WO2019205888A1 - Image processing method and apparatus, electronic device, and storage medium - Google Patents

Image processing method and apparatus, electronic device, and storage medium Download PDF

Info

Publication number
WO2019205888A1
WO2019205888A1 PCT/CN2019/080556 CN2019080556W WO2019205888A1 WO 2019205888 A1 WO2019205888 A1 WO 2019205888A1 CN 2019080556 W CN2019080556 W CN 2019080556W WO 2019205888 A1 WO2019205888 A1 WO 2019205888A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
authorization
transmitted
request instruction
receiving
Prior art date
Application number
PCT/CN2019/080556
Other languages
French (fr)
Chinese (zh)
Inventor
郭子青
周海涛
Original Assignee
Oppo广东移动通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Oppo广东移动通信有限公司 filed Critical Oppo广东移动通信有限公司
Publication of WO2019205888A1 publication Critical patent/WO2019205888A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/16Human faces, e.g. facial parts, sketches or expressions
    • G06V40/161Detection; Localisation; Normalisation

Definitions

  • the present application relates to the field of computer technology, and in particular, to an image processing method and apparatus, an electronic device, and a computer readable storage medium.
  • the identity verification mainly collects the biological information, detects the biological information and extracts the features, and compares the extracted features with the features in the database.
  • Existing authentication methods are used for access control attendance, payment, and image recognition.
  • the embodiment of the present application provides an image processing method, device, electronic device, and computer readable storage medium, which can improve the security of identity verification.
  • An image processing method comprising:
  • An image processing apparatus comprising:
  • An instruction acquisition module configured to acquire a request instruction for biometric information entry
  • An authorization mark receiving module configured to receive an authorization mark transmitted from the first application according to the request instruction, and receive an authorization mark transmitted from the second application;
  • the authorization mark comparison module is configured to compare the authorization mark transmitted by the first application with the authorization mark transmitted by the second application to obtain a comparison result.
  • An electronic device includes a memory and a processor, wherein the memory stores a computer program, and when the computer program is executed by the processor, the processor performs the following steps:
  • a computer readable storage medium having stored thereon a computer program, the computer program being executed by a processor to implement the following steps:
  • FIG. 1 is an application environment diagram of an image processing method in an embodiment
  • FIG. 2 is a diagram showing the internal structure of an electronic device in an embodiment
  • FIG. 3 is a flow chart of an image processing method in an embodiment
  • FIG. 4 is a flow chart of a method for generating an authorization token in an embodiment
  • FIG. 5 is a flowchart of a method for prompting abnormal information in an embodiment
  • FIG. 6 is a flow chart of a method for verifying face information entry in an embodiment
  • FIG. 7 is a software architecture diagram of an image processing method in an embodiment
  • Figure 8 is a block diagram showing the structure of an image processing apparatus in an embodiment
  • FIG. 9 is a partial structural block diagram of a mobile phone in an embodiment.
  • first may be referred to as a second client
  • second client may be referred to as a first client, without departing from the scope of the present application.
  • Both the first client and the second client are clients, but they are not the same client.
  • an image processing method is provided to be applied to the above electronic device for illustration. As shown in FIG. 3, the method includes the following steps:
  • Step 302 Acquire a request instruction for biometric information entry.
  • Step 304 Receive an authorization token transmitted from the first application according to the request instruction, and receive an authorization token transmitted from the second application.
  • Step 306 Compare the authorization mark transmitted by the first application with the authorization mark transmitted by the second application to obtain a comparison result.
  • an image processing method provided may further include a process of generating an authorization mark, and the specific steps include:
  • Step 402 Obtain a configured password and a first timestamp when the request instruction is obtained.
  • Step 404 Randomly generate a security identifier according to the password and the first timestamp.
  • Step 406 Generate an authorization token according to the security identifier.
  • an image processing method provided may further include a process of prompting abnormal information, and the specific steps include:
  • Step 502 Obtain an interval duration between the current time and the first timestamp.
  • Step 504 When the interval duration exceeds the preset duration, the abnormal information is prompted.
  • an image processing method may further include: a process of obtaining a comparison result, specifically: determining whether an interval duration exceeds a pre-determination when an authorization flag transmitted by the first application is the same as an authorization flag transmitted by the second application. Set the duration. When the interval duration does not exceed the preset duration, the comparison result of the verification success is obtained.
  • an image processing method provided may further include receiving a process of transmitting an authorization flag from the first application and the second application, specifically: receiving, according to the request instruction, the first application by using an untrusted operation mode and authenticating An authorization token for the shared memory transfer of the run mode, and an authorization token for receiving the shared memory transfer of the second application through the untrusted mode of operation and the trusted mode of operation.
  • an authorization mark transmitted by a first application and an authorization mark transmitted by a second application are authorization marks processed by a digital signature.
  • an image processing method provided may further include a process of verifying face information input, and the specific steps include:
  • Step 602 Acquire a request instruction for inputting face information.
  • Step 604 Receive an authorization mark for the face application transmission in the trusted operation mode according to the request instruction, and receive an authorization mark transmitted by the key management application in the trusted operation mode.
  • Step 606 compare the authorization mark transmitted by the face application with the authorization mark transmitted by the key management application. If the same, the face information is entered.
  • an image processing apparatus including: an instruction acquisition module 810, an authorization mark receiving module 820, and an authorization mark comparison module 830, wherein:
  • the instruction acquisition module 810 is configured to acquire a request instruction for biometric information entry.
  • the authorization mark receiving module 820 is configured to receive the authorization mark transmitted from the first application according to the request instruction, and receive the authorization mark transmitted from the second application.
  • the authorization mark comparison module 830 is configured to compare the authorization mark transmitted by the first application with the authorization mark transmitted by the second application to obtain a comparison result.
  • the embodiment of the present application also provides a computer readable storage medium.
  • One or more non-transitory computer readable storage media containing computer executable instructions that, when executed by one or more processors, cause the processor to perform the following steps:
  • Step 302 Acquire a request instruction for biometric information entry
  • Step 304 Receive an authorization mark transmitted from the first application according to the request instruction, and receive an authorization mark transmitted from the second application;
  • Step 306 Compare an authorization mark transmitted by the first application with an authorization mark transmitted by the second application, to obtain a comparison result.
  • Step 402 Obtain a configured password and a first timestamp when the request instruction is obtained.
  • Step 404 Randomly generate a security identifier according to the password and the first timestamp.
  • Step 406 Generate an authorization token according to the security identifier.
  • Step 502 Obtain an interval duration between the current time and the first timestamp.
  • Step 504 When the interval duration exceeds a preset duration, the abnormal information is prompted;
  • an authorization token transmitted by the first application through the shared memory of the untrusted operation mode and the trusted operation mode
  • receiving an authorization token transmitted by the second application through the shared memory of the non-trusted operation mode and the trusted operation mode
  • the authorization mark transmitted by the first application and the authorization mark transmitted by the second application are authorization marks processed by the digital signature
  • Step 602 Acquire a request instruction for entering a face information.
  • Step 604 Receive, according to the request instruction, an authorization mark transmitted by the face application in the trusted operation mode, and receive an authorization mark transmitted by the key management application in the trusted operation mode;
  • Step 606 compare the authorization mark transmitted by the face application with the authorization mark transmitted by the key management application. If the same, the face information is entered.
  • the processor 980 included in the electronic device implements the following steps when executing the computer program stored in the memory 920:
  • Step 302 Acquire a request instruction for biometric information entry
  • Step 304 Receive an authorization mark transmitted from the first application according to the request instruction, and receive an authorization mark transmitted from the second application;
  • Step 306 Compare an authorization mark transmitted by the first application with an authorization mark transmitted by the second application, to obtain a comparison result.
  • Step 402 Obtain a configured password and a first timestamp when the request instruction is obtained.
  • Step 404 Randomly generate a security identifier according to the password and the first timestamp.
  • Step 406 Generate an authorization token according to the security identifier.
  • Step 502 Obtain an interval duration between the current time and the first timestamp.
  • Step 504 When the interval duration exceeds a preset duration, the abnormal information is prompted;
  • an authorization token transmitted by the first application through the shared memory of the untrusted operation mode and the trusted operation mode
  • receiving an authorization token transmitted by the second application through the shared memory of the non-trusted operation mode and the trusted operation mode
  • the authorization mark transmitted by the first application and the authorization mark transmitted by the second application are authorization marks processed by the digital signature
  • Step 602 Acquire a request instruction for entering a face information.
  • Step 604 Receive, according to the request instruction, an authorization mark transmitted by the face application in the trusted operation mode, and receive an authorization mark transmitted by the key management application in the trusted operation mode;
  • Step 606 compare the authorization mark transmitted by the face application with the authorization mark transmitted by the key management application. If the same, the face information is entered.
  • FIG. 1 is a schematic diagram of an application environment of an image processing method in an embodiment.
  • the application environment includes an electronic device 200.
  • the electronic device 200 can acquire a request instruction for biometric information input, and respectively receive an authorization mark transmitted from the first application and the second application according to the request instruction, and compare the authorization tags.
  • the electronic device 200 can obtain a comparison result.
  • the electronic device 200 can be a smartphone, a tablet, a personal digital assistant, a wearable device, or the like.
  • the electronic device 200 can include a camera module 210, a first processing unit 220, a second processing unit 230, a security processing unit 240, and the like.
  • the first processing unit 220 is connected to the camera module 210, the second processing unit 230, and the security processing unit 240, respectively.
  • the camera module 210 can include a first image collector, a first projector, a second image collector, and a second projector.
  • the first image collector, the first projector, and the second projector are respectively coupled to the first processing unit 220.
  • the second image collector can be coupled to the first processing unit 220 or the second processor 230.
  • the first image capture device can be a laser camera 212.
  • the first projector can be a floodlight 214.
  • the second image capture device can be an RGB (Red/Green/Blue, red/green/blue color mode) camera 216.
  • the second projector can be a laser light 218. Both the laser camera 212 and the RGB camera 216 may include elements such as lenses and image sensors.
  • the image sensor is generally a Complementary Metal Oxide Semiconductor (CMOS) or a charge coupled device (CCD).
  • CMOS Complementary Metal Oxide Semiconductor
  • CCD charge coupled device
  • the surface of the image sensor in the laser camera 212 is configured to provide intensity extraction of light of different wavelengths by providing filters corresponding to the pixels one by one, so that the laser camera 212 can collect invisible light images of different wavelengths.
  • the filter may allow the wavelength of light to pass to coincide with the wavelength of light emitted by the laser lamp 218, such as infrared light, ultraviolet light, or the like.
  • the RGB camera 216 can use Bayer filters to acquire light intensity information of three channels (R/G/B), and collect color images of the target object.
  • the floodlight 214 can be a laser diode, an LED, or the like.
  • the illuminating wavelength of the floodlight 214 is the same as the wavelength of the laser 218.
  • the second projector may include a light source, a lens, and a structured light pattern generator, wherein the light source may be a surface emitting laser, a Vertical Cavity Surface Emitting Laser (VCSEL) array, and the structured light pattern generator may be frosted glass. Diffractive Optical Elements (DOE) or a combination of both.
  • DOE Diffractive Optical Elements
  • the first processing unit 220 can be an MCU (Microcontroller Unit).
  • the MCU may include PWM (Pulse Width Modulation) 222, SPI/I2C (Serial Peripheral Interface/Inter-Integrated Circuit) 224, RAM (Random Access Memory, Random access memory) 226 and Depth Engine 228.
  • the MCU can be synchronized by the PWM control floodlight 214 and the laser camera 212.
  • the floodlight 214 emits floodlight to the target object, and the floodlight image is collected by the laser camera 212. If the floodlight 214 emits infrared light, the infrared light is collected. image.
  • the MCU is synchronized with the laser camera 218 by the PWM control laser 218, and the laser lamp 218 projects the structured light pattern to the target object, and the laser camera 212 acquires the target speckle image.
  • the laser light 218 pre-projects a structured light pattern (a pattern with speckle particles) onto a reference plane at a known distance from the electronic device 200, which is captured by the laser camera 212 as a reference speckle image
  • the memory stored in the memory of the first processing unit 220 may be stored in the memory of the second processing unit 230 or may be stored in the memory of the security processing unit 240. This memory is a non-volatile memory.
  • the second processing unit 230 can be a CPU processor.
  • the second processing unit 230 includes a CPU core running under a TEE (Trusted execution environment) and a CPU core running under a REE (Rich Execution Environment).
  • TEE and REE are operating modes of ARM modules (Advanced RISC Machines, Advanced Reduced Instruction Set Processor).
  • ARM modules Advanced RISC Machines, Advanced Reduced Instruction Set Processor
  • the CPU running under the TEE The kernel can send a face acquisition command to the SPI/I2C interface 224 of the first processing unit 220 through the SECURE SPI/I2C bus 250, and can acquire the infrared image by using the PWM 222 to transmit the pulse wave control camera module 210 to turn on the floodlight 214.
  • the laser light 218 in the control camera module 210 is turned on to collect the target speckle image.
  • the camera module 210 can transmit the acquired infrared image and the target speckle image to the depth engine 228 in the first processing unit 220 for processing.
  • the depth engine 228 may calculate the acquired target speckle image and the reference speckle image to obtain a parallax image with offset information of the corresponding point in the target speckle image and the reference speckle image, and process the parallax image to obtain a depth image. .
  • the first processing unit 220 performs face recognition according to the acquired infrared image, and detects whether there is a human face in the infrared image and whether the detected face matches the stored face.
  • the face recognition according to the infrared image may also be implemented by the security processing unit 240.
  • the first processing unit 220 may send the acquired infrared image to the security processing unit 240, and the security processing unit 240 detects whether there is a human face in the infrared image and The detected face matches the stored face. If the face recognition passes, the first processing unit 220 performs the living body detection according to the infrared image and the depth image to detect whether the human face has biological activity.
  • the living body detection may be performed first, then the face recognition may be performed, or the face recognition and the living body detection may be performed simultaneously.
  • the first processing unit 220 performs the living body detection and then performs the face recognition; or the first processing unit 220 performs the living body detection first, and the security processing unit 240 performs the face recognition again; or the first processing unit 220 performs the face recognition and the same.
  • the living body detection; or the first processing unit 220 performs the living body detection while the security processing unit 240 performs face recognition.
  • the first processing unit 220 may transmit intermediate information (eg, a parallax image) of the infrared image and the depth image described above to the security processing unit 240, as the face recognition passes and the detected face is biologically active.
  • the security processing unit 240 calculates the depth information of the face according to the intermediate information of the infrared image and the depth image, and transmits the depth information to the CPU core under the TEE.
  • the camera module 210 can transmit the acquired infrared image and the target speckle image to the depth engine 228 in the first processing unit 220 for processing.
  • the depth engine 228 can calculate the acquired target speckle image and the reference speckle image to obtain a disparity image with offset information of the corresponding point in the target speckle image and the reference speckle image, and the first processing unit 220 can convert the disparity.
  • the image is transmitted to the security processing unit 240 through a Mobile Industry Processor Interface (MIPI), and the security processing unit 240 processes the parallax image to obtain a depth image.
  • MIPI Mobile Industry Processor Interface
  • the first processing unit 220 performs face recognition according to the acquired infrared image, and detects whether there is a human face in the infrared image and whether the detected face matches the stored face.
  • the face recognition according to the infrared image may also be implemented by the security processing unit 240.
  • the first processing unit 220 may send the acquired infrared image to the security processing unit 240, and the security processing unit 240 detects whether there is a human face in the infrared image and The detected face matches the stored face. If the face recognition passes, the security processing unit 240 performs the living body detection according to the infrared image and the depth image to detect whether the human face has biological activity.
  • the living body detection may be performed first, then the face recognition may be performed, or the face recognition and the living body detection may be performed simultaneously.
  • the security processing unit 240 performs the living body detection first, and the first processing unit 220 performs the face recognition again; or the security processing unit 240 performs the living body detection first, and then performs the face recognition; or the first processing unit 220 performs the face recognition.
  • the security processing unit 240 performs a living body detection; or the security processing unit 240 performs face recognition and living body detection simultaneously.
  • the parallax image can be processed by the security processing unit 240 to obtain a depth image, thereby reducing the amount of data processing required by the first processing unit 220, thereby improving the processing efficiency and processing capability of the electronic device 200.
  • the security processing unit 240 may be a separate processor or a security area formed by using hardware and software isolation in the second processing unit 230.
  • the second processing unit 230 may be a multi-core processor, and one of the cores is processed.
  • the device is defined as a security processing unit for calculating depth information of a face, matching of the acquired infrared image with the stored infrared image, matching of the calculated depth image with the stored depth image, and the like.
  • the security processing unit 240 can perform parallel processing or serial processing on the data.
  • an image processing method is provided to be applied to the above electronic device for illustration. As shown in FIG. 3, the method includes the following steps:
  • Step 302 Acquire a request instruction for biometric information entry.
  • the biological information may be information unique to a living body such as a face, a fingerprint, or a palm print.
  • Biometric information can be entered via devices on the electronic device.
  • the face image can be collected by the camera module on the electronic device, and the CPU module controls the camera module to work, thereby realizing the input of the face information.
  • the request command may be an instruction issued by a device on the electronic device to request entry of the biometric information.
  • the camera module can send a request instruction for inputting a face image to the electronic device.
  • the electronic device can acquire the request instruction for biometric information input through the opened device.
  • Step 304 Receive an authorization token transmitted from the first application according to the request instruction, and receive an authorization token transmitted from the second application.
  • the authorization mark is a mark generated when the electronic device acquires a request instruction for inputting biological information, and is used to verify whether the entered information is legal.
  • the first application may be an application in a trusted operating environment, for example, the first application may be a face application, and the face application may be an application for collecting a face image.
  • the second application may also be an application in a trusted operating environment.
  • the second application may be a key management application.
  • the channel of the first application transmission authorization flag is different from the channel of the second application transmission authorization flag.
  • the electronic device may control the first application and the second application to transmit the authorization flag.
  • the transmission channel of the first application transmission authorization mark is different from the transmission channel of the second application transmission authorization mark.
  • the electronic device can receive the authorization mark transmitted by the first application in the trusted running environment or the non-trusted running environment, and the electronic device can also receive the second application transmission in the trusted running environment or the non-trusted running environment. Authorization mark.
  • Step 306 Compare the authorization mark transmitted by the first application with the authorization mark transmitted by the second application to obtain a comparison result.
  • the electronic device can receive the authorization token transmitted by the first application and the authorization token transmitted by the second application.
  • the authorization mark is generated when the electronic device obtains the request instruction for inputting the biological information, and after the different transmission channels, the electronic device can compare the authorization mark transmitted by the first application with the authorization mark transmitted by the second application, and the first The authorization flag transmitted by the application is the same as or different from the authorization flag transmitted by the second application.
  • the traditional authentication method only compares the characteristics of the extracted biological information with the features in the database, and has a problem of low security.
  • the embodiment of the present application transmits the authorization token transmitted from the first application according to the request instruction, and receives the authorization token transmitted from the second application according to the request instruction, and transmits the authorization token transmitted by the first application to the second application.
  • the authorization tokens are compared and the comparison results are obtained.
  • the security of biometric information entry can be improved by receiving authorization tokens transmitted by different applications and comparing the received authorization tokens transmitted by different applications.
  • an image processing method provided may further include a process of generating an authorization mark, and the specific steps include:
  • Step 402 Obtain a configured password and a first timestamp when the request instruction is obtained.
  • the configured password can be configured by the user through the display of the electronic device, and the configured password can be a digital password or a pattern password.
  • a timestamp is a sequence of characters used to identify a certain time.
  • the electronic device can obtain a password configured through the display.
  • the electronic device may also acquire a first timestamp when the request instruction is acquired, and the first timestamp is a sequence of time characters when the request instruction is acquired.
  • Step 404 Randomly generate a security identifier according to the password and the first timestamp.
  • Security Identifiers are unique numbers that identify users, groups, and computers.
  • the electronic device may randomly generate a security identifier according to the password and the first timestamp, and the security identifier may be a 64-bit identifier.
  • the security identifier can also be bound to a password.
  • Step 406 Generate an authorization token according to the security identifier.
  • the electronic device can generate an authorization token based on the security identifier.
  • the generated authorization token can be a password set, and the generated authorization token can contain multiple key factors such as a timestamp, a security identifier, and a hardware-related hash check code.
  • the security token is randomly generated according to the password and the first timestamp by obtaining the configured password and the first timestamp when the request instruction is obtained, and the authorization token is generated according to the security identifier.
  • the electronic device generates a security identifier based on the password and the first timestamp. Since the authorization token is generated based on the security identifier, the security of the information entry can be improved.
  • an image processing method provided may further include a process of prompting abnormal information, and the specific steps include:
  • Step 502 Obtain an interval duration between the current time and the first timestamp.
  • the electronic device can obtain the current time when it is in working state.
  • the electronic device may further calculate a time difference according to the obtained current time and the first timestamp, where the time difference is an interval time between the current time and the first timestamp.
  • Step 504 When the interval duration exceeds the preset duration, the abnormal information is prompted.
  • the preset duration can be a preset period of time.
  • the preset duration can be 3 seconds.
  • the electronic device can obtain the current time when the working state is at any time, and then calculate the interval time according to the acquired time.
  • the electronic device can also compare the acquired interval duration with the preset duration. When the interval duration exceeds the preset duration, the electronic device can prompt the abnormal information. Specifically, the electronic device can prompt an abnormality by shaking, sending information, ringing, and the like.
  • the electronic device can control the working time by acquiring the interval duration, and prompt the abnormal information when the interval duration exceeds the preset duration, thereby ensuring the safe working time of the electronic device.
  • an image processing method may further include: a process of obtaining a comparison result, specifically: determining whether an interval duration exceeds a pre-determination when an authorization flag transmitted by the first application is the same as an authorization flag transmitted by the second application. Set the duration. When the interval duration does not exceed the preset duration, the comparison result of the verification success is obtained.
  • the electronic device may determine whether the authorization mark transmitted by the first application is the same as the authorization mark transmitted by the second application, and when the electronic device determines that the authorization mark transmitted by the first application is the same as the authorization mark transmitted by the second application, the electronic device may also Whether the interval duration exceeds the preset duration for further judgment. When the electronic device determines that the interval duration does not exceed the preset duration, the electronic device may obtain a comparison result of successful verification.
  • the authorization flag transmitted by the first application is the same as the authorization flag transmitted by the second application, it is determined whether the interval duration exceeds the preset duration, and when the interval duration does not exceed the preset duration, the comparison result of the verification success is obtained. Only when the authorization mark transmitted by the first application is the same as the authorization mark transmitted by the second application, and the interval duration does not exceed the preset duration, the electronic device obtains the comparison result of the verification success, and improves the accuracy of the electronic device to obtain the comparison result. .
  • an image processing method provided may further include receiving a process of transmitting an authorization flag from the first application and the second application, specifically: receiving, according to the request instruction, the first application by using an untrusted operation mode and authenticating An authorization token for the shared memory transfer of the run mode, and an authorization token for receiving the shared memory transfer of the second application through the untrusted mode of operation and the trusted mode of operation.
  • Data can be transferred between the trusted operating mode and the untrusted operating mode through shared memory, that is, the untrusted operating mode can transfer data to the trusted operating mode through the shared memory.
  • the electronic device may separately receive the authorization mark transmitted by the first application and the second application according to the request instruction, and the first application and the second application may transmit the authorization mark in a trusted operation mode, and the trusted operation mode may transmit the authorization mark to the shared memory through the shared memory.
  • the electronic device can compare the received authorization tags of the first application and the second application in the untrusted operation mode, and obtain a comparison result.
  • the first application and the second application may also transmit the authorization token through the untrusted operation mode, and the non-trusted operation mode may transmit the authorization token to the trusted operation mode through the shared memory, and the electronic device may receive the trusted operation mode.
  • the first application is compared with the authorization flag of the second application, and the comparison result is obtained.
  • the electronic device can compare the received authorization tags in the trusted operation mode or the non-trust mode, thereby improving the security of the authorization tag transmission and the accuracy of the comparison result.
  • an authorization mark transmitted by a first application and an authorization mark transmitted by a second application are authorization marks processed by a digital signature.
  • Digital signature refers to a digital string that cannot be forged by using public key encryption technology. Digital signature is an encryption process. Authorization tokens can be encrypted using digital signatures. The authorization mark transmitted by the first application and the authorization mark transmitted by the second application received by the electronic device are all authorized identifiers encrypted by using a digital signature.
  • the security of the authorization mark transmission is improved.
  • an image processing method provided may further include a process of verifying face information input, and the specific steps include:
  • Step 602 Acquire a request instruction for inputting face information.
  • the electronic device can turn on the camera module to collect the face image.
  • the camera module can send a request instruction for acquiring face information input to the electronic device. That is, the electronic device can acquire a request instruction for inputting face information through the camera module.
  • Step 604 Receive an authorization mark for the face application transmission in the trusted operation mode according to the request instruction, and receive an authorization mark transmitted by the key management application in the trusted operation mode.
  • the electronic device can control the face application and the key management application to transmit the authorization mark.
  • the face application and key management application is an application in the trusted mode of operation. Among them, an application for a face application for collecting a face image.
  • the face application and the key management application can use a digital signature method to encrypt the authorization label transmitted by the face application and the authorization token transmitted by the key management application.
  • the electronic device can simultaneously receive the authorization mark transmitted by the decrypted face application and the key management application.
  • Step 606 compare the authorization mark transmitted by the face application with the authorization mark transmitted by the key management application. If the same, the face information is entered.
  • the electronic device may decrypt the authorization mark transmitted by the received face application and the authorization mark transmitted by the key management application.
  • the electronic device may also compare the authorization mark transmitted by the decrypted face application with the authorization mark transmitted by the decrypted key management application, when the authorization mark transmitted by the face application is exactly the same as the authorization mark transmitted by the key management application. , face information is entered.
  • Receiving the request instruction of the face information input receiving the authorization mark of the face application transmission in the trusted operation mode according to the request instruction, and receiving the authorization mark transmitted by the key management application in the trusted operation mode, and transmitting the face application
  • the authorization token is compared with the authorization token transmitted by the key management application. If the same, the face information is entered. By comparing the authorization flag to verify whether the face information is legally verified, the security of face information entry can be improved.
  • FIG. 7 is a schematic diagram of a software architecture of an image processing method in an embodiment.
  • the software architecture includes an application layer 710, an operating system 720, and a trusted operating environment 730.
  • the module in the trusted operating environment 730 includes a security service module 734.
  • the hardware layer includes a floodlight & laser 731, an infrared camera 732, a micro control unit 733, and the like.
  • the micro control unit 733 can ensure the security of the data by controlling its input and output.
  • the micro control unit 733 can collect the safe infrared image and the target speckle image by controlling the floodlight & laser 731 and the infrared camera 732, and then transmit and transmit the infrared image and the target speckle image to the security service module of the trusted operating environment 730. 734.
  • the operating system 720 includes a security management module 721, a face management module 722, a camera driver 723, and a camera frame 724.
  • the application layer 710 includes an application 711.
  • the application 711 can initiate an image acquisition command, and the electronic device can drive the floodlight & laser 731 and the infrared camera 732 to operate through the image acquisition command. For example, when performing a payment, unlocking, beauty, etc.
  • the application initiates an image acquisition instruction for collecting a face image.
  • the camera acquires the infrared image and the target speckle image, it determines whether the currently acquired image is for a secure application operation or a non-secure application operation according to the image acquisition instruction.
  • the acquired depth image is for security application operation
  • the acquired infrared image and the target speckle image are sent to the micro control unit 733 through the secure channel, and the micro control unit 733 performs the target speckle image and the reference speckle image according to the target image.
  • the parallax image is calculated, and the depth image is calculated according to the parallax image, and the calculated depth image and infrared image are sent to the security service module 734.
  • the process of calculating the depth image from the target speckle image can also be performed in the security service module 734.
  • the security service module 734 sends the infrared image and the depth image to the security management module 721.
  • different applications 711 have corresponding security management modules 721, and the security management module 721 sends the depth images and infrared images to the corresponding face management module 722.
  • the face management module 722 performs face detection, recognition, verification, and the like according to the infrared image and the depth image, and then sends the processing result to the upper application 711, and the application 711 performs the security application operation according to the processing result.
  • the infrared image and the target speckle image collected by the infrared camera 732 can be directly sent to the camera driver 723 through the non-secure channel.
  • the camera driver 723 can calculate a parallax image from the target speckle pattern and calculate a depth image from the parallax image.
  • the camera driver 723 can transmit the infrared image and the depth image to the camera frame 724, and then to the face management module 722 or the application 711 by the camera frame 724.
  • the switching between the secure channel and the non-secure channel is performed by the micro control unit 733.
  • an image processing method is provided, and the specific steps of implementing the method are as follows:
  • the electronic device can obtain a request instruction for biometric information entry.
  • the biological information may be information unique to a living body such as a face, a fingerprint, or a palm print.
  • Biometric information can be entered via devices on the electronic device.
  • the request command may be an instruction issued by a device on the electronic device to request entry of the biometric information.
  • the electronic device can acquire the request instruction for biometric information input through the opened device.
  • the electronic device can also obtain the configured password and the first time stamp when the request instruction is obtained.
  • the electronic device can obtain a password configured through the display.
  • the electronic device may also acquire a first timestamp when the request instruction is acquired, and the first timestamp is a sequence of time characters when the request instruction is acquired.
  • the electronic device can also randomly generate a security identifier based on the password and the first timestamp.
  • the electronic device may randomly generate a security identifier according to the password and the first timestamp, and the security identifier may be a 64-bit identifier.
  • the security identifier can also be bound to a password.
  • the electronic device can also generate an authorization token based on the security identifier.
  • the electronic device can generate an authorization token based on the security identifier.
  • the generated authorization token can be a password set, and the generated authorization token can contain multiple key factors such as a timestamp, a security identifier, and a hardware-related hash check code.
  • the electronic device can receive the authorization flag transmitted from the first application according to the request instruction, and receive the authorization flag transmitted from the second application. After receiving the request instruction, the electronic device may control the first application and the second application to transmit the authorization flag.
  • the transmission channel of the first application transmission authorization mark is different from the transmission channel of the second application transmission authorization mark.
  • the electronic device can receive the authorization mark transmitted by the first application in the trusted running environment or the non-trusted running environment, and the electronic device can also receive the second application transmission in the trusted running environment or the non-trusted running environment. Authorization mark.
  • the electronic device may further receive, according to the request instruction, an authorization mark transmitted by the first application through the shared memory of the untrusted operation mode and the trusted operation mode, and receive the shared memory of the second application through the untrusted operation mode and the trusted operation mode.
  • Authorization token transmitted by the first application through the shared memory of the untrusted operation mode and the trusted operation mode
  • the electronic device may further compare the authorization mark transmitted by the first application with the authorization mark transmitted by the second application to obtain a comparison result.
  • the electronic device can receive the authorization token transmitted by the first application and the authorization token transmitted by the second application.
  • the authorization mark is generated when the electronic device obtains the request instruction for inputting the biological information, and after the different transmission channels, the electronic device can compare the authorization mark transmitted by the first application with the authorization mark transmitted by the second application, and the first The authorization flag transmitted by the application is the same as or different from the authorization flag transmitted by the second application.
  • the electronic device may determine whether the interval duration exceeds a preset duration. When the interval duration does not exceed the preset duration, the electronic device may obtain a comparison result of successful verification. .
  • the electronic device can obtain the interval duration between the current time and the first time stamp.
  • the electronic device can obtain the current time when it is in working state.
  • the electronic device may further calculate a time difference according to the obtained current time and the first timestamp, where the time difference is an interval time between the current time and the first timestamp.
  • the electronic device can prompt the abnormality information.
  • the authorization mark transmitted by the first application and the authorization mark transmitted by the second application are all authorized tokens processed by the digital signature.
  • an image processing apparatus including: an instruction acquisition module 810, an authorization flag receiving module 820, and an authorization flag comparison module 830, wherein:
  • the instruction acquisition module 810 is configured to acquire a request instruction for biometric information entry.
  • the authorization mark receiving module 820 is configured to receive the authorization mark transmitted from the first application according to the request instruction, and receive the authorization mark transmitted from the second application.
  • the authorization mark comparison module 830 is configured to compare the authorization mark transmitted by the first application with the authorization mark transmitted by the second application to obtain a comparison result.
  • the instruction obtaining module 810 is further configured to obtain the configured password and the first timestamp when the request instruction is obtained, randomly generate the security identifier according to the password and the first timestamp, and generate the authorization token according to the security identifier.
  • the instruction acquisition module 810 is further configured to obtain an interval duration between the current time and the first timestamp, and when the interval duration exceeds the preset duration, the abnormality information is prompted.
  • the authorization flag comparison module 830 is further configured to: when the authorization flag transmitted by the first application is the same as the authorization flag transmitted by the second application, determine whether the interval duration exceeds a preset duration, when the interval duration does not exceed the preset duration. When the duration is long, the comparison result of the verification success is obtained.
  • the authorization mark receiving module 820 is further configured to receive, according to the request instruction, an authorization mark transmitted by the first application through the shared memory of the untrusted operation mode and the trusted operation mode, and receive the second application by using the non-trusted Authorization token for shared memory transfers in Run mode and Trusted Run mode.
  • the authorization token transmitted by the first application and the authorization token transmitted by the second application are both authorized tokens processed by the digital signature.
  • the biometric information entry is a face information entry
  • the instruction acquisition module 810 is further configured to obtain a request instruction for the face information input.
  • the authorization mark receiving module 820 is further configured to receive the authorization mark transmitted by the face application in the trusted operation mode according to the request instruction, and receive the authorization mark transmitted by the key management application in the trusted operation mode.
  • the authorization mark comparison module 830 can also be used to compare the authorization mark transmitted by the face application with the authorization mark transmitted by the key management application. If the same, the face information is entered.
  • each module in the above image processing apparatus is for illustrative purposes only. In other embodiments, the image processing apparatus may be divided into different modules as needed to complete all or part of the functions of the image processing apparatus.
  • the various modules in the image processing apparatus described above may be implemented in whole or in part by software, hardware, and combinations thereof.
  • Each of the above modules may be embedded in or independent of the processor in the computer device, or may be stored in a memory in the computer device in a software form, so that the processor invokes the operations corresponding to the above modules.
  • each module in the image processing apparatus provided in the embodiments of the present application may be in the form of a computer program.
  • the computer program can run on a terminal or server.
  • the program modules of the computer program can be stored on the memory of the terminal or server.
  • the embodiment of the present application also provides a computer readable storage medium.
  • One or more non-transitory computer readable storage media containing computer executable instructions that, when executed by one or more processors, cause the processor to perform the steps of the image processing method.
  • a computer program product comprising instructions that, when executed on a computer, cause the computer to perform an image processing method.
  • An embodiment of the present application also provides an electronic device. As shown in FIG. 9 , for the convenience of description, only the parts related to the embodiments of the present application are shown. If the specific technical details are not disclosed, please refer to the method part of the embodiment of the present application.
  • the electronic device may be any terminal device including a mobile phone, a tablet computer, a PDA (Personal Digital Assistant), a POS (Point of Sales), a vehicle-mounted computer, a wearable device, and the like, and the electronic device is used as a mobile phone. :
  • FIG. 9 is a block diagram showing a partial structure of a mobile phone related to an electronic device according to an embodiment of the present application.
  • the mobile phone includes: a radio frequency (RF) circuit 910, a memory 920, an input unit 930, a display unit 940, a sensor 950, an audio circuit 960, a wireless fidelity (WiFi) module 970, and a processor 980.
  • RF radio frequency
  • the structure of the handset shown in FIG. 9 does not constitute a limitation to the handset, and may include more or less components than those illustrated, or some components may be combined, or different component arrangements.
  • the RF circuit 910 can be used for receiving and transmitting signals during the transmission and reception of information or during a call.
  • the downlink information of the base station can be received and processed by the processor 980.
  • the uplink data can also be sent to the base station.
  • RF circuits include, but are not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, and the like.
  • LNA Low Noise Amplifier
  • RF circuitry 910 can also communicate with the network and other devices via wireless communication.
  • the above wireless communication may use any communication standard or protocol, including but not limited to Global System of Mobile communication (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (Code Division). Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), e-mail, Short Messaging Service (SMS), and the like.
  • GSM Global System of Mobile communication
  • GPRS General
  • the memory 920 can be used to store software programs and modules, and the processor 980 executes various functional applications and data processing of the mobile phone by running software programs and modules stored in the memory 920.
  • the memory 920 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application required for at least one function (such as an application of a sound playing function, an application of an image playing function, etc.);
  • the data storage area can store data (such as audio data, address book, etc.) created according to the use of the mobile phone.
  • memory 920 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
  • the input unit 930 can be configured to receive input numeric or character information and to generate key signal inputs related to user settings and function control of the handset 900.
  • the input unit 930 may include a touch panel 931 and other input devices 932.
  • the touch panel 931 also referred to as a touch screen, can collect touch operations on or near the user (such as the user using a finger, a stylus, or the like on the touch panel 931 or near the touch panel 931. Operation) and drive the corresponding connection device according to a preset program.
  • the touch panel 931 can include two portions of a touch detection device and a touch controller.
  • the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information.
  • the processor 980 is provided and can receive commands from the processor 980 and execute them.
  • the touch panel 931 can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic waves.
  • the input unit 930 may also include other input devices 932.
  • other input devices 932 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.).
  • the display unit 940 can be used to display information input by the user or information provided to the user as well as various menus of the mobile phone.
  • the display unit 940 can include a display panel 941.
  • the display panel 941 may be configured in the form of a liquid crystal display (LCD), an organic light-emitting diode (OLED), or the like.
  • the touch panel 931 can cover the display panel 941. When the touch panel 931 detects a touch operation on or near it, the touch panel 931 transmits to the processor 980 to determine the type of the touch event, and then the processor 980 is The type of touch event provides a corresponding visual output on display panel 941.
  • touch panel 931 and the display panel 941 are used as two independent components to implement the input and input functions of the mobile phone in FIG. 9, in some embodiments, the touch panel 931 and the display panel 941 may be integrated. Realize the input and output functions of the phone.
  • the handset 900 can also include at least one type of sensor 950, such as a light sensor, motion sensor, and other sensors.
  • the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 941 according to the brightness of the ambient light, and the proximity sensor may close the display panel 941 and/or when the mobile phone moves to the ear. Or backlight.
  • the motion sensor may include an acceleration sensor, and the acceleration sensor can detect the magnitude of the acceleration in each direction, and the magnitude and direction of the gravity can be detected at rest, and can be used to identify the gesture of the mobile phone (such as horizontal and vertical screen switching), and vibration recognition related functions (such as Pedometer, tapping, etc.; in addition, the phone can also be equipped with gyroscopes, barometers, hygrometers, thermometers, infrared sensors and other sensors.
  • the acceleration sensor can detect the magnitude of the acceleration in each direction, and the magnitude and direction of the gravity can be detected at rest, and can be used to identify the gesture of the mobile phone (such as horizontal and vertical screen switching), and vibration recognition related functions (such as Pedometer, tapping, etc.; in addition, the phone can also be equipped with gyroscopes, barometers, hygrometers, thermometers, infrared sensors and other sensors.
  • Audio circuitry 960, speaker 961, and microphone 962 can provide an audio interface between the user and the handset.
  • the audio circuit 960 can transmit the converted electrical data of the received audio data to the speaker 961, and convert it into a sound signal output by the speaker 961.
  • the microphone 962 converts the collected sound signal into an electrical signal, and the audio circuit 960 After receiving, it is converted into audio data, and after being processed by the audio data output processor 980, it can be sent to another mobile phone via the RF circuit 910, or the audio data can be output to the memory 920 for subsequent processing.
  • WiFi is a short-range wireless transmission technology
  • the mobile phone can help users to send and receive emails, browse web pages, and access streaming media through the WiFi module 970, which provides users with wireless broadband Internet access.
  • FIG. 9 shows the WiFi module 970, it can be understood that it does not belong to the essential configuration of the mobile phone 900 and can be omitted as needed.
  • the processor 980 is the control center of the handset, which connects various portions of the entire handset using various interfaces and lines, by executing or executing software programs and/or modules stored in the memory 920, and invoking data stored in the memory 920, executing The phone's various functions and processing data, so that the overall monitoring of the phone.
  • processor 980 can include one or more processing units.
  • the processor 980 can integrate an application processor and a modem processor, wherein the application processor primarily processes an operating system, a user interface, an application, and the like; the modem processor primarily processes wireless communications. It will be appreciated that the above described modem processor may also not be integrated into the processor 980.
  • the mobile phone 900 also includes a power source 990 (such as a battery) that supplies power to various components.
  • a power source 990 such as a battery
  • the power source can be logically coupled to the processor 980 through a power management system to manage functions such as charging, discharging, and power management through the power management system.
  • the handset 900 can also include a camera, a Bluetooth module, and the like.
  • the processor 980 included in the electronic device implements the steps of the image processing method when executing the computer program stored in the memory.
  • Non-volatile memory can include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory.
  • Volatile memory can include random access memory (RAM), which acts as an external cache.
  • RAM is available in a variety of forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), dual data rate SDRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), synchronization.
  • SRAM static RAM
  • DRAM dynamic RAM
  • SDRAM synchronous DRAM
  • DDR SDRAM dual data rate SDRAM
  • ESDRAM enhanced SDRAM
  • synchronization Link (Synchlink) DRAM (SLDRAM), Memory Bus (Rambus) Direct RAM (RDRAM), Direct Memory Bus Dynamic RAM (DRDRAM), and Memory Bus Dynamic RAM (RDRAM).

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Oral & Maxillofacial Surgery (AREA)
  • Human Computer Interaction (AREA)
  • Multimedia (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Collating Specific Patterns (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

An image processing method, an apparatus, an electronic device, and a storage medium. The method comprises: obtaining a request for a biometric information entry (302); receiving an authorization tag transmitted from a first application and an authorization tag transmitted from a second application according to the request (304); and comparing the authorization tag transmitted from the first application with the authorization tag transmitted from the second application and obtaining a comparison result (306).

Description

图像处理方法和装置、电子设备、存储介质Image processing method and device, electronic device, storage medium
优先权信息Priority information
本申请请求2018年4月28日向中国国家知识产权局提交的、专利申请号为201810401358.3的专利申请的优先权和权益,并且通过参照将其全文并入此处。Priority is claimed on Japanese Patent Application No. 201810401358.3, the entire disclosure of which is hereby incorporated by reference.
技术领域Technical field
本申请涉及计算机技术领域,特别是涉及一种图像处理方法和装置、电子设备、计算机可读存储介质。The present application relates to the field of computer technology, and in particular, to an image processing method and apparatus, an electronic device, and a computer readable storage medium.
背景技术Background technique
随着计算机技术的发展,通过录入生物信息进行身份验证的方式越来越普遍。身份验证主要是通过获取录入的生物信息,对生物信息进行检测以及特征提取,再将提取的特征与数据库中的特征进行比对。现有的身份验证方式用于门禁考勤、支付以及图像识别等。With the development of computer technology, it is more and more common to enter biometric information for authentication. The identity verification mainly collects the biological information, detects the biological information and extracts the features, and compares the extracted features with the features in the database. Existing authentication methods are used for access control attendance, payment, and image recognition.
发明内容Summary of the invention
本申请实施例提供一种图像处理方法、装置、电子设备、计算机可读存储介质,可以提高身份验证的安全性。The embodiment of the present application provides an image processing method, device, electronic device, and computer readable storage medium, which can improve the security of identity verification.
一种图像处理方法,包括:An image processing method comprising:
获取生物信息录入的请求指令;Obtaining a request instruction for biometric information entry;
根据所述请求指令接收从第一应用传输的授权标记,以及接收从第二应用传输的授权标记;Receiving an authorization flag transmitted from the first application according to the request instruction, and receiving an authorization flag transmitted from the second application;
将所述第一应用传输的授权标记与所述第二应用传输的授权标记进行比较,得到比较结果。Comparing the authorization token transmitted by the first application with the authorization token transmitted by the second application to obtain a comparison result.
一种图像处理装置,包括:An image processing apparatus comprising:
指令获取模块,用于获取生物信息录入的请求指令;An instruction acquisition module, configured to acquire a request instruction for biometric information entry;
授权标记接收模块,用于根据所述请求指令接收从第一应用传输的授权标记,以及接收从第二应用传输的授权标记;An authorization mark receiving module, configured to receive an authorization mark transmitted from the first application according to the request instruction, and receive an authorization mark transmitted from the second application;
授权标记比较模块,用于将所述第一应用传输的授权标记与所述第二应用传输的授权标记进行比较,得到比较结果。The authorization mark comparison module is configured to compare the authorization mark transmitted by the first application with the authorization mark transmitted by the second application to obtain a comparison result.
一种电子设备,包括存储器及处理器,所述存储器中储存有计算机程序,所述计算机程序被所述处理器执行时,使得所述处理器执行如下步骤:An electronic device includes a memory and a processor, wherein the memory stores a computer program, and when the computer program is executed by the processor, the processor performs the following steps:
获取生物信息录入的请求指令;Obtaining a request instruction for biometric information entry;
根据所述请求指令接收从第一应用传输的授权标记,以及接收从第二应用传输的授权标记;Receiving an authorization flag transmitted from the first application according to the request instruction, and receiving an authorization flag transmitted from the second application;
将所述第一应用传输的授权标记与所述第二应用传输的授权标记进行比较,得到比较结果。Comparing the authorization token transmitted by the first application with the authorization token transmitted by the second application to obtain a comparison result.
一种计算机可读存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现如下步骤:A computer readable storage medium having stored thereon a computer program, the computer program being executed by a processor to implement the following steps:
获取生物信息录入的请求指令;Obtaining a request instruction for biometric information entry;
根据所述请求指令接收从第一应用传输的授权标记,以及接收从第二应用传输的授权标记;Receiving an authorization flag transmitted from the first application according to the request instruction, and receiving an authorization flag transmitted from the second application;
将所述第一应用传输的授权标记与所述第二应用传输的授权标记进行比较,得到比较结果。Comparing the authorization token transmitted by the first application with the authorization token transmitted by the second application to obtain a comparison result.
附图说明DRAWINGS
为了更清楚地说明本申请实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings to be used in the embodiments or the prior art description will be briefly described below. Obviously, the drawings in the following description are only It is a certain embodiment of the present application, and other drawings can be obtained according to the drawings without any creative work for those skilled in the art.
图1为一个实施例中图像处理方法的应用环境图;1 is an application environment diagram of an image processing method in an embodiment;
图2为一个实施例中电子设备的内部结构图;2 is a diagram showing the internal structure of an electronic device in an embodiment;
图3为一个实施例中图像处理方法的流程图;3 is a flow chart of an image processing method in an embodiment;
图4为一个实施例中生成授权标记的方法流程图;4 is a flow chart of a method for generating an authorization token in an embodiment;
图5为一个实施例中提示异常信息的方法流程图;FIG. 5 is a flowchart of a method for prompting abnormal information in an embodiment; FIG.
图6为一个实施例中验证人脸信息录入的方法流程图;6 is a flow chart of a method for verifying face information entry in an embodiment;
图7为一个实施例中图像处理方法的软件架构图;7 is a software architecture diagram of an image processing method in an embodiment;
图8为一个实施例中图像处理装置的结构框图;Figure 8 is a block diagram showing the structure of an image processing apparatus in an embodiment;
图9为一个实施例中手机的部分结构框图。FIG. 9 is a partial structural block diagram of a mobile phone in an embodiment.
具体实施方式detailed description
为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。In order to make the objects, technical solutions, and advantages of the present application more comprehensible, the present application will be further described in detail below with reference to the accompanying drawings and embodiments. It is understood that the specific embodiments described herein are merely illustrative of the application and are not intended to be limiting.
可以理解,本申请所使用的术语“第一”、“第二”等可在本文中用于描述各种元件,但这些元件不受这些术语限制。这些术语仅用于将第一个元件与另一个元件区分。举例来说,在不脱离本申请的范围的情况下,可以将第一客户端称为第二客户端,且类似地,可将第二客户端称为第一客户端。第一客户端和第二客户端两者都是客户端,但其不是同一客户端。It will be understood that the terms "first", "second" and the like, as used herein, may be used to describe various elements, but these elements are not limited by these terms. These terms are only used to distinguish one element from another. For example, a first client may be referred to as a second client, and similarly, a second client may be referred to as a first client, without departing from the scope of the present application. Both the first client and the second client are clients, but they are not the same client.
在一个实施例中,提供了一种图像处理方法,以应用于上述电子设备来举例说明,如图3所示,包括如下步骤:In an embodiment, an image processing method is provided to be applied to the above electronic device for illustration. As shown in FIG. 3, the method includes the following steps:
步骤302,获取生物信息录入的请求指令。Step 302: Acquire a request instruction for biometric information entry.
步骤304,根据请求指令接收从第一应用传输的授权标记,以及接收从第二应用传输的授权标记。Step 304: Receive an authorization token transmitted from the first application according to the request instruction, and receive an authorization token transmitted from the second application.
步骤306,将第一应用传输的授权标记与第二应用传输的授权标记进行比较,得到比较结果。Step 306: Compare the authorization mark transmitted by the first application with the authorization mark transmitted by the second application to obtain a comparison result.
如图4所示,在一个实施例中,提供的一种图像处理方法还可以包括生成授权标记的过程,具体步骤包括:As shown in FIG. 4, in an embodiment, an image processing method provided may further include a process of generating an authorization mark, and the specific steps include:
步骤402,获取配置的密码以及获取请求指令时的第一时间戳。Step 402: Obtain a configured password and a first timestamp when the request instruction is obtained.
步骤404,根据密码以及第一时间戳随机生成安全标识符。Step 404: Randomly generate a security identifier according to the password and the first timestamp.
步骤406,根据安全标识符生成授权标记。Step 406: Generate an authorization token according to the security identifier.
在一个实施例中,如图5所示,提供的一种图像处理方法还可以包括提示异常信息的过程,具体步骤包括:In an embodiment, as shown in FIG. 5, an image processing method provided may further include a process of prompting abnormal information, and the specific steps include:
步骤502,获取当前时刻与第一时间戳之间的间隔时长。Step 502: Obtain an interval duration between the current time and the first timestamp.
步骤504,当间隔时长超出预设时长时,提示异常信息。Step 504: When the interval duration exceeds the preset duration, the abnormal information is prompted.
在一个实施例中,提供的一种图像处理方法还可以包括获取比较结果的过程,具体包括:当第一应用传输的授权标记与第二应用传输的授权标记相同时,判断间隔时长是否超出预设时长,当间隔时长未超出预设时长时,获取验证成功的比较结果。In an embodiment, an image processing method may further include: a process of obtaining a comparison result, specifically: determining whether an interval duration exceeds a pre-determination when an authorization flag transmitted by the first application is the same as an authorization flag transmitted by the second application. Set the duration. When the interval duration does not exceed the preset duration, the comparison result of the verification success is obtained.
在一个实施例中,提供的一种图像处理方法还可以包括接收从第一应用和第二应用传输授权标记的过程,具体包括:根据请求指令接收第一应用通过非可信运行模式 和可信运行模式的共享内存传输的授权标记,以及接收第二应用通过非可信运行模式和可信运行模式的共享内存传输的授权标记。In an embodiment, an image processing method provided may further include receiving a process of transmitting an authorization flag from the first application and the second application, specifically: receiving, according to the request instruction, the first application by using an untrusted operation mode and authenticating An authorization token for the shared memory transfer of the run mode, and an authorization token for receiving the shared memory transfer of the second application through the untrusted mode of operation and the trusted mode of operation.
在一个实施例中,提供的一种图像处理方法中,第一应用传输的授权标记和第二应用传输的授权标记均为采用数字签名处理后的授权标记。In an embodiment, in an image processing method, an authorization mark transmitted by a first application and an authorization mark transmitted by a second application are authorization marks processed by a digital signature.
如图6所示,在一个实施例中,提供的一种图像处理方法还可以包括验证人脸信息录入的过程,具体步骤包括:As shown in FIG. 6, in an embodiment, an image processing method provided may further include a process of verifying face information input, and the specific steps include:
步骤602,获取人脸信息录入的请求指令。Step 602: Acquire a request instruction for inputting face information.
步骤604,根据请求指令接收可信运行模式中的人脸应用传输的授权标记,以及接收可信运行模式中的秘钥管理应用传输的授权标记。Step 604: Receive an authorization mark for the face application transmission in the trusted operation mode according to the request instruction, and receive an authorization mark transmitted by the key management application in the trusted operation mode.
步骤606,将人脸应用传输的授权标记与秘钥管理应用传输的授权标记进行比较,若相同,则人脸信息录入通过。Step 606: compare the authorization mark transmitted by the face application with the authorization mark transmitted by the key management application. If the same, the face information is entered.
在一个实施例中,如图8所示,提供了一种图像处理装置,包括:指令获取模块810,授权标记接收模块820以及授权标记比较模块830,其中:In one embodiment, as shown in FIG. 8, an image processing apparatus is provided, including: an instruction acquisition module 810, an authorization mark receiving module 820, and an authorization mark comparison module 830, wherein:
指令获取模块810,用于获取生物信息录入的请求指令。The instruction acquisition module 810 is configured to acquire a request instruction for biometric information entry.
授权标记接收模块820,用于根据请求指令接收从第一应用传输的授权标记,以及接收从第二应用传输的授权标记。The authorization mark receiving module 820 is configured to receive the authorization mark transmitted from the first application according to the request instruction, and receive the authorization mark transmitted from the second application.
授权标记比较模块830,用于将第一应用传输的授权标记与第二应用传输的授权标记进行比较,得到比较结果。The authorization mark comparison module 830 is configured to compare the authorization mark transmitted by the first application with the authorization mark transmitted by the second application to obtain a comparison result.
本申请实施例还提供了一种计算机可读存储介质。一个或多个包含计算机可执行指令的非易失性计算机可读存储介质,当所述计算机可执行指令被一个或多个处理器执行时,使得所述处理器执行以下步骤:The embodiment of the present application also provides a computer readable storage medium. One or more non-transitory computer readable storage media containing computer executable instructions that, when executed by one or more processors, cause the processor to perform the following steps:
步骤302,获取生物信息录入的请求指令;Step 302: Acquire a request instruction for biometric information entry;
步骤304,根据请求指令接收从第一应用传输的授权标记,以及接收从第二应用传输的授权标记;Step 304: Receive an authorization mark transmitted from the first application according to the request instruction, and receive an authorization mark transmitted from the second application;
步骤306,将第一应用传输的授权标记与第二应用传输的授权标记进行比较,得到比较结果;Step 306: Compare an authorization mark transmitted by the first application with an authorization mark transmitted by the second application, to obtain a comparison result.
步骤402,获取配置的密码以及获取请求指令时的第一时间戳;Step 402: Obtain a configured password and a first timestamp when the request instruction is obtained.
步骤404,根据密码以及第一时间戳随机生成安全标识符;Step 404: Randomly generate a security identifier according to the password and the first timestamp.
步骤406,根据安全标识符生成授权标记;Step 406: Generate an authorization token according to the security identifier.
步骤502,获取当前时刻与第一时间戳之间的间隔时长;Step 502: Obtain an interval duration between the current time and the first timestamp.
步骤504,当间隔时长超出预设时长时,提示异常信息;Step 504: When the interval duration exceeds a preset duration, the abnormal information is prompted;
当第一应用传输的授权标记与第二应用传输的授权标记相同时,判断间隔时长是否超出预设时长,当间隔时长未超出预设时长时,获取验证成功的比较结果;When the authorization flag transmitted by the first application is the same as the authorization flag transmitted by the second application, it is determined whether the interval duration exceeds the preset duration, and when the interval duration does not exceed the preset duration, the comparison result of the verification success is obtained;
根据请求指令接收第一应用通过非可信运行模式和可信运行模式的共享内存传输的授权标记,以及接收第二应用通过非可信运行模式和可信运行模式的共享内存传输的授权标记,第一应用传输的授权标记和第二应用传输的授权标记均为采用数字签名处理后的授权标记;Receiving, according to the request instruction, an authorization token transmitted by the first application through the shared memory of the untrusted operation mode and the trusted operation mode, and receiving an authorization token transmitted by the second application through the shared memory of the non-trusted operation mode and the trusted operation mode, The authorization mark transmitted by the first application and the authorization mark transmitted by the second application are authorization marks processed by the digital signature;
步骤602,获取人脸信息录入的请求指令;Step 602: Acquire a request instruction for entering a face information.
步骤604,根据请求指令接收可信运行模式中的人脸应用传输的授权标记,以及接收可信运行模式中的秘钥管理应用传输的授权标记;Step 604: Receive, according to the request instruction, an authorization mark transmitted by the face application in the trusted operation mode, and receive an authorization mark transmitted by the key management application in the trusted operation mode;
步骤606,将人脸应用传输的授权标记与秘钥管理应用传输的授权标记进行比较,若相同,则人脸信息录入通过。Step 606: compare the authorization mark transmitted by the face application with the authorization mark transmitted by the key management application. If the same, the face information is entered.
请参阅图9,在本申请实施例中,电子设备所包括的处理器980执行存储在存储器920上的计算机程序时实现以下步骤:Referring to FIG. 9, in the embodiment of the present application, the processor 980 included in the electronic device implements the following steps when executing the computer program stored in the memory 920:
步骤302,获取生物信息录入的请求指令;Step 302: Acquire a request instruction for biometric information entry;
步骤304,根据请求指令接收从第一应用传输的授权标记,以及接收从第二应用传输的授权标记;Step 304: Receive an authorization mark transmitted from the first application according to the request instruction, and receive an authorization mark transmitted from the second application;
步骤306,将第一应用传输的授权标记与第二应用传输的授权标记进行比较,得到比较结果;Step 306: Compare an authorization mark transmitted by the first application with an authorization mark transmitted by the second application, to obtain a comparison result.
步骤402,获取配置的密码以及获取请求指令时的第一时间戳;Step 402: Obtain a configured password and a first timestamp when the request instruction is obtained.
步骤404,根据密码以及第一时间戳随机生成安全标识符;Step 404: Randomly generate a security identifier according to the password and the first timestamp.
步骤406,根据安全标识符生成授权标记;Step 406: Generate an authorization token according to the security identifier.
步骤502,获取当前时刻与第一时间戳之间的间隔时长;Step 502: Obtain an interval duration between the current time and the first timestamp.
步骤504,当间隔时长超出预设时长时,提示异常信息;Step 504: When the interval duration exceeds a preset duration, the abnormal information is prompted;
当第一应用传输的授权标记与第二应用传输的授权标记相同时,判断间隔时长是否超出预设时长,当间隔时长未超出预设时长时,获取验证成功的比较结果;When the authorization flag transmitted by the first application is the same as the authorization flag transmitted by the second application, it is determined whether the interval duration exceeds the preset duration, and when the interval duration does not exceed the preset duration, the comparison result of the verification success is obtained;
根据请求指令接收第一应用通过非可信运行模式和可信运行模式的共享内存传输的授权标记,以及接收第二应用通过非可信运行模式和可信运行模式的共享内存传输的授权标记,第一应用传输的授权标记和第二应用传输的授权标记均为采用数字签名处理后的授权标记;Receiving, according to the request instruction, an authorization token transmitted by the first application through the shared memory of the untrusted operation mode and the trusted operation mode, and receiving an authorization token transmitted by the second application through the shared memory of the non-trusted operation mode and the trusted operation mode, The authorization mark transmitted by the first application and the authorization mark transmitted by the second application are authorization marks processed by the digital signature;
步骤602,获取人脸信息录入的请求指令;Step 602: Acquire a request instruction for entering a face information.
步骤604,根据请求指令接收可信运行模式中的人脸应用传输的授权标记,以及接收可信运行模式中的秘钥管理应用传输的授权标记;Step 604: Receive, according to the request instruction, an authorization mark transmitted by the face application in the trusted operation mode, and receive an authorization mark transmitted by the key management application in the trusted operation mode;
步骤606,将人脸应用传输的授权标记与秘钥管理应用传输的授权标记进行比较,若相同,则人脸信息录入通过。Step 606: compare the authorization mark transmitted by the face application with the authorization mark transmitted by the key management application. If the same, the face information is entered.
图1为一个实施例中图像处理方法的应用环境示意图。如图1所示,该应用环境包括电子设备200,电子设备200可以获取生物信息录入的请求指令,并根据请求指令分别接收从第一应用和第二应用传输的授权标记,将授权标记比较后,电子设备200可以得到比较结果。电子设备200可为智能手机、平板电脑、个人数字助理、穿戴式设备等。FIG. 1 is a schematic diagram of an application environment of an image processing method in an embodiment. As shown in FIG. 1 , the application environment includes an electronic device 200. The electronic device 200 can acquire a request instruction for biometric information input, and respectively receive an authorization mark transmitted from the first application and the second application according to the request instruction, and compare the authorization tags. The electronic device 200 can obtain a comparison result. The electronic device 200 can be a smartphone, a tablet, a personal digital assistant, a wearable device, or the like.
图2为一个实施例中电子设备200的内部结构框图。如图2所示,电子设备200可包括摄像头模组210、第一处理单元220、第二处理单元230和安全处理单元240等。第一处理单元220与摄像头模组210、第二处理单元230和安全处理单元240分别相连。2 is a block diagram showing the internal structure of an electronic device 200 in one embodiment. As shown in FIG. 2, the electronic device 200 can include a camera module 210, a first processing unit 220, a second processing unit 230, a security processing unit 240, and the like. The first processing unit 220 is connected to the camera module 210, the second processing unit 230, and the security processing unit 240, respectively.
