CN113688651A - Biological characteristic password desensitization protection method based on SM9 algorithm - Google Patents

Biological characteristic password desensitization protection method based on SM9 algorithm Download PDF

Info

Publication number
CN113688651A
CN113688651A CN202010415540.1A CN202010415540A CN113688651A CN 113688651 A CN113688651 A CN 113688651A CN 202010415540 A CN202010415540 A CN 202010415540A CN 113688651 A CN113688651 A CN 113688651A
Authority
CN
China
Prior art keywords
biological characteristic
algorithm
biological
template
data set
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010415540.1A
Other languages
Chinese (zh)
Inventor
尚望
兰天
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Tianrui Xin'an Technology Co ltd
Original Assignee
Chengdu Tianrui Xin'an Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Tianrui Xin'an Technology Co ltd filed Critical Chengdu Tianrui Xin'an Technology Co ltd
Priority to CN202010415540.1A priority Critical patent/CN113688651A/en
Publication of CN113688651A publication Critical patent/CN113688651A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3249Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The invention provides a biological characteristic desensitization protection method based on an SM9 algorithm. Specifically, in the registration stage, a biometric template is obtained by acquiring a biometric feature, a random number k is generated as a secret, the biometric template is used as a parameter, and k is processed by using an SM9 algorithm to obtain a data set Q. In the verification stage, biological characteristics are collected to obtain a biological characteristic template, the biological characteristic template and a data set Q are used for calculating to obtain a result s, and the consistency of the biological characteristics and the registered biological characteristics is judged through s and k, so that biological characteristic identification is completed. The method converts the matching of the biological characteristic template into the password calculation on the data set, the data set Q does not contain any information of the biological characteristic template, the biological characteristic template can not be pushed out irreversibly, and the data set Q can be withdrawn and has desensitization property; the data set Q can be used for replacing a biological characteristic template for storage, transmission and use, and identification is not influenced while biological characteristic desensitization protection is achieved.

Description

Biological characteristic password desensitization protection method based on SM9 algorithm
Technical Field
The present invention relates to the field of biometric identification, and in particular to the field of biometric password protection, including but not limited to this field.
Background
Biometric (Biometrics) refers to physiological or behavioral features used to identify or verify the identity of an individual, and the digitized description of a biometric constitutes a biometric template, which is used to store, transmit, and identify the biometric in the field of electronic information, and consists of a series of feature points, and this document does not distinguish between a biometric and a biometric template unless otherwise stated.
The biological characteristics have uniqueness and invariance, and the identity of the organism can be uniquely confirmed, and the method is called biological characteristic identification.
As shown in fig. 4, biometric identification includes two phases of enrollment and verification. In the registration stage, biological characteristics are collected to obtain a characteristic template and the characteristic template is stored, and in the verification stage, the collected characteristic template is compared with the registration characteristic template to determine the identity of the organism. In the existing identification method, a feature template is used for the storage, transmission and comparison process of biological feature identification. Once the biometric template is revealed, irrecoverable information security issues arise due to the irrecoverability and privacy of the biometric.
SM9 is an identification-based elliptic curve (ECC) cryptographic algorithm, which is a cryptographic algorithm developed autonomously in our country and has been released as the national cipher industry standard GM/T0044. The SM9 algorithm defines curve parameters, bilinear pairings, signing, encryption and key exchange functions. The biological characteristic template is processed into desensitization data by using an SM9 algorithm, the desensitization data is used for registration and verification, the biological characteristic matching is converted into password calculation on a data set, the biological characteristic template can be prevented from being directly used, and the desensitization protection of the biological characteristic is realized while the identification is carried out.
Disclosure of Invention
A biological characteristic password desensitization protection method based on SM9 algorithm. In the registration stage, a biological characteristic template is acquired; a random number k is generated as a secret, the biometric template is used as a parameter and k is processed using the SM9 algorithm to obtain a data set Q. In the verification stage, acquiring biological characteristics to obtain a biological characteristic template; calculating to obtain a result s by using the biological characteristic template and the data set Q; and judging the consistency of the biological characteristics and the registered biological characteristics through s and k, thereby completing the biological characteristic identification. The method converts the matching of the biological characteristic template into the password calculation on the data set, the data set Q does not contain any information of the biological characteristic template, the biological characteristic template can not be pushed out irreversibly, and the data set Q can be withdrawn and has desensitization property; the data set Q can be used for replacing a biological characteristic template for storage, transmission and use, and identification is not influenced while biological characteristic desensitization protection is achieved.
The present invention will be described in detail with reference to fig. 2.
In the registration stage, a biological characteristic template is acquired; a random number k is generated as a secret, the biometric template is used as a parameter and k is processed using the SM9 algorithm to obtain a data set Q. The description is as follows.
As shown in MA1 in fig. 2, a biometric template obtained after processing a biometric collected during enrollment has N feature points, the feature points are denoted as Xi (i =1.. N), and each Xi is encoded as a numerical value according to a convention rule.
As shown in MA2 of FIG. 2, first, D random numbers r are generateddTo r1Constructing a unary equation f (x) = r of degree D using the same as a coefficientdxD+rd-1xD-1+..r1x; generating a random number k as a secret, calculating a bilinear pair t = e (P1, P2) using SM9 algorithm, P1 and P2 being generators of SM9 algorithm, calculating Ei = tf(Xi)*tk(i =1.. N); is a large number multiplied by; note data set Q = (Ei (i =1.. N)).
In the verification stage, biological characteristics are collected to obtain a biological characteristic template; calculating to obtain a result s by using the biological characteristic template and the data set Q; and judging the consistency of the biological characteristics and the registered biological characteristics through s and k, thereby finishing the biological characteristic identification. The description is as follows.
As shown in MB1 in fig. 2, the biometric template obtained by collecting and verifying the biometric features includes M feature points, the feature points are denoted as Xj '(j =1.. M, M < = N), and the Xj' is encoded as a numerical value according to the convention rule.
As shown by MB2 in fig. 2, a data set Q at registration time is obtained; constructing an Xj 'point corresponding to the Xi point and a data set Q into a binary group F = (FX, FY) according to a convention sequence, wherein the FX = Xj', the FY is equal to Ei calculated by the Xi point; and (3) sequentially matching the M points, and then recording a calculated binary group as a data set Q '= (Fm (M =1.. M, M < = N), wherein if the number of elements in Q' is less than D, the identification fails, and if not, the next operation is carried out.
As shown by MB3 in figure 2,selecting D points from Q' to calculate s
Figure RE-300747DEST_PATH_IMAGE001
The derivation is as follows:
MB 3-1: for a unary equation f (x) = a of degree Nnxn+an-1xn-1+..a1x, can be written as a lagrange interpolation polynomial:
Figure RE-903373DEST_PATH_IMAGE002
Figure RE-683111DEST_PATH_IMAGE003
is the lagrangian basis function at x =0, the grarangian basis function has the following properties:
Figure RE-16003DEST_PATH_IMAGE004
MB 3-2: it can be deduced that,
Figure RE-17326DEST_PATH_IMAGE005
is a unitary equation of degree D of f (x) = rdxD+rd-1xD-1+..r1Lagrangian basis function when x =0, noted as
Figure RE-839788DEST_PATH_IMAGE006
. Known from the Lagrange basis function property
Figure RE-44505DEST_PATH_IMAGE007
MB 3-3: d points in the set Q ', each point F = (FX = Xj', FY = Ei); if Xj' = Xi, then it is known that the D points are all unary D order equations f (x) = rdxD+rd-1xD-1+..r1Points on x, one can deduce s:
Figure RE-243405DEST_PATH_IMAGE008
according to the above derivation, ifIf the D feature points of the biometric feature for authentication and the D points of the registered biometric feature match, s = can be obtained
Figure RE-600699DEST_PATH_IMAGE009
Verifying that the identification is passed; otherwise the identification is not passed.
The method converts the matching of the biological characteristic template into the password calculation on the data set, each element in the data set Q does not contain any information of the biological characteristic, and the biological characteristic template can not be deduced reversibly; each element in the data set Q comprises a random number k, and the random number k can be withdrawn after failure; has desensitizing property. The data set may be used to store, transmit and use in place of the biometric template. During recognition, only the matched biological characteristics can obtain the correct secret, and the biological characteristics are desensitized and protected when the recognition is completed.
Drawings
FIG. 1 is a block diagram of a method for desensitization protection of biological characteristics based on SM9 algorithm
FIG. 2 is a detailed step diagram of the biometric desensitization protection based on SM9 algorithm
FIG. 3 is a schematic diagram of the application of the biological characteristic desensitization protection based on the SM9 algorithm
FIG. 4 is a schematic diagram of the stages of biometric identification
Detailed Description
The biological characteristic desensitization protection method and system based on the SM9 algorithm are described below with reference to the accompanying drawings.
Fig. 3 is a schematic diagram of the application of the present invention in fingerprint biometric identification. The figure includes a user, a terminal integrated with a fingerprint sensor.
Fingerprint registration
A1, pressing a fingerprint on a terminal by a user, collecting an integrated image by the fingerprint sensor on the terminal, processing the image to obtain a fingerprint characteristic template, assuming that the characteristic template consists of N characteristic points, wherein each characteristic point Ni is a binary group (characteristic type and characteristic value), and encoding the characteristic points into a numerical value according to an agreed rule.
A2 algorithm processing module for inputting user-entered random number k, k and fingerprint feature template into terminalIn (1). The algorithm processing module calculates the sequential function of the N characteristic points and then multiplies the function by tkThe set Q is obtained and the calculation process is shown in fig. 2 as MA 2.
The algorithm processing module stores the triplet (D, Q, t)k)。
Fingerprint identification
A4, pressing the fingerprint by the user, collecting the fingerprint by the fingerprint sensor on the terminal, processing the fingerprint into a fingerprint biological characteristic template to obtain M characteristic points, and coding the characteristic points according to the convention rule. Inputting the N characteristic points into an algorithm processing module, and calculating D points by the algorithm processing module to obtain s; if s = tkFingerprint identification is passed, otherwise identification is not passed. The calculation process is shown in fig. 2 as MB 4.
In the scheme, the set Q generated by the algorithm processing module does not contain any fingerprint characteristic information, and the risk of leakage of fingerprint characteristics is avoided in transmission and storage; the set Q can be generated again after being cancelled after being leaked; and when the fingerprint is identified, the comparison of the biological characteristic templates is not needed. Desensitization protection of fingerprint biological characteristics is realized.

Claims (4)

1. A biological characteristic password desensitization protection method based on SM9 algorithm is characterized in that: in the registration stage, a biological characteristic template is acquired; a random number k is generated as a secret, the biometric template is used as a parameter and k is processed using the SM9 algorithm to obtain a data set Q.
2. A biological characteristic password desensitization protection method based on SM9 algorithm is characterized in that: in the verification stage, acquiring biological characteristics to obtain a biological characteristic template; calculating to obtain a result s by using the biological characteristic template and the data set Q; and judging the consistency of the biological characteristics and the registered biological characteristics through s and k, thereby completing the biological characteristic identification.
3. The SM9 algorithm-based biometric password desensitization protection method of claim 1, wherein: the biological feature template in the registration stage has N feature points, and the feature points are recorded as Xi (i =1.. N); generating D random numbers rdTo r1Constructing a unary equation f (x) = r of degree D using the same as a coefficientdxD+ rd-1xD-1+.. r1x1(ii) a Generating a random number k as a secret, calculating a bilinear pair t = e (P1, P2) using SM9 algorithm, P1 and P2 being generators of SM9 algorithm, calculating Ei = tf(Xi)*tk(i =1.. N), note data set Q = (Ei (i =1.. N)).
4. The SM9 algorithm-based biometric password desensitization protection method of claim 2, wherein during the authentication phase: the biological features collected during verification are M feature points, and the feature points are marked as Xj' (j =1.. M); xj 'and Xi are corresponding points, a tuple F = (FX, FY) is calculated using the data set Q, where FX = Xj', FY = Ei; taking the binary group obtained by M point calculation as a data set Q '= (Fm (M =1.. M); selecting D points from Q'; calculating s
Figure RE-DEST_PATH_IMAGE001
(ii) a S = t if the verification biometric and the enrolment biometric agreekAnd proving that the identification is passed, otherwise, the identification is not passed.
CN202010415540.1A 2020-05-16 2020-05-16 Biological characteristic password desensitization protection method based on SM9 algorithm Pending CN113688651A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010415540.1A CN113688651A (en) 2020-05-16 2020-05-16 Biological characteristic password desensitization protection method based on SM9 algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010415540.1A CN113688651A (en) 2020-05-16 2020-05-16 Biological characteristic password desensitization protection method based on SM9 algorithm

Publications (1)

Publication Number Publication Date
CN113688651A true CN113688651A (en) 2021-11-23

Family

ID=78575290

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010415540.1A Pending CN113688651A (en) 2020-05-16 2020-05-16 Biological characteristic password desensitization protection method based on SM9 algorithm

Country Status (1)

Country Link
CN (1) CN113688651A (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101499130A (en) * 2008-01-30 2009-08-05 深圳市普罗巴克科技股份有限公司 Fingerprint recognition method and fingerprint recognition system
CN106506168A (en) * 2016-12-07 2017-03-15 北京信任度科技有限公司 A kind of safe method based on biological characteristic long-distance identity-certifying
CN106533697A (en) * 2016-12-06 2017-03-22 上海交通大学 Random number generating and extracting method and application thereof to identity authentication
CN106936586A (en) * 2016-12-07 2017-07-07 中国电子科技集团公司第三十研究所 A kind of biological secret key extracting method based on fingerprint bit string and Error Correction of Coding
CN109145540A (en) * 2018-08-24 2019-01-04 广州大学 A kind of intelligent terminal identity identifying method and device based on block chain
CN110192213A (en) * 2016-11-10 2019-08-30 斯泰勒有限公司 Biological characteristic transaction system
CN110896351A (en) * 2019-11-14 2020-03-20 湖南盾神科技有限公司 Identity-based digital signature method based on global hash
CN113691367A (en) * 2020-05-16 2021-11-23 成都天瑞芯安科技有限公司 Desensitized safe biological characteristic identity authentication method

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101499130A (en) * 2008-01-30 2009-08-05 深圳市普罗巴克科技股份有限公司 Fingerprint recognition method and fingerprint recognition system
CN110192213A (en) * 2016-11-10 2019-08-30 斯泰勒有限公司 Biological characteristic transaction system
CN106533697A (en) * 2016-12-06 2017-03-22 上海交通大学 Random number generating and extracting method and application thereof to identity authentication
CN106506168A (en) * 2016-12-07 2017-03-15 北京信任度科技有限公司 A kind of safe method based on biological characteristic long-distance identity-certifying
CN106936586A (en) * 2016-12-07 2017-07-07 中国电子科技集团公司第三十研究所 A kind of biological secret key extracting method based on fingerprint bit string and Error Correction of Coding
CN109145540A (en) * 2018-08-24 2019-01-04 广州大学 A kind of intelligent terminal identity identifying method and device based on block chain
CN110896351A (en) * 2019-11-14 2020-03-20 湖南盾神科技有限公司 Identity-based digital signature method based on global hash
CN113691367A (en) * 2020-05-16 2021-11-23 成都天瑞芯安科技有限公司 Desensitized safe biological characteristic identity authentication method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
KAI ZHOU等: "PassBio: Privacy-Preserving User-Centric Biometric Authentication", 《IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY》, vol. 3, no. 12, 21 May 2018 (2018-05-21), pages 3050 *
习伟等: "一种基于国密算法和物理不克隆函数的安全并行总线", 《南方电网技术》, vol. 14, no. 01, 20 January 2020 (2020-01-20), pages 46 - 51 *
于晓艳: "基于AC4384芯片带加密U盘的USBKey设计与实现", 《中国优秀硕士学位论文全文数据库_信息科技辑》, 15 February 2016 (2016-02-15), pages 138 - 64 *

Similar Documents

Publication Publication Date Title
Yang et al. An alignment-free fingerprint bio-cryptosystem based on modified Voronoi neighbor structures
JP6096893B2 (en) Biometric signature system, registration terminal and signature generation terminal
US6038315A (en) Method and system for normalizing biometric variations to authenticate users from a public database and that ensures individual biometric data privacy
CN105471575B (en) Information encryption and decryption method and device
CN102215223B (en) Fuzzy strong box remote identity authentication method based on face feature
Wu et al. A face based fuzzy vault scheme for secure online authentication
JP7259868B2 (en) system and client
CN103259660A (en) Image authentication method based on phase retrieval and elliptic curve digital signature algorithm
JP7231023B2 (en) Verification system, client and server
Liu et al. An efficient biometric identification in cloud computing with enhanced privacy security
Lacharme Analysis of the iriscodes bioencoding scheme
Hernández Álvarez et al. Biometric fuzzy extractor scheme for iris templates
CN111490879A (en) Digital certificate generation method and system based on biological characteristics
Sadhya et al. Design of a cancelable biometric template protection scheme for fingerprints based on cryptographic hash functions
JP7302606B2 (en) system and server
CN114996727A (en) Biological feature privacy encryption method and system based on palm print and palm vein recognition
Conti et al. Fingerprint traits and RSA algorithm fusion technique
CN113691367B (en) Desensitization safety biological characteristic identity authentication method
CN113688651A (en) Biological characteristic password desensitization protection method based on SM9 algorithm
KR101275590B1 (en) Rn-ecc based real fuzzy vault for protecting biometric template
CN114065169B (en) Privacy protection biometric authentication method and device and electronic equipment
CN114168918A (en) Face information protection and bidirectional authentication system based on PUF
Han Fingerprint Authentication Schemes for Mobile Devices
JP7235055B2 (en) Authenticator, client and server
CN109194469B (en) Fingerprint authentication method based on continuous variable quantum key distribution

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination