WO2020220213A1 - Biological feature recognition method and electronic device - Google Patents

Biological feature recognition method and electronic device Download PDF

Info

Publication number
WO2020220213A1
WO2020220213A1 PCT/CN2019/085036 CN2019085036W WO2020220213A1 WO 2020220213 A1 WO2020220213 A1 WO 2020220213A1 CN 2019085036 W CN2019085036 W CN 2019085036W WO 2020220213 A1 WO2020220213 A1 WO 2020220213A1
Authority
WO
WIPO (PCT)
Prior art keywords
identified
biological feature
security environment
environment
biometric
Prior art date
Application number
PCT/CN2019/085036
Other languages
French (fr)
Chinese (zh)
Inventor
李彦青
李洪生
Original Assignee
深圳市汇顶科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市汇顶科技股份有限公司 filed Critical 深圳市汇顶科技股份有限公司
Priority to PCT/CN2019/085036 priority Critical patent/WO2020220213A1/en
Priority to CN201980000671.9A priority patent/CN110235141B/en
Publication of WO2020220213A1 publication Critical patent/WO2020220213A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/25Fusion techniques
    • G06F18/254Fusion techniques of classification results, e.g. of results related to same input data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/70Multimodal biometrics, e.g. combining information from different biometric modalities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/50Maintenance of biometric data or enrolment thereof
    • G06V40/53Measures to keep reference information secret, e.g. cancellable biometrics

Definitions

  • the embodiments of the present application relate to the field of biometric identification technology, and in particular, to a biometric identification method and electronic equipment.
  • biometric identification technology is being used more and more widely in embedded terminal equipment, such as mobile phone unlocking, access control system, mobile payment and various smart locks.
  • Security is one of the focuses of biometric identification technology, and security is restricted by the limited resources of terminal equipment, such as processor frequency and memory space. Among them, low power consumption is especially important for embedded terminal equipment. As well as security requirements, providing a biometric identification solution with higher security has become a technical problem to be solved urgently.
  • biometric identification method and electronic device provided by the embodiments of the present application are used to at least solve the above-mentioned problems in the prior art.
  • the embodiment of the application provides a biometric identification method, which includes:
  • the embodiment of the present application provides an electronic device configured with a first security environment and a second security environment, in the first security environment, the legality of the biological feature to be identified is first determined, and in the second security environment, the identification is to be performed The legality of the biological feature is judged again to determine whether the biological feature to be identified is legal based on the result of the initial judgment and the result of the second judgment.
  • judging whether the biological feature to be identified is legal based on the result of the initial judgment and the result of the second judgment includes:
  • first recognition result and the second recognition result both indicate that the biometric feature to be recognized is legal, then it is determined that the biometric feature to be recognized is legal; or,
  • the recognition of the biological feature to be recognized in the second security environment is initiated to generate a second recognition Result; otherwise, it is directly determined that the biological feature to be identified is illegal.
  • the amount of data calculation when recognizing the biological feature to be identified in the first security environment is greater than the amount of data calculation when recognizing the biological feature to be recognized in the second security environment the amount.
  • the biometric template data corresponding to the same biometric template is scattered and stored in the first security environment and the second security environment; correspondingly,
  • Performing the initial judgment on the legality of the biological feature to be identified in the first security environment includes: using the biometric template data stored in the first security environment to make the initial judgment on the legality of the biological feature to be identified;
  • Re-judging the legitimacy of the biological feature to be identified in the second security environment includes: using the biometric template data stored in the second security environment to judge the legitimacy of the biological feature to be identified again.
  • the method further includes: analyzing the sample image to obtain the first biological feature to be recognized, so as to recognize the first biological feature to be recognized in the first security environment to generate the first recognition result.
  • the method further includes: analyzing the sample image to obtain the second biological feature to be recognized, so as to recognize the second biological feature to be recognized in the first security environment to generate a second recognition result.
  • the security of the first secure environment is less than the security of the second secure environment.
  • the first security environment is a trusted execution environment or a rich execution environment
  • the second security environment is a chip-level security environment.
  • it further includes: according to the identity verification request of the upper-level biometric application, initiating the identification of the biometric to be identified in the first security environment to generate the first identification result, and/or , Start to recognize the biological feature to be recognized in the second security environment to generate the second recognition result.
  • the method further includes: the first security environment returns the first recognition result to the upper-level biometric application; and/or, the second security environment reports the The upper-level biometric application returns the second recognition result.
  • the legality of the biometrics to be identified is judged for the first time in the first safe environment; the legality of the biometrics to be identified is judged again in the second safe environment; The result of the initial judgment and the result of the second judgment determine whether the biological feature to be identified is legal. It can be seen that, since the biometrics to be identified are recognized in the first security environment and the second security environment, the resource requirements for biometric identification are reduced; in addition, it is equivalent to whether the biometrics to be identified are legally performed. Double judgment, thereby improving the safety of biometric identification.
  • FIG. 1 is a schematic diagram of the application of the biometric identification scheme in the first embodiment of the application on electronic equipment
  • FIG. 2 is a schematic diagram of the flow of the biometric identification method in the second embodiment of this application.
  • FIG. 3 is a schematic flowchart of the biometric identification method in Embodiment 3 of this application.
  • the legality of the biometrics to be identified is judged for the first time in the first safe environment; the legality of the biometrics to be identified is judged again in the second safe environment; according to the result of the initial judgment And the result of the re-judgment, judging whether the biological feature to be identified is legal. It can be seen that, since the biometrics to be identified are recognized in the first security environment and the second security environment, the resource requirements for biometric identification are reduced; in addition, it is equivalent to double checking whether the biometrics to be identified are legal or not. Judgment, thereby improving the security of biometric identification.
  • the application of the biometric identification scheme of the embodiments of the present application to embedded electronic devices is used as an example for description, and the first security environment and the second security environment are specifically configured on them.
  • the first The security environment is a Trusted Execution Environment (TEE) or a Rich Execution Environment (REE)
  • the second security environment is a chip-level security environment such as a secure element (SE).
  • the first security environment is a trusted execution environment TEE and the second security environment is a secure element SE as an example for description.
  • the first security environment and the second security environment are not limited to the specific environments exemplified here, as long as they can reduce the resources required for biometric identification. Requirements, and any environment that can improve the security of biometric identification.
  • biological features to be identified in the following embodiments may be fingerprint features, palm print features, lip print features, iris features, and other biological features with identity attributes.
  • FIG 1 is a schematic diagram of the application of the biometric identification scheme in the first embodiment of the application on electronic equipment; as shown in Figure 1, the electronic equipment is equipped with rich execution environment REE, trusted execution environment TEE, secure element SE, rich execution
  • the environment REE can run various third-party identity authentication applications
  • the trusted execution environment TEE runs the biometric authentication trusted application (Trusted Application, referred to as TA) corresponding to the third-party identity authentication application
  • the secure element SE runs simultaneously A trusted application TA of biometrics corresponding to a third-party identity authentication application.
  • TA biometric authentication trusted application
  • the trusted application TA of biometrics in the trusted execution environment TEE is used to control the initial judgment of the legality of the biometrics to be identified according to the biometric template in the first secure environment, and to enable the secure element if necessary
  • the biometric identification trusted application TA on the SE then re-judges the legality of the biometrics to be identified in the second security environment according to the biometric template.
  • FIG. 2 is a schematic flow chart of the biometric identification method in the second embodiment of this application; as shown in Figure 2, it includes the following steps:
  • the biological feature to be recognized is obtained by feature extraction on the collected biometric image.
  • the biological feature to be recognized participates in the recognition in step S101 and also participates in the recognition in step S102, for example, if If the biometric feature is recognized as a fingerprint feature, feature extraction can be performed on the fingerprint image collected based on the capacitive sensing principle to obtain the fingerprint feature.
  • the biological characteristic template data stored in the first security environment is specifically used to match the biological characteristic to be identified.
  • the biometric template data is encrypted and stored in the first security environment, and after decryption, it is matched with the biometric to be identified.
  • an AES (128-bit or 256-bit) encryption algorithm can be used to encrypt the biometric template data to generate a biometric encryption template.
  • the AES256 encryption algorithm is used, the AES256-CBC algorithm may be specifically used, and the AES128-CBC (encryption key is 128 bits) algorithm may also be used for encryption processing.
  • the encryption processing of the biometric template is preferably performed in the secure element SE, and the encryption key is stored in the secure element SE.
  • the result of the initial judgment indicates for the first time that the biometric to be identified is legal, which does not mean that the biometric to be identified is only recognized once in the first security environment.
  • a single press of the user on the biometrics acquisition module obtains multiple biometric sample images, feature extraction is performed on each biometric sample image to obtain the corresponding biological feature to be identified, and the multiple biometric sample images correspond to the The identification biometrics are matched with the biometric template respectively to perform multiple identifications of the biometrics to be identified. If the biometrics to be identified are identified as legal for at least once, then it is the first time that the biometrics to be identified are legal.
  • a single press of the user on the biometric collection module is collected to obtain a biometric sample image, and feature extraction is performed on the biometric sample image to obtain the biometric feature to be identified. If there are multiple biometric templates to be identified, the features to be identified are matched with multiple biometric templates to perform multiple identifications of the biometrics to be identified. If the biometrics to be identified are identified as legal at least once, then It is the first time that the biometric to be identified is legal.
  • the biometric template data stored in the second security environment is specifically used to match the biological characteristics to be recognized.
  • the biometric template data is encrypted and stored in the second security environment, and after decryption, it is matched with the biometric to be identified.
  • the same AES (128-bit or 256-bit) encryption algorithm as in step S101 can be used to encrypt the biometric template data to generate a biometric encryption template.
  • the process of encrypting the biometric template data can be after all the biometric template data is obtained, and some of the biometric template data can be encrypted and stored in the first security environment, and the other part of the biometric template data can be encrypted.
  • the characteristic template data is encrypted and stored in the second secure environment, that is, in the biometric registration stage, the biometric template data corresponding to the same biometric template is scattered and stored in the first secure environment and the second secure environment.
  • the selection of the biometric template data stored in the first security environment and the second security environment can be specifically considered from the perspective of the amount of data calculation when performing biometric identification. For example, if the first security environment can support a larger amount of data calculation compared to the second security environment, when performing biometric identification, the biometric template data that consumes more resources will be encrypted and stored in the first In a secure environment, the biometric template data that consumes less resources is encrypted and stored in the second secure environment. As mentioned above, if the first secure environment is the trusted execution environment TEE, and the second secure environment is the secure element SE, the biometric template data that needs to consume more resources will be encrypted and stored in the trusted execution environment TEE , The biometric template data that needs to consume less resources is encrypted and stored in the secure element SE.
  • the secure element SE is a hardware-level security environment, the possibility of being attacked is extremely low, and its data security protection level is higher than that of the trusted execution environment TEE. Therefore, on the one hand, it is stored in the chip-level security environment It is more difficult for the biometric template data in the storage area to be leaked. On the other hand, the biometrics to be identified are not easy to be tampered with, thereby ensuring the security of biometric identification.
  • biometric to be recognized in order to increase the accuracy of recognition, when the result of the judgment again shows that the biometric to be recognized is legal, it does not mean that the biometric to be recognized is only recognized once in the second security environment. In fact, it is also possible to perform multiple identifications of the biometrics to be identified in the second security environment. If the biometrics to be identified are identified as legal at least once, then it again indicates that the biometrics to be identified are legal.
  • a single press of the user on the biometrics acquisition module obtains multiple biometric sample images, feature extraction is performed on each biometric sample image to obtain the corresponding biological feature to be identified, and the multiple biometric sample images correspond to the The identification biometrics are matched with the biometric template respectively to perform multiple identifications of the biometrics to be identified. If the biometrics to be identified are identified as legal at least once, then the biometrics to be identified are again indicated as legal.
  • one press of the user on the biometric collection module is collected to obtain a biometric sample image, and feature extraction is performed on the biometric sample image to obtain the biometric feature to be identified. If there are multiple biometric templates to be identified, the features to be identified are matched with multiple biometric templates to perform multiple identifications of the biometrics to be identified. If the biometrics to be identified are identified as legal at least once, then Again, the biometrics to be identified are legal.
  • step S101 and step S102 since the recognition processing of the biological features to be recognized in step S101 and step S102 is relatively independent or also called double isolation recognition, that is, there will be no mutual influence between step S101 and step S102, and step S101 and step S102 There is no particular limitation on the execution timing between. For this reason, in step S103, double consideration is performed according to the result of the initial judgment obtained in step S101 and the result of second judgment obtained in step S102, so as to finally judge the to-be-identified Whether the biometric is legal.
  • the biological feature to be identified is judged to be legal; if the result of the initial judgment and the result of the second judgment are If at least one of the results indicates that the biological feature to be identified is illegal, it is finally determined that the biological feature to be identified is illegal. For example, if the biometric template data in the first security environment is illegally tampered with, or the biometric feature to be recognized recognized in the first security environment is illegally tampered with, the result of the initial judgment will indicate that the biometric feature to be recognized It is illegal, and for the second security environment, there will be similar situations.
  • the initial determination of the legality of the biometric to be identified in the first security environment is initiated in step S101, and the second security environment is initiated in step S102.
  • the legality of the biometrics to be identified is judged again.
  • Fig. 3 is a schematic flowchart of the biometric identification method in the third embodiment of this application; as shown in Fig. 3, it includes the following steps:
  • S201 Perform an initial judgment on the legality of the biological feature to be identified in the first security environment to generate a first identification result
  • step S201 is similar to step S101.
  • the biometric feature to be recognized in step S201 is the first biometric feature to be recognized by analyzing the biometric image in the first secure environment, in other words, in the first secure environment in step S201 Recognizing the first biological feature to be recognized generates a first recognition result.
  • step S202 determine for the first time whether the biological feature to be recognized is legal; if it is legal, perform step S203, otherwise, perform step S206;
  • the first secure environment is a trusted execution environment TEE
  • the second secure environment is a secure element SE. Because the security of the trusted execution environment TEE is less than that of the secure element SE Therefore, in order to further improve the timeliness and simplify the technical processing process, the first recognition result is used as the triggering condition for the subsequent biometric recognition to be recognized in the second security environment. Specifically, when the first recognition result indicates that the biometrics to be recognized are legal for the first time, the recognition of the biometrics to be recognized in the second security environment is started, which is different from the above-mentioned first embodiment.
  • the first recognition result indicates for the first time that the biometric to be recognized is legal
  • a single press of the user on the biometrics acquisition module obtains multiple biometric sample images, feature extraction is performed on each biometric sample image to obtain the corresponding biological feature to be identified, and the multiple biometric sample images correspond to the
  • the identification biometrics are matched with the biometric template respectively to perform multiple identifications of the biometrics to be identified, and the first identification result is generated according to the results of the multiple identifications; if the biometrics to be identified are identified as legal at least once, Then, the first recognition result in which the biological feature to be recognized is recognized as legal is finally generated.
  • a single press of the user on the biometric collection module is collected to obtain a biometric sample image, and feature extraction is performed on the biometric sample image to obtain the biometric feature to be identified. If there are multiple biometric templates to be judged, the features to be identified are matched with the multiple biometric templates to perform multiple identifications of the biological features to be identified, and the first identification result is generated according to the results of the multiple identifications; It is recognized that the biological feature is recognized as legal at least once, and then the first recognition result in which the biological feature to be recognized is recognized as legal is finally generated.
  • S203 Perform a second judgment on the legality of the biological feature to be identified in the second security environment to generate a second identification result
  • step S203 is based on the first identification result in step S201 indicating that the biometric to be identified is legal as a trigger condition.
  • the specific identification process is similar to step S102 in the first embodiment. For details, please refer to the above This is the first embodiment.
  • the biometric feature to be identified participating in the re-judgment in step S203 is the first biometric feature extracted from the collected biometric image.
  • the second biological feature to be recognized is equivalent to the second recognition result generated by recognizing the second biological feature to be recognized in the second security environment. It should be noted here that the biometric images are collected on the same part of the same user.
  • performing identification based on the second identification result in step S204 is equivalent to re-checking or confirming the result that was first determined to be legal in step S202.
  • the second security environment is the secure element SE
  • its security is higher than that of the trusted execution environment TEE as the first security environment. Therefore, it is equivalent to the step S202 through a higher security security environment.
  • the result that is judged as legal for the first time shall be re-checked or confirmed to further ensure the safety of the biometric identification process.
  • the recognition processing in the second security environment is based on the premise that the first recognition result indicates that the biometric to be recognized is legal for the first time, and it does not need to be executed again when the first recognition result indicates that the biometric to be recognized is illegal for the first time
  • the identification process performed in the second security environment therefore, compared with the first embodiment, the overall flow of biometric identification is optimized, which further improves the timeliness of identification.
  • the identification biometrics are matched with the biometric template to perform multiple identifications of the biometrics to be identified, and a second identification result is generated according to the results of the multiple identifications; if the biometrics to be identified are identified as legal at least once, Finally, a second recognition result in which the biological feature to be recognized is recognized as legal is generated.
  • one press of the user on the biometric collection module is collected to obtain a biometric sample image, and feature extraction is performed on the biometric sample image to obtain the biometric feature to be identified.
  • the features to be identified are matched with the multiple biometric templates to perform multiple identifications of the biological features to be identified, and the second identification result is generated according to the results of the multiple identifications; It is recognized that the biological feature is recognized as legal at least once, and the second recognition result in which the biological feature to be recognized is recognized as legal is finally generated.
  • S205 Determine that the biometric to be identified is legal, and feed back the determination result that the biometric to be identified is legal to the upper-level biometric application;
  • the first security environment can feed back the result of this determination to the upper-level feature; and if it is determined based on the first recognition result If the biological feature to be identified is legal, and based on the second identification result, it is determined that the biological feature to be identified is illegal, then the second security environment can feed back the result of this determination to the upper biometric application.
  • the security level of the second security environment is greater than that of the first security environment, it is equivalent to determining that the biometric to be recognized is legal based on the second recognition result, then the result of the re-determination can be considered accurate, or the above
  • the result of the initial determination is confirmed, which is equivalent to that the result of the second determination comes from a safer environment, that is, the second safe environment.
  • the determination result of the legality of the biometric to be identified is more reliable. Therefore, in this embodiment, when the second determination is made When the biometric to be identified is legal, it is preferable that the second security environment feeds back the result of re-determining the legality of the biometric to be identified to the upper biometric application, so as to ensure the safety of subsequent upper biometric applications.
  • the difference from the first embodiment above is that according to the identity verification request of the upper-level biometric application, the identification of the biometric to be identified in the first security environment is initiated to generate the first identification result; When the first recognition result determines that the biological feature to be recognized is legal for the first time, the recognition of the biological feature to be recognized in the second security environment is started to generate a second recognition result.
  • the electronic devices in the embodiments of this application exist in various forms, including but not limited to:
  • Mobile communication equipment This type of equipment is characterized by mobile communication functions, and its main goal is to provide voice and data communications.
  • Such terminals include: smart phones (such as iPhone), multimedia phones, functional phones, and low-end phones.
  • Ultra-mobile personal computer equipment This type of equipment belongs to the category of personal computers, has calculation and processing functions, and generally also has mobile Internet features.
  • Such terminals include: PDA, MID and UMPC devices, such as iPad.
  • Portable entertainment equipment This type of equipment can display and play multimedia content.
  • Such devices include: audio, video players (such as iPod), handheld game consoles, e-books, as well as smart toys and portable car navigation devices.
  • Server A device that provides computing services.
  • the composition of a server includes a processor 810, hard disk, memory, system bus, etc.
  • the server is similar to a general computer architecture, but because it needs to provide highly reliable services, it has High requirements in terms of performance, reliability, security, scalability, and manageability.
  • a programmable logic device Programmable Logic Device, PLD
  • FPGA Field Programmable Gate Array
  • HDL Hardware Description Language
  • ABEL Advanced Boolean Expression Language
  • AHDL Altera Hardware Description Language
  • HDCal JHDL
  • Lava Lava
  • Lola MyHDL
  • PALASM RHDL
  • VHDL Very-High-Speed Integrated Circuit Hardware Description Language
  • Verilog Verilog
  • the controller can be implemented in any suitable manner.
  • the controller can take the form of, for example, a microprocessor or a processor and a computer-readable medium storing computer-readable program codes (such as software or firmware) executable by the (micro)processor. , Logic gates, switches, application specific integrated circuits (ASICs), programmable logic controllers and embedded microcontrollers.
  • controllers include but are not limited to the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicon Labs C8051F320, the memory controller can also be implemented as a part of the memory control logic.
  • controller in addition to implementing the controller in a purely computer-readable program code manner, it is entirely possible to program the method steps to make the controller use logic gates, switches, application specific integrated circuits, programmable logic controllers and embedded The same function can be realized in the form of a microcontroller, etc. Therefore, such a controller can be regarded as a hardware component, and the devices included in it for implementing various functions can also be regarded as a structure within the hardware component. Or even, the device for realizing various functions can be regarded as both a software module for realizing the method and a structure within a hardware component.
  • a typical implementation device is a computer.
  • the computer may be, for example, a personal computer, a laptop computer, a cell phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or Any combination of these devices.
  • the embodiments of the present application can be provided as methods, systems, or computer program products. Therefore, the present application may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, this application may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.
  • a computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device.
  • the device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
  • These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment.
  • the instructions provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.
  • the computing device includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
  • processors CPU
  • input/output interfaces network interfaces
  • memory volatile and non-volatile memory
  • the memory may include non-permanent memory in computer readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
  • RAM random access memory
  • ROM read-only memory
  • flash RAM flash memory
  • Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology.
  • the information can be computer-readable instructions, data structures, program modules, or other data.
  • Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
  • this application can be provided as methods, systems, or computer program products. Therefore, this application may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, this application may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.
  • computer-usable storage media including but not limited to disk storage, CD-ROM, optical storage, etc.
  • This application may be described in the general context of computer-executable instructions executed by a computer, such as program modules.
  • program modules include routines, programs, objects, components, data structures, etc. that perform specific transactions or implement specific abstract data types.
  • This application can also be practiced in distributed computing environments. In these distributed computing environments, remote processing devices connected through a communication network execute transactions.
  • program modules can be located in local and remote computer storage media including storage devices.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Multimedia (AREA)
  • Human Computer Interaction (AREA)
  • Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Bioinformatics & Cheminformatics (AREA)
  • Bioinformatics & Computational Biology (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Evolutionary Biology (AREA)
  • Evolutionary Computation (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Collating Specific Patterns (AREA)

Abstract

A biological feature recognition method and an electronic device. The biological feature recognition method comprises: performing first determination, in a first security environment, on the validity of a biological feature to be recognized (S101); performing second determination on the validity of said biological feature in a second security environment (S102); and performing final determination on the validity of said biological feature according to the result of the first determination and the result of the second determination (S103). In view of the above, the biological feature recognition method reduces the resource requirements for biological feature recognition and improves the security of biological feature recognition.

Description

生物特征识别方法以及电子设备Biometric identification method and electronic equipment 技术领域Technical field
本申请实施例涉及生物特征识别技术领域,尤其涉及一种生物特征识别方法以及电子设备。The embodiments of the present application relate to the field of biometric identification technology, and in particular, to a biometric identification method and electronic equipment.
背景技术Background technique
由于人体的生物特征如指纹、掌纹、唇纹和虹膜等具有独一无二性,因此可用于身份验证等,以满足不同应用场景的安全、保密要求。如今生物特征识别技术在嵌入式终端设备中正在得到越来越广泛的应用,如手机解锁,门禁系统、移动支付和各种智能锁。Because the biological characteristics of the human body such as fingerprints, palm prints, lip prints and iris are unique, they can be used for identity verification to meet the security and confidentiality requirements of different application scenarios. Nowadays, biometric identification technology is being used more and more widely in embedded terminal equipment, such as mobile phone unlocking, access control system, mobile payment and various smart locks.
安全性是生物特征识别技术关注的重点之一,而安全性又受制于终端设备有限的资源如处理器的主频、内存空间大小,其中,尤其对于嵌入式终端设备来说得兼顾低功耗以及安全要求,因此,提供一种具有较高安全性的生物特征识别方案,成为亟待解决的技术问题。Security is one of the focuses of biometric identification technology, and security is restricted by the limited resources of terminal equipment, such as processor frequency and memory space. Among them, low power consumption is especially important for embedded terminal equipment. As well as security requirements, providing a biometric identification solution with higher security has become a technical problem to be solved urgently.
发明内容Summary of the invention
有鉴于此,本申请实施例提供的生物特征识别方法以及电子设备,用以至少解决现有技术中存在的上述问题。In view of this, the biometric identification method and electronic device provided by the embodiments of the present application are used to at least solve the above-mentioned problems in the prior art.
本申请实施例提供一种生物特征识别方法,其包括:The embodiment of the application provides a biometric identification method, which includes:
在第一安全环境中对待识别生物特征的合法性进行初次判断,以及在第二安全环境中对待识别生物特征的合法性进行再次判断;Make an initial judgment on the legality of the biological features to be identified in the first security environment, and make a second judgment on the legality of the biological features to be identified in the second security environment;
根据所述初次判断的结果和所述再次判断的结果,判断所述待识别生物特征是否合法。According to the result of the first judgment and the result of the second judgment, it is judged whether the biological feature to be identified is legal.
本申请实施例提供一种电子设备,其上配置有第一安全环境以及第二安全环境,在第一安全环境中对待识别生物特征的合法性进行初次判断,以及在第二安全环境中对待识别生物特征的合法性进行再次判断,以根据所述初次判断的结果和所述再次判断的结果,判断所述待识别生物特征是否合 法。The embodiment of the present application provides an electronic device configured with a first security environment and a second security environment, in the first security environment, the legality of the biological feature to be identified is first determined, and in the second security environment, the identification is to be performed The legality of the biological feature is judged again to determine whether the biological feature to be identified is legal based on the result of the initial judgment and the result of the second judgment.
可选地,在本申请的任一实施例中,根据所述初次判断的结果和所述再次判断的结果,判断所述待识别生物特征是否合法包括:Optionally, in any embodiment of the present application, judging whether the biological feature to be identified is legal based on the result of the initial judgment and the result of the second judgment includes:
若所述第一识别结果和所述第二识别结果均表明所述待识别生物特征合法,则判定所述待识别生物特征合法;或者,If the first recognition result and the second recognition result both indicate that the biometric feature to be recognized is legal, then it is determined that the biometric feature to be recognized is legal; or,
若所述第一识别结果和所述第二识别结果至少其一表明所述待识别生物特征非法,则判定所述待识别生物特征非法。If at least one of the first recognition result and the second recognition result indicates that the biological feature to be recognized is illegal, it is determined that the biological feature to be recognized is illegal.
可选地,在本申请的任一实施例中,若所述第一识别结果初次表明所述待识别生物特征合法,则启动在第二安全环境中对待识别生物特征进行识别以生成第二识别结果;否则,直接判定所述待识别生物特征非法。Optionally, in any embodiment of the present application, if the first recognition result indicates for the first time that the biological feature to be recognized is legal, then the recognition of the biological feature to be recognized in the second security environment is initiated to generate a second recognition Result; otherwise, it is directly determined that the biological feature to be identified is illegal.
可选地,在本申请的任一实施例中,在第一安全环境中对待识别生物特征进行识别时的数据计算量大于在第二安全环境中对所述待识别生物特征进行识别的数据计算量。Optionally, in any embodiment of the present application, the amount of data calculation when recognizing the biological feature to be identified in the first security environment is greater than the amount of data calculation when recognizing the biological feature to be recognized in the second security environment the amount.
可选地,在本申请的任一实施例中,对应于同一生物特征模板的生物特征模板数据分散存储在所述第一安全环境和第二安全环境中;对应地,Optionally, in any embodiment of the present application, the biometric template data corresponding to the same biometric template is scattered and stored in the first security environment and the second security environment; correspondingly,
在第一安全环境中对待识别生物特征的合法性进行初次判断包括:使用所述第一安全环境中存储的生物特征模板数据对待识别生物特征的合法性进行初次判断;Performing the initial judgment on the legality of the biological feature to be identified in the first security environment includes: using the biometric template data stored in the first security environment to make the initial judgment on the legality of the biological feature to be identified;
在第二安全环境中对待识别生物特征的合法性进行再次判断包括:使用所述第二安全环境中存储的生物特征模板数据对待识别生物特征的合法性进行再次判断。Re-judging the legitimacy of the biological feature to be identified in the second security environment includes: using the biometric template data stored in the second security environment to judge the legitimacy of the biological feature to be identified again.
可选地,在本申请的任一实施例中,还包括:对样本图像进行解析获得第一待识别生物特征,以在第一安全环境中对第一待识别生物特征进行识别生成第一识别结果。Optionally, in any embodiment of the present application, the method further includes: analyzing the sample image to obtain the first biological feature to be recognized, so as to recognize the first biological feature to be recognized in the first security environment to generate the first recognition result.
可选地,在本申请的任一实施例中,还包括:对样本图像进行解析获得第二待识别生物特征,以在第一安全环境中对第二待识别生物特征进行识别生成第二识别结果。Optionally, in any embodiment of the present application, the method further includes: analyzing the sample image to obtain the second biological feature to be recognized, so as to recognize the second biological feature to be recognized in the first security environment to generate a second recognition result.
可选地,在本申请的任一实施例中,所述第一安全环境的安全性小 于所述第二安全环境的安全性。Optionally, in any embodiment of the present application, the security of the first secure environment is less than the security of the second secure environment.
可选地,在本申请的任一实施例中,所述第一安全环境为可信执行环境或者富执行环境,所述第二安全环境为芯片级安全环境。Optionally, in any embodiment of the present application, the first security environment is a trusted execution environment or a rich execution environment, and the second security environment is a chip-level security environment.
可选地,在本申请的任一实施例中,还包括:根据上层生物特征应用的身份验证请求,启动在第一安全环境中对待识别生物特征进行识别以生成第一识别结果,和/或,启动在第二安全环境中对待识别生物特征进行识别以生成第二识别结果。Optionally, in any embodiment of the present application, it further includes: according to the identity verification request of the upper-level biometric application, initiating the identification of the biometric to be identified in the first security environment to generate the first identification result, and/or , Start to recognize the biological feature to be recognized in the second security environment to generate the second recognition result.
可选地,在本申请的任一实施例中,还包括:所述第一安全环境向所述上层生物特征应用返回所述第一识别结果;和/或,所述第二安全环境向所述上层生物特征应用返回所述第二识别结果。Optionally, in any embodiment of the present application, the method further includes: the first security environment returns the first recognition result to the upper-level biometric application; and/or, the second security environment reports the The upper-level biometric application returns the second recognition result.
由以上技术方案可见,本申请实施例中,通过在第一安全环境中对待识别生物特征的合法性进行初次判断;在第二安全环境中对待识别生物特征的合法性进行再次判断;根据所述初次判断的结果和所述再次判断的结果,判断所述待识别生物特征是否合法。由此可见,由于在第一安全环境和第二安全环境中分别进行对待识别生物特征进行识别,降低了生物特征识别所需的资源要求;另外,相当于对所述待识别生物特征是否合法进行双重判断,从而提高了生物特征识别的安全性。As can be seen from the above technical solutions, in the embodiments of the present application, the legality of the biometrics to be identified is judged for the first time in the first safe environment; the legality of the biometrics to be identified is judged again in the second safe environment; The result of the initial judgment and the result of the second judgment determine whether the biological feature to be identified is legal. It can be seen that, since the biometrics to be identified are recognized in the first security environment and the second security environment, the resource requirements for biometric identification are reduced; in addition, it is equivalent to whether the biometrics to be identified are legally performed. Double judgment, thereby improving the safety of biometric identification.
附图说明Description of the drawings
图1为本申请实施例一中应用生物特征识别的方案在电子设备上应用示意图;FIG. 1 is a schematic diagram of the application of the biometric identification scheme in the first embodiment of the application on electronic equipment;
图2为本申请实施例二中生物特征识别方法流程示意图;2 is a schematic diagram of the flow of the biometric identification method in the second embodiment of this application;
图3为本申请实施例三中生物特征识别方法流程示意图。FIG. 3 is a schematic flowchart of the biometric identification method in Embodiment 3 of this application.
具体实施方式Detailed ways
为使本领域的普通技术人员更好地理解本申请实施例中的技术方案,下面结合附图对本申请实施例中的技术方案进行清楚、完整地描述。显然,所描述的实施例仅是本申请的一部分实施例,而不是全部实施例。因此, 本领域普通技术人员基于所描述的实施例而获得的其他实施例,都应当属于本申请实施例保护的范围。In order to enable those of ordinary skill in the art to better understand the technical solutions in the embodiments of the present application, the technical solutions in the embodiments of the present application are described clearly and completely below in conjunction with the accompanying drawings. Obviously, the described embodiments are only a part of the embodiments of the present application, rather than all the embodiments. Therefore, other embodiments obtained by those of ordinary skill in the art based on the described embodiments should fall within the protection scope of the embodiments of the present application.
本申请下述实施例中,通过在第一安全环境中对待识别生物特征的合法性进行初次判断;在第二安全环境中对待识别生物特征的合法性进行再次判断;根据所述初次判断的结果和所述再次判断的结果,判断所述待识别生物特征是否合法。由此可见,由于在第一安全环境和第二安全环境中分别进行对待识别生物特征进行识别,降低了生物特征识别所需的资源要求;另外相当于对所述待识别生物特征是否合法进行双重判断,从而提高了生物特征识别的安全性。In the following embodiments of this application, the legality of the biometrics to be identified is judged for the first time in the first safe environment; the legality of the biometrics to be identified is judged again in the second safe environment; according to the result of the initial judgment And the result of the re-judgment, judging whether the biological feature to be identified is legal. It can be seen that, since the biometrics to be identified are recognized in the first security environment and the second security environment, the resource requirements for biometric identification are reduced; in addition, it is equivalent to double checking whether the biometrics to be identified are legal or not. Judgment, thereby improving the security of biometric identification.
下述实施例,以将本申请实施例的生物特征识别方案应用到嵌入式电子设备上为例进行说明,其上具体配置有第一安全环境以及第二安全环境,进一步地,所述第一安全环境为可信执行环境(Trusted Execution Environment,简称TEE)或富执行环境(Rich Execution Environment,简称REE),所述第二安全环境为芯片级安全环境例如安全元件(Secure Element,SE)。下述实施例中,具体以所述第一安全环境为可信执行环境TEE,以及所述第二安全环境为安全元件SE为例进行说明。但是,此处需要说明的是,所述第一安全环境和所述第二安全环境并不局限为此处所举例的几种特定的环境中,实际上只要可以达到降低生物特征识别所需的资源要求,以及可提高生物特征识别安全性的任意环境即可。In the following embodiments, the application of the biometric identification scheme of the embodiments of the present application to embedded electronic devices is used as an example for description, and the first security environment and the second security environment are specifically configured on them. Further, the first The security environment is a Trusted Execution Environment (TEE) or a Rich Execution Environment (REE), and the second security environment is a chip-level security environment such as a secure element (SE). In the following embodiments, the first security environment is a trusted execution environment TEE and the second security environment is a secure element SE as an example for description. However, it should be noted here that the first security environment and the second security environment are not limited to the specific environments exemplified here, as long as they can reduce the resources required for biometric identification. Requirements, and any environment that can improve the security of biometric identification.
另外,需要说明的是,下述实施例中的待识别生物特征可以是指纹特征、掌纹特征、唇纹特征和虹膜特征等任一具有身份属性的生物特征。In addition, it should be noted that the biological features to be identified in the following embodiments may be fingerprint features, palm print features, lip print features, iris features, and other biological features with identity attributes.
图1为本申请实施例一中应用生物特征识别的方案在电子设备上应用示意图;如图1所示,电子设备上配置有富执行环境REE、可信执行环境TEE、安全元件SE,富执行环境REE中可运行各类第三方身份认证应用程序,可信执行环境TEE中运行与第三方身份认证应用程序对应的生物特征识别可信应用(Trusted Application,简称TA),安全元件SE中同时运行与第三方身份认证应用程序对应的生物特征识别可信应用TA。其中,可信执行环境TEE中的生物特征识别可信应用TA用于控制在第一安全环境中根据生物特 征模板对待识别生物特征的合法性进行初次判断,以及在有必要的情况下启用安全元件SE上的生物特征识别可信应用TA从而在第二安全环境中根据所述生物特征模板对待识别生物特征的合法性进行再次判断。Figure 1 is a schematic diagram of the application of the biometric identification scheme in the first embodiment of the application on electronic equipment; as shown in Figure 1, the electronic equipment is equipped with rich execution environment REE, trusted execution environment TEE, secure element SE, rich execution The environment REE can run various third-party identity authentication applications, the trusted execution environment TEE runs the biometric authentication trusted application (Trusted Application, referred to as TA) corresponding to the third-party identity authentication application, and the secure element SE runs simultaneously A trusted application TA of biometrics corresponding to a third-party identity authentication application. Among them, the trusted application TA of biometrics in the trusted execution environment TEE is used to control the initial judgment of the legality of the biometrics to be identified according to the biometric template in the first secure environment, and to enable the secure element if necessary The biometric identification trusted application TA on the SE then re-judges the legality of the biometrics to be identified in the second security environment according to the biometric template.
图2为本申请实施例二中生物特征识别方法流程示意图;如图2所示,其包括如下步骤:Figure 2 is a schematic flow chart of the biometric identification method in the second embodiment of this application; as shown in Figure 2, it includes the following steps:
S101、在第一安全环境中对待识别生物特征的合法性进行初次判断;S101. Perform an initial judgment on the legality of the biological characteristics to be identified in the first security environment;
本实施例中,所述待识别生物特征通过对采集到的生物特征图像进行特征提取得到,所述待识别生物特征即参与步骤S101中的识别,又参与步骤S102中的识别,比如,如果待识别生物特征为指纹特征的话,则可以对基于电容感应原理采集到的指纹图像进行特征提取,以得到指纹特征。In this embodiment, the biological feature to be recognized is obtained by feature extraction on the collected biometric image. The biological feature to be recognized participates in the recognition in step S101 and also participates in the recognition in step S102, for example, if If the biometric feature is recognized as a fingerprint feature, feature extraction can be performed on the fingerprint image collected based on the capacitive sensing principle to obtain the fingerprint feature.
本实施例中,步骤S101中对待识别生物特征进行识别时,具体使用第一安全环境中存储的生物特征模板数据与待识别生物特征进行匹配。该生物特征模板数据经过加密存储在第一安全环境中,经过解密后与待识别生物特征进行匹配。In this embodiment, when recognizing the biological characteristic to be identified in step S101, the biological characteristic template data stored in the first security environment is specifically used to match the biological characteristic to be identified. The biometric template data is encrypted and stored in the first security environment, and after decryption, it is matched with the biometric to be identified.
具体地,在一具体应用场景中,对生物特征模板数据加密时,可以使用AES(128位或256位)加密算法对生物特征模板数据进行加密生成生物特征加密模板。示例性地,如果使用AES256加密算法的话,具体可采用AES256-CBC算法,还可采用AES128-CBC(加密密钥为128位)算法进行加密处理。此处,出于安全考虑,由于安全元件SE的安全性大于可行执行环境TEE,则对生物特征模板的加密处理优选在安全元件SE中执行,其加密密钥存储在安全元件SE中。Specifically, in a specific application scenario, when encrypting the biometric template data, an AES (128-bit or 256-bit) encryption algorithm can be used to encrypt the biometric template data to generate a biometric encryption template. Exemplarily, if the AES256 encryption algorithm is used, the AES256-CBC algorithm may be specifically used, and the AES128-CBC (encryption key is 128 bits) algorithm may also be used for encryption processing. Here, for security considerations, since the security of the secure element SE is greater than the feasible execution environment TEE, the encryption processing of the biometric template is preferably performed in the secure element SE, and the encryption key is stored in the secure element SE.
此处需要说明的是,在一应用场景中,为了增加识别的准确性,当初次判断的结果初次表明待识别生物特征合法,并非意味着在第一安全环境中对待识别生物特征只进行一次识别,实际上,也可以在第一安全环境中对待识别生物特征进行多次识别,如果所述待识别生物特征被识别为合法的次数至少为一次,则初次表明待识别生物特征合法。比如,对用户在生物特征采集模组上的一次按压采集得到多个生物特征样本图像,对每个生物特征样 本图像进行特征提取得到对应的待识别生物特征,多个生物特征样本图像对应的待识别生物特征与生物特征模板分别进行匹配,以对待识别生物特征进行多次识别,如果所述待识别生物特征被识别为合法次数至少为一次,则初次表明待识别生物特征合法。What needs to be explained here is that in an application scenario, in order to increase the accuracy of recognition, the result of the initial judgment indicates for the first time that the biometric to be identified is legal, which does not mean that the biometric to be identified is only recognized once in the first security environment. In fact, it is also possible to perform multiple identifications of the biological feature to be identified in the first security environment. If the number of times the biological feature to be identified is identified as legal is at least once, it is indicated for the first time that the biological feature to be identified is legal. For example, a single press of the user on the biometrics acquisition module obtains multiple biometric sample images, feature extraction is performed on each biometric sample image to obtain the corresponding biological feature to be identified, and the multiple biometric sample images correspond to the The identification biometrics are matched with the biometric template respectively to perform multiple identifications of the biometrics to be identified. If the biometrics to be identified are identified as legal for at least once, then it is the first time that the biometrics to be identified are legal.
可替代地,在另外一应用场景中,对用户在生物特征采集模组上的一次按压采集得到一个生物特征样本图像,对所述生物特征样本图像进行特征提取得到待识别生物特征,若参与初次判断的生物特征模板有多个,则待识别特征分别与多个生物特征模板进行匹配,以对待识别生物特征进行多次识别,如果所述待识别生物特征被识别为合法的至少为一次,则初次表明待识别生物特征合法。Alternatively, in another application scenario, a single press of the user on the biometric collection module is collected to obtain a biometric sample image, and feature extraction is performed on the biometric sample image to obtain the biometric feature to be identified. If there are multiple biometric templates to be identified, the features to be identified are matched with multiple biometric templates to perform multiple identifications of the biometrics to be identified. If the biometrics to be identified are identified as legal at least once, then It is the first time that the biometric to be identified is legal.
S102、在第二安全环境中对待识别生物特征的合法性进行再次判断;S102. Re-judge the legality of the biological characteristics to be identified in the second security environment;
本实施例中,步骤S102中对待识别生物特征进行识别时,具体使用第二安全环境中存储的生物特征模板数据与待识别生物特征进行匹配。该生物特征模板数据经过加密存储在第二安全环境中,经过解密后与待识别生物特征进行匹配。In this embodiment, when recognizing the biological characteristics to be recognized in step S102, the biometric template data stored in the second security environment is specifically used to match the biological characteristics to be recognized. The biometric template data is encrypted and stored in the second security environment, and after decryption, it is matched with the biometric to be identified.
具体地,在一具体应用场景中,对生物特征模板数据加密时,可以采用与上述步骤S101中相同的AES(128位或256位)加密算法对生物特征模板数据进行加密生成生物特征加密模板。Specifically, in a specific application scenario, when encrypting the biometric template data, the same AES (128-bit or 256-bit) encryption algorithm as in step S101 can be used to encrypt the biometric template data to generate a biometric encryption template.
此处,需要说明的是,对生物特征模板数据加密的处理,可以在得到所有生物特征模板数据之后,把其中一部分生物特征模板数据经过加密之后存储在第一安全环境中,而将另外一部分生物特征模板数据经过加密之后存储在第二安全环境中,即在生物特征注册阶段,将对应于同一生物特征模板的生物特征模板数据分散存储在所述第一安全环境和第二安全环境中。Here, it should be noted that the process of encrypting the biometric template data can be after all the biometric template data is obtained, and some of the biometric template data can be encrypted and stored in the first security environment, and the other part of the biometric template data can be encrypted. The characteristic template data is encrypted and stored in the second secure environment, that is, in the biometric registration stage, the biometric template data corresponding to the same biometric template is scattered and stored in the first secure environment and the second secure environment.
进一步地,存储在第一安全环境和第二安全环境中的生物特征模板数据的选择,具体可以从进行生物特征识别时数据计算量的角度去考量。比如,如果第一安全环境相对于第二安全环境来说,可以支撑较大的数据计算量,则在进行生物特征识别时,将消耗较大资源的生物特征模板数据经过加 密后存储在第一安全环境中,而将消耗较小资源的生物特征模板数据经过加密后存储在第二安全环境中。如前所述,如果第一安全环境为可信执行环境TEE,而第二安全环境为安全元件SE,则将需要消耗较大资源的生物特征模板数据经过加密后存储在可信执行环境TEE中,将需要消耗较小资源的生物特征模板数据经过加密后存储在安全元件SE中。换言之,相当于基于数据计算量大小将生物特征识别的过程拆分到第一安全环境和第二安全环境中进行;或者,又称之为,在第一安全环境中对待识别生物特征进行识别时的数据计算量大于在第二安全环境中对所述待识别生物特征进行识别的数据计算量。Further, the selection of the biometric template data stored in the first security environment and the second security environment can be specifically considered from the perspective of the amount of data calculation when performing biometric identification. For example, if the first security environment can support a larger amount of data calculation compared to the second security environment, when performing biometric identification, the biometric template data that consumes more resources will be encrypted and stored in the first In a secure environment, the biometric template data that consumes less resources is encrypted and stored in the second secure environment. As mentioned above, if the first secure environment is the trusted execution environment TEE, and the second secure environment is the secure element SE, the biometric template data that needs to consume more resources will be encrypted and stored in the trusted execution environment TEE , The biometric template data that needs to consume less resources is encrypted and stored in the secure element SE. In other words, it is equivalent to splitting the process of biometric identification into the first security environment and the second security environment based on the amount of data calculation; or, also known as, when identifying the biometric features to be identified in the first security environment The amount of data calculation is greater than the amount of data calculation for identifying the biological feature to be identified in the second security environment.
由于安全元件SE是一种硬件级别的安全环境,被攻击成功的可能性极低,其对数据的安全防护等级较可信执行环境TEE都要高,因此,一方面保存在该芯片级安全环境的储存区域中的生物特征模板数据被泄漏的难度较大,另外一方面,待识别生物特征也不容易被篡改,从而保证了生物特征识别的安全性。Since the secure element SE is a hardware-level security environment, the possibility of being attacked is extremely low, and its data security protection level is higher than that of the trusted execution environment TEE. Therefore, on the one hand, it is stored in the chip-level security environment It is more difficult for the biometric template data in the storage area to be leaked. On the other hand, the biometrics to be identified are not easy to be tampered with, thereby ensuring the security of biometric identification.
此处需要说明的是,在一应用场景中,为了增加识别的准确性,当再次判断的结果再次表明待识别生物特征合法,并非意味着在第二安全环境中对待识别生物特征只进行一次识别,实际上,也可以在第二安全环境中对待识别生物特征进行多次识别,如果所述待识别生物特征被识别为合法的次数至少为一次,则再次表明待识别生物特征合法。比如,对用户在生物特征采集模组上的一次按压采集得到多个生物特征样本图像,对每个生物特征样本图像进行特征提取得到对应的待识别生物特征,多个生物特征样本图像对应的待识别生物特征与生物特征模板分别进行匹配,以对待识别生物特征进行多次识别,如果所述待识别生物特征被识别为合法次数至少为一次,则再次表明待识别生物特征合法。What needs to be explained here is that in an application scenario, in order to increase the accuracy of recognition, when the result of the judgment again shows that the biometric to be recognized is legal, it does not mean that the biometric to be recognized is only recognized once in the second security environment. In fact, it is also possible to perform multiple identifications of the biometrics to be identified in the second security environment. If the biometrics to be identified are identified as legal at least once, then it again indicates that the biometrics to be identified are legal. For example, a single press of the user on the biometrics acquisition module obtains multiple biometric sample images, feature extraction is performed on each biometric sample image to obtain the corresponding biological feature to be identified, and the multiple biometric sample images correspond to the The identification biometrics are matched with the biometric template respectively to perform multiple identifications of the biometrics to be identified. If the biometrics to be identified are identified as legal at least once, then the biometrics to be identified are again indicated as legal.
可替代地,在另外一应用场景中,对用户在生物特征采集模组上的一次按压采集得到一个生物特征样本图像,对所述生物特征样本图像进行特征提取得到待识别生物特征,若参与再次判断的生物特征模板有多个,则待识别特征分别与多个生物特征模板进行匹配,以对待识别生物特征进行多次 识别,如果所述待识别生物特征被识别为合法的至少为一次,则再次表明待识别生物特征合法。Alternatively, in another application scenario, one press of the user on the biometric collection module is collected to obtain a biometric sample image, and feature extraction is performed on the biometric sample image to obtain the biometric feature to be identified. If there are multiple biometric templates to be identified, the features to be identified are matched with multiple biometric templates to perform multiple identifications of the biometrics to be identified. If the biometrics to be identified are identified as legal at least once, then Again, the biometrics to be identified are legal.
S103、根据所述初次判断的结果和所述再次判断的结果,最终判断所述待识别生物特征是否合法。S103: According to the result of the initial judgment and the result of the second judgment, finally judge whether the biological feature to be identified is legal.
本实施例中,由于步骤S101和步骤S102中对待识别生物特征的识别处理相对独立或者又称之双重隔离识别,即步骤S101之间和步骤S102之间不会相互影响,且步骤S101和步骤S102之间的执行时序并无特别限定,为此,在步骤S103中,根据执行步骤S101得到的初次判断的结果,以及执行步骤S102得到的再次判断的结果进行双重考量,从而最终判断所述待识别生物特征是否合法。In this embodiment, since the recognition processing of the biological features to be recognized in step S101 and step S102 is relatively independent or also called double isolation recognition, that is, there will be no mutual influence between step S101 and step S102, and step S101 and step S102 There is no particular limitation on the execution timing between. For this reason, in step S103, double consideration is performed according to the result of the initial judgment obtained in step S101 and the result of second judgment obtained in step S102, so as to finally judge the to-be-identified Whether the biometric is legal.
具体地,若所述初次判断的结果和所述再次判断的结果均表明所述待识别生物特征合法,则判定所述待识别生物特征合法;若所述初次判断的结果和所述再次判断的结果至少其一表明所述待识别生物特征非法,则最终判定所述待识别生物特征非法。比如,如果所述第一安全环境中的生物特征模板数据被非法篡改,或者在第一安全环境中被识别的待识别生物特征被非法篡改,都会造成初次判断的结果表明所述待识别生物特征非法,而对于所述第二安全环境来说,也会存在类似的情形,由此可见,通过上述的双重隔离识别,从而保证生物特征识别的安全性。另外,分别在所述第一安全环境和第二安全环境中进行所述待识别生物特征的识别,还有效地保证了生物特征识别的时效性。Specifically, if the result of the initial judgment and the result of the second judgment both indicate that the biological feature to be identified is legal, then the biological feature to be identified is judged to be legal; if the result of the initial judgment and the result of the second judgment are If at least one of the results indicates that the biological feature to be identified is illegal, it is finally determined that the biological feature to be identified is illegal. For example, if the biometric template data in the first security environment is illegally tampered with, or the biometric feature to be recognized recognized in the first security environment is illegally tampered with, the result of the initial judgment will indicate that the biometric feature to be recognized It is illegal, and for the second security environment, there will be similar situations. It can be seen that through the above-mentioned double isolation identification, the safety of biometric identification can be ensured. In addition, performing the identification of the biological characteristics to be identified in the first safe environment and the second safe environment, respectively, also effectively guarantees the timeliness of the biometric identification.
此处,需要说明的是,根据上层生物特征应用的身份验证请求,启动步骤S101中在第一安全环境中对待识别生物特征的合法性进行初次判断,以及启动步骤S102中在第二安全环境中对待识别生物特征的合法性进行再次判断。Here, it should be noted that, according to the identity verification request of the upper-level biometric application, the initial determination of the legality of the biometric to be identified in the first security environment is initiated in step S101, and the second security environment is initiated in step S102. The legality of the biometrics to be identified is judged again.
图3为本申请实施例三中生物特征识别方法流程示意图;如图3所示,其包括如下步骤:Fig. 3 is a schematic flowchart of the biometric identification method in the third embodiment of this application; as shown in Fig. 3, it includes the following steps:
S201、在第一安全环境中对待识别生物特征的合法性进行初次判断以生成第一识别结果;S201: Perform an initial judgment on the legality of the biological feature to be identified in the first security environment to generate a first identification result;
本实施例中,步骤S201类似步骤S101,详细请参见上述实施例一记载。但是,与上述实施例不同的是,步骤S201中的待识别生物特征是在第一安全环境中对生物特征图像进行解析获得第一待识别生物特征,换言之,在步骤S201中在第一安全环境中对第一待识别生物特征进行识别生成第一识别结果。In this embodiment, step S201 is similar to step S101. For details, please refer to the record in the first embodiment. However, unlike the above-mentioned embodiment, the biometric feature to be recognized in step S201 is the first biometric feature to be recognized by analyzing the biometric image in the first secure environment, in other words, in the first secure environment in step S201 Recognizing the first biological feature to be recognized generates a first recognition result.
S202、根据所述第一识别结果,初次判断所述待识别生物特征是否合法;若合法,则执行步骤S203,否则执行步骤S206;S202. According to the first recognition result, determine for the first time whether the biological feature to be recognized is legal; if it is legal, perform step S203, otherwise, perform step S206;
与上述实施例不同的是,如前所述,第一安全环境为可信执行环境TEE,而第二安全环境为安全元件SE,由于可信执行环境TEE的安全性小于安全元件SE的安全性,因此为了进一步提高时效性,简化技术处理过程,将所述第一识别结果作为后续在第二安全环境中进行待识别生物特征识别的是否启动的触发条件。具体地,当所述第一识别结果初次表明所述待识别生物特征合法时,才会启动在第二安全环境中进行待识别生物特征的识别,从而区别于上述实施例一中,在第二安全环境中进行待识别生物特征的识别和在第一安全环境中进行待识别生物特征的识别相互之间没有绝对的时序依赖关系。而当所述第一识别结果初次表明所述待识别生物特征非法时,则可直接判定所述待识别生物特征非法,而不再执行后续步骤S203。The difference from the above-mentioned embodiment is that, as mentioned above, the first secure environment is a trusted execution environment TEE, and the second secure environment is a secure element SE. Because the security of the trusted execution environment TEE is less than that of the secure element SE Therefore, in order to further improve the timeliness and simplify the technical processing process, the first recognition result is used as the triggering condition for the subsequent biometric recognition to be recognized in the second security environment. Specifically, when the first recognition result indicates that the biometrics to be recognized are legal for the first time, the recognition of the biometrics to be recognized in the second security environment is started, which is different from the above-mentioned first embodiment. There is no absolute time sequence dependency between the identification of the biological characteristics to be identified in the safe environment and the identification of the biological characteristics to be identified in the first safe environment. When the first recognition result indicates that the biological feature to be recognized is illegal for the first time, it can be directly determined that the biological feature to be recognized is illegal, and the subsequent step S203 is not executed.
此处需要说明的是,在一应用场景中,为了增加识别的准确性,当第一识别结果初次表明待识别生物特征合法,并非意味着在第一安全环境中对待识别生物特征只进行一次识别,实际上,也可以在第一安全环境中对待识别生物特征进行多次识别,根据该多次识别的结果生成第一识别结果。如果所述待识别生物特征被识别为合法的次数至少为一次,则最终生成所述待识别生物特征被识别为合法的第一识别结果。比如,对用户在生物特征采集模组上的一次按压采集得到多个生物特征样本图像,对每个生物特征样本图像进行特征提取得到对应的待识别生物特征,多个生物特征样本图像对应的待识别生物特征与生物特征模板分别进行匹配,以对待识别生物特征进行多次识别,根据该多次识别的结果生成第一识别结果;如果所述待识别生物特征被识别为合法的至少为一次,则最终生成所述待识别生物特征被识别为合 法的第一识别结果。It should be noted here that in an application scenario, in order to increase the accuracy of recognition, when the first recognition result indicates for the first time that the biometric to be recognized is legal, it does not mean that the biometric to be recognized is only recognized once in the first security environment. In fact, it is also possible to perform multiple identifications of the biological feature to be identified in the first security environment, and generate the first identification result according to the results of the multiple identifications. If the number of times the biological feature to be recognized is recognized as legal is at least once, the first recognition result in which the biological feature to be recognized is recognized as legal is finally generated. For example, a single press of the user on the biometrics acquisition module obtains multiple biometric sample images, feature extraction is performed on each biometric sample image to obtain the corresponding biological feature to be identified, and the multiple biometric sample images correspond to the The identification biometrics are matched with the biometric template respectively to perform multiple identifications of the biometrics to be identified, and the first identification result is generated according to the results of the multiple identifications; if the biometrics to be identified are identified as legal at least once, Then, the first recognition result in which the biological feature to be recognized is recognized as legal is finally generated.
可替代地,在另外一应用场景中,对用户在生物特征采集模组上的一次按压采集得到一个生物特征样本图像,对所述生物特征样本图像进行特征提取得到待识别生物特征,若参与初次判断的生物特征模板有多个,则待识别特征分别与多个生物特征模板进行匹配,以对待识别生物特征进行多次识别,根据该多次识别的结果生成第一识别结果;如果所述待识别生物特征被识别为合法的至少为一次,则最终生成所述待识别生物特征被识别为合法的第一识别结果。Alternatively, in another application scenario, a single press of the user on the biometric collection module is collected to obtain a biometric sample image, and feature extraction is performed on the biometric sample image to obtain the biometric feature to be identified. If there are multiple biometric templates to be judged, the features to be identified are matched with the multiple biometric templates to perform multiple identifications of the biological features to be identified, and the first identification result is generated according to the results of the multiple identifications; It is recognized that the biological feature is recognized as legal at least once, and then the first recognition result in which the biological feature to be recognized is recognized as legal is finally generated.
S203、在第二安全环境中对待识别生物特征的合法性进行再次判断以生成第二识别结果;S203: Perform a second judgment on the legality of the biological feature to be identified in the second security environment to generate a second identification result;
本实施例中,步骤S203的执行是以步骤S201中第一识别结果初次表明所述待识别生物特征合法为触发条件,其具体的识别过程类似上述实施例一中的步骤S102,详细请参见上述是实施例一。In this embodiment, the execution of step S203 is based on the first identification result in step S201 indicating that the biometric to be identified is legal as a trigger condition. The specific identification process is similar to step S102 in the first embodiment. For details, please refer to the above This is the first embodiment.
与上述实施例一不同的是,为了防止待识别生特征被篡改,本实施例中,在步骤S203中参与再次判断的待识别生物特征为重新对采集到的生物特征图像进行特征提取得到的第二待识别生物特征,相当于在第二安全环境中对第二待识别生物特征进行识别生成第二识别结果。此处需要说明的是,所述生物特征图像采集于同一用户同一部位的。The difference from the first embodiment above is that, in order to prevent the biometric feature to be identified from being tampered with, in this embodiment, the biometric feature to be identified participating in the re-judgment in step S203 is the first biometric feature extracted from the collected biometric image. The second biological feature to be recognized is equivalent to the second recognition result generated by recognizing the second biological feature to be recognized in the second security environment. It should be noted here that the biometric images are collected on the same part of the same user.
S204、根据所述第二识别结果,再次判断所述待识别生物特征是否合法,若合法,则执行步骤S205,否则执行步骤S206。S204. According to the second recognition result, judge again whether the biological feature to be recognized is legal, if legal, execute step S205, otherwise, execute step S206.
本实施例中,通过步骤S204根据第二识别结果进行识别,相当于对步骤S202中初次判定为合法的结果进行再次复核或者确认。实际上,由于第二安全环境为安全元件SE的话,由于其安全性高于作为第一安全环境的可信执行环境TEE,由此,相当于通过一个更高安全性的安全环境对对步骤S202中初次判定为合法的结果进行再次复核或者确认,从而进一步保证生物特征识别处理的安全性。另外,如前所述,在第二安全环境中进行的识别处理是以第一识别结果初次表明待识别生物特征合法为前提,而当第一识别结果初次表明待识别生物特征非法时而不用再执行在第二安全环境中进行的识别处 理,因此,与上述实施例一相比,对生物特征识别的整体流程进行了优化,进一步提高了识别的时效性。In this embodiment, performing identification based on the second identification result in step S204 is equivalent to re-checking or confirming the result that was first determined to be legal in step S202. In fact, since the second security environment is the secure element SE, its security is higher than that of the trusted execution environment TEE as the first security environment. Therefore, it is equivalent to the step S202 through a higher security security environment. The result that is judged as legal for the first time shall be re-checked or confirmed to further ensure the safety of the biometric identification process. In addition, as mentioned above, the recognition processing in the second security environment is based on the premise that the first recognition result indicates that the biometric to be recognized is legal for the first time, and it does not need to be executed again when the first recognition result indicates that the biometric to be recognized is illegal for the first time The identification process performed in the second security environment, therefore, compared with the first embodiment, the overall flow of biometric identification is optimized, which further improves the timeliness of identification.
此处需要说明的是,在一应用场景中,为了增加识别的准确性,当第二识别结果再次表明待识别生物特征合法,并非意味着在第二安全环境中对待识别生物特征只进行一次识别,实际上,也可以在第二安全环境中对待识别生物特征进行多次识别,根据该多次识别的结果生成第二识别结果。如果所述待识别生物特征被识别为合法的次数至少为一次,则最终生成所述待识别生物特征被识别为合法的第二识别结果。比如,对用户在生物特征采集模组上的一次按压采集得到多个生物特征样本图像,对每个生物特征样本图像进行特征提取得到对应的待识别生物特征,多个生物特征样本图像对应的待识别生物特征与生物特征模板分别进行匹配,以对待识别生物特征进行多次识别,根据该多次识别的结果生成第二识别结果;如果所述待识别生物特征被识别为合法的至少为一次,则最终生成所述待识别生物特征被识别为合法的第二识别结果。It should be noted here that in an application scenario, in order to increase the accuracy of recognition, when the second recognition result again shows that the biometric to be recognized is legal, it does not mean that the biometric to be recognized is only recognized once in the second security environment In fact, it is also possible to perform multiple identifications of the biological features to be identified in the second security environment, and generate the second identification result according to the results of the multiple identifications. If the number of times the biological feature to be recognized is recognized as legal is at least once, a second recognition result in which the biological feature to be recognized is recognized as legal is finally generated. For example, a single press of the user on the biometric acquisition module obtains multiple biometric sample images, and feature extraction is performed on each biometric sample image to obtain the corresponding biometric feature to be identified. The identification biometrics are matched with the biometric template to perform multiple identifications of the biometrics to be identified, and a second identification result is generated according to the results of the multiple identifications; if the biometrics to be identified are identified as legal at least once, Finally, a second recognition result in which the biological feature to be recognized is recognized as legal is generated.
可替代地,在另外一应用场景中,对用户在生物特征采集模组上的一次按压采集得到一个生物特征样本图像,对所述生物特征样本图像进行特征提取得到待识别生物特征,若参与再次判断的生物特征模板有多个,则待识别特征分别与多个生物特征模板进行匹配,以对待识别生物特征进行多次识别,根据该多次识别的结果生成第二识别结果;如果所述待识别生物特征被识别为合法的至少为一次,则最终生成所述待识别生物特征被识别为合法的第二识别结果。Alternatively, in another application scenario, one press of the user on the biometric collection module is collected to obtain a biometric sample image, and feature extraction is performed on the biometric sample image to obtain the biometric feature to be identified. If there are multiple biometric templates to be identified, the features to be identified are matched with the multiple biometric templates to perform multiple identifications of the biological features to be identified, and the second identification result is generated according to the results of the multiple identifications; It is recognized that the biological feature is recognized as legal at least once, and the second recognition result in which the biological feature to be recognized is recognized as legal is finally generated.
S205、判定所述待识别生物特征合法,并将所述待识别生物特征合法的判定结果反馈给上层生物特征应用;S205: Determine that the biometric to be identified is legal, and feed back the determination result that the biometric to be identified is legal to the upper-level biometric application;
S206、判定所述待识别生物特征非法,并将所述待识别生物特征非法的判定结果反馈给上层生物特征应用。S206. Determine that the biological feature to be identified is illegal, and feed back the judgment result that the biological feature to be identified is illegal to the upper-level biological feature application.
参见上述步骤S205、S206,如果根据第一识别结果,判定所述待识别生物特征非法,则可以由第一安全环境向上层特征用反馈此判定的结果;而如果在根据第一识别结果判定所述待识别生物特征合法,又根据第二识别 结果,判定所述待识别生物特征非法,则可以由第二安全环境向上层生物特征应用反馈此判定的结果。但是,考虑到第二安全环境的安全级别大于第一安全环境的级别,相当于如果根据第二识别结果再次判定所述待识别生物特征合法,则可认为该再次判定的结果准确,或者对上述初次判定的结果进行确认,相当于该再次判定的结果来自于更加安全的环境即第二安全环境,所述待识别生物特征合法的判定结果更加可靠,因此,本实施例中,当再次判定所述待识别生物特征合法时,优选由所述第二安全环境向上层生物特征应用反馈再次判定所述待识别生物特征合法的结果,从而保证了后续上层生物特征应用的安全性。Referring to the above steps S205 and S206, if the biological feature to be identified is determined to be illegal according to the first recognition result, the first security environment can feed back the result of this determination to the upper-level feature; and if it is determined based on the first recognition result If the biological feature to be identified is legal, and based on the second identification result, it is determined that the biological feature to be identified is illegal, then the second security environment can feed back the result of this determination to the upper biometric application. However, considering that the security level of the second security environment is greater than that of the first security environment, it is equivalent to determining that the biometric to be recognized is legal based on the second recognition result, then the result of the re-determination can be considered accurate, or the above The result of the initial determination is confirmed, which is equivalent to that the result of the second determination comes from a safer environment, that is, the second safe environment. The determination result of the legality of the biometric to be identified is more reliable. Therefore, in this embodiment, when the second determination is made When the biometric to be identified is legal, it is preferable that the second security environment feeds back the result of re-determining the legality of the biometric to be identified to the upper biometric application, so as to ensure the safety of subsequent upper biometric applications.
此处,需要说明的是,与上述实施例一不同的是,根据上层生物特征应用的身份验证请求,启动在第一安全环境中对待识别生物特征进行识别以生成第一识别结果;而在根据第一识别结果初次判定所述待识别生物特征合法时再启动在第二安全环境中对待识别生物特征进行识别以生成第二识别结果。Here, it should be noted that the difference from the first embodiment above is that according to the identity verification request of the upper-level biometric application, the identification of the biometric to be identified in the first security environment is initiated to generate the first identification result; When the first recognition result determines that the biological feature to be recognized is legal for the first time, the recognition of the biological feature to be recognized in the second security environment is started to generate a second recognition result.
上述产品可执行本申请实施例所提供的方法,具备执行方法相应的功能模块和有益效果。未在本实施例中详尽描述的技术细节,可参见本申请实施例所提供的方法。The above-mentioned products can execute the methods provided in the embodiments of the present application, and have functional modules and beneficial effects corresponding to the execution methods. For technical details not described in detail in this embodiment, please refer to the method provided in the embodiment of this application.
本申请实施例的电子设备以多种形式存在,包括但不限于:The electronic devices in the embodiments of this application exist in various forms, including but not limited to:
(1)移动通信设备:这类设备的特点是具备移动通信功能,并且以提供话音、数据通信为主要目标。这类终端包括:智能手机(例如iPhone)、多媒体手机、功能性手机,以及低端手机等。(1) Mobile communication equipment: This type of equipment is characterized by mobile communication functions, and its main goal is to provide voice and data communications. Such terminals include: smart phones (such as iPhone), multimedia phones, functional phones, and low-end phones.
(2)超移动个人计算机设备:这类设备属于个人计算机的范畴,有计算和处理功能,一般也具备移动上网特性。这类终端包括:PDA、MID和UMPC设备等,例如iPad。(2) Ultra-mobile personal computer equipment: This type of equipment belongs to the category of personal computers, has calculation and processing functions, and generally also has mobile Internet features. Such terminals include: PDA, MID and UMPC devices, such as iPad.
(3)便携式娱乐设备:这类设备可以显示和播放多媒体内容。该类设备包括:音频、视频播放器(例如iPod),掌上游戏机,电子书,以及智能玩具和便携式车载导航设备。(3) Portable entertainment equipment: This type of equipment can display and play multimedia content. Such devices include: audio, video players (such as iPod), handheld game consoles, e-books, as well as smart toys and portable car navigation devices.
(4)服务器:提供计算服务的设备,服务器的构成包括处理器810、硬 盘、内存、系统总线等,服务器和通用的计算机架构类似,但是由于需要提供高可靠的服务,因此在处理能力、稳定性、可靠性、安全性、可扩展性、可管理性等方面要求较高。(4) Server: A device that provides computing services. The composition of a server includes a processor 810, hard disk, memory, system bus, etc. The server is similar to a general computer architecture, but because it needs to provide highly reliable services, it has High requirements in terms of performance, reliability, security, scalability, and manageability.
(5)其他具有数据交互功能的电子装置。(5) Other electronic devices with data interaction functions.
至此,已经对本主题的特定实施例进行了描述。其它实施例在所附权利要求书的范围内。在一些情况下,在权利要求书中记载的动作可以按照不同的顺序来执行并且仍然可以实现期望的结果。另外,在附图中描绘的过程不一定要求示出的特定顺序或者连续顺序,以实现期望的结果。在某些实施方式中,多任务处理和并行处理可以是有利的。So far, specific embodiments of the subject matter have been described. Other embodiments are within the scope of the appended claims. In some cases, the actions recited in the claims can be performed in a different order and still achieve desired results. In addition, the processes depicted in the drawings do not necessarily require the specific order or sequential order shown in order to achieve the desired result. In certain embodiments, multitasking and parallel processing may be advantageous.
在20世纪90年代,对于一个技术的改进可以很明显地区分是硬件上的改进(例如,对二极管、晶体管、开关等电路结构的改进)还是软件上的改进(对于方法流程的改进)。然而,随着技术的发展,当今的很多方法流程的改进已经可以视为硬件电路结构的直接改进。设计人员几乎都通过将改进的方法流程编程到硬件电路中来得到相应的硬件电路结构。因此,不能说一个方法流程的改进就不能用硬件实体模块来实现。例如,可编程逻辑器件(Programmable Logic Device,PLD)(例如现场可编程门阵列(Field Programmable Gate Array,FPGA))就是这样一种集成电路,其逻辑功能由用户对器件编程来确定。由设计人员自行编程来把一个数字系统“集成”在一片PLD上,而不需要请芯片制造厂商来设计和制作专用的集成电路芯片。而且,如今,取代手工地制作集成电路芯片,这种编程也多半改用“逻辑编译器(logic compiler)”软件来实现,它与程序开发撰写时所用的软件编译器相类似,而要编译之前的原始代码也得用特定的编程语言来撰写,此称之为硬件描述语言(Hardware Description Language,HDL),而HDL也并非仅有一种,而是有许多种,如ABEL(Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL(Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby Hardware Description Language)等,目前最普遍使用的是VHDL(Very-High-Speed Integrated Circuit  Hardware Description Language)与Verilog。本领域技术人员也应该清楚,只需要将方法流程用上述几种硬件描述语言稍作逻辑编程并编程到集成电路中,就可以很容易得到实现该逻辑方法流程的硬件电路。In the 1990s, the improvement of a technology can be clearly distinguished between hardware improvements (for example, improvements in circuit structures such as diodes, transistors, switches, etc.) or software improvements (improvements in method flow). However, with the development of technology, the improvement of many methods and processes of today can be regarded as a direct improvement of the hardware circuit structure. Designers almost always get the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that the improvement of a method flow cannot be realized by hardware entity modules. For example, a programmable logic device (Programmable Logic Device, PLD) (such as a Field Programmable Gate Array (FPGA)) is such an integrated circuit whose logic function is determined by the user's programming of the device. It is programmed by the designer to "integrate" a digital system on a PLD without requiring the chip manufacturer to design and manufacture a dedicated integrated circuit chip. Moreover, nowadays, instead of manually making integrated circuit chips, this kind of programming is mostly realized by "logic compiler" software, which is similar to the software compiler used in program development and writing. The original code must also be written in a specific programming language, which is called Hardware Description Language (HDL), and there is not only one type of HDL, but many types, such as ABEL (Advanced Boolean Expression Language) , AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, RHDL (Ruby Hardware Description), etc., currently most commonly used It is VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog. It should also be clear to those skilled in the art that just a little bit of logic programming of the method flow in the above-mentioned hardware description languages and programming into an integrated circuit, the hardware circuit that implements the logic method flow can be easily obtained.
控制器可以按任何适当的方式实现,例如,控制器可以采取例如微处理器或处理器以及存储可由该(微)处理器执行的计算机可读程序代码(例如软件或固件)的计算机可读介质、逻辑门、开关、专用集成电路(Application Specific Integrated Circuit,ASIC)、可编程逻辑控制器和嵌入微控制器的形式,控制器的例子包括但不限于以下微控制器:ARC 625D、Atmel AT91SAM、Microchip PIC18F26K20以及Silicone Labs C8051F320,存储器控制器还可以被实现为存储器的控制逻辑的一部分。本领域技术人员也知道,除了以纯计算机可读程序代码方式实现控制器以外,完全可以通过将方法步骤进行逻辑编程来使得控制器以逻辑门、开关、专用集成电路、可编程逻辑控制器和嵌入微控制器等的形式来实现相同功能。因此这种控制器可以被认为是一种硬件部件,而对其内包括的用于实现各种功能的装置也可以视为硬件部件内的结构。或者甚至,可以将用于实现各种功能的装置视为既可以是实现方法的软件模块又可以是硬件部件内的结构。The controller can be implemented in any suitable manner. For example, the controller can take the form of, for example, a microprocessor or a processor and a computer-readable medium storing computer-readable program codes (such as software or firmware) executable by the (micro)processor. , Logic gates, switches, application specific integrated circuits (ASICs), programmable logic controllers and embedded microcontrollers. Examples of controllers include but are not limited to the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20 and Silicon Labs C8051F320, the memory controller can also be implemented as a part of the memory control logic. Those skilled in the art also know that in addition to implementing the controller in a purely computer-readable program code manner, it is entirely possible to program the method steps to make the controller use logic gates, switches, application specific integrated circuits, programmable logic controllers and embedded The same function can be realized in the form of a microcontroller, etc. Therefore, such a controller can be regarded as a hardware component, and the devices included in it for implementing various functions can also be regarded as a structure within the hardware component. Or even, the device for realizing various functions can be regarded as both a software module for realizing the method and a structure within a hardware component.
上述实施例阐明的系统、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为计算机。具体的,计算机例如可以为个人计算机、膝上型计算机、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任何设备的组合。The systems, devices, modules, or units illustrated in the above embodiments may be specifically implemented by computer chips or entities, or implemented by products with certain functions. A typical implementation device is a computer. Specifically, the computer may be, for example, a personal computer, a laptop computer, a cell phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or Any combination of these devices.
为了描述的方便,描述以上装置时以功能分为各种单元分别描述。当然,在实施本申请时可以把各单元的功能在同一个或多个软件和/或硬件中实现。For the convenience of description, when describing the above device, the functions are divided into various units and described separately. Of course, when implementing this application, the functions of each unit can be implemented in the same one or more software and/or hardware.
本领域内的技术人员应明白,本申请的实施例可提供为方法、系统、或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个 其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present application can be provided as methods, systems, or computer program products. Therefore, the present application may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, this application may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.
本申请是参照根据本申请实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。This application is described with reference to flowcharts and/or block diagrams of methods, equipment (systems), and computer program products according to the embodiments of this application. It should be understood that each process and/or block in the flowchart and/or block diagram, and the combination of processes and/or blocks in the flowchart and/or block diagram can be implemented by computer program instructions. These computer program instructions can be provided to the processor of a general-purpose computer, a special-purpose computer, an embedded processor, or other programmable data processing equipment to generate a machine, so that the instructions executed by the processor of the computer or other programmable data processing equipment are generated It is a device that realizes the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions can also be stored in a computer-readable memory that can guide a computer or other programmable data processing equipment to work in a specific manner, so that the instructions stored in the computer-readable memory produce an article of manufacture including the instruction device. The device implements the functions specified in one process or multiple processes in the flowchart and/or one block or multiple blocks in the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions can also be loaded on a computer or other programmable data processing equipment, so that a series of operation steps are executed on the computer or other programmable equipment to produce computer-implemented processing, so as to execute on the computer or other programmable equipment. The instructions provide steps for implementing functions specified in a flow or multiple flows in the flowchart and/or a block or multiple blocks in the block diagram.
在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, the computing device includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。The memory may include non-permanent memory in computer readable media, random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of computer readable media.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、 其他类型的随机存取存储器(RAM)、只读存储器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer-readable media include permanent and non-permanent, removable and non-removable media, and information storage can be realized by any method or technology. The information can be computer-readable instructions, data structures, program modules, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, digital versatile disc (DVD) or other optical storage, Magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices or any other non-transmission media can be used to store information that can be accessed by computing devices. According to the definition in this article, computer-readable media does not include transitory media, such as modulated data signals and carrier waves.
还需要说明的是,术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、商品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、商品或者设备所固有的要素。在没有更多限制的情况下,由语句“包括一个……”限定的要素,并不排除在包括所述要素的过程、方法、商品或者设备中还存在另外的相同要素。It should also be noted that the terms "include", "include" or any other variants thereof are intended to cover non-exclusive inclusion, so that a process, method, product or equipment including a series of elements not only includes those elements, but also includes Other elements that are not explicitly listed, or include elements inherent to this process, method, commodity, or equipment. If there are no more restrictions, the element defined by the sentence "including a..." does not exclude the existence of other identical elements in the process, method, commodity, or equipment that includes the element.
本领域技术人员应明白,本申请的实施例可提供为方法、系统或计算机程序产品。因此,本申请可采用完全硬件实施例、完全软件实施例或结合软件和硬件方面的实施例的形式。而且,本申请可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present application can be provided as methods, systems, or computer program products. Therefore, this application may adopt the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, this application may adopt the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program codes.
本申请可以在由计算机执行的计算机可执行指令的一般上下文中描述,例如程序模块。一般地,程序模块包括执行特定事务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本申请,在这些分布式计算环境中,由通过通信网络而被连接的远程处理设备来执行事务。在分布式计算环境中,程序模块可以位于包括存储设备在内的本地和远程计算机存储介质中。This application may be described in the general context of computer-executable instructions executed by a computer, such as program modules. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform specific transactions or implement specific abstract data types. This application can also be practiced in distributed computing environments. In these distributed computing environments, remote processing devices connected through a communication network execute transactions. In a distributed computing environment, program modules can be located in local and remote computer storage media including storage devices.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于系统实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。The various embodiments in this specification are described in a progressive manner, and the same or similar parts between the various embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, as for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for related parts, please refer to the part of the description of the method embodiment.
以上所述仅为本申请的实施例而已,并不用于限制本申请。对 于本领域技术人员来说,本申请可以有各种更改和变化。凡在本申请的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在本申请的权利要求范围之内。The above descriptions are only examples of this application and are not used to limit this application. For those skilled in the art, this application can have various modifications and changes. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of this application shall be included in the scope of the claims of this application.

Claims (16)

  1. 一种生物特征识别方法,其特征在于,包括:A biometric identification method, characterized in that it comprises:
    在第一安全环境中对待识别生物特征的合法性进行初次判断,以及在第二安全环境中对待识别生物特征的合法性进行再次判断;Make an initial judgment on the legality of the biological features to be identified in the first security environment, and make a second judgment on the legality of the biological features to be identified in the second security environment;
    根据所述初次判断的结果和所述再次判断的结果,最终判断所述待识别生物特征是否合法。According to the result of the initial judgment and the result of the second judgment, it is finally judged whether the biological feature to be identified is legal.
  2. 根据权利要求1所述的方法,其特征在于,根据所述初次判断的结果和所述再次判断的结果,最终判断所述待识别生物特征是否合法包括:The method according to claim 1, wherein, according to the result of the initial judgment and the result of the second judgment, finally judging whether the biological feature to be identified is legal comprises:
    若所述初次判断的结果和所述再次判断的结果均表明所述待识别生物特征合法,则判定所述待识别生物特征合法;或者,If the result of the initial judgment and the result of the second judgment both show that the biological feature to be identified is legal, then it is judged that the biological feature to be identified is legal; or,
    若所述初次判断的结果和所述再次判断的结果至少其一表明所述待识别生物特征非法,则判定所述待识别生物特征非法。If at least one of the result of the initial judgment and the result of the second judgment indicates that the biological feature to be identified is illegal, it is determined that the biological feature to be identified is illegal.
  3. 根据权利要求2所述的方法,其特征在于,若所述初次判断的结果初次表明所述待识别生物特征合法,则启动在第二安全环境中对待识别生物特征的合法性进行再次判断;否则,直接判定所述待识别生物特征非法。The method according to claim 2, characterized in that, if the result of the initial judgment indicates that the biological feature to be identified is legal for the first time, then start to judge the legality of the biological feature to be identified in the second security environment; otherwise; , Directly determine that the biological feature to be identified is illegal.
  4. 根据权利要求1所述的方法,其特征在于,在第一安全环境中对待识别生物特征的合法性进行初次判断时的数据计算量大于在第二安全环境中对所述待识别生物特征的合法性进行再次判断时的数据计算量。The method according to claim 1, characterized in that the amount of data calculation for the initial determination of the legality of the biological feature to be identified in the first security environment is greater than that of the legality of the biological feature to be identified in the second security environment. The amount of data calculation for re-judgment.
  5. 根据权利要求1所述的方法,其特征在于,对应于同一生物特征模板的生物特征模板数据分散存储在所述第一安全环境和第二安全环境中;对应地,The method according to claim 1, wherein the biometric template data corresponding to the same biometric template is stored in the first security environment and the second security environment; correspondingly,
    在第一安全环境中对待识别生物特征的合法性进行初次判断包括:使用所述第一安全环境中存储的生物特征模板数据对待识别生物特征的合法性进行初次判断;Performing the initial judgment on the legality of the biological feature to be identified in the first security environment includes: using the biometric template data stored in the first security environment to make the initial judgment on the legality of the biological feature to be identified;
    在第二安全环境中对待识别生物特征的合法性进行再次判断包括:使用所述第二安全环境中存储的生物特征模板数据对待识别生物特征的合法性进行再次判断。Re-judging the legitimacy of the biological feature to be identified in the second security environment includes: using the biometric template data stored in the second security environment to judge the legitimacy of the biological feature to be identified again.
  6. 根据权利要求1所述的方法,其特征在于,还包括:对样本图像进行 解析获得第一待识别生物特征,以在第一安全环境中对第一待识别生物特征的合法性进行初次判断。The method according to claim 1, further comprising: analyzing the sample image to obtain the first biological feature to be identified, so as to make an initial judgment on the legality of the first biological feature to be identified in the first security environment.
  7. 根据权利要求6所述的方法,其特征在于,还包括:对样本图像进行解析获得第二待识别生物特征,以在第二安全环境中对第二待识别生物特征的合法性进行再次判断。The method according to claim 6, further comprising: analyzing the sample image to obtain the second biological feature to be identified, so as to judge the legality of the second biological feature to be identified in the second security environment.
  8. 根据权利要求1-7任一项所述的方法,其特征在于,所述第一安全环境的安全性小于所述第二安全环境的安全性。The method according to any one of claims 1-7, wherein the security of the first security environment is less than the security of the second security environment.
  9. 根据权利要求8所述的方法,其特征在于,所述第一安全环境为可信执行环境或者富执行环境,所述第二安全环境为芯片级安全环境。The method according to claim 8, wherein the first security environment is a trusted execution environment or a rich execution environment, and the second security environment is a chip-level security environment.
  10. 根据权利要求1-9任一项所述的方法,其特征在于,还包括:根据上层生物特征应用的身份验证请求,启动在第一安全环境中对待识别生物特征的合法性进行初次判断,和/或,启动在第二安全环境中对待识别生物特征的合法性进行再次判断。The method according to any one of claims 1-9, further comprising: initiating an initial judgment on the legality of the biometric to be identified in the first security environment according to the identity verification request of the upper-level biometric application, and /Or, initiate another judgment on the legality of the biological feature to be identified in the second security environment.
  11. 根据权利要求11所述的方法,其特征在于,还包括:所述第一安全环境向所述上层生物特征应用返回所述第一识别结果;和/或,所述第二安全环境向所述上层生物特征应用返回所述第二识别结果。The method according to claim 11, further comprising: the first security environment returns the first recognition result to the upper biometric application; and/or, the second security environment reports the The upper biometric application returns the second recognition result.
  12. 一种电子设备,其特征在于,其上配置有第一安全环境以及第二安全环境,在所述第一安全环境中对待识别生物特征的合法性进行初次判断,以及在所述第二安全环境中对待识别生物特征的合法性进行再次判断,以根据所述初次判断的结果和所述再次判断的结果,最终判断所述待识别生物特征是否合法。An electronic device, characterized in that it is configured with a first security environment and a second security environment, in the first security environment to make an initial judgment on the legality of the biological feature to be identified, and in the second security environment The legality of the biological feature to be identified is judged again in order to finally judge whether the biological feature to be identified is legal according to the result of the initial judgment and the result of the second judgment.
  13. 根据权利要求12所述的电子设备,其特征在于,在所述第一安全环境中对待识别生物特征的合法性进行初次判断时的数据计算量大于在所述第二安全环境中对所述待识别生物特征的合法性进行再次判断时的数据计算量。The electronic device according to claim 12, wherein the amount of data calculation for the initial determination of the legality of the biological feature to be identified in the first security environment is greater than that of the biological feature to be identified in the second security environment. The amount of data calculation when re-judging the legitimacy of biometrics.
  14. 根据权利要求12所述的电子设备,其特征在于,对应于同一生物特征模板的生物特征模板数据分散存储在所述第一安全环境和第二安全环境中。The electronic device according to claim 12, wherein the biometric template data corresponding to the same biometric template is stored in the first security environment and the second security environment in a dispersed manner.
  15. 根据权利要求12-14任一项所述的电子设备,其特征在于,所述第一安全环境的安全性小于所述第二安全环境的安全性。The electronic device according to any one of claims 12-14, wherein the security of the first secure environment is less than the security of the second secure environment.
  16. 根据权利要求15所述的电子设备,其特征在于,所述第一安全环境为可信执行环境或者富执行环境,所述第二安全环境为芯片级安全环境。The electronic device according to claim 15, wherein the first security environment is a trusted execution environment or a rich execution environment, and the second security environment is a chip-level security environment.
PCT/CN2019/085036 2019-04-29 2019-04-29 Biological feature recognition method and electronic device WO2020220213A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2019/085036 WO2020220213A1 (en) 2019-04-29 2019-04-29 Biological feature recognition method and electronic device
CN201980000671.9A CN110235141B (en) 2019-04-29 2019-04-29 Biometric feature recognition method and electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2019/085036 WO2020220213A1 (en) 2019-04-29 2019-04-29 Biological feature recognition method and electronic device

Publications (1)

Publication Number Publication Date
WO2020220213A1 true WO2020220213A1 (en) 2020-11-05

Family

ID=67855279

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2019/085036 WO2020220213A1 (en) 2019-04-29 2019-04-29 Biological feature recognition method and electronic device

Country Status (2)

Country Link
CN (1) CN110235141B (en)
WO (1) WO2020220213A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112380514A (en) * 2020-11-13 2021-02-19 支付宝(杭州)信息技术有限公司 Biological identification security situation prediction method and device and electronic equipment

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111177687A (en) * 2019-12-25 2020-05-19 北京迈格威科技有限公司 Image unlocking method, device, equipment and storage medium
CN113869088A (en) * 2020-06-30 2021-12-31 虹软科技股份有限公司 Biological feature recognition method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130216106A1 (en) * 2010-11-08 2013-08-22 Nec Corporation Image matching device
CN105930832A (en) * 2016-05-18 2016-09-07 成都芯软科技发展有限公司 Identity recognition system and method
CN109614844A (en) * 2018-10-16 2019-04-12 阿里巴巴集团控股有限公司 A kind of link verification method, device and equipment

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101165704B (en) * 2006-10-20 2010-07-14 西安紫牛信息技术有限公司 Composite fingerprint template matching method
CN104281836B (en) * 2014-09-12 2019-01-15 东北大学 A kind of living creature characteristic recognition system and method
CN105354466B (en) * 2015-10-26 2017-03-29 维沃移动通信有限公司 A kind of fingerprint identification method and mobile terminal
CN106815510B (en) * 2017-01-18 2020-08-07 珠海市魅族科技有限公司 Data processing method and terminal
CN106897595B (en) * 2017-01-20 2020-04-03 北京安云世纪科技有限公司 Mobile terminal

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130216106A1 (en) * 2010-11-08 2013-08-22 Nec Corporation Image matching device
CN105930832A (en) * 2016-05-18 2016-09-07 成都芯软科技发展有限公司 Identity recognition system and method
CN109614844A (en) * 2018-10-16 2019-04-12 阿里巴巴集团控股有限公司 A kind of link verification method, device and equipment

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112380514A (en) * 2020-11-13 2021-02-19 支付宝(杭州)信息技术有限公司 Biological identification security situation prediction method and device and electronic equipment

Also Published As

Publication number Publication date
CN110235141B (en) 2022-08-05
CN110235141A (en) 2019-09-13

Similar Documents

Publication Publication Date Title
WO2021068636A1 (en) Block chain-based creation method, apparatus, device and system for verifiable claim
US10681042B2 (en) Gesture-based signature authentication
JP6790270B2 (en) Blockchain-based data processing methods and devices
EP3780541B1 (en) Identity information identification method and device
US10073985B2 (en) Apparatus and method for trusted execution environment file protection
WO2019095864A1 (en) Service authorization method, apparatus and device
WO2020220212A1 (en) Biological feature recognition method and electronic device
US9659164B2 (en) Method and apparatus for using a multi-factor password or a dynamic password for enhanced security on a device
US10846696B2 (en) Apparatus and method for trusted execution environment based secure payment transactions
WO2020220213A1 (en) Biological feature recognition method and electronic device
WO2021238956A1 (en) Identity verification method, apparatus and device based on privacy protection
WO2017215532A1 (en) Biological characteristic recognition device and method and biological characteristic template registration method
US9639839B2 (en) Fingerprint recognition control methods for payment and non-payment applications
US11283614B2 (en) Information verification method, apparatus, and device
WO2019165875A1 (en) Transaction processing method, server, client, and system
KR102375973B1 (en) Security server using case based reasoning engine and storage medium for installing security function
WO2022199475A1 (en) Data risk prevention and control method, apparatus and device based on privacy protection
TW201734877A (en) Method and device for concealing user information contained in application
US20170332231A1 (en) Non-decryptable data encryption technique for a scalable data-related operation
CN106301784B (en) Data acquisition method and terminal
CN108111501B (en) Control method and device for cheating flow and computer equipment
US8407487B2 (en) Electronic device and method for security monitoring thereof
CN111989693A (en) Biometric identification method and device
JP2024060344A (en) Authentication system and authentication method
CN113946260A (en) Data processing method, device and equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 19927260

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 19927260

Country of ref document: EP

Kind code of ref document: A1