[go: up one dir, main page]

WO2018148900A1 - Procédé et dispositif d'authentification basée sur une identification d'empreintes digitales, et système d'opérations - Google Patents

Procédé et dispositif d'authentification basée sur une identification d'empreintes digitales, et système d'opérations Download PDF

Info

Publication number
WO2018148900A1
WO2018148900A1 PCT/CN2017/073771 CN2017073771W WO2018148900A1 WO 2018148900 A1 WO2018148900 A1 WO 2018148900A1 CN 2017073771 W CN2017073771 W CN 2017073771W WO 2018148900 A1 WO2018148900 A1 WO 2018148900A1
Authority
WO
WIPO (PCT)
Prior art keywords
fingerprint
transaction
terminal
server
key
Prior art date
Application number
PCT/CN2017/073771
Other languages
English (en)
Chinese (zh)
Inventor
曾杰民
杨显旭
Original Assignee
深圳市汇顶科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳市汇顶科技股份有限公司 filed Critical 深圳市汇顶科技股份有限公司
Priority to PCT/CN2017/073771 priority Critical patent/WO2018148900A1/fr
Priority to CN201780000063.9A priority patent/CN107077679A/zh
Publication of WO2018148900A1 publication Critical patent/WO2018148900A1/fr

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/12Fingerprints or palmprints
    • G06V40/1365Matching; Classification

Definitions

  • the technical solution disclosed in the present application relates to the field of electronic technologies, and in particular, to a fingerprint identification-based verification method, apparatus, and transaction system.
  • self-service trading terminals for example, ATM (Automatic Teller Machine), Pos (Point Of Sale)] make people's consumption more convenient.
  • the self-service transaction terminal in the prior art mainly judges whether to conduct a transaction by verifying the password of the account. Since the transaction account and the transaction password of the user are easily stolen, it is a big hidden danger to judge whether to conduct the transaction by verifying the transaction password of the transaction account. In addition, in the prior art, when a transaction abnormality occurs in a self-service transaction terminal, it is difficult to acquire information for identifying a trader.
  • the technical solution disclosed in the present application can solve at least the following technical problems: (1) judging whether to conduct a transaction by verifying the password of the account, there is a big hidden danger; (2) when the transaction terminal of the self-service transaction is abnormal, it is difficult to obtain To identify the trader's information.
  • One or more embodiments of the present application disclose a fingerprint identification-based verification method, including: receiving a fingerprint verification request related to a transaction account; extracting one or more pre-stored corresponding to the transaction account a fingerprint template, and the fingerprint sample uploaded by the transaction terminal and the one or more fingerprints The template is compared; when the fingerprint sample matches any one of the one or more fingerprint templates, the fingerprint verification passes; when the fingerprint sample and the one or more fingerprint templates are not When the same, the fingerprint verification failed.
  • the method further includes: determining whether the number of failed fingerprint verification attempts of the fingerprint sample reaches a preset number of times; and the number of times the fingerprint verification fails to reach a preset number of times
  • the fingerprint sample is determined as an abnormal fingerprint sample and stored.
  • the method further includes: receiving a transaction key request issued by the transaction terminal; generating an transaction public key and a transaction private by using an asymmetric encryption algorithm according to the transaction key request a key; storing the transaction private key locally and returning the transaction public key to the transaction terminal.
  • the transaction terminal encrypts the uploaded fingerprint sample by the transaction public key; and the method further includes: the fingerprint sample uploaded by the transaction terminal The encrypted fingerprint sample is decrypted using the transaction private key before the one or more fingerprint templates are compared.
  • the method further includes: receiving a fingerprint registration request initiated by the fingerprint entry terminal; performing priority determination on the fingerprint input terminal according to the terminal ID of the fingerprint entry terminal, and After the priority judgment passes, the fingerprint registration mode is entered; the fingerprint data collected and uploaded by the fingerprint input terminal is received; the one or more fingerprint templates are generated according to the fingerprint data, and the one or more The fingerprint template is encrypted and stored, and an association relationship between the one or more fingerprint templates and the transaction account is established.
  • the method further includes: receiving a fingerprint registration key request from the fingerprint entry terminal; and applying fingerprint registration generated by an asymmetric encryption algorithm according to the fingerprint registration key application The public key and the fingerprint register the private key; storing the fingerprint registration private key locally, Returning the fingerprint registration public key to the fingerprint input terminal; the fingerprint input terminal encrypts the uploaded fingerprint data by using the fingerprint registration public key; after receiving the encrypted fingerprint data, the server adopts the The fingerprint registration private key is decrypted.
  • the storage key is generated using a symmetric encryption algorithm, and the one or more fingerprint templates are encrypted and stored together with the account information of the transaction account.
  • a fingerprint identification-based verification apparatus which is applied to a server, and includes: a server transceiver module, configured to receive a fingerprint verification request related to a transaction account; and a fingerprint verification module For extracting one or more fingerprint templates corresponding to the transaction account that are pre-stored, and comparing the fingerprint samples uploaded by the transaction terminal with the one or more fingerprint templates; When any one of the one or more fingerprint templates matches, the fingerprint verification passes; when the fingerprint sample is different from the one or more fingerprint templates, the fingerprint verification fails.
  • a server transceiver module configured to receive a fingerprint verification request related to a transaction account
  • a fingerprint verification module For extracting one or more fingerprint templates corresponding to the transaction account that are pre-stored, and comparing the fingerprint samples uploaded by the transaction terminal with the one or more fingerprint templates; When any one of the one or more fingerprint templates matches, the fingerprint verification passes; when the fingerprint sample is different from the one or more fingerprint templates, the fingerprint verification fails.
  • the device further includes: a transaction exception processing module, configured to determine whether the number of failed fingerprint verification attempts of the fingerprint sample reaches a preset number of times; When the number of passes reaches a preset number of times, the fingerprint sample is determined as an abnormal fingerprint sample and stored.
  • a transaction exception processing module configured to determine whether the number of failed fingerprint verification attempts of the fingerprint sample reaches a preset number of times; When the number of passes reaches a preset number of times, the fingerprint sample is determined as an abnormal fingerprint sample and stored.
  • the server transceiver module is further configured to receive a transaction key request sent by the transaction terminal; the device further includes a key module, configured to use the transaction key according to the transaction key Requesting, generating a transaction public key and a transaction private key using an asymmetric encryption algorithm; storing the transaction private key locally, and returning the transaction public key to the transaction terminal.
  • the transaction terminal encrypts the uploaded fingerprint sample by using the transaction public key; and the fingerprint verification module uploads the fingerprint sample uploaded by the transaction terminal with the one Before the plurality of fingerprint templates are compared, the server transceiver module is further used for using the The transaction private key decrypts the encrypted fingerprint sample.
  • the server transceiver module is further configured to receive a fingerprint registration request initiated by the fingerprint entry terminal; the device further includes a fingerprint registration module, configured to enter the terminal of the terminal according to the fingerprint The ID is used to determine the priority of the fingerprint entry terminal, and enters the fingerprint registration mode after the priority determination is passed; when the server transceiver module receives the fingerprint data collected and uploaded by the fingerprint entry terminal, the fingerprint registration The module is further configured to generate the one or more fingerprint templates according to the fingerprint data; the device further includes a storage module, where the storage module encrypts and stores the one or more fingerprint templates by using a storage key, and establishes The association relationship between the one or more fingerprint templates and the transaction account.
  • the server transceiver module is further configured to receive a fingerprint registration key request from the fingerprint entry terminal; the fingerprint registration module is further configured to register a key according to the fingerprint Applying, using a fingerprint registration public key and a fingerprint registration private key generated by an asymmetric encryption algorithm; storing the fingerprint registration private key locally, and returning the fingerprint registration public key to the fingerprint input terminal;
  • the uploaded fingerprint data is encrypted by the fingerprint registration public key; the server transceiver module uses the fingerprint registration private key to decrypt after receiving the encrypted fingerprint data.
  • the storage module when the storage module encrypts the one or more fingerprint templates by using a storage key, the storage key is generated by a symmetric encryption algorithm, and the one or The plurality of fingerprint templates are encrypted and stored together with the account information of the transaction account.
  • One or more embodiments of the present application disclose a fingerprint identification-based transaction device, which is applied to a transaction terminal, including: an information reading module for reading information of a transaction account; and a fingerprint collection module for collecting fingerprint samples.
  • Transaction terminal transceiver module configured to send the read transaction account information, the fingerprint verification request related to the transaction account, and the collected fingerprint sample to the server, and receive the service End feedback; a transaction control module for controlling completion or termination of a transaction based on feedback from the server.
  • the transaction terminal transceiver module is further configured to send a transaction key request to the server, and receive a transaction public key fed back by the server; the transaction terminal transceiver module is further used to use the The transaction public key encrypts the fingerprint sample; the transaction terminal transceiver module is further configured to send the encrypted fingerprint sample to the server.
  • a fingerprint entry device which is applied to a fingerprint entry terminal, and includes: a fingerprint entry module, configured to acquire information of a transaction account, collect fingerprint data, and retrieve a terminal ID of the fingerprint entry terminal;
  • the fingerprint entry terminal transceiver module is configured to send the transaction account information, the fingerprint data, and the terminal ID to the server, and receive feedback from the server.
  • the apparatus further includes a control module, configured to initiate a fingerprint registration key request to the server; before the fingerprint data is entered, the control module negotiates with the server, so that the server generates The fingerprint registration public key and the fingerprint registration private key used for data encryption transmission; the server stores the generated fingerprint registration private key locally, and returns the fingerprint registration public key to the fingerprint input terminal transceiver module.
  • a control module configured to initiate a fingerprint registration key request to the server; before the fingerprint data is entered, the control module negotiates with the server, so that the server generates The fingerprint registration public key and the fingerprint registration private key used for data encryption transmission; the server stores the generated fingerprint registration private key locally, and returns the fingerprint registration public key to the fingerprint input terminal transceiver module.
  • One or more embodiments of the present application disclose a transaction system including: at least one fingerprint entry terminal, at least one server, and at least one transaction terminal; wherein the at least one fingerprint entry terminal includes any one of the fingerprint entries described above
  • the at least one server includes any one of the above-described fingerprint recognition-based verification devices and/or performs any of the above-described fingerprint recognition-based verification methods; the at least one transaction terminal includes any one of the above-described fingerprint recognition-based Trading device.
  • one or more fingerprint templates of the transaction account are stored prior to fingerprint verification.
  • fingerprint verification when receiving the fingerprint verification request corresponding to the transaction account, comprising: extracting one or more fingerprint templates of the stored transaction account; and extracting a fingerprint sample uploaded by the transaction terminal
  • the fingerprint sample is compared with the one or more fingerprint templates.
  • the fingerprint verification passes. Since the probability of human fingerprint repetition is extremely low and not easily stolen, embodiments of the present application enhance the security of user transactions.
  • the fingerprint sample is different from any one of the one or more fingerprint templates, the fingerprint verification fails.
  • the fingerprint sample is stored when the number of times the fingerprint verification fails is reached a preset number of times. Accordingly, the embodiment of the present application can obtain information for identifying a trader when a transaction abnormality occurs at the transaction terminal, which is advantageous for identifying and tracking the trader in case of abnormal transaction.
  • FIG. 1 is a schematic diagram of a fingerprint identification-based verification device and a fingerprint entry device according to an embodiment of the present application
  • FIG. 2 is a flow chart of interaction between a server and a fingerprint entry terminal according to an embodiment of the present application
  • FIG. 3 is a schematic diagram of a fingerprint identification based verification device and a fingerprint identification based transaction device according to an embodiment of the present application;
  • FIG. 4 is a flow chart of interaction between a server and a transaction terminal in an embodiment of the present application
  • FIG. 5 is a schematic diagram of a transaction system in another embodiment of the present application.
  • FIG. 6 is a flowchart of a method for performing a fingerprint identification-based verification method by a server in another embodiment of the present application Figure.
  • the fingerprint identification-based verification device is applied to the server.
  • the fingerprint entry device is applied to a fingerprint entry terminal.
  • the server may be one or more servers.
  • the fingerprint entry terminal may be a registration terminal of a transaction account such as a bank card account or an electronic transaction account (for example, an Alipay account). In some embodiments of the present application, the above registered terminal may also function as a transaction terminal.
  • the verification device illustrated in FIG. 1 includes a server transceiver module 31, a fingerprint registration module 32, a storage module 33, a fingerprint verification module 34, a transaction exception processing module 35, and a key module 36.
  • each of the above modules is implemented in a TEE (Trusted Execution Environment) of the server.
  • the server transceiver module 31 receives a fingerprint verification request related to the transaction account.
  • the fingerprint verification module 34 extracts one or more fingerprint templates corresponding to the transaction account that are stored in advance, and compares the fingerprint samples uploaded by the transaction terminal with the one or more fingerprint templates. When the fingerprint sample matches any one of the one or more fingerprint templates, the fingerprint verification passes. When the fingerprint sample is different from the one or more fingerprint templates, the fingerprint verification fails.
  • the fingerprint identification-based verification device may implement the function of fingerprint verification by using only the server transceiver module 31 and the fingerprint verification module 34 described above.
  • the transaction exception processing module 35 determines whether the number of failed fingerprint verification attempts of the fingerprint sample reaches a preset number of times. When the number of times the fingerprint verification fails is reached a preset number of times, the fingerprint sample is determined as an abnormal fingerprint sample and stored.
  • the transaction exception processing module 35 may also store remaining information of the trader, such as transaction account information of the bank card, transaction time, transaction location, biometrics of the trader's face, and the like.
  • the transaction exception handling module 35 stores fingerprint samples and remaining information of the trader in a computer storage medium communicatively coupled to the server for the purpose of fingerprint samples and remaining information of the trader. Make backups to keep your data safe.
  • the key module 36 When the server transceiver module 31 receives the transaction key request sent by the transaction terminal, the key module 36 generates an transaction public key and a transaction private key by using an asymmetric encryption algorithm according to the transaction key request. The transaction private key is stored locally and the transaction public key is returned to the transaction terminal. The transaction terminal encrypts the uploaded fingerprint sample by the transaction public key. Before the fingerprint verification module 34 compares the fingerprint sample uploaded by the transaction terminal with the one or more fingerprint templates, the server transceiver module 31 is further configured to encrypt the transaction private key pair. The fingerprint sample is decrypted.
  • the fingerprint registration module 32 When the server transceiver module 31 receives the fingerprint registration request initiated by the fingerprint entry terminal, the fingerprint registration module 32 performs priority determination on the fingerprint entry terminal according to the terminal ID (unique identification code) of the fingerprint entry terminal, and prioritizes After the level determination is passed, the fingerprint registration mode is entered; when the server transceiver module 31 receives the fingerprint data collected and uploaded by the fingerprint entry terminal, the fingerprint registration module 32 generates the one or more according to the fingerprint data. Fingerprint template. Then the storage module 33 And storing the one or more fingerprint templates by using a storage key, and establishing an association relationship between the one or more fingerprint templates and the transaction account.
  • the association relationship between one or more fingerprint templates and the transaction account is a mapping relationship. For example, one or more fingerprint templates corresponding thereto are found according to the transaction account.
  • the fingerprint registration module 32 When the server transceiver module 31 receives the fingerprint registration key request from the fingerprint entry terminal, the fingerprint registration module 32 applies the fingerprint registration public key and fingerprint generated by the asymmetric encryption algorithm according to the fingerprint registration key application. Registering the private key, then storing the fingerprint registration private key locally, and returning the fingerprint registration public key to the fingerprint entry terminal. The fingerprint entry terminal encrypts the uploaded fingerprint data by using the fingerprint registration public key. The server transceiver module 31 uses the fingerprint registration private key to decrypt after receiving the encrypted fingerprint data.
  • the storage module 33 uses the storage key to encrypt and store the one or more fingerprint templates
  • the storage key is generated by using a symmetric encryption algorithm, and the one or more The fingerprint template is encrypted and stored together with the account information of the transaction account.
  • the server stores a transaction password for the transaction account.
  • the server performs password verification.
  • the fingerprint identification verification device verifies the fingerprint sample through the fingerprint verification module 34, and the user can complete the transaction operation at the transaction terminal only when the verification fingerprint sample passes.
  • the above-described fingerprint identification verification apparatus enhances the security of the transaction as compared with the transaction password of only verifying the transaction account to determine whether or not to conduct the transaction.
  • the verification device for fingerprint identification described above stores the fingerprint sample and the remaining information of the trader by the transaction abnormality processing module 35, when the number of times the fingerprint verification fails has reached a preset number of times. Therefore, when a transaction abnormality occurs in the self-service transaction terminal, the information for identifying the trader can be acquired from the transaction abnormality processing module 35, which is advantageous for combating criminal behavior.
  • the fingerprint entry device illustrated in FIG. 1 includes: a fingerprint entry module 11 and a fingerprint input terminal transceiver module Block 12 and control module 13.
  • the fingerprint entry module 11 and the fingerprint entry terminal transceiver module 12 are implemented in a TEE (Trusted Execution Environment) of the fingerprint entry terminal, and the control module 13 is in some possible implementations TEE is external.
  • TEE Trusted Execution Environment
  • the fingerprint entry module 11 is configured to acquire information of a transaction account, collect fingerprint data, and retrieve a terminal ID of the fingerprint entry terminal.
  • the fingerprint entry terminal transceiver module 12 is configured to send information of the transaction account, the fingerprint data, and the terminal ID to the server, and receive feedback from the server.
  • the control module 13 is configured to control a fingerprint input working mode of the fingerprint input device, and control interaction logic between the fingerprint input terminal and the server.
  • the fingerprint registration key application is initiated to the server; before the fingerprint data is entered, the control module 13 negotiates with the server, so that the server generates a fingerprint registration public key and a fingerprint registration private key for data encryption transmission.
  • the server stores the generated fingerprint registration private key locally, and returns the fingerprint registration public key to the fingerprint entry terminal transceiver module 12.
  • the fingerprint entry terminal transceiver module 12 receives the fingerprint registration public key, and encrypts the fingerprint data by using the fingerprint registration public key, and then the fingerprint input terminal transceiver module 12 sends the encrypted fingerprint data to the service. end.
  • the fingerprint input terminal transceiver module 12 of the fingerprint entry device encrypts the fingerprint data by using the fingerprint registration public key, which is beneficial to enhancing information security of the fingerprint data.
  • the server includes, but is not limited to, any one of the above embodiments, which is based on a fingerprint identification.
  • the fingerprint entry terminal includes, but is not limited to, any of the fingerprint entry devices of the above embodiments.
  • the user completes the setting of the bank card password and the fingerprint template at the fingerprint entry terminal.
  • the interaction between the server and the fingerprint entry terminal includes:
  • the fingerprint entry terminal reads the bank card information and sends the bank card information to the server.
  • the bank card information includes a user's transaction account information and the like.
  • the user sets the password through the fingerprint entry terminal. Set.
  • the server synchronizes data with the fingerprint input terminal, that is, the server stores the password of the user, and forms a correspondence relationship between the password and the transaction account information of the user.
  • the server determines whether the user has set a password successfully.
  • the password setting fails, the user ends the setting of the bank card password and the fingerprint template at the fingerprint entry terminal.
  • Reasons for failure of user password settings include, but are not limited to, inconsistent passwords entered before and after the user.
  • the fingerprint entry terminal requests the server to generate a transaction key, including a transaction public key and a transaction private key.
  • the transaction public key is used to encrypt a fingerprint sample
  • the transaction private key is used to decrypt the fingerprint sample.
  • the server After receiving the request for generating the transaction key, the server generates the transaction public key and the transaction private key, and feeds back the transaction public key to the fingerprint entry terminal.
  • the server and the fingerprint entry terminal enter the fingerprint registration mode.
  • the server determines, according to the terminal ID of the fingerprint entry terminal, whether the fingerprint entry terminal is a high priority fingerprint entry terminal.
  • the high priority fingerprint entry terminal refers to a fingerprint entry terminal that has the fingerprint template registration authority.
  • the user ends the setting of the fingerprint template at the fingerprint entry terminal.
  • the fingerprint entry terminal collects user N (generally 8-20) fingerprint samples, and N is an integer ⁇ 1.
  • the server After receiving the N fingerprint samples of the user, the server generates X fingerprint templates for the user, X ⁇ N.
  • the server generates a storage key (a symmetric encryption algorithm may be employed) and encrypts the X fingerprint templates using the storage key.
  • the server stores a fingerprint template, and the fingerprint template forms a corresponding relationship with the transaction account information of the user. After the server stores the fingerprint template, the user can end the setting of the bank card password and the fingerprint template at the fingerprint entry terminal.
  • FIG. 3 it is a schematic diagram of a fingerprint identification based verification device and a transaction device according to an embodiment of the present application.
  • the verification device is applied to the server.
  • the fingerprint identification based transaction device application At the trading terminal.
  • the server may be one or more servers.
  • the transaction terminal may be a transaction terminal of a transaction account such as a bank card account or an electronic transaction account (for example, an Alipay account).
  • the transaction terminal described above may also function as a registration terminal.
  • the transaction device illustrated in FIG. 3 includes an information reading module 21, a fingerprint collection module 22, a transaction terminal transceiver module 23, and a transaction control module 24.
  • the information reading module 21 is configured to read information of the transaction account.
  • the fingerprint collection module 22 is configured to collect fingerprint samples.
  • the transaction device does not include the information reading module 21.
  • the transaction device can remotely receive information of the transaction account. For example, when the carrier of such a transaction device is a device such as a mobile terminal, the user can log in to the transaction account by scanning the two-dimensional code.
  • the transaction terminal transceiver module 23 is configured to send the read transaction account information, the fingerprint verification request related to the transaction account, and the collected fingerprint sample to the server, and receive feedback from the server.
  • the transaction control module 24 is configured to control completion or terminate the transaction according to the feedback of the server.
  • the transaction terminal transceiver module 23 is further configured to send a transaction key request to the server, and receive the transaction public key fed back by the server.
  • the transaction terminal transceiver module 23 is further configured to encrypt the fingerprint sample by using the transaction public key, and the transaction terminal transceiver module 23 sends the encrypted fingerprint sample to the server.
  • the above-mentioned fingerprint identification-based transaction device encrypts the fingerprint sample by using the transaction public key by the transaction terminal transceiver module 23, which is beneficial to enhancing information security of the fingerprint sample.
  • the module configuration of the fingerprint recognition-based verification device illustrated in FIG. 3 and its function are the same as those of the fingerprint recognition-based verification device illustrated in FIG. 1, and are not described herein.
  • the fingerprint identification based verification device may be used only in some embodiments of the present application to implement the fingerprint verification function in the above embodiments.
  • the fingerprint registration function of the verification device in the above embodiment can be implemented by a separate device.
  • Server table One or more servers are used to implement the fingerprint verification function in the above embodiment, and another server or multiple servers are used to implement the fingerprint registration function in the above embodiment.
  • the server includes, but is not limited to, any one of the above embodiments, which is based on a fingerprint identification.
  • the transaction terminal includes, but is not limited to, any one of the above embodiments based on the fingerprint recognition based transaction device.
  • the interaction between the server and the transaction terminal includes:
  • the transaction terminal reads the bank card information and sends the bank card information to the server.
  • the bank card information includes a user's transaction account information and the like.
  • the server After receiving the transaction account information of the user, the server synchronizes with the transaction terminal, that is, receives the password input by the user through the transaction terminal, and searches the database for the transaction account information of the user according to the transaction account information of the user. Corresponding data, including passwords.
  • the password is verified when the password entered by the user through the transaction terminal is received. When the password verification fails, it is judged whether to continue to check the password. If you need to continue the password verification, receive the password entered by the user again, and then perform password verification. When the number of times the password is verified exceeds the preset number of times, the password is not continuously verified and the transaction is ended.
  • the transaction terminal requests the server to generate a transaction key, including the transaction public key and the transaction private key.
  • the transaction public key is used to encrypt a fingerprint sample
  • the transaction private key is used to decrypt the fingerprint sample.
  • the server After receiving the request for generating the transaction key, the server generates the transaction public key and the transaction private key, and feeds back the transaction public key to the transaction terminal.
  • the server and the transaction terminal enter the fingerprint recognition mode.
  • the server loads all fingerprint templates corresponding to the bank card.
  • the transaction terminal collects a fingerprint sample of the user, and sends the fingerprint sample to The server.
  • the server After receiving the fingerprint sample, the server verifies the fingerprint sample according to all fingerprint templates corresponding to the bank card. When the verification fingerprint sample does not pass, the server determines the number of times the fingerprint sample is verified. If the number of times the fingerprint sample is verified does not exceed the preset number of times M (M is an integer of ⁇ 1), the transaction terminal continues to collect the fingerprint sample of the user. . The server verifies the fingerprint sample again until the number of times the fingerprint sample is verified exceeds the preset number of times M. If the number of times the fingerprint sample is verified exceeds the preset number of times M, the server stores information such as a fingerprint sample, such as transaction account information of the bank card, transaction time, transaction location, and biometrics of the face of the trader.
  • M is an integer of ⁇ 1
  • the verification fingerprint sample passes, the verification of the password and the fingerprint sample ends this time, and the user performs the remaining transaction operations through the transaction terminal.
  • the interaction process between the server and the transaction terminal not only verifies the password but also verifies the fingerprint sample, thereby enhancing the security of the transaction.
  • the server stores information such as fingerprint samples, which is beneficial to combat crime.
  • the transaction system of FIG. 5 includes at least one fingerprint entry terminal 100, at least one server 300, and at least one transaction terminal 200.
  • the at least one fingerprint entry terminal 100 includes any one of the above-mentioned embodiments; the at least one server 300 includes any one of the above-described embodiments; the at least one transaction terminal 200 includes the above Any of the transaction devices of the embodiments.
  • the at least one fingerprint entry terminal 100 is used for account registration, at least one fingerprint sample is collected, and the at least one fingerprint sample is sent to the at least one server.
  • the at least one transaction terminal 200 is used for transaction, the transaction account information is read, the fingerprint sample is collected, and the fingerprint sample and the fingerprint verification request are sent to the at least one server.
  • the fingerprint entry terminal 100 and the transaction terminal 200 can be implemented by one terminal.
  • FIG. 6 a flowchart of performing a fingerprint identification-based verification method by a server in another embodiment of the present application.
  • the server performs a fingerprint identification based verification method including:
  • Step 1 Receive a fingerprint verification request related to the transaction account.
  • Step 2 Extract one or more fingerprint templates corresponding to the transaction account that are pre-stored, and compare the fingerprint samples uploaded by the transaction terminal with the one or more fingerprint templates.
  • the user's identity information (user's name, address, date of birth, etc.)
  • the user's fingerprint information is bound to the user's transaction account.
  • the user's fingerprint information is verified during the transaction of the user through the transaction account, that is, the server verifies whether the fingerprint information of the user collected by the transaction terminal is related to the transaction account information of the user and the fingerprint information collected by the fingerprint input terminal when the user registers ( That is, the fingerprint template in step 2) matches. This is beneficial to enhance the security of the user to conduct transactions at the transaction terminal through the transaction account.
  • Step 3 When the fingerprint sample matches any one of the one or more fingerprint templates, the fingerprint verification passes; when the fingerprint sample is different from the one or more fingerprint templates The fingerprint verification failed.
  • the method further includes: determining whether the number of failed fingerprint verification attempts of the fingerprint sample reaches a preset number of times; when the number of times the fingerprint verification fails to reach a preset number of times, The fingerprint sample is determined to be an abnormal fingerprint sample and stored.
  • the transaction account information of the trader's bank card, the transaction time, the transaction location, the biometrics of the trader's face, and the like may also be stored. This helps to enhance the traceability of the transaction.
  • the method further includes: receiving a transaction key request issued by the transaction terminal; generating an transaction public key and a transaction private key by using an asymmetric encryption algorithm according to the transaction key request;
  • the transaction private key is stored locally and the transaction public key is returned to the transaction terminal.
  • the transaction terminal encrypts the uploaded fingerprint sample by using the transaction public key; and the method further includes: before comparing the fingerprint sample uploaded by the transaction terminal with the one or more fingerprint templates, The encrypted fingerprint sample is decrypted using the transaction private key.
  • the asymmetric encryption algorithm requires two keys: a public key (publickey) and a private key (privatekey); the public key and the private key are a pair. If the data is encrypted with a public key, only the corresponding private key can be used to decrypt. If the data is encrypted with a private key, it can only be decrypted with the corresponding public key.
  • the method further includes: receiving a fingerprint registration request initiated by the fingerprint entry terminal; performing priority determination on the fingerprint input terminal according to the terminal ID of the fingerprint entry terminal, and determining the priority After entering the fingerprint registration mode, receiving the fingerprint data collected and uploaded by the fingerprint entry terminal; generating the one or more fingerprint templates according to the fingerprint data, and performing the one or more fingerprint templates by using a storage key Encrypting storage, and establishing an association relationship of the one or more fingerprint templates with the transaction account.
  • the method further includes: receiving a fingerprint registration key request from the fingerprint entry terminal; and applying a fingerprint registration public key generated by an asymmetric encryption algorithm according to the fingerprint registration key application
  • the fingerprint registration private key is stored locally, and the fingerprint registration public key is returned to the fingerprint input terminal; the fingerprint input terminal encrypts the uploaded fingerprint data by using the fingerprint registration public key;
  • the server uses the fingerprint registration private key for decryption.
  • the storage key is generated by using a symmetric encryption algorithm, and the one or more fingerprint templates are encrypted and stored together with the account information of the transaction account.
  • the data sender partially encrypts the plaintext (original data) together with the encryption key.
  • the algorithm After the algorithm is processed, it becomes a complex encrypted ciphertext and is sent out. After receiving the ciphertext, if the receiving party wants to interpret the original text, it needs to decrypt the ciphertext by using the encrypted used key and the inverse algorithm of the same algorithm to restore it to readable plaintext.
  • the fingerprint identification-based verification method in the above embodiment mainly has the following technical effects: since the probability of human fingerprint repetition is extremely low and is not easily stolen, the fingerprint identification-based verification method in the above embodiment performs fingerprinting. Verification enhances the security of user transactions. In addition, the fingerprint identification-based verification method in the above embodiment can obtain information for identifying a trader when a transaction abnormality occurs in the transaction terminal, which is advantageous for identifying the trader in case of abnormal transaction.
  • Computer instructions and/or data for implementing the various embodiments described above may be stored in a computer readable medium or transmitted as one or more instructions or code on a readable medium.
  • Computer readable media includes both computer storage media and communication media including any medium that facilitates transfer of a computer program from one location to another.
  • a storage medium can be any available media that can be stored by a computer.
  • the computer readable medium can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, disk storage media or other magnetic storage device, or can be carried or stored in the form of an instruction or data structure.
  • any connection can suitably be a computer readable medium.
  • coaxial cable For example, if the software is transmitted from a website, server, or other remote source using coaxial cable, optical brazing, twisted pair, digital subscriber line (DSL), or wireless technologies such as infrared, radio, and microwave, then coaxial Cables, optical braces, twisted pairs, DSL, or wireless technologies such as infrared, wireless, and microwave are included in the definition of the medium to which they belong.
  • coaxial Cables, optical braces, twisted pairs, DSL, or wireless technologies such as infrared, wireless, and microwave are included in the definition of the medium to which they belong.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Computer Security & Cryptography (AREA)
  • General Business, Economics & Management (AREA)
  • Human Computer Interaction (AREA)
  • Multimedia (AREA)
  • Collating Specific Patterns (AREA)

Abstract

La présente invention s'applique au domaine technique de l'électronique, et concerne un procédé et un dispositif d'authentification basés sur une identification d'empreintes digitales ainsi qu'un système d'opérations. Le procédé consiste : à recevoir une demande d'authentification d'empreintes digitales associée à un compte d'opérations (1) ; à récupérer un ou plusieurs modèles d'empreintes digitales mémorisés au préalable correspondant au compte d'opérations, et à comparer un échantillon d'empreintes digitales téléchargé vers l'amont par un terminal d'opérations avec le ou les modèles d'empreintes digitales (2) ; si l'échantillon d'empreintes digitales coïncide avec l'un des modèles d'empreintes digitales, à déterminer que l'authentification d'empreintes digitales est réussie, et, sinon, à déterminer que l'authentification d'empreintes digitales est un échec (3). Le procédé permet l'acquisition d'informations servant à identifier un utilisateur d'opérations afin de faciliter l'authentification dudit utilisateur en cas d'opération anormale.
PCT/CN2017/073771 2017-02-16 2017-02-16 Procédé et dispositif d'authentification basée sur une identification d'empreintes digitales, et système d'opérations WO2018148900A1 (fr)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2017/073771 WO2018148900A1 (fr) 2017-02-16 2017-02-16 Procédé et dispositif d'authentification basée sur une identification d'empreintes digitales, et système d'opérations
CN201780000063.9A CN107077679A (zh) 2017-02-16 2017-02-16 基于指纹识别的校验方法、装置、以及交易系统

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2017/073771 WO2018148900A1 (fr) 2017-02-16 2017-02-16 Procédé et dispositif d'authentification basée sur une identification d'empreintes digitales, et système d'opérations

Publications (1)

Publication Number Publication Date
WO2018148900A1 true WO2018148900A1 (fr) 2018-08-23

Family

ID=59613877

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2017/073771 WO2018148900A1 (fr) 2017-02-16 2017-02-16 Procédé et dispositif d'authentification basée sur une identification d'empreintes digitales, et système d'opérations

Country Status (2)

Country Link
CN (1) CN107077679A (fr)
WO (1) WO2018148900A1 (fr)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117688542A (zh) * 2024-02-04 2024-03-12 上海银行股份有限公司 一种基于指纹调用数据的安全管理系统

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108134791A (zh) * 2017-12-22 2018-06-08 郑州云海信息技术有限公司 一种数据中心综合管理系统登录验证方法
CN108833379A (zh) * 2018-05-31 2018-11-16 中国工商银行股份有限公司 一种数据加密传输方法和装置
CN110199295A (zh) * 2019-04-04 2019-09-03 深圳市汇顶科技股份有限公司 指纹识别的方法、装置和电子设备
CN110235140A (zh) * 2019-04-29 2019-09-13 深圳市汇顶科技股份有限公司 生物特征识别方法以及电子设备

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103646202A (zh) * 2013-12-09 2014-03-19 东南大学 一种指纹信息的编码加密及应用方法
CN103957107A (zh) * 2014-05-19 2014-07-30 浙江维尔科技股份有限公司 一种身份验证方法及装置
CN104217329A (zh) * 2014-08-26 2014-12-17 深圳贝特莱电子科技有限公司 一种基于指纹安全认证的支付方法及系统
CN105550627A (zh) * 2015-07-31 2016-05-04 宇龙计算机通信科技(深圳)有限公司 指纹校验方法及装置

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103440445A (zh) * 2013-08-14 2013-12-11 深圳市亚略特生物识别科技有限公司 电子设备的解锁控制方法及系统
CN105243307A (zh) * 2015-09-18 2016-01-13 京东方科技集团股份有限公司 一种触摸屏的指纹识别方法及装置
CN105354464A (zh) * 2015-10-14 2016-02-24 中国银联股份有限公司 基于指纹信息识别用户身份的方法和装置
CN105404531A (zh) * 2015-10-27 2016-03-16 广东欧珀移动通信有限公司 一种调整终端特定参数的方法和装置
CN106203034B (zh) * 2016-06-27 2017-10-24 广东欧珀移动通信有限公司 一种指纹解锁方法及终端

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103646202A (zh) * 2013-12-09 2014-03-19 东南大学 一种指纹信息的编码加密及应用方法
CN103957107A (zh) * 2014-05-19 2014-07-30 浙江维尔科技股份有限公司 一种身份验证方法及装置
CN104217329A (zh) * 2014-08-26 2014-12-17 深圳贝特莱电子科技有限公司 一种基于指纹安全认证的支付方法及系统
CN105550627A (zh) * 2015-07-31 2016-05-04 宇龙计算机通信科技(深圳)有限公司 指纹校验方法及装置

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117688542A (zh) * 2024-02-04 2024-03-12 上海银行股份有限公司 一种基于指纹调用数据的安全管理系统
CN117688542B (zh) * 2024-02-04 2024-04-30 上海银行股份有限公司 一种基于指纹调用数据的安全管理系统

Also Published As

Publication number Publication date
CN107077679A (zh) 2017-08-18

Similar Documents

Publication Publication Date Title
CN110999212B (zh) 使用生物特征识别和隐私保护方法在线认证账户持有者
CN114358793B (zh) 基于服务器的生物测定认证
US11949785B1 (en) Biometric authenticated biometric enrollment
US7188360B2 (en) Universal authentication mechanism
US11947650B2 (en) Biometric data security system and method
US9665868B2 (en) One-time use password systems and methods
EP2648163B1 (fr) Identification biométrique personnalisée et système de non-répudiation
US20100042835A1 (en) System and method for permission confirmation by transmitting a secure request through a central server to a mobile biometric device
WO2018148900A1 (fr) Procédé et dispositif d'authentification basée sur une identification d'empreintes digitales, et système d'opérations
WO2008149366A2 (fr) Dispositif, procédé et système pour faciliter des transactions mobiles
CN105553926A (zh) 一种认证方法、服务器以及终端
US20170316408A1 (en) Bionumerical Authentication Systems
WO2016083987A1 (fr) Procédé et système pour obtenir la preuve de l'autorisation d'une transaction
US20250111367A1 (en) Systems and methods for facilitating biometric authentication using quantum cryptography and/or blockchain
US20100005519A1 (en) System and method for authenticating one-time virtual secret information
TWI725443B (zh) 用於第三方認證的身分的註冊與存取控制方法
KR101856530B1 (ko) 사용자 인지 기반 암호화 프로토콜을 제공하는 암호화 시스템 및 이를 이용하는 온라인 결제 처리 방법, 보안 장치 및 거래 승인 서버
EP3745289B1 (fr) Appareil et procédé d'enregistrement d'informations biométriques, appareil et procédé d'authentification biométrique
US10771970B2 (en) Method of authenticating communication of an authentication device and at least one authentication server using local factor
TW202134911A (zh) 身分認證方法
EP1239629A2 (fr) Procédé l'utilisation et la transmission sécurisée de données biométriques pour l'authentification
CN111353144A (zh) 一种身份认证的方法和装置
WO2018145286A1 (fr) Procédé d'authentification basé sur des caractéristiques biologiques, appareil d'authentification et dispositif électronique
JP2018073279A (ja) 金融システム
KR102079667B1 (ko) 금융 거래 서비스 제공 시스템

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17896697

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 17896697

Country of ref document: EP

Kind code of ref document: A1