CN113688651A - Biological characteristic password desensitization protection method based on SM9 algorithm - Google Patents
Biological characteristic password desensitization protection method based on SM9 algorithm Download PDFInfo
- Publication number
- CN113688651A CN113688651A CN202010415540.1A CN202010415540A CN113688651A CN 113688651 A CN113688651 A CN 113688651A CN 202010415540 A CN202010415540 A CN 202010415540A CN 113688651 A CN113688651 A CN 113688651A
- Authority
- CN
- China
- Prior art keywords
- biological characteristic
- algorithm
- biological
- template
- data set
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004422 calculation algorithm Methods 0.000 title claims abstract description 30
- 238000000586 desensitisation Methods 0.000 title claims abstract description 20
- 238000000034 method Methods 0.000 title claims abstract description 18
- 238000012795 verification Methods 0.000 claims abstract description 9
- 238000004364 calculation method Methods 0.000 claims abstract description 7
- 230000005540 biological transmission Effects 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 5
- 238000009795 derivation Methods 0.000 description 2
- UGAJKWZVPNVCIO-UHFFFAOYSA-N Terminalin Chemical compound O1C(=O)C(C2=3)=C(C4=C(O)C(O)=C(O)C=C4C(=O)O4)C4=C(O)C=3OC(=O)C3=C2C1=C(O)C(OC1=O)=C3C2=C1C=C(O)C(O)=C2O UGAJKWZVPNVCIO-UHFFFAOYSA-N 0.000 description 1
- QTNGLMWAVBOBLJ-UHFFFAOYSA-N Terminaline Natural products C1CC2C(O)C(O)CCC2(C)C2C1C1CCC(C(C)N(C)C)C1(C)CC2 QTNGLMWAVBOBLJ-UHFFFAOYSA-N 0.000 description 1
- 230000003542 behavioural effect Effects 0.000 description 1
- 229930183689 terminalin Natural products 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Collating Specific Patterns (AREA)
Abstract
The invention provides a biological characteristic desensitization protection method based on an SM9 algorithm. Specifically, in the registration stage, a biometric template is obtained by acquiring a biometric feature, a random number k is generated as a secret, the biometric template is used as a parameter, and k is processed by using an SM9 algorithm to obtain a data set Q. In the verification stage, biological characteristics are collected to obtain a biological characteristic template, the biological characteristic template and a data set Q are used for calculating to obtain a result s, and the consistency of the biological characteristics and the registered biological characteristics is judged through s and k, so that biological characteristic identification is completed. The method converts the matching of the biological characteristic template into the password calculation on the data set, the data set Q does not contain any information of the biological characteristic template, the biological characteristic template can not be pushed out irreversibly, and the data set Q can be withdrawn and has desensitization property; the data set Q can be used for replacing a biological characteristic template for storage, transmission and use, and identification is not influenced while biological characteristic desensitization protection is achieved.
Description
Technical Field
The present invention relates to the field of biometric identification, and in particular to the field of biometric password protection, including but not limited to this field.
Background
Biometric (Biometrics) refers to physiological or behavioral features used to identify or verify the identity of an individual, and the digitized description of a biometric constitutes a biometric template, which is used to store, transmit, and identify the biometric in the field of electronic information, and consists of a series of feature points, and this document does not distinguish between a biometric and a biometric template unless otherwise stated.
The biological characteristics have uniqueness and invariance, and the identity of the organism can be uniquely confirmed, and the method is called biological characteristic identification.
As shown in fig. 4, biometric identification includes two phases of enrollment and verification. In the registration stage, biological characteristics are collected to obtain a characteristic template and the characteristic template is stored, and in the verification stage, the collected characteristic template is compared with the registration characteristic template to determine the identity of the organism. In the existing identification method, a feature template is used for the storage, transmission and comparison process of biological feature identification. Once the biometric template is revealed, irrecoverable information security issues arise due to the irrecoverability and privacy of the biometric.
SM9 is an identification-based elliptic curve (ECC) cryptographic algorithm, which is a cryptographic algorithm developed autonomously in our country and has been released as the national cipher industry standard GM/T0044. The SM9 algorithm defines curve parameters, bilinear pairings, signing, encryption and key exchange functions. The biological characteristic template is processed into desensitization data by using an SM9 algorithm, the desensitization data is used for registration and verification, the biological characteristic matching is converted into password calculation on a data set, the biological characteristic template can be prevented from being directly used, and the desensitization protection of the biological characteristic is realized while the identification is carried out.
Disclosure of Invention
A biological characteristic password desensitization protection method based on SM9 algorithm. In the registration stage, a biological characteristic template is acquired; a random number k is generated as a secret, the biometric template is used as a parameter and k is processed using the SM9 algorithm to obtain a data set Q. In the verification stage, acquiring biological characteristics to obtain a biological characteristic template; calculating to obtain a result s by using the biological characteristic template and the data set Q; and judging the consistency of the biological characteristics and the registered biological characteristics through s and k, thereby completing the biological characteristic identification. The method converts the matching of the biological characteristic template into the password calculation on the data set, the data set Q does not contain any information of the biological characteristic template, the biological characteristic template can not be pushed out irreversibly, and the data set Q can be withdrawn and has desensitization property; the data set Q can be used for replacing a biological characteristic template for storage, transmission and use, and identification is not influenced while biological characteristic desensitization protection is achieved.
The present invention will be described in detail with reference to fig. 2.
In the registration stage, a biological characteristic template is acquired; a random number k is generated as a secret, the biometric template is used as a parameter and k is processed using the SM9 algorithm to obtain a data set Q. The description is as follows.
As shown in MA1 in fig. 2, a biometric template obtained after processing a biometric collected during enrollment has N feature points, the feature points are denoted as Xi (i =1.. N), and each Xi is encoded as a numerical value according to a convention rule.
As shown in MA2 of FIG. 2, first, D random numbers r are generateddTo r1Constructing a unary equation f (x) = r of degree D using the same as a coefficientdxD+rd-1xD-1+..r1x; generating a random number k as a secret, calculating a bilinear pair t = e (P1, P2) using SM9 algorithm, P1 and P2 being generators of SM9 algorithm, calculating Ei = tf(Xi)*tk(i =1.. N); is a large number multiplied by; note data set Q = (Ei (i =1.. N)).
In the verification stage, biological characteristics are collected to obtain a biological characteristic template; calculating to obtain a result s by using the biological characteristic template and the data set Q; and judging the consistency of the biological characteristics and the registered biological characteristics through s and k, thereby finishing the biological characteristic identification. The description is as follows.
As shown in MB1 in fig. 2, the biometric template obtained by collecting and verifying the biometric features includes M feature points, the feature points are denoted as Xj '(j =1.. M, M < = N), and the Xj' is encoded as a numerical value according to the convention rule.
As shown by MB2 in fig. 2, a data set Q at registration time is obtained; constructing an Xj 'point corresponding to the Xi point and a data set Q into a binary group F = (FX, FY) according to a convention sequence, wherein the FX = Xj', the FY is equal to Ei calculated by the Xi point; and (3) sequentially matching the M points, and then recording a calculated binary group as a data set Q '= (Fm (M =1.. M, M < = N), wherein if the number of elements in Q' is less than D, the identification fails, and if not, the next operation is carried out.
MB 3-1: for a unary equation f (x) = a of degree Nnxn+an-1xn-1+..a1x, can be written as a lagrange interpolation polynomial:,is the lagrangian basis function at x =0, the grarangian basis function has the following properties:。
MB 3-2: it can be deduced that,is a unitary equation of degree D of f (x) = rdxD+rd-1xD-1+..r1Lagrangian basis function when x =0, noted as. Known from the Lagrange basis function property。
MB 3-3: d points in the set Q ', each point F = (FX = Xj', FY = Ei); if Xj' = Xi, then it is known that the D points are all unary D order equations f (x) = rdxD+rd-1xD-1+..r1Points on x, one can deduce s:
according to the above derivation, ifIf the D feature points of the biometric feature for authentication and the D points of the registered biometric feature match, s = can be obtainedVerifying that the identification is passed; otherwise the identification is not passed.
The method converts the matching of the biological characteristic template into the password calculation on the data set, each element in the data set Q does not contain any information of the biological characteristic, and the biological characteristic template can not be deduced reversibly; each element in the data set Q comprises a random number k, and the random number k can be withdrawn after failure; has desensitizing property. The data set may be used to store, transmit and use in place of the biometric template. During recognition, only the matched biological characteristics can obtain the correct secret, and the biological characteristics are desensitized and protected when the recognition is completed.
Drawings
FIG. 1 is a block diagram of a method for desensitization protection of biological characteristics based on SM9 algorithm
FIG. 2 is a detailed step diagram of the biometric desensitization protection based on SM9 algorithm
FIG. 3 is a schematic diagram of the application of the biological characteristic desensitization protection based on the SM9 algorithm
FIG. 4 is a schematic diagram of the stages of biometric identification
Detailed Description
The biological characteristic desensitization protection method and system based on the SM9 algorithm are described below with reference to the accompanying drawings.
Fig. 3 is a schematic diagram of the application of the present invention in fingerprint biometric identification. The figure includes a user, a terminal integrated with a fingerprint sensor.
Fingerprint registration
A1, pressing a fingerprint on a terminal by a user, collecting an integrated image by the fingerprint sensor on the terminal, processing the image to obtain a fingerprint characteristic template, assuming that the characteristic template consists of N characteristic points, wherein each characteristic point Ni is a binary group (characteristic type and characteristic value), and encoding the characteristic points into a numerical value according to an agreed rule.
A2 algorithm processing module for inputting user-entered random number k, k and fingerprint feature template into terminalIn (1). The algorithm processing module calculates the sequential function of the N characteristic points and then multiplies the function by tkThe set Q is obtained and the calculation process is shown in fig. 2 as MA 2.
The algorithm processing module stores the triplet (D, Q, t)k)。
Fingerprint identification
A4, pressing the fingerprint by the user, collecting the fingerprint by the fingerprint sensor on the terminal, processing the fingerprint into a fingerprint biological characteristic template to obtain M characteristic points, and coding the characteristic points according to the convention rule. Inputting the N characteristic points into an algorithm processing module, and calculating D points by the algorithm processing module to obtain s; if s = tkFingerprint identification is passed, otherwise identification is not passed. The calculation process is shown in fig. 2 as MB 4.
In the scheme, the set Q generated by the algorithm processing module does not contain any fingerprint characteristic information, and the risk of leakage of fingerprint characteristics is avoided in transmission and storage; the set Q can be generated again after being cancelled after being leaked; and when the fingerprint is identified, the comparison of the biological characteristic templates is not needed. Desensitization protection of fingerprint biological characteristics is realized.
Claims (4)
1. A biological characteristic password desensitization protection method based on SM9 algorithm is characterized in that: in the registration stage, a biological characteristic template is acquired; a random number k is generated as a secret, the biometric template is used as a parameter and k is processed using the SM9 algorithm to obtain a data set Q.
2. A biological characteristic password desensitization protection method based on SM9 algorithm is characterized in that: in the verification stage, acquiring biological characteristics to obtain a biological characteristic template; calculating to obtain a result s by using the biological characteristic template and the data set Q; and judging the consistency of the biological characteristics and the registered biological characteristics through s and k, thereby completing the biological characteristic identification.
3. The SM9 algorithm-based biometric password desensitization protection method of claim 1, wherein: the biological feature template in the registration stage has N feature points, and the feature points are recorded as Xi (i =1.. N); generating D random numbers rdTo r1Constructing a unary equation f (x) = r of degree D using the same as a coefficientdxD+ rd-1xD-1+.. r1x1(ii) a Generating a random number k as a secret, calculating a bilinear pair t = e (P1, P2) using SM9 algorithm, P1 and P2 being generators of SM9 algorithm, calculating Ei = tf(Xi)*tk(i =1.. N), note data set Q = (Ei (i =1.. N)).
4. The SM9 algorithm-based biometric password desensitization protection method of claim 2, wherein during the authentication phase: the biological features collected during verification are M feature points, and the feature points are marked as Xj' (j =1.. M); xj 'and Xi are corresponding points, a tuple F = (FX, FY) is calculated using the data set Q, where FX = Xj', FY = Ei; taking the binary group obtained by M point calculation as a data set Q '= (Fm (M =1.. M); selecting D points from Q'; calculating s(ii) a S = t if the verification biometric and the enrolment biometric agreekAnd proving that the identification is passed, otherwise, the identification is not passed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010415540.1A CN113688651A (en) | 2020-05-16 | 2020-05-16 | Biological characteristic password desensitization protection method based on SM9 algorithm |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010415540.1A CN113688651A (en) | 2020-05-16 | 2020-05-16 | Biological characteristic password desensitization protection method based on SM9 algorithm |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113688651A true CN113688651A (en) | 2021-11-23 |
Family
ID=78575290
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010415540.1A Pending CN113688651A (en) | 2020-05-16 | 2020-05-16 | Biological characteristic password desensitization protection method based on SM9 algorithm |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113688651A (en) |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101499130A (en) * | 2008-01-30 | 2009-08-05 | 深圳市普罗巴克科技股份有限公司 | Fingerprint recognition method and fingerprint recognition system |
CN106506168A (en) * | 2016-12-07 | 2017-03-15 | 北京信任度科技有限公司 | A kind of safe method based on biological characteristic long-distance identity-certifying |
CN106533697A (en) * | 2016-12-06 | 2017-03-22 | 上海交通大学 | Random number generating and extracting method and application thereof to identity authentication |
CN106936586A (en) * | 2016-12-07 | 2017-07-07 | 中国电子科技集团公司第三十研究所 | A kind of biological secret key extracting method based on fingerprint bit string and Error Correction of Coding |
CN109145540A (en) * | 2018-08-24 | 2019-01-04 | 广州大学 | A kind of intelligent terminal identity identifying method and device based on block chain |
CN110192213A (en) * | 2016-11-10 | 2019-08-30 | 斯泰勒有限公司 | Biological characteristic transaction system |
CN110896351A (en) * | 2019-11-14 | 2020-03-20 | 湖南盾神科技有限公司 | Identity-based digital signature method based on global hash |
CN113691367A (en) * | 2020-05-16 | 2021-11-23 | 成都天瑞芯安科技有限公司 | Desensitized safe biological characteristic identity authentication method |
-
2020
- 2020-05-16 CN CN202010415540.1A patent/CN113688651A/en active Pending
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101499130A (en) * | 2008-01-30 | 2009-08-05 | 深圳市普罗巴克科技股份有限公司 | Fingerprint recognition method and fingerprint recognition system |
CN110192213A (en) * | 2016-11-10 | 2019-08-30 | 斯泰勒有限公司 | Biological characteristic transaction system |
CN106533697A (en) * | 2016-12-06 | 2017-03-22 | 上海交通大学 | Random number generating and extracting method and application thereof to identity authentication |
CN106506168A (en) * | 2016-12-07 | 2017-03-15 | 北京信任度科技有限公司 | A kind of safe method based on biological characteristic long-distance identity-certifying |
CN106936586A (en) * | 2016-12-07 | 2017-07-07 | 中国电子科技集团公司第三十研究所 | A kind of biological secret key extracting method based on fingerprint bit string and Error Correction of Coding |
CN109145540A (en) * | 2018-08-24 | 2019-01-04 | 广州大学 | A kind of intelligent terminal identity identifying method and device based on block chain |
CN110896351A (en) * | 2019-11-14 | 2020-03-20 | 湖南盾神科技有限公司 | Identity-based digital signature method based on global hash |
CN113691367A (en) * | 2020-05-16 | 2021-11-23 | 成都天瑞芯安科技有限公司 | Desensitized safe biological characteristic identity authentication method |
Non-Patent Citations (3)
Title |
---|
KAI ZHOU等: "PassBio: Privacy-Preserving User-Centric Biometric Authentication", 《IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY》, vol. 3, no. 12, 21 May 2018 (2018-05-21), pages 3050 * |
习伟等: "一种基于国密算法和物理不克隆函数的安全并行总线", 《南方电网技术》, vol. 14, no. 01, 20 January 2020 (2020-01-20), pages 46 - 51 * |
于晓艳: "基于AC4384芯片带加密U盘的USBKey设计与实现", 《中国优秀硕士学位论文全文数据库_信息科技辑》, 15 February 2016 (2016-02-15), pages 138 - 64 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Yang et al. | An alignment-free fingerprint bio-cryptosystem based on modified Voronoi neighbor structures | |
JP6096893B2 (en) | Biometric signature system, registration terminal and signature generation terminal | |
US6038315A (en) | Method and system for normalizing biometric variations to authenticate users from a public database and that ensures individual biometric data privacy | |
CN105471575B (en) | Information encryption and decryption method and device | |
CN102215223B (en) | Fuzzy strong box remote identity authentication method based on face feature | |
Wu et al. | A face based fuzzy vault scheme for secure online authentication | |
JP7259868B2 (en) | system and client | |
CN103259660A (en) | Image authentication method based on phase retrieval and elliptic curve digital signature algorithm | |
JP7231023B2 (en) | Verification system, client and server | |
Liu et al. | An efficient biometric identification in cloud computing with enhanced privacy security | |
Lacharme | Analysis of the iriscodes bioencoding scheme | |
Hernández Álvarez et al. | Biometric fuzzy extractor scheme for iris templates | |
CN111490879A (en) | Digital certificate generation method and system based on biological characteristics | |
Sadhya et al. | Design of a cancelable biometric template protection scheme for fingerprints based on cryptographic hash functions | |
JP7302606B2 (en) | system and server | |
CN114996727A (en) | Biological feature privacy encryption method and system based on palm print and palm vein recognition | |
Conti et al. | Fingerprint traits and RSA algorithm fusion technique | |
CN113691367B (en) | Desensitization safety biological characteristic identity authentication method | |
CN113688651A (en) | Biological characteristic password desensitization protection method based on SM9 algorithm | |
KR101275590B1 (en) | Rn-ecc based real fuzzy vault for protecting biometric template | |
CN114065169B (en) | Privacy protection biometric authentication method and device and electronic equipment | |
CN114168918A (en) | Face information protection and bidirectional authentication system based on PUF | |
Han | Fingerprint Authentication Schemes for Mobile Devices | |
JP7235055B2 (en) | Authenticator, client and server | |
CN109194469B (en) | Fingerprint authentication method based on continuous variable quantum key distribution |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |