WO2017020449A1 - Fingerprint reading method and user equipment - Google Patents

Fingerprint reading method and user equipment Download PDF

Info

Publication number
WO2017020449A1
WO2017020449A1 PCT/CN2015/095617 CN2015095617W WO2017020449A1 WO 2017020449 A1 WO2017020449 A1 WO 2017020449A1 CN 2015095617 W CN2015095617 W CN 2015095617W WO 2017020449 A1 WO2017020449 A1 WO 2017020449A1
Authority
WO
WIPO (PCT)
Prior art keywords
fingerprint
requester
target
identifier
user equipment
Prior art date
Application number
PCT/CN2015/095617
Other languages
French (fr)
Chinese (zh)
Inventor
樊立
柴玉东
乔雁龙
Original Assignee
宇龙计算机通信科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 宇龙计算机通信科技(深圳)有限公司 filed Critical 宇龙计算机通信科技(深圳)有限公司
Publication of WO2017020449A1 publication Critical patent/WO2017020449A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/12Fingerprints or palmprints
    • G06V40/1365Matching; Classification

Definitions

  • the present invention relates to the field of Internet technologies, and in particular, to a fingerprint reading method and user equipment.
  • the embodiment of the invention discloses a fingerprint reading method and a user equipment, which can authenticate a device or an application for reading a fingerprint, and decrypt the stored encrypted fingerprint information through the cloud, thereby improving the fingerprint stored by the smart device. safety.
  • the embodiment of the invention discloses a fingerprint reading method, and the method comprises:
  • the embodiment of the invention further discloses a user equipment, where the user equipment comprises:
  • a first receiving module configured to receive a fingerprint reading request that carries an identifier of the target requester
  • a determining module configured to determine, according to the identifier, whether the target requester has a fingerprint reading permission according to the fingerprint reading request;
  • An acquiring module configured to: when the determining module determines that the target requester has the fingerprint reading permission, obtain the encrypted target fingerprint information from the preset fingerprint storage area;
  • a first sending module configured to send, to the cloud, a sending request that includes the encrypted target fingerprint information and the identifier, so that the cloud decrypts the encrypted target fingerprint information in response to the sending request, and The decrypted target fingerprint information is sent to the target requester.
  • the user equipment after receiving the fingerprint reading request carrying the identifier of the target requester, the user equipment responds to the fingerprint reading request, and determines whether the target requester has the fingerprint reading authority according to the identifier of the target requester; When the requester has the fingerprint reading permission, the user equipment obtains the encrypted target fingerprint information from the preset fingerprint storage area, and sends the encrypted target fingerprint information and the sending request of the identifier to the cloud, so that the cloud responds to the sending request.
  • the encrypted target fingerprint information is decrypted, and the decrypted target fingerprint information is sent to the target requester. It can be seen that, by implementing the embodiment of the present invention, the user equipment can authenticate the device or application that reads the fingerprint, and decrypt the stored encrypted fingerprint information through the cloud, thereby improving the security of the fingerprint stored by the smart device.
  • FIG. 1 is a schematic flow chart of a fingerprint reading method according to an embodiment of the present invention.
  • FIG. 2 is a schematic flow chart of another fingerprint reading method according to an embodiment of the present invention.
  • FIG. 3 is a schematic flow chart of another fingerprint reading method according to an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a user equipment according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of another user equipment according to an embodiment of the present disclosure.
  • FIG. 6 is a schematic structural diagram of another user equipment according to an embodiment of the present invention.
  • the embodiment of the invention discloses a fingerprint reading method and a user equipment, which can authenticate a device or an application for reading a fingerprint, and decrypt the stored encrypted fingerprint information through the cloud, thereby improving the fingerprint stored by the smart device. safety. The details are described below separately.
  • FIG. 1 is a schematic flowchart diagram of a fingerprint reading method according to an embodiment of the present invention. As shown in FIG. 1, the fingerprint reading method may include the following steps.
  • S101 Receive a fingerprint reading request carrying an identifier of a target requester.
  • the user equipment receives the fingerprint reading request carrying the identifier of the target requester.
  • the user equipment may include, but is not limited to, user equipment such as a smart phone, a tablet computer, a notebook computer, a desktop computer, and a fingerprint lock.
  • the operating system of the user equipment may include, but is not limited to, an Android operating system, an IOS operating system, a Symbian operating system, a Blackberry operating system, a Windows operating system, and the like, which are not limited in the embodiment of the present invention.
  • the target requester may be any device other than the user equipment or the target requester may be any application installed on the user equipment.
  • the user equipment may receive a fingerprint reading request sent by a device other than the local end, or the user equipment may receive a fingerprint reading request sent by an application installed at the local end.
  • the identifier of the target requester is data capable of identifying the unique identity of the target requester.
  • the fingerprint reading request will carry the identifier of the device.
  • the identity of the device can be the MAC address of the device.
  • the fingerprint read request will carry the identifier of the application.
  • the user equipment after receiving the fingerprint reading request, extracts the fingerprint reading request.
  • the identifier of the target requester carried, and judges whether the target requester has the fingerprint reading authority according to the identifier of the target requester.
  • step S103 is performed.
  • the user equipment may output prompt information for prompting that the illegal requester requests to read the fingerprint, so that the user takes timely measures to prevent the stored fingerprint from being Pirates.
  • the specific implementation manner of the user equipment determining whether the target requester has the fingerprint reading authority according to the identifier of the target requester in response to the fingerprint reading request may include the following steps:
  • the user equipment responds to the fingerprint reading request, and outputs target prompt information according to the identifier of the target requester, where the target prompt information is used to prompt whether the target requester is allowed to read the fingerprint;
  • the user equipment receives the target response information input by the user for the target prompt information
  • the user equipment determines that the target requester has the fingerprint reading authority; when the target response information is used to indicate that the target requester is not allowed to read the fingerprint, the user The device determines that the target requester does not have fingerprint read permission.
  • the user equipment after receiving the fingerprint reading request, responds to the fingerprint reading request and outputs the target prompt information according to the identifier of the target requester.
  • the target prompt information is used to prompt whether the target requester is allowed to read the fingerprint.
  • the user may input target response information for indicating that the target requester is allowed to read the fingerprint for the target prompt information, or the user may input target response information for indicating that the target requester is not allowed to read the fingerprint for the target prompt information.
  • the user equipment After the user equipment receives the fingerprint reading request sent by the e-commerce application, the user equipment acquires the name of the e-commerce application according to the identifier of the e-commerce application, and outputs an e-commerce application name for prompting whether the electric power is allowed.
  • the merchant application reads the target prompt information of the fingerprint.
  • the user equipment determines that the e-commerce application has fingerprint reading authority; when the user inputs the target prompt information for indicating no
  • the user equipment determines that the e-commerce application does not have the fingerprint reading authority.
  • the specific implementation manner of the user equipment determining whether the target requester has the fingerprint reading authority according to the identifier of the target requester in response to the fingerprint reading request may include the following steps:
  • the user equipment responds to the fingerprint reading request, and determines whether the identifier of the target requester is consistent with the identifier of the authorization requester set in advance;
  • the user equipment determines that the target requester has the fingerprint reading authority; when the identifier of the target requester is inconsistent with the identifier of the authorization requester, the user equipment determines the target requester Does not have fingerprint reading permission.
  • the user equipment may pre-set an authorization requester with fingerprint reading authority.
  • an authorization requester with fingerprint reading authority.
  • the user equipment when the user equipment determines that the target requester has the fingerprint reading authority, the user equipment obtains the encrypted target fingerprint information from the preset fingerprint storage area.
  • the user equipment may acquire one or more encrypted target fingerprint information from the preset fingerprint storage area.
  • the user equipment may set multiple preset fingerprint storage areas, and store different fingerprint information in different preset fingerprint storage areas. By setting a plurality of preset fingerprint storage areas, it is possible to avoid storing the fingerprint information in one fingerprint storage area, which is beneficial to reducing the risk of fingerprint information being completely stolen.
  • the fingerprint information stored in the preset fingerprint storage area is encrypted fingerprint information, which can reduce the risk of the fingerprint information being stolen.
  • S104 Send a sending request that includes the encrypted target fingerprint information and the identifier to the cloud, so that the cloud decrypts the encrypted target fingerprint information in response to the sending request, and the decrypted Target fingerprint information is sent to the target requester.
  • the user equipment after acquiring the target fingerprint information, the user equipment generates a sending request, and sends the sending request to the cloud, where the sending request includes the encrypted target fingerprint information and the identifier of the target requester.
  • the cloud After receiving the sending request, the cloud will respond to the sending request, decrypt the encrypted target fingerprint information by using a preset decryption algorithm, and send the decrypted target fingerprint information to the target requester according to the identifier of the target requester.
  • the attacker by setting a decryption algorithm in the cloud without setting a decryption algorithm on the user equipment, the attacker can prevent the attacker from cracking the password of the target fingerprint information by decompilation, which is beneficial to improving the security of the fingerprint information stored by the user equipment. .
  • the user equipment receives a fingerprint read carrying the identity of the target requester After the request is fetched, the fingerprint reading request is responded to, according to the identifier of the target requester, whether the target requester has the fingerprint reading authority; when the target requester has the fingerprint reading permission, the user equipment obtains from the preset fingerprint storage area. Encrypting the target fingerprint information, and sending the encrypted target fingerprint information and the sending request of the identifier to the cloud, so that the cloud decrypts the encrypted target fingerprint information in response to the sending request, and sends the decrypted target fingerprint information to the Target requester. It can be seen that, by implementing the embodiment of the present invention, the user equipment can authenticate the device or application that reads the fingerprint, and decrypt the stored encrypted fingerprint information through the cloud, thereby improving the security of the fingerprint stored by the smart device.
  • FIG. 2 is a schematic flowchart diagram of another fingerprint reading method according to an embodiment of the present invention. As shown in FIG. 2, the fingerprint reading method may include the following steps.
  • the user equipment receives a permission setting instruction input by a user, where the permission setting instruction carries a requester identifier.
  • the requester is identified as data capable of identifying the unique identity of the requester.
  • the requester identifier may be an identifier of any application installed on the user device, or the requester identifier may be an identifier of any device other than the user device.
  • the user equipment sends a query instruction including the requester identifier to the cloud, so that the cloud queries whether the requester corresponding to the requester identifier is an illegal requester.
  • the user equipment after receiving the permission setting instruction, extracts the requester identifier in the permission setting instruction, and sends a query instruction including the requester identifier to the cloud.
  • the cloud may count the identifier of the illegal requester by the user of each user equipment. When the number of times a certain requester is marked as an illegal requester by the user exceeds a preset number of times, the cloud may request the request. Set as an illegal requester. After receiving the query instruction, the cloud responds to the query instruction to query whether the requester corresponding to the requester identifier is an illegal requester.
  • the user equipment receives a response message sent by the cloud for the query instruction.
  • the cloud query requester identifier when the cloud query requester identifier is the same as the identifier of the illegal requester, the cloud determines that the requester corresponding to the requester identifier is an illegal requester, and the cloud sends the user equipment to indicate that the requester identifier corresponds to The requester is the response information of the illegal requester.
  • the cloud query requester identifier is different from the identifier of the illegal requester, the cloud determines that the requester corresponding to the requester identifier is a legal requester, and the cloud sends the requester corresponding to the requester identifier to the user equipment as a legitimate request. Response information.
  • the user equipment When the response message is used to indicate that the requester identifier is a legal requester, the user equipment responds to the permission setting instruction, and sets the requester corresponding to the requester identifier to have a fingerprint reading. The requester of the permission.
  • the cloud can collect a large number of user-marked information about a malicious program or a malicious device.
  • the embodiment sends a requester identifier to the cloud, so that the cloud queries the requester identifier. Whether the requester is an illegal requester marked by the user can prevent the user from granting fingerprint reading permission to the unknown illegal requester, thereby improving the security of the fingerprint stored by the user equipment.
  • the user equipment receives a fingerprint reading request that carries an identifier of the target requester.
  • the user equipment determines, according to the identifier, whether the target requester has fingerprint reading authority according to the fingerprint reading request.
  • the user equipment after receiving the fingerprint reading request, extracts the identifier of the target requester carried by the fingerprint reading request, and determines whether the target requester has the fingerprint reading authority according to the identifier of the target requester.
  • step S208 is performed.
  • step S207 is performed.
  • the user equipment sends, to the preset terminal, prompt information for prompting that an illegal requester requests to read the fingerprint.
  • the user equipment may set a preset terminal.
  • the user equipment determines that the target requester does not have the fingerprint reading authority, the user equipment sends a prompt message for prompting the existence of the illegal requester to request the fingerprint reading.
  • the user equipment may send, by using a short message or an email, a prompt message for prompting the presence of an illegal requester to read the fingerprint to the preset terminal.
  • the user equipment when the user equipment determines that the target requester does not have the fingerprint reading permission, the user may promptly remind the user that the illegal requester exists by sending a prompt message for prompting the existence of the illegal requester to read the fingerprint to the preset terminal.
  • the fingerprint is requested to be read so that the user can take countermeasures in time to improve the security of the fingerprint stored by the user equipment.
  • the user equipment acquires the encrypted target fingerprint information from the preset fingerprint storage area.
  • the user equipment sends the encrypted target fingerprint information and the sent request to the cloud, so that the cloud solves the encrypted target fingerprint information in response to the sending request. Densing, and transmitting the decrypted target fingerprint information to the target requester.
  • the user can be prevented from granting the fingerprint reading authority to the unknown illegal requester, and when the user equipment determines that the target requester does not have the fingerprint reading permission, the user equipment sends the fingerprint to the preset terminal.
  • the prompt information for indicating that an illegal requester requests to read a fingerprint enables the user to take countermeasures in time, thereby improving the security of the fingerprint stored by the user equipment.
  • FIG. 3 is a schematic flowchart diagram of another fingerprint reading method according to an embodiment of the present invention. As shown in FIG. 3, the fingerprint reading method may include the following steps.
  • the user equipment receives a fingerprint storage instruction input by a user, where the fingerprint storage instruction carries fingerprint information to be stored.
  • the user equipment receives the login request input by the user.
  • the user equipment may send a login request to the cloud to enable the cloud to generate a random code to be sent to the designated device.
  • the user inputs a random code received by the specified device at the user device to log in.
  • step S301 is performed.
  • the login is unsuccessful, the process ends.
  • the user equipment in response to the fingerprint storage instruction, writes the currently generated random code into the to-be-stored fingerprint information, to encrypt the to-be-stored fingerprint information.
  • the user equipment after receiving the fingerprint storage instruction that is input by the user and carrying the fingerprint information to be stored, the user equipment responds to the fingerprint storage instruction, and writes the currently generated random code into the fingerprint information to be stored, so as to store the fingerprint information.
  • the random code written by the user equipment in the fingerprint information to be stored may be a random code used for the current login.
  • the random code written by the user equipment in the fingerprint information to be stored may be a random code generated by the user equipment in response to the fingerprint storage instruction.
  • the fingerprint information is stored in a binary form in the user equipment.
  • the user equipment may convert the random code into a binary form, and insert the random code in the binary form into a preset position in the binary of the fingerprint information to be stored, to encrypt the fingerprint information to be stored, wherein the preset position may be Any location in the binary of the fingerprint information to be stored. For example, if the random code includes four numbers of 4, 5, and 6, the binary of 4 is 0100, the binary of 5 is 0101, and the binary of 6 is 0110.
  • the binary of 4, 5, and 6 can be inserted before the binary of the fingerprint information to be stored, such as 0100 0101 0110 1111 1111, or the binary of 4, 5, and 6 is inserted into the fingerprint to be stored. Any position in the binary of the information, such as 1111 0100 0101 0110 1111 and 1111 0100 0101 1111 0110, is not limited in the embodiment of the present invention. By encrypting in this way, the security of the fingerprint stored by the user equipment can be improved.
  • the user equipment stores the encrypted fingerprint information to be stored in one preset fingerprint storage area of the plurality of preset fingerprint storage areas.
  • the user equipment is configured with multiple fingerprint storage areas. After the user equipment encrypts the stored fingerprint information, the fingerprint information to be stored may be stored in any preset fingerprint storage area of the plurality of preset fingerprint storage areas.
  • the embodiment of the invention is not limited. By setting a plurality of preset fingerprint storage areas, it is possible to avoid storing the fingerprint information in one fingerprint storage area, which is beneficial to reducing the risk of fingerprint information being completely stolen.
  • the user equipment receives a fingerprint reading request that carries an identifier of the target requester.
  • the user equipment determines, according to the identifier, whether the target requester has a fingerprint reading authority according to the fingerprint reading request.
  • the user equipment after receiving the fingerprint reading request, extracts the identifier of the target requester carried by the fingerprint reading request, and determines whether the target requester has the fingerprint reading authority according to the identifier of the target requester.
  • step S306 is performed.
  • the user equipment may output prompt information for prompting that the illegal requester requests to read the fingerprint, so that the user takes timely measures to prevent the stored fingerprint from being Pirates.
  • the user equipment acquires the encrypted target fingerprint information from the preset fingerprint storage area.
  • the user equipment sends the encrypted target fingerprint information and the sending request of the identifier to the cloud, so that the cloud decrypts the encrypted target fingerprint information in response to the sending request, and decrypts the encrypted target information.
  • the target fingerprint information is sent to the target requester.
  • the security of the fingerprint information to be stored is improved by encrypting the fingerprint information to be stored in the fingerprint information to be stored, and the user equipment can read the embodiment by implementing the embodiment of the present invention.
  • the fingerprint device or application authenticates and decrypts the stored encrypted fingerprint information through the cloud, thereby improving the security of the fingerprint stored by the smart device.
  • FIG. 4 is a schematic structural diagram of a user equipment according to an embodiment of the present invention.
  • the user equipment shown in FIG. 4 may include a first receiving module 401, a determining module 402, an obtaining module 403, and a first sending module 404. among them:
  • the first receiving module 401 is configured to receive a fingerprint reading request that carries an identifier of the target requester.
  • the first receiving module 401 of the user equipment receives the fingerprint reading request carrying the identifier of the target requester.
  • the user equipment may include, but is not limited to, user equipment such as a smart phone, a tablet computer, a notebook computer, a desktop computer, and a fingerprint lock.
  • the operating system of the user equipment may include, but is not limited to, an Android operating system, an IOS operating system, a Symbian operating system, a Blackberry operating system, a Windows operating system, and the like, which are not limited in the embodiment of the present invention.
  • the target requester may be any device other than the user equipment or the target requester may be any application installed on the user equipment.
  • the first receiving module 401 can receive the fingerprint reading request sent by the device other than the local end, or the first receiving module 401 can receive the fingerprint reading request sent by the application installed on the local end.
  • the identifier of the target requester is data capable of identifying the unique identity of the target requester.
  • the fingerprint reading request will carry the identifier of the device.
  • the identity of the device can be the MAC address of the device.
  • the fingerprint reading request will carry the identifier of the application.
  • the determining module 402 is configured to determine, according to the identifier, whether the target requester has fingerprint reading authority according to the identifier in response to the fingerprint reading request.
  • the determining module 402 extracts the identifier of the target requester carried by the fingerprint reading request, and determines whether the target requester has the fingerprint reading according to the identifier of the target requester. Take permission.
  • the trigger obtaining module 403 obtains the encrypted target fingerprint information from the preset fingerprint storage area.
  • the user equipment may output prompt information for prompting that the illegal requester requests to read the fingerprint, so that the user can take countermeasures in time to prevent the stored fingerprint. Stolen.
  • the determining module 402 can include an output unit and a receiving unit:
  • An output unit configured to output a target prompt information according to the identifier of the target requester, where the target prompt information is used to prompt whether the target requester is allowed to read the fingerprint;
  • a receiving unit configured to receive target response information input by the user for the target prompt information
  • the determining module 402 determines that the target requester has the fingerprint reading authority; and when the target response information is used to indicate that the target requester is not allowed to read the fingerprint, the determining module 402 determines that the target requester does not have fingerprint reading authority.
  • the output unit responds to the fingerprint reading request, and outputs the target prompt information according to the identifier of the target requester.
  • the target prompt information is used to prompt whether the target requester is allowed to read the fingerprint.
  • the user may input target response information for indicating that the target requester is allowed to read the fingerprint for the target prompt information, or the user may input target response information for indicating that the target requester is not allowed to read the fingerprint for the target prompt information.
  • the output unit obtains the name of the e-commerce application according to the identifier of the e-commerce application, and outputs the name including the e-commerce application name for prompting whether Allow the e-commerce application to read the target prompt information of the fingerprint.
  • the determining module 402 determines that the e-commerce application has the fingerprint reading authority; when the user inputs the indication information for the target prompt information When the e-commerce application is not allowed to read the target response information of the fingerprint, the determining module 402 determines that the e-commerce application does not have the fingerprint reading authority.
  • the determining module 402 can be specifically configured to:
  • the determining module 402 determines, according to the fingerprint reading request, whether the identifier of the target requester is consistent with the identifier of the authorization requester set in advance;
  • the determining module 402 determines that the target requester has the fingerprint reading authority; when the identifier of the target requester is inconsistent with the identifier of the authorized requester, the determining module 402 determines the target requester. Does not have fingerprint reading permission.
  • the user equipment may pre-set an authorization requester with fingerprint reading authority.
  • an authorization requester with fingerprint reading authority For a specific implementation manner in which the user equipment pre-sets the authorization requester with the fingerprint reading authority, refer to the embodiment described in FIG. 5, and details are not described herein.
  • the obtaining module 403 is configured to obtain the encrypted target fingerprint information from the preset fingerprint storage area when the determining module determines that the target requester has the fingerprint reading authority.
  • the obtaining module 403 obtains the encrypted target fingerprint information from the preset fingerprint storage area.
  • the obtaining module 403 can acquire one or more encrypted target fingerprint information from the preset fingerprint storage area.
  • the user equipment may set multiple preset fingerprint storage areas, and store different fingerprint information in different preset fingerprint storage areas. By setting a plurality of preset fingerprint storage areas, it is possible to avoid storing the fingerprint information in one fingerprint storage area, which is beneficial to reducing the risk of fingerprint information being completely stolen.
  • the fingerprint information stored in the preset fingerprint storage area is encrypted fingerprint information, which can reduce the risk of the fingerprint information being stolen.
  • the first sending module 404 is configured to send a sending request including the encrypted target fingerprint information and the identifier to the cloud, so that the cloud decrypts the encrypted target fingerprint information in response to the sending request, and The decrypted target fingerprint information is sent to the target requester.
  • the obtaining module 403 after acquiring the target fingerprint information, the obtaining module 403 generates a sending request, and sends the sending request to the cloud, where the sending request includes the encrypted target fingerprint information and the identifier of the target requester.
  • the cloud After receiving the sending request, the cloud will respond to the sending request, decrypt the encrypted target fingerprint information by using a preset decryption algorithm, and send the decrypted target fingerprint information to the target requester according to the identifier of the target requester.
  • the attacker by setting a decryption algorithm in the cloud without setting a decryption algorithm on the user equipment, the attacker can prevent the attacker from cracking the password of the target fingerprint information by decompilation, which is beneficial to improving the security of the fingerprint information stored by the user equipment. .
  • FIG. 5 is a schematic structural diagram of another user equipment according to an embodiment of the present invention.
  • the user equipment shown in FIG. 5 is optimized by the user equipment shown in FIG. 4.
  • the user equipment shown in FIG. 5 may include a second receiving module 405 and a third sending module 406, in addition to all the modules and units of the user equipment shown in FIG.
  • the second receiving module 405 is configured to receive, after the first receiving module 401 receives the fingerprint reading request carrying the identifier of the target requester, the permission setting instruction input by the user, where the permission setting instruction carries the requester identifier.
  • the requester is identified as data capable of identifying the unique identity of the requester.
  • the requester identifier may be an identifier of any application installed on the user device, or the requester identifier may be an identifier of any device other than the user device.
  • the third sending module 406 is configured to: after the second receiving module 405 receives the permission setting instruction input by the user, send a query instruction including the requester identifier to the cloud, so that the cloud queries the request corresponding to the requester identifier Whether the person is an illegal requester.
  • the third sending module 406 extracts the requester identifier in the permission setting instruction, and sends a query instruction including the requester identifier to the cloud.
  • the cloud may count the identifier of the illegal requester by the user of each user equipment. When the number of times a certain requester is marked as an illegal requester by the user exceeds a preset number of times, the cloud may request the request. Set as an illegal requester. After receiving the query instruction, the cloud responds to the query instruction to query whether the requester corresponding to the requester identifier is an illegal requester.
  • the third receiving module 407 is configured to receive a response message sent by the cloud for the query instruction.
  • the cloud query requester identifier when the cloud query requester identifier is the same as the identifier of the illegal requester, the cloud determines that the requester corresponding to the requester identifier is an illegal requester, and the cloud sends the user equipment to indicate that the requester identifier corresponds to The requester is the response information of the illegal requester.
  • the cloud query requester identifier is different from the identifier of the illegal requester, the cloud determines that the requester corresponding to the requester identifier is a legal requester, and the cloud sends the requester corresponding to the requester identifier to the user equipment as a legitimate request. Response information.
  • the trigger setting module 408 responds to the permission setting instruction, and sets the requester corresponding to the requester identifier. Is an authorized requester with fingerprint read permission.
  • the setting module 408 is configured to, according to the permission setting instruction, set the requester corresponding to the requester identifier as an authorization requester with fingerprint reading authority.
  • the cloud can collect a large number of user-marked information about a malicious program or a malicious device.
  • the third sending module 406 sends the requester identifier to the cloud.
  • the cloud is queried whether the requester corresponding to the requester identifier is an illegal requester marked by the user, and the user can be prevented from granting fingerprint reading permission to the unknown illegal requester, thereby improving the security of the fingerprint stored by the user equipment.
  • the second sending module 409 is configured to: when the determining module 402 determines that the target requester does not have the fingerprint reading authority, send the prompt information for prompting the presence of the illegal requester to request to read the fingerprint.
  • the user equipment may set the preset terminal.
  • the second sending module 409 sends a prompt to the preset terminal to prompt the presence of the illegal requester to request the reading. Fingertip information.
  • the second sending module 409 may send the prompt information for prompting the presence of the illegal requester to request to read the fingerprint to the preset terminal by using a short message or an email.
  • the second sending module 409 when the determining module 402 determines that the target requester does not have the fingerprint reading authority, the second sending module 409 sends a prompt message for prompting the existence of the illegal requester to request the fingerprint to be read by the second sending module 409. The user is reminded that an illegal requester requests to read the fingerprint, so that the user can take countermeasures in time, and the security of the fingerprint stored by the user equipment is improved.
  • FIG. 6 is a schematic structural diagram of another user equipment according to an embodiment of the present invention.
  • the user equipment shown in FIG. 6 is optimized by the user equipment shown in FIG. 4.
  • the user equipment shown in FIG. 6 may further include a fourth receiving module 410, an encryption module 411, and a storage module 412 in addition to all the modules and units of the user equipment shown in FIG. . among them:
  • the fourth receiving module 410 is configured to receive a fingerprint storage instruction input by the user before the first receiving module 401 receives the fingerprint reading request carrying the identifier of the target requester, where the fingerprint storage instruction carries the fingerprint information to be stored.
  • the user equipment further includes a fifth receiving module and a fourth sending module, configured to receive a login request input by the user before the fourth receiving module 410 receives the fingerprint storage instruction input by the user.
  • the fourth sending module is configured to send a login request to the cloud after the fifth receiving module receives the login request, so that the cloud generates a random code and sends the random code to the designated device.
  • the user inputs a random code received by the specified device at the user device to log in.
  • the fourth receiving module 410 may receive a fingerprint storage instruction input by the user.
  • the encryption module 411 is configured to write the currently generated random code into the to-be-stored fingerprint information to encrypt the fingerprint information to be stored in response to the fingerprint storage instruction.
  • the encryption module 411 responds to the fingerprint storage instruction, and writes the currently generated random code into the fingerprint information to be stored.
  • the random code written by the encryption module 411 into the fingerprint information to be stored may be a random code used for the current login.
  • the random code written by the encryption module 411 into the fingerprint information to be stored may be a random code generated by the encryption module 411 in response to the fingerprint storage instruction.
  • the fingerprint information is stored in a binary form in the user equipment.
  • the encryption module 411 can convert the random code into a binary form, and insert the random code in the binary form into a preset position in the binary of the fingerprint information to be stored, to encrypt the fingerprint information to be stored, wherein the preset position It can be any position in the binary of the fingerprint information to be stored. For example, if the random code includes 4, 5, and 6 digits, the binary of 4 is 0100, the binary of 5 is 0101, and the binary of 6 is 0110.
  • the embodiment of the present invention is not limited. By encrypting in this way, the security of the fingerprint stored by the user equipment can be improved.
  • the storage module 412 is configured to store the encrypted fingerprint information to be stored into one preset fingerprint storage area of the plurality of preset fingerprint storage areas.
  • the user equipment is provided with a plurality of fingerprint storage areas.
  • the storage module 412 may store the fingerprint information to be stored in any one of the preset fingerprint storage areas.
  • the embodiment of the present invention is not limited in the fingerprint storage area. By setting a plurality of preset fingerprint storage areas, it is possible to avoid storing the fingerprint information in one fingerprint storage area, which is beneficial to reducing the risk of fingerprint information being completely stolen.
  • the determining module responds to the fingerprint reading request, and determines the target according to the identifier of the target requester. Whether the requester has the fingerprint reading authority; when the target requester has the fingerprint reading permission, the obtaining module obtains the encrypted target fingerprint information from the preset fingerprint storage area, and the first sending The module sends the encrypted target fingerprint information and the sending request of the identifier to the cloud, so that the cloud decrypts the encrypted target fingerprint information in response to the sending request, and sends the decrypted target fingerprint information to the target requester. It can be seen that, by implementing the embodiment of the present invention, the user equipment can authenticate the device or application that reads the fingerprint, and decrypt the stored encrypted fingerprint information through the cloud, thereby improving the security of the fingerprint stored by the smart device.
  • modules or units in the user equipment in the embodiment of the present invention may be combined, divided, and deleted according to actual needs.
  • the program may be stored in a readable and writable storage of an IT device such as a computer or a mobile phone.
  • the storage medium may be a hard disk, an emmc, or the like.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Collating Specific Patterns (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed are a fingerprint reading method and user equipment. The method comprises: receiving a fingerprint reading request carrying an identifier of a target requestor; in response to the fingerprint reading request, determining, according to the identifier, whether the target requestor has a fingerprint reading permission; obtaining encrypted target fingerprint information from a preset fingerprint storage area when the target requestor has the fingerprint reading permission; and sending a sending request comprising the encrypted target fingerprint information and the identifier to a cloud, so that the cloud decrypts the encrypted target fingerprint information in response to the sending request, and send the decrypted target fingerprint information to the target requestor. It can be seen that, by means of the embodiments of the present invention, user equipment can authenticate a device or an application program that reads a fingerprint, and decrypt stored encrypted fingerprint information by using a cloud, thereby improving the security of a fingerprint stored in an intelligent device.

Description

一种指纹读取方法及用户设备Fingerprint reading method and user equipment
本申请要求于2015年7月31日提交中国专利局、申请号为201510470218.8、发明名称为“一种指纹读取方法及用户设备”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims priority to Chinese Patent Application No. 201510470218.8, entitled "Fingerprint Reading Method and User Equipment" by the Chinese Patent Office on July 31, 2015, the entire contents of which are incorporated herein by reference. In the application.
技术领域Technical field
本发明涉及互联网技术领域,尤其涉及一种指纹读取方法及用户设备。The present invention relates to the field of Internet technologies, and in particular, to a fingerprint reading method and user equipment.
背景技术Background technique
随着智能设备(如智能手机、PAD等设备)的发展,智能设备的安全性受到广大用户的重视。为提高智能设备的安全性,越来越多的智能设备拥有指纹识别功能。指纹识别功能虽然能够提高智能设备的安全性,但在实际应用中,非法分子利用恶意程序或恶意终端很容易获取到储存于智能设备的用户指纹。非法分子盗取用户指纹后,可以通过盗取的用户指纹对智能设备进行非法操作,这给智能设备造成了极大的安全隐患。因此,如何提高智能设备储存的指纹的安全性是一个亟待解决的问题。With the development of smart devices (such as smart phones, PADs, etc.), the security of smart devices has been valued by users. In order to improve the security of smart devices, more and more smart devices have fingerprint recognition capabilities. Although the fingerprint recognition function can improve the security of the smart device, in practical applications, the illegal molecule can easily obtain the fingerprint of the user stored in the smart device by using a malicious program or a malicious terminal. After an illegal molecule steals a user's fingerprint, the intelligent device can be illegally operated by the stolen user fingerprint, which causes a great security risk to the smart device. Therefore, how to improve the security of fingerprints stored by smart devices is an urgent problem to be solved.
发明内容Summary of the invention
本发明实施例公开了一种指纹读取方法及用户设备,能够对读取指纹的设备或应用程序进行鉴权,并通过云端对储存的加密指纹信息进行解密,提高了智能设备储存的指纹的安全性。The embodiment of the invention discloses a fingerprint reading method and a user equipment, which can authenticate a device or an application for reading a fingerprint, and decrypt the stored encrypted fingerprint information through the cloud, thereby improving the fingerprint stored by the smart device. safety.
本发明实施例公开了一种指纹读取方法,所述方法包括:The embodiment of the invention discloses a fingerprint reading method, and the method comprises:
接收携带有目标请求者的标识的指纹读取请求;Receiving a fingerprint reading request carrying an identifier of the target requester;
响应所述指纹读取请求,根据所述标识判断所述目标请求者是否具有指纹读取权限;Responding to the fingerprint reading request, determining, according to the identifier, whether the target requester has fingerprint reading authority;
当所述目标请求者具有指纹读取权限时,从预设指纹存储区域中获取加密的目标指纹信息;Obtaining the encrypted target fingerprint information from the preset fingerprint storage area when the target requester has the fingerprint reading authority;
将包括所述加密的目标指纹信息和所述标识的发送请求发送至云端,以使所述云端响应所述发送请求对所述加密的目标指纹信息进行解密,并将解密后 的所述目标指纹信息发送至所述目标请求者。Sending the encrypted target fingerprint information and the sent request to the cloud, so that the cloud decrypts the encrypted target fingerprint information in response to the sending request, and decrypts The target fingerprint information is sent to the target requester.
本发明实施例还公开了一种用户设备,所述用户设备包括:The embodiment of the invention further discloses a user equipment, where the user equipment comprises:
第一接收模块,用于接收携带有目标请求者的标识的指纹读取请求;a first receiving module, configured to receive a fingerprint reading request that carries an identifier of the target requester;
判断模块,用于响应所述指纹读取请求,根据所述标识判断所述目标请求者是否具有指纹读取权限;a determining module, configured to determine, according to the identifier, whether the target requester has a fingerprint reading permission according to the fingerprint reading request;
获取模块,用于当所述判断模块判断所述目标请求者具有指纹读取权限时,从预设指纹存储区域中获取加密的目标指纹信息;An acquiring module, configured to: when the determining module determines that the target requester has the fingerprint reading permission, obtain the encrypted target fingerprint information from the preset fingerprint storage area;
第一发送模块,用于将包括所述加密的目标指纹信息和所述标识的发送请求发送至云端,以使所述云端响应所述发送请求对所述加密的目标指纹信息进行解密,并将解密后的所述目标指纹信息发送至所述目标请求者。a first sending module, configured to send, to the cloud, a sending request that includes the encrypted target fingerprint information and the identifier, so that the cloud decrypts the encrypted target fingerprint information in response to the sending request, and The decrypted target fingerprint information is sent to the target requester.
本发明实施例中,用户设备接收携带有目标请求者的标识的指纹读取请求之后,将响应该指纹读取请求,根据目标请求者的标识判断目标请求者是否具有指纹读取权限;当目标请求者具有指纹读取权限时,用户设备从预设指纹存储区域中获取加密的目标指纹信息,并将包括加密的目标指纹信息和该标识的发送请求发送至云端,以使云端响应该发送请求对加密的目标指纹信息进行解密,并将解密后的目标指纹信息发送至目标请求者。可见,通过实施本发明实施例,用户设备可对读取指纹的设备或应用程序进行鉴权,并通过云端对储存的加密指纹信息进行解密,提高了智能设备储存的指纹的安全性。In the embodiment of the present invention, after receiving the fingerprint reading request carrying the identifier of the target requester, the user equipment responds to the fingerprint reading request, and determines whether the target requester has the fingerprint reading authority according to the identifier of the target requester; When the requester has the fingerprint reading permission, the user equipment obtains the encrypted target fingerprint information from the preset fingerprint storage area, and sends the encrypted target fingerprint information and the sending request of the identifier to the cloud, so that the cloud responds to the sending request. The encrypted target fingerprint information is decrypted, and the decrypted target fingerprint information is sent to the target requester. It can be seen that, by implementing the embodiment of the present invention, the user equipment can authenticate the device or application that reads the fingerprint, and decrypt the stored encrypted fingerprint information through the cloud, thereby improving the security of the fingerprint stored by the smart device.
附图说明DRAWINGS
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the embodiments will be briefly described below. It is obvious that the drawings in the following description are some embodiments of the present invention. Those skilled in the art can also obtain other drawings based on these drawings without paying any creative work.
图1是本发明实施例公开的一种指纹读取方法的流程示意图;1 is a schematic flow chart of a fingerprint reading method according to an embodiment of the present invention;
图2是本发明实施例公开的另一种指纹读取方法的流程示意图;2 is a schematic flow chart of another fingerprint reading method according to an embodiment of the present invention;
图3是本发明实施例公开的另一种指纹读取方法的流程示意图;3 is a schematic flow chart of another fingerprint reading method according to an embodiment of the present invention;
图4是本发明实施例公开的一种用户设备的结构示意图;4 is a schematic structural diagram of a user equipment according to an embodiment of the present invention;
图5是本发明实施例公开的另一种用户设备的结构示意图; FIG. 5 is a schematic structural diagram of another user equipment according to an embodiment of the present disclosure;
图6是本发明实施例公开的另一种用户设备的结构示意图。FIG. 6 is a schematic structural diagram of another user equipment according to an embodiment of the present invention.
具体实施方式detailed description
下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention are clearly and completely described in the following with reference to the accompanying drawings in the embodiments of the present invention. It is obvious that the described embodiments are a part of the embodiments of the present invention, but not all embodiments. All other embodiments obtained by those skilled in the art based on the embodiments of the present invention without creative efforts are within the scope of the present invention.
本发明实施例公开了一种指纹读取方法及用户设备,能够对读取指纹的设备或应用程序进行鉴权,并通过云端对储存的加密指纹信息进行解密,提高了智能设备储存的指纹的安全性。以下分别进行详细说明。The embodiment of the invention discloses a fingerprint reading method and a user equipment, which can authenticate a device or an application for reading a fingerprint, and decrypt the stored encrypted fingerprint information through the cloud, thereby improving the fingerprint stored by the smart device. safety. The details are described below separately.
请参见图1,图1为本发明实施例公开的一种指纹读取方法的流程示意图。如图1所示,该指纹读取方法可以包括以下步骤。Please refer to FIG. 1. FIG. 1 is a schematic flowchart diagram of a fingerprint reading method according to an embodiment of the present invention. As shown in FIG. 1, the fingerprint reading method may include the following steps.
S101、接收携带有目标请求者的标识的指纹读取请求。S101. Receive a fingerprint reading request carrying an identifier of a target requester.
本发明实施例中,由用户设备接收携带有目标请求者的标识的指纹读取请求。其中,该用户设备可包括但不限于智能手机、平板电脑、笔记本电脑、台式电脑和指纹锁等用户设备。该用户设备的操作系统可包括但不限于Android操作系统、IOS操作系统、Symbian(塞班)操作系统、Black Berry(黑莓)操作系统、Windows操作系统等等,本发明实施例不做限定。In the embodiment of the present invention, the user equipment receives the fingerprint reading request carrying the identifier of the target requester. The user equipment may include, but is not limited to, user equipment such as a smart phone, a tablet computer, a notebook computer, a desktop computer, and a fingerprint lock. The operating system of the user equipment may include, but is not limited to, an Android operating system, an IOS operating system, a Symbian operating system, a Blackberry operating system, a Windows operating system, and the like, which are not limited in the embodiment of the present invention.
本发明实施例中,该目标请求者可以为除用户设备之外的任一设备或该目标请求者可以为安装于用户设备的任一应用。用户设备可以接收除本端之外的设备发送的指纹读取请求,或用户设备可以接收安装于本端的应用发送的指纹读取请求。In this embodiment of the present invention, the target requester may be any device other than the user equipment or the target requester may be any application installed on the user equipment. The user equipment may receive a fingerprint reading request sent by a device other than the local end, or the user equipment may receive a fingerprint reading request sent by an application installed at the local end.
本发明实施例中,目标请求者的标识为能够标识出目标请求者的唯一身份的数据。当用户设备接收到一设备发送指纹读取请求时,该指纹读取请求将携带该设备的标识。例如,该设备的标识可以为设备的MAC地址。当用户设备接收到一应用发送指纹读取请求时,该指纹读取请求将携带该应用的标识。In the embodiment of the present invention, the identifier of the target requester is data capable of identifying the unique identity of the target requester. When the user equipment receives a device to send a fingerprint reading request, the fingerprint reading request will carry the identifier of the device. For example, the identity of the device can be the MAC address of the device. When the user equipment receives an application to send a fingerprint read request, the fingerprint read request will carry the identifier of the application.
S102、响应所述指纹读取请求,根据所述标识判断所述目标请求者是否具有指纹读取权限。S102. Respond to the fingerprint reading request, and determine, according to the identifier, whether the target requester has fingerprint reading authority.
本发明实施例中,用户设备接收指纹读取请求之后,将提取指纹读取请求 携带的目标请求者的标识,并根据目标请求者的标识判断目标请求者是否具有指纹读取权限。当用户设备判断目标请求者具有指纹读取权限时,执行步骤S103。当用户设备判断目标请求者不具有指纹读取权限时,可选的,用户设备可输出用于提示存在非法请求者请求读取指纹的提示信息,以使用户及时采取应对措施防止存储的指纹被盗。In the embodiment of the present invention, after receiving the fingerprint reading request, the user equipment extracts the fingerprint reading request. The identifier of the target requester carried, and judges whether the target requester has the fingerprint reading authority according to the identifier of the target requester. When the user equipment determines that the target requester has the fingerprint reading authority, step S103 is performed. When the user equipment determines that the target requester does not have the fingerprint reading permission, the user equipment may output prompt information for prompting that the illegal requester requests to read the fingerprint, so that the user takes timely measures to prevent the stored fingerprint from being Pirates.
作为一种可选的实施方式,用户设备响应指纹读取请求,根据目标请求者的标识判断目标请求者是否具有指纹读取权限的具体实施方式可包括以下步骤:As an optional implementation manner, the specific implementation manner of the user equipment determining whether the target requester has the fingerprint reading authority according to the identifier of the target requester in response to the fingerprint reading request may include the following steps:
11)用户设备响应指纹读取请求,根据目标请求者的标识输出目标提示信息,该目标提示信息用于提示是否允许目标请求者读取指纹;11) the user equipment responds to the fingerprint reading request, and outputs target prompt information according to the identifier of the target requester, where the target prompt information is used to prompt whether the target requester is allowed to read the fingerprint;
12)用户设备接收用户针对该目标提示信息输入的目标响应信息;12) the user equipment receives the target response information input by the user for the target prompt information;
13)当该目标响应信息用于指示允许目标请求者读取指纹时,用户设备判定目标请求者具有指纹读取权限;当该目标响应信息用于指示不允许目标请求者读取指纹时,用户设备判定目标请求者不具有指纹读取权限。13) When the target response information is used to indicate that the target requester is allowed to read the fingerprint, the user equipment determines that the target requester has the fingerprint reading authority; when the target response information is used to indicate that the target requester is not allowed to read the fingerprint, the user The device determines that the target requester does not have fingerprint read permission.
在该实施方式中,用户设备接收指纹读取请求之后,将响应指纹读取请求,根据目标请求者的标识输出目标提示信息。该目标提示信息用于提示是否允许目标请求者读取指纹。用户可针对该目标提示信息输入用于指示允许目标请求者读取指纹的目标响应信息,或用户可针对该目标提示信息输入用于指示不允许目标请求者读取指纹的目标响应信息。In this embodiment, after receiving the fingerprint reading request, the user equipment responds to the fingerprint reading request and outputs the target prompt information according to the identifier of the target requester. The target prompt information is used to prompt whether the target requester is allowed to read the fingerprint. The user may input target response information for indicating that the target requester is allowed to read the fingerprint for the target prompt information, or the user may input target response information for indicating that the target requester is not allowed to read the fingerprint for the target prompt information.
举例来说,用户设备接收到一电商应用发送的指纹读取请求之后,用户设备将根据电商应用的标识获取电商应用的名称,输出包括电商应用名称的用于提示是否允许该电商应用读取指纹的目标提示信息。当用户针对该目标提示信息输入用于指示允许该电商应用读取指纹的目标响应信息时,用户设备判定该电商应用具有指纹读取权限;当用户针对该目标提示信息输入用于指示不允许该电商应用读取指纹的目标响应信息时,用户设备判定该电商应用不具有指纹读取权限。For example, after the user equipment receives the fingerprint reading request sent by the e-commerce application, the user equipment acquires the name of the e-commerce application according to the identifier of the e-commerce application, and outputs an e-commerce application name for prompting whether the electric power is allowed. The merchant application reads the target prompt information of the fingerprint. When the user inputs target response information for instructing the e-commerce application to read the fingerprint for the target prompt information, the user equipment determines that the e-commerce application has fingerprint reading authority; when the user inputs the target prompt information for indicating no When the e-commerce application is allowed to read the target response information of the fingerprint, the user equipment determines that the e-commerce application does not have the fingerprint reading authority.
作为一种可选的实施方式,用户设备响应指纹读取请求,根据目标请求者的标识判断目标请求者是否具有指纹读取权限的具体实施方式可包括以下步骤: As an optional implementation manner, the specific implementation manner of the user equipment determining whether the target requester has the fingerprint reading authority according to the identifier of the target requester in response to the fingerprint reading request may include the following steps:
21)用户设备响应指纹读取请求,判断目标请求者的标识与预先设置的授权请求者的标识是否一致;21) the user equipment responds to the fingerprint reading request, and determines whether the identifier of the target requester is consistent with the identifier of the authorization requester set in advance;
22)当目标请求者的标识与授权请求者的标识一致时,用户设备判定目标请求者具有指纹读取权限;当目标请求者的标识与授权请求者的标识不一致时,用户设备判定目标请求者不具有指纹读取权限。22) when the identifier of the target requester is consistent with the identifier of the authorization requester, the user equipment determines that the target requester has the fingerprint reading authority; when the identifier of the target requester is inconsistent with the identifier of the authorization requester, the user equipment determines the target requester Does not have fingerprint reading permission.
在该实施方式中,用户设备可预先设置具有指纹读取权限的授权请求者。用户设备预先设置具有指纹读取权限的授权请求者的具体实施方式请参见图2所描述的实施例,在此不赘述。In this embodiment, the user equipment may pre-set an authorization requester with fingerprint reading authority. For a specific implementation manner of the user equipment that has the authorization of the fingerprint reader, please refer to the embodiment described in FIG. 2 , and details are not described herein.
S103、从预设指纹存储区域中获取加密的目标指纹信息。S103. Acquire encrypted target fingerprint information from a preset fingerprint storage area.
本发明实施例中,用户设备判定目标请求者具有指纹读取权限时,用户设备将从预设指纹存储区域中获取加密的目标指纹信息。用户设备可从预设指纹存储区域中获取一个或多个加密的目标指纹信息。可选的,用户设备可设置多个预设指纹存储区域,可在不同的预设指纹存储区域中存储不同的指纹信息。通过设置多个预设指纹存储区域,可避免将指纹信息集中储存在一个指纹存储区域,有利于降低指纹信息被全部盗取的风险。In the embodiment of the present invention, when the user equipment determines that the target requester has the fingerprint reading authority, the user equipment obtains the encrypted target fingerprint information from the preset fingerprint storage area. The user equipment may acquire one or more encrypted target fingerprint information from the preset fingerprint storage area. Optionally, the user equipment may set multiple preset fingerprint storage areas, and store different fingerprint information in different preset fingerprint storage areas. By setting a plurality of preset fingerprint storage areas, it is possible to avoid storing the fingerprint information in one fingerprint storage area, which is beneficial to reducing the risk of fingerprint information being completely stolen.
本发明实施例中,存储于预设指纹存储区域的指纹信息为加密的指纹信息,可以降低指纹信息被盗取的风险。In the embodiment of the present invention, the fingerprint information stored in the preset fingerprint storage area is encrypted fingerprint information, which can reduce the risk of the fingerprint information being stolen.
S104、将包括所述加密的目标指纹信息和所述标识的发送请求发送至云端,以使所述云端响应所述发送请求对所述加密的目标指纹信息进行解密,并将解密后的所述目标指纹信息发送至所述目标请求者。S104. Send a sending request that includes the encrypted target fingerprint information and the identifier to the cloud, so that the cloud decrypts the encrypted target fingerprint information in response to the sending request, and the decrypted Target fingerprint information is sent to the target requester.
本发明实施例中,用户设备获取目标指纹信息之后,将生成发送请求,并将发送请求发送至云端,其中,该发送请求包括加密的目标指纹信息和目标请求者的标识。云端接收发送请求之后,将响应该发送请求,通过预设解密算法对加密的目标指纹信息进行解密,并根据目标请求者的标识将解密后的目标指纹信息发送至目标请求者。In the embodiment of the present invention, after acquiring the target fingerprint information, the user equipment generates a sending request, and sends the sending request to the cloud, where the sending request includes the encrypted target fingerprint information and the identifier of the target requester. After receiving the sending request, the cloud will respond to the sending request, decrypt the encrypted target fingerprint information by using a preset decryption algorithm, and send the decrypted target fingerprint information to the target requester according to the identifier of the target requester.
本发明实施例中,通过在云端设置解密算法,而不在用户设备设置解密算法,可避免攻击者在用户设备通过反编译破解目标指纹信息的密码,有利于提高用户设备储存的指纹信息的安全性。In the embodiment of the present invention, by setting a decryption algorithm in the cloud without setting a decryption algorithm on the user equipment, the attacker can prevent the attacker from cracking the password of the target fingerprint information by decompilation, which is beneficial to improving the security of the fingerprint information stored by the user equipment. .
在图1所描述的方法中,用户设备接收携带有目标请求者的标识的指纹读 取请求之后,将响应该指纹读取请求,根据目标请求者的标识判断目标请求者是否具有指纹读取权限;当目标请求者具有指纹读取权限时,用户设备从预设指纹存储区域中获取加密的目标指纹信息,并将包括加密的目标指纹信息和该标识的发送请求发送至云端,以使云端响应该发送请求对加密的目标指纹信息进行解密,并将解密后的目标指纹信息发送至目标请求者。可见,通过实施本发明实施例,用户设备可对读取指纹的设备或应用程序进行鉴权,并通过云端对储存的加密指纹信息进行解密,提高了智能设备储存的指纹的安全性。In the method depicted in FIG. 1, the user equipment receives a fingerprint read carrying the identity of the target requester After the request is fetched, the fingerprint reading request is responded to, according to the identifier of the target requester, whether the target requester has the fingerprint reading authority; when the target requester has the fingerprint reading permission, the user equipment obtains from the preset fingerprint storage area. Encrypting the target fingerprint information, and sending the encrypted target fingerprint information and the sending request of the identifier to the cloud, so that the cloud decrypts the encrypted target fingerprint information in response to the sending request, and sends the decrypted target fingerprint information to the Target requester. It can be seen that, by implementing the embodiment of the present invention, the user equipment can authenticate the device or application that reads the fingerprint, and decrypt the stored encrypted fingerprint information through the cloud, thereby improving the security of the fingerprint stored by the smart device.
请参见图2,图2为本发明实施例公开的另一种指纹读取方法的流程示意图。如图2所示,该指纹读取方法可以包括以下步骤。Referring to FIG. 2, FIG. 2 is a schematic flowchart diagram of another fingerprint reading method according to an embodiment of the present invention. As shown in FIG. 2, the fingerprint reading method may include the following steps.
S201、用户设备接收用户输入的权限设置指令,所述权限设置指令携带请求者标识。S201. The user equipment receives a permission setting instruction input by a user, where the permission setting instruction carries a requester identifier.
本发明实施例中,该请求者标识为能够标识出请求者的唯一身份的数据。该请求者标识可以为安装于用户设备的任一应用的标识,或该请求者标识可以为除用户设备之外的任一设备的标识。In the embodiment of the present invention, the requester is identified as data capable of identifying the unique identity of the requester. The requester identifier may be an identifier of any application installed on the user device, or the requester identifier may be an identifier of any device other than the user device.
S202、用户设备向云端发送包括所述请求者标识的查询指令,以使云端查询所述请求者标识对应的请求者是否为非法请求者。S202. The user equipment sends a query instruction including the requester identifier to the cloud, so that the cloud queries whether the requester corresponding to the requester identifier is an illegal requester.
本发明实施例中,用户设备接收权限设置指令之后,将提取权限设置指令中的请求者标识,并发送包括请求者标识的查询指令至云端。In the embodiment of the present invention, after receiving the permission setting instruction, the user equipment extracts the requester identifier in the permission setting instruction, and sends a query instruction including the requester identifier to the cloud.
本发明实施例中,可选的,云端可统计各用户设备的用户对非法请求者的标记,当某一请求者被用户标记为非法请求者的次数超过预设次数之后,云端可将该请求者设置为非法请求者。云端接收查询指令之后,将响应该查询指令,查询请求者标识对应的请求者是否为非法请求者。In the embodiment of the present invention, optionally, the cloud may count the identifier of the illegal requester by the user of each user equipment. When the number of times a certain requester is marked as an illegal requester by the user exceeds a preset number of times, the cloud may request the request. Set as an illegal requester. After receiving the query instruction, the cloud responds to the query instruction to query whether the requester corresponding to the requester identifier is an illegal requester.
S203、用户设备接收云端针对所述查询指令发送的响应消息。S203. The user equipment receives a response message sent by the cloud for the query instruction.
本发明实施例中,当云端查询请求者标识与非法请求者的标识相同时,云端判定该请求者标识对应的请求者为非法请求者,则云端向用户设备发送用于指示请求者标识对应的请求者为非法请求者的响应信息。当云端查询请求者标识与非法请求者的标识不相同时,云端判定该请求者标识对应的请求者为合法请求者,则云端向用户设备发送用于指示请求者标识对应的请求者为合法请求 者的响应信息。In the embodiment of the present invention, when the cloud query requester identifier is the same as the identifier of the illegal requester, the cloud determines that the requester corresponding to the requester identifier is an illegal requester, and the cloud sends the user equipment to indicate that the requester identifier corresponds to The requester is the response information of the illegal requester. When the cloud query requester identifier is different from the identifier of the illegal requester, the cloud determines that the requester corresponding to the requester identifier is a legal requester, and the cloud sends the requester corresponding to the requester identifier to the user equipment as a legitimate request. Response information.
S204、当所述响应消息用于指示所述请求者标识对应的请求者为合法请求者时,用户设备响应所述权限设置指令,将所述请求者标识对应的请求者设置为具有指纹读取权限的请求者。S204. When the response message is used to indicate that the requester identifier is a legal requester, the user equipment responds to the permission setting instruction, and sets the requester corresponding to the requester identifier to have a fingerprint reading. The requester of the permission.
在实践中发现,云端可收集大量用户对恶意程序或恶意设备的标记信息,本发明实施例通过当用户设备接收到权限设置指令时,向云端发送请求者标识,使云端查询该请求者标识对应的请求者是否为用户标记的非法请求者,可避免用户对未知的非法请求者授予指纹读取权限,提高了用户设备存储的指纹的安全性。In practice, it is found that the cloud can collect a large number of user-marked information about a malicious program or a malicious device. When the user equipment receives the permission setting instruction, the embodiment sends a requester identifier to the cloud, so that the cloud queries the requester identifier. Whether the requester is an illegal requester marked by the user can prevent the user from granting fingerprint reading permission to the unknown illegal requester, thereby improving the security of the fingerprint stored by the user equipment.
S205、用户设备接收携带有目标请求者的标识的指纹读取请求。S205. The user equipment receives a fingerprint reading request that carries an identifier of the target requester.
S206、用户设备响应所述指纹读取请求,根据所述标识判断所述目标请求者是否具有指纹读取权限。S206. The user equipment determines, according to the identifier, whether the target requester has fingerprint reading authority according to the fingerprint reading request.
本发明实施例中,用户设备接收指纹读取请求之后,将提取指纹读取请求携带的目标请求者的标识,并根据目标请求者的标识判断目标请求者是否具有指纹读取权限。当用户设备判断目标请求者具有指纹读取权限时,执行步骤S208。当用户设备判断目标请求者不具有指纹读取权限时,执行步骤S207。In the embodiment of the present invention, after receiving the fingerprint reading request, the user equipment extracts the identifier of the target requester carried by the fingerprint reading request, and determines whether the target requester has the fingerprint reading authority according to the identifier of the target requester. When the user equipment determines that the target requester has the fingerprint reading authority, step S208 is performed. When the user equipment determines that the target requester does not have the fingerprint reading authority, step S207 is performed.
S207、用户设备向预设终端发送用于提示存在非法请求者请求读取指纹的提示信息。S207. The user equipment sends, to the preset terminal, prompt information for prompting that an illegal requester requests to read the fingerprint.
本发明实施例中,用户设备可设置预设终端,当用户设备判断目标请求者不具有指纹读取权限时,用户设备向预设终端发送用于提示存在非法请求者请求读取指纹的提示信息。可选的,用户设备可通过短信或邮件等方式向预设终端发送用于提示存在非法请求者请求读取指纹的提示信息。In the embodiment of the present invention, the user equipment may set a preset terminal. When the user equipment determines that the target requester does not have the fingerprint reading authority, the user equipment sends a prompt message for prompting the existence of the illegal requester to request the fingerprint reading. . Optionally, the user equipment may send, by using a short message or an email, a prompt message for prompting the presence of an illegal requester to read the fingerprint to the preset terminal.
本发明实施例中,当用户设备判断目标请求者不具有指纹读取权限时,通过向预设终端发送用于提示存在非法请求者请求读取指纹的提示信息,可及时提醒用户存在非法请求者请求读取指纹,以使用户可以及时采取应对措施,提高了用户设备存储的指纹的安全性。In the embodiment of the present invention, when the user equipment determines that the target requester does not have the fingerprint reading permission, the user may promptly remind the user that the illegal requester exists by sending a prompt message for prompting the existence of the illegal requester to read the fingerprint to the preset terminal. The fingerprint is requested to be read so that the user can take countermeasures in time to improve the security of the fingerprint stored by the user equipment.
S208、用户设备从预设指纹存储区域中获取加密的目标指纹信息。S208. The user equipment acquires the encrypted target fingerprint information from the preset fingerprint storage area.
S209、用户设备将包括所述加密的目标指纹信息和所述标识的发送请求发送至云端,以使所述云端响应所述发送请求对所述加密的目标指纹信息进行解 密,并将解密后的所述目标指纹信息发送至所述目标请求者。S209. The user equipment sends the encrypted target fingerprint information and the sent request to the cloud, so that the cloud solves the encrypted target fingerprint information in response to the sending request. Densing, and transmitting the decrypted target fingerprint information to the target requester.
可见,通过实施图2所描述的实施例,可避免用户对未知的非法请求者授予指纹读取权限,且当用户设备判断目标请求者不具有指纹读取权限时,用户设备向预设终端发送用于提示存在非法请求者请求读取指纹的提示信息,使用户可以及时采取应对措施,提高了用户设备存储的指纹的安全性。It can be seen that, by implementing the embodiment described in FIG. 2, the user can be prevented from granting the fingerprint reading authority to the unknown illegal requester, and when the user equipment determines that the target requester does not have the fingerprint reading permission, the user equipment sends the fingerprint to the preset terminal. The prompt information for indicating that an illegal requester requests to read a fingerprint enables the user to take countermeasures in time, thereby improving the security of the fingerprint stored by the user equipment.
请参见图3,图3为本发明实施例公开的另一种指纹读取方法的流程示意图。如图3所示,该指纹读取方法可以包括以下步骤。Referring to FIG. 3, FIG. 3 is a schematic flowchart diagram of another fingerprint reading method according to an embodiment of the present invention. As shown in FIG. 3, the fingerprint reading method may include the following steps.
S301、用户设备接收用户输入的指纹存储指令,所述指纹存储指令携带有待存储指纹信息。S301. The user equipment receives a fingerprint storage instruction input by a user, where the fingerprint storage instruction carries fingerprint information to be stored.
本发明实施例中,可选的,用户设备接收用户输入的指纹存储指令之前,用户设备将接收用户输入的登录请求。用户设备接收登录请求之后,可发送登录请求至云端,以使云端生成随机码发送至指定设备。用户在用户设备输入指定设备接收的随机码以进行登录。当登录成功时,执行步骤S301。当登录不成功时,结束本流程。通过在进行指纹存储、指纹读取和指纹解密之前使用随机码进行登录,当登录成功时才能执行指纹存储、指纹读取和指纹解密等操作,可大大提高用户设备储存的指纹的安全性。In the embodiment of the present invention, optionally, before the user equipment receives the fingerprint storage instruction input by the user, the user equipment receives the login request input by the user. After receiving the login request, the user equipment may send a login request to the cloud to enable the cloud to generate a random code to be sent to the designated device. The user inputs a random code received by the specified device at the user device to log in. When the login is successful, step S301 is performed. When the login is unsuccessful, the process ends. By using the random code to log in before performing fingerprint storage, fingerprint reading and fingerprint decryption, fingerprint storage, fingerprint reading and fingerprint decryption operations can be performed when the login is successful, which can greatly improve the security of the fingerprint stored by the user equipment.
S302、用户设备响应所述指纹存储指令,将当前生成的随机码写入所述待存储指纹信息中,以对所述待存储指纹信息进行加密。S302. The user equipment, in response to the fingerprint storage instruction, writes the currently generated random code into the to-be-stored fingerprint information, to encrypt the to-be-stored fingerprint information.
本发明实施例中,用户设备接收到用户输入的携带有待存储指纹信息的指纹存储指令之后,将响应该指纹存储指令,将当前生成的随机码写入待存储指纹信息中,以对待存储指纹信息进行加密。可选的,用户设备写入待存储指纹信息中的随机码可以为当前登录所使用的随机码。可选的,用户设备写入待存储指纹信息中的随机码可以为用户设备响应指纹存储指令而生成的随机码。In the embodiment of the present invention, after receiving the fingerprint storage instruction that is input by the user and carrying the fingerprint information to be stored, the user equipment responds to the fingerprint storage instruction, and writes the currently generated random code into the fingerprint information to be stored, so as to store the fingerprint information. Encrypt. Optionally, the random code written by the user equipment in the fingerprint information to be stored may be a random code used for the current login. Optionally, the random code written by the user equipment in the fingerprint information to be stored may be a random code generated by the user equipment in response to the fingerprint storage instruction.
本发明实施例中,指纹信息在用户设备中以二进制形式储存。可选的,用户设备可将随机码转换成二进制形式,并将二进制形式的随机码插入待存储指纹信息的二进制中的预设位置,以对待存储指纹信息进行加密,其中,该预设位置可以为待存储指纹信息的二进制中的任意位置。例如,若随机码包括4、5、6三个数字,则4的二进制为0100,5的二进制为0101,6的二进制为0110, 若待存储指纹信息的二进制为1111 1111,则可将4、5和6的二进制插入待存储指纹信息的二进制之前,如0100 0101 0110 1111 1111,或将4、5和6的二进制插入待存储指纹信息的二进制中的任意位置,如1111 0100 0101 0110 1111和1111 0100 0101 1111 0110,本发明实施例不做限定。通过这种方式的加密,可提高用户设备存储的指纹的安全性。In the embodiment of the present invention, the fingerprint information is stored in a binary form in the user equipment. Optionally, the user equipment may convert the random code into a binary form, and insert the random code in the binary form into a preset position in the binary of the fingerprint information to be stored, to encrypt the fingerprint information to be stored, wherein the preset position may be Any location in the binary of the fingerprint information to be stored. For example, if the random code includes four numbers of 4, 5, and 6, the binary of 4 is 0100, the binary of 5 is 0101, and the binary of 6 is 0110. If the binary of the fingerprint information to be stored is 1111 1111, the binary of 4, 5, and 6 can be inserted before the binary of the fingerprint information to be stored, such as 0100 0101 0110 1111 1111, or the binary of 4, 5, and 6 is inserted into the fingerprint to be stored. Any position in the binary of the information, such as 1111 0100 0101 0110 1111 and 1111 0100 0101 1111 0110, is not limited in the embodiment of the present invention. By encrypting in this way, the security of the fingerprint stored by the user equipment can be improved.
S303、用户设备将加密后的所述待存储指纹信息储存至多个预设指纹存储区域中的一个预设指纹存储区域中。S303. The user equipment stores the encrypted fingerprint information to be stored in one preset fingerprint storage area of the plurality of preset fingerprint storage areas.
本发明实施例中,用户设备设置有多个指纹存储区域,用户设备对待存储指纹信息进行加密之后,可将待存储指纹信息储存至多个预设指纹存储区域中的任意一个预设指纹存储区域中,本发明实施例不做限定。通过设置多个预设指纹存储区域,可避免将指纹信息集中储存在一个指纹存储区域,有利于降低指纹信息被全部盗取的风险。In the embodiment of the present invention, the user equipment is configured with multiple fingerprint storage areas. After the user equipment encrypts the stored fingerprint information, the fingerprint information to be stored may be stored in any preset fingerprint storage area of the plurality of preset fingerprint storage areas. The embodiment of the invention is not limited. By setting a plurality of preset fingerprint storage areas, it is possible to avoid storing the fingerprint information in one fingerprint storage area, which is beneficial to reducing the risk of fingerprint information being completely stolen.
S304、用户设备接收携带有目标请求者的标识的指纹读取请求。S304. The user equipment receives a fingerprint reading request that carries an identifier of the target requester.
S305、用户设备响应所述指纹读取请求,根据所述标识判断所述目标请求者是否具有指纹读取权限。S305. The user equipment determines, according to the identifier, whether the target requester has a fingerprint reading authority according to the fingerprint reading request.
本发明实施例中,用户设备接收指纹读取请求之后,将提取指纹读取请求携带的目标请求者的标识,并根据目标请求者的标识判断目标请求者是否具有指纹读取权限。当用户设备判断目标请求者具有指纹读取权限时,执行步骤S306。当用户设备判断目标请求者不具有指纹读取权限时,可选的,用户设备可输出用于提示存在非法请求者请求读取指纹的提示信息,以使用户及时采取应对措施防止存储的指纹被盗。In the embodiment of the present invention, after receiving the fingerprint reading request, the user equipment extracts the identifier of the target requester carried by the fingerprint reading request, and determines whether the target requester has the fingerprint reading authority according to the identifier of the target requester. When the user equipment determines that the target requester has the fingerprint reading authority, step S306 is performed. When the user equipment determines that the target requester does not have the fingerprint reading permission, the user equipment may output prompt information for prompting that the illegal requester requests to read the fingerprint, so that the user takes timely measures to prevent the stored fingerprint from being Pirates.
S306、用户设备从预设指纹存储区域中获取加密的目标指纹信息。S306. The user equipment acquires the encrypted target fingerprint information from the preset fingerprint storage area.
S307、用户设备将包括所述加密的目标指纹信息和所述标识的发送请求发送至云端,以使所述云端响应所述发送请求对所述加密的目标指纹信息进行解密,并将解密后的所述目标指纹信息发送至所述目标请求者。S307. The user equipment sends the encrypted target fingerprint information and the sending request of the identifier to the cloud, so that the cloud decrypts the encrypted target fingerprint information in response to the sending request, and decrypts the encrypted target information. The target fingerprint information is sent to the target requester.
在图3所描述的方法中,通过将随机码写入待存储指纹信息对待存储指纹信息进行加密,提高了待存储指纹信息的安全性,且通过实施本发明实施例,用户设备可对读取指纹的设备或应用程序进行鉴权,并通过云端对储存的加密指纹信息进行解密,提高了智能设备储存的指纹的安全性。 In the method described in FIG. 3, the security of the fingerprint information to be stored is improved by encrypting the fingerprint information to be stored in the fingerprint information to be stored, and the user equipment can read the embodiment by implementing the embodiment of the present invention. The fingerprint device or application authenticates and decrypts the stored encrypted fingerprint information through the cloud, thereby improving the security of the fingerprint stored by the smart device.
请参阅图4,图4是本发明实施例公开的一种用户设备的结构示意图。其中,图4所示的用户设备可以包括第一接收模块401、判断模块402、获取模块403和第一发送模块404。其中:Referring to FIG. 4, FIG. 4 is a schematic structural diagram of a user equipment according to an embodiment of the present invention. The user equipment shown in FIG. 4 may include a first receiving module 401, a determining module 402, an obtaining module 403, and a first sending module 404. among them:
第一接收模块401,用于接收携带有目标请求者的标识的指纹读取请求。The first receiving module 401 is configured to receive a fingerprint reading request that carries an identifier of the target requester.
本发明实施例中,由用户设备的第一接收模块401接收携带有目标请求者的标识的指纹读取请求。其中,该用户设备可包括但不限于智能手机、平板电脑、笔记本电脑、台式电脑和指纹锁等用户设备。该用户设备的操作系统可包括但不限于Android操作系统、IOS操作系统、Symbian(塞班)操作系统、Black Berry(黑莓)操作系统、Windows操作系统等等,本发明实施例不做限定。In the embodiment of the present invention, the first receiving module 401 of the user equipment receives the fingerprint reading request carrying the identifier of the target requester. The user equipment may include, but is not limited to, user equipment such as a smart phone, a tablet computer, a notebook computer, a desktop computer, and a fingerprint lock. The operating system of the user equipment may include, but is not limited to, an Android operating system, an IOS operating system, a Symbian operating system, a Blackberry operating system, a Windows operating system, and the like, which are not limited in the embodiment of the present invention.
本发明实施例中,该目标请求者可以为除用户设备之外的任一设备或该目标请求者可以为安装于用户设备的任一应用。第一接收模块401可以接收除本端之外的设备发送的指纹读取请求,或第一接收模块401可以接收安装于本端的应用发送的指纹读取请求。In this embodiment of the present invention, the target requester may be any device other than the user equipment or the target requester may be any application installed on the user equipment. The first receiving module 401 can receive the fingerprint reading request sent by the device other than the local end, or the first receiving module 401 can receive the fingerprint reading request sent by the application installed on the local end.
本发明实施例中,目标请求者的标识为能够标识出目标请求者的唯一身份的数据。当第一接收模块401接收到一设备发送指纹读取请求时,该指纹读取请求将携带该设备的标识。例如,该设备的标识可以为设备的MAC地址。当第一接收模块401接收到一应用发送指纹读取请求时,该指纹读取请求将携带该应用的标识。In the embodiment of the present invention, the identifier of the target requester is data capable of identifying the unique identity of the target requester. When the first receiving module 401 receives a device to send a fingerprint reading request, the fingerprint reading request will carry the identifier of the device. For example, the identity of the device can be the MAC address of the device. When the first receiving module 401 receives an application to send a fingerprint reading request, the fingerprint reading request will carry the identifier of the application.
判断模块402,用于响应所述指纹读取请求,根据所述标识判断所述目标请求者是否具有指纹读取权限。The determining module 402 is configured to determine, according to the identifier, whether the target requester has fingerprint reading authority according to the identifier in response to the fingerprint reading request.
本发明实施例中,第一接收模块401接收指纹读取请求之后,判断模块402将提取指纹读取请求携带的目标请求者的标识,并根据目标请求者的标识判断目标请求者是否具有指纹读取权限。当判断模块402判断目标请求者具有指纹读取权限时,触发获取模块403从预设指纹存储区域中获取加密的目标指纹信息。当判断模块402判断目标请求者不具有指纹读取权限时,可选的,用户设备可输出用于提示存在非法请求者请求读取指纹的提示信息,以使用户及时采取应对措施防止存储的指纹被盗。In the embodiment of the present invention, after the first receiving module 401 receives the fingerprint reading request, the determining module 402 extracts the identifier of the target requester carried by the fingerprint reading request, and determines whether the target requester has the fingerprint reading according to the identifier of the target requester. Take permission. When the determining module 402 determines that the target requester has the fingerprint reading authority, the trigger obtaining module 403 obtains the encrypted target fingerprint information from the preset fingerprint storage area. When the determining module 402 determines that the target requester does not have the fingerprint reading permission, the user equipment may output prompt information for prompting that the illegal requester requests to read the fingerprint, so that the user can take countermeasures in time to prevent the stored fingerprint. Stolen.
作为一种可选的实施方式,判断模块402可包括输出单元和接收单元: As an optional implementation manner, the determining module 402 can include an output unit and a receiving unit:
输出单元,用于响应指纹读取请求,根据目标请求者的标识输出目标提示信息,该目标提示信息用于提示是否允许目标请求者读取指纹;An output unit, configured to output a target prompt information according to the identifier of the target requester, where the target prompt information is used to prompt whether the target requester is allowed to read the fingerprint;
接收单元,用于接收用户针对该目标提示信息输入的目标响应信息;a receiving unit, configured to receive target response information input by the user for the target prompt information;
当该目标响应信息用于指示允许目标请求者读取指纹时,判断模块402判定目标请求者具有指纹读取权限;当该目标响应信息用于指示不允许目标请求者读取指纹时,判断模块402判定目标请求者不具有指纹读取权限。When the target response information is used to indicate that the target requester is allowed to read the fingerprint, the determining module 402 determines that the target requester has the fingerprint reading authority; and when the target response information is used to indicate that the target requester is not allowed to read the fingerprint, the determining module 402 determines that the target requester does not have fingerprint reading authority.
在该实施方式中,第一接收模块401接收指纹读取请求之后,输出单元将响应指纹读取请求,根据目标请求者的标识输出目标提示信息。该目标提示信息用于提示是否允许目标请求者读取指纹。用户可针对该目标提示信息输入用于指示允许目标请求者读取指纹的目标响应信息,或用户可针对该目标提示信息输入用于指示不允许目标请求者读取指纹的目标响应信息。In this embodiment, after the first receiving module 401 receives the fingerprint reading request, the output unit responds to the fingerprint reading request, and outputs the target prompt information according to the identifier of the target requester. The target prompt information is used to prompt whether the target requester is allowed to read the fingerprint. The user may input target response information for indicating that the target requester is allowed to read the fingerprint for the target prompt information, or the user may input target response information for indicating that the target requester is not allowed to read the fingerprint for the target prompt information.
举例来说,第一接收模块401接收到一电商应用发送的指纹读取请求之后,输出单元将根据电商应用的标识获取电商应用的名称,输出包括电商应用名称的用于提示是否允许该电商应用读取指纹的目标提示信息。当用户针对该目标提示信息输入用于指示允许该电商应用读取指纹的目标响应信息时,判断模块402判定该电商应用具有指纹读取权限;当用户针对该目标提示信息输入用于指示不允许该电商应用读取指纹的目标响应信息时,判断模块402判定该电商应用不具有指纹读取权限。For example, after the first receiving module 401 receives the fingerprint reading request sent by the e-commerce application, the output unit obtains the name of the e-commerce application according to the identifier of the e-commerce application, and outputs the name including the e-commerce application name for prompting whether Allow the e-commerce application to read the target prompt information of the fingerprint. When the user inputs the target response information for instructing the e-commerce application to read the fingerprint for the target prompt information, the determining module 402 determines that the e-commerce application has the fingerprint reading authority; when the user inputs the indication information for the target prompt information When the e-commerce application is not allowed to read the target response information of the fingerprint, the determining module 402 determines that the e-commerce application does not have the fingerprint reading authority.
作为一种可选的实施方式,判断模块402可具体用于:As an optional implementation manner, the determining module 402 can be specifically configured to:
判断模块402响应指纹读取请求,判断目标请求者的标识与预先设置的授权请求者的标识是否一致;The determining module 402 determines, according to the fingerprint reading request, whether the identifier of the target requester is consistent with the identifier of the authorization requester set in advance;
当目标请求者的标识与授权请求者的标识一致时,判断模块402判定目标请求者具有指纹读取权限;当目标请求者的标识与授权请求者的标识不一致时,判断模块402判定目标请求者不具有指纹读取权限。When the identifier of the target requester is consistent with the identifier of the authorized requester, the determining module 402 determines that the target requester has the fingerprint reading authority; when the identifier of the target requester is inconsistent with the identifier of the authorized requester, the determining module 402 determines the target requester. Does not have fingerprint reading permission.
在该实施方式中,用户设备可预先设置具有指纹读取权限的授权请求者。用户设备预先设置具有指纹读取权限的授权请求者的具体实施方式请参见图5所描述的实施例,在此不赘述。In this embodiment, the user equipment may pre-set an authorization requester with fingerprint reading authority. For a specific implementation manner in which the user equipment pre-sets the authorization requester with the fingerprint reading authority, refer to the embodiment described in FIG. 5, and details are not described herein.
获取模块403,用于当所述判断模块判断所述目标请求者具有指纹读取权限时,从预设指纹存储区域中获取加密的目标指纹信息。 The obtaining module 403 is configured to obtain the encrypted target fingerprint information from the preset fingerprint storage area when the determining module determines that the target requester has the fingerprint reading authority.
本发明实施例中,判断模块402判定目标请求者具有指纹读取权限时,获取模块403将从预设指纹存储区域中获取加密的目标指纹信息。获取模块403可从预设指纹存储区域中获取一个或多个加密的目标指纹信息。可选的,用户设备可设置多个预设指纹存储区域,可在不同的预设指纹存储区域中存储不同的指纹信息。通过设置多个预设指纹存储区域,可避免将指纹信息集中储存在一个指纹存储区域,有利于降低指纹信息被全部盗取的风险。In the embodiment of the present invention, when the determining module 402 determines that the target requester has the fingerprint reading authority, the obtaining module 403 obtains the encrypted target fingerprint information from the preset fingerprint storage area. The obtaining module 403 can acquire one or more encrypted target fingerprint information from the preset fingerprint storage area. Optionally, the user equipment may set multiple preset fingerprint storage areas, and store different fingerprint information in different preset fingerprint storage areas. By setting a plurality of preset fingerprint storage areas, it is possible to avoid storing the fingerprint information in one fingerprint storage area, which is beneficial to reducing the risk of fingerprint information being completely stolen.
本发明实施例中,存储于预设指纹存储区域的指纹信息为加密的指纹信息,可以降低指纹信息被盗取的风险。In the embodiment of the present invention, the fingerprint information stored in the preset fingerprint storage area is encrypted fingerprint information, which can reduce the risk of the fingerprint information being stolen.
第一发送模块404,用于将包括所述加密的目标指纹信息和所述标识的发送请求发送至云端,以使所述云端响应所述发送请求对所述加密的目标指纹信息进行解密,并将解密后的所述目标指纹信息发送至所述目标请求者。The first sending module 404 is configured to send a sending request including the encrypted target fingerprint information and the identifier to the cloud, so that the cloud decrypts the encrypted target fingerprint information in response to the sending request, and The decrypted target fingerprint information is sent to the target requester.
本发明实施例中,获取模块403获取目标指纹信息之后,将生成发送请求,并将发送请求发送至云端,其中,该发送请求包括加密的目标指纹信息和目标请求者的标识。云端接收发送请求之后,将响应该发送请求,通过预设解密算法对加密的目标指纹信息进行解密,并根据目标请求者的标识将解密后的目标指纹信息发送至目标请求者。In the embodiment of the present invention, after acquiring the target fingerprint information, the obtaining module 403 generates a sending request, and sends the sending request to the cloud, where the sending request includes the encrypted target fingerprint information and the identifier of the target requester. After receiving the sending request, the cloud will respond to the sending request, decrypt the encrypted target fingerprint information by using a preset decryption algorithm, and send the decrypted target fingerprint information to the target requester according to the identifier of the target requester.
本发明实施例中,通过在云端设置解密算法,而不在用户设备设置解密算法,可避免攻击者在用户设备通过反编译破解目标指纹信息的密码,有利于提高用户设备储存的指纹信息的安全性。In the embodiment of the present invention, by setting a decryption algorithm in the cloud without setting a decryption algorithm on the user equipment, the attacker can prevent the attacker from cracking the password of the target fingerprint information by decompilation, which is beneficial to improving the security of the fingerprint information stored by the user equipment. .
请一并参阅图5,图5是本发明实施例公开的另一种用户设备的结构示意图。其中,图5所示的用户设备是由图4所示的用户设备进行优化得到的。与图4所示的用户设备相比较,图5所示的用户设备除包括图4所示的用户设备的所有模块和单元外,还可以包括第二接收模块405、第三发送模块406、第三接收模块407、设置模块408和第二发送模块409。其中:Referring to FIG. 5, FIG. 5 is a schematic structural diagram of another user equipment according to an embodiment of the present invention. The user equipment shown in FIG. 5 is optimized by the user equipment shown in FIG. 4. Compared with the user equipment shown in FIG. 4, the user equipment shown in FIG. 5 may include a second receiving module 405 and a third sending module 406, in addition to all the modules and units of the user equipment shown in FIG. The three receiving module 407, the setting module 408, and the second sending module 409. among them:
第二接收模块405,用于在所述第一接收模块401接收携带有目标请求者的标识的指纹读取请求之前,接收用户输入的权限设置指令,所述权限设置指令携带请求者标识。The second receiving module 405 is configured to receive, after the first receiving module 401 receives the fingerprint reading request carrying the identifier of the target requester, the permission setting instruction input by the user, where the permission setting instruction carries the requester identifier.
本发明实施例中,该请求者标识为能够标识出请求者的唯一身份的数据。 该请求者标识可以为安装于用户设备的任一应用的标识,或该请求者标识可以为除用户设备之外的任一设备的标识。In the embodiment of the present invention, the requester is identified as data capable of identifying the unique identity of the requester. The requester identifier may be an identifier of any application installed on the user device, or the requester identifier may be an identifier of any device other than the user device.
第三发送模块406,用于在所述第二接收模块405接收用户输入的权限设置指令之后,向云端发送包括所述请求者标识的查询指令,以使云端查询所述请求者标识对应的请求者是否为非法请求者。The third sending module 406 is configured to: after the second receiving module 405 receives the permission setting instruction input by the user, send a query instruction including the requester identifier to the cloud, so that the cloud queries the request corresponding to the requester identifier Whether the person is an illegal requester.
本发明实施例中,第二接收模块405接收权限设置指令之后,第三发送模块406将提取权限设置指令中的请求者标识,并发送包括请求者标识的查询指令至云端。In the embodiment of the present invention, after the second receiving module 405 receives the permission setting instruction, the third sending module 406 extracts the requester identifier in the permission setting instruction, and sends a query instruction including the requester identifier to the cloud.
本发明实施例中,可选的,云端可统计各用户设备的用户对非法请求者的标记,当某一请求者被用户标记为非法请求者的次数超过预设次数之后,云端可将该请求者设置为非法请求者。云端接收查询指令之后,将响应该查询指令,查询请求者标识对应的请求者是否为非法请求者。In the embodiment of the present invention, optionally, the cloud may count the identifier of the illegal requester by the user of each user equipment. When the number of times a certain requester is marked as an illegal requester by the user exceeds a preset number of times, the cloud may request the request. Set as an illegal requester. After receiving the query instruction, the cloud responds to the query instruction to query whether the requester corresponding to the requester identifier is an illegal requester.
第三接收模块407,用于接收云端针对所述查询指令发送的响应消息。The third receiving module 407 is configured to receive a response message sent by the cloud for the query instruction.
本发明实施例中,当云端查询请求者标识与非法请求者的标识相同时,云端判定该请求者标识对应的请求者为非法请求者,则云端向用户设备发送用于指示请求者标识对应的请求者为非法请求者的响应信息。当云端查询请求者标识与非法请求者的标识不相同时,云端判定该请求者标识对应的请求者为合法请求者,则云端向用户设备发送用于指示请求者标识对应的请求者为合法请求者的响应信息。In the embodiment of the present invention, when the cloud query requester identifier is the same as the identifier of the illegal requester, the cloud determines that the requester corresponding to the requester identifier is an illegal requester, and the cloud sends the user equipment to indicate that the requester identifier corresponds to The requester is the response information of the illegal requester. When the cloud query requester identifier is different from the identifier of the illegal requester, the cloud determines that the requester corresponding to the requester identifier is a legal requester, and the cloud sends the requester corresponding to the requester identifier to the user equipment as a legitimate request. Response information.
本发明实施例中,当第三接收模块407接收的响应消息用于指示请求者标识对应的请求者为合法请求者时,触发设置模块408响应权限设置指令,将请求者标识对应的请求者设置为具有指纹读取权限的授权请求者。In the embodiment of the present invention, when the response message received by the third receiving module 407 is used to indicate that the requester identifies that the requester is a legal requester, the trigger setting module 408 responds to the permission setting instruction, and sets the requester corresponding to the requester identifier. Is an authorized requester with fingerprint read permission.
设置模块408,用于响应所述权限设置指令,将所述请求者标识对应的请求者设置为具有指纹读取权限的授权请求者。The setting module 408 is configured to, according to the permission setting instruction, set the requester corresponding to the requester identifier as an authorization requester with fingerprint reading authority.
在实践中发现,云端可收集大量用户对恶意程序或恶意设备的标记信息,本发明实施例通过当第二接收模块405接收到权限设置指令时,第三发送模块406向云端发送请求者标识,使云端查询该请求者标识对应的请求者是否为用户标记的非法请求者,可避免用户对未知的非法请求者授予指纹读取权限,提高了用户设备存储的指纹的安全性。 It is found in practice that the cloud can collect a large number of user-marked information about a malicious program or a malicious device. In the embodiment of the present invention, when the second receiving module 405 receives the permission setting instruction, the third sending module 406 sends the requester identifier to the cloud. The cloud is queried whether the requester corresponding to the requester identifier is an illegal requester marked by the user, and the user can be prevented from granting fingerprint reading permission to the unknown illegal requester, thereby improving the security of the fingerprint stored by the user equipment.
第二发送模块409,用于当所述判断模块402判断所述目标请求者不具有指纹读取权限时,向预设终端发送用于提示存在非法请求者请求读取指纹的提示信息。The second sending module 409 is configured to: when the determining module 402 determines that the target requester does not have the fingerprint reading authority, send the prompt information for prompting the presence of the illegal requester to request to read the fingerprint.
本发明实施例中,用户设备可设置预设终端,当判断模块402判断目标请求者不具有指纹读取权限时,第二发送模块409向预设终端发送用于提示存在非法请求者请求读取指纹的提示信息。可选的,第二发送模块409可通过短信或邮件等方式向预设终端发送用于提示存在非法请求者请求读取指纹的提示信息。In the embodiment of the present invention, the user equipment may set the preset terminal. When the determining module 402 determines that the target requester does not have the fingerprint reading authority, the second sending module 409 sends a prompt to the preset terminal to prompt the presence of the illegal requester to request the reading. Fingertip information. Optionally, the second sending module 409 may send the prompt information for prompting the presence of the illegal requester to request to read the fingerprint to the preset terminal by using a short message or an email.
本发明实施例中,当判断模块402判断目标请求者不具有指纹读取权限时,通过第二发送模块409向预设终端发送用于提示存在非法请求者请求读取指纹的提示信息,可及时提醒用户存在非法请求者请求读取指纹,以使用户可以及时采取应对措施,提高了用户设备存储的指纹的安全性。In the embodiment of the present invention, when the determining module 402 determines that the target requester does not have the fingerprint reading authority, the second sending module 409 sends a prompt message for prompting the existence of the illegal requester to request the fingerprint to be read by the second sending module 409. The user is reminded that an illegal requester requests to read the fingerprint, so that the user can take countermeasures in time, and the security of the fingerprint stored by the user equipment is improved.
请一并参阅图6,图6是本发明实施例公开的另一种用户设备的结构示意图。其中,图6所示的用户设备是由图4所示的用户设备进行优化得到的。与图4所示的用户设备相比较,图6所示的用户设备除包括图4所示的用户设备的所有模块和单元外,还可以包括第四接收模块410、加密模块411和存储模块412。其中:Please refer to FIG. 6. FIG. 6 is a schematic structural diagram of another user equipment according to an embodiment of the present invention. The user equipment shown in FIG. 6 is optimized by the user equipment shown in FIG. 4. Compared with the user equipment shown in FIG. 4, the user equipment shown in FIG. 6 may further include a fourth receiving module 410, an encryption module 411, and a storage module 412 in addition to all the modules and units of the user equipment shown in FIG. . among them:
第四接收模块410,用于在所述第一接收模块401接收携带有目标请求者的标识的指纹读取请求之前,接收用户输入的指纹存储指令,所述指纹存储指令携带有待存储指纹信息。The fourth receiving module 410 is configured to receive a fingerprint storage instruction input by the user before the first receiving module 401 receives the fingerprint reading request carrying the identifier of the target requester, where the fingerprint storage instruction carries the fingerprint information to be stored.
本发明实施例中,可选的,用户设备还包括第五接收模块和第四发送模块,用于在第四接收模块410接收用户输入的指纹存储指令之前,接收用户输入的登录请求。第四发送模块,用于在第五接收模块接收登录请求之后,发送登录请求至云端,以使云端生成随机码发送至指定设备。用户在用户设备输入指定设备接收的随机码以进行登录。当登录成功之后,第四接收模块410可接收用户输入的指纹存储指令。通过在进行指纹存储、指纹读取和指纹解密之前使用随机码进行登录,当登录成功时才能执行指纹存储、指纹读取和指纹解密等操作,可大大提高用户设备储存的指纹的安全性。 In the embodiment of the present invention, optionally, the user equipment further includes a fifth receiving module and a fourth sending module, configured to receive a login request input by the user before the fourth receiving module 410 receives the fingerprint storage instruction input by the user. The fourth sending module is configured to send a login request to the cloud after the fifth receiving module receives the login request, so that the cloud generates a random code and sends the random code to the designated device. The user inputs a random code received by the specified device at the user device to log in. After the login is successful, the fourth receiving module 410 may receive a fingerprint storage instruction input by the user. By using the random code to log in before performing fingerprint storage, fingerprint reading and fingerprint decryption, fingerprint storage, fingerprint reading and fingerprint decryption operations can be performed when the login is successful, which can greatly improve the security of the fingerprint stored by the user equipment.
加密模块411,用于响应所述指纹存储指令,将当前生成的随机码写入所述待存储指纹信息中,以对所述待存储指纹信息进行加密。The encryption module 411 is configured to write the currently generated random code into the to-be-stored fingerprint information to encrypt the fingerprint information to be stored in response to the fingerprint storage instruction.
本发明实施例中,第四接收模块410接收到用户输入的携带有待存储指纹信息的指纹存储指令之后,加密模块411将响应该指纹存储指令,将当前生成的随机码写入待存储指纹信息中,以对待存储指纹信息进行加密。可选的,加密模块411写入待存储指纹信息中的随机码可以为当前登录所使用的随机码。可选的,加密模块411写入待存储指纹信息中的随机码可以为加密模块411响应指纹存储指令而生成的随机码。In the embodiment of the present invention, after the fourth receiving module 410 receives the fingerprint storage instruction that is carried by the user and carries the fingerprint information to be stored, the encryption module 411 responds to the fingerprint storage instruction, and writes the currently generated random code into the fingerprint information to be stored. To encrypt the fingerprint information to be stored. Optionally, the random code written by the encryption module 411 into the fingerprint information to be stored may be a random code used for the current login. Optionally, the random code written by the encryption module 411 into the fingerprint information to be stored may be a random code generated by the encryption module 411 in response to the fingerprint storage instruction.
本发明实施例中,指纹信息在用户设备中以二进制形式储存。可选的,加密模块411可将随机码转换成二进制形式,并将二进制形式的随机码插入待存储指纹信息的二进制中的预设位置,以对待存储指纹信息进行加密,其中,该预设位置可以为待存储指纹信息的二进制中的任意位置。例如,若随机码包括4、5、6三个数字,则4的二进制为0100,5的二进制为0101,6的二进制为0110,若待存储指纹信息的二进制为1111 1111,则可将4、5和6的二进制插入待存储指纹信息的二进制之前,如0100 0101 0110 1111 1111,或将4、5和6的二进制插入待存储指纹信息的二进制中的任意位置,如1111 0100 0101 0110 1111和1111 0100 0101 1111 0110,本发明实施例不做限定。通过这种方式的加密,可提高用户设备存储的指纹的安全性。In the embodiment of the present invention, the fingerprint information is stored in a binary form in the user equipment. Optionally, the encryption module 411 can convert the random code into a binary form, and insert the random code in the binary form into a preset position in the binary of the fingerprint information to be stored, to encrypt the fingerprint information to be stored, wherein the preset position It can be any position in the binary of the fingerprint information to be stored. For example, if the random code includes 4, 5, and 6 digits, the binary of 4 is 0100, the binary of 5 is 0101, and the binary of 6 is 0110. If the binary of the fingerprint information to be stored is 1111 1111, then 4, The binary of 5 and 6 is inserted before the binary of the fingerprint information to be stored, such as 0100 0101 0110 1111 1111, or the binary of 4, 5 and 6 is inserted into any position in the binary of the fingerprint information to be stored, such as 1111 0100 0101 0110 1111 and 1111 0100 0101 1111 0110, the embodiment of the present invention is not limited. By encrypting in this way, the security of the fingerprint stored by the user equipment can be improved.
存储模块412,用于将加密后的所述待存储指纹信息储存至多个预设指纹存储区域中的一个预设指纹存储区域中。The storage module 412 is configured to store the encrypted fingerprint information to be stored into one preset fingerprint storage area of the plurality of preset fingerprint storage areas.
本发明实施例中,用户设备设置有多个指纹存储区域,加密模块411对待存储指纹信息进行加密之后,存储模块412可将待存储指纹信息储存至多个预设指纹存储区域中的任意一个预设指纹存储区域中,本发明实施例不做限定。通过设置多个预设指纹存储区域,可避免将指纹信息集中储存在一个指纹存储区域,有利于降低指纹信息被全部盗取的风险。In the embodiment of the present invention, the user equipment is provided with a plurality of fingerprint storage areas. After the encryption module 411 encrypts the fingerprint information, the storage module 412 may store the fingerprint information to be stored in any one of the preset fingerprint storage areas. The embodiment of the present invention is not limited in the fingerprint storage area. By setting a plurality of preset fingerprint storage areas, it is possible to avoid storing the fingerprint information in one fingerprint storage area, which is beneficial to reducing the risk of fingerprint information being completely stolen.
在图4~图6所描述的用户设备中,第一接收模块接收携带有目标请求者的标识的指纹读取请求之后,判断模块将响应该指纹读取请求,根据目标请求者的标识判断目标请求者是否具有指纹读取权限;当目标请求者具有指纹读取权限时,获取模块从预设指纹存储区域中获取加密的目标指纹信息,第一发送 模块将包括加密的目标指纹信息和该标识的发送请求发送至云端,以使云端响应该发送请求对加密的目标指纹信息进行解密,并将解密后的目标指纹信息发送至目标请求者。可见,通过实施本发明实施例,用户设备可对读取指纹的设备或应用程序进行鉴权,并通过云端对储存的加密指纹信息进行解密,提高了智能设备储存的指纹的安全性。In the user equipment described in FIG. 4 to FIG. 6, after the first receiving module receives the fingerprint reading request carrying the identifier of the target requester, the determining module responds to the fingerprint reading request, and determines the target according to the identifier of the target requester. Whether the requester has the fingerprint reading authority; when the target requester has the fingerprint reading permission, the obtaining module obtains the encrypted target fingerprint information from the preset fingerprint storage area, and the first sending The module sends the encrypted target fingerprint information and the sending request of the identifier to the cloud, so that the cloud decrypts the encrypted target fingerprint information in response to the sending request, and sends the decrypted target fingerprint information to the target requester. It can be seen that, by implementing the embodiment of the present invention, the user equipment can authenticate the device or application that reads the fingerprint, and decrypt the stored encrypted fingerprint information through the cloud, thereby improving the security of the fingerprint stored by the smart device.
需要说明的是,在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详细描述的部分,可以参见其他实施例的相关描述。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作和模块并不一定是本发明所必须的。It should be noted that, in the above embodiments, the descriptions of the various embodiments are different, and the parts that are not described in detail in a certain embodiment may be referred to the related descriptions of other embodiments. In addition, those skilled in the art should also understand that the embodiments described in the specification are all preferred embodiments, and the actions and modules involved are not necessarily required by the present invention.
本发明实施例方法中的步骤可以根据实际需要进行顺序调整、合并和删减。The steps in the method of the embodiment of the present invention may be sequentially adjusted, merged, and deleted according to actual needs.
本发明实施例用户设备中的模块或单元可以根据实际需要进行合并、划分和删减。The modules or units in the user equipment in the embodiment of the present invention may be combined, divided, and deleted according to actual needs.
本领域普通技术人员可以理解上述实施例的各种方法中的全部或部分步骤是可以通过程序来调用终端设备相关的硬件来完成,该程序可以存储于计算机、手机等IT设备的可读写存储介质中,存储介质可以为硬盘、emmc等。A person of ordinary skill in the art may understand that all or part of the steps of the foregoing embodiments may be completed by calling a terminal device related hardware, and the program may be stored in a readable and writable storage of an IT device such as a computer or a mobile phone. In the medium, the storage medium may be a hard disk, an emmc, or the like.
以上对本发明实施例公开的一种指纹读取方法及用户设备进行了详细介绍,本文中应用了具体个例对本发明的原理及实施方式进行了阐述,以上实施例的说明只是用于帮助理解本发明的方法及其核心思想;同时,对于本领域的一般技术人员,依据本发明的思想,在具体实施方式及应用范围上均会有改变之处,综上所述,本说明书内容不应理解为对本发明的限制。 The fingerprint reading method and the user equipment disclosed in the embodiments of the present invention are described in detail above. The principles and implementation manners of the present invention are described in the specific examples. The description of the above embodiments is only used to help understand the present invention. The method of the invention and its core idea; at the same time, for the person of ordinary skill in the art, according to the idea of the present invention, there are some changes in the specific embodiment and the scope of application. In summary, the content of the specification should not be understood. To limit the invention.

Claims (10)

  1. 一种指纹读取方法,其特征在于,所述方法包括:A fingerprint reading method, the method comprising:
    接收携带有目标请求者的标识的指纹读取请求;Receiving a fingerprint reading request carrying an identifier of the target requester;
    响应所述指纹读取请求,根据所述标识判断所述目标请求者是否具有指纹读取权限;Responding to the fingerprint reading request, determining, according to the identifier, whether the target requester has fingerprint reading authority;
    当所述目标请求者具有指纹读取权限时,从预设指纹存储区域中获取加密的目标指纹信息;Obtaining the encrypted target fingerprint information from the preset fingerprint storage area when the target requester has the fingerprint reading authority;
    将包括所述加密的目标指纹信息和所述标识的发送请求发送至云端,以使所述云端响应所述发送请求对所述加密的目标指纹信息进行解密,并将解密后的所述目标指纹信息发送至所述目标请求者。Sending the encrypted target fingerprint information and the sent request to the cloud, so that the cloud decrypts the encrypted target fingerprint information in response to the sending request, and decrypts the target fingerprint Information is sent to the target requester.
  2. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method of claim 1 further comprising:
    当所述目标请求者不具有指纹读取权限时,向预设终端发送用于提示存在非法请求者请求读取指纹的提示信息。When the target requester does not have the fingerprint reading authority, the prompt information for prompting the presence of the illegal requester to read the fingerprint is sent to the preset terminal.
  3. 根据权利要求1所述的方法,其特征在于,所述接收携带有目标请求者的标识的指纹读取请求之前,所述方法还包括:The method according to claim 1, wherein the method further comprises: before receiving the fingerprint reading request carrying the identifier of the target requester, the method further comprising:
    接收用户输入的权限设置指令,所述权限设置指令携带请求者标识;Receiving a permission setting instruction input by a user, where the permission setting instruction carries a requester identifier;
    响应所述权限设置指令,将所述请求者标识对应的请求者设置为具有指纹读取权限的授权请求者。In response to the permission setting instruction, the requester corresponding to the requester identifier is set as an authorization requester having fingerprint reading authority.
  4. 根据权利要求3所述的方法,其特征在于,所述接收用户输入的权限设置指令之后,所述方法还包括:The method according to claim 3, wherein after the receiving the permission setting instruction input by the user, the method further comprises:
    向云端发送包括所述请求者标识的查询指令,以使云端查询所述请求者标识对应的请求者是否为非法请求者;Sending, by the cloud, a query instruction including the requester identifier, so that the cloud queries whether the requester corresponding to the requester identifier is an illegal requester;
    接收云端针对所述查询指令发送的响应消息;Receiving a response message sent by the cloud for the query instruction;
    当所述响应消息用于指示所述请求者标识对应的请求者为合法请求者时,触发执行所述响应所述权限设置指令,将所述请求者标识对应的请求者设置为具有指纹读取权限的授权请求者的步骤。When the response message is used to indicate that the requester identifies that the corresponding requester is a legal requester, triggering execution of the response to the permission setting instruction, and setting the requester corresponding to the requester identifier to have fingerprint reading The steps to authorize the requester for the permission.
  5. 根据权利要求1~4任意一项所述的方法,其特征在于,所述接收携带有目标请求者的标识的指纹读取请求之前,所述方法还包括:The method according to any one of claims 1 to 4, wherein before the receiving the fingerprint reading request carrying the identifier of the target requester, the method further comprises:
    接收用户输入的指纹存储指令,所述指纹存储指令携带有待存储指纹信 息;Receiving a fingerprint storage instruction input by a user, the fingerprint storage instruction carrying a fingerprint letter to be stored interest;
    响应所述指纹存储指令,将当前生成的随机码写入所述待存储指纹信息中,以对所述待存储指纹信息进行加密;And responding to the fingerprint storage instruction, writing the currently generated random code into the to-be-stored fingerprint information, to encrypt the to-be-stored fingerprint information;
    将加密后的所述待存储指纹信息储存至多个预设指纹存储区域中的一个预设指纹存储区域中。And storing the encrypted fingerprint information to be stored in one preset fingerprint storage area of the plurality of preset fingerprint storage areas.
  6. 一种用户设备,其特征在于,所述用户设备包括:A user equipment, where the user equipment includes:
    第一接收模块,用于接收携带有目标请求者的标识的指纹读取请求;a first receiving module, configured to receive a fingerprint reading request that carries an identifier of the target requester;
    判断模块,用于响应所述指纹读取请求,根据所述标识判断所述目标请求者是否具有指纹读取权限;a determining module, configured to determine, according to the identifier, whether the target requester has a fingerprint reading permission according to the fingerprint reading request;
    获取模块,用于当所述判断模块判断所述目标请求者具有指纹读取权限时,从预设指纹存储区域中获取加密的目标指纹信息;An acquiring module, configured to: when the determining module determines that the target requester has the fingerprint reading permission, obtain the encrypted target fingerprint information from the preset fingerprint storage area;
    第一发送模块,用于将包括所述加密的目标指纹信息和所述标识的发送请求发送至云端,以使所述云端响应所述发送请求对所述加密的目标指纹信息进行解密,并将解密后的所述目标指纹信息发送至所述目标请求者。a first sending module, configured to send, to the cloud, a sending request that includes the encrypted target fingerprint information and the identifier, so that the cloud decrypts the encrypted target fingerprint information in response to the sending request, and The decrypted target fingerprint information is sent to the target requester.
  7. 根据权利要求6所述的用户设备,其特征在于,所述用户设备还包括:The user equipment according to claim 6, wherein the user equipment further comprises:
    第二发送模块,用于当所述判断模块判断所述目标请求者不具有指纹读取权限时,向预设终端发送用于提示存在非法请求者请求读取指纹的提示信息。The second sending module is configured to: when the determining module determines that the target requester does not have the fingerprint reading permission, send, to the preset terminal, prompt information for prompting that the illegal requester requests to read the fingerprint.
  8. 根据权利要求6所述的用户设备,其特征在于,所述用户设备还包括:The user equipment according to claim 6, wherein the user equipment further comprises:
    第二接收模块,用于在所述第一接收模块接收携带有目标请求者的标识的指纹读取请求之前,接收用户输入的权限设置指令,所述权限设置指令携带请求者标识;a second receiving module, configured to receive, after the first receiving module receives the fingerprint reading request carrying the identifier of the target requester, the permission setting instruction input by the user, where the permission setting instruction carries the requester identifier;
    设置模块,用于响应所述权限设置指令,将所述请求者标识对应的请求者设置为具有指纹读取权限的授权请求者。And a setting module, configured to set, according to the permission setting instruction, a requester corresponding to the requester identifier as an authorization requester having fingerprint reading authority.
  9. 根据权利要求8所述的用户设备,其特征在于,所述用户设备还包括:The user equipment according to claim 8, wherein the user equipment further comprises:
    第三发送模块,用于在所述第二接收模块接收用户输入的权限设置指令之后,向云端发送包括所述请求者标识的查询指令,以使云端查询所述请求者标识对应的请求者是否为非法请求者;a third sending module, configured to: after the second receiving module receives the permission setting instruction input by the user, send a query instruction including the requester identifier to the cloud, so that the cloud queries whether the requester corresponding to the requester identifier is Being an illegal requestor;
    第三接收模块,用于接收云端针对所述查询指令发送的响应消息;当所述响应消息用于指示所述请求者标识对应的请求者为合法请求者时,触发所述设 置模块响应所述权限设置指令,将所述请求者标识对应的请求者设置为具有指纹读取权限的授权请求者。a third receiving module, configured to receive a response message sent by the cloud for the query instruction, and trigger the setting when the response message is used to indicate that the requester corresponding to the requester identifier is a legal requester The setting module responds to the permission setting instruction, and sets the requester corresponding to the requester identifier as an authorization requester with fingerprint reading authority.
  10. 根据权利要求6~9任意一项所述的用户设备,其特征在于,所述用户设备还包括:The user equipment according to any one of claims 6 to 9, wherein the user equipment further comprises:
    第四接收模块,用于在所述第一接收模块接收携带有目标请求者的标识的指纹读取请求之前,接收用户输入的指纹存储指令,所述指纹存储指令携带有待存储指纹信息;a fourth receiving module, configured to receive, after the first receiving module receives the fingerprint reading request that carries the identifier of the target requester, a fingerprint storage instruction input by the user, where the fingerprint storage instruction carries the fingerprint information to be stored;
    加密模块,用于响应所述指纹存储指令,将当前生成的随机码写入所述待存储指纹信息中,以对所述待存储指纹信息进行加密;The cryptographic module is configured to: in response to the fingerprint storage instruction, write the currently generated random code into the to-be-stored fingerprint information, to encrypt the fingerprint information to be stored;
    存储模块,用于将加密后的所述待存储指纹信息储存至多个预设指纹存储区域中的一个预设指纹存储区域中。 And a storage module, configured to store the encrypted fingerprint information to be stored into one preset fingerprint storage area of the plurality of preset fingerprint storage areas.
PCT/CN2015/095617 2015-07-31 2015-11-26 Fingerprint reading method and user equipment WO2017020449A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510470218.8A CN105550558B (en) 2015-07-31 2015-07-31 A kind of fingerprint reading method and user equipment
CN201510470218.8 2015-07-31

Publications (1)

Publication Number Publication Date
WO2017020449A1 true WO2017020449A1 (en) 2017-02-09

Family

ID=55829745

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/095617 WO2017020449A1 (en) 2015-07-31 2015-11-26 Fingerprint reading method and user equipment

Country Status (2)

Country Link
CN (1) CN105550558B (en)
WO (1) WO2017020449A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106549973A (en) * 2016-11-21 2017-03-29 飞天诚信科技股份有限公司 A kind of client and its method of work based on living things feature recognition
US10997446B2 (en) * 2018-02-16 2021-05-04 Fingerprint Cards Ab Enrollment scheme for an electronic device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102088491A (en) * 2011-02-01 2011-06-08 西安建筑科技大学 Distributed storage oriented cloud storage security architecture and data access method thereof
CN101122942B (en) * 2007-09-21 2012-02-22 飞天诚信科技股份有限公司 Data safe reading method and its safe storage device
CN102768716A (en) * 2011-05-04 2012-11-07 杨建纲 Memory card and reading, data encryption, key generation and password changing method thereof
CN103425785A (en) * 2013-08-22 2013-12-04 新浪网技术(中国)有限公司 Data storage system and user data storage and reading method thereof

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7690031B2 (en) * 2000-01-06 2010-03-30 Super Talent Electronics, Inc. Managing bad blocks in flash memory for electronic data flash card
CN104318201A (en) * 2014-09-05 2015-01-28 大唐微电子技术有限公司 Fingerprint processing method, chip and terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101122942B (en) * 2007-09-21 2012-02-22 飞天诚信科技股份有限公司 Data safe reading method and its safe storage device
CN102088491A (en) * 2011-02-01 2011-06-08 西安建筑科技大学 Distributed storage oriented cloud storage security architecture and data access method thereof
CN102768716A (en) * 2011-05-04 2012-11-07 杨建纲 Memory card and reading, data encryption, key generation and password changing method thereof
CN103425785A (en) * 2013-08-22 2013-12-04 新浪网技术(中国)有限公司 Data storage system and user data storage and reading method thereof

Also Published As

Publication number Publication date
CN105550558B (en) 2019-01-11
CN105550558A (en) 2016-05-04

Similar Documents

Publication Publication Date Title
US9875368B1 (en) Remote authorization of usage of protected data in trusted execution environments
EP2877955B1 (en) Providing access to encrypted data
CN112513857A (en) Personalized cryptographic security access control in a trusted execution environment
US20060232826A1 (en) Method, device, and system of selectively accessing data
WO2017041603A1 (en) Data encryption method and apparatus, mobile terminal, and computer storage medium
KR20160097323A (en) Near field communication authentication mechanism
US9313185B1 (en) Systems and methods for authenticating devices
US9529733B1 (en) Systems and methods for securely accessing encrypted data stores
US8667281B1 (en) Systems and methods for transferring authentication credentials
WO2020186457A1 (en) Authentication method and apparatus for ip camera
US20150242609A1 (en) Universal Authenticator Across Web and Mobile
US20180053018A1 (en) Methods and systems for facilitating secured access to storage devices
US20150143107A1 (en) Data security tools for shared data
US20120096280A1 (en) Secured storage device with two-stage symmetric-key algorithm
TW201530344A (en) Application program access protection method and application program access protection device
TW201839645A (en) Storage device and method for controlling access privilege of a storage device to determine whether the authentication data matches the authentication code or not after receiving the authentication data from the electronic device via the second communication network
US20170201528A1 (en) Method for providing trusted service based on secure area and apparatus using the same
WO2015117523A1 (en) Access control method and device
CN113704826A (en) Privacy protection-based business risk detection method, device and equipment
US9894062B2 (en) Object management for external off-host authentication processing systems
CN107026730B (en) Data processing method, device and system
CN106992978B (en) Network security management method and server
US20150156195A1 (en) Method for protecting data on a mass storage device and a device for the same
US10462113B1 (en) Systems and methods for securing push authentications
WO2017020449A1 (en) Fingerprint reading method and user equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15900219

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15900219

Country of ref document: EP

Kind code of ref document: A1