CN111177748A - Fingerprint storage encryption method, device and system - Google Patents
Fingerprint storage encryption method, device and system Download PDFInfo
- Publication number
- CN111177748A CN111177748A CN201911303008.4A CN201911303008A CN111177748A CN 111177748 A CN111177748 A CN 111177748A CN 201911303008 A CN201911303008 A CN 201911303008A CN 111177748 A CN111177748 A CN 111177748A
- Authority
- CN
- China
- Prior art keywords
- fingerprint
- data
- encryption
- algorithm
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Abstract
The invention discloses a fingerprint storage encryption method, a device and a system, wherein the fingerprint storage encryption method comprises the following steps: acquiring an encryption key of an asymmetric encryption algorithm; acquiring fingerprint biological characteristic data; performing discrete encryption processing on the fingerprint biological characteristic data by using a hash algorithm, and generating fingerprint characteristic hash data; signature processing is carried out on the fingerprint feature scattered data by using an asymmetric encryption algorithm and the private key, and fingerprint feature signature data are generated; encrypting the fingerprint biological characteristic data by using a symmetric encryption algorithm and the fingerprint characteristic signature data, and generating fingerprint characteristic encrypted data; the fingerprint feature encrypted data is stored in the storage device, so that the data cannot be decrypted even after being acquired by an unauthorized user, and the security of the fingerprint biological feature data is ensured.
Description
Technical Field
The invention relates to the technical field of fingerprint encryption, in particular to a fingerprint storage encryption method, device and system.
Background
With the rapid development of network technology and informatization, people pay more and more attention to the security of personal private information.
At present, scenes such as encryption, identification and the like are increasingly used by utilizing fingerprint biological characteristics of individual users, but the biological characteristics input by the individual users need to be stored in Flash of various kinds of electronics, computers and single-chip microcomputers.
However, the security of these electronic devices storing fingerprint biometrics still faces a large security risk, for example, the fingerprint biometrics stored in plaintext is easy to copy out by technical means, which brings a risk of privacy exposure to users; for example, criminals copy fingerprints stored in electronic products to perform illegal activities in case of unconsciousness of users.
Therefore, there is a need for an improved encryption technique for storing fingerprints that can provide secure and secure use of fingerprint encryption techniques.
Disclosure of Invention
The present invention is directed to solving, at least to some extent, one of the technical problems in the related art. To this end, a first object of the present invention is to propose a fingerprint storage encryption method.
The second purpose of the invention is to provide a fingerprint storage encryption device.
A third object of the invention is to propose a computer device.
A fourth object of the invention is to propose a computer storage medium.
In order to achieve the above object, in a first aspect, a fingerprint storage encryption method according to an embodiment of the present invention includes:
acquiring an encryption key of an asymmetric encryption algorithm;
acquiring fingerprint biological characteristic data;
performing discrete encryption processing on the fingerprint biological characteristic data by using a hash algorithm, and generating fingerprint characteristic hash data;
signature processing is carried out on the fingerprint feature scattered data by using an asymmetric encryption algorithm and the private key, and fingerprint feature signature data are generated;
encrypting the fingerprint biological characteristic data by using a symmetric encryption algorithm and the fingerprint characteristic signature data, and generating fingerprint characteristic encrypted data;
and storing the fingerprint feature encrypted data to a storage device.
In the embodiment of the invention, the fingerprint characteristic data is subjected to hash signature processing by adopting a hash algorithm and an asymmetric encryption algorithm, so that the security of the fingerprint biological characteristic data is ensured, the fingerprint characteristic encrypted data can be authenticated, the security of the data is ensured, and the fingerprint characteristic data is stored and used after being encrypted by adopting the symmetric encryption algorithm and the fingerprint characteristic signature data, so that the data cannot be decrypted even if being acquired by an unauthorized user, and the security of the fingerprint biological characteristic data is ensured.
Further, according to an embodiment of the present invention, the obtaining an encryption key of an asymmetric encryption algorithm includes:
establishing a communication connection with a remote server;
and acquiring an encryption key of the asymmetric encryption algorithm from the remote server in a wired or wireless mode.
Further, according to an embodiment of the present invention, the acquiring fingerprint biometric data includes:
collecting a plurality of fingerprint images of the same fingerprint;
and extracting features from the acquired fingerprint images of a plurality of same fingerprints and generating the fingerprint biological feature data.
Further, according to an embodiment of the present invention, after the signing process is performed on the fingerprint feature hash data by using an asymmetric encryption algorithm and the private key, and the fingerprint feature signature data is generated, the method further includes the following steps:
acquiring a decryption public key of the asymmetric encryption algorithm;
decrypting the fingerprint feature signature data through the decryption public key, and executing the next step if the decryption is passed; otherwise, executing the signature processing on the fingerprint feature scattered data by using the asymmetric encryption algorithm and the private key, and generating fingerprint feature signature data.
Further, according to an embodiment of the present invention, the asymmetric encryption algorithm is an RSA algorithm;
the hash algorithm is SHA256 algorithm;
the symmetric encryption algorithm is an AES encryption algorithm.
A fingerprint storage encryption apparatus comprising:
the key acquisition module is used for acquiring an encryption key of an asymmetric encryption algorithm;
the fingerprint feature acquisition module is used for acquiring fingerprint biological feature data;
the discrete encryption processing module is used for performing discrete encryption processing on the fingerprint biological characteristic data by using a hash algorithm and generating fingerprint characteristic hash data;
the signature processing module is used for carrying out signature processing on the fingerprint feature hash data by using an asymmetric encryption algorithm and the private key and generating fingerprint feature signature data;
the symmetric encryption module is used for encrypting the fingerprint biological characteristic data by using a symmetric encryption algorithm and the fingerprint characteristic signature data and generating fingerprint characteristic encrypted data;
a storage module to store the fingerprint feature encrypted data to a storage device.
Further, according to an embodiment of the present invention, the key obtaining module includes:
the server connection module is used for establishing communication connection with a remote server;
and the receiving key module is used for acquiring an encryption key of the asymmetric encryption algorithm from the remote server in a wired or wireless mode.
Further, according to an embodiment of the present invention, the fingerprint feature acquisition module includes:
the fingerprint acquisition module is used for acquiring a plurality of fingerprint images of the same fingerprint;
and the graph synthesis module is used for extracting characteristics of the acquired fingerprint images of the same fingerprints and generating the fingerprint biological characteristic data.
Further, according to an embodiment of the present invention, the fingerprint storage encryption apparatus further includes:
the public key acquisition module is used for acquiring a decryption public key of the asymmetric encryption algorithm;
and the decryption verification module decrypts the fingerprint characteristic signature data through the decryption public key, and performs decryption verification.
A fingerprint storage encryption system comprising:
a server for generating an asymmetric encryption key;
in the fingerprint storage and encryption device, the fingerprint storage and encryption device is in communication connection with the server, and acquires the symmetric encryption key from the server to encrypt and store the fingerprint biological characteristic data.
According to the fingerprint storage encryption method, device and system provided by the embodiment of the invention, the fingerprint characteristic data is subjected to hash signature processing by adopting a hash algorithm and an asymmetric encryption algorithm, so that the security of the fingerprint biological characteristic data is ensured, the fingerprint characteristic encrypted data can be authenticated, the security of the data is ensured, and the fingerprint characteristic data is stored and used after being encrypted by adopting the symmetric encryption algorithm and the fingerprint characteristic signature data, so that the data cannot be decrypted even if being acquired by an unauthorized user, and the security of the fingerprint biological characteristic data is ensured.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the structures shown in the drawings without creative efforts.
FIG. 1 is a flowchart of a fingerprint storage encryption method provided by the present invention;
FIG. 2 is a flow chart of another fingerprint storage encryption method provided by the present invention;
FIG. 3 is a flowchart of another fingerprint storage encryption method provided by the present invention;
FIG. 4 is a flowchart of another fingerprint storage encryption method provided by the present invention;
FIG. 5 is a schematic diagram of another fingerprint storage encryption apparatus according to the present invention;
fig. 6 is a schematic structural diagram of a fingerprint storage encryption system provided by the present invention.
Reference numerals:
a fingerprint storage encryption device 10;
a key obtaining module 101;
a server connection module 1011;
a receive key module 1012;
a fingerprint feature acquisition module 102;
a fingerprint acquisition module 1021;
a graphics composition module 1022;
a discrete encryption processing module 103;
a signature processing module 104;
a public key obtaining module 105;
a decryption verification module 106;
a symmetric encryption module 107;
a storage module 108;
a server 20.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the accompanying drawings are illustrative only for the purpose of explaining the present invention, and are not to be construed as limiting the present invention.
Referring to fig. 1, fig. 1 is a flowchart illustrating an embodiment of a fingerprint storage encryption method according to an embodiment of the present invention, and for convenience of description, only the portions related to the embodiment of the present invention are shown. Specifically, the fingerprint storage encryption method specifically includes:
s101, acquiring an encryption key of an asymmetric encryption algorithm; in this step, since the fingerprint biometric data needs to be signed and encrypted by using an asymmetric algorithm, in a specific embodiment, the encryption key can be obtained from the server side in a wired or wireless manner. The server can be a local server or a remote server, the server generates an asymmetric encrypted public key and an encrypted secret key according to the access request, and sends the encrypted secret key to the fingerprint encryption end, and the fingerprint encryption end receives the encrypted secret key generated and sent by the server end so as to encrypt the fingerprint biological characteristic data.
Step S102, acquiring fingerprint biological characteristic data; in this step, the fingerprint biometric data is acquired, and the fingerprint biometric data is fingerprint data to be encrypted. The acquisition of fingerprint biometric data may be performed in a variety of ways. For example, fingerprint data can be collected through fingerprint data collection, and fingerprint biological characteristic data of a user can be collected in real time through a fingerprint collection module and used for being encrypted and then used. Specifically, when the fingerprint data of the user is collected, the fingerprint data of each user can be collected respectively, and the fingerprint data of each user is stored respectively for encryption.
In addition, in still other embodiments, the acquired fingerprint biometric data may also be acquired from another storage device in a wired or wireless manner, and the acquired fingerprint biometric data is stored and then locally stored for encryption.
Step S103, performing discrete encryption processing on the fingerprint biological characteristic data by using a hash algorithm, and generating fingerprint characteristic hash data; after the fingerprint biological characteristic data of the user is acquired, the fingerprint biological characteristic data is encrypted through a hash algorithm. Since hashing algorithms have the characteristic of creating a small digital digest "fingerprint" from any kind of data. The hash function compresses a message or data into a digest so that the amount of data becomes small, fixing the format of the data. Such functions mix the data down and recreate a digest called a hash value (or hash value). The hash value is typically represented by a short string of random letters and numbers. For example, for any length of message, SHA256 will generate a 256-bit long hash value, called a message digest. Because of the non-pushable nature of the hashing algorithm, its use of signing the original data can be better exploited. In this step, after the fingerprint biometric data is subjected to discrete encryption processing by using a hash algorithm, fingerprint feature hash data can be generated, and the fingerprint feature hash data is an abstract of the original fingerprint biometric data and is used for signature encryption.
Step S104, signature processing is carried out on the fingerprint feature scattered data by using an asymmetric encryption algorithm and a private key, and fingerprint feature signature data are generated; after the fingerprint biometric data is subjected to discrete encryption processing and fingerprint feature hash data is generated, signature processing needs to be performed on the fingerprint feature hash data so as to facilitate secret storage, network transmission or use of the fingerprint feature hash data as an encryption key of other data. Since in step S101, the encryption key of the asymmetric encryption algorithm has already been acquired. The fingerprint feature hash data can be signed through the acquired encryption key and the asymmetric encryption algorithm, the fingerprint feature signature data is generated after the fingerprint feature hash data is signed, the fingerprint feature signature data after signature encryption can be decrypted only through a public key, and the public key is applied through a designated server. In the using process of the fingerprint biological characteristic data, after the public key is applied through the appointed server, the fingerprint characteristic signature data is decrypted, and after the used fingerprint biological characteristic data is subjected to discrete encryption processing by adopting the same discrete algorithm as the step S103, the fingerprint biological characteristic data is compared with the decrypted fingerprint characteristic signature data. If the comparison is the same, the used fingerprint biological characteristic data is the original data which is not tampered, so that the security of the fingerprint biological characteristic data is ensured, and the security problem caused by the use of non-original fingerprint biological characteristic data or other fingerprint biological characteristic data is avoided.
S105, encrypting the fingerprint biological characteristic data by using a symmetric encryption algorithm and the fingerprint characteristic signature data, and generating fingerprint characteristic encrypted data; after the fingerprint characteristic scattered data is signed, the generated fingerprint characteristic signature data is used for encrypting the fingerprint biological characteristic data so as to ensure the safety of the fingerprint biological characteristic data, prevent the original data of the fingerprint biological characteristic data stored in a plaintext from being directly exposed after the fingerprint biological characteristic data is copied, and increase the risk that the fingerprint biological characteristic data is acquired by an unauthorized person. After the fingerprint biological characteristic data is encrypted by adopting a symmetric encryption algorithm, an authorized user is required to obtain the fingerprint characteristic signature data, and the original fingerprint characteristic data is encrypted by adopting the fingerprint characteristic signature data. In this way, the unauthorized user cannot normally use the fingerprint feature encrypted data obtained from the storage device. And after the authorized user acquires the fingerprint feature signature data, the fingerprint feature encrypted data can be decrypted through the fingerprint feature signature data and then used. Therefore, the security of the original fingerprint biological characteristic data is ensured, and the data are prevented from being acquired by unauthorized users, so that the problems of security and privacy are solved.
And step S106, storing the fingerprint feature encrypted data into a storage device. After the original fingerprint biological characteristic data is encrypted, the encrypted fingerprint characteristic encrypted data can be stored in a storage device so as to be convenient for a user to use.
In the embodiment of the invention, the fingerprint characteristic data is subjected to hash signature processing by adopting a hash algorithm and an asymmetric encryption algorithm, so that the security of the fingerprint biological characteristic data is ensured, the fingerprint characteristic encrypted data can be authenticated, the security of the data is ensured, and the fingerprint biological characteristic data is stored and used after being encrypted by adopting the symmetric encryption algorithm and the fingerprint characteristic signature data, so that the data cannot be decrypted even if being acquired by an unauthorized user, and the security of the fingerprint biological characteristic data is ensured.
Referring to fig. 2, in this embodiment, a further improvement on the foregoing embodiment is that obtaining the encryption key of the asymmetric encryption algorithm includes: step S201, establishing communication connection with a remote server.
Step S202, an encryption key of the asymmetric encryption algorithm is obtained from a remote server in a wired or wireless mode.
Specifically, as shown in fig. 2, in the embodiment of the present invention, a communication connection is established with the server to initiate an encryption key acquisition request to the server. And in the initialization process, the server respectively generates an encryption key and a public key through an asymmetric encryption algorithm. And the server outputs the generated encryption key after receiving the encryption key request. The device side encrypts the signature of the fingerprint biological characteristic data by acquiring the encryption key. In the embodiment of the invention, the data is acquired by the server, and the legality of the acquired secret key is ensured, so that the legality of the signed fingerprint biological characteristic data is ensured. The security of the fingerprint biological characteristic data is further ensured.
Referring to fig. 3, in this embodiment, a further improvement on the above embodiment is that the acquiring fingerprint biometric data includes: step S302, collecting a plurality of fingerprint images of the same fingerprint.
And step S303, extracting characteristics of the acquired fingerprint images of the same fingerprints and generating fingerprint biological characteristic data.
Specifically, as shown in fig. 3, in the embodiment of the present invention, when fingerprint biometric data is collected, a fingerprint image of a user may be collected by a fingerprint collecting device, and when a fingerprint image of a user is collected by a fingerprint collecting device, the fingerprint images collected many times are collected and combined, and fingerprint biometric data is obtained by extracting fingerprint biometric characteristics of the fingerprint image. Thus, the acquired fingerprint biological characteristic data is closer to the actual fingerprint biological characteristics of the user. The generated fingerprint biological characteristic data is more effective, and the misjudgment condition generated when the fingerprint biological characteristic data is used for authentication is reduced.
Referring to fig. 4, in this embodiment, a further improvement on the basis of the above embodiment is that, after the asymmetric encryption algorithm and the private key are used to perform signature processing on the fingerprint feature hash data and generate the fingerprint feature signature data, the method further includes step S405 of obtaining a decryption public key of the asymmetric encryption algorithm;
step S406, decrypting the fingerprint feature signature data through the decryption public key, and executing the next step if the decryption is passed; otherwise, executing signature processing on the fingerprint feature hash data by using an asymmetric encryption algorithm and a private key, and generating fingerprint feature signature data.
Specifically, as shown in fig. 4, in the embodiment of the present invention, after the fingerprint feature hash data is signed, the server is connected to the server through communication, so that the decryption public key can be obtained from the server, the fingerprint feature signature data can be decrypted by using the decryption public key, and the fingerprint biometric data used in step S403 is subjected to discrete encryption processing by using the same discrete algorithm, and then is compared with the decrypted fingerprint feature signature data. If the comparison is the same, the fingerprint feature signature data is generated without problems, namely the decryption is passed. In the step, the fingerprint feature signature data is decrypted and confirmed through the public key, so that the integrity and the reliability of the signed fingerprint feature signature data are ensured.
Further, in one embodiment of the present invention, the asymmetric encryption algorithm is an RSA algorithm; the hash algorithm is SHA256 algorithm; the symmetric encryption algorithm is an AES encryption algorithm.
Specifically, the RSA algorithm includes, in the process of processing the fingerprint feature discrete data:
signature algorithmAnd taking the RSA private key and the SHA256 value of the fingerprint biological characteristic data to be signed as input, and outputting the signature X. RSA signature formula is X ═ Mdmod N, where M is the SHA256 value of the fingerprint biometric data and N and d are the encryption keys.
The signature is verified, and the public key PK, the signature X, and the SHA256 value of the biometric data are used as input, and outputting one bit value b, where b equals 1 means that the verification is passed.
The SHA256 algorithm comprises the following steps in the process of processing the fingerprint feature discrete data: constant initialization, 8 initial hash values and 64 constant hash values are used in the SHA256 algorithm.
The information preprocessing, the preprocessing in the SHA256 algorithm, is to supplement the required information after the message that wants to Hash, so that the whole message satisfies the specified structure.
Calculating a message abstract, firstly decomposing the fingerprint biological characteristic data into blocks with the size of 512-bit, decomposing each block into 16 32-bit big end words which are marked as w [0],.
Wt=σ1(Wt-2)+Wt-7+σ0(Wt-15)+Wt-16
And then 64 times of loop calculation is carried out to obtain the SHA256 value of the fingerprint biological characteristic data.
Referring to fig. 5, fig. 5 is a schematic structural diagram of an embodiment of a fingerprint storage encryption apparatus provided by an embodiment of the present invention, and for convenience of description, only parts related to the embodiment of the present invention are shown. Specifically, the fingerprint storage encryption device 10 includes: the system comprises a secret key acquisition module 101, a fingerprint characteristic acquisition module 102, a discrete encryption processing module 103, a signature processing module 104, a symmetric encryption module 107 and a storage module 108, wherein the secret key acquisition module 101 is used for acquiring an encryption secret key of an asymmetric encryption algorithm; since the fingerprint biometric data needs to be signed and encrypted by using an asymmetric algorithm, in a specific embodiment, the encryption key can be obtained from the server 20 in a wired or wireless manner. The server 20 may be the local server 20 or the remote server 20, the server 20 generates an asymmetrically encrypted public key and an encrypted key according to the access request, and sends the encrypted key to the fingerprint encryption terminal, and the fingerprint encryption terminal receives the encrypted key generated and sent by the server 20 terminal, so as to be used for encrypting the fingerprint biometric data.
The fingerprint feature acquisition module 102 is configured to acquire fingerprint biometric data; the acquisition of fingerprint biometric data may be performed in a variety of ways. For example, the fingerprint data may be collected by fingerprint data collection, and the fingerprint biometric data of the user may be collected in real time by the fingerprint feature obtaining module 102 and used for encryption. Specifically, when the fingerprint data of the user is collected, the fingerprint data of each user can be collected respectively, and the fingerprint data of each user is stored respectively for encryption.
In addition, in some other embodiments, the fingerprint biometric data after being acquired can be acquired from other storage devices in a wired or wireless manner. The acquired fingerprint biological characteristic data is stored and then locally stored for encryption.
The discrete encryption processing module 103 is configured to perform discrete encryption processing on the fingerprint biometric data by using a hash algorithm, and generate fingerprint feature hash data; after the fingerprint biological characteristic data of the user is acquired, the fingerprint biological characteristic data is encrypted through a hash algorithm. Since hashing algorithms have the characteristic of creating a small digital digest "fingerprint" from any kind of data. The hash function compresses a message or data into a digest so that the amount of data becomes small, fixing the format of the data. Such functions mix the data down and recreate a digest called a hash value (or hash value). The hash value is typically represented by a short string of random letters and numbers. For example, for any length of message, SHA256 will generate a 256-bit long hash value, called a message digest. Because of the non-pushable nature of the hashing algorithm, its use of signing the original data can be better exploited. In the module, after the fingerprint biological characteristic data is subjected to discrete encryption processing by using a hash algorithm, fingerprint characteristic scattered data can be generated, and the fingerprint characteristic scattered data is an abstract of the original fingerprint biological characteristic data and is used for signature encryption.
The signature processing module 104 is configured to perform signature processing on the fingerprint feature hash data by using an asymmetric encryption algorithm and a private key, and generate fingerprint feature signature data; after the fingerprint biometric data is subjected to discrete encryption processing and fingerprint feature hash data is generated, signature processing needs to be performed on the fingerprint feature hash data so as to facilitate secret storage, network transmission or use of the fingerprint feature hash data as an encryption key of data. Since in the key obtaining module 101, the encryption key of the asymmetric encryption algorithm has already been obtained. The fingerprint feature hash data can be signed by the acquired encryption key and the asymmetric encryption algorithm, the fingerprint feature signature data is generated after the fingerprint feature hash data is signed, the fingerprint feature signature data after signature encryption can be decrypted by the public key, and the public key is applied by the designated server 20. In the using process of the fingerprint biological characteristic data, after the public key is applied through the designated server 20, the fingerprint characteristic signature data is decrypted, and after the used fingerprint biological characteristic data is subjected to discrete encryption processing by adopting the same discrete algorithm as the discrete encryption module, the fingerprint biological characteristic data is compared with the decrypted fingerprint characteristic signature data. If the comparison is the same, the used fingerprint biological characteristic data is the original data which is not tampered, so that the security of the fingerprint biological characteristic data is ensured, and the security problem caused by the use of non-original fingerprint biological characteristic data or other fingerprint biological characteristic data is avoided.
The symmetric encryption module 107 is configured to encrypt the fingerprint biometric data using a symmetric encryption algorithm and the fingerprint feature signature data, and generate fingerprint feature encrypted data; after the fingerprint characteristic scattered data is signed, the generated fingerprint characteristic signature data is used for encrypting the fingerprint biological characteristic data so as to ensure the safety of the fingerprint biological characteristic data, thereby avoiding that the original data of the fingerprint biological characteristic data stored in a plaintext can be directly exposed after the fingerprint biological characteristic data is copied, and increasing the risk that the fingerprint biological characteristic data is acquired by an unauthorized person. After the fingerprint biological characteristic data is encrypted by adopting a symmetric encryption algorithm, an authorized user is required to obtain the fingerprint characteristic signature data, and the original fingerprint characteristic data is encrypted by adopting the fingerprint characteristic signature data. In this way, the unauthorized user cannot normally use the fingerprint feature encrypted data obtained from the storage device. And after the authorized user acquires the fingerprint feature signature data, the fingerprint feature encrypted data can be decrypted through the fingerprint feature signature data and then used. Therefore, the security of the original fingerprint biological characteristic data is ensured, and the data are prevented from being acquired by unauthorized users, so that the problems of security and privacy are solved.
The storage module 108 is used for storing the fingerprint feature encryption data to a storage device. After the original fingerprint biological characteristic data is encrypted, the encrypted fingerprint characteristic encrypted data can be stored in a storage device so as to be convenient for a user to use.
In the embodiment of the invention, the fingerprint characteristic data is subjected to hash signature processing by adopting a hash algorithm and an asymmetric encryption algorithm, so that the security of the fingerprint biological characteristic data is ensured, the fingerprint characteristic encrypted data can be authenticated, the security of the data is ensured, and the fingerprint biological characteristic data is stored and used after being encrypted by adopting the symmetric encryption algorithm and the fingerprint characteristic signature data, so that the data cannot be decrypted even if being acquired by an unauthorized user, and the security of the fingerprint biological characteristic data is ensured.
Further, according to an embodiment of the present invention, the key obtaining module 101 includes: the server 20 is connected to the module 1011 and receives the key module 1012, and the server 20 is connected to the module 1011 for establishing a communication connection with the remote server 20.
The receive key module 1012 is configured to obtain an encryption key of the asymmetric encryption algorithm from the remote server 20 in a wired or wireless manner.
Specifically, as shown in fig. 5, in the embodiment of the present invention, a communication connection is established with the server 20 to initiate an encryption key obtaining request to the server 20. The server 20 generates an encryption key and a public key respectively through an asymmetric encryption algorithm during an initialization process. The server 20, upon receiving the encryption key request, outputs the generated encryption key. The device side encrypts the signature of the fingerprint biological characteristic data by acquiring the encryption key. In the embodiment of the invention, the validity of the acquired key is ensured by acquiring data with the server 20, so that the validity of the signed fingerprint biological characteristic data is ensured. The security of the fingerprint biological characteristic data is further ensured.
Further, according to an embodiment of the present invention, the fingerprint feature obtaining module 102 includes: a fingerprint feature acquiring module 102 and a graph synthesizing module 1022, where the fingerprint feature acquiring module 102 is configured to acquire fingerprint images of a plurality of same fingerprints.
The graph synthesis module 1022 is configured to extract features from the acquired fingerprint images of a plurality of identical fingerprints and generate fingerprint biometric data.
Specifically, as shown in fig. 5, in the embodiment of the present invention, when fingerprint biometric data is collected, a fingerprint image of a user may be collected by a fingerprint collecting device, and when a fingerprint image of a user is collected by a fingerprint collecting device, the fingerprint images collected many times are collected and combined, and fingerprint biometric data is obtained by extracting fingerprint biometric characteristics of the fingerprint image. Thus, the acquired fingerprint biological characteristic data is closer to the actual fingerprint biological characteristics of the user. The generated fingerprint biological characteristic data is more effective, and the misjudgment condition generated when the fingerprint biological characteristic data is used for authentication is reduced.
Further, according to an embodiment of the present invention, the fingerprint storage encryption apparatus 10 further includes: the public key obtaining module 105 and the decryption verification module 106 obtain a decryption public key of the asymmetric encryption algorithm;
and decrypting the fingerprint feature signature data through the decryption public key, and performing decryption verification.
Specifically, as shown in fig. 5, in the embodiment of the present invention, after the fingerprint feature hash data is signed, the server 20 is connected to the decryption public key through communication, so that the decryption public key can be obtained from the server 20, the fingerprint feature signature data can be decrypted by using the decryption public key, and the fingerprint biometric data used is subjected to discrete encryption processing by using the same discrete algorithm as that of the discrete encryption module, and then is compared with the decrypted fingerprint feature signature data. If the comparison is the same, the fingerprint feature signature data is generated without problems, namely the decryption is passed. The fingerprint feature signature data is decrypted and confirmed through the public key in the module, and the integrity and the reliability of the signed fingerprint feature signature data are guaranteed.
It should be noted that, in the present specification, the embodiments are all described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments may be referred to each other. For the device or system type embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
In still another aspect, referring to fig. 6, the present invention further provides a fingerprint storage encryption system, including: a server 20 and the fingerprint storage encryption device 10, wherein the server 20 is used for generating an asymmetric encryption key;
the fingerprint storage encryption device 10 is in communication connection with the server 20, and acquires a symmetric encryption key from the server 20 to encrypt and store the fingerprint biometric data.
Specifically, as shown in fig. 6, in the embodiment of the present invention, a communication connection is established with the server 20 to initiate an encryption key acquisition request to the server 20. The server 20 generates an encryption key and a public key respectively through an asymmetric encryption algorithm during an initialization process. The server 20, upon receiving the encryption key request, outputs the generated encryption key. The device side encrypts the signature of the fingerprint biological characteristic data by acquiring the encryption key. In the embodiment of the invention, the validity of the acquired key is ensured by acquiring data with the server 20, so that the validity of the signed fingerprint biological characteristic data is ensured. The security of the fingerprint biological characteristic data is further ensured.
The fingerprint encryption method may be implemented by a computer program, which may be stored in a computer-readable storage medium, and when the computer program is executed by a processor, the steps of the method embodiments may be implemented. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like.
The computer program may be partitioned into one or more modules/units that are stored in the memory and executed by the processor to implement the invention.
It should be noted that the computer readable medium may contain other components which may be suitably increased or decreased as required by legislation and patent practice in jurisdictions, for example, in some jurisdictions, computer readable media which may not include electrical carrier signals and telecommunications signals in accordance with legislation and patent practice.
In the above embodiments, the descriptions of the respective embodiments have respective emphasis, and reference may be made to the related descriptions of other embodiments for parts that are not described or illustrated in a certain embodiment.
The steps in the method of the embodiment of the invention can be sequentially adjusted, combined and deleted according to actual needs.
The modules or units in the system of the embodiment of the invention can be combined, divided and deleted according to actual needs.
Those of ordinary skill in the art would appreciate that the various illustrative elements and algorithm steps described in connection with the embodiments disclosed herein may be implemented as electronic pre-set hardware or in a combination of computer software and electronic pre-set hardware. Whether these functions are performed by pre-determined hardware or software depends on the particular application and design constraints imposed on the solution. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
In the embodiments provided by the present invention, it should be understood that the disclosed apparatus/computer device and method may be implemented in other ways. For example, the above-described apparatus/computer device embodiments are merely illustrative, and for example, the division of the modules or units is only one logical division, and there may be other divisions when actually implemented, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.
Claims (10)
1. A fingerprint storage encryption method, comprising:
acquiring an encryption key of an asymmetric encryption algorithm;
acquiring fingerprint biological characteristic data;
performing discrete encryption processing on the fingerprint biological characteristic data by using a hash algorithm, and generating fingerprint characteristic hash data;
signature processing is carried out on the fingerprint feature scattered data by using an asymmetric encryption algorithm and the private key, and fingerprint feature signature data are generated;
encrypting the fingerprint biological characteristic data by using a symmetric encryption algorithm and the fingerprint characteristic signature data, and generating fingerprint characteristic encrypted data;
and storing the fingerprint feature encrypted data to a storage device.
2. The fingerprint storage encryption method of claim 1, wherein the obtaining the encryption key of the asymmetric encryption algorithm comprises:
establishing a communication connection with a remote server;
and acquiring an encryption key of the asymmetric encryption algorithm from the remote server in a wired or wireless mode.
3. The fingerprint storage encryption method of claim 1, wherein the acquiring fingerprint biometric data comprises:
collecting a plurality of fingerprint images of the same fingerprint;
and extracting features from the acquired fingerprint images of a plurality of same fingerprints and generating the fingerprint biological feature data.
4. The fingerprint storage encryption method according to claim 1, further comprising the steps of, after signing the fingerprint feature hash data using an asymmetric encryption algorithm and the private key and generating fingerprint feature signature data:
acquiring a decryption public key of the asymmetric encryption algorithm;
decrypting the fingerprint feature signature data through the decryption public key, and executing the next step if the decryption is passed; otherwise, executing the signature processing on the fingerprint feature scattered data by using the asymmetric encryption algorithm and the private key, and generating fingerprint feature signature data.
5. The fingerprint storage encryption method according to any one of claims 1 to 4, wherein the asymmetric encryption algorithm is RSA algorithm;
the hash algorithm is SHA256 algorithm;
the symmetric encryption algorithm is an AES encryption algorithm.
6. A fingerprint storage encryption apparatus, comprising:
the key acquisition module is used for acquiring an encryption key of an asymmetric encryption algorithm;
the fingerprint feature acquisition module is used for acquiring fingerprint biological feature data;
the discrete encryption processing module is used for performing discrete encryption processing on the fingerprint biological characteristic data by using a hash algorithm and generating fingerprint characteristic hash data;
the signature processing module is used for carrying out signature processing on the fingerprint feature hash data by using an asymmetric encryption algorithm and the private key and generating fingerprint feature signature data;
the symmetric encryption module is used for encrypting the fingerprint biological characteristic data by using a symmetric encryption algorithm and the fingerprint characteristic signature data and generating fingerprint characteristic encrypted data;
a storage module to store the fingerprint feature encrypted data to a storage device.
7. The fingerprint storage encryption apparatus of claim 6, wherein the key obtaining module comprises:
the server connection module is used for establishing communication connection with a remote server;
and the receiving key module is used for acquiring an encryption key of the asymmetric encryption algorithm from the remote server in a wired or wireless mode.
8. The fingerprint storage encryption device of claim 6, wherein the fingerprint feature acquisition module comprises:
the fingerprint acquisition module is used for acquiring a plurality of fingerprint images of the same fingerprint;
and the graph synthesis module is used for extracting characteristics of the acquired fingerprint images of the same fingerprints and generating the fingerprint biological characteristic data.
9. The fingerprint storage encryption device of claim 6, further comprising:
the public key acquisition module is used for acquiring a decryption public key of the asymmetric encryption algorithm;
and the decryption verification module decrypts the fingerprint characteristic signature data through the decryption public key, and performs decryption verification.
10. A fingerprint storage encryption system, comprising:
a server for generating an asymmetric encryption key;
the fingerprint storage encryption device according to any one of claims 6 to 9, wherein the fingerprint storage encryption device is in communication connection with the server, and obtains the symmetric encryption key from the server to perform encryption processing on fingerprint biometric data and store the fingerprint biometric data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911303008.4A CN111177748A (en) | 2019-12-17 | 2019-12-17 | Fingerprint storage encryption method, device and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911303008.4A CN111177748A (en) | 2019-12-17 | 2019-12-17 | Fingerprint storage encryption method, device and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111177748A true CN111177748A (en) | 2020-05-19 |
Family
ID=70657335
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911303008.4A Pending CN111177748A (en) | 2019-12-17 | 2019-12-17 | Fingerprint storage encryption method, device and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111177748A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111739200A (en) * | 2020-06-19 | 2020-10-02 | 广东工业大学 | Fingerprint electronic lock and encryption and decryption authentication method thereof |
| CN114826689A (en) * | 2022-03-31 | 2022-07-29 | 北京极感科技有限公司 | Information entry method, security authentication method and electronic equipment |
| WO2023142453A1 (en) * | 2022-01-28 | 2023-08-03 | 中国银联股份有限公司 | Biometric identification method, server, and client |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070016785A1 (en) * | 2005-07-14 | 2007-01-18 | Yannick Guay | System and method for digital signature and authentication |
| CN109687977A (en) * | 2019-01-10 | 2019-04-26 | 如般量子科技有限公司 | Anti- quantum calculation digital signature method and anti-quantum calculation digital signature system based on multiple pool of keys |
-
2019
- 2019-12-17 CN CN201911303008.4A patent/CN111177748A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20070016785A1 (en) * | 2005-07-14 | 2007-01-18 | Yannick Guay | System and method for digital signature and authentication |
| CN109687977A (en) * | 2019-01-10 | 2019-04-26 | 如般量子科技有限公司 | Anti- quantum calculation digital signature method and anti-quantum calculation digital signature system based on multiple pool of keys |
Non-Patent Citations (2)
| Title |
|---|
| 丁邢涛等: "基于混合加密的无线医疗传感网数据", 《医疗卫生装备》 * |
| 姚丽莎等: "指纹IRLRD 特征数字签名技术", 《计算机应用与软件》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111739200A (en) * | 2020-06-19 | 2020-10-02 | 广东工业大学 | Fingerprint electronic lock and encryption and decryption authentication method thereof |
| WO2023142453A1 (en) * | 2022-01-28 | 2023-08-03 | 中国银联股份有限公司 | Biometric identification method, server, and client |
| CN114826689A (en) * | 2022-03-31 | 2022-07-29 | 北京极感科技有限公司 | Information entry method, security authentication method and electronic equipment |
| CN114826689B (en) * | 2022-03-31 | 2024-01-12 | 北京极感科技有限公司 | Information input method, security authentication method and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20220191012A1 (en) | Methods For Splitting and Recovering Key, Program Product, Storage Medium, and System | |
| CN111079128B (en) | Data processing method and device, electronic equipment and storage medium | |
| US20190311148A1 (en) | System and method for secure storage of electronic material | |
| CN107770159B (en) | Vehicle accident data recording method and related device and readable storage medium | |
| EP3324572B1 (en) | Information transmission method and mobile device | |
| CN109829269A (en) | Method, apparatus and system based on E-seal authenticating electronic documents | |
| CN110798315B (en) | Data processing method and device based on block chain and terminal | |
| WO2019199288A1 (en) | System and method for secure storage of electronic material | |
| US20130028419A1 (en) | System and a method for use in a symmetric key cryptographic communications | |
| CN112232814B (en) | Encryption and decryption methods of payment key, payment authentication method and terminal equipment | |
| KR20060127080A (en) | User authentication method based on the utilization of biometric identification techniques and related architecture | |
| AU2021271512A1 (en) | Constructing a distributed ledger transaction on a cold hardware wallet | |
| CN111177748A (en) | Fingerprint storage encryption method, device and system | |
| CN110868291B (en) | Data encryption transmission method, device, system and storage medium | |
| US20220109661A1 (en) | System and method to improve user authentication for enhanced security of cryptographically protected communication sessions | |
| KR20200136829A (en) | User apparatus and method for the protection of confidential data | |
| CN114780923A (en) | Electronic seal management and control method and system | |
| CN109347923A (en) | Anti- quantum calculation cloud storage method and system based on unsymmetrical key pond | |
| CN111614467A (en) | System backdoor defense method and device, computer equipment and storage medium | |
| CN109299618B (en) | Quantum-resistant computing cloud storage method and system based on quantum key card | |
| AU2018100503A4 (en) | Split data/split storage | |
| CN114357418A (en) | Encryption authentication method, system, terminal device, server and storage medium | |
| CN112966280A (en) | Data processing method and device, server and data management system | |
| KR102068041B1 (en) | Appratus and method of user authentication and digital signature using user's biometrics | |
| CN115442046A (en) | Signature method, signature device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200519 |