[go: up one dir, main page]

CN103886233B - Method, device and system for improving equipment security by binding hardware - Google Patents

Method, device and system for improving equipment security by binding hardware Download PDF

Info

Publication number
CN103886233B
CN103886233B CN201410145855.3A CN201410145855A CN103886233B CN 103886233 B CN103886233 B CN 103886233B CN 201410145855 A CN201410145855 A CN 201410145855A CN 103886233 B CN103886233 B CN 103886233B
Authority
CN
China
Prior art keywords
hardware
user
binding
features
security
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410145855.3A
Other languages
Chinese (zh)
Other versions
CN103886233A (en
Inventor
王艺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
I Patrol Technology Ltd
Original Assignee
I Patrol Technology Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by I Patrol Technology Ltd filed Critical I Patrol Technology Ltd
Priority to CN201410145855.3A priority Critical patent/CN103886233B/en
Publication of CN103886233A publication Critical patent/CN103886233A/en
Priority to PCT/CN2014/081356 priority patent/WO2015154341A1/en
Application granted granted Critical
Publication of CN103886233B publication Critical patent/CN103886233B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/101Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/101Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
    • G06F21/1015Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to users
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Collating Specific Patterns (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种通过绑定硬件来提高设备安全性的方法、装置及系统,通过将用户生物特征与外部硬件或内部硬件绑定,并利用硬件物理特征函数的不可复制特性的方式,能够大幅度提高设备的安全性,进而保障用户的隐私及利益。本发明通过绑定硬件来提高设备安全性的方法包括:采集用户的生物特征及获取待绑定硬件的硬件特征;按设定规则将所述生物特征与所述硬件特征绑定;当用户进入设备时,将获取到的生物特征与硬件特征与设备已存储的生物特征与硬件特征比较,并得到比较结果;根据所述比较结果控制所述设备。

The present invention discloses a method, device and system for improving the security of a device by binding hardware. By binding the user's biometric features to external hardware or internal hardware and utilizing the non-copyable characteristics of the hardware physical feature function, the security of the device can be greatly improved, thereby protecting the privacy and interests of the user. The method of improving the security of a device by binding hardware of the present invention includes: collecting the user's biometric features and obtaining the hardware features of the hardware to be bound; binding the biometric features to the hardware features according to set rules; when the user enters the device, comparing the acquired biometric features and hardware features with the biometric features and hardware features stored in the device, and obtaining a comparison result; and controlling the device according to the comparison result.

Description

通过绑定硬件来提高设备安全性的方法、装置及系统Method, device and system for improving device security by binding hardware

技术领域technical field

本发明涉及设备安全领域,具体涉及一种通过绑定硬件来提高设备安全性的方法、装置及系统。The invention relates to the field of equipment security, in particular to a method, device and system for improving equipment security by binding hardware.

背景技术Background technique

现在电子产品和通讯设备的安全越来越重要,各生产商也在设备安全这一块煞费苦心。利用人体生物特征,例如指纹、声纹或虹膜等,作为系统接入模块被广泛使用,如Apple最新的iphone5就利用了指纹模块进入系统。Now the security of electronic products and communication equipment is becoming more and more important, and various manufacturers are also working hard on equipment security. The use of human biometrics, such as fingerprints, voiceprints or irises, is widely used as a system access module. For example, Apple's latest iphone5 uses a fingerprint module to enter the system.

现有电子产品和通讯设备的安全主要通过数字密码、硬件安全设备或人体生物特征进行保护。数字密码简单易用,用户只需要进行简单设置即可对设备进行加密;硬件安全设备,例如U盾,是将数字密码和硬件进行绑定的加密方式,但是这仅仅是简单的叠加;人体生物特征,由于人的这些模拟世界里的模拟信号特征可以作为识别人的唯一特征,因而生物特征,比如人的指纹、眼睛虹膜、说话的声音或脸型可以用来保护用户的独家使用以及隐私。The security of existing electronic products and communication equipment is mainly protected by digital passwords, hardware security devices or human biometrics. Digital passwords are easy to use, and users only need to make simple settings to encrypt the device; hardware security devices, such as U-shield, are encryption methods that bind digital passwords and hardware, but this is just a simple superposition; human biological Features, because the analog signal features of people in these simulated worlds can be used as unique features to identify people, thus biometrics, such as people's fingerprints, eye iris, speaking voice or face shape, can be used to protect the exclusive use and privacy of users.

然而,由于数字密码比较容易破解,因而并不能保障电子产品和通讯设备的安全;对于硬件安全设备,由于仅仅是数字密码和硬件简单叠加,在硬件安全设备丢失或被更加强大和昂贵的硬件设备攻击时,就很容易被攻破;而生物特征虽然有其唯一性,但是生物特征可能被复制,如指纹的复制,一旦用户的生物特征被复制,用户的设备就可能会被入侵,用户设备内的资料将会暴露开来。由于现在越来越多用户的通信工具、购物工具或支付工具等选择与通讯设备关联,因此用户设备被入侵很有可能会给用户带来巨大的损失。However, because digital passwords are relatively easy to crack, the security of electronic products and communication equipment cannot be guaranteed; for hardware security devices, due to the simple superimposition of digital passwords and hardware, when the hardware security device is lost or replaced by a more powerful and expensive hardware device When attacking, it is easy to be broken; and although the biometric feature has its uniqueness, the biometric feature may be copied, such as the copy of the fingerprint. Once the user's biometric feature is copied, the user's device may be invaded. data will be exposed. Since more and more users choose to associate communication tools, shopping tools, or payment tools with communication devices, the hacking of user devices is likely to bring huge losses to users.

发明内容Contents of the invention

本发明提供了一种通过绑定硬件来提高设备安全性的方法、装置及系统,通过将用户生物特征与外部硬件或内部硬件绑定,并利用硬件物理特征函数的不可复制特性的方式,能够大幅度提高设备的安全性,进而保障用户的隐私及利益。The present invention provides a method, device and system for improving device security by binding hardware. By binding the user's biological characteristics with external hardware or internal hardware, and using the non-reproducible characteristics of hardware physical feature functions, it can Significantly improve the security of equipment, thereby protecting the privacy and interests of users.

本发明实施例提供的通过绑定硬件来提高设备安全性的方法,包括:The method for improving device security by binding hardware provided by the embodiment of the present invention includes:

采集用户的生物特征及获取待绑定硬件的硬件特征;Collect the user's biological characteristics and obtain the hardware characteristics of the hardware to be bound;

按设定规则将所述生物特征与所述硬件特征绑定;Binding the biometric feature with the hardware feature according to set rules;

当用户进入设备时,将获取到的生物特征与硬件特征与设备已存储的生物特征与硬件特征比较,并得到比较结果;When the user enters the device, compare the obtained biometric and hardware features with the stored biometric and hardware features of the device, and obtain the comparison result;

根据所述比较结果控制所述设备。The device is controlled based on the comparison result.

可选地,Optionally,

所述生物特征包括指纹特征和/或人脸特征和/或虹膜特征和/或声纹特征。The biometric features include fingerprint features and/or facial features and/or iris features and/or voiceprint features.

可选地,Optionally,

所述采集用户的生物特征包括:The collection of user biometrics includes:

通过指纹模块采集用户的指纹特征,Collect the user's fingerprint features through the fingerprint module,

和/或and / or

通过摄像头采集用户的人脸特征和/或虹膜特征,Collect the user's facial features and/or iris features through the camera,

和/或and / or

通过麦克风采集用户的声纹特征。The user's voiceprint characteristics are collected through the microphone.

可选地,Optionally,

所述待绑定硬件包括外部硬件或所述设备内部硬件。The hardware to be bound includes external hardware or internal hardware of the device.

可选地,Optionally,

所述待绑定硬件为外部硬件;The hardware to be bound is external hardware;

所述外部硬件对应的硬件特征为硬件数据或参数;The hardware feature corresponding to the external hardware is hardware data or parameters;

所述外部硬件为第三方发放或认证。The external hardware is issued or certified by a third party.

可选地,Optionally,

所述方法还包括:The method also includes:

向得到许可的第四方提供用户相关信息资料。Provide user-related information to authorized fourth parties.

可选地,Optionally,

所述用户相关信息资料由所述得到许可的第四方向应用或服务商提供使用。The user-related information is provided for use by the permitted fourth party to the application or service provider.

可选地,Optionally,

在步骤向得到许可的第四方提供用户相关信息资料之前还包括:Before the step of providing user-related information to the licensed fourth party, it also includes:

对所述用户相关信息资料进行加密。Encrypt the user-related information materials.

可选地,Optionally,

所述待绑定硬件为设备内部硬件;The hardware to be bound is the internal hardware of the device;

所述设备内部硬件对应的硬件特征为该内部硬件的物理不可复制函数(Physically Un-clonable Function,PUF)。The hardware feature corresponding to the internal hardware of the device is a physically unclonable function (Physically Un-clonable Function, PUF) of the internal hardware.

可选地,Optionally,

所述设备内部硬件为设备的内存。The internal hardware of the device is the memory of the device.

可选地,Optionally,

所述设备包括:手机或平板电脑。The device includes: a mobile phone or a tablet computer.

本发明实施例提供的通过绑定硬件来提高设备安全性的装置,包括:The device for improving device security by binding hardware provided by the embodiment of the present invention includes:

采集获取模块,用于采集用户的生物特征及获取待绑定硬件的硬件特征;The collection and acquisition module is used to collect the biological characteristics of the user and obtain the hardware characteristics of the hardware to be bound;

绑定模块,用于按设定规则将所述生物特征与所述硬件特征绑定;A binding module, configured to bind the biometric feature with the hardware feature according to set rules;

比较模块,用于当用户进入设备时,将获取到的生物特征与硬件特征与设备已存储的生物特征与硬件特征比较,并得到比较结果;A comparison module, configured to compare the acquired biometric and hardware characteristics with the stored biometric and hardware characteristics of the device when the user enters the device, and obtain a comparison result;

控制模块,用于根据所述比较结果控制所述设备。A control module, configured to control the device according to the comparison result.

可选地,Optionally,

所述采集获取模块包括采集单元和获取单元;The collection and acquisition module includes a collection unit and an acquisition unit;

所述采集单元用于采集用户的生物特征;The collection unit is used to collect the biological characteristics of the user;

所述获取单元用于获取待绑定硬件的硬件特征。The obtaining unit is used to obtain hardware features of the hardware to be bound.

可选地,Optionally,

所述采集单元包括:The acquisition unit includes:

指纹模块和/或摄像头和/或麦克风,其中,fingerprint module and/or camera and/or microphone, wherein,

所述指纹模块用于采集用户的指纹特征;The fingerprint module is used to collect the fingerprint characteristics of the user;

所述摄像头用于采集用户的人脸特征和/或虹膜特征;The camera is used to collect facial features and/or iris features of the user;

所述麦克风用于采集用户的声纹特征。The microphone is used to collect the voiceprint features of the user.

本发明实施例提供的通过绑定硬件来提高设备安全性的系统,包括:The system for improving device security by binding hardware provided by the embodiment of the present invention includes:

至少两个如权利要求12至14所述的通过绑定硬件来提高设备安全性的装置;At least two devices for improving device security by binding hardware as claimed in claims 12 to 14;

用户与所述装置具有相互映射关系,所述装置与应用或服务绑定;The user and the device have a mutual mapping relationship, and the device is bound to an application or service;

至少两个所述用户之间,between at least two of said users,

or

至少两个所述装置之间,between at least two of said means,

or

至少两个所述用户与至少两个所述装置之间,between at least two of said users and at least two of said devices,

or

一个所述用户与至少两个所述装置之间通过所述相互映射关系的绑定而实现绑定。The binding between one user and at least two devices is realized through the binding of the mutual mapping relationship.

本发明实施例中,首先采集用户的生物特征及获取待绑定硬件的硬件特征;然后按设定规则将所述生物特征与所述硬件特征绑定;接着当用户进入设备时,将获取到的生物特征与硬件特征与设备已存储的生物特征与硬件特征比较,并得到比较结果;最后根据所述比较结果控制所述设备。通过将用户生物特征与外部硬件或内部硬件绑定的方式,本发明的方法、装置及系统具有以下优点:In the embodiment of the present invention, first collect the user's biological characteristics and obtain the hardware characteristics of the hardware to be bound; then bind the biological characteristics and the hardware characteristics according to the set rules; then when the user enters the device, the acquired The biological characteristics and hardware characteristics of the device are compared with the biological characteristics and hardware characteristics stored in the device, and a comparison result is obtained; finally, the device is controlled according to the comparison result. By binding the user's biological characteristics with external hardware or internal hardware, the method, device and system of the present invention have the following advantages:

1、利用将硬件与用户的生物特征绑定,及硬件物理特征函数的不可复制特性的方式,能够大幅度提高设备的安全性,进而保障用户的隐私及利益;1. Using the method of binding the hardware with the user's biological characteristics and the non-replicable characteristics of the hardware's physical characteristic function, the security of the device can be greatly improved, thereby protecting the privacy and interests of the user;

2、由于硬件与用户的生物特征相互绑定,因此可以方便实现多用户间的安全绑定,从而为多用户间的交互提供便利。2. Since the hardware and the user's biological characteristics are bound to each other, it is convenient to realize the secure binding between multiple users, thereby facilitating the interaction between multiple users.

附图说明Description of drawings

图1为本发明通过绑定硬件来提高设备安全性的方法第一实施例流程图;FIG. 1 is a flow chart of the first embodiment of the method for improving device security by binding hardware in the present invention;

图2为本发明通过绑定硬件来提高设备安全性的方法第二实施例流程图;Fig. 2 is a flow chart of the second embodiment of the method for improving device security by binding hardware in the present invention;

图3为本发明通过绑定硬件来提高设备安全性的方法第三实施例流程图;FIG. 3 is a flow chart of a third embodiment of a method for improving device security by binding hardware in the present invention;

图4为本发明通过绑定硬件来提高设备安全性的装置实施例结构示意图。FIG. 4 is a schematic structural diagram of an embodiment of an apparatus for improving device security by binding hardware according to the present invention.

具体实施方式detailed description

本发明提供了一种通过绑定硬件来提高设备安全性的方法、装置及系统,通过将用户生物特征与外部硬件或内部硬件绑定,并利用硬件物理特征函数的不可复制特性的方式,能够大幅度提高设备的安全性,进而保障用户的隐私及利益。The present invention provides a method, device and system for improving device security by binding hardware. By binding the user's biological characteristics with external hardware or internal hardware, and using the non-reproducible characteristics of hardware physical feature functions, it can Significantly improve the security of equipment, thereby protecting the privacy and interests of users.

请参阅图1,本发明实施例中通过绑定硬件来提高设备安全性的方法第一实施例包括:Please refer to Figure 1, the first embodiment of the method for improving device security by binding hardware in the embodiment of the present invention includes:

101、采集用户的生物特征及获取待绑定硬件的硬件特征;101. Collecting the biological characteristics of the user and obtaining the hardware characteristics of the hardware to be bound;

在设备将用户的生物特征及硬件绑定之前,可以先采集用户的生物特征及获取待绑定硬件的硬件特征。Before the device binds the user's biological characteristics and hardware, it can first collect the user's biological characteristics and obtain the hardware characteristics of the hardware to be bound.

上述生物特征具体可以包括指纹特征、人脸特征、虹膜特征及声纹特征中的一种或多种,上述采集用户的生物特征具体可以包括:通过指纹模块采集用户的指纹特征,和/或通过摄像头采集用户的人脸特征和/或虹膜特征,和/或通过麦克风采集用户的声纹特征。The biometric features mentioned above may specifically include one or more of fingerprint features, face features, iris features, and voiceprint features. The camera collects the user's facial features and/or iris features, and/or collects the user's voiceprint features through the microphone.

上述待绑定硬件可以包括外部硬件或设备内部硬件,上述外部硬件具体可以包括银行发放的U盾或拉卡拉等,上述设备内部硬件具体可以包括设备内存、扬声器或CPU等。The above-mentioned hardware to be bound may include external hardware or internal hardware of the device. The external hardware may specifically include a USB shield or Lakala issued by the bank, and the internal hardware of the device may specifically include device memory, speakers, or CPU.

102、按设定规则将生物特征与硬件特征绑定;102. Bind biometric features with hardware features according to set rules;

采集用户的生物特征及获取待绑定硬件的硬件特征之后,可以按设定规则将生物特征与硬件特征绑定。After collecting the user's biological characteristics and obtaining the hardware characteristics of the hardware to be bound, the biological characteristics can be bound to the hardware characteristics according to the set rules.

103、当用户进入设备时,将获取到的生物特征与硬件特征与设备已存储的生物特征与硬件特征比较,并得到比较结果;103. When the user enters the device, compare the acquired biological characteristics and hardware characteristics with the stored biological characteristics and hardware characteristics of the device, and obtain a comparison result;

按设定规则将生物特征与硬件特征绑定之后,若用户需要进入或访问设备,该设备会将获取到的生物特征与硬件特征与设备已存储的生物特征与硬件特征比较,并得到比较结果。After the biometrics and hardware features are bound according to the set rules, if the user needs to enter or access the device, the device will compare the obtained biometrics and hardware features with the stored biometrics and hardware features of the device, and obtain the comparison result .

104、根据比较结果控制设备。104. Control the device according to the comparison result.

若比较结果为取到的生物特征与硬件特征与设备已存储的生物特征与硬件特征匹配或相符,则用户可以进入设备,否则设备可以向用户反馈信息。上述向用户反馈信息具体可以包括反馈错误原因及解决方法等。If the result of the comparison is that the obtained biometric feature and hardware feature match or match the stored biometric feature and hardware feature of the device, the user can enter the device, otherwise the device can feed back information to the user. The above-mentioned feedback information to the user may specifically include feeding back an error cause and a solution, and the like.

通过将用户生物特征与外部硬件或内部硬件绑定,并利用硬件物理特征函数的不可复制特性的方式,本发明实施例通过绑定硬件来提高设备安全性的方法能够大幅度提高设备的安全性,进而保障用户的隐私及利益。By binding the user's biological characteristics with external hardware or internal hardware, and using the non-replicable characteristics of the hardware's physical feature function, the embodiment of the present invention can greatly improve the security of the device by binding the hardware to improve the security of the device. , thus protecting the privacy and interests of users.

上面介绍了本发明通过绑定硬件来提高设备安全性的方法第一实施例,下面介绍通过绑定硬件来提高设备安全性的方法的第二实施例,请参阅图2,本发明实施例中通过绑定硬件来提高设备安全性的方法的第二实施例包括:The first embodiment of the method for improving device security by binding hardware is introduced above, and the second embodiment of the method for improving device security by binding hardware is introduced below, please refer to FIG. 2 , in the embodiment of the present invention A second embodiment of the method for improving device security by binding hardware includes:

201、采集用户的生物特征及获取待绑定外部硬件的外部硬件特征;201. Collect the biological characteristics of the user and obtain the external hardware characteristics of the external hardware to be bound;

在设备将用户的生物特征及外部硬件绑定之前,可以先采集用户的生物特征及获取待绑定外部硬件的硬件特征。Before the device binds the user's biometrics and external hardware, it can first collect the user's biometrics and obtain the hardware characteristics of the external hardware to be bound.

上述生物特征具体可以包括指纹特征、人脸特征、虹膜特征及声纹特征中的一种或多种,上述采集用户的生物特征具体可以包括:通过指纹模块采集用户的指纹特征,和/或通过摄像头采集用户的人脸特征和/或虹膜特征,和/或通过麦克风采集用户的声纹特征。The biometric features mentioned above may specifically include one or more of fingerprint features, face features, iris features, and voiceprint features. The camera collects the user's facial features and/or iris features, and/or collects the user's voiceprint features through the microphone.

上述外部硬件为第三方发放或认证,其对应的外部硬件特征为硬件数据或参数,例如可以为银行发放的U盾或拉卡拉等。The above-mentioned external hardware is issued or certified by a third party, and its corresponding external hardware features are hardware data or parameters, such as USB-shield or Lakala issued by a bank.

需要说明的是,上述的外部硬件在被用的设备使用的过程中,可能会存在搜集用户相关使用习惯或应用资料信息的行为,此行为一般只对发放该外部硬件的发行方使用,当将外部硬件与用户的生物特征绑定之后,用户可以对此行为进行限定,能够进一步保护用户的隐私。It should be noted that during the use of the above-mentioned external hardware, there may be behaviors of collecting user-related usage habits or application data information. This behavior is generally only used by the issuer who issued the external hardware. After the external hardware is bound to the user's biometric feature, the user can limit this behavior, which can further protect the user's privacy.

202、按设定规则将生物特征与外部硬件特征绑定;202. Bind biometric features with external hardware features according to set rules;

采集用户的生物特征及获取待绑定外部硬件的外部硬件特征之后,可以按设定规则将生物特征与外部硬件特征绑定。After collecting the biometrics of the user and obtaining the external hardware features to be bound to the external hardware, the biometrics can be bound to the external hardware features according to the set rules.

上述设定规则具体可以是:将外部硬件特征做适当变换后,与用户生物特征绑定。Specifically, the above-mentioned setting rules may be: bind the external hardware features with the user's biometric features after appropriate transformation.

203、当用户进入设备时,将获取到的生物特征与外部硬件特征与设备已存储的生物特征与外部硬件特征比较,并得到比较结果;203. When the user enters the device, compare the acquired biological characteristics with the external hardware characteristics with the stored biological characteristics and external hardware characteristics of the device, and obtain the comparison result;

按设定规则将生物特征与外部硬件特征绑定之后,若用户需要进入或访问设备,该设备会将获取到的生物特征与外部硬件特征与设备已存储的生物特征与外部硬件特征比较,并得到比较结果。After binding the biometrics and external hardware features according to the set rules, if the user needs to enter or access the device, the device will compare the obtained biometrics with the external hardware features with the biometrics stored in the device and the external hardware features, and Get the comparison result.

204、根据比较结果控制设备;204. Control the device according to the comparison result;

若比较结果为取到的生物特征与外部硬件特征与设备已存储的生物特征与外部硬件特征匹配或相符,则用户可以进入设备,否则设备可以向用户反馈信息。上述向用户反馈信息具体可以包括反馈错误原因及解决方法等。If the result of the comparison is that the acquired biometrics and external hardware characteristics match or match the stored biometrics and external hardware characteristics of the device, the user can enter the device, otherwise the device can feed back information to the user. The above-mentioned feedback information to the user may specifically include feeding back an error cause and a solution, and the like.

通过将用户生物特征与外部硬件绑定,并利用硬件物理特征函数的不可复制特性的方式,本发明实施例通过绑定外部硬件来提高设备安全性的方法能够大幅度提高设备的安全性,进而保障用户的隐私及利益。By binding the user's biometric feature with external hardware and utilizing the non-replicable feature of the hardware's physical feature function, the embodiment of the present invention can greatly improve the security of the device by binding the external hardware to improve the security of the device, and then Protect the privacy and interests of users.

205、对用户相关信息资料进行加密;205. Encrypt relevant user information;

用户相关信息资料可以是外部硬件搜集的,也可以是存放在设备内部的,这些用户相关信息资料由于涉及到用户的隐私和安全,因此在对用户相关信息资料进行传输或使用之前,可以对用户相关信息资料进行加密。User-related information can be collected by external hardware or stored inside the device. Since these user-related information involves the user's privacy and security, before transmitting or using user-related information, users can Relevant information is encrypted.

206、向得到许可的第四方提供用户相关信息资料。206. Provide user-related information to the permitted fourth party.

用户相关信息资料,具体可以是用户的网页商品浏览痕迹、定位信息或下载记录等,因为这些信息是用户习惯和喜好的反映,因此可以为商家或应用服务商提供指引,因而这些信息是属于有价值的信息。得到许可的第四方,可以获得设备提供的用户相关信息资料,然后第四方可以将用户相关信息资料向应用或服务商提供使用,第四方可以根据该用户相关信息资料所产生的效益向用户发放分成或优惠。User-related information can specifically be the user's browsing traces of web products, location information, or download records, etc., because this information is a reflection of user habits and preferences, so it can provide guidance for merchants or application service providers, so this information is a valid value information. The fourth party who has obtained permission can obtain the user-related information provided by the device, and then the fourth party can provide the user-related information to the application or service provider for use, and the fourth party can submit the user-related information to the user according to the benefits generated by the user-related information. The user issues a share or discount.

需要说明的是,在将用户相关信息资料经得到许可的第四方向应用或服务商提供使用的过程中,可以是在加密信道中发生,亦即用户设备直接经过加密信道向应用或服务商提供用户相关信息资料,这样可以保障用户相关信息资料不会向第四方泄密。It should be noted that, in the process of providing the user-related information to the application or service provider through the licensed fourth party, it may take place in an encrypted channel, that is, the user equipment directly provides the application or service provider with an encrypted channel. User-related information, so as to ensure that user-related information will not be leaked to the fourth party.

下面以一个具体实例来说明本发明实施例的应用过程:The application process of the embodiment of the present invention is described below with a specific example:

本实例中的设备为手机,用户生物特征为虹膜特征,外部硬件为第三方发放的支付验证器,上述支付验证器接入手机时可以实现免密码直接支付。本发明的手机已经将虹膜特征与支付验证器绑定,用户使用时,将支付验证器通过耳机接口、Micro接口或特殊接口接入手机,然后有手机录入虹膜特征,当验证通过后,用户可以实现免密码直接支付。由于手机已经将虹膜特征与支付验证器绑定,因此即便除用户外的其他人同时得到手机及支付验证器也无法使用免密码直接支付功能,从而能够保证用户的账户安全。此外支付验证器在用户使用的过程中,可以搜集用户的使用信息,上述的使用信息可以包括用户所支付的商品、位置信息及浏览痕迹,这些信息一般只为支付验证器的发放方秘密使用,本发明中,可以通过授权的方式,向得到许可的第四方或发放支付验证器的第三方提供用户相关信息。需要说明的是,上述第四方可以将用户相关信息通过有偿的方式提供给服务或应用开发商使用,并将有偿所得通过分成或提供优惠的方式返还提供用户相关信息的用户,上述服务或应用开发商可以直接通过加密通道从用户设备,本实例中为手机,中接收用户相关信息,而不必经过第四方,此方法能够降低用户相关信息泄露的风险。The device in this example is a mobile phone, the user's biometric feature is the iris feature, and the external hardware is a payment authenticator issued by a third party. When the above payment authenticator is connected to the mobile phone, it can realize direct payment without password. The mobile phone of the present invention has bound the iris feature with the payment verifier. When the user uses it, the payment verifier is connected to the mobile phone through the earphone interface, the Micro interface or a special interface, and then the mobile phone enters the iris feature. After the verification is passed, the user can Realize direct payment without password. Since the mobile phone has bound the iris feature with the payment verifier, even if someone other than the user gets the mobile phone and the payment verifier at the same time, they cannot use the password-free direct payment function, thereby ensuring the security of the user's account. In addition, the payment verifier can collect the user's usage information during the user's use. The above-mentioned usage information can include the goods paid by the user, location information and browsing traces. These information are generally only used secretly by the issuer of the payment verifier. In the present invention, user-related information may be provided to a licensed fourth party or a third party issuing a payment verifier in an authorized manner. It should be noted that the above-mentioned fourth party can provide user-related information to service or application developers in a paid manner, and return the paid income to the user who provided the user-related information by sharing or providing discounts. The above-mentioned services or applications The developer can directly receive user-related information from the user device, in this example, a mobile phone, through an encrypted channel without going through a fourth party. This method can reduce the risk of user-related information leakage.

通过将用户生物特征与外部硬件绑定,并将外部硬件搜集的用户信息许可或授权使用的方式,本发明实施例通过绑定外部硬件来提高设备安全性的方法能够大幅度提高设备的安全性,保障用户的隐私及利益的同时,可以通过分成或提供优惠的方式增加用户的收益。By binding the user's biological characteristics with external hardware, and permitting or authorizing the use of user information collected by external hardware, the method of improving device security by binding external hardware in the embodiment of the present invention can greatly improve the security of the device , while protecting the user's privacy and interests, the user's income can be increased by sharing or providing discounts.

上面介绍了本发明通过绑定硬件来提高设备安全性的方法第二实施例,下面介绍通过绑定硬件来提高设备安全性的方法的第三实施例,请参阅图3,本发明实施例中通过绑定硬件来提高设备安全性的方法的第三实施例包括:The second embodiment of the method for improving device security by binding hardware is introduced above, and the third embodiment of the method for improving device security by binding hardware is introduced below, please refer to FIG. 3 , in the embodiment of the present invention A third embodiment of the method for improving device security by binding hardware includes:

301、采集用户的生物特征及获取待绑定内部硬件的内部硬件特征;301. Collect the biological characteristics of the user and obtain the internal hardware characteristics of the internal hardware to be bound;

在设备将用户的生物特征及内部硬件绑定之前,可以先采集用户的生物特征及获取待绑定内部硬件的内部硬件特征。Before the device binds the user's biometrics and internal hardware, it can first collect the user's biometrics and obtain the internal hardware characteristics of the internal hardware to be bound.

上述生物特征具体可以包括指纹特征、人脸特征、虹膜特征及声纹特征中的一种或多种,上述采集用户的生物特征具体可以包括:通过指纹模块采集用户的指纹特征,和/或通过摄像头采集用户的人脸特征和/或虹膜特征,和/或通过麦克风采集用户的声纹特征。The biometric features mentioned above may specifically include one or more of fingerprint features, face features, iris features, and voiceprint features. The camera collects the user's facial features and/or iris features, and/or collects the user's voiceprint features through the microphone.

设备内部硬件对应的内部硬件特征为该内部硬件的物理不可复制函数(Physically Un-clonable Function,PUF),上述设备内部硬件具体可以为设备的内存。The internal hardware feature corresponding to the internal hardware of the device is a Physically Unclonable Function (PUF) of the internal hardware, and the above-mentioned internal hardware of the device may specifically be the memory of the device.

需要说明的是,若设备内部硬件为设备的内存,则内存的PUF可以通过如下方式获得:由于单个内存单元在物理边界条件下(非正常使用条件下、如初始化阶段或处理物理刺激情况下),会以一定概率出现0或者1的结果,但在统计上,在一个足够多的内存单元的共同的边界条件下,其统计的结果会出现一致特性,因此可以用此方法获得内存的PUF,在内存上随机选取内存单元,利用error correction在选取好的内存单元上产生统一结果即可获得内存的PUF。It should be noted that if the internal hardware of the device is the memory of the device, the PUF of the memory can be obtained in the following way: Because a single memory unit is under physical boundary conditions (under abnormal use conditions, such as initialization phase or processing physical stimulation) , there will be a result of 0 or 1 with a certain probability, but statistically, under the common boundary conditions of enough memory units, the statistical results will have consistent characteristics, so this method can be used to obtain the PUF of the memory, Randomly select a memory unit on the memory, and use error correction to generate a unified result on the selected memory unit to obtain the PUF of the memory.

302、按设定规则将生物特征与内部硬件特征绑定;302. Bind the biological characteristics with the internal hardware characteristics according to the set rules;

采集用户的生物特征及获取待绑定内部硬件的内部硬件特征之后,可以按设定规则将生物特征与内部硬件特征绑定。After collecting the biometrics of the user and obtaining the internal hardware features of the internal hardware to be bound, the biometrics can be bound to the internal hardware features according to the set rules.

303、当用户进入设备时,将获取到的生物特征与内部硬件特征与设备已存储的生物特征与内部硬件特征比较,并得到比较结果;303. When the user enters the device, compare the acquired biometric features and internal hardware features with the stored biometric features and internal hardware features of the device, and obtain a comparison result;

按设定规则将生物特征与内部硬件特征绑定之后,若用户需要进入或访问设备,该设备会将获取到的生物特征与内部硬件特征与设备已存储的生物特征与内部硬件特征比较,并得到比较结果。After the biometrics are bound to the internal hardware features according to the set rules, if the user needs to enter or access the device, the device will compare the obtained biometrics with the internal hardware features with the stored biometrics and internal hardware features of the device, and Get the comparison result.

304、根据比较结果控制设备。304. Control the device according to the comparison result.

若比较结果为取到的生物特征与硬件特征与设备已存储的生物特征与硬件特征匹配或相符,则用户可以进入设备,否则设备可以向用户反馈信息。上述向用户反馈信息具体可以包括反馈错误原因及解决方法等。If the result of the comparison is that the obtained biometric feature and hardware feature match or match the stored biometric feature and hardware feature of the device, the user can enter the device, otherwise the device can feed back information to the user. The above-mentioned feedback information to the user may specifically include feeding back an error cause and a solution, and the like.

下面以一个具体实例来说明本发明实施例的应用过程:The application process of the embodiment of the present invention is described below with a specific example:

假设存在若干个已将用户生物特征与内部硬件特征绑定的用户设备,各用户设备之间可以相互绑定,对于已绑定的用户设备,由于各用户设备自身存在开放式服务或应用,因此可以通过用户设备的绑定达到服务或应用的绑定,而服务和应用间的绑定由于以用户设备为基础,因而具有很高的安全性,而且会给用户的使用带来很大的便利。Assuming that there are several user equipments that have bound the user's biological characteristics with internal hardware features, each user equipment can be bound to each other. For the bound user equipment, since each user equipment has its own open service or application, so The binding of services or applications can be achieved through the binding of user equipment, and the binding between services and applications is based on user equipment, so it has high security and will bring great convenience to users .

本发明方法中描述的设备具体可以包括:手机或平板电脑。The device described in the method of the present invention may specifically include: a mobile phone or a tablet computer.

通过将用户生物特征与内部硬件绑定,并利用内部硬件物理特征函数的不可复制特性的方式,本发明实施例通过绑定内部硬件来提高设备安全性的方法能够大幅度提高设备的安全性,进而保障用户的隐私及利益。By binding the user's biological characteristics with the internal hardware and utilizing the non-replicable characteristics of the internal hardware's physical feature function, the embodiment of the present invention can greatly improve the security of the device by binding the internal hardware to improve the security of the device. In order to protect the privacy and interests of users.

上面介绍了本发明通过绑定硬件来提高设备安全性的方法第三实施例,下面介绍通过绑定硬件来提高设备安全性的装置实施例,请参阅图4,本发明实施例中通过绑定硬件来提高设备安全性的装置实施例包括:The third embodiment of the method for improving device security by binding hardware in the present invention is described above. The following describes an embodiment of a device for improving device security by binding hardware. Please refer to FIG. 4. In this embodiment of the present invention, by binding Embodiments of hardware to improve device security include:

采集获取模块401,用于采集用户的生物特征及获取待绑定硬件的硬件特征;The collection and acquisition module 401 is used to collect the biological characteristics of the user and obtain the hardware characteristics of the hardware to be bound;

绑定模块402,用于按设定规则将生物特征与硬件特征绑定;A binding module 402, configured to bind the biometric feature with the hardware feature according to a set rule;

比较模块403,用于当用户进入设备时,将获取到的生物特征与硬件特征与设备已存储的生物特征与硬件特征比较,并得到比较结果;A comparison module 403, configured to compare the acquired biometric features and hardware features with the stored biometric features and hardware features of the device when the user enters the device, and obtain a comparison result;

控制模块404,用于根据比较结果控制设备。A control module 404, configured to control the device according to the comparison result.

可选地,Optionally,

采集获取模块401包括采集单元4011和获取单元4012;The acquisition module 401 includes an acquisition unit 4011 and an acquisition unit 4012;

采集单元4011用于采集用户的生物特征;The collection unit 4011 is used to collect the biological characteristics of the user;

获取单元4012用于获取待绑定硬件的硬件特征。The acquiring unit 4012 is configured to acquire hardware features of the hardware to be bound.

可选地,Optionally,

采集单元4011包括:Acquisition unit 4011 includes:

指纹模块和/或摄像头和/或麦克风,其中,fingerprint module and/or camera and/or microphone, wherein,

指纹模块用于采集用户的指纹特征;The fingerprint module is used to collect the fingerprint characteristics of the user;

摄像头用于采集用户的人脸特征和/或虹膜特征;The camera is used to collect the user's facial features and/or iris features;

麦克风用于采集用户的声纹特征。The microphone is used to collect the user's voiceprint features.

本发明实施例中,采集获取模块401首先采集用户的生物特征及获取待绑定硬件的硬件特征;然后绑定模块402按设定规则将所述生物特征与所述硬件特征绑定;接着当用户进入设备时,比较模块403将获取到的生物特征与硬件特征与设备已存储的生物特征与硬件特征比较,并得到比较结果;最后控制模块404根据所述比较结果控制所述设备;其中采集获取模块401包括采集单元4011和获取单元4012;采集单元4011用于采集用户的生物特征;获取单元4012用于获取待绑定硬件的硬件特征。通过将用户生物特征与外部硬件或内部硬件绑定的方式,本发明的方法和装置具有以下优点:In the embodiment of the present invention, the collection and acquisition module 401 first collects the biological characteristics of the user and obtains the hardware characteristics of the hardware to be bound; then the binding module 402 binds the biological characteristics and the hardware characteristics according to the set rules; then when When the user enters the device, the comparison module 403 compares the acquired biological characteristics and hardware characteristics with the biological characteristics and hardware characteristics stored in the device, and obtains the comparison result; finally, the control module 404 controls the device according to the comparison result; The acquisition module 401 includes an acquisition unit 4011 and an acquisition unit 4012; the acquisition unit 4011 is used to acquire the biological characteristics of the user; the acquisition unit 4012 is used to acquire the hardware characteristics of the hardware to be bound. By binding the user's biological characteristics with external hardware or internal hardware, the method and device of the present invention have the following advantages:

1、利用将硬件与用户的生物特征绑定,及硬件物理特征函数的不可复制特性的方式,能够大幅度提高设备的安全性,进而保障用户的隐私及利益;1. Using the method of binding the hardware with the user's biological characteristics and the non-replicable characteristics of the hardware's physical characteristic function, the security of the device can be greatly improved, thereby protecting the privacy and interests of the user;

2、由于硬件与用户的生物特征相互绑定,因此可以方便实现多用户间的安全绑定,从而为多用户间的交互提供便利。2. Since the hardware and the user's biological characteristics are bound to each other, it is convenient to realize the secure binding between multiple users, thereby facilitating the interaction between multiple users.

上面介绍了本发明通过绑定硬件来提高设备安全性的装置实施例,下面介绍通过绑定硬件来提高设备安全性的系统实施例,本发明实施例中通过绑定硬件来提高设备安全性的系统,包括:The above describes the embodiment of the device for improving device security by binding hardware in the present invention. The following describes the system embodiment for improving device security by binding hardware. In the embodiment of the present invention, the device for improving device security by binding hardware systems, including:

至少两个如本发明实施例中通过绑定硬件来提高设备安全性的装置;At least two devices for improving device security by binding hardware as in the embodiment of the present invention;

用户与所述装置具有相互映射关系,所述装置与应用或服务绑定;The user and the device have a mutual mapping relationship, and the device is bound to an application or service;

至少两个所述用户之间,between at least two of said users,

or

至少两个所述装置之间,between at least two of said means,

or

至少两个所述用户与至少两个所述装置之间,between at least two of said users and at least two of said devices,

or

一个所述用户与至少两个所述装置之间通过所述相互映射关系的绑定而实现绑定。The binding between one user and at least two devices is realized through the binding of the mutual mapping relationship.

本发明实施例的系统由于包含本发明实施例的装置,因此也具体有本发明实施例装置的优点,在此处不再累述。需要说明的是本发明系统的主要优点还在于:多个用户之间,或一个用户和多个设备,或多个用户和多个设备之间可以通过其相互映射关系的绑定而实现绑定,这样的话,可以较大地提高用户使用的便利性,例如两个设备之间进行了绑定,则与该设备对应的两个用户之间需要进行交互时可以认为两个用户之间已经进行绑定,而不需要再进行额外的判断或绑定过程。Since the system of the embodiment of the present invention includes the device of the embodiment of the present invention, it also specifically has the advantages of the device of the embodiment of the present invention, which will not be repeated here. It should be noted that the main advantage of the system of the present invention is that the binding between multiple users, or between one user and multiple devices, or between multiple users and multiple devices can be realized through the binding of their mutual mapping relationship , in this way, the convenience of users can be greatly improved. For example, if two devices are bound, when the two users corresponding to the device need to interact with each other, it can be considered that the two users have been bound. determined, without the need for additional judgment or binding process.

在本申请所提供的几个实施例中,应该理解到,所揭露的装置和方法可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed devices and methods can be implemented in other ways. For example, the device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components can be combined or May be integrated into another system, or some features may be ignored, or not implemented. In another point, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be in electrical, mechanical or other forms.

所述作为分离部件说明的单元可以是或者也可以不是物理上分开的,作为单元显示的部件可以是或者也可以不是物理单元,即可以位于一个地方,或者也可以分布到多个网络单元上。可以根据实际的需要选择其中的部分或者全部单元来实现本实施例方案的目的。The units described as separate components may or may not be physically separated, and the components shown as units may or may not be physical units, that is, they may be located in one place, or may be distributed to multiple network units. Part or all of the units can be selected according to actual needs to achieve the purpose of the solution of this embodiment.

另外,在本发明各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。In addition, each functional unit in each embodiment of the present invention may be integrated into one processing unit, each unit may exist separately physically, or two or more units may be integrated into one unit. The above-mentioned integrated units can be implemented in the form of hardware or in the form of software functional units.

所述集成的单元如果以软件功能单元的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-OnlyMemory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。If the integrated unit is realized in the form of a software function unit and sold or used as an independent product, it can be stored in a computer-readable storage medium. Based on this understanding, the essence of the technical solution of the present invention or the part that contributes to the prior art or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , including several instructions to make a computer device (which may be a personal computer, a server, or a network device, etc.) execute all or part of the steps of the method described in each embodiment of the present invention. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disk, and other media that can store program codes.

以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到变化或替换,都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应所述以权利要求的保护范围为准。The above is only a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Anyone skilled in the art can easily think of changes or substitutions within the technical scope disclosed in the present invention. Should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be based on the protection scope of the claims.

Claims (15)

1.一种通过绑定硬件来提高设备安全性的方法,其特征在于,包括:1. A method for improving device security by binding hardware, comprising: 采集用户的生物特征及获取待绑定硬件的硬件特征;Collect the user's biological characteristics and obtain the hardware characteristics of the hardware to be bound; 按设定规则将所述生物特征与所述硬件特征绑定;Binding the biometric feature with the hardware feature according to set rules; 当用户进入设备时,将获取到的生物特征与硬件特征与设备已存储的生物特征与硬件特征比较,并得到比较结果;When the user enters the device, compare the obtained biometric and hardware features with the stored biometric and hardware features of the device, and obtain the comparison result; 根据所述比较结果控制所述设备。The device is controlled based on the comparison result. 2.根据权利要求1所述的通过绑定硬件来提高设备安全性的方法,其特征在于,2. The method for improving device security by binding hardware according to claim 1, characterized in that, 所述生物特征包括指纹特征和/或人脸特征和/或虹膜特征和/或声纹特征。The biometric features include fingerprint features and/or facial features and/or iris features and/or voiceprint features. 3.根据权利要求2所述的通过绑定硬件来提高设备安全性的方法,其特征在于,所述采集用户的生物特征包括:3. The method for improving device security by binding hardware according to claim 2, wherein said collection of user's biometric features comprises: 通过指纹模块采集用户的指纹特征,Collect the user's fingerprint features through the fingerprint module, 和/或and / or 通过摄像头采集用户的人脸特征和/或虹膜特征,Collect the user's facial features and/or iris features through the camera, 和/或and / or 通过麦克风采集用户的声纹特征。The user's voiceprint characteristics are collected through the microphone. 4.根据权利要求1所述的通过绑定硬件来提高设备安全性的方法,其特征在于,4. The method for improving device security by binding hardware according to claim 1, characterized in that, 所述待绑定硬件包括外部硬件或所述设备内部硬件。The hardware to be bound includes external hardware or internal hardware of the device. 5.根据权利要求4所述的通过绑定硬件来提高设备安全性的方法,其特征在于,5. The method for improving device security by binding hardware according to claim 4, characterized in that, 所述待绑定硬件为外部硬件;The hardware to be bound is external hardware; 所述外部硬件对应的硬件特征为硬件数据或参数;The hardware feature corresponding to the external hardware is hardware data or parameters; 所述外部硬件为第三方发放或认证。The external hardware is issued or certified by a third party. 6.根据权利要求5所述的通过绑定硬件来提高设备安全性的方法,其特征在于,所述方法还包括:6. The method for improving device security by binding hardware according to claim 5, characterized in that the method further comprises: 向得到许可的第四方提供用户相关信息资料。Provide user-related information to authorized fourth parties. 7.根据权利要求6所述的通过绑定硬件来提高设备安全性的方法,其特征在于,7. The method for improving device security by binding hardware according to claim 6, characterized in that, 所述用户相关信息资料由所述得到许可的第四方向应用或服务商提供使用。The user-related information is provided for use by the permitted fourth party to the application or service provider. 8.根据权利要求6所述的通过绑定硬件来提高设备安全性的方法,其特征在于,在步骤向得到许可的第四方提供用户相关信息资料之前还包括:8. The method for improving device security by binding hardware according to claim 6, characterized in that before the step of providing user-related information to a permitted fourth party, the method further includes: 对所述用户相关信息资料进行加密。Encrypt the user-related information materials. 9.根据权利要求4所述的通过绑定硬件来提高设备安全性的方法,其特征在于,9. The method for improving device security by binding hardware according to claim 4, characterized in that, 所述待绑定硬件为设备内部硬件;The hardware to be bound is the internal hardware of the device; 所述设备内部硬件对应的硬件特征为该内部硬件的物理不可复制函数(PhysicallyUn-clonable Function,PUF)。The hardware feature corresponding to the internal hardware of the device is a physically unclonable function (Physically Un-clonable Function, PUF) of the internal hardware. 10.根据权利要求9所述的通过绑定硬件来提高设备安全性的方法,其特征在于,10. The method for improving device security by binding hardware according to claim 9, characterized in that, 所述设备内部硬件为设备的内存。The internal hardware of the device is the memory of the device. 11.根据权利要求1至10中任一项所述的通过绑定硬件来提高设备安全性的方法,其特征在于,所述设备包括:手机或平板电脑。11. The method for improving device security by binding hardware according to any one of claims 1 to 10, wherein the device comprises: a mobile phone or a tablet computer. 12.一种通过绑定硬件来提高设备安全性的装置,其特征在于,包括:12. A device for improving device security by binding hardware, characterized in that it comprises: 采集获取模块,用于采集用户的生物特征及获取待绑定硬件的硬件特征;The collection and acquisition module is used to collect the biological characteristics of the user and obtain the hardware characteristics of the hardware to be bound; 绑定模块,用于按设定规则将所述生物特征与所述硬件特征绑定;A binding module, configured to bind the biometric feature with the hardware feature according to set rules; 比较模块,用于当用户进入设备时,将获取到的生物特征与硬件特征与设备已存储的生物特征与硬件特征比较,并得到比较结果;A comparison module, configured to compare the acquired biometric and hardware characteristics with the stored biometric and hardware characteristics of the device when the user enters the device, and obtain a comparison result; 控制模块,用于根据所述比较结果控制所述设备。A control module, configured to control the device according to the comparison result. 13.根据权利要求12所述的通过绑定硬件来提高设备安全性的装置,其特征在于,13. The device for improving device security by binding hardware according to claim 12, characterized in that, 所述采集获取模块包括采集单元和获取单元;The collection and acquisition module includes a collection unit and an acquisition unit; 所述采集单元用于采集用户的生物特征;The collection unit is used to collect the biological characteristics of the user; 所述获取单元用于获取待绑定硬件的硬件特征。The obtaining unit is used to obtain hardware features of the hardware to be bound. 14.根据权利要求13所述的通过绑定硬件来提高设备安全性的装置,其特征在于,所述采集单元包括:14. The device for improving device security by binding hardware according to claim 13, wherein the acquisition unit comprises: 指纹模块和/或摄像头和/或麦克风,其中,fingerprint module and/or camera and/or microphone, wherein, 所述指纹模块用于采集用户的指纹特征;The fingerprint module is used to collect the fingerprint characteristics of the user; 所述摄像头用于采集用户的人脸特征和/或虹膜特征;The camera is used to collect facial features and/or iris features of the user; 所述麦克风用于采集用户的声纹特征。The microphone is used to collect the voiceprint features of the user. 15.一种通过绑定硬件来提高设备安全性的系统,其特征在于,包括:15. A system for improving device security by binding hardware, characterized in that it comprises: 至少两个如权利要求12至14所述的通过绑定硬件来提高设备安全性的装置;At least two devices for improving device security by binding hardware as claimed in claims 12 to 14; 用户与所述装置具有相互映射关系,所述装置与应用或服务绑定;The user and the device have a mutual mapping relationship, and the device is bound to an application or service; 至少两个所述用户之间,between at least two of said users, or 至少两个所述装置之间,between at least two of said means, or 至少两个所述用户与至少两个所述装置之间,between at least two of said users and at least two of said devices, or 一个所述用户与至少两个所述装置之间通过所述相互映射关系的绑定而实现绑定。The binding between one user and at least two devices is realized through the binding of the mutual mapping relationship.
CN201410145855.3A 2014-04-11 2014-04-11 Method, device and system for improving equipment security by binding hardware Active CN103886233B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201410145855.3A CN103886233B (en) 2014-04-11 2014-04-11 Method, device and system for improving equipment security by binding hardware
PCT/CN2014/081356 WO2015154341A1 (en) 2014-04-11 2014-07-01 Method, device and system for improving device security by hardware binding

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410145855.3A CN103886233B (en) 2014-04-11 2014-04-11 Method, device and system for improving equipment security by binding hardware

Publications (2)

Publication Number Publication Date
CN103886233A CN103886233A (en) 2014-06-25
CN103886233B true CN103886233B (en) 2017-08-04

Family

ID=50955122

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410145855.3A Active CN103886233B (en) 2014-04-11 2014-04-11 Method, device and system for improving equipment security by binding hardware

Country Status (2)

Country Link
CN (1) CN103886233B (en)
WO (1) WO2015154341A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103886233B (en) * 2014-04-11 2017-08-04 快车科技有限公司 Method, device and system for improving equipment security by binding hardware
CN116244757A (en) * 2023-03-15 2023-06-09 武汉天楚云计算有限公司 Computer equipment monitoring alarm method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1869999A (en) * 2006-06-28 2006-11-29 北京飞天诚信科技有限公司 Protection method and device for opening computer
CN103152157A (en) * 2013-02-04 2013-06-12 快车科技有限公司 A kind of security secret protection method and related device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007108895A (en) * 2005-10-12 2007-04-26 Dainippon Printing Co Ltd Atm and biometrics method by atm
CN202650013U (en) * 2012-04-28 2013-01-02 鹤山世达光电科技有限公司 Bank USB key-based fingerprint adapter and system
CN203311420U (en) * 2013-04-18 2013-11-27 杨德贵 Intelligent control USB key
CN103324879B (en) * 2013-07-05 2016-08-10 公安部第三研究所 Mobile device is based on recognition of face and the authentication system of smart card and method
CN103886233B (en) * 2014-04-11 2017-08-04 快车科技有限公司 Method, device and system for improving equipment security by binding hardware

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1869999A (en) * 2006-06-28 2006-11-29 北京飞天诚信科技有限公司 Protection method and device for opening computer
CN103152157A (en) * 2013-02-04 2013-06-12 快车科技有限公司 A kind of security secret protection method and related device

Also Published As

Publication number Publication date
CN103886233A (en) 2014-06-25
WO2015154341A1 (en) 2015-10-15

Similar Documents

Publication Publication Date Title
US12244589B2 (en) Systems and methods for managing digital identities associated with mobile devices
US12113792B2 (en) Authenticator centralization and protection including selection of authenticator type based on authentication policy
US20180082050A1 (en) Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device
US20160379220A1 (en) Multi-Instance Shared Authentication (MISA) Method and System Prior to Data Access
US8656455B1 (en) Managing data loss prevention policies
JP6498358B2 (en) Integrated authentication system that authenticates using disposable random numbers
WO2019199288A1 (en) System and method for secure storage of electronic material
EP3937040B1 (en) Systems and methods for securing login access
WO2016192165A1 (en) Data encryption method and apparatus
US11681787B1 (en) Ownership validation for cryptographic asset contracts using irreversibly transformed identity tokens
US20220052997A1 (en) Authentication information processing method and apparatus and user terminal including authentication information processing method and apparatus
CN103886233B (en) Method, device and system for improving equipment security by binding hardware
WO2017000340A1 (en) Encryption method and apparatus
EP3876120B1 (en) Authentication information processing method and apparatus and user terminal including authentication information processing method apparatus
CN105574429A (en) Method, device and terminal for file data encryption and decryption processing
US11444953B2 (en) Methods, systems, apparatuses and devices for facilitating security of a resource using a plurality of credentials
KR101768318B1 (en) Method, apparatus, and computer program for user authentication
CN103077331B (en) A digital resource protection method and related device
WO2015184809A1 (en) Method, mobile terminal, service provider device and system for mobile terminal payment transaction
KR101473410B1 (en) Method for Accessing Recording Area of Digital Certificate
Alhajjar Security of Authentication Approaches in Mobile Devices

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant