CN114238902A

CN114238902A - Fingerprint authentication method and device based on SM9 encryption and computer equipment

Info

Publication number: CN114238902A
Application number: CN202111348747.2A
Authority: CN
Inventors: 吴金宇; 陶文伟; 曹扬; 胡荣; 胡海生; 庞晓健
Original assignee: China Southern Power Grid Co Ltd
Current assignee: China Southern Power Grid Co Ltd
Priority date: 2021-11-15
Filing date: 2021-11-15
Publication date: 2022-03-25

Abstract

The application relates to a fingerprint authentication method and device based on SM9 encryption and computer equipment. The method comprises the following steps: acquiring application scene information of a terminal at present; determining the number of authentication fingerprints to be acquired according to the application scene information; when an access request is received, acquiring authentication fingerprint information corresponding to the number; signing the authentication fingerprint information to obtain the authentication fingerprint signature data of the number; when any one of the number of authentication fingerprint signature data does not match the initial fingerprint signature data stored in advance, it is determined that the fingerprint authentication is not passed. The method can ensure the confidentiality of data and the safety of data transmission.

Description

Fingerprint authentication method and device based on SM9 encryption and computer equipment

Technical Field

The present application relates to the field of network security technologies, and in particular, to a fingerprint authentication method, apparatus, computer device, computer readable storage medium, and computer program product.

Background

The fingerprint authentication technology is an identity authentication technology based on biological characteristics, and along with the continuous development of terminal technology, the fingerprint authentication is widely applied to the field of security authentication of terminals.

The existing terminal is usually provided with a fingerprint authentication component, and when fingerprint authentication is carried out, a user only needs to input a single fingerprint on the fingerprint authentication component to complete operation. However, since fingerprints of a human body are easy to acquire, when fingerprint information is stolen, huge loss is brought to fingerprint leakage, and great potential safety hazards are encountered in high-safety application scenes such as electronic payment.

Disclosure of Invention

In view of the above, it is necessary to provide a fingerprint authentication method, an apparatus, a computer device, a computer readable storage medium, and a computer program product for solving the above technical problems of poor data confidentiality and low data transmission security of the fingerprint authentication mechanism.

In a first aspect, the present application provides a fingerprint authentication method. The method comprises the following steps:

acquiring application scene information of a terminal at present;

determining the number of authentication fingerprints to be acquired according to the application scene information;

when an access request is received, acquiring authentication fingerprint information corresponding to the number;

signing the authentication fingerprint information to obtain the authentication fingerprint signature data of the number;

when any one of the number of authentication fingerprint signature data does not match the initial fingerprint signature data stored in advance, it is determined that the fingerprint authentication is not passed.

In one embodiment, the initial fingerprint signature data is obtained by:

acquiring account information of an initial account;

obtaining combined information based on the account information of the initial account and the initial fingerprint information of the initial account;

and carrying out signature processing on the combined information to obtain initial fingerprint signature data of the initial account.

In one embodiment, the signing the combined information to obtain initial fingerprint signature data of the initial account includes:

generating a key of the combined information;

and signing the authentication fingerprint information through the secret key to obtain initial fingerprint signature data of the initial account.

In one embodiment, the authentication fingerprint signature data and the initial fingerprint signature data are matched by:

respectively acquiring the gray level average value of each pixel in the authentication fingerprint signature data and the initial fingerprint signature data;

obtaining a first integer with the same number of data bits and pixels based on a comparison result of the gray value of each pixel in the authentication fingerprint signature data and the gray average value;

obtaining a second integer with the same number of data bits and pixels based on a comparison result of the gray value of each pixel in the initial fingerprint signature data and the gray average value;

and when the number of the different data bits in the first integer and the second integer is greater than a preset number, judging that the authentication fingerprint signature data and the initial fingerprint signature data are failed to be matched.

In one embodiment, the separately obtaining the gray-scale average value of each pixel in the authentication fingerprint signature data and the initial fingerprint signature data includes:

respectively carrying out reduction processing on the authentication fingerprint signature data and the initial fingerprint signature data to obtain authentication fingerprint signature data and initial fingerprint signature data with the same number of pixels;

performing gray scale conversion processing on the reduced authentication fingerprint signature data and the reduced initial fingerprint signature data to obtain gray scale maps corresponding to the authentication fingerprint signature data and the initial fingerprint signature data respectively;

and respectively calculating the average value of the gray values of all pixels in the gray level graphs corresponding to the authentication fingerprint signature data and the initial fingerprint signature data to obtain the average value of the gray levels of all pixels in the authentication fingerprint signature data and the initial fingerprint signature data.

In one embodiment, the obtaining a first integer having the same number of data bits as the number of the pixels based on the comparison result between the gray-scale value of each of the pixels in the authentication fingerprint signature data and the gray-scale average value includes:

when the gray value of the pixel in the authentication fingerprint signature data is larger than or equal to the average gray value, recording a comparison result as a first number;

when the gray value of the pixel in the authentication fingerprint signature data is smaller than the average gray value, recording a comparison result as a second number;

and combining the numbers corresponding to the pixels in the authentication fingerprint signature data to obtain a first integer with the same number of data bits and the pixels.

In a second aspect, the present application further provides a fingerprint authentication device. The device comprises:

the acquisition module is used for acquiring the current application scene information of the terminal;

the determining module is used for determining the number of the authentication fingerprints needing to be acquired according to the application scene information;

the acquisition module is used for acquiring authentication fingerprint information corresponding to the number when an access request is received;

the signature module is used for carrying out signature processing on the authentication fingerprint information to obtain the authentication fingerprint signature data of the number;

and the matching module is used for judging that the fingerprint authentication is not passed when any authentication fingerprint signature data in the authentication fingerprint signature data of the number is not matched with the pre-stored initial fingerprint signature data.

In a third aspect, the present application also provides a computer device. The computer device comprises a memory storing a computer program and a processor implementing the following steps when executing the computer program:

acquiring application scene information of a terminal at present;

In a fourth aspect, the present application further provides a computer-readable storage medium. The computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of:

acquiring application scene information of a terminal at present;

In a fifth aspect, the present application further provides a computer program product. The computer program product comprising a computer program which when executed by a processor performs the steps of:

acquiring application scene information of a terminal at present;

According to the fingerprint authentication method, the fingerprint authentication device, the computer equipment, the computer readable storage medium and the computer program product, the number of authentication fingerprints to be acquired is determined according to the current application scene information of the terminal, and then authentication fingerprint information corresponding to the number is acquired when an access request is received; carrying out signature processing on the authentication fingerprint information to obtain a number of authentication fingerprint signature data; when any one of the number of authentication fingerprint signature data does not match the initial fingerprint signature data stored in advance, it is determined that the fingerprint authentication is not passed. The method has the advantages that different requirements of different application scenes on safety are considered, a method of adopting different fingerprint authentication strategies based on different application scene information is provided, the number of fingerprints is determined according to different safety standards, the orderliness of the fingerprints is guaranteed, meanwhile, signature processing is carried out on the fingerprint information, the data confidentiality is guaranteed, the safety of data transmission is improved, and the defect that potential safety hazards are large under high-safety application scenes due to the fact that all application scenes adopt a fingerprint authentication assembly for fingerprint authentication can be overcome.

Drawings

FIG. 1 is a flowchart illustrating a fingerprint authentication method according to an embodiment;

FIG. 2 is a flowchart illustrating a fingerprint authentication method based on SM9 algorithm according to an embodiment;

FIG. 3 is a flowchart illustrating a method for matching initial fingerprint signature data to authenticated fingerprint signature data according to one embodiment;

FIG. 4 is a block diagram of the structure of a fingerprint authentication device in one embodiment;

FIG. 5 is a diagram illustrating an internal structure of a computer device according to an embodiment.

Detailed Description

In order to make the objects, technical solutions and advantages of the present application more apparent, the present application is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the present application and are not intended to limit the present application.

In an embodiment, as shown in fig. 1, a fingerprint authentication method is provided, and this embodiment is illustrated by applying the method to a terminal, and it is to be understood that the method may also be applied to a server, and may also be applied to a system including the terminal and the server, and is implemented by interaction between the terminal and the server. In this embodiment, the method includes the steps of:

step S110, acquiring the application scene information of the terminal at present.

The application scene information may include scenes such as screen unlocking, application starting, and secure payment.

Specifically, when it is detected that the terminal is currently in a fingerprint to-be-authenticated state, the application scene information where the terminal is currently located may be acquired.

And step S120, determining the number of the authentication fingerprints needing to be collected according to the application scene information.

The number of the collected authentication fingerprints may be 1 or multiple, and when the number of the collected authentication fingerprints is multiple, it indicates that fingerprints of multiple fingers are collected.

In specific implementation, different application scenes have different requirements on safety, so that the number of corresponding authentication fingerprints to be acquired can be set for the different application scenes to meet the safety requirements of the different application scenes. More specifically, after acquiring the application context information of the terminal, the current security authentication standard may be determined according to the application context information, and the number of authentication fingerprints may be determined according to the security authentication standard and a preset fingerprint authentication policy.

Step S130, when receiving the access request, collecting authentication fingerprint information corresponding to the number.

In specific implementation, a plurality of fingerprint authentication components can be arranged at the terminal, and after the number of authentication fingerprints to be acquired is determined, authentication fingerprint information input by an authentication user through the corresponding number of fingerprint authentication components is acquired. For example, if it is determined that the number of authentication fingerprints required to be collected is 2, authentication fingerprint information of two different fingers authenticating the user may be collected by the two fingerprint authentication components, respectively.

Step S140, performing signature processing on the authentication fingerprint information to obtain the authentication fingerprint signature data of the number.

In specific implementation, the authentication fingerprint information can be signed and encrypted by adopting an SM9 encryption algorithm through generating a secret key of the authentication fingerprint information, so that authentication fingerprint signature data corresponding to each piece of acquired fingerprint authentication information is obtained. More specifically, the fingerprint authentication component and the user perform signature encryption in an asymmetric encryption mode.

And step S150, when any one of the number of the authentication fingerprint signature data is not matched with the pre-stored initial fingerprint signature data, judging that the fingerprint authentication is not passed.

In specific implementation, a plurality of initial fingerprint information of an initial account and account information can be acquired in advance, the combined information of each initial fingerprint information and the account information is signed to obtain a plurality of initial fingerprint signature data of the initial account, and each initial fingerprint signature data and the user information of the initial account are bound and stored. And then, when fingerprint authentication is carried out, matching the authentication fingerprint signature data with the initial fingerprint signature data of the initial account, and when any authentication fingerprint signature data fails to be matched, judging that the fingerprint authentication fails.

More specifically, if the number of the collected authentication fingerprints is multiple, each authentication fingerprint signature data may be matched with each pre-stored initial fingerprint signature data one by one during fingerprint authentication, and when the authentication fingerprint signature data is not matched with each pre-stored initial fingerprint signature data, it is determined that the authentication fingerprint signature data fails to be matched.

For example, when the number of the collected authentication fingerprints is 3, when any one of the authentication fingerprint signature data of the 3 authentication fingerprints does not match the initial fingerprint signature data stored in advance, it is determined that the fingerprint authentication is not passed.

It can be understood that, in practical application, it may also be determined that the fingerprint authentication fails only when a set number of authentication fingerprint signature data fails to match according to requirements.

In the fingerprint authentication method, the number of authentication fingerprints to be acquired is determined according to the application scene information of the terminal, and then authentication fingerprint information corresponding to the number is acquired when an access request is received; carrying out signature processing on the authentication fingerprint information to obtain a number of authentication fingerprint signature data; when any one of the number of authentication fingerprint signature data does not match the initial fingerprint signature data stored in advance, it is determined that the fingerprint authentication is not passed. The method has the advantages that different requirements of different application scenes on safety are considered, a method of adopting different fingerprint authentication strategies based on different application scene information is provided, the number of fingerprints is determined according to different safety standards, the orderliness of the fingerprints is guaranteed, meanwhile, signature processing is carried out on the fingerprint information, the data confidentiality is guaranteed, the safety of data transmission is improved, and the defect that potential safety hazards are large under high-safety application scenes due to the fact that all application scenes adopt a fingerprint authentication assembly for fingerprint authentication can be overcome.

In an exemplary embodiment, the initial fingerprint signature data is obtained by: acquiring account information of an initial account; obtaining combined information based on the account information of the initial account and the initial fingerprint information of the initial account; and carrying out signature processing on the combined information to obtain initial fingerprint signature data of the initial account.

The account information includes personal identity information of the user, an authentication code and the like, and the account information can be obtained by means of the system automatic generation code.

In a specific implementation, after the account information of the initial account is extracted, the account information and the initial fingerprint information of the initial account can be combined to obtain combined information, the combined information is further signed by using an SM9 signature algorithm to obtain initial fingerprint signature data of the user, and the account information of the initial account and the initial fingerprint signature data can be associated and stored.

In the embodiment, the initial fingerprint signature data of the initial account is obtained by signing the combined information of the account information of the initial account and the initial fingerprint information of the initial account so as to be used as a verification basis for performing fingerprint verification on the account of the access terminal subsequently, and the account information is stored after being matched with the master key and the user key, so that even if the user name and the password are too simple and have certain regularity, the user name and the password are not easy to guess and reveal. In the process of user fingerprint verification, before a user fails in fingerprint verification, terminal information cannot be intercepted by a hacker, potential safety hazards existing in a traditional fingerprint authentication mode are solved, and user information is not easy to divulge a secret.

In an exemplary embodiment, the signing the combined information to obtain the initial fingerprint signature data of the initial account includes: generating a key of the combined information; and signing the authentication fingerprint information by using the SM9 algorithm through the key to obtain initial fingerprint signature data of the initial account.

The key can comprise a master key and a user private key, the master key is a public holding key of the fingerprint authentication component, and the user private key is used for carrying out secret holding on an initial account.

Further, in an exemplary embodiment, the step of generating the key of the combined information includes: generating fingerprint parameters; respectively generating a master key and a user private key based on the fingerprint parameters, and forming the master key and the user private key into keys; the main key is a public holding key of the fingerprint authentication component, and the private key of the user is a secret holding key of the initial account.

The fingerprint parameters may include the size, texture, identity information of the finger print, and the like.

In specific implementation, the fingerprint parameters can be randomly selected through the key generation center, the master key and the user private key are respectively generated based on the fingerprint parameters, and the master key and the user private key have unique matching. When the access user passes the fingerprint authentication, the fingerprint authentication component matches with the private key of the user through the master key, and decrypts the combined information of the user after the matching is successful.

In the embodiment, the authentication fingerprint information is signed by generating the master key and the user private key of the combined information, so that the safety of the user information is improved, and even if the user name and the password are too simple and have certain regularity, the user name and the password are not easy to guess and reveal.

In an exemplary embodiment, the authentication fingerprint signature data is matched with the initial fingerprint signature data by: respectively acquiring the gray level average value of each pixel in the authentication fingerprint signature data and the initial fingerprint signature data; obtaining a first integer with the same number of data bits and pixels based on a comparison result of the gray value and the gray average value of each pixel in the authentication fingerprint signature data; obtaining a second integer with the same number of data bits and pixels based on a comparison result of the gray value and the gray average value of each pixel in the initial fingerprint signature data; and when the number of different data bits in the first integer and the second integer is greater than the preset number, judging that the authentication fingerprint signature data and the initial fingerprint signature data are failed to be matched.

In specific implementation, the authentication fingerprint signature data and the initial fingerprint signature data may be preprocessed to enable the authentication fingerprint signature data and the initial fingerprint signature data to have the same number of pixels, then gray-scale average values of the pixels in the authentication fingerprint signature data and the initial fingerprint signature data are respectively calculated, and a first integer corresponding to the authentication fingerprint signature data and a second integer corresponding to the initial fingerprint signature data are obtained based on a comparison result of the gray-scale values and the gray-scale average values. And comparing the first integer with the second integer, judging that the fingerprint authentication fails when the number of the different data bits in the first integer and the second integer is greater than a first preset number, and otherwise, judging that the fingerprint authentication succeeds when the number of the different data bits in the first integer and the second integer is less than a second preset number. The first preset number and the second preset number may be the same or different, for example, if different signature data bits are set not to exceed 5, the fingerprint authentication is passed; if the different signature data bits are greater than 10, the fingerprint authentication fails.

In the embodiment, the first integer corresponding to the authenticated fingerprint signature data and the second integer corresponding to the initial fingerprint signature data are obtained by comparing the gray average value and the gray average value of each pixel in the authenticated fingerprint signature data and the initial fingerprint signature data, and whether the fingerprint verification passes or not is judged by comparing different data bits in the first integer and the second integer.

In an exemplary embodiment, the obtaining the gray-scale average value of each pixel in the authentication fingerprint signature data and the initial fingerprint signature data respectively comprises: respectively carrying out reduction processing on the authentication fingerprint signature data and the initial fingerprint signature data to obtain authentication fingerprint signature data and initial fingerprint signature data with the same number of pixels; performing gray scale conversion processing on the reduced authentication fingerprint signature data and the reduced initial fingerprint signature data to obtain gray scale maps corresponding to the authentication fingerprint signature data and the initial fingerprint signature data respectively; and respectively calculating the average value of the gray values of all pixels in the gray-scale images corresponding to the authentication fingerprint signature data and the initial fingerprint signature data to obtain the average value of the gray values of all pixels in the authentication fingerprint signature data and the initial fingerprint signature data.

In a specific implementation, the method for obtaining the gray-scale average value of the authenticated fingerprint signature data is the same as the method for obtaining the gray-scale average value of each pixel in the initial fingerprint signature data, and the following description will be given to this embodiment by taking the method for obtaining the gray-scale average value of each pixel in the authenticated fingerprint signature data as an example:

the terminal reads the authentication fingerprint signature data through preprocessing, reduces the authentication fingerprint signature data to a preset size, obtains the number of pixels of the authentication fingerprint signature data based on the size, converts the reduced authentication fingerprint signature data into a corresponding gray-scale image, and calculates the gray-scale average value of each pixel after acquiring the gray-scale value of each pixel in the gray-scale image to be used as the gray-scale average value of each pixel in the authentication fingerprint signature data.

For example, the terminal may reduce the authentication fingerprint signature data to a size of 8 × 8 for 64 pixels, convert the reduced authentication fingerprint signature data to 64 gradations, and calculate a gradation average value of all 64 pixels as a gradation average value of each pixel in the authentication fingerprint signature data.

In this embodiment, the authentication fingerprint signature data and the initial fingerprint signature data are reduced to make the reduced authentication fingerprint signature data and the reduced initial fingerprint signature data have the same number of pixels, so as to improve the accuracy of subsequent fingerprint matching, the access fingerprint signature data is reduced to the size of 8 × 8, the details of the picture are removed by 64 pixels, only basic information such as structure, brightness and darkness is retained, and fingerprint identification differences caused by different sizes and proportions are abandoned.

In an exemplary embodiment, the step of obtaining a first integer having the same number of data bits and pixels based on a comparison result of gray-level values and gray-level average values of respective pixels in the authentication fingerprint signature data includes: when the gray value of the pixel in the authentication fingerprint signature data is larger than or equal to the average gray value, recording the comparison result as a first number; when the gray value of the pixel in the authentication fingerprint signature data is smaller than the average gray value, recording the comparison result as a second number; and combining the numbers corresponding to the pixels in the authentication fingerprint signature data to obtain a first integer with the same number of data bits and pixels.

In specific implementation, the gray value of each pixel in the authentication fingerprint signature data is compared with the average gray value: when the gray value is greater than or equal to the average gray value, the contrast result can be recorded as 1; when the gray value is less than the average gray value, the contrast result may be noted as 0. After the numbers corresponding to the pixels are obtained, the numbers corresponding to the pixels are combined to obtain a first integer with the same number of data bits and pixels.

For example, if the authentication fingerprint signature data is reduced to a size of 8 × 8, if the number of pixels is 64, the first integer obtained by correspondence will be a 64-bit number composed of 0 and 1.

It should be noted that the method for determining the second integer corresponding to the initial fingerprint signature data is the same as that for authenticating the fingerprint signature data, and is not described herein again.

In this embodiment, the comparison results of the gray-scale value and the gray-scale average value of the pixel in the authentication fingerprint signature data are respectively recorded as different numbers, and the first integer with the same number of data bits and pixels is obtained based on each digital combination.

In another embodiment, in order to facilitate those skilled in the art to understand the embodiment of the present application, the fingerprint authentication method provided in the present application will be further described below with reference to fig. 2 and 3.

Referring to fig. 2, a schematic flowchart of a fingerprint authentication method based on SM9 algorithm is shown, which includes the following steps:

step S210, when the terminal is currently in a fingerprint to-be-authenticated state, acquiring application scene information of the terminal currently;

step S220, acquiring a plurality of fingerprint authentication components, wherein the fingerprint authentication components comprise the user data of the currently acquired user and the combined information of the fingerprint data;

step S230, determining the current safety authentication standard according to the application scene information;

step S240, determining the number of the authentication fingerprints according to the security authentication standard and a preset fingerprint authentication strategy;

step S250, generating a key for authenticating the fingerprint, and signing and encrypting the combined information by adopting an SM9 algorithm;

the key for generating the authentication fingerprint comprises the following specific steps:

randomly selecting fingerprint parameters by a key generation center, and respectively generating a master key and a user private key; the main key is a public holding key of the fingerprint authentication component, and the private key of the user is held in secret by the user holding the initial fingerprint signature data;

the fingerprint authentication component and a user carry out signature encryption in an asymmetric encryption mode, and a master key and a user private key have unique matching;

when the user passes the fingerprint authentication, the fingerprint authentication component is matched with the private key of the user through the master key, and after the matching is successful, the combined information of the user is decrypted;

and step S260, when the access request is received, controlling the fingerprint authentication component to carry out fingerprint authentication on the user according to the corresponding fingerprint authentication strategy.

The fingerprint authentication method for the user comprises the following specific steps:

starting a fingerprint authentication strategy, and comparing whether the collected initial fingerprint signature data is consistent with the access fingerprint signature data of the user; if the two are consistent, the authentication is passed; if not, the verification fails.

The method determines the number of the fingerprints according to different safety standards, ensures the orderliness of the fingerprints, and simultaneously adopts the SM9 algorithm to sign and encrypt the combined information, thereby ensuring the confidentiality of data, improving the safety of data transmission, solving the potential safety hazard existing in the traditional fingerprint authentication mode, and ensuring that the user information is not easy to divulge. The user information is stored after being matched with the main key and the user key, and even if the user name and the password are too simple and have certain regularity, the user information is not easy to guess and reveal. In the process of user fingerprint verification, before the user passes the fingerprint verification, the terminal information cannot be intercepted by a hacker.

Referring to fig. 3, a schematic flow chart of a method for matching initial fingerprint signature data and authenticated fingerprint signature data is shown, which includes the following specific steps:

step S310, reading authentication fingerprint signature data through preprocessing;

step S320, reducing the authentication fingerprint signature data to a size of 8 × 8, for 64 pixels;

step S330, converting the reduced authentication fingerprint signature data into 64-level gray scale;

step S340, calculating the average value of the gray scales of all 64 pixels and comparing the gray scales of the pixels;

the specific steps of comparing the gray levels of the pixels include:

comparing the gray level of each pixel with the average value of the gray levels: when the gray scale is larger than or equal to the average gray scale value, marking as 1; when the gray scale is smaller than the average gray scale value, marking as 0;

step S350, combining the results of calculating the average value of the gray scales of all 64 pixels and comparing the gray scales of the pixels;

step S360, respectively forming 64-bit integers by the initial fingerprint signature data and the authentication fingerprint signature data of the user in the same sequence;

step S370, comparing the initial fingerprint signature data with the authentication fingerprint signature data of the user; if the different signature data bits are not more than 5, the fingerprint authentication is passed; if the different signature data bits are greater than 10, the fingerprint authentication fails.

According to the method, the authentication fingerprint signature data is reduced to 8x8, the details of the picture are removed by 64 pixels, only basic information such as structure, brightness and the like is kept, and fingerprint identification differences caused by different sizes and proportions are abandoned. After obtaining the authentication fingerprint by the SM9 algorithm, the user can compare the fingerprint originally stored to see how many of the 64 bits are different. In theory, the method is equivalent to calculating Hamming distance (Hamming distance), not only is the fingerprint verification efficient and accurate, but also the orderliness of the fingerprint verification process can be ensured, and the safety of the camera system is well improved compared with single fingerprint or common multiple fingerprints. The application solves the potential safety hazard existing in the traditional fingerprint authentication mode, and the user information is not easy to divulge a secret. The user information is stored after being matched with the main key and the user key, and even if the user name and the password are too simple and have certain regularity, the user information is not easy to guess and reveal. In the process of user fingerprint verification, before the user passes the fingerprint verification, the terminal information cannot be intercepted by a hacker.

It should be understood that, although the steps in the flowcharts related to the embodiments as described above are sequentially displayed as indicated by arrows, the steps are not necessarily performed sequentially as indicated by the arrows. The steps are not performed in the exact order shown and described, and may be performed in other orders, unless explicitly stated otherwise. Moreover, at least a part of the steps in the flowcharts related to the embodiments described above may include multiple steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, and the execution order of the steps or stages is not necessarily sequential, but may be rotated or alternated with other steps or at least a part of the steps or stages in other steps.

Based on the same inventive concept, the embodiment of the present application further provides a fingerprint authentication device for implementing the above mentioned fingerprint authentication method. The implementation scheme for solving the problem provided by the device is similar to the implementation scheme recorded in the method, so the specific limitations in one or more embodiments of the fingerprint authentication device provided below can be referred to the limitations of the fingerprint authentication method in the above, and are not described herein again.

In one embodiment, as shown in fig. 4, there is provided a fingerprint authentication device including: an obtaining module 410, a determining module 420, an acquiring module 430, a signature module 440, and a matching module 450, wherein:

an obtaining module 410, configured to obtain application scene information of a current location of a terminal;

a determining module 420, configured to determine, according to the application scenario information, the number of authentication fingerprints that need to be acquired;

an acquisition module 430, configured to acquire authentication fingerprint information corresponding to the number when an access request is received;

the signature module 440 is configured to perform signature processing on the authentication fingerprint information to obtain the number of authentication fingerprint signature data;

a matching module 450, configured to determine that the fingerprint authentication fails when any one of the number of authentication fingerprint signature data does not match the pre-stored initial fingerprint signature data.

In one embodiment, the signature module 440 is further configured to obtain account information of the initial account; obtaining combined information based on the account information of the initial account and the initial fingerprint information of the initial account; and carrying out signature processing on the combined information to obtain initial fingerprint signature data of the initial account.

In an embodiment, the signature module 440 is further configured to generate a key of the combined information; and signing the authentication fingerprint information by adopting an SM9 algorithm through the secret key to obtain initial fingerprint signature data of the initial account.

In an embodiment, the matching module 450 is further configured to obtain a gray average of each pixel in the authentication fingerprint signature data and the initial fingerprint signature data; obtaining a first integer with the same number of data bits and pixels based on a comparison result of the gray value of each pixel in the authentication fingerprint signature data and the gray average value; obtaining a second integer with the same number of data bits and pixels based on a comparison result of the gray value of each pixel in the initial fingerprint signature data and the gray average value; and when the number of the different data bits in the first integer and the second integer is greater than a preset number, judging that the fingerprint authentication fails.

In an embodiment, the matching module 450 is further configured to perform reduction processing on the authentication fingerprint signature data and the initial fingerprint signature data respectively to obtain authentication fingerprint signature data and initial fingerprint signature data with the same number of pixels; performing gray scale conversion processing on the reduced authentication fingerprint signature data and the reduced initial fingerprint signature data to obtain gray scale maps corresponding to the authentication fingerprint signature data and the initial fingerprint signature data respectively; and respectively calculating the average value of the gray values of all pixels in the gray level graphs corresponding to the authentication fingerprint signature data and the initial fingerprint signature data to obtain the average value of the gray levels of all pixels in the authentication fingerprint signature data and the initial fingerprint signature data.

In an embodiment, the matching module 450 is further configured to mark the comparison result as a first number when the gray value of the pixel in the authentication fingerprint signature data is greater than or equal to the average gray value; when the gray value of the pixel in the authentication fingerprint signature data is smaller than the average gray value, recording a comparison result as a second number; and combining the numbers corresponding to the pixels in the authentication fingerprint signature data to obtain a first integer with the same number of data bits and the pixels.

The modules in the fingerprint authentication device can be wholly or partially realized by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.

In one embodiment, a computer device is provided, which may be a terminal, and its internal structure diagram may be as shown in fig. 5. The computer device includes a processor, a memory, a communication interface, a display screen, and an input device connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The communication interface of the computer device is used for carrying out wired or wireless communication with an external terminal, and the wireless communication can be realized through WIFI, a mobile cellular network, NFC (near field communication) or other technologies. The computer program is executed by a processor to implement a fingerprint authentication method. The display screen of the computer equipment can be a liquid crystal display screen or an electronic ink display screen, and the input device of the computer equipment can be a touch layer covered on the display screen, a key, a track ball or a touch pad arranged on the shell of the computer equipment, an external keyboard, a touch pad or a mouse and the like.

Those skilled in the art will appreciate that the architecture shown in fig. 5 is merely a block diagram of some of the structures associated with the disclosed aspects and is not intended to limit the computing devices to which the disclosed aspects apply, as particular computing devices may include more or less components than those shown, or may combine certain components, or have a different arrangement of components.

In one embodiment, a computer device is further provided, which includes a memory and a processor, the memory stores a computer program, and the processor implements the steps of the above method embodiments when executing the computer program.

In an embodiment, a computer-readable storage medium is provided, on which a computer program is stored which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.

In an embodiment, a computer program product is provided, comprising a computer program which, when being executed by a processor, carries out the steps of the above-mentioned method embodiments.

It should be noted that, the user information (including but not limited to user device information, user personal information, etc.) and data (including but not limited to data for analysis, stored data, presented data, etc.) referred to in the present application are information and data authorized by the user or sufficiently authorized by each party.

It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, database, or other medium used in the embodiments provided herein may include at least one of non-volatile and volatile memory. The nonvolatile Memory may include Read-Only Memory (ROM), magnetic tape, floppy disk, flash Memory, optical Memory, high-density embedded nonvolatile Memory, resistive Random Access Memory (ReRAM), Magnetic Random Access Memory (MRAM), Ferroelectric Random Access Memory (FRAM), Phase Change Memory (PCM), graphene Memory, and the like. Volatile Memory can include Random Access Memory (RAM), external cache Memory, and the like. By way of illustration and not limitation, RAM can take many forms, such as Static Random Access Memory (SRAM) or Dynamic Random Access Memory (DRAM), among others. The databases referred to in various embodiments provided herein may include at least one of relational and non-relational databases. The non-relational database may include, but is not limited to, a block chain based distributed database, and the like. The processors referred to in the embodiments provided herein may be general purpose processors, central processing units, graphics processors, digital signal processors, programmable logic devices, quantum computing based data processing logic devices, etc., without limitation.

The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.

The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.

Claims

1. A method of fingerprint authentication, the method comprising:

acquiring application scene information of a terminal at present;

2. The method of claim 1, wherein the initial fingerprint signature data is obtained by:

acquiring account information of an initial account;

3. The method of claim 2, wherein said signing the combined information to obtain initial fingerprint signature data of the initial account comprises:

generating a key of the combined information;

4. The method of claim 1, wherein the authentication fingerprint signature data is matched to the initial fingerprint signature data by:

5. The method of claim 4, wherein the separately obtaining a grayscale average of each pixel in the authentication fingerprint signature data and the initial fingerprint signature data comprises:

6. The method of claim 4, wherein obtaining a first integer having the same number of data bits as the number of the pixels based on a comparison of the gray-level value of each of the pixels in the authentication fingerprint signature data and the gray-level average value comprises:

7. A fingerprint authentication apparatus, the apparatus comprising:

8. A computer device comprising a memory and a processor, the memory storing a computer program, wherein the processor implements the steps of the method of any one of claims 1 to 6 when executing the computer program.

9. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 6.

10. A computer program product comprising a computer program, characterized in that the computer program realizes the steps of the method of any one of claims 1 to 6 when executed by a processor.