CN114553413A - Access authentication and key derivation method and system for biological identification identity authentication - Google Patents

Access authentication and key derivation method and system for biological identification identity authentication Download PDF

Info

Publication number
CN114553413A
CN114553413A CN202210191226.9A CN202210191226A CN114553413A CN 114553413 A CN114553413 A CN 114553413A CN 202210191226 A CN202210191226 A CN 202210191226A CN 114553413 A CN114553413 A CN 114553413A
Authority
CN
China
Prior art keywords
authentication
key
cloud
sbc
soft
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210191226.9A
Other languages
Chinese (zh)
Other versions
CN114553413B (en
Inventor
付玉龙
刘梦如
曹进
李晖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN202210191226.9A priority Critical patent/CN114553413B/en
Publication of CN114553413A publication Critical patent/CN114553413A/en
Application granted granted Critical
Publication of CN114553413B publication Critical patent/CN114553413B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Abstract

The invention belongs to the technical field of key management and identity authentication related application, and discloses an access authentication and key derivation method and a system for biometric identity authentication.A user registers at a trusted authentication center in a registration stage and uploads all information such as biological characteristics, soft biological characteristics, identity identification and the like; the fog nodes perform access authentication at the unified authentication cloud to obtain identity marks issued by the unified authentication cloud and a shared root key obtained through key agreement, and the fog nodes are accessed to the cloud and fog mixed network after registration is completed; in the authentication stage, a user uploads characteristic information and utilizes biological characteristics to identify the identity; the fog node and the unified authentication cloud use soft biological feature fusion to generate parameters required by a soft biological feature key, and use key derivation to generate a soft biological feature key and a session key which are respectively used for encrypting and decrypting biological features and session messages. The invention can obviously reduce the risk of deciphering the secret key and enhance the confidentiality of the biological characteristic privacy information of the user.

Description

Access authentication and key derivation method and system for biological identification identity authentication
Technical Field
The invention belongs to the technical field of key management and identity authentication related application, and particularly relates to an access authentication and key derivation method and system for biometric identity authentication.
Background
At present, fog computing is an intermediate state between cloud computing and personal computing, and is a semi-virtual intelligent service computing type. The fog nodes with low cost and certain information processing capacity and storage capacity share part of work of the cloud, so that the pressure of the cloud is greatly reduced; meanwhile, as a distributed system closer to the bottom layer, the fog node can process part of services of the user in time, and the requirement of the user on real-time service in the mobile network is met. Through the calculation, storage and network communication services provided by the fog nodes, the calculation, analysis and processing of data are closer to users, so that the response delay and storage overhead of user business in cloud processing are reduced, the consumption of wireless resources is reduced, the energy consumption of terminal equipment is reduced, the standby time is prolonged, and even the calculation services can be continuously provided in an area without Internet coverage. Therefore, by utilizing the characteristics of strong data processing and storage capacity of the cloud, low cost, expandability and certain data processing and storage capacity of the cloud node, the cloud and fog mixed computing mode becomes a high-efficiency computing mode in the current mobile internet technology. However, the communication between the cloud node and the cloud end needs to satisfy confidentiality, security, and the like through encryption protection.
Currently, the modes widely used in biometric authentication (for example, IOS, android, etc.) are all processes for implementing biometric calculation and identification on a terminal device, which will cause frequent calling of a CPU by the terminal device, and reduce standby time. In addition, in a short time, a large number of user authentication requests also cause too high load pressure on the authentication server, which not only reduces the service experience of the user, but also is an extremely high server maintenance cost for enterprises. And the cloud and mist mixed structure calculation mode has the advantages of high efficiency and low cost, so that the biological identification can realize convenient and efficient identity authentication by means of the cloud and mist mixed structure mode. However, biometric identification using biometrics requires confidentiality and security of biometrics during transmission. Soft biometrics is a concept that is "soft" relative to traditional biometrics, such that soft biometrics cannot uniquely identify a person, and facial features, body features, etc. are soft biometrics, such as height, gender, race, weight, body fat, skin tone, etc. Because the soft biological characteristics have non-privacy and partial confidentiality, the soft biological characteristics have a considerable prospect of protecting the biological characteristics.
However, it is necessary to determine how to prevent the illegal foggy node from accessing the network, and to interfere with the normal flow, i.e. to ensure that the foggy node is authentic. The security of the message transmitted by the fog node and the cloud is guaranteed, the transmitted session message is guaranteed not to be monitored and tampered by an attacker, the message is generally required to be encrypted, and therefore a required key needs to be generated through key agreement. Although the current key agreement algorithm can guarantee high security, the key is kept unchanged for a period of time, which will increase the risk of key leakage and cracking in the process of information transmission. In addition, the overhead of key management is also an issue. The confidentiality and privacy of the biological characteristics should be ensured by encryption in the process of uploading the biological characteristic data of the user.
The patent "biometric identity information authentication method based on 5G cloud and mist mixed unified authentication platform" (patent No. ZL201911129276.9) proposes an application of biometric identification in a cloud and mist mixed environment, and a general idea of using a soft biometric feature generation key to encrypt and decrypt biometric features, but does not propose a specific method, nor relate to technologies such as access management and key management of mist nodes.
Through the above analysis, the problems and defects of the prior art are as follows:
(1) the widely used mode in the biometric authentication is all processes of realizing biometric calculation and identification on the terminal device, which causes the terminal device to frequently call the CPU, and reduces the standby time.
(2) The large-scale user authentication requests can cause too high load pressure on the authentication server in a short time, the service experience of the user is reduced, and the method is also extremely high server maintenance cost for enterprises.
(3) The existing key agreement algorithm is kept unchanged for a period of time, so that the risk of key leakage and cracking in the information transmission process is increased, and the overhead of key management is also a problem.
The difficulty in solving the above problems and defects is: the fog node needs to be connected to the cloud to complete registration and possess a trusted identity before formally providing service. The encryption and decryption session messages of the fog nodes and the cloud end and the keys of the biological characteristics need to be generated and managed, the used keys need to meet the forward security, and the keys need to be managed in a cost-saving mode and with low expenditure.
The significance of solving the problems and the defects is as follows: a complete access authentication and key derivation scheme is provided, two keys required in the biometric identification process under the cloud and mist mixed scene are uniformly subjected to key derivation and management, different keys are used in different authentication requests, the forward security can be met, the management is easy, and the expense is reduced. In addition, the non-privacy soft biological characteristics are used for assisting in generating a soft biological characteristic key and encrypting biological characteristics, but the soft biological characteristics acquired at different time and different places are not completely the same and have certain deviation, so that the problem of how to generate the same soft biological characteristic key at the cloud node and the cloud end is solved by the scheme provided, and the defects in the aspects of key generation, key management and the like in the '5G cloud and mist mixed unified authentication platform-based biometric identity information authentication method' (patent number: ZL201911129276.9) are powerfully overcome.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides an access authentication and key derivation method and system for biometric identity authentication, and particularly relates to an access authentication and key derivation method and system for biometric identity authentication in a cloud and mist mixed scene.
The invention is realized in such a way that an access authentication and key derivation method for biometric identity authentication comprises the following steps:
step one, in a registration stage, a user registers at a trusted authentication center and uploads all information such as biological characteristics, soft biological characteristics, identity marks and the like; and the fog node performs access authentication at the unified authentication cloud to obtain an identity issued by the unified authentication cloud and a shared root key obtained through key agreement, and the fog node is accessed to the cloud and fog mixed network after registration is completed. The step is a precondition, and various information required by the scheme can be formally authenticated only after being stored in a database through a registration stage;
step two, in the authentication stage, the user uploads characteristic information and utilizes biological characteristics to identify the identity; the fog node and the unified authentication cloud use soft biological characteristics to fuse and generate parameters required by a soft biological characteristic key, and use key derivation to generate a soft biological characteristic key and a session key which are respectively used for encrypting and decrypting biological characteristics and session messages. The step is a formal use stage, and the confidentiality of the biological characteristics and the session message can be ensured by utilizing the key generation and encryption and decryption method provided by the scheme in the biological identification identity authentication system.
Further, the registration phase in the first step includes:
(1) the user registers at a credible authentication center AUC; the user sends a unique identity named by the user to the AUC; the AUC indicates the user to collect and upload the biological characteristics and the soft biological characteristics, and all the information of the biological characteristics, the soft biological characteristics and the identity of the user is stored in a local database of the user;
(2) the method comprises the following steps that a fog node FCC which is not registered at a Cloud of a unified certification Cloud registers at the Cloud; distributing a unique identity identifier Fid for the unregistered FCC by the Cloud, obtaining a shared root key K by the Cloud and the FCC through key negotiation, and carrying out one-to-one mapping on the Fid and the K; and after the registration is finished, the FCC accesses to the cloud and mist mixed network.
Further, the identity identifier in the step (1) is a user name or an ID such as an identification number that can uniquely identify the user identity.
Further, the authentication phase in the second step includes:
(1) the UE forwards the authentication request (including the supported soft biometric List SBC _ List, the biometric List BC _ List and the session identification Sid) via the mist node FCC to the unified authentication Cloud. The method comprises the steps that Cloud randomly selects a soft biometric sequence SBC _ Q used for Cloud filtering and database screening in an SBC _ List, the rest soft biometric sequences are used for generating soft biometric key encryption biometrics, the biometric sequence BC _ Q is randomly selected in the BC _ List for biometrics, and an authentication request is sent to an authentication center AUC. The AUC returns the soft biometric data of all users in the database to Cloud. Finally, the SBC _ Q and BC _ Q sequences are forwarded to the UE by the Cloud through the mist node FCC;
(2) the UE receives the authentication response, collects the characteristics corresponding to the SBC _ List and the BC _ Q, and in the collected characteristic data, the soft biological characteristic corresponding to the SBC _ Q is marked as V _ SBC, the rest soft biological characteristics are marked as K _ SBC, and the collected biological characteristic is marked as V _ BC; sending the message < V _ SBC, K _ SBC, V _ BC, Sid > to the mist node FCC;
(3) the fogging node FCC receives the feature data, generates a soft biometric key K using K, K _ SBC and a key derivation algorithmSBCUsing KSBCEncrypting the V _ BC by using an encryption algorithm to generate a biological characteristic ciphertext C1; generation of session key K using K, Sid and SM3 algorithm derivationSESSIONUsing KSESSIONSM4 algorithm encryption session message < C1, V _ SBC > generates transmission message cipher text C2, and sends C2 and session identification Sid to unified authentication Cloud;
(4) after the Cloud receives the ciphertext, the session key K is derived and generated by using K, Sid and SM3 algorithmsSESSIONDecrypting the transmission message ciphertext C2 to obtain < C1, V _ SBC >; filtering and screening the stored user information by using the V _ SBC to generate a set S _ Vnickname ═ V _ Nickname | according with the Hash of the identity of the corresponding UEs of the V _ SBC }; utilizing K _ SBC for each UE in S _ VnicknameiAnd SM3 algorithm derived generation key attempts to decrypt the biometric ciphertext C1;if the decryption is successful, the users may be the same user; sending the set S _ Nickname obtained by successful decryption and the biological feature V _ BC obtained by decryption to an authentication center AUC; and the AUC receives the authentication message, performs biological identification, forwards the authentication result to the UE through the Cloud and the FCC, and finishes authentication.
Further, the key derivation algorithm in the step (3) includes MD5, SHA-256, SM3, and the like, preferably SM3 algorithm; the encryption and decryption algorithms in the steps (3) and (4) comprise AES, 3DES, SM4 and the like, and preferably SM4 algorithm.
Further, the access authentication and key derivation method for biometric identity authentication further comprises the steps that the mist node FCC and the unified authentication Cloud utilize the biased soft biometrics to generate the same soft biometrics key for encryption and decryption biometrics; the key derivation and encryption and decryption method comprises the following steps:
(1) dividing K obtained by negotiating the fog node FCC and the unified certification Cloud key into SK and BK which are respectively used for deriving a session key and a soft biological feature fusion key; the FCC and the Cloud share a session identifier Sid and a soft biometric fusion parameter SBC, which are changed in each different authentication request and are respectively used for different key derivation in an auxiliary manner; the key length of K is 256bits, SK is the first 128bits, and BK is the second 128 bits;
(2) the mist node FCC receives the characteristic data, and calculates a soft biological characteristic fusion parameter SBC according to the K _ SBC:
SBC_sum=w1×K_SBC1+w2×K_SBC2+...+wjxK _ SBcj, where K _ SBcj is the jth soft biometric of the user, wjSBC _ sum is the weighted sum of the soft biometrics for the corresponding weights;
SBC ═ SBC _ sum/Δ >, where < … > represents rounded down;
generation of a soft biometric Key K by Key derivation Using the SM3 Algorithm and different parametersSBCAnd a session key KSESSION
KSBC=SM3(BK,SBC),
KSESSION=SM3(SK,Sid);
Using KSBCAnd SMThe 4 algorithm encrypts the biometric data to generate a biometric ciphertext C1:
C1=SM4(KSBC,V_BC);
using KSESSIONAnd the SM4 algorithm encrypts the transmission message to generate a transmission message ciphertext C2:
C2=SM4(KSESSION,<C1,V_SBC>);
the FCC sends C2 and session identification Sid to the unified certification Cloud;
(3) after the Cloud receives the ciphertext, the SM3 algorithm key is used for deriving and generating a session key KSESSION
KSESSION=SM3(SK,Sid);
Using KSESSIONAnd the SM4 algorithm decrypts the transmission message ciphertext C2 to obtain < C1, V _ SBC >:
<C1,V_SBC>=SM4(KSESSION,C2);
filtering and screening the stored user information by using the V _ SBC, finding out all user groups which may be the same user to be authenticated, and generating a set S _ Vnickname ═ V _ Nickname [ Hash of identity marks of corresponding UEs of the V _ SBC ]; for each UE in S _ Vnickname:
SBC_sumi=w1×K_SBC1i+w2×K_SBC2i+...+wj×K_SBCjiwherein K _ SBcjiIs the j soft biometric of the i UE, wjSBC _ sum being the corresponding weightiIs a weighted sum of soft biometrics for the ith UE;
SBCi=<SBC_sumi[ delta ] >, wherein<…>Represents rounding down;
Figure BDA0003524530850000061
Figure BDA0003524530850000062
Figure BDA0003524530850000063
using generated three keys
Figure BDA0003524530850000064
And (3) attempting to decrypt the biometric ciphertext C1, and obtaining a biometric plaintext V _ BC if decryption is successful:
Figure BDA0003524530850000071
and sending the successfully decrypted ID Hash set S _ Nickname and the biological characteristic V _ BC of the users to an authentication center AUC.
Another object of the present invention is to provide an access authentication and key derivation system for biometric identity authentication applying the access authentication and key derivation method for biometric identity authentication, the access authentication and key derivation system for biometric identity authentication including:
the biological information acquisition module is used for acquiring and uploading the soft biological characteristics and the biological characteristics of the user, and respectively sending the soft biological characteristics and the biological characteristics to the authentication center and the fog node in the user registration stage and the authentication stage;
and the fog node access authentication module is used for registering the fog nodes which are not accessed to the cloud and fog mixed network at the unified authentication cloud to obtain a unique identity Fid, sharing a root key K with the unified authentication cloud through key agreement, and mapping the Fid and the K in a one-to-one manner. After the access authentication is completed, the cloud node is accessed to the cloud and mist mixed network;
and the user registration phase module is used for realizing the registration of the user at the trusted authentication center. A user registers an identity mark at an authentication center, a biological information acquisition module is used for acquiring and uploading all information such as biological characteristics, soft biological characteristics, the identity mark and the like of the user, and the authentication center stores the user information into a local database;
the soft biological characteristic fusion module is used for fusing the soft biological characteristic data by the fog node and the unified authentication cloud to generate parameters required by a soft biological characteristic key;
and the key derivation and encryption and decryption module is used for generating two keys by the fog node and the unified authentication cloud through key derivation and required parameters: a soft biometric key and a session key for encrypting and decrypting the biometric and encrypting and decrypting the session message, respectively;
the authentication stage module is used for confirming the identity of the user through biological recognition; wherein the fog node and the unified authentication cloud use a soft biometric fusion module and a key derivation and encryption/decryption module to protect the biometric and session messages.
It is a further object of the invention to provide a computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of:
in the registration stage, a user registers at a trusted authentication center and uploads all information such as biological characteristics, soft biological characteristics, identity marks and the like; the fog nodes perform access authentication at the unified authentication cloud to obtain identity marks issued by the unified authentication cloud and a shared root key obtained through key agreement, and the fog nodes are accessed to the cloud and fog mixed network after registration is completed;
in the authentication stage, a user uploads characteristic information and utilizes biological characteristics to identify the identity; the fog node and the unified authentication cloud use soft biological feature fusion to generate parameters required by a soft biological feature key, and use key derivation to generate a soft biological feature key and a session key which are respectively used for encrypting and decrypting biological features and session messages.
It is another object of the present invention to provide a computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:
in the registration stage, a user registers in a trusted authentication center and uploads all information such as biological characteristics, soft biological characteristics, identity identification and the like; the fog nodes perform access authentication at the unified authentication cloud to obtain identity marks issued by the unified authentication cloud and a shared root key obtained through key agreement, and the fog nodes are accessed to the cloud and fog mixed network after registration is completed;
in the authentication stage, a user uploads characteristic information and utilizes biological characteristics to identify the identity; the fog node and the unified authentication cloud use soft biological feature fusion to generate parameters required by a soft biological feature key, and use key derivation to generate a soft biological feature key and a session key which are respectively used for encrypting and decrypting biological features and session messages.
Another object of the present invention is to provide an information data processing terminal for implementing the access authentication and key derivation system for biometric identity authentication.
By combining all the technical schemes, the invention has the advantages and positive effects that: the access authentication and key derivation method and system for the biological identification identity authentication provided by the invention can prevent the access of illegal fog nodes by the access authentication between the fog nodes and the unified authentication cloud, and the shared key obtained by key agreement is used as a root key, the non-privacy soft biological characteristics and the session identification are used as parameters, the soft biological characteristic key and the session key are respectively generated by key derivation, the parameters used in each authentication request, and hence the key derived from the key derivation, will change, the method can meet the forward security, obviously reduce the risk of deciphering the secret key, enhance the confidentiality of biological characteristic data and session information, and powerfully make up for the defects of secret key generation, secret key management and the like in the 'biological identity information authentication method based on 5G cloud and mist mixed unified authentication platform' (patent number ZL 201911129276.9).
The identity authentication in the invention can be used for identity authentication in various application scenes such as mobile internet, and the method of soft biological feature fusion and key derivation in the invention brings convenience for access authentication and key management of mist nodes such as IoT equipment; the soft biological characteristic key and the session key in different authentication requests can be changed, the risk of deciphering the key can be obviously reduced, the confidentiality of the user biological characteristic privacy information is enhanced, and the proposed soft biological characteristic fusion method provides another idea for key generation in identity identification authentication.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments of the present invention will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a flowchart of an access authentication and key derivation method for biometric identity authentication in a cloud and mist mixed scenario according to an embodiment of the present invention.
Fig. 2 is a flowchart of an enrollment phase and an authentication phase of an access authentication and key derivation method for biometric identity authentication in a cloud and mist mixed scenario according to an embodiment of the present invention.
Fig. 3 is a key derivation flowchart of an access authentication and key derivation method for biometric identity authentication in a cloud and mist mixed scenario according to an embodiment of the present invention.
Fig. 4 is an encryption and decryption flowchart of an access authentication and key derivation method for biometric identity authentication in a cloud and mist mixed scene according to an embodiment of the present invention.
Fig. 5 is a block diagram of an access authentication and key derivation system for biometric identity authentication according to an embodiment of the present invention;
in fig. 5: 1. a biological information acquisition module; 2. the fog node is accessed to an authentication module; 3. a user registration phase module; 4. a soft biometric fusion module; 5. a key derivation and encryption/decryption module; 6. and an authentication phase module.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In view of the problems in the prior art, the present invention provides an access authentication and key derivation method and system for biometric identity authentication, which will be described in detail below with reference to the accompanying drawings.
As shown in fig. 1, an access authentication and key derivation method for biometric identity authentication provided by an embodiment of the present invention includes the following steps:
s101, in a registration stage, a user registers in a trusted authentication center and uploads all information such as biological characteristics, soft biological characteristics, identity marks and the like; the fog nodes perform access authentication at the unified authentication cloud to obtain identity marks issued by the unified authentication cloud and a shared root key obtained through key agreement, and the fog nodes are accessed to the cloud and fog mixed network after registration is completed;
s102, in the authentication stage, a user uploads characteristic information and utilizes biological characteristics to identify the identity; the fog node and the unified authentication cloud use soft biological characteristics to fuse and generate parameters required by a soft biological characteristic key, and use key derivation to generate a soft biological characteristic key and a session key which are respectively used for encrypting and decrypting biological characteristics and session messages.
As shown in fig. 5, an access authentication and key derivation system for biometric identity authentication provided by an embodiment of the present invention includes:
the biological information acquisition module 1 is used for acquiring and uploading own soft biological characteristics and biological characteristics by a user, and respectively sending the soft biological characteristics and the biological characteristics to an authentication center and a fog node in a user registration stage and an authentication stage;
the fog node access authentication module 2 is used for registering the fog node which is not accessed into the cloud and fog mixed network at the unified authentication cloud to obtain a unique identity Fid, sharing a root key K with the unified authentication cloud through key agreement, and mapping the Fid and the K in a one-to-one manner. After the access authentication is completed, the cloud node is accessed to the cloud and mist mixed network;
and the user registration phase module 3 is used for realizing the registration of the user at the trusted authentication center. A user registers an identity mark at an authentication center, a biological information acquisition module is used for acquiring and uploading all information such as biological characteristics, soft biological characteristics, the identity mark and the like of the user, and the authentication center stores the user information into a local database;
the soft biological characteristic fusion module 4 is used for fusing the soft biological characteristic data by the fog node and the unified authentication cloud to generate parameters required by a soft biological characteristic key;
and the key derivation and encryption and decryption module 5 is used for generating two keys by the fog node and the unified authentication cloud through key derivation and required parameters: a soft biometric key and a session key for encrypting and decrypting the biometric and encrypting and decrypting the session message, respectively;
an authentication phase module 6 for confirming the user identity through biometric identification; wherein the fog node and the unified authentication cloud use a soft biometric fusion module and a key derivation and encryption/decryption module to protect the biometric and session messages.
The technical solution of the present invention is further described below with reference to specific examples.
The access authentication and key derivation method for the biological identification identity authentication in the cloud and mist mixed scene provided by the embodiment of the invention specifically comprises the following steps:
first, the registration phase, as shown in fig. 2, includes the following steps:
1. the user registers at the trusted authentication center AUC. The user sends a unique identity (which may be a user name or an identity card number, etc.) named by the user to the AUC. The AUC indicates the user to collect and upload the biological characteristics and the soft biological characteristics, and stores all the information of the biological characteristics, the soft biological characteristics, the identity marks and the like of the user in a local database;
2. the Cloud nodes FCC that are not registered at the Cloud of the unified certification Cloud need to be registered at the Cloud first. Cloud allocates a unique identity Fid for unregistered FCC, Cloud and FCC obtain a shared root key K through key negotiation, and Fid and K are mapped one to one. And after the registration is finished, the FCC accesses to the cloud and mist mixed network.
The authentication phase, as shown in fig. 2, includes the following steps:
the UE forwards the authentication request (including the supported soft biometric List SBC _ List, the biometric List BC _ List and the session identification Sid) via the mist node FCC to the unified authentication Cloud. The method comprises the steps that Cloud randomly selects a soft biometric sequence SBC _ Q used for Cloud filtering and database screening in an SBC _ List, the rest soft biometric sequences are used for generating soft biometric key encryption biometrics, the biometric sequence BC _ Q is randomly selected in the BC _ List for biometrics, and an authentication request is sent to an authentication center AUC. The AUC returns the soft biometric data of all users in the database to Cloud. Finally, the SBC _ Q and BC _ Q sequences are forwarded to the UE by the Cloud through the mist node FCC;
and 2, the UE receives the authentication response, collects the characteristics corresponding to the SBC _ List and the BC _ Q, marks the soft biological characteristics corresponding to the SBC _ Q as V _ SBC, marks the rest soft biological characteristics as K _ SBC and marks the collected biological characteristics as V _ BC in the collected characteristic data. Sending the message < V _ SBC, K _ SBC, V _ BC, Sid > to the mist node FCC;
3. the fogging node FCC receives the feature data, generates a soft biometric key K using K, K _ SBC and a key derivation algorithmSBCUsing KSBCEncrypting the V _ BC by using an encryption algorithm to generate a biological characteristic ciphertext C1; generation of session key K using K, Sid and SM3 algorithm derivationSESSIONUsing KSESSIONThe SM4 algorithm encryption session message is less than C1, V _ SBC > generates a transmission message ciphertext C2, and sends C2 and the session identifier Sid to the unified authentication Cloud;
4. after the Cloud receives the ciphertext, the session key K is derived and generated by using K, Sid and SM3 algorithmsSESSIONDecrypting the transmission message ciphertext C2 to obtain < C1, V _ SBC >; filtering and screening the stored user information by using the V _ SBC to generate a set S _ Vnickname ═ V _ Nickname | according with the Hash of the identity of the corresponding UEs of the V _ SBC }; utilizing K _ SBC for each UE in S _ VnicknameiAnd SM3 algorithm derived generation key attempts to decrypt the biometric ciphertext C1; if the decryption is successful, the users may be the same user; finally, the set S _ Nickname and the biological characteristic V _ BC obtained by successful decryption are sent to an authentication center AUC; and the AUC receives the authentication message, performs biological identification, forwards the authentication result to the UE through the Cloud and the FCC, and finishes authentication.
Third, the key derivation and encryption/decryption method, as shown in fig. 3 and 4, includes the following steps:
1. dividing K (the key length of K is 256bits in the example) obtained by negotiating the fog node FCC and the unified authentication Cloud key into SK (front 128bits) and BK (rear 128bits), and respectively deriving a session key and a soft biological characteristic fusion key. The FCC and the Cloud share the session identifier Sid and the soft biometric fusion parameter SBC, which will change in each different authentication request, and thus can be respectively used for different key derivation;
2. the mist node FCC receives the feature data, firstly, the soft biological feature fusion parameter SBC is calculated according to the K _ SBC:
SBC_sum=w1×K_SBC1+w2×K_SBC2+...+wjxK _ SBcj (K _ SBcj is the jth soft biometric of the user, wjSBC _ sum is a weighted sum of soft biometrics for the corresponding weights),
SBC ═ SBC _ sum/Δ > (here < … > stands for rounded down),
the soft biometric key K is then generated by key derivation using the SM3 algorithm and different parametersSBCAnd a session key KSESSION
KSBC=SM3(BK,SBC),
KSESSION=SM3(SK,Sid),
Then use KSBCAnd the SM4 algorithm encrypts the biometric data to generate a biometric ciphertext C1:
C1=SM4(KSBC,V_BC),
using KSESSIONAnd the SM4 algorithm encrypts the transmission message to generate a transmission message ciphertext C2:
C2=SM4(KSESSION,<C1,V_SBC>),
finally, the FCC sends the C2 and the session identifier Sid to a unified authentication Cloud;
3. after the Cloud receives the ciphertext, the SM3 algorithm key derivation is firstly used for generating a session key KSESSION
KSESSION=SM3(SK,Sid),
Using KSESSIONAnd the SM4 algorithm decrypts the transmission message ciphertext C2 to obtain < C1, V _ SBC >:
<C1,V_SBC>=SM4(KSESSION,C2),
and then, filtering and screening the stored user information by using the V _ SBC to find out all user groups which may be the same user to be authenticated, and generating a set S _ Vnickname ═ Hash corresponding to the identity of the corresponding UEs of the V _ SBC. For each UE in S _ Vnickname:
SBC_sumi=w1×K_SBC1i+w2×K_SBC2i+...+wj×K_SBCji(K_SBCjiis the j soft biometric of the i UE, wjSBC _ sum being the corresponding weightiA weighted sum of soft biometrics for the ith UE),
SBCi=<SBC_sumi[ delta ] > (Here)<…>Representing a rounding down),
Figure BDA0003524530850000141
Figure BDA0003524530850000142
Figure BDA0003524530850000143
using generated three keys
Figure BDA0003524530850000144
And (3) attempting to decrypt the biometric ciphertext C1, and obtaining a biometric plaintext V _ BC if decryption is successful:
Figure BDA0003524530850000145
and finally, sending the successfully decrypted ID Hash set S _ Nickname and the biological characteristic V _ BC of the users to an authentication center AUC.
The identity authentication method can be used for identity authentication under various application scenes such as a mobile internet, the soft biological feature fusion and key derivation method brings convenience to access authentication and key management of mist nodes such as IoT equipment, the soft biological feature fusion method can be applied to a biological identity information authentication method (patent number: ZL201911129276.9) based on a 5G mist mixed unified authentication platform, and another thought is provided for key generation, key management and the like in identity identification authentication.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When used in whole or in part, can be implemented in a computer program product that includes one or more computer instructions. When loaded or executed on a computer, cause the flow or functions according to embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, the computer instructions may be transmitted from one website site, computer, server, or data center to another website site, computer, server, or data center via wire (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL), or wireless (e.g., infrared, wireless, microwave, etc.)). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that includes one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
The above description is only for the purpose of illustrating the present invention and the appended claims are not to be construed as limiting the scope of the invention, which is intended to cover all modifications, equivalents and improvements that are within the spirit and scope of the invention as defined by the appended claims.

Claims (10)

1. An access authentication and key derivation method for biometric identity authentication, the access authentication and key derivation method for biometric identity authentication comprising the steps of:
step one, in a registration stage, a user registers at a trusted authentication center and uploads all information such as biological characteristics, soft biological characteristics, identity marks and the like; the fog nodes perform access authentication at the unified authentication cloud to obtain identity marks issued by the unified authentication cloud and a shared root key obtained through key agreement, and the fog nodes are accessed to the cloud and fog mixed network after registration is completed;
step two, in the authentication stage, the user uploads characteristic information and utilizes biological characteristics to identify the identity; the fog node and the unified authentication cloud use soft biological characteristics to fuse and generate parameters required by a soft biological characteristic key, and use key derivation to generate a soft biological characteristic key and a session key which are respectively used for encrypting and decrypting biological characteristics and session messages.
2. The access authentication and key derivation method for biometric identity authentication of claim 1, wherein the enrollment phase in step one comprises:
(1) the user registers at a credible authentication center AUC; the user sends a unique identity named by the user to the AUC; the AUC indicates the user to collect and upload the biological characteristics and the soft biological characteristics, and all the information of the biological characteristics, the soft biological characteristics and the identity of the user is stored in a local database of the user;
(2) the method comprises the following steps that a fog node FCC which is not registered at a Cloud of a unified certification Cloud registers at the Cloud; distributing a unique identity identifier Fid for the unregistered FCC by the Cloud, obtaining a shared root key K by the Cloud and the FCC through key negotiation, and carrying out one-to-one mapping on the Fid and the K; and after the registration is finished, the FCC accesses to the cloud and mist mixed network.
3. The access authentication and key derivation method for biometric identity authentication according to claim 2, wherein the identity in step (1) is a user name or ID such as an identification number that can uniquely identify the user.
4. The access authentication and key derivation method for biometric identity authentication of claim 1, wherein the authentication phase in step two comprises:
(1) the UE forwards the authentication request (including the supported soft biometric List SBC _ List, the biometric List BC _ List and the session identification Sid) via the mist node FCC to the unified authentication Cloud. The method comprises the steps that Cloud randomly selects a soft biometric sequence SBC _ Q used for Cloud filtering and database screening in an SBC _ List, the rest soft biometric sequences are used for generating soft biometric key encryption biometrics, the biometric sequence BC _ Q is randomly selected in the BC _ List for biometrics, and an authentication request is sent to an authentication center AUC. The AUC returns the soft biometric data of all users in the database to Cloud. Finally, the SBC _ Q and BC _ Q sequences are forwarded to the UE by the Cloud through the mist node FCC;
(2) the UE receives the authentication response, collects the characteristics corresponding to the SBC _ List and the BC _ Q, marks the soft biological characteristics corresponding to the SBC _ Q as V _ SBC, marks the rest soft biological characteristics as K _ SBC and marks the collected biological characteristics as V _ BC in the collected characteristic data; sending the message < V _ SBC, K _ SBC, V _ BC, Sid > to the mist node FCC;
(3) the fogging node FCC receives the feature data, generates a soft biometric key K using K, K _ SBC and a key derivation algorithmSBCUsing KSBCEncrypting the V _ BC by using an encryption algorithm to generate a biological characteristic ciphertext C1; generation of session key K using K, Sid and SM3 algorithm derivationSESSIONUsing KSESSIONSM4 algorithm encryption session message < C1, V _ SBC > generates transmission message cipher text C2, and sends C2 and session identification Sid to unified authentication Cloud;
(4) after the Cloud receives the ciphertext, the session key K is derived and generated by using K, Sid and SM3 algorithmsSESSIONDecrypting the transmission message ciphertext C2 to obtain < C1, V _ SBC >; filtering and screening the stored user information by using the V _ SBC to generate a set S _ Vnickname ═ V _ Nickname | according with the Hash of the identity of the corresponding UEs of the V _ SBC }; utilizing K _ SBC for each UE in S _ VnicknameiAnd the SM3 algorithm derived generated key attempts to decrypt the biometric ciphertext C1, and if the decryption is successful, the same user is likely. Finally, the set S _ Nickname and the biological characteristic V _ BC obtained by successful decryption are sent to an authentication center AUC; and the AUC receives the authentication message, performs biological identification, forwards the authentication result to the UE through the Cloud and the FCC, and finishes authentication.
5. The access authentication and key derivation method for biometric identity authentication of claim 4, wherein the key derivation algorithm in the step (3) comprises MD5, SHA-256 and SM3, etc., preferably SM3 algorithm; the encryption and decryption algorithms in the steps (3) and (4) comprise AES, 3DES, SM4 and the like, and preferably SM4 algorithm.
6. The access authentication and key derivation method for biometric identity authentication of claim 1, wherein the access authentication and key derivation method for biometric identity authentication further comprises a mist node FCC and a unified authentication Cloud using biased soft biometrics to generate the same soft biometric key for encryption and decryption of biometrics; the key derivation and encryption and decryption method comprises the following steps:
(1) dividing K obtained by negotiating the fog node FCC and the unified certification Cloud key into SK and BK which are respectively used for deriving a session key and a soft biological feature fusion key; the FCC and the Cloud share a session identifier Sid and a soft biometric fusion parameter SBC, which are changed in each different authentication request and are respectively used for different key derivation in an auxiliary manner; the key length of K is 256bits, SK is the first 128bits, and BK is the second 128 bits;
(2) the mist node FCC receives the characteristic data, and calculates a soft biological characteristic fusion parameter SBC according to the K _ SBC:
SBC_sum=w1×K_SBC1+w2×K_SBC2+...+wjxK _ SBcj, where K _ SBcj is the jth soft biometric of the user, wjSBC _ sum is the weighted sum of the soft biometrics for the corresponding weights;
SBC ═ SBC _ sum/Δ >, where < … > represents rounded down;
generation of a soft biometric Key K by Key derivation Using the SM3 Algorithm and different parametersSBCAnd a session key KSESSION
KSBC=SM3(BK,SBC),
KSESSION=SM3(SK,Sid);
Using KSBCAnd the SM4 algorithm encrypts the biometric data to generate a biometric ciphertext C1:
C1=SM4(KSBC,V_BC);
using KSESSIONAnd the SM4 algorithm encrypts the transmission message to generate a transmission message ciphertext C2:
C2=SM4(KSESSION,<C1,V_SBC>);
the FCC sends C2 and session identification Sid to the unified certification Cloud;
(3) after the Cloud receives the ciphertext, the SM3 algorithm key is used for deriving and generating a session key KSESSION
KSESSION=SM3(SK,Sid);
Using KSESSIONAnd the SM4 algorithm decrypts the transmission message ciphertext C2 to obtain < C1, V _ SBC >:
<C1,V_SBC>=SM4(KSESSION,C2);
filtering and screening the stored user information by using the V _ SBC, finding out all user groups which may be the same user to be authenticated, and generating a set S _ Vnickname ═ V _ Nickname [ Hash of identity marks of corresponding UEs of the V _ SBC ]; for each UE in S _ Vnickname:
SBC_sumi=w1×K_SBC1i+w2×K_SBC2i+...+wj×K_SBCjiwherein K _ SBcjiIs the j soft biometric of the i UE, wjSBC _ sum being the corresponding weightiIs a weighted sum of soft biometrics for the ith UE;
SBCi=<SBC_sumi[ delta ] >, wherein<…>Represents rounding down;
Figure FDA0003524530840000041
Figure FDA0003524530840000042
Figure FDA0003524530840000043
using generated three keys
Figure FDA0003524530840000044
And (3) attempting to decrypt the biometric ciphertext C1, and obtaining a biometric plaintext V _ BC if decryption is successful:
Figure FDA0003524530840000045
and sending the successfully decrypted ID Hash set S _ Nickname and the biological characteristic V _ BC of the users to an authentication center AUC.
7. An access authentication and key derivation system for biometric identity authentication implementing the access authentication and key derivation method for biometric identity authentication of any one of claims 1 to 6, the access authentication and key derivation system for biometric identity authentication comprising:
the biological information acquisition module is used for acquiring and uploading the soft biological characteristics and the biological characteristics of the user, and respectively sending the soft biological characteristics and the biological characteristics to the authentication center and the fog node in the user registration stage and the authentication stage;
and the fog node access authentication module is used for registering the fog nodes which are not accessed to the cloud and fog mixed network at the unified authentication cloud to obtain a unique identity Fid, sharing a root key K with the unified authentication cloud through key agreement, and mapping the Fid and the K in a one-to-one manner. After the access authentication is completed, the cloud node is accessed to the cloud and mist mixed network;
and the user registration phase module is used for realizing the registration of the user at the trusted authentication center. A user registers an identity mark at an authentication center, a biological information acquisition module is used for acquiring and uploading all information such as biological characteristics, soft biological characteristics, the identity mark and the like of the user, and the authentication center stores the user information into a local database;
the soft biological characteristic fusion module is used for fusing the soft biological characteristic data by the fog node and the unified authentication cloud to generate parameters required by a soft biological characteristic key;
and the key derivation and encryption and decryption module is used for generating two keys by the fog node and the unified authentication cloud through key derivation and required parameters: a soft biometric key and a session key for encrypting and decrypting the biometric and encrypting and decrypting the session message, respectively;
the authentication stage module is used for confirming the identity of the user through biological recognition; wherein the fog node and the unified authentication cloud use a soft biometric fusion module and a key derivation and encryption/decryption module to protect the biometric and session messages.
8. A computer device, characterized in that the computer device comprises a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to carry out the steps of:
in the registration stage, a user registers at a trusted authentication center and uploads all information such as biological characteristics, soft biological characteristics, identity marks and the like; the fog nodes perform access authentication at the unified authentication cloud to obtain identity marks issued by the unified authentication cloud and a shared root key obtained through key agreement, and the fog nodes are accessed to the cloud and fog mixed network after registration is completed;
in the authentication stage, a user uploads characteristic information and utilizes biological characteristics to identify the identity; the fog node and the unified authentication cloud use soft biological feature fusion to generate parameters required by a soft biological feature key, and use key derivation to generate a soft biological feature key and a session key which are respectively used for encrypting and decrypting biological features and session messages.
9. A computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:
in the registration stage, a user registers at a trusted authentication center and uploads all information such as biological characteristics, soft biological characteristics, identity marks and the like; the fog nodes perform access authentication at the unified authentication cloud to obtain identity marks issued by the unified authentication cloud and a shared root key obtained through key agreement, and the fog nodes are accessed to the cloud and fog mixed network after registration is completed;
in the authentication stage, a user uploads characteristic information and utilizes biological characteristics to identify the identity; the fog node and the unified authentication cloud use soft biological feature fusion to generate parameters required by a soft biological feature key, and use key derivation to generate a soft biological feature key and a session key which are respectively used for encrypting and decrypting biological features and session messages.
10. An information data processing terminal for implementing an access authentication and key derivation system for biometric identity authentication according to claim 7.
CN202210191226.9A 2022-02-28 2022-02-28 Access authentication and key derivation method and system for biometric identity authentication Active CN114553413B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210191226.9A CN114553413B (en) 2022-02-28 2022-02-28 Access authentication and key derivation method and system for biometric identity authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210191226.9A CN114553413B (en) 2022-02-28 2022-02-28 Access authentication and key derivation method and system for biometric identity authentication

Publications (2)

Publication Number Publication Date
CN114553413A true CN114553413A (en) 2022-05-27
CN114553413B CN114553413B (en) 2023-10-13

Family

ID=81662084

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210191226.9A Active CN114553413B (en) 2022-02-28 2022-02-28 Access authentication and key derivation method and system for biometric identity authentication

Country Status (1)

Country Link
CN (1) CN114553413B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140282868A1 (en) * 2013-03-15 2014-09-18 Micah Sheller Method And Apparatus To Effect Re-Authentication
CN110392029A (en) * 2018-04-20 2019-10-29 武汉真元生物数据有限公司 Identity identifying method and system based on biological identification
CN111131153A (en) * 2019-11-18 2020-05-08 西安电子科技大学 Biological identity information authentication method based on 5G cloud and mist mixed unified authentication platform
CN112954675A (en) * 2021-03-02 2021-06-11 西安电子科技大学 Multi-gateway authentication method, system, storage medium, computer device and terminal
CN113115307A (en) * 2021-04-12 2021-07-13 北京邮电大学 Two-factor identity authentication method oriented to smart home scene
US11139964B1 (en) * 2018-09-07 2021-10-05 Wells Fargo Bank, N.A. Biometric authenticated biometric enrollment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140282868A1 (en) * 2013-03-15 2014-09-18 Micah Sheller Method And Apparatus To Effect Re-Authentication
CN110392029A (en) * 2018-04-20 2019-10-29 武汉真元生物数据有限公司 Identity identifying method and system based on biological identification
US11139964B1 (en) * 2018-09-07 2021-10-05 Wells Fargo Bank, N.A. Biometric authenticated biometric enrollment
CN111131153A (en) * 2019-11-18 2020-05-08 西安电子科技大学 Biological identity information authentication method based on 5G cloud and mist mixed unified authentication platform
CN112954675A (en) * 2021-03-02 2021-06-11 西安电子科技大学 Multi-gateway authentication method, system, storage medium, computer device and terminal
CN113115307A (en) * 2021-04-12 2021-07-13 北京邮电大学 Two-factor identity authentication method oriented to smart home scene

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
张昊迪;刘国荣;汪来富;王帅;: "基于区块链技术的跨域身份认证机制研究", 广东通信技术, no. 07 *
陈泗盛;林艳珍;郭永宁;: "一种基于生物特征密钥保护技术的身份认证方案", 太原师范学院学报(自然科学版), no. 03 *

Also Published As

Publication number Publication date
CN114553413B (en) 2023-10-13

Similar Documents

Publication Publication Date Title
CN111355745B (en) Cross-domain identity authentication method based on edge computing network architecture
CN103763319B (en) Method for safely sharing mobile cloud storage light-level data
CN111314056B (en) Heaven and earth integrated network anonymous access authentication method based on identity encryption system
CN103124269B (en) Based on the Bidirectional identity authentication method of dynamic password and biological characteristic under cloud environment
CN111212084B (en) Attribute encryption access control method facing edge calculation
US8527762B2 (en) Method for realizing an authentication center and an authentication system thereof
CN103179114A (en) Fine-grained access control method for data in cloud storage
CN106899700B (en) Privacy protection method of location sharing system in mobile social network
WO2020186823A1 (en) Blockchain-based data querying method, device, system and apparatus, and storage medium
US9608971B2 (en) Method and apparatus for using a bootstrapping protocol to secure communication between a terminal and cooperating servers
CN103731432A (en) Multi-user supported searchable encryption system and method
CN110868290B (en) Key service method and device without central control
CN112910861A (en) Group authentication and segmented authentication-based authentication method for terminal equipment of power internet of things
CN113572765B (en) Lightweight identity authentication key negotiation method for resource-limited terminal
CN110933033A (en) Cross-domain access control method for multiple Internet of things domains in smart city environment
CN113411323B (en) Medical record data access control system and method based on attribute encryption
Rana et al. Efficient and secure attribute based access control architecture for smart healthcare
Pal et al. Policy-based access control for constrained healthcare resources
CN113645195A (en) Ciphertext access control system and method based on CP-ABE and SM4
CN107767281A (en) A kind of friend-making matching method for secret protection and system based on two degree of human connections of mobile social networking
CN112087422A (en) Outsourcing access control method based on attribute encryption in edge calculation
CN110493177B (en) Method and system for quantum communication service station AKA key negotiation based on asymmetric key pool pair and serial number
CN109561431B (en) WLAN access control system and method based on multi-password identity authentication
CN116208330A (en) Industrial Internet cloud-edge cooperative data secure transmission method and system based on quantum encryption
CN116233843A (en) B5G/6G network slice authentication method for industrial Internet

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant