As Internet technology develops, users are able to transact various kinds of online activity via the Internet whenever and wherever they like. Because a great deal of online activity now involves user financial information (such as bank card numbers), security of user information has spurred an increase in the amount of current research.
Although most client providers use account numbers and passwords (including text passwords and gesture passwords) to verify user identities and thus ensure the security of user information, a risk that a password will be leaked or hacked exists. Therefore, methods to verify user identities based on biometric information of the users have arisen.
Conventionally, a client can collect a user's biometric information through a collection device in equipment where the collection device is located, extract characteristic values from the collected biometric information, and verify the user's identity based on the extracted characteristic values.
For example, when a user registers a shopping client account number via a cell phone, the shopping client collects the user's fingerprint, which serves as biometric information of the user, via a collection device of the cell phone, and extracts characteristic values from the collected fingerprint (biometric information). The cell phone can send the user's account number and the extracted characteristic values to a server for associated storage. The next time the user logs into an account, the user's fingerprint is again collected and the characteristic values extracted. The user's identity is verified based on the extracted characteristic values and the account number-related characteristic values stored in the server.
However, because the biometric information of the user, such as the fingerprint, is categorized as private user information, the equipment manufacturers typically will prohibit their equipment from directly providing collected biometric information to clients installed on the equipment to extract characteristic values. Therefore, conventionally, after the equipment collects the biometric information of the user, the equipment typically extracts the characteristic values of the biometric information based on a default extraction algorithm of the equipment and then provides the characteristic values to the client.
The equipment default extraction algorithm is typically hardwired into the equipment at the time the equipment is manufactured. The default extraction algorithms used in equipment of different equipment manufacturers are not always the same. Therefore, even if the fingerprints are from the same user, the characteristic values extracted using different extraction algorithms are to vary. As a result, different pieces of equipment are to extract different characteristic values from the same biometric information. Thus, after a user registers and stores the characteristic values of their biometric information based on one piece of equipment, on another piece of equipment, the user is unable to be verified and use the other piece of equipment normally. If the user wishes to use the account number on another piece of equipment, the user is to re-store the characteristic values of the biometric information based on the other piece of equipment.
For example, when a user registers a shopping client account number based on a cell phone, the client installed on the cell phone sends the account number and the fingerprint characteristic values extracted by the cell phone to a server for associated storage. When the user logs into the account using a personal computer (PC), characteristic values extracted by the PC are different from the characteristic values extracted by the cell phone because the PC and the cell phone implement different extraction algorithms. Therefore, after the PC sends the extracted characteristic values to a server, the server will determine that the characteristic values sent by the PC do not match the stored characteristic values associated with the account number because the stored characteristic values associated with the account number were extracted by the cell phone. Thus, the server is to refuse to let the user log into the account. If the user wishes to use the PC to log into the account, then the user is to reset the stored characteristic values associated with the account number in the server. In other words, the user resets the stored characteristic values associated with the account number in the server to the characteristic values extracted from the fingerprint by the PC. Subsequently, the user can then log into the account via the PC.
Since the default extraction algorithm of each type of equipment is different, the conventional characteristic information extraction method is inefficient for the users and wastes the network resources spent on resetting characteristic values.