CN1822013A - Finger print biological identifying engine system and its identifying method based on credible platform module - Google Patents
Finger print biological identifying engine system and its identifying method based on credible platform module Download PDFInfo
- Publication number
- CN1822013A CN1822013A CNA2006100246736A CN200610024673A CN1822013A CN 1822013 A CN1822013 A CN 1822013A CN A2006100246736 A CNA2006100246736 A CN A2006100246736A CN 200610024673 A CN200610024673 A CN 200610024673A CN 1822013 A CN1822013 A CN 1822013A
- Authority
- CN
- China
- Prior art keywords
- fingerprint
- module
- identification
- chip
- nonvolatile memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Collating Specific Patterns (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
- Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)
Abstract
This invention relates to a fingerprint biology identifying engine system based on a trustable platform module and a method, in which, the TPM chip in the system has a functional module and a chip operation system, a fingerprint sensor, a fingerprint collection and a process module loaded by the computer mainboard, a nonvolatile memory, a fingerprint comparing module in the TPM chip of the trustable platform module, in which, the sensor is connected with the non-volatile memory by the collection module, a process module and the fingerprint comparison module. Said method includes collecting the original image information of the fingerprint, picking up its character information and generating an identification code, judging if the initial fingerprint has registered then to store the identification code in the non-volatile memory of the TPM chip or pick up the identification code stored in the TPM chip to be compared.
Description
Technical field
The present invention relates to computer biometrics technology, particularly the computer fingerprint technical field of biometric identification specifically is meant a kind of fingerprint bio-identification automotive engine system and recognition methods thereof based on credible platform module.
Background technology
The mankind are beginning in the middle of the 19th century to the research of fingerprint on scientific meaning, and have produced two important conclusions: without any the streakline form unanimity of two finger prints; The form of fingerprint ridge is constant throughout one's life.Fingerprint identification technology is at present internationally recognized most widely used general, the biological identification technology that price is the cheapest, ease for use is the highest, and with respect to other identity identifying technology, fingerprint recognition has following many original information security advantages automatically:
(1) everyone fingerprint is quite fixing, can not change along with the growth at age of people or healthy degree change, but people's sound, face equates but to exist the possibility of bigger variation.
(2) sample fingerprint is convenient to obtain, and is easy to develop recognition system, and is practical.
(3) people's ten refer to that fingerprint is neither identical, can utilize a plurality of fingerprints to constitute multiple password so easily, improve the security of system.
(4) template of using in the fingerprint recognition is that memory space is less like this by the key feature that extracts in the fingerprint image, can significantly reduce the burden of Network Transmission, is convenient to realize authentication.
TPM (credible platform module, Trusted Platform Module), it is can improve at present the security of PC in the world, can improve the best technique of its ease for use again.TPM is actually a small-sized SOC (system on a chip) that contains crypto-operation parts and memory unit, fundamentally solves the safety problem of bottom hardware facility.TPM chip dominant ideas are based on trusted and calculate theory, based on to different bottoms authentications such as user identity, applied environment, network environment, prevent that thoroughly malice from stealing information and virus infraction.
The most crucial function of TPM technology is the data stream that CPU handles is encrypted, simultaneously the state of monitoring system bottom.On this basis; can develop the Secure Application of each links such as unique identification, system login encryption, file encryption, network communication encryption; it can generate encrypted secret key; also have the storage of key and the checking of identity; can carry out data encryption and reduction at a high speed; as the auxiliary processor of protecting BIOS and OS not to be modified, make up cross-platform and Trusted Computing architecture software and hardware system with combining of TPM by TSS.Can not cause data leak even user's hard disk is stolen yet.
Trusted Computing terminal system platform safety architecture sees also shown in Figure 1.
The TPM chip is a SOC (System-on-Chip) chip, modules such as CPU core, RAM, ROM, Flash, cryptographic algorithm coprocessor, random number generator that inside is integrated, SOC system and supporting application software are mainly used in functions such as finishing computer platform reliability certification, authenticating user identification, digital signature.Trusted Computing generally includes following three attributes and function:
(1) guarantees the uniqueness of user identity, the integrality of user workspace and private ownership;
(2) guarantee the integrality of hardware environment configuration, OS kernel, service and application program;
(3) guarantee to store, the confidentiality/integrality of processing, information transmitted.
Moreover, realize aspect the secure access of computer at biological identification technology, at present mostly fingerprint technique all realizes on operating system and application, because finger print data will be loaded into internal memory, has finger print data, handles and intercepted or by the virus infections or the potential safety hazard of being attacked; Relate to the computer hardware layer, also only realize the safe storage of finger print data, exactly fingerprint data safety is stored in BIOS or the TPM hardware chip, and the processing of fingerprint and comparison, outside on computer motherboard, be equipped with microprocessor and have the companion chip of microprocessor to finish, realized the safety opening terminal visit of biological identification technology realization computer.
Fingerprint collecting, processing and comparison and finger print data separated deposit and handle, the hidden danger that has safety, at least the fingerprint that needs to compare is debated and is known sign indicating number and fingerprint comparison and handle and deposit on the same SOC sheet in the chip, realizes that inner fingerprint recognition just can reach double strong factor safety; And the authentication that just realizes computer booting safety is not enough to the safety of whole each aspect of computing machine.
Below be the pros and cons table of comparisons that has or not the TPM chip:
| The authentification of user that does not have TPM | The authentification of user that TPM is arranged |
| Only user number and pin mode easy crack | The user logins complete authentic authentication, gets rid of the possibility that cracks |
| A plurality of login users number and password cause user's carelessness easily, and user number and password are deposited dangerous | Login authentication information is stored in the TPM chip, powerful safeguard protection |
| User number and password leave in the reproducible file; Can the travel all over system by user number and password | The depositing and protect by the TPM brute force and finish of user number and password |
| The platform validation that does not have TPM | The platform validation that TPM is arranged |
| Unwarranted visit and malicious sabotage change system settings and data easily | Can stop unwarranted visit; Various security algorithm module check systems are provided with |
| The change that system is provided with allows unwarranted and malice accesses network and sensitive data | System through the TPM verification is provided with the assurance system complete, stops illegal visit |
| Non-good custom causes untrustworthy system | Reliable system reduces to support and maintenance cost |
Simultaneously, realize the more computer security of deep layer face, also will be from TPM, only rest at the TPM chip at present the safety encipher of finger print data is stored, be about to fingerprint characteristic information leave in TPM inner or encrypt by TPM is inner after leave the outside in, so only be that finger print data information is managed and stores as important information, the meaning of inreal performance fingerprint recognition itself.
Summary of the invention
The objective of the invention is to have overcome above-mentioned shortcoming of the prior art, provide a kind of Trusted Computing is combined with the biological identification and the recognition technology of computer system security chip, can improve and strengthen the comprehensive security of computer system from hardware, operating system and basic platform to application layer.At least the identification of fingerprint sign indicating number that prestores is stored in the TPM chip, and fingerprint comparison is finished at the TPM chip internal, and operational efficiency is higher, system stability is strong, the scope of application is comparatively widely based on the fingerprint bio-identification automotive engine system and the recognition methods thereof of credible platform module.
In order to realize above-mentioned purpose, fingerprint bio-identification automotive engine system and the recognition methods thereof based on credible platform module of the present invention is as follows:
Should be based on the fingerprint bio-identification automotive engine system of credible platform module, comprise and carrying on computer motherboard and the mainboard and by the interconnective basic input-output system BIOS of system bus, credible platform module TPM chip, central processing unit, random access storage device and other computer hardware, have build-in function module and chip operating system in the described credible platform module TPM chip, its principal feature is, described automotive engine system also comprises fingerprint sensor, finger print acquisition module that is carried on the computer motherboard and Fingerprint Processing Module, nonvolatile memory, the fingerprint comparison module of credible platform module TPM built-in chip type, the output terminal of described fingerprint sensor is connected with the input end of finger print acquisition module, the output terminal of finger print acquisition module is connected with the input end of described Fingerprint Processing Module, the output terminal of Fingerprint Processing Module is connected with the input end of described fingerprint comparison module, and described fingerprint comparison module is connected with described nonvolatile memory.
This finger print acquisition module, Fingerprint Processing Module based on the fingerprint bio-identification automotive engine system of credible platform module can all be built in the described credible platform module TPM chip, and between finger print acquisition module and the Fingerprint Processing Module, all be connected between Fingerprint Processing Module and the fingerprint comparison module, described nonvolatile memory is the nonvolatile memory in the credible platform module TPM chip, and described fingerprint comparison module is connected with nonvolatile memory in the described credible platform module TPM chip.
Should place in the basic input-output system BIOS that described computer motherboard carries based on the finger print acquisition module of the fingerprint bio-identification automotive engine system of credible platform module and Fingerprint Processing Module, and finger print acquisition module is connected with Fingerprint Processing Module, Fingerprint Processing Module is connected with the fingerprint comparison module by system bus, described nonvolatile memory is the encryption memory block in the basic input-output system BIOS, and described fingerprint comparison module is connected with encryption memory block in this basic input-output system BIOS by system bus.
Should can also place in the embedded SOC chip that described computer motherboard carries or do not have central processing unit in the sheet and have in the chip of nonvolatile storage space based on the finger print acquisition module of the fingerprint bio-identification automotive engine system of credible platform module and Fingerprint Processing Module with central processing unit in the sheet, and finger print acquisition module is connected with Fingerprint Processing Module, Fingerprint Processing Module is connected with the fingerprint comparison module by system bus, described nonvolatile memory is the nonvolatile memory in nonvolatile memory in the embedded SOC chip or the chip that does not have central processing unit in the sheet, and described fingerprint comparison module is connected by the nonvolatile memory in the embedded SOC chip of system bus and this or is connected with nonvolatile memory in the chip that does not have central processing unit in the sheet.
This nonvolatile memory based on the fingerprint bio-identification automotive engine system of credible platform module is flash memory Flash, EEPROM (Electrically Erasable Programmable Read Only Memo) EEPROM, Erarable Programmable Read only Memory EPROM, programmable read only memory PROM or other the magnetic that can continue retention data under powering-off state, electric storage medium.
This fingerprint sensor based on the fingerprint bio-identification automotive engine system of credible platform module can be flush-mounted in mainboard, keyboard, mouse or the casing surface of computing machine, perhaps is connected with computing machine by data line as autonomous device; Described fingerprint sensor can be optical fingerprint sensor, semiconductor fingerprint sensor or ultrasound wave fingerprint sensor etc., and described semiconductor fingerprint sensor can be silicon capacitance fingerprint sensor, semiconductor pressure-sensitive fingerprint sensor or conductor temperature induction fingerprint sensor etc.
The above-mentioned automotive engine system of this use is carried out the method for fingerprint bio-identification, and its principal feature is that described method may further comprise the steps:
(1) system carries out the initialization setting;
(2) finger print acquisition module is gathered the original image information of fingerprint by fingerprint sensor, and this information is sent to Fingerprint Processing Module;
(3) Fingerprint Processing Module is according to take the fingerprint characteristic information and generate the operational processes of identification code of this original image information;
(4) Fingerprint Processing Module judges whether it is to carry out initial fingerprint registration setting operation, and this identification code is sent to the fingerprint comparison module;
(5) if carry out initial fingerprint registration setting operation, then the fingerprint comparison module directly is stored in described identification code in the nonvolatile memory as the identification of fingerprint sign indicating number;
(6) otherwise, then extract the identification of fingerprint sign indicating number that prestores in the nonvolatile memory from the build-in function module of credible platform module TPM chip, and described identification code and this identification of fingerprint sign indicating number that prestores compared, and comparison result is returned;
(7) system carries out subsequent treatment according to this comparison result.
This original image information that carries out the method for fingerprint bio-identification is the digital finger-print image information.
This operational processes that takes the fingerprint characteristic information and generate identification code according to this original image information of carrying out the method for fingerprint bio-identification may further comprise the steps:
(1) Fingerprint Processing Module extracts fingerprint characteristic information according to specific fingerprint algorithm from original image information;
(2) Fingerprint Processing Module is encoded to above-mentioned fingerprint characteristic information and is sorted out, and the knowledge sign indicating number is debated in generation.
This carry out the fingerprint bio-identification method judge whether it is to carry out initial fingerprint registration setting operation to be:
Judge in the nonvolatile memory in the build-in function module of credible platform module TPM chip whether store the identification of fingerprint sign indicating number, if not, then returning is the result who carries out initial fingerprint registration setting operation; If then returning is the result who carries out initial fingerprint registration setting operation;
Perhaps be: whether the ident value of judging system's setting is to carry out initial fingerprint registration setting operation.
The fingerprint bio-identification automotive engine system and the recognition methods thereof based on credible platform module of this invention have been adopted, owing on computer motherboard, formed fingerprint bio-identification automotive engine system based on the TPM safety chip, and under the security context in the TPM chip be pre-stored in the TPM chip fingerprint and compare, the authentication of realization fingerprint comparison, even collection, processing and the comparison work of fingerprint all can be finished, thereby obtain higher security of system and reliability in the TPM chip; Simultaneously, TPM was not stepped out in pre-deposit data of fingerprint and comparison, had realized the double strong factor safety certification; Moreover, this fingerprint bio-identification automotive engine system can receive other any system hardware layer, operating system and basic platform layer, the authentication request of Secure Application layer, and authentication result returned, thereby realized safe fingerprint biological identification, user and information integrity and private ownership have been guaranteed, guaranteed system hardware, the OS kernel, the integrality of service and application program, can be applied to the finger print safety authentication of starting shooting, fields such as operation system fingerprint safety identification authentication and the authentication of application layer finger print safety, not only operational efficiency is higher, and system stability is stronger, the scope of application is comparatively extensive, for further developing of safety identification of computer technology established solid foundation.
Description of drawings
Fig. 1 is a Trusted Computing terminal system platform safety system assumption diagram of the prior art.
Fig. 2 is a credible platform module TPM safety chip system architecture diagram of the present invention.
Fig. 3 is first kind of embodiment system architecture synoptic diagram of the fingerprint bio-identification automotive engine system based on credible platform module of the present invention.
Fig. 4 is second kind of embodiment system architecture synoptic diagram of the fingerprint bio-identification automotive engine system based on credible platform module of the present invention.
Fig. 5 installs position view for the fingerprint sensor that the present invention is applied in the desk-top computer.
Fig. 6 installs position view for the fingerprint sensor that the present invention is applied in the notebook computer.
Embodiment
Reach technology, method and the functional effect that predetermined purpose is adopted in order to further specify the present invention, see also following about detailed description of the present invention and accompanying drawing, believe purpose of the present invention, feature and characteristics, when obtaining deeply and concrete understanding, yet appended diagram is only for reference and explanation usefulness, and the present invention is limited.
See also shown in Figure 2ly, be the square configuration diagram of computer motherboard TPM chip.In the general TPM chip central processing unit (CPU), asymmetric cryptography coprocessor (RSA), true random number maker (RNG), memory module (RAM), non-volatile memories (Non-VblatiIe Storage) and security protection, management and interface module or the like are arranged, thereby constituted complete TPM chip.
The TPM chip forms the security of system authentication system by TPM chip operating system and built-in functional module.In authentication, have the memory block in the TPM chip, can Store Credentials, utilize the certificate and the various cryptographic algorithm that are stored in the sheet to finish safety certification usually.
Further ins and outs about safety chip please refer to the patent documentation (number of patent application: 03138380.7) of " a kind of safety chip and based on the information security treatment facility and the method for this chip ".
See also shown in Figure 3 again, first kind of embodiment for automotive engine system of the present invention, wherein be somebody's turn to do finger print acquisition module based on the fingerprint bio-identification automotive engine system of credible platform module, Fingerprint Processing Module all is built in the described credible platform module TPM chip, this finger print acquisition module, Fingerprint Processing Module and fingerprint comparison module have formed the fingerprint bio-identification engine in the TPM chip jointly, and between finger print acquisition module and the Fingerprint Processing Module, all be connected between Fingerprint Processing Module and the fingerprint comparison module, described nonvolatile memory is the nonvolatile memory in the credible platform module TPM chip, and described fingerprint comparison module is connected with nonvolatile memory in the described credible platform module TPM chip.
The TPM chip hardware resource of this moment can be finished fingerprint collecting and handle computing, its arithmetic capability CPU in the sheet that places one's entire reliance upon, and its internal memory then is the RAM that has utilized in the sheet.
See also shown in Figure 4 again, second kind of embodiment for automotive engine system of the present invention, wherein should be based on the fingerprint bio-identification automotive engine system of credible platform module, comprise and carrying on computer motherboard and the mainboard and by the interconnective basic input-output system BIOS of system bus, credible platform module TPM chip, central processing unit, random access storage device, have build-in function module and chip operating system in the described credible platform module TPM chip, wherein, described automotive engine system also comprises fingerprint sensor, finger print acquisition module that is carried on the computer motherboard and Fingerprint Processing Module, nonvolatile memory, the fingerprint comparison module of credible platform module TPM built-in chip type, this fingerprint contrast module has formed the fingerprint bio-identification engine in the TPM chip; This finger print acquisition module and Fingerprint Processing Module place in the basic input-output system BIOS that described computer motherboard carries, and finger print acquisition module is connected with Fingerprint Processing Module, and Fingerprint Processing Module is connected with the fingerprint comparison module by system bus; The output terminal of described fingerprint sensor is connected with the input end of finger print acquisition module, the output terminal of finger print acquisition module is connected with the input end of described Fingerprint Processing Module, the output terminal of Fingerprint Processing Module is connected with the input end of described fingerprint comparison module, described nonvolatile memory is the encryption memory block in the basic input-output system BIOS, and described fingerprint comparison module is connected with encryption memory block in this basic input-output system BIOS by system bus.
