CN115278673A - Lightweight biometric authentication method and system based on joint biometric identification - Google Patents
Lightweight biometric authentication method and system based on joint biometric identification Download PDFInfo
- Publication number
- CN115278673A CN115278673A CN202210945193.2A CN202210945193A CN115278673A CN 115278673 A CN115278673 A CN 115278673A CN 202210945193 A CN202210945193 A CN 202210945193A CN 115278673 A CN115278673 A CN 115278673A
- Authority
- CN
- China
- Prior art keywords
- template
- extractor
- user
- vector
- authentication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 133
- 239000013598 vector Substances 0.000 claims abstract description 114
- 238000004364 calculation method Methods 0.000 claims abstract description 47
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 23
- 229940088594 vitamin Drugs 0.000 claims abstract description 7
- 239000011782 vitamin Substances 0.000 claims abstract description 7
- 230000008569 process Effects 0.000 claims description 23
- 238000006243 chemical reaction Methods 0.000 claims description 11
- 239000011159 matrix material Substances 0.000 claims description 11
- 238000007792 addition Methods 0.000 claims description 9
- 230000009466 transformation Effects 0.000 claims description 9
- 239000000654 additive Substances 0.000 claims description 8
- 230000000996 additive effect Effects 0.000 claims description 8
- 239000000284 extract Substances 0.000 claims description 8
- 238000012986 modification Methods 0.000 claims description 5
- 230000004048 modification Effects 0.000 claims description 5
- 238000012217 deletion Methods 0.000 claims description 4
- 230000037430 deletion Effects 0.000 claims description 4
- 238000009825 accumulation Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 3
- 230000001131 transforming effect Effects 0.000 claims description 3
- 238000004590 computer program Methods 0.000 claims description 2
- 238000000605 extraction Methods 0.000 claims description 2
- 238000012512 characterization method Methods 0.000 claims 1
- 230000002596 correlated effect Effects 0.000 claims 1
- 230000000875 corresponding effect Effects 0.000 claims 1
- 238000004088 simulation Methods 0.000 description 9
- 238000010276 construction Methods 0.000 description 5
- 238000012549 training Methods 0.000 description 4
- 238000013459 approach Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000003491 array Methods 0.000 description 2
- 230000015572 biosynthetic process Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 239000000126 substance Substances 0.000 description 2
- 238000003786 synthesis reaction Methods 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/008—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Collating Specific Patterns (AREA)
Abstract
In the method and the system for lightweight biometric authentication based on joint biometric identification, a trusted center generates a series of keys; the extractor constructs a d-vitamin feature registration vector and a biological feature template by confusing the biological feature template, and encrypts the feature template by using a public key of a homomorphic encryption algorithm; the extractor expands the registration vector, encrypts and sends the registration vector to a calculation server by using a registration key, and encrypts and sends an index to a database by the calculation server; the extractor expands the characteristic vector, encrypts the expanded vector and the biological characteristic template and sends the encrypted expanded vector and the encrypted biological characteristic template to the computing server; the database transforms the received index and the authentication query, calculates the similarity between each registration template and the authentication query, and sends the candidate template set to a calculation server to calculate the Euclidean distance; three update operations are supported: add, delete, and modify; the invention meets the confidentiality, renewability, revocable, irreversibility and non-connectability of biological identification, and realizes the balance of low-cost authentication and high-safety requirements.
Description
Technical Field
The invention belongs to the technical field of biological feature identification, and particularly relates to a lightweight biometric authentication method and system based on joint biometric identification.
Background
In recent years, the popularization of smart mobile devices has improved the quality of life of people, the market scale of mobile devices has been expanding, and smart watches, tablet computers and other mobile devices have also promoted the expansion of the mobile market. While mobile devices offer convenience to people, they also pose a threat to the privacy and security of users. As users store personal sensitive information (such as bank accounts and image data) on smart mobile devices, the exposure of personal privacy is also a focus of interest for researchers.
Most existing smart mobile devices utilize knowledge-based authentication mechanisms to ensure their own security and data privacy (e.g., PIN code-based, pattern-based password authentication). However, most users tend to set simple and weak passwords for easy memorization. Such knowledge-based authentication is vulnerable to snooping attacks and dictionary attacks so that an attacker can gain access to personally sensitive information stored in the device. The biological characteristic technology utilizes the uniqueness, the universality, the stability and the acquirability of the biological characteristic technology to promote the continuous development of the biological characteristic authentication, so that the biological characteristic authentication is more convenient and accurate. It also overcomes the vulnerability of password settings in knowledge-based authentication.
Through the above analysis, the problems and defects of the prior art are as follows: most of the existing biological authentication methods are based on single biological characteristics, are low in accuracy and stability, and cannot be applied to different application backgrounds; furthermore, existing biometric authentication methods are not secure and may be compromised by artificial synthesis, replay, and spoofing attacks upon biometric theft, damage, or forgery.
The difficulty in solving the above problems and defects is: (1) The computing power and memory power of smart mobile devices are limited, and therefore a lightweight biometric authentication method needs to be designed. (2) Most of the existing biometric authentication methods are based on a single biometric feature, are not high in accuracy and stability, and cannot be applied to different application backgrounds, so that the designed method needs to be capable of integrating the biometric features to realize comprehensive application of various biometric information. (3) Biometric-based identity authentication may be threatened by artificial synthesis, replay, and spoofing attacks once a biometric is stolen, damaged, or forged due to the uniqueness of the biometric. Therefore, the designed method needs to be able to reconstruct the user biometric template after the biometric is stolen or damaged.
Disclosure of Invention
In order to overcome the disadvantages of the prior art, the present invention provides a lightweight biometric authentication method and system based on joint biometric identification, which is adapted to the application environment of the smart mobile device at the present stage, and combines knowledge-based authentication and authentication based on multiple biometric features to overcome the low security of using only password authentication, and the application of a removable template module can prevent the non-restorability of the biometric template after being stolen or damaged, and has the advantages of high security and low overhead.
In order to achieve the purpose, the invention adopts the technical scheme that:
a lightweight biometric authentication method based on joint biometric identification comprises the following steps:
s101: the trusted center TA generates a series of keys for authenticating the user U i Generating a public key
Private key
Symmetric encryption key
And an authentication key
For registering a user R i Generating index build keys
S102: extractor by obfuscating biometric templates v B To construct a d-vitamin feature registration vector v R And a biometric template T i And encrypting the biological characteristic template T by using a public key of a homomorphic encryption algorithm Paillier i ;
S103: extractor extended registration vector
To
Using registration keys
Encryption
Will be provided with
Sending the index I to a computing server CS, encrypting the index I by the computing server CS and sending the index I to a database DB;
s104: extractor extended feature vector v A To v' A For extended feature vector v' A And a biometric template T A Is encrypted and will
And E K (T A ) Send to calculation clothesA server CS;
s105: database DB for receiving encryption index I and authentication query Q A Transforming, computing each enrollment template and authentication query Q A The candidate template set is sent to the computation server CS for the computation server CS to compute the Euclidean distance
S106: three update operations are supported: addition, deletion, and modification, i.e., new user registration, existing user revocation, and updating of existing user keys and feature templates based on the revocable template module.
The lightweight biometric authentication method based on the joint biometric identification comprises a key generation stage, a feature encryption stage, an index generation stage, a token generation stage, an authentication stage and a feature updating stage;
the key generation phase comprises:
(1) The trusted center TA is an authenticated user U i Generating two large prime numbers p and q, and generating a public key based on a homomorphic encryption algorithm Paillier
Wherein n = pq, g is less than n 2 The random number of (2); private key
Wherein α = lcm (p-1, q-1),
in addition, the trusted center TA is an authenticated user U i Symmetric encryption key generation based on symmetric encryption algorithm AES
(2) Firstly, the trusted center TA is the authenticated user U i Generating a random invertible matrix and its inverse M, M -1 ∈Z 2d ×2d Where d is the dimension of the feature vector; then, toAt each authenticated user U i The trusted center TA generates two random matrices
As an authentication key, wherein
Finally, for each registered user R i The trusted center TA generates two random matrices
Constructing the key as an index, wherein
The encryption characteristic stage comprises:
(1) Obtaining N M-dimensional vectors by extracting human face and fingerprint characteristics
And an n-dimensional vector v f (ii) a Defining operations
The calculation formula is as follows:
the obfuscated biometric templates obtained were as follows:
(2) The extractor is first operated at v B Randomly selects m from each vector 1 (m 1 Belongs to M) numbers, and obtains data of relevant subscripts in each vector to construct a feature candidate vector v ″ i (i =1, \8230;, N), a randomly generated subscript defined as the user's registration key
The extractor connects the feature candidate vectors based on the 'string connection' operation to construct a d-vitamin feature registration vector, and the calculation formula is as follows:
v R =v″ 1 ||v″ 2 ||…||v″ N
(3) Extractor at v B Randomly selects m in each vector 2 (m 2 E.m) numbers, randomly generated subscript being defined as the user's template key
Obtaining data of related subscript in each vector to construct biological characteristic template T i The calculation formula is as follows:
(4) The extractor uses the public key of the homomorphic encryption algorithm Paillier to encrypt the biological characteristic template T i The encryption formula is as follows:
the index generation stage comprises:
(1) First, the extractor expands each registration vector
To
The expansion formula is as follows:
wherein
Is that the extractor is for each registration vector
A randomly selected number;
(2) The extractor then uses the registration key
Encryption
The encryption formula is as follows:
wherein the content of the first and second substances,
p 1 >>p 2 and gamma is>>2|max(ε i )|,
Defined as an integer confusion vector randomly selected from a probability distribution;
is formed by a registration vector
A composed ciphertext; extractor with tuples
In the form of
And
from registered user R i Transmitting to a computing server CS; when the computing server CS receives allWhen registering the encryption primitive ancestor of the user, an encryption index is created
Wherein U is max Representing the total number of users in the database DB; the encryption index I will be transmitted by the calculation server CS to the database DB for storage.
The token generation phase comprises:
(1) First, the extractor authenticates the user U from the certificate j Extracting a feature vector v from the biological features A And has a registration key
And template key
Biological characteristic template T A ;
(2) The extractor then expands the feature vector v A To v' A The expansion formula is as follows:
wherein
The extractor is an authenticated user U j To authenticate a randomly selected number, needs to pay attention to η j Is a positive number;
(3) Next, the extractor uses the authenticated user U j Authentication key of
To spread vector v' A Encryption is carried out, and an encryption formula is as follows:
wherein
Is an integer confusion vector randomly selected by the extractor; the extractor will encrypt the authentication query Q A Sends it to the computing server CS, and then sends an authentication query Q A Sending the data to a database DB for authentication;
(4) Extractor use authentication user U j The public key of the homomorphic encryption algorithm Paillier
Template T for biological characteristics A Encrypting to obtain ciphertext
In addition to this, the extractor uses an authenticated user U j Symmetric key of (2)
To biological characteristic template T A Encrypt to obtain ciphertext E K (T A ) (ii) a The extractor will
And E K (T A ) And sending the result to a computing server CS for Euclidean distance computation of subsequent ciphertexts.
The authentication phase includes:
the authentication process includes three steps: first, the database DB receives the encryption index I and the authentication query Q A Carrying out transformation; the database DB then stores the encryption index according to it
Juicing each enrollment template and authentication query Q A Similarity between them; finally, the database DB sends the set of candidate templates to the computation server CS for use by the computation server CS with the set of candidate templates and the ciphertext
Correlated feature templates to compute Euclidean distance between the twoA distance; the specific process is as follows:
(1) The database DB pairs the encryption index received from the extractor
Each of which
Carrying out transformation; the database DB then re-matches the authentication query Q received from the extractor A And performing transformation, wherein the transformation formula is as follows:
(2) Database DB computation-transformed queries
And each encrypted item in the index I
The correlation score of (c) is calculated as follows:
wherein
Is the random number part of the similarity score, eliminated
And
these two parts are used to obtain the calculation result of the above formula;
according to the calculation result, the database DB obtains the nearest k index entries, sends the corresponding biological characteristic template set to the calculation server CS, and the calculation server CS calculates the ciphertext template
And euclidean distances between k candidate templates;
(3) Computing server CS uses authenticated user U i Symmetric key of (2)
For ciphertext E K (T A ) Decrypting to obtain the biometric template
Then, calculate
And candidate templates
The euclidean distance between them, the calculation formula is as follows:
if the Euclidean distance in the above equation is computed from its additive homomorphism under the homomorphic encryption algorithm Paillier, the computation result is as follows:
for the
And
these two parts, using additive homomorphism, are converted to the following equation:
for
This section, using additive homomorphism, converts it into the following equation:
the computing server CS will
Conversion is carried out, and the conversion formula is as follows:
having plaintext, ciphertext templates T in the computing server CS A ,
And on the premise of the encrypted candidate template set, the computing server CS checks the ciphertext template
And the Euclidean distance of each candidate template, the minimum Euclidean distance in the resultSeparation device
Whether a set threshold T is met; if the value is smaller than the set threshold value T, the computing server CS considers that the authentication is passed; otherwise, the computing server CS considers that the authentication has failed.
The feature updating stage comprises:
the system supports three update operations: adding, deleting and modifying, namely registering a new user, canceling an existing user and updating an existing user key and a feature template based on a revocable template module, the specific process is as follows:
(1) New user U ADD Uploading own biological characteristic data through an extractor, processing the biological characteristic data by the extractor, and respectively generating encrypted registration vectors
And encrypted feature templates
The extractor will
To a calculation server CS which sends it to a database DB which will
Adding to the stored index to complete the registration of the new user;
(2) The existing user revocation process requires three operations; first, the extractor collects and extracts the user U to be revoked DEL The biological characteristics of (a); in addition, the extractor utilizes a registration key
Generating matching index entries
The extractor then indexes the entry
Sending the data to a computing server CS, and sending the data to a database DB by the computing server CS; finally, the database DB deletes the index entry on the index it stores
And matched encryption template
(3) When the user U i When the biological template is damaged or stolen, the user U i Re-inputting the biological characteristics based on the template module which can be cancelled; first, an extractor extracts a user biometric feature and obtains a registration index item
And an encryption template
In addition, the extractor generates new enrollment and template keys
And
then, the extractor will
And
sending the data to a computing server CS, and sending the data to a database DB by the computing server CS; finally, the database DB utilizes the index entries
Dematching encryption index I with user U i Related indexing item
Deleting an index entry
And associated cryptographic templates
And will be
And
is inserted into the encryption index I and,
wherein, TA: a trusted center; CS: a computing server; DB: a database; u shape i 、U j : authenticating the user;
authenticating a user U i The public key of (a);
authenticating a user U i The private key of (a);
authenticating a user U i The symmetric encryption key of (a);
authenticating the key; r i : registering a user;
indexing and constructing a key; v. of B : a biometric template; v. of R : a biometric enrollment vector; t is i : a candidate template; paillier: a homomorphic encryption algorithm;
registering a vector;
expanded registration vectors; i: encrypting the index; v. of A : a feature vector; v' A : expanded feature vectors; t is a unit of A : a biometric template; q A : authenticating and inquiring;
a Euclidean distance; AES: a symmetric encryption algorithm; m: a random invertible matrix; m -1 : an inverse matrix of M; m is 1 、m 2 : a random number; v ″) i : a feature candidate vector;
registered user R i The registration key of (2);
a template key;
biometric template T i An encrypted form of (a);
registration vector
An encrypted form of (a); u shape max : total number of users in database DB;
biological characteristic template T A A homomorphic form of encryption of (a); e K (T A ): biological characteristic template T A A symmetric encryption form of (a);
authenticating a user U j The symmetric key of (a);
a transformed query; u shape ADD : a new user;
new user U ADD An encrypted registration vector;
new user U ADD An encrypted feature template; u shape DEL : a user to be revoked;
user U to be revoked DEL The registration key of (2);
and user U to be revoked DEL Matching index entries;
and the user U to be revoked DEL A matched encryption template;
user U i A new registration index entry;
user U i A new encrypted template;
user U i A new registration key;
user U i A new template key;
newly defined vector operations; l |: character string connection operation; sigma: performing accumulation operation; II: and (4) performing continuous multiplication operation.
A lightweight biometric authentication method based on joint biometric authentication is stored in a program storage medium receiving user input, and is executed by an electronic device through a computer program.
The lightweight biometric authentication method based on the joint biometric identification is realized by adopting a lightweight biometric authentication system, and the lightweight biometric authentication system comprises the following steps:
the extractor is used for extracting biological characteristics, generating a template module which can be cancelled and encrypting a template;
the trusted center is used for generating a key;
a calculation server for calculating a euclidean distance of the encrypted biometric feature;
and the database is used for storing the indexes.
The lightweight biometric authentication system is carried on a terminal, and the terminal is an Internet of things terminal.
The invention has the beneficial effects that: the invention uses the newly proposed random bit generation RBG and encryption process to construct the biological characteristic template and the related index, thus protecting the privacy of the outsourced stored biological characteristic template and the confidentiality of the identity authentication process; after the extractor extracts the authentication template, the random bit generation RBG and the matrix key are used for carrying out confusion and encryption on the template to obtain a token, so that the safety of the whole authentication process and the query non-connectability can be ensured; in the authentication matching process, a matching set close to the token is screened out, then the similarity between the authentication template and the template in the matching set is compared one by one, and the similarity calculation is executed based on a newly proposed encryption vector distance calculation method, so that the authentication process has strong robustness and the authentication accuracy can be ensured; the method of the present invention achieves greater safety and accuracy at less cost.
The invention adopts an encryption process based on low cost and random bit generation to construct a biological characteristic template and a related index, and a user generates and acquires a key from the random bit as an identity authentication password, which is the basis for realizing joint knowledge and biological characteristic identity authentication subsequently; after the extractor extracts the authentication template, the template is obfuscated and encrypted by using random bit generation and a matrix key to obtain a token, a retrieval method based on the token and the encryption index is designed by using a searchable encryption technology, k template indexes closest to the authentication template are retrieved, and the safety of the whole authentication process and the non-connectability of inquiry can be ensured; the invention provides a biological characteristic template construction method combining a human face and a fingerprint, which uses local binary characteristic LBP and fingerprint characteristics based on details, screens out a matching set close to a token in an authentication process, compares the similarity between the authentication template and the template in the matching set one by one, and executes similarity calculation based on a newly-proposed encryption vector distance calculation method, so that the authentication process has strong robustness and the authentication accuracy can be ensured. The invention meets the requirements of confidentiality, renewability, revocable property, irreversibility and non-connectability of the template in the biological characteristic identification, and realizes the balance between low cost of the biological characteristic and high safety identification.
The invention is compared with the classical biological authentication method. The safety comparison results are shown in table 1, wherein "√" indicates that the safety requirement is satisfied, "×" indicates that the safety requirement is not satisfied, and "+" indicates that the safety requirement is partially satisfied.
TABLE 1 comparison of safety
In table 1, the method of the present invention has renewability and revocable properties that other classical biometric authentication methods do not have; the method of Zhu et al has verifiability and collusion resistance, but inevitably results in high overhead due to the introduction of bilinear pairing in the method, making the method unsuitable for mobile devices. The method of the invention realizes the balance between the requirements of low cost and high safety of the biological authentication.
Drawings
Fig. 1 is a flowchart of a lightweight biometric authentication method according to an embodiment of the present invention.
Fig. 2 is a system block diagram of a lightweight biometric authentication system according to an embodiment of the present invention.
Fig. 3 is a flowchart of an implementation of the lightweight biometric authentication method according to the embodiment of the present invention.
Fig. 4, 5 and 6 are graphs comparing authentication accuracy and authentication time in different databases (ORL, yale and FERET databases) for the lightweight biometric authentication method according to the embodiment of the present invention and other classical biometric authentication methods.
Fig. 7, fig. 8 and fig. 9 are simulation diagrams of the authentication accuracy of the LBP feature descriptor dimension under different databases (ORL, yale and FERET databases) in the lightweight biometric authentication method according to the embodiment of the present invention.
Fig. 10 is a comparison graph of the time overhead of generating a key and generating a token under different feature vector sizes in the lightweight biometric authentication method and other classical biometric authentication methods according to the embodiment of the present invention.
Fig. 11 is a comparison graph of the time cost of index construction in the FERET database by the lightweight biometric authentication method according to the embodiment of the present invention and other classical biometric authentication methods.
Fig. 12 is a graph comparing the time overhead of a query in the FERET database by the lightweight biometric authentication method according to the embodiment of the present invention with other classical biometric authentication methods.
Fig. 13, 14 and 15 are graphs comparing the time overhead of encrypting vector calculation under different vector sizes and data amounts in the lightweight biometric authentication method according to the embodiment of the present invention and other classical biometric authentication methods.
Detailed Description
The present invention will be described in further detail with reference to the following examples and the accompanying drawings. It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the invention.
As shown in fig. 1, a lightweight biometric authentication method based on federated biometric identification includes the following steps:
s101: the trusted center TA generates a series of keys for authenticating the user U i Generating public keys
Private key
Symmetric encryption key
And authentication key
For registering a user R i Generating an index build key
S102: the extractor obfuscates the biometric template v B To construct a d-vitamin feature registration vector v R And a biometric template T i And encrypting the biological characteristic template T by using a public key of a homomorphic encryption algorithm Paillier i ;
S103: extractor extended registration vector
To
Using registration keys
Encryption
Will be provided with
Sending the index I to a computing server CS, encrypting the index I by the computing server CS and sending the index I to a database DB;
s104: extractor extended feature vector v A To v' A V 'to extended feature vector' A And a biometric template T A Is encrypted and will
And E K (T A ) Sending to a computing server CS;
s105: the database DB receives the encryption index I and the authentication query Q A Transforming, computing each enrollment template and authentication query Q A The similarity between the candidate templates is sent to the computing server CS so that the computing server CS can compute the Euclidean distance
S106: three update operations are supported: additions, deletions, and modifications, i.e., new user registration, existing user revocation, and updates of existing user keys and feature templates based on the revocable template module.
As shown in fig. 2, the lightweight biometric authentication method based on joint biometric identification is implemented by using a lightweight biometric authentication system, and the lightweight biometric authentication system includes:
an extractor: as a completely trusted entity in the system, the extractor has sufficient computing power but no large storage space, and is mainly responsible for extracting the biological features, generating a multi-mode revocable template together with the trusted center, and encrypting the template according to a key distributed by the trusted center;
the credible center: the device is responsible for assisting the extractor to generate a multi-mode revocable template and generating different template encryption keys for different users;
a computing server: the system is provided with a plurality of credible computing servers, each computing server provides service for all users in a system subregion by using strong computing capacity, and the computing servers are responsible for calculating the Euclidean distance of encrypted biological characteristics and returning a final authentication result according to the computing results between a candidate template set and an authentication template;
a database: as an entity with the strongest computing power and storage space in the system, the distributed database can store biological characteristic templates of a plurality of users, and associates the user identity with the characteristic templates by establishing an encrypted query index; the database is a semi-trusted entity that will fully execute instructions and perform statistical analysis on stored information.
As shown in fig. 3, the lightweight biometric authentication method based on joint biometric identification includes a key generation phase, a feature encryption phase, an index generation phase, a token generation phase, an authentication phase, and a feature update phase;
the key generation phase comprises the following steps:
(1) The trusted center TA is a user U i Generating two large prime numbers p and q, and generating a public key based on a homomorphic encryption algorithm Paillier
Wherein n = pq, g is less than n 2 The random number of (2); private key
Wherein α = lcm (p-1, q-1),
in addition, the trusted center TA is an authenticated user U i Symmetric encryption key generation based on symmetric encryption algorithm AES
(2) Firstly, the trusted center TA is the authenticated user U i Generating a random invertible matrix and its inverse M, M -1 ∈Z 2d ×2d Where d is the dimension of the feature vector; then, for each authenticated user U i The trust center TA generates two random matrices
As an authentication key, among
Finally, for each registered user R i The trusted center TA generates two random matrices
Constructing the key as an index, wherein
The encryption characteristic stage comprises:
(1) Through face and fingerprint feature extraction, N M-dimensional vectors can be obtained
And an n-dimensional vector v f (ii) a Defining operations
The calculation formula is as follows:
the obfuscated biometric templates obtained were as follows:
(2) The extractor is first operated at v B Randomly selects m from each vector 1 (m 1 Belongs to M) numbers, and obtains data of relevant subscripts in each vector to construct a feature candidate vector v ″ i (i =1, \8230;, N), a randomly generated subscript is defined as the user's registration key
The extractor connects the feature candidate vectors based on the 'string connection' operation to construct a d-vitamin feature registration vector, and the calculation formula is as follows:
v R =v″ 1 ||v″ 2 ||…||v″ N
(3) Extractor at v B Randomly selects m from each vector 2 (m 2 E.m) numbers, randomly generated subscript being defined as the user's template key
Obtaining data of related subscript in each vector to construct biological feature template T i The calculation formula is as follows:
(4) The extractor uses the public key of the homomorphic encryption algorithm Paillier to encrypt the biological characteristic template T i The encryption formula is as follows:
the index generation stage comprises:
(1) First, the extractor expands each registration vector
To
The expansion formula is as follows:
wherein
Is that the extractor is for each registration vector
A randomly selected number;
(2) The extractor then uses the registration key
Encryption
The encryption formula is as follows:
wherein the content of the first and second substances,
p 1 >>p 2 and gamma is>>2|max(ε i )|,
Defined as an integer confusion vector randomly selected from a probability distribution; in the subsequent authentication phase, the above parameters will be used for vector similarity calculation;
is formed by a registration vector
A composed ciphertext; extractor with tuples
In the form of
And
from registered user R i Transmitting to a computing server CS; when the computing server CS receives the encrypted metaprogenitors of all registered users, an encryption index will be created
Wherein U is max Representing the total number of users in the database DB; the encryption index I will be transmitted by the calculation server CS to the database DB for storage.
The token generation phase comprises:
(1) First, the extractor authenticates the user U from j Extracting a feature vector v from the biological features A And has a registration key
And template key
Biological characteristic template T A ;
(2) The extractor then expands the feature vector v A To v' A The expansion formula is as follows:
wherein
The extractor is an authenticated user U j To authenticate the randomly selected number, needs to pay attention to eta j Is a positive number;
(3) Next, the extractor uses the authenticated user U j Authentication key of
To extension vector v' A Encryption is carried out, and an encryption formula is as follows:
wherein
Is an integer confusion vector randomly selected by the extractor; the extractor will encrypt the authentication query Q A Send it to the calculation server CS and then send the authentication query Q A Sending the data to a database DB for authentication;
(4) Extractor use authentication user U j The public key of the homomorphic encryption algorithm Paillier
Template T for biological characteristics A To add are carried outEncrypting to obtain a ciphertext
In addition, the extractor uses the authenticated user U j Symmetric key of
Template T for biological characteristics A Encrypt to obtain ciphertext E K (T A ) (ii) a The extractor will
And E K (T A ) And sending the result to a computing server CS for Euclidean distance computation of subsequent ciphertexts.
The authentication phase includes:
the authentication process includes three steps: first, the database DB receives the index I and the authentication query Q A Carrying out conversion; the database DB then stores the encryption index according to it
Computing each enrollment template and authentication query Q A Similarity between them; finally, the database DB sends the set of candidate templates to the computation server CS for the computation server CS to use with the set of candidates and the ciphertext
The related characteristic template is used for calculating the Euclidean distance between the two characteristic templates; the specific process is as follows:
(1) The database DB pairs the encryption index received from the extractor
Each of which is
Carrying out transformation; the database DB then re-processes the authentication query Q received from the extractor A And performing transformation, wherein the transformation formula is as follows:
(2) Database DB computation-transformed queries
And each encrypted item in the encryption index I
The formula for calculating the relevance score is as follows:
wherein
Is the random number part of the similarity score, note that p is due to 1 >>p 2 And is
Therefore, it is not only easy to use
And
the values of these two parts approach 0 indefinitely; since the calculation result is in the domain
Upper round off, thus can eliminate
And
these two parts are used to obtain the calculation result of the above formula;
according to the calculation result, the database DB obtains the nearest k index entries, sends the corresponding biological characteristic template set to the calculation server CS, and the calculation server CS calculates the ciphertext template
And euclidean distances between k candidate templates;
(3) Computing server CS uses authenticated user U i Symmetric key of
For ciphertext E K (T A ) Decrypting to obtain the biometric template
Then, calculate
And candidate templates
The euclidean distance between them, the calculation formula is as follows:
if the Euclidean distance in the above equation is computed from its additive homomorphism under the homomorphic encryption algorithm Paillier, then the computation result is as follows:
for
And
these two parts can be homomorphically converted into the following equation by addition, and the conversion equation is as follows:
for the
This section, it can be converted using additive homomorphism into the following equation:
due to the above conversion formula, the calculation server CS will
Conversion is carried out, and the conversion formula is as follows:
having plaintext, ciphertext templates T in the computing server CS A ,
And the encrypted candidate template set, the computing server CS may check the ciphertext template
And the Euclidean distance of each candidate template, the minimum Euclidean distance in the result
Whether a set threshold T is met; if the value is smaller than the set threshold value T, the computing server CS considers that the authentication is passed; otherwise, the computing server CS considers the authentication as failed.
The feature updating stage comprises:
the system supports three update operations: additions, deletions, and modifications, i.e., new user registration, existing user revocation, and updates of existing user keys and feature templates based on the revocable template module. The specific process is as follows:
(1) New user U ADD Uploading own biological characteristic data through an extractor, and processing the biological characteristic data by the extractor to respectively generate encrypted registration vectors
And encrypted feature templates
The extractor will
To a calculation server CS which sends it to a database DB which will
Adding the new user into the stored encryption index to complete the registration of the new user;
(2) The existing user revocation process requires three operations; first, the extractor collects and extracts the user U to be revoked DEL The biological characteristic of (a); in addition, the extractor utilizes the registration key
Generating matching index entries
The extractor then indexes the entry
Sending the data to a computing server CS, and sending the data to a database DB by the computing server CS; finally, the database DB deletes the index entry on the index it stores
And matched encryption template
(3) When the user U i When the biological template is damaged or stolen, the user U i The biometric may be re-entered based on the dismissible template module; first, an extractor extracts a user biometric feature and obtains a registration index item
And an encryption template
In addition, the extractor generates new enrollment and template keys
And
then, the extractor will
And
sending the data to a computing server CS, and sending the data to a database DB by the computing server CS; finally, the database DB utilizes the index entry
Dematching index I with user U i Related index item
Deleting an index entry
And associated cryptographic templates
And will be
And
inserted into the encryption index I.
Wherein, TA: a trusted center; CS: a computing server; DB: a database; u shape i 、U j : authenticating a user;
authenticating a user U i The public key of (2);
authenticating a user U i The private key of (1);
authenticating a user U i The symmetric encryption key of (a);
authenticating the key; r i : registering a user;
indexing and constructing a key; v. of B : a biometric template; v. of R : a biometric enrollment vector; t is a unit of i : a candidate template; paillier: a homomorphic encryption algorithm;
registering a vector;
expanded registration vectors; i: encrypting the index; v. of A : a feature vector; v' A : expanded feature vectors; t is A : a biometric template; q A : authenticating and inquiring;
a Euclidean distance; AES: a symmetric encryption algorithm; m: a random invertible matrix; m is a group of -1 : an inverse matrix of M; m is 1 、m 2 : a random number; v ″', and i : a feature candidate vector;
registered user R i The registration key of (2);
a template key;
biometric template T i An encrypted form of (a);
registration vector
An encrypted form of (a); u shape max : total number of users in database DB;
biological characteristic template T A A homomorphic form of encryption of (a); e K (T A ): biological characteristic template T A A symmetric encryption form of (a);
authenticating a user U j The symmetric key of (2);
a transformed query; u shape ADD : a new user;
new user U ADD An encrypted registration vector;
new user U ADD An encrypted feature template; u shape DEL : a user to be revoked;
user U to be revoked DEL The registration key of (2);
and user U to be revoked DEL Matching index entries;
and user U to be revoked DEL A matched encryption template;
user U i A new registration index entry;
user U i A new encrypted template;
user U i A new registration key;
user U i A new template key;
newly defined vector operations; l |: character string connection operation; sigma: performing accumulation operation; II: and (4) performing continuous multiplication operation.
In order to verify the usability of the present invention, the following shows and describes the test results of the lightweight biometric authentication method SELBA based on joint biometric identification under simulation, the simulation environment: in a PC with a CPU of 2.10 GHz, the environment is Windows.
Fig. 4, 5, and 6 are graphs comparing the authentication accuracy and the authentication time of the lightweight biometric authentication method SELBA based on joint biometrics with those of other classical biometric authentication methods in different databases (ORL, yale, and FERET databases). The results show that the accuracy of the method of the invention in different databases is lower than that of the CNN-based method and higher than that of the Gabor-based and PCA-based methods. When the data volume in different databases reaches a certain degree, the authentication accuracy of the method can be stabilized to be more than 95%. Under different approaches, the time consumption will increase linearly with increasing amount of data. The time consumption of the method of the invention is slightly higher than that of the Gabor-based and PCA-based methods, but the time consumption of the CNN-based method is about four times that of the other methods. High accuracy methods entail high overhead, and although CNN-based methods are the most accurate, applications on mobile devices need to consider the accuracy and efficiency of identity authentication. Compared with other methods, the method of the invention realizes the balance between low authentication cost and high security requirements.
Fig. 7, 8 and 9 are simulations of the influence of the dimension of the LBP feature descriptor in the joint biometric identification-based lightweight biometric authentication method SELBA on the authentication accuracy of different data volumes under different databases (ORL, yale and FERET databases). The result shows that the larger the data amount is, the higher the recognition accuracy is in different databases. Further, the larger the dimensionality of the descriptor, the higher the recognition accuracy. As can be seen from fig. 7, 8, and 9, the recognition rate of the 3 × 3 dimensional descriptor is higher than that of the 8 × 6 dimensional descriptor by 10% or more. According to the simulation result, compared with the other three methods, the method provided by the invention keeps higher identity authentication accuracy on the basis of protecting the biological data privacy, and does not cause larger additional calculation overhead.
Fig. 10 is a time comparison of the lightweight biometric authentication method SELBA based on joint biometric identification with other classical biometric authentication methods for generating keys and tokens at different feature vector sizes. The results show that the time cost of generating the key by the inventive method and the method of Zhu et al increases linearly with increasing vector size. When the vector size is 16 bits, the average time to create the key is approximately 110 milliseconds and 290 milliseconds, respectively. When the size is increased to 256 bits, their average time overhead will increase to 1100ms and 1253ms, respectively. However, for the method of Zhou et al, the average time cost increases from 100ms to 2300ms and shows an exponential growth trend as the vector size increases from 16 bits to 256 bits. While the method of Zhou et al uses a matrix as the key, the matrix size will vary in synchronism with the vector size, the method of the present invention and the method of Zhu et al are based on homomorphic encryption, so the key size may not be affected by the vector size. Furthermore, the time cost of generating tokens in the three methods also increases with increasing vector dimension, but the increase is much less than key generation. When the size is 16 bits, the average time to generate tokens by the inventive method, the Zhu et al method, and the Zhou et al method is about 30ms, 220ms, and 60ms, respectively. When the size is increased to 256 bits, the average time reaches around 150ms, 1200ms and 860ms, respectively. Due to bilinear pairing introduced by the method of Zhu et al, the cost is much higher than that of the other two methods in the token generation process. Simulation results show that the time cost for generating the key and the token is low, and the method has practical advantages compared with other biological authentication methods.
Fig. 11 is a time comparison of index construction in the FERET database for the lightweight biometric authentication method SELBA based on joint biometric identification and other classical biometric authentication methods. The index structures of the three methods are all inverted indexes, and the time cost of index construction linearly increases along with the increase of the training data volume. The average time overhead of the inventive method, the Zhu et al method and the Zhou et al method remained around 0.16s, 0.45s and 0.38s, respectively, when the training data amount was 200. As the amount of data increases to 1000, the cost increases to around 10, 12 and 9 seconds. Simulation results show that in practical application, the time overhead of index construction of the method is within an acceptable range.
Fig. 12 is a time comparison of a lightweight biometric authentication method SELBA based on federated biometrics with other classical biometric authentication methods queried in the FERET database. The query times for the method of the present invention, the method of Zhu et al, and the method of Zhou et al, increase exponentially with increasing vector size. When the vector size is 16 bits, the influence of the variation of the training data on the query time cost is small, and when the vector size is 64 or 256 bits, the variation of the training data greatly affects the query overhead. However, smaller feature vector sizes do not describe features well. In a practical application scenario, setting the feature vector to 64 bits is a good choice to consider accuracy and efficiency. Simulation results show that compared with other methods, the method provided by the invention realizes balance between low-cost authentication and high-security requirements.
Fig. 13, 14 and 15 are time overhead comparisons of encryption vector calculations for different vector sizes and data amounts for the lightweight biometric authentication method SELBA based on joint biometrics and other classical biometric authentication methods. Fig. 13 and 14 show that the time overhead varies with an increase in the amount of data when the vector size is 16 bits and 64 bits, respectively. Among them, the method of Zhu et al is much more costly than the method of the present invention and the method of Zhou et al. This is mainly due to the fact that the computation process of the method of Zhu et al involves many linear pairing operations and requires verification of the validity of the token prior to computation. Figure 15 shows that the time cost of the inventive method and method of Zhou et al at different data volumes approaches Zhu et al gradually as the vector size increases to 256 bits. Simulation results show that compared with other methods, the method provided by the invention realizes balance between low authentication cost and high safety requirements.
It should be noted that the inventive method can be implemented by hardware, software, or a combination of software and hardware, and that the hardware portions can be implemented by dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the apparatus and methods described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided on a carrier medium such as a disk, CD-or DVD-ROM, programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier, for example. The apparatus and its modules of the present invention may be implemented by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., or by software executed by various types of processors, or by a combination of hardware circuits and software, e.g., firmware.
The present invention is not limited to the above embodiments, and any modification, equivalent replacement and improvement made by those skilled in the art within the technical scope of the present invention, which is within the spirit and principle of the present invention, should be covered by the protection scope of the present invention.
Claims (10)
1. A lightweight biometric authentication method based on joint biometric identification is characterized by comprising the following steps:
s101: the trusted center TA generates a series of keys for authenticating the user U i Generating public keys
Private key
Symmetric encryption key
And an authentication key
For registering a user R i Generating an index build key
S102: extractor by obfuscating biometric templates v B To construct a d-vitamin profile registryQuantity v R And a biometric template T i And encrypting the biological characteristic template T by using a public key of a homomorphic encryption algorithm Paillier i ;
S103: extractor extended registration vector
To
Using registration keys
Encryption
Will be provided with
Sending the index I to a computing server CS, encrypting the index I by the computing server CS and sending the index I to a database DB;
s104: extractor extended feature vector v A To v' A For extended feature vector v' A And a biometric template T A Is encrypted and will
And E K (T A ) Sending to a computing server CS;
s105: the database DB receives the encryption index I and the authentication query Q A Transforming, computing each enrollment template and authentication query Q A The similarity between the candidate templates is sent to the computing server CS so that the computing server CS can compute the Euclidean distance
S106: three update operations are supported: addition, deletion, and modification, i.e., new user registration, existing user revocation, and updating of existing user keys and feature templates based on the revocable template module.
2. The method of claim 1, comprising a key generation phase, a feature encryption phase, an index generation phase, a token generation phase, an authentication phase, and a feature update phase;
the key generation phase comprises:
(1) The trusted center TA is an authenticated user U i Generating two large prime numbers p and q, and generating a public key based on a homomorphic encryption algorithm Paillier
Wherein n = pq, g is a random number less than n 2; private key
Wherein α = lcm (p-1, q-1),
in addition, the trusted center TA is an authenticated user U i Symmetric encryption key generation based on symmetric encryption algorithm AES
(2) Firstly, the trusted center TA is the authenticated user U i Generating a random invertible matrix and its inverses M, M -1 ∈Z 2d×2d Where d is the dimension of the feature vector; then, for each authenticated user U i The trusted center TA generates two random matrices
As an authentication key, wherein
Finally, for each registered user R i The trusted center TA generates two random matrices
Constructing the key as an index, wherein
3. The method of claim 2, wherein the encryption characterization phase comprises:
(1) Obtaining N M-dimensional vectors through face and fingerprint feature extraction
And an n-dimensional vector v f I =1, \ 8230;, N; defining operations
The calculation formula is as follows:
the obfuscated biometric templates obtained were as follows:
(2) The extractor is first operated at v B Randomly selects m in each vector 1 Number, m 1 E is M, and data of relevant subscripts in each vector are obtained to construct a characteristic candidate vector v i ", i =1, \ 8230;, N, randomly generated subscript defines the user's registration key
The extractor connects the feature candidate vectors based on the 'string connection' operation to construct a d-vitamin feature registration vector, and the calculation formula is as follows:
v R =v 1 ″||v 2 ″||…||v N ″
l |: character string connection operation;
(3) Extractor at v B Randomly selects m in each vector 2 Number m 2 Belongs to M, randomly generated subscript is defined as a template key of a user
Obtaining data of related subscript in each vector to construct biological feature template T i The calculation formula is as follows:
(4) The extractor encrypts the biological characteristic template Ti by using a public key of a homomorphic encryption algorithm Paillier, wherein an encryption formula is as follows:
4. the method of claim 3, wherein generating the index phase comprises:
(1) First, the extractor expands each registration vector
To
The expansion formula is as follows:
wherein
Is a liftExtractor for each registration vector
A randomly selected number; sigma: performing accumulation operation;
(2) The extractor then uses the registration key
Encryption
The encryption formula is as follows:
wherein, the first and the second end of the pipe are connected with each other,
p 1 >>p 2 and gamma is>>2|max(ε i )|,
Defined as an integer confusion vector randomly selected from a probability distribution;
is formed by a registration vector
A composed ciphertext; extractor with tuples
In the form of
And
from registered user R i Transmitting to a computing server CS; when the computing server CS receives the encrypted metanodes of all registered users, an encryption index will be created
Wherein U is max Representing the total number of users in the database DB; the encryption index I will be transmitted by the calculation server CS to the database DB for storage.
5. The method of claim 4, wherein the generating the token phase comprises:
(1) First, the extractor authenticates the user U from the certificate i Extracting a feature vector v from the biological features A And has a registration key
And template key
Biological characteristic template T A ;
(2) The extractor then expands the feature vector v A To v' A The expansion formula is as follows:
wherein
The extractor is an authenticated user U j To authenticate the randomly selected number, needs to pay attention to eta j Is a positive number;
(3) Next, the extractor uses the authenticated user U j Authentication key of
To extension vector v' A Encryption is carried out, and an encryption formula is as follows:
wherein
Is an integer confusion vector randomly selected by the extractor; the extractor will encrypt the authentication query Q A Sends it to the computing server CS, and then sends an authentication query Q A Sending the data to a database DB for authentication;
(4) Extractor use authentication user U j The public key of the homomorphic encryption algorithm Paillier
Template T for biological characteristics A Encrypting to obtain ciphertext
In addition, the extractor uses the authenticated user U j Symmetric key of (2)
To biological characteristic template T A Encrypt to obtain ciphertext E K (T A ) (ii) a The extractor will
And E K (T A ) And sending the result to a computing server CS for Euclidean distance computation of subsequent ciphertexts.
6. The method of claim 5, wherein the authentication process comprises three steps: first, the database DB receives the encryption index I and the authentication query Q A Carrying out conversion; the database DB then stores the encryption index according to it
Computing each enrollment template and authentication query Q A Similarity between them; finally, the database DB sends the set of candidate templates to the computation server CS for use by the computation server CS with the set of candidate templates and the ciphertext
The correlated characteristic template calculates the Euclidean distance between the two characteristic templates; the specific process is as follows:
(1) Database DB for encryption index received from extractor
Each of which is
Carrying out conversion; the database DB then re-matches the authentication query Q received from the extractor A And performing transformation, wherein the transformation formula is as follows:
(2) Database DB computation-transformed queries
And each encrypted item in the encryption index I
The formula for calculating the relevance score is as follows:
wherein
Is the random number part of the similarity score, eliminated
And
these two parts are used to obtain the calculation result of the above formula;
according to the calculation result, the database DB obtains the nearest k index entries, sends the corresponding biological characteristic template set to the calculation server CS, and the calculation server CS calculates the ciphertext template
And euclidean distances between the k candidate templates;
(3) Computing server CS uses authentication user U i Symmetric key of
For ciphertext E K (T A ) Decrypting to obtain the biological characteristic template
Then, calculate
And candidate templates
The euclidean distance between them, the calculation formula is as follows:
if the Euclidean distance in the above equation is computed from its additive homomorphism under the homomorphic encryption algorithm Paillier, then the computation result is as follows:
for
And
these two parts, using additive homomorphism, are converted to the following equation:
II: performing continuous multiplication operation;
for the
This section, using additive homomorphism, converts it into the following equation:
the computing server CS will
Conversion is carried out, and the conversion formula is as follows:
having plaintext, ciphertext templates T in the computing server CS A ,
And on the premise of the encrypted candidate template set, the computing server CS checks the ciphertext template
And the Euclidean distance of each candidate template, the minimum Euclidean distance in the result
Whether a set threshold T is met; if the value is smaller than the set threshold value T, the computing server CS considers that the authentication is passed; otherwise, the computing server CS considers the authentication as failed.
7. The method of claim 6, wherein the feature update phase comprises:
the system supports three update operations: adding, deleting and modifying, namely registering a new user, canceling an existing user and updating an existing user key and a feature template based on a revocable template module, the specific process is as follows:
(1) New user U ADD Uploading own biological characteristic data through an extractor, processing the biological characteristic data by the extractor, and respectively generating encrypted registration vectors
And encrypted feature templates
The extractor will
To the calculation server CS, which sends it to the database DB, which will
Adding the new user into the stored encryption index to complete the registration of the new user;
(2) The existing user revocation process requires three operations; first, the extractor collects and extracts the users U to be revoked DEL The biological characteristic of (a); in addition, the extractor utilizes the registration key
Generating matching index entries
The extractor then indexes the entry
Sending the data to a computing server CS, and sending the data to a database DB by the computing server CS; finally, the database DB deletes the index entry on the index it stores
And matched encryption template
(3) When the user U i When the biological template is damaged or stolen, the user U i Re-inputting the biological characteristics based on the template module which can be cancelled; first, an extractor extracts a user biometric feature and obtains a registration index item
And an encryption template
In addition, the extractor generates new enrollment and template keys
And
then, the extractor will
And
sending the data to a computing server CS, and sending the data to a database DB by the computing server CS; finally, the database DB utilizes the index entry
Dematching encryption index I with user U i Related indexing item
Deleting an index entry
And associated cryptographic templates
And will be
And
inserted into the encryption index I.
8. A storage medium for use in a method according to any of claims 1-7, wherein the program storage medium is stored for enabling an electronic device to execute via a computer program by receiving user input.
9. A lightweight biometric authentication system for use in the method of claims 1-8, wherein the lightweight biometric authentication system comprises:
the extractor is used for extracting biological characteristics, generating a template module which can be cancelled and encrypting a template;
a trusted center for generating a key;
a calculation server for calculating a euclidean distance of the encrypted biometric feature;
and the database is used for storing the indexes.
10. The system of claim 9, wherein the lightweight biometric authentication system is mounted on a terminal, and the terminal is an internet of things terminal.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210945193.2A CN115278673A (en) | 2022-08-08 | 2022-08-08 | Lightweight biometric authentication method and system based on joint biometric identification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210945193.2A CN115278673A (en) | 2022-08-08 | 2022-08-08 | Lightweight biometric authentication method and system based on joint biometric identification |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115278673A true CN115278673A (en) | 2022-11-01 |
Family
ID=83748315
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210945193.2A Pending CN115278673A (en) | 2022-08-08 | 2022-08-08 | Lightweight biometric authentication method and system based on joint biometric identification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115278673A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115913580A (en) * | 2023-02-21 | 2023-04-04 | 杭州天谷信息科技有限公司 | Homomorphic encryption-based biometric authentication method and system |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150341349A1 (en) * | 2014-05-23 | 2015-11-26 | Fujitsu Limited | Privacy-preserving biometric authentication |
| CN107919965A (en) * | 2018-01-05 | 2018-04-17 | 杭州电子科技大学 | A kind of biological characteristic sensitive information outsourcing identity identifying method based on homomorphic cryptography |
| CN108475309A (en) * | 2015-08-21 | 2018-08-31 | 维尔蒂姆知识产权有限公司 | System and method for biological characteristic consensus standard |
| CN112329519A (en) * | 2020-09-21 | 2021-02-05 | 中国人民武装警察部队工程大学 | Safe online fingerprint matching method |
| US20210124815A1 (en) * | 2019-10-25 | 2021-04-29 | Visa International Service Association | Optimized private biometric matching |
| CN112733111A (en) * | 2020-12-31 | 2021-04-30 | 暨南大学 | Threshold predicate encryption biometric feature authentication method based on segment segmentation |
| CN113239336A (en) * | 2021-06-02 | 2021-08-10 | 西安电子科技大学 | Privacy protection biological characteristic authentication method based on decision tree |
-
2022
- 2022-08-08 CN CN202210945193.2A patent/CN115278673A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150341349A1 (en) * | 2014-05-23 | 2015-11-26 | Fujitsu Limited | Privacy-preserving biometric authentication |
| CN108475309A (en) * | 2015-08-21 | 2018-08-31 | 维尔蒂姆知识产权有限公司 | System and method for biological characteristic consensus standard |
| CN107919965A (en) * | 2018-01-05 | 2018-04-17 | 杭州电子科技大学 | A kind of biological characteristic sensitive information outsourcing identity identifying method based on homomorphic cryptography |
| US20210124815A1 (en) * | 2019-10-25 | 2021-04-29 | Visa International Service Association | Optimized private biometric matching |
| CN112329519A (en) * | 2020-09-21 | 2021-02-05 | 中国人民武装警察部队工程大学 | Safe online fingerprint matching method |
| CN112733111A (en) * | 2020-12-31 | 2021-04-30 | 暨南大学 | Threshold predicate encryption biometric feature authentication method based on segment segmentation |
| CN113239336A (en) * | 2021-06-02 | 2021-08-10 | 西安电子科技大学 | Privacy protection biological characteristic authentication method based on decision tree |
Non-Patent Citations (4)
| Title |
|---|
| GOMEZ B M ET AL.: "Multi-biometric template protection based on homomorphic encryption", PATTERN RECOGNITION, 31 December 2017 (2017-12-31) * |
| 张宁;臧亚丽;田捷;: "生物特征与密码技术的融合――一种新的安全身份认证方案", 密码学报, no. 02, 15 April 2015 (2015-04-15) * |
| 杨雄;张晓惠;: "基于全同态加密的人脸特征密文认证系统", 微电子学与计算机, no. 09, 5 September 2020 (2020-09-05) * |
| 王会勇;唐士杰;丁勇;王玉珏;李佳慧;: "生物特征识别模板保护综述", 计算机研究与发展, no. 05, 15 May 2020 (2020-05-15) * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115913580A (en) * | 2023-02-21 | 2023-04-04 | 杭州天谷信息科技有限公司 | Homomorphic encryption-based biometric authentication method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20230325491A1 (en) | Method and System for Securing User Access, Data at Rest and Sensitive Transactions Using Biometrics for Mobile Devices with Protected, Local Templates | |
| US8842887B2 (en) | Method and system for combining a PIN and a biometric sample to provide template encryption and a trusted stand-alone computing device | |
| Kaur et al. | Privacy preserving remote multi-server biometric authentication using cancelable biometrics and secret sharing | |
| Yuan et al. | Efficient privacy-preserving biometric identification in cloud computing | |
| Zhu et al. | An efficient and privacy-preserving biometric identification scheme in cloud computing | |
| US8474025B2 (en) | Methods and apparatus for credential validation | |
| Leng et al. | A remote cancelable palmprint authentication protocol based on multi‐directional two‐dimensional PalmPhasor‐fusion | |
| Zhao et al. | Negative iris recognition | |
| Leng et al. | Dual-key-binding cancelable palmprint cryptosystem for palmprint protection and information security | |
| Zhang et al. | PTBI: An efficient privacy-preserving biometric identification based on perturbed term in the cloud | |
| JP2000315999A (en) | Cryptographic key generating method | |
| JP2016508323A (en) | Method for authenticating encrypted data and system for authenticating biometric data | |
| Teoh et al. | Cancellable biometrics and user-dependent multi-state discretization in BioHash | |
| Torres et al. | Effectiveness of fully homomorphic encryption to preserve the privacy of biometric data | |
| CN116010917A (en) | Privacy-protected image processing method, identity registration method and identity authentication method | |
| ArunPrakash et al. | Biometric encoding and biometric authentication (BEBA) protocol for secure cloud in m-commerce environment | |
| Wang et al. | A novel template protection scheme for multibiometrics based on fuzzy commitment and chaotic system | |
| Chen et al. | A novel algorithm of fingerprint encryption using minutiae-based transformation | |
| Lei et al. | PRIVFACE: fast privacy-preserving face authentication with revocable and reusable biometric credentials | |
| CN115278673A (en) | Lightweight biometric authentication method and system based on joint biometric identification | |
| Verma et al. | A novel model to enhance the data security in cloud environment | |
| CN114065169B (en) | Privacy protection biometric authentication method and device and electronic equipment | |
| Wang et al. | Joint Biological ID: A Secure and Efficient Lightweight Biometric Authentication Scheme | |
| Kaur et al. | Remote multimodal biometric authentication using visual cryptography | |
| Hernández-Álvarez et al. | KeyEncoder: A secure and usable EEG-based cryptographic key generation mechanism |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |