CN109525555A

CN109525555A - A kind of method and device of online registration and certification

Info

Publication number: CN109525555A
Application number: CN201811205030.0A
Authority: CN
Inventors: 曹恺
Original assignee: Alibaba Group Holding Ltd
Current assignee: Advanced New Technologies Co Ltd; Advantageous New Technologies Co Ltd
Priority date: 2014-03-27
Filing date: 2014-03-27
Publication date: 2019-03-26
Anticipated expiration: 2034-03-27
Also published as: CN109525555B; CN104954328B; HK1211151A1; CN104954328A

Abstract

This application discloses the method and devices of a kind of online registration and certification, and to solve in the prior art when carrying out on-line authentication using biological characteristic, biological information is easy to be stolen, the lower problem of safety.When registration, client obtains the corresponding random string of user identifier, it acquires the biological information of user and therefrom extracts condition code, this feature code is encrypted using the random string to obtain encrypted feature code, encrypted feature code is sent to server as the corresponding registration feature code of the user identifier and is saved.Pass through the above method, it is the condition code by encryption that client, which is sent to the condition code of server, when due to registration, even if encrypted feature code is stolen by attacker, attacker is also difficult it to be decrypted and obtains original condition code, so as to effectively improve the safety of biological information.

Description

A kind of method and device of online registration and certification

The application is to submit on March 27th, 2014 application No. is 201410119800.5, entitled " a kind of online registration and The divisional application of the application for a patent for invention of the method and device of certification ".

Technical field

This application involves field of computer technology more particularly to the method and devices of a kind of online registration and certification.

Background technique

With the development of internet technology, what user can be convenient carries out doing shopping etc. by network various whenever and wherever possible In line service, and it can all be related to user's proprietary information (such as bank's card number) in line service due to many at present, such as What guarantees that the safety of user information is the hot issue of current research.

Currently, although most of clients, which provide commercial city, uses account and password (including character password, gesture password etc.) Mode user is authenticated, to protect the safety of user information, still, either which kind of password have leakage or by hacker Therefore the risk usurped is come into being using the method that the biological information of user carries out on-line authentication to user.

Using user biological information carry out on-line authentication main thought be: registration when, user by its fingerprint, The biological informations such as palmmprint, iris are sent to server preservation；In verifying, user acquires the biological information of itself simultaneously It is sent to server, server then compares the biological information of user's transmission and the biological information of the user saved, Judge whether the two matches, if so, certification passes through, otherwise authenticates and do not pass through.Certainly, the biological information of above-mentioned user It can be substituted using the condition code extracted from biological information.

But the biological information of either user, or the feature extracted from the biological information of user Code, since it all has specificity and stability, belongs to the privacy information of user.To which one side user may be simultaneously It is unwilling the biological information of oneself or condition code being sent to server, on the other hand, if user is sent to server Biological information or condition code stolen by attacker, then attacker can use user biological information pretend to be use The information security of the identity at family, user will face great threat.Therefore, on-line authentication is being carried out using biological information In application scenarios, how to guarantee that the safety of biological information becomes a urgent problem to be solved.

Summary of the invention

The embodiment of the present application provides the method and device of a kind of online registration and certification, to solve in the prior art in benefit When carrying out on-line authentication with biological characteristic, biological information is easy to be stolen, the lower problem of safety.

A kind of method of online registration provided by the embodiments of the present application, comprising:

The corresponding random string of user identifier of client acquisition user；And

The biological information of the user is acquired, and extracts condition code from the biological information；And

Described document information is encrypted using the random string, obtains encrypted feature code；

The encrypted feature code is sent to service by the client Device saves.

A kind of method of on-line authentication provided by the embodiments of the present application, comprising:

The user identifier that client is inputted according to user obtains the corresponding random string of the user identifier；And

The biological information for acquiring the user extracts condition code from the biological information；And

Using the random string and predetermined encryption algorithm, described document information is encrypted, it is special to obtain encryption Levy code；

The encrypted feature code is sent to clothes by the client Business device carries out the server to the condition code to be certified according to the corresponding registration feature code of the user identifier of preservation Certification；

Wherein, the registration feature code is using the random string and the predetermined encryption algorithm, to from registration institute State what the condition code extracted in the biological information of the user of user identifier was encrypted.

A kind of device of online registration provided by the embodiments of the present application, comprising:

Module is obtained, the corresponding random string of user identifier of user is obtained；

Acquisition module acquires the biological information of the user, and extracts condition code from the biological information；

Encrypting module is encrypted described document information using the random string, obtains encrypted feature code；

The encrypted feature code is sent to server by sending module It saves.

A kind of device of on-line authentication provided by the embodiments of the present application, comprising:

Extraction module obtains the corresponding random string of the user identifier according to the user identifier that user inputs；

Acquisition module acquires the biological information of the user, extracts condition code from the biological information；

Encrypting module is encrypted described document information using the random string and predetermined encryption algorithm, obtains To encrypted feature code；

The encrypted feature code is sent to service by sending module Device recognizes the server to the condition code to be certified according to the corresponding registration feature code of the user identifier of preservation Card；

The embodiment of the present application provides the method and device of a kind of online registration and certification, and when registration, client obtains user Corresponding random string is identified, the biological information of user is acquired and therefrom extracts condition code, using the random string This feature code is encrypted to obtain encrypted feature code, is sent out encrypted feature code as the corresponding registration feature code of the user identifier Give server preservation.It is by encryption that by the above method, when due to registration, client, which is sent to the condition code of server, Condition code, therefore, even if encrypted feature code is stolen by attacker, attacker is also difficult it to be decrypted and obtains original spy Code is levied, so as to effectively improve the safety of biological information.

Detailed description of the invention

The drawings described herein are used to provide a further understanding of the present application, constitutes part of this application, this Shen Illustrative embodiments and their description please are not constituted an undue limitation on the present application for explaining the application.In the accompanying drawings:

Fig. 1 is online registration process provided by the embodiments of the present application；

Fig. 2 be client provided by the embodiments of the present application in four dimensional feature vectors for indicating biological minutia information Abscissa and ordinate the process that is encrypted of the first element and second element；

Fig. 3 is that fourth element in four dimensional feature vectors, (fourth element is used for table to client provided by the embodiments of the present application Show biological minutia information deflection angle of the location relative to object of reference specified in image in the picture) it is encrypted Process；

Fig. 4 is the process of on-line authentication provided by the embodiments of the present application；

Fig. 5 is the apparatus structure schematic diagram of online registration provided by the embodiments of the present application；

Fig. 6 is the apparatus structure schematic diagram of on-line authentication provided by the embodiments of the present application.

Specific embodiment

To keep the purposes, technical schemes and advantages of the application clearer, below in conjunction with the application specific embodiment and Technical scheme is clearly and completely described in corresponding attached drawing.Obviously, described embodiment is only the application one Section Example, instead of all the embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not doing Every other embodiment obtained under the premise of creative work out, shall fall in the protection scope of this application.

Fig. 1 is online registration process provided by the embodiments of the present application, specifically includes the following steps:

S101: the corresponding random string of user identifier of client acquisition user.

In the embodiment of the present application, user will first input user identifier when passing through client registers on the client, should User identifier can be the account information of user, and the account information that client can then be inputted according to user obtains the user identifier Corresponding random string.

Wherein, client can voluntarily generate the corresponding random string of the user identifier, and the use can also be generated by server Family identifies corresponding random string and is sent to client, can also be arranged by client and server for generating random character The random number factor of string, and random string is generated according to the random number factor by client.

Specifically, client produces the random number factor, and according to the use when client voluntarily generates random string Family mark, the corresponding key of the user identifier (the corresponding key of the user identifier is that user is input to client), the client At least one of facility information of itself and the random number factor are held, the corresponding random string of the user identifier is generated. After client generates the random string, also the random string of generation can be sent to server, receive server will Random string it is corresponding with the user identifier storage.

When generating random string by server, client then receives the user identifier pair that server generates and sends The random string answered, wherein the random string that server is sent is the server according to the user identifier, the user identifier The random number factor that at least one of facility information that corresponding key, the client report and the server generate is raw At.

When client is according to random string is generated with the random number factor of server commitment, client can be according to the use At least one of family mark, the corresponding key of the user identifier, the facility information of the client itself, and it is pre- with server The random number factor first arranged generates the corresponding random string of the user identifier.After client generates the random string, also The random string of generation can be sent to server, keep server that the random string received is corresponding with the user identifier Storage.

Wherein, the facility information of above-mentioned client itself includes but is not limited to the media access control (Media of client Access Control, MAC) address, international mobile equipment identification number (International Mobile Equipment Identification Number, IMEI), equipment Serial Number, address Internet protocol (Internet Protocol, IP) etc. Information.

It is illustrated for voluntarily generating the corresponding random string of the user identifier by client.For example, it is assumed that objective The random number factor that family end generates is A₀, the user identifier be user identity identification code (Identity, ID), the User ID it is close Key is K, and the facility information of client is P.Then client can choose any one kind of them or several combinations from ID, K, P, then with A₀It generates The corresponding random string A of the User ID.Assuming that client selects ID and P, according to ID and P and A₀It is corresponding to generate the User ID Random string A, then ID and P can be placed in A by client₀Later, character string A is obtained₀+ ID+P, then to character string A₀+ ID+P is adopted It is calculated with secure hash algorithm (Secure Hash Algorithm, SHA), obtained result is that the User ID is corresponding Random string A.

It should be noted that the application to generate random string used by algorithm without limitation, the random words of generation The length of symbol string can be random length.

S102: the biological information of the user is acquired, and extracts condition code from the biological information.

In the embodiment of the present application, the biological information includes but is not limited to fingerprint, palmmprint, eyeprint, iris, hand The information such as vena metacarpea, face.Client can then pass through physical characteristics collecting device (such as camera, fingerprint in the equipment where it Collector, palmmprint collector etc.) biological information of user is acquired, and by preset extraction algorithm, from acquisition To biological information in extract condition code.Specific extraction algorithm is not within the scope of protection of this application.

It should be noted that the execution sequence of above-mentioned steps S101 and S102 are in no particular order.

S103: this feature code is encrypted using the random string, obtains encrypted feature code.

In the embodiment of the present application, client then can be used after extracting condition code in the biological information of user The random string and preset Encryption Algorithm, are encrypted this feature code, obtain encrypted feature code.

Further, in order to be decrypted easily when guaranteeing that the encrypted feature code is revealed or is stolen, the application is implemented The preset Encryption Algorithm can be irreversible Encryption Algorithm in example.

S104: the encrypted feature code is sent to server as the corresponding registration feature code of the user identifier and protected by client It deposits.

After obtaining encrypted feature code, client then can be using the encrypted feature code as the corresponding registration feature of the user identifier Code is sent to server preservation, make server it is subsequent the user is authenticated when, it is corresponding according to the user identifier of preservation Registration feature code authenticated.

By the above method, due to during online registration, client be sent to server registration feature code be through The condition code of encryption is crossed, especially by the condition code of irreversible Encryption Algorithm encryption, therefore even if the encrypted feature code is let out Dew is stolen by attacker, and attacker, which is also difficult to be decrypted, obtains original condition code, so as to effectively improve online registration The safety of the biological information of user in the process.

Further, biological information described in the embodiment of the present application can be believed for the biological characteristic of image format Breath, such as fingerprint, palmmprint, eyeprint, iris, then the condition code that client is extracted from the biological information of image format can To be the vector set being made of several four dimensional feature vectors.Wherein, for each four dimensional feature vector, four dimensional feature to Amount includes the first element, second element, third element, fourth element.First element makes a living object detail characteristic information in the picture The abscissa of present position.Second element is made a living the ordinate of object detail characteristic information present position in the picture.Third element It makes a living the signature identification of object detail characteristic information.Fourth element is made a living, and location is opposite in the picture for object detail characteristic information The deflection angle of object of reference is specified in image.

It can be seen that four dimensional feature vectors are actually the biological characteristic letter for being used to describe acquired image form Which position has which biological minutia in breath.It is said so that the biological information of acquisition is palmmprint as an example below It is bright.

The biological minutia information of palmmprint includes stick line style, arc line style, wave line style, dustpan shape line style and spiral shell shape Line style etc..Assuming that at present can identified palmmprint minutia Information commons m kind, thus the feature of biological minutia information Mark can be 1~m, and for identifying this m kind palmmprint minutia information respectively, m is positive integer.Assuming that from the palm of image format The condition code extracted in line characteristic information is ((a₁₁, a₁₂, a₁₃, a₁₄₎、(a₂₁, a₂₂, a₂₃, a₂₄)、……(a_k1, a_k2, a_k3, a_k4)), one of those four dimensional feature vector (a_i1, a_i2, a_i3, a_i4), i is positive integer and is less than or equal to k, then four dimensional feature Vector indicates: (a in the palmprint image_i1, a_i2) existing characteristics are identified as a at coordinate_i3Palmmprint minutia information, the palm Line minutia information is the location of in the palmprint image relative to the deflection angle for specifying object of reference in the palmprint image For a_i4Degree.To as it can be seen that four dimensional feature vector can indicate which position has which biological details in the palmprint image Feature.

When the condition code extracted is the vector set being made of several above-mentioned four dimensional feature vectors, in step S103 The method that client uses the corresponding random string of the user identity information that this feature code is encrypted can be with are as follows: needle To each of including four dimensional feature vectors in this feature code, using the corresponding random string of the user identifier and it is irreversible plus At least one element in four dimensional feature vector is encrypted in close algorithm.

In practical applications, there are many kinds of irreversible encryption algorithms, such as modulus, hash algorithm.The embodiment of the present application with For modulus, illustrate the process encrypted using random string and irreversible encryption algorithm to condition code.

Fig. 2 be client provided by the embodiments of the present application in four dimensional feature vectors for indicating biological minutia information Abscissa and ordinate the process that is encrypted of the first element and second element, specifically includes the following steps:

S201: the random string of acquisition is divided into five substrings by client, obtains the first substring, the second substring, Three substrings, the 4th substring, the 5th substring.

Wherein, which is the corresponding random string of user identifier obtained in step S101 shown in FIG. 1.

Still it is illustrated by taking palm print characteristics information as an example.

Assuming that being from some four dimensional feature vector in the condition code extracted in the palm print characteristics information of image format (a_i1, a_i2, a_i3, a_i4), the length for the corresponding random string A of the user identifier that client obtains in step S101 is 160bit is then directed to the first element a_i1With second element a_i2When being encrypted, client can be by the random string of this 160bit A is averagely divided into five substrings that length is 32bit, obtains the first substring A₁, the second substring A₂, third substring A₃, the 4th son String A₄, the 5th substring A₅。

S202: determine using the first substring to be abscissa, the second substring to the height of the image to the modulus value of the width of image Modulus value be ordinate central point.

Wherein, which is the image of collected biological information in step S102 shown in FIG. 1

Continue to use the example above, it is assumed that the width of collected palmprint image is d in step S102, is highly l, then the first son String A₁Value to the width d modulus of image is A₁Mod d=x, the second substring A₂Value to the height l modulus of image is A₂mod l =y, so that client determines that the coordinate of central point is (x, y).

S203: determine that third substring is rotation angle to 360 modulus value.

Continue to use the example above, third substring A₃Modulus value to 360 is A₃Mod 360=v, then client determines rotation angle For v.

S204: it determines using the first element in four dimensional feature vector as abscissa, with second yuan in four dimensional feature vector Element is the first position point of ordinate.

S205: according to the coordinate of the central point and rotation angle, determination is clockwise or inverse around the central point by the location point Hour hands rotate the coordinate of the second position point obtained after the rotation angle.

Continue to use the example above, with the first element a_i1For abscissa, second element a_i2For the seat of the first position point of ordinate Mark is (a_i1, a_i2), then client is determined first position point (a_i1, a_i2) (or counterclockwise) clockwise around central point (x, y) The coordinate of the second position point obtained after rotation v degree, be denoted as (x ', y ').

S206: determine the abscissa of second position point and first and value of the 4th substring, second position point ordinate with Second and value of the 5th substring.

Continue to use the example above, client determines the abscissa x ' and the 4th substring A of second position point₄First and value x '+A₄ =x " determines the ordinate y ' and the 5th substring A of second position point₅Second and value y '+A₅=y ".

S207: being determined as encrypted first element to the modulus value of the width of the image for first and value, by second and value Encrypted second element is determined as to the modulus value of the height of the image.

Continue to use the example above, client determines first and value x " to modulus value x " the mod d=a ' of the width d of the image_i1, make For encrypted first element, determine second and value y " to modulus value y " the mod l=a ' of the height l of the image_i2, after encryption Second element.

That is, obtained encrypted four dimensional feature vector is (a ' after to four dimensional feature vector encryption_i1, a '_i2, a_i3, a_i4)。

By the above method as it can be seen that encrypted first element a '_i1With encrypted second element a '_i2It is by several What secondary modulus was calculated, and for modulus calculating, a several U are unique to the value of another number Q modulus, it is assumed that are O, but be not unique to the number that the value of Q modulus is O, for example, the value of 101 pair of 100 modulus is 1, but to the value of 100 modulus It is therefore, above-mentioned to be based on modulus for 1 number but not just 101 (these several values to 100 modulus such as 1,101,201,301 are all 1) The Encryption Algorithm of calculating is irreversible encryption algorithm, so that client is by (a '_i1, a '_i2, a_i3, a_i4) it is sent to the process of server In, even if (a '_i1, a '_i2, a_i3, a_i4) reveal or stolen by attacker, attacker is according to a '_i1And a '_i2Also it is difficult to restore original A_i1And a_i2, therefore the safety of user biological characteristic information during online registration can be effectively improved.

It should be noted that above-mentioned encryption method as shown in Figure 2 is only illustrated by taking modulus algorithm as an example, it can also To use other irreversible encryption algorithms in addition to modulus algorithm to encrypt the first element and second element, as Hash is calculated Method.

The above are to the first element and the method that is encrypted of second element in four dimensional feature vectors, explanation is to the below The method that four elements are encrypted.

Fig. 3 is that fourth element in four dimensional feature vectors, (fourth element is used for table to client provided by the embodiments of the present application Show biological minutia information deflection angle of the location relative to object of reference specified in image in the picture) it is encrypted Process, specifically includes the following steps:

S301: client determine obtain the corresponding random string of the user identifier to 360 modulus value.

S302: by four dimensional feature vector fourth element and the modulus value and value be determined as encrypted quaternary Element.

Assuming that being from some four dimensional feature vector in the condition code extracted in the palm print characteristics information of image format (a_i1, a_i2, a_i3, a_i4), the length for the corresponding random string A of the user identifier that client obtains in step S101 is 160bit, then client is to fourth element a_i4When being encrypted, it may be determined that random string A to 360 modulus value A mod 360, then determine fourth element and the modulus value and value, as encrypted fourth element a '_i4, that is, a '_i4=a_i4+(A mod 360).To which obtained encrypted four dimensional feature vector is (a_i1, a_i2, a_i3, a '_i4)。

Likewise, due to a '_i4It is to be calculated by modulus, therefore, client is by a_i1, a_i2, a_i3, a '_i4) be sent to During server, even if (a_i1, a_i2, a_i3, a '_i4) reveal or stolen by attacker, attacker is according to a '_i4Also it is difficult to restore Original a out_i4, therefore the safety of user biological characteristic information during online registration can be effectively improved.

It should be noted that above-mentioned encryption method as shown in Figure 3 is only illustrated by taking modulus algorithm as an example, it can also To use other irreversible encryption algorithms in addition to modulus algorithm to encrypt fourth element, such as hash algorithm.

Certainly, it is above-mentioned it is shown in Fig. 2 to the first and second element carry out encryption and/or it is shown in Fig. 3 to fourth element carry out On the basis of encryption, client can also add the third element for indicating the signature identification of biological minutia information It is close.Specifically, client can be according to the type sum for capableing of identified biological minutia information at present, to the third element It is encrypted.

Assuming that being from some four dimensional feature vector in the condition code extracted in the palm print characteristics information of image format (a_i1, a_i2, a_i3, a_i4), the type sum for capableing of identified palmmprint minutia information at present is m kind, then shown in Fig. 2 To the first and second element carry out encryption and/or it is shown in Fig. 3 fourth element is encrypted on the basis of, client can be according to m pairs Third element a_i3It is encrypted, for example, can be by a '_i3=m+1-a_i3As encrypted third element.

In addition, in the embodiment of the present application, in order to improve the peace of user biological characteristic information during online registration as far as possible Quan Xing, the above-mentioned method encrypted to the first and second element as shown in Figure 2 as shown in Figure 3 encrypt fourth element Method and method that third element is encrypted may be used in combination, i.e., in the condition code extracted in step S102 It each of include four dimensional feature vectors, using method as shown in Figure 2 to the first element and second in four dimensional feature vector Element is encrypted, and is encrypted using method as shown in Figure 3 to the fourth element in four dimensional feature vector, further according to mesh Before be capable of the type sum of identified biological minutia information, the third element in four dimensional feature vector is added It is close.

Still it is illustrated by taking palm print characteristics information as an example.Assuming that the spy extracted from the palm print characteristics information of image format Levying some four dimensional feature vector in code is (a_i1, a_i2, a_i3, a_i4), then encrypted four dimensional feature vector is (a '_i1, a '_i2, a’_i3, a '_i4).Wherein, a '_i1And a '_i2It is that encryption method according to Fig.2, obtains, a '_i4It is by encryption shown in Fig. 3 What method obtained, a '_i3=m+1-a_i3。

Further, when by Fig. 2 and encryption method shown in Fig. 3 combined use, in order to further increase user biological The safety of characteristic information, in step S101 shown in Fig. 1, the corresponding random string of the user identifier that client obtains It may include the first random string and the second random string.Then the first random string can be used in client, and based on such as Fig. 2 Shown in method, in four dimensional feature vectors the first element and second element encrypt.It is random that client can be used second Character string, and based on method as shown in Figure 3, the fourth element in four dimensional feature vectors is encrypted.

Specifically, when the random string that client obtains in step S101 includes that the first random string and second are random When character string, if voluntarily generating the two random strings by client, client produce the first random number factor and The second random number factor, and according to user identifier, the corresponding key of user identifier, client itself facility information at least One, and the first random number factor and the second random number factor that generate, generate the first random string and the second random words Symbol string.

For example, it is assumed that the first random number factor that client generates is A₀, the second random number factor is B₀, user identifier is User ID, the key of the User ID are K, and the facility information of client is P.Then client can choose any one kind of them or several from ID, K, P Kind combination, then with A₀Generate the corresponding first random string A of the User ID.It can choose any one kind of them from ID, K, P or several Combination, then with B₀Generate the corresponding second random string B of the User ID.Such as, client is according to ID and P and A₀Generate the user When the corresponding first random string A of ID, ID and P can be placed in A₀Later, character string A is obtained₀+ ID+P, then to character string A₀+ ID+P is calculated using SHA, obtains the first random string A.According to K and P and B₀Generate the User ID corresponding second with When machine character string B, K and P can be placed in B₀Later, character string B is obtained₀+ K+P, then to character string B₀+ K+P is counted using SHA It calculates, obtains the first random string B.Last client is using the first random string A and based on method shown in Fig. 2 to feature The first element and second element in code in each four dimensional feature vector are encrypted, and using the second random string B and are based on Method shown in Fig. 3 encrypts the fourth element in four dimensional feature vector each in condition code.

In addition, in practical applications, the case where there is also the feature vector in condition code being three-dimensional feature vector, this three The first two element of dimensional feature vector is still to indicate biological minutia the information abscissa of present position and vertical seat in the picture Mark, third element is also the signature identification for indicating biological minutia information, only at this time represented by third element The signature identification of biological minutia information slightly has with signature identification represented by third element in four dimensional feature vectors in upper example It is different.

The difference is that: the third element in three-dimensional feature vector is the equal of incorporating in four dimensional feature vectors Third element and fourth element.That is, in three-dimensional feature vector, even identical biology minutia information, But if it is relative to specifying the deflection angle of object of reference different in image, then its corresponding signature identification is also different.Or It says, may be different same of deflection angle in three-dimensional feature vector, represented by multiple and different signature identifications Biological minutia.And in four dimensional feature vectors, the corresponding signature identification of identical biology minutia information be it is identical, Deflection angle is then characterized by fourth element.

Therefore, if the condition code that client is extracted from the biological information of image format is by several three-dimensionals The vector set that feature vector is constituted, then client then can be for each three-dimensional feature for including in this feature code in step S103 Vector, using the corresponding random string of the user identifier and irreversible encryption algorithm, in the three-dimensional feature vector extremely A few element is encrypted.Specifically, the method encrypted to the first two element in the three-dimensional feature vector can It is identical in the method encrypted with the first element shown in Fig. 2 in four dimensional feature vectors and second element.To three-dimensional special The method that third element in sign vector is encrypted can be using formula a '_i3=m+1-a_i3It is encrypted, is also possible to Using formula a '_i3=(A+a_i3) mod m encrypted.Wherein, a '_i3For encrypted third element, a_i3It is the of unencryption Three elements, m are in the case where three-dimensional feature vector (that is, the feature of the same biological minutia of different deflection angles Identify different situations) sum of signature identification, A is random string, is just no longer repeated one by one here.

It should be noted that, although in practical applications, the element in each feature vector included in features described above code Number (i.e. dimension) will receive the influence for extracting extracting method used in this feature code, so that including in this feature code The dimension of each feature vector may be more than three-dimensional, four-dimensional.But no matter the dimension of feature vector is how many, wraps in this feature vector Information represented by the element contained can be basically classified into three parts, they be respectively as follows: biological minutia information comprising There are the signature identification of coordinate in the image of biological information, biological minutia information, and biological minutia information Present position is relative to the deflection angle for specifying object of reference in image in the picture.And based on provided by the embodiments of the present application to spy The dimension that the encryption method of each feature vector can be seen that the feature vector for no matter including in condition code in sign code is how many, It is provided by the embodiments of the present application applicable to the encryption method of feature vector.

Further, in order to further increase the safety of user biological characteristic information in registration process, due to by upper The format of each feature vector included in the encrypted feature code that the method for stating obtains is identical (that is, each feature vector Dimension it is identical, the value range of respective element is also identical in each feature vector), therefore, step S104 shown in Fig. 1 In, client is sent to service as the corresponding registration feature code of the user identifier in the encrypted feature code for obtaining step S103 When device saves, hash point, then the encryption that hash point will be added to can be added into the encrypted feature code obtained by step S103 Condition code is sent to server as the corresponding registration feature code of the user identifier and saves.Wherein, described in the embodiment of the present application Hash point be vector identical with the format of feature vector in encrypted feature code.

For example, it is assumed that the biological information acquired in step S102 is palmprint image, the spy extracted from palmprint image Each feature vector that sign code includes is four dimensional feature vectors, and the width of the palmprint image acquired is d, is highly l, at present The type sum for capableing of identified palmmprint minutia information is m kind, then uses above-mentioned first in four dimensional feature vectors After~four-dimension element is encrypted, the value range of the first element in each encrypted four dimensional feature vector is [0, d], the The value range of Was Used is [0, l], and the value range of third element is [1, m], the value range of fourth element be [0, 360], therefore, client can pre-save several four dimensional vectors that respective element is fallen in corresponding value range, as miscellaneous It gathers a little, after obtaining the encrypted feature code comprising each encrypted four dimensional feature vector, the hash point of preservation is added to encryption In condition code, to each encrypted four dimensional feature vector for including in the encrypted feature code before hiding be not added with, then it will add Encrypted feature code after hash point is sent to server as registration feature code and saves.In this way, even if being added to hash point Encrypted feature code is stolen, attacker be also difficult to differentiate be added to all four dimensional features that the encrypted feature code of hash point includes to In amount, which is hash point, which is only four dimensional feature vectors by encryption, to can further improve biological information Safety.

The above are the methods of online registration provided by the embodiments of the present application, recognize online correspondingly, the application also provides one kind The method of card, as shown in Figure 4.

Fig. 4 is the process of on-line authentication provided by the embodiments of the present application, specifically includes the following steps:

S401: the user identifier that client is inputted according to user obtains the corresponding random string of the user identifier.

In the embodiment of the present application, user can first input its user identifier when carrying out on-line authentication using client, visitor The user identifier that family end can then be inputted according to user, obtains the corresponding random string of the user identifier.

Wherein, during online registration shown in Fig. 1, client is obtaining a user identifier pair in step S101 After the random string answered, which can be stored in local, which can also be sent to server, made Server by the random string it is corresponding with the user identifier storage.To which in step S401 shown in Fig. 4, client exists It, can be first corresponding random in the user identifier that locally search the user when obtaining the corresponding random string of user identifier of user Character string obtains the corresponding random character of user identifier of the user of server preservation if not finding from server String.

S402: the biological information of the user is acquired, condition code is extracted from biological information.

Step S402 and step S102 shown in FIG. 1 are essentially identical, are not just repeating one by one herein.

S403: using the random string and predetermined encryption algorithm, this feature code be encrypted, and it is special to obtain encryption Levy code.

In the embodiment of the present application, client uses Encryption Algorithm same as step S103 shown in FIG. 1, to from step The condition code extracted in S402 is encrypted.

S404: the encrypted feature code is sent to service by client Device authenticates server to the condition code to be certified according to the corresponding registration feature code of the user identifier of preservation.

Wherein, above-mentioned registration feature code is calculated using the corresponding random string of the user identifier and the predetermined encryption The condition code extracted from the biological information for registering the user of the user identifier is encrypted in method.

That is, by the method for above-mentioned online registration provided by the embodiments of the present application it is found that due to being saved in server The corresponding registration feature code of user identifier is the condition code by encryption, specifically uses the corresponding random character of the user identifier String, predetermined encryption algorithm encrypt the condition code extracted from the biological information for registering the user of the user identifier , and predetermined encryption algorithm is fixed and invariable in client, thus, it is supposed that the use for inputting the user identifier, being authenticated Family is the first user, and the user identifier that server saves is the user identifier of second user registration, this fashion cannot know the Whether one user and second user are the same user, then the first user is when passing through client certificate, the user that only inputs It is completely the same to identify the user identifier registered with second user, and the biology of the biological information of the first user and second user In the case that characteristic information is completely the same, the first user could pass through verifying.

To which client needs to obtain the corresponding random string of user identifier of the first user to be authenticated input, And the biological information of the first user is acquired, characteristic value is therefrom extracted, then calculate using the random string and predetermined encryption Method carries out encryption as condition code to be certified to this feature value and is then forwarded to server, if the server determine that condition code to be certified Registration feature code corresponding with the user identifier of preservation is identical, it is determined that first user is exactly register the user identifier Two users, certification pass through, and otherwise authenticate and do not pass through.

Can be seen that client to be sent to the condition code to be certified of server by above-mentioned on-line authentication method is also process Encryption, therefore even if the condition code to be certified is revealed or is stolen in verification process, attacker is also difficult to obtain original Biological information, so as to effectively improve the safety of user biological characteristic information during on-line authentication.

Further, during on-line authentication shown in Fig. 4, the biology of the collected user of client in step S402 Characteristic information is also possible to the biological information of image format, such as fingerprint, palmmprint, eyeprint, iris, and client is from user's The condition code extracted in biological information is also possible to the vector set being made of several four dimensional feature vectors.Wherein, For each four dimensional feature vector, which includes the first element, second element, third element, fourth element.The One element is made a living the abscissa of object detail characteristic information present position in the picture.Second element object detail characteristic information of making a living exists The ordinate of present position in image.Third element is made a living the signature identification of object detail characteristic information.Fourth element is that biology is thin Save characteristic information deflection angle of the location relative to object of reference specified in image in the picture.

When the condition code that client is extracted from the biological information of user be from several above-mentioned four dimensional features to When measuring the vector set constituted, client uses the corresponding random character of the user identity information of user's input in step S403 Going here and there method that this feature code is encrypted can be with are as follows: for each of including four dimensional feature vectors in this feature code, adopts With the corresponding random string of the user identifier and irreversible encryption algorithm, at least one of four dimensional feature vector member Element is encrypted.

When in four dimensional feature vectors in condition code the first element and second element encrypt when, client The random string can be divided into five substrings, obtain the first substring, the second substring, third substring, the 4th substring, the 5th son String, it is determining to be to the modulus value of the height of the image as abscissa, the second substring using modulus value of first substring to the width of the image The central point of ordinate determines that third substring is rotation angle to 360 modulus value, determines with first yuan in four dimensional feature vector Element is abscissa, using second element in four dimensional feature vector as the first position of ordinate point, according to the coordinate of the central point With the rotation angle, obtain the location point after the central point clockwise or counterclockwise the rotation angle the is determined The coordinate of two location points determines the vertical seat of the abscissa of the second position point and first and value of the 4th substring, second position point Mark and the second of the 5th substring and value, by this first and value encrypted first yuan is determined as to the modulus value of the width of the image Element, by this second and value encrypted second element is determined as to the modulus value of the height of the image.

As it can be seen that client is to the biological information from user during on-line authentication provided by the embodiments of the present application In the method that is encrypted of the first and second element in four dimensional feature vectors of each of the condition code that extracts and above-mentioned online note Encryption method shown in Fig. 2 is completely the same during volume, is not just being illustrated here.

When encrypting to the fourth element in four dimensional feature vectors in condition code, client can determine acquisition The user input the corresponding random string of user identifier to 360 modulus value, by the quaternary in four dimensional feature vector Plain and the modulus value and value is determined as encrypted fourth element.

As it can be seen that client is to the biological information from user during on-line authentication provided by the embodiments of the present application In fourth element in four dimensional feature vectors of each of the condition code that the extracts method and above-mentioned online registration that are encrypted Encryption method shown in Fig. 3 is completely the same in the process, is not just being illustrated here.

Certainly, during on-line authentication provided by the embodiments of the present application, first and second element is encrypted above-mentioned And/or on the basis of encrypting to fourth element, client can also be to for indicating the feature mark of biological minutia information The third element of knowledge is encrypted.Specifically, client can be according to the kind for capableing of identified biological minutia information at present Class sum, encrypts the third element.This is also with ciphering process of the client during online registration to third element Completely the same.

That is, Encryption Algorithm used in client is used with client during online registration during on-line authentication Encryption Algorithm be completely the same.

In order to further increase the safety of user biological characteristic information during on-line authentication, client in step S404 Clothes are sent in the corresponding condition code to be certified of user identifier that the encrypted feature code for obtaining step S403 is inputted as user When business device, hash point can be added into the encrypted feature code, will be added to the encrypted feature code of hash point as the user identifier Corresponding condition code to be certified is sent to server.Wherein, hash point is the format with the feature vector in the encrypted feature code Identical vector.

Correspondingly, the user identifier pair of body preservation can be extracted directly from after server receives the condition code to be certified The registration feature code answered, and the condition code to be certified is authenticated according to the registration feature code of extraction.

Specifically, server can directly compare two when carrying hash point in registration feature code and condition code to be certified Person is with the degree of correlation both determined, and certainly, server can also save hash point identical with client, and from registration feature code With hash point is deleted in condition code to be certified, then carry out degree of correlation comparison.

When carrying out degree of correlation comparison, server can determine the Euclidean between registration feature code and condition code to be certified away from From Euclidean distance is bigger, and the degree of correlation is smaller, and Euclidean distance is smaller, and the degree of correlation is bigger.

Since registration feature code and condition code to be certified are all the set of feature vector, specifically determine Euclidean away from From when, can first according to certain rule, each feature vector for including in registration feature code and condition code to be certified is arranged respectively Sequence, such as: the sequence row according to the sequence of third element from small to large, if third element is identical by fourth element from small to large Sequence.After being ranked up respectively to each feature vector for including in registration feature code and condition code to be certified, then it can determine that registration is special The Euclidean distance for levying the identical every two feature vector of sequence serial number in code and condition code to be certified, by determining every two feature The Euclidean distance Euclidean distance of vector and/or that average value is as registration feature code and condition code to be certified, finally judgement registration Whether the Euclidean distance between condition code and condition code to be certified is less than given threshold, if so, certification passes through, otherwise authenticates not Pass through.

When using above-mentioned online registration and authentication method, if user thinks that through a long time does not replace registration feature code, When needing replacing, client can then regenerate the corresponding random string of the user identifier, be replaced using new random string Original corresponding random string of the user identifier locally saved, and by online registration method as shown in Figure 1, again The registration feature code encrypted using newly-generated random string is obtained, and new registration condition code is sent to server and is protected It deposits, is server using the corresponding registration feature code of the original user identifier of new registration condition code replacement.It can also will be newly random Character string is sent to server, and server is made to replace the corresponding random words of original user identifier using the new random string Symbol string.It is subsequent when carrying out on-line authentication, client then can be by method as shown in Figure 4, local or obtain from server The corresponding new random string of the user identifier is got, and follow-up process is carried out based on new random string, completes on-line authentication.

The above are the methods of online registration provided by the embodiments of the present application and certification, are based on same thinking, and the application is real It applies example and additionally provides the device of online registration and the device of on-line authentication, as shown in Figure 5 and Figure 6.

Fig. 5 is the apparatus structure schematic diagram of online registration provided by the embodiments of the present application, is specifically included:

Module 501 is obtained, the corresponding random string of user identifier of user is obtained；

Acquisition module 502 acquires the biological information of the user, and extracts feature from the biological information Code；

Encrypting module 503 is encrypted described document information using the random string, obtains encrypted feature Code；

The encrypted feature code is sent to clothes by sending module 504 Business device saves.

The acquisition module 501 is specifically used for, and generates the random number factor, and mark according to the user identifier, the user Know at least one of facility information of corresponding key, described device itself and the random number factor, generates the use Family identifies corresponding random string；Alternatively, receiving the corresponding random character of the user identifier that server generates and sends String, wherein the random string that the server is sent is the server according to the user identifier, the user identifier pair At least one of the facility information that the key answered, described device report, and the random number factor that generates generate；Alternatively, According at least one of the user identifier, the corresponding key of the user identifier, the facility information of described device itself, with And the random number factor made an appointment with server, generate the corresponding random string of the user identifier.

The biological information is the biological information of image format, and described document information is by several four dimensional features The vector set that vector is constituted；

Four dimensional feature vector includes the first element, second element, third element, fourth element；

First element is made a living the abscissa of object detail characteristic information present position in described image；

The second element is made a living the ordinate of object detail characteristic information present position in described image；

The third element is made a living the signature identification of object detail characteristic information；

The fourth element make a living object detail characteristic information the location of in described image relative in described image The deflection angle of specified object of reference.

The encrypting module 503 is specifically used for, for each of including four dimensional feature vectors in described document information, using institute Random string and irreversible encryption algorithm are stated, at least one element in four dimensional feature vector is encrypted.

The encrypting module 503 is specifically used for, and the random string is divided into five substrings, obtain the first substring, Second substring, third substring, the 4th substring, the 5th substring；Determine that with modulus value of first substring to the width of described image be cross Coordinate, the second substring are the central point of ordinate to the modulus value of the height of described image；Determine that third substring is to 360 modulus value Rotate angle；It determines using the first element in four dimensional feature vector and is as abscissa, with second element in four dimensional feature vector The first position point of ordinate；According to the coordinate of the central point and the rotation angle, determine the location point around described The coordinate of second position point that central point obtains after the rotation angle clockwise or counterclockwise；Determine the second position Second and the value of the abscissa of point and the first of the 4th substring and value, the ordinate of second position point and the 5th substring；It will Described first is determined as encrypted first element to the modulus value of the width with value, by described second and value to the height Modulus value is determined as encrypted second element.

The encrypting module 503 is specifically used for, determine the random string to 360 modulus value；By four dimensional feature to Fourth element in amount and the modulus value and value be determined as encrypted fourth element.

The encrypted feature code is the vector set being made of the identical feature vector of several formats；

The sending module 504 is specifically used for, in Xiang Suoshu encrypted feature code add hash point, the hash point for institute State the identical vector of format of the feature vector in encrypted feature code；The encrypted feature code of hash point will be added to as the use Family identifies corresponding registration feature code and is sent to server preservation.

The device of specific above-mentioned online registration shown in fig. 5 can be located in client.

Fig. 6 is the apparatus structure schematic diagram of on-line authentication provided by the embodiments of the present application, is specifically included:

Module 601 is obtained, according to the user identifier that user inputs, obtains the corresponding random string of the user identifier；

Acquisition module 602 acquires the biological information of the user, extracts feature from the biological information Code；

Encrypting module 603 carries out at encryption described document information using the random string and predetermined encryption algorithm Reason, obtains encrypted feature code；

Sending module 604 is sent to the encrypted feature code as the corresponding condition code to be certified of the user identifier Server, make the server according to the corresponding registration feature code of the user identifier of preservation to the condition code to be certified into Row certification；

The encrypting module 603 is specifically used for, for each of including four dimensional feature vectors in described document information, using institute Random string and preset irreversible encryption algorithm are stated, at least one element in four dimensional feature vector is carried out at encryption Reason.

The encrypting module 603 is specifically used for, and the random string is divided into five substrings, obtain the first substring, Second substring, third substring, the 4th substring, the 5th substring；Determine that with modulus value of first substring to the width of described image be cross Coordinate, the second substring are the central point of ordinate to the modulus value of the height of described image；Determine that third substring is to 360 modulus value Rotate angle；It determines using the first element in four dimensional feature vector and is as abscissa, with second element in four dimensional feature vector The first position point of ordinate；According to the coordinate of the central point and the rotation angle, determine the location point around described The coordinate of second position point that central point obtains after the rotation angle clockwise or counterclockwise；Determine the second position Second and the value of the abscissa of point and the first of the 4th substring and value, the ordinate of second position point and the 5th substring；It will Described first is determined as encrypted first element to the modulus value of the width with value, by described second and value to the height Modulus value is determined as encrypted second element.

The encrypting module 603 is specifically used for, determine the random string to 360 modulus value；By four dimensional feature to Fourth element in amount and the modulus value and value be determined as encrypted fourth element.

The sending module 604 is specifically used for, in Xiang Suoshu encrypted feature code add hash point, the hash point for institute State the identical vector of format of the feature vector in encrypted feature code；The encrypted feature code of hash point will be added to as the use Family identifies corresponding condition code to be certified and is sent to server.

The device of specific above-mentioned online registration shown in fig. 6 can be located in client.

In a typical configuration, calculating equipment includes one or more processors (CPU), input/output interface, net Network interface and memory.

Memory may include the non-volatile memory in computer-readable medium, random access memory (RAM) and/or The forms such as Nonvolatile memory, such as read-only memory (ROM) or flash memory (flash RAM).Memory is computer-readable medium Example.

Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology come realize information store.Information can be computer readable instructions, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase change memory (PRAM), static random access memory (SRAM), moves State random access memory (DRAM), other kinds of random access memory (RAM), read-only memory (ROM), electric erasable Programmable read only memory (EEPROM), flash memory or other memory techniques, read-only disc read only memory (CD-ROM) (CD-ROM), Digital versatile disc (DVD) or other optical storage, magnetic cassettes, tape magnetic disk storage or other magnetic storage devices Or any other non-transmission medium, can be used for storage can be accessed by a computing device information.As defined in this article, it calculates Machine readable medium does not include temporary computer readable media (transitory media), such as the data-signal and carrier wave of modulation.

It should also be noted that, the terms "include", "comprise" or its any other variant are intended to nonexcludability It include so that the process, method, commodity or the equipment that include a series of elements not only include those elements, but also to wrap Include other elements that are not explicitly listed, or further include for this process, method, commodity or equipment intrinsic want Element.In the absence of more restrictions, the element limited by sentence "including a ...", it is not excluded that including described want There is also other identical elements in the process, method of element, commodity or equipment.

It will be understood by those skilled in the art that embodiments herein can provide as method, system or computer program product. Therefore, complete hardware embodiment, complete software embodiment or embodiment combining software and hardware aspects can be used in the application Form.It is deposited moreover, the application can be used to can be used in the computer that one or more wherein includes computer usable program code The shape for the computer program product implemented on storage media (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) Formula.

The above description is only an example of the present application, is not intended to limit this application.For those skilled in the art For, various changes and changes are possible in this application.All any modifications made within the spirit and principles of the present application are equal Replacement, improvement etc., should be included within the scope of the claims of this application.

Claims

1. a kind of method of online registration, comprising:

Client obtains the corresponding random string of user identifier of user, and the random string and the user are marked Corresponding storage is known, for reusing when user authentication；

Using the random string and preset irreversible encryption algorithm, described document information is encrypted, is added Close condition code；

The encrypted feature code is sent to server as the corresponding registration feature code of the user identifier and protected by the client It deposits, to be used for user authentication.

2. the method for claim 1, wherein client obtains the corresponding random string of user identifier of user, tool Body includes:

The client generates the random number factor, and according to the user identifier, the corresponding key of the user identifier, the visitor It is corresponding random to generate the user identifier at least one of the facility information at family end itself and the random number factor Character string；Or

The client receives the corresponding random string of the user identifier that server generates and sends, wherein the clothes The random string that business device is sent is the server according to the user identifier, the corresponding key of the user identifier, described At least one of the facility information that client reports, and generate the random number factor generate；Or

The client is believed according to the equipment of the user identifier, the corresponding key of the user identifier, the client itself At least one of breath, and the random number factor made an appointment with server, generate the corresponding random words of the user identifier Symbol string.

3. the method for claim 1, wherein described document information includes the set of feature vector；Using the random words Symbol string and preset irreversible encryption algorithm, are encrypted described document information, specifically include:

For each feature vector for including in described document information, calculated using the random string and the irreversible encryption At least one element in this feature vector is encrypted in method.

4. method as claimed in claim 3, wherein the irreversible encryption algorithm includes modulo operation.

5. method as claimed in claim 4, wherein the biological information is the biological information of image format, institute Feature vector is stated including at least the first element and second element, wherein first element makes a living object detail characteristic information described The abscissa of present position in image；The second element make a living object detail characteristic information in described image present position it is vertical Coordinate；

Using the random string and the irreversible encryption algorithm, at least one element in this feature vector is carried out Encryption specifically includes:

The random string is divided into five substrings, obtains the first substring, the second substring, third substring, the 4th substring, Five substrings；

Determine using the first substring to be abscissa, the second substring to the mould of the height of described image to the modulus value of the width of described image Value is the central point of ordinate；

Determine that third substring is rotation angle to 360 modulus value；

It determines using the first element in this feature vector as abscissa, using second element in this feature vector as first of ordinate It sets a little；

According to the coordinate of the central point and the rotation angle, determination is clockwise around the central point by the first position point Or the coordinate of the second position point obtained after the rotation angle is rotated counterclockwise；

Determine the abscissa of the second position point and first and value of the 4th substring, the ordinate of second position point and Second and value of five substrings；

Described first and value are determined as encrypted first element to the modulus value of the width, by described second and value to described The modulus value of height is determined as encrypted second element.

6. method as claimed in claim 4, wherein the biological information is the biological information of image format, institute Feature vector is stated including at least fourth element, the fourth element is made a living object detail characteristic information position locating in described image It sets relative to the deflection angle for specifying object of reference in described image；

Determine the random string to 360 modulus value；

By in this feature vector fourth element and the modulus value and value be determined as encrypted fourth element.

7. the method for claim 1, wherein the encrypted feature code is by the identical feature vector structure of several formats At vector set；

The encrypted feature code is sent to server as the corresponding registration feature code of the user identifier and protected by the client It deposits, specifically includes:

The client adds hash point into the encrypted feature code, and the hash point is and the spy in the encrypted feature code Levy the identical vector of format of vector；

The encrypted feature code for being added to hash point is sent to server as the corresponding registration feature code of the user identifier to protect It deposits.

8. a kind of method of on-line authentication, comprising:

The user identifier that client is inputted according to user obtains the random string of storage corresponding with the user identifier in advance； And

The biological information for acquiring the user extracts condition code from the biological information；And using it is described with Machine character string and preset irreversible encryption algorithm, are encrypted described document information, obtain encrypted feature code；

The encrypted feature code is sent to server by the client, Authenticate the server to the condition code to be certified according to the corresponding registration feature code of the user identifier of preservation；

Wherein, the registration feature code is using the random string and the preset irreversible encryption algorithm, to from note What the condition code extracted in the biological information of the user of the volume user identifier was encrypted.

9. method according to claim 8, wherein described document information includes the set of feature vector；Using the random words Symbol string and preset irreversible encryption algorithm, are encrypted described document information, specifically include:

10. method as claimed in claim 9, wherein the irreversible encryption algorithm includes modulo operation.

11. method as claimed in claim 10, wherein the biological information is the biological information of image format, Described eigenvector includes at least the first element and second element, wherein first element makes a living object detail characteristic information in institute State the abscissa of present position in image；The second element is made a living object detail characteristic information present position in described image Ordinate；

Determine that third substring is rotation angle to 360 modulus value；

12. method as claimed in claim 10, wherein the biological information is the biological information of image format, Described eigenvector includes at least fourth element, and fourth element object detail characteristic information of making a living is locating in described image Position is relative to the deflection angle for specifying object of reference in described image；

Determine the random string to 360 modulus value；

13. method according to claim 8, wherein the encrypted feature code is by the identical feature vector of several formats The vector set of composition；

The encrypted feature code is sent to server by the client, It specifically includes:

Server is sent to using the encrypted feature code for being added to hash point as the corresponding condition code to be certified of the user identifier.

14. a kind of device of online registration, wherein include:

Module is obtained, obtains the corresponding random string of user identifier of user, and make the random string and the use The corresponding storage of family mark, for being reused when user authentication；

Encrypting module carries out at encryption described document information using the random string and preset irreversible encryption algorithm Reason, obtains encrypted feature code；

The encrypted feature code is sent to server as the corresponding registration feature code of the user identifier and protected by sending module It deposits, is used for user authentication.

15. method as claimed in claim 14, wherein the acquisition module is specifically used for, the generation random number factor, and according to At least one of the user identifier, the corresponding key of the user identifier, facility information of described device itself, Yi Jisuo The random number factor is stated, the corresponding random string of the user identifier is generated；Alternatively, receive server generate and send it is described The corresponding random string of user identifier, wherein the random string that the server is sent is the server according to At least one of the facility information that user identifier, the corresponding key of the user identifier, described device report, and generate What the random number factor generated；Alternatively, according to the user identifier, the user identifier corresponding key, described device itself At least one of facility information, and the random number factor made an appointment with server, it is corresponding to generate the user identifier Random string.

16. device as claimed in claim 14, wherein described document information includes the set of feature vector；The encrypting module It is specifically used for, for each feature vector for including in described document information, using the random string and described irreversible At least one element in this feature vector is encrypted in Encryption Algorithm.

17. device as claimed in claim 16, wherein the irreversible encryption algorithm includes modulo operation.

18. device as claimed in claim 17, wherein the biological information is the biological information of image format, Described eigenvector includes at least the first element and second element, wherein first element makes a living object detail characteristic information in institute State the abscissa of present position in image；The second element is made a living object detail characteristic information present position in described image Ordinate；

The encrypting module is specifically used for, and the random string is divided into five substrings, obtains the first substring, the second son String, third substring, the 4th substring, the 5th substring；It determines using the first substring to the modulus value of the width of described image as abscissa, the Two substrings are the central point of ordinate to the modulus value of the height of described image；Determine that third substring is rotation angle to 360 modulus value Degree；It determines using the first element in this feature vector as abscissa, using second element in this feature vector as first of ordinate It sets a little；According to the coordinate of the central point and the rotation angle, determine the first position point around the central point up time Needle or the coordinate for rotating the second position point obtained after the rotation angle counterclockwise；Determine the abscissa of the second position point First and value, second and value of the ordinate of second position point and the 5th substring with the 4th substring；By first He Value is determined as encrypted first element to the modulus value of the width, and described second and value are determined as the modulus value of the height Encrypted second element.

19. device as claimed in claim 17, wherein the biological information is the biological information of image format, Described eigenvector includes at least fourth element, and fourth element object detail characteristic information of making a living is locating in described image Position is relative to the deflection angle for specifying object of reference in described image；

The encrypting module is specifically used for, determine the random string to 360 modulus value；By the quaternary in this feature vector Plain and the modulus value and value is determined as encrypted fourth element.

20. device as claimed in claim 14, wherein the encrypted feature code is by the identical feature vector of several formats The vector set of composition；

The sending module is specifically used for, and hash point is added in Xiang Suoshu encrypted feature code, and the hash point is and the encryption The identical vector of the format of feature vector in condition code；The encrypted feature code of hash point will be added to as the user identifier Corresponding registration feature code is sent to server preservation.

21. a kind of device of on-line authentication, comprising:

Module is obtained, according to the user identifier that user inputs, obtains the random character of storage corresponding with the user identifier in advance String；

The encrypted feature code is sent to server by sending module, Authenticate the server to the condition code to be certified according to the corresponding registration feature code of the user identifier of preservation；

22. device as claimed in claim 21, wherein described document information includes the set of feature vector；The encrypting module Be specifically used for, for each feature vector for including in described document information, using the random string and it is described it is preset not At least one element in this feature vector is encrypted in irreversible cryptographic algorithm.

23. device as claimed in claim 22, wherein the irreversible encryption algorithm includes modulo operation.

24. device as claimed in claim 23, wherein the biological information is the biological information of image format, Described eigenvector includes at least the first element and second element, wherein first element makes a living object detail characteristic information in institute State the abscissa of present position in image；The second element is made a living object detail characteristic information present position in described image Ordinate；

25. device as claimed in claim 23, wherein the biological information is the biological information of image format, Described eigenvector includes at least fourth element, and fourth element object detail characteristic information of making a living is locating in described image Position is relative to the deflection angle for specifying object of reference in described image；The encrypting module is specifically used for, and determines the random words String is accorded with to 360 modulus value；By in this feature vector fourth element and the modulus value and value be determined as encrypted quaternary Element.

26. device as claimed in claim 21, wherein the encrypted feature code is by the identical feature vector of several formats The vector set of composition；

The sending module is specifically used for, and hash point is added in Xiang Suoshu encrypted feature code, and the hash point is and the encryption The identical vector of the format of feature vector in condition code；The encrypted feature code of hash point will be added to as the user identifier Corresponding condition code to be certified is sent to server.