CN110532927A - Fingerprint register method, fingerprint authentication method and device - Google Patents
Fingerprint register method, fingerprint authentication method and device Download PDFInfo
- Publication number
- CN110532927A CN110532927A CN201910783917.6A CN201910783917A CN110532927A CN 110532927 A CN110532927 A CN 110532927A CN 201910783917 A CN201910783917 A CN 201910783917A CN 110532927 A CN110532927 A CN 110532927A
- Authority
- CN
- China
- Prior art keywords
- fingerprint
- cryptographic hash
- key
- registered
- control unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
- G06Q20/40145—Biometric identity checks
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/12—Fingerprints or palmprints
- G06V40/1365—Matching; Classification
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/50—Maintenance of biometric data or enrolment thereof
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07C—TIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
- G07C9/00—Individual registration on entry or exit
- G07C9/00174—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys
- G07C9/00563—Electronically operated locks; Circuits therefor; Nonmechanical keys therefor, e.g. passive or active electrical keys or other data carriers without mechanical keys using personal physical data of the operator, e.g. finger prints, retinal images, voicepatterns
Landscapes
- Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Multimedia (AREA)
- Human Computer Interaction (AREA)
- Computer Security & Cryptography (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Finance (AREA)
- Collating Specific Patterns (AREA)
Abstract
This application involves a kind of fingerprint register method, fingerprint authentication method and devices.The fingerprint register method includes: to obtain fingerprint to be registered;Registered fingerprint template is generated according to fingerprint to be registered;Abstract operation is carried out to registered fingerprint template, obtains the first cryptographic Hash;Wherein, the first cryptographic Hash is used in fingerprint authentication, and verifying the fingerprint template for carrying out fingerprint authentication is registered fingerprint template;Store registered fingerprint template;First cryptographic Hash is sent to main control unit to store.Abstract operation can be carried out to registered fingerprint template using this method and obtain the first cryptographic Hash, first cryptographic Hash is stored in main control unit, when needing to carry out fingerprint authentication, in addition to comparing fingerprint, it also needs to verify and compares whether the fingerprint template of fingerprint is registered fingerprint template, it realizes double verification, avoids fingerprint template from being replaced, improve the safety of fingerprint authentication.
Description
Technical field
This application involves fingerprint identification technology field, more particularly to a kind of fingerprint register method, fingerprint authentication method and
Device.
Background technique
Currently, fingerprint recognition obtains all being applied widely in multiple fields, various ID authentication devices all pass through embedding
Enter fingerprint identification module to facilitate the authentication of user.Such as fingerprint clocking-in machine, fingerprint entrance guard system, fingerprint digital certificate
Deng.
Fingerprint identification equipment generally comprises main control unit, fingerprint unit, other function unit and is built in each unit
Firmware code.Finger print identifying is realized by the fingerprint typing of fingerprint unit, comparison function.The main group of this fingerprint unit
It include fingerprint algorithm chip, fingerprint sensor and peripheral circuit at part.Fingerprint sensor acquires the fingerprint of people, is supplied to finger
Line algorithm chip generates registered fingerprint template and stores.When carrying out finger print identifying, fingerprint sensor obtains the fingerprint of people,
Verifying fingerprint template is generated by fingerprint algorithm chip, is compared with the registered fingerprint template of preparatory typing, if unanimously, just recognized
Card passes through.
However, due to the typing of fingerprint, the generation of fingerprint template, storage and comparison completed in fingerprint unit,
The subsequent system for needing to obtain finger print identifying result only simply gets fingerprint comparison knot from the communication interface of fingerprint unit
Fruit judges whether the current personnel for carrying out finger print identifying have permission, such as the door-locking system of unlocked by fingerprint according to authentication result,
Unlocking motion can be executed if judging that the current personnel for carrying out finger print identifying have the permission unlocked according to authentication result;Also such as
Using the payment system of finger print identifying, if judging that the current personnel for carrying out finger print identifying have the permission of payment according to authentication result
Payment movement can then be executed.If fingerprint unit is replaced, the hardware or firmware of whole system perceive less than, will not be into
The corresponding alert process of row and safety precaution.This brings very big security risk to the application of fingerprint unit.If being used to replace
The fingerprint unit changed has other people fingerprint, then door lock can be unlocked by the fingerprint, payment devices can be paid by fingerprint.
Summary of the invention
Based on this, it is necessary in view of the above technical problems, provide a kind of fingerprint note that can be improved finger print identifying safety
Volume method, fingerprint authentication method and device.
A kind of fingerprint register method is applied to fingerprint authentication terminal, and fingerprint authentication terminal includes main control unit, method packet
It includes:
Obtain fingerprint to be registered;
Registered fingerprint template is generated according to fingerprint to be registered;
Abstract operation is carried out to registered fingerprint template, obtains the first cryptographic Hash;Wherein, the first cryptographic Hash is used in fingerprint inspection
When card, verifying the fingerprint template for carrying out fingerprint authentication is registered fingerprint template;
Store registered fingerprint template;
First cryptographic Hash is sent to main control unit to store.
A kind of fingerprint authentication method is applied to fingerprint authentication terminal, and fingerprint authentication terminal includes main control unit, method packet
It includes:
Obtain fingerprint to be identified;
Fingerprint to be identified is compared with the fingerprint template in fingerprint template database;
Pass through if being compared with any one fingerprint template in fingerprint template database, it is determined that fingerprint template is target fingerprint
Template;
Abstract operation is carried out to target fingerprint template and obtains the second cryptographic Hash;
Send the second cryptographic Hash to main control unit verify whether with any one pre-registered registered fingerprint template
One cryptographic Hash is consistent, if so, fingerprint authentication passes through.
A kind of fingerprint register device is applied to fingerprint authentication terminal, and fingerprint authentication terminal includes main control unit, device packet
It includes:
Fingerprint to be registered obtains module, for obtaining fingerprint to be registered;
Registered fingerprint template generation module, for generating registered fingerprint template according to fingerprint to be registered;
First cryptographic Hash computing module obtains the first cryptographic Hash for carrying out abstract operation to registered fingerprint template;Its
In, the first cryptographic Hash is used in fingerprint authentication, and verifying the fingerprint template for carrying out fingerprint authentication is registered fingerprint template;
Registered fingerprint template memory module, for storing registered fingerprint template;
First cryptographic Hash sending module, stores for the first cryptographic Hash to be sent to main control unit.
A kind of fingerprint verifying apparatus is applied to fingerprint authentication terminal, and fingerprint authentication terminal includes main control unit, device packet
It includes:
Fingerprint to be identified obtains module, for obtaining fingerprint to be identified;
Fingerprint comparison module, for fingerprint to be identified to be compared with the fingerprint template in fingerprint template database;
Target fingerprint determining module, for any one fingerprint template ratio in fingerprint to be identified and fingerprint template database
When to passing through, determine that fingerprint template is target fingerprint template;
Second cryptographic Hash computing module obtains the second cryptographic Hash for carrying out abstract operation to target fingerprint template;
Second cryptographic Hash sending module is verified whether with any one in advance for sending the second cryptographic Hash to main control unit
First cryptographic Hash of the registered fingerprint template of registration is consistent, if so, fingerprint authentication passes through.
Above-mentioned fingerprint register method, fingerprint authentication method and device carry out abstract operation to registered fingerprint template and obtain the
First cryptographic Hash is stored in main control unit by one cryptographic Hash, when needing to carry out fingerprint authentication, in addition to comparing fingerprint, is also needed
It verifies and compares whether the fingerprint template of fingerprint is registered fingerprint template, realize double verification, avoid fingerprint template from being replaced, mention
The safety of high fingerprint authentication.
Detailed description of the invention
Fig. 1 is the applied environment figure of fingerprint register method and fingerprint authentication method in one embodiment;
Fig. 2 is the timing diagram of fingerprint register method and fingerprint authentication method in one embodiment;
Fig. 3 is the timing diagram of fingerprint register method and fingerprint authentication method in another embodiment;
Fig. 4 is the flow diagram of fingerprint register method in one embodiment;
Fig. 5 is the flow diagram of fingerprint register method in another embodiment;
Fig. 6 is the flow diagram of fingerprint register method in another embodiment;
Fig. 7 is to obtain the flow diagram of session key in one embodiment;
Fig. 8 is to obtain the flow diagram of session key in another embodiment;
Fig. 9 is the flow diagram of fingerprint authentication method in one embodiment;
Figure 10 is the flow diagram of fingerprint authentication method in another embodiment;
Figure 11 is to obtain the flow diagram of communication key in one embodiment;
Figure 12 is to obtain the flow diagram of communication key in another embodiment;
Figure 13 is key assembling method schematic diagram in one embodiment;
Figure 14 is the structural block diagram of fingerprint register device in one embodiment;
Figure 15 is the structural block diagram of fingerprint verifying apparatus in one embodiment;
Figure 16 is the internal structure chart of computer equipment in one embodiment.
Specific embodiment
It is with reference to the accompanying drawings and embodiments, right in order to which the objects, technical solutions and advantages of the application are more clearly understood
The application is further elaborated.It should be appreciated that specific embodiment described herein is only used to explain the application, not
For limiting the application.
Unless otherwise defined, all technical and scientific terms used herein and belong to technical field of the invention
The normally understood meaning of technical staff is identical.Term as used herein in the specification of the present invention is intended merely to description tool
The purpose of the embodiment of body, it is not intended that in the limitation present invention.
Fingerprint register method provided by the present application and fingerprint authentication method, can be applied to application environment as shown in Figure 1
In.Wherein, fingerprint certification device includes fingerprint unit 101, main control unit 102 and other functional units, and fingerprint register method is logical
101 typing fingerprint of fingerprint unit is crossed to be registered, it is raw according to fingerprint to be registered after fingerprint unit 101 gets fingerprint to be registered
At registered fingerprint template, abstract operation is carried out to registered fingerprint template, obtains the first cryptographic Hash, registered fingerprint template is stored in
In fingerprint unit 101, the first cryptographic Hash is sent to main control unit 102 and is stored, in addition to fingerprint unit 101 carries out when verifying
Fingerprint comparison, it is also necessary to the which whether fingerprint template by the verifying of main control unit 102 for comparison is registered fingerprint template.Fingerprint inspection
Card method is verified by 101 typing fingerprint of fingerprint unit, will be to be identified after fingerprint unit 101 gets fingerprint to be identified
Fingerprint is compared with the fingerprint template in fingerprint template database, passes through if there is any one fingerprint template that can compare, i.e.,
It completes to compare, and determines that the fingerprint template for comparing and passing through is target fingerprint template, abstract operation is carried out to target fingerprint template
The second cryptographic Hash is obtained, the second cryptographic Hash is sent to main control unit 102 and is verified, main control unit is verified whether and be stored in
First cryptographic Hash of any one registered fingerprint template in 102 is consistent, if it exists the first of any one registered fingerprint template
Cryptographic Hash is consistent with the second cryptographic Hash, then fingerprint authentication passes through.Wherein, fingerprint certification device can be and need to refer under different scenes
The equipment of line certification, for example, it is gate inhibition's unlocker device, the mobile terminal for having finger print identifying function, PC, wearable portable
Equipment etc..In one embodiment, the timing diagram of fingerprint register method and fingerprint authentication method is as shown in Figure 2.Implement at one
In example, the timing diagram of fingerprint register method and fingerprint authentication method is as shown in Figure 3.In one embodiment, fingerprint unit includes
Fingerprint algorithm chip and peripheral circuit, fingerprint algorithm chip have security module, being capable of safe data storage.
In one embodiment, as shown in figure 4, providing a kind of fingerprint register method, it is applied in Fig. 1 in this way
It is illustrated for fingerprint unit 101, comprising the following steps:
Step 210, fingerprint to be registered is obtained.
Wherein, fingerprint to be registered is the fingerprint for needing to increase typing, the fingerprint can be used to be referred to after completing registration
Line certification identification.
Step 220, registered fingerprint template is generated according to fingerprint to be registered.
Registered fingerprint template when carrying out finger print identifying identification with fingerprint to be identified for being compared.
Step 230, abstract operation is carried out to registered fingerprint template, obtains the first cryptographic Hash;Wherein, the first cryptographic Hash is used for
In fingerprint authentication, verifying the fingerprint template for carrying out fingerprint authentication is registered fingerprint template.
Wherein, digest algorithm is also known as hash algorithm, it indicates the data of input random length, exports the number of regular length
According to identical input data obtains identical cryptographic Hash always, and different input datas obtains different cryptographic Hash as far as possible.One
In a embodiment, MD5 (Message-Digest Algorithm, Message Digest 5), SHA-1 (Secure can be used
Hash Algorithm 1, secure hash algorithm 1) or SHA-256 (Secure Hash Algorithm 256, secure hash calculation
Method 256) etc. digest algorithms carry out abstract operation.
By by the cryptographic Hash of the first cryptographic Hash of registered fingerprint template and the fingerprint template for being used to carry out fingerprint authentication into
Row compares, if unanimously, illustrating that the fingerprint template for carrying out fingerprint authentication is registered fingerprint template, not being replaced or usurp
Change.
Step 240, registered fingerprint template is stored.
Registered fingerprint template is stored in the fingerprint template database of fingerprint unit 101, finger print identifying identification is being carried out
When, corresponding registered fingerprint template is matched from fingerprint template database, if having the registered fingerprint template being consistent, finger to be identified
Line compares successfully, can further verify to registered fingerprint template.
Step 250, the first cryptographic Hash main control unit is sent to store.
Corresponding first cryptographic Hash of registered fingerprint template is stored in main control unit 102, if fingerprint unit 101 is replaced,
Main control unit 102 can not then be verified logical when being verified by the first cryptographic Hash to the fingerprint template for carrying out fingerprint authentication
It crosses, guarantees the safety of finger print identifying.
In above-mentioned fingerprint register method, abstract operation is carried out to registered fingerprint template and obtains the first cryptographic Hash, first is breathed out
Uncommon value is stored in main control unit, when needing to carry out fingerprint authentication, in addition to comparing fingerprint, it is also necessary to which verifying compares the finger of fingerprint
Whether line template is registered fingerprint template, realizes double verification, avoids fingerprint template from being replaced, improve the safety of fingerprint authentication
Property.
In one of the embodiments, as shown in figure 5, fingerprint register method further include:
Step 260, session key is obtained, session key is for encrypting the data for being sent to main control unit.
Session key can correspond to the key of symmetric encipherment algorithm or rivest, shamir, adelman, in some embodiments,
Main control unit is encrypted the data for being sent to fingerprint unit using session key, and fingerprint unit can also utilize session key
And respective encrypted algorithm is decrypted to obtain corresponding data.
In one embodiment, session key can be reacquired before each communication and be generated;In one embodiment, meeting
Words key can generate the time limit simultaneously when generating, and can be used the session key to carry out encryption and decryption within the time limit, after failure again
It reacquires and generates.
In one of the embodiments, as shown in fig. 6, the first cryptographic Hash is sent to the step of main control unit is stored
Include:
Step 251, the first cryptographic Hash is encrypted using session key.
The first cryptographic Hash is encrypted using session key, avoids being stolen or distorting in communication process, guarantee
The first cryptographic Hash when finger print identifying identifies for being verified is the first cryptographic Hash of registered fingerprint template.
Step 252, encrypted first cryptographic Hash is sent to main control unit.
Main control unit will be sent to using encrypted first cryptographic Hash of session key, main control unit, which has, is able to carry out solution
Close session key can be decrypted and obtain the first cryptographic Hash and store.In one embodiment, if using symmetric encipherment algorithm into
Row encryption, then main control unit and fingerprint unit session key having the same can in conjunction with corresponding symmetric encipherment algorithm
Communication data to each other is encrypted or decrypted.In one embodiment, if being encrypted using rivest, shamir, adelman
, main control unit and fingerprint unit are respectively provided with private key and public key in session key, hold a side of private key, can be to utilization
The information for using public key encryption is decrypted in private key and corresponding rivest, shamir, adelman.
In one of the embodiments, as shown in fig. 7, session key is the first session key, the step of session key is obtained
Suddenly include:
Step 261, the request of the first session key agreement is generated.
When needing to obtain key, the request of the first session key agreement is generated, the first session key agreement is requested for requesting
Main control unit carries out key agreement jointly, to obtain the first session key that can be used in encryption and decryption data.
Step 262, the first session key agreement is sent to request to main control unit.
The first session key agreement request of generation is sent to main control unit by fingerprint unit, and request main control unit carries out close
Key is negotiated.
Step 263, main control unit is obtained to negotiate instruction according to the first key of session key agreement request feedback and be used for
The random array of the first of assembled key.
It includes the assembled rule of key that first key, which negotiates instruction, enables fingerprint unit with main control unit using identical
The assembled rule of key carries out assembly, respectively carries out key assembly and obtains identical first session key.First random array
It is generated for main control unit, for assembled key.In one embodiment, it further includes that encryption uses that first key, which negotiates instruction,
Symmetric encipherment algorithm can according to need more scaling method.In one embodiment, symmetric encipherment algorithm, which can also be, presets
, main control unit and fingerprint unit only will use the algorithm and carry out encrypting and decrypting.
Step 264, the second random array for assembled key is generated, and is sent to main control unit.
Second random array is sent to main control unit, main control unit can be according to the assembled rule of key of agreement to first
Random array carries out assembled, the first session key of acquisition with the second random array.
Step 265, instruction is negotiated according to first key and key assembly is carried out to the first random array and the second random array,
Generate the first session key.
It is random with second to the first random array that fingerprint unit according to first key negotiates the assembled rule of the key in instruction
Array carries out assembled, the first session key of acquisition.
Those skilled in the art can according to need using different key assembly algorithms, in one embodiment, can be with
It is carried out using method as shown in fig. 13 that assembled.
In one of the embodiments, as shown in figure 8, session key is the second session key, the step of session key is obtained
Suddenly include:
Step 271, the request of the second session key agreement is generated.
When needing to obtain key, the request of the second session key agreement is generated, the second session key agreement is requested for requesting
Main control unit carries out key agreement, to obtain the second session key that can be used in encryption and decryption data.
Step 272, the second session key agreement is sent to request to main control unit.
The second session key agreement request of generation is sent to main control unit by fingerprint unit, and request main control unit carries out close
Key is negotiated.
Step 273, main control unit is obtained to be instructed according to the second key agreement of the second session key agreement request feedback.
The instruction of second key agreement is used to indicate fingerprint unit and generates the first public key for corresponding to the first Encryption Algorithm and the
One private key, and generate the random array of third for assembled key, wherein the first Encryption Algorithm is rivest, shamir, adelman.In
In one embodiment, the instruction of the second key agreement further includes the first Encryption Algorithm, can according to need more scaling method.In a reality
It applies in example, the first Encryption Algorithm can also be pre-set, and main control unit and fingerprint unit only will use the algorithm and added
Close decryption.
Step 274, the random array of third for assembled key is generated, and generates and corresponds to the first of the first Encryption Algorithm
Public key and the first private key.
Step 275, the random array of third and the first public key are sent to main control unit;Wherein, the random array of third is for supplying
Main control unit and the 4th random array carry out the second session key of assembled generation;Wherein, it is raw that unit is controlled based on the 4th random array
At;First public key is for encrypting the second session key for main control unit.
Main control unit by the random array of third and the 4th random array carry out it is assembled generate the second session key, and use the
The first public key that one Encryption Algorithm and fingerprint unit provide encrypts the second session key, so that close sending the second session
It is safer in the communication process of key, avoid the second session key from being stolen or distort.
Step 276, encrypted second session key of main control unit feedback is obtained.
Step 277, it is decrypted using the first private key and obtains the second session key.
Fingerprint unit combines the first Encryption Algorithm that can decrypt and obtains the second session key using the first private key.
In one embodiment, as shown in figure 9, providing a kind of fingerprint register method, it is applied in Fig. 1 in this way
It is illustrated for fingerprint unit 101, comprising the following steps:
Step 310, fingerprint to be identified is obtained.
Fingerprint to be identified is the fingerprint verified, is verified rear fingerprint certification device and will assign fingerprint and gathers around
The person of having executes permission, for example, will release gate inhibition, fingerprint owner after being verified if fingerprint certification device is entrance guard device
It can open the door;If fingerprint certification device is payment mechanism, fingerprint owner will currently be paid after being verified
Bill paid.
Step 320, fingerprint to be identified is compared with the fingerprint template in fingerprint template database.
The fingerprint template of several registrations is stored in fingerprint template database, for fingerprint to be identified to be compared.
Step 330, pass through if being compared with any one fingerprint template in fingerprint template database, it is determined that fingerprint template is
Target fingerprint template.
It is consistent if fingerprint to be identified is compared with any one fingerprint template in fingerprint template database, it is determined that the fingerprint mould
Plate is target fingerprint template, and fingerprint to be identified may be authenticated at this time, but also needed to verify target fingerprint template and do not replaced
It changes.
Step 340, abstract operation is carried out to target fingerprint template and obtains the second cryptographic Hash.
Wherein, digest algorithm is also known as hash algorithm, it indicates the data of input random length, exports the number of regular length
According to identical input data obtains identical cryptographic Hash always, and different input datas obtains different cryptographic Hash as far as possible.One
In a embodiment, MD5 (Message-Digest Algorithm, Message Digest 5), SHA-1 (Secure can be used
Hash Algorithm 1, secure hash algorithm 1) or SHA-256 (Secure Hash Algorithm 256, secure hash calculation
Method 256) etc. digest algorithms carry out abstract operation.
Compared by the cryptographic Hash for the registered fingerprint template for storing the second cryptographic Hash of fingerprint template with main control unit
Right, if it exists unanimously, then fingerprint template of the explanation for carrying out fingerprint authentication is registered fingerprint template, is not replaced or usurps
Change.
Step 350, the second cryptographic Hash to main control unit is sent to verify whether and any one pre-registered registered fingerprint
First cryptographic Hash of template is consistent, if so, fingerprint authentication passes through.
Due to being stored with the first cryptographic Hash of several registered fingerprint templates in main control unit, due to the spy of digest algorithm
Point illustrates target fingerprint template if the second cryptographic Hash of target fingerprint template is consistent with some first cryptographic Hash therein
As correspond to the registered fingerprint template of first cryptographic Hash, i.e. expression fingerprint template is not replaced, and fingerprint to be identified possesses
Person has lawful authority.
In one of the embodiments, as shown in figure 9, fingerprint authentication method further include:
Step 360, communication key is obtained, communication key is for encrypting the data for being sent to main control unit.
Communication key can be the key corresponding to symmetric encipherment algorithm or rivest, shamir, adelman, in some embodiments
In, main control unit is encrypted the data for being sent to fingerprint unit using communication key, and fingerprint unit can also utilize session
Key and respective encrypted algorithm are decrypted to obtain corresponding data.
In one embodiment, communication key can be reacquired before each communication and be generated;In one embodiment, lead to
Letter key can generate the time limit simultaneously when generating, and can be used the communication key to carry out encryption and decryption within the time limit, after failure again
It reacquires and generates.
In one of the embodiments, as shown in Figure 10, send second cryptographic Hash to main control unit verify whether with
The step that first cryptographic Hash of any one pre-registered registered fingerprint template is consistent includes:
Step 351, the second cryptographic Hash is encrypted using communication key.
The second cryptographic Hash is encrypted using communication key, avoids being stolen or distorting in communication process, guarantee
The second cryptographic Hash when finger print identifying identifies for being verified is the second cryptographic Hash of target fingerprint template.
Step 352, encrypted second cryptographic Hash is sent to the main control unit.
Main control unit will be sent to using encrypted second cryptographic Hash of communication key, main control unit, which has, is able to carry out solution
Close communication key can be decrypted and obtain the second cryptographic Hash and store.In one embodiment, if using symmetric encipherment algorithm into
Row encryption, then main control unit and fingerprint unit communication key having the same can in conjunction with corresponding symmetric encipherment algorithm
Communication data to each other is encrypted or decrypted.In one embodiment, if being encrypted using rivest, shamir, adelman
, main control unit and fingerprint unit are respectively provided with private key and public key in communication key, hold a side of private key, can be to utilization
The information for using public key encryption is decrypted in private key and corresponding rivest, shamir, adelman.
In one of the embodiments, as shown in figure 11, communication key is the first communication key, obtains the step of communication key
Suddenly include:
Step 361, it generates the first communication key and negotiates request.
When needing to obtain key, generates the first communication key and negotiate request, the first communication key negotiates request for requesting
Main control unit carries out key agreement jointly, to obtain the first communication key that can be used in encryption and decryption data.
Step 362, it sends the first communication key and negotiates request to main control unit.
First communication key of generation is negotiated request and is sent to main control unit by fingerprint unit, and request main control unit carries out close
Key is negotiated.
Step 363, obtain main control unit according to the first communication key negotiate request feedback third key agreement instruction and
The 5th random array for assembled key.
The instruction of third key agreement includes the assembled rule of key, enables fingerprint unit with main control unit using identical
The assembled rule of key carries out assembly, respectively carries out key assembly and obtains identical first communication key.5th random array
It is generated for main control unit, for assembled key.In one embodiment, the instruction of third key agreement further includes that encryption uses
Symmetric encipherment algorithm can according to need more scaling method.In one embodiment, symmetric encipherment algorithm, which can also be, presets
, main control unit and fingerprint unit only will use the algorithm and carry out encrypting and decrypting.
Step 364, the 6th random array for assembled key is generated, and is sent to main control unit.
6th random array is sent to main control unit, main control unit can be according to the assembled rule of key of agreement to the 5th
Random array carries out assembled, the first communication key of acquisition with the 6th random array.
Step 365, it is instructed according to third key agreement and key assembly is carried out to the 5th random array and the 6th random array,
Generate the first communication key.
Fingerprint unit is random with the 6th to the 5th random array according to the assembled rule of key in the instruction of third key agreement
Array carries out assembled, the first communication key of acquisition.
In one of the embodiments, as shown in figure 12, communication key is the second communication key, obtains the step of communication key
Suddenly include:
Step 371, it generates the second communication key and negotiates request.
When needing to obtain key, generates the second communication key and negotiate request, the second communication key negotiates request for requesting
Main control unit carries out key agreement, to obtain the second communication key that can be used in encryption and decryption data.
Step 372, it sends the second communication key and negotiates request to main control unit.
Second communication key of generation is negotiated request and is sent to main control unit by fingerprint unit, and request main control unit carries out close
Key is negotiated.
Step 373, main control unit is obtained to be instructed according to the 4th key agreement that the second communication key negotiates request feedback.
The instruction of 4th key agreement is used to indicate fingerprint unit and generates the second public key for corresponding to the second Encryption Algorithm and the
Two private keys, and generate the 7th random array for assembled key, wherein the second Encryption Algorithm is rivest, shamir, adelman.The
Two Encryption Algorithm and the first Encryption Algorithm can be identical rivest, shamir, adelman, or different asymmetric encryption
Algorithm.In one embodiment, the 4th key agreement instruction further includes the second Encryption Algorithm, can according to need more scaling method.
In one embodiment, the second Encryption Algorithm can also be pre-set, and main control unit and fingerprint unit only will use the calculation
Method carries out encrypting and decrypting.
Step 374, the 7th random array for assembled key is generated, and generates and corresponds to the second of the second Encryption Algorithm
Public key and the second private key.
Step 375, the 7th random array and the second public key are sent to main control unit;Wherein, the 7th random array is for supplying
Main control unit and the 8th random array carry out the second communication key of assembled generation;Wherein, it is raw that unit is controlled based on the 8th random array
At;Second public key is for encrypting the second communication key for main control unit.
Main control unit by the 7th random array and the 8th random array carry out it is assembled generate the second communication key, and use the
The second public key that two Encryption Algorithm and fingerprint unit provide encrypts the second communication key, so that communicating in transmission second close
It is safer in the communication process of key, avoid the second communication key from being stolen or distort.
Step 376, encrypted second communication key of main control unit feedback is obtained.
Step 377, it is decrypted using the second private key and obtains the second communication key.
Fingerprint unit combines the second Encryption Algorithm that can decrypt and obtains the second communication key using the second private key.
It should be understood that although each step in the flow chart of Fig. 4-Figure 13 is successively shown according to the instruction of arrow,
But these steps are not that the inevitable sequence according to arrow instruction successively executes.Unless expressly state otherwise herein, these
There is no stringent sequences to limit for the execution of step, these steps can execute in other order.Moreover, in Fig. 4-Figure 13
At least part step may include that perhaps these sub-steps of multiple stages or stage are not necessarily same to multiple sub-steps
One moment executed completion, but can execute at different times, and the execution in these sub-steps or stage sequence is also not necessarily
Be successively carry out, but can at least part of the sub-step or stage of other steps or other steps in turn or
Alternately execute.
In one of the embodiments, as shown in figure 14, a kind of fingerprint register device is provided, it is whole for finger print identifying
End, fingerprint authentication terminal include main control unit, and device includes: that fingerprint to be registered obtains module 410, registered fingerprint template generation mould
Block 420, the first cryptographic Hash computing module 430, registered fingerprint template memory module 440 and the first cryptographic Hash sending module 450,
In:
Fingerprint to be registered obtains module 410, for obtaining fingerprint to be registered;
Registered fingerprint template generation module 420, for generating registered fingerprint template according to fingerprint to be registered;
First cryptographic Hash computing module 430 obtains the first cryptographic Hash for carrying out abstract operation to registered fingerprint template;
Wherein, the first cryptographic Hash is used in fingerprint authentication, and verifying the fingerprint template for carrying out fingerprint authentication is registered fingerprint template;
Registered fingerprint template memory module 440, for storing registered fingerprint template;
First cryptographic Hash sending module 450, stores for the first cryptographic Hash to be sent to main control unit.
In one of the embodiments, as shown in figure 15, a kind of fingerprint verifying apparatus is provided, it is whole for finger print identifying
End, fingerprint authentication terminal includes main control unit, and device includes:
Fingerprint to be identified obtains module 510, for obtaining fingerprint to be identified;
Fingerprint comparison module 520, for fingerprint to be identified to be compared with the fingerprint template in fingerprint template database;
Target fingerprint determining module 530, for any one fingerprint mould in fingerprint to be identified and fingerprint template database
When plate comparison passes through, determine that fingerprint template is target fingerprint template;
Second cryptographic Hash computing module 540 obtains the second cryptographic Hash for carrying out abstract operation to target fingerprint template;
Second cryptographic Hash sending module 550, for send the second cryptographic Hash verified whether to main control unit and any one
First cryptographic Hash of pre-registered registered fingerprint template is consistent, if so, fingerprint authentication passes through.
Specific about fingerprint register device limits the restriction that may refer to above for fingerprint register method, about finger
The specific of line verifying device limits the restriction that may refer to above for fingerprint authentication method, repeats no more herein.It is above-mentioned
Modules in fingerprint register device and fingerprint verifying apparatus can come real fully or partially through software, hardware and combinations thereof
It is existing.Above-mentioned each module can be embedded in the form of hardware or independently of in the processor in computer equipment, can also be with software shape
Formula is stored in the memory in computer equipment, executes the corresponding operation of the above modules in order to which processor calls.
In one embodiment, a kind of computer equipment is provided, which can be terminal, internal structure
Figure can be as shown in figure 16.The computer equipment includes the processor connected by system bus, memory, network interface, shows
Display screen and input unit.Wherein, the processor of the computer equipment is for providing calculating and control ability.The computer equipment
Memory includes non-volatile memory medium, built-in storage.The non-volatile memory medium is stored with operating system and computer
Program.The built-in storage provides environment for the operation of operating system and computer program in non-volatile memory medium.The meter
The network interface for calculating machine equipment is used to communicate with external terminal by network connection.When the computer program is executed by processor
To realize a kind of fingerprint register method or fingerprint authentication method.The display screen of the computer equipment can be liquid crystal display or
Electric ink display screen, the input unit of the computer equipment can be the touch layer covered on display screen, be also possible to calculate
Key, trace ball or the Trackpad being arranged on machine equipment shell can also be external keyboard, Trackpad or mouse etc..
It will be understood by those skilled in the art that structure shown in Figure 16, only part relevant to application scheme
The block diagram of structure, does not constitute the restriction for the computer equipment being applied thereon to application scheme, and specific computer is set
Standby may include perhaps combining certain components or with different component layouts than more or fewer components as shown in the figure.
In one embodiment, a kind of computer equipment, including memory and processor are provided, is stored in memory
Computer program, the processor perform the steps of when executing computer program
Obtain fingerprint to be registered;
Registered fingerprint template is generated according to fingerprint to be registered;
Abstract operation is carried out to registered fingerprint template, obtains the first cryptographic Hash;Wherein, the first cryptographic Hash is used in fingerprint inspection
When card, verifying the fingerprint template for carrying out fingerprint authentication is registered fingerprint template;
Store registered fingerprint template;
First cryptographic Hash is sent to main control unit to store.
In one embodiment, a kind of computer equipment, including memory and processor are provided, is stored in memory
Computer program, the processor perform the steps of when executing computer program
Obtain fingerprint to be identified;
Fingerprint to be identified is compared with the fingerprint template in fingerprint template database;
Pass through if being compared with any one fingerprint template in fingerprint template database, it is determined that fingerprint template is target fingerprint
Template;
Abstract operation is carried out to target fingerprint template and obtains the second cryptographic Hash;
Send the second cryptographic Hash to main control unit verify whether with any one pre-registered registered fingerprint template
One cryptographic Hash is consistent, if so, fingerprint authentication passes through.
In one embodiment, a kind of computer readable storage medium is provided, computer program is stored thereon with, is calculated
Machine program performs the steps of when being executed by processor
Obtain fingerprint to be registered;
Registered fingerprint template is generated according to fingerprint to be registered;
Abstract operation is carried out to registered fingerprint template, obtains the first cryptographic Hash;Wherein, the first cryptographic Hash is used in fingerprint inspection
When card, verifying the fingerprint template for carrying out fingerprint authentication is registered fingerprint template;
Store registered fingerprint template;
First cryptographic Hash is sent to main control unit to store.
In one embodiment, a kind of computer readable storage medium is provided, computer program is stored thereon with, is calculated
Machine program performs the steps of when being executed by processor
Obtain fingerprint to be identified;
Fingerprint to be identified is compared with the fingerprint template in fingerprint template database;
Pass through if being compared with any one fingerprint template in fingerprint template database, it is determined that fingerprint template is target fingerprint
Template;
Abstract operation is carried out to target fingerprint template and obtains the second cryptographic Hash;
Send the second cryptographic Hash to main control unit verify whether with any one pre-registered registered fingerprint template
One cryptographic Hash is consistent, if so, fingerprint authentication passes through.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with
Relevant hardware is instructed to complete by computer program, the computer program can be stored in a non-volatile computer
In read/write memory medium, the computer program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein,
To any reference of memory, storage, database or other media used in each embodiment provided herein,
Including non-volatile and/or volatile memory.Nonvolatile memory may include read-only memory (ROM), programming ROM
(PROM), electrically programmable ROM (EPROM), electrically erasable ROM (EEPROM) or flash memory.Volatile memory may include
Random access memory (RAM) or external cache.By way of illustration and not limitation, RAM is available in many forms,
Such as static state RAM (SRAM), dynamic ram (DRAM), synchronous dram (SDRAM), double data rate sdram (DDRSDRAM), enhancing
Type SDRAM (ESDRAM), synchronization link (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM
(RDRAM), direct memory bus dynamic ram (DRDRAM) and memory bus dynamic ram (RDRAM) etc..
Each technical characteristic of above embodiments can be combined arbitrarily, for simplicity of description, not to above-described embodiment
In each technical characteristic it is all possible combination be all described, as long as however, the combination of these technical characteristics be not present lance
Shield all should be considered as described in this specification.
The several embodiments of the application above described embodiment only expresses, the description thereof is more specific and detailed, but simultaneously
It cannot therefore be construed as limiting the scope of the patent.It should be pointed out that coming for those of ordinary skill in the art
It says, without departing from the concept of this application, various modifications and improvements can be made, these belong to the protection of the application
Range.Therefore, the scope of protection shall be subject to the appended claims for the application patent.
Claims (10)
1. a kind of fingerprint register method is applied to fingerprint authentication terminal, the fingerprint authentication terminal includes main control unit, feature
It is, which comprises
Obtain fingerprint to be registered;
Registered fingerprint template is generated according to the fingerprint to be registered;
Abstract operation is carried out to the registered fingerprint template, obtains the first cryptographic Hash;Wherein, first cryptographic Hash is for referring to
When line is verified, verifying the fingerprint template for carrying out fingerprint authentication is the registered fingerprint template;
Store the registered fingerprint template;
First cryptographic Hash is sent to main control unit to store.
2. fingerprint register method according to claim 1, which is characterized in that the method also includes:
Session key is obtained, the session key is for encrypting the data for being sent to the main control unit.
3. fingerprint register method according to claim 2, which is characterized in that described that first cryptographic Hash is sent to master
Controlling the step of unit is stored includes:
First cryptographic Hash is encrypted using the session key;
Encrypted first cryptographic Hash is sent to the main control unit.
4. fingerprint register method according to claim 2 or 3, which is characterized in that the session key is that the first session is close
The step of key, the acquisition session key includes:
Generate the request of the first session key agreement;
First session key agreement is sent to request to the main control unit;
It obtains the main control unit and instruction is negotiated and for assembly according to the first key of session key agreement request feedback
The random array of the first of key;
The second random array for assembled key is generated, and is sent to the main control unit;
Negotiate instruction according to the first key and key assembly carried out to the described first random array and the second random array,
Generate first session key.
5. a kind of fingerprint authentication method is applied to fingerprint authentication terminal, the fingerprint authentication terminal includes main control unit, feature
It is, which comprises
Obtain fingerprint to be identified;
The fingerprint to be identified is compared with the fingerprint template in fingerprint template database;
Pass through if being compared with fingerprint template any one of in fingerprint template database, it is determined that the fingerprint template is target
Fingerprint template;
Abstract operation is carried out to the target fingerprint template and obtains the second cryptographic Hash;
Send second cryptographic Hash to main control unit verify whether with any one pre-registered registered fingerprint template
One cryptographic Hash is consistent, if so, fingerprint authentication passes through.
6. fingerprint authentication method according to claim 5, which is characterized in that the method also includes:
Communication key is obtained, the communication key is for encrypting the data for being sent to the main control unit.
7. fingerprint authentication method according to claim 6, which is characterized in that described to send second cryptographic Hash to master control
Unit verifies whether that the step consistent with the first cryptographic Hash of any one pre-registered registered fingerprint template includes:
Second cryptographic Hash is encrypted using the communication key;
Encrypted second cryptographic Hash is sent to the main control unit.
8. fingerprint authentication method according to claim 6 or 7, which is characterized in that the communication key is that the first communication is close
The step of key, the acquisition communication key includes:
It generates the first communication key and negotiates request;
It sends first communication key and negotiates request to the main control unit;
The main control unit is obtained to instruct and be used for according to the third key agreement that first communication key negotiates request feedback
5th random array of assembled key;
The 6th random array for assembled key is generated, and is sent to the main control unit;
Key assembly is carried out to the 5th random array and the 6th random array according to third key agreement instruction,
Generate the first communication key.
9. a kind of fingerprint register device is applied to fingerprint authentication terminal, the fingerprint authentication terminal includes main control unit, feature
It is, described device includes:
Fingerprint to be registered obtains module, for obtaining fingerprint to be registered;
Registered fingerprint template generation module, for generating registered fingerprint template according to the fingerprint to be registered;
First cryptographic Hash computing module obtains the first cryptographic Hash for carrying out abstract operation to the registered fingerprint template;Its
In, first cryptographic Hash is used in fingerprint authentication, and verifying the fingerprint template for carrying out fingerprint authentication is that the registration refers to
Line template;
Registered fingerprint template memory module, for storing the registered fingerprint template;
First cryptographic Hash sending module is stored for first cryptographic Hash to be sent to main control unit.
10. a kind of fingerprint verifying apparatus is applied to fingerprint authentication terminal, the fingerprint authentication terminal includes main control unit, special
Sign is that described device includes:
Fingerprint to be identified obtains module, for obtaining fingerprint to be identified;
Fingerprint comparison module, for the fingerprint to be identified to be compared with the fingerprint template in fingerprint template database;
Target fingerprint determining module, for any one of fingerprint mould in the fingerprint to be identified and fingerprint template database
When plate comparison passes through, determine that the fingerprint template is target fingerprint template;
Second cryptographic Hash computing module obtains the second cryptographic Hash for carrying out abstract operation to the target fingerprint template;
Second cryptographic Hash sending module is verified whether with any one in advance for sending second cryptographic Hash to main control unit
First cryptographic Hash of the registered fingerprint template of registration is consistent, if so, fingerprint authentication passes through;
Verification result obtains module, for obtaining the verification result of the main control unit feedback.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910783917.6A CN110532927A (en) | 2019-08-23 | 2019-08-23 | Fingerprint register method, fingerprint authentication method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910783917.6A CN110532927A (en) | 2019-08-23 | 2019-08-23 | Fingerprint register method, fingerprint authentication method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110532927A true CN110532927A (en) | 2019-12-03 |
Family
ID=68664074
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910783917.6A Pending CN110532927A (en) | 2019-08-23 | 2019-08-23 | Fingerprint register method, fingerprint authentication method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110532927A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113096284A (en) * | 2021-03-19 | 2021-07-09 | 福建新大陆通信科技股份有限公司 | CTID access control authorization information verification method |
| CN116629887A (en) * | 2023-07-20 | 2023-08-22 | 鼎铉商用密码测评技术(深圳)有限公司 | Registration method, authentication method, device and storage medium based on biological characteristics |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106056196A (en) * | 2016-05-31 | 2016-10-26 | 成都方程式电子有限公司 | Modular fingerprint U disk and communication method thereof |
| CN106470239A (en) * | 2015-08-21 | 2017-03-01 | 华为终端(东莞)有限公司 | A kind of target switching method and relevant device |
| CN108960039A (en) * | 2018-05-07 | 2018-12-07 | 西安电子科技大学 | A kind of irreversible fingerprint template encryption method based on symmetrical hash |
| CN109005028A (en) * | 2018-11-02 | 2018-12-14 | 美的集团股份有限公司 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
-
2019
- 2019-08-23 CN CN201910783917.6A patent/CN110532927A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106470239A (en) * | 2015-08-21 | 2017-03-01 | 华为终端(东莞)有限公司 | A kind of target switching method and relevant device |
| CN106056196A (en) * | 2016-05-31 | 2016-10-26 | 成都方程式电子有限公司 | Modular fingerprint U disk and communication method thereof |
| CN108960039A (en) * | 2018-05-07 | 2018-12-07 | 西安电子科技大学 | A kind of irreversible fingerprint template encryption method based on symmetrical hash |
| CN109005028A (en) * | 2018-11-02 | 2018-12-14 | 美的集团股份有限公司 | Cryptographic key negotiation method, Cloud Server, equipment, storage medium and system |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113096284A (en) * | 2021-03-19 | 2021-07-09 | 福建新大陆通信科技股份有限公司 | CTID access control authorization information verification method |
| CN116629887A (en) * | 2023-07-20 | 2023-08-22 | 鼎铉商用密码测评技术(深圳)有限公司 | Registration method, authentication method, device and storage medium based on biological characteristics |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111213171B (en) | Method and apparatus for secure offline payment | |
| US20180144114A1 (en) | Securing Blockchain Transactions Against Cyberattacks | |
| TWI684890B (en) | System and method for computing device with improved firmware service security using credential-derived encryption key | |
| JP4562464B2 (en) | Information processing device | |
| CN101291224B (en) | Method and system for processing data in communication system | |
| US9384338B2 (en) | Architectures for privacy protection of biometric templates | |
| US9218473B2 (en) | Creation and authentication of biometric information | |
| US20080072066A1 (en) | Method and apparatus for authenticating applications to secure services | |
| CN108494551A (en) | Processing method, system, computer equipment and storage medium based on collaboration key | |
| CN108471352B (en) | Processing method, system, computer equipment and storage medium based on distributed private key | |
| JP5710439B2 (en) | Template delivery type cancelable biometric authentication system and method | |
| CN102456111B (en) | Method and system for license control of Linux operating system | |
| JP2014526094A (en) | Authentication method and apparatus mounting apparatus using disposable password containing biometric image information | |
| JP4470373B2 (en) | Authentication processing apparatus and security processing method | |
| US20070226514A1 (en) | Secure biometric processing system and method of use | |
| US11569991B1 (en) | Biometric authenticated biometric enrollment | |
| CN111401901B (en) | Authentication method and device of biological payment device, computer device and storage medium | |
| US20220029801A1 (en) | Master key escrow process | |
| CN110401538A (en) | Data ciphering method, system and terminal | |
| US20100031045A1 (en) | Methods and system and computer medium for loading a set of keys | |
| CN110532927A (en) | Fingerprint register method, fingerprint authentication method and device | |
| CN106953731A (en) | The authentication method and system of a kind of terminal management person | |
| CN110740036A (en) | Anti-attack data confidentiality method based on cloud computing | |
| CN107994998A (en) | A kind of authentication information encryption method and system | |
| KR20150010542A (en) | Creation and authentication of biometric information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191203 |
|
| RJ01 | Rejection of invention patent application after publication |