摄像头模组210可包括第一图像采集器、第一投射器、第二图像采集器和第二投射器。第一图像采集器、第一投射器和第二投射器分别与第一处理单元220相连。第二图像采集器可与第一处理单元220或第二处理器230相连。第一图像采集器可为激光摄像头212。第一投射器可为泛光灯214。第二图像采集器可为RGB(Red/Green/Blue,红/绿/蓝色彩模式)摄像头216。第二投射器可为镭射灯218。激光摄像头212和RGB摄像头216均可包括透镜和图像传感器等元件。图像传感器一般为互补金属氧化物半导体(Complementary Metal Oxide Semiconductor,简称CMOS)或电荷耦合器件(charge coupled device,简称CCD)。激光摄像头212中的图像传感器的表面通过设置与各像素一一对应的滤光片以实现对不同波长光线的强度提取,从而使得激光摄像头212可以采集到不同波长的不可见光图像。该滤波片可允许通过的光波长与镭射灯218发出的光的波长一致,例如可为红外光、紫外光等。RGB摄像头216可以采用拜耳滤光片来获取分别三个通道(R/G/B)的光强信息,采集目标物体的彩色图像。泛光灯214可为激光二极管、LED等。泛光灯214的发光波长与镭射灯218的波长相同。第二投射器可包括光源、透镜以及结构光图案生成器,其中,光源可以为面发射激光、垂直腔面激光(Vertical Cavity Surface Emitting Laser,简称VCSEL)阵列,结构光图案生成器可为毛玻璃、衍射光学元件(Diffractive Optical Elements,简称DOE)或者两者 组合。The camera module 210 can include a first image collector, a first projector, a second image collector, and a second projector. The first image collector, the first projector, and the second projector are respectively coupled to the first processing unit 220. The second image collector can be coupled to the first processing unit 220 or the second processor 230. The first image capture device can be a laser camera 212. The first projector can be a floodlight 214. The second image capture device can be an RGB (Red/Green/Blue, red/green/blue color mode) camera 216. The second projector can be a laser light 218. Both the laser camera 212 and the RGB camera 216 may include elements such as lenses and image sensors. The image sensor is generally a Complementary Metal Oxide Semiconductor (CMOS) or a charge coupled device (CCD). The surface of the image sensor in the laser camera 212 is configured to provide intensity extraction of light of different wavelengths by providing filters corresponding to the pixels one by one, so that the laser camera 212 can collect invisible light images of different wavelengths. The filter may allow the wavelength of light to pass to coincide with the wavelength of light emitted by the laser lamp 218, such as infrared light, ultraviolet light, or the like. The RGB camera 216 can use Bayer filters to acquire light intensity information of three channels (R/G/B), and collect color images of the target object. The floodlight 214 can be a laser diode, an LED, or the like. The illuminating wavelength of the floodlight 214 is the same as the wavelength of the laser 218. The second projector may include a light source, a lens, and a structured light pattern generator, wherein the light source may be a surface emitting laser, a Vertical Cavity Surface Emitting Laser (VCSEL) array, and the structured light pattern generator may be frosted glass. Diffractive Optical Elements (DOE) or a combination of both.
第一处理单元220可为MCU(Microcontroller Unit,微控制单元)。MCU可包括PWM(Pulse Width Modulation,脉冲宽度调制)222、SPI/I2C(Serial Peripheral Interface/Inter-Integrated Circuit,串行外设接口/双向二线制同步串行接口)224、RAM(Random Access Memory,随机存取存储器)226和Depth Engine(深度引擎)228。MCU可通过PWM控制泛光灯214和激光摄像头212同步,泛光灯214发出泛光照射到目标物体,通过激光摄像头212采集得到泛光图像,若泛光灯214发出红外光,则采集得到红外图像。MCU通过PWM控制镭射灯218和激光摄像头212同步,镭射灯218投射结构光图案到目标物体,被激光摄像头212采集得到目标散斑图像。The first processing unit 220 can be an MCU (Microcontroller Unit). The MCU may include PWM (Pulse Width Modulation) 222, SPI/I2C (Serial Peripheral Interface/Inter-Integrated Circuit) 224, RAM (Random Access Memory, Random access memory) 226 and Depth Engine 228. The MCU can be synchronized by the PWM control floodlight 214 and the laser camera 212. The floodlight 214 emits floodlight to the target object, and the floodlight image is collected by the laser camera 212. If the floodlight 214 emits infrared light, the infrared light is collected. image. The MCU is synchronized with the laser camera 218 by the PWM control laser 218, and the laser lamp 218 projects the structured light pattern to the target object, and the laser camera 212 acquires the target speckle image.
在一个实施例中,镭射灯218会预先向距电子设备200已知距离的参考平面上投射结构光图案(带有散斑颗粒的图案),被激光摄像头212采集后作为参考散斑图像,并保存到第一处理单元220的存储器中,也可以保存到第二处理单元230的存储器中,也可以保存到安全处理单元240的存储器中。该存储器为非易失性存储器。In one embodiment, the laser light 218 pre-projects a structured light pattern (a pattern with speckle particles) onto a reference plane at a known distance from the electronic device 200, which is captured by the laser camera 212 as a reference speckle image, and The memory stored in the memory of the first processing unit 220 may be stored in the memory of the second processing unit 230 or may be stored in the memory of the security processing unit 240. This memory is a non-volatile memory.
第二处理单元230可为CPU处理器。第二处理单元230中包括在TEE(Trusted execution environment,可信运行环境)下运行的CPU内核和在REE(Rich Execution Environment,自然运行环境)下运行的CPU内核。TEE和REE均为ARM模块(Advanced RISC Machines,高级精简指令集处理器)的运行模式。通常情况下,电子设备200中安全性较高的操作行为需要在TEE下执行,其他操作行为则可在REE下执行。本申请实施例中,当第二处理单元230接收到应用程序的人脸信息获取请求,例如当应用程序需要人脸信息进行解锁、应用程序需要人脸信息进行支付时,在TEE下运行的CPU内核可通过SECURE SPI/I2C总线250向第一处理单元220中SPI/I2C接口224发送人脸采集指令,并可通过PWM222发射脉冲波控制摄像头模组210中泛光灯214开启来采集红外图像、控制摄像头模组210中镭射灯218开启来采集目标散斑图像。摄像头模组210可将采集到的红外图像和目标散斑图像传送给第一处理单元220中深度引擎228进行处理。深度引擎228可将采集的目标散斑图像与参考散斑图像进行计算得到带有目标散斑图像与参考散斑图像中对应点的偏移量信息的视差图像,对视差图像进行处理得到深度图像。The second processing unit 230 can be a CPU processor. The second processing unit 230 includes a CPU core running under a TEE (Trusted execution environment) and a CPU core running under a REE (Rich Execution Environment). Both TEE and REE are operating modes of ARM modules (Advanced RISC Machines, Advanced Reduced Instruction Set Processor). Generally, the safer operation behavior of the electronic device 200 needs to be performed under the TEE, and other operation behaviors can be performed under the REE. In the embodiment of the present application, when the second processing unit 230 receives the face information acquisition request of the application, for example, when the application requires face information to be unlocked, and the application requires face information to perform payment, the CPU running under the TEE The kernel can send a face acquisition command to the SPI/I2C interface 224 of the first processing unit 220 through the SECURE SPI/I2C bus 250, and can acquire the infrared image by using the PWM 222 to transmit the pulse wave control camera module 210 to turn on the floodlight 214. The laser light 218 in the control camera module 210 is turned on to collect the target speckle image. The camera module 210 can transmit the acquired infrared image and the target speckle image to the depth engine 228 in the first processing unit 220 for processing. The depth engine 228 may calculate the acquired target speckle image and the reference speckle image to obtain a parallax image with offset information of the corresponding point in the target speckle image and the reference speckle image, and process the parallax image to obtain a depth image. .
第一处理单元220根据获取到的红外图像进行人脸识别,检测上述红外图像中是否存在人脸以及检测到的人脸与存储的人脸是否匹配。当然,根据红外图像进行人脸识别也可以由安全处理单元240实现,第一处理单元220可以将获取到的红外图像发送给安全处理单元240,安全处理单元240检测红外图像中是否存在人脸以及检测到的人脸与存储的人脸是否匹配。若人脸识别通过,第一处理单元220再根据上述红外图像和深度图像来进行活体检测,检测上述人脸是否存在生物活性。在一个实施例中,可先进行活体检测再进行人脸识别,或同时进行人脸识别和活体检测。例如:第一处理单元220先进行活体检测再进行人脸识别;或第一处理单元220先进行活体检测,安全处理单元240再进行人脸识别;或第一处理单元220同时进行人脸识别和活体检测;或第一处理单元220进行活体检测,同时安全处理单元240进行人脸识别。在人脸识别通过且检测到的人脸具有生物活性,第一处理单元220可将对上述红外图像和深度图像的中间信息(例如视差图像)发送给安全处理单元240。安全处理单元240根据红外图像和深度图像的中间信息计算得到人脸的深度信息,将深度信息发送给TEE下的CPU内核。The first processing unit 220 performs face recognition according to the acquired infrared image, and detects whether there is a human face in the infrared image and whether the detected face matches the stored face. Of course, the face recognition according to the infrared image may also be implemented by the security processing unit 240. The first processing unit 220 may send the acquired infrared image to the security processing unit 240, and the security processing unit 240 detects whether there is a human face in the infrared image and The detected face matches the stored face. If the face recognition passes, the first processing unit 220 performs the living body detection according to the infrared image and the depth image to detect whether the human face has biological activity. In one embodiment, the living body detection may be performed first, then the face recognition may be performed, or the face recognition and the living body detection may be performed simultaneously. For example, the first processing unit 220 performs the living body detection and then performs the face recognition; or the first processing unit 220 performs the living body detection first, and the security processing unit 240 performs the face recognition again; or the first processing unit 220 performs the face recognition and the same. The living body detection; or the first processing unit 220 performs the living body detection while the security processing unit 240 performs face recognition. The first processing unit 220 may transmit intermediate information (eg, a parallax image) of the infrared image and the depth image described above to the security processing unit 240, as the face recognition passes and the detected face is biologically active. The security processing unit 240 calculates the depth information of the face according to the intermediate information of the infrared image and the depth image, and transmits the depth information to the CPU core under the TEE.
在另一个实施例中,摄像头模组210可将采集到的红外图像和目标散斑图像传送给第一处理单元220中深度引擎228进行处理。深度引擎228可将采集的目标散斑图像与参考散斑图像进行计算得到带有目标散斑图像与参考散斑图像中对应点的偏移量信息的视差图像,第一处理单元220可将视差图像通过移动产业处理器接口(Mobile  Industry Processor Interface,简称MIPI)发送给安全处理单元240,安全处理单元240处理该视差图像得到深度图像。具体地,第一处理单元220根据获取到的红外图像进行人脸识别,检测上述红外图像中是否存在人脸以及检测到的人脸与存储的人脸是否匹配。当然,根据红外图像进行人脸识别也可以由安全处理单元240实现,第一处理单元220可以将获取到的红外图像发送给安全处理单元240,安全处理单元240检测红外图像中是否存在人脸以及检测到的人脸与存储的人脸是否匹配。若人脸识别通过,安全处理单元240再根据上述红外图像和深度图像来进行活体检测,检测上述人脸是否存在生物活性。在一个实施例中,可先进行活体检测再进行人脸识别,或同时进行人脸识别和活体检测。例如:安全处理单元240先进行活体检测,第一处理单元220再进行人脸识别;或安全处理单元240先进行活体检测,再进行人脸识别;或第一处理单元220进行人脸识别,同时安全处理单元240进行活体检测;或安全处理单元240同时进行人脸识别和活体检测。如此,可以利用安全处理单元240处理视差图像以得到深度图像,从而减小第一处理单元220所需的数据处理量,进而提高电子设备200的处理效率和处理能力。In another embodiment, the camera module 210 can transmit the acquired infrared image and the target speckle image to the depth engine 228 in the first processing unit 220 for processing. The depth engine 228 can calculate the acquired target speckle image and the reference speckle image to obtain a disparity image with offset information of the corresponding point in the target speckle image and the reference speckle image, and the first processing unit 220 can convert the disparity. The image is transmitted to the security processing unit 240 through a Mobile Industry Processor Interface (MIPI), and the security processing unit 240 processes the parallax image to obtain a depth image. Specifically, the first processing unit 220 performs face recognition according to the acquired infrared image, and detects whether there is a human face in the infrared image and whether the detected face matches the stored face. Of course, the face recognition according to the infrared image may also be implemented by the security processing unit 240. The first processing unit 220 may send the acquired infrared image to the security processing unit 240, and the security processing unit 240 detects whether there is a human face in the infrared image and The detected face matches the stored face. If the face recognition passes, the security processing unit 240 performs the living body detection according to the infrared image and the depth image to detect whether the human face has biological activity. In one embodiment, the living body detection may be performed first, then the face recognition may be performed, or the face recognition and the living body detection may be performed simultaneously. For example, the security processing unit 240 performs the living body detection first, and the first processing unit 220 performs the face recognition again; or the security processing unit 240 performs the living body detection first, and then performs the face recognition; or the first processing unit 220 performs the face recognition. The security processing unit 240 performs a living body detection; or the security processing unit 240 performs face recognition and living body detection simultaneously. As such, the parallax image can be processed by the security processing unit 240 to obtain a depth image, thereby reducing the amount of data processing required by the first processing unit 220, thereby improving the processing efficiency and processing capability of the electronic device 200.
安全处理单元240可为独立的处理器,也可为在第二处理单元230中采用硬件和软件隔离的方式形成的安全区域,例如第二处理单元230可为多核处理器,将其中一核处理器划定为安全处理单元,用于计算人脸的深度信息、采集的红外图像与已存储的红外图像的匹配、计算得到的深度图像与已存储的深度图像的匹配等。安全处理单元240可对数据进行并行处理或串行处理。The security processing unit 240 may be a separate processor or a security area formed by using hardware and software isolation in the second processing unit 230. For example, the second processing unit 230 may be a multi-core processor, and one of the cores is processed. The device is defined as a security processing unit for calculating depth information of a face, matching of the acquired infrared image with the stored infrared image, matching of the calculated depth image with the stored depth image, and the like. The security processing unit 240 can perform parallel processing or serial processing on the data.
在一个实施例中,提供了一种图像处理方法,以应用于上述电子设备来举例说明,如图3所示,包括如下步骤:In an embodiment, an image processing method is provided to be applied to the above electronic device for illustration. As shown in FIG. 3, the method includes the following steps:
步骤302,获取生物信息录入的请求指令。Step 302: Acquire a request instruction for biometric information entry.
生物信息可以是人脸、指纹、掌纹等生物体特有的信息。生物信息可以通过电子设备上的装置进行录入。例如,当生物信息为人脸时,可以通过电子设备上的摄像头模组进行人脸图像采集,由CPU处理器控制摄像头模组工作,从而实现人脸信息的录入。请求指令可以是通过电子设备上的装置发出的,请求录入生物信息的指令。例如,当摄像头模组开启需要采集人脸图像时,摄像头模组可以向电子设备发送录入人脸图像的请求指令。The biological information may be information unique to a living body such as a face, a fingerprint, or a palm print. Biometric information can be entered via devices on the electronic device. For example, when the biological information is a human face, the face image can be collected by the camera module on the electronic device, and the CPU module controls the camera module to work, thereby realizing the input of the face information. The request command may be an instruction issued by a device on the electronic device to request entry of the biometric information. For example, when the camera module needs to capture a face image, the camera module can send a request instruction for inputting a face image to the electronic device.
当电子设备上录入生物信息的装置开启时,电子设备可以通过开启的装置获取到生物信息录入的请求指令。When the device for recording biometric information on the electronic device is turned on, the electronic device can acquire the request instruction for biometric information input through the opened device.
步骤304,根据请求指令接收从第一应用传输的授权标记,以及接收从第二应用传输的授权标记。Step 304: Receive an authorization token transmitted from the first application according to the request instruction, and receive an authorization token transmitted from the second application.
授权标记是指在电子设备获取录入生物信息的请求指令时生成的,用于验证录入的信息是否合法的标记。第一应用可以是处于可信运行环境中的应用,例如,第一应用可以是人脸应用,人脸应用可以是用于采集人脸图像的应用。第二应用也可以是处于可信运行环境中的应用,例如,第二应用可以是秘钥管理应用。第一应用传输授权标记的通道与第二应用传输授权标记的通道是不同的。The authorization mark is a mark generated when the electronic device acquires a request instruction for inputting biological information, and is used to verify whether the entered information is legal. The first application may be an application in a trusted operating environment, for example, the first application may be a face application, and the face application may be an application for collecting a face image. The second application may also be an application in a trusted operating environment. For example, the second application may be a key management application. The channel of the first application transmission authorization flag is different from the channel of the second application transmission authorization flag.
电子设备在接收到请求指令后,可以控制第一应用和第二应用传输授权标记。其中,第一应用传输授权标记的传输通道与第二应用传输授权标记的传输通道是不同的。电子设备可以接收处于可信运行环境或者非可信运行环境中的第一应用传输的授权标记,同时,电子设备还可以接收处于可信运行环境或者非可信运行环境中的第二应用传输的授权标记。After receiving the request instruction, the electronic device may control the first application and the second application to transmit the authorization flag. The transmission channel of the first application transmission authorization mark is different from the transmission channel of the second application transmission authorization mark. The electronic device can receive the authorization mark transmitted by the first application in the trusted running environment or the non-trusted running environment, and the electronic device can also receive the second application transmission in the trusted running environment or the non-trusted running environment. Authorization mark.
步骤306,将第一应用传输的授权标记与第二应用传输的授权标记进行比较,得到比较结果。Step 306: Compare the authorization mark transmitted by the first application with the authorization mark transmitted by the second application to obtain a comparison result.
电子设备可以接收到由第一应用传输的授权标记以及由第二应用传输的授权标 记。授权标记是在电子设备获取录入生物信息的请求指令时生成的,经过了不同的传输通道,电子设备可以将第一应用传输的授权标记与第二应用传输的授权标记进行比较,可以得到第一应用传输的授权标记与第二应用传输的授权标记相同或者不同的比较结果。The electronic device can receive the authorization token transmitted by the first application and the authorization token transmitted by the second application. The authorization mark is generated when the electronic device obtains the request instruction for inputting the biological information, and after the different transmission channels, the electronic device can compare the authorization mark transmitted by the first application with the authorization mark transmitted by the second application, and the first The authorization flag transmitted by the application is the same as or different from the authorization flag transmitted by the second application.
传统的身份验证方法仅仅是将提取的生物信息的特征与数据库中的特征进行比对,存在安全性低的问题。The traditional authentication method only compares the characteristics of the extracted biological information with the features in the database, and has a problem of low security.
本申请实施方式通过获取生物信息录入的请求指令,根据请求指令接收从第一应用传输的授权标记,以及接收从第二应用传输的授权标记,将第一应用传输的授权标记与第二应用传输的授权标记进行比较,得到比较结果。通过接收不同应用传输的授权标记,并将接收的不同应用传输的授权标记进行比较,可以提高生物信息录入的安全性。The embodiment of the present application transmits the authorization token transmitted from the first application according to the request instruction, and receives the authorization token transmitted from the second application according to the request instruction, and transmits the authorization token transmitted by the first application to the second application. The authorization tokens are compared and the comparison results are obtained. The security of biometric information entry can be improved by receiving authorization tokens transmitted by different applications and comparing the received authorization tokens transmitted by different applications.
如图4所示,在一个实施例中,提供的一种图像处理方法还可以包括生成授权标记的过程,具体步骤包括:As shown in FIG. 4, in an embodiment, an image processing method provided may further include a process of generating an authorization mark, and the specific steps include:
步骤402,获取配置的密码以及获取请求指令时的第一时间戳。Step 402: Obtain a configured password and a first timestamp when the request instruction is obtained.
配置的密码可以是用户通过电子设备的显示屏配置的,配置的密码可以是数字密码,还可以是图案密码。时间戳是指用于标识某一刻时间的字符序列。The configured password can be configured by the user through the display of the electronic device, and the configured password can be a digital password or a pattern password. A timestamp is a sequence of characters used to identify a certain time.
电子设备可以获取通过显示屏配置的密码。电子设备还可以获取在获取请求指令时的第一时间戳,第一时间戳是标识获取请求指令时的时间字符序列。The electronic device can obtain a password configured through the display. The electronic device may also acquire a first timestamp when the request instruction is acquired, and the first timestamp is a sequence of time characters when the request instruction is acquired.
步骤404,根据密码以及第一时间戳随机生成安全标识符。Step 404: Randomly generate a security identifier according to the password and the first timestamp.
其中,安全标识符SID(Security Identifiers)是标识用户、组和计算机的唯一号码。电子设备在获取到密码和第一时间戳后,可以根据密码和第一时间戳随机生成安全标识符,安全标识符可以是64位的标识符。安全标识符还可以与密码绑定。Among them, Security Identifiers are unique numbers that identify users, groups, and computers. After obtaining the password and the first timestamp, the electronic device may randomly generate a security identifier according to the password and the first timestamp, and the security identifier may be a 64-bit identifier. The security identifier can also be bound to a password.
步骤406,根据安全标识符生成授权标记。Step 406: Generate an authorization token according to the security identifier.
电子设备可以基于安全标识符生成授权标记。生成的授权标记可以是一个口令集,生成的授权标记可以包含多个关键因子,例如时间戳、安全标识符以及与硬件相关的哈希校验码等。The electronic device can generate an authorization token based on the security identifier. The generated authorization token can be a password set, and the generated authorization token can contain multiple key factors such as a timestamp, a security identifier, and a hardware-related hash check code.
通过获取配置的密码以及获取请求指令时的第一时间戳,根据密码以及第一时间戳随机生成安全标识符,根据安全标识符生成授权标记。电子设备根据密码和第一时间戳生成了安全标识符,由于授权标记是根据安全标识符生成的,可以提高信息录入的安全性。The security token is randomly generated according to the password and the first timestamp by obtaining the configured password and the first timestamp when the request instruction is obtained, and the authorization token is generated according to the security identifier. The electronic device generates a security identifier based on the password and the first timestamp. Since the authorization token is generated based on the security identifier, the security of the information entry can be improved.
在一个实施例中,如图5所示,提供的一种图像处理方法还可以包括提示异常信息的过程,具体步骤包括:In an embodiment, as shown in FIG. 5, an image processing method provided may further include a process of prompting abnormal information, and the specific steps include:
步骤502,获取当前时刻与第一时间戳之间的间隔时长。Step 502: Obtain an interval duration between the current time and the first timestamp.
电子设备可以获取处于工作状态时当前的时刻。电子设备还可以根据获取的当前时刻和第一时间戳计算出时间差,该时间差就是当前时刻与第一时间戳之间的间隔时长。The electronic device can obtain the current time when it is in working state. The electronic device may further calculate a time difference according to the obtained current time and the first timestamp, where the time difference is an interval time between the current time and the first timestamp.
步骤504,当间隔时长超出预设时长时,提示异常信息。Step 504: When the interval duration exceeds the preset duration, the abnormal information is prompted.
预设时长可以是预先设置好的一段时间,例如,预设时长可以是3秒。电子设备可以随时获取处于工作状态时当前的时刻,再根据获取的时刻随时计算间隔时长。电子设备还可以将获取的间隔时长与预设时长进行比较,当间隔时长超出预设时长时,电子设备可以提示异常信息。具体的,电子设备可以通过震动、发送信息、响铃等方式提示异常。The preset duration can be a preset period of time. For example, the preset duration can be 3 seconds. The electronic device can obtain the current time when the working state is at any time, and then calculate the interval time according to the acquired time. The electronic device can also compare the acquired interval duration with the preset duration. When the interval duration exceeds the preset duration, the electronic device can prompt the abnormal information. Specifically, the electronic device can prompt an abnormality by shaking, sending information, ringing, and the like.
通过获取当前时刻与第一时间戳之间的间隔时长,当间隔时长超出预设时长时,提示异常信息。电子设备可以通过获取间隔时长控制工作时间,并在间隔时长超出预设时长时提示异常信息,从而保证电子设备安全工作的时长。By obtaining the interval between the current time and the first timestamp, when the interval duration exceeds the preset duration, the abnormal information is prompted. The electronic device can control the working time by acquiring the interval duration, and prompt the abnormal information when the interval duration exceeds the preset duration, thereby ensuring the safe working time of the electronic device.
在一个实施例中,提供的一种图像处理方法还可以包括获取比较结果的过程,具体包括:当第一应用传输的授权标记与第二应用传输的授权标记相同时,判断间隔时长是否超出预设时长,当间隔时长未超出预设时长时,获取验证成功的比较结果。In an embodiment, an image processing method may further include: a process of obtaining a comparison result, specifically: determining whether an interval duration exceeds a pre-determination when an authorization flag transmitted by the first application is the same as an authorization flag transmitted by the second application. Set the duration. When the interval duration does not exceed the preset duration, the comparison result of the verification success is obtained.
电子设备可以判断第一应用传输的授权标记与第二应用传输的授权标记是否相同,当电子设备判断出第一应用传输的授权标记与第二应用传输的授权标记相同时,电子设备还会对间隔时长是否超出预设时长做进一步的判断。当电子设备判断出间隔时长没有超出预设时长时,电子设备可以获取验证成功的比较结果。The electronic device may determine whether the authorization mark transmitted by the first application is the same as the authorization mark transmitted by the second application, and when the electronic device determines that the authorization mark transmitted by the first application is the same as the authorization mark transmitted by the second application, the electronic device may also Whether the interval duration exceeds the preset duration for further judgment. When the electronic device determines that the interval duration does not exceed the preset duration, the electronic device may obtain a comparison result of successful verification.
当第一应用传输的授权标记与第二应用传输的授权标记相同时,判断间隔时长是否超出预设时长,当间隔时长未超出预设时长时,获取验证成功的比较结果。只有在第一应用传输的授权标记与第二应用传输的授权标记相同,且间隔时长未超出预设时长时,电子设备才会获取验证成功的比较结果,提高了电子设备获取比较结果的准确性。When the authorization flag transmitted by the first application is the same as the authorization flag transmitted by the second application, it is determined whether the interval duration exceeds the preset duration, and when the interval duration does not exceed the preset duration, the comparison result of the verification success is obtained. Only when the authorization mark transmitted by the first application is the same as the authorization mark transmitted by the second application, and the interval duration does not exceed the preset duration, the electronic device obtains the comparison result of the verification success, and improves the accuracy of the electronic device to obtain the comparison result. .
在一个实施例中,提供的一种图像处理方法还可以包括接收从第一应用和第二应用传输授权标记的过程,具体包括:根据请求指令接收第一应用通过非可信运行模式和可信运行模式的共享内存传输的授权标记,以及接收第二应用通过非可信运行模式和可信运行模式的共享内存传输的授权标记。In an embodiment, an image processing method provided may further include receiving a process of transmitting an authorization flag from the first application and the second application, specifically: receiving, according to the request instruction, the first application by using an untrusted operation mode and authenticating An authorization token for the shared memory transfer of the run mode, and an authorization token for receiving the shared memory transfer of the second application through the untrusted mode of operation and the trusted mode of operation.
可信运行模式与非可信运行模式之间可以通过共享内存传输数据,即,非可信运行模式可以通过共享内存将数据传输给可信运行模式。电子设备可以根据请求指令分别接收第一应用和第二应用传输的授权标记,第一应用和第二应用可以通过可信运行模式传输授权标记,可信运行模式可以通过共享内存将授权标记传输到非可信运行模式,电子设备可以在非可信运行模式中对接收到的第一应用和第二应用的授权标记进行比较,并得到比较结果。第一应用和第二应用还可以通过非可信运行模式传输授权标记,非可信运行模式可以通过共享内存将授权标记传输到可信运行模式,电子设备可以在可信运行模式中对接收到的第一应用和第二应用的授权标记进行比较,并得到比较结果。Data can be transferred between the trusted operating mode and the untrusted operating mode through shared memory, that is, the untrusted operating mode can transfer data to the trusted operating mode through the shared memory. The electronic device may separately receive the authorization mark transmitted by the first application and the second application according to the request instruction, and the first application and the second application may transmit the authorization mark in a trusted operation mode, and the trusted operation mode may transmit the authorization mark to the shared memory through the shared memory. In the untrusted operation mode, the electronic device can compare the received authorization tags of the first application and the second application in the untrusted operation mode, and obtain a comparison result. The first application and the second application may also transmit the authorization token through the untrusted operation mode, and the non-trusted operation mode may transmit the authorization token to the trusted operation mode through the shared memory, and the electronic device may receive the trusted operation mode. The first application is compared with the authorization flag of the second application, and the comparison result is obtained.
根据请求指令接收第一应用通过非可信运行模式和可信运行模式的共享内存传输的授权标记,以及接收第二应用通过非可信运行模式和可信运行模式的共享内存传输的授权标记。电子设备可以在可信运行模式或者非可信模式中对接收到的授权标记进行比较,提高了授权标记传输的安全性以及比较结果的准确性。And receiving, according to the request instruction, an authorization token transmitted by the first application through the shared memory of the untrusted operation mode and the trusted operation mode, and an authorization token transmitted by the shared memory of the second application through the non-trusted operation mode and the trusted operation mode. The electronic device can compare the received authorization tags in the trusted operation mode or the non-trust mode, thereby improving the security of the authorization tag transmission and the accuracy of the comparison result.
在一个实施例中,提供的一种图像处理方法中,第一应用传输的授权标记和第二应用传输的授权标记均为采用数字签名处理后的授权标记。In an embodiment, in an image processing method, an authorization mark transmitted by a first application and an authorization mark transmitted by a second application are authorization marks processed by a digital signature.
数字签名是指通过使用公钥加密技术产生的无法伪造的一段数字串,数字签名是一个加密的过程。授权标记可以采用数字签名的方式进行加密。电子设备接收到的第一应用传输的授权标记和第二应用传输的授权标记,都是采用数字签名进行加密后的授权标记。Digital signature refers to a digital string that cannot be forged by using public key encryption technology. Digital signature is an encryption process. Authorization tokens can be encrypted using digital signatures. The authorization mark transmitted by the first application and the authorization mark transmitted by the second application received by the electronic device are all authorized identifiers encrypted by using a digital signature.
由于第一应用传输的授权标记和第二应用传输的授权标记均为采用数字签名处理后的授权标记,提高了授权标记传输的安全性。Since the authorization mark transmitted by the first application and the authorization mark transmitted by the second application are both authorized signatures processed by the digital signature, the security of the authorization mark transmission is improved.
如图6所示,在一个实施例中,提供的一种图像处理方法还可以包括验证人脸信息录入的过程,具体步骤包括:As shown in FIG. 6, in an embodiment, an image processing method provided may further include a process of verifying face information input, and the specific steps include:
步骤602,获取人脸信息录入的请求指令。Step 602: Acquire a request instruction for inputting face information.
电子设备可以开启摄像头模组采集人脸图像。当摄像头模组开启时,摄像头模组可以向电子设备发送获取人脸信息录入的请求指令。即,电子设备可以通过摄像头模组获取人脸信息录入的请求指令。The electronic device can turn on the camera module to collect the face image. When the camera module is turned on, the camera module can send a request instruction for acquiring face information input to the electronic device. That is, the electronic device can acquire a request instruction for inputting face information through the camera module.
步骤604,根据请求指令接收可信运行模式中的人脸应用传输的授权标记,以及接收可信运行模式中的秘钥管理应用传输的授权标记。Step 604: Receive an authorization mark for the face application transmission in the trusted operation mode according to the request instruction, and receive an authorization mark transmitted by the key management application in the trusted operation mode.
电子设备在接收到请求指令后,可以控制人脸应用和秘钥管理应用传输授权标记。人脸应用和秘钥管理应用是可信运行模式中的应用。其中,人脸应用的用于采集人脸图像的应用。人脸应用和秘钥管理应用可以采用数字签名的方式,分别对人脸应用传输的授权标以及秘钥管理应用传输的授权标记进行加密。电子设备可以同时接收解密后的人脸应用和秘钥管理应用传输的授权标记。After receiving the request instruction, the electronic device can control the face application and the key management application to transmit the authorization mark. The face application and key management application is an application in the trusted mode of operation. Among them, an application for a face application for collecting a face image. The face application and the key management application can use a digital signature method to encrypt the authorization label transmitted by the face application and the authorization token transmitted by the key management application. The electronic device can simultaneously receive the authorization mark transmitted by the decrypted face application and the key management application.
步骤606,将人脸应用传输的授权标记与秘钥管理应用传输的授权标记进行比较,若相同,则人脸信息录入通过。Step 606: compare the authorization mark transmitted by the face application with the authorization mark transmitted by the key management application. If the same, the face information is entered.
电子设备在同时接收到人脸应用传输的授权标记和秘钥管理应用传输的授权标记后,可以对接收到的人脸应用传输的授权标记与秘钥管理应用传输的授权标记进行解密处理。电子设备还可以将解密后的人脸应用传输的授权标记与解密后的秘钥管理应用传输的授权标记进行比较,当人脸应用传输的授权标记与秘钥管理应用传输的授权标记完全相同时,人脸信息录入通过。After receiving the authorization mark transmitted by the face application and the authorization mark transmitted by the key management application, the electronic device may decrypt the authorization mark transmitted by the received face application and the authorization mark transmitted by the key management application. The electronic device may also compare the authorization mark transmitted by the decrypted face application with the authorization mark transmitted by the decrypted key management application, when the authorization mark transmitted by the face application is exactly the same as the authorization mark transmitted by the key management application. , face information is entered.
通过获取人脸信息录入的请求指令,根据请求指令接收可信运行模式中的人脸应用传输的授权标记,以及接收可信运行模式中的秘钥管理应用传输的授权标记,将人脸应用传输的授权标记与秘钥管理应用传输的授权标记进行比较,若相同,则人脸信息录入通过。通过比较授权标记对人脸信息录入是否合法进行验证,可以提高人脸信息录入的安全性。Receiving the request instruction of the face information input, receiving the authorization mark of the face application transmission in the trusted operation mode according to the request instruction, and receiving the authorization mark transmitted by the key management application in the trusted operation mode, and transmitting the face application The authorization token is compared with the authorization token transmitted by the key management application. If the same, the face information is entered. By comparing the authorization flag to verify whether the face information is legally verified, the security of face information entry can be improved.
图7为一个实施例中图像处理方法的软件架构示意图。如图7所示,该软件架构包括应用层710、操作系统720和可信运行环境730。其中,处于可信运行环境730中的模块包括安全服务模块734。硬件层包括泛光灯&镭射灯731、红外摄像头732、微控制单元733等。微控制单元733可通过控制其输入和输出保证数据的安全。微控制单元733可通过控制泛光灯&镭射灯731和红外摄像头732采集安全的红外图像和目标散斑图像,然后将红外图像和目标散斑图像发送传输给可信运行环境730的安全服务模块734中。操作系统720中包含安全管理模块721、人脸管理模块722、摄像头驱动723和摄像头框架724;应用层710中包含应用程序711。应用程序711可以发起图像采集指令,电子设备会通过图像采集指令驱动泛光灯&镭射灯731和红外摄像头732进行工作。例如,在通过采集人脸进行支付、解锁、美颜等操作时,应用程序会发起采集人脸图像的图像采集指令。摄像头获取到红外图像和目标散斑图像之后,会根据图像采集指令判断当前获取的图像是用于安全应用操作还是非安全应用操作。当获取的深度图像是用于安全应用操作时,会通过安全通道将采集的红外图像和目标散斑图像发送到微控制单元733,微控制单元733再根据目标散斑图像与参考散斑图像进行计算得到视差图像,再根据视差图像计算得到深度图像,并将计算得到的深度图像和红外图像发送给安全服务模块734。可以理解的是,根据目标散斑图像计算得到深度图像的过程也可以在安全服务模块734中进行。安全服务模块734会将红外图像与深度图像发送给安全管理模块721。一般地,不同的应用程序711都有对应的安全管理模块721,安全管理模块721会将深度图像和红外图像发送给相应的人脸管理模块722。人脸管理模块722会根据红外图像和深度图像进行人脸检测、识别、验证等处理,再将处理结果发送给上层的应用程序711,应用程序711再根据处理结果进行安全应用操作。当获取的深度图像是用于美颜、AR(Augmented Reality,增强现实技术)等非安全应用时,红外摄像头732采集的红外图像和目标散斑图像可以直接通过非安全通道发送给摄像头驱动723,摄像头驱动723可以根据目标散斑图计算视差图像,并根据视差图像计算得到深度图像。摄像头驱动723可以将红外图像和深度图像发送给摄像头框架724,再由摄像头框架724发送给人脸管理模块722或应用程序711。其中,安全通道和非安全通道的切换是由微控制单元733来完成的。FIG. 7 is a schematic diagram of a software architecture of an image processing method in an embodiment. As shown in FIG. 7, the software architecture includes an application layer 710, an operating system 720, and a trusted operating environment 730. Among them, the module in the trusted operating environment 730 includes a security service module 734. The hardware layer includes a floodlight & laser 731, an infrared camera 732, a micro control unit 733, and the like. The micro control unit 733 can ensure the security of the data by controlling its input and output. The micro control unit 733 can collect the safe infrared image and the target speckle image by controlling the floodlight & laser 731 and the infrared camera 732, and then transmit and transmit the infrared image and the target speckle image to the security service module of the trusted operating environment 730. 734. The operating system 720 includes a security management module 721, a face management module 722, a camera driver 723, and a camera frame 724. The application layer 710 includes an application 711. The application 711 can initiate an image acquisition command, and the electronic device can drive the floodlight & laser 731 and the infrared camera 732 to operate through the image acquisition command. For example, when performing a payment, unlocking, beauty, etc. operation by collecting a face, the application initiates an image acquisition instruction for collecting a face image. After the camera acquires the infrared image and the target speckle image, it determines whether the currently acquired image is for a secure application operation or a non-secure application operation according to the image acquisition instruction. When the acquired depth image is for security application operation, the acquired infrared image and the target speckle image are sent to the micro control unit 733 through the secure channel, and the micro control unit 733 performs the target speckle image and the reference speckle image according to the target image. The parallax image is calculated, and the depth image is calculated according to the parallax image, and the calculated depth image and infrared image are sent to the security service module 734. It can be understood that the process of calculating the depth image from the target speckle image can also be performed in the security service module 734. The security service module 734 sends the infrared image and the depth image to the security management module 721. Generally, different applications 711 have corresponding security management modules 721, and the security management module 721 sends the depth images and infrared images to the corresponding face management module 722. The face management module 722 performs face detection, recognition, verification, and the like according to the infrared image and the depth image, and then sends the processing result to the upper application 711, and the application 711 performs the security application operation according to the processing result. When the acquired depth image is used for non-secure applications such as beauty, AR (Augmented Reality), the infrared image and the target speckle image collected by the infrared camera 732 can be directly sent to the camera driver 723 through the non-secure channel. The camera driver 723 can calculate a parallax image from the target speckle pattern and calculate a depth image from the parallax image. The camera driver 723 can transmit the infrared image and the depth image to the camera frame 724, and then to the face management module 722 or the application 711 by the camera frame 724. The switching between the secure channel and the non-secure channel is performed by the micro control unit 733.
在一个实施例中,提供了一种图像处理方法,实现该方法的具体步骤如下所述:In one embodiment, an image processing method is provided, and the specific steps of implementing the method are as follows:
首先,电子设备可以获取生物信息录入的请求指令。生物信息可以是人脸、指纹、掌纹等生物体特有的信息。生物信息可以通过电子设备上的装置进行录入。请求指令可以是通过电子设备上的装置发出的,请求录入生物信息的指令。当电子设备上录入生物信息的装置开启时,电子设备可以通过开启的装置获取到生物信息录入的请求指令。First, the electronic device can obtain a request instruction for biometric information entry. The biological information may be information unique to a living body such as a face, a fingerprint, or a palm print. Biometric information can be entered via devices on the electronic device. The request command may be an instruction issued by a device on the electronic device to request entry of the biometric information. When the device for recording biometric information on the electronic device is turned on, the electronic device can acquire the request instruction for biometric information input through the opened device.
接着,电子设备还可以获取配置的密码以及获取请求指令时的第一时间戳。电子设备可以获取通过显示屏配置的密码。电子设备还可以获取在获取请求指令时的第一时间戳,第一时间戳是标识获取请求指令时的时间字符序列。电子设备还可以根据密码以及第一时间戳随机生成安全标识符。电子设备在获取到密码和第一时间戳后,可以根据密码和第一时间戳随机生成安全标识符,安全标识符可以是64位的标识符。安全标识符还可以与密码绑定。电子设备还可以根据安全标识符生成授权标记。电子设备可以基于安全标识符生成授权标记。生成的授权标记可以是一个口令集,生成的授权标记可以包含多个关键因子,例如时间戳、安全标识符以及与硬件相关的哈希校验码等。Then, the electronic device can also obtain the configured password and the first time stamp when the request instruction is obtained. The electronic device can obtain a password configured through the display. The electronic device may also acquire a first timestamp when the request instruction is acquired, and the first timestamp is a sequence of time characters when the request instruction is acquired. The electronic device can also randomly generate a security identifier based on the password and the first timestamp. After obtaining the password and the first timestamp, the electronic device may randomly generate a security identifier according to the password and the first timestamp, and the security identifier may be a 64-bit identifier. The security identifier can also be bound to a password. The electronic device can also generate an authorization token based on the security identifier. The electronic device can generate an authorization token based on the security identifier. The generated authorization token can be a password set, and the generated authorization token can contain multiple key factors such as a timestamp, a security identifier, and a hardware-related hash check code.
接着,电子设备可以根据请求指令接收从第一应用传输的授权标记,以及接收从第二应用传输的授权标记。电子设备在接收到请求指令后,可以控制第一应用和第二应用传输授权标记。其中,第一应用传输授权标记的传输通道与第二应用传输授权标记的传输通道是不同的。电子设备可以接收处于可信运行环境或者非可信运行环境中的第一应用传输的授权标记,同时,电子设备还可以接收处于可信运行环境或者非可信运行环境中的第二应用传输的授权标记。Then, the electronic device can receive the authorization flag transmitted from the first application according to the request instruction, and receive the authorization flag transmitted from the second application. After receiving the request instruction, the electronic device may control the first application and the second application to transmit the authorization flag. The transmission channel of the first application transmission authorization mark is different from the transmission channel of the second application transmission authorization mark. The electronic device can receive the authorization mark transmitted by the first application in the trusted running environment or the non-trusted running environment, and the electronic device can also receive the second application transmission in the trusted running environment or the non-trusted running environment. Authorization mark.
电子设备还可以根据请求指令接收第一应用通过非可信运行模式和可信运行模式的共享内存传输的授权标记,以及接收第二应用通过非可信运行模式和可信运行模式的共享内存传输的授权标记。The electronic device may further receive, according to the request instruction, an authorization mark transmitted by the first application through the shared memory of the untrusted operation mode and the trusted operation mode, and receive the shared memory of the second application through the untrusted operation mode and the trusted operation mode. Authorization token.
接着,电子设备还可以将第一应用传输的授权标记与第二应用传输的授权标记进行比较,得到比较结果。电子设备可以接收到由第一应用传输的授权标记以及由第二应用传输的授权标记。授权标记是在电子设备获取录入生物信息的请求指令时生成的,经过了不同的传输通道,电子设备可以将第一应用传输的授权标记与第二应用传输的授权标记进行比较,可以得到第一应用传输的授权标记与第二应用传输的授权标记相同或者不同的比较结果。当第一应用传输的授权标记与第二应用传输的授权标记相同时,电子设备可以判断间隔时长是否超出预设时长,当间隔时长未超出预设时长时,电子设备可以获取验证成功的比较结果。Then, the electronic device may further compare the authorization mark transmitted by the first application with the authorization mark transmitted by the second application to obtain a comparison result. The electronic device can receive the authorization token transmitted by the first application and the authorization token transmitted by the second application. The authorization mark is generated when the electronic device obtains the request instruction for inputting the biological information, and after the different transmission channels, the electronic device can compare the authorization mark transmitted by the first application with the authorization mark transmitted by the second application, and the first The authorization flag transmitted by the application is the same as or different from the authorization flag transmitted by the second application. When the authorization flag transmitted by the first application is the same as the authorization flag transmitted by the second application, the electronic device may determine whether the interval duration exceeds a preset duration. When the interval duration does not exceed the preset duration, the electronic device may obtain a comparison result of successful verification. .
电子设备可以获取当前时刻与第一时间戳之间的间隔时长。电子设备可以获取处于工作状态时当前的时刻。电子设备还可以根据获取的当前时刻和第一时间戳计算出时间差,该时间差就是当前时刻与第一时间戳之间的间隔时长。当间隔时长超出预设时长时,电子设备可以提示异常信息。The electronic device can obtain the interval duration between the current time and the first time stamp. The electronic device can obtain the current time when it is in working state. The electronic device may further calculate a time difference according to the obtained current time and the first timestamp, where the time difference is an interval time between the current time and the first timestamp. When the interval duration exceeds the preset duration, the electronic device can prompt the abnormality information.
其中,第一应用传输的授权标记和第二应用传输的授权标记均为采用数字签名处理后的授权标记。The authorization mark transmitted by the first application and the authorization mark transmitted by the second application are all authorized tokens processed by the digital signature.
应该理解的是,虽然上述流程图中的各个步骤按照箭头的指示依次显示,但是这些步骤并不是必然按照箭头指示的顺序依次执行。除非本文中有明确的说明,这些步骤的执行并没有严格的顺序限制,这些步骤可以以其它的顺序执行。而且,上述流程图中的至少一部分步骤可以包括多个子步骤或者多个阶段,这些子步骤或者阶段并不必然是在同一时刻执行完成,而是可以在不同的时刻执行,这些子步骤或者阶段的执行顺序也不必然是依次进行,而是可以与其它步骤或者其它步骤的子步骤或者阶段的至少一部分轮流或者交替地执行。It should be understood that although the various steps in the above-described flowcharts are sequentially displayed as indicated by the arrows, these steps are not necessarily performed in the order indicated by the arrows. Except as explicitly stated herein, the execution of these steps is not strictly limited, and the steps may be performed in other orders. Moreover, at least some of the steps in the above flow chart may include a plurality of sub-steps or stages, which are not necessarily performed at the same time, but may be executed at different times, and these sub-steps or stages The order of execution is not necessarily performed sequentially, but may be performed alternately or alternately with at least a portion of other steps or sub-steps or stages of other steps.
在一个实施例中,如图8所示,提供了一种图像处理装置,包括:指令获取模块 810,授权标记接收模块820以及授权标记比较模块830,其中:In one embodiment, as shown in FIG. 8, an image processing apparatus is provided, including: an instruction acquisition module 810, an authorization flag receiving module 820, and an authorization flag comparison module 830, wherein:
指令获取模块810,用于获取生物信息录入的请求指令。The instruction acquisition module 810 is configured to acquire a request instruction for biometric information entry.
授权标记接收模块820,用于根据请求指令接收从第一应用传输的授权标记,以及接收从第二应用传输的授权标记。The authorization mark receiving module 820 is configured to receive the authorization mark transmitted from the first application according to the request instruction, and receive the authorization mark transmitted from the second application.
授权标记比较模块830,用于将第一应用传输的授权标记与第二应用传输的授权标记进行比较,得到比较结果。The authorization mark comparison module 830 is configured to compare the authorization mark transmitted by the first application with the authorization mark transmitted by the second application to obtain a comparison result.
在一个实施例中,指令获取模块810还可以用于获取配置的密码以及获取请求指令时的第一时间戳,根据密码以及第一时间戳随机生成安全标识符,根据安全标识符生成授权标记。In an embodiment, the instruction obtaining module 810 is further configured to obtain the configured password and the first timestamp when the request instruction is obtained, randomly generate the security identifier according to the password and the first timestamp, and generate the authorization token according to the security identifier.
在一个实施例中,指令获取模块810还可以用于获取当前时刻与第一时间戳之间的间隔时长,当间隔时长超出预设时长时,提示异常信息。In an embodiment, the instruction acquisition module 810 is further configured to obtain an interval duration between the current time and the first timestamp, and when the interval duration exceeds the preset duration, the abnormality information is prompted.
在一个实施例中,授权标记比较模块830还可以用于当第一应用传输的授权标记与第二应用传输的授权标记相同时,判断间隔时长是否超出预设时长,当间隔时长未超出预设时长时,获取验证成功的比较结果。In an embodiment, the authorization flag comparison module 830 is further configured to: when the authorization flag transmitted by the first application is the same as the authorization flag transmitted by the second application, determine whether the interval duration exceeds a preset duration, when the interval duration does not exceed the preset duration. When the duration is long, the comparison result of the verification success is obtained.
在一个实施例中,授权标记接收模块820还可以用于根据请求指令接收第一应用通过非可信运行模式和可信运行模式的共享内存传输的授权标记,以及接收第二应用通过非可信运行模式和可信运行模式的共享内存传输的授权标记。In an embodiment, the authorization mark receiving module 820 is further configured to receive, according to the request instruction, an authorization mark transmitted by the first application through the shared memory of the untrusted operation mode and the trusted operation mode, and receive the second application by using the non-trusted Authorization token for shared memory transfers in Run mode and Trusted Run mode.
在一个实施例中,第一应用传输的授权标记和第二应用传输的授权标记均为采用数字签名处理后的授权标记。In one embodiment, the authorization token transmitted by the first application and the authorization token transmitted by the second application are both authorized tokens processed by the digital signature.
在一个实施例中,生物信息录入为人脸信息录入,指令获取模块810,还可以用于获取人脸信息录入的请求指令。In one embodiment, the biometric information entry is a face information entry, and the instruction acquisition module 810 is further configured to obtain a request instruction for the face information input.
授权标记接收模块820,还可以用于根据请求指令接收可信运行模式中的人脸应用传输的授权标记,以及接收可信运行模式中的秘钥管理应用传输的授权标记。The authorization mark receiving module 820 is further configured to receive the authorization mark transmitted by the face application in the trusted operation mode according to the request instruction, and receive the authorization mark transmitted by the key management application in the trusted operation mode.
授权标记比较模块830,还可以用于将人脸应用传输的授权标记与秘钥管理应用传输的授权标记进行比较,若相同,则人脸信息录入通过。The authorization mark comparison module 830 can also be used to compare the authorization mark transmitted by the face application with the authorization mark transmitted by the key management application. If the same, the face information is entered.
上述图像处理装置中各个模块的划分仅用于举例说明,在其他实施例中,可将图像处理装置按照需要划分为不同的模块,以完成上述图像处理装置的全部或部分功能。The division of each module in the above image processing apparatus is for illustrative purposes only. In other embodiments, the image processing apparatus may be divided into different modules as needed to complete all or part of the functions of the image processing apparatus.
关于图像处理装置的具体限定可以参见上文中对于图像处理方法的限定,在此不再赘述。上述图像处理装置中的各个模块可全部或部分通过软件、硬件及其组合来实现。上述各模块可以硬件形式内嵌于或独立于计算机设备中的处理器中,也可以以软件形式存储于计算机设备中的存储器中,以便于处理器调用执行以上各个模块对应的操作。For the specific definition of the image processing apparatus, reference may be made to the definition of the image processing method in the above, and details are not described herein again. The various modules in the image processing apparatus described above may be implemented in whole or in part by software, hardware, and combinations thereof. Each of the above modules may be embedded in or independent of the processor in the computer device, or may be stored in a memory in the computer device in a software form, so that the processor invokes the operations corresponding to the above modules.
本申请实施例中提供的图像处理装置中的各个模块的实现可为计算机程序的形式。该计算机程序可在终端或服务器上运行。该计算机程序构成的程序模块可存储在终端或服务器的存储器上。该计算机程序被处理器执行时,实现本申请实施例中所描述方法的步骤。The implementation of each module in the image processing apparatus provided in the embodiments of the present application may be in the form of a computer program. The computer program can run on a terminal or server. The program modules of the computer program can be stored on the memory of the terminal or server. When the computer program is executed by the processor, the steps of the method described in the embodiments of the present application are implemented.
本申请实施例还提供了一种计算机可读存储介质。一个或多个包含计算机可执行指令的非易失性计算机可读存储介质,当所述计算机可执行指令被一个或多个处理器执行时,使得所述处理器执行图像处理方法的步骤。The embodiment of the present application also provides a computer readable storage medium. One or more non-transitory computer readable storage media containing computer executable instructions that, when executed by one or more processors, cause the processor to perform the steps of the image processing method.
一种包含指令的计算机程序产品,当其在计算机上运行时,使得计算机执行图像处理方法。A computer program product comprising instructions that, when executed on a computer, cause the computer to perform an image processing method.
本申请实施例还提供了一种电子设备。如图9所示,为了便于说明,仅示出了与本申请实施例相关的部分,具体技术细节未揭示的,请参照本申请实施例方法部分。该电子设备可以为包括手机、平板电脑、PDA(Personal Digital Assistant,个人数字助理)、POS(Point of Sales,销售终端)、车载电脑、穿戴式设备等任意终端设备, 以电子设备为手机为例:An embodiment of the present application also provides an electronic device. As shown in FIG. 9 , for the convenience of description, only the parts related to the embodiments of the present application are shown. If the specific technical details are not disclosed, please refer to the method part of the embodiment of the present application. The electronic device may be any terminal device including a mobile phone, a tablet computer, a PDA (Personal Digital Assistant), a POS (Point of Sales), a vehicle-mounted computer, a wearable device, and the like, and the electronic device is used as a mobile phone. :
图9为与本申请实施例提供的电子设备相关的手机的部分结构的框图。参考图9,手机包括:射频(Radio Frequency,RF)电路910、存储器920、输入单元930、显示单元940、传感器950、音频电路960、无线保真(wireless fidelity,WiFi)模块970、处理器980、以及电源990等部件。本领域技术人员可以理解,图9所示的手机结构并不构成对手机的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。FIG. 9 is a block diagram showing a partial structure of a mobile phone related to an electronic device according to an embodiment of the present application. Referring to FIG. 9, the mobile phone includes: a radio frequency (RF) circuit 910, a memory 920, an input unit 930, a display unit 940, a sensor 950, an audio circuit 960, a wireless fidelity (WiFi) module 970, and a processor 980. And power supply 990 and other components. It will be understood by those skilled in the art that the structure of the handset shown in FIG. 9 does not constitute a limitation to the handset, and may include more or less components than those illustrated, or some components may be combined, or different component arrangements.
其中,RF电路910可用于收发信息或通话过程中,信号的接收和发送,可将基站的下行信息接收后,给处理器980处理;也可以将上行的数据发送给基站。通常,RF电路包括但不限于天线、至少一个放大器、收发信机、耦合器、低噪声放大器(Low Noise Amplifier,LNA)、双工器等。此外,RF电路910还可以通过无线通信与网络和其他设备通信。上述无线通信可以使用任一通信标准或协议,包括但不限于全球移动通讯系统(Global System of Mobile communication,GSM)、通用分组无线服务(General Packet Radio Service,GPRS)、码分多址(Code Division Multiple Access,CDMA)、宽带码分多址(Wideband Code Division Multiple Access,WCDMA)、长期演进(Long Term Evolution,LTE))、电子邮件、短消息服务(Short Messaging Service,SMS)等。The RF circuit 910 can be used for receiving and transmitting signals during the transmission and reception of information or during a call. The downlink information of the base station can be received and processed by the processor 980. The uplink data can also be sent to the base station. Generally, RF circuits include, but are not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, and the like. In addition, RF circuitry 910 can also communicate with the network and other devices via wireless communication. The above wireless communication may use any communication standard or protocol, including but not limited to Global System of Mobile communication (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (Code Division). Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), e-mail, Short Messaging Service (SMS), and the like.
存储器920可用于存储软件程序以及模块,处理器980通过运行存储在存储器920的软件程序以及模块,从而执行手机的各种功能应用以及数据处理。存储器920可主要包括程序存储区和数据存储区,其中,程序存储区可存储操作系统、至少一个功能所需的应用程序(比如声音播放功能的应用程序、图像播放功能的应用程序等)等;数据存储区可存储根据手机的使用所创建的数据(比如音频数据、通讯录等)等。此外,存储器920可以包括高速随机存取存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件、闪存器件、或其他易失性固态存储器件。The memory 920 can be used to store software programs and modules, and the processor 980 executes various functional applications and data processing of the mobile phone by running software programs and modules stored in the memory 920. The memory 920 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application required for at least one function (such as an application of a sound playing function, an application of an image playing function, etc.); The data storage area can store data (such as audio data, address book, etc.) created according to the use of the mobile phone. Moreover, memory 920 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.
输入单元930可用于接收输入的数字或字符信息,以及产生与手机900的用户设置以及功能控制有关的键信号输入。具体地,输入单元930可包括触控面板931以及其他输入设备932。触控面板931,也可称为触摸屏,可收集用户在其上或附近的触摸操作(比如用户使用手指、触笔等任何适合的物体或附件在触控面板931上或在触控面板931附近的操作),并根据预先设定的程式驱动相应的连接装置。在一个实施例中,触控面板931可包括触摸检测装置和触摸控制器两个部分。其中,触摸检测装置检测用户的触摸方位,并检测触摸操作带来的信号,将信号传送给触摸控制器;触摸控制器从触摸检测装置上接收触摸信息,并将它转换成触点坐标,再送给处理器980,并能接收处理器980发来的命令并加以执行。此外,可以采用电阻式、电容式、红外线以及表面声波等多种类型实现触控面板931。除了触控面板931,输入单元930还可以包括其他输入设备932。具体地,其他输入设备932可以包括但不限于物理键盘、功能键(比如音量控制按键、开关按键等)等中的一种或多种。The input unit 930 can be configured to receive input numeric or character information and to generate key signal inputs related to user settings and function control of the handset 900. Specifically, the input unit 930 may include a touch panel 931 and other input devices 932. The touch panel 931, also referred to as a touch screen, can collect touch operations on or near the user (such as the user using a finger, a stylus, or the like on the touch panel 931 or near the touch panel 931. Operation) and drive the corresponding connection device according to a preset program. In one embodiment, the touch panel 931 can include two portions of a touch detection device and a touch controller. Wherein, the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information. The processor 980 is provided and can receive commands from the processor 980 and execute them. In addition, the touch panel 931 can be implemented in various types such as resistive, capacitive, infrared, and surface acoustic waves. In addition to the touch panel 931, the input unit 930 may also include other input devices 932. Specifically, other input devices 932 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.).
显示单元940可用于显示由用户输入的信息或提供给用户的信息以及手机的各种菜单。显示单元940可包括显示面板941。在一个实施例中,可以采用液晶显示器(Liquid Crystal Display,LCD)、有机发光二极管(Organic Light-Emitting Diode,OLED)等形式来配置显示面板941。在一个实施例中,触控面板931可覆盖显示面板941,当触控面板931检测到在其上或附近的触摸操作后,传送给处理器980以确定触摸事件的类型,随后处理器980根据触摸事件的类型在显示面板941上提供相应的视觉输出。虽然在图9中,触控面板931与显示面板941是作为两个独立的部件来实现手机的输入和输入功能,但是在某些实施例中,可以将触控面板931与显示面板941集成而实现手机的输入和输出功能。The display unit 940 can be used to display information input by the user or information provided to the user as well as various menus of the mobile phone. The display unit 940 can include a display panel 941. In one embodiment, the display panel 941 may be configured in the form of a liquid crystal display (LCD), an organic light-emitting diode (OLED), or the like. In one embodiment, the touch panel 931 can cover the display panel 941. When the touch panel 931 detects a touch operation on or near it, the touch panel 931 transmits to the processor 980 to determine the type of the touch event, and then the processor 980 is The type of touch event provides a corresponding visual output on display panel 941. Although the touch panel 931 and the display panel 941 are used as two independent components to implement the input and input functions of the mobile phone in FIG. 9, in some embodiments, the touch panel 931 and the display panel 941 may be integrated. Realize the input and output functions of the phone.
手机900还可包括至少一种传感器950,比如光传感器、运动传感器以及其他传感器。具体地,光传感器可包括环境光传感器及接近传感器,其中,环境光传感器可根据环境光线的明暗来调节显示面板941的亮度,接近传感器可在手机移动到耳边时,关闭显示面板941和/或背光。运动传感器可包括加速度传感器,通过加速度传感器可检测各个方向上加速度的大小,静止时可检测出重力的大小及方向,可用于识别手机姿态的应用(比如横竖屏切换)、振动识别相关功能(比如计步器、敲击)等;此外,手机还可配置陀螺仪、气压计、湿度计、温度计、红外线传感器等其他传感器等。The handset 900 can also include at least one type of sensor 950, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 941 according to the brightness of the ambient light, and the proximity sensor may close the display panel 941 and/or when the mobile phone moves to the ear. Or backlight. The motion sensor may include an acceleration sensor, and the acceleration sensor can detect the magnitude of the acceleration in each direction, and the magnitude and direction of the gravity can be detected at rest, and can be used to identify the gesture of the mobile phone (such as horizontal and vertical screen switching), and vibration recognition related functions (such as Pedometer, tapping, etc.; in addition, the phone can also be equipped with gyroscopes, barometers, hygrometers, thermometers, infrared sensors and other sensors.
音频电路960、扬声器961和传声器962可提供用户与手机之间的音频接口。音频电路960可将接收到的音频数据转换后的电信号,传输到扬声器961,由扬声器961转换为声音信号输出;另一方面,传声器962将收集的声音信号转换为电信号,由音频电路960接收后转换为音频数据,再将音频数据输出处理器980处理后,经RF电路910可以发送给另一手机,或者将音频数据输出至存储器920以便后续处理。 Audio circuitry 960, speaker 961, and microphone 962 can provide an audio interface between the user and the handset. The audio circuit 960 can transmit the converted electrical data of the received audio data to the speaker 961, and convert it into a sound signal output by the speaker 961. On the other hand, the microphone 962 converts the collected sound signal into an electrical signal, and the audio circuit 960 After receiving, it is converted into audio data, and after being processed by the audio data output processor 980, it can be sent to another mobile phone via the RF circuit 910, or the audio data can be output to the memory 920 for subsequent processing.
WiFi属于短距离无线传输技术,手机通过WiFi模块970可以帮助用户收发电子邮件、浏览网页和访问流式媒体等,它为用户提供了无线的宽带互联网访问。虽然图9示出了WiFi模块970,但是可以理解的是,其并不属于手机900的必须构成,可以根据需要而省略。WiFi is a short-range wireless transmission technology, and the mobile phone can help users to send and receive emails, browse web pages, and access streaming media through the WiFi module 970, which provides users with wireless broadband Internet access. Although FIG. 9 shows the WiFi module 970, it can be understood that it does not belong to the essential configuration of the mobile phone 900 and can be omitted as needed.
处理器980是手机的控制中心,利用各种接口和线路连接整个手机的各个部分,通过运行或执行存储在存储器920内的软件程序和/或模块,以及调用存储在存储器920内的数据,执行手机的各种功能和处理数据,从而对手机进行整体监控。在一个实施例中,处理器980可包括一个或多个处理单元。在一个实施例中,处理器980可集成应用处理器和调制解调处理器,其中,应用处理器主要处理操作系统、用户界面和应用程序等;调制解调处理器主要处理无线通信。可以理解的是,上述调制解调处理器也可以不集成到处理器980中。The processor 980 is the control center of the handset, which connects various portions of the entire handset using various interfaces and lines, by executing or executing software programs and/or modules stored in the memory 920, and invoking data stored in the memory 920, executing The phone's various functions and processing data, so that the overall monitoring of the phone. In one embodiment, processor 980 can include one or more processing units. In one embodiment, the processor 980 can integrate an application processor and a modem processor, wherein the application processor primarily processes an operating system, a user interface, an application, and the like; the modem processor primarily processes wireless communications. It will be appreciated that the above described modem processor may also not be integrated into the processor 980.
手机900还包括给各个部件供电的电源990(比如电池),优选的,电源可以通过电源管理系统与处理器980逻辑相连,从而通过电源管理系统实现管理充电、放电、以及功耗管理等功能。The mobile phone 900 also includes a power source 990 (such as a battery) that supplies power to various components. Preferably, the power source can be logically coupled to the processor 980 through a power management system to manage functions such as charging, discharging, and power management through the power management system.
在一个实施例中,手机900还可以包括摄像头、蓝牙模块等。In one embodiment, the handset 900 can also include a camera, a Bluetooth module, and the like.
在本申请实施例中,该电子设备所包括的处理器980执行存储在存储器上的计算机程序时实现图像处理方法的步骤。In the embodiment of the present application, the processor 980 included in the electronic device implements the steps of the image processing method when executing the computer program stored in the memory.
本申请所使用的对存储器、存储、数据库或其它介质的任何引用可包括非易失性和/或易失性存储器。非易失性存储器可包括只读存储器(ROM)、可编程ROM(PROM)、电可编程ROM(EPROM)、电可擦除可编程ROM(EEPROM)或闪存。易失性存储器可包括随机存取存储器(RAM),它用作外部高速缓冲存储器。作为说明而非局限,RAM以多种形式可得,诸如静态RAM(SRAM)、动态RAM(DRAM)、同步DRAM(SDRAM)、双数据率SDRAM(DDR SDRAM)、增强型SDRAM(ESDRAM)、同步链路(Synchlink)DRAM(SLDRAM)、存储器总线(Rambus)直接RAM(RDRAM)、直接存储器总线动态RAM(DRDRAM)、以及存储器总线动态RAM(RDRAM)。Any reference to a memory, storage, database or other medium used herein may include non-volatile and/or volatile memory. Non-volatile memory can include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory. Volatile memory can include random access memory (RAM), which acts as an external cache. By way of illustration and not limitation, RAM is available in a variety of forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), dual data rate SDRAM (DDR SDRAM), enhanced SDRAM (ESDRAM), synchronization. Link (Synchlink) DRAM (SLDRAM), Memory Bus (Rambus) Direct RAM (RDRAM), Direct Memory Bus Dynamic RAM (DRDRAM), and Memory Bus Dynamic RAM (RDRAM).
以上所述实施例仅表达了本申请的几种实施方式,其描述较为具体和详细,但并不能因此而理解为对本申请专利范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本申请构思的前提下,还可以做出若干变形和改进,这些都属于本申请的保护范围。因此,本申请专利的保护范围应以所附权利要求为准。The above-mentioned embodiments are merely illustrative of several embodiments of the present application, and the description thereof is more specific and detailed, but is not to be construed as limiting the scope of the claims. It should be noted that a number of variations and modifications may be made by those skilled in the art without departing from the spirit and scope of the present application. Therefore, the scope of the invention should be determined by the appended claims.

Claims (22)

  1. 一种图像处理方法,其特征在于,包括:An image processing method, comprising:
    获取生物信息录入的请求指令;Obtaining a request instruction for biometric information entry;
    根据所述请求指令接收从第一应用传输的授权标记,以及接收从第二应用传输的授权标记;Receiving an authorization flag transmitted from the first application according to the request instruction, and receiving an authorization flag transmitted from the second application;
    将所述第一应用传输的授权标记与所述第二应用传输的授权标记进行比较,得到比较结果。Comparing the authorization token transmitted by the first application with the authorization token transmitted by the second application to obtain a comparison result.
  2. 根据权利要求1所述的方法,其特征在于,在获取生物识别的请求指令之后,所述方法还包括:The method according to claim 1, wherein after obtaining the biometric request request, the method further comprises:
    获取配置的密码以及获取所述请求指令时的第一时间戳;Obtaining a configured password and a first timestamp when the request instruction is obtained;
    根据所述密码以及所述第一时间戳随机生成安全标识符;Generating a security identifier randomly according to the password and the first timestamp;
    根据所述安全标识符生成授权标记。An authorization token is generated based on the security identifier.
  3. 根据权利要求2所述的方法,其特征在于,所述方法还包括:The method of claim 2, wherein the method further comprises:
    获取当前时刻与所述第一时间戳之间的间隔时长;Obtaining an interval between the current time and the first timestamp;
    当所述间隔时长超出预设时长时,提示异常信息。When the interval duration exceeds the preset duration, an exception message is presented.
  4. 根据权利要求3所述的方法,其特征在于,所述将所述第一应用传输的授权标记与所述第二应用传输的授权标记进行比较,得到比较结果,包括:The method according to claim 3, wherein the comparing the authorization mark transmitted by the first application with the authorization mark transmitted by the second application to obtain a comparison result, comprising:
    当所述第一应用传输的授权标记与所述第二应用传输的授权标记相同时,判断所述间隔时长是否超出预设时长;When the authorization flag transmitted by the first application is the same as the authorization flag transmitted by the second application, determining whether the interval duration exceeds a preset duration;
    当所述间隔时长未超出预设时长时,获取验证成功的比较结果。When the interval duration does not exceed the preset duration, a comparison result of successful verification is obtained.
  5. 根据权利要求1所述的方法,其特征在于,所述根据所述请求指令接收从第一应用传输的授权标记,以及接收从第二应用传输的授权标记,包括:The method according to claim 1, wherein the receiving the authorization flag transmitted from the first application according to the request instruction, and receiving the authorization flag transmitted from the second application, comprises:
    根据所述请求指令接收第一应用通过非可信运行模式和可信运行模式的共享内存传输的授权标记,以及接收第二应用通过非可信运行模式和可信运行模式的共享内存传输的授权标记。Receiving, according to the request instruction, an authorization flag of the shared memory transmitted by the first application through the non-trusted operation mode and the trusted operation mode, and receiving the authorization of the second application to transmit through the shared memory of the untrusted operation mode and the trusted operation mode mark.
  6. 根据权利要求1所述的方法,其特征在于,所述第一应用传输的授权标记和第二应用传输的授权标记均为采用数字签名处理后的授权标记。The method according to claim 1, wherein the authorization mark transmitted by the first application and the authorization mark transmitted by the second application are authorization marks processed by using a digital signature.
  7. 根据权利要求1至6任一项所述的方法,其特征在于,所述生物信息录入为人脸信息录入;所述方法还包括:The method according to any one of claims 1 to 6, wherein the biometric information entry is face information entry; the method further comprises:
    获取人脸信息录入的请求指令;Obtaining a request instruction for entering face information;
    根据所述请求指令接收可信运行模式中的人脸应用传输的授权标记,以及接收可信运行模式中的秘钥管理应用传输的授权标记;Receiving, according to the request instruction, an authorization mark transmitted by the face application in the trusted operation mode, and receiving an authorization mark transmitted by the key management application in the trusted operation mode;
    将所述人脸应用传输的授权标记与所述秘钥管理应用传输的授权标记进行比较,若相同,则人脸信息录入通过。The authorization mark transmitted by the face application is compared with the authorization mark transmitted by the key management application, and if the same, the face information is entered.
  8. 一种图像处理装置,其特征在于,包括:An image processing apparatus, comprising:
    指令获取模块,用于获取生物信息录入的请求指令;An instruction acquisition module, configured to acquire a request instruction for biometric information entry;
    授权标记接收模块,用于根据所述请求指令接收从第一应用传输的授权标记,以及接收从第二应用传输的授权标记;An authorization mark receiving module, configured to receive an authorization mark transmitted from the first application according to the request instruction, and receive an authorization mark transmitted from the second application;
    授权标记比较模块,用于将所述第一应用传输的授权标记与所述第二应用传输的授权标记进行比较,得到比较结果。The authorization mark comparison module is configured to compare the authorization mark transmitted by the first application with the authorization mark transmitted by the second application to obtain a comparison result.
  9. 一种电子设备,包括存储器及处理器,所述存储器中储存有计算机程序,所述计算机程序被所述处理器执行时,使得所述处理器执行:An electronic device comprising a memory and a processor, wherein the memory stores a computer program, and when the computer program is executed by the processor, the processor executes:
    获取生物信息录入的请求指令;Obtaining a request instruction for biometric information entry;
    根据所述请求指令接收从第一应用传输的授权标记,以及接收从第二应用传输的 授权标记;Receiving an authorization flag transmitted from the first application according to the request instruction, and receiving an authorization flag transmitted from the second application;
    将所述第一应用传输的授权标记与所述第二应用传输的授权标记进行比较,得到比较结果。Comparing the authorization token transmitted by the first application with the authorization token transmitted by the second application to obtain a comparison result.
  10. 根据权利要求9所述的电子设备,其特征在于,所述计算机程序被所述处理器执行时,使得所述处理器执行:The electronic device of claim 9 wherein said computer program, when executed by said processor, causes said processor to:
    获取配置的密码以及获取所述请求指令时的第一时间戳;Obtaining a configured password and a first timestamp when the request instruction is obtained;
    根据所述密码以及所述第一时间戳随机生成安全标识符;Generating a security identifier randomly according to the password and the first timestamp;
    根据所述安全标识符生成授权标记。An authorization token is generated based on the security identifier.
  11. 根据权利要求10所述的电子设备,其特征在于,所述计算机程序被所述处理器执行时,使得所述处理器执行:The electronic device of claim 10 wherein said computer program, when executed by said processor, causes said processor to:
    获取当前时刻与所述第一时间戳之间的间隔时长;Obtaining an interval between the current time and the first timestamp;
    当所述间隔时长超出预设时长时,提示异常信息。When the interval duration exceeds the preset duration, an exception message is presented.
  12. 根据权利要求11所述的电子设备,其特征在于,所述计算机程序被所述处理器执行时,使得所述处理器执行:The electronic device of claim 11 wherein said computer program, when executed by said processor, causes said processor to:
    当所述第一应用传输的授权标记与所述第二应用传输的授权标记相同时,判断所述间隔时长是否超出预设时长;When the authorization flag transmitted by the first application is the same as the authorization flag transmitted by the second application, determining whether the interval duration exceeds a preset duration;
    当所述间隔时长未超出预设时长时,获取验证成功的比较结果。When the interval duration does not exceed the preset duration, a comparison result of successful verification is obtained.
  13. 根据权利要求9所述的电子设备,其特征在于,所述计算机程序被所述处理器执行时,使得所述处理器执行:The electronic device of claim 9 wherein said computer program, when executed by said processor, causes said processor to:
    根据所述请求指令接收第一应用通过非可信运行模式和可信运行模式的共享内存传输的授权标记,以及接收第二应用通过非可信运行模式和可信运行模式的共享内存传输的授权标记。Receiving, according to the request instruction, an authorization flag of the shared memory transmitted by the first application through the non-trusted operation mode and the trusted operation mode, and receiving the authorization of the second application to transmit through the shared memory of the untrusted operation mode and the trusted operation mode mark.
  14. 根据权利要求9所述的电子设备,其特征在于,所述第一应用传输的授权标记和第二应用传输的授权标记均为采用数字签名处理后的授权标记。The electronic device according to claim 9, wherein the authorization mark transmitted by the first application and the authorization mark transmitted by the second application are authorization marks processed by using a digital signature.
  15. 根据权利要求9至14任一项所述的电子设备,其特征在于,所述生物信息录入为人脸信息录入;所述计算机程序被所述处理器执行时,使得所述处理器执行:The electronic device according to any one of claims 9 to 14, wherein the biometric information is entered as face information; and when the computer program is executed by the processor, the processor executes:
    获取人脸信息录入的请求指令;Obtaining a request instruction for entering face information;
    根据所述请求指令接收可信运行模式中的人脸应用传输的授权标记,以及接收可信运行模式中的秘钥管理应用传输的授权标记;Receiving, according to the request instruction, an authorization mark transmitted by the face application in the trusted operation mode, and receiving an authorization mark transmitted by the key management application in the trusted operation mode;
    将所述人脸应用传输的授权标记与所述秘钥管理应用传输的授权标记进行比较,若相同,则人脸信息录入通过。The authorization mark transmitted by the face application is compared with the authorization mark transmitted by the key management application, and if the same, the face information is entered.
  16. 一种计算机可读存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现:A computer readable storage medium having stored thereon a computer program, wherein the computer program is executed by a processor to:
    获取生物信息录入的请求指令;Obtaining a request instruction for biometric information entry;
    根据所述请求指令接收从第一应用传输的授权标记,以及接收从第二应用传输的授权标记;Receiving an authorization flag transmitted from the first application according to the request instruction, and receiving an authorization flag transmitted from the second application;
    将所述第一应用传输的授权标记与所述第二应用传输的授权标记进行比较,得到比较结果。Comparing the authorization token transmitted by the first application with the authorization token transmitted by the second application to obtain a comparison result.
  17. 根据权利要求16所述的计算机可读存储介质,其特征在于,所述计算机程序被处理器执行时实现:The computer readable storage medium of claim 16 wherein said computer program is executed by a processor to:
    获取配置的密码以及获取所述请求指令时的第一时间戳;Obtaining a configured password and a first timestamp when the request instruction is obtained;
    根据所述密码以及所述第一时间戳随机生成安全标识符;Generating a security identifier randomly according to the password and the first timestamp;
    根据所述安全标识符生成授权标记。An authorization token is generated based on the security identifier.
  18. 根据权利要求17所述的计算机可读存储介质,其特征在于,所述计算机程序被处理器执行时实现:The computer readable storage medium of claim 17, wherein the computer program is implemented by a processor to:
    获取当前时刻与所述第一时间戳之间的间隔时长;Obtaining an interval between the current time and the first timestamp;
    当所述间隔时长超出预设时长时,提示异常信息。When the interval duration exceeds the preset duration, an exception message is presented.
  19. 根据权利要求18所述的计算机可读存储介质,其特征在于,所述计算机程序被处理器执行时实现:The computer readable storage medium of claim 18, wherein the computer program is implemented by a processor to:
    当所述第一应用传输的授权标记与所述第二应用传输的授权标记相同时,判断所述间隔时长是否超出预设时长;When the authorization flag transmitted by the first application is the same as the authorization flag transmitted by the second application, determining whether the interval duration exceeds a preset duration;
    当所述间隔时长未超出预设时长时,获取验证成功的比较结果。When the interval duration does not exceed the preset duration, a comparison result of successful verification is obtained.
  20. 根据权利要求16所述的计算机可读存储介质,其特征在于,所述计算机程序被处理器执行时实现:The computer readable storage medium of claim 16 wherein said computer program is executed by a processor to:
    根据所述请求指令接收第一应用通过非可信运行模式和可信运行模式的共享内存传输的授权标记,以及接收第二应用通过非可信运行模式和可信运行模式的共享内存传输的授权标记。Receiving, according to the request instruction, an authorization flag of the shared memory transmitted by the first application through the non-trusted operation mode and the trusted operation mode, and receiving the authorization of the second application to transmit through the shared memory of the untrusted operation mode and the trusted operation mode mark.
  21. 根据权利要求16所述的计算机可读存储介质,其特征在于,所述第一应用传输的授权标记和第二应用传输的授权标记均为采用数字签名处理后的授权标记。The computer readable storage medium according to claim 16, wherein the authorization mark transmitted by the first application and the authorization mark transmitted by the second application are authorization marks processed by using a digital signature.
  22. 根据权利要求16至21任一项所述的计算机可读存储介质,其特征在于,所述生物信息录入为人脸信息录入;所述计算机程序被处理器执行时实现:The computer readable storage medium according to any one of claims 16 to 21, wherein the biometric information entry is face information entry; and the computer program is executed by the processor to:
    获取人脸信息录入的请求指令;Obtaining a request instruction for entering face information;
    根据所述请求指令接收可信运行模式中的人脸应用传输的授权标记,以及接收可信运行模式中的秘钥管理应用传输的授权标记;Receiving, according to the request instruction, an authorization mark transmitted by the face application in the trusted operation mode, and receiving an authorization mark transmitted by the key management application in the trusted operation mode;
    将所述人脸应用传输的授权标记与所述秘钥管理应用传输的授权标记进行比较,若相同,则人脸信息录入通过。The authorization mark transmitted by the face application is compared with the authorization mark transmitted by the key management application, and if the same, the face information is entered.
PCT/CN2019/080556 2018-04-28 2019-03-29 Image processing method and apparatus, electronic device, and storage medium WO2019205888A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810401358.3A CN108763895B (en) 2018-04-28 2018-04-28 Image processing method and device, electronic equipment and storage medium
CN201810401358.3 2018-04-28

Publications (1)

Publication Number Publication Date
WO2019205888A1 true WO2019205888A1 (en) 2019-10-31

Family

ID=64008649

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/080556 WO2019205888A1 (en) 2018-04-28 2019-03-29 Image processing method and apparatus, electronic device, and storage medium

Country Status (2)

Country Link
CN (1) CN108763895B (en)
WO (1) WO2019205888A1 (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108763895B (en) * 2018-04-28 2021-03-30 Oppo广东移动通信有限公司 Image processing method and device, electronic equipment and storage medium
CN109961062A (en) * 2019-04-16 2019-07-02 北京迈格威科技有限公司 Image-recognizing method, device, terminal and readable storage medium storing program for executing
CN112218279B (en) * 2020-10-14 2024-06-11 福建小飞科技有限公司 Method and device for controlling display terminal by multi-protocol handheld terminal
CN113411355B (en) * 2021-08-19 2021-11-09 深圳百昱达科技有限公司 Internet-based application registration method and related device
CN117075966B (en) * 2023-08-31 2024-04-19 中科驭数(北京)科技有限公司 Instruction processing method, device, equipment and readable storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105260663A (en) * 2015-09-15 2016-01-20 中国科学院信息工程研究所 Secure storage service system and method based on TrustZone technology
CN107038414A (en) * 2017-03-08 2017-08-11 广东欧珀移动通信有限公司 A kind of fingerprint template synchronous method and equipment
CN107169343A (en) * 2017-04-25 2017-09-15 深圳市金立通信设备有限公司 A kind of method and terminal of control application program
US20180053005A1 (en) * 2016-08-22 2018-02-22 Mastercard International Incorporated Method and system for secure device based biometric authentication scheme
CN107818253A (en) * 2017-10-18 2018-03-20 广东欧珀移动通信有限公司 Face template data inputting control method and Related product
CN108763895A (en) * 2018-04-28 2018-11-06 Oppo广东移动通信有限公司 Image processing method and device, electronic equipment, storage medium

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2414246C (en) * 2001-05-14 2014-01-28 Ntt Docomo, Inc. System for managing program stored in storage block of mobile terminal
KR101832761B1 (en) * 2011-05-26 2018-02-27 엘지전자 주식회사 Display device, method for remotely controlling display device
US9652617B1 (en) * 2013-06-25 2017-05-16 Amazon Technologies, Inc. Analyzing security of applications
CN105740833B (en) * 2016-02-03 2019-03-22 北京工业大学 A kind of Human bodys' response method based on depth sequence
CN107437996B (en) * 2016-05-27 2020-02-21 宇龙计算机通信科技(深圳)有限公司 Identity authentication method, device and terminal
CN106022011A (en) * 2016-05-30 2016-10-12 合欢森林网络科技(北京)有限公司 Image-based confidential information spreading method, device and system
CN107707355B (en) * 2016-08-08 2021-02-05 中国电信股份有限公司 Terminal authentication method and system
CN106411533B (en) * 2016-11-10 2019-07-02 西安电子科技大学 The online fingerprint identification system and method for two-way secret protection
CN106789073B (en) * 2016-12-26 2019-10-15 北京小米支付技术有限公司 Signing messages generation method and device
CN106960147A (en) * 2017-04-11 2017-07-18 广东小天才科技有限公司 Privacy information protection method and device and user equipment
CN107491681B (en) * 2017-08-25 2020-09-08 北京小米移动软件有限公司 Fingerprint information processing method and device
CN107818252B (en) * 2017-10-10 2020-01-14 Oppo广东移动通信有限公司 Face recognition information synchronization method and related product
CN107766713B (en) * 2017-10-18 2020-02-18 Oppo广东移动通信有限公司 Face template data entry control method and related product
CN107944248A (en) * 2017-12-14 2018-04-20 郑州云海信息技术有限公司 A kind of LINUX operating system login methods based on recognition of face and Quick Response Code double authentication

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105260663A (en) * 2015-09-15 2016-01-20 中国科学院信息工程研究所 Secure storage service system and method based on TrustZone technology
US20180053005A1 (en) * 2016-08-22 2018-02-22 Mastercard International Incorporated Method and system for secure device based biometric authentication scheme
CN107038414A (en) * 2017-03-08 2017-08-11 广东欧珀移动通信有限公司 A kind of fingerprint template synchronous method and equipment
CN107169343A (en) * 2017-04-25 2017-09-15 深圳市金立通信设备有限公司 A kind of method and terminal of control application program
CN107818253A (en) * 2017-10-18 2018-03-20 广东欧珀移动通信有限公司 Face template data inputting control method and Related product
CN108763895A (en) * 2018-04-28 2018-11-06 Oppo广东移动通信有限公司 Image processing method and device, electronic equipment, storage medium

Also Published As

Publication number Publication date
CN108763895A (en) 2018-11-06
CN108763895B (en) 2021-03-30

Similar Documents

Publication Publication Date Title
WO2019205888A1 (en) Image processing method and apparatus, electronic device, and storage medium
CN109472166B (en) Electronic signature method, device, equipment and medium
WO2021120793A1 (en) Face image transmission method and apparatus, numerical value transfer method and apparatus, and electronic device
CN110689460B (en) Traffic accident data processing method, device, equipment and medium based on block chain
WO2017020630A1 (en) Method, apparatus and system for processing order information
WO2017041599A1 (en) Service processing method and electronic device
CN105656627B (en) Identity authentication method, device, system, processing method, equipment and storage medium
US11496900B2 (en) Electronic device and method for storing user identification information
CN109416800B (en) Authentication method of mobile terminal and mobile terminal
US11017066B2 (en) Method for associating application program with biometric feature, apparatus, and mobile terminal
CN107437009A (en) Authority control method and related product
KR102456020B1 (en) Electronic device for including autograph in e-paper and control method thereof
CN108923931B (en) Electronic certificate processing method and device and computer readable storage medium
WO2020047868A1 (en) Business processing method and device
WO2019196693A1 (en) Application control method and device, readable storage medium and terminal
CN105281907B (en) Encrypted data processing method and device
US10658864B2 (en) Multifunctional wireless charging system and its data transmission method
KR102616421B1 (en) Payment method using biometric authentication and electronic device thereof
CN111181909B (en) Identity information acquisition method and related device
US11562054B2 (en) Authorized gesture control methods and apparatus
US20240095329A1 (en) Cross-Device Authentication Method and Electronic Device
US10009834B2 (en) Apparatus and method for accessing electronic device having hot spot function
KR102208631B1 (en) Method for inputting/outputting security information and Electronic device using the same
CN110837630B (en) Login method, image processing method and electronic device
US11251980B2 (en) Electronic devices and corresponding methods for verifying device security prior to use

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19791860

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19791860

Country of ref document: EP

Kind code of ref document: A1