CN106411533A - On-line fingerprint authentication system and method based on bidirectional privacy protection - Google Patents
On-line fingerprint authentication system and method based on bidirectional privacy protection Download PDFInfo
- Publication number
- CN106411533A CN106411533A CN201610987321.4A CN201610987321A CN106411533A CN 106411533 A CN106411533 A CN 106411533A CN 201610987321 A CN201610987321 A CN 201610987321A CN 106411533 A CN106411533 A CN 106411533A
- Authority
- CN
- China
- Prior art keywords
- user
- finger print
- data
- print identifying
- fingerprint
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- General Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Computer Networks & Wireless Communication (AREA)
- Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Collating Specific Patterns (AREA)
Abstract
The invention discloses an on-line fingerprint authentication system and method based on bidirectional privacy protection. With the system and method, a problem that bidirectional privacy protection of fingerprint data of the user and fingerprint template data is not involved in the prior art can be solved. The system is composed of a trusted center (1), a fingerprint authentication server (2), and a user terminal (3). The trusted center (1) completes system initialization, provides registration and secret key distribution for a user terminal and the fingerprint authentication server, collects a user fingerprint as an authentication template, and gives authorization of the template to a legal fingerprint authentication server in a ciphertext mode; the fingerprint authentication server (2) provides an on-line encryption fingerprint authentication service with privacy protection and returns an authentication result to the user terminal; and the user terminal (3) sends an encrypted fingerprint authentication request to the fingerprint authentication server and decrypts the reply of the fingerprint authentication server to obtain an authentication result. According to the invention, bidirectional privacy protection of the user fingerprint data and the fingerprint template data is realized and a secure on-line fingerprint authentication service is provided.
Description
Technical field
The invention belongs to field of information security technology is and in particular to a kind of online fingerprint identification system of secret protection and side
Method, can be used for providing precise and high efficiency online finger print identifying service for user terminal, and realizes to user fingerprints data and fingerprint mould
Effective secret protection of plate data.
Background technology
Development with biological identification technology and popularization, carry out authentication using biological identification technology and provide the user
More convenient service.Traditional online fingerprint identification system is gathered by service provider and stores fingerprint matching mould
Plate, when service provider needs user to provide fingerprint to carry out authentication, user terminal extracts user fingerprints and is sent to service
Provider, the fingerprint template of service provider's contrast storage, is user terminal return authentication result.However, such system by
In the secret protection being not directed to user fingerprints and fingerprint template so that the privacy of user fingerprints and these sensitive datas of fingerprint template
Seriously threatened.
In order to solve the above problems, there has been proposed some solutions, wherein:
Patent " a kind of security fingerprint recognition methodss of intelligent terminal " (application number of University of Electronic Science and Technology
CN201510179446.X application publication number CN104778393A) disclose a kind of security fingerprint recognition methodss of intelligent terminal,
The method comprises the following steps:1. fingerprint register, extracts user fingerprints and encrypts storage;2. request transmission fingerprint data is close
Key;3. receive fingerprint template data and decipher;4. carry out fingerprint matching operation.Although the method enables fingerprint template in transmission
During secret protection, the method due to encryption fingerprint template data need be decrypted into after being sent to user terminal
In plain text, then carry out matching operation, thus when attacker's certain user terminal that disguises oneself as sends certification request and will obtain this user's
Fingerprint template data is it is impossible to realize effective secret protection of fingerprint template data.
Content of the invention
Present invention aim at being directed to above-mentioned the deficiencies in the prior art, proposing a kind of online fingerprint of two-way secret protection and recognizing
Card system and method, to ensure, on the premise of normal offer finger print identifying service, to improve to user fingerprints data and fingerprint mould
The secret protection of plate data.
For achieving the above object, the online fingerprint identification system of the two-way secret protection of the present invention, including:
Trusted party (1), for completion system initialization, is that user terminal and finger print identifying server provide registration and close
Key distribute, simultaneously collection register user finger print data as certification template, and this template is licensed to ciphertext form legal
Finger print identifying server;
Finger print identifying server (2), for providing the finger print identifying service of secret protection, by directly calculating in ciphertext
Match parameter is judging whether fingerprint mates, and carries out bidirectional identity authentication when providing service and user terminal between;
User terminal (3), for sending the fingerprint encrypted as certification request to finger print identifying server, to finger print identifying
The authentication result deciphering that server returns obtains Query Result, and carries out double and finger print identifying server between when receiving service
To authentication.
For achieving the above object, the fingerprint verification method of the two-way secret protection of the present invention, comprises the following steps:
(1) systematic parameter initialization:
(1a) trusted party selects a security parameter l ∈ Z+;
(1b) trusted party passes through to run the function Gen (κ) generating bilinear map group, obtains bilinear map parameterWherein q1,q2It is the first prime number and the second prime number that length is l bit respectively,It is that rank is
The cyclic group of N, exponent number N=q1·q2,It isMaps Group, e () be bilinear map function, g is cyclic groupGeneration
Unit, h is systematic parameter;
(1c) calculate data encryption and process private keyWith corresponding public key
(1d) trusted party randomly chooses SKTA∈Zq *As the private key of oneself,Represent non-in the group of integers that rank is q
Null set, calculates and its private key SK according to the first g of generation simultaneouslyTACorresponding public key
(1e) trusted party selects symmetric encipherment algorithm E () of a safety and hash function H () of a safety;
(1f) trusted party chooses rational fingerprint matching marginal value Δd∈Zn *;
(1g) trusted party preserves the private key of oneself<q1,SKTA>, open systematic parameter
(2) registration and key distribution:
(2a) finger print identifying server S, in registration, randomly chooses SKs∈Zn *As the private key of oneself, simultaneously according to life
First g is become to calculate and its private key SKsCorresponding public keyAnd the public key PK by oneselfsSend with the relevant information of oneself
To trusted party;
(2b) user terminal UiIn registration, randomly chooseAs the private key of oneself, simultaneously first according to generating
G calculates and its private keyCorresponding public keyAnd by this public keyWith user profile be sent to credible in
The heart, the n Wesy of trusted party extraction simultaneously family fingerprint template
(2c) trusted party chooses random number k ∈ Zn *For symmetric cryptographic key, with the data encryption generating in step (1c)
The private key SB processing and public key PB constitutes parameter list<SB,PB,k>, and this parameter list is sent to the user succeeding in registration;
(2d) list to the user succeeding in registration and its public key for the trusted partyCarry out disclosure;
(3) fingerprint template encryption:
(3a) trusted party extracts user fingerprints and generates fingerprint template data and be encrypted storage;
(3b) trusted party is according to fingerprint matching marginal value Δd, hash function H () data encryption public key PB calculate comment
Estimate reference value RDm=H (PBm), constitute assessment reference data setThis reference is commented
Estimate data set RDS and be sent to all registered finger print identifying servers, wherein 0≤m≤Δd;
(4) cryptographic fingerprint template mandate:
(4a) finger print identifying server S is obtaining user UiConstruct fingerprint template authorization requests after mandate, and send this and ask
Ask to trusted party;
(4b) after trusted party receives the fingerprint template authorization requests of finger print identifying server, please to this fingerprint template mandate
The legitimacy asked is verified, if being proved to be successful, execution step (4c), and otherwise abandon this communication bag;
(4c) trusted party is by this user encryption fingerprint templateReturn to finger print identifying server S;
(5) user terminal generates finger print identifying service request:
(5a) user terminal is encrypted to the user fingerprints of collection and obtains encrypting user fingerprints dataAnd user's signature
Sigi;
(5b) user terminal will encrypt user fingerprints dataUser profile Ui, time stamp T S3With user terminal signature
SigiComposition finger print identifying service requestAnd this finger print identifying service request is sent to fingerprint recognizes
Card server;
(6) finger print identifying server providing services:
(6a) finger print identifying server receives the finger print identifying service request of user terminal transmission
Afterwards, the legitimacy of this finger print identifying service request is verified, if being proved to be successful, execution step (6b), otherwise return step
Suddenly (5a);
(6b) finger print identifying server is according to encryption user fingerprints dataWith cryptographic fingerprint template dataCarry out close
Literary composition calculates, and obtains matching result RS;
(6c) the (n+1)th dimension of finger print identifying server by utilizing asymmetric encryption function E () and encryption user fingerprints template data
Data rq'y, matching result RS is encrypted and obtains encrypting matching resultBy this encryption matching result
With time stamp T S4Collectively as the input of hash function H (), obtain Hash ValuePrivate key SK with oneselfS
This Hash Value is signedConstruction authentication result list
And this authentication result list is replied to user terminal;
(7) user terminal access authentication result:
(7a) user terminal receives the authentication result list of finger print identifying server replyIt
Afterwards, the legitimacy of this authentication result list is verified, if being proved to be successful, execution step (7b), otherwise return to step
(5a);
(7b) user terminal is using the (n+1)th dimension data rq' of encryption user fingerprints template datayRightSolved
Close, obtain identity authentication result RS, if RS is true, finger print identifying success, otherwise, finger print identifying failure.
The present invention compared with prior art, has the advantage that:
1. achieve the secret protection of user fingerprints certification request data.
Finger print data before sending service request to finger print identifying server, first to oneself for the user terminal in the present invention
It is encrypted so that the original fingerprint data of user terminal will not be obtained it is ensured that using by finger print identifying server and attacker
The secret protection of family Terminal fingerprints data.
2. achieve the secret protection of finger print identifying template data.
In the present invention, trusted party is before licensing to finger print identifying server fingerprint template, due to first entering to fingerprint template
Gone encryption so that fingerprint template data will not be obtained by finger print identifying server and attacker it is ensured that fingerprint template data
Secret protection.
3. achieve the finger print identifying service of efficiently and accurately.
By finger print identifying server by completing to encryption user fingerprints data and cryptographic fingerprint template data in the present invention
Matching primitives, and secret protection framework does not interfere with the degree of accuracy of fingerprint matching it is achieved that the finger print identifying service of efficiently and accurately.
Brief description
Fig. 1 is the system block diagram of the present invention;
Fig. 2 realizes general flow chart for the inventive method;
Fig. 3 is the sub-process figure of cryptographic fingerprint template mandate in the inventive method.
Specific embodiment
Below in conjunction with the accompanying drawings the present invention is described in further detail.
With reference to Fig. 1, the present invention includes this three big module of trusted party 1, finger print identifying server 2 and user terminal 3.Its
In:Trusted party 1, for completion system initialization, is user terminal and the offer registration of finger print identifying server and key distribution,
Gather the finger print data of register user as certification template simultaneously, and this template is licensed to legal finger print identifying with ciphertext form
Server;Finger print identifying server 2, for providing the finger print identifying service of secret protection, by directly calculating in ciphertext
Join parameter to judge whether fingerprint mates, and carry out bidirectional identity authentication when providing service and user terminal between;User is eventually
End 3, for sending cryptographic fingerprint as certification request to finger print identifying server, the certification knot that finger print identifying server is returned
Fruit deciphering obtains Query Result, and carries out bidirectional identity authentication when receiving service and finger print identifying server between.
Described trusted party 1, including:System initialization module 11, Registering modules 12, data encryption module 13, encryption
Template authorization module 14 and the safe support module of trusted party 15.
This system initialization module 11, for initialization system, generates bilinear map group, obtains the public ginseng of system
Number;
This Registering modules 12, for being user terminal and the offer registration of finger print identifying server, extracts the use succeeding in registration
The fingerprint template at family, and distribute key to the user terminal succeeding in registration and finger print identifying server;
This data encryption module 13, the fingerprint template data for the user for extracting is encrypted;
This encrypted template authorization module 14, for Certificate Authority information, and for obtaining the finger print identifying service of user's mandate
Device sends the cryptographic fingerprint matching template of corresponding user;
The safe support module of this trusted party 15, for for system initialization module 11, data encryption module 13, encryption mould
Plate authorization module 14 provides required AES and hash algorithm.
Described finger print identifying server 2, including server authentication module 21, user registration module 22, data storage mould
Block 23, the safe support module of service providing module 24 server 25.
This server authentication module 21, for generating oneself public private key pair in server registration, is carrying to user terminal
For verifying to the signature of user terminal before service, after obtaining cryptographic fingerprint authentication result, it is signed;
This user registration module 22, is used for providing the user registration, and the fingerprint template mandate to the user terminal receiving
Signature is verified, generates the fingerprint matching mould that corresponding fingerprint template authorization requests are sent to trusted party application for registration user
Plate;
This data memory module 23, is derived from the cryptographic fingerprint template of trusted party for storage;
This service providing module 24, for according to the cryptographic fingerprint data in user's request, encryption fingerprint template and
Carry out cryptogram computation in encryption user's request, and the finger print identifying obtaining result is encrypted, by cryptographic fingerprint authentication result and right
Should sign and return to user terminal;
This server security support module 25, for providing for server authentication module 21, user registration module 22, service
Module 24 provides required AES and hash algorithm.
Described user terminal 3, including user authentication module 31, service request module 32, data decryption module 33 and use
The safe support module in family 34.
This user authentication module 31, generates the public private key pair of oneself for user terminal in registration, and generates fingerprint mould
Plate authorized signature is sent to finger print identifying server, and the user service request generating is signed, and is receiving finger print identifying clothes
After the reply of business device, the signature of finger print identifying server is verified;
This service request module 32, generating user service for user terminal according to the user fingerprints data encryption of collection please
Ask, and user service request is sent to finger print identifying server with corresponding signature;
This data decryption module 33, for, after the cryptographic fingerprint authentication result receiving the transmission of finger print identifying server, leading to
Cross user terminal and decryption oprerations are executed to cryptographic fingerprint authentication result;
This user security support module 34, for for user authentication module 31, service request module 32, data decryption module
33 provide required AES and hash algorithm.
With reference to Fig. 2, the fingerprint verification method of the two-way secret protection of the present invention, comprise the steps:
Step 1, systematic parameter initializes.
1.1) trusted party selects a security parameter l ∈ Z+;
1.2) trusted party passes through to run the function Gen (κ) generating bilinear map group, obtains bilinear map parameterWherein q1,q2It is the first prime number and the second prime number that length is l bit respectively,It is that rank is
The cyclic group of N, exponent number N=q1·q2,It isMaps Group, e () be bilinear map function, g is cyclic groupGeneration
Unit, h is systematic parameter;
1.3) calculate data encryption and process private keyWith corresponding public key
1.4) trusted party randomly chooses SKTA∈Zq *As the private key of oneself,Represent non-in the group of integers that rank is q
Null set, calculates and its private key SK according to the first g of generation simultaneouslyTACorresponding public key
1.5) trusted party selects symmetric encipherment algorithm E () of a safety and hash function H () of a safety;
1.6) trusted party chooses fingerprint matching marginal value Δd∈Zn *;
1.7) trusted party preserves the private key of oneself<q1,SKTA>, open systematic parameter
Step 2, registration and key distribution.
2.1) finger print identifying server S, in registration, randomly chooses SKs∈Zn *As the private key of oneself, simultaneously according to life
First g is become to calculate and its private key SKsCorresponding public keyAnd the public key PK by oneselfsSend with the relevant information of oneself
To trusted party;
2.2) user terminal UiIn registration, randomly chooseAs the private key of oneself, simultaneously according to the first g of generation
Calculate and its private keyCorresponding public keyAnd by this public keyIt is sent to trusted party with user profile,
Trusted party extracts n Wesy family fingerprint template simultaneouslyWherein xjIt is user fingerprints template data
Jth dimension data, 1≤j≤n;
2.3) trusted party chooses random number k ∈ Zn *For symmetric cryptographic key, the private key SB being processed with data encryption and public affairs
Key PB constitutes parameter list<SB,PB,k>, and this parameter list is sent to the user succeeding in registration;
2.4) list of the open user succeeding in registration of trusted party and its public key
Step 3, fingerprint template is encrypted.
3.1) trusted party is according to the n Wesy family fingerprint template data extractedUsing right
Claim encryption key k to obtain upsetting numerical value H (k) as the input of hash function H (), calculate and add the fingerprint template data upsetting
(x'1,x'2,…,x'j,…,x'n), wherein x 'jIt is the jth dimension data adding the fingerprint template data upsetting, x 'j=xj+H
(k);
3.2) trusted party chooses n random number r1,r2,…,rj,…,rn, wherein rj∈Zn *, 1≤j≤n, and according to life
Become first g, systematic parameter h, add the fingerprint template data (x' upsetting1,x'2,…,x'j,…,x'n) data encryption public key
PB, is calculated cryptographic fingerprint template dataAnd store, whereinIt is cryptographic fingerprint
The jth dimension data of template data,fx'It is the (n+1)th dimension data of cryptographic fingerprint template data,
3.3) trusted party is according to fingerprint matching marginal value Δd, hash function H () data encryption public key PB calculate comment
Estimate reference value RDm=H (PBm), constitute assessment reference data setThis assessment reference
Whether data set will successful to judge coupling for the Hash Value that be used for searching for match parameter, and this reference assessment data set RDS is sent
To all registered finger print identifying servers, wherein 0≤m≤Δd 2.
Step 4, cryptographic fingerprint template mandate.
With reference to Fig. 3, being implemented as follows of this step:
4.1) user terminal UiWhen finger print identifying server S is registered, by information U of oneselfi, time stamp T S1Altogether
With the input as hash function H (), obtain user and authorize Hash Value H (Ui||TS1), and the private key with oneselfTo this use
Family authorizes Hash Value to be signedComposition authorized user message listSend out
Give finger print identifying server, to represent that user has agreed to for the cryptographic fingerprint template of oneself to license to finger print identifying server;
4.2) finger print identifying server first checks for user profile Ui, by time stamp T S1It is compared with current time T, if
TS1Early than T and | T-TS1|≤NT, then execution step 4.3), otherwise, abandon this communication bag, wherein NTMaximum for system is led to
Letter time delay;
4.3) finger print identifying server is by user profile UiWith time stamp T S1As the input of hash function H (), calculate miscellaneous
Gather value H (Ui||TS1), and the public key according to this userUsing bilinear map function e (), judge equationWhether set up, if the equation is set up, it is legal to sign, execution step 4.4), no
Then, abandon communication bag;
4.4) finger print identifying server is by information S of oneself, time stamp T S2Collectively as the input of hash function H (), obtain
To user authorize Hash Value H (S | | TS2), and with the private key SKS of oneself, this Hash Value is signed
Again with this Sig that signsSWith authorized user message listComposition template authorization requests information listIt is sent to trusted party, ask UiThe cryptographic fingerprint template of user;
4.5) trusted party receives the fingerprint template authorization requests of finger print identifying server, first looks at finger print identifying service
Device S and authorized user UiInformation, confirm finger print identifying server S and authorized user UiWhether all register, then by timestamp
TS2It is compared with current time T:If TS2Early than T, and | T-TS2|≤NT, then execution step 4.6), otherwise, abandon this and lead to
Letter bag, wherein NTMaximum communication time delay for system;
4.6) trusted party is by user profile UiWith time stamp T S1As input, calculate hash function H (Ui||TS1), and
Public key according to this userUsing bilinear map function e (), judge equation
Whether set up, if equation is set up, user's signature is legal, execution step 4.7), otherwise abandon communication bag;
4.7) trusted party is by finger print identifying server info S and time stamp T S2As input calculate hash function H (S | |
TS2), and the public key PK according to finger print identifying serverS, using bilinear map function e (), judge equation e (g, SigS)=e
(PKS,H(S||TS2)) whether set up, if equation is set up, the legitimate verification success of this fingerprint template authorization requests, execute step
Rapid 4.8), otherwise abandon this communication bag;
4.8) trusted party is by this user UiCryptographic fingerprint templateReturn to finger print identifying server S.
Step 5, user terminal generates finger print identifying service request.
5.1) user terminal obtains the n Wesy family finger print data of oneselfAfterwards, will be symmetrical
Encryption key k obtains upset value H (k) as the input of hash function H (), calculates and adds the user fingerprints data (y' upsetting1,
y'2,…,y'j..., y'n), wherein y'j=yj+ H (k), yjIt is the jth dimension data of user fingerprints data, y'jIt is to add to upset
The jth dimension data of user fingerprints data;
5.2) user terminal is according to the public key PB of data processing and corresponding private key SB, and adds the finger print data arrow upset
Amount (y'1,y'2,…,y'j,…,y'n), calculate encryption user fingerprints data
WhereinIt is the jth dimension data of encryption user fingerprints data,rqy' be encryption user fingerprints data n-th+
1 dimension data,
5.3) user terminal uses the public key PK of finger print identifying serverS, symmetric encipherment algorithm E () and encryption user fingerprints
DataCalculate symmetric cryptography valueAnd by this symmetric cryptography valueWith user terminal information Ui, the time
Stamp TS3Collectively as the input of hash function H (), calculate user's Hash Value
5.4) user terminal is with the private key of oneselfTo this user's Hash ValueSigned, that is,
5.5) user terminal encryption user fingerprints dataUser profile Ui, time stamp T S3With user terminal signature
SigiComposition finger print identifying service requestAnd this finger print identifying service request is sent to fingerprint recognizes
Card server.
Step 6, finger print identifying server providing services.
6.1) finger print identifying server receives the finger print identifying service request of user terminal transmission
Afterwards, by time stamp T S3It is compared with current time T, if TS3Early than T, and | T-TS3|≤NT, then execution step 6.2), no
Then, return to step 5.1), wherein NTMaximum communication time delay for system;
6.2) user terminal is by symmetric cryptography valueUser profile UiWith time stamp T S3Defeated as hash function H ()
Enter, calculate hash functionAnd the public key according to this user terminalUsing bilinear map function e
(), judges equationWhether set up, if the equation is set up, this finger print identifying
The legitimate verification success of service request, execution step 6.3), otherwise abandon this communication bag;
6.3) the private key SK of finger print identifying server by utilizing oneselfSDeciphering symmetric cryptography valueObtain encrypting user fingerprints
Data
6.4) finger print identifying server is according to user profile UiSearch for corresponding user's in cryptographic fingerprint template database
Cryptographic fingerprint template
6.5) finger print identifying server is according to encryption user fingerprints dataWith cryptographic fingerprint templateUsing bilinearity
Mapping function e (), is directly calculated match parameter in ciphertext:
6.6) finger print identifying server is by match parameter MdAs the input of hash function H (), calculate Hash Value H (Md),
And search for this Hash Value in reference to assessment data set RDS, if this Hash Value can be found, prove user fingerprints data and finger
Stricture of vagina template matching, that is, matching result RS is true, otherwise, mismatches, and that is, matching result RS is false;
6.7) the (n+1)th dimension of finger print identifying server by utilizing asymmetric encryption function E () and encryption user fingerprints template data
Data rq'y, matching result RS is encrypted and obtains encrypting matching resultBy this encryption matching resultWith time stamp T S4Collectively as the input of hash function H (), obtain Hash ValueUse again certainly
Oneself private key SKSThis Hash Value is signedConstruction authentication result listAnd this authentication result list is replied to user terminal.
Step 7, user terminal access authentication result.
7.1) user terminal receives the authentication result list of finger print identifying server replyIt
Afterwards, by time stamp T S4It is compared with current time T, if TS4Early than T, and | T-TS4|≤NT, then execution step 7.2), no
Then, return to step 5.1), wherein NTMaximum communication time delay for system;
7.2) user terminal is by encrypted resultWith time stamp T S4As the input of hash function H (), calculate miscellaneous
Gather valueAnd the public key PK according to finger print identifying serverS, using bilinear map function e (), sentence
Disconnected equationWhether set up, if the equation is set up, authentication result list
Legitimate verification success, execution step 7.3), otherwise abandon this communication bag;
7.3) user terminal is using the (n+1)th dimension data rq' of encryption user fingerprints template datayRightSolved
Close, obtain identity authentication result RS, if RS is true, finger print identifying success, otherwise, finger print identifying failure.
Above description is only example of the present invention, do not constitute any limitation of the invention it is clear that for this
For the professional in field, after having understood present invention and principle, all may be without departing substantially from the principle of the invention, structure
In the case of, carry out various corrections and the change in form and details, but these corrections based on inventive concept and change are still
Within the claims of the present invention.
Claims (10)
1. a kind of fingerprint identification system of two-way secret protection is it is characterised in that include:
Trusted party (1), for completion system initialization, is that user terminal and finger print identifying server provide registration and key to divide
Send out, gather the finger print data of register user as certification template simultaneously, and this template is licensed to legal finger in the form of ciphertext
Stricture of vagina certificate server;
Finger print identifying server (2), for providing the finger print identifying service of secret protection, by directly calculating coupling in ciphertext
Parameter is judging whether fingerprint mates, and carries out bidirectional identity authentication when providing service and user terminal between;
User terminal (3), for sending cryptographic fingerprint as certification request to finger print identifying server, to finger print identifying server
The authentication result deciphering returning obtains Query Result, and carries out bidirectional identification when receiving service and finger print identifying server between
Certification.
2. system according to claim 1 is it is characterised in that trusted party (1) includes:
System initialization module (11), for initialization system, generates bilinear map group, obtains the common parameter of system;
Registering modules (12), for being user terminal and the offer registration of finger print identifying server, extract the user's succeeding in registration
Fingerprint template, and distribute key to the user terminal succeeding in registration and finger print identifying server;
Data encryption module (13), the fingerprint template data for the user for extracting is encrypted;
Encrypted template authorization module (14), for Certificate Authority information, and sends out for obtaining the finger print identifying server of user's mandate
Send the cryptographic fingerprint matching template of corresponding user;
The safe support module of trusted party (15), for for system initialization module (11), data encryption module (13), encryption mould
Plate authorization module (14) provides required AES and hash algorithm.
3. system according to claim 1 is it is characterised in that finger print identifying server (2) includes:
Server authentication module (21), for generating oneself public private key pair in server registration, is providing clothes to user terminal
Before business, the signature of user terminal is verified, after obtaining cryptographic fingerprint authentication result, it is signed;
User registration module (22), is used for providing the user registration, and the fingerprint template authorized signature to the user terminal receiving
Verified, generated the fingerprint matching template that corresponding fingerprint template authorization requests are sent to trusted party application for registration user;
Data memory module (23), is derived from the cryptographic fingerprint template of trusted party for storage;
Service providing module (24), for according to the cryptographic fingerprint data in user's request, in fingerprint template and the encryption of encryption
Cryptogram computation is carried out on user's request, and the finger print identifying obtaining result is encrypted, by cryptographic fingerprint authentication result and corresponding label
Name returns to user terminal;
Server security support module (25), for providing for server authentication module (21), user registration module (22), service
Module (24) provides required AES and hash algorithm.
4. system according to claim 1 is it is characterised in that user terminal (3) includes:
User authentication module (31), generates the public private key pair of oneself for user terminal in registration, and generates fingerprint template and award
Right of approval name is sent to finger print identifying server, the user service request generating is signed, is receiving finger print identifying server
Reply after the signature of finger print identifying server is verified;
Service request module (32), generates user service request for user terminal according to the user fingerprints data encryption of collection,
And user service request is sent to finger print identifying server with corresponding signature;
Data decryption module (33), for receiving after the cryptographic fingerprint authentication result that finger print identifying server sends, user terminal
Decryption oprerations are executed to cryptographic fingerprint authentication result;
User security support module (34), for for user authentication module (31), service request module (32), data decryption module
(33) required AES and hash algorithm are provided.
5. a kind of fingerprint verification method of two-way secret protection, including:
(1) systematic parameter initialization:
(1a) trusted party selects a security parameter l ∈ Z+;
(1b) trusted party passes through to run the function Gen (κ) generating bilinear map group, obtains bilinear map parameterWherein q1,q2It is the first prime number and the second prime number that length is l bit respectively,It is that rank is
The cyclic group of N, exponent number N=q1·q2,It isMaps Group, e () be bilinear map function, g is cyclic groupGeneration
Unit, h is systematic parameter;
(1c) calculate data encryption and process private keyWith corresponding public key
(1d) trusted party randomly chooses SKTA∈Zq *As the private key of oneself,Represent the non-null set in the group of integers that rank is q
Close, calculated and its private key SK according to the first g of generation simultaneouslyTACorresponding public key
(1e) trusted party selects symmetric encipherment algorithm E () of a safety and hash function H () of a safety;
(1f) trusted party chooses rational fingerprint matching marginal value Δd∈Zn *;
(1g) trusted party preserves the private key of oneself<q1,SKTA>, open systematic parameter
(2) registration and key distribution:
(2a) finger print identifying server S, in registration, randomly chooses SKs∈Zn *As the private key of oneself, simultaneously according to the first g of generation
Calculate and its private key SKsCorresponding public keyAnd the public key PK by oneselfsBeing sent to the relevant information of oneself can
Letter center;
(2b) user terminal UiIn registration, randomly chooseAs the private key of oneself, calculated according to the first g of generation simultaneously
With its private keyCorresponding public keyAnd by this public keyIt is sent to trusted party with user profile, simultaneously
Trusted party extracts n Wesy family fingerprint templateWherein xjIt is the of user fingerprints template data
J dimension data, 1≤j≤n;
(2c) trusted party chooses random number k ∈ Zn *For symmetric cryptographic key, processed with the data encryption generating in step (1c)
Private key SB and public key PB constitute parameter list<SB,PB,k>, and this parameter list is sent to the user succeeding in registration;
(2d) list to the user succeeding in registration and its public key for the trusted partyCarry out disclosure;
(3) fingerprint template encryption:
(3a) trusted party extracts user fingerprints and generates fingerprint template data and be encrypted storage;
(3b) trusted party is according to fingerprint matching marginal value Δd, hash function H () data encryption public key PB calculate assessment ginseng
Examine value RDm=H (PBm), constitute assessment reference data setNumber is assessed in this reference
It is sent to all registered finger print identifying servers, wherein 0≤m≤Δ according to collection RDSd 2;
(4) cryptographic fingerprint template mandate:
(4a) finger print identifying server S is obtaining user UiConstruct fingerprint template authorization requests after mandate, and send this request to can
Letter center;
(4b) after trusted party receives the fingerprint template authorization requests of finger print identifying server, to this fingerprint template authorization requests
Legitimacy is verified, if being proved to be successful, execution step (4c), and otherwise abandon this communication bag;
(4c) trusted party is by this user encryption fingerprint templateReturn to finger print identifying server S;
(5) user terminal generates finger print identifying service request:
(5a) user terminal is encrypted to the user fingerprints of collection and obtains encrypting user fingerprints dataWith user's signature Sigi;
(5b) user terminal will encrypt user fingerprints dataUser profile Ui, time stamp T S3With user terminal signature SigiGroup
Become finger print identifying service requestAnd this finger print identifying service request is sent to finger print identifying service
Device;
(6) finger print identifying server providing services:
(6a) finger print identifying server receives the finger print identifying service request of user terminal transmissionAfterwards,
The legitimacy of this finger print identifying service request is verified, if being proved to be successful, execution step (6b), otherwise return to step
(5a);
(6b) finger print identifying server is according to encryption user fingerprints dataWith cryptographic fingerprint template dataCarry out ciphertext meter
Calculate, obtain matching result RS;
(6c) the (n+1)th dimension data of finger print identifying server by utilizing asymmetric encryption function E () and encryption user fingerprints template data
rq'y, matching result RS is encrypted and obtains encrypting matching resultBy this encryption matching resultWith when
Between stab TS4Collectively as the input of hash function H (), obtain Hash ValuePrivate key SK with oneselfSRight
This Hash Value is signedConstruction authentication result list
And this authentication result list is replied to user terminal;
(7) user terminal access authentication result:
(7a) user terminal receives the authentication result list of finger print identifying server replyAfterwards,
The legitimacy of this authentication result list is verified, if being proved to be successful, execution step (7b), otherwise return to step (5a);
(7b) user terminal is using the (n+1)th dimension data rq' of encryption user fingerprints template datayRightIt is decrypted, obtain
To identity authentication result RS, if RS is true, finger print identifying success, otherwise, finger print identifying failure.
6. in method according to claim 5, wherein step (3a), trusted party extracts user fingerprints and generates fingerprint template
Data is simultaneously encrypted storage, carries out as follows:
(3a1) trusted party is according to the n Wesy family fingerprint template data extractedUsing symmetrical
Encryption key k obtains upsetting numerical value H (k) as the input of hash function H (), calculates and adds the fingerprint template data upsetting
(x'1,x'2,…,x'j,…,x'n), wherein x 'jIt is the jth dimension data adding the fingerprint template data upsetting, x 'j=xj+H
(k);
(3a2) trusted party chooses n random number r1,r2,…,rj,…,rn∈Zn *, and according to generating first g, systematic parameter h, add
The random fingerprint template data (x' of scrambling1,x'2,…,x'j,…,x'n) data encryption public key PB, be calculated cryptographic fingerprint
Template dataWhereinIt is the jth dimension data of cryptographic fingerprint template data,fx'It is the (n+1)th dimension data of cryptographic fingerprint template data,
7. in method according to claim 5, wherein step (4a), fingerprint certificate server S is obtaining structure after user authorizes
Make fingerprint template authorization requests, carry out as follows:
(4a1) as user terminal UiWhen finger print identifying server S is registered, by information U of oneselfi, time stamp T S1Altogether
With the input as hash function H (), obtain user and authorize Hash Value H (Ui||TS1), and the private key with oneselfTo this use
Family authorizes Hash Value to be signedAnd form authorized user message list
It is sent to finger print identifying server;
(4a2) finger print identifying server first checks for user profile Ui, by time stamp T S1It is compared with current time T, if TS1
Early than T and | T-TS1|≤NTThen execute (4a3), otherwise, abandon this communication bag, wherein NTMaximum communication time delay for system;
(4a3) finger print identifying server is by user profile UiWith time stamp T S1As the input of hash function H (), calculate Hash Value
H(Ui||TS1), and the public key according to this userUsing bilinear map function e (), judge equationWhether set up, if the equation is set up, it is legal to sign, execution step (4a4), no
Then, abandon communication bag;
(4a4) finger print identifying server is by information S of oneself, time stamp T S2Collectively as the input of hash function H (), obtain
User mandate Hash Value H (S | | TS2), and the private key SK with oneselfSThis Hash Value is signed
With authorized user message listComposition template authorization requests information list
It is sent to trusted party.
8. in method according to claim 5, wherein step (4b), the legitimacy of fingerprint template authorization requests is tested
Card, is carried out as follows:
(4b1) trusted party receives the fingerprint template authorization requests of finger print identifying server, first looks at finger print identifying server S
With authorized user UiInformation, then by time stamp T S2It is compared with current time T:If TS2Early than T, and | T-TS2|≤NT, then
Execution (4b2), otherwise, abandons this communication bag, wherein NTMaximum communication time delay for system;
(4b2) trusted party is by user profile UiWith time stamp T S1As input, calculate hash function H (Ui||TS1), and according to
The public key of this userUsing bilinear map function e (), judge equation
Whether set up, if equation is set up, user's signature is legal, and execution step (4b3) otherwise abandons communication bag;
(4b3) trusted party is by finger print identifying server info S and time stamp T S2As input calculate hash function H (S | |
TS2), and the public key PK according to finger print identifying serverS, using bilinear map function e (), judge equation e (g, SigS)=e
(PKS,H(S||TS2)) whether set up, if equation is set up, the legitimate verification success of this fingerprint template authorization requests, execute step
(4c), suddenly otherwise abandon this communication bag.
9. in method according to claim 5, wherein step (5a), user terminal is encrypted to the user fingerprints of collection,
Carry out as follows:
(5a1) user terminal obtains the n Wesy family finger print data of oneselfSymmetric cryptography is close
Key k obtains upsetting H (k) as the input of hash function H (), calculates and adds the user fingerprints data (y' upsetting1,y'2,…,
y'j,…,y'n), wherein y'j=yj+ H (k), yjIt is the jth dimension data of user fingerprints data, y'jIt is to add the user upsetting to refer to
The jth dimension data of stricture of vagina data;
(5a2) user terminal is according to the public key PB of data processing and corresponding private key SB, and adds the finger print data vector upset
(y'1,y'2,…,y'j,…,y'n), calculate encryption user fingerprints data
WhereinIt is the jth dimension data of encryption user fingerprints data,rqy'Be encryption user fingerprints data n-th+
1 dimension data,
(5a3) user terminal uses the public key PK of finger print identifying serverS, symmetric encipherment algorithm E () and encryption user fingerprints number
According toCalculate symmetric cryptography valueAnd by this symmetric cryptography valueWith user terminal information Ui, timestamp
TS3Collectively as the input of hash function H (), calculate user's Hash Value
(5a4) user terminal is with the private key of oneselfTo this user's Hash ValueSigned, that is,
10. in method according to claim 5, wherein step (6b), fingerprint certificate server is according to encryption user fingerprints number
Carry out cryptogram computation according to cryptographic fingerprint template data, obtain matching result, carry out as follows:
(6b1) the private key SK of finger print identifying server by utilizing oneselfSDeciphering symmetric cryptography valueObtain encrypting user fingerprints data
(6b2) finger print identifying server is according to user profile UiThe encryption of corresponding user is searched in cryptographic fingerprint template database
Fingerprint template
(6b3) finger print identifying server is according to encryption user fingerprints dataWith cryptographic fingerprint templateReflected using bilinearity
Penetrate function e (), be calculated match parameter
(6b4) finger print identifying server is by match parameter MdAs the input of hash function H (), calculate Hash Value H (Md), and
Search for this Hash Value with reference in assessment data set RDS, if this Hash Value can be found, prove user fingerprints data and fingerprint mould
Plate mates, and matching result RS is true, otherwise mismatches, and matching result RS is false.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610987321.4A CN106411533B (en) | 2016-11-10 | 2016-11-10 | The online fingerprint identification system and method for two-way secret protection |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610987321.4A CN106411533B (en) | 2016-11-10 | 2016-11-10 | The online fingerprint identification system and method for two-way secret protection |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106411533A true CN106411533A (en) | 2017-02-15 |
CN106411533B CN106411533B (en) | 2019-07-02 |
Family
ID=59230174
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610987321.4A Active CN106411533B (en) | 2016-11-10 | 2016-11-10 | The online fingerprint identification system and method for two-way secret protection |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106411533B (en) |
Cited By (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107947934A (en) * | 2017-11-08 | 2018-04-20 | 中国银行股份有限公司 | The fingerprint recognition Verification System and method of mobile terminal based on banking system |
CN108566389A (en) * | 2018-03-28 | 2018-09-21 | 中国工商银行股份有限公司 | A kind of fingerprint identity validation method and device across application |
CN108763895A (en) * | 2018-04-28 | 2018-11-06 | Oppo广东移动通信有限公司 | Image processing method and device, electronic equipment, storage medium |
CN108964920A (en) * | 2017-05-26 | 2018-12-07 | 三星Sds株式会社 | Authentication method, user terminal and non-face-to-face authentication service server |
CN109410406A (en) * | 2018-11-14 | 2019-03-01 | 北京华大智宝电子系统有限公司 | A kind of authorization method, device and system |
CN110035032A (en) * | 2018-01-11 | 2019-07-19 | 南昌欧菲生物识别技术有限公司 | Unlocked by fingerprint method and unlocked by fingerprint system |
CN110084224A (en) * | 2019-05-08 | 2019-08-02 | 电子科技大学 | Finger print safety Verification System and method on a kind of cloud |
CN111131145A (en) * | 2019-11-08 | 2020-05-08 | 西安电子科技大学 | Management query system and method for hiding communication key nodes |
CN111131142A (en) * | 2019-10-22 | 2020-05-08 | 北京握奇智能科技有限公司 | Fingerprint authentication encryption system and method for multi-application system |
CN111177676A (en) * | 2018-11-12 | 2020-05-19 | 群光电子股份有限公司 | Verification system, verification method, and non-transitory computer-readable recording medium |
CN111682941A (en) * | 2020-05-18 | 2020-09-18 | 上海瑾琛网络科技有限公司 | Centralized identity management, distributed authentication and authorization method based on cryptography |
CN112329519A (en) * | 2020-09-21 | 2021-02-05 | 中国人民武装警察部队工程大学 | Safe online fingerprint matching method |
CN112347473A (en) * | 2020-11-06 | 2021-02-09 | 济南大学 | Machine learning security aggregation prediction method and system supporting bidirectional privacy protection |
CN112534772A (en) * | 2018-08-07 | 2021-03-19 | 微软技术许可有限责任公司 | Encryption parameter selection |
CN113114689A (en) * | 2021-04-15 | 2021-07-13 | 南京邮电大学 | Authentication method based on bilinear mapping and dot product protocol in intelligent medical treatment |
CN113452671A (en) * | 2021-05-10 | 2021-09-28 | 华东桐柏抽水蓄能发电有限责任公司 | Terminal access authentication method based on equipment identity |
CN113704728A (en) * | 2021-07-19 | 2021-11-26 | 桂林电子科技大学 | Fingerprint authentication method based on D-H key exchange and key sharing |
CN114980096A (en) * | 2022-03-18 | 2022-08-30 | 国网智能电网研究院有限公司 | Sensing terminal security guarantee method, device, equipment and medium based on equipment fingerprint |
CN117061240A (en) * | 2023-10-11 | 2023-11-14 | 北京金睛云华科技有限公司 | Verifiable fingerprint matching privacy protection method in cloud environment |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101340285A (en) * | 2007-07-05 | 2009-01-07 | 杭州中正生物认证技术有限公司 | Method and system for identity authentication by finger print USBkey |
CN102223235A (en) * | 2011-06-23 | 2011-10-19 | 甘肃农业大学 | Fingerprint characteristic template protecting method and identity authentication method in open network environment |
CN102394896A (en) * | 2011-12-13 | 2012-03-28 | 甘肃农业大学 | Privacy-protection fingerprint authentication method and system based on token |
CN104639315A (en) * | 2013-11-10 | 2015-05-20 | 航天信息股份有限公司 | Dual-authentication method and device based on identity passwords and fingerprint identification |
CN105391554A (en) * | 2015-11-09 | 2016-03-09 | 中国电子科技集团公司第三十研究所 | Method and system for realizing fingerprint matching by using ciphertext |
-
2016
- 2016-11-10 CN CN201610987321.4A patent/CN106411533B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101340285A (en) * | 2007-07-05 | 2009-01-07 | 杭州中正生物认证技术有限公司 | Method and system for identity authentication by finger print USBkey |
CN102223235A (en) * | 2011-06-23 | 2011-10-19 | 甘肃农业大学 | Fingerprint characteristic template protecting method and identity authentication method in open network environment |
CN102394896A (en) * | 2011-12-13 | 2012-03-28 | 甘肃农业大学 | Privacy-protection fingerprint authentication method and system based on token |
CN104639315A (en) * | 2013-11-10 | 2015-05-20 | 航天信息股份有限公司 | Dual-authentication method and device based on identity passwords and fingerprint identification |
CN105391554A (en) * | 2015-11-09 | 2016-03-09 | 中国电子科技集团公司第三十研究所 | Method and system for realizing fingerprint matching by using ciphertext |
Cited By (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108964920A (en) * | 2017-05-26 | 2018-12-07 | 三星Sds株式会社 | Authentication method, user terminal and non-face-to-face authentication service server |
CN107947934A (en) * | 2017-11-08 | 2018-04-20 | 中国银行股份有限公司 | The fingerprint recognition Verification System and method of mobile terminal based on banking system |
CN110035032A (en) * | 2018-01-11 | 2019-07-19 | 南昌欧菲生物识别技术有限公司 | Unlocked by fingerprint method and unlocked by fingerprint system |
CN108566389A (en) * | 2018-03-28 | 2018-09-21 | 中国工商银行股份有限公司 | A kind of fingerprint identity validation method and device across application |
CN108566389B (en) * | 2018-03-28 | 2021-02-23 | 中国工商银行股份有限公司 | Cross-application fingerprint identity authentication method and device |
CN108763895A (en) * | 2018-04-28 | 2018-11-06 | Oppo广东移动通信有限公司 | Image processing method and device, electronic equipment, storage medium |
CN108763895B (en) * | 2018-04-28 | 2021-03-30 | Oppo广东移动通信有限公司 | Image processing method and device, electronic equipment and storage medium |
CN112534772A (en) * | 2018-08-07 | 2021-03-19 | 微软技术许可有限责任公司 | Encryption parameter selection |
CN111177676A (en) * | 2018-11-12 | 2020-05-19 | 群光电子股份有限公司 | Verification system, verification method, and non-transitory computer-readable recording medium |
CN109410406A (en) * | 2018-11-14 | 2019-03-01 | 北京华大智宝电子系统有限公司 | A kind of authorization method, device and system |
CN110084224A (en) * | 2019-05-08 | 2019-08-02 | 电子科技大学 | Finger print safety Verification System and method on a kind of cloud |
CN110084224B (en) * | 2019-05-08 | 2022-08-05 | 电子科技大学 | Cloud fingerprint security authentication system and method |
CN111131142A (en) * | 2019-10-22 | 2020-05-08 | 北京握奇智能科技有限公司 | Fingerprint authentication encryption system and method for multi-application system |
CN111131145A (en) * | 2019-11-08 | 2020-05-08 | 西安电子科技大学 | Management query system and method for hiding communication key nodes |
CN111682941A (en) * | 2020-05-18 | 2020-09-18 | 上海瑾琛网络科技有限公司 | Centralized identity management, distributed authentication and authorization method based on cryptography |
CN112329519A (en) * | 2020-09-21 | 2021-02-05 | 中国人民武装警察部队工程大学 | Safe online fingerprint matching method |
CN112329519B (en) * | 2020-09-21 | 2024-01-02 | 中国人民武装警察部队工程大学 | Safe online fingerprint matching method |
CN112347473A (en) * | 2020-11-06 | 2021-02-09 | 济南大学 | Machine learning security aggregation prediction method and system supporting bidirectional privacy protection |
CN112347473B (en) * | 2020-11-06 | 2022-07-26 | 济南大学 | Machine learning security aggregation prediction method and system supporting bidirectional privacy protection |
CN113114689A (en) * | 2021-04-15 | 2021-07-13 | 南京邮电大学 | Authentication method based on bilinear mapping and dot product protocol in intelligent medical treatment |
CN113452671A (en) * | 2021-05-10 | 2021-09-28 | 华东桐柏抽水蓄能发电有限责任公司 | Terminal access authentication method based on equipment identity |
CN113704728A (en) * | 2021-07-19 | 2021-11-26 | 桂林电子科技大学 | Fingerprint authentication method based on D-H key exchange and key sharing |
CN113704728B (en) * | 2021-07-19 | 2024-03-01 | 桂林电子科技大学 | Fingerprint authentication method based on D-H key exchange and key sharing |
CN114980096A (en) * | 2022-03-18 | 2022-08-30 | 国网智能电网研究院有限公司 | Sensing terminal security guarantee method, device, equipment and medium based on equipment fingerprint |
CN117061240A (en) * | 2023-10-11 | 2023-11-14 | 北京金睛云华科技有限公司 | Verifiable fingerprint matching privacy protection method in cloud environment |
CN117061240B (en) * | 2023-10-11 | 2023-12-19 | 北京金睛云华科技有限公司 | Verifiable fingerprint matching privacy protection method in cloud environment |
Also Published As
Publication number | Publication date |
---|---|
CN106411533B (en) | 2019-07-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106411533B (en) | The online fingerprint identification system and method for two-way secret protection | |
CN109347878B (en) | Decentralized data verification and data security transaction system and method | |
CN101300808B (en) | Method and arrangement for secure autentication | |
CN107454079A (en) | Lightweight device authentication and shared key machinery of consultation based on platform of internet of things | |
CN108092776A (en) | A kind of authentication server and authentication token | |
JP2005223924A (en) | Opinion registering application for universal pervasive transaction framework | |
CN101331706A (en) | Secure threshold decryption protocol computation | |
MX2015002929A (en) | Method and system for verifying an access request. | |
JP3362780B2 (en) | Authentication method in communication system, center device, recording medium storing authentication program | |
EP2805298B1 (en) | Methods and apparatus for reliable and privacy protecting identification of parties' mutual friends and common interests | |
CN105207776A (en) | Fingerprint authentication method and system | |
CN112329519A (en) | Safe online fingerprint matching method | |
CN106096947A (en) | Half off-line anonymous method of payment based on NFC | |
CN101124767A (en) | Method and device for key generation and proving authenticity | |
CN101944216A (en) | Two-factor online transaction safety authentication method and system | |
US20100005519A1 (en) | System and method for authenticating one-time virtual secret information | |
CN109600296A (en) | A kind of certificate chain instant communicating system and its application method | |
CN108809936A (en) | A kind of intelligent mobile terminal auth method and its realization system based on Hybrid Encryption algorithm | |
CN110378135A (en) | Intimacy protection system and method based on big data analysis and trust computing | |
CN103281180B (en) | User is protected to access the bill generation method of privacy in a kind of network service | |
CN112215626A (en) | Online taxi booking system and method supporting annular order verifiable | |
KR101856530B1 (en) | Encryption system providing user cognition-based encryption protocol and method for processing on-line settlement, security apparatus and transaction approval server using thereof | |
CN108933659A (en) | A kind of authentication system and verification method of smart grid | |
Itakura et al. | Proposal on a multifactor biometric authentication method based on cryptosystem keys containing biometric signatures | |
CN114172696B (en) | Terminal authentication method for cloud edge end cooperative dual authentication in electric power Internet of things |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right | ||
TR01 | Transfer of patent right |
Effective date of registration: 20220210 Address after: 710000 room 004, F2002, 20 / F, block 4-A, Xixian financial port, Fengdong new town energy gold trade zone, Xixian new area, Xi'an City, Shaanxi Province Patentee after: Shaanxi Songyuan Mingrui Information Technology Co.,Ltd. Address before: 710071 Taibai South Road, Yanta District, Xi'an, Shaanxi Province, No. 2 Patentee before: XIDIAN University |