CN111989693A - Biometric identification method and device - Google Patents

Biometric identification method and device Download PDF

Info

Publication number
CN111989693A
CN111989693A CN201980006480.3A CN201980006480A CN111989693A CN 111989693 A CN111989693 A CN 111989693A CN 201980006480 A CN201980006480 A CN 201980006480A CN 111989693 A CN111989693 A CN 111989693A
Authority
CN
China
Prior art keywords
biometric
template
matching
data
result
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201980006480.3A
Other languages
Chinese (zh)
Inventor
潘时林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Publication of CN111989693A publication Critical patent/CN111989693A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Evolutionary Biology (AREA)
  • Evolutionary Computation (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Artificial Intelligence (AREA)
  • Collating Specific Patterns (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)

Abstract

The application discloses a biological identification method and device, and belongs to the technical field of computers. The method comprises the following steps: after a biological image is acquired under TEE, biological characteristic data in the biological image is extracted under the TEE, and then in SE, all or part of the biological characteristic data is matched with a biological characteristic template to obtain a biological identification result. In the application, the security level of the SE is higher than that of the TEE, so that the biological identification function achieves a high security level. In addition, the template matching of the biological characteristic data is not complex and has low computation complexity, and the processing pressure of SE is low, so that the template matching speed can be ensured to be high, and the biological identification speed can be ensured to be high. Therefore, the method and the device have the advantages that the time delay is only slightly increased, and the biological identification performance is not influenced, so that the biological identification is protected at a high safety level, and the safety of the biological identification can be improved.

Description

Biometric identification method and device Technical Field
The present application relates to the field of computer technologies, and in particular, to a biometric identification method and apparatus.
Background
Biometric identification refers to identification of an individual's identity by combining a computer with high-tech means such as optical, acoustic, biosensor and biometric principles, and using inherent biological characteristics of a human body, such as physiological characteristics (e.g., fingerprint, face, or iris), or behavioral characteristics (e.g., handwriting, voice, or gait). With the development of computer technology, biometric identification has been widely used as a convenient and relatively secure human-machine authentication method.
Since the biometric feature of the user is an asset that is not exchangeable by the user, and the terminal can perform operations such as system unlocking, or value transfer using the biometric feature, the biometric process is required to be implemented in a secure area of the terminal in order to secure data. Currently, a Trusted Execution Environment (TEE) may be set in the terminal, and the terminal may perform a biometric process under the TEE. Specifically, the terminal may obtain a biometric image first under the TEE, extract biometric data in the biometric image, and then match the biometric data with a stored biometric template to obtain a biometric identification result.
However, TEE has a limited degree of security and is still relatively vulnerable to attackers. After the attacker breaks the TEE, the output biological identification result can be directly controlled to be passed under the condition of not matching the biological characteristic data; alternatively, the stored biometric template may be replaced with another biometric template, so that the biometric data is successfully matched, and the output biometric result is passed for identification. Thus, the security of biometric recognition is low.
Disclosure of Invention
The application provides a biological identification method and a biological identification device, which can improve the safety of biological identification. The technical scheme is as follows:
in a first aspect, a biometric identification method is provided, wherein the method includes: acquiring a biological image under TEE; extracting biometric data in the biometric image under the TEE; in a Secure Element (SE), all or part of the biometric data is matched with a biometric template to obtain a biometric result.
The biometric image is an image containing biometric features, and for example, the biometric image may be at least one of a fingerprint image, a palm print image, a face image, or an iris image. The biometric template may be at least one of a fingerprint template, a palm print template, a face template, or an iris template.
In the embodiment of the present application, the biometric image is acquired under the TEE and the biometric data in the biometric image is extracted, and since the security level of the TEE is higher than that of the ordinary Execution Environment (REE), the security of the biometric image and the biometric data can be ensured. In addition, because the TEE uses a system processor during operation, the computing capacity and the storage capacity under the TTE are high, so that the extraction speed of the biological feature data can be ensured to be high, and the biological identification speed is ensured to be high. In addition, at least a part of template matching is carried out on the biological characteristic data in the SE and a biological recognition result is output, and the safety level of the SE is higher than that of the TEE, so that the biological recognition function achieves a high safety level. In addition, the template matching of the biological characteristic data is not complex and has low computation complexity, and the processing pressure of SE is low, so that the template matching speed can be ensured to be high, and the biological identification speed can be ensured to be high. Thus, a scheme for supporting the biological identification by using the SE is provided, and the biological identification is protected at a high security level under the condition that the time delay is only slightly increased and the biological identification performance (identification rate and false identification rate) is not influenced, so that the safety of the biological identification can be improved.
In one possible implementation manner, before matching all or part of the biometric data with a biometric template in SE to obtain a biometric result, the method further includes: sending all of the biometric data to the SE under the TEE. Correspondingly, in the SE, matching all or part of the biometric data with a biometric template to obtain a biometric result, including: and in the SE, matching all the biological characteristic data with a preset biological characteristic template to obtain a biological identification result. In the embodiment of the application, the SE can complete template matching on the biometric data to obtain a biometric result, so that the security of biometric identification can be greatly improved.
In another possible implementation manner, before matching all or part of the biometric data with a biometric template in the SE to obtain a biometric result, the method further includes: under the TEE, performing first matching on at least one part of the biological characteristic data and a first biological characteristic template to obtain a first matching result; sending the first matching result and at least another portion of the biometric data to the SE under the TEE. Correspondingly, in the SE, matching all or part of the biometric data with a biometric template to obtain a biometric result, including: and in the SE, performing second matching on at least another part of the biological characteristic data and a second biological characteristic template to obtain a second matching result, and determining a biological identification result according to the first matching result and the second matching result.
It should be noted that the first biometric template and the second biometric template both belong to a preset biometric template, and the second biometric template includes a portion of the preset biometric template different from the first biometric template, that is, the second biometric template and the first biometric template may not be identical, for example, the first biometric template and the second biometric template may overlap. For another example, the first biometric template and the second biometric template may be completely different, that is, the first biometric template and the second biometric template may be different portions of the preset biometric template, respectively.
In the embodiment of the application, the template matching of the biometric data can be completed by combining the TEE and the SE to obtain the biometric result, namely, the TEE and the SE are used for carrying out two-section template matching, so that the template matching speed can be effectively ensured not to generate larger influence due to the use of the SE, the template matching speed can be ensured to be higher while the security of biometric identification is improved, and then the biometric identification speed can be ensured to be higher.
It is noted that before the acquiring the biological image under TEE, the method further comprises: acquiring the preset biological characteristic template; and extracting the first biological characteristic template and the second biological characteristic template from the preset biological characteristic template.
It should be noted that the preset biometric template may be a complete biometric template generated after the biometric enrollment is successful. After the first biometric template and the second biometric template are extracted from the preset biometric template, in order to ensure the safety of the first biometric template and the second biometric template, the first biometric template may be stored in a memory under the TEE, and the second biometric template may be stored in the SE.
Further, before performing the second matching on at least another part of the biometric data with the second biometric template, the method further includes: and when the matching degree indicated by the first matching result is greater than or equal to the first matching degree, triggering an operation of performing second matching on the at least another part of data and a second biological characteristic template in the SE. And when the matching degree indicated by the first matching result is smaller than the first matching degree, directly determining that the biological recognition result is not passed through recognition under the TEE, and ending the biological recognition operation.
In the embodiment of the present application, when the matching degree indicated by the first matching result is smaller than the first matching degree, it indicates that at least a part of the biometric data is not matched with the first biometric template very much, that is, the matching degree of the first-stage template matching performed under the TEE is very low, so that at this time, the second-stage template matching is not required to be performed under the SE, and it may be determined that the biometric identification does not pass directly under the TEE, and the biometric identification operation is ended. Thus, when a biometric image for which biometric registration is not performed is recognized, it can be quickly determined that biometric authentication has not passed, so that the biometric authentication time delay in the case where an input biometric image is erroneous can be reduced.
When the matching degree indicated by the first matching result is greater than or equal to the first matching degree, it indicates that at least a part of the biometric data is relatively matched with the first biometric template, that is, the matching degree of the first segment of template matching performed under the TEE is not very low, so that the second segment of template matching in the SE may be continued, and the SE may perform final biometric result output. Therefore, the accuracy of biological identification can be ensured.
It should be noted that there may be a plurality of first biometric templates and a plurality of second biometric templates, where the plurality of first biometric templates correspond to the plurality of second biometric templates one to one, and a corresponding first biometric template and a corresponding second biometric template belong to the same preset biometric template.
In this case, further, under the TEE, performing a first matching on at least a part of the biometric data with a first biometric template to obtain a first matching result, including: and under the TEE, performing first matching on the at least part of data and each first biological feature template in the plurality of first biological feature templates to obtain a first matching result corresponding to each first biological feature template. Correspondingly, in the SE, performing second matching on at least another part of the biometric data with a second biometric template to obtain a second matching result, and determining a biometric result according to the first matching result and the second matching result, including: in the SE, the plurality of second biological characteristic templates are sorted according to the sequence from high to low of a plurality of matching degrees indicated by a plurality of first matching results corresponding to the plurality of first biological characteristic templates; in the SE, sequentially carrying out second matching on the at least another part of data and the plurality of second biological characteristic templates according to the sequence; in the SE, each time a second matching of the at least another portion of data with a second biometric template is completed, a second matching result is obtained, and a biometric result corresponding to the second biometric template is determined based on the second matching result and the first matching result. And if the biometric identification result of the second biometric template is identification passing, ending the biometric identification operation in the SE, and if the biometric identification result of the second biometric template is identification failing, continuing to perform second matching on at least another part of the biometric data with the next second biometric template in the SE.
In this embodiment, after the plurality of second biometric templates corresponding to the plurality of first biometric templates are sorted in the order from high to low according to the matching degrees indicated by the plurality of first matching results corresponding to the plurality of first biometric templates, the order of the plurality of second biometric templates represents the order from the most likely successful matching to the least likely successful matching between the plurality of second biometric templates and the biometric data. Then, according to the sequence, each time the second matching of the biological characteristic data and a second biological characteristic template is completed, a biological identification result is determined, and when the biological identification result is identification passing, the biological identification operation is ended. Thus, when a biometric image for which biometric registration has been performed is recognized, it can be quickly determined that biometric authentication has passed, so that the biometric authentication time delay in the case where the input biometric image is correct can be reduced.
In a second aspect, there is provided a biometric device, the device comprising: a processor and SE; the processor is used for acquiring a biological image under TEE and extracting biological characteristic data in the biological image; and the SE is used for matching all or part of the biological characteristic data with the biological characteristic template to obtain a biological identification result.
Optionally, the processor is further configured to send all of the biometric data to the SE under the TEE; correspondingly, the SE is configured to match all of the biometric data with a preset biometric template to obtain a biometric result.
Optionally, the processor is further configured to perform, under the TEE, a first matching between at least a part of the biometric data and a first biometric template to obtain a first matching result; sending the first matching result and at least another portion of the biometric data to the SE under the TEE; correspondingly, the SE is configured to perform a second matching on at least another part of the biometric data with a second biometric template to obtain a second matching result, and determine a biometric result according to the first matching result and the second matching result; wherein the second biometric template comprises a portion of the preset biometric template different from the first biometric template.
Optionally, the first biometric template and the second biometric template are different portions of a preset biometric template respectively.
Optionally, the processor is further configured to obtain the preset biometric template; and extracting the first biological characteristic template and the second biological characteristic template from the preset biological characteristic template.
Optionally, the processor is further configured to trigger the SE to perform a second matching on the at least another portion of data with a second biometric template when the matching degree indicated by the first matching result is greater than or equal to the first matching degree.
Optionally, a plurality of first biometric templates and a plurality of second biometric templates exist, the plurality of first biometric templates correspond to the plurality of second biometric templates one by one, and a corresponding first biometric template and a corresponding second biometric template belong to the same preset biometric template; the processor is further configured to perform, under the TEE, a first matching between the at least one portion of data and each of the plurality of first biometric templates to obtain a first matching result corresponding to each of the plurality of first biometric templates; correspondingly, the SE is configured to sort the plurality of second biometric templates according to an order from high to low of a plurality of matching degrees indicated by a plurality of first matching results corresponding to the plurality of first biometric templates; sequentially performing second matching on the at least another part of data and the plurality of second biological characteristic templates according to the sequence; and obtaining a second matching result when second matching of the at least another part of data and a second biological characteristic template is completed, and determining a biological identification result corresponding to the second biological characteristic template according to the second matching result and the first matching result.
Optionally, the biometric template is at least one of a fingerprint template, a face template, or an iris template.
In a third aspect, there is provided a biometric device, the device comprising: a TEE module and an SE module; the TEE module is used for acquiring a biological image and extracting biological characteristic data in the biological image; and the SE module is used for matching all or part of the biological characteristic data with a biological characteristic template to obtain a biological identification result.
Optionally, the TEE module is further configured to send all of the biometric data to the SE module; correspondingly, the SE module is configured to match all of the biometric data with a preset biometric template to obtain a biometric result.
Optionally, the TEE module is further configured to perform a first matching on at least a part of the biometric data and a first biometric template to obtain a first matching result; sending the first matching result and at least another part of the biometric data to the SE module; correspondingly, the SE module is configured to perform a second matching on at least another part of the biometric data with a second biometric template to obtain a second matching result, and determine a biometric result according to the first matching result and the second matching result; wherein the second biometric template comprises a portion of the preset biometric template different from the first biometric template.
Optionally, the first biometric template and the second biometric template are different portions of a preset biometric template respectively.
Optionally, the apparatus is further configured to obtain the preset biometric template; and extracting the first biological characteristic template and the second biological characteristic template from the preset biological characteristic template.
Optionally, the TEE module is further configured to trigger the SE module to perform a second matching on the at least another portion of data with a second biometric template when the matching degree indicated by the first matching result is greater than or equal to a first matching degree.
Optionally, a plurality of first biometric templates and a plurality of second biometric templates exist, the plurality of first biometric templates correspond to the plurality of second biometric templates one by one, and a corresponding first biometric template and a corresponding second biometric template belong to the same preset biometric template; the TEE module is further configured to perform first matching on the at least part of data and each of the plurality of first biometric templates to obtain a first matching result corresponding to each of the plurality of first biometric templates; correspondingly, the SE module is configured to sort the plurality of second biometric templates according to an order from high to low of a plurality of matching degrees indicated by a plurality of first matching results corresponding to the plurality of first biometric templates; sequentially performing second matching on the at least another part of data and the plurality of second biological characteristic templates according to the sequence; and obtaining a second matching result when second matching of the at least another part of data and a second biological characteristic template is completed, and determining a biological identification result corresponding to the second biological characteristic template according to the second matching result and the first matching result.
Optionally, the biometric template is at least one of a fingerprint template, a face template, or an iris template.
In a fourth aspect, there is provided a computer-readable storage medium having stored therein instructions which, when run on a computer, cause the computer to perform the biometric method of the first aspect described above.
In a fifth aspect, there is provided a computer program product containing instructions which, when run on a computer, cause the computer to perform the biometric method of the first aspect described above.
The technical effects obtained by the second, third, fourth and fifth aspects are similar to the technical effects obtained by the corresponding technical means in the first aspect, and are not described herein again.
The technical scheme provided by the application can at least bring the following beneficial effects: after a biological image is acquired under the TEE, biological feature data in the biological image is extracted under the TEE. Then, in SE, all or part of the biometric data is matched with the biometric template to obtain a biometric result. Since the security level of SE is higher than TEE, the biometric function is brought to a high security level. In addition, the template matching of the biological characteristic data is not complex and has low computation complexity, and the processing pressure of SE is low, so that the template matching speed can be ensured to be high, and the biological identification speed can be ensured to be high. Therefore, the embodiment of the application ensures that the biological identification is protected at a high security level under the condition of only slightly increasing the time delay and not influencing the biological identification performance, thereby improving the security of the biological identification.
Drawings
Fig. 1 is a schematic structural diagram of a system architecture according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a biometric apparatus according to an embodiment of the present disclosure;
FIG. 3 is a schematic structural diagram of another biometric device provided in the embodiments of the present application;
fig. 4 is a flowchart of a biometric identification method provided in an embodiment of the present application;
FIG. 5 is a flow chart of another biometric identification method provided by embodiments of the present application;
FIG. 6 is a flow chart of another biometric identification method provided by an embodiment of the present application;
FIG. 7 is a schematic representation of a biometric template provided in an embodiment of the present application;
fig. 8 is a schematic diagram of a biometric process provided in an embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings. Before explaining the embodiments of the present application in detail, application scenarios and system architectures related to the embodiments of the present application will be described.
The following describes an application scenario related to an embodiment of the present application. The embodiment of the application can be applied to scenes needing a biological identification function, such as a startup unlocking scene, an applied identity authentication scene and the like, and the biological identification function can reach a high security level by introducing SE (sequence analysis) in the biological identification process to perform template matching, so that the safety of biological identification can be greatly improved. In an embodiment of the present application, the obtaining of the biological image and the extracting of the biological feature data may be performed under TEE, and then at least a part of template matching may be performed on the biological feature data in SE. Specifically, all the biometric data may be directly matched with a preset biometric template in SE to obtain a biometric result; or, at least a part of the biometric data may be first matched with a first biometric template under TEE to obtain a first matching result, and then, at least another part of the biometric data may be second matched with a second biometric template in SE to obtain a second matching result, and the biometric result may be determined according to the first matching result and the second matching result. Therefore, the high-safety biological identification data protection is met, and meanwhile, the biological identification speed and the biological identification performance (namely, the identification rate and the false identification rate) are not influenced, so that the user requirements can be met, and the user experience is not influenced.
The following describes a system architecture according to an embodiment of the present application. Fig. 1 is a schematic structural diagram of a system architecture according to an embodiment of the present application. Referring to fig. 1, the system architecture may include: REE, TEE and SE. REE and TEE are two parallel execution environments, both isolated by hardware, both generated by a processor running the necessary software, such as operating system software and security software. The SE may be an independent dedicated security Chip (e.g., a smart card, or an Embedded Secure Element (eSE)), or may be integrated into a System on Chip (SoC) in the form of a security Element (e.g., inSE). The security level of SE is higher than TEE, which is higher than REE. For example, the SE may be a Secure Processing Unit (SPU). As another example, an SE is a piece of hardware other than a processor that performs operations or processes with a higher level of security, and therefore is more secure than TEEs and REEs.
The REE is an operating environment of a terminal operating system such as android or iOS, and includes modules such as a Client Application (CA), a TEE function Application Programming Interface (API), a TEE Client API, and a multimedia operating system component. The CA is a client application provided for use by the user. The TEE function API is a friendly interface provided to the CA to access TEE core services, such as trusted storage and encryption algorithms. The TEE client API is the underlying communication interface provided to the CA for accessing Trusted Applications (TAs) in the TEE and exchanging data with the TAs. The multimedia operating system components include modules such as common device drivers and REE communication agents that provide messaging between the CA and TA.
In contrast to the REE in an open environment, the TEE provides a safer closed execution environment, and the TEE mainly includes a TA, an internal API of the TEE, a trusted operating system component, and a trusted kernel. The TA runs in the TEE and is used for providing safety service for users, and the TA communicate through an internal API of the TEE. The trusted operating system component comprises a TEE communication agent, a trusted core framework, a trusted function and other modules. The TEE communication agent, together with the REE communication agent, enables secure transfer of messages between the CA and the TA. The trusted kernel framework provides the TA with a secure Operating System (OS) functionality. The trusted function module provides ancillary facility support to the application developer. The trusted kernel primarily provides scheduling and other OS management functions to the trusted core framework and trusted functional modules.
The SE realizes functions such as data security storage, encryption and decryption operations through a Chip Operating System (COS). The SE may be packaged in various forms, commonly known as smart cards, eSE, inSE, etc. The SE may provide hardware protection at the chip level, and may be able to resist various physical attacks, and the main functions of the SE include: the method comprises the steps of safe storage of a secret key, data encryption operation and safe storage of information. The secure storage of the key can establish a relatively perfect key management system, ensuring that the key cannot be read. The data encryption operation comprises support for reliable security algorithm, sensitive data ciphertext transmission, data transmission tamper resistance and the like. The information safe storage refers to a strict file access authority mechanism and a reliable authentication algorithm and flow.
Next, a biometric device provided in an embodiment of the present application will be described. In one possible implementation, the system architecture shown in fig. 1 may be implemented by the biometric device shown in fig. 2. Specifically, fig. 2 is a schematic structural diagram of a biometric apparatus provided in an embodiment of the present application, where the biometric apparatus may be a computer device 200. Referring to fig. 2, the computer device comprises at least one processor 201, a communication bus 202, a memory 203, at least one communication interface 204 and a SE 208. The at least one processor 201 is used to form REE and TEE in the system architecture shown in FIG. 1. Optionally, the processor 201 and the SE208 each execute respective software programs, including but not limited to system software, application software, or driver software.
The processor 201 may be at least one of a Central Processing Unit (CPU), a microprocessor, or a microcontroller, may include an application-specific integrated circuit (ASIC), or may be one or more integrated circuits for controlling the execution of programs according to the present disclosure. The communication bus 202 may include a path for communicating information between the aforementioned components. The Memory 203 may be a Read-Only Memory (ROM) or other types of static storage devices that can store static information and instructions, a Random Access Memory (RAM) or other types of dynamic storage devices that can store information and instructions, an Electrically Erasable Programmable Read-Only Memory (EEPROM), a Compact Disc Read-Only Memory (CD-ROM) or other optical Disc storage, optical Disc storage (including Compact Disc, laser Disc, optical Disc, digital versatile Disc, blu-ray Disc, etc.), a magnetic Disc storage medium or other magnetic storage devices, or any other medium which can be used to carry or store desired program code in the form of instructions or data structures and which can be accessed by a computer, but is not limited to such. The memory 203 may be self-contained and coupled to the processor 201 via the communication bus 202. The memory 203 may also be integrated with the processor 201. The communication interface 204 is any transceiver or other communication device for communicating with other devices or communication Networks, such as ethernet, Radio Access Network (RAN), Wireless Local Area Networks (WLAN), etc.
In particular implementations, processor 201 may include one or more CPUs, such as CPU0 and CPU1 shown in fig. 2, as one embodiment. In particular implementations, a computer device may include multiple processors, such as processor 201 and processor 205 shown in fig. 2, as an embodiment. For example, processor 201 and processor 205 form a large-small core architecture, i.e., processor 201 is a large core and processor 20 is a small core. Each of these processors may be a single-Core Processor (CPU) or a multi-Core Processor (CPU). A processor herein may refer to one or more devices, circuits, and/or processing cores for processing data (e.g., computer program instructions).
In particular implementations, the computer device may also include an output device 206 and an input device 207, as one embodiment. The output device 206 is in communication with the processor 201 and may display information in a variety of ways. For example, the output device 206 may be a Liquid Crystal Display (LCD), a Light Emitting Diode (LED) display device, a Cathode Ray Tube (CRT) display device, a projector (projector), or the like. The input device 207 is in communication with the processor 201 and may receive user input in a variety of ways. For example, the input device 207 may be a mouse, a keyboard, a touch screen device, or a sensing device, among others.
The computer device may be a general purpose computer device or a special purpose computer device. In a specific implementation, the computer device may be a desktop computer, a laptop computer, a web server, a Personal Digital Assistant (PDA), a mobile phone, a tablet computer, a wireless terminal device, a communication device, or an embedded device, and the embodiment of the present application does not limit the type of the computer device. The memory 203 is used for storing a program code 210 for executing the scheme of the application, and the processor 201 is used for executing the program code 210 stored in the memory 203. The computer device may implement all operations performed under TEE in the embodiment of fig. 4 below by means of the processor 201 and the program code 210 in the memory 203. The computer device may also implement all operations performed in the SE in the embodiment of fig. 4 by the SE208 and the program code 210 in the memory 203. Or, alternatively, the program software executed by the SE208 may not be stored in the memory 203, but may be stored inside the SE208, and the embodiment of the present application is not limited thereto.
In one possible implementation, the TEE and the SE in the system architecture shown in fig. 1 may be implemented as one functional module to implement their functions. Specifically, fig. 3 is a schematic structural diagram of a biometric apparatus provided in an embodiment of the present application, and referring to fig. 3, the biometric apparatus may include a TEE module 301 and an SE module 302. TEE module 301 is used to perform all operations to be performed under TEE in the fig. 4 embodiment below, and SE module 302 is used to perform all operations to be performed in SE in the fig. 4 embodiment below. Alternatively, TEE module 301 and SE module 302 may be implemented by software, hardware, or a combination of both. When TEE module 301 and SE module 302 are implemented in software, these two modules may run on processor 201 and SE208 in fig. 2, respectively. The embodiments described above provide a biometric device and a biometric method embodiment, which belong to the same concept, and the specific implementation process is described in the following method embodiments, which are not described in detail herein.
Next, a biometric identification method provided in an embodiment of the present application will be described. Fig. 4 is a flowchart of a biometric identification method according to an embodiment of the present application. Referring to fig. 4, the method includes: step 401: biological images were acquired under TEE. The biometric image is an image containing biometric features, and for example, the biometric image may be at least one of a fingerprint image, a palm print image, a face image, or an iris image. Specifically, the biological image may be acquired by the image acquisition device under the TEE, and of course, the biological image may also be acquired by other methods under the TEE, which is not limited in the embodiment of the present application.
It should be noted that the image capturing device is used for capturing a biological image, for example, the image capturing device may be at least one of a fingerprint sensor, a collector, or a camera, and the fingerprint sensor may be, for example, an ultrasonic fingerprint sensor, a push type fingerprint sensor, or an optical fingerprint sensor. In a possible embodiment, after the fingerprint sensor collects the fingerprint image, the fingerprint image may be sent to a memory space of a TA for biometric identification in the TEE through a Serial Peripheral Interface (SPI); after the Camera acquires the face image, the face image may be sent to a memory space of a TA for biometric recognition in the TEE through a Camera Serial Interface (CSI). It is noted that the embodiment of the present application may perform step 401 when the biometric service under the REE is started, that is, step 401 may be performed when the user uses the biometric service. The biometric service may be power-on unlocking, identity authentication of an application, and the like, which is not limited in the embodiment of the present application.
Step 402: and extracting biological characteristic data in the biological image under TEE. Note that the biometric data in the biometric image is used to indicate the biometric features included in the biometric image. For example, when the biometric image is a fingerprint image, the biometric data may be parameters (such as direction, curvature, and position) of minutiae points (such as start points, end points, junction points, and bifurcation points of a ridge line) in the biometric image. For another example, when the biometric image is a face image, the biometric data may be attributes (such as size, position, distance, and the like) of facial contour points (such as iris of the eye, nasal ala, and mouth angle) in the face image.
In particular, a feature extraction algorithm may be used under TEE to extract biometric data in the biometric image. Also, biometric data in the biometric image may be extracted by TA for biometric identification under TEE. It should be noted that the feature extraction algorithm may be preset. For example, when the biometric image is a fingerprint image, the feature extraction algorithm may be a fingerprint feature extraction algorithm, and when the biometric image is a face image, the feature extraction algorithm may be a face feature extraction algorithm.
It is worth noting that the embodiment of the application can acquire the biological image under the TEE and extract the biological feature data in the biological image, and the TEE and the REE are operated in an isolation mode, so that the safety level is high, and the safety of the biological image and the biological feature data can be guaranteed. In addition, because the processor is used during the TEE operation, the computing capacity and the storage capacity under the TTE are high, so that the extraction speed of the biological feature data can be ensured to be high, and the biological identification speed is ensured to be high.
Step 403: in SE, all or part of the biometric data is matched with a biometric template to obtain a biometric result. It should be noted that, the biometric template may be set in advance, for example, the biometric template may be at least one of a fingerprint template, a face template, or an iris template. When all the biometric data are matched with the biometric template, the biometric template can be a complete biometric template generated after the biometric registration is successful, namely the biometric template can be a preset biometric template; when matching the biometric data with the biometric template, the biometric template may be a part of the entire biometric template generated after the biometric enrollment is successful, i.e., the biometric template may be a part of the preset biometric template.
It is worth mentioning that, in the embodiment of the present application, at least a part of template matching may be performed on the biometric data in the SE, and a biometric result may be output. In addition, the template matching of the biological characteristic data is not complex and has low computation complexity, and the processing pressure of SE is low, so that the template matching speed can be ensured to be high, and the biological identification speed can be ensured to be high. Thus, the embodiment of the present application provides a scheme for supporting biometric identification by SE, so that biometric identification is protected at a high security level without affecting biometric identification performance (identification rate and false identification rate) when time delay is slightly increased, and thus the security of biometric identification can be improved.
Specifically, when all of the biometric data are matched with the biometric template in the SE to obtain the biometric result, step 403 may be implemented by the following first possible implementation manner; when the biometric data is matched with the biometric template in SE to obtain the biometric result, step 403 may be implemented in the following second possible implementation manner.
In a first possible implementation manner, referring to fig. 5, before step 403, step 4031 may be executed: all of this biometric data is sent to SE under TEE. Accordingly, the operation of step 403 may be step 4032: and in SE, matching all the biological characteristic data with a preset biological characteristic template to obtain a biological identification result. It should be noted that, in the first possible implementation manner, the SE completes template matching on the biometric data to obtain a biometric result, so that the security of biometric identification can be greatly improved. In addition, all the biometric data are matched with a preset biometric template, namely, the biometric features indicated by the biometric data are matched with the biometric features indicated by the preset biometric template, if the matching is successful, the biometric result can be determined as passing, and if the matching is failed, the biometric result can be determined as failing.
In a second possible implementation manner, referring to fig. 6, before step 403, step 4033 may be executed: and under the TEE, performing first matching on at least one part of the biological characteristic data and the first biological characteristic template to obtain a first matching result, and sending the first matching result and at least another part of the biological characteristic data to the SE under the TEE. Accordingly, the operation of step 403 may be step 4034: and in SE, performing second matching on at least another part of the biological characteristic data and a second biological characteristic template to obtain a second matching result, and determining a biological identification result according to the first matching result and the second matching result.
It should be noted that, in the second possible implementation manner, the TEE and the SE are combined to complete template matching of the biometric data to obtain a biometric result, that is, the TEE and the SE are used to perform two-stage template matching, so that it can be effectively ensured that the template matching speed is not greatly affected by the use of the SE, and thus, while the security of biometric identification is improved, it can be ensured that the template matching speed is higher, and thus, the biometric identification speed is higher. In addition, the first biometric template and the second biometric template both belong to a preset biometric template, and the second biometric template includes a portion of the preset biometric template that is different from the first biometric template. The first biometric template may be stored in a memory under the TEE, such as memory 203 of fig. 2, and the second biometric template may be stored in the SE. The second biometric template and the first biometric template may not be identical, e.g. there may be an overlap. Furthermore, the first biometric template and the second biometric template may be completely different, that is, the first biometric template and the second biometric template may be different parts of the preset biometric template, respectively, for example, as shown in fig. 7, the preset biometric template is a, the preset biometric module a may be divided into two parts, one part is a1, the other part is a2, then a1 is used as the first biometric module, and a2 is used as the second biometric template. Since both the computational power and the storage capacity under TEE are higher than SE, in order to improve the template matching speed, the specific gravity of the first biometric template in the preset biometric template may be greater than the specific gravity of the second biometric template in the preset biometric template. Moreover, in order to ensure the security of the second biometric template in the SE, the non-overlapping portions of the second biometric template and the first biometric template need to have sufficient data strength, i.e., the second biometric template cannot be easily derived from the first biometric template.
It should be noted that, the first matching is performed on at least a part of the biometric data and the first biometric template, that is, the biometric indicated by at least a part of the biometric data and the biometric indicated by the first biometric template are matched to obtain the first matching result. The first matching result is used for indicating the matching degree between at least one part of the biological characteristic data and the first biological characteristic template. When at least another part of the biological characteristic data is sent to the SE under the TEE, all the biological characteristic data can be directly sent to the SE under the TEE; alternatively, under the TEE, a part of data corresponding to the first biometric template and a part of data corresponding to the second biometric template may be determined from the biometric data according to a distribution rule of the first biometric template and the second biometric template in a preset biometric template, and a part of data corresponding to the second biometric template in the biometric data may be transmitted to the SE.
It should be noted that, the second matching is performed on at least another part of the biometric data and the second biometric template, that is, the biometric indicated by at least another part of the biometric data and the biometric indicated by the second biometric template are matched to obtain a second matching result. The second matching result is used for indicating the matching degree between at least another part of the biological characteristic data and the second biological characteristic template. In the SE, when determining the biometric result according to the first matching result and the second matching result, performing weighted average on the matching degree indicated by the first matching result and the matching degree indicated by the second matching result according to the first weight corresponding to the TEE and the second weight corresponding to the SE to obtain a target matching degree; if the target matching degree is greater than or equal to the second matching degree, determining that the biological recognition result is passed through recognition; and if the target matching degree is smaller than the second matching degree, determining that the biological recognition result is that the recognition is not passed. Of course, the biometric result may also be determined in SE by other means according to the first matching result and the second matching result, which is not limited in the embodiment of the present application. It should be noted that the first weight corresponding to the TEE and the second weight corresponding to the SE may be set in advance, for example, may be set according to the security levels of the TEE and the SE, or may be set according to the security levels of the TEE and the SE and the distribution rule of the first biometric template and the second biometric template in the preset biometric template.
In addition, the second matching degree may be set in advance, and the second matching degree may be set to be larger. When the target matching degree is greater than or equal to the second matching degree, the biometric data is indicated to be matched with the preset biometric template, and therefore the passing of the biometric identification can be determined. When the target matching degree is smaller than the second matching degree, the biological characteristic data is not matched with the preset biological characteristic template, and therefore the biological recognition can be determined not to pass.
Further, before the second possible implementation manner, the first biometric template and the second biometric template may be generated. Specifically, a preset biometric template may be acquired, and the first biometric template and the second biometric template may be extracted from the preset biometric template. When the preset biological characteristic template is acquired, the biological image can be acquired when the biological registration instruction is received, and then the biological characteristic data in the acquired biological image is extracted as the preset biological characteristic template. The biometric registration instruction is used to instruct to register the biometric template, the biometric registration instruction may be triggered by a user, and the user may trigger the biometric registration instruction through operations such as a click operation, a slide operation, a voice operation, or a gesture operation, which is not limited in this embodiment of the present application.
In addition, after the first biometric template and the second biometric template are extracted from the preset biometric template, in order to ensure the safety of the first biometric template and the second biometric template, the first biometric template may be stored in a memory under the TEE, and the second biometric template may be stored in the SE.
It should be noted that, in order to reduce the biometric delay and improve the user experience, in the second possible implementation manner, the biometric speed may be further improved in the following manner one and/or manner two. The first method is as follows: after a first matching result is obtained under the TEE, whether the matching degree indicated by the first matching result is smaller than the first matching degree is judged; when the matching degree indicated by the first matching result is smaller than the first matching degree, directly determining that the biological recognition result is not passed under TEE, and ending the biological recognition operation; and when the matching degree indicated by the first matching result is greater than or equal to the first matching degree, triggering an operation of performing second matching on at least another part of the biological characteristic data and a second biological characteristic template in the SE.
It should be noted that the first matching degree may be set in advance, and the first matching degree may be set to be very small. When the matching degree indicated by the first matching result is smaller than the first matching degree, it indicates that at least a part of the biometric data is not matched with the first biometric template very much, that is, the matching degree of the first-stage template matching performed under the TEE is very low, so that the second-stage template matching performed under the SE is not needed, and the biometric identification can be determined to fail under the TEE directly, and the biometric identification operation is ended. Thus, when a biometric image for which biometric registration is not performed is recognized, it can be quickly determined that biometric authentication has not passed, so that the biometric authentication time delay in the case where an input biometric image is erroneous can be reduced.
When the matching degree indicated by the first matching result is greater than or equal to the first matching degree, it indicates that at least a part of the biometric data is relatively matched with the first biometric template, that is, the matching degree of the first segment of template matching performed under the TEE is not very low, so that the second segment of template matching in the SE may be continued, and the SE may perform final biometric result output. Therefore, the accuracy of biological identification can be ensured.
It should be noted that there are often a plurality of preset biometric templates generated after the biometric enrollment is successful, for example, a preset biometric template corresponding to the fingerprint of each of a plurality of fingers can be generated. In this case, there may be a plurality of first biometric templates and a plurality of second biometric templates, where the plurality of first biometric templates correspond to the plurality of second biometric templates one to one, and a corresponding first biometric template and a corresponding second biometric template belong to the same preset biometric template. In this case, when at least a part of the biometric data is first matched with the first biometric template under the TEE to obtain a first matching result, the at least a part of the biometric data may be first matched with each of the plurality of first biometric templates under the TEE to obtain a first matching result corresponding to each of the first biometric templates.
Correspondingly, in the first mode, when a plurality of first matching results corresponding to the plurality of first biometric templates are all smaller than the first matching degree, the biometric result is directly determined to be not passed through recognition under the TEE, and the biometric operation is ended; and when a plurality of first matching results corresponding to the plurality of first biometric templates have a first matching result with the indicated matching degree being greater than or equal to the first matching degree, triggering an operation of performing second matching on at least another part of the biometric data and a second biometric template in the SE.
Accordingly, the biometric recognition speed can be further increased in the following manner. The second method comprises the following steps: in SE, the plurality of second biological characteristic templates are sorted according to the sequence of the matching degrees indicated by the first matching results corresponding to the plurality of first biological characteristic templates from high to low; in SE, sequentially carrying out second matching on at least another part of the biological characteristic data and the plurality of second biological characteristic templates according to the sequence; in SE, each time a second matching of at least another part of the biometric data with a second biometric template is completed, obtaining a second matching result, and determining a biometric result corresponding to the second biometric template according to the second matching result and the first matching result; if the biometric result of the second biometric template is identification pass, the biometric operation is ended in SE, and if the biometric result of the second biometric template is identification fail, at least another part of the biometric data continues to be second matched with the next second biometric template in SE.
It should be noted that, after the plurality of second biometric templates corresponding to the plurality of first biometric templates are sorted in the order from high to low according to the matching degrees indicated by the plurality of first matching results corresponding to the plurality of first biometric templates, the order of the plurality of second biometric templates represents the order from the most probable matching success to the least probable matching success of the plurality of second biometric templates and the biometric data. Then, according to the sequence, each time the second matching of the biological characteristic data and a second biological characteristic template is completed, a biological identification result is determined, and when the biological identification result is identification passing, the biological identification operation is ended. Thus, when a biometric image for which biometric registration has been performed is recognized, it can be quickly determined that biometric authentication has passed, so that the biometric authentication time delay in the case where the input biometric image is correct can be reduced.
It is noted that, after obtaining the biometric result in the SE, the SE may send the biometric result to the biometric service under the REE, so that the biometric service may perform subsequent processes according to the biometric result. In one possible implementation, when the biometric result is identification pass, the SE may enable the system key service, for example, when the biometric result is identification pass, if the SE receives a system key acquisition request sent by the biometric service, the SE may return the stored system key to the biometric service, so that the biometric service may unlock and access the system file using the system key; alternatively, when the biometric result is identification pass, the SE may unlock the system file using the stored system key so that the biometric service may directly access the system file.
For ease of understanding, the biometric identification process provided in the embodiments of the present application is illustrated below with reference to fig. 8. Illustratively, referring to fig. 8, the biometric process may include the following steps (1) to (7). (1) Acquiring a biological image through an image acquisition device under TEE; (2) extracting biological characteristic data in the biological image under TEE; (3) under TEE, performing first matching on at least one part of the biological characteristic data and a first biological characteristic template to obtain a first matching result; (4) sending the first matching result and at least another part of the biometric data to the SE under the TEE; (5) in SE, performing second matching on at least another part of the biological characteristic data and a second biological characteristic template to obtain a second matching result; (6) in SE, determining a biological recognition result according to the first matching result and the second matching result; (7) in SE, the biometric result is sent to the biometric service under the REE, and when the biometric result is identification pass, the system key service is enabled.
In the embodiment of the present application, after a biological image is acquired under the TEE, biological feature data in the biological image is extracted under the TEE. Then, in SE, all or part of the biometric data is matched with the biometric template to obtain a biometric result. Since the security level of SE is higher than TEE, the biometric function is brought to a high security level. In addition, the template matching of the biological characteristic data is not complex and has low computation complexity, and the processing pressure of SE is low, so that the template matching speed can be ensured to be high, and the biological identification speed can be ensured to be high. In addition, the embodiment of the application can perform two-stage template matching by combining the TEE and the SE, namely, the first stage template matching can be performed on the biological characteristic data under the TEE firstly, and then the second stage template matching can be performed on the biological characteristic data in the SE, so that the template matching speed can be effectively ensured not to generate larger influence due to the use of the SE. Therefore, the embodiment of the application ensures that the biological identification is protected at a high security level under the condition of only slightly increasing the time delay and not influencing the biological identification performance, thereby improving the security of the biological identification.
In the above embodiments, the corresponding method flows may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the application to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored on a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website, computer, server, or data center to another website, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., Digital Versatile Disk (DVD)), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
The above-mentioned embodiments are provided not to limit the present application, and any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application.

Claims (24)

  1. A biometric identification method, the method comprising:
    acquiring a biological image under a Trusted Execution Environment (TEE);
    extracting biometric data in the biometric image under the TEE;
    and in the secure element SE, matching all or part of the biological characteristic data with a biological characteristic template to obtain a biological identification result.
  2. The method according to claim 1, wherein before matching all or part of the biometric data with a biometric template in the secure element SE to obtain the biometric result, the method further comprises:
    sending all of the biometric data to the SE under the TEE;
    correspondingly, in the secure element SE, matching all or part of the biometric data with a biometric template to obtain a biometric result includes:
    and in the SE, matching all the biological characteristic data with a preset biological characteristic template to obtain a biological identification result.
  3. The method according to claim 1, wherein before matching all or part of the biometric data with a biometric template in the secure element SE to obtain the biometric result, the method further comprises:
    under the TEE, performing first matching on at least one part of the biological characteristic data and a first biological characteristic template to obtain a first matching result;
    sending the first matching result and at least another portion of the biometric data to the SE under the TEE;
    correspondingly, in the secure element SE, matching all or part of the biometric data with a biometric template to obtain a biometric result includes:
    in the SE, performing second matching on at least another part of the biological characteristic data and a second biological characteristic template to obtain a second matching result, and determining a biological identification result according to the first matching result and the second matching result;
    wherein the second biometric template comprises a portion of the preset biometric template different from the first biometric template.
  4. The method of claim 3, wherein the first biometric template and the second biometric template are each different portions of a pre-defined biometric template.
  5. The method of claim 3 or 4, wherein prior to acquiring the biometric image under the Trusted Execution Environment (TEE), further comprising:
    acquiring the preset biological characteristic template;
    and extracting the first biological characteristic template and the second biological characteristic template from the preset biological characteristic template.
  6. The method according to any of claims 3-5, wherein, prior to second matching at least another portion of the biometric data with a second biometric template in the SE, further comprising:
    and when the matching degree indicated by the first matching result is greater than or equal to the first matching degree, triggering an operation of performing second matching on the at least another part of data and a second biological characteristic template in the SE.
  7. The method according to any one of claims 3-6, wherein there are a plurality of first biometric templates and a plurality of second biometric templates, the plurality of first biometric templates corresponding to the plurality of second biometric templates one-to-one, and a corresponding one of the first biometric templates and one of the second biometric templates belong to a same preset biometric template;
    under the TEE, performing first matching on at least a part of the biological characteristic data and a first biological characteristic template to obtain a first matching result, wherein the first matching result comprises:
    under the TEE, performing first matching on the at least part of data and each first biological feature template in the plurality of first biological feature templates to obtain a first matching result corresponding to each first biological feature template;
    correspondingly, in the SE, performing second matching on at least another part of the biometric data with a second biometric template to obtain a second matching result, and determining a biometric result according to the first matching result and the second matching result, including:
    in the SE, the plurality of second biological characteristic templates are sorted according to the sequence from high to low of a plurality of matching degrees indicated by a plurality of first matching results corresponding to the plurality of first biological characteristic templates;
    in the SE, sequentially carrying out second matching on the at least another part of data and the plurality of second biological characteristic templates according to the sequence;
    in the SE, each time a second matching of the at least another portion of data with a second biometric template is completed, a second matching result is obtained, and a biometric result corresponding to the second biometric template is determined based on the second matching result and the first matching result.
  8. The method of any one of claims 1-7, wherein the biometric template is at least one of a fingerprint template, a face template, or an iris template.
  9. A biometric identification device, the device comprising: a processor and a secure element SE;
    the processor is used for acquiring a biological image under a trusted execution environment TEE and extracting biological characteristic data in the biological image;
    and the SE is used for matching all or part of the biological characteristic data with the biological characteristic template to obtain a biological identification result.
  10. The apparatus of claim 9,
    the processor is further configured to send all of the biometric data to the SE under the TEE;
    correspondingly, the SE is configured to match all of the biometric data with a preset biometric template to obtain a biometric result.
  11. The apparatus of claim 9,
    the processor is further configured to perform first matching on at least a part of the biometric data with a first biometric template under the TEE to obtain a first matching result; sending the first matching result and at least another portion of the biometric data to the SE under the TEE;
    correspondingly, the SE is configured to perform a second matching on at least another part of the biometric data with a second biometric template to obtain a second matching result, and determine a biometric result according to the first matching result and the second matching result; wherein the second biometric template comprises a portion of the preset biometric template different from the first biometric template.
  12. The apparatus of claim 11, wherein the first biometric template and the second biometric template are each different portions of a pre-set biometric template.
  13. The apparatus of claim 11 or 12,
    the processor is further used for acquiring the preset biological characteristic template; and extracting the first biological characteristic template and the second biological characteristic template from the preset biological characteristic template.
  14. The apparatus of any one of claims 11-13,
    the processor is further configured to trigger the SE to perform a second matching on the at least another portion of data with a second biometric template when the matching degree indicated by the first matching result is greater than or equal to a first matching degree.
  15. The apparatus according to any one of claims 11-14, wherein there are a plurality of first biometric templates and a plurality of second biometric templates, the plurality of first biometric templates corresponding to the plurality of second biometric templates one-to-one, and a corresponding one of the first biometric templates and one of the second biometric templates belong to a same preset biometric template;
    the processor is further configured to perform, under the TEE, a first matching between the at least one portion of data and each of the plurality of first biometric templates to obtain a first matching result corresponding to each of the plurality of first biometric templates;
    correspondingly, the SE is configured to sort the plurality of second biometric templates according to an order from high to low of a plurality of matching degrees indicated by a plurality of first matching results corresponding to the plurality of first biometric templates; sequentially performing second matching on the at least another part of data and the plurality of second biological characteristic templates according to the sequence; and obtaining a second matching result when second matching of the at least another part of data and a second biological characteristic template is completed, and determining a biological identification result corresponding to the second biological characteristic template according to the second matching result and the first matching result.
  16. The apparatus of any one of claims 9-15, wherein the biometric template is at least one of a fingerprint template, a face template, or an iris template.
  17. A biometric identification device, the device comprising: a feasible execution environment TEE module and a secure element SE module;
    the TEE module is used for acquiring a biological image and extracting biological characteristic data in the biological image;
    and the SE module is used for matching all or part of the biological characteristic data with a biological characteristic template to obtain a biological identification result.
  18. The apparatus of claim 17,
    the TEE module is further used for sending all the biological characteristic data to the SE module;
    correspondingly, the SE module is configured to match all of the biometric data with a preset biometric template to obtain a biometric result.
  19. The apparatus of claim 17,
    the TEE module is further used for carrying out first matching on at least one part of the biological characteristic data and a first biological characteristic template to obtain a first matching result; sending the first matching result and at least another part of the biometric data to the SE module;
    correspondingly, the SE module is configured to perform a second matching on at least another part of the biometric data with a second biometric template to obtain a second matching result, and determine a biometric result according to the first matching result and the second matching result; wherein the second biometric template comprises a portion of the preset biometric template different from the first biometric template.
  20. The apparatus of claim 19, wherein the first biometric template and the second biometric template are each different portions of a pre-set biometric template.
  21. The apparatus of claim 19 or 20,
    the device is also used for acquiring the preset biological characteristic template; and extracting the first biological characteristic template and the second biological characteristic template from the preset biological characteristic template.
  22. The apparatus of any one of claims 19-21,
    the TEE module is further configured to trigger the SE module to perform a second matching between the at least another portion of data and a second biometric template when the matching degree indicated by the first matching result is greater than or equal to a first matching degree.
  23. The apparatus according to any one of claims 19-22, wherein there are a plurality of first biometric templates and a plurality of second biometric templates, the plurality of first biometric templates corresponding to the plurality of second biometric templates one-to-one, and a corresponding one of the first biometric templates and one of the second biometric templates belong to a same preset biometric template;
    the TEE module is further configured to perform first matching on the at least part of data and each of the plurality of first biometric templates to obtain a first matching result corresponding to each of the plurality of first biometric templates;
    correspondingly, the SE module is configured to sort the plurality of second biometric templates according to an order from high to low of a plurality of matching degrees indicated by a plurality of first matching results corresponding to the plurality of first biometric templates; sequentially performing second matching on the at least another part of data and the plurality of second biological characteristic templates according to the sequence; and obtaining a second matching result when second matching of the at least another part of data and a second biological characteristic template is completed, and determining a biological identification result corresponding to the second biological characteristic template according to the second matching result and the first matching result.
  24. The apparatus of any one of claims 17-23, wherein the biometric template is at least one of a fingerprint template, a face template, or an iris template.
CN201980006480.3A 2019-03-22 2019-03-22 Biometric identification method and device Pending CN111989693A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/079339 WO2020191547A1 (en) 2019-03-22 2019-03-22 Biometric recognition method and apparatus

Publications (1)

Publication Number Publication Date
CN111989693A true CN111989693A (en) 2020-11-24

Family

ID=72610456

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201980006480.3A Pending CN111989693A (en) 2019-03-22 2019-03-22 Biometric identification method and device

Country Status (2)

Country Link
CN (1) CN111989693A (en)
WO (1) WO2020191547A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114629837A (en) * 2022-03-18 2022-06-14 澜途集思(深圳)数字科技有限公司 Ecological biological identification method based on NoC algorithm

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105989490B (en) * 2014-08-12 2019-11-05 神盾股份有限公司 Electronic device and method for controlling fingerprint identification
CN107211026B (en) * 2015-03-22 2021-01-08 苹果公司 Method and apparatus for user authentication and human intent verification in mobile devices
CN105704332B (en) * 2016-04-27 2020-02-28 中国银联股份有限公司 Mobile payment method and device
CN107113170B (en) * 2017-03-13 2019-01-29 深圳市汇顶科技股份有限公司 Biometric templates preservation, verification method and biometric devices, terminal
CN107483213B (en) * 2017-08-23 2020-02-21 北京华大智宝电子系统有限公司 Security authentication method, related device and system
CN108389049A (en) * 2018-01-08 2018-08-10 北京握奇智能科技有限公司 Identity identifying method, device and mobile terminal

Also Published As

Publication number Publication date
WO2020191547A1 (en) 2020-10-01

Similar Documents

Publication Publication Date Title
US11588653B2 (en) Blockchain-based smart contract call methods and apparatus, and electronic device
US20210286870A1 (en) Step-Up Authentication
KR102204247B1 (en) Apparatus and Method for processing biometric information in a electronic device
US9712524B2 (en) Method and apparatus for user authentication
JP2022532677A (en) Identity verification and management system
US11706199B2 (en) Electronic device and method for generating attestation certificate based on fused key
KR102090940B1 (en) Method and system for extracting characteristic information
US11552944B2 (en) Server, method for controlling server, and terminal device
US20220164423A1 (en) Method and apparatus for user recognition
WO2018205468A1 (en) Biometric transaction processing method, electronic device and storage medium
WO2020220212A1 (en) Biological feature recognition method and electronic device
CN112084476A (en) Biological identification identity verification method, client, server, equipment and system
CN114462007A (en) Personal authentication system using user biological information
EP3543938B1 (en) Authentication of a transaction card using a multimedia file
CN111989693A (en) Biometric identification method and device
CN111274563A (en) Security authentication method and related device
US10902106B2 (en) Authentication and authentication mode determination method, apparatus, and electronic device
CN111931148A (en) Image processing method and device and electronic equipment
CN110321758B (en) Risk management and control method and device for biological feature recognition
CN113409051B (en) Risk identification method and device for target service
KR102319708B1 (en) Apparatus and Method for processing biometric information in a electronic device
CN113826135B (en) System, method and computer system for contactless authentication using voice recognition
US20240073207A1 (en) User authentication
CN115379447A (en) Identity authentication method and mobile terminal
Verheyen Adaptive Thresholding for Fair and Robust Biometric Authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination