WO2016141561A1 - Iris identity authentication accessory and system - Google Patents

Iris identity authentication accessory and system Download PDF

Info

Publication number
WO2016141561A1
WO2016141561A1 PCT/CN2015/073981 CN2015073981W WO2016141561A1 WO 2016141561 A1 WO2016141561 A1 WO 2016141561A1 CN 2015073981 W CN2015073981 W CN 2015073981W WO 2016141561 A1 WO2016141561 A1 WO 2016141561A1
Authority
WO
WIPO (PCT)
Prior art keywords
iris
identity authentication
mobile terminal
accessory
user
Prior art date
Application number
PCT/CN2015/073981
Other languages
French (fr)
Chinese (zh)
Inventor
王晓鹏
Original Assignee
北京释码大华科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京释码大华科技有限公司 filed Critical 北京释码大华科技有限公司
Priority to CN201580076668.7A priority Critical patent/CN107430688A/en
Priority to PCT/CN2015/073981 priority patent/WO2016141561A1/en
Publication of WO2016141561A1 publication Critical patent/WO2016141561A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V10/00Arrangements for image or video recognition or understanding
    • G06V10/10Image acquisition

Definitions

  • the invention relates to payment authentication technology, in particular to an iris identity authentication accessory and system.
  • biometric technology has been more and more widely applied to mobile payment to improve the security of payment.
  • identity authentication means such as Alipay's fingerprint payment
  • fingerprints are more unique and convenient than digital passwords, which can effectively reduce the risk of password leakage.
  • Memory complex payment passwords enhance the user experience.
  • fingerprints are easy to leave characteristic marks due to their contact properties, and can be easily copied by materials such as silica gel.
  • iris authentication Compared to fingerprint recognition, iris recognition has many advantages: many biometric points, high feature stability, non-contact identification, more accurate, and difficult to forge. More secure. Therefore, iris payment has a greater advantage in the field of mobile payment.
  • iris authentication in mobile payment requires mobile phone hardware support, especially the need for dedicated iris acquisition imaging sensors, which is difficult to popularize in mobile terminals such as mobile phones. How to make the mobile terminal have the iris identity authentication function is a major bottleneck of current iris mobile payment.
  • the present invention provides an iris authentication device and system for mobile payment, which effectively solves the problem of enabling existing mobile terminals without changing the hardware structure of existing mobile terminals (such as mobile phones and tablet computers). It has the functions of iris recognition and iris identity authentication, which effectively solves the bottleneck of iris mobile payment.
  • an iris identity authentication accessory comprising: an optical lens component adapted to optically image a region of interest comprising a user's iris.
  • Image sensor suitable for interested in containing the user's iris
  • the optical image of the area is converted into an electronic image.
  • the interface unit is adapted to connect the iris identity authentication accessory to the mobile terminal, so that the iris identity authentication accessory communicates with the mobile terminal.
  • a data processing unit adapted to process the electronic image output by the image sensor and transmit the processed electronic image to the mobile terminal through the interface unit, so that the mobile terminal compares the iris template and authenticates the user identity.
  • the ID circuit module includes at least one unique iris identity authentication accessory ID serial number storage area from which the mobile terminal can read the unique ID serial number.
  • the interface unit is further adapted to power the iris identity authentication accessory when connected to the mobile terminal.
  • the iris identity authentication accessory further comprises a power supply unit adapted to supply power to the iris identity authentication accessory.
  • the interface unit comprises any one of a USB OTG interface, an audio jack or a headphone jack, a Bluetooth interface, and a WIFI interface.
  • the USB OTG interface includes any one of USB 2.0, USB 3.0, and MicroUSB interfaces.
  • the housing is further included, wherein the USB OTG interface is physically and fixedly connected to the housing.
  • the iris identity authentication accessory can be fixed on the mobile terminal device, so that the mobile terminal has the overall function of iris recognition.
  • the data processing unit further includes an encryption module adapted to perform encryption processing on the electronic image.
  • the encryption algorithm may use a symmetric encryption algorithm, an asymmetric encryption algorithm, a public key private key encryption algorithm, a quantum encryption algorithm, or other specific encryption algorithms.
  • the image may be compressed and outputted by a non-open source image compression technique.
  • the encrypted human eye or iris image needs to be decrypted before it can be opened. Otherwise, even if the hacker intercepts the data stream collected by the iris authentication accessory during the transmission process, the hacker cannot parse and obtain the user's iris image, which is very strong.
  • Hardware cryptography and anti-aggression have unique advantages in applications that require high data security (such as mobile payment).
  • the registered iris template storage module is further included, and is adapted to store the registered iris template data of the user in an encrypted manner.
  • the storage module can also store the original iris image collected by the user and the processed iris image.
  • the ID circuit module further includes an encryption circuit and/or a decryption circuit.
  • Each individual iris identity accessory device has a unique unique device ID serial number.
  • the ID serial number is generated or stored by the ID circuit module and can be encrypted by an encryption circuit to be output in an encrypted format.
  • the mobile terminal After the iris identity authentication attachment establishes a communication connection with the mobile terminal, the mobile terminal reads the device ID serial number, and if the serial number is encrypted, the mobile terminal decrypts and restores the ID serial number.
  • the mobile terminal identifies the validity of the iris identity authentication accessory device connected thereto by the device ID serial number. If the ID serial number read in is illegal, the iris identity authentication accessory device is refused to be identified, and subsequent iris identification work is not performed.
  • the optical lens component further includes a lens, a lens mount adapted to fix the lens, and a filter adapted to allow infrared light to pass therethrough.
  • the optical lens component further includes a focus adjustment unit adapted to adjust the focal length of the lens.
  • the lens imaging direction and the display screen of the mobile terminal connected thereto are on the same side of the mobile terminal.
  • the mobile terminal that authenticates the accessory inserted through the USB OTG interface performs iris authentication
  • the user can preview the user's own iris video or image collected by the accessory on the display screen of the mobile terminal to improve the user experience.
  • At least one LED lamp is further included, adapted to provide illumination for iris imaging.
  • an LED lamp control module is further included, adapted to adjust the mode of the LED lamp and/or the brightness of the LED lamp.
  • the mode of the LED lamp includes a normally lit mode and a blinking mode.
  • the LED light control module is further adapted to adjust the brightness of the LED light according to a predetermined mode in order to obtain an electronic image of the user's pupil and thus zooming, thereby facilitating living body detection.
  • the LED light comprises one of an infrared light LED or a visible light LED.
  • an iris identity authentication system comprising: an iris identity authentication accessory and a mobile terminal according to the present invention.
  • the mobile terminal includes a display unit adapted to display the iris imaging of the user in real time.
  • the interface unit is adapted to be connected to and communicate with the iris identity authentication accessory to initiate the iris identity authentication accessory to collect an electronic image containing the characteristics of the user's eye, and to read the ID serial number of the iris identity authentication accessory and transmit it to the mobile terminal.
  • the identity authentication accessory identification unit is adapted to identify the iris identity authentication accessory according to the iris identity authentication accessory ID serial number.
  • the iris identity authentication unit is adapted to generate a user iris template according to the electronic image, and authenticate the identity of the user according to the result of the comparison between the iris template and the registered iris template data of the user.
  • the user's registered iris template data is stored in the registered iris template memory of the iris identity authentication attachment.
  • the user's registered iris template data is stored in the server.
  • the mobile terminal further comprises a mobile payment unit adapted to send an identity authentication request to the iris identity authentication unit and to receive the identity authentication result from the iris identity authentication unit.
  • the iris identity authentication system further includes an image processing unit adapted to analyze the distance between the user and the iris identity authentication accessory according to the pupil spacing of the eyes of the user in the collected electronic image or the pupil diameter of the single eye, and generate a distance adjustment.
  • the indication signal prompts the user to change the mobile terminal/iris identity authentication attachment to the eye distance.
  • the image processing unit is further adapted to calculate the pupil spacing of the two eyes in the electronic image or the pupil diameter of the single eye to analyze the distance between the user and the optical lens component to generate the distance adjustment control.
  • the signal is used to control the focal length adjustment unit in the iris authentication accessory to achieve autofocusing of the iris lens by the optical lens.
  • the iris identity authentication unit is adapted to generate any one of the following manners to generate a user iris template according to the electronic image, and according to the iris template and the user's registered iris template data.
  • the result of the comparison is used to authenticate the user's identity: the iris template and the user's registered iris template data are compared in the mobile terminal, and the user identity is authenticated according to the comparison result; the iris template is sent to the server so that the server will Comparing the iris template with the registration template data of the user stored in the server, and receiving the comparison result sent by the server to authenticate the user identity; sending the iris template and the registration template data of the user to the server, So that the server compares the iris template with the registration template data of the user, and receives the comparison result sent by the server to authenticate the user identity; and sends the iris template to the iris identity authentication attachment for the iris identity Certified attachment to the iris template and iris identity attachment User registration iris template stored data results to authenticate the user's identity than sending the comparison, iris authentication and receiving attachments.
  • an iris identity authentication accessory comprising an optical lens component adapted to optically image a region of interest comprising a user's iris.
  • Image sensor suitable for interested in containing the user's iris
  • the optical image of the area is converted into an electronic image.
  • the interface unit is adapted to connect the iris identity authentication accessory to the mobile terminal, so that the iris identity authentication accessory communicates with the mobile terminal.
  • the ID circuit module includes at least one unique iris identity authentication accessory ID serial number storage area from which the mobile terminal can read the unique ID serial number.
  • the iris template storage module is registered and is adapted to store the registered iris template data of the user in an encrypted manner.
  • the data processing unit is adapted to process the electronic image output by the image sensor to acquire the iris template, compare the iris template with the registered iris template data of the user, and send the comparison result to the mobile terminal through the interface unit.
  • the interface unit comprises any one of a USB OTG interface, an audio jack or a headphone jack, a Bluetooth interface, and a WIFI interface.
  • the iris identity authentication accessory further comprises a power supply unit adapted to supply power to the iris identity authentication accessory.
  • an iris identity authentication system including an iris identity authentication accessory and a mobile terminal.
  • the mobile terminal includes an interface unit adapted to connect with and communicate with the iris identity authentication accessory, obtain an ID serial number of the iris identity authentication accessory, and a comparison result of the iris template and the registered iris template data of the user.
  • the iris identity authentication accessory identification unit is adapted to identify the iris identity authentication accessory according to the iris identity authentication accessory ID serial number.
  • An iris identity authentication unit adapted to authenticate a user's identity based on the comparison result.
  • the iris identity authentication accessory realizes acquisition and processing of iris images by a plurality of hardware units, and can provide a high quality iris image to the mobile terminal without increasing the burden on the mobile terminal. Further, the iris identity authentication accessory according to the present invention has a unique ID serial number, which can perform anti-counterfeiting identification on the iris identity authentication accessory, thereby ensuring that the iris identity authentication accessory for iris recognition is a legally authorized device and prevents illegal users. Attacks are made by falsifying unauthorized iris authentication attachments.
  • the iris identity authentication accessory according to the present invention can store the encrypted registered iris template, thereby maintaining the independence and security of the registered iris template.
  • the iris identity authentication accessory according to the present invention can be conveniently connected with different mobile terminals. On the basis of not customizing the mobile terminal hardware, the mobile terminal can replace the traditional identity by adopting the iris identity authentication method in applications such as mobile payment. Password authentication and fingerprint authentication have higher security.
  • the iris identity authentication technical solution according to the present invention further provides an iris identity authentication accessory, which implements image processing on the collected region of interest within the authentication accessory to obtain the user iris template. Further, the The authentication accessory can compare the user iris template with the registered user iris data stored in the authentication accessory, so that the identity authentication can be completed within the independent accessory, thereby greatly improving the confidentiality of the user iris data. In addition, the iris identity authentication accessory can conveniently connect with different mobile terminals and other devices for fast identity authentication, which greatly improves the user experience.
  • FIG. 1 shows a mobile terminal 100 in accordance with one embodiment of the present invention
  • FIG. 2 shows a schematic diagram of an iris identity authentication system in accordance with one embodiment of the present invention
  • FIG. 3 shows a schematic diagram of an iris identity authentication accessory 200 in accordance with one embodiment of the present invention
  • FIG. 4 shows a schematic diagram of an iris identity authentication accessory 200 in accordance with yet another embodiment of the present invention.
  • FIG. 5 illustrates an example of a user actually using an iris identity authentication system in accordance with one embodiment of the present invention
  • FIG. 6 is a block diagram showing the structure of an iris identity authentication accessory 200 according to an embodiment of the present invention.
  • FIG. 7 is a structural block diagram of an iris identity authentication application in a mobile terminal according to an embodiment of the present invention.
  • 8A and 8B respectively show examples of user interfaces in a single-eye iris registration process and a binocular iris registration process
  • FIG. 9 shows a block diagram of a structure of an iris identity authentication accessory 300 in accordance with yet another embodiment of the present invention.
  • FIG. 1 is a block diagram showing the structure of a mobile terminal 100.
  • the mobile terminal 100 can include a memory interface 102, one or more Data processors, image processors and/or central processing unit 104, and peripheral interface 106.
  • Memory interface 102, one or more processors 104, and/or peripheral interface 106 can be either discrete components or integrated into one or more integrated circuits. In the mobile terminal 100, various components may be coupled by one or more communication buses or signal lines. Sensors, devices, and subsystems can be coupled to the peripheral interface 106 to help implement a variety of functions.
  • motion sensor 110 can be coupled to peripheral interface 106 to facilitate functions such as orientation, illumination, and ranging.
  • Other sensors 116 may also be coupled to peripheral interface 106, such as a positioning system (e.g., a GPS receiver), a temperature sensor, a biometric sensor, or other sensing device, thereby facilitating the implementation of related functions.
  • Camera subsystem 120 and optical sensor 122 may be used to facilitate implementation of camera functions such as recording photos and video clips, where the camera subsystem and optical sensor may be, for example, a charge coupled device (CCD) or a complementary metal oxide semiconductor (CMOS) ) Optical sensor.
  • Communication functions may be facilitated by one or more wireless communication subsystems 124, which may include radio frequency receivers and transmitters and/or optical (e.g., infrared) receivers and transmitters.
  • the particular design and implementation of wireless communication subsystem 124 may depend on one or more communication networks supported by mobile terminal 100.
  • the mobile terminal 100 may be designed to include a supporting LTE, 3G, GSM communications network, GPRS network, EDGE network, Wi-Fi or WiMax network, and the network subsystem 124 Bluebooth TM.
  • the audio subsystem 126 can be coupled to the speaker 128 and the microphone 130 to assist in implementing voice-enabled functions such as voice recognition, voice replication, digital recording, and telephony functions.
  • I/O subsystem 140 may include touch screen controller 142 and/or one or more other input controllers 144.
  • Touch screen controller 142 can be coupled to touch screen 146.
  • the touch screen 146 and the touch screen controller 142 can detect contact and movement or pause with any of a variety of touch sensing technologies, including but not limited to capacitive, Resistive, infrared and surface acoustic wave technology.
  • One or more other input controllers 144 may be coupled to other input/control devices 148, such as one or more buttons, rocker switches, thumb wheels, infrared ports, USB ports, and/or pointing devices such as styluses .
  • the one or more buttons may include up/down buttons for controlling the volume of the speaker 128 and/or the microphone 130.
  • Memory interface 102 can be coupled to memory 150.
  • the memory 150 can include high speed random access memory and/or nonvolatile memory, such as one or more magnetic disk storage devices, one or more optical storage devices, and/or flash memory (eg, NAND, NOR).
  • the memory 150 can store an operating system 152, such as Android, IOS. Or an operating system like Windows Phone.
  • the operating system 152 can include instructions for processing basic system services and performing hardware dependent tasks.
  • the memory 150 can also store the application 154.
  • the operating system 152 is loaded from the memory 150 and executed by the processor 104 while the mobile device is running.
  • Application 154 is also loaded from memory 150 at runtime and executed by processor 104.
  • the application 154 runs on the operating system and utilizes an interface provided by the operating system and the underlying hardware to implement various functions desired by the user, such as instant messaging, web browsing, and picture management.
  • the application 154 can be provided independently of the operating system or can be provided by the operating system.
  • the requirements for image acquisition hardware and the hardware requirements required for iris authentication are different for users' camera and camera operations.
  • the camera subsystem 120 and optical sensor 122 of the mobile terminal are adapted to perform normal visible light imaging operations, and are less suitable for iris acquisition requiring infrared illumination, particularly image texture features of Asian black eyeballs.
  • camera subsystem 120 may perform multiplexing of normal photography and iris acquisition, but has limited effectiveness for iris acquisition.
  • the present invention provides an iris identity authentication accessory 200 for a mobile terminal.
  • the iris identity authentication accessory 200 can be connected to the mobile terminal 100 for iris identity authentication.
  • FIG. 2 illustrates an iris identity authentication system in accordance with one embodiment of the present invention.
  • the iris identity authentication system includes an iris identity authentication accessory 200 and a mobile terminal 100.
  • the mobile terminal 100 performs network authentication, login, and unlocking, and the like, the user can perform identity verification through the iris identity authentication accessory 200 and the application in the mobile terminal 100, thereby realizing that the hardware of the mobile terminal 100 itself is not required to be changed.
  • the mobile terminal 100 has the function of iris identity authentication. In this way, the user only needs to be equipped with the small and inexpensive iris authentication accessory 200, which enables the existing mobile terminal including the mobile phone, the tablet computer and the like to have the functions of iris collection and identity authentication.
  • FIG. 3 shows a schematic diagram of an iris identity authentication accessory 200 of a mobile terminal in accordance with one embodiment of the present invention.
  • the iris identity authentication accessory 200 of the present embodiment includes an optical lens component 210.
  • the optical lens component 210 is adapted to optically image a region of interest containing a user's iris.
  • the optical lens component 210 further includes a lens, a lens mount adapted to fix the lens, and a filter adapted to allow infrared light to pass therethrough.
  • the optical lens component may further include a focus adjustment unit. The user can adjust the focus distance of the focus adjustment unit, so that when acquiring an optical image, there is a higher image quality and a more free shooting distance.
  • FIG. 4 shows a schematic diagram of an iris identity authentication accessory 200 in accordance with yet another embodiment of the present invention.
  • at least one LED lamp 270 may be disposed around the optical lens component 210, which is adapted to provide illumination for image acquisition of the optical lens component.
  • an infrared LED lamp having a wavelength in the range of 600 to 1200 nm is provided on both sides of the optical lens unit 210.
  • the LED lamps distributed around the optical lens component 210 can be cross-illuminated.
  • the iris identity authentication accessory 200 in accordance with the present invention may also include an LED light control module.
  • the LED light control module is capable of controlling the illumination mode of the LED light.
  • the LED light control module can control the LED light to switch between the blinking mode and the long light mode, which can reduce power consumption.
  • the LED control module is capable of controlling the brightness of the LED lamp to vary in a predetermined manner. For example, when the iris identity authentication accessory 200 performs the image acquisition of the eye region, the LED light gradually darkens according to a certain rule, and then gradually becomes brighter by the dark, so as to stimulate the pupil of the person to perform size conversion. In this way, the iris identity authentication accessory 200 can obtain a feedback electronic image that results in a pupil zoom change.
  • the iris identity authentication system 200 can perform the living body detection by the eye electronic image obtained by the feedback, that is, whether the vital signs of the living body providing the eye image are normal. Furthermore, the iris identity authentication system can perform security authentication based on the judgment result of the vital signs, thereby ensuring that the object to be verified is the eye of the real living body, not the organ or the fake model that has been detached from the human body. Live detection with pupil scaling changes provides a higher level of security than other biometrics such as fingerprints.
  • the iris identity authentication accessory has an outer casing 230 externally.
  • the circuit structure of the iris authentication accessory is located inside the outer casing 230.
  • the shape of the outer casing 230 can be arbitrarily set according to different arrangements of internal structures or aesthetic factors.
  • the iris identity authentication accessory in accordance with the present invention can communicate with the mobile terminal 100 in a variety of ways.
  • the iris identity authentication accessory includes an interface unit 220 adapted to connect the iris identity authentication accessory to the mobile terminal.
  • the interface unit 220 includes any one of a USB OTG interface, an audio jack or a headphone jack, a Bluetooth interface, and a WIFI interface.
  • the USB OTG interface includes any one of USB2.0, USB3.0 and MicroUSB interfaces.
  • the interface unit includes a USB OTG interface.
  • USB OTG is an acronym for USB On-The-Go, which is mainly used for data connections between various devices or mobile devices, especially PDAs, mobile phones, and consumer devices.
  • USB OTG can connect a variety of different devices such as digital cameras, camcorders, and printers to solve the inconvenience of exchanging data between various devices or memory cards.
  • the mobile terminal has an OTG interface type as a female port, and the OTG interface type owned by the iris authentication accessory 200 is a public port.
  • the iris identity authentication accessory By inserting the OTG male port of the iris identity authentication accessory 200 onto the OTG female port of the mobile terminal, the iris identity authentication accessory (including the casing, circuit hardware, lens, etc.) can be fixed on the mobile terminal 100, so that the mobile terminal has the iris The overall function of identification.
  • the OTG interface of the iris authentication accessory is fixedly connected to the outer casing and the circuit structure.
  • FIG. 5 illustrates an example of a user actually using an iris identity authentication system in accordance with one embodiment of the present invention.
  • the imaging direction of the lens of the iris authentication accessory 200 and the display screen of the mobile terminal 100 are on the same side of the mobile terminal.
  • the user can hold the mobile terminal 100 to conveniently align the optical lens component 210 of the iris identity authentication accessory 200 with the human eye.
  • the area can simultaneously see the real-time imaging of the eye area collected by the iris person authentication accessory on the screen of the mobile terminal 100, so that the user can adjust the spatial position and the use distance of the iris image collection in time, thereby improving the speed of the user identity authentication. And improve the user experience.
  • the orientation of the OTG interface of the current mobile terminal is not the same, so that there may be a case where the imaging direction of the optical lens component 210 and the display of the mobile terminal 100 after the iris identity authentication accessory 200 is inserted into a mobile terminal 100
  • the screen is on the same side.
  • the imaging direction of the optical lens component 210 is on the opposite side of the display screen, so that the user does not see the real-time in the display screen of the mobile terminal 100 when facing the optical lens component 210 of the iris identity authentication accessory 200. Imaging.
  • the iris authentication accessory 200 can set its own OTG interface orientation for a mobile terminal that is oriented toward a specific OTG interface, thereby ensuring that the iris identity authentication accessory is inserted into the mobile terminal after the optical lens component 210 is inserted.
  • the imaging direction is on the same side of the mobile terminal as the display screen of the mobile terminal 100.
  • a lens rotation mechanism may be added to the iris identity authentication accessory 200 to change the imaging direction of the optical lens component 210 thereof.
  • FIG. 6 shows a block diagram of the structure of an iris identity authentication accessory 200 in accordance with one embodiment of the present invention.
  • the iris identity authentication accessory of the mobile terminal includes an optical lens component 210, an image sensor 240, an interface unit 220, a data processing unit 250, and an ID circuit module 260.
  • Image sensor 240 is adapted to convert an optical image of a region of interest comprising a user's iris into an electronic image.
  • the interface unit 220 is adapted to connect to the mobile terminal 100 and to communicate.
  • the connection methods mentioned here include physical detachable connection methods and wireless connection methods.
  • the interface unit 220 can select any one of the general connection standard structures.
  • the data processing unit 250 is adapted to convert and process the raw image data output by the image sensor 240, and transmit the processed iris electronic image to the mobile terminal 100 through the interface unit 220, so that the mobile terminal 100 receives the iris electronic image,
  • the iris template is generated by the iris recognition algorithm, and the user identity is authenticated by comparing the iris template with the registered iris template data of the user.
  • the iris electronic image may be a monocular image or a binocular image. According to an embodiment of the present invention, the method of measuring the Hamming distance is adopted, and the iris comparison result is smaller than the specified Hamming distance threshold, and the recognition result is the same user.
  • the processing of the electronic image by the data processing unit 250 includes performing denoising processing on the electronic image, and selecting an electronic image having a higher quality of the iris image included from the plurality of electronic images.
  • the data processing unit 250 can transmit the processed electronic image to the mobile terminal 100 through the interface unit 220.
  • the ID circuit module 260 includes at least one unique iris identity authentication accessory ID serial number storage area from which the mobile terminal can read the unique ID serial number. In this way, the application of the mobile terminal 100 can verify the identity of the iris identity authentication attachment by using the ID serial number, thereby ensuring that the legally registered iris identity authentication attachment can perform corresponding operations to ensure the identity security of the user. Thus, through the iris identity authentication accessory 200 as shown in FIG. 6, the iris feature based identity verification can be performed in the usual, non-hardware customized mobile terminal 100, and the secure operation of the mobile payment can be completed.
  • the ID circuit module 260 can also include an encryption circuit and/or a decryption module.
  • the mobile terminal can parse the ID data acquired from the ID circuit module only after the mobile terminal resides in the decryption application or plug-in corresponding to the ID circuit. In this way, the unique ID serial number corresponding to the iris identity authentication accessory 200 is stored with higher security, and is not easily intercepted and the ID identity is stolen.
  • Each individual iris identity accessory device has a unique device ID serial number.
  • the ID serial number is generated or stored by the ID circuit module and can be encrypted by an encryption circuit.
  • the ID circuit module 260 can output the ID serial number in an encrypted format.
  • the mobile terminal is decrypted to restore the ID serial number.
  • the mobile terminal identifies the validity of the iris identity authentication accessory 200 connected thereto by the ID serial number. For example, the application in the mobile terminal knows the legal device ID serial number list or the legality determination rule, and can determine whether the read device ID serial number is legal. If it is determined that the read ID serial number is illegal, the iris identity authentication accessory device is rejected, and the subsequent iris identification work is not performed.
  • interface unit 220 is a USB OTG interface.
  • the iris identity authentication accessory can obtain power from the mobile terminal through the USB OTG interface. In this way, the circuit structure of the iris authentication accessory can be further compressed to reduce the volume of the iris identity authentication accessory 200.
  • the mobile terminal 100 launches the iris authentication accessory 200 by application and acquires data transmitted by the iris authentication accessory 200.
  • the application manipulates the iris authentication accessory 200 through the underlying USB video class (UVC) driver of the mobile terminal 100.
  • the user can install the iris collection application on the mobile terminal 100 and obtain the system ROOT authority of the application.
  • the application can also be released as system software on the mobile terminal 100, and the user no longer needs to obtain the system root authority of the application.
  • interface unit 220 is a wireless interface (e.g., Bluetooth or WiFi).
  • the circuit structure inside the iris authentication accessory includes a power supply unit (not shown) that supplies power to the iris authentication accessory.
  • the iris identity authentication accessory 200 can be moved at will.
  • the iris authentication accessory can position the iris authentication accessory at a location suitable for the user's use by a positioning structure (eg, hook, mount, etc.) disposed on its outer casing 230.
  • the data processing unit 250 further includes an encryption module adapted to perform an encryption process on the electronic image.
  • the data processing unit 250 performs denoising processing on the electronic image acquired in the image sensor, and selects an electronic image with better imaging quality.
  • the encryption module then performs an encryption process on the electronic image to be transmitted.
  • the application in the mobile terminal 100 decrypts the electronic image to acquire an iris image.
  • the iris identity authentication accessory 200 encrypts the transmitted data itself, thereby ensuring the security of the electronic image containing the user's iris data.
  • the encryption algorithm may use a symmetric encryption algorithm, an asymmetric encryption algorithm, a public key private key encryption algorithm, a quantum encryption algorithm, or other specific encryption algorithms.
  • the iris identity authentication accessory 200 can also use a non-open source image compression technology to compress and output images for encryption.
  • the encrypted human eye or iris image needs to be decrypted to be opened. Otherwise, even if the illegal user intercepts the data stream collected by the iris authentication accessory 200 during the transmission process, the user's iris image cannot be obtained from the data stream. In this way, the iris authentication accessory 200 has strong hardware encryption and anti-aggression, and has unique advantages in an application scenario where data security is highly demanded, such as mobile payment.
  • the transmitted image format can be an uncompressed image format (such as Raw Data) or a processed image format such as YUV, RGB, or UVC, and can be encrypted.
  • data processing unit 250 may convert the raw electronic image output from image sensor 240 into a UVC image. Accordingly, after the mobile terminal 100 acquires the UVC image, the original UVC image can be parsed as needed and subsequent processing such as extracting iris features can be performed.
  • the data processing unit 250 may filter each frame of the original image output from the image sensor 240, obtain image data of higher iris image quality, and then meet the iris recognition requirements.
  • the image is transmitted to the mobile terminal 100 through the interface unit 220.
  • the amount of data transmitted by the iris identity authentication accessory 200 to the mobile terminal 100 is reduced, the data processing amount of the mobile terminal is also reduced, and the efficiency of iris identity authentication is improved.
  • the iris identity authentication accessory 200 may further include a registered iris template storage module (not shown) adapted to store the user's registered iris template data in an encrypted manner. In this way, the user can choose to store the registered iris template data in a separate device (i.e., the iris identity authentication accessory of the present invention).
  • the mobile terminal 100 can read the encrypted iris template data from the iris template storage module, and then compare with the iris image acquired in real time to confirm the current iris recognition. Whether the user identity is consistent with the identity of the user represented by the registered iris template data.
  • the user can use the iris identity authentication attachment storing the registered iris template data for identity authentication on different mobile terminals, thereby improving the user identity authentication.
  • storing the user's registered iris template in an encrypted manner in the iris identity authentication attachment provides a higher level of security than storing the registered iris template data in a mobile terminal (typically stored in a memory card) Sex.
  • FIG. 7 is a block diagram showing the structure of an iris identity authentication application in a mobile terminal according to an embodiment of the present invention.
  • the iris authentication application resides in the mobile terminal 100.
  • the iris identity authentication application includes a display unit 161, an interface unit 162, an iris identity authentication accessory identification unit 163, and an iris identity authentication unit 164.
  • the iris authentication application in the mobile terminal may further include an image processing unit.
  • the display unit 161 is adapted to display the iris preview image of the user in real time. In this way, the user can adjust the position of the iris identity authentication accessory relative to the eye area based on the displayed iris imaging to obtain higher quality iris imaging.
  • the display unit is also capable of displaying a human-machine interface during the iris registration and recognition process and an indication signal, such as three colors of red, green and blue, to indicate the distance between the user and the iris acquisition device. Among them, red indicates that the distance is too close, green indicates that the distance is appropriate, and blue indicates that the distance is too far.
  • the image processing unit is adapted to analyze the distance of the user from the optical lens component based on the pupil spacing of the two eyes in the electronic image or the pupil diameter of the single eye to generate a distance adjustment indication signal to prompt the user to change the distance between the mobile terminal and the eye.
  • 8A and 8B show examples of user interfaces in the single-eye iris registration process and the binocular iris registration process, respectively.
  • a first area 410 and a second area 420 are included in the interface as shown in FIG. 8A.
  • the first area 410 is an iris acquisition preview area. Alerts for the number of registrations can also be displayed in this preview area. For example, if “0” is displayed in the interface, it means that the iris authentication accessory has not registered the iris template data that can be used for the registered user registration.
  • the second area 420 displays prompt information for the user adjustment operation.
  • the display content is that the user should aim one eye at the round frame (of course, other shapes and border colors can also be used), and the indicator light from the far and near mobile phone to the mobile phone indicator or the iris authentication accessory turns green. Keep your phone stable to get high quality user iris data.
  • the first region 510, the second region 520, and the third region 530 are included in the interface shown in FIG. 8B.
  • the user can preview the binocular image.
  • the first area 510 can include three sections, each section corresponding to an identification to indicate a different range of distances between the mobile terminal and the eye. For example, the three parts are red, green, and blue.
  • the second area 520 can indicate the number of times the iris is registered by color or text. For example, when the eye pattern in the second region completely turns green, it indicates the completion of one iris registration. In addition to the color, the mobile terminal 100 can also use the indicator sound to prompt the user to use the distance.
  • the interface unit 162 is adapted to be associated with the iris identity authentication accessory 200 Connect, read the device ID serial number of the iris identity authentication accessory 200, or the acquired iris electronic image and the registered iris template data. In this way, the iris authentication application can acquire the electronic image of the region of interest containing the user's iris and the iris identity authentication attachment ID serial number, and has performed secure identity authentication.
  • the operating system of the mobile terminal 100 turns on the ROOT authority of the USB OTG, so that the mobile terminal 100 can successfully identify the iris identity authentication accessory 200 connected to the mobile terminal, and activates the master-slave mode, and the mobile terminal 100 can communicate with the iris identity through the USB OTG protocol.
  • the authentication accessory 200 performs signal communication to control the power supply and opening of the iris identity authentication accessory.
  • the iris authentication accessory 200 performs iris biometric feature collection and image encryption transmission to the mobile terminal according to the instruction of the mobile terminal 100.
  • the mobile terminal decodes the iris feature image and generates an iris template, and then performs the comparison.
  • the mobile terminal 100 may transmit the encrypted image data of the iris identity authentication accessory 200 to the server.
  • the server compares it with the iris template data registered by the user stored in the server, and then returns the comparison result to the mobile terminal.
  • the mobile terminal 100 may generate an iris template based on image data acquired from the iris identity authentication accessory 200.
  • the mobile terminal 100 then returns the iris template to the iris identity authentication accessory 200.
  • the data processing unit of the iris identity authentication accessory 200 can compare the iris template with the registered iris template data of the user stored in the iris identity authentication accessory 200, and transmit the comparison result to the mobile terminal 100.
  • the iris identity authentication accessory identification unit 163 is adapted to identify the iris identity authentication accessory 200 based on the iris identity authentication accessory ID serial number.
  • the iris identity authentication unit 164 is adapted to generate a user iris template according to the electronic image, and authenticate the identity of the user according to the result of the comparison between the iris template and the registered iris template data of the user.
  • the user's registered iris template is adapted to be compared with the iris features in the real-time iris image.
  • the mobile terminal 100 may also choose to download from the server.
  • the iris authentication application in the mobile terminal may further include a mobile payment unit.
  • the mobile payment unit is adapted to send an identity authentication request to the iris identity authentication unit 164 and an identity authentication result from the iris identity authentication unit. For example, when the user performs online shopping, the mobile payment unit sends an identity authentication request to the iris identity authentication unit 164 when preparing for network payment. After the iris authentication unit completes the authentication process, the mobile payment unit can receive the authentication result to complete the payment operation or refuse to pay.
  • the image sensor is adapted to calculate the pupil spacing of the two eyes in the electronic image or the pupil diameter of the single eye to analyze the distance of the user from the optical lens component to generate a distance adjustment control signal for control
  • the focal length adjustment unit in the iris authentication accessory realizes the autofocus of the iris lens for the optical lens. In this way, after aligning the optical lens component of the iris identity authentication accessory 200 with the eye area of the user, the user does not need to manually adjust the distance between the iris identity authentication accessory 200 and the eye within a normal distance range, but through the focus adjustment unit. Autofocus to improve user experience.
  • FIG. 9 shows a block diagram of an 300 of an iris identity authentication accessory in accordance with yet another embodiment of the present invention.
  • the iris identity authentication accessory 300 of the mobile terminal includes an optical lens component 310, an image sensor 340, an interface unit 320, a registered iris template storage module 330, a data processing unit 350, and an ID circuit module 360.
  • An optical lens component 360 is adapted to optically image a region of interest comprising a user's iris.
  • An image sensor 340 is adapted to convert an optical image of the region of interest comprising the user's iris into an original electronic image.
  • the ID circuit module 360 includes at least one unique iris identity authentication accessory ID serial number storage area from which the mobile terminal can read the unique ID serial number.
  • the registered iris template storage module 330 is adapted to store the registered iris template data of the user in an encrypted manner.
  • the interface unit 320 is adapted to connect the iris identity authentication accessory 300 to the mobile terminal 100 such that the iris identity authentication accessory 300 communicates with the mobile terminal 100.
  • the data processing unit 350 is adapted to process the original electronic image output by the image sensor 340 to acquire an iris template, compare the iris template with the registered iris template data of the user, and send the comparison result through the interface unit. To the mobile terminal.
  • the user can quickly connect the iris authentication accessory to any selected mobile terminal when performing operations such as mobile payment, login, and unlocking.
  • the user can control the opening and subsequent work of the iris authentication accessory through an application in the mobile terminal corresponding to the iris authentication accessory 300 (for example, a separate application in the mobile terminal or a plug-in for the payment application, etc.).
  • an application in the mobile terminal corresponding to the iris authentication accessory 300 for example, a separate application in the mobile terminal or a plug-in for the payment application, etc.
  • the user can quickly collect images of the eye area through the iris identity authentication accessory.
  • the iris acquisition accessory image acquisition sensor 340 transmits the image data to the data processing unit 350 using an iris extraction algorithm to generate a real-time iris template.
  • the iris extraction algorithm can use a variety of well-known algorithms, and will not be described here.
  • the data processing unit 350 also acquires the iris template data registered by the user from the registered iris template storage module 330, and then compares the real-time generated iris template with the iris template data registered by the user. In this way, the iris authentication accessory 300 can complete the authentication of the iris identity in the case of not outputting the user iris data, thereby reducing the possibility that the user data is illegally acquired, and can be quickly connected and used with a plurality of mobile terminals. Greatly improve user experience and security.
  • the interface unit 320 of the iris authentication accessory 300 of the embodiment may be any one of a USB OTG interface, an audio jack or a headphone jack, a Bluetooth interface, and a WIFI interface.
  • the interface unit 320 can also quickly use a protocol standard such as a headphone jack with a lower data transmission rate. Get the comparison knot fruit.
  • the iris identity authentication accessory 300 of the present embodiment can separately configure the power supply unit to supply power to the entire iris identity authentication accessory.
  • the iris authentication accessory 300 can also be powered by the mobile terminal 100 through the interface unit 320 when directly connected to the mobile terminal 100.
  • the iris identity authentication system includes an iris identity authentication accessory 300 and a mobile terminal 100.
  • the mobile terminal 100 also has an interface unit corresponding to the iris identity authentication accessory 300.
  • the mobile terminal 100 can communicate with the iris identity authentication accessory 300 through the interface unit.
  • the mobile terminal 100 After establishing the connection with the iris identity authentication accessory 300, the mobile terminal 100 first obtains the ID serial number of the iris identity authentication accessory 300, and then sends it to the server for ID identification to confirm whether the iris identity authentication accessory is a legally registered device to ensure identity. Legal and user security of authentication. If the ID serial number does not pass the authentication, the mobile terminal 100 ends the communication connection with the iris identity authentication accessory and prompts the user.
  • the mobile terminal 100 maintains the connection with the iris identity authentication accessory 300 and waits for the user to issue an indication to the iris identity authentication accessory 300 to obtain the iris identity comparison when performing mobile payment or application login.
  • the iris identity authentication accessory 300 can quickly establish an identity authentication system with any of the usual mobile terminals 100, especially for the user's private data, which can greatly improve the user. User experience and data security.
  • the iris identity authentication accessory according to the present invention further includes a registered iris template storage module adapted to store the user's registered iris template data in an encrypted manner.
  • A11 The iris identity authentication accessory of A10, wherein the optical lens component further comprises a focal length adjustment unit adapted to adjust a focal length of the lens.
  • A12 The iris identity authentication accessory according to A10 or A11, wherein after the interface unit is physically connected to the mobile terminal, the lens imaging direction and the display screen of the mobile terminal connected thereto are on the same side of the mobile terminal.
  • A13 An iris identity authentication accessory in accordance with the present invention, further comprising at least one LED light adapted to provide illumination for iris imaging.
  • A14 The iris identity authentication accessory according to A13, further comprising an LED light control module adapted to adjust the mode of the LED light and/or the brightness of the LED light.
  • A15 The iris identity authentication accessory of A13, wherein the mode of the LED light comprises a constant light mode and a blinking mode.
  • A16 The iris identity authentication accessory of A14, wherein the LED light control module is further adapted to adjust the brightness of the LED light according to a predetermined mode to obtain an electronic image of the user's pupil and thus zooming.
  • A17 The iris identity authentication accessory of A16, wherein the LED light comprises an infrared light LED Or one of the visible LEDs.
  • A19 An iris identity authentication system according to the present invention, wherein the registered iris template data of the user is stored in a registered iris template memory of an iris identity authentication attachment.
  • A20 An iris identity authentication system according to the present invention, wherein the registered iris template data of the user is stored in a mobile terminal or a server.
  • A21 An iris identity authentication system according to the present invention, wherein the mobile terminal further comprises a mobile payment unit adapted to send an identity authentication request to the iris identity authentication unit and to receive the identity authentication result from the iris identity authentication unit.
  • the iris identity authentication system further includes: an image processing unit, configured to analyze a distance between the user and the iris identity authentication accessory according to a pupil distance of the user's eyes in the collected electronic image or a pupil diameter of the single eye, and generate a distance adjustment.
  • the indication signal prompts the user to change the mobile terminal/iris identity authentication attachment to the eye distance.
  • A23 The iris identity authentication system according to A22, wherein the image processing unit is further adapted to: calculate a pupil spacing of the two eyes in the electronic image or a pupil diameter of the single eye to analyze a distance between the user and the optical lens component to generate a distance adjustment control The signal is used to control the focal length adjustment unit in the iris authentication accessory to achieve autofocusing of the iris lens by the optical lens.
  • A24 The iris identity authentication system according to the present invention, wherein the iris identity authentication unit is adapted to generate a user iris template according to an electronic image according to any one of the following manners, and according to the iris template and the user's registered iris template data.
  • Aligning the results to authenticate the identity of the user comparing the iris template and the registered iris template data of the user in the mobile terminal, and authenticating the identity of the user according to the comparison result; sending the iris template to In the server, the server compares the iris template with the registered iris template data of the user stored in the server, and receives the comparison result sent by the server to authenticate the user identity; and the iris template and the user's registration
  • the iris template data is sent to the server, so that the server compares the iris template with the registered iris template data of the user, and receives the comparison result sent by the server to authenticate the user identity; and sends the iris template to the iris Identity authentication attachment so that the iris authentication attachment will be rainbow Iris template data registered user templates and iris authentication attachments stored the results in order to authenticate the user's identity than sending the comparison, iris authentication and receiving attachments.
  • A26 The iris identity authentication accessory according to the present invention, wherein the interface unit comprises any one of a USB OTG interface, an audio jack or a headphone jack, a Bluetooth interface, and a WIFI interface.
  • A27 The iris identity authentication accessory according to the present invention further includes a power supply unit adapted to supply power to the iris identity authentication accessory.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Theoretical Computer Science (AREA)
  • Collating Specific Patterns (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)

Abstract

An iris identity authentication accessory connected to a mobile terminal for communication, comprising:an optical camera component (210) suitable for performing optical imaging on a region of interest containing a user's iris;an image sensor (240) suitable for converting an optical image of the region of interest containing the user's iris into an original electronic image;an interface unit (220) suitable for connecting an iris identity authentication accessory (200) to a mobile terminal (100), so as to enable the iris identity authentication accessory (200) to communicate with the mobile terminal (100);a data processing unit (250) suitable for processing the original electronic image output by an image sensor (240), and transmitting the processed electronic image to the mobile terminal (100) by means of the interface unit (220), so as to facilitate the mobile terminal (100) in comparing same with an iris template and authenticating a user identity;and an ID circuit module (260) comprising an iris identity authentication accessory ID serial number storage region, so as to facilitate the mobile terminal (100) in reading a unique ID serial number therefrom.Also disclosed is an iris identity authentication system.

Description

虹膜身份认证附件及系统Iris identity certification attachments and systems 技术领域Technical field
本发明涉及支付认证技术,尤其涉及虹膜身份认证附件及系统。The invention relates to payment authentication technology, in particular to an iris identity authentication accessory and system.
背景技术Background technique
随着移动支付等支付方式的快速发展,生物识别技术被越来越广泛的应用到移动支付中,以提高支付的安全性。例如,目前提出的使用指纹取代密码进行手机支付的身份认证手段(如支付宝的指纹支付),相比于数字密码,指纹具有唯一性和方便性等特点,能有效减少密码泄漏的风险,用户无需记忆复杂的支付密码,提升了用户体验。然而,指纹因其接触性容易留下特征痕迹,能够通过硅胶等材料轻易仿造。一些网络电商平台已经普遍销售指纹套,很多他人指纹代打卡的事件经常发生。特别是,即便不被造假,指纹在用户不清醒(比如熟睡、酒醉)的时候可以被第三者借机盗按指纹,这在移动支付领域有十分大的风险。另外的一种更加安全可靠的生物识别方式为虹膜身份认证方式,相比于指纹识别,虹膜识别具有诸多优点:生物特征点多、特征稳定性高、非接触式识别、更精确、难以伪造以及安全性更高。因此,虹膜支付在移动支付领域具有更大的优势。With the rapid development of payment methods such as mobile payment, biometric technology has been more and more widely applied to mobile payment to improve the security of payment. For example, the currently proposed identity authentication means (such as Alipay's fingerprint payment) using fingerprints instead of passwords for mobile payment is more unique and convenient than digital passwords, which can effectively reduce the risk of password leakage. Memory complex payment passwords enhance the user experience. However, fingerprints are easy to leave characteristic marks due to their contact properties, and can be easily copied by materials such as silica gel. Some network e-commerce platforms have generally sold fingerprint sets, and many incidents of fingerprinting by others have occurred frequently. In particular, even if it is not falsified, the fingerprint can be stolen by a third party when the user is not awake (such as sleeping or drunk), which has a great risk in the field of mobile payment. Another safer and more reliable biometric method is iris authentication. Compared to fingerprint recognition, iris recognition has many advantages: many biometric points, high feature stability, non-contact identification, more accurate, and difficult to forge. More secure. Therefore, iris payment has a greater advantage in the field of mobile payment.
然而,在移动支付中应用虹膜身份认证需要手机硬件支持,特别是需要专用的虹膜采集成像传感器,难以在手机等移动终端中迅速普及。如何使得移动终端具有虹膜身份认证功能是当前虹膜移动支付的一大瓶颈。However, the application of iris authentication in mobile payment requires mobile phone hardware support, especially the need for dedicated iris acquisition imaging sensors, which is difficult to popularize in mobile terminals such as mobile phones. How to make the mobile terminal have the iris identity authentication function is a major bottleneck of current iris mobile payment.
发明内容Summary of the invention
为此,本发明提供一种移动支付的虹膜身份认证附件及系统,有效的解决了在不改动现有的移动终端(比如手机、平板电脑)的硬件结构的基础上,使能现有移动终端具备虹膜识别和虹膜身份认证的功能,从而有效的解决了虹膜移动支付的瓶颈。To this end, the present invention provides an iris authentication device and system for mobile payment, which effectively solves the problem of enabling existing mobile terminals without changing the hardware structure of existing mobile terminals (such as mobile phones and tablet computers). It has the functions of iris recognition and iris identity authentication, which effectively solves the bottleneck of iris mobile payment.
根据本发明的一个方面,提供了一种虹膜身份认证附件,包括:光学镜头部件,适于对包含用户虹膜的感兴趣区域进行光学成像。图像传感器,适于将包含用户虹膜的感兴趣 区域的光学图像转换成电子图像。接口单元,适于将虹膜身份认证附件连接到移动终端,从而使得虹膜身份认证附件与移动终端进行通信。数据处理单元,适于对图像传感器输出的电子图像进行处理,以及通过接口单元向移动终端传输经过处理的电子图像,以便移动终端从中比对虹膜模板和认证用户身份。ID电路模块,包括至少一个唯一的虹膜身份认证附件ID序列号存储区,以便由所述移动终端从中读取唯一ID序列号。According to one aspect of the invention, an iris identity authentication accessory is provided, comprising: an optical lens component adapted to optically image a region of interest comprising a user's iris. Image sensor suitable for interested in containing the user's iris The optical image of the area is converted into an electronic image. The interface unit is adapted to connect the iris identity authentication accessory to the mobile terminal, so that the iris identity authentication accessory communicates with the mobile terminal. And a data processing unit adapted to process the electronic image output by the image sensor and transmit the processed electronic image to the mobile terminal through the interface unit, so that the mobile terminal compares the iris template and authenticates the user identity. The ID circuit module includes at least one unique iris identity authentication accessory ID serial number storage area from which the mobile terminal can read the unique ID serial number.
可选地,在根据本发明的虹膜身份认证附件中,接口单元还适于在连接到移动终端时向虹膜身份认证附件供电。Optionally, in the iris identity authentication accessory according to the invention, the interface unit is further adapted to power the iris identity authentication accessory when connected to the mobile terminal.
可选地,根据本发明的虹膜身份认证附件还包括电源单元,适于向虹膜身份认证附件供电。Optionally, the iris identity authentication accessory according to the present invention further comprises a power supply unit adapted to supply power to the iris identity authentication accessory.
可选地,在根据本发明的虹膜身份认证附件中,接口单元包括USB OTG接口、音频插口或耳机插口、蓝牙接口和WIFI接口中任一种。Optionally, in the iris identity authentication accessory according to the present invention, the interface unit comprises any one of a USB OTG interface, an audio jack or a headphone jack, a Bluetooth interface, and a WIFI interface.
可选地,在根据本发明的虹膜身份认证附件中,USB OTG接口包括USB2.0、USB3.0和MicroUSB接口中任一种。Optionally, in the iris identity authentication accessory according to the present invention, the USB OTG interface includes any one of USB 2.0, USB 3.0, and MicroUSB interfaces.
可选地,在根据本发明的虹膜身份认证附件中,还包括外壳,其中USB OTG接口与外壳物理固定连接。这样,可以将虹膜身份认证附件固定在移动终端设备上,从而使得移动终端具有虹膜识别的整体功能。Optionally, in the iris identity authentication accessory according to the present invention, the housing is further included, wherein the USB OTG interface is physically and fixedly connected to the housing. In this way, the iris identity authentication accessory can be fixed on the mobile terminal device, so that the mobile terminal has the overall function of iris recognition.
可选地,在根据本发明的虹膜身份认证附件中,数据处理单元还包括加密模块,适于对所述电子图像进行加密处理。加密算法可以使用对称加密算法、非对称加密算法、公钥私钥加密算法、量子加密算法或其他特定的加密算法;也可以采用不开源的图像压缩的技术对图像进行压缩输出进行加密。经过加密处理后的人眼或虹膜图像需要进行解密才能被打开,否则即便在传输过程中被黑客截获虹膜身份认证附件采集的数据流,黑客也无法解析破解得到用户的虹膜图像,具有很强的硬件加密性和抗攻击性,在对数据安全性有较高要求的应用场景(比如移动支付)具有独特优势。Optionally, in the iris identity authentication accessory according to the present invention, the data processing unit further includes an encryption module adapted to perform encryption processing on the electronic image. The encryption algorithm may use a symmetric encryption algorithm, an asymmetric encryption algorithm, a public key private key encryption algorithm, a quantum encryption algorithm, or other specific encryption algorithms. The image may be compressed and outputted by a non-open source image compression technique. The encrypted human eye or iris image needs to be decrypted before it can be opened. Otherwise, even if the hacker intercepts the data stream collected by the iris authentication accessory during the transmission process, the hacker cannot parse and obtain the user's iris image, which is very strong. Hardware cryptography and anti-aggression have unique advantages in applications that require high data security (such as mobile payment).
可选地,在根据本发明的虹膜身份认证附件中,还包括注册虹膜模板存储模块,适于以加密方式存储用户的注册虹膜模板数据。同时,该存储模块也可以存储用户采集的虹膜原始图像以及经过处理后的虹膜图像。Optionally, in the iris identity authentication accessory according to the present invention, the registered iris template storage module is further included, and is adapted to store the registered iris template data of the user in an encrypted manner. At the same time, the storage module can also store the original iris image collected by the user and the processed iris image.
可选地,在根据本发明的虹膜身份认证附件中,ID电路模块还包括加密电路和/或解密电路。每一个独立的虹膜身份认证附件设备拥有一个唯一的独特的设备ID序列号。该 ID序列号由ID电路模块产生或存储,并可以通过加密电路进行加密以经过加密后的格式输出。当虹膜身份认证附件与移动终端建立通信连接后,移动终端会读取该设备ID序列号,如果该序列号被加密过,则在移动终端经过解密还原ID序列号。移动终端通过该设备ID序列号来识别与其连接的虹膜身份认证附件设备的有效性。如果读入的ID序列号非法,则拒绝识别该虹膜身份认证附件设备,不进行后续的虹膜身份识别工作。Optionally, in the iris identity authentication accessory according to the present invention, the ID circuit module further includes an encryption circuit and/or a decryption circuit. Each individual iris identity accessory device has a unique unique device ID serial number. The The ID serial number is generated or stored by the ID circuit module and can be encrypted by an encryption circuit to be output in an encrypted format. After the iris identity authentication attachment establishes a communication connection with the mobile terminal, the mobile terminal reads the device ID serial number, and if the serial number is encrypted, the mobile terminal decrypts and restores the ID serial number. The mobile terminal identifies the validity of the iris identity authentication accessory device connected thereto by the device ID serial number. If the ID serial number read in is illegal, the iris identity authentication accessory device is refused to be identified, and subsequent iris identification work is not performed.
可选地,在根据本发明的虹膜身份认证附件中,光学镜头部件还包括镜头、适于固定镜头的镜头座和适于允许红外光通过的滤光片。Optionally, in the iris identity authentication accessory according to the present invention, the optical lens component further includes a lens, a lens mount adapted to fix the lens, and a filter adapted to allow infrared light to pass therethrough.
可选地,在根据本发明的虹膜身份认证附件中,光学镜头部件还包括焦距调节单元,适于对镜头的焦距进行调节。Optionally, in the iris identity authentication accessory according to the present invention, the optical lens component further includes a focus adjustment unit adapted to adjust the focal length of the lens.
可选地,在根据本发明的虹膜身份认证附件中,在接口单元与移动终端物理连接后,镜头成像方向和与其连接的移动终端的显示屏幕在移动终端的同一侧。特别的,用户手持通过USB OTG接口插入的认证附件的移动终端进行虹膜身份认证时,能够在移动终端的显示屏幕上预览该附件实时采集的用户自身的虹膜视频或图像,提高用户体验。Optionally, in the iris identity authentication accessory according to the present invention, after the interface unit is physically connected to the mobile terminal, the lens imaging direction and the display screen of the mobile terminal connected thereto are on the same side of the mobile terminal. In particular, when the mobile terminal that authenticates the accessory inserted through the USB OTG interface performs iris authentication, the user can preview the user's own iris video or image collected by the accessory on the display screen of the mobile terminal to improve the user experience.
可选地,在根据本发明的虹膜身份认证附件中,还包括至少一个LED灯,适于为虹膜成像提供照明。Optionally, in the iris identity authentication accessory according to the invention, at least one LED lamp is further included, adapted to provide illumination for iris imaging.
可选地,在根据本发明的虹膜身份认证附件中,还包括LED灯控制模块,适于调节LED灯的模式和/或LED灯的亮度。Optionally, in the iris identity authentication accessory according to the invention, an LED lamp control module is further included, adapted to adjust the mode of the LED lamp and/or the brightness of the LED lamp.
可选地,在根据本发明的虹膜身份认证附件中,LED灯的模式包括常亮模式和闪烁模式。Alternatively, in the iris identity authentication accessory according to the present invention, the mode of the LED lamp includes a normally lit mode and a blinking mode.
可选地,在根据本发明的虹膜身份认证附件中,LED灯控制模块还适于根据预定的模式调节所述LED灯的亮度,以便获取用户瞳孔因此缩放变化的电子图像,从而便于活体检测。Optionally, in the iris identity authentication accessory according to the present invention, the LED light control module is further adapted to adjust the brightness of the LED light according to a predetermined mode in order to obtain an electronic image of the user's pupil and thus zooming, thereby facilitating living body detection.
可选地,在根据本发明的虹膜身份认证附件中,LED灯包括红外光LED或可见光LED之一。Optionally, in the iris identity authentication accessory according to the invention, the LED light comprises one of an infrared light LED or a visible light LED.
根据本发明的又一方面,还提供一种虹膜身份认证系统,包括:根据本发明的虹膜身份认证附件和移动终端。该移动终端包括显示单元,适于实时显示用户的虹膜成像。接口单元,适于与虹膜身份认证附件相连接并进行通信,以启动虹膜身份认证附件采集包含用户眼部特征的电子图像,和读取虹膜身份认证附件的ID序列号并传输到移动终端。虹膜 身份认证附件识别单元,适于根据虹膜身份认证附件ID序列号识别虹膜身份认证附件。虹膜身份认证单元,适于根据电子图像生成用户虹膜模板,并根据该虹膜模板与用户的注册虹膜模板数据进行比对的结果来认证用户的身份。According to still another aspect of the present invention, there is also provided an iris identity authentication system comprising: an iris identity authentication accessory and a mobile terminal according to the present invention. The mobile terminal includes a display unit adapted to display the iris imaging of the user in real time. The interface unit is adapted to be connected to and communicate with the iris identity authentication accessory to initiate the iris identity authentication accessory to collect an electronic image containing the characteristics of the user's eye, and to read the ID serial number of the iris identity authentication accessory and transmit it to the mobile terminal. Iris The identity authentication accessory identification unit is adapted to identify the iris identity authentication accessory according to the iris identity authentication accessory ID serial number. The iris identity authentication unit is adapted to generate a user iris template according to the electronic image, and authenticate the identity of the user according to the result of the comparison between the iris template and the registered iris template data of the user.
可选地,在根据本发明的虹膜身份认证系统中,用户的注册虹膜模板数据被存储在虹膜身份认证附件的注册虹膜模板存储器中。Alternatively, in the iris identity authentication system according to the present invention, the user's registered iris template data is stored in the registered iris template memory of the iris identity authentication attachment.
可选地,在根据本发明的虹膜身份认证系统中,用户的注册虹膜模板数据被存储在服务器中。Alternatively, in the iris identity authentication system according to the present invention, the user's registered iris template data is stored in the server.
可选地,在根据本发明的虹膜身份认证系统中,移动终端还包括移动支付单元,适于向虹膜身份认证单元发送身份认证请求以及从虹膜身份认证单元接收身份认证结果。Optionally, in the iris identity authentication system according to the present invention, the mobile terminal further comprises a mobile payment unit adapted to send an identity authentication request to the iris identity authentication unit and to receive the identity authentication result from the iris identity authentication unit.
可选地,根据本发明的虹膜身份认证系统还包括图像处理单元,适于根据采集的电子图像中用户的双眼的瞳孔间距或单眼的瞳孔直径分析用户与虹膜身份认证附件的距离,生成距离调节指示信号以提示用户改变移动终端/虹膜身份认证附件与眼部距离。Optionally, the iris identity authentication system according to the present invention further includes an image processing unit adapted to analyze the distance between the user and the iris identity authentication accessory according to the pupil spacing of the eyes of the user in the collected electronic image or the pupil diameter of the single eye, and generate a distance adjustment. The indication signal prompts the user to change the mobile terminal/iris identity authentication attachment to the eye distance.
可选地,在根据本发明的虹膜身份认证系统中,图像处理单元还适于,计算电子图像中双眼的瞳孔间距或者单眼的瞳孔直径来分析用户与光学镜头部件的距离,以便生成距离调节控制信号来控制虹膜身份认证附件中的焦距调节单元,实现光学镜头对虹膜成像的自动对焦。Optionally, in the iris identity authentication system according to the present invention, the image processing unit is further adapted to calculate the pupil spacing of the two eyes in the electronic image or the pupil diameter of the single eye to analyze the distance between the user and the optical lens component to generate the distance adjustment control. The signal is used to control the focal length adjustment unit in the iris authentication accessory to achieve autofocusing of the iris lens by the optical lens.
可选地,在根据本发明的虹膜身份认证系统中,虹膜身份认证单元适于下述方式中任一种来根据电子图像生成用户虹膜模板,并根据该虹膜模板与用户的注册虹膜模板数据进行比对的结果来认证用户的身份:将虹膜模板和用户的注册虹膜模板数据在移动终端中进行比对,并根据比对结果对用户身份进行认证;将虹膜模板发送到服务器中,以便服务器将该虹膜模板与服务器中存储的用户的注册模板数据进行比对,以及接收服务器发送的比对结果以对用户身份进行认证;将所述虹膜模板和所述用户的注册模板数据发送到服务器中,以便服务器将虹膜模板和所述用户的注册模板数据进行比对,并接收服务器发送的比对结果以对用户身份进行认证;以及,将所述虹膜模板发送到虹膜身份认证附件中,以便虹膜身份认证附件将该虹膜模板与虹膜身份认证附件中存储的用户的注册虹膜模板数据进行比对,和接收虹膜身份认证附件发送的比对结果以对用户身份进行认证。Optionally, in the iris identity authentication system according to the present invention, the iris identity authentication unit is adapted to generate any one of the following manners to generate a user iris template according to the electronic image, and according to the iris template and the user's registered iris template data. The result of the comparison is used to authenticate the user's identity: the iris template and the user's registered iris template data are compared in the mobile terminal, and the user identity is authenticated according to the comparison result; the iris template is sent to the server so that the server will Comparing the iris template with the registration template data of the user stored in the server, and receiving the comparison result sent by the server to authenticate the user identity; sending the iris template and the registration template data of the user to the server, So that the server compares the iris template with the registration template data of the user, and receives the comparison result sent by the server to authenticate the user identity; and sends the iris template to the iris identity authentication attachment for the iris identity Certified attachment to the iris template and iris identity attachment User registration iris template stored data results to authenticate the user's identity than sending the comparison, iris authentication and receiving attachments.
根据本发明的又一个方面,还提供一种虹膜身份认证附件,包括光学镜头部件,适于对包含用户虹膜的感兴趣区域进行光学成像。图像传感器,适于将包含用户虹膜的感兴趣 区域的光学图像转换成电子图像。接口单元,适于将虹膜身份认证附件连接到移动终端,从而使得虹膜身份认证附件与移动终端进行通信。ID电路模块,包括至少一个唯一的虹膜身份认证附件ID序列号存储区,以便由移动终端从中读取唯一ID序列号。注册虹膜模板存储模块,适于以加密方式存储用户的注册虹膜模板数据。数据处理单元,适于对图像传感器输出的电子图像进行处理以获取虹膜模板,并将该虹膜模板与用户的注册虹膜模板数据进行比对,以及将比对结果通过接口单元发送到移动终端。According to yet another aspect of the present invention, there is also provided an iris identity authentication accessory comprising an optical lens component adapted to optically image a region of interest comprising a user's iris. Image sensor suitable for interested in containing the user's iris The optical image of the area is converted into an electronic image. The interface unit is adapted to connect the iris identity authentication accessory to the mobile terminal, so that the iris identity authentication accessory communicates with the mobile terminal. The ID circuit module includes at least one unique iris identity authentication accessory ID serial number storage area from which the mobile terminal can read the unique ID serial number. The iris template storage module is registered and is adapted to store the registered iris template data of the user in an encrypted manner. The data processing unit is adapted to process the electronic image output by the image sensor to acquire the iris template, compare the iris template with the registered iris template data of the user, and send the comparison result to the mobile terminal through the interface unit.
可选地,在根据本发明的虹膜身份认证附件中,接口单元包括USB OTG接口、音频插口或耳机插口、蓝牙接口和WIFI接口中任一种。Optionally, in the iris identity authentication accessory according to the present invention, the interface unit comprises any one of a USB OTG interface, an audio jack or a headphone jack, a Bluetooth interface, and a WIFI interface.
可选地,根据本发明的虹膜身份认证附件还包括电源单元,适于向虹膜身份认证附件供电。Optionally, the iris identity authentication accessory according to the present invention further comprises a power supply unit adapted to supply power to the iris identity authentication accessory.
根据本发明的又一方面,还提供一种虹膜身份认证系统,包括虹膜身份认证附件和移动终端。该移动终端包括接口单元,适于与虹膜身份认证附件相连接并进行通信,获取虹膜身份认证附件的ID序列号、以及虹膜模板与用户的注册虹膜模板数据的比对结果。虹膜身份认证附件识别单元,适于根据虹膜身份认证附件ID序列号识别虹膜身份认证附件。虹膜身份认证单元,适于根据所述比对结果来认证用户的身份。According to still another aspect of the present invention, an iris identity authentication system is provided, including an iris identity authentication accessory and a mobile terminal. The mobile terminal includes an interface unit adapted to connect with and communicate with the iris identity authentication accessory, obtain an ID serial number of the iris identity authentication accessory, and a comparison result of the iris template and the registered iris template data of the user. The iris identity authentication accessory identification unit is adapted to identify the iris identity authentication accessory according to the iris identity authentication accessory ID serial number. An iris identity authentication unit adapted to authenticate a user's identity based on the comparison result.
根据本发明的虹膜身份认证技术方案,通过采用独立的虹膜身份认证附件与移动终端进行连接,从而能够获取高质量的虹膜图像并进行虹膜身份认证。根据本发明的虹膜身份认证附件通过多个硬件单元实现了对虹膜图像的获取和处理,能够在不增加移动终端过多负担的情况下,向移动终端提供高质量的虹膜图像。进一步,根据本发明的虹膜身份认证附件具有唯一的ID序列号,能够对虹膜身份认证附件进行防伪识别,从而保证了进行虹膜识别的虹膜身份认证附件为经过合法授权认证的设备,防止了非法用户通过伪造未经授权的虹膜身份认证附件来进行攻击。进一步,根据本发明的虹膜身份认证附件可以存储加密的注册虹膜模板,进而可以保持注册虹膜模板的独立性和安全性。根据本发明的虹膜身份认证附件可以方便的与不同的移动终端进行连接,在不对移动终端硬件进行定制的基础上,使得移动终端可以在进行移动支付等应用中,通过采用虹膜身份认证方式代替传统的密码认证和指纹认证,具有更高的安全性。According to the iris identity authentication technical solution of the present invention, by connecting with the mobile terminal by using an independent iris identity authentication accessory, high-quality iris images can be obtained and iris identity authentication can be performed. The iris identity authentication accessory according to the present invention realizes acquisition and processing of iris images by a plurality of hardware units, and can provide a high quality iris image to the mobile terminal without increasing the burden on the mobile terminal. Further, the iris identity authentication accessory according to the present invention has a unique ID serial number, which can perform anti-counterfeiting identification on the iris identity authentication accessory, thereby ensuring that the iris identity authentication accessory for iris recognition is a legally authorized device and prevents illegal users. Attacks are made by falsifying unauthorized iris authentication attachments. Further, the iris identity authentication accessory according to the present invention can store the encrypted registered iris template, thereby maintaining the independence and security of the registered iris template. The iris identity authentication accessory according to the present invention can be conveniently connected with different mobile terminals. On the basis of not customizing the mobile terminal hardware, the mobile terminal can replace the traditional identity by adopting the iris identity authentication method in applications such as mobile payment. Password authentication and fingerprint authentication have higher security.
另外,根据本发明的虹膜身份认证技术方案还提供了一种虹膜身份认证附件,实现了在认证附件内部对所采集到的感兴趣区域进行图像处理以获取用户虹膜模板。进一步,该 认证附件能够将用户虹膜模板与认证附件内存储的注册的用户虹膜数据进行比对,从而能够在独立的附件内部完成身份的认证,从而能够极大提高用户虹膜数据的保密性。还有,虹膜身份认证附件可以方便的与不同的移动终端等设备进行连接而进行快捷的身份认证,极大提高了用户体验度。In addition, the iris identity authentication technical solution according to the present invention further provides an iris identity authentication accessory, which implements image processing on the collected region of interest within the authentication accessory to obtain the user iris template. Further, the The authentication accessory can compare the user iris template with the registered user iris data stored in the authentication accessory, so that the identity authentication can be completed within the independent accessory, thereby greatly improving the confidentiality of the user iris data. In addition, the iris identity authentication accessory can conveniently connect with different mobile terminals and other devices for fast identity authentication, which greatly improves the user experience.
附图说明DRAWINGS
为了实现上述以及相关目的,本文结合下面的描述和附图来描述某些说明性方面,这些方面指示了可以实践本文所公开的原理的各种方式,并且所有方面及其等效方面旨在落入所要求保护的主题的范围内。通过结合附图阅读下面的详细描述,本公开的上述以及其它目的、特征和优势将变得更加明显。遍及本公开,相同的附图标记通常指代相同的部件或元素。In order to achieve the above and related objects, certain illustrative aspects are described herein in conjunction with the following description and the accompanying drawings. Within the scope of the claimed subject matter. The above as well as other objects, features and advantages of the present invention will become more apparent from the Detailed Description Throughout the disclosure, the same reference numbers generally refer to the same parts or elements.
图1示出了根据本发明一个实施例的移动终端100;Figure 1 shows a mobile terminal 100 in accordance with one embodiment of the present invention;
图2示出了根据本发明一个实施例的虹膜身份认证系统的示意图;2 shows a schematic diagram of an iris identity authentication system in accordance with one embodiment of the present invention;
图3示出了根据本发明一个实施例的虹膜身份认证附件200的示意图;FIG. 3 shows a schematic diagram of an iris identity authentication accessory 200 in accordance with one embodiment of the present invention; FIG.
图4示出了根据本发明又一个实施例的虹膜身份认证附件200的示意图;4 shows a schematic diagram of an iris identity authentication accessory 200 in accordance with yet another embodiment of the present invention;
图5示出了根据本发明一个实施例的用户实际使用虹膜身份认证系统的示例;FIG. 5 illustrates an example of a user actually using an iris identity authentication system in accordance with one embodiment of the present invention; FIG.
图6示出了根据本发明一个实施例的虹膜身份认证附件200的结构框图;FIG. 6 is a block diagram showing the structure of an iris identity authentication accessory 200 according to an embodiment of the present invention;
图7示出了根据本发明一个实施例的移动终端中的虹膜身份认证应用的结构框图;FIG. 7 is a structural block diagram of an iris identity authentication application in a mobile terminal according to an embodiment of the present invention; FIG.
图8A和图8B分别示出了单眼虹膜注册过程和双眼虹膜注册过程中的用户界面示例;以及8A and 8B respectively show examples of user interfaces in a single-eye iris registration process and a binocular iris registration process;
图9示出了根据本发明又一个实施例的虹膜身份认证附件300的结构框图。FIG. 9 shows a block diagram of a structure of an iris identity authentication accessory 300 in accordance with yet another embodiment of the present invention.
具体实施方式detailed description
下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While the embodiments of the present invention have been shown in the drawings, the embodiments Rather, these embodiments are provided so that this disclosure will be more fully understood and the scope of the disclosure will be fully disclosed.
图1是移动终端100的结构框图。移动终端100可以包括存储器接口102、一个或多 个数据处理器、图像处理器和/或中央处理单元104,以及外围接口106。FIG. 1 is a block diagram showing the structure of a mobile terminal 100. The mobile terminal 100 can include a memory interface 102, one or more Data processors, image processors and/or central processing unit 104, and peripheral interface 106.
存储器接口102、一个或多个处理器104和/或外围接口106既可以是分立元件,也可以集成在一个或多个集成电路中。在移动终端100中,各种元件可以通过一条或多条通信总线或信号线来耦合。传感器、设备和子系统可以耦合到外围接口106,以便帮助实现多种功能。 Memory interface 102, one or more processors 104, and/or peripheral interface 106 can be either discrete components or integrated into one or more integrated circuits. In the mobile terminal 100, various components may be coupled by one or more communication buses or signal lines. Sensors, devices, and subsystems can be coupled to the peripheral interface 106 to help implement a variety of functions.
例如,运动传感器110、光传感器112和距离传感器114可以耦合到外围接口106,以方便定向、照明和测距等功能。其他传感器116同样可以与外围接口106相连,例如定位系统(例如GPS接收机)、温度传感器、生物测定传感器或其他感测设备,由此可以帮助实施相关的功能。For example, motion sensor 110, light sensor 112, and distance sensor 114 can be coupled to peripheral interface 106 to facilitate functions such as orientation, illumination, and ranging. Other sensors 116 may also be coupled to peripheral interface 106, such as a positioning system (e.g., a GPS receiver), a temperature sensor, a biometric sensor, or other sensing device, thereby facilitating the implementation of related functions.
相机子系统120和光学传感器122可以用于方便诸如记录照片和视频剪辑的相机功能的实现,其中所述相机子系统和光学传感器例如可以是电荷耦合器件(CCD)或互补金属氧化物半导体(CMOS)光学传感器。可以通过一个或多个无线通信子系统124来帮助实现通信功能,其中无线通信子系统可以包括射频接收机和发射机和/或光(例如红外)接收机和发射机。无线通信子系统124的特定设计和实施方式可以取决于移动终端100所支持的一个或多个通信网络。例如,移动终端100可以包括被设计成支持LTE、3G、GSM网络、GPRS网络、EDGE网络、Wi-Fi或WiMax网络以及BlueboothTM网络的通信子系统124。 Camera subsystem 120 and optical sensor 122 may be used to facilitate implementation of camera functions such as recording photos and video clips, where the camera subsystem and optical sensor may be, for example, a charge coupled device (CCD) or a complementary metal oxide semiconductor (CMOS) ) Optical sensor. Communication functions may be facilitated by one or more wireless communication subsystems 124, which may include radio frequency receivers and transmitters and/or optical (e.g., infrared) receivers and transmitters. The particular design and implementation of wireless communication subsystem 124 may depend on one or more communication networks supported by mobile terminal 100. For example, the mobile terminal 100 may be designed to include a supporting LTE, 3G, GSM communications network, GPRS network, EDGE network, Wi-Fi or WiMax network, and the network subsystem 124 Bluebooth TM.
音频子系统126可以与扬声器128以及麦克风130相耦合,以便帮助实施启用语音的功能,例如语音识别、语音复制、数字记录和电话功能。I/O子系统140可以包括触摸屏控制器142和/或一个或多个其他输入控制器144。触摸屏控制器142可以耦合到触摸屏146。举例来说,该触摸屏146和触摸屏控制器142可以使用多种触摸感测技术中的任何一种来检测与之进行的接触和移动或是暂停,其中感测技术包括但不局限于电容性、电阻性、红外和表面声波技术。一个或多个其他输入控制器144可以耦合到其他输入/控制设备148,例如一个或多个按钮、摇杆开关、拇指旋轮、红外端口、USB端口、和/或指示笔之类的指点设备。所述一个或多个按钮(未显示)可以包括用于控制扬声器128和/或麦克风130音量的向上/向下按钮。The audio subsystem 126 can be coupled to the speaker 128 and the microphone 130 to assist in implementing voice-enabled functions such as voice recognition, voice replication, digital recording, and telephony functions. I/O subsystem 140 may include touch screen controller 142 and/or one or more other input controllers 144. Touch screen controller 142 can be coupled to touch screen 146. For example, the touch screen 146 and the touch screen controller 142 can detect contact and movement or pause with any of a variety of touch sensing technologies, including but not limited to capacitive, Resistive, infrared and surface acoustic wave technology. One or more other input controllers 144 may be coupled to other input/control devices 148, such as one or more buttons, rocker switches, thumb wheels, infrared ports, USB ports, and/or pointing devices such as styluses . The one or more buttons (not shown) may include up/down buttons for controlling the volume of the speaker 128 and/or the microphone 130.
存储器接口102可以与存储器150相耦合。该存储器150可以包括高速随机存取存储器和/或非易失性存储器,例如一个或多个磁盘存储设备,一个或多个光学存储设备,和/或闪存存储器(例如NAND,NOR)。存储器150可以存储操作系统152,例如Android、IOS 或是Windows Phone之类的操作系统。该操作系统152可以包括用于处理基本系统服务以及执行依赖于硬件的任务的指令。存储器150还可以存储应用154。在移动设备运行时,会从存储器150中加载操作系统152,并且由处理器104执行。应用154在运行时,也会从存储器150中加载,并由处理器104执行。应用154运行在操作系统之上,利用操作系统以及底层硬件提供的接口实现各种用户期望的功能,如即时通信、网页浏览、图片管理等。应用154可以是独立于操作系统提供的,也可以是操作系统自带的。 Memory interface 102 can be coupled to memory 150. The memory 150 can include high speed random access memory and/or nonvolatile memory, such as one or more magnetic disk storage devices, one or more optical storage devices, and/or flash memory (eg, NAND, NOR). The memory 150 can store an operating system 152, such as Android, IOS. Or an operating system like Windows Phone. The operating system 152 can include instructions for processing basic system services and performing hardware dependent tasks. The memory 150 can also store the application 154. The operating system 152 is loaded from the memory 150 and executed by the processor 104 while the mobile device is running. Application 154 is also loaded from memory 150 at runtime and executed by processor 104. The application 154 runs on the operating system and utilizes an interface provided by the operating system and the underlying hardware to implement various functions desired by the user, such as instant messaging, web browsing, and picture management. The application 154 can be provided independently of the operating system or can be provided by the operating system.
一般而言,用户拍照和摄像等操作对图像采集硬件的要求和虹膜身份认证所需要的硬件要求不同。移动终端的相机子系统120和光学传感器122适于进行通常的可见光拍摄操作,而不太适于进行需要红外照明的虹膜采集,特别是很难采集到亚洲人黑色眼球的图像纹理特征。或者,相机子系统120可以进行通常拍摄和虹膜采集的复用,但是对于虹膜采集的效果有限。因此,本发明提供了一种移动终端的虹膜身份认证附件200。虹膜身份认证附件200可以连接到移动终端100进行虹膜身份认证。In general, the requirements for image acquisition hardware and the hardware requirements required for iris authentication are different for users' camera and camera operations. The camera subsystem 120 and optical sensor 122 of the mobile terminal are adapted to perform normal visible light imaging operations, and are less suitable for iris acquisition requiring infrared illumination, particularly image texture features of Asian black eyeballs. Alternatively, camera subsystem 120 may perform multiplexing of normal photography and iris acquisition, but has limited effectiveness for iris acquisition. Accordingly, the present invention provides an iris identity authentication accessory 200 for a mobile terminal. The iris identity authentication accessory 200 can be connected to the mobile terminal 100 for iris identity authentication.
图2示出了根据本发明一个实施例的虹膜身份认证系统。虹膜身份认证系统包括虹膜身份认证附件200和移动终端100。在移动终端100进行网络支付、登录和解锁等需要进行身份认证时,用户可以通过虹膜身份认证附件200以及移动终端100中的应用来完成身份验证,从而实现了在不需要改变移动终端100本身硬件设备的基础上,使移动终端100具有虹膜身份认证的功能。这样,用户只需要配备体积小巧、价格低廉的虹膜身份认证附件200,就能够使现有的包括手机、平板电脑等在内的移动终端具有虹膜采集和身份认证的功能。Figure 2 illustrates an iris identity authentication system in accordance with one embodiment of the present invention. The iris identity authentication system includes an iris identity authentication accessory 200 and a mobile terminal 100. When the mobile terminal 100 performs network authentication, login, and unlocking, and the like, the user can perform identity verification through the iris identity authentication accessory 200 and the application in the mobile terminal 100, thereby realizing that the hardware of the mobile terminal 100 itself is not required to be changed. Based on the device, the mobile terminal 100 has the function of iris identity authentication. In this way, the user only needs to be equipped with the small and inexpensive iris authentication accessory 200, which enables the existing mobile terminal including the mobile phone, the tablet computer and the like to have the functions of iris collection and identity authentication.
图3示出了根据本发明一个实施例的移动终端的虹膜身份认证附件200的示意图。如图3所示,本实施例的虹膜身份认证附件200包括了光学镜头部件210。该光学镜头部件210适于对包含了用户虹膜的感兴趣区域进行光学成像。该光学镜头部件210还包括镜头、适于固定镜头的镜头座和适于允许红外光通过的滤光片。另外,光学镜头部件还可以包括焦距调节单元。用户可以通过该焦距调节单元对焦距进行调节,这样在获取光学图像时,可以有更高的图像质量和更自由的拍摄距离。FIG. 3 shows a schematic diagram of an iris identity authentication accessory 200 of a mobile terminal in accordance with one embodiment of the present invention. As shown in FIG. 3, the iris identity authentication accessory 200 of the present embodiment includes an optical lens component 210. The optical lens component 210 is adapted to optically image a region of interest containing a user's iris. The optical lens component 210 further includes a lens, a lens mount adapted to fix the lens, and a filter adapted to allow infrared light to pass therethrough. In addition, the optical lens component may further include a focus adjustment unit. The user can adjust the focus distance of the focus adjustment unit, so that when acquiring an optical image, there is a higher image quality and a more free shooting distance.
图4示出了根据本发明又一个实施例的虹膜身份认证附件200的示意图。如图4所示,光学镜头部件210周围还可以设置有至少一个LED灯270,适于为光学镜头部件进行图像获取时提供照明。例如,光学镜头部件210两侧都设置有600~1200nm范围波长内的红外LED灯。这样,光学镜头部件210周围分布的LED灯可以进行交叉照明。特别是,在用 户佩戴有眼镜时,交叉照明的方式可以很好的减少眼镜片的反光干扰。根据本发明的虹膜身份认证附件200还可以包括LED灯控制模块。该LED灯控制模块能够控制LED灯的照明模式。例如,LED灯控制模块可以控制LED灯在闪烁模式和长亮模式之间进行切换,能够降低功耗。在又一个实施例中,LED控制模块能够控制LED灯的亮度按照预定方式进行变化。例如,虹膜身份认证附件200在进行眼部区域图像获取时,LED灯按照一定规律由亮逐渐变暗,再由暗逐渐变亮,以能够刺激人的瞳孔进行大小变换。这样,虹膜身份认证附件200可以获取得到瞳孔缩放变化的反馈电子图像。这样,虹膜身份认证系统200可以通过该反馈得到的眼部电子图像进行活体检测,即判断提供眼部图像的生物体的生命体征是否正常。进而,虹膜身份认证系统可以根据对生命体征的判断结果而进行安全认证,从而确保要验证的对象是真实活体的眼部,而不是已脱离人体的器官或者假的模型。利用瞳孔缩放变化进行的活体检测提供了比其他生物特征(如指纹)验证更高的安全级别。FIG. 4 shows a schematic diagram of an iris identity authentication accessory 200 in accordance with yet another embodiment of the present invention. As shown in FIG. 4, at least one LED lamp 270 may be disposed around the optical lens component 210, which is adapted to provide illumination for image acquisition of the optical lens component. For example, an infrared LED lamp having a wavelength in the range of 600 to 1200 nm is provided on both sides of the optical lens unit 210. Thus, the LED lamps distributed around the optical lens component 210 can be cross-illuminated. In particular, in use When the user wears glasses, the way of cross-illumination can reduce the reflection interference of the spectacle lens. The iris identity authentication accessory 200 in accordance with the present invention may also include an LED light control module. The LED light control module is capable of controlling the illumination mode of the LED light. For example, the LED light control module can control the LED light to switch between the blinking mode and the long light mode, which can reduce power consumption. In yet another embodiment, the LED control module is capable of controlling the brightness of the LED lamp to vary in a predetermined manner. For example, when the iris identity authentication accessory 200 performs the image acquisition of the eye region, the LED light gradually darkens according to a certain rule, and then gradually becomes brighter by the dark, so as to stimulate the pupil of the person to perform size conversion. In this way, the iris identity authentication accessory 200 can obtain a feedback electronic image that results in a pupil zoom change. In this way, the iris identity authentication system 200 can perform the living body detection by the eye electronic image obtained by the feedback, that is, whether the vital signs of the living body providing the eye image are normal. Furthermore, the iris identity authentication system can perform security authentication based on the judgment result of the vital signs, thereby ensuring that the object to be verified is the eye of the real living body, not the organ or the fake model that has been detached from the human body. Live detection with pupil scaling changes provides a higher level of security than other biometrics such as fingerprints.
如图3和图4所示,虹膜身份认证附件外部具有外壳230。虹膜身份认证附件的电路结构位于该外壳230内部。该外壳230的形状可以根据内部结构的不同布置或者美观因素的考虑进行任意设定。另外,根据本发明的虹膜身份认证附件可以通过多种方式与移动终端100进行通信。虹膜身份认证附件包括适于将虹膜身份认证附件连接到移动终端的接口单元220。例如,接口单元220包括USB OTG接口、音频插口或耳机插口、蓝牙接口和WIFI接口中任一种。其中,USB OTG接口包括USB2.0、USB3.0和MicroUSB接口中任一种。在图3和图4所示的实施例中,接口单元包括了USB OTG接口。USB OTG是USB On-The-Go的缩写,主要应用于各种不同的设备或移动设备,特别是PDA、移动电话、消费类设备之间的数据连接。USB OTG可以将数码照相机、摄像机、打印机等多种不同设备进行连接,以解决各种设备或者存储卡之间交换数据的不便。一般来说,移动终端拥有OTG接口类型为母口,虹膜身份认证附件200拥有的OTG接口类型为公口。通过将虹膜身份认证附件200的OTG公口插到移动终端的OTG母口上,便可将虹膜身份认证附件(包括外壳、电路硬件、镜头等)固定在移动终端100上,从而使得移动终端具有虹膜识别的整体功能。该虹膜身份认证附件的OTG接口与外壳及电路结构固定连接。As shown in Figures 3 and 4, the iris identity authentication accessory has an outer casing 230 externally. The circuit structure of the iris authentication accessory is located inside the outer casing 230. The shape of the outer casing 230 can be arbitrarily set according to different arrangements of internal structures or aesthetic factors. Additionally, the iris identity authentication accessory in accordance with the present invention can communicate with the mobile terminal 100 in a variety of ways. The iris identity authentication accessory includes an interface unit 220 adapted to connect the iris identity authentication accessory to the mobile terminal. For example, the interface unit 220 includes any one of a USB OTG interface, an audio jack or a headphone jack, a Bluetooth interface, and a WIFI interface. Among them, the USB OTG interface includes any one of USB2.0, USB3.0 and MicroUSB interfaces. In the embodiment shown in Figures 3 and 4, the interface unit includes a USB OTG interface. USB OTG is an acronym for USB On-The-Go, which is mainly used for data connections between various devices or mobile devices, especially PDAs, mobile phones, and consumer devices. USB OTG can connect a variety of different devices such as digital cameras, camcorders, and printers to solve the inconvenience of exchanging data between various devices or memory cards. Generally, the mobile terminal has an OTG interface type as a female port, and the OTG interface type owned by the iris authentication accessory 200 is a public port. By inserting the OTG male port of the iris identity authentication accessory 200 onto the OTG female port of the mobile terminal, the iris identity authentication accessory (including the casing, circuit hardware, lens, etc.) can be fixed on the mobile terminal 100, so that the mobile terminal has the iris The overall function of identification. The OTG interface of the iris authentication accessory is fixedly connected to the outer casing and the circuit structure.
图5示出了根据本发明一个实施例的用户实际使用虹膜身份认证系统的示例。如图5所示,当虹膜身份认证附件200通过OTG接口连接到移动终端100上时,虹膜身份认证附件200的镜头的成像方向与移动终端100的显示屏幕在移动终端的同一侧。这样,用户可以手持移动终端100,方便地将虹膜身份认证附件200的光学镜头部件210对准人眼部 区域,同时能够在移动终端100的屏幕上看到虹膜人份认证附件所采集的眼部区域的实时成像,以便用户及时调整虹膜图像采集的空间位置和使用距离,从而提升了用户身份认证的速度,并提高了用户的体验度。目前的移动终端的OTG接口的朝向并不尽相同,从而可能出现这样的情况,即,在虹膜身份认证附件200插入一个移动终端100后,光学镜头部件210的成像方向与该移动终端100的显示屏幕在同一侧。在插入另一个移动终端100后,光学镜头部件210的成像方向在显示屏幕的相反侧,从而用户在面对虹膜身份认证附件200的光学镜头部件210时看不到移动终端100的显示屏幕中实时成像。为了避免这种情况的出现,根据本发明的虹膜认证附件200可以针对特定OTG接口朝向的移动终端设定本身的OTG接口朝向,从而确保虹膜身份认证附件在插入移动终端后,光学镜头部件210的成像方向与移动终端100的显示屏幕在移动终端的同一侧。或者,也可以在虹膜身份认证附件200中增加镜头旋转机构,以改变其光学镜头部件210的成像方向。FIG. 5 illustrates an example of a user actually using an iris identity authentication system in accordance with one embodiment of the present invention. As shown in FIG. 5, when the iris authentication accessory 200 is connected to the mobile terminal 100 through the OTG interface, the imaging direction of the lens of the iris authentication accessory 200 and the display screen of the mobile terminal 100 are on the same side of the mobile terminal. In this way, the user can hold the mobile terminal 100 to conveniently align the optical lens component 210 of the iris identity authentication accessory 200 with the human eye. The area can simultaneously see the real-time imaging of the eye area collected by the iris person authentication accessory on the screen of the mobile terminal 100, so that the user can adjust the spatial position and the use distance of the iris image collection in time, thereby improving the speed of the user identity authentication. And improve the user experience. The orientation of the OTG interface of the current mobile terminal is not the same, so that there may be a case where the imaging direction of the optical lens component 210 and the display of the mobile terminal 100 after the iris identity authentication accessory 200 is inserted into a mobile terminal 100 The screen is on the same side. After inserting another mobile terminal 100, the imaging direction of the optical lens component 210 is on the opposite side of the display screen, so that the user does not see the real-time in the display screen of the mobile terminal 100 when facing the optical lens component 210 of the iris identity authentication accessory 200. Imaging. In order to avoid this, the iris authentication accessory 200 according to the present invention can set its own OTG interface orientation for a mobile terminal that is oriented toward a specific OTG interface, thereby ensuring that the iris identity authentication accessory is inserted into the mobile terminal after the optical lens component 210 is inserted. The imaging direction is on the same side of the mobile terminal as the display screen of the mobile terminal 100. Alternatively, a lens rotation mechanism may be added to the iris identity authentication accessory 200 to change the imaging direction of the optical lens component 210 thereof.
图6示出了根据本发明一个实施例的虹膜身份认证附件200的结构框图。如图6所示,移动终端的虹膜身份认证附件包括了光学镜头部件210、图像传感器240、接口单元220、数据处理单元250和ID电路模块260。FIG. 6 shows a block diagram of the structure of an iris identity authentication accessory 200 in accordance with one embodiment of the present invention. As shown in FIG. 6, the iris identity authentication accessory of the mobile terminal includes an optical lens component 210, an image sensor 240, an interface unit 220, a data processing unit 250, and an ID circuit module 260.
图像传感器240适于将包含用户虹膜的感兴趣区域的光学图像转换成电子图像。Image sensor 240 is adapted to convert an optical image of a region of interest comprising a user's iris into an electronic image.
接口单元220,适于连接到移动终端100以及进行通信。这里所说的连接方式包括了物理的可拆卸连接方式和无线连接方式。接口单元220可以选用通用的连接标准结构中任一种。The interface unit 220 is adapted to connect to the mobile terminal 100 and to communicate. The connection methods mentioned here include physical detachable connection methods and wireless connection methods. The interface unit 220 can select any one of the general connection standard structures.
数据处理单元250,适于对图像传感器240输出的原始图像数据进行转换和处理,以及通过接口单元220向移动终端100传输经过处理的虹膜电子图像,以便移动终端100从接收到的虹膜电子图像,通过虹膜识别算法生成虹膜模板,进而通过该虹膜模板和用户的注册虹膜模板数据进行比对来认证用户身份。虹膜电子图像可以是单眼图像,也可以是双眼图像。根据本发明的一个实施例采用了测量汉明距离的方式,虹膜比对结果小于规定的汉明距离门限值,识别结果为同一个用户。在比对结果大于规定的门限值时,移动终端100识别实时虹膜模板与注册的虹膜模板对应不同的用户。数据处理单元250对电子图像的处理包括对电子图像进行去噪处理,并从多个电子图像中选取所包含的虹膜图像质量较高的电子图像。数据处理单元250能够将经过处理的电子图像通过接口单元220向移动终端100传输。 The data processing unit 250 is adapted to convert and process the raw image data output by the image sensor 240, and transmit the processed iris electronic image to the mobile terminal 100 through the interface unit 220, so that the mobile terminal 100 receives the iris electronic image, The iris template is generated by the iris recognition algorithm, and the user identity is authenticated by comparing the iris template with the registered iris template data of the user. The iris electronic image may be a monocular image or a binocular image. According to an embodiment of the present invention, the method of measuring the Hamming distance is adopted, and the iris comparison result is smaller than the specified Hamming distance threshold, and the recognition result is the same user. When the comparison result is greater than the specified threshold, the mobile terminal 100 recognizes that the real-time iris template corresponds to a different user of the registered iris template. The processing of the electronic image by the data processing unit 250 includes performing denoising processing on the electronic image, and selecting an electronic image having a higher quality of the iris image included from the plurality of electronic images. The data processing unit 250 can transmit the processed electronic image to the mobile terminal 100 through the interface unit 220.
ID电路模块260,包括至少一个唯一的虹膜身份认证附件ID序列号存储区,以便由所述移动终端从中读取唯一ID序列号。这样,移动终端100的应用可以通过ID序列号对虹膜身份认证附件的身份进行验证,从而保证经过合法注册的虹膜身份认证附件才能进行相应操作,以保证用户的身份安全性。这样,通过如图6所示的虹膜身份认证附件200,可以在通常的、非硬件定制化的移动终端100中进行基于虹膜特征的身份验证,以及完成移动支付的安全操作。此外,该ID电路模块260还可以包括加密电路和/或解密模块。只有移动终端驻留了对应该ID电路的解密应用或插件后,移动终端才可以解析从ID电路模块获取的ID数据。这样,虹膜身份认证附件200对应的唯一的ID序列号存放安全性更高,不容易被截获并盗用ID身份。每一个独立的虹膜身份认证附件设备拥有一个唯一的设备ID序列号。该ID序列号由ID电路模块产生或存储,并可以由加密电路进行加密。这样ID电路模块260可以采用加密格式输出该ID序列号。当虹膜身份认证附件200与移动终端100建立通信连接后,移动终端100会读取该设备ID序列号。如果该ID序列号被加密过,则移动终端经过解密以还原ID序列号。移动终端通过该ID序列号来识别与其连接的虹膜身份认证附件200的有效性。例如,移动终端中的应用知晓合法的设备ID序列号列表或者合法性判断规则,能够判断出读取的设备ID序列号是否合法。如果判断读取的ID序列号非法,则拒绝识别该虹膜身份认证附件设备,不再进行后续的虹膜身份识别工作。The ID circuit module 260 includes at least one unique iris identity authentication accessory ID serial number storage area from which the mobile terminal can read the unique ID serial number. In this way, the application of the mobile terminal 100 can verify the identity of the iris identity authentication attachment by using the ID serial number, thereby ensuring that the legally registered iris identity authentication attachment can perform corresponding operations to ensure the identity security of the user. Thus, through the iris identity authentication accessory 200 as shown in FIG. 6, the iris feature based identity verification can be performed in the usual, non-hardware customized mobile terminal 100, and the secure operation of the mobile payment can be completed. In addition, the ID circuit module 260 can also include an encryption circuit and/or a decryption module. The mobile terminal can parse the ID data acquired from the ID circuit module only after the mobile terminal resides in the decryption application or plug-in corresponding to the ID circuit. In this way, the unique ID serial number corresponding to the iris identity authentication accessory 200 is stored with higher security, and is not easily intercepted and the ID identity is stolen. Each individual iris identity accessory device has a unique device ID serial number. The ID serial number is generated or stored by the ID circuit module and can be encrypted by an encryption circuit. Thus, the ID circuit module 260 can output the ID serial number in an encrypted format. When the iris identity authentication accessory 200 establishes a communication connection with the mobile terminal 100, the mobile terminal 100 reads the device ID serial number. If the ID serial number is encrypted, the mobile terminal is decrypted to restore the ID serial number. The mobile terminal identifies the validity of the iris identity authentication accessory 200 connected thereto by the ID serial number. For example, the application in the mobile terminal knows the legal device ID serial number list or the legality determination rule, and can determine whether the read device ID serial number is legal. If it is determined that the read ID serial number is illegal, the iris identity authentication accessory device is rejected, and the subsequent iris identification work is not performed.
在根据本发明一个实施例中,接口单元220为USB OTG接口。虹膜身份认证附件可以通过USB OTG接口从移动终端获取供电。这样,虹膜身份认证附件的电路结构可以进一步进行压缩,从而减小虹膜身份认证附件200的体积。在根据本发明一个实施例中,移动终端100通过应用对虹膜认证附件200进行启动以及获取虹膜认证附件200传送的数据。该应用通过移动终端100的底层USB视频类(UVC)驱动对虹膜认证附件200进行操控。用户可以在移动终端100上自行安装虹膜采集应用并获得应用的系统ROOT权限。当然,该应用也可以作为移动终端100上的系统软件发布,用户不再需要自行获得应用的系统root权限。In one embodiment in accordance with the invention, interface unit 220 is a USB OTG interface. The iris identity authentication accessory can obtain power from the mobile terminal through the USB OTG interface. In this way, the circuit structure of the iris authentication accessory can be further compressed to reduce the volume of the iris identity authentication accessory 200. In one embodiment in accordance with the present invention, the mobile terminal 100 launches the iris authentication accessory 200 by application and acquires data transmitted by the iris authentication accessory 200. The application manipulates the iris authentication accessory 200 through the underlying USB video class (UVC) driver of the mobile terminal 100. The user can install the iris collection application on the mobile terminal 100 and obtain the system ROOT authority of the application. Of course, the application can also be released as system software on the mobile terminal 100, and the user no longer needs to obtain the system root authority of the application.
在根据本发明又一个实施例中,接口单元220为无线接口(例如蓝牙或WiFi)。虹膜身份认证附件内部的电路结构中包括了向虹膜身份认证附件进行供电的电源单元(图中未示出)。这样虹膜身份认证附件200可以随意移动。或者,虹膜身份认证附件可以通过其外壳230上设置的定位结构(例如粘钩、安装座等)将虹膜身份认证附件定位在适于用户使用的位置处。 In still another embodiment in accordance with the present invention, interface unit 220 is a wireless interface (e.g., Bluetooth or WiFi). The circuit structure inside the iris authentication accessory includes a power supply unit (not shown) that supplies power to the iris authentication accessory. Thus, the iris identity authentication accessory 200 can be moved at will. Alternatively, the iris authentication accessory can position the iris authentication accessory at a location suitable for the user's use by a positioning structure (eg, hook, mount, etc.) disposed on its outer casing 230.
在根据本发明又一个实施例中,数据处理单元250还包括加密模块,适于对电子图像进行加密处理。数据处理单元250将图像传感器中获取的电子图像进行去噪处理后,选取成像质量较好的电子图像。然后,加密模块对准备传输的电子图像进行加密处理。当经过加密处理的电子图像到达移动终端100后,移动终端100中应用对该电子图像进行解密以获取虹膜图像。这样,虹膜身份认证附件200就对所传输的数据本身进行了加密处理,进而保证了包含用户虹膜数据的电子图像的安全性。加密算法可以使用对称加密算法、非对称加密算法、公钥私钥加密算法、量子加密算法或其他特定的加密算法。虹膜身份认证附件200也可以采用不开源的图像压缩的技术对图像进行压缩输出进行加密。经过加密处理后的人眼或虹膜图像需要进行解密才能被打开。否则即便在传输过程中,非法用户截获虹膜身份认证附件200采集的数据流,也无法从该数据流解析破解得到用户的虹膜图像。这样虹膜身份认证附件200具有很强的硬件加密性和抗攻击性,在对数据安全性有较高要求的应用场景中,比如移动支付,具有独特优势。In still another embodiment of the present invention, the data processing unit 250 further includes an encryption module adapted to perform an encryption process on the electronic image. The data processing unit 250 performs denoising processing on the electronic image acquired in the image sensor, and selects an electronic image with better imaging quality. The encryption module then performs an encryption process on the electronic image to be transmitted. After the encrypted electronic image arrives at the mobile terminal 100, the application in the mobile terminal 100 decrypts the electronic image to acquire an iris image. In this way, the iris identity authentication accessory 200 encrypts the transmitted data itself, thereby ensuring the security of the electronic image containing the user's iris data. The encryption algorithm may use a symmetric encryption algorithm, an asymmetric encryption algorithm, a public key private key encryption algorithm, a quantum encryption algorithm, or other specific encryption algorithms. The iris identity authentication accessory 200 can also use a non-open source image compression technology to compress and output images for encryption. The encrypted human eye or iris image needs to be decrypted to be opened. Otherwise, even if the illegal user intercepts the data stream collected by the iris authentication accessory 200 during the transmission process, the user's iris image cannot be obtained from the data stream. In this way, the iris authentication accessory 200 has strong hardware encryption and anti-aggression, and has unique advantages in an application scenario where data security is highly demanded, such as mobile payment.
进一步,数据处理单元250在通过接口单元220向移动终端100传输时,可以采用多种图像传输格式。所传输的图像格式可以是未经压缩的图像格式(如Raw Data),也可以是经过处理的图像格式,比如YUV、RGB、或UVC,并且可以经过加密。例如,数据处理单元250可以将从图像传感器240输出的原始电子图像转换为UVC图像。相应地,移动终端100获取到UVC图像后,可以根据需要对原始的UVC图像进行解析和进行诸如提取虹膜特征的后续处理。另外,在根据本发明的又一个实施例中,数据处理单元250可以对从图像传感器240输出的每一帧原始图像进行筛选,从中获取虹膜图像质量较高的图像数据,然后把符合虹膜识别要求的图像通过接口单元220传输给移动终端100。这样,减少了虹膜身份认证附件200向移动终端100所传输的数据量,也降低了移动终端的数据处理量,提高了虹膜身份认证的效率。Further, when the data processing unit 250 transmits to the mobile terminal 100 through the interface unit 220, various image transmission formats may be employed. The transmitted image format can be an uncompressed image format (such as Raw Data) or a processed image format such as YUV, RGB, or UVC, and can be encrypted. For example, data processing unit 250 may convert the raw electronic image output from image sensor 240 into a UVC image. Accordingly, after the mobile terminal 100 acquires the UVC image, the original UVC image can be parsed as needed and subsequent processing such as extracting iris features can be performed. In addition, in still another embodiment according to the present invention, the data processing unit 250 may filter each frame of the original image output from the image sensor 240, obtain image data of higher iris image quality, and then meet the iris recognition requirements. The image is transmitted to the mobile terminal 100 through the interface unit 220. In this way, the amount of data transmitted by the iris identity authentication accessory 200 to the mobile terminal 100 is reduced, the data processing amount of the mobile terminal is also reduced, and the efficiency of iris identity authentication is improved.
虹膜身份认证附件200中还可以包括注册虹膜模板存储模块(图中未示出),适于以加密方式存储用户的注册虹膜模板数据。这样,用户可以选择将经过注册的虹膜模板数据存放在一个独立的设备中(即本发明的虹膜身份认证附件)。在虹膜身份认证附件200连接到移动终端100时,移动终端100可以从该虹膜模板存储模块中读取加密的虹膜模板数据,进而与实时采集获取的虹膜图像进行比对,从而确认当前虹膜识别的用户身份是否与注册虹膜模板数据表示的用户身份一致。这样,用户可以在不同的移动终端上使用存储有本人注册虹膜模板数据的虹膜身份认证附件进行身份认证,从而提高了用户进行身份认证 的便利性。此外,与将注册虹膜模板数据存储在移动终端(典型地是存储在存储卡)中的方式相比,在虹膜身份认证附件中以加密方式存储用户的注册虹膜模板的方式可以提供更高的安全性。The iris identity authentication accessory 200 may further include a registered iris template storage module (not shown) adapted to store the user's registered iris template data in an encrypted manner. In this way, the user can choose to store the registered iris template data in a separate device (i.e., the iris identity authentication accessory of the present invention). When the iris authentication accessory 200 is connected to the mobile terminal 100, the mobile terminal 100 can read the encrypted iris template data from the iris template storage module, and then compare with the iris image acquired in real time to confirm the current iris recognition. Whether the user identity is consistent with the identity of the user represented by the registered iris template data. In this way, the user can use the iris identity authentication attachment storing the registered iris template data for identity authentication on different mobile terminals, thereby improving the user identity authentication. Convenience. In addition, storing the user's registered iris template in an encrypted manner in the iris identity authentication attachment provides a higher level of security than storing the registered iris template data in a mobile terminal (typically stored in a memory card) Sex.
图7示出了根据本发明一个实施例的移动终端中的虹膜身份认证应用的结构框图。该虹膜身份认证应用驻留在移动终端100中。该虹膜身份认证应用包括了显示单元161、接口单元162、虹膜身份认证附件识别单元163和虹膜身份认证单元164。在根据本发明又一个实施例中,移动终端中虹膜身份认证应用还可以包括图像处理单元。FIG. 7 is a block diagram showing the structure of an iris identity authentication application in a mobile terminal according to an embodiment of the present invention. The iris authentication application resides in the mobile terminal 100. The iris identity authentication application includes a display unit 161, an interface unit 162, an iris identity authentication accessory identification unit 163, and an iris identity authentication unit 164. In still another embodiment of the present invention, the iris authentication application in the mobile terminal may further include an image processing unit.
显示单元161适于实时显示用户的虹膜预览图像。这样,用户可以根据所显示的虹膜成像调整虹膜身份认证附件相对于眼部区域的位置,以获取更高质量的虹膜成像。另外,显示单元还能够显示虹膜注册和识别过程中的人机界面以及指示信号,比如红绿蓝三种颜色来指示用户与虹膜采集设备之间的距离。其中,红色表示距离太近,绿色表示距离合适,蓝色表示距离过远。The display unit 161 is adapted to display the iris preview image of the user in real time. In this way, the user can adjust the position of the iris identity authentication accessory relative to the eye area based on the displayed iris imaging to obtain higher quality iris imaging. In addition, the display unit is also capable of displaying a human-machine interface during the iris registration and recognition process and an indication signal, such as three colors of red, green and blue, to indicate the distance between the user and the iris acquisition device. Among them, red indicates that the distance is too close, green indicates that the distance is appropriate, and blue indicates that the distance is too far.
图像处理单元适于根据电子图像中双眼的瞳孔间距或单眼的瞳孔直径分析用户与光学镜头部件的距离,以便生成距离调节指示信号以提示用户改变移动终端与眼部距离。图8A和图8B分别示出了单眼虹膜注册过程和双眼虹膜注册过程中的用户界面示例。如图8A所示的界面中包括了第一区域410和第二区域420。第一区域410为虹膜采集预览区域。该预览区域内还可以显示已经注册次数的提醒。例如,界面中显示“0”,则表示该虹膜身份认证附件还没有注册可用于比对的用户注册的虹膜模板数据。第二区域420显示对用户调整操作的提示信息。例如,显示内容为请用户将一只眼睛对准圆框(当然也可以使用其他多种形状和边框颜色),由远及近缓慢移动手机至手机指示灯或者虹膜认证附件的指示灯变绿时,保持手机稳定,以获取高质量的用户虹膜数据。如图8B所示的界面中包括第一区域510、第二区域520、第三区域530。在第三区域中用户可以预览双眼图像。第一区域510可以包括三个部分,每个部分对应一个标识以表示移动终端与眼部的不同距离范围。例如,三个部分颜色分别为红色、绿色和蓝色。红色表示距离太近,绿色表示距离合适,蓝色表示距离过远。在用户手持移动终端进行采集位置调整时,三个部分中可以显示一个浮标以指示当前位置的距离。这样,用户可以根据浮标所处的位置,快速调整移动终端与眼部的距离。第二区域520可以通过颜色或者文字方式来表示虹膜注册的次数。例如,当第二区域中眼睛图案完全变成绿色时表示一次虹膜注册的完成。除了颜色,移动终端100还可以使用指示音来提示用户的使用距离。接口单元162适于与虹膜身份认证附件200相 连接,读取虹膜身份认证附件200的设备ID序列号,或者所采集的虹膜电子图像和注册虹膜模板数据。这样虹膜身份认证应用可以获取包含用户虹膜的感兴趣区域的电子图像和虹膜身份认证附件ID序列号,已进行安全的身份认证。The image processing unit is adapted to analyze the distance of the user from the optical lens component based on the pupil spacing of the two eyes in the electronic image or the pupil diameter of the single eye to generate a distance adjustment indication signal to prompt the user to change the distance between the mobile terminal and the eye. 8A and 8B show examples of user interfaces in the single-eye iris registration process and the binocular iris registration process, respectively. A first area 410 and a second area 420 are included in the interface as shown in FIG. 8A. The first area 410 is an iris acquisition preview area. Alerts for the number of registrations can also be displayed in this preview area. For example, if “0” is displayed in the interface, it means that the iris authentication accessory has not registered the iris template data that can be used for the registered user registration. The second area 420 displays prompt information for the user adjustment operation. For example, the display content is that the user should aim one eye at the round frame (of course, other shapes and border colors can also be used), and the indicator light from the far and near mobile phone to the mobile phone indicator or the iris authentication accessory turns green. Keep your phone stable to get high quality user iris data. The first region 510, the second region 520, and the third region 530 are included in the interface shown in FIG. 8B. In the third area, the user can preview the binocular image. The first area 510 can include three sections, each section corresponding to an identification to indicate a different range of distances between the mobile terminal and the eye. For example, the three parts are red, green, and blue. Red indicates that the distance is too close, green indicates that the distance is appropriate, and blue indicates that the distance is too far. When the user holds the mobile terminal for the position adjustment, a buoy can be displayed in the three parts to indicate the distance of the current position. In this way, the user can quickly adjust the distance between the mobile terminal and the eye according to the position of the buoy. The second area 520 can indicate the number of times the iris is registered by color or text. For example, when the eye pattern in the second region completely turns green, it indicates the completion of one iris registration. In addition to the color, the mobile terminal 100 can also use the indicator sound to prompt the user to use the distance. The interface unit 162 is adapted to be associated with the iris identity authentication accessory 200 Connect, read the device ID serial number of the iris identity authentication accessory 200, or the acquired iris electronic image and the registered iris template data. In this way, the iris authentication application can acquire the electronic image of the region of interest containing the user's iris and the iris identity authentication attachment ID serial number, and has performed secure identity authentication.
移动终端100的操作系统开启USB OTG的ROOT权限,从而使得移动终端100能够成功识别到连接到本移动终端的虹膜身份认证附件200,开启主从模式,移动终端100能够通过USB OTG协议与虹膜身份认证附件200进行信号通信,控制虹膜身份认证附件的供电和开启。然后,虹膜认证附件200根据移动终端100的指令对用户进行虹膜生物特征采集和图像加密传输到移动终端。移动终端对虹膜特征图像进行解码并生成虹膜模板,然后进行比对。The operating system of the mobile terminal 100 turns on the ROOT authority of the USB OTG, so that the mobile terminal 100 can successfully identify the iris identity authentication accessory 200 connected to the mobile terminal, and activates the master-slave mode, and the mobile terminal 100 can communicate with the iris identity through the USB OTG protocol. The authentication accessory 200 performs signal communication to control the power supply and opening of the iris identity authentication accessory. Then, the iris authentication accessory 200 performs iris biometric feature collection and image encryption transmission to the mobile terminal according to the instruction of the mobile terminal 100. The mobile terminal decodes the iris feature image and generates an iris template, and then performs the comparison.
在根据本发明又一个实施例中,移动终端100可以将虹膜身份认证附件200经过加密的图像数据发送到服务器中。这样,服务器在对图像数据进行解密后,将其与存储在服务器中的用户注册的虹膜模板数据进行比对,然后将比对结果返回到移动终端。In still another embodiment of the present invention, the mobile terminal 100 may transmit the encrypted image data of the iris identity authentication accessory 200 to the server. In this way, after decrypting the image data, the server compares it with the iris template data registered by the user stored in the server, and then returns the comparison result to the mobile terminal.
在根据本发明又一个实施例中,移动终端100可以根据从虹膜身份认证附件200获取的图像数据生成虹膜模板。然后,移动终端100将虹膜模板返回到虹膜身份认证附件200中。这样,虹膜身份认证附件200的数据处理单元可以将虹膜模板与存储在虹膜身份认证附件200中用户的注册虹膜模板数据进行比对,并将比对结果发送到移动终端100。In still another embodiment according to the present invention, the mobile terminal 100 may generate an iris template based on image data acquired from the iris identity authentication accessory 200. The mobile terminal 100 then returns the iris template to the iris identity authentication accessory 200. Thus, the data processing unit of the iris identity authentication accessory 200 can compare the iris template with the registered iris template data of the user stored in the iris identity authentication accessory 200, and transmit the comparison result to the mobile terminal 100.
虹膜身份认证附件识别单元163适于根据虹膜身份认证附件ID序列号识别虹膜身份认证附件200。虹膜身份认证单元164,适于根据电子图像生成用户虹膜模板,并根据该虹膜模板与用户的注册虹膜模板数据进行比对的结果来认证用户的身份。其中,用户的注册虹膜模板适于与实时虹膜图像中虹膜特征进行比对。移动终端100除了可以从具有注册虹膜模板的虹膜身份认证附件获取以外,也可以选择从服务器进行下载。The iris identity authentication accessory identification unit 163 is adapted to identify the iris identity authentication accessory 200 based on the iris identity authentication accessory ID serial number. The iris identity authentication unit 164 is adapted to generate a user iris template according to the electronic image, and authenticate the identity of the user according to the result of the comparison between the iris template and the registered iris template data of the user. Wherein, the user's registered iris template is adapted to be compared with the iris features in the real-time iris image. In addition to being available from the iris identity authentication accessory with the registered iris template, the mobile terminal 100 may also choose to download from the server.
进一步,在根据本发明又一个实施例中,移动终端中虹膜身份认证应用还可以包括移动支付单元。该移动支付单元适于向虹膜身份认证单元164发送身份认证请求以及从虹膜身份认证单元接收身份认证结果。例如,用户在进行网购时,移动支付单元在准备进行网络支付时,向虹膜身份认证单元164发送身份认证请求。在虹膜身份认证单元完成认证过程后,移动支付单元可以接收认证结果,以便完成支付操作或者拒绝进行支付。Further, in still another embodiment of the present invention, the iris authentication application in the mobile terminal may further include a mobile payment unit. The mobile payment unit is adapted to send an identity authentication request to the iris identity authentication unit 164 and an identity authentication result from the iris identity authentication unit. For example, when the user performs online shopping, the mobile payment unit sends an identity authentication request to the iris identity authentication unit 164 when preparing for network payment. After the iris authentication unit completes the authentication process, the mobile payment unit can receive the authentication result to complete the payment operation or refuse to pay.
在根据本发明的又一个实施例中,图像传感器适于计算电子图像中双眼的瞳孔间距或者单眼的瞳孔直径来分析用户与光学镜头部件的距离,以便生成距离调节控制信号来控制 虹膜身份认证附件中的焦距调节单元,实现光学镜头对虹膜成像的自动对焦。这样,用户在将虹膜身份认证附件200的光学镜头部件对准用户眼部区域后,在通常的距离范围内,不需要手动调整虹膜身份认证附件200与眼部的距离,而是通过焦距调节单元进行自动对焦,从而提高用户的体验度。In still another embodiment in accordance with the present invention, the image sensor is adapted to calculate the pupil spacing of the two eyes in the electronic image or the pupil diameter of the single eye to analyze the distance of the user from the optical lens component to generate a distance adjustment control signal for control The focal length adjustment unit in the iris authentication accessory realizes the autofocus of the iris lens for the optical lens. In this way, after aligning the optical lens component of the iris identity authentication accessory 200 with the eye area of the user, the user does not need to manually adjust the distance between the iris identity authentication accessory 200 and the eye within a normal distance range, but through the focus adjustment unit. Autofocus to improve user experience.
图9示出了根据本发明又一个实施例的虹膜身份认证附件的300的结构图。如图9所示,移动终端的虹膜身份认证附件300包括了光学镜头部件310、图像传感器340、接口单元320、注册虹膜模板存储模块330、数据处理单元350和ID电路模块360。光学镜头部件360,适于对包含用户虹膜的感兴趣区域进行光学成像。图像传感器340,适于将包含用户虹膜的感兴趣区域的光学图像转换成原始电子图像。ID电路模块360,包括至少一个唯一的虹膜身份认证附件ID序列号存储区,以便由所述移动终端从中读取唯一ID序列号。注册虹膜模板存储模块330,适于以加密方式存储用户的注册虹膜模板数据。接口单元320,适于将虹膜身份认证附件300连接到移动终端100,从而使得虹膜身份认证附件300与移动终端100进行通信。数据处理单元350,适于对图像传感器340输出的原始电子图像进行处理以获取虹膜模板,并将该虹膜模板与所述用户的注册虹膜模板数据进行比对,以及将比对结果通过接口单元发送到移动终端。FIG. 9 shows a block diagram of an 300 of an iris identity authentication accessory in accordance with yet another embodiment of the present invention. As shown in FIG. 9, the iris identity authentication accessory 300 of the mobile terminal includes an optical lens component 310, an image sensor 340, an interface unit 320, a registered iris template storage module 330, a data processing unit 350, and an ID circuit module 360. An optical lens component 360 is adapted to optically image a region of interest comprising a user's iris. An image sensor 340 is adapted to convert an optical image of the region of interest comprising the user's iris into an original electronic image. The ID circuit module 360 includes at least one unique iris identity authentication accessory ID serial number storage area from which the mobile terminal can read the unique ID serial number. The registered iris template storage module 330 is adapted to store the registered iris template data of the user in an encrypted manner. The interface unit 320 is adapted to connect the iris identity authentication accessory 300 to the mobile terminal 100 such that the iris identity authentication accessory 300 communicates with the mobile terminal 100. The data processing unit 350 is adapted to process the original electronic image output by the image sensor 340 to acquire an iris template, compare the iris template with the registered iris template data of the user, and send the comparison result through the interface unit. To the mobile terminal.
具体地,用户在进行移动支付、登录和解锁等操作时,可以快速地将虹膜认证附件连接到所选定的任意移动终端上。用户可以通过移动终端中对应该虹膜身份认证附件300的应用(例如,移动终端中独立的应用或者是支付应用的插件等)来控制虹膜认证附件的开启和后续工作。在用户需要进行身份认证时,用户可以快速通过虹膜身份认证附件采集眼部区域的图像。虹膜认证附件的图像采集传感器340会将图像数据传输到数据处理单元350采用虹膜提取算法来生成实时的虹膜模板。虹膜提取算法可以采用多种公知的算法,这里不再赘述。数据处理单元350还会从注册虹膜模板存储模块330中获取用户注册的虹膜模板数据,然后会将实时生成的虹膜模板与用户注册的虹膜模板数据进行比对。这样虹膜身份认证附件300可以在不输出用户虹膜数据的情况下,在其内部完成虹膜身份的认证,从而降低了用户数据被非法获取的可能性,并且可以与多个移动终端快速连接使用,极大提高用户的体验度和使用安全性。本实施例的虹膜认证附件300的接口单元320可以是USB OTG接口、音频插口或耳机插口、蓝牙接口和WIFI接口中任一种。特别是,由于该虹膜身份认证附件300的传输数据量很少(例如,不需要传输电子图像数据),接口单元320在使用例如耳机插口等数据传输率较低的协议标准时,移动终端也可以快速获取到比对结 果。Specifically, the user can quickly connect the iris authentication accessory to any selected mobile terminal when performing operations such as mobile payment, login, and unlocking. The user can control the opening and subsequent work of the iris authentication accessory through an application in the mobile terminal corresponding to the iris authentication accessory 300 (for example, a separate application in the mobile terminal or a plug-in for the payment application, etc.). When the user needs to authenticate, the user can quickly collect images of the eye area through the iris identity authentication accessory. The iris acquisition accessory image acquisition sensor 340 transmits the image data to the data processing unit 350 using an iris extraction algorithm to generate a real-time iris template. The iris extraction algorithm can use a variety of well-known algorithms, and will not be described here. The data processing unit 350 also acquires the iris template data registered by the user from the registered iris template storage module 330, and then compares the real-time generated iris template with the iris template data registered by the user. In this way, the iris authentication accessory 300 can complete the authentication of the iris identity in the case of not outputting the user iris data, thereby reducing the possibility that the user data is illegally acquired, and can be quickly connected and used with a plurality of mobile terminals. Greatly improve user experience and security. The interface unit 320 of the iris authentication accessory 300 of the embodiment may be any one of a USB OTG interface, an audio jack or a headphone jack, a Bluetooth interface, and a WIFI interface. In particular, since the amount of transmitted data of the iris authentication accessory 300 is small (for example, it is not necessary to transmit electronic image data), the interface unit 320 can also quickly use a protocol standard such as a headphone jack with a lower data transmission rate. Get the comparison knot fruit.
另外,本实施例的虹膜身份认证附件300可以单独配置电源单元,以向整个虹膜身份认证附件供电。或者,虹膜身份认证附件300也可以在直接连接到移动终端100时,通过接口单元320由移动终端100提供电源。In addition, the iris identity authentication accessory 300 of the present embodiment can separately configure the power supply unit to supply power to the entire iris identity authentication accessory. Alternatively, the iris authentication accessory 300 can also be powered by the mobile terminal 100 through the interface unit 320 when directly connected to the mobile terminal 100.
在根据本发明的一个实施例中,虹膜身份认证系统包括了虹膜身份认证附件300和移动终端100。其中,移动终端100也具有对应虹膜身份认证附件300的接口单元。移动终端100可以通过该接口单元与虹膜身份认证附件300进行通信。移动终端100与虹膜身份认证附件300建立连接后,首先会获取虹膜身份认证附件300的ID序列号,然后发送到服务器中进行ID识别,以确认虹膜身份认证附件是否为合法注册设备,以保证身份认证的合法和用户安全。如果ID序列号没有通过认证,则移动终端100会结束与该虹膜身份认证附件的通信连接,并向用户进行提示。如果ID序列号通过认证,移动终端100会保持与虹膜身份认证附件300的连接,并等待用户在进行移动支付或者应用登陆时,对虹膜身份认证附件300发出指示以获取虹膜身份比对的结果。这样,本实施例的虹膜身份认证系统中,虹膜身份认证附件300可以快速与任一个通常的移动终端100建立起身份认证系统,特别是对于用户的隐私数据具有低耦合性,能够极大提高用户的使用体验度和数据安全性。In one embodiment in accordance with the invention, the iris identity authentication system includes an iris identity authentication accessory 300 and a mobile terminal 100. The mobile terminal 100 also has an interface unit corresponding to the iris identity authentication accessory 300. The mobile terminal 100 can communicate with the iris identity authentication accessory 300 through the interface unit. After establishing the connection with the iris identity authentication accessory 300, the mobile terminal 100 first obtains the ID serial number of the iris identity authentication accessory 300, and then sends it to the server for ID identification to confirm whether the iris identity authentication accessory is a legally registered device to ensure identity. Legal and user security of authentication. If the ID serial number does not pass the authentication, the mobile terminal 100 ends the communication connection with the iris identity authentication accessory and prompts the user. If the ID serial number is authenticated, the mobile terminal 100 maintains the connection with the iris identity authentication accessory 300 and waits for the user to issue an indication to the iris identity authentication accessory 300 to obtain the iris identity comparison when performing mobile payment or application login. In this way, in the iris identity authentication system of the embodiment, the iris identity authentication accessory 300 can quickly establish an identity authentication system with any of the usual mobile terminals 100, especially for the user's private data, which can greatly improve the user. User experience and data security.
A8:根据本发明的虹膜身份认证附件,还包括注册虹膜模板存储模块,适于以加密方式存储用户的注册虹膜模板数据。A9:根据本发明的虹膜身份认证附件,其中所述ID电路模块还包括加密电路和/或解密电路。A10:根据本发明的虹膜身份认证附件,其中所述光学镜头部件还包括镜头、适于固定镜头的镜头座和适于允许红外光通过的滤光片。A11:如A10所述的虹膜身份认证附件,其中所述光学镜头部件还包括焦距调节单元,适于对镜头的焦距进行调节。A12:如A10或A11所述的虹膜身份认证附件,其中在接口单元与移动终端物理连接后,所述镜头成像方向和与其连接的移动终端的显示屏幕在移动终端的同一侧。A13:根据本发明的虹膜身份认证附件,还包括至少一个LED灯,适于为虹膜成像提供照明。A14:如A13所述的虹膜身份认证附件,还包括LED灯控制模块,适于调节LED灯的模式和/或LED灯的亮度。A15:如A13所述的虹膜身份认证附件,其中所述LED灯的模式包括常亮模式和闪烁模式。A16:如A14所述的虹膜身份认证附件,其中所述LED灯控制模块还适于根据预定的模式调节所述LED灯的亮度,以便获取用户瞳孔因此缩放变化的电子图像。A17:如A16所述的虹膜身份认证附件,其中所述LED灯包括红外光LED 或可见光LED之一。A8: The iris identity authentication accessory according to the present invention further includes a registered iris template storage module adapted to store the user's registered iris template data in an encrypted manner. A9: An iris identity authentication accessory according to the present invention, wherein the ID circuit module further comprises an encryption circuit and/or a decryption circuit. A10: The iris identity authentication accessory according to the present invention, wherein the optical lens component further comprises a lens, a lens mount adapted to fix the lens, and a filter adapted to allow infrared light to pass therethrough. A11: The iris identity authentication accessory of A10, wherein the optical lens component further comprises a focal length adjustment unit adapted to adjust a focal length of the lens. A12: The iris identity authentication accessory according to A10 or A11, wherein after the interface unit is physically connected to the mobile terminal, the lens imaging direction and the display screen of the mobile terminal connected thereto are on the same side of the mobile terminal. A13: An iris identity authentication accessory in accordance with the present invention, further comprising at least one LED light adapted to provide illumination for iris imaging. A14: The iris identity authentication accessory according to A13, further comprising an LED light control module adapted to adjust the mode of the LED light and/or the brightness of the LED light. A15: The iris identity authentication accessory of A13, wherein the mode of the LED light comprises a constant light mode and a blinking mode. A16: The iris identity authentication accessory of A14, wherein the LED light control module is further adapted to adjust the brightness of the LED light according to a predetermined mode to obtain an electronic image of the user's pupil and thus zooming. A17: The iris identity authentication accessory of A16, wherein the LED light comprises an infrared light LED Or one of the visible LEDs.
A19:根据本发明的虹膜身份认证系统,其中,所述用户的注册虹膜模板数据被存储在虹膜身份认证附件的注册虹膜模板存储器中。A20:根据本发明的虹膜身份认证系统,其中,所述用户的注册虹膜模板数据被存储在移动终端或服务器中。A21:根据本发明的虹膜身份认证系统,其中所述移动终端还包括移动支付单元,适于向虹膜身份认证单元发送身份认证请求以及从虹膜身份认证单元接收身份认证结果。A22:根据本发明的虹膜身份认证系统,还包括:图像处理单元,适于根据采集的电子图像中用户的双眼的瞳孔间距或单眼的瞳孔直径分析用户与虹膜身份认证附件的距离,生成距离调节指示信号以提示用户改变移动终端/虹膜身份认证附件与眼部距离。A23:如A22所述的虹膜身份认证系统,其中所述图像处理单元还适于:计算电子图像中双眼的瞳孔间距或者单眼的瞳孔直径来分析用户与光学镜头部件的距离,以便生成距离调节控制信号来控制虹膜身份认证附件中的焦距调节单元,实现光学镜头对虹膜成像的自动对焦。A24:根据本发明的虹膜身份认证系统,其中所述虹膜身份认证单元,适于下述方式中任一种来根据电子图像生成用户虹膜模板,并根据该虹膜模板与用户的注册虹膜模板数据进行比对的结果来认证用户的身份:将所述虹膜模板和所述用户的注册虹膜模板数据在移动终端中进行比对,并根据比对结果对用户身份进行认证;将所述虹膜模板发送到服务器中,以便服务器将该虹膜模板与服务器中存储的用户的注册虹膜模板数据进行比对,以及接收服务器发送的比对结果以对用户身份进行认证;将所述虹膜模板和所述用户的注册虹膜模板数据发送到服务器中,以便服务器将虹膜模板和所述用户的注册虹膜模板数据进行比对,并接收服务器发送的比对结果以对用户身份进行认证;以及将所述虹膜模板发送到虹膜身份认证附件中,以便虹膜身份认证附件将该虹膜模板与虹膜身份认证附件中存储的用户的注册虹膜模板数据进行比对,和接收虹膜身份认证附件发送的比对结果以对用户身份进行认证。A26:根据本发明的虹膜身份认证附件,其中,所述接口单元包括USB OTG接口、音频插口或耳机插口、蓝牙接口和WIFI接口中任一种。A27:根据本发明虹膜身份认证附件,还包括电源单元,适于向虹膜身份认证附件供电。A19: An iris identity authentication system according to the present invention, wherein the registered iris template data of the user is stored in a registered iris template memory of an iris identity authentication attachment. A20: An iris identity authentication system according to the present invention, wherein the registered iris template data of the user is stored in a mobile terminal or a server. A21: An iris identity authentication system according to the present invention, wherein the mobile terminal further comprises a mobile payment unit adapted to send an identity authentication request to the iris identity authentication unit and to receive the identity authentication result from the iris identity authentication unit. A22: The iris identity authentication system according to the present invention further includes: an image processing unit, configured to analyze a distance between the user and the iris identity authentication accessory according to a pupil distance of the user's eyes in the collected electronic image or a pupil diameter of the single eye, and generate a distance adjustment. The indication signal prompts the user to change the mobile terminal/iris identity authentication attachment to the eye distance. A23: The iris identity authentication system according to A22, wherein the image processing unit is further adapted to: calculate a pupil spacing of the two eyes in the electronic image or a pupil diameter of the single eye to analyze a distance between the user and the optical lens component to generate a distance adjustment control The signal is used to control the focal length adjustment unit in the iris authentication accessory to achieve autofocusing of the iris lens by the optical lens. A24: The iris identity authentication system according to the present invention, wherein the iris identity authentication unit is adapted to generate a user iris template according to an electronic image according to any one of the following manners, and according to the iris template and the user's registered iris template data. Aligning the results to authenticate the identity of the user: comparing the iris template and the registered iris template data of the user in the mobile terminal, and authenticating the identity of the user according to the comparison result; sending the iris template to In the server, the server compares the iris template with the registered iris template data of the user stored in the server, and receives the comparison result sent by the server to authenticate the user identity; and the iris template and the user's registration The iris template data is sent to the server, so that the server compares the iris template with the registered iris template data of the user, and receives the comparison result sent by the server to authenticate the user identity; and sends the iris template to the iris Identity authentication attachment so that the iris authentication attachment will be rainbow Iris template data registered user templates and iris authentication attachments stored the results in order to authenticate the user's identity than sending the comparison, iris authentication and receiving attachments. A26: The iris identity authentication accessory according to the present invention, wherein the interface unit comprises any one of a USB OTG interface, an audio jack or a headphone jack, a Bluetooth interface, and a WIFI interface. A27: The iris identity authentication accessory according to the present invention further includes a power supply unit adapted to supply power to the iris identity authentication accessory.
此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。 In addition, those skilled in the art will appreciate that, although some embodiments described herein include certain features that are included in other embodiments and not in other features, combinations of features of different embodiments are intended to be within the scope of the present invention. Different embodiments are formed and formed. For example, in the following claims, any one of the claimed embodiments can be used in any combination.
此外,所述实施例中的一些在此被描述成可以由计算机系统的处理器或者由执行所述功能的其它装置实施的方法或方法元素的组合。因此,具有用于实施所述方法或方法元素的必要指令的处理器形成用于实施该方法或方法元素的装置。此外,装置实施例的在此所述的元素是如下装置的例子:该装置用于实施由为了实施该发明的目的的元素所执行的功能。Furthermore, some of the described embodiments are described herein as a combination of methods or method elements that can be implemented by a processor of a computer system or by other means for performing the functions. Accordingly, a processor having the necessary instructions for implementing the method or method elements forms a means for implementing the method or method elements. Furthermore, the elements described herein of the device embodiments are examples of means for performing the functions performed by the elements for the purpose of carrying out the invention.
如在此所使用的那样,除非另行规定,使用序数词“第一”、“第二”、“第三”等等来描述普通对象仅仅表示涉及类似对象的不同实例,并且并不意图暗示这样被描述的对象必须具有时间上、空间上、排序方面或者以任意其它方式的给定顺序。As used herein, the use of the ordinal "first", "second", "third", etc., to describe a generic object merely means a different instance referring to a similar object, and is not intended to imply such The objects being described must have a given order in time, space, ordering, or in any other way.
尽管根据有限数量的实施例描述了本发明,但是受益于上面的描述,本技术领域内的技术人员明白,在由此描述的本发明的范围内,可以设想其它实施例。此外,应当注意,本说明书中使用的语言主要是为了可读性和教导的目的而选择的,而不是为了解释或者限定本发明的主题而选择的。因此,在不偏离所附权利要求书的范围和精神的情况下,对于本技术领域的普通技术人员来说许多修改和变更都是显而易见的。对于本发明的范围,对本发明所做的公开是说明性的,而非限制性的,本发明的范围由所附权利要求书限定。 While the present invention has been described in terms of a limited number of embodiments, it will be understood by those skilled in the art that In addition, it should be noted that the language used in the specification has been selected primarily for the purpose of readability and teaching, and is not intended to be interpreted or limited. Therefore, many modifications and changes will be apparent to those skilled in the art without departing from the scope of the invention. The disclosure of the present invention is intended to be illustrative, and not restrictive, and the scope of the invention is defined by the appended claims.

Claims (10)

  1. 一种虹膜身份认证附件,包括:An iris identity authentication attachment that includes:
    光学镜头部件,适于对包含用户虹膜的感兴趣区域进行光学成像;An optical lens component adapted to optically image a region of interest comprising a user's iris;
    图像传感器,适于将包含用户虹膜的感兴趣区域的光学图像转换成原始电子图像;An image sensor adapted to convert an optical image of a region of interest comprising a user's iris into an original electronic image;
    接口单元,适于将虹膜身份认证附件连接到移动终端,从而使得虹膜身份认证附件与移动终端进行通信;An interface unit, configured to connect the iris identity authentication accessory to the mobile terminal, so that the iris identity authentication accessory communicates with the mobile terminal;
    数据处理单元,适于对图像传感器输出的原始电子图像进行处理,以及通过接口单元向移动终端传输经过处理的电子图像,以便移动终端从中比对虹膜模板和认证用户身份;以及a data processing unit adapted to process the original electronic image output by the image sensor and transmit the processed electronic image to the mobile terminal through the interface unit, so that the mobile terminal compares the iris template and authenticates the user identity;
    ID电路模块,包括至少一个唯一的虹膜身份认证附件ID序列号存储区,以便由所述移动终端从中读取唯一ID序列号。The ID circuit module includes at least one unique iris identity authentication accessory ID serial number storage area from which the mobile terminal can read the unique ID serial number.
  2. 如权利要求1所述的虹膜身份认证附件,其中,所述接口单元还适于在连接到移动终端时向虹膜身份认证附件供电。The iris identity authentication accessory of claim 1 wherein said interface unit is further adapted to power the iris identity authentication accessory when connected to the mobile terminal.
  3. 如权利要求1所述的虹膜身份认证附件,还包括电源单元,适于向虹膜身份认证附件供电。The iris identity authentication accessory of claim 1 further comprising a power supply unit adapted to power the iris identity authentication accessory.
  4. 如权利要求1所述的虹膜身份认证附件,其中,所述接口单元包括USB OTG接口、音频插口或耳机插口、蓝牙接口和WIFI接口中任一种。The iris identity authentication accessory of claim 1, wherein the interface unit comprises any one of a USB OTG interface, an audio jack or a headphone jack, a Bluetooth interface, and a WIFI interface.
  5. 如权利要求4所述的虹膜身份认证附件,其中,USB OTG接口包括USB2.0、USB3.0和MicroUSB接口中任一种。The iris identity authentication accessory of claim 4, wherein the USB OTG interface comprises any one of a USB 2.0, a USB 3.0, and a MicroUSB interface.
  6. 如权利要求1所述的虹膜身份认证附件,还包括外壳,其中所述USB OTG接口与外壳物理固定连接。The iris identity authentication accessory of claim 1 further comprising a housing, wherein said USB OTG interface is physically and fixedly coupled to the housing.
  7. 如权利要求1所述的虹膜身份认证附件,其中,所述数据处理单元还包括加密模块,适于对所述电子图像进行加密处理。The iris identity authentication accessory of claim 1 wherein said data processing unit further comprises an encryption module adapted to perform an encryption process on said electronic image.
  8. 一种虹膜身份认证系统,包括:An iris identity authentication system comprising:
    如权利要求1至7之一所述的虹膜身份认证附件;以及An iris identity authentication accessory according to any one of claims 1 to 7;
    移动终端,该移动终端包括:a mobile terminal, the mobile terminal comprising:
    显示单元,适于实时显示用户的虹膜成像; a display unit adapted to display a user's iris imaging in real time;
    接口单元,适于与虹膜身份认证附件相连接并进行通信,以启动虹膜身份认证附件采集包含用户眼部特征的电子图像,和读取虹膜身份认证附件的ID序列号并传输到移动终端;An interface unit, configured to connect with the iris identity authentication accessory and communicate to initiate an iris identity authentication accessory to collect an electronic image containing the characteristics of the user's eye, and read an ID serial number of the iris identity authentication accessory and transmit the same to the mobile terminal;
    虹膜身份认证附件识别单元,适于根据虹膜身份认证附件ID序列号识别该虹膜身份认证附件;和An iris identification accessory identification unit adapted to identify the iris identity authentication accessory according to an iris identity authentication attachment ID serial number; and
    虹膜身份认证单元,适于根据电子图像生成用户虹膜模板,并根据该虹膜模板与用户的注册虹膜模板数据进行比对的结果来认证用户的身份。The iris identity authentication unit is adapted to generate a user iris template according to the electronic image, and authenticate the identity of the user according to the result of the comparison between the iris template and the registered iris template data of the user.
  9. 一种虹膜身份认证附件,包括:An iris identity authentication attachment that includes:
    光学镜头部件,适于对包含用户虹膜的感兴趣区域进行光学成像;An optical lens component adapted to optically image a region of interest comprising a user's iris;
    图像传感器,适于将包含用户虹膜的感兴趣区域的光学图像转换成原始电子图像;An image sensor adapted to convert an optical image of a region of interest comprising a user's iris into an original electronic image;
    接口单元,适于将虹膜身份认证附件连接到移动终端,从而使得虹膜身份认证附件与移动终端进行通信;An interface unit, configured to connect the iris identity authentication accessory to the mobile terminal, so that the iris identity authentication accessory communicates with the mobile terminal;
    ID电路模块,包括至少一个唯一的虹膜身份认证附件ID序列号存储区,以便由所述移动终端从中读取唯一ID序列号;An ID circuit module comprising at least one unique iris identity authentication accessory ID serial number storage area for reading a unique ID serial number therefrom by the mobile terminal;
    注册虹膜模板存储模块,适于以加密方式存储用户的注册虹膜模板数据;以及Registering an iris template storage module adapted to store the user's registered iris template data in an encrypted manner;
    数据处理单元,适于对图像传感器输出的原始电子图像进行处理以获取虹膜模板,并将该虹膜模板与所述用户的注册虹膜模板数据进行比对,以及将比对结果通过接口单元发送到移动终端。a data processing unit adapted to process the original electronic image output by the image sensor to acquire an iris template, compare the iris template with the registered iris template data of the user, and send the comparison result to the mobile through the interface unit terminal.
  10. 一种虹膜身份认证系统,包括:An iris identity authentication system comprising:
    如权利要求9所述的虹膜身份认证附件;以及The iris identity authentication accessory of claim 9;
    移动终端,该移动终端包括:a mobile terminal, the mobile terminal comprising:
    接口单元,适于与虹膜身份认证附件相连接并进行通信,获取虹膜身份认证附件的ID序列号,以及虹膜模板与用户的注册虹膜模板数据的比对结果;An interface unit, configured to connect with and communicate with the iris identity authentication accessory, obtain an ID serial number of the iris identity authentication accessory, and compare the iris template with the registered iris template data of the user;
    虹膜身份认证附件识别单元,适于根据虹膜身份认证附件ID序列号识别虹膜身份认证附件;和An iris identification accessory identification unit adapted to identify an iris identity authentication attachment according to an iris identity authentication attachment ID serial number; and
    虹膜身份认证单元,适于根据所述比对结果来认证用户的身份。 An iris identity authentication unit adapted to authenticate a user's identity based on the comparison result.
PCT/CN2015/073981 2015-03-11 2015-03-11 Iris identity authentication accessory and system WO2016141561A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201580076668.7A CN107430688A (en) 2015-03-11 2015-03-11 Iris authentication annex and system
PCT/CN2015/073981 WO2016141561A1 (en) 2015-03-11 2015-03-11 Iris identity authentication accessory and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/073981 WO2016141561A1 (en) 2015-03-11 2015-03-11 Iris identity authentication accessory and system

Publications (1)

Publication Number Publication Date
WO2016141561A1 true WO2016141561A1 (en) 2016-09-15

Family

ID=56878694

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/073981 WO2016141561A1 (en) 2015-03-11 2015-03-11 Iris identity authentication accessory and system

Country Status (2)

Country Link
CN (1) CN107430688A (en)
WO (1) WO2016141561A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108345862A (en) * 2018-03-02 2018-07-31 中控智慧科技股份有限公司 A kind of iris authentication system and its iris identification method
CN109214234A (en) * 2017-06-29 2019-01-15 上海荆虹电子科技有限公司 The image sensor chip and terminal device of multilayer embedded bio-identification algorithm

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1752990A (en) * 2004-09-21 2006-03-29 中国科学院自动化研究所 Portable iris image acquiring device
CN1940959A (en) * 2005-09-29 2007-04-04 上海乐金广电电子有限公司 Portable iris discriminating system and method
CN101533473A (en) * 2009-04-22 2009-09-16 孙敏霞 Equipment for acquisition and processing of binocular iris images with single USB interfaces
CN104394311A (en) * 2014-09-15 2015-03-04 沈洪泉 Iris identification imaging module for mobile terminal and image acquisition method

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101127592A (en) * 2006-08-15 2008-02-20 华为技术有限公司 A biological template registration method and system
CN101051349B (en) * 2007-05-18 2010-10-13 北京中科虹霸科技有限公司 Multiple iris collecting device using active vision feedback
CN101561873B (en) * 2009-05-25 2011-06-01 北京森博克智能科技有限公司 Multimode authentication equipment with functions of iris recognition and USB Key
KR20130076273A (en) * 2011-12-28 2013-07-08 주식회사 유비키이노베이션 Active type iris photographing appararus
CN103152517B (en) * 2013-02-06 2018-06-22 北京中科虹霸科技有限公司 Imaging modules and mobile equipment for mobile iris identification equipment
CN103902871A (en) * 2014-04-10 2014-07-02 上海电力学院 User identity authentication method adopting iris recognition to realize cloud computation
CN204069000U (en) * 2014-07-17 2014-12-31 毛晨 Mobile encrypted authenticate device
CN104184589B (en) * 2014-08-26 2018-09-07 重庆邮电大学 A kind of identity identifying method, terminal device and system
CN104392221B (en) * 2014-11-28 2018-11-06 曾嵘 A kind of diverse identities identifying system and multidimensional diverse identities recognition methods

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1752990A (en) * 2004-09-21 2006-03-29 中国科学院自动化研究所 Portable iris image acquiring device
CN1940959A (en) * 2005-09-29 2007-04-04 上海乐金广电电子有限公司 Portable iris discriminating system and method
CN101533473A (en) * 2009-04-22 2009-09-16 孙敏霞 Equipment for acquisition and processing of binocular iris images with single USB interfaces
CN104394311A (en) * 2014-09-15 2015-03-04 沈洪泉 Iris identification imaging module for mobile terminal and image acquisition method

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109214234A (en) * 2017-06-29 2019-01-15 上海荆虹电子科技有限公司 The image sensor chip and terminal device of multilayer embedded bio-identification algorithm
CN109214234B (en) * 2017-06-29 2024-06-07 深圳荆虹科技有限公司 Image sensor chip and terminal equipment of multilayer embedded biological recognition algorithm
CN108345862A (en) * 2018-03-02 2018-07-31 中控智慧科技股份有限公司 A kind of iris authentication system and its iris identification method

Also Published As

Publication number Publication date
CN107430688A (en) 2017-12-01

Similar Documents

Publication Publication Date Title
US10341113B2 (en) Password management
KR101645087B1 (en) High security set using hand attached-type wearable device for iris recognition with wearing detection sensor and control method of the same set
EP3061023B1 (en) A method and a system for performing 3d-based identity verification of individuals with mobile devices
US20160173492A1 (en) Authentication method using biometric information and electronic device therefor
WO2015172515A1 (en) Iris recognition method and device for mobile terminal
US20170118204A1 (en) Techniques for hearable authentication
US12069473B2 (en) Secure wireless communication with peripheral device
CN105281907B (en) Encrypted data processing method and device
CN112215598A (en) Voice payment method and electronic equipment
KR20190101841A (en) A method for biometric authenticating using a plurality of camera with different field of view and an electronic apparatus thereof
KR20120042684A (en) Data transfer/receive method and system using finger printinformation
KR102208631B1 (en) Method for inputting/outputting security information and Electronic device using the same
CN111695509A (en) Identity authentication method, identity authentication device, machine readable medium and equipment
CN104579665B (en) Method for authenticating and device
CN105898140B (en) A kind of information processing method and device
WO2016141561A1 (en) Iris identity authentication accessory and system
US20200104471A1 (en) User authentication using variant illumination
CN111027374B (en) Image recognition method and electronic equipment
US10496882B2 (en) Coded ocular lens for identification
CN113556734B (en) Authentication method and device
CN114117461A (en) Data protection method, electronic equipment and storage medium
CN206696852U (en) A kind of iris authentication annex
CN116029716A (en) Remote payment method, electronic equipment and system
WO2020124607A1 (en) Authenticity querying method and terminal device using same
US12032973B1 (en) Methods and apparatus for configuring wearable devices

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15884244

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15884244

Country of ref document: EP

Kind code of ref document: A1