system any one of claim 20-37, which is characterized in that the pre start-up operation environment is UEFI。

39. a kind of electronic equipment, which is characterized in that including：At least one processor and memory；

The memory storage computer executed instructions；At least one processor performs the computer of the memory storage It executes instruction, to perform the method as any one of claim 1-19.

40. a kind of computer storage media, which is characterized in that have program stored therein instruction in the computer storage media, the journey The method any one of claim 1-19 is realized in sequence instruction when being executed by processor.