The TPM chip hardware resource of this moment can not be finished fingerprint collecting and handle computing, and must utilize existing chip or increase chip on the motherboard, be to utilize the encryption memory block among existing BIOS and the BIOS to realize in the present embodiment, its arithmetic capability depends on the central processing unit on the mainboard, and internal memory then is the random access memory ram on the mainboard.
Moreover, similar with above-mentioned second kind of embodiment, also can adopt the third of following automotive engine system of the present invention
Embodiment:
Wherein should be based on the fingerprint bio-identification automotive engine system of credible platform module, comprise and carrying on computer motherboard and the mainboard and by the interconnective basic input-output system BIOS of system bus, credible platform module TPM chip, central processing unit, random access storage device, have build-in function module and chip operating system in the described credible platform module TPM chip, wherein, described automotive engine system also comprises fingerprint sensor, finger print acquisition module that is carried on the computer motherboard and Fingerprint Processing Module, nonvolatile memory, the fingerprint comparison module of credible platform module TPM built-in chip type, this fingerprint contrast module has formed the fingerprint bio-identification engine in the TPM chip; This finger print acquisition module and Fingerprint Processing Module place that described computer motherboard carries do not have a central processing unit in the sheet but have in the chip of nonvolatile storage space, and finger print acquisition module is connected with Fingerprint Processing Module, and Fingerprint Processing Module is connected with the fingerprint comparison module by system bus; The output terminal of described fingerprint sensor is connected with the input end of finger print acquisition module, the output terminal of finger print acquisition module is connected with the input end of described Fingerprint Processing Module, the output terminal of Fingerprint Processing Module is connected with the input end of described fingerprint comparison module, described nonvolatile memory is that computer motherboard carried do not have a central processing unit in the sheet but encryption memory block in the chip of nonvolatile storage space is arranged, described fingerprint comparison module is connected with encryption memory block in this chip by system bus.
The TPM chip hardware resource of this moment can not be finished fingerprint collecting and handle computing, and must utilize existing chip or increase chip on the motherboard, be to utilize the embedded SOC chip on the mainboard to realize in the present embodiment, its arithmetic capability depends on the central processing unit on the mainboard, and internal memory then is the random access memory ram on the mainboard.
Similar with above-mentioned second kind of embodiment, can also adopt the 4th kind of embodiment of following automotive engine system of the present invention:
Wherein should be based on the fingerprint bio-identification automotive engine system of credible platform module, comprise and carrying on computer motherboard and the mainboard and by the interconnective basic input-output system BIOS of system bus, credible platform module TPM chip, central processing unit, random access storage device RAM, have build-in function module and chip operating system in the described credible platform module TPM chip, wherein, described automotive engine system also comprises fingerprint sensor, finger print acquisition module that is carried on the computer motherboard and Fingerprint Processing Module, nonvolatile memory, the fingerprint comparison module of credible platform module TPM built-in chip type, this fingerprint comparison module have formed the fingerprint bio-identification engine in the TPM chip; This finger print acquisition module and Fingerprint Processing Module place in the embedded SOC chip with central processing unit in the sheet that described computer motherboard carries, and finger print acquisition module is connected with Fingerprint Processing Module, and Fingerprint Processing Module is connected with the fingerprint comparison module by system bus; The output terminal of described fingerprint sensor is connected with the input end of finger print acquisition module, the output terminal of finger print acquisition module is connected with the input end of described Fingerprint Processing Module, the output terminal of Fingerprint Processing Module is connected with the input end of described fingerprint comparison module, described nonvolatile memory is the encryption nonvolatile memory in the embedded SOC chip, and described fingerprint comparison module is connected by the encryption nonvolatile memory in the embedded SOC chip of system bus and this.
The TPM chip hardware resource of this moment can not be finished fingerprint collecting and handle computing, and must utilize existing chip or increase chip on the motherboard, be to utilize the embedded SOC chip on the mainboard to realize in the present embodiment, its arithmetic capability depends on the central processing unit in the embedded SOC chip, and internal memory then is the random access memory ram in the embedded SOC chip.
Simultaneously, this nonvolatile memory based on the fingerprint bio-identification automotive engine system of credible platform module is flash memory Flash, EEPROM (Electrically Erasable Programmable Read Only Memo) EEPROM, Erarable Programmable Read only Memory EPROM, programmable read only memory PROM or other the magnetic that can continue retention data under powering-off state, electric storage medium.The detailed technology information of magnetic memory cell wherein sees also american documentation literature " Thin Film Magnetic Core Memory And Method Of MakingSame ", the patent No.: on June 30th, 5126971,1992 published.
In the middle of practical application, the present invention increases fingerprint biological identification engine in the TPM safety chip, and connect a fingerprint sensor, this fingerprint sensor is passed to the finger print image that collects by the Basic Input or Output System (BIOS) (I/O) of computing machine the fingerprint biological identification engine finger print acquisition module of TPM, the digital finger-print image that finger print acquisition module collects sends Fingerprint Processing Module to, carry out fingerprint characteristic value by Fingerprint Processing Module and extract, be encoded to fingerprint and debate the knowledge sign indicating number.
The fingerprint comparison module is debated fingerprint and is known the fingerprint that prestores in sign indicating number and the TPM chip and debate to know and yard compare, and finishes authentication.
The present invention mainly provides the interior fingerprint biological identification technology of sheet and the implementation method of fail-safe computer hardware TPM chip, and its key is to increase a bio-identification engine modules in the TPM chip, under the security context in the TPM chip be pre-stored in the TPM chip identification of fingerprint sign indicating number and compare, realize the fingerprint comparison authentication.
Because fingerprint collecting and processing have certain complexity, hardware resource in the TPM chip is finished complicated processing computing inadequately, in above-mentioned first kind of embodiment, fingerprint collecting and processing placed on the motherboard finish in other embedded SOC chips, the fingerprint image that fingerprint sensor is imported into is processed into the data that contain fingerprint characteristic information, and storing in the TPM chip or with the finger print information that prestores in the TPM chip of safety compared; And in above-mentioned second kind of embodiment, when the hardware resource in the TPM chip was able to handle the collection of fingerprint and handles computing, the collection of fingerprint, processing and comparison work were all finished in the TPM chip.
TPM was not stepped out in pre-deposit data of fingerprint and comparison, realized the double strong factor safety certification.Fingerprint bio-identification engine receives the authentication request of other any system hardware layers, operating system and basic platform layer, Secure Application layer in the TPM, authentication result is returned, realize safe fingerprint biological identification, guarantee user and information integrity and private ownership, guarantee security, the integrality of system hardware, OS kernel, service and application program.
See also Fig. 5 and shown in Figure 6 again, the fingerprint sensor 1 of the fingerprint bio-identification automotive engine system based on credible platform module of the present invention can according to circumstances be flush-mounted in the casing surface of keyboard, mouse or the notebook computer of desk-top computer, perhaps be connected with computing machine by the data communication connecting line as autonomous device, TPM chip 2 then is flush-mounted on the mainboard of desk-top computer or on the mainboard of notebook computer.
Simultaneously, this fingerprint sensor 1 can obtain the sensor of fingerprint image data by induction for optical fingerprint sensor, semiconductor fingerprint sensor, ultrasound wave fingerprint sensor or other, and described semiconductor fingerprint sensor is silicon capacitance fingerprint sensor, semiconductor pressure-sensitive fingerprint sensor or conductor temperature induction fingerprint sensor.
In the middle of reality was used, this fingerprint sensor 1 can use various types of fingerprint sensors.Mainly comprise at present the fingerprint sensor of three kinds of big classes, be respectively: optics, semiconductor, ultrasound wave fingerprint sensor.Wherein the semiconductor-type fingerprint sensor is divided into again: sensors such as silicon capacitance, semiconductor pressure-sensitive, conductor temperature induction.Along with the development of technology, the sensor of newtype can constantly be released, and fingerprint collecting can use the various sensors that obtain fingerprint image data by induction to obtain the fingerprint image information among the present invention; Simultaneously, fingerprint sensor 1 position of placing on computers: keyboard, mouse, casing, and variously be connected to independently fingerprint sensor on the computing machine by the data communication connecting line.
The above-mentioned automotive engine system of use of the present invention is carried out the method for fingerprint bio-identification, may further comprise the steps:
(1) system carries out the initialization setting;
(2) finger print acquisition module is gathered the original image information of fingerprint by fingerprint sensor, and this information is sent to Fingerprint Processing Module, and this original image information is the digital finger-print image information;
(3) Fingerprint Processing Module is according to take the fingerprint characteristic information and generate the operational processes of identification code of this original image information, and this operational processes may further comprise the steps:
(a) Fingerprint Processing Module extracts fingerprint characteristic information according to specific fingerprint algorithm from original image information;
(b) Fingerprint Processing Module is encoded to above-mentioned fingerprint characteristic information and is sorted out, and the knowledge sign indicating number is debated in generation;
(4) Fingerprint Processing Module judges whether it is to carry out initial fingerprint registration setting operation, and this identification code is sent to the fingerprint comparison module, this judgement can for:
Judge in the nonvolatile memory in the build-in function module of credible platform module TPM chip whether store the identification of fingerprint sign indicating number, if not, then returning is the result who carries out initial fingerprint registration setting operation; If then returning is the result who carries out initial fingerprint registration setting operation;
Also can for: whether the ident value of judging system's setting is to carry out initial fingerprint registration setting operation;
(5) if carry out initial fingerprint registration setting operation, then the fingerprint comparison module directly is stored in described identification code in the nonvolatile memory in the build-in function module of credible platform module TPM chip as the identification of fingerprint sign indicating number;
(6) otherwise, then extract the identification of fingerprint sign indicating number that prestores in the nonvolatile memory of fingerprint comparison module from the build-in function module of credible platform module TPM chip, and described identification of fingerprint sign indicating number and this identification of fingerprint sign indicating number of prestoring compared, and comparison result is returned;
(7) system carries out subsequent treatment according to this comparison result.
In the middle of reality is used, technical matters to be solved by this invention is to realize the method for fingerprint bio-identification engine modules in computing machine TPM chip, promptly in the TPM chip, finish the algorithm of fingerprint, the acquisition process of fingerprint, the comparison authentication of fingerprint, accomplishing that all fingerprints are handled never goes out the TPM chip, offers from computer system security hardware layer, secure operating system and basic platform layer, Secure Application layer as a kind of basic biological identification functional module of trusted computer and uses.
Therefore, computing machine need connect fingerprint collecting equipment, and both various types of fingerprint sensors when computing machine needs the fingerprint image information, are gathered living body finger print information, the living body finger print information of gathering are passed to the fingerprint biological identification engine of TPM inside.Fingerprint biological identification engine carries out computing and processing to the original living body finger print information of importing into by fingerprint algorithm, is stored in the TPM memory block or makes authentication result, returns to equipment and the program of calling fingerprint biological identification engine.
In the above-mentioned verification process, comprise following step:
(1) fingerprint collecting
By various fingerprint collecting sensors, gather the original image of fingerprint, this original image information is the digital finger-print picture information of non-simulation.Send Fingerprint Processing Module then to.Fingerprint collecting comprises the interface with various fingerprint sensors, fingerprint image collection judgement etc.
(2) fingerprint is handled
Fingerprint Processing Module is according to fingerprint algorithm, and the characteristic information that takes the fingerprint is encoded, sorted out fingerprint characteristic information, is encoded to debate to know sign indicating number.
Ins and outs about fingerprint algorithm please refer to the patent documentation (number of patent application: 03142267.5) of " fingerprint identification method ".
(3) fingerprint comparison
The user's that collects fingerprint debated know the fingerprint that prestores in sign indicating number and the TPM chip and debate to know and yard compare.
The fingerprint comparison program is pre-stored in the nonvolatile memory of TPM chip.
Above-mentioned fingerprint bio-identification automotive engine system and recognition methods thereof have been adopted based on credible platform module, owing on computer motherboard, formed fingerprint bio-identification automotive engine system based on the TPM safety chip, and under the security context in the TPM chip be pre-stored in the TPM chip fingerprint and compare, the authentication of realization fingerprint comparison, even collection, processing and the comparison work of fingerprint all can be finished, thereby obtain higher security of system and reliability in the TPM chip; Simultaneously, fingerprint prestores to debate and knows sign indicating number and fingerprint comparison was not stepped out TPM, has realized the double strong factor safety certification; Moreover, this fingerprint bio-identification automotive engine system can receive other any system hardware layer, operating system and basic platform layer, the authentication request of Secure Application layer, and authentication result returned, thereby realized safe fingerprint biological identification, user and information integrity and private ownership have been guaranteed, guaranteed system hardware, the OS kernel, the integrality of service and application program, can be applied to the finger print safety authentication of starting shooting, fields such as operation system fingerprint safety identification authentication and the authentication of application layer finger print safety, not only operational efficiency is higher, and system stability is stronger, the scope of application is comparatively extensive, for further developing of safety identification of computer technology established solid foundation.
In this instructions, the present invention is described with reference to its certain embodiments.But, still can make various modifications and conversion obviously and not deviate from the spirit and scope of the present invention.Therefore, instructions and accompanying drawing are regarded in an illustrative, rather than a restrictive.
Claims (12)
1, a kind of fingerprint bio-identification automotive engine system based on credible platform module, comprise and carrying on computer motherboard and the mainboard and by the interconnective basic input-output system BIOS of system bus, credible platform module TPM chip, central processing unit, random access storage device and other computer hardware, have build-in function module and chip operating system in the described credible platform module TPM chip, it is characterized in that, described automotive engine system also comprises fingerprint sensor, finger print acquisition module that is carried on the computer motherboard and Fingerprint Processing Module, nonvolatile memory, the fingerprint comparison module of credible platform module TPM built-in chip type, the output terminal of described fingerprint sensor is connected with the input end of finger print acquisition module, the output terminal of finger print acquisition module is connected with the input end of described Fingerprint Processing Module, the output terminal of Fingerprint Processing Module is connected with the input end of described fingerprint comparison module, and described fingerprint comparison module is connected with described nonvolatile memory.
2, the fingerprint bio-identification automotive engine system based on credible platform module according to claim 1, it is characterized in that, described finger print acquisition module, Fingerprint Processing Module all are built in the described credible platform module TPM chip, and between finger print acquisition module and the Fingerprint Processing Module, all be connected between Fingerprint Processing Module and the fingerprint comparison module, described nonvolatile memory is the nonvolatile memory in the credible platform module TPM chip, and described fingerprint comparison module is connected with nonvolatile memory in the described credible platform module TPM chip.
3, fingerprint bio-identification automotive engine system based on credible platform module according to claim 1, it is characterized in that, described finger print acquisition module and Fingerprint Processing Module place in the basic input-output system BIOS that described computer motherboard carries, and finger print acquisition module is connected with Fingerprint Processing Module, Fingerprint Processing Module is connected with the fingerprint comparison module by system bus, described nonvolatile memory is the encryption memory block in the basic input-output system BIOS, and described fingerprint comparison module is connected with encryption memory block in this basic input-output system BIOS by system bus.
4, fingerprint bio-identification automotive engine system based on credible platform module according to claim 1, it is characterized in that, described finger print acquisition module and Fingerprint Processing Module also place in the embedded SOC chip with central processing unit in the sheet that described computer motherboard carries or do not have central processing unit in the sheet and have in the chip of nonvolatile storage space, and finger print acquisition module is connected with Fingerprint Processing Module, Fingerprint Processing Module is connected with the fingerprint comparison module by system bus, described nonvolatile memory is the nonvolatile memory in nonvolatile memory in the embedded SOC chip or the chip that does not have central processing unit in the sheet, and described fingerprint comparison module is connected by the nonvolatile memory in the embedded SOC chip of system bus and this or is connected with nonvolatile memory in the chip that does not have central processing unit in the sheet.
5, according to each described fingerprint bio-identification automotive engine system in the claim 1 to 4, it is characterized in that described fingerprint comparison module all is built in the TPM chip based on credible platform module.
6, according to each described fingerprint bio-identification automotive engine system in the claim 1 to 4 based on credible platform module, it is characterized in that described nonvolatile memory is flash memory Flash, EEPROM (Electrically Erasable Programmable Read Only Memo) EEPROM, Erarable Programmable Read only Memory EPROM, programmable read only memory PROM or other the magnetic that can continue retention data under powering-off state, electric storage medium.
7, according to each described fingerprint bio-identification automotive engine system in the claim 1 to 4 based on credible platform module, it is characterized in that, described fingerprint sensor is flush-mounted in mainboard, keyboard, mouse or the casing surface of computing machine, perhaps is connected with computing machine by the data communication connecting line as autonomous device; Described fingerprint sensor is that optical fingerprint sensor, semiconductor fingerprint sensor, ultrasound wave fingerprint sensor or other can obtain the sensor of fingerprint image data by induction, and described semiconductor fingerprint sensor is silicon capacitance fingerprint sensor, semiconductor pressure-sensitive fingerprint sensor or conductor temperature induction fingerprint sensor.
8, a kind of method of using the described automotive engine system of claim 1 to carry out the fingerprint bio-identification is characterized in that described method may further comprise the steps:
(1) system carries out the initialization setting;
(2) finger print acquisition module is gathered the original image information of fingerprint by fingerprint sensor, and this information is sent to Fingerprint Processing Module;
(3) Fingerprint Processing Module is according to take the fingerprint characteristic information and generate the operational processes of identification code of this original image information;
(4) Fingerprint Processing Module judges whether it is to carry out initial fingerprint registration setting operation, and this identification code is sent to the fingerprint comparison module;
(5) if carry out initial fingerprint registration setting operation, then the fingerprint comparison module directly is stored in described identification code in the nonvolatile memory in the TPM chip as the identification of fingerprint sign indicating number;
(6) otherwise, then extract the identification of fingerprint sign indicating number that prestores in the nonvolatile memory in the credible platform module TPM chip, and described identification code and this identification of fingerprint sign indicating number that prestores compared, and comparison result is returned;
(7) system carries out subsequent treatment according to this comparison result.
9, method of carrying out the fingerprint bio-identification according to claim 8 is characterized in that, described original image information is the digital finger-print image information.
10, according to Claim 8 or 9 described methods of carrying out the fingerprint bio-identification, it is characterized in that the described operational processes that takes the fingerprint characteristic information and generate identification code according to this original image information may further comprise the steps:
(1) Fingerprint Processing Module extracts fingerprint characteristic information according to specific fingerprint algorithm from original image information;
(2) Fingerprint Processing Module is encoded to above-mentioned fingerprint characteristic information and is sorted out, and the knowledge sign indicating number is debated in generation.
11, according to Claim 8 or 9 described methods of carrying out the fingerprint bio-identification, it is characterized in that described judging whether is to carry out initial fingerprint registration setting operation to be:
Judge in the nonvolatile memory of credible platform module TPM chip whether be pre-stored with the identification of fingerprint sign indicating number, if not, then returning is the result who carries out initial fingerprint registration setting operation; If then returning is the result who carries out initial fingerprint registration setting operation;
Perhaps be: whether the ident value of judging system's setting is to carry out initial fingerprint registration setting operation.
12, method of carrying out the fingerprint bio-identification according to claim 8 is characterized in that, the described identification of fingerprint sign indicating number that prestores is all deposited in the nonvolatile memory of TPM chip internal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2006100246736A CN1822013A (en) | 2006-03-14 | 2006-03-14 | Finger print biological identifying engine system and its identifying method based on credible platform module |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2006100246736A CN1822013A (en) | 2006-03-14 | 2006-03-14 | Finger print biological identifying engine system and its identifying method based on credible platform module |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1822013A true CN1822013A (en) | 2006-08-23 |
Family
ID=36923374
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2006100246736A Pending CN1822013A (en) | 2006-03-14 | 2006-03-14 | Finger print biological identifying engine system and its identifying method based on credible platform module |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1822013A (en) |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101211389B (en) * | 2006-12-31 | 2010-04-07 | 联想(北京)有限公司 | Hardware safe unit and its service request processing method and system |
| CN101888442A (en) * | 2010-04-16 | 2010-11-17 | 中兴通讯股份有限公司 | Security management method for mobile terminal and mobile terminal |
| WO2011006295A1 (en) * | 2009-07-14 | 2011-01-20 | Sheng Yongxiang | Authentication method for user identification equipment |
| CN101986641A (en) * | 2010-10-20 | 2011-03-16 | 杭州晟元芯片技术有限公司 | Trusted computing platform chip applicable to mobile communication equipment and authentication method thereof |
| CN102419805A (en) * | 2011-11-22 | 2012-04-18 | 中兴通讯股份有限公司 | Terminal equipment and method for encrypting user information |
| CN101529376B (en) * | 2006-10-25 | 2013-09-04 | 微软公司 | Platform authentication via a transparent second factor |
| CN101965570B (en) * | 2008-02-29 | 2013-09-18 | 格罗方德半导体公司 | A computer system comprising a secure boot mechanism |
| CN104778393A (en) * | 2015-04-16 | 2015-07-15 | 电子科技大学 | Security fingerprint identification method for intelligent terminal |
| CN104778141A (en) * | 2015-02-10 | 2015-07-15 | 浙江大学 | Control system trusted architecture-based TPCM (Trusted Platform Control Module) and trusted detection technology |
| CN105354466A (en) * | 2015-10-26 | 2016-02-24 | 维沃移动通信有限公司 | Fingerprint recognition method and mobile terminal |
| CN106156577A (en) * | 2015-04-17 | 2016-11-23 | 国民技术股份有限公司 | A kind of safety chip, authentication method based on biological characteristic and intelligent terminal |
| CN106295285A (en) * | 2015-05-28 | 2017-01-04 | 联想(北京)有限公司 | A kind of information processing method and electronic equipment |
| CN106605230A (en) * | 2014-09-26 | 2017-04-26 | 英特尔公司 | Securing sensor data |
| CN106682470A (en) * | 2015-11-09 | 2017-05-17 | 南昌欧菲生物识别技术有限公司 | Fingerprint recognition system based on encrypted fingerprint information, terminal device and method |
| CN106934268A (en) * | 2017-03-31 | 2017-07-07 | 山东超越数控电子有限公司 | A kind of method that encrypting fingerprint is realized in BIOS |
| CN106971101A (en) * | 2017-03-30 | 2017-07-21 | 山东超越数控电子有限公司 | One kind refers to the credible progress control method of hand vein recognition and system |
| WO2017206654A1 (en) * | 2016-05-30 | 2017-12-07 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Method for controlling unlocking and terminal |
| WO2019104920A1 (en) * | 2017-11-30 | 2019-06-06 | 北京集创北方科技股份有限公司 | Electronic device, display system, integrated control device thereof, and security verification method |
| CN110969735A (en) * | 2019-12-27 | 2020-04-07 | 大唐半导体科技有限公司 | Intelligent lock master control system and method based on security chip architecture |
-
2006
- 2006-03-14 CN CNA2006100246736A patent/CN1822013A/en active Pending
Cited By (29)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101529376B (en) * | 2006-10-25 | 2013-09-04 | 微软公司 | Platform authentication via a transparent second factor |
| CN101211389B (en) * | 2006-12-31 | 2010-04-07 | 联想(北京)有限公司 | Hardware safe unit and its service request processing method and system |
| CN101965570B (en) * | 2008-02-29 | 2013-09-18 | 格罗方德半导体公司 | A computer system comprising a secure boot mechanism |
| CN102474498B (en) * | 2009-07-14 | 2013-12-18 | 深圳市永盛世纪科技有限公司 | Authentication method for user identification equipment |
| CN102474498A (en) * | 2009-07-14 | 2012-05-23 | 深圳市永盛世纪科技有限公司 | Authentication method for user identification equipment |
| WO2011006295A1 (en) * | 2009-07-14 | 2011-01-20 | Sheng Yongxiang | Authentication method for user identification equipment |
| WO2011127697A1 (en) * | 2010-04-16 | 2011-10-20 | 中兴通讯股份有限公司 | Security management method for mobile terminal and mobile terminal thereof |
| CN101888442A (en) * | 2010-04-16 | 2010-11-17 | 中兴通讯股份有限公司 | Security management method for mobile terminal and mobile terminal |
| CN101986641A (en) * | 2010-10-20 | 2011-03-16 | 杭州晟元芯片技术有限公司 | Trusted computing platform chip applicable to mobile communication equipment and authentication method thereof |
| CN102419805A (en) * | 2011-11-22 | 2012-04-18 | 中兴通讯股份有限公司 | Terminal equipment and method for encrypting user information |
| CN106605230A (en) * | 2014-09-26 | 2017-04-26 | 英特尔公司 | Securing sensor data |
| CN106605230B (en) * | 2014-09-26 | 2024-05-03 | 英特尔公司 | Ensuring sensor data security |
| US10360369B2 (en) | 2014-09-26 | 2019-07-23 | Intel Corporation | Securing sensor data |
| CN104778141B (en) * | 2015-02-10 | 2017-12-26 | 浙江大学 | A kind of TPCM modules based on control system trusted infrastructure and credible detection method |
| CN104778141A (en) * | 2015-02-10 | 2015-07-15 | 浙江大学 | Control system trusted architecture-based TPCM (Trusted Platform Control Module) and trusted detection technology |
| CN104778393A (en) * | 2015-04-16 | 2015-07-15 | 电子科技大学 | Security fingerprint identification method for intelligent terminal |
| CN106156577A (en) * | 2015-04-17 | 2016-11-23 | 国民技术股份有限公司 | A kind of safety chip, authentication method based on biological characteristic and intelligent terminal |
| CN106295285A (en) * | 2015-05-28 | 2017-01-04 | 联想(北京)有限公司 | A kind of information processing method and electronic equipment |
| CN106295285B (en) * | 2015-05-28 | 2020-02-21 | 联想(北京)有限公司 | Information processing method and electronic equipment |
| CN105354466A (en) * | 2015-10-26 | 2016-02-24 | 维沃移动通信有限公司 | Fingerprint recognition method and mobile terminal |
| CN105354466B (en) * | 2015-10-26 | 2017-03-29 | 维沃移动通信有限公司 | A kind of fingerprint identification method and mobile terminal |
| CN106682470A (en) * | 2015-11-09 | 2017-05-17 | 南昌欧菲生物识别技术有限公司 | Fingerprint recognition system based on encrypted fingerprint information, terminal device and method |
| WO2017206654A1 (en) * | 2016-05-30 | 2017-12-07 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Method for controlling unlocking and terminal |
| US10409973B2 (en) | 2016-05-30 | 2019-09-10 | Guangdong Oppo Mobile Telecommunications Corp., Ltd. | Method for controlling unlocking and terminal device |
| CN106971101A (en) * | 2017-03-30 | 2017-07-21 | 山东超越数控电子有限公司 | One kind refers to the credible progress control method of hand vein recognition and system |
| CN106934268A (en) * | 2017-03-31 | 2017-07-07 | 山东超越数控电子有限公司 | A kind of method that encrypting fingerprint is realized in BIOS |
| WO2019104920A1 (en) * | 2017-11-30 | 2019-06-06 | 北京集创北方科技股份有限公司 | Electronic device, display system, integrated control device thereof, and security verification method |
| CN110969735A (en) * | 2019-12-27 | 2020-04-07 | 大唐半导体科技有限公司 | Intelligent lock master control system and method based on security chip architecture |
| CN110969735B (en) * | 2019-12-27 | 2022-02-01 | 大唐半导体科技有限公司 | Intelligent lock master control system and method based on security chip architecture |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1822013A (en) | Finger print biological identifying engine system and its identifying method based on credible platform module | |
| CN1885315A (en) | Embedded single secure chip biological fingerprint recognition system and method thereof | |
| CN1900939A (en) | Finger print biological identification device and it identification method of safety computer | |
| TWI361611B (en) | Biometric authentication system for enhancing network security | |
| CN202049500U (en) | Fingerprint identification system based on TCM (trusted cryptography module) | |
| CN100481107C (en) | An identity control method based on credibility platform module and fingerprint identifying | |
| JP5701997B2 (en) | User identification and authentication in mobile commerce | |
| US20070245153A1 (en) | System and method for user authentication in a multi-function printer with a biometric scanning device | |
| CN1661961A (en) | Method, a hardware token, and a computer program for authentication | |
| JP2003510714A (en) | Removable active personal storage device, system and method | |
| CN1713101A (en) | Computer starting up identifying system and method | |
| CN1621994A (en) | Computer security control module and safeguard control method thereof | |
| CN101055611A (en) | Authentication method, authentication apparatus and authentication program storage medium | |
| CN106161028A (en) | Safety chip, communication terminal and the method improving communication security | |
| CN101034986A (en) | Method and system for securely using the intelligent secrete key device | |
| CN2916768Y (en) | Embedded single secure chip biologic fingerprint recognition system | |
| CN1195275C (en) | Security arrangement | |
| CN1991800A (en) | Fingerprint identification storage device and fingerprint identification method | |
| CN1912884A (en) | Mobile key disc implementing method and device based on biological characteristic identification technology | |
| CN1811786A (en) | Presence-based access control | |
| CN2914193Y (en) | TPM fingerprint biological recognition system | |
| CN1848021A (en) | Embedded safe controller and its control method and application | |
| CN1606027A (en) | Method for software copyright protection by utilizing fingerprint and application apparatus thereof | |
| CN1900876A (en) | Biological signal input device, computer system with said device and its control method | |
| CN101646262A (en) | Wireless data card and identity certification method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |