A method for implementing biometric binding of a windows account password
By designing standardized processes within the Windows system and utilizing system interfaces to verify encrypted password storage, the security and compatibility issues of binding Windows account passwords with biometrics have been resolved, achieving efficient binding of various biometrics and enhanced account password security.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- BEIJING COCONUT TREE INFORMATION TECH CO LTD
- Filing Date
- 2026-03-09
- Publication Date
- 2026-07-14
AI Technical Summary
Existing biometric-based Windows account password binding schemes are not secure enough, cannot be adapted to local system accounts, and only support a single biometric feature, which violates Windows security design principles.
By designing a standardized process of 'selecting an account - entering a password - system verification - instant capture and encryption upon successful verification - feature collection - association and binding', the system utilizes the Windows system interface to verify and encrypt passwords, supports binding of multiple biometric types, and ensures the security and standardization of password acquisition processes.
It enables efficient and accurate binding of biometrics and account passwords without compromising the Windows security trust model, reducing the risk of password leakage, adapting to existing Windows local accounts, and supporting multiple biometric types.
Smart Images

Figure CN122389014A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of biometric login technology, specifically to a method for binding a Windows account password to a biometric signature. Background Technology
[0002] The statements herein are provided merely as background information in connection with this application and do not necessarily constitute prior art.
[0003] With the development of biometric recognition technology, login methods such as facial recognition and fingerprint recognition have become the direction of Windows system upgrades. The core requirement of third-party developers is to automatically submit account passwords after verifying biometrics for seamless login. However, based on its security design, Windows system adopts a strict protection mechanism for local account passwords and does not open any direct access interface to third-party applications. Existing third-party biometric binding solutions directly request and store user passwords without verifying password validity through system interfaces. They lack a strong association logic of "encryption after successful verification," resulting in a high risk of password leakage and violating system security principles. At the same time, most existing technologies only support newly created accounts, lack a standardized process for selecting existing accounts, cannot adapt to local system accounts, and mostly only support a single biometric. In summary, there is an urgent need for a third-party biometric binding solution that adapts to existing Windows local accounts, balances password acquisition security and process standardization, and supports multiple biometric types, achieving secure and efficient binding of Windows accounts and passwords to biometrics without compromising Windows' security trust model.
[0004] The prior art document (201510561366.0) discloses a facial recognition Windows system login verification system, including a facial recognition terminal for collecting and recognizing facial data; a login credential provider for providing an interface for user interaction during system login, replacing the system's default login entry; and a user facial registration program for registering and managing user facial data and other information. The facial recognition terminal communicates with the computer via a network. After the user uses the user facial registration program and the facial recognition terminal to collect facial template data, the login credential provider downloads the user's facial template data to the facial recognition terminal based on the user's input information. The user then performs facial recognition on the terminal. Upon successful recognition, the terminal returns a success message to the login credential provider, allowing the user to log in. This system directly requests and stores the user's password without verifying its correctness through the system interface, posing a high risk of password leakage, and can only perform facial recognition. Summary of the Invention
[0005] A brief overview of this application is provided below to offer a basic understanding of certain aspects thereof. It should be understood that this overview is not an exhaustive summary of the application. It is not intended to identify key or essential parts of the application, nor is it intended to limit its scope. Its purpose is merely to present certain concepts in a simplified form as a prelude to the more detailed description that follows.
[0006] This invention addresses the shortcomings of existing biometric-based Windows account password binding schemes, such as insufficient security, inability to adapt to local system accounts, and support for only a single biometric feature. It provides a method for binding Windows account passwords with biometric features, achieving a balance between password acquisition security and process standardization, adaptability to existing Windows local accounts, and support for multiple biometric types, thus enabling secure and efficient binding of accounts and biometric features.
[0007] This invention provides a method for binding Windows account passwords with biometric features, comprising at least the following steps: S1: Initiate a binding request via the startup module; S2: Select the Windows account to be bound via the account selection module; S3: Enter the password for the Windows account to be bound via the password input module; S4: The password verification module verifies the Windows account and password to be bound and generates a verification result, and performs security processing on the password based on the verification result; S5: The biometrics acquisition module collects user biometrics and generates biometric templates; S6: The data storage module associates and stores Windows accounts, passwords, and biometric templates to complete the binding.
[0008] By selecting a Windows account to be bound via the account selection module, third parties can bind existing local Windows accounts, enhancing compatibility with local accounts. Verifying the selected Windows account and the user's entered password, and then securely processing the password based on the verification result, ensures password validity and enhances the standardization and security of the password acquisition process. The biometric collection module collects the user's biometric features, and the data storage module associates and stores the biometric features, Windows account, and password, completing the binding of biometric features and Windows account password. A standardized binding process—"select account - enter password - system verification - instant capture and encryption upon successful verification - feature collection - association binding"—places password acquisition under the dual protection of explicit user authorization and authoritative system verification, achieving a balance between legality and functionality. This method is simple, standardized, and highly secure, enabling efficient and accurate binding of biometric features and account passwords without the Windows system providing any direct interface for obtaining local account passwords to third-party applications.
[0009] The method for binding a Windows account password to a biometric feature, as described in this invention, includes the following steps in step S2: S21: Read the list of existing local accounts in the Windows system; S22: Display a list of local accounts to the user; S23: The user selects the Windows account to be bound from the list of local accounts.
[0010] By reading and displaying a list of existing local accounts in the Windows system, and allowing users to select the Windows account to be bound, the existing account selection process is standardized, and local accounts adapted to the Windows system are implemented.
[0011] The method for binding a Windows account password to a biometric feature as described in this invention includes the following steps in step S4: S41: Accept the Windows account to be bound determined by the account selection module and the password entered by the password input module; S42: Calls the local account password verification interface provided by the Windows system; S43: Send the password and the Windows account to be bound to the local account password verification interface for verification; S44: The local account password verification interface generates verification results, including verification success and verification failure. S45: If the verification result is successful, the password verification module will perform security processing on the password; if the verification result is unsuccessful, the program will terminate.
[0012] By calling the local account password verification interface provided by the Windows system, the system verifies the user's entered password and the Windows account selected by the user to be bound. Based on the verification result, the password is securely processed. Windows ensures the correctness of the bound account password. The moment of successful verification is used as a technical window to securely obtain and encrypt the password, thereby breaking the technical barrier that third-party programs cannot directly obtain existing Windows account passwords. At the same time, it ensures that the plaintext password only exists briefly during the verification process, greatly reducing the risk of password credential leakage during the binding process, which complies with security development standards.
[0013] The present invention discloses a method for binding Windows account passwords based on biometrics. In step S4, the password is securely processed using an XOR encryption algorithm. By encrypting the password, the risk of password leakage is reduced, and the security of the binding is increased.
[0014] The method for binding a Windows account password to biometrics as described in this invention includes the following steps in step S5: S51: Prompts the user to enter biometric features; S52: Generate biometric templates based on biometric features.
[0015] This invention discloses a method for binding Windows account passwords using biometrics, where the user's biometrics include one or more of facial features, fingerprint features, and iris features. By acquiring facial features, fingerprint features, and iris features, binding is supported for multiple biometric types, improving the efficiency of the binding process.
[0016] This invention also provides a system for executing any of the methods provided by this invention for binding a Windows account password to a biometric feature, comprising: a startup module for initiating a binding request; an account selection module for responding to the binding request from the startup module, for reading an existing list of local accounts in the Windows system, displaying the list to the user, and allowing the user to select a Windows account to be bound from the list; a password input module for inputting the password of the Windows account to be bound; a password verification module for accepting the Windows account to be bound determined by the account selection module and the password input by the password input module, for calling the local account password verification interface provided by the Windows system, sending the password and the Windows account to be bound to the local account password verification interface for verification and generating a verification result, the verification result including verification success and verification failure, if the verification result is verification success, the password verification module performs security processing on the password, if the verification result is verification failure, the program terminates; a biometric feature acquisition module for prompting the user to enter biometric features and generating a biometric feature template based on the biometric features; and a data storage module for associating and storing the Windows account, password, and biometric feature template to complete the binding. The account selection module reads and displays a list of existing local accounts in the Windows system, allowing the user to select the Windows account to be bound. This standardizes the existing account selection process and enhances compatibility with local Windows accounts. The password input module prompts the user to actively enter their password, obtaining their permission. The password verification module calls the local account password verification interface provided by the Windows system to verify the user's entered password and the selected Windows account. Based on the verification result, the password is securely processed, ensuring the correctness of the bound account password through Windows. The successful verification moment is used as a technical window to securely obtain and encrypt the password, thus preventing third-party attacks. The program overcomes the technical barrier that prevents it from directly obtaining existing Windows account passwords. Simultaneously, it ensures that the plaintext password only exists briefly during the verification process, significantly reducing the risk of credential leakage during the binding process and complying with security development standards. Through the biometric collection module, the user's biometric features can be collected, and the data storage module associates and stores the biometric features, Windows account, and password, completing the binding of biometric features and Windows account password. By designing a standardized binding process module of "select account - enter password - system verification - instant capture and encryption upon successful verification - feature collection - association binding," the password acquisition behavior is placed under the dual protection of explicit user authorization and authoritative system verification, achieving a balance between legitimacy and functionality.
[0017] The system described in this invention includes a biometric acquisition module comprising a camera device and a biometric generation module. The camera device is used to acquire user facial data, and the biometric generation module is used to receive the facial data acquired by the camera device and generate a biometric template based on the facial data.
[0018] The system described in this invention has a startup module installed on a computer running a Windows operating system.
[0019] The system described in this invention integrates the account selection module, password input module, password verification module, biometric generation module, and data storage module into a third-party binding program, which is installed on a computer. By integrating these modules into the third-party binding program, biometric binding of Windows account passwords can be achieved through the program.
[0020] After a user binds their biometrics and account password, when logging into Windows again, the third-party binding program initiates facial recognition. Once the recognition is successful, the third-party binding program retrieves the corresponding encrypted password from local storage, decrypts it, and automatically fills it into the system login interface, completing the Windows local account login process.
[0021] The present invention has the following beneficial effects: (1) This invention allows users to actively enter their passwords and call the system interface for instant verification during the third-party program binding process. The moment of successful verification is used as a technical window to securely obtain and encrypt the password, thereby breaking the technical barrier that third-party programs cannot directly obtain existing Windows account passwords. (2) By encrypting and storing the password after successful verification, this invention ensures that the plaintext password only exists briefly during the verification process, which greatly reduces the risk of leakage of password credentials during the binding process and ensures the security of the system. (3) This invention designs a standardized binding process of “selecting an account - entering a password - system verification - instant capture and encryption upon successful verification - feature collection - association binding”, placing the password acquisition behavior under the dual protection of explicit user authorization and system verification, thus achieving the unity of legality and functionality. This method is simple in steps, standardized in process, and highly secure. It can achieve efficient and accurate password verification and biometric binding without the Windows system opening any direct access interface for local account passwords to third-party applications. (4) This invention standardizes the existing account selection process by reading and displaying the list of existing local accounts in the Windows system, allowing users to select the Windows account to be bound, and realizes local accounts adapted to the Windows system.
[0022] These and other advantages of this application will become more apparent from the following detailed description of preferred embodiments in conjunction with the accompanying drawings. Attached Figure Description
[0023] To further illustrate the above and other advantages and features of this application, the specific embodiments of this application will be described in more detail below with reference to the accompanying drawings. The drawings, together with the following detailed description, are included in and form a part of this specification. Elements having the same function and structure are indicated by the same reference numerals. It should be understood that these drawings only depict typical examples of this application and should not be considered as limiting the scope of this application.
[0024] Figure 1 This is a flowchart of a method for implementing biometric binding of Windows account passwords according to this application; Figure 2 This is a flowchart of step S2 of a method for implementing biometric binding of Windows account password according to this application; Figure 3 This is a flowchart of step S4 of a method for implementing biometric binding of Windows account password according to this application; Figure 4 This is a flowchart of step S5 of a method for implementing biometric binding of Windows account password according to this application; Figure 5 This is a schematic diagram of the structure of a system according to this application for performing any of the methods provided by this invention for binding a Windows account password to a biometric feature.
[0025] It should be noted that the accompanying drawings are not necessarily drawn to scale, but are shown only in a schematic manner without affecting the reader's understanding.
[0026] Explanation of reference numerals in the attached figures: 1. Startup module; 2. Account selection module; 3. Password input module; 4. Password verification module; 5. Biometric data collection module; 6. Data storage module. Detailed Implementation
[0027] Exemplary embodiments of this application will be described below with reference to the accompanying drawings. For clarity and brevity, not all features of actual implementations are described in the specification. However, it should be understood that many implementation-specific decisions must be made in the development of any such actual embodiment to achieve the developer's specific goals, such as complying with constraints related to the system and business, and these constraints may vary depending on the implementation. Furthermore, it should be understood that while development work can be very complex and time-consuming, such development work is merely a routine task for those skilled in the art who benefit from the content of this application.
[0028] It should also be noted that, in order to avoid obscuring this application with unnecessary details, only the equipment structure and / or processing steps closely related to the solution according to this application are shown in the accompanying drawings, while other details that are not closely related to this application are omitted.
[0029] It should be noted that, unless otherwise defined, the technical or scientific terms used in this application shall have the ordinary meaning as understood by a person with ordinary skills in the field to which this application pertains.
[0030] In the description of the embodiments of this application, "multiple" means at least two, such as two, three, etc., unless otherwise explicitly specified. Example 1
[0031] like Figure 1 As shown, a method for binding a Windows account password to biometrics includes at least the following steps: S1: Initiate a binding request via the startup module; S2: Select the Windows account to be bound via the account selection module; S3: Enter the password for the Windows account to be bound via the password input module; S4: The password verification module verifies the Windows account and password to be bound and generates a verification result, and performs security processing on the password based on the verification result; S5: The biometrics acquisition module collects the user's biometrics and generates a biometrics template; S6: The data storage module associates and stores the Windows account, password, and biometrics template to complete the binding.
[0032] In step S4, the password is processed using an XOR encryption algorithm for security purposes.
[0033] like Figure 2 As shown, step S2 includes the following steps: S21: Read the list of existing local accounts in the Windows system; S22: Display a list of local accounts to the user; S23: The user selects the Windows account to be bound from the list of local accounts.
[0034] like Figure 3 As shown, step S4 includes the following steps: S41: Accept the Windows account to be bound determined by the account selection module and the password entered by the password input module; S42: Calls the local account password verification interface provided by the Windows system; S43: Send the password and the Windows account to be bound to the local account password verification interface for verification; S44: The local account password verification interface generates verification results, including verification success and verification failure. S45: If the verification result is successful, the password verification module will perform security processing on the password; if the verification result is unsuccessful, the program will terminate.
[0035] like Figure 4 As shown, step S5 includes the following steps: S51: Prompts the user to enter biometric features; S52: Generate biometric templates based on biometric features.
[0036] User biometrics are one or more of the following: facial features, fingerprint features, and iris features.
[0037] like Figure 5As shown, a system for executing any of the methods provided by this invention for binding a Windows account password to a biometric feature includes: a startup module 1 for initiating a binding request; an account selection module 2 for responding to the binding request from the startup module 1, for reading an existing list of local accounts in the Windows system, displaying the list to the user, and allowing the user to select a Windows account to be bound from the list; a password input module 3 for inputting the password of the Windows account to be bound; a password verification module 4 for accepting the Windows account to be bound determined by the account selection module 2 and the password input by the password input module 3, for calling the local account password verification interface provided by the Windows system, sending the password and the Windows account to be bound to the local account password verification interface for verification and generating a verification result, including verification success and verification failure. If the verification result is successful, the password verification module 4 performs security processing on the password; if the verification result is unsuccessful, the program terminates; a biometric feature acquisition module 5 for prompting the user to enter biometric features and generating a biometric feature template based on the biometric features; and a data storage module 6 for associating and storing the Windows account, password, and biometric feature template to complete the binding.
[0038] The biometric acquisition module 5 includes a camera device and a biometric generation module. The camera device is used to collect user facial data, and the biometric generation module is used to receive the facial data collected by the camera device and generate a biometric template based on the facial data.
[0039] Startup module 1 is installed on a computer running the Windows operating system.
[0040] Account selection module 2, password input module 3, password verification module 4, biometric generation module, and data storage module 6 are all integrated into a third-party binding program, which is installed on a computer.
[0041] After a user binds their biometrics and account password, when logging into Windows again, the third-party binding program initiates facial recognition. Once the recognition is successful, the third-party binding program retrieves the corresponding encrypted password from local storage, decrypts it, and automatically fills it into the system login interface, completing the Windows local account login process.
[0042] Regarding the embodiments of this application, it should also be noted that, without conflict, the embodiments of this application and the features in the embodiments can be combined with each other to obtain new embodiments.
[0043] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. The scope of protection of this application shall be determined by the scope of the claims.
Claims
1. A method for binding Windows account passwords with biometric features, characterized in that, At least the following steps are included: S1: Initiate a binding request via the startup module; S2: Select the Windows account to be bound via the account selection module; S3: Enter the password for the Windows account to be bound via the password input module; S4: The password verification module verifies the Windows account to be bound and the password and generates a verification result, and performs security processing on the password based on the verification result; S5: The biometrics acquisition module collects user biometrics and generates biometric templates; S6: The data storage module associates and stores the Windows account, the password, and the biometric template to complete the binding.
2. The method for binding a Windows account password to a biometric feature according to claim 1, characterized in that, Step S2 includes the following steps: S21: Read the list of existing local accounts in the Windows system. S22: Display the local account list to the user; S23: The user selects the Windows account to be bound from the list of local accounts.
3. The method for binding a Windows account password to a biometric feature according to claim 1, characterized in that, Step S4 includes the following steps: S41: Accept the Windows account to be bound determined by the account selection module and the password entered by the password input module; S42: Calls the local account password verification interface provided by the Windows system; S43: Send the password and the Windows account to be bound to the local account password verification interface for verification; S44: The local account password verification interface generates the verification result, which includes verification success and verification failure; S45: If the verification result is successful, the password verification module performs security processing on the password; if the verification result is unsuccessful, the program terminates.
4. The method for binding a Windows account password to a biometric feature according to claim 1, characterized in that, In step S4, the password is processed using an XOR encryption algorithm for security purposes.
5. The method for binding a Windows account password to a biometric feature according to claim 1, characterized in that, The S5 step includes the following steps: S51: Prompts the user to enter biometric features; S52: Generate the biometric template based on the biometric features.
6. The method for binding a Windows account password to a biometric feature according to claim 1, characterized in that, The user's biometric features are one or more of facial features, fingerprint features, and iris features.
7. A system for executing the method for implementing biometric binding of Windows account passwords as described in any one of claims 1 to 6, characterized in that, include: The startup module (1) is used to initiate a binding request; The account selection module (2) is used to respond to the binding request of the startup module (1), read the existing local account list in the Windows system, display the local account list to the user, and allow the user to select the Windows account to be bound from the local account list; Password input module (3) is used to input the password of the Windows account to be bound; The password verification module (4) is used to accept the Windows account to be bound determined by the account selection module (2) and the password input by the password input module (3). It is used to call the local account password verification interface provided by the Windows system, send the password and the Windows account to be bound to the local account password verification interface for verification and generate a verification result. The verification result includes verification success and verification failure. If the verification result is verification success, the password verification module (4) performs security processing on the password. If the verification result is verification failure, the program is terminated. The biometric acquisition module (5) is used to prompt the user to enter biometric features and generate the biometric template based on the biometric features; The data storage module (6) is used to associate and store the Windows account, the password and the biometric template to complete the binding.
8. The system according to claim 7, characterized in that, The biometric acquisition module (5) includes a camera device and a biometric generation module, wherein, The camera device is used to collect user facial data, and the biometric generation module is used to receive the facial data collected by the camera device and generate the biometric template based on the facial data.
9. The system according to claim 7, characterized in that, The startup module (1) is installed on a computer running the Windows operating system.
10. The system according to any one of claims 7 to 9, characterized in that, The account selection module (2), the password input module (3), the password verification module (4), the biometric generation module, and the data storage module (6) are all integrated into a third-party binding program, which is installed on the computer.