WO2018148900A1 - Fingerprint identification-based authentication method and device, and transaction system - Google Patents
Fingerprint identification-based authentication method and device, and transaction system Download PDFInfo
- Publication number
- WO2018148900A1 WO2018148900A1 PCT/CN2017/073771 CN2017073771W WO2018148900A1 WO 2018148900 A1 WO2018148900 A1 WO 2018148900A1 CN 2017073771 W CN2017073771 W CN 2017073771W WO 2018148900 A1 WO2018148900 A1 WO 2018148900A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- fingerprint
- transaction
- terminal
- server
- key
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
- G06Q20/401—Transaction verification
- G06Q20/4014—Identity check for transactions
- G06Q20/40145—Biometric identity checks
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/12—Fingerprints or palmprints
- G06V40/1365—Matching; Classification
Definitions
- the technical solution disclosed in the present application relates to the field of electronic technologies, and in particular, to a fingerprint identification-based verification method, apparatus, and transaction system.
- self-service trading terminals for example, ATM (Automatic Teller Machine), Pos (Point Of Sale)] make people's consumption more convenient.
- the self-service transaction terminal in the prior art mainly judges whether to conduct a transaction by verifying the password of the account. Since the transaction account and the transaction password of the user are easily stolen, it is a big hidden danger to judge whether to conduct the transaction by verifying the transaction password of the transaction account. In addition, in the prior art, when a transaction abnormality occurs in a self-service transaction terminal, it is difficult to acquire information for identifying a trader.
- the technical solution disclosed in the present application can solve at least the following technical problems: (1) judging whether to conduct a transaction by verifying the password of the account, there is a big hidden danger; (2) when the transaction terminal of the self-service transaction is abnormal, it is difficult to obtain To identify the trader's information.
- One or more embodiments of the present application disclose a fingerprint identification-based verification method, including: receiving a fingerprint verification request related to a transaction account; extracting one or more pre-stored corresponding to the transaction account a fingerprint template, and the fingerprint sample uploaded by the transaction terminal and the one or more fingerprints The template is compared; when the fingerprint sample matches any one of the one or more fingerprint templates, the fingerprint verification passes; when the fingerprint sample and the one or more fingerprint templates are not When the same, the fingerprint verification failed.
- the method further includes: determining whether the number of failed fingerprint verification attempts of the fingerprint sample reaches a preset number of times; and the number of times the fingerprint verification fails to reach a preset number of times
- the fingerprint sample is determined as an abnormal fingerprint sample and stored.
- the method further includes: receiving a transaction key request issued by the transaction terminal; generating an transaction public key and a transaction private by using an asymmetric encryption algorithm according to the transaction key request a key; storing the transaction private key locally and returning the transaction public key to the transaction terminal.
- the transaction terminal encrypts the uploaded fingerprint sample by the transaction public key; and the method further includes: the fingerprint sample uploaded by the transaction terminal The encrypted fingerprint sample is decrypted using the transaction private key before the one or more fingerprint templates are compared.
- the method further includes: receiving a fingerprint registration request initiated by the fingerprint entry terminal; performing priority determination on the fingerprint input terminal according to the terminal ID of the fingerprint entry terminal, and After the priority judgment passes, the fingerprint registration mode is entered; the fingerprint data collected and uploaded by the fingerprint input terminal is received; the one or more fingerprint templates are generated according to the fingerprint data, and the one or more The fingerprint template is encrypted and stored, and an association relationship between the one or more fingerprint templates and the transaction account is established.
- the method further includes: receiving a fingerprint registration key request from the fingerprint entry terminal; and applying fingerprint registration generated by an asymmetric encryption algorithm according to the fingerprint registration key application The public key and the fingerprint register the private key; storing the fingerprint registration private key locally, Returning the fingerprint registration public key to the fingerprint input terminal; the fingerprint input terminal encrypts the uploaded fingerprint data by using the fingerprint registration public key; after receiving the encrypted fingerprint data, the server adopts the The fingerprint registration private key is decrypted.
- the storage key is generated using a symmetric encryption algorithm, and the one or more fingerprint templates are encrypted and stored together with the account information of the transaction account.
- a fingerprint identification-based verification apparatus which is applied to a server, and includes: a server transceiver module, configured to receive a fingerprint verification request related to a transaction account; and a fingerprint verification module For extracting one or more fingerprint templates corresponding to the transaction account that are pre-stored, and comparing the fingerprint samples uploaded by the transaction terminal with the one or more fingerprint templates; When any one of the one or more fingerprint templates matches, the fingerprint verification passes; when the fingerprint sample is different from the one or more fingerprint templates, the fingerprint verification fails.
- a server transceiver module configured to receive a fingerprint verification request related to a transaction account
- a fingerprint verification module For extracting one or more fingerprint templates corresponding to the transaction account that are pre-stored, and comparing the fingerprint samples uploaded by the transaction terminal with the one or more fingerprint templates; When any one of the one or more fingerprint templates matches, the fingerprint verification passes; when the fingerprint sample is different from the one or more fingerprint templates, the fingerprint verification fails.
- the device further includes: a transaction exception processing module, configured to determine whether the number of failed fingerprint verification attempts of the fingerprint sample reaches a preset number of times; When the number of passes reaches a preset number of times, the fingerprint sample is determined as an abnormal fingerprint sample and stored.
- a transaction exception processing module configured to determine whether the number of failed fingerprint verification attempts of the fingerprint sample reaches a preset number of times; When the number of passes reaches a preset number of times, the fingerprint sample is determined as an abnormal fingerprint sample and stored.
- the server transceiver module is further configured to receive a transaction key request sent by the transaction terminal; the device further includes a key module, configured to use the transaction key according to the transaction key Requesting, generating a transaction public key and a transaction private key using an asymmetric encryption algorithm; storing the transaction private key locally, and returning the transaction public key to the transaction terminal.
- the transaction terminal encrypts the uploaded fingerprint sample by using the transaction public key; and the fingerprint verification module uploads the fingerprint sample uploaded by the transaction terminal with the one Before the plurality of fingerprint templates are compared, the server transceiver module is further used for using the The transaction private key decrypts the encrypted fingerprint sample.
- the server transceiver module is further configured to receive a fingerprint registration request initiated by the fingerprint entry terminal; the device further includes a fingerprint registration module, configured to enter the terminal of the terminal according to the fingerprint The ID is used to determine the priority of the fingerprint entry terminal, and enters the fingerprint registration mode after the priority determination is passed; when the server transceiver module receives the fingerprint data collected and uploaded by the fingerprint entry terminal, the fingerprint registration The module is further configured to generate the one or more fingerprint templates according to the fingerprint data; the device further includes a storage module, where the storage module encrypts and stores the one or more fingerprint templates by using a storage key, and establishes The association relationship between the one or more fingerprint templates and the transaction account.
- the server transceiver module is further configured to receive a fingerprint registration key request from the fingerprint entry terminal; the fingerprint registration module is further configured to register a key according to the fingerprint Applying, using a fingerprint registration public key and a fingerprint registration private key generated by an asymmetric encryption algorithm; storing the fingerprint registration private key locally, and returning the fingerprint registration public key to the fingerprint input terminal;
- the uploaded fingerprint data is encrypted by the fingerprint registration public key; the server transceiver module uses the fingerprint registration private key to decrypt after receiving the encrypted fingerprint data.
- the storage module when the storage module encrypts the one or more fingerprint templates by using a storage key, the storage key is generated by a symmetric encryption algorithm, and the one or The plurality of fingerprint templates are encrypted and stored together with the account information of the transaction account.
- One or more embodiments of the present application disclose a fingerprint identification-based transaction device, which is applied to a transaction terminal, including: an information reading module for reading information of a transaction account; and a fingerprint collection module for collecting fingerprint samples.
- Transaction terminal transceiver module configured to send the read transaction account information, the fingerprint verification request related to the transaction account, and the collected fingerprint sample to the server, and receive the service End feedback; a transaction control module for controlling completion or termination of a transaction based on feedback from the server.
- the transaction terminal transceiver module is further configured to send a transaction key request to the server, and receive a transaction public key fed back by the server; the transaction terminal transceiver module is further used to use the The transaction public key encrypts the fingerprint sample; the transaction terminal transceiver module is further configured to send the encrypted fingerprint sample to the server.
- a fingerprint entry device which is applied to a fingerprint entry terminal, and includes: a fingerprint entry module, configured to acquire information of a transaction account, collect fingerprint data, and retrieve a terminal ID of the fingerprint entry terminal;
- the fingerprint entry terminal transceiver module is configured to send the transaction account information, the fingerprint data, and the terminal ID to the server, and receive feedback from the server.
- the apparatus further includes a control module, configured to initiate a fingerprint registration key request to the server; before the fingerprint data is entered, the control module negotiates with the server, so that the server generates The fingerprint registration public key and the fingerprint registration private key used for data encryption transmission; the server stores the generated fingerprint registration private key locally, and returns the fingerprint registration public key to the fingerprint input terminal transceiver module.
- a control module configured to initiate a fingerprint registration key request to the server; before the fingerprint data is entered, the control module negotiates with the server, so that the server generates The fingerprint registration public key and the fingerprint registration private key used for data encryption transmission; the server stores the generated fingerprint registration private key locally, and returns the fingerprint registration public key to the fingerprint input terminal transceiver module.
- One or more embodiments of the present application disclose a transaction system including: at least one fingerprint entry terminal, at least one server, and at least one transaction terminal; wherein the at least one fingerprint entry terminal includes any one of the fingerprint entries described above
- the at least one server includes any one of the above-described fingerprint recognition-based verification devices and/or performs any of the above-described fingerprint recognition-based verification methods; the at least one transaction terminal includes any one of the above-described fingerprint recognition-based Trading device.
- one or more fingerprint templates of the transaction account are stored prior to fingerprint verification.
- fingerprint verification when receiving the fingerprint verification request corresponding to the transaction account, comprising: extracting one or more fingerprint templates of the stored transaction account; and extracting a fingerprint sample uploaded by the transaction terminal
- the fingerprint sample is compared with the one or more fingerprint templates.
- the fingerprint verification passes. Since the probability of human fingerprint repetition is extremely low and not easily stolen, embodiments of the present application enhance the security of user transactions.
- the fingerprint sample is different from any one of the one or more fingerprint templates, the fingerprint verification fails.
- the fingerprint sample is stored when the number of times the fingerprint verification fails is reached a preset number of times. Accordingly, the embodiment of the present application can obtain information for identifying a trader when a transaction abnormality occurs at the transaction terminal, which is advantageous for identifying and tracking the trader in case of abnormal transaction.
- FIG. 1 is a schematic diagram of a fingerprint identification-based verification device and a fingerprint entry device according to an embodiment of the present application
- FIG. 2 is a flow chart of interaction between a server and a fingerprint entry terminal according to an embodiment of the present application
- FIG. 3 is a schematic diagram of a fingerprint identification based verification device and a fingerprint identification based transaction device according to an embodiment of the present application;
- FIG. 4 is a flow chart of interaction between a server and a transaction terminal in an embodiment of the present application
- FIG. 5 is a schematic diagram of a transaction system in another embodiment of the present application.
- FIG. 6 is a flowchart of a method for performing a fingerprint identification-based verification method by a server in another embodiment of the present application Figure.
- the fingerprint identification-based verification device is applied to the server.
- the fingerprint entry device is applied to a fingerprint entry terminal.
- the server may be one or more servers.
- the fingerprint entry terminal may be a registration terminal of a transaction account such as a bank card account or an electronic transaction account (for example, an Alipay account). In some embodiments of the present application, the above registered terminal may also function as a transaction terminal.
- the verification device illustrated in FIG. 1 includes a server transceiver module 31, a fingerprint registration module 32, a storage module 33, a fingerprint verification module 34, a transaction exception processing module 35, and a key module 36.
- each of the above modules is implemented in a TEE (Trusted Execution Environment) of the server.
- the server transceiver module 31 receives a fingerprint verification request related to the transaction account.
- the fingerprint verification module 34 extracts one or more fingerprint templates corresponding to the transaction account that are stored in advance, and compares the fingerprint samples uploaded by the transaction terminal with the one or more fingerprint templates. When the fingerprint sample matches any one of the one or more fingerprint templates, the fingerprint verification passes. When the fingerprint sample is different from the one or more fingerprint templates, the fingerprint verification fails.
- the fingerprint identification-based verification device may implement the function of fingerprint verification by using only the server transceiver module 31 and the fingerprint verification module 34 described above.
- the transaction exception processing module 35 determines whether the number of failed fingerprint verification attempts of the fingerprint sample reaches a preset number of times. When the number of times the fingerprint verification fails is reached a preset number of times, the fingerprint sample is determined as an abnormal fingerprint sample and stored.
- the transaction exception processing module 35 may also store remaining information of the trader, such as transaction account information of the bank card, transaction time, transaction location, biometrics of the trader's face, and the like.
- the transaction exception handling module 35 stores fingerprint samples and remaining information of the trader in a computer storage medium communicatively coupled to the server for the purpose of fingerprint samples and remaining information of the trader. Make backups to keep your data safe.
- the key module 36 When the server transceiver module 31 receives the transaction key request sent by the transaction terminal, the key module 36 generates an transaction public key and a transaction private key by using an asymmetric encryption algorithm according to the transaction key request. The transaction private key is stored locally and the transaction public key is returned to the transaction terminal. The transaction terminal encrypts the uploaded fingerprint sample by the transaction public key. Before the fingerprint verification module 34 compares the fingerprint sample uploaded by the transaction terminal with the one or more fingerprint templates, the server transceiver module 31 is further configured to encrypt the transaction private key pair. The fingerprint sample is decrypted.
- the fingerprint registration module 32 When the server transceiver module 31 receives the fingerprint registration request initiated by the fingerprint entry terminal, the fingerprint registration module 32 performs priority determination on the fingerprint entry terminal according to the terminal ID (unique identification code) of the fingerprint entry terminal, and prioritizes After the level determination is passed, the fingerprint registration mode is entered; when the server transceiver module 31 receives the fingerprint data collected and uploaded by the fingerprint entry terminal, the fingerprint registration module 32 generates the one or more according to the fingerprint data. Fingerprint template. Then the storage module 33 And storing the one or more fingerprint templates by using a storage key, and establishing an association relationship between the one or more fingerprint templates and the transaction account.
- the association relationship between one or more fingerprint templates and the transaction account is a mapping relationship. For example, one or more fingerprint templates corresponding thereto are found according to the transaction account.
- the fingerprint registration module 32 When the server transceiver module 31 receives the fingerprint registration key request from the fingerprint entry terminal, the fingerprint registration module 32 applies the fingerprint registration public key and fingerprint generated by the asymmetric encryption algorithm according to the fingerprint registration key application. Registering the private key, then storing the fingerprint registration private key locally, and returning the fingerprint registration public key to the fingerprint entry terminal. The fingerprint entry terminal encrypts the uploaded fingerprint data by using the fingerprint registration public key. The server transceiver module 31 uses the fingerprint registration private key to decrypt after receiving the encrypted fingerprint data.
- the storage module 33 uses the storage key to encrypt and store the one or more fingerprint templates
- the storage key is generated by using a symmetric encryption algorithm, and the one or more The fingerprint template is encrypted and stored together with the account information of the transaction account.
- the server stores a transaction password for the transaction account.
- the server performs password verification.
- the fingerprint identification verification device verifies the fingerprint sample through the fingerprint verification module 34, and the user can complete the transaction operation at the transaction terminal only when the verification fingerprint sample passes.
- the above-described fingerprint identification verification apparatus enhances the security of the transaction as compared with the transaction password of only verifying the transaction account to determine whether or not to conduct the transaction.
- the verification device for fingerprint identification described above stores the fingerprint sample and the remaining information of the trader by the transaction abnormality processing module 35, when the number of times the fingerprint verification fails has reached a preset number of times. Therefore, when a transaction abnormality occurs in the self-service transaction terminal, the information for identifying the trader can be acquired from the transaction abnormality processing module 35, which is advantageous for combating criminal behavior.
- the fingerprint entry device illustrated in FIG. 1 includes: a fingerprint entry module 11 and a fingerprint input terminal transceiver module Block 12 and control module 13.
- the fingerprint entry module 11 and the fingerprint entry terminal transceiver module 12 are implemented in a TEE (Trusted Execution Environment) of the fingerprint entry terminal, and the control module 13 is in some possible implementations TEE is external.
- TEE Trusted Execution Environment
- the fingerprint entry module 11 is configured to acquire information of a transaction account, collect fingerprint data, and retrieve a terminal ID of the fingerprint entry terminal.
- the fingerprint entry terminal transceiver module 12 is configured to send information of the transaction account, the fingerprint data, and the terminal ID to the server, and receive feedback from the server.
- the control module 13 is configured to control a fingerprint input working mode of the fingerprint input device, and control interaction logic between the fingerprint input terminal and the server.
- the fingerprint registration key application is initiated to the server; before the fingerprint data is entered, the control module 13 negotiates with the server, so that the server generates a fingerprint registration public key and a fingerprint registration private key for data encryption transmission.
- the server stores the generated fingerprint registration private key locally, and returns the fingerprint registration public key to the fingerprint entry terminal transceiver module 12.
- the fingerprint entry terminal transceiver module 12 receives the fingerprint registration public key, and encrypts the fingerprint data by using the fingerprint registration public key, and then the fingerprint input terminal transceiver module 12 sends the encrypted fingerprint data to the service. end.
- the fingerprint input terminal transceiver module 12 of the fingerprint entry device encrypts the fingerprint data by using the fingerprint registration public key, which is beneficial to enhancing information security of the fingerprint data.
- the server includes, but is not limited to, any one of the above embodiments, which is based on a fingerprint identification.
- the fingerprint entry terminal includes, but is not limited to, any of the fingerprint entry devices of the above embodiments.
- the user completes the setting of the bank card password and the fingerprint template at the fingerprint entry terminal.
- the interaction between the server and the fingerprint entry terminal includes:
- the fingerprint entry terminal reads the bank card information and sends the bank card information to the server.
- the bank card information includes a user's transaction account information and the like.
- the user sets the password through the fingerprint entry terminal. Set.
- the server synchronizes data with the fingerprint input terminal, that is, the server stores the password of the user, and forms a correspondence relationship between the password and the transaction account information of the user.
- the server determines whether the user has set a password successfully.
- the password setting fails, the user ends the setting of the bank card password and the fingerprint template at the fingerprint entry terminal.
- Reasons for failure of user password settings include, but are not limited to, inconsistent passwords entered before and after the user.
- the fingerprint entry terminal requests the server to generate a transaction key, including a transaction public key and a transaction private key.
- the transaction public key is used to encrypt a fingerprint sample
- the transaction private key is used to decrypt the fingerprint sample.
- the server After receiving the request for generating the transaction key, the server generates the transaction public key and the transaction private key, and feeds back the transaction public key to the fingerprint entry terminal.
- the server and the fingerprint entry terminal enter the fingerprint registration mode.
- the server determines, according to the terminal ID of the fingerprint entry terminal, whether the fingerprint entry terminal is a high priority fingerprint entry terminal.
- the high priority fingerprint entry terminal refers to a fingerprint entry terminal that has the fingerprint template registration authority.
- the user ends the setting of the fingerprint template at the fingerprint entry terminal.
- the fingerprint entry terminal collects user N (generally 8-20) fingerprint samples, and N is an integer ⁇ 1.
- the server After receiving the N fingerprint samples of the user, the server generates X fingerprint templates for the user, X ⁇ N.
- the server generates a storage key (a symmetric encryption algorithm may be employed) and encrypts the X fingerprint templates using the storage key.
- the server stores a fingerprint template, and the fingerprint template forms a corresponding relationship with the transaction account information of the user. After the server stores the fingerprint template, the user can end the setting of the bank card password and the fingerprint template at the fingerprint entry terminal.
- FIG. 3 it is a schematic diagram of a fingerprint identification based verification device and a transaction device according to an embodiment of the present application.
- the verification device is applied to the server.
- the fingerprint identification based transaction device application At the trading terminal.
- the server may be one or more servers.
- the transaction terminal may be a transaction terminal of a transaction account such as a bank card account or an electronic transaction account (for example, an Alipay account).
- the transaction terminal described above may also function as a registration terminal.
- the transaction device illustrated in FIG. 3 includes an information reading module 21, a fingerprint collection module 22, a transaction terminal transceiver module 23, and a transaction control module 24.
- the information reading module 21 is configured to read information of the transaction account.
- the fingerprint collection module 22 is configured to collect fingerprint samples.
- the transaction device does not include the information reading module 21.
- the transaction device can remotely receive information of the transaction account. For example, when the carrier of such a transaction device is a device such as a mobile terminal, the user can log in to the transaction account by scanning the two-dimensional code.
- the transaction terminal transceiver module 23 is configured to send the read transaction account information, the fingerprint verification request related to the transaction account, and the collected fingerprint sample to the server, and receive feedback from the server.
- the transaction control module 24 is configured to control completion or terminate the transaction according to the feedback of the server.
- the transaction terminal transceiver module 23 is further configured to send a transaction key request to the server, and receive the transaction public key fed back by the server.
- the transaction terminal transceiver module 23 is further configured to encrypt the fingerprint sample by using the transaction public key, and the transaction terminal transceiver module 23 sends the encrypted fingerprint sample to the server.
- the above-mentioned fingerprint identification-based transaction device encrypts the fingerprint sample by using the transaction public key by the transaction terminal transceiver module 23, which is beneficial to enhancing information security of the fingerprint sample.
- the module configuration of the fingerprint recognition-based verification device illustrated in FIG. 3 and its function are the same as those of the fingerprint recognition-based verification device illustrated in FIG. 1, and are not described herein.
- the fingerprint identification based verification device may be used only in some embodiments of the present application to implement the fingerprint verification function in the above embodiments.
- the fingerprint registration function of the verification device in the above embodiment can be implemented by a separate device.
- Server table One or more servers are used to implement the fingerprint verification function in the above embodiment, and another server or multiple servers are used to implement the fingerprint registration function in the above embodiment.
- the server includes, but is not limited to, any one of the above embodiments, which is based on a fingerprint identification.
- the transaction terminal includes, but is not limited to, any one of the above embodiments based on the fingerprint recognition based transaction device.
- the interaction between the server and the transaction terminal includes:
- the transaction terminal reads the bank card information and sends the bank card information to the server.
- the bank card information includes a user's transaction account information and the like.
- the server After receiving the transaction account information of the user, the server synchronizes with the transaction terminal, that is, receives the password input by the user through the transaction terminal, and searches the database for the transaction account information of the user according to the transaction account information of the user. Corresponding data, including passwords.
- the password is verified when the password entered by the user through the transaction terminal is received. When the password verification fails, it is judged whether to continue to check the password. If you need to continue the password verification, receive the password entered by the user again, and then perform password verification. When the number of times the password is verified exceeds the preset number of times, the password is not continuously verified and the transaction is ended.
- the transaction terminal requests the server to generate a transaction key, including the transaction public key and the transaction private key.
- the transaction public key is used to encrypt a fingerprint sample
- the transaction private key is used to decrypt the fingerprint sample.
- the server After receiving the request for generating the transaction key, the server generates the transaction public key and the transaction private key, and feeds back the transaction public key to the transaction terminal.
- the server and the transaction terminal enter the fingerprint recognition mode.
- the server loads all fingerprint templates corresponding to the bank card.
- the transaction terminal collects a fingerprint sample of the user, and sends the fingerprint sample to The server.
- the server After receiving the fingerprint sample, the server verifies the fingerprint sample according to all fingerprint templates corresponding to the bank card. When the verification fingerprint sample does not pass, the server determines the number of times the fingerprint sample is verified. If the number of times the fingerprint sample is verified does not exceed the preset number of times M (M is an integer of ⁇ 1), the transaction terminal continues to collect the fingerprint sample of the user. . The server verifies the fingerprint sample again until the number of times the fingerprint sample is verified exceeds the preset number of times M. If the number of times the fingerprint sample is verified exceeds the preset number of times M, the server stores information such as a fingerprint sample, such as transaction account information of the bank card, transaction time, transaction location, and biometrics of the face of the trader.
- M is an integer of ⁇ 1
- the verification fingerprint sample passes, the verification of the password and the fingerprint sample ends this time, and the user performs the remaining transaction operations through the transaction terminal.
- the interaction process between the server and the transaction terminal not only verifies the password but also verifies the fingerprint sample, thereby enhancing the security of the transaction.
- the server stores information such as fingerprint samples, which is beneficial to combat crime.
- the transaction system of FIG. 5 includes at least one fingerprint entry terminal 100, at least one server 300, and at least one transaction terminal 200.
- the at least one fingerprint entry terminal 100 includes any one of the above-mentioned embodiments; the at least one server 300 includes any one of the above-described embodiments; the at least one transaction terminal 200 includes the above Any of the transaction devices of the embodiments.
- the at least one fingerprint entry terminal 100 is used for account registration, at least one fingerprint sample is collected, and the at least one fingerprint sample is sent to the at least one server.
- the at least one transaction terminal 200 is used for transaction, the transaction account information is read, the fingerprint sample is collected, and the fingerprint sample and the fingerprint verification request are sent to the at least one server.
- the fingerprint entry terminal 100 and the transaction terminal 200 can be implemented by one terminal.
- FIG. 6 a flowchart of performing a fingerprint identification-based verification method by a server in another embodiment of the present application.
- the server performs a fingerprint identification based verification method including:
- Step 1 Receive a fingerprint verification request related to the transaction account.
- Step 2 Extract one or more fingerprint templates corresponding to the transaction account that are pre-stored, and compare the fingerprint samples uploaded by the transaction terminal with the one or more fingerprint templates.
- the user's identity information (user's name, address, date of birth, etc.)
- the user's fingerprint information is bound to the user's transaction account.
- the user's fingerprint information is verified during the transaction of the user through the transaction account, that is, the server verifies whether the fingerprint information of the user collected by the transaction terminal is related to the transaction account information of the user and the fingerprint information collected by the fingerprint input terminal when the user registers ( That is, the fingerprint template in step 2) matches. This is beneficial to enhance the security of the user to conduct transactions at the transaction terminal through the transaction account.
- Step 3 When the fingerprint sample matches any one of the one or more fingerprint templates, the fingerprint verification passes; when the fingerprint sample is different from the one or more fingerprint templates The fingerprint verification failed.
- the method further includes: determining whether the number of failed fingerprint verification attempts of the fingerprint sample reaches a preset number of times; when the number of times the fingerprint verification fails to reach a preset number of times, The fingerprint sample is determined to be an abnormal fingerprint sample and stored.
- the transaction account information of the trader's bank card, the transaction time, the transaction location, the biometrics of the trader's face, and the like may also be stored. This helps to enhance the traceability of the transaction.
- the method further includes: receiving a transaction key request issued by the transaction terminal; generating an transaction public key and a transaction private key by using an asymmetric encryption algorithm according to the transaction key request;
- the transaction private key is stored locally and the transaction public key is returned to the transaction terminal.
- the transaction terminal encrypts the uploaded fingerprint sample by using the transaction public key; and the method further includes: before comparing the fingerprint sample uploaded by the transaction terminal with the one or more fingerprint templates, The encrypted fingerprint sample is decrypted using the transaction private key.
- the asymmetric encryption algorithm requires two keys: a public key (publickey) and a private key (privatekey); the public key and the private key are a pair. If the data is encrypted with a public key, only the corresponding private key can be used to decrypt. If the data is encrypted with a private key, it can only be decrypted with the corresponding public key.
- the method further includes: receiving a fingerprint registration request initiated by the fingerprint entry terminal; performing priority determination on the fingerprint input terminal according to the terminal ID of the fingerprint entry terminal, and determining the priority After entering the fingerprint registration mode, receiving the fingerprint data collected and uploaded by the fingerprint entry terminal; generating the one or more fingerprint templates according to the fingerprint data, and performing the one or more fingerprint templates by using a storage key Encrypting storage, and establishing an association relationship of the one or more fingerprint templates with the transaction account.
- the method further includes: receiving a fingerprint registration key request from the fingerprint entry terminal; and applying a fingerprint registration public key generated by an asymmetric encryption algorithm according to the fingerprint registration key application
- the fingerprint registration private key is stored locally, and the fingerprint registration public key is returned to the fingerprint input terminal; the fingerprint input terminal encrypts the uploaded fingerprint data by using the fingerprint registration public key;
- the server uses the fingerprint registration private key for decryption.
- the storage key is generated by using a symmetric encryption algorithm, and the one or more fingerprint templates are encrypted and stored together with the account information of the transaction account.
- the data sender partially encrypts the plaintext (original data) together with the encryption key.
- the algorithm After the algorithm is processed, it becomes a complex encrypted ciphertext and is sent out. After receiving the ciphertext, if the receiving party wants to interpret the original text, it needs to decrypt the ciphertext by using the encrypted used key and the inverse algorithm of the same algorithm to restore it to readable plaintext.
- the fingerprint identification-based verification method in the above embodiment mainly has the following technical effects: since the probability of human fingerprint repetition is extremely low and is not easily stolen, the fingerprint identification-based verification method in the above embodiment performs fingerprinting. Verification enhances the security of user transactions. In addition, the fingerprint identification-based verification method in the above embodiment can obtain information for identifying a trader when a transaction abnormality occurs in the transaction terminal, which is advantageous for identifying the trader in case of abnormal transaction.
- Computer instructions and/or data for implementing the various embodiments described above may be stored in a computer readable medium or transmitted as one or more instructions or code on a readable medium.
- Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one location to another.
- a storage medium can be any available media that can be stored by a computer.
- the computer readable medium can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, disk storage media or other magnetic storage device, or can be carried or stored in the form of an instruction or data structure.
- any connection can suitably be a computer readable medium.
- coaxial cable For example, if the software is transmitted from a website, server, or other remote source using coaxial cable, optical brazing, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave, then coaxial Cables, optical braces, twisted pairs, DSL, or wireless technologies such as infrared, wireless, and microwave are included in the definition of the medium to which they belong.
- coaxial Cables, optical braces, twisted pairs, DSL, or wireless technologies such as infrared, wireless, and microwave are included in the definition of the medium to which they belong.
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Computer Security & Cryptography (AREA)
- General Business, Economics & Management (AREA)
- Human Computer Interaction (AREA)
- Multimedia (AREA)
- Collating Specific Patterns (AREA)
Abstract
The present invention relates to the technical field of electronics, and relates to a fingerprint identification-based authentication method and device, and transaction system. The method comprises: receiving a fingerprint authentication request associated with a transaction account (1); retrieving one or more pre-stored fingerprint templates corresponding to the transaction account, and comparing a fingerprint sample uploaded by a transaction terminal against the one or more fingerprint templates (2); if the fingerprint sample matches any one of the one or more fingerprint templates, then determining that fingerprint authentication is successful, and otherwise determining that the fingerprint authentication fails (3). The method enables acquisition of information used to identify a transaction user to facilitate authentication of the transaction user in a case of an abnormal transaction.
Description
本申请公开的技术方案涉及电子技术领域,尤其涉及基于指纹识别的校验方法、装置、以及交易系统。The technical solution disclosed in the present application relates to the field of electronic technologies, and in particular, to a fingerprint identification-based verification method, apparatus, and transaction system.
目前,自助的交易终端【例如,ATM(Automatic Teller Machine,自动取款机)、Pos机(Point Of Sale,销售终端)】让人们的消费变得更加的便捷。At present, self-service trading terminals [for example, ATM (Automatic Teller Machine), Pos (Point Of Sale)] make people's consumption more convenient.
发明人在研究本申请的过程中发现,现有技术中自助的交易终端主要通过校验账号的密码来判断是否进行交易。由于用户的交易账号与交易密码容易被窃取,因此通过校验交易账号的交易密码来判断是否进行交易,存在较大的隐患。此外,现有技术中当自助的交易终端出现交易异常时,难以获取用于识别交易者的信息。In the process of studying the present application, the inventor found that the self-service transaction terminal in the prior art mainly judges whether to conduct a transaction by verifying the password of the account. Since the transaction account and the transaction password of the user are easily stolen, it is a big hidden danger to judge whether to conduct the transaction by verifying the transaction password of the transaction account. In addition, in the prior art, when a transaction abnormality occurs in a self-service transaction terminal, it is difficult to acquire information for identifying a trader.
发明内容Summary of the invention
本申请公开的技术方案至少能够解决以下技术问题:(1)通过校验账号的密码来判断是否进行交易,存在较大的隐患;(2)当自助的交易终端出现交易异常时,难以获取用于识别交易者的信息。The technical solution disclosed in the present application can solve at least the following technical problems: (1) judging whether to conduct a transaction by verifying the password of the account, there is a big hidden danger; (2) when the transaction terminal of the self-service transaction is abnormal, it is difficult to obtain To identify the trader's information.
本申请的一个或者多个实施例公开了一种基于指纹识别的校验方法,包括:接收与交易账号相关的指纹校验请求;提取预先存储的与所述交易账号相对应的一个或多个指纹模板,并将交易终端上传的指纹样本与所述一个或多个指纹
模板进行比对;当所述指纹样本与所述一个或多个指纹模板中的任意一个指纹模板相匹配时,指纹校验通过;当所述指纹样本与所述一个或多个指纹模板都不相同时,指纹校验未通过。One or more embodiments of the present application disclose a fingerprint identification-based verification method, including: receiving a fingerprint verification request related to a transaction account; extracting one or more pre-stored corresponding to the transaction account a fingerprint template, and the fingerprint sample uploaded by the transaction terminal and the one or more fingerprints
The template is compared; when the fingerprint sample matches any one of the one or more fingerprint templates, the fingerprint verification passes; when the fingerprint sample and the one or more fingerprint templates are not When the same, the fingerprint verification failed.
在本申请的一个或者多个实施例中,所述方法还包括:判断所述指纹样本的指纹校验未通过次数是否达到预设次数;在所述指纹校验未通过的次数达到预设次数时,将所述指纹样本确定为异常指纹样本并存储。In one or more embodiments of the present application, the method further includes: determining whether the number of failed fingerprint verification attempts of the fingerprint sample reaches a preset number of times; and the number of times the fingerprint verification fails to reach a preset number of times The fingerprint sample is determined as an abnormal fingerprint sample and stored.
在本申请的一个或者多个实施例中,所述方法还包括:接收所述交易终端发出的交易密钥请求;根据所述交易密钥请求,采用非对称加密算法生成交易公钥和交易私钥;将所述交易私钥存储在本地,并将所述交易公钥返回给所述交易终端。In one or more embodiments of the present application, the method further includes: receiving a transaction key request issued by the transaction terminal; generating an transaction public key and a transaction private by using an asymmetric encryption algorithm according to the transaction key request a key; storing the transaction private key locally and returning the transaction public key to the transaction terminal.
在本申请的一个或者多个实施例中,所述交易终端对上传的指纹样本通过所述交易公钥进行加密;并且,所述方法还包括:在将所述交易终端上传的指纹样本与所述一个或多个指纹模板进行比对之前,使用所述交易私钥对加密后的所述指纹样本进行解密。In one or more embodiments of the present application, the transaction terminal encrypts the uploaded fingerprint sample by the transaction public key; and the method further includes: the fingerprint sample uploaded by the transaction terminal The encrypted fingerprint sample is decrypted using the transaction private key before the one or more fingerprint templates are compared.
在本申请的一个或者多个实施例中,所述方法还包括:接收指纹录入终端发起的指纹注册请求;根据所述指纹录入终端的终端ID对所述指纹录入终端进行优先级判断,并在优先级判断通过之后进入指纹注册模式;接收所述指纹录入终端采集并上传的指纹数据;根据所述指纹数据生成所述一个或多个指纹模板,并利用存储密钥对所述一个或多个指纹模板进行加密存储,以及建立所述一个或多个指纹模板与所述交易账号的关联关系。In one or more embodiments of the present application, the method further includes: receiving a fingerprint registration request initiated by the fingerprint entry terminal; performing priority determination on the fingerprint input terminal according to the terminal ID of the fingerprint entry terminal, and After the priority judgment passes, the fingerprint registration mode is entered; the fingerprint data collected and uploaded by the fingerprint input terminal is received; the one or more fingerprint templates are generated according to the fingerprint data, and the one or more The fingerprint template is encrypted and stored, and an association relationship between the one or more fingerprint templates and the transaction account is established.
在本申请的一个或者多个实施例中,所述方法还包括:接收来自所述指纹录入终端的指纹注册密钥申请;根据所述指纹注册密钥申请,采用非对称加密算法生成的指纹注册公钥和指纹注册私钥;将所述指纹注册私钥存储在本地,
并将所述指纹注册公钥返回给所述指纹录入终端;指纹录入终端对上传的指纹数据通过所述指纹注册公钥进行加密;服务端在接收到加密后的所述指纹数据之后,采用所述指纹注册私钥进行解密。In one or more embodiments of the present application, the method further includes: receiving a fingerprint registration key request from the fingerprint entry terminal; and applying fingerprint registration generated by an asymmetric encryption algorithm according to the fingerprint registration key application The public key and the fingerprint register the private key; storing the fingerprint registration private key locally,
Returning the fingerprint registration public key to the fingerprint input terminal; the fingerprint input terminal encrypts the uploaded fingerprint data by using the fingerprint registration public key; after receiving the encrypted fingerprint data, the server adopts the The fingerprint registration private key is decrypted.
在本申请的一个或者多个实施例中,所述存储密钥采用对称加密算法生成,且所述一个或多个指纹模板与所述交易账号的账号信息一起进行加密存储。In one or more embodiments of the present application, the storage key is generated using a symmetric encryption algorithm, and the one or more fingerprint templates are encrypted and stored together with the account information of the transaction account.
本申请的一个或者多个实施例公开了一种基于指纹识别的校验装置,应用于服务端,包括:服务端收发模块,用于接收与交易账号相关的指纹校验请求;指纹校验模块,用于提取预先存储的与所述交易账号相对应的一个或多个指纹模板,并将交易终端上传的指纹样本与所述一个或多个指纹模板进行比对;当所述指纹样本与所述一个或多个指纹模板中的任意一个指纹模板相匹配时,指纹校验通过;当所述指纹样本与所述一个或多个指纹模板都不相同时,指纹校验未通过。One or more embodiments of the present application disclose a fingerprint identification-based verification apparatus, which is applied to a server, and includes: a server transceiver module, configured to receive a fingerprint verification request related to a transaction account; and a fingerprint verification module For extracting one or more fingerprint templates corresponding to the transaction account that are pre-stored, and comparing the fingerprint samples uploaded by the transaction terminal with the one or more fingerprint templates; When any one of the one or more fingerprint templates matches, the fingerprint verification passes; when the fingerprint sample is different from the one or more fingerprint templates, the fingerprint verification fails.
在本申请的一个或者多个实施例中,所述装置还包括:交易异常处理模块,用于判断所述指纹样本的指纹校验未通过次数是否达到预设次数;在所述指纹校验未通过的次数达到预设次数时,将所述指纹样本确定为异常指纹样本并存储。In one or more embodiments of the present application, the device further includes: a transaction exception processing module, configured to determine whether the number of failed fingerprint verification attempts of the fingerprint sample reaches a preset number of times; When the number of passes reaches a preset number of times, the fingerprint sample is determined as an abnormal fingerprint sample and stored.
在本申请的一个或者多个实施例中,所述服务端收发模块还用于接收所述交易终端发出的交易密钥请求;所述装置还包括密钥模块,用于根据所述交易密钥请求,采用非对称加密算法生成交易公钥和交易私钥;将所述交易私钥存储在本地,并将所述交易公钥返回给所述交易终端。In one or more embodiments of the present application, the server transceiver module is further configured to receive a transaction key request sent by the transaction terminal; the device further includes a key module, configured to use the transaction key according to the transaction key Requesting, generating a transaction public key and a transaction private key using an asymmetric encryption algorithm; storing the transaction private key locally, and returning the transaction public key to the transaction terminal.
在本申请的一个或者多个实施例中,所述交易终端对上传的指纹样本通过所述交易公钥进行加密;在所述指纹校验模块将所述交易终端上传的指纹样本与所述一个或多个指纹模板进行比对之前,所述服务端收发模块还用于使用所
述交易私钥对加密后的所述指纹样本进行解密。In one or more embodiments of the present application, the transaction terminal encrypts the uploaded fingerprint sample by using the transaction public key; and the fingerprint verification module uploads the fingerprint sample uploaded by the transaction terminal with the one Before the plurality of fingerprint templates are compared, the server transceiver module is further used for using the
The transaction private key decrypts the encrypted fingerprint sample.
在本申请的一个或者多个实施例中,所述服务端收发模块还用于接收指纹录入终端发起的指纹注册请求;所述装置还包括指纹注册模块,用于根据所述指纹录入终端的终端ID对所述指纹录入终端进行优先级判断,并在优先级判断通过之后进入指纹注册模式;当所述服务端收发模块接收到所述指纹录入终端采集并上传的指纹数据时,所述指纹注册模块还用于根据所述指纹数据生成所述一个或多个指纹模板;所述装置还包括存储模块,所述存储模块利用存储密钥对所述一个或多个指纹模板进行加密存储,以及建立所述一个或多个指纹模板与所述交易账号的关联关系。In one or more embodiments of the present application, the server transceiver module is further configured to receive a fingerprint registration request initiated by the fingerprint entry terminal; the device further includes a fingerprint registration module, configured to enter the terminal of the terminal according to the fingerprint The ID is used to determine the priority of the fingerprint entry terminal, and enters the fingerprint registration mode after the priority determination is passed; when the server transceiver module receives the fingerprint data collected and uploaded by the fingerprint entry terminal, the fingerprint registration The module is further configured to generate the one or more fingerprint templates according to the fingerprint data; the device further includes a storage module, where the storage module encrypts and stores the one or more fingerprint templates by using a storage key, and establishes The association relationship between the one or more fingerprint templates and the transaction account.
在本申请的一个或者多个实施例中,所述服务端收发模块还用于接收来自所述指纹录入终端的指纹注册密钥申请;所述指纹注册模块还用于根据所述指纹注册密钥申请,采用非对称加密算法生成的指纹注册公钥和指纹注册私钥;将所述指纹注册私钥存储在本地,并将所述指纹注册公钥返回给所述指纹录入终端;指纹录入终端对上传的指纹数据通过所述指纹注册公钥进行加密;所述服务端收发模块在接收到加密后的所述指纹数据之后采用所述指纹注册私钥进行解密。In one or more embodiments of the present application, the server transceiver module is further configured to receive a fingerprint registration key request from the fingerprint entry terminal; the fingerprint registration module is further configured to register a key according to the fingerprint Applying, using a fingerprint registration public key and a fingerprint registration private key generated by an asymmetric encryption algorithm; storing the fingerprint registration private key locally, and returning the fingerprint registration public key to the fingerprint input terminal; The uploaded fingerprint data is encrypted by the fingerprint registration public key; the server transceiver module uses the fingerprint registration private key to decrypt after receiving the encrypted fingerprint data.
在本申请的一个或者多个实施例中,所述存储模块利用存储密钥对所述一个或多个指纹模板进行加密存储时,所述存储密钥采用对称加密算法生成,且所述一个或多个指纹模板与所述交易账号的账号信息一起进行加密存储。In one or more embodiments of the present application, when the storage module encrypts the one or more fingerprint templates by using a storage key, the storage key is generated by a symmetric encryption algorithm, and the one or The plurality of fingerprint templates are encrypted and stored together with the account information of the transaction account.
本申请的一个或者多个实施例公开了一种基于指纹识别的交易装置,应用于交易终端,包括:信息读取模块,用于读取交易账号的信息;指纹采集模块,用于采集指纹样本;交易终端收发模块,用于向服务端发送读取到的交易账号的信息、与交易账号相关的指纹校验请求以及采集到的指纹样本,并接收服务
端的反馈;交易控制模块,用于根据服务端的反馈,控制完成或者终止交易。One or more embodiments of the present application disclose a fingerprint identification-based transaction device, which is applied to a transaction terminal, including: an information reading module for reading information of a transaction account; and a fingerprint collection module for collecting fingerprint samples. Transaction terminal transceiver module, configured to send the read transaction account information, the fingerprint verification request related to the transaction account, and the collected fingerprint sample to the server, and receive the service
End feedback; a transaction control module for controlling completion or termination of a transaction based on feedback from the server.
在本申请的一个或者多个实施例中,所述交易终端收发模块还用于向服务端发送交易密钥请求,接收服务端反馈的交易公钥;所述交易终端收发模块还用于使用所述交易公钥对所述指纹样本进行加密;所述交易终端收发模块还用于将加密后的所述指纹样本发送到服务端。In one or more embodiments of the present application, the transaction terminal transceiver module is further configured to send a transaction key request to the server, and receive a transaction public key fed back by the server; the transaction terminal transceiver module is further used to use the The transaction public key encrypts the fingerprint sample; the transaction terminal transceiver module is further configured to send the encrypted fingerprint sample to the server.
本申请的一个或者多个实施例公开了一种指纹录入装置,应用于指纹录入终端,包括:指纹录入模块,用于获取交易账号的信息,采集指纹数据,调取指纹录入终端的终端ID;指纹录入终端收发模块,用于向服务端发送交易账号的信息、所述指纹数据以及所述终端ID,并接收服务端的反馈。One or more embodiments of the present application disclose a fingerprint entry device, which is applied to a fingerprint entry terminal, and includes: a fingerprint entry module, configured to acquire information of a transaction account, collect fingerprint data, and retrieve a terminal ID of the fingerprint entry terminal; The fingerprint entry terminal transceiver module is configured to send the transaction account information, the fingerprint data, and the terminal ID to the server, and receive feedback from the server.
在本申请的一个或者多个实施例中,所述装置还包括控制模块,用于向服务端发起指纹注册密钥申请;在入指纹数据之前所述控制模块与服务端协商,使得服务端生成用于数据加密传输的指纹注册公钥和指纹注册私钥;服务端将生成的指纹注册私钥存储在本地,而将指纹注册公钥返回给所述指纹录入终端收发模块。In one or more embodiments of the present application, the apparatus further includes a control module, configured to initiate a fingerprint registration key request to the server; before the fingerprint data is entered, the control module negotiates with the server, so that the server generates The fingerprint registration public key and the fingerprint registration private key used for data encryption transmission; the server stores the generated fingerprint registration private key locally, and returns the fingerprint registration public key to the fingerprint input terminal transceiver module.
本申请的一个或者多个实施例公开了一种交易系统,包括:至少一个指纹录入终端、至少一个服务端以及至少一个交易终端;其中,所述至少一个指纹录入终端包括上述任意一种指纹录入装置;所述至少一个服务端包括上述任意一种基于指纹识别的校验装置和/或执行上述任意一种基于指纹识别的校验方法;所述至少一个交易终端包括上述任意一种基于指纹识别的交易装置。One or more embodiments of the present application disclose a transaction system including: at least one fingerprint entry terminal, at least one server, and at least one transaction terminal; wherein the at least one fingerprint entry terminal includes any one of the fingerprint entries described above The at least one server includes any one of the above-described fingerprint recognition-based verification devices and/or performs any of the above-described fingerprint recognition-based verification methods; the at least one transaction terminal includes any one of the above-described fingerprint recognition-based Trading device.
与现有技术相比,本申请公开的技术方案主要有以下有益效果:Compared with the prior art, the technical solution disclosed in the present application mainly has the following beneficial effects:
在本申请的实施例中,在进行指纹校验前存储交易账号的一个或多个指纹模板。当接收到与所述交易账号相对应的指纹校验请求时进行指纹校验,包括:提取存储的所述交易账号的一个或多个指纹模板;提取交易终端上传的指纹样
本;将所述指纹样本与所述一个或多个指纹模板进行比对。当所述指纹样本与所述一个或多个指纹模板中的任意一个指纹模板相同时,指纹校验通过。由于人体指纹重复的概率极低且不容易被窃取,因此本申请的实施例增强了用户交易的安全性。当所述指纹样本与所述一个或多个指纹模板中的任意一个指纹模板都不相同时,指纹校验未通过。当所述指纹校验未通过的次数达到预设次数时,存储所述指纹样本。据此,本申请的实施例在交易终端出现交易异常时,能够获取到用于识别交易者的信息,有利于在交易异常的情况下对交易者进行鉴定和追踪。In an embodiment of the present application, one or more fingerprint templates of the transaction account are stored prior to fingerprint verification. Performing fingerprint verification when receiving the fingerprint verification request corresponding to the transaction account, comprising: extracting one or more fingerprint templates of the stored transaction account; and extracting a fingerprint sample uploaded by the transaction terminal
The fingerprint sample is compared with the one or more fingerprint templates. When the fingerprint sample is identical to any one of the one or more fingerprint templates, the fingerprint verification passes. Since the probability of human fingerprint repetition is extremely low and not easily stolen, embodiments of the present application enhance the security of user transactions. When the fingerprint sample is different from any one of the one or more fingerprint templates, the fingerprint verification fails. The fingerprint sample is stored when the number of times the fingerprint verification fails is reached a preset number of times. Accordingly, the embodiment of the present application can obtain information for identifying a trader when a transaction abnormality occurs at the transaction terminal, which is advantageous for identifying and tracking the trader in case of abnormal transaction.
为了更清楚地说明本申请实施例的技术方案,下面将对实施例中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其它的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings used in the embodiments will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present application. One of ordinary skill in the art can also obtain other drawings based on these drawings without paying for inventive labor.
图1为本申请的一实施例中基于指纹识别的校验装置与指纹录入装置的示意图;1 is a schematic diagram of a fingerprint identification-based verification device and a fingerprint entry device according to an embodiment of the present application;
图2为本申请的一实施例中服务端与指纹录入终端的交互流程图;2 is a flow chart of interaction between a server and a fingerprint entry terminal according to an embodiment of the present application;
图3为本申请的一实施例中基于指纹识别的校验装置与基于指纹识别的交易装置的示意图;3 is a schematic diagram of a fingerprint identification based verification device and a fingerprint identification based transaction device according to an embodiment of the present application;
图4为本申请的一实施例中服务端与交易终端的交互流程图;4 is a flow chart of interaction between a server and a transaction terminal in an embodiment of the present application;
图5为本申请的另一实施例中交易系统的示意图;Figure 5 is a schematic diagram of a transaction system in another embodiment of the present application;
图6为本申请的另一实施例中服务端执行基于指纹识别的校验方法的流程
图。6 is a flowchart of a method for performing a fingerprint identification-based verification method by a server in another embodiment of the present application
Figure.
为了便于理解本申请,下面将参照相关附图对本申请进行更全面的描述。附图中给出了本申请的较佳实施例。但是,本申请可以以许多不同的形式来实现,并不限于本文所描述的实施例。相反地,提供这些实施例的目的是使对本申请的公开内容的理解更加透彻全面。In order to facilitate the understanding of the present application, the present application will be described more fully hereinafter with reference to the accompanying drawings. Preferred embodiments of the present application are shown in the drawings. However, the application can be embodied in many different forms and is not limited to the embodiments described herein. Rather, these embodiments are provided so that the understanding of the disclosure of the present application will be more thorough.
除非另有定义,本文所使用的所有的技术和科学术语与属于本申请的技术领域的技术人员通常理解的含义相同。本文中在本申请的说明书中所使用的术语只是为了描述具体的实施例的目的,不是旨在于限制本申请。All technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention applies, unless otherwise defined. The terminology used herein is for the purpose of describing particular embodiments, and is not intended to be limiting.
参考图1,为本申请的一实施例中基于指纹识别的校验装置与指纹录入装置的示意图。其中,所述基于指纹识别的校验装置应用于服务端。所述指纹录入装置应用于指纹录入终端。所述服务端可以是一台或者多台的服务器。所述指纹录入终端可以是银行卡账号、电子交易账号(例如,支付宝账号)等交易账号的注册终端。在本申请的一些实施例中,上述注册终端还可以充当交易终端。1 is a schematic diagram of a fingerprint identification-based verification device and a fingerprint entry device according to an embodiment of the present application. The fingerprint identification-based verification device is applied to the server. The fingerprint entry device is applied to a fingerprint entry terminal. The server may be one or more servers. The fingerprint entry terminal may be a registration terminal of a transaction account such as a bank card account or an electronic transaction account (for example, an Alipay account). In some embodiments of the present application, the above registered terminal may also function as a transaction terminal.
图1中示意的校验装置包括:服务端收发模块31、指纹注册模块32、存储模块33、指纹校验模块34、交易异常处理模块35以及密钥模块36。在一些可能的实现方式中,上述各个模块在服务端的TEE(Trusted Execution Environment)中实现。The verification device illustrated in FIG. 1 includes a server transceiver module 31, a fingerprint registration module 32, a storage module 33, a fingerprint verification module 34, a transaction exception processing module 35, and a key module 36. In some possible implementations, each of the above modules is implemented in a TEE (Trusted Execution Environment) of the server.
其中,服务端收发模块31接收与交易账号相关的指纹校验请求。指纹校验模块34提取预先存储的与所述交易账号相对应的一个或多个指纹模板,并将交易终端上传的指纹样本与所述一个或多个指纹模板进行比对。当所述指纹样本与所述一个或多个指纹模板中的任意一个指纹模板相匹配时,指纹校验通过。
当所述指纹样本与所述一个或多个指纹模板都不相同时,指纹校验未通过。在本申请的一些实施例中,基于指纹识别的校验装置可以只采用上述服务端收发模块31和指纹校验模块34实现其指纹校验的功能。The server transceiver module 31 receives a fingerprint verification request related to the transaction account. The fingerprint verification module 34 extracts one or more fingerprint templates corresponding to the transaction account that are stored in advance, and compares the fingerprint samples uploaded by the transaction terminal with the one or more fingerprint templates. When the fingerprint sample matches any one of the one or more fingerprint templates, the fingerprint verification passes.
When the fingerprint sample is different from the one or more fingerprint templates, the fingerprint verification fails. In some embodiments of the present application, the fingerprint identification-based verification device may implement the function of fingerprint verification by using only the server transceiver module 31 and the fingerprint verification module 34 described above.
交易异常处理模块35判断所述指纹样本的指纹校验未通过次数是否达到预设次数。在所述指纹校验未通过的次数达到预设次数时,将所述指纹样本确定为异常指纹样本并存储。所述交易异常处理模块35还可以存储交易者的其余信息,例如银行卡的交易账号信息、交易时间、交易地点、交易者脸部的生物特征等。The transaction exception processing module 35 determines whether the number of failed fingerprint verification attempts of the fingerprint sample reaches a preset number of times. When the number of times the fingerprint verification fails is reached a preset number of times, the fingerprint sample is determined as an abnormal fingerprint sample and stored. The transaction exception processing module 35 may also store remaining information of the trader, such as transaction account information of the bank card, transaction time, transaction location, biometrics of the trader's face, and the like.
在本申请的一些实施例中,所述交易异常处理模块35将指纹样本以及交易者的其余信息存储到与所述服务端通信相连的计算机存储介质中,以便对指纹样本以及交易者的其余信息进行备份,确保数据安全。In some embodiments of the present application, the transaction exception handling module 35 stores fingerprint samples and remaining information of the trader in a computer storage medium communicatively coupled to the server for the purpose of fingerprint samples and remaining information of the trader. Make backups to keep your data safe.
当服务端收发模块31接收到所述交易终端发出的交易密钥请求时,所述密钥模块36根据所述交易密钥请求,采用非对称加密算法生成交易公钥和交易私钥,将所述交易私钥存储在本地,并将所述交易公钥返回给所述交易终端。所述交易终端对上传的指纹样本通过所述交易公钥进行加密。在所述指纹校验模块34将所述交易终端上传的指纹样本与所述一个或多个指纹模板进行比对之前,所述服务端收发模块31还用于使用所述交易私钥对加密后的所述指纹样本进行解密。When the server transceiver module 31 receives the transaction key request sent by the transaction terminal, the key module 36 generates an transaction public key and a transaction private key by using an asymmetric encryption algorithm according to the transaction key request. The transaction private key is stored locally and the transaction public key is returned to the transaction terminal. The transaction terminal encrypts the uploaded fingerprint sample by the transaction public key. Before the fingerprint verification module 34 compares the fingerprint sample uploaded by the transaction terminal with the one or more fingerprint templates, the server transceiver module 31 is further configured to encrypt the transaction private key pair. The fingerprint sample is decrypted.
当服务端收发模块31接收到指纹录入终端发起的指纹注册请求时,指纹注册模块32根据所述指纹录入终端的终端ID(唯一标识码)对所述指纹录入终端进行优先级判断,并在优先级判断通过之后进入指纹注册模式;当所述服务端收发模块31接收到所述指纹录入终端采集并上传的指纹数据时,所述指纹注册模块32根据所述指纹数据生成所述一个或多个指纹模板。然后存储模块33利
用存储密钥对所述一个或多个指纹模板进行加密存储,以及建立所述一个或多个指纹模板与所述交易账号的关联关系。一般而言,一个或多个指纹模板与所述交易账号的关联关系是一种映射关系。例如,根据所述交易账号找到与之对应的一个或多个指纹模板。When the server transceiver module 31 receives the fingerprint registration request initiated by the fingerprint entry terminal, the fingerprint registration module 32 performs priority determination on the fingerprint entry terminal according to the terminal ID (unique identification code) of the fingerprint entry terminal, and prioritizes After the level determination is passed, the fingerprint registration mode is entered; when the server transceiver module 31 receives the fingerprint data collected and uploaded by the fingerprint entry terminal, the fingerprint registration module 32 generates the one or more according to the fingerprint data. Fingerprint template. Then the storage module 33
And storing the one or more fingerprint templates by using a storage key, and establishing an association relationship between the one or more fingerprint templates and the transaction account. In general, the association relationship between one or more fingerprint templates and the transaction account is a mapping relationship. For example, one or more fingerprint templates corresponding thereto are found according to the transaction account.
当服务端收发模块31接收到来自所述指纹录入终端的指纹注册密钥申请时,所述指纹注册模块32根据所述指纹注册密钥申请,采用非对称加密算法生成的指纹注册公钥和指纹注册私钥,然后将所述指纹注册私钥存储在本地,并将所述指纹注册公钥返回给所述指纹录入终端。指纹录入终端对上传的指纹数据通过所述指纹注册公钥进行加密。所述服务端收发模块31在接收到加密后的所述指纹数据之后采用所述指纹注册私钥进行解密。When the server transceiver module 31 receives the fingerprint registration key request from the fingerprint entry terminal, the fingerprint registration module 32 applies the fingerprint registration public key and fingerprint generated by the asymmetric encryption algorithm according to the fingerprint registration key application. Registering the private key, then storing the fingerprint registration private key locally, and returning the fingerprint registration public key to the fingerprint entry terminal. The fingerprint entry terminal encrypts the uploaded fingerprint data by using the fingerprint registration public key. The server transceiver module 31 uses the fingerprint registration private key to decrypt after receiving the encrypted fingerprint data.
在本申请的一些实施例中,所述存储模块33利用存储密钥对所述一个或多个指纹模板进行加密存储时,所述存储密钥采用对称加密算法生成,且所述一个或多个指纹模板与所述交易账号的账号信息一起进行加密存储。In some embodiments of the present application, when the storage module 33 uses the storage key to encrypt and store the one or more fingerprint templates, the storage key is generated by using a symmetric encryption algorithm, and the one or more The fingerprint template is encrypted and stored together with the account information of the transaction account.
在本申请的一些实施例中,服务端存储有交易账号的交易密码。当接收到与所述交易账号相对应的密码校验请求时,服务端进行密码校验。In some embodiments of the present application, the server stores a transaction password for the transaction account. When receiving the password verification request corresponding to the transaction account, the server performs password verification.
上述实施例中指纹识别的校验装置通过指纹校验模块34来对指纹样本进行校验,只有当校验指纹样本通过时,用户才能够在交易终端完成交易的操作。与只通过校验交易账号的交易密码来判断是否进行交易相比,上述指纹识别的校验装置增强了交易的安全性。此外,上述指纹识别的校验装置通过交易异常处理模块35,在所述指纹校验未通过的次数达到预设次数时,存储所述指纹样本以及交易者的其余信息。因而,在自助的交易终端出现交易异常时,可以从交易异常处理模块35中获取用于识别交易者的信息,有利于打击犯罪行为。In the above embodiment, the fingerprint identification verification device verifies the fingerprint sample through the fingerprint verification module 34, and the user can complete the transaction operation at the transaction terminal only when the verification fingerprint sample passes. The above-described fingerprint identification verification apparatus enhances the security of the transaction as compared with the transaction password of only verifying the transaction account to determine whether or not to conduct the transaction. In addition, the verification device for fingerprint identification described above stores the fingerprint sample and the remaining information of the trader by the transaction abnormality processing module 35, when the number of times the fingerprint verification fails has reached a preset number of times. Therefore, when a transaction abnormality occurs in the self-service transaction terminal, the information for identifying the trader can be acquired from the transaction abnormality processing module 35, which is advantageous for combating criminal behavior.
图1中示意的指纹录入装置包括:指纹录入模块11、指纹录入终端收发模
块12以及控制模块13。在一些可能的实现方式中,所述指纹录入模块11和指纹录入终端收发模块12在指纹录入终端的TEE(Trusted Execution Environment)中实现,而所述控制模块13在一些可能的实现方式中相对于TEE外置。The fingerprint entry device illustrated in FIG. 1 includes: a fingerprint entry module 11 and a fingerprint input terminal transceiver module
Block 12 and control module 13. In some possible implementations, the fingerprint entry module 11 and the fingerprint entry terminal transceiver module 12 are implemented in a TEE (Trusted Execution Environment) of the fingerprint entry terminal, and the control module 13 is in some possible implementations TEE is external.
指纹录入模块11用于获取交易账号的信息,采集指纹数据,调取指纹录入终端的终端ID。指纹录入终端收发模块12用于向服务端发送交易账号的信息、所述指纹数据以及所述终端ID,并接收服务端的反馈。The fingerprint entry module 11 is configured to acquire information of a transaction account, collect fingerprint data, and retrieve a terminal ID of the fingerprint entry terminal. The fingerprint entry terminal transceiver module 12 is configured to send information of the transaction account, the fingerprint data, and the terminal ID to the server, and receive feedback from the server.
所述控制模块13用于控制指纹录入装置的指纹录入工作模式,以及控制指纹录入终端与服务端的交互逻辑。例如:向服务端发起指纹注册密钥申请;在录入指纹数据之前所述控制模块13与服务端协商,使得服务端生成用于数据加密传输的指纹注册公钥和指纹注册私钥。服务端将生成的指纹注册私钥存储在本地,而将指纹注册公钥返回给所述指纹录入终端收发模块12。所述指纹录入终端收发模块12接收指纹注册公钥,并通过所述指纹注册公钥对所述指纹数据进行加密,然后所述指纹录入终端收发模块12将加密后的所述指纹数据发送到服务端。The control module 13 is configured to control a fingerprint input working mode of the fingerprint input device, and control interaction logic between the fingerprint input terminal and the server. For example, the fingerprint registration key application is initiated to the server; before the fingerprint data is entered, the control module 13 negotiates with the server, so that the server generates a fingerprint registration public key and a fingerprint registration private key for data encryption transmission. The server stores the generated fingerprint registration private key locally, and returns the fingerprint registration public key to the fingerprint entry terminal transceiver module 12. The fingerprint entry terminal transceiver module 12 receives the fingerprint registration public key, and encrypts the fingerprint data by using the fingerprint registration public key, and then the fingerprint input terminal transceiver module 12 sends the encrypted fingerprint data to the service. end.
上述指纹录入装置的指纹录入终端收发模块12通过所述指纹注册公钥对所述指纹数据进行加密,有利于加强指纹数据的信息安全。The fingerprint input terminal transceiver module 12 of the fingerprint entry device encrypts the fingerprint data by using the fingerprint registration public key, which is beneficial to enhancing information security of the fingerprint data.
参考图2,为本申请的一实施例中服务端与指纹录入终端的交互流程图。其中,服务端包括但不限于上述实施例中任意一种基于指纹识别的校验装置。指纹录入终端包括但不限于上述实施例中任意一种指纹录入装置。2 is a flow chart of interaction between a server and a fingerprint entry terminal according to an embodiment of the present application. The server includes, but is not limited to, any one of the above embodiments, which is based on a fingerprint identification. The fingerprint entry terminal includes, but is not limited to, any of the fingerprint entry devices of the above embodiments.
如图2中所展示的,用户在指纹录入终端完成银行卡密码和指纹模板的设置。在上述过程中,服务端与指纹录入终端的交互内容包括:As shown in FIG. 2, the user completes the setting of the bank card password and the fingerprint template at the fingerprint entry terminal. In the above process, the interaction between the server and the fingerprint entry terminal includes:
指纹录入终端读取银行卡信息,并将所述银行卡信息发送至服务端。所述银行卡信息包括用户的交易账号信息等。用户通过指纹录入终端进行密码的设
置。与此同时,服务端与指纹录入终端进行数据同步,即服务端存储用户的密码,并将密码与用户的交易账号信息等形成对应关系。The fingerprint entry terminal reads the bank card information and sends the bank card information to the server. The bank card information includes a user's transaction account information and the like. The user sets the password through the fingerprint entry terminal.
Set. At the same time, the server synchronizes data with the fingerprint input terminal, that is, the server stores the password of the user, and forms a correspondence relationship between the password and the transaction account information of the user.
服务端判断用户设置密码是否成功。当密码设置失败时,用户本次在指纹录入终端进行银行卡密码和指纹模板的设置结束。用户密码设置失败的原因包括但不限于用户前后输入的密码不一致。The server determines whether the user has set a password successfully. When the password setting fails, the user ends the setting of the bank card password and the fingerprint template at the fingerprint entry terminal. Reasons for failure of user password settings include, but are not limited to, inconsistent passwords entered before and after the user.
当密码设置成功时,指纹录入终端向服务端请求生成交易密钥,包括交易公钥和交易私钥。其中,所述交易公钥用于对指纹样本进行加密,所述交易私钥用于对指纹样本进行解密。服务端收到生成交易密钥的请求后,生成交易公钥和交易私钥,并向指纹录入终端反馈交易公钥。When the password setting is successful, the fingerprint entry terminal requests the server to generate a transaction key, including a transaction public key and a transaction private key. The transaction public key is used to encrypt a fingerprint sample, and the transaction private key is used to decrypt the fingerprint sample. After receiving the request for generating the transaction key, the server generates the transaction public key and the transaction private key, and feeds back the transaction public key to the fingerprint entry terminal.
服务端与指纹录入终端进入指纹注册模式。服务端根据所述指纹录入终端的终端ID判断所述指纹录入终端是否为高优先级的指纹录入终端。所述高优先级的指纹录入终端指的是,拥有指纹模板注册权限的指纹录入终端。当所述指纹录入终端不是高优先级的指纹录入终端时,用户本次在指纹录入终端进行指纹模板的设置结束。The server and the fingerprint entry terminal enter the fingerprint registration mode. The server determines, according to the terminal ID of the fingerprint entry terminal, whether the fingerprint entry terminal is a high priority fingerprint entry terminal. The high priority fingerprint entry terminal refers to a fingerprint entry terminal that has the fingerprint template registration authority. When the fingerprint entry terminal is not a high-priority fingerprint entry terminal, the user ends the setting of the fingerprint template at the fingerprint entry terminal.
当所述指纹录入终端是高优先级的指纹录入终端时,所述指纹录入终端采集用户N(一般为8~20)个指纹样本,N为≥1的整数。服务端收到用户N个指纹样本后,为用户生成X个指纹模板,X≤N。服务端生成存储密钥(可以采用对称加密算法),并使用所述存储密钥对所述X个指纹模板进行加密。服务端存储指纹模板,所述指纹模板与用户的交易账号信息等形成对应关系。服务端存储指纹模板后,用户本次在指纹录入终端进行银行卡密码和指纹模板的设置即可结束。When the fingerprint entry terminal is a high priority fingerprint entry terminal, the fingerprint entry terminal collects user N (generally 8-20) fingerprint samples, and N is an integer ≥1. After receiving the N fingerprint samples of the user, the server generates X fingerprint templates for the user, X≤N. The server generates a storage key (a symmetric encryption algorithm may be employed) and encrypts the X fingerprint templates using the storage key. The server stores a fingerprint template, and the fingerprint template forms a corresponding relationship with the transaction account information of the user. After the server stores the fingerprint template, the user can end the setting of the bank card password and the fingerprint template at the fingerprint entry terminal.
参考图3,为本申请的一实施例中基于指纹识别的校验装置与交易装置的示意图。其中,所述校验装置应用于服务端。所述基于指纹识别的交易装置应用
于交易终端。所述服务端可以是一台或者多台的服务器。所述交易终端可以是银行卡账号、电子交易账号(例如,支付宝账号)等交易账号的交易终端。在本申请的一些实施例中,上述交易终端还可以充当注册终端。Referring to FIG. 3, it is a schematic diagram of a fingerprint identification based verification device and a transaction device according to an embodiment of the present application. Wherein, the verification device is applied to the server. The fingerprint identification based transaction device application
At the trading terminal. The server may be one or more servers. The transaction terminal may be a transaction terminal of a transaction account such as a bank card account or an electronic transaction account (for example, an Alipay account). In some embodiments of the present application, the transaction terminal described above may also function as a registration terminal.
图3示意的交易装置包括:信息读取模块21、指纹采集模块22、交易终端收发模块23以及交易控制模块24。The transaction device illustrated in FIG. 3 includes an information reading module 21, a fingerprint collection module 22, a transaction terminal transceiver module 23, and a transaction control module 24.
其中,信息读取模块21,用于读取交易账号的信息。指纹采集模块22,用于采集指纹样本。在一些可能的实施方式中,交易装置不包括所述信息读取模块21。在这种情况下,所述交易装置可以远程接收交易账号的信息。例如,当这种交易装置的载体是移动终端等设备时,用户可以通过扫描二维码登录交易账号。The information reading module 21 is configured to read information of the transaction account. The fingerprint collection module 22 is configured to collect fingerprint samples. In some possible implementations, the transaction device does not include the information reading module 21. In this case, the transaction device can remotely receive information of the transaction account. For example, when the carrier of such a transaction device is a device such as a mobile terminal, the user can log in to the transaction account by scanning the two-dimensional code.
交易终端收发模块23,用于向服务端发送读取到的交易账号的信息、与交易账号相关的指纹校验请求以及采集到的指纹样本,并接收服务端的反馈。交易控制模块24,用于根据服务端的反馈,控制完成或者终止交易。The transaction terminal transceiver module 23 is configured to send the read transaction account information, the fingerprint verification request related to the transaction account, and the collected fingerprint sample to the server, and receive feedback from the server. The transaction control module 24 is configured to control completion or terminate the transaction according to the feedback of the server.
所述交易终端收发模23块还用于向服务端发送交易密钥请求,接收服务端反馈的交易公钥。The transaction terminal transceiver module 23 is further configured to send a transaction key request to the server, and receive the transaction public key fed back by the server.
所述交易终端收发模块23还用于使用所述交易公钥对所述指纹样本进行加密,所述交易终端收发模块23将加密后的所述指纹样本发送到服务端。The transaction terminal transceiver module 23 is further configured to encrypt the fingerprint sample by using the transaction public key, and the transaction terminal transceiver module 23 sends the encrypted fingerprint sample to the server.
上述基于指纹识别的交易装置通过所述交易终端收发模块23使用所述交易公钥对所述指纹样本进行加密,有利于加强指纹样本的信息安全。The above-mentioned fingerprint identification-based transaction device encrypts the fingerprint sample by using the transaction public key by the transaction terminal transceiver module 23, which is beneficial to enhancing information security of the fingerprint sample.
图3中示意的基于指纹识别的校验装置的模块构造及其功能与图1中示意的基于指纹识别的校验装置相同,此处不在赘述。在本申请的一些实施例中所述基于指纹识别的校验装置可以只用于实现上述实施例中的指纹校验功能。上述实施例中所述校验装置的指纹注册功能可以用单独的装置实现。在服务端表
现为一台或者多台服务器用于实现上述实施例中的指纹校验功能,另外的一台或者多台服务器用于实现上述实施例中的指纹注册功能。The module configuration of the fingerprint recognition-based verification device illustrated in FIG. 3 and its function are the same as those of the fingerprint recognition-based verification device illustrated in FIG. 1, and are not described herein. The fingerprint identification based verification device may be used only in some embodiments of the present application to implement the fingerprint verification function in the above embodiments. The fingerprint registration function of the verification device in the above embodiment can be implemented by a separate device. Server table
One or more servers are used to implement the fingerprint verification function in the above embodiment, and another server or multiple servers are used to implement the fingerprint registration function in the above embodiment.
参考图4,为本申请的一实施例中服务端与交易终端的交互流程图。其中,服务端包括但不限于上述实施例中任意一种基于指纹识别的校验装置。交易终端包括但不限于上述实施例中任意一种基于指纹识别的交易装置。Referring to FIG. 4, it is a flowchart of interaction between a server and a transaction terminal in an embodiment of the present application. The server includes, but is not limited to, any one of the above embodiments, which is based on a fingerprint identification. The transaction terminal includes, but is not limited to, any one of the above embodiments based on the fingerprint recognition based transaction device.
如图4中所展示的,用户在交易终端完成交易,例如提取现金、转账等。在上述过程中,服务端与交易终端的交互内容包括:As shown in Figure 4, the user completes the transaction at the transaction terminal, such as withdrawing cash, transferring funds, and the like. In the above process, the interaction between the server and the transaction terminal includes:
交易终端读取银行卡信息,并将所述银行卡信息发送至服务端。所述银行卡信息包括用户的交易账号信息等。服务端收到用户的交易账号信息后,与所述交易终端进行数据同步,即接收用户通过交易终端输入的密码等,并根据用户的交易账号信息等在数据库中检索与该用户的交易账号信息相对应的数据,包括密码等。The transaction terminal reads the bank card information and sends the bank card information to the server. The bank card information includes a user's transaction account information and the like. After receiving the transaction account information of the user, the server synchronizes with the transaction terminal, that is, receives the password input by the user through the transaction terminal, and searches the database for the transaction account information of the user according to the transaction account information of the user. Corresponding data, including passwords.
当接收用户通过交易终端输入的密码时,对密码进行校验。当密码校验失败时,判断是否继续校验密码。如果需要继续进行密码校验,则再次接收用户输入的密码,然后进行密码校验。当校验密码的次数超过预设次数时,则不在继续校验密码,并结束此次交易。The password is verified when the password entered by the user through the transaction terminal is received. When the password verification fails, it is judged whether to continue to check the password. If you need to continue the password verification, receive the password entered by the user again, and then perform password verification. When the number of times the password is verified exceeds the preset number of times, the password is not continuously verified and the transaction is ended.
当密码校验成功时,交易终端向服务端请求生成交易密钥,包括交易公钥和交易私钥。其中,所述交易公钥用于对指纹样本进行加密,所述交易私钥用于对指纹样本进行解密。服务端收到生成交易密钥的请求后,生成交易公钥和交易私钥,并向交易终端反馈交易公钥。When the password verification is successful, the transaction terminal requests the server to generate a transaction key, including the transaction public key and the transaction private key. The transaction public key is used to encrypt a fingerprint sample, and the transaction private key is used to decrypt the fingerprint sample. After receiving the request for generating the transaction key, the server generates the transaction public key and the transaction private key, and feeds back the transaction public key to the transaction terminal.
服务端与交易终端进入指纹识别模式。所述服务端加载与所述银行卡对应的所有指纹模板。所述交易终端采集用户的指纹样本,将所述指纹样本发送给
所述服务端。The server and the transaction terminal enter the fingerprint recognition mode. The server loads all fingerprint templates corresponding to the bank card. The transaction terminal collects a fingerprint sample of the user, and sends the fingerprint sample to
The server.
服务端接收到所述指纹样本后,根据与所述银行卡对应的所有指纹模板校验所述指纹样本。当校验指纹样本没有通过时,服务端判断校验指纹样本的次数,如果校验指纹样本的次数没有超过预设的次数M(M为≥1的整数)则交易终端继续采集用户的指纹样本。服务端再次校验指纹样本,直到校验指纹样本的次数超过预设的次数M。如果校验指纹样本的次数超过预设的次数M,服务端存储指纹样本等信息,例如银行卡的交易账号信息、交易时间、交易地点、交易者脸部的生物特征。After receiving the fingerprint sample, the server verifies the fingerprint sample according to all fingerprint templates corresponding to the bank card. When the verification fingerprint sample does not pass, the server determines the number of times the fingerprint sample is verified. If the number of times the fingerprint sample is verified does not exceed the preset number of times M (M is an integer of ≥ 1), the transaction terminal continues to collect the fingerprint sample of the user. . The server verifies the fingerprint sample again until the number of times the fingerprint sample is verified exceeds the preset number of times M. If the number of times the fingerprint sample is verified exceeds the preset number of times M, the server stores information such as a fingerprint sample, such as transaction account information of the bank card, transaction time, transaction location, and biometrics of the face of the trader.
当校验指纹样本通过时,本次对于密码和指纹样本的校验结束,用户通过交易终端执行其余的交易操作。When the verification fingerprint sample passes, the verification of the password and the fingerprint sample ends this time, and the user performs the remaining transaction operations through the transaction terminal.
上述服务端与交易终端的交互过程,既校验了密码,又校验了指纹样本,因而增强了交易的安全性。此外,上述服务端与交易终端的交互过程,在校验指纹样本的次数超过预设的次数M时,服务端存储指纹样本等信息,有利于打击犯罪。The interaction process between the server and the transaction terminal not only verifies the password but also verifies the fingerprint sample, thereby enhancing the security of the transaction. In addition, during the interaction process between the server and the transaction terminal, when the number of times the fingerprint sample is verified exceeds the preset number of times M, the server stores information such as fingerprint samples, which is beneficial to combat crime.
参考图5,为本申请的另一实施例中交易系统的示意图。图5中的交易系统包括:至少一个指纹录入终端100、至少一个服务端300以及至少一个交易终端200。其中,所述至少一个指纹录入终端100包括上述实施例中任意一种指纹录入装置;所述至少一个服务端300包括上述实施例中任意一种校验装置;所述至少一个交易终端200包括上述实施例中任意一种交易装置。所述至少一个指纹录入终端100用于账号注册时,采集至少一个指纹样本,向所述至少一个服务端发送所述至少一个指纹样本。所述至少一个交易终端200用于交易时,读取交易账号信息,采集指纹样本,向所述至少一个服务端发送所述指纹样本以及指纹校验请求。
Referring to FIG. 5, it is a schematic diagram of a transaction system in another embodiment of the present application. The transaction system of FIG. 5 includes at least one fingerprint entry terminal 100, at least one server 300, and at least one transaction terminal 200. The at least one fingerprint entry terminal 100 includes any one of the above-mentioned embodiments; the at least one server 300 includes any one of the above-described embodiments; the at least one transaction terminal 200 includes the above Any of the transaction devices of the embodiments. When the at least one fingerprint entry terminal 100 is used for account registration, at least one fingerprint sample is collected, and the at least one fingerprint sample is sent to the at least one server. When the at least one transaction terminal 200 is used for transaction, the transaction account information is read, the fingerprint sample is collected, and the fingerprint sample and the fingerprint verification request are sent to the at least one server.
在本申请的一些实施例中,所述指纹录入终端100与所述交易终端200可以用一个终端实现。In some embodiments of the present application, the fingerprint entry terminal 100 and the transaction terminal 200 can be implemented by one terminal.
参考图6,为本申请的另一实施例中服务端执行基于指纹识别的校验方法的流程图。Referring to FIG. 6, a flowchart of performing a fingerprint identification-based verification method by a server in another embodiment of the present application.
图6中,服务端执行基于指纹识别的校验方法包括:In Figure 6, the server performs a fingerprint identification based verification method including:
步骤1:接收与交易账号相关的指纹校验请求。Step 1: Receive a fingerprint verification request related to the transaction account.
步骤2:提取预先存储的与所述交易账号相对应的一个或多个指纹模板,并将交易终端上传的指纹样本与所述一个或多个指纹模板进行比对。Step 2: Extract one or more fingerprint templates corresponding to the transaction account that are pre-stored, and compare the fingerprint samples uploaded by the transaction terminal with the one or more fingerprint templates.
在用户注册交易账号时,将用户的身份信息(用户的姓名、住址、出生日期等)、用户的指纹信息与用户的交易账号绑定。在用户通过交易账号进行交易的过程中验证用户的指纹信息,也即服务端验证交易终端采集到的用户的指纹信息是否与用户的交易账号信息、用户注册时指纹录入终端采集到的指纹信息(即步骤2中的指纹模板)相匹配。这有利于增强用户通过交易账号在交易终端进行交易的安全性。When the user registers the transaction account, the user's identity information (user's name, address, date of birth, etc.), the user's fingerprint information is bound to the user's transaction account. The user's fingerprint information is verified during the transaction of the user through the transaction account, that is, the server verifies whether the fingerprint information of the user collected by the transaction terminal is related to the transaction account information of the user and the fingerprint information collected by the fingerprint input terminal when the user registers ( That is, the fingerprint template in step 2) matches. This is beneficial to enhance the security of the user to conduct transactions at the transaction terminal through the transaction account.
步骤3:当所述指纹样本与所述一个或多个指纹模板中的任意一个指纹模板相匹配时,指纹校验通过;当所述指纹样本与所述一个或多个指纹模板都不相同时,指纹校验未通过。Step 3: When the fingerprint sample matches any one of the one or more fingerprint templates, the fingerprint verification passes; when the fingerprint sample is different from the one or more fingerprint templates The fingerprint verification failed.
在本申请的一些实施例中,所述方法还包括:判断所述指纹样本的指纹校验未通过次数是否达到预设次数;在所述指纹校验未通过的次数达到预设次数时,将所述指纹样本确定为异常指纹样本并存储。当所述指纹校验未通过的次数达到预设次数时,还可以存储交易者的银行卡的交易账号信息、交易时间、交易地点、交易者脸部的生物特征等。这有利于增强交易的可追踪性。
In some embodiments of the present application, the method further includes: determining whether the number of failed fingerprint verification attempts of the fingerprint sample reaches a preset number of times; when the number of times the fingerprint verification fails to reach a preset number of times, The fingerprint sample is determined to be an abnormal fingerprint sample and stored. When the number of times the fingerprint verification fails is reached a preset number of times, the transaction account information of the trader's bank card, the transaction time, the transaction location, the biometrics of the trader's face, and the like may also be stored. This helps to enhance the traceability of the transaction.
在本申请的一些实施例中,所述方法还包括:接收所述交易终端发出的交易密钥请求;根据所述交易密钥请求,采用非对称加密算法生成交易公钥和交易私钥;将所述交易私钥存储在本地,并将所述交易公钥返回给所述交易终端。所述交易终端对上传的指纹样本通过所述交易公钥进行加密;并且,所述方法还包括:在将所述交易终端上传的指纹样本与所述一个或多个指纹模板进行比对之前,使用所述交易私钥对加密后的所述指纹样本进行解密。其中,非对称加密算法需要两个密钥:公钥(publickey)和私钥(privatekey);公钥与私钥是一对,如果用公钥对数据进行加密,只有用对应的私钥才能解密,如果用私钥对数据进行加密,那么只有用对应的公钥才能解密。In some embodiments of the present application, the method further includes: receiving a transaction key request issued by the transaction terminal; generating an transaction public key and a transaction private key by using an asymmetric encryption algorithm according to the transaction key request; The transaction private key is stored locally and the transaction public key is returned to the transaction terminal. The transaction terminal encrypts the uploaded fingerprint sample by using the transaction public key; and the method further includes: before comparing the fingerprint sample uploaded by the transaction terminal with the one or more fingerprint templates, The encrypted fingerprint sample is decrypted using the transaction private key. Among them, the asymmetric encryption algorithm requires two keys: a public key (publickey) and a private key (privatekey); the public key and the private key are a pair. If the data is encrypted with a public key, only the corresponding private key can be used to decrypt. If the data is encrypted with a private key, it can only be decrypted with the corresponding public key.
在本申请的一些实施例中,所述方法还包括:接收指纹录入终端发起的指纹注册请求;根据所述指纹录入终端的终端ID对所述指纹录入终端进行优先级判断,并在优先级判断通过之后进入指纹注册模式;接收所述指纹录入终端采集并上传的指纹数据;根据所述指纹数据生成所述一个或多个指纹模板,并利用存储密钥对所述一个或多个指纹模板进行加密存储,以及并且建立所述一个或多个指纹模板与所述交易账号的关联关系。In some embodiments of the present application, the method further includes: receiving a fingerprint registration request initiated by the fingerprint entry terminal; performing priority determination on the fingerprint input terminal according to the terminal ID of the fingerprint entry terminal, and determining the priority After entering the fingerprint registration mode, receiving the fingerprint data collected and uploaded by the fingerprint entry terminal; generating the one or more fingerprint templates according to the fingerprint data, and performing the one or more fingerprint templates by using a storage key Encrypting storage, and establishing an association relationship of the one or more fingerprint templates with the transaction account.
在本申请的一些实施例中,所述方法还包括:接收来自所述指纹录入终端的指纹注册密钥申请;根据所述指纹注册密钥申请,采用非对称加密算法生成的指纹注册公钥和指纹注册私钥;将所述指纹注册私钥存储在本地,并将所述指纹注册公钥返回给所述指纹录入终端;指纹录入终端对上传的指纹数据通过所述指纹注册公钥进行加密;服务端接收到加密后的所述指纹数据之后,采用所述指纹注册私钥进行解密。所述存储密钥采用对称加密算法生成,且所述一个或多个指纹模板与所述交易账号的账号信息一起进行加密存储。其中,在对称加密算法中,数据发信方将明文(原始数据)和加密密钥一起经过特殊加密
算法处理后,使其变成复杂的加密密文发送出去。收信方收到密文后,若想解读原文,则需要使用加密用过的密钥及相同算法的逆算法对密文进行解密,才能使其恢复成可读明文。In some embodiments of the present application, the method further includes: receiving a fingerprint registration key request from the fingerprint entry terminal; and applying a fingerprint registration public key generated by an asymmetric encryption algorithm according to the fingerprint registration key application The fingerprint registration private key is stored locally, and the fingerprint registration public key is returned to the fingerprint input terminal; the fingerprint input terminal encrypts the uploaded fingerprint data by using the fingerprint registration public key; After receiving the encrypted fingerprint data, the server uses the fingerprint registration private key for decryption. The storage key is generated by using a symmetric encryption algorithm, and the one or more fingerprint templates are encrypted and stored together with the account information of the transaction account. Among them, in the symmetric encryption algorithm, the data sender partially encrypts the plaintext (original data) together with the encryption key.
After the algorithm is processed, it becomes a complex encrypted ciphertext and is sent out. After receiving the ciphertext, if the receiving party wants to interpret the original text, it needs to decrypt the ciphertext by using the encrypted used key and the inverse algorithm of the same algorithm to restore it to readable plaintext.
上述实施例中的基于指纹识别的校验方法,主要有以下的技术效果:由于人体指纹重复的概率极低且不容易被窃取,因此上述实施例中的基于指纹识别的校验方法通过进行指纹校验,增强了用户交易的安全性。此外,上述实施例中的基于指纹识别的校验方法在交易终端出现交易异常时,能够获取到用于识别交易者的信息,有利于在交易异常的情况下对交易者进行鉴定。The fingerprint identification-based verification method in the above embodiment mainly has the following technical effects: since the probability of human fingerprint repetition is extremely low and is not easily stolen, the fingerprint identification-based verification method in the above embodiment performs fingerprinting. Verification enhances the security of user transactions. In addition, the fingerprint identification-based verification method in the above embodiment can obtain information for identifying a trader when a transaction abnormality occurs in the transaction terminal, which is advantageous for identifying the trader in case of abnormal transaction.
当使用到软件实现时,可以将实现上述各个实施例的计算机指令和/或数据存储在计算机可读介质中或作为可读介质上的一个或多个指令或代码进行传输。计算机可读介质包括计算机存储介质和通信介质,其中通信介质包括便于从一个地方向另一个地方传送计算机程序的任何介质。存储介质可以是计算机能够存储的任何可用介质。以此为例但不限于次:计算机可读介质可以包括RAM、ROM、EEPROM、CD-ROM或其他光盘存储、磁盘存储介质或者其他磁存储设备、或者能够携带或存储具有指令或数据结构形式的期望的程序代码并能够由计算机存取的任何其他介质。此外,任何连接可以适当的成为计算机可读介质。例如,如果软件是使用同轴电缆、光钎光缆、双绞线、数字用户线(DSL)或者诸如红外线、无线电和微波之类的无线技术从网站、服务器或者其他远程源传输的,那么同轴电缆、光钎光缆、双绞线、DSL或者诸如红外线、无线和微波之类的无线技术包括在所属介质的定义中。When implemented in a software implementation, computer instructions and/or data for implementing the various embodiments described above may be stored in a computer readable medium or transmitted as one or more instructions or code on a readable medium. Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one location to another. A storage medium can be any available media that can be stored by a computer. By way of example and not limitation, the computer readable medium can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, disk storage media or other magnetic storage device, or can be carried or stored in the form of an instruction or data structure. The desired program code and any other medium that can be accessed by the computer. Moreover, any connection can suitably be a computer readable medium. For example, if the software is transmitted from a website, server, or other remote source using coaxial cable, optical brazing, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave, then coaxial Cables, optical braces, twisted pairs, DSL, or wireless technologies such as infrared, wireless, and microwave are included in the definition of the medium to which they belong.
最后应说明的是:以上实施例仅用以说明本申请的技术方案,而非对其限制。尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解,其依然可以对前述各实施例所记载的技术方案进行修改,或者对其
中部分技术特征进行等同替换。而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精神和范围。
Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present application, and are not limited thereto. Although the present application has been described in detail with reference to the foregoing embodiments, those skilled in the art will understand that the technical solutions described in the foregoing embodiments may be modified or
Some of the technical features are equivalently replaced. The modifications and substitutions of the present invention do not depart from the spirit and scope of the technical solutions of the embodiments of the present application.
Claims (19)
- 一种基于指纹识别的校验方法,应用于服务端,其特征在于,包括:A fingerprint identification-based verification method is applied to a server, and is characterized in that it comprises:接收与交易账号相关的指纹校验请求;Receiving a fingerprint verification request related to the transaction account;提取预先存储的与所述交易账号相对应的一个或多个指纹模板,并将交易终端上传的指纹样本与所述一个或多个指纹模板进行比对;Extracting one or more fingerprint templates corresponding to the transaction account that are pre-stored, and comparing the fingerprint samples uploaded by the transaction terminal with the one or more fingerprint templates;当所述指纹样本与所述一个或多个指纹模板中的任意一个指纹模板相匹配时,指纹校验通过;When the fingerprint sample matches any one of the one or more fingerprint templates, the fingerprint verification passes;当所述指纹样本与所述一个或多个指纹模板都不相同时,指纹校验未通过。When the fingerprint sample is different from the one or more fingerprint templates, the fingerprint verification fails.
- 根据权利要求1所述的基于指纹识别的校验方法,其特征在于,所述方法还包括:The fingerprint identification-based verification method according to claim 1, wherein the method further comprises:判断所述指纹样本的指纹校验未通过次数是否达到预设次数;Determining whether the number of failed fingerprint verification of the fingerprint sample reaches a preset number of times;在所述指纹校验未通过的次数达到预设次数时,将所述指纹样本确定为异常指纹样本并存储。When the number of times the fingerprint verification fails is reached a preset number of times, the fingerprint sample is determined as an abnormal fingerprint sample and stored.
- 根据权利要求1所述的基于指纹识别的校验方法,其特征在于,所述方法还包括:The fingerprint identification-based verification method according to claim 1, wherein the method further comprises:接收所述交易终端发出的交易密钥请求;Receiving a transaction key request issued by the transaction terminal;根据所述交易密钥请求,采用非对称加密算法生成交易公钥和交易私钥;Generating a transaction public key and a transaction private key by using an asymmetric encryption algorithm according to the transaction key request;将所述交易私钥存储在本地,并将所述交易公钥返回给所述交易终端。The transaction private key is stored locally and the transaction public key is returned to the transaction terminal.
- 根据权利要求3所述的基于指纹识别的校验方法,其特征在于,所述交易终端对上传的指纹样本通过所述交易公钥进行加密;并且,所述方法还包括:The fingerprint identification-based verification method according to claim 3, wherein the transaction terminal encrypts the uploaded fingerprint sample by using the transaction public key; and the method further includes:在将所述交易终端上传的指纹样本与所述一个或多个指纹模板进行比对之前,使用所述交易私钥对加密后的所述指纹样本进行解密。The encrypted fingerprint sample is decrypted using the transaction private key before comparing the fingerprint sample uploaded by the transaction terminal with the one or more fingerprint templates.
- 根据权利要求1至4中任一项所述的基于指纹识别的校验方法,其特征 在于,所述方法还包括:A fingerprint recognition based verification method according to any one of claims 1 to 4, characterized in that The method further includes:接收指纹录入终端发起的指纹注册请求;Receiving a fingerprint registration request initiated by the fingerprint entry terminal;根据所述指纹录入终端的终端ID对所述指纹录入终端进行优先级判断,并在优先级判断通过之后进入指纹注册模式;Performing a priority judgment on the fingerprint entry terminal according to the terminal ID of the fingerprint entry terminal, and entering the fingerprint registration mode after the priority determination is passed;接收所述指纹录入终端采集并上传的指纹数据;Receiving fingerprint data collected and uploaded by the fingerprint entry terminal;根据所述指纹数据生成所述一个或多个指纹模板,并利用存储密钥对所述一个或多个指纹模板进行加密存储,以及建立所述一个或多个指纹模板与所述交易账号的关联关系。Generating the one or more fingerprint templates according to the fingerprint data, and encrypting the one or more fingerprint templates by using a storage key, and establishing association of the one or more fingerprint templates with the transaction account relationship.
- 根据权利要求5所述的基于指纹识别的校验方法,其特征在于,所述方法还包括:The fingerprint identification-based verification method according to claim 5, wherein the method further comprises:接收来自所述指纹录入终端的指纹注册密钥申请;Receiving a fingerprint registration key application from the fingerprint entry terminal;根据所述指纹注册密钥申请,采用非对称加密算法生成的指纹注册公钥和指纹注册私钥;According to the fingerprint registration key application, the fingerprint registration public key and the fingerprint registration private key generated by the asymmetric encryption algorithm are used;将所述指纹注册私钥存储在本地,并将所述指纹注册公钥返回给所述指纹录入终端;Storing the fingerprint registration private key locally, and returning the fingerprint registration public key to the fingerprint entry terminal;指纹录入终端对上传的指纹数据通过所述指纹注册公钥进行加密;服务端在接收到加密后的所述指纹数据之后,采用所述指纹注册私钥进行解密。The fingerprint input terminal encrypts the uploaded fingerprint data by using the fingerprint registration public key; after receiving the encrypted fingerprint data, the server uses the fingerprint registration private key for decryption.
- 根据权利要求5所述的基于指纹识别的校验方法,其特征在于,所述存储密钥采用对称加密算法生成,且所述一个或多个指纹模板与所述交易账号的账号信息一起进行加密存储。The fingerprint identification-based verification method according to claim 5, wherein the storage key is generated by a symmetric encryption algorithm, and the one or more fingerprint templates are encrypted together with the account information of the transaction account. storage.
- 一种基于指纹识别的校验装置,应用于服务端,其特征在于,包括:A verification device based on fingerprint identification is applied to a server, and is characterized in that it comprises:服务端收发模块,用于接收与交易账号相关的指纹校验请求; The server transceiver module is configured to receive a fingerprint verification request related to the transaction account;指纹校验模块,用于提取预先存储的与所述交易账号相对应的一个或多个指纹模板,并将交易终端上传的指纹样本与所述一个或多个指纹模板进行比对;当所述指纹样本与所述一个或多个指纹模板中的任意一个指纹模板相匹配时,指纹校验通过;当所述指纹样本与所述一个或多个指纹模板都不相同时,指纹校验未通过。a fingerprint verification module, configured to extract a pre-stored one or more fingerprint templates corresponding to the transaction account, and compare the fingerprint samples uploaded by the transaction terminal with the one or more fingerprint templates; When the fingerprint sample matches any one of the one or more fingerprint templates, the fingerprint verification passes; when the fingerprint sample is different from the one or more fingerprint templates, the fingerprint verification fails .
- 根据权利要求8所述的校验装置,其特征在于,所述装置还包括:The calibration device according to claim 8, wherein the device further comprises:交易异常处理模块,用于判断所述指纹样本的指纹校验未通过次数是否达到预设次数;在所述指纹校验未通过的次数达到预设次数时,将所述指纹样本确定为异常指纹样本并存储。The transaction exception processing module is configured to determine whether the number of failed fingerprint verification attempts of the fingerprint sample reaches a preset number of times; and when the number of times the fingerprint verification fails to reach a preset number of times, determining the fingerprint sample as an abnormal fingerprint Samples are stored.
- 根据权利要求8所述的校验装置,其特征在于,所述服务端收发模块还用于接收所述交易终端发出的交易密钥请求;The verification device according to claim 8, wherein the server transceiver module is further configured to receive a transaction key request sent by the transaction terminal;所述装置还包括密钥模块,用于根据所述交易密钥请求,采用非对称加密算法生成交易公钥和交易私钥;将所述交易私钥存储在本地,并将所述交易公钥返回给所述交易终端。The device further includes a key module, configured to generate a transaction public key and a transaction private key by using an asymmetric encryption algorithm according to the transaction key request; storing the transaction private key locally, and the transaction public key Return to the transaction terminal.
- 根据权利要求10所述的校验装置,其特征在于,所述交易终端对上传的指纹样本通过所述交易公钥进行加密;The verification device according to claim 10, wherein the transaction terminal encrypts the uploaded fingerprint sample by using the transaction public key;在所述指纹校验模块将所述交易终端上传的指纹样本与所述一个或多个指纹模板进行比对之前,所述服务端收发模块还用于使用所述交易私钥对加密后的所述指纹样本进行解密。Before the fingerprint verification module compares the fingerprint sample uploaded by the transaction terminal with the one or more fingerprint templates, the server transceiver module is further configured to use the transaction private key pair to encrypt the The fingerprint sample is decrypted.
- 根据权利要求8-11所述的校验装置,其特征在于,所述服务端收发模块还用于接收指纹录入终端发起的指纹注册请求;The verification device according to any one of claims 8-11, wherein the server transceiver module is further configured to receive a fingerprint registration request initiated by the fingerprint entry terminal;所述装置还包括指纹注册模块,用于根据所述指纹录入终端的终端ID对所 述指纹录入终端进行优先级判断,并在优先级判断通过之后进入指纹注册模式;当所述服务端收发模块接收到所述指纹录入终端采集并上传的指纹数据时,所述指纹注册模块还用于根据所述指纹数据生成所述一个或多个指纹模板;The device further includes a fingerprint registration module, configured to use the terminal ID of the fingerprint entry terminal The fingerprint entry terminal performs priority determination, and enters a fingerprint registration mode after the priority judgment passes; when the server transceiver module receives the fingerprint data collected and uploaded by the fingerprint entry terminal, the fingerprint registration module further uses Generating the one or more fingerprint templates according to the fingerprint data;所述装置还包括存储模块,所述存储模块利用存储密钥对所述一个或多个指纹模板进行加密存储,以及建立所述一个或多个指纹模板与所述交易账号的关联关系。The device further includes a storage module, the storage module encrypts and stores the one or more fingerprint templates by using a storage key, and establishes an association relationship between the one or more fingerprint templates and the transaction account.
- 根据权利要求12所述的校验装置,其特征在于,所述服务端收发模块还用于接收来自所述指纹录入终端的指纹注册密钥申请;The verification device according to claim 12, wherein the server transceiver module is further configured to receive a fingerprint registration key request from the fingerprint entry terminal;所述指纹注册模块还用于根据所述指纹注册密钥申请,采用非对称加密算法生成的指纹注册公钥和指纹注册私钥;将所述指纹注册私钥存储在本地,并将所述指纹注册公钥返回给所述指纹录入终端;指纹录入终端对上传的指纹数据通过所述指纹注册公钥进行加密;所述服务端收发模块在接收到加密后的所述指纹数据之后采用所述指纹注册私钥进行解密。The fingerprint registration module is further configured to: according to the fingerprint registration key application, use a fingerprint registration public key and a fingerprint registration private key generated by an asymmetric encryption algorithm; store the fingerprint registration private key locally, and store the fingerprint The registration public key is returned to the fingerprint entry terminal; the fingerprint input terminal encrypts the uploaded fingerprint data by using the fingerprint registration public key; the server transceiver module adopts the fingerprint after receiving the encrypted fingerprint data. Register the private key for decryption.
- 根据权利要求12所述的校验装置,其特征在于,所述存储模块利用存储密钥对所述一个或多个指纹模板进行加密存储时,所述存储密钥采用对称加密算法生成,且所述一个或多个指纹模板与所述交易账号的账号信息一起进行加密存储。The verification device according to claim 12, wherein when the storage module encrypts and stores the one or more fingerprint templates by using a storage key, the storage key is generated by using a symmetric encryption algorithm, and The one or more fingerprint templates are encrypted and stored together with the account information of the transaction account.
- 一种基于指纹识别的交易装置,应用于交易终端,其特征在于,包括:A transaction device based on fingerprint identification, which is applied to a transaction terminal, and is characterized in that:信息读取模块,用于读取交易账号的信息;An information reading module for reading information of a transaction account;指纹采集模块,用于采集指纹样本;a fingerprint collection module for collecting fingerprint samples;交易终端收发模块,用于向服务端发送读取到的交易账号的信息、与交易账号相关的指纹校验请求以及采集到的指纹样本,并接收服务端的反馈;a transaction terminal transceiver module, configured to send, to the server, information of the read transaction account, a fingerprint verification request related to the transaction account, and the collected fingerprint sample, and receive feedback from the server;交易控制模块,用于根据服务端的反馈,控制完成或者终止交易。 The transaction control module is configured to control completion or terminate the transaction according to feedback from the server.
- 根据权利要求15所述的交易装置,其特征在于,所述交易终端收发模块还用于向服务端发送交易密钥请求,接收服务端反馈的交易公钥;The transaction device according to claim 15, wherein the transaction terminal transceiver module is further configured to send a transaction key request to the server, and receive a transaction public key fed back by the server;所述交易终端收发模块还用于使用所述交易公钥对所述指纹样本进行加密;The transaction terminal transceiver module is further configured to encrypt the fingerprint sample by using the transaction public key;所述交易终端收发模块还用于将加密后的所述指纹样本发送到服务端。The transaction terminal transceiver module is further configured to send the encrypted fingerprint sample to the server.
- 一种指纹录入装置,应用于指纹录入终端,其特征在于,包括:A fingerprint input device is applied to a fingerprint entry terminal, and includes:指纹录入模块,用于获取交易账号的信息,采集指纹数据,调取指纹录入终端的终端ID;a fingerprint entry module, configured to acquire information of a transaction account, collect fingerprint data, and retrieve a terminal ID of the fingerprint entry terminal;指纹录入终端收发模块,用于向服务端发送交易账号的信息、所述指纹数据以及所述终端ID,并接收服务端的反馈。The fingerprint entry terminal transceiver module is configured to send the transaction account information, the fingerprint data, and the terminal ID to the server, and receive feedback from the server.
- 根据权利要求17所述的指纹录入装置,其特征在于,所述装置还包括控制模块,用于向服务端发起指纹注册密钥申请;在录入指纹数据之前所述控制模块与服务端协商,使得服务端生成用于数据加密传输的指纹注册公钥和指纹注册私钥;服务端将生成的指纹注册私钥存储在本地,而将指纹注册公钥返回给所述指纹录入终端收发模块。The fingerprint input device according to claim 17, wherein the device further comprises a control module, configured to initiate a fingerprint registration key application to the server; and the control module negotiates with the server before entering the fingerprint data, so that The server generates a fingerprint registration public key and a fingerprint registration private key for data encryption transmission; the server stores the generated fingerprint registration private key locally, and returns the fingerprint registration public key to the fingerprint input terminal transceiver module.
- 一种交易系统,其特征在于,包括:至少一个指纹录入终端、至少一个服务端以及至少一个交易终端;A transaction system, comprising: at least one fingerprint entry terminal, at least one server, and at least one transaction terminal;其中,所述至少一个指纹录入终端包括权利要求17或18所述的指纹录入装置;The at least one fingerprint entry terminal includes the fingerprint entry device of claim 17 or 18;所述至少一个服务端包括权利要求8-14任意一项所述的校验装置和/或执行权利要求1-7任意一项所述的基于指纹识别的校验方法;The at least one server includes the verification device according to any one of claims 8 to 14 and/or the fingerprint identification-based verification method according to any one of claims 1 to 7;所述至少一个交易终端包括权利要求15或16所述的交易装置。 The at least one transaction terminal comprises the transaction device of claim 15 or 16.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2017/073771 WO2018148900A1 (en) | 2017-02-16 | 2017-02-16 | Fingerprint identification-based authentication method and device, and transaction system |
CN201780000063.9A CN107077679A (en) | 2017-02-16 | 2017-02-16 | Method of calibration, device and transaction system based on fingerprint recognition |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2017/073771 WO2018148900A1 (en) | 2017-02-16 | 2017-02-16 | Fingerprint identification-based authentication method and device, and transaction system |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2018148900A1 true WO2018148900A1 (en) | 2018-08-23 |
Family
ID=59613877
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2017/073771 WO2018148900A1 (en) | 2017-02-16 | 2017-02-16 | Fingerprint identification-based authentication method and device, and transaction system |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN107077679A (en) |
WO (1) | WO2018148900A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117688542A (en) * | 2024-02-04 | 2024-03-12 | 上海银行股份有限公司 | Security management system based on fingerprint call data |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108134791A (en) * | 2017-12-22 | 2018-06-08 | 郑州云海信息技术有限公司 | A kind of data center's total management system login validation method |
CN108833379A (en) * | 2018-05-31 | 2018-11-16 | 中国工商银行股份有限公司 | A kind of data encryption and transmission method and device |
CN110199295A (en) * | 2019-04-04 | 2019-09-03 | 深圳市汇顶科技股份有限公司 | The method, apparatus and electronic equipment of fingerprint recognition |
CN110235140A (en) * | 2019-04-29 | 2019-09-13 | 深圳市汇顶科技股份有限公司 | Biological feather recognition method and electronic equipment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103646202A (en) * | 2013-12-09 | 2014-03-19 | 东南大学 | Fingerprint information coding encryption and application method |
CN103957107A (en) * | 2014-05-19 | 2014-07-30 | 浙江维尔科技股份有限公司 | Identity authentication method and device |
CN104217329A (en) * | 2014-08-26 | 2014-12-17 | 深圳贝特莱电子科技有限公司 | Payment method and system based on fingerprint security authentication |
CN105550627A (en) * | 2015-07-31 | 2016-05-04 | 宇龙计算机通信科技(深圳)有限公司 | Fingerprint verification method and apparatus |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103440445A (en) * | 2013-08-14 | 2013-12-11 | 深圳市亚略特生物识别科技有限公司 | Electronic equipment unlocking control method and system |
CN105243307A (en) * | 2015-09-18 | 2016-01-13 | 京东方科技集团股份有限公司 | Fingerprint identification method and apparatus for touch screen |
CN105354464A (en) * | 2015-10-14 | 2016-02-24 | 中国银联股份有限公司 | Method and device for identifying user identity on the basis of fingerprint information |
CN105404531A (en) * | 2015-10-27 | 2016-03-16 | 广东欧珀移动通信有限公司 | A method and device for adjusting terminal-specific parameters |
CN106203034B (en) * | 2016-06-27 | 2017-10-24 | 广东欧珀移动通信有限公司 | A kind of unlocked by fingerprint method and terminal |
-
2017
- 2017-02-16 WO PCT/CN2017/073771 patent/WO2018148900A1/en active Application Filing
- 2017-02-16 CN CN201780000063.9A patent/CN107077679A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103646202A (en) * | 2013-12-09 | 2014-03-19 | 东南大学 | Fingerprint information coding encryption and application method |
CN103957107A (en) * | 2014-05-19 | 2014-07-30 | 浙江维尔科技股份有限公司 | Identity authentication method and device |
CN104217329A (en) * | 2014-08-26 | 2014-12-17 | 深圳贝特莱电子科技有限公司 | Payment method and system based on fingerprint security authentication |
CN105550627A (en) * | 2015-07-31 | 2016-05-04 | 宇龙计算机通信科技(深圳)有限公司 | Fingerprint verification method and apparatus |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117688542A (en) * | 2024-02-04 | 2024-03-12 | 上海银行股份有限公司 | Security management system based on fingerprint call data |
CN117688542B (en) * | 2024-02-04 | 2024-04-30 | 上海银行股份有限公司 | Security management system based on fingerprint call data |
Also Published As
Publication number | Publication date |
---|---|
CN107077679A (en) | 2017-08-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110999212B (en) | Online authentication of account holders using biometric identification and privacy preserving methods | |
CN114358793B (en) | Server-based biometric authentication | |
US11949785B1 (en) | Biometric authenticated biometric enrollment | |
US7188360B2 (en) | Universal authentication mechanism | |
US11947650B2 (en) | Biometric data security system and method | |
US9665868B2 (en) | One-time use password systems and methods | |
EP2648163B1 (en) | A personalized biometric identification and non-repudiation system | |
US20100042835A1 (en) | System and method for permission confirmation by transmitting a secure request through a central server to a mobile biometric device | |
WO2018148900A1 (en) | Fingerprint identification-based authentication method and device, and transaction system | |
WO2008149366A2 (en) | Device method & system for facilitating mobile transactions | |
CN105553926A (en) | Authentication method, server, and terminal | |
US20170316408A1 (en) | Bionumerical Authentication Systems | |
WO2016083987A1 (en) | Method of and system for obtaining proof of authorisation of a transaction | |
US20250111367A1 (en) | Systems and methods for facilitating biometric authentication using quantum cryptography and/or blockchain | |
US20100005519A1 (en) | System and method for authenticating one-time virtual secret information | |
TWI725443B (en) | Method of registration and access control of identity for third-party certification | |
KR101856530B1 (en) | Encryption system providing user cognition-based encryption protocol and method for processing on-line settlement, security apparatus and transaction approval server using thereof | |
EP3745289B1 (en) | Apparatus and method for registering biometric information, apparatus and method for biometric authentication | |
US10771970B2 (en) | Method of authenticating communication of an authentication device and at least one authentication server using local factor | |
TW202134911A (en) | Certification Method | |
EP1239629A2 (en) | Method for the safe use and transmission of biometric data for authentication purposes | |
CN111353144A (en) | Identity authentication method and device | |
WO2018145286A1 (en) | Authentication method based on biological features, authentication apparatus, and electronic device | |
JP2018073279A (en) | Financial system | |
KR102079667B1 (en) | System for proving financial transaction service |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 17896697 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 17896697 Country of ref document: EP Kind code of ref document: A1 |