CN111382713B - Biometric identification method, biometric identification system, electronic device, and storage medium - Google Patents

Biometric identification method, biometric identification system, electronic device, and storage medium Download PDF

Info

Publication number
CN111382713B
CN111382713B CN202010171771.2A CN202010171771A CN111382713B CN 111382713 B CN111382713 B CN 111382713B CN 202010171771 A CN202010171771 A CN 202010171771A CN 111382713 B CN111382713 B CN 111382713B
Authority
CN
China
Prior art keywords
data
biometric
identification
local application
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010171771.2A
Other languages
Chinese (zh)
Other versions
CN111382713A (en
Inventor
马致远
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Spreadtrum Communications Shanghai Co Ltd
Original Assignee
Spreadtrum Communications Shanghai Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Spreadtrum Communications Shanghai Co Ltd filed Critical Spreadtrum Communications Shanghai Co Ltd
Priority to CN202010171771.2A priority Critical patent/CN111382713B/en
Publication of CN111382713A publication Critical patent/CN111382713A/en
Application granted granted Critical
Publication of CN111382713B publication Critical patent/CN111382713B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Multimedia (AREA)
  • Human Computer Interaction (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a biometric identification method, a biometric identification system, electronic equipment and a storage medium. Wherein the biometric method is applied to a terminal and includes: the local application initiates a request for biometric identification; collecting and processing biological characteristic data in a trusted execution environment according to the request to obtain encrypted data; sending the encrypted data to the native application; the local application decrypts the encrypted data to obtain the requested biometric identification. The invention guarantees the safety performance of the terminal equipment adopting the biological identification technology, gets rid of the dependence on the cloud server, reduces the deployment cost, and particularly realizes the function of local application without leaving the support of the cloud server.

Description

Biometric identification method, biometric identification system, electronic device, and storage medium
Technical Field
The present invention relates to the field of biometric identification technologies, and in particular, to a biometric identification method, system, electronic device, and storage medium.
Background
Biometric technology is widely used with the continuous development of computer technology, wherein biometric technology is technology that uses the inherent physiological characteristics (such as fingerprint, facial image, iris, etc.) and behavior characteristics (such as handwriting, voice, gait, etc.) of human body to perform user identity verification by means of computer combined with optical, acoustic, biosensor, biometric principle, etc.
Currently, biometric technology is widely applied to terminal devices, and specifically, a local application installed on a terminal device can verify the identity of a user based on the biometric technology, so that the secure execution of application operations such as login and payment can be guaranteed. However, data transmitted to the local application in the biometric identification process is plaintext data, and due to lack of protection, the data leakage and data tampering risks exist, so that potential safety hazards exist when the biometric identification technology is applied to a terminal device.
In order to avoid the potential safety hazard, the biometric data is encrypted and then sent to the cloud server for decryption and verification, and although the data in the biometric process can be prevented from being leaked or tampered, the cloud server needs to be deployed in advance, so that the implementation complexity is high and the cost is high.
Disclosure of Invention
The invention aims to overcome the defect that a cloud server is relied on to avoid potential safety hazards in a biological identification process in the prior art, and provides a biological identification method, a biological identification system, electronic equipment and a storage medium.
The invention solves the technical problems through the following technical scheme:
a biometric method applied to a terminal and comprising:
the local application initiates a request for biometric identification;
collecting biometric data in a trusted execution Environment (trusted execution Environment) according to the request;
processing the biometric data in the trusted execution environment to obtain encrypted data;
sending the encrypted data to the native application;
the local application decrypts the encrypted data to obtain the requested biometric identification.
Preferably, the step of processing the biometric data in the trusted execution environment to obtain encrypted data comprises:
encrypting the biometric data in the trusted execution environment to obtain encrypted feature data;
the step of the native application decrypting the encrypted data to obtain the requested biometric identification comprises:
the local application decrypting the encrypted feature data to obtain decrypted feature data;
the local application identifies the decrypted characteristic data to obtain the identification result;
or the like, or, alternatively,
the step of processing the biometric data in the trusted execution environment to obtain encrypted data comprises:
identifying the biometric data in the trusted execution environment to obtain intermediate identification data;
encrypting the intermediate identification data in the trusted execution environment to obtain encrypted identification data;
the step of the native application decrypting the encrypted data to obtain the requested biometric identification comprises:
the local application decrypts the encrypted identification data to obtain the identification result.
Preferably, the step of processing the biometric data in the trusted execution environment to obtain encrypted data comprises:
encrypting with a local private key in the trusted execution environment;
the step of the local application decrypting the encrypted data to obtain the requested biometric identification comprises:
and the local application carries out decryption by using the public key matched with the local private key.
Preferably, before the step of sending the encrypted data to the local application, the method further includes:
a data transmission interface is added;
the step of sending the encrypted data to the native application comprises:
sending the encrypted data to the local application through the data transmission interface;
and/or the presence of a gas in the atmosphere,
further comprising, after the step of the local application decrypting the encrypted data to obtain the requested biometric identification result:
and the local application sends prompt information according to the identification result, wherein the prompt information is used for indicating whether the requested biological identification is successful or not.
A biometric system applied to a terminal and comprising:
the initiating module is used for initiating a request for carrying out biological identification by local application;
the acquisition module is used for acquiring the biological characteristic data in the trusted execution environment according to the request;
an encryption module to process the biometric data in the trusted execution environment to obtain encrypted data;
a first sending module, configured to send the encrypted data to the local application;
a decryption module for decrypting the encrypted data by the local application to obtain the identification result of the requested biometric identification.
Preferably, the encryption module comprises:
a first encryption unit, configured to encrypt the biometric data in the trusted execution environment to obtain encrypted feature data;
the decryption module includes:
a first decryption unit for decrypting the encrypted feature data by the local application to obtain decrypted feature data;
a first identification unit, configured to identify, by the local application, the decrypted feature data to obtain the identification result;
or the like, or, alternatively,
the encryption module includes:
a second identification unit for identifying the biometric data in the trusted execution environment to obtain intermediate identification data;
a second encryption unit, configured to encrypt the intermediate identification data in the trusted execution environment to obtain encrypted identification data;
the decryption module includes:
a second decryption unit, configured to decrypt, by the local application, the encrypted identification data to obtain the identification result.
Preferably, the encryption module is specifically configured to encrypt in the trusted execution environment using a local private key;
the decryption module is specifically configured to decrypt, by the local application, using the public key that matches the local private key.
Preferably, the biometric system further comprises:
the add module is used for adding a data transmission interface;
the first sending module is specifically configured to send the encrypted data to the local application through the data transmission interface;
and/or the presence of a gas in the atmosphere,
the biometric identification system further comprises:
and the second sending module is used for sending prompt information by the local application according to the identification result, wherein the prompt information is used for indicating whether the requested biological identification is successful or not.
An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing any of the above biometric methods when executing the computer program.
A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of any of the above-mentioned biometric methods.
The positive progress effects of the invention are as follows: the invention provides an easily-realized and safety-enhanced biological identification scheme, and particularly relates to a biological identification scheme which is used for acquiring and processing biological characteristic data in a trusted execution environment to obtain encrypted data, then sending the obtained encrypted data to a local application, and finally directly decrypting the received encrypted data by the local application.
Drawings
Fig. 1 is a flowchart of a biometric method according to embodiment 1 of the present invention.
Fig. 2 is a flowchart showing a biometric authentication method according to embodiment 1 of the present invention.
Fig. 3 is another detailed flowchart of the biometric authentication method according to embodiment 1 of the present invention.
Fig. 4 is a block diagram of a biometric system according to embodiment 2 of the present invention.
Fig. 5 is a schematic block diagram of another biometric system according to embodiment 2 of the present invention.
Fig. 6 is a schematic structural diagram of an electronic device according to embodiment 3 of the present invention.
Detailed Description
The invention is further illustrated by the following examples, which are not intended to limit the scope of the invention.
Example 1
The present embodiment provides a biometric method applied to a terminal, and referring to fig. 1, the biometric method of the present embodiment includes:
s101, the local application initiates a request for biological identification.
In this embodiment, the local application is a biometric-enabled application, which can verify the identity of the user based on biometric technology, thereby ensuring the secure execution of application operations such as login and payment. In particular, the local application may communicate a request for biometric initiation by the local application through a biometric interface.
And S102, collecting biological characteristic data in the trusted execution environment according to the request.
Specifically, the biometric data acquired in the present embodiment is determined by biometric technology supported by the local application. For example, where the local application supports fingerprint recognition, the biometric data collected may be fingerprint data; when the local application supports iris recognition, the acquired biological recognition data can be iris data; when the local application supports face recognition, the collected biometric data may be face data.
And S103, processing the biological characteristic data in the trusted execution environment to obtain encrypted data.
Referring to fig. 2, step S103 in this embodiment may include:
and S1031, encrypting the biological feature data in the trusted execution environment to obtain encrypted feature data.
Specifically, the collected biometric data can be encrypted by using a local private key in the trusted execution environment, and further, for a terminal using an android system, a google key is loaded, so that the terminal suitable for the embodiment can preferably use the terminal using the android system, so that the private key in the google key can be used for encrypting the intermediate identification data, and a station is not required to be added on a terminal production line to preset the key, wherein the private key can only be used in the trusted execution environment and cannot be leaked, and an external environment cannot be accessed.
Referring to fig. 3, step S103 in this embodiment may alternatively include:
s1032, identifying the biological characteristic data in the trusted execution environment to obtain intermediate identification data;
s1033, the intermediate identification data is encrypted in the trusted execution environment to obtain encrypted identification data.
The intermediate identification data can be used for representing identification success and identification failure. Specifically, the local private key may be used in the trusted execution environment to encrypt the intermediate identification data, and further, for a terminal using an android system, a google key is loaded therein, so that the terminal suitable for this embodiment may preferably use the terminal using the android system, so that the private key in the google key may be used to encrypt the intermediate identification data, and it is not necessary to add a station to preset a key on a terminal production line, where the private key may only be used in the trusted execution environment, and cannot be leaked, and an external environment cannot be accessed.
And S104, sending the encrypted data to the local application.
In this embodiment, the encrypted data may be sent directly to the local application through the local biometric interface. In this embodiment, a data transmission interface for transmitting the encrypted data to the local application may be additionally provided without affecting the application of the biometric interface, for example, the encrypted data may be transmitted to the local application a through the data transmission interface, and the unencrypted biometric data may be transmitted to the local application B through the biometric interface.
S105, the local application decrypts the encrypted data to obtain the identification result of the requested biological identification.
Referring to fig. 2, in this embodiment, when the encrypted data received by the local application is encrypted feature data, step S105 may include:
s1051, decrypting the encrypted characteristic data by local application to obtain decrypted characteristic data;
s1052, the local application identifies and decrypts the characteristic data to obtain an identification result.
In particular, the local application may employ a public key that matches a local private key used to encrypt the biometric data to decrypt the received encrypted feature data. Further, to the terminal that adopts the android system, local application can adopt the public key in the google secret key that the terminal carried to decrypt the encryption characteristic data that is received to, local application can realize biological identification under the environment that does not rely on the high in the clouds server even need not the networking. In addition, for a terminal adopting the android system, the local application can also acquire the public key in the google secret key carried by the terminal on a corresponding website through networking, so that the local application still can realize biological identification without depending on a cloud server.
Referring to fig. 3, in the present embodiment, when the encrypted data received by the native application is encrypted identification data, step S105 may include:
s1053, the local application decrypts the encrypted identification data to obtain the identification result.
In particular, the local application may decrypt the received encrypted identification data using a public key that matches a local private key used to encrypt the intermediate identification data. Further, to the terminal that adopts the android system, local application can adopt the public key in the google secret key that the terminal carried to decrypt the encryption identification data that receives to, local application can realize biological identification under the environment that does not rely on the high in the clouds server even need not the networking. In addition, for a terminal adopting an android system, the local application can also obtain a public key in a google secret key carried by the terminal on a corresponding website through networking, so that the local application still can realize biological identification without depending on a cloud server.
And S106, sending prompt information by the local application according to the identification result.
In this embodiment, the identification result of the biometric identification may include identification success and identification failure, and the prompt information sent by the local application according to the identification result may be used to indicate whether the requested biometric identification is successful. For example, the local application may characterize the recognition result by means of page skipping, and in particular, may characterize the recognition result by the presentation content of the skipped page. For another example, the local application may send the prompt message to the terminal, and the terminal may send a prompt tone or turn on an indicator light according to the received prompt message to indicate whether the biometric identification is successful.
The embodiment collects and processes the biological characteristic data in the trusted execution environment to obtain the encrypted data, then sends the obtained encrypted data to the local application, and finally decrypts the received encrypted data directly by the local application. Specifically, the function of the local application is realized without the support of the cloud server, but in the aspect of biometric identification, the embodiment provides an easy-to-implement security-enhanced biometric identification scheme based on the local application itself instead of following the conventional perspective of seeking a solution from the cloud server, and overcomes the dependence of the local application on the cloud server.
Example 2
The present embodiment provides a biometric system applied to a terminal, and referring to fig. 4 and 5, the biometric system of the present embodiment includes:
the initiating module 1 is used for initiating a request for carrying out biological identification by local application.
In this embodiment, the local application is a biometric-enabled application, which can verify the identity of the user based on biometric technology, thereby ensuring the secure execution of application operations such as login and payment. In particular, the local application may communicate a request for biometric identification initiated by the local application through the biometric interface.
And the acquisition module 2 is used for acquiring the biological characteristic data in the trusted execution environment according to the request.
Specifically, the biometric data acquired in the present embodiment is determined by biometric technology supported by the local application. For example, where the local application supports fingerprint recognition, the biometric data collected may be fingerprint data; when the local application supports iris recognition, the collected biometric data may be iris data; when the local application supports face recognition, the collected biometric data may be face data.
And the encryption module 3 is used for processing the biological characteristic data in the trusted execution environment to obtain encrypted data.
Referring to fig. 4, the encryption module 3 in this embodiment may include:
a first encryption unit 31, configured to encrypt the biometric data in the trusted execution environment to obtain encrypted feature data.
Specifically, the first encryption unit 31 may encrypt the collected biometric data by using a local private key in the trusted execution environment, and further, for a terminal using the android system, a google key is loaded therein, so that the terminal suitable for this embodiment may preferably use the terminal using the android system, so that the private key in the google key may be used to encrypt the intermediate identification data, and it is not necessary to add a workstation to a terminal production line to preset a key, where the private key may only be used in the trusted execution environment, and cannot be leaked, and an external environment cannot be accessed.
Referring to fig. 5, the encryption module 3 in this embodiment may alternatively include:
a second recognition unit 32 for recognizing the biometric data in the trusted execution environment to obtain intermediate recognition data;
a second encryption unit 33 for encrypting the intermediate identification data in the trusted execution environment to obtain encrypted identification data.
The intermediate identification data can be used for representing identification success and identification failure. Specifically, the second encryption unit 33 may encrypt the intermediate identification data by using a local private key in the trusted execution environment, and further, for a terminal using an android system, a google key is loaded therein, so that the terminal suitable for this embodiment may preferably use the terminal using the android system, so that the intermediate identification data may be encrypted by using the private key in the google key, and it is not necessary to add a station to preset a key on a terminal production line, where the private key may be used only in the trusted execution environment, and cannot be leaked, and an external environment cannot be accessed.
A first sending module 4, configured to send the encrypted data to the local application.
In this embodiment, the first sending module 4 may send the encrypted data to the local application directly through the local biometric interface. In this embodiment, an additional module for adding a data transmission interface may also be included, and the first sending module 4 may be specifically configured to send the encrypted data to the local application through the additional data transmission interface without affecting the application of the biometric interface, for example, send the encrypted data to the local application a through the data transmission interface, and send the unencrypted biometric data to the local application B through the biometric interface.
And a decryption module 5, configured to decrypt the encrypted data by the local application to obtain the identification result of the requested biometric identification.
Referring to fig. 4, in this embodiment, when the encrypted data received by the local application is encrypted feature data, the decryption module 5 may include:
a first decryption unit 51 for decrypting the encrypted feature data by the local application to obtain decrypted feature data;
a first identification unit 52 for locally applying the identification decryption characteristic data to obtain an identification result.
In particular, the first decryption unit 51 may be specifically configured to locally apply a public key that may match a local private key used for encrypting the biometric data to decrypt the received encrypted feature data. Further, to the terminal that adopts the android system, local application can adopt the public key in the google secret key that the terminal carried to decrypt the encryption characteristic data that is received to, local application can realize biological identification under the environment that does not rely on the high in the clouds server even need not the networking. In addition, for a terminal adopting the android system, the local application can also acquire the public key in the google secret key carried by the terminal on a corresponding website through networking, so that the local application still can realize biological identification without depending on a cloud server.
Referring to fig. 5, in this embodiment, when the encrypted data received by the local application is encrypted identification data, the decryption module 5 may include:
a second decryption unit 53 for decrypting the encrypted identification data by the local application to obtain the identification result.
In particular, the second decryption unit 53 may be specifically configured for the local application to decrypt the received encrypted identification data using a public key matching a local private key used for encrypting the intermediate identification data. Further, to the terminal that adopts the android system, local application can adopt the public key in the google secret key that the terminal carried to decrypt the encryption identification data that receives to, local application can realize biological identification under the environment that does not rely on the high in the clouds server even need not the networking. In addition, for a terminal adopting the android system, the local application can also acquire the public key in the google secret key carried by the terminal on a corresponding website through networking, so that the local application still can realize biological identification without depending on a cloud server.
And the second sending module 6 is used for sending the prompt information according to the identification result by the local application.
In this embodiment, the identification result of the biometric identification may include identification success and identification failure, and the prompt information sent by the local application according to the identification result may be used to indicate whether the requested biometric identification is successful. For example, the local application may characterize the recognition result by means of page skipping, and in particular, may characterize the recognition result by the presentation content of the skipped page. For another example, the local application may utilize the second sending module 6 to send the prompt message to the terminal, and the terminal may send a prompt tone or turn on an indicator light according to the received prompt message to indicate whether the biometric identification is successful.
The embodiment collects and processes the biological characteristic data in the trusted execution environment to obtain the encrypted data, then sends the obtained encrypted data to the local application, and finally decrypts the received encrypted data directly by the local application, so that the dependence on a cloud server is eliminated while the safety performance of the terminal equipment adopting the biological identification technology is ensured, and the deployment cost is reduced. Specifically, the function of the local application is realized without the support of the cloud server, but in the aspect of biometric identification, the embodiment provides an easy-to-implement security-enhanced biometric identification scheme based on the local application itself instead of following the conventional perspective of seeking a solution from the cloud server, and overcomes the dependence of the local application on the cloud server.
Example 3
The present embodiment provides an electronic device, which may be represented by a computing device (for example, may be a server device), including a memory, a processor, and a computer program stored in the memory and running on the processor, where the processor executes the computer program to implement the biometric identification method provided in embodiment 1.
Fig. 6 shows a schematic diagram of a hardware structure of the present embodiment, and as shown in fig. 6, the electronic device 9 specifically includes:
at least one processor 91, at least one memory 92, and a bus 93 for connecting the various system components (including the processor 91 and the memory 92), wherein:
the bus 93 includes a data bus, an address bus, and a control bus.
Memory 92 includes volatile memory, such as Random Access Memory (RAM) 921 and/or cache memory 922, and can further include Read Only Memory (ROM) 923.
Memory 92 also includes programs/utilities 925 having a set (at least one) of program modules 924, such program modules 924 including but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which or some combination thereof may comprise an implementation of a network environment.
The processor 91 executes various functional applications and data processing, such as the biometric method provided in embodiment 1 of the present invention, by executing the computer program stored in the memory 92.
The electronic device 9 may further communicate with one or more external devices 94 (e.g., a keyboard, a pointing device, etc.). Such communication may be through an input/output (I/O) interface 95. Also, the electronic device 9 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet) via the network adapter 96. The network adapter 96 communicates with the other modules of the electronic device 9 via the bus 93. It should be understood that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 9, including but not limited to: microcode, device drivers, redundant processors, external disk drive arrays, RAID (disk array) systems, tape drives, and data backup storage systems, etc.
It should be noted that although in the above detailed description several units/modules or sub-units/modules of the electronic device are mentioned, such a division is merely exemplary and not mandatory. Indeed, the features and functions of two or more units/modules described above may be embodied in one unit/module according to embodiments of the application. Conversely, the features and functions of one unit/module described above may be further divided into embodiments by a plurality of units/modules.
Example 4
The present embodiment provides a computer-readable storage medium on which a computer program is stored, which when executed by a processor implements the steps of the biometric method provided in embodiment 1.
More specific examples, among others, that the readable storage medium may employ may include, but are not limited to: a portable disk, a hard disk, random access memory, read only memory, erasable programmable read only memory, optical storage device, magnetic storage device, or any suitable combination of the foregoing.
In a possible implementation, the invention can also be implemented in the form of a program product comprising program code means for causing a terminal device to carry out the steps of implementing the biometric method described in example 1, when said program product is run on said terminal device.
Where program code for carrying out the invention is written in any combination of one or more programming languages, the program code may be executed entirely on the user device, partly on the user device, as a stand-alone software package, partly on the user device and partly on a remote device or entirely on the remote device.
While specific embodiments of the invention have been described above, it will be understood by those skilled in the art that this is by way of example only, and that the scope of the invention is defined by the appended claims. Various changes or modifications to these embodiments may be made by those skilled in the art without departing from the principle and spirit of this invention, and these changes and modifications are within the scope of this invention.

Claims (10)

1. A biometrics authentication method, characterized in that the biometrics authentication method is applied to a terminal and includes:
the local application initiates a request for biometric identification;
collecting biometric data in a trusted execution environment according to the request;
processing the biometric data in the trusted execution environment to obtain encrypted data;
sending the encrypted data to the native application;
the local application decrypts the encrypted data to obtain the requested biometric identification.
2. The biometric method of claim 1, wherein the step of processing the biometric data in the trusted execution environment to obtain encrypted data comprises:
encrypting the biometric data in the trusted execution environment to obtain encrypted feature data;
the step of the local application decrypting the encrypted data to obtain the requested biometric identification comprises:
the local application decrypting the encrypted feature data to obtain decrypted feature data;
the local application identifies the decrypted characteristic data to obtain the identification result;
or the like, or, alternatively,
the step of processing the biometric data in the trusted execution environment to obtain encrypted data comprises:
identifying the biometric data in the trusted execution environment to obtain intermediate identification data;
encrypting the intermediate identification data in the trusted execution environment to obtain encrypted identification data;
the step of the native application decrypting the encrypted data to obtain the requested biometric identification comprises:
the local application decrypts the encrypted identification data to obtain the identification result.
3. The biometric method of claim 1, wherein the step of processing the biometric data in the trusted execution environment to obtain encrypted data comprises:
encrypting with a local private key in the trusted execution environment;
the step of the local application decrypting the encrypted data to obtain the requested biometric identification comprises:
and the local application carries out decryption by using the public key matched with the local private key.
4. The biometric method of claim 1, further comprising, prior to the step of sending the encrypted data to the native application:
a data transmission interface is added;
the step of sending the encrypted data to the native application comprises:
sending the encrypted data to the local application through the data transmission interface;
and/or the presence of a gas in the atmosphere,
further comprising, after the step of the local application decrypting the encrypted data to obtain the requested biometric identification:
and the local application sends prompt information according to the identification result, wherein the prompt information is used for indicating whether the requested biological identification is successful or not.
5. A biometrics identification system, characterized in that it is applied to a terminal and comprises:
the initiating module is used for initiating a request for carrying out biological identification by local application;
the acquisition module is used for acquiring the biological characteristic data in the trusted execution environment according to the request;
an encryption module to process the biometric data in the trusted execution environment to obtain encrypted data;
a first sending module, configured to send the encrypted data to the local application;
a decryption module for decrypting the encrypted data by the local application to obtain the identification result of the requested biometric identification.
6. The biometric system of claim 5, wherein the encryption module comprises:
a first encryption unit, configured to encrypt the biometric data in the trusted execution environment to obtain encrypted feature data;
the decryption module includes:
a first decryption unit, configured to decrypt, by the local application, the encrypted feature data to obtain decrypted feature data;
a first identification unit, configured to identify, by the local application, the decrypted feature data to obtain the identification result;
or the like, or a combination thereof,
the encryption module includes:
a second identification unit for identifying the biometric data in the trusted execution environment to obtain intermediate identification data;
a second encryption unit configured to encrypt the intermediate identification data in the trusted execution environment to obtain encrypted identification data;
the decryption module includes:
a second decryption unit, configured to decrypt, by the local application, the encrypted identification data to obtain the identification result.
7. The biometric system of claim 5, wherein the encryption module is specifically configured to encrypt with a local private key in the trusted execution environment;
the decryption module is specifically configured to decrypt, by the local application, using the public key that matches the local private key.
8. The biometric identification system of claim 5, further comprising:
the add-on module is used for adding a data transmission interface;
the first sending module is specifically configured to send the encrypted data to the local application through the data transmission interface;
and/or the presence of a gas in the atmosphere,
the biometric system further comprises:
and the second sending module is used for sending prompt information by the local application according to the identification result, wherein the prompt information is used for indicating whether the requested biological identification is successful or not.
9. An electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the biometric method according to any one of claims 1 to 4 when executing the computer program.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the biometric method according to any one of claims 1 to 4.
CN202010171771.2A 2020-03-12 2020-03-12 Biometric identification method, biometric identification system, electronic device, and storage medium Active CN111382713B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010171771.2A CN111382713B (en) 2020-03-12 2020-03-12 Biometric identification method, biometric identification system, electronic device, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010171771.2A CN111382713B (en) 2020-03-12 2020-03-12 Biometric identification method, biometric identification system, electronic device, and storage medium

Publications (2)

Publication Number Publication Date
CN111382713A CN111382713A (en) 2020-07-07
CN111382713B true CN111382713B (en) 2022-10-04

Family

ID=71217226

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010171771.2A Active CN111382713B (en) 2020-03-12 2020-03-12 Biometric identification method, biometric identification system, electronic device, and storage medium

Country Status (1)

Country Link
CN (1) CN111382713B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106899551A (en) * 2015-12-21 2017-06-27 中国电信股份有限公司 Authentication method, certification terminal and system
CN106899552A (en) * 2015-12-21 2017-06-27 中国电信股份有限公司 Authentication method, certification terminal and system
CN107819587A (en) * 2017-12-13 2018-03-20 陈智罡 Authentication method and user equipment and certificate server based on full homomorphic cryptography
CN109145628A (en) * 2018-09-06 2019-01-04 江苏恒宝智能系统技术有限公司 A kind of collecting method and system based on credible performing environment
CN110011954A (en) * 2018-11-27 2019-07-12 阿里巴巴集团控股有限公司 Biometric discrimination method, device, terminal and service server based on homomorphic cryptography
CN110519049A (en) * 2019-08-07 2019-11-29 赤峰学院 A kind of cloud data protection system based on credible performing environment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106899551A (en) * 2015-12-21 2017-06-27 中国电信股份有限公司 Authentication method, certification terminal and system
CN106899552A (en) * 2015-12-21 2017-06-27 中国电信股份有限公司 Authentication method, certification terminal and system
CN107819587A (en) * 2017-12-13 2018-03-20 陈智罡 Authentication method and user equipment and certificate server based on full homomorphic cryptography
CN109145628A (en) * 2018-09-06 2019-01-04 江苏恒宝智能系统技术有限公司 A kind of collecting method and system based on credible performing environment
CN110011954A (en) * 2018-11-27 2019-07-12 阿里巴巴集团控股有限公司 Biometric discrimination method, device, terminal and service server based on homomorphic cryptography
CN110519049A (en) * 2019-08-07 2019-11-29 赤峰学院 A kind of cloud data protection system based on credible performing environment

Also Published As

Publication number Publication date
CN111382713A (en) 2020-07-07

Similar Documents

Publication Publication Date Title
US11381385B2 (en) Data processing method and apparatus for blockchain, and storage medium
CN111460453B (en) Machine learning training method, controller, device, server, terminal and medium
US9755830B2 (en) Dynamic seed and key generation from biometric indicia
KR101644353B1 (en) Device, method, and system for controlling access to web objects of a webpage or web-brower application
US9032219B2 (en) Securing speech recognition data
US20140143533A1 (en) Securing speech recognition data
CN110399717B (en) Key acquisition method and device, storage medium and electronic device
CN111258602B (en) Information updating method and device
CN109145628B (en) Data acquisition method and system based on trusted execution environment
US8667281B1 (en) Systems and methods for transferring authentication credentials
CN111193725B (en) Configuration-based combined login method and device and computer equipment
CN115952552B (en) Remote data destruction method, system and equipment
CN114615031A (en) File storage method and device, electronic equipment and storage medium
CN110955673A (en) Data de-identification method, device, equipment and storage medium
TWI724681B (en) Managing cryptographic keys based on identity information
CN111585995A (en) Method and device for transmitting and processing safety wind control information, computer equipment and storage medium
CN113285945B (en) Communication security monitoring method, device, equipment and storage medium
CN111249740A (en) Resource data access method and system
CN114238883A (en) Identity authentication method, device, equipment and storage medium
CN113946863A (en) Data encryption storage method, system, equipment and storage medium
CN111382713B (en) Biometric identification method, biometric identification system, electronic device, and storage medium
US11874752B1 (en) Methods and systems for facilitating cyber inspection of connected and autonomous electrical vehicles using smart charging stations
CN110851881B (en) Security detection method and device for terminal equipment, electronic equipment and storage medium
CN112445705B (en) Software running system, method and device based on trusted verification and computer equipment
Singh et al. Secured blind digital certificate and Lamport Merkle cloud assisted medical image sharing using blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant