WO2016062200A1 - Procédé et appareil d'authentification d'empreintes digitales et serveur - Google Patents

Procédé et appareil d'authentification d'empreintes digitales et serveur Download PDF

Info

Publication number
WO2016062200A1
WO2016062200A1 PCT/CN2015/091690 CN2015091690W WO2016062200A1 WO 2016062200 A1 WO2016062200 A1 WO 2016062200A1 CN 2015091690 W CN2015091690 W CN 2015091690W WO 2016062200 A1 WO2016062200 A1 WO 2016062200A1
Authority
WO
WIPO (PCT)
Prior art keywords
fingerprint
user
verified
finger
code
Prior art date
Application number
PCT/CN2015/091690
Other languages
English (en)
Chinese (zh)
Inventor
肖维杰
Original Assignee
阿里巴巴集团控股有限公司
肖维杰
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 阿里巴巴集团控股有限公司, 肖维杰 filed Critical 阿里巴巴集团控股有限公司
Publication of WO2016062200A1 publication Critical patent/WO2016062200A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present application relates to the field of network technologies, and in particular, to a method, an apparatus, and a server for fingerprint authentication.
  • fingerprint recognition technology is one of the most mature and widely used biometric recognition technologies.
  • the process of traditional fingerprint recognition generally includes: acquiring fingerprint images of all or part of the fingers of the user through the fingerprint collection device, and processing the acquired images to extract corresponding fingerprint features and record them.
  • fingerprint verification is required, the fingerprint input by the user on the site is compared with the fingerprint feature of the user saved in advance. If the two are consistent, the verification is passed; otherwise, the verification fails.
  • the fingerprint identification device can be fooled by the fingerprint feature to achieve illegal login, stealing the personal privacy and confidential information of the stolen person, and causing loss to the user.
  • the fingerprint since the fingerprint is used as the biometric information of the user, it is unique and cannot be modified. Once the user's fingerprint is stolen, the user can only deprecate the fingerprint feature.
  • the present application provides a method, a device, and a server for fingerprint authentication, which solve the problem of security risks caused by the theft of fingerprint features in the prior art.
  • a method for fingerprint authentication comprising:
  • an apparatus for fingerprint authentication comprising:
  • a first receiving unit configured to receive a fingerprint authentication request sent by the client, and obtain user identity information carried in the fingerprint authentication request
  • An obtaining unit configured to obtain a fingerprint to be verified according to the user identity information
  • a first sending unit configured to send the to-be-verified fingerprint code to the client display
  • a second receiving unit configured to receive a fingerprint to be verified corresponding to the fingerprint to be verified uploaded by the client
  • a comparison unit configured to acquire, according to the user identity information, a fingerprint feature corresponding to the fingerprint to be verified stored in the database, and compare the fingerprint with the to-be-verified fingerprint
  • a second sending unit configured to return a message of the authentication pass to the client when the comparison result of the comparing unit is consistent.
  • a server including:
  • processor a memory for storing the processor executable instructions
  • processor is configured to:
  • the server displays the fingerprint code required for verification to the user.
  • the user inputs a fingerprint of a finger corresponding to the fingerprint code according to a preset correspondence.
  • the server verifies the received fingerprint. If the received fingerprint matches the fingerprint corresponding to the fingerprint code saved in advance, the authentication passes; if not, the authentication fails.
  • FIG. 1 is a flow chart of an embodiment of a method for fingerprint authentication of the present application
  • FIG. 2 is a flow chart of another embodiment of a method for fingerprint authentication of the present application.
  • FIG. 3 is a flow chart of another embodiment of a method for fingerprint authentication of the present application.
  • FIG. 4a is a schematic diagram of an embodiment of a finger encoding rule of the present application.
  • 4b is a schematic diagram of another embodiment of a finger encoding rule of the present application.
  • FIG. 5 is a flowchart of another embodiment of a method for fingerprint authentication of the present application.
  • 6a is a schematic diagram of another embodiment of a finger encoding rule of the present application.
  • 6b is a schematic diagram of another embodiment of a finger encoding rule of the present application.
  • FIG. 7 is a hardware structure diagram of a device where a fingerprint authentication device is located in the present application.
  • FIG. 8 is a block diagram of an embodiment of a fingerprint authentication apparatus of the present application.
  • first, second, third, etc. may be used to describe various information in this application, such information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other.
  • first information may also be referred to as the second information without departing from the scope of the present application.
  • second information may also be referred to as the first information.
  • word "if” as used herein may be interpreted as "when” or “when” or “in response to a determination.”
  • users can access various network applications through various application clients installed on the client device.
  • the user identity is often authenticated.
  • the prior art can be combined with the fingerprint identification technology for identity authentication.
  • the identity authentication can be completed, resulting in inaccurate authentication results and potential security risks.
  • FIG. 1 is a flowchart of an embodiment of a method for fingerprint authentication according to the present application. The embodiment is described from a server side that implements fingerprint authentication:
  • Step 101 Receive a fingerprint authentication request sent by the client, and obtain user identity information carried in the fingerprint authentication request.
  • Step 102 Acquire a fingerprint to be verified according to the user identity information, and send the fingerprint to the client for display.
  • Step 103 Receive a fingerprint to be verified corresponding to the fingerprint to be verified uploaded by the client.
  • Step 104 Obtain a fingerprint feature corresponding to the to-be-verified fingerprint code saved in the database according to the user identity information, and compare the fingerprint with the to-be-verified fingerprint. If the comparison result is consistent, then the client is Returns the message that the certificate passed.
  • the server not only stores the fingerprint features of the ten fingers of the user, but also stores the fingerprint codes corresponding to each finger of the user.
  • the correspondence between the fingerprint code and each finger is preset by the user and is only known to the user and the server.
  • the server will display the required fingerprint code to the user.
  • the user inputs a fingerprint of a finger corresponding to the fingerprint code according to a preset correspondence.
  • the server verifies the received fingerprint. If the received fingerprint matches the fingerprint corresponding to the fingerprint code saved in advance, the authentication passes; if not, the authentication fails.
  • FIG. 2 is a flowchart of another embodiment of a method for fingerprint authentication according to the present application. The embodiment is described from a server side that implements fingerprint authentication:
  • Step 201 The server receives the fingerprint authentication request sent by the client, and obtains the user identity information carried in the fingerprint authentication request.
  • the client when the user needs to log in to the application or the website on the client, the client reminds the user that the user needs to perform fingerprint verification. At the same time, the client sends a fingerprint authentication request to the server, where the fingerprint authentication request carries the identity identification information of the user who needs to log in.
  • the server After receiving the fingerprint authentication request sent by the client, the server obtains the user identity carried in the request, and performs fingerprint authentication on the user.
  • Step 202 The server acquires a fingerprint encoding table of the user according to the user identity identification information.
  • the fingerprint encoding table stores fingerprint codes corresponding to the respective fingers of the user.
  • the fingerprint code corresponding to each finger of the user is saved.
  • the fingerprint code has a one-to-one correspondence with each finger of the user, and the fingerprint codes corresponding to different fingers are completely different.
  • the fingerprint encoding can be pre-set by the user.
  • the user presets the fingerprint codes corresponding to the respective fingers according to actual needs, and establishes a fingerprint encoding table according to the correspondence between each finger and the fingerprint encoding.
  • the user uploads the fingerprint encoding table to the server while keeping the fingerprint encoding table properly.
  • the server establishes a correspondence between the identity information of each user and the fingerprint code table of the user, and saves it in the database. Therefore, when receiving the user identity information in the fingerprint authentication request, the server may directly extract the fingerprint code table of the user from the database according to the user identity information, thereby obtaining corresponding fingers of the user respectively. Fingerprint coding.
  • the fingerprint encoding table can be automatically generated by the server.
  • a function button of “fingerprint code generation” may be set on a website used by the user or a website page registered by the user. While saving the fingerprint information, the user may send a request for fingerprint code generation to the server by clicking the function button, and carry the identity identification information of the user and the fingerprint of each finger in the request.
  • the server automatically generates a fingerprint code corresponding to each finger of the user for the user, and establishes a fingerprint code table according to the correspondence between each finger and the fingerprint code.
  • the server sends the fingerprint encoding table to the client, prompting the user to be proper.
  • the server establishes a correspondence between the fingerprint encoding table and the user identity information, and saves it in the database. Thereby making the fingerprint received
  • the server may directly extract the fingerprint code table of the user from the database according to the user identity information, thereby obtaining the fingerprint code corresponding to each finger of the user.
  • the fingerprint code corresponding to each finger of the user may be specifically set according to actual needs. As long as the same user is guaranteed, the fingerprint corresponding to each finger is unique. For example, it is possible to set the user's ten fingers to correspond to numbers 1 to 10 from left to right. Of course, in other embodiments of the present application, it is also possible to set the user's ten finger unordered corresponding numbers from 1 to 10. Of course, the above is only illustrated by two simple examples. In practical applications, to ensure the security of fingerprint authentication, the fingerprint encoding can be set to have a certain complexity. For example, it is a multi-digit Arabic number, or consists of letters; or a combination of numbers and letters, and so on.
  • Step 203 The server randomly extracts a fingerprint code corresponding to at least one finger of the user as a fingerprint to be verified.
  • Step 204 The server receives the fingerprint to be verified corresponding to the fingerprint to be verified uploaded by the client.
  • the fingerprint of a certain finger is not input by the user or the fingerprint of the finger of the default finger is input by the user, but the fingerprint code of the finger of the user is randomly selected by the server, and the fingerprint is The fingerprint code is sent to the client for display to the user.
  • the server After the user knows the fingerprint code that the server wants to input from the client, it needs to find the fingerprint code table saved by itself, determine the finger corresponding to the fingerprint code, and input the fingerprint of the finger through the fingerprint sensor.
  • the client uploads the fingerprint of the finger input by the user as a fingerprint to be verified to the server.
  • Step 205 The server searches for the fingerprint code table of the user, determines the finger of the user corresponding to the fingerprint code to be verified, and acquires the fingerprint feature of the finger of the user in the database.
  • step 203 the server randomly extracts the fingerprint to be verified, and the fingerprint to be verified uploaded by the user according to the code is received by the client.
  • the server searches the fingerprint code table of the user, determines which finger of the user corresponding to the fingerprint code to be verified, and obtains the fingerprint feature corresponding to the finger of the user from the database.
  • Step 206 The server saves the fingerprint feature saved in the database with the to-be-verified index uploaded by the client. The pattern is compared. If the two are consistent, the server returns a message that the fingerprint authentication is passed to the client; otherwise, the server returns a message that the fingerprint authentication failed to the client.
  • the fingerprint feature corresponding to the fingerprint to be verified obtained by the server in the database is a correct fingerprint feature.
  • the fingerprint feature to be verified uploaded by the user through the client is compared with the correct fingerprint feature. If the two are consistent, the fingerprint authentication succeeds; otherwise, the authentication fails.
  • the server may also randomly extract two or more fingerprint codes as the fingerprint to be verified.
  • the user needs to provide corresponding fingerprint information for each fingerprint code to be verified displayed by the client, and it is necessary to ensure a correct correspondence between each fingerprint code and the fingerprint information.
  • the server performs fingerprint authentication, it must ensure that each fingerprint uploaded by the user can pass the authentication, and then the fingerprint authentication succeeds; otherwise, even if none of the fingerprints pass the authentication, the authentication fails. This increases the difficulty of fingerprint authentication and improves the security of authentication.
  • the fingerprint encoding table is only known by the user and the server. If the current user is a legitimate user, the user can know which finger corresponding to the fingerprint to be verified displayed by the current client according to the fingerprint code table saved by the user, and provide correct fingerprint information and pass the fingerprint authentication. However, if the current user is not a legitimate user, the user cannot know the specific content of the fingerprint encoding table, and it is even more difficult to know which finger the current fingerprint displayed by the client is corresponding to, and it is difficult to provide correct fingerprint information. As a result, authentication will fail.
  • the method in the embodiment of the present application not only needs the user to provide correct fingerprint information, but also needs the user to know the correct fingerprint encoding, and improves the single-dimensional fingerprint verification to the two-dimensional verification of the fingerprint plus encoding, thereby increasing the The difficulty of fingerprint verification improves the reliability of fingerprint verification and ensures the security of the user's network information.
  • the pirate even if the fingerprint of the user is stolen, the pirate does not know the fingerprint code corresponding to each finger fingerprint.
  • the pirate illegally uses the user's fingerprint since it cannot know the correct fingerprint code, it still cannot pass the authentication, thereby ensuring the security of the user information and improving the reliability of the fingerprint verification.
  • the user even if the fingerprint code table of the user is stolen by others, the user only needs to reset the fingerprint code table of the user by providing personal identity information, and the fingerprint can be continuously used to solve the problem. There is a problem in the technology that fingerprints are discarded due to the theft of fingerprints.
  • FIG. 3 it is a flowchart of another embodiment of a method for fingerprint authentication according to the present application. The embodiment is described from a server side that implements fingerprint authentication:
  • Step 301 The server receives the fingerprint authentication request sent by the client, and obtains the user identity identification information carried in the fingerprint authentication request.
  • Step 302 The server randomly extracts a positive integer as the fingerprint to be verified and sends it to the client for display.
  • an integer between 0 and 9 is randomly selected as an example for description. In practical applications, any positive integer is applicable to the embodiments of the present application.
  • Step 303 The server receives the fingerprint to be verified corresponding to the fingerprint code to be verified by the client.
  • the server may randomly extract an integer (including 0 and 9) between 0 and 9, for example, 1, 3, 7, and the like.
  • the integer is used as the fingerprint to be verified, which can be recorded as Y, displayed to the user through the client, and receives the fingerprint to be verified uploaded by the user according to the fingerprint to be verified.
  • Step 304 The server obtains an offset pre-stored by the user according to the user identity information; the offset is any positive integer; according to the fingerprint to be verified and the offset, combined with a preset calculation rule, Verify finger coding.
  • the offset is described by taking an integer between 0 and 9. In practical applications, any positive integer is applicable to the embodiments of the present application.
  • Step 305 The server acquires a fingerprint feature corresponding to the finger code to be verified according to the user identity information and the finger coding rule preset by the user; the finger coding rule is ten fingers of the user and ten to 0 to 9, respectively.
  • the integers correspond one-to-one.
  • Step 306 The server compares the fingerprint feature with the fingerprint to be verified uploaded by the client. If the two are consistent, the server returns a message for fingerprint authentication to the client; otherwise, the server Returns a message that the fingerprint authentication failed to the client.
  • the user when the user saves the fingerprint feature, the user needs to select an offset, which can be recorded as X, and uploaded to the server through the client.
  • the offset X is any integer between 0 and 9 (including 0 and 9). After the user selects the offset X, it will save it for use in fingerprint authentication. After receiving the offset X of the user uploaded by the client, the server establishes a correspondence between the identity information of the user and the offset X, and saves the data in the database.
  • the server When performing fingerprint authentication, the server extracts the offset X of the user from the database according to the user identity information, and combines the preset X and the fingerprint to be verified Y randomly extracted in step 302 according to the offset X.
  • the calculation rule is obtained by the finger code to be verified.
  • the preset calculation rule is preset, specifically:
  • the offset X is any integer between 0 and 9
  • the fingerprint code Y to be verified is also any integer between 0 and 9
  • the Z calculated by the formula (1) also belongs to 0 to An integer of 9.
  • the finger coding rule is that the ten fingers of the user are respectively in one-to-one correspondence with ten integers of 0 to 9. Therefore, regardless of the offset X and the value of the fingerprint code Y to be verified, the finger code Z to be verified calculated by the formula (1) is one of the integers corresponding to ten fingers of the user. For example, as shown in FIG. 4a, it can be set that the ten fingers of the user are sequentially numbered from 0 to 9 from left to right. If the offset X is 6, and the fingerprint code Y to be verified is 8, the calculated finger code Z to be verified is 5, and the corresponding finger is the right thumb shown in FIG. 4a. For another example, if the offset X is 3 and the fingerprint code Y to be verified is 9, the calculated finger code Z to be verified is 3, and the corresponding finger is the left index finger shown in FIG. 4a.
  • This calculation rule is pre-set by the system and is known to the server and the user. Although the calculation rules are the same for different users. However, since the offset X of each user is preset by itself, it is only known to the user and the server, thereby ensuring the privacy of the finger code to be verified.
  • the server After the server obtains the to-be-verified finger code X corresponding to the current fingerprint to be verified by the publicity (1), the server obtains the finger coding rule preset by the user by using the identity identification information of the user, and determines the current waiting according to the finger coding rule. It is verified that the fingerprint code Y corresponds to which finger of the user, and the fingerprint feature of the finger is extracted from the database.
  • the finger coding rule is that the ten fingers of the user are respectively in one-to-one correspondence with ten integers of 0 to 9.
  • the correspondence between the fingers of the user and the ten integers may be sequential or unordered.
  • the integer corresponding to each finger is unique.
  • the finger encoding rules can be preset by the user. Specifically, the user presets the finger coding rule according to actual needs, and the user uploads the finger coding rule to the server while properly storing the finger coding rule.
  • the server establishes a correspondence between the identity information of each user and the finger coding rule of the user, and saves it in the database. Therefore, when receiving the user identity information in the fingerprint authentication request, the server may directly extract the finger coding rule of the user from the database according to the user identity information, thereby obtaining corresponding fingers of the user respectively. Coding.
  • the finger encoding rules can be automatically generated by the server.
  • a function button of “finger coding rule generation” may be set on a website used by the user or a website page registered by the user. While saving the fingerprint information, the user may send a request generated by the finger coding rule to the server by clicking the function button, and carry the identity identification information of the user in the request.
  • the server automatically generates a finger encoding rule for the user to send to the client, prompting the user to be proper.
  • the server establishes a correspondence between the finger encoding rule and the user identity information, and saves it in the database. Therefore, when receiving the user identity information in the fingerprint authentication request, the server may directly extract the finger coding rule of the user from the database according to the user identity information, thereby obtaining corresponding fingers of the user respectively. Coding.
  • the server when the server displays the to-be-verified fingerprint code randomly extracted in step 302 to the user through the client, the user also according to the offset X saved by the user and the fingerprint to be verified. Code Y, combined with the preset calculation rules, to get the finger code.
  • the user determines which finger the currently calculated finger code corresponds to according to the finger coding rule saved by the user, and uploads the fingerprint corresponding to the finger to the server through the client.
  • the finger coding rule and the offset corresponding to each user are only known by the user and the server. If the current user is a legitimate user, the user can know which finger corresponding to the fingerprint code Y to be verified displayed by the current client according to the finger encoding rule and offset saved by the client, and provide correct fingerprint information. Fingerprint authentication. However, if the current user is not a legitimate user, the user cannot know the specific content of the finger coding rule and the offset, and it is even more difficult to know which finger the current fingerprint displayed by the client is corresponding to the fingerprint code Y. The correct fingerprint information will cause the authentication to fail.
  • the method in the embodiment of the present application not only needs the user to provide correct fingerprint information, but also needs the user to know the correct finger coding rules and offsets, and improves the single-dimensional fingerprint verification to the two-dimensional verification of the fingerprint plus encoding.
  • the above increases the difficulty of fingerprint verification, improves the reliability of fingerprint verification, and ensures the security of the user's network information.
  • the thief even if the fingerprint of the user is stolen, the thief does not know the finger coding rule and the offset of the user.
  • the thief illegally uses the user's fingerprint, since it cannot know the correct finger code, it still cannot pass the authentication, thereby ensuring the security of the user information and improving the reliability of the fingerprint verification.
  • the user even if the user's finger coding rules and offsets are stolen by others, the user only needs to provide personal identification information to the user's finger coding rules and By resetting the offset, the fingerprint can be used continuously, which solves the problem of fingerprint rejection caused by fingerprint theft in the prior art.
  • the range of values of ten fingers in the finger coding rule can also be flexibly set.
  • the formula (1) can be modified accordingly.
  • FIG. 5 is a flowchart of another embodiment of a method for fingerprint authentication according to the present application. The embodiment is described from a server side that implements fingerprint authentication:
  • Step 501 The server receives the fingerprint authentication request sent by the client, and obtains the user identity information carried in the fingerprint authentication request.
  • Step 502 The server randomly extracts two positive integers as the fingerprint to be verified, and sends the fingerprint to the client for display.
  • the server randomly extracts two integers as the first to-be-verified fingerprint code Y1 and the second to-be-verified fingerprint code Y2, respectively.
  • Step 503 The server receives the first to-be-verified fingerprint corresponding to the first to-be-verified fingerprint code and the second to-be-verified fingerprint corresponding to the second to-be-verified fingerprint code respectively uploaded by the client.
  • the server randomly extracts two integers (including 0 and 9) between 0 and 9 as fingerprints to be verified, and displays them to the user through the client.
  • the user needs to input corresponding fingerprints for the two fingerprints to be verified displayed by the client.
  • Step 504 The server acquires two offsets pre-stored by the user according to the user identity information, which are a first offset X1 and a second offset X2, respectively; the first offset X1 and the second offset
  • the quantity X2 is any positive integer.
  • the offset in the embodiment of the present application takes an integer between 0 and 9 as an example. Line description. In practical applications, any positive integer is applicable to the embodiments of the present application.
  • Step 505 According to the first to-be-verified fingerprint code Y1 and the first offset X1, combined with a preset calculation rule, obtain a first to-be-verified finger code Z1; according to the second to-be-verified fingerprint code Y2 and a second offset X2 In combination with the preset calculation rule, the second to-be-verified finger code Z2 is obtained.
  • Step 506 The server acquires fingerprint features corresponding to the two finger codes to be verified according to the user identity information and the finger coding rule preset by the user.
  • the finger coding rule is that the fingers of one hand of the user are respectively in one-to-one correspondence with the five integers of 0 to 4, and the fingers of the other hand of the user are respectively in one-to-one correspondence with the five integers of 5 to 9.
  • the finger coding rule may be that the left-hand finger of the user is respectively in one-to-one correspondence with the five integers of 0 to 4, and the right-hand finger of the user respectively corresponds to the five integers of 5 to 9, respectively, as shown in FIG. 6a. Shown.
  • the finger coding rule may be that the user's right hand fingers are respectively in one-to-one correspondence with the five integers of 0 to 4, and the user's left hand fingers are respectively in one-to-one correspondence with the five integers of 5 to 9, respectively, as shown in FIG. 6b. Show.
  • the server respectively acquires a first fingerprint feature corresponding to the first to-be-verified finger code Z1 and a second fingerprint feature corresponding to the second to-be-verified finger code Z2.
  • Step 507 The server compares the two fingerprint features with the two fingerprints to be verified uploaded by the client. If the two are consistent, the server returns a message that the fingerprint authentication is passed to the client; otherwise, the server returns the fingerprint authentication to the client. The message of failure.
  • the server compares the first fingerprint feature with the first fingerprint to be verified, and compares the second fingerprint feature with the second fingerprint to be verified, only when the comparison results of the two fingerprint features are If the authentication is consistent, the authentication is passed, and the message that the fingerprint authentication is passed is returned to the client; otherwise, if any of the results is inconsistent, the authentication fails, and the fingerprint authentication failure message is returned to the client.
  • the user when the user saves the fingerprint feature, the user needs to select two offsets, which are respectively recorded as X1 and X2, and are uploaded to the server through the client.
  • the first offset X1 and the second offset X2 are any integer between 0 and 9 (including 0 and 9).
  • the user selected the first offset After the amount X1 and the second offset X2, they are properly saved for use in fingerprint authentication.
  • the server After receiving the two offsets of the user uploaded by the client, the server establishes a correspondence between the identity information of the user and the two offsets, and saves the data in the database.
  • the server When performing fingerprint authentication, the server extracts two offsets of the user from the database according to the user identity information, and combines the two offsets and the two to-be-verified fingerprint codes randomly extracted in step 402.
  • the preset calculation rule obtains the finger code to be verified.
  • the preset calculation rule is preset, specifically:
  • Z1 is the first to-be-verified finger code
  • X1 is the first offset
  • Y1 is the first to-be-verified fingerprint code
  • Z2 is the second to-be-verified finger code
  • X2 is the second offset
  • Y2 is the second Verify fingerprint encoding
  • %5 is the remainder obtained by dividing by 5.
  • the offset X1 is any integer between 0 and 9, and the fingerprint code Y1 to be verified is also any integer between 0 and 9, and the Z1 calculated by the formula (2) belongs to 0 to An integer of 4.
  • the offset X2 is any integer between 0 and 9, and the fingerprint code Y2 to be verified is also any integer between 0 and 9, and the Z2 calculated by the formula (3) is an integer of 5 to 9. .
  • the finger coding rule is that the five fingers of one hand of the user respectively correspond to the five integers of 0 to 4, and the five fingers of the other hand of the user.
  • One of the integers, and the second to-be-verified finger code Z2 is one of the integers corresponding to the five fingers of the other hand of the user.
  • the fingers corresponding to the first to-be-verified finger code Z1 and the second to-be-verified finger code Z2 respectively are different from the same hand of the user.
  • the first offset X1 is 6, and the first to-be-verified fingerprint code Y1 is 8
  • the calculated first to-be-verified finger code Z1 is 4, and the corresponding finger is as shown in FIG. 6a.
  • Left thumb For another example, if the second offset X2 is 3 and the second to-be-verified fingerprint code Y2 is 9, the calculated second to-be-verified finger code Z2 is 7, and the corresponding finger is the right hand shown in FIG. 6a.
  • Middle finger is 3 and the second to-be-verified fingerprint code Y2 is 9
  • the calculated second to-be-verified finger code Z2 is 7, and the corresponding finger is the right hand shown in FIG. 6a.
  • This calculation rule is pre-set by the system and is known to the server and the user. Although the calculation rules are the same for different users. However, since the two offsets of each user are preset by themselves, only known to the user and the server, thereby ensuring the privacy of the finger code to be verified.
  • the server After the server obtains the to-be-verified finger code corresponding to the current two to-be-verified fingerprint codes by using the publicity (2) and (3), the server uses the identity identification information of the user to obtain the finger coding rule preset by the user, according to the finger.
  • the encoding rule determines which finger of the user is currently corresponding to each fingerprint to be verified, and extracts the fingerprint feature of the finger from the database.
  • the finger coding rule is that the five fingers of one hand of the user respectively correspond to the five integers of 0 to 4, and the five fingers of the other hand of the user respectively are 5
  • the five integers up to 9 correspond one-to-one.
  • the correspondence between each finger of the user and the five integers may be sequential or unordered. As long as the same user is guaranteed, the integer corresponding to each finger is unique.
  • the finger encoding rules can be preset by the user. Specifically, the user presets the finger coding rule according to actual needs, and the user uploads the finger coding rule to the server while properly storing the finger coding rule.
  • the server establishes a correspondence between the identity information of each user and the finger coding rule of the user, and saves it in the database. Therefore, when receiving the user identity information in the fingerprint authentication request, the server may directly extract the finger coding rule of the user from the database according to the user identity information, thereby obtaining corresponding fingers of the user respectively. Coding.
  • the finger encoding rules can be automatically generated by the server.
  • the client or the user may log in to the website used by the user.
  • the function button of "Finger encoding rule generation" is set on the page. While saving the fingerprint information, the user may send a request generated by the finger coding rule to the server by clicking the function button, and carry the identity identification information of the user in the request.
  • the server automatically generates a finger encoding rule for the user to send to the client, prompting the user to be proper.
  • the server establishes a correspondence between the finger encoding rule and the user identity information, and saves it in the database. Therefore, when receiving the user identity information in the fingerprint authentication request, the server may directly extract the finger coding rule of the user from the database according to the user identity information, thereby obtaining corresponding fingers of the user respectively. Coding.
  • the server when the server displays the two to-be-verified fingerprint codes randomly extracted in step 502 to the user through the client, the user also according to the two offsets saved by the user and the Two fingerprints to be verified, combined with preset calculation rules, obtain two finger codes.
  • the user determines, according to the finger coding rule saved by the user, which finger is currently corresponding to the two finger codes, and uploads the fingerprints corresponding to the two fingers to the server through the client.
  • the finger coding rule and the offset corresponding to each user are only known by the user and the server. If the current user is a legitimate user, the user can know which finger corresponding to the fingerprint to be verified displayed by the current client according to the finger encoding rules and offsets saved by the user, and provide correct fingerprint information through the fingerprint. Certification. However, if the current user is not a legitimate user, the user cannot know the specific content of the finger coding rule and the offset, and it is hard to know which finger the current fingerprint displayed by the client is corresponding to, and it is difficult to provide the correct one. Fingerprint information, which can cause authentication to fail.
  • the method in the embodiment of the present application not only needs the user to provide correct fingerprint information, but also needs the user to know the correct finger coding rules and offsets, and improves the single-dimensional fingerprint verification to the two-dimensional verification of the fingerprint plus encoding.
  • the above increases the difficulty of fingerprint verification, improves the reliability of fingerprint verification, and ensures the security of the user's network information.
  • the thief even if the fingerprint of the user is stolen, the thief does not know the user's Finger encoding rules and offsets.
  • the thief illegally uses the user's fingerprint, since it cannot know the correct finger code, it still cannot pass the authentication, thereby ensuring the security of the user information and improving the reliability of the fingerprint verification.
  • the fingerprint can be used continuously, which solves the problem that the fingerprint is discarded due to the theft of the fingerprint in the prior art.
  • the range of values of five fingers of each hand in the finger coding rule can also be flexibly set.
  • the formulas (2) and (3) can be modified accordingly.
  • the finger coding rule may be set such that five fingers of one hand of the user are respectively in one-to-one correspondence with five integers of 1 to 5, and five fingers of the other hand of the user are respectively 6 to 10.
  • the finger coding rule can be set to five fingers of one hand of the user, one-to-one correspondence with five integers of (0+N) to (4+N), and the other hand of the user.
  • biometrics can include physiological features (eg, fingerprints, facial images, irises, palm prints, etc.) and behavioral features (eg, gait, sound, handwriting, etc.).
  • two or more biometric features of the user may be selected in advance, corresponding feature codes are preset for each biometric, and a correspondence relationship between each biometric and feature encoding is established.
  • Feature code table The user uploads the feature code table to the server while maintaining the feature code table.
  • Each of the biometric features corresponds to a unique feature code, and the feature codes corresponding to the different biometric features are different.
  • the server establishes a correspondence between the identity information of each user and the feature coding table of the user. And saved in the database.
  • the server Upon receiving the feature authentication request sent by the client, the server obtains the user identity information carried in the feature authentication request. According to the identity identification information of the user, the feature coding table of the user is extracted from the database, so that the feature code corresponding to each biometric feature of the user is obtained. The server randomly extracts the feature code corresponding to the at least one biometric of the user as the feature code to be verified, and displays it to the user through the client.
  • the user sees the feature code to be verified displayed by the client, and determines the biometric corresponding to the feature code to be verified according to the feature code table saved by the client, and uploads it to the server through the client.
  • the server After receiving the biometric to be verified uploaded by the client, the server searches for the feature coding table of the user, and determines the biometric of the user corresponding to the to-be-verified feature code.
  • the biometrics obtained by the server from the database corresponding to the feature code to be verified are correct biometrics.
  • the biometrics to be verified uploaded by the user through the client are compared with the correct biometrics. If the two are consistent, the biometric authentication is successful; otherwise, the authentication fails.
  • the biometrics may be separately encoded according to a large category, for example, the fingerprint is encoded as 1, the iris code is 2, and the palm print code is 3. And in the initial setting stage, specifically setting which finger of the user corresponding to the fingerprint code (for example, the right index finger of the user, etc.), setting which eye of the user corresponding to the iris code (for example, the right eye iris, etc.), setting the palm
  • the pattern encodes which hand of the user (for example, the right hand, etc.).
  • the specific content of the above settings is only known to the user and the server.
  • the server displays a specific feature code to be verified through the client, for example, display 2, the user can know through the feature coding table that the current server needs to verify the right eye iris, and the user uploads the right eye iris feature to the server through the client.
  • biometric verification When the server displays a specific feature code to be verified through the client, for example, display 2, the user can know through the feature coding table that the current server needs to verify the right eye iris, and the user uploads the right eye iris feature to the server through the client.
  • the biometrics may also be separately coded according to a small category, for example, the fingerprint of the ten fingers of the user is respectively encoded as 1 to 10, and the iris of the right eye of the user is encoded as 11 to the left eye of the user.
  • the code is 12, the user's right palm is encoded as 13 and the user's left hand is encoded as 14.
  • the server displays a specific feature code to be verified through the client, for example, display 11, the user can know through the feature coding table that the current server needs to verify the right eye iris, and the user uploads the right eye iris feature to the server through the client.
  • the present application also provides an embodiment of the fingerprint authentication device and the server.
  • Embodiments of the authentication device of the present application can be applied to a server.
  • the device embodiment may be implemented by software, or may be implemented by hardware or a combination of hardware and software. Taking the software implementation as an example, as a logical means, the processor of the device in which it is located reads the corresponding computer program instructions in the non-volatile memory into the memory. From the hardware level, as shown in FIG. 7, a hardware structure diagram of the device where the fingerprint authentication device is located, except for the processor, the memory, the network interface, and the non-volatile memory shown in FIG.
  • the device in which the device is located in the embodiment may also include other hardware according to the actual function of the device.
  • the client device may include a camera, a touch screen, a communication component, etc.
  • the server may include a packet responsible for processing the message. Forwarding chips and so on.
  • FIG. 8 is a block diagram of an embodiment of a fingerprint authentication apparatus of the present application
  • the fingerprint authentication apparatus can be applied to a server:
  • the apparatus includes a first receiving unit 800, an obtaining unit 801, a first transmitting unit 802, a second receiving unit 803, a comparing unit 804, and a second transmitting unit 805.
  • the first receiving unit 800 is configured to receive a fingerprint authentication request sent by the client, and obtain user identity information carried in the fingerprint authentication request.
  • the obtaining unit 801 is configured to obtain a fingerprint to be verified according to the user identity information.
  • the first sending unit 802 is configured to send the to-be-verified fingerprint code to the client display
  • the second receiving unit 803 is configured to receive a fingerprint to be verified corresponding to the fingerprint to be verified uploaded by the client;
  • the comparison unit 804 is configured to acquire, according to the user identity information, a fingerprint feature corresponding to the fingerprint to be verified stored in the database, and compare the fingerprint with the to-be-verified fingerprint;
  • the second sending unit 805 is configured to: when the comparison result of the comparing unit is consistent, return a message that the authentication is passed to the client.
  • the obtaining unit 801 may include: an encoding table obtaining sub Unit and first extraction subunit.
  • the encoding table obtaining sub-unit is configured to obtain a fingerprint encoding table of the user according to the user identity identification information; the fingerprint encoding table stores a fingerprint encoding corresponding to each finger of the user; And extracting a subunit, configured to randomly extract a fingerprint code corresponding to the at least one finger of the user as a fingerprint to be verified.
  • the comparing unit 804 may include: a searching subunit and a first fingerprint feature acquiring subunit.
  • the search subunit is configured to search the fingerprint code table of the user, and determine the finger of the user corresponding to the fingerprint code to be verified;
  • the first fingerprint feature acquisition subunit is configured to acquire the user in the database. Fingerprint characteristics of the finger.
  • the obtaining unit 801 includes a second extracting subunit, configured to randomly extract a positive integer as the fingerprint to be verified and send it to the client for display.
  • the user-preset finger coding rule acquires a fingerprint feature corresponding to the to-be-verified finger code; the finger coding rule is that the ten fingers of the user are respectively (0+N) to (9+N) Ten integers correspond one-to-
  • the obtaining unit 801 may include a third extracting subunit, configured to randomly extract two positive integers as the fingerprint to be verified, and send the fingerprint to the client for display;
  • the device embodiment since it basically corresponds to the method embodiment, reference may be made to the partial description of the method embodiment.
  • the device embodiments described above are merely illustrative, wherein the units described as separate components may or may not be physically separate, and the components displayed as units may or may not be physical units, ie may be located A place, or it can be distributed to multiple network units. Some or all of the modules may be selected according to actual needs to achieve the objectives of the present application. Those of ordinary skill in the art can understand and implement without any creative effort.
  • the server displays the fingerprint code required for verification to the user.
  • the user inputs a fingerprint of a finger corresponding to the fingerprint code according to a preset correspondence.
  • the server verifies the received fingerprint. If the received fingerprint matches the fingerprint corresponding to the fingerprint code saved in advance, the authentication passes; if not, the authentication fails.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Collating Specific Patterns (AREA)

Abstract

L'invention concerne un procédé d'authentification d'empreintes digitales. Le procédé consiste à recevoir une demande d'authentification d'empreintes digitales envoyée par un client, et à acquérir des informations d'identité utilisateur portées par la demande d'authentification d'empreintes digitales; à acquérir un code d'empreinte digitale à authentifier en fonction des informations d'identité utilisateur, et à envoyer le code d'empreinte digitale à authentifier au client pour affichage; à recevoir une empreinte digitale à authentifier qui est téléchargée par le client et correspond au code d'empeinte à authentifier; à acquérir, en fonction des aux informations d'identité utilisateur, une caractéristique d'empreinte digitale qui est stockée dans une base de données et correspond au code d'empreinte digitale à authentifier, et à comparer la caractéristique d'empreinte digitale avec l'empreinte digitale à authentifier; et si le résultat de la comparaison est cohérent, à renvoyer un message de réussite d'authentification au client. En utilisant des modes de réalisation de l'invention, même si une empreinte digitale d'un utilisateur est falsifiée, une authentification ne peut être réussie si le faussaire ne connaît pas la relation entre l'empreinte digitale et le code de l'empreinte digitale. En conséquence, la fiabilité de l'authentification d'empreinte digitale est améliorée, et la sécurité des informations de réseau de l'utilisateur est protégée.
PCT/CN2015/091690 2014-10-21 2015-10-10 Procédé et appareil d'authentification d'empreintes digitales et serveur WO2016062200A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410564672.5 2014-10-21
CN201410564672.5A CN105530230A (zh) 2014-10-21 2014-10-21 一种指纹认证的方法、装置及服务器

Publications (1)

Publication Number Publication Date
WO2016062200A1 true WO2016062200A1 (fr) 2016-04-28

Family

ID=55760280

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/091690 WO2016062200A1 (fr) 2014-10-21 2015-10-10 Procédé et appareil d'authentification d'empreintes digitales et serveur

Country Status (3)

Country Link
CN (1) CN105530230A (fr)
HK (1) HK1222268A1 (fr)
WO (1) WO2016062200A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109460646A (zh) * 2018-12-18 2019-03-12 北京京东尚科信息技术有限公司 用户身份识别方法、装置、系统、电子设备及可读介质
CN111222113A (zh) * 2018-11-27 2020-06-02 天地融科技股份有限公司 一种使用租用车辆的认证方法、系统及认证平台

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106899409A (zh) 2016-06-07 2017-06-27 阿里巴巴集团控股有限公司 身份认证方法及装置
CN109711134B (zh) * 2018-12-28 2021-06-29 中国移动通信集团江苏有限公司 基于网络的用户身份防盗用系统、方法、设备及存储介质

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1403995A (zh) * 2001-09-03 2003-03-19 王柏东 全球指纹认证的方法
US20070286465A1 (en) * 2006-06-07 2007-12-13 Kenta Takahashi Method, system and program for authenticating a user by biometric information
CN102306286A (zh) * 2011-08-24 2012-01-04 宇龙计算机通信科技(深圳)有限公司 身份识别方法、身份识别系统及身份识别终端

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101727550A (zh) * 2008-10-27 2010-06-09 联想(北京)有限公司 基于生物特征识别的密码安全系统和方法
CN101958792A (zh) * 2009-07-17 2011-01-26 华为技术有限公司 对用户进行指纹认证的方法和装置
CN103595719A (zh) * 2013-11-15 2014-02-19 清华大学 基于指纹的认证方法和系统

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1403995A (zh) * 2001-09-03 2003-03-19 王柏东 全球指纹认证的方法
US20070286465A1 (en) * 2006-06-07 2007-12-13 Kenta Takahashi Method, system and program for authenticating a user by biometric information
CN102306286A (zh) * 2011-08-24 2012-01-04 宇龙计算机通信科技(深圳)有限公司 身份识别方法、身份识别系统及身份识别终端

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111222113A (zh) * 2018-11-27 2020-06-02 天地融科技股份有限公司 一种使用租用车辆的认证方法、系统及认证平台
CN111222113B (zh) * 2018-11-27 2022-04-05 天地融科技股份有限公司 一种使用租用车辆的认证方法、系统及认证平台
CN109460646A (zh) * 2018-12-18 2019-03-12 北京京东尚科信息技术有限公司 用户身份识别方法、装置、系统、电子设备及可读介质

Also Published As

Publication number Publication date
HK1222268A1 (zh) 2017-06-23
CN105530230A (zh) 2016-04-27

Similar Documents

Publication Publication Date Title
JP6820062B2 (ja) アイデンティティ認証方法ならびに装置、端末及びサーバ
US10735412B2 (en) Use of a biometric image for authorization
CN109660501B (zh) 用于提供基于区块链的多因素个人身份验证的系统和方法
KR102038851B1 (ko) 신원들을 검증하기 위한 방법 및 시스템
US20160269411A1 (en) System and Method for Anonymous Biometric Access Control
KR101613233B1 (ko) 개선된 생체 인증 및 신원확인
US10868672B1 (en) Establishing and verifying identity using biometrics while protecting user privacy
US9119539B1 (en) Performing an authentication operation during user access to a computerized resource
US11188628B2 (en) Biometric challenge-response authentication
TW201816648A (zh) 業務實現方法和裝置
CN103279764A (zh) 基于人脸识别的网络实名认证系统
WO2016062200A1 (fr) Procédé et appareil d'authentification d'empreintes digitales et serveur
CN103714282A (zh) 一种互动式的基于生物特征的识别方法
CA2688242A1 (fr) Protocole d'ouverture de session securisee
US20140143551A1 (en) Encoding biometric identification information into digital files
US10601822B2 (en) Multifactor authentication device
CN102354354A (zh) 一种基于信息指纹技术的图片密码生成认证方法
JP6745009B1 (ja) 認証システム、認証装置、認証方法、及びプログラム
Lone et al. A novel OTP based tripartite authentication scheme
JP2007265219A (ja) 生体認証システム
JP6502083B2 (ja) 認証装置、情報端末装置、プログラム、並びに認証方法
US20150007290A1 (en) Stimuli-Response-Driven Authentication Mechanism
WO2021255821A1 (fr) Serveur d'authentification, procédé de recommandation de mise à jour d'image faciale et support de stockage
US9594968B1 (en) Biometric profile creation
US9405891B1 (en) User authentication

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15851678

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15851678

Country of ref document: EP

Kind code of ref document: A1