CN102904885A - Compound authentication method of multi-identity authentication information feature - Google Patents

Compound authentication method of multi-identity authentication information feature Download PDF

Info

Publication number
CN102904885A
CN102904885A CN2012103638918A CN201210363891A CN102904885A CN 102904885 A CN102904885 A CN 102904885A CN 2012103638918 A CN2012103638918 A CN 2012103638918A CN 201210363891 A CN201210363891 A CN 201210363891A CN 102904885 A CN102904885 A CN 102904885A
Authority
CN
China
Prior art keywords
authentication
authentication information
information
result
matrix
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2012103638918A
Other languages
Chinese (zh)
Other versions
CN102904885B (en
Inventor
刘经纬
王普
杨蕾
李会民
张春晓
杨建栋
赵辉
常鹏
贾之阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing University of Technology
Original Assignee
Beijing University of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing University of Technology filed Critical Beijing University of Technology
Priority to CN201210363891.8A priority Critical patent/CN102904885B/en
Publication of CN102904885A publication Critical patent/CN102904885A/en
Application granted granted Critical
Publication of CN102904885B publication Critical patent/CN102904885B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Collating Specific Patterns (AREA)

Abstract

The invention provides a multi-identity authentication compounding method which can be applied to the fields of identity authentication, office automation and the like. The method specifically comprises the following steps of: collecting identity authentication information of a legal authentication object, computing and saving an feature information matrix, collecting the identity authentication information of an unknown object J to be authenticated, computing single identity authentication probability of the unknown object J to be authenticated, judging single identity authentication information feature, computing compound judgment volume of multi-identity authentication information feature, and carrying out compound judging on the multi-identity authentication information feature. According to the multi-identity authentication compounding method, the problems of the limited precision and the limited application range of a single identity authentication method can be solved, the large-range arrangement problem in the application process and a large amount of workloads brought by professional official transaction flow can be solved, and the technical effects that the single authentication accuracy rate is improved and the applicability of the single identity authentication is extended are achieved.

