CN1822013A - Fingerprint biometric identification engine system and identification method based on trusted platform module - Google Patents

Fingerprint biometric identification engine system and identification method based on trusted platform module Download PDF

Info

Publication number
CN1822013A
CN1822013A CNA2006100246736A CN200610024673A CN1822013A CN 1822013 A CN1822013 A CN 1822013A CN A2006100246736 A CNA2006100246736 A CN A2006100246736A CN 200610024673 A CN200610024673 A CN 200610024673A CN 1822013 A CN1822013 A CN 1822013A
Authority
CN
China
Prior art keywords
fingerprint
module
chip
identification
nonvolatile memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2006100246736A
Other languages
Chinese (zh)
Inventor
沈英俊
肖朝昕
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Ewaytek Co ltd
Original Assignee
Shanghai Ewaytek Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Ewaytek Co ltd filed Critical Shanghai Ewaytek Co ltd
Priority to CNA2006100246736A priority Critical patent/CN1822013A/en
Publication of CN1822013A publication Critical patent/CN1822013A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Collating Specific Patterns (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)

Abstract

The invention relates to a fingerprint biological identification engine system and a method based on a trusted platform module, wherein a TPM chip in the system is internally provided with a functional module and a chip operating system, and further comprises a fingerprint sensor, a fingerprint acquisition and fingerprint processing module borne by a computer mainboard, a nonvolatile memory and a fingerprint comparison module arranged in the TPM chip of the trusted platform module, wherein the fingerprint sensor is connected with the nonvolatile memory through the fingerprint acquisition module, the fingerprint processing module and the fingerprint comparison module in sequence. The fingerprint biological identification engine system and the identification method thereof have higher system safety and reliability, and lay a foundation for the development of computer safety biological authentication technology.

Description

基于可信平台模块的指纹生物识别引擎系统及其识别方法Fingerprint biometric identification engine system and identification method based on trusted platform module

技术领域technical field

本发明涉及计算机生物识别技术领域,特别涉及计算机指纹生物识别技术领域,具体是指一种基于可信平台模块的指纹生物识别引擎系统及其识别方法。The invention relates to the technical field of computer biometric identification, in particular to the technical field of computer fingerprint biometric identification, in particular to a fingerprint biometric identification engine system based on a trusted platform module and an identification method thereof.

背景技术Background technique

人类在19世纪中叶开始了对指纹在科学意义上的研究,并产生了两个重要的结论:没有任何两个手指指纹的纹线形态一致;指纹纹线的形态终生不变。指纹识别技术是目前国际公认的应用最广泛,价格最低廉、易用性最高的生物认证技术,相对于其它身份认证技术,自动指纹识别具有如下许多独到的信息安全优点:In the middle of the 19th century, humans began to study fingerprints in a scientific sense, and came to two important conclusions: no two fingerprints have the same shape of the lines; the shape of the fingerprint lines remains unchanged throughout life. Fingerprint identification technology is currently internationally recognized as the most widely used, cheapest, and most easy-to-use biometric authentication technology. Compared with other identity authentication technologies, automatic fingerprint identification has many unique information security advantages as follows:

(1)每个人的指纹是相当固定的,不会随着人的年龄的增长或身体健康程度的变化而变化,但是人的声音、面相等却存在较大变化的可能。(1) The fingerprint of each person is quite fixed and will not change with the growth of the person's age or the change of the health level, but there is a possibility of great changes in the voice and face of the person.

(2)指纹样本便于获取,易于开发识别系统,实用性强。(2) Fingerprint samples are easy to obtain, easy to develop an identification system, and have strong practicability.

(3)一个人的十指指纹皆不相同,这样可以方便地利用多个指纹构成多重口令,提高系统的安全性。(3) The ten fingerprints of a person are all different, so multiple passwords can be easily formed by using multiple fingerprints, and the security of the system can be improved.

(4)指纹识别中使用的模板是由指纹图中提取的关键特征,这样存储量较小,可以大大减少网络传输的负担,便于实现认证。(4) The template used in fingerprint identification is the key feature extracted from the fingerprint image, so the storage capacity is small, which can greatly reduce the burden of network transmission and facilitate authentication.

TPM(可信平台模块,Trusted Platform Module),它是目前国际上即能提高PC的安全性、又能提高其易用性的最好技术。TPM实际上是一个含有密码运算部件和存储部件的小型片上系统,从根本上解决底层硬件设施的安全问题。TPM芯片主导思想是基于可信任计算理念,基于对用户身份、应用环境、网络环境等不同底层认证,彻底防止恶意盗取信息和病毒侵害。TPM (Trusted Platform Module, Trusted Platform Module), it is currently the best technology in the world that can not only improve the security of PC, but also improve its ease of use. TPM is actually a small system-on-a-chip containing cryptographic computing components and storage components, which fundamentally solves the security problem of the underlying hardware facilities. The leading idea of the TPM chip is based on the concept of trusted computing, based on different underlying authentication of user identity, application environment, network environment, etc., to completely prevent malicious theft of information and virus infringement.

TPM技术最核心的功能在于对CPU处理的数据流进行加密,同时监测系统底层的状态。在这个基础上,可以开发出唯一身份识别、系统登录加密、文件夹加密、网络通讯加密等各个环节的安全应用,它能够生成加密的密钥,还有密钥的存储和身份的验证,可以高速进行数据加密和还原,作为保护BIOS和OS不被修改的辅助处理器,通过TSS与TPM的结合来构建跨平台与软硬件系统的可信计算体系结构。用户即使硬盘被盗也不会造成上数据泄漏。The core function of TPM technology is to encrypt the data flow processed by the CPU and monitor the status of the bottom layer of the system at the same time. On this basis, security applications for unique identification, system login encryption, folder encryption, and network communication encryption can be developed. It can generate encrypted keys, as well as key storage and identity verification. High-speed data encryption and restoration, as an auxiliary processor to protect BIOS and OS from modification, build a trusted computing architecture that crosses platforms and software and hardware systems through the combination of TSS and TPM. Even if the user's hard drive is stolen, it will not cause data leakage.

可信计算终端系统平台安全体系结构请参阅图1所示。Please refer to Figure 1 for the security architecture of the trusted computing terminal system platform.

TPM芯片是一款SOC(System-on-Chip)芯片,内部集成了CPU内核、RAM、ROM、Flash、加密算法协处理器、随机数生成器等模块,SOC系统和配套的应用软件主要用于完成计算机平台可靠性认证、用户身份认证、数字签名等功能。可信计算通常包括以下三个属性与功能:The TPM chip is a SOC (System-on-Chip) chip, which integrates CPU core, RAM, ROM, Flash, encryption algorithm coprocessor, random number generator and other modules. The SOC system and supporting application software are mainly used for Complete computer platform reliability certification, user identity certification, digital signature and other functions. Trusted computing usually includes the following three attributes and functions:

(1)确保用户身份的唯一性,用户工作空间的完整性与私有性;(1) Ensure the uniqueness of the user's identity, the integrity and privacy of the user's workspace;

(2)确保硬件环境配置、OS内核、服务及应用程序的完整性;(2) Ensure the integrity of hardware environment configuration, OS kernel, services and applications;

(3)确保存储、处理、传输的信息的保密性/完整性。(3) Ensure the confidentiality/integrity of information stored, processed, and transmitted.

不仅如此,在生物识别技术实现对电脑的安全访问方面,目前大多指纹技术都在操作系统及应用层面上实现,由于指纹数据要加载到内存,存在指纹数据、处理被截取或被病毒感染或被攻击的安全隐患;涉及到计算机硬件层,也只实现指纹数据的安全存储,就是将指纹数据安全存储在BIOS或TPM硬件芯片内,而指纹的处理和比对,通过在计算机主板上外加设有微处理器和有微处理器的辅助芯片完成,实现了生物识别技术实现对电脑的安全开机访问。Not only that, in terms of biometric technology to achieve secure access to computers, most fingerprint technologies are currently implemented at the operating system and application levels. Hidden dangers of attacks; when it comes to the computer hardware layer, it only realizes the safe storage of fingerprint data, that is, the fingerprint data is safely stored in the BIOS or TPM hardware chip, and the processing and comparison of fingerprints are done by adding a fingerprint sensor on the computer motherboard. The microprocessor and the auxiliary chip with the microprocessor are completed, and the biometric technology is realized to realize the safe boot access to the computer.

将指纹采集、处理和比对与指纹数据分开存放和处理,存在安全的隐患,至少需要比对的指纹辩识码与指纹比对处理存放同一SOC片上芯片内,实现内部指纹识别才能达到强双因子安全;并且只是实现计算机开机安全的认证对整个计算机各个层面的安全是不够的。Separate storage and processing of fingerprint collection, processing and comparison from fingerprint data has potential safety hazards. At least the fingerprint identification code for comparison and fingerprint comparison processing need to be stored in the same SOC chip to achieve internal fingerprint recognition. factor security; and just realizing the authentication of computer power-on security is not enough for the security of the entire computer at all levels.

以下是有无TPM芯片的利弊对照表:   没有TPM的用户认证   有TPM的用户认证   仅用户号和密码方式容易被破解   用户登录完整的可信认证,排除破解的可能   多个登录用户号和密码容易导致用户粗心,用户号和密码存放不安全 登录验证信息存储在TPM芯片内,强力的安全保护   用户号和密码存放在可复制的文件中;通过用户号和密码可以访问整个系统 用户号和密码的存放和保护由TPM强力完成   没有TPM的平台验证   有TPM的平台验证   未经授权的访问和恶意破坏容易改变系统设置和数据   能阻止未经授权的访问;各种安全算法模块校验系统设置   系统设置的改变允许未经授权的和恶意访问网络和敏感数据   经过TPM校验过的系统设置保证系统完整,阻止不合法的访问   非良好的习惯导致不可信赖的系统   可信赖的系统,减小支持和维护费用 The following is a comparison table of advantages and disadvantages with and without TPM chips: User authentication without TPM User authentication with TPM Only the user number and password are easy to be cracked Complete trusted authentication for user login, excluding the possibility of cracking Multiple login user numbers and passwords can easily lead to carelessness of users, and the storage of user numbers and passwords is not safe Login verification information is stored in the TPM chip, strong security protection The user ID and password are stored in a copyable file; the entire system can be accessed through the user ID and password The storage and protection of user ID and password are done by TPM Platform verification without TPM Platform verification with TPM Unauthorized access and malicious damage can easily change system settings and data Can prevent unauthorized access; various security algorithm modules verify system settings Changes in system settings allow unauthorized and malicious access to networks and sensitive data The system settings verified by TPM ensure the integrity of the system and prevent illegal access Bad habits lead to unreliable systems Reliable system with reduced support and maintenance costs

同时,要实现更深层面的计算机安全性,还要从TPM出发,目前针对TPM芯片来讲只停留在对指纹数据的安全加密存储,即将指纹特征信息存放在TPM内部或通过TPM内部加密后存放在外部,这样仅仅是将指纹数据信息作为重要信息进行管理和存储,并没有真正发挥指纹识别本身的意义。At the same time, in order to achieve a deeper level of computer security, we must start from the TPM. At present, for the TPM chip, it only stays in the secure encrypted storage of fingerprint data, that is, the fingerprint feature information is stored in the TPM or encrypted in the TPM. Externally, this only manages and stores fingerprint data information as important information, and does not really play the significance of fingerprint identification itself.

发明内容Contents of the invention

本发明的目的是克服了上述现有技术中的缺点,提供一种将可信计算与计算机系统安全芯片的生物认证及识别技术相结合、能够完善和增强计算机系统从硬件、操作系统及基础平台到应用层的全面安全。至少预存的指纹辨识码存储于TPM芯片内,且指纹比对在TPM芯片内部完成,运行效率较高、系统稳定性较强、适用范围较为广泛的基于可信平台模块的指纹生物识别引擎系统及其识别方法。The purpose of the present invention is to overcome the above-mentioned shortcomings in the prior art, to provide a combination of trusted computing and biometric authentication and identification technology of the computer system security chip, which can improve and enhance the computer system from hardware, operating system and basic platform Comprehensive security down to the application layer. At least the pre-stored fingerprint identification code is stored in the TPM chip, and the fingerprint comparison is completed inside the TPM chip, which has high operating efficiency, strong system stability, and a wide range of applications. The trusted platform module-based fingerprint biometric engine system and its identification method.

为了实现上述的目的,本发明的基于可信平台模块的指纹生物识别引擎系统及其识别方法如下:In order to achieve the above-mentioned purpose, the fingerprint biometric engine system and its identification method based on the trusted platform module of the present invention are as follows:

该基于可信平台模块的指纹生物识别引擎系统,包括计算机主板和主板上所承载并通过系统总线相互连接的基本输入输出系统BIOS、可信平台模块TPM芯片、中央处理器、随机访问存储器和其它计算机硬件,所述的可信平台模块TPM芯片内具有内置功能模块和芯片操作系统,其主要特点是,所述的引擎系统还包括指纹传感器、计算机主板上所承载的指纹采集模块和指纹处理模块、非易失性存储器、可信平台模块TPM芯片内置的指纹比对模块,所述的指纹传感器的输出端与指纹采集模块的输入端相连接,指纹采集模块的输出端与所述的指纹处理模块的输入端相连接,指纹处理模块的输出端与所述的指纹比对模块的输入端相连接,所述的指纹比对模块与所述的非易失性存储器相连接。The fingerprint biometric engine system based on the trusted platform module includes the computer motherboard and the basic input and output system BIOS carried on the motherboard and connected to each other through the system bus, the trusted platform module TPM chip, the central processing unit, the random access memory and other Computer hardware, described trusted platform module TPM chip has built-in function module and chip operating system, its main feature is that described engine system also includes fingerprint sensor, the fingerprint acquisition module and the fingerprint processing module carried on the computer motherboard , non-volatile memory, trusted platform module TPM chip built-in fingerprint comparison module, the output end of the fingerprint sensor is connected with the input end of the fingerprint collection module, the output end of the fingerprint collection module is connected with the fingerprint processing The input ends of the modules are connected, the output ends of the fingerprint processing module are connected with the input ends of the fingerprint comparison module, and the fingerprint comparison module is connected with the non-volatile memory.

该基于可信平台模块的指纹生物识别引擎系统的指纹采集模块、指纹处理模块可以均内置于所述的可信平台模块TPM芯片内,且指纹采集模块与指纹处理模块之间、指纹处理模块与指纹比对模块之间均相连接,所述的非易失性存储器为可信平台模块TPM芯片中的非易失性存储器,所述的指纹比对模块与所述的可信平台模块TPM芯片中的非易失性存储器相连接。The fingerprint acquisition module and the fingerprint processing module of the fingerprint biometric engine system based on the trusted platform module can be built in the trusted platform module TPM chip, and between the fingerprint acquisition module and the fingerprint processing module, between the fingerprint processing module and the The fingerprint comparison modules are all connected, and the non-volatile memory is a non-volatile memory in the trusted platform module TPM chip, and the fingerprint comparison module and the trusted platform module TPM chip connected to the non-volatile memory in the

该基于可信平台模块的指纹生物识别引擎系统的指纹采集模块和指纹处理模块置于所述的计算机主板所承载的基本输入输出系统BIOS内,且指纹采集模块与指纹处理模块相连接,指纹处理模块通过系统总线与指纹比对模块相连接,所述的非易失性存储器为基本输入输出系统BIOS中的加密存储区,所述的指纹比对模块通过系统总线与该基本输入输出系统BIOS中的加密存储区相连接。The fingerprint acquisition module and the fingerprint processing module of the fingerprint biometric engine system based on the trusted platform module are placed in the basic input and output system BIOS carried by the computer motherboard, and the fingerprint acquisition module is connected with the fingerprint processing module, and the fingerprint processing The module is connected with the fingerprint comparison module through the system bus, and the non-volatile memory is an encrypted storage area in the basic input and output system BIOS, and the fingerprint comparison module is connected with the fingerprint comparison module in the basic input and output system BIOS through the system bus. The encrypted storage area is connected.

该基于可信平台模块的指纹生物识别引擎系统的指纹采集模块和指纹处理模块还可以置于所述的计算机主板所承载的具有片内中央处理器的嵌入式SOC芯片内或者不具有片内中央处理器而有非易失性存储空间的芯片内,且指纹采集模块与指纹处理模块相连接,指纹处理模块通过系统总线与指纹比对模块相连接,所述的非易失性存储器为嵌入式SOC芯片中的非易失性存储器或者不具有片内中央处理器的芯片中的非易失性存储器,所述的指纹比对模块通过系统总线与该嵌入式SOC芯片中的非易失性存储器相连接或者与不具有片内中央处理器的芯片中的非易失性存储器相连接。The fingerprint collection module and the fingerprint processing module of the fingerprint biometric engine system based on the trusted platform module can also be placed in the embedded SOC chip with the on-chip central processing unit carried by the computer motherboard or without the on-chip central processing unit. The processor has a chip with non-volatile storage space, and the fingerprint collection module is connected with the fingerprint processing module, and the fingerprint processing module is connected with the fingerprint comparison module through the system bus, and the non-volatile memory is embedded The non-volatile memory in the SOC chip or the non-volatile memory in the chip that does not have on-chip central processing unit, described fingerprint comparison module communicates with the non-volatile memory in the embedded SOC chip through the system bus or to non-volatile memory in chips that do not have an on-chip CPU.

该基于可信平台模块的指纹生物识别引擎系统的非易失性存储器为闪存Flash、电可擦写可编程只读存储器EEPROM、可擦写可编程只读存储器EPROM、可编程只读存储器PROM或者其他的在断电情况下能继续保留数据的磁、电存储介质。The non-volatile memory of the fingerprint biometric engine system based on the trusted platform module is flash memory Flash, electrically erasable programmable read-only memory EEPROM, erasable programmable read-only memory EPROM, programmable read-only memory PROM or Other magnetic and electrical storage media that can continue to retain data in the event of a power failure.

该基于可信平台模块的指纹生物识别引擎系统的指纹传感器可以嵌装于计算机的主板、键盘、鼠标或者机壳表面,或者作为独立装置通过数据线与计算机相连接;所述的指纹传感器可以为光学指纹传感器、半导体指纹传感器或者超声波指纹传感器等,所述的半导体指纹传感器可以为硅电容式指纹传感器、半导体压感式指纹传感器或者半导体温度感应指纹传感器等。The fingerprint sensor of the fingerprint biometric engine system based on the trusted platform module can be embedded in the motherboard, keyboard, mouse or casing surface of the computer, or be connected with the computer as an independent device through a data line; the fingerprint sensor can be An optical fingerprint sensor, a semiconductor fingerprint sensor or an ultrasonic fingerprint sensor, etc. The semiconductor fingerprint sensor may be a silicon capacitive fingerprint sensor, a semiconductor pressure-sensitive fingerprint sensor, or a semiconductor temperature-sensitive fingerprint sensor.

该使用上述的引擎系统进行指纹生物识别的方法,其主要特点是,所述的方法包括以下步骤:The method for using the above-mentioned engine system to carry out fingerprint biometric identification is characterized in that the method includes the following steps:

(1)系统进行初始化设置;(1) The system performs initialization settings;

(2)指纹采集模块通过指纹传感器采集指纹的原始图像信息,并将该信息传送至指纹处理模块;(2) The fingerprint collection module collects the original image information of the fingerprint by the fingerprint sensor, and transmits the information to the fingerprint processing module;

(3)指纹处理模块根据该原始图像信息进行提取指纹特征信息并生成辨识码的操作处理;(3) The fingerprint processing module extracts fingerprint feature information and generates an identification code according to the original image information;

(4)指纹处理模块判断是否是进行初始指纹登记设置操作,并将该辨识码传送至指纹比对模块;(4) The fingerprint processing module judges whether the initial fingerprint registration setting operation is performed, and the identification code is sent to the fingerprint comparison module;

(5)如果是进行初始指纹登记设置操作,则指纹比对模块直接将所述的辨识码作为指纹辨识码存储于非易失性存储器内;(5) If the initial fingerprint registration setting operation is performed, the fingerprint comparison module directly stores the identification code as the fingerprint identification code in the non-volatile memory;

(6)反之,则从可信平台模块TPM芯片的内置功能模块中的非易失性存储器内提取出预存的指纹辨识码,并将所述的辨识码与该预存的指纹辨识码进行比对,并将比对结果返回;(6) Otherwise, extract the pre-stored fingerprint identification code from the non-volatile memory in the built-in function module of the trusted platform module TPM chip, and compare the identification code with the pre-stored fingerprint identification code , and return the comparison result;

(7)系统根据该比对结果进行后续处理。(7) The system performs subsequent processing according to the comparison result.

该进行指纹生物识别的方法的原始图像信息为数字指纹图像信息。The original image information of the fingerprint biometric identification method is digital fingerprint image information.

该进行指纹生物识别的方法的根据该原始图像信息进行提取指纹特征信息并生成辨识码的操作处理包括以下步骤:According to the method of fingerprint biometric identification, the operation process of extracting fingerprint feature information and generating identification code according to the original image information includes the following steps:

(1)指纹处理模块根据特定的指纹算法,从原始图像信息中提取出指纹特征信息;(1) The fingerprint processing module extracts fingerprint feature information from the original image information according to a specific fingerprint algorithm;

(2)指纹处理模块对上述的指纹特征信息进行编码和归类,并生成辩识码。(2) The fingerprint processing module encodes and classifies the above-mentioned fingerprint feature information, and generates identification codes.

该进行指纹生物识别的方法的判断是否是进行初始指纹登记设置操作为:The judgment of the method for performing fingerprint biometric identification is to perform the initial fingerprint registration setting operation as follows:

判断可信平台模块TPM芯片的内置功能模块中的非易失性存储器内是否存储有指纹辨识码,如果否,则返回是进行初始指纹登记设置操作的结果;如果是,则返回是进行初始指纹登记设置操作的结果;Determine whether the fingerprint identification code is stored in the non-volatile memory in the built-in function module of the trusted platform module TPM chip, if not, then return the result of performing the initial fingerprint registration setting operation; if yes, then return the result of performing the initial fingerprint registration register the result of the set operation;

或者为:判断系统设置的标识值是否是进行初始指纹登记设置操作。Or: judging whether the identification value set by the system is an initial fingerprint registration setting operation.

采用了该发明的基于可信平台模块的指纹生物识别引擎系统及其识别方法,由于基于TPM安全芯片在计算机主板上形成了指纹生物识别引擎系统,并在TPM芯片内的安全环境下与预存在TPM芯片内指纹进行比对,实现指纹比对认证,甚至可以将指纹的采集、处理和比对工作全部在TPM芯片内完成,从而得到更高的系统安全性和可靠性;同时,指纹预存数据和比对没有跨出过TPM,实现了强双因子安全认证;不仅如此,该指纹生物识别引擎系统可以接收其它任何系统硬件层、操作系统及基础平台层、安全应用层的认证请求,并将认证结果返回,从而实现了安全指纹生物认证,确保了用户及信息的完整性与私有性,确保了系统硬件、OS内核、服务及应用程序的完整性,可以应用于开机指纹安全身份认证、操作系统指纹安全身份认证和应用层指纹安全身份认证等领域,不仅运行效率较高,而且系统稳定性较强,适用范围较为广泛,为计算机安全认证技术的进一步发展奠定了坚实的基础。The fingerprint biometric engine system and its identification method based on the trusted platform module of the invention are adopted. Since the fingerprint biometric engine system is formed on the computer motherboard based on the TPM security chip, it is compatible with the pre-existing system under the security environment in the TPM chip. The fingerprints in the TPM chip are compared to achieve fingerprint comparison authentication, and even the collection, processing and comparison of fingerprints can be completed in the TPM chip, so as to obtain higher system security and reliability; at the same time, fingerprint pre-stored data Compared with the TPM, the strong two-factor security authentication is realized; not only that, the fingerprint biometric engine system can receive authentication requests from any other system hardware layer, operating system and basic platform layer, and security application layer, and will The authentication result is returned, thereby realizing secure fingerprint biometric authentication, ensuring the integrity and privacy of users and information, ensuring the integrity of system hardware, OS kernel, services and applications, and can be applied to boot fingerprint security identity authentication, operation System fingerprint security authentication and application layer fingerprint security authentication and other fields not only have high operating efficiency, but also have strong system stability and a wide range of applications, laying a solid foundation for the further development of computer security authentication technology.

附图说明Description of drawings

图1为现有技术中的可信计算终端系统平台安全体系结构图。FIG. 1 is a security architecture diagram of a trusted computing terminal system platform in the prior art.

图2为本发明的可信平台模块TPM安全芯片系统架构图。FIG. 2 is a system architecture diagram of the trusted platform module TPM security chip of the present invention.

图3为本发明的基于可信平台模块的指纹生物识别引擎系统的第一种实施例系统架构示意图。FIG. 3 is a schematic diagram of the system architecture of the first embodiment of the trusted platform module-based fingerprint biometric engine system of the present invention.

图4为本发明的基于可信平台模块的指纹生物识别引擎系统的第二种实施例系统架构示意图。FIG. 4 is a schematic diagram of the system architecture of the second embodiment of the trusted platform module-based fingerprint biometric engine system of the present invention.

图5为本发明应用于台式计算机中的指纹传感器安设位置示意图。FIG. 5 is a schematic diagram of the installation position of the fingerprint sensor applied in the desktop computer according to the present invention.

图6为本发明应用于笔记本电脑中的指纹传感器安设位置示意图。FIG. 6 is a schematic diagram of the installation position of the fingerprint sensor applied in the notebook computer according to the present invention.

具体实施方式Detailed ways

为了进一步说明本发明为达到预定目的所采用的技术、方法及功能效果,请参阅以下有关本发明的详细说明和附图,相信本发明的目的、特征与特点,当可得到深入和具体的了解,然而所附图示仅供参考和说明用,并非对本发明加以限制。In order to further illustrate the technology, method and functional effect that the present invention adopts to achieve the predetermined purpose, please refer to the following detailed description and accompanying drawings of the present invention. It is believed that the purpose, characteristics and characteristics of the present invention can be deeply and specifically understood. , however, the accompanying drawings are for reference and illustration only, and are not intended to limit the present invention.

请参阅图2所示,为计算机主板TPM芯片的方块架构示意图。一般TPM芯片内有一中央处理器(CPU)、非对称密码协处理器(RSA)、真随机数生成器(RNG)、存储模块(RAM)、非易失性存储(Non-VblatiIe Storage)和安全防护、管理及接口模块等等,从而构成了完整的TPM芯片。Please refer to FIG. 2 , which is a block diagram of a TPM chip on a computer motherboard. Generally, the TPM chip has a central processing unit (CPU), an asymmetric cryptographic coprocessor (RSA), a true random number generator (RNG), a storage module (RAM), a non-volatile storage (Non-VblatiIe Storage) and a security Protection, management and interface modules, etc., thus constitute a complete TPM chip.

TPM芯片通过TPM芯片操作系统及内置的功能模块形成系统安全认证体系。在身份认证上,TPM芯片内拥有存储区,可以存储证书,通常利用存储在片内的证书和各种加密算法完成安全认证。The TPM chip forms a system security certification system through the TPM chip operating system and built-in functional modules. In terms of identity authentication, the TPM chip has a storage area that can store certificates, and usually uses the certificates stored in the chip and various encryption algorithms to complete security authentication.

关于安全芯片的进一步技术细节,请参考“一种安全芯片及基于该芯片的信息安全处理设备和方法”的专利文献(专利申请号:03138380.7)。For further technical details of the security chip, please refer to the patent document "A Security Chip and Information Security Processing Device and Method Based on the Chip" (patent application number: 03138380.7).

再请参阅图3所示,为本发明的引擎系统的第一种实施例,其中该基于可信平台模块的指纹生物识别引擎系统的指纹采集模块、指纹处理模块均内置于所述的可信平台模块TPM芯片内,该指纹采集模块、指纹处理模块与指纹比对模块共同形成了TPM芯片中的指纹生物识别引擎,且指纹采集模块与指纹处理模块之间、指纹处理模块与指纹比对模块之间均相连接,所述的非易失性存储器为可信平台模块TPM芯片中的非易失性存储器,所述的指纹比对模块与所述的可信平台模块TPM芯片中的非易失性存储器相连接。Please refer to Fig. 3 again, which is the first embodiment of the engine system of the present invention, wherein the fingerprint acquisition module and the fingerprint processing module of the fingerprint biometric engine system based on the trusted platform module are all built in the trusted platform module. In the platform module TPM chip, the fingerprint collection module, fingerprint processing module and fingerprint comparison module together form the fingerprint biometric engine in the TPM chip, and between the fingerprint collection module and the fingerprint processing module, the fingerprint processing module and the fingerprint comparison module The non-volatile memory is a non-volatile memory in the trusted platform module TPM chip, and the fingerprint comparison module is connected with the non-volatile memory in the trusted platform module TPM chip. The volatile memory is connected.

此时的TPM芯片硬件资源能够完成指纹采集和处理运算,其运算能力完全依赖于片内的CPU,其内存则是利用了片内的RAM。At this time, the hardware resources of the TPM chip can complete fingerprint collection and processing operations. Its computing power completely depends on the on-chip CPU, and its memory uses the on-chip RAM.

再请参阅图4所示,为本发明的引擎系统的第二种实施例,其中该基于可信平台模块的指纹生物识别引擎系统,包括计算机主板和主板上所承载并通过系统总线相互连接的基本输入输出系统BIOS、可信平台模块TPM芯片、中央处理器、随机访问存储器,所述的可信平台模块TPM芯片内具有内置功能模块和芯片操作系统,其中,所述的引擎系统还包括指纹传感器、计算机主板上所承载的指纹采集模块和指纹处理模块、非易失性存储器、可信平台模块TPM芯片内置的指纹比对模块,该指纹对比模块形成了TPM芯片中的指纹生物识别引擎;该指纹采集模块和指纹处理模块置于所述的计算机主板所承载的基本输入输出系统BIOS内,且指纹采集模块与指纹处理模块相连接,指纹处理模块通过系统总线与指纹比对模块相连接;所述的指纹传感器的输出端与指纹采集模块的输入端相连接,指纹采集模块的输出端与所述的指纹处理模块的输入端相连接,指纹处理模块的输出端与所述的指纹比对模块的输入端相连接,所述的非易失性存储器为基本输入输出系统BIOS中的加密存储区,所述的指纹比对模块通过系统总线与该基本输入输出系统BIOS中的加密存储区相连接。Referring to Fig. 4 again, it is the second embodiment of the engine system of the present invention, wherein the fingerprint biometric engine system based on the trusted platform module includes the computer main board and the main board, which are carried on the main board and connected to each other through the system bus. Basic input and output system BIOS, trusted platform module TPM chip, central processing unit, random access memory, described trusted platform module TPM chip has built-in function module and chip operating system, wherein, described engine system also includes fingerprint The fingerprint acquisition module and fingerprint processing module carried by the sensor, the computer motherboard, the non-volatile memory, the fingerprint comparison module built into the TPM chip of the trusted platform module, and the fingerprint comparison module forms the fingerprint biometric engine in the TPM chip; The fingerprint collection module and the fingerprint processing module are placed in the basic input and output system BIOS carried by the computer motherboard, and the fingerprint collection module is connected with the fingerprint processing module, and the fingerprint processing module is connected with the fingerprint comparison module through the system bus; The output end of the fingerprint sensor is connected with the input end of the fingerprint collection module, the output end of the fingerprint collection module is connected with the input end of the fingerprint processing module, and the output end of the fingerprint processing module is compared with the fingerprint The input end of the module is connected, and the non-volatile memory is an encrypted storage area in the BIOS of the basic input and output system, and the fingerprint comparison module is connected with the encrypted storage area in the BIOS of the basic input and output system through the system bus. connect.

此时的TPM芯片硬件资源不能完成指纹采集和处理运算,而必须利用主机板上现有芯片或增加芯片,在本实施例中是利用现有BIOS和BIOS中的加密存储区来实现,其运算能力依赖于主板上的中央处理器,内存则是主板上的随机存储器RAM。The TPM chip hardware resources at this moment can't finish fingerprint acquisition and processing operation, but must utilize existing chip or increase chip on the motherboard, in this embodiment, utilize existing BIOS and the encrypted storage area in BIOS to realize, its operation The power depends on the central processing unit on the motherboard, and the memory is the random access memory RAM on the motherboard.

不仅如此,与上述第二种实施例相类似的,也可以采用以下本发明的引擎系统的第三种Not only that, similar to the above-mentioned second embodiment, the following third type of the engine system of the present invention can also be used:

实施例:Example:

其中该基于可信平台模块的指纹生物识别引擎系统,包括计算机主板和主板上所承载并通过系统总线相互连接的基本输入输出系统BIOS、可信平台模块TPM芯片、中央处理器、随机访问存储器,所述的可信平台模块TPM芯片内具有内置功能模块和芯片操作系统,其中,所述的引擎系统还包括指纹传感器、计算机主板上所承载的指纹采集模块和指纹处理模块、非易失性存储器、可信平台模块TPM芯片内置的指纹比对模块,该指纹对比模块形成了TPM芯片中的指纹生物识别引擎;该指纹采集模块和指纹处理模块置于所述的计算机主板所承载的不具有片内中央处理器的但有非易失性存储空间的芯片内,且指纹采集模块与指纹处理模块相连接,指纹处理模块通过系统总线与指纹比对模块相连接;所述的指纹传感器的输出端与指纹采集模块的输入端相连接,指纹采集模块的输出端与所述的指纹处理模块的输入端相连接,指纹处理模块的输出端与所述的指纹比对模块的输入端相连接,所述的非易失性存储器为计算机主板所承载的不具有片内中央处理器的但有非易失性存储空间的芯片中的加密存储区,所述的指纹比对模块通过系统总线与该芯片中的加密存储区相连接。Wherein the fingerprint biometric engine system based on the trusted platform module includes the computer motherboard and the basic input and output system BIOS carried on the motherboard and connected to each other through the system bus, the trusted platform module TPM chip, the central processing unit, the random access memory, The trusted platform module TPM chip has a built-in functional module and a chip operating system, wherein the engine system also includes a fingerprint sensor, a fingerprint acquisition module and a fingerprint processing module carried on the computer motherboard, and a non-volatile memory 1. The fingerprint comparison module built in the trusted platform module TPM chip, the fingerprint comparison module forms the fingerprint biometric engine in the TPM chip; In the chip of the central processing unit but with non-volatile storage space, and the fingerprint collection module is connected with the fingerprint processing module, and the fingerprint processing module is connected with the fingerprint comparison module through the system bus; the output terminal of the fingerprint sensor Be connected with the input end of fingerprint acquisition module, the output end of fingerprint acquisition module is connected with the input end of described fingerprint processing module, the output end of fingerprint processing module is connected with the input end of described fingerprint comparison module, so The non-volatile memory described above is an encrypted storage area in a chip that does not have an on-chip central processing unit but has a non-volatile storage space carried by a computer motherboard, and the fingerprint comparison module communicates with the chip through a system bus Connect to encrypted storage in .

此时的TPM芯片硬件资源不能完成指纹采集和处理运算,而必须利用主机板上现有芯片或增加芯片,在本实施例中是利用主板上的嵌入式SOC芯片来实现,其运算能力依赖于主板上的中央处理器,内存则是主板上的随机存储器RAM。Now TPM chip hardware resource can't finish fingerprint collection and processing operation, but must utilize the existing chip on the motherboard or increase chip, is to utilize the embedded SOC chip on the motherboard to realize in this embodiment, and its computing ability depends on The central processing unit on the motherboard, and the memory is the random access memory RAM on the motherboard.

与上述第二种实施例相类似的,还可以采用以下本发明的引擎系统的第四种实施例:Similar to the second embodiment above, the following fourth embodiment of the engine system of the present invention can also be used:

其中该基于可信平台模块的指纹生物识别引擎系统,包括计算机主板和主板上所承载并通过系统总线相互连接的基本输入输出系统BIOS、可信平台模块TPM芯片、中央处理器、随机访问存储器RAM,所述的可信平台模块TPM芯片内具有内置功能模块和芯片操作系统,其中,所述的引擎系统还包括指纹传感器、计算机主板上所承载的指纹采集模块和指纹处理模块、非易失性存储器、可信平台模块TPM芯片内置的指纹比对模块,该指纹比对模块形成了TPM芯片中的指纹生物识别引擎;该指纹采集模块和指纹处理模块置于所述的计算机主板所承载的具有片内中央处理器的嵌入式SOC芯片内,且指纹采集模块与指纹处理模块相连接,指纹处理模块通过系统总线与指纹比对模块相连接;所述的指纹传感器的输出端与指纹采集模块的输入端相连接,指纹采集模块的输出端与所述的指纹处理模块的输入端相连接,指纹处理模块的输出端与所述的指纹比对模块的输入端相连接,所述的非易失性存储器为嵌入式SOC芯片中的加密非易失性存储器,所述的指纹比对模块通过系统总线与该嵌入式SOC芯片中的加密非易失性存储器相连接。Among them, the fingerprint biometric engine system based on the trusted platform module includes the computer motherboard and the basic input and output system BIOS carried on the motherboard and connected to each other through the system bus, the trusted platform module TPM chip, the central processing unit, and the random access memory RAM , the trusted platform module TPM chip has a built-in function module and a chip operating system, wherein the engine system also includes a fingerprint sensor, a fingerprint acquisition module and a fingerprint processing module carried on the computer motherboard, a non-volatile The built-in fingerprint comparison module of memory, trusted platform module TPM chip, this fingerprint comparison module has formed the fingerprint biometric engine in the TPM chip; In the embedded SOC chip of the central processing unit in the chip, and the fingerprint collection module is connected with the fingerprint processing module, and the fingerprint processing module is connected with the fingerprint comparison module through the system bus; the output end of the fingerprint sensor is connected with the fingerprint collection module The input end is connected, the output end of the fingerprint collection module is connected with the input end of the fingerprint processing module, the output end of the fingerprint processing module is connected with the input end of the fingerprint comparison module, and the nonvolatile The permanent memory is an encrypted nonvolatile memory in the embedded SOC chip, and the fingerprint comparison module is connected with the encrypted nonvolatile memory in the embedded SOC chip through a system bus.

此时的TPM芯片硬件资源不能完成指纹采集和处理运算,而必须利用主机板上现有芯片或增加芯片,在本实施例中是利用主板上的嵌入式SOC芯片来实现,其运算能力依赖于嵌入式SOC芯片中的中央处理器,内存则是嵌入式SOC芯片内的随机存储器RAM。Now TPM chip hardware resource can't finish fingerprint collection and processing operation, but must utilize the existing chip on the motherboard or increase chip, is to utilize the embedded SOC chip on the motherboard to realize in this embodiment, and its computing ability depends on The central processing unit in the embedded SOC chip, and the memory is the random access memory RAM in the embedded SOC chip.

同时,该基于可信平台模块的指纹生物识别引擎系统的非易失性存储器为闪存Flash、电可擦写可编程只读存储器EEPROM、可擦写可编程只读存储器EPROM、可编程只读存储器PROM或者其他的在断电情况下能继续保留数据的磁、电存储介质。其中的磁存储器单元的详细技术信息请参阅美国专利文献“Thin Film Magnetic Core Memory And Method Of MakingSame”,专利号:5126971,1992年6月30日出版。At the same time, the non-volatile memory of the fingerprint biometric engine system based on the trusted platform module is flash memory Flash, electrically erasable programmable read-only memory EEPROM, erasable programmable read-only memory EPROM, programmable read-only memory PROM or other magnetic and electrical storage media that can continue to retain data in the event of power failure. For detailed technical information of the magnetic memory unit, please refer to the US patent document "Thin Film Magnetic Core Memory And Method Of Making Same", patent number: 5126971, published on June 30, 1992.

在实际应用当中,本发明是在TPM安全芯片内增加指纹生物认证引擎,并连接一个指纹传感器,该指纹传感器通过计算机的基本输入输出系统(I/O)将采集到的指纹图象传给TPM的指纹生物认证引擎指纹采集模块,指纹采集模块采集到的数字指纹图像传送给指纹处理模块,由指纹处理模块进行指纹特征值提取,编码为指纹辩识码。In the middle of practical application, the present invention is to increase fingerprint biological authentication engine in TPM security chip, and connect a fingerprint sensor, this fingerprint sensor passes the fingerprint image that gathers to TPM through basic input and output system (I/O) of computer The fingerprint biometric authentication engine fingerprint collection module, the digital fingerprint image collected by the fingerprint collection module is sent to the fingerprint processing module, and the fingerprint feature value is extracted by the fingerprint processing module, and encoded as a fingerprint identification code.

指纹比对模块将指纹辩识码与TPM芯片内预存的指纹辩识码进行比对,完成身份认证。The fingerprint comparison module compares the fingerprint identification code with the pre-stored fingerprint identification code in the TPM chip to complete identity authentication.

本发明主要是提供安全计算机硬件TPM芯片的片内指纹生物认证技术及实现方法,而其关键是在TPM芯片内增加一个生物识别引擎模块,在TPM芯片内的安全环境下与预存于TPM芯片内指纹辨识码进行比对,实现指纹比对认证。The present invention mainly provides the on-chip fingerprint biometric authentication technology and implementation method of the secure computer hardware TPM chip, and its key is to add a biometric engine module in the TPM chip, which is pre-stored in the TPM chip in the safe environment of the TPM chip. Fingerprint identification codes are compared to realize fingerprint comparison authentication.

由于指纹采集和处理有一定的复杂度,TPM芯片内的硬件资源不够完成复杂的处理运算,在上述第一种实施例中,将指纹采集和处理置于主机板上其他嵌入式SOC芯片内完成,将指纹传感器传入的指纹图像处理成含指纹特征信息的数据,安全的存储到TPM芯片内或与TPM芯片内的预存指纹信息进行比对;而在上述第二种实施例中,当TPM芯片内的硬件资源达到能够处理指纹的采集和处理运算时,指纹的采集、处理和比对工作全部在TPM芯片内完成。Due to the complexity of fingerprint collection and processing, the hardware resources in the TPM chip are not enough to complete complex processing operations. In the first embodiment above, the fingerprint collection and processing are placed in other embedded SOC chips on the motherboard to complete , process the fingerprint image imported by the fingerprint sensor into data containing fingerprint feature information, and store it safely in the TPM chip or compare it with the pre-stored fingerprint information in the TPM chip; and in the second embodiment above, when the TPM When the hardware resources in the chip are able to handle the collection and processing of fingerprints, the collection, processing and comparison of fingerprints are all completed in the TPM chip.

指纹预存数据和比对没有跨出过TPM,实现强双因子安全认证。TPM内指纹生物识别引擎接收其他任何系统硬件层、操作系统及基础平台层、安全应用层的认证请求,将认证结果返回,实现安全指纹生物认证,确保用户及信息的完整性与私有性,确保系统硬件、OS内核、服务及应用程序的安全性、完整性。The pre-stored data and comparison of fingerprints have not crossed the TPM, realizing strong two-factor security authentication. The fingerprint biometric engine in the TPM receives authentication requests from any other system hardware layer, operating system and basic platform layer, and security application layer, and returns the authentication results to realize secure fingerprint biometric authentication, ensure the integrity and privacy of users and information, and ensure Security and integrity of system hardware, OS kernel, services and applications.

再请参阅图5和图6所示,本发明的基于可信平台模块的指纹生物识别引擎系统的指纹传感器1可以根据情况嵌装于台式计算机的键盘、鼠标或者笔记本电脑的机壳表面,或者作为独立装置通过数据通讯连接线与计算机相连接,而TPM芯片2则嵌装于台式计算机的主板上或者笔记本电脑的主板上。Referring again to Fig. 5 and Fig. 6, the fingerprint sensor 1 of the fingerprint biometric engine system based on the trusted platform module of the present invention can be embedded in the keyboard of the desktop computer, the mouse or the casing surface of the notebook computer according to the situation, or As an independent device, it is connected with a computer through a data communication connection line, and the TPM chip 2 is embedded on the main board of the desktop computer or the main board of the notebook computer.

同时,该指纹传感器1可以为光学指纹传感器、半导体指纹传感器、超声波指纹传感器或者其他能够通过感应获取指纹图像数据的传感器,所述的半导体指纹传感器为硅电容式指纹传感器、半导体压感式指纹传感器或者半导体温度感应指纹传感器。At the same time, the fingerprint sensor 1 can be an optical fingerprint sensor, a semiconductor fingerprint sensor, an ultrasonic fingerprint sensor or other sensors capable of obtaining fingerprint image data through induction, and the semiconductor fingerprint sensor is a silicon capacitive fingerprint sensor, a semiconductor pressure-sensitive fingerprint sensor Or a semiconductor temperature-sensing fingerprint sensor.

在实际使用当中,该指纹传感器1可以使用各种类型的指纹传感器。目前主要包含三种大类的指纹传感器,分别是:光学、半导体、超声波指纹传感器。其中半导体式指纹传感器又分为:硅电容式、半导体压感式、半导体温度感应等传感器。随着技术的发展,新类型的传感器会不断推出,本发明中指纹采集可使用各种通过感应获取指纹图像数据的传感器来获取指纹影像信息;同时,指纹传感器1在计算机上放置的部位:键盘、鼠标、机壳、及各种通过数据通讯连接线连接到计算机上的独立的指纹传感器。In actual use, the fingerprint sensor 1 can use various types of fingerprint sensors. At present, there are mainly three types of fingerprint sensors, namely: optical, semiconductor, and ultrasonic fingerprint sensors. Among them, the semiconductor fingerprint sensor is divided into: silicon capacitive, semiconductor pressure sensitive, semiconductor temperature sensor and other sensors. With the development of technology, new types of sensors will continue to be introduced. In the present invention, fingerprint collection can use various sensors that obtain fingerprint image data by induction to obtain fingerprint image information; meanwhile, the position where fingerprint sensor 1 is placed on the computer: the keyboard , mouse, casing, and various independent fingerprint sensors connected to the computer through data communication cables.

本发明的使用上述的引擎系统进行指纹生物识别的方法,包括以下步骤:The method for using the above-mentioned engine system of the present invention to carry out fingerprint biometrics includes the following steps:

(1)系统进行初始化设置;(1) The system performs initialization settings;

(2)指纹采集模块通过指纹传感器采集指纹的原始图像信息,并将该信息传送至指纹处理模块,该原始图像信息为数字指纹图像信息;(2) The fingerprint collection module collects the original image information of the fingerprint by the fingerprint sensor, and transmits the information to the fingerprint processing module, and the original image information is digital fingerprint image information;

(3)指纹处理模块根据该原始图像信息进行提取指纹特征信息并生成辨识码的操作处理,该操作处理包括以下步骤:(3) The fingerprint processing module extracts fingerprint feature information and generates an identification code according to the original image information. The operation process includes the following steps:

(a)指纹处理模块根据特定的指纹算法,从原始图像信息中提取出指纹特征信息;(a) The fingerprint processing module extracts fingerprint feature information from the original image information according to a specific fingerprint algorithm;

(b)指纹处理模块对上述的指纹特征信息进行编码和归类,并生成辩识码;(b) The fingerprint processing module encodes and classifies the above-mentioned fingerprint feature information, and generates identification codes;

(4)指纹处理模块判断是否是进行初始指纹登记设置操作,并将该辨识码传送至指纹比对模块,该判断可以为:(4) The fingerprint processing module judges whether it is an initial fingerprint registration setting operation, and sends the identification code to the fingerprint comparison module. The judgment can be:

判断可信平台模块TPM芯片的内置功能模块中的非易失性存储器内是否存储有指纹辨识码,如果否,则返回是进行初始指纹登记设置操作的结果;如果是,则返回是进行初始指纹登记设置操作的结果;Determine whether the fingerprint identification code is stored in the non-volatile memory in the built-in function module of the trusted platform module TPM chip, if not, then return the result of performing the initial fingerprint registration setting operation; if yes, then return the result of performing the initial fingerprint registration register the result of the set operation;

也可以为:判断系统设置的标识值是否是进行初始指纹登记设置操作;It can also be: judging whether the identification value set by the system is an initial fingerprint registration setting operation;

(5)如果是进行初始指纹登记设置操作,则指纹比对模块直接将所述的辨识码作为指纹辨识码存储于可信平台模块TPM芯片的内置功能模块中的非易失性存储器内;(5) If the initial fingerprint registration setting operation is performed, the fingerprint comparison module directly stores the identification code as the fingerprint identification code in the non-volatile memory in the built-in function module of the trusted platform module TPM chip;

(6)反之,则指纹比对模块从可信平台模块TPM芯片的内置功能模块中的非易失性存储器内提取出预存指纹辨识码,并将所述的预存指纹辨识码与该指纹辨识码进行比对,并将比对结果返回;(6) Otherwise, the fingerprint comparison module extracts the pre-stored fingerprint identification code from the non-volatile memory in the built-in function module of the trusted platform module TPM chip, and compares the described pre-stored fingerprint identification code with the fingerprint identification code Perform a comparison and return the comparison result;

(7)系统根据该比对结果进行后续处理。(7) The system performs subsequent processing according to the comparison result.

在实际使用当中,本发明所要解决的技术问题在于在计算机TPM芯片内实现指纹生物识别引擎模块的方法,即在TPM芯片内完成指纹的算法、指纹的采集处理、指纹的比对认证,做到所有指纹处理永不出TPM芯片,作为一种可信计算机的基本生物认证功能模块提供给从计算机系统安全硬件层、安全操作系统及基础平台层、安全应用层使用。In actual use, the technical problem to be solved by the present invention lies in the method of realizing the fingerprint biometric engine module in the computer TPM chip, that is, completing the fingerprint algorithm, the collection and processing of fingerprints, and the comparison and authentication of fingerprints in the TPM chip, so as to achieve All fingerprint processing will never go out of the TPM chip. As a basic biometric authentication function module of a trusted computer, it is provided from the computer system security hardware layer, security operating system and basic platform layer, and security application layer.

因此,计算机需要连接指纹采集设备,既各种类型的指纹传感器,在计算机需要指纹影像信息的时候,采集活体指纹信息,将采集的活体指纹信息传递给TPM内部的指纹生物认证引擎。指纹生物认证引擎对传入的原始活体指纹信息通过指纹算法进行运算和处理,存储在TPM存储区或作出认证结果,返回给调用指纹生物认证引擎的设备和程序。Therefore, the computer needs to be connected to a fingerprint collection device, that is, various types of fingerprint sensors. When the computer needs fingerprint image information, it collects live fingerprint information and transmits the collected live fingerprint information to the fingerprint biometric authentication engine inside the TPM. The fingerprint biometric authentication engine calculates and processes the incoming raw living fingerprint information through the fingerprint algorithm, stores it in the TPM storage area or makes an authentication result, and returns it to the device and program that calls the fingerprint biometric authentication engine.

上述的认证过程中,包括以下几个步骤:The above authentication process includes the following steps:

(1)指纹采集(1) Fingerprint collection

通过各种指纹采集传感器,采集指纹的原始图像,该原始图像信息为非模拟的数字指纹图象信息。然后传送给指纹处理模块。指纹采集包含与各种指纹传感器的接口,指纹影像采集判断等。The original image of the fingerprint is collected through various fingerprint collection sensors, and the original image information is non-simulated digital fingerprint image information. Then send it to the fingerprint processing module. Fingerprint collection includes interfaces with various fingerprint sensors, fingerprint image collection and judgment, etc.

(2)指纹处理(2) Fingerprint processing

指纹处理模块根据指纹算法,提取指纹特征信息,对指纹特征信息进行编码、归类,编码为辩识码。The fingerprint processing module extracts the fingerprint characteristic information according to the fingerprint algorithm, encodes and classifies the fingerprint characteristic information, and encodes it into an identification code.

关于指纹算法的技术细节,请参考“指纹识别方法”的专利文献(专利申请号:03142267.5)。For the technical details of the fingerprint algorithm, please refer to the patent document "Fingerprint Identification Method" (patent application number: 03142267.5).

(3)指纹比对(3) Fingerprint comparison

将采集到的使用者的指纹辩识码与TPM芯片中预存的指纹辩识码进行比对。Compare the collected fingerprint identification code of the user with the fingerprint identification code pre-stored in the TPM chip.

指纹比对程序预存于TPM芯片的非易失性存储器内。The fingerprint comparison program is pre-stored in the non-volatile memory of the TPM chip.

采用了上述的基于可信平台模块的指纹生物识别引擎系统及其识别方法,由于基于TPM安全芯片在计算机主板上形成了指纹生物识别引擎系统,并在TPM芯片内的安全环境下与预存在TPM芯片内指纹进行比对,实现指纹比对认证,甚至可以将指纹的采集、处理和比对工作全部在TPM芯片内完成,从而得到更高的系统安全性和可靠性;同时,指纹预存辩识码和指纹比对没有跨出过TPM,实现了强双因子安全认证;不仅如此,该指纹生物识别引擎系统可以接收其它任何系统硬件层、操作系统及基础平台层、安全应用层的认证请求,并将认证结果返回,从而实现了安全指纹生物认证,确保了用户及信息的完整性与私有性,确保了系统硬件、OS内核、服务及应用程序的完整性,可以应用于开机指纹安全身份认证、操作系统指纹安全身份认证和应用层指纹安全身份认证等领域,不仅运行效率较高,而且系统稳定性较强,适用范围较为广泛,为计算机安全认证技术的进一步发展奠定了坚实的基础。The above-mentioned fingerprint biometric engine system based on the trusted platform module and its identification method have been adopted, since the fingerprint biometric engine system is formed on the computer motherboard based on the TPM security chip, and the TPM is pre-existed in the safe environment of the TPM chip. The fingerprints in the chip are compared to achieve fingerprint comparison authentication, and even the collection, processing and comparison of fingerprints can be completed in the TPM chip, so as to obtain higher system security and reliability; at the same time, fingerprint pre-stored identification Code and fingerprint comparison has not crossed the TPM, to achieve a strong two-factor security authentication; not only that, the fingerprint biometric engine system can receive any other system hardware layer, operating system and basic platform layer, security application layer authentication request, And return the authentication result, thus realizing secure fingerprint biometric authentication, ensuring the integrity and privacy of users and information, ensuring the integrity of system hardware, OS kernel, services and applications, and can be applied to boot fingerprint security identity authentication , operating system fingerprint security authentication and application layer fingerprint security authentication and other fields, not only has high operating efficiency, but also has strong system stability and a wide range of applications, laying a solid foundation for the further development of computer security authentication technology.

在此说明书中,本发明已参照其特定的实施例作了描述。但是,很显然仍可以作出各种修改和变换而不背离本发明的精神和范围。因此,说明书和附图应被认为是说明性的而非限制性的。In this specification, the invention has been described with reference to specific embodiments thereof. However, it is obvious that various modifications and changes can be made without departing from the spirit and scope of the invention. Accordingly, the specification and drawings are to be regarded as illustrative rather than restrictive.

Claims (12)

1, a kind of fingerprint bio-identification automotive engine system based on credible platform module, comprise and carrying on computer motherboard and the mainboard and by the interconnective basic input-output system BIOS of system bus, credible platform module TPM chip, central processing unit, random access storage device and other computer hardware, have build-in function module and chip operating system in the described credible platform module TPM chip, it is characterized in that, described automotive engine system also comprises fingerprint sensor, finger print acquisition module that is carried on the computer motherboard and Fingerprint Processing Module, nonvolatile memory, the fingerprint comparison module of credible platform module TPM built-in chip type, the output terminal of described fingerprint sensor is connected with the input end of finger print acquisition module, the output terminal of finger print acquisition module is connected with the input end of described Fingerprint Processing Module, the output terminal of Fingerprint Processing Module is connected with the input end of described fingerprint comparison module, and described fingerprint comparison module is connected with described nonvolatile memory.
2, the fingerprint bio-identification automotive engine system based on credible platform module according to claim 1, it is characterized in that, described finger print acquisition module, Fingerprint Processing Module all are built in the described credible platform module TPM chip, and between finger print acquisition module and the Fingerprint Processing Module, all be connected between Fingerprint Processing Module and the fingerprint comparison module, described nonvolatile memory is the nonvolatile memory in the credible platform module TPM chip, and described fingerprint comparison module is connected with nonvolatile memory in the described credible platform module TPM chip.
3, fingerprint bio-identification automotive engine system based on credible platform module according to claim 1, it is characterized in that, described finger print acquisition module and Fingerprint Processing Module place in the basic input-output system BIOS that described computer motherboard carries, and finger print acquisition module is connected with Fingerprint Processing Module, Fingerprint Processing Module is connected with the fingerprint comparison module by system bus, described nonvolatile memory is the encryption memory block in the basic input-output system BIOS, and described fingerprint comparison module is connected with encryption memory block in this basic input-output system BIOS by system bus.
4, fingerprint bio-identification automotive engine system based on credible platform module according to claim 1, it is characterized in that, described finger print acquisition module and Fingerprint Processing Module also place in the embedded SOC chip with central processing unit in the sheet that described computer motherboard carries or do not have central processing unit in the sheet and have in the chip of nonvolatile storage space, and finger print acquisition module is connected with Fingerprint Processing Module, Fingerprint Processing Module is connected with the fingerprint comparison module by system bus, described nonvolatile memory is the nonvolatile memory in nonvolatile memory in the embedded SOC chip or the chip that does not have central processing unit in the sheet, and described fingerprint comparison module is connected by the nonvolatile memory in the embedded SOC chip of system bus and this or is connected with nonvolatile memory in the chip that does not have central processing unit in the sheet.
5, according to each described fingerprint bio-identification automotive engine system in the claim 1 to 4, it is characterized in that described fingerprint comparison module all is built in the TPM chip based on credible platform module.
6, according to each described fingerprint bio-identification automotive engine system in the claim 1 to 4 based on credible platform module, it is characterized in that described nonvolatile memory is flash memory Flash, EEPROM (Electrically Erasable Programmable Read Only Memo) EEPROM, Erarable Programmable Read only Memory EPROM, programmable read only memory PROM or other the magnetic that can continue retention data under powering-off state, electric storage medium.
7, according to each described fingerprint bio-identification automotive engine system in the claim 1 to 4 based on credible platform module, it is characterized in that, described fingerprint sensor is flush-mounted in mainboard, keyboard, mouse or the casing surface of computing machine, perhaps is connected with computing machine by the data communication connecting line as autonomous device; Described fingerprint sensor is that optical fingerprint sensor, semiconductor fingerprint sensor, ultrasound wave fingerprint sensor or other can obtain the sensor of fingerprint image data by induction, and described semiconductor fingerprint sensor is silicon capacitance fingerprint sensor, semiconductor pressure-sensitive fingerprint sensor or conductor temperature induction fingerprint sensor.
8, a kind of method of using the described automotive engine system of claim 1 to carry out the fingerprint bio-identification is characterized in that described method may further comprise the steps:
(1) system carries out the initialization setting;
(2) finger print acquisition module is gathered the original image information of fingerprint by fingerprint sensor, and this information is sent to Fingerprint Processing Module;
(3) Fingerprint Processing Module is according to take the fingerprint characteristic information and generate the operational processes of identification code of this original image information;
(4) Fingerprint Processing Module judges whether it is to carry out initial fingerprint registration setting operation, and this identification code is sent to the fingerprint comparison module;
(5) if carry out initial fingerprint registration setting operation, then the fingerprint comparison module directly is stored in described identification code in the nonvolatile memory in the TPM chip as the identification of fingerprint sign indicating number;
(6) otherwise, then extract the identification of fingerprint sign indicating number that prestores in the nonvolatile memory in the credible platform module TPM chip, and described identification code and this identification of fingerprint sign indicating number that prestores compared, and comparison result is returned;
(7) system carries out subsequent treatment according to this comparison result.
9, method of carrying out the fingerprint bio-identification according to claim 8 is characterized in that, described original image information is the digital finger-print image information.
10, according to Claim 8 or 9 described methods of carrying out the fingerprint bio-identification, it is characterized in that the described operational processes that takes the fingerprint characteristic information and generate identification code according to this original image information may further comprise the steps:
(1) Fingerprint Processing Module extracts fingerprint characteristic information according to specific fingerprint algorithm from original image information;
(2) Fingerprint Processing Module is encoded to above-mentioned fingerprint characteristic information and is sorted out, and the knowledge sign indicating number is debated in generation.
11, according to Claim 8 or 9 described methods of carrying out the fingerprint bio-identification, it is characterized in that described judging whether is to carry out initial fingerprint registration setting operation to be:
Judge in the nonvolatile memory of credible platform module TPM chip whether be pre-stored with the identification of fingerprint sign indicating number, if not, then returning is the result who carries out initial fingerprint registration setting operation; If then returning is the result who carries out initial fingerprint registration setting operation;
Perhaps be: whether the ident value of judging system's setting is to carry out initial fingerprint registration setting operation.
12, method of carrying out the fingerprint bio-identification according to claim 8 is characterized in that, the described identification of fingerprint sign indicating number that prestores is all deposited in the nonvolatile memory of TPM chip internal.
CNA2006100246736A 2006-03-14 2006-03-14 Fingerprint biometric identification engine system and identification method based on trusted platform module Pending CN1822013A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNA2006100246736A CN1822013A (en) 2006-03-14 2006-03-14 Fingerprint biometric identification engine system and identification method based on trusted platform module

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNA2006100246736A CN1822013A (en) 2006-03-14 2006-03-14 Fingerprint biometric identification engine system and identification method based on trusted platform module

Publications (1)

Publication Number Publication Date
CN1822013A true CN1822013A (en) 2006-08-23

Family

ID=36923374

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2006100246736A Pending CN1822013A (en) 2006-03-14 2006-03-14 Fingerprint biometric identification engine system and identification method based on trusted platform module

Country Status (1)

Country Link
CN (1) CN1822013A (en)

Cited By (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101211389B (en) * 2006-12-31 2010-04-07 联想(北京)有限公司 Hardware safe unit and its service request processing method and system
CN101888442A (en) * 2010-04-16 2010-11-17 中兴通讯股份有限公司 Method for security management of mobile terminal and mobile terminal
WO2011006295A1 (en) * 2009-07-14 2011-01-20 Sheng Yongxiang Authentication method for user identification equipment
CN101986641A (en) * 2010-10-20 2011-03-16 杭州晟元芯片技术有限公司 Trusted computing platform chip applicable to mobile communication equipment and authentication method thereof
CN102419805A (en) * 2011-11-22 2012-04-18 中兴通讯股份有限公司 A terminal device and user information encryption method thereof
CN101529376B (en) * 2006-10-25 2013-09-04 微软公司 Platform authentication via transparent cofactors
CN101965570B (en) * 2008-02-29 2013-09-18 格罗方德半导体公司 A computer system comprising a secure boot mechanism
CN104778141A (en) * 2015-02-10 2015-07-15 浙江大学 Control system trusted architecture-based TPCM (Trusted Platform Control Module) and trusted detection technology
CN104778393A (en) * 2015-04-16 2015-07-15 电子科技大学 Security fingerprint identification method for intelligent terminal
CN105354466A (en) * 2015-10-26 2016-02-24 维沃移动通信有限公司 Fingerprint recognition method and mobile terminal
CN106156577A (en) * 2015-04-17 2016-11-23 国民技术股份有限公司 A kind of safety chip, authentication method based on biological characteristic and intelligent terminal
CN106295285A (en) * 2015-05-28 2017-01-04 联想(北京)有限公司 A kind of information processing method and electronic equipment
CN106605230A (en) * 2014-09-26 2017-04-26 英特尔公司 Securing sensor data
CN106682470A (en) * 2015-11-09 2017-05-17 南昌欧菲生物识别技术有限公司 Fingerprint recognition system based on encrypted fingerprint information, terminal device and method
CN106934268A (en) * 2017-03-31 2017-07-07 山东超越数控电子有限公司 A kind of method that encrypting fingerprint is realized in BIOS
CN106971101A (en) * 2017-03-30 2017-07-21 山东超越数控电子有限公司 One kind refers to the credible progress control method of hand vein recognition and system
WO2017206654A1 (en) * 2016-05-30 2017-12-07 Guangdong Oppo Mobile Telecommunications Corp., Ltd. Method for controlling unlocking and terminal
WO2019104920A1 (en) * 2017-11-30 2019-06-06 北京集创北方科技股份有限公司 Electronic device, display system, integrated control device thereof, and security verification method
CN110969735A (en) * 2019-12-27 2020-04-07 大唐半导体科技有限公司 Intelligent lock master control system and method based on security chip architecture

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101529376B (en) * 2006-10-25 2013-09-04 微软公司 Platform authentication via transparent cofactors
CN101211389B (en) * 2006-12-31 2010-04-07 联想(北京)有限公司 Hardware safe unit and its service request processing method and system
CN101965570B (en) * 2008-02-29 2013-09-18 格罗方德半导体公司 A computer system comprising a secure boot mechanism
CN102474498B (en) * 2009-07-14 2013-12-18 深圳市永盛世纪科技有限公司 Subscriber Identification Device Authentication Method
CN102474498A (en) * 2009-07-14 2012-05-23 深圳市永盛世纪科技有限公司 Subscriber Identification Device Authentication Method
WO2011006295A1 (en) * 2009-07-14 2011-01-20 Sheng Yongxiang Authentication method for user identification equipment
WO2011127697A1 (en) * 2010-04-16 2011-10-20 中兴通讯股份有限公司 Security management method for mobile terminal and mobile terminal thereof
CN101888442A (en) * 2010-04-16 2010-11-17 中兴通讯股份有限公司 Method for security management of mobile terminal and mobile terminal
CN101986641A (en) * 2010-10-20 2011-03-16 杭州晟元芯片技术有限公司 Trusted computing platform chip applicable to mobile communication equipment and authentication method thereof
CN102419805A (en) * 2011-11-22 2012-04-18 中兴通讯股份有限公司 A terminal device and user information encryption method thereof
CN106605230A (en) * 2014-09-26 2017-04-26 英特尔公司 Securing sensor data
CN106605230B (en) * 2014-09-26 2024-05-03 英特尔公司 Ensuring sensor data security
US10360369B2 (en) 2014-09-26 2019-07-23 Intel Corporation Securing sensor data
CN104778141B (en) * 2015-02-10 2017-12-26 浙江大学 A kind of TPCM modules based on control system trusted infrastructure and credible detection method
CN104778141A (en) * 2015-02-10 2015-07-15 浙江大学 Control system trusted architecture-based TPCM (Trusted Platform Control Module) and trusted detection technology
CN104778393A (en) * 2015-04-16 2015-07-15 电子科技大学 Security fingerprint identification method for intelligent terminal
CN106156577A (en) * 2015-04-17 2016-11-23 国民技术股份有限公司 A kind of safety chip, authentication method based on biological characteristic and intelligent terminal
CN106295285A (en) * 2015-05-28 2017-01-04 联想(北京)有限公司 A kind of information processing method and electronic equipment
CN106295285B (en) * 2015-05-28 2020-02-21 联想(北京)有限公司 Information processing method and electronic equipment
CN105354466A (en) * 2015-10-26 2016-02-24 维沃移动通信有限公司 Fingerprint recognition method and mobile terminal
CN105354466B (en) * 2015-10-26 2017-03-29 维沃移动通信有限公司 A kind of fingerprint identification method and mobile terminal
CN106682470A (en) * 2015-11-09 2017-05-17 南昌欧菲生物识别技术有限公司 Fingerprint recognition system based on encrypted fingerprint information, terminal device and method
WO2017206654A1 (en) * 2016-05-30 2017-12-07 Guangdong Oppo Mobile Telecommunications Corp., Ltd. Method for controlling unlocking and terminal
US10409973B2 (en) 2016-05-30 2019-09-10 Guangdong Oppo Mobile Telecommunications Corp., Ltd. Method for controlling unlocking and terminal device
CN106971101A (en) * 2017-03-30 2017-07-21 山东超越数控电子有限公司 One kind refers to the credible progress control method of hand vein recognition and system
CN106934268A (en) * 2017-03-31 2017-07-07 山东超越数控电子有限公司 A kind of method that encrypting fingerprint is realized in BIOS
WO2019104920A1 (en) * 2017-11-30 2019-06-06 北京集创北方科技股份有限公司 Electronic device, display system, integrated control device thereof, and security verification method
CN110969735A (en) * 2019-12-27 2020-04-07 大唐半导体科技有限公司 Intelligent lock master control system and method based on security chip architecture
CN110969735B (en) * 2019-12-27 2022-02-01 大唐半导体科技有限公司 Intelligent lock master control system and method based on security chip architecture

Similar Documents

Publication Publication Date Title
CN1822013A (en) Fingerprint biometric identification engine system and identification method based on trusted platform module
CN101470783B (en) An identity recognition method and device based on a trusted platform module
US9081946B2 (en) Secure mass storage device
CN1229705C (en) Biometric-based devices and systems and associated security systems
CN103270529B (en) User Identity Verification in Mobile Commerce
CN1885315A (en) Embedded single security chip biological fingerprint identification system and method thereof
CN1808973A (en) USB MMI information security device and its control method
CN202049500U (en) Fingerprint identification system based on TCM (trusted cryptography module)
CN101034987A (en) Method and device for improving the security of the intelligent secret key
CN201820230U (en) Trusted Computing Trust Root Devices and Computers for Computers
CN1710852A (en) Intelligent ciphered key with biological characteristic identification function and its working method
CN101034986A (en) Method and system for securely using the intelligent secrete key device
CN100481107C (en) An identity control method based on credibility platform module and fingerprint identifying
CN1900939A (en) Fingerprint biometric identification device and identification method for secure computer
CN201233599Y (en) Computer keyboard for generating cipher through fingerprint identification
CN101059858A (en) Method and device for inquiring conveniently electronic transaction history record
CN2916768Y (en) Embedded Single Security Chip Biometric Fingerprint Identification System
CN103593596A (en) USB KEY for collecting external biological characteristics
CN103532956A (en) Biological information-based authentication method in cloud operation system
CN2914193Y (en) A TPM fingerprint biometric device
CN1897530A (en) Financial-transaction terminal for processing information carrier according to USB interface normalization and its operation
CN1667637A (en) Combining fingerprint recognition on computer main board as method and device for starting computer
CN102314566A (en) Computer-to-computer authentication and man-to-machine authentication method applied to cloud computing
CN2896370Y (en) Intelligent key device
CN101079708A (en) Calculator generating authentication password and its operation method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C12 Rejection of a patent application after its publication
RJ01 Rejection of invention patent application after publication