CN109063442A - The method and apparatus that business realizing, camera are realized - Google Patents
The method and apparatus that business realizing, camera are realized Download PDFInfo
- Publication number
- CN109063442A CN109063442A CN201810671601.3A CN201810671601A CN109063442A CN 109063442 A CN109063442 A CN 109063442A CN 201810671601 A CN201810671601 A CN 201810671601A CN 109063442 A CN109063442 A CN 109063442A
- Authority
- CN
- China
- Prior art keywords
- camera
- security context
- facial image
- business
- business datum
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/4401—Bootstrapping
- G06F9/4411—Configuring for operating with peripheral devices; Loading of device drivers
Abstract
The method and apparatus that specification discloses a kind of business realizing, camera is realized.The service implementation method includes: the face authentication request in response to service application, initialized camera acquisition facial image is called, to store collected facial image into security context;Face authentication is carried out to the facial image in security context, and business datum is generated based on authentication result;The business datum is sent to the service application, the business datum is sent to server-side by the service application.
Description
Technical field
The method and apparatus that this specification is related to field of terminal technology more particularly to a kind of business realizing, camera are realized.
Background technique
With the continuous development of Internet technology, more and more finance related services can be realized in mobile terminal, example
It such as pays, transfer accounts.How financial level other face authentication is realized, it is ensured that the safety of customer service, it has also become urgently to be resolved
The problem of.
Summary of the invention
In view of this, the method and apparatus that this specification provides a kind of business realizing, camera is realized.
Specifically, this specification is achieved by the following technical solution:
A kind of service implementation method, comprising:
In response to the face authentication request of service application, initialized camera acquisition facial image is called, to adopt
The facial image collected is stored into security context;
Face authentication is carried out to the facial image in security context, and business datum is generated based on authentication result;
The business datum is sent to the service application, the business datum is sent to clothes by the service application
Business end.
A kind of camera implementation method, comprising:
Camera driving is loaded by initialization interface;
For camera storage allocation space, the memory headroom is for storing the camera acquired image;
Control instruction is configured for the memory headroom, to configure security context for the memory headroom.
A kind of business realizing device, described device include: business module, calling interface module and secure processing module, institute
Secure processing module is stated to be located in security context,
The calling interface module is requested in response to the face authentication of the business module, and initialized camera is called to adopt
Collect facial image, to store collected facial image into security context;
The secure processing module carries out face authentication to the facial image, and generates business number based on authentication result
According to;
The business datum is sent to the business module by the calling interface module by the secure processing module;
The business datum is sent to server-side by the business module.
A kind of camera realization device, comprising:
Drive module loads camera driving by initialization interface;
Memory allocating module is camera storage allocation space, and the memory headroom is for storing the camera acquisition
The image arrived;
Configuration module is instructed, control instruction is configured for the memory headroom, to configure safety for the memory headroom
Environment.
A kind of business realizing device, comprising:
Processor;
For storing the memory of machine-executable instruction;
Wherein, referred to by reading and executing the machine corresponding with business realizing logic of the memory storage and can be performed
It enables, the processor is prompted to:
In response to the face authentication request of service application, initialized camera acquisition facial image is called, to adopt
The facial image collected is stored into security context;
Face authentication is carried out to the facial image in security context, and business datum is generated based on authentication result;
The business datum is sent to the service application, the business datum is sent to clothes by the service application
Business end.
A kind of camera realization device, comprising:
Processor;
For storing the memory of machine-executable instruction;
Wherein, referred to by reading and executing the machine corresponding with camera realization logic of the memory storage and can be performed
It enables, the processor is prompted to:
Camera driving is loaded by initialization interface;
For camera storage allocation space, the memory headroom is for storing the camera acquired image;
Control instruction is configured for the memory headroom, to configure security context for the memory headroom.By retouching above
It states as can be seen that the present embodiment can be by camera collected facial image storage into security context, and it can be in security context
Facial image is authenticated, so that it is guaranteed that face authentication is in the safe, credible of terminal side.In addition, the present embodiment can will also wrap
The business datum for including face authentication result is sent to server-side and is verified, and server-side can execute corresponding industry according to verification result
Business operation further ensures that the safe and reliable of customer service so that verifying combines with cloud by face authentication.
Detailed description of the invention
Fig. 1 is a kind of flow diagram of service implementation method shown in one exemplary embodiment of this specification.
Fig. 2 is a kind of application system architecture diagram of service implementation method shown in one exemplary embodiment of this specification.
Fig. 3 is a kind of flow diagram of camera initialization shown in one exemplary embodiment of this specification.
Fig. 4 is the flow diagram of another service implementation method shown in one exemplary embodiment of this specification.
Fig. 5 is a kind of block diagram of secure processing module shown in one exemplary embodiment of this specification.
Fig. 6 is a kind of structure chart for camera realization device shown in one exemplary embodiment of this specification.
Fig. 7 is a kind of block diagram of camera realization device shown in one exemplary embodiment of this specification.
Specific embodiment
Example embodiments are described in detail here, and the example is illustrated in the accompanying drawings.Following description is related to
When attached drawing, unless otherwise indicated, the same numbers in different drawings indicate the same or similar elements.Following exemplary embodiment
Described in embodiment do not represent all embodiments consistent with this specification.On the contrary, they are only and such as institute
The example of the consistent device and method of some aspects be described in detail in attached claims, this specification.
It is only to be not intended to be limiting this explanation merely for for the purpose of describing particular embodiments in the term that this specification uses
Book.The "an" of used singular, " described " and "the" are also intended to packet in this specification and in the appended claims
Most forms are included, unless the context clearly indicates other meaning.It is also understood that term "and/or" used herein is
Refer to and includes that one or more associated any or all of project listed may combine.
It will be appreciated that though various information may be described using term first, second, third, etc. in this specification, but
These information should not necessarily be limited by these terms.These terms are only used to for same type of information being distinguished from each other out.For example, not taking off
In the case where this specification range, the first information can also be referred to as the second information, and similarly, the second information can also be claimed
For the first information.Depending on context, word as used in this " if " can be construed to " ... when " or
" when ... " or " in response to determination ".
Fig. 1 is a kind of flow diagram of service implementation method shown in one exemplary embodiment of this specification.
Referring to FIG. 1, the service implementation method may comprise steps of:
Step 102, it is requested in response to the face authentication of service application, calls initialized camera acquisition facial image,
To store collected facial image into security context.
Step 104, face authentication is carried out to the facial image in security context, and business is generated based on authentication result
Data.
In the present embodiment, the security context include: TEE (Trust Execution Environment, it is credible to hold
Row environment), SE (Secure Element, safety element) etc., this specification is not particularly limited this.
In the present embodiment, specified end message can be acquired, and terminal risk is carried out in advance according to the end message
Sentence.Result can be prejudged to face authentication result, the end message and risk after obtaining risk anticipation result to sign,
Obtain business datum.
Step 106, the business datum is sent to the service application, by the service application by the business datum
It is sent to server-side.
In the present embodiment, server-side can verify the business datum, and can execute phase according to verification result
The business operation answered.
The collected facial image of camera can be stored into security context by the present embodiment it can be seen from above description,
And facial image can be authenticated in security context, so that it is guaranteed that face authentication is in the safe, credible of terminal side.In addition,
The present embodiment can also will include that the business datum of face authentication result is sent to server-side and verifies, and server-side can be according to testing
It demonstrate,proves result and executes corresponding service operation, so that verifying combines with cloud by face authentication, further ensure that the peace of customer service
Entirely, reliably.
Fig. 2 is a kind of application system architecture diagram of service implementation method shown in one exemplary embodiment of this specification.
Referring to FIG. 2, by taking security context is TEE as an example, the application system frame for the service implementation method that this specification provides
Structure includes terminal 21 and server-side 22.
Terminal 21 can be the smart machines such as mobile phone, tablet computer, PC machine, be generally integrated camera in terminal 21, can
Acquire 2D image.
Terminal 21 may include: service application 211, calling interface module 212 and secure processing module 213.
Wherein, service application 211 is usually the APP (Application, application program) of business service provider exploitation,
Service application 211 can be interacted with server-side 22 to complete the business of user's request, for example, payment transaction, transferred account service etc..
Calling interface module 212 operates in the REE of terminal 21, and (Rich Execution Environment, multimedia are held
Row environment) in, it can be called by service application 211, for example, initialized camera acquisition image of initialization camera, calling etc., institute
Stating initialized camera can store camera acquired image into security context.
Secure processing module 213 operates in the TEE of terminal 21, can authenticate to the facial image in security context,
And business datum can be generated based on authentication result.
The business datum that server-side 22 can upload service application 211 is verified, and is executed accordingly based on verification result
Business operation, for example, complete payment, refusal to pay etc..The physical structure of server-side 22 is usually server or server
Cluster.
In the present embodiment, service application 211 can be sent when user initiates the financial related service such as to pay, transfer accounts
Face authentication is requested to calling interface module 212, to authenticate to user identity.
Calling interface module 212 can call initialized camera acquisition facial image, which can will be collected
Facial image is stored into security context, it is ensured that collected facial image is not intercepted, is not tampered.
The secure processing module 213 operated in TEE can authenticate the facial image in security context, be then based on
Authentication result generates business datum.The process that entire face authentication, business datum generate all is completed in TEE, can effectively be ensured
Credible, the safety of face authentication and business datum.
Business datum can be sent to service application 211 by calling interface module 212 by secure processing module 213.Business
Business datum can be sent to server-side 22 using 211.
Server-side 22 can verify business datum, if being verified, can execute corresponding business operation, such as
Delivery operation is executed, if verifying does not pass through, can be refused to pay, and return to miscue.
The specific implementation of this specification is described in terms of the initialization of camera, the realization of business two separately below
Journey.
One, the initialization of camera
In the present embodiment, calling interface module 212 receive from service application 211 face authentication request when,
It can determine whether camera has initialized to finish.
It is finished if camera has initialized, camera can be called to acquire facial image.
If camera not yet initializes, camera can be initialized.
Fig. 3 is a kind of flow diagram of camera initialization shown in one exemplary embodiment of this specification.
Referring to FIG. 3, the process of camera initialization may comprise steps of:
Step 302, camera driving is loaded by initialization interface.
In the present embodiment, the camera driving can be pre-configured in terminal 21 by manufacturer terminal, can also be subsequent
It is downloaded from cloud, for example, downloaded from respective server by service application 211 etc., this specification is not particularly limited this.
Calling interface module 212 can load the camera driving by initialization interface.
It step 304, is camera storage allocation space, the memory headroom is for storing the camera acquired image.
Step 306, control instruction is configured for the memory headroom, to configure security context for the memory headroom.
In the present embodiment, calling interface module 212 can distribute one piece of memory headroom for camera, which is used for
Store camera acquired image data.
In the present embodiment, calling interface module 212 can also configure control instruction for the memory headroom of aforementioned distribution, with reality
Now to the access control of the memory headroom.For example, the secure processing module 213 in TEE is allowed to access the memory headroom, forbid
Routine access memory headroom etc. in REE.
So far, camera initialization finishes.
Two, the realization of business
Fig. 4 is a kind of flow diagram of service implementation method shown in one exemplary embodiment of this specification.
Referring to FIG. 4, the service implementation method may comprise steps of:
Step 402, calling interface module 212 is requested in response to the face authentication of service application 211, is called initialized
Camera acquires facial image, so that by the storage of collected facial image, into security context, the security context is to phase
Machine carries out in initialization procedure as the memory headroom of camera distribution.
For example, user is when requesting payment based on service application 211, service application 211 will recognize the identity of user
Card, and then face certification request can be sent to calling interface module 212, calling interface module 212 calls initialized phase
The facial image of machine acquisition user.
Step 404, secure processing module 213 pre-processes the facial image in security context.
In the present embodiment, the collected facial image of camera is usually binary stream format, for convenience of subsequent carry out people
Face certification, secure processing module 213 can format the facial image in security context, for example, by binary stream
The facial image of format is converted to jpeg format etc..
Step 406, secure processing module 213 carries out face authentication to pretreated facial image, obtains authentication result.
In the present embodiment, secure processing module 213 can carry out face authentication to the facial image in security context, and can
Secure memory is discharged after obtaining authentication result.
In the present embodiment, secure processing module 213 to facial image carry out certification may include: face character judgement,
The judgement of face living body, face characteristic are extracted, face living body is than equity.
Wherein, face character judgement can be used for determining that the eyes of facial image are opened or are closed, if eyes are closures,
It can then determine that face authentication fails.
The judgement of face living body can take precautions against illegal user's use using models such as infrared imaging, the detections of 3D depth information
Photo, video, mask, headgear etc. are attacked.
Face characteristic extraction can use ASM (Active Shape Model, active shape model) algorithm, AAM
(Active Appearance Model, active list item model) algorithm, SDM (Supervised Descent Method, supervision
Descending method) algorithm etc., this specification is not particularly limited this.
Based on the face characteristic extracted, the comparison of face living body can be by the face of collected facial image and legitimate user
Image is compared, with judge whether collected facial image whether be legitimate user facial image.It is adopted for example, can calculate
The similarity of the facial image and legitimate user's facial image that collect can determine comparison if similarity is more than or equal to threshold value
Pass through, if similarity is less than threshold value, can determine that comparison does not pass through.
In this step, the algorithm that secure processing module 213 can be provided using the relevant technologies realizes above-mentioned face authentication
Process, this is no longer going to repeat them for this specification.
In the present embodiment, the authentication result may include: image comparison result and collected facial image.Its
In, described image comparing result is to compare to pass through or compare not passing through.
It is worth noting that the collected facial image of camera is usually a very short video flowing, it may include multiframe people
Face image, the facial image in the authentication result is usually the frame face figure in the multiframe facial image in this step
Picture.
Step 408, secure processing module 213 is based on the authentication result and generates business datum.
In the present embodiment, after obtaining face authentication result, secure processing module 213 can also acquire specified terminal
Information, the end message may include: device id, equipment ROOT information, device geographical location etc., and this specification does not make this
It is specifically limited.
Secure processing module 213 can prejudge terminal risk according to the end message, for example, secure processing module
213, which can prejudge rule according to preset risk, prejudges terminal risk.Relatively simple, not by the equipment Risk ratio of ROOT
It is high by the equipment Risk of ROOT.
In the present embodiment, the risk anticipation result prejudged to terminal risk can be simple risky or calm
Danger, is also possible to risk class, for example, level-one, second level or three-level etc., this specification is not particularly limited this.
In the present embodiment, secure processing module 213 can using private key for user to above-mentioned authentication result, end message and
Risk anticipation result is signed, and business datum is obtained.
Step 410, the business datum is sent to industry by the calling interface module 212 by secure processing module 213
Business applies 211.
Step 412, the business datum is sent to server-side 22 by service application 211.
Step 414, server-side 22 verifies the business datum, and executes corresponding business behaviour based on verification result
Make.
In the present embodiment, server-side 22, can be using client public key to the industry after receiving the business datum
Business data are verified.
Still by taking payment transaction as an example, if authentication failed, it is rejected by payment, and return to miscue to service application 211.
If being proved to be successful, face authentication result and terminal risk anticipation result can be further extracted.
If face authentication does not pass through the result is that comparing, it is also rejected by payment, and return to mistake to service application 211 and mention
Show.
If face authentication passes through the result is that comparing, and the anticipation of terminal risk is the result is that devoid of risk, then can execute payment behaviour
Make.
If face authentication passes through the result is that comparing, but the anticipation of terminal risk is the result is that risky, then can be according to scheduled
Risk policy confirms follow-up business operation, for example, the payment amount of limitation user, request user using the modes such as password again into
Row authentication etc., this specification is not particularly limited this.
The verifying of above-mentioned business datum and the execution of business operation can be by the authentication modules (not shown) in server-side 22
It executes.
Optionally, in the present embodiment, server-side 22 can also by business datum facial image and authentication result close
UNPROFOR is deposited, and subsequent operation, this specification such as the identification of risk subscribers of being carried out based on these information of preservation does not make spy to this
Different limitation.
The collected facial image of camera can be stored into security context by this specification it can be seen from above description,
And facial image can be authenticated in the security context of terminal, so that it is guaranteed that face authentication is in the safe, credible of terminal side.
In addition, this specification terminal can also will include that the business datum of face authentication result is sent to server-side and verifies, service
End can execute corresponding service operation according to verification result, so that verifying combines with cloud by face authentication, further ensure that use
Family business it is safe and reliable.
Optionally, on the basis of framework shown in Fig. 2, referring to FIG. 5, secure processing module 213 may include: safe son
Module 2131, algorithm submodule 2132 and anticipation submodule 2133.
Wherein, safe submodule 2131 can pre-process the facial image in security context.
Algorithm submodule 2132 can carry out face authentication to pretreated facial image, obtain authentication result.
Anticipation submodule 2133 can acquire specified end message, and be carried out in advance according to the end message to terminal risk
Sentence;It signs to the authentication result, the end message and risk anticipation result, obtains business datum.
This specification also provides a kind of camera implementation method, which may include: to pass through initialization interface
Load camera driving;For camera storage allocation space, the memory headroom is for storing the camera acquired image;
Control instruction is configured for the memory headroom, to configure security context for the memory headroom.
Above-mentioned camera implementation method can refer to aforementioned embodiment shown in Fig. 3, and this is no longer going to repeat them for this specification.
In the present embodiment, image is acquired by the camera of initialization, image can be stored into security context, to keep away
Exempt from system plugin, rogue program intercepts image, distorts.
In one example, initialized camera captured identity card, bank card, passport etc. can be used and carry individual subscriber
The picture of information.
For example, needing user to upload identity card front and back sides, using the camera of above-mentioned initialization in some authentication links
It is acquired, the identity card picture taken can be stored into security context, identity card picture can be effectively prevent to be intercepted,
Leakage, it is ensured that user information safety.
In another example, initialized camera acquisition iris, fingerprint etc., which can be used, to be believed with identity user identity
The picture of breath.
For example, iris information is acquired using the camera of above-mentioned initialization in iris recognition scene, it can be by collected rainbow
Film information is stored into security context, and can be identified in security context to iris information, and iris information can be effectively prevent
Intercepted, leakage.
Image Acquisition is carried out using initialized camera in other scenes it is, of course, also possible to apply, such as secret is shone
Piece shooting etc., this specification is not particularly limited this.
Corresponding with the embodiment of aforementioned camera implementation method, this specification additionally provides the implementation of camera realization device
Example.
The embodiment of this specification camera realization device can be using in the electronic device.Installation practice can be by soft
Part is realized, can also be realized by way of hardware or software and hardware combining.Taking software implementation as an example, as a logical meaning
On device, be to be read computer program instructions corresponding in nonvolatile memory by the processor of electronic equipment where it
Get what operation in memory was formed.For hardware view, Fig. 6 is the knot of electronic equipment where this specification camera realization device
Structure schematic diagram, the electronic equipment may include the hardware such as processor, memory, network interface and nonvolatile memory, this
Specification repeats no more this.
Fig. 7 is a kind of block diagram of camera realization device shown in one exemplary embodiment of this specification.
Referring to FIG. 7, the camera realization device 700 can include: driving using in electronic equipment shown in fig. 6
Module 701, memory allocating module 702 and instruction configuration module 703.
Wherein, drive module 701 load camera driving by initialization interface;
Memory allocating module 702, is camera storage allocation space, and the memory headroom is adopted for storing the camera
The image collected;
Configuration module 703 is instructed, control instruction is configured for the memory headroom, so that the memory headroom to be configured to pacify
Full ambient engine.
The function of each unit and the realization process of effect are specifically detailed in the above method and correspond to step in above-mentioned apparatus
Realization process, details are not described herein.
For device embodiment, since it corresponds essentially to embodiment of the method, so related place is referring to method reality
Apply the part explanation of example.The apparatus embodiments described above are merely exemplary, wherein described be used as separation unit
The unit of explanation may or may not be physically separated, and component shown as a unit can be or can also be with
It is not physical unit, it can it is in one place, or may be distributed over multiple network units.It can be according to actual
The purpose for needing to select some or all of the modules therein to realize this specification scheme.Those of ordinary skill in the art are not
In the case where making the creative labor, it can understand and implement.
System, device, module or the unit that above-described embodiment illustrates can specifically realize by computer chip or entity,
Or it is realized by the product with certain function.A kind of typically to realize that equipment is computer, the concrete form of computer can
To be personal computer, laptop computer, cellular phone, camera phone, smart phone, personal digital assistant, media play
In device, navigation equipment, E-mail receiver/send equipment, game console, tablet computer, wearable device or these equipment
The combination of any several equipment.
Corresponding with the embodiment of aforementioned service implementation method, this specification also provides a kind of business realizing device, the dress
Set includes: processor and the memory for storing machine-executable instruction.Wherein, processor and memory are usually by interior
Portion's bus is connected with each other.In other possible implementations, the equipment is also possible that external interface, with can be with other
Equipment or component are communicated.
It in the present embodiment, can by reading and executing the machine corresponding with business realizing logic of the memory storage
It executes instruction, the processor is prompted to:
In response to the face authentication request of service application, initialized camera acquisition facial image is called, to adopt
The facial image collected is stored into security context;
Face authentication is carried out to the facial image in security context, and business datum is generated based on authentication result;
The business datum is sent to the service application, the business datum is sent to clothes by the service application
Business end.
Optionally, face authentication is carried out to the facial image, and generates the process packet of business datum based on authentication result
It includes:
Facial image in the security context is pre-processed;
Face authentication is carried out to pretreated facial image, obtains authentication result;
The specified end message of acquisition, and terminal risk is prejudged according to the end message;
It signs to the authentication result, the end message and risk anticipation result, obtains the business datum.
Optionally, the end message includes: device id, equipment ROOT information, device geographical location.
Optionally, the initialization procedure of camera includes:
Camera driving is loaded by initialization interface;
For camera storage allocation space, the memory headroom is for storing the camera acquired image;
Control instruction is configured for the memory headroom, to configure security context for the memory headroom.
Optionally, server can by reading and executing the machine corresponding with business realizing logic of the memory storage
It executes instruction, the processor is prompted to:
The business datum is verified, and corresponding business operation is executed according to verification result.
Optionally, the security context includes: credible performing environment TEE.
Corresponding with the embodiment of aforementioned camera implementation method, this specification also provides another camera realization device, should
Device includes: processor and the memory for storing machine-executable instruction.Wherein, processor and memory usually by
Internal bus is connected with each other.In other possible implementations, the equipment is also possible that external interface, with can be with it
His equipment or component communicate.
It in the present embodiment, can by reading and executing the machine corresponding with camera realization logic of the memory storage
It executes instruction, the processor is prompted to:
Camera driving is loaded by initialization interface;
For camera storage allocation space, the memory headroom is for storing the camera acquired image;
Control instruction is configured for the memory headroom, to configure security context for the memory headroom.
Corresponding with the embodiment of aforementioned service implementation method, this specification also provides a kind of computer-readable storage medium
Matter is stored with computer program on the computer readable storage medium, which performs the steps of when being executed by processor
In response to the face authentication request of service application, initialized camera acquisition facial image is called, to adopt
The facial image collected is stored into security context;
Face authentication is carried out to the facial image in security context, and business datum is generated based on authentication result;
The business datum is sent to the service application, the business datum is sent to clothes by the service application
Business end.
Optionally, face authentication is carried out to the facial image, and generates the process packet of business datum based on authentication result
It includes:
Facial image in the security context is pre-processed;
Face authentication is carried out to pretreated facial image, obtains authentication result;
The specified end message of acquisition, and terminal risk is prejudged according to the end message;
It signs to the authentication result, the end message and risk anticipation result, obtains the business datum.
Optionally, the end message includes: device id, equipment ROOT information, device geographical location.
Optionally, the initialization procedure of camera includes:
Camera driving is loaded by initialization interface;
For camera storage allocation space, the memory headroom is for storing the camera acquired image;
Control instruction is configured for the memory headroom, to configure security context for the memory headroom.
Optionally, server-side verifies the business datum, and executes corresponding business operation according to verification result.
Optionally, the security context includes: credible performing environment TEE.
Corresponding with the embodiment of aforementioned camera implementation method, this specification also provides a kind of computer-readable storage medium
Matter is stored with computer program on the computer readable storage medium, which performs the steps of when being executed by processor
Camera driving is loaded by initialization interface;
For camera storage allocation space, the memory headroom is for storing the camera acquired image;
Control instruction is configured for the memory headroom, to configure security context for the memory headroom.
It is above-mentioned that this specification specific embodiment is described.Other embodiments are in the scope of the appended claims
It is interior.In some cases, the movement recorded in detail in the claims or step can be come according to the sequence being different from embodiment
It executes and desired result still may be implemented.In addition, process depicted in the drawing not necessarily require show it is specific suitable
Sequence or consecutive order are just able to achieve desired result.In some embodiments, multitasking and parallel processing be also can
With or may be advantageous.
The foregoing is merely the preferred embodiments of this specification, all in this explanation not to limit this specification
Within the spirit and principle of book, any modification, equivalent substitution, improvement and etc. done should be included in the model of this specification protection
Within enclosing.
Claims (16)
1. a kind of service implementation method, comprising:
In response to the face authentication request of service application, initialized camera acquisition facial image is called, to collect
Facial image store into security context;
Face authentication is carried out to the facial image in security context, and business datum is generated based on authentication result;
The business datum is sent to the service application, the business datum is sent to service by the service application
End.
2. according to the method described in claim 1, carrying out face authentication to the facial image, and generating industry based on authentication result
Business data process include:
Facial image in the security context is pre-processed;
Face authentication is carried out to pretreated facial image, obtains authentication result;
The specified end message of acquisition, and terminal risk is prejudged according to the end message;
It signs to the authentication result, the end message and risk anticipation result, obtains the business datum.
3. according to the method described in claim 2,
The end message includes: device id, equipment ROOT information, device geographical location.
4. according to the method described in claim 1, the initialization procedure of camera includes:
Camera driving is loaded by initialization interface;
For camera storage allocation space, the memory headroom is for storing the camera acquired image;
Control instruction is configured for the memory headroom, to configure security context for the memory headroom.
5. according to the method described in claim 1, further include:
Server-side verifies the business datum, and executes corresponding business operation according to verification result.
6. according to the method described in claim 1,
The security context includes: credible performing environment TEE.
7. a kind of camera implementation method, comprising:
Camera driving is loaded by initialization interface;
For camera storage allocation space, the memory headroom is for storing the camera acquired image;
Control instruction is configured for the memory headroom, to configure security context for the memory headroom.
8. a kind of business realizing device, described device includes: business module, calling interface module and secure processing module, described
Secure processing module is located in security context,
The calling interface module is requested in response to the face authentication of the business module, calls initialized camera acquisition people
Face image, to store collected facial image into security context;
The secure processing module carries out face authentication to the facial image, and generates business datum based on authentication result;
The business datum is sent to the business module by the calling interface module by the secure processing module;
The business datum is sent to server-side by the business module.
9. device according to claim 8, the secure processing module include:
Safe submodule pre-processes the facial image in the security context;
Algorithm submodule carries out face authentication to pretreated facial image, obtains authentication result;
Submodule is prejudged, acquires specified end message, and prejudge to terminal risk according to the end message;To described
Authentication result, the end message and risk anticipation result are signed, and the business datum is obtained.
10. device according to claim 9,
The end message includes: device id, equipment ROOT information, device geographical location.
11. the initialization procedure of device according to claim 8, camera includes:
Camera driving is loaded by initialization interface;
For camera storage allocation space, the memory headroom is for storing the camera acquired image;
Control instruction is configured for the memory headroom, to configure security context for the memory headroom.
12. device according to claim 8 further includes authentication module, the authentication module operates in server-side, for pair
The business datum is verified, and executes corresponding business operation according to verification result.
13. device according to claim 8,
The security context includes: credible performing environment TEE.
14. a kind of camera realization device, comprising:
Drive module loads camera driving by initialization interface;
Memory allocating module, is camera storage allocation space, and the memory headroom is collected for storing the camera
Image;
Configuration module is instructed, control instruction is configured for the memory headroom, to configure security context for the memory headroom.
15. a kind of business realizing device, comprising:
Processor;
For storing the memory of machine-executable instruction;
Wherein, by reading and executing the machine-executable instruction corresponding with business realizing logic of the memory storage, institute
Processor is stated to be prompted to:
In response to the face authentication request of service application, initialized camera acquisition facial image is called, to collect
Facial image store into security context;
Face authentication is carried out to the facial image in security context, and business datum is generated based on authentication result;
The business datum is sent to the service application, the business datum is sent to service by the service application
End.
16. a kind of camera realization device, comprising:
Processor;
For storing the memory of machine-executable instruction;
Wherein, by reading and executing the machine-executable instruction corresponding with camera realization logic of the memory storage, institute
Processor is stated to be prompted to:
Camera driving is loaded by initialization interface;
For camera storage allocation space, the memory headroom is for storing the camera acquired image;
Control instruction is configured for the memory headroom, to configure security context for the memory headroom.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810671601.3A CN109063442B (en) | 2018-06-26 | 2018-06-26 | Service implementation method and device and camera implementation method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810671601.3A CN109063442B (en) | 2018-06-26 | 2018-06-26 | Service implementation method and device and camera implementation method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109063442A true CN109063442A (en) | 2018-12-21 |
| CN109063442B CN109063442B (en) | 2022-01-28 |
Family
ID=64821645
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810671601.3A Active CN109063442B (en) | 2018-06-26 | 2018-06-26 | Service implementation method and device and camera implementation method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109063442B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110933307A (en) * | 2019-11-29 | 2020-03-27 | 维沃移动通信有限公司 | Electronic equipment and image processing method |
| WO2024021922A1 (en) * | 2022-07-26 | 2024-02-01 | 中兴通讯股份有限公司 | Video call method, electronic device, and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104158790A (en) * | 2013-05-14 | 2014-11-19 | 腾讯科技(深圳)有限公司 | User login method, device and equipment |
| US20150046339A1 (en) * | 2013-08-08 | 2015-02-12 | Erick Wong | Methods and systems for provisioning mobile devices with payment credentials |
| CN105488679A (en) * | 2015-11-23 | 2016-04-13 | 小米科技有限责任公司 | Mobile payment equipment, method and device based on biological recognition technology |
| CN105516180A (en) * | 2015-12-30 | 2016-04-20 | 北京金科联信数据科技有限公司 | Cloud secret key authentication system based on public key algorithm |
| CN105512563A (en) * | 2014-09-25 | 2016-04-20 | 阿里巴巴集团控股有限公司 | Method and device for determining trusted device, and method and device for risk release |
| CN107493291A (en) * | 2017-08-31 | 2017-12-19 | 阿里巴巴集团控股有限公司 | A kind of identity identifying method and device based on safety element SE |
| CN107948526A (en) * | 2017-12-26 | 2018-04-20 | 北京传嘉科技有限公司 | The driving treating method and apparatus of camera |
-
2018
- 2018-06-26 CN CN201810671601.3A patent/CN109063442B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104158790A (en) * | 2013-05-14 | 2014-11-19 | 腾讯科技(深圳)有限公司 | User login method, device and equipment |
| US20150046339A1 (en) * | 2013-08-08 | 2015-02-12 | Erick Wong | Methods and systems for provisioning mobile devices with payment credentials |
| CN105512563A (en) * | 2014-09-25 | 2016-04-20 | 阿里巴巴集团控股有限公司 | Method and device for determining trusted device, and method and device for risk release |
| CN105488679A (en) * | 2015-11-23 | 2016-04-13 | 小米科技有限责任公司 | Mobile payment equipment, method and device based on biological recognition technology |
| CN105516180A (en) * | 2015-12-30 | 2016-04-20 | 北京金科联信数据科技有限公司 | Cloud secret key authentication system based on public key algorithm |
| CN107493291A (en) * | 2017-08-31 | 2017-12-19 | 阿里巴巴集团控股有限公司 | A kind of identity identifying method and device based on safety element SE |
| CN107948526A (en) * | 2017-12-26 | 2018-04-20 | 北京传嘉科技有限公司 | The driving treating method and apparatus of camera |
Non-Patent Citations (4)
| Title |
|---|
| BO ZHAO,ET AL: "A Private User Data Protection Mechanism in TrustZone Architecture Based on Identity Authentication", 《TSINGHUA SCIENCE AND TECHNOLOGY》 * |
| ZEPHYR CAI: "Android可信执行环境TEE最全介绍", 《HTTPS://BLOG.CSDN.NET/CAIZEHUI/ARTICLE/DETAILS/114638207》 * |
| 蒋航 等: "ARMv7 架构下可信执行环境敏感数据保护实现方法", 《信息工程大学学报》 * |
| 魏凡星 等: "TEE技术应用到智能设备生物识别场景的安全性分析", 《移动通信》 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110933307A (en) * | 2019-11-29 | 2020-03-27 | 维沃移动通信有限公司 | Electronic equipment and image processing method |
| WO2024021922A1 (en) * | 2022-07-26 | 2024-02-01 | 中兴通讯股份有限公司 | Video call method, electronic device, and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109063442B (en) | 2022-01-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6487105B2 (en) | System and method for authorizing access to an access controlled environment | |
| CN108804884B (en) | Identity authentication method, identity authentication device and computer storage medium | |
| CN106101136B (en) | A kind of authentication method and system of biological characteristic comparison | |
| US10237070B2 (en) | System and method for sharing keys across authenticators | |
| CN109657446B (en) | System and method for providing blockchain based multi-factor personal identity verification | |
| US20190318077A1 (en) | Visual data processing of response images for authentication | |
| CN105306490B (en) | Payment verifying system, method and device | |
| US8970348B1 (en) | Using sequences of facial gestures to authenticate users | |
| US20210141888A1 (en) | Apparatus, System and Method for Authenticating a User | |
| US11263441B1 (en) | Systems and methods for passive-subject liveness verification in digital media | |
| CN107395369B (en) | Authentication method, access method and system for self-contained equipment of mobile Internet | |
| TW201944294A (en) | Method and apparatus for identity verification, electronic device, computer program, and storage medium | |
| US20230091318A1 (en) | System and method for pre-registration of fido authenticators | |
| CN110059560A (en) | The method, device and equipment of recognition of face | |
| CN110163094A (en) | Biopsy method, device, equipment and storage medium based on gesture motion | |
| US11373449B1 (en) | Systems and methods for passive-subject liveness verification in digital media | |
| CN109063442A (en) | The method and apparatus that business realizing, camera are realized | |
| Stockinger | Implicit authentication on mobile devices | |
| CN106599841A (en) | Full face matching-based identity verifying method and device | |
| Carta et al. | Video injection attacks on remote digital identity verification solution using face recognition | |
| JP2024509926A (en) | User authentication using original and modified images | |
| KR102539533B1 (en) | Method and apparatus for preventing other people from photographing identification | |
| CN114567451B (en) | Identity verification method, identity verification device, computer equipment and storage medium | |
| CN108921085A (en) | Auth method, device and equipment | |
| CN115114557B (en) | Page data acquisition method and device based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40002005 Country of ref document: HK |
|
| TA01 | Transfer of patent application right |
Effective date of registration: 20200922 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant after: Innovative advanced technology Co.,Ltd. Address before: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant before: Advanced innovation technology Co.,Ltd. Effective date of registration: 20200922 Address after: Cayman Enterprise Centre, 27 Hospital Road, George Town, Grand Cayman Islands Applicant after: Advanced innovation technology Co.,Ltd. Address before: A four-storey 847 mailbox in Grand Cayman Capital Building, British Cayman Islands Applicant before: Alibaba Group Holding Ltd. |
|
| TA01 | Transfer of patent application right | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |