WO2018019298A1 - Fingerprint generation method utilized in terminal, and device - Google Patents

Fingerprint generation method utilized in terminal, and device Download PDF

Info

Publication number
WO2018019298A1
WO2018019298A1 PCT/CN2017/094981 CN2017094981W WO2018019298A1 WO 2018019298 A1 WO2018019298 A1 WO 2018019298A1 CN 2017094981 W CN2017094981 W CN 2017094981W WO 2018019298 A1 WO2018019298 A1 WO 2018019298A1
Authority
WO
WIPO (PCT)
Prior art keywords
fingerprint
terminal
image
generating
identification information
Prior art date
Application number
PCT/CN2017/094981
Other languages
French (fr)
Chinese (zh)
Inventor
李伟华
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2018019298A1 publication Critical patent/WO2018019298A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication

Definitions

  • the present disclosure relates to, but is not limited to, the field of communications, and in particular, to a terminal fingerprint generating method and apparatus.
  • the terminal identifier is like a person's resident ID number, which can uniquely identify a terminal.
  • a mobile terminal there is a corresponding terminal identifier.
  • the mobile phone has an IMEI (International Mobile Equipment Identity) code or a MAC (Media Access Control) address (physical address or hardware address).
  • IMEI International Mobile Equipment Identity
  • MAC Media Access Control
  • the terminal identifiers are also easily counterfeited, posing a security risk to some mobile applications, such as mobile payments. Therefore, it is necessary to identify the terminal using an identifier that is not easy to counterfeit and is easily distinguishable.
  • the fingerprint of the individual is unique and not easy to counterfeit. Fingerprint recognition has been widely used, such as company attendance and public security tracking suspects.
  • a terminal can also have a terminal fingerprint.
  • the terminal fingerprint can be generated according to the hardware information of the terminal.
  • the IMEI code or the MAC address is a relatively simple terminal fingerprint generated according to the terminal hardware.
  • UDID Unique Device Identifier
  • Apple provides a UDID (Unique Device Identifier) code as the terminal identifier for each mobile terminal device sold, such as an iPhone, and only one mobile terminal.
  • the only UDID code, and almost no counterfeiting, therefore, UDID is very popular with mobile advertisers and game network operators, because they can determine the user's preferences based on the UDID code of Apple's mobile terminal device, and accurately count certain The download amount of a product.
  • the generation of UDID involves tracking users and invading the privacy of users. Therefore, the UDID has been disabled.
  • Apple also designed an alternative to the UDID code - OpenUDID code (open UDID code), which is the first one in the mobile phone with the OpenUDID SDK (Software Development Kit).
  • Open UDID code Open UDID code
  • the mobile phone application of the package is generated. If the mobile application with the OpenUDID SDK package (such as the recovery system) is completely deleted, the OpenUDID code of the mobile phone will be regenerated, and the generated OpenUDID code is different from the previous value because, After completely deleting the data related to the mobile phone application with the OpenUDID SDK package in the mobile phone, this mobile phone is equivalent to the new terminal.
  • this method of generating a terminal fingerprint completely based on the software information in the terminal is also infeasible because the application in the mobile terminal device may be removed at any time, and once the application is removed, again The generated terminal fingerprint will be different from the previous one, so that the terminal fingerprint cannot function to uniquely identify the mobile terminal device, that is, it cannot function as the device fingerprint.
  • the method and device for generating and maintaining a terminal fingerprint are used to ensure that the generated terminal fingerprint can uniquely identify a terminal and can effectively prevent the risk of being counterfeited.
  • An embodiment of the present disclosure provides a terminal fingerprint generating method, including:
  • a terminal fingerprint is generated according to pixels of the fingerprint image.
  • Embodiments of the present disclosure also provide a computer readable storage medium storing computer executable instructions that, when executed, implement the terminal fingerprint generation method.
  • the embodiment of the present disclosure further provides a terminal fingerprint generating apparatus, including:
  • the information obtaining module is configured to: obtain hardware identification information of the terminal, where the hardware identification information is used to uniquely identify the terminal;
  • An image generating module configured to: generate a fingerprint image based on an image display characteristic of the terminal and the hardware identification information;
  • the fingerprint generating module is configured to: generate a terminal fingerprint according to the pixels of the fingerprint image.
  • the embodiment of the present disclosure further provides a computer storage medium having stored therein computer executable instructions for performing the terminal fingerprint generation method of any of the foregoing.
  • the terminal fingerprint generating method and apparatus and the computer storage medium provided by the embodiments of the present disclosure, by acquiring hardware identification information capable of uniquely identifying the terminal, a fingerprint image is generated based on the image display characteristic of the terminal and the hardware identification information of the terminal, according to the pixel of the fingerprint image.
  • the terminal fingerprint is generated; since the hardware identification information itself has the function of uniquely identifying the terminal, the fingerprint image generated based on the hardware identification information is less likely to be duplicated; meanwhile, when the fingerprint image is generated, the image is displayed due to different terminals.
  • the generated fingerprint image has a great difference in pixels
  • the terminal fingerprint generated based on the pixel of the fingerprint image is also unique, and since the generation of the terminal fingerprint at least utilizes the unique identification function in the terminal hardware.
  • the information and the software have unique identification information. It is difficult for other terminals to imitate the generated fake terminal fingerprints. While ensuring the unique fingerprint of the terminal fingerprint, the security of the terminal fingerprint is improved.
  • FIG. 1 is a flowchart of a method for generating a terminal fingerprint according to an embodiment of the present disclosure
  • FIG. 2 is a flow chart of generating a fingerprint of a terminal according to a fingerprint image
  • FIG. 3 is a flowchart of another method for generating a terminal fingerprint according to an embodiment of the present disclosure
  • FIG. 5 is a schematic structural diagram of a terminal fingerprint generating apparatus according to an embodiment of the present disclosure.
  • FIG. 6 is a schematic structural diagram of another terminal fingerprint generating apparatus according to an embodiment of the present disclosure.
  • the embodiment of the present disclosure provides a method for generating a fingerprint of a terminal, as shown in FIG. 1:
  • the hardware terminal identifier in this embodiment may be used to uniquely identify the terminal, and the hardware terminal identifier may be at least one of an IMEI code or a MAC address, that is, in this embodiment, the acquired hardware terminal identifier may be a separate one.
  • the IMEI code is either a single MAC address or a combination of an IMEI code and a MAC address.
  • the Chinese definition of the IMEI code is the mobile terminal international identity code, which is also called the "serial number", which is a mark distinguishing the mobile terminal and stored in the EEPROM (Electrically Erasable Read Only Memory, commonly known as "chip") of the mobile terminal. Can be used to monitor stolen or invalid mobile terminals.
  • the total length of the IMEI code is 15 digits: the first 6 digits are the TAC (Type Approval Code) code, which is generally representative of the model; the 2 digits of the TAC code is the FAC (Final Assembly Code).
  • the origin of the mobile terminal device is the serial number, which generally represents the production sequence number of the terminal; the last 1 digit is the SP code (ie, the spare code), which is used as a backup as the name suggests, and its number is Manufacturers do the setup.
  • the MAC address which can be translated into media access control, or physical address, hardware address, etc., is used to define the location of the network terminal.
  • OSI Open System Interconnection
  • the Layer 2 data link layer is responsible for the MAC address. Therefore, a host will have a MAC address, and the MAC address is determined by the network card and is fixed.
  • S104 Generate a fingerprint image based on image display characteristics and hardware identification information of the terminal.
  • the hardware includes a GPU (Graphic Processing Unit), and the GPU is a concept relative to the CPU (Central Processing Unit).
  • CPU Central Processing Unit
  • the GPU is the "heart" of the graphics card, which is equivalent to the role of the CPU in the computer. It determines the grade and most of the performance of the graphics card, and is also the basis for the difference between 2D (two-dimensional) graphics cards and 3D (three-dimensional) graphics cards.
  • the tools used in software can be a graphics library, which is a library for rendering computer graphics on a display. It typically provides a set of optimized functions to perform common rendering tasks.
  • OpenGL Open Graphics Library
  • OpenGL Open Graphics Library
  • PDAs Personal Digital Assistants
  • game consoles and is a subset of OpenGL.
  • the mobile terminal device may be controlled to input the acquired hardware identification information as an input of a graphic program interface provided by the OpenGL ES to generate a corresponding fingerprint image.
  • the display effect of the fingerprint image may be determined by the image display characteristic of the terminal device, wherein the resolution of the terminal, the anti-aliasing characteristic of the terminal web browser, the image rendering characteristic, and the like all determine the display effect of the fingerprint image on the terminal device.
  • the generated fingerprint image is an RGB (three primary color) image, but those skilled in the art can understand that the fingerprint image can also be a binary image or a grayscale image.
  • the format of the generated fingerprint image may be BMP (extension of bitmap file), JPEG (Joint Photographic Experts Group, is an international image compression standard), TIFF (Tag Image File Format) ), RAW (unprocessed, uncompressed format), PNG (Portable Network Graphics), and the like.
  • the principle of generating a terminal fingerprint according to the fingerprint image is that the fingerprint images generated by different terminals according to the hardware identifier of the terminal and the image display characteristic of the terminal are different in pixels, and therefore, the pixels are converted into corresponding ones.
  • the terminal fingerprint formed after the character or string should also be unique.
  • the embodiment can avoid that the terminal fingerprint is easily counterfeited or the unique identification function of the terminal fingerprint is insufficient according to the hardware information of the terminal or the terminal fingerprint generated by the software information of the terminal.
  • the position of the pixel in the fingerprint image is recorded together, similar to such a pixel expression - " ⁇ X offset , Y offset, RGB ⁇ " to record the pixel and the corresponding pixel value.
  • the X offset and the Y offset respectively express the distance of the pixel from the origin of the image, and the origin of the image may be preset by the user or determined according to the default value of the terminal system.
  • RGB red
  • Green green
  • Blue blue
  • the obtained pixel expressions are ⁇ X1, Y1, RGB1 ⁇ , ⁇ X2, Y2, RGB2 ⁇ , ⁇ X3, respectively.
  • Y3, RGB3 ⁇ and ⁇ X4, Y4, RGB4 ⁇ it can be noted that the progressive extraction described in this embodiment may be extracted from left to right and top to bottom, or may be extracted in other orders. For example, extraction is performed sequentially from bottom to top and from left to left.
  • the pixel expression arrangement is spliced to form image pixel data.
  • the obtained image pixel data is “X1 Y1 RGB1 X2 Y2 RGB2 X3 Y3 RGB3 X4 Y4 RGB4".
  • the reason why the hash algorithm is used for the conversion is roughly because the hash algorithm cannot inversely derive the data originally involved in the hash operation based on the operation result after the operation result of the operation on a set of data. Based on this feature of the hash algorithm, it is possible to prevent the criminals from deriving the details of the generated terminal fingerprint according to the obtained terminal fingerprint, and then forging the user's terminal fingerprint, thereby causing security risks to the user's property and the like.
  • the fingerprint of the terminal can be saved locally in the terminal.
  • the terminal can interact with the server through its own terminal fingerprint to allow the server to confirm the identity of the terminal. Therefore, the terminal fingerprint of the latest version of the terminal can also be stored on the server side. Therefore, after the terminal fingerprint is generated, the terminal fingerprint can be synchronized to the server side, and the server side can store the terminal fingerprint.
  • the terminal fingerprint can be directly extracted from the server and the terminal provides the terminal fingerprint. The terminal fingerprint performs matching verification to determine the identity information of the terminal.
  • the terminal fingerprint generating method uses the unique hardware identification information and the terminal image display characteristic in the terminal hardware information to generate a fingerprint image. Since the fingerprint image is unique at the pixel level, according to the fingerprint image, The terminal fingerprint generated by the pixel is also unique. While ensuring the uniqueness of the terminal fingerprint, because different terminals have different image display characteristics, the security of the terminal fingerprint can be ensured, and the fingerprint of the terminal can be effectively prevented from being forged or counterfeited.
  • the fingerprint of the terminal is generated according to the fingerprint image. At that time, the hash algorithm is used, and the hash algorithm can prevent the criminals from deriving the details of the generated terminal fingerprint according to the obtained terminal fingerprint, and can ensure the security of the terminal fingerprint.
  • the embodiment of the present disclosure further provides another terminal fingerprint generating method, which is basically the same as the terminal fingerprint generating method in the first example, but is adjusted in some details, and the terminal fingerprint generating method is performed in the following.
  • another terminal fingerprint generating method which is basically the same as the terminal fingerprint generating method in the first example, but is adjusted in some details, and the terminal fingerprint generating method is performed in the following.
  • Figure 3 For instructions, please refer to Figure 3:
  • the fingerprint generation parameter is input by the user, and this parameter may be data randomly input by the user.
  • some limited conditions may be set for the fingerprint generation parameter, and then the input of the user is checked according to the qualification condition.
  • the length of the fingerprint generation parameter may be mandatory to be greater than the preset.
  • the value, or the data required by the user contains both numbers and letters.
  • the fingerprint generation parameters input by the user may not be simple data, such as "lazy password" of "123456".
  • the user may be alerted, for example, outputting text or image information indicating the input error through the display screen of the terminal, or outputting the corresponding audio output interface according to the terminal.
  • a prompt tone so that the user can re-enter the input according to the alarm information until the input fingerprint generation parameter meets the requirements.
  • the hardware identification information obtained in this embodiment is at least one of information that can uniquely identify the terminal, such as an IMEI code and a MAC address.
  • information that can uniquely identify the terminal such as an IMEI code and a MAC address.
  • the description of the IMEI code and MAC address is not described here. Please refer to the previous introduction.
  • the process of generating the check code may refer to the process of generating image pixel data in the first example, and sorting the hardware identification information and the fingerprint generation parameter according to a certain order, and then splicing the two sets of data to form a corresponding check code.
  • the manner of generating the check code in the embodiment further includes multiple types, for example, the hardware identification information and the fingerprint generation parameter are calculated according to an algorithm, and the value is used as a check. code.
  • the process of generating image generation parameters is similar to the process of generating a check code.
  • the method of splicing the data after arranging may be used, or other algorithms may be used, but when generating image generation parameters, the input parameters are three. Not two.
  • the fingerprint image is not directly generated according to the fingerprint generation parameter and the hardware identification information input by the user, but the verification code is first calculated according to the fingerprint generation parameter and the hardware identification information, and then the image is generated based on the calculation result.
  • the parameter that is, the image generation parameter is determined according to the fingerprint generation parameter, the hardware identification information, and the calculated verification code, and the generation of the fingerprint image is performed according to the image generation parameter, and such an approach generally hopes to strengthen the fingerprint through multiple calculations in the middle. Image security.
  • This process can directly call the Canvas function in HTML5, which is the core language of the World Wide Web, an application hypertext markup language under the standard universal markup language, including many SVG (Scalable Vector Graphics), Canvas, The 3D functions of WebGL (Web Graphics Library) and CSS (Cascading Style Sheet) 3 can be realized by directly calling the related functions when using Canvas.
  • SVG Scalable Vector Graphics
  • Canvas The 3D functions of WebGL (Web Graphics Library) and CSS (Cascading Style Sheet) 3 can be realized by directly calling the related functions when using Canvas.
  • the fingerprint generation image is generated based on the hardware identification information, the fingerprint generation parameter, and the check code generation image generation parameter as an input of the canvas fingerprint generation function, and then the fingerprint image is displayed based on the image display characteristic of the terminal. Since different image display characteristics will determine different image display effects, that is, even if the same image is displayed on a terminal with different image display characteristics, different displays will be presented at the pixel level. effect.
  • S310 Monitor the terminal, and when determining that the terminal meets the preset condition, re-generate the terminal fingerprint for the terminal.
  • the present embodiment provides an update mechanism for the terminal fingerprint—monitoring the terminal, and when determining that the terminal meets the preset condition, Generate a terminal fingerprint for the terminal.
  • the software related to the image display characteristics of the terminal includes a web browser in the terminal, etc.
  • the hardware related to the image display characteristics includes a terminal display screen and the like.
  • the terminal fingerprint can also be regenerated.
  • the terminal fingerprint after the terminal fingerprint is regenerated, it can be synchronized to the server side.
  • Another terminal fingerprint generating method provided by an embodiment of the present disclosure is based on the first example,
  • the fingerprint generation parameters input by the user are combined. Since the fingerprint generation parameters input by the user are random, the uniqueness and security of the terminal fingerprint can be ensured.
  • the terminal fingerprint generation method provided by the present example also monitors the update of the software and hardware information related to the terminal fingerprint generation in the terminal and the user's requirement for updating the terminal fingerprint in real time, and re-executes the generation work when the terminal fingerprint needs to be regenerated. , can effectively ensure the security of the terminal fingerprint.
  • This embodiment also provides a terminal fingerprint generating device. Please refer to FIG. 5:
  • the terminal fingerprint generating device 50 includes an information acquiring module 502, an image generating module 504, and a fingerprint generating module 506.
  • the information obtaining module 502 is configured to: acquire hardware identification information of the terminal.
  • the hardware terminal identifier obtained by the information acquiring module 502 in this embodiment may be used to uniquely identify the terminal, and the hardware terminal identifier may be at least one of an IMEI code or a MAC address, that is, the hardware terminal acquired in this embodiment.
  • the identifier may be a single IMEI code or one of a separate MAC address, or a combination of an IMEI code and a MAC address.
  • the Chinese definition of the IMEI code is the mobile terminal international identity code, which is also called the “serial number”. It is a symbol for distinguishing the mobile terminal and stored in the EEPROM (commonly known as “chip”) of the mobile terminal, which can be used to monitor the theft or invalid. Mobile terminal.
  • the total length of the IMEI code is 15 digits: the first 6 digits are the TAC (Type Approval Code) code, which is generally representative of the model; the 2 digits of the TAC code is the FAC (Final Assembly Code).
  • the origin of the mobile terminal device is the serial number, which generally represents the production sequence number of the terminal; the last 1 digit is the SP code (ie, the spare code), which is used as a backup as the name suggests, and its number is Manufacturers do the setup.
  • the MAC address which can be translated into media access control, or physical address, hardware address, etc., is used to define the location of the network terminal.
  • OSI Open System Interconnection
  • the Layer 2 data link layer is responsible for the MAC address. Therefore, a host will have a MAC address, and the MAC address is determined by the network card and is fixed.
  • the image generation module 504 is configured to generate a fingerprint image based on the image display characteristics of the terminal and the hardware identification information.
  • the canvas fingerprint generation function in HTML5, that is, the Canvas element can be used for the drawing operation. Due to the different pixel resolutions of different terminals, at the same time, different browsers use different graphics processing engines and different browsers in different terminals. Image export options, different default compression levels, etc.; at the pixel level, different operating systems use different settings and algorithms for anti-aliasing and sub-pixel rendering operations, so even on different operating systems
  • the drawing operation when the fingerprint image generated by the image generating module 504 is displayed on the terminal, the pixels presented are different.
  • the difference in pixel resolution of the terminal various setting options regarding image processing in the terminal browser, and algorithms used by different terminal operating systems for anti-aliasing and sub-pixel rendering ultimately leads to generation.
  • the fingerprint images are different, so these parameters can be summarized into the image display characteristics of the terminal.
  • the corresponding software and hardware in the terminal may be invoked, and the hardware includes the GPU.
  • the GPU is a concept relative to the CPU, and the graphics are processed in a modern computer (especially a home system). It is becoming more and more important to have a dedicated graphics core processor.
  • the GPU is the "heart" of the graphics card, which is equivalent to the role of the CPU in the computer. It determines the grade and most of the performance of the graphics card, and is also the basis for the difference between the 2D graphics card and the 3D graphics card.
  • the tool used by the image generation module 504 in software can be a graphics library, which is a library for rendering computer graphics on a display, which typically provides a set of optimized functions to perform common rendering tasks.
  • a common graphics library such as OpenGL
  • OpenGL is a powerful, easy-to-call underlying graphics library that provides a professional graphical program interface. It is a hardware-independent software interface and is the most widely used in the industry.
  • OpenGL provides OpenGL ES for embedded terminals such as mobile terminals, PDAs and game consoles, and is a subset of OpenGL.
  • the image generation module 504 may input the acquired hardware identification information as an input to a graphics program interface provided by the OpenGL ES to generate a corresponding fingerprint image.
  • the display effect of the fingerprint image will be determined by the image display characteristics of the terminal device, wherein the resolution of the terminal, the anti-aliasing property of the terminal web browser, the image rendering characteristics, and the like all determine the display effect of the fingerprint image on the terminal device.
  • the fingerprint image generated by the image generation module 504 is an RGB image, but those skilled in the art can understand that the fingerprint image can also be a binary image or a grayscale image.
  • the format of the fingerprint image generated by the image generation module 504 may be any one of BMP, JPEG, TIFF, RAW, PNG, and the like.
  • the fingerprint generation module 506 is configured to generate a terminal fingerprint according to pixels of the fingerprint image.
  • the principle of generating a terminal fingerprint according to the fingerprint image is based on the hardware identifier and the terminal of the terminal.
  • the image display characteristics of the fingerprint images generated by different terminals are different in pixels. Therefore, the terminal fingerprint formed by converting these pixels into corresponding characters or character strings should also be unique.
  • the fingerprint generating module 506 is configured to: extract pixel values of a plurality of pixels in the fingerprint image, and align each pixel of the plurality of pixels and pixel values of the pixel to form image pixel data, and perform hash conversion on the image pixel data. Terminal fingerprint.
  • the fingerprint generation module 506 records the position of the pixel in the fingerprint image together when extracting the pixel value of each pixel of the plurality of pixels, similar to such a pixel expression - " ⁇ X offset, Y offset , RGB ⁇ " to record the pixel point and the pixel value corresponding to the pixel.
  • the X offset and the Y offset respectively express the distance of the pixel from the origin of the image, and the origin of the image may be preset by the user or determined according to the default value of the terminal system.
  • the fingerprint generation module 506 can convert values representing three colors of red, green, and blue into one value, thereby facilitating participation in subsequent calculations.
  • a conversion mode is provided.
  • the fingerprint generation module 506 extracts the four pixel points row by row, and the obtained pixel expressions are ⁇ X1, Y1, RGB1 ⁇ , ⁇ X2, Y2, RGB2 ⁇ . , ⁇ X3, Y3, RGB3 ⁇ and ⁇ X4, Y4, RGB4 ⁇ , it can be noted that the progressive extraction described in this embodiment may be extracted from left to right and from top to bottom, or may be Other sequences are extracted, for example, from bottom to top and from left to left.
  • the fingerprint generation module 506 After obtaining the pixel expression of each of the plurality of pixel points, the fingerprint generation module 506 splicing the pixel expression arrangement to form image pixel data.
  • the obtained image pixel data is “X1 Y1 RGB1 X2 Y2 RGB2 X3 Y3 RGB3 X4 Y4 RGB4”.
  • the reason why the hash algorithm is used for the conversion is roughly because the hash algorithm cannot inversely derive the data originally involved in the hash operation based on the operation result after the operation result of the operation on a set of data. Based on this feature of the hash algorithm, it is possible to prevent the criminals from deriving the details of the generated terminal fingerprint according to the obtained terminal fingerprint, and then forging the user's terminal fingerprint, thereby causing security risks to the user's property and the like.
  • the fingerprint generating module 506 can save the fingerprint of the terminal locally in the terminal.
  • the terminal can interact with the server through its own terminal fingerprint to allow the server to confirm the identity of the terminal. Therefore, the terminal fingerprint of the latest version of the terminal can also be stored on the server side. Therefore, after the terminal fingerprint is generated, the fingerprint generating module 506 can also synchronize the fingerprint of the terminal to the server side, and let the server side store the fingerprint of the terminal.
  • the server needs to identify the identity of the terminal, the terminal can be directly extracted from the server. The fingerprint is matched and verified with the terminal fingerprint provided by the terminal, thereby determining the identity information of the terminal.
  • the terminal fingerprint generating apparatus 50 provided by the embodiment generates the fingerprint image by using the unique hardware identification information and the terminal image display characteristic in the terminal hardware information. Since the fingerprint image is unique at the pixel level, the fingerprint image is based on the fingerprint image. The terminal fingerprint generated by the pixel is also unique. While ensuring the uniqueness of the terminal fingerprint, because different terminals have different image display characteristics, the security of the terminal fingerprint can be ensured, and the fingerprint of the terminal can be effectively prevented from being forged or counterfeited. In addition, in some examples of the embodiment, when the fingerprint of the terminal is generated according to the fingerprint image, the hash algorithm is used, and the hash algorithm can prevent the illegal molecule from deriving the generated fingerprint of the terminal according to the obtained terminal fingerprint, and can Ensure the security of the terminal fingerprint.
  • the embodiment further provides another terminal fingerprint generating device, which also includes an information acquiring module, an image generating module and a fingerprint generating module.
  • the information acquisition module in the device is further configured to: acquire the fingerprint generation parameter input by the user.
  • the image generation module generates the fingerprint image
  • the image acquisition module may be combined with the information acquisition module. The obtained fingerprint input parameters of the user input are performed.
  • the fingerprint generation parameter is input by the user, and this parameter may be data randomly input by the user.
  • some limited conditions may be set for the fingerprint generation parameter, and then the input of the user is checked according to the qualification condition.
  • the length of the fingerprint generation parameter may be mandatory to be greater than the preset.
  • the value, or the data required by the user must contain both numbers and letters.
  • the fingerprint generation parameters input by the user may not be simple data, such as "lazy password" of "123456".
  • the user may be alerted, for example, outputting text or image information indicating the input error through the display screen of the terminal, or outputting the corresponding audio output interface according to the terminal.
  • a prompt tone so that the user can re-enter the input according to the alarm information until the input fingerprint generation parameter meets the requirements.
  • the fingerprint image is not directly generated according to the fingerprint generation parameter and the hardware identification information input by the user, but the verification code is first calculated according to the fingerprint generation parameter and the hardware identification information, and then the image is obtained based on the calculation result.
  • the parameter is generated, that is, the image generation parameter is determined according to the fingerprint generation parameter, the hardware identification information, and the calculated verification code, and the fingerprint image is generated according to the image generation parameter, which is generally expected to be strengthened by multiple calculations in the middle. The security of the fingerprint image.
  • the fingerprint of the terminal is different, because the terminal fingerprint is generated according to the hardware information and software information of the terminal, and the hardware will gradually age over time, and the software will be gradually updated and upgraded, so the terminal fingerprint will be in a period of time. It is relatively stable, but from a long time, the fingerprint of the terminal will change. Therefore, there may be a corresponding terminal fingerprint update mechanism to complete the replacement of the fingerprint of the new and old terminals.
  • the present embodiment provides an update mechanism for the terminal fingerprint—monitoring the terminal, and when determining that the terminal meets the preset condition, Generate a terminal fingerprint for the terminal. Therefore, as shown in FIG. 6, in another terminal fingerprint generating apparatus proposed in an example of the embodiment, the terminal fingerprint generating apparatus 50 may include an information acquiring module 502, an image generating module 504, and a fingerprint generating module 506, and may also A monitoring update module 508 is included.
  • the monitoring update module 508 monitors that there are two situations in which it is necessary to regenerate the fingerprint of the terminal:
  • the monitoring update module 508 monitors software related to the image display characteristics of the terminal, or hardware related to image display characteristics, software related to image display characteristics, and hardware update related to image display characteristics.
  • the software related to the image display characteristics includes a web browser in the terminal, etc.
  • the hardware related to the image display characteristics includes a terminal display screen and the like.
  • the display screen of the terminal is replaced, the resolution rate of the display changes, or the version of the web browser used by the terminal changes. For example, if the browser is upgraded, a new terminal fingerprint can be re-created for the terminal. To replace the old version of the terminal fingerprint.
  • the monitoring update module 508 monitors that the user inputs a terminal fingerprint update request to the terminal.
  • the terminal fingerprint can also be regenerated.
  • the terminal fingerprint after the terminal fingerprint is regenerated, it can be synchronized to the server side.
  • the terminal fingerprint generating apparatus 50 provided in this example and the third embodiment may be deployed on the terminal.
  • the terminal here may be a mobile phone, a tablet computer, a PDA, or the like.
  • the function of the information acquisition module can be implemented by the controller; when the fingerprint generation parameter input by the user needs to be acquired, the input unit of the terminal and the controller can jointly implement the function of the information acquisition module.
  • the work of generating the fingerprint image and generating the fingerprint of the terminal can also be implemented by the controller, and the controller can also be configured to: implement the function of monitoring the update module.
  • the terminal fingerprint generating device 50 can synchronize the generated terminal fingerprint to the server side, where the terminal, such as the communication unit of the mobile phone, can communicate with the server, and the terminal fingerprint is transmitted to the server.
  • the other terminal fingerprint generating device based on the third example, combines the fingerprint generating parameters input by the user when generating the terminal fingerprint, and the fingerprint generating parameter input by the user has randomness, so that the fingerprint of the terminal can be guaranteed. Uniqueness and security.
  • the other terminal fingerprint generating device also monitors the update of the software and hardware information related to the terminal fingerprint generation in the terminal and the user's demand for updating the terminal fingerprint in real time, and re-executes the generating work when the terminal fingerprint needs to be regenerated. , can effectively ensure the security of the terminal fingerprint.
  • Embodiments of the present disclosure also provide a computer readable storage medium storing a computer executable The instruction, when the computer executable instructions are executed, implement the terminal fingerprint generation method.
  • modules or steps of the embodiments of the present disclosure may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices. Alternatively, they may be implemented by program code executable by a computing device such that they may be stored by a computing device in a computer storage medium (ROM/RAM, diskette, optical disk) and, in some cases, The steps shown or described may be performed in a different order than that herein, or they may be separately fabricated into different integrated circuit modules, or a plurality of the modules or steps may be implemented as a single integrated circuit module. Therefore, the present disclosure is not limited to any specific combination of hardware and software.
  • computer storage medium includes volatile and nonvolatile, implemented in any method or technology for storing information, such as computer readable instructions, data structures, program modules or other data. Sex, removable and non-removable media.
  • Computer storage media include, but are not limited to, Random Access Memory (RAM), Read-Only Memory (ROM), and Electrically Erasable Programmable Read-only Memory (EEPROM). Flash memory or other memory technology, compact disc read-only memory (CD-ROM), digital versatile disc (DVD) or other optical disc storage, magnetic cassette, magnetic tape, disk storage or other magnetic storage device, or Any other medium used to store the desired information and that can be accessed by the computer.
  • communication media typically includes computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and can include any information delivery media. .
  • the terminal fingerprint generating method and apparatus and the computer storage medium provided by the embodiments of the present disclosure, by acquiring hardware identification information capable of uniquely identifying the terminal, a fingerprint image is generated based on the image display characteristic of the terminal and the hardware identification information of the terminal, according to the pixel of the fingerprint image.
  • the terminal fingerprint is generated; since the hardware identification information itself has the function of uniquely identifying the terminal, the fingerprint image generated based on the hardware identification information is less likely to be duplicated; meanwhile, when the fingerprint image is generated, the image is displayed due to different terminals.
  • the generated fingerprint image has a great difference in pixels
  • the terminal fingerprint generated based on the pixel of the fingerprint image is also unique, and since the generation of the terminal fingerprint at least utilizes the unique identification function in the terminal hardware.
  • the information and the software have unique identification information. It is difficult for other terminals to imitate the generated fake terminal fingerprints. While ensuring the unique fingerprint of the terminal fingerprint, the security of the terminal fingerprint is improved.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Collating Specific Patterns (AREA)

Abstract

A fingerprint generation method utilized in a terminal comprises: acquiring hardware identifier information of a terminal used to uniquely identify the terminal; generating a fingerprint image on the basis of an image display characteristic and the hardware identifier information of the terminal; and generating, according to pixels of the fingerprint image, a terminal fingerprint.

Description

一种终端指纹生成方法及装置Terminal fingerprint generating method and device 技术领域Technical field
本公开涉及但不限于通讯领域,尤其是一种终端指纹生成方法及装置。The present disclosure relates to, but is not limited to, the field of communications, and in particular, to a terminal fingerprint generating method and apparatus.
背景技术Background technique
终端标识如同人的居民身份证号码,可以唯一标识一个终端。对于一个移动终端有对应的一个终端标识,比如手机有IMEI(International Mobile Equipment Identity,国际移动终端标识)码或MAC(Media Access Control,媒体访问控制)地址(物理地址或者硬件地址)。但在移动通信领域,就像人的身份证可能被不法分子伪造一样,这些终端标识也很容易被假冒,从而对一些移动应用,如移动支付等造成安全隐患。因此需要使用不易假冒且易于区分的标识对终端进行身份识别。对于人,可以使用人的生物属性,如指纹、虹膜等来唯一识别一个人,个人的指纹具有唯一性,且不易假冒,指纹识别已有广泛的应用,比如公司考勤、公安追查疑犯等。同人一样,终端也可以有终端指纹。The terminal identifier is like a person's resident ID number, which can uniquely identify a terminal. For a mobile terminal, there is a corresponding terminal identifier. For example, the mobile phone has an IMEI (International Mobile Equipment Identity) code or a MAC (Media Access Control) address (physical address or hardware address). However, in the field of mobile communications, just as a person's identity card may be forged by criminals, these terminal identifiers are also easily counterfeited, posing a security risk to some mobile applications, such as mobile payments. Therefore, it is necessary to identify the terminal using an identifier that is not easy to counterfeit and is easily distinguishable. For people, you can use human biological attributes, such as fingerprints, irises, etc. to uniquely identify a person. The fingerprint of the individual is unique and not easy to counterfeit. Fingerprint recognition has been widely used, such as company attendance and public security tracking suspects. Like a person, a terminal can also have a terminal fingerprint.
发明内容Summary of the invention
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。The following is an overview of the topics detailed in this document. This Summary is not intended to limit the scope of the claims.
终端指纹可根据终端的硬件信息生成,例如IMEI码或MAC地址就是根据终端硬件生成的一种比较简单的终端指纹。The terminal fingerprint can be generated according to the hardware information of the terminal. For example, the IMEI code or the MAC address is a relatively simple terminal fingerprint generated according to the terminal hardware.
此外,关于终端指纹的生成,苹果公司为其售出的每一台移动终端设备如iPhone手机,都提供了一个UDID(Unique Device Identifier,唯一终端标识)码作为终端标识,一台移动终端只有一个唯一的UDID码,而且几乎不会被假冒,因此,UDID很受移动广告商和游戏网络运营商的青睐,因为,他们可以根据苹果移动终端设备的UDID码来确定用户的喜好,以及精确统计某一款产品的下载量。但UDID的生成涉及跟踪用户,侵犯了用户的隐私, 因此,UDID已被禁用。In addition, regarding the generation of the terminal fingerprint, Apple provides a UDID (Unique Device Identifier) code as the terminal identifier for each mobile terminal device sold, such as an iPhone, and only one mobile terminal. The only UDID code, and almost no counterfeiting, therefore, UDID is very popular with mobile advertisers and game network operators, because they can determine the user's preferences based on the UDID code of Apple's mobile terminal device, and accurately count certain The download amount of a product. However, the generation of UDID involves tracking users and invading the privacy of users. Therefore, the UDID has been disabled.
此外,关于终端指纹的生成,苹果公司还设计了UDID码的替代——OpenUDID码(开放UDID码),OpenUDID码是由手机中第一个带有OpenUDID SDK(Software Development Kit,软件开发工具包)包的手机应用生成,如果完全删除该带有OpenUDID SDK包的手机应用(比如恢复系统等),那么手机的OpenUDID码将会被重新生成,而且再次生成的OpenUDID码与之前的值不同,因为,将手机中原本带有OpenUDID SDK包的手机应用的相关数据完全删除后,这一台手机就相当于新终端。也就是说,这种完全根据终端中的软件信息来生成终端指纹的方式也是不可行的,因为,移动终端设备中的应用是可能被随时移除的,而一旦该应用被移除之后,再次生成的终端指纹将会与之前的不同,这样终端指纹就无法起到唯一标识移动终端设备的作用,即起不到设备指纹应有的作用。In addition, regarding the generation of terminal fingerprints, Apple also designed an alternative to the UDID code - OpenUDID code (open UDID code), which is the first one in the mobile phone with the OpenUDID SDK (Software Development Kit). The mobile phone application of the package is generated. If the mobile application with the OpenUDID SDK package (such as the recovery system) is completely deleted, the OpenUDID code of the mobile phone will be regenerated, and the generated OpenUDID code is different from the previous value because, After completely deleting the data related to the mobile phone application with the OpenUDID SDK package in the mobile phone, this mobile phone is equivalent to the new terminal. That is to say, this method of generating a terminal fingerprint completely based on the software information in the terminal is also infeasible because the application in the mobile terminal device may be removed at any time, and once the application is removed, again The generated terminal fingerprint will be different from the previous one, so that the terminal fingerprint cannot function to uniquely identify the mobile terminal device, that is, it cannot function as the device fingerprint.
因此,需要保证生成的终端指纹能够唯一标识一台移动终端设备的同时还能够有效防止被假冒。Therefore, it is necessary to ensure that the generated terminal fingerprint can uniquely identify a mobile terminal device while effectively preventing the counterfeiting.
本公开实施例提供的一种终端指纹生成及维护方法和装置,用以保证生成的终端指纹能够唯一标识一台终端的同时还能够有效防止降低被假冒的风险。The method and device for generating and maintaining a terminal fingerprint according to an embodiment of the present disclosure are used to ensure that the generated terminal fingerprint can uniquely identify a terminal and can effectively prevent the risk of being counterfeited.
本公开实施例提供一种终端指纹生成方法,包括:An embodiment of the present disclosure provides a terminal fingerprint generating method, including:
获取终端的硬件标识信息,所述硬件标识信息用于唯一识别所述终端;Obtaining hardware identification information of the terminal, where the hardware identification information is used to uniquely identify the terminal;
基于所述终端的图像显示特性和所述硬件标识信息生成指纹图像;Generating a fingerprint image based on image display characteristics of the terminal and the hardware identification information;
根据所述指纹图像的像素生成终端指纹。A terminal fingerprint is generated according to pixels of the fingerprint image.
本公开实施例还提供一种计算机可读存储介质,存储有计算机可执行指令,所述计算机可执行指令被执行时实现上述终端指纹生成方法。Embodiments of the present disclosure also provide a computer readable storage medium storing computer executable instructions that, when executed, implement the terminal fingerprint generation method.
本公开实施例还提供一种终端指纹生成装置,包括:The embodiment of the present disclosure further provides a terminal fingerprint generating apparatus, including:
信息获取模块,设置为:获取终端的硬件标识信息,所述硬件标识信息用于唯一识别所述终端;The information obtaining module is configured to: obtain hardware identification information of the terminal, where the hardware identification information is used to uniquely identify the terminal;
图像生成模块,设置为:基于所述终端的图像显示特性和所述硬件标识信息生成指纹图像; An image generating module, configured to: generate a fingerprint image based on an image display characteristic of the terminal and the hardware identification information;
指纹生成模块,设置为:根据所述指纹图像的像素生成终端指纹。The fingerprint generating module is configured to: generate a terminal fingerprint according to the pixels of the fingerprint image.
本公开实施例还提供一种计算机存储介质,所述计算机存储介质中存储有计算机可执行指令,所述计算机可执行指令用于执行前述的任一项的终端指纹生成方法。The embodiment of the present disclosure further provides a computer storage medium having stored therein computer executable instructions for performing the terminal fingerprint generation method of any of the foregoing.
本公开实施例的有益效果是:The beneficial effects of the embodiments of the present disclosure are:
根据本公开实施例提供的终端指纹生成方法、装置以及计算机存储介质,通过获取能够唯一识别终端的硬件标识信息,基于终端的图像显示特性和终端的硬件标识信息生成指纹图像,根据指纹图像的像素生成终端指纹;由于硬件标识信息本身就具有唯一标识终端的作用,因此基于硬件标识信息生成的指纹图像存在重复的可能性很小;同时,在生成指纹图像的时候,由于不同的终端的图像显示特性不同,所以生成的指纹图像在像素上存在极大的差别,故基于该指纹图像的像素生成的终端指纹也具有唯一性,而且由于终端指纹的生成至少利用了该终端硬件中具有唯一标识作用的信息和软件中具有唯一标识作用的信息,其他终端在生成的假冒终端指纹很难模仿,在保证终端指纹唯一标识作用的同时,提高了终端指纹的安全性。According to the terminal fingerprint generating method and apparatus and the computer storage medium provided by the embodiments of the present disclosure, by acquiring hardware identification information capable of uniquely identifying the terminal, a fingerprint image is generated based on the image display characteristic of the terminal and the hardware identification information of the terminal, according to the pixel of the fingerprint image. The terminal fingerprint is generated; since the hardware identification information itself has the function of uniquely identifying the terminal, the fingerprint image generated based on the hardware identification information is less likely to be duplicated; meanwhile, when the fingerprint image is generated, the image is displayed due to different terminals. The characteristics are different, so the generated fingerprint image has a great difference in pixels, so the terminal fingerprint generated based on the pixel of the fingerprint image is also unique, and since the generation of the terminal fingerprint at least utilizes the unique identification function in the terminal hardware. The information and the software have unique identification information. It is difficult for other terminals to imitate the generated fake terminal fingerprints. While ensuring the unique fingerprint of the terminal fingerprint, the security of the terminal fingerprint is improved.
在阅读并理解了附图和详细描述后,可以明白其他方面。Other aspects will be apparent upon reading and understanding the drawings and detailed description.
附图概述BRIEF abstract
图1为本公开实施例提供的一种终端指纹生成方法的一种流程图;FIG. 1 is a flowchart of a method for generating a terminal fingerprint according to an embodiment of the present disclosure;
图2为根据指纹图像生成终端指纹的一种流程图;2 is a flow chart of generating a fingerprint of a terminal according to a fingerprint image;
图3为本公开实施例提供的另一种终端指纹生成方法的一种流程图;FIG. 3 is a flowchart of another method for generating a terminal fingerprint according to an embodiment of the present disclosure;
图4为生成指纹图像的一种流程图;4 is a flow chart of generating a fingerprint image;
图5为本公开实施例提供的一种终端指纹生成装置的一种结构示意图;FIG. 5 is a schematic structural diagram of a terminal fingerprint generating apparatus according to an embodiment of the present disclosure;
图6为本公开实施例提供的另一种终端指纹生成装置的一种结构示意图。FIG. 6 is a schematic structural diagram of another terminal fingerprint generating apparatus according to an embodiment of the present disclosure.
本公开的较佳实施方式Preferred embodiment of the present disclosure
下面结合附图对本公开的实施方式进行描述。 Embodiments of the present disclosure will be described below with reference to the accompanying drawings.
为描述方便,下面分几个实例来进行说明。For convenience of description, the following examples are described.
实例一:Example 1:
本公开实施例提供一种终端指纹生成方法,请参见图1:The embodiment of the present disclosure provides a method for generating a fingerprint of a terminal, as shown in FIG. 1:
S102、获取终端的硬件标识信息。S102. Obtain hardware identification information of the terminal.
本实施例中的硬件终端标识可以用于唯一识别终端,硬件终端标识可以是IMEI码或MAC地址中的至少一种,也就是说,在本实施例中,获取的硬件终端标识可以是单独的IMEI码或者是单独的MAC地址中的一个,也可以是IMEI码和MAC地址的结合。The hardware terminal identifier in this embodiment may be used to uniquely identify the terminal, and the hardware terminal identifier may be at least one of an IMEI code or a MAC address, that is, in this embodiment, the acquired hardware terminal identifier may be a separate one. The IMEI code is either a single MAC address or a combination of an IMEI code and a MAC address.
IMEI码的中文释义是移动终端国际身份码,其又称为“串号”,是区别移动终端的标志,储存在移动终端的EEPROM(电可擦除只读存储器,俗称“码片”)里,可用于监控被窃或无效的移动终端。IMEI码的总长为15位:前6位数是TAC(Type Approval Code,型号核准号码)码,一般代表机型;紧接着TAC码的2位数是FAC(Final Assembly Code,最后装配号)代表这移动终端设备的产地;临近FAC码的6位数是串号,一般代表终端的生产顺序号;最后的1位数是SP码(即备用码),顾名思义用来做备用的,其号码由厂家做设置。The Chinese definition of the IMEI code is the mobile terminal international identity code, which is also called the "serial number", which is a mark distinguishing the mobile terminal and stored in the EEPROM (Electrically Erasable Read Only Memory, commonly known as "chip") of the mobile terminal. Can be used to monitor stolen or invalid mobile terminals. The total length of the IMEI code is 15 digits: the first 6 digits are the TAC (Type Approval Code) code, which is generally representative of the model; the 2 digits of the TAC code is the FAC (Final Assembly Code). The origin of the mobile terminal device; the 6-digit number adjacent to the FAC code is the serial number, which generally represents the production sequence number of the terminal; the last 1 digit is the SP code (ie, the spare code), which is used as a backup as the name suggests, and its number is Manufacturers do the setup.
MAC地址,可译为媒体访问控制,或称为物理地址、硬件地址等,用来定义网络终端的位置。在OSI(Open System Interconnection,开放式系统互联)模型中,第二层数据链路层负责MAC地址。因此一个主机会有一个MAC地址,MAC地址是网卡决定的,是固定不变的。The MAC address, which can be translated into media access control, or physical address, hardware address, etc., is used to define the location of the network terminal. In the OSI (Open System Interconnection) model, the Layer 2 data link layer is responsible for the MAC address. Therefore, a host will have a MAC address, and the MAC address is determined by the network card and is fixed.
S104、基于终端的图像显示特性和硬件标识信息生成指纹图像。S104. Generate a fingerprint image based on image display characteristics and hardware identification information of the terminal.
生成指纹图像的时候,可以使用HTML(Hyper Text Mark-up Language,超文本标记语言)5中的帆布指纹生成函数,即Canvas(帆布)元素进行绘制操作。由于不同终端的像素分辨率不同,同时,不同终端中Web(万维网)浏览器使用了不同的图形处理引擎、不同的图片导出选项、不同的默认压缩级别等;而从像素级别上看,不同操作系统使用了不同的设置和算法来进行抗锯齿和子像素渲染操作,因此,即使是在不同的操作系统上做相同的绘图操作,生成的指纹图像在终端上显示时,呈现的像素是不同的。在本实施例 中,由于终端的像素分辨率、终端浏览器中关于图像处理的各种设置选项,以及不同终端操作系统在进行抗锯齿和子像素渲染的时使用的算法等的不同最终都会导致生成指纹图像的不同,因此,可以将这些参数归纳为终端的图像显示特性。When generating a fingerprint image, you can use the canvas fingerprint generation function in HTML (Hyper Text Mark-up Language) 5, that is, the Canvas (canvas) element to perform the drawing operation. Since the pixel resolutions of different terminals are different, at the same time, the Web browser of different terminals uses different graphics processing engines, different image export options, different default compression levels, etc., and from the pixel level, different operations The system uses different settings and algorithms for anti-aliasing and sub-pixel rendering operations, so even if the same drawing operation is done on different operating systems, the resulting fingerprints are displayed differently when displayed on the terminal. In this embodiment The difference between the pixel resolution of the terminal, the various setting options for image processing in the terminal browser, and the algorithms used by different terminal operating systems for anti-aliasing and sub-pixel rendering will eventually result in different fingerprint images. Therefore, these parameters can be summarized as the image display characteristics of the terminal.
生成指纹图像的时候,可以调用终端中相应的软硬件来进行,硬件包括GPU(Graphic Processing Unit,图形处理器),GPU是相对于CPU(Central Processing Unit,中央处理器)的一个概念,由于在现代的计算机中(特别是家用系统),图形的处理变得越来越重要,需要一个专门的图形的核心处理器。GPU是显卡的“心脏”,也就相当于CPU在电脑中的作用,它决定了显卡的档次和大部分性能,同时也是2D(二维)显示卡和3D(三维)显示卡的区别依据。在软件方面使用到的工具可以为图形库,图形库是一个用于在显示器上渲染计算机图形的程序库,它通常提供一组经过优化的函数来执行常见的渲染任务。常见的图形库如OpenGL(Open Graphics Library,开放图形库),是一个功能强大、调用方便的底层图形库,提供了专业的图形程序接口,是个与硬件无关的软件接口,在行业领域中最为广泛使用。OpenGL专门针对手机终端、PDA(Personal Digital Assistant,掌上电脑)和游戏主机等嵌入式终端提供了OpenGL ES(OpenGL for Embedded Systems,嵌入式专用开放图形库),是OpenGL的子集。在本实施例中,可以控制移动终端设备将获取的硬件标识信息作为输入OpenGL ES提供的图形程序接口的输入,生成对应的指纹图像。When the fingerprint image is generated, the corresponding software and hardware in the terminal can be called. The hardware includes a GPU (Graphic Processing Unit), and the GPU is a concept relative to the CPU (Central Processing Unit). In modern computers (especially home systems), the processing of graphics becomes more and more important and requires a dedicated graphics core processor. The GPU is the "heart" of the graphics card, which is equivalent to the role of the CPU in the computer. It determines the grade and most of the performance of the graphics card, and is also the basis for the difference between 2D (two-dimensional) graphics cards and 3D (three-dimensional) graphics cards. The tools used in software can be a graphics library, which is a library for rendering computer graphics on a display. It typically provides a set of optimized functions to perform common rendering tasks. Common graphics libraries such as OpenGL (Open Graphics Library) are a powerful and easy-to-call underlying graphics library that provides a professional graphical program interface. It is a hardware-independent software interface and is the most widely used in the industry. use. OpenGL provides OpenGL ES (OpenGL for Embedded Systems) for embedded terminals such as mobile terminals, PDAs (Personal Digital Assistants) and game consoles, and is a subset of OpenGL. In this embodiment, the mobile terminal device may be controlled to input the acquired hardware identification information as an input of a graphic program interface provided by the OpenGL ES to generate a corresponding fingerprint image.
指纹图像的显示效果可以由终端设备的图像显示特性确定,其中终端的分辨率、终端Web浏览器的抗锯齿特性、图像渲染特性等都会决定该指纹图像在该终端设备上的显示效果。The display effect of the fingerprint image may be determined by the image display characteristic of the terminal device, wherein the resolution of the terminal, the anti-aliasing characteristic of the terminal web browser, the image rendering characteristic, and the like all determine the display effect of the fingerprint image on the terminal device.
在本实施例中,生成的指纹图像是RGB(三原色)图像,但是本领域技术人员可以明白的是,指纹图像还可以是二值图或者灰度图。生成的指纹图像的格式可以是BMP(位图文件的扩展名)、JPEG(Joint Photographic Experts Group,联合图像专家小组,是一种国际图像压缩标准)、TIFF(Tag Image File Format,标签图像文件格式)、RAW(未经处理、也未经压缩的格式)、PNG(Portable Network Graphics,便携式网络图形)等中的任意一种。 In the present embodiment, the generated fingerprint image is an RGB (three primary color) image, but those skilled in the art can understand that the fingerprint image can also be a binary image or a grayscale image. The format of the generated fingerprint image may be BMP (extension of bitmap file), JPEG (Joint Photographic Experts Group, is an international image compression standard), TIFF (Tag Image File Format) ), RAW (unprocessed, uncompressed format), PNG (Portable Network Graphics), and the like.
S106、根据指纹图像的像素生成终端指纹。S106. Generate a terminal fingerprint according to the pixels of the fingerprint image.
本实施例中,根据指纹图像来生成终端指纹的原理在于根据终端的硬件标识和终端的图像显示特性为不同终端生成的指纹图像在像素上是不同的,因此,将这些像素的转换成对应的字符或者字符串后形成的终端指纹也应当是具有唯一性的。In this embodiment, the principle of generating a terminal fingerprint according to the fingerprint image is that the fingerprint images generated by different terminals according to the hardware identifier of the terminal and the image display characteristic of the terminal are different in pixels, and therefore, the pixels are converted into corresponding ones. The terminal fingerprint formed after the character or string should also be unique.
本实施例可避免单独根据终端的硬件信息或者单独根据终端的软件信息生成终端指纹造成终端指纹容易被假冒或者是终端指纹的唯一识别作用不足,The embodiment can avoid that the terminal fingerprint is easily counterfeited or the unique identification function of the terminal fingerprint is insufficient according to the hardware information of the terminal or the terminal fingerprint generated by the software information of the terminal.
下面对本实施例一种示例中提供的根据指纹图像的像素生成终端指纹的流程进行介绍,请参考图2:The flow of generating a terminal fingerprint according to a pixel of a fingerprint image provided in an example of the embodiment is described below. Please refer to FIG. 2:
S202、提取指纹图像中多个像素的像素值。S202. Extract pixel values of a plurality of pixels in the fingerprint image.
在提取多个像素(亦可称为像素点)中每个像素的像素值的时候,一并记录该像素在指纹图像中的位置,以类似于这样的像素表达式——“{X偏移,Y偏移,RGB}”来记录该像素点及对应的像素值。When extracting the pixel value of each pixel in a plurality of pixels (also referred to as pixel points), the position of the pixel in the fingerprint image is recorded together, similar to such a pixel expression - "{X offset , Y offset, RGB}" to record the pixel and the corresponding pixel value.
在该像素表达式中,X偏移和Y偏移分别表达了像素点距离图像原点的距离,图像原点可以由用户预设,或者是根据终端系统的默认值来确定。In the pixel expression, the X offset and the Y offset respectively express the distance of the pixel from the origin of the image, and the origin of the image may be preset by the user or determined according to the default value of the terminal system.
在本实施例中,由于生成的指纹图像是RGB色彩模式的,而RGB是通过对红(Red,R)、绿(Green,G)、蓝(Blue,B)三个颜色通道的变化以及它们相互之间的叠加来得到各式各样的颜色的,因此,每一个像素点的像素值是通过三个值共同表征的,例如“森林绿”这一种颜色值通过“34、139、34”这三个值来表示的,其表征的含义是R=34、G=139、B=34。由于上述像素表达式中“RGB”只有一个值,因此,在本实施例中,可以将表征红、绿、蓝三个颜色的值转换成一个值,从而便于参与后续计算,在本实施例中,提供一种转换方式,在对RGB图像的像素值进行转换的时候根据以下公式进行:In this embodiment, since the generated fingerprint image is in the RGB color mode, RGB is changed by three color channels of red (Red, R), green (Green), blue (Blue, B), and The superposition of each other to obtain a variety of colors, therefore, the pixel value of each pixel is represented by three values together, for example, "forest green" color value through "34, 139, 34 "The three values are represented by the meaning of R=34, G=139, B=34. Since "RGB" has only one value in the above pixel expression, in the present embodiment, values representing three colors of red, green, and blue can be converted into one value, thereby facilitating participation in subsequent calculations, in this embodiment. Provides a conversion method based on the following formula when converting pixel values of RGB images:
转换后的RGB值=Red+256*Green+65536*Blue;Converted RGB value = Red + 256 * Green + 65536 * Blue;
例如,E.g,
转换后“森林绿”的RGB值=34+256*139+65536*34=2263842。 The RGB value of "Forest Green" after conversion = 34 + 256 * 139 + 65536 * 34 = 2263842.
S204、将多个像素中每个像素及该像素的像素值排列拼接形成图像像素数据。S204. Arrange the pixel values of each pixel of the plurality of pixels and the pixel to form image pixel data.
假定一幅指纹图像当中包括四个像素点,对这四个像素点进行逐行提取之后,获取的像素表达式分别为{X1,Y1,RGB1}、{X2,Y2,RGB2}、{X3,Y3,RGB3}和{X4,Y4,RGB4},可以注意的是,本实施例中所说的逐行提取可以是从左至右、从上至下依次进行提取,也可以是其他顺序来提取,例如从下至上、从左至左依次进行提取。Assuming that four fingerprint points are included in one fingerprint image, after extracting the four pixel points line by line, the obtained pixel expressions are {X1, Y1, RGB1}, {X2, Y2, RGB2}, {X3, respectively. Y3, RGB3} and {X4, Y4, RGB4}, it can be noted that the progressive extraction described in this embodiment may be extracted from left to right and top to bottom, or may be extracted in other orders. For example, extraction is performed sequentially from bottom to top and from left to left.
得到多个像素点中每个像素点的像素表达式之后,将像素表达式排列拼接形成图像像素数据,在上述示例当中,得到的图像像素数据为“X1 Y1 RGB1 X2 Y2 RGB2 X3 Y3 RGB3 X4 Y4 RGB4”。After obtaining the pixel expression of each pixel point of the plurality of pixel points, the pixel expression arrangement is spliced to form image pixel data. In the above example, the obtained image pixel data is “X1 Y1 RGB1 X2 Y2 RGB2 X3 Y3 RGB3 X4 Y4 RGB4".
S206、对图像像素数据进行哈希转换生成终端指纹。S206. Perform hash conversion on image pixel data to generate a terminal fingerprint.
在本实施例中,之所以使用哈希算法进行转换大致是因为哈希算法在对一组数据进行运算的到运算结果之后,是不能根据运算结果逆推得到原本参与哈希运算的数据的。基于哈希算法的这种特点,能够防止不法分子根据得到的终端指纹逆推得到生成终端指纹的细节,然后对用户的终端指纹进行伪造,从而对用户的财产等造成安全隐患。In the present embodiment, the reason why the hash algorithm is used for the conversion is roughly because the hash algorithm cannot inversely derive the data originally involved in the hash operation based on the operation result after the operation result of the operation on a set of data. Based on this feature of the hash algorithm, it is possible to prevent the criminals from deriving the details of the generated terminal fingerprint according to the obtained terminal fingerprint, and then forging the user's terminal fingerprint, thereby causing security risks to the user's property and the like.
在得到终端指纹之后,可以将终端指纹保存在终端本地。同时,在移动支付、终端鉴权等方面,终端可以通过自己的终端指纹与服务器进行交互以让服务器对终端的身份进行确认,因此,在服务器侧也可以存储终端最新版本的终端指纹。故,在终端指纹生成之后,可以将终端指纹同步到服务器侧,让服务器侧对终端指纹进行存储,当服务器需要对终端的身份进行识别的时候,可以直接从服务器本地提取终端指纹与终端提供的终端指纹进行匹配验证,从而确定终端的身份信息。After obtaining the fingerprint of the terminal, the fingerprint of the terminal can be saved locally in the terminal. At the same time, in terms of mobile payment, terminal authentication, etc., the terminal can interact with the server through its own terminal fingerprint to allow the server to confirm the identity of the terminal. Therefore, the terminal fingerprint of the latest version of the terminal can also be stored on the server side. Therefore, after the terminal fingerprint is generated, the terminal fingerprint can be synchronized to the server side, and the server side can store the terminal fingerprint. When the server needs to identify the identity of the terminal, the terminal fingerprint can be directly extracted from the server and the terminal provides the terminal fingerprint. The terminal fingerprint performs matching verification to determine the identity information of the terminal.
本实施例提供的终端指纹生成方法,利用了终端硬件信息中具有唯一性的硬件标识信息和终端图像显示特性生成指纹图像,由于该指纹图像在像素层面上具有唯一性,因此,根据指纹图像的像素生成的终端指纹也同样具有唯一性,在保证终端指纹唯一性同时,因为不同终端具有不同的图像显示特性,还能保证终端指纹的安全性,能够有效防止终端指纹被伪造或者假冒。另外,本实施例的一些可选实施方式当中,在根据指纹图像生成终端指纹的 时候,会利用哈希算法进行,而哈希算法能够防止不法分子根据得到的终端指纹逆推得到生成终端指纹的细节,可以保证终端指纹的安全性。The terminal fingerprint generating method provided by the embodiment uses the unique hardware identification information and the terminal image display characteristic in the terminal hardware information to generate a fingerprint image. Since the fingerprint image is unique at the pixel level, according to the fingerprint image, The terminal fingerprint generated by the pixel is also unique. While ensuring the uniqueness of the terminal fingerprint, because different terminals have different image display characteristics, the security of the terminal fingerprint can be ensured, and the fingerprint of the terminal can be effectively prevented from being forged or counterfeited. In addition, in some optional implementation manners of this embodiment, the fingerprint of the terminal is generated according to the fingerprint image. At that time, the hash algorithm is used, and the hash algorithm can prevent the criminals from deriving the details of the generated terminal fingerprint according to the obtained terminal fingerprint, and can ensure the security of the terminal fingerprint.
实例二:Example 2:
本公开实施例还提供另一种终端指纹生成方法,该方法与实例一中的一种终端指纹生成方法原理基本相同,但是在部分细节上做了调整,下面将对这种终端指纹生成方法进行说明,请参考图3:The embodiment of the present disclosure further provides another terminal fingerprint generating method, which is basically the same as the terminal fingerprint generating method in the first example, but is adjusted in some details, and the terminal fingerprint generating method is performed in the following. For instructions, please refer to Figure 3:
S302、获取用户输入的指纹生成参数。S302. Acquire a fingerprint generation parameter input by a user.
指纹生成参数是用户输入的,这个参数可以是用户随机输入的数据。为了保证后续生成终端指纹的安全性,在本实施例中,可以为指纹生成参数设置一些限定条件,然后根据限定条件对用户的输入进行检验,例如,可以强制要求指纹生成参数的长度大于预设值,或者要求用户输入的数据同时包含数字和字母,当然也可以要求用户输入的指纹生成参数不能是具有简单规律的数据,如“123456”这种“懒人密码”。当检测到用户输入的指纹生成参数不符合限定条件的要求时,可以向用户提出告警,例如通过终端的显示屏输出表征输入错误的文字或者图像信息,或者是根据终端的音频输出接口输出相应的提示音,以便用户根据这些告警信息重新进行输入,直至输入的指纹生成参数符合要求为止。The fingerprint generation parameter is input by the user, and this parameter may be data randomly input by the user. In order to ensure the security of the subsequent generation of the fingerprint of the terminal, in this embodiment, some limited conditions may be set for the fingerprint generation parameter, and then the input of the user is checked according to the qualification condition. For example, the length of the fingerprint generation parameter may be mandatory to be greater than the preset. The value, or the data required by the user, contains both numbers and letters. Of course, the fingerprint generation parameters input by the user may not be simple data, such as "lazy password" of "123456". When it is detected that the fingerprint generation parameter input by the user does not meet the requirement of the qualification condition, the user may be alerted, for example, outputting text or image information indicating the input error through the display screen of the terminal, or outputting the corresponding audio output interface according to the terminal. A prompt tone, so that the user can re-enter the input according to the alarm information until the input fingerprint generation parameter meets the requirements.
S304、获取终端的硬件标识信息。S304. Obtain hardware identification information of the terminal.
本实施例中获取的硬件标识信息还是为IMEI码、MAC地址等可以对终端进行唯一标识的信息中的至少一种。对于IMEI码、MAC地址的介绍这里不再赘述,请直接参考前面的介绍。The hardware identification information obtained in this embodiment is at least one of information that can uniquely identify the terminal, such as an IMEI code and a MAC address. The description of the IMEI code and MAC address is not described here. Please refer to the previous introduction.
可以理解的是,在本实施例中,获取终端的硬件标识信息的过程和用户输入的指纹生成参数的过程之间没有严格的时序限定,可以先获取用户输入的指纹生成参数,也可以先获取终端的硬件标识信息。It can be understood that, in this embodiment, there is no strict time limit between the process of acquiring the hardware identification information of the terminal and the process of generating the parameter by the user, and the fingerprint generation parameter input by the user may be obtained first, or may be acquired first. Hardware identification information of the terminal.
S306、根据终端的图像显示特性和硬件标识信息以及指纹生成参数生成指纹图像。S306. Generate a fingerprint image according to image display characteristics and hardware identification information of the terminal and fingerprint generation parameters.
下面结合图4对本实施例中生成指纹图像的过程进行介绍:The process of generating a fingerprint image in this embodiment will be described below with reference to FIG. 4:
S402、根据硬件标识信息和指纹生成参数生成校验码。 S402. Generate a check code according to the hardware identification information and the fingerprint generation parameter.
生成校验码的过程可以参考实例一中生成图像像素数据的过程,将硬件标识信息和指纹生成参数按照某种顺序进行排序后将两组数据进行拼接形成对应的校验码。当然本领域技术人员可以理解的是,在本实施例中生成校验码的方式还包括多种,例如将硬件标识信息和指纹生成参数根据某种算法计算得到一个数值,该数值即作为校验码。The process of generating the check code may refer to the process of generating image pixel data in the first example, and sorting the hardware identification information and the fingerprint generation parameter according to a certain order, and then splicing the two sets of data to form a corresponding check code. Certainly, those skilled in the art can understand that the manner of generating the check code in the embodiment further includes multiple types, for example, the hardware identification information and the fingerprint generation parameter are calculated according to an algorithm, and the value is used as a check. code.
S404、根据硬件标识信息和指纹生成参数以及校验码生成图像生成参数。S404. Generate an image generation parameter according to the hardware identification information, the fingerprint generation parameter, and the check code.
生成图像生成参数的过程与生成校验码的过程类似,可以采用排列后将数据进行拼接的方式,也可以采用其他算法进行,只不过在生成图像生成参数的时候,输入的参数是三个而非两个了。The process of generating image generation parameters is similar to the process of generating a check code. The method of splicing the data after arranging may be used, or other algorithms may be used, but when generating image generation parameters, the input parameters are three. Not two.
在本实施例中,之所以不直接根据用户输入的指纹生成参数和硬件标识信息生成指纹图像,而是先根据指纹生成参数和硬件标识信息计算得到校验码,然后又基于计算结果得到图像生成参数,即根据指纹生成参数、硬件标识信息以及计算得到的校验码确定出图像生成参数,生成指纹图像的时候是根据图像生成参数进行的,这样的做法大致希望通过中间的多次计算加强指纹图像的安全性。In this embodiment, the fingerprint image is not directly generated according to the fingerprint generation parameter and the hardware identification information input by the user, but the verification code is first calculated according to the fingerprint generation parameter and the hardware identification information, and then the image is generated based on the calculation result. The parameter, that is, the image generation parameter is determined according to the fingerprint generation parameter, the hardware identification information, and the calculated verification code, and the generation of the fingerprint image is performed according to the image generation parameter, and such an approach generally hopes to strengthen the fingerprint through multiple calculations in the middle. Image security.
S406、调用帆布指纹生成函数基于终端的图像显示特性根据图像生成参数生成并显示指纹图像。S406. Calling the canvas fingerprint generation function generates and displays the fingerprint image according to the image generation parameter based on the image display characteristic of the terminal.
该过程可以直接调用HTML5中的Canvas函数进行,HTML5是万维网的核心语言、标准通用标记语言下的一个应用超文本标记语言,其中包括众多基于SVG(Scalable Vector Graphics,可缩放矢量图形)、Canvas、WebGL(Web Graphics Library,万维网图形库)及CSS(Cascading Style Sheet,层叠样式表)3的3D功能,当需要使用Canvas时,直接调用其中的相关函数即可实现。This process can directly call the Canvas function in HTML5, which is the core language of the World Wide Web, an application hypertext markup language under the standard universal markup language, including many SVG (Scalable Vector Graphics), Canvas, The 3D functions of WebGL (Web Graphics Library) and CSS (Cascading Style Sheet) 3 can be realized by directly calling the related functions when using Canvas.
将根据硬件标识信息、指纹生成参数以及校验码生成图像生成参数作为帆布指纹生成函数的输入生成指纹图像,然后基于终端的图像显示特性对指纹图像进行显示。由于不同的图像显示特性将会决定出不同的图像显示效果,也就是说,即使是同样一幅图像,在具有不同图像显示特性的终端上进行显示时,在像素层面上将会呈现不同的显示效果。 The fingerprint generation image is generated based on the hardware identification information, the fingerprint generation parameter, and the check code generation image generation parameter as an input of the canvas fingerprint generation function, and then the fingerprint image is displayed based on the image display characteristic of the terminal. Since different image display characteristics will determine different image display effects, that is, even if the same image is displayed on a terminal with different image display characteristics, different displays will be presented at the pixel level. effect.
S308、根据指纹图像的像素生成终端指纹。S308. Generate a terminal fingerprint according to the pixels of the fingerprint image.
根据指纹图像的像素生成终端指纹的过程在实例一中已经做了比较详细的介绍,这里不再赘述。The process of generating a terminal fingerprint according to the pixels of the fingerprint image has been described in detail in the first example, and will not be described again here.
S310、对终端进行监测,当确定终端满足预设条件时,重新为终端生成终端指纹。S310: Monitor the terminal, and when determining that the terminal meets the preset condition, re-generate the terminal fingerprint for the terminal.
一般说来,人成年后,如果指纹没有遭遇特别的损坏,则其一般不会有什么变化,也就是说,人的生理指纹具有非常高的稳定性。但终端指纹却有所不同,因为终端指纹是根据终端的硬件信息和软件信息共同生成的,而硬件会随着时间逐步老化,软件也会逐步更新和升级,因而虽然终端指纹在一段时间内会比较稳定,但从长时间来看,终端指纹会发生改变。所以,可以有相应的终端指纹更新机制,完成新老终端指纹的替换,对此,本实施例提出一种终端指纹的更新机制——对终端进行监测,当确定终端满足预设条件时,重新为终端生成终端指纹。Generally speaking, when a person is an adult, if the fingerprint does not suffer special damage, it generally does not change, that is, the human physiological fingerprint has a very high stability. However, the fingerprint of the terminal is different, because the terminal fingerprint is generated according to the hardware information and software information of the terminal, and the hardware will gradually age over time, and the software will be gradually updated and upgraded, so the terminal fingerprint will be in a period of time. It is relatively stable, but from a long time, the fingerprint of the terminal will change. Therefore, there may be a corresponding terminal fingerprint update mechanism to complete the replacement of the fingerprint of the new and old terminals. In this regard, the present embodiment provides an update mechanism for the terminal fingerprint—monitoring the terminal, and when determining that the terminal meets the preset condition, Generate a terminal fingerprint for the terminal.
在本实施例中,触发重新生成终端指纹的情况至少可以有这样两种:In this embodiment, there are at least two cases in which the fingerprint of the terminal is regenerated.
第一种,监测到终端与图像显示特性相关的软件、或与图像显示特性相关的硬件、或与图像显示特性相关的软件和与图像显示特性相关的硬件发生更新。与图像显示特性相关的软件包括终端中的Web浏览器等,与图像显示特性相关的硬件包括终端显示屏等。当终端的显示屏进行了更换,显示屏的分辨率率发生了变化,或者是终端使用的Web浏览器的版本变化了,例如浏览器升级了,都可以重新为终端生成一个新的终端指纹,以替换旧版本的终端指纹。First, it is monitored that the software related to the image display characteristics of the terminal, or the hardware related to the image display characteristics, or the software related to the image display characteristics and the hardware related to the image display characteristics are updated. The software related to the image display characteristics includes a web browser in the terminal, etc., and the hardware related to the image display characteristics includes a terminal display screen and the like. When the display screen of the terminal is replaced, the resolution rate of the display changes, or the version of the web browser used by the terminal changes. For example, if the browser is upgraded, a new terminal fingerprint can be re-created for the terminal. To replace the old version of the terminal fingerprint.
第二种,监测到用户向终端输入了终端指纹更新请求。终端指纹使用的时间越长,被假冒的可能性就越大,因此,用户在使用一个终端指纹一段时间之后,处于安全性的考虑,可能会主动提出需要更新中的指纹,因此,在接收到用户请求的情况下,也可以对终端指纹进行重新生成。Second, it is monitored that the user inputs a terminal fingerprint update request to the terminal. The longer the terminal fingerprint is used, the more likely it is to be impersonated. Therefore, after using the fingerprint of a terminal for a period of time, the user may take the initiative to propose a fingerprint that needs to be updated. Therefore, after receiving the fingerprint. In the case of a user request, the terminal fingerprint can also be regenerated.
可以理解的是,在本实施例中,当重新生成终端指纹后,可以将其同步到服务器侧。It can be understood that, in this embodiment, after the terminal fingerprint is regenerated, it can be synchronized to the server side.
本公开实施例提供的另一种终端指纹生成方法,在实例一的基础上,在 生成终端指纹的时候,结合了用户输入的指纹生成参数,由于用户输入的指纹生成参数具有随机性,因此,能够保证终端指纹的唯一性与安全性。同时,本实例提供的终端指纹生成方法还实时监测终端中与终端指纹生成相关的软、硬件信息的更新情况和用户对更新终端指纹的需求,在需要重新生成终端指纹的时候,重新执行生成工作,能够有效保证终端指纹的安全性。Another terminal fingerprint generating method provided by an embodiment of the present disclosure is based on the first example, When the terminal fingerprint is generated, the fingerprint generation parameters input by the user are combined. Since the fingerprint generation parameters input by the user are random, the uniqueness and security of the terminal fingerprint can be ensured. At the same time, the terminal fingerprint generation method provided by the present example also monitors the update of the software and hardware information related to the terminal fingerprint generation in the terminal and the user's requirement for updating the terminal fingerprint in real time, and re-executes the generation work when the terminal fingerprint needs to be regenerated. , can effectively ensure the security of the terminal fingerprint.
实例三:Example three:
本实施例还提供一种终端指纹生成装置,请参考图5:This embodiment also provides a terminal fingerprint generating device. Please refer to FIG. 5:
终端指纹生成装置50包括:信息获取模块502、图像生成模块504和指纹生成模块506。The terminal fingerprint generating device 50 includes an information acquiring module 502, an image generating module 504, and a fingerprint generating module 506.
信息获取模块502设置为:获取终端的硬件标识信息。本实施例中信息获取模块502获取的硬件终端标识可以用于唯一识别终端,硬件终端标识可以是IMEI码或MAC地址中的至少一种,也就是说,在本实施例中,获取的硬件终端标识可以是单独的IMEI码或者是单独的MAC地址中的一个,也可以是IMEI码和MAC地址的结合。The information obtaining module 502 is configured to: acquire hardware identification information of the terminal. The hardware terminal identifier obtained by the information acquiring module 502 in this embodiment may be used to uniquely identify the terminal, and the hardware terminal identifier may be at least one of an IMEI code or a MAC address, that is, the hardware terminal acquired in this embodiment. The identifier may be a single IMEI code or one of a separate MAC address, or a combination of an IMEI code and a MAC address.
IMEI码的中文释义是移动终端国际身份码,其又称为“串号”,是区别移动终端的标志,储存在移动终端的EEPROM(俗称“码片”)里,可用于监控被窃或无效的移动终端。IMEI码的总长为15位:前6位数是TAC(Type Approval Code,型号核准号码)码,一般代表机型;紧接着TAC码的2位数是FAC(Final Assembly Code,最后装配号)代表这移动终端设备的产地;临近FAC码的6位数是串号,一般代表终端的生产顺序号;最后的1位数是SP码(即备用码),顾名思义用来做备用的,其号码由厂家做设置。The Chinese definition of the IMEI code is the mobile terminal international identity code, which is also called the “serial number”. It is a symbol for distinguishing the mobile terminal and stored in the EEPROM (commonly known as “chip”) of the mobile terminal, which can be used to monitor the theft or invalid. Mobile terminal. The total length of the IMEI code is 15 digits: the first 6 digits are the TAC (Type Approval Code) code, which is generally representative of the model; the 2 digits of the TAC code is the FAC (Final Assembly Code). The origin of the mobile terminal device; the 6-digit number adjacent to the FAC code is the serial number, which generally represents the production sequence number of the terminal; the last 1 digit is the SP code (ie, the spare code), which is used as a backup as the name suggests, and its number is Manufacturers do the setup.
MAC地址,可译为媒体访问控制,或称为物理地址、硬件地址等,用来定义网络终端的位置。在OSI(Open System Interconnection,开放式系统互联)模型中,第二层数据链路层负责MAC地址。因此一个主机会有一个MAC地址,MAC地址是网卡决定的,是固定不变的。The MAC address, which can be translated into media access control, or physical address, hardware address, etc., is used to define the location of the network terminal. In the OSI (Open System Interconnection) model, the Layer 2 data link layer is responsible for the MAC address. Therefore, a host will have a MAC address, and the MAC address is determined by the network card and is fixed.
图像生成模块504设置为:基于终端的图像显示特性和硬件标识信息生成指纹图像。图像生成模块504生成指纹图像的时候,可以使用HTML5中的帆布指纹生成函数,即Canvas元素进行绘制操作。由于不同终端的像素分辨率不同,同时,不同终端中Web浏览器使用了不同的图形处理引擎、不同 的图片导出选项、不同的默认压缩级别等;而从像素级别上看,不同操作系统使用了不同的设置和算法来进行抗锯齿和子像素渲染操作,因此,即使是在不同的操作系统上做相同的绘图操作,图像生成模块504生成的指纹图像在终端上显示时,呈现的像素是不同的。在本实施例中,由于终端的像素分辨率、终端浏览器中关于图像处理的各种设置选项,以及不同终端操作系统在进行抗锯齿和子像素渲染的时使用的算法等的不同最终都会导致生成指纹图像的不同,因此,可以将这些参数归纳为终端的图像显示特性。The image generation module 504 is configured to generate a fingerprint image based on the image display characteristics of the terminal and the hardware identification information. When the image generation module 504 generates the fingerprint image, the canvas fingerprint generation function in HTML5, that is, the Canvas element, can be used for the drawing operation. Due to the different pixel resolutions of different terminals, at the same time, different browsers use different graphics processing engines and different browsers in different terminals. Image export options, different default compression levels, etc.; at the pixel level, different operating systems use different settings and algorithms for anti-aliasing and sub-pixel rendering operations, so even on different operating systems The drawing operation, when the fingerprint image generated by the image generating module 504 is displayed on the terminal, the pixels presented are different. In this embodiment, the difference in pixel resolution of the terminal, various setting options regarding image processing in the terminal browser, and algorithms used by different terminal operating systems for anti-aliasing and sub-pixel rendering ultimately leads to generation. The fingerprint images are different, so these parameters can be summarized into the image display characteristics of the terminal.
图像生成模块504生成指纹图像的时候,可以调用终端中相应的软硬件来进行,硬件包括GPU,GPU是相对于CPU的一个概念,由于在现代的计算机中(特别是家用系统),图形的处理变得越来越重要,需要一个专门的图形的核心处理器。GPU是显卡的“心脏”,也就相当于CPU在电脑中的作用,它决定了显卡的档次和大部分性能,同时也是2D显示卡和3D显示卡的区别依据。在软件方面图像生成模块504使用到的工具可以为图形库,图形库是一个用于在显示器上渲染计算机图形的程序库,它通常提供一组经过优化的函数来执行常见的渲染任务。常见的图形库如OpenGL,是一个功能强大、调用方便的底层图形库,提供了专业的图形程序接口,是个与硬件无关的软件接口,在行业领域中最为广泛使用。OpenGL专门针对手机终端、PDA和游戏主机等嵌入式终端提供了OpenGL ES,是OpenGL的子集。在本实施例中,图像生成模块504可以将获取的硬件标识信息作为输入OpenGL ES提供的图形程序接口的输入,生成对应的指纹图像。When the image generation module 504 generates the fingerprint image, the corresponding software and hardware in the terminal may be invoked, and the hardware includes the GPU. The GPU is a concept relative to the CPU, and the graphics are processed in a modern computer (especially a home system). It is becoming more and more important to have a dedicated graphics core processor. The GPU is the "heart" of the graphics card, which is equivalent to the role of the CPU in the computer. It determines the grade and most of the performance of the graphics card, and is also the basis for the difference between the 2D graphics card and the 3D graphics card. The tool used by the image generation module 504 in software can be a graphics library, which is a library for rendering computer graphics on a display, which typically provides a set of optimized functions to perform common rendering tasks. A common graphics library, such as OpenGL, is a powerful, easy-to-call underlying graphics library that provides a professional graphical program interface. It is a hardware-independent software interface and is the most widely used in the industry. OpenGL provides OpenGL ES for embedded terminals such as mobile terminals, PDAs and game consoles, and is a subset of OpenGL. In this embodiment, the image generation module 504 may input the acquired hardware identification information as an input to a graphics program interface provided by the OpenGL ES to generate a corresponding fingerprint image.
指纹图像的显示效果将由终端设备的图像显示特性确定,其中终端的分辨率、终端Web浏览器的抗锯齿特性、图像渲染特性等都会决定该指纹图像在该终端设备上的显示效果。The display effect of the fingerprint image will be determined by the image display characteristics of the terminal device, wherein the resolution of the terminal, the anti-aliasing property of the terminal web browser, the image rendering characteristics, and the like all determine the display effect of the fingerprint image on the terminal device.
在本实施例中,图像生成模块504生成的指纹图像是RGB图像,但是本领域技术人员可以明白的是,指纹图像还可以是二值图或者灰度图。图像生成模块504生成的指纹图像的格式可以是BMP、JPEG、TIFF、RAW、PNG等中的任意一种。In this embodiment, the fingerprint image generated by the image generation module 504 is an RGB image, but those skilled in the art can understand that the fingerprint image can also be a binary image or a grayscale image. The format of the fingerprint image generated by the image generation module 504 may be any one of BMP, JPEG, TIFF, RAW, PNG, and the like.
指纹生成模块506设置为:根据指纹图像的像素生成终端指纹。本实施例中,根据指纹图像来生成终端指纹的原理在于根据终端的硬件标识和终端 的图像显示特性为不同终端生成的指纹图像在像素上是不同的,因此,将这些像素的转换成对应的字符或者字符串后形成的终端指纹也应当是具有唯一性的。The fingerprint generation module 506 is configured to generate a terminal fingerprint according to pixels of the fingerprint image. In this embodiment, the principle of generating a terminal fingerprint according to the fingerprint image is based on the hardware identifier and the terminal of the terminal. The image display characteristics of the fingerprint images generated by different terminals are different in pixels. Therefore, the terminal fingerprint formed by converting these pixels into corresponding characters or character strings should also be unique.
指纹生成模块506设置为:提取指纹图像中多个像素的像素值,并将多个像素中每个像素及该像素的像素值排列拼接形成图像像素数据,以及对图像像素数据进行哈希转换生成终端指纹。The fingerprint generating module 506 is configured to: extract pixel values of a plurality of pixels in the fingerprint image, and align each pixel of the plurality of pixels and pixel values of the pixel to form image pixel data, and perform hash conversion on the image pixel data. Terminal fingerprint.
指纹生成模块506在提取多个像素中每个像素的像素值的时候,一并记录该像素在指纹图像中的位置,以类似于这样的像素表达式——“{X偏移,Y偏移,RGB}”来记录该像素点及该像素点对应的像素值。The fingerprint generation module 506 records the position of the pixel in the fingerprint image together when extracting the pixel value of each pixel of the plurality of pixels, similar to such a pixel expression - "{X offset, Y offset , RGB}" to record the pixel point and the pixel value corresponding to the pixel.
在该像素表达式中,X偏移和Y偏移分别表达了像素点距离图像原点的距离,图像原点可以由用户预设,或者是根据终端系统的默认值来确定。In the pixel expression, the X offset and the Y offset respectively express the distance of the pixel from the origin of the image, and the origin of the image may be preset by the user or determined according to the default value of the terminal system.
在本实施例中,由于生成的指纹图像是RGB色彩模式的,而RGB是通过对红(R)、绿(G)、蓝(B)三个颜色通道的变化以及它们相互之间的叠加来得到各式各样的颜色的,因此,每一个像素点的像素值是通过三个值共同表征的,例如“森林绿”这一种颜色值通过“34、139、34”这三个值来表示的,其表征的含义是R=34、G=139、B=34。由于上述像素表达式中“RGB”只有一个值,因此,在本实施例中,指纹生成模块506可以将表征红、绿、蓝三个颜色的值转换成一个值,从而便于参与后续计算,在本实施例中,提供一种转换方式,在指纹生成模块506对RGB图像的像素值进行转换的时候根据以下公式进行:In this embodiment, since the generated fingerprint image is in the RGB color mode, RGB is changed by the three color channels of red (R), green (G), and blue (B) and their superposition with each other. A variety of colors are obtained. Therefore, the pixel value of each pixel is represented by three values. For example, "forest green" has a color value of three values of "34, 139, 34". The meaning of the representation is R=34, G=139, B=34. Since "RGB" has only one value in the above pixel expression, in the present embodiment, the fingerprint generation module 506 can convert values representing three colors of red, green, and blue into one value, thereby facilitating participation in subsequent calculations. In this embodiment, a conversion mode is provided. When the fingerprint generation module 506 converts the pixel values of the RGB image, the following formula is performed:
转换后的RGB值=Red+256*Green+65536*Blue;Converted RGB value = Red + 256 * Green + 65536 * Blue;
例如,E.g,
转换后“森林绿”的RGB值=34+256*139+65536*34=2263842。The RGB value of "Forest Green" after conversion = 34 + 256 * 139 + 65536 * 34 = 2263842.
假定一幅指纹图像当中包括四个像素点,指纹生成模块506对这四个像素点进行逐行提取之后,获取的像素表达式分别为{X1,Y1,RGB1}、{X2,Y2,RGB2}、{X3,Y3,RGB3}和{X4,Y4,RGB4},可以注意的是,本实施例中所说的逐行提取可以是从左至右、从上至下依次进行提取,也可以是其他顺序来提取,例如从下至上、从左至左依次进行提取。 Assuming that four fingerprint points are included in one fingerprint image, the fingerprint generation module 506 extracts the four pixel points row by row, and the obtained pixel expressions are {X1, Y1, RGB1}, {X2, Y2, RGB2}. , {X3, Y3, RGB3} and {X4, Y4, RGB4}, it can be noted that the progressive extraction described in this embodiment may be extracted from left to right and from top to bottom, or may be Other sequences are extracted, for example, from bottom to top and from left to left.
得到多个像素点中每个像素点的像素表达式之后,指纹生成模块506将像素表达式排列拼接形成图像像素数据,在上述示例当中,得到的图像像素数据为“X1 Y1 RGB1 X2 Y2 RGB2 X3 Y3 RGB3 X4 Y4 RGB4”。After obtaining the pixel expression of each of the plurality of pixel points, the fingerprint generation module 506 splicing the pixel expression arrangement to form image pixel data. In the above example, the obtained image pixel data is “X1 Y1 RGB1 X2 Y2 RGB2 X3 Y3 RGB3 X4 Y4 RGB4”.
在本实施例中,之所以使用哈希算法进行转换大致是因为哈希算法在对一组数据进行运算的到运算结果之后,是不能根据运算结果逆推得到原本参与哈希运算的数据的。基于哈希算法的这种特点,能够防止不法分子根据得到的终端指纹逆推得到生成终端指纹的细节,然后对用户的终端指纹进行伪造,从而对用户的财产等造成安全隐患。In the present embodiment, the reason why the hash algorithm is used for the conversion is roughly because the hash algorithm cannot inversely derive the data originally involved in the hash operation based on the operation result after the operation result of the operation on a set of data. Based on this feature of the hash algorithm, it is possible to prevent the criminals from deriving the details of the generated terminal fingerprint according to the obtained terminal fingerprint, and then forging the user's terminal fingerprint, thereby causing security risks to the user's property and the like.
指纹生成模块506在得到终端指纹之后,可以将终端指纹保存在终端本地。同时,在移动支付、终端鉴权等方面,终端可以通过自己的终端指纹与服务器进行交互以让服务器对终端的身份进行确认,因此,在服务器侧也可以存储终端最新版本的终端指纹。故,在终端指纹生成之后,指纹生成模块506还可以将终端指纹同步到服务器侧,让服务器侧对终端指纹进行存储,当服务器需要对终端的身份进行识别的时候,可以直接从服务器本地提取终端指纹与终端提供的终端指纹进行匹配验证,从而确定终端的身份信息。After obtaining the fingerprint of the terminal, the fingerprint generating module 506 can save the fingerprint of the terminal locally in the terminal. At the same time, in terms of mobile payment, terminal authentication, etc., the terminal can interact with the server through its own terminal fingerprint to allow the server to confirm the identity of the terminal. Therefore, the terminal fingerprint of the latest version of the terminal can also be stored on the server side. Therefore, after the terminal fingerprint is generated, the fingerprint generating module 506 can also synchronize the fingerprint of the terminal to the server side, and let the server side store the fingerprint of the terminal. When the server needs to identify the identity of the terminal, the terminal can be directly extracted from the server. The fingerprint is matched and verified with the terminal fingerprint provided by the terminal, thereby determining the identity information of the terminal.
本实施例提供的终端指纹生成装置50,利用了终端硬件信息中具有唯一性的硬件标识信息和终端图像显示特性生成指纹图像,由于该指纹图像在像素层面上具有唯一性,因此,根据指纹图像的像素生成的终端指纹也同样具有唯一性,在保证终端指纹唯一性同时,因为不同终端具有不同的图像显示特性,还能保证终端指纹的安全性,能够有效防止终端指纹被伪造或者假冒。另外,本实施例的一些实例当中,在根据指纹图像生成终端指纹的时候,会利用哈希算法进行,而哈希算法能够防止不法分子根据得到的终端指纹逆推得到生成终端指纹的细节,可以保证终端指纹的安全性。The terminal fingerprint generating apparatus 50 provided by the embodiment generates the fingerprint image by using the unique hardware identification information and the terminal image display characteristic in the terminal hardware information. Since the fingerprint image is unique at the pixel level, the fingerprint image is based on the fingerprint image. The terminal fingerprint generated by the pixel is also unique. While ensuring the uniqueness of the terminal fingerprint, because different terminals have different image display characteristics, the security of the terminal fingerprint can be ensured, and the fingerprint of the terminal can be effectively prevented from being forged or counterfeited. In addition, in some examples of the embodiment, when the fingerprint of the terminal is generated according to the fingerprint image, the hash algorithm is used, and the hash algorithm can prevent the illegal molecule from deriving the generated fingerprint of the terminal according to the obtained terminal fingerprint, and can Ensure the security of the terminal fingerprint.
实例四:Example four:
本实施例还提供另一种终端指纹生成装置,该终端指纹生成装置同样包括信息获取模块、图像生成模块和指纹生成模块。但是该装置中信息获取模块除了设置为获取用于唯一识别终端的硬件标识信息以外,还设置为:获取用户输入的指纹生成参数。而图像生成模块生成指纹图像的时候,除了可以根据终端的图像显示特性和硬件标识信息以外,还可以结合信息获取模块获 取到的用户输入的指纹生成参数进行。The embodiment further provides another terminal fingerprint generating device, which also includes an information acquiring module, an image generating module and a fingerprint generating module. However, in addition to setting the hardware identification information for uniquely identifying the terminal, the information acquisition module in the device is further configured to: acquire the fingerprint generation parameter input by the user. When the image generation module generates the fingerprint image, in addition to the image display characteristic and the hardware identification information of the terminal, the image acquisition module may be combined with the information acquisition module. The obtained fingerprint input parameters of the user input are performed.
指纹生成参数是用户输入的,这个参数可以是用户随机输入的数据。为了保证后续生成终端指纹的安全性,在本实施例中,可以为指纹生成参数设置一些限定条件,然后根据限定条件对用户的输入进行检验,例如,可以强制要求指纹生成参数的长度大于预设值,或者要求用户输入的数据须同时包含数字和字母,当然也可以要求用户输入的指纹生成参数不能是具有简单规律的数据,如“123456”这种“懒人密码”。当检测到用户输入的指纹生成参数不符合限定条件的要求时,可以向用户提出告警,例如通过终端的显示屏输出表征输入错误的文字或者图像信息,或者是根据终端的音频输出接口输出相应的提示音,以便用户根据这些告警信息重新进行输入,直至输入的指纹生成参数符合要求为止。The fingerprint generation parameter is input by the user, and this parameter may be data randomly input by the user. In order to ensure the security of the subsequent generation of the fingerprint of the terminal, in this embodiment, some limited conditions may be set for the fingerprint generation parameter, and then the input of the user is checked according to the qualification condition. For example, the length of the fingerprint generation parameter may be mandatory to be greater than the preset. The value, or the data required by the user, must contain both numbers and letters. Of course, the fingerprint generation parameters input by the user may not be simple data, such as "lazy password" of "123456". When it is detected that the fingerprint generation parameter input by the user does not meet the requirement of the qualification condition, the user may be alerted, for example, outputting text or image information indicating the input error through the display screen of the terminal, or outputting the corresponding audio output interface according to the terminal. A prompt tone, so that the user can re-enter the input according to the alarm information until the input fingerprint generation parameter meets the requirements.
图像生成模块生成指纹图像的时候,不直接根据用户输入的指纹生成参数和硬件标识信息生成指纹图像,而是先根据指纹生成参数和硬件标识信息计算得到校验码,然后又基于计算结果得到图像生成参数,即根据指纹生成参数、硬件标识信息以及计算得到的校验码确定出图像生成参数,生成指纹图像的时候是根据图像生成参数进行的,这样的做法大致希望通过中间的多次计算加强指纹图像的安全性。When the image generation module generates the fingerprint image, the fingerprint image is not directly generated according to the fingerprint generation parameter and the hardware identification information input by the user, but the verification code is first calculated according to the fingerprint generation parameter and the hardware identification information, and then the image is obtained based on the calculation result. The parameter is generated, that is, the image generation parameter is determined according to the fingerprint generation parameter, the hardware identification information, and the calculated verification code, and the fingerprint image is generated according to the image generation parameter, which is generally expected to be strengthened by multiple calculations in the middle. The security of the fingerprint image.
一般说来,人成年后,如果指纹没有遭遇特别的损坏,则其一般不会有什么变化,也就是说,人的生理指纹具有非常高的稳定性。但终端指纹却有所不同,因为终端指纹是根据终端的硬件信息和软件信息共同生成的,而硬件会随着时间逐步老化,软件也会逐步更新和升级,因而虽然终端指纹在一段时间内会比较稳定,但从长时间来看,终端指纹会发生改变。所以,可以有相应的终端指纹更新机制,完成新老终端指纹的替换,对此,本实施例提出一种终端指纹的更新机制——对终端进行监测,当确定终端满足预设条件时,重新为终端生成终端指纹。因此,如图6,在本实施例一种示例中提出的另一种终端指纹生成装置中,终端指纹生成装置50可以包括信息获取模块502、图像生成模块504、指纹生成模块506以外,还可以包括监测更新模块508。监测更新模块508监测到需要对重新生成终端指纹的情况大致可以有这样两种: Generally speaking, when a person is an adult, if the fingerprint does not suffer special damage, it generally does not change, that is, the human physiological fingerprint has a very high stability. However, the fingerprint of the terminal is different, because the terminal fingerprint is generated according to the hardware information and software information of the terminal, and the hardware will gradually age over time, and the software will be gradually updated and upgraded, so the terminal fingerprint will be in a period of time. It is relatively stable, but from a long time, the fingerprint of the terminal will change. Therefore, there may be a corresponding terminal fingerprint update mechanism to complete the replacement of the fingerprint of the new and old terminals. In this regard, the present embodiment provides an update mechanism for the terminal fingerprint—monitoring the terminal, and when determining that the terminal meets the preset condition, Generate a terminal fingerprint for the terminal. Therefore, as shown in FIG. 6, in another terminal fingerprint generating apparatus proposed in an example of the embodiment, the terminal fingerprint generating apparatus 50 may include an information acquiring module 502, an image generating module 504, and a fingerprint generating module 506, and may also A monitoring update module 508 is included. The monitoring update module 508 monitors that there are two situations in which it is necessary to regenerate the fingerprint of the terminal:
第一种,监测更新模块508监测到终端与图像显示特性相关的软件、或与图像显示特性相关的硬件、与图像显示特性相关的软件和与图像显示特性相关的硬件发生更新。与图像显示特性相关的软件包括终端中的Web浏览器等,与图像显示特性相关的硬件包括终端显示屏等。当终端的显示屏进行了更换,显示屏的分辨率率发生了变化,或者是终端使用的Web浏览器的版本变化了,例如浏览器升级了,都可以重新为终端生成一个新的终端指纹,以替换旧版本的终端指纹。First, the monitoring update module 508 monitors software related to the image display characteristics of the terminal, or hardware related to image display characteristics, software related to image display characteristics, and hardware update related to image display characteristics. The software related to the image display characteristics includes a web browser in the terminal, etc., and the hardware related to the image display characteristics includes a terminal display screen and the like. When the display screen of the terminal is replaced, the resolution rate of the display changes, or the version of the web browser used by the terminal changes. For example, if the browser is upgraded, a new terminal fingerprint can be re-created for the terminal. To replace the old version of the terminal fingerprint.
第二种,监测更新模块508监测到用户向终端输入了终端指纹更新请求。终端指纹使用的时间越长,被假冒的可能性就越大,因此,用户在使用一个终端指纹一段时间之后,处于安全性的考虑,可能会主动提出需要更新中的指纹,因此,在接收到用户请求的情况下,也可以对终端指纹进行重新生成。Second, the monitoring update module 508 monitors that the user inputs a terminal fingerprint update request to the terminal. The longer the terminal fingerprint is used, the more likely it is to be impersonated. Therefore, after using the fingerprint of a terminal for a period of time, the user may take the initiative to propose a fingerprint that needs to be updated. Therefore, after receiving the fingerprint. In the case of a user request, the terminal fingerprint can also be regenerated.
可以理解的是,在本实施例中,当重新生成终端指纹后,可以将其同步到服务器侧。It can be understood that, in this embodiment, after the terminal fingerprint is regenerated, it can be synchronized to the server side.
本实例和实例三中提供的终端指纹生成装置50可以部署在终端上,这里所说的终端可以是手机、平板电脑、PDA等。信息获取模块的功能可以由控制器实现;在需要获取用户输入的指纹生成参数的时候,可以由终端的输入单元与控制器共同实现信息获取模块的功能。生成指纹图像和生成终端指纹的工作也可以由控制器来实现,控制器还可以设置为:实现监测更新模块的功能。The terminal fingerprint generating apparatus 50 provided in this example and the third embodiment may be deployed on the terminal. The terminal here may be a mobile phone, a tablet computer, a PDA, or the like. The function of the information acquisition module can be implemented by the controller; when the fingerprint generation parameter input by the user needs to be acquired, the input unit of the terminal and the controller can jointly implement the function of the information acquisition module. The work of generating the fingerprint image and generating the fingerprint of the terminal can also be implemented by the controller, and the controller can also be configured to: implement the function of monitoring the update module.
另外,本实施例中终端指纹生成装置50可以将生成的终端指纹同步到服务器侧,在这里可以利用终端,如手机的通信单元与服务器实现通信,将终端指纹传输到服务器中。In addition, in the embodiment, the terminal fingerprint generating device 50 can synchronize the generated terminal fingerprint to the server side, where the terminal, such as the communication unit of the mobile phone, can communicate with the server, and the terminal fingerprint is transmitted to the server.
该另一种终端指纹生成装置,在实例三的基础上,在生成终端指纹的时候,结合了用户输入的指纹生成参数,由于用户输入的指纹生成参数具有随机性,因此,能够保证终端指纹的唯一性与安全性。同时,该另一种终端指纹生成装置还实时监测终端中与终端指纹生成相关的软、硬件信息的更新情况和用户对更新终端指纹的需求,在需要重新生成终端指纹的时候,重新执行生成工作,能够有效保证终端指纹的安全性。The other terminal fingerprint generating device, based on the third example, combines the fingerprint generating parameters input by the user when generating the terminal fingerprint, and the fingerprint generating parameter input by the user has randomness, so that the fingerprint of the terminal can be guaranteed. Uniqueness and security. At the same time, the other terminal fingerprint generating device also monitors the update of the software and hardware information related to the terminal fingerprint generation in the terminal and the user's demand for updating the terminal fingerprint in real time, and re-executes the generating work when the terminal fingerprint needs to be regenerated. , can effectively ensure the security of the terminal fingerprint.
本公开实施例还提供了一种计算机可读存储介质,存储有计算机可执行 指令,所述计算机可执行指令被执行时实现上述终端指纹生成方法。Embodiments of the present disclosure also provide a computer readable storage medium storing a computer executable The instruction, when the computer executable instructions are executed, implement the terminal fingerprint generation method.
本领域的技术人员可以明白,上述本公开实施例的模块或步骤可以用通用的计算装置来实现,它们可以集中在单个的计算装置上,或者分布在多个计算装置所组成的网络上,可选地,它们可以用计算装置可执行的程序代码来实现,从而,可以将它们存储在计算机存储介质(ROM/RAM、磁碟、光盘)中由计算装置来执行,并且在某些情况下,可以以不同于此处的顺序执行所示出或描述的步骤,或者将它们分别制作成不同集成电路模块,或者将它们中的多个模块或步骤制作成单个集成电路模块来实现。所以,本公开不限制于任何特定的硬件和软件结合。Those skilled in the art will appreciate that the above-described modules or steps of the embodiments of the present disclosure may be implemented by a general-purpose computing device, which may be centralized on a single computing device or distributed over a network of multiple computing devices. Alternatively, they may be implemented by program code executable by a computing device such that they may be stored by a computing device in a computer storage medium (ROM/RAM, diskette, optical disk) and, in some cases, The steps shown or described may be performed in a different order than that herein, or they may be separately fabricated into different integrated circuit modules, or a plurality of the modules or steps may be implemented as a single integrated circuit module. Therefore, the present disclosure is not limited to any specific combination of hardware and software.
本领域普通技术人员可以理解,上文中所公开方法中的全部或某些步骤、系统、装置中的功能模块/单元可以被实施为软件、固件、硬件及其适当的组合。在硬件实施方式中,在以上描述中提及的功能模块/单元之间的划分不一定对应于物理组件的划分;例如,一个物理组件可以具有多个功能,或者一个功能或步骤可以由若干物理组件合作执行。某些组件或所有组件可以被实施为由处理器,如数字信号处理器或微处理器执行的软件,或者被实施为硬件,或者被实施为集成电路,如专用集成电路。这样的软件可以分布在计算机可读介质上,计算机可读介质可以包括计算机存储介质(或非暂时性介质)和通信介质(或暂时性介质)。如本领域普通技术人员公知的,术语计算机存储介质包括在用于存储信息(诸如计算机可读指令、数据结构、程序模块或其他数据)的任何方法或技术中实施的易失性和非易失性、可移除和不可移除介质。计算机存储介质包括但不限于随机存取存储器(RAM,Random Access Memory)、只读存储器(ROM,Read-Only Memory)、电可擦除只读存储器(EEPROM,Electrically Erasable Programmable Read-only Memory)、闪存或其他存储器技术、光盘只读存储器(CD-ROM,Compact Disc Read-Only Memory)、数字多功能盘(DVD)或其他光盘存储、磁盒、磁带、磁盘存储或其他磁存储装置、或者可以用于存储期望的信息并且可以被计算机访问的任何其他的介质。此外,本领域普通技术人员公知的是,通信介质通常包含计算机可读指令、数据结构、程序模块或者诸如载波或其他传输机制之类的调制数据信号中的其他数据,并且可包括任何信息递送介质。 Those of ordinary skill in the art will appreciate that all or some of the steps, systems, and functional blocks/units of the methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. In a hardware implementation, the division between functional modules/units mentioned in the above description does not necessarily correspond to the division of physical components; for example, one physical component may have multiple functions, or one function or step may be composed of several physical The components work together. Some or all of the components may be implemented as software executed by a processor, such as a digital signal processor or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on a computer readable medium, which may include computer storage media (or non-transitory media) and communication media (or transitory media). As is well known to those of ordinary skill in the art, the term computer storage medium includes volatile and nonvolatile, implemented in any method or technology for storing information, such as computer readable instructions, data structures, program modules or other data. Sex, removable and non-removable media. Computer storage media include, but are not limited to, Random Access Memory (RAM), Read-Only Memory (ROM), and Electrically Erasable Programmable Read-only Memory (EEPROM). Flash memory or other memory technology, compact disc read-only memory (CD-ROM), digital versatile disc (DVD) or other optical disc storage, magnetic cassette, magnetic tape, disk storage or other magnetic storage device, or Any other medium used to store the desired information and that can be accessed by the computer. Moreover, it is well known to those skilled in the art that communication media typically includes computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and can include any information delivery media. .
本领域的普通技术人员可以理解,可以对本公开的技术方案进行修改或者等同替换,而不脱离本公开技术方案的精神和范围,均应涵盖在本公开的权利要求范围当中。A person skilled in the art can understand that the technical solutions of the present disclosure may be modified or equivalent, without departing from the spirit and scope of the present disclosure, and should be included in the scope of the claims of the present disclosure.
工业实用性Industrial applicability
根据本公开实施例提供的终端指纹生成方法、装置以及计算机存储介质,通过获取能够唯一识别终端的硬件标识信息,基于终端的图像显示特性和终端的硬件标识信息生成指纹图像,根据指纹图像的像素生成终端指纹;由于硬件标识信息本身就具有唯一标识终端的作用,因此基于硬件标识信息生成的指纹图像存在重复的可能性很小;同时,在生成指纹图像的时候,由于不同的终端的图像显示特性不同,所以生成的指纹图像在像素上存在极大的差别,故基于该指纹图像的像素生成的终端指纹也具有唯一性,而且由于终端指纹的生成至少利用了该终端硬件中具有唯一标识作用的信息和软件中具有唯一标识作用的信息,其他终端在生成的假冒终端指纹很难模仿,在保证终端指纹唯一标识作用的同时,提高了终端指纹的安全性。 According to the terminal fingerprint generating method and apparatus and the computer storage medium provided by the embodiments of the present disclosure, by acquiring hardware identification information capable of uniquely identifying the terminal, a fingerprint image is generated based on the image display characteristic of the terminal and the hardware identification information of the terminal, according to the pixel of the fingerprint image. The terminal fingerprint is generated; since the hardware identification information itself has the function of uniquely identifying the terminal, the fingerprint image generated based on the hardware identification information is less likely to be duplicated; meanwhile, when the fingerprint image is generated, the image is displayed due to different terminals. The characteristics are different, so the generated fingerprint image has a great difference in pixels, so the terminal fingerprint generated based on the pixel of the fingerprint image is also unique, and since the generation of the terminal fingerprint at least utilizes the unique identification function in the terminal hardware. The information and the software have unique identification information. It is difficult for other terminals to imitate the generated fake terminal fingerprints. While ensuring the unique fingerprint of the terminal fingerprint, the security of the terminal fingerprint is improved.

Claims (10)

  1. 一种终端指纹生成方法,包括:A terminal fingerprint generating method includes:
    获取终端的硬件标识信息,所述硬件标识信息用于唯一识别所述终端;Obtaining hardware identification information of the terminal, where the hardware identification information is used to uniquely identify the terminal;
    基于所述终端的图像显示特性和所述硬件标识信息生成指纹图像;Generating a fingerprint image based on image display characteristics of the terminal and the hardware identification information;
    根据所述指纹图像的像素生成终端指纹。A terminal fingerprint is generated according to pixels of the fingerprint image.
  2. 如权利要求1所述的终端指纹生成方法,其中,所述硬件标识信息包括所述终端的国际移动终端标识码或媒体访问控制地址中的至少一个。The terminal fingerprint generating method according to claim 1, wherein the hardware identification information comprises at least one of an international mobile terminal identification code or a medium access control address of the terminal.
  3. 如权利要求1所述的终端指纹生成方法,所述根据所述指纹图像生成终端指纹之后还包括:The terminal fingerprint generating method according to claim 1, after the generating the fingerprint of the terminal according to the fingerprint image, the method further comprises:
    对所述终端进行监测,当确定所述终端满足预设条件时,重新为所述终端生成终端指纹。The terminal is monitored, and when it is determined that the terminal meets the preset condition, the terminal fingerprint is re-generated for the terminal.
  4. 如权利要求3所述的终端指纹生成方法,其中,所述预设条件包括以下两种中的至少一种:The terminal fingerprint generating method according to claim 3, wherein the preset condition comprises at least one of the following two types:
    监测到所述终端与图像显示特性相关的软件、或与图像显示特性相关的硬件、或与图像显示特性相关的软件和与图像显示特性相关的硬件发生更新;Monitoring, by the terminal, software related to image display characteristics, or hardware related to image display characteristics, or software related to image display characteristics, and hardware related to image display characteristics are updated;
    监测到用户向所述终端输入了终端指纹更新请求。It is monitored that the user inputs a terminal fingerprint update request to the terminal.
  5. 如权利要求1-4任一项所述的终端指纹生成方法,其中,所述根据所述指纹图像的像素生成终端指纹包括:The terminal fingerprint generating method according to any one of claims 1 to 4, wherein the generating a terminal fingerprint according to the pixel of the fingerprint image comprises:
    提取所述指纹图像中多个像素的像素值;Extracting pixel values of a plurality of pixels in the fingerprint image;
    将所述多个像素中每个像素及该像素的像素值排列拼接形成图像像素数据;Aligning each pixel of the plurality of pixels and pixel values of the pixel to form image pixel data;
    对所述图像像素数据进行哈希转换生成终端指纹。Performing hash conversion on the image pixel data to generate a terminal fingerprint.
  6. 如权利要求1-4任一项所述的终端指纹生成方法,所述控制所述终端基于所述硬件标识信息生成指纹图像之前还包括:The terminal fingerprint generating method according to any one of claims 1 to 4, wherein the controlling the terminal before generating the fingerprint image based on the hardware identification information further comprises:
    获取用户输入的指纹生成参数;Obtaining fingerprint generation parameters input by the user;
    所述基于所述终端的图像显示特性和所述硬件标识信息生成指纹图像包括: The generating the fingerprint image based on the image display characteristic of the terminal and the hardware identification information includes:
    基于所述硬件标识信息和所述指纹生成参数生成图像生成参数;Generating an image generation parameter based on the hardware identification information and the fingerprint generation parameter;
    将所述图像生成参数作为帆布指纹生成函数的输入生成指纹图像,所述指纹图像在像素层面上的显示效果由所述图像显示特性确定。The image generation parameter is used as an input of a canvas fingerprint generation function to generate a fingerprint image, and a display effect of the fingerprint image on a pixel level is determined by the image display characteristic.
  7. 如权利要求6所述的终端指纹生成方法,其中,所述基于所述硬件标识信息和所述指纹生成参数生成图像生成参数包括:The terminal fingerprint generating method according to claim 6, wherein the generating the image generating parameter based on the hardware identification information and the fingerprint generating parameter comprises:
    根据所述硬件标识信息和所述指纹生成参数生成校验码;Generating a check code according to the hardware identification information and the fingerprint generation parameter;
    根据所述硬件标识信息和所述指纹生成参数以及所述校验码生成图像生成参数。An image generation parameter is generated according to the hardware identification information and the fingerprint generation parameter and the check code.
  8. 一种终端指纹生成装置,包括:A terminal fingerprint generating device includes:
    信息获取模块,设置为:获取终端的硬件标识信息,所述硬件标识信息用于唯一识别所述终端;The information obtaining module is configured to: obtain hardware identification information of the terminal, where the hardware identification information is used to uniquely identify the terminal;
    图像生成模块,设置为:基于所述终端的图像显示特性和所述硬件标识信息生成指纹图像;An image generating module, configured to: generate a fingerprint image based on an image display characteristic of the terminal and the hardware identification information;
    指纹生成模块,设置为:根据所述指纹图像的像素生成终端指纹。The fingerprint generating module is configured to: generate a terminal fingerprint according to the pixels of the fingerprint image.
  9. 如权利要求8所述的终端指纹生成装置,其中,所述指纹生成模块设置为:提取所述指纹图像中多个像素的像素值,并将所述多个像素中每个像素及该像素的像素值排列拼接形成图像像素数据,以及设置为:对所述图像像素数据进行哈希转换生成终端指纹。The terminal fingerprint generating apparatus according to claim 8, wherein the fingerprint generating module is configured to: extract pixel values of a plurality of pixels in the fingerprint image, and each pixel of the plurality of pixels and the pixel Pixel values are arranged to form image pixel data, and are set to: perform hash conversion on the image pixel data to generate a terminal fingerprint.
  10. 如权利要求8或9所述的终端指纹生成装置,其中,The terminal fingerprint generating device according to claim 8 or 9, wherein
    所述信息获取模块还设置为:获取用户输入的指纹生成参数;The information acquiring module is further configured to: acquire a fingerprint generating parameter input by the user;
    所述图像生成模块是设置为:基于所述硬件标识信息和所述指纹生成参数生成图像生成参数;并将所述图像生成参数作为帆布指纹生成函数的输入生成指纹图像,所述指纹图像在像素层面上的显示效果由所述图像显示特性确定。 The image generation module is configured to: generate an image generation parameter based on the hardware identification information and the fingerprint generation parameter; and generate the fingerprint image as an input of a canvas fingerprint generation function, where the fingerprint image is in a pixel The display effect on the level is determined by the image display characteristics.
PCT/CN2017/094981 2016-07-28 2017-07-28 Fingerprint generation method utilized in terminal, and device WO2018019298A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201610606463.1 2016-07-28
CN201610606463.1A CN107665299A (en) 2016-07-28 2016-07-28 A kind of Terminal fingerprints generation method and device

Publications (1)

Publication Number Publication Date
WO2018019298A1 true WO2018019298A1 (en) 2018-02-01

Family

ID=61015808

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/094981 WO2018019298A1 (en) 2016-07-28 2017-07-28 Fingerprint generation method utilized in terminal, and device

Country Status (2)

Country Link
CN (1) CN107665299A (en)
WO (1) WO2018019298A1 (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111400695A (en) * 2020-04-09 2020-07-10 中国建设银行股份有限公司 Equipment fingerprint generation method, device, equipment and medium
CN111666596A (en) * 2020-07-10 2020-09-15 腾讯科技(深圳)有限公司 Data processing method, device and medium
CN111770080A (en) * 2020-06-28 2020-10-13 深圳前海微众银行股份有限公司 Method and device for recovering device fingerprint
US20210326412A1 (en) * 2020-04-20 2021-10-21 Cisco Technology, Inc. Secure automated issue detection
CN117714279A (en) * 2023-07-28 2024-03-15 荣耀终端有限公司 Method for device management, router and readable storage medium

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108449627B (en) * 2018-03-16 2021-08-10 北京视觉世界科技有限公司 Video processing method, video source identification method, video processing device, video source identification device and video source identification medium
CN109657447B (en) * 2018-11-28 2023-03-14 腾讯科技(深圳)有限公司 Equipment fingerprint generation method and device
CN110851883B (en) * 2019-10-29 2021-11-02 武汉极意网络科技有限公司 Equipment fingerprint generation method and device based on picture drawing
CN111246382B (en) * 2020-03-26 2021-02-09 嘉兴嘉赛信息技术有限公司 Method for detecting whether smart phone is controlled equipment or not through hardware fingerprint

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102891751A (en) * 2011-07-21 2013-01-23 中国移动通信集团公司 Method and equipment for generating business code from fingerprint image
CN104660605A (en) * 2015-03-05 2015-05-27 北京安普诺信息技术有限公司 Multi-factor identity authentication method and system
CN105653911A (en) * 2016-01-06 2016-06-08 上海斐讯数据通信技术有限公司 Unlocking method and system based on two-dimension code

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102891751A (en) * 2011-07-21 2013-01-23 中国移动通信集团公司 Method and equipment for generating business code from fingerprint image
CN104660605A (en) * 2015-03-05 2015-05-27 北京安普诺信息技术有限公司 Multi-factor identity authentication method and system
CN105653911A (en) * 2016-01-06 2016-06-08 上海斐讯数据通信技术有限公司 Unlocking method and system based on two-dimension code

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111400695A (en) * 2020-04-09 2020-07-10 中国建设银行股份有限公司 Equipment fingerprint generation method, device, equipment and medium
CN111400695B (en) * 2020-04-09 2024-05-10 中国建设银行股份有限公司 Equipment fingerprint generation method, device, equipment and medium
US20210326412A1 (en) * 2020-04-20 2021-10-21 Cisco Technology, Inc. Secure automated issue detection
US11816193B2 (en) * 2020-04-20 2023-11-14 Cisco Technology, Inc. Secure automated issue detection
CN111770080A (en) * 2020-06-28 2020-10-13 深圳前海微众银行股份有限公司 Method and device for recovering device fingerprint
CN111666596A (en) * 2020-07-10 2020-09-15 腾讯科技(深圳)有限公司 Data processing method, device and medium
CN117714279A (en) * 2023-07-28 2024-03-15 荣耀终端有限公司 Method for device management, router and readable storage medium

Also Published As

Publication number Publication date
CN107665299A (en) 2018-02-06

Similar Documents

Publication Publication Date Title
WO2018019298A1 (en) Fingerprint generation method utilized in terminal, and device
US20210271745A1 (en) Authentication Methods and Systems
US9082053B2 (en) Code pattern comprising information deciphered by digital device and operating system for same
US20170109852A1 (en) Personal safety verification system and similarity search method for data encrypted for confidentiality
CN111784556A (en) Method, device, terminal and storage medium for adding digital watermark in image
CN112650875A (en) House image verification method and device, computer equipment and storage medium
US20200218772A1 (en) Method and apparatus for dynamically identifying a user of an account for posting images
CN110189384B (en) Image compression method, device, computer equipment and storage medium based on Unity3D
CN104376314B (en) A kind of constructive method towards Google glass Internet of Things web station system
CN115511030A (en) Anti-counterfeiting verification method and device and electronic equipment
CN109657487A (en) Image processing method, image authentication method and its device
CN109919414A (en) P2P network loan platform risk analysis method, device and storage medium
CN112004148B (en) Video processing method, video processing device, computer equipment and storage medium
CN106550236B (en) Method and apparatus for generating and decoding video stream with verification data
CN103685148A (en) Security information interaction system, security information interaction device and security information interaction method
CN111698226B (en) Method and device for verifying and selling ticket
EP4277200A1 (en) Method and program
WO2019127514A1 (en) Graphic code generation method and apparatus, graphic code verification method and apparatus, device, and storage medium
CN112907429A (en) Digital signature setting and extracting method and device, storage medium and electronic equipment
CN107688559A (en) Display methods, device and the computer-readable recording medium of prompt message
CN117370947A (en) Unlocking method, terminal equipment and storage medium
CN116912075A (en) Watermark image processing method, watermark image processing device, computer equipment and storage medium
CN113780029A (en) Verification method and device of novel three-dimensional code combined with portrait
JP6407112B2 (en) Imprint image processing program, imprint image processing method, and information processing apparatus
CN115150083A (en) Block chain based account private key storage and verification method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17833601

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17833601

Country of ref document: EP

Kind code of ref document: A1