CN108540457B - Safety equipment and biological authentication control method and device thereof - Google Patents

Safety equipment and biological authentication control method and device thereof Download PDF

Info

Publication number
CN108540457B
CN108540457B CN201810229137.2A CN201810229137A CN108540457B CN 108540457 B CN108540457 B CN 108540457B CN 201810229137 A CN201810229137 A CN 201810229137A CN 108540457 B CN108540457 B CN 108540457B
Authority
CN
China
Prior art keywords
authentication
biological
user
security chip
control module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810229137.2A
Other languages
Chinese (zh)
Other versions
CN108540457A (en
Inventor
陈柳章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Excelsecu Data Technology Co Ltd
Original Assignee
Shenzhen Excelsecu Data Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Excelsecu Data Technology Co Ltd filed Critical Shenzhen Excelsecu Data Technology Co Ltd
Priority to CN201810229137.2A priority Critical patent/CN108540457B/en
Publication of CN108540457A publication Critical patent/CN108540457A/en
Application granted granted Critical
Publication of CN108540457B publication Critical patent/CN108540457B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0853Network architectures or network communication protocols for network security for authentication of entities using an additional device, e.g. smartcard, SIM or a different communication terminal

Abstract

A biometric authentication control method of a security device includes: the biological authentication control module collects and authenticates the biological characteristic information of the user; if the user biological characteristic information passes the authentication, the biological authentication control module initiates an external authentication request to the transaction security chip according to a preset secret key; the transaction security chip processes the external authentication request; and if the external authentication request passes the authentication, the biological authentication of the safety equipment passes. When the secure chip of the comparator in the transaction secure chip is replaced, the secret key is correspondingly replaced, so that the authentication of the transaction secure chip still cannot be obtained, and the security of the equipment can be effectively ensured.

