CN106452746B - A kind of biological secret key intelligent code key with security threat monitoring capability - Google Patents

A kind of biological secret key intelligent code key with security threat monitoring capability Download PDF

Info

Publication number
CN106452746B
CN106452746B CN201610876763.1A CN201610876763A CN106452746B CN 106452746 B CN106452746 B CN 106452746B CN 201610876763 A CN201610876763 A CN 201610876763A CN 106452746 B CN106452746 B CN 106452746B
Authority
CN
China
Prior art keywords
template
key
biological
secret key
intelligent code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201610876763.1A
Other languages
Chinese (zh)
Other versions
CN106452746A (en
Inventor
崔军
陈泓宇
张璐
王金海
李忠献
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tianjin Polytechnic University
Original Assignee
Tianjin Polytechnic University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tianjin Polytechnic University filed Critical Tianjin Polytechnic University
Priority to CN201610876763.1A priority Critical patent/CN106452746B/en
Publication of CN106452746A publication Critical patent/CN106452746A/en
Application granted granted Critical
Publication of CN106452746B publication Critical patent/CN106452746B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention patent discloses a kind of biological secret key intelligent code key with security threat monitoring capability, it is related to following the biological secret key security system that the USBKey intelligent key system of standard and responsible key generate, it is characterised by comprising: distinguish single machine version and network version, biological template disclose with template parameter it is close deposit, intelligent code key public private key pair real-time recovery, template threaten monitoring to fetch with template parameter.Through the above way, the invention patent can carry out the security threat real-time monitoring of biological template based on honey jar and certificate, efficiently solve the problems, such as existing template attack when biological template discloses, the compatible Contemporary Digital certificate application of intelligent code key based on biological secret key, it realizes the identity when identification of fingerprint bio feature and the combination of contemporary cryptology technology to have been reached to biological characteristic application and can identify, the security targets such as undeniable, data of signing can not distort.

Description

A kind of biological secret key intelligent code key with security threat monitoring capability
Technical field
The method of the present invention belongs to bio-identification application field, is that biological feature encryption technology and Public Key Infrastructure PKI are demonstrate,proved The combination of style of calligraphy system, suitable for network securitys applications such as electronic signature, authentications based on biological characteristic.
Background technique
Internet technology is fast-developing, and under the application background of especially current cloud computing environment big data processing, people are being enjoyed While convenient by information network, network security problem is also increasingly highlighted.The biological feature encryption skill of last decade fast development Art, as new direction and new opplication that living things feature recognition and cryptography blend, to solve the key pipe under internet environment Reason problem provides opportunity.Meanwhile exempting to carry because it is intrinsic and before convenience makes it have wide application field and market Scape.
But when at present by biological feature encryption technical products, it is urgently to be resolved that there are the following problems:
1) safety is not high, and the Identity Association of physics biological characteristic and digital network identity has to be strengthened:
Digital certificate U-shield (i.e. USBKey certificate) is a kind of current safer authentication side being also widely used Method, but USBKey is based on the anti-key management mechanism harassed technology and realize " facility center management " of hardware, since user takes The USBKey of band is easy to forget or lose, there are network identity and natural person cannot direct corresponding key management security hidden danger, So that being unable to satisfy " human-centred " audit trail " everyone has responsibility " of associated internet application especially core business requirement Demand for security.Therefore, it is necessary to reinforce Identity Association in terms of two in key management: first is that when key generates, with Machine number key must directly be derived from by biological characteristic or binding indirectly, realizes the strong of natural person's physics biological characteristic and digital cipher Association;Second is that key guarantees that biological template can not be distorted in use, passing through PKI public key trust system, prevent middle-agent from attacking It hits, realizes the strong association of digital cipher and the unique ID of network identity.
2) it is too passive to protect, and the Initiative Defense of biometric templates security threat monitoring must have breakthrough:
Encryption technology based on biological characteristic is the cryptographic key protection mode of a kind of " human-centred ", the safety of key The intrinsic biological characteristic of human body is relied on, do not need to remember and is carried, it is convenient to use whenever and wherever possible.The more sides of experts and scholars at present Weight biometric templates are revocable and then realize that key can reset the correlative study of update, and achieve a large amount of research at Fruit, but for further push biological feature encryption theoretical and the key management based on biological characteristic of technical application with The research of key application technology is then relatively fewer, such as the PKI creature certificate application based on biological secret key.Especially biological characteristic The research of template security threat monitoring aspect is rarely reported with application, and current template protection algorithm cannot be to that may be present Template attack is measured in real time, this may be to cause living things feature recognition and security product that cannot be quickly applied to mutually The very main objective factor of one of networking service.
The invention patent is exactly to put forward in view of the above problems in the above context.
Summary of the invention
The biological secret key intelligence with security threat monitoring capability that the invention mainly solves the technical problem of providing a kind of Cipher key, can for present on use Identity Association and template security threat the problems such as, from biological feature encryption Technical application angle, on the basis of meeting intelligent code key relevant criterion, public private key pair that intelligent code key is related to Generation is split with storage, i.e., is generated/restored biological secret key in real time based on living body finger print and then derived and give biometrics password key The public private key pair that spoon uses.
In order to solve the above technical problems, the technical solution that the invention patent uses is:
1. a kind of biological secret key intelligent code key with security threat monitoring capability, is related to following the USBKey of standard The biological secret key security system that intelligent key system and responsible key generate characterized by comprising standalone version biology Key intelligent code key, network edition biological secret key intelligent code key, biological template disclose with template parameter it is close deposit, intelligence Cipher key public private key pair real-time recovery, template threaten monitoring to fetch with template parameter.
2. standalone version biological secret key intelligent code key: including physical characteristics collecting module, biological secret key processing module, mould Plate honey jar monitoring standard module and USBKey intelligent code key COS (Chip Operating System);Wherein, biological characteristic is adopted Collect module, the biological informations such as output minutiae point after obtaining living body finger print by fingerprint acquisition instrument and pre-process;Biological secret key Processing module realizes FuzzyVault biological secret key protection algorism based on biological information and forges certain amount biology spy Output template set and real replica parameter after sign template;Template honey jar monitoring modular, based on the real replica in template set Index constructs template honey jar and close deposits real replica parameter;USBKey intelligent code key COS, it then follows smart card standard, it is real It is now communicated based on USB interface and network with digital certificate management system, is used based on the biological information applications such as public key and template set Family signing certificate.
3. network edition biological secret key intelligent code key: including terminal intelligent cipher key, creature certificate Digital signature service, mould The monitoring service of plate honey jar;Wherein, the addressable creature certificate Digital signature service of outer net, it is close based on exit passageway forwarding terminal biology Request and response between key intelligent code key and the monitoring service of template honey jar;The only template honey jar monitoring of intranet security access Service to construct template honey jar and close deposits real replica parameter based on the real replica index in template set;Terminal intelligent is close Code key, for the standalone version biological secret key intelligent code key without template honey jar monitoring modular, it then follows smart card standard, it is real It is now communicated based on USB interface and network with digital certificate management system, is used based on the biological information applications such as public key and template set Family signing certificate, but template must be carried out in conjunction with the close template honey jar for being stored in the monitoring service of template honey jar and threaten monitoring, simultaneously To restore biological secret key and then the public and private key of biology must be derived from conjunction with the close real replica parameter for being stored in the monitoring service of template honey jar It is right.
4. biological template discloses and template parameter is close deposits: in template registration and certificate issuance stage, biological secret key handles mould Block, the biological informations such as minutiae point based on physical characteristics collecting module output, binds biological secret key and generates biological template And template parameter, and pass through the key security module and application service interface of intelligent code key, biological template is transmitted to number Word certificate management system carries out disclosure based on digital certificate extension in digital certificate;And biological secret key processing module exports Template parameter, then be encrypting storing standalone version template honey jar monitoring modular or the network edition the access of only intranet security The monitoring service of template honey jar.
5. intelligent code key public private key pair real-time recovery: standalone version or network edition biological secret key intelligent code key are not Generation does not also store private key, but in template verifying and private key signature stage, the living body acquired in conjunction with physical characteristics collecting module Fingerprint is serviced based on biological template disclosed in digital certificate extension and in template honey jar monitoring modular or the monitoring of template honey jar The close template parameter deposited, by biological secret key processing module, real-time recovery biological secret key simultaneously derives from biological public private key pair, and defeated It uses to the Encryption Algorithm service module of intelligent code key, and destroys in time after use out.
6. template threatens monitoring to fetch with template parameter: in template verifying and private key signature stage, biological secret key handles mould The creature certificate Digital signature service of block, terminal intelligent cipher key or the network edition from standalone version obtains the use comprising template set Family signing certificate is supervised in conjunction with the living body finger print that physical characteristics collecting module acquires in template honey jar monitoring modular or template honey jar Survey service carry out template threaten monitoring, could be returned safely when only passing through detection the close template parameter deposited to biological secret key at The Encryption Algorithm service module use for managing module, and then restoring and deriving biological public private key pair to intelligent code key.
The beneficial effects of the present invention are: the security threat real-time monitoring of biological template can be carried out based on honey jar and certificate, Efficiently solve the problems, such as existing template attack when biological template discloses, the intelligent code key compatibility based on biological secret key is worked as Preceding quadrature digital up-converter realizes the combination of fingerprint bio feature identification and contemporary cryptology technology, has reached biological characteristic Using when identity can identify, sign undeniably, data the security targets such as can not distort.
Detailed description of the invention
Fig. 1 is patent the general frame, elaborates a kind of biological secret key intelligent cipher key with security threat monitoring capability The main composition of spoon, including two parts, i.e. biological secret key security system, USBKey intelligent key system.
Fig. 2 is standalone version system block diagram, elaborates the system logic block diagram of standalone version biological secret key intelligent code key, packet Include physical characteristics collecting module, biological secret key processing module, template honey jar monitoring standard module and USBKey intelligent code key COS.
Fig. 3 is standalone version deployment diagram, elaborates the deployment diagram of standalone version biometrics password intelligent code key, and it is close to be related to biology Key intelligent code key, digital certificate management system and operation system certificate verification, and schematically illustrated and be based on based on deployment diagram Biological secret key intelligent code key carries out the workflow that creature certificate is signed and issued and used.
Fig. 4 is network edition system block diagram, elaborates the system logic block diagram of network edition biological secret key intelligent code key, packet Include terminal intelligent cipher key, creature certificate Digital signature service, the monitoring service of template honey jar.
Fig. 5 is network edition deployment diagram I, elaborates the deployment diagram of network edition biometrics password intelligent code key, is related to terminal Intelligent code key, creature certificate Digital signature service, template honey jar monitoring service and digital certificate management system, and based on deployment Figure schematically illustrates the workflow of template registration and certificate issuance stage.
Fig. 6 is network edition deployment diagram II, elaborates the deployment diagram of network edition biometrics password intelligent code key, is related to terminal Intelligent code key, creature certificate Digital signature service, template honey jar monitoring service, digital certificate management system and operation system card Book authenticates, and the workflow of template verifying and private key signature stage is schematically illustrated based on deployment diagram.
Specific embodiment
The preferred embodiments of the present invention will be described in detail with reference to the accompanying drawing, so that advantages and features of the invention energy It is easier to be readily appreciated by one skilled in the art, to be more clearly defined the scope of protection of the patent of the present invention.
Main idea is that the user's signature public private key pair that USBKey intelligent code key is related to is replaced with base Biological template security threat is realized in the biological public private key pair that living body finger print generates in real time, and by certificate and Honeypot Techniques Monitoring.
Specific implementation step is as follows:
1, the method for the present invention is related to biological secret key intelligent code key and consists of two parts, i.e. USBKey intelligent code key System and biological secret key security system (see Fig. 1).Wherein, 1) biological secret key security system, it is raw based on living body finger print biological characteristic At/restore biological secret key, and then biological public private key pair is derived from, while carrying out biological template security threat monitoring;2) USBKey intelligence Energy cipher key system, it then follows relevant criterion and specification, using biological public private key pair, application is signed and issued digital certificate and counted Word signature application.
2, for the biological secret key intelligent code key of standalone version, biological secret key security system is mainly by physical characteristics collecting Module, biological secret key processing module and template honey jar monitoring modular composition (see Fig. 2).Wherein, 1) in template registration and certificate label Hair stage, biological secret key processing module are close to be stored to template honey jar monitoring mould by the template set and real replica parameter of generation Block (1. see Fig. 2);2) and in template verifying and private key signature stage, biological secret key processing module, request template honey jar monitoring Module, the security threat for carrying out biological template monitor and fetch template parameter (5. see Fig. 2).
3, for the biological secret key intelligent code key of standalone version, USBKey intelligent key system is in addition to user's public private key pair Outside relevant cryptosecurity module and algorithm service module, other USBkey intelligent code key COS nucleus modules are followed Relevant criterion and specification.For example, intelligent code key submits certificate Shen to digital certificate management system by application service interface Please (3. see Fig. 2), intelligent code key carries out certificate accreditation operation to digital certificate management system by application service interface (4. see Fig. 2).
4, for the biological secret key intelligent code key of standalone version, biological secret key security system and USBKey intelligent cipher key There are internal communications interfaces between key system: 1) in template registration and certificate issuance stage, the biology of biological secret key security system The biological public key of template set and derivation is output to the key peace of USBKey intelligent key system by key handling module Full module (2. see Fig. 2), and then USBKey intelligent key system is transferred to carry out certificate request and accreditation operation (see Fig. 2 3. and 4.).2) template verifying with the private key signature stage, the biological secret key processing module of biological secret key security system, from The key security module of USBKey intelligent key system obtains digital certificate (6. see Fig. 2);Later, in biological secret key The biological secret key processing module of security system restores biological secret key and then derives biological public private key pair, and is output to USBKey The cipher key service module of intelligent key system carries out private key signature operation (7. see Fig. 2).
5, the biological secret key intelligent code key for disposing standalone version, is related to biological secret key intelligent code key, digital certificate Management system and operation system certificate verification (see Fig. 3) mainly include following FOUR EASY STEPS:
1) template registration with the certificate issuance stage, biological secret key intelligent code key, after acquiring fingerprint bio feature, Binding biological secret key simultaneously derives from biological public private key pair, construct template honey jar and it is close deposit template parameter, to digital certificate management system System is submitted template set and biological public key, is applied creature certificate (1. see Fig. 3).
2) in template registration and certificate issuance stage, biological secret key intelligent code key, from digital certificate management system, under Carry creature certificate and accreditation (2. see Fig. 3).
3) template verifying with the private key signature stage, biological secret key intelligent code key, after acquiring fingerprint bio feature, Restore biological secret key and simultaneously derive from biological public private key pair, to operation system certificate verification module, submit based on biological private key signature with Machine number (3. see Fig. 3).
4) template verifying with the private key signature stage, operation system certificate verification, after verifying creature certificate validity, base In the biological public key parsed from certificate, sign test is carried out to the certification authority of private key signature, and return authentication result is (see Fig. 3's ④)。
6, for the biological secret key intelligent code key of the network edition, biological secret key security system is mainly by physical characteristics collecting Module, biological secret key processing module, creature certificate Digital signature service and template honey jar monitoring service composition (see Fig. 4).Wherein, 1) In template registration and certificate issuance stage, biological secret key processing module, by the template set and real replica parameter of generation, warp By intelligent code key application service interface and creature certificate Digital signature service, the final close template honey jar that is stored to monitors service (see figure 4 1., 2., 3.);2) and in template verifying and private key signature stage, biological secret key processing module, via intelligent code key Application service interface and creature certificate Digital signature service, request template honey jar monitoring service, carry out the security threat prison of biological template Survey and fetch template parameter and creature certificate (see Fig. 4 8., 9., 10.).
7, for the biological secret key intelligent code key of the network edition, USBKey intelligent key system is in addition to user's public private key pair Outside relevant cryptosecurity module and algorithm service module, other USBkey intelligent code key COS nucleus modules are followed Relevant criterion and specification.For example, intelligent code key submits certificate Shen to digital certificate management system by application service interface Please (5. see Fig. 4), intelligent code key carries out certificate accreditation operation to digital certificate management system by application service interface (6. see Fig. 4).
8, for the biological secret key intelligent code key of the network edition, biological secret key security system and USBKey intelligent cipher key There are internal communications interfaces between key system: 1) in template registration and certificate issuance stage, the biology of biological secret key security system The biological public key of template set and derivation is output to the key peace of USBKey intelligent key system by key handling module Full module (4. see Fig. 4), and then USBKey intelligent key system is transferred to carry out certificate request and accreditation operation (see Fig. 4 5. and 6.).2) template verifying with the private key signature stage, the biological secret key processing module of biological secret key security system, via Intelligent code key application service interface and creature certificate Digital signature service fetch template parameter and life from the monitoring service of template honey jar Material evidence book (see Fig. 4 8., 9., 10.);Later, in the biological secret key processing module of biological secret key security system, it is close to restore biology Key derives biological public private key pair in turn, and is output to the cipher key service module of USBKey intelligent key system, carries out private Key signs operation (see Fig. 4's)。
9, it for the biological secret key intelligent code key of the network edition, specially treated about creature certificate: 1) in template infuses Volume and certificate issuance stage, after digital certificate management system signs and issues creature certificate, in addition to intelligent code key passes through application clothes Business interface carries out certificate accreditation operation (6. see Fig. 4) outside to digital certificate management system, and digital certificate management system synchronizes life Material evidence book is to creature certificate Digital signature service (7. see Fig. 4).2) current when monitoring in template verifying and private key signature stage For biometric templates there are when template security threat, template honey jar monitors Service Notification digital certificate management system grant a certificate Revocation list CRL is (see Fig. 4's), while digital certificate management system synchronizes certificate revocation list CRL to creature certificate label Name service is (see Fig. 4's)。
10, the biological secret key intelligent code key of on-premise network version is related to terminal intelligent cipher key, creature certificate signature Service, template honey jar monitoring service, digital certificate management system and operation system certificate verification (see Fig. 5 and Fig. 6), it is main to wrap Include the following two stage:
1) in template registration and certificate issuance stage, terminal intelligent cipher key is after acquiring fingerprint bio feature, binding Biological secret key simultaneously derives from biological public private key pair, generates template set and template parameter, is submitted to via creature certificate Digital signature service Template honey jar monitoring service (see Fig. 5 1., 2.), and template honey jar monitor service construction template honey jar and it is close deposit template ginseng Number;Terminal intelligent cipher key submits template set and biological public key to apply for biological card to digital certificate management system simultaneously Book (3. see Fig. 5), biological secret key intelligent code key downloads creature certificate and accreditation from digital certificate management system later (4. see Fig. 5).
2) template verifying with the private key signature stage, biological secret key intelligent code key after acquiring fingerprint bio feature, Submit biometric code to creature certificate Digital signature service (5. see Fig. 6), creature certificate Digital signature service is according to biological characteristic Identification code obtains corresponding creature certificate, and then is resolved to corresponding biological template, is submitted to template honey jar together with creature certificate Monitoring service, application template honey jar detection (6. see Fig. 6), safety returns to template parameter and indexes if not threatening Creature certificate Digital signature service (7. see Fig. 6), and then creature certificate Digital signature service returns to safely template parameter and index, biology Certificate is to terminal intelligent cipher key (8. see Fig. 6);Then terminal intelligent cipher key restores biological secret key and derives from biology After public private key pair, submitted based on biological private key signature random number (9. see Fig. 6), finally to operation system certificate verification module When operation system certificate verification template is after verifying creature certificate validity, based on the biological public key parsed from certificate, to private key The certification authority of signature carries out sign test, and return authentication result (10. see Fig. 6).
It is described above in conjunction with specific embodiment of the attached drawing to the invention patent, but these explanations cannot be understood to The range of the invention patent is limited, protection scope of the present invention is limited by appended claims, any to weigh in the present invention Change on the basis of benefit requires all is the scope of protection of the patent of the present invention.

Claims (5)

1. a kind of biological secret key intelligent code key with security threat monitoring capability is related to following the USBKey intelligence of standard The biological secret key security system that cipher key system and responsible key generate characterized by comprising standalone version biological secret key intelligence Can cipher key, network edition biological secret key intelligent code key, biological template disclose with template parameter it is close deposit, intelligent code key Public private key pair real-time recovery, template threaten monitoring to fetch with template parameter;
Wherein, standalone version biological secret key intelligent code key, including physical characteristics collecting module, biological secret key processing module, mould Plate honey jar monitoring standard module and USBKey intelligent code key Chip Operating System;Wherein, physical characteristics collecting mould Block, output minutiae point biological information after obtaining living body finger print by fingerprint acquisition instrument and pre-process;Biological secret key handles mould Block realizes Fuzzy Vault biological secret key protection algorism based on biological information and forges certain amount biometric templates Output template set and real replica parameter afterwards;Template honey jar monitoring modular, based in template set real replica index come Building template honey jar simultaneously close deposits real replica parameter;USBKey intelligent code key Chip Operating System, it then follows intelligence Energy card standard, is realized and is communicated based on USB interface and network with digital certificate management system, is believed based on biological public key and template set Breath application user's signature certificate.
2. biological secret key intelligent code key according to claim 1, it is characterised in that: network edition biological secret key is intelligently close Code key, including the monitoring service of terminal intelligent cipher key, creature certificate Digital signature service, template honey jar;Wherein, outer net may have access to Creature certificate Digital signature service, based on exit passageway forwarding terminal biological secret key intelligent code key and template honey jar monitoring service Between request and response;Only the template honey jar of intranet security access monitors service, based on the real replica index in template set To construct template honey jar and close deposit real replica parameter;Terminal intelligent cipher key, for the list without template honey jar monitoring modular Machine version biological secret key intelligent code key, it then follows smart card standard is realized based on USB interface and network and digital certificate management system System communication based on biological public key and template set information applications user's signature certificate, but must be stored in template honey jar in conjunction with close The template honey jar of monitoring service carries out template and threatens monitoring, while must be in conjunction with the close true mould for being stored in the monitoring service of template honey jar Board parameter derives from biological public private key pair to restore biological secret key in turn.
3. biological secret key intelligent code key according to claim 1, it is characterised in that: biological template is disclosed joins with template Number is close to be deposited, in template registration and certificate issuance stage, biological secret key processing module, based on the thin of physical characteristics collecting module output Node biological information binds biological secret key and generates biological template and template parameter, and passes through the close of intelligent code key Key security module and application service interface, are transmitted to digital certificate management system for biological template, in digital certificate based on number Word certificate extensions carry out disclosure;And the template parameter of biological secret key processing module output, then it is encrypting storing in standalone version The template honey jar of the only intranet security of template honey jar monitoring modular or network edition access monitors service.
4. biological secret key intelligent code key according to claim 1, it is characterised in that: intelligent code key public private key pair Real-time recovery, standalone version or network edition biological secret key intelligent code key do not generate and do not store private key yet, but test in template Card and private key signature stage, the living body finger print acquired in conjunction with physical characteristics collecting module are based on disclosed in digital certificate extension Biological template and the close template parameter deposited is serviced in template honey jar monitoring modular or the monitoring of template honey jar, is handled by biological secret key Module, real-time recovery biological secret key simultaneously derive from biological public private key pair, and export and service mould to the Encryption Algorithm of intelligent code key Block uses, and destroys in time after use.
5. biological secret key intelligent code key according to claim 1, it is characterised in that: template threatens monitoring to join with template Number is fetched, in template verifying and private key signature stage, biological secret key processing module, from the terminal intelligent cipher key of standalone version or The creature certificate Digital signature service of the network edition obtains the user's signature certificate comprising template set, adopts in conjunction with physical characteristics collecting module The living body finger print of collection carries out template and threatens monitoring, only passes through inspection in template honey jar monitoring modular or the monitoring service of template honey jar The close template parameter deposited could be returned when survey safely and gives biological secret key processing module, and then restores and derives biological public private key pair It is used to the Encryption Algorithm service module of intelligent code key.
CN201610876763.1A 2016-09-28 2016-09-28 A kind of biological secret key intelligent code key with security threat monitoring capability Expired - Fee Related CN106452746B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610876763.1A CN106452746B (en) 2016-09-28 2016-09-28 A kind of biological secret key intelligent code key with security threat monitoring capability

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610876763.1A CN106452746B (en) 2016-09-28 2016-09-28 A kind of biological secret key intelligent code key with security threat monitoring capability

Publications (2)

Publication Number Publication Date
CN106452746A CN106452746A (en) 2017-02-22
CN106452746B true CN106452746B (en) 2019-05-17

Family

ID=58173235

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610876763.1A Expired - Fee Related CN106452746B (en) 2016-09-28 2016-09-28 A kind of biological secret key intelligent code key with security threat monitoring capability

Country Status (1)

Country Link
CN (1) CN106452746B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107819571A (en) * 2017-09-29 2018-03-20 广东中科南海岸车联网技术有限公司 The generation method and device of private key
CN110460580B (en) * 2019-07-11 2022-02-22 中国银联股份有限公司 Image acquisition device, server and encryption and decryption methods
CN111490879A (en) * 2020-04-13 2020-08-04 山东确信信息产业股份有限公司 Digital certificate generation method and system based on biological characteristics
CN114143082B (en) * 2021-11-30 2023-10-13 北京天融信网络安全技术有限公司 Encryption communication method, system and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101282217A (en) * 2007-04-05 2008-10-08 华为技术有限公司 Method, apparatus and system for protecting biological attribute data
CN103873254A (en) * 2014-03-03 2014-06-18 杭州电子科技大学 Method for generating human vocal print biometric key
US8965066B1 (en) * 2013-09-16 2015-02-24 Eye Verify LLC Biometric template security and key generation

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101282217A (en) * 2007-04-05 2008-10-08 华为技术有限公司 Method, apparatus and system for protecting biological attribute data
US8965066B1 (en) * 2013-09-16 2015-02-24 Eye Verify LLC Biometric template security and key generation
CN104823203A (en) * 2013-09-16 2015-08-05 眼验有限责任公司 Biometric template security and key generation
CN103873254A (en) * 2014-03-03 2014-06-18 杭州电子科技大学 Method for generating human vocal print biometric key

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"基于指纹识别与智能卡的身份认证系统设计";宁璇;《中国优秀硕士学位论文全文数据库信息科技辑》;20100315;第I140-206页第四章
"生物特征与密码技术的融合-一种新的安全身份认证方案";张宁等;《密码学报》;20150415;第2卷(第2期);全文
"生物特征模板保护";李鹏等;《软件学报》;20090615;第20卷(第6期);全文

Also Published As

Publication number Publication date
CN106452746A (en) 2017-02-22

Similar Documents

Publication Publication Date Title
CN103679436B (en) A kind of electronic contract security system and method based on biological information identification
CN106452746B (en) A kind of biological secret key intelligent code key with security threat monitoring capability
EP2053777B1 (en) A certification method, system, and device
Joshi et al. Security vulnerabilities against fingerprint biometric system
US20030115475A1 (en) Biometrically enhanced digital certificates and system and method for making and using
EP2087641B1 (en) Fuzzy biometrics based signatures
WO2003007527A2 (en) Biometrically enhanced digital certificates and system and method for making and using
WO2003077082A2 (en) A biometric authentication system and method
CN101478541A (en) Living creature characteristic authentication method, living creature characteristic authentication system
Cavoukian et al. Advances in biometric encryption: Taking privacy by design from academic research to deployment
CN107294943A (en) A kind of biometric templates guard method with security threat monitoring capability
Feng et al. Research on mobile commerce payment management based on the face biometric authentication
Singh et al. Blockchain technology in biometric database system
Moon et al. Fuzzy fingerprint vault using multiple polynomials
Velciu et al. Bio-cryptographic authentication in cloud storage sharing
Kumar et al. Blockchain and Internet of Things (IoT) Enabled Smart E-Voting System
CN113205345A (en) Agricultural product certificate tracing system based on Ether house block chain technology and tracing method thereof
Cavoukian et al. Keynote paper: Biometric encryption: Technology for strong authentication, security and privacy
CN101127592A (en) A biological template registration method and system
Chen et al. Design of a secure medical data sharing system via an authorized mechanism
Voderhobli et al. A schema for cryptographic keys generation using hybrid biometrics
Smejkal et al. Strong authentication using dynamic biometric signature
Ren et al. Security analysis of delegable and proxy provable data possession in public cloud storage
Ma et al. Electronic contract ledger system based on blockchain technology
Ren et al. Analysis of delegable and proxy provable data possession for cloud storage

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20190517

Termination date: 20200928