CN107634941A - A kind of multiple-factor authentication method based on Intelligent bracelet - Google Patents
A kind of multiple-factor authentication method based on Intelligent bracelet Download PDFInfo
- Publication number
- CN107634941A CN107634941A CN201710786500.6A CN201710786500A CN107634941A CN 107634941 A CN107634941 A CN 107634941A CN 201710786500 A CN201710786500 A CN 201710786500A CN 107634941 A CN107634941 A CN 107634941A
- Authority
- CN
- China
- Prior art keywords
- user
- intelligent bracelet
- information
- certificate server
- mobile phone
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a kind of multiple-factor authentication method based on Intelligent bracelet, Intelligent bracelet end gathers the body temperature of user, heart rate and wave arm characteristic information, generation template is simultaneously stored in Intelligent bracelet end, pass through bluetooth connection mobile phone, communicated with mobile phone terminal APP, by Intelligent bracelet end hardware information, and the relevant information of user's registration is stored in certificate server, complete user's registration, in the login process of user, the body temperature of Intelligent bracelet end collection user and heart rate and wave arm characteristic information, the biological information of user is authenticated in local, authentication result is sent to certificate server, complete login authentication process.The present invention enhances the security of certification, while the compatible existing authentication mode based on password by way of being combined based on Intelligent hardware and living things feature recognition.
Description
Technical field
The invention belongs to communication technical field, and in particular to a kind of multiple-factor authentication method based on Intelligent bracelet.
Background technology
With the rapid development of information technology, network has become part indispensable in people's life.Internet is just
This our life style is being altered in steps:Tele-medicine, Web bank, long-distance education, ecommerce, instant messaging etc. are various
The network service of various kinds is gradually dissolved into our work and study.Network service is efficiently convenient, and cost is cheap, hardly
Influenceed by objective factors such as time, region, weather, distance, landform, therefore obtained going deep into extensively in our life
Development, an and indispensable part in being lived as us.But as various network services greatly change
It is virtual due to its height while being apt to our life, also make us by various security threats.Virus is attacked
Hit, the appearance of the network security problem such as remote control, fishing website, network fraud brings huge puzzlement to our life
And very serious loss is economically caused, the progress and development of social civilization is more severely impacted, or even bring to country
Great security threat.So while gradually development in internet, network security problem is also the most important thing of development, and body
Basis of part authentication techniques as whole network safe practice framework, more should sufficiently be paid attention to, just so with letter
The continuous development of safety theory is ceased, identity identifying technology is also developing progressively as an important field of research.
Identity identifying technology be in a computer network for confirm operator's identity process and caused solution method.Meter
Identity information of all information including user is all represented with one group of specific data in calculation machine network world, and computer is only
The digital identity of user, all mandates to user and the mandate for number identity can be identified.How to ensure with number
The operator that body part is operated is exactly this digital identity lawful owner, that is to say, that ensures the physical identity of operator
Corresponding with digital identity, identity identifying technology is exactly first of pass as protected network assets in order to solve this problem
Mouthful, authentication plays the role of very important.
In view of the importance of identity identifying technology, therefore with the development that deepens continuously of internet, identity identifying technology
Gradually by extensively should be in various fields.The important departments such as Web bank, ecommerce, enterprise staff system, government are all right
The sensitivity of the identity information of participant extremely, and identity identifying technology is exactly first of screen for ensureing that participant identification information is legal
Barrier.In addition, before some important instant messagings or file transmission are carried out, we are also required to confirm communication participant
Identity.However, with the continuous development of information technology, the continuous change of application scenarios, certain specific identity identifying technology
The demand for security under different scenes can not have been met.At the same time, the continuous development of cryptography, cryptanalysis and now
The continuous development of Computing ability, once unbreakable identity identifying technology was in face of the attack meanses to emerge in an endless stream
Expose increasing security risk.So in face of fast changing network environment and security challenge with rapid changepl. never-ending changes and improvements, identity
Authentication techniques, which also must constantly be improved to improve, could provide more preferable security protection.
In recent years, smart mobile phone relies on its unique advantage, and the mobile phone market of whole has almost been captured between a few years.And
At the same time, the deep development of radio network technique, people are made to be no longer limited by utilizing wireline equipment logging in network.Mobile interchange
Net gradually rises, and people can access network whenever and wherever possible and complete related service, obtains network information, instant messaging, hands over immediately
Easily etc., everything brings great convenience to the life study of people.But in this emerging field, applied to conventional internet
Identity identifying technology be but difficult to the demand for security for meeting flexible and changeable mobile Internet.And in this field of mobile Internet
In equipment coverage rate in people live is high based on mobile intelligent terminal, how to make full use of mobile terminal device to complete
The online authentication of mobile interchange also turns into the hot issue of identity identifying technology research.
The content of the invention
In view of the above-mentioned deficiencies in the prior art, the technical problem to be solved by the present invention is that provide a kind of based on intelligence
The multiple-factor authentication method of bracelet, authentication can be made relatively reliable, while can be cost-effective.
The present invention uses following technical scheme:
A kind of multiple-factor authentication method based on Intelligent bracelet, including Intelligent bracelet end, mobile phone terminal APP, to user send
Authentication information be authenticated processing certificate server and the log-on message for being filled in during storing user's registered database
Server, Intelligent bracelet end is used to be acquired user biological feature and certification, and authentication result is sent into mobile phone terminal
APP, mobile phone terminal APP are used for certificate server and Intelligent bracelet end is communicated, and are responsible for terminate what is be subject to from Intelligent bracelet
User authentication information is sent to certificate server and carries out further certification, and Intelligent bracelet end is entered with mobile phone terminal APP by bluetooth
Row communication, information is transmitted between mobile phone terminal APP and certificate server by tls protocol;
Using Intelligent bracelet end as multiple-factor, gather the body temperature of user, heart rate and wave arm characteristic information, generate mould
Plate, Template Information is stored in Intelligent bracelet end, communicated by bluetooth with mobile phone terminal APP, by the hardware information at Intelligent bracelet end,
And the relevant information of user's registration is stored in certificate server, user's registration is completed;
The Intelligent bracelet end collection body temperature of user, heart rate and arm characteristic information is waved, the biological characteristic in local to user
Information is authenticated, and authentication result is sent into certificate server, completes login authentication process.
Preferably, during user's registration, user starts mobile phone terminal APP first, then with traditional based on password
Login mode carry out register, if user is current to register for the first time, then user can also select not use user
The logon mode of name-password, or selection both of which are registered;After user's Successful login certificate server, open
Begin to carry out user the registration of the multiple-factor authentication mode based on Intelligent bracelet, it is specific as follows the step of user's registration:
S1, mobile phone terminal APP receive the login request message of certificate server transmission and are sent to connection by bluetooth
Intelligent bracelet end;
S2, Intelligent bracelet termination receive registration request, the request of triggering user profile collection, collection user biological spy
Reference ceases, and generates biometric templates, and the information gathering request that user prompts according to mobile phone terminal APP is made corresponding respond and moved
Make, complete user profile collection;
S3, Intelligent bracelet end group will be used in current template generation user's registration response message by mobile phone terminal APP
Family registration reply message is sent to certificate server;
The user's registration response that S4, certificate server checking receive, and return to registering result.
Preferably, step S1 is specially:
It is the application that can be interacted with Intelligent bracelet end and certificate server that S101, user, which run mobile phone terminal APP, APP,
An either particular module of some application;
S102, user select the login mode of traditional user name-password, and input user takes in the certification of application side before
The user name and password of business device registration;
S103, certificate server call the specific API of database server, inquire about the password of currently logged on user;
S104, database server return to the password of currently logged on user;
S105, certificate server examine user to log in, and user's registration in the password and database of user's input is inputted
Password is compared, and is then back to user's login result;
After S106, user's Successful login, the registration based on Intelligent bracelet multiple-factor certification, certificate server are proceeded by
Initiate the registration request RegRequest based on Intelligent bracelet;
After S107, mobile phone terminal APP receive registration request, Intelligent bracelet end is connected, and send just to Intelligent bracelet end
The request of beginningization registration.
Preferably, step S2 is specially:
S201, Intelligent bracelet end measure the temperature data t of user by body temperature transducer, the use surveyed by heart rate sensor
The heart rate data m at family, waving for user is obtained during user wave arm by three axle acceleration sensors in Intelligent bracelet
Arm information data;
S202, taken multiple measurements for body temperature and heart rate data and average to obtain a steady state value as characteristic value,
For waving arm characteristic value, the acceleration information that sensor is obtained is ranked up processing, is obtained by 3-axis acceleration sensor
The vector acceleration of tri- change in coordinate axis direction of X, Y, Z, sequence obtain the acceleration magnitude of two points, and once complete swing arm obtains process
W [i], (i=1,2..6) are designated as to an one-dimension array;
S203, body temperature and heart rate to user measured within a hour every 10 minutes, then with a hour
Time, 6 body temperature numerical value and HR values are respectively obtained, by averaging to obtain the temperature masterplate data in this section
T and heart rate template data M, finds out maximum and minimum value respectively, and difference is designated as into Temperature Matching with reference to factor T' and heart rate mould
Plate reference factor M ';
User completes to wave arm action for 5 times according to prompting, obtains waving arm feature masterplate and is designated as W [j] (j=1,2...6), by w
[i] and Wi[j] carries out asking variance computing, and the data of maximum are taken out as the reference factor W' for waving arm feature.
Preferably, step S3 is specially:
S301, Intelligent bracelet end according to user name username, current temporal information timestamp, Intelligent bracelet
Hardware information hardware processing;
S302, the public private key pair for generating user, the private key of user is stored in the secure memory space at Intelligent bracelet end,
The public key of user is added in registration reply message, and with private key to current username, timestamp, hardware,
And conversation message SeesionMessage signatures;
S303, composition registration reply message RegResponse, are sent to mobile phone terminal APP;
The response message includes:Intelligent bracelet waves arm feature according to the body temperature of the user currently collected, heart rate, one group
Data and current time are encoded, and are then based on the public private key pair of this generation user;
The registration response message RegResponse that S304, Intelligent bracelet end return to user to mobile phone terminal APP includes user's
The relevant information of public key and Intelligent bracelet equipment;
After S305, mobile phone terminal APP receive RegResponse, certificate server is directly forwarded to.
Preferably, step S4 is specifically included:
After S401, certificate server receive user's registration response message RegResponse, the public key verifications of user are taken out
Signature is verified to the registration reply message of user;
Verify that the checking registration reply message includes:The hardware information hardware of Intelligent bracelet, user name
Username, session information SesionMessage, and signature Signdata and use by private key for user to these information
Family public key;
S402, certificate server register customers as information, client public key, Intelligent bracelet facility information, are stored in database
In;
S403, certificate server return to registering result to mobile phone terminal APP.
Preferably, during user logs in, user starts mobile phone terminal APP, specific as follows the step of login authentication:
S5, logging request of the certificate server generation based on Intelligent bracelet, are sent to mobile phone terminal APP, mobile phone terminal APP connections
Intelligent bracelet end sends logging request;
S6, Intelligent bracelet termination receive authentication request message, call the user biological characteristic information of sensor collection;
S7, the Intelligent bracelet end compare the biological information collected with the biometric templates preserved;Institute
Stating comparison process includes:User's heart rate aspect ratio is to, body temperature aspect ratio pair and waves arm aspect ratio pair, enters line to comparison result
Property combination, synthesis draw final authentication result;
S8, certificate server authentication verification response message, and return authentication result.
Preferably, step S6 is specially:
S601, verification process information gathering, Intelligent bracelet end call body temperature transducer to obtain body temperature, and heart rate sensor is surveyed
Heart rate, call acceleration transducer, and prompt user's action for once being waved arm, sensor measures wave arm during
Acceleration information information;
S602, using it is above-mentioned measure temperature data t, heart rate data m average to obtain respectively a steady state value as body temperature,
The characteristic value of heart rate, by acceleration transducer data measured, obtain swing arm characteristic W [j] (j=1,2...6).
Preferably, step S7 is specially:
S701、ρMarkThe matching attribute drawn according to volume test is represented, if comprehensive matching degree ρ meets ρ
> ρMark, certification is by the way that otherwise certification is by the way that comprehensive matching degree ρ is:
ρ=ρBody*α+ρHeart rate*β+ρWave*Y
Wherein, alpha+beta+Y=1, ρBodyRepresent body temperature matching degree, ρHeart rateRepresent heart rate matching degree, ρWaveArm characteristic matching is waved in expression
Degree;
If S702, comparison pass through, by login authentication session information SeionMessage, the username of user, intelligence
Bracelet facility information hardware is added in authentication response message AuthResponse, while takes out user from Intelligent bracelet end
Private key is signed to it, is then added in AuthResponse and is generated authentication response message;
The authentication response message of generation includes:Login authentication session information SesionMessage, user name
Username, Intelligent bracelet device hardware information hardware, and the signature SignData of these information;
User authentication information AuthResponse is sent to mobile phone terminal APP by S703, Intelligent bracelet end by bluetooth;
The Intelligent bracelet received is sent authentication response message by S704, mobile phone terminal APP, it is not necessary to is done any processing, is turned
Issue certificate server.
Preferably, step S8 is specially:
After S801, certificate server receive authentication response message AuthResponse, inquire about user's from database
Public key and Intelligent bracelet facility information;
S802, database server return to the information of the Intelligent bracelet equipment of the client public key and registration;
S803, certificate server are verified to the registration reply message of user, and certificate server is tested by client public key
Demonstrate,prove log-on message and Intelligent bracelet facility information;
User authentication result is sent to mobile phone terminal APP by S804, certificate server.
Compared with prior art, the present invention at least has the advantages that:
Multiple-factor authentication method of the invention based on Intelligent bracelet, using Intelligent bracelet end, mobile phone terminal APP, authentication service
Device and database server realize the registering and logging of multiple-factor authentication method, and Intelligent bracelet end is responsible for receiving mobile phone terminal APP hairs
The certification sent and registration request, and the biological information of user is gathered, mainly including body temperature, heart rate, and wave the spy of arm
Reference ceases, while completes the establishment and authentication registration operation to biometric templates.From body temperature, heart rate and wave arm feature
Collection, be primarily due to for user, this three is easily to measure, and body temperature information it is more constant and everyone again
There is certain difference, heart rate information is all often that different people have a relatively stable fluctuation model in different motion states
Enclose, although wave arm feature waves that arm is all different every time, be in order at personal habits and the length and body make-up of arm
Acted on Deng many-side, can be in a relatively stable scope for each user;Mobile phone terminal APP is responsible for taking with certification
Business device and the communication at Intelligent bracelet end, it is responsible for the user authentication information received from Intelligent bracelet termination being sent to authentication service
Device carries out further certification, and Intelligent bracelet end is communicated with mobile phone terminal APP by bluetooth, low due to the version of bluetooth 4.0
Power consumption characteristics, Intelligent worn device currently on the market is essentially all to be communicated by bluetooth;Mobile phone terminal APP takes with certification
Be engaged between device transmitting information by tls protocol, TLS be a safe transmission layer protocol be used to ensureing two communication application programs it
Between data security and integrality.Certificate server be used for be responsible for generation and checking user's registration and certification log messages and
With mobile phone terminal APP secure communication.Database server is used for the information of storing user's registered.User is designed as by such
One is provided without password, the identity verification scheme that security performance is high, easy to use and privacy is good.
Further, during user's registration, user starts mobile phone terminal APP first, then with traditional based on password
Login mode, if user is current to register for the first time, then user can also select not using the registration of user name-password
Both mode, or selection are registered;After user's Successful login certificate server, start that user is carried out to be based on intelligence
The registration of the multiple-factor authentication mode of energy bracelet, the compatible traditional Login Register mode based on password of registration engineering,
Intelligent bracelet end is authenticated by gathering the biological information of user to user, facilitates easy-to-use and security performance high.
Further, the biological characteristic of Intelligent bracelet collection user mainly includes body temperature, heart rate and waves arm feature, is all
It is a little to be easy to the information of measurement, and can change for each user inside a specific scope, and each use
Family is again different, can be to recognize each user by the collection and processing to data.
Further, registration reply message of the Intelligent bracelet based on current template generation user, by the biology of user
Feature templates are stored in the trusted storage region of Intelligent bracelet, again can safely just while protecting the private data of user
Prompt is authenticated to user identity.
Further, after the certificate server receives user's registration response RegResponse, the public key of user is passed through
To verify the signature of user's registration information, so that it is guaranteed that the integrality and authenticity of user's registration information, are registered customers as simultaneously
Information is stored in database, so as to the authentication operation after user, while the registering result of user is returned, is notified user to note
Volume success.
Further, in the process of user login, mobile phone terminal APP sends logging request to Intelligent bracelet, Intelligent bracelet
User biological characteristic information and template matching are gathered, generation login response message AuthResponse is sent to certificate server,
User is completed to log in.The compatible traditional login mode based on password of the process, while if user's selection is based on intelligent hand
The multiple-factor login mode of ring, will be significantly simpler easy-to-use, and user need not remember cumbersome password, while also without especially multiple
Miscellaneous action, security performance are also greatly improved.
Further, in the login process with the comparison process of biometric templates, Intelligent bracelet collection user
Body temperature, heart rate and arm information is waved, while according to described data handling procedure and comparison process, carried out for comparing result
Linear combination synthesis draws final authentication result.It is just corresponding with the template of Intelligent bracelet to gather above-mentioned biological information,
Linear process is carried out according to the proportion shared by each several part draw authentication result to integrate simultaneously, rather than must by the single factor
Go out authentication result, accuracy rate is higher.
In summary, the multiple-factor authentication method of the present invention based on Intelligent bracelet, by gathering user's body temperature, heart rate
And arm characteristic information is waved, integrated treatment is carried out to these information, so as to complete the certification of user.The present invention provides the user one
Individual no password, the identity verification scheme that security performance is high, easy to use and privacy is good, at the same it is again compatible it is traditional based on
The authentication mode of password, in terms of privacy of user data are protected, in addition, the present invention is designed the biological attribute data of user
Intelligent bracelet end is stored in, privacy of user does not go out equipment, greatly protects the private data of user.
Below by drawings and examples, technical scheme is described in further detail.
Brief description of the drawings
Fig. 1 is authentication framework schematic diagram of the present invention;
Fig. 2 is register flow path figure of the present invention;
Fig. 3 is Intelligent bracelet identifying procedure figure of the present invention.
Embodiment
Referring to Fig. 1, a kind of design architecture of the multiple-factor authentication method based on Intelligent bracelet of the present invention mainly includes four
Part, Intelligent bracelet end, mobile phone terminal APP, certificate server and database server.Wherein, certificate server is realized to user
The authentication information of transmission is authenticated handling;Database server is used for the log-on message filled in when storing user's registered;Hand
The specific APP of generator terminal is responsible for the communication with certificate server and Intelligent bracelet end, is responsible for the use being subject to from Intelligent bracelet termination
Family authentication information is sent to certificate server and carries out further certification, and Intelligent bracelet is led to mobile phone terminal APP by bluetooth
Letter, information is transmitted between mobile phone terminal and certificate server by tls protocol.It is responsible for carrying out user biological feature in Intelligent bracelet end
Collection and certification, and authentication result is sent to mobile phone terminal APP.
Multiple-factor authentication method of the invention based on Intelligent bracelet, including registering and logging two parts;
Wherein, referring to Fig. 2, during user's registration, user starts the specific APP, Ran Houyong of mobile phone terminal first
Traditional login mode based on password, this is done to compatible existing traditional login.If user is current first
Secondary registration, then user can also be selected not using the logon mode of user name-password, or both selection is registered.
After user's Successful login certificate server, start to carry out user the note of the multiple-factor authentication mode based on Intelligent bracelet
Volume, it is specific as follows the step of registration part:
S1, mobile phone terminal APP receive the login request message of certificate server transmission and are sent to connection by bluetooth
Intelligent bracelet;
S101, user run mobile phone terminal APP, and what APP referred to interact with Intelligent bracelet and certificate server answers
With a particular module of either some application;
S102, user select the login mode of traditional user name-password, and input user takes in the certification of application side before
The user name and password of business device registration;
S103, certificate server call the specific API of database server, inquire about the password of currently logged on user;
S104, database server return to the password of currently logged on user;
S105, certificate server examine user to log in, and user's registration in the password and database of user's input is inputted
Password is compared, and is then back to user's login result;
After S106, user's Successful login, the registration based on Intelligent bracelet multiple-factor certification, certificate server are proceeded by
Initiate the registration request RegRequest based on Intelligent bracelet;
After S107, mobile phone terminal APP receive registration request, Intelligent bracelet end is connected, and send just to Intelligent bracelet end
The request of beginningization registration;
S2, Intelligent bracelet termination receive registration request, the request of triggering user profile collection, collection user biological spy
Reference is ceased, and generates biometric templates, and the information gathering that user prompts according to mobile phone terminal APP is asked, and makes corresponding response,
Complete user profile collection;
Wherein, biological information includes user's heart rate feature, body temperature feature and waves arm characteristic information;Generate character modules
Plate includes user's heart rate feature templates, body temperature feature templates and waves arm feature templates;
The step of creating biometric templates is as follows:
S201, Template Information collection:The certification at Intelligent bracelet end is mainly by the body temperature to user, heart rate, and wave arm
Characteristic carries out the process of comprehensive analysis certification.By body temperature transducer, we can measure the temperature data of user and be designated as
T, by heart rate sensor, the heart rate data for the user that we survey is designated as m.Arm information is waved for user, we pass through intelligent hand
Three axle acceleration sensors in ring obtain during user wave arm;
S202, feature extraction:Either the body temperature of user, heart rate data or we wave the acceleration obtained during arm
Value, be all to be changed inside certain scope, so we will be also handled these data, so as to obtain
Relatively stable characteristic, and then for creating feature masterplate.
For body temperature and heart rate data we can take multiple measurements the method averaged obtain one it is more constant
Value is used as characteristic value.For waving arm characteristic value, we make following analysis:
When user's swing arm is, we can mainly produce a larger acceleration at peak.So we are in user
During swing arm, the acceleration information that sensor is obtained is ranked up processing, passes through our meetings of 3-axis acceleration sensor
X is obtained, the vector acceleration of tri- change in coordinate axis direction of Y, Z, after this three groups of acceleration degree series are ranked up arrangement by we, is obtained
Maximin, that is, the two point acceleration magnitude, so process once complete swing arm we can obtain one
One-dimension array, that is, above-mentioned six values.This group of data are used as the data of user's swing arm feature by we, are designated as w
[i], (i=1,2..6).
S203, drawing template establishment:The establishment of template mainly includes carrying out masterplate construction to the data of this three aspect,
For the temperature data of user, because our body temperature within one day have certain change, but it is small at one
When it is interior typically do not have too big fluctuation, we measured the body temperature to user every 10 minutes, right the latter hour when
Between, we can obtain 6 body temperature numerical value, then by averaging to obtain the temperature masterplate data T in this section:
T=∑s ti(i=1,2...6)
Then we average the body temperature numerical value obtained in this hour, then write down being averaged in this section
Value is designated as t';By the time of one day, we can obtain the body temperature template of user and be designated as T, corresponding altogether including 24 numerical value
With time upper 24 sections.Then our maximizing and minimum values from this 24 numerical value, then records their difference
Be designated as T', as Temperature Matching with reference to the factor, behind need to use in verification process.
The establishment process of user's heart rate template is same as above, obtained heart rate template data we be designated as M;Heart rate template
Be designated as M' with reference to the factor.
The establishment for waving arm feature templates of user, Intelligent bracelet can prompt user to carry out waving arm and wave arm, and user is according to prompting
Complete complete 5 actions for waving arm.In waving each time in the arm cycle for user, track is a complete camber line, and most
We can respectively obtain the most value of different directions acceleration for high point and minimum point, and due to the difference in direction, one shares 6 acceleration
Angle value, W [j] (j=1,2...6) is designated as, then we will obtain 5 groups of data for waving arm feature, be designated as
Wi[j] (i=1,2..5, j=1,2...6)
Wave arm feature masterplate and be designated as W [j] (j=1,2...6), calculated with equation below:
Wherein, i represents to wave arm number, and j represents that waving arm every time arranges to obtain some point feature data;
Then by w [i] and Wi[j] carries out asking variance computing to obtain 5 variance data as follows, is designated as:
F [i] (i=1,2...5)
Then maximum data in F [i] (i=1,2...5) are taken out, W' is designated as with reference to the factor as wave arm feature;
W [j] (j=1,2...6) is as the template for waving arm feature simultaneously, and to this, our feature templates are created and finished.
S3, Intelligent bracelet are based on current template generation user's registration response message, and by mobile phone terminal APP by user
Registration reply message is sent to certificate server;
Because the acquisition time of Template Information is long, so Intelligent bracelet can be raw during user profile is gathered
Into registration reply message RegResponse, and without waiting for all user biological characteristic information collections and complete.
S301, Intelligent bracelet are according to user name username, current temporal information timestamp, Intelligent bracelet it is hard
These information are handled by part information hardware;
S302, the public private key pair based on this generation user, the secure memory that the private key of user is stored in Intelligent bracelet are empty
Between in, the public key of user is added in registration reply message, and with private key to current username, timestamp,
Hardware, and conversation message SesionMessage signatures;
S303, composition registration reply message RegResponse, are sent to mobile phone terminal APP;
The response message includes:Intelligent bracelet waves arm feature according to the body temperature of the user currently collected, heart rate, one group
Data and current time are encoded, and are then based on the public private key pair of this generation user;
S304, Intelligent bracelet returned to mobile phone terminal APP the log-on message RegSponse including user of user public key and
The relevant information of Intelligent bracelet equipment;
After S305, mobile phone terminal APP receive RegResponse, any processing is not made to registration reply message substantially,
It is directly forwarded to certificate server;
S4, certificate server checking registration reply message, and return to registering result;
After S401, certificate server receive user's registration response message RegResponse, the public key verifications of user are taken out
Signature is verified to the registration reply message of user;
Verify that the checking registration reply message includes:The hardware information hardware of Intelligent bracelet, user name
Username, session information SesionMessage, and signature SignData and use by private key for user to these information
Family public key;
S402, certificate server register customers as information, client public key, Intelligent bracelet facility information, are stored in database
In;
S403, certificate server return to registering result to mobile phone terminal APP;
Referring to Fig. 3, during user logs in, user starts mobile phone terminal APP first, for compatible existing tradition
Login, user can select to log in password logon or with Intelligent bracelet.Traditional login mode based on password is here
No longer describe in detail.But for some specific applications, it is necessary to higher peace during some laddering discriminatings
When full property, multiple-factor certification of the selection based on Intelligent bracelet may will be Qiang Zhiyaoqiud.The step of logging in part is specific such as
Under:
S5, the compatible existing login mode based on password select for user, and certificate server generation is based on Intelligent bracelet
Logging request, be sent to mobile phone terminal APP, mobile phone terminal APP connections Intelligent bracelet sends logging request;
S6, Intelligent bracelet receive authentication request message, call the biological information of related sensor collection user;
Intelligent bracelet triggering user biological characteristic information collection, the corresponding prompting that user provides according to Intelligent bracelet, makes
Corresponding response, complete user biological characteristic information collection;
S601, information gathering:The information gathering of verification process, information gathering is obtained during being created with masterplate presented hereinbefore
Almost, Intelligent bracelet calls body temperature transducer to obtain body temperature now, calls heart rate sensor to measure now heart rate, calls and adds
Velocity sensor, and prompt user's action for once being waved arm, sensor measure the data for waving the acceleration during arm
Information;
S602, feature extraction:The above-mentioned temperature data that measures is designated as t, heart rate data will be measured and be designated as m, pass through acceleration
Sensor data measured, handled with above-mentioned identical method, obtain characteristic W [j] (j=1,2...6);
S7, the Intelligent bracelet compare the biological information collected with the biometric templates preserved;It is described
Comparison process includes:The comparison of user's heart rate feature, the comparison of body temperature feature and the comparison for waving arm feature, and battle array is to this
A little comparing results carry out linear combination, and synthesis draws final authentication result;
S701, template contrast:Template contrast makes an extremely important step, this step in whole verification process directly to determine
Whether user can be by certification, and by the analysis of lot of experimental data, this template contrast processing procedure makes following analysis:
First, carry out body temperature contrast, we obtain the temperature T in this section of time interval from body temperature template, reference because
Sub- T', body temperature matching degree ρBodyCalculated with equation below:
Same method obtains heart rate template M in this section of interval time from body temperature template, with reference to factor M ', calculate heart rate
Matching degree ρHeart rate:
The processing of arm feature is waved with above-mentioned slightly different, first from wave in arm feature templates take out W [j] (j=1,
2...6), with reference to factor W', the matching degree that arm feature is waved in calculating is as follows:
First calculate that this waves arm and the variance W of template data is as follows:
Then calculate and wave arm characteristic matching degree ρWave:
Finally obtain comprehensive matching degree ρ:
ρ=ρBody*α+ρHeart rate*β+ρWave*Y
Alpha+beta+Y=1
Finally think only ρ > ρMark, ρMarkThe matching attribute drawn according to volume test is represented, even if certification
By the way that otherwise certification does not pass through;
If S702, comparison pass through, by login authentication session information SeionMessage, the username of user, intelligence
Bracelet facility information hardware is added in authentication response message AuthResponse, while it is private that user is taken out in Intelligent bracelet
Key is signed to it, is then also added in AuthResponse and is generated authentication response message;
The authentication response message of generation includes:Login authentication session information SesionMessage, user name
Username, Intelligent bracelet device hardware information hardware, and the signature SignData of these information;
User authentication information AuthResponse is sent to mobile phone terminal spy APP by S703, Intelligent bracelet by bluetooth.
The Intelligent bracelet received is sent authentication response message by the specific APP of S704, mobile phone terminal, it is not necessary to does any place
Reason, is transmitted to certificate server;
S8, certificate server authentication verification response message, and return authentication result.
After S801, certificate server receive authentication response message AuthResponse, inquire about user's from database
Public key and Intelligent bracelet facility information;
S802, database server return to the information of the Intelligent bracelet equipment of the client public key and registration;
S803, certificate server are verified to the registration reply message of user, and certificate server is tested by client public key
Demonstrate,prove log-on message and Intelligent bracelet facility information;
User authentication result is sent to mobile phone terminal APP by S804, certificate server.
The multiple-factor of the present invention is Intelligent bracelet, and the biological information of the user collected by Intelligent bracelet,
The main heart rate feature including user, body temperature feature and wave arm feature.By based on Intelligent hardware and living things feature recognition knot
The mode of conjunction enhances the security of certification, while the compatible existing authentication mode based on password.
The technological thought of above content only to illustrate the invention, it is impossible to protection scope of the present invention is limited with this, it is every to press
According to technological thought proposed by the present invention, any change done on the basis of technical scheme, claims of the present invention is each fallen within
Protection domain within.
Claims (10)
1. a kind of multiple-factor authentication method based on Intelligent bracelet, it is characterised in that including Intelligent bracelet end, mobile phone terminal APP, right
The authentication information that user sends is authenticated the certificate server of processing and the log-on message for being filled in during storing user's registered
Database server, Intelligent bracelet end is used to be acquired user biological feature and certification, and authentication result is sent
Mobile phone terminal APP is given, mobile phone terminal APP is used for certificate server and Intelligent bracelet end is communicated, and being responsible for will be from Intelligent bracelet end
The user authentication information received is sent to certificate server and carries out further certification, and Intelligent bracelet end leads to mobile phone terminal APP
Cross bluetooth to be communicated, information is transmitted by tls protocol between mobile phone terminal APP and certificate server;
Using Intelligent bracelet end as multiple-factor, gather the body temperature of user, heart rate and wave arm characteristic information, generate template, will
Template Information is stored in Intelligent bracelet end, is communicated by bluetooth with mobile phone terminal APP, by the hardware information at Intelligent bracelet end, and
The relevant information of user's registration is stored in certificate server, completes user's registration;
The Intelligent bracelet end collection body temperature of user, heart rate and arm characteristic information is waved, the biological information in local to user
It is authenticated, authentication result is sent to certificate server, completes login authentication process.
2. a kind of multiple-factor authentication method based on Intelligent bracelet according to claim 1, it is characterised in that noted in user
During volume, user starts mobile phone terminal APP first, then carries out register with traditional login mode based on password,
If user is current registration for the first time, then user can also select not using the logon mode of user name-password, Huo Zhexuan
Both of which is selected to be registered;After user's Successful login certificate server, start that user is carried out to be based on Intelligent bracelet
Multiple-factor authentication mode registration, it is specific as follows the step of user's registration:
S1, mobile phone terminal APP receive the login request message of certificate server transmission and the intelligence of connection are sent to by bluetooth
Can bracelet end;
S2, Intelligent bracelet termination receive registration request, the request of triggering user profile collection, collection user biological feature letter
Breath, and biometric templates are generated, corresponding response action is made in the information gathering request that user prompts according to mobile phone terminal APP,
Complete user profile collection;
S3, Intelligent bracelet end group note user in current template generation user's registration response message, and by mobile phone terminal APP
Volume response message is sent to certificate server;
The user's registration response that S4, certificate server checking receive, and return to registering result.
3. a kind of multiple-factor authentication method based on Intelligent bracelet according to claim 2, it is characterised in that step S1 has
Body is:
S101, user run mobile phone terminal APP, APP be the application that can be interacted with Intelligent bracelet end and certificate server or
It is a particular module of some application;
S102, user select the login mode of traditional user name-password, and input user is before in the certificate server of application side
The user name and password of registration;
S103, certificate server call the specific API of database server, inquire about the password of currently logged on user;
S104, database server return to the password of currently logged on user;
S105, certificate server examine user to log in, by the password that user's registration inputs in the password and database of user's input
It is compared, is then back to user's login result;
After S106, user's Successful login, the registration based on Intelligent bracelet multiple-factor certification is proceeded by, certificate server is initiated
Registration request RegRequest based on Intelligent bracelet;
After S107, mobile phone terminal APP receive registration request, Intelligent bracelet end is connected, and initialization is sent to Intelligent bracelet end
The request of registration.
4. a kind of multiple-factor authentication method based on Intelligent bracelet according to claim 2, it is characterised in that step S2 has
Body is:
S201, Intelligent bracelet end measure the temperature data t of user by body temperature transducer, the user's surveyed by heart rate sensor
Heart rate data m, the arm of waving for obtaining user during user wave arm by three axle acceleration sensors in Intelligent bracelet are believed
Cease data;
S202, taken multiple measurements for body temperature and heart rate data and average to obtain a steady state value as characteristic value, for
Arm characteristic value is waved, the acceleration information that sensor is obtained is ranked up processing, and X, Y, Z are obtained by 3-axis acceleration sensor
The vector acceleration of three change in coordinate axis direction, sequence obtain the acceleration magnitude of two points, and once complete swing arm obtains one to process
Individual one-dimension array is designated as w [i], (i=1,2..6);
S203, body temperature and heart rate to user measured within a hour every 10 minutes, then with hour when
Between, respectively obtain 6 body temperature numerical value and HR values, by average to obtain the temperature masterplate data T in this section and
Heart rate template data M, finds out maximum and minimum value respectively, and difference is designated as into Temperature Matching joins with reference to factor T' and heart rate template
According to factor M ';
User completes to wave arm action for 5 times according to prompting, obtains waving arm feature masterplate and is designated as W [j] (j=1,2...6), by w [i] with
Wi[j] carries out asking variance computing, and the data of maximum are taken out as the reference factor W' for waving arm feature.
5. a kind of multiple-factor authentication method based on Intelligent bracelet according to claim 2, it is characterised in that step S3 has
Body is:
S301, Intelligent bracelet end are according to user name username, current temporal information timestamp, the hardware of Intelligent bracelet
Information hardware processing;
S302, the public private key pair for generating user, the private key of user are stored in the secure memory space at Intelligent bracelet end, user
Public key be added in registration reply message, and with private key to current username, timestamp, hardware, and
Conversation message SeesionMessage signs;
S303, composition registration reply message RegResponse, are sent to mobile phone terminal APP;
The response message includes:Intelligent bracelet waves arm characteristic according to the body temperature of the user currently collected, heart rate, one group
According to and the current time encoded, be then based on this generation user public private key pair;
S304, Intelligent bracelet end include the public key of user to the registration response message RegResponse of mobile phone terminal APP return users
And the relevant information of Intelligent bracelet equipment;
After S305, mobile phone terminal APP receive RegResponse, certificate server is directly forwarded to.
6. a kind of multiple-factor authentication method based on Intelligent bracelet according to claim 2, it is characterised in that step S4 has
Body includes:
After S401, certificate server receive user's registration response message RegResponse, take out the public key verifications of user to
The registration reply message checking signature at family;
Verify that the checking registration reply message includes:The hardware information hardware of Intelligent bracelet, user name username, meeting
Talk about information SesionMessage, and signature Signdata and client public key by private key for user to these information;
S402, certificate server register customers as information, client public key, Intelligent bracelet facility information, are stored in database;
S403, certificate server return to registering result to mobile phone terminal APP.
7. a kind of multiple-factor authentication method based on Intelligent bracelet according to claim 1, it is characterised in that stepped in user
During record, user starts mobile phone terminal APP, specific as follows the step of login authentication:
S5, logging request of the certificate server generation based on Intelligent bracelet, are sent to mobile phone terminal APP, mobile phone terminal APP connections intelligence
Bracelet end sends logging request;
S6, Intelligent bracelet termination receive authentication request message, call the user biological characteristic information of sensor collection;
S7, the Intelligent bracelet end compare the biological information collected with the biometric templates preserved;The ratio
Process is included:User's heart rate aspect ratio is to, body temperature aspect ratio pair and waves arm aspect ratio pair, and linear group is carried out to comparison result
Close, synthesis draws final authentication result;
S8, certificate server authentication verification response message, and return authentication result.
8. a kind of multiple-factor authentication method based on Intelligent bracelet according to claim 7, it is characterised in that step S6 has
Body is:
S601, verification process information gathering, Intelligent bracelet end call body temperature transducer to obtain body temperature, and heart rate sensor measures the heart
Rate, acceleration transducer is called, and prompt user's action for once being waved arm, sensor measures the acceleration waved during arm
Degrees of data information;
S602, using it is above-mentioned measure temperature data t, heart rate data m averages to obtain respectively a steady state value as body temperature, heart rate
Characteristic value, by acceleration transducer data measured, obtain swing arm characteristic W [j] (j=1,2...6).
9. a kind of multiple-factor authentication method based on Intelligent bracelet according to claim 7, it is characterised in that step S7 has
Body is:
S701、ρMarkThe matching attribute drawn according to volume test is represented, if comprehensive matching degree ρ meets ρ > ρMark,
Certification is by the way that otherwise certification is by the way that comprehensive matching degree ρ is:
ρ=ρBody*α+ρHeart rate*β+ρWave*Y
Wherein, alpha+beta+Y=1, ρBodyRepresent body temperature matching degree, ρHeart rateRepresent heart rate matching degree, ρWaveArm characteristic matching degree is waved in expression;
If S702, comparison pass through, by the login authentication session information SeionMessage of user, username, Intelligent bracelet
Facility information hardware is added in authentication response message AuthResponse, while takes out private key for user from Intelligent bracelet end
It is signed, is then added in AuthResponse and generates authentication response message;
The authentication response message of generation includes:Login authentication session information SesionMessage, user name username,
Intelligent bracelet device hardware information hardware, and the signature SignData of these information;
User authentication information AuthResponse is sent to mobile phone terminal APP by S703, Intelligent bracelet end by bluetooth;
The Intelligent bracelet received is sent authentication response message by S704, mobile phone terminal APP, it is not necessary to is done any processing, is transmitted to
Certificate server.
A kind of 10. multiple-factor authentication method based on Intelligent bracelet according to claim 7, it is characterised in that step S8
Specially:
After S801, certificate server receive authentication response message AuthResponse, the public key of user is inquired about from database
And Intelligent bracelet facility information;
S802, database server return to the information of the Intelligent bracelet equipment of the client public key and registration;
S803, certificate server are verified to the registration reply message of user, and certificate server is stepped on by user's public key verifications
Record information and Intelligent bracelet facility information;
User authentication result is sent to mobile phone terminal APP by S804, certificate server.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710786500.6A CN107634941A (en) | 2017-09-04 | 2017-09-04 | A kind of multiple-factor authentication method based on Intelligent bracelet |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710786500.6A CN107634941A (en) | 2017-09-04 | 2017-09-04 | A kind of multiple-factor authentication method based on Intelligent bracelet |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107634941A true CN107634941A (en) | 2018-01-26 |
Family
ID=61100364
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710786500.6A Pending CN107634941A (en) | 2017-09-04 | 2017-09-04 | A kind of multiple-factor authentication method based on Intelligent bracelet |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107634941A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108881297A (en) * | 2018-07-25 | 2018-11-23 | 上海皇和信息科技有限公司 | A kind of identification login system and login method |
CN109951437A (en) * | 2019-01-14 | 2019-06-28 | 平安科技(深圳)有限公司 | Safety certifying method, device and server based on recognition of face |
CN112738043A (en) * | 2020-12-22 | 2021-04-30 | 北京八分量信息科技有限公司 | Method, system and related product for carrying out legality authentication on user identity in big data system |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101567033A (en) * | 2009-06-03 | 2009-10-28 | 西北工业大学 | Biological authentication method for resisting privacy disclosure |
US20100033303A1 (en) * | 2008-08-09 | 2010-02-11 | Dugan Brian M | Systems and methods for providing biofeedback information to a cellular telephone and for using such information |
CN102149211A (en) * | 2010-02-04 | 2011-08-10 | 三星电子(中国)研发中心 | Data transmission method and device based on motion recognition |
CN105871867A (en) * | 2016-04-27 | 2016-08-17 | 腾讯科技(深圳)有限公司 | Identity authentication method, system and equipment |
CN106934262A (en) * | 2015-12-30 | 2017-07-07 | 阿里巴巴集团控股有限公司 | A kind of wearable device and its user authen method |
CN107103297A (en) * | 2017-04-20 | 2017-08-29 | 武汉理工大学 | Gait identification method and system based on mobile phone acceleration sensor |
-
2017
- 2017-09-04 CN CN201710786500.6A patent/CN107634941A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20100033303A1 (en) * | 2008-08-09 | 2010-02-11 | Dugan Brian M | Systems and methods for providing biofeedback information to a cellular telephone and for using such information |
CN101567033A (en) * | 2009-06-03 | 2009-10-28 | 西北工业大学 | Biological authentication method for resisting privacy disclosure |
CN102149211A (en) * | 2010-02-04 | 2011-08-10 | 三星电子(中国)研发中心 | Data transmission method and device based on motion recognition |
CN106934262A (en) * | 2015-12-30 | 2017-07-07 | 阿里巴巴集团控股有限公司 | A kind of wearable device and its user authen method |
CN105871867A (en) * | 2016-04-27 | 2016-08-17 | 腾讯科技(深圳)有限公司 | Identity authentication method, system and equipment |
CN107103297A (en) * | 2017-04-20 | 2017-08-29 | 武汉理工大学 | Gait identification method and system based on mobile phone acceleration sensor |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108881297A (en) * | 2018-07-25 | 2018-11-23 | 上海皇和信息科技有限公司 | A kind of identification login system and login method |
CN109951437A (en) * | 2019-01-14 | 2019-06-28 | 平安科技(深圳)有限公司 | Safety certifying method, device and server based on recognition of face |
CN112738043A (en) * | 2020-12-22 | 2021-04-30 | 北京八分量信息科技有限公司 | Method, system and related product for carrying out legality authentication on user identity in big data system |
CN112738043B (en) * | 2020-12-22 | 2023-06-27 | 北京八分量信息科技有限公司 | Method, system and related products for legality authentication of user identity in big data system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11101986B2 (en) | Authentication processing service | |
Yang et al. | Biometrics for internet-of-things security: A review | |
US11983964B2 (en) | Liveness detection | |
Chuang et al. | A lightweight continuous authentication protocol for the Internet of Things | |
Almulhim et al. | A lightweight and secure authentication scheme for IoT based e-health applications | |
Li et al. | An efficient user authentication and user anonymity scheme with provably security for IoT-based medical care system | |
Chen et al. | An anonymous mutual authenticated key agreement scheme for wearable sensors in wireless body area networks | |
JP7057283B2 (en) | Anti-replay system and method | |
Shin et al. | A lightweight three-factor authentication and key agreement scheme in wireless sensor networks for smart homes | |
Tan | A user anonymity preserving three-factor authentication scheme for telecare medicine information systems | |
Xiong et al. | A lightweight anonymous authentication protocol with perfect forward secrecy for wireless sensor networks | |
CN107113315A (en) | Identity authentication method, terminal and server | |
Chen et al. | LAP-IoHT: A lightweight authentication protocol for the internet of health things | |
CN108809659A (en) | Generation, verification method and system, the dynamic password system of dynamic password | |
Jivanadham et al. | Cloud Cognitive Authenticator (CCA): A public cloud computing authentication mechanism | |
Moon et al. | Improving biometric-based authentication schemes with smart card revocation/reissue for wireless sensor networks | |
Ali et al. | A secure and efficient multi-factor authentication algorithm for mobile money applications | |
CN107634941A (en) | A kind of multiple-factor authentication method based on Intelligent bracelet | |
Cheng et al. | Towards zero-trust security for the metaverse | |
CN103297237B (en) | Identity registration and authentication method, system, personal authentication apparatus and certificate server | |
CN107370601A (en) | A kind of intelligent terminal, system and method for integrating a variety of safety certifications | |
Liang et al. | Verifiable and secure svm classification for cloud-based health monitoring services | |
Ryu et al. | Privacy-preserving authentication protocol for wireless body area networks in healthcare applications | |
Zhao et al. | Secure and usable handshake based pairing for wrist-worn smart devices on different users | |
CN115333755A (en) | Multi-attribute identity authentication method based on continuous trust evaluation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180126 |