CN114372801A

CN114372801A - Biological characteristic information identification method and related device

Info

Publication number: CN114372801A
Application number: CN202011102334.1A
Authority: CN
Inventors: 王少鸣
Original assignee: Tencent Technology Shenzhen Co Ltd
Current assignee: Tencent Technology Shenzhen Co Ltd
Priority date: 2020-10-15
Filing date: 2020-10-15
Publication date: 2022-04-19

Abstract

The application discloses a biological characteristic information identification method and a related device, which are applied to the technical field of cloud. Obtaining biological characteristic information acquired by an acquisition module burned with a unique target key; carrying out signature encryption on the biological characteristic information based on the target key; inputting the encrypted information into a back-end service module so that the back-end service module verifies the signature encryption information to obtain a verification result; and when the verification result indicates that the target key corresponds to the verification key, performing information identification. Therefore, the safe identification process of the biological characteristic information is realized, the information safety is ensured by adopting the unique target key to carry out the credibility verification of the information source on the acquisition module, the information identification is isolated, the malicious attack cannot be executed, and the safety of the identification process is improved.

Description

Biological characteristic information identification method and related device

Technical Field

The present application relates to the field of computer technologies, and in particular, to a method and a related apparatus for recognizing biometric information.

Background

With the rapid development of internet technology, the utilization of biometric information appears in more and more scenes. For example, in the payment process of face recognition, the determination of the user is performed through the face recognition, thereby indicating the normal progress of the corresponding payment process.

Generally, in the process of judging a user through face recognition, face information collected by a camera can be encrypted, and the safety of the recognition process is further ensured.

However, the process of encrypting the face information is generally performed in a common execution environment, which is easily attacked, and a malicious video stream or a spoofed key is embedded into the execution environment to make a fake request, which affects the security of the identification process.

Disclosure of Invention

In view of this, the present application provides a method for recognizing biometric information, which can effectively improve the security of the recognition process.

A first aspect of the present application provides a method for identifying biometric information, which can be applied to a system or a program including a biometric information identification function in a terminal device, and specifically includes:

acquiring biological characteristic information acquired by an acquisition module;

signing the biological characteristic information based on the target secret key to obtain signature encryption information;

inputting the target identifier corresponding to the acquisition module and the signature encryption information into a back-end service module, so that the back-end service module verifies the signature encryption information to obtain a verification result, wherein the verification result is determined based on the corresponding relation between the target key and a verification key, and the verification key is obtained by calling the back-end service module based on the module identifier;

and if the verification result indicates that the target key corresponds to the verification key, the back-end service module decrypts the signature encryption information based on the verification key so as to identify the signature encryption information to obtain target identification information.

A second aspect of the present application provides an apparatus for recognizing biometric information, including: the acquisition unit is used for acquiring the biological characteristic information acquired by the acquisition module;

the signature unit is used for signing the biological characteristic information based on the target secret key to obtain signature encryption information;

the input unit is used for inputting the target identifier corresponding to the acquisition module and the signature encryption information into a back-end service module so that the back-end service module verifies the signature encryption information to obtain a verification result, the verification result is determined based on the corresponding relation between the target key and a verification key, and the verification key is obtained by calling the back-end service module based on the module identifier;

and the identification unit is used for decrypting the signature encryption information based on the verification key by the back-end service module if the verification result indicates that the target key corresponds to the verification key so as to identify and obtain target identification information.

Optionally, in some possible implementation manners of the present application, the input unit is specifically configured to process the target identifier corresponding to the acquisition module and the signature encryption information based on a network key to obtain a network encryption packet;

the input unit is specifically configured to input the network encryption packet into the back-end service module, so that the back-end service module decrypts the network encryption packet according to the network key to obtain the module identifier and the signature encryption information;

the input unit is specifically configured to verify the signature encryption information to obtain a verification result.

Optionally, in some possible implementation manners of the present application, the input unit is specifically configured to input the network encryption packet into the back-end service module, so that the back-end service module determines identity information according to the network key;

the input unit is specifically configured to, if the identity information passes the verification, decrypt the network encryption packet according to the network key by the back-end service module to obtain the module identifier and the signature encryption information.

Optionally, in some possible implementation manners of the present application, the identification unit is specifically configured to decrypt, by the back-end service module, the signature encryption information based on the verification key to obtain a target data stream;

the identification unit is specifically configured to filter an image sequence in the target data stream based on a target feature to obtain at least one target image, where the target feature is associated with the biometric information;

the identification unit is specifically configured to identify the target image to obtain target identification information.

Optionally, in some possible implementation manners of the present application, the identification unit is specifically configured to obtain depth information and infrared information corresponding to the target data stream;

the identification unit is specifically configured to extract a depth image corresponding to the target image in the depth information;

the identification unit is specifically configured to extract an infrared image corresponding to the target image in the infrared information;

the identification unit is specifically configured to perform image identification according to the target image, the depth image, and the infrared image to obtain target identification information.

Optionally, in some possible implementation manners of the present application, the identifying unit is specifically configured to feed back an abnormal identifier by the back-end service module if the verification result indicates that the target key does not correspond to the verification key;

the identification unit is specifically configured to trigger to inspect the target identifier based on the abnormal identifier, so as to update the target identifier.

Optionally, in some possible implementation manners of the present application, the obtaining unit is specifically configured to determine a target collection task;

the acquisition unit is specifically used for determining acquisition parameters based on the target acquisition task, and the acquisition parameters comprise an acquisition area and acquisition duration;

the acquisition unit is specifically configured to set the acquisition module according to the acquisition parameters, so that the acquisition module acquires the biometric information.

Optionally, in some possible implementation manners of the present application, the identification unit is specifically configured to obtain module information corresponding to the acquisition module based on a target tool;

the identification unit is specifically configured to determine the target identifier according to the module information;

the identification unit is specifically configured to transmit the target identifier to the back-end service module, so that the back-end service module generates the target key and the verification key according to the target identifier, where the target key corresponds to the verification key;

the identification unit is specifically configured to feed back the target key to the storage module corresponding to the acquisition module for storage.

Optionally, in some possible implementation manners of the present application, the identification unit is specifically configured to upload the verification key to a cloud server for storage, and the verification key stored in the cloud server is issued in response to the input of the target identifier.

In a third aspect, the present application provides a transaction method based on biometric information identification, including:

responding to a target transaction instruction, and triggering an acquisition module to acquire biological characteristic information;

if the verification result indicates that the target key corresponds to the verification key, the back-end service module decrypts the signature encryption information based on the verification key so as to identify the signature encryption information to obtain target identification information;

and if the target identification information meets a preset condition, executing transaction operation corresponding to the target transaction instruction.

A fourth aspect of the present application provides a transaction apparatus based on biometric information identification, including:

the acquisition unit is used for responding to the target transaction instruction and triggering the acquisition module to acquire the biological characteristic information;

the verification unit is used for inputting the target identifier corresponding to the acquisition module and the signature encryption information into a back-end service module so that the back-end service module verifies the signature encryption information to obtain a verification result, the verification result is determined based on the corresponding relation between the target key and a verification key, and the verification key is obtained by calling the back-end service module based on the module identifier;

the identification unit is used for decrypting the signature encryption information based on the verification key by the back-end service module to identify and obtain target identification information if the verification result indicates that the target key corresponds to the verification key;

and the transaction unit is used for executing transaction operation corresponding to the target transaction instruction if the target identification information meets a preset condition.

The fifth aspect of the present application provides a device for acquiring biometric information, comprising:

the determining unit is used for determining the target identification in the module information;

the transmission unit is used for transmitting the target identifier to a back-end service module so that the back-end service module generates a target key and a verification key according to the target identifier, wherein the target key corresponds to the verification key;

the storage unit is used for storing the target key fed back by the back-end service module;

the acquisition unit is used for acquiring biological characteristic information;

and the signing unit is used for signing the biological characteristic information based on the target secret key to obtain signature encryption information, and the signature encryption information is used for indicating the identification process of the biological characteristic information.

A sixth aspect of the present application provides a computer device comprising: a memory, a processor, and a bus system; the memory is used for storing program codes; the processor is configured to execute any one of the above biometric information recognition methods according to instructions in the program code.

A seventh aspect of the present application provides a computer-readable storage medium having stored therein instructions, which when executed on a computer, cause the computer to execute the method for identifying biometric information according to any one of the above.

According to an aspect of the application, a computer program product or computer program is provided, comprising computer instructions, the computer instructions being stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to perform the biometric information identification method provided in the above-described various alternative implementations.

According to the technical scheme, the embodiment of the application has the following advantages:

the method comprises the steps that through obtaining biological characteristic information collected by a collection module, the collection module is burnt with a unique target key; then signing the biological characteristic information based on the target secret key to obtain signature encryption information; inputting the target identification and the signature encryption information corresponding to the acquisition module into a back-end service module so that the back-end service module verifies the signature encryption information to obtain a verification result, wherein the verification result is determined based on the corresponding relation between the target key and the verification key, and the verification key is obtained by calling the back-end service module based on the module identification; and when the verification result indicates that the target key corresponds to the verification key, the back-end service module decrypts the signature encryption information based on the verification key so as to identify the signature encryption information to obtain target identification information. The method and the system have the advantages that the safe identification process of the biological characteristic information is realized, the credibility of the information source is verified by adopting the unique target key to the acquisition module, the safety of the information is ensured, the decryption process is executed in the back-end service module, the biological characteristic information is isolated, the malicious attack cannot be executed, and the safety of the identification process is improved.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.

FIG. 1 is a diagram of a network architecture in which a biometric information recognition system operates;

fig. 2 is a flowchart illustrating identification of biometric information according to an embodiment of the present disclosure;

fig. 3 is a flowchart of a biometric information identification method according to an embodiment of the present application;

fig. 4 is a schematic view of a scene of a method for identifying biometric information according to an embodiment of the present application;

fig. 5 is a schematic view of another scenario of a method for identifying biometric information according to an embodiment of the present application;

fig. 6 is a flowchart of another biometric information identification method provided in an embodiment of the present application;

fig. 7 is a schematic structural diagram of an apparatus for recognizing biometric information according to an embodiment of the present application;

fig. 8 is a schematic structural diagram of a biometric information transaction apparatus according to an embodiment of the present disclosure;

fig. 9 is a schematic structural diagram of an apparatus for acquiring biometric information according to an embodiment of the present disclosure;

fig. 10 is a schematic structural diagram of a terminal device according to an embodiment of the present application;

fig. 11 is a schematic structural diagram of a server according to an embodiment of the present application.

Detailed Description

The embodiment of the application provides a method and a related device for identifying biological characteristic information, which can be applied to a system or a program containing a biological characteristic information identification function in terminal equipment, and the biological characteristic information acquired by an acquisition module is acquired, and the acquisition module is burnt with a unique target key; then signing the biological characteristic information based on the target secret key to obtain signature encryption information; inputting the target identification and the signature encryption information corresponding to the acquisition module into a back-end service module so that the back-end service module verifies the signature encryption information to obtain a verification result, wherein the verification result is determined based on the corresponding relation between the target key and the verification key, and the verification key is obtained by calling the back-end service module based on the module identification; and when the verification result indicates that the target key corresponds to the verification key, the back-end service module decrypts the signature encryption information based on the verification key so as to identify the signature encryption information to obtain target identification information. The method and the system have the advantages that the safe identification process of the biological characteristic information is realized, the credibility of the information source is verified by adopting the unique target key to the acquisition module, the safety of the information is ensured, the decryption process is executed in the back-end service module, the biological characteristic information is isolated, the malicious attack cannot be executed, and the safety of the identification process is improved.

The terms "first," "second," "third," "fourth," and the like in the description and in the claims of the present application and in the drawings described above, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are, for example, capable of operation in sequences other than those illustrated or otherwise described herein. Furthermore, the terms "comprises," "comprising," and "corresponding" and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.

First, some nouns that may appear in the embodiments of the present application are explained.

Face recognition: the technology of exchanging the human face multimedia information for the human identity information.

Three-dimensional camera: the traditional camera of analogy has added the relevant software and hardware of live body, including the degree of depth camera, and infrared camera, guarantees information security.

Trusted Execution Environment (TEE): a secure area is provided in the device to ensure that sensitive data is stored, processed and protected in an isolated, trusted environment.

Common Execution Environment (REE): including a common operating system running on a general-purpose processor and client applications running thereon.

A key burning tool: and the software is operated at a Personal Computer (PC) end and is used for writing data at the PC side into the security element chip in the camera.

It should be understood that the method for identifying biometric information provided by the present application may be applied to a system or a program including a biometric information identification function in a terminal device, such as an interactive drama, specifically, the biometric information identification system may operate in a network architecture as shown in fig. 1, which is a network architecture diagram of the biometric information identification system, as shown in fig. 1, the biometric information identification system may provide an identification process of biometric information with multiple information sources, that is, the biometric information is collected by a terminal and then sent to a server for identification to perform identity verification; or identifying the biological characteristic information locally at the terminal, and sending the information obtained by identification to the server for identity verification; it is understood that fig. 1 shows various terminal devices, the terminal devices may be computer devices, in an actual scene, there may be more or fewer types of terminal devices participating in the process of identifying the biometric information, the specific number and type are determined by the actual scene, and are not limited herein, and in addition, fig. 1 shows one server, but in an actual scene, there may also be participation of multiple servers, and the specific number of servers is determined by the actual scene.

In this embodiment, the server may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a network service, cloud communication, a middleware service, a domain name service, a security service, a CDN, a big data and artificial intelligence platform, and the like. The terminal may be, but is not limited to, a smart phone, a tablet computer, a laptop computer, a desktop computer, a smart speaker, a smart watch, and the like. The terminal and the server may be directly or indirectly connected through a wired or wireless communication manner, and the terminal and the server may be connected to form a block chain network, which is not limited herein.

It is understood that the above-mentioned identification system of biometric information may be operated in a personal mobile terminal, for example: the application, such as an interactive play, can be operated on a server, and can also be operated on a third-party device to provide identification of the biological characteristic information so as to obtain an identification processing result of the biological characteristic information of the information source; the specific biometric information recognition system may be operated in the device in the form of a program, may also be operated as a system component in the device, and may also be used as one of cloud service programs, and a specific operation mode is determined by an actual scene, which is not limited herein.

In order to solve the above problem, the present application proposes a method for identifying biometric information, which is applied to the flow framework of identification of biometric information shown in fig. 2, as shown in fig. 2, for the flow framework of identification of biometric information provided in the embodiment of the present application, a user triggers acquisition of biometric information through a target operation in an interface layer, so as to obtain a corresponding data stream; and then, signature encryption based on the target key is carried out on the data stream in the application layer to obtain signature encrypted data, and further, a corresponding verification key is called according to the target identifier to carry out decryption in a back-end service, so that the safety identification process of the biological characteristic information is ensured.

It is understood that the method provided by the present application may be a program written as a processing logic in a hardware system, or may be an identification device of biometric information, and the processing logic is implemented in an integrated or external manner. As an implementation manner, the identification device of the biological characteristic information acquires the biological characteristic information acquired by the acquisition module, and the acquisition module is burnt with a unique target key; then signing the biological characteristic information based on the target secret key to obtain signature encryption information; inputting the target identification and the signature encryption information corresponding to the acquisition module into a back-end service module so that the back-end service module verifies the signature encryption information to obtain a verification result, wherein the verification result is determined based on the corresponding relation between the target key and the verification key, and the verification key is obtained by calling the back-end service module based on the module identification; and when the verification result indicates that the target key corresponds to the verification key, the back-end service module decrypts the signature encryption information based on the verification key so as to identify the signature encryption information to obtain target identification information. The method and the system have the advantages that the safe identification process of the biological characteristic information is realized, the credibility of the information source is verified by adopting the unique target key to the acquisition module, the safety of the information is ensured, the decryption process is executed in the back-end service module, the biological characteristic information is isolated, the malicious attack cannot be executed, and the safety of the identification process is improved.

With reference to the above flow architecture, the following describes a method for identifying biometric information in the present application, please refer to fig. 3, where fig. 3 is a flow chart of a method for identifying biometric information according to an embodiment of the present application, where the management method may be executed by a terminal device, and the embodiment of the present application at least includes the following steps:

301. and acquiring the biological characteristic information acquired by the acquisition module.

In this embodiment, the acquisition module may be a device with a biometric acquisition function, such as a camera; in addition, the biometric information may include face recognition, pupil recognition, iris recognition, and the like. Specifically, in the scene where the biometric information is face recognition, the acquisition module may be a camera on the mobile terminal.

It should be noted that the acquisition module is burned with a unique target key, for example, the acquisition module is a camera, and before the production of the camera, the only target key is burned for the camera, that is, the target key only corresponds to the camera; the specific target key may be set based on the device identifier or may be set based on a specific encryption algorithm, which is not limited herein.

In a possible scenario, the process of acquiring the biometric information is performed based on the setting of a task, for example, for face recognition, a video stream needs to be recorded for a certain period of time for recognition; specifically, a target acquisition task is determined firstly; then, determining acquisition parameters based on the target acquisition task, wherein the acquisition parameters comprise an acquisition area and acquisition duration; and then set up the collection module according to gathering the parameter to make the collection module gather biological characteristic information, thereby guaranteed the accuracy that biological characteristic information gathered, make the biological characteristic identification process that corresponds normally go on.

302. The biometric information is signed based on the target key to obtain signed encryption information.

In this embodiment, the target key corresponding to the acquisition module may be an only private key agreed by the acquisition module and the back-end service module in advance, that is, by setting the only private key in the acquisition module and the back-end service module, it can be ensured that the information acquired by the acquisition module can be analyzed in the back-end service module, and the security of the information is ensured.

Specifically, the target key may be obtained based on an Advanced Encryption Standard (AES) algorithm, or may be obtained by using another Encryption algorithm, where the specific key generation algorithm is determined by an actual scene.

303. And inputting the target identification and the signature encryption information corresponding to the acquisition module into the back-end service module so that the back-end service module verifies the signature encryption information to obtain a verification result.

In this embodiment, the verification result is determined based on the corresponding relationship between the target key and the verification key, that is, whether the target key corresponds to the verification key is determined; and for the verification key, the verification key is obtained by calling the back-end service module based on the module identifier, that is, in the process of configuring the unique private key (target key) by the acquisition module and the back-end service module, the back-end service module sends the unique private key configured according to the target identifier corresponding to the acquisition module for storage, and stores the unique private key in the local or cloud side as the verification key.

Specifically, the target identifier corresponding to the acquisition module may be a central processing unit sequence (CPUID) or other text serial numbers capable of uniquely identifying the camera, and the specific identification form is determined by the actual scene.

Optionally, in consideration of a process that the target identifier and the signature encryption information corresponding to the acquisition module are input into the back-end service module and relate to network transmission, in order to avoid potential safety hazards caused by network transmission, the target identifier and the signature encryption information corresponding to the acquisition module may be processed based on a network key to obtain a network encryption packet, where the network key may be a general network AES key; inputting the network encryption package into a back-end service module so that the back-end service module decrypts the network encryption package according to the network key to obtain a module identifier and signature encryption information; and then the back-end service module verifies the signature encryption information to obtain a verification result. Thereby improving the security of the data transmission process.

Further, the step is applied to application programs such as mobile payment software; therefore, in the process of network data transmission, identity information can be verified, namely the reliability of the sending end. Specifically, firstly, inputting a network encryption packet into a back-end service module, so that the back-end service module determines identity information according to a network key; if the identity information passes the verification, the back-end service module decrypts the network encryption packet according to the network key to obtain the module identification and the signature encryption information. Thereby further improving the security of the data transmission process.

304. And if the verification result indicates that the target key corresponds to the verification key, the back-end service module decrypts the signature encryption information based on the verification key so as to identify the signature encryption information to obtain target identification information.

In this embodiment, the correspondence between the target key and the verification key indicates that the acquisition device is a trusted device, and the corresponding data stream originates from a trusted data source, so that the signature encryption information can be decrypted according to a unique key (verification key) configured in advance by the acquisition module and the back-end service module, so as to obtain the biometric information, and then perform the information identification process.

It will be appreciated that the back-end service module may be a trusted execution environment in the terminal device different from the REE where the application resides, the TEE being a secure area within the CPU. It runs in a separate environment and in parallel with the operating system. The CPU ensures that the confidentiality and integrity of the code and data in the TEE are protected. By using both hardware and software to protect data and code, TEE is more secure than operating systems. Trusted applications running in the TEE can access all functions of the device main processor and memory, while hardware isolation protects these components from user-installed applications running in the main operating system. The code and data running in the TEE are confidential and non-tamperable.

Specifically, the TEE has different implementation schemes on different CPUs, for example, the technology for implementing the TEE on an ARM chip, that is, a general mobile terminal CPU, is TrustZone, and as the ARM is customized by different manufacturers, there are many practical schemes, for example, Kinibi, QSEE, TEE OS, Knox, and the like; the technology for implementing the TEE on the Intel CPU is Software protection Extensions (SGX), which is a hardware-level privacy protection computing technology, so that an application program can execute codes and protect secrets in a trusted execution environment, and developers can directly control the security of the application program.

In addition, the back-end service module can also be a trusted execution environment in the cloud server, and the specific device distribution is determined by an actual scene.

In a possible scenario, for the process of obtaining the target identification information by identification, the backend service module may first decrypt the signature encryption information based on the verification key to obtain the target data stream; then, screening an image sequence in the target data stream based on the target characteristics to obtain at least one target image, wherein the target characteristics are associated with biological characteristic information; and identifying the target image to obtain target identification information. For example, the image with the highest image quality score is obtained through screening and is identified, and therefore accuracy of target identification information is guaranteed.

Optionally, in the face recognition, the acquisition module may adopt a 3D camera, so as to obtain image information of multiple dimensions, specifically, first, depth information and infrared information corresponding to a target data stream are obtained; then extracting a depth image corresponding to the target image in the depth information; extracting an infrared image corresponding to the target image in the infrared information; and then, image recognition is carried out according to the target image, the depth image and the infrared image so as to obtain target recognition information. Therefore, image recognition is carried out from different dimensions, and the accuracy of the recognition result is guaranteed.

The above embodiment describes a scenario in which the authentication is passed, and for a scenario in which the authentication is not passed, that is, when the target key does not correspond to the authentication key, the authentication is fed back to be failed, and the identification process is stopped. In addition, the process of checking the target identifier can be triggered, namely if the verification result indicates that the target key does not correspond to the verification key, the back-end service module feeds back the abnormal identifier; and triggering to check the target identifier based on the abnormal identifier so as to update the target identifier. Namely, whether the currently acquired target identification is accurate or not is determined, and then secondary acquisition is performed, so that the fault tolerance rate of the identification process is improved.

Next, the above identification process is described with reference to a specific hardware scenario, as shown in fig. 4, fig. 4 is a scenario diagram of an identification method of biometric information provided in the embodiment of the present application, and the scenario diagram shows that a terminal device includes an acquisition module, an application program running in a common execution environment, and an interaction scenario between the application program and a backend service module. The acquisition module includes a SENSOR (SENSOR) and a microprocessor (DSP), which is a device for processing a large amount of information with digital signals, and includes a signature module for signing and encrypting a data stream and a Secure Element (SE) for storing a target key.

Specifically, the collection module (camera) is internally provided with an SE module for storing the CPUID of the unique identifier of the camera and the unique key burnt by the key burning tool in the earlier stage. In addition, the camera is internally provided with a signature module which is used for reading the key in the SE and signing the data stream by using the key. In addition, the REE is an insecure android OS running environment in which a service APP operated by a user is run. The APP comprises a key for network communication authentication, and the key is easy to crack or leak in the APP. The data stream needs to be input into the back-end service module for identification. And for the back-end service module, the streaming media service is used for verifying and optimizing the data stream from the camera to select the optimal face picture. The verification is divided into the steps of verifying the network communication authentication identity by using a general AES private key and verifying the validity of a data source aiming at the unique private key corresponding to the CPUID; the face recognition service is used for carrying out face recognition on a face picture from the streaming media service, exchanging user identity information corresponding to the face picture, and returning the information to the camera.

In combination with the module association relationship shown in fig. 4, in a scene in which a camera performs face recognition, information recognition can be performed based on the following steps. The camera collects and generates an unsigned bare data stream, and a signature module in the DSP reads a unique AES key in the SE for signature. Then, the signature data stream is transmitted to the APP in the REE, the APP carries out signature through a preset general AES network communication authentication key in the APK, the CPUID of the camera is read at the same time, and the data is transmitted to the back-end service through the network module. After receiving the request of the terminal, the back-end streaming media service verifies the identity of the network request through the general AES private, and after the verification is passed, the network packet is disassembled to obtain the CPUID and the signature data stream. And then the signature data stream is decrypted by the unique AES private key. And if the authentication fails in the process, returning to the terminal authentication failure, and terminating the process. And for the data identification process, the streaming media service performs face optimization on the decrypted video stream data, selects an optimal image, namely an image with the highest face image quality score, and acquires a depth image and an infrared image corresponding to the image. And then after three pictures are obtained, transmitting the three pictures to a face recognition service for face recognition, and finally returning a face recognition result to the APP.

In the above embodiment, it is pointed out that a pre-configuration process exists between the acquisition module and the back-end service module, and the pre-configuration process is described below, that is, module information (e.g., CPU information) corresponding to the acquisition module is first obtained based on a target tool (e.g., a burning tool); then determining a target identifier (such as a CPUID) according to the module information; further transmitting the target identifier to a back-end service module, so that the back-end service module generates a target key and a verification key (for example, generating a unique key by using an AES algorithm) according to the target identifier, and the target key corresponds to the verification key; and the back-end service module feeds the target key back to the storage module corresponding to the acquisition module for storage.

In a possible scenario, the back-end service module can also upload the verification key to the cloud server for storage, and the verification key stored in the cloud server is issued in response to the input of the target identifier, so that the limitation of local hardware is avoided.

A process of configuring a target key is described below with reference to a specific hardware scenario, as shown in fig. 5, fig. 5 is a scenario diagram of a method for identifying biometric information according to an embodiment of the present disclosure, where the scenario diagram shows a burning tool (target tool) that operates at a PC end first, and reads a CPUID (target identifier) of a current camera. And then the burning tool uploads the CPUID to a back-end service module, the back-end service module distributes a unique AES key (target key) aiming at the CPUID, the unique AES key is stored in a cloud database, and the key is returned to the burning tool. Further, after the burning tool acquires the key, the burning tool writes the key into an SE chip of the camera so as to encrypt and sign the data stream when acquiring the data stream, thereby ensuring the credibility of the acquisition module.

By combining the above embodiments, the acquisition module is burned with a unique target key by acquiring the biometric information acquired by the acquisition module; then signing the biological characteristic information based on the target secret key to obtain signature encryption information; inputting the target identification and the signature encryption information corresponding to the acquisition module into a back-end service module so that the back-end service module verifies the signature encryption information to obtain a verification result, wherein the verification result is determined based on the corresponding relation between the target key and the verification key, and the verification key is obtained by calling the back-end service module based on the module identification; and when the verification result indicates that the target key corresponds to the verification key, the back-end service module decrypts the signature encryption information based on the verification key so as to identify the signature encryption information to obtain target identification information. The method and the system have the advantages that the safe identification process of the biological characteristic information is realized, the credibility of the information source is verified by adopting the unique target key to the acquisition module, the safety of the information is ensured, the decryption process is executed in the back-end service module, the biological characteristic information is isolated, the malicious attack cannot be executed, and the safety of the identification process is improved.

The above method for recognizing biometric information can be applied to a mobile payment scenario of a mobile terminal, which is described below. Referring to fig. 6, fig. 6 is a flowchart of another biometric information identification method according to an embodiment of the present application, where the embodiment of the present application at least includes the following steps:

601. and configuring a target key between the acquisition module and the back-end service module.

In this embodiment, the process of configuring the target key may refer to the process in the embodiment shown in fig. 5, which is not described herein again.

602. The acquisition module acquires a data stream in response to the target transaction instruction.

In this embodiment, the target transaction instruction may be that a user needs to input a password for authentication when performing a payment operation at the mobile terminal, and the authentication is performed in a face recognition manner, at this time, a target transaction instruction is generated in a face recognition process, so as to obtain a corresponding data stream, that is, face data (biometric information).

603. And the acquisition module carries out signature based on the target secret key to obtain the encrypted data stream.

In this embodiment, the encrypted data stream is signature encryption information, and cannot be cracked or tampered in the REE, thereby ensuring the security of data.

604. The acquisition module sends the encrypted data stream to the application.

In this embodiment, the application program may be mobile payment software or other software that needs payment verification, and the specific program form depends on the actual scenario.

605. The application determines a target identification.

In this embodiment, the process of determining the target identifier by the application program calls the target identifier stored in the camera (acquisition module) or identifier information in the history cache to serve as the target identifier.

606. And the application program encrypts the network key to obtain a network data packet.

In this embodiment, to avoid the occurrence of network hijacking, an encryption process of an AES algorithm of a general network may be performed, thereby ensuring security of network transmission.

607. The application sends a network data packet to the backend service module.

608. And the back-end service module disassembles the network data packet.

In this embodiment, the network data packet is disassembled, that is, the decryption process of the AES algorithm of the general network is adopted, so that the data stream source is verified, that is, the acquisition module is verified.

609. The back-end service module verifies the encrypted data stream.

In this embodiment, the process of verifying the encrypted data stream, that is, the back-end service module, calls a corresponding verification key according to the target identifier, and if the verification key corresponds to the target key, the data stream may be obtained by decrypting the encrypted data stream.

610. And the back-end service module carries out biological feature identification of the data stream.

In this embodiment, the biometric feature recognition process may adopt multi-dimensional recognition, that is, the combined recognition of a color image, a depth image, and an infrared image, so as to ensure the accuracy of the recognition.

611. And the back-end service module performs identity authentication.

In this embodiment, the process of authentication determines whether the identified user information corresponds to the user logged in the application, and if so, it indicates that the authentication is passed.

612. And the back-end service module sends the authentication result to the application program.

613. And the application program executes the transaction operation corresponding to the target transaction instruction.

In this embodiment, if the authentication result indicates that the authentication is passed, the application program executes a transaction operation corresponding to the target transaction instruction, for example, executes a payment operation or executes a trust operation.

According to the embodiment, the unique key is arranged in the camera, data is signed and the back end is verified, the problem that the key in the APP is stolen or in the REE environment, the application is broken to cause data unreliability is effectively solved, the data credibility is ensured, the data security problem caused by malicious attack is avoided, and therefore the security in the transaction process based on the biological characteristic information is improved.

In order to better implement the above-mentioned aspects of the embodiments of the present application, the following also provides related apparatuses for implementing the above-mentioned aspects. Referring to fig. 7, fig. 7 is a schematic structural diagram of an apparatus for recognizing biometric information according to an embodiment of the present application, where the apparatus 700 includes:

an obtaining unit 701, configured to obtain biometric information acquired by the acquisition module;

a signing unit 702, configured to sign the biometric information based on the target key to obtain signed encryption information;

an input unit 703, configured to input the target identifier corresponding to the acquisition module and the signature encryption information into a back-end service module, so that the back-end service module verifies the signature encryption information to obtain a verification result, where the verification result is determined based on a corresponding relationship between the target key and a verification key, and the verification key is obtained by the back-end service module based on the module identifier;

an identifying unit 704, configured to, if the verification result indicates that the target key corresponds to the verification key, decrypt, by the backend service module, the signature encrypted information based on the verification key to perform identification to obtain target identification information.

Optionally, in some possible implementation manners of the present application, the input unit 703 is specifically configured to process the target identifier corresponding to the acquisition module and the signature encryption information based on a network key to obtain a network encryption packet;

the input unit 703 is specifically configured to input the network encryption packet into the back-end service module, so that the back-end service module decrypts the network encryption packet according to the network key to obtain the module identifier and the signature encryption information;

the input unit 703 is specifically configured to verify the signature encryption information to obtain a verification result.

Optionally, in some possible implementation manners of the present application, the input unit 703 is specifically configured to input the network encryption packet into the back-end service module, so that the back-end service module determines identity information according to the network key;

the input unit 703 is specifically configured to, if the identity information passes the verification, the back-end service module decrypts the network encryption packet according to the network key to obtain the module identifier and the signature encryption information.

Optionally, in some possible implementation manners of the present application, the identifying unit 704 is specifically configured to decrypt, by the back-end service module, the signature encryption information based on the verification key to obtain a target data stream;

the identifying unit 704 is specifically configured to filter an image sequence in the target data stream based on a target feature to obtain at least one target image, where the target feature is associated with the biometric information;

the identifying unit 704 is specifically configured to identify the target image to obtain target identification information.

Optionally, in some possible implementation manners of the present application, the identification unit 704 is specifically configured to obtain depth information and infrared information corresponding to the target data stream;

the identifying unit 704 is specifically configured to extract a depth image corresponding to the target image in the depth information;

the identification unit 704 is specifically configured to extract an infrared image corresponding to the target image in the infrared information;

the identification unit 704 is specifically configured to perform image identification according to the target image, the depth image, and the infrared image to obtain target identification information.

Optionally, in some possible implementation manners of the present application, the identifying unit 704 is specifically configured to, if the verification result indicates that the target key does not correspond to the verification key, feed back an abnormal identifier by the back-end service module;

the identifying unit 704 is specifically configured to trigger checking the target identifier based on the abnormal identifier, so as to update the target identifier.

Optionally, in some possible implementation manners of the present application, the obtaining unit 701 is specifically configured to determine a target acquisition task;

the acquiring unit 701 is specifically configured to determine acquisition parameters based on the target acquisition task, where the acquisition parameters include an acquisition area and an acquisition duration;

the acquiring unit 701 is specifically configured to set the acquiring module according to the acquiring parameters, so that the acquiring module acquires the biometric information.

Optionally, in some possible implementation manners of the present application, the identifying unit 704 is specifically configured to obtain module information corresponding to the acquisition module based on a target tool;

the identifying unit 704 is specifically configured to determine the target identifier according to the module information;

the identifying unit 704 is specifically configured to transmit the target identifier to the backend service module, so that the backend service module generates the target key and the verification key according to the target identifier, where the target key corresponds to the verification key;

the identifying unit 704 is specifically configured to feed back the target key to the storage module corresponding to the acquiring module for storage.

Optionally, in some possible implementation manners of the present application, the identifying unit 704 is specifically configured to upload the verification key to a cloud server for storage, and the verification key stored in the cloud server is issued in response to the input of the target identifier.

As shown in fig. 8, fig. 8 is a transaction apparatus based on biometric information identification according to an embodiment of the present application, where the transaction apparatus 800 includes:

the acquisition unit 801 is used for responding to a target transaction instruction and triggering an acquisition module to acquire biological characteristic information;

a signing unit 802, configured to sign the biometric information based on the target key to obtain signed encryption information;

a verification unit 803, configured to input the target identifier and the signature encryption information corresponding to the acquisition module into a back-end service module, so that the back-end service module verifies the signature encryption information to obtain a verification result, where the verification result is determined based on a corresponding relationship between the target key and a verification key, and the verification key is obtained by the back-end service module based on the module identifier;

an identifying unit 804, configured to, if the verification result indicates that the target key corresponds to the verification key, decrypt, by the backend service module, the signature encrypted information based on the verification key to perform identification to obtain target identification information;

the transaction unit 805 is configured to execute a transaction operation corresponding to the target transaction instruction if the target identification information meets a preset condition.

An embodiment of the present application further provides a device for acquiring biometric information, as shown in fig. 9, fig. 9 is the device for acquiring biometric information provided in the embodiment of the present application, and the acquisition device 900 includes:

a determining unit 901, configured to determine a target identifier in the module information;

a transmitting unit 902, configured to transmit the target identifier to a backend service module, so that the backend service module generates a target key and a verification key according to the target identifier, where the target key corresponds to the verification key;

a storage unit 903, which is equivalent to the secure element in fig. 4, and is configured to store the target key fed back by the backend service module;

an acquisition unit 904, which is equivalent to the sensor in fig. 4, for acquiring biometric information;

the signing unit 905 is equivalent to the signing module in fig. 4, and is configured to sign the biometric information based on the target key to obtain signature encryption information, where the signature encryption information is used to indicate an identification process of the biometric information.

It can be understood that the collecting device can be applied to a terminal device as a camera, and the terminal device is described below.

An embodiment of the present application further provides a terminal device, as shown in fig. 10, which is a schematic structural diagram of another terminal device provided in the embodiment of the present application, and for convenience of description, only a portion related to the embodiment of the present application is shown, and details of the specific technology are not disclosed, please refer to a method portion in the embodiment of the present application. The terminal may be any terminal device including a mobile phone, a tablet computer, a Personal Digital Assistant (PDA), a point of sale (POS), a vehicle-mounted computer, and the like, taking the terminal as the mobile phone as an example:

fig. 10 is a block diagram illustrating a partial structure of a mobile phone related to a terminal provided in an embodiment of the present application. Referring to fig. 10, the cellular phone includes: radio Frequency (RF) circuitry 1010, memory 1020, input unit 1030, display unit 1040, sensor 1050, audio circuitry 1060, wireless fidelity (WiFi) module 1070, processor 1080, and power source 1090. Those skilled in the art will appreciate that the handset configuration shown in fig. 10 is not intended to be limiting and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.

The following describes each component of the mobile phone in detail with reference to fig. 10:

RF circuit 1010 may be used for receiving and transmitting signals during information transmission and reception or during a call, and in particular, for processing downlink information of a base station after receiving the downlink information to processor 1080; in addition, the data for designing uplink is transmitted to the base station. In general, RF circuit 1010 includes, but is not limited to, an antenna, at least one amplifier, a transceiver, a coupler, a Low Noise Amplifier (LNA), a duplexer, and the like. In addition, the RF circuitry 1010 may also communicate with networks and other devices via wireless communications. The wireless communication may use any communication standard or protocol, including but not limited to global system for mobile communications (GSM), General Packet Radio Service (GPRS), Code Division Multiple Access (CDMA), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), email, Short Message Service (SMS), etc.

The memory 1020 can be used for storing software programs and modules, and the processor 1080 executes various functional applications and data processing of the mobile phone by operating the software programs and modules stored in the memory 1020. The memory 1020 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. Further, the memory 1020 may include high speed random access memory, and may also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device.

The input unit 1030 may be used to receive input numeric or character information and generate key signal inputs related to user settings and function control of the cellular phone. Specifically, the input unit 1030 may include a touch panel 1031 and other input devices 1032. The touch panel 1031, also referred to as a touch screen, may collect touch operations by a user (e.g., operations by a user on or near the touch panel 1031 using any suitable object or accessory such as a finger, a stylus, etc., and spaced touch operations within a certain range on the touch panel 1031) and drive corresponding connection devices according to a preset program. Alternatively, the touch panel 1031 may include two parts, a touch detection device and a touch controller. The touch detection device detects the touch direction of a user, detects a signal brought by touch operation and transmits the signal to the touch controller; the touch controller receives touch information from the touch sensing device, converts the touch information into touch point coordinates, sends the touch point coordinates to the processor 1080, and can receive and execute commands sent by the processor 1080. In addition, the touch panel 1031 may be implemented by various types such as a resistive type, a capacitive type, an infrared ray, and a surface acoustic wave. The input unit 1030 may include other input devices 1032 in addition to the touch panel 1031. In particular, other input devices 1032 may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control keys, switch keys, etc.), a track ball, a mouse, a joystick, or the like.

The display unit 1040 may be used to display information input by a user or information provided to the user and various menus of the cellular phone. The display unit 1040 may include a display panel 1041, and optionally, the display panel 1041 may be configured in the form of a Liquid Crystal Display (LCD), an organic light-emitting diode (OLED), or the like. Further, the touch panel 1031 can cover the display panel 1041, and when the touch panel 1031 detects a touch operation on or near the touch panel 1031, the touch operation is transmitted to the processor 1080 to determine the type of the touch event, and then the processor 1080 provides a corresponding visual output on the display panel 1041 according to the type of the touch event. Although in fig. 10, the touch panel 1031 and the display panel 1041 are two separate components to implement the input and output functions of the mobile phone, in some embodiments, the touch panel 1031 and the display panel 1041 may be integrated to implement the input and output functions of the mobile phone.

The handset may also include at least one sensor 1050, such as a light sensor, motion sensor, and other sensors. Specifically, the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel 1041 according to the brightness of ambient light, and the proximity sensor may turn off the display panel 1041 and/or the backlight when the mobile phone moves to the ear. As one of the motion sensors, the accelerometer sensor can detect the magnitude of acceleration in each direction (generally, three axes), can detect the magnitude and direction of gravity when stationary, and can be used for applications of recognizing the posture of a mobile phone (such as horizontal and vertical screen switching, related games, magnetometer posture calibration), vibration recognition related functions (such as pedometer and tapping), and the like; as for other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, and an infrared sensor, which can be configured on the mobile phone, further description is omitted here.

Audio circuitry 1060, speaker 1061, microphone 1062 may provide an audio interface between the user and the handset. The audio circuit 1060 can transmit the electrical signal converted from the received audio data to the speaker 1061, and the electrical signal is converted into a sound signal by the speaker 1061 and output; on the other hand, the microphone 1062 converts the collected sound signal into an electrical signal, which is received by the audio circuit 1060 and converted into audio data, which is then processed by the audio data output processor 1080 and then sent to, for example, another cellular phone via the RF circuit 1010, or output to the memory 1020 for further processing.

WiFi belongs to short-distance wireless transmission technology, and the mobile phone can help the user to send and receive e-mail, browse web pages, access streaming media, etc. through the WiFi module 1070, which provides wireless broadband internet access for the user. Although fig. 10 shows the WiFi module 1070, it is understood that it does not belong to the essential constitution of the handset, and may be omitted entirely as needed within the scope not changing the essence of the invention.

The processor 1080 is a control center of the mobile phone, connects various parts of the whole mobile phone by using various interfaces and lines, and executes various functions of the mobile phone and processes data by operating or executing software programs and/or modules stored in the memory 1020 and calling data stored in the memory 1020, thereby integrally monitoring the mobile phone. Optionally, processor 1080 may include one or more processing units; optionally, processor 1080 may integrate an application processor, which primarily handles operating systems, user interfaces, application programs, etc., and a modem processor, which primarily handles wireless communications. It is to be appreciated that the modem processor described above may not be integrated into processor 1080.

The handset also includes a power source 1090 (e.g., a battery) for powering the various components, which may optionally be logically coupled to the processor 1080 via a power management system to manage charging, discharging, and power consumption via the power management system.

Although not shown, the mobile phone may further include a camera, a bluetooth module, etc., which are not described herein.

In the embodiment of the present application, the processor 1080 included in the terminal further has a function of executing the steps of the page processing method.

Referring to fig. 11, fig. 11 is a schematic structural diagram of a server provided in the embodiment of the present application, where the server 1100 may generate large differences due to different configurations or performances, and may include one or more Central Processing Units (CPUs) 1122 (e.g., one or more processors) and a memory 1132, and one or more storage media 1130 (e.g., one or more mass storage devices) storing an application program 1142 or data 1144. Memory 1132 and storage media 1130 may be, among other things, transient storage or persistent storage. The program stored on the storage medium 1130 may include one or more modules (not shown), each of which may include a series of instruction operations for the server. Still further, the central processor 1122 may be provided in communication with the storage medium 1130 to execute a series of instruction operations in the storage medium 1130 on the server 1100.

The server 1100 may also include one or more power supplies 1126, one or more wired or wireless network interfaces 1150, one or more input-output interfaces 1158, and/or one or more operating systems 1141, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, and so forth.

The steps performed by the management apparatus in the above-described embodiment may be based on the server configuration shown in fig. 11.

Also provided in the embodiments of the present application is a computer-readable storage medium, which stores therein instructions for identifying biometric information, and when the instructions are executed on a computer, the instructions cause the computer to perform the steps performed by the apparatus for identifying biometric information in the method described in the foregoing embodiments shown in fig. 2 to 6.

Also provided in the embodiments of the present application is a computer program product including instructions for identifying biometric information, which, when run on a computer, causes the computer to perform the steps performed by the apparatus for identifying biometric information in the method described in the embodiments of fig. 2 to 6.

The embodiment of the present application further provides a system for identifying biometric information, where the system for identifying biometric information may include an apparatus for identifying biometric information in the embodiment described in fig. 7, a terminal device in the embodiment described in fig. 10, or a server described in fig. 11.

It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.

In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.

The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.

In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.

The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a biometric device, a network device, or the like) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.

The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims

1. A method for recognizing biometric information, comprising:

acquiring biological characteristic information acquired by an acquisition module, wherein the acquisition module is burnt with a unique target key;

2. The method according to claim 1, wherein the inputting the target identifier corresponding to the acquisition module and the signature encryption information into a back-end service module, so that the back-end service module verifies the signature encryption information to obtain a verification result, comprises:

processing the target identification corresponding to the acquisition module and the signature encryption information based on a network key to obtain a network encryption packet;

inputting the network encryption package into the back-end service module, so that the back-end service module decrypts the network encryption package according to the network key to obtain the module identifier and the signature encryption information;

and the back-end service module verifies the signature encryption information to obtain a verification result.

3. The method of claim 2, wherein the inputting the network encryption package into the back-end service module, so that the back-end service module decrypts the network encryption package according to the network key to obtain the module identifier and the signature encryption information, comprises:

inputting the network encryption package into the back-end service module so that the back-end service module determines identity information according to the network key;

if the identity information passes the verification, the back-end service module decrypts the network encryption packet according to the network key to obtain the module identification and the signature encryption information.

4. The method of claim 1, wherein the back-end service module decrypts the signed encrypted information based on the verification key to identify target identification information, and comprises:

the back-end service module decrypts the signature encryption information based on the verification key to obtain a target data stream;

screening the image sequence in the target data stream based on a target feature to obtain at least one target image, wherein the target feature is associated with the biological feature information;

and identifying the target image to obtain target identification information.

5. The method of claim 4, wherein the identifying the target image to obtain target identification information comprises:

acquiring depth information and infrared information corresponding to the target data stream;

extracting a depth image corresponding to the target image in the depth information;

extracting an infrared image corresponding to the target image in the infrared information;

and carrying out image recognition according to the target image, the depth image and the infrared image to obtain target recognition information.

6. The method of claim 1, further comprising:

if the verification result indicates that the target key does not correspond to the verification key, the back-end service module feeds back an abnormal identifier;

and triggering to inspect the target identifier based on the abnormal identifier so as to update the target identifier.

7. The method of claim 1, wherein the obtaining the biometric information collected by the collection module comprises:

determining a target acquisition task;

determining acquisition parameters based on the target acquisition task, wherein the acquisition parameters comprise an acquisition area and an acquisition duration;

and setting the acquisition module according to the acquisition parameters so that the acquisition module acquires the biological characteristic information.

8. The method according to any one of claims 1-7, further comprising:

acquiring module information corresponding to the acquisition module based on a target tool;

determining the target identification according to the module information;

transmitting the target identifier to the back-end service module, so that the back-end service module generates the target key and the verification key according to the target identifier, wherein the target key corresponds to the verification key;

and the back-end service module feeds the target key back to a storage module corresponding to the acquisition module for storage so as to burn the target key to the acquisition module.

9. The method of claim 8, further comprising:

and the back-end service module uploads the verification key to a cloud server for storage, and the verification key stored in the cloud server is issued in response to the input of the target identifier.

10. The method of claim 1, wherein the collection module is a camera, the biometric information is face information, and the target identifier is a serial number of a central processor.

11. A transaction method based on biometric information identification, comprising:

12. An apparatus for acquiring biometric information, comprising:

13. An apparatus for recognizing biometric information, comprising:

the acquisition unit is used for acquiring the biological characteristic information acquired by the acquisition module;

14. A computer device, the computer device comprising a processor and a memory:

the memory is used for storing program codes; the processor is configured to execute the biometric information identification method according to any one of claims 1 to 11 according to instructions in the program code.

15. A computer-readable storage medium having stored therein instructions which, when run on a computer, cause the computer to execute the method for identifying biometric information according to any one of claims 1 to 11.