Description

The compound authentication method of many authentication information feature
Technical field
The present invention proposes a kind of network service platform method and the system that has adopted the method based on many authentications composite algorism, can be applicable to the fields such as authentication, office automation.
Background technology
At present, in the actual production life, identity authorization system mainly adopts the mode of single capacity authentication, and more typical way is:
1. a lot of individual online payment systems adopt special-purpose USB authority memory, are commonly called as the equipment of excellent shield.This scheme needs the user when each the use, all excellent shield is inserted in the operated computer to operate.The authentication committed step is: the certificate file in this excellent shield and the authentication document of far-end bank server end mate, and determine the result of authentication;
2. a lot of units adopt fingerprint identification device, carry out authentication, the system of for example registering.This scheme often needs all people that register to carry out fingerprint collecting work to the unified machine of registering.The authentication committed step is: the fingerprint characteristic information of storing in the current finger print information of dispersion user and the centralized fingerprint collecting equipment is mated, and determines the result of authentication;
3. a lot of units adopt and print paper document, and the mode of a plurality of departments signature is carried out professional validity authentication, for example file countersign system.This scheme needs the business personnel to print specification documents for the key link of relatively-stationary service needed authentication, and holds the document and please be correlated with the leader according to the regular affirmation of successively signing of operation flow to relevant departments.The authentication committed step is that current signatory is to shareholder's signature approval.
The mode of classical single capacity authentication has problems and is: there is the higher possibility of stealing that is imitated in the single capacity authentication, single method can't conveniently be tackled at diversified application needs, and for the identity authorization system of complexity, different business often needs the identification authentication mode of the best most convenient that adopts different.
The system of for example registering is low than payment system for the requirement of reliability, the requirement of its convenience and pocket wants high than payment system, excellent shield mode then requires the necessary carried terminal equipment of user, and the terminal equipment of system of fingerprints then is the natural finger that carries of user.Again for example: the system of registering of single office is fit to concentrate deployment formula scheme, and suitable employing of the application of countersign system disperseed deployment formula scheme.
Summary of the invention
The problem that the present invention mainly solves:
In some office application, because characteristics and the security requirement of professional frequency can't be finished authentication very accurately when a certain identity identifying method, then can adopt multiple identity identifying method to carry out combined identity certification.Many authentications need to organize together independent identity identifying method the demand that just can finish application by a kind of rule (algorithm).The present invention proposes a kind of new method and system just for the problems referred to above and present situation.
The present invention proposes a kind of network service platform method based on many authentications composite algorism, can be applicable to the fields such as authentication, office automation.Mainly solve following problem: at first, many authentications composite algorism is compound with the method for multiple authentication, and authentication result is unreliable in some applications to have overcome the single capacity authentication method, inconvenient problem with use in different application; Secondly, solving identity authorization system disposes and the widespread adoption problem; At last, when the method is applied to Field of Office Automation, the hard work amount problems such as a large amount of papery office document management and artificial file countersign have been solved.
The technical scheme that the present invention takes:
To achieve these goals, address the above problem, the present invention has taked following technical scheme:
One, method:
1. the compound authentication method of many authentication information feature is characterized in that: produce and preserve the characteristic information storehouse and two parts of the compound authentication of authentication information more than 1.2 consist of by 1.1;
1.1 produce and preservation characteristic information matrix, have successively following performing step:
Step 1.1.1 gathers the authentication information I of legal authentication object Mn:
Wherein, I MnM known legal authentication object C of expression mN authentication information, m is 1 to the positive integer of M, n is 1 to N positive integer; The authentication object C that each is known mN kind authentication information is arranged;
Wherein, C mM known legal authentication object of expression, corresponding J represents the object to be certified of some the unknowns with it; The method target is to identify whether M known authentication object C of object J to be certified mIn one, and J is C mIn which;
Step 1.1.2 calculates and preserves characteristic information matrix I F:
For m authentication object C mN kind authentication information I M1, I M2..., I MN, carry out characteristic information and calculate, obtain characteristic information matrix I F
Characteristic information matrix I FAlso can be I M1, I M2..., I MN, also can be by I M1, I M2..., I MNBy the characteristic information Tw that mode identification method calculates, it also can be the combination of above-mentioned two kinds of characteristic informations;
1.2 the compound authentication of many authentication information has following performing step successively:
Step 1.2.1 gathers the authentication information J of unknown object J to be certified n:
J represents the object to be certified of some the unknowns, J nN the authentication information of expression J, n is 1 to N positive integer;
Step 1.2.2 calculates the unmarried part of authentication probability P of object J to be certified n:
Definition P n: establish in the authentication of N kind, the result of every kind of authentication is probable value P nForm, n is 1 to the positive integer of N, i.e. P 1, P 2..., P NP nSpan be integer or decimal in 0 to 1 closed interval, P nThe accuracy rate of authentication is higher among the larger expression n;
Treat the N kind authentication information J of authentication object J nCarry out unmarried part of authentication, obtain unmarried part of authentication probability P nThe as a result Tout=(Mout, Pout) that calculates has two information, and one is classification Mout, and Mout represents most probable classification situation among the pattern recognition result, if Mout is not to be J, then this recognition result is that the probability of J is P n=0, if Mout is J, then this recognition result is that the probability of J is P n=Pout;
Unmarried part of authentication information feature of step 1.2.3 judged:
Definition PMIN n: unmarried part of authentication information feature approval probability lower limit, n is 1 to N positive integer, represents n kind authentication acceptable lower limit probability; PMIN nSpan be integer or decimal in 0 to 1 closed interval;
If there is P nSatisfy P nLess than PMIN n, then authentication failure jumps to step 1.2.6 authentication failure, i.e. Y=0;
If any P nAll satisfy P nMore than or equal to PMIN n, then algorithm continues;
Step 1.2.4 calculates the compound decision content y of many authentication information feature:
The compound authentication method result's of many authentication information feature accuracy rate Y is the as a result P by multiple unmarried part of identifying algorithm 1, P 2..., P NCalculate by many authentications composite algorisms, i.e. Y=F(P 1, P 2..., P N);
The computing formula of the compound decision content y of many authentication information feature is:
y=W 1xP 1+W 2xP 2+…+W NxP N
Wherein, W nBe weight coefficient, represent various identity authentication result to the influence degree of the as a result Y of many authentications composite algorism, n is 1 to N positive integer, W nSpan be integer or decimal in 0 to 1 closed interval, and W 1+ W 1+ ... + W n=100%;
The compound judgement of many authentication information of step 1.2.5 feature:
Definition PMIN: the compound approval probability of many authentication information feature lower limit, many authentications of expression acceptable composite computing result's lower limit probability, PMIN nSpan be integer or decimal in 0 to 1 closed interval;
If y is less than PMIN, then authentication failure jumps to step 1.2.6 authentication and does not pass through;
If y is more than or equal to PMIN, then authentication is passed through;
The compound authentication method result's of many authentication information feature accuracy rate Y=y; Method finishes;
Step 1.2.6 authentication is not passed through, and method finishes;
2. the compound authentication method of many authentication information feature described in according to claim 1, it is characterized in that: described authentication information is password or password or seal or smart card or signature or person's handwriting or E-token dynamic password card or excellent shield or short message password or two-dimension code or fingerprint or palmmprint or sound or retina or DNA or people's face.
3. step 1.1.2 is described in according to claim 1 carries out the method that characteristic information calculates, and it is characterized in that: adopted neural network BP training algorithm, be specially,
The input matrix of train samples is each known authentication object C mX authentication information I MX, the objective matrix of train samples is T01, T01 be with matrix T=(1,2 ..., M) carry out the result that normalization is calculated, the difference between adjacent two numerical value of T01 is T01diff;
Neural net adopts Self-adaptation Wavelet Neural Network, and training algorithm adopts the Self-adaptation Wavelet Neural Network training algorithm, and the result of calculating is weight matrix WIJ, WJK and change of scale parameter matrix A, B is kept at it among characteristic information matrix T w, i.e. Tw=(WIJ, WJK, A, B, T01diff).
4. treat according to claim 3 the N kind authentication information J of authentication object J nCarry out the method that unmarried part of authentication adopted, it is characterized in that: adopted neural net forward calculation algorithm, be specially,
A certain the authentication information J that is input as unknown object J to be certified of neural net forward calculation X
The weight matrix of neural net forward calculation and change of scale parameter matrix are characteristic information matrix T w;
The algorithm that the neural net forward calculation is calculated adopts Self-adaptation Wavelet Neural Network forward calculation algorithm, and the result is numerical value y01;
Y01 and T01 are compared, find the element t01 of immediate y01 in the T01 matrix, namely the element in the T01 matrix and y01 do poor as a result minimum that be t01;
T01 is carried out renormalization calculate, obtain Mout and represent the immediate classification number of result of calculation;
Calculate probability corresponding to classification results Mout, Pout=|t01-y01|/T01diff, wherein T01diff represents the difference between adjacent two numerical value of T01;
Therefore available result is Tout=(Mout, Pout);
5. the compound authentication method of many authentication information feature according to claim 1 is characterized in that: described method of carrying out characteristic information calculating can also adopt feature extracting method or template Comparison Method or discriminant function method or statistical classification or Bayes Method or clustering methodology or fuzzy classifier method or neural net method or support vector machine method.
6. the compound authentication method of many authentication information feature according to claim 1 is characterized in that: the described N kind authentication information J that treats authentication object J nCarry out the method that unmarried part authentication adopts and to adopt feature extracting method or template Comparison Method or discriminant function method or statistical classification or Bayes Method or clustering methodology or fuzzy classifier method or neural net method or support vector machine method.
Two, system:
Network service system based on many authentications is characterized in that: be comprised of a plurality of user terminals (100), a real-time authentication center (200), a Certificate Authority center (300) and (0) four part of characteristic information storage medium;
User terminal (100) is comprised of the fingerprint recognition pick-up transducers (102) of user terminal main frame (101), user terminal and the excellent shield authenticating device (103) of user terminal; Fingerprint collecting transducer (102) is connected with user terminal main frame (101), fingerprint collecting transducer (102) gathers finger print information to be identified and sends user terminal main frame (101) to, excellent shield authenticating device (103) is connected with user terminal main frame (101), and excellent shield authenticating device (103) sends the excellent shield private key information (1103) of the user terminal of preservation in the characteristic information storage medium (0) to user terminal main frame (101);
Real-time authentication center (200) is made of real-time authentication central server (201), real-time authentication center (200) with the annexation of user terminal (100) is: user terminal main frame (101) connects with real-time authentication central server (201) by network and links to each other, the excellent shield private key information (1103) of the finger print information to be identified that user terminal main frame (101) will collect and user terminal sends to real-time authentication central server (201), real-time authentication central server (201) calculates the finger print information to be identified of reception and the excellent shield private key information (1103) of user terminal by many authentications complex method, and identity authentication result (2900) is sent to user terminal main frame (101), user terminal main frame (101) shows the identity authentication result that receives;
Certificate Authority center (300) is by Certificate Authority central host (301), the fingerprint collecting transducer (302) at Certificate Authority center and the excellent shield authenticating device (303) at Certificate Authority center form, Certificate Authority center fingerprint recognition pick-up transducers (302) gathers known legal user fingerprints information and sends Certificate Authority central host (301) to, Certificate Authority central host (301) is calculated the known legal user fingerprints information that receives, obtain known legal user's fingerprint identity validation information, and calculated characteristics information, deposit the fingerprint identity validation information database (3312) of Certificate Authority central host (301) in, fingerprint identity validation information database (3312)
Figure BDA00002197069900061
Being used for real-time authentication center (200) identification object identity to be certified uses; Certificate Authority central host (301) generates excellent shield authentication information PKI and private key at random, and deposit PKI the excellent shield authentication information database (3313) of Certificate Authority central host (301) in, private key is deposited in the characteristic information storage medium (0) by the excellent shield authenticating device (303) at Certificate Authority center; Above-mentioned PKI, private key, excellent shield authentication information database (3313) will use for real-time authentication center (200) identification object identity to be certified; Real-time authentication central server (201) links to each other with Certificate Authority central host (301) by network, and Certificate Authority central host (301) is regularly to real-time authentication central server (201) one-way synchronization fingerprint identity validation information database (3312) and excellent shield authentication information database (3313).
Innovative point of the present invention is:
At first, many authentications composite algorism carries out multiple single capacity identifying algorithm comprehensively to have brought into play the characteristics of every kind of single capacity identifying algorithm, has promoted the quality of whole authentication; Next, the network service platform method of many authentications composite algorism has been abandoned traditional centralized identity authentication system deployment scheme, adopts the collecting and distributing type deployment scheme, disposes and use better convenience and extensive.
Advantage compared with prior art of the present invention:
Many authentications composite algorism that the present invention proposes is integrated multiple authentication algorithm, has realized that many authentications are compound, has solved to have overcome the in some cases insecure problem of authentication result of single capacity authentication method; Secondly, the network service platform method of many authentications composite algorism has been abandoned traditional centralized identity authentication system deployment scheme, adopt the collecting and distributing type deployment scheme, solved the daily frequent use problem of the inconvenient user of centralized identity authentication system deployment scheme, and solved a large amount of paperys offices that the system applies based on the network service platform method of many authentications composite algorism exists in Field of Office Automation, run problem such as hard work such as label grade.
