CN1822013A - Finger print biological identifying engine system and its identifying method based on credible platform module - Google Patents

Finger print biological identifying engine system and its identifying method based on credible platform module Download PDF

Info

Publication number
CN1822013A
CN1822013A CN 200610024673 CN200610024673A CN1822013A CN 1822013 A CN1822013 A CN 1822013A CN 200610024673 CN200610024673 CN 200610024673 CN 200610024673 A CN200610024673 A CN 200610024673A CN 1822013 A CN1822013 A CN 1822013A
Authority
CN
China
Prior art keywords
fingerprint
module
chip
system
trusted platform
Prior art date
Application number
CN 200610024673
Other languages
Chinese (zh)
Inventor
沈英俊
肖朝昕
Original Assignee
上海一维科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 上海一维科技有限公司 filed Critical 上海一维科技有限公司
Priority to CN 200610024673 priority Critical patent/CN1822013A/en
Publication of CN1822013A publication Critical patent/CN1822013A/en

Links

Abstract

This invention relates to a fingerprint biology identifying engine system based on a trustable platform module and a method, in which, the TPM chip in the system has a functional module and a chip operation system, a fingerprint sensor, a fingerprint collection and a process module loaded by the computer mainboard, a nonvolatile memory, a fingerprint comparing module in the TPM chip of the trustable platform module, in which, the sensor is connected with the non-volatile memory by the collection module, a process module and the fingerprint comparison module. Said method includes collecting the original image information of the fingerprint, picking up its character information and generating an identification code, judging if the initial fingerprint has registered then to store the identification code in the non-volatile memory of the TPM chip or pick up the identification code stored in the TPM chip to be compared.

Description

基于可信平台模块的指纹生物识别引擎系统及其识别方法 Engine based fingerprint biometric identification system and a method for Trusted Platform Module

技术领域 FIELD

本发明涉及计算机生物识别技术领域,特别涉及计算机指纹生物识别技术领域,具体是指一种基于可信平台模块的指纹生物识别引擎系统及其识别方法。 The present invention relates to the field of computer biometrics, particularly fingerprint biometric relates to computer technologies, and in particular to a trusted platform module based fingerprint biometric identification system and method for engine.

背景技术 Background technique

人类在19世纪中叶开始了对指纹在科学意义上的研究,并产生了两个重要的结论:没有任何两个手指指纹的纹线形态一致;指纹纹线的形态终生不变。 In the mid-19th century, mankind began the study of fingerprints in a scientific sense, and produced two important conclusions: There is no agreement of any two fingers fingerprint ridge form; the form of fingerprint ridge of life change. 指纹识别技术是目前国际公认的应用最广泛,价格最低廉、易用性最高的生物认证技术,相对于其它身份认证技术,自动指纹识别具有如下许多独到的信息安全优点:(1)每个人的指纹是相当固定的,不会随着人的年龄的增长或身体健康程度的变化而变化,但是人的声音、面相等却存在较大变化的可能。 Fingerprint recognition technology is internationally recognized as the most widely used, most affordable, highest ease of use of biometric authentication technology, compared to other authentication technology, automated fingerprint identification has many unique advantages of information security: (1) each person fingerprints are fairly fixed and will not change with age or health of the human body varies, but the human voice, face etc. but there is a big change possible.

(2)指纹样本便于获取,易于开发识别系统,实用性强。 (2) ease of obtaining a fingerprint sample, ease of development recognition system practical.

(3)一个人的十指指纹皆不相同,这样可以方便地利用多个指纹构成多重口令,提高系统的安全性。 (3) a person's fingers are different from each fingerprint, which can easily use a plurality of multiple fingerprints constitute a password, to improve system security.

(4)指纹识别中使用的模板是由指纹图中提取的关键特征,这样存储量较小,可以大大减少网络传输的负担,便于实现认证。 Used in the template (4) is a key fingerprint by fingerprint feature extraction, the smaller the amount of such storage, can greatly reduce the burden on network transmission, facilitate authentication.

TPM(可信平台模块,Trusted Platform Module),它是目前国际上即能提高PC的安全性、又能提高其易用性的最好技术。 TPM (Trusted Platform Module, Trusted Platform Module), it is the world that is able to enhance PC security, but also improve the ease of use of the best technology. TPM实际上是一个含有密码运算部件和存储部件的小型片上系统,从根本上解决底层硬件设施的安全问题。 TPM system on a chip actually contains a cryptographic arithmetic unit and storage components small, to solve the security problem underlying hardware facilities fundamentally. TPM芯片主导思想是基于可信任计算理念,基于对用户身份、应用环境、网络环境等不同底层认证,彻底防止恶意盗取信息和病毒侵害。 TPM chip dominant ideology is based on trusted computing concept, based on user identity, application environment, network environment, different underlying authentication thoroughly to prevent malicious viruses and steal information.

TPM技术最核心的功能在于对CPU处理的数据流进行加密,同时监测系统底层的状态。 TPM function is the core technology of the CPU processing the data stream is encrypted, while the underlying condition monitoring system. 在这个基础上,可以开发出唯一身份识别、系统登录加密、文件夹加密、网络通讯加密等各个环节的安全应用,它能够生成加密的密钥,还有密钥的存储和身份的验证,可以高速进行数据加密和还原,作为保护BIOS和OS不被修改的辅助处理器,通过TSS与TPM的结合来构建跨平台与软硬件系统的可信计算体系结构。 On this basis, we can develop a unique identification system login encryption, folder encryption, network communications, encryption and other aspects of security applications, it can generate an encryption key, and verify the identity of key storage and can be high speed data encryption and reduction, as an auxiliary processor is not protected modified BIOS and the OS, and the hardware and software to build a cross-platform system by binding the TPM and TSS trusted computing architecture. 用户即使硬盘被盗也不会造成上数据泄漏。 Even if the hard drive is stolen user data will not cause leakage.

可信计算终端系统平台安全体系结构请参阅图1所示。 Trusted Computing Platform Security Architecture terminal see FIG. 1.

TPM芯片是一款SOC(System-on-Chip)芯片,内部集成了CPU内核、RAM、ROM、Flash、加密算法协处理器、随机数生成器等模块,SOC系统和配套的应用软件主要用于完成计算机平台可靠性认证、用户身份认证、数字签名等功能。 TPM chip is a SOC (System-on-Chip) chip integrates a CPU core, RAM, ROM, Flash, the encryption algorithm co-processor, a random number generator modules, systems, and the SOC is mainly used for applications supporting complete computer platform reliability of authentication, user authentication, digital signatures and other functions. 可信计算通常包括以下三个属性与功能:(1)确保用户身份的唯一性,用户工作空间的完整性与私有性;(2)确保硬件环境配置、OS内核、服务及应用程序的完整性;(3)确保存储、处理、传输的信息的保密性/完整性。 Trusted Computing typically includes the following three properties and functions: (1) ensure the uniqueness of user identity, integrity and privacy of the user workspace; (2) ensure the integrity of the hardware environment configuration, OS kernel, services, and applications ; (3) ensure the confidentiality / integrity of the storage, processing, transmission information.

不仅如此,在生物识别技术实现对电脑的安全访问方面,目前大多指纹技术都在操作系统及应用层面上实现,由于指纹数据要加载到内存,存在指纹数据、处理被截取或被病毒感染或被攻击的安全隐患;涉及到计算机硬件层,也只实现指纹数据的安全存储,就是将指纹数据安全存储在BIOS或TPM硬件芯片内,而指纹的处理和比对,通过在计算机主板上外加设有微处理器和有微处理器的辅助芯片完成,实现了生物识别技术实现对电脑的安全开机访问。 Moreover, in terms of biometric technology to secure access to computers, most of the current fingerprint technology in the operating system and application level to achieve, because the fingerprint data to be loaded into memory, the presence of fingerprint data, the processing to be intercepted or viral infection or attack security risks; relates to computer hardware layer, only to achieve secure storage of fingerprint data, the fingerprint data is stored in the BIOS security or hardware TPM chip, and the fingerprint matching process, by applying provided within the PC microprocessors and microprocessor chip to complete secondary realized biometric technology to secure access to the computer's boot.

将指纹采集、处理和比对与指纹数据分开存放和处理,存在安全的隐患,至少需要比对的指纹辩识码与指纹比对处理存放同一SOC片上芯片内,实现内部指纹识别才能达到强双因子安全;并且只是实现计算机开机安全的认证对整个计算机各个层面的安全是不够的。 The fingerprint acquisition, processing and comparison hazards separate storage and treatment fingerprint data, security is required than at least the fingerprint identification code and the fingerprints of the matching process is stored on the same SOC chip within the chip, the internal fingerprint to achieve strong bis safety factor; and realize just boot the computer security certification throughout all levels of computer security is not enough.

以下是有无TPM芯片的利弊对照表: The following are the pros and cons of whether the TPM chip table:

同时,要实现更深层面的计算机安全性,还要从TPM出发,目前针对TPM芯片来讲只停留在对指纹数据的安全加密存储,即将指纹特征信息存放在TPM内部或通过TPM内部加密后存放在外部,这样仅仅是将指纹数据信息作为重要信息进行管理和存储,并没有真正发挥指纹识别本身的意义。 At the same time, to achieve a deeper level of computer security, but also from the TPM, the TPM chip for the current terms only stay in secure encrypted storage of fingerprint data, is about to fingerprint feature information stored in the internal TPM or by internal TPM stored in encrypted external, so only the fingerprint data as an important information management and storage, and did not really play the significance fingerprint itself.

发明内容 SUMMARY

本发明的目的是克服了上述现有技术中的缺点,提供一种将可信计算与计算机系统安全芯片的生物认证及识别技术相结合、能够完善和增强计算机系统从硬件、操作系统及基础平台到应用层的全面安全。 Object of the present invention is to overcome the disadvantages of the prior art described above, there is provided a combining trusted computing and security computer system and biometric identification chip technology to improve and enhance the computer system hardware, the operating system and the underlying platform comprehensive security to the application layer. 至少预存的指纹辨识码存储于TPM芯片内,且指纹比对在TPM芯片内部完成,运行效率较高、系统稳定性较强、适用范围较为广泛的基于可信平台模块的指纹生物识别引擎系统及其识别方法。 At least a pre-stored fingerprint identification code is stored in the TPM chip, and the fingerprint matching is completed within the TPM chip, higher operating efficiency, strong stability of the system, the wider the scope of fingerprint biometric system is based on a trusted platform module engine and its method identification.

为了实现上述的目的,本发明的基于可信平台模块的指纹生物识别引擎系统及其识别方法如下:该基于可信平台模块的指纹生物识别引擎系统,包括计算机主板和主板上所承载并通过系统总线相互连接的基本输入输出系统BIOS、可信平台模块TPM芯片、中央处理器、随机访问存储器和其它计算机硬件,所述的可信平台模块TPM芯片内具有内置功能模块和芯片操作系统,其主要特点是,所述的引擎系统还包括指纹传感器、计算机主板上所承载的指纹采集模块和指纹处理模块、非易失性存储器、可信平台模块TPM芯片内置的指纹比对模块,所述的指纹传感器的输出端与指纹采集模块的输入端相连接,指纹采集模块的输出端与所述的指纹处理模块的输入端相连接,指纹处理模块的输出端与所述的指纹比对模块的输入端相连接,所述的指纹比对模块与所述的非易失 To achieve the above object, the engine system and a fingerprint biometric identification method based trusted platform module of the present invention is as follows: The engine fingerprint biometric system based on a trusted platform module, comprising a motherboard of a computer motherboard and carried through the system and basic input output system BIOS bus connected to each other, a trusted platform module TPM chip, a central processing unit, a random access memory and other computer hardware, within the trusted platform module TPM chip having a built-in functional modules and chip operating system, the main characterized by, the engine system further includes a fingerprint acquisition module and a processing module fingerprint on the fingerprint sensor, the computer motherboard carried by the non-volatile memory, a trusted platform module TPM chip built-in fingerprint matching module, said fingerprint input terminal and the output terminal of the fingerprint sensor module is connected to the input terminal of the output terminal of the fingerprint with fingerprint module processing module is connected to the output terminal of the fingerprint processing module fingerprint matching module inputs It is connected to the fingerprint module and the non-volatile 性存储器相连接。 Memory coupled.

该基于可信平台模块的指纹生物识别引擎系统的指纹采集模块、指纹处理模块可以均内置于所述的可信平台模块TPM芯片内,且指纹采集模块与指纹处理模块之间、指纹处理模块与指纹比对模块之间均相连接,所述的非易失性存储器为可信平台模块TPM芯片中的非易失性存储器,所述的指纹比对模块与所述的可信平台模块TPM芯片中的非易失性存储器相连接。 The engine system based on fingerprint biometric Trusted Platform Module fingerprint acquisition module, the processing module may fingerprints were built into the trusted platform module TPM chip, between the fingerprint and the fingerprint acquisition module and the processing module, the processing module and the fingerprint homogeneous alignment between the fingerprint module is connected, the non-volatile memory is a trusted platform module TPM chip non-volatile memory, according to the fingerprint module and the trusted platform module TPM chip the nonvolatile memory is connected.

该基于可信平台模块的指纹生物识别引擎系统的指纹采集模块和指纹处理模块置于所述的计算机主板所承载的基本输入输出系统BIOS内,且指纹采集模块与指纹处理模块相连接,指纹处理模块通过系统总线与指纹比对模块相连接,所述的非易失性存储器为基本输入输出系统BIOS中的加密存储区,所述的指纹比对模块通过系统总线与该基本输入输出系统BIOS中的加密存储区相连接。 The fingerprint based fingerprint acquisition module and a processing module engine fingerprint biometric system disposed within the Trusted Platform Module basic input output system BIOS of the computer's motherboard carried by the fingerprint acquisition module and the processing module is connected to the fingerprint, the fingerprint processing module comparison module through a system bus connected to the fingerprint, the non-volatile memory to store a basic input output system BIOS encrypted, said fingerprint comparing module through a system bus to the basic input output system BIOS encryption memory area are connected.

该基于可信平台模块的指纹生物识别引擎系统的指纹采集模块和指纹处理模块还可以置于所述的计算机主板所承载的具有片内中央处理器的嵌入式SOC芯片内或者不具有片内中央处理器而有非易失性存储空间的芯片内,且指纹采集模块与指纹处理模块相连接,指纹处理模块通过系统总线与指纹比对模块相连接,所述的非易失性存储器为嵌入式SOC芯片中的非易失性存储器或者不具有片内中央处理器的芯片中的非易失性存储器,所述的指纹比对模块通过系统总线与该嵌入式SOC芯片中的非易失性存储器相连接或者与不具有片内中央处理器的芯片中的非易失性存储器相连接。 The fingerprint based fingerprint acquisition module and the module processing system fingerprint biometric engine trusted platform module may also be placed within the embedded chip with on-chip SOC central processor of the computer's motherboard or carried without a central inner sheet processor chip has a nonvolatile memory space, and the fingerprint collection module and the processing module is connected to the fingerprint, the fingerprint comparison module processing module is connected through a system bus and the fingerprint of the non-volatile memory is embedded SOC chip nonvolatile memory chip or without a central processor chip nonvolatile memory, the fingerprint comparison module via the system bus SOC chip embedded non-volatile memory and connected or not having a central processor chip of the chip is connected to the nonvolatile memory.

该基于可信平台模块的指纹生物识别引擎系统的非易失性存储器为闪存Flash、电可擦写可编程只读存储器EEPROM、可擦写可编程只读存储器EPROM、可编程只读存储器PROM或者其他的在断电情况下能继续保留数据的磁、电存储介质。 The flash memory is a Flash, an electrically erasable non-volatile memory based on the engine fingerprint biometric system Trusted Platform Module programmable read only memory EEPROM, EPROM EPROM, or PROM Programmable Read Only Memory the other can remain magnetic, electronic storage media data in case of power failure.

该基于可信平台模块的指纹生物识别引擎系统的指纹传感器可以嵌装于计算机的主板、键盘、鼠标或者机壳表面,或者作为独立装置通过数据线与计算机相连接;所述的指纹传感器可以为光学指纹传感器、半导体指纹传感器或者超声波指纹传感器等,所述的半导体指纹传感器可以为硅电容式指纹传感器、半导体压感式指纹传感器或者半导体温度感应指纹传感器等。 The fingerprint biometric fingerprint sensor based on the engine system may be a trusted platform module fitted to the main board, a keyboard, a mouse, or the surface of the computer chassis, or as a separate unit connected to the computer through a data line; the fingerprint sensor may the optical fingerprint sensor, a semiconductor fingerprint sensor or an ultrasonic sensor, a fingerprint, the fingerprint sensor may be a semiconductor silicon capacitive fingerprint sensor, a semiconductor pressure sensitive fingerprint sensor or a temperature-sensitive semiconductor fingerprint sensor.

该使用上述的引擎系统进行指纹生物识别的方法,其主要特点是,所述的方法包括以下步骤:(1)系统进行初始化设置;(2)指纹采集模块通过指纹传感器采集指纹的原始图像信息,并将该信息传送至指纹处理模块;(3)指纹处理模块根据该原始图像信息进行提取指纹特征信息并生成辨识码的操作处理;(4)指纹处理模块判断是否是进行初始指纹登记设置操作,并将该辨识码传送至指纹比对模块;(5)如果是进行初始指纹登记设置操作,则指纹比对模块直接将所述的辨识码作为指纹辨识码存储于非易失性存储器内;(6)反之,则从可信平台模块TPM芯片的内置功能模块中的非易失性存储器内提取出预存的指纹辨识码,并将所述的辨识码与该预存的指纹辨识码进行比对,并将比对结果返回;(7)系统根据该比对结果进行后续处理。 The method of using the engine fingerprint biometric system, and its main feature is that said method comprises the steps of: (1) initialise the system; the original image information (2) Fingerprint Fingerprint acquisition module by the fingerprint sensor, and transmits the information to the fingerprint processing module; (3) fingerprint fingerprint feature extraction processing module information based on the original image information and generating an operation process identification code; and (4) the processing module determines whether the fingerprint is a fingerprint registration initial setting operation, and the fingerprint identification code is transmitted to the module; (5) if the initial setting fingerprint registration operation, the fingerprint comparison module directly as a fingerprint identification code of the identification code stored in non-volatile memory; ( 6) on the contrary, from the trusted platform module TPM chip built-in function in the non-volatile memory module extracts the fingerprint identification code is stored, and the identification code for comparison with the pre-stored fingerprint identification code, and returns the comparison result; (7) the system for subsequent processing according to the comparison result.

该进行指纹生物识别的方法的原始图像信息为数字指纹图像信息。 The image information of the original method of fingerprint biometric information into a digital fingerprint image.

该进行指纹生物识别的方法的根据该原始图像信息进行提取指纹特征信息并生成辨识码的操作处理包括以下步骤:(1)指纹处理模块根据特定的指纹算法,从原始图像信息中提取出指纹特征信息;(2)指纹处理模块对上述的指纹特征信息进行编码和归类,并生成辩识码。 The method of the fingerprint biometric to extract the fingerprint feature information based on the original image information and generating an operation process identification code comprises the steps of: (1) the fingerprint processing module according to a specific fingerprint algorithm, extracts fingerprint features from the original image information information; (2) the above-described fingerprint processing module for encoding the fingerprint characteristic information and classification, and identification codes generated.

该进行指纹生物识别的方法的判断是否是进行初始指纹登记设置操作为:判断可信平台模块TPM芯片的内置功能模块中的非易失性存储器内是否存储有指纹辨识码,如果否,则返回是进行初始指纹登记设置操作的结果;如果是,则返回是进行初始指纹登记设置操作的结果;或者为:判断系统设置的标识值是否是进行初始指纹登记设置操作。 The method of fingerprint biometric is determined whether the initial setting operation for the fingerprint registration: determining whether the fingerprint identification code is stored within the trusted platform module TPM chip built-in function in the non-volatile memory module, if not, returns is the result of the initial setting operation of the fingerprint registration; if so, returns the result of the registration is an initial setting operation of the fingerprint; or a: identification system determines whether the set value is an initial fingerprint registration setting operation.

采用了该发明的基于可信平台模块的指纹生物识别引擎系统及其识别方法,由于基于TPM安全芯片在计算机主板上形成了指纹生物识别引擎系统,并在TPM芯片内的安全环境下与预存在TPM芯片内指纹进行比对,实现指纹比对认证,甚至可以将指纹的采集、处理和比对工作全部在TPM芯片内完成,从而得到更高的系统安全性和可靠性;同时,指纹预存数据和比对没有跨出过TPM,实现了强双因子安全认证;不仅如此,该指纹生物识别引擎系统可以接收其它任何系统硬件层、操作系统及基础平台层、安全应用层的认证请求,并将认证结果返回,从而实现了安全指纹生物认证,确保了用户及信息的完整性与私有性,确保了系统硬件、OS内核、服务及应用程序的完整性,可以应用于开机指纹安全身份认证、操作系统指纹安全身份认证和应用层指纹安全身份认证等领 The invention uses a biometric identification engine system and method of fingerprinting based on a trusted platform module, since the TPM security chip is formed on a biometric fingerprint engine system on the computer's motherboard, and in a secure environment and stored in the TPM chip the TPM chip fingerprint comparison, to achieve fingerprint authentication, a fingerprint can even acquisition, processing, and completed the work than in the TPM chip, resulting in higher system security and reliability; at the same time, the fingerprint data stored had not taken and compared to the TPM, to achieve a strong two-factor authentication security; Moreover, the fingerprint biometric engine system may receive any other system hardware layer, the operating system and the authentication request base platform layer, application layer security, and certification results are returned in order to achieve a secure fingerprint biometric authentication, to ensure the integrity of user information and privacy and to ensure the integrity of the system hardware, OS kernel, services and applications, can be applied to the boot fingerprint authentication security operation fingerprint authentication system and application layer security fingerprint authentication and other security collar ,不仅运行效率较高,而且系统稳定性较强,适用范围较为广泛,为计算机安全认证技术的进一步发展奠定了坚实的基础。 Not only higher operating efficiency and strong system stability, the wider scope of application, and laid a solid foundation for the further development of computer security authentication technology.

附图说明 BRIEF DESCRIPTION

图1为现有技术中的可信计算终端系统平台安全体系结构图。 1 Trusted Computing Platform security architecture of the terminal prior art FIG.

图2为本发明的可信平台模块TPM安全芯片系统架构图。 Trusted Platform Module TPM security architecture of the present invention. FIG. 2 FIG.

图3为本发明的基于可信平台模块的指纹生物识别引擎系统的第一种实施例系统架构示意图。 A first schematic diagram of the system architecture of FIG. 3 embodiment of the present invention based on the fingerprint biometric system engine trusted platform module.

图4为本发明的基于可信平台模块的指纹生物识别引擎系统的第二种实施例系统架构示意图。 4 a schematic diagram of the system architecture of FIG embodiment of the present invention based on the second fingerprint biometric system engine Trusted Platform Module.

图5为本发明应用于台式计算机中的指纹传感器安设位置示意图。 Install a schematic view of a fingerprint sensor is applied to a desktop computer in the position of FIG. 5 of the present invention.

图6为本发明应用于笔记本电脑中的指纹传感器安设位置示意图。 6 is a schematic install the fingerprint sensor in the applied position of the notebook computer of the present invention.

具体实施方式 Detailed ways

为了进一步说明本发明为达到预定目的所采用的技术、方法及功能效果,请参阅以下有关本发明的详细说明和附图,相信本发明的目的、特征与特点,当可得到深入和具体的了解,然而所附图示仅供参考和说明用,并非对本发明加以限制。 To further illustrate the technique of the present invention is used for the purpose intended, function and effect of the method, please see the following detailed description and drawings related to the present invention, it is believed objects, features and characteristics of the present invention, and particularly when deep understanding can be obtained However, the enclosed shown and described with reference only, not to limit the present invention.

请参阅图2所示,为计算机主板TPM芯片的方块架构示意图。 Please refer to FIG. 2, a block schematic diagram of a computer motherboard architecture TPM chip. 一般TPM芯片内有一中央处理器(CPU)、非对称密码协处理器(RSA)、真随机数生成器(RNG)、存储模块(RAM)、非易失性存储(Non-VblatiIe Storage)和安全防护、管理及接口模块等等,从而构成了完整的TPM芯片。 A central processing unit (CPU), an asymmetric cryptographic coprocessor (the RSA), a true random number generator (the RNG), memory modules (RAM) within the general TPM chip, non-volatile memory (Non-VblatiIe Storage) and safety protection, management and interface modules, etc., so as to constitute a complete TPM chip.

TPM芯片通过TPM芯片操作系统及内置的功能模块形成系统安全认证体系。 TPM chip forming system security certification system by TPM chip operating system and built-in function modules. 在身份认证上,TPM芯片内拥有存储区,可以存储证书,通常利用存储在片内的证书和各种加密算法完成安全认证。 On authentication, within the TPM chip has a storage area that can store certificates, certificate is usually stored in the chip using the various encryption algorithms and secure authentication.

关于安全芯片的进一步技术细节,请参考“一种安全芯片及基于该芯片的信息安全处理设备和方法”的专利文献(专利申请号:03138380.7)。 Further technical details of the security chip, refer to "a safe and chip-based security processing apparatus and method of the chip" in Patent Document (Patent Application Number: 03138380.7).

再请参阅图3所示,为本发明的引擎系统的第一种实施例,其中该基于可信平台模块的指纹生物识别引擎系统的指纹采集模块、指纹处理模块均内置于所述的可信平台模块TPM芯片内,该指纹采集模块、指纹处理模块与指纹比对模块共同形成了TPM芯片中的指纹生物识别引擎,且指纹采集模块与指纹处理模块之间、指纹处理模块与指纹比对模块之间均相连接,所述的非易失性存储器为可信平台模块TPM芯片中的非易失性存储器,所述的指纹比对模块与所述的可信平台模块TPM芯片中的非易失性存储器相连接。 See again figure, a first engine system of the invention Example 3, wherein the fingerprint biometric system of the engine based on the trusted platform module fingerprint acquisition module, fingerprint processing modules are built in the trusted the platform module TPM chip, the fingerprint acquisition module, the processing module fingerprint with the fingerprint comparison module together form a TPM chip fingerprint biometric engine, between the fingerprint and the fingerprint acquisition module and the processing module, the processing module fingerprint with the fingerprint comparison module connection between the homogeneous, non-volatile memory of the trusted platform module TPM is a non-volatile memory chip, the fingerprint module and the trusted platform module TPM chip non-volatile than a volatile memory is connected.

此时的TPM芯片硬件资源能够完成指纹采集和处理运算,其运算能力完全依赖于片内的CPU,其内存则是利用了片内的RAM。 At this time, the TPM chip hardware resources to complete fingerprint acquisition and processing operations, which is entirely dependent on the computing power of the CPU chip, which is the use of the memory chip RAM.

再请参阅图4所示,为本发明的引擎系统的第二种实施例,其中该基于可信平台模块的指纹生物识别引擎系统,包括计算机主板和主板上所承载并通过系统总线相互连接的基本输入输出系统BIOS、可信平台模块TPM芯片、中央处理器、随机访问存储器,所述的可信平台模块TPM芯片内具有内置功能模块和芯片操作系统,其中,所述的引擎系统还包括指纹传感器、计算机主板上所承载的指纹采集模块和指纹处理模块、非易失性存储器、可信平台模块TPM芯片内置的指纹比对模块,该指纹对比模块形成了TPM芯片中的指纹生物识别引擎;该指纹采集模块和指纹处理模块置于所述的计算机主板所承载的基本输入输出系统BIOS内,且指纹采集模块与指纹处理模块相连接,指纹处理模块通过系统总线与指纹比对模块相连接;所述的指纹传感器的输出端与指纹采集模块的输 See again figure, a second engine system of Example 4 of the present invention, wherein the trusted platform module fingerprint biometric system based engine, comprising a motherboard of a computer motherboard and interconnected by a carrier, and a system bus BIOS your system BIOS, a trusted platform module TPM chip, a central processing unit, random access memory, the trusted platform module has built-chip module within the operating system and the TPM chip, wherein the engine system further comprises a fingerprint fingerprint acquisition module and a processing module on the fingerprint sensor, the computer motherboard carried by the non-volatile memory, a trusted platform module TPM chip built-in fingerprint matching module, the module forming a fingerprint collation TPM chip fingerprint biometric engine; the basic input output system BIOS and the fingerprint module fingerprint processing module in the computer's motherboard carried by the fingerprint acquisition module and the processing module is connected to the fingerprint, the fingerprint comparison module processing module is connected through a system bus with the fingerprint; the output of the input fingerprint with the fingerprint sensor module 端相连接,指纹采集模块的输出端与所述的指纹处理模块的输入端相连接,指纹处理模块的输出端与所述的指纹比对模块的输入端相连接,所述的非易失性存储器为基本输入输出系统BIOS中的加密存储区,所述的指纹比对模块通过系统总线与该基本输入输出系统BIOS中的加密存储区相连接。 Connecting end, the input end of the output terminal of the fingerprint processing module fingerprint collection module is connected with the output terminal of the fingerprint processing module connected with said fingerprint than the input end of the module, the non-volatile encrypted storage memory is a basic input output system BIOS area of ​​the fingerprint matching module is connected through a system bus to the basic input output system BIOS stored in the encryption area.

此时的TPM芯片硬件资源不能完成指纹采集和处理运算,而必须利用主机板上现有芯片或增加芯片,在本实施例中是利用现有BIOS和BIOS中的加密存储区来实现,其运算能力依赖于主板上的中央处理器,内存则是主板上的随机存储器RAM。 At this time, the TPM chip hardware resource and can not complete fingerprint processing operation, but use the existing chips on the motherboard, or increase the chip, in the present embodiment is to use existing BIOS and the encrypted storage area is achieved, the calculation depends on the ability of the central processor on the motherboard, the memory is a random access memory RAM on the motherboard.

不仅如此,与上述第二种实施例相类似的,也可以采用以下本发明的引擎系统的第三种此时的TPM芯片硬件资源不能完成指纹采集和处理运算,而必须利用主机板上现有芯片或增加芯片,在本实施例中是利用主板上的嵌入式SOC芯片来实现,其运算能力依赖于主板上的中央处理器,内存则是主板上的随机存储器RAM。 Moreover, the above-described second embodiment similar to the embodiment, the engine system may be used below the third invention TPM chip hardware resources can not be completed at this time of fingerprint and processing operations, but must use the existing motherboard increase in the chip or chips, in the present embodiment is implemented using embedded SOC chip on the motherboard, which is dependent on the computing capacity of the central processor on the motherboard, the memory is a random access memory RAM on the motherboard.

与上述第二种实施例相类似的,还可以采用以下本发明的引擎系统的第四种实施例:其中该基于可信平台模块的指纹生物识别引擎系统,包括计算机主板和主板上所承载并通过系统总线相互连接的基本输入输出系统BIOS、可信平台模块TPM芯片、中央处理器、随机访问存储器RAM,所述的可信平台模块TPM芯片内具有内置功能模块和芯片操作系统,其中,所述的引擎系统还包括指纹传感器、计算机主板上所承载的指纹采集模块和指纹处理模块、非易失性存储器、可信平台模块TPM芯片内置的指纹比对模块,该指纹比对模块形成了TPM芯片中的指纹生物识别引擎;该指纹采集模块和指纹处理模块置于所述的计算机主板所承载的具有片内中央处理器的嵌入式SOC芯片内,且指纹采集模块与指纹处理模块相连接,指纹处理模块通过系统总线与指纹比对模块相连接;所述 The above-described second embodiment similar to the embodiment, the engine system may be employed following the fourth embodiment of the present invention: wherein the fingerprint biometric system of this engine is based on a trusted platform module, comprising a motherboard of a computer motherboard and carries and basic input output system are connected to each other through a system bus the BIOS, a trusted platform module TPM chip, a central processing unit, a random access memory RAM, within the trusted platform module TPM chip having a built-in functional modules and chip operating system, wherein the said engine system further comprises a fingerprint sensor, the fingerprint and the fingerprint acquisition module processing module motherboard of a computer carried by the non-volatile memory, a trusted platform module TPM chip built-in fingerprint matching module, which form a fingerprint comparison module TPM chip fingerprint biometric engine; the fingerprint module and the embedded fingerprint processing module disposed within the SOC chip with on-chip central processing unit of the computer's motherboard carried by the fingerprint and the fingerprint acquisition module is connected to the processing module, the processing module is connected to the fingerprint comparison module through a system bus fingerprint; the 的指纹传感器的输出端与指纹采集模块的输入端相连接,指纹采集模块的输出端与所述的指纹处理模块的输入端相连接,指纹处理模块的输出端与所述的指纹比对模块的输入端相连接,所述的非易失性存储器为嵌入式SOC芯片中的加密非易失性存储器,所述的指纹比对模块通过系统总线与该嵌入式SOC芯片中的加密非易失性存储器相连接。 The output of the fingerprint sensor with the fingerprint input terminal of the module connected to the output terminal of the fingerprint with fingerprint module processing module connected to the input, the output terminal of the fingerprint processing module fingerprint matching module connected to the input of the non-volatile memory chip embedded SOC encrypted non-volatile memory, the fingerprint comparison module through a system bus and the embedded nonvolatile encryption chip SOC The memory is connected.

此时的TPM芯片硬件资源不能完成指纹采集和处理运算,而必须利用主机板上现有芯片或增加芯片,在本实施例中是利用主板上的嵌入式SOC芯片来实现,其运算能力依赖于嵌入式SOC芯片中的中央处理器,内存则是嵌入式SOC芯片内的随机存储器RAM。 At this time, the TPM chip hardware resource and can not complete fingerprint processing operation, but use the existing chips on the motherboard, or increase the chip, in the present embodiment is implemented using embedded SOC chip on the motherboard, which is dependent on the computing power SOC chip embedded CPU, memory is random access memory RAM within the embedded chip SOC.

同时,该基于可信平台模块的指纹生物识别引擎系统的非易失性存储器为闪存Flash、电可擦写可编程只读存储器EEPROM、可擦写可编程只读存储器EPROM、可编程只读存储器PROM或者其他的在断电情况下能继续保留数据的磁、电存储介质。 Meanwhile, fingerprint biometric system of the engine based on the trusted platform module of the Flash non-volatile memory is a flash memory, electrically erasable programmable read-only memory EEPROM, EPROM EPROM, programmable read-only memory PROM or other magnetic, electronic storage media can continue to retain data when power is lost. 其中的磁存储器单元的详细技术信息请参阅美国专利文献“Thin Film Magnetic Core Memory And Method Of MakingSame”,专利号:5126971,1992年6月30日出版。 Detailed technical information on which the magnetic memory cells refer to US Patent Documents "Thin Film Magnetic Core Memory And Method Of MakingSame", Patent No: 5,126,971, June 30, 1992 publication.

在实际应用当中,本发明是在TPM安全芯片内增加指纹生物认证引擎,并连接一个指纹传感器,该指纹传感器通过计算机的基本输入输出系统(I/O)将采集到的指纹图象传给TPM的指纹生物认证引擎指纹采集模块,指纹采集模块采集到的数字指纹图像传送给指纹处理模块,由指纹处理模块进行指纹特征值提取,编码为指纹辩识码。 In actual application, the present invention is a fingerprint biometric authentication engine to increase the TPM security chip, and is connected to a fingerprint sensor, the fingerprint sensor passed through the computer's TPM basic input output system (I / O) will be collected fingerprint image fingerprint biometric authentication engine fingerprint module, fingerprint acquisition module into a digital fingerprint images to the fingerprint processing module, the processing performed by the fingerprint feature extraction module fingerprint, the fingerprint identification code is encoded.

指纹比对模块将指纹辩识码与TPM芯片内预存的指纹辩识码进行比对,完成身份认证。 Fingerprint matching module fingerprint identification code stored in the TPM chip and fingerprint identification code than to complete the authentication.

本发明主要是提供安全计算机硬件TPM芯片的片内指纹生物认证技术及实现方法,而其关键是在TPM芯片内增加一个生物识别引擎模块,在TPM芯片内的安全环境下与预存于TPM芯片内指纹辨识码进行比对,实现指纹比对认证。 Mainly the present invention is to provide a chip fingerprint biometric authentication technology and method for facilitating secure computer hardware TPM chip, the key is to increase a biological recognition engine module within the TPM chip, within a secure environment in the TPM chip and stored in the TPM chip fingerprint identification codes for comparison, to achieve fingerprint authentication.

由于指纹采集和处理有一定的复杂度,TPM芯片内的硬件资源不够完成复杂的处理运算,在上述第一种实施例中,将指纹采集和处理置于主机板上其他嵌入式SOC芯片内完成,将指纹传感器传入的指纹图像处理成含指纹特征信息的数据,安全的存储到TPM芯片内或与TPM芯片内的预存指纹信息进行比对;而在上述第二种实施例中,当TPM芯片内的硬件资源达到能够处理指纹的采集和处理运算时,指纹的采集、处理和比对工作全部在TPM芯片内完成。 Since the fingerprint collection and processing of a certain complexity, the TPM chip hardware resources is not enough to perform complex processing operations, the above-described first embodiment, the fingerprint acquisition and processing SOC chip disposed within the other embedded on the motherboard complete the fingerprint sensor is processed into the incoming fingerprint image data containing the fingerprint feature information stored in the TPM security chip or for comparison with the fingerprint information stored in the TPM chip; in the above-described second embodiment, when the TPM when hardware resources within the chip to achieve acquisition and processing operations to handle fingerprints, fingerprint collection, processing and comparison work is completed within the TPM chip.

指纹预存数据和比对没有跨出过TPM,实现强双因子安全认证。 Fingerprint data and stored for no more than had taken the TPM, to achieve strong two-factor authentication security. TPM内指纹生物识别引擎接收其他任何系统硬件层、操作系统及基础平台层、安全应用层的认证请求,将认证结果返回,实现安全指纹生物认证,确保用户及信息的完整性与私有性,确保系统硬件、OS内核、服务及应用程序的安全性、完整性。 Within TPM fingerprint biometric engine receives any other system hardware layer, authentication request operating system and the underlying platform layer, application layer security, returns the authentication result, to achieve security of fingerprint biometric authentication, and ensure the integrity of user information and privacy, to ensure system hardware, OS kernel security, services and applications, and integrity.

再请参阅图5和图6所示,本发明的基于可信平台模块的指纹生物识别引擎系统的指纹传感器1可以根据情况嵌装于台式计算机的键盘、鼠标或者笔记本电脑的机壳表面,或者作为独立装置通过数据通讯连接线与计算机相连接,而TPM芯片2则嵌装于台式计算机的主板上或者笔记本电脑的主板上。 Referring again to FIGS. 5 and 6, the fingerprint sensor based on the engine fingerprint biometric system of a trusted platform module may be fitted to a desktop computer keyboard, according to the situation, a mouse, or the surface of the housing of the notebook computer of the present invention, or as a standalone device connected via a data communication cable to the computer, and the TPM chip 2 is fitted on a desktop computer or a notebook computer motherboard motherboard.

同时,该指纹传感器1可以为光学指纹传感器、半导体指纹传感器、超声波指纹传感器或者其他能够通过感应获取指纹图像数据的传感器,所述的半导体指纹传感器为硅电容式指纹传感器、半导体压感式指纹传感器或者半导体温度感应指纹传感器。 Meanwhile, the fingerprint sensor may be an optical fingerprint sensor 1, a semiconductor fingerprint sensor, an ultrasonic sensor or other fingerprint sensor capable of acquiring image data by the fingerprint sensor, the fingerprint sensor is a semiconductor silicon capacitive fingerprint sensor, a semiconductor pressure sensitive fingerprint sensor a temperature sensor or a semiconductor fingerprint sensor.

在实际使用当中,该指纹传感器1可以使用各种类型的指纹传感器。 In actual use, the fingerprint sensor 1 can use various types of the fingerprint sensor. 目前主要包含三种大类的指纹传感器,分别是:光学、半导体、超声波指纹传感器。 It includes three main categories of fingerprint sensors, namely: an optical, semiconductor, an ultrasonic fingerprint sensor. 其中半导体式指纹传感器又分为:硅电容式、半导体压感式、半导体温度感应等传感器。 Wherein the semiconductor fingerprint sensor is divided into: a silicon capacitive, pressure sensitive type semiconductor, a semiconductor sensor such as a temperature sensor. 随着技术的发展,新类型的传感器会不断推出,本发明中指纹采集可使用各种通过感应获取指纹图像数据的传感器来获取指纹影像信息;同时,指纹传感器1在计算机上放置的部位:键盘、鼠标、机壳、及各种通过数据通讯连接线连接到计算机上的独立的指纹传感器。 As technology advances, new types of sensors will continue to introduce, in the present invention may employ various sensors fingerprint acquired by the fingerprint image data of a fingerprint sensor acquires image information; the same time, the fingerprint sensor 1 is placed on a portion of the computer: a keyboard , a mouse, a chassis, and a variety of data via the communication cable is connected to the fingerprint sensor on a separate computer.

本发明的使用上述的引擎系统进行指纹生物识别的方法,包括以下步骤:(1)系统进行初始化设置;(2)指纹采集模块通过指纹传感器采集指纹的原始图像信息,并将该信息传送至指纹处理模块,该原始图像信息为数字指纹图像信息;(3)指纹处理模块根据该原始图像信息进行提取指纹特征信息并生成辨识码的操作处理,该操作处理包括以下步骤:(a)指纹处理模块根据特定的指纹算法,从原始图像信息中提取出指纹特征信息;(b)指纹处理模块对上述的指纹特征信息进行编码和归类,并生成辩识码;(4)指纹处理模块判断是否是进行初始指纹登记设置操作,并将该辨识码传送至指纹比对模块,该判断可以为:判断可信平台模块TPM芯片的内置功能模块中的非易失性存储器内是否存储有指纹辨识码,如果否,则返回是进行初始指纹登记设置操作的结果;如果是, The method of using the engine fingerprint biometric system of the present invention, comprising the steps of: (1) initialise the system; (2) the fingerprint information of the original image acquisition module fingerprint by a fingerprint sensor, and transmits the information to the fingerprint a processing module, the original image information into a digital fingerprint image information; and (3) fingerprint processing module to extract the fingerprint feature information based on the original image information and generating an operation process identification code, the operation process comprising the steps of: (a) fingerprint processing module according to a particular fingerprint algorithm, the information extracted from the original image in the fingerprint feature information; (b) the above-described fingerprint processing module fingerprint feature information is encoded and classified, and generating identification code; (4) the processing module determines whether the fingerprints initial fingerprint registration setting operation, and the identification code to the fingerprint module, the determination may be: determining whether the fingerprint identification code is stored within the trusted platform module TPM chip built-in function in the non-volatile memory module, If not, the result is returned to register an initial setting operation of the fingerprint; if so, 返回是进行初始指纹登记设置操作的结果;也可以为:判断系统设置的标识值是否是进行初始指纹登记设置操作;(5)如果是进行初始指纹登记设置操作,则指纹比对模块直接将所述的辨识码作为指纹辨识码存储于可信平台模块TPM芯片的内置功能模块中的非易失性存储器内;(6)反之,则指纹比对模块从可信平台模块TPM芯片的内置功能模块中的非易失性存储器内提取出预存指纹辨识码,并将所述的预存指纹辨识码与该指纹辨识码进行比对,并将比对结果返回; Return a result of the initial fingerprint registration setting operation; may be as follows: if the identification value determining system settings is initial fingerprint registration setting operation; (5) If this is an initial fingerprint registration setting operation, the fingerprint comparison module directly to the said fingerprint identification code as the identification code stored within the trusted platform module TPM chip built-in function in the non-volatile memory modules; (6) on the contrary, the fingerprint comparison module from the trusted platform module TPM chip built-in function block the non-volatile memory within the extracted identification code pre-stored fingerprint, and the fingerprint identification code is stored for comparison with the fingerprint identification code, and return the results ratio;

(7)系统根据该比对结果进行后续处理。 (7) the system for subsequent processing according to the comparison result.

在实际使用当中,本发明所要解决的技术问题在于在计算机TPM芯片内实现指纹生物识别引擎模块的方法,即在TPM芯片内完成指纹的算法、指纹的采集处理、指纹的比对认证,做到所有指纹处理永不出TPM芯片,作为一种可信计算机的基本生物认证功能模块提供给从计算机系统安全硬件层、安全操作系统及基础平台层、安全应用层使用。 In actual use, the present invention is to solve the technical problem that the fingerprint biometric engine module implemented method in a computer TPM chip, i.e. complete fingerprint algorithms in the TPM chip acquisition and processing fingerprint, fingerprint matching authentication, so All fingerprint processing never a TPM chip, biometric authentication function as a basic module to provide a credible computer hardware layer from the computer system security, secure operating system and the underlying platform layer, application layer security.

因此,计算机需要连接指纹采集设备,既各种类型的指纹传感器,在计算机需要指纹影像信息的时候,采集活体指纹信息,将采集的活体指纹信息传递给TPM内部的指纹生物认证引擎。 Accordingly, the fingerprint capture device connected to computer needs, both types of the fingerprint sensor, the fingerprint image when the computer needs the information, collecting live fingerprint information, transmitted live fingerprint information collected to the inside of the TPM fingerprint biometric authentication engine. 指纹生物认证引擎对传入的原始活体指纹信息通过指纹算法进行运算和处理,存储在TPM存储区或作出认证结果,返回给调用指纹生物认证引擎的设备和程序。 Fingerprint biometric authentication engine for incoming raw live fingerprint information for computing and processing algorithms by fingerprint, is stored in the TPM to store or authentication result is returned to the calling equipment and procedures fingerprint biometric authentication engine.

上述的认证过程中,包括以下几个步骤:(1)指纹采集通过各种指纹采集传感器,采集指纹的原始图像,该原始图像信息为非模拟的数字指纹图象信息。 The above-described authentication process, comprising the following steps: (1) the fingerprint by various fingerprint sensor, acquisition of raw image of the fingerprint, the image information of the original analog digital fingerprint non-image information. 然后传送给指纹处理模块。 Then transmitted to the processing module fingerprint. 指纹采集包含与各种指纹传感器的接口,指纹影像采集判断等。 Fingerprint comprising an interface, the fingerprint image acquisition judge the fingerprint sensor and the like.

(2)指纹处理指纹处理模块根据指纹算法,提取指纹特征信息,对指纹特征信息进行编码、归类,编码为辩识码。 (2) The fingerprint processing Fingerprint Fingerprint algorithm processing module, extracting the feature information of fingerprint, the fingerprint encoded information features, classification, identification code encoded.

关于指纹算法的技术细节,请参考“指纹识别方法”的专利文献(专利申请号:03142267.5)。 Technical details of the fingerprint algorithms, refer to "fingerprinting method" in Patent Document (Patent Application Number: 03142267.5).

(3)指纹比对将采集到的使用者的指纹辩识码与TPM芯片中预存的指纹辩识码进行比对。 (3) the collected fingerprint matching fingerprint identification code of the user pre-stored in the TPM chip fingerprint identification code comparison.

指纹比对程序预存于TPM芯片的非易失性存储器内。 Fingerprint identification program stored in the nonvolatile memory of the TPM chip.

采用了上述的基于可信平台模块的指纹生物识别引擎系统及其识别方法,由于基于TPM安全芯片在计算机主板上形成了指纹生物识别引擎系统,并在TPM芯片内的安全环境下与预存在TPM芯片内指纹进行比对,实现指纹比对认证,甚至可以将指纹的采集、处理和比对工作全部在TPM芯片内完成,从而得到更高的系统安全性和可靠性;同时,指纹预存辩识码和指纹比对没有跨出过TPM,实现了强双因子安全认证;不仅如此,该指纹生物识别引擎系统可以接收其它任何系统硬件层、操作系统及基础平台层、安全应用层的认证请求,并将认证结果返回,从而实现了安全指纹生物认证,确保了用户及信息的完整性与私有性,确保了系统硬件、OS内核、服务及应用程序的完整性,可以应用于开机指纹安全身份认证、操作系统指纹安全身份认证和应用层指纹安全身份认证 Using the above-described engine system and a fingerprint biometric identification method based trusted platform module TPM security chip formed based since a fingerprint biometric system on the computer motherboard engine and a secure environment in the TPM chip and stored in TPM fingerprint matching chip to realize fingerprint authentication, a fingerprint can even acquisition, processing, and completed the work than in the TPM chip, resulting in higher system security and reliability; at the same time, the pre-stored fingerprint identification fingerprint identification code and the TPM is not taken over, to achieve a strong two-factor authentication security; Moreover, the fingerprint biometric engine system may receive any other system hardware layer, the operating system the authentication request and the underlying platform layer, application layer security, and returns an authentication result, in order to achieve a secure fingerprint biometric authentication, to ensure the integrity of user information and privacy and to ensure the integrity of the system hardware, OS kernel, services and applications, can be applied to the boot fingerprint authentication security The operating system fingerprint security authentication and application-layer security fingerprint authentication 领域,不仅运行效率较高,而且系统稳定性较强,适用范围较为广泛,为计算机安全认证技术的进一步发展奠定了坚实的基础。 Field, not only higher operating efficiency and strong system stability, the wider scope of application, and laid a solid foundation for the further development of computer security authentication technology.

在此说明书中,本发明已参照其特定的实施例作了描述。 In this specification, the present invention has been described with reference to specific embodiments thereof. 但是,很显然仍可以作出各种修改和变换而不背离本发明的精神和范围。 However, it is still apparent that various modifications and variations can be made without departing from the spirit and scope of the invention. 因此,说明书和附图应被认为是说明性的而非限制性的。 Accordingly, the specification and drawings are to be regarded as illustrative rather than restrictive.

Claims (12)

1.一种基于可信平台模块的指纹生物识别引擎系统,包括计算机主板和主板上所承载并通过系统总线相互连接的基本输入输出系统BIOS、可信平台模块TPM芯片、中央处理器、随机访问存储器和其它计算机硬件,所述的可信平台模块TPM芯片内具有内置功能模块和芯片操作系统,其特征在于,所述的引擎系统还包括指纹传感器、计算机主板上所承载的指纹采集模块和指纹处理模块、非易失性存储器、可信平台模块TPM芯片内置的指纹比对模块,所述的指纹传感器的输出端与指纹采集模块的输入端相连接,指纹采集模块的输出端与所述的指纹处理模块的输入端相连接,指纹处理模块的输出端与所述的指纹比对模块的输入端相连接,所述的指纹比对模块与所述的非易失性存储器相连接。 1. Basic Input Output System A fingerprint biometric engine system based on a trusted platform module, comprising a motherboard of a computer motherboard and interconnected by a carrier, and the BIOS system bus, a trusted platform module TPM chip, a central processing unit, a random access memory and other computer hardware, within the trusted platform module TPM chip having a built-in functional modules and chip operating system, characterized in that said engine system further comprises a fingerprint sensor, carried on a computer motherboard fingerprint and fingerprint collection module a processing module, a nonvolatile memory, a trusted platform module TPM chip built-in fingerprint matching module, said output terminal of the fingerprint sensor with the fingerprint input terminal connected module, the output of the fingerprint module and the fingerprint input terminal is connected to the processing module, the processing module output terminal of the fingerprint and the fingerprint matching module input terminal connected to a fingerprint matching module and the non-volatile memory is connected.
2.根据权利要求1所述的基于可信平台模块的指纹生物识别引擎系统,其特征在于,所述的指纹采集模块、指纹处理模块均内置于所述的可信平台模块TPM芯片内,且指纹采集模块与指纹处理模块之间、指纹处理模块与指纹比对模块之间均相连接,所述的非易失性存储器为可信平台模块TPM芯片中的非易失性存储器,所述的指纹比对模块与所述的可信平台模块TPM芯片中的非易失性存储器相连接。 The engine system based on fingerprint biometric trusted platform module according to claim 1, wherein the fingerprint acquisition module, fingerprint processing modules are built into the trusted platform module TPM chip, and between the fingerprint collection module and the fingerprint processing module, the processing module and the fingerprint matching fingerprint module homogeneous connection between the non-volatile memory is a trusted platform module TPM chip non-volatile memory, according to It is connected to the fingerprint module and the trusted platform module TPM chip nonvolatile memory.
3.根据权利要求1所述的基于可信平台模块的指纹生物识别引擎系统,其特征在于,所述的指纹采集模块和指纹处理模块置于所述的计算机主板所承载的基本输入输出系统BIOS内,且指纹采集模块与指纹处理模块相连接,指纹处理模块通过系统总线与指纹比对模块相连接,所述的非易失性存储器为基本输入输出系统BIOS中的加密存储区,所述的指纹比对模块通过系统总线与该基本输入输出系统BIOS中的加密存储区相连接。 The engine system based on fingerprint biometric trusted platform module according to claim 1, wherein the fingerprint acquisition module and a fingerprint processing module in the BIOS of the computer motherboard BIOS carried inside, and the fingerprint collection module and the processing module is connected to the fingerprint, the fingerprint comparison module processing module is connected through a system bus and the fingerprint of the non-volatile memory is encrypted basic input output system BIOS memory area, said fingerprint system bus encrypting the basic input output system BIOS memory area are connected via a comparison module.
4.根据权利要求1所述的基于可信平台模块的指纹生物识别引擎系统,其特征在于,所述的指纹采集模块和指纹处理模块还置于所述的计算机主板所承载的具有片内中央处理器的嵌入式SOC芯片内或者不具有片内中央处理器而有非易失性存储空间的芯片内,且指纹采集模块与指纹处理模块相连接,指纹处理模块通过系统总线与指纹比对模块相连接,所述的非易失性存储器为嵌入式SOC芯片中的非易失性存储器或者不具有片内中央处理器的芯片中的非易失性存储器,所述的指纹比对模块通过系统总线与该嵌入式SOC芯片中的非易失性存储器相连接或者与不具有片内中央处理器的芯片中的非易失性存储器相连接。 The engine system based on fingerprint biometric trusted platform module according to claim 1, wherein said fingerprint and fingerprint collection module disposed within the central processing module of the computer motherboard having a sheet carried SOC chip embedded within the processor or central processor does not have a chip while the chip non-volatile memory space, the fingerprint and the fingerprint acquisition module is connected to the processing module, the processing module through a system bus fingerprint with the fingerprint comparison module connected to the non-volatile memory chip SOC embedded non-volatile memory chip or without a central processor chip nonvolatile memory, said system fingerprint matching module a bus connected to the SOC embedded non-volatile memory chip or chip and does not have a central processor chip is connected to the nonvolatile memory.
5.根据权利要求1至4中任一项所述的基于可信平台模块的指纹生物识别引擎系统,其特征在于,所述的指纹比对模块均内置于TPM芯片内。 The engine system based on fingerprint biometric trusted platform module according to any one of claims 1 to 4, wherein said fingerprint matching modules are built into the TPM chip.
6.根据权利要求1至4中任一项所述的基于可信平台模块的指纹生物识别引擎系统,其特征在于,所述的非易失性存储器为闪存Flash、电可擦写可编程只读存储器EEPROM、可擦写可编程只读存储器EPROM、可编程只读存储器PROM或者其他的在断电情况下能继续保留数据的磁、电存储介质。 According to claim 1 to 4 only fingerprint biometric to any engine system based on a trusted platform module, wherein one of said non-volatile memory of the Flash Flash memory, Electrically Erasable Programmable read memory EEPROM, EPROM EPROM, PROM or other programmable read-only memory can remain magnetic, electronic storage media data in case of power failure.
7.根据权利要求1至4中任一项所述的基于可信平台模块的指纹生物识别引擎系统,其特征在于,所述的指纹传感器嵌装于计算机的主板、键盘、鼠标或者机壳表面,或者作为独立装置通过数据通讯连接线与计算机相连接;所述的指纹传感器为光学指纹传感器、半导体指纹传感器、超声波指纹传感器或者其他能够通过感应获取指纹图像数据的传感器,所述的半导体指纹传感器为硅电容式指纹传感器、半导体压感式指纹传感器或者半导体温度感应指纹传感器。 According to claim 1 to the main board, a keyboard, a mouse, or the surface of the housing 4 in any engine fingerprint biometric system based on a trusted platform module, wherein one of said fingerprint sensor is fitted in the computer , or as a separate data communication device are connected via cable to the computer; the optical fingerprint sensor is a fingerprint sensor, a semiconductor fingerprint sensor, an ultrasonic sensor, or other device capable of acquiring a fingerprint image data by sensing a fingerprint sensor, the fingerprint sensor semiconductor a silicon capacitive fingerprint sensor, a pressure sensitive fingerprint sensor semiconductor or a semiconductor temperature-sensitive fingerprint sensor.
8.一种使用权利要求1所述的引擎系统进行指纹生物识别的方法,其特征在于,所述的方法包括以下步骤:(1)系统进行初始化设置;(2)指纹采集模块通过指纹传感器采集指纹的原始图像信息,并将该信息传送至指纹处理模块;(3)指纹处理模块根据该原始图像信息进行提取指纹特征信息并生成辨识码的操作处理;(4)指纹处理模块判断是否是进行初始指纹登记设置操作,并将该辨识码传送至指纹比对模块;(5)如果是进行初始指纹登记设置操作,则指纹比对模块直接将所述的辨识码作为指纹辨识码存储于TPM芯片内的非易失性存储器中;(6)反之,则从可信平台模块TPM芯片内的非易失性存储器内提取出预存的指纹辨识码,并将所述的辨识码与该预存的指纹辨识码进行比对,并将比对结果返回;(7)系统根据该比对结果进行后续处理。 (2) Fingerprint acquisition module fingerprint sensor acquisition; (1) initialise the system: Engine system according to claim 8. A method of using fingerprint biometric, characterized in that the method comprises the steps of original fingerprint image information, and transmits the information to the fingerprint processing module; (3) fingerprint fingerprint feature extraction processing module information based on the original image information and the identification code generating operation processing; if (4) determines the processing module is a fingerprint initial fingerprint registration setting operation, and the fingerprint identification code is transmitted to the module; (5) if the initial setting fingerprint registration operation, the fingerprint comparison module directly as a fingerprint identification code of the identification code stored in the TPM chip a non-volatile memory; and (6) and vice versa, is extracted from the fingerprint identification code stored within the trusted platform module TPM of the non-volatile memory chip, and the identification code stored in the fingerprint identification code for comparison, and the comparison result returned; (7) system results of subsequent processing according to the ratio.
9.根据权利要求8所述的进行指纹生物识别的方法,其特征在于,所述的原始图像信息为数字指纹图像信息。 9. The method of fingerprint biometric is claimed in claim 8, wherein said original image information into a digital fingerprint image information.
10.根据权利要求8或9所述的进行指纹生物识别的方法,其特征在于,所述的根据该原始图像信息进行提取指纹特征信息并生成辨识码的操作处理包括以下步骤:(1)指纹处理模块根据特定的指纹算法,从原始图像信息中提取出指纹特征信息;(2)指纹处理模块对上述的指纹特征信息进行编码和归类,并生成辩识码。 10. The method of fingerprint biometric is 8 or 9 as claimed in claim wherein said extracted fingerprint feature information based on the original image information and identification code generating operation process comprises the following steps: (1) Fingerprint the processing module according to a specific fingerprint algorithm, extracted from the original image information in the fingerprint feature information; (2) the above-described fingerprint processing module for encoding the fingerprint characteristic information and classification, and identification codes generated.
11.根据权利要求8或9所述的进行指纹生物识别的方法,其特征在于,所述的判断是否是进行初始指纹登记设置操作为:判断可信平台模块TPM芯片的非易失性存储器内是否预存储有指纹辨识码,如果否,则返回是进行初始指纹登记设置操作的结果;如果是,则返回是进行初始指纹登记设置操作的结果;或者为:判断系统设置的标识值是否是进行初始指纹登记设置操作。 11. A method of fingerprint biometric is 8 or 9 as claimed in claim wherein said determining whether the initial setting operation for the fingerprint registration: Analyzing the nonvolatile trusted platform module TPM chip memory whether pre-stored fingerprint identification code, and if not, it returns a result register setting operation of an initial fingerprint; if so, returns a result of the initial fingerprint registration setting operation; or to: identify whether the value determined system setting is initial fingerprint registration setting operation.
12.根据权利要求8所述的进行指纹生物识别的方法,其特征在于,所述的预存的指纹辨识码均存放于TPM芯片内部的非易失性存储器中。 12. The method of fingerprint biometric is claimed in claim 8, wherein said pre-stored fingerprint identification code are stored in the nonvolatile memory inside the TPM chip.
CN 200610024673 2006-03-14 2006-03-14 Finger print biological identifying engine system and its identifying method based on credible platform module CN1822013A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 200610024673 CN1822013A (en) 2006-03-14 2006-03-14 Finger print biological identifying engine system and its identifying method based on credible platform module

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 200610024673 CN1822013A (en) 2006-03-14 2006-03-14 Finger print biological identifying engine system and its identifying method based on credible platform module

Publications (1)

Publication Number Publication Date
CN1822013A true CN1822013A (en) 2006-08-23

Family

ID=36923374

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 200610024673 CN1822013A (en) 2006-03-14 2006-03-14 Finger print biological identifying engine system and its identifying method based on credible platform module

Country Status (1)

Country Link
CN (1) CN1822013A (en)

Cited By (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100481107C (en) 2006-11-24 2009-04-22 深圳兆日技术有限公司 An identity control method based on credibility platform module and fingerprint identifying
CN101211389B (en) 2006-12-31 2010-04-07 联想(北京)有限公司 Hardware safe unit and its service request processing method and system
CN101888442A (en) * 2010-04-16 2010-11-17 中兴通讯股份有限公司 Security management method for mobile terminal and mobile terminal
WO2011006295A1 (en) * 2009-07-14 2011-01-20 Sheng Yongxiang Authentication method for user identification equipment
CN101986641A (en) * 2010-10-20 2011-03-16 杭州晟元芯片技术有限公司 Trusted computing platform chip applicable to mobile communication equipment and authentication method thereof
CN102419805A (en) * 2011-11-22 2012-04-18 中兴通讯股份有限公司 Terminal equipment and method for encrypting user information
CN101529376B (en) 2006-10-25 2013-09-04 微软公司 Platform authentication via a transparent second factor
CN101965570B (en) 2008-02-29 2013-09-18 格罗方德半导体公司 A computer system comprising a secure boot mechanism
CN104778141A (en) * 2015-02-10 2015-07-15 浙江大学 Control system trusted architecture-based TPCM (Trusted Platform Control Module) and trusted detection technology
CN104778393A (en) * 2015-04-16 2015-07-15 电子科技大学 Security fingerprint identification method for intelligent terminal
CN105354466A (en) * 2015-10-26 2016-02-24 维沃移动通信有限公司 Fingerprint recognition method and mobile terminal
CN106295285A (en) * 2015-05-28 2017-01-04 联想(北京)有限公司 Information processing method and electronic equipment
CN106605230A (en) * 2014-09-26 2017-04-26 英特尔公司 Securing sensor data
CN106682470A (en) * 2015-11-09 2017-05-17 南昌欧菲生物识别技术有限公司 Fingerprint recognition system based on encrypted fingerprint information, terminal device and method
CN106934268A (en) * 2017-03-31 2017-07-07 山东超越数控电子有限公司 Method for realizing fingerprint encryption in BIOS
WO2017206654A1 (en) * 2016-05-30 2017-12-07 Guangdong Oppo Mobile Telecommunications Corp., Ltd. Method for controlling unlocking and terminal
WO2019104920A1 (en) * 2017-11-30 2019-06-06 北京集创北方科技股份有限公司 Electronic device, display system, integrated control device thereof, and security verification method

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101529376B (en) 2006-10-25 2013-09-04 微软公司 Platform authentication via a transparent second factor
CN100481107C (en) 2006-11-24 2009-04-22 深圳兆日技术有限公司 An identity control method based on credibility platform module and fingerprint identifying
CN101211389B (en) 2006-12-31 2010-04-07 联想(北京)有限公司 Hardware safe unit and its service request processing method and system
CN101965570B (en) 2008-02-29 2013-09-18 格罗方德半导体公司 A computer system comprising a secure boot mechanism
CN102474498B (en) 2009-07-14 2013-12-18 深圳市永盛世纪科技有限公司 Authentication method for user identification equipment
CN102474498A (en) * 2009-07-14 2012-05-23 深圳市永盛世纪科技有限公司 Authentication method for user identification equipment
WO2011006295A1 (en) * 2009-07-14 2011-01-20 Sheng Yongxiang Authentication method for user identification equipment
CN101888442A (en) * 2010-04-16 2010-11-17 中兴通讯股份有限公司 Security management method for mobile terminal and mobile terminal
WO2011127697A1 (en) * 2010-04-16 2011-10-20 中兴通讯股份有限公司 Security management method for mobile terminal and mobile terminal thereof
CN101986641A (en) * 2010-10-20 2011-03-16 杭州晟元芯片技术有限公司 Trusted computing platform chip applicable to mobile communication equipment and authentication method thereof
CN102419805A (en) * 2011-11-22 2012-04-18 中兴通讯股份有限公司 Terminal equipment and method for encrypting user information
CN106605230A (en) * 2014-09-26 2017-04-26 英特尔公司 Securing sensor data
US10360369B2 (en) 2014-09-26 2019-07-23 Intel Corporation Securing sensor data
CN104778141B (en) * 2015-02-10 2017-12-26 浙江大学 Based on a control system architecture tpcm trusted module and trusted Detection
CN104778141A (en) * 2015-02-10 2015-07-15 浙江大学 Control system trusted architecture-based TPCM (Trusted Platform Control Module) and trusted detection technology
CN104778393A (en) * 2015-04-16 2015-07-15 电子科技大学 Security fingerprint identification method for intelligent terminal
CN106295285A (en) * 2015-05-28 2017-01-04 联想(北京)有限公司 Information processing method and electronic equipment
CN105354466A (en) * 2015-10-26 2016-02-24 维沃移动通信有限公司 Fingerprint recognition method and mobile terminal
CN105354466B (en) * 2015-10-26 2017-03-29 维沃移动通信有限公司 A fingerprint identification method and a mobile terminal
CN106682470A (en) * 2015-11-09 2017-05-17 南昌欧菲生物识别技术有限公司 Fingerprint recognition system based on encrypted fingerprint information, terminal device and method
WO2017206654A1 (en) * 2016-05-30 2017-12-07 Guangdong Oppo Mobile Telecommunications Corp., Ltd. Method for controlling unlocking and terminal
CN106934268A (en) * 2017-03-31 2017-07-07 山东超越数控电子有限公司 Method for realizing fingerprint encryption in BIOS
WO2019104920A1 (en) * 2017-11-30 2019-06-06 北京集创北方科技股份有限公司 Electronic device, display system, integrated control device thereof, and security verification method

Similar Documents

Publication Publication Date Title
JP4022861B2 (en) Fingerprint authentication system, fingerprint authentication method and fingerprint authentication program
US7174463B2 (en) Method and system for preboot user authentication
CN101087194B (en) Organism authenticating method and system
EP1993058A1 (en) System and method of providing security to an external device
US10108792B2 (en) Biometric-based authentication method, apparatus and system
CN1229705C (en) Biometric-based device and system and associated safety system
US6539380B1 (en) Device, system and method for data access control
US6199167B1 (en) Computer architecture with password-checking bus bridge
US7797549B2 (en) Secure method and system for biometric verification
US7689006B2 (en) Biometric convolution using multiple biometrics
JP2011090686A (en) Secure biometric verification of identity
JP2010501103A (en) Authentication method and system for
CN100449560C (en) Computer data security protective method
JP4431550B2 (en) Biological signal input device, the computer system and its control method comprising the biological signals input device
CN101601049B (en) Biometric security system and method
US9081946B2 (en) Secure mass storage device
US7447895B2 (en) BIOS locking device, computer system with a BIOS locking device and control method thereof
EP2202662A1 (en) Portable security device protecting against keystroke loggers
CN101827148A (en) Fingerprint identification system applied to mobile phone and operating method thereof
CN101383708B (en) Authentication server, client terminal, biometrics authentication system, biometrics authentication method, and program for biometrics authentication
Yang et al. A secure fingerprint matching technique
EP2238562B1 (en) Biometrics based identification
CN2779485Y (en) High-security mobile data storage device
CN101383704A (en) Cipher module based on finger print recognition technology
CN101436247B (en) Biological personal identification method and system based on UEFI

Legal Events

Date Code Title Description
C06 Publication
C10 Request of examination as to substance
C12 Rejection of an application for a patent