WO2017000340A1 - Encryption method and apparatus - Google Patents

Encryption method and apparatus Download PDF

Info

Publication number
WO2017000340A1
WO2017000340A1 PCT/CN2015/085814 CN2015085814W WO2017000340A1 WO 2017000340 A1 WO2017000340 A1 WO 2017000340A1 CN 2015085814 W CN2015085814 W CN 2015085814W WO 2017000340 A1 WO2017000340 A1 WO 2017000340A1
Authority
WO
WIPO (PCT)
Prior art keywords
information
transaction
server
fingerprint
specified
Prior art date
Application number
PCT/CN2015/085814
Other languages
French (fr)
Chinese (zh)
Inventor
袁新焰
张文
Original Assignee
宇龙计算机通信科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 宇龙计算机通信科技(深圳)有限公司 filed Critical 宇龙计算机通信科技(深圳)有限公司
Publication of WO2017000340A1 publication Critical patent/WO2017000340A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4016Transaction verification involving fraud or risk level assessment in transaction processing

Definitions

  • the present invention relates to the field of communications, and in particular, to an encryption method and apparatus.
  • the server In order to ensure security, in the process of payment and other confidential transactions, the server needs to use a certain way to authenticate the client's operation. Fingerprint recognition is the most widely used because of its easy extraction, fast recognition speed and high precision. A wide range of human identity biometric verification methods.
  • hackers have become more and more capable of cracking passwords. Even if high-precision fingerprint passwords are used, hackers may crack them. If the hacker intercepts the authentication fingerprint password entered by the client at any step of the authentication transaction process, such as intercepting in the client, intercepting the fingerprint image from the client to the server, or stealing on the server, it will result in Files or accounts related to fingerprint authentication are subject to security threats, so a more risk-sensitive encryption method is needed.
  • the embodiment of the invention provides an encryption method and device, so that the risk prevention is stronger and the security is higher when the authentication is verified.
  • a first aspect of the embodiments of the present invention provides an encryption method, including:
  • the fingerprint information includes at least one of a transaction time, a transaction space, a transaction order number, and a terminal number;
  • a second aspect of the embodiments of the present invention provides an encryption apparatus, including:
  • a fusion module configured to fuse the fingerprint information and the specified information by using a specified algorithm to obtain multi-dimensional information, where the specified information includes at least one of a transaction time, a transaction space, a transaction number, and a terminal number;
  • a requesting module configured to send the multi-dimensional information to the server, and request the server to perform authentication verification on the multi-dimensional information.
  • fingerprint information is acquired; the fingerprint information and the specified information are merged by using a specified algorithm to obtain multi-dimensional information, where the specified information includes transaction time, transaction space, and transaction order. At least one of the number and the terminal number; transmitting the multi-dimensional information to the server, and requesting the server to perform authentication verification on the multi-dimensional information. Therefore, by combining the fingerprint information and other information related to the transaction to obtain a unique and one-time authentication password, the risk prevention is stronger and the security is high.
  • FIG. 1 is a schematic flowchart of an encryption method according to a first embodiment of the present invention
  • FIG. 2 is a schematic flowchart of an encryption method according to a second embodiment of the present invention.
  • FIG. 2 is a schematic diagram of an interaction process of an encryption method according to a second embodiment of the present invention
  • FIG. 3 is a schematic structural diagram of an encryption apparatus according to a third embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of an encryption apparatus according to a fourth embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of an encryption apparatus according to a fifth embodiment of the present invention.
  • the embodiment of the invention provides an encryption method and device, so that the risk prevention is stronger and the security is higher when the authentication is verified.
  • an encryption method includes: acquiring fingerprint information; and fusing the fingerprint information and the specified information by using a specified algorithm to obtain multi-dimensional information, where the specified information includes transaction time, transaction space, and transaction At least one of a single number and a terminal number; transmitting the multi-dimensional information to a server, and requesting the server to perform authentication verification on the multi-dimensional information.
  • FIG. 1 is a schematic flowchart diagram of an encryption method according to a first embodiment of the present invention.
  • an encryption method provided by the first embodiment of the present invention may include:
  • the fingerprint information refers to information obtained from the client for authentication verification; the client corresponds to the server end, and the user exists in the process of performing authentication, such as payment transaction, information request, etc.
  • the terminal obtains the user's fingerprint information for authentication verification when the user needs to authenticate the identity of the user.
  • the client may be a mobile terminal such as a mobile phone or a tablet computer, or may be a terminal such as a computer; Refers to the terminal used to verify the fingerprint input by the client during the user's payment transaction.
  • the client scans the fingerprint image by using the fingerprint scanning device, so as to obtain fingerprint information input by the user.
  • the user when a user performs a payment transaction, the user needs to be authenticated by the fingerprint information, so that the fingerprint image input by the user is received by the client through the fingerprint scanning device.
  • S102 Integrate the fingerprint information and the specified information by using a specified algorithm to obtain a multi-dimensional letter.
  • the specified information includes at least one of a transaction time, a transaction space, a transaction number, and a terminal number.
  • the specified information refers to some information related to the transaction
  • the multi-dimensional information refers to information corresponding to the one-dimensional fingerprint information, including other dimensions.
  • unique information related to the transaction can be formed, for example, transaction time information when the transaction occurs, transaction space information, transaction number information, and which terminal the transaction is on.
  • one of the fingerprint information and the specified information may be merged.
  • two or more pieces of instruction information and the specified information may be fused.
  • the encrypted fingerprint is effective and unique, and is bound to the geographical location of the client and the client, so that the authentication verification is more confidential.
  • the payment transaction when the payment transaction is performed, the payment transaction needs to be authenticated, and the fingerprint information acquired from the terminal, the transaction time information, the transaction number information, and the terminal number information of the transaction may be merged to obtain multi-dimensional information.
  • S103 Send the multi-dimensional information to a server, and request the server to perform authentication verification on the multi-dimensional information.
  • the payment transaction when the payment transaction is performed, the payment transaction needs to be authenticated, and the fingerprint information acquired from the terminal, the transaction time information, the transaction number information, and the terminal number information of the transaction may be merged to obtain multi-dimensional information.
  • the multidimensional information is then sent to the server, so that the server verifies the multidimensional information.
  • the authentication verification is performed by using this method. Since the authentication information is not only the fingerprint information, but the fingerprint information is combined with other related information generated by the transaction, the confidentiality of the information is stronger, that is, the hacker is more It is difficult to crack the multi-dimensional information that integrates other information related to the transaction, thereby ensuring the security of transaction authentication, and by adding other information such as transaction time, the authentication information has a one-time use, that is, use After one failure, even if the hacker steals the multidimensional information, it cannot be used elsewhere. If the fingerprint used by the user on Alipay is encrypted, it is hacked. Stealing, the encrypted fingerprint cannot be used on WeChat payment, and the security is high.
  • the fingerprint information that the customer accepted at 9:00 am on May 14, 2015 the time information is combined with the fingerprint information through the encryption algorithm, then the merged fingerprint information cannot be used as May 2015.
  • the customer account is logged in. Similar to the terminal number, the single number, and the fingerprint of the geographical location information cannot complete the account login or account payment.
  • the fingerprint information is obtained; the fingerprint information and the specified information are merged by using a specified algorithm to obtain multi-dimensional information, where the specified information includes a transaction time, a transaction space, a transaction number, and a terminal number. At least one of the information; transmitting the multi-dimensional information to a server, and requesting the server to perform authentication verification on the multi-dimensional information. Therefore, by combining the fingerprint information and other information related to the transaction to obtain a unique and one-time authentication password, the risk prevention is stronger and the security is high.
  • the method before the acquiring the fingerprint information, the method further includes:
  • the method further includes:
  • the specified information and/or the specified algorithm are provided by the server.
  • the specified information includes at least one of a transaction time, a transaction space, a transaction number, and a terminal number.
  • the specifying algorithm includes a watermark embedding algorithm.
  • the watermark embedding algorithm can complete the information fusion without damaging the original fingerprint image, the algorithm has the characteristics of good concealment, high encryption security, irreversible encryption process and watermark information readable, and cannot Other images read from the appearance of the image can only be read by an algorithm corresponding to the watermark embedding algorithm. Therefore, the new authentication verification password obtained by using the algorithm to fuse the fingerprint image has high security.
  • the specifying algorithm may also be other image fusion algorithms for combining fingerprint image information with other information.
  • the server when a user performs a payment operation on the Alipay, the user needs to perform authentication verification on the payment operation, and the server first reads the time when the payment transaction occurs, and the payment transaction occurs.
  • the payment application that is, Alipay, and the terminal number
  • the server specifies the terminal to use the watermark embedding algorithm to integrate the three related information of transaction time, Alipay and terminal number into the fingerprint image to form four-dimensional information, and the terminal then merges the information.
  • the four-dimensional information is sent to the server, so that the server reads the four-dimensional information by using a decryption algorithm corresponding to the watermark embedding algorithm.
  • the server saves the time when the payment transaction occurs, the application and the terminal number, when the hacker steals the fingerprint image from the client, due to the fusion
  • the authentication password contains the transaction time and the terminal number. Even if the hacker uses the instruction image to authenticate to other terminals, it cannot pass the authentication of the server.
  • the hacker obtains the encrypted fingerprint image information on the client, or is hacked by the hacker during the process of transmitting the authentication password of the four-dimensional information from the client to the server, the hacker cannot obtain other information, such as the terminal ID, because the encryption process is irreversible. Therefore, the hacker still allows the server to authenticate the password that it has stolen on its own terminal.
  • the server can better strip the information for verification when performing authentication verification.
  • the requesting, by the server, the authentication verification of the multi-dimensional information includes:
  • the server is requested to perform authentication verification on the fingerprint information and the specified information, respectively.
  • the server first needs to read the four-dimensional information, obtain the fingerprint image and other dimensions, and then separately fingerprint the fingerprint. Information and other information for authentication verification.
  • FIG. 2-a is a schematic flowchart diagram of an encryption method according to a second embodiment of the present invention.
  • FIG. 2-b illustrates a second embodiment of the present invention. Schematic diagram of the interaction process of the encryption method.
  • an encryption method provided by the second embodiment of the present invention may include:
  • the server refers to a terminal used for verifying a fingerprint input by a client during a payment transaction, etc.; the client corresponds to the server, and the user needs to perform identity verification, such as payment transaction and information request.
  • the terminal exists in the terminal operated by the user.
  • the client obtains the fingerprint information of the user for authentication, and the client may be a mobile terminal such as a mobile phone or a tablet computer. For computers and other terminals.
  • the fingerprint information refers to information obtained from the client for authentication verification.
  • the user when a user performs a payment transaction, the user needs to be authenticated by the fingerprint information, so that the fingerprint image input by the user is received by the client through the fingerprint scanning device.
  • the fingerprint information and the specified information are merged by using a specified algorithm to obtain multi-dimensional information.
  • the specified information includes at least one of a transaction time, a transaction space, a transaction ticket number, and a terminal number.
  • the specified information refers to some information related to the transaction
  • the multi-dimensional information refers to information corresponding to the one-dimensional fingerprint information, including other dimensions.
  • unique information related to the transaction can be formed, for example, transaction time information when the transaction occurs, transaction space information, transaction number information, and which terminal the transaction is on.
  • fingerprint information and specified information may be A message in the fusion.
  • two or more pieces of instruction information and the specified information may be fused.
  • the encrypted fingerprint is effective and unique, and is bound to the geographical location of the client and the client, so that the authentication verification is more confidential.
  • the payment transaction when the payment transaction is performed, the payment transaction needs to be authenticated, and the fingerprint information acquired from the terminal, the transaction time information, the transaction number information, and the terminal number information of the transaction may be merged to obtain multi-dimensional information.
  • the method further includes:
  • the specified information and/or the specified algorithm are provided by the server.
  • the specified information includes at least one of a transaction time, a transaction space, a transaction number, and a terminal number.
  • the specifying algorithm includes a watermark embedding algorithm.
  • the watermark embedding algorithm can complete the information fusion without damaging the original fingerprint image, the algorithm has the characteristics of good concealment, high encryption security, irreversible encryption process and watermark information readable, and cannot Other images read from the appearance of the image can only be read by an algorithm corresponding to the watermark embedding algorithm. Therefore, the new authentication verification password obtained by using the algorithm to fuse the fingerprint image has high security.
  • the specifying algorithm may also be other image fusion algorithms for combining fingerprint image information with other information.
  • the server when a user performs a payment operation on the Alipay, the user needs to perform authentication verification on the payment operation, and the server first reads the time when the payment transaction occurs, and the payment transaction occurs.
  • the payment application that is, Alipay, and the terminal number
  • the server specifies the terminal to use the watermark embedding algorithm to integrate the three related information of transaction time, Alipay and terminal number into the fingerprint image to form four-dimensional information, and the terminal then merges the information.
  • the four-dimensional information is sent to the server, so that the server reads the four-dimensional information by using a decryption algorithm corresponding to the watermark embedding algorithm.
  • the hacker obtains the encrypted fingerprint image information on the client, or is hacked by the hacker during the process of transmitting the authentication password of the four-dimensional information from the client to the server, the hacker cannot obtain other information, such as the terminal ID, because the encryption process is irreversible. Therefore, the hacker still allows the server to authenticate the password that it has stolen on its own terminal.
  • the server can better strip the information for verification when performing authentication verification.
  • S205 Request the server to read the multi-dimensional information to obtain the fingerprint information and the specified information.
  • the server is requested to perform authentication verification on the fingerprint information and the specified information, respectively.
  • the server first needs to read the four-dimensional information, obtain the fingerprint image and other dimensions, and then separately fingerprint the fingerprint. Information and other information for authentication verification.
  • the authentication verification is performed by using this method. Since the authentication information is not only the fingerprint information, but the fingerprint information is combined with other related information generated by the transaction, the confidentiality of the information is stronger, that is, the hacker is more It is difficult to crack the multi-dimensional information that integrates other information related to the transaction, thereby ensuring the security of transaction authentication, and by adding other information such as transaction time, the authentication information has a one-time use, that is, use After one failure, even if the hacker steals the multidimensional information, it cannot be used elsewhere. If the fingerprint used by the user on Alipay is encrypted and hacked, the encrypted fingerprint cannot be used on WeChat payment, and the security is high.
  • the fingerprint information that the customer accepted at 9:00 am on May 14, 2015 the time information is combined with the fingerprint information through the encryption algorithm, then the merged fingerprint information cannot be used as May 2015.
  • the customer account is logged in. Similar to the terminal number, the single number, and the fingerprint of the geographical location information cannot complete the account login or account payment.
  • the fingerprint information is obtained; the fingerprint information and the specified information are merged by using a specified algorithm to obtain multi-dimensional information, where the specified information includes a transaction time, a transaction space, a transaction number, and a terminal number. At least one of the information; transmitting the multi-dimensional information to a server, and requesting the server to perform authentication verification on the multi-dimensional information. Therefore, by combining the fingerprint information and other information related to the transaction to obtain a unique and one-time authentication password, the risk prevention is stronger and the security is high.
  • the embodiment of the invention further provides an encryption device, the device comprising:
  • a fusion module configured to fuse the fingerprint information and the specified information by using a specified algorithm to obtain multi-dimensional information, where the specified information includes at least one of a transaction time, a transaction space, a transaction number, and a terminal number;
  • a requesting module configured to send the multi-dimensional information to the server, and request the server to perform authentication verification on the multi-dimensional information.
  • FIG. 3 is a schematic structural diagram of an encryption apparatus according to a third embodiment of the present invention.
  • an encryption apparatus 300 according to a third embodiment of the present invention may include :
  • the module 310, the fusion module 320, and the request module 330 are obtained.
  • the obtaining module 310 is configured to acquire fingerprint information.
  • the fingerprint information refers to information obtained from the client for authentication verification; the client corresponds to the server end, and the user exists in the process of performing authentication, such as payment transaction, information request, etc.
  • the terminal obtains the user's fingerprint information for authentication verification when the user needs to authenticate the identity of the user.
  • the client may be a mobile terminal such as a mobile phone or a tablet computer, or may be a terminal such as a computer; Refers to the terminal used to verify the fingerprint input by the client during the user's payment transaction.
  • the client scans through the fingerprint scanning device
  • the fingerprint image is drawn to obtain the fingerprint information input by the user.
  • the user when a user performs a payment transaction, the user needs to be authenticated by the fingerprint information, so that the fingerprint image input by the user is received by the client through the fingerprint scanning device.
  • the fusion module 320 is configured to fuse the fingerprint information and the specified information by using a specified algorithm to obtain multi-dimensional information, where the specified information includes at least one of a transaction time, a transaction space, a transaction number, and a terminal number.
  • the specified information refers to some information related to the transaction
  • the multi-dimensional information refers to information corresponding to the one-dimensional fingerprint information, including other dimensions.
  • unique information related to the transaction can be formed, for example, transaction time information when the transaction occurs, transaction space information, transaction number information, and which terminal the transaction is on.
  • one of the fingerprint information and the specified information may be merged.
  • two or more pieces of instruction information and the specified information may be fused.
  • the encrypted fingerprint is effective and unique, and is bound to the geographical location of the client and the client, so that the authentication verification is more confidential.
  • the payment transaction when the payment transaction is performed, the payment transaction needs to be authenticated, and the fingerprint information acquired from the terminal, the transaction time information, the transaction number information, and the terminal number information of the transaction may be merged to obtain multi-dimensional information.
  • the requesting module 330 is configured to send the multi-dimensional information to the server, and request the server to perform authentication verification on the multi-dimensional information.
  • the payment transaction when the payment transaction is performed, the payment transaction needs to be authenticated, and the fingerprint information acquired from the terminal, the transaction time information, the transaction number information, and the terminal number information of the transaction may be merged to obtain multi-dimensional information.
  • the multidimensional information is then sent to the server, so that the server verifies the multidimensional information.
  • the authentication verification is performed by using this method, because the authentication information is not only the fingerprint information, Rather, the fingerprint information fuses other relevant information related to the transaction, so that the confidentiality of the information is stronger, that is, the hacker is more difficult to crack the multi-dimensional information that fuses other information related to the transaction, thereby ensuring
  • the security of transaction authentication, and the addition of other information such as transaction time causes the authentication information to be one-time, that is, it will be invalid after one use, even if the hacker steals the multi-dimensional information, it cannot be used elsewhere. If the fingerprint used by the user on Alipay is encrypted and hacked, the encrypted fingerprint cannot be used on WeChat payment, and the security is high.
  • the fingerprint information that the customer accepted at 9:00 am on May 14, 2015 the time information is combined with the fingerprint information through the encryption algorithm, then the merged fingerprint information cannot be used as May 2015.
  • the customer account is logged in. Similar to the terminal number, the single number, and the fingerprint of the geographical location information cannot complete the account login or account payment.
  • the encryption device 300 acquires the fingerprint information; the encryption device 300 fuses the fingerprint information and the specified information by using a specified algorithm to obtain multi-dimensional information, where the specified information includes transaction time, transaction space, At least one of a transaction number and a terminal number; the encryption device 300 transmits the multi-dimensional information to a server, and requests the server to perform authentication verification on the multi-dimensional information. Therefore, by combining the fingerprint information and other information related to the transaction to obtain a unique and one-time authentication password, the risk prevention is stronger and the security is high.
  • FIG. 4 is a schematic structural diagram of an encryption apparatus according to a fourth embodiment of the present invention.
  • a fourth embodiment of the present invention provides an encryption apparatus 400, which may include:
  • the first receiving module 410 The first receiving module 410, the sending module 420, the second receiving module 430, and the first display module 440.
  • the acquisition module 410 the fusion module 420, and the request module 430.
  • the obtaining module 410 is configured to acquire fingerprint information.
  • the fingerprint information refers to information obtained from the client for authentication verification; the client corresponds to the server end, and the user exists in the process of performing authentication, such as payment transaction, information request, etc.
  • the terminal obtains the user's fingerprint information for authentication verification when the user needs to authenticate the identity of the user.
  • the client may be a mobile terminal such as a mobile phone or a tablet computer, or may be a terminal such as a computer; Refers to the user in the process of payment transactions, etc. The terminal that the client enters the fingerprint to verify.
  • the client scans the fingerprint image by using the fingerprint scanning device, so as to obtain fingerprint information input by the user.
  • the user when a user performs a payment transaction, the user needs to be authenticated by the fingerprint information, so that the fingerprint image input by the user is received by the client through the fingerprint scanning device.
  • the fusion module 420 is configured to fuse the fingerprint information and the specified information by using a specified algorithm to obtain multi-dimensional information, where the specified information includes at least one of a transaction time, a transaction space, a transaction number, and a terminal number.
  • the specified information refers to some information related to the transaction
  • the multi-dimensional information refers to information corresponding to the one-dimensional fingerprint information, including other dimensions.
  • unique information related to the transaction can be formed, for example, transaction time information when the transaction occurs, transaction space information, transaction number information, and which terminal the transaction is on.
  • one of the fingerprint information and the specified information may be merged.
  • two or more pieces of instruction information and the specified information may be fused.
  • the encrypted fingerprint is effective and unique, and is bound to the geographical location of the client and the client, so that the authentication verification is more confidential.
  • the payment transaction when the payment transaction is performed, the payment transaction needs to be authenticated, and the fingerprint information acquired from the terminal, the transaction time information, the transaction number information, and the terminal number information of the transaction may be merged to obtain multi-dimensional information.
  • the requesting module 430 is configured to send the multi-dimensional information to the server, and request the server to perform authentication verification on the multi-dimensional information.
  • the payment transaction when the payment transaction is performed, the payment transaction needs to be authenticated, and the fingerprint information acquired from the terminal, the transaction time information, the transaction number information, and the terminal number information of the transaction may be merged to obtain multi-dimensional information.
  • the multidimensional information is sent to the server, so that the server pair This multidimensional information is verified.
  • the authentication verification is performed by using this method. Since the authentication information is not only the fingerprint information, but the fingerprint information is combined with other related information generated by the transaction, the confidentiality of the information is stronger, that is, the hacker is more It is difficult to crack the multi-dimensional information that integrates other information related to the transaction, thereby ensuring the security of transaction authentication, and by adding other information such as transaction time, the authentication information has a one-time use, that is, use After one failure, even if the hacker steals the multidimensional information, it cannot be used elsewhere. If the fingerprint used by the user on Alipay is encrypted and hacked, the encrypted fingerprint cannot be used on WeChat payment, and the security is high.
  • the fingerprint information that the customer accepted at 9:00 am on May 14, 2015 the time information is combined with the fingerprint information through the encryption algorithm, then the merged fingerprint information cannot be used as May 2015.
  • the customer account is logged in. Similar to the terminal number, the single number, and the fingerprint of the geographical location information cannot complete the account login or account payment.
  • the method before the acquiring the fingerprint information, the method further includes:
  • the receiving module 440 is configured to receive an authentication verification request sent by the server.
  • the method further includes:
  • the specified information and/or the specified algorithm are provided by the server.
  • the specified information includes at least one of a transaction time, a transaction space, a transaction number, and a terminal number.
  • the specifying algorithm includes a watermark embedding algorithm.
  • the watermark embedding algorithm can complete the information fusion without damaging the original fingerprint image, the algorithm has the characteristics of good concealment, high encryption security, irreversible encryption process and watermark information readable, and cannot Other images read from the appearance of the image can only be read by an algorithm corresponding to the watermark embedding algorithm. Therefore, the new authentication verification password obtained by using the algorithm to fuse the fingerprint image has high security.
  • the specified algorithm may also be It is an image fusion algorithm for fusing fingerprint image information with other information.
  • the server when a user performs a payment operation on the Alipay, the user needs to perform authentication verification on the payment operation, and the server first reads the time when the payment transaction occurs, and the payment transaction occurs.
  • the payment application that is, Alipay, and the terminal number
  • the server specifies the terminal to use the watermark embedding algorithm to integrate the three related information of transaction time, Alipay and terminal number into the fingerprint image to form four-dimensional information, and the terminal then merges the information.
  • the four-dimensional information is sent to the server, so that the server reads the four-dimensional information by using a decryption algorithm corresponding to the watermark embedding algorithm.
  • the server saves the time when the payment transaction occurs, the application and the terminal number, when the hacker steals the fingerprint image from the client, due to the fusion
  • the authentication password contains the transaction time and the terminal number. Even if the hacker uses the instruction image to authenticate to other terminals, it cannot pass the authentication of the server.
  • the hacker obtains the encrypted fingerprint image information on the client, or is hacked by the hacker during the process of transmitting the authentication password of the four-dimensional information from the client to the server, the hacker cannot obtain other information, such as the terminal ID, because the encryption process is irreversible. Therefore, the hacker still allows the server to authenticate the password that it has stolen on its own terminal.
  • the server can better strip the information for verification when performing authentication verification.
  • the requesting, by the server, the authentication verification of the multi-dimensional information includes:
  • a first requesting unit 431, configured to request the server to read the multi-dimensional information, to obtain the fingerprint information and the specified information
  • the second requesting unit 432 is configured to request the server to perform authentication verification on the fingerprint information and the specified information respectively.
  • the server first needs to read the four-dimensional information to obtain the fingerprint image and The information of other dimensions is separately verified for several other information.
  • the encryption device 400 acquires the fingerprint information; the encryption device 400 fuses the fingerprint information and the specified information by using a specified algorithm to obtain multi-dimensional information, where the specified information includes transaction time, transaction space, At least one of a transaction number and a terminal number; the encryption device 400 transmits the multi-dimensional information to a server, and requests the server to perform authentication verification on the multi-dimensional information. Therefore, by combining the fingerprint information and other information related to the transaction to obtain a unique and one-time authentication password, the risk prevention is stronger and the security is high.
  • FIG. 5 is a schematic structural diagram of an encryption apparatus according to a fifth embodiment of the present invention.
  • a fifth embodiment of the present invention provides an encryption apparatus 500 that can include at least one bus 501, at least one processor 502 connected to the bus, and at least one memory 503 connected to the bus.
  • the processor 502 calls the code stored in the memory 503 to obtain fingerprint information through the bus 501; and fuses the fingerprint information and the specified information by using a specified algorithm to obtain multi-dimensional information, where the specified information includes transaction time and transaction. At least one of a space, a transaction order number, and a terminal number; transmitting the multi-dimensional information to a server, and requesting the server to perform authentication verification on the multi-dimensional information.
  • the fingerprint information refers to the information obtained from the client for authentication verification; the client corresponds to the server end, and the user exists in the process of performing authentication, such as payment transaction, information request, etc., in the process of user authentication.
  • the terminal obtains the user's fingerprint information for authentication verification when the user needs to authenticate the identity of the user.
  • the client may be a mobile terminal such as a mobile phone or a tablet computer, or may be a terminal such as a computer; Refers to the terminal used to verify the fingerprint input by the client during the user's payment transaction.
  • the client scans the fingerprint image by using the fingerprint scanning device, so as to obtain fingerprint information input by the user.
  • the specified information refers to some information related to the transaction
  • the multi-dimensional information refers to information corresponding to the one-dimensional fingerprint information, including other dimensions.
  • unique information related to the transaction can be formed, for example, transaction time information when the transaction occurs, transaction space information, transaction number information, and which terminal the transaction is on.
  • the authentication verification is performed by using this method. Since the authentication information is not only the fingerprint information, but the fingerprint information is combined with other related information generated by the transaction, the confidentiality of the information is stronger, that is, the hacker is more It is difficult to crack the multi-dimensional information that integrates other information related to the transaction, thereby ensuring the security of transaction authentication, and by adding other information such as transaction time, the authentication information has a one-time use, that is, use After one failure, even if the hacker steals the multidimensional information, it cannot be used elsewhere. If the fingerprint used by the user on Alipay is encrypted and hacked, the encrypted fingerprint cannot be used on WeChat payment, and the security is high.
  • the processor 502 is further configured to:
  • the specifying information and/or the specifying algorithm are provided by the server.
  • the specified information includes at least one of a transaction time, a transaction space, a transaction number, and a terminal number.
  • the specifying algorithm includes a watermark embedding algorithm.
  • the watermark embedding algorithm can complete the information fusion without damaging the original fingerprint image, the algorithm has the characteristics of good concealment, high encryption security, irreversible encryption process and watermark information readable, and cannot Other images read from the appearance of the image can only be read by an algorithm corresponding to the watermark embedding algorithm. Therefore, the new authentication verification password obtained by using the algorithm to fuse the fingerprint image has high security.
  • the specifying algorithm may also be other image fusion algorithms for combining fingerprint image information with other information.
  • the hacker obtains the encrypted fingerprint image information on the client, or is hacked by the hacker during the process of transmitting the authentication password of the four-dimensional information from the client to the server, the hacker cannot obtain other information, such as the terminal ID, because the encryption process is irreversible. Therefore, the hacker still allows the server to authenticate the password that it has stolen on its own terminal.
  • the server can better strip the information for verification when performing authentication verification.
  • the processor 502 is further configured to:
  • the server is requested to perform authentication verification on the fingerprint information and the specified information, respectively.
  • the server first needs to read the four-dimensional information to obtain the fingerprint image and other dimensions, and then separately Several pieces of information are verified for authentication.
  • the encryption device 500 acquires the fingerprint information; the encryption device 500 fuses the fingerprint information and the specified information by using a specified algorithm to obtain multi-dimensional information, where the specified information includes transaction time, transaction space, At least one of a transaction number and a terminal number; the encryption device 500 transmits the multi-dimensional information to a server, and requests the server to perform authentication verification on the multi-dimensional information. Therefore, by combining the fingerprint information and other information related to the transaction to obtain a unique and one-time authentication password, the risk prevention is stronger and the security is high.
  • the embodiment of the present invention further provides a computer storage medium, wherein the computer storage medium can store a program, and the program includes some or all of the steps of the operation method of any of the audio playback applications described in the foregoing method embodiments.
  • the disclosed apparatus may be implemented in other ways.
  • the device embodiments described above are merely illustrative.
  • the division of the unit is only a logical function division.
  • there may be another division manner for example, multiple units or components may be combined or may be Integrate into another system, or some features can be ignored or not executed.
  • the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be electrical or otherwise.
  • the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
  • each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.
  • the above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
  • the integrated unit if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium.
  • the medium includes a number of instructions for causing a computer device (which may be a personal computer, server or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention.
  • the foregoing storage medium includes: a U disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk, and the like. .

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • Strategic Management (AREA)
  • Finance (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Collating Specific Patterns (AREA)

Abstract

Disclosed are an encryption method and apparatus, the method comprising: acquiring fingerprint information; fusing the fingerprint information and designated information using a designated algorithm so as to obtain multi-dimensional information, wherein the designated information comprises at least one piece of information of a transaction time, a transaction space, a transaction order number and a terminal number; and sending the multi-dimensional information to a server, and requesting the server to authenticate and verify the multi-dimensional information. In the embodiments of the present invention, by fusing fingerprint information and other information related to a transaction, a unique and disposable authentication password is obtained, which leads to higher risk defence and higher security.

Description

一种加密方法及装置Encryption method and device
本申请要求于2015年7月1日提交中国专利局,申请号为201510379368.8、发明名称为“一种加密方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。The present application claims priority to Chinese Patent Application No. 201510379368.8, the entire disclosure of which is incorporated herein in
技术领域Technical field
本发明涉及通信领域,具体涉及一种加密方法及装置。The present invention relates to the field of communications, and in particular, to an encryption method and apparatus.
背景技术Background technique
为了保障安全,在支付等保密性强的交易过程中,服务器端需要利用一定的方式对客户端的操作进行鉴权验证,指纹识别由于其易于提取、识别速度快、精度高等优点,是目前应用最广的人体身份生物特征验证方法。In order to ensure security, in the process of payment and other confidential transactions, the server needs to use a certain way to authenticate the client's operation. Fingerprint recognition is the most widely used because of its easy extraction, fast recognition speed and high precision. A wide range of human identity biometric verification methods.
但是,科技有其双刃性,随着信息技术的发展,黑客对密码的破解能力也越来越强,即使使用的是高精度的指纹密码,黑客也有可能对其进行破解。若黑客在鉴权交易过程的任一环节截取到客户端录入的鉴权指纹密码,如在客户端获取、在指纹图像从客户端传输到服务器端的过程中截取或在服务器端窃取,都将导致和指纹鉴权相关的文件或帐户受到安全威胁,所以需要一种风险防范性更强的加密方法。However, technology has its double edge. With the development of information technology, hackers have become more and more capable of cracking passwords. Even if high-precision fingerprint passwords are used, hackers may crack them. If the hacker intercepts the authentication fingerprint password entered by the client at any step of the authentication transaction process, such as intercepting in the client, intercepting the fingerprint image from the client to the server, or stealing on the server, it will result in Files or accounts related to fingerprint authentication are subject to security threats, so a more risk-sensitive encryption method is needed.
发明内容Summary of the invention
本发明实施例提供了一种加密方法及装置,以期可以在鉴权验证的时候风险防范性更强,安全性高。The embodiment of the invention provides an encryption method and device, so that the risk prevention is stronger and the security is higher when the authentication is verified.
本发明实施例第一方面提供一种加密方法,包括:A first aspect of the embodiments of the present invention provides an encryption method, including:
获取指纹信息;Obtain fingerprint information;
将所述指纹信息和指定信息利用指定算法进行融合,得到多维信息,所述指定信息包括交易时间、交易空间、交易单号和终端号中的至少一个信息;And combining the fingerprint information and the specified information by using a specified algorithm to obtain multi-dimensional information, where the specified information includes at least one of a transaction time, a transaction space, a transaction order number, and a terminal number;
将所述多维信息发送至服务器,并请求所述服务器对所述多维信息进行鉴权验证。Sending the multi-dimensional information to the server, and requesting the server to perform authentication verification on the multi-dimensional information.
本发明实施例第二方面提供一种加密装置,包括: A second aspect of the embodiments of the present invention provides an encryption apparatus, including:
获取模块,用于获取指纹信息;Obtaining a module, configured to acquire fingerprint information;
融合模块,用于将所述指纹信息和指定信息利用指定算法进行融合,得到多维信息,所述指定信息包括交易时间、交易空间、交易单号和终端号中的至少一个信息;a fusion module, configured to fuse the fingerprint information and the specified information by using a specified algorithm to obtain multi-dimensional information, where the specified information includes at least one of a transaction time, a transaction space, a transaction number, and a terminal number;
请求模块,用于将所述多维信息发送至服务器,并请求所述服务器对所述多维信息进行鉴权验证。And a requesting module, configured to send the multi-dimensional information to the server, and request the server to perform authentication verification on the multi-dimensional information.
可以看出,在本发明实施例提供的技术方案中,获取指纹信息;将所述指纹信息和指定信息利用指定算法进行融合,得到多维信息,所述指定信息包括交易时间、交易空间、交易单号和终端号中的至少一个信息;将所述多维信息发送至服务器,并请求所述服务器对所述多维信息进行鉴权验证。从而通过将指纹信息和交易相关的其它信息进行融合得到唯一且具有一次性效果的鉴权密码,风险防范性更强,安全性高。It can be seen that, in the technical solution provided by the embodiment of the present invention, fingerprint information is acquired; the fingerprint information and the specified information are merged by using a specified algorithm to obtain multi-dimensional information, where the specified information includes transaction time, transaction space, and transaction order. At least one of the number and the terminal number; transmitting the multi-dimensional information to the server, and requesting the server to perform authentication verification on the multi-dimensional information. Therefore, by combining the fingerprint information and other information related to the transaction to obtain a unique and one-time authentication password, the risk prevention is stronger and the security is high.
附图说明DRAWINGS
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the description of the prior art will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present invention, and other drawings can be obtained from those skilled in the art without any creative work.
图1是本发明第一实施例提供的一种加密方法的流程示意图;1 is a schematic flowchart of an encryption method according to a first embodiment of the present invention;
图2-a是本发明第二实施例提供的一种加密方法的流程示意图;2 is a schematic flowchart of an encryption method according to a second embodiment of the present invention;
图2-b是本发明第二实施例提供的一种加密方法的交互流程示意图;FIG. 2 is a schematic diagram of an interaction process of an encryption method according to a second embodiment of the present invention; FIG.
图3是本发明第三实施例提供的一种加密装置的结构示意图;3 is a schematic structural diagram of an encryption apparatus according to a third embodiment of the present invention;
图4是本发明第四实施例提供一种加密装置的结构示意图;4 is a schematic structural diagram of an encryption apparatus according to a fourth embodiment of the present invention;
图5是本发明第五实施例提供的一种加密装置的结构示意图。FIG. 5 is a schematic structural diagram of an encryption apparatus according to a fifth embodiment of the present invention.
具体实施方式detailed description
本发明实施例提供了一种加密方法及装置,以期可以在鉴权验证的时候风险防范性更强,安全性高。The embodiment of the invention provides an encryption method and device, so that the risk prevention is stronger and the security is higher when the authentication is verified.
为了使本技术领域的人员更好地理解本发明方案,下面将结合本发明实施 例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分的实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都应当属于本发明保护的范围。In order to enable those skilled in the art to better understand the solution of the present invention, the following will be implemented in conjunction with the present invention. The technical solutions in the embodiments of the present invention are clearly and completely described in the accompanying drawings. It is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts shall fall within the scope of the present invention.
本发明的说明书和权利要求书及上述附图中的术语“第一”、“第二”和“第三”等是用于区别不同对象,而非用于描述特定顺序。此外,术语“包括”以及它们任何变形,意图在于覆盖不排他的包含。例如包含了一系列步骤或单元的过程、方法、系统、产品或设备没有限定于已列出的步骤或单元,而是可选地还包括没有列出的步骤或单元,或可选地还包括对于这些过程、方法、产品或设备固有的其它步骤或单元。The terms "first", "second" and "third" and the like in the specification and claims of the present invention and the above drawings are used to distinguish different objects, and are not intended to describe a specific order. Moreover, the term "comprise" and any variants thereof are intended to cover a non-exclusive inclusion. For example, a process, method, system, product, or device that comprises a series of steps or units is not limited to the listed steps or units, but optionally also includes steps or units not listed, or alternatively Other steps or units inherent to these processes, methods, products or equipment.
本发明实施例的一种加密方法,一种加密方法包括:获取指纹信息;将所述指纹信息和指定信息利用指定算法进行融合,得到多维信息,所述指定信息包括交易时间、交易空间、交易单号和终端号中的至少一个信息;将所述多维信息发送至服务器,并请求所述服务器对所述多维信息进行鉴权验证。An encryption method according to an embodiment of the present invention, an encryption method includes: acquiring fingerprint information; and fusing the fingerprint information and the specified information by using a specified algorithm to obtain multi-dimensional information, where the specified information includes transaction time, transaction space, and transaction At least one of a single number and a terminal number; transmitting the multi-dimensional information to a server, and requesting the server to perform authentication verification on the multi-dimensional information.
首先参见图1,图1是本发明第一实施例提供的一种加密方法的流程示意图。其中,如图1所示,本发明第一实施例提供的一种加密方法可以包括:Referring first to FIG. 1, FIG. 1 is a schematic flowchart diagram of an encryption method according to a first embodiment of the present invention. As shown in FIG. 1 , an encryption method provided by the first embodiment of the present invention may include:
S101、获取指纹信息。S101. Acquire fingerprint information.
其中,指纹信息是指从客户端获取的用于鉴权验证的信息;客户端与服务器端相对应,用户在进行支付交易、信息请求等需要进行身份验证的过程中,存在于用户操作这边的终端,当需要对用户的身份进行鉴权验证时,客户端获取用户的指纹信息用于鉴权验证,客户端可以为手机、平板电脑等移动终端,也可以为计算机等终端;服务器端是指在用户进行支付交易等过程中,用于对客户端输入的指纹进行验证的终端。The fingerprint information refers to information obtained from the client for authentication verification; the client corresponds to the server end, and the user exists in the process of performing authentication, such as payment transaction, information request, etc. The terminal obtains the user's fingerprint information for authentication verification when the user needs to authenticate the identity of the user. The client may be a mobile terminal such as a mobile phone or a tablet computer, or may be a terminal such as a computer; Refers to the terminal used to verify the fingerprint input by the client during the user's payment transaction.
可选地,在本发明的一些可能的实施方式中,客户端通过指纹扫描设备扫描指纹图像,从而获取到用户输入的指纹信息。Optionally, in some possible implementation manners of the present invention, the client scans the fingerprint image by using the fingerprint scanning device, so as to obtain fingerprint information input by the user.
举例说明,在本发明的一些可能的实施方式中,当用户进行支付交易时,需要通过指纹信息对用户进行身份验证,从而在客户端通过指纹扫描设备接收用户输入的指纹图像。For example, in some possible implementation manners of the present invention, when a user performs a payment transaction, the user needs to be authenticated by the fingerprint information, so that the fingerprint image input by the user is received by the client through the fingerprint scanning device.
S102、将所述指纹信息和指定信息利用指定算法进行融合,得到多维信 息,所述指定信息包括交易时间、交易空间、交易单号和终端号中的至少一个信息。S102. Integrate the fingerprint information and the specified information by using a specified algorithm to obtain a multi-dimensional letter. And the specified information includes at least one of a transaction time, a transaction space, a transaction number, and a terminal number.
其中,指定信息是指与交易相关的一些信息,多维信息是指与一维指纹信息相对应地,包含其它维度的信息。当将指定信息和指纹信息结合成多维信息时,则可以形成与该交易相关的唯一的信息,例如,交易发生时的交易时间信息、交易空间信息、交易单号信息,以及交易在哪个终端上进行等信息,当将指纹信息和这些信息结合时,则可以形成该交易的唯一的验证信息,当变换这些信息中的任何一个,则与之前的多维信息不一致。The specified information refers to some information related to the transaction, and the multi-dimensional information refers to information corresponding to the one-dimensional fingerprint information, including other dimensions. When the specified information and the fingerprint information are combined into multi-dimensional information, unique information related to the transaction can be formed, for example, transaction time information when the transaction occurs, transaction space information, transaction number information, and which terminal the transaction is on. By performing the information, when the fingerprint information is combined with the information, the unique verification information of the transaction can be formed, and when any of the information is transformed, it is inconsistent with the previous multidimensional information.
可选地,在本发明的一些可能的实施方式中,可以将指纹信息和指定信息中的一个信息进行融合。Optionally, in some possible implementation manners of the present invention, one of the fingerprint information and the specified information may be merged.
可选地,在本发明的另一些可能的实施方式中,可以将指令信息和指定信息中的二个及以上的信息进行融合。Optionally, in other possible implementation manners of the present invention, two or more pieces of instruction information and the specified information may be fused.
可以理解,加密后的指纹具有实效性和唯一性,与客户端以及客户端的地理位置绑定,从而将使得鉴权验证保密性更强。It can be understood that the encrypted fingerprint is effective and unique, and is bound to the geographical location of the client and the client, so that the authentication verification is more confidential.
举例说明,当在进行支付交易时,需要对支付交易进行鉴权验证,可以将从终端获取到的指纹信息和交易时间信息、交易单号信息以及交易发生的终端号信息进行融合得到多维信息。For example, when the payment transaction is performed, the payment transaction needs to be authenticated, and the fingerprint information acquired from the terminal, the transaction time information, the transaction number information, and the terminal number information of the transaction may be merged to obtain multi-dimensional information.
S103、将所述多维信息发送至服务器,并请求所述服务器对所述多维信息进行鉴权验证。S103. Send the multi-dimensional information to a server, and request the server to perform authentication verification on the multi-dimensional information.
举例说明,当在进行支付交易时,需要对支付交易进行鉴权验证,可以将从终端获取到的指纹信息和交易时间信息、交易单号信息以及交易发生的终端号信息进行融合得到多维信息,再将该多维信息发送到服务器,从而服务器对该多维信息进行验证。For example, when the payment transaction is performed, the payment transaction needs to be authenticated, and the fingerprint information acquired from the terminal, the transaction time information, the transaction number information, and the terminal number information of the transaction may be merged to obtain multi-dimensional information. The multidimensional information is then sent to the server, so that the server verifies the multidimensional information.
可以理解,利用此方式进行鉴权验证,由于鉴权信息不单单只是指纹信息,而是由指纹信息融合了与交易发生的其它相关信息,从而使得该信息的保密性更强,也即黑客更难对这种融合了与交易相关的其它信息的多维信息进行破解,从而保证了交易鉴权的安全性,并且由于加入了如交易时间等其它信息,导致该鉴权信息具有一次性,即使用一次后即失效,即便黑客窃取了该多维信息,也无法用于其它地方。如用户在支付宝上使用的指纹,经过加密后被黑客 窃取,该加密指纹无法在微信支付上使用,安全性高。It can be understood that the authentication verification is performed by using this method. Since the authentication information is not only the fingerprint information, but the fingerprint information is combined with other related information generated by the transaction, the confidentiality of the information is stronger, that is, the hacker is more It is difficult to crack the multi-dimensional information that integrates other information related to the transaction, thereby ensuring the security of transaction authentication, and by adding other information such as transaction time, the authentication information has a one-time use, that is, use After one failure, even if the hacker steals the multidimensional information, it cannot be used elsewhere. If the fingerprint used by the user on Alipay is encrypted, it is hacked. Stealing, the encrypted fingerprint cannot be used on WeChat payment, and the security is high.
再举一个更具体的例子,比如,客户在2015年5月14日上午9点录取的指纹信息,通过加密算法将时间信息与指纹信息融合,那么融合后的指纹信息无法作为在2015年5月14日上午10点登录客户账户,类似的融合了终端号,单号,地理位置信息的指纹无法完成信息不对应的账户登录或者账户支付。To give a more specific example, for example, the fingerprint information that the customer accepted at 9:00 am on May 14, 2015, the time information is combined with the fingerprint information through the encryption algorithm, then the merged fingerprint information cannot be used as May 2015. At 10:00 on the 14th, the customer account is logged in. Similar to the terminal number, the single number, and the fingerprint of the geographical location information cannot complete the account login or account payment.
可以看出,本实施例的方案中,获取指纹信息;将所述指纹信息和指定信息利用指定算法进行融合,得到多维信息,所述指定信息包括交易时间、交易空间、交易单号和终端号中的至少一个信息;将所述多维信息发送至服务器,并请求所述服务器对所述多维信息进行鉴权验证。从而通过将指纹信息和交易相关的其它信息进行融合得到唯一且具有一次性效果的鉴权密码,风险防范性更强,安全性高。It can be seen that, in the solution of the embodiment, the fingerprint information is obtained; the fingerprint information and the specified information are merged by using a specified algorithm to obtain multi-dimensional information, where the specified information includes a transaction time, a transaction space, a transaction number, and a terminal number. At least one of the information; transmitting the multi-dimensional information to a server, and requesting the server to perform authentication verification on the multi-dimensional information. Therefore, by combining the fingerprint information and other information related to the transaction to obtain a unique and one-time authentication password, the risk prevention is stronger and the security is high.
可选地,在本发明的一些可能的实施方式中,所述获取指纹信息之前,所述方法还包括:Optionally, in some possible implementation manners of the present disclosure, before the acquiring the fingerprint information, the method further includes:
接收所述服务器发送的鉴权验证请求。Receiving an authentication verification request sent by the server.
可以理解,由于鉴权过程在服务器端执行,所以首先需要由服务器端发起鉴权验证请求。It can be understood that since the authentication process is performed on the server side, it is first necessary to initiate an authentication verification request by the server.
可选地,在本发明的一些可能的实施方式中,所述方法还包括:Optionally, in some possible implementation manners of the present invention, the method further includes:
所述指定信息和/所述指定算法由所述服务器提供。The specified information and/or the specified algorithm are provided by the server.
其中,指定信息包括交易时间、交易空间、交易单号和终端号中的至少一个信息。The specified information includes at least one of a transaction time, a transaction space, a transaction number, and a terminal number.
可选地,在本发明的一些可能的实施方式中,所述指定算法包括水印嵌入算法。Optionally, in some possible implementation manners of the present invention, the specifying algorithm includes a watermark embedding algorithm.
可以理解,由于水印嵌入算法可以在不损坏原有指纹图像的基础上,完成信息融合,该算法具有隐秘性好,加密安全性高,加密过程不可逆和水印信息可读取等特点,并且,无法从图像的外观上读取出来其它图像,只能通过与水印嵌入算法相对应的算法才能读取。从而利用该算法对指纹图像进行融合后得到的新的鉴权验证密码的安全性高。It can be understood that since the watermark embedding algorithm can complete the information fusion without damaging the original fingerprint image, the algorithm has the characteristics of good concealment, high encryption security, irreversible encryption process and watermark information readable, and cannot Other images read from the appearance of the image can only be read by an algorithm corresponding to the watermark embedding algorithm. Therefore, the new authentication verification password obtained by using the algorithm to fuse the fingerprint image has high security.
可选地,在本发明的另一些可能的实施方式中,所述指定算法还可以是其它图像融合算法,用于将指纹图像信息和其它信息融合。 Optionally, in other possible implementation manners of the present invention, the specifying algorithm may also be other image fusion algorithms for combining fingerprint image information with other information.
举例说明,在本发明的一些可能的实施方式中,当用户在支付宝上进行支付操作时,需要对用户的支付操作进行鉴权验证,服务器首先读取该支付交易发生的时间,该支付交易发生的支付应用程序,也即支付宝,以及终端号,然后服务器再指定终端利用水印嵌入算法将交易时间、支付宝和终端号这三个相关信息融入指纹图像中,形成四维信息,终端再将该融合后的四维信息发送至服务器,从而服务器再利用与水印嵌入算法相对应的解密算法读取该四维信息。For example, in some possible implementation manners of the present invention, when a user performs a payment operation on the Alipay, the user needs to perform authentication verification on the payment operation, and the server first reads the time when the payment transaction occurs, and the payment transaction occurs. The payment application, that is, Alipay, and the terminal number, then the server then specifies the terminal to use the watermark embedding algorithm to integrate the three related information of transaction time, Alipay and terminal number into the fingerprint image to form four-dimensional information, and the terminal then merges the information. The four-dimensional information is sent to the server, so that the server reads the four-dimensional information by using a decryption algorithm corresponding to the watermark embedding algorithm.
可以理解,由于与指纹信息进行融合的其它信息由服务器指定,也即服务器保存了该支付交易发生的时间,应用程序以及终端号,那么当黑客从客户端窃取到指纹图像时,由于融合后的鉴权密码包含了交易时间和终端号,黑客即使利用该指令图像去其它终端进行鉴权验证,都无法通过服务器端的鉴权验证。It can be understood that since the other information fused with the fingerprint information is specified by the server, that is, the server saves the time when the payment transaction occurs, the application and the terminal number, when the hacker steals the fingerprint image from the client, due to the fusion The authentication password contains the transaction time and the terminal number. Even if the hacker uses the instruction image to authenticate to other terminals, it cannot pass the authentication of the server.
再如果黑客在客户端得到加密后的指纹图像信息,或者在四维信息的鉴权密码从客户端传输至服务器端的过程中被黑客窃取,由于加密过程不可逆,黑客无法得到其它信息,如终端ID,从而黑客依然在自己的终端上让服务器对它所窃取到的密码进行鉴权验证。If the hacker obtains the encrypted fingerprint image information on the client, or is hacked by the hacker during the process of transmitting the authentication password of the four-dimensional information from the client to the server, the hacker cannot obtain other information, such as the terminal ID, because the encryption process is irreversible. Therefore, the hacker still allows the server to authenticate the password that it has stolen on its own terminal.
并且,由于加密算法由服务器端指定,所以服务器端在进行鉴权验证时,能更好地剥离信息进行验证。Moreover, since the encryption algorithm is specified by the server, the server can better strip the information for verification when performing authentication verification.
从而,由服务器端对需要融合的指定信息以及指定算法进行设定,能保证鉴权过程更加安全。Therefore, setting the specified information and the specified algorithm that need to be merged by the server side can ensure the authentication process is more secure.
可选地,在本发明的另一些可能的实施方式中,所述请求所述服务器对所述多维信息进行鉴权验证,包括:Optionally, in another possible implementation manner of the present invention, the requesting, by the server, the authentication verification of the multi-dimensional information includes:
请求所述服务器读取所述多维信息,得到所述指纹信息和所述指定信息;Requesting the server to read the multi-dimensional information to obtain the fingerprint information and the specified information;
请求所述服务器对所述指纹信息和所述指定信息分别进行鉴权验证。The server is requested to perform authentication verification on the fingerprint information and the specified information, respectively.
举例说明,当在指纹图像中嵌入了将交易时间、支付宝和终端号这三个相关信息得到四维信息后,服务器首先需要读取该四维信息,得到指纹图像以及其它维度的信息,再分别对指纹信息和其它信息进行鉴权验证。For example, when the three related information of the transaction time, the Alipay, and the terminal number are embedded in the fingerprint image, the server first needs to read the four-dimensional information, obtain the fingerprint image and other dimensions, and then separately fingerprint the fingerprint. Information and other information for authentication verification.
可以理解,利用此种方式,真正实现了对多维信息的鉴权验证,使得鉴权的安全性高。 It can be understood that, in this way, the authentication verification of the multi-dimensional information is truly realized, so that the security of the authentication is high.
为了便于更好理解和实施本发明实施例的上述方案,下面结合一些具体的应用场景进行举例说明。In order to facilitate the better understanding and implementation of the foregoing solutions of the embodiments of the present invention, the following is exemplified in conjunction with some specific application scenarios.
请参见图2,图2-a是本发明第二实施例提供的一种加密方法的流程示意图,为了便于理解本实施例,图2-b示出了本发明第二实施例提供的一种加密方法的交互流程示意图。其中,如图2所示,本发明第二实施例提供的一种加密方法可以包括:Referring to FIG. 2, FIG. 2-a is a schematic flowchart diagram of an encryption method according to a second embodiment of the present invention. To facilitate understanding of the embodiment, FIG. 2-b illustrates a second embodiment of the present invention. Schematic diagram of the interaction process of the encryption method. As shown in FIG. 2, an encryption method provided by the second embodiment of the present invention may include:
S201、接收所述服务器发送的鉴权验证请求。S201. Receive an authentication verification request sent by the server.
其中,服务器是指在用户进行支付交易等过程中,用于对客户端输入的指纹进行验证的终端;客户端与服务器端相对应,用户在进行支付交易、信息请求等需要进行身份验证的过程中,存在于用户操作这边的终端,当需要对用户的身份进行鉴权验证时,客户端获取用户的指纹信息用于鉴权验证,客户端可以为手机、平板电脑等移动终端,也可以为计算机等终端。The server refers to a terminal used for verifying a fingerprint input by a client during a payment transaction, etc.; the client corresponds to the server, and the user needs to perform identity verification, such as payment transaction and information request. The terminal exists in the terminal operated by the user. When the authentication of the user is required to be authenticated, the client obtains the fingerprint information of the user for authentication, and the client may be a mobile terminal such as a mobile phone or a tablet computer. For computers and other terminals.
可以理解,由于鉴权过程在服务器端执行,所以首先需要由服务器端发起鉴权验证请求。It can be understood that since the authentication process is performed on the server side, it is first necessary to initiate an authentication verification request by the server.
S202、获取指纹信息。S202. Acquire fingerprint information.
其中,指纹信息是指从客户端获取的用于鉴权验证的信息。The fingerprint information refers to information obtained from the client for authentication verification.
举例说明,在本发明的一些可能的实施方式中,当用户进行支付交易时,需要通过指纹信息对用户进行身份验证,从而在客户端通过指纹扫描设备接收用户输入的指纹图像。For example, in some possible implementation manners of the present invention, when a user performs a payment transaction, the user needs to be authenticated by the fingerprint information, so that the fingerprint image input by the user is received by the client through the fingerprint scanning device.
S203、将所述指纹信息和指定信息利用指定算法进行融合,得到多维信息。S203. The fingerprint information and the specified information are merged by using a specified algorithm to obtain multi-dimensional information.
所述指定信息包括交易时间、交易空间、交易单号和终端号中的至少一个信息。The specified information includes at least one of a transaction time, a transaction space, a transaction ticket number, and a terminal number.
其中,指定信息是指与交易相关的一些信息,多维信息是指与一维指纹信息相对应地,包含其它维度的信息。当将指定信息和指纹信息结合成多维信息时,则可以形成与该交易相关的唯一的信息,例如,交易发生时的交易时间信息、交易空间信息、交易单号信息,以及交易在哪个终端上进行等信息,当将指纹信息和这些信息结合时,则可以形成该交易的唯一的验证信息,当变换这些信息中的任何一个,则与之前的多维信息不一致。The specified information refers to some information related to the transaction, and the multi-dimensional information refers to information corresponding to the one-dimensional fingerprint information, including other dimensions. When the specified information and the fingerprint information are combined into multi-dimensional information, unique information related to the transaction can be formed, for example, transaction time information when the transaction occurs, transaction space information, transaction number information, and which terminal the transaction is on. By performing the information, when the fingerprint information is combined with the information, the unique verification information of the transaction can be formed, and when any of the information is transformed, it is inconsistent with the previous multidimensional information.
可选地,在本发明的一些可能的实施方式中,可以将指纹信息和指定信息 中的一个信息进行融合。Optionally, in some possible implementation manners of the present invention, fingerprint information and specified information may be A message in the fusion.
可选地,在本发明的另一些可能的实施方式中,可以将指令信息和指定信息中的二个及以上的信息进行融合。Optionally, in other possible implementation manners of the present invention, two or more pieces of instruction information and the specified information may be fused.
可以理解,加密后的指纹具有实效性和唯一性,与客户端以及客户端的地理位置绑定,从而将使得鉴权验证保密性更强。It can be understood that the encrypted fingerprint is effective and unique, and is bound to the geographical location of the client and the client, so that the authentication verification is more confidential.
举例说明,当在进行支付交易时,需要对支付交易进行鉴权验证,可以将从终端获取到的指纹信息和交易时间信息、交易单号信息以及交易发生的终端号信息进行融合得到多维信息。For example, when the payment transaction is performed, the payment transaction needs to be authenticated, and the fingerprint information acquired from the terminal, the transaction time information, the transaction number information, and the terminal number information of the transaction may be merged to obtain multi-dimensional information.
可选地,在本发明的一些可能的实施方式中,所述方法还包括:Optionally, in some possible implementation manners of the present invention, the method further includes:
所述指定信息和/所述指定算法由所述服务器提供。The specified information and/or the specified algorithm are provided by the server.
其中,指定信息包括交易时间、交易空间、交易单号和终端号中的至少一个信息。The specified information includes at least one of a transaction time, a transaction space, a transaction number, and a terminal number.
可选地,在本发明的一些可能的实施方式中,所述指定算法包括水印嵌入算法。Optionally, in some possible implementation manners of the present invention, the specifying algorithm includes a watermark embedding algorithm.
可以理解,由于水印嵌入算法可以在不损坏原有指纹图像的基础上,完成信息融合,该算法具有隐秘性好,加密安全性高,加密过程不可逆和水印信息可读取等特点,并且,无法从图像的外观上读取出来其它图像,只能通过与水印嵌入算法相对应的算法才能读取。从而利用该算法对指纹图像进行融合后得到的新的鉴权验证密码的安全性高。It can be understood that since the watermark embedding algorithm can complete the information fusion without damaging the original fingerprint image, the algorithm has the characteristics of good concealment, high encryption security, irreversible encryption process and watermark information readable, and cannot Other images read from the appearance of the image can only be read by an algorithm corresponding to the watermark embedding algorithm. Therefore, the new authentication verification password obtained by using the algorithm to fuse the fingerprint image has high security.
可选地,在本发明的另一些可能的实施方式中,所述指定算法还可以是其它图像融合算法,用于将指纹图像信息和其它信息融合。Optionally, in other possible implementation manners of the present invention, the specifying algorithm may also be other image fusion algorithms for combining fingerprint image information with other information.
举例说明,在本发明的一些可能的实施方式中,当用户在支付宝上进行支付操作时,需要对用户的支付操作进行鉴权验证,服务器首先读取该支付交易发生的时间,该支付交易发生的支付应用程序,也即支付宝,以及终端号,然后服务器再指定终端利用水印嵌入算法将交易时间、支付宝和终端号这三个相关信息融入指纹图像中,形成四维信息,终端再将该融合后的四维信息发送至服务器,从而服务器再利用与水印嵌入算法相对应的解密算法读取该四维信息。For example, in some possible implementation manners of the present invention, when a user performs a payment operation on the Alipay, the user needs to perform authentication verification on the payment operation, and the server first reads the time when the payment transaction occurs, and the payment transaction occurs. The payment application, that is, Alipay, and the terminal number, then the server then specifies the terminal to use the watermark embedding algorithm to integrate the three related information of transaction time, Alipay and terminal number into the fingerprint image to form four-dimensional information, and the terminal then merges the information. The four-dimensional information is sent to the server, so that the server reads the four-dimensional information by using a decryption algorithm corresponding to the watermark embedding algorithm.
可以理解,由于与指纹信息进行融合的其它信息由服务器指定,也即服务 器保存了该支付交易发生的时间,应用程序以及终端号,那么当黑客从客户端窃取到指纹图像时,由于融合后的鉴权密码包含了交易时间和终端号,黑客即使利用该指令图像去其它终端进行鉴权验证,都无法通过服务器端的鉴权验证。It can be understood that since other information fused with the fingerprint information is specified by the server, that is, the service The time when the payment transaction occurs, the application and the terminal number are saved, then when the hacker steals the fingerprint image from the client, since the merged authentication password contains the transaction time and the terminal number, the hacker even uses the instruction image to go Other terminals performing authentication verification cannot pass the authentication of the server side.
再如果黑客在客户端得到加密后的指纹图像信息,或者在四维信息的鉴权密码从客户端传输至服务器端的过程中被黑客窃取,由于加密过程不可逆,黑客无法得到其它信息,如终端ID,从而黑客依然在自己的终端上让服务器对它所窃取到的密码进行鉴权验证。If the hacker obtains the encrypted fingerprint image information on the client, or is hacked by the hacker during the process of transmitting the authentication password of the four-dimensional information from the client to the server, the hacker cannot obtain other information, such as the terminal ID, because the encryption process is irreversible. Therefore, the hacker still allows the server to authenticate the password that it has stolen on its own terminal.
并且,由于加密算法由服务器端指定,所以服务器端在进行鉴权验证时,能更好地剥离信息进行验证。Moreover, since the encryption algorithm is specified by the server, the server can better strip the information for verification when performing authentication verification.
从而,由服务器端对需要融合的指定信息以及指定算法进行设定,能保证鉴权过程更加安全。Therefore, setting the specified information and the specified algorithm that need to be merged by the server side can ensure the authentication process is more secure.
S204、将所述多维信息发送至服务器。S204. Send the multi-dimensional information to a server.
S205、请求所述服务器读取所述多维信息,得到所述指纹信息和所述指定信息。S205. Request the server to read the multi-dimensional information to obtain the fingerprint information and the specified information.
S205、请求所述服务器对所述指纹信息和所述指定信息分别进行鉴权验证。S205. The server is requested to perform authentication verification on the fingerprint information and the specified information, respectively.
举例说明,当在指纹图像中嵌入了将交易时间、支付宝和终端号这三个相关信息得到四维信息后,服务器首先需要读取该四维信息,得到指纹图像以及其它维度的信息,再分别对指纹信息和其它信息进行鉴权验证。For example, when the three related information of the transaction time, the Alipay, and the terminal number are embedded in the fingerprint image, the server first needs to read the four-dimensional information, obtain the fingerprint image and other dimensions, and then separately fingerprint the fingerprint. Information and other information for authentication verification.
可以理解,利用此种方式,真正实现了对多维信息的鉴权验证,使得鉴权的安全性高。It can be understood that, in this way, the authentication verification of the multi-dimensional information is truly realized, so that the security of the authentication is high.
可以理解,利用此方式进行鉴权验证,由于鉴权信息不单单只是指纹信息,而是由指纹信息融合了与交易发生的其它相关信息,从而使得该信息的保密性更强,也即黑客更难对这种融合了与交易相关的其它信息的多维信息进行破解,从而保证了交易鉴权的安全性,并且由于加入了如交易时间等其它信息,导致该鉴权信息具有一次性,即使用一次后即失效,即便黑客窃取了该多维信息,也无法用于其它地方。如用户在支付宝上使用的指纹,经过加密后被黑客窃取,该加密指纹无法在微信支付上使用,安全性高。 It can be understood that the authentication verification is performed by using this method. Since the authentication information is not only the fingerprint information, but the fingerprint information is combined with other related information generated by the transaction, the confidentiality of the information is stronger, that is, the hacker is more It is difficult to crack the multi-dimensional information that integrates other information related to the transaction, thereby ensuring the security of transaction authentication, and by adding other information such as transaction time, the authentication information has a one-time use, that is, use After one failure, even if the hacker steals the multidimensional information, it cannot be used elsewhere. If the fingerprint used by the user on Alipay is encrypted and hacked, the encrypted fingerprint cannot be used on WeChat payment, and the security is high.
再举一个更具体的例子,比如,客户在2015年5月14日上午9点录取的指纹信息,通过加密算法将时间信息与指纹信息融合,那么融合后的指纹信息无法作为在2015年5月14日上午10点登录客户账户,类似的融合了终端号,单号,地理位置信息的指纹无法完成信息不对应的账户登录或者账户支付。To give a more specific example, for example, the fingerprint information that the customer accepted at 9:00 am on May 14, 2015, the time information is combined with the fingerprint information through the encryption algorithm, then the merged fingerprint information cannot be used as May 2015. At 10:00 on the 14th, the customer account is logged in. Similar to the terminal number, the single number, and the fingerprint of the geographical location information cannot complete the account login or account payment.
可以看出,本实施例的方案中,获取指纹信息;将所述指纹信息和指定信息利用指定算法进行融合,得到多维信息,所述指定信息包括交易时间、交易空间、交易单号和终端号中的至少一个信息;将所述多维信息发送至服务器,并请求所述服务器对所述多维信息进行鉴权验证。从而通过将指纹信息和交易相关的其它信息进行融合得到唯一且具有一次性效果的鉴权密码,风险防范性更强,安全性高。It can be seen that, in the solution of the embodiment, the fingerprint information is obtained; the fingerprint information and the specified information are merged by using a specified algorithm to obtain multi-dimensional information, where the specified information includes a transaction time, a transaction space, a transaction number, and a terminal number. At least one of the information; transmitting the multi-dimensional information to a server, and requesting the server to perform authentication verification on the multi-dimensional information. Therefore, by combining the fingerprint information and other information related to the transaction to obtain a unique and one-time authentication password, the risk prevention is stronger and the security is high.
本发明实施例还提供一种加密装置,该装置包括:The embodiment of the invention further provides an encryption device, the device comprising:
获取模块,用于获取指纹信息;Obtaining a module, configured to acquire fingerprint information;
融合模块,用于将所述指纹信息和指定信息利用指定算法进行融合,得到多维信息,所述指定信息包括交易时间、交易空间、交易单号和终端号中的至少一个信息;a fusion module, configured to fuse the fingerprint information and the specified information by using a specified algorithm to obtain multi-dimensional information, where the specified information includes at least one of a transaction time, a transaction space, a transaction number, and a terminal number;
请求模块,用于将所述多维信息发送至服务器,并请求所述服务器对所述多维信息进行鉴权验证。And a requesting module, configured to send the multi-dimensional information to the server, and request the server to perform authentication verification on the multi-dimensional information.
具体的,请参见图3,图3是本发明第三实施例提供的一种加密装置的结构示意图,其中,如图3所示,本发明第三实施例提供的一种加密装置300可以包括:Specifically, please refer to FIG. 3. FIG. 3 is a schematic structural diagram of an encryption apparatus according to a third embodiment of the present invention. As shown in FIG. 3, an encryption apparatus 300 according to a third embodiment of the present invention may include :
获取模块310、融合模块320和请求模块330。The module 310, the fusion module 320, and the request module 330 are obtained.
获取模块310,用于获取指纹信息。The obtaining module 310 is configured to acquire fingerprint information.
其中,指纹信息是指从客户端获取的用于鉴权验证的信息;客户端与服务器端相对应,用户在进行支付交易、信息请求等需要进行身份验证的过程中,存在于用户操作这边的终端,当需要对用户的身份进行鉴权验证时,客户端获取用户的指纹信息用于鉴权验证,客户端可以为手机、平板电脑等移动终端,也可以为计算机等终端;服务器端是指在用户进行支付交易等过程中,用于对客户端输入的指纹进行验证的终端。The fingerprint information refers to information obtained from the client for authentication verification; the client corresponds to the server end, and the user exists in the process of performing authentication, such as payment transaction, information request, etc. The terminal obtains the user's fingerprint information for authentication verification when the user needs to authenticate the identity of the user. The client may be a mobile terminal such as a mobile phone or a tablet computer, or may be a terminal such as a computer; Refers to the terminal used to verify the fingerprint input by the client during the user's payment transaction.
可选地,在本发明的一些可能的实施方式中,客户端通过指纹扫描设备扫 描指纹图像,从而获取到用户输入的指纹信息。Optionally, in some possible implementation manners of the present invention, the client scans through the fingerprint scanning device The fingerprint image is drawn to obtain the fingerprint information input by the user.
举例说明,在本发明的一些可能的实施方式中,当用户进行支付交易时,需要通过指纹信息对用户进行身份验证,从而在客户端通过指纹扫描设备接收用户输入的指纹图像。For example, in some possible implementation manners of the present invention, when a user performs a payment transaction, the user needs to be authenticated by the fingerprint information, so that the fingerprint image input by the user is received by the client through the fingerprint scanning device.
融合模块320,用于将所述指纹信息和指定信息利用指定算法进行融合,得到多维信息,所述指定信息包括交易时间、交易空间、交易单号和终端号中的至少一个信息。The fusion module 320 is configured to fuse the fingerprint information and the specified information by using a specified algorithm to obtain multi-dimensional information, where the specified information includes at least one of a transaction time, a transaction space, a transaction number, and a terminal number.
其中,指定信息是指与交易相关的一些信息,多维信息是指与一维指纹信息相对应地,包含其它维度的信息。当将指定信息和指纹信息结合成多维信息时,则可以形成与该交易相关的唯一的信息,例如,交易发生时的交易时间信息、交易空间信息、交易单号信息,以及交易在哪个终端上进行等信息,当将指纹信息和这些信息结合时,则可以形成该交易的唯一的验证信息,当变换这些信息中的任何一个,则与之间的多维信息不一致。The specified information refers to some information related to the transaction, and the multi-dimensional information refers to information corresponding to the one-dimensional fingerprint information, including other dimensions. When the specified information and the fingerprint information are combined into multi-dimensional information, unique information related to the transaction can be formed, for example, transaction time information when the transaction occurs, transaction space information, transaction number information, and which terminal the transaction is on. By performing the information, when the fingerprint information is combined with the information, the unique verification information of the transaction can be formed, and when any one of the information is transformed, the multidimensional information is inconsistent.
可选地,在本发明的一些可能的实施方式中,可以将指纹信息和指定信息中的一个信息进行融合。Optionally, in some possible implementation manners of the present invention, one of the fingerprint information and the specified information may be merged.
可选地,在本发明的另一些可能的实施方式中,可以将指令信息和指定信息中的二个及以上的信息进行融合。Optionally, in other possible implementation manners of the present invention, two or more pieces of instruction information and the specified information may be fused.
可以理解,加密后的指纹具有实效性和唯一性,与客户端以及客户端的地理位置绑定,从而将使得鉴权验证保密性更强。It can be understood that the encrypted fingerprint is effective and unique, and is bound to the geographical location of the client and the client, so that the authentication verification is more confidential.
举例说明,当在进行支付交易时,需要对支付交易进行鉴权验证,可以将从终端获取到的指纹信息和交易时间信息、交易单号信息以及交易发生的终端号信息进行融合得到多维信息。For example, when the payment transaction is performed, the payment transaction needs to be authenticated, and the fingerprint information acquired from the terminal, the transaction time information, the transaction number information, and the terminal number information of the transaction may be merged to obtain multi-dimensional information.
请求模块330,用于将所述多维信息发送至服务器,并请求所述服务器对所述多维信息进行鉴权验证。The requesting module 330 is configured to send the multi-dimensional information to the server, and request the server to perform authentication verification on the multi-dimensional information.
举例说明,当在进行支付交易时,需要对支付交易进行鉴权验证,可以将从终端获取到的指纹信息和交易时间信息、交易单号信息以及交易发生的终端号信息进行融合得到多维信息,再将该多维信息发送到服务器,从而服务器对该多维信息进行验证。For example, when the payment transaction is performed, the payment transaction needs to be authenticated, and the fingerprint information acquired from the terminal, the transaction time information, the transaction number information, and the terminal number information of the transaction may be merged to obtain multi-dimensional information. The multidimensional information is then sent to the server, so that the server verifies the multidimensional information.
可以理解,利用此方式进行鉴权验证,由于鉴权信息不单单只是指纹信息, 而是由指纹信息融合了与交易发生的其它相关信息,从而使得该信息的保密性更强,也即黑客更难对这种融合了与交易相关的其它信息的多维信息进行破解,从而保证了交易鉴权的安全性,并且由于加入了如交易时间等其它信息,导致该鉴权信息具有一次性,即使用一次后即失效,即便黑客窃取了该多维信息,也无法用于其它地方。如用户在支付宝上使用的指纹,经过加密后被黑客窃取,该加密指纹无法在微信支付上使用,安全性高。It can be understood that the authentication verification is performed by using this method, because the authentication information is not only the fingerprint information, Rather, the fingerprint information fuses other relevant information related to the transaction, so that the confidentiality of the information is stronger, that is, the hacker is more difficult to crack the multi-dimensional information that fuses other information related to the transaction, thereby ensuring The security of transaction authentication, and the addition of other information such as transaction time, causes the authentication information to be one-time, that is, it will be invalid after one use, even if the hacker steals the multi-dimensional information, it cannot be used elsewhere. If the fingerprint used by the user on Alipay is encrypted and hacked, the encrypted fingerprint cannot be used on WeChat payment, and the security is high.
再举一个更具体的例子,比如,客户在2015年5月14日上午9点录取的指纹信息,通过加密算法将时间信息与指纹信息融合,那么融合后的指纹信息无法作为在2015年5月14日上午10点登录客户账户,类似的融合了终端号,单号,地理位置信息的指纹无法完成信息不对应的账户登录或者账户支付。To give a more specific example, for example, the fingerprint information that the customer accepted at 9:00 am on May 14, 2015, the time information is combined with the fingerprint information through the encryption algorithm, then the merged fingerprint information cannot be used as May 2015. At 10:00 on the 14th, the customer account is logged in. Similar to the terminal number, the single number, and the fingerprint of the geographical location information cannot complete the account login or account payment.
可以理解的是,本实施例的加密装置300的各功能模块的功能可根据上述方法实施例中的方法具体实现,其具体实现过程可以参照上述方法实施例的相关描述,此处不再赘述。It is to be understood that the functions of the functional modules of the encryption device 300 of the present embodiment may be specifically implemented according to the method in the foregoing method embodiments. For the specific implementation process, reference may be made to the related description of the foregoing method embodiments, and details are not described herein.
可以看出,本实施例的方案中,加密装置300获取指纹信息;加密装置300将所述指纹信息和指定信息利用指定算法进行融合,得到多维信息,所述指定信息包括交易时间、交易空间、交易单号和终端号中的至少一个信息;加密装置300将所述多维信息发送至服务器,并请求所述服务器对所述多维信息进行鉴权验证。从而通过将指纹信息和交易相关的其它信息进行融合得到唯一且具有一次性效果的鉴权密码,风险防范性更强,安全性高。It can be seen that, in the solution of the embodiment, the encryption device 300 acquires the fingerprint information; the encryption device 300 fuses the fingerprint information and the specified information by using a specified algorithm to obtain multi-dimensional information, where the specified information includes transaction time, transaction space, At least one of a transaction number and a terminal number; the encryption device 300 transmits the multi-dimensional information to a server, and requests the server to perform authentication verification on the multi-dimensional information. Therefore, by combining the fingerprint information and other information related to the transaction to obtain a unique and one-time authentication password, the risk prevention is stronger and the security is high.
请参见图4,图4是本发明第四实施例提供一种加密装置的结构示意图,其中,如图4所示,本发明第四实施例提供一种加密装置400可以包括:Referring to FIG. 4, FIG. 4 is a schematic structural diagram of an encryption apparatus according to a fourth embodiment of the present invention. As shown in FIG. 4, a fourth embodiment of the present invention provides an encryption apparatus 400, which may include:
第一接收模块410、发送模块420、第二接收模块430和第一展示模块440。The first receiving module 410, the sending module 420, the second receiving module 430, and the first display module 440.
获取模块410、融合模块420和请求模块430。The acquisition module 410, the fusion module 420, and the request module 430.
获取模块410,用于获取指纹信息。The obtaining module 410 is configured to acquire fingerprint information.
其中,指纹信息是指从客户端获取的用于鉴权验证的信息;客户端与服务器端相对应,用户在进行支付交易、信息请求等需要进行身份验证的过程中,存在于用户操作这边的终端,当需要对用户的身份进行鉴权验证时,客户端获取用户的指纹信息用于鉴权验证,客户端可以为手机、平板电脑等移动终端,也可以为计算机等终端;服务器端是指在用户进行支付交易等过程中,用于对 客户端输入的指纹进行验证的终端。The fingerprint information refers to information obtained from the client for authentication verification; the client corresponds to the server end, and the user exists in the process of performing authentication, such as payment transaction, information request, etc. The terminal obtains the user's fingerprint information for authentication verification when the user needs to authenticate the identity of the user. The client may be a mobile terminal such as a mobile phone or a tablet computer, or may be a terminal such as a computer; Refers to the user in the process of payment transactions, etc. The terminal that the client enters the fingerprint to verify.
可选地,在本发明的一些可能的实施方式中,客户端通过指纹扫描设备扫描指纹图像,从而获取到用户输入的指纹信息。Optionally, in some possible implementation manners of the present invention, the client scans the fingerprint image by using the fingerprint scanning device, so as to obtain fingerprint information input by the user.
举例说明,在本发明的一些可能的实施方式中,当用户进行支付交易时,需要通过指纹信息对用户进行身份验证,从而在客户端通过指纹扫描设备接收用户输入的指纹图像。For example, in some possible implementation manners of the present invention, when a user performs a payment transaction, the user needs to be authenticated by the fingerprint information, so that the fingerprint image input by the user is received by the client through the fingerprint scanning device.
融合模块420,用于将所述指纹信息和指定信息利用指定算法进行融合,得到多维信息,所述指定信息包括交易时间、交易空间、交易单号和终端号中的至少一个信息。The fusion module 420 is configured to fuse the fingerprint information and the specified information by using a specified algorithm to obtain multi-dimensional information, where the specified information includes at least one of a transaction time, a transaction space, a transaction number, and a terminal number.
其中,指定信息是指与交易相关的一些信息,多维信息是指与一维指纹信息相对应地,包含其它维度的信息。当将指定信息和指纹信息结合成多维信息时,则可以形成与该交易相关的唯一的信息,例如,交易发生时的交易时间信息、交易空间信息、交易单号信息,以及交易在哪个终端上进行等信息,当将指纹信息和这些信息结合时,则可以形成该交易的唯一的验证信息,当变换这些信息中的任何一个,则与之间的多维信息不一致。The specified information refers to some information related to the transaction, and the multi-dimensional information refers to information corresponding to the one-dimensional fingerprint information, including other dimensions. When the specified information and the fingerprint information are combined into multi-dimensional information, unique information related to the transaction can be formed, for example, transaction time information when the transaction occurs, transaction space information, transaction number information, and which terminal the transaction is on. By performing the information, when the fingerprint information is combined with the information, the unique verification information of the transaction can be formed, and when any one of the information is transformed, the multidimensional information is inconsistent.
可选地,在本发明的一些可能的实施方式中,可以将指纹信息和指定信息中的一个信息进行融合。Optionally, in some possible implementation manners of the present invention, one of the fingerprint information and the specified information may be merged.
可选地,在本发明的另一些可能的实施方式中,可以将指令信息和指定信息中的二个及以上的信息进行融合。Optionally, in other possible implementation manners of the present invention, two or more pieces of instruction information and the specified information may be fused.
可以理解,加密后的指纹具有实效性和唯一性,与客户端以及客户端的地理位置绑定,从而将使得鉴权验证保密性更强。It can be understood that the encrypted fingerprint is effective and unique, and is bound to the geographical location of the client and the client, so that the authentication verification is more confidential.
举例说明,当在进行支付交易时,需要对支付交易进行鉴权验证,可以将从终端获取到的指纹信息和交易时间信息、交易单号信息以及交易发生的终端号信息进行融合得到多维信息。For example, when the payment transaction is performed, the payment transaction needs to be authenticated, and the fingerprint information acquired from the terminal, the transaction time information, the transaction number information, and the terminal number information of the transaction may be merged to obtain multi-dimensional information.
请求模块430,用于将所述多维信息发送至服务器,并请求所述服务器对所述多维信息进行鉴权验证。The requesting module 430 is configured to send the multi-dimensional information to the server, and request the server to perform authentication verification on the multi-dimensional information.
举例说明,当在进行支付交易时,需要对支付交易进行鉴权验证,可以将从终端获取到的指纹信息和交易时间信息、交易单号信息以及交易发生的终端号信息进行融合得到多维信息,再将该多维信息发送到服务器,从而服务器对 该多维信息进行验证。For example, when the payment transaction is performed, the payment transaction needs to be authenticated, and the fingerprint information acquired from the terminal, the transaction time information, the transaction number information, and the terminal number information of the transaction may be merged to obtain multi-dimensional information. The multidimensional information is sent to the server, so that the server pair This multidimensional information is verified.
可以理解,利用此方式进行鉴权验证,由于鉴权信息不单单只是指纹信息,而是由指纹信息融合了与交易发生的其它相关信息,从而使得该信息的保密性更强,也即黑客更难对这种融合了与交易相关的其它信息的多维信息进行破解,从而保证了交易鉴权的安全性,并且由于加入了如交易时间等其它信息,导致该鉴权信息具有一次性,即使用一次后即失效,即便黑客窃取了该多维信息,也无法用于其它地方。如用户在支付宝上使用的指纹,经过加密后被黑客窃取,该加密指纹无法在微信支付上使用,安全性高。It can be understood that the authentication verification is performed by using this method. Since the authentication information is not only the fingerprint information, but the fingerprint information is combined with other related information generated by the transaction, the confidentiality of the information is stronger, that is, the hacker is more It is difficult to crack the multi-dimensional information that integrates other information related to the transaction, thereby ensuring the security of transaction authentication, and by adding other information such as transaction time, the authentication information has a one-time use, that is, use After one failure, even if the hacker steals the multidimensional information, it cannot be used elsewhere. If the fingerprint used by the user on Alipay is encrypted and hacked, the encrypted fingerprint cannot be used on WeChat payment, and the security is high.
再举一个更具体的例子,比如,客户在2015年5月14日上午9点录取的指纹信息,通过加密算法将时间信息与指纹信息融合,那么融合后的指纹信息无法作为在2015年5月14日上午10点登录客户账户,类似的融合了终端号,单号,地理位置信息的指纹无法完成信息不对应的账户登录或者账户支付。To give a more specific example, for example, the fingerprint information that the customer accepted at 9:00 am on May 14, 2015, the time information is combined with the fingerprint information through the encryption algorithm, then the merged fingerprint information cannot be used as May 2015. At 10:00 on the 14th, the customer account is logged in. Similar to the terminal number, the single number, and the fingerprint of the geographical location information cannot complete the account login or account payment.
可选地,在本发明的一些可能的实施方式中,所述获取指纹信息之前,所述方法还包括:Optionally, in some possible implementation manners of the present disclosure, before the acquiring the fingerprint information, the method further includes:
接收模块440,用于接收所述服务器发送的鉴权验证请求。The receiving module 440 is configured to receive an authentication verification request sent by the server.
可以理解,由于鉴权过程在服务器端执行,所以首先需要由服务器端发起鉴权验证请求。It can be understood that since the authentication process is performed on the server side, it is first necessary to initiate an authentication verification request by the server.
可选地,在本发明的一些可能的实施方式中,所述方法还包括:Optionally, in some possible implementation manners of the present invention, the method further includes:
所述指定信息和/所述指定算法由所述服务器提供。The specified information and/or the specified algorithm are provided by the server.
其中,指定信息包括交易时间、交易空间、交易单号和终端号中的至少一个信息。The specified information includes at least one of a transaction time, a transaction space, a transaction number, and a terminal number.
可选地,在本发明的一些可能的实施方式中,所述指定算法包括水印嵌入算法。Optionally, in some possible implementation manners of the present invention, the specifying algorithm includes a watermark embedding algorithm.
可以理解,由于水印嵌入算法可以在不损坏原有指纹图像的基础上,完成信息融合,该算法具有隐秘性好,加密安全性高,加密过程不可逆和水印信息可读取等特点,并且,无法从图像的外观上读取出来其它图像,只能通过与水印嵌入算法相对应的算法才能读取。从而利用该算法对指纹图像进行融合后得到的新的鉴权验证密码的安全性高。It can be understood that since the watermark embedding algorithm can complete the information fusion without damaging the original fingerprint image, the algorithm has the characteristics of good concealment, high encryption security, irreversible encryption process and watermark information readable, and cannot Other images read from the appearance of the image can only be read by an algorithm corresponding to the watermark embedding algorithm. Therefore, the new authentication verification password obtained by using the algorithm to fuse the fingerprint image has high security.
可选地,在本发明的另一些可能的实施方式中,所述指定算法还可以是其 它图像融合算法,用于将指纹图像信息和其它信息融合。Optionally, in other possible implementation manners of the present invention, the specified algorithm may also be It is an image fusion algorithm for fusing fingerprint image information with other information.
举例说明,在本发明的一些可能的实施方式中,当用户在支付宝上进行支付操作时,需要对用户的支付操作进行鉴权验证,服务器首先读取该支付交易发生的时间,该支付交易发生的支付应用程序,也即支付宝,以及终端号,然后服务器再指定终端利用水印嵌入算法将交易时间、支付宝和终端号这三个相关信息融入指纹图像中,形成四维信息,终端再将该融合后的四维信息发送至服务器,从而服务器再利用与水印嵌入算法相对应的解密算法读取该四维信息。For example, in some possible implementation manners of the present invention, when a user performs a payment operation on the Alipay, the user needs to perform authentication verification on the payment operation, and the server first reads the time when the payment transaction occurs, and the payment transaction occurs. The payment application, that is, Alipay, and the terminal number, then the server then specifies the terminal to use the watermark embedding algorithm to integrate the three related information of transaction time, Alipay and terminal number into the fingerprint image to form four-dimensional information, and the terminal then merges the information. The four-dimensional information is sent to the server, so that the server reads the four-dimensional information by using a decryption algorithm corresponding to the watermark embedding algorithm.
可以理解,由于与指纹信息进行融合的其它信息由服务器指定,也即服务器保存了该支付交易发生的时间,应用程序以及终端号,那么当黑客从客户端窃取到指纹图像时,由于融合后的鉴权密码包含了交易时间和终端号,黑客即使利用该指令图像去其它终端进行鉴权验证,都无法通过服务器端的鉴权验证。It can be understood that since the other information fused with the fingerprint information is specified by the server, that is, the server saves the time when the payment transaction occurs, the application and the terminal number, when the hacker steals the fingerprint image from the client, due to the fusion The authentication password contains the transaction time and the terminal number. Even if the hacker uses the instruction image to authenticate to other terminals, it cannot pass the authentication of the server.
再如果黑客在客户端得到加密后的指纹图像信息,或者在四维信息的鉴权密码从客户端传输至服务器端的过程中被黑客窃取,由于加密过程不可逆,黑客无法得到其它信息,如终端ID,从而黑客依然在自己的终端上让服务器对它所窃取到的密码进行鉴权验证。If the hacker obtains the encrypted fingerprint image information on the client, or is hacked by the hacker during the process of transmitting the authentication password of the four-dimensional information from the client to the server, the hacker cannot obtain other information, such as the terminal ID, because the encryption process is irreversible. Therefore, the hacker still allows the server to authenticate the password that it has stolen on its own terminal.
并且,由于加密算法由服务器端指定,所以服务器端在进行鉴权验证时,能更好地剥离信息进行验证。Moreover, since the encryption algorithm is specified by the server, the server can better strip the information for verification when performing authentication verification.
从而,由服务器端对需要融合的指定信息以及指定算法进行设定,能保证鉴权过程更加安全。Therefore, setting the specified information and the specified algorithm that need to be merged by the server side can ensure the authentication process is more secure.
可选地,在本发明的另一些可能的实施方式中,所述请求所述服务器对所述多维信息进行鉴权验证,包括:Optionally, in another possible implementation manner of the present invention, the requesting, by the server, the authentication verification of the multi-dimensional information includes:
第一请求单元431,用于请求所述服务器读取所述多维信息,得到所述指纹信息和所述指定信息;a first requesting unit 431, configured to request the server to read the multi-dimensional information, to obtain the fingerprint information and the specified information;
第二请求单元432,用于请求所述服务器对所述指纹信息和所述指定信息分别进行鉴权验证。The second requesting unit 432 is configured to request the server to perform authentication verification on the fingerprint information and the specified information respectively.
举例说明,当在指纹图像中嵌入了将交易时间、支付宝和终端号这三个相关信息得到四维信息后,服务器首先需要读取该四维信息,得到指纹图像以及 其它维度的信息,再分别对其它几个信息进行鉴权验证。For example, when the three related information of the transaction time, the Alipay, and the terminal number are embedded in the fingerprint image to obtain the four-dimensional information, the server first needs to read the four-dimensional information to obtain the fingerprint image and The information of other dimensions is separately verified for several other information.
可以理解,利用此种方式,真正实现了对多维信息的鉴权验证,使得鉴权的安全性高。It can be understood that, in this way, the authentication verification of the multi-dimensional information is truly realized, so that the security of the authentication is high.
可以理解的是,本实施例的加密装置400的各功能模块的功能可根据上述方法实施例中的方法具体实现,其具体实现过程可以参照上述方法实施例的相关描述,此处不再赘述。It is to be understood that the functions of the functional modules of the encryption device 400 of the present embodiment may be specifically implemented according to the method in the foregoing method embodiments. For the specific implementation process, reference may be made to the related description of the foregoing method embodiments, and details are not described herein.
可以看出,本实施例的方案中,加密装置400获取指纹信息;加密装置400将所述指纹信息和指定信息利用指定算法进行融合,得到多维信息,所述指定信息包括交易时间、交易空间、交易单号和终端号中的至少一个信息;加密装置400将所述多维信息发送至服务器,并请求所述服务器对所述多维信息进行鉴权验证。从而通过将指纹信息和交易相关的其它信息进行融合得到唯一且具有一次性效果的鉴权密码,风险防范性更强,安全性高。It can be seen that, in the solution of the embodiment, the encryption device 400 acquires the fingerprint information; the encryption device 400 fuses the fingerprint information and the specified information by using a specified algorithm to obtain multi-dimensional information, where the specified information includes transaction time, transaction space, At least one of a transaction number and a terminal number; the encryption device 400 transmits the multi-dimensional information to a server, and requests the server to perform authentication verification on the multi-dimensional information. Therefore, by combining the fingerprint information and other information related to the transaction to obtain a unique and one-time authentication password, the risk prevention is stronger and the security is high.
参见图5,图5是本发明第五实施例提供的一种加密装置的结构示意图。如图5所示,本发明第五实施例提供一种加密装置500可以包括:至少一个总线501、与总线相连的至少一个处理器502以及与总线相连的至少一个存储器503。Referring to FIG. 5, FIG. 5 is a schematic structural diagram of an encryption apparatus according to a fifth embodiment of the present invention. As shown in FIG. 5, a fifth embodiment of the present invention provides an encryption apparatus 500 that can include at least one bus 501, at least one processor 502 connected to the bus, and at least one memory 503 connected to the bus.
其中,处理器502通过总线501,调用存储器503中存储的代码以用于获取指纹信息;将所述指纹信息和指定信息利用指定算法进行融合,得到多维信息,所述指定信息包括交易时间、交易空间、交易单号和终端号中的至少一个信息;将所述多维信息发送至服务器,并请求所述服务器对所述多维信息进行鉴权验证。The processor 502 calls the code stored in the memory 503 to obtain fingerprint information through the bus 501; and fuses the fingerprint information and the specified information by using a specified algorithm to obtain multi-dimensional information, where the specified information includes transaction time and transaction. At least one of a space, a transaction order number, and a terminal number; transmitting the multi-dimensional information to a server, and requesting the server to perform authentication verification on the multi-dimensional information.
中,指纹信息是指从客户端获取的用于鉴权验证的信息;客户端与服务器端相对应,用户在进行支付交易、信息请求等需要进行身份验证的过程中,存在于用户操作这边的终端,当需要对用户的身份进行鉴权验证时,客户端获取用户的指纹信息用于鉴权验证,客户端可以为手机、平板电脑等移动终端,也可以为计算机等终端;服务器端是指在用户进行支付交易等过程中,用于对客户端输入的指纹进行验证的终端。The fingerprint information refers to the information obtained from the client for authentication verification; the client corresponds to the server end, and the user exists in the process of performing authentication, such as payment transaction, information request, etc., in the process of user authentication. The terminal obtains the user's fingerprint information for authentication verification when the user needs to authenticate the identity of the user. The client may be a mobile terminal such as a mobile phone or a tablet computer, or may be a terminal such as a computer; Refers to the terminal used to verify the fingerprint input by the client during the user's payment transaction.
可选地,在本发明的一些可能的实施方式中,客户端通过指纹扫描设备扫描指纹图像,从而获取到用户输入的指纹信息。 Optionally, in some possible implementation manners of the present invention, the client scans the fingerprint image by using the fingerprint scanning device, so as to obtain fingerprint information input by the user.
其中,指定信息是指与交易相关的一些信息,多维信息是指与一维指纹信息相对应地,包含其它维度的信息。当将指定信息和指纹信息结合成多维信息时,则可以形成与该交易相关的唯一的信息,例如,交易发生时的交易时间信息、交易空间信息、交易单号信息,以及交易在哪个终端上进行等信息,当将指纹信息和这些信息结合时,则可以形成该交易的唯一的验证信息,当变换这些信息中的任何一个,则与之间的多维信息不一致。The specified information refers to some information related to the transaction, and the multi-dimensional information refers to information corresponding to the one-dimensional fingerprint information, including other dimensions. When the specified information and the fingerprint information are combined into multi-dimensional information, unique information related to the transaction can be formed, for example, transaction time information when the transaction occurs, transaction space information, transaction number information, and which terminal the transaction is on. By performing the information, when the fingerprint information is combined with the information, the unique verification information of the transaction can be formed, and when any one of the information is transformed, the multidimensional information is inconsistent.
可以理解,利用此方式进行鉴权验证,由于鉴权信息不单单只是指纹信息,而是由指纹信息融合了与交易发生的其它相关信息,从而使得该信息的保密性更强,也即黑客更难对这种融合了与交易相关的其它信息的多维信息进行破解,从而保证了交易鉴权的安全性,并且由于加入了如交易时间等其它信息,导致该鉴权信息具有一次性,即使用一次后即失效,即便黑客窃取了该多维信息,也无法用于其它地方。如用户在支付宝上使用的指纹,经过加密后被黑客窃取,该加密指纹无法在微信支付上使用,安全性高。It can be understood that the authentication verification is performed by using this method. Since the authentication information is not only the fingerprint information, but the fingerprint information is combined with other related information generated by the transaction, the confidentiality of the information is stronger, that is, the hacker is more It is difficult to crack the multi-dimensional information that integrates other information related to the transaction, thereby ensuring the security of transaction authentication, and by adding other information such as transaction time, the authentication information has a one-time use, that is, use After one failure, even if the hacker steals the multidimensional information, it cannot be used elsewhere. If the fingerprint used by the user on Alipay is encrypted and hacked, the encrypted fingerprint cannot be used on WeChat payment, and the security is high.
可选地,在本发明的一些可能的实施方式中,所述处理器502还用于:Optionally, in some possible implementation manners of the present invention, the processor 502 is further configured to:
接收所述服务器发送的鉴权验证请求。Receiving an authentication verification request sent by the server.
可选地,在本发明的一些可能的实施方式中,所述指定信息和/所述指定算法由所述服务器提供。Optionally, in some possible implementation manners of the present invention, the specifying information and/or the specifying algorithm are provided by the server.
其中,指定信息包括交易时间、交易空间、交易单号和终端号中的至少一个信息。The specified information includes at least one of a transaction time, a transaction space, a transaction number, and a terminal number.
可选地,在本发明的一些可能的实施方式中,所述指定算法包括水印嵌入算法。Optionally, in some possible implementation manners of the present invention, the specifying algorithm includes a watermark embedding algorithm.
可以理解,由于水印嵌入算法可以在不损坏原有指纹图像的基础上,完成信息融合,该算法具有隐秘性好,加密安全性高,加密过程不可逆和水印信息可读取等特点,并且,无法从图像的外观上读取出来其它图像,只能通过与水印嵌入算法相对应的算法才能读取。从而利用该算法对指纹图像进行融合后得到的新的鉴权验证密码的安全性高。It can be understood that since the watermark embedding algorithm can complete the information fusion without damaging the original fingerprint image, the algorithm has the characteristics of good concealment, high encryption security, irreversible encryption process and watermark information readable, and cannot Other images read from the appearance of the image can only be read by an algorithm corresponding to the watermark embedding algorithm. Therefore, the new authentication verification password obtained by using the algorithm to fuse the fingerprint image has high security.
可选地,在本发明的另一些可能的实施方式中,所述指定算法还可以是其它图像融合算法,用于将指纹图像信息和其它信息融合。Optionally, in other possible implementation manners of the present invention, the specifying algorithm may also be other image fusion algorithms for combining fingerprint image information with other information.
可以理解,由于与指纹信息进行融合的其它信息由服务器指定,也即服务 器保存了该支付交易发生的时间,应用程序以及终端号,那么当黑客从客户端窃取到指纹图像时,由于融合后的鉴权密码包含了交易时间和终端号,黑客即使利用该指令图像去其它终端进行鉴权验证,都无法通过服务器端的鉴权验证。It can be understood that since other information fused with the fingerprint information is specified by the server, that is, the service The time when the payment transaction occurs, the application and the terminal number are saved, then when the hacker steals the fingerprint image from the client, since the merged authentication password contains the transaction time and the terminal number, the hacker even uses the instruction image to go Other terminals performing authentication verification cannot pass the authentication of the server side.
再如果黑客在客户端得到加密后的指纹图像信息,或者在四维信息的鉴权密码从客户端传输至服务器端的过程中被黑客窃取,由于加密过程不可逆,黑客无法得到其它信息,如终端ID,从而黑客依然在自己的终端上让服务器对它所窃取到的密码进行鉴权验证。If the hacker obtains the encrypted fingerprint image information on the client, or is hacked by the hacker during the process of transmitting the authentication password of the four-dimensional information from the client to the server, the hacker cannot obtain other information, such as the terminal ID, because the encryption process is irreversible. Therefore, the hacker still allows the server to authenticate the password that it has stolen on its own terminal.
并且,由于加密算法由服务器端指定,所以服务器端在进行鉴权验证时,能更好地剥离信息进行验证。Moreover, since the encryption algorithm is specified by the server, the server can better strip the information for verification when performing authentication verification.
从而,由服务器端对需要融合的指定信息以及指定算法进行设定,能保证鉴权过程更加安全。Therefore, setting the specified information and the specified algorithm that need to be merged by the server side can ensure the authentication process is more secure.
可选地,在本发明的另一些可能的实施方式中,所述处理器502还用于:Optionally, in other possible implementation manners of the present invention, the processor 502 is further configured to:
请求所述服务器读取所述多维信息,得到所述指纹信息和所述指定信息;Requesting the server to read the multi-dimensional information to obtain the fingerprint information and the specified information;
请求所述服务器对所述指纹信息和所述指定信息分别进行鉴权验证。The server is requested to perform authentication verification on the fingerprint information and the specified information, respectively.
举例说明,当在指纹图像中嵌入了将交易时间、支付宝和终端号这三个相关信息得到四维信息后,服务器首先需要读取该四维信息,得到指纹图像以及其它维度的信息,再分别对其它几个信息进行鉴权验证。For example, when the three related information of the transaction time, the Alipay, and the terminal number are embedded in the fingerprint image, the server first needs to read the four-dimensional information to obtain the fingerprint image and other dimensions, and then separately Several pieces of information are verified for authentication.
可以理解,利用此种方式,真正实现了对多维信息的鉴权验证,使得鉴权的安全性高。It can be understood that, in this way, the authentication verification of the multi-dimensional information is truly realized, so that the security of the authentication is high.
可以理解的是,本实施例的加密装置500的各功能模块的功能可根据上述方法实施例中的方法具体实现,其具体实现过程可以参照上述方法实施例的相关描述,此处不再赘述。It is to be understood that the functions of the functional modules of the encryption device 500 of the present embodiment may be specifically implemented according to the method in the foregoing method embodiments. For the specific implementation process, refer to the related description of the foregoing method embodiments, and details are not described herein again.
可以看出,本实施例的方案中,加密装置500获取指纹信息;加密装置500将所述指纹信息和指定信息利用指定算法进行融合,得到多维信息,所述指定信息包括交易时间、交易空间、交易单号和终端号中的至少一个信息;加密装置500将所述多维信息发送至服务器,并请求所述服务器对所述多维信息进行鉴权验证。从而通过将指纹信息和交易相关的其它信息进行融合得到唯一且具有一次性效果的鉴权密码,风险防范性更强,安全性高。 It can be seen that, in the solution of the embodiment, the encryption device 500 acquires the fingerprint information; the encryption device 500 fuses the fingerprint information and the specified information by using a specified algorithm to obtain multi-dimensional information, where the specified information includes transaction time, transaction space, At least one of a transaction number and a terminal number; the encryption device 500 transmits the multi-dimensional information to a server, and requests the server to perform authentication verification on the multi-dimensional information. Therefore, by combining the fingerprint information and other information related to the transaction to obtain a unique and one-time authentication password, the risk prevention is stronger and the security is high.
本发明实施例还提供一种计算机存储介质,其中,该计算机存储介质可存储有程序,该程序执行时包括上述方法实施例中记载的任何音频播放应用的操作方法的部分或全部步骤。The embodiment of the present invention further provides a computer storage medium, wherein the computer storage medium can store a program, and the program includes some or all of the steps of the operation method of any of the audio playback applications described in the foregoing method embodiments.
需要说明的是,对于前述的各方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本发明并不受所描述的动作顺序的限制,因为依据本发明,某些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作和模块并不一定是本发明所必须的。It should be noted that, for the foregoing method embodiments, for the sake of simple description, they are all expressed as a series of action combinations, but those skilled in the art should understand that the present invention is not limited by the described action sequence. Because certain steps may be performed in other sequences or concurrently in accordance with the present invention. In addition, those skilled in the art should also understand that the embodiments described in the specification are all preferred embodiments, and the actions and modules involved are not necessarily required by the present invention.
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。In the above embodiments, the descriptions of the various embodiments are different, and the details that are not detailed in a certain embodiment can be referred to the related descriptions of other embodiments.
在本申请所提供的几个实施例中,应该理解到,所揭露的装置,可通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性或其它的形式。In the several embodiments provided herein, it should be understood that the disclosed apparatus may be implemented in other ways. For example, the device embodiments described above are merely illustrative. For example, the division of the unit is only a logical function division. In actual implementation, there may be another division manner, for example, multiple units or components may be combined or may be Integrate into another system, or some features can be ignored or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be an indirect coupling or communication connection through some interface, device or unit, and may be electrical or otherwise.
所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located in one place, or may be distributed to multiple network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the solution of the embodiment.
另外,在本发明的各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit. The above integrated unit can be implemented in the form of hardware or in the form of a software functional unit.
所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储 介质中,包括若干指令用以使得一台计算机设备(可为个人计算机、服务器或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、移动硬盘、磁碟或者光盘等各种可以存储程序代码的介质。The integrated unit, if implemented in the form of a software functional unit and sold or used as a standalone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may contribute to the prior art or all or part of the technical solution may be embodied in the form of a software product stored in a storage. The medium includes a number of instructions for causing a computer device (which may be a personal computer, server or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention. The foregoing storage medium includes: a U disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk, and the like. .
以上所述,以上实施例仅用以说明本发明的技术方案,而非对其限制;尽管参照前述实施例对本发明进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本发明各实施例技术方案的范围。 The above embodiments are only used to illustrate the technical solutions of the present invention, and are not intended to be limiting; although the present invention has been described in detail with reference to the foregoing embodiments, those skilled in the art will understand that The technical solutions described in the embodiments are modified, or some of the technical features are replaced by equivalents; and the modifications or substitutions do not deviate from the scope of the technical solutions of the embodiments of the present invention.

Claims (10)

  1. 一种加密方法,其特征在于,所述方法包括:An encryption method, the method comprising:
    获取指纹信息;Obtain fingerprint information;
    将所述指纹信息和指定信息利用指定算法进行融合,得到多维信息,所述指定信息包括交易时间、交易空间、交易单号和终端号中的至少一个信息;And combining the fingerprint information and the specified information by using a specified algorithm to obtain multi-dimensional information, where the specified information includes at least one of a transaction time, a transaction space, a transaction order number, and a terminal number;
    将所述多维信息发送至服务器,并请求所述服务器对所述多维信息进行鉴权验证。Sending the multi-dimensional information to the server, and requesting the server to perform authentication verification on the multi-dimensional information.
  2. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method of claim 1 further comprising:
    所述指定信息和/所述指定算法由所述服务器提供。The specified information and/or the specified algorithm are provided by the server.
  3. 根据权利要求1或2所述的方法,其特征在于,所述请求所述服务器对所述多维信息进行鉴权验证,包括:The method according to claim 1 or 2, wherein the requesting the server to perform authentication verification on the multi-dimensional information comprises:
    请求所述服务器读取所述多维信息,得到所述指纹信息和所述指定信息;Requesting the server to read the multi-dimensional information to obtain the fingerprint information and the specified information;
    请求所述服务器对所述指纹信息和所述指定信息分别进行鉴权验证。The server is requested to perform authentication verification on the fingerprint information and the specified information, respectively.
  4. 根据权利要求1至3任一项所述的方法,其特征在于,所述指定算法包括水印嵌入算法。The method according to any one of claims 1 to 3, wherein the designation algorithm comprises a watermark embedding algorithm.
  5. 根据权利要求1至4任一项所述的方法,其特征在于,所述获取指纹信息之前,所述方法还包括:The method according to any one of claims 1 to 4, wherein before the acquiring the fingerprint information, the method further comprises:
    接收所述服务器发送的鉴权验证请求。Receiving an authentication verification request sent by the server.
  6. 一种加密装置,其特征在于,所述装置包括:An encryption device, characterized in that the device comprises:
    获取模块,用于获取指纹信息;Obtaining a module, configured to acquire fingerprint information;
    融合模块,用于将所述指纹信息和指定信息利用指定算法进行融合,得到多维信息,所述指定信息包括交易时间、交易空间、交易单号和终端号中的至少一个信息;a fusion module, configured to fuse the fingerprint information and the specified information by using a specified algorithm to obtain multi-dimensional information, where the specified information includes at least one of a transaction time, a transaction space, a transaction number, and a terminal number;
    请求模块,用于将所述多维信息发送至服务器,并请求所述服务器对所述多维信息进行鉴权验证。And a requesting module, configured to send the multi-dimensional information to the server, and request the server to perform authentication verification on the multi-dimensional information.
  7. 根据权利要求6所述的装置,其特征在于,所述指定信息和/所述指定算法由所述服务器提供。The apparatus according to claim 6, wherein said specifying information and/or said specifying algorithm are provided by said server.
  8. 根据权利要求6或7所述的装置,其特征在于,所述请求模块还包括: The device according to claim 6 or 7, wherein the requesting module further comprises:
    第一请求单元,用于请求所述服务器读取所述多维信息,得到所述指纹信息和所述指定信息;a first requesting unit, configured to request the server to read the multi-dimensional information, to obtain the fingerprint information and the specified information;
    第二请求单元,请求所述服务器对所述指纹信息和所述指定信息分别进行鉴权验证。The second requesting unit requests the server to perform authentication verification on the fingerprint information and the specified information respectively.
  9. 根据权利要求6至8任一项所述的装置,其特征在于,所述指定算法包括水印嵌入算法。Apparatus according to any one of claims 6 to 8, wherein said designation algorithm comprises a watermark embedding algorithm.
  10. 根据权利要求6至9任一项所述的装置,所述装置还包括:The apparatus according to any one of claims 6 to 9, the apparatus further comprising:
    接收模块,用于接收所述服务器发送的鉴权验证请求。 The receiving module is configured to receive an authentication verification request sent by the server.
PCT/CN2015/085814 2015-07-01 2015-07-31 Encryption method and apparatus WO2017000340A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510379368.8 2015-07-01
CN201510379368.8A CN105550879A (en) 2015-07-01 2015-07-01 Encryption method and apparatus

Publications (1)

Publication Number Publication Date
WO2017000340A1 true WO2017000340A1 (en) 2017-01-05

Family

ID=55830058

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/085814 WO2017000340A1 (en) 2015-07-01 2015-07-31 Encryption method and apparatus

Country Status (2)

Country Link
CN (1) CN105550879A (en)
WO (1) WO2017000340A1 (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2018072061A1 (en) * 2016-10-17 2018-04-26 哈尔滨工业大学深圳研究生院 Method and device for encrypting electronic file
CN106850532A (en) * 2016-11-24 2017-06-13 比奥香港有限公司 A kind of method of payment and system based on biological token
CN108596629A (en) * 2018-04-28 2018-09-28 深圳蓝贝科技有限公司 a kind of convenient payment system and method
CN110738499A (en) * 2019-09-03 2020-01-31 平安科技(深圳)有限公司 User identity authentication method and device, computer equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7778935B2 (en) * 2006-03-09 2010-08-17 Colella Brian A System for secure payment and authentication
CN102123033A (en) * 2011-03-23 2011-07-13 北京恒光数码科技有限公司 Identity authentication method and system of dynamic password token as well as mobile terminal of dynamic password token
CN102880955A (en) * 2012-08-03 2013-01-16 毛德操 Highly-safe fingerprint payment method

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100576797C (en) * 2007-10-25 2009-12-30 王松 Network identity validation method based on fingerprint

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7778935B2 (en) * 2006-03-09 2010-08-17 Colella Brian A System for secure payment and authentication
CN102123033A (en) * 2011-03-23 2011-07-13 北京恒光数码科技有限公司 Identity authentication method and system of dynamic password token as well as mobile terminal of dynamic password token
CN102880955A (en) * 2012-08-03 2013-01-16 毛德操 Highly-safe fingerprint payment method

Also Published As

Publication number Publication date
CN105550879A (en) 2016-05-04

Similar Documents

Publication Publication Date Title
US11223948B2 (en) Anonymous authentication and remote wireless token access
US11704393B2 (en) Self-owned authentication and identity framework
US10402797B2 (en) Secured authentication and transaction authorization for mobile and internet-of-things devices
TWI728261B (en) Query system, method and non-transitory machine-readable medium to determine authentication capabilities
EP3138265B1 (en) Enhanced security for registration of authentication devices
US20170063827A1 (en) Data obfuscation method and service using unique seeds
CN112425114B (en) Password manager protected by public key-private key pair
US10484372B1 (en) Automatic replacement of passwords with secure claims
JP6538872B2 (en) Common identification data replacement system and method
US9124571B1 (en) Network authentication method for secure user identity verification
KR20180013710A (en) Public key infrastructure based service authentication method and system
WO2020062667A1 (en) Data asset management method, data asset management device and computer readable medium
WO2017000340A1 (en) Encryption method and apparatus
TWM595792U (en) Authorization system for cross-platform authorizing access to resources
CN113872989B (en) SSL protocol-based authentication method, SSL protocol-based authentication device, computer equipment and storage medium
KR101654797B1 (en) Interactive CAPTCHA System Resilient to Phishing Attacks
KR102284876B1 (en) System and method for federated authentication based on biometrics
KR101835718B1 (en) Mobile authentication method using near field communication technology
US9871890B2 (en) Network authentication method using a card device
CN114021093A (en) Information processing method and system and electronic equipment
WO2015184809A1 (en) Method, mobile terminal, service provider device and system for mobile terminal payment transaction
TWI778319B (en) Method for cross-platform authorizing access to resources and authorization system thereof
KR101592475B1 (en) Illegal using preventing system for membership internet service
WO2013182050A1 (en) Security information interaction device and method, and ic card for security information interaction
CN117097508A (en) Method and device for cross-device security management of NFT (network File transfer protocol)

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15896870

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15896870

Country of ref document: EP

Kind code of ref document: A1