WO2022237550A1 - Access control authentication method, apparatus and system for preventing privacy leak - Google Patents

Access control authentication method, apparatus and system for preventing privacy leak Download PDF

Info

Publication number
WO2022237550A1
WO2022237550A1 PCT/CN2022/089773 CN2022089773W WO2022237550A1 WO 2022237550 A1 WO2022237550 A1 WO 2022237550A1 CN 2022089773 W CN2022089773 W CN 2022089773W WO 2022237550 A1 WO2022237550 A1 WO 2022237550A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
user
verified
access control
verification algorithm
Prior art date
Application number
PCT/CN2022/089773
Other languages
French (fr)
Chinese (zh)
Inventor
李东声
Original Assignee
天地融科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN202110513328.3A external-priority patent/CN115331344A/en
Priority claimed from CN202110513327.9A external-priority patent/CN115329300A/en
Application filed by 天地融科技股份有限公司 filed Critical 天地融科技股份有限公司
Publication of WO2022237550A1 publication Critical patent/WO2022237550A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition

Definitions

  • the present disclosure relates to the field of electronic technology, and in particular to an access control authentication method, device and system for preventing privacy leakage, and an offline privacy leakage prevention authentication method and system.
  • biometric features such as face and fingerprint can be used for access control verification. After the verification is passed, the door can be opened for the guest.
  • biometric identity verification brings convenience to people, it also increases the risk of biometric privacy leakage, which has aroused people's concerns about privacy violations.
  • the background server of the hotel generally collects the biometric information of the user as a backup and saves it for subsequent comparison.
  • the hotel front-end terminal collects the biometric information on site, and sends it to the back-end server for comparison with the retained backup biometric information.
  • both the hotel front-end terminal and the back-end server can retain the biometric information, and Biometric information may also be intercepted during transmission, so it is easy to cause the risk of biometric information leakage.
  • the present disclosure aims to solve one of the above-mentioned problems.
  • the main purpose of the present disclosure is to provide an access control authentication method that prevents privacy leakage.
  • Another object of the present disclosure is to provide an access control authentication device that prevents privacy leakage.
  • Another object of the present disclosure is to provide an access control authentication system that prevents privacy leakage.
  • Another object of the present disclosure is to provide an offline privacy leakage prevention authentication method.
  • Another object of the present disclosure is to provide an offline privacy leakage prevention authentication system.
  • the present disclosure provides an access control authentication method for preventing privacy leakage, including: the authentication access control obtains a user ID from a security device held by a resident user, and determines whether the user ID is the access ID corresponding to the authentication access control; If so, the authentication access control collects the first biometric information to be verified of the check-in user; the authentication access control obtains the first user characteristic information obtained by calculating the first user biometric information from the security device; The authentication access control obtains a first verification algorithm, and uses the first verification algorithm to calculate the first biometric information to be verified to obtain the first characteristic information to be verified; the authentication access control compares the first verification information locally The feature information is compared with the first user feature information, and after the comparison is consistent, it is determined that the authentication is passed, the door is opened, and the locally stored first biometric identification information to be verified is deleted.
  • an access control authentication device for preventing privacy leakage, including: a judging module, configured to obtain a user ID from a security device held by an occupant, and judge whether the user ID corresponds to the authentication access control Access ID; if yes, trigger the collection module to collect the first biometric information to be verified of the user; the collection module is used to collect the first biometric information to be verified of the user; the acquisition module uses Obtaining the first user characteristic information obtained by calculating the first user's biometric information from the security device; the calculation module is configured to obtain a first verification algorithm, and use the first verification algorithm to perform the first verification on the first user to be verified.
  • the biometric information is calculated to obtain the first feature information to be verified; the processing module is used to locally compare the first feature information to be verified with the first user feature information, and determine that the authentication is passed after the comparison is consistent, Execute the door opening operation, and delete the biometric information to be verified locally stored.
  • an access control authentication system for preventing privacy leakage, including: the above-mentioned access control device for preventing privacy leakage and a security device, wherein: the security device is used to send the authentication access control User ID: the security device is further configured to send the first user characteristic information obtained by calculating the first user biometric information to the authentication access control.
  • an access control authentication system for preventing privacy leakage, including: the above-mentioned access control device for preventing privacy leakage and a front desk terminal, wherein: the front desk terminal is used to obtain the ID of the user staying in, and The ID is used as the access ID corresponding to the authentication access control; the judgment module of the authentication access control is used to determine whether the user ID is the access ID corresponding to the authentication access control, including: the authentication access control The judging module obtains the access ID from the foreground terminal, and judges whether the user ID is the access ID corresponding to the authentication access control; or the authentication access control judging module stores the access ID sent by the foreground terminal. access ID, and determine whether the user ID is the access ID corresponding to the authentication access control.
  • this disclosure provides an access control authentication method, device, and system that prevents privacy leakage, and does not store any biometric information and calculated information in the local access control, front-end terminal, or system background.
  • Feature information that is, the first biometric identification information to be verified, the first feature information to be verified, and the first user feature information are not stored. Only the user characteristic information corresponding to the user's biometric information is stored in the user's security device instead of the user's biometric information itself.
  • the authentication access control directly obtains the user's characteristic information from the security device, and compares it with the currently collected guest's characteristic information to be verified.
  • the authentication access control deletes the acquired biometric information, thereby Ensure that no biometric information is retained on authenticated access control and security devices throughout the process. On the one hand, it can ensure that the user's biometric information will not be leaked by the hotel access control, protecting user privacy from being leaked. On the other hand, it can also make the operation of the authentication access control easier. For hotels all over the country and even the world, there is no need to pre-store With the guest's biometric information, any guest can perform access control authentication. In addition, through biometric comparison, it can be ensured that the guest who has passed the verification of the authentication access control is the guest who holds the security device. Since the authentication access control does not need to send biometric information to the background for comparison, the authentication access control can complete all the authentication processes locally, so that the authentication device can be used offline, further improving the convenience of using the authentication device.
  • Another aspect of the present disclosure provides an offline privacy-prevention authentication method, including: the authentication device collects the biometric information to be verified; the user feature information; the authentication device obtains a verification algorithm, and uses the verification algorithm to calculate the biometric information to be verified to obtain the feature information to be verified; the authentication device compares the feature information to be verified locally with the The above user characteristic information, and after the comparison is consistent, it is determined that the authentication is passed; after the authentication is passed, the authentication device deletes the locally stored biometric information to be verified.
  • Another aspect of the present disclosure provides an offline privacy and anti-disclosure authentication system, including an authentication device and a security device held by the user: the security device is used to pre-store user characteristic information obtained by calculating the user's biometric information; The authentication device is used to collect the biometric information to be verified, and obtain the user characteristic information from the security device; the authentication device is also used to obtain a verification algorithm, and use the verification algorithm to verify the The biometric information is calculated to obtain the characteristic information to be verified, and the characteristic information to be verified is compared with the user characteristic information locally, and after the comparison is consistent, it is determined that the authentication is passed; the authentication device is also used to pass the authentication. After that, the biometric information to be verified locally stored is deleted.
  • the present disclosure provides an authentication method and system for offline privacy leakage prevention, and the authentication device does not need to upload the collected biometric information to be verified to the background server or other servers for verification. , the user does not need to save and back up the user characteristic information used for comparison and verification in the background server, and even the user's security device only stores the user characteristic information corresponding to the user biometric information instead of the user biometric information itself.
  • the authentication device directly obtains the user's characteristic information from the security device held by the user. Save biometric information.
  • the authentication device since the authentication device does not need to send biometric information to the background for comparison, the authentication device can complete all authentication processes locally, so that the authentication device can be used offline, further improving the convenience of using the authentication device.
  • FIG. 1 is a flowchart of an access control authentication method for preventing privacy leakage provided by Embodiment 1 of the present disclosure
  • FIG. 2 is a schematic structural diagram of an access control authentication device for preventing privacy leakage provided by Embodiment 2 of the present disclosure
  • Embodiment 3 is a schematic structural diagram of an access control authentication system for preventing privacy leakage provided by Embodiment 2 of the present disclosure
  • FIG. 4 is a schematic structural diagram of an access control authentication system for preventing privacy leakage provided by Embodiment 2 of the present disclosure
  • Embodiment 5 is a schematic structural diagram of an access control authentication system for preventing privacy leakage provided by Embodiment 2 of the present disclosure
  • FIG. 6 is a flowchart of an offline privacy anti-disclosure authentication method provided by Embodiment 3 of the present disclosure.
  • FIG. 7 is a schematic structural diagram of an offline privacy anti-disclosure authentication system provided by Embodiment 3 of the present disclosure.
  • FIG. 1 is a flowchart of an access control authentication method for preventing privacy leakage provided by Embodiment 1 of the present disclosure. As shown in Figure 1, this access control authentication method comprises the following steps (S101-S105):
  • the authentication access control obtains the user ID from the security device held by the occupant, and judges whether the user ID is the access ID corresponding to the authentication access control; if yes, execute step S102.
  • the security device is a device with a security chip, which may be a smart terminal (such as a smart phone, a wearable device), an ID card, a smart card, or a USB-Key with a security chip.
  • the security chip is a trusted platform module. It is a device that can independently generate keys, encrypt and decrypt. It has an independent processor and storage unit inside, which can store keys and feature data, and provide encryption and security authentication services for computers. Encrypted with a security chip, the key is stored in the hardware, and the stolen data cannot be decrypted, thereby protecting business privacy and data security.
  • authentication access control and security equipment can establish short-distance communication connections, such as NFC, Bluetooth, 4G, 5G and other communication methods, to complete data interaction.
  • the access control authentication method provided in this embodiment further includes: the authentication access control and the security device perform mutual verification, and Verification passed. Thereby, the security of the data transmitted between the two devices can be ensured.
  • the user ID may be identification information that uniquely identifies the identity of the user. For example, it can be the ID number of the user, the PIN code set by the user, the serial number of the security device, etc., to ensure that the user who holds the security device is the guest who checks into the access control room.
  • Obtaining the user ID from the security device held by the user for authentication includes: receiving the user ID sent by the security device for the authentication access control.
  • the hotel front desk terminal can obtain the user ID of the guest, and after the identity verification of the guest is passed, the guest room will be allocated to the guest, and the user ID will be used as the authentication access control corresponding to the guest room The access ID.
  • the access control authentication method provided in this embodiment further includes: the front desk terminal obtains the ID of the user, and The ID is used as the access ID corresponding to the authentication access control; optionally, the front-end terminal obtains the ID of the check-in user, including: the front-end terminal obtains the user ID from the security device held by the check-in user as the access ID, that is, receives the ID sent by the security device or, input the user ID on the foreground terminal, and the foreground terminal receives the input user ID.
  • the authentication access control judges whether the user ID is the access ID corresponding to the authentication access control, including: the authentication access control obtains the access ID from the front terminal, and judges whether the user ID is the corresponding access ID of the authentication access control; The access ID sent by the terminal, and judge whether the user ID is the access ID corresponding to the authentication access control.
  • the authentication access control can obtain the access ID from the front desk terminal in real time.
  • the front desk terminal allocates a room for the guest, it will send the access ID to the corresponding authentication access control of the assigned room, and the authentication access control
  • the access ID is stored locally.
  • the security device communicates with the authentication access control.
  • the authentication access control reads the user ID from the security device and compares it. After the comparison is consistent, the authentication passes, thus ensuring The user holding the security device is the guest himself who handles the front desk terminal, and then performs the subsequent steps.
  • the authentication access control collects the first biometric information to be verified of the resident user.
  • the first biometric identification information to be verified may be face image data, voiceprint characteristic data, fingerprint characteristic data, iris characteristic data and other information.
  • the first biometric identification information to be verified may be image data or video data, which is not limited in this embodiment.
  • the first biometric identification information to be verified may include one or more.
  • the identification information can be a combination of face image data and fingerprint feature data, or face image data with different expressions can be collected.
  • the authentication access control obtains the first user characteristic information obtained by calculating the biometric information of the first user from the security device.
  • the access control authentication method before the authentication access control acquires the first user characteristic information obtained by calculating the biometric information of the first user from the security device, the access control authentication method provided in this embodiment further includes: The security device pre-stores the first user feature information. Specifically, the security device can pre-collect the first user biometric information of the security device holder, such as face image data, voiceprint feature data, fingerprint feature data, iris feature data and other information, and use the locally pre-stored verification algorithm to verify The biometric information of the first user is calculated to obtain the characteristic information of the first user, and the characteristic information of the first user is stored in the security device. In this disclosure, the security device does not store the biometric information of the first user, but only the characteristic information of the first user. Since the characteristic information of the first user is a string of characters, it can ensure that the biometric information of the first user is not leaked, that is, to protect User privacy is not disclosed.
  • the user's biometric information pre-stored in the security device can be changed, that is, the user can update the user's biometric information pre-stored in the security device at any time, for example, the user changes the collection of facial images to the collection of fingerprint information or voiceprint feature information, the security device recalculates the re-collected user biometric information according to the locally pre-stored verification algorithm to obtain new first user feature information.
  • the security device recalculates the re-collected user biometric information according to the locally pre-stored verification algorithm to obtain new first user feature information.
  • the verification cannot pass if the user's biometric information before the update is used. This can also prevent the authentication access control from using the user's privacy without deleting the first biometric information to be verified, or when the second Once the verified biometric information is leaked, it can also ensure that the access control authentication cannot pass, avoiding the loss of users.
  • the authentication access control does not need to pre-store the first user biometric information and the first user characteristic information locally or in the system background.
  • the authentication access control obtains the first user characteristic information from the security device.
  • it can ensure that the first user biometric Identification information will not be leaked by hotel access control, protecting user privacy from being leaked.
  • it can also make the operation of authentication access control easier. For hotels all over the country and even the world, there is no need to pre-store guests’ biometric information in advance. Any guest can perform access control authentication.
  • the authentication access control acquires a first verification algorithm, and uses the first verification algorithm to calculate the first biometric identification information to be verified to obtain first feature information to be verified.
  • the authentication access control obtains the first verification algorithm, including the following three methods:
  • Method 1 The authentication access control obtains the verification algorithm corresponding to the first verification algorithm identification from the local according to the identification of the first verification algorithm obtained from the security device; or,
  • Method 2 The authentication access control obtains the verification algorithm corresponding to the identification of the first verification algorithm from the background according to the identification of the first verification algorithm; or,
  • Method 3 The authentication access control obtains the first authentication algorithm from the security device.
  • the method provided in this embodiment further includes: the authentication access control obtains the identifier of the first verification algorithm from the security device. If the algorithm corresponding to the identifier of the first verification algorithm is pre-stored locally, it can be obtained locally; if not pre-stored locally, the verification algorithm corresponding to the identifier of the first verification algorithm can be obtained from the background.
  • the first verification algorithm can be a hash algorithm, an encryption algorithm and other algorithms, and the biometric information (such as the first user characteristic information and the first characteristic information to be verified) calculated by the first verification algorithm is irreversible data, that is, it cannot be Get biometric information.
  • the authentication access control locally compares the first feature information to be verified with the first user feature information, and after the comparison is consistent, determines that the authentication is passed, performs the door opening operation, and deletes the locally stored first biometric information to be verified.
  • the access control authentication method provided in this embodiment further includes: authenticating the access control and deleting the locally stored first feature information to be verified and the first user feature information.
  • the authentication access control local or system background does not store any biometric information and calculated feature information, that is, does not store the first biometric information to be verified, the first feature information to be verified, and the first user feature information.
  • the authentication access control obtains the first user characteristic information from the security device, and compares it with the first characteristic information of the currently collected residents to be verified. On the one hand, it can ensure that the first user's biometric information will not be The hotel access control is leaked, protecting user privacy from being leaked. On the other hand, it can also make the operation of the authentication access control easier. For hotels all over the country or even the world, there is no need to pre-store the guest's biometric information in advance, and any guest can perform Access control authentication.
  • the access control authentication method provided in this embodiment further includes: the foreground terminal collects the second biometric to be verified of the check-in user identification information; the front desk terminal obtains the second user's biometric information from the security device held by the check-in user and calculates the second user characteristic information; the front desk terminal obtains the second verification algorithm, and uses the second verification algorithm to verify the second user's The biometric information to be verified is calculated to obtain the second characteristic information to be verified; the front desk terminal compares the second characteristic information to be verified with the second user characteristic information locally, and after the comparison is consistent, it determines that the authentication is passed, and deletes the locally stored check-in information.
  • the user's second biometric identification information to be verified, and the step of obtaining the ID of the user at the front desk is executed.
  • the front desk terminal collects the guest's second biometric identification information to be verified in the same manner as the above step S102-step S105, obtains the second user characteristic information from the security device, and obtains the second verification algorithm calculation
  • the second feature information to be verified is obtained, and the second feature information to be verified is compared with the second user feature information.
  • first and “second” refer to the same type of information obtained twice, for example, the first biometric information to be verified and the second biometric information to be verified respectively represent the biometric information to be verified and the biometric information to be verified collected by the authentication access control.
  • the biometric information to be verified collected by the front-end terminal is not directly related, and the "first" and “second” information can be the same or different.
  • the first user biometric information and the second user biometric information, the first user characteristic information and the second user characteristic information, and the first verification algorithm and the second verification algorithm also appear in the text, which should be understood as above.
  • the acquisition of the second verification algorithm by the foreground terminal includes: the foreground terminal obtains locally the ID corresponding to the identification of the second verification algorithm according to the identification of the second verification algorithm obtained from the security device.
  • the foreground terminal deletes the locally stored second characteristic information to be verified and the second user characteristic information.
  • the foreground terminal or the system background does not store any biometric information and calculated feature information, that is, does not store the second biometric information to be verified, the second feature information to be verified, and the second user feature information.
  • the front-end terminal obtains the second user’s characteristic information from the security device, and compares it with the currently collected guest’s second to-be-verified characteristic information.
  • it can ensure that the second user’s biometric information will not be
  • the front desk of the hotel is leaked to protect the privacy of users from being leaked.
  • it can also make the operation of the front desk terminal easier. For hotels all over the country and even the world, there is no need to pre-store the biometric information of the guests in advance, and any guest can perform Check-in verification.
  • the authentication access control local, front-end terminal local or system background does not store any biometric information and calculated feature information, that is, does not store the first biometric information to be verified, the first biometric information to be verified
  • the characteristic information and the characteristic information of the first user are verified. Only the user characteristic information corresponding to the user's biometric information is stored in the user's security device instead of the user's biometric information itself.
  • the authentication access control directly obtains the user's characteristic information from the security device, and compares it with the currently collected guest's characteristic information to be verified.
  • the authentication access control deletes the acquired biometric information, thereby Ensure that no biometric information is retained on authenticated access control and security devices throughout the process. On the one hand, it can ensure that the user's biometric information will not be leaked by the hotel access control, protecting user privacy from being leaked. On the other hand, it can also make the operation of the authentication access control easier. For hotels all over the country and even the world, there is no need to pre-store With the guest's biometric information, any guest can perform access control authentication. In addition, through biometric comparison, it can be ensured that the guest who has passed the verification of the authentication access control is the guest who holds the security device. Since the authentication access control does not need to send biometric information to the background for comparison, the authentication access control can complete all the authentication processes locally, so that the authentication device can be used offline, further improving the convenience of using the authentication device.
  • This embodiment provides an access control authentication system for preventing privacy leakage and an access control authentication device for preventing privacy leakage.
  • the access control authentication system and access control authentication device can implement the access control authentication method provided in Embodiment 1.
  • This embodiment only briefly describes the structure of the access control authentication system and the access control authentication device. For other unfinished matters, please refer to the description in Embodiment 1.
  • FIG. 2 is a schematic structural diagram of an access control authentication device for preventing privacy leakage provided by this embodiment.
  • FIG. 3 to FIG. 5 are schematic structural diagrams of the access control authentication system for preventing privacy leakage provided by this embodiment.
  • the access control device for preventing privacy leakage includes:
  • Judgment module used to obtain the user ID from the security device held by the user, and judge whether the user ID is the access ID corresponding to the authentication access control; if so, trigger the collection module to collect the first biometric information to be verified of the user;
  • the collection module is used to collect the first biometric information to be verified of the user
  • An acquisition module configured to acquire the first user characteristic information obtained by calculating the first user's biometric information from the security device
  • the calculation module is used to obtain the first verification algorithm, and use the first verification algorithm to calculate the first biometric information to be verified to obtain the first characteristic information to be verified;
  • the processing module is used to locally compare the first feature information to be verified with the first user feature information, and after the comparison is consistent, determine that the authentication is passed, perform the door opening operation, and delete the locally stored biometric information to be verified.
  • the acquisition module acquires the first verification algorithm in the following manner:
  • the verification algorithm corresponding to the identification of the first verification algorithm is obtained locally; or, the authentication access control obtains the identification corresponding to the first verification algorithm from the background according to the identification of the first verification algorithm the verification algorithm; or, obtain the first verification algorithm from the security device.
  • the processing module is further configured to delete the locally stored first feature information to be verified and the first user feature information.
  • the access control authentication system for preventing privacy leakage includes: an access control device and a safety device for preventing privacy leakage; wherein: the safety device is used to send a user ID to the authentication access control; the safety device is also used for Sending the first user characteristic information obtained by calculating the biometric information of the first user to the authentication access control.
  • the access control authentication system for preventing privacy leakage includes: an access control device and a front terminal for preventing privacy leakage;
  • the judgment module of the authentication access control is used to judge whether the user ID is the access ID corresponding to the authentication access control, including: the authentication access control judgment module obtains the access ID from the front terminal, and judges whether the user ID corresponds to the authentication access control or, the judging module of the authentication access control stores the access ID sent by the foreground terminal, and judges whether the user ID is the corresponding access ID of the authentication access control.
  • the access control authentication system for preventing privacy leakage includes: the above-mentioned access control device for preventing privacy leakage, security equipment, and a front terminal.
  • the security device and the foreground terminal respectively perform the functions described in the relevant parts of FIG. 3 and FIG. 4 above, which will not be repeated here.
  • the front desk terminal is also used to collect the second verification ID of the user before obtaining the ID of the user.
  • Biometric information obtain the second user's biometric information from the security device held by the resident user and calculate the second user's characteristic information; obtain the second verification algorithm, and use the second verification algorithm to verify the second biometric information of the resident user to be verified.
  • the identification information is calculated to obtain the second feature information to be verified; the second feature information to be verified and the second user feature information are compared locally, and after the comparison is consistent, it is determined that the authentication is passed, and the second pending user's locally stored information is deleted. Verify the biometric information, and execute the operation that the front desk terminal obtains the ID of the check-in user.
  • the foreground terminal obtains the second verification algorithm in the following manner: the foreground terminal obtains the second verification algorithm according to the second verification algorithm obtained from the security device The identification of the verification algorithm obtains the verification algorithm corresponding to the identification of the second verification algorithm locally; or, the foreground terminal obtains the verification algorithm corresponding to the identification of the second verification algorithm from the background according to the identification of the second verification algorithm; or, the front terminal obtains the verification algorithm corresponding to the identification of the second verification algorithm from the background; The second verification algorithm is obtained from the security device.
  • the foreground terminal is also used to delete the locally stored second characteristic information to be verified and the second user characteristic information .
  • the access control authentication device and system for preventing privacy leakage no biometric information and calculated characteristic information will be stored in the local authentication access control, the front terminal local or the system background, that is, the first biometric information to be verified, the second Feature information to be verified and feature information of the first user. Only the user characteristic information corresponding to the user's biometric information is stored in the user's security device instead of the user's biometric information itself.
  • the authentication access control directly obtains the user's characteristic information from the security device, and compares it with the currently collected guest's characteristic information to be verified. After the authentication is completed, the authentication access control deletes the acquired biometric information, thereby Ensure that no biometric information is retained on authenticated access control and security devices throughout the process.
  • the hotel access control can ensure that the user's biometric information will not be leaked by the hotel access control, protecting user privacy from being leaked.
  • it can also make the operation of the authentication access control easier. For hotels all over the country and even the world, there is no need to pre-store With the guest's biometric information, any guest can perform access control authentication.
  • biometric comparison it can be ensured that the guest who has passed the verification of the authentication access control is the guest who holds the security device. Since the authentication access control does not need to send biometric information to the background for comparison, the authentication access control can complete all the authentication processes locally, so that the authentication device can be used offline, further improving the convenience of using the authentication device.
  • This embodiment provides an offline privacy leak prevention authentication method, as shown in Figure 6, including:
  • step S201 the authentication device collects biometric information to be verified.
  • the biometric information may be face, fingerprint, iris, palmprint and other information, and the authentication device uses the corresponding device to collect the corresponding biometric information.
  • the authentication device acquires user characteristic information calculated from the user's biometric identification information from the security device held by the user.
  • a user can hold a security device, which can uniquely identify the user itself.
  • the security device may have the function of a USB key, and a security chip may be provided in the security device to ensure the security of storage in the security device.
  • Users use their own security devices to pre-acquire feature information obtained by calculating their own biometric information. For example, after a user activates the security device, he collects the user's face information through the security device itself or other external devices, and uses The preset algorithm calculates the user's face information to obtain a feature value, and the security device stores the feature value of the face information and deletes the collected face information.
  • the authentication device when it needs to obtain user characteristic information for comparison, it may send a request for user characteristic information to the security device, and after receiving the request, the security device sends the user characteristic information to the authentication device.
  • step S203 the authentication device acquires a verification algorithm, and uses the verification algorithm to calculate the biometric information to be verified to obtain feature information to be verified.
  • the verification algorithm is consistent with the algorithm used by the previous security device to calculate the user characteristic information, so as to facilitate the comparison between the information to be verified and the user characteristic information.
  • the corresponding algorithm is obtained through the identification of the verification algorithm.
  • the authentication device may locally obtain the verification algorithm corresponding to the identifier according to the identifier; or the authentication device may obtain the verification algorithm corresponding to the identifier from the background according to the identifier.
  • the authentication device may also directly obtain the verification algorithm from the security device.
  • the verification algorithm used to calculate the user characteristic information is pre-stored in the security device, and the verification algorithm is sent to the authentication device at the same time as the user characteristic; it is also possible to send a request for the verification algorithm to the security device when the authentication device needs to use it.
  • the security device then sends the verification algorithm to the authentication device. Data security can be further ensured by storing the verification algorithm in a secure device.
  • step S204 the authentication device locally compares the feature information to be verified with the user feature information, and determines that the authentication is passed after the comparison is consistent. Specifically, if the current biometric information to be verified is indeed the user's own biometric information, the characteristic information to be verified calculated by using the biometric information to be verified should be consistent with the user characteristic information sent by the security device, that is, it can be passed certified.
  • step S205 the authentication device deletes the locally stored biometric information to be verified after passing the authentication. Specifically, in order to prevent the leakage of the biometric information to be verified, the authentication device should immediately delete the biometric information to be verified after passing the authentication. In an optional implementation manner, the authentication device should also delete the locally stored feature information to be verified and user feature information to further ensure that the biometric information is not leaked.
  • the authentication device does not need to upload the collected biometric information to be verified to the background server or other servers for verification, and the user does not need to save the user characteristic information used for comparison and verification.
  • the backup is in the background server, and even the user's security device only stores the user's characteristic information corresponding to the user's biometric information instead of the user's biometric information itself.
  • the authentication device directly obtains the user's characteristic information from the security device held by the user. Save biometric information.
  • the authentication device since the authentication device does not need to send biometric information to the background for comparison, the authentication device can complete all authentication processes locally, so that the authentication device can be used offline, further improving the convenience of using the authentication device.
  • the authentication device before the authentication device obtains the user characteristic information obtained by calculating the user's biometric information from the security device held by the user, it further includes: step S201a, the authentication device and the security device communicate with each other Verification, and verification passed. Specifically, this step can be completed before the step of the authentication device acquiring user characteristic information, or before the step of the authentication device acquiring biometric information to be verified. Through the mutual verification of the authentication device and the security device, the authenticity of the authentication device and the security device can be further verified to prevent information leakage.
  • the biometric information to be verified includes: first biometric information to be verified and second biometric information to be verified, the first biometric information to be verified is specific biometric information, and the second biometric information to be verified Verify biometrics as custom biometrics.
  • the biometric information to be verified includes two types of biometric information
  • the user characteristic information of the two types of biometric information should also be pre-stored in the security device held by the user.
  • the first biometric information to be verified may be standard facial information
  • the second biometric information to be verified may be facial information with expressions or other biometric information such as fingerprints.
  • the second biometric information to be verified can be customized by the user at any time. The user can choose to add the authentication of the customized biometric information in a certain authentication, or choose not to increase the authentication of the customized biometric information, and the user can Change the type of custom biometrics to increase the reliability of verification.
  • the authentication device judges whether the biometric information to be verified is preset information, and if it is preset information, performs a first preset operation.
  • the preset information is preset as specific facial expression information, for example, it can be information such as blinking multiple times in a row, blinking in turn, nodding multiple times in a row, etc.
  • you can set the operation corresponding to the preset information . For example, blinking three times in turn can be agreed as a warning action for the user to encounter an emergency, and when the authentication device detects the facial expression of the user, the alarm operation can be performed immediately.
  • the authentication device performs a second preset operation after passing the authentication.
  • the authentication device may be a payment device, the above steps may be verification steps in the payment process, and subsequent payment operations may be performed after the authentication is completed.
  • This embodiment also provides an offline privacy and anti-disclosure authentication system that implements the above method flow, as shown in FIG. 7 , including an authentication device and a security device held by a user.
  • the security device is used to pre-store user characteristic information obtained by calculating the user's biometric information; specifically, a user can hold a security device, which can uniquely identify the user itself.
  • the security device may have the function of a USB key, and a security chip may be provided in the security device to ensure the security of storage in the security device.
  • Users use their own security devices to pre-acquire feature information obtained by calculating their own biometric information. For example, after a user activates the security device, he collects the user's face information through the security device itself or other external devices, and uses The preset algorithm calculates the user's face information to obtain a feature value, and the security device stores the feature value of the face information and deletes the collected face information. It can be seen that only the characteristic information of the user's biometric identification information is stored in the security device without storing the biometric information itself, which can further ensure that the biometric information will not be leaked.
  • the authentication device is used to collect biometric information to be verified and obtain user characteristic information from the security device; specifically, when the authentication device needs to obtain user characteristic information for comparison, it can send a request for user characteristic information to the security device After receiving the request, the security device sends the user characteristic information to the authentication device.
  • the authentication device is also used to obtain a verification algorithm, using the verification algorithm to calculate the biometric information to be verified to obtain the characteristic information to be verified, compare the characteristic information to be verified with the user characteristic information locally, and determine that the authentication is passed after the comparison is consistent; Specifically, the verification algorithm is consistent with the algorithm used by the previous security device to calculate the user characteristic information, so as to facilitate the comparison between the information to be verified and the user characteristic information. If the current biometric information to be verified is indeed the user's own biometric information, the characteristic information to be verified calculated by using the biometric information to be verified should be consistent with the user characteristic information sent by the security device, that is, the authentication can be passed.
  • the corresponding algorithm is obtained through the identification of the verification algorithm.
  • the authentication device may locally obtain the verification algorithm corresponding to the identifier according to the identifier; or the authentication device may obtain the verification algorithm corresponding to the identifier from the background according to the identifier.
  • the authentication device may also directly obtain the verification algorithm from the security device.
  • the verification algorithm used to calculate the user characteristic information is pre-stored in the security device, and the verification algorithm is sent to the authentication device at the same time as the user characteristic; it is also possible to send a request for the verification algorithm to the security device when the authentication device needs to use it.
  • the security device then sends the verification algorithm to the authentication device. Data security can be further ensured by storing the verification algorithm in a secure device.
  • the authentication device is also used to delete the locally stored biometric information to be verified after the authentication is passed. Specifically, in order to prevent the leakage of the biometric information to be verified, the authentication device should immediately delete the biometric information to be verified after passing the authentication. In an optional implementation manner, the authentication device should also delete the locally stored feature information to be verified and user feature information to further ensure that the biometric information is not leaked.
  • the authentication device does not need to upload the collected biometric information to be verified to the background server or other servers for verification, and the user does not need to save the user characteristic information for comparison and verification.
  • the backup is in the background server, and even the user's security device only stores the user's characteristic information corresponding to the user's biometric information instead of the user's biometric information itself.
  • the authentication device directly obtains the user's characteristic information from the security device held by the user. Save biometric information.
  • the authentication device since the authentication device does not need to send biometric information to the background for comparison, the authentication device can complete all authentication processes locally, so that the authentication device can be used offline, further improving the convenience of using the authentication device.
  • the authentication device before the authentication device obtains the user characteristic information obtained by calculating the user's biometric information from the security device held by the user, the authentication device is also used to perform mutual authentication with the security device, And the verification is passed. Specifically, the authentication device may complete the authentication with the security device before acquiring user characteristic information, or complete the authentication with the security device before collecting the biometric information to be verified. Through the mutual verification of the authentication device and the security device, the authenticity of the authentication device and the security device can be further verified to prevent information leakage.
  • the biometric information to be verified includes: first biometric information to be verified and second biometric information to be verified, the first biometric information to be verified is specific biometric information, and the second biometric information to be verified Verify biometrics as custom biometrics.
  • the biometric information to be verified includes two types of biometric information
  • the user characteristic information of the two types of biometric information should also be pre-stored in the security device held by the user.
  • the first biometric information to be verified may be standard facial information
  • the second biometric information to be verified may be facial information with expressions or other biometric information such as fingerprints.
  • the second biometric information to be verified can be customized by the user at any time. The user can choose to add the authentication of the customized biometric information in a certain authentication, or choose not to increase the authentication of the customized biometric information, and the user can Change the type of custom biometrics to increase the reliability of verification.
  • the authentication device is further configured to determine whether the biometric information to be verified is preset information, and if it is preset information, perform a first preset operation.
  • the preset information is preset as specific facial expression information, for example, it can be information such as blinking multiple times in a row, blinking in turn, nodding multiple times in a row, etc.
  • you can set the operation corresponding to the preset information . For example, blinking three times in turn can be agreed as a warning action for the user to encounter an emergency, and when the authentication device detects the facial expression of the user, the alarm operation can be performed immediately.
  • the authentication device is further configured to execute a second preset operation after the authentication is passed.
  • the authentication device may be a payment device, the above operation may be a verification process in the payment process, and subsequent payment operations may be performed after the authentication is completed.

Abstract

An access control authentication method, apparatus and system for preventing a privacy leak, the method comprising: authentication access control acquiring a user ID from a security device held by a check-in user, and determining whether the user ID is an access ID corresponding to the authentication access control (S101); if so, collecting first biometric information to be verified of the check-in user (S102); acquiring, from the security device, first user feature information obtained by means of performing calculation on first user biometric information (S103); acquiring a first verification algorithm, and calculating said first biometric information by means of using the first verification algorithm, so as to obtain first feature information to be verified (S104); and locally comparing said first feature information with the first user feature information, and after the comparison result indicates that said first feature information and the first user feature information are consistent, determining that the authentication is passed, executing a door opening operation, and deleting said first biometric information that is stored locally (S105).

Description

一种防止隐私泄露的门禁认证方法、装置及系统An access control authentication method, device and system for preventing privacy leakage
相关申请的交叉引用Cross References to Related Applications
本公开要求于2021年05月11日提交的申请号为202110513327.9,名称为“一种可脱机隐私防泄漏认证方法和系统”、以及2021年05月11日提交的申请号为202110513328.3,名称为“一种防止隐私泄露的门禁认证方法、装置及系统”的中国专利申请的优先权,其全部内容通过引用结合在本公开中。This disclosure requires that the application number submitted on May 11, 2021 be 202110513327.9, titled "An Offline Privacy Leakage Prevention Authentication Method and System", and the application number submitted on May 11, 2021 be 202110513328.3, titled The priority of the Chinese patent application for "Access Control Authentication Method, Device and System for Preventing Privacy Leakage", the entire content of which is incorporated in this disclosure by reference.
技术领域technical field
本公开涉及一种电子技术领域,尤其涉及一种防止隐私泄露的门禁认证方法、装置及系统、可脱机隐私防泄露认证方法和系统。The present disclosure relates to the field of electronic technology, and in particular to an access control authentication method, device and system for preventing privacy leakage, and an offline privacy leakage prevention authentication method and system.
背景技术Background technique
随着科学技术的不断进步,酒店也越来越科技化,越来越智能化。随着酒店业竞争的加剧,酒店之间比拼品牌、客源、服务、价格,还需借助先进化、智慧化的高科技信息化手段提升管理水平和营销能力。目前酒店门禁中可以利用人脸、指纹等生物特征来进行门禁验证,在验证通过后,可以为客人打开房门。但是,利用生物特征验证身份的技术在给人们带来便利的同时,也增加了生物特征隐私泄露的风险,引发了人们对于隐私侵犯的担忧。With the continuous advancement of science and technology, hotels are becoming more and more technological and intelligent. With the intensification of competition in the hotel industry, hotels are competing for brand, customer source, service, and price, and they need to use advanced and intelligent high-tech information methods to improve their management and marketing capabilities. At present, in the hotel access control, biometric features such as face and fingerprint can be used for access control verification. After the verification is passed, the door can be opened for the guest. However, while the technology of using biometric identity verification brings convenience to people, it also increases the risk of biometric privacy leakage, which has aroused people's concerns about privacy violations.
在相关技术中的生物特征识别流程中,酒店后台服务器一般要先采集用户的生物特征信息备份留存用于后续的比对。在需要进行验证时,由酒店前台终端现场采集生物特征信息,发送给后台服务器与留存备份的生物特征信息进行比对,在这个过程中,酒店前台终端和后台服务器均可以留存生物特征信息,且传输过程中生物识别信息也可能被截获,因此容易造成生物特征信息泄露的风险。In the biometric identification process in the related art, the background server of the hotel generally collects the biometric information of the user as a backup and saves it for subsequent comparison. When verification is required, the hotel front-end terminal collects the biometric information on site, and sends it to the back-end server for comparison with the retained backup biometric information. During this process, both the hotel front-end terminal and the back-end server can retain the biometric information, and Biometric information may also be intercepted during transmission, so it is easy to cause the risk of biometric information leakage.
公开内容public content
本公开旨在解决上述问题之一。The present disclosure aims to solve one of the above-mentioned problems.
本公开的主要目的在于提供一种防止隐私泄露的门禁认证方法。The main purpose of the present disclosure is to provide an access control authentication method that prevents privacy leakage.
本公开的另一目的在于提供一种防止隐私泄露的门禁认证装置。Another object of the present disclosure is to provide an access control authentication device that prevents privacy leakage.
本公开的另一目的在于提供一种防止隐私泄露的门禁认证系统。Another object of the present disclosure is to provide an access control authentication system that prevents privacy leakage.
本公开的另一目的在于提供一种可脱机隐私防泄露认证方法。Another object of the present disclosure is to provide an offline privacy leakage prevention authentication method.
本公开的另一目的在于提供一种可脱机隐私防泄露认证系统。Another object of the present disclosure is to provide an offline privacy leakage prevention authentication system.
为达到上述目的,本公开的技术方案具体是这样实现的:In order to achieve the above purpose, the technical solution of the present disclosure is specifically implemented as follows:
本公开一方面提供了一种防止隐私泄露的门禁认证方法,包括:认证门禁从入住用户持 有的安全设备中获取用户ID,判断所述用户ID是否为所述认证门禁对应的准入ID;如果是,所述认证门禁采集所述入住用户的第一待验证生物识别信息;所述认证门禁从所述安全设备中获取对第一用户生物识别信息进行计算得到的第一用户特征信息;所述认证门禁获取第一验证算法,利用所述第一验证算法对所述第一待验证生物识别信息进行计算得到第一待验证特征信息;所述认证门禁在本地比对所述第一待验证特征信息和所述第一用户特征信息,并在比对一致后,确定认证通过,执行开门操作,并删除本地存储的所述第一待验证生物识别信息。On the one hand, the present disclosure provides an access control authentication method for preventing privacy leakage, including: the authentication access control obtains a user ID from a security device held by a resident user, and determines whether the user ID is the access ID corresponding to the authentication access control; If so, the authentication access control collects the first biometric information to be verified of the check-in user; the authentication access control obtains the first user characteristic information obtained by calculating the first user biometric information from the security device; The authentication access control obtains a first verification algorithm, and uses the first verification algorithm to calculate the first biometric information to be verified to obtain the first characteristic information to be verified; the authentication access control compares the first verification information locally The feature information is compared with the first user feature information, and after the comparison is consistent, it is determined that the authentication is passed, the door is opened, and the locally stored first biometric identification information to be verified is deleted.
本公开另一方面提供了一种防止隐私泄露的门禁认证装置,包括:判断模块,用于从入住用户持有的安全设备中获取用户ID,判断所述用户ID是否为所述认证门禁对应的准入ID;如果是,则触发采集模块采集所述入住用户的第一待验证生物识别信息;所述采集模块,用于采集所述入住用户的第一待验证生物识别信息;获取模块,用于从所述安全设备中获取对第一用户生物识别信息进行计算得到的第一用户特征信息;计算模块,用于获取第一验证算法,利用所述第一验证算法对所述第一待验证生物识别信息进行计算得到第一待验证特征信息;处理模块,用于在本地比对所述第一待验证特征信息和所述第一用户特征信息,并在比对一致后,确定认证通过,执行开门操作,并删除本地存储的所述待验证生物识别信息。Another aspect of the present disclosure provides an access control authentication device for preventing privacy leakage, including: a judging module, configured to obtain a user ID from a security device held by an occupant, and judge whether the user ID corresponds to the authentication access control Access ID; if yes, trigger the collection module to collect the first biometric information to be verified of the user; the collection module is used to collect the first biometric information to be verified of the user; the acquisition module uses Obtaining the first user characteristic information obtained by calculating the first user's biometric information from the security device; the calculation module is configured to obtain a first verification algorithm, and use the first verification algorithm to perform the first verification on the first user to be verified. The biometric information is calculated to obtain the first feature information to be verified; the processing module is used to locally compare the first feature information to be verified with the first user feature information, and determine that the authentication is passed after the comparison is consistent, Execute the door opening operation, and delete the biometric information to be verified locally stored.
本公开另一方面提供了一种防止隐私泄露的门禁认证系统,包括:如上所述的防止隐私泄露的门禁装置和安全设备,其中:所述安全设备,用于向所述认证门禁发送所述用户ID;所述安全设备,还用于向所述认证门禁发送对第一用户生物识别信息进行计算得到的第一用户特征信息。Another aspect of the present disclosure provides an access control authentication system for preventing privacy leakage, including: the above-mentioned access control device for preventing privacy leakage and a security device, wherein: the security device is used to send the authentication access control User ID: the security device is further configured to send the first user characteristic information obtained by calculating the first user biometric information to the authentication access control.
本公开另一方面提供了一种防止隐私泄露的门禁认证系统,包括:如上所述的防止隐私泄露的门禁装置和前台终端,其中:所述前台终端,用于获取入住用户的ID,并将所述ID作为所述认证门禁对应的所述准入ID;所述认证门禁的判断模块,用于判断所述用户ID是否为所述认证门禁对应的准入ID,包括:所述认证门禁的判断模块从所述前台终端获取所述准入ID,并判断所述用户ID是否为所述认证门禁对应的准入ID;或者所述认证门禁的判断模块存储所述前台终端发送的所述准入ID,并判断所述用户ID是否为所述认证门禁对应的准入ID。Another aspect of the present disclosure provides an access control authentication system for preventing privacy leakage, including: the above-mentioned access control device for preventing privacy leakage and a front desk terminal, wherein: the front desk terminal is used to obtain the ID of the user staying in, and The ID is used as the access ID corresponding to the authentication access control; the judgment module of the authentication access control is used to determine whether the user ID is the access ID corresponding to the authentication access control, including: the authentication access control The judging module obtains the access ID from the foreground terminal, and judges whether the user ID is the access ID corresponding to the authentication access control; or the authentication access control judging module stores the access ID sent by the foreground terminal. access ID, and determine whether the user ID is the access ID corresponding to the authentication access control.
由上述本公开提供的技术方案可以看出,本公开提供了一种防止隐私泄露的门禁认证方法、装置及系统,认证门禁本地、前台终端本地或系统后台不存储任何生物识别信息和计算得到的特征信息,即不存储第一待验证生物识别信息、第一待验证特征信息和第一用户特征信息。用户的安全设备中也只存储用户生物识别信息对应的用户特征信息而非用户生 物识别信息本身。在需要认证时,认证门禁直接从安全设备中获取用户特征信息,并与当前采集到的住客的待验证特征信息进行比对,在认证结束后,认证门禁删除获取到的生物识别信息,从而在整个流程中保证认证门禁和安全设备均不留存生物识别信息。一方面可以保证用户生物识别信息不会被酒店门禁泄露,保护用户隐私不被泄露,另一方面还可以使得认证门禁的操作更简便,对于遍布全国各地甚至全世界的酒店而言,无需提前预存客人的生物特征信息,任何客人均可以进行门禁认证。此外,通过生物特征比对,可以确保认证门禁验证通过的客人即为持有安全设备的客人本人。由于该认证门禁无需向后台发送生物识别信息进行比对,认证门禁在本地可以完成所有认证过程,使得该认证设备可以在脱机的情形下使用,进一步提高认证设备使用的便捷性。It can be seen from the above-mentioned technical solutions provided by this disclosure that this disclosure provides an access control authentication method, device, and system that prevents privacy leakage, and does not store any biometric information and calculated information in the local access control, front-end terminal, or system background. Feature information, that is, the first biometric identification information to be verified, the first feature information to be verified, and the first user feature information are not stored. Only the user characteristic information corresponding to the user's biometric information is stored in the user's security device instead of the user's biometric information itself. When authentication is required, the authentication access control directly obtains the user's characteristic information from the security device, and compares it with the currently collected guest's characteristic information to be verified. After the authentication is completed, the authentication access control deletes the acquired biometric information, thereby Ensure that no biometric information is retained on authenticated access control and security devices throughout the process. On the one hand, it can ensure that the user's biometric information will not be leaked by the hotel access control, protecting user privacy from being leaked. On the other hand, it can also make the operation of the authentication access control easier. For hotels all over the country and even the world, there is no need to pre-store With the guest's biometric information, any guest can perform access control authentication. In addition, through biometric comparison, it can be ensured that the guest who has passed the verification of the authentication access control is the guest who holds the security device. Since the authentication access control does not need to send biometric information to the background for comparison, the authentication access control can complete all the authentication processes locally, so that the authentication device can be used offline, further improving the convenience of using the authentication device.
本公开另一方面提供了一种可脱机隐私防泄露认证方法,包括:认证设备采集待验证生物识别信息;所述认证设备从用户持有的安全设备中获取对用户生物识别信息进行计算得到的用户特征信息;所述认证设备获取验证算法,利用所述验证算法对所述待验证生物识别信息进行计算得到待验证特征信息;所述认证设备在本地比对所述待验证特征信息和所述用户特征信息,并在比对一致后,确定认证通过;所述认证设备在认证通过后,删除本地存储的所述待验证生物识别信息。Another aspect of the present disclosure provides an offline privacy-prevention authentication method, including: the authentication device collects the biometric information to be verified; the user feature information; the authentication device obtains a verification algorithm, and uses the verification algorithm to calculate the biometric information to be verified to obtain the feature information to be verified; the authentication device compares the feature information to be verified locally with the The above user characteristic information, and after the comparison is consistent, it is determined that the authentication is passed; after the authentication is passed, the authentication device deletes the locally stored biometric information to be verified.
本公开另一方面提供了一种可脱机隐私防泄露认证系统,包括认证设备和用户持有的安全设备:所述安全设备,用于预存对用户生物识别信息进行计算得到的用户特征信息;所述认证设备,用于采集待验证生物识别信息,并从所述安全设备中获取所述用户特征信息;所述认证设备,还用于获取验证算法,利用所述验证算法对所述待验证生物识别信息进行计算得到待验证特征信息,在本地比对所述待验证特征信息和所述用户特征信息,并在比对一致后,确定认证通过;所述认证设备,还用于在认证通过后,删除本地存储的所述待验证生物识别信息。Another aspect of the present disclosure provides an offline privacy and anti-disclosure authentication system, including an authentication device and a security device held by the user: the security device is used to pre-store user characteristic information obtained by calculating the user's biometric information; The authentication device is used to collect the biometric information to be verified, and obtain the user characteristic information from the security device; the authentication device is also used to obtain a verification algorithm, and use the verification algorithm to verify the The biometric information is calculated to obtain the characteristic information to be verified, and the characteristic information to be verified is compared with the user characteristic information locally, and after the comparison is consistent, it is determined that the authentication is passed; the authentication device is also used to pass the authentication. After that, the biometric information to be verified locally stored is deleted.
由上述本公开提供的技术方案可以看出,本公开提供了一种可脱机隐私防泄露认证方法和系统,认证设备无需将采集到的待验证生物识别信息上传到后台服务器或者其他服务器进行验证,用户也不需要将用于比对验证的用户特征信息留存备份在后台服务器中,甚至用户的安全设备中也只存储用户生物识别信息对应的用户特征信息而非用户生物识别信息本身。当需要进行验证时,认证设备直接从用户持有的安全设备中获取用户特征信息,在认证结束后,认证设备删除获取到的生物识别信息,从而在整个流程中保证认证设备和安全设备均不留存生物识别信息。此外,由于该认证设备无需向后台发送生物识别信息进行比对,认证设备在本地可以完成所有认证过程,使得该认证设备可以在脱机的情形下使用,进一步提高认证设备使用的便捷性。It can be seen from the above-mentioned technical solutions provided by the present disclosure that the present disclosure provides an authentication method and system for offline privacy leakage prevention, and the authentication device does not need to upload the collected biometric information to be verified to the background server or other servers for verification. , the user does not need to save and back up the user characteristic information used for comparison and verification in the background server, and even the user's security device only stores the user characteristic information corresponding to the user biometric information instead of the user biometric information itself. When verification is required, the authentication device directly obtains the user's characteristic information from the security device held by the user. Save biometric information. In addition, since the authentication device does not need to send biometric information to the background for comparison, the authentication device can complete all authentication processes locally, so that the authentication device can be used offline, further improving the convenience of using the authentication device.
附图说明Description of drawings
图1为本公开实施例1提供的防止隐私泄露的门禁认证方法的流程图;FIG. 1 is a flowchart of an access control authentication method for preventing privacy leakage provided by Embodiment 1 of the present disclosure;
图2为本公开实施例2提供的防止隐私泄露的门禁认证装置的结构示意图;FIG. 2 is a schematic structural diagram of an access control authentication device for preventing privacy leakage provided by Embodiment 2 of the present disclosure;
图3为本公开实施例2提供的防止隐私泄露的门禁认证系统的结构示意图;3 is a schematic structural diagram of an access control authentication system for preventing privacy leakage provided by Embodiment 2 of the present disclosure;
图4为本公开实施例2提供的防止隐私泄露的门禁认证系统的结构示意图;FIG. 4 is a schematic structural diagram of an access control authentication system for preventing privacy leakage provided by Embodiment 2 of the present disclosure;
图5为本公开实施例2提供的防止隐私泄露的门禁认证系统的结构示意图;5 is a schematic structural diagram of an access control authentication system for preventing privacy leakage provided by Embodiment 2 of the present disclosure;
图6为本公开实施例3提供的可脱机隐私防泄露认证方法的流程图;FIG. 6 is a flowchart of an offline privacy anti-disclosure authentication method provided by Embodiment 3 of the present disclosure;
图7为本公开实施例3提供的可脱机隐私防泄露认证系统的结构示意图。FIG. 7 is a schematic structural diagram of an offline privacy anti-disclosure authentication system provided by Embodiment 3 of the present disclosure.
具体实施方式Detailed ways
实施例1Example 1
本实施例提供了一种防止隐私泄露的门禁认证方法。图1为本公开实施例1提供的防止隐私泄露的门禁认证方法的流程图。如图1所示,该门禁认证方法包括以下步骤(S101-S105):This embodiment provides an access control authentication method to prevent privacy leakage. FIG. 1 is a flowchart of an access control authentication method for preventing privacy leakage provided by Embodiment 1 of the present disclosure. As shown in Figure 1, this access control authentication method comprises the following steps (S101-S105):
S101、认证门禁从入住用户持有的安全设备中获取用户ID,判断用户ID是否为认证门禁对应的准入ID;如果是,则执行步骤S102。S101. The authentication access control obtains the user ID from the security device held by the occupant, and judges whether the user ID is the access ID corresponding to the authentication access control; if yes, execute step S102.
本实施例中,安全设备为具备安全芯片的设备,可以为具备安全芯片的智能终端(如智能手机、可穿戴设备)、身份证、智能卡或USB-Key等。安全芯片是可信任平台模块,是一个可独立进行密钥生成、加解密的装置,内部拥有独立的处理器和存储单元,可存储密钥和特征数据,为电脑提供加密和安全认证服务。用安全芯片进行加密,密钥被存储在硬件中,被窃的数据无法解密,从而保护商业隐私和数据安全。In this embodiment, the security device is a device with a security chip, which may be a smart terminal (such as a smart phone, a wearable device), an ID card, a smart card, or a USB-Key with a security chip. The security chip is a trusted platform module. It is a device that can independently generate keys, encrypt and decrypt. It has an independent processor and storage unit inside, which can store keys and feature data, and provide encryption and security authentication services for computers. Encrypted with a security chip, the key is stored in the hardware, and the stolen data cannot be decrypted, thereby protecting business privacy and data security.
其中,认证门禁与安全设备可以建立短距离通信连接,如NFC、蓝牙、4G、5G等通信方式,完成数据交互。Among them, authentication access control and security equipment can establish short-distance communication connections, such as NFC, Bluetooth, 4G, 5G and other communication methods, to complete data interaction.
作为本实施例中一种可选的实施方式,在认证门禁从用户持有的安全设备中获取用户ID之前,本实施例提供的门禁认证方法还包括:认证门禁与安全设备进行互相验证,且验证通过。由此,可以确保两个设备之间传输数据的安全性。As an optional implementation in this embodiment, before the authentication access control obtains the user ID from the security device held by the user, the access control authentication method provided in this embodiment further includes: the authentication access control and the security device perform mutual verification, and Verification passed. Thereby, the security of the data transmitted between the two devices can be ensured.
其中,用户ID可以为唯一标识用户身份的标识信息。如可以为用户的身份证号、用户设置的PIN码、安全设备的序列号等,以保证持有该安全设备的用户即为办理入住该门禁房间的客人本人。认证门禁从入住用户持有的安全设备中获取用户ID包括:认证门禁接收安全设备发送的用户ID。Wherein, the user ID may be identification information that uniquely identifies the identity of the user. For example, it can be the ID number of the user, the PIN code set by the user, the serial number of the security device, etc., to ensure that the user who holds the security device is the guest who checks into the access control room. Obtaining the user ID from the security device held by the user for authentication includes: receiving the user ID sent by the security device for the authentication access control.
在实际应用时,客人在酒店前台办理入住时,酒店前台终端可以获取到客人的用户ID,在对客人的身份验证通过后,为该客人分配客房,并将该用户ID作为客房的认证门禁对应的准入ID。作为本实施例中一种可选的实施方式,在认证门禁从用户持有的安全设备中获取用户ID之前,本实施例提供的门禁认证方法还包括:前台终端获取入住用户的ID,并将ID作为认证门禁对应的准入ID;可选的,前台终端获取入住用户的ID,包括:前台终端从入住用户持有的安全设备中获取用户的ID,作为准入ID,即接收安全设备发送的入住用户的ID;或者,在前台终端上输入用户的ID,前台终端接收输入的用户的ID。In actual application, when a guest checks in at the front desk of the hotel, the hotel front desk terminal can obtain the user ID of the guest, and after the identity verification of the guest is passed, the guest room will be allocated to the guest, and the user ID will be used as the authentication access control corresponding to the guest room The access ID. As an optional implementation in this embodiment, before the authentication access control obtains the user ID from the security device held by the user, the access control authentication method provided in this embodiment further includes: the front desk terminal obtains the ID of the user, and The ID is used as the access ID corresponding to the authentication access control; optionally, the front-end terminal obtains the ID of the check-in user, including: the front-end terminal obtains the user ID from the security device held by the check-in user as the access ID, that is, receives the ID sent by the security device or, input the user ID on the foreground terminal, and the foreground terminal receives the input user ID.
具体地,认证门禁判断用户ID是否为认证门禁对应的准入ID,包括:认证门禁从前台终端获取准入ID,并判断用户ID是否为认证门禁对应的准入ID;或者,认证门禁存储前台终端发送的准入ID,并判断用户ID是否为认证门禁对应的准入ID。对于前种判断方式,认证门禁可以实时地从前台终端获取准入ID,对于后种判断方式,前台终端在为客人分配客房时,即将准入ID发送至分配的客房对应的认证门禁,认证门禁将准入ID存储在本地,在进入客房前,安全设备与认证门禁进行通信交互,认证门禁从安全设备中读取到用户ID,进行比对,在比对一致后,则认证通过,从而保证该持有安全设备的用户为前台终端办理的客人本人,进而执行后续步骤。Specifically, the authentication access control judges whether the user ID is the access ID corresponding to the authentication access control, including: the authentication access control obtains the access ID from the front terminal, and judges whether the user ID is the corresponding access ID of the authentication access control; The access ID sent by the terminal, and judge whether the user ID is the access ID corresponding to the authentication access control. For the former judgment method, the authentication access control can obtain the access ID from the front desk terminal in real time. For the latter judgment method, when the front desk terminal allocates a room for the guest, it will send the access ID to the corresponding authentication access control of the assigned room, and the authentication access control The access ID is stored locally. Before entering the guest room, the security device communicates with the authentication access control. The authentication access control reads the user ID from the security device and compares it. After the comparison is consistent, the authentication passes, thus ensuring The user holding the security device is the guest himself who handles the front desk terminal, and then performs the subsequent steps.
S102、认证门禁采集入住用户的第一待验证生物识别信息。S102. The authentication access control collects the first biometric information to be verified of the resident user.
其中,第一待验证生物识别信息可以为人脸图像数据、声纹特征数据、指纹特征数据、虹膜特征数据等信息。第一待验证生物识别信息可以为图像数据也可以为视频数据,本实施例中不做限制。可选的,第一待验证生物识别信息可以包括一个或多个。例如,可以为人脸图像数据与指纹特征数据的组合识别信息,或者,可以采集不同表情的人脸图像数据。Wherein, the first biometric identification information to be verified may be face image data, voiceprint characteristic data, fingerprint characteristic data, iris characteristic data and other information. The first biometric identification information to be verified may be image data or video data, which is not limited in this embodiment. Optionally, the first biometric identification information to be verified may include one or more. For example, the identification information can be a combination of face image data and fingerprint feature data, or face image data with different expressions can be collected.
S103、认证门禁从安全设备中获取对第一用户生物识别信息进行计算得到的第一用户特征信息。S103. The authentication access control obtains the first user characteristic information obtained by calculating the biometric information of the first user from the security device.
作为本实施例中一种可选的实施方式,在认证门禁从安全设备中获取对第一用户生物识别信息进行计算得到的第一用户特征信息之前,本实施例提供的门禁认证方法还包括:安全设备预先存储第一用户特征信息。具体地,安全设备可以预先采集安全设备持有人的第一用户生物识别信息,如人脸图像数据、声纹特征数据、指纹特征数据、虹膜特征数据等信息,并采用本地预存的验证算法对第一用户生物识别信息进行计算得到第一用户特征信息,将第一用户特征信息存储在安全设备中。本公开中,安全设备不存储第一用户生物识别信息,仅存储第一用户特征信息,由于第一用户特征信息为一串字符,由此可以保证第一用户生物识别信息不被泄露,即保护用户隐私不被泄露。As an optional implementation in this embodiment, before the authentication access control acquires the first user characteristic information obtained by calculating the biometric information of the first user from the security device, the access control authentication method provided in this embodiment further includes: The security device pre-stores the first user feature information. Specifically, the security device can pre-collect the first user biometric information of the security device holder, such as face image data, voiceprint feature data, fingerprint feature data, iris feature data and other information, and use the locally pre-stored verification algorithm to verify The biometric information of the first user is calculated to obtain the characteristic information of the first user, and the characteristic information of the first user is stored in the security device. In this disclosure, the security device does not store the biometric information of the first user, but only the characteristic information of the first user. Since the characteristic information of the first user is a string of characters, it can ensure that the biometric information of the first user is not leaked, that is, to protect User privacy is not disclosed.
此外,作为一种可选的方式,安全设备中预存的用户生物特征信息可变,即用户可以随 时更新安全设备中预存的用户生物特征信息,如用户将采集人脸面部图像修改为采集指纹信息或声纹特征信息,安全设备重新根据本地预存的验证算法对重新采集到的用户生物识别信息进行计算得到新的第一用户特征信息。由此可以防止非法者截取到安全设备中存储的用户特征信息,保证存储的安全性。同时,由于用户生物特征信息可变,使用更新前的用户生物特征信息则验证无法通过,由此也可以防止认证门禁没有删除第一待验证生物识别信息,而擅自使用用户隐私,或者,当第一待验证生物识别信息被泄露后,也可以保证门禁认证无法通过,避免造成用户的损失。In addition, as an optional method, the user's biometric information pre-stored in the security device can be changed, that is, the user can update the user's biometric information pre-stored in the security device at any time, for example, the user changes the collection of facial images to the collection of fingerprint information or voiceprint feature information, the security device recalculates the re-collected user biometric information according to the locally pre-stored verification algorithm to obtain new first user feature information. In this way, unauthorized persons can be prevented from intercepting the user characteristic information stored in the security device, and the security of the storage can be ensured. At the same time, since the user's biometric information is variable, the verification cannot pass if the user's biometric information before the update is used. This can also prevent the authentication access control from using the user's privacy without deleting the first biometric information to be verified, or when the second Once the verified biometric information is leaked, it can also ensure that the access control authentication cannot pass, avoiding the loss of users.
而且,认证门禁本地或系统后台无需预先存储第一用户生物识别信息以及第一用户特征信息,在需要认证时,认证门禁从安全设备中获取第一用户特征信息,一方面可以保证第一用户生物识别信息不会被酒店门禁泄露,保护用户隐私不被泄露,另一方面还可以使得认证门禁的操作更简便,对于遍布全国各地甚至全世界的酒店而言,无需提前预存客人的生物特征信息,任何客人均可以进行门禁认证。Moreover, the authentication access control does not need to pre-store the first user biometric information and the first user characteristic information locally or in the system background. When authentication is required, the authentication access control obtains the first user characteristic information from the security device. On the one hand, it can ensure that the first user biometric Identification information will not be leaked by hotel access control, protecting user privacy from being leaked. On the other hand, it can also make the operation of authentication access control easier. For hotels all over the country and even the world, there is no need to pre-store guests’ biometric information in advance. Any guest can perform access control authentication.
S104、认证门禁获取第一验证算法,利用第一验证算法对第一待验证生物识别信息进行计算得到第一待验证特征信息。S104. The authentication access control acquires a first verification algorithm, and uses the first verification algorithm to calculate the first biometric identification information to be verified to obtain first feature information to be verified.
作为本实施例中一种可选的实施方式,认证门禁获取第一验证算法,包括以下三种方式:As an optional implementation in this embodiment, the authentication access control obtains the first verification algorithm, including the following three methods:
方式一、认证门禁根据从安全设备中获取的第一验证算法的标识从本地获取与第一验证算法的标识对应的验证算法;或者,Method 1: The authentication access control obtains the verification algorithm corresponding to the first verification algorithm identification from the local according to the identification of the first verification algorithm obtained from the security device; or,
方式二、认证门禁根据第一验证算法的标识从后台获取与第一验证算法的标识对应的验证算法;或者,Method 2: The authentication access control obtains the verification algorithm corresponding to the identification of the first verification algorithm from the background according to the identification of the first verification algorithm; or,
方式三、认证门禁从安全设备中获取第一验证算法。Method 3: The authentication access control obtains the first authentication algorithm from the security device.
在上述方式一和方式二中,在认证门禁获取第一验证算法之前,本实施例提供的方法还包括:认证门禁从安全设备中获取第一验证算法的标识。如果本地预存有与第一验证算法的标识对应的算法,则可以本地获取,如果本地没有预存,则可以从后台获取与第一验证算法的标识对应的验证算法。其中,第一验证算法可以为哈希算法、加密算法等算法,通过第一验证算法计算得到的生物特征信息(如第一用户特征信息和第一待验证特征信息)为不可逆数据,即无法再得到生物识别信息。In the above method 1 and method 2, before the authentication access control obtains the first verification algorithm, the method provided in this embodiment further includes: the authentication access control obtains the identifier of the first verification algorithm from the security device. If the algorithm corresponding to the identifier of the first verification algorithm is pre-stored locally, it can be obtained locally; if not pre-stored locally, the verification algorithm corresponding to the identifier of the first verification algorithm can be obtained from the background. Wherein, the first verification algorithm can be a hash algorithm, an encryption algorithm and other algorithms, and the biometric information (such as the first user characteristic information and the first characteristic information to be verified) calculated by the first verification algorithm is irreversible data, that is, it cannot be Get biometric information.
通过上述3种方式,可以保证认证门禁计算得到第一待验证特征信息采用的第一验证算法与安全设备采用的本地预存的验证算法一致。Through the above three methods, it can be ensured that the first verification algorithm adopted by the authentication access control calculation to obtain the first feature information to be verified is consistent with the locally pre-stored verification algorithm adopted by the security device.
S105、认证门禁在本地比对第一待验证特征信息和第一用户特征信息,并在比对一致后,确定认证通过,执行开门操作,并删除本地存储的第一待验证生物识别信息。S105. The authentication access control locally compares the first feature information to be verified with the first user feature information, and after the comparison is consistent, determines that the authentication is passed, performs the door opening operation, and deletes the locally stored first biometric information to be verified.
通过生物特征比对,可以确保认证门禁验证通过的客人即为持有安全设备的客人本人。Through biometric comparison, it can be ensured that the guest who has passed the verification of the authentication access control is the guest who holds the security device.
作为本实施例中一种可选的实施方式,本实施例提供的门禁认证方法还包括:认证门禁删除本地存储的第一待验证特征信息和第一用户特征信息。As an optional implementation manner in this embodiment, the access control authentication method provided in this embodiment further includes: authenticating the access control and deleting the locally stored first feature information to be verified and the first user feature information.
认证门禁本地或系统后台不存储任何生物识别信息和计算得到的特征信息,即不存储第一待验证生物识别信息、第一待验证特征信息和第一用户特征信息。在需要认证时,认证门禁从安全设备中获取第一用户特征信息,并与当前采集到的住客的第一待验证特征信息进行比对,一方面可以保证第一用户生物识别信息不会被酒店门禁泄露,保护用户隐私不被泄露,另一方面还可以使得认证门禁的操作更简便,对于遍布全国各地甚至全世界的酒店而言,无需提前预存客人的生物特征信息,任何客人均可以进行门禁认证。The authentication access control local or system background does not store any biometric information and calculated feature information, that is, does not store the first biometric information to be verified, the first feature information to be verified, and the first user feature information. When authentication is required, the authentication access control obtains the first user characteristic information from the security device, and compares it with the first characteristic information of the currently collected residents to be verified. On the one hand, it can ensure that the first user's biometric information will not be The hotel access control is leaked, protecting user privacy from being leaked. On the other hand, it can also make the operation of the authentication access control easier. For hotels all over the country or even the world, there is no need to pre-store the guest's biometric information in advance, and any guest can perform Access control authentication.
在步骤S101中,作为本实施例中一种可选的实施方式,在前台终端获取入住用户的ID之前,本实施例提供的门禁认证方法还包括:前台终端采集入住用户的第二待验证生物识别信息;前台终端从入住用户持有的安全设备中获取对第二用户生物识别信息进行计算得到第二用户特征信息;前台终端获取第二验证算法,利用第二验证算法对入住用户的第二待验证生物识别信息进行计算得到第二待验证特征信息;前台终端在本地比对第二待验证特征信息和第二用户特征信息,并在比对一致后,确定认证通过,删除本地存储的入住用户的第二待验证生物识别信息,并执行前台终端获取入住用户的ID的步骤。在该可选实施方式中,前台终端采用与上述步骤S102-步骤S105相同的方式采集客人的第二待验证生物识别信息,从安全设备中获取第二用户特征信息,并获取第二验证算法计算得到第二待验证特征信息,将第二待验证特征信息和第二用户特征信息比对,具体细节此处不再赘述,详细内容可以参见上文中的相关描述。本公开中“第一”与“第二”表示两次获取到的同类信息,如第一待验证生物识别信息和第二待验证生物识别信息分别表示认证门禁采集到的待验证生物识别信息和前台终端采集到的待验证生物识别信息,两者没有直接关联,“第一”与“第二”信息可以相同也可以不同。此外,文中还出现了第一用户生物识别信息与第二用户生物识别信息、第一用户特征信息与第二用户特征信息以及第一验证算法与第二验证算法,理解均如上所述。In step S101, as an optional implementation in this embodiment, before the foreground terminal acquires the ID of the check-in user, the access control authentication method provided in this embodiment further includes: the foreground terminal collects the second biometric to be verified of the check-in user identification information; the front desk terminal obtains the second user's biometric information from the security device held by the check-in user and calculates the second user characteristic information; the front desk terminal obtains the second verification algorithm, and uses the second verification algorithm to verify the second user's The biometric information to be verified is calculated to obtain the second characteristic information to be verified; the front desk terminal compares the second characteristic information to be verified with the second user characteristic information locally, and after the comparison is consistent, it determines that the authentication is passed, and deletes the locally stored check-in information. The user's second biometric identification information to be verified, and the step of obtaining the ID of the user at the front desk is executed. In this optional implementation, the front desk terminal collects the guest's second biometric identification information to be verified in the same manner as the above step S102-step S105, obtains the second user characteristic information from the security device, and obtains the second verification algorithm calculation The second feature information to be verified is obtained, and the second feature information to be verified is compared with the second user feature information. The specific details are not repeated here, and details can be found in the relevant description above. In this disclosure, "first" and "second" refer to the same type of information obtained twice, for example, the first biometric information to be verified and the second biometric information to be verified respectively represent the biometric information to be verified and the biometric information to be verified collected by the authentication access control. The biometric information to be verified collected by the front-end terminal is not directly related, and the "first" and "second" information can be the same or different. In addition, the first user biometric information and the second user biometric information, the first user characteristic information and the second user characteristic information, and the first verification algorithm and the second verification algorithm also appear in the text, which should be understood as above.
作为本实施例中一种可选的实施方式,前台终端获取第二验证算法,包括:前台终端根据从安全设备中获取的第二验证算法的标识从本地获取与第二验证算法的标识对应的验证算法;或者,前台终端根据第二验证算法的标识从后台获取与第二验证算法的标识对应的验证算法;或者,前台终端从安全设备中获取第二验证算法。As an optional implementation manner in this embodiment, the acquisition of the second verification algorithm by the foreground terminal includes: the foreground terminal obtains locally the ID corresponding to the identification of the second verification algorithm according to the identification of the second verification algorithm obtained from the security device. A verification algorithm; or, the foreground terminal obtains the verification algorithm corresponding to the identification of the second verification algorithm from the background according to the identification of the second verification algorithm; or, the foreground terminal obtains the second verification algorithm from the security device.
作为本实施例中一种可选的实施方式,前台终端删除本地存储的第二待验证特征信息和第二用户特征信息。As an optional implementation manner in this embodiment, the foreground terminal deletes the locally stored second characteristic information to be verified and the second user characteristic information.
本实施例中,前台终端本地或系统后台也不存储任何生物识别信息和计算得到的特征信 息,即不存储第二待验证生物识别信息、第二待验证特征信息和第二用户特征信息。在需要认证时,前台终端从安全设备中获取第二用户特征信息,并与当前采集到的住客的第二待验证特征信息进行比对,一方面可以保证第二用户生物识别信息不会被酒店前台泄露,保护用户隐私不被泄露,另一方面还可以使得前台终端的操作更简便,对于遍布全国各地甚至全世界的酒店而言,无需提前预存客人的生物特征信息,任何客人均可以进行入住登记认证。In this embodiment, the foreground terminal or the system background does not store any biometric information and calculated feature information, that is, does not store the second biometric information to be verified, the second feature information to be verified, and the second user feature information. When authentication is required, the front-end terminal obtains the second user’s characteristic information from the security device, and compares it with the currently collected guest’s second to-be-verified characteristic information. On the one hand, it can ensure that the second user’s biometric information will not be The front desk of the hotel is leaked to protect the privacy of users from being leaked. On the other hand, it can also make the operation of the front desk terminal easier. For hotels all over the country and even the world, there is no need to pre-store the biometric information of the guests in advance, and any guest can perform Check-in verification.
通过本公开提供的防止隐私泄露的门禁认证方法,认证门禁本地、前台终端本地或系统后台不存储任何生物识别信息和计算得到的特征信息,即不存储第一待验证生物识别信息、第一待验证特征信息和第一用户特征信息。用户的安全设备中也只存储用户生物识别信息对应的用户特征信息而非用户生物识别信息本身。在需要认证时,认证门禁直接从安全设备中获取用户特征信息,并与当前采集到的住客的待验证特征信息进行比对,在认证结束后,认证门禁删除获取到的生物识别信息,从而在整个流程中保证认证门禁和安全设备均不留存生物识别信息。一方面可以保证用户生物识别信息不会被酒店门禁泄露,保护用户隐私不被泄露,另一方面还可以使得认证门禁的操作更简便,对于遍布全国各地甚至全世界的酒店而言,无需提前预存客人的生物特征信息,任何客人均可以进行门禁认证。此外,通过生物特征比对,可以确保认证门禁验证通过的客人即为持有安全设备的客人本人。由于该认证门禁无需向后台发送生物识别信息进行比对,认证门禁在本地可以完成所有认证过程,使得该认证设备可以在脱机的情形下使用,进一步提高认证设备使用的便捷性。Through the access control authentication method provided by this disclosure to prevent privacy leakage, the authentication access control local, front-end terminal local or system background does not store any biometric information and calculated feature information, that is, does not store the first biometric information to be verified, the first biometric information to be verified The characteristic information and the characteristic information of the first user are verified. Only the user characteristic information corresponding to the user's biometric information is stored in the user's security device instead of the user's biometric information itself. When authentication is required, the authentication access control directly obtains the user's characteristic information from the security device, and compares it with the currently collected guest's characteristic information to be verified. After the authentication is completed, the authentication access control deletes the acquired biometric information, thereby Ensure that no biometric information is retained on authenticated access control and security devices throughout the process. On the one hand, it can ensure that the user's biometric information will not be leaked by the hotel access control, protecting user privacy from being leaked. On the other hand, it can also make the operation of the authentication access control easier. For hotels all over the country and even the world, there is no need to pre-store With the guest's biometric information, any guest can perform access control authentication. In addition, through biometric comparison, it can be ensured that the guest who has passed the verification of the authentication access control is the guest who holds the security device. Since the authentication access control does not need to send biometric information to the background for comparison, the authentication access control can complete all the authentication processes locally, so that the authentication device can be used offline, further improving the convenience of using the authentication device.
实施例2Example 2
本实施例提供了一种防止隐私泄露的门禁认证系统和一种防止隐私泄露的门禁认证装置。该门禁认证系统和门禁认证装置可以实施实施例1中提供的门禁认证方法。本实施例仅对该门禁认证系统和门禁认证装置的结构做简要描述,其他未尽事宜请参见实施例1中的描述。图2为本实施例提供的防止隐私泄露的门禁认证装置的结构示意图。图3至图5分别为本实施例提供的防止隐私泄露的门禁认证系统的结构示意图。This embodiment provides an access control authentication system for preventing privacy leakage and an access control authentication device for preventing privacy leakage. The access control authentication system and access control authentication device can implement the access control authentication method provided in Embodiment 1. This embodiment only briefly describes the structure of the access control authentication system and the access control authentication device. For other unfinished matters, please refer to the description in Embodiment 1. FIG. 2 is a schematic structural diagram of an access control authentication device for preventing privacy leakage provided by this embodiment. FIG. 3 to FIG. 5 are schematic structural diagrams of the access control authentication system for preventing privacy leakage provided by this embodiment.
如图2所示,本实施例提供的防止隐私泄露的门禁装置,包括:As shown in Figure 2, the access control device for preventing privacy leakage provided by this embodiment includes:
判断模块,用于从入住用户持有的安全设备中获取用户ID,判断用户ID是否为认证门禁对应的准入ID;如果是,则触发采集模块采集入住用户的第一待验证生物识别信息;Judgment module, used to obtain the user ID from the security device held by the user, and judge whether the user ID is the access ID corresponding to the authentication access control; if so, trigger the collection module to collect the first biometric information to be verified of the user;
采集模块,用于采集入住用户的第一待验证生物识别信息;The collection module is used to collect the first biometric information to be verified of the user;
获取模块,用于从安全设备中获取对第一用户生物识别信息进行计算得到的第一用户特征信息;An acquisition module, configured to acquire the first user characteristic information obtained by calculating the first user's biometric information from the security device;
计算模块,用于获取第一验证算法,利用第一验证算法对第一待验证生物识别信息进行计算得到第一待验证特征信息;The calculation module is used to obtain the first verification algorithm, and use the first verification algorithm to calculate the first biometric information to be verified to obtain the first characteristic information to be verified;
处理模块,用于在本地比对第一待验证特征信息和第一用户特征信息,并在比对一致后,确定认证通过,执行开门操作,并删除本地存储的待验证生物识别信息。The processing module is used to locally compare the first feature information to be verified with the first user feature information, and after the comparison is consistent, determine that the authentication is passed, perform the door opening operation, and delete the locally stored biometric information to be verified.
作为本实施例中一种可选的实施方式,获取模块通过以下方式获取第一验证算法:As an optional implementation in this embodiment, the acquisition module acquires the first verification algorithm in the following manner:
根据从安全设备中获取的第一验证算法的标识从本地获取与第一验证算法的标识对应的验证算法;或者,认证门禁根据第一验证算法的标识从后台获取与第一验证算法的标识对应的验证算法;或者,从安全设备中获取第一验证算法。According to the identification of the first verification algorithm obtained from the security device, the verification algorithm corresponding to the identification of the first verification algorithm is obtained locally; or, the authentication access control obtains the identification corresponding to the first verification algorithm from the background according to the identification of the first verification algorithm the verification algorithm; or, obtain the first verification algorithm from the security device.
作为本实施例中一种可选的实施方式,处理模块,还用于删除本地存储的第一待验证特征信息和第一用户特征信息。As an optional implementation manner in this embodiment, the processing module is further configured to delete the locally stored first feature information to be verified and the first user feature information.
如图3所示,本实施例提供的防止隐私泄露的门禁认证系统包括:防止隐私泄露的门禁装置和安全设备;其中:安全设备,用于向认证门禁发送用户ID;安全设备,还用于向认证门禁发送对第一用户生物识别信息进行计算得到的第一用户特征信息。As shown in Figure 3, the access control authentication system for preventing privacy leakage provided by this embodiment includes: an access control device and a safety device for preventing privacy leakage; wherein: the safety device is used to send a user ID to the authentication access control; the safety device is also used for Sending the first user characteristic information obtained by calculating the biometric information of the first user to the authentication access control.
如图4所示,本实施例提供的防止隐私泄露的门禁认证系统包括:防止隐私泄露的门禁装置和前台终端;其中:前台终端,用于获取入住用户的ID,并将ID作为认证门禁对应的准入ID;认证门禁的判断模块,用于判断用户ID是否为认证门禁对应的准入ID,包括:认证门禁的判断模块从前台终端获取准入ID,并判断用户ID是否为认证门禁对应的准入ID;或者,认证门禁的判断模块存储前台终端发送的准入ID,并判断用户ID是否为认证门禁对应的准入ID。As shown in Figure 4, the access control authentication system for preventing privacy leakage provided by this embodiment includes: an access control device and a front terminal for preventing privacy leakage; The access ID of the authentication access control; the judgment module of the authentication access control is used to judge whether the user ID is the access ID corresponding to the authentication access control, including: the authentication access control judgment module obtains the access ID from the front terminal, and judges whether the user ID corresponds to the authentication access control or, the judging module of the authentication access control stores the access ID sent by the foreground terminal, and judges whether the user ID is the corresponding access ID of the authentication access control.
如图5所示,本实施例提供的防止隐私泄露的门禁认证系统包括:如上所述的防止隐私泄露的门禁装置、安全设备和前台终端。其中,安全设备和前台终端分别执行上文中图3和图4相关部分描述中的功能,此处不再赘述。As shown in FIG. 5 , the access control authentication system for preventing privacy leakage provided in this embodiment includes: the above-mentioned access control device for preventing privacy leakage, security equipment, and a front terminal. Wherein, the security device and the foreground terminal respectively perform the functions described in the relevant parts of FIG. 3 and FIG. 4 above, which will not be repeated here.
上述本实施例提供的防止隐私泄露的门禁认证系统中,作为本实施例中的一种可选实施方式,前台终端,还用于在获取入住用户的ID之前,采集入住用户的第二待验证生物识别信息;从入住用户持有的安全设备中获取对第二用户生物识别信息进行计算得到第二用户特征信息;获取第二验证算法,利用第二验证算法对入住用户的第二待验证生物识别信息进行计算得到第二待验证特征信息;在本地比对第二待验证特征信息和第二用户特征信息,并在比对一致后,确定认证通过,删除本地存储的入住用户的第二待验证生物识别信息,并执行前台终端获取入住用户的ID的操作。In the above-mentioned access control authentication system for preventing privacy leakage provided by this embodiment, as an optional implementation in this embodiment, the front desk terminal is also used to collect the second verification ID of the user before obtaining the ID of the user. Biometric information; obtain the second user's biometric information from the security device held by the resident user and calculate the second user's characteristic information; obtain the second verification algorithm, and use the second verification algorithm to verify the second biometric information of the resident user to be verified. The identification information is calculated to obtain the second feature information to be verified; the second feature information to be verified and the second user feature information are compared locally, and after the comparison is consistent, it is determined that the authentication is passed, and the second pending user's locally stored information is deleted. Verify the biometric information, and execute the operation that the front desk terminal obtains the ID of the check-in user.
上述本实施例提供的防止隐私泄露的门禁认证系统中,作为本实施例中的一种可选实施方式,前台终端通过以下方式获取第二验证算法:前台终端根据从安全设备中获取的第二 验证算法的标识从本地获取与第二验证算法的标识对应的验证算法;或者,前台终端根据第二验证算法的标识从后台获取与第二验证算法的标识对应的验证算法;或者,前台终端从安全设备中获取第二验证算法。In the above-mentioned access control authentication system for preventing privacy leakage provided by this embodiment, as an optional implementation in this embodiment, the foreground terminal obtains the second verification algorithm in the following manner: the foreground terminal obtains the second verification algorithm according to the second verification algorithm obtained from the security device The identification of the verification algorithm obtains the verification algorithm corresponding to the identification of the second verification algorithm locally; or, the foreground terminal obtains the verification algorithm corresponding to the identification of the second verification algorithm from the background according to the identification of the second verification algorithm; or, the front terminal obtains the verification algorithm corresponding to the identification of the second verification algorithm from the background; The second verification algorithm is obtained from the security device.
上述本实施例提供的防止隐私泄露的门禁认证系统中,作为本实施例中的一种可选实施方式,前台终端,还用于删除本地存储的第二待验证特征信息和第二用户特征信息。In the above-mentioned access control authentication system for preventing privacy leakage provided by this embodiment, as an optional implementation in this embodiment, the foreground terminal is also used to delete the locally stored second characteristic information to be verified and the second user characteristic information .
通过本公开提供的防止隐私泄露的门禁认证装置及系统,认证门禁本地、前台终端本地或系统后台不存储任何生物识别信息和计算得到的特征信息,即不存储第一待验证生物识别信息、第一待验证特征信息和第一用户特征信息。用户的安全设备中也只存储用户生物识别信息对应的用户特征信息而非用户生物识别信息本身。在需要认证时,认证门禁直接从安全设备中获取用户特征信息,并与当前采集到的住客的待验证特征信息进行比对,在认证结束后,认证门禁删除获取到的生物识别信息,从而在整个流程中保证认证门禁和安全设备均不留存生物识别信息。一方面可以保证用户生物识别信息不会被酒店门禁泄露,保护用户隐私不被泄露,另一方面还可以使得认证门禁的操作更简便,对于遍布全国各地甚至全世界的酒店而言,无需提前预存客人的生物特征信息,任何客人均可以进行门禁认证。此外,通过生物特征比对,可以确保认证门禁验证通过的客人即为持有安全设备的客人本人。由于该认证门禁无需向后台发送生物识别信息进行比对,认证门禁在本地可以完成所有认证过程,使得该认证设备可以在脱机的情形下使用,进一步提高认证设备使用的便捷性。Through the access control authentication device and system for preventing privacy leakage provided by this disclosure, no biometric information and calculated characteristic information will be stored in the local authentication access control, the front terminal local or the system background, that is, the first biometric information to be verified, the second Feature information to be verified and feature information of the first user. Only the user characteristic information corresponding to the user's biometric information is stored in the user's security device instead of the user's biometric information itself. When authentication is required, the authentication access control directly obtains the user's characteristic information from the security device, and compares it with the currently collected guest's characteristic information to be verified. After the authentication is completed, the authentication access control deletes the acquired biometric information, thereby Ensure that no biometric information is retained on authenticated access control and security devices throughout the process. On the one hand, it can ensure that the user's biometric information will not be leaked by the hotel access control, protecting user privacy from being leaked. On the other hand, it can also make the operation of the authentication access control easier. For hotels all over the country and even the world, there is no need to pre-store With the guest's biometric information, any guest can perform access control authentication. In addition, through biometric comparison, it can be ensured that the guest who has passed the verification of the authentication access control is the guest who holds the security device. Since the authentication access control does not need to send biometric information to the background for comparison, the authentication access control can complete all the authentication processes locally, so that the authentication device can be used offline, further improving the convenience of using the authentication device.
实施例3Example 3
本实施例提供一种可脱机隐私防泄露认证方法,如图6所示,包括:This embodiment provides an offline privacy leak prevention authentication method, as shown in Figure 6, including:
步骤S201,认证设备采集待验证生物识别信息。具体来说,生物识别信息可以是人脸、指纹、虹膜、掌纹等信息,认证设备利用对应的设备采集相应的生物识别信息。In step S201, the authentication device collects biometric information to be verified. Specifically, the biometric information may be face, fingerprint, iris, palmprint and other information, and the authentication device uses the corresponding device to collect the corresponding biometric information.
步骤S202,认证设备从用户持有的安全设备中获取对用户生物识别信息进行计算得到的用户特征信息。具体来说,一个用户可以持有一个安全设备,该安全设备可以唯一的标识用户本身。该安全设备可以具有USBkey的功能,该安全设备中可以设置有安全芯片,以保证安全设备内存储的安全性。用户利用自己的安全设备预先获取对自己的生物识别信息进行计算得到的特征信息,例如,用户在激活使用该安全设备后,通过安全设备自身或其他外部的设备采集该用户的人脸信息,利用预先设定的算法对用户的人脸信息进行计算得到一个特征值,安全设备将该人脸信息的特征值存储起来,并删除采集到的人脸信息。可见,安全设备中仅存储用户生物识别信息的特征信息而不存储生物识别信息本身,可以进 一步保证生物识别信息不会被泄露。在本步骤中,当认证设备需要获取用于比对的用户特征信息时,可以向安全设备发送请求用户特征信息的请求,安全设备接收到请求后,向该认证设备发送用户特征信息。In step S202, the authentication device acquires user characteristic information calculated from the user's biometric identification information from the security device held by the user. Specifically, a user can hold a security device, which can uniquely identify the user itself. The security device may have the function of a USB key, and a security chip may be provided in the security device to ensure the security of storage in the security device. Users use their own security devices to pre-acquire feature information obtained by calculating their own biometric information. For example, after a user activates the security device, he collects the user's face information through the security device itself or other external devices, and uses The preset algorithm calculates the user's face information to obtain a feature value, and the security device stores the feature value of the face information and deletes the collected face information. It can be seen that only the characteristic information of the user's biometric information is stored in the security device without storing the biometric information itself, which can further ensure that the biometric information will not be leaked. In this step, when the authentication device needs to obtain user characteristic information for comparison, it may send a request for user characteristic information to the security device, and after receiving the request, the security device sends the user characteristic information to the authentication device.
步骤S203,认证设备获取验证算法,利用验证算法对待验证生物识别信息进行计算得到待验证特征信息。具体来说,该验证算法与之前安全设备用于计算出用户特征信息的算法一致,以方便待验证信息和用户特征信息的比对。In step S203, the authentication device acquires a verification algorithm, and uses the verification algorithm to calculate the biometric information to be verified to obtain feature information to be verified. Specifically, the verification algorithm is consistent with the algorithm used by the previous security device to calculate the user characteristic information, so as to facilitate the comparison between the information to be verified and the user characteristic information.
在一个可选的实施方式中,认证设备从安全设备中获取验证算法的标识后,通过该验证算法的标识获取到对应的算法。具体来说,认证设备可以根据标识从本地获取与标识对应的验证算法;或者认证设备可以根据标识从后台获取与标识对应的验证算法。In an optional implementation manner, after the authentication device obtains the identification of the verification algorithm from the security device, the corresponding algorithm is obtained through the identification of the verification algorithm. Specifically, the authentication device may locally obtain the verification algorithm corresponding to the identifier according to the identifier; or the authentication device may obtain the verification algorithm corresponding to the identifier from the background according to the identifier.
在一个可选的实施方式中,认证设备还可以直接从安全设备中获取验证算法。安全设备中预先存储之前计算用户特征信息所使用的验证算法,在向认证设备发送用户特征的同时发送该验证算法;也可以在认证设备需要使用时,向安全设备发送该该验证算法的请求,安全设备再将该验证算法发给该认证设备。通过将验证算法保存在安全设备中,可以进一步保证数据的安全性。In an optional implementation manner, the authentication device may also directly obtain the verification algorithm from the security device. The verification algorithm used to calculate the user characteristic information is pre-stored in the security device, and the verification algorithm is sent to the authentication device at the same time as the user characteristic; it is also possible to send a request for the verification algorithm to the security device when the authentication device needs to use it. The security device then sends the verification algorithm to the authentication device. Data security can be further ensured by storing the verification algorithm in a secure device.
步骤S204,认证设备在本地比对待验证特征信息和用户特征信息,并在比对一致后,确定认证通过。具体来说,如果当前的待验证生物识别信息确实是是用户本人的生物识别信息,则利用待验证生物识别信息计算得到的待验证特征信息应当与安全设备发送的用户特征信息一致,即可以通过认证。In step S204, the authentication device locally compares the feature information to be verified with the user feature information, and determines that the authentication is passed after the comparison is consistent. Specifically, if the current biometric information to be verified is indeed the user's own biometric information, the characteristic information to be verified calculated by using the biometric information to be verified should be consistent with the user characteristic information sent by the security device, that is, it can be passed certified.
步骤S205,认证设备在认证通过后,删除本地存储的待验证生物识别信息。具体来说,为了防止待验证生物识别信息的泄露,认证设备在认证通过后,应当立即删除该待验证的生物识别信息。在一个可选的实施方式中,认证设备还应当删除本地存储的待验证特征信息和用户特征信息,进一步保证生物识别信息不被泄露。In step S205, the authentication device deletes the locally stored biometric information to be verified after passing the authentication. Specifically, in order to prevent the leakage of the biometric information to be verified, the authentication device should immediately delete the biometric information to be verified after passing the authentication. In an optional implementation manner, the authentication device should also delete the locally stored feature information to be verified and user feature information to further ensure that the biometric information is not leaked.
通过本公开的可脱机隐私防泄露认证方法,认证设备无需将采集到的待验证生物识别信息上传到后台服务器或者其他服务器进行验证,用户也不需要将用于比对验证的用户特征信息留存备份在后台服务器中,甚至用户的安全设备中也只存储用户生物识别信息对应的用户特征信息而非用户生物识别信息本身。当需要进行验证时,认证设备直接从用户持有的安全设备中获取用户特征信息,在认证结束后,认证设备删除获取到的生物识别信息,从而在整个流程中保证认证设备和安全设备均不留存生物识别信息。此外,由于该认证设备无需向后台发送生物识别信息进行比对,认证设备在本地可以完成所有认证过程,使得该认证设备可以在脱机的情形下使用,进一步提高认证设备使用的便捷性。With the offline privacy-prevention authentication method of the present disclosure, the authentication device does not need to upload the collected biometric information to be verified to the background server or other servers for verification, and the user does not need to save the user characteristic information used for comparison and verification. The backup is in the background server, and even the user's security device only stores the user's characteristic information corresponding to the user's biometric information instead of the user's biometric information itself. When verification is required, the authentication device directly obtains the user's characteristic information from the security device held by the user. Save biometric information. In addition, since the authentication device does not need to send biometric information to the background for comparison, the authentication device can complete all authentication processes locally, so that the authentication device can be used offline, further improving the convenience of using the authentication device.
在本公开的一个可选实施方式中,在认证设备从用户持有的安全设备中获取对用户生物识别信息进行计算得到的用户特征信息之前,还包括:步骤S201a,认证设备与安全设备进行互相验证,且验证通过。具体来说,该步骤可以在认证设备获取用户特征信息的步骤之前完成,也可以在认证设备采集待验证生物识别信息的步骤之前完成。通过认证设备和安全设备进行相互验证,可以进一步验证认证设备和安全设备各自的真伪,防止信息的泄露。In an optional implementation manner of the present disclosure, before the authentication device obtains the user characteristic information obtained by calculating the user's biometric information from the security device held by the user, it further includes: step S201a, the authentication device and the security device communicate with each other Verification, and verification passed. Specifically, this step can be completed before the step of the authentication device acquiring user characteristic information, or before the step of the authentication device acquiring biometric information to be verified. Through the mutual verification of the authentication device and the security device, the authenticity of the authentication device and the security device can be further verified to prevent information leakage.
在本公开的一个可选实施方式中,待验证生物识别信息包括:第一待验证生物识别信息和第二待验证生物识别信息,第一待验证生物识别信息为特定生物识别信息,第二待验证生物识别信息为自定义生物识别信息。具体来说,当待验证生物识别信息包括两种生物识别信息时,用户持有的安全设备中也应当预存两种生物识别信息的用户特征信息。举例来说,该第一待验证生物识别信息可以是标准的人脸信息,而该第二待验证生物识别信息可以带表情的人脸信息或者其他如指纹等生物信息。该第二待验证生物识别信息可以是用户随时自定义的,用户可以在某次认证选择增加该自定义生物识别信息的认证,也可以选择不增加该自定义生物识别信息的认证,且用户可以变更自定义生物识别信息的类型,以增加验证的可靠性。In an optional embodiment of the present disclosure, the biometric information to be verified includes: first biometric information to be verified and second biometric information to be verified, the first biometric information to be verified is specific biometric information, and the second biometric information to be verified Verify biometrics as custom biometrics. Specifically, when the biometric information to be verified includes two types of biometric information, the user characteristic information of the two types of biometric information should also be pre-stored in the security device held by the user. For example, the first biometric information to be verified may be standard facial information, and the second biometric information to be verified may be facial information with expressions or other biometric information such as fingerprints. The second biometric information to be verified can be customized by the user at any time. The user can choose to add the authentication of the customized biometric information in a certain authentication, or choose not to increase the authentication of the customized biometric information, and the user can Change the type of custom biometrics to increase the reliability of verification.
在本公开的一个可选实施方式中,认证设备判断待验证生物识别信息是否为预设信息,如果为预设信息,则执行第一预设操作。具体来说,该预设信息预设为特定的表情信息,例如,可以是连续多次眨眼、双眼轮流眨眼、连续多次点头等信息,通过判断预设信息,可以设置预设信息对应的操作。例如,可以将双眼轮流眨眼三次约定为用户遇到紧急情况的警示动作,当认证设备检测到用户的该面部表情时,可以立即执行报警操作。In an optional implementation manner of the present disclosure, the authentication device judges whether the biometric information to be verified is preset information, and if it is preset information, performs a first preset operation. Specifically, the preset information is preset as specific facial expression information, for example, it can be information such as blinking multiple times in a row, blinking in turn, nodding multiple times in a row, etc. By judging the preset information, you can set the operation corresponding to the preset information . For example, blinking three times in turn can be agreed as a warning action for the user to encounter an emergency, and when the authentication device detects the facial expression of the user, the alarm operation can be performed immediately.
在本公开的一个可选实施方式中,认证设备在认证通过后执行第二预设操作。具体来说,认证设备可以是一个支付设备,上述步骤可以是支付流程中的验证步骤,在完成认证之后,可以执行后续的支付操作。In an optional implementation manner of the present disclosure, the authentication device performs a second preset operation after passing the authentication. Specifically, the authentication device may be a payment device, the above steps may be verification steps in the payment process, and subsequent payment operations may be performed after the authentication is completed.
本实施例还提供实现上述方法流程的可脱机隐私防泄露认证系统,如图7所示,包括认证设备和用户持有的安全设备。This embodiment also provides an offline privacy and anti-disclosure authentication system that implements the above method flow, as shown in FIG. 7 , including an authentication device and a security device held by a user.
安全设备,用于预存对用户生物识别信息进行计算得到的用户特征信息;具体来说,一个用户可以持有一个安全设备,该安全设备可以唯一的标识用户本身。该安全设备可以具有USBkey的功能,该安全设备中可以设置有安全芯片,以保证安全设备内存储的安全性。用户利用自己的安全设备预先获取对自己的生物识别信息进行计算得到的特征信息,例如,用户在激活使用该安全设备后,通过安全设备自身或其他外部的设备采集该用户的人脸信 息,利用预先设定的算法对用户的人脸信息进行计算得到一个特征值,安全设备将该人脸信息的特征值存储起来,并删除采集到的人脸信息。可见,安全设备中仅存储用户生物识别信息的特征信息而不存储生物识别信息本身,可以进一步保证生物识别信息不会被泄露。The security device is used to pre-store user characteristic information obtained by calculating the user's biometric information; specifically, a user can hold a security device, which can uniquely identify the user itself. The security device may have the function of a USB key, and a security chip may be provided in the security device to ensure the security of storage in the security device. Users use their own security devices to pre-acquire feature information obtained by calculating their own biometric information. For example, after a user activates the security device, he collects the user's face information through the security device itself or other external devices, and uses The preset algorithm calculates the user's face information to obtain a feature value, and the security device stores the feature value of the face information and deletes the collected face information. It can be seen that only the characteristic information of the user's biometric identification information is stored in the security device without storing the biometric information itself, which can further ensure that the biometric information will not be leaked.
认证设备,用于采集待验证生物识别信息,并从安全设备中获取用户特征信息;具体来说,当认证设备需要获取用于比对的用户特征信息时,可以向安全设备发送请求用户特征信息的请求,安全设备接收到请求后,向该认证设备发送用户特征信息。The authentication device is used to collect biometric information to be verified and obtain user characteristic information from the security device; specifically, when the authentication device needs to obtain user characteristic information for comparison, it can send a request for user characteristic information to the security device After receiving the request, the security device sends the user characteristic information to the authentication device.
认证设备,还用于获取验证算法,利用验证算法对待验证生物识别信息进行计算得到的待验证特征信息,在本地比对待验证特征信息和用户特征信息,并在比对一致后,确定认证通过;具体来说,该验证算法与之前安全设备用于计算出用户特征信息的算法一致,以方便待验证信息和用户特征信息的比对。如果当前的待验证生物识别信息确实是是用户本人的生物识别信息,则利用待验证生物识别信息计算得到的待验证特征信息应当与安全设备发送的用户特征信息一致,即可以通过认证。The authentication device is also used to obtain a verification algorithm, using the verification algorithm to calculate the biometric information to be verified to obtain the characteristic information to be verified, compare the characteristic information to be verified with the user characteristic information locally, and determine that the authentication is passed after the comparison is consistent; Specifically, the verification algorithm is consistent with the algorithm used by the previous security device to calculate the user characteristic information, so as to facilitate the comparison between the information to be verified and the user characteristic information. If the current biometric information to be verified is indeed the user's own biometric information, the characteristic information to be verified calculated by using the biometric information to be verified should be consistent with the user characteristic information sent by the security device, that is, the authentication can be passed.
在一个可选的实施方式中,认证设备从安全设备中获取验证算法的标识后,通过该验证算法的标识获取到对应的算法。具体来说,认证设备可以根据标识从本地获取与标识对应的验证算法;或者认证设备可以根据标识从后台获取与标识对应的验证算法。In an optional implementation manner, after the authentication device obtains the identification of the verification algorithm from the security device, the corresponding algorithm is obtained through the identification of the verification algorithm. Specifically, the authentication device may locally obtain the verification algorithm corresponding to the identifier according to the identifier; or the authentication device may obtain the verification algorithm corresponding to the identifier from the background according to the identifier.
在一个可选的实施方式中,认证设备还可以直接从安全设备中获取验证算法。安全设备中预先存储之前计算用户特征信息所使用的验证算法,在向认证设备发送用户特征的同时发送该验证算法;也可以在认证设备需要使用时,向安全设备发送该该验证算法的请求,安全设备再将该验证算法发给该认证设备。通过将验证算法保存在安全设备中,可以进一步保证数据的安全性。In an optional implementation manner, the authentication device may also directly obtain the verification algorithm from the security device. The verification algorithm used to calculate the user characteristic information is pre-stored in the security device, and the verification algorithm is sent to the authentication device at the same time as the user characteristic; it is also possible to send a request for the verification algorithm to the security device when the authentication device needs to use it. The security device then sends the verification algorithm to the authentication device. Data security can be further ensured by storing the verification algorithm in a secure device.
认证设备,还用于在认证通过后,删除本地存储的待验证生物识别信息。具体来说,为了防止待验证生物识别信息的泄露,认证设备在认证通过后,应当立即删除该待验证的生物识别信息。在一个可选的实施方式中,认证设备还应当删除本地存储的待验证特征信息和用户特征信息,进一步保证生物识别信息不被泄露。The authentication device is also used to delete the locally stored biometric information to be verified after the authentication is passed. Specifically, in order to prevent the leakage of the biometric information to be verified, the authentication device should immediately delete the biometric information to be verified after passing the authentication. In an optional implementation manner, the authentication device should also delete the locally stored feature information to be verified and user feature information to further ensure that the biometric information is not leaked.
通过本公开的可脱机隐私防泄露认证系统,认证设备无需将采集到的待验证生物识别信息上传到后台服务器或者其他服务器进行验证,用户也不需要将用于比对验证的用户特征信息留存备份在后台服务器中,甚至用户的安全设备中也只存储用户生物识别信息对应的用户特征信息而非用户生物识别信息本身。当需要进行验证时,认证设备直接从用户持有的安全设备中获取用户特征信息,在认证结束后,认证设备删除获取到的生物识别信息,从而在整个流程中保证认证设备和安全设备均不留存生物识别信息。此外,由于该认证设 备无需向后台发送生物识别信息进行比对,认证设备在本地可以完成所有认证过程,使得该认证设备可以在脱机的情形下使用,进一步提高认证设备使用的便捷性。Through the offline privacy anti-disclosure authentication system of the present disclosure, the authentication device does not need to upload the collected biometric information to be verified to the background server or other servers for verification, and the user does not need to save the user characteristic information for comparison and verification. The backup is in the background server, and even the user's security device only stores the user's characteristic information corresponding to the user's biometric information instead of the user's biometric information itself. When verification is required, the authentication device directly obtains the user's characteristic information from the security device held by the user. Save biometric information. In addition, since the authentication device does not need to send biometric information to the background for comparison, the authentication device can complete all authentication processes locally, so that the authentication device can be used offline, further improving the convenience of using the authentication device.
在本公开的一个可选实施方式中,在认证设备从用户持有的安全设备中获取对用户生物识别信息进行计算得到的用户特征信息之前,认证设备,还用于与安全设备进行互相验证,且验证通过。具体来说,认证设备可以在获取用户特征信息之前完成与安全设备的认证,也可以在采集待验证生物识别信息之前完成与安全设备的认证。通过认证设备和安全设备进行相互验证,可以进一步验证认证设备和安全设备各自的真伪,防止信息的泄露。In an optional implementation manner of the present disclosure, before the authentication device obtains the user characteristic information obtained by calculating the user's biometric information from the security device held by the user, the authentication device is also used to perform mutual authentication with the security device, And the verification is passed. Specifically, the authentication device may complete the authentication with the security device before acquiring user characteristic information, or complete the authentication with the security device before collecting the biometric information to be verified. Through the mutual verification of the authentication device and the security device, the authenticity of the authentication device and the security device can be further verified to prevent information leakage.
在本公开的一个可选实施方式中,待验证生物识别信息包括:第一待验证生物识别信息和第二待验证生物识别信息,第一待验证生物识别信息为特定生物识别信息,第二待验证生物识别信息为自定义生物识别信息。具体来说,当待验证生物识别信息包括两种生物识别信息时,用户持有的安全设备中也应当预存两种生物识别信息的用户特征信息。举例来说,该第一待验证生物识别信息可以是标准的人脸信息,而该第二待验证生物识别信息可以带表情的人脸信息或者其他如指纹等生物信息。该第二待验证生物识别信息可以是用户随时自定义的,用户可以在某次认证选择增加该自定义生物识别信息的认证,也可以选择不增加该自定义生物识别信息的认证,且用户可以变更自定义生物识别信息的类型,以增加验证的可靠性。In an optional embodiment of the present disclosure, the biometric information to be verified includes: first biometric information to be verified and second biometric information to be verified, the first biometric information to be verified is specific biometric information, and the second biometric information to be verified Verify biometrics as custom biometrics. Specifically, when the biometric information to be verified includes two types of biometric information, the user characteristic information of the two types of biometric information should also be pre-stored in the security device held by the user. For example, the first biometric information to be verified may be standard facial information, and the second biometric information to be verified may be facial information with expressions or other biometric information such as fingerprints. The second biometric information to be verified can be customized by the user at any time. The user can choose to add the authentication of the customized biometric information in a certain authentication, or choose not to increase the authentication of the customized biometric information, and the user can Change the type of custom biometrics to increase the reliability of verification.
在本公开的一个可选实施方式中,认证设备,还用于判断待验证生物识别信息是否为预设信息,如果为预设信息,则执行第一预设操作。具体来说,该预设信息预设为特定的表情信息,例如,可以是连续多次眨眼、双眼轮流眨眼、连续多次点头等信息,通过判断预设信息,可以设置预设信息对应的操作。例如,可以将双眼轮流眨眼三次约定为用户遇到紧急情况的警示动作,当认证设备检测到用户的该面部表情时,可以立即执行报警操作。In an optional embodiment of the present disclosure, the authentication device is further configured to determine whether the biometric information to be verified is preset information, and if it is preset information, perform a first preset operation. Specifically, the preset information is preset as specific facial expression information, for example, it can be information such as blinking multiple times in a row, blinking in turn, nodding multiple times in a row, etc. By judging the preset information, you can set the operation corresponding to the preset information . For example, blinking three times in turn can be agreed as a warning action for the user to encounter an emergency, and when the authentication device detects the facial expression of the user, the alarm operation can be performed immediately.
在本公开的一个可选实施方式中,认证设备,还用于在认证通过后执行第二预设操作。具体来说,认证设备可以是一个支付设备,上述操作可以是支付流程中的验证流程,在完成认证之后,可以执行后续的支付操作。In an optional implementation manner of the present disclosure, the authentication device is further configured to execute a second preset operation after the authentication is passed. Specifically, the authentication device may be a payment device, the above operation may be a verification process in the payment process, and subsequent payment operations may be performed after the authentication is completed.

Claims (22)

  1. 一种防止隐私泄露的门禁认证方法,包括:An access control authentication method for preventing privacy leakage, comprising:
    认证门禁从入住用户持有的安全设备中获取用户ID,判断所述用户ID是否为所述认证门禁对应的准入ID;The authentication access control obtains the user ID from the security device held by the occupant, and judges whether the user ID is the access ID corresponding to the authentication access control;
    如果是,所述认证门禁采集所述入住用户的第一待验证生物识别信息;If so, the authentication access control collects the first biometric information to be verified of the check-in user;
    所述认证门禁从所述安全设备中获取对第一用户生物识别信息进行计算得到的第一用户特征信息;The authentication access control obtains the first user characteristic information obtained by calculating the first user biometric information from the security device;
    所述认证门禁获取第一验证算法,利用所述第一验证算法对所述第一待验证生物识别信息进行计算得到第一待验证特征信息;The authentication access control obtains a first verification algorithm, and uses the first verification algorithm to calculate the first biometric information to be verified to obtain the first characteristic information to be verified;
    所述认证门禁在本地比对所述第一待验证特征信息和所述第一用户特征信息,并在比对一致后,确定认证通过,执行开门操作,并删除本地存储的所述第一待验证生物识别信息。The authentication access control locally compares the first feature information to be verified with the first user feature information, and after the comparison is consistent, determines that the authentication is passed, performs a door opening operation, and deletes the locally stored first pending feature information. Verify biometric information.
  2. 根据权利要求1所述的方法,其中,The method according to claim 1, wherein,
    在所述认证门禁从用户持有的安全设备中获取用户ID之前,所述方法还包括:前台终端获取入住用户的ID,并将所述ID作为所述认证门禁对应的所述准入ID;Before the authentication access control obtains the user ID from the security device held by the user, the method further includes: the front terminal obtains the ID of the user staying in, and uses the ID as the admission ID corresponding to the authentication access control;
    所述判断所述用户ID是否为所述认证门禁对应的准入ID,包括:The judging whether the user ID is the access ID corresponding to the authentication access control includes:
    所述认证门禁从所述前台终端获取所述准入ID,并判断所述用户ID是否为所述认证门禁对应的准入ID;或者The authentication access control obtains the access ID from the foreground terminal, and determines whether the user ID is the access ID corresponding to the authentication access control; or
    所述认证门禁存储所述前台终端发送的所述准入ID,并判断所述用户ID是否为所述认证门禁对应的准入ID。The authentication access control stores the access ID sent by the foreground terminal, and judges whether the user ID is the access ID corresponding to the authentication access control.
  3. 根据权利要求2所述的方法,其中,在所述前台终端获取入住用户的ID之前,所述方法还包括:The method according to claim 2, wherein, before the front desk terminal obtains the ID of the user staying in, the method further comprises:
    所述前台终端采集所述入住用户的第二待验证生物识别信息;The foreground terminal collects the second biometric information to be verified of the check-in user;
    所述前台终端从所述入住用户持有的安全设备中获取对第二用户生物识别信息进行计算得到的第二用户特征信息;The foreground terminal obtains the second user characteristic information obtained by calculating the second user's biometric identification information from the security device held by the check-in user;
    所述前台终端获取第二验证算法,利用所述第二验证算法对所述入住用户的第二待验证生物识别信息进行计算得到第二待验证特征信息;The foreground terminal acquires a second verification algorithm, and uses the second verification algorithm to calculate the second biometric information to be verified of the check-in user to obtain second characteristic information to be verified;
    所述前台终端在本地比对所述第二待验证特征信息和所述第二用户特征信息,并在比对一致后,确定认证通过,删除本地存储的所述入住用户的第二待验证生物识别信息,并执行所述前台终端获取入住用户的ID的步骤。The foreground terminal locally compares the second feature information to be verified with the second user feature information, and after the comparison is consistent, determines that the authentication is passed, and deletes the locally stored second biometric information of the check-in user. identification information, and execute the step of obtaining the ID of the check-in user by the front desk terminal.
  4. 根据权利要求3所述的方法,其中,The method according to claim 3, wherein,
    所述认证门禁获取第一验证算法,包括:The authentication access control obtains the first verification algorithm, including:
    所述认证门禁根据从所述安全设备中获取的第一验证算法的标识从本地获取与所述第一验证算法的标识对应的验证算法;或者,所述认证门禁根据所述第一验证算法的标识从后台获取与所述第一验证算法的标识对应的验证算法;或者,所述认证门禁从所述安全设备中获取所述第一验证算法;The authentication access control obtains locally the verification algorithm corresponding to the identification of the first verification algorithm according to the identification of the first verification algorithm acquired from the security device; or, the authentication access control obtains the verification algorithm corresponding to the identification of the first verification algorithm according to the The identification obtains the verification algorithm corresponding to the identification of the first verification algorithm from the background; or, the authentication access control obtains the first verification algorithm from the security device;
    所述前台终端获取第二验证算法,包括:The foreground terminal acquires a second verification algorithm, including:
    所述前台终端根据从所述安全设备中获取的第二验证算法的标识从本地获取与所述第二验证算法的标识对应的验证算法;或者,所述前台终端根据所述第二验证算法的标识从后台获取与所述第二验证算法的标识对应的验证算法;或者,所述前台终端从所述安全设备中获取所述第二验证算法。The foreground terminal obtains locally a verification algorithm corresponding to the second verification algorithm according to the second verification algorithm obtained from the security device; or, the foreground terminal obtains a verification algorithm corresponding to the second verification algorithm according to the second verification algorithm The identification obtains the verification algorithm corresponding to the identification of the second verification algorithm from the background; or, the foreground terminal obtains the second verification algorithm from the security device.
  5. 根据权利要求3所述的方法,其中,还包括:The method according to claim 3, further comprising:
    所述认证门禁删除本地存储的所述第一待验证特征信息和所述第一用户特征信息;The authentication access control deletes the locally stored first feature information to be verified and the first user feature information;
    所述前台终端删除本地存储的所述第二待验证特征信息和所述第二用户特征信息。The foreground terminal deletes the locally stored second feature information to be verified and the second user feature information.
  6. 一种防止隐私泄露的门禁装置,包括:An access control device for preventing privacy leakage, comprising:
    判断模块,用于从入住用户持有的安全设备中获取用户ID,判断所述用户ID是否为所述认证门禁对应的准入ID;如果是,则触发采集模块采集所述入住用户的第一待验证生物识别信息;A judging module, configured to obtain a user ID from a security device held by an occupant, and determine whether the user ID is the access ID corresponding to the authentication access control; if so, trigger the collection module to collect the first ID of the occupant. Biometric information to be verified;
    所述采集模块,用于采集所述入住用户的第一待验证生物识别信息;The collection module is configured to collect the first biometric information to be verified of the check-in user;
    获取模块,用于从所述安全设备中获取对第一用户生物识别信息进行计算得到的第一用户特征信息;An acquisition module, configured to acquire, from the security device, first user characteristic information obtained by calculating the first user's biometric information;
    计算模块,用于获取第一验证算法,利用所述第一验证算法对所述第一待验证生物识别信息进行计算得到第一待验证特征信息;A calculation module, configured to acquire a first verification algorithm, and use the first verification algorithm to calculate the first biometric information to be verified to obtain first feature information to be verified;
    处理模块,用于在本地比对所述第一待验证特征信息和所述第一用户特征信息,并在比对一致后,确定认证通过,执行开门操作,并删除本地存储的所述待验证生物识别信息。A processing module, configured to locally compare the first feature information to be verified with the first user feature information, and after the comparison is consistent, determine that the authentication is passed, perform a door opening operation, and delete the locally stored to-be-verified biometric information.
  7. 根据权利要求6所述的门禁装置,其中,The access control device according to claim 6, wherein,
    所述获取模块通过以下方式获取第一验证算法:The obtaining module obtains the first verification algorithm in the following manner:
    根据从所述安全设备中获取的第一验证算法的标识从本地获取与所述第一验证算法的标识对应的验证算法;或者,根据所述第一验证算法的标识从后台获取与所述第一验证算法的标识对应的验证算法;或者,从所述安全设备中获取所述第一验证算法。According to the identification of the first verification algorithm obtained from the security device, the verification algorithm corresponding to the identification of the first verification algorithm is obtained locally; or, according to the identification of the first verification algorithm, the verification algorithm corresponding to the first verification algorithm is obtained from the background A verification algorithm corresponding to the identification of a verification algorithm; or, acquiring the first verification algorithm from the security device.
  8. 根据权利要求6所述的门禁装置,其中,The access control device according to claim 6, wherein,
    所述处理模块,还用于删除本地存储的所述第一待验证特征信息和所述第一用户特征信 息。The processing module is further configured to delete the locally stored first feature information to be verified and the first user feature information.
  9. 一种防止隐私泄露的门禁系统,包括:如权利要求6至8中任一项所述的防止隐私泄露的门禁装置和安全设备,其中:An access control system for preventing privacy leakage, comprising: the access control device and security equipment for preventing privacy leakage as claimed in any one of claims 6 to 8, wherein:
    所述安全设备,用于向所述认证门禁发送所述用户ID;The security device is configured to send the user ID to the authentication access control;
    所述安全设备,还用于向所述认证门禁发送对第一用户生物识别信息进行计算得到的第一用户特征信息。The security device is further configured to send the first user characteristic information obtained by calculating the biometric information of the first user to the authentication access control.
  10. 一种防止隐私泄露的门禁系统,包括:如权利要求6至8中任一项所述的防止隐私泄露的门禁装置和前台终端,其中:An access control system for preventing privacy leakage, comprising: the access control device for preventing privacy leakage according to any one of claims 6 to 8 and a front desk terminal, wherein:
    所述前台终端,用于获取入住用户的ID,并将所述ID作为所述认证门禁对应的所述准入ID;The foreground terminal is used to obtain the ID of the user staying in, and use the ID as the access ID corresponding to the authentication access control;
    所述认证门禁的判断模块,用于判断所述用户ID是否为所述认证门禁对应的准入ID,包括:The judging module of the authentication access control is used to determine whether the user ID is the access ID corresponding to the authentication access control, including:
    所述认证门禁的判断模块从所述前台终端获取所述准入ID,并判断所述用户ID是否为所述认证门禁对应的准入ID;或者The judging module of the authentication access control obtains the access ID from the foreground terminal, and determines whether the user ID is the access ID corresponding to the authentication access control; or
    所述认证门禁的判断模块存储所述前台终端发送的所述准入ID,并判断所述用户ID是否为所述认证门禁对应的准入ID。The judging module of the authentication access control stores the access ID sent by the foreground terminal, and judges whether the user ID is the access ID corresponding to the authentication access control.
  11. 一种可脱机隐私防泄露认证方法,包括:An offline privacy disclosure anti-disclosure authentication method, comprising:
    认证设备采集待验证生物识别信息;The authentication device collects the biometric information to be verified;
    所述认证设备从用户持有的安全设备中获取对用户生物识别信息进行计算得到的用户特征信息;The authentication device acquires user characteristic information obtained by calculating the user's biometric information from a security device held by the user;
    所述认证设备获取验证算法,利用所述验证算法对所述待验证生物识别信息进行计算得到待验证特征信息;The authentication device acquires a verification algorithm, and uses the verification algorithm to calculate the biometric information to be verified to obtain characteristic information to be verified;
    所述认证设备在本地比对所述待验证特征信息和所述用户特征信息,并在比对一致后,确定认证通过;The authentication device compares the characteristic information to be verified and the user characteristic information locally, and determines that the authentication is passed after the comparison is consistent;
    所述认证设备在认证通过后,删除本地存储的所述待验证生物识别信息。After passing the authentication, the authentication device deletes the locally stored biometric information to be verified.
  12. 根据权利要求11所述的方法,其中,还包括:The method according to claim 11, further comprising:
    所述认证设备从所述安全设备中获取所述验证算法的标识;The authentication device obtains the identification of the verification algorithm from the security device;
    所述认证设备获取验证算法包括:The verification algorithm obtained by the authentication device includes:
    所述认证设备根据所述标识从本地获取与所述标识对应的验证算法;或者The authentication device obtains locally a verification algorithm corresponding to the identifier according to the identifier; or
    所述认证设备根据所述标识从后台获取与所述标识对应的验证算法。The authentication device obtains a verification algorithm corresponding to the identifier from the background according to the identifier.
  13. 根据权利要求11所述的方法,其中,所述认证设备获取验证算法包括:The method according to claim 11, wherein said authentication device obtaining a verification algorithm comprises:
    所述认证设备从所述安全设备中获取所述验证算法。The authentication device acquires the verification algorithm from the security device.
  14. 根据权利要求11所述的方法,其中,所述待验证生物识别信息包括:第一待验证生物识别信息和第二待验证生物识别信息,所述第一待验证生物识别信息为特定生物识别信息,所述第二待验证生物识别信息为自定义生物识别信息。The method according to claim 11, wherein the biometric information to be verified includes: first biometric information to be verified and second biometric information to be verified, and the first biometric information to be verified is specific biometric information , the second biometric information to be verified is custom biometric information.
  15. 根据权利要求11或14所述的方法,其中,还包括:The method according to claim 11 or 14, further comprising:
    所述认证设备判断所述待验证生物识别信息是否为预设信息,如果为预设信息,则执行第一预设操作。The authentication device judges whether the biometric information to be verified is preset information, and if it is preset information, performs a first preset operation.
  16. 根据权利要求11所述的方法,其中,在所述认证设备在认证通过后,还包括:The method according to claim 11, wherein, after the authentication device passes the authentication, further comprising:
    所述认证设备执行第二预设操作。The authentication device performs a second preset operation.
  17. 一种可脱机隐私防泄露认证系统,包括认证设备和用户持有的安全设备:An offline privacy anti-disclosure authentication system, including authentication equipment and security equipment held by users:
    所述安全设备,用于预存对用户生物识别信息进行计算得到的用户特征信息;The security device is used to pre-store user characteristic information obtained by calculating user biometric information;
    所述认证设备,用于采集待验证生物识别信息,并从所述安全设备中获取所述用户特征信息;The authentication device is configured to collect biometric information to be verified, and obtain the user characteristic information from the security device;
    所述认证设备,还用于获取验证算法,利用所述验证算法对所述待验证生物识别信息进行计算得到待验证特征信息,在本地比对所述待验证特征信息和所述用户特征信息,并在比对一致后,确定认证通过;The authentication device is further configured to acquire a verification algorithm, use the verification algorithm to calculate the biometric information to be verified to obtain characteristic information to be verified, and compare the characteristic information to be verified with the user characteristic information locally, And after the comparison is consistent, it is determined that the authentication is passed;
    所述认证设备,还用于在认证通过后,删除本地存储的所述待验证生物识别信息。The authentication device is further configured to delete the locally stored biometric information to be verified after the authentication is passed.
  18. 根据权利要求17所述的系统,其中,The system of claim 17, wherein,
    所述认证设备,还用于从所述安全设备中获取所述验证算法的标识;The authentication device is further configured to obtain the identification of the verification algorithm from the security device;
    所述认证设备获取验证算法具体包括:The verification algorithm obtained by the authentication device specifically includes:
    所述认证设备根据所述标识从本地获取与所述标识对应的验证算法;或者The authentication device obtains locally a verification algorithm corresponding to the identifier according to the identifier; or
    所述认证设备根据所述标识从后台获取与所述标识对应的验证算法。The authentication device obtains a verification algorithm corresponding to the identifier from the background according to the identifier.
  19. 根据权利要求17所述的系统,其中,所述认证设备获取验证算法具体包括:The system according to claim 17, wherein said authentication device obtaining a verification algorithm specifically includes:
    所述认证设备从所述安全设备中获取所述验证算法。The authentication device acquires the verification algorithm from the security device.
  20. 根据权利要求17所述的系统,其中,所述待验证生物识别信息包括:第一待验证生物识别信息和第二待验证生物识别信息,所述第一待验证生物识别信息为特定生物识别信息,所述第二待验证生物识别信息为自定义生物识别信息。The system according to claim 17, wherein the biometric information to be verified includes: first biometric information to be verified and second biometric information to be verified, and the first biometric information to be verified is specific biometric information , the second biometric information to be verified is custom biometric information.
  21. 根据权利要求17或20所述的系统,其中,还包括:The system according to claim 17 or 20, further comprising:
    所述认证设备,还用于判断所述待验证生物识别信息是否为预设信息,如果为预设信 息,则执行第一预设操作。The authentication device is further configured to judge whether the biometric information to be verified is preset information, and if it is preset information, perform a first preset operation.
  22. 根据权利要求17所述的系统,其中,The system of claim 17, wherein,
    所述认证设备,还用于在认证通过后执行第二预设操作。The authentication device is further configured to execute a second preset operation after the authentication is passed.
PCT/CN2022/089773 2021-05-11 2022-04-28 Access control authentication method, apparatus and system for preventing privacy leak WO2022237550A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN202110513327.9 2021-05-11
CN202110513328.3 2021-05-11
CN202110513328.3A CN115331344A (en) 2021-05-11 2021-05-11 Entrance guard authentication method, device and system for preventing privacy disclosure
CN202110513327.9A CN115329300A (en) 2021-05-11 2021-05-11 Offline privacy disclosure-prevention authentication method and system

Publications (1)

Publication Number Publication Date
WO2022237550A1 true WO2022237550A1 (en) 2022-11-17

Family

ID=84027994

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/089773 WO2022237550A1 (en) 2021-05-11 2022-04-28 Access control authentication method, apparatus and system for preventing privacy leak

Country Status (1)

Country Link
WO (1) WO2022237550A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436247A (en) * 2007-11-12 2009-05-20 中国长城计算机深圳股份有限公司 Biological personal identification method and system based on UEFI
KR20150056711A (en) * 2013-11-15 2015-05-27 주식회사 카티스 Access management system using smart access card and method
CN105389871A (en) * 2015-11-14 2016-03-09 合肥骇虫信息科技有限公司 Access control system
CN109903433A (en) * 2019-01-31 2019-06-18 武汉天喻聚联网络有限公司 A kind of access control system and access control method based on recognition of face
CN209460835U (en) * 2019-03-27 2019-10-01 北京一维大成科技有限公司 A kind of access control system
CN112396743A (en) * 2020-11-06 2021-02-23 山东黄金矿业(莱州)有限公司三山岛金矿 Access control system and method based on information card edge calculation comparison

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436247A (en) * 2007-11-12 2009-05-20 中国长城计算机深圳股份有限公司 Biological personal identification method and system based on UEFI
KR20150056711A (en) * 2013-11-15 2015-05-27 주식회사 카티스 Access management system using smart access card and method
CN105389871A (en) * 2015-11-14 2016-03-09 合肥骇虫信息科技有限公司 Access control system
CN109903433A (en) * 2019-01-31 2019-06-18 武汉天喻聚联网络有限公司 A kind of access control system and access control method based on recognition of face
CN209460835U (en) * 2019-03-27 2019-10-01 北京一维大成科技有限公司 A kind of access control system
CN112396743A (en) * 2020-11-06 2021-02-23 山东黄金矿业(莱州)有限公司三山岛金矿 Access control system and method based on information card edge calculation comparison

Similar Documents

Publication Publication Date Title
RU2718226C2 (en) Biometric data safe handling systems and methods
CN106612259B (en) Identity recognition, business processing and biological characteristic information processing method and equipment
US9189612B2 (en) Biometric verification with improved privacy and network performance in client-server networks
CN109741509B (en) Dual-authentication face access control system and information authentication method
US20180247313A1 (en) Fingerprint security element (se) module and payment verification method
JP2006209697A (en) Individual authentication system, and authentication device and individual authentication method used for the individual authentication system
CA2636453A1 (en) Multisystem biometric token
CN103646201A (en) Verification method achieved by combining human faces with identities
CN111815833A (en) Hotel access control authentication system based on intelligent identification and encryption technology
CN111131202A (en) Identity authentication method and system based on multiple information authentication
CN106936775A (en) A kind of authentication method and system based on fingerprint recognition
CN114547589A (en) Privacy-protecting user registration and user authentication method and device
KR20040082674A (en) System and Method for Authenticating a Living Body Doubly
CN112329004A (en) Method and device for face recognition and face password
US20210365531A1 (en) Method and electronic device for authenticating a user
JP7151928B2 (en) AUTHENTICATION SERVER, AUTHENTICATION SERVER CONTROL METHOD AND PROGRAM
WO2022237550A1 (en) Access control authentication method, apparatus and system for preventing privacy leak
JPH10240691A (en) Network security system
CN104009843A (en) Token terminal and method
WO2022237546A1 (en) Method for offline authentication of variable biometric features, device, and system
US20210397687A1 (en) Method for authenticating a user on client equipment
CN109005158B (en) Authentication method of dynamic gesture authentication system based on fuzzy safe
CN116582281B (en) Safe face recognition method, system and equipment based on password technology
TWI736280B (en) Identity verification method based on biometrics
CN111404683B (en) Self-service equipment master key generation method, server and self-service equipment

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22806519

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE