CN115880747A - Face recognition system and method based on security chip and terminal equipment - Google Patents

Face recognition system and method based on security chip and terminal equipment Download PDF

Info

Publication number
CN115880747A
CN115880747A CN202211247594.7A CN202211247594A CN115880747A CN 115880747 A CN115880747 A CN 115880747A CN 202211247594 A CN202211247594 A CN 202211247594A CN 115880747 A CN115880747 A CN 115880747A
Authority
CN
China
Prior art keywords
camera
host
information
security chip
background server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211247594.7A
Other languages
Chinese (zh)
Inventor
钟洪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Orbbec Inc
Original Assignee
Orbbec Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Orbbec Inc filed Critical Orbbec Inc
Priority to CN202211247594.7A priority Critical patent/CN115880747A/en
Publication of CN115880747A publication Critical patent/CN115880747A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Collating Specific Patterns (AREA)

Abstract

The application is applicable to the technical field of computers, and provides a face recognition system, a face recognition method and terminal equipment based on a security chip.A camera and a host carry out communication interaction, and a first authentication result is obtained based on host information and camera information prestored by a first security chip and comparison between host information and camera information prestored by a second security chip; the camera and the background server are in communication interaction through the host, and are compared based on camera information prestored by the first security chip and camera information prestored by the background server to obtain a second authentication result; when the first authentication result and the second authentication result are both successful, the camera acquires a target image; and performing information interaction among the camera, the host and the background server to obtain a face recognition result corresponding to the target image. Face recognition is carried out between the camera and the host computer and between the camera and the background server after authentication is successful, and safety and reliability of face recognition are improved.

Description

Face recognition system and method based on security chip and terminal equipment
Technical Field
The application belongs to the technical field of face recognition, and particularly relates to a face recognition system and method based on a security chip and a terminal device.
Background
The human face is the most common biological feature and can be used as the basis for identity authentication. However, the biological features of the human face have expositivity, and in the big data era, the collection of human face data becomes easier, and two-dimensional image attack, video attack, head model attack and the like are security problems which often occur in the human face identification process. Aiming at the problem of face recognition attack, in the prior art, a camera is mainly adopted to collect a face image on a terminal device, living body detection is completed on the terminal device, and then the face image is transmitted to a background recognition server for face recognition.
However, in the process of face recognition, the method can arbitrarily perform binding and data transmission between different devices, so that great potential safety hazards exist, and in addition, the living body detection is performed on the terminal device, so that a great amount of calculation force is consumed, and the consumed cost is too high.
Disclosure of Invention
The embodiment of the application provides a face recognition system and method based on a security chip and a terminal device, and can solve the problems.
In a first aspect, an embodiment of the present application provides a face recognition system based on a security chip, including a camera, a host, and a background server; the camera comprises a first safety chip, and data prestored by the first safety chip comprise host information and camera information; the host comprises a second security chip, and data prestored by the second security chip comprises host information and camera information; the data prestored in the background server comprises camera information; the camera is in communication interaction with the host, and is compared based on host information and camera information prestored by the first security chip and host information and camera information prestored by the second security chip to obtain a first authentication result; the camera and the background server are in communication interaction through the host, and the camera information prestored by the first security chip is compared with the camera information prestored by the background server to obtain a second authentication result; when the first authentication result and the second authentication result are both successful, the camera collects a target image; and performing information interaction among the camera, the host and the background server to obtain a face recognition result corresponding to the target image.
In a second aspect, the embodiment of the present application provides a face recognition method based on a security chip, which is applied to a face recognition system based on a security chip, and the system includes a camera, a host and a background server; the camera comprises a first security chip, and data prestored by the first security chip comprise host information and camera information; the host comprises a second security chip, and the data prestored by the second security chip comprises host information and camera information; the data prestored in the background server comprises camera information; the camera is in communication interaction with the host, and is compared based on host information and camera information prestored by the first security chip and host information and camera information prestored by the second security chip to obtain a first authentication result; the camera and the background server are in communication interaction through the host, and the camera information prestored by the first security chip is compared with the camera information prestored by the background server to obtain a second authentication result; when the first authentication result and the second authentication result are both successful, the camera acquires a target image; and performing information interaction among the camera, the host and the background server to obtain a face recognition result corresponding to the target image.
In a third aspect, an embodiment of the present application provides a terminal device, including: a camera and a host; the camera and the host are those included in the system in the first aspect.
In a fourth aspect, embodiments of the present application provide a computer-readable storage medium, in which a computer program is stored, and the computer program, when executed by a processor, implements the method according to the second aspect.
In the embodiment of the application, the face recognition system based on the security chip comprises a camera, a host and a background server, wherein the camera is in communication interaction with the host, and is based on host information and camera information prestored by a first security chip and comparison between the host information and the camera information prestored by a second security chip to obtain a first authentication result; the camera and the background server are in communication interaction through the host, and the camera information prestored by the first security chip is compared with the camera information prestored by the background server to obtain a second authentication result; when the first authentication result and the second authentication result are both successful, the camera acquires a target image; and performing information interaction among the camera, the host and the background server to obtain a face recognition result corresponding to the target image. When the face recognition is carried out, mutual authentication is carried out between the camera and the host computer and between the camera and the background server, and the face recognition is carried out after the authentication is successful, so that the safety and the reliability of the face recognition are greatly improved, and the face feature data are prevented from being illegally obtained and tampered.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings required to be used in the embodiments or the prior art description will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and for those skilled in the art, other drawings may be obtained according to these drawings without inventive labor.
Fig. 1 is a schematic diagram of a face recognition system based on a security chip according to a first embodiment of the present application;
fig. 2 is a schematic diagram of a terminal device provided in a second embodiment of the present application;
fig. 3 is a signaling diagram of authentication between a camera and a host according to an embodiment of the present application;
fig. 4 is a signaling diagram for performing authentication between a camera and a background server according to the embodiment of the present application;
fig. 5 is a signaling diagram of a face recognition result corresponding to a target image obtained by performing information interaction among a camera, a host and a background server according to an embodiment of the present application;
fig. 6 is a schematic flowchart of a face recognition method based on a security chip according to a third embodiment of the present application.
Detailed Description
In the following description, for purposes of explanation and not limitation, specific details are set forth, such as particular system structures, techniques, etc. in order to provide a thorough understanding of the embodiments of the present application. It will be apparent, however, to one skilled in the art that the present application may be practiced in other embodiments that depart from these specific details. In other instances, detailed descriptions of well-known systems, devices, circuits, and methods are omitted so as not to obscure the description of the present application with unnecessary detail.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It should also be understood that the term "and/or" as used in this specification and the appended claims refers to any and all possible combinations of one or more of the associated listed items and includes such combinations.
As used in this specification and the appended claims, the term "if" may be interpreted contextually as "when", "upon" or "in response to" determining "or" in response to detecting ". Similarly, the phrase "if it is determined" or "if a [ described condition or event ] is detected" may be interpreted contextually to mean "upon determining" or "in response to determining" or "upon detecting [ described condition or event ]" or "in response to detecting [ described condition or event ]".
Furthermore, in the description of the present application and the appended claims, the terms "first," "second," "third," and the like are used for distinguishing between descriptions and not necessarily for describing or implying relative importance.
Reference throughout this specification to "one embodiment" or "some embodiments," or the like, means that a particular feature, structure, or characteristic described in connection with the embodiment is included in one or more embodiments of the present application. Thus, appearances of the phrases "in one embodiment," "in some embodiments," "in other embodiments," or the like, in various places throughout this specification are not necessarily all referring to the same embodiment, but rather "one or more but not all embodiments" unless specifically stated otherwise. The terms "comprising," "including," "having," and variations thereof mean "including, but not limited to," unless expressly specified otherwise.
Referring to fig. 1, fig. 1 is a schematic diagram of a face recognition system based on a security chip according to a first embodiment of the present application. The face recognition system 10 based on the security chip in this embodiment includes a camera 101, a host 102, and a background server 103.
In this embodiment, the camera may be a camera module, and is composed of a depth camera and an RGB camera, where the camera and the host are located in the terminal device, and the host is in communication connection with the backend server.
The camera 101 comprises a first security chip, data pre-stored by the first security chip comprise host information and camera information, and the information is stored in the first security chip, so that security can be ensured. The first security chip prestores host information, namely identity information of the host which can be matched with the camera. The camera information prestored in the first security chip is the unique identification information for identifying the camera, and can be a camera sequence code, and each camera sequence code is unique. In addition, the camera can possess and prevent tearing open the function, and when the camera was torn open the back, the lid was torn open behind the camera promptly, and the biopsy key information in the first safety chip is invalid, and the camera is unable to be used.
The host 102 includes a second security chip, and the data pre-stored by the second security chip includes host information and camera information. The host information prestored in the second security chip is identification information for identifying the host, and can be host serial codes, and each host serial code is unique. The camera information prestored in the second security chip is the identity information of the camera which can be matched with the host.
The data pre-stored by the background server 103 includes camera information, wherein the camera information pre-stored by the background server is identity information of a camera that can be matched by the background server.
In one embodiment, the data pre-stored by the first security chip of the camera 101 may further include a camera key pair and a server public key, where the camera key pair includes a camera private key and a camera public key. The data prestored in the background server can also comprise a server key pair and a camera public key, and the background server key pair comprises a server private key and a server public key; the camera encrypts or decrypts data communicated and interacted with the background server through a camera key pair and a server public key prestored by the first security chip; and the background server encrypts or decrypts the data which is communicated and interacted with the camera through a prestored server key pair and a prestored camera public key. The encryption mode of the key pair makes the data transmission between the camera 101 and the background server 103 more secure.
Fig. 2 is a schematic diagram of a terminal device according to a second embodiment of the present application. As shown in fig. 2, the terminal device 20 of this embodiment includes: a camera 101 and a host 102. Terminal devices 20 may include, but are not limited to: the access control equipment, the door lock equipment, the face payment equipment and other equipment supporting face verification identity. It should be noted that, for the information interaction, execution process, and other contents between the above devices/units, the specific functions and technical effects thereof based on the same concept as those of the method embodiment of the present application can be specifically referred to the first embodiment and the second embodiment, and are not described herein again.
The embodiments of the present application further provide a computer-readable storage medium, where a computer program is stored, and when the computer program is executed by a processor, the computer program implements the steps that can be implemented in the foregoing method embodiments.
In the first or second embodiment of the present application, when performing face recognition, the camera 101 and the host 102 need to be authenticated, that is, it is determined whether the camera 101 and the host 102 have the right to perform data transmission. The camera 101 and the host 102 perform communication interaction, and obtain a first authentication result based on host information and camera information pre-stored by the first security chip and host information and camera information pre-stored by the second security chip.
When the first authentication result is successful, the authentication is passed, and the camera 101 and the host 102 have the right to perform data transmission. The purpose of mutual authentication between the camera 101 and the host 102 is to bind the camera and the host one by one, and after binding, the camera can only be used on the host, and vice versa. Therefore, after the camera is installed on the host, the camera is detached and cannot be used when being placed on other hosts, and the human face data cannot be illegally acquired in such a mode. When the first authentication result is failure, the authentication is failed, and the host cannot send any other instruction.
In one possible implementation manner, the camera acquires host information prestored in the second security chip, and compares the host information prestored in the second security chip with the host information prestored in the first security chip to obtain a first matching result; the host acquires camera information prestored in the first security chip, and compares the camera information prestored in the first security chip with camera information prestored in the second security chip to obtain a second matching result; and obtaining a first authentication result according to the first matching result and the second matching result.
Specifically, as shown in fig. 3, fig. 3 is a signaling diagram of the camera and the host for authentication. In order to make the information transmission between the camera and the host safer, the host 102 encrypts host information prestored in the second security chip to obtain host matching information, and sends the host matching information to the camera; the camera receives the host matching information and decrypts the host matching information to obtain host information prestored by the second security chip; the camera compares host information prestored in the second security chip with host information prestored in the first security chip to obtain a first matching result, and sends the first matching result to the host; the host receives the first matching result, generates a random character string when the first matching result is that the matching is successful, and sends the random character string to the camera; the camera receives the random character string, encrypts camera information prestored in the first security chip according to the random character string to obtain first camera matching information, and sends the first camera matching information to the host; the host receives the first camera matching information, decrypts the first camera matching information, and obtains camera information prestored by the first security chip; the host machine compares the camera information prestored in the first safety chip with the camera information prestored in the second safety chip to obtain a second matching result; and when the second matching result is successful matching, the host judges that the first authentication result is successful and sends the first authentication result to the camera.
The purpose of mutual authentication between the camera 101 and the host 102 is to bind the camera 101 and the host 102 one by one, and after binding, the camera can only be used on the host, and vice versa. After the camera is installed on the host computer, it can't be used to install the camera on other host computers to tear down, ensures that people's face data can not be illegally gathered. Before the cameras and the host are bound one by one, key presetting is needed, camera information (camera sequence codes) is written into a security chip of the host, and host information (host sequence codes) is also written into the security chip of the cameras. In order to make the authentication process more secure, each instruction is encrypted, and means such as random characters are used for ensuring that each instruction cannot be re-entered.
In a specific embodiment, after the face recognition system provided in the first embodiment or the terminal device provided in the second embodiment is turned on, the camera 101 generates an RSA key in the first secure chip, encrypts the RSA public key by using the agreed AES key, and sends the encrypted RSA public key to the host 102. The operation of generating the RSA key generates different keys in each call so as to ensure that the data of the first instruction cannot be re-entered. After the first secure chip generates the RSA key, the camera 101 encrypts the RSA public key by the preset AES key, and then transmits to the host 102. The host 102 decrypts the information sent by the camera 101 through the AES key to obtain a decrypted RSA public key, and then encrypts the host information stored in the second secure chip by using the decrypted RSA public key to obtain host matching information. The camera 101 receives the host matching information and decrypts the host matching information to obtain host information prestored by the second security chip; the camera 101 compares host information prestored in the second security chip with host information prestored in the first security chip to obtain a first matching result, and sends the first matching result to the host; the host 102 receives the first matching result, and when the first matching result is that matching is successful, the host 102 generates a random character string as a new AES key, encrypts the AES key by using the RAS key, and sends the encrypted AES key to the camera 101. The camera 101 decrypts the new AES key, and encrypts, by using the new AES key, camera information pre-stored in the first security chip to obtain first camera matching information. The host 102 decrypts the first camera matching information by using the new AES key to obtain camera information prestored in the first security chip, and compares the camera information prestored in the first security chip with camera information prestored in the second security chip to obtain a second matching result. When the second matching result is a successful matching, the host 102 determines that the first authentication result is a successful one, and sends the first authentication result to the camera 101. When the second matching result is a matching failure, the host 102 no longer sends an instruction to the camera 101.
In a possible implementation manner, the camera 101 and the backend server 103 perform communication interaction through the host, and compare the camera information prestored in the first security chip with the camera information prestored in the backend server to obtain a second authentication result. In this embodiment, the camera 101 and the background server 103 are authenticated, that is, whether the right for data transmission is provided between the camera 101 and the background server 103 is determined, so as to ensure data security. And when the second authentication result is successful, the camera can be normally used.
In a possible implementation manner, the background server 103 obtains camera information pre-stored by the first security chip through the host 102, and compares the camera information pre-stored by the first security chip with the camera information pre-stored by the background server to obtain a third matching result; and obtaining a second authentication result according to the third matching result.
In one possible embodiment, in order to ensure the security of data transmission, encryption may be performed at the time of data transmission. The camera generates a random character string, and packages the generated random character string and camera information prestored by the first security chip to obtain second camera matching information; the host acquires second camera matching information and forwards the second camera matching information to the background server; the background server acquires the second camera matching information to obtain a random character string and camera information prestored by the first security chip; the background server compares the camera information prestored in the first security chip with the camera information prestored in the background server to obtain a third matching result; the background server packs the random character string and the third matching result to obtain server matching information; the host acquires server matching information and forwards the server matching information to the camera; and the camera obtains a second authentication result according to the server matching information.
Specifically, as shown in fig. 4, fig. 4 is a signaling diagram of the camera performing authentication with the background server. The camera 101 generates a random character string, packages and encrypts the random character string and camera information prestored in the first security chip to obtain second camera matching information, and sends the second camera matching information to the host; the host 102 receives the second camera matching information and sends the second camera matching information to the background server; the background server 103 receives the second camera matching information and decrypts the second camera matching information to obtain a random character string and camera information prestored by the first security chip; the background server compares the camera information prestored in the first security chip with the camera information prestored in the background server to obtain a third matching result; encrypting the third matching result, the random character string and camera information prestored by the first security chip to obtain server matching information, and sending the server matching information to the host; the host receives the server matching information and sends the server matching information to the camera; the camera receives the server matching information, decrypts the server matching information, and obtains a third matching result, a random character string and camera information prestored by the first security chip; and when the third matching result is successful matching and the random character string, the camera information prestored in the first safety chip and the information stored in the camera are matched, the camera judges that the second authentication result is successful, and the camera normally responds to the instruction of the host. When the third matching result is that the matching fails, the authentication fails, and the camera 101 cannot be used; when the random character string and the camera information pre-stored by the first security chip are not matched with the information stored in the camera, the authentication fails and the camera 101 cannot be used.
In a specific embodiment, after receiving an instruction to be authenticated with the background server 103, the camera 101 encrypts, by using a preset server public key, camera information and a random character string pre-stored in the first security chip, and sends, by using the host 102, the camera information and the random character string to the background server 103 after signature by using a camera private key. The background server 103 decrypts the data by using the server private key, checks the signature by using the camera public key, obtains the camera information and the random character string prestored in the first security chip, and compares the camera information and the random character string with the camera information stored in the background server. After the comparison is completed, the authentication result and the random character string of the comparison are encrypted by the camera public key and signed by the server private key, and then sent to the camera 101 through the host 102. The camera 101 obtains an authentication result and a random character string after decrypting by using the camera private key and checking the signature by using the server public key, and then determines whether the authentication is successful. Only after the authentication is determined to be successful, the camera can be normally used.
In a possible implementation manner, in order to further ensure the security of data transmission, when the camera authenticates with the background server, each time data transmission is performed, the camera key pair and the server public key pre-stored by the first security chip, and the server key pair and the camera public key pre-stored by the background server may be used to encrypt or decrypt.
Specifically, the camera 101 generates a random character string, and encrypts the random character string and the camera information pre-stored in the first security chip according to the server public key to obtain encrypted second camera matching information. And the background server receives the encrypted second camera matching information and decrypts the second camera matching information according to the server private key. The background server can encrypt and sign the third matching result, the random character string and the camera information prestored by the first security chip according to the camera public key to obtain encrypted server matching information. The camera receives the encrypted server matching information, firstly checks the signature, and after the signature passes, decrypts the server matching information according to the server private key to obtain a third matching result, the random character string and the camera information prestored by the first security chip. When the first authentication result and the second authentication result are both successful, the camera collects a target image; and performing information interaction among the camera, the host and the background server to obtain a face recognition result corresponding to the target image. The target image may include a target depth image, a target infrared image, and a target color image, among others.
In a possible implementation manner, when the first authentication result and the second authentication result are both successful, the camera 101 receives a face brushing instruction of the host 102 and collects a target image; the camera 101 performs face detection on the target image to obtain a face region image; the host 102 acquires a face region image and sends the face region image to a background server; the background server acquires the face region image, and performs face recognition comparison on the face region image to obtain a face recognition result.
In a possible embodiment, the live body detection in the system is performed by the camera 101, the camera 101 obtains the result of the live body detection, and then sends the result to the backend server 103, and the backend server 103 performs face recognition on the image to obtain the face recognition result. When the first authentication result and the second authentication result are both successful, the camera 101 receives a face brushing instruction of the host 102 and collects a target image; the camera 101 performs face detection on the target image to obtain a face region image; the camera 101 performs living body detection on the target image to obtain a biopsy result; the host 102 acquires a face region image and a biopsy result, and sends the face region image to the background server when the biopsy result is successful; the background server acquires the face region image, and performs face recognition comparison on the face region image to obtain a face recognition result. The living body detection in the system is executed by the camera, so that the burden of the background server is greatly reduced, the calculation power consumption of the background server is reduced, and the cost is reduced.
Specifically, as shown in fig. 5, fig. 5 is a signaling diagram of a face recognition result corresponding to a target image obtained by performing information interaction among a camera, a host and a background server. And when the first authentication result and the second authentication result are both successful, starting face recognition. The background server 103 generates a random character string and sends the random character string to the host 102; the host 102 adds the random character string into the face brushing instruction, generates the face brushing instruction, and sends the face brushing instruction to the camera 101; when the camera 101 receives a face brushing instruction, the camera collects a target image, and the target image can comprise a target depth image, a target infrared image and a target color image according to actual needs; the camera 101 performs face detection and living body detection on the acquired target depth image, the target infrared image and the target color image according to a preset face detection algorithm and a biopsy algorithm to obtain a face region image and a biopsy result; the camera 101 packages and encrypts the face region image and the biopsy result to obtain living body information, and sends the living body information to the host 102; the host 102 receives the living body information and decrypts the living body information to obtain a face region image and a biopsy result; when the biopsy result is successful, the host computer sends the face region image to the background server 103; the background server 103 receives the face region image, performs face recognition on the face region image to obtain a face recognition result, and sends the face recognition result to the host; the host computer receives the face recognition result and selects the next instruction according to the face recognition result. And when the biopsy result is failure, the host computer determines the reason of the failure of biopsy according to the biopsy result and prompts the user.
In order to further ensure the safety of data transmission, the camera generates biopsy signature information before sending out the obtained face region image and the biopsy result, the camera encrypts the face region image, packages the biopsy signature information and the biopsy result and encrypts the biopsy signature information and the biopsy result for the second time to obtain living body information, and sends the living body information to the host; the key (SK) of the secondary encryption is a symmetric key (AES or SM 4), the key is randomly generated when the host computer initializes, and is encrypted and sent to the camera; the host receives the living body information and decrypts the living body information by using a secondary encrypted key (SK) to obtain an encrypted face area image, biopsy signature information and a biopsy result; when the biopsy result is successful, the host sends the encrypted face region image and the biopsy signature information to a background server; the background server receives the encrypted face region image and the biopsy signature information, decrypts the image, and then verifies the signature of the biopsy signature information; after the signature verification is passed, carrying out face recognition on the face region image to obtain a face recognition result, and sending the face recognition result to the host; the host receives the face recognition result and selects the next instruction according to the face recognition result.
In a possible implementation manner, in order to further ensure the security of data transmission, information interaction is performed among the camera 101, the host 102, and the background server 103, and when a face recognition result corresponding to a target image is obtained, signature, encryption, or decryption may be performed through a preset biopsy key and a preset session key each time data transmission is performed.
Specifically, the camera may sign the biopsy result according to the biopsy key, and then encrypt the signed biopsy result and the face region image according to the session key, to obtain encrypted living body information. The host receives the living body information and decrypts the living body information according to the session key to obtain the biopsy result of the face area image and the signature, and the host can check the signature of the biopsy result. After the signature verification is passed, when the biopsy result is successful, the host can encrypt the face region image according to the face secret key and send the encrypted face region image to the background server; the background server receives the encrypted face area image, decrypts the encrypted face area image, performs face recognition on the face area image after decryption to obtain a face recognition result, and sends the face recognition result to the host; the host computer receives the face recognition result and selects the next instruction according to the face recognition result.
In a possible implementation manner, in order to further ensure the security of data transmission, when information interaction is performed among the camera, the host and the background server to obtain a face recognition result corresponding to the target image, encryption or decryption can be performed through the face encryption key and the biopsy key each time data transmission is performed.
Specifically, the camera may sign the biopsy information according to the biopsy key, encrypt the face region image according to the face encryption key, and perform secondary encryption on the signed biopsy information, the encrypted face region image, and the biopsy result according to the random Symmetric Key (SK) to obtain encrypted living body information. The host receives the encrypted living body information and decrypts the living body information according to a Symmetric Key (SK) to obtain an encrypted face area image, signed biopsy information and a biopsy result; when the biopsy result is successful, the host sends the encrypted face region image and the biopsy signature information to a background server; the background server receives the encrypted face area image, decrypts the encrypted face area image, checks the biopsy information, performs face recognition on the face area image after the check is passed, obtains a face recognition result, and sends the face recognition result to the host; the host receives the face recognition result and selects the next instruction according to the face recognition result.
The random character string in this embodiment may be used as an initialization vector of the key when encrypting. The camera pre-stores a session key, wherein the session key is used for protecting data transmission between the camera and the background server, the session key uses an AES or SM4 algorithm, and the session key of each camera is unique.
In a possible implementation mode, the system can preview the face area image in an application program page of the host, the camera encrypts the live face area image and sends the encrypted face area image to the host; the host receives the encrypted face area image, decrypts the encrypted face area image to obtain the face area image, and displays the face area image on a display module of the host.
In the embodiment of the application, the face recognition system based on the security chip comprises a camera, a host and a background server, wherein the camera is in communication interaction with the host, and is based on host information and camera information prestored by a first security chip and comparison between the host information and the camera information prestored by a second security chip to obtain a first authentication result; the camera and the background server are in communication interaction through the host, and the camera information prestored by the first security chip is compared with the camera information prestored by the background server to obtain a second authentication result; when the first authentication result and the second authentication result are both successful, the camera acquires a target image; and performing information interaction among the camera, the host and the background server to obtain a face recognition result corresponding to the target image. When the face recognition is carried out, mutual authentication is carried out between the camera and the host computer and between the camera and the background server, and the face recognition is carried out after the authentication is successful, so that the safety and the reliability of the face recognition are greatly improved, and the face feature data are prevented from being illegally obtained and tampered.
Referring to fig. 6, fig. 6 is a schematic flow chart of a face recognition method based on a security chip according to a third embodiment of the present application. The face recognition method based on the security chip in the embodiment is applied to a face recognition system based on the security chip, and the system comprises a camera, a host and a background server; in the terminal device based on the security chip in this embodiment, the terminal device includes a camera and a host, and the host is in communication with the background server; the camera comprises a first safety chip, and data prestored by the first safety chip comprise host information and camera information; the host comprises a second security chip, and the data prestored by the second security chip comprises host information and camera information; the data prestored in the background server comprises camera information. For the face recognition system based on the security chip, reference may be made to the relevant description in the first embodiment, and for the terminal device based on the security chip, reference may be made to the relevant description in the second embodiment, which is not described herein again.
As shown in fig. 5, the face recognition method based on the security chip includes:
s501: the camera is in communication interaction with the host, and is compared based on host information and camera information prestored by the first security chip and host information and camera information prestored by the second security chip to obtain a first authentication result;
s502: the camera and the background server are in communication interaction through the host, and the camera information prestored by the first security chip is compared with the camera information prestored by the background server to obtain a second authentication result;
s503: when the first authentication result and the second authentication result are both successful, the camera acquires a target image; and performing information interaction among the camera, the host and the background server to obtain a face recognition result corresponding to the target image.
The security chip-based face recognition method is described in detail in the security chip-based face recognition system in the first embodiment, and reference may be made to the related description in the first embodiment, which is not described herein again.
The embodiments of the present application further provide a computer program product, which when running on a mobile terminal, enables the mobile terminal to implement the steps in the above method embodiments when executed. The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone article, may be stored in a computer readable storage medium. Based on such understanding, all or part of the processes in the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer readable storage medium and used by a processor to implement the steps of the embodiments of the methods described above. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer readable medium may include at least: any entity or device capable of carrying computer program code to a photographing apparatus/terminal apparatus, a recording medium, computer Memory, read-Only Memory (ROM), random Access Memory (RAM), an electrical carrier signal, a telecommunications signal, and a software distribution medium. Such as a usb-disk, a removable hard disk, a magnetic or optical disk, etc. In certain jurisdictions, computer-readable media may not be an electrical carrier signal or a telecommunications signal in accordance with legislative and patent practice.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
Those of ordinary skill in the art will appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the technical solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present application.
In the embodiments provided in the present application, it should be understood that the disclosed apparatus/network device and method may be implemented in other ways. For example, the above-described apparatus/network device embodiments are merely illustrative, and for example, the division of the modules or units is only one logical division, and there may be other divisions when actually implementing, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not implemented. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one position, or may be distributed on multiple network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present application and are intended to be included within the scope of the present application.

Claims (10)

1. A face recognition system based on a security chip is characterized by comprising a camera, a host and a background server; the camera comprises a first security chip, and data prestored by the first security chip comprise host information and camera information; the host comprises a second security chip, and data prestored by the second security chip comprise host information and camera information; the data prestored in the background server comprises camera information;
the camera is in communication interaction with the host, and is compared based on host information and camera information prestored in the first security chip and host information and camera information prestored in the second security chip to obtain a first authentication result;
the camera and the background server are in communication interaction through the host, and a second authentication result is obtained by comparing camera information prestored in the first security chip with camera information prestored in the background server;
when the first authentication result and the second authentication result are both successful, the camera collects a target image; and performing information interaction among the camera, the host and the background server to obtain a face recognition result corresponding to the target image.
2. The security chip based face recognition system according to claim 1, wherein the pre-stored data of the first security chip of the camera further includes a camera key pair and a server public key, and the pre-stored data of the background server further includes a server key pair and a camera public key; the camera key pair comprises a camera private key and a camera public key, and the background server key pair comprises a server private key and a server public key;
the camera is used for encrypting or decrypting data which is in communication interaction with the background server through the camera key pair and the server public key which are prestored by the first security chip;
and the background server is used for encrypting or decrypting data which is communicated and interacted with the camera through the prestored server key pair and the prestored camera public key.
3. The system according to claim 1, wherein the camera interacts with the host computer in a communication manner, and obtains a first authentication result based on the host computer information and the camera information pre-stored in the first security chip and the host computer information and the camera information pre-stored in the second security chip by comparing the host computer information and the camera information pre-stored in the second security chip, which includes:
the camera acquires host information prestored by the second security chip, and compares the host information prestored by the second security chip with the host information prestored by the first security chip to obtain a first matching result;
the host acquires camera information prestored in the first security chip, and compares the camera information prestored in the first security chip with the camera information prestored in the second security chip to obtain a second matching result;
and obtaining the first authentication result according to the first matching result and the second matching result.
4. The system according to claim 1, wherein the camera and the backend server perform communication interaction via the host, and obtain a second authentication result by comparing camera information pre-stored in the first secure chip with camera information pre-stored in the backend server, including:
the background server acquires camera information prestored by the first security chip through the host, and compares the camera information prestored by the first security chip with the camera information prestored by the background server to obtain a third matching result;
and obtaining the second authentication result according to the third matching result.
5. The security chip based face recognition system according to claim 1, wherein the camera and the backend server perform communication interaction through the host, and obtain a second authentication result based on comparison between camera information pre-stored by the first security chip and camera information pre-stored by the backend server, the method comprising:
the camera generates a random character string, and packages the generated random character string and camera information prestored by the first security chip to obtain second camera matching information;
the host acquires the second camera matching information and forwards the second camera matching information to the background server;
the background server acquires the second camera matching information to obtain the random character string and the camera information prestored by the first security chip;
the background server compares the camera information prestored in the first security chip with the camera information prestored in the background server to obtain a third matching result;
the background server packs the random character string and the third matching result to obtain server matching information;
the host acquires the server matching information and forwards the server matching information to the camera;
and the camera obtains the second authentication result according to the server matching information.
6. The security chip based face recognition system of claim 5, wherein the camera captures a target image when the first authentication result and the second authentication result are both successful; obtaining a face recognition result corresponding to the target image by performing information interaction among the camera, the host and the background server, including:
when the first authentication result and the second authentication result are both successful, the camera receives a face brushing instruction of the host and collects a target image;
the camera carries out face detection on the target image to obtain a face area image;
the host acquires the face region image and sends the face region image to the background server;
and the background server acquires the face region image, and performs face recognition comparison on the face region image to obtain a face recognition result.
7. The security chip based face recognition system of claim 5, wherein the camera captures a target image when the first authentication result and the second authentication result are both successful; obtaining a face recognition result corresponding to the target image by performing information interaction among the camera, the host and the background server, including:
when the first authentication result and the second authentication result are both successful, the camera receives a face brushing instruction of the host and collects a target image;
the camera carries out face detection on the target image to obtain a face area image;
the camera performs living body detection on the target image to obtain a biopsy result;
the host acquires the face region image and the biopsy result and sends the face region image to the background server when the biopsy result is successful;
and the background server acquires the face region image, and performs face recognition comparison on the face region image to obtain a face recognition result.
8. A face recognition method based on a security chip is characterized in that the method is applied to a face recognition system based on the security chip, and the system comprises a camera, a host and a background server; the camera comprises a first security chip, and data prestored by the first security chip comprise host information and camera information; the host comprises a second security chip, and data prestored by the second security chip comprise host information and camera information; the data prestored in the background server comprises camera information;
the camera is in communication interaction with the host, and is compared based on host information and camera information prestored in the first security chip and host information and camera information prestored in the second security chip to obtain a first authentication result;
the camera and the background server are in communication interaction through the host, and a second authentication result is obtained by comparing camera information prestored in the first security chip with camera information prestored in the background server;
when the first authentication result and the second authentication result are both successful, the camera collects a target image; and performing information interaction among the camera, the host and the background server to obtain a face recognition result corresponding to the target image.
9. A terminal device, comprising: a camera and a host; the camera and the host are included in the system of any one of claims 1-7.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method as claimed in claim 8.
CN202211247594.7A 2022-10-12 2022-10-12 Face recognition system and method based on security chip and terminal equipment Pending CN115880747A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211247594.7A CN115880747A (en) 2022-10-12 2022-10-12 Face recognition system and method based on security chip and terminal equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211247594.7A CN115880747A (en) 2022-10-12 2022-10-12 Face recognition system and method based on security chip and terminal equipment

Publications (1)

Publication Number Publication Date
CN115880747A true CN115880747A (en) 2023-03-31

Family

ID=85770399

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211247594.7A Pending CN115880747A (en) 2022-10-12 2022-10-12 Face recognition system and method based on security chip and terminal equipment

Country Status (1)

Country Link
CN (1) CN115880747A (en)

Similar Documents

Publication Publication Date Title
US10606997B2 (en) Remote identity authentication method and system and remote account opening method and system
CN109379189B (en) Block chain account key backup and recovery method, device, terminal and system
US8251286B2 (en) System and method for conducting secure PIN debit transactions
CN105245340A (en) Identity authentication method based on remote account opening and system
CN110474874B (en) Data security processing terminal, system and method
CN104639516A (en) Method, equipment and system for authenticating identities
MXPA06010776A (en) Authentication between device and portable storage.
US20230368194A1 (en) Encryption method and decryption method for payment key, payment authentication method, and terminal device
CN111274578B (en) Data safety protection system and method for video monitoring system
EP2628133B1 (en) Authenticate a fingerprint image
CN112565265B (en) Authentication method, authentication system and communication method between terminal devices of Internet of things
US20130124860A1 (en) Method for the Cryptographic Protection of an Application
US20110202772A1 (en) Networked computer identity encryption and verification
KR20180129475A (en) Method, user terminal and authentication service server for authentication
CN109618313B (en) Vehicle-mounted Bluetooth device and connection method and system thereof
CN114338201B (en) Data processing method and device, electronic equipment and storage medium
CN112383577A (en) Authorization method, device, system, equipment and storage medium
CN115880747A (en) Face recognition system and method based on security chip and terminal equipment
CN114885326A (en) Bank mobile operation safety protection method, device and storage medium
CN115941246A (en) Face recognition system and method based on security chip and terminal equipment
JP3923229B2 (en) Authentication processing method and method
CN112559979B (en) Method for protecting software library authorized use on POS machine through hardware security chip
CN114513338B (en) Data synchronization method and electronic equipment
EP3790226A1 (en) A blockchain-based medical insurance storage system
CN117632119A (en) Component multiplexing method, system, electronic device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination