CN116484343A - Biological feature verification method, device, equipment and medium - Google Patents
Biological feature verification method, device, equipment and medium Download PDFInfo
- Publication number
- CN116484343A CN116484343A CN202310204310.4A CN202310204310A CN116484343A CN 116484343 A CN116484343 A CN 116484343A CN 202310204310 A CN202310204310 A CN 202310204310A CN 116484343 A CN116484343 A CN 116484343A
- Authority
- CN
- China
- Prior art keywords
- characteristic value
- preset
- value
- characteristic
- fragment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000012795 verification Methods 0.000 title claims abstract description 96
- 238000000034 method Methods 0.000 title claims abstract description 52
- 239000012634 fragment Substances 0.000 claims abstract description 92
- 239000003795 chemical substances by application Substances 0.000 claims abstract description 75
- 238000004590 computer program Methods 0.000 claims description 21
- 238000012545 processing Methods 0.000 claims description 21
- 230000005540 biological transmission Effects 0.000 claims description 8
- 239000000284 extract Substances 0.000 claims description 7
- 230000006870 function Effects 0.000 claims description 5
- 238000000605 extraction Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 6
- 238000004891 communication Methods 0.000 description 5
- 238000013473 artificial intelligence Methods 0.000 description 2
- 230000001010 compromised effect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000018109 developmental process Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 230000011218 segmentation Effects 0.000 description 2
- YSCNMFDFYJUPEF-OWOJBTEDSA-N 4,4'-diisothiocyano-trans-stilbene-2,2'-disulfonic acid Chemical compound OS(=O)(=O)C1=CC(N=C=S)=CC=C1\C=C\C1=CC=C(N=C=S)C=C1S(O)(=O)=O YSCNMFDFYJUPEF-OWOJBTEDSA-N 0.000 description 1
- 238000004422 calculation algorithm Methods 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000013467 fragmentation Methods 0.000 description 1
- 238000006062 fragmentation reaction Methods 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000009877 rendering Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- General Physics & Mathematics (AREA)
- Accounting & Taxation (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Development Economics (AREA)
- Economics (AREA)
- Marketing (AREA)
- Strategic Management (AREA)
- Technology Law (AREA)
- General Business, Economics & Management (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a biological feature verification method, a device, equipment and a medium, and relates to the technical field of computers, wherein the method comprises the following steps: acquiring current original biological characteristic information returned by a target application program, and extracting a characteristic value to be verified from the current original biological characteristic information by utilizing a biological characteristic template; receiving a verifiable credential proof which is returned by a user agent and contains a first characteristic value fragment and corresponds to the target application program, verifying the verifiable credential proof, extracting a corresponding second characteristic value fragment from a preset characteristic value fragment library if verification is passed, and then splicing the first characteristic value fragment and the second characteristic value fragment to obtain a reference characteristic value; and matching the characteristic value to be verified with the reference characteristic value to obtain a biological characteristic verification result of the current original biological characteristic information. By the method, the safety and the reliability of the biological feature verification can be improved.
Description
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method, an apparatus, a device, and a medium for verifying biological features.
Background
With the development of network popularization and digitalization, many businesses turn to online, and the online verification of the real-name identity of the business can save the time of providing files in person to a service site. Biometric data is unique so that they can be used as a form of authentication, as mobile phone biometric information becomes more convenient and popular on smart terminals such as mobile phones, more mechanisms are possible to provide remote new user registration and transaction services, however, it is much more difficult to prove and protect the identity of an individual during online transactions, and there is still a major obstacle to correlating the user's biometric information with its actual identity.
Currently, in some online service scenarios where it is desirable to provide real-name authentication, a trusted authority is often required to proxy transactions between the user and the bank. The online authentication service process may involve a video session requiring the user to present his national identification card or passport or to acquire face or fingerprint information for background data comparison. User identity information and user complete biometric information are generally managed in a unified way by a centralized system, the security and reliability of an authentication system are reduced by data honeypot risks and single-point faults, and a hacker can conduct identity fraudulent use by database stealing. Due to invariance of biometric information, leakage of biometric information may lead to continuous security threats, such as the inability to simply alter the user's biometric identification data once it is compromised to secure authentication, the user needs to switch to other forms of biometric authentication or other MFA (Multi-Factor Authentication, i.e., multi-factor authentication) methods, which is very inconvenient.
Overall, how to improve the security and reliability of biometric verification is a problem to be solved in the art.
Disclosure of Invention
In view of the above, an object of the present invention is to provide a method, apparatus, device, and medium for biometric authentication, which can improve the security and reliability of biometric authentication. The specific scheme is as follows:
in a first aspect, the present application discloses a biometric verification method applied to a preset verifier, including:
acquiring current original biological characteristic information returned by a target application program, and extracting a characteristic value to be verified from the current original biological characteristic information by utilizing a biological characteristic template;
receiving a verifiable credential proof which is returned by a user agent and contains a first characteristic value fragment and corresponds to the target application program, verifying the verifiable credential proof, extracting a corresponding second characteristic value fragment from a preset characteristic value fragment library if verification is passed, and then splicing the first characteristic value fragment and the second characteristic value fragment to obtain a reference characteristic value;
and matching the characteristic value to be verified with the reference characteristic value to obtain a biological characteristic verification result of the current original biological characteristic information.
Optionally, after the matching the feature value to be verified with the reference feature value to obtain the biometric verification result of the current original biometric information, the method further includes:
if the biological characteristic verification result represents that the characteristic value to be verified is inconsistent with the reference characteristic value, judging that the user to be verified of the current original biological characteristic information is not matched with the reference user of the user agent, and sending preset mismatch reminding information to the target application program so that the target application program carries out corresponding processing based on the preset mismatch reminding information;
and if the biological feature verification result represents that the feature value to be verified is consistent with the reference feature value, judging that the user to be verified is matched with the reference user, and sending preset matching reminding information to the target application program so that the target application program can perform corresponding processing based on the preset matching reminding information.
Optionally, the receiving the verifiable credential that includes the first feature value segment and is returned by the user agent corresponding to the target application program, verifying the verifiable credential, and if verification passes, extracting a corresponding second feature value segment from a preset feature value segment library, including:
The identity agent of the preset verifier receives verifiable credential proof and a first hash value which are returned by the user agent corresponding to the target application program and contain a first characteristic value fragment, and verifies the verifiable credential proof;
and if the verification is passed, the service system of the preset verification party screens out a second hash value matched with the first hash value from a preset index relation, extracts a corresponding encrypted second characteristic value fragment from a preset characteristic value fragment library by using the second hash value, and then decrypts the encrypted second characteristic value to obtain a second characteristic value fragment.
Optionally, before extracting the corresponding second eigenvalue segment from the preset eigenvalue segment library by using the second hash value, the method further includes:
collecting original biological characteristic information of the reference user through a preset proving party, extracting a reference characteristic value from the original biological characteristic information by utilizing the biological characteristic template, and then dividing the reference characteristic value by utilizing the predefined dividing function to obtain a first characteristic value segment and a second characteristic value segment;
encrypting the second characteristic value segment through the preset proving party to obtain an encrypted second characteristic value segment, obtaining the second hash value of the encrypted second characteristic value segment, and then constructing the preset index relation between the encrypted second characteristic value segment and the second hash value, so that a service system of the preset proving party screens the second hash value matched with the first hash value from the preset index relation.
Optionally, before receiving the first eigenvalue segment returned by the user agent corresponding to the target application program and the verifiable credential, the method further includes:
issuing the first characteristic value fragment and the second hash value through the preset issuing party to obtain a verifiable certificate containing the first characteristic value fragment and the second hash value, and sending the verifiable certificate to the user agent through a transmission connection established with the user agent in advance;
and determining the verifiable certificate as a verifiable certificate containing the first characteristic value fragment and the first hash value through the user agent, and processing the verifiable certificate when a corresponding request of the preset verifier is received, so that the verification party can receive the verification certificate.
Optionally, the receiving the verifiable credential including the first feature value segment returned by the user agent corresponding to the target application program includes:
and receiving verifiable credential certificates returned by the user agent corresponding to the target application program, acquiring a public key of the preset proving party from a preset public key registry, and verifying the verifiable credential certificates by utilizing the public key to obtain the first characteristic value fragments and the first hash values.
Optionally, the receiving the verifiable credential including the first feature value segment returned by the user agent corresponding to the target application program includes:
and receiving verifiable credential certificates containing the first eigenvalue segments, which are returned by the user agent corresponding to the target application program based on the address information of the identity agent of the preset verifier.
In a second aspect, the present application discloses a biometric authentication device, applied to a preset verifier, comprising:
the feature value extraction module is used for acquiring current original biological feature information returned by the target application program and extracting a feature value to be verified from the current original biological feature information by utilizing a biological feature template;
the segment splicing module is used for receiving a verifiable certificate which is returned by the user agent and contains the first characteristic value segment and corresponds to the target application program, verifying the verifiable certificate, extracting a corresponding second characteristic value segment from a preset characteristic value segment library if verification is passed, and then splicing the first characteristic value segment and the second characteristic value segment to obtain a reference characteristic value;
and the verification result acquisition module is used for matching the characteristic value to be verified with the reference characteristic value to obtain a biological characteristic verification result of the current original biological characteristic information.
In a third aspect, the present application discloses an electronic device comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the steps of the previously disclosed biometric authentication method.
In a fourth aspect, the present application discloses a computer-readable storage medium for storing a computer program; wherein the computer program when executed by a processor implements the steps of the previously disclosed biometric authentication method.
The application discloses a biological feature verification method, which comprises the steps of obtaining current original biological feature information returned by a target application program, and extracting a feature value to be verified from the current original biological feature information by utilizing a biological feature template; receiving a verifiable credential proof which is returned by a user agent and contains a first characteristic value fragment and corresponds to the target application program, verifying the verifiable credential proof, extracting a corresponding second characteristic value fragment from a preset characteristic value fragment library if verification is passed, and then splicing the first characteristic value fragment and the second characteristic value fragment to obtain a reference characteristic value; and matching the characteristic value to be verified with the reference characteristic value to obtain a biological characteristic verification result of the current original biological characteristic information. Therefore, the method and the device verify the verifiable evidence, if the verification is passed, the second characteristic value segment and the first characteristic value segment are spliced to obtain a reference characteristic value, and then the reference characteristic value and the characteristic value to be verified are matched to obtain a biological characteristic verification result of the current original biological characteristic information; because the preset verifier needs to extract the second characteristic value fragment from the preset characteristic value fragment library and needs to acquire the first characteristic value fragment from the user agent, namely the preset verifier does not store complete biological characteristic information, only partial biological characteristic information can be intercepted and acquired when the biological characteristic information is illegally acquired, and the complete biological characteristic information cannot be acquired, and partial biological characteristic information cannot pass through biological characteristic verification, so that the safety is improved; and because the verifiable credential proof needs to be verified, if the verifiable credential proof containing the first characteristic value fragment is verified, the verification is performed, namely the validity of the source of the verifiable credential proof is determined, and the reliability of subsequent biological feature verification is further improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required to be used in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only embodiments of the present invention, and that other drawings may be obtained according to the provided drawings without inventive effort to a person skilled in the art.
FIG. 1 is a flow chart of a method of biometric authentication disclosed herein;
FIG. 2 is a schematic illustration of a specific registration disclosed herein;
FIG. 3 is a flowchart of a particular biometric verification method disclosed herein;
FIG. 4 is a schematic diagram of a biometric authentication device disclosed herein;
fig. 5 is a block diagram of an electronic device disclosed in the present application.
Detailed Description
The following description of the technical solutions in the embodiments of the present application will be made clearly and completely with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
With the development of network popularization and digitalization, many businesses turn to online, and the online verification of the real-name identity of the business can save the time of providing files in person to a service site. Biometric data is unique so that they can be used as a form of authentication, as mobile phone biometric information becomes more convenient and popular on smart terminals such as mobile phones, more mechanisms are possible to provide remote new user registration and transaction services, however, it is much more difficult to prove and protect the identity of an individual during online transactions, and there is still a major obstacle to correlating the user's biometric information with its actual identity.
Currently, in some online service scenarios where it is desirable to provide real-name authentication, a trusted authority is often required to proxy transactions between the user and the bank. The online authentication service process may involve a video session requiring the user to present his national identification card or passport or to acquire face or fingerprint information for background data comparison. User identity information and user complete biometric information are generally managed in a unified way by a centralized system, the security and reliability of an authentication system are reduced by data honeypot risks and single-point faults, and a hacker can conduct identity fraudulent use by database stealing. Leakage of biometric information may lead to continuous security threats due to invariance of biometric information, for example, once the user's biometric identification data is compromised, the information cannot be simply altered to secure authentication security, and the user needs to switch to other forms of biometric authentication or other MFA methods, which is very inconvenient.
Therefore, the application correspondingly provides a biological characteristic verification scheme which can improve the safety and reliability of biological characteristic verification.
Referring to fig. 1, an embodiment of the present application discloses a biometric authentication method, which is applied to a preset authentication party, and includes:
step S11: and acquiring the current original biological characteristic information returned by the target application program, and extracting a characteristic value to be verified from the current original biological characteristic information by utilizing a biological characteristic template.
In this embodiment, it may be understood that, before the current original biometric information returned by the target application program is acquired, the preset issuer needs to register with the biometric information of the reference user. For example, a specific registration diagram shown in fig. 2, a first step of registration: the method comprises the steps that a proving party needs to collect original biological characteristic information of a reference user, for example, the original biological characteristic information is taken as a fingerprint of the reference user, a biological characteristic template is utilized to extract complete biological characteristic values of the reference user from the original biological characteristic information of the reference user, for example, the biological characteristic template is taken as outline characteristics, then the complete biological characteristic values are taken as fingerprint outline characteristics of the reference user, and then a predefined segmentation function is utilized to segment the complete biological characteristic values into a first characteristic value segment and a second characteristic value segment; a second step of registration: the user DID (Decentralized Identity, namely, the decentralizing identity) agent and the DID agent of the preset issuing party respectively create a peerDID (relationship DID) and a corresponding public and private key for the peer relationship, and establish a corresponding DID connection (peerDID, peerDID') by exchanging public keys in the relationship DIDs and respectively storing peerDID (my sk, his pk), and the preset issuing party provides an entrance for the user agent to carry out DID connection and apply for credentials for the user agent requesting the verifiable credentials through the client so as to obtain safe transmission connection between the user agent and the preset issuing party; a third step of registration: encrypting the second characteristic value fragment by using a private key in the peeerDID (mysk, his pk) corresponding to the user connection relation by the preset proving side identity agent to obtain an encrypted second characteristic value fragment, then acquiring a second hash value of the second characteristic value fragment, and constructing a preset index relation between the second hash value and the encrypted second characteristic value fragment so as to inquire the corresponding encrypted second characteristic value fragment based on the second hash value; fourth step of registration: the preset issuing party issues the first eigenvalue segment and the second hash value to obtain a verifiable certificate containing the first eigenvalue segment and the second hash value, and sends the verifiable certificate to a user agent of the reference user through a transmission connection which is established in advance.
Step S12: and receiving a verifiable certificate which is returned by the user agent and contains the first characteristic value fragment and corresponds to the target application program, verifying the verifiable certificate, extracting a corresponding second characteristic value fragment from a preset characteristic value fragment library if verification is passed, and then splicing the first characteristic value fragment and the second characteristic value fragment to obtain a reference characteristic value.
In this embodiment, the receiving the verifiable credential including the first feature value segment returned by the user agent corresponding to the target application program includes: and receiving verifiable credential certificates containing the first eigenvalue segments, which are returned by the user agent corresponding to the target application program based on the address information of the identity agent of the preset verifier. It should be noted that when the preset verifier needs to obtain the verifiable credential, a corresponding request needs to be sent to the user agent, where the request may include address information of the identity agent of the preset verifier; when the user agent receives a corresponding request of a preset verifier, processing the verifiable certificate to obtain a verifiable certificate, and then sending the verifiable certificate to the preset verifier based on address information; after receiving the verifiable credential proof, the identity agent of the preset verifier needs to verify the verifiable credential proof, and if the verifiable credential proof passes the verification, the verifiable credential proof is sent by the user agent, so that the validity of the verifiable credential proof source is verified; it can be understood that the verifiable credential includes a first characteristic value segment and a first hash value, a service system of a preset verifier screens a second hash value matched with the first hash value from a preset index relation, extracts a corresponding encrypted second characteristic value segment from a preset characteristic value segment library by using the second hash value, and then decrypts the encrypted second characteristic value to obtain a second characteristic value segment; and splicing the first characteristic value segment and the second characteristic value segment to obtain a reference characteristic value, wherein the reference characteristic value is a complete biological characteristic value, and therefore the reference characteristic value can be matched with the characteristic value to be verified later.
Step S13: and matching the characteristic value to be verified with the reference characteristic value to obtain a biological characteristic verification result of the current original biological characteristic information.
In this embodiment, after the matching the feature value to be verified with the reference feature value to obtain the biometric verification result of the current original biometric information, the method further includes: if the biological characteristic verification result represents that the characteristic value to be verified is inconsistent with the reference characteristic value, judging that the user to be verified of the current original biological characteristic information is not matched with the reference user of the user agent, and sending preset mismatch reminding information to the target application program so that the target application program carries out corresponding processing based on the preset mismatch reminding information; and if the biological feature verification result represents that the feature value to be verified is consistent with the reference feature value, judging that the user to be verified is matched with the reference user, and sending preset matching reminding information to the target application program so that the target application program can perform corresponding processing based on the preset matching reminding information.
The application discloses a biological feature verification method, which comprises the steps of obtaining current original biological feature information returned by a target application program, and extracting a feature value to be verified from the current original biological feature information by utilizing a biological feature template; receiving a verifiable credential proof which is returned by a user agent and contains a first characteristic value fragment and corresponds to the target application program, verifying the verifiable credential proof, extracting a corresponding second characteristic value fragment from a preset characteristic value fragment library if verification is passed, and then splicing the first characteristic value fragment and the second characteristic value fragment to obtain a reference characteristic value; and matching the characteristic value to be verified with the reference characteristic value to obtain a biological characteristic verification result of the current original biological characteristic information. Therefore, the method and the device verify the verifiable evidence, if the verification is passed, the second characteristic value segment and the first characteristic value segment are spliced to obtain a reference characteristic value, and then the reference characteristic value and the characteristic value to be verified are matched to obtain a biological characteristic verification result of the current original biological characteristic information; because the preset verifier needs to extract the second characteristic value fragment from the preset characteristic value fragment library and needs to acquire the first characteristic value fragment from the user agent, namely the preset verifier does not store complete biological characteristic information, only partial biological characteristic information can be intercepted and acquired when the biological characteristic information is illegally acquired, and the complete biological characteristic information cannot be acquired, and partial biological characteristic information cannot pass through biological characteristic verification, so that the safety is improved; and because the verifiable credential proof needs to be verified, if the verifiable credential proof containing the first characteristic value fragment is verified, the verification is performed, namely the validity of the source of the verifiable credential proof is determined, and the reliability of subsequent biological feature verification is further improved.
Referring to fig. 3, an embodiment of the present application discloses a specific biometric verification method, which is applied to a preset verifier, and includes:
step S21: and acquiring the current original biological characteristic information returned by the target application program, and extracting a characteristic value to be verified from the current original biological characteristic information by utilizing a biological characteristic template.
Step S22: and the identity agent of the preset verifier receives the verifiable certificate containing the first characteristic value fragment and returned by the user agent corresponding to the target application program, a first hash value and verifies the verifiable certificate.
In this embodiment, the preset issuer issues the first eigenvalue segment and the second hash value to obtain a verifiable credential including the first eigenvalue segment and the second hash value, and sends the verifiable credential to the user agent through a transmission connection established with the user agent in advance; and determining the verifiable certificate as a verifiable certificate containing the first characteristic value fragment and the first hash value through the user agent, and processing the verifiable certificate when a corresponding request of the preset verifier is received, so that the verification party can receive the verification certificate. It can be understood that when the preset verifier needs to obtain the verifiable credential proof, a corresponding request needs to be sent to the user agent, for example, the request may be in the form of a corresponding two-dimensional code, and after the user agent scans the two-dimensional code, a transmission connection is established with the preset verifier to send the verifiable credential proof to the preset verifier, so that the user corresponding to the user agent knows that the preset verifier needs to perform related verification.
In this embodiment, a verifiable credential returned by the user agent corresponding to the target application program is received, a public key of the preset issuer is obtained from a preset public key registry, and then the verifiable credential is verified by using the public key, so as to obtain the first feature value segment and the first hash value.
Step S23: and if the verification is passed, the service system of the preset verification party screens out a second hash value matched with the first hash value from a preset index relation, extracts a corresponding encrypted second characteristic value fragment from a preset characteristic value fragment library by using the second hash value, and then decrypts the encrypted second characteristic value to obtain a second characteristic value fragment.
In this embodiment, the original biometric information of the reference user is collected by a preset proving party, the reference feature value is extracted from the original biometric information by using the biometric template, and then the reference feature value is segmented by using the predefined segmentation function, so as to obtain the first feature value segment and the second feature value segment; encrypting the second characteristic value segment through the preset proving party to obtain an encrypted second characteristic value segment, obtaining the second hash value of the encrypted second characteristic value segment, and then constructing the preset index relation between the encrypted second characteristic value segment and the second hash value, so that a service system of the preset proving party screens the second hash value matched with the first hash value from the preset index relation. In this embodiment, the verification related data format, the encryption algorithm and the password calculation component are all standardized and universal, so that the open access of any network application is supported, and the privacy security of the user is ensured.
Step S24: and splicing the first characteristic value segment and the second characteristic value segment to obtain a reference characteristic value.
Step S25: and matching the characteristic value to be verified with the reference characteristic value to obtain a biological characteristic verification result of the current original biological characteristic information.
Therefore, compared with the method of directly collecting and storing the original biological characteristic information, the method and the device for storing the biological characteristic information extract the characteristic value to be verified in the current original biological characteristic information by using the biological characteristic template, and perform encryption and fragmentation storage, so that the storage safety of the biological characteristic data can be greatly improved, the risk of data leakage is reduced, and the privacy safety of an entity is effectively protected. The biological characteristics are stored in a distributed mode, and identity verification can be performed only when the first characteristic value segment and the second characteristic value segment are spliced, namely, a preset verifier can perform identity verification, and the user agent self-holds the first characteristic value segment, so that authentication must be performed under the condition that the user knows consent. The preset issuing party only needs to perform real-name verification on the individual, register biological characteristics and issue fragment characteristic data to the owner, and does not need to participate in the verification; the biometric verification can be independently performed by a specific or non-specific service provider through public infrastructure such as a biometric fragment library which is accessed by open permission and combined with the biometric certificate provided by the identity owner, thereby greatly improving the reliability and the security of the biometric verification.
Referring to fig. 4, an embodiment of the present application discloses a biometric authentication device, which is applied to a preset authentication party, and includes:
the feature value extraction module 11 is used for acquiring current original biological feature information returned by the target application program and extracting a feature value to be verified from the current original biological feature information by utilizing a biological feature template;
the segment splicing module 12 is configured to receive a verifiable credential that includes a first feature value segment and is returned by a user agent corresponding to the target application program, verify the verifiable credential, extract a corresponding second feature value segment from a preset feature value segment library if verification is passed, and splice the first feature value segment and the second feature value segment to obtain a reference feature value;
and the verification result obtaining module 13 is configured to match the feature value to be verified with the reference feature value, so as to obtain a biometric feature verification result of the current original biometric feature information.
The application discloses a biological feature verification method, which comprises the steps of obtaining current original biological feature information returned by a target application program, and extracting a feature value to be verified from the current original biological feature information by utilizing a biological feature template; receiving a verifiable credential proof which is returned by a user agent and contains a first characteristic value fragment and corresponds to the target application program, verifying the verifiable credential proof, extracting a corresponding second characteristic value fragment from a preset characteristic value fragment library if verification is passed, and then splicing the first characteristic value fragment and the second characteristic value fragment to obtain a reference characteristic value; and matching the characteristic value to be verified with the reference characteristic value to obtain a biological characteristic verification result of the current original biological characteristic information. Therefore, the method and the device verify the verifiable evidence, if the verification is passed, the second characteristic value segment and the first characteristic value segment are spliced to obtain a reference characteristic value, and then the reference characteristic value and the characteristic value to be verified are matched to obtain a biological characteristic verification result of the current original biological characteristic information; because the preset verifier needs to extract the second characteristic value fragment from the preset characteristic value fragment library and needs to acquire the first characteristic value fragment from the user agent, namely the preset verifier does not store complete biological characteristic information, only partial biological characteristic information can be intercepted and acquired when the biological characteristic information is illegally acquired, and the complete biological characteristic information cannot be acquired, and partial biological characteristic information cannot pass through biological characteristic verification, so that the safety is improved; and because the verifiable credential proof needs to be verified, if the verifiable credential proof containing the first characteristic value fragment is verified, the verification is performed, namely the validity of the source of the verifiable credential proof is determined, and the reliability of subsequent biological feature verification is further improved.
Further, the embodiment of the application also provides electronic equipment. Fig. 5 is a block diagram of an electronic device 20, according to an exemplary embodiment, and the contents of the diagram should not be construed as limiting the scope of use of the present application in any way.
Fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application. Specifically, the method comprises the following steps: at least one processor 21, at least one memory 22, a power supply 23, a communication interface 24, an input output interface 25, and a communication bus 26. Wherein the memory 22 is used for storing a computer program, which is loaded and executed by the processor 21 for realizing the following steps:
acquiring current original biological characteristic information returned by a target application program, and extracting a characteristic value to be verified from the current original biological characteristic information by utilizing a biological characteristic template;
receiving a verifiable credential proof which is returned by a user agent and contains a first characteristic value fragment and corresponds to the target application program, verifying the verifiable credential proof, extracting a corresponding second characteristic value fragment from a preset characteristic value fragment library if verification is passed, and then splicing the first characteristic value fragment and the second characteristic value fragment to obtain a reference characteristic value;
And matching the characteristic value to be verified with the reference characteristic value to obtain a biological characteristic verification result of the current original biological characteristic information.
In some embodiments, the processor may specifically implement the following steps by executing the computer program stored in the memory:
if the biological characteristic verification result represents that the characteristic value to be verified is inconsistent with the reference characteristic value, judging that the user to be verified of the current original biological characteristic information is not matched with the reference user of the user agent, and sending preset mismatch reminding information to the target application program so that the target application program carries out corresponding processing based on the preset mismatch reminding information;
and if the biological feature verification result represents that the feature value to be verified is consistent with the reference feature value, judging that the user to be verified is matched with the reference user, and sending preset matching reminding information to the target application program so that the target application program can perform corresponding processing based on the preset matching reminding information.
In some embodiments, the processor may specifically implement the following steps by executing the computer program stored in the memory:
The identity agent of the preset verifier receives verifiable credential proof and a first hash value which are returned by the user agent corresponding to the target application program and contain a first characteristic value fragment, and verifies the verifiable credential proof;
and if the verification is passed, the service system of the preset verification party screens out a second hash value matched with the first hash value from a preset index relation, extracts a corresponding encrypted second characteristic value fragment from a preset characteristic value fragment library by using the second hash value, and then decrypts the encrypted second characteristic value to obtain a second characteristic value fragment.
In some embodiments, the processor may specifically implement the following steps by executing the computer program stored in the memory:
collecting original biological characteristic information of the reference user through a preset proving party, extracting a reference characteristic value from the original biological characteristic information by utilizing the biological characteristic template, and then dividing the reference characteristic value by utilizing the predefined dividing function to obtain a first characteristic value segment and a second characteristic value segment;
encrypting the second characteristic value segment through the preset proving party to obtain an encrypted second characteristic value segment, obtaining the second hash value of the encrypted second characteristic value segment, and then constructing the preset index relation between the encrypted second characteristic value segment and the second hash value, so that a service system of the preset proving party screens the second hash value matched with the first hash value from the preset index relation.
In some embodiments, the processor may specifically implement the following steps by executing the computer program stored in the memory:
issuing the first characteristic value fragment and the second hash value through the preset issuing party to obtain a verifiable certificate containing the first characteristic value fragment and the second hash value, and sending the verifiable certificate to the user agent through a transmission connection established with the user agent in advance;
and determining the verifiable certificate as a verifiable certificate containing the first characteristic value fragment and the first hash value through the user agent, and processing the verifiable certificate when a corresponding request of the preset verifier is received, so that the verification party can receive the verification certificate.
In some embodiments, the processor may specifically implement the following steps by executing the computer program stored in the memory:
and receiving verifiable credential certificates returned by the user agent corresponding to the target application program, acquiring a public key of the preset proving party from a preset public key registry, and verifying the verifiable credential certificates by utilizing the public key to obtain the first characteristic value fragments and the first hash values.
In some embodiments, the processor may further include the following steps by executing the computer program stored in the memory:
and receiving verifiable credential certificates containing the first eigenvalue segments, which are returned by the user agent corresponding to the target application program based on the address information of the identity agent of the preset verifier.
In this embodiment, the power supply 23 is configured to provide an operating voltage for each hardware device on the electronic device; the communication interface 24 can create a data transmission channel between the electronic device and an external device, and the communication protocol to be followed is any communication protocol applicable to the technical solution of the present application, which is not specifically limited herein; the input/output interface 25 is used for acquiring external input data or outputting external output data, and the specific interface type thereof may be selected according to the specific application requirement, which is not limited herein.
Processor 21 may include one or more processing cores, such as a 4-core processor, an 8-core processor, etc. The processor 21 may be implemented in at least one hardware form of DSP (Digital Signal Processing ), FPGA (Field-Programmable Gate Array, field programmable gate array), PLA (Programmable Logic Array ). The processor 21 may also comprise a main processor, which is a processor for processing data in an awake state, also called CPU (Central Processing Unit ); a coprocessor is a low-power processor for processing data in a standby state. In some embodiments, the processor 21 may integrate a GPU (Graphics Processing Unit, image processor) for rendering and drawing of content required to be displayed by the display screen. In some embodiments, the processor 21 may also include an AI (Artificial Intelligence ) processor for processing computing operations related to machine learning.
The memory 22 may be a carrier for storing resources, such as a read-only memory, a random access memory, a magnetic disk, or an optical disk, and the resources stored thereon include an operating system 221, a computer program 222, and data 223, and the storage may be temporary storage or permanent storage.
The operating system 221 is used for managing and controlling various hardware devices on the electronic device and the computer program 222, so as to implement the operation and processing of the processor 21 on the mass data 223 in the memory 22, which may be Windows, unix, linux. The computer program 222 may further include a computer program that can be used to perform other specific tasks in addition to the computer program that can be used to perform the biometric verification method performed by the electronic device as disclosed in any of the previous embodiments. The data 223 may include, in addition to data received by the electronic device and transmitted by the external device, data collected by the input/output interface 25 itself, and so on.
Further, the embodiments of the present application also disclose a computer readable storage medium, in which a computer program is stored, which when loaded and executed by a processor, implements the method steps disclosed in any of the foregoing embodiments and executed in the biometric verification process.
Finally, it is further noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above description of the method, the device, the equipment and the medium for verifying the biological characteristics provided by the invention has the specific examples applied to the description of the principle and the implementation of the invention, and the description of the examples is only used for helping to understand the method and the core idea of the invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.
Claims (10)
1. A biometric authentication method, applied to a preset authenticator, comprising:
acquiring current original biological characteristic information returned by a target application program, and extracting a characteristic value to be verified from the current original biological characteristic information by utilizing a biological characteristic template;
receiving a verifiable credential proof which is returned by a user agent and contains a first characteristic value fragment and corresponds to the target application program, verifying the verifiable credential proof, extracting a corresponding second characteristic value fragment from a preset characteristic value fragment library if verification is passed, and then splicing the first characteristic value fragment and the second characteristic value fragment to obtain a reference characteristic value;
and matching the characteristic value to be verified with the reference characteristic value to obtain a biological characteristic verification result of the current original biological characteristic information.
2. The method according to claim 1, wherein after the matching the feature value to be verified with the reference feature value to obtain the biometric verification result of the current original biometric information, further comprises:
if the biological characteristic verification result represents that the characteristic value to be verified is inconsistent with the reference characteristic value, judging that the user to be verified of the current original biological characteristic information is not matched with the reference user of the user agent, and sending preset mismatch reminding information to the target application program so that the target application program carries out corresponding processing based on the preset mismatch reminding information;
And if the biological feature verification result represents that the feature value to be verified is consistent with the reference feature value, judging that the user to be verified is matched with the reference user, and sending preset matching reminding information to the target application program so that the target application program can perform corresponding processing based on the preset matching reminding information.
3. The method of claim 2, wherein receiving a verifiable credential proof containing a first feature value fragment returned by a user agent corresponding to the target application program and verifying the verifiable credential proof, and extracting a corresponding second feature value fragment from a preset feature value fragment library if verification is passed, comprises:
the identity agent of the preset verifier receives verifiable credential proof and a first hash value which are returned by the user agent corresponding to the target application program and contain a first characteristic value fragment, and verifies the verifiable credential proof;
and if the verification is passed, the service system of the preset verification party screens out a second hash value matched with the first hash value from a preset index relation, extracts a corresponding encrypted second characteristic value fragment from a preset characteristic value fragment library by using the second hash value, and then decrypts the encrypted second characteristic value to obtain a second characteristic value fragment.
4. The method of claim 3, further comprising, before extracting the corresponding second feature value segment from the preset feature value segment library by using the second hash value:
collecting original biological characteristic information of the reference user through a preset proving party, extracting a reference characteristic value from the original biological characteristic information by utilizing the biological characteristic template, and then dividing the reference characteristic value by utilizing a predefined dividing function to obtain a first characteristic value segment and a second characteristic value segment;
encrypting the second characteristic value segment through the preset proving party to obtain an encrypted second characteristic value segment, obtaining the second hash value of the encrypted second characteristic value segment, and then constructing the preset index relation between the encrypted second characteristic value segment and the second hash value, so that a service system of the preset proving party screens the second hash value matched with the first hash value from the preset index relation.
5. The biometric verification method of claim 4, wherein prior to receiving the verifiable credential including the first feature value segment returned by the user agent corresponding to the target application, further comprising:
Issuing the first characteristic value fragment and the second hash value through the preset issuing party to obtain a verifiable certificate containing the first characteristic value fragment and the second hash value, and sending the verifiable certificate to the user agent through a transmission connection established with the user agent in advance;
and determining the verifiable certificate as a verifiable certificate containing the first characteristic value fragment and the first hash value through the user agent, and processing the verifiable certificate when a corresponding request of the preset verifier is received, so as to obtain a verifiable certificate, so that the preset verifier receives the verifiable certificate.
6. The biometric verification method of claim 5, wherein the receiving a verifiable credential including a first feature value segment returned by a user agent corresponding to the target application comprises:
and receiving verifiable credential certificates returned by the user agent corresponding to the target application program, acquiring a public key of the preset proving party from a preset public key registry, and verifying the verifiable credential certificates by utilizing the public key to obtain the first characteristic value fragments and the first hash values.
7. The method of any one of claims 1 to 6, wherein receiving a verifiable credential including a first feature value fragment returned by a user agent corresponding to the target application comprises:
and receiving verifiable credential certificates containing the first eigenvalue segments, which are returned by the user agent corresponding to the target application program based on the address information of the identity agent of the preset verifier.
8. A biometric authentication device, for use with a predetermined party, comprising:
the feature value extraction module is used for acquiring current original biological feature information returned by the target application program and extracting a feature value to be verified from the current original biological feature information by utilizing a biological feature template;
the segment splicing module is used for receiving a verifiable certificate which is returned by the user agent and contains the first characteristic value segment and corresponds to the target application program, verifying the verifiable certificate, extracting a corresponding second characteristic value segment from a preset characteristic value segment library if verification is passed, and then splicing the first characteristic value segment and the second characteristic value segment to obtain a reference characteristic value;
And the verification result acquisition module is used for matching the characteristic value to be verified with the reference characteristic value to obtain a biological characteristic verification result of the current original biological characteristic information.
9. An electronic device, comprising:
a memory for storing a computer program;
a processor for executing the computer program to implement the steps of the biometric authentication method as claimed in any one of claims 1 to 7.
10. A computer-readable storage medium storing a computer program; wherein the computer program when executed by a processor implements the steps of the biometric authentication method as claimed in any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310204310.4A CN116484343A (en) | 2023-03-06 | 2023-03-06 | Biological feature verification method, device, equipment and medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310204310.4A CN116484343A (en) | 2023-03-06 | 2023-03-06 | Biological feature verification method, device, equipment and medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116484343A true CN116484343A (en) | 2023-07-25 |
Family
ID=87216724
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310204310.4A Pending CN116484343A (en) | 2023-03-06 | 2023-03-06 | Biological feature verification method, device, equipment and medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116484343A (en) |
-
2023
- 2023-03-06 CN CN202310204310.4A patent/CN116484343A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3661120B1 (en) | Method and apparatus for security authentication | |
| US9954687B2 (en) | Establishing a wireless connection to a wireless access point | |
| US9563764B2 (en) | Method and apparatus for performing authentication between applications | |
| JP7083892B2 (en) | Mobile authentication interoperability of digital certificates | |
| KR102323522B1 (en) | DID system that can be verified on a browser using credentials and its control method | |
| US20090327696A1 (en) | Authentication with an untrusted root | |
| KR101724401B1 (en) | Certification System for Using Biometrics and Certification Method for Using Key Sharing and Recording medium Storing a Program to Implement the Method | |
| US20230379160A1 (en) | Non-fungible token authentication | |
| CN108335105B (en) | Data processing method and related equipment | |
| CN112232814A (en) | Encryption and decryption method of payment key, payment authentication method and terminal equipment | |
| CN110290134A (en) | A kind of identity identifying method, device, storage medium and processor | |
| KR20180013710A (en) | Public key infrastructure based service authentication method and system | |
| CN111538784A (en) | Block chain-based digital asset transaction method and device and storage medium | |
| CN113674456B (en) | Unlocking method, unlocking device, electronic equipment and storage medium | |
| CN114239072B (en) | Block chain node management method and block chain network | |
| KR101348079B1 (en) | System for digital signing using portable terminal | |
| CN112235276B (en) | Master-slave equipment interaction method, device, system, electronic equipment and computer medium | |
| CN113434882A (en) | Communication protection method and device of application program, computer equipment and storage medium | |
| CN108900595B (en) | Method, device and equipment for accessing data of cloud storage server and computing medium | |
| CN115442037A (en) | Account management method, device, equipment and storage medium | |
| KR101868564B1 (en) | Apparatus for authenticating user in association with user-identification-registration and local-authentication and method for using the same | |
| CN115811412A (en) | Communication method and device, SIM card, electronic equipment and terminal equipment | |
| CN116484343A (en) | Biological feature verification method, device, equipment and medium | |
| CN114024682A (en) | Cross-domain single sign-on method, service equipment and authentication equipment | |
| CN117097562B (en) | Safe centralized signature method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |