CN107634941A - A kind of multiple-factor authentication method based on Intelligent bracelet - Google Patents

A kind of multiple-factor authentication method based on Intelligent bracelet Download PDF

Info

Publication number
CN107634941A
CN107634941A CN201710786500.6A CN201710786500A CN107634941A CN 107634941 A CN107634941 A CN 107634941A CN 201710786500 A CN201710786500 A CN 201710786500A CN 107634941 A CN107634941 A CN 107634941A
Authority
CN
China
Prior art keywords
user
intelligent bracelet
information
certificate server
mobile phone
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710786500.6A
Other languages
Chinese (zh)
Inventor
杨力
张程辉
王佳雪
庞晓健
王焱济
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201710786500.6A priority Critical patent/CN107634941A/en
Publication of CN107634941A publication Critical patent/CN107634941A/en
Pending legal-status Critical Current

Links

Landscapes

  • Telephonic Communication Services (AREA)

Abstract

The invention discloses a kind of multiple-factor authentication method based on Intelligent bracelet, Intelligent bracelet end gathers the body temperature of user, heart rate and wave arm characteristic information, generation template is simultaneously stored in Intelligent bracelet end, pass through bluetooth connection mobile phone, communicated with mobile phone terminal APP, by Intelligent bracelet end hardware information, and the relevant information of user's registration is stored in certificate server, complete user's registration, in the login process of user, the body temperature of Intelligent bracelet end collection user and heart rate and wave arm characteristic information, the biological information of user is authenticated in local, authentication result is sent to certificate server, complete login authentication process.The present invention enhances the security of certification, while the compatible existing authentication mode based on password by way of being combined based on Intelligent hardware and living things feature recognition.

Description

A kind of multiple-factor authentication method based on Intelligent bracelet
Technical field
The invention belongs to communication technical field, and in particular to a kind of multiple-factor authentication method based on Intelligent bracelet.
Background technology
With the rapid development of information technology, network has become part indispensable in people's life.Internet is just This our life style is being altered in steps:Tele-medicine, Web bank, long-distance education, ecommerce, instant messaging etc. are various The network service of various kinds is gradually dissolved into our work and study.Network service is efficiently convenient, and cost is cheap, hardly Influenceed by objective factors such as time, region, weather, distance, landform, therefore obtained going deep into extensively in our life Development, an and indispensable part in being lived as us.But as various network services greatly change It is virtual due to its height while being apt to our life, also make us by various security threats.Virus is attacked Hit, the appearance of the network security problem such as remote control, fishing website, network fraud brings huge puzzlement to our life And very serious loss is economically caused, the progress and development of social civilization is more severely impacted, or even bring to country Great security threat.So while gradually development in internet, network security problem is also the most important thing of development, and body Basis of part authentication techniques as whole network safe practice framework, more should sufficiently be paid attention to, just so with letter The continuous development of safety theory is ceased, identity identifying technology is also developing progressively as an important field of research.
Identity identifying technology be in a computer network for confirm operator's identity process and caused solution method.Meter Identity information of all information including user is all represented with one group of specific data in calculation machine network world, and computer is only The digital identity of user, all mandates to user and the mandate for number identity can be identified.How to ensure with number The operator that body part is operated is exactly this digital identity lawful owner, that is to say, that ensures the physical identity of operator Corresponding with digital identity, identity identifying technology is exactly first of pass as protected network assets in order to solve this problem Mouthful, authentication plays the role of very important.
In view of the importance of identity identifying technology, therefore with the development that deepens continuously of internet, identity identifying technology Gradually by extensively should be in various fields.The important departments such as Web bank, ecommerce, enterprise staff system, government are all right The sensitivity of the identity information of participant extremely, and identity identifying technology is exactly first of screen for ensureing that participant identification information is legal Barrier.In addition, before some important instant messagings or file transmission are carried out, we are also required to confirm communication participant Identity.However, with the continuous development of information technology, the continuous change of application scenarios, certain specific identity identifying technology The demand for security under different scenes can not have been met.At the same time, the continuous development of cryptography, cryptanalysis and now The continuous development of Computing ability, once unbreakable identity identifying technology was in face of the attack meanses to emerge in an endless stream Expose increasing security risk.So in face of fast changing network environment and security challenge with rapid changepl. never-ending changes and improvements, identity Authentication techniques, which also must constantly be improved to improve, could provide more preferable security protection.
In recent years, smart mobile phone relies on its unique advantage, and the mobile phone market of whole has almost been captured between a few years.And At the same time, the deep development of radio network technique, people are made to be no longer limited by utilizing wireline equipment logging in network.Mobile interchange Net gradually rises, and people can access network whenever and wherever possible and complete related service, obtains network information, instant messaging, hands over immediately Easily etc., everything brings great convenience to the life study of people.But in this emerging field, applied to conventional internet Identity identifying technology be but difficult to the demand for security for meeting flexible and changeable mobile Internet.And in this field of mobile Internet In equipment coverage rate in people live is high based on mobile intelligent terminal, how to make full use of mobile terminal device to complete The online authentication of mobile interchange also turns into the hot issue of identity identifying technology research.
The content of the invention
In view of the above-mentioned deficiencies in the prior art, the technical problem to be solved by the present invention is that provide a kind of based on intelligence The multiple-factor authentication method of bracelet, authentication can be made relatively reliable, while can be cost-effective.
The present invention uses following technical scheme:
A kind of multiple-factor authentication method based on Intelligent bracelet, including Intelligent bracelet end, mobile phone terminal APP, to user send Authentication information be authenticated processing certificate server and the log-on message for being filled in during storing user's registered database Server, Intelligent bracelet end is used to be acquired user biological feature and certification, and authentication result is sent into mobile phone terminal APP, mobile phone terminal APP are used for certificate server and Intelligent bracelet end is communicated, and are responsible for terminate what is be subject to from Intelligent bracelet User authentication information is sent to certificate server and carries out further certification, and Intelligent bracelet end is entered with mobile phone terminal APP by bluetooth Row communication, information is transmitted between mobile phone terminal APP and certificate server by tls protocol;
Using Intelligent bracelet end as multiple-factor, gather the body temperature of user, heart rate and wave arm characteristic information, generate mould Plate, Template Information is stored in Intelligent bracelet end, communicated by bluetooth with mobile phone terminal APP, by the hardware information at Intelligent bracelet end, And the relevant information of user's registration is stored in certificate server, user's registration is completed;
The Intelligent bracelet end collection body temperature of user, heart rate and arm characteristic information is waved, the biological characteristic in local to user Information is authenticated, and authentication result is sent into certificate server, completes login authentication process.
Preferably, during user's registration, user starts mobile phone terminal APP first, then with traditional based on password Login mode carry out register, if user is current to register for the first time, then user can also select not use user The logon mode of name-password, or selection both of which are registered;After user's Successful login certificate server, open Begin to carry out user the registration of the multiple-factor authentication mode based on Intelligent bracelet, it is specific as follows the step of user's registration:
S1, mobile phone terminal APP receive the login request message of certificate server transmission and are sent to connection by bluetooth Intelligent bracelet end;
S2, Intelligent bracelet termination receive registration request, the request of triggering user profile collection, collection user biological spy Reference ceases, and generates biometric templates, and the information gathering request that user prompts according to mobile phone terminal APP is made corresponding respond and moved Make, complete user profile collection;
S3, Intelligent bracelet end group will be used in current template generation user's registration response message by mobile phone terminal APP Family registration reply message is sent to certificate server;
The user's registration response that S4, certificate server checking receive, and return to registering result.
Preferably, step S1 is specially:
It is the application that can be interacted with Intelligent bracelet end and certificate server that S101, user, which run mobile phone terminal APP, APP, An either particular module of some application;
S102, user select the login mode of traditional user name-password, and input user takes in the certification of application side before The user name and password of business device registration;
S103, certificate server call the specific API of database server, inquire about the password of currently logged on user;
S104, database server return to the password of currently logged on user;
S105, certificate server examine user to log in, and user's registration in the password and database of user's input is inputted Password is compared, and is then back to user's login result;
After S106, user's Successful login, the registration based on Intelligent bracelet multiple-factor certification, certificate server are proceeded by Initiate the registration request RegRequest based on Intelligent bracelet;
After S107, mobile phone terminal APP receive registration request, Intelligent bracelet end is connected, and send just to Intelligent bracelet end The request of beginningization registration.
Preferably, step S2 is specially:
S201, Intelligent bracelet end measure the temperature data t of user by body temperature transducer, the use surveyed by heart rate sensor The heart rate data m at family, waving for user is obtained during user wave arm by three axle acceleration sensors in Intelligent bracelet Arm information data;
S202, taken multiple measurements for body temperature and heart rate data and average to obtain a steady state value as characteristic value, For waving arm characteristic value, the acceleration information that sensor is obtained is ranked up processing, is obtained by 3-axis acceleration sensor The vector acceleration of tri- change in coordinate axis direction of X, Y, Z, sequence obtain the acceleration magnitude of two points, and once complete swing arm obtains process W [i], (i=1,2..6) are designated as to an one-dimension array;
S203, body temperature and heart rate to user measured within a hour every 10 minutes, then with a hour Time, 6 body temperature numerical value and HR values are respectively obtained, by averaging to obtain the temperature masterplate data in this section T and heart rate template data M, finds out maximum and minimum value respectively, and difference is designated as into Temperature Matching with reference to factor T' and heart rate mould Plate reference factor M ';
User completes to wave arm action for 5 times according to prompting, obtains waving arm feature masterplate and is designated as W [j] (j=1,2...6), by w [i] and Wi[j] carries out asking variance computing, and the data of maximum are taken out as the reference factor W' for waving arm feature.
Preferably, step S3 is specially:
S301, Intelligent bracelet end according to user name username, current temporal information timestamp, Intelligent bracelet Hardware information hardware processing;
S302, the public private key pair for generating user, the private key of user is stored in the secure memory space at Intelligent bracelet end, The public key of user is added in registration reply message, and with private key to current username, timestamp, hardware, And conversation message SeesionMessage signatures;
S303, composition registration reply message RegResponse, are sent to mobile phone terminal APP;
The response message includes:Intelligent bracelet waves arm feature according to the body temperature of the user currently collected, heart rate, one group Data and current time are encoded, and are then based on the public private key pair of this generation user;
The registration response message RegResponse that S304, Intelligent bracelet end return to user to mobile phone terminal APP includes user's The relevant information of public key and Intelligent bracelet equipment;
After S305, mobile phone terminal APP receive RegResponse, certificate server is directly forwarded to.
Preferably, step S4 is specifically included:
After S401, certificate server receive user's registration response message RegResponse, the public key verifications of user are taken out Signature is verified to the registration reply message of user;
Verify that the checking registration reply message includes:The hardware information hardware of Intelligent bracelet, user name Username, session information SesionMessage, and signature Signdata and use by private key for user to these information Family public key;
S402, certificate server register customers as information, client public key, Intelligent bracelet facility information, are stored in database In;
S403, certificate server return to registering result to mobile phone terminal APP.
Preferably, during user logs in, user starts mobile phone terminal APP, specific as follows the step of login authentication:
S5, logging request of the certificate server generation based on Intelligent bracelet, are sent to mobile phone terminal APP, mobile phone terminal APP connections Intelligent bracelet end sends logging request;
S6, Intelligent bracelet termination receive authentication request message, call the user biological characteristic information of sensor collection;
S7, the Intelligent bracelet end compare the biological information collected with the biometric templates preserved;Institute Stating comparison process includes:User's heart rate aspect ratio is to, body temperature aspect ratio pair and waves arm aspect ratio pair, enters line to comparison result Property combination, synthesis draw final authentication result;
S8, certificate server authentication verification response message, and return authentication result.
Preferably, step S6 is specially:
S601, verification process information gathering, Intelligent bracelet end call body temperature transducer to obtain body temperature, and heart rate sensor is surveyed Heart rate, call acceleration transducer, and prompt user's action for once being waved arm, sensor measures wave arm during Acceleration information information;
S602, using it is above-mentioned measure temperature data t, heart rate data m average to obtain respectively a steady state value as body temperature, The characteristic value of heart rate, by acceleration transducer data measured, obtain swing arm characteristic W [j] (j=1,2...6).
Preferably, step S7 is specially:
S701、ρMarkThe matching attribute drawn according to volume test is represented, if comprehensive matching degree ρ meets ρ > ρMark, certification is by the way that otherwise certification is by the way that comprehensive matching degree ρ is:
ρ=ρBody*α+ρHeart rate*β+ρWave*Y
Wherein, alpha+beta+Y=1, ρBodyRepresent body temperature matching degree, ρHeart rateRepresent heart rate matching degree, ρWaveArm characteristic matching is waved in expression Degree;
If S702, comparison pass through, by login authentication session information SeionMessage, the username of user, intelligence Bracelet facility information hardware is added in authentication response message AuthResponse, while takes out user from Intelligent bracelet end Private key is signed to it, is then added in AuthResponse and is generated authentication response message;
The authentication response message of generation includes:Login authentication session information SesionMessage, user name Username, Intelligent bracelet device hardware information hardware, and the signature SignData of these information;
User authentication information AuthResponse is sent to mobile phone terminal APP by S703, Intelligent bracelet end by bluetooth;
The Intelligent bracelet received is sent authentication response message by S704, mobile phone terminal APP, it is not necessary to is done any processing, is turned Issue certificate server.
Preferably, step S8 is specially:
After S801, certificate server receive authentication response message AuthResponse, inquire about user's from database Public key and Intelligent bracelet facility information;
S802, database server return to the information of the Intelligent bracelet equipment of the client public key and registration;
S803, certificate server are verified to the registration reply message of user, and certificate server is tested by client public key Demonstrate,prove log-on message and Intelligent bracelet facility information;
User authentication result is sent to mobile phone terminal APP by S804, certificate server.
Compared with prior art, the present invention at least has the advantages that:
Multiple-factor authentication method of the invention based on Intelligent bracelet, using Intelligent bracelet end, mobile phone terminal APP, authentication service Device and database server realize the registering and logging of multiple-factor authentication method, and Intelligent bracelet end is responsible for receiving mobile phone terminal APP hairs The certification sent and registration request, and the biological information of user is gathered, mainly including body temperature, heart rate, and wave the spy of arm Reference ceases, while completes the establishment and authentication registration operation to biometric templates.From body temperature, heart rate and wave arm feature Collection, be primarily due to for user, this three is easily to measure, and body temperature information it is more constant and everyone again There is certain difference, heart rate information is all often that different people have a relatively stable fluctuation model in different motion states Enclose, although wave arm feature waves that arm is all different every time, be in order at personal habits and the length and body make-up of arm Acted on Deng many-side, can be in a relatively stable scope for each user;Mobile phone terminal APP is responsible for taking with certification Business device and the communication at Intelligent bracelet end, it is responsible for the user authentication information received from Intelligent bracelet termination being sent to authentication service Device carries out further certification, and Intelligent bracelet end is communicated with mobile phone terminal APP by bluetooth, low due to the version of bluetooth 4.0 Power consumption characteristics, Intelligent worn device currently on the market is essentially all to be communicated by bluetooth;Mobile phone terminal APP takes with certification Be engaged between device transmitting information by tls protocol, TLS be a safe transmission layer protocol be used to ensureing two communication application programs it Between data security and integrality.Certificate server be used for be responsible for generation and checking user's registration and certification log messages and With mobile phone terminal APP secure communication.Database server is used for the information of storing user's registered.User is designed as by such One is provided without password, the identity verification scheme that security performance is high, easy to use and privacy is good.
Further, during user's registration, user starts mobile phone terminal APP first, then with traditional based on password Login mode, if user is current to register for the first time, then user can also select not using the registration of user name-password Both mode, or selection are registered;After user's Successful login certificate server, start that user is carried out to be based on intelligence The registration of the multiple-factor authentication mode of energy bracelet, the compatible traditional Login Register mode based on password of registration engineering, Intelligent bracelet end is authenticated by gathering the biological information of user to user, facilitates easy-to-use and security performance high.
Further, the biological characteristic of Intelligent bracelet collection user mainly includes body temperature, heart rate and waves arm feature, is all It is a little to be easy to the information of measurement, and can change for each user inside a specific scope, and each use Family is again different, can be to recognize each user by the collection and processing to data.
Further, registration reply message of the Intelligent bracelet based on current template generation user, by the biology of user Feature templates are stored in the trusted storage region of Intelligent bracelet, again can safely just while protecting the private data of user Prompt is authenticated to user identity.
Further, after the certificate server receives user's registration response RegResponse, the public key of user is passed through To verify the signature of user's registration information, so that it is guaranteed that the integrality and authenticity of user's registration information, are registered customers as simultaneously Information is stored in database, so as to the authentication operation after user, while the registering result of user is returned, is notified user to note Volume success.
Further, in the process of user login, mobile phone terminal APP sends logging request to Intelligent bracelet, Intelligent bracelet User biological characteristic information and template matching are gathered, generation login response message AuthResponse is sent to certificate server, User is completed to log in.The compatible traditional login mode based on password of the process, while if user's selection is based on intelligent hand The multiple-factor login mode of ring, will be significantly simpler easy-to-use, and user need not remember cumbersome password, while also without especially multiple Miscellaneous action, security performance are also greatly improved.
Further, in the login process with the comparison process of biometric templates, Intelligent bracelet collection user Body temperature, heart rate and arm information is waved, while according to described data handling procedure and comparison process, carried out for comparing result Linear combination synthesis draws final authentication result.It is just corresponding with the template of Intelligent bracelet to gather above-mentioned biological information, Linear process is carried out according to the proportion shared by each several part draw authentication result to integrate simultaneously, rather than must by the single factor Go out authentication result, accuracy rate is higher.
In summary, the multiple-factor authentication method of the present invention based on Intelligent bracelet, by gathering user's body temperature, heart rate And arm characteristic information is waved, integrated treatment is carried out to these information, so as to complete the certification of user.The present invention provides the user one Individual no password, the identity verification scheme that security performance is high, easy to use and privacy is good, at the same it is again compatible it is traditional based on The authentication mode of password, in terms of privacy of user data are protected, in addition, the present invention is designed the biological attribute data of user Intelligent bracelet end is stored in, privacy of user does not go out equipment, greatly protects the private data of user.
Below by drawings and examples, technical scheme is described in further detail.
Brief description of the drawings
Fig. 1 is authentication framework schematic diagram of the present invention;
Fig. 2 is register flow path figure of the present invention;
Fig. 3 is Intelligent bracelet identifying procedure figure of the present invention.
Embodiment
Referring to Fig. 1, a kind of design architecture of the multiple-factor authentication method based on Intelligent bracelet of the present invention mainly includes four Part, Intelligent bracelet end, mobile phone terminal APP, certificate server and database server.Wherein, certificate server is realized to user The authentication information of transmission is authenticated handling;Database server is used for the log-on message filled in when storing user's registered;Hand The specific APP of generator terminal is responsible for the communication with certificate server and Intelligent bracelet end, is responsible for the use being subject to from Intelligent bracelet termination Family authentication information is sent to certificate server and carries out further certification, and Intelligent bracelet is led to mobile phone terminal APP by bluetooth Letter, information is transmitted between mobile phone terminal and certificate server by tls protocol.It is responsible for carrying out user biological feature in Intelligent bracelet end Collection and certification, and authentication result is sent to mobile phone terminal APP.
Multiple-factor authentication method of the invention based on Intelligent bracelet, including registering and logging two parts;
Wherein, referring to Fig. 2, during user's registration, user starts the specific APP, Ran Houyong of mobile phone terminal first Traditional login mode based on password, this is done to compatible existing traditional login.If user is current first Secondary registration, then user can also be selected not using the logon mode of user name-password, or both selection is registered. After user's Successful login certificate server, start to carry out user the note of the multiple-factor authentication mode based on Intelligent bracelet Volume, it is specific as follows the step of registration part:
S1, mobile phone terminal APP receive the login request message of certificate server transmission and are sent to connection by bluetooth Intelligent bracelet;
S101, user run mobile phone terminal APP, and what APP referred to interact with Intelligent bracelet and certificate server answers With a particular module of either some application;
S102, user select the login mode of traditional user name-password, and input user takes in the certification of application side before The user name and password of business device registration;
S103, certificate server call the specific API of database server, inquire about the password of currently logged on user;
S104, database server return to the password of currently logged on user;
S105, certificate server examine user to log in, and user's registration in the password and database of user's input is inputted Password is compared, and is then back to user's login result;
After S106, user's Successful login, the registration based on Intelligent bracelet multiple-factor certification, certificate server are proceeded by Initiate the registration request RegRequest based on Intelligent bracelet;
After S107, mobile phone terminal APP receive registration request, Intelligent bracelet end is connected, and send just to Intelligent bracelet end The request of beginningization registration;
S2, Intelligent bracelet termination receive registration request, the request of triggering user profile collection, collection user biological spy Reference is ceased, and generates biometric templates, and the information gathering that user prompts according to mobile phone terminal APP is asked, and makes corresponding response, Complete user profile collection;
Wherein, biological information includes user's heart rate feature, body temperature feature and waves arm characteristic information;Generate character modules Plate includes user's heart rate feature templates, body temperature feature templates and waves arm feature templates;
The step of creating biometric templates is as follows:
S201, Template Information collection:The certification at Intelligent bracelet end is mainly by the body temperature to user, heart rate, and wave arm Characteristic carries out the process of comprehensive analysis certification.By body temperature transducer, we can measure the temperature data of user and be designated as T, by heart rate sensor, the heart rate data for the user that we survey is designated as m.Arm information is waved for user, we pass through intelligent hand Three axle acceleration sensors in ring obtain during user wave arm;
S202, feature extraction:Either the body temperature of user, heart rate data or we wave the acceleration obtained during arm Value, be all to be changed inside certain scope, so we will be also handled these data, so as to obtain Relatively stable characteristic, and then for creating feature masterplate.
For body temperature and heart rate data we can take multiple measurements the method averaged obtain one it is more constant Value is used as characteristic value.For waving arm characteristic value, we make following analysis:
When user's swing arm is, we can mainly produce a larger acceleration at peak.So we are in user During swing arm, the acceleration information that sensor is obtained is ranked up processing, passes through our meetings of 3-axis acceleration sensor X is obtained, the vector acceleration of tri- change in coordinate axis direction of Y, Z, after this three groups of acceleration degree series are ranked up arrangement by we, is obtained Maximin, that is, the two point acceleration magnitude, so process once complete swing arm we can obtain one One-dimension array, that is, above-mentioned six values.This group of data are used as the data of user's swing arm feature by we, are designated as w [i], (i=1,2..6).
S203, drawing template establishment:The establishment of template mainly includes carrying out masterplate construction to the data of this three aspect,
For the temperature data of user, because our body temperature within one day have certain change, but it is small at one When it is interior typically do not have too big fluctuation, we measured the body temperature to user every 10 minutes, right the latter hour when Between, we can obtain 6 body temperature numerical value, then by averaging to obtain the temperature masterplate data T in this section:
T=∑s ti(i=1,2...6)
Then we average the body temperature numerical value obtained in this hour, then write down being averaged in this section Value is designated as t';By the time of one day, we can obtain the body temperature template of user and be designated as T, corresponding altogether including 24 numerical value With time upper 24 sections.Then our maximizing and minimum values from this 24 numerical value, then records their difference Be designated as T', as Temperature Matching with reference to the factor, behind need to use in verification process.
The establishment process of user's heart rate template is same as above, obtained heart rate template data we be designated as M;Heart rate template Be designated as M' with reference to the factor.
The establishment for waving arm feature templates of user, Intelligent bracelet can prompt user to carry out waving arm and wave arm, and user is according to prompting Complete complete 5 actions for waving arm.In waving each time in the arm cycle for user, track is a complete camber line, and most We can respectively obtain the most value of different directions acceleration for high point and minimum point, and due to the difference in direction, one shares 6 acceleration Angle value, W [j] (j=1,2...6) is designated as, then we will obtain 5 groups of data for waving arm feature, be designated as
Wi[j] (i=1,2..5, j=1,2...6)
Wave arm feature masterplate and be designated as W [j] (j=1,2...6), calculated with equation below:
Wherein, i represents to wave arm number, and j represents that waving arm every time arranges to obtain some point feature data;
Then by w [i] and Wi[j] carries out asking variance computing to obtain 5 variance data as follows, is designated as:
F [i] (i=1,2...5)
Then maximum data in F [i] (i=1,2...5) are taken out, W' is designated as with reference to the factor as wave arm feature; W [j] (j=1,2...6) is as the template for waving arm feature simultaneously, and to this, our feature templates are created and finished.
S3, Intelligent bracelet are based on current template generation user's registration response message, and by mobile phone terminal APP by user Registration reply message is sent to certificate server;
Because the acquisition time of Template Information is long, so Intelligent bracelet can be raw during user profile is gathered Into registration reply message RegResponse, and without waiting for all user biological characteristic information collections and complete.
S301, Intelligent bracelet are according to user name username, current temporal information timestamp, Intelligent bracelet it is hard These information are handled by part information hardware;
S302, the public private key pair based on this generation user, the secure memory that the private key of user is stored in Intelligent bracelet are empty Between in, the public key of user is added in registration reply message, and with private key to current username, timestamp, Hardware, and conversation message SesionMessage signatures;
S303, composition registration reply message RegResponse, are sent to mobile phone terminal APP;
The response message includes:Intelligent bracelet waves arm feature according to the body temperature of the user currently collected, heart rate, one group Data and current time are encoded, and are then based on the public private key pair of this generation user;
S304, Intelligent bracelet returned to mobile phone terminal APP the log-on message RegSponse including user of user public key and The relevant information of Intelligent bracelet equipment;
After S305, mobile phone terminal APP receive RegResponse, any processing is not made to registration reply message substantially, It is directly forwarded to certificate server;
S4, certificate server checking registration reply message, and return to registering result;
After S401, certificate server receive user's registration response message RegResponse, the public key verifications of user are taken out Signature is verified to the registration reply message of user;
Verify that the checking registration reply message includes:The hardware information hardware of Intelligent bracelet, user name Username, session information SesionMessage, and signature SignData and use by private key for user to these information Family public key;
S402, certificate server register customers as information, client public key, Intelligent bracelet facility information, are stored in database In;
S403, certificate server return to registering result to mobile phone terminal APP;
Referring to Fig. 3, during user logs in, user starts mobile phone terminal APP first, for compatible existing tradition Login, user can select to log in password logon or with Intelligent bracelet.Traditional login mode based on password is here No longer describe in detail.But for some specific applications, it is necessary to higher peace during some laddering discriminatings When full property, multiple-factor certification of the selection based on Intelligent bracelet may will be Qiang Zhiyaoqiud.The step of logging in part is specific such as Under:
S5, the compatible existing login mode based on password select for user, and certificate server generation is based on Intelligent bracelet Logging request, be sent to mobile phone terminal APP, mobile phone terminal APP connections Intelligent bracelet sends logging request;
S6, Intelligent bracelet receive authentication request message, call the biological information of related sensor collection user;
Intelligent bracelet triggering user biological characteristic information collection, the corresponding prompting that user provides according to Intelligent bracelet, makes Corresponding response, complete user biological characteristic information collection;
S601, information gathering:The information gathering of verification process, information gathering is obtained during being created with masterplate presented hereinbefore Almost, Intelligent bracelet calls body temperature transducer to obtain body temperature now, calls heart rate sensor to measure now heart rate, calls and adds Velocity sensor, and prompt user's action for once being waved arm, sensor measure the data for waving the acceleration during arm Information;
S602, feature extraction:The above-mentioned temperature data that measures is designated as t, heart rate data will be measured and be designated as m, pass through acceleration Sensor data measured, handled with above-mentioned identical method, obtain characteristic W [j] (j=1,2...6);
S7, the Intelligent bracelet compare the biological information collected with the biometric templates preserved;It is described Comparison process includes:The comparison of user's heart rate feature, the comparison of body temperature feature and the comparison for waving arm feature, and battle array is to this A little comparing results carry out linear combination, and synthesis draws final authentication result;
S701, template contrast:Template contrast makes an extremely important step, this step in whole verification process directly to determine Whether user can be by certification, and by the analysis of lot of experimental data, this template contrast processing procedure makes following analysis:
First, carry out body temperature contrast, we obtain the temperature T in this section of time interval from body temperature template, reference because Sub- T', body temperature matching degree ρBodyCalculated with equation below:
Same method obtains heart rate template M in this section of interval time from body temperature template, with reference to factor M ', calculate heart rate Matching degree ρHeart rate
The processing of arm feature is waved with above-mentioned slightly different, first from wave in arm feature templates take out W [j] (j=1, 2...6), with reference to factor W', the matching degree that arm feature is waved in calculating is as follows:
First calculate that this waves arm and the variance W of template data is as follows:
Then calculate and wave arm characteristic matching degree ρWave
Finally obtain comprehensive matching degree ρ:
ρ=ρBody*α+ρHeart rate*β+ρWave*Y
Alpha+beta+Y=1
Finally think only ρ > ρMark, ρMarkThe matching attribute drawn according to volume test is represented, even if certification By the way that otherwise certification does not pass through;
If S702, comparison pass through, by login authentication session information SeionMessage, the username of user, intelligence Bracelet facility information hardware is added in authentication response message AuthResponse, while it is private that user is taken out in Intelligent bracelet Key is signed to it, is then also added in AuthResponse and is generated authentication response message;
The authentication response message of generation includes:Login authentication session information SesionMessage, user name Username, Intelligent bracelet device hardware information hardware, and the signature SignData of these information;
User authentication information AuthResponse is sent to mobile phone terminal spy APP by S703, Intelligent bracelet by bluetooth.
The Intelligent bracelet received is sent authentication response message by the specific APP of S704, mobile phone terminal, it is not necessary to does any place Reason, is transmitted to certificate server;
S8, certificate server authentication verification response message, and return authentication result.
After S801, certificate server receive authentication response message AuthResponse, inquire about user's from database Public key and Intelligent bracelet facility information;
S802, database server return to the information of the Intelligent bracelet equipment of the client public key and registration;
S803, certificate server are verified to the registration reply message of user, and certificate server is tested by client public key Demonstrate,prove log-on message and Intelligent bracelet facility information;
User authentication result is sent to mobile phone terminal APP by S804, certificate server.
The multiple-factor of the present invention is Intelligent bracelet, and the biological information of the user collected by Intelligent bracelet, The main heart rate feature including user, body temperature feature and wave arm feature.By based on Intelligent hardware and living things feature recognition knot The mode of conjunction enhances the security of certification, while the compatible existing authentication mode based on password.
The technological thought of above content only to illustrate the invention, it is impossible to protection scope of the present invention is limited with this, it is every to press According to technological thought proposed by the present invention, any change done on the basis of technical scheme, claims of the present invention is each fallen within Protection domain within.

Claims (10)

1. a kind of multiple-factor authentication method based on Intelligent bracelet, it is characterised in that including Intelligent bracelet end, mobile phone terminal APP, right The authentication information that user sends is authenticated the certificate server of processing and the log-on message for being filled in during storing user's registered Database server, Intelligent bracelet end is used to be acquired user biological feature and certification, and authentication result is sent Mobile phone terminal APP is given, mobile phone terminal APP is used for certificate server and Intelligent bracelet end is communicated, and being responsible for will be from Intelligent bracelet end The user authentication information received is sent to certificate server and carries out further certification, and Intelligent bracelet end leads to mobile phone terminal APP Cross bluetooth to be communicated, information is transmitted by tls protocol between mobile phone terminal APP and certificate server;
Using Intelligent bracelet end as multiple-factor, gather the body temperature of user, heart rate and wave arm characteristic information, generate template, will Template Information is stored in Intelligent bracelet end, is communicated by bluetooth with mobile phone terminal APP, by the hardware information at Intelligent bracelet end, and The relevant information of user's registration is stored in certificate server, completes user's registration;
The Intelligent bracelet end collection body temperature of user, heart rate and arm characteristic information is waved, the biological information in local to user It is authenticated, authentication result is sent to certificate server, completes login authentication process.
2. a kind of multiple-factor authentication method based on Intelligent bracelet according to claim 1, it is characterised in that noted in user During volume, user starts mobile phone terminal APP first, then carries out register with traditional login mode based on password, If user is current registration for the first time, then user can also select not using the logon mode of user name-password, Huo Zhexuan Both of which is selected to be registered;After user's Successful login certificate server, start that user is carried out to be based on Intelligent bracelet Multiple-factor authentication mode registration, it is specific as follows the step of user's registration:
S1, mobile phone terminal APP receive the login request message of certificate server transmission and the intelligence of connection are sent to by bluetooth Can bracelet end;
S2, Intelligent bracelet termination receive registration request, the request of triggering user profile collection, collection user biological feature letter Breath, and biometric templates are generated, corresponding response action is made in the information gathering request that user prompts according to mobile phone terminal APP, Complete user profile collection;
S3, Intelligent bracelet end group note user in current template generation user's registration response message, and by mobile phone terminal APP Volume response message is sent to certificate server;
The user's registration response that S4, certificate server checking receive, and return to registering result.
3. a kind of multiple-factor authentication method based on Intelligent bracelet according to claim 2, it is characterised in that step S1 has Body is:
S101, user run mobile phone terminal APP, APP be the application that can be interacted with Intelligent bracelet end and certificate server or It is a particular module of some application;
S102, user select the login mode of traditional user name-password, and input user is before in the certificate server of application side The user name and password of registration;
S103, certificate server call the specific API of database server, inquire about the password of currently logged on user;
S104, database server return to the password of currently logged on user;
S105, certificate server examine user to log in, by the password that user's registration inputs in the password and database of user's input It is compared, is then back to user's login result;
After S106, user's Successful login, the registration based on Intelligent bracelet multiple-factor certification is proceeded by, certificate server is initiated Registration request RegRequest based on Intelligent bracelet;
After S107, mobile phone terminal APP receive registration request, Intelligent bracelet end is connected, and initialization is sent to Intelligent bracelet end The request of registration.
4. a kind of multiple-factor authentication method based on Intelligent bracelet according to claim 2, it is characterised in that step S2 has Body is:
S201, Intelligent bracelet end measure the temperature data t of user by body temperature transducer, the user's surveyed by heart rate sensor Heart rate data m, the arm of waving for obtaining user during user wave arm by three axle acceleration sensors in Intelligent bracelet are believed Cease data;
S202, taken multiple measurements for body temperature and heart rate data and average to obtain a steady state value as characteristic value, for Arm characteristic value is waved, the acceleration information that sensor is obtained is ranked up processing, and X, Y, Z are obtained by 3-axis acceleration sensor The vector acceleration of three change in coordinate axis direction, sequence obtain the acceleration magnitude of two points, and once complete swing arm obtains one to process Individual one-dimension array is designated as w [i], (i=1,2..6);
S203, body temperature and heart rate to user measured within a hour every 10 minutes, then with hour when Between, respectively obtain 6 body temperature numerical value and HR values, by average to obtain the temperature masterplate data T in this section and Heart rate template data M, finds out maximum and minimum value respectively, and difference is designated as into Temperature Matching joins with reference to factor T' and heart rate template According to factor M ';
User completes to wave arm action for 5 times according to prompting, obtains waving arm feature masterplate and is designated as W [j] (j=1,2...6), by w [i] with Wi[j] carries out asking variance computing, and the data of maximum are taken out as the reference factor W' for waving arm feature.
5. a kind of multiple-factor authentication method based on Intelligent bracelet according to claim 2, it is characterised in that step S3 has Body is:
S301, Intelligent bracelet end are according to user name username, current temporal information timestamp, the hardware of Intelligent bracelet Information hardware processing;
S302, the public private key pair for generating user, the private key of user are stored in the secure memory space at Intelligent bracelet end, user Public key be added in registration reply message, and with private key to current username, timestamp, hardware, and Conversation message SeesionMessage signs;
S303, composition registration reply message RegResponse, are sent to mobile phone terminal APP;
The response message includes:Intelligent bracelet waves arm characteristic according to the body temperature of the user currently collected, heart rate, one group According to and the current time encoded, be then based on this generation user public private key pair;
S304, Intelligent bracelet end include the public key of user to the registration response message RegResponse of mobile phone terminal APP return users And the relevant information of Intelligent bracelet equipment;
After S305, mobile phone terminal APP receive RegResponse, certificate server is directly forwarded to.
6. a kind of multiple-factor authentication method based on Intelligent bracelet according to claim 2, it is characterised in that step S4 has Body includes:
After S401, certificate server receive user's registration response message RegResponse, take out the public key verifications of user to The registration reply message checking signature at family;
Verify that the checking registration reply message includes:The hardware information hardware of Intelligent bracelet, user name username, meeting Talk about information SesionMessage, and signature Signdata and client public key by private key for user to these information;
S402, certificate server register customers as information, client public key, Intelligent bracelet facility information, are stored in database;
S403, certificate server return to registering result to mobile phone terminal APP.
7. a kind of multiple-factor authentication method based on Intelligent bracelet according to claim 1, it is characterised in that stepped in user During record, user starts mobile phone terminal APP, specific as follows the step of login authentication:
S5, logging request of the certificate server generation based on Intelligent bracelet, are sent to mobile phone terminal APP, mobile phone terminal APP connections intelligence Bracelet end sends logging request;
S6, Intelligent bracelet termination receive authentication request message, call the user biological characteristic information of sensor collection;
S7, the Intelligent bracelet end compare the biological information collected with the biometric templates preserved;The ratio Process is included:User's heart rate aspect ratio is to, body temperature aspect ratio pair and waves arm aspect ratio pair, and linear group is carried out to comparison result Close, synthesis draws final authentication result;
S8, certificate server authentication verification response message, and return authentication result.
8. a kind of multiple-factor authentication method based on Intelligent bracelet according to claim 7, it is characterised in that step S6 has Body is:
S601, verification process information gathering, Intelligent bracelet end call body temperature transducer to obtain body temperature, and heart rate sensor measures the heart Rate, acceleration transducer is called, and prompt user's action for once being waved arm, sensor measures the acceleration waved during arm Degrees of data information;
S602, using it is above-mentioned measure temperature data t, heart rate data m averages to obtain respectively a steady state value as body temperature, heart rate Characteristic value, by acceleration transducer data measured, obtain swing arm characteristic W [j] (j=1,2...6).
9. a kind of multiple-factor authentication method based on Intelligent bracelet according to claim 7, it is characterised in that step S7 has Body is:
S701、ρMarkThe matching attribute drawn according to volume test is represented, if comprehensive matching degree ρ meets ρ > ρMark, Certification is by the way that otherwise certification is by the way that comprehensive matching degree ρ is:
ρ=ρBody*α+ρHeart rate*β+ρWave*Y
Wherein, alpha+beta+Y=1, ρBodyRepresent body temperature matching degree, ρHeart rateRepresent heart rate matching degree, ρWaveArm characteristic matching degree is waved in expression;
If S702, comparison pass through, by the login authentication session information SeionMessage of user, username, Intelligent bracelet Facility information hardware is added in authentication response message AuthResponse, while takes out private key for user from Intelligent bracelet end It is signed, is then added in AuthResponse and generates authentication response message;
The authentication response message of generation includes:Login authentication session information SesionMessage, user name username, Intelligent bracelet device hardware information hardware, and the signature SignData of these information;
User authentication information AuthResponse is sent to mobile phone terminal APP by S703, Intelligent bracelet end by bluetooth;
The Intelligent bracelet received is sent authentication response message by S704, mobile phone terminal APP, it is not necessary to is done any processing, is transmitted to Certificate server.
A kind of 10. multiple-factor authentication method based on Intelligent bracelet according to claim 7, it is characterised in that step S8 Specially:
After S801, certificate server receive authentication response message AuthResponse, the public key of user is inquired about from database And Intelligent bracelet facility information;
S802, database server return to the information of the Intelligent bracelet equipment of the client public key and registration;
S803, certificate server are verified to the registration reply message of user, and certificate server is stepped on by user's public key verifications Record information and Intelligent bracelet facility information;
User authentication result is sent to mobile phone terminal APP by S804, certificate server.
CN201710786500.6A 2017-09-04 2017-09-04 A kind of multiple-factor authentication method based on Intelligent bracelet Pending CN107634941A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710786500.6A CN107634941A (en) 2017-09-04 2017-09-04 A kind of multiple-factor authentication method based on Intelligent bracelet

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710786500.6A CN107634941A (en) 2017-09-04 2017-09-04 A kind of multiple-factor authentication method based on Intelligent bracelet

Publications (1)

Publication Number Publication Date
CN107634941A true CN107634941A (en) 2018-01-26

Family

ID=61100364

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710786500.6A Pending CN107634941A (en) 2017-09-04 2017-09-04 A kind of multiple-factor authentication method based on Intelligent bracelet

Country Status (1)

Country Link
CN (1) CN107634941A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108881297A (en) * 2018-07-25 2018-11-23 上海皇和信息科技有限公司 A kind of identification login system and login method
CN109951437A (en) * 2019-01-14 2019-06-28 平安科技(深圳)有限公司 Safety certifying method, device and server based on recognition of face
CN112738043A (en) * 2020-12-22 2021-04-30 北京八分量信息科技有限公司 Method, system and related product for carrying out legality authentication on user identity in big data system

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101567033A (en) * 2009-06-03 2009-10-28 西北工业大学 Biological authentication method for resisting privacy disclosure
US20100033303A1 (en) * 2008-08-09 2010-02-11 Dugan Brian M Systems and methods for providing biofeedback information to a cellular telephone and for using such information
CN102149211A (en) * 2010-02-04 2011-08-10 三星电子(中国)研发中心 Data transmission method and device based on motion recognition
CN105871867A (en) * 2016-04-27 2016-08-17 腾讯科技(深圳)有限公司 Identity authentication method, system and equipment
CN106934262A (en) * 2015-12-30 2017-07-07 阿里巴巴集团控股有限公司 A kind of wearable device and its user authen method
CN107103297A (en) * 2017-04-20 2017-08-29 武汉理工大学 Gait identification method and system based on mobile phone acceleration sensor

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100033303A1 (en) * 2008-08-09 2010-02-11 Dugan Brian M Systems and methods for providing biofeedback information to a cellular telephone and for using such information
CN101567033A (en) * 2009-06-03 2009-10-28 西北工业大学 Biological authentication method for resisting privacy disclosure
CN102149211A (en) * 2010-02-04 2011-08-10 三星电子(中国)研发中心 Data transmission method and device based on motion recognition
CN106934262A (en) * 2015-12-30 2017-07-07 阿里巴巴集团控股有限公司 A kind of wearable device and its user authen method
CN105871867A (en) * 2016-04-27 2016-08-17 腾讯科技(深圳)有限公司 Identity authentication method, system and equipment
CN107103297A (en) * 2017-04-20 2017-08-29 武汉理工大学 Gait identification method and system based on mobile phone acceleration sensor

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108881297A (en) * 2018-07-25 2018-11-23 上海皇和信息科技有限公司 A kind of identification login system and login method
CN109951437A (en) * 2019-01-14 2019-06-28 平安科技(深圳)有限公司 Safety certifying method, device and server based on recognition of face
CN112738043A (en) * 2020-12-22 2021-04-30 北京八分量信息科技有限公司 Method, system and related product for carrying out legality authentication on user identity in big data system
CN112738043B (en) * 2020-12-22 2023-06-27 北京八分量信息科技有限公司 Method, system and related products for legality authentication of user identity in big data system

Similar Documents

Publication Publication Date Title
US11101986B2 (en) Authentication processing service
Yang et al. Biometrics for internet-of-things security: A review
US11983964B2 (en) Liveness detection
Chuang et al. A lightweight continuous authentication protocol for the Internet of Things
Almulhim et al. A lightweight and secure authentication scheme for IoT based e-health applications
Li et al. An efficient user authentication and user anonymity scheme with provably security for IoT-based medical care system
Chen et al. An anonymous mutual authenticated key agreement scheme for wearable sensors in wireless body area networks
JP7057283B2 (en) Anti-replay system and method
Shin et al. A lightweight three-factor authentication and key agreement scheme in wireless sensor networks for smart homes
Tan A user anonymity preserving three-factor authentication scheme for telecare medicine information systems
Xiong et al. A lightweight anonymous authentication protocol with perfect forward secrecy for wireless sensor networks
CN107113315A (en) Identity authentication method, terminal and server
Chen et al. LAP-IoHT: A lightweight authentication protocol for the internet of health things
CN108809659A (en) Generation, verification method and system, the dynamic password system of dynamic password
Jivanadham et al. Cloud Cognitive Authenticator (CCA): A public cloud computing authentication mechanism
Moon et al. Improving biometric-based authentication schemes with smart card revocation/reissue for wireless sensor networks
Ali et al. A secure and efficient multi-factor authentication algorithm for mobile money applications
CN107634941A (en) A kind of multiple-factor authentication method based on Intelligent bracelet
Cheng et al. Towards zero-trust security for the metaverse
CN103297237B (en) Identity registration and authentication method, system, personal authentication apparatus and certificate server
CN107370601A (en) A kind of intelligent terminal, system and method for integrating a variety of safety certifications
Liang et al. Verifiable and secure svm classification for cloud-based health monitoring services
Ryu et al. Privacy-preserving authentication protocol for wireless body area networks in healthcare applications
Zhao et al. Secure and usable handshake based pairing for wrist-worn smart devices on different users
CN115333755A (en) Multi-attribute identity authentication method based on continuous trust evaluation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20180126