Description of drawings
Accompanying drawing 1 system's annexation block diagram
Accompanying drawing 2 method flow diagrams
Embodiment
Describe present embodiment in detail below in conjunction with accompanying drawing 1.
Present embodiment is after describing system hardware annexation and implementation process in detail, by practice the specific implementation process of network service platform method when using of many authentications composite algorism that the present invention proposes has been described, in order to deepen the reader to the understanding of content of the present invention.
One, Hardware Design:
Network service system based on many authentications, be comprised of a plurality of user terminals (100), a real-time authentication center (200), a Certificate Authority center (300) and (0) four part of characteristic information storage medium, authentication center (300) has adopted many authentications composite algorism.
Each user terminal (100) is comprised of the fingerprint recognition pick-up transducers (102) of user terminal main frame (101), user terminal, the excellent shield authenticating device (103) of user terminal.User terminal main frame (101) adopts PC computer and notebook computer, and fingerprint Identification sensor (102) adopts the USB fingerprint Identification sensor product of Lenovo company, and excellent shield authenticating device (103) adopts the excellent shield product of USB of EDI company.
The real-time authentication central server (201) at real-time authentication center (200) and the Certificate Authority central host (301) of Certificate Authority center (300) all adopt IBM x3650 server.
Fingerprint Identification sensor (102) is connected with user terminal main frame (101), fingerprint Identification sensor (102) gathers and sends to user terminal main frame (101) with user's finger print information to be identified (1001), excellent shield authenticating device (103) is connected with user terminal main frame (101), and excellent shield authenticating device (103) sends the excellent shield private key information (1103) of the user terminal of preservation in the characteristic information storage medium (0) to user terminal main frame (101);
A real-time authentication center (200) is made of real-time authentication central server (201), a plurality of user terminals (100) connect with real-time authentication central server (201) by wide area network and link to each other, user terminal (100) will send to from the authentication information to be identified that the user gathers real-time authentication central server (201), real-time authentication central server (201) calculates the authentication information to be identified that gathers from the user by many authentications composite algorism, identity authentication result is sent to user terminal (100), user terminal is taked corresponding processing according to the identity authentication result that receives;
Certificate Authority center (300) is by Certificate Authority central host (301), the fingerprint collecting transducer (302) at Certificate Authority center and the excellent shield authenticating device (303) at Certificate Authority center form, Certificate Authority center fingerprint recognition pick-up transducers (302) gathers known legal user fingerprints information and sends Certificate Authority central host (301) to, Certificate Authority central host (301) is calculated the known legal user fingerprints information that receives, obtain known legal user's fingerprint identity validation information, and calculated characteristics information, deposit the fingerprint identity validation information database (3312) of Certificate Authority central host (301) in, fingerprint identity validation information database (3312) is used for real-time authentication center (200) identification object identity to be certified to be used; Certificate Authority central host (301) generates excellent shield authentication information PKI and private key at random, and deposit PKI the excellent shield authentication information database (3313) of Certificate Authority central host (301) in, private key is deposited in the characteristic information storage medium (0) by the excellent shield authenticating device (303) at Certificate Authority center; Above-mentioned PKI, private key, excellent shield authentication information database (3313) will use for real-time authentication center (200) identification object identity to be certified; Real-time authentication central server (201) links to each other with Certificate Authority central host (301) by network, and Certificate Authority central host (301) is regularly to real-time authentication central server (201) one-way synchronization fingerprint identity validation information database (3312) and excellent shield authentication information database (3313);
Certificate Authority center (300) is with the difference at real-time authentication center (200): Certificate Authority center (300) are the management organizations of authentication information, and real-time authentication center (200) are actuators;
Two, system's operation embodiment:
The running of system is comprised of the generation of authentication information, two processes of checking of authentication information;
The generation of process 2.1 authentication information:
The Certificate Authority central host (301) at process 2.1.1 Certificate Authority center (300) is registered a user A for new user, and A is original positive integer in other user registration courses in the system, and then new user is user A;
The fingerprint collecting transducer (302) at process 2.1.2 Certificate Authority center gathers the fingerprint of user A, the finger print information (3302) at the Certificate Authority center that gathers is sent to Certificate Authority center (301), classical algorithm for recognizing fingerprint is adopted at Certificate Authority center (301), calculates the fingerprint identity validation information of user A and deposits it in fingerprint identity validation information database (3312);
The key schedule of Certificate Authority central host (301) the employing classics at process 2.1.3 Certificate Authority center (300) is excellent shield authentication information PKI and private key for user A generates, and deposit PKI in excellent shield authentication information database (3313), the excellent shield authenticating device (303) of private key by the Certificate Authority center deposited in the characteristic information storage medium (0) of user A;
Certificate Authority central host (301) timing at process 2.1.4 Certificate Authority center (300) is to real-time authentication central server (201) unidirectional renewal fingerprint identity validation information database (3312) and the excellent shield authentication information database (3313) of real-time authentication center (200);
The checking of process 2.2 authentication information:
Process 2.2.1 user terminal (100) is received user X and initiated ID authentication request: the fingerprint collecting transducer (102) of user terminal gathers the finger print information of the user terminal of user X and submits to user terminal main frame (101), and by the excellent shield authenticating device (103) of user terminal the excellent shield private key information (1103) of user terminal in the characteristic information storage medium (0) is submitted to user terminal main frame (101);
Process 2.2.2 user terminal main frame (101) is to the finger print information of the user terminal of real-time authentication server (201) transmission user A submission and the excellent shield private key information (1103) of user terminal;
Process 2.2.3 real-time authentication server (201) adopts the compound authentication calculations of many authentication information to go out identity authentication result (2900) take the excellent shield private key information (1103) of the finger print information of user terminal and user terminal as input;
Process 2.2.4 Certificate Authority central server (201) is submitted to user terminal main frame (101) with identity authentication result (2900), and user terminal main frame (101) shows the result;
Three, the calculation process of many authentications composite algorism:
The compound authentication method of many authentication information feature produces by 3.1 and preserves the characteristic information storehouse and two parts of the compound authentication of authentication information more than 3.2 consist of;
3.1 produce and preservation characteristic information matrix, successively by following performing step:
Step 3.1.1 gathers the authentication information I of legal authentication object Mn:
Have 10 known legitimate authentication objects in the present embodiment, each object has 2 authentication information, i.e. M=10, N=2; Two kinds of identity identifying methods are respectively finger print identifying and digital certificate authentication;
Wherein, I MnM known legal authentication object C of expression mN authentication information, m is 1 to the positive integer of M, n is 1 to N positive integer; The authentication object C that each is known mN kind authentication information is arranged; C mM known legal authentication object of expression, corresponding J represents the object to be certified of some the unknowns with it; The method target is to identify whether M known authentication object C of object J to be certified mIn one, and J is C mIn which;
The authentication information I of finger print identifying 11, I 21..., I 101Computational methods as follows: (1) is for C 1, C 2, C 10Fingerprint sensor obtain the gray level image that fingerprint image is 30x50, the interval of each pixel is 0-255.(2) image of whole 30x50 is divided into the image of 15 10x10, value value of averaging of 100 pixels in the image of each 10x10 is calculated again, obtain 15 mean values, the image transitions that is about to 30x50 becomes the gray level image of 3x5.(3) again with 15 gray-scale pixels o'clock take 127 as threshold values, the usefulness 0 less than or equal to 127 represents, the usefulness 1 more than or equal to 128 represents, changes it into into 3x5 bianry image.These 15 value composition of vector are C 1Characteristic value.
The authentication information I of digital certificate authentication 12, I 22, I 102Then be by with 32 positive integers immediately, by the result who obtains after twice computations of AES, 3DES.
Step 3.1.2 calculates and preserves characteristic information matrix I F:
Characteristic information matrix I in the present embodiment FThe authentication information I by digital certificate authentication 12, I 22, I 102Authentication information I with finger print identifying M1, I M2..., I MNDimerous by the characteristic information matrix T w that mode identification method calculates;
The authentication information I of finger print identifying M1, I M2..., I MNSelf-adaptation Wavelet Neural Network is adopted in the calculating of characteristic information matrix T w;
The input matrix of train samples is 10 known authentication object C 1, C 2, C 10The 1st authentication information I 11, I 21..., I 101, the objective matrix of train samples is T01, T01 be with constant matrices T=(1,2 ..., M) carry out the result that normalization is calculated, the difference between adjacent two numerical value of T01 is T01diff;
Be T 01=(0.1,0.2 ..., 1), T01diff=0.1;
Neural net adopts Self-adaptation Wavelet Neural Network, and training algorithm adopts the Self-adaptation Wavelet Neural Network training algorithm, and the result of calculating is weight matrix WIJ, WJK and change of scale parameter matrix A, B is kept at it among characteristic information matrix T w, i.e. Tw=(WIJ, WJK, A, B, T01diff).
Characteristic information matrix I FBe kept in Certificate Authority center (300) reservation, namely be saved in real-time authentication center (200); In this simultaneously, for object to be certified, himself also can keep information to be certified, and namely finger print information is kept on the object finger to be verified, and digital certificate authentication information (private key information) is kept at the characteristic information storage medium (0) that object to be verified is held;
3.2 the compound authentication of many authentication information has following performing step successively:
Step 3.2.1 gathers the authentication information J of unknown object J to be certified n:
J represents the object to be certified of some the unknowns, J nN the authentication information of expression J, Jn is 1 to N positive integer;
Step 3.2.2 calculates the unmarried part of authentication probability P of object J to be certified n:
Definition P n: establish in the authentication of N kind, the result of every kind of authentication is probable value P nForm, n is 1 to the positive integer of N, i.e. P 1, P 2..., P NP nSpan be integer or decimal in 0 to 1 closed interval, P nThe accuracy rate of authentication is higher among the larger expression n;
In the present embodiment, the result for digital certificate authentication can directly by comparing, then adopt the process of neural net forward calculation as follows for the calculating of fingerprint verification method authentication result:
A certain the authentication information J that is input as unknown object J to be certified of neural net forward calculation XJ in like manner XFor fingerprint sensor obtain fingerprint image be 30x50 gray level image through averaging and binary conversion treatment after the vector that contains 15 elements;
Because having kept weight matrix and the change of scale parameter matrix of neural net forward calculation in the system is characteristic information matrix T w=(WIJ, WJK, A, B, T01diff);
The algorithm of neural net forward calculation adopts Self-adaptation Wavelet Neural Network forward calculation algorithm, and the result is numerical value y01; Y01 and T01 are compared, find the element t01 of immediate y01 in the T01 matrix, namely the element in the T01 matrix and y01 do poor as a result minimum that be t01; T01 is carried out renormalization calculate, obtain Mout and represent the immediate classification number of result of calculation; Calculate probability corresponding to classification results Mout, Pout=|t01-y01|/T01diff, wherein T01diff represents the difference between adjacent two numerical value of T01; Therefore available result is Tout=(Mout, Pout);
Treat the N kind authentication information J of authentication object J nCarry out unmarried part of authentication, obtain unmarried part of authentication probability P nThe as a result Tout=(Mout, Pout) that calculates has two information, and one is classification Mout, and Mout represents most probable classification situation among the pattern recognition result, if Mout is not to be J, then this recognition result is that the probability of J is P n=0, if Mout is J, then this recognition result is that the probability of J is P n=Pout;
For example in certain object J verification process to be certified to the unknown, obtain finger print identifying result's the C that is categorized as by the neural net forward calculation 1, its probability is P1=0.9723, the result of digital certificate authentication also is C 1, its probability is P2=0.939;
Unmarried part of authentication information feature of step 3.2.3 judged:
Definition PMIN n: unmarried part of authentication information feature approval probability lower limit, n is 1 to N positive integer, represents n kind authentication acceptable lower limit probability; PMIN nSpan be integer or decimal in 0 to 1 closed interval;
In the present embodiment, for every kind of authentication input single approval probability lower limit PMINn, i.e. PMIN1=0.9, a PMIN2=0.9; Input weights W n, namely W1=0.5, W2=0.5 satisfy W1+W2=100%; Input compound approval probability lower limit PMIN=0.95.
If there is P nSatisfy P nLess than PMIN n, then authentication failure, algorithm finishes, i.e. Y=0;
If any P nAll satisfy P nMore than or equal to PMIN n, then algorithm continues;
Situation in the present embodiment for example is because P1=0.9723〉0.9=PMIN1, and P2=0.939 0.9=PMIN2, so algorithm continues, carry out the compound judgement of many authentications
Step 3.2.4 calculates the compound decision content y of many authentication information feature:
The compound authentication method result's of many authentication information feature accuracy rate Y is the as a result P by multiple unmarried part of identifying algorithm 1, P 2..., P NCalculate by many authentications composite algorisms, i.e. Y=F(P 1, P 2..., P N);
The computing formula of the compound decision content y of many authentication information feature is:
y=W 1xP 1+W 2xP 2+…+W NxP N
Wherein, W nBe weight coefficient, represent various identity authentication result to the influence degree of the as a result Y of many authentications composite algorism, n is 1 to N positive integer, W nSpan be integer or decimal in 0 to 1 closed interval, and W 1+ W 1+ ... + W n=100%;
For example situation in the present embodiment is calculated the compound decision variable y of many authentications,
y=W1×P1+W2×P2
=0.5x0.9723+0.5x0.939
=0.9556
The compound judgement of many authentication information of step 3.2.5 feature:
Definition PMIN: the compound approval probability of many authentication information feature lower limit, many authentications of expression acceptable composite computing result's lower limit probability, PMIN nSpan be integer or decimal in 0 to 1 closed interval;
If y is less than PMIN, then authentication failure jumps to step 1.2.6 authentication and does not pass through;
If y is more than or equal to PMIN, then authentication is passed through;
The compound authentication method result's of many authentication information feature accuracy rate Y=y; Method finishes;
Situation in the present embodiment for example is because y=0.9556〉0.95=PMIN, so the authentication success, classification results is C 1

Claims (6)

1. the compound authentication method of many authentication information feature is characterized in that: produce and preserve the characteristic information storehouse and two parts of the compound authentication of authentication information more than 1.2 consist of by 1.1;
1.1 produce and preservation characteristic information matrix, have successively following performing step:
Step 1.1.1 gathers the authentication information I of legal authentication object Mn:
Wherein, I MnM known legal authentication object C of expression mN authentication information, m is 1 to the positive integer of M, n is 1 to N positive integer; The authentication object C that each is known mN kind authentication information is arranged;
Wherein, C mM known legal authentication object of expression, corresponding J represents the object to be certified of some the unknowns with it; The method target is to identify whether M known authentication object C of object J to be certified mIn one, and J is C mIn which;
Step 1.1.2 calculates and preserves characteristic information matrix I F:
For m authentication object C mN kind authentication information I M1, I M2..., I MN, carry out characteristic information and calculate, obtain characteristic information matrix I F
Characteristic information matrix I FCan be I M1, I M2..., I MN, or by I M1, I M2..., I MNBy the characteristic information Tw that mode identification method calculates, the latter is the combination of above-mentioned two kinds of characteristic informations;
1.2 the compound authentication of many authentication information has following performing step successively:
Step 1.2.1 gathers the authentication information J of unknown object J to be certified n:
J represents the object to be certified of some the unknowns, J nN the authentication information of expression J, n is 1 to N positive integer;
Step 1.2.2 calculates the unmarried part of authentication probability P of object J to be certified n:
Definition P n: establish in the authentication of N kind, the result of every kind of authentication is probable value P nForm, n is 1 to the positive integer of N, i.e. P 1, P 2..., P NP nSpan be integer or decimal in 0 to 1 closed interval, P nThe accuracy rate of authentication is higher among the larger expression n;
Treat the N kind authentication information J of authentication object J nCarry out unmarried part of authentication, obtain unmarried part of authentication probability P nThe as a result Tout=(Mout, Pout) that calculates has two information, and one is classification Mout, and Mout represents most probable classification situation among the pattern recognition result, if Mout is not to be J, then this recognition result is that the probability of J is P n=0, if Mout is J, then this recognition result is that the probability of J is P n=Pout;
Unmarried part of authentication information feature of step 1.2.3 judged:
Definition PMIN n: unmarried part of authentication information feature approval probability lower limit, n is 1 to N positive integer, represents n kind authentication acceptable lower limit probability; PMIN nSpan be integer or decimal in 0 to 1 closed interval;
If there is P nSatisfy P nLess than PMIN n, then authentication failure jumps to step 1.2.6 authentication failure, i.e. Y=0;
If any P nAll satisfy P nMore than or equal to PMIN n, then algorithm continues;
Step 1.2.4 calculates the compound decision content y of many authentication information feature:
The compound authentication method result's of many authentication information feature accuracy rate Y is the as a result P by multiple unmarried part of identifying algorithm 1, P 2..., P NCalculate by many authentications composite algorisms, i.e. Y=F(P 1, P 2..., P N);
The computing formula of the compound decision content y of many authentication information feature is:
y=W 1xP 1+W 2xP 2+…+W NxP N
Wherein, W nBe weight coefficient, represent various identity authentication result to the influence degree of the as a result Y of many authentications composite algorism, n is 1 to N positive integer, W nSpan be integer or decimal in 0 to 1 closed interval, and W 1+ W 1+ ... + W n=100%;
The compound judgement of many authentication information of step 1.2.5 feature:
Definition PMIN: the compound approval probability of many authentication information feature lower limit, many authentications of expression acceptable composite computing result's lower limit probability, PMIN nSpan be integer or decimal in 0 to 1 closed interval;
If y is less than PMIN, then authentication failure jumps to step 1.2.6 authentication and does not pass through;
If y is more than or equal to PMIN, then authentication is passed through;
The compound authentication method result's of many authentication information feature accuracy rate Y=y; Method finishes;
Step 1.2.6 authentication is not passed through, and method finishes.
2. the compound authentication method of many authentication information feature described in according to claim 1, it is characterized in that: described authentication information is password or password or seal or smart card or signature or person's handwriting or E-token dynamic password card or excellent shield or short message password or two-dimension code or fingerprint or palmmprint or sound or retina or DNA or people's face.
According to claim 1 in the described pattern recognition computational methods of step 1.1.2, it is characterized in that: adopted neural network BP training algorithm, be specially,
The input matrix of train samples is each known authentication object C mX authentication information I MX, the objective matrix of train samples is T01, T01 be with matrix T=(1,2 ..., M) carry out the result that normalization is calculated, the difference between adjacent two numerical value of T01 is T01diff;
Neural net adopts Self-adaptation Wavelet Neural Network, and training algorithm adopts the Self-adaptation Wavelet Neural Network training algorithm, and the result of calculating is weight matrix WIJ, WJK and change of scale parameter matrix A, B is kept at it among characteristic information matrix T w, i.e. Tw=(WIJ, WJK, A, B, T01diff).
4. treat according to claim 3 the N kind authentication information J of authentication object J nCarry out the method that unmarried part of authentication adopted, it is characterized in that: adopted neural net forward calculation algorithm, be specially,
A certain the authentication information J that is input as unknown object J to be certified of neural net forward calculation X
The weight matrix of neural net forward calculation and change of scale parameter matrix are characteristic information matrix T w;
The algorithm that the neural net forward calculation is calculated adopts Self-adaptation Wavelet Neural Network forward calculation algorithm, and the result is numerical value y01;
Y01 and T01 are compared, find the element t01 of immediate y01 in the T01 matrix, namely the element in the T01 matrix and y01 do poor as a result minimum that be t01;
T01 is carried out renormalization calculate, obtain Mout and represent the immediate classification number of result of calculation;
Calculate probability corresponding to classification results Mout, Pout=t01-y01/T01diff, wherein T01diff represents the difference between adjacent two numerical value of T01;
Therefore available result is Tout=(Mout, Pout).
5. the compound authentication method of many authentication information feature according to claim 1 is characterized in that: described method of carrying out characteristic information calculating can also adopt feature extracting method or template Comparison Method or discriminant function method or statistical classification or Bayes Method or clustering methodology or fuzzy classifier method or neural net method or support vector machine method.
6. the compound authentication method of many authentication information feature according to claim 1 is characterized in that: the described N kind authentication information J that treats authentication object J nCarry out the method that unmarried part authentication adopts and to adopt feature extracting method or template Comparison Method or discriminant function method or statistical classification or Bayes Method or clustering methodology or fuzzy classifier method or neural net method or support vector machine method.
CN201210363891.8A 2012-09-26 2012-09-26 Compound authentication method of multi-identity authentication information feature Expired - Fee Related CN102904885B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210363891.8A CN102904885B (en) 2012-09-26 2012-09-26 Compound authentication method of multi-identity authentication information feature

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210363891.8A CN102904885B (en) 2012-09-26 2012-09-26 Compound authentication method of multi-identity authentication information feature

Publications (2)

Publication Number Publication Date
CN102904885A true CN102904885A (en) 2013-01-30
CN102904885B CN102904885B (en) 2015-04-29

Family

ID=47576921

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210363891.8A Expired - Fee Related CN102904885B (en) 2012-09-26 2012-09-26 Compound authentication method of multi-identity authentication information feature

Country Status (1)

Country Link
CN (1) CN102904885B (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103227721A (en) * 2013-03-28 2013-07-31 金硕澳门离岸商业服务有限公司 System and method for starting application
WO2015117528A1 (en) * 2014-07-24 2015-08-13 中兴通讯股份有限公司 Car driving record processing method and system
WO2015184987A1 (en) * 2014-06-05 2015-12-10 胡宝华 User identity recognition method, recognition system and health instrument
CN105528702A (en) * 2014-09-30 2016-04-27 陈启洲 Digital dynamic trackless security identity authentication method
CN105631272A (en) * 2016-02-02 2016-06-01 云南大学 Multi-safeguard identity authentication method
CN105765904A (en) * 2013-10-28 2016-07-13 宝利实业有限公司 Information bearing device and authentication device comprising the same
CN106330863A (en) * 2016-08-11 2017-01-11 武汉益模科技股份有限公司 Management method and system for implementing real-time online countersign of multi-party conference
JPWO2016117500A1 (en) * 2015-01-19 2017-11-24 日本電気株式会社 Authentication apparatus, method, system and program, and server apparatus
CN107483433A (en) * 2017-08-10 2017-12-15 山东渔翁信息技术股份有限公司 A kind of method and system of authentication
WO2018099276A1 (en) * 2016-11-30 2018-06-07 阿里巴巴集团控股有限公司 Identity authentication method and apparatus, and computing device
CN108243145A (en) * 2016-12-23 2018-07-03 航天星图科技(北京)有限公司 A kind of multi-source identity identifying method
CN110264597A (en) * 2019-06-13 2019-09-20 北京深思数盾科技股份有限公司 Intelligent lock and its method of unlocking
CN110781469B (en) * 2014-08-07 2021-01-01 创新先进技术有限公司 Identity authentication method and device
CN112738045A (en) * 2020-12-23 2021-04-30 中科三清科技有限公司 Multi-source fusion identity authentication system and method
CN112822007A (en) * 2020-12-29 2021-05-18 中国农业银行股份有限公司 User authentication method, device and equipment
CN110489749B (en) * 2019-08-07 2021-05-18 北京航空航天大学 Business process optimization method of intelligent office automation system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201489537U (en) * 2009-05-25 2010-05-26 北京森博克智能科技有限公司 Multi-mode identity authentication equipment with iris recognition and USB Key function
CN101986597A (en) * 2010-10-20 2011-03-16 杭州晟元芯片技术有限公司 Identity authentication system with biological characteristic recognition function and authentication method thereof

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201489537U (en) * 2009-05-25 2010-05-26 北京森博克智能科技有限公司 Multi-mode identity authentication equipment with iris recognition and USB Key function
CN101986597A (en) * 2010-10-20 2011-03-16 杭州晟元芯片技术有限公司 Identity authentication system with biological characteristic recognition function and authentication method thereof

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103227721B (en) * 2013-03-28 2015-11-18 金硕澳门离岸商业服务有限公司 Start the system and method for application
CN103227721A (en) * 2013-03-28 2013-07-31 金硕澳门离岸商业服务有限公司 System and method for starting application
CN105765904B (en) * 2013-10-28 2020-02-07 宝利实业有限公司 Information bearing device and authentication device comprising the same
CN105765904A (en) * 2013-10-28 2016-07-13 宝利实业有限公司 Information bearing device and authentication device comprising the same
WO2015184987A1 (en) * 2014-06-05 2015-12-10 胡宝华 User identity recognition method, recognition system and health instrument
WO2015117528A1 (en) * 2014-07-24 2015-08-13 中兴通讯股份有限公司 Car driving record processing method and system
CN105279814A (en) * 2014-07-24 2016-01-27 中兴通讯股份有限公司 Driving recording treatment method and driving recording treatment system
CN110781469B (en) * 2014-08-07 2021-01-01 创新先进技术有限公司 Identity authentication method and device
CN105528702A (en) * 2014-09-30 2016-04-27 陈启洲 Digital dynamic trackless security identity authentication method
JPWO2016117500A1 (en) * 2015-01-19 2017-11-24 日本電気株式会社 Authentication apparatus, method, system and program, and server apparatus
US11030286B2 (en) 2015-01-19 2021-06-08 Nec Corporation Authentication apparatus, method, system and program, and server apparatus
US10579781B2 (en) 2015-01-19 2020-03-03 Nec Corporation Authentication apparatus, method, system and program, and server apparatus
CN105631272B (en) * 2016-02-02 2018-05-11 云南大学 A kind of identity identifying method of multiple security
CN105631272A (en) * 2016-02-02 2016-06-01 云南大学 Multi-safeguard identity authentication method
CN106330863B (en) * 2016-08-11 2020-05-19 武汉益模科技股份有限公司 Management method and system for realizing instant online countersigning of multi-party conference
CN106330863A (en) * 2016-08-11 2017-01-11 武汉益模科技股份有限公司 Management method and system for implementing real-time online countersign of multi-party conference
WO2018099276A1 (en) * 2016-11-30 2018-06-07 阿里巴巴集团控股有限公司 Identity authentication method and apparatus, and computing device
CN108243145B (en) * 2016-12-23 2019-04-26 中科星图股份有限公司 A kind of multi-source identity identifying method
CN108243145A (en) * 2016-12-23 2018-07-03 航天星图科技(北京)有限公司 A kind of multi-source identity identifying method
CN107483433A (en) * 2017-08-10 2017-12-15 山东渔翁信息技术股份有限公司 A kind of method and system of authentication
CN110264597A (en) * 2019-06-13 2019-09-20 北京深思数盾科技股份有限公司 Intelligent lock and its method of unlocking
CN110489749B (en) * 2019-08-07 2021-05-18 北京航空航天大学 Business process optimization method of intelligent office automation system
CN112738045A (en) * 2020-12-23 2021-04-30 中科三清科技有限公司 Multi-source fusion identity authentication system and method
CN112822007A (en) * 2020-12-29 2021-05-18 中国农业银行股份有限公司 User authentication method, device and equipment
CN112822007B (en) * 2020-12-29 2023-11-03 中国农业银行股份有限公司 User authentication method, device and equipment

Also Published As

Publication number Publication date
CN102904885B (en) 2015-04-29

Similar Documents

Publication Publication Date Title
CN102904885B (en) Compound authentication method of multi-identity authentication information feature
US10777030B2 (en) Conditional and situational biometric authentication and enrollment
Hamadene et al. One-class writer-independent offline signature verification using feature dissimilarity thresholding
Sharma et al. An enhanced contextual DTW based system for online signature verification using vector quantization
Karnan et al. Biometric personal authentication using keystroke dynamics: A review
CN100356388C (en) Biocharacteristics fusioned identity distinguishing and identification method
CN104036176B (en) Method, authentication method and terminal device based on level of security registered fingerprint characteristic point
Tanwar et al. Online signature-based biometric recognition
CN101571920A (en) Biometric authentication system, authentication client terminal, and biometric authentication method
CN102087686A (en) System and method of biometric authentication using multiple kinds of templates
CN105069622A (en) Face identification payment system facing mobile terminal and face identification payment method facing mobile terminal
Marcialis et al. Fusion of multiple fingerprint matchers by single-layer perceptron with class-separation loss function
Yang et al. Online handwritten signature verification based on the most stable feature and partition
Gawande et al. Bimodal biometric system: feature level fusion of iris and fingerprint
CN114090985A (en) Method and device for setting user operation permission in block chain and electronic equipment
Sharma et al. Encryption of text using fingerprints as input to various algorithms
Ameh et al. Securing cardless automated teller machine transactions using bimodal authentication system
Nilchiyan et al. Statistical on-line signature verification using rotation-invariant dynamic descriptors
Nanni et al. A supervised method to discriminate between impostors and genuine in biometry
Putz-Leszczyńska Signature verification: A comprehensive study of the hidden signature method
Han et al. Generation of reliable PINs from fingerprints
Afriyie et al. Enhancing security of automated teller machines using biometric authentication: A case of a Sub-Saharan University
Yaddaden et al. An efficient palmprint authentication system based on one-class SVM and hog descriptor
Abbas et al. SVM-DSmT combination for the simultaneous verification of off-line and on-line handwritten signatures
Vajpai et al. Dynamic signature verification for secure retrieval of classified information

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20150429

Termination date: 20190926