Description

Safety equipment and biological authentication control method and device thereof
Technical Field
The invention belongs to the field of security authentication, and particularly relates to a security device and a biometric authentication control method and device thereof.
Background
The existing safety equipment generally comprises a transaction safety chip and a biological authentication chip, when the biological authentication chip passes the biological authentication of a user, an authentication passing signal is sent to the transaction safety chip, the transaction safety chip controls the biological authentication of the safety equipment to pass, the authentication passing signal is easy to forge, and the safety is low.
Disclosure of Invention
In view of this, embodiments of the present invention provide a security device, a biometric authentication control method and a biometric authentication control apparatus thereof, so as to solve the problems in the prior art that a biometric authentication passing signal in the security device is easily forged and the security is low.
A first aspect of an embodiment of the present invention provides a biometric authentication control method for a secure device, where the secure device includes a transaction security chip and a biometric authentication control module, and the biometric authentication control method for the secure device includes:
the biological authentication control module collects and authenticates the biological characteristic information of the user;
if the user biological characteristic information passes the authentication, the biological authentication control module initiates an external authentication request to the transaction security chip according to a preset secret key;
the transaction security chip processes the external authentication request;
and if the external authentication request passes the authentication, the biological authentication of the safety equipment passes.
With reference to the first aspect, in a first possible implementation manner of the first aspect, the biometric authentication control module includes a main control MCU, a comparator security chip, and a biometric feature collector;
the steps of the biological authentication control module for collecting and authenticating the biological characteristic information of the user comprise:
the biological characteristic collector collects biological characteristic information of a user and sends the biological characteristic information to the main control MCU;
the master control MCU extracts the characteristic value of the user biological characteristic information and sends the characteristic value to the comparator safety chip;
and the comparator safety chip compares the characteristic value with a pre-stored user characteristic value, and if the comparison is passed, the user biological characteristic information passes authentication.
With reference to the first possible implementation manner of the first aspect, in a second possible implementation manner of the first aspect,
if the user biological characteristic information passes the authentication, the step that the biological authentication control module initiates an external authentication request to the transaction security chip according to a preset secret key comprises the following steps:
if the user biological characteristic information passes the authentication, the user biological characteristic information is authenticated
The master control MCU acquires the random number of the transaction security chip and sends the random number to the comparator security chip;
the comparator safety chip operates the random number according to a preset secret key to generate external authentication information and sends the external authentication information to the main control MCU;
and the master control MCU initiates an external authentication request to the transaction security chip according to the external authentication information.
With reference to the second possible implementation manner of the first aspect, in a third possible implementation manner of the first aspect, the acquiring, by the biometric acquirer, and sending the biometric information of the user to the main control MCU further includes: the biological characteristic collector enters a low power consumption mode;
the comparator security chip operates the random number according to a preset key to generate external authentication information and sends the external authentication information to the main control MCU, and the comparison method further comprises the following steps: and the comparator safety chip enters a low power consumption mode.
With reference to the first aspect, in a fourth possible implementation manner of the first aspect, the biometric feature includes one or more of a fingerprint feature, an iris feature, a face feature, or a voice feature.
With reference to the first aspect, in a fifth possible implementation manner of the first aspect, if the biometric information of the user passes authentication, the step of the biometric authentication control module initiating an external authentication request to the transaction security chip according to a preset key includes:
if the user biological characteristic information passes the authentication, the biological authentication control module searches corresponding first preset key information according to the user biological characteristic information, and the biological authentication control module initiates an external authentication request to the transaction security chip according to the first preset key information.
A second aspect of an embodiment of the present invention provides a biometric authentication control apparatus of a secure device, where the secure device includes a transaction security chip and a biometric authentication control module, and the biometric authentication control apparatus of the secure device includes:
the biometric authentication unit is used for acquiring and authenticating the biometric characteristic information of the user;
the control unit is used for initiating an external authentication request to the transaction security chip by the biological authentication control module when the biological characteristic information of the user passes the authentication;
an external authentication unit for processing the external authentication request.
With reference to the second aspect, in a first possible implementation manner of the second aspect, the biometric authentication control apparatus of the security device further includes:
and the preset key searching unit is used for searching corresponding first preset key information by the biological authentication control module according to the user biological characteristic information so that the biological authentication control module initiates an external authentication request to the transaction security chip according to the first preset key information.
A third aspect of embodiments of the present invention provides a security device, comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the steps of the biometric authentication control method of the security device according to any one of the first aspect when executing the computer program.
A fourth aspect of the embodiments of the present invention provides a computer-readable storage medium storing a computer program, wherein the computer program, when executed by a processor, implements the steps of the biometric authentication control method of the security device according to any one of the first aspect.
Compared with the prior art, the embodiment of the invention has the following beneficial effects: the method comprises the steps that biological characteristic information of a user is collected and authenticated through a biological authentication control module, if the biological characteristic information is authenticated, an external authentication request is sent to a secure transaction chip by the biological authentication control module according to a preset secret key, and if the external authentication transaction request of the secure transaction chip passes, the biological authentication of the secure device is passed. The biological authentication control module is authenticated through the external authentication request, so that the biological characteristic authentication passing message is prevented from being forged, the biological characteristic authentication passing message is more reliable, and the safety of the safety equipment is further improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a schematic system structure diagram of a security device according to an embodiment of the present invention;
fig. 2 is a schematic flow chart of an implementation of a biometric authentication control method of a security device according to an embodiment of the present invention;
fig. 3 is a schematic flow chart of an implementation of a biometric authentication control method of a security device based on an asymmetric key according to an embodiment of the present invention;
fig. 4 is a schematic flow chart of an implementation of a biometric authentication control method of a security device based on a symmetric key according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a biometric authentication control apparatus of a security device according to an embodiment of the present invention;
fig. 6 is a schematic diagram of a security device provided by an embodiment of the present invention.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the invention. It will be apparent, however, to one skilled in the art that the present invention may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present invention with unnecessary detail.
In order to explain the technical means of the present invention, the following description will be given by way of specific examples.
Fig. 1 is a schematic system structure diagram of a security device provided in an embodiment of the present application, and as shown in fig. 1, the security device includes a transaction security chip 1, a biometric authentication control module 2, wherein, the biological authentication control module 2 can comprise a main control MCU21, a comparer security chip 22 and a biological feature collector 23, a symmetric key or an asymmetric key is preset in the transaction security chip 1 and the comparator security chip 22 in the biometric authentication control module 2, for example, random numbers may be generated by the master MCU as symmetric keys to be sent to the comparator security chip 22 and the transaction security chip respectively, or an asymmetric key may be generated by the comparator security chip 22 and the private key stored, the public key may be forwarded by the master MCU21 to the transaction security chip, or an asymmetric key may be generated by the transaction security chip 1 and the private key may be stored, and the public key may be forwarded by the master MCU21 to the comparator security chip 22.
The biometric collector 23 is configured to collect biometric data, which may include one or more of fingerprint features, iris features, face features, or voice features. The fingerprint characteristics can be collected through a fingerprint sensor, the iris characteristics and the face characteristics can be collected through a camera, and the voice characteristics can be collected through a microphone.
The comparator security chip 22 may be configured to compare the biometric data collected by the biometric collector 23 with the biometric data of the user with authority pre-stored, and if the biometric data matches the biometric data of the user with authority, the user may be authenticated.
The comparator security chip 22 and the main control MCU may be the same processor, that is, the same processor extracts the biological features of the collected data and compares the extracted biological features, or may be two separate processors.
Fig. 2 is a schematic flow chart of an implementation of an authentication method based on the security device shown in fig. 1, which is detailed as follows:
in step S201, the biometric authentication control module collects and authenticates biometric information of a user;
specifically, the feature authentication control module may include a main control MCU, a comparator security chip, and a biometric collector, where the biometric collector may include one or more biometric collectors, and different verification modes may be set according to different application scenarios. For example, for an application scenario with a high security requirement, two or more features may be required to be compared, and all the features may be required to pass the comparison verification.
The biological characteristics can be collected by the biological characteristic collector, such as fingerprint, iris, palm print and the like, the main control MCU is used for extracting characteristics of the data collected by the biological characteristic collector and sending the extracted characteristic data to the comparator safety chip, the comparator safety chip is used for comparing the extracted characteristic data with the pre-stored characteristic data to judge whether the extracted characteristic data is consistent with the pre-stored characteristic data, and if the collected biological characteristic data is consistent with the pre-stored characteristic data, the biological characteristic data is legal biological characteristic data.
In step S202, if the user biometric information passes the authentication, the biometric authentication control module initiates an external authentication request to the transaction security chip according to a preset key;
after the biological characteristic data is determined to be legal biological characteristic data, whether the biological authentication control module is legal or not needs to be further verified, in the application, secret key data are arranged in a transaction security chip in advance, and the comparison device security chip is further verified, so that the condition that the authority of the secret key data in the transaction security chip is obtained after the comparison device security chip in the biological authentication control module is replaced can be avoided.
When the comparator security chip is verified, an external authentication request can be initiated through the transaction security chip, wherein the external authentication request can be used for encrypting random data by the comparator security chip, and the random data can be generated by the transaction security chip and is forwarded to the comparator security chip after being acquired by the master MUC;
or the random number can also be generated by the comparator security chip and forwarded to the security transaction chip by the main control MCU, or can also be generated by the main control MCU and respectively sent to the security transaction chip and the comparator security chip.
When the random number is generated by the transaction security chip, the comparator security chip only needs to send random encryption data to the transaction security chip, and when the random number is generated by the comparator security chip, the comparator security chip needs to send the random number and the random encryption data to the transaction security chip. The random encryption data is generated by encrypting or signing a random number by the comparator security chip.
The transaction security chip can be a smart card security chip with an ISO7816 interface or an NFC interface, and can also be a USBKEY security chip with a USB interface. .
Further, a plurality of sets of keys may be preset in the transaction security chip and the comparator security chip, and in step S202, the sending, by the biometric authentication control module, the external authentication request to the transaction security chip according to the preset keys includes: the biological authentication control module searches corresponding first preset key information according to the user biological characteristic information, and the biological authentication control module initiates an external authentication request to the transaction security chip according to the first preset key information. Different preset keys can be corresponding to different biological characteristic information, and different user authorities can be controlled by different preset keys, so that the function of controlling different user authorities through different biological characteristic information is realized.
In step S203, the transaction security chip processes the external authentication request.
In step S204, if the external authentication request passes authentication, the biometric authentication of the secure device passes.
The transaction security chip decrypts or verifies the random encrypted data according to a pre-stored key comprising a private key or a public key or a symmetric key to obtain a decryption result, and verifies the decryption result, for example, the decryption result is compared with the random number to judge whether the decryption result and the random number are the same, if the decryption result and the random number are the same, the authentication of the user on the smart card security chip can be completed through the authentication of the biometric authentication control module, and the acquired biometric characteristic is the biometric characteristic set by the user to obtain the authorization of the smart card security chip.
In addition, as an preferred implementation of this application, after the biological characteristic collector gathered user's biological characteristic, can control the biological characteristic collector gets into dormant state, work as behind the comparator security chip completion characteristic comparison and the random number encryption or signature, comparator security chip gets into dormant state. The biological characteristic collector or the comparer safety chip can be enabled to enter a working state again through a set specific key or an activation condition, so that the system power consumption can be better saved, and the standby endurance service time of the system can be prolonged. For example, the biometric characteristic collector may be triggered to enter a working state by a key, and when the biometric characteristic collector collects data, the comparator security chip is triggered to enter the working state.
The method comprises the steps that biological characteristic data of a user are collected through a biological characteristic collector, the collected biological characteristic data are compared with prestored biological characteristic data through an comparer security chip, if the collected biological characteristic data are consistent with the prestored biological characteristic data, biological characteristic verification is conducted, random numbers are encrypted or signed through the comparer security chip, the encrypted data are sent to a transaction security chip, the transaction security chip decrypts or verifies the data, whether the decrypted or verified data are legal is judged, and if the data are legal, authentication of the transaction security chip is obtained, so that the comparer security chip in the transaction security chip is replaced, and the authentication of the transaction security chip cannot be obtained due to the fact that a secret key is correspondingly replaced, and the safety of equipment can be effectively guaranteed.
Fig. 3 is a schematic implementation flow diagram of another security device method provided in the embodiment of the present application, which is detailed as follows:
in step S301, a biometric collector collects biometric data of a user and sends the biometric data to a comparator security chip through a main control MCU, and the comparator security chip compares the collected biometric data and determines that the biometric data is legal;
in step S302, when the biometric feature is legal, the comparator security chip signs or encrypts a random number through a predetermined private key or public key to generate random encrypted data, and sends the random encrypted data to the transaction security chip;
the private key or the public key is preset in the comparator security chip, and when the acquired biological characteristics are judged to be legal, the random number is signed or encrypted through the private key or the public key. The private key or the public key is paired with a public key or a private key arranged in the transaction security chip, and the paired private key and the paired public key are arranged in the comparer security chip and the transaction security chip respectively before leaving a factory.
In step S303, the transaction security chip checks or decrypts the random encrypted data according to a preset key, and determines whether to obtain authentication of the transaction security chip according to a result of the check or decryption.
In order to obtain the authentication of the security device, the user needs to obtain the biometric authentication first, and then authenticates the biometric comparator security chip that completes the biometric authentication, that is, authenticates the biometric comparator security chip through a public key or a private key preset in the transaction security chip. Because the public key or the private key arranged in the transaction security chip can not be modified, when an illegal user replaces the comparison device security chip, the replaced comparison device security chip can not be authenticated by the transaction security chip, so that the security of the comparison device security chip can be effectively ensured, and the security of the transaction security chip is correspondingly protected.
Fig. 4 is a schematic implementation flow diagram of another security device method provided in the embodiment of the present application, which is detailed as follows:
in step S401, the biometric data of the user is collected by the biometric collector and sent to the comparator security chip, and the comparator security chip compares the collected biometric data and determines that the biometric data is legal;
in step S402, when the biometric feature is legal, the comparator security chip encrypts a random number by a predetermined symmetric key to generate random encrypted data, and sends the random encrypted data to the transaction security chip;
unlike the biometric authentication control method of the security device shown in fig. 3, in the biometric authentication control method of the security device shown in fig. 4, the same symmetric key is preset in the comparator security chip and the transaction security chip, and the symmetric key may be a symmetric key based on algorithms such as AES, DES, 3DES, IDEA, FEAL, BLOWFISH, and the like.
In step S403, the transaction security chip decrypts the random encrypted data according to a preset symmetric key to obtain a decryption result, and determines whether to obtain authentication of the transaction security chip according to the decryption result.
The transaction security chip decrypts the random encrypted data of the comparator security chip according to a preset symmetric key, and because the symmetric key is the same as the symmetric key in the comparator security chip, the result of decrypting the random encrypted data can be the same as the random number, so that whether the comparator security chip is legal or not can be judged according to the comparison result, and the judgment of the comparator security chip is facilitated, and the security of the transaction security chip is ensured.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
Fig. 5 is a schematic structural diagram of a biometric authentication control apparatus of a security device according to an embodiment of the present application, where the biometric authentication control apparatus of the security device includes:
a biometric authentication unit 501 for acquiring and authenticating biometric information of a user;
a control unit 502, configured to initiate, by the biometric authentication control module, an external authentication request to the transaction security chip when the biometric information of the user passes authentication;
an external authentication unit 503, configured to process the external authentication request.
Preferably, the biometric authentication control device of the security device further includes:
and the preset key searching unit is used for searching corresponding first preset key information by the biological authentication control module according to the user biological characteristic information so that the biological authentication control module initiates an external authentication request to the transaction security chip according to the first preset key information.
The biometric authentication control apparatus of the security device shown in fig. 5 corresponds to the biometric authentication control method of the security device shown in fig. 1 to 4.
Fig. 6 is a schematic diagram of a security device provided by an embodiment of the present invention. As shown in fig. 6, the security device 6 of this embodiment includes: a processor 60, a memory 61 and a computer program 62 stored in said memory 61 and operable on said processor 60, such as an authentication program of a security device. The processor 60, when executing the computer program 62, implements the steps in the above-described embodiments of the biometric authentication control method of each secure device, such as the steps 101 to 103 shown in fig. 1. Alternatively, the processor 60, when executing the computer program 62, implements the functions of each module/unit in the above-mentioned device embodiments, for example, the functions of the modules 501 to 503 shown in fig. 5.
Illustratively, the computer program 62 may be partitioned into one or more modules/units that are stored in the memory 61 and executed by the processor 60 to implement the present invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution of the computer program 62 in the security device 6. For example, the computer program 62 may be divided into an alignment unit, an encryption unit, and an authentication unit, and each unit may specifically function as follows:
the comparison unit is used for acquiring biological characteristic data of a user by the biological characteristic acquisition unit and sending the biological characteristic data to the comparator safety chip, and the comparator safety chip compares the acquired biological characteristics and judges that the biological characteristic data is legal;
the encryption unit is used for encrypting a random number by the comparator security chip through a preset secret key to generate random encryption data when the biological characteristics are legal and sending the random encryption data to the transaction security chip;
and the authentication unit is used for decrypting the random encrypted data by the transaction security chip according to a preset secret key to obtain a decryption result and determining whether to acquire authentication of the transaction security chip according to the decryption result.
The security device may include, but is not limited to, a processor 60, a memory 61. It will be appreciated by those skilled in the art that fig. 6 is merely an example of a security device 6, and does not constitute a limitation of the security device 6, and may include more or fewer components than shown, or some components in combination, or different components, e.g. the security device may also include input output devices, network access devices, buses, etc.
The Processor 60 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), an off-the-shelf Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic, discrete hardware components, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 61 may be an internal storage unit of the secure device 6, such as a hard disk or a memory of the secure device 6. The memory 61 may also be an external storage device of the Secure device 6, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, provided on the Secure device 6. Further, the memory 61 may also include both an internal storage unit of the secure device 6 and an external storage device. The memory 61 is used for storing the computer programs and other programs and data required by the security device. The memory 61 may also be used to temporarily store data that has been output or is to be output.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules to perform all or part of the above-mentioned functions. Each functional unit and module in the embodiments may be integrated in one processing unit, or each unit may exist alone physically, or two or more units are integrated in one unit, and the integrated unit may be implemented in a form of hardware, or in a form of software functional unit. In addition, specific names of the functional units and modules are only for convenience of distinguishing from each other, and are not used for limiting the protection scope of the present application. The specific working processes of the units and modules in the system may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided in the present invention, it should be understood that the disclosed apparatus/terminal device and method may be implemented in other ways. For example, the above-described embodiments of the apparatus/terminal device are merely illustrative, and for example, the division of the modules or units is only one logical division, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated modules/units, if implemented in the form of software functional units and sold or used as separate products, may be stored in a computer readable storage medium. Based on such understanding, all or part of the flow of the method according to the embodiments of the present invention may also be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. . Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like. It should be noted that the computer readable medium may contain other components which may be suitably increased or decreased as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media which may not include electrical carrier signals and telecommunications signals in accordance with legislation and patent practice.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.

Claims (10)

1. A biological authentication control method of a safety device is characterized in that the safety device comprises a transaction safety chip and a biological authentication control module, wherein the biological authentication control module comprises a main control MCU, a comparator safety chip and a biological feature collector; the biometric authentication control method of the security device includes:
the biological authentication control module collects and authenticates the biological characteristic information of the user;
if the user biological characteristic information passes the authentication, the biological authentication control module initiates an external authentication request to the transaction security chip according to a preset secret key so as to verify whether the biological authentication control module is legal or not; the external authentication request is generated by the comparator security chip operating a random number according to a preset key;
the transaction security chip processes the external authentication request, including: the transaction security chip decrypts or verifies the random number in the external authentication request according to a pre-stored key to obtain a decryption result, and verifies the decryption result;
and if the external authentication request passes the authentication, the biological authentication of the safety equipment passes.
2. The biometric authentication control method of a security device according to claim 1,
the steps of the biological authentication control module for collecting and authenticating the biological characteristic information of the user comprise:
the biological characteristic collector collects biological characteristic information of a user and sends the biological characteristic information to the main control MCU;
the master control MCU extracts the characteristic value of the user biological characteristic information and sends the characteristic value to the comparator safety chip;
and the comparator safety chip compares the characteristic value with a pre-stored user characteristic value, and if the comparison is passed, the user biological characteristic information passes authentication.
3. The biometric authentication control method of a security device according to claim 2,
if the user biological characteristic information passes the authentication, the step that the biological authentication control module initiates an external authentication request to the transaction security chip according to a preset secret key comprises the following steps:
if the user biological characteristic information passes the authentication, the user biological characteristic information is authenticated
The master control MCU acquires the random number of the transaction security chip and sends the random number to the comparator security chip;
the comparator safety chip operates the random number according to a preset secret key to generate external authentication information and sends the external authentication information to the main control MCU;
and the master control MCU initiates an external authentication request to the transaction security chip according to the external authentication information.
4. The biometric authentication control method of a security device according to claim 3,
the biological characteristic collector collects the biological characteristic information of the user and sends the information to the main control MCU and then comprises: the biological characteristic collector enters a low power consumption mode;
the comparator security chip operates the random number according to a preset key to generate external authentication information and sends the external authentication information to the main control MCU, and the comparison method further comprises the following steps: and the comparator safety chip enters a low power consumption mode.
5. The biometric authentication control method of a security device according to claim 1, wherein the biometric feature includes one or more of a fingerprint feature, an iris feature, a face feature, or a voice feature.
6. The biometric authentication control method of a security device according to claim 1,
if the user biological characteristic information passes the authentication, the step that the biological authentication control module initiates an external authentication request to the transaction security chip according to a preset secret key comprises the following steps:
if the user biological characteristic information passes the authentication, the biological authentication control module searches corresponding first preset key information according to the user biological characteristic information, and the biological authentication control module initiates an external authentication request to the transaction security chip according to the first preset key information.
7. The biological authentication control device of the safety equipment is characterized in that the safety equipment comprises a transaction safety chip and a biological authentication control module, wherein the biological authentication control module comprises a main control MCU, a comparator safety chip and a biological characteristic collector; the biometric authentication control apparatus of the security device includes:
the biometric authentication unit is used for acquiring and authenticating the biometric characteristic information of the user;
the control unit is used for initiating an external authentication request to the transaction security chip by the biological authentication control module when the biological characteristic information of the user passes the authentication so as to verify whether the biological authentication control module is legal or not; the external authentication request is generated by the comparator security chip operating a random number according to a preset key;
an external authentication unit configured to process the external authentication request, including: and the transaction security chip decrypts or verifies the random number in the external authentication request according to a pre-stored key to obtain a decryption result, and verifies the decryption result.
8. The biometric authentication control apparatus of a security device according to claim 7, further comprising:
and the preset key searching unit is used for searching corresponding first preset key information by the biological authentication control module according to the user biological characteristic information so that the biological authentication control module initiates an external authentication request to the transaction security chip according to the first preset key information.
9. A security device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the biometric authentication control method of the security device according to any one of claims 1 to 6 when executing the computer program.
10. A computer-readable storage medium storing a computer program, wherein the computer program when executed by a processor implements the steps of the biometric authentication control method of a security device according to any one of claims 1 to 6.
CN201810229137.2A 2018-03-20 2018-03-20 Safety equipment and biological authentication control method and device thereof Active CN108540457B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810229137.2A CN108540457B (en) 2018-03-20 2018-03-20 Safety equipment and biological authentication control method and device thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810229137.2A CN108540457B (en) 2018-03-20 2018-03-20 Safety equipment and biological authentication control method and device thereof

Publications (2)

Publication Number Publication Date
CN108540457A CN108540457A (en) 2018-09-14
CN108540457B true CN108540457B (en) 2021-09-17

Family

ID=63484929

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810229137.2A Active CN108540457B (en) 2018-03-20 2018-03-20 Safety equipment and biological authentication control method and device thereof

Country Status (1)

Country Link
CN (1) CN108540457B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11201745B2 (en) * 2019-01-10 2021-12-14 International Business Machines Corporation Method and system for privacy preserving biometric authentication
JP2020521341A (en) 2019-03-29 2020-07-16 アリババ・グループ・ホールディング・リミテッドAlibaba Group Holding Limited Cryptographic key management based on identification information
AU2019204724C1 (en) 2019-03-29 2021-12-09 Advanced New Technologies Co., Ltd. Cryptography chip with identity verification
CN110999254B (en) 2019-03-29 2023-02-28 创新先进技术有限公司 Securely performing cryptographic operations
SG11201908931TA (en) 2019-03-29 2019-10-30 Alibaba Group Holding Ltd Cryptographic key management based on identity information
CN111226450A (en) * 2019-11-26 2020-06-02 深圳市汇顶科技股份有限公司 External security authentication device, man-machine interaction device, communication system and authentication method

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5121681B2 (en) * 2008-04-30 2013-01-16 株式会社日立製作所 Biometric authentication system, authentication client terminal, and biometric authentication method
CN102316449B (en) * 2010-07-07 2014-04-16 国民技术股份有限公司 Security terminal system and authentication and interruption method thereof
CN101986597A (en) * 2010-10-20 2011-03-16 杭州晟元芯片技术有限公司 Identity authentication system with biological characteristic recognition function and authentication method thereof
CN104506315A (en) * 2014-08-28 2015-04-08 金硕澳门离岸商业服务有限公司 Method, equipment and system for biometric authentication
CN106157031A (en) * 2015-04-08 2016-11-23 董建飞 The method and device of intelligent card payment transaction configuration item is set after biological identification success
CN105450419B (en) * 2015-05-05 2018-07-27 北京天诚盛业科技有限公司 Improve the methods, devices and systems of biometric identification security
CN106899551B (en) * 2015-12-21 2020-04-17 中国电信股份有限公司 Authentication method, authentication terminal and system

Also Published As

Publication number Publication date
CN108540457A (en) 2018-09-14

Similar Documents

Publication Publication Date Title
CN108540457B (en) Safety equipment and biological authentication control method and device thereof
US10681025B2 (en) Systems and methods for securely managing biometric data
CN107079034B (en) Identity authentication method, terminal equipment, authentication server and electronic equipment
CN110677418B (en) Trusted voiceprint authentication method and device, electronic equipment and storage medium
CN110334503B (en) Method for unlocking one device by using the other device
US9800562B2 (en) Credential recovery
US9218473B2 (en) Creation and authentication of biometric information
WO2021004519A1 (en) Data security processing terminal, system and method
CN107733636B (en) Authentication method and authentication system
KR101724401B1 (en) Certification System for Using Biometrics and Certification Method for Using Key Sharing and Recording medium Storing a Program to Implement the Method
US10880091B2 (en) Control method for enrolling face template data and related product
CN111401901A (en) Authentication method and device of biological payment device, computer device and storage medium
JP2011165102A (en) Biometrics authentication system and portable terminal
US20190019189A1 (en) Payment authentication
CN110807854B (en) Unlocking strategy configuration method and equipment
KR101856530B1 (en) Encryption system providing user cognition-based encryption protocol and method for processing on-line settlement, security apparatus and transaction approval server using thereof
KR101500947B1 (en) Creation and authentication of biometric information
CN115935318A (en) Information processing method, device, server, client and storage medium
CN111758243A (en) Mobile storage device, storage system and storage method
CN108243156B (en) Method and system for network authentication based on fingerprint key
WO2020260483A1 (en) Provisioning biometrics tokens
CN113191778A (en) Identity authentication method and identity authentication device
CN115798082A (en) Safety control method for intelligent electronic lock, intelligent electronic lock and electronic equipment
CN115884171A (en) Security data acquisition method based on entity key authentication and session key encryption
CN114091088A (en) Method and apparatus for improving communication security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant