CN108923931A - A kind of electronic certificate processing method, equipment and computer readable storage medium - Google Patents

Abstract

The embodiment of the invention discloses a kind of electronic certificate processing methods, wherein the method includes：The first image is obtained, the first image includes the corresponding first photoresponse lack of uniformity PRNU information of camera of contracting terminal；Obtain corresponding first biometric information of the first communication account logged on contracting terminal；According to the first PRNU information and the first biometric information, electronic certificate is obtained；Wherein, electronic certificate allows to execute the authorization message of the first business operation on contracting terminal when the communication account logged on contracting terminal is the first communication account for indicating；According to electronic certificate, the first business operation is executed.The embodiment of the invention also discloses a kind of equipment and computer readable storage mediums.By implementing above scheme, a kind of solution for preventing electronic certificate stolen is provided.

Description

A kind of electronic certificate processing method, equipment and computer readable storage medium

Technical field

The present invention relates to information technology field more particularly to a kind of electronic certificate processing methods, equipment and computer-readable Storage medium.

Background technique

With the rapid development of Internet technology and information technology, electronic certificate using more and more extensive.Electronic certificate Also digital certificates are, digital certificates can be considered that online identity is demonstrate,proved.Electronic certificate is frequently used in identification user identity, electronic transaction Relevant scene.

Electronic certificate has the characteristics that keep its integrality and confidentiality in electronics transmit process.

But electronic certificate still has the possibility being illegally accessed, and how to prevent stolen become of electronic certificate from needing It solves the problems, such as.

Summary of the invention

In view of this, an embodiment of the present invention is intended to provide a kind of electronic certificate processing method, equipment and computer-readable depositing Storage media provides a kind of solution for preventing electronic certificate stolen.

What the technical solution of the embodiment of the present invention was realized in：

In a first aspect, the embodiment of the present invention provides a kind of electronic certificate processing method, it is applied to contracting terminal, the method Including：

The first image is obtained, the first image includes that corresponding first photoresponse of camera of the contracting terminal is uneven Weighing apparatus property PRNU information；

Obtain corresponding first biometric information of the first communication account logged on the contracting terminal；

According to the first PRNU information and first biometric information, the electronic certificate is obtained；Wherein, described Electronic certificate allows when the communication account logged on the contracting terminal is first communication account described for indicating The authorization message of the first business operation is executed on contracting terminal；

According to the electronic certificate, first business operation is executed.

Second aspect, the embodiment of the present invention provide a kind of electronic certificate processing method, are applied to server, the method packet It includes：

It receives the electronic certificate that contracting terminal is sent and generates request, the electronic certificate generates request and includes：The signing The mark of terminal, the first image acquired on the contracting terminal, the first communication account logged on the contracting terminal Mark and corresponding first biometric information of first communication account；

The first PRNU information is extracted from the first image；

According to the first PRNU information and first biometric information, electronic certificate, the electronic certificate are generated For indicating to allow the contracting terminal to hold when the communication account logged on the contracting terminal is first communication account The authorization message of the first business operation of row；

The electronic certificate is sent to the contracting terminal.

The third aspect, the embodiment of the present invention provide a kind of terminal, and the terminal is contracting terminal, and the contracting terminal is at least Including：Memory, communication bus and processor, wherein：

The memory, for storing electronic certificate processing routine；

The communication bus, for realizing the connection communication between processor and memory；

The processor, for executing the electronic certificate processing routine stored in memory, to realize following steps：

The first image is obtained, the first image includes that corresponding first photoresponse of camera of the contracting terminal is uneven Weighing apparatus property PRNU information；

Obtain corresponding first biometric information of the first communication account logged on the contracting terminal；

According to the first PRNU information and first biometric information, the electronic certificate is obtained；Wherein, described Electronic certificate allows when the communication account logged on the contracting terminal is first communication account described for indicating The authorization message of the first business operation is executed on contracting terminal；

According to the electronic certificate, first business operation is executed.

Fourth aspect, the embodiment of the present invention provide a kind of server, and second network equipment includes at least：Memory, Communication bus and processor, wherein：

The memory, for storing electronic certificate processing routine；

The communication bus, for realizing the connection communication between processor and memory；

The processor, for executing the electronic certificate processing routine stored in memory, to realize following steps：

It receives the electronic certificate that contracting terminal is sent and generates request, the electronic certificate generates request and includes：The signing The mark of terminal, the first image acquired on the contracting terminal, the first communication account logged on the contracting terminal Mark and corresponding first biometric information of first communication account；

The first PRNU information is extracted from the first image；

According to the first PRNU information and first biometric information, electronic certificate, the electronic certificate are generated For indicating to allow the contracting terminal to hold when the communication account logged on the contracting terminal is first communication account The authorization message of the first business operation of row；

The electronic certificate is sent to the contracting terminal.

5th aspect, the embodiment of the present invention provide a kind of computer readable storage medium, the computer-readable storage medium It is stored with electronic certificate processing routine in matter, such as above-mentioned first party is realized when the electronic certificate processing routine is executed by processor Described in face the step of electronic certificate processing method, alternatively, being realized such as when the electronic certificate processing routine is executed by processor Described in above-mentioned second aspect the step of electronic certificate processing method.

In embodiments of the present invention, using the above scheme, by obtaining the first image, the first image includes contracting terminal The corresponding first photoresponse lack of uniformity PRNU information of camera；It is corresponding to obtain the first communication account logged on contracting terminal The first biometric information；According to the first PRNU information and the first biometric information, electronic certificate is obtained；Wherein, electronics Voucher allows to execute the on contracting terminal for indicating when the communication account logged on contracting terminal is the first communication account The authorization message of one business operation；According to electronic certificate, the first business operation is executed.Technical solution provided in an embodiment of the present invention Electronic certificate can be prevented stolen.

Detailed description of the invention

A kind of hardware structural diagram of Fig. 1 mobile terminal of each embodiment to realize the present invention；

Fig. 2 is a kind of communications network system architecture diagram provided in an embodiment of the present invention；

Fig. 3 is the flow diagram one of electronic certificate processing method provided in an embodiment of the present invention；

Fig. 4 is the flow diagram two of electronic certificate processing method provided in an embodiment of the present invention；

Fig. 5 is the interaction flow schematic diagram one of electronic certificate processing method provided in an embodiment of the present invention；

Fig. 6 is the interaction flow schematic diagram two of electronic certificate processing method provided in an embodiment of the present invention；

Fig. 7 provides the structural schematic diagram of terminal for the embodiment of the present invention；

Fig. 8 provides the structural schematic diagram of server for the embodiment of the present invention.

Specific embodiment

It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not intended to limit the present invention.

In subsequent description, it is only using the suffix for indicating such as " module ", " component " or " unit " of element Be conducive to explanation of the invention, itself there is no a specific meaning.Therefore, " module ", " component " or " unit " can mix Ground uses.

Terminal can be implemented in a variety of manners.For example, terminal described in the present invention may include such as mobile phone, plate Computer, laptop, palm PC, personal digital assistant (Personal Digital Assistant, PDA), portable Media player (Portable Media Player, PMP), navigation device, wearable device, Intelligent bracelet, pedometer etc. move The fixed terminals such as dynamic terminal, and number TV, desktop computer.

It will be illustrated by taking mobile terminal as an example in subsequent descriptions, it will be appreciated by those skilled in the art that in addition to special Except element for moving purpose, the construction of embodiment according to the present invention can also apply to the terminal of fixed type.

Referring to Fig. 1, a kind of hardware structural diagram of its mobile terminal of each embodiment to realize the present invention, the shifting Moving terminal 100 may include：RF (Radio Frequency, radio frequency) unit 101, WiFi module 102, audio output unit 103, A/V (audio/video) input unit 104, sensor 105, display unit 106, user input unit 107, interface unit 108, the components such as memory 109, processor 110 and power supply 111.It will be understood by those skilled in the art that shown in Fig. 1 Mobile terminal structure does not constitute the restriction to mobile terminal, and mobile terminal may include components more more or fewer than diagram, Perhaps certain components or different component layouts are combined.

It is specifically introduced below with reference to all parts of the Fig. 1 to mobile terminal：

Radio frequency unit 101 can be used for receiving and sending messages or communication process in, signal sends and receivees, specifically, by base station Downlink information receive after, to processor 110 handle；In addition, the data of uplink are sent to base station.In general, radio frequency unit 101 Including but not limited to antenna, at least one amplifier, transceiver, coupler, low-noise amplifier, duplexer etc..In addition, penetrating Frequency unit 101 can also be communicated with network and other equipment by wireless communication.Any communication can be used in above-mentioned wireless communication Standard or agreement, including but not limited to GSM (Global System of Mobile communication, global system for mobile telecommunications System), GPRS (General Packet Radio Service, general packet radio service), CDMA2000 (Code Division Multiple Access 2000, CDMA 2000), WCDMA (Wideband Code Division Multiple Access, wideband code division multiple access), TD-SCDMA (Time Division-Synchronous Code Division Multiple Access, TD SDMA), FDD-LTE (Frequency Division Duplexing-Long Term Evolution, frequency division duplex long term evolution) and TDD-LTE (Time Division Duplexing-Long Term Evolution, time division duplex long term evolution) etc..

WiFi belongs to short range wireless transmission technology, and mobile terminal can help user to receive and dispatch electricity by WiFi module 102 Sub- mail, browsing webpage and access streaming video etc., it provides wireless broadband internet access for user.Although Fig. 1 shows Go out WiFi module 102, but it is understood that, and it is not belonging to must be configured into for mobile terminal, it completely can be according to need It to omit within the scope of not changing the essence of the invention.

Audio output unit 103 can be in call signal reception pattern, call mode, record mould in mobile terminal 100 When under the isotypes such as formula, speech recognition mode, broadcast reception mode, by radio frequency unit 101 or WiFi module 102 it is received or The audio data stored in memory 109 is converted into audio signal and exports to be sound.Moreover, audio output unit 103 Audio output relevant to the specific function that mobile terminal 100 executes can also be provided (for example, call signal receives sound, disappears Breath receives sound etc.).Audio output unit 103 may include loudspeaker, buzzer etc..

A/V input unit 104 is for receiving audio or video signal.A/V input unit 104 may include graphics processor (Graphics Processing Unit, GPU) 1041 and microphone 1042, graphics processor 1041 is in video acquisition mode Or the image data of the static images or video obtained in image capture mode by image capture apparatus (such as camera) carries out Reason.Treated, and picture frame may be displayed on display unit 106.Through graphics processor 1041, treated that picture frame can be deposited Storage is sent in memory 109 (or other storage mediums) or via radio frequency unit 101 or WiFi module 102.Mike Wind 1042 can connect in telephone calling model, logging mode, speech recognition mode etc. operational mode via microphone 1042 Quiet down sound (audio data), and can be audio data by such acoustic processing.Audio that treated (voice) data can To be converted to the format output that can be sent to mobile communication base station via radio frequency unit 101 in the case where telephone calling model. Microphone 1042 can be implemented various types of noises elimination (or inhibition) algorithms and send and receive sound to eliminate (or inhibition) The noise generated during frequency signal or interference.

Mobile terminal 100 further includes at least one sensor 105, such as optical sensor, motion sensor and other biographies Sensor.Specifically, optical sensor includes ambient light sensor and proximity sensor, wherein ambient light sensor can be according to environment The light and shade of light adjusts the brightness of display panel 1061, and proximity sensor can close when mobile terminal 100 is moved in one's ear Display panel 1061 and/or backlight.As a kind of motion sensor, accelerometer sensor can detect in all directions (general For three axis) size of acceleration, it can detect that size and the direction of gravity when static, can be used to identify the application of mobile phone posture (such as horizontal/vertical screen switching, dependent game, magnetometer pose calibrating), Vibration identification correlation function (such as pedometer, percussion) etc.； The fingerprint sensor that can also configure as mobile phone, pressure sensor, iris sensor, molecule sensor, gyroscope, barometer, The other sensors such as hygrometer, thermometer, infrared sensor, details are not described herein.

Display unit 106 is for showing information input by user or being supplied to the information of user.Display unit 106 can wrap Display panel 1061 is included, liquid crystal display (Liquid Crystal Display, LCD), Organic Light Emitting Diode can be used Forms such as (Organic Light-Emitting Diode, OLED) configure display panel 1061.

User input unit 107 can be used for receiving the number or character information of input, and generate the use with mobile terminal Family setting and the related key signals input of function control.Specifically, user input unit 107 may include touch panel 1071 with And other input equipments 1072.Touch panel 1071, also referred to as touch screen collect the touch operation of user on it or nearby (for example user uses any suitable objects or attachment such as finger, stylus on touch panel 1071 or in touch panel 1071 Neighbouring operation), and corresponding attachment device is driven according to preset formula.Touch panel 1071 may include touch detection Two parts of device and touch controller.Wherein, the touch orientation of touch detecting apparatus detection user, and detect touch operation band The signal come, transmits a signal to touch controller；Touch controller receives touch information from touch detecting apparatus, and by it It is converted into contact coordinate, then gives processor 110, and order that processor 110 is sent can be received and executed.In addition, can To realize touch panel 1071 using multiple types such as resistance-type, condenser type, infrared ray and surface acoustic waves.In addition to touch panel 1071, user input unit 107 can also include other input equipments 1072.Specifically, other input equipments 1072 can wrap It includes but is not limited in physical keyboard, function key (such as volume control button, switch key etc.), trace ball, mouse, operating stick etc. It is one or more, specifically herein without limitation.

Further, touch panel 1071 can cover display panel 1061, when touch panel 1071 detect on it or After neighbouring touch operation, processor 110 is sent to determine the type of touch event, is followed by subsequent processing device 110 according to touch thing The type of part provides corresponding visual output on display panel 1061.Although in Fig. 1, touch panel 1071 and display panel 1061 be the function that outputs and inputs of realizing mobile terminal as two independent components, but in certain embodiments, it can The function that outputs and inputs of mobile terminal is realized so that touch panel 1071 and display panel 1061 is integrated, is not done herein specifically It limits.

Interface unit 108 be used as at least one external device (ED) connect with mobile terminal 100 can by interface.For example, External device (ED) may include wired or wireless headphone port, external power supply (or battery charger) port, wired or nothing Line data port, memory card port, the port for connecting the device with identification module, audio input/output (I/O) end Mouth, video i/o port, ear port etc..Interface unit 108 can be used for receiving the input from external device (ED) (for example, number It is believed that breath, electric power etc.) and the input received is transferred to one or more elements in mobile terminal 100 or can be with For transmitting data between mobile terminal 100 and external device (ED).

Memory 109 can be used for storing software program and various data.Memory 109 can mainly include storing program area The storage data area and, wherein storing program area can (such as the sound of application program needed for storage program area, at least one function Sound playing function, image player function etc.) etc.；Storage data area can store according to mobile phone use created data (such as Audio data, phone directory etc.) etc..In addition, memory 109 may include high-speed random access memory, it can also include non-easy The property lost memory, a for example, at least disk memory, flush memory device or other volatile solid-state parts.

Processor 110 is the control centre of mobile terminal, utilizes each of various interfaces and the entire mobile terminal of connection A part by running or execute the software program and/or module that are stored in memory 109, and calls and is stored in storage Data in device 109 execute the various functions and processing data of mobile terminal, to carry out integral monitoring to mobile terminal.Place Managing device 110 may include one or more processing units；Preferably, processor 110 can integrate application processor and modulatedemodulate is mediated Manage device, wherein the main processing operation system of application processor, user interface and application program etc., modem processor is main Processing wireless communication.It is understood that above-mentioned modem processor can not also be integrated into processor 110.

Mobile terminal 100 can also include the power supply 111 (such as battery) powered to all parts, it is preferred that power supply 111 Can be logically contiguous by power-supply management system and processor 110, to realize management charging by power-supply management system, put The functions such as electricity and power managed.

Although Fig. 1 is not shown, mobile terminal 100 can also be including bluetooth module etc., and details are not described herein.

Embodiment to facilitate the understanding of the present invention, the communications network system that mobile terminal of the invention is based below into Row description.

Referring to Fig. 2, Fig. 2 is a kind of communications network system architecture diagram provided in an embodiment of the present invention, the communication network system System is the LTE system of universal mobile communications technology, which includes UE (User Equipment, the use of successively communication connection Family equipment) (the land Evolved UMTS Terrestrial Radio Access Network, evolved UMTS 201, E-UTRAN Ground wireless access network) 202, EPC (Evolved Packet Core, evolved packet-based core networks) 203 and operator IP operation 204。

Specifically, UE201 can be above-mentioned terminal 100, and details are not described herein again.

E-UTRAN202 includes eNodeB2021 and other eNodeB2022 etc..Wherein, eNodeB2021 can be by returning Journey (backhaul) (such as X2 interface) is connect with other eNodeB2022, and eNodeB2021 is connected to EPC203, ENodeB2021 can provide the access of UE201 to EPC203.

EPC203 may include MME (Mobility Management Entity, mobility management entity) 2031, HSS (Home Subscriber Server, home subscriber server) 2032, other MME2033, SGW (Serving Gate Way, Gateway) 2034, PGW (PDN Gate Way, grouped data network gateway) 2035 and PCRF (Policy and Charging Rules Function, policy and rate functional entity) 2036 etc..Wherein, MME2031 be processing UE201 and The control node of signaling, provides carrying and connection management between EPC203.HSS2032 is all to manage for providing some registers Such as the function of home location register (not shown) etc, and preserves some related service features, data rates etc. and use The dedicated information in family.All customer data can be sent by SGW2034, and PGW2035 can provide the IP of UE 201 Address distribution and other functions, PCRF2036 are strategy and the charging control strategic decision-making of business data flow and IP bearing resource Point, it selects and provides available strategy and charging control decision with charge execution function unit (not shown) for strategy.

IP operation 204 may include internet, Intranet, IMS (IP Multimedia Subsystem, IP multimedia System) or other IP operations etc..

Although above-mentioned be described by taking LTE system as an example, those skilled in the art should know the present invention is not only Suitable for LTE system, be readily applicable to other wireless communication systems, such as GSM, CDMA2000, WCDMA, TD-SCDMA with And the following new network system etc., herein without limitation.

Based on above-mentioned mobile terminal hardware configuration and communications network system, each embodiment of the method for the present invention is proposed.

Electronic certificate involved in the embodiment of the present invention can be a string of ID, two dimensional code, electronic ID card etc., electronic certificate It is taken on the sly or is stolen perhaps existing during being checked on the contracting terminal for get electronic certificate by network transmission The possibility taken.Illegal user may cause the personal information of the electronic certificate owner, the damage of personal property after stealing electronic certificate It loses, the embodiment of the present invention is intended to provide a kind of acquisition methods of electronic certificate that electronic certificate can be prevented stolen.

Application by taking contracting terminal and server as an example to electronic certificate processing method provided in an embodiment of the present invention below Scene and embodiment are illustrated.

In embodiments of the present invention, the client of application can be deployed on contracting terminal, server can be to provide to answer With the server of service.Contracting terminal can be communicated by client with the server-side on server.Server can root According to the communication account or account working logged in client, determine communication account or the corresponding service authority of account working or Digitalization resource generates the electronic certificate of the communication account or account working.Client on contracting terminal is getting electricity The corresponding service authority of electronic certificate or digitalization resource can be used after sub- voucher.Illustratively, service authority can be The call permission that the duration of call is 1 month, digitalization resource can be 10,000 yuan etc. stored in fund account.

Electronic certificate processing method provided in an embodiment of the present invention can apply transmission process and use in electronic certificate In the process.

Separately below by taking contracting terminal and server as an example to electronic certificate processing method provided in an embodiment of the present invention into Row explanation.

The embodiment of the present invention provides a kind of electronic certificate processing method, and the executing subject of the embodiment of the present invention can be for eventually End, which can contract on the server the permission for executing the first business operation, and therefore, which is properly termed as signing eventually End.Fig. 3 is the flow diagram one of electronic certificate processing method provided in an embodiment of the present invention, as shown in figure 3, the method can To include the following steps：

Step S301, obtains the first image, and the first image includes the corresponding first PRNU information of camera of contracting terminal.

In embodiments of the present invention, due to production technology, there are some digital imagery defects for camera, this to lack It falls into the image for showing camera shooting, is properly termed as uneven (the Photo Response Non- of photoresponse of camera Uniformity, PRNU) information, the PRNU of each camera is different.For example, the PRNU information of a camera May include, the camera shooting image in, positioned at position A pixel color-values than subject true color values Low one approximate fixed numerical value, positioned at the color-values of the pixel of a position B approximation higher than the true color values of subject Fixed numerical value.Since the different corresponding PRNU information of camera is different, it can be imaged PRNU information as differentiation A kind of identification information of head, it is possible to further identify different terminals according to the PRNU information of camera.

In embodiments of the present invention, the camera that can use contracting terminal acquires the first image.In other realities of the invention It applies in example, can also include detection information in the first image, detection information is for guaranteeing that the first image is being extracted the first PRNU It is damaged after information, to guarantee that the first image can only be extracted a first PRNU information, and then guarantees that the first image is passing Safety during defeated.In other embodiments of the present invention, detection information, which can be, is added to the first figure using software technology As in.

Step S302 obtains corresponding first biometric information of the first communication account logged on contracting terminal.

In embodiments of the present invention, a variety of applications (Application, APP) can be provided on contracting terminal, it is exemplary Ground, can install that there are many clients on contracting terminal.Communication account or business can be inputted using the user of contracting terminal The title of account, to log in the client on contracting terminal.

In embodiments of the present invention, biometric information can be adopted by camera or biometric information acquisition equipment Collection.Biometric information can be face, fingerprint, iris, sound wave etc..Biometric information can be used as certification communication account Password.Illustratively, the first biometric information can be used as the close of the client on the first communication account login contracting terminal Code.In other embodiments of the present invention, the first biometric information can also be used as the mark of the first communication account.

Step S303 obtains electronic certificate according to the first PRNU information and the first biometric information；Wherein, electronics with Card is for indicating that permission executes first on contracting terminal when the communication account logged on contracting terminal is the first communication account The authorization message of business operation.

In embodiments of the present invention, above-mentioned according to the first PRNU information and the first biometric information, obtain electronic certificate It can implement in the following ways.

In the first embodiment, contracting terminal can be according to the first PRNU information and the first biometric information, directly Obtain the electronic certificate for taking and not encrypting.

In one example, contracting terminal can send electronic certificate to server and generate request, wherein electronic certificate generates Request may include：The first image comprising the first PRNU information, and, the mark of contracting terminal.Server is receiving After generating request to electronic certificate, the first PRNU information is extracted from the first image, according to the mark of contracting terminal, from server The corresponding signing PRNU information of mark of contracting terminal is searched in memory, then, by the first PRNU information and signing PRNU information is compared, if comparison result be it is consistent, confirmation verify successfully, i.e., confirmation electronic certificate generation request is by contracting What terminal was sent, after verifying successfully, server can generate the corresponding electronic certificate of the contracting terminal, by electronic certificate It is sent to contracting terminal.In other embodiments of the present invention, the corresponding signing PRNU information of contracting terminal can be contracting terminal It is sent to server sending before electronic certificate generates request to server, and is stored in the memory of itself by server 's.

In the second embodiment, contracting terminal can also be first according to the first PRNU information and/or the first bio-identification Information obtains the electronic certificate of encryption, and then, contracting terminal can be further according to the first PRNU information and/or the first bio-identification Information obtains the electronic certificate of decryption.

It should be noted that the electronic certificate of encryption can be and be added by server according to the corresponding PRNU information of contracting terminal Contracting terminal is sent to after close, wherein the corresponding PRNU information of contracting terminal can be the first PRNU information or server The signing PRNU information of the contracting terminal of itself storage.

In one example, contracting terminal can send electronic certificate to server and generate request, wherein electronic certificate generates Request may include：The mark of contracting terminal, the mark of the first communication account, the first biometric information.Server is receiving After generating request to electronic certificate, the first communication is inquired from the memory of server itself according to the mark of the first communication account First biometric information is compared by the corresponding signing biometric information of account with signing biometric information, if than Relatively result be it is consistent, confirmation verify successfully, i.e. confirmation electronic certificate generation requests to be signing by being logged in the first communication account What terminal was sent, electronic certificate is generated, then, server can be according to the mark of contracting terminal from the memory of server itself The corresponding signing PRNU information of middle inquiry contracting terminal, using the corresponding PRNU information of contracting terminal as encryption code key, to electronics Voucher is encrypted, and the electronic certificate of encryption is sent to contracting terminal.

In another example, contracting terminal can send electronic certificate to server and generate request, wherein electronic certificate is raw May include at request：The first image comprising the first PRNU information, and, the mark of contracting terminal.Server is connecing After receiving electronic certificate generation request, the first PRNU information is extracted from the first image, according to the mark of contracting terminal, from service The corresponding signing PRNU information of mark of contracting terminal is searched in device memory, then, by the first PRNU information and signing PRNU information is compared, if comparison result be it is consistent, confirmation verify successfully, i.e., confirmation electronic certificate generation request is by contracting What terminal was sent, after verifying successfully, server can also be right using the corresponding PRNU information of contracting terminal as encryption code key Electronic certificate is encrypted, and the electronic certificate of encryption is sent to contracting terminal.Wherein, the corresponding PRNU information of contracting terminal It can be corresponding for the first PRNU information or the signing PRNU information of the contracting terminal of server itself storage, the first communication account Biometric information can be raw for the signing for the first communication account that the first biometric information or server itself store Object identification information.

In another example, contracting terminal can send electronic certificate to server and generate request, wherein electronic certificate is raw May include at request：The first image comprising the first PRNU information, and, the mark of contracting terminal, the first communication account The mark at family, the first biometric information.Server extracts the after receiving electronic certificate and generating request from the first image One PRNU information searches the corresponding label of mark of contracting terminal according to the mark of contracting terminal from server memory About PRNU information searches the mark of the first communication account according to the mark of the first communication account from server memory Then first PRNU information is compared with signing PRNU information, the first biology is known by corresponding signing biometric information Other information is compared with signing biometric information, if comparison result be it is consistent, confirmation verify successfully, that is, confirm electronics with Card, which generates request, to be sent by being logged in the contracting terminal of the first communication account, and after verify successfully, server can be by The corresponding PRNU information of contracting terminal, and/or, the corresponding biometric information of the first communication account is as encryption code key, to electricity Sub- voucher is encrypted, and the electronic certificate of encryption is sent to contracting terminal.Wherein, the corresponding PRNU information of contracting terminal can Think that the signing PRNU information of the contracting terminal of the first PRNU information or server itself storage, the first communication account are corresponding Biometric information can be the signing biology of the first biometric information or the first communication account of server itself storage Identification information.

For example, server can using the corresponding PRNU information of contracting terminal as encryption code key, to electronic certificate into Row encryption, and the electronic certificate of encryption is sent to contracting terminal；Alternatively, server can be by the corresponding life of the first communication account Object identification information encrypts electronic certificate, and the electronic certificate of encryption is sent to contracting terminal as encryption code key.

In embodiments of the present invention, contracting terminal, can be by the first PRNU information after getting the electronic certificate of encryption As decryption code key, the electronic certificate of encryption is decrypted, the electronic certificate decrypted.Alternatively, contracting terminal can benefit The second image is shot with camera, the 2nd PRNU information is extracted from the second image, then using the 2nd PRNU information as decryption Code key obtains the electronic certificate of decryption.

In other embodiments of the present invention, server can also be using other code key conducts negotiated in advance with contracting terminal Encryption secret key pair electronic certificate can encrypt.

Step S304 executes the first business operation according to electronic certificate.

In embodiments of the present invention, contracting terminal can extract the first industry after obtaining electronic certificate from electronic certificate The mark of business operation, then executes the first business operation on contracting terminal.First business operation for example can be whole in signing Application program is opened on end or using the subfunction etc. in application program.Illustratively, application program can be opening game Using, payment application, communications applications, subfunction in game application for example can for pay-per-play scene, only allow specific use The scene of game etc. that family is opened, the subfunction paid in application for example can be to exempt from password payment function etc., in communications applications Subfunction can be for example unlatching video call function etc..

In other embodiments of the present invention, the electronic certificate of encryption can be receives from server, be also possible to from It is read in the memory of contracting terminal itself.It is decrypted in electronic certificate of the contracting terminal to encryption, the electricity decrypted Sub- voucher, and according to the electronic certificate of decryption execute the first business operation after, contracting terminal can be by the electronic certificate of decryption Delete so that it is subsequent need to be implemented the first business operation when, re-execute and obtain the first image and the first communication account pair The first biometric information answered, according in the first image the first PRNU information and the first biometric information obtain electronics with The step of card.

In other embodiments of the present invention, before obtaining electronic certificate and generating request, the available business of contracting terminal Request, service request can be what user initiated in the client on contracting terminal, which can be used for draw lots before idols About terminal executes the first business operation, and then, contracting terminal can obtain electronic certificate according to service request.The present invention other In embodiment, contracting terminal can send electronic certificate to server and generate request, wherein the mark of the first business operation is carried, So that server generates after carrying out proof of identity success to contracting terminal and executes the first industry comprising above-mentioned permission contracting terminal The electronic certificate for the authorization message operated of being engaged in.

In other embodiments of the present invention, server can also be using the public key negotiated in advance to corresponding according to contracting terminal The electronic certificate that is encrypted as encryption key of PRNU information carry out secondary encryption, and by the electronics Jing Guo secondary encryption with Card is sent to contracting terminal.Correspondingly, contracting terminal is receiving after the electronic certificate of secondary encryption, can be first according to pre- The private key corresponding with public key first negotiated tentatively decrypts the electronic certificate Jing Guo secondary encryption, later, can will contract Decruption key of the corresponding PRNU information of terminal as secondary decryption carries out secondary solution to the electronic certificate after tentatively decrypting It is close, the original electronic certificate after obtaining secondary decryption.

In embodiments of the present invention, using the above scheme, by obtaining the first image, the first image includes that the signing is whole The corresponding first photoresponse lack of uniformity PRNU information of the camera at end；Obtain the first communication account logged on contracting terminal Corresponding first biometric information；According to the first PRNU information and the first biometric information, electronic certificate is obtained；Wherein, Electronic certificate is for indicating that permission is held on contracting terminal when the communication account logged on contracting terminal is the first communication account The authorization message of the first business operation of row；According to electronic certificate, the first business operation is executed.Technology provided in an embodiment of the present invention Scheme can prevent electronic certificate stolen.

In other embodiments of the present invention, on the one hand, server is generating the electronic certificate for needing to issue to contracting terminal Afterwards, use the PRNU information of contracting terminal to encrypt as the input parameter of Encryption Algorithm to electronic certificate, be then sent to Contracting terminal, it is ensured that the safety in the transmission process for issuing electronic certificate to contracting terminal.On the other hand, work as signing It, can be using the PRNU information of contracting terminal as encryption when terminal is needed using electronic certificate to server requested service permission The input parameter of algorithm encrypts electronic certificate, is then sent to server, it is ensured that the service authority for acquisition The electronic certificate of encryption be that server is sent to by the corresponding contracting terminal of electronic certificate, thereby may be ensured that the electronics with Card can only use on the contracting terminal.

The embodiment of the present invention provides a kind of electronic certificate processing method, and the executing subject of the embodiment of the present invention can be service Device, Fig. 4 is the flow diagram two of electronic certificate processing method provided in an embodiment of the present invention, as shown in figure 4, the method can To include the following steps：

Step S401 receives the electronic certificate that contracting terminal is sent and generates request；Wherein, electronic certificate generate request can be with Including：The mark of contracting terminal, the first image acquired on contracting terminal, the first communication account logged on contracting terminal Mark and corresponding first biometric information of the first communication account.

In other embodiments of the present invention, electronic certificate generates the mark that request can also include the first business operation.

Step S402 extracts the first PRNU information from the first image.

Wherein, server can use PRNU extraction algorithm and extract the first PRNU information from the first image.

Step S403 generates electronic certificate according to the first PRNU information and the first biometric information, and electronic certificate is used for It indicates to allow contracting terminal to execute the first business operation when the communication account logged on contracting terminal is the first communication account Authorization message.

Wherein, the technical solution details of the step can be found in the description in step S303.

Electronic certificate is sent to contracting terminal by step S404.

Wherein, the technical solution details of the step can be found in the description in step S303.

Technological concept, technical solution details and technical effect in the embodiment of the present invention can be referring to Fig. 3 in illustrated embodiments Related description.

The embodiment of the present invention provides a kind of electronic certificate processing method, and the executing subject of the embodiment of the present invention can be signing Terminal and server.Fig. 5 is the interaction flow schematic diagram one of electronic certificate processing method provided in an embodiment of the present invention, such as Fig. 5 Shown, the method may include following steps：

Step S501, contracting terminal obtain the first image, wherein the first image includes that the camera of contracting terminal is corresponding First PRNU information.

Wherein, the step is similar with step S301.

Step S502, contracting terminal obtain corresponding first biometric information of the first communication account.

Wherein, the step is similar with step S302.

Step S504, server communicate contracting terminal and first according to the first image and/or the first biometric information Account carries out authentication.

Wherein, which can participate in the description in step S303.

Step S505, server generate electronic certificate after authentication success.

Wherein, server can generate the electronic certificate not encrypted after authentication success.Other embodiments of the invention In, server can be by the corresponding PRNU information of contracting terminal and/or the corresponding biometric information of the first communication account to electricity Sub- voucher is encrypted, the electronic certificate encrypted.The electronic certificate acquisition methods of encryption can be participated in step S303 Description.

In other embodiments of the present invention, step S504 and S505 is not required the step of executing.For example, server Authentication can not be carried out to contracting terminal and the first communication account, but it is straight after receiving electronic certificate and generating request Electronic certificate is delivered a child into, and is believed using the corresponding PRNU information of contracting terminal and/or the corresponding bio-identification of the first communication account Breath is encrypted as encryption secret key pair electronic certificate, the electronic certificate encrypted, and the electronic certificate of encryption is directly sent out Give contracting terminal.

Step S506, server send electronic certificate to contracting terminal.

Wherein, server directly can send the voucher not encrypted to contracting terminal, can also send and add to contracting terminal Close electronic certificate.

Step S507, contracting terminal extract the authorization message of the first business operation from electronic certificate, execute the first business Operation.

Wherein, if server sent to contracting terminal be encryption electronic certificate, contracting terminal can according to signing eventually It holds corresponding PRNU information and/or the corresponding biometric information of the first communication account that electronic certificate is decrypted, is solved Close electronic certificate.Wherein, the corresponding PRNU information of contracting terminal can be the first PRNU information, alternatively, can be from signing The 2nd PRNU information that terminal is extracted in the second image using camera acquisition；The corresponding bio-identification letter of first communication account Breath can be the first biometric information, alternatively, can be the second biology from contracting terminal using biological identification device acquisition The second biometric information extracted in identification information.

It needs, the decryption code key that contracting terminal uses should be corresponding with the encryption code key that server uses.For example, clothes When business device is encrypted using PRNU information, contracting terminal should be decrypted using PRNU information；Server uses bio-identification When information is encrypted, contracting terminal should be decrypted using biometric information；Server carries out one according to PRNU information Secondary encryption carries out secondary encryption using biometric information, then contracting terminal should once be decrypted using biometric information, Secondary decryption is carried out using PRNU information again.

In this way in embodiments of the present invention, since the terminal of unsigned electronic certificate business can not be contracted The PRNU information of the contracting terminal of electronic certificate business, thereby may be ensured that electronic certificate is only permitted to make on contracting terminal With further, since the biology for the first communication account for being encrypted or being decrypted to electronic certificate on contracting terminal is known Other information is contracting terminal acquisition, thereby may be ensured that electronic certificate is only permitted the log on contracting terminal first communication Account uses.It can thus be seen that electronic certificate acquisition modes provided in an embodiment of the present invention can be in the transmission of electronic certificate Prevent electronic certificate by the terminal of unsigned electronic certificate business or unsigned in process and the use process of electronic certificate The communication account of electronic certificate business or user usurp.

The other technologies solution details and technical effect of the embodiment of the present invention can be referring to the phases in other embodiments of the invention It speaks on somebody's behalf bright.

The embodiment of the present invention provides a kind of electronic certificate processing method, and the executing subject of the embodiment of the present invention can be service Device and contracting terminal.Fig. 6 is the interaction flow schematic diagram two of electronic certificate processing method provided in an embodiment of the present invention, such as Fig. 6 Shown, the method may include following steps：

Step S601, contracting terminal obtain the first image using the camera of itself.

Wherein, the camera that contracting terminal can use itself shoots the first image.

In embodiments of the present invention, the above-mentioned camera using itself obtains the first image, can also include：Utilize signing The camera of terminal itself shoots the second image；The second image is added in detectable signal and obtains the first image, detection information is used for It is damaged after the PRNU information for obtaining contracting terminal according to the first image.That is, when there is illegal server intercepts first Image, and after the first image zooming-out PRNU information, the detection information in the first image will be destroyed.When server receives It after one image, can first confirm whether detection information is damaged, if not damaging, can be confirmed the first image not by illegal server It intercepts and captures or modifies.

Step S602, contracting terminal acquire corresponding first biometric information of the first communication account.

Wherein, contracting terminal can acquire the user's of currently used contracting terminal by biometric information acquisition equipment It is corresponding as the first communication account currently logged on contracting terminal to be reached biometric information by biometric information for acquisition Biometric information, in other embodiments of the present invention, it can be fingerprint collecting equipment, iris that biometric information, which acquires equipment, Acquire equipment, face recognition device, sound collecting equipment etc..

Step S603, contracting terminal send electronic certificate to server and generate request, and electronic certificate generates request and carries the One image and the first biometric information.

Wherein, contracting terminal can use the public key negotiated in advance with server and Encryption Algorithm and ask to electronic certificate generation The first image of middle carrying is asked to be encrypted.

Step S604, server extract the corresponding first PRNU information of contracting terminal from the first image.

Wherein, server can use PRNU extraction algorithm and extract corresponding first PRNU of contracting terminal from the first image Information, i.e. the PRNU information of the camera of contracting terminal.

In other embodiments of the present invention, server can use private key corresponding with the public key that contracting terminal is made an appointment And decipherment algorithm, the first image carried in request is generated to electronic certificate and is decrypted, the first image after being decrypted.

Step S605, server generate the first biometric information carried in request according to electronic certificate, and/or, from The corresponding first PRNU information of the contracting terminal extracted in first image generates request to electronic certificate and carries out legitimacy verifies, If verification passes through, S606 is executed.

In embodiments of the present invention, legitimacy verifies process may include：

Electronic certificate is generated the biometric information carried in request and led to server pre-stored first by server The corresponding signing biometric information of letter account is compared；And/or by the first PNRU information extracted from the first image with The corresponding signing PNRU information of contracting terminal of server itself storage is compared.

If comparison result be it is consistent, can be confirmed electronic certificate generate request legitimacy verifies pass through.

In other embodiments of the present invention, believe in above-mentioned the first bio-identification carried in request that generated according to electronic certificate Breath, and/or, the corresponding first PRNU information of the contracting terminal extracted from the first image generates request to electronic certificate and carries out Before legitimacy verifies, may include：

Judge whether the detection information in the first image is damaged；

If detectable signal is not damaged, above-mentioned the first bio-identification for generating according to electronic certificate and carrying in request is executed At least one of the corresponding first PRNU information of information, the contracting terminal extracted from the first image information, it is raw to electronic certificate The step of carrying out legitimacy verifies at request.

Step S606, server generate the electronic certificate of contracting terminal.

Wherein, server can according to the service authority and electronics that contracting terminal pre-stored in server is contracted with Demonstrate,prove the electronic certificate that generating algorithm generates contracting terminal.In other embodiments of the present invention, electronic certificate generate request can also be with The service authority to be requested is carried, later, server can generate signing eventually according to the requested service authority of contracting terminal The electronic certificate at end.

Step S607, server is using the corresponding first PRNU information of contracting terminal as encryption key, to contracting terminal Electronic certificate is encrypted, and the electronic certificate for using on contracting terminal is obtained.

Wherein, the step is similar with S301.

Step S608, server send encrypted electronic certificate to contracting terminal.

Wherein, the step is similar with S302.In other embodiments of the present invention, the electronic certificate of the encryption can also be arranged Using validity period, after using validity period time-out, electronic certificate can be issued server by contracting terminal again, to obtain electronics The corresponding service authority of voucher, referring to the explanation of below step.

Step S609, contracting terminal shoot third image using the camera of itself, and signing is extracted from third image eventually Hold corresponding 3rd PRNU information.

Step S610, contracting terminal are decrypted the electronic certificate of encryption using the 3rd PRNU information as decruption key, Electronic certificate after being decrypted.

In embodiments of the present invention, contracting terminal is after the electronic certificate after being decrypted, so that it may allow the first communication Account uses the corresponding service authority of electronic certificate on contracting terminal.Illustratively, service authority can be to allow to open to lead to News record, allows using some client applications, alternatively, using discount coupon purchase commodity etc..

In other embodiments of the present invention, if server uses the corresponding biometric information of the first communication account and signing The corresponding PRNU of terminal encrypts electronic certificate as encryption key, later, the electronic certificate of encryption is sent to signing Terminal, then above-mentioned that the electronic certificate of encryption is decrypted using the 3rd PRNU information as decruption key, the electricity after being decrypted Sub- voucher can also include：

Acquire the third biometric information of the first communication account；3rd PRNU information and third biometric information are made For decruption key, the electronic certificate of encryption is decrypted, the electronic certificate after being decrypted.

In other embodiments of the present invention, the electronic certificate that contracting terminal obtains in order to prevent is got by other users, And then causing electronic certificate by the terminal embezzlement of other users or other unsigned electronic certificate business, the embodiment of the present invention mentions The electronic certificate acquisition modes of confession can also include the following steps.

Contracting terminal can shoot the 4th image and extract the 4th PRNU information from the 4th image, meanwhile, acquisition first The 4th biometric information of the corresponding user of communication account, according to the 4th PRNU information and the 4th biometric information to electronics Voucher is encrypted, and encrypted electronic certificate is added in service request and is sent to server, and server is receiving industry After business request, the signing PRNU information of the contracting terminal stored in server and the signing biology of the first communication account can use Electronic certificate is decrypted in identification information, if successful decryption, it is corresponding to provide requested service authority to contracting terminal Service.

It should be noted that the first image acquired in embodiments of the present invention, the second image, third image, the 4th figure As being the image acquired under non-completely black dark situation, illustratively, the first image, the second image, third image, the 4th are shot Camera cannot be blocked completely when image, alternatively, cannot shoot under completely unglazed environment.

In other embodiments of the present invention, above-mentioned steps S601 and S602 can also use following implementation.Firstly, with Family can use the application on client operation contracting terminal, for example, logging in client using the first communication account；Later, objective Family end can first acquire the first biometric information of user；Then the first communication account is locally stored in advance according to contracting terminal Signing biometric information, the first communication account for using the user of client to use is verified；If according to collecting The first biometric information determine that the first communication account verifies successfully, that is, confirmation log in client user use first Communication account is the first legal communication account, and user belonging to first biometric information is that the first communication account is corresponding Legitimate user.After communication account verifies successfully, contracting terminal can use camera and acquire the first image, and biological by first Identification information and detectable signal are embedded in the first image；Finally the first image is carried to generate in request in electronic certificate and is sent to clothes Business device.In one example, contracting terminal can also be encrypted the first image by public key, then be carried raw in electronic certificate At being sent to server in request.It in another example, above-mentioned the step of first biometric information is embedded in the first image, can By using by the image superposition of the first biometric information on the first image in a manner of realize.

Correspondingly, above-mentioned steps S605 can also use following implementation.Firstly, server is receiving electronic certificate After generating request, it can use private key corresponding with public key, the first image of encryption be decrypted, first after being decrypted Image, later, extract the first PRNU information and the first communication account from the first image using PRNU extraction algorithm first are raw Then object identification information carries out legitimacy verifies to the first biometric information, the corresponding first PRNU information of contracting terminal, If the first biometric information is matched with the signing biometric information for the first communication account that server itself stores, first PRNU information signing PRNU information matches corresponding with the contracting terminal that server itself stores, confirmation verification passes through, then executes Step S606.

The other technologies solution details and technical effect of the embodiment of the present invention can be referring to the phases in other embodiments of the invention It speaks on somebody's behalf bright.

In embodiments of the present invention, researcher has found the single photo shot by analytical equipment, can be with identification intelligent Mobile phone model.Researcher, which concentrates, has studied a kind of digital imagery defect for being known as photoresponse nonuniformity (PRNU).Each phase Small variation caused by the not perfect place of the sensor of machine in the fabrication process will lead to photoresponse nonuniformity appearance. These variations may result in the color slightly brighter or partially dark than normal condition of millions of pixel projections in camera sensor, thus Cause to show regular noise in the photo of shooting, it is that naked eyes are sightless that these, which cause the noise of image fault, still It can be extracted by special filter.Also, the noise pattern of each camera is unique.

Currently, situations such as electronic certificate used on mobile phone is easy to appear forgery or steals, such as a string of ID, two dimensional code, Electronic ID card etc. may be implemented cell phone apparatus using camera sensor photoresponse nonuniformity and be bound with electronic certificate, Using mobile phone current shooting photo such as certain objects photo, face, verified using electronic certificate and photoresponse nonuniformity algorithm The cell phone apparatus realizes the unique corresponding of the cell phone apparatus and electronic certificate, prevents electronic certificate stolen or situation hair of being taken on the sly It is raw.The electronic certificate, which may be implemented, using the photoresponse nonuniformity of equipment camera to use on the device, in addition, also The mode of other biological identification method such as face, fingerprint, iris can be recycled, realizes that cell phone apparatus and user are corresponding.

In embodiments of the present invention, the acquisition process of electronic certificate may include：Client application on contracting terminal is first Bio-identification, such as fingerprint, recognition of face, automatic camera after identification verifies successfully are carried out, and is embedded in the picture of shooting Biometric information and detectable signal, detectable signal have disposable, it is ensured that picture is not modified by other hackers, in picture Detection information read a picture PRNU after will be destroyed.The picture of the detectable signal of insertion is passed through into public key encryption After be sent to server, server by utilizing private key decrypts picture, checks detectable signal, extracts PRNU and biometric information.Clothes Business device the PRNU of extraction and biometric information are matched with the PRNU of user's registration and biometric information, matching at After function, make electronic certificate, the electronic certificate to complete by by being encrypted by the particular encryption algorithm of parameter of PRNU, And it is sent to contracting terminal.Client on contracting terminal is after receiving encrypted electronic certificate, then automatically snaps photo, visitor Using this photo as input, electronic certificate can be decrypted if computation key is correct by calculating decruption key by algorithm at family end.

The embodiment of the present invention provides a kind of terminal, which can be contracting terminal, and Fig. 7 is provided in an embodiment of the present invention The structural schematic diagram of terminal, as shown in fig. 7, the terminal 700 includes at least：Processor 701, memory 702,703 and of interface Bus 704, wherein：

The memory 702, for storing electronic certificate processing routine；

The bus 704, for realizing the connection communication between processor and memory；

The processor 701, for executing the electronic certificate processing routine stored in memory, to realize following steps： The first image is obtained, the first image includes the corresponding first photoresponse lack of uniformity PRNU information of camera of contracting terminal；It obtains Take corresponding first biometric information of the first communication account logged on contracting terminal；According to the first PRNU information and first Biometric information obtains electronic certificate；Wherein, electronic certificate is used to indicate that the communication account that logs on contracting terminal to be the When one communication account, allow to execute the authorization message of the first business operation on contracting terminal；According to electronic certificate, first is executed Business operation.

The other technologies solution details and technical effect of the embodiment of the present invention can be referring to the phases in other embodiments of the invention It speaks on somebody's behalf bright.

The embodiment of the present invention provides a kind of server, and Fig. 8 is the structure of second network equipment provided in an embodiment of the present invention Schematic diagram, as shown in figure 8, the network equipment 800 includes at least：Processor 801, memory 802, interface 803 and bus 804, wherein：

The memory 802, for storing electronic certificate processing routine；

The bus 804, for realizing the connection communication between processor and memory；

The processor 801, for executing the electronic certificate processing routine stored in memory, to realize following steps： It receives the electronic certificate that contracting terminal is sent and generates request, electronic certificate generates request and includes：The mark of contracting terminal is being contracted The mark and the first communication account of the first image, the first communication account logged on contracting terminal that acquire in terminal are corresponding First biometric information；The first PRNU information is extracted from the first image；According to the first PRNU information and the first bio-identification Information generates electronic certificate, and electronic certificate is used to indicate when the communication account logged on contracting terminal is the first communication account, Contracting terminal is allowed to execute the authorization message of the first business operation；Electronic certificate is sent to contracting terminal.

It should be noted that the description of the above network equipment embodiment, be with the description of above method embodiment it is similar, With the similar beneficial effect of same embodiment of the method, therefore do not repeat them here.For not disclosed in inventive network apparatus embodiments Technical detail, please refer to the description of embodiment of the present invention method and understand.

The embodiment of the present invention provides a kind of computer readable storage medium, and the computer-readable recording medium storage has one A or multiple programs, one or more of programs can be executed by one or more processor, to realize following steps： The first image is obtained, the first image includes the corresponding first photoresponse lack of uniformity PRNU information of camera of contracting terminal；It obtains Take corresponding first biometric information of the first communication account logged on contracting terminal；According to the first PRNU information and first Biometric information obtains electronic certificate；Wherein, electronic certificate is used to indicate that the communication account that logs on contracting terminal to be the When one communication account, allow to execute the authorization message of the first business operation on contracting terminal；According to electronic certificate, first is executed Business operation.

The embodiment of the present invention provides a kind of computer readable storage medium, and the computer-readable recording medium storage has one A or multiple programs, one or more of programs can be executed by one or more processor, to realize following steps： It receives the electronic certificate that contracting terminal is sent and generates request, electronic certificate generates request and includes：The mark of contracting terminal is being contracted The mark and the first communication account of the first image, the first communication account logged on contracting terminal that acquire in terminal are corresponding First biometric information；The first PRNU information is extracted from the first image；According to the first PRNU information and the first bio-identification Information generates electronic certificate, and electronic certificate is used to indicate when the communication account logged on contracting terminal is the first communication account, Contracting terminal is allowed to execute the authorization message of the first business operation；Electronic certificate is sent to contracting terminal.

It should be noted that one or more program in the embodiment of the present invention, which can be, carries out electricity in other embodiments The electronic certificate processing routine used when sub- acquisition of credentials.

It should be noted that the description of the above computer readable storage medium, the description with above method embodiment is class As, there is with embodiment of the method similar beneficial effect, therefore do not repeat them here.For computer readable storage medium of the present invention Undisclosed technical detail in embodiment, please refers to the description of embodiment of the present invention method and understands.

It should be noted that, in this document, the terms "include", "comprise" or its any other variant are intended to non-row His property includes, so that the process, method, article or the device that include a series of elements not only include those elements, and And further include other elements that are not explicitly listed, or further include for this process, method, article or device institute it is intrinsic Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including being somebody's turn to do There is also other identical elements in the process, method of element, article or device.

The serial number of the above embodiments of the invention is only for description, does not represent the advantages or disadvantages of the embodiments.

Through the above description of the embodiments, those skilled in the art can be understood that above-described embodiment side Method can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but in many cases The former is more preferably embodiment.Based on this understanding, technical solution of the present invention substantially in other words does the prior art The part contributed out can be embodied in the form of software products, which is stored in a storage medium In (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, computer, clothes Business device, air conditioner or the network equipment etc.) execute method described in each embodiment of the present invention.

The present invention be referring to according to the method for the embodiment of the present invention, the process of equipment (system) and computer program product Figure and/or block diagram describe.It should be understood that every one stream in flowchart and/or the block diagram can be realized by computer program instructions The combination of process and/or box in journey and/or box and flowchart and/or the block diagram.It can provide these computer programs Instruct the processor of general purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce A raw machine, so that being generated by the instruction that computer or the processor of other programmable data processing devices execute for real The device for the function of being specified in present one or more flows of the flowchart and/or one or more blocks of the block diagram.

These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works, so that it includes referring to that instruction stored in the computer readable memory, which generates, Enable the manufacture of device, the command device realize in one box of one or more flows of the flowchart and/or block diagram or The function of being specified in multiple boxes.

These computer program instructions also can be loaded onto a computer or other programmable data processing device, so that counting Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, thus in computer or The instruction executed on other programmable devices is provided for realizing in one or more flows of the flowchart and/or block diagram one The step of function of being specified in a box or multiple boxes.

The above is only a preferred embodiment of the present invention, is not intended to limit the scope of the invention, all to utilize this hair Equivalent structure or equivalent flow shift made by bright specification and accompanying drawing content is applied directly or indirectly in other relevant skills Art field, is included within the scope of the present invention.

Claims (10)

1. a kind of electronic certificate processing method, which is characterized in that it is applied to contracting terminal, the method includes：

The first image is obtained, the first image includes the corresponding first photoresponse lack of uniformity of camera of the contracting terminal PRNU information；

Obtain corresponding first biometric information of the first communication account logged on the contracting terminal；

According to the first PRNU information and first biometric information, the electronic certificate is obtained；Wherein, the electronics Voucher allows when the communication account logged on the contracting terminal is first communication account in the signing for indicating The authorization message of the first business operation is executed in terminal；

According to the electronic certificate, first business operation is executed.

2. the method according to claim 1, wherein described give birth to according to the first PRNU information with described first Object identification information obtains the electronic certificate, including：

Electronic certificate is sent to server and generates request, and the electronic certificate generates request and includes：The mark of the contracting terminal, The mark of the first image, first communication account comprising the first PRNU information and first bio-identification letter Breath；

Receive the electronic certificate that the server is sent；

Wherein, the electronic certificate is the server according to the first PRNU information and first biometric information, It is generated to the contracting terminal and first communication account progress proof of identity and when being proved to be successful.

3. the method according to claim 1, wherein described give birth to according to the first PRNU information with described first Object identification information obtains the electronic certificate, including：

Obtain the electronic certificate of encryption, the electronic certificate of the encryption is server by the corresponding signing of the contracting terminal PRNU information and/or the corresponding signing biometric information of first communication account as encryption code key, to the electronics with What card was encrypted；

Using the first PRNU information and/or first biometric information as decryption code key, to the electronics of the encryption Voucher is decrypted, the electronic certificate decrypted；

Wherein, the corresponding PRNU information of the contracting terminal is that the first PRNU information or the server itself store The signing PRNU information of the contracting terminal, the corresponding biometric information of first communication account are that first biology is known The signing biometric information of other information or first communication account of the server itself storage.

4. according to the method described in claim 3, it is characterized in that, it is described obtain encryption the electronic certificate, including：

Electronic certificate is sent to the server and generates request, and the electronic certificate generates request and includes：The contracting terminal Mark, the first image comprising the first PRNU information, the mark of first communication account and first biology Identification information；

Receive the electronic certificate for the encryption that the server is sent；

Wherein, the electronic certificate of the encryption is in the server according to the first PRNU information and first biology Identification information, when the contracting terminal and first communication account are carried out proof of identity and be proved to be successful, by the signing The corresponding signing PRNU information of terminal and/or the corresponding signing biometric information of first communication account are secret as encrypting Key encrypts the electronic certificate.

5. a kind of electronic certificate processing method, which is characterized in that it is applied to server, the method includes：

It receives the electronic certificate that contracting terminal is sent and generates request, the electronic certificate generates request and includes：The contracting terminal Mark, the first image acquired on the contracting terminal, the first communication account logged on the contracting terminal mark Know the first biometric information corresponding with first communication account；

The first PRNU information is extracted from the first image；

According to the first PRNU information and first biometric information, electronic certificate is generated, the electronic certificate is used for It indicates when the communication account logged on the contracting terminal is first communication account, the contracting terminal is allowed to execute the The authorization message of one business operation；

The electronic certificate is sent to the contracting terminal.

6. according to the method described in claim 5, it is characterized in that, described give birth to according to the first PRNU information with described first Object identification information generates electronic certificate, including：

According to the first PRNU information and first biometric information, to the contracting terminal and the first communication account Family carries out proof of identity；

In proof of identity success, the electronic certificate is generated.

7. according to the method described in claim 5, it is characterized in that, described in proof of identity success, generation electronic certificate, packet It includes：

It is in proof of identity success, the corresponding PRNU information of the contracting terminal and/or first communication account is corresponding Biometric information encrypts the electronic certificate as encryption key, the electronic certificate encrypted；

The electronic certificate of the encryption is sent to the contracting terminal；

Wherein, the corresponding PRNU information of the contracting terminal is that the first PRNU information or the server itself store The signing PRNU information of the contracting terminal；The corresponding biometric information of first communication account is that first biology is known The signing biometric information of other information or first communication account of the server itself storage.

8. a kind of terminal, which is characterized in that the terminal is contracting terminal, and the contracting terminal includes at least：Memory, communication Bus and processor, wherein：

The memory, for storing electronic certificate processing routine；

The communication bus, for realizing the connection communication between processor and memory；

The processor, for executing the electronic certificate processing routine stored in memory, to realize following steps：

The first image is obtained, the first image includes the corresponding first photoresponse lack of uniformity of camera of the contracting terminal PRNU information；

Obtain corresponding first biometric information of the first communication account logged on the contracting terminal；

According to the first PRNU information and first biometric information, the electronic certificate is obtained；Wherein, the electronics Voucher allows when the communication account logged on the contracting terminal is first communication account in the signing for indicating The authorization message of the first business operation is executed in terminal；

According to the electronic certificate, first business operation is executed.

9. a kind of server, which is characterized in that the server includes at least：Memory, communication bus and processor, wherein：

The memory, for storing electronic certificate processing routine；

The communication bus, for realizing the connection communication between processor and memory；

The processor, for executing the electronic certificate processing routine stored in memory, to realize following steps：

It receives the electronic certificate that contracting terminal is sent and generates request, the electronic certificate generates request and includes：The contracting terminal Mark, the first image acquired on the contracting terminal, the first communication account logged on the contracting terminal mark Know the first biometric information corresponding with first communication account；

The first PRNU information is extracted from the first image；

According to the first PRNU information and first biometric information, electronic certificate is generated, the electronic certificate is used for It indicates when the communication account logged on the contracting terminal is first communication account, the contracting terminal is allowed to execute the The authorization message of one business operation；

The electronic certificate is sent to the contracting terminal.

10. a kind of computer readable storage medium, which is characterized in that be stored on the computer readable storage medium electronics with Processing routine is demonstrate,proved, is realized when the electronic certificate processing routine is executed by processor according to any one of claims 1 to 4 The step of electronic certificate processing method, alternatively, realizing such as claim 5 when the electronic certificate processing routine is executed by processor To described in any one of 7 the step of electronic certificate processing method.