WO2022237550A1 - Procédé, appareil et système d'authentification de contrôle d'accès pour empêcher une fuite de confidentialité - Google Patents

Procédé, appareil et système d'authentification de contrôle d'accès pour empêcher une fuite de confidentialité Download PDF

Info

Publication number
WO2022237550A1
WO2022237550A1 PCT/CN2022/089773 CN2022089773W WO2022237550A1 WO 2022237550 A1 WO2022237550 A1 WO 2022237550A1 CN 2022089773 W CN2022089773 W CN 2022089773W WO 2022237550 A1 WO2022237550 A1 WO 2022237550A1
Authority
WO
WIPO (PCT)
Prior art keywords
authentication
user
verified
access control
verification algorithm
Prior art date
Application number
PCT/CN2022/089773
Other languages
English (en)
Chinese (zh)
Inventor
李东声
Original Assignee
天地融科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN202110513327.9A external-priority patent/CN115329300A/zh
Priority claimed from CN202110513328.3A external-priority patent/CN115331344A/zh
Application filed by 天地融科技股份有限公司 filed Critical 天地融科技股份有限公司
Publication of WO2022237550A1 publication Critical patent/WO2022237550A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07CTIME OR ATTENDANCE REGISTERS; REGISTERING OR INDICATING THE WORKING OF MACHINES; GENERATING RANDOM NUMBERS; VOTING OR LOTTERY APPARATUS; ARRANGEMENTS, SYSTEMS OR APPARATUS FOR CHECKING NOT PROVIDED FOR ELSEWHERE
    • G07C9/00Individual registration on entry or exit
    • G07C9/30Individual registration on entry or exit not involving the use of a pass
    • G07C9/32Individual registration on entry or exit not involving the use of a pass in combination with an identity check
    • G07C9/37Individual registration on entry or exit not involving the use of a pass in combination with an identity check using biometric data, e.g. fingerprints, iris scans or voice recognition

Definitions

  • the present disclosure relates to the field of electronic technology, and in particular to an access control authentication method, device and system for preventing privacy leakage, and an offline privacy leakage prevention authentication method and system.
  • biometric features such as face and fingerprint can be used for access control verification. After the verification is passed, the door can be opened for the guest.
  • biometric identity verification brings convenience to people, it also increases the risk of biometric privacy leakage, which has aroused people's concerns about privacy violations.
  • the background server of the hotel generally collects the biometric information of the user as a backup and saves it for subsequent comparison.
  • the hotel front-end terminal collects the biometric information on site, and sends it to the back-end server for comparison with the retained backup biometric information.
  • both the hotel front-end terminal and the back-end server can retain the biometric information, and Biometric information may also be intercepted during transmission, so it is easy to cause the risk of biometric information leakage.
  • the present disclosure aims to solve one of the above-mentioned problems.
  • the main purpose of the present disclosure is to provide an access control authentication method that prevents privacy leakage.
  • Another object of the present disclosure is to provide an access control authentication device that prevents privacy leakage.
  • Another object of the present disclosure is to provide an access control authentication system that prevents privacy leakage.
  • Another object of the present disclosure is to provide an offline privacy leakage prevention authentication method.
  • Another object of the present disclosure is to provide an offline privacy leakage prevention authentication system.
  • the present disclosure provides an access control authentication method for preventing privacy leakage, including: the authentication access control obtains a user ID from a security device held by a resident user, and determines whether the user ID is the access ID corresponding to the authentication access control; If so, the authentication access control collects the first biometric information to be verified of the check-in user; the authentication access control obtains the first user characteristic information obtained by calculating the first user biometric information from the security device; The authentication access control obtains a first verification algorithm, and uses the first verification algorithm to calculate the first biometric information to be verified to obtain the first characteristic information to be verified; the authentication access control compares the first verification information locally The feature information is compared with the first user feature information, and after the comparison is consistent, it is determined that the authentication is passed, the door is opened, and the locally stored first biometric identification information to be verified is deleted.
  • an access control authentication device for preventing privacy leakage, including: a judging module, configured to obtain a user ID from a security device held by an occupant, and judge whether the user ID corresponds to the authentication access control Access ID; if yes, trigger the collection module to collect the first biometric information to be verified of the user; the collection module is used to collect the first biometric information to be verified of the user; the acquisition module uses Obtaining the first user characteristic information obtained by calculating the first user's biometric information from the security device; the calculation module is configured to obtain a first verification algorithm, and use the first verification algorithm to perform the first verification on the first user to be verified.
  • the biometric information is calculated to obtain the first feature information to be verified; the processing module is used to locally compare the first feature information to be verified with the first user feature information, and determine that the authentication is passed after the comparison is consistent, Execute the door opening operation, and delete the biometric information to be verified locally stored.
  • an access control authentication system for preventing privacy leakage, including: the above-mentioned access control device for preventing privacy leakage and a security device, wherein: the security device is used to send the authentication access control User ID: the security device is further configured to send the first user characteristic information obtained by calculating the first user biometric information to the authentication access control.
  • an access control authentication system for preventing privacy leakage, including: the above-mentioned access control device for preventing privacy leakage and a front desk terminal, wherein: the front desk terminal is used to obtain the ID of the user staying in, and The ID is used as the access ID corresponding to the authentication access control; the judgment module of the authentication access control is used to determine whether the user ID is the access ID corresponding to the authentication access control, including: the authentication access control The judging module obtains the access ID from the foreground terminal, and judges whether the user ID is the access ID corresponding to the authentication access control; or the authentication access control judging module stores the access ID sent by the foreground terminal. access ID, and determine whether the user ID is the access ID corresponding to the authentication access control.
  • this disclosure provides an access control authentication method, device, and system that prevents privacy leakage, and does not store any biometric information and calculated information in the local access control, front-end terminal, or system background.
  • Feature information that is, the first biometric identification information to be verified, the first feature information to be verified, and the first user feature information are not stored. Only the user characteristic information corresponding to the user's biometric information is stored in the user's security device instead of the user's biometric information itself.
  • the authentication access control directly obtains the user's characteristic information from the security device, and compares it with the currently collected guest's characteristic information to be verified.
  • the authentication access control deletes the acquired biometric information, thereby Ensure that no biometric information is retained on authenticated access control and security devices throughout the process. On the one hand, it can ensure that the user's biometric information will not be leaked by the hotel access control, protecting user privacy from being leaked. On the other hand, it can also make the operation of the authentication access control easier. For hotels all over the country and even the world, there is no need to pre-store With the guest's biometric information, any guest can perform access control authentication. In addition, through biometric comparison, it can be ensured that the guest who has passed the verification of the authentication access control is the guest who holds the security device. Since the authentication access control does not need to send biometric information to the background for comparison, the authentication access control can complete all the authentication processes locally, so that the authentication device can be used offline, further improving the convenience of using the authentication device.
  • Another aspect of the present disclosure provides an offline privacy-prevention authentication method, including: the authentication device collects the biometric information to be verified; the user feature information; the authentication device obtains a verification algorithm, and uses the verification algorithm to calculate the biometric information to be verified to obtain the feature information to be verified; the authentication device compares the feature information to be verified locally with the The above user characteristic information, and after the comparison is consistent, it is determined that the authentication is passed; after the authentication is passed, the authentication device deletes the locally stored biometric information to be verified.
  • Another aspect of the present disclosure provides an offline privacy and anti-disclosure authentication system, including an authentication device and a security device held by the user: the security device is used to pre-store user characteristic information obtained by calculating the user's biometric information; The authentication device is used to collect the biometric information to be verified, and obtain the user characteristic information from the security device; the authentication device is also used to obtain a verification algorithm, and use the verification algorithm to verify the The biometric information is calculated to obtain the characteristic information to be verified, and the characteristic information to be verified is compared with the user characteristic information locally, and after the comparison is consistent, it is determined that the authentication is passed; the authentication device is also used to pass the authentication. After that, the biometric information to be verified locally stored is deleted.
  • the present disclosure provides an authentication method and system for offline privacy leakage prevention, and the authentication device does not need to upload the collected biometric information to be verified to the background server or other servers for verification. , the user does not need to save and back up the user characteristic information used for comparison and verification in the background server, and even the user's security device only stores the user characteristic information corresponding to the user biometric information instead of the user biometric information itself.
  • the authentication device directly obtains the user's characteristic information from the security device held by the user. Save biometric information.
  • the authentication device since the authentication device does not need to send biometric information to the background for comparison, the authentication device can complete all authentication processes locally, so that the authentication device can be used offline, further improving the convenience of using the authentication device.
  • FIG. 1 is a flowchart of an access control authentication method for preventing privacy leakage provided by Embodiment 1 of the present disclosure
  • FIG. 2 is a schematic structural diagram of an access control authentication device for preventing privacy leakage provided by Embodiment 2 of the present disclosure
  • Embodiment 3 is a schematic structural diagram of an access control authentication system for preventing privacy leakage provided by Embodiment 2 of the present disclosure
  • FIG. 4 is a schematic structural diagram of an access control authentication system for preventing privacy leakage provided by Embodiment 2 of the present disclosure
  • Embodiment 5 is a schematic structural diagram of an access control authentication system for preventing privacy leakage provided by Embodiment 2 of the present disclosure
  • FIG. 6 is a flowchart of an offline privacy anti-disclosure authentication method provided by Embodiment 3 of the present disclosure.
  • FIG. 7 is a schematic structural diagram of an offline privacy anti-disclosure authentication system provided by Embodiment 3 of the present disclosure.
  • FIG. 1 is a flowchart of an access control authentication method for preventing privacy leakage provided by Embodiment 1 of the present disclosure. As shown in Figure 1, this access control authentication method comprises the following steps (S101-S105):
  • the authentication access control obtains the user ID from the security device held by the occupant, and judges whether the user ID is the access ID corresponding to the authentication access control; if yes, execute step S102.
  • the security device is a device with a security chip, which may be a smart terminal (such as a smart phone, a wearable device), an ID card, a smart card, or a USB-Key with a security chip.
  • the security chip is a trusted platform module. It is a device that can independently generate keys, encrypt and decrypt. It has an independent processor and storage unit inside, which can store keys and feature data, and provide encryption and security authentication services for computers. Encrypted with a security chip, the key is stored in the hardware, and the stolen data cannot be decrypted, thereby protecting business privacy and data security.
  • authentication access control and security equipment can establish short-distance communication connections, such as NFC, Bluetooth, 4G, 5G and other communication methods, to complete data interaction.
  • the access control authentication method provided in this embodiment further includes: the authentication access control and the security device perform mutual verification, and Verification passed. Thereby, the security of the data transmitted between the two devices can be ensured.
  • the user ID may be identification information that uniquely identifies the identity of the user. For example, it can be the ID number of the user, the PIN code set by the user, the serial number of the security device, etc., to ensure that the user who holds the security device is the guest who checks into the access control room.
  • Obtaining the user ID from the security device held by the user for authentication includes: receiving the user ID sent by the security device for the authentication access control.
  • the hotel front desk terminal can obtain the user ID of the guest, and after the identity verification of the guest is passed, the guest room will be allocated to the guest, and the user ID will be used as the authentication access control corresponding to the guest room The access ID.
  • the access control authentication method provided in this embodiment further includes: the front desk terminal obtains the ID of the user, and The ID is used as the access ID corresponding to the authentication access control; optionally, the front-end terminal obtains the ID of the check-in user, including: the front-end terminal obtains the user ID from the security device held by the check-in user as the access ID, that is, receives the ID sent by the security device or, input the user ID on the foreground terminal, and the foreground terminal receives the input user ID.
  • the authentication access control judges whether the user ID is the access ID corresponding to the authentication access control, including: the authentication access control obtains the access ID from the front terminal, and judges whether the user ID is the corresponding access ID of the authentication access control; The access ID sent by the terminal, and judge whether the user ID is the access ID corresponding to the authentication access control.
  • the authentication access control can obtain the access ID from the front desk terminal in real time.
  • the front desk terminal allocates a room for the guest, it will send the access ID to the corresponding authentication access control of the assigned room, and the authentication access control
  • the access ID is stored locally.
  • the security device communicates with the authentication access control.
  • the authentication access control reads the user ID from the security device and compares it. After the comparison is consistent, the authentication passes, thus ensuring The user holding the security device is the guest himself who handles the front desk terminal, and then performs the subsequent steps.
  • the authentication access control collects the first biometric information to be verified of the resident user.
  • the first biometric identification information to be verified may be face image data, voiceprint characteristic data, fingerprint characteristic data, iris characteristic data and other information.
  • the first biometric identification information to be verified may be image data or video data, which is not limited in this embodiment.
  • the first biometric identification information to be verified may include one or more.
  • the identification information can be a combination of face image data and fingerprint feature data, or face image data with different expressions can be collected.
  • the authentication access control obtains the first user characteristic information obtained by calculating the biometric information of the first user from the security device.
  • the access control authentication method before the authentication access control acquires the first user characteristic information obtained by calculating the biometric information of the first user from the security device, the access control authentication method provided in this embodiment further includes: The security device pre-stores the first user feature information. Specifically, the security device can pre-collect the first user biometric information of the security device holder, such as face image data, voiceprint feature data, fingerprint feature data, iris feature data and other information, and use the locally pre-stored verification algorithm to verify The biometric information of the first user is calculated to obtain the characteristic information of the first user, and the characteristic information of the first user is stored in the security device. In this disclosure, the security device does not store the biometric information of the first user, but only the characteristic information of the first user. Since the characteristic information of the first user is a string of characters, it can ensure that the biometric information of the first user is not leaked, that is, to protect User privacy is not disclosed.
  • the user's biometric information pre-stored in the security device can be changed, that is, the user can update the user's biometric information pre-stored in the security device at any time, for example, the user changes the collection of facial images to the collection of fingerprint information or voiceprint feature information, the security device recalculates the re-collected user biometric information according to the locally pre-stored verification algorithm to obtain new first user feature information.
  • the security device recalculates the re-collected user biometric information according to the locally pre-stored verification algorithm to obtain new first user feature information.
  • the verification cannot pass if the user's biometric information before the update is used. This can also prevent the authentication access control from using the user's privacy without deleting the first biometric information to be verified, or when the second Once the verified biometric information is leaked, it can also ensure that the access control authentication cannot pass, avoiding the loss of users.
  • the authentication access control does not need to pre-store the first user biometric information and the first user characteristic information locally or in the system background.
  • the authentication access control obtains the first user characteristic information from the security device.
  • it can ensure that the first user biometric Identification information will not be leaked by hotel access control, protecting user privacy from being leaked.
  • it can also make the operation of authentication access control easier. For hotels all over the country and even the world, there is no need to pre-store guests’ biometric information in advance. Any guest can perform access control authentication.
  • the authentication access control acquires a first verification algorithm, and uses the first verification algorithm to calculate the first biometric identification information to be verified to obtain first feature information to be verified.
  • the authentication access control obtains the first verification algorithm, including the following three methods:
  • Method 1 The authentication access control obtains the verification algorithm corresponding to the first verification algorithm identification from the local according to the identification of the first verification algorithm obtained from the security device; or,
  • Method 2 The authentication access control obtains the verification algorithm corresponding to the identification of the first verification algorithm from the background according to the identification of the first verification algorithm; or,
  • Method 3 The authentication access control obtains the first authentication algorithm from the security device.
  • the method provided in this embodiment further includes: the authentication access control obtains the identifier of the first verification algorithm from the security device. If the algorithm corresponding to the identifier of the first verification algorithm is pre-stored locally, it can be obtained locally; if not pre-stored locally, the verification algorithm corresponding to the identifier of the first verification algorithm can be obtained from the background.
  • the first verification algorithm can be a hash algorithm, an encryption algorithm and other algorithms, and the biometric information (such as the first user characteristic information and the first characteristic information to be verified) calculated by the first verification algorithm is irreversible data, that is, it cannot be Get biometric information.
  • the authentication access control locally compares the first feature information to be verified with the first user feature information, and after the comparison is consistent, determines that the authentication is passed, performs the door opening operation, and deletes the locally stored first biometric information to be verified.
  • the access control authentication method provided in this embodiment further includes: authenticating the access control and deleting the locally stored first feature information to be verified and the first user feature information.
  • the authentication access control local or system background does not store any biometric information and calculated feature information, that is, does not store the first biometric information to be verified, the first feature information to be verified, and the first user feature information.
  • the authentication access control obtains the first user characteristic information from the security device, and compares it with the first characteristic information of the currently collected residents to be verified. On the one hand, it can ensure that the first user's biometric information will not be The hotel access control is leaked, protecting user privacy from being leaked. On the other hand, it can also make the operation of the authentication access control easier. For hotels all over the country or even the world, there is no need to pre-store the guest's biometric information in advance, and any guest can perform Access control authentication.
  • the access control authentication method provided in this embodiment further includes: the foreground terminal collects the second biometric to be verified of the check-in user identification information; the front desk terminal obtains the second user's biometric information from the security device held by the check-in user and calculates the second user characteristic information; the front desk terminal obtains the second verification algorithm, and uses the second verification algorithm to verify the second user's The biometric information to be verified is calculated to obtain the second characteristic information to be verified; the front desk terminal compares the second characteristic information to be verified with the second user characteristic information locally, and after the comparison is consistent, it determines that the authentication is passed, and deletes the locally stored check-in information.
  • the user's second biometric identification information to be verified, and the step of obtaining the ID of the user at the front desk is executed.
  • the front desk terminal collects the guest's second biometric identification information to be verified in the same manner as the above step S102-step S105, obtains the second user characteristic information from the security device, and obtains the second verification algorithm calculation
  • the second feature information to be verified is obtained, and the second feature information to be verified is compared with the second user feature information.
  • first and “second” refer to the same type of information obtained twice, for example, the first biometric information to be verified and the second biometric information to be verified respectively represent the biometric information to be verified and the biometric information to be verified collected by the authentication access control.
  • the biometric information to be verified collected by the front-end terminal is not directly related, and the "first" and “second” information can be the same or different.
  • the first user biometric information and the second user biometric information, the first user characteristic information and the second user characteristic information, and the first verification algorithm and the second verification algorithm also appear in the text, which should be understood as above.
  • the acquisition of the second verification algorithm by the foreground terminal includes: the foreground terminal obtains locally the ID corresponding to the identification of the second verification algorithm according to the identification of the second verification algorithm obtained from the security device.
  • the foreground terminal deletes the locally stored second characteristic information to be verified and the second user characteristic information.
  • the foreground terminal or the system background does not store any biometric information and calculated feature information, that is, does not store the second biometric information to be verified, the second feature information to be verified, and the second user feature information.
  • the front-end terminal obtains the second user’s characteristic information from the security device, and compares it with the currently collected guest’s second to-be-verified characteristic information.
  • it can ensure that the second user’s biometric information will not be
  • the front desk of the hotel is leaked to protect the privacy of users from being leaked.
  • it can also make the operation of the front desk terminal easier. For hotels all over the country and even the world, there is no need to pre-store the biometric information of the guests in advance, and any guest can perform Check-in verification.
  • the authentication access control local, front-end terminal local or system background does not store any biometric information and calculated feature information, that is, does not store the first biometric information to be verified, the first biometric information to be verified
  • the characteristic information and the characteristic information of the first user are verified. Only the user characteristic information corresponding to the user's biometric information is stored in the user's security device instead of the user's biometric information itself.
  • the authentication access control directly obtains the user's characteristic information from the security device, and compares it with the currently collected guest's characteristic information to be verified.
  • the authentication access control deletes the acquired biometric information, thereby Ensure that no biometric information is retained on authenticated access control and security devices throughout the process. On the one hand, it can ensure that the user's biometric information will not be leaked by the hotel access control, protecting user privacy from being leaked. On the other hand, it can also make the operation of the authentication access control easier. For hotels all over the country and even the world, there is no need to pre-store With the guest's biometric information, any guest can perform access control authentication. In addition, through biometric comparison, it can be ensured that the guest who has passed the verification of the authentication access control is the guest who holds the security device. Since the authentication access control does not need to send biometric information to the background for comparison, the authentication access control can complete all the authentication processes locally, so that the authentication device can be used offline, further improving the convenience of using the authentication device.
  • This embodiment provides an access control authentication system for preventing privacy leakage and an access control authentication device for preventing privacy leakage.
  • the access control authentication system and access control authentication device can implement the access control authentication method provided in Embodiment 1.
  • This embodiment only briefly describes the structure of the access control authentication system and the access control authentication device. For other unfinished matters, please refer to the description in Embodiment 1.
  • FIG. 2 is a schematic structural diagram of an access control authentication device for preventing privacy leakage provided by this embodiment.
  • FIG. 3 to FIG. 5 are schematic structural diagrams of the access control authentication system for preventing privacy leakage provided by this embodiment.
  • the access control device for preventing privacy leakage includes:
  • Judgment module used to obtain the user ID from the security device held by the user, and judge whether the user ID is the access ID corresponding to the authentication access control; if so, trigger the collection module to collect the first biometric information to be verified of the user;
  • the collection module is used to collect the first biometric information to be verified of the user
  • An acquisition module configured to acquire the first user characteristic information obtained by calculating the first user's biometric information from the security device
  • the calculation module is used to obtain the first verification algorithm, and use the first verification algorithm to calculate the first biometric information to be verified to obtain the first characteristic information to be verified;
  • the processing module is used to locally compare the first feature information to be verified with the first user feature information, and after the comparison is consistent, determine that the authentication is passed, perform the door opening operation, and delete the locally stored biometric information to be verified.
  • the acquisition module acquires the first verification algorithm in the following manner:
  • the verification algorithm corresponding to the identification of the first verification algorithm is obtained locally; or, the authentication access control obtains the identification corresponding to the first verification algorithm from the background according to the identification of the first verification algorithm the verification algorithm; or, obtain the first verification algorithm from the security device.
  • the processing module is further configured to delete the locally stored first feature information to be verified and the first user feature information.
  • the access control authentication system for preventing privacy leakage includes: an access control device and a safety device for preventing privacy leakage; wherein: the safety device is used to send a user ID to the authentication access control; the safety device is also used for Sending the first user characteristic information obtained by calculating the biometric information of the first user to the authentication access control.
  • the access control authentication system for preventing privacy leakage includes: an access control device and a front terminal for preventing privacy leakage;
  • the judgment module of the authentication access control is used to judge whether the user ID is the access ID corresponding to the authentication access control, including: the authentication access control judgment module obtains the access ID from the front terminal, and judges whether the user ID corresponds to the authentication access control or, the judging module of the authentication access control stores the access ID sent by the foreground terminal, and judges whether the user ID is the corresponding access ID of the authentication access control.
  • the access control authentication system for preventing privacy leakage includes: the above-mentioned access control device for preventing privacy leakage, security equipment, and a front terminal.
  • the security device and the foreground terminal respectively perform the functions described in the relevant parts of FIG. 3 and FIG. 4 above, which will not be repeated here.
  • the front desk terminal is also used to collect the second verification ID of the user before obtaining the ID of the user.
  • Biometric information obtain the second user's biometric information from the security device held by the resident user and calculate the second user's characteristic information; obtain the second verification algorithm, and use the second verification algorithm to verify the second biometric information of the resident user to be verified.
  • the identification information is calculated to obtain the second feature information to be verified; the second feature information to be verified and the second user feature information are compared locally, and after the comparison is consistent, it is determined that the authentication is passed, and the second pending user's locally stored information is deleted. Verify the biometric information, and execute the operation that the front desk terminal obtains the ID of the check-in user.
  • the foreground terminal obtains the second verification algorithm in the following manner: the foreground terminal obtains the second verification algorithm according to the second verification algorithm obtained from the security device The identification of the verification algorithm obtains the verification algorithm corresponding to the identification of the second verification algorithm locally; or, the foreground terminal obtains the verification algorithm corresponding to the identification of the second verification algorithm from the background according to the identification of the second verification algorithm; or, the front terminal obtains the verification algorithm corresponding to the identification of the second verification algorithm from the background; The second verification algorithm is obtained from the security device.
  • the foreground terminal is also used to delete the locally stored second characteristic information to be verified and the second user characteristic information .
  • the access control authentication device and system for preventing privacy leakage no biometric information and calculated characteristic information will be stored in the local authentication access control, the front terminal local or the system background, that is, the first biometric information to be verified, the second Feature information to be verified and feature information of the first user. Only the user characteristic information corresponding to the user's biometric information is stored in the user's security device instead of the user's biometric information itself.
  • the authentication access control directly obtains the user's characteristic information from the security device, and compares it with the currently collected guest's characteristic information to be verified. After the authentication is completed, the authentication access control deletes the acquired biometric information, thereby Ensure that no biometric information is retained on authenticated access control and security devices throughout the process.
  • the hotel access control can ensure that the user's biometric information will not be leaked by the hotel access control, protecting user privacy from being leaked.
  • it can also make the operation of the authentication access control easier. For hotels all over the country and even the world, there is no need to pre-store With the guest's biometric information, any guest can perform access control authentication.
  • biometric comparison it can be ensured that the guest who has passed the verification of the authentication access control is the guest who holds the security device. Since the authentication access control does not need to send biometric information to the background for comparison, the authentication access control can complete all the authentication processes locally, so that the authentication device can be used offline, further improving the convenience of using the authentication device.
  • This embodiment provides an offline privacy leak prevention authentication method, as shown in Figure 6, including:
  • step S201 the authentication device collects biometric information to be verified.
  • the biometric information may be face, fingerprint, iris, palmprint and other information, and the authentication device uses the corresponding device to collect the corresponding biometric information.
  • the authentication device acquires user characteristic information calculated from the user's biometric identification information from the security device held by the user.
  • a user can hold a security device, which can uniquely identify the user itself.
  • the security device may have the function of a USB key, and a security chip may be provided in the security device to ensure the security of storage in the security device.
  • Users use their own security devices to pre-acquire feature information obtained by calculating their own biometric information. For example, after a user activates the security device, he collects the user's face information through the security device itself or other external devices, and uses The preset algorithm calculates the user's face information to obtain a feature value, and the security device stores the feature value of the face information and deletes the collected face information.
  • the authentication device when it needs to obtain user characteristic information for comparison, it may send a request for user characteristic information to the security device, and after receiving the request, the security device sends the user characteristic information to the authentication device.
  • step S203 the authentication device acquires a verification algorithm, and uses the verification algorithm to calculate the biometric information to be verified to obtain feature information to be verified.
  • the verification algorithm is consistent with the algorithm used by the previous security device to calculate the user characteristic information, so as to facilitate the comparison between the information to be verified and the user characteristic information.
  • the corresponding algorithm is obtained through the identification of the verification algorithm.
  • the authentication device may locally obtain the verification algorithm corresponding to the identifier according to the identifier; or the authentication device may obtain the verification algorithm corresponding to the identifier from the background according to the identifier.
  • the authentication device may also directly obtain the verification algorithm from the security device.
  • the verification algorithm used to calculate the user characteristic information is pre-stored in the security device, and the verification algorithm is sent to the authentication device at the same time as the user characteristic; it is also possible to send a request for the verification algorithm to the security device when the authentication device needs to use it.
  • the security device then sends the verification algorithm to the authentication device. Data security can be further ensured by storing the verification algorithm in a secure device.
  • step S204 the authentication device locally compares the feature information to be verified with the user feature information, and determines that the authentication is passed after the comparison is consistent. Specifically, if the current biometric information to be verified is indeed the user's own biometric information, the characteristic information to be verified calculated by using the biometric information to be verified should be consistent with the user characteristic information sent by the security device, that is, it can be passed certified.
  • step S205 the authentication device deletes the locally stored biometric information to be verified after passing the authentication. Specifically, in order to prevent the leakage of the biometric information to be verified, the authentication device should immediately delete the biometric information to be verified after passing the authentication. In an optional implementation manner, the authentication device should also delete the locally stored feature information to be verified and user feature information to further ensure that the biometric information is not leaked.
  • the authentication device does not need to upload the collected biometric information to be verified to the background server or other servers for verification, and the user does not need to save the user characteristic information used for comparison and verification.
  • the backup is in the background server, and even the user's security device only stores the user's characteristic information corresponding to the user's biometric information instead of the user's biometric information itself.
  • the authentication device directly obtains the user's characteristic information from the security device held by the user. Save biometric information.
  • the authentication device since the authentication device does not need to send biometric information to the background for comparison, the authentication device can complete all authentication processes locally, so that the authentication device can be used offline, further improving the convenience of using the authentication device.
  • the authentication device before the authentication device obtains the user characteristic information obtained by calculating the user's biometric information from the security device held by the user, it further includes: step S201a, the authentication device and the security device communicate with each other Verification, and verification passed. Specifically, this step can be completed before the step of the authentication device acquiring user characteristic information, or before the step of the authentication device acquiring biometric information to be verified. Through the mutual verification of the authentication device and the security device, the authenticity of the authentication device and the security device can be further verified to prevent information leakage.
  • the biometric information to be verified includes: first biometric information to be verified and second biometric information to be verified, the first biometric information to be verified is specific biometric information, and the second biometric information to be verified Verify biometrics as custom biometrics.
  • the biometric information to be verified includes two types of biometric information
  • the user characteristic information of the two types of biometric information should also be pre-stored in the security device held by the user.
  • the first biometric information to be verified may be standard facial information
  • the second biometric information to be verified may be facial information with expressions or other biometric information such as fingerprints.
  • the second biometric information to be verified can be customized by the user at any time. The user can choose to add the authentication of the customized biometric information in a certain authentication, or choose not to increase the authentication of the customized biometric information, and the user can Change the type of custom biometrics to increase the reliability of verification.
  • the authentication device judges whether the biometric information to be verified is preset information, and if it is preset information, performs a first preset operation.
  • the preset information is preset as specific facial expression information, for example, it can be information such as blinking multiple times in a row, blinking in turn, nodding multiple times in a row, etc.
  • you can set the operation corresponding to the preset information . For example, blinking three times in turn can be agreed as a warning action for the user to encounter an emergency, and when the authentication device detects the facial expression of the user, the alarm operation can be performed immediately.
  • the authentication device performs a second preset operation after passing the authentication.
  • the authentication device may be a payment device, the above steps may be verification steps in the payment process, and subsequent payment operations may be performed after the authentication is completed.
  • This embodiment also provides an offline privacy and anti-disclosure authentication system that implements the above method flow, as shown in FIG. 7 , including an authentication device and a security device held by a user.
  • the security device is used to pre-store user characteristic information obtained by calculating the user's biometric information; specifically, a user can hold a security device, which can uniquely identify the user itself.
  • the security device may have the function of a USB key, and a security chip may be provided in the security device to ensure the security of storage in the security device.
  • Users use their own security devices to pre-acquire feature information obtained by calculating their own biometric information. For example, after a user activates the security device, he collects the user's face information through the security device itself or other external devices, and uses The preset algorithm calculates the user's face information to obtain a feature value, and the security device stores the feature value of the face information and deletes the collected face information. It can be seen that only the characteristic information of the user's biometric identification information is stored in the security device without storing the biometric information itself, which can further ensure that the biometric information will not be leaked.
  • the authentication device is used to collect biometric information to be verified and obtain user characteristic information from the security device; specifically, when the authentication device needs to obtain user characteristic information for comparison, it can send a request for user characteristic information to the security device After receiving the request, the security device sends the user characteristic information to the authentication device.
  • the authentication device is also used to obtain a verification algorithm, using the verification algorithm to calculate the biometric information to be verified to obtain the characteristic information to be verified, compare the characteristic information to be verified with the user characteristic information locally, and determine that the authentication is passed after the comparison is consistent; Specifically, the verification algorithm is consistent with the algorithm used by the previous security device to calculate the user characteristic information, so as to facilitate the comparison between the information to be verified and the user characteristic information. If the current biometric information to be verified is indeed the user's own biometric information, the characteristic information to be verified calculated by using the biometric information to be verified should be consistent with the user characteristic information sent by the security device, that is, the authentication can be passed.
  • the corresponding algorithm is obtained through the identification of the verification algorithm.
  • the authentication device may locally obtain the verification algorithm corresponding to the identifier according to the identifier; or the authentication device may obtain the verification algorithm corresponding to the identifier from the background according to the identifier.
  • the authentication device may also directly obtain the verification algorithm from the security device.
  • the verification algorithm used to calculate the user characteristic information is pre-stored in the security device, and the verification algorithm is sent to the authentication device at the same time as the user characteristic; it is also possible to send a request for the verification algorithm to the security device when the authentication device needs to use it.
  • the security device then sends the verification algorithm to the authentication device. Data security can be further ensured by storing the verification algorithm in a secure device.
  • the authentication device is also used to delete the locally stored biometric information to be verified after the authentication is passed. Specifically, in order to prevent the leakage of the biometric information to be verified, the authentication device should immediately delete the biometric information to be verified after passing the authentication. In an optional implementation manner, the authentication device should also delete the locally stored feature information to be verified and user feature information to further ensure that the biometric information is not leaked.
  • the authentication device does not need to upload the collected biometric information to be verified to the background server or other servers for verification, and the user does not need to save the user characteristic information for comparison and verification.
  • the backup is in the background server, and even the user's security device only stores the user's characteristic information corresponding to the user's biometric information instead of the user's biometric information itself.
  • the authentication device directly obtains the user's characteristic information from the security device held by the user. Save biometric information.
  • the authentication device since the authentication device does not need to send biometric information to the background for comparison, the authentication device can complete all authentication processes locally, so that the authentication device can be used offline, further improving the convenience of using the authentication device.
  • the authentication device before the authentication device obtains the user characteristic information obtained by calculating the user's biometric information from the security device held by the user, the authentication device is also used to perform mutual authentication with the security device, And the verification is passed. Specifically, the authentication device may complete the authentication with the security device before acquiring user characteristic information, or complete the authentication with the security device before collecting the biometric information to be verified. Through the mutual verification of the authentication device and the security device, the authenticity of the authentication device and the security device can be further verified to prevent information leakage.
  • the biometric information to be verified includes: first biometric information to be verified and second biometric information to be verified, the first biometric information to be verified is specific biometric information, and the second biometric information to be verified Verify biometrics as custom biometrics.
  • the biometric information to be verified includes two types of biometric information
  • the user characteristic information of the two types of biometric information should also be pre-stored in the security device held by the user.
  • the first biometric information to be verified may be standard facial information
  • the second biometric information to be verified may be facial information with expressions or other biometric information such as fingerprints.
  • the second biometric information to be verified can be customized by the user at any time. The user can choose to add the authentication of the customized biometric information in a certain authentication, or choose not to increase the authentication of the customized biometric information, and the user can Change the type of custom biometrics to increase the reliability of verification.
  • the authentication device is further configured to determine whether the biometric information to be verified is preset information, and if it is preset information, perform a first preset operation.
  • the preset information is preset as specific facial expression information, for example, it can be information such as blinking multiple times in a row, blinking in turn, nodding multiple times in a row, etc.
  • you can set the operation corresponding to the preset information . For example, blinking three times in turn can be agreed as a warning action for the user to encounter an emergency, and when the authentication device detects the facial expression of the user, the alarm operation can be performed immediately.
  • the authentication device is further configured to execute a second preset operation after the authentication is passed.
  • the authentication device may be a payment device, the above operation may be a verification process in the payment process, and subsequent payment operations may be performed after the authentication is completed.

Landscapes

  • Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Collating Specific Patterns (AREA)

Abstract

Procédé, appareil et système d'authentification de contrôle d'accès pour empêcher une fuite de confidentialité, le procédé comprenant : une commande d'accès d'authentification acquérant un identifiant utilisateur à partir d'un dispositif de sécurité détenu par un utilisateur de vérification, et déterminant si l'identifiant utilisateur est un identifiant d'accès correspondant à la commande d'accès d'authentification (S101) ; si tel est le cas, la collecte de premières informations biométriques à vérifier de l'utilisateur de vérification (S102) ; l'acquisition, à partir du dispositif de sécurité, de premières informations de caractéristiques d'utilisateur obtenues au moyen d'un calcul sur les premières informations biométriques d'utilisateur (S103) ; l'acquisition d'un premier algorithme de vérification, et le calcul desdites premières informations biométriques au moyen de l'utilisation du premier algorithme de vérification, de façon à obtenir des premières informations de caractéristiques à vérifier (S104) ; et la comparaison localement desdites premières informations de caractéristiques avec les premières informations de caractéristiques d'utilisateur, et après que le résultat de la comparaison indique que lesdites premières informations de caractéristiques et les premières informations de caractéristiques d'utilisateur sont cohérentes, la détermination que l'authentification est réussie, l'exécution d'une opération d'ouverture de porte, et la suppression desdites premières informations biométriques qui sont stockées localement (S105).
PCT/CN2022/089773 2021-05-11 2022-04-28 Procédé, appareil et système d'authentification de contrôle d'accès pour empêcher une fuite de confidentialité WO2022237550A1 (fr)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN202110513327.9A CN115329300A (zh) 2021-05-11 2021-05-11 一种可脱机隐私防泄露认证方法和系统
CN202110513327.9 2021-05-11
CN202110513328.3A CN115331344A (zh) 2021-05-11 2021-05-11 一种防止隐私泄露的门禁认证方法、装置及系统
CN202110513328.3 2021-05-11

Publications (1)

Publication Number Publication Date
WO2022237550A1 true WO2022237550A1 (fr) 2022-11-17

Family

ID=84027994

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/089773 WO2022237550A1 (fr) 2021-05-11 2022-04-28 Procédé, appareil et système d'authentification de contrôle d'accès pour empêcher une fuite de confidentialité

Country Status (1)

Country Link
WO (1) WO2022237550A1 (fr)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436247A (zh) * 2007-11-12 2009-05-20 中国长城计算机深圳股份有限公司 一种基于uefi的生物身份识别方法及系统
KR20150056711A (ko) * 2013-11-15 2015-05-27 주식회사 카티스 출입자 생체정보를 가지는 스마트 출입카드를 이용한 출입 관리 시스템 및 방법
CN105389871A (zh) * 2015-11-14 2016-03-09 合肥骇虫信息科技有限公司 一种门禁系统
CN109903433A (zh) * 2019-01-31 2019-06-18 武汉天喻聚联网络有限公司 一种基于人脸识别的门禁系统及门禁控制方法
CN209460835U (zh) * 2019-03-27 2019-10-01 北京一维大成科技有限公司 一种门禁系统
CN112396743A (zh) * 2020-11-06 2021-02-23 山东黄金矿业(莱州)有限公司三山岛金矿 基于信息卡边缘计算比对的门禁管控系统和方法

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101436247A (zh) * 2007-11-12 2009-05-20 中国长城计算机深圳股份有限公司 一种基于uefi的生物身份识别方法及系统
KR20150056711A (ko) * 2013-11-15 2015-05-27 주식회사 카티스 출입자 생체정보를 가지는 스마트 출입카드를 이용한 출입 관리 시스템 및 방법
CN105389871A (zh) * 2015-11-14 2016-03-09 合肥骇虫信息科技有限公司 一种门禁系统
CN109903433A (zh) * 2019-01-31 2019-06-18 武汉天喻聚联网络有限公司 一种基于人脸识别的门禁系统及门禁控制方法
CN209460835U (zh) * 2019-03-27 2019-10-01 北京一维大成科技有限公司 一种门禁系统
CN112396743A (zh) * 2020-11-06 2021-02-23 山东黄金矿业(莱州)有限公司三山岛金矿 基于信息卡边缘计算比对的门禁管控系统和方法

Similar Documents

Publication Publication Date Title
RU2718226C2 (ru) Системы и способы безопасного обращения с биометрическими данными
US9189612B2 (en) Biometric verification with improved privacy and network performance in client-server networks
CN106612259B (zh) 身份识别、业务处理以及生物特征信息的处理方法和设备
US20180247313A1 (en) Fingerprint security element (se) module and payment verification method
CN109741509B (zh) 一种双重认证的人脸门禁系统及信息认证方法
CN103646201A (zh) 一种人脸组合身份验证方法
JP2006209697A (ja) 個人認証システム、この個人認証システムに使用される認証装置、および個人認証方法
CA2636453A1 (fr) Jeton biometrique multisysteme
CN111815833A (zh) 一种基于智能识别与加密技术的酒店门禁认证系统
JP7151928B2 (ja) 認証サーバ、認証サーバの制御方法及びプログラム
CN106936775A (zh) 一种基于指纹识别的认证方法及系统
CN115758398A (zh) 门禁数据处理方法、装置、门禁系统及存储介质
CN114547589A (zh) 保护隐私的用户注册、用户认证方法及装置
KR20040082674A (ko) 이중 생체 인증 시스템 및 방법
CN112329004A (zh) 一种人脸识别及人脸密码的方法、装置
US12019719B2 (en) Method and electronic device for authenticating a user
WO2022237550A1 (fr) Procédé, appareil et système d'authentification de contrôle d'accès pour empêcher une fuite de confidentialité
JPH10240691A (ja) ネットワークセキュリティシステム
CN104009843A (zh) 一种令牌终端和方法
WO2022237546A1 (fr) Procédé d'authentification hors ligne de caractéristiques biométriques variables, dispositif et système
US20210397687A1 (en) Method for authenticating a user on client equipment
JP7248184B2 (ja) サーバ、システム、方法及びプログラム
CN109005158B (zh) 基于模糊保险箱的动态手势认证系统的认证方法
TWI736280B (zh) 基於生物特徵的身分驗證方法
EP4246404A2 (fr) Système, dispositif utilisateur et procédé pour transaction électronique

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22806519

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 22806519

Country of ref document: EP

Kind code of ref document: A1