RU2355307C2 - Method for personality authentication by fingerprints and device for its implementation - Google Patents

Abstract

FIELD: medicine.

SUBSTANCE: while forming biometrical template, check points are additionally used that cannot be found in all samples of fingerprint pattern. After designation of all check points and statistical features of an image, additional check points on surrounding areas are designated where image features are lacked. After detecting statistical parameters of surrounding areas, situation and parameters of all check points on expanded biometrical template obtained are stored. While performing authentication, lack of check points on fingerprint image under test is controlled in additional check points sites. From outside, or from internal randomiser, user personal code is generated, artificial neuron net associations are set, and neuron net is trained to transform the image parametres into the user personal code. After training, user personal code information and part of data in expanded biometrical template entry are erased. Device for implementation of the method consists of casing that contains: fingerprint image reader; processor unit; external communication port; first memory space and second memory space, inaccessible for external devices, where all the data stored, involved in image recognition by neuron net.

EFFECT: method and device increase reliability of biometrical personality authentication.

3 cl, 5 dwg

Description

The invention relates to techniques for automated identification of a person’s identity by his biometric image and can be used in voting, electronic purchases, authorization of electronic documents, in electronic passports and identity cards, while restricting access to information.

There is a method of identifying a person by drawing the lines of the skin on his finger [1], which consists in a single scan of the drawing of the lines of the skin, highlighting the special control points of the drawing according to GOST [2], remembering the location of the special control points of the picture in the form of a biometric template and then comparing the location of the special control points presented for identification of the pattern with their reference location in the previously memorized biometric template. Typically, a biometric pattern of fingerprint lines is drawn up as a list of special control points and a description of their relative position. To strengthen the method, it is customary to supplement special control points (breaks and merges of the lines of the figure) with statistical characteristics of the image surrounding them [3], for example, the angle of inclination of the lines of the figure and the distances to adjacent lines. Additional parameters characterizing the pattern in the area of each particular control point are also stored in the biometric template and then used when comparing the presented figure with the biometric template.

The first disadvantage of the method described above is the insufficiently high quality of biometric protection (the relatively high probability of a false refusal to “Own” the user to identify and the relatively high probability of missing the Alien). The relatively low quality of protection of the analogue method is due to the fact that real finger skin line pattern scanners introduce errors into the scanned image, some special control points may be omitted, and false special control points of the figure may appear (line breaks in the fingerprint picture and their merging).

The second disadvantage of the recognition method described above is the presence in the devices of a biometric template or reference pattern of a fingerprint. The presence of a biometric template in the software of fingerprint recognition devices does not allow reliable protection of programs from their modifications and does not allow anonymity of an identifiable person. Having gained access to the database of biometric templates of verified fingerprints, an attacker can replace them, and can also find out the names of people whose identification the system is trained. In a number of medical, social and commercial applications, the substitution of biometric templates and compromising the anonymity of users are unacceptable.

The method of restricting access to the protected system [4] is struggling with the first drawback noted above, according to which the biometric template is adjusted after each positive identification and thereby accumulate statistics on the appearance of one or another special control point in the identified figure. The second drawback is the weak security and the inability to ensure anonymity of the user, the method [4] does not eliminate.

Closest to the claimed method is a method of converting a fingerprint pattern into an access key [5]. This method boils down to multiple scanning of the fingerprint pattern, revealing all the features of the pattern (all control points), statistical estimation of the probability of occurrence of a particular control point, selecting only those special control points that are often found in the presented examples of scanned fingerprint drawings . Of the often appearing special control points, special biometric templates are formed in the form of special graphs. When authenticating a person, they verify that the obtained graph matches the list of parameters of the vertices of the reference graphs. Each reference graph (biometric template) is assigned its own PIN code, which is used later for authentication.

The prototype method [5] is devoid of the first and second disadvantages of the previously described analogues, however, it has a third serious disadvantage. By this method, it is necessary to take into account only the (statistically significant) special control points most often encountered in the examples (it is necessary to discard from 30 to 70% of the detected special control points with a probability of occurrence of 0.7 or lower), which significantly reduces the resistance of the authentication system to selection attacks. In accordance with table No. A3 of Appendix “A” to GOST [6], the resistance of a biometric authentication system to selection attacks is exponentially related to the number of special control points taken into account during authentication. Reducing the number of control points by 30-70% greatly weakens biometric protection. So, taking into account 32 control points, resistance to selection attacks

will be 10 ^11.2 , but if 50% of the control points are discarded, leaving only 16, then the resistance to selection attacks will decrease to 10 ^5.6 . There is an undesirable decrease in resistance to selection attacks by 10 ^4.6 times (resistance decrease by about 40,000 times).

Known devices for implementing various methods of biometric authentication. For example, the device [7] is made in the form of a separate housing having small dimensions. The device contains a fingerprint reader, a processor, a USB port for communicating with external devices, a first memory area available for external devices, and a second memory area not available for external devices. The main disadvantage of this device is that the biometric template of the authenticated finger is stored in the processor memory area inaccessible to external reading. This reduces security, possibly opening the case, physical access to memory with confidential biometric data. In addition, a software cracking of protection is likely by infecting the internal software with a virus that will automatically change the last bit of the decision rule. Then biometric data protection will start up all “Aliens” and stop “ours”.

The aim of the invention is to increase the reliability of biometric authentication of a person’s identity by increasing the resistance of device protection to attacks of selection, by improving the security of execution of programs that implement the proposed method, by ensuring the anonymity of the user using the proposed authentication method. Improving the reliability of biometric authentication, increasing the resistance of devices to attacks of selection, increasing the security of programs in these devices, ensuring user anonymity - all these are technical results that distinguish the proposed method and device from analogues and prototypes.

The proposed method of biometric authentication, when implemented in accordance with paragraph 1 of the claims, can greatly enhance the biometric protection and reliability of biometric authentication due to the fact that it can significantly increase the number of checkpoints taken into account in the biometric template of the authenticated fingerprint pattern.

The proposed method of biometric authentication, when implemented in accordance with paragraphs 1 and 2 of the claims, can further increase the security of using programs that implement them, and ensure the anonymity of the user.

The proposed implementation of the methods in the form of a device according to paragraphs 1, 2, 3 of the claims allows to achieve all of the above technical goals in the aggregate.

The essence of the invention according to paragraph 1 of the formula is to repeatedly read the pattern of the skin lines of the fingerprint and to highlight on the examples of this pattern the position of the special control points (merging points of two parallel papillary lines or break points of one papillary line). After highlighting special control points in each example of a fingerprint drawing, all available examples of drawings are combined with each other, achieving maximum coincidence of the previously identified special control points. In addition, the probability of the appearance of a particular control point in the figure is statistically evaluated and the pattern parameters in the areas surrounding each specific control point are statistically evaluated (the average slope of the lines in the area of the particular control point, the number of sweat glands in the control area, the distance between the ridges or troughs). After all the parameters of the special control points are determined, a biometric template is formed from them.

The difference between the proposed method and the prototype method is that when forming a biometric template, all identified control points are used, including special control points that are not found in all examples of fingerprint patterns. The authentication procedure for the presented fingerprint pattern is performed in the same way as in the analogous methods, that is, the coincidence of the identified special control points and their parameters with the special control points of the biometric template is checked. Usually, a positive authentication decision is made only if 80% of the identified special control points coincide with the special control points of the biometric template.

Another difference of the proposed method from analogue methods and the prototype method is that when forming a biometric template, additional control points are used that do not contain any features of the fingerprint drawing lines. They remember the coordinates of additional control points in the figure, in which there are no features, remember the parameters of the areas of the figure around additional control points, thereby forming an extended biometric template. When authenticating the verified fingerprint pattern, a positive decision is made only if no features are found in the additional control points of the extended biometric template, or these features are extremely few (no more than one or two features accidentally appeared). If one or two features are detected in additional control points of the extended biometric template, as well as in the case of a significant (more than 20%) discrepancy in the statistical parameters of the areas of the surrounding figure, a decision is made to refuse authentication.

The essence of the invention according to paragraph 2 of the formula is reduced to specifying the personal user code from outside or from an internal random number generator, then the connections of the artificial neural network are set so that all its inputs correspond to all control points of the authenticated fingerprint pattern, and all the outputs of the neural network correspond to the bits of a given previously personal user code. Connections within a neural network (connections between artificial neurons of different layers and connections of artificial neurons within one layer) can be specified in accordance with different algorithms, including those that can be specified randomly. After that, the formed network of artificial neurons is trained in such a way that each example of the fingerprint pattern used in the training gives a given personal user code (the requirement of GOST [6] is fulfilled). When training an artificial neural network, any of the known learning algorithms can be used [1], however, it is desirable to use one of the fast learning algorithms [8]. Learning neural networks with two, three layers of neurons with hundreds of inputs and hundreds of outputs using conventional algorithms takes too much time (tens and hundreds of hours of machine time).

After the artificial neural network is trained, according to the proposed method, it is necessary to destroy the information about the user's personal code (in the software implementation of the method, the specified personal code is erased and is not stored further). In addition, in the previously created expanded biometric template, most of the information characterizing the control points included in the biometric template is erased. Three to four special control points are left, and information about all other control points is destroyed. That is, the new extended secure biometric template consists of complete information about three to four special control points, and all other control points in the biometric template only information about the coordinates of the control point and its size (information about what type of this control point is and what are all its other parameters, according to the claimed method, are intentionally destroyed). Information about the trained neural network is stored in the form of a table of neuron connections in this network and in the form of a table of the values of these connections (weighting coefficients of neuron connections can be either positive or negative).

When authenticating the verified fingerprint pattern, this pattern is scanned, special control points are highlighted on it, the selected control points are combined with three or four saved points in the biometric template (so, in the biometric template of FIG. 4, 3 special control points are left to be combined with the pattern of checked patterns ) as in the prototype method, in accordance with the pre-distinctive part of the claimed claims. New in the proposed method is that during authentication an extended biometric template is used, referring to it, the coordinates and sizes of the control points contained in it are extracted from it, then the parameters of the authenticated pattern in each of the control points of the extended biometric template are determined. Next, the parameters of each control point are fed to the input of the neural network corresponding to this control point, and the neural network converts the input data into some output code. The output code of the neural network is fed to the inputs of the cryptographic authentication mechanism. If the output code received by the neural network corresponds to the user's personal code (for example, the user's PIN code), then the authentication cryptomechanism is triggered, issuing a positive authentication solution. If the output code of the neural network does not match the personal code of the user, then the authentication cryptomechanism gives a negative decision. According to the proposed method, any cryptographic authentication mechanism can be used [8], for example, the classic password authentication mechanism with the secure storage of confidential password information (PIN) in the form of the value of its hash function.

The proposed methods according to paragraph 1 and paragraph 2 of the claims can be implemented in the form of a special program or in the form of some software and hardware device. The highest level of security can only be ensured when the user carries the software and hardware device (the device is small) and its body contains a fingerprint reader, a processor, a communication port with external devices, and the first memory area available for external devices , and the second memory area, inaccessible to external devices.

A small-sized device is known, made in the form of a housing, in which a finger skin line pattern reader, a processor, a communication port with external devices, a first memory area accessible for external devices, and a second memory area inaccessible for external devices are placed. In this device, the processor and the second memory area, inaccessible to external devices, form a trusted computing environment in which the biometric data pre-processing unit is located, the first input of which is connected to the output of the finger skin line pattern reader, the output of the biometric data pre-processing unit is connected to the input of the storage unit examples of finger skin line patterns, the output of the storage unit of examples of finger skin line patterns is connected to the input of the biometric pattern forming unit lines of finger skin, the output of the template generation unit is connected to the input of the biometric template storage unit, the output of the biometric template storage unit is connected to the second input of the biometric data pre-processing unit, the above blocks are implemented in the computing environment formed by the processor and the second memory area, inaccessible to external devices .

The claimed positive effect is achieved by the fact that a neural network emulation unit, a storage unit for tables describing connections and parameters of neural networks, a neural network training unit, a cryptographic authentication mechanism implementation unit, a key generation unit are additionally introduced into the device, and the output of the storage unit for examples of finger skin line drawings is connected to the first input of the neural network emulation unit, the second input of the neural network emulation unit is connected to the output of the biometric data preprocessing unit, the third input of the block the neural network emulation is connected to the output of the storage unit of the connection tables and parameters of the neural network, the input of the storage unit of the connection tables and parameters of the neuron network is connected to the output of the neural network training unit, the output of the neural network emulation unit is connected to the first input of the neural network training unit and to the input of the cryptographic authentication mechanism, output The cryptographic authentication mechanism is connected to external devices through the first memory area and the communication port, the output of the key generation unit is connected to the second input m neurons of the neural network neurons learning unit learning neural network unit, a third input coupled to the first memory area accessible external devices.

According to paragraph 3 of the claims of the claimed invention, connections between units implementing additional neural network processing are new, and the fact that all operations on the neural network conversion of user biometrics into his personal PIN code must be carried out with accesses to the internal memory area inaccessible for external reading. An extended biometric template, a table describing the connections of a neural network and its weight coefficients should be located (located) only in the internal memory of the device, inaccessible to external reading. In a situation when the device does not work (stopped), the internal memory of the device (unlike the prototype) does not have a personal user code, and the extended biometric template stored in the internal memory cannot be used for neural network recovery of the user's personal code, since contains potentially dangerous details about the authenticated fingerprint. The data of the connection tables of the trained neural network and the table of the values of the parameters of these connections stored in the internal memory of the device cannot be used to restore the user's personal code unknown to the attacker.

Figure 1 shows an example of the relative positioning of a field of 7 special control points identified by examples of authenticated patterns with a high probability ranging from 1.0 to 0.7 (these special control points are present in 7 out of 10 examples of a scanned fingerprint).

Figure 2 shows an example of the mutual arrangement of the field of 18 special control points identified on the examples of authenticated patterns with high and low probability, ranging from 1.0 to 0.1. Additional special control points are present only in part of the training examples, including even additional special control points found in only one example, respectively, having a probability of 0.1 occurrence (found in only one example out of 10) are additionally taken into account. Special control points that appear with a high probability are shown in FIG. 2 by triangles with a dark fill color, special control points having a probability of occurrence less than 0.7 are displayed in FIG. 2 by triangles without a fill.

Figure 3 shows an example of the relative positioning of the field of 18 special control points, which are supplemented by 86 control points without any features of the fingerprint line pattern. Special control points appearing with a high probability in the figure are shown in FIG. 3 by triangles with a dark fill color, special control points having a probability of occurrence less than 0.7 are shown in FIG. 3 by triangles without filling. The location of the control points without features in figure 3 are displayed by circles without filling.

Figure 4 shows an example of the relative position of the field of 104 control points forming an advanced biometric template after removing most of the confidential biometric information from it. All biometric information, except for the location coordinates of 101 control points, is deleted. Control points with almost completely destroyed biometric information are shown in figure 4 by squares without filling. Three special control points that have a high probability of occurrence and which are left with full biometric information in the expanded biometric template are shown in Fig. 4 by triangles with dark shading.

Figure 5 shows a block diagram of an implementation of the proposed device, where a reader 1 of a finger skin line drawing, a biometric data pre-processing unit 2, a finger skin line drawing example storage unit 3, a finger skin line drawing pattern generating unit 4, a biometric template storage unit 5 , block 6 emulating a neural network, block 7 for storing tables for describing connections and parameters of connections of neurons in a neural network, block 8 for training neurons in a neural network, block 9 for implementing a cryptographic authentication mechanism, block 10 forms Nia key.

The proposed invention in part of paragraph 1 of the formula can be implemented when teaching a device (device program) using several examples (for example, 10 examples) of a certain fingerprint pattern that has 7 special control points encountered in the examples with a probability of 0.7 or higher (in 7 examples, 10). Figure 1 shows the relative position of these singular points. The selection of the 7 most probable special control points is carried out in the usual way in accordance with the recommendations of [3], that is, in all the examples all the special control points are found (breaks and line merges in the analyzed fingerprint examples). Next, three or four arbitrary special control points are selected and all examples of patterns are combined on them. After that, the probability of the appearance of one or another special control point is estimated, the special control points, the probability of occurrence of which is higher than 0.7, are the first to enter the initial biometric template. Further, for the implementation of the proposed method, three or four control points with a probability of occurrence close to unity are selected from the most frequently encountered special control points. According to the proposed method, these special control points are marked in a special way, they are placed first in the list of special control points, and then they never destroy their biometric information. These three to four special control points are further used to combine the special control points of the biometric template and the pattern presented for authentication.

Then, in the biometric template, all the special control points selected from the examples of drawings are entered, placing them in order of decreasing probability of their occurrence. Figure 2 shows the location of an additional 18 special control points, taking into account their probability of occurrence. In addition to the coordinates of the special control points, their other characteristics are recorded in the biometric template (the slope of the lines in the area of the special control point, the number of sweat glands in the control area, the distance between ridges or depressions, ...), each characteristic is entered in its own column in the table for the description of special control points.

The technical advantage of the proposed authentication method in comparison with the prototype is its use of a biometric template that takes into account all the special control points (the prototype methods and analogues are not able to take into account all the special control points, they cannot take into account special control points with a probability of occurrence below 0.7). According to the proposed method, the biometric template can be increased from 7 special control points to 18 special control points (figure 2).

After the formation of an extended biometric template that takes into account all the special control points, according to the proposed method, the obtained biometric template is expanded repeatedly. For this purpose, control points are distinguished without any features (these points can be selected randomly). They supplement the biometric template by entering their coordinates and other characteristics into it in the form of the average slope of the lines in the area of a particular control point (the number of sweat glands in the control area, the distance between ridges or depressions, ...). This situation is shown in FIG. 3, where the extended biometric template contains the coordinates of 104 control points.

All of the above procedures comply with paragraph 1 of the claims. This item solves the independent technical problem of forming an expanded biometric template, the dimensions of which are several times larger than the sizes of biometric templates of all currently known methods and devices for analyzing fingerprint patterns. It is known (see table No. A3 of Appendix “A” to GOST [6]) that the dimension of a biometric standard is exponentially related to the resistance of the system to selection attacks. In our case, analogue methods create a biometric template of 7 special control points, which ensures extremely low resistance to selection attacks. Table No. A3 of Appendix “A” to GOST [6] does not contain data for a template of 7 special points; this table begins with 16 special control points, the accounting of which ensures resistance to selection attacks of at least 10 ^5.3 attempts of selection. According to the proposed method, the advanced biometric template has 104 control points. This means that resistance to selection attacks increases many times. It is not possible to accurately assess the increase in resistance according to table No. A3 of Appendix A to GOST [6], since this table ends with templates with 38 control points that provide resistance to selection attacks of at least 10 ^13.3 attempts. In connection with the proposed invention, it was technically possible to create advanced biometric templates that take into account hundreds of control points, which, apparently, will require adjustment of table No. A3 of Appendix “A” to GOST [6] in the direction of its expansion. Presumably a biometric template of 104 control points should give resistance to selection attacks at the level of 10 ^36.4 attempts, but this data needs to be verified. Such an estimate was obtained by linear interpolation of the data in table A3 of the standard (104/38 = 2.74, i.e., the exponent should increase 2.74 times or 13.3 × 2.74 = 36.4).

The technical advantage of the proposed method in comparison with analogues is obvious. The prototype and analogues for the case under consideration give a very weak biometric template (7 special control points) with resistance to selection attacks of less than 10 ^5.3 attempts, and the proposed method gives an expanded stronger biometric template that takes into account 104 control points and provides increased resistance to selection attacks 10 ^31.1 times. Weak biometric protection when it is performed according to analogous methods becomes strong if it is performed according to the proposed method (paragraph 1 of the claims). According to the proposed method, a more detailed description of the figure occurs, not only those areas where there are features, but also those areas where there are no features of the fingerprint line pattern are described.

Authentication by the proposed method (paragraph 1 of the formula) is carried out in full accordance with the pre-distinctive part of paragraph 1 of the claims. On the presented fingerprint pattern, special control points are distinguished, then the pattern is rotated and moved so that the first three special control points of the extended biometric standard (see Fig. 4) coincide with the special points of the presented pattern. If it is possible by rotation and shifts to achieve the coincidence of the three or four first control points in the list of the extended biometric template with special control points of the figure, then authentication continues. The mismatch of the three or four first control points of the extended biometric template with special control points of the figure stops authentication, a negative authentication decision is made. Practice shows that usually it’s enough to save complete information about three control points in a biometric template, however, sometimes fingerprints are encountered, for which you have to save all the information about the first 4 most common control points in training examples. According to the proposed method of claim 1, the number of fully stored control points is not limited. The only condition is that the number of fully saved control points used to combine the template and the picture should be much less than the number of masked control points.

If the parameters of the three or four first control points of the biometric template coincide with the points of the figure, the parameters of all the other control points of the presented figure are checked and their values are compared with the parameters of the control points of the extended biometric template. With the coincidence of the parameters of 80% of the special control points of the presented figure with the first 18 special control points of the extended biometric template (figure 2), authentication continues. If there are less than 80% matches, then the authentication is stopped, a negative authentication decision is made. When authentication continues, all remaining control points of the extended biometric template are checked. The appearance of at least one feature of the pattern in 86 (see FIG. 3) additional control points leads to a negative authentication solution (there should be no pattern features at these points). The discrepancy in the parameters of the picture in the neighborhood is more

20% of additional milestones also result in a negative authentication decision. Even if there are no features of the pattern at 86 additional control points, significant discrepancies in the statistical parameters of the neighborhood of the figure at these control points with the parameters of the biometric template lead to a negative authentication solution.

The proposed invention in part of paragraph 2 of the formula can be implemented through receiving from outside or from an internal random number generator a personal user code. For example, let it be the binary code "10100 ...", consisting of 256 bits. Next, the neural network is connected with 101 inputs and 256 outputs (the number of inputs on the neural network is set equal to the number of masked control points in the extended biometric template, and the number of outputs on the neural network is set equal to the code length - 256). For this purpose, the last 101 control points in the extended biometric template are randomly mixed, thereby obtaining a new biometric template. In addition, the connections of the neural network are set so that the neurons take into account 32 parameters of the analyzed pattern. Internal connections of a neural network can be set randomly and fixed in a table describing the connections of a neural network. In this case, the neural network must have 256 outputs. The first output of the neural network should give the value “1” - the value of the first bit of the user's personal code, the second output of the neural network should give “0” - the value of the second bit of the personal code and so on. The last 256 output of the neural network should give the value of the last 256 bits of the user's personal code.

An untrained neural network cannot give the desired personal user code when presenting data of the analyzed pattern on its 101 input. To eliminate this, the neural network is trained according to one of the known algorithms of ordinary or fast learning [1, 2]. In this case, any training algorithm can theoretically be used, but in practice it is desirable to use fast learning algorithms [2]. After the training of the neural network, the data of each example of the fingerprint pattern “Own” gives the personal user code at the output of the neural network. Other random fingerprint patterns “Alien” give other random codes that differ from the personal code “Own”.

After training the neural network, a table of weights of the connections of the trained neural network is stored. Next, the data on the neural network is stored in the form of two tables (in the form of the first table of connections and in the form of a second table of values of these connections, which can be positive and negative and can vary in a certain range of values).

In order to secure the procedure for storing the extended biometric template in programs and devices according to paragraph 2 of the formula of the proposed invention, all 101 additional control points destroy biometric information (information about what type of this control point and what all its other parameters are intentionally destroyed by the claimed method) . Only information about the number of the control point in the previously mixed list and its coordinates is stored. This allows you to ensure the anonymity of the person who trained the authentication device program on his biometric image of the fingerprint. Even if an attacker gains access to an advanced biometric template, he will be able to identify only the first three to four distinct control points. This is not enough to accurately search for a person in large fingerprint databases.

When a person is authenticated, the fingerprint pattern is processed in accordance with paragraph 1 of the claims and the data corresponding to all 104 control points of the extended biometric standard is found on it. If three or four open control points (triangles in Fig. 3) coincide in the biometric template and the presented figure, then the data 101 of the control point of this figure is fed to the inputs of a previously trained neural network. Moreover, according to the tables of connections and parameters of the neural network, it is emulated programmatically and the output code of the neural network is obtained. This received code is fed to the inputs of the cryptographic authentication mechanism. If this mechanism works, then it gives a positive authentication solution (the user's personal code coincided with the output code of the neural network). If the output code of the neural network differs from the personal code of the user by at least one bit out of all 256 bits, then the authentication cryptomechanism does not work, which is equivalent to a negative authentication solution.

The technical advantage of the proposed method according to paragraph 2 of the claims is that the personal user code is not stored in devices and their programs. This code is generated only at the time of authentication and is destroyed after it. An attacker who gained access to information protection software cannot find the user's personal code there, he cannot restore the user's personal code using the extended biometric standard (the vast majority of biometric information is destroyed in it), and he cannot recover the personal code from the descriptive tables of the trained neural network.

The implementation of the device according to paragraph 3 of the formula is reduced to the creation of a device with small dimensions, moreover, a fingerprint reader 1, a processor, a communication port with external devices, a first memory area available for external devices, and a second memory area inaccessible should be placed in its body for external devices. In the trusted computing environment of the device, formed by the processor and the second memory area inaccessible to external devices, a block of preliminary processing of biometric data, a block 3 of storing examples of drawing patterns of the skin of the finger, a block 4 of forming a pattern of the pattern of the lines of the skin of the finger, a storage unit 5 of the biometric template should be placed , block 6 emulating a neural network, block 7 storing tables for describing connections and parameters of connections of neurons in a neural network, block 8 for training neurons in a neural network, block 9 for implementing the cryptographic mechanism afic authentication, key generation unit 10.

The output of the finger skin line pattern reader 1 is connected to the input of the biometric data pre-processing unit 2, the output of the biometric data pre-processing unit 2 is connected to the input of the finger skin line examples storing unit 3, the output of the finger skin line examples storing unit 3 is connected to the input of block 4 forming a biometric pattern of finger skin line patterns, the output of the template forming unit 4 is connected to the input of the biometric template storage unit 5, the output of the biometric template storage unit 5 it is connected to the second input of the biometric data preprocessing unit 2, the blocks listed above are implemented in the computing environment formed by the processor and the second memory area, inaccessible to external devices.

In addition, in the proposed device, a neural network emulation unit 6, a neural network connection description and parameter description block storage unit 7, a neural network training unit 8, a cryptographic authentication mechanism implementation unit 9, a key generation unit 10, and the output of the storage unit 3 of storing examples of finger skin line drawings are connected to the first input of the neural network emulation unit 6, the second input of the neural network emulation unit 6 is connected to the output of the biometric data preprocessing unit 2, the third input of the neural network emulation unit 6 is connected with the output of block 7 for storing tables of links and parameters of neural networks, the input of block 7 for storing tables of links and parameters of neural networks is connected to the output of block 8 of training neural networks, the output of block 6 of emulating neural networks is connected to the first input of block 8 of training the neural network and to the input of block 9 of cryptographic authentication mechanism, the output of block 9 of the cryptographic authentication mechanism is connected to external devices through the first memory area and the communication port, the output of the key generation unit 10 is connected to the second input of the block 8 training neuron neural network, the third input of block 8 training neuron neural network is connected to the first memory area available to external devices.

The reader 1 of the finger line pattern is made in the form of a standard microcircuit, which has a window on its body for reading the skin pattern of the finger pads and provides a digital image of the line pattern to the processor (an analog of the microcircuit used by the prototype [7]).

Block 2 of the preliminary processing of biometric data performs the selection of the lines of the drawing, the allocation of special points on the lines of the drawing, as well as rotation and displacement of the drawing to combine a predetermined number of points of the biometric template and the presented picture. A detailed description of the implementation of operations performed by block 2 is given in [3]. Block 2 is typical for all currently existing devices for authenticating a person according to the pattern of the skin lines of his finger.

Block 3 is implemented in the form of a memory fragment, where several examples of finger skin line drawings are stored on which the device is trained.

Block 4 of the formation of the pattern pattern of the skin lines of the fingerprint is implemented in accordance with the known principles of statistical data processing [3] for the prototype and analogues. Usually this block reveals the most common features of the fingerprint pattern, in our case, block 4, in accordance with claim 1 of the formula, forms an extended template consisting of all the identified features and additional control points without features.

An extended biometric template storage unit 5 is implemented in the form of a memory fragment.

Block 6 emulation of the neural network reproduces the responses of adders and nonlinear elements of neurons in accordance with the table of connections and their parameters, as well as in accordance with the input signals of neurons. Each neuron of the network is sequentially reproduced and its output state is calculated, which is stored and used for further calculations of the responses of the following neurons. An analog of this block can be considered the mathematical modeling environment MathCAD or MatLAB.

Block 7 storing the table of connections and parameters of neurons is a memory area allocated for storing data.

Block 8 training the neural network provides training (selection of the parameters of the neural network) so that the line pattern of the finger “Own” gives the user key code at the outputs of the neural network. In this case, a random image should give a random code at the outputs of the neural network. When implementing block 8, any learning algorithm can be used (for example, any algorithm implemented in the mathematical modeling environment of the MatLAB Neural Network Toolbox), however, all these learning algorithms are slow. To implement the proposed device, it is recommended to use domestic algorithms for the fast training of large and super-large neural networks with a large number of outputs and inputs, which are described in detail in [8].

Block 9 of the implementation of the cryptographic authentication mechanism can be built on any of the known mechanisms [9]. A password authentication mechanism with storing the password hash function can be used [9, p.141-144], a mechanism for generating an electronic digital signature [9, p.154-171], a “handshake” exchange mechanism [9, p.144-154 ], .... At the moment, there are several dozen of these cryptographic authentication mechanisms and their modifications.

The key generation block 10 is inherently a random number generator with an output rejection of possible weak keys having too long a series of ones or zeros [9, p.172-174].

The proposed device works as follows: when it is initialized, the user presents to the reader 1 of the finger skin line drawing the first example of his finger skin pattern. This example is processed by the biometric data preprocessing unit 2 and enters the storage unit 3 of the finger skin line drawing examples, the data from block 3 are sent to block 4, which forms the first complete biometric pattern template and enters it into block 5. From block 5, the first template is sent to block 2, which adjusts all the following examples of biometric images to the existing pattern of singular points by rotating the read pattern and shifting it. The user presents several examples of his biometric image of the skin of the finger, which are reduced to the existing template and stored in block 3. The data from block 3 are sent to block 4, which performs statistical processing of the identified features, selects several support features (in accordance with claim 1 of the formula ) and marks them in a special way. Further, these features are always present in the template in their full description and are used for operations of bringing the presented picture to the reference one by their rotation and shift by block 2 until the features of the presented picture are combined with the features of the original picture openly recorded in the template. In addition, block 4 selects and writes into the extended template the coordinates of the control points of examples where there are no features at all (in accordance with claim 1 of the formula).

After this, the learning process of the neural network is carried out, which is emulated sequentially by block 6. Before the learning process, the connections of neurons with the neural network and the parameters of these connections are randomly entered, which are entered by block 8 into block 7 of the storage table for descriptions of the connections and parameters of the neural network. Before the learning process, the user sets his authentication key from the outside through the third input of block 8 or the user sets a new key by running block 10, which transfers the new key to the second input of block 8 of training. At the initial moment of training, an untrained neural network gives random output codes when exposed to examples of “Own” block 3 images. In the process of learning a neural network, block 8 selects the link weights of block 7 so that examples of “Own” block 3 give the outputs of the neural network key code "Own". When using block 8 of fast learning algorithms [8], a relatively weak processor of a small-sized device provides training for a single-layer neural network with 416 inputs and 256 outputs in 5-10 minutes. When using a PC processor, the training time is reduced to 10-20 seconds. If you use slow algorithms, then the training time increases from 100 to 1000 times, which becomes inconvenient for the user.

After training the neural network (in accordance with clause 2 of the formula), almost all information in the biometric template is destroyed, leaving only complete information about three or four features used in rotating and shifting the presented images by block 2. In addition, information about the user's key and information about examples of his biometric image “Your” is erased in block 3. Before the information about the user key is deleted, the key code from the output of block 6 is sent to the input of block 9 and converted by block 9 into a secure authentication information formation (for example, hashed). Block 9 does not explicitly store the key, this block only stores secure authentication information about the user key.

Thus, after training, the device does not store the user's key in its memory, its biometric data in the form of examples of figures, and the user’s template is depersonalized and contains scant information about only three or four features (by truncated template, you cannot uniquely find the user in some template database, approximately 20-30% of the data in the database will coincide in three or four features after rotations and shifts of block 2).

Secure user authentication by the proposed device is as follows: the user puts his finger on the scanner 1. Scanner 1 transfers the data to block 2, which combines the open three or four singular points of the template with the points of the picture. Further, the data from the output of block 2 goes to the inputs of block 6, and this data comes in the form of a set of coordinates of control points from template 5 and what is actually found in the same coordinates of the analyzed figure. The inputs of the neural network are attached to the coordinates of the control points, to which the data of the figure analyzed by it is received. A neural network with the necessary connections and connection parameters stored in block 7 is sequentially emulated by block 8, at the outputs of which some code appears. This code goes to block 9 and starts the authentication mechanism. If the code matches the user key, then block 9 generates the correct authentication solution and issues it to the external environment. If the code is not correct, then the user must retry authentication.

If the correct user key code appears, he can carry out various operations with his code, such as: generate his electronic digital signature, encrypt and decrypt files on his key, make secure access to his personal resources in the Internet bank, safely carry out electronic transactions and purchases . After turning off the device, all information about the key and biometrics of the user is destroyed.

The software implementation of blocks 2, 3, 4, 5, 6, 7, 8, 9, 10 should be located in the second internal memory of the device, inaccessible to external devices. Including neural network links tables and neural network links parameters tables, an extended biometric template should be stored in memory inaccessible to external devices according to paragraph 3 of the formula. Training and authentication programs should be pre-researched and free of malicious viruses and bookmarks. When the device is operating, all information about biometrics, an extended biometric template, neural network tables, codes at the outputs of the neural network should not leave the memory area protected from external access.

When the program crashes in such devices, the data of the internal protected memory is erased (this is a common information security requirement). All this makes hardware-software devices a reliable repository of information.

In the event that such a keeper of information is lost, the attacker cannot extract the user's personal code from it, for example, to decrypt the files encrypted on it, stored in non-volatile memory accessible to external devices. Even if an attacker retrieves an advanced biometric user template, a neural network table from the device, he will not be able to recover the user's personal code from them. The user's personal code can only be obtained by the user by presenting his finger to the device. If this finger really belongs to the “Own” user, then the neural network will form the necessary personal user code at its outputs. Otherwise, presenting a random finger, a random code will appear at the output of the neural network.

The technical advantage of the device proposed in paragraph 3 of the device formula is the high resistance of biometric protection and the high reliability of storing personal biometric information and a user's personal access code in it. Even in the case of a professionally organized attack with physical access to protected memory, an attacker cannot restore a user's personal access code and gain access to someone else's encrypted information. An attacker also cannot inject a virus into the device’s processor, since the internal protected memory is programmatically inaccessible to external devices. Only the manufacturer's programs work in the protected memory area.

Literature

1. Ivanov A.I. Neural network algorithms for biometric personality identification. Book 15, series "Neurocomputers and their application", M .: Radio engineering, 2004, 144 S.

2. GOST R ISO / IEC 19794-2-2006, “Automatic identification. Biometric identification. Formats for the exchange of biometric data. Part 2: Fingerprint Image Data - Milestones ”

3. Maltoni D., Maio D., Jain K.A., Prabhakar S. Handbook of fingerprint recognition. - New York: Springer, 2003 .-- 348 p.

4. A way to restrict access to the protected system. Registration application No. 2005100235/09, application filing date - 2005.01.11, application publication date - 2006.06.20, name of the inventor - Anatoly A. Trusov, applicant name - Sonda Limited Liability Company (RU), correspondence address 456318, Chelyabinsk Region ., Miass, pr. October 21, LLC "Sonda".

5. RF patent No.RU 2267159 C2, IPC ⁷ G06K 9/46 “Method and system for generating a set of access key, as well as for authenticating a person based on its biometric parameter” priority from 05/09/2000 (claims 1-28) DE 10022570.5 , date of publication of the application 04/20/2004, published 12/21/2005. Bull. Number 36.

6. GOST R 52633-2006 “Protection of information. Information security technique. Requirements for highly reliable biometric authentication. ”

7. Eurasian patent No. EA 4262 B1 “Device and method for authentication based on biometric data”, IPC ⁷ G06K 9/00, patent publication date 02/26/04, priority 06/28/2001, SG PTC / SG 01/00134, applicant TRACK 2000 INTERNATIONAL LTD (SG), inventors Poo Teng Pin, Lim Lai Chuan (SG), patent attorney Medvedev V.N., Pavlovsky A.N. (RU).

8. Volchikhin V.I., Ivanov A.I., Funtikov V.A. Fast learning algorithms for neural network mechanisms of biometric-cryptographic information protection. Monograph. Penza - 2005. Publisher of Penza State University, 273 p.

9. Romanets Yu.V., Timofeev P.A., Shalygin V.F. Information security in computer systems and networks. M .: Radio and communication. - 1999

Claims (3)

1. A method of biometric authentication and training of a device for fingerprint recognition, including the formation of a biometric template by repeatedly reading the pattern of skin lines on the finger and highlighting the position of the control points of examples of line patterns on the skin, which are points of the pattern where there is a merger of two parallel papillary lines or break of one papillary line, as well as a statistical description of the area of the figure surrounding each control point, including an estimate of the average slope papillary lines in the area of the control point, the number of sweat glands in the control area, the distance between the crests or troughs of the lines, characterized in that when forming a biometric template, control points are used that are not found in all examples of fingerprint patterns, after all control points of the pattern and statistical features of the pattern of the areas surrounding them, additional control points are distinguished, where the features of the pattern are absent, and after revealing the statistical parameters of the regions, those who consume these points, remember the position and parameters of all control points of the obtained extended biometric template; during authentication, the absence of control points in the verified fingerprint at the locations of additional control points is checked. 2. The method according to claim 1, characterized in that the user’s personal code is set from outside or from the internal random number generator, the network of artificial neurons is connected, the inputs of which connect the control points highlighted in the figure corresponding to the extended biometric pattern with the outputs of the neural network, the number of outputs neural networks are set equal to the length of the user's personal code, then the neural network is trained to convert examples of finger skin line patterns into a given personal user code, after training, information about the line pattern is stored skin of a finger in the form of a table describing the connections of the neural network and in the form of a table of the values of these connections, then destroy all information about the user's personal code, in addition, in the description of the extended biometric pattern of the lines of the skin of the finger, most of the data characterizing the probability of occurrence in one or a different area of features of the authenticated drawing, they also destroy most of the information about the parameters of the drawing in the vicinity of the control points; during authentication, the data from the control points was presented This drawing of the lines of the skin of the finger is fed to the inputs of the neural network, and the output code of the previously trained neural network is fed to the inputs of the cryptographic authentication mechanism. 3. The device for implementing the methods according to claim 1 and 2, consisting of a housing in which a fingerprint reader is located, a processor, a communication port with external devices, a first memory area accessible to external devices and a second memory area inaccessible to external devices, characterized in that all the data associated with neural network recognition of the finger skin line pattern, including all tables describing the connections and parameters of the trained artificial neural network, is located in the second memory area, inaccessible to external constructions.

Images