CN106452746B - A kind of biological secret key intelligent code key with security threat monitoring capability - Google Patents
A kind of biological secret key intelligent code key with security threat monitoring capability Download PDFInfo
- Publication number
- CN106452746B CN106452746B CN201610876763.1A CN201610876763A CN106452746B CN 106452746 B CN106452746 B CN 106452746B CN 201610876763 A CN201610876763 A CN 201610876763A CN 106452746 B CN106452746 B CN 106452746B
- Authority
- CN
- China
- Prior art keywords
- template
- key
- biological
- secret key
- intelligent code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Life Sciences & Earth Sciences (AREA)
- Biodiversity & Conservation Biology (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention patent discloses a kind of biological secret key intelligent code key with security threat monitoring capability, it is related to following the biological secret key security system that the USBKey intelligent key system of standard and responsible key generate, it is characterised by comprising: distinguish single machine version and network version, biological template disclose with template parameter it is close deposit, intelligent code key public private key pair real-time recovery, template threaten monitoring to fetch with template parameter.Through the above way, the invention patent can carry out the security threat real-time monitoring of biological template based on honey jar and certificate, efficiently solve the problems, such as existing template attack when biological template discloses, the compatible Contemporary Digital certificate application of intelligent code key based on biological secret key, it realizes the identity when identification of fingerprint bio feature and the combination of contemporary cryptology technology to have been reached to biological characteristic application and can identify, the security targets such as undeniable, data of signing can not distort.
Description
Technical field
The method of the present invention belongs to bio-identification application field, is that biological feature encryption technology and Public Key Infrastructure PKI are demonstrate,proved
The combination of style of calligraphy system, suitable for network securitys applications such as electronic signature, authentications based on biological characteristic.
Background technique
Internet technology is fast-developing, and under the application background of especially current cloud computing environment big data processing, people are being enjoyed
While convenient by information network, network security problem is also increasingly highlighted.The biological feature encryption skill of last decade fast development
Art, as new direction and new opplication that living things feature recognition and cryptography blend, to solve the key pipe under internet environment
Reason problem provides opportunity.Meanwhile exempting to carry because it is intrinsic and before convenience makes it have wide application field and market
Scape.
But when at present by biological feature encryption technical products, it is urgently to be resolved that there are the following problems:
1) safety is not high, and the Identity Association of physics biological characteristic and digital network identity has to be strengthened:
Digital certificate U-shield (i.e. USBKey certificate) is a kind of current safer authentication side being also widely used
Method, but USBKey is based on the anti-key management mechanism harassed technology and realize " facility center management " of hardware, since user takes
The USBKey of band is easy to forget or lose, there are network identity and natural person cannot direct corresponding key management security hidden danger,
So that being unable to satisfy " human-centred " audit trail " everyone has responsibility " of associated internet application especially core business requirement
Demand for security.Therefore, it is necessary to reinforce Identity Association in terms of two in key management: first is that when key generates, with
Machine number key must directly be derived from by biological characteristic or binding indirectly, realizes the strong of natural person's physics biological characteristic and digital cipher
Association;Second is that key guarantees that biological template can not be distorted in use, passing through PKI public key trust system, prevent middle-agent from attacking
It hits, realizes the strong association of digital cipher and the unique ID of network identity.
2) it is too passive to protect, and the Initiative Defense of biometric templates security threat monitoring must have breakthrough:
Encryption technology based on biological characteristic is the cryptographic key protection mode of a kind of " human-centred ", the safety of key
The intrinsic biological characteristic of human body is relied on, do not need to remember and is carried, it is convenient to use whenever and wherever possible.The more sides of experts and scholars at present
Weight biometric templates are revocable and then realize that key can reset the correlative study of update, and achieve a large amount of research at
Fruit, but for further push biological feature encryption theoretical and the key management based on biological characteristic of technical application with
The research of key application technology is then relatively fewer, such as the PKI creature certificate application based on biological secret key.Especially biological characteristic
The research of template security threat monitoring aspect is rarely reported with application, and current template protection algorithm cannot be to that may be present
Template attack is measured in real time, this may be to cause living things feature recognition and security product that cannot be quickly applied to mutually
The very main objective factor of one of networking service.
The invention patent is exactly to put forward in view of the above problems in the above context.
Summary of the invention
The biological secret key intelligence with security threat monitoring capability that the invention mainly solves the technical problem of providing a kind of
Cipher key, can for present on use Identity Association and template security threat the problems such as, from biological feature encryption
Technical application angle, on the basis of meeting intelligent code key relevant criterion, public private key pair that intelligent code key is related to
Generation is split with storage, i.e., is generated/restored biological secret key in real time based on living body finger print and then derived and give biometrics password key
The public private key pair that spoon uses.
In order to solve the above technical problems, the technical solution that the invention patent uses is:
1. a kind of biological secret key intelligent code key with security threat monitoring capability, is related to following the USBKey of standard
The biological secret key security system that intelligent key system and responsible key generate characterized by comprising standalone version biology
Key intelligent code key, network edition biological secret key intelligent code key, biological template disclose with template parameter it is close deposit, intelligence
Cipher key public private key pair real-time recovery, template threaten monitoring to fetch with template parameter.
2. standalone version biological secret key intelligent code key: including physical characteristics collecting module, biological secret key processing module, mould
Plate honey jar monitoring standard module and USBKey intelligent code key COS (Chip Operating System);Wherein, biological characteristic is adopted
Collect module, the biological informations such as output minutiae point after obtaining living body finger print by fingerprint acquisition instrument and pre-process;Biological secret key
Processing module realizes FuzzyVault biological secret key protection algorism based on biological information and forges certain amount biology spy
Output template set and real replica parameter after sign template;Template honey jar monitoring modular, based on the real replica in template set
Index constructs template honey jar and close deposits real replica parameter;USBKey intelligent code key COS, it then follows smart card standard, it is real
It is now communicated based on USB interface and network with digital certificate management system, is used based on the biological information applications such as public key and template set
Family signing certificate.
3. network edition biological secret key intelligent code key: including terminal intelligent cipher key, creature certificate Digital signature service, mould
The monitoring service of plate honey jar;Wherein, the addressable creature certificate Digital signature service of outer net, it is close based on exit passageway forwarding terminal biology
Request and response between key intelligent code key and the monitoring service of template honey jar;The only template honey jar monitoring of intranet security access
Service to construct template honey jar and close deposits real replica parameter based on the real replica index in template set;Terminal intelligent is close
Code key, for the standalone version biological secret key intelligent code key without template honey jar monitoring modular, it then follows smart card standard, it is real
It is now communicated based on USB interface and network with digital certificate management system, is used based on the biological information applications such as public key and template set
Family signing certificate, but template must be carried out in conjunction with the close template honey jar for being stored in the monitoring service of template honey jar and threaten monitoring, simultaneously
To restore biological secret key and then the public and private key of biology must be derived from conjunction with the close real replica parameter for being stored in the monitoring service of template honey jar
It is right.
4. biological template discloses and template parameter is close deposits: in template registration and certificate issuance stage, biological secret key handles mould
Block, the biological informations such as minutiae point based on physical characteristics collecting module output, binds biological secret key and generates biological template
And template parameter, and pass through the key security module and application service interface of intelligent code key, biological template is transmitted to number
Word certificate management system carries out disclosure based on digital certificate extension in digital certificate;And biological secret key processing module exports
Template parameter, then be encrypting storing standalone version template honey jar monitoring modular or the network edition the access of only intranet security
The monitoring service of template honey jar.
5. intelligent code key public private key pair real-time recovery: standalone version or network edition biological secret key intelligent code key are not
Generation does not also store private key, but in template verifying and private key signature stage, the living body acquired in conjunction with physical characteristics collecting module
Fingerprint is serviced based on biological template disclosed in digital certificate extension and in template honey jar monitoring modular or the monitoring of template honey jar
The close template parameter deposited, by biological secret key processing module, real-time recovery biological secret key simultaneously derives from biological public private key pair, and defeated
It uses to the Encryption Algorithm service module of intelligent code key, and destroys in time after use out.
6. template threatens monitoring to fetch with template parameter: in template verifying and private key signature stage, biological secret key handles mould
The creature certificate Digital signature service of block, terminal intelligent cipher key or the network edition from standalone version obtains the use comprising template set
Family signing certificate is supervised in conjunction with the living body finger print that physical characteristics collecting module acquires in template honey jar monitoring modular or template honey jar
Survey service carry out template threaten monitoring, could be returned safely when only passing through detection the close template parameter deposited to biological secret key at
The Encryption Algorithm service module use for managing module, and then restoring and deriving biological public private key pair to intelligent code key.
The beneficial effects of the present invention are: the security threat real-time monitoring of biological template can be carried out based on honey jar and certificate,
Efficiently solve the problems, such as existing template attack when biological template discloses, the intelligent code key compatibility based on biological secret key is worked as
Preceding quadrature digital up-converter realizes the combination of fingerprint bio feature identification and contemporary cryptology technology, has reached biological characteristic
Using when identity can identify, sign undeniably, data the security targets such as can not distort.
Detailed description of the invention
Fig. 1 is patent the general frame, elaborates a kind of biological secret key intelligent cipher key with security threat monitoring capability
The main composition of spoon, including two parts, i.e. biological secret key security system, USBKey intelligent key system.
Fig. 2 is standalone version system block diagram, elaborates the system logic block diagram of standalone version biological secret key intelligent code key, packet
Include physical characteristics collecting module, biological secret key processing module, template honey jar monitoring standard module and USBKey intelligent code key COS.
Fig. 3 is standalone version deployment diagram, elaborates the deployment diagram of standalone version biometrics password intelligent code key, and it is close to be related to biology
Key intelligent code key, digital certificate management system and operation system certificate verification, and schematically illustrated and be based on based on deployment diagram
Biological secret key intelligent code key carries out the workflow that creature certificate is signed and issued and used.
Fig. 4 is network edition system block diagram, elaborates the system logic block diagram of network edition biological secret key intelligent code key, packet
Include terminal intelligent cipher key, creature certificate Digital signature service, the monitoring service of template honey jar.
Fig. 5 is network edition deployment diagram I, elaborates the deployment diagram of network edition biometrics password intelligent code key, is related to terminal
Intelligent code key, creature certificate Digital signature service, template honey jar monitoring service and digital certificate management system, and based on deployment
Figure schematically illustrates the workflow of template registration and certificate issuance stage.
Fig. 6 is network edition deployment diagram II, elaborates the deployment diagram of network edition biometrics password intelligent code key, is related to terminal
Intelligent code key, creature certificate Digital signature service, template honey jar monitoring service, digital certificate management system and operation system card
Book authenticates, and the workflow of template verifying and private key signature stage is schematically illustrated based on deployment diagram.
Specific embodiment
The preferred embodiments of the present invention will be described in detail with reference to the accompanying drawing, so that advantages and features of the invention energy
It is easier to be readily appreciated by one skilled in the art, to be more clearly defined the scope of protection of the patent of the present invention.
Main idea is that the user's signature public private key pair that USBKey intelligent code key is related to is replaced with base
Biological template security threat is realized in the biological public private key pair that living body finger print generates in real time, and by certificate and Honeypot Techniques
Monitoring.
Specific implementation step is as follows:
1, the method for the present invention is related to biological secret key intelligent code key and consists of two parts, i.e. USBKey intelligent code key
System and biological secret key security system (see Fig. 1).Wherein, 1) biological secret key security system, it is raw based on living body finger print biological characteristic
At/restore biological secret key, and then biological public private key pair is derived from, while carrying out biological template security threat monitoring;2) USBKey intelligence
Energy cipher key system, it then follows relevant criterion and specification, using biological public private key pair, application is signed and issued digital certificate and counted
Word signature application.
2, for the biological secret key intelligent code key of standalone version, biological secret key security system is mainly by physical characteristics collecting
Module, biological secret key processing module and template honey jar monitoring modular composition (see Fig. 2).Wherein, 1) in template registration and certificate label
Hair stage, biological secret key processing module are close to be stored to template honey jar monitoring mould by the template set and real replica parameter of generation
Block (1. see Fig. 2);2) and in template verifying and private key signature stage, biological secret key processing module, request template honey jar monitoring
Module, the security threat for carrying out biological template monitor and fetch template parameter (5. see Fig. 2).
3, for the biological secret key intelligent code key of standalone version, USBKey intelligent key system is in addition to user's public private key pair
Outside relevant cryptosecurity module and algorithm service module, other USBkey intelligent code key COS nucleus modules are followed
Relevant criterion and specification.For example, intelligent code key submits certificate Shen to digital certificate management system by application service interface
Please (3. see Fig. 2), intelligent code key carries out certificate accreditation operation to digital certificate management system by application service interface
(4. see Fig. 2).
4, for the biological secret key intelligent code key of standalone version, biological secret key security system and USBKey intelligent cipher key
There are internal communications interfaces between key system: 1) in template registration and certificate issuance stage, the biology of biological secret key security system
The biological public key of template set and derivation is output to the key peace of USBKey intelligent key system by key handling module
Full module (2. see Fig. 2), and then USBKey intelligent key system is transferred to carry out certificate request and accreditation operation (see Fig. 2
3. and 4.).2) template verifying with the private key signature stage, the biological secret key processing module of biological secret key security system, from
The key security module of USBKey intelligent key system obtains digital certificate (6. see Fig. 2);Later, in biological secret key
The biological secret key processing module of security system restores biological secret key and then derives biological public private key pair, and is output to USBKey
The cipher key service module of intelligent key system carries out private key signature operation (7. see Fig. 2).
5, the biological secret key intelligent code key for disposing standalone version, is related to biological secret key intelligent code key, digital certificate
Management system and operation system certificate verification (see Fig. 3) mainly include following FOUR EASY STEPS:
1) template registration with the certificate issuance stage, biological secret key intelligent code key, after acquiring fingerprint bio feature,
Binding biological secret key simultaneously derives from biological public private key pair, construct template honey jar and it is close deposit template parameter, to digital certificate management system
System is submitted template set and biological public key, is applied creature certificate (1. see Fig. 3).
2) in template registration and certificate issuance stage, biological secret key intelligent code key, from digital certificate management system, under
Carry creature certificate and accreditation (2. see Fig. 3).
3) template verifying with the private key signature stage, biological secret key intelligent code key, after acquiring fingerprint bio feature,
Restore biological secret key and simultaneously derive from biological public private key pair, to operation system certificate verification module, submit based on biological private key signature with
Machine number (3. see Fig. 3).
4) template verifying with the private key signature stage, operation system certificate verification, after verifying creature certificate validity, base
In the biological public key parsed from certificate, sign test is carried out to the certification authority of private key signature, and return authentication result is (see Fig. 3's
④)。
6, for the biological secret key intelligent code key of the network edition, biological secret key security system is mainly by physical characteristics collecting
Module, biological secret key processing module, creature certificate Digital signature service and template honey jar monitoring service composition (see Fig. 4).Wherein, 1)
In template registration and certificate issuance stage, biological secret key processing module, by the template set and real replica parameter of generation, warp
By intelligent code key application service interface and creature certificate Digital signature service, the final close template honey jar that is stored to monitors service (see figure
4 1., 2., 3.);2) and in template verifying and private key signature stage, biological secret key processing module, via intelligent code key
Application service interface and creature certificate Digital signature service, request template honey jar monitoring service, carry out the security threat prison of biological template
Survey and fetch template parameter and creature certificate (see Fig. 4 8., 9., 10.).
7, for the biological secret key intelligent code key of the network edition, USBKey intelligent key system is in addition to user's public private key pair
Outside relevant cryptosecurity module and algorithm service module, other USBkey intelligent code key COS nucleus modules are followed
Relevant criterion and specification.For example, intelligent code key submits certificate Shen to digital certificate management system by application service interface
Please (5. see Fig. 4), intelligent code key carries out certificate accreditation operation to digital certificate management system by application service interface
(6. see Fig. 4).
8, for the biological secret key intelligent code key of the network edition, biological secret key security system and USBKey intelligent cipher key
There are internal communications interfaces between key system: 1) in template registration and certificate issuance stage, the biology of biological secret key security system
The biological public key of template set and derivation is output to the key peace of USBKey intelligent key system by key handling module
Full module (4. see Fig. 4), and then USBKey intelligent key system is transferred to carry out certificate request and accreditation operation (see Fig. 4
5. and 6.).2) template verifying with the private key signature stage, the biological secret key processing module of biological secret key security system, via
Intelligent code key application service interface and creature certificate Digital signature service fetch template parameter and life from the monitoring service of template honey jar
Material evidence book (see Fig. 4 8., 9., 10.);Later, in the biological secret key processing module of biological secret key security system, it is close to restore biology
Key derives biological public private key pair in turn, and is output to the cipher key service module of USBKey intelligent key system, carries out private
Key signs operation (see Fig. 4's)。
9, it for the biological secret key intelligent code key of the network edition, specially treated about creature certificate: 1) in template infuses
Volume and certificate issuance stage, after digital certificate management system signs and issues creature certificate, in addition to intelligent code key passes through application clothes
Business interface carries out certificate accreditation operation (6. see Fig. 4) outside to digital certificate management system, and digital certificate management system synchronizes life
Material evidence book is to creature certificate Digital signature service (7. see Fig. 4).2) current when monitoring in template verifying and private key signature stage
For biometric templates there are when template security threat, template honey jar monitors Service Notification digital certificate management system grant a certificate
Revocation list CRL is (see Fig. 4's), while digital certificate management system synchronizes certificate revocation list CRL to creature certificate label
Name service is (see Fig. 4's)。
10, the biological secret key intelligent code key of on-premise network version is related to terminal intelligent cipher key, creature certificate signature
Service, template honey jar monitoring service, digital certificate management system and operation system certificate verification (see Fig. 5 and Fig. 6), it is main to wrap
Include the following two stage:
1) in template registration and certificate issuance stage, terminal intelligent cipher key is after acquiring fingerprint bio feature, binding
Biological secret key simultaneously derives from biological public private key pair, generates template set and template parameter, is submitted to via creature certificate Digital signature service
Template honey jar monitoring service (see Fig. 5 1., 2.), and template honey jar monitor service construction template honey jar and it is close deposit template ginseng
Number;Terminal intelligent cipher key submits template set and biological public key to apply for biological card to digital certificate management system simultaneously
Book (3. see Fig. 5), biological secret key intelligent code key downloads creature certificate and accreditation from digital certificate management system later
(4. see Fig. 5).
2) template verifying with the private key signature stage, biological secret key intelligent code key after acquiring fingerprint bio feature,
Submit biometric code to creature certificate Digital signature service (5. see Fig. 6), creature certificate Digital signature service is according to biological characteristic
Identification code obtains corresponding creature certificate, and then is resolved to corresponding biological template, is submitted to template honey jar together with creature certificate
Monitoring service, application template honey jar detection (6. see Fig. 6), safety returns to template parameter and indexes if not threatening
Creature certificate Digital signature service (7. see Fig. 6), and then creature certificate Digital signature service returns to safely template parameter and index, biology
Certificate is to terminal intelligent cipher key (8. see Fig. 6);Then terminal intelligent cipher key restores biological secret key and derives from biology
After public private key pair, submitted based on biological private key signature random number (9. see Fig. 6), finally to operation system certificate verification module
When operation system certificate verification template is after verifying creature certificate validity, based on the biological public key parsed from certificate, to private key
The certification authority of signature carries out sign test, and return authentication result (10. see Fig. 6).
It is described above in conjunction with specific embodiment of the attached drawing to the invention patent, but these explanations cannot be understood to
The range of the invention patent is limited, protection scope of the present invention is limited by appended claims, any to weigh in the present invention
Change on the basis of benefit requires all is the scope of protection of the patent of the present invention.
Claims (5)
1. a kind of biological secret key intelligent code key with security threat monitoring capability is related to following the USBKey intelligence of standard
The biological secret key security system that cipher key system and responsible key generate characterized by comprising standalone version biological secret key intelligence
Can cipher key, network edition biological secret key intelligent code key, biological template disclose with template parameter it is close deposit, intelligent code key
Public private key pair real-time recovery, template threaten monitoring to fetch with template parameter;
Wherein, standalone version biological secret key intelligent code key, including physical characteristics collecting module, biological secret key processing module, mould
Plate honey jar monitoring standard module and USBKey intelligent code key Chip Operating System;Wherein, physical characteristics collecting mould
Block, output minutiae point biological information after obtaining living body finger print by fingerprint acquisition instrument and pre-process;Biological secret key handles mould
Block realizes Fuzzy Vault biological secret key protection algorism based on biological information and forges certain amount biometric templates
Output template set and real replica parameter afterwards;Template honey jar monitoring modular, based in template set real replica index come
Building template honey jar simultaneously close deposits real replica parameter;USBKey intelligent code key Chip Operating System, it then follows intelligence
Energy card standard, is realized and is communicated based on USB interface and network with digital certificate management system, is believed based on biological public key and template set
Breath application user's signature certificate.
2. biological secret key intelligent code key according to claim 1, it is characterised in that: network edition biological secret key is intelligently close
Code key, including the monitoring service of terminal intelligent cipher key, creature certificate Digital signature service, template honey jar;Wherein, outer net may have access to
Creature certificate Digital signature service, based on exit passageway forwarding terminal biological secret key intelligent code key and template honey jar monitoring service
Between request and response;Only the template honey jar of intranet security access monitors service, based on the real replica index in template set
To construct template honey jar and close deposit real replica parameter;Terminal intelligent cipher key, for the list without template honey jar monitoring modular
Machine version biological secret key intelligent code key, it then follows smart card standard is realized based on USB interface and network and digital certificate management system
System communication based on biological public key and template set information applications user's signature certificate, but must be stored in template honey jar in conjunction with close
The template honey jar of monitoring service carries out template and threatens monitoring, while must be in conjunction with the close true mould for being stored in the monitoring service of template honey jar
Board parameter derives from biological public private key pair to restore biological secret key in turn.
3. biological secret key intelligent code key according to claim 1, it is characterised in that: biological template is disclosed joins with template
Number is close to be deposited, in template registration and certificate issuance stage, biological secret key processing module, based on the thin of physical characteristics collecting module output
Node biological information binds biological secret key and generates biological template and template parameter, and passes through the close of intelligent code key
Key security module and application service interface, are transmitted to digital certificate management system for biological template, in digital certificate based on number
Word certificate extensions carry out disclosure;And the template parameter of biological secret key processing module output, then it is encrypting storing in standalone version
The template honey jar of the only intranet security of template honey jar monitoring modular or network edition access monitors service.
4. biological secret key intelligent code key according to claim 1, it is characterised in that: intelligent code key public private key pair
Real-time recovery, standalone version or network edition biological secret key intelligent code key do not generate and do not store private key yet, but test in template
Card and private key signature stage, the living body finger print acquired in conjunction with physical characteristics collecting module are based on disclosed in digital certificate extension
Biological template and the close template parameter deposited is serviced in template honey jar monitoring modular or the monitoring of template honey jar, is handled by biological secret key
Module, real-time recovery biological secret key simultaneously derive from biological public private key pair, and export and service mould to the Encryption Algorithm of intelligent code key
Block uses, and destroys in time after use.
5. biological secret key intelligent code key according to claim 1, it is characterised in that: template threatens monitoring to join with template
Number is fetched, in template verifying and private key signature stage, biological secret key processing module, from the terminal intelligent cipher key of standalone version or
The creature certificate Digital signature service of the network edition obtains the user's signature certificate comprising template set, adopts in conjunction with physical characteristics collecting module
The living body finger print of collection carries out template and threatens monitoring, only passes through inspection in template honey jar monitoring modular or the monitoring service of template honey jar
The close template parameter deposited could be returned when survey safely and gives biological secret key processing module, and then restores and derives biological public private key pair
It is used to the Encryption Algorithm service module of intelligent code key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610876763.1A CN106452746B (en) | 2016-09-28 | 2016-09-28 | A kind of biological secret key intelligent code key with security threat monitoring capability |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610876763.1A CN106452746B (en) | 2016-09-28 | 2016-09-28 | A kind of biological secret key intelligent code key with security threat monitoring capability |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106452746A CN106452746A (en) | 2017-02-22 |
CN106452746B true CN106452746B (en) | 2019-05-17 |
Family
ID=58173235
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610876763.1A Expired - Fee Related CN106452746B (en) | 2016-09-28 | 2016-09-28 | A kind of biological secret key intelligent code key with security threat monitoring capability |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106452746B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107819571A (en) * | 2017-09-29 | 2018-03-20 | 广东中科南海岸车联网技术有限公司 | The generation method and device of private key |
CN110460580B (en) * | 2019-07-11 | 2022-02-22 | 中国银联股份有限公司 | Image acquisition device, server and encryption and decryption methods |
CN111490879A (en) * | 2020-04-13 | 2020-08-04 | 山东确信信息产业股份有限公司 | Digital certificate generation method and system based on biological characteristics |
CN114143082B (en) * | 2021-11-30 | 2023-10-13 | 北京天融信网络安全技术有限公司 | Encryption communication method, system and device |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101282217A (en) * | 2007-04-05 | 2008-10-08 | 华为技术有限公司 | Method, apparatus and system for protecting biological attribute data |
CN103873254A (en) * | 2014-03-03 | 2014-06-18 | 杭州电子科技大学 | Method for generating human vocal print biometric key |
US8965066B1 (en) * | 2013-09-16 | 2015-02-24 | Eye Verify LLC | Biometric template security and key generation |
-
2016
- 2016-09-28 CN CN201610876763.1A patent/CN106452746B/en not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101282217A (en) * | 2007-04-05 | 2008-10-08 | 华为技术有限公司 | Method, apparatus and system for protecting biological attribute data |
US8965066B1 (en) * | 2013-09-16 | 2015-02-24 | Eye Verify LLC | Biometric template security and key generation |
CN104823203A (en) * | 2013-09-16 | 2015-08-05 | 眼验有限责任公司 | Biometric template security and key generation |
CN103873254A (en) * | 2014-03-03 | 2014-06-18 | 杭州电子科技大学 | Method for generating human vocal print biometric key |
Non-Patent Citations (3)
Title |
---|
"基于指纹识别与智能卡的身份认证系统设计";宁璇;《中国优秀硕士学位论文全文数据库信息科技辑》;20100315;第I140-206页第四章 |
"生物特征与密码技术的融合-一种新的安全身份认证方案";张宁等;《密码学报》;20150415;第2卷(第2期);全文 |
"生物特征模板保护";李鹏等;《软件学报》;20090615;第20卷(第6期);全文 |
Also Published As
Publication number | Publication date |
---|---|
CN106452746A (en) | 2017-02-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103679436B (en) | A kind of electronic contract security system and method based on biological information identification | |
CN106452746B (en) | A kind of biological secret key intelligent code key with security threat monitoring capability | |
EP2053777B1 (en) | A certification method, system, and device | |
Joshi et al. | Security vulnerabilities against fingerprint biometric system | |
US20030115475A1 (en) | Biometrically enhanced digital certificates and system and method for making and using | |
EP2087641B1 (en) | Fuzzy biometrics based signatures | |
WO2003007527A2 (en) | Biometrically enhanced digital certificates and system and method for making and using | |
WO2003077082A2 (en) | A biometric authentication system and method | |
CN101478541A (en) | Living creature characteristic authentication method, living creature characteristic authentication system | |
Cavoukian et al. | Advances in biometric encryption: Taking privacy by design from academic research to deployment | |
CN107294943A (en) | A kind of biometric templates guard method with security threat monitoring capability | |
Feng et al. | Research on mobile commerce payment management based on the face biometric authentication | |
Singh et al. | Blockchain technology in biometric database system | |
Moon et al. | Fuzzy fingerprint vault using multiple polynomials | |
Velciu et al. | Bio-cryptographic authentication in cloud storage sharing | |
Kumar et al. | Blockchain and Internet of Things (IoT) Enabled Smart E-Voting System | |
CN113205345A (en) | Agricultural product certificate tracing system based on Ether house block chain technology and tracing method thereof | |
Cavoukian et al. | Keynote paper: Biometric encryption: Technology for strong authentication, security and privacy | |
CN101127592A (en) | A biological template registration method and system | |
Chen et al. | Design of a secure medical data sharing system via an authorized mechanism | |
Voderhobli et al. | A schema for cryptographic keys generation using hybrid biometrics | |
Smejkal et al. | Strong authentication using dynamic biometric signature | |
Ren et al. | Security analysis of delegable and proxy provable data possession in public cloud storage | |
Ma et al. | Electronic contract ledger system based on blockchain technology | |
Ren et al. | Analysis of delegable and proxy provable data possession for cloud storage |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20190517 Termination date: 20200928 |