CN114553413B - Access authentication and key derivation method and system for biometric identity authentication - Google Patents

Access authentication and key derivation method and system for biometric identity authentication Download PDF

Info

Publication number
CN114553413B
CN114553413B CN202210191226.9A CN202210191226A CN114553413B CN 114553413 B CN114553413 B CN 114553413B CN 202210191226 A CN202210191226 A CN 202210191226A CN 114553413 B CN114553413 B CN 114553413B
Authority
CN
China
Prior art keywords
authentication
key
cloud
sbc
soft
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210191226.9A
Other languages
Chinese (zh)
Other versions
CN114553413A (en
Inventor
付玉龙
刘梦如
曹进
李晖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN202210191226.9A priority Critical patent/CN114553413B/en
Publication of CN114553413A publication Critical patent/CN114553413A/en
Application granted granted Critical
Publication of CN114553413B publication Critical patent/CN114553413B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/70Reducing energy consumption in communication networks in wireless communication networks

Abstract

The invention belongs to the technical field of key management and identity authentication related application, and discloses an access authentication and key derivation method and system for biological identification identity authentication, wherein in a registration stage, a user registers at a trusted authentication center and uploads all information such as biological characteristics, soft biological characteristics, identity identification and the like; the fog node performs access authentication at the unified authentication cloud to obtain an identity identifier issued by the unified authentication cloud and a shared root key obtained through key negotiation, and the fog node is accessed to a cloud-fog mixed network after registration is completed; in the authentication stage, the user uploads characteristic information and performs identity recognition by utilizing biological characteristics; the fog node and the unified authentication cloud utilize soft biological characteristics to fuse parameters required by generating a soft biological characteristic key, and utilize key derivation to generate a soft biological characteristic key and a session key which are respectively used for encrypting and decrypting biological characteristics and session messages. The invention can obviously reduce the risk of decoding the secret key and enhance the confidentiality of the user biological characteristic privacy information.

Description

Access authentication and key derivation method and system for biometric identity authentication
Technical Field
The invention belongs to the technical field of key management and identity authentication related applications, and particularly relates to an access authentication and key derivation method and system for biometric identity authentication.
Background
Currently, fog computing is an intermediate state between cloud computing and personal computing, and is a paravirtual intelligent service computing type. The cloud node with low cost and certain information processing capability and storage capability shares part of the work of the cloud, so that the pressure of the cloud is greatly reduced; meanwhile, as a distributed system closer to the bottom layer, the fog node can timely process part of user business, and the requirement of users on real-time service in a mobile network is met. The calculation, storage and network communication service provided by the fog node enable the calculation, analysis and processing of data to be closer to the user, so that the response delay and storage cost of user service processing at the cloud are reduced, the consumption of wireless resources is reduced, the energy consumption of terminal equipment is reduced, the standby time is prolonged, and the calculation service can be continuously provided even in an area without Internet coverage. Therefore, the cloud-cloud mixed computing mode becomes a computing mode with high efficiency in the mobile internet technology at present by utilizing the strong data processing and storage capacity of the cloud and the characteristics of low cost, expandability and certain data processing and storage capacity of the cloud nodes. However, the communication between the cloud node and the cloud needs to be protected by encryption to satisfy confidentiality, security and the like.
Currently, modes widely used in biometric authentication (such as IOS, android, etc.) are all processes for implementing biometric calculation and identification on a terminal device, which will cause frequent call of a CPU by the terminal device, reducing standby time. In addition, in a short time, the large-scale user authentication requests can cause excessive load pressure on the authentication server, so that the service experience of users can be reduced, and the server maintenance cost is extremely high for enterprises. The cloud and fog mixed calculation mode has the advantages of high efficiency and low cost, so that the biological identification can realize convenient and efficient identity authentication by means of the cloud and fog mixed calculation mode. However, the biological characteristics are used for biological identification, so that confidentiality and security of the biological characteristics in the transmission process are ensured. Soft biometrics is a concept relative to traditional biometrics, the "soft" nature being such that the soft biometrics cannot uniquely identify a person, facial features, physical features, etc. are soft biometrics such as height, gender, race, weight, body fat, skin color, etc. The soft biological characteristics have non-privacy and partial confidentiality, so that the protection of the biological characteristics by the soft biological characteristics has a considerable prospect.
However, it is highly desirable to determine how to prevent an illegal foggy node from accessing the network, interfering with the normal flow, i.e. how to ensure that the foggy node is trusted. The security of the fog node and the cloud transmission message is ensured, the transmitted session message is ensured not to be monitored and tampered by an attacker, and the message is generally required to be encrypted, so that a required key is required to be generated through key negotiation. Although the current key negotiation algorithm can ensure high security, the key remains unchanged for a period of time, which increases the risk of key leakage and cracking during the information transmission process. In addition, the overhead of key management is also a problem. Encryption is also used to ensure confidentiality and privacy of the biometric data of the user during uploading of the biometric data.
The patent (ZL 201911129276.9) proposes the application of biological identification in a cloud-fog mixed environment and uses soft biological characteristics to generate key encryption and decryption biological characteristics, but does not propose a specific method or relate to technologies such as access management of fog nodes, key management and the like.
Through the above analysis, the problems and defects existing in the prior art are as follows:
(1) The widely used mode in the biometric authentication is to implement all the processes of biometric calculation and recognition on the terminal device, which will cause frequent call of the CPU of the terminal device, reducing standby time.
(2) The large-scale user authentication requests in a short time can cause excessive load pressure on the authentication server, so that the service experience of the user is reduced, and the server maintenance cost is extremely high for enterprises.
(3) The existing key negotiation algorithm remains unchanged for a period of time, so that the risk of key leakage and cracking in the information transmission process is increased, and meanwhile, the cost of key management is also a problem.
The difficulty of solving the problems and the defects is as follows: before formally providing service, the fog node needs to be accessed into the cloud to complete registration and have a trusted identity. The keys of the cloud node, the cloud encryption and decryption session message and the biological characteristics are required to be generated and managed, the used keys are required to meet the forward security, and the management of the keys is required to save cost and reduce expenditure.
The meaning of solving the problems and the defects is as follows: the method provides a complete access authentication and key derivation scheme, uniformly derives and manages two keys required in the biological recognition process in the cloud and fog mixed scene, and different keys are used in different authentication requests, so that forward security can be met, management is easy, and cost is reduced. In addition, the soft biological characteristics are used for assisting in generating soft biological characteristic keys and encrypting biological characteristics, but the soft biological characteristics acquired at different time and different places are not completely identical and have certain deviation, so that the problem of how to generate the same soft biological characteristic keys at fog nodes and cloud is solved, and the scheme also solves the problem and powerfully makes up the defects of key generation, key management and the like in the biological identity information authentication method (patent number ZL 201911129276.9) based on the 5G cloud and fog mixed structure unified authentication platform.
Disclosure of Invention
Aiming at the problems existing in the prior art, the invention provides an access authentication and key derivation method and system for biometric identity authentication, in particular to an access authentication and key derivation method and system for biometric identity authentication in a cloud and fog mixed scene.
The invention is realized in that an access authentication and key derivation method for biometric identity authentication comprises the following steps:
step one, a user registers at a trusted authentication center and uploads all information such as biological characteristics, soft biological characteristics, identity marks and the like; and the fog node performs access authentication at the unified authentication cloud to obtain an identity identifier issued by the unified authentication cloud and a shared root key obtained through key negotiation, and the fog node is accessed to the cloud-fog mixed network after registration is completed. The step is a precondition, and various information required by the scheme can be formally authenticated only after being saved in a database through a registration stage;
step two, in the authentication stage, the user uploads characteristic information and performs identity recognition by using biological characteristics; the fog node and the unified authentication cloud use the soft biological characteristics to fuse and generate parameters required by the soft biological characteristic key, and use key derivation to generate the soft biological characteristic key and the session key which are respectively used for encrypting and decrypting the biological characteristics and the session message. The step is a formal use stage, and the secret key generation and encryption and decryption method provided by the scheme can be utilized in the biological identification identity authentication system to ensure confidentiality of biological characteristics and session messages.
Further, the registering step in the first step includes:
(1) The user registers at the AUC of the trusted authentication center; the user sends the unique identity named by the user to the AUC; the AUC indicates the user to collect and upload the biological characteristics and soft biological characteristics, and all information of the biological characteristics, the soft biological characteristics and the identity of the user is stored in a local database of the user;
(2) The Cloud node FCC that is not registered at the unified authentication Cloud registers at the Cloud; cloud distributes unique identity marks Fid for unregistered FCC, cloud and FCC obtain a shared root key K through key negotiation, and Fid and K are mapped one-to-one; after registration, the FCC accesses the cloud and fog mixed network.
Further, the identity in the step (1) is an ID that can uniquely identify the identity of the user, such as a user name or an identity card number.
Further, the authentication stage in the second step includes:
(1) The UE forwards the authentication request (including the supported soft biometric List sbc_list, the biometric List bc_list and the session identity Sid) via the Cloud node FCC to the unified authentication Cloud. The Cloud randomly selects a soft biometric sequence sbc_q for the Cloud filtering, screening database in sbc_list, the remaining soft biometric sequences are used to generate soft biometric key encrypted biometric, the biometric sequence bc_q is randomly selected in bc_list for biometric identification, and sends an authentication request to the authentication center AUC. AUC returns soft biometric data for all users in the database to Cloud. Finally Cloud forwards SBC_Q and BC_Q sequences to UE through a fog node FCC;
(2) The UE receives authentication response, acquires the characteristics corresponding to the SBC_List and the BC_Q, marks the soft biological characteristics corresponding to the SBC_Q as V_SBC, marks the rest soft biological characteristics as K_SBC and marks the acquired biological characteristics as V_BC in the acquired characteristic data; transmitting the message < v_sbc, k_sbc, v_bc, sid > to the foggy node FCC;
(3) The haze node FCC receives the feature data and generates a soft biometric key K using K, K _sbc and a key derivation algorithm SBC Using K SBC And the encryption algorithm encrypts V_BC to generate a biological characteristic ciphertext C1; generating a session key K using K, sid and SM3 algorithm derivatives SESSION Using K SESSION And SM4 algorithm encrypts session message < C1, V_SBC > generates transmission message ciphertext C2, and sends C2 and session identification Sid to unified authentication Cloud Cloud;
(4) After receiving ciphertext, the unified authentication Cloud receives the ciphertext and generates a session key K by using K, sid and SM3 algorithm derivation SESSION Decrypting the transmitted message ciphertext C2 to obtain < C1, V_SBC >; filtering and screening the stored user information by using the V_SBC to generate a set S_Vnickname= { V_Nickname|which accords with the hash of the identity of the corresponding UEs of the V_SBC; utilizing K_SBC for each UE in S_Vnickname i And SM3 algorithm derivative generation key attempts to decrypt the biological characteristic ciphertext C1; if the decryption is successful, the same user is possible; the set S_Nickname obtained after decryption and the biological feature V_BC obtained after decryption are sent to an authentication center AUC; the AUC receives the authentication information, carries out biological recognition, and forwards the authentication result to the UE through the Cloud and the FCC, and the authentication is finished.
Further, the key derivation algorithm in the step (3) comprises MD5, SHA-256, SM3 and the like, preferably SM3 algorithm; the encryption and decryption algorithm in the steps (3) and (4) comprises AES, 3DES, SM4 and the like, and the SM4 algorithm is preferred.
Further, the access authentication and key derivation method for the biometric identity authentication further comprises that the fog node FCC and the unified authentication Cloud generate the same soft biological characteristic key by using the biased soft biological characteristics for encrypting and decrypting the biological characteristics; the key derivation and encryption and decryption method comprises the following steps:
(1) K obtained by the Cloud node FCC and the unified authentication Cloud key negotiation is divided into SK and BK which are respectively used for deriving a session key and a soft biological feature fusion key; the FCC and the Cloud share session identification Sid and soft biological feature fusion parameter SBC, which are changed in each different authentication request and are respectively used for assisting in different key derivation; the key length of K is 256bits, SK is front 128bits, and BK is rear 128bits;
(2) The fog node FCC receives the characteristic data, and calculates a soft biological characteristic fusion parameter SBC according to the K_SBC:
SBC_sum=w 1 ×K_SBC1+w 2 ×K_SBC2+...+w j xK_SBCj, where K_SBCj is the j-th soft biometric, w, of the user j For the corresponding weights, SBC_sum is the weighted sum of soft biological features;
sbc= < sbc_sum/Δ >, where < … > represents a downward rounding;
generating soft biometric key K by key derivation using SM3 algorithm and different parameters SBC And session key K SESSION
K SBC =SM3(BK,SBC),
K SESSION =SM3(SK,Sid);
Using K SBC And the SM4 algorithm encrypts the biological characteristic data to generate a biological characteristic ciphertext C1:
C1=SM4(K SBC ,V_BC);
using K SESSION And the SM4 algorithm encrypts the transmission message to generate a transmission message ciphertext C2:
C2=SM4(K SESSION ,<C1,V_SBC>);
the FCC sends the C2 and the session identification Sid to a unified authentication Cloud Cloud;
(3) After receiving ciphertext, the unified authentication Cloud uses SM3 algorithm key derivation to generate a session key K SESSION
K SESSION =SM3(SK,Sid);
Using K SESSION And SM4 algorithm decrypts the transmitted message ciphertext C2 to < C1, V_SBC >:
<C1,V_SBC>=SM4(K SESSION ,C2);
filtering and screening the stored user information by using the V_SBC, finding out all user groups which are possibly the same user to be authenticated, and generating a set S_Vnickname= { V_Nickname|which accords with the hash of the identity of corresponding UEs of the V_SBC; for each UE in s_vnickname:
SBC_sum i =w 1 ×K_SBC1 i +w 2 ×K_SBC2 i +...+w j ×K_SBCj i wherein K_SBCj i The j-th soft biometric, w, for the i-th UE j SBC_sum is the corresponding weight i A weighted sum of soft biological features for the ith UE;
SBC i =<SBC_sum i delta >, wherein<…>Representing a downward rounding;
using the generated three keysAttempting to decrypt the biological characteristic ciphertext C1, and obtaining biological characteristic plaintext V_BC if decryption is successful:
and sending the decrypted set S_Nickname and the decrypted biometric feature V_BC of the user identification hashes to an authentication center AUC.
Another object of the present invention is to provide an access authentication and key derivation system for biometric identity authentication to which the access authentication and key derivation method for biometric identity authentication is applied, the access authentication and key derivation system for biometric identity authentication comprising:
the system comprises a biological information acquisition module, a user registration stage, a fog node and a user authentication stage, wherein the biological information acquisition module is used for acquiring and uploading own soft biological characteristics and biological characteristics of the user;
the fog node access authentication module is used for registering fog nodes which are not accessed to the cloud-fog mixed network at the unified authentication cloud to obtain a unique identity mark Fid, sharing a root key K with the unified authentication cloud through key negotiation, and mapping Fid and K one to one. After the access authentication is finished, the fog node is accessed to a cloud-fog mixed network;
and the user registration stage module is used for realizing the registration of the user at the trusted authentication center. The user registers an identity mark at an authentication center, all information such as biological characteristics, soft biological characteristics, the identity mark and the like of the user are acquired and uploaded by using a biological information acquisition module, and the authentication center stores the user information into a local database;
the soft biological feature fusion module is used for fusing the soft biological feature data by the fog node and the unified authentication cloud to generate parameters required by a soft biological feature key;
the key derivation and encryption and decryption module is used for generating two keys by the fog node and the unified authentication cloud through key derivation and required parameters: the soft biological characteristic key and the session key are respectively used for encrypting and decrypting the biological characteristic and the session message;
the authentication stage module is used for confirming the identity of the user through biological recognition; the fog node and the unified authentication cloud use a soft biological feature fusion module and a key derivation and encryption and decryption module to protect biological features and session messages.
It is a further object of the present invention to provide a computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of:
in the registration stage, a user registers at a trusted authentication center and uploads all information such as biological characteristics, soft biological characteristics, identity marks and the like; the fog node performs access authentication at the unified authentication cloud to obtain an identity identifier issued by the unified authentication cloud and a shared root key obtained through key negotiation, and the fog node is accessed to a cloud-fog mixed network after registration is completed;
in the authentication stage, the user uploads characteristic information and performs identity recognition by utilizing biological characteristics; the fog node and the unified authentication cloud utilize soft biological characteristics to fuse parameters required by generating a soft biological characteristic key, and utilize key derivation to generate a soft biological characteristic key and a session key which are respectively used for encrypting and decrypting biological characteristics and session messages.
Another object of the present invention is to provide a computer readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:
in the registration stage, a user registers at a trusted authentication center and uploads all information such as biological characteristics, soft biological characteristics, identity marks and the like; the fog node performs access authentication at the unified authentication cloud to obtain an identity identifier issued by the unified authentication cloud and a shared root key obtained through key negotiation, and the fog node is accessed to a cloud-fog mixed network after registration is completed;
in the authentication stage, the user uploads characteristic information and performs identity recognition by utilizing biological characteristics; the fog node and the unified authentication cloud utilize soft biological characteristics to fuse parameters required by generating a soft biological characteristic key, and utilize key derivation to generate a soft biological characteristic key and a session key which are respectively used for encrypting and decrypting biological characteristics and session messages.
Another object of the present invention is to provide an information data processing terminal for implementing the access authentication and key derivation system for biometric identity authentication.
By combining all the technical schemes, the invention has the advantages and positive effects that: the access authentication and key derivation method and system for the biological identification authentication, which are provided by the invention, have the advantages that the access authentication between the fog node and the unified authentication cloud can prevent the access of illegal fog nodes, the shared key obtained by key negotiation is used as a root key, the non-privacy soft biological characteristics and the session identification are used as parameters, the soft biological characteristics key and the session key are respectively generated through key derivation, and the parameters used in each authentication request can be changed all the time, so that the key obtained by key derivation can be changed all the time, the forward security can be met, the risk of key deciphering is obviously reduced, the confidentiality of biological characteristics data and session information is enhanced, and the defects in the aspects of key generation, key management and the like in the biological identification information authentication method (patent number ZL 201911129276.9) based on the 5G cloud and fog unified authentication platform are powerfully made up.
The identity authentication in the invention can be used for identity authentication in various application scenes such as mobile internet, and the soft biological feature fusion and key derivation method in the invention brings convenience for access authentication and key management of fog nodes such as the IoT equipment; the soft biological characteristic key and the session key in different authentication requests are changed, so that the risk of decoding the key can be obviously reduced, the confidentiality of the user biological characteristic privacy information is enhanced, and the provided soft biological characteristic fusion method provides another thought for key generation in identity recognition authentication.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments of the present invention will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a flowchart of an access authentication and key derivation method for biometric identity authentication in a cloud-fog mixing scene provided by an embodiment of the invention.
Fig. 2 is a flowchart of a registration stage and an authentication stage of an access authentication and key derivation method for biometric identity authentication in a cloud-fog mixing scenario provided by an embodiment of the present invention.
Fig. 3 is a key derivation flow chart of an access authentication and key derivation method for biometric identity authentication in a cloud-fog mixing scene provided by the embodiment of the invention.
Fig. 4 is an encryption and decryption flow chart of an access authentication and key derivation method for biometric identity authentication in a cloud and fog mixing scene provided by the embodiment of the invention.
FIG. 5 is a block diagram of an access authentication and key derivation system for biometric identity authentication according to an embodiment of the present invention;
in fig. 5: 1. a biological information acquisition module; 2. the fog node is connected with an authentication module; 3. a user registration stage module; 4. a soft biological feature fusion module; 5. a key derivation and encryption and decryption module; 6. an authentication stage module.
Detailed Description
The present invention will be described in further detail with reference to the following examples in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Aiming at the problems existing in the prior art, the invention provides an access authentication and key derivation method and system for biometric identity authentication, and the invention is described in detail below with reference to the accompanying drawings.
As shown in fig. 1, the access authentication and key derivation method for biometric identity authentication provided by the embodiment of the invention includes the following steps:
s101, in a registration stage, a user registers at a trusted authentication center and uploads all information such as biological characteristics, soft biological characteristics, identity marks and the like; the fog node performs access authentication at the unified authentication cloud to obtain an identity identifier issued by the unified authentication cloud and a shared root key obtained through key negotiation, and the fog node is accessed to a cloud-fog mixed network after registration is completed;
s102, in an authentication stage, a user uploads characteristic information and performs identity recognition by using biological characteristics; the fog node and the unified authentication cloud use the soft biological characteristics to fuse and generate parameters required by the soft biological characteristic key, and use key derivation to generate the soft biological characteristic key and the session key which are respectively used for encrypting and decrypting the biological characteristics and the session message.
As shown in fig. 5, an access authentication and key derivation system for biometric identity authentication according to an embodiment of the present invention includes:
the biological information acquisition module 1 is used for acquiring and uploading own soft biological characteristics and biological characteristics of a user, and is characterized in that a user registration stage and an authentication stage are respectively sent to an authentication center and a fog node;
the fog node access authentication module 2 is used for registering fog nodes which are not accessed to the cloud-fog mixed network at the unified authentication cloud to obtain a unique identity mark Fid, sharing a root key K with the unified authentication cloud through key negotiation, and mapping Fid and K one to one. After the access authentication is finished, the fog node is accessed to a cloud-fog mixed network;
a user registration stage module 3, configured to implement registration of the user at the trusted authentication center. The user registers an identity mark at an authentication center, all information such as biological characteristics, soft biological characteristics, the identity mark and the like of the user are acquired and uploaded by using a biological information acquisition module, and the authentication center stores the user information into a local database;
the soft biological feature fusion module 4 is used for fusing the soft biological feature data by the fog node and the unified authentication cloud to generate parameters required by a soft biological feature key;
the key derivation and encryption and decryption module 5 is used for generating two keys by the fog node and the unified authentication cloud through key derivation and required parameters: the soft biological characteristic key and the session key are respectively used for encrypting and decrypting the biological characteristic and the session message;
an authentication phase module 6 for confirming the identity of the user by biometric identification; the fog node and the unified authentication cloud use a soft biological feature fusion module and a key derivation and encryption and decryption module to protect biological features and session messages.
The technical scheme of the invention is further described below with reference to specific embodiments.
The access authentication and key derivation method for the biological identification authentication in the cloud and fog mixed scene provided by the embodiment of the invention specifically comprises the following steps:
1. the registration phase, as shown in fig. 2, comprises the steps of:
1. the user registers at the trusted authentication center AUC. The user sends his own named unique identity (which may be a user name or an identification card number, etc.) to the AUC. The AUC indicates the user to collect and upload the biological characteristics and soft biological characteristics, and all information such as the biological characteristics, the soft biological characteristics and the identity of the user are stored in a local database of the user;
2. the Cloud node FCC that is not registered at the unified authentication Cloud needs to register at the Cloud first. Cloud assigns a unique identity Fid to unregistered FCC, cloud and FCC obtain a shared root key K through key negotiation, and Fid and K are mapped one-to-one. After registration, the FCC accesses the cloud and fog mixed network.
2. The authentication phase, as shown in fig. 2, comprises the following steps:
the ue forwards the authentication request (including the supported soft biometric List sbc_list, the biometric List bc_list and the session identity Sid) via the Cloud node FCC to the unified authentication Cloud. The Cloud randomly selects a soft biometric sequence sbc_q for the Cloud filtering, screening database in sbc_list, the remaining soft biometric sequences are used to generate soft biometric key encrypted biometric, the biometric sequence bc_q is randomly selected in bc_list for biometric identification, and sends an authentication request to the authentication center AUC. AUC returns soft biometric data for all users in the database to Cloud. Finally Cloud forwards SBC_Q and BC_Q sequences to UE through a fog node FCC;
and 2, the UE receives authentication response, acquires the characteristics corresponding to the SBC_List and the BC_Q, marks the soft biological characteristics corresponding to the SBC_Q as V_SBC, marks the rest soft biological characteristics as K_SBC and marks the acquired biological characteristics as V_BC in the acquired characteristic data. Transmitting the message < v_sbc, k_sbc, v_bc, sid > to the foggy node FCC;
3. the haze node FCC receives the feature data and generates a soft biometric key K using K, K _sbc and a key derivation algorithm SBC Using K SBC And the encryption algorithm encrypts V_BC to generate a biological characteristic ciphertext C1; generating a session key K using K, sid and SM3 algorithm derivatives SESSION Using K SESSION And SM4 algorithm encrypts session message < C1, V_SBC > generates transmission message ciphertext C2, and sends C2 and session identification Sid to unified authentication Cloud Cloud;
4. after receiving ciphertext, the unified authentication Cloud receives the ciphertext and generates a session key K by using K, sid and SM3 algorithm derivation SESSION Decrypting the transmitted message ciphertext C2 to obtain < C1, V_SBC >; filtering and screening the stored user information by using the V_SBC to generate a set S_Vnickname= { V_Nickname|which accords with the hash of the identity of the corresponding UEs of the V_SBC; utilizing K_SBC for each UE in S_Vnickname i And SM3 algorithm derivative generation key attempts to decrypt the biological characteristic ciphertext C1; if the decryption is successful, the same user is possible; finally, the successfully decrypted set S_Nickname and the biological feature V_BC are sent to an authentication center AUC; the AUC receives the authentication information, carries out biological recognition, and forwards the authentication result to the UE through the Cloud and the FCC, and the authentication is finished.
3. The key derivation and encryption and decryption method, as shown in fig. 3 and 4, comprises the following steps:
1. k obtained by the negotiation of the Cloud node FCC and the unified authentication Cloud key (the key length of K in the example is 256 bits) is divided into SK (front 128 bits) and BK (rear 128 bits) which are respectively used for deriving a session key and a soft biological feature fusion key. The FCC and Cloud share session identification Sid and soft biological feature fusion parameter SBC, which will change in each different authentication request, thus being respectively assisted for different key derivation;
2. the fog node FCC receives the characteristic data, and firstly calculates a soft biological characteristic fusion parameter SBC according to the K_SBC:
SBC_sum=w 1 ×K_SBC1+w 2 ×K_SBC2+...+w j xK_SBCj (K_SBCj is the j-th soft biometric of the user, w) j For the corresponding weights, SBC _ sum is a weighted sum of soft biometrics),
sbc= < SBC _ sum/delta > (here < … > stands for rounded down),
soft biometric key K is then generated by key derivation using SM3 algorithm and different parameters SBC And session key K SESSION
K SBC =SM3(BK,SBC),
K SESSION =SM3(SK,Sid),
After which K is used SBC And the SM4 algorithm encrypts the biological characteristic data to generate a biological characteristic ciphertext C1:
C1=SM4(K SBC ,V_BC),
using K SESSION And the SM4 algorithm encrypts the transmission message to generate a transmission message ciphertext C2:
C2=SM4(K SESSION ,<C1,V_SBC>),
finally, the FCC sends the C2 and the session identification Sid to the unified authentication Cloud;
3. after receiving ciphertext, the unified authentication Cloud receives the ciphertext, and generates a session key K by key derivation through an SM3 algorithm SESSION
K SESSION =SM3(SK,Sid),
Using K SESSION And SM4 algorithm decrypts the transmitted message ciphertext C2 to < C1, V_SBC >:
<C1,V_SBC>=SM4(K SESSION ,C2),
and then filtering and screening the stored user information by using the V_SBC to find out all user groups which are possibly the same user to be authenticated, and generating a set S_Vnickname= { V_nickname|which accords with the hash of the identity of the corresponding UEs of the V_SBC. For each UE in s_vnickname:
SBC_sum i =w 1 ×K_SBC1 i +w 2 ×K_SBC2 i +...+w j ×K_SBCj i (K_SBCj i the j-th soft biometric, w, for the i-th UE j SBC_sum is the corresponding weight i A weighted sum of soft-biological features for the ith UE),
SBC i =<SBC_sum i "delta" > (here<…>Representative ofRounding down),
using the generated three keysAttempting to decrypt the biometric ciphertext C1, and if decryption is successful, obtaining the biometric plaintext v_bc:
and finally, the decrypted set S_Nickname and the decrypted biometric feature V_BC of the user identification hashes are sent to an authentication center AUC.
The identity authentication in the invention can be used for identity authentication in various application scenes such as mobile internet, and the soft biological feature fusion and key derivation method in the invention brings convenience to access authentication and key management of fog nodes such as an internet of things (IoT) device, and the proposed soft biological feature fusion method can be applied to a biological identity information authentication method based on a 5G cloud-fog mixed structure unified authentication platform (patent number: ZL 201911129276.9) and provides another thought for key generation, key management and the like in the identity authentication.
In the above embodiments, it may be implemented in whole or in part by software, hardware, firmware, or any combination thereof. When used in whole or in part, is implemented in the form of a computer program product comprising one or more computer instructions. When loaded or executed on a computer, produces a flow or function in accordance with embodiments of the present invention, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a computer network, or other programmable apparatus. The computer instructions may be stored in a computer-readable storage medium or transmitted from one computer-readable storage medium to another computer-readable storage medium, for example, the computer instructions may be transmitted from one website, computer, server, or data center to another website, computer, server, or data center by a wired (e.g., coaxial cable, fiber optic, digital Subscriber Line (DSL), or wireless (e.g., infrared, wireless, microwave, etc.) means. The computer readable storage medium may be any available medium that can be accessed by a computer or a data storage device such as a server, data center, etc. that contains an integration of one or more available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., solid State Disk (SSD)), etc.
The foregoing is merely illustrative of specific embodiments of the present invention, and the scope of the invention is not limited thereto, but any modifications, equivalents, improvements and alternatives falling within the spirit and principles of the present invention will be apparent to those skilled in the art within the scope of the present invention.

Claims (9)

1. An access authentication and key derivation method for biometric identity authentication, characterized in that the access authentication and key derivation method for biometric identity authentication comprises the steps of:
step one, a user registers at a trusted authentication center and uploads all information such as biological characteristics, soft biological characteristics, identity marks and the like; the fog node performs access authentication at the unified authentication cloud to obtain an identity identifier issued by the unified authentication cloud and a shared root key obtained through key negotiation, and the fog node is accessed to a cloud-fog mixed network after registration is completed;
step two, in the authentication stage, the user uploads characteristic information and performs identity recognition by using biological characteristics; the fog node and the unified authentication cloud utilize soft biological characteristics to fuse parameters required by generating a soft biological characteristic key, and utilize key derivation to generate a soft biological characteristic key and a session key which are respectively used for encrypting and decrypting biological characteristics and session messages;
the access authentication and key derivation method for the biometric identity authentication further comprises the steps that the fog node FCC and the unified authentication Cloud generate the same soft biological characteristic key by using the biased soft biological characteristics for encrypting and decrypting the biological characteristics; the key derivation and encryption and decryption method comprises the following steps:
(1) K obtained by the Cloud node FCC and the unified authentication Cloud key negotiation is divided into SK and BK which are respectively used for deriving a session key and a soft biological feature fusion key; the FCC and the Cloud share session identification Sid and soft biological feature fusion parameter SBC, which are changed in each different authentication request and are respectively used for assisting in different key derivation; the key length of K is 256bits, SK is front 128bits, and BK is rear 128bits;
(2) The fog node FCC receives the characteristic data, and calculates a soft biological characteristic fusion parameter SBC according to the K_SBC:
SBC_sum=w 1 ×K_SBC1+w 2 ×K_SBC2+...+w j xK_SBCj, where K_SBCj is the j-th soft biometric, w, of the user j For the corresponding weights, SBC_sum is the weighted sum of soft biological features;
wherein->Representing a downward rounding;
generating soft biometric key K by key derivation using SM3 algorithm and different parameters SBC And session key K SESSION
K SBC =SM3(BK,SBC),
K SESSION =SM3(SK,Sid);
Using K SBC And the SM4 algorithm encrypts the biological characteristic data to generate a biological characteristic ciphertext C1:
C1=SM4(K SBC ,V_BC);
using K SESSION And the SM4 algorithm encrypts the transmission message to generate a transmission message ciphertext C2:
C2=SM4(K SESSION ,<C1,V_SBC>);
the FCC sends the C2 and the session identification Sid to a unified authentication Cloud Cloud;
(3) After receiving ciphertext, the unified authentication Cloud uses SM3 algorithm key derivation to generate a session key K SESSION
K SESSION =SM3(SK,Sid);
Using K SESSION And SM4 algorithm decrypts the transmitted message ciphertext C2 to < C1, V_SBC >:
<C1,V_SBC>=SM4(K SESSION ,C2);
filtering and screening the stored user information by using the V_SBC, finding out all user groups which are possibly the same user to be authenticated, and generating a set S_Vnickname= { V_Nickname|which accords with the hash of the identity of corresponding UEs of the V_SBC; for each UE in s_vnickname:
SBC_sum i =w 1 ×K_SBC1 i +w 2 ×K_SBC2 i +...+w j ×K_SBCj i wherein K_SBCj i The j-th soft biometric, w, for the i-th UE j SBC_sum is the corresponding weight i A weighted sum of soft biological features for the ith UE;
wherein->Representing a downward rounding;
using the generated three keysAttempting to decrypt the biological characteristic ciphertext C1, and obtaining biological characteristic plaintext V_BC if decryption is successful:
and sending the decrypted set S_Nickname and the decrypted biometric feature V_BC of the user identity hash to an authentication center AUC.
2. The access authentication and key derivation method for biometric identity authentication of claim 1, wherein the registration phase in step one comprises:
(1) The user registers at the AUC of the trusted authentication center; the user sends the unique identity named by the user to the AUC; the AUC indicates the user to collect and upload the biological characteristics and soft biological characteristics, and all information of the biological characteristics, the soft biological characteristics and the identity of the user is stored in a local database of the user;
(2) The Cloud node FCC that is not registered at the unified authentication Cloud registers at the Cloud; cloud distributes unique identity marks Fid for unregistered FCC, cloud and FCC obtain a shared root key K through key negotiation, and Fid and K are mapped one-to-one; after registration, the FCC accesses the cloud and fog mixed network.
3. The access authentication and key derivation method for biometric identity authentication of claim 2, wherein the identity in step (1) is an ID by which a user identity can be uniquely identified by a user name or an identification card number.
4. The access authentication and key derivation method for biometric identity authentication of claim 1, wherein the authentication phase in step two comprises:
(1) The UE forwards an authentication request to the unified authentication Cloud Cloud via the Cloud node FCC, wherein the authentication request comprises a supported soft biological feature List SBC_List, a biological feature List BC_List and a session identifier Sid; the Cloud randomly selects a soft biometric sequence SBC_Q for Cloud filtering and screening a database in an SBC_List, the rest soft biometric sequences are used for generating soft biometric key encryption biometric features, the biometric sequence BC_Q is randomly selected in the BC_List for biometric identification, an authentication request is sent to an authentication center AUC, the AUC returns soft biometric data of all users in the database to the Cloud, and finally the Cloud forwards the SBC_Q and the BC_Q sequences to the UE through a fog node FCC;
(2) The UE receives authentication response, acquires the characteristics corresponding to the SBC_List and the BC_Q, marks the soft biological characteristics corresponding to the SBC_Q as V_SBC, marks the rest soft biological characteristics as K_SBC and marks the acquired biological characteristics as V_BC in the acquired characteristic data; transmitting the message < v_sbc, k_sbc, v_bc, sid > to the foggy node FCC;
(3) The haze node FCC receives the feature data and generates a soft biometric key K using K, K _sbc and a key derivation algorithm SBC Using K SBC And the encryption algorithm encrypts V_BC to generate a biological characteristic ciphertext C1; generating a session key K using K, sid and SM3 algorithm derivatives SESSION Using K SESSION And SM4 algorithm encrypts session message < C1, V_SBC > generates transmission message ciphertext C2, and sends C2 and session identification Sid to unified authentication Cloud Cloud;
(4) After receiving ciphertext, the unified authentication Cloud receives the ciphertext and generates a session key K by using K, sid and SM3 algorithm derivation SESSION Decrypting the transmitted message ciphertext C2 to obtain < C1, V_SBC >; filtering and screening in the saved user information by using the V_SBC to generate a set S_Vnickname= { V_Nickname|conforming to the identity of the corresponding UEs of the V_SBCHash }; utilizing K_SBC for each UE in S_Vnickname i And the SM3 algorithm derives a generated key to try to decrypt the biological characteristic ciphertext C1, if the decryption is successful, the user can be the same user, and finally the set S_Nickname and the biological characteristic V_BC which are successfully obtained by decryption are sent to an authentication center AUC; the AUC receives the authentication information, carries out biological recognition, and forwards the authentication result to the UE through the Cloud and the FCC, and the authentication is finished.
5. The access authentication and key derivation method for biometric identity authentication of claim 4, wherein the key derivation algorithm in step (3) comprises MD5, SHA-256; the encryption and decryption algorithm in the steps (3) and (4) comprises AES and 3DES.
6. An access authentication and key derivation system for biometric identity authentication that implements the access authentication and key derivation method for biometric identity authentication of any one of claims 1 to 5, characterized by comprising:
the system comprises a biological information acquisition module, a user registration stage, a fog node and a user authentication stage, wherein the biological information acquisition module is used for acquiring and uploading own soft biological characteristics and biological characteristics of the user;
the fog node access authentication module is used for registering fog nodes which are not accessed to the cloud-fog mixed network at the unified authentication cloud to obtain a unique identity mark Fid, sharing a root key K with the unified authentication cloud through key negotiation, and mapping Fid and K one to one; after the access authentication is finished, the fog node is accessed to a cloud-fog mixed network;
a user registration stage module for realizing the registration of the user at the trusted authentication center; the user registers an identity mark at an authentication center, all information such as biological characteristics, soft biological characteristics, the identity mark and the like of the user are acquired and uploaded by using a biological information acquisition module, and the authentication center stores the user information into a local database;
the soft biological feature fusion module is used for fusing the soft biological feature data by the fog node and the unified authentication cloud to generate parameters required by a soft biological feature key;
the key derivation and encryption and decryption module is used for generating two keys by the fog node and the unified authentication cloud through key derivation and required parameters: the soft biological characteristic key and the session key are respectively used for encrypting and decrypting the biological characteristic and the session message;
the authentication stage module is used for confirming the identity of the user through biological recognition; the fog node and the unified authentication cloud use a soft biological feature fusion module and a key derivation and encryption and decryption module to protect biological features and session messages.
7. A computer device, characterized in that it comprises a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to carry out the method steps of claim 1.
8. A computer readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the method steps of claim 1.
9. An information data processing terminal for implementing the access authentication and key derivation system for biometric identity authentication as claimed in claim 6.
CN202210191226.9A 2022-02-28 2022-02-28 Access authentication and key derivation method and system for biometric identity authentication Active CN114553413B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210191226.9A CN114553413B (en) 2022-02-28 2022-02-28 Access authentication and key derivation method and system for biometric identity authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210191226.9A CN114553413B (en) 2022-02-28 2022-02-28 Access authentication and key derivation method and system for biometric identity authentication

Publications (2)

Publication Number Publication Date
CN114553413A CN114553413A (en) 2022-05-27
CN114553413B true CN114553413B (en) 2023-10-13

Family

ID=81662084

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210191226.9A Active CN114553413B (en) 2022-02-28 2022-02-28 Access authentication and key derivation method and system for biometric identity authentication

Country Status (1)

Country Link
CN (1) CN114553413B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110392029A (en) * 2018-04-20 2019-10-29 武汉真元生物数据有限公司 Identity identifying method and system based on biological identification
CN111131153A (en) * 2019-11-18 2020-05-08 西安电子科技大学 Biological identity information authentication method based on 5G cloud and mist mixed unified authentication platform
CN112954675A (en) * 2021-03-02 2021-06-11 西安电子科技大学 Multi-gateway authentication method, system, storage medium, computer device and terminal
CN113115307A (en) * 2021-04-12 2021-07-13 北京邮电大学 Two-factor identity authentication method oriented to smart home scene
US11139964B1 (en) * 2018-09-07 2021-10-05 Wells Fargo Bank, N.A. Biometric authenticated biometric enrollment

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140282868A1 (en) * 2013-03-15 2014-09-18 Micah Sheller Method And Apparatus To Effect Re-Authentication

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110392029A (en) * 2018-04-20 2019-10-29 武汉真元生物数据有限公司 Identity identifying method and system based on biological identification
US11139964B1 (en) * 2018-09-07 2021-10-05 Wells Fargo Bank, N.A. Biometric authenticated biometric enrollment
CN111131153A (en) * 2019-11-18 2020-05-08 西安电子科技大学 Biological identity information authentication method based on 5G cloud and mist mixed unified authentication platform
CN112954675A (en) * 2021-03-02 2021-06-11 西安电子科技大学 Multi-gateway authentication method, system, storage medium, computer device and terminal
CN113115307A (en) * 2021-04-12 2021-07-13 北京邮电大学 Two-factor identity authentication method oriented to smart home scene

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
一种基于生物特征密钥保护技术的身份认证方案;陈泗盛;林艳珍;郭永宁;;太原师范学院学报(自然科学版)(第03期);全文 *
基于区块链技术的跨域身份认证机制研究;张昊迪;刘国荣;汪来富;王帅;;广东通信技术(第07期);全文 *

Also Published As

Publication number Publication date
CN114553413A (en) 2022-05-27

Similar Documents

Publication Publication Date Title
CN103763319B (en) Method for safely sharing mobile cloud storage light-level data
CN103731432B (en) Multi-user supported searchable encryption method
CN103124269B (en) Based on the Bidirectional identity authentication method of dynamic password and biological characteristic under cloud environment
CN111314056B (en) Heaven and earth integrated network anonymous access authentication method based on identity encryption system
CN111212084B (en) Attribute encryption access control method facing edge calculation
CN103179114A (en) Fine-grained access control method for data in cloud storage
CN106899700B (en) Privacy protection method of location sharing system in mobile social network
CN104158827B (en) Ciphertext data sharing method, device, inquiry server and upload data client
CN108632035B (en) Inadvertent transmission system and method with access control
JP2023500570A (en) Digital signature generation using cold wallet
WO2018165835A1 (en) Cloud ciphertext access control method and system
CN113411323B (en) Medical record data access control system and method based on attribute encryption
CN110933033A (en) Cross-domain access control method for multiple Internet of things domains in smart city environment
CN113239403A (en) Data sharing method and device
CN115426136B (en) Cross-domain access control method and system based on block chain
CN107295018A (en) A kind of safety storage of cloud disc file and sharing method
CN107767281A (en) A kind of friend-making matching method for secret protection and system based on two degree of human connections of mobile social networking
CN107205208A (en) Method, terminal and the server of authentication
CN113645195A (en) Ciphertext access control system and method based on CP-ABE and SM4
Pal et al. Policy-based access control for constrained healthcare resources
US10740478B2 (en) Performing an operation on a data storage
CN113204788B (en) Fine granularity attribute matching privacy protection method
CN116709325B (en) Mobile equipment security authentication method based on high-speed encryption algorithm
CN114553413B (en) Access authentication and key derivation method and system for biometric identity authentication
CN109561431B (en) WLAN access control system and method based on multi-password identity authentication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant