CN114553413A - Access authentication and key derivation method and system for biological identification identity authentication - Google Patents
Access authentication and key derivation method and system for biological identification identity authentication Download PDFInfo
- Publication number
- CN114553413A CN114553413A CN202210191226.9A CN202210191226A CN114553413A CN 114553413 A CN114553413 A CN 114553413A CN 202210191226 A CN202210191226 A CN 202210191226A CN 114553413 A CN114553413 A CN 114553413A
- Authority
- CN
- China
- Prior art keywords
- authentication
- key
- cloud
- sbc
- soft
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Abstract
The invention belongs to the technical field of key management and identity authentication related application, and discloses an access authentication and key derivation method and a system for biometric identity authentication.A user registers at a trusted authentication center in a registration stage and uploads all information such as biological characteristics, soft biological characteristics, identity identification and the like; the fog nodes perform access authentication at the unified authentication cloud to obtain identity marks issued by the unified authentication cloud and a shared root key obtained through key agreement, and the fog nodes are accessed to the cloud and fog mixed network after registration is completed; in the authentication stage, a user uploads characteristic information and utilizes biological characteristics to identify the identity; the fog node and the unified authentication cloud use soft biological feature fusion to generate parameters required by a soft biological feature key, and use key derivation to generate a soft biological feature key and a session key which are respectively used for encrypting and decrypting biological features and session messages. The invention can obviously reduce the risk of deciphering the secret key and enhance the confidentiality of the biological characteristic privacy information of the user.
Description
Technical Field
The invention belongs to the technical field of key management and identity authentication related application, and particularly relates to an access authentication and key derivation method and system for biometric identity authentication.
Background
At present, fog computing is an intermediate state between cloud computing and personal computing, and is a semi-virtual intelligent service computing type. The fog nodes with low cost and certain information processing capacity and storage capacity share part of work of the cloud, so that the pressure of the cloud is greatly reduced; meanwhile, as a distributed system closer to the bottom layer, the fog node can process part of services of the user in time, and the requirement of the user on real-time service in the mobile network is met. Through the calculation, storage and network communication services provided by the fog nodes, the calculation, analysis and processing of data are closer to users, so that the response delay and storage overhead of user business in cloud processing are reduced, the consumption of wireless resources is reduced, the energy consumption of terminal equipment is reduced, the standby time is prolonged, and even the calculation services can be continuously provided in an area without Internet coverage. Therefore, by utilizing the characteristics of strong data processing and storage capacity of the cloud, low cost, expandability and certain data processing and storage capacity of the cloud node, the cloud and fog mixed computing mode becomes a high-efficiency computing mode in the current mobile internet technology. However, the communication between the cloud node and the cloud end needs to satisfy confidentiality, security, and the like through encryption protection.
Currently, the modes widely used in biometric authentication (for example, IOS, android, etc.) are all processes for implementing biometric calculation and identification on a terminal device, which will cause frequent calling of a CPU by the terminal device, and reduce standby time. In addition, in a short time, a large number of user authentication requests also cause too high load pressure on the authentication server, which not only reduces the service experience of the user, but also is an extremely high server maintenance cost for enterprises. And the cloud and mist mixed structure calculation mode has the advantages of high efficiency and low cost, so that the biological identification can realize convenient and efficient identity authentication by means of the cloud and mist mixed structure mode. However, biometric identification using biometrics requires confidentiality and security of biometrics during transmission. Soft biometrics is a concept that is "soft" relative to traditional biometrics, such that soft biometrics cannot uniquely identify a person, and facial features, body features, etc. are soft biometrics, such as height, gender, race, weight, body fat, skin tone, etc. Because the soft biological characteristics have non-privacy and partial confidentiality, the soft biological characteristics have a considerable prospect of protecting the biological characteristics.
However, it is necessary to determine how to prevent the illegal foggy node from accessing the network, and to interfere with the normal flow, i.e. to ensure that the foggy node is authentic. The security of the message transmitted by the fog node and the cloud is guaranteed, the transmitted session message is guaranteed not to be monitored and tampered by an attacker, the message is generally required to be encrypted, and therefore a required key needs to be generated through key agreement. Although the current key agreement algorithm can guarantee high security, the key is kept unchanged for a period of time, which will increase the risk of key leakage and cracking in the process of information transmission. In addition, the overhead of key management is also an issue. The confidentiality and privacy of the biological characteristics should be ensured by encryption in the process of uploading the biological characteristic data of the user.
The patent "biometric identity information authentication method based on 5G cloud and mist mixed unified authentication platform" (patent No. ZL201911129276.9) proposes an application of biometric identification in a cloud and mist mixed environment, and a general idea of using a soft biometric feature generation key to encrypt and decrypt biometric features, but does not propose a specific method, nor relate to technologies such as access management and key management of mist nodes.
Through the above analysis, the problems and defects of the prior art are as follows:
(1) the widely used mode in the biometric authentication is all processes of realizing biometric calculation and identification on the terminal device, which causes the terminal device to frequently call the CPU, and reduces the standby time.
(2) The large-scale user authentication requests can cause too high load pressure on the authentication server in a short time, the service experience of the user is reduced, and the method is also extremely high server maintenance cost for enterprises.
(3) The existing key agreement algorithm is kept unchanged for a period of time, so that the risk of key leakage and cracking in the information transmission process is increased, and the overhead of key management is also a problem.
The difficulty in solving the above problems and defects is: the fog node needs to be connected to the cloud to complete registration and possess a trusted identity before formally providing service. The encryption and decryption session messages of the fog nodes and the cloud end and the keys of the biological characteristics need to be generated and managed, the used keys need to meet the forward security, and the keys need to be managed in a cost-saving mode and with low expenditure.
The significance of solving the problems and the defects is as follows: a complete access authentication and key derivation scheme is provided, two keys required in the biometric identification process under the cloud and mist mixed scene are uniformly subjected to key derivation and management, different keys are used in different authentication requests, the forward security can be met, the management is easy, and the expense is reduced. In addition, the non-privacy soft biological characteristics are used for assisting in generating a soft biological characteristic key and encrypting biological characteristics, but the soft biological characteristics acquired at different time and different places are not completely the same and have certain deviation, so that the problem of how to generate the same soft biological characteristic key at the cloud node and the cloud end is solved by the scheme provided, and the defects in the aspects of key generation, key management and the like in the '5G cloud and mist mixed unified authentication platform-based biometric identity information authentication method' (patent number: ZL201911129276.9) are powerfully overcome.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides an access authentication and key derivation method and system for biometric identity authentication, and particularly relates to an access authentication and key derivation method and system for biometric identity authentication in a cloud and mist mixed scene.
The invention is realized in such a way that an access authentication and key derivation method for biometric identity authentication comprises the following steps:
step one, in a registration stage, a user registers at a trusted authentication center and uploads all information such as biological characteristics, soft biological characteristics, identity marks and the like; and the fog node performs access authentication at the unified authentication cloud to obtain an identity issued by the unified authentication cloud and a shared root key obtained through key agreement, and the fog node is accessed to the cloud and fog mixed network after registration is completed. The step is a precondition, and various information required by the scheme can be formally authenticated only after being stored in a database through a registration stage;
step two, in the authentication stage, the user uploads characteristic information and utilizes biological characteristics to identify the identity; the fog node and the unified authentication cloud use soft biological characteristics to fuse and generate parameters required by a soft biological characteristic key, and use key derivation to generate a soft biological characteristic key and a session key which are respectively used for encrypting and decrypting biological characteristics and session messages. The step is a formal use stage, and the confidentiality of the biological characteristics and the session message can be ensured by utilizing the key generation and encryption and decryption method provided by the scheme in the biological identification identity authentication system.
Further, the registration phase in the first step includes:
(1) the user registers at a credible authentication center AUC; the user sends a unique identity named by the user to the AUC; the AUC indicates the user to collect and upload the biological characteristics and the soft biological characteristics, and all the information of the biological characteristics, the soft biological characteristics and the identity of the user is stored in a local database of the user;
(2) the method comprises the following steps that a fog node FCC which is not registered at a Cloud of a unified certification Cloud registers at the Cloud; distributing a unique identity identifier Fid for the unregistered FCC by the Cloud, obtaining a shared root key K by the Cloud and the FCC through key negotiation, and carrying out one-to-one mapping on the Fid and the K; and after the registration is finished, the FCC accesses to the cloud and mist mixed network.
Further, the identity identifier in the step (1) is a user name or an ID such as an identification number that can uniquely identify the user identity.
Further, the authentication phase in the second step includes:
(1) the UE forwards the authentication request (including the supported soft biometric List SBC _ List, the biometric List BC _ List and the session identification Sid) via the mist node FCC to the unified authentication Cloud. The method comprises the steps that Cloud randomly selects a soft biometric sequence SBC _ Q used for Cloud filtering and database screening in an SBC _ List, the rest soft biometric sequences are used for generating soft biometric key encryption biometrics, the biometric sequence BC _ Q is randomly selected in the BC _ List for biometrics, and an authentication request is sent to an authentication center AUC. The AUC returns the soft biometric data of all users in the database to Cloud. Finally, the SBC _ Q and BC _ Q sequences are forwarded to the UE by the Cloud through the mist node FCC;
(2) the UE receives the authentication response, collects the characteristics corresponding to the SBC _ List and the BC _ Q, and in the collected characteristic data, the soft biological characteristic corresponding to the SBC _ Q is marked as V _ SBC, the rest soft biological characteristics are marked as K _ SBC, and the collected biological characteristic is marked as V _ BC; sending the message < V _ SBC, K _ SBC, V _ BC, Sid > to the mist node FCC;
(3) the fogging node FCC receives the feature data, generates a soft biometric key K using K, K _ SBC and a key derivation algorithmSBCUsing KSBCEncrypting the V _ BC by using an encryption algorithm to generate a biological characteristic ciphertext C1; generation of session key K using K, Sid and SM3 algorithm derivationSESSIONUsing KSESSIONSM4 algorithm encryption session message < C1, V _ SBC > generates transmission message cipher text C2, and sends C2 and session identification Sid to unified authentication Cloud;
(4) after the Cloud receives the ciphertext, the session key K is derived and generated by using K, Sid and SM3 algorithmsSESSIONDecrypting the transmission message ciphertext C2 to obtain < C1, V _ SBC >; filtering and screening the stored user information by using the V _ SBC to generate a set S _ Vnickname ═ V _ Nickname | according with the Hash of the identity of the corresponding UEs of the V _ SBC }; utilizing K _ SBC for each UE in S _ VnicknameiAnd SM3 algorithm derived generation key attempts to decrypt the biometric ciphertext C1;if the decryption is successful, the users may be the same user; sending the set S _ Nickname obtained by successful decryption and the biological feature V _ BC obtained by decryption to an authentication center AUC; and the AUC receives the authentication message, performs biological identification, forwards the authentication result to the UE through the Cloud and the FCC, and finishes authentication.
Further, the key derivation algorithm in the step (3) includes MD5, SHA-256, SM3, and the like, preferably SM3 algorithm; the encryption and decryption algorithms in the steps (3) and (4) comprise AES, 3DES, SM4 and the like, and preferably SM4 algorithm.
Further, the access authentication and key derivation method for biometric identity authentication further comprises the steps that the mist node FCC and the unified authentication Cloud utilize the biased soft biometrics to generate the same soft biometrics key for encryption and decryption biometrics; the key derivation and encryption and decryption method comprises the following steps:
(1) dividing K obtained by negotiating the fog node FCC and the unified certification Cloud key into SK and BK which are respectively used for deriving a session key and a soft biological feature fusion key; the FCC and the Cloud share a session identifier Sid and a soft biometric fusion parameter SBC, which are changed in each different authentication request and are respectively used for different key derivation in an auxiliary manner; the key length of K is 256bits, SK is the first 128bits, and BK is the second 128 bits;
(2) the mist node FCC receives the characteristic data, and calculates a soft biological characteristic fusion parameter SBC according to the K _ SBC:
SBC_sum=w1×K_SBC1+w2×K_SBC2+...+wjxK _ SBcj, where K _ SBcj is the jth soft biometric of the user, wjSBC _ sum is the weighted sum of the soft biometrics for the corresponding weights;
SBC ═ SBC _ sum/Δ >, where < … > represents rounded down;
generation of a soft biometric Key K by Key derivation Using the SM3 Algorithm and different parametersSBCAnd a session key KSESSION:
KSBC=SM3(BK,SBC),
KSESSION=SM3(SK,Sid);
Using KSBCAnd SMThe 4 algorithm encrypts the biometric data to generate a biometric ciphertext C1:
C1=SM4(KSBC,V_BC);
using KSESSIONAnd the SM4 algorithm encrypts the transmission message to generate a transmission message ciphertext C2:
C2=SM4(KSESSION,<C1,V_SBC>);
the FCC sends C2 and session identification Sid to the unified certification Cloud;
(3) after the Cloud receives the ciphertext, the SM3 algorithm key is used for deriving and generating a session key KSESSION:
KSESSION=SM3(SK,Sid);
Using KSESSIONAnd the SM4 algorithm decrypts the transmission message ciphertext C2 to obtain < C1, V _ SBC >:
<C1,V_SBC>=SM4(KSESSION,C2);
filtering and screening the stored user information by using the V _ SBC, finding out all user groups which may be the same user to be authenticated, and generating a set S _ Vnickname ═ V _ Nickname [ Hash of identity marks of corresponding UEs of the V _ SBC ]; for each UE in S _ Vnickname:
SBC_sumi=w1×K_SBC1i+w2×K_SBC2i+...+wj×K_SBCjiwherein K _ SBcjiIs the j soft biometric of the i UE, wjSBC _ sum being the corresponding weightiIs a weighted sum of soft biometrics for the ith UE;
SBCi=<SBC_sumi[ delta ] >, wherein<…>Represents rounding down;
using generated three keysAnd (3) attempting to decrypt the biometric ciphertext C1, and obtaining a biometric plaintext V _ BC if decryption is successful:
and sending the successfully decrypted ID Hash set S _ Nickname and the biological characteristic V _ BC of the users to an authentication center AUC.
Another object of the present invention is to provide an access authentication and key derivation system for biometric identity authentication applying the access authentication and key derivation method for biometric identity authentication, the access authentication and key derivation system for biometric identity authentication including:
the biological information acquisition module is used for acquiring and uploading the soft biological characteristics and the biological characteristics of the user, and respectively sending the soft biological characteristics and the biological characteristics to the authentication center and the fog node in the user registration stage and the authentication stage;
and the fog node access authentication module is used for registering the fog nodes which are not accessed to the cloud and fog mixed network at the unified authentication cloud to obtain a unique identity Fid, sharing a root key K with the unified authentication cloud through key agreement, and mapping the Fid and the K in a one-to-one manner. After the access authentication is completed, the cloud node is accessed to the cloud and mist mixed network;
and the user registration phase module is used for realizing the registration of the user at the trusted authentication center. A user registers an identity mark at an authentication center, a biological information acquisition module is used for acquiring and uploading all information such as biological characteristics, soft biological characteristics, the identity mark and the like of the user, and the authentication center stores the user information into a local database;
the soft biological characteristic fusion module is used for fusing the soft biological characteristic data by the fog node and the unified authentication cloud to generate parameters required by a soft biological characteristic key;
and the key derivation and encryption and decryption module is used for generating two keys by the fog node and the unified authentication cloud through key derivation and required parameters: a soft biometric key and a session key for encrypting and decrypting the biometric and encrypting and decrypting the session message, respectively;
the authentication stage module is used for confirming the identity of the user through biological recognition; wherein the fog node and the unified authentication cloud use a soft biometric fusion module and a key derivation and encryption/decryption module to protect the biometric and session messages.
It is a further object of the invention to provide a computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of:
in the registration stage, a user registers at a trusted authentication center and uploads all information such as biological characteristics, soft biological characteristics, identity marks and the like; the fog nodes perform access authentication at the unified authentication cloud to obtain identity marks issued by the unified authentication cloud and a shared root key obtained through key agreement, and the fog nodes are accessed to the cloud and fog mixed network after registration is completed;
in the authentication stage, a user uploads characteristic information and utilizes biological characteristics to identify the identity; the fog node and the unified authentication cloud use soft biological feature fusion to generate parameters required by a soft biological feature key, and use key derivation to generate a soft biological feature key and a session key which are respectively used for encrypting and decrypting biological features and session messages.
It is another object of the present invention to provide a computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:
in the registration stage, a user registers in a trusted authentication center and uploads all information such as biological characteristics, soft biological characteristics, identity identification and the like; the fog nodes perform access authentication at the unified authentication cloud to obtain identity marks issued by the unified authentication cloud and a shared root key obtained through key agreement, and the fog nodes are accessed to the cloud and fog mixed network after registration is completed;
in the authentication stage, a user uploads characteristic information and utilizes biological characteristics to identify the identity; the fog node and the unified authentication cloud use soft biological feature fusion to generate parameters required by a soft biological feature key, and use key derivation to generate a soft biological feature key and a session key which are respectively used for encrypting and decrypting biological features and session messages.
Another object of the present invention is to provide an information data processing terminal for implementing the access authentication and key derivation system for biometric identity authentication.
By combining all the technical schemes, the invention has the advantages and positive effects that: the access authentication and key derivation method and system for the biological identification identity authentication provided by the invention can prevent the access of illegal fog nodes by the access authentication between the fog nodes and the unified authentication cloud, and the shared key obtained by key agreement is used as a root key, the non-privacy soft biological characteristics and the session identification are used as parameters, the soft biological characteristic key and the session key are respectively generated by key derivation, the parameters used in each authentication request, and hence the key derived from the key derivation, will change, the method can meet the forward security, obviously reduce the risk of deciphering the secret key, enhance the confidentiality of biological characteristic data and session information, and powerfully make up for the defects of secret key generation, secret key management and the like in the 'biological identity information authentication method based on 5G cloud and mist mixed unified authentication platform' (patent number ZL 201911129276.9).
The identity authentication in the invention can be used for identity authentication in various application scenes such as mobile internet, and the method of soft biological feature fusion and key derivation in the invention brings convenience for access authentication and key management of mist nodes such as IoT equipment; the soft biological characteristic key and the session key in different authentication requests can be changed, the risk of deciphering the key can be obviously reduced, the confidentiality of the user biological characteristic privacy information is enhanced, and the proposed soft biological characteristic fusion method provides another idea for key generation in identity identification authentication.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments of the present invention will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of an access authentication and key derivation method for biometric identity authentication in a cloud and mist mixed scenario according to an embodiment of the present invention.
Fig. 2 is a flowchart of an enrollment phase and an authentication phase of an access authentication and key derivation method for biometric identity authentication in a cloud and mist mixed scenario according to an embodiment of the present invention.
Fig. 3 is a key derivation flowchart of an access authentication and key derivation method for biometric identity authentication in a cloud and mist mixed scenario according to an embodiment of the present invention.
Fig. 4 is an encryption and decryption flowchart of an access authentication and key derivation method for biometric identity authentication in a cloud and mist mixed scene according to an embodiment of the present invention.
Fig. 5 is a block diagram of an access authentication and key derivation system for biometric identity authentication according to an embodiment of the present invention;
in fig. 5: 1. a biological information acquisition module; 2. the fog node is accessed to an authentication module; 3. a user registration phase module; 4. a soft biometric fusion module; 5. a key derivation and encryption/decryption module; 6. and an authentication phase module.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In view of the problems in the prior art, the present invention provides an access authentication and key derivation method and system for biometric identity authentication, which will be described in detail below with reference to the accompanying drawings.
As shown in fig. 1, an access authentication and key derivation method for biometric identity authentication provided by an embodiment of the present invention includes the following steps:
s101, in a registration stage, a user registers in a trusted authentication center and uploads all information such as biological characteristics, soft biological characteristics, identity marks and the like; the fog nodes perform access authentication at the unified authentication cloud to obtain identity marks issued by the unified authentication cloud and a shared root key obtained through key agreement, and the fog nodes are accessed to the cloud and fog mixed network after registration is completed;
s102, in the authentication stage, a user uploads characteristic information and utilizes biological characteristics to identify the identity; the fog node and the unified authentication cloud use soft biological characteristics to fuse and generate parameters required by a soft biological characteristic key, and use key derivation to generate a soft biological characteristic key and a session key which are respectively used for encrypting and decrypting biological characteristics and session messages.
As shown in fig. 5, an access authentication and key derivation system for biometric identity authentication provided by an embodiment of the present invention includes:
the biological information acquisition module 1 is used for acquiring and uploading own soft biological characteristics and biological characteristics by a user, and respectively sending the soft biological characteristics and the biological characteristics to an authentication center and a fog node in a user registration stage and an authentication stage;
the fog node access authentication module 2 is used for registering the fog node which is not accessed into the cloud and fog mixed network at the unified authentication cloud to obtain a unique identity Fid, sharing a root key K with the unified authentication cloud through key agreement, and mapping the Fid and the K in a one-to-one manner. After the access authentication is completed, the cloud node is accessed to the cloud and mist mixed network;
and the user registration phase module 3 is used for realizing the registration of the user at the trusted authentication center. A user registers an identity mark at an authentication center, a biological information acquisition module is used for acquiring and uploading all information such as biological characteristics, soft biological characteristics, the identity mark and the like of the user, and the authentication center stores the user information into a local database;
the soft biological characteristic fusion module 4 is used for fusing the soft biological characteristic data by the fog node and the unified authentication cloud to generate parameters required by a soft biological characteristic key;
and the key derivation and encryption and decryption module 5 is used for generating two keys by the fog node and the unified authentication cloud through key derivation and required parameters: a soft biometric key and a session key for encrypting and decrypting the biometric and encrypting and decrypting the session message, respectively;
an authentication phase module 6 for confirming the user identity through biometric identification; wherein the fog node and the unified authentication cloud use a soft biometric fusion module and a key derivation and encryption/decryption module to protect the biometric and session messages.
The technical solution of the present invention is further described below with reference to specific examples.
The access authentication and key derivation method for the biological identification identity authentication in the cloud and mist mixed scene provided by the embodiment of the invention specifically comprises the following steps:
first, the registration phase, as shown in fig. 2, includes the following steps:
1. the user registers at the trusted authentication center AUC. The user sends a unique identity (which may be a user name or an identity card number, etc.) named by the user to the AUC. The AUC indicates the user to collect and upload the biological characteristics and the soft biological characteristics, and stores all the information of the biological characteristics, the soft biological characteristics, the identity marks and the like of the user in a local database;
2. the Cloud nodes FCC that are not registered at the Cloud of the unified certification Cloud need to be registered at the Cloud first. Cloud allocates a unique identity Fid for unregistered FCC, Cloud and FCC obtain a shared root key K through key negotiation, and Fid and K are mapped one to one. And after the registration is finished, the FCC accesses to the cloud and mist mixed network.
The authentication phase, as shown in fig. 2, includes the following steps:
the UE forwards the authentication request (including the supported soft biometric List SBC _ List, the biometric List BC _ List and the session identification Sid) via the mist node FCC to the unified authentication Cloud. The method comprises the steps that Cloud randomly selects a soft biometric sequence SBC _ Q used for Cloud filtering and database screening in an SBC _ List, the rest soft biometric sequences are used for generating soft biometric key encryption biometrics, the biometric sequence BC _ Q is randomly selected in the BC _ List for biometrics, and an authentication request is sent to an authentication center AUC. The AUC returns the soft biometric data of all users in the database to Cloud. Finally, the SBC _ Q and BC _ Q sequences are forwarded to the UE by the Cloud through the mist node FCC;
and 2, the UE receives the authentication response, collects the characteristics corresponding to the SBC _ List and the BC _ Q, marks the soft biological characteristics corresponding to the SBC _ Q as V _ SBC, marks the rest soft biological characteristics as K _ SBC and marks the collected biological characteristics as V _ BC in the collected characteristic data. Sending the message < V _ SBC, K _ SBC, V _ BC, Sid > to the mist node FCC;
3. the fogging node FCC receives the feature data, generates a soft biometric key K using K, K _ SBC and a key derivation algorithmSBCUsing KSBCEncrypting the V _ BC by using an encryption algorithm to generate a biological characteristic ciphertext C1; generation of session key K using K, Sid and SM3 algorithm derivationSESSIONUsing KSESSIONThe SM4 algorithm encryption session message is less than C1, V _ SBC > generates a transmission message ciphertext C2, and sends C2 and the session identifier Sid to the unified authentication Cloud;
4. after the Cloud receives the ciphertext, the session key K is derived and generated by using K, Sid and SM3 algorithmsSESSIONDecrypting the transmission message ciphertext C2 to obtain < C1, V _ SBC >; filtering and screening the stored user information by using the V _ SBC to generate a set S _ Vnickname ═ V _ Nickname | according with the Hash of the identity of the corresponding UEs of the V _ SBC }; utilizing K _ SBC for each UE in S _ VnicknameiAnd SM3 algorithm derived generation key attempts to decrypt the biometric ciphertext C1; if the decryption is successful, the users may be the same user; finally, the set S _ Nickname and the biological characteristic V _ BC obtained by successful decryption are sent to an authentication center AUC; and the AUC receives the authentication message, performs biological identification, forwards the authentication result to the UE through the Cloud and the FCC, and finishes authentication.
Third, the key derivation and encryption/decryption method, as shown in fig. 3 and 4, includes the following steps:
1. dividing K (the key length of K is 256bits in the example) obtained by negotiating the fog node FCC and the unified authentication Cloud key into SK (front 128bits) and BK (rear 128bits), and respectively deriving a session key and a soft biological characteristic fusion key. The FCC and the Cloud share the session identifier Sid and the soft biometric fusion parameter SBC, which will change in each different authentication request, and thus can be respectively used for different key derivation;
2. the mist node FCC receives the feature data, firstly, the soft biological feature fusion parameter SBC is calculated according to the K _ SBC:
SBC_sum=w1×K_SBC1+w2×K_SBC2+...+wjxK _ SBcj (K _ SBcj is the jth soft biometric of the user, wjSBC _ sum is a weighted sum of soft biometrics for the corresponding weights),
SBC ═ SBC _ sum/Δ > (here < … > stands for rounded down),
the soft biometric key K is then generated by key derivation using the SM3 algorithm and different parametersSBCAnd a session key KSESSION:
KSBC=SM3(BK,SBC),
KSESSION=SM3(SK,Sid),
Then use KSBCAnd the SM4 algorithm encrypts the biometric data to generate a biometric ciphertext C1:
C1=SM4(KSBC,V_BC),
using KSESSIONAnd the SM4 algorithm encrypts the transmission message to generate a transmission message ciphertext C2:
C2=SM4(KSESSION,<C1,V_SBC>),
finally, the FCC sends the C2 and the session identifier Sid to a unified authentication Cloud;
3. after the Cloud receives the ciphertext, the SM3 algorithm key derivation is firstly used for generating a session key KSESSION:
KSESSION=SM3(SK,Sid),
Using KSESSIONAnd the SM4 algorithm decrypts the transmission message ciphertext C2 to obtain < C1, V _ SBC >:
<C1,V_SBC>=SM4(KSESSION,C2),
and then, filtering and screening the stored user information by using the V _ SBC to find out all user groups which may be the same user to be authenticated, and generating a set S _ Vnickname ═ Hash corresponding to the identity of the corresponding UEs of the V _ SBC. For each UE in S _ Vnickname:
SBC_sumi=w1×K_SBC1i+w2×K_SBC2i+...+wj×K_SBCji(K_SBCjiis the j soft biometric of the i UE, wjSBC _ sum being the corresponding weightiA weighted sum of soft biometrics for the ith UE),
SBCi=<SBC_sumi[ delta ] > (Here)<…>Representing a rounding down),
using generated three keysAnd (3) attempting to decrypt the biometric ciphertext C1, and obtaining a biometric plaintext V _ BC if decryption is successful:
and finally, sending the successfully decrypted ID Hash set S _ Nickname and the biological characteristic V _ BC of the users to an authentication center AUC.
The identity authentication method can be used for identity authentication under various application scenes such as a mobile internet, the soft biological feature fusion and key derivation method brings convenience to access authentication and key management of mist nodes such as IoT equipment, the soft biological feature fusion method can be applied to a biological identity information authentication method (patent number: ZL201911129276.9) based on a 5G mist mixed unified authentication platform, and another thought is provided for key generation, key management and the like in identity identification authentication.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When used in whole or in part, can be implemented in a computer program product that includes one or more computer instructions. When loaded or executed on a computer, cause the flow or functions according to embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL), or wireless (e.g., infrared, wireless, microwave, etc.)). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that includes one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
The above description is only for the purpose of illustrating the present invention and the appended claims are not to be construed as limiting the scope of the invention, which is intended to cover all modifications, equivalents and improvements that are within the spirit and scope of the invention as defined by the appended claims.
Claims (10)
1. An access authentication and key derivation method for biometric identity authentication, the access authentication and key derivation method for biometric identity authentication comprising the steps of:
step one, in a registration stage, a user registers at a trusted authentication center and uploads all information such as biological characteristics, soft biological characteristics, identity marks and the like; the fog nodes perform access authentication at the unified authentication cloud to obtain identity marks issued by the unified authentication cloud and a shared root key obtained through key agreement, and the fog nodes are accessed to the cloud and fog mixed network after registration is completed;
step two, in the authentication stage, the user uploads characteristic information and utilizes biological characteristics to identify the identity; the fog node and the unified authentication cloud use soft biological characteristics to fuse and generate parameters required by a soft biological characteristic key, and use key derivation to generate a soft biological characteristic key and a session key which are respectively used for encrypting and decrypting biological characteristics and session messages.
2. The access authentication and key derivation method for biometric identity authentication of claim 1, wherein the enrollment phase in step one comprises:
(1) the user registers at a credible authentication center AUC; the user sends a unique identity named by the user to the AUC; the AUC indicates the user to collect and upload the biological characteristics and the soft biological characteristics, and all the information of the biological characteristics, the soft biological characteristics and the identity of the user is stored in a local database of the user;
(2) the method comprises the following steps that a fog node FCC which is not registered at a Cloud of a unified certification Cloud registers at the Cloud; distributing a unique identity identifier Fid for the unregistered FCC by the Cloud, obtaining a shared root key K by the Cloud and the FCC through key negotiation, and carrying out one-to-one mapping on the Fid and the K; and after the registration is finished, the FCC accesses to the cloud and mist mixed network.
3. The access authentication and key derivation method for biometric identity authentication according to claim 2, wherein the identity in step (1) is a user name or ID such as an identification number that can uniquely identify the user.
4. The access authentication and key derivation method for biometric identity authentication of claim 1, wherein the authentication phase in step two comprises:
(1) the UE forwards the authentication request (including the supported soft biometric List SBC _ List, the biometric List BC _ List and the session identification Sid) via the mist node FCC to the unified authentication Cloud. The method comprises the steps that Cloud randomly selects a soft biometric sequence SBC _ Q used for Cloud filtering and database screening in an SBC _ List, the rest soft biometric sequences are used for generating soft biometric key encryption biometrics, the biometric sequence BC _ Q is randomly selected in the BC _ List for biometrics, and an authentication request is sent to an authentication center AUC. The AUC returns the soft biometric data of all users in the database to Cloud. Finally, the SBC _ Q and BC _ Q sequences are forwarded to the UE by the Cloud through the mist node FCC;
(2) the UE receives the authentication response, collects the characteristics corresponding to the SBC _ List and the BC _ Q, marks the soft biological characteristics corresponding to the SBC _ Q as V _ SBC, marks the rest soft biological characteristics as K _ SBC and marks the collected biological characteristics as V _ BC in the collected characteristic data; sending the message < V _ SBC, K _ SBC, V _ BC, Sid > to the mist node FCC;
(3) the fogging node FCC receives the feature data, generates a soft biometric key K using K, K _ SBC and a key derivation algorithmSBCUsing KSBCEncrypting the V _ BC by using an encryption algorithm to generate a biological characteristic ciphertext C1; generation of session key K using K, Sid and SM3 algorithm derivationSESSIONUsing KSESSIONSM4 algorithm encryption session message < C1, V _ SBC > generates transmission message cipher text C2, and sends C2 and session identification Sid to unified authentication Cloud;
(4) after the Cloud receives the ciphertext, the session key K is derived and generated by using K, Sid and SM3 algorithmsSESSIONDecrypting the transmission message ciphertext C2 to obtain < C1, V _ SBC >; filtering and screening the stored user information by using the V _ SBC to generate a set S _ Vnickname ═ V _ Nickname | according with the Hash of the identity of the corresponding UEs of the V _ SBC }; utilizing K _ SBC for each UE in S _ VnicknameiAnd the SM3 algorithm derived generated key attempts to decrypt the biometric ciphertext C1, and if the decryption is successful, the same user is likely. Finally, the set S _ Nickname and the biological characteristic V _ BC obtained by successful decryption are sent to an authentication center AUC; and the AUC receives the authentication message, performs biological identification, forwards the authentication result to the UE through the Cloud and the FCC, and finishes authentication.
5. The access authentication and key derivation method for biometric identity authentication of claim 4, wherein the key derivation algorithm in the step (3) comprises MD5, SHA-256 and SM3, etc., preferably SM3 algorithm; the encryption and decryption algorithms in the steps (3) and (4) comprise AES, 3DES, SM4 and the like, and preferably SM4 algorithm.
6. The access authentication and key derivation method for biometric identity authentication of claim 1, wherein the access authentication and key derivation method for biometric identity authentication further comprises a mist node FCC and a unified authentication Cloud using biased soft biometrics to generate the same soft biometric key for encryption and decryption of biometrics; the key derivation and encryption and decryption method comprises the following steps:
(1) dividing K obtained by negotiating the fog node FCC and the unified certification Cloud key into SK and BK which are respectively used for deriving a session key and a soft biological feature fusion key; the FCC and the Cloud share a session identifier Sid and a soft biometric fusion parameter SBC, which are changed in each different authentication request and are respectively used for different key derivation in an auxiliary manner; the key length of K is 256bits, SK is the first 128bits, and BK is the second 128 bits;
(2) the mist node FCC receives the characteristic data, and calculates a soft biological characteristic fusion parameter SBC according to the K _ SBC:
SBC_sum=w1×K_SBC1+w2×K_SBC2+...+wjxK _ SBcj, where K _ SBcj is the jth soft biometric of the user, wjSBC _ sum is the weighted sum of the soft biometrics for the corresponding weights;
SBC ═ SBC _ sum/Δ >, where < … > represents rounded down;
generation of a soft biometric Key K by Key derivation Using the SM3 Algorithm and different parametersSBCAnd a session key KSESSION:
KSBC=SM3(BK,SBC),
KSESSION=SM3(SK,Sid);
Using KSBCAnd the SM4 algorithm encrypts the biometric data to generate a biometric ciphertext C1:
C1=SM4(KSBC,V_BC);
using KSESSIONAnd the SM4 algorithm encrypts the transmission message to generate a transmission message ciphertext C2:
C2=SM4(KSESSION,<C1,V_SBC>);
the FCC sends C2 and session identification Sid to the unified certification Cloud;
(3) after the Cloud receives the ciphertext, the SM3 algorithm key is used for deriving and generating a session key KSESSION:
KSESSION=SM3(SK,Sid);
Using KSESSIONAnd the SM4 algorithm decrypts the transmission message ciphertext C2 to obtain < C1, V _ SBC >:
<C1,V_SBC>=SM4(KSESSION,C2);
filtering and screening the stored user information by using the V _ SBC, finding out all user groups which may be the same user to be authenticated, and generating a set S _ Vnickname ═ V _ Nickname [ Hash of identity marks of corresponding UEs of the V _ SBC ]; for each UE in S _ Vnickname:
SBC_sumi=w1×K_SBC1i+w2×K_SBC2i+...+wj×K_SBCjiwherein K _ SBcjiIs the j soft biometric of the i UE, wjSBC _ sum being the corresponding weightiIs a weighted sum of soft biometrics for the ith UE;
SBCi=<SBC_sumi[ delta ] >, wherein<…>Represents rounding down;
using generated three keysAnd (3) attempting to decrypt the biometric ciphertext C1, and obtaining a biometric plaintext V _ BC if decryption is successful:
and sending the successfully decrypted ID Hash set S _ Nickname and the biological characteristic V _ BC of the users to an authentication center AUC.
7. An access authentication and key derivation system for biometric identity authentication implementing the access authentication and key derivation method for biometric identity authentication of any one of claims 1 to 6, the access authentication and key derivation system for biometric identity authentication comprising:
the biological information acquisition module is used for acquiring and uploading the soft biological characteristics and the biological characteristics of the user, and respectively sending the soft biological characteristics and the biological characteristics to the authentication center and the fog node in the user registration stage and the authentication stage;
and the fog node access authentication module is used for registering the fog nodes which are not accessed to the cloud and fog mixed network at the unified authentication cloud to obtain a unique identity Fid, sharing a root key K with the unified authentication cloud through key agreement, and mapping the Fid and the K in a one-to-one manner. After the access authentication is completed, the cloud node is accessed to the cloud and mist mixed network;
and the user registration phase module is used for realizing the registration of the user at the trusted authentication center. A user registers an identity mark at an authentication center, a biological information acquisition module is used for acquiring and uploading all information such as biological characteristics, soft biological characteristics, the identity mark and the like of the user, and the authentication center stores the user information into a local database;
the soft biological characteristic fusion module is used for fusing the soft biological characteristic data by the fog node and the unified authentication cloud to generate parameters required by a soft biological characteristic key;
and the key derivation and encryption and decryption module is used for generating two keys by the fog node and the unified authentication cloud through key derivation and required parameters: a soft biometric key and a session key for encrypting and decrypting the biometric and encrypting and decrypting the session message, respectively;
the authentication stage module is used for confirming the identity of the user through biological recognition; wherein the fog node and the unified authentication cloud use a soft biometric fusion module and a key derivation and encryption/decryption module to protect the biometric and session messages.
8. A computer device, characterized in that the computer device comprises a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to carry out the steps of:
in the registration stage, a user registers at a trusted authentication center and uploads all information such as biological characteristics, soft biological characteristics, identity marks and the like; the fog nodes perform access authentication at the unified authentication cloud to obtain identity marks issued by the unified authentication cloud and a shared root key obtained through key agreement, and the fog nodes are accessed to the cloud and fog mixed network after registration is completed;
in the authentication stage, a user uploads characteristic information and utilizes biological characteristics to identify the identity; the fog node and the unified authentication cloud use soft biological feature fusion to generate parameters required by a soft biological feature key, and use key derivation to generate a soft biological feature key and a session key which are respectively used for encrypting and decrypting biological features and session messages.
9. A computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:
in the registration stage, a user registers at a trusted authentication center and uploads all information such as biological characteristics, soft biological characteristics, identity marks and the like; the fog nodes perform access authentication at the unified authentication cloud to obtain identity marks issued by the unified authentication cloud and a shared root key obtained through key agreement, and the fog nodes are accessed to the cloud and fog mixed network after registration is completed;
in the authentication stage, a user uploads characteristic information and utilizes biological characteristics to identify the identity; the fog node and the unified authentication cloud use soft biological feature fusion to generate parameters required by a soft biological feature key, and use key derivation to generate a soft biological feature key and a session key which are respectively used for encrypting and decrypting biological features and session messages.
10. An information data processing terminal for implementing an access authentication and key derivation system for biometric identity authentication according to claim 7.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210191226.9A CN114553413B (en) | 2022-02-28 | 2022-02-28 | Access authentication and key derivation method and system for biometric identity authentication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210191226.9A CN114553413B (en) | 2022-02-28 | 2022-02-28 | Access authentication and key derivation method and system for biometric identity authentication |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114553413A true CN114553413A (en) | 2022-05-27 |
CN114553413B CN114553413B (en) | 2023-10-13 |
Family
ID=81662084
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210191226.9A Active CN114553413B (en) | 2022-02-28 | 2022-02-28 | Access authentication and key derivation method and system for biometric identity authentication |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114553413B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140282868A1 (en) * | 2013-03-15 | 2014-09-18 | Micah Sheller | Method And Apparatus To Effect Re-Authentication |
CN110392029A (en) * | 2018-04-20 | 2019-10-29 | 武汉真元生物数据有限公司 | Identity identifying method and system based on biological identification |
CN111131153A (en) * | 2019-11-18 | 2020-05-08 | 西安电子科技大学 | Biological identity information authentication method based on 5G cloud and mist mixed unified authentication platform |
CN112954675A (en) * | 2021-03-02 | 2021-06-11 | 西安电子科技大学 | Multi-gateway authentication method, system, storage medium, computer device and terminal |
CN113115307A (en) * | 2021-04-12 | 2021-07-13 | 北京邮电大学 | Two-factor identity authentication method oriented to smart home scene |
US11139964B1 (en) * | 2018-09-07 | 2021-10-05 | Wells Fargo Bank, N.A. | Biometric authenticated biometric enrollment |
-
2022
- 2022-02-28 CN CN202210191226.9A patent/CN114553413B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140282868A1 (en) * | 2013-03-15 | 2014-09-18 | Micah Sheller | Method And Apparatus To Effect Re-Authentication |
CN110392029A (en) * | 2018-04-20 | 2019-10-29 | 武汉真元生物数据有限公司 | Identity identifying method and system based on biological identification |
US11139964B1 (en) * | 2018-09-07 | 2021-10-05 | Wells Fargo Bank, N.A. | Biometric authenticated biometric enrollment |
CN111131153A (en) * | 2019-11-18 | 2020-05-08 | 西安电子科技大学 | Biological identity information authentication method based on 5G cloud and mist mixed unified authentication platform |
CN112954675A (en) * | 2021-03-02 | 2021-06-11 | 西安电子科技大学 | Multi-gateway authentication method, system, storage medium, computer device and terminal |
CN113115307A (en) * | 2021-04-12 | 2021-07-13 | 北京邮电大学 | Two-factor identity authentication method oriented to smart home scene |
Non-Patent Citations (2)
Title |
---|
张昊迪;刘国荣;汪来富;王帅;: "基于区块链技术的跨域身份认证机制研究", 广东通信技术, no. 07 * |
陈泗盛;林艳珍;郭永宁;: "一种基于生物特征密钥保护技术的身份认证方案", 太原师范学院学报(自然科学版), no. 03 * |
Also Published As
Publication number | Publication date |
---|---|
CN114553413B (en) | 2023-10-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111355745B (en) | Cross-domain identity authentication method based on edge computing network architecture | |
CN103763319B (en) | Method for safely sharing mobile cloud storage light-level data | |
CN111314056B (en) | Heaven and earth integrated network anonymous access authentication method based on identity encryption system | |
CN103124269B (en) | Based on the Bidirectional identity authentication method of dynamic password and biological characteristic under cloud environment | |
CN111212084B (en) | Attribute encryption access control method facing edge calculation | |
US8527762B2 (en) | Method for realizing an authentication center and an authentication system thereof | |
CN103179114A (en) | Fine-grained access control method for data in cloud storage | |
CN106899700B (en) | Privacy protection method of location sharing system in mobile social network | |
WO2020186823A1 (en) | Blockchain-based data querying method, device, system and apparatus, and storage medium | |
US9608971B2 (en) | Method and apparatus for using a bootstrapping protocol to secure communication between a terminal and cooperating servers | |
CN103731432A (en) | Multi-user supported searchable encryption system and method | |
CN110868290B (en) | Key service method and device without central control | |
CN112910861A (en) | Group authentication and segmented authentication-based authentication method for terminal equipment of power internet of things | |
CN113572765B (en) | Lightweight identity authentication key negotiation method for resource-limited terminal | |
CN110933033A (en) | Cross-domain access control method for multiple Internet of things domains in smart city environment | |
CN113411323B (en) | Medical record data access control system and method based on attribute encryption | |
Rana et al. | Efficient and secure attribute based access control architecture for smart healthcare | |
Pal et al. | Policy-based access control for constrained healthcare resources | |
CN113645195A (en) | Ciphertext access control system and method based on CP-ABE and SM4 | |
CN107767281A (en) | A kind of friend-making matching method for secret protection and system based on two degree of human connections of mobile social networking | |
CN112087422A (en) | Outsourcing access control method based on attribute encryption in edge calculation | |
CN110493177B (en) | Method and system for quantum communication service station AKA key negotiation based on asymmetric key pool pair and serial number | |
CN109561431B (en) | WLAN access control system and method based on multi-password identity authentication | |
CN116208330A (en) | Industrial Internet cloud-edge cooperative data secure transmission method and system based on quantum encryption | |
CN116233843A (en) | B5G/6G network slice authentication method for industrial Internet |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |