WO2008122236A1 - Method, device and system for protecting biometric feature data - Google Patents

Method, device and system for protecting biometric feature data Download PDF

Info

Publication number
WO2008122236A1
WO2008122236A1 PCT/CN2008/070662 CN2008070662W WO2008122236A1 WO 2008122236 A1 WO2008122236 A1 WO 2008122236A1 CN 2008070662 W CN2008070662 W CN 2008070662W WO 2008122236 A1 WO2008122236 A1 WO 2008122236A1
Authority
WO
WIPO (PCT)
Prior art keywords
biometric
key
biometric data
user
data
Prior art date
Application number
PCT/CN2008/070662
Other languages
French (fr)
Chinese (zh)
Inventor
Quan Feng
Hongwei Liu
Fei Su
Jiwei Wei
Original Assignee
Huawei Technologies Co., Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co., Ltd. filed Critical Huawei Technologies Co., Ltd.
Publication of WO2008122236A1 publication Critical patent/WO2008122236A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Definitions

  • the present invention relates to the field of identification technologies, and in particular, to a method, device and application for protecting biometric data. Background of the invention
  • Biometric authentication is an effective method of identity authentication. This method usually relies on the biometric samples provided by the user on site and the biometric templates generated during the registration phase. If they match, the user identity is confirmed.
  • biometric In addition to the reliability of the biometric authentication technology itself, the key factor affecting its large-scale application is security. Among several security-related issues, the protection of biometric templates is an extremely important issue. It can be said that it is biometric. The basis of security.
  • the biometric template can be protected by using a traditional encryption method.
  • the security of the biometric template depends on the security of the encryption key.
  • the key is encrypted by the user password.
  • simple passwords are easy to guess, complex passwords are difficult to remember, and passwords are not non-repudiation, which is very disadvantageous in the case of using key signatures. Therefore, the method of protecting the biometric template by using the traditional encryption method still has a large security risk.
  • Embodiments of the present invention provide a method, device, and application for protecting biometric data, by encrypting biometric data by using a traditional key, and binding the traditional key and the biometric data of the user to generate the encrypted biometric.
  • the bio-key corresponding to the data achieves the purpose of improving the security and reliability of biometric data protection, and at the same time improves the security and reliability of biometric authentication.
  • the embodiment of the invention provides a method for protecting biometric data, including:
  • the encrypted biometric data is decrypted using the recovered key to obtain biometric data.
  • the method for biometric authentication provided by the embodiment of the invention includes: Encrypting biometric data with a key to generate encrypted biometric data;
  • the encrypted biometric data is decrypted by using the recovered key to obtain biometric data; the biometric sample of the user is matched with the biometric data, and when the matching is correct, the user identity is confirmed.
  • An encrypted biometric data generating unit configured to encrypt user biometric data by using a key to generate encrypted biometric data
  • a biometric key generating unit configured to generate biometric data of the user according to the biometric data of the user, and bind the key to biometric data of the user to generate a biometric corresponding to the encrypted biometric data. key.
  • biometric key processing unit for recovering a key from a biometric key using a biometric sample of the user; an encrypted biometric data processing unit for encrypting the biometric using the key pair recovered from the biometric key processing unit The feature data is decrypted to obtain biometric data.
  • a registration unit configured to encrypt user biometric data by using a key, generate encrypted biometric data, generate biometric data of the user according to the biometric data of the user, and generate the key with the user's biometric Binding the characteristic data to generate a biometric key corresponding to the encrypted biometric data; storing the generated encrypted biometric data and the biometric key;
  • a decryption unit configured to recover the key from the biometric key by using the biometric sample of the user; and decrypt the encrypted biometric data by using the recovered key to obtain biometric data.
  • a registration unit configured to encrypt user biometric data by using a key, generate encrypted biometric data, generate biometric data of the user according to the biometric data of the user, and generate the key with the user's biometric Binding the characteristic data to generate a biometric key corresponding to the encrypted biometric data; storing the generated encrypted biometric data and the biometric key; a decryption unit, configured to recover a key from the biometric key by using the biometric sample of the user; and decrypt the encrypted biometric data by using the recovered key to obtain biometric data;
  • the identification unit is configured to match the biometric sample of the user with the biometric data, and confirm the identity of the user when the matching is correct.
  • the embodiments of the present invention provide a method and a device for protecting biometric data by encrypting biometric data by using a traditional key, and using the traditional key and the user's biometric data. Binding together to generate the biometric key corresponding to the encrypted biometric data, thereby achieving the purpose of improving the security and reliability of the biometric data protection, and improving the security and reliability of the biometric authentication.
  • FIG. 1 is a schematic flowchart of a method for protecting biometric data according to an embodiment of the present invention
  • FIG. 2 is a schematic flowchart of a method for protecting biometric data according to still another embodiment of the present invention.
  • FIG. 3 is a schematic flowchart of a method for biometric authentication according to an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of a biometric data protection apparatus according to an embodiment of the present invention.
  • FIG. 5 is a schematic structural diagram of a biometric data protection apparatus according to still another embodiment of the present invention.
  • FIG. 6 is a schematic structural diagram of a biometric data protection system according to an embodiment of the present invention.
  • FIG. 7 is a schematic structural diagram of a system for biometric authentication according to an embodiment of the present invention. Mode for carrying out the invention
  • the method for protecting the biometric data according to the embodiment of the present invention is described. Specifically, the application of the biometric data protection method in the biometric template in the embodiment of the present invention is described in detail.
  • the method in the embodiment of the present invention is as shown in FIG. 1 , and specifically includes the following steps:
  • Encrypting the biometric data in the biometric template to generate the encrypted biometric data, and the biometric template storing the encrypted biometric data may be referred to as an encryption template;
  • the feature points may be referred to as biometric data; binding the key KEY used in the encryption technology to the biometric data to obtain binding information; using the fuzzy vault method
  • the interference information is added to the binding information, that is, the biometric data is hidden in a group of random interference data to generate a biometric key;
  • the generated biokey and encryption template are stored in the same biometric certificate.
  • the feature point (ie, biometric data) selected from the biometric data may be a fingerprint minutiae point
  • the biometric template is a fingerprint template
  • the biometric key is a fingerprint key
  • the cryptographic technology is used to encrypt the minutiae in the fingerprint template.
  • the fingerprint template obtained by the encryption may be referred to as an ciphering template, and the ciphering template is stored in the biometric certificate, and the biometric certificate may be stored in the server. It can also be distributed to the user and saved by the user; the encryption technology refers to a key generated by the user password or the encryption system, the specific process of generating the key KEY, and the specific process of encrypting the fingerprint template by using the key. There are mature solutions in the technology, so I will not repeat them here.
  • the minutiae point refers to the tip point or the bifurcation point in the fingerprint
  • the tip point refers to the end point of a stripe line
  • bifurcation Point refers to a point where a stripe line branches into two branches.
  • the tip or minutiae point can be represented by a triplet ( ⁇ , ⁇ , ⁇ ), where ⁇ is the plane coordinate of the location of the minutiae point, and 0 is the direction of the minutiae point, ie the direction of the associated ridge.
  • the plane coordinates of the minutiae point can be used for binding, or the triad coordinates can be used for binding. The following is only a plane coordinate as an example to illustrate the specific binding process.
  • the key KEY and the fingerprint minutiae point may be bound by using a multivariate linear function.
  • a multivariate linear function of 9 variables can be used:
  • Combine " ⁇ « 8 into a 128-bit number string KEYC aoai... ⁇ , and calculate the CRC-16 value C of the string KEYC, which is a 16-bit check value, let a 8 :.
  • Mod ( ⁇ means to modulate the multivariate function value, p is the closest to 2 16 -1, but is greater than one of its prime numbers, which is 65537.
  • VL ⁇ ( v 0 ,w 0 ), ⁇ (vi,wi), ..., (VM + NI,WM + NI) ⁇ .
  • VL is a new, protected fingerprint key obtained by the Fuzzy vault method, which is stored Go to the same biometric certificate that holds the encryption template above.
  • a further embodiment of the present invention provides a method for protecting biometric data, which is specifically described in the application of the biometric data protection method according to the embodiment of the present invention.
  • the method in the embodiment of the present invention specifically includes the following steps:
  • Binding information is obtained by binding the biometric sample of the user and the biometric key
  • biometric data protection method according to another embodiment of the present invention in the biometric template will be described in detail below by taking the fingerprint in the biometric as an example.
  • the KEY can be recovered from the binding information.
  • the user provides a fingerprint sample on the spot.
  • the query detail point set Q, Q ⁇ (x g o, y g o)
  • the query detail point set Q, Q ⁇ (x g o, y g o)
  • ⁇ * is the total number of minutiae points in Q, usually ⁇ * ⁇ .
  • the plane coordinates JC and y of the minutiae points are mapped to [0, 255] as well.
  • R e has K points, usually K ⁇ N * « V + M, which can greatly narrow the search range when recovering the key.
  • K should have at least 9 points.
  • false points are mixed into R G , because usually the live fingerprint and the template fingerprint are only partially overlapping, and there is noise, so the points in Q and the points in set F only partially match.
  • Those mismatched points in Q may still find the paired points from the interference set C, and these points do not help to reconstruct the key.
  • Wi adoMi,o+adiMi,i+ ... +adiowi,7+adiiwi, 8 mod( )
  • fl d T fl T . It can be verified by CRC test whether fl d T is true. Connect a d o, a d i, d7 in series to form a 128-bit string KEYC*, and calculate its CRC-16 value. If the value is exactly equal to a d8 , then (v., w 0 ), ... , ( v 8 , w 8 ) has a very high probability of belonging to G, and has a very high probability equal to fl T .
  • the CRC is just a method of error detection. It does not reveal any information about the key KEY itself. Without the actual live sample condition, the attacker cannot directly use the CRC check to unlock the Finger vault.
  • the encryption template is decrypted by using the key KEY to obtain a fingerprint template.
  • the fingerprint template is matched with the fingerprint sample provided by the user on the site to complete the authentication process.
  • the above method is described by taking a key generated by a symmetric encryption algorithm as an example, that is, the encryption key and the decryption key use the same key, and the embodiment of the present invention is also applicable to the non-pairing encryption algorithm, gP,
  • the biometric data in the biometric template is encrypted by using the encryption key, and then the decryption key is matched with the selected fingerprint detail point.
  • the decryption key recovered from the biometric key template is used. The fingerprint details are restored, and the other processing is similar to the method described above, and will not be described here.
  • the embodiment of the present invention can also bind the user's secret to the key.
  • the user's secret is S
  • the present invention also provides a method for performing biometric authentication by using the above-mentioned biometric data protection method. As shown in FIG. 3, the method includes:
  • the biometric data in the biometric template is encrypted by using an encryption technology to generate encrypted biometric data, and the biometric template may be referred to as an encryption template at this time; the key and the biometric in the encryption technology are The biometric data selected in the template is bound to generate a biometric key; the biometric key and the encrypted template are stored in the same biometric certificate;
  • the user's biometric sample is used to recover the biometric data bound to the key from the biometric key, and the key is recovered; and the encrypted template is decrypted by the recovered key to obtain the biological Characteristic data
  • the biometric samples of the user are matched with the biometric data.
  • the matching is correct, the user identity is confirmed. Since the specific matching process has a mature solution, it will not be described here.
  • the protection device for biometric data according to the embodiment of the present invention will be described in detail below.
  • the protection device for the biometric template includes:
  • the encrypted biometric data generating unit is configured to encrypt the biometric data in the biometric template by using an encryption technology to generate the encrypted biometric data, and the biometric template storing the encrypted biometric data may be referred to as encryption.
  • the algorithm used by the encryption technology may be a symmetric encryption algorithm or an asymmetric encryption algorithm;
  • a biometric key generating unit configured to bind a key in the encryption technology to the biometric data of the user by using a multivariate linear function to generate a biometric key;
  • the biometric data may be biometric data from the biometric template Multiple feature points selected in the image, for example, fingerprint detail points.
  • the device also includes:
  • a biometric certificate storage unit configured to store an encryption template obtained from the encrypted biometric data generating unit and a biometric key obtained from the biometric key generating unit, where the biometric credential storage unit is located in the server or at the user equipment .
  • the biometric key generating unit may specifically include:
  • the binding module is configured to bind the key to the biometric data by using a multivariate linear function to generate binding information, where the binding process has been described in detail in the method, and is not described herein again;
  • the interference module is configured to protect the binding information by using a Fuzzy vault method, that is, adding interference information to the binding information to generate a biometric key.
  • the protection device for biometric data according to still another embodiment of the present invention will be described in detail below.
  • the protection device of the biometric data specifically includes:
  • a bio-key processing unit for recovering a key from a bio-key by solving a multivariate linear function using a biometric sample of the user
  • the encrypted biometric data processing unit is configured to decrypt the encrypted biometric data by using the key recovered by the biometric key processing unit to obtain biometric data.
  • the biometric key processing unit may specifically include:
  • the interference cancellation module is configured to: when the interference information is added to the biometric data with the key bound by using the Fuzzy vault method, the interference cancellation module is configured to recover the binding information from the biometric key;
  • Unbinding module recovers the key from the binding information by solving the multivariate linear function.
  • the embodiment of the present invention further provides a protection system for the biometric data, as shown in FIG. 6 , which specifically includes: a registration unit, configured to encrypt biometric data in a biometric template by using an encryption technology to obtain an encrypted biometric
  • the feature data, the biometric template storing the encrypted biometric data may be referred to as an encryption template;
  • the algorithm used by the encryption technology may be a symmetric encryption algorithm or an asymmetric encryption algorithm; Binding the key in the encryption technology to the biometric data of the user by using a multivariate linear function to generate a biometric key; storing the obtained encryption template and the biometric key;
  • the decryption unit recovers the key from the biometric key by solving the multivariate linear function by using the biometric sample of the user; and then decrypting the encrypted template by using the key to obtain biometric data in the biometric template.
  • the embodiment of the present invention further provides a system for biometric authentication.
  • the biometric authentication system may include:
  • a registration unit configured to encrypt the biometric template by using an encryption technology to generate an encryption template;
  • the algorithm used by the encryption technology may be a symmetric encryption algorithm or an asymmetric encryption algorithm; and the registration unit uses a multivariate linear function to encrypt The key in the technology is bound to the biometric data of the user to generate a biometric key; the obtained encryption template and the biometric key are stored;
  • the decryption unit recovers the key from the biometric key by solving the multivariate linear function by using the biometric sample of the user; and then decrypting the encrypted template by using the key to obtain biometric data in the biometric template.
  • the identity unit is responsible for matching the biometric sample of the user with the biometric data in the biometric template, and confirming the identity of the user when the matching is correct.
  • the embodiment of the present invention encrypts a fingerprint template by using a key, and then binds the key and the fingerprint detail point by using a multivariate linear function.
  • the authentication only the user needs to provide the on-site sample feature.
  • the key is restored to decrypt the biological template for more precise comparison, thereby improving the security and reliability of the fingerprint template protection.
  • the embodiment of the present invention only uses the application of the biometric data protection method on the biometric template as an example, and specifically uses the fingerprint in the biometric as an example to illustrate the protection method and application of the fingerprint template.
  • the embodiment of the present invention is also applicable to the biometric template protection to other biometrics other than fingerprints, such as iris, palm print, voice, etc., and the implementation process is similar to the method described above;
  • the embodiment of the present invention can be applied to all scenarios that need to protect the biometric data in addition to the protection of the biometric template. In this case, only a slight change can be implemented in the embodiment of the present invention. I won't go into details.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Collating Specific Patterns (AREA)

Abstract

A method, a device and a system for protecting a biometric feature template are provided, which belong to the recognition field, wherein the method includes: encrypting a user biometric feature data by using a key, and generating the encrypted biometric feature data; binding the data of the user biometric characteristic with the key, and generating a biometric key corresponding to the encrypted biometric feature data. The present invention encrypts the biometric feature data by using a conventional key, binds the data of the user biometric characteristic with the conventional key, and generates the biometric key corresponding to the encrypted biometric feature data; thereby the security and the reliability of the biometric feature data protection could be improved, meanwhile, the security and the reliability of the biometric certification could be improved as well.

Description

一种生物特征数据的保护方法、 装置及系统 技术领域  Method, device and system for protecting biometric data
本发明涉及识别技术领域, 尤其涉及生物特征数据的保护方法、 装置及应用。 发明背景  The present invention relates to the field of identification technologies, and in particular, to a method, device and application for protecting biometric data. Background of the invention
生物认证是一种有效的身份认证方法,这种方法通常是依靠用户现场提供的生物特 征样本和注册阶段生成的生物特征模板进行对比, 如果相符, 就确认用户身份。  Biometric authentication is an effective method of identity authentication. This method usually relies on the biometric samples provided by the user on site and the biometric templates generated during the registration phase. If they match, the user identity is confirmed.
但目前除生物认证技术本身的可靠性外, 影响其大规模应用的关键因素是安全性, 在若干安全相关的问题中, 生物特征模板的保护是一个极其重要的议题, 可以说它是生 物认证安全的基础。  However, in addition to the reliability of the biometric authentication technology itself, the key factor affecting its large-scale application is security. Among several security-related issues, the protection of biometric templates is an extremely important issue. It can be said that it is biometric. The basis of security.
现有技术中可以使用传统加密方法对生物特征模板进行保护,在这种方法中,生物 特征模板的安全取决于加密密钥的安全性,而通常情况下,密钥是靠用户口令来加密的, 然而简单口令容易被猜测, 复杂口令难以记住, 而且口令不具备抗抵赖性, 这在使用密 钥签名的场合非常不利。 所以这种利用传统加密方法对生物特征模板进行保护的方法, 仍然存在较大的安全隐患。 发明内容  In the prior art, the biometric template can be protected by using a traditional encryption method. In this method, the security of the biometric template depends on the security of the encryption key. Generally, the key is encrypted by the user password. However, simple passwords are easy to guess, complex passwords are difficult to remember, and passwords are not non-repudiation, which is very disadvantageous in the case of using key signatures. Therefore, the method of protecting the biometric template by using the traditional encryption method still has a large security risk. Summary of the invention
本发明实施例提供一种生物特征数据的保护方法、装置及应用,通过利用传统密钥 加密生物特征数据, 并将传统密钥和用户的生物特性数据绑定在一起, 生成所述加密生 物特征数据对应的生物密钥, 从而达到提高生物特征数据保护的安全性和可靠性的目 的, 同时提高了生物认证的安全性和可靠性。  Embodiments of the present invention provide a method, device, and application for protecting biometric data, by encrypting biometric data by using a traditional key, and binding the traditional key and the biometric data of the user to generate the encrypted biometric. The bio-key corresponding to the data achieves the purpose of improving the security and reliability of biometric data protection, and at the same time improves the security and reliability of biometric authentication.
本发明实施例提供了一种生物特征数据的保护方法, 包括:  The embodiment of the invention provides a method for protecting biometric data, including:
利用密钥对用户生物特征数据进行加密, 生成加密生物特征数据;  Encrypting user biometric data by using a key to generate encrypted biometric data;
根据所述用户生物特征数据生成所述用户的生物特性数据;  Generating biometric data of the user according to the biometric data of the user;
将所述密钥与所述用户的生物特性数据进行绑定,生成所述加密生物特征数据对应 的生物密钥。  Binding the key to the biometric data of the user to generate a biometric key corresponding to the encrypted biometric data.
本发明实施例提供的生物特征数据的保护方法, 包括:  The method for protecting biometric data provided by the embodiment of the invention includes:
利用用户的生物特征样本, 从生物密钥中恢复出密钥;  Recovering the key from the biometric key using the user's biometric sample;
利用所述恢复出来的密钥对加密生物特征数据进行解密, 得到生物特征数据。 本发明实施例提供的生物认证的方法, 包括: 利用密钥对生物特征数据进行加密, 生成加密生物特征数据; The encrypted biometric data is decrypted using the recovered key to obtain biometric data. The method for biometric authentication provided by the embodiment of the invention includes: Encrypting biometric data with a key to generate encrypted biometric data;
根据所述用户生物特征数据生成所述用户的生物特性数据;  Generating biometric data of the user according to the biometric data of the user;
将所述密钥与所述生物特性数据进行绑定, 生成生物密钥;  Binding the key to the biometric data to generate a biometric key;
将所述加密生物特征数据和所述生物密钥存放到同一生物证书中;  Depositing the encrypted biometric data and the biometric key into the same biometric certificate;
利用用户的生物特征样本, 从生物密钥中恢复出密钥;  Recovering the key from the biometric key using the user's biometric sample;
利用所述恢复出来的密钥对加密生物特征数据进行解密, 得到生物特征数据; 将用户的生物特征样本与所述生物特征数据进行匹配, 当匹配正确时,确认用户身 份。  The encrypted biometric data is decrypted by using the recovered key to obtain biometric data; the biometric sample of the user is matched with the biometric data, and when the matching is correct, the user identity is confirmed.
本发明实施例提供的生物特征数据的保护装置, 包括:  The protection device for biometric data provided by the embodiment of the invention includes:
加密生物特征数据生成单元,用于利用密钥对用户生物特征数据进行加密,生成加 密生物特征数据;  An encrypted biometric data generating unit, configured to encrypt user biometric data by using a key to generate encrypted biometric data;
生物密钥生成单元,根据所述用户生物特征数据生成所述用户的生物特性数据,将 所述密钥与所述用户的生物特性数据进行绑定,生成所述加密生物特征数据对应的生物 密钥。  a biometric key generating unit, configured to generate biometric data of the user according to the biometric data of the user, and bind the key to biometric data of the user to generate a biometric corresponding to the encrypted biometric data. key.
本发明实施例提供的生物特征数据的保护装置, 包括:  The protection device for biometric data provided by the embodiment of the invention includes:
生物密钥处理单元, 用于利用用户的生物特征样本, 从生物密钥中恢复密钥; 加密生物特征数据处理单元,用于利用所述从生物密钥处理单元恢复出来的密钥对 加密生物特征数据进行解密, 得到生物特征数据。  a biometric key processing unit for recovering a key from a biometric key using a biometric sample of the user; an encrypted biometric data processing unit for encrypting the biometric using the key pair recovered from the biometric key processing unit The feature data is decrypted to obtain biometric data.
本发明实施例提供的生物特征数据的保护系统, 包括:  The protection system for biometric data provided by the embodiment of the invention includes:
注册单元, 用于利用密钥对用户生物特征数据进行加密, 生成加密生物特征数据, 根据所述用户生物特征数据生成所述用户的生物特性数据,并将所述密钥与所述用户的 生物特性数据进行绑定, 生成所述加密生物特征数据对应的生物密钥; 将生成的所述加 密生物特征数据和生物密钥进行存储;  a registration unit, configured to encrypt user biometric data by using a key, generate encrypted biometric data, generate biometric data of the user according to the biometric data of the user, and generate the key with the user's biometric Binding the characteristic data to generate a biometric key corresponding to the encrypted biometric data; storing the generated encrypted biometric data and the biometric key;
解密单元, 用于利用用户的生物特征样本, 从生物密钥中恢复出密钥; 并利用所述 恢复出来的密钥对加密生物特征数据进行解密, 得到生物特征数据。  And a decryption unit, configured to recover the key from the biometric key by using the biometric sample of the user; and decrypt the encrypted biometric data by using the recovered key to obtain biometric data.
本发明实施例提供的生物认证的系统, 包括:  The system for biometric authentication provided by the embodiment of the invention includes:
注册单元, 用于利用密钥对用户生物特征数据进行加密, 生成加密生物特征数据, 根据所述用户生物特征数据生成所述用户的生物特性数据,并将所述密钥与所述用户的 生物特性数据进行绑定, 生成所述加密生物特征数据对应的生物密钥; 将生成的所述加 密生物特征数据和生物密钥进行存储; 解密单元, 用于利用用户的生物特征样本, 从生物密钥中恢复出密钥; 并利用所述 恢复出来的密钥对加密生物特征数据进行解密, 得到生物特征数据; a registration unit, configured to encrypt user biometric data by using a key, generate encrypted biometric data, generate biometric data of the user according to the biometric data of the user, and generate the key with the user's biometric Binding the characteristic data to generate a biometric key corresponding to the encrypted biometric data; storing the generated encrypted biometric data and the biometric key; a decryption unit, configured to recover a key from the biometric key by using the biometric sample of the user; and decrypt the encrypted biometric data by using the recovered key to obtain biometric data;
身份识别单元:用于将用户的生物特征样本与所述生物特征数据进行匹配, 当匹配 正确时, 确认用户身份。  The identification unit is configured to match the biometric sample of the user with the biometric data, and confirm the identity of the user when the matching is correct.
由上述本发明实施例提供的技术方案可以看出,本发明实施例提供了生物特征数据 的保护方法和装置, 通过利用传统密钥加密生物特征数据, 并将传统密钥和用户的生物 特性数据绑定在一起, 生成所述加密生物特征数据对应的生物密钥, 从而达到提高生物 特征数据保护的安全性和可靠性的目的, 同时提高了生物认证的安全性和可靠性。 附图简要说明  It can be seen from the technical solutions provided by the foregoing embodiments of the present invention that the embodiments of the present invention provide a method and a device for protecting biometric data by encrypting biometric data by using a traditional key, and using the traditional key and the user's biometric data. Binding together to generate the biometric key corresponding to the encrypted biometric data, thereby achieving the purpose of improving the security and reliability of the biometric data protection, and improving the security and reliability of the biometric authentication. BRIEF DESCRIPTION OF THE DRAWINGS
图 1为本发明实施例所述生物特征数据的保护方法的流程示意图;  1 is a schematic flowchart of a method for protecting biometric data according to an embodiment of the present invention;
图 2为本发明又一实施例所述生物特征数据的保护方法的流程示意图;  2 is a schematic flowchart of a method for protecting biometric data according to still another embodiment of the present invention;
图 3为本发明实施例所述生物认证的方法的流程示意图;  3 is a schematic flowchart of a method for biometric authentication according to an embodiment of the present invention;
图 4为本发明实施例所述生物特征数据的保护装置的结构示意图;  4 is a schematic structural diagram of a biometric data protection apparatus according to an embodiment of the present invention;
图 5为本发明又一实施例所述生物特征数据的保护装置的结构示意图;  FIG. 5 is a schematic structural diagram of a biometric data protection apparatus according to still another embodiment of the present invention; FIG.
图 6为本发明实施例所述生物特征数据的保护系统的结构示意图;  6 is a schematic structural diagram of a biometric data protection system according to an embodiment of the present invention;
图 7为本发明实施例所述生物认证的系统的结构示意图。 实施本发明的方式  FIG. 7 is a schematic structural diagram of a system for biometric authentication according to an embodiment of the present invention. Mode for carrying out the invention
下面结合附图对本发明实施例所述方法、 装置及系统进行详细阐述。  The method, device and system of the embodiments of the present invention are described in detail below with reference to the accompanying drawings.
首先对本发明实施例所述生物特征数据的保护方法进行说明,具体以本发明实施例 所述生物特征数据保护方法在生物特征模板中的应用进行详细阐述。  First, the method for protecting the biometric data according to the embodiment of the present invention is described. Specifically, the application of the biometric data protection method in the biometric template in the embodiment of the present invention is described in detail.
本发明实施例所述方法如图 1所示, 具体包括以下步骤:  The method in the embodiment of the present invention is as shown in FIG. 1 , and specifically includes the following steps:
利用加密技术对生物特征模板中的生物特征数据进行加密, 生成加密生物特征数 据, 此时可以将所述存储有加密生物特征数据的生物特征模板称为加密模板;  Encrypting the biometric data in the biometric template to generate the encrypted biometric data, and the biometric template storing the encrypted biometric data may be referred to as an encryption template;
从生物特征数据中选取多个特征点, 这些特征点可以称为生物特性数据; 将加密技术中采用的密钥 KEY与所述生物特性数据进行绑定, 得到绑定信息; 利用 Fuzzy vault方法在所述绑定信息中加入干扰信息, 即将所述生物特征性数据隐 藏在一群随机干扰数据中, 生成生物密钥;  Selecting a plurality of feature points from the biometric data, the feature points may be referred to as biometric data; binding the key KEY used in the encryption technology to the biometric data to obtain binding information; using the fuzzy vault method The interference information is added to the binding information, that is, the biometric data is hidden in a group of random interference data to generate a biometric key;
将生成的生物密钥和加密模板存放在同一生物证书中。  The generated biokey and encryption template are stored in the same biometric certificate.
下面以生物特征中的指纹为例,对本发明实施例所述生物特征数据的保护方法在生 物特征模板中的应用进行举例说明。在这里, 所述从生物特征数据中选取出来的特征点 (即生物特性数据)可以为指纹细节点, 所述生物特征模板为指纹模板, 所述生物密钥 为指纹密钥。 The following takes the fingerprint in the biometric as an example to protect the biometric data in the embodiment of the present invention. The application in the feature template is illustrated. Here, the feature point (ie, biometric data) selected from the biometric data may be a fingerprint minutiae point, the biometric template is a fingerprint template, and the biometric key is a fingerprint key.
首先,利用加密技术对指纹模板中的细节点进行加密,加密后得到的指纹模板可以 称为加密模板, 并将所述加密模板存储到生物证书中, 所述生物证书可以在服务器中集 中存放, 也可以发放给用户, 由用户保存; 所述加密技术是指通过用户口令或加密系统 产生一个密钥,对于密钥 KEY的具体生成过程和利用密钥对指纹模板进行加密的具体过 程, 由于现有技术中已有成熟解决方案, 这里就不再赘述。  First, the cryptographic technology is used to encrypt the minutiae in the fingerprint template. The fingerprint template obtained by the encryption may be referred to as an ciphering template, and the ciphering template is stored in the biometric certificate, and the biometric certificate may be stored in the server. It can also be distributed to the user and saved by the user; the encryption technology refers to a key generated by the user password or the encryption system, the specific process of generating the key KEY, and the specific process of encrypting the fingerprint template by using the key. There are mature solutions in the technology, so I will not repeat them here.
然后将上述加密过程中使用的密钥 KEY和指纹细节点进行绑定,所述细节点指的是 指纹中的末梢点或分叉点, 末梢点指的是一条纹线的末端点, 分叉点指的是一条纹线分 叉成 2条分支所对应的点。 所述末梢点或细节点可以用一个三元组 (χ,γ,θ)来表示, 其 中^是细节点所在位置的平面坐标, 0是细节点的方向, 即其关联纹线的走向。 具体绑 定过程中, 可以使用细节点的平面坐标来进行绑定, 也可以使用三元组坐标进行绑定, 下面仅以平面坐标为例说明具体的绑定过程。  Then, the key KEY and the fingerprint minutiae used in the above encryption process are bound, the minutiae point refers to the tip point or the bifurcation point in the fingerprint, and the tip point refers to the end point of a stripe line, bifurcation Point refers to a point where a stripe line branches into two branches. The tip or minutiae point can be represented by a triplet (χ, γ, θ), where ^ is the plane coordinate of the location of the minutiae point, and 0 is the direction of the minutiae point, ie the direction of the associated ridge. In the specific binding process, the plane coordinates of the minutiae point can be used for binding, or the triad coordinates can be used for binding. The following is only a plane coordinate as an example to illustrate the specific binding process.
在本发明实施例的具体实施过程中,可以采用多元线性函数将密钥 KEY和指纹细节 点进行绑定。 比如, 如果加密密钥 KEY的长度是 128位, 可以选择与 128位加密密钥 KEY 有相同保密效果的 N (比如, N=9 )个真实点作为恢复密钥的条件。 这样, 就可以采用 9 个变量的多元线性函数:  In the specific implementation process of the embodiment of the present invention, the key KEY and the fingerprint minutiae point may be bound by using a multivariate linear function. For example, if the length of the encryption key KEY is 128 bits, N (for example, N=9) real points having the same security effect as the 128-bit encryption key KEY can be selected as the condition for recovering the key. In this way, a multivariate linear function of 9 variables can be used:
fiu) = aTu mod(_p ) =
Figure imgf000006_0001
mod( p ) ( 1 ) 式中 fl = [£/0 t/i ... a8 T] , « = [wo ... M8]。 Fiu) = a T u mod(_p ) =
Figure imgf000006_0001
Mod( p ) ( 1 ) where fl = [£/ 0 t/i ... a 8 T ] , « = [wo ... M 8 ].
将密钥 KEY分成互不重叠的 8段, 分别为 . .. , ^, 每段 16位, 令 αο ^, α si, ... ,αΊ = 。 将《^~«8联成一个 128位的数串 KEYC aoai...^, 计算出数串 KEYC的 CRC-16值 C, 这是一个 16位校验值, 令 a8= :。 mod ( ^表示对多元函数值求模, p是 最接近 216-1, 但大于它的一个素数, 即 65537。 The key KEY is divided into 8 segments that do not overlap each other, respectively. . . , ^, 16 bits per segment, let αο ^, α si, ... , α Ί = . Combine "^~« 8 into a 128-bit number string KEYC aoai...^, and calculate the CRC-16 value C of the string KEYC, which is a 16-bit check value, let a 8 = :. Mod ( ^ means to modulate the multivariate function value, p is the closest to 2 16 -1, but is greater than one of its prime numbers, which is 65537.
用 F表示指纹模板中细节点平面坐标的集合, 即
Figure imgf000006_0002
(x yi), . . . , ( Ν-Ι,7Ν-Ι)} . 其中, N是模板细节点的总数。 为了后面计算方便, 可以将每个细节点平面坐标 c和 y 分别映射到 [0,255]中,然后将它们串联在一起 构成数据绑定单元 w,它是一个 16位 的数据。 这样就可以得到一个集合 M = {Wo, Wl, «7!^ }。 对每个 w, =0— N-l, 将作 为一个 16位的随机数产生器的种子, 顺序产生 8个随机数, r 1, 这样对每个 细节点 w, 就会得到一个向量 ": uimi) = [ ui0 uiX ... «;8] = [mi m ... r«]。 将每 个 代入上述公式 (1 ), 计算出相应的 Use F to represent the set of detail point plane coordinates in the fingerprint template, ie
Figure imgf000006_0002
(x yi), . . . , ( Ν-Ι,7Ν-Ι)} . where N is the total number of template minutiae points. For the convenience of later calculation, each detail point plane coordinate c and y can be mapped to [0, 255], respectively, and then they are connected in series to form a data binding unit w, which is a 16-bit data. This will give you a set of M = { W o, Wl , «7!^ }. For each w, =0—Nl, as a seed of a 16-bit random number generator, sequentially generate 8 random numbers, r 1 , so that for each min. w, a vector ": uimi" is obtained. = [ u i0 u iX ... «; 8 ] = [mi m ... r«]. will be Substituting into the above formula (1), calculating the corresponding
这样, 指纹密钥的集合 G 由 M 和其中元素对应的线性函数值构成: G = {( moJ[ 0(m0 )), (mij[ui(mi))) (OTN-1,X«n-1(OTN-1))) }; Thus, the set G of fingerprint keys consists of M and the linear function values corresponding to the elements: G = {( moJ[ 0 (m 0 )), (mij[ui(mi))) (OT N-1 , X« N-1 (OT N-1 ))) };
为了使指纹密钥的安全性得到进一步提高, 可以利用 Fuzzy vault方法来保护这个 指纹密钥, 即可以构造一个干扰集合 C, C的作用是保护指纹密钥的安全, 它是由 M个 点对构成的集合: C = {(cuc^ dA), ..., (cM-1,c/M-1)}, 其中 C和 4·, =0— M-l都是随机 数。 和 w /的距离必须大于一定的阈值, 而且 4≠_/(c )。 In order to further improve the security of the fingerprint key, the fuzzy vault method can be used to protect the fingerprint key, that is, an interference set C can be constructed, and the role of C is to protect the security of the fingerprint key. It is composed of M point pairs. A set of constituents: C = {(cuc^ dA), ..., (c M-1 , c/ M-1 )}, where C and 4·, =0—Ml are random numbers. The distance from w / must be greater than a certain threshold, and 4 ≠ _ / (c).
将上述集合 G和集合 C的所有元素添加到一个列表 VL中, 并充分随机混合; 如 果用(v,w)来统一表示 G或 C中的一个元素,则 VL可以表示为: VL = {(v0,w0), {(vi,wi), ..., (VM+N-I,WM+N-I)} . VL就是通过 Fuzzy vault方法得到的新的、受保护的指纹密钥,将其存 储到上述存放了加密模板的同一生物证书中。 Add all the elements of the above set G and set C to a list VL and mix them thoroughly; if (v, w) is used to uniformly represent one element in G or C, then VL can be expressed as: VL = {( v 0 ,w 0 ), {(vi,wi), ..., (VM + NI,WM + NI)} . VL is a new, protected fingerprint key obtained by the Fuzzy vault method, which is stored Go to the same biometric certificate that holds the encryption template above.
本发明又一实施例提供了一种生物特征数据的保护方法,具体以本发明实施例所述 生物特征数据保护方法在生物特征模板中的应用进行详细阐述。  A further embodiment of the present invention provides a method for protecting biometric data, which is specifically described in the application of the biometric data protection method according to the embodiment of the present invention.
本发明实施例所述方法如图 2所示, 具体包括以下步骤:  As shown in FIG. 2, the method in the embodiment of the present invention specifically includes the following steps:
利用用户的生物特征样本和生物密钥进行绑定得到绑定信息;  Binding information is obtained by binding the biometric sample of the user and the biometric key;
从所述绑定信息中恢复出密钥 KEY;  Recovering the key KEY from the binding information;
利用所述密钥 KEY对加密模板进行解密, 得到生物特征模板;  Decrypting the encryption template by using the key KEY to obtain a biometric template;
下面同样以生物特征中的指纹为例,对本发明又一实施例所述生物特征数据的保护 方法在生物特征模板中的应用进行详细说明。  The application of the biometric data protection method according to another embodiment of the present invention in the biometric template will be described in detail below by taking the fingerprint in the biometric as an example.
如图 2所示,当用户需要使用密钥 KEY时,可以从绑定信息中恢复出 KEY。这时, 用户现场提供一个指纹样本, 由系统将指纹样本和生物密钥对齐、 预处理后, 从指纹样 本中提取出查询细节点集合 Q, Q={(xgo,ygo), (xg ygi), . . . , (¾Ν*-Ι,¾Ν*-Ι)} , Ν*是 Q中细节 点的总数,通常 Ν*≠Ν。将所述细节点的平面坐标 JC和 y同样映射到 [0,255]中。从 VL中 取出 ^,…, ^^^ 它们都是 16位的数,分别将其分拆成 2个 8位的数,作为平面坐 标,可以得到一个集合
Figure imgf000007_0001
o用 Q中的元素去定 位 Rc中的元素, 如果集合 Q中某个细节点 A和集合 Rc中某个细节点 B的距离小于一 个阈值, 这时就可以认为 A和 B是一对匹配点, 可以把 B对应的 添加到匹配点集 合 Ro中, 即: As shown in Figure 2, when the user needs to use the key KEY, the KEY can be recovered from the binding information. At this time, the user provides a fingerprint sample on the spot. After the system aligns and preprocesses the fingerprint sample and the biokey, the query detail point set Q, Q={(x g o, y g o), is extracted from the fingerprint sample. (x g y g i), . . . , (3⁄4Ν*-Ι,3⁄4Ν*-Ι)} , Ν* is the total number of minutiae points in Q, usually Ν*≠Ν. The plane coordinates JC and y of the minutiae points are mapped to [0, 255] as well. Take ^,..., ^^^ from VL. They are all 16-bit numbers, which are split into two 8-bit numbers. As a plane coordinate, you can get a set.
Figure imgf000007_0001
o Use the elements in Q to locate the elements in Rc. If the distance between a certain detail point A in the set Q and a certain detail point B in the set Rc is less than a threshold, then A and B can be considered as a pair of matching points. , you can add the corresponding B to the matching point set Ro, namely:
for all 0< N* ((xqi,yqd≡ Q) and 0</-<V+M ((xvj,yvj)≡ Rc) For all 0< N* ((x qi ,y q d≡ Q) and 0</-<V+M ((x vj ,y vj )≡ Rc)
if O((xqi,yqi), ix j,yvj))≤T then iy^wj)≡ RQ 其中 r是一个阈值。 If O((x qi ,y qi ), ix j ,y v j))≤T then iy^wj)≡ RQ Where r is a threshold.
如果是真实用户, 利用 Q 就可以产生较小的 Re。 假定 Re有 K个点, 通常 K≤N*«V+M, 这可以大大缩小恢复密钥时的搜索范围。 为恢复出密钥 KEY, K至少应 有 9个点。 即使是真实用户, RG中也会混入虚假点, 因为通常现场指纹和模板指纹只 是部分重叠,而且存在噪声, 故 Q中的点和集合 F中的点只有部分匹配。 Q中那些不匹 配点仍然可能从干扰集合 C中找到配对的点,而这些点对重构密钥没有任何帮助。使用 Ro中所有可能 9点的组合来恢复 KEY。 对每个^ 使用与密钥绑定阶段相同参数的 16 位随机数发生器,以 ν,·为种子,顺序产生 8个随机数, m, ri2, ... , r8。这样对每个 V ERG, 就会得到一个向量^: If it is a real user, using Q can produce a smaller R e . Suppose that R e has K points, usually K ≤ N * « V + M, which can greatly narrow the search range when recovering the key. In order to recover the key KEY, K should have at least 9 points. Even for real users, false points are mixed into R G , because usually the live fingerprint and the template fingerprint are only partially overlapping, and there is noise, so the points in Q and the points in set F only partially match. Those mismatched points in Q may still find the paired points from the interference set C, and these points do not help to reconstruct the key. Use all possible combinations of 9 points in Ro to recover the KEY. For each 16-bit random number generator using the same parameters as the key binding phase, ν,· is used as a seed to generate 8 random numbers, m, r i2 , ..., r 8 in sequence. Thus for each V ERG, you get a vector ^:
uvi = [ ui() Ui\ ... ut [ = [vi r ... r/8] u vi = [ u i() Ui\ ... u t [ = [vi r ... r/ 8 ]
以及它对应的多元线性函数值  And its corresponding multivariate linear function value
Wj = "w) = a uvi mod(_p ) = ad Ui+ n n +… +£¾7 7+£¾8"8 mod(p ) (2) 对于一个特定的组合 {(νο,τνο), {(vi,wi), (v8,w8)}, 可以得到一个线性方程组: wo = ado¾o+adi¾i+ -.. +ad7¾7+«d8¾8 mod(p ) Wj = "w) = au vi mod(_p ) = ad Ui+ nn +... +£3⁄47 7+£3⁄48"8 mod(p ) (2) For a particular combination {(νο,τνο), {(vi, Wi), (v 8 , w 8 )}, you can get a linear system of equations: wo = ado3⁄4o+adi3⁄4i+ -.. +ad73⁄47+«d83⁄48 mod(p )
wi = adoMi,o+adiMi,i+ ... +adiowi,7+adiiwi,8mod( ) w8= ado¾o+adi¾i+ ... +ad7M8,7+ad8M8,8mod(jf ) 令 C/ ... w8]T, fld = [OdO OdlWi = adoMi,o+adiMi,i+ ... +adiowi,7+adiiwi, 8 mod( ) w 8 = ado3⁄4o+a d i3⁄4i+ ... +ad 7 M 8 , 7 +a d8 M 8 , 8 mod( Jf ) Let C/ ... w 8 ] T , fld = [OdO Odl
Figure imgf000008_0001
Figure imgf000008_0001
程组可以简化为: The group can be simplified to:
τ  τ
w = Ua^ mod(p) (3)  w = Ua^ mod(p) (3)
由于作为种子的 V1, ...,V13并不相同, 所以一般情况下随机矩阵 每一行都是不相 关的, 行列式 |U|≠ 0, 这可以保证 可逆, 从而从(3) 中求解出 flT:Since V1 , ..., V13 as seeds are not the same, in general, each row of the random matrix is irrelevant, and the determinant |U|≠ 0, which can be guaranteed to be reversible, and thus solved from (3) Fl T :
Figure imgf000008_0002
Figure imgf000008_0002
如果 ¾, w0), ... , (v8, w8)是 G中的元素, 那么就有 fld T = flT。 可以通过 CRC检验来 验证 fld T是否为真。将 ado, adi, d7串联起来,构成 128位数串 KEYC*,计算其 CRC-16 值, 如果该值恰好等于 ad8, 那么 (v。, w0), ... , (v8, w8)有极高的概率属于 G, 而 有极高 的概率等于 fl T。 CRC只是一种错误检测方法, 它不会泄露密钥 KEY本身的任何信息, 在没有真实的现场样本条件下, 攻击者不可能直接利用 CRC校验来解锁 Finger vault。 If 3⁄4, w 0 ), ... , (v 8 , w 8 ) is an element in G, then there is fl d T = fl T . It can be verified by CRC test whether fl d T is true. Connect a d o, a d i, d7 in series to form a 128-bit string KEYC*, and calculate its CRC-16 value. If the value is exactly equal to a d8 , then (v., w 0 ), ... , ( v 8 , w 8 ) has a very high probability of belonging to G, and has a very high probability equal to fl T . The CRC is just a method of error detection. It does not reveal any information about the key KEY itself. Without the actual live sample condition, the attacker cannot directly use the CRC check to unlock the Finger vault.
如果 fl 通过 CRC检验后,将 ad。, adl, ... , ad7串联成一个数串 KEY*, KEY*=KEY, 这样就恢复了密钥 KEY。 If fl passes the CRC test, it will be a d . , a dl , ... , a d7 are connected in series to form a number string KEY*, KEY*=KEY, This restores the key KEY.
最后,利用所述密钥 KEY对加密模板进行解密, 得到指纹模板; 利用所述指纹模板 与用户现场提供的指纹样本进行匹配, 完成认证过程。  Finally, the encryption template is decrypted by using the key KEY to obtain a fingerprint template. The fingerprint template is matched with the fingerprint sample provided by the user on the site to complete the authentication process.
以上所述方法是以利用对称加密算法生成的密钥为例进行说明的, 即,加密密钥和 解密密钥使用相同的密钥, 本发明实施例同样适用于非对成加密算法, gP, 注册时, 利 用加密密钥对生物特征模板中的生物特征数据进行加密,然后将解密密钥与选取的指纹 细节点进行邦定, 认证时, 利用从生物密钥模板中恢复出来的解密密钥恢复出的指纹细 节点, 其他的处理过程与上面所述方法相似, 此处不再赘述。  The above method is described by taking a key generated by a symmetric encryption algorithm as an example, that is, the encryption key and the decryption key use the same key, and the embodiment of the present invention is also applicable to the non-pairing encryption algorithm, gP, When registering, the biometric data in the biometric template is encrypted by using the encryption key, and then the decryption key is matched with the selected fingerprint detail point. When the authentication is performed, the decryption key recovered from the biometric key template is used. The fingerprint details are restored, and the other processing is similar to the method described above, and will not be described here.
本发明实施例还可以将用户的秘密与密钥进行绑定, 比如, 假定用户的秘密是 S, 它可以是用户的口令、用户名或者其它东西以及这些东西的某种组合, 使用一个函数将 它变换成与待保护的密钥 Key等长的数串 SV, BP : SV = /(S)。  The embodiment of the present invention can also bind the user's secret to the key. For example, if the user's secret is S, it can be the user's password, user name or other things, and some combination of these things, using a function. It is transformed into a string of numbers SV equal to the key Key to be protected, BP : SV = /(S).
密钥绑定时, 假定 Key是 128位, 与前述方法一样, 把 SV分成互不重叠的 8段, svo, svi, ..., sv7,每段 16位(128/16 = 8),在公式(1 )中,令 ao = s0 ® sv0, ai = si @ sv ... , αη = ㊉^ 7。 我们将 αο~α8联成一个 128位的数串 KEYC aoai ...^, 计算出其 CRC-16 值 C, 令 a8=:。 这样方程(1 ) 的系数就确定了, 其它计算可以按前述方法进行。 When the key is bound, it is assumed that the Key is 128 bits. As in the previous method, the SV is divided into 8 segments that do not overlap each other, svo, svi, ..., sv 7 , each segment 16 bits (128/16 = 8), In the formula (1), let ao = s 0 ® sv 0 , ai = si @ sv ... , αη = ten ^ 7. We combine αο~α 8 into a 128-bit number string KEYC aoai ...^, and calculate its CRC-16 value C, so that a 8 =:. Thus the coefficients of equation (1) are determined, and other calculations can be performed as described above.
密钥重构时,按前述方法求出 α。, αχ, ... , αΊ,用户提供的 S仍然可以形成 。, SV . . . , sv7, 贝 1^0 = "0㊉ ^o, 1 = "1㊉ ^i,… , s7 = a7 @ sv7, Key= s0 si s2 S3 s4 s5 s6 s When the key is reconstructed, α is obtained as described above. , αχ, ... , α Ί , the user-supplied S can still be formed. , SV . . . , sv 7 , Bay 1^ 0 = " 0 ten ^o, 1 = "1 ten ^i,... , s 7 = a 7 @ sv 7 , Key= s 0 si s 2 S3 s 4 s 5 s 6 s
本发明实施还提供了一种利用上述生物特征数据的保护方法进行生物认证的方法, 如图 3所示, 所述方法包括:  The present invention also provides a method for performing biometric authentication by using the above-mentioned biometric data protection method. As shown in FIG. 3, the method includes:
注册时,利用加密技术对生物特征模板中的生物特征数据进行加密,生成加密生物 特征数据, 所述生物特征模板此时可以称为加密模板; 将所述加密技术中的密钥与从生 物特征模板中选取的生物特征数据进行绑定, 生成生物密钥; 将生物密钥和加密模板存 放到同一生物证书中;  When registering, the biometric data in the biometric template is encrypted by using an encryption technology to generate encrypted biometric data, and the biometric template may be referred to as an encryption template at this time; the key and the biometric in the encryption technology are The biometric data selected in the template is bound to generate a biometric key; the biometric key and the encrypted template are stored in the same biometric certificate;
认证时, 利用用户的生物特征样本从生物密钥中恢复出绑定了密钥的生物特性数 据, 并恢复出所述密钥; 利用所述恢复出来的密钥对加密模板进行解密, 得到生物特性 数据;  At the time of authentication, the user's biometric sample is used to recover the biometric data bound to the key from the biometric key, and the key is recovered; and the encrypted template is decrypted by the recovered key to obtain the biological Characteristic data
将用户的生物特征样本与所述生物特性数据进行匹配, 当匹配正确时,确认用户身 份, 由于具体匹配过程现在已有成熟解决方案, 此处就不再赘述。  The biometric samples of the user are matched with the biometric data. When the matching is correct, the user identity is confirmed. Since the specific matching process has a mature solution, it will not be described here.
下面对本发明实施例所述生物特征数据的保护装置进行详细说明。  The protection device for biometric data according to the embodiment of the present invention will be described in detail below.
如图 4所示, 本发明实施例所述生物特征模板的保护装置包括: 加密生物特征数据生成单元,用于利用加密技术对生物特征模板中的生物特征数据 进行加密, 生成加密生物特征数据, 此时所述存储有所述加密生物特征数据的生物特征 模板可以称为加密模板; 所述加密技术使用的算法可以为对称加密算法, 也可以为非对 称加密算法; As shown in FIG. 4, the protection device for the biometric template according to the embodiment of the present invention includes: The encrypted biometric data generating unit is configured to encrypt the biometric data in the biometric template by using an encryption technology to generate the encrypted biometric data, and the biometric template storing the encrypted biometric data may be referred to as encryption. The algorithm used by the encryption technology may be a symmetric encryption algorithm or an asymmetric encryption algorithm;
生物密钥生成单元,用于利用多元线性函数将加密技术中的密钥与用户的生物特性 数据进行绑定, 生成生物密钥; 所述生物特性数据可以为从生物特征模板中的生物特征 数据中选取出来的多个特征点, 比如, 指纹细节点。  a biometric key generating unit configured to bind a key in the encryption technology to the biometric data of the user by using a multivariate linear function to generate a biometric key; the biometric data may be biometric data from the biometric template Multiple feature points selected in the image, for example, fingerprint detail points.
所述装置还包括:  The device also includes:
生物证书存储单元,用于存放注册时从加密生物特征数据生成单元得到的加密模板 和从生物密钥生成单元得到的生物密钥, 所述生物证书存储单元位于服务器中, 也可以 位于用户设备处。  a biometric certificate storage unit, configured to store an encryption template obtained from the encrypted biometric data generating unit and a biometric key obtained from the biometric key generating unit, where the biometric credential storage unit is located in the server or at the user equipment .
所述生物密钥生成单元具体可以包括:  The biometric key generating unit may specifically include:
绑定模块:用于利用多元线性函数将所述密钥与所述生物特性数据进行绑定,生成 绑定信息, 所述绑定过程在方法中已有详细说明, 此处不再赘述;  The binding module is configured to bind the key to the biometric data by using a multivariate linear function to generate binding information, where the binding process has been described in detail in the method, and is not described herein again;
干扰模块: 用于利用 Fuzzy vault方法对所述绑定信息进行保护, 即在所述绑定信息 中加入干扰信息, 生成生物密钥。  The interference module is configured to protect the binding information by using a Fuzzy vault method, that is, adding interference information to the binding information to generate a biometric key.
下面对本发明又一实施例所述生物特征数据的保护装置进行详细说明。  The protection device for biometric data according to still another embodiment of the present invention will be described in detail below.
如图 5所示, 所述生物特征数据的保护装置具体包括:  As shown in FIG. 5, the protection device of the biometric data specifically includes:
生物密钥处理单元,用于利用用户的生物特征样本,通过求解多元线性函数从生物 密钥恢复密钥;  a bio-key processing unit for recovering a key from a bio-key by solving a multivariate linear function using a biometric sample of the user;
加密生物特征数据处理单元,用于利用所述生物密钥处理单元恢复出来的密钥对加 密生物特征数据进行解密, 得到生物特性数据。  The encrypted biometric data processing unit is configured to decrypt the encrypted biometric data by using the key recovered by the biometric key processing unit to obtain biometric data.
所述生物密钥处理单元具体可以包括:  The biometric key processing unit may specifically include:
解干扰模块: 在利用 Fuzzy vault方法对绑定了密钥的生物特征数据中加入干扰信息 的情况下, 所述解干扰模块用于从所述生物密钥中恢复出绑定信息;  The interference cancellation module is configured to: when the interference information is added to the biometric data with the key bound by using the Fuzzy vault method, the interference cancellation module is configured to recover the binding information from the biometric key;
解绑定模块: 利用求解多元线性函数从所述绑定信息中恢复出密钥。  Unbinding module: recovers the key from the binding information by solving the multivariate linear function.
本发明实施例还提供了一种所述生物特征数据的保护系统,如图 6所示,具体包括: 注册单元,用于利用加密技术对生物特征模板中的生物特征数据进行加密,得到加 密生物特征数据, 所述存储有加密生物特征数据的生物特征模板可以称为加密模板; 所 述加密技术使用的算法可以为对称加密算法, 也可以为非对称加密算法; 所述注册单元 利用多元线性函数将加密技术中的密钥与用户的生物特性数据进行绑定, 生成生物密 钥; 将得到的加密模板和生物密钥进行存储; The embodiment of the present invention further provides a protection system for the biometric data, as shown in FIG. 6 , which specifically includes: a registration unit, configured to encrypt biometric data in a biometric template by using an encryption technology to obtain an encrypted biometric The feature data, the biometric template storing the encrypted biometric data may be referred to as an encryption template; the algorithm used by the encryption technology may be a symmetric encryption algorithm or an asymmetric encryption algorithm; Binding the key in the encryption technology to the biometric data of the user by using a multivariate linear function to generate a biometric key; storing the obtained encryption template and the biometric key;
解密单元,利用用户的生物特征样本,通过求解多元线性函数从生物密钥恢复密钥; 然后利用所述密钥对加密模板进行解密, 得到生物特征模板中的生物特征数据。  The decryption unit recovers the key from the biometric key by solving the multivariate linear function by using the biometric sample of the user; and then decrypting the encrypted template by using the key to obtain biometric data in the biometric template.
本发明实施例还提供了一种生物认证的系统, 如图 7所示, 所述生物认证的系统具 体可以包括:  The embodiment of the present invention further provides a system for biometric authentication. As shown in FIG. 7, the biometric authentication system may include:
注册单元, 用于利用加密技术对生物特征模板进行加密, 生成加密模板; 所述加密 技术使用的算法可以为对称加密算法, 也可以为非对称加密算法; 所述注册单元利用多 元线性函数将加密技术中的密钥与用户的生物特性数据进行绑定, 生成生物密钥; 将得 到的加密模板和生物密钥进行存储;  a registration unit, configured to encrypt the biometric template by using an encryption technology to generate an encryption template; the algorithm used by the encryption technology may be a symmetric encryption algorithm or an asymmetric encryption algorithm; and the registration unit uses a multivariate linear function to encrypt The key in the technology is bound to the biometric data of the user to generate a biometric key; the obtained encryption template and the biometric key are stored;
解密单元,利用用户的生物特征样本,通过求解多元线性函数从生物密钥恢复密钥; 然后利用所述密钥对加密模板进行解密, 得到生物特征模板中的生物特征数据。  The decryption unit recovers the key from the biometric key by solving the multivariate linear function by using the biometric sample of the user; and then decrypting the encrypted template by using the key to obtain biometric data in the biometric template.
身份识别单元,负责将用户的生物特征样本与所述生物特征模板中的生物特征数据 进行匹配, 当匹配正确时, 确认用户身份。  The identity unit is responsible for matching the biometric sample of the user with the biometric data in the biometric template, and confirming the identity of the user when the matching is correct.
对于本发明实施例所述装置的具体实现过程, 由于在前面方法中已有详细描述,这 里就不做具体说明了。  The specific implementation process of the device according to the embodiment of the present invention has not been specifically described herein because it has been described in detail in the foregoing method.
综上所述,本发明实施例通过使用密钥去加密一个指纹模板,然后利用多元线性函 数将密钥和指纹细节点绑定在一起, 而在认证时, 只需要用户提供现场样本特征就可以 恢复密钥, 从而解密生物模板, 进行更精确地对比, 从而提高了指纹模板保护的安全可 靠性。  In summary, the embodiment of the present invention encrypts a fingerprint template by using a key, and then binds the key and the fingerprint detail point by using a multivariate linear function. In the authentication, only the user needs to provide the on-site sample feature. The key is restored to decrypt the biological template for more precise comparison, thereby improving the security and reliability of the fingerprint template protection.
在这里,本发明实施例仅以生物特征数据的保护方法在生物特征模板上的应用为例 进行了说明,具体以生物特征中的指纹为例,对指纹模板的保护方法及应用进行了说明, 但现有领域技术人员应该知道,本发明实施例在生物特征模板的保护上还适用于出指纹 外其他的生物特征, 比如虹膜、 掌纹、 语音等, 其实现过程与上面所述方法类似; 同样,本发明实施例所述除了可以应该于生物特征模板的保护外,还可以应用于所 有需要对生物特征数据进行保护的场景, 此时只需对本发明实施例稍加变换就可以实 现, 这里就不再赘述。  Herein, the embodiment of the present invention only uses the application of the biometric data protection method on the biometric template as an example, and specifically uses the fingerprint in the biometric as an example to illustrate the protection method and application of the fingerprint template. However, those skilled in the art should be aware that the embodiment of the present invention is also applicable to the biometric template protection to other biometrics other than fingerprints, such as iris, palm print, voice, etc., and the implementation process is similar to the method described above; In addition, the embodiment of the present invention can be applied to all scenarios that need to protect the biometric data in addition to the protection of the biometric template. In this case, only a slight change can be implemented in the embodiment of the present invention. I won't go into details.
以上所述,仅为本发明实施例较佳的具体实施方式,但本发明实施例的保护范围并 不局限于此, 任何熟悉本技术领域的技术人员在本发明实施例揭露的技术范围内, 可轻 易想到的变化或替换, 都应涵盖在本发明实施例的保护范围之内。 因此, 本发明实施例 的保护范围应该以权利要求的保护范围为准。  The above is only a preferred embodiment of the present invention, but the scope of protection of the embodiments of the present invention is not limited thereto, and any person skilled in the art is within the technical scope disclosed by the embodiments of the present invention. Variations or substitutions that are conceivable are intended to be included within the scope of the embodiments of the invention. Therefore, the scope of protection of the embodiments of the present invention should be determined by the scope of the claims.

Claims

权利要求 Rights request
1、 一种生物特征数据的保护方法, 其特征在于, 包括:  A method for protecting biometric data, comprising:
利用密钥对用户生物特征数据进行加密, 生成加密生物特征数据;  Encrypting user biometric data by using a key to generate encrypted biometric data;
根据所述用户生物特征数据生成所述用户的生物特性数据;  Generating biometric data of the user according to the biometric data of the user;
将所述密钥与所述用户的生物特性数据进行绑定,生成所述加密生物特征数据对应 的生物密钥。  Binding the key to the biometric data of the user to generate a biometric key corresponding to the encrypted biometric data.
2、 根据权利要求 1所述的方法, 其特征在于,  2. The method of claim 1 wherein
根据所述用户生物特征数据生成所述用户的生物特性数据的步骤包括: 从所述用户生物特征数据中选取多个特征点, 得到所述用户的生物特性数据; 所述密钥与生物特性数据进行绑定, 生成生物密钥的步骤具体包括:  The step of generating biometric data of the user according to the biometric data of the user includes: selecting a plurality of feature points from the biometric data of the user to obtain biometric data of the user; and the key and biometric data The steps of binding and generating a biometric key include:
利用多元线性函数将所述生物特性数据与密钥进行绑定, 生成生物密钥。  The biometric data is bound to the key using a multivariate linear function to generate a biometric key.
3、根据权利要求 2所述的方法, 其特征在于, 所述利用多元线性函数将所述生物特 性数据与密钥进行绑定, 生成生物密钥的步骤具体包括:  The method according to claim 2, wherein the step of binding the biometric data with a key by using a multivariate linear function to generate a biometric key comprises:
利用多元线性函数将所述生物特性数据与密钥进行绑定, 生成绑定信息; 在所述绑定信息中加入干扰信息, 生成生物密钥。  Binding the biometric data to the key by using a multivariate linear function to generate binding information; adding interference information to the binding information to generate a biometric key.
4、 根据权利要求 1到 3种任意一项所述的方法, 其特征在于, 所述方法还包括: 将生成的加密生物特征数据和生物密钥存放到同一生物证书中。  The method according to any one of claims 1 to 3, wherein the method further comprises: storing the generated encrypted biometric data and the biometric key in the same biometric certificate.
5、 一种生物特征数据的保护方法, 其特征在于, 包括:  5. A method for protecting biometric data, comprising:
利用用户的生物特征样本, 从生物密钥中恢复出密钥;  Recovering the key from the biometric key using the user's biometric sample;
利用所述恢复出来的密钥对加密生物特征数据进行解密, 得到生物特征数据。 The encrypted biometric data is decrypted using the recovered key to obtain biometric data.
6、根据权利要求 5所述的方法, 其特征在于, 所述利用用户的生物特征样本, 从生 物密钥中恢复出密钥的步骤具体包括: The method according to claim 5, wherein the step of recovering the key from the biometric key by using the biometric sample of the user comprises:
从生物特征样本中选取多个特征点;  Selecting a plurality of feature points from the biometric sample;
根据所述生物特征样本中的特征点,利用多元线性函数对生物密钥进行解密,得到 加密生物特征数据的密钥。  According to the feature points in the biometric sample, the biometric key is decrypted by using a multivariate linear function to obtain a key for encrypting the biometric data.
7、根据权利要求 5所述的方法, 其特征在于, 所述利用用户的生物特征样本, 从生 物密钥中恢复出密钥的步骤具体包括:  The method according to claim 5, wherein the step of recovering the key from the biometric key using the biometric sample of the user comprises:
从生物密钥中恢复出绑定信息;  Recover binding information from the biokey;
利用多元线性函数从所述绑定信息中恢复出密钥。  The key is recovered from the binding information using a multivariate linear function.
8、 一种生物认证的方法, 其特征在于, 包括: 利用密钥对生物特征数据进行加密, 生成加密生物特征数据; 8. A method of biometric authentication, comprising: Encrypting biometric data with a key to generate encrypted biometric data;
根据所述用户生物特征数据生成所述用户的生物特性数据;  Generating biometric data of the user according to the biometric data of the user;
将所述密钥与所述生物特性数据进行绑定, 生成生物密钥;  Binding the key to the biometric data to generate a biometric key;
将所述加密生物特征数据和所述生物密钥存放到同一生物证书中;  Depositing the encrypted biometric data and the biometric key into the same biometric certificate;
利用用户的生物特征样本, 从生物密钥中恢复出密钥;  Recovering the key from the biometric key using the user's biometric sample;
利用所述恢复出来的密钥对加密生物特征数据进行解密, 得到生物特征数据; 将用户的生物特征样本与所述生物特征数据进行匹配, 当匹配正确时,确认用户身 份。  The encrypted biometric data is decrypted by using the recovered key to obtain biometric data; the biometric sample of the user is matched with the biometric data, and when the matching is correct, the user identity is confirmed.
9、 一种生物特征数据的保护装置, 其特征在于, 包括:  9. A device for protecting biometric data, comprising:
加密生物特征数据生成单元,用于利用密钥对用户生物特征数据进行加密,生成加 密生物特征数据;  An encrypted biometric data generating unit, configured to encrypt user biometric data by using a key to generate encrypted biometric data;
生物密钥生成单元,根据所述用户生物特征数据生成所述用户的生物特性数据,将 所述密钥与所述用户的生物特性数据进行绑定,生成所述加密生物特征数据对应的生物 密钥。  a biometric key generating unit, configured to generate biometric data of the user according to the biometric data of the user, and bind the key to biometric data of the user to generate a biometric corresponding to the encrypted biometric data. key.
10、 根据权利要求 9所述的装置, 其特征在于, 所述装置还包括:  The device according to claim 9, wherein the device further comprises:
生物证书存储单元, 用于存放得到的所述加密生物特征数据和所述生物密钥。 a biometric certificate storage unit, configured to store the obtained encrypted biometric data and the biometric key.
11、 根据权利要求 9或 10所述的装置, 其特征在于, 所述生物密钥生成单元具体包 括: The device according to claim 9 or 10, wherein the biometric key generating unit specifically comprises:
绑定模块,用于利用多元线性函数将所述密钥与所述生物特性数据进行绑定,生成 绑定信息;  a binding module, configured to bind the key to the biometric data by using a multivariate linear function to generate binding information;
干扰模块, 用于在所述绑定信息中加入干扰信息, 生成生物密钥。  The interference module is configured to add interference information to the binding information to generate a biometric key.
12、 一种生物特征数据的保护装置, 其特征在于, 包括:  12. A device for protecting biometric data, comprising:
生物密钥处理单元, 用于利用用户的生物特征样本, 从生物密钥中恢复密钥; 加密生物特征数据处理单元,用于利用所述从生物密钥处理单元恢复出来的密钥对 加密生物特征数据进行解密, 得到生物特征数据。  a biometric key processing unit for recovering a key from a biometric key using a biometric sample of the user; an encrypted biometric data processing unit for encrypting the biometric using the key pair recovered from the biometric key processing unit The feature data is decrypted to obtain biometric data.
13、 根据权利要求 12所述的装置, 其特征在于, 所述生物密钥处理单元包括: 解干扰模块, 从生物密钥中恢复出绑定信息;  The device according to claim 12, wherein the bio-key processing unit comprises: a de-interference module, recovering binding information from the bio-key;
解绑定模块, 利用多元线性函数从所述绑定信息中恢复出密钥。  The unbinding module recovers the key from the binding information by using a multivariate linear function.
14、 一种生物特征数据的保护系统, 其特征在于, 包括:  14. A system for protecting biometric data, comprising:
注册单元, 用于利用密钥对用户生物特征数据进行加密, 生成加密生物特征数据, 根据所述用户生物特征数据生成所述用户的生物特性数据,并将所述密钥与所述用户的 生物特性数据进行绑定, 生成所述加密生物特征数据对应的生物密钥; 将生成的所述加 密生物特征数据和生物密钥进行存储; a registration unit, configured to encrypt user biometric data by using a key to generate encrypted biometric data, Generating the biometric data of the user according to the user biometric data, and binding the key with the biometric data of the user to generate a biometric key corresponding to the encrypted biometric data; The encrypted biometric data and the biometric key are stored;
解密单元, 用于利用用户的生物特征样本, 从生物密钥中恢复出密钥; 并利用所述 恢复出来的密钥对加密生物特征数据进行解密, 得到生物特征数据。  And a decryption unit, configured to recover the key from the biometric key by using the biometric sample of the user; and decrypt the encrypted biometric data by using the recovered key to obtain biometric data.
15、 一种生物认证的系统, 其特征在于, 包括:  15. A biometric authentication system, comprising:
注册单元, 用于利用密钥对用户生物特征数据进行加密, 生成加密生物特征数据, 根据所述用户生物特征数据生成所述用户的生物特性数据,并将所述密钥与所述用户的 生物特性数据进行绑定, 生成所述加密生物特征数据对应的生物密钥; 将生成的所述加 密生物特征数据和生物密钥进行存储;  a registration unit, configured to encrypt user biometric data by using a key, generate encrypted biometric data, generate biometric data of the user according to the biometric data of the user, and generate the key with the user's biometric Binding the characteristic data to generate a biometric key corresponding to the encrypted biometric data; storing the generated encrypted biometric data and the biometric key;
解密单元, 用于利用用户的生物特征样本, 从生物密钥中恢复出密钥; 并利用所述 恢复出来的密钥对加密生物特征数据进行解密, 得到生物特征数据;  a decryption unit, configured to recover a key from the biometric key by using the biometric sample of the user; and decrypt the encrypted biometric data by using the recovered key to obtain biometric data;
身份识别单元:用于将用户的生物特征样本与所述生物特征数据进行匹配, 当匹配 正确时, 确认用户身份。  The identification unit is configured to match the biometric sample of the user with the biometric data, and confirm the identity of the user when the matching is correct.
PCT/CN2008/070662 2007-04-05 2008-04-02 Method, device and system for protecting biometric feature data WO2008122236A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN 200710091009 CN101282217A (en) 2007-04-05 2007-04-05 Method, apparatus and system for protecting biological attribute data
CN200710091009.8 2007-04-05

Publications (1)

Publication Number Publication Date
WO2008122236A1 true WO2008122236A1 (en) 2008-10-16

Family

ID=39830493

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2008/070662 WO2008122236A1 (en) 2007-04-05 2008-04-02 Method, device and system for protecting biometric feature data

Country Status (2)

Country Link
CN (1) CN101282217A (en)
WO (1) WO2008122236A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685110A (en) * 2012-04-17 2012-09-19 中国科学院计算技术研究所 Universal method and system for user registration authentication based on fingerprint characteristics
WO2013121309A1 (en) * 2012-02-17 2013-08-22 International Business Machines Corporation Encrypted biometric data management and retrieval

Families Citing this family (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0910545D0 (en) * 2009-06-18 2009-07-29 Therefore Ltd Picturesafe
US8863271B2 (en) 2010-12-16 2014-10-14 Blackberry Limited Password entry using 3D image with spatial alignment
US9258123B2 (en) 2010-12-16 2016-02-09 Blackberry Limited Multi-layered color-sensitive passwords
CN104105095B (en) * 2011-06-30 2017-10-13 东莞市瑞腾电子科技有限公司 A kind of Wireless Application Protocol Gateway
CN103828291B (en) * 2011-06-30 2016-10-26 东莞市瑞腾电子科技有限公司 The method that application service is provided
US9223948B2 (en) 2011-11-01 2015-12-29 Blackberry Limited Combined passcode and activity launch modifier
CN102546655A (en) * 2012-02-07 2012-07-04 中山爱科数字科技股份有限公司 Secure transmission method for health information
CN102761417B (en) * 2012-06-27 2016-09-21 宇龙计算机通信科技(深圳)有限公司 The processing method of terminal data transmission and terminal
CN103136457A (en) * 2012-12-21 2013-06-05 惠州市亿能电子有限公司 BMS upper computer program protection method
US8966277B2 (en) * 2013-03-15 2015-02-24 Mitsubishi Electric Research Laboratories, Inc. Method for authenticating an encryption of biometric data
CN105550626B (en) * 2015-07-08 2019-03-22 宇龙计算机通信科技(深圳)有限公司 A kind of iris identification method and device
CN105160316B (en) * 2015-08-31 2017-12-22 宇龙计算机通信科技(深圳)有限公司 The fingerprint characteristic template encryption storage method and system of a kind of mobile terminal
EP3369026B1 (en) * 2015-10-26 2020-03-25 Visa International Service Association Wireless biometric authentication system and method
CN105391722A (en) * 2015-11-25 2016-03-09 湖北工业大学 Anti-leakage cloud storage method of address list hidden in irises
CN107294943A (en) * 2016-04-13 2017-10-24 天津工业大学 A kind of biometric templates guard method with security threat monitoring capability
CN106452746B (en) * 2016-09-28 2019-05-17 天津工业大学 A kind of biological secret key intelligent code key with security threat monitoring capability
CN106778523A (en) * 2016-11-25 2017-05-31 努比亚技术有限公司 Fingerprint input method and device
CN106533697B (en) * 2016-12-06 2019-11-08 上海交通大学 Generating random number and extracting method and its application in authentication
CN108243156B (en) * 2016-12-26 2020-09-11 航天信息股份有限公司 Method and system for network authentication based on fingerprint key
CN106712966A (en) * 2017-01-19 2017-05-24 努比亚技术有限公司 Biological characteristic protection method and device
CN107077558B (en) * 2017-02-09 2020-03-31 深圳市汇顶科技股份有限公司 Authentication method and authentication device based on biological characteristics and electronic equipment
EP3593269B1 (en) * 2017-03-09 2024-05-01 Fingerprint Cards Anacatum IP AB Methods for enrolling a user and for authentication of a user of an electronic device
CN107124283A (en) * 2017-05-24 2017-09-01 舒翔 A kind of physical characteristics collecting system and physical characteristics collecting method
US10546110B2 (en) * 2017-10-11 2020-01-28 Qualcomm Incorporated Systems and methods for context-based device address generation
CN108460288B (en) * 2018-04-02 2022-02-08 惠州学院 Big data security encryption method and device, storage medium and mobile terminal
CN109039650B (en) * 2018-08-08 2022-02-25 朱俊 Method and system for online information hosting by fusing biological characteristic encryption technology
CN116781839B (en) * 2023-08-24 2023-10-31 北京点聚信息技术有限公司 Fingerprint encryption method based on handwriting and seal data

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1710955A (en) * 2004-06-18 2005-12-21 罗姆股份有限公司 Apparatus key protection method, enciphering and deciphering apparatus and video transmitting receiving apparatus
CN1921384A (en) * 2006-09-12 2007-02-28 上海交通大学 Public key infrastructure system, local safety apparatus and operation method
CN101013943A (en) * 2007-02-14 2007-08-08 北京邮电大学 Method for binding/recovering key using fingerprint details

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1710955A (en) * 2004-06-18 2005-12-21 罗姆股份有限公司 Apparatus key protection method, enciphering and deciphering apparatus and video transmitting receiving apparatus
CN1921384A (en) * 2006-09-12 2007-02-28 上海交通大学 Public key infrastructure system, local safety apparatus and operation method
CN101013943A (en) * 2007-02-14 2007-08-08 北京邮电大学 Method for binding/recovering key using fingerprint details

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
LI QIONG ET AL.: "Study to Biometric-based Fuzzy Binder Algorithm", JOURNAL OF TEST AND MEASUREMENT TECHNOLOGY, vol. 18, 31 December 2004 (2004-12-31) *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2013121309A1 (en) * 2012-02-17 2013-08-22 International Business Machines Corporation Encrypted biometric data management and retrieval
GB2512803A (en) * 2012-02-17 2014-10-08 Ibm Encrypted biometric data management and retrieval
GB2512803B (en) * 2012-02-17 2015-03-25 Ibm Encrypted biometric data management and retrieval
US8996886B2 (en) 2012-02-17 2015-03-31 International Business Machines Corporation Encrypted biometric data management and retrieval
CN102685110A (en) * 2012-04-17 2012-09-19 中国科学院计算技术研究所 Universal method and system for user registration authentication based on fingerprint characteristics

Also Published As

Publication number Publication date
CN101282217A (en) 2008-10-08

Similar Documents

Publication Publication Date Title
WO2008122236A1 (en) Method, device and system for protecting biometric feature data
CN106548345B (en) Method and system for realizing block chain private key protection based on key partitioning
JP4881119B2 (en) User authentication method, user side authentication device, and program
US20180144114A1 (en) Securing Blockchain Transactions Against Cyberattacks
CN107104982B (en) It can search for encryption system with traitor tracing function in mobile electron medical treatment
CN101013943B (en) Method for binding/recovering key using fingerprint details
CN101945114B (en) Identity authentication method based on fuzzy vault and digital certificate
Chang et al. BIOFUSE: A framework for multi-biometric fusion on biocryptosystem level
JP2013084034A (en) Template distribution type cancelable biometric authentication system and method therefor
Kanade et al. Generating and sharing biometrics based session keys for secure cryptographic applications
TW201223225A (en) Method for personal identity authentication utilizing a personal cryptographic device
CN107257283B (en) Fingerprint verification method based on quantum figure state
CN111047305A (en) Private key storage and mnemonic method for encrypted digital currency wallet based on digital watermarking technology
Bathen et al. Selfis: Self-sovereign biometric ids
Hong et al. The vulnerabilities analysis of fuzzy vault using password
CN117040767B (en) Fine-grained multi-terminal identity authentication method based on PUF (physical unclonable function) and related equipment
CN109961542A (en) A kind of entrance guard device, verifying device, verifying system and its verification method
CN114065169B (en) Privacy protection biometric authentication method and device and electronic equipment
WO2006093238A1 (en) Authentication assisting device, authentication main device, integrated circuit, and authenticating method
Seo et al. Construction of a new biometric-based key derivation function and its application
Abiega-L’Eglisse et al. A New Fuzzy Vault based Biometric System robust to Brute-Force Attack
Xu et al. A scheme for cancelable fingerprint fuzzy vault based on chaotic sequence
Dong et al. Security enhancement of biometrics, cryptography and data hiding by their combinations
Bringer et al. Fuzzy vault and template-level fusion applied to a binary fingerprint representation
JP2007258789A (en) System, method, and program for authenticating agent

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08715394

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08715394

Country of ref document: EP

Kind code of ref document: A1