CN101976312B - Method for enhancing security of Biohashing system - Google Patents

Abstract

The invention discloses a method for enhancing security of Biohashing system, which is used for solving the poor system security technical problem that the conventional Biohashing method. The technical scheme is that: auxiliary data obtained based on key generation is adopted to enhance the security of the Biohashing system; the auxiliary data HelperData is generated by using a biological characteristic template and a token held by a user; and on the basis of not increasing the system distortion rate, when the token is lost or is obtained by an attacker, the system is not subjected to security threat and the system security is improved.

Description

Strengthen the method for Biohashing security of system

Technical field

The present invention relates to a kind of Biohashing method, particularly strengthen the method for Biohashing security of system.

Background technology

In the biological characteristic field of encryption, the protection problem of biological template roughly can be divided into two kinds: biological hash method (Biohashing) and based on the method (HelperData) of auxiliary data.Document " Cancellable biometrics andannotations on BioHash.Pattern Recognition, 2008,41 (6): 2034-2044. " discloses a kind of Biohashing method:

(1) feature extraction.From the primeval life feature templates, extract biological attribute data sequence N and represent the length of biological attribute data sequence,

representes set of real numbers;

(2), generate N random series r based on the random number seed token that sets in the known token ₁, r ₂...,

Wherein N representes the biological attribute data sequence length in the above-mentioned steps (1);

(3) according to the biological attribute data sequence r of Gram-Schmidt method with generation in the step (2) ₁, r ₂...,

Unit orthogonalization generates one group of new sequence or ₁, or ₂..., or _N.

(4) to each or _i, calculate inner product<v, or _i>, and setting threshold τ, obtain a discrete data b _i, wherein: i=1,2 ... N.Specific algorithm is following:

$b_i=\left\{\begin{array}{cc}0& <v,{\mathrm{Or}}_i>\&le;\mathrm{\&tau;}\\ 1& <v,{\mathrm{Or}}_i>>\mathrm{\&tau;}\end{array}\right.$ I=1 wherein, 2 ... N

The Biohashing method is a kind of scheme of effective revocable biological template; The pseudo-random sequence of utilizing token at random to generate is carried out inner product with the biological template data and is dispersed; Well annotated the intension of revocable biological template method: when changing at random token, just can regenerate new revocable template.In the verification process, if token is correct at random, the misclassification rate of system will reduce greatly, even the phenomenon of zero misclassification rate possibly occur.

Yet because the internal mechanism of Biohashing method, the effect of token in total system is very large, can be described as dominance, and this deviates from the original idea of using biological character for identity authentication.When the token that obtains user's token or user as the assailant leaked, the safety of system will receive very big influence.For example, after assailant A obtains the token of user B, use the token of B and the biological characteristic of self, promptly might be through the authentication of system.And for token, because be that the user outside is held, be prone to be stolen or leak, therefore, needs are a kind of can be in the still guaranteed improvement project of security of system after the token lost.

Existing improving one's methods all is in the middle flow process of system or the generative process of last biological Hash code word (BiohashCode), to increase parameter; Or changing traditional discrete logarithm comes total system is protected, and does not fundamentally solve token and loses the safety problem of system afterwards.

Summary of the invention

In order to overcome the deficiency of existing Biohashing method security of system difference, the present invention provides a kind of method of the Biohashing of enhancing security of system.This method adopts the auxiliary data based on key generation gained to strengthen the Biohashing security of system; The token that uses biometric templates and user to hold generates auxiliary data HelperData; On the basis that does not increase the systematic distortion rate; Lose or victim when resultant when token, system can not receive security threat, can improve the security of system.

The technical solution adopted for the present invention to solve the technical problems: a kind of method that strengthens the Biohashing security of system is characterized in comprising the steps:

(1) in biometric templates, extract intermediate data Aid, wherein Aid is that element value is 0 or 1 matrix, and its line number and columns are by setting threshold P in the extraction algorithm and unimodular value C _xAnd C _yDecision:

(1.1) be central point with the maximum point of curvature in the biometric templates, and be the center of circle with the central point, central spot field of direction direction is an x axle positive dirction, rotates counterclockwise 90 ° for y axle positive dirction, sets up plane right-angle coordinate;

(1.2) be as the criterion with the coordinate system in the step (1.1), extract the coordinate information M of all bifurcations in the minutiae point in the biometric templates _i(x _i, y _i), wherein i is an integer;

(1.3), calculate to each bifurcation i ρ i representes the distance of fingerprint minutiae to central point, and setting threshold P, works as ρ _iDuring＜P, this point gets into handles sequence, otherwise discards the information of this point, and wherein i is an integer;

(1.4) the unimodular value C of x axle and y axle in the setting coordinate system _xAnd C _y, then, calculate the positional information of each bifurcation i in matrix A id (x ', y '), computing method are following:

$\left[\begin{array}{c}{x}^{\&prime;}\\ y^{\&prime;}\end{array}\right]=\left[\begin{array}{c}(x_i+P)/C_x\\ (y_i+P)/C_y\end{array}\right]$

(1.5), behavior x ' among the matrix A id and the element value of classifying y ' as are defined as 1, and other element value among the matrix A id is defined as 0 according to the position of each bifurcation i in the step (1.4) in matrix A id (x ', y ');

(2) use the random number seed token that sets in the token of user's input and each row element of matrix A id to carry out XOR by turn, obtain matrix with matrix A id homotype as auxiliary data HelperData;

(3), generate biological Hash code word BiohashCode based on auxiliary data HelperData and original Biohashing algorithm:

(3.1) each capable being input in the original Biohashing algorithm as random seed among the auxiliary data HelperData is gone;

(3.2) with each row of auxiliary data HelperData as the token in the original Biohashing algorithm, generate a cryptographic hash Code through original Biohashing algorithm;

(3.3) with the sequencing of all cryptographic hash Code, combine, form final biological Hash code word BiohashCode according to generation.

The invention has the beneficial effects as follows: owing to adopt auxiliary data to strengthen the Biohashing security of system based on key generation gained; The token that uses biometric templates and user to hold generates auxiliary data HelperData; On the basis that does not increase the systematic distortion rate; Lose or victim when resultant when token, system can not receive security threat, has improved the security of system.

Below in conjunction with accompanying drawing and embodiment the present invention is elaborated.

Description of drawings

Accompanying drawing is the method flow synoptic diagram that the present invention strengthens the Biohashing security of system.

Embodiment

Explanation of nouns:

Aid: in auxiliary data HelperData generative process, by the intermediate data that extracts in the biological data.This intermediate data is by extracting a certain amount of information in the biological data.This information is limited the quantity of, and according to Aid, the assailant can not reconstruct biological template, and promptly Aid is the one group of data that can represent the primeval life template to a certain extent and can not reconstruct the primeval life template according to Aid

HelperData: unite the data of generation by token and intermediate data Aid, participate directly in the Biohashing algorithm operating, play with original Biohashing system in the identical effect of token, promptly occur as random seed.

Present embodiment is example explanation the present invention with the fingerprint picture of 256*360pi (pi is a pixel).Other biological characteristic also is fit to the present invention like iris, people's face, palmmprint etc.Through to system input identical token and different pictures, verify when token lose or victim obtain after the security of system.

With reference to accompanying drawing, each width of cloth picture all passes through following processing after getting into system, the match information when obtaining canned data or the authentication in the server end database.

(1) extracts intermediate data Aid.

(1.1) the maximum point of curvature is a central point in the searching fingerprint image, is the center of circle with the central point, and central spot field of direction direction is an x axle positive dirction, rotates counterclockwise 90 ° and is y axle positive dirction, sets up plane right-angle coordinate;

(1.2) be as the criterion with the coordinate system in the step (1.1), extract the coordinate information M of all bifurcations in the minutiae point in the fingerprint characteristic template _i(x _i, y _i), wherein i is an integer;

(1.3), calculate to each bifurcation i

ρ _iThe expression fingerprint minutiae is to the distance of central point, and setting threshold P, works as ρ _iDuring＜P, this point gets into handles sequence, otherwise discards the information of this point, and wherein i is an integer.Set P=128pi;

(1.4) the unimodular value C of x axle and y axle in the setting coordinate system _xAnd C _y, then, calculate the positional information of each bifurcation i in matrix A id (x ', y '), computing method are following:

$\left[\begin{array}{c}{x}^{\&prime;}\\ y^{\&prime;}\end{array}\right]=\left[\begin{array}{c}(x_i+P)/C_x\\ (y_i+P)/C_y\end{array}\right]$

Here, make C _x=C _y=8pi;

(1.5) according to the position of each bifurcation i in the step (1.4) in matrix A id (x ', y '), behavior x ' among the matrix A id and the element value of classifying y ' as are defined as 1, other element value of matrix A id is defined as 0; So just extract matrix A id, regard this matrix as two-dimensional array Aid [] [] and use; Work as C _x=C _yDuring=8pi, two-dimensional array is Aid [32] [32].

(2) use the token and the Aid [] [] of user's input to carry out XOR line by line, obtain HelperData [] [].That is:

$\mathrm{HelperData}\left[i\right]\left[\right]=\mathrm{Token}\&CirclePlus;\mathrm{Aid}\left[i\right]\left[\right]$ Wherein: i=0,1 ... 31

The setting token is a sexadecimal number, and length is 8.

(3) HelperData is loaded into original Biohashing system.

(3.1) HelperData [] [] is taken out line by line, each row HelperData [i] [] is input in the original Biohashing system as a random seed and goes;

(3.2) HelperData [i] [] generates a code word Code _i

(3.3) all code word Code that step (3.2) generated _iSize order according to i couples together, and forms final biological Hash code word BiohashCode;

Fingerprint image all needs to generate last BiohashCode with the token that matches with it through above-mentioned operation when system registry and authentication.The BiohashCode that registration generates is stored in the server end database, and the BiohashCode that generates during authentication will mate with the data in the server database.

(4) matching process.

The BiohashCode that generates in the time of might as well making registration is B ^E, the BiohashCode that generates when making authentication is B ^QMatching process is following:

(4.1) compare

and

Use Hamming distance to describe distance B between the two _i, then

Wherein

For forming B ^E, B ^QBy the Code that generates in (3.2) _iValue; Valuei does

With

Between Hamming distance and Code _iThe ratio of length.

Setting threshold VA, length is 32 array SA, works as Value _iDuring＜VA, make SA (i)=1, otherwise, SA (i)=0 made.Here get VA ∈ (0.1,0.15);

(4.2) calculate matching fractional.

$\mathrm{Score}(E,Q)=\frac{{\mathrm{\&Sigma;}}_{i=0}^{31}\mathrm{SA}\left(i\right)}{T}$

Wherein: (E Q) is B to Score ^EAnd B ^QMatching fractional; T is the number of i,, is set at 32 here.

(4.3) setting threshold SC, when Score (E, Q) >=during SC, then think and mate successfully, otherwise the coupling failure.Here set SC ∈ (0.75,0.8).

Claims (1)

1. a method that strengthens the Biohashing security of system is characterized in that comprising the steps:

(1) in biometric templates, extract intermediate data Aid, wherein Aid is that element value is 0 or 1 matrix, and its line number and columns are by setting threshold P in the extraction algorithm and unimodular value C _xAnd C _yDecision:

(1.1) be central point with the maximum point of curvature in the biometric templates, and be the center of circle with the central point, central spot field of direction direction is an x axle positive dirction, rotates counterclockwise 90 ° for y axle positive dirction, sets up plane right-angle coordinate;

(1.2) be as the criterion with the coordinate system in the step (1.1), extract the coordinate information M of all bifurcations in the minutiae point in the biometric templates _i(x _i, y _i), wherein i is an integer;

(1.3), calculate to each bifurcation i

ρ _iThe expression fingerprint minutiae is to the distance of central point, and setting threshold P, works as ρ _iDuring＜P, this point gets into handles sequence, otherwise discards the information of this point, and wherein i is an integer;

(1.4) the unimodular value C of x axle and y axle in the setting coordinate system _xAnd C _y, then, calculate the positional information of each bifurcation i in matrix A id (x ', y '), computing method are following:

$\left[\begin{array}{c}{x}^{\&prime;}\\ y^{\&prime;}\end{array}\right]=\left[\begin{array}{c}(x_i+P)/C_x\\ (y_i+P)/C_y\end{array}\right]$

(1.5), behavior x ' among the matrix A id and the element value of classifying y ' as are defined as 1, and other element value among the matrix A id is defined as 0 according to the position of each bifurcation i in the step (1.4) in matrix A id (x ', y ');

(2) use the random number seed token that sets in the token of user's input and each row element of matrix A id to carry out XOR by turn, obtain matrix with matrix A id homotype as auxiliary data HelperData;

(3), generate biological Hash code word BiohashCode based on auxiliary data HelperData and original Biohashing algorithm:

(3.1) each capable being input in the original Biohashing algorithm as random seed among the auxiliary data HelperData is gone;

(3.2) with each row of auxiliary data HelperData as the token in the original Biohashing algorithm, generate a cryptographic hash Code through original Biohashing algorithm;

(3.3) with the sequencing of all cryptographic hash Code, combine, form final biological Hash code word BiohashCode according to generation.

Images