CN113378136B

CN113378136B - Fingerprint identification method and device, password key and storage medium

Info

Publication number: CN113378136B
Application number: CN202110640220.0A
Authority: CN
Inventors: 李玮; 廖强; 张俊峰; 夏博儒; 陈维; 谢晓民; 吴魁
Original assignee: Rock Jiahua Chongqing Technology Co ltd
Current assignee: Rock Jiahua Chongqing Technology Co ltd
Priority date: 2021-06-08
Filing date: 2021-06-08
Publication date: 2022-10-25
Anticipated expiration: 2041-06-08
Also published as: CN113378136A

Abstract

The application provides a fingerprint identification method, a fingerprint identification device, a password key and a storage medium, wherein the method comprises the following steps: acquiring a fingerprint image to be verified and a pre-stored fingerprint key ciphertext, then carrying out user-defined encryption on the fingerprint key ciphertext and sending the fingerprint key ciphertext to a main control processor so that the main control processor can decrypt the fingerprint key ciphertext in a user-defined manner and return a fingerprint key for decrypting the fingerprint key ciphertext; judging whether a fingerprint number of a fingerprint image to be verified is matched from a fingerprint encryption library by using a fingerprint key; if so, acquiring the fingerprint number in the fingerprint number library, comparing and verifying the fingerprint number in the fingerprint number library with the fingerprint number, and determining the comparison and verification result as the identification result of the fingerprint image to be verified. Fingerprint features are encrypted in advance and stored in a fingerprint encryption library, a fingerprint key for decrypting the fingerprint encryption library is encrypted and decrypted by a main control processor, and meanwhile, internal physical communication is encrypted in a user-defined mode, so that the fingerprint identification safety is improved.

Description

Fingerprint identification method and device, password key and storage medium

Technical Field

The application relates to the technical field of fingerprint identification, intelligent keys and data security, in particular to a fingerprint identification method, a fingerprint identification device, a password key and a storage medium.

Background

At present, in the process of identifying a fingerprint, a fingerprint feature or a fingerprint image is usually stored in a chip or transmitted in a plaintext manner, and a processing chip for processing the fingerprint feature or the fingerprint image is usually a common microprocessor, data stored in the common microprocessor is easily read or replaced, and data transmitted in the common microprocessor is also easily intercepted or intercepted. Therefore, there is a problem that security is not sufficient in the process of identifying a fingerprint.

Disclosure of Invention

An object of the embodiments of the present application is to provide a fingerprint identification method, an apparatus, a password key, and a storage medium, which are used to solve the problem of insufficient security in the process of identifying a fingerprint.

The embodiment of the application provides a fingerprint identification method, which comprises the following steps: acquiring a fingerprint image to be verified and a pre-stored fingerprint key ciphertext, encrypting the fingerprint key ciphertext and sending the encrypted fingerprint key ciphertext to a master control processor so that the master control processor decrypts the fingerprint key ciphertext, and returning a fingerprint key after decrypting the fingerprint key ciphertext; decrypting and extracting a preset fingerprint from the fingerprint encryption library according to the fingerprint key and matching a fingerprint number corresponding to the fingerprint image to be verified; and acquiring the fingerprint number in the fingerprint number library, comparing and verifying the fingerprint number in the fingerprint number library with the fingerprint number, and determining the comparison and verification result as the identification result of the fingerprint image to be verified. In the implementation process, the fingerprint characteristics are encrypted in advance and stored in the fingerprint encryption library, the main control processor is used for encrypting and decrypting the fingerprint key ciphertext for decrypting the encrypted fingerprint characteristics in the fingerprint encryption library, and meanwhile, data transmitted in the internal physical communication process are transmitted in a communication mode after being encrypted by self definition, so that the condition that the fingerprint characteristics or the fingerprint image are stored in a plaintext or transmitted in the plaintext is effectively avoided, and the safety in the fingerprint identification process is improved.

Optionally, in this embodiment of the present application, before determining whether the fingerprint number of the fingerprint image to be verified is matched from the fingerprint encryption library by using the fingerprint key, the method further includes: acquiring a fingerprint key ciphertext and a fingerprint image to be put in a storage, encrypting the fingerprint key ciphertext and sending the encrypted fingerprint key ciphertext to a master control processor, so that the master control processor decrypts the fingerprint key ciphertext and returns a fingerprint key after decrypting the fingerprint key ciphertext; extracting a first fingerprint characteristic of a fingerprint image to be put in storage, encrypting the first fingerprint characteristic by using a fingerprint key to obtain an encrypted fingerprint characteristic, and adding the encrypted fingerprint characteristic into a fingerprint encryption library. In the implementation process, the fingerprint key asymmetrically decrypted by the main control processor is required to be used when the fingerprint characteristics are compared each time, so that the direct storage of the fingerprint key is avoided, the possibility of cracking the fingerprint key is greatly reduced, and the safety of the fingerprint identification process is effectively improved.

Optionally, in this embodiment of the present application, the obtaining a fingerprint key ciphertext includes: judging whether the image processor stores a fingerprint key ciphertext; if not, the image processor acquires the randomly generated character string, encrypts the randomly generated character string and sends the encrypted randomly generated character string to the main control processor so that the main control processor decrypts the randomly generated character string, then performs asymmetric encryption on the randomly generated character string, and acquires and returns a fingerprint key ciphertext; and receiving and storing the fingerprint key ciphertext sent by the master control processor. In the implementation process, the fixed password is used for encrypting and randomly generating the character string for transmission when the fingerprint key is generated for the first time, and the variable password is used for encrypting and transmitting in the subsequent transmission process, so that the possibility of cracking the fingerprint key is greatly reduced, and the safety of the fingerprint identification process is improved.

Optionally, in this embodiment of the present application, the self-defined encrypting the fingerprint key ciphertext and sending the fingerprint key ciphertext to the master processor, so that the master processor decrypts the fingerprint key ciphertext in a self-defined manner, and returns the fingerprint key decrypted by the fingerprint key ciphertext, where the method includes: acquiring a user-defined session key negotiated with a master control processor in advance, and encrypting a symmetric key ciphertext by using the user-defined session key to obtain a first encrypted ciphertext of the symmetric key ciphertext; sending a first encrypted ciphertext of the symmetric key ciphertext to the master processor, so that the master processor decrypts the first encrypted ciphertext of the symmetric key ciphertext by using the custom session key to obtain the symmetric key ciphertext, decrypts the symmetric key ciphertext by using a private key of the master processor to obtain and encrypt the symmetric key, and then returns a second encrypted ciphertext of the symmetric key; and receiving and decrypting a second encrypted ciphertext of the symmetric key sent by the master control processor to obtain the symmetric key, and decrypting the fingerprint key ciphertext by using the symmetric key to obtain the fingerprint key.

Optionally, in this embodiment of the present application, the self-defined encrypting the fingerprint key ciphertext and sending the fingerprint key ciphertext to the master processor, so that the master processor decrypts the fingerprint key ciphertext and returns the fingerprint key decrypted by the fingerprint key ciphertext, where the method includes: obtaining a user-defined session key negotiated with a master control processor in advance, and symmetrically encrypting a fingerprint key ciphertext by using the user-defined session key to obtain an encrypted ciphertext of the fingerprint key ciphertext; sending the encrypted ciphertext of the fingerprint key ciphertext to the master processor, so that the master processor decrypts the encrypted ciphertext of the fingerprint key ciphertext by using the custom session key to obtain the fingerprint key ciphertext, decrypts the fingerprint key ciphertext by using a private key of the master processor to obtain and encrypt the fingerprint key, and then returns the encrypted ciphertext of the fingerprint key; and receiving and decrypting the encrypted ciphertext of the fingerprint key sent by the master control processor to obtain the fingerprint key. In the implementation process, the user-defined key negotiation is random and the symmetric encryption modes of the user-defined key negotiation and the user-defined key negotiation are the same in each communication between the image processor and the main control processor, so that the possibility of cracking the fingerprint key is greatly reduced, and the safety of the fingerprint identification process is improved.

Optionally, in this embodiment of the present application, determining whether a fingerprint number of a fingerprint image to be verified is matched from a fingerprint encryption library by using a fingerprint key includes: extracting the to-be-verified image characteristics of the to-be-verified fingerprint image; decrypting all encrypted fingerprint features in the fingerprint encryption library by using the fingerprint key to obtain a plurality of fingerprint features; and judging whether the fingerprint number corresponding to the image feature to be verified is matched from the plurality of fingerprint features. In the implementation process, when the fingerprint features need to be compared and matched, the fingerprint key is used for decrypting all the encrypted fingerprint features in the fingerprint encryption library, so that the possibility that the encrypted fingerprint features in the fingerprint encryption library are cracked is greatly reduced, and the safety of the fingerprint identification process is improved.

Optionally, in this embodiment of the present application, determining whether a fingerprint number of a fingerprint image to be verified is matched from a fingerprint encryption library by using a fingerprint key includes: extracting the to-be-verified image characteristics of the to-be-verified fingerprint image; encrypting the image features to be verified by using a fingerprint key to obtain the fingerprint features to be verified; and judging whether the fingerprint number corresponding to the fingerprint feature to be verified is matched from all the encrypted fingerprint features in the fingerprint encryption library. In the implementation process, the fingerprint key is used for encrypting the image features to be verified to obtain the fingerprint features to be verified, and the fingerprint numbers corresponding to the fingerprint features to be verified are matched from all encrypted fingerprint features in the fingerprint encryption library, so that the problem that the fingerprint features are stolen or cracked during comparison is solved, and the safety in the process of identifying the fingerprint is effectively improved.

Optionally, in this embodiment of the present application, comparing and verifying the fingerprint number in the fingerprint number library with the fingerprint number, and then determining a result of the comparison and verification as an identification result of the fingerprint image to be verified, includes: judging whether the comparison between the fingerprint number and the fingerprint number in the fingerprint number library is the same; if so, determining the identification result as successful identification, otherwise, determining the identification result as failed identification. In the implementation process, the identification result of the fingerprint image to be verified is determined by comparing whether the fingerprint numbers are the same or not, rather than directly comparing the fingerprint characteristics to determine the identification result of the fingerprint image to be verified, so that the problem that the fingerprint characteristics are stolen or cracked during comparison is avoided, and the safety of the fingerprint identification process is effectively improved.

The embodiment of the present application further provides a fingerprint identification device, including: an image processor and a master processor; the image processor is electrically connected with the main control processor; the image processor includes: the ciphertext acquiring and sending module and the fingerprint number matching module; the master processor includes: the ciphertext decryption sending module and the identification result determining module; the ciphertext acquisition and transmission module is used for acquiring a fingerprint image to be verified and a fingerprint key ciphertext stored in advance, then carrying out user-defined encryption on the fingerprint key ciphertext and transmitting the fingerprint key ciphertext to the master control processor; the ciphertext decryption sending module is used for decrypting the fingerprint key ciphertext in a user-defined mode and returning the fingerprint key after the fingerprint key ciphertext is decrypted; the fingerprint number matching module is used for judging whether the fingerprint number of the fingerprint image to be verified is matched from the fingerprint encryption library by using the fingerprint key; and the identification result determining module is used for acquiring the fingerprint number in the fingerprint number library if the fingerprint number of the fingerprint image to be verified is matched from the fingerprint encryption library by using the fingerprint key, comparing and verifying the fingerprint number in the fingerprint number library with the fingerprint number of the fingerprint image to be verified, and determining the comparison and verification result as the identification result of the fingerprint image to be verified.

Optionally, in this embodiment of the application, the data obtaining and sending module further includes: the fingerprint key ciphertext judging module is used for judging whether a fingerprint key ciphertext is stored or not; the string encryption sending module is used for acquiring a randomly generated character string if the fingerprint key ciphertext is not stored, encrypting the randomly generated character string and sending the encrypted character string to the master control processor; the string decryption and encryption module is used for decrypting the randomly generated character string, then carrying out asymmetric encryption on the randomly generated character string, and obtaining and returning a fingerprint key ciphertext; and the ciphertext receiving and storing module is used for receiving and storing the fingerprint key ciphertext sent by the master control processor.

Optionally, in this embodiment of the application, the ciphertext obtaining and sending module is specifically configured to obtain a custom session key negotiated with the master processor in advance, perform symmetric encryption on the fingerprint key ciphertext by using the custom session key, obtain an encrypted ciphertext of the fingerprint key ciphertext, and send the encrypted ciphertext of the fingerprint key ciphertext to the master processor; the ciphertext decryption sending module is specifically used for decrypting the encrypted ciphertext of the fingerprint key ciphertext by using the user-defined session key to obtain a fingerprint key ciphertext, decrypting the fingerprint key ciphertext by using a private key of the master control processor to obtain and encrypt a fingerprint key, and then returning the encrypted ciphertext of the fingerprint key; and receiving and decrypting the encrypted ciphertext of the fingerprint key sent by the master control processor to obtain the fingerprint key.

Optionally, in this embodiment of the present application, the fingerprint number matching module includes: the first characteristic extraction module is used for extracting the characteristic of the fingerprint image to be verified; the fingerprint characteristic acquisition module is used for decrypting all encrypted fingerprint characteristics in the fingerprint encryption library by using the fingerprint key to obtain a plurality of fingerprint characteristics; and the first number matching module is used for judging whether the fingerprint number of the image feature to be verified is matched from the plurality of fingerprint features.

Optionally, in this embodiment of the present application, the fingerprint number matching module includes: the second characteristic extraction module is used for extracting the characteristic of the fingerprint image to be verified; the encrypted feature obtaining module is used for encrypting the image features to be verified by using the fingerprint key to obtain the fingerprint features to be verified; and the second number matching module is used for judging whether the fingerprint number corresponding to the fingerprint feature to be verified is matched from all the encrypted fingerprint features in the fingerprint encryption library.

Optionally, in an embodiment of the present application, the identification result determining module includes: the number comparison judging module is used for judging whether the fingerprint numbers are the same as the fingerprint numbers in the fingerprint number library in comparison; and the comparison identification determining module is used for determining the identification result as successful identification if the fingerprint number is the same as the fingerprint number in the fingerprint number library in comparison, and otherwise, determining the identification result as failed identification.

The embodiment of the present application further provides a password key, including: the system comprises an image processor, a main control processor and a power supply circuit; the power supply circuit is respectively electrically connected with the image processor and the main control processor; the image processor is used for acquiring a fingerprint image to be verified and a pre-stored fingerprint key ciphertext, then carrying out user-defined encryption on the fingerprint key ciphertext and sending the fingerprint key ciphertext to the master control processor; the master control processor is used for self-defining and decrypting the fingerprint key ciphertext and returning the fingerprint key after decrypting the fingerprint key ciphertext; the image processor is also used for judging whether the fingerprint number of the fingerprint image to be verified is matched from the fingerprint encryption library by using the fingerprint key; the main control processor is further used for obtaining the fingerprint number in the fingerprint number library if the fingerprint number of the fingerprint image to be verified is matched from the fingerprint encryption library by using the fingerprint key, comparing and verifying the fingerprint number in the fingerprint number library and the fingerprint number of the fingerprint image to be verified, and determining the comparison and verification result as the identification result of the fingerprint image to be verified.

Embodiments of the present application also provide a computer-readable storage medium having a computer program stored thereon, where the computer program is executed by a processor to perform the method as described above.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.

Fig. 1 is a schematic structural diagram of a cipher key provided in an embodiment of the present application;

FIG. 2 is a schematic flow chart of a fingerprint identification method provided in an embodiment of the present application;

fig. 3 is a schematic flowchart illustrating a custom negotiation key provided in an embodiment of the present application;

fig. 4 is a schematic structural diagram of a fingerprint identification device according to an embodiment of the present application.

Detailed Description

The technical solution in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.

Before describing the fingerprint identification method provided in the embodiment of the present application, some concepts related to the embodiment of the present application are described:

symmetric-key encryption (also called Symmetric encryption, private key encryption, or shared key encryption) refers to an encryption algorithm that uses the same key for encryption and decryption, that is, an encryption password known to both the communication parties used for encryption and decryption.

The asymmetric encryption algorithm refers to an encryption algorithm using different keys for encryption and decryption, which is also called public-private key encryption, that is, an encryption key is used for encryption and decryption, the encryption key includes a public key and a private key, the public key is a public key (but in the embodiment of the present application, the public key is a non-public key stored in the master processor), and the private key is a non-public key.

It should be noted that, the fingerprint in the fingerprint identification method provided in the embodiment of the present application refers to a general name of a personal identity used for identification, and the fingerprint includes, but is not limited to: finger texture, finger vein texture, eye iris texture, or facial feature texture, etc.

Please refer to fig. 1, which illustrates a schematic structural diagram of a password key provided in the embodiment of the present application; the fingerprint identification method provided by the embodiment of the application can be executed by the password key, and the password key comprises the following steps: the device comprises an image processor, a main control processor and a power supply circuit; the power supply circuit is electrically connected with the image processor and the main control processor respectively, and can provide power supply support for the image processor and the main control processor.

The image processor is also called a fingerprint image processor, the image processor is a secure encryption microprocessor chip integrating a hardmac accelerator (not shown) and a true random number generator (not shown), and the image processor can support encryption storage and encryption communication functions; the encryption and decryption operation process is accelerated in a hardware mode through a hardmac accelerator, so that the encryption and decryption operation speed and safety can be effectively improved; the true random number is generated by the true random number generator, so that the probability that the traditional pseudo random number is predicted is effectively avoided, and the safety of the encryption and decryption operation process is improved.

The master processor may store a non-public preset public key and a private key corresponding to the public key (the roles of the non-public key and the private key will be described in detail below), and the image processor and the master processor each store a fixed password for generating a session key required for encrypting transmission data. The master processor may also be used to communicate with a host device for transmitting the results of the fingerprinting, the specific authentication process being described in detail below.

Before describing the fingerprint identification method provided by the embodiment of the present application, application scenarios to which the fingerprint identification method is applicable are described, where the application scenarios include, but are not limited to: the system comprises an electronic safe case safety protection system, an entrance guard safety protection monitoring system, financial payment identity authentication and other scenes; taking the electronic safety box safety protection system as an example, the fingerprint identification method can be used for improving the safety of the electronic safety box, and if the fingerprint number is not matched in the fingerprint encryption library or the fingerprint number comparison and verification fails, the electronic safety box can give an early warning or alarm to the owner of the password key.

Please refer to fig. 2, which is a schematic flow chart of a fingerprint identification method according to an embodiment of the present application; the fingerprint identification method has the main ideas that fingerprint features are encrypted in advance and stored in a fingerprint encryption library, a fingerprint key ciphertext used for decrypting the encrypted fingerprint features in the fingerprint encryption library is encrypted and decrypted by a main control processor, and meanwhile, data transmitted in the internal physical communication process are communicated and transmitted after being encrypted by self-definition, so that the condition that the fingerprint features or fingerprint images are stored in a plaintext or transmitted in the plaintext is effectively avoided, and the safety of the fingerprint identification process is improved; the fingerprint identification method may include:

step S110: acquiring a fingerprint image to be verified and a pre-stored fingerprint key ciphertext, performing user-defined encryption on the fingerprint key ciphertext and sending the fingerprint key ciphertext to the main control processor, so that the main control processor can decrypt the fingerprint key ciphertext in a user-defined mode and return a fingerprint key after decrypting the fingerprint key ciphertext.

The fingerprint image to be verified refers to an image to be verified of personal identity characteristics, the fingerprint herein refers to a general name of personal identity characteristics used for identity recognition, and the fingerprint image to be verified herein includes but is not limited to: finger texture images, finger vein texture images, eye iris texture images, or face feature texture images, and the like.

There are many embodiments of the step S110, including but not limited to the following:

in a first embodiment, the image processor directly sends the fingerprint key ciphertext to the master processor, so that the master processor asymmetrically decrypts the fingerprint key ciphertext to obtain the fingerprint key, and then returns the fingerprint key to the image processor, where the embodiment includes:

step S111: and the image processor acquires the fingerprint image to be verified and the fingerprint key ciphertext stored in advance.

The obtaining method of the fingerprint image to be verified in the step S111 includes: in a first obtaining mode, a fingerprint collecting unit in fig. 1 is used for collecting an image of a target object to obtain a fingerprint image to be verified; then the fingerprint acquisition unit sends a fingerprint image to be verified to the image processor, the image processor receives the fingerprint image to be verified sent by the fingerprint acquisition unit, and the image processor can store the fingerprint image to be verified into a file system, a database or mobile storage equipment; the second obtaining method is to obtain a pre-stored fingerprint image to be verified, and specifically includes: acquiring a fingerprint image to be verified from a file system, or acquiring the fingerprint image to be verified from a database, or acquiring the fingerprint image to be verified from a mobile storage device; and in the third acquisition mode, software such as a browser is used for acquiring the fingerprint image to be verified on the Internet, or other application programs are used for accessing the Internet to acquire the fingerprint image to be verified.

The fingerprint key ciphertext in step S111 may be obtained, for example, by: because the fingerprint key ciphertext is stored when the fingerprint encryption library is constructed, the fingerprint key ciphertext can be acquired from various storage devices or storage equipment; specific examples thereof include: the method comprises the steps of obtaining a fingerprint key ciphertext from a file system of an image processor, or obtaining the fingerprint key ciphertext from a database of the image processor, or obtaining the fingerprint key ciphertext from a Universal Flash Storage (Universal Flash Storage) area of the image processor.

Step S112: the image processor obtains a user-defined session key negotiated with the main control processor in advance, symmetrically encrypts the fingerprint key ciphertext by using the user-defined session key to obtain an encrypted ciphertext of the fingerprint key ciphertext, and sends the encrypted ciphertext of the fingerprint key ciphertext to the main control processor.

Please refer to fig. 3, which illustrates a schematic flow chart of a custom negotiation key provided in an embodiment of the present application; it is understood that the pre-negotiated custom session key between the image processor and the master processor is obtained by negotiating a custom key negotiation process, and the specific process is described in detail below. The embodiment of the step S112 is, for example: the image processor generates a first random number, encrypts the first random number by using a pre-stored fixed password to obtain a first communication ciphertext, and then sends the first communication ciphertext to the master control processor; after receiving a first communication ciphertext sent by an image processor, a main control processor decrypts the first communication ciphertext by using the fixed password to obtain a first random number, then generates a second random number, uses the first random number and the second random number as a self-defined session key for next communication, finally encrypts the second random number by using the fixed password to obtain a second communication ciphertext, and sends the second communication ciphertext to the image processor; after receiving the second communication ciphertext, the image processor decrypts the second communication ciphertext by using the fixed password to obtain a second random number, and then uses the generated first random number and the decrypted second random number as a self-defined session key of the next communication; the image processor and the main control processor both obtain random and consistent user-defined session keys each time through the process. The image processor obtains a user-defined session key negotiated with the master processor in advance, symmetrically encrypts the fingerprint key ciphertext by using the user-defined session key to obtain an encrypted ciphertext of the fingerprint key ciphertext, and sends the encrypted ciphertext of the fingerprint key ciphertext to the master processor.

Step S113: the main control processor receives the first encryption of the fingerprint key ciphertext sent by the image processor, then decrypts the encrypted ciphertext of the fingerprint key ciphertext by using the custom session key to obtain the fingerprint key ciphertext, asymmetrically decrypts the fingerprint key ciphertext by using the private key of the main control processor to obtain the fingerprint key, then encrypts the fingerprint key by using the custom session key to obtain the encrypted ciphertext of the fingerprint key, and sends the encrypted ciphertext of the fingerprint key to the image processor.

The embodiment of step S113 described above is, for example: after receiving the encrypted ciphertext of the fingerprint key ciphertext sent by the image processor, the master control processor symmetrically decrypts the encrypted ciphertext of the fingerprint key ciphertext by using the user-defined session key to obtain the fingerprint key ciphertext; and then, the master control processor asymmetrically decrypts the fingerprint key ciphertext by using a preset private key to obtain a fingerprint key, encrypts the fingerprint key by using a self-defined session key to obtain an encrypted ciphertext of the fingerprint key, and sends the encrypted ciphertext of the fingerprint key to the image processor, wherein the private key corresponds to the preset public key.

Step S114: and the image processor receives the encrypted ciphertext of the fingerprint key sent by the main control processor, decrypts the encrypted ciphertext of the fingerprint key by using the pre-negotiated custom session key to obtain the fingerprint key, wherein the fingerprint key is used for decrypting the fingerprint feature ciphertext in the fingerprint encryption library.

In the second embodiment, the image processor sends a symmetric key ciphertext for decrypting the fingerprint key ciphertext to the master processor, the master processor receives and decrypts the symmetric key ciphertext, and returns the symmetric key obtained by decryption to the image processor, and the image processor receives and decrypts the fingerprint key ciphertext by using the symmetric key, so as to obtain the fingerprint key; the implementation may include:

step S115: the image processor obtains a user-defined session key negotiated with the master control processor in advance, and encrypts a symmetric key ciphertext by using the user-defined session key to obtain a first encrypted ciphertext of the symmetric key ciphertext.

Step S116: the image processor sends a first encrypted ciphertext of the symmetric key ciphertext to the master processor.

Step S117: the master control processor decrypts the first encrypted ciphertext of the symmetric key ciphertext by using the user-defined session key to obtain a symmetric key ciphertext, decrypts the symmetric key ciphertext by using a private key of the master control processor to obtain a symmetric key, encrypts the symmetric key by using the user-defined session key to obtain a second encrypted ciphertext of the symmetric key, and then returns the second encrypted ciphertext of the symmetric key to the image processor;

step S118: and the image processor receives the second encrypted ciphertext of the symmetric key sent by the main control processor, obtains the symmetric key by using the second encrypted ciphertext of the symmetric key sent by the main control processor, and decrypts the fingerprint key ciphertext by using the symmetric key to obtain the fingerprint key.

After step S110, step S120 is performed: and judging whether the fingerprint key is used for matching the fingerprint number of the fingerprint image to be verified from the fingerprint encryption library.

It will be appreciated that before the fingerprint encryption library is used, a fingerprint encryption library also needs to be constructed, and the embodiment of constructing the fingerprint encryption library before step S120 includes:

step S121: the image processor acquires the fingerprint key ciphertext and the fingerprint image to be stored in the database, encrypts the fingerprint key ciphertext and sends the encrypted fingerprint key ciphertext to the master control processor.

It is understood that the implementation principle and the acquisition manner of the fingerprint image to be warehoused in the step S121 are similar to those of the fingerprint image to be verified in the step S111, and therefore, the implementation principle and the implementation manner of the fingerprint image to be warehoused in the step S121 are not explained here, and if not clear, reference may be made to the description of the step S111.

The manner of obtaining the fingerprint key ciphertext in step S121 includes:

in the first acquisition mode, the image processor acquires a fingerprint key, namely the fingerprint key is acquired or generated by the image processor, the fingerprint key is used for encrypting fingerprint features to be stored, then the fingerprint key is symmetrically encrypted and sent to the master processor, so that the master processor symmetrically decrypts to obtain the fingerprint key, and the fingerprint key is asymmetrically encrypted and a fingerprint key ciphertext is returned. The embodiment specifically includes, for example: the image processor and the main control processor negotiate in advance to communicate to obtain a user-defined session key, and the image processor judges whether a fingerprint key ciphertext is stored or not. If the image processor does not store the fingerprint key ciphertext, the image processor acquires the randomly generated character string, uses the randomly generated character string as a fingerprint key, then uses the user-defined session key to symmetrically encrypt the fingerprint key to obtain a first session ciphertext, and then sends the first session ciphertext to the master control processor. After receiving the first session ciphertext, the main control process symmetrically decrypts the first session ciphertext by using a user-defined session key obtained by pre-negotiation communication to obtain a fingerprint key; and then, asymmetrically encrypting the fingerprint key by using a preset public key to obtain a fingerprint key ciphertext (namely a randomly generated character string generated by the image processor), finally, symmetrically encrypting the fingerprint key ciphertext by using the user-defined session key to obtain a second session ciphertext, and sending the second session ciphertext to the image processor. After receiving the second session ciphertext, the image processor may use the custom session key to symmetrically decrypt the second session ciphertext to obtain and store a fingerprint key ciphertext. When the fingerprint features need to be put in a storage, the image processor uses the user-defined session key to symmetrically encrypt the fingerprint key ciphertext to obtain a third session ciphertext, and then sends the third session ciphertext to the master control processor.

A second acquisition mode, which is similar in principle to the first acquisition mode, except that the fingerprint key is acquired or generated by the master processor, rather than by the image processor. The embodiment specifically includes, for example: the main control processor acquires a fingerprint key through manual setting or random generation, performs asymmetric encryption on the fingerprint key by using a preset public key to acquire a fingerprint key ciphertext, and then performs symmetric encryption on the fingerprint key ciphertext by using a user-defined session key to acquire a second session ciphertext; and finally, sending the second session ciphertext to the image processor. After receiving the second session ciphertext, the image processor may use the custom session key to symmetrically decrypt the second session ciphertext to obtain and store a fingerprint key ciphertext. When the fingerprint features need to be put in a storage, the image processor uses the user-defined session key to symmetrically encrypt the fingerprint key ciphertext to obtain a third session ciphertext, and then sends the third session ciphertext to the master control processor.

Step S122: and the main control processor receives the encrypted ciphertext of the fingerprint key ciphertext sent by the image processor, decrypts the fingerprint key ciphertext and returns the fingerprint key after asymmetrically decrypting the fingerprint key ciphertext.

The embodiment of step S122 is, for example: after receiving the third session ciphertext sent by the image processor, the master control processor decrypts the third session ciphertext by using the user-defined session key to obtain a fingerprint key ciphertext; then, asymmetrically decrypting the fingerprint key ciphertext by using the preset private key to obtain a fingerprint key; wherein the private key is corresponding to the above preset public key. And finally, the master control processor uses the user-defined session key to symmetrically encrypt the fingerprint key to obtain a fourth session ciphertext and sends the fourth session ciphertext to the image processor.

Step S123: the image processor extracts a first fingerprint feature of the fingerprint image to be put in storage, encrypts the first fingerprint feature by using the fingerprint key to obtain an encrypted fingerprint feature, and then adds the encrypted fingerprint feature into a fingerprint encryption library.

The embodiment of the step S123 is, for example: after receiving the fourth session ciphertext sent by the image processor, the image processor symmetrically decrypts the fourth session ciphertext by using the custom session key to obtain a fingerprint key; then, the image processor extracts the features of the fingerprint image to be put in storage to obtain a first fingerprint feature, encrypts the first fingerprint feature by using the fingerprint key obtained by decryption to obtain an encrypted fingerprint feature, and then adds the obtained encrypted fingerprint feature into a fingerprint encryption library.

There are many embodiments of the above step S120, including but not limited to the following:

in a first embodiment, all fingerprint features are changed into a plaintext state for matching, and the overall idea of plaintext matching is to decrypt all fingerprint features in a fingerprint encryption library first and match a fingerprint number from all fingerprint features, where the embodiment may include:

step S124: and the image processor extracts the to-be-verified image characteristics of the to-be-verified fingerprint image.

The embodiment of the step S124 is, for example: the image processor extracts the features of the fingerprint image to be verified by using a pre-trained neural network model to obtain the features of the image to be verified; the neural network model herein includes but is not limited to: leNet network model, alexNet network model, VGG network model, googLeNet network model, resNet network, and DarkNet, among others.

Step S125: the image processor decrypts all encrypted fingerprint features in the fingerprint encryption library by using the fingerprint key to obtain a plurality of fingerprint features.

The embodiment of the step S125 is, for example: the image processor decrypts all encrypted fingerprint features in the fingerprint encryption library by using a fingerprint key through a symmetric encryption and decryption algorithm to obtain a plurality of fingerprint features; the symmetric encryption and decryption algorithm which can be used comprises the following steps: data Encryption Standard (DES), 3DES, RC4, RC5, RC6, advanced Encryption Standard (AES), national secret SM4, and the like.

Step S126: and the image processor judges whether the fingerprint number corresponding to the image feature to be verified is matched from the plurality of fingerprint features.

The embodiment of step S126 described above is, for example: the image processor judges whether the similarity between each fingerprint feature in the plurality of fingerprint features decrypted by the fingerprint encryption library and the feature of the image to be verified exceeds a preset proportion; if the similarity of the fingerprint features and the image features to be verified exceeds a preset proportion, finding out a fingerprint number corresponding to the fingerprint features from a fingerprint encryption library; and if the similarity between the fingerprint feature and the image feature to be verified does not exceed the preset proportion, continuously judging the next decrypted fingerprint feature in the fingerprint encryption library. Wherein, the preset proportion refers to a preset percentage proportion, and the percentage proportion can be set according to specific actual conditions, for example: may be set to 70%, 80%, or 90%, etc.

The second implementation mode is that the fingerprint characteristics in the ciphertext state in the fingerprint encryption library are reserved, and the fingerprint characteristics to be verified are changed into fingerprint characteristics in the ciphertext state to be matched with the fingerprint characteristics in the ciphertext state in the library, and the implementation mode comprises the following steps:

step S127: and the image processor extracts the to-be-verified image characteristics of the to-be-verified fingerprint image.

The implementation principle and the implementation mode of step S127 are similar to those of step S124, and therefore, the implementation principle and the implementation mode are not described herein, and if it is unclear, reference may be made to the description of step S124.

Step S128: and the image processor encrypts the image characteristics to be verified by using the fingerprint key to obtain the fingerprint characteristics to be verified.

The embodiment of step S128 described above is, for example: it can be understood that, since the encryption algorithm allows a specific form of algebraic operation on the ciphertext to obtain a result that is still encrypted, and the result obtained by decrypting the ciphertext is the same as the result obtained by performing the same operation on the plaintext, that is, the operation on plaintext data and the operation on ciphertext data by the encryption algorithm can obtain the same result, the fingerprint features in the ciphertext state can be matched to obtain the matching result that the plaintext matches the same, and specifically, the image processor can encrypt the image feature to be verified by using the fingerprint key corresponding to the encryption algorithm to obtain the fingerprint feature to be verified.

Step S129: and the image processor judges whether the fingerprint serial number corresponding to the fingerprint feature to be verified is matched from all the encrypted fingerprint features in the fingerprint encryption library.

The implementation principle and implementation manner of step S129 are similar to those of step S126, except that the fingerprint features in step S129 are matched in the ciphertext state, and the fingerprint features in step S126 are matched in the plaintext state; therefore, the implementation principle and the implementation mode thereof will not be explained here, and if it is not clear, reference may be made to the description of step S126.

After step S120, step S130 is performed: and if the fingerprint number of the fingerprint image to be verified is matched from the fingerprint encryption library by using the fingerprint key, acquiring the fingerprint number in the fingerprint number library, comparing and verifying the fingerprint number in the fingerprint number library with the fingerprint number of the fingerprint image to be verified, and determining the comparison and verification result as the identification result of the fingerprint image to be verified.

There are many embodiments of the above step S130, including but not limited to the following:

in a first embodiment, the master processor performs a process of comparing and verifying fingerprint numbers in the fingerprint number library, which may include:

step S131: the master processor obtains all the fingerprint numbers in the fingerprint number library.

The embodiment of the step S131 is, for example: in a first embodiment, the fingerprint number may be stored in a file system of the master processor, and then the master processor may obtain a pre-stored fingerprint number library from the file system, for example: and acquiring a fingerprint number library file from the file system, and then extracting all fingerprint numbers from the fingerprint number library file acquired from the file system. In a second embodiment, the fingerprint numbers may be stored in the database of the master processor, and then all the fingerprint number databases stored in advance may be queried from the fingerprint number database of the master processor, and the database may be an SQLite database.

Step S132: and the main control processor judges whether the fingerprint number of the fingerprint image to be verified is the same as the fingerprint number in the fingerprint number library in comparison.

Step S133: and if the fingerprint number of the fingerprint image to be verified is the same as one of the fingerprint numbers in the fingerprint number library, the main control processor determines the identification result as successful identification and sends an identification success signal to the host equipment.

Step S134: and if the fingerprint number of the fingerprint image to be verified is different from all the fingerprint numbers in the fingerprint number library, determining the identification result as identification failure by the main control processor, and sending an identification failure signal to the host equipment.

The embodiments of the above steps S132 to S134 are, for example: the main control processor compares the fingerprint number of the fingerprint image to be verified with all the fingerprint numbers in the fingerprint number library; if the fingerprint number of the fingerprint image to be verified is the same as the fingerprint number in the fingerprint number library, the main control processor determines the identification result as successful identification, encrypts the successful identification signal by using the encryption mode of the main control processor and the host equipment to obtain an encrypted successful identification signal, and finally sends the encrypted successful identification signal to the host equipment; and if the fingerprint number of the fingerprint image to be verified is different from all the fingerprint numbers in the fingerprint number library, determining the identification result as identification failure by the main control processor, encrypting the identification failure signal by using an encryption mode of the main control processor and the host equipment, and obtaining the encrypted identification failure signal sent to the host equipment.

In a second embodiment, the image processor performs a process of comparing and verifying the fingerprint numbers in the fingerprint number library, and the embodiment may include:

step S135: the image processor acquires a fingerprint number in a fingerprint number library.

The implementation principle and implementation manner of step S135 are similar to those of step S131, and therefore, the implementation principle and implementation manner will not be described here, and if it is not clear, reference may be made to the description of step S131.

Step S136: the image processor judges whether the fingerprint number of the fingerprint image to be verified is the same as the fingerprint number in the fingerprint number library in comparison.

Step S137: if the fingerprint number of the fingerprint image to be verified is the same as one of the fingerprint numbers in the fingerprint number library, the image processor determines the identification result as successful identification and sends an identification success signal to the main control processor, so that the main control processor sends the identification success signal to the host equipment.

Step S138: if the fingerprint number of the fingerprint image to be verified is different from all the fingerprint numbers in the fingerprint number library, the image processor determines the identification result as identification failure and sends an identification failure signal to the main control processor, so that the main control processor sends the identification failure signal to the host equipment.

The implementation principle and implementation manner of steps S136 to S138 are similar to those of steps S132 to S134, and therefore, the implementation principle and implementation manner will not be described here, and if it is not clear, reference may be made to the description of steps S132 to S134.

In the implementation process, firstly, a fingerprint image to be verified and a pre-stored fingerprint key ciphertext are obtained, and then the fingerprint key ciphertext is encrypted and sent to a master control processor; then, judging whether the fingerprint number of the fingerprint image to be verified is matched from the fingerprint encryption library by using the fingerprint key, and determining whether the fingerprint number of the fingerprint image to be verified is compared and verified according to a matching result; and finally, acquiring the fingerprint number in the fingerprint number library, and comparing and verifying the fingerprint number in the fingerprint number library with the fingerprint number of the fingerprint image to be verified to obtain the identification result of the fingerprint image to be verified. That is to say, fingerprint features are encrypted in advance and stored in a fingerprint encryption library, a fingerprint key ciphertext used for decrypting the encrypted fingerprint features in the fingerprint encryption library is encrypted and decrypted by a main control processor, and meanwhile, data transmitted in the internal physical communication process are transmitted through communication after being encrypted by a user, so that the condition that the fingerprint features or fingerprint images are stored in a plaintext or transmitted in the plaintext is effectively avoided, and the safety of the fingerprint identification process is improved.

Please refer to fig. 4, which illustrates a schematic structural diagram of a fingerprint identification device according to an embodiment of the present application. The embodiment of the present application provides a fingerprint identification device 200, including: an image processor 210 and a master processor 220; the image processor 210 is electrically connected with the main control processor 220; the image processor 210 includes: a ciphertext acquisition and transmission module 211 and a fingerprint number matching module 212; the master processor 220 includes: a ciphertext decryption transmitting module 221 and an identification result determining module 222.

And the ciphertext acquiring and sending module 211 is configured to acquire the fingerprint image to be verified and a pre-stored fingerprint key ciphertext, perform custom encryption on the fingerprint key ciphertext, and send the fingerprint key ciphertext to the master control processor.

And the ciphertext decryption sending module 221 is configured to decrypt the fingerprint key ciphertext in a user-defined manner, and return the fingerprint key after decrypting the fingerprint key ciphertext.

And the fingerprint number matching module 212 is configured to determine whether a fingerprint number of the fingerprint image to be verified is matched from the fingerprint encryption library by using the fingerprint key.

The identification result determining module 222 is configured to, if the fingerprint number of the fingerprint image to be verified is matched from the fingerprint encryption library by using the fingerprint key, obtain the fingerprint number in the fingerprint number library, compare and verify the fingerprint number in the fingerprint number library with the fingerprint number of the fingerprint image to be verified, and then determine a result of the comparison and verification as an identification result of the fingerprint image to be verified.

Optionally, in an embodiment of the present application, an embodiment of the present application provides a password key, where the password key may include: an image processor and a master processor; wherein the image processor may include: the system comprises a data acquisition and transmission module and a fingerprint feature storage module; the master processor may include: fingerprint key obtains module.

And the data acquisition and transmission module is used for acquiring the fingerprint key ciphertext and the fingerprint image to be put in storage, encrypting the fingerprint key ciphertext and transmitting the encrypted fingerprint key ciphertext to the master control processor.

And the fingerprint key acquisition module is used for decrypting the fingerprint key ciphertext and returning the fingerprint key after decrypting the fingerprint key ciphertext.

And the fingerprint feature storage module is used for extracting a first fingerprint feature of the fingerprint image to be stored in a storage, encrypting the first fingerprint feature by using a fingerprint key to obtain an encrypted fingerprint feature, and then adding the encrypted fingerprint feature into a fingerprint encryption library.

Optionally, in this embodiment of the application, the data obtaining and sending module further includes:

and the fingerprint key ciphertext judging module is used for judging whether the fingerprint key ciphertext is stored or not.

And the string encryption sending module is used for acquiring the randomly generated character string if the fingerprint key ciphertext is not stored, encrypting the randomly generated character string and sending the encrypted character string to the master control processor.

And the string decryption and encryption module is used for decrypting the randomly generated character string, then carrying out asymmetric encryption on the randomly generated character string, and obtaining and returning a fingerprint key ciphertext.

And the ciphertext receiving and storing module is used for receiving and storing the fingerprint key ciphertext sent by the master control processor.

Optionally, in this embodiment of the application, the ciphertext obtaining and sending module is specifically configured to obtain a custom session key negotiated with the master processor in advance, perform symmetric encryption on the fingerprint key ciphertext by using the custom session key, obtain an encrypted ciphertext of the fingerprint key ciphertext, and send the encrypted ciphertext of the fingerprint key ciphertext to the master processor. The ciphertext decryption sending module is specifically used for decrypting the encrypted ciphertext of the fingerprint key ciphertext by using the user-defined session key to obtain a fingerprint key ciphertext, decrypting the fingerprint key ciphertext by using a private key of the master control processor to obtain and encrypt a fingerprint key, and then returning the encrypted ciphertext of the fingerprint key; and receiving and decrypting the encrypted ciphertext of the fingerprint key sent by the master control processor to obtain the fingerprint key.

Optionally, in this embodiment of the present application, the fingerprint number matching module includes:

and the first characteristic extraction module is used for extracting the characteristics of the fingerprint image to be verified.

And the fingerprint characteristic acquisition module is used for decrypting all encrypted fingerprint characteristics in the fingerprint encryption library by using the fingerprint key to obtain a plurality of fingerprint characteristics.

And the first number matching module is used for judging whether the fingerprint number of the image feature to be verified is matched from the plurality of fingerprint features.

Optionally, in this embodiment of the present application, the fingerprint number matching module may further include:

and the second characteristic extraction module is used for extracting the characteristics of the fingerprint image to be verified.

And the encrypted feature obtaining module is used for encrypting the image features to be verified by using the fingerprint key to obtain the fingerprint features to be verified.

And the second number matching module is used for judging whether the fingerprint number corresponding to the fingerprint feature to be verified is matched from all the encrypted fingerprint features in the fingerprint encryption library.

Optionally, in an embodiment of the present application, the identification result determining module includes:

and the number comparison judging module is used for judging whether the fingerprint numbers are the same as the fingerprint numbers in the fingerprint number library or not.

And the comparison identification determining module is used for determining the identification result as successful identification if the fingerprint number is the same as the fingerprint number in the fingerprint number library in comparison, and otherwise, determining the identification result as failed identification.

It should be understood that the apparatus corresponds to the above fingerprint identification method embodiment, and can perform the steps related to the above method embodiment, and the specific functions of the apparatus can be referred to the above description, and the detailed description is appropriately omitted here to avoid redundancy. The device includes at least one software functional module that can be stored in memory in the form of software or firmware (firmware) or solidified in the Operating System (OS) of the device.

The embodiment of the application provides a password key, includes: the system comprises an image processor, a main control processor and a power supply circuit; the power supply circuit is respectively electrically connected with the image processor and the main control processor; the image processor is used for acquiring a fingerprint image to be verified and a pre-stored fingerprint key ciphertext, encrypting the fingerprint key ciphertext and sending the encrypted fingerprint key ciphertext to the master control processor; the master control processor is used for decrypting the fingerprint key ciphertext and returning the fingerprint key after decrypting the fingerprint key ciphertext; the image processor is also used for matching a fingerprint number corresponding to the fingerprint image to be verified from the fingerprint encryption library according to the fingerprint key; the main control processor is also used for acquiring the fingerprint number in the fingerprint number library, comparing and verifying the fingerprint number in the fingerprint number library with the fingerprint number, and then determining the comparison and verification result as the identification result of the fingerprint image to be verified.

Embodiments of the present application also provide a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, the method as above is performed. The computer-readable storage medium may be implemented by any type of volatile or nonvolatile Memory device or combination thereof, such as a Static Random Access Memory (SRAM), an Electrically Erasable Programmable Read-Only Memory (EEPROM), an Erasable Programmable Read-Only Memory (EPROM), a Programmable Read-Only Memory (PROM), a Read-Only Memory (ROM), a magnetic Memory, a flash Memory, a magnetic disk, or an optical disk.

In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The apparatus embodiments described above are merely illustrative and, for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.

In addition, functional modules of the embodiments in the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.

In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.

The above description is only an alternative embodiment of the embodiments of the present application, but the scope of the embodiments of the present application is not limited thereto, and any person skilled in the art can easily conceive of changes or substitutions within the technical scope of the embodiments of the present application, and all the changes or substitutions should be covered by the scope of the embodiments of the present application.

Claims

1. A fingerprint identification method, comprising:

acquiring a fingerprint image to be verified and a pre-stored fingerprint key ciphertext, performing custom encryption on the fingerprint key ciphertext and sending the fingerprint key ciphertext to a master control processor so that the master control processor can decrypt the fingerprint key ciphertext in a custom manner and return a fingerprint key after decrypting the fingerprint key ciphertext;

judging whether the fingerprint key is used for matching the fingerprint number of the fingerprint image to be verified from a fingerprint encryption library;

if so, acquiring a fingerprint number in a fingerprint number library, comparing and verifying the fingerprint number in the fingerprint number library with the fingerprint number of the fingerprint image to be verified, and determining the result of comparison and verification as the identification result of the fingerprint image to be verified;

the user-defined encryption of the fingerprint key ciphertext and the sending of the fingerprint key ciphertext to a master processor are performed, so that the master processor decrypts the fingerprint key ciphertext in a user-defined manner and returns a fingerprint key decrypted by the fingerprint key ciphertext, and the fingerprint key decryption method comprises the following steps: obtaining a user-defined session key negotiated with the master control processor in advance, and encrypting a symmetric key ciphertext by using the user-defined session key to obtain a first encrypted ciphertext of the symmetric key ciphertext; sending a first encrypted ciphertext of the symmetric key ciphertext to the master processor, so that the master processor decrypts the first encrypted ciphertext of the symmetric key ciphertext using the custom session key to obtain the symmetric key ciphertext, decrypts the symmetric key ciphertext using a private key of the master processor, obtains and encrypts the symmetric key, and then returns a second encrypted ciphertext of the symmetric key; receiving and decrypting a second encrypted ciphertext of the symmetric key sent by the master control processor to obtain the symmetric key, and decrypting the fingerprint key ciphertext by using the symmetric key to obtain the fingerprint key;

or, the user-defined encrypting the fingerprint key ciphertext and sending the fingerprint key ciphertext to a master processor, so that the master processor decrypts the fingerprint key ciphertext in a user-defined manner and returns the fingerprint key decrypted by the fingerprint key ciphertext, including: obtaining a user-defined session key negotiated with the master control processor in advance, and symmetrically encrypting the fingerprint key ciphertext by using the user-defined session key to obtain an encrypted ciphertext of the fingerprint key ciphertext; sending the encrypted ciphertext of the fingerprint key ciphertext to the master processor, so that the master processor decrypts the encrypted ciphertext of the fingerprint key ciphertext by using the custom session key to obtain the fingerprint key ciphertext, decrypts the fingerprint key ciphertext by using a private key of the master processor to obtain and encrypt the fingerprint key, and then returns the encrypted ciphertext of the fingerprint key; and receiving and decrypting the encrypted ciphertext of the fingerprint key sent by the master control processor to obtain the fingerprint key.

2. The method according to claim 1, wherein before said determining whether the fingerprint number of the fingerprint image to be verified is matched from a fingerprint encryption library by using the fingerprint key, the method further comprises:

acquiring the fingerprint key ciphertext and a fingerprint image to be put in a storage, encrypting the fingerprint key ciphertext and sending the encrypted fingerprint key ciphertext to a master control processor so that the master control processor decrypts the fingerprint key ciphertext and returns a fingerprint key after decrypting the fingerprint key ciphertext;

and extracting a first fingerprint characteristic of the fingerprint image to be put in storage, encrypting the first fingerprint characteristic by using the fingerprint key to obtain an encrypted fingerprint characteristic, and then adding the encrypted fingerprint characteristic into the fingerprint encryption library.

3. The method of claim 2, wherein the obtaining the fingerprint key ciphertext comprises:

judging whether the fingerprint key ciphertext is stored or not;

if not, acquiring a randomly generated character string, encrypting the randomly generated character string and sending the encrypted randomly generated character string to a master control processor so that the master control processor decrypts the randomly generated character string, then carrying out asymmetric encryption on the randomly generated character string, and acquiring and returning the fingerprint key ciphertext;

and receiving and storing the fingerprint key ciphertext sent by the master control processor.

4. The method according to claim 1, wherein the determining whether the fingerprint number of the fingerprint image to be verified is matched from a fingerprint encryption library by using the fingerprint key comprises:

extracting the to-be-verified image characteristics of the to-be-verified fingerprint image;

decrypting all encrypted fingerprint features in the fingerprint encryption library by using the fingerprint key to obtain a plurality of fingerprint features;

and judging whether the fingerprint number of the image feature to be verified is matched from the plurality of fingerprint features.

5. The method according to claim 1, wherein the determining whether the fingerprint number of the fingerprint image to be verified is matched from a fingerprint encryption library by using the fingerprint key comprises:

encrypting the image features to be verified by using the fingerprint key to obtain the fingerprint features to be verified;

and judging whether the fingerprint number corresponding to the fingerprint feature to be verified is matched from all the encrypted fingerprint features in the fingerprint encryption library.

6. The method according to claim 1, wherein the comparing and verifying the fingerprint number in the fingerprint number library with the fingerprint number, and then determining the result of the comparing and verifying as the identification result of the fingerprint image to be verified comprises:

judging whether the fingerprint numbers are the same as the fingerprint numbers in the fingerprint number library in comparison;

and if so, determining the identification result as successful identification, otherwise, determining the identification result as failed identification.

7. A fingerprint recognition apparatus, comprising: an image processor and a master processor; the image processor is electrically connected with the main control processor; the image processor includes: the ciphertext acquiring and sending module and the fingerprint number matching module; the master processor includes: the ciphertext decryption sending module and the identification result determining module;

the ciphertext acquiring and sending module is used for acquiring a fingerprint image to be verified and a pre-stored fingerprint key ciphertext, then carrying out user-defined encryption on the fingerprint key ciphertext and sending the fingerprint key ciphertext to the main control processor so that the main control processor can decrypt the fingerprint key ciphertext in a user-defined manner and return the fingerprint key decrypted by the fingerprint key ciphertext;

the ciphertext decryption sending module is used for decrypting the fingerprint key ciphertext in a user-defined mode and returning the fingerprint key after decrypting the fingerprint key ciphertext;

the fingerprint number matching module is used for judging whether the fingerprint number of the fingerprint image to be verified is matched from a fingerprint encryption library by using the fingerprint key;

the identification result determining module is used for acquiring a fingerprint number in a fingerprint number library if the fingerprint number of the fingerprint image to be verified is matched from a fingerprint encryption library by using the fingerprint key, comparing and verifying the fingerprint number in the fingerprint number library with the fingerprint number of the fingerprint image to be verified, and then determining the result of comparison and verification as the identification result of the fingerprint image to be verified;

or, the self-defining encryption of the fingerprint key ciphertext and the sending of the fingerprint key ciphertext to a master processor so that the master processor decrypts the fingerprint key ciphertext in a self-defining manner and returns the fingerprint key decrypted by the fingerprint key ciphertext includes: obtaining a user-defined session key negotiated with the master control processor in advance, and symmetrically encrypting the fingerprint key ciphertext by using the user-defined session key to obtain an encrypted ciphertext of the fingerprint key ciphertext; sending the encrypted ciphertext of the fingerprint key ciphertext to the master processor, so that the master processor decrypts the encrypted ciphertext of the fingerprint key ciphertext by using the custom session key to obtain the fingerprint key ciphertext, decrypts the fingerprint key ciphertext by using a private key of the master processor to obtain and encrypt the fingerprint key, and then returns the encrypted ciphertext of the fingerprint key; and receiving and decrypting the encrypted ciphertext of the fingerprint key sent by the master control processor to obtain the fingerprint key.

8. A combination key, comprising: the device comprises an image processor, a main control processor and a power supply circuit; the power supply circuit is electrically connected with the image processor and the main control processor respectively;

the image processor is used for acquiring a fingerprint image to be verified and a pre-stored fingerprint key ciphertext, then carrying out custom encryption on the fingerprint key ciphertext and sending the fingerprint key ciphertext to the main control processor, so that the main control processor can decrypt the fingerprint key ciphertext in a custom manner and return a fingerprint key after decrypting the fingerprint key ciphertext;

the master control processor is used for decrypting the fingerprint key ciphertext in a user-defined mode and returning the fingerprint key after the fingerprint key ciphertext is decrypted;

the image processor is also used for judging whether the fingerprint number of the fingerprint image to be verified is matched from a fingerprint encryption library by using the fingerprint key;

the main control processor is further used for acquiring a fingerprint number in a fingerprint number library if the fingerprint number of the fingerprint image to be verified is matched from a fingerprint encryption library by using the fingerprint key, comparing and verifying the fingerprint number in the fingerprint number library with the fingerprint number of the fingerprint image to be verified, and then determining the result of the comparison and verification as the identification result of the fingerprint image to be verified;

the user-defined encryption of the fingerprint key ciphertext and the sending of the fingerprint key ciphertext to a master processor are performed, so that the master processor decrypts the fingerprint key ciphertext in a user-defined manner and returns a fingerprint key decrypted by the fingerprint key ciphertext, and the fingerprint key decryption method comprises the following steps: obtaining a user-defined session key negotiated with the master control processor in advance, and encrypting a symmetric key ciphertext by using the user-defined session key to obtain a first encrypted ciphertext of the symmetric key ciphertext; sending a first encrypted ciphertext of the symmetric key ciphertext to the master processor, so that the master processor decrypts the first encrypted ciphertext of the symmetric key ciphertext using the custom session key to obtain the symmetric key ciphertext, decrypts the symmetric key ciphertext using a private key of the master processor to obtain and encrypt the symmetric key, and then returns a second encrypted ciphertext of the symmetric key; receiving and decrypting a second encrypted ciphertext of the symmetric key sent by the master control processor to obtain the symmetric key, and decrypting the fingerprint key ciphertext by using the symmetric key to obtain the fingerprint key;

9. A computer-readable storage medium, having stored thereon a computer program which, when executed by a processor, performs the method of any one of claims 1 to 6.