CN112287316B - Biological authentication method and system based on elliptic curve and removable biological characteristics - Google Patents

Biological authentication method and system based on elliptic curve and removable biological characteristics Download PDF

Info

Publication number
CN112287316B
CN112287316B CN202011040666.1A CN202011040666A CN112287316B CN 112287316 B CN112287316 B CN 112287316B CN 202011040666 A CN202011040666 A CN 202011040666A CN 112287316 B CN112287316 B CN 112287316B
Authority
CN
China
Prior art keywords
pseudo
user
key
biometric
template
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011040666.1A
Other languages
Chinese (zh)
Other versions
CN112287316A (en
Inventor
吴磊
孟令珍
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Normal University
Original Assignee
Shandong Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Normal University filed Critical Shandong Normal University
Priority to CN202011040666.1A priority Critical patent/CN112287316B/en
Publication of CN112287316A publication Critical patent/CN112287316A/en
Application granted granted Critical
Publication of CN112287316B publication Critical patent/CN112287316B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The invention provides a biometric authentication method and system based on an elliptic curve and removable biometric features, and belongs to the technical field of biometric authentication privacy protection. The invention generates the pseudo-biological characteristics by using a random distance method, combines the pseudo-biological characteristics with fuzzy commitment to protect the generated pseudo-biological characteristic template, and establishes a safe session key protocol by using an elliptic curve, thereby further improving the safety of the privacy protection of the biological authentication and being capable of resisting various attacks, thereby having good value of practical application.

Description

Biological authentication method and system based on elliptic curve and removable biological characteristics
Technical Field
The invention belongs to the technical field of biological authentication privacy protection, and particularly relates to a biological authentication method and system based on an elliptic curve and a removable biological characteristic.
Background
The information in this background section is only for enhancement of understanding of the general background of the invention and is not necessarily to be construed as an admission or any form of suggestion that this information forms the prior art that is already known to a person of ordinary skill in the art.
With the rapid development of the internet and mobile technology, various convenient online services are provided for our lives, but when users access these services through an insecure channel, the users become attacked objects, in order to protect sensitive information from being stolen and illegally used, the demand for identity authentication between users and servers is higher, traditional identity authentication uses passwords or smart cards for protection and authentication, but passwords are easy to forget, passwords of different levels of systems are difficult to remember, especially passwords with high security levels, smart cards are easy to share, compared with biological characteristics as unique identification of identities, copying and counterfeiting are difficult, the technology is superior to traditional authentication technology with higher reliability, security and convenience, biological authentication is widely applied to services of various industries, but permanent invalidation and privacy disclosure of biological characteristics face greater security threats, privacy protection for biometric authentication has become a focus of attention for many scholars.
The biological characteristic information is stored and transmitted in a digital entity form, so that the biological characteristic information is easily attacked by hacker attack and other malicious activities, a plurality of schemes for protecting biological authentication privacy are provided, the traditional privacy protection scheme uses an encryption technology to protect the biological characteristic information, but the biological characteristic information needs to be decrypted to obtain original information for authentication during authentication, and at the moment, an attacker risks stealing the biological characteristic information in a plaintext. Based on the homomorphic encryption scheme, matching can be performed without decryption in a ciphertext state, the safety is improved, but the operation on the ciphertext increases the calculation amount and reduces the efficiency, and the method cannot be widely applied to actual life. And compared with the cancelable biological characteristics, the method generates safe and diversified pseudo biological characteristics, protects the original biological characteristics, has simple calculation and relatively improved efficiency, and improves the credibility and acceptability of the system.
In order to establish a secure channel on a public network, further improve the privacy protection of a cancelable biometric technology, better verify the authenticity of a server and a user, and play an important role in mutual authentication and session keys, the current key protocol scheme cannot resist denial of service attacks, cannot provide perfect forward secrecy, cannot resist user anonymity and impersonation attacks, replay attacks and the like, a reliable new biometric authentication key protocol scheme is developed, and the existing well-known attacks can be overcome.
Disclosure of Invention
In view of the above-mentioned deficiencies of the prior art, the present invention provides a biometric authentication method and system for privacy protection based on elliptic curves and removable biometrics. The invention generates the pseudo-biological characteristics by using a random distance method, combines the pseudo-biological characteristics with fuzzy commitment to protect the generated pseudo-biological characteristic template, and establishes a safe session key protocol by using an elliptic curve, thereby further improving the safety of the privacy protection of the biological authentication and being capable of resisting various attacks, thereby having good value of practical application.
The invention is realized by the following technical scheme:
in a first aspect of the present invention, there is provided a biometric authentication method based on an elliptic curve and a removable biometric feature, the biometric authentication method comprising:
establishing a session key protocol by using an elliptic curve so as to generate public parameters such as a private key and a public key;
acquiring user information input by a user, generating a pseudo-biometric template by adopting a random distance method, and generating auxiliary data by using a fuzzy commitment;
processing the pseudo biological characteristic template and the auxiliary data by using a fuzzy commitment, recovering a key, and performing hash matching verification on the key and an original key to obtain a matching result;
the original secret key is obtained by acquiring user information input by a user during user registration, generating a pseudo-biometric template and auxiliary data after processing by adopting a random distance method and a fuzzy commitment, and processing the pseudo-biometric template and the auxiliary data by using the fuzzy commitment.
Establishing a session key protocol using elliptic curves includes: selecting a non-single point elliptic curve, determining the order and the base point, randomly selecting a private key and calculating the public key, and taking the parameters as public parameters.
More specifically, in the finite field FpSelecting an elliptical curve Ep(a, b), n is a large prime number, G is a base point, n is the order of G, and one is randomly selected
Figure BDA0002706540100000031
As its private key, the public key is computed as ppub(ii) sG, { Ep(a,b),n,G,ppubThe parameter is taken as a common parameter.
The user information comprises identity, password and biological information; the biological information is a unique biological characteristic of the user, such as a voiceprint, a fingerprint, a face, a pupil, a blood capillary, and the like of the user, specifically, one or more of the biological characteristics may be included, such as the fingerprint and the blood capillary of the user. Of course, the biometric information in the present invention may be feature amount information generated by performing a certain extraction process on the biometric feature of the user. For example, in the case of a blood capillary, the biological information may be an image of the blood capillary or may be parameter information of the blood capillary. The present invention is not particularly limited in this regard.
The method for processing and generating the pseudo biological characteristic template by the random distance method comprises the following steps:
the method comprises the steps of extracting features by adopting a log-Gabor filter to generate a one-dimensional vector, salting the one-dimensional vector by selecting a random network value RG, dividing the one-dimensional vector into two parts which are the same, mapping to generate feature points of a user, dividing a key of the generated user into two parts, mapping to generate random points, calculating the distance between the two points to serve as a vector, performing median filtering operation on the distance vector to enable the whole process to become irreversible, and generating a transformed template.
More specifically, the method comprises the following steps:
s1, calculating and extracting the characteristics of the preprocessed biological information by using a log-Gabor filter to generate a one-dimensional vector fvv ∈ RN′
S2, generating the value of the specific user as the random network RG ∈ RN′The random network RG has the same size with the one-dimensional vector fvv, and the random network RG is used for salinization of the original characteristic vector, namely fs is fvv + RG, so that the entropy of the template is increased;
s3, dividing fs after salt addition into two equal partial vectors fX-fs (1: N '/2) and fY-fs (N '/2 +1: N '), and defining mapping FP by the corresponding values of the two partial vectorsj(x1=fX(j),y1Fy (j) where j 1.. N'/2);
s4, generating user' S private key k ∈ RN′Dividing the key k into two equal parts k0And k1Defining a random point mapping RPj(x0=k0(j),y0=k1(j) Calculates the characteristic point FP of the userj(x1,y1) And a random point RPj(x0,y0) Distance d between as vector d (j) d;
s5, median filtering the vector D to generate a transformed pseudo-biometric template Tf, the median filtering being used to provide the non-invertible operation.
In a second aspect of the present invention, there is provided a biometric authentication system based on elliptic curves and removable biometrics, the biometric authentication system including at least:
a creation unit: public parameters such as private keys and public keys are generated; specifically, a session key protocol is established by using an elliptic curve so as to generate public parameters such as the private key and the public key;
an acquisition unit for acquiring user information input by a user;
the analysis unit is used for generating a pseudo-biometric template from the user information acquired by the acquisition unit by adopting a random distance method and generating auxiliary data by using a fuzzy commitment;
a matching unit: the method is used for processing the pseudo-biometric template and the auxiliary data by using the fuzzy commitment, recovering the secret key, and carrying out hash matching verification on the secret key and the original secret key to obtain a matching result.
The establishment of the session key protocol using elliptic curves includes: selecting a non-single point elliptic curve, determining the order and the base point of the curve, randomly selecting a private key and calculating a public key of the private key, and taking the parameters as public parameters.
The user information comprises identity, password and biological information; the biological information is a unique biological characteristic of the user, such as a voiceprint, a fingerprint, a face, a pupil, a blood capillary, and the like of the user, specifically, one or more of the biological characteristics may be included, such as the fingerprint and the blood capillary of the user. Of course, the biometric information in the present invention may be feature amount information generated by performing a certain extraction process on the biometric feature of the user. For example, in the case of a blood capillary, the biological information may be an image of the blood capillary or may be parameter information of the blood capillary. The present invention is not particularly limited in this regard.
The method for processing and generating the pseudo biological characteristic template by the random distance method comprises the following steps:
the method comprises the steps of extracting features by a log-Gabor filter to generate a one-dimensional vector, salting the one-dimensional vector by selecting a random network value RG, dividing the one-dimensional vector into two identical parts, mapping to generate feature points of a user, dividing a key of the generated user into two parts, mapping to generate random points, calculating the distance between the two points to serve as a vector, performing median filtering operation on the distance vector to enable the whole process to become irreversible, and generating a transformed template.
The biometric authentication system comprises a user side, a server side, a database and an intelligent card; a biometric authentication process is implemented based on the biometric authentication system, the biometric authentication process comprising at least two phases, an enrollment phase and a verification phase.
Wherein the content of the first and second substances,
the registration stage specifically comprises: the user terminal registers the user information in the server terminal, a pseudo-biometric template is generated by using a random distance method and stored in a database, the conversion parameters are stored in the smart card, the server terminal carries out anonymous processing on the user information of the user, auxiliary data are generated by adopting fuzzy commitment and stored in the data.
The verification stage specifically comprises the following steps: the user end inputs user information, the same conversion parameters in the intelligent card are used for generating a pseudo-biometric template, the pseudo-biometric template and an anonymous identity are sent to the server, the server decrypts the identity of the user, verifies the authenticity of the identity of the user, adopts fuzzy commitment to input the pseudo-biometric template and auxiliary data, performs hash matching verification on a recovered secret key and an original secret key, establishes a session secret key between the user end and the server end according to the difficulty of the elliptic curve dispersion problem, completes communication, can resist various attacks, and further improves privacy protection of biometric authentication.
Of course, in order to complete the above two phases, the biometric authentication process further includes a system initialization phase, specifically: the server generates required parameters, selects a non-single-point elliptic curve, determines the order and the base point of the elliptic curve, randomly selects a private key and calculates the public key of the private key, and takes the parameters as public parameters.
In a third aspect of the present invention, a network device is provided, which includes a memory and a processor coupled to each other, wherein the memory stores a computer program, and when the computer program is executed by the processor, the network device executes the above-mentioned biometric authentication method.
In a fourth aspect of the present invention, there is provided a computer-readable storage medium having stored therein a computer program which, when run on a computer, causes the computer to execute the above-described biometric authentication method.
Compared with the prior art, the beneficial technical effects of one or more technical schemes are as follows:
(1) in the technical scheme, the biometric authentication scheme for privacy protection based on the cancelable biometric features generates the pseudo biometric feature template by using a novel template conversion method-random distance method, so that the dimension of the biometric features is reduced by 50%, and compared with the conversion of other schemes, the biometric authentication scheme is simple in calculation, has non-reversibility and non-connectability, can resist various attacks, and improves the privacy protection safety of the biometric authentication.
(2) In the technical scheme, the biometric authentication scheme for privacy protection based on the elliptic curve and the cancelable biometric features adopts a method of combining the random distance method and the fuzzy commitment to protect the generated pseudo biometric template, reduces the calculation complexity compared with the prior scheme, and relatively improves the efficiency.
(3) In the technical scheme, the elliptic curve cryptography is a biological authentication scheme for privacy protection based on elliptic curves and cancelable biological characteristics, and when the elliptic curve cryptography provides the same level of security, compared with other public key cryptography, the elliptic curve cryptography has a much smaller key, so that the whole biological authentication session key protocol has higher efficiency, and the mutual authentication of participants is realized. The pseudo-biological characteristics generated by the elliptic curve and the random distance method are adopted to carry out double protection on the biological authentication, various attacks can be resisted, and the safety is improved a lot relatively, so that the method has good practical application value.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, are included to provide a further understanding of the invention, and are included to illustrate an exemplary embodiment of the invention and not to limit the invention.
FIG. 1 is a symbolic and descriptive diagram of an overall phase of a first embodiment of the present invention;
FIG. 2 is a process diagram of a user registration phase in accordance with an embodiment of the present invention;
FIG. 3 is a diagram illustrating a process of generating pseudo-biometric features by random distance method during the registration phase according to an embodiment of the present invention;
FIG. 4 is a diagram illustrating a process for generating assistance data in a registration phase fuzzy commitment scheme in accordance with an embodiment of the present invention;
FIG. 5 is a diagram illustrating a biometric authentication process using a fuzzy commitment scheme during a verification phase according to an embodiment of the invention;
FIG. 6 is a process diagram of the key agreement phase of the authentication phase in accordance with one embodiment of the present invention;
FIG. 7 is a flowchart of a second embodiment of the present invention.
Detailed Description
It is to be understood that the following detailed description is exemplary and is intended to provide further explanation of the invention as claimed. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of exemplary embodiments according to the invention. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, and it should be understood that when the terms "comprises" and/or "comprising" are used in this specification, they specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof, unless the context clearly indicates otherwise. The scope of the invention is not limited to the specific embodiments described below.
The invention is further illustrated by the following examples, which are not to be construed as limiting the invention thereto. It should be understood that these examples are for illustrative purposes only and are not intended to limit the scope of the present invention.
Example one
The embodiment of the invention provides a biological authentication method for privacy protection based on an elliptic curve and a cancelable biological special certificate.
In order to enable a user to safely access online services, safe communication is established between participants, the safety requirement of identity verification is higher and higher, the portability and the reliability of biometric authentication are superior to those of the traditional technology, the biometric authentication is widely applied to various online services, but a great safety risk is faced, revocable pseudo-biometric features are generated by adopting cancelable biometric features and are combined with fuzzy commitment to protect the generated pseudo-biometric feature template, and the privacy protection of the biometric authentication is further improved by adopting an elliptic curve to establish a safe session key protocol between the user and a server.
The method specifically comprises a system initialization stage, a registration stage and an authentication and key agreement stage, and the specific process is as follows:
(A) system initialization phase
This phase is mainly done by the server. In a finite field FpSelecting an elliptical curve Ep(a, b), n is a large prime number, G is a base point, n is the order of G, and one is randomly selected
Figure BDA0002706540100000081
As its private key, the public key is computed as ppub(ii) sG, { Ep(a,b),n,G,ppubThe parameter is taken as a common parameter.
(B) Registration phase
(1) A user side:
the user enters his identity IDiPassword PWiAnd biological information BiGenerating a random number riTo calculate
Figure BDA0002706540100000091
ID (identity)iAnd MPiSending to a server, processing the biological information, generating a random key K by the userTPerforming random distance conversion to generate a pseudo-biometric template, placing the template Tf in a database, and converting the parameters RG and KTPut into a smart card SCiIn fig. 2, a detailed process is given.
The specific process of generating the template of the pseudo-biometric feature by the random distance method is shown in fig. 3:
firstly, calculating and extracting the characteristics of the preprocessed biological information by using a log-Gabor filter to generate a one-dimensional vector fvv which belongs to RN′
Generating a value of a specific user as a random network RG ∈ RN′And RG is the same as the size of fvv, and the original characteristic vector is salinized by using a random network RG, namely fs is fvv + RG, so that the entropy of the template is increased.
③ dividing the salted fs into two equal partial vectors fX ═ fs (1: N '/2) and fY ═ fs (N '/2 +1: N '), usingThe values corresponding to these two points define the mapping FPj(x1=fX(j),y1Fy (j) where j 1.. N'/2).
Generating user special key k belonged to RN′Dividing the key k into two equal parts k0And k1Defining a random point mapping RPj(x0=k0(j),y0=k1(j) Calculates the characteristic point FP of the userj(x1,y1) And a random point RPj(x0,y0) The distance d between them is given as vector d (j) d.
Fifthly, carrying out median filtering on the vector D to generate a transformed template Tf, wherein the median filtering is used for providing non-reversible operation.
Therefore, the conversion parameters in the process are RG and K, different pseudo-biometric templates can be generated by changing the conversion parameters, and even if RG and K are known by an attacker at the same time, original biometric information cannot be leaked due to non-reversibility.
(2) Server terminal
User IDiAnd MPiSending to the server, the server checks H (ID) firsti) If it exists in the database, a random number N will be generated0And calculate Qi=H(IDi||s),eIDi=Es(IDi||N0),
Figure BDA0002706540100000101
Vi=H(IDi||Qi) The server generates a secret key K, obtains the pseudo-biometric template Tf from the database, and generates the helper data HD using the fuzzy commitment scheme and places the helper data HD in the database as shown in fig. 4. Will { H (ID)i) HD, H (K) } in the database, will { eIDi,Ri,Vi,Ek(·)/Dk(r), H (r) } on the smart card SCi
(C) Authentication and Key Agreement phase
This stage gives a detailed process in fig. 6, where the user enters the user's identity using his smart cardIDiPassword PWiAnd biological information BiGenerating a random number riAnd calculate
Figure BDA0002706540100000102
Verification Vi?=H(IDi||Qi) If the user's identity is authentic, a random number is generated
Figure BDA0002706540100000103
And define X ═ xG, A1=H(IDi||Qi||X||t1),t1Is the current timestamp of the user side. Using SCiRG and K inTTo biological information BiRandom distance conversion is carried out to generate a pseudo-biological conversion template Tf', and { eIDi,X,A1,t1And Tf' is sent to the server side.
The server side checks the timestamp t first1Is validated by verifying t'1-t1?<Δ t, wherein t'1Is the time of receiving the message, if not, s will terminate the procedure, otherwise, the server will use its own private key to decrypt the user identity, IDi||N0=Ds(eIDi) After the user's identity is obtained, Q ' is calculated 'i=H(IDi| s), check A1?=H(IDi||Q′iX||t1) S, verifying the authenticity of the user, applying a fuzzy commitment scheme, inputting Tf ' and auxiliary data HD extracted from the database, recovering a secret key k ', checking Hash (k ')? Hash (k) after the establishment, the server generates a random number as shown in fig. 5
Figure BDA0002706540100000104
And a random number delta, calculating Y ═ yG, NIDi=Es(IDi||δ),
Figure BDA0002706540100000105
A2=H(C2||Q′i||t2) Will { C2,A2,t2And sending the data to the user side.
The user end first checks the timestamp t2Is validated by verifying t'2-t2?<Δ t, wherein t'2Is the time of receiving the information, if not, terminates the session, otherwise checks A2?=H(C2||Qi||t2) If the result is true, namely the user verifies s, only the legal server is developed, if the result is false, the conversation is terminated, otherwise, the calculation is carried out
Figure BDA0002706540100000111
eID of electronic articleiReplacement to NIDiEstablishing a Session SKi=H(Qi||X||Y||xY),A3=H(NIDi| Y), A is substituted3Sent to the server, which verifies A3?=H(NIDiY), if not, terminating the session, otherwise computing the session Skj=H(Q′iI | X | | Y | | | yX), the authentication is completed.
The method applies the cancelable biological characteristics to the biological authentication to generate the pseudo biological characteristics with privacy, reliability and safety, reduces the complexity of calculation compared with other conversion schemes, protects the original biological characteristics from being leaked, establishes a session key by using the elliptic curve cipher among participants, and has the characteristic of relatively improving the efficiency and resisting various known attacks due to the fact that the key is small at the same safety level, so that the privacy protection of the biological authentication is greatly improved.
Example two
In one or more embodiments, the present invention provides a system for privacy-preserving biometric authentication based on elliptic curves and revocable biometric features. The flow chart is as shown in fig. 7, the system comprises a client, a server, a database and a smart card, and the secure communication is established between the client and the server, so as to realize the following functions.
(1) Registration phase
The client sends the user identity to the server, stores the pseudo-biometric template generated by conversion in the database, and the server carries out anonymous operation on the user identity, processes the pseudo-biometric template by using a fuzzy commitment scheme to generate auxiliary data and stores the auxiliary data in the database.
(2) Verification phase
The client user inputs identity, password and biological information by carrying an intelligent card, a pseudo-biological characteristic template is generated by using the same conversion parameters, the pseudo-biological characteristic template and the anonymous identity are sent to the server, the server inputs the pseudo-biological characteristic template and auxiliary data by using fuzzy commitment, the restored secret key is subjected to hash matching with the original secret key, a session secret key is established at the client and the server according to the difficulty of the elliptic curve dispersion problem, various attacks can be resisted, and the privacy protection of biological authentication is further improved.
The specific working method of the system is the same as the steps in the first embodiment, and details are not repeated here.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects.
Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and so forth) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It should be noted that the above examples are only used to illustrate the technical solutions of the present invention and not to limit them. Although the present invention has been described in detail with reference to the examples given, those skilled in the art can modify the technical solution of the present invention as needed or equivalent substitutions without departing from the spirit and scope of the technical solution of the present invention.

Claims (9)

1. A biometric authentication method based on an elliptic curve and a cancelable biometric feature, the biometric authentication method comprising:
establishing a session key protocol using an elliptic curve, thereby generating public parameters including a private key and a public key;
acquiring user information input by a user, generating a pseudo-biometric template by adopting a random distance method, and generating auxiliary data by using a fuzzy commitment;
processing the pseudo biological characteristic template and the auxiliary data by using a fuzzy commitment, recovering a key, and performing hash matching verification on the key and an original key to obtain a matching result;
the original secret key is obtained by acquiring user information input by a user during user registration, generating a pseudo-biometric template and auxiliary data after processing by adopting a random distance method and a fuzzy commitment, and processing the pseudo-biometric template and the auxiliary data by using the fuzzy commitment;
establishing a session key protocol using elliptic curves includes: selecting a non-single-point elliptic curve, determining the order and the base point of the elliptic curve, randomly selecting a private key and calculating a public key of the private key, and taking the parameters as public parameters;
the client sends the user identity to the server, stores the pseudo-biometric template generated by conversion in the database, and the server performs anonymous operation on the user identity, processes the pseudo-biometric template by using a fuzzy commitment scheme to generate auxiliary data and stores the auxiliary data in the database;
the client user inputs identity, password and biological information by carrying an intelligent card, a pseudo-biological characteristic template is generated by using the same conversion parameters, the pseudo-biological characteristic template and the anonymous identity are sent to the server, the server inputs the pseudo-biological characteristic template and auxiliary data by using fuzzy commitment, the restored secret key is subjected to hash matching with the original secret key, a session secret key is established at the client and the server according to the difficulty of the elliptic curve dispersion problem, various attacks can be resisted, and the privacy protection of biological authentication is further improved.
2. The biometric authentication method of claim 1, wherein the user information comprises an identity, a password, and biometric information.
3. The biometric authentication method of claim 1, wherein the random distance method processing the method of generating the pseudo-biometric template comprises:
the method comprises the steps of extracting features by a log-Gabor filter to generate a one-dimensional vector, salting the one-dimensional vector by selecting a random network value RG, dividing the one-dimensional vector into two identical parts, mapping to generate feature points of a user, dividing a key of the generated user into two parts, mapping to generate random points, calculating the distance between the two points to serve as a vector, performing median filtering operation on the distance vector to enable the whole process to become irreversible, and generating a transformed pseudo-biological feature template.
4. A biometric authentication system based on elliptic curves and cancelable biometrics, characterized in that the biometric authentication system comprises at least:
a creation unit: for generating public parameters including public and private keys;
an acquisition unit configured to acquire user information input by a user;
the analysis unit is used for generating a pseudo-biometric template from the user information acquired by the acquisition unit by adopting a random distance method and generating auxiliary data by using a fuzzy commitment;
a matching unit: the system is used for processing the pseudo-biometric template and the auxiliary data by using a fuzzy commitment, recovering a key and performing hash matching verification on the key and an original key to obtain a matching result;
establishing a session key protocol using elliptic curves includes: selecting a non-single-point elliptic curve, determining the order and the base point of the curve, randomly selecting a private key and calculating a public key of the private key, and taking the parameters as public parameters;
the client sends the user identity to the server, stores the pseudo-biometric template generated by conversion in the database, and the server performs anonymous operation on the user identity, processes the pseudo-biometric template by using a fuzzy commitment scheme to generate auxiliary data and stores the auxiliary data in the database;
the client user inputs identity, password and biological information by carrying an intelligent card, a pseudo biological characteristic template is generated by using the same conversion parameters, the pseudo biological characteristic template and the anonymous identity are sent to the server, the server inputs the pseudo biological characteristic template and auxiliary data by using a fuzzy commitment, the restored key is subjected to hash matching with the original key, a session key is established at the client and the server according to the difficulty of an elliptic curve dispersion problem, various attacks can be resisted, and the privacy protection of biological authentication is further improved.
5. The biometric authentication system of claim 4, wherein establishing the session key protocol using elliptic curves comprises: selecting a non-single point elliptic curve, determining the order and the base point, randomly selecting a private key and calculating the public key, and taking the parameters as public parameters.
6. The biometric authentication system of claim 4, wherein the user information comprises an identity, a password, and biometric information.
7. The biometric authentication system of claim 4, wherein the random distance method process generating the pseudo-biometric template comprises:
extracting features by adopting a log-Gabor filter to generate a one-dimensional vector, salting the one-dimensional vector by selecting a random network value RG, dividing the one-dimensional vector into two identical parts, mapping to generate a feature point of a user, dividing a key of the generated user into two parts, mapping to generate a random point, calculating the distance between the two points as a vector, performing median filtering operation on the distance vector to make the whole process become irreversible, and generating a transformed template;
preferably, the biometric authentication system comprises a user side, a server side, a database and a smart card; implementing a biometric authentication process based on the biometric authentication system, the biometric authentication process comprising at least two phases, an enrollment phase and a verification phase;
more preferably, it is a mixture of more preferably,
the registration stage specifically comprises: the user terminal registers user information in the server terminal, a pseudo-biometric template is generated by using a random distance method and stored in a database, conversion parameters are stored in an intelligent card, the server terminal carries out anonymous processing on the user information of the user, auxiliary data are generated by adopting fuzzy commitment and stored in data;
the verification stage specifically comprises the following steps: the user end inputs user information, the same conversion parameters in the intelligent card are used for generating a pseudo-biological characteristic template, the pseudo-biological characteristic template and the anonymous identity are sent to the server end, the server end decrypts firstly, verifies the authenticity of the identity of the user, adopts fuzzy commitment, inputs the pseudo-biological characteristic template and auxiliary data, carries out hash matching verification on the recovered secret key and an original secret key, establishes a session secret key between the user end and the server end, and completes communication.
8. A network device comprising a memory and a processor coupled to each other, the memory storing a computer program that, when executed by the processor, causes the network device to perform the biometric authentication method of any one of claims 1 to 3.
9. A computer-readable storage medium, in which a computer program is stored, which, when run on a computer, causes the computer to execute the biometric authentication method according to any one of claims 1 to 3.
CN202011040666.1A 2020-09-28 2020-09-28 Biological authentication method and system based on elliptic curve and removable biological characteristics Active CN112287316B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011040666.1A CN112287316B (en) 2020-09-28 2020-09-28 Biological authentication method and system based on elliptic curve and removable biological characteristics

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011040666.1A CN112287316B (en) 2020-09-28 2020-09-28 Biological authentication method and system based on elliptic curve and removable biological characteristics

Publications (2)

Publication Number Publication Date
CN112287316A CN112287316A (en) 2021-01-29
CN112287316B true CN112287316B (en) 2022-07-12

Family

ID=74422658

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011040666.1A Active CN112287316B (en) 2020-09-28 2020-09-28 Biological authentication method and system based on elliptic curve and removable biological characteristics

Country Status (1)

Country Link
CN (1) CN112287316B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103873234A (en) * 2014-03-24 2014-06-18 西安电子科技大学 Biological quantum secret key distribution method oriented to wireless body area network
CN107908983A (en) * 2017-11-14 2018-04-13 维沃移动通信有限公司 A kind of method and mobile terminal for controlling mobile terminal screen
CN109687957A (en) * 2018-12-26 2019-04-26 无锡泛太科技有限公司 A kind of RFID authentication method of the public-key cryptography scheme based on ellipse-hyperbolic

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103873234A (en) * 2014-03-24 2014-06-18 西安电子科技大学 Biological quantum secret key distribution method oriented to wireless body area network
CN107908983A (en) * 2017-11-14 2018-04-13 维沃移动通信有限公司 A kind of method and mobile terminal for controlling mobile terminal screen
CN109687957A (en) * 2018-12-26 2019-04-26 无锡泛太科技有限公司 A kind of RFID authentication method of the public-key cryptography scheme based on ellipse-hyperbolic

Also Published As

Publication number Publication date
CN112287316A (en) 2021-01-29

Similar Documents

Publication Publication Date Title
US9887989B2 (en) Protecting passwords and biometrics against back-end security breaches
CN103124269B (en) Based on the Bidirectional identity authentication method of dynamic password and biological characteristic under cloud environment
Gaddam et al. Efficient Cancelable Biometric Key Generation Scheme for Cryptography.
Barman et al. Fingerprint-based crypto-biometric system for network security
CN110969431B (en) Secure hosting method, device and system for private key of blockchain digital coin
US20150113283A1 (en) Protecting credentials against physical capture of a computing device
CN110392027A (en) Authentication, method for processing business and system based on biological characteristic
CN109379176B (en) Password leakage resistant authentication and key agreement method
CN111541713A (en) Identity authentication method and device based on block chain and user signature
Pan et al. An enhanced secure smart card-based password authentication scheme.
Penn et al. Customisation of paillier homomorphic encryption for efficient binary biometric feature vector matching
CN115801382A (en) User information authentication method and system
Bringer et al. An application of the Boneh and Shacham group signature scheme to biometric authentication
Yang et al. Efficient and privacy-preserving online face recognition over encrypted outsourced data
CN111355588B (en) Wearable device double-factor authentication method and system based on PUF and fingerprint characteristics
Zhu et al. A biometrics-based multi-server key agreement scheme on chaotic maps cryptosystem.
CN116112242B (en) Unified safety authentication method and system for power regulation and control system
CN112287316B (en) Biological authentication method and system based on elliptic curve and removable biological characteristics
Hamian et al. Blockchain-based User Re-enrollment for Biometric Authentication Systems
JP6151627B2 (en) Biometric authentication system, biometric authentication method, and computer program
Banerjee et al. A perfect dynamic-id and biometric based remote user authentication scheme under multi-server environments using smart cards
Amin et al. An efficient remote mutual authentication scheme using smart mobile phone over insecure networks
Barman et al. An approach to cryptographic key exchange using fingerprint
Sarkar et al. A cancelable biometric based secure session key agreement protocol employing elliptic curve cryptography
Talkhaby et al. Cloud computing authentication using biometric-Kerberos scheme based on strong Diffi-Hellman-DSA key exchange

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant