The divisional application that the present invention is application number is 201410191861.2, the applying date is on May 7th, 2014, denomination of invention is the patent of " identity identifying method based on finger print information ".
Summary of the invention
In order to solve the problem, the invention provides a kind of identity identifying method based on finger print information, the fingerprint image of user is read by fingerprint reading systems, by image processing equipment, sharpening process is carried out to described fingerprint image, by identification of fingerprint equipment, identification of fingerprint is carried out to the image after sharpening process, obtain digitized real time fingerprint characteristic, and described real time fingerprint characteristic is participated in the generation of time synchronized dynamic password, dynamic password generate pattern is changed into dual factors from single factor test, when increasing small hardware cost, improve the reliability of identity authorization system largely, for good trading environment improves in user and businessman.
According to an aspect of the present invention, provide a kind of identity identifying method based on finger print information, described identity identifying method comprises:
Step 1: the fingerprint image being read user by fingerprint reading systems;
Step 2: image processing equipment carries out sharpening process to described fingerprint image, obtains the intensification image that definition strengthens;
Step 3: identification of fingerprint equipment carries out identification of fingerprint to described intensification image, obtains digitized real time fingerprint characteristic;
Step 4: token device generates first user characterization factor based on described real time fingerprint characteristic and current slot;
Step 5: token device generates the first shared key according to SHA-1 algorithm based on token identifications and described first user characterization factor;
Step 6: token device generates the first binary sequence according to hash algorithm based on described first shared key and the first counter currency;
Step 7: token device is carried out binary system to described first binary sequence and changed to the decimal system, obtains the first decimal data, intercepts described first metric last eight bit data and is presented on the display of token device as the first dynamic password;
Step 8: user ID and described first dynamic password are entered in the authentication window corresponding with authentication server by user;
Step 9: authentication server carries out certification according to the user ID of user's typing and the first dynamic password to user identity;
Step 10: authentication server is to described authentication window return authentication result;
Wherein, authentication server carries out certification according to the user ID of user's typing and the first dynamic password to user identity and comprises, and authentication server searches the pre-stored fingerprint characteristic corresponding with described user ID and the token identifications that prestores in a database based on described user ID; The second user characteristics factor is generated based on pre-stored fingerprint characteristic and current slot; The second shared key is generated based on prestore token identifications and the described second user characteristics factor according to SHA-1 algorithm; The second binary sequence is generated based on the second shared key and the second counter currency according to hash algorithm; Carry out binary system to the second binary sequence to change to the decimal system, obtain the second decimal data; Intercept the second metric last eight bit data as the second dynamic password; Second dynamic password and the first dynamic password are compared, if the same authentication result is successfully, if not identical, authentication result is unsuccessfully;
Wherein, described fingerprint reading systems, described image processing equipment, described identification of fingerprint equipment and described first counter are all integrated in described token device, described second counter set is formed in described authentication server, and described first counter is synchronous with described second rolling counters forward.
More specifically, described identity identifying method also comprises, after described dynamic password is entered in the authentication window corresponding with authentication server by user, described authentication window arranges scheduled time window, when in described scheduled time window, described authentication server is not to described authentication window return authentication result, described authentication window reminding user re-enters described dynamic password, and authentication server and token device perform a heavy synchronizing process simultaneously.
More specifically, described identity identifying method also comprises, at authentication server to after described authentication window return authentication result, if authentication result is successfully, then described authentication window prompting user is validated user, if authentication result is unsuccessfully, then described authentication window prompting user is disabled user.
More specifically, described identity identifying method also comprises, when authentication server to described authentication window return authentication result be repeatedly unsuccessfully time, the locking of described authentication window, forbids that user continues the described authentication window of access on the same day.
More specifically, in described identity identifying method, described real time fingerprint characteristic and described pre-stored fingerprint characteristic all comprise fingerprint general characteristic and fingerprint local feature, and described fingerprint general characteristic comprises ring-like, arcuate and spiral type.
Embodiment
Below with reference to accompanying drawings the embodiment of the identity identifying method based on finger print information of the present invention is described in detail.
The skin of people by epidermis, corium and hypodermis three part form.Fingerprint is exactly the streakline of epidermis upper process.Due to the hereditary capacity of people.Although fingerprint everybody all have, different.Fingerprint is divided into polytype: have concentric circles or spiral streakline, looks as whirlpool in water, is whorl; Some streaklines are openings at one side, just as dustpan, are loop; Some line shape shapes, as bow, are bow strain line.Each one fingerprint is except shape difference, and the number of line shape, length are also different.Fingerprint generally just starts to produce fetus on the three or four month, just defines by about six months.When baby grows to manhood, fingerprint also only amplifies and increases slightly, and his grain pattern remains unchanged.Also do not find two identical people of fingerprint now.Therefore, fingerprint is used to carry out user identity identification very effective.
In order to the uniqueness of Appropriate application fingerprint, need to take fingerprint, extract characteristic sum feature digitized processing, thus obtain and can carry out digitally coded fingerprint characteristic data.Generally, read the image of somatic fingerprint by fingerprint reading systems, after getting fingerprint image, preliminary process will be carried out to original image, make it more clear.Next, identification of fingerprint software sets up numeral and the characteristic of fingerprint, a kind of unidirectional conversion, can convert characteristic to from fingerprint but can not be converted into fingerprint from characteristic, and two pieces of different fingerprints can not produce identical characteristic.Some finger print datas are more complicated, and node and directional information combination are created more data, and these directional informations indicate the relation between each node, and the algorithm also had also processes view picture fingerprint image.These fingerprint characteristic datas, are commonly referred to template, save as the record of 1K size.Finally, by the method for computer Fuzzy comparisons, the template of two fingerprints is compared, calculate their similarity degree, finally obtain the matching result of two fingerprints.
Therefore, based in the dynamic password identity authentication method of finger print information and system, only need extract correct digital user fingerprint characteristic data at token device end, and preserve identical digital user fingerprint characteristic data at certificate server end in advance, simultaneously two identical time synchronized dynamic passwords can be generated based on finger print information and time according to predictive encoding algorithm at two ends, thus completing user certification.On the contrary, if disabled user carries out certification, what then token device end extracted is wrong digital user fingerprint characteristic data, what generate is also wrong dynamic password, cannot mate with the correct dynamic password that server end generates, thus ensure to only have validated user just by the just rights and interests of certification.
Fig. 1 is the method flow diagram of the identity identifying method based on finger print information illustrated according to an embodiment of the present invention, and described identity identifying method comprises the following steps:
Step 101: the fingerprint image being read user by fingerprint reading systems;
Step 102: image processing equipment carries out sharpening process to described fingerprint image, obtains the intensification image that definition strengthens;
Step 103: identification of fingerprint equipment carries out identification of fingerprint to described intensification image, obtains digitized real time fingerprint characteristic;
Step 104: token device generates first user characterization factor based on described real time fingerprint characteristic and current slot;
Step 105: token device generates the first shared key according to SHA-1 algorithm based on token identifications and described first user characterization factor;
Step 106: token device generates the first binary sequence according to hash algorithm based on described first shared key and the first counter currency;
Step 107: token device is carried out binary system to described first binary sequence and changed to the decimal system, obtains the first decimal data, intercepts described first metric last eight bit data and is presented on the display of token device as the first dynamic password;
Step 108: user ID and described first dynamic password are entered in the authentication window corresponding with authentication server by user;
Step 109: authentication server carries out certification according to the user ID of user's typing and the first dynamic password to user identity;
Step 110: authentication server is to described authentication window return authentication result;
In addition, in step 109, further comprising the steps:
Step 1101: authentication server searches the pre-stored fingerprint characteristic corresponding with described user ID and the token identifications that prestores in a database based on described user ID;
Step 1102: generate the second user characteristics factor based on pre-stored fingerprint characteristic and current slot;
Step 1103: generate the second shared key based on prestore token identifications and the described second user characteristics factor according to SHA-1 algorithm;
Step 1104: generate the second binary sequence based on the second shared key and the second counter currency according to hash algorithm;
Step 1105: binary system is carried out to the second binary sequence and changes to the decimal system, obtain the second decimal data;
Step 1106: intercept the second metric last eight bit data as the second dynamic password;
Step 1107: the second dynamic password and the first dynamic password are compared, if the same authentication result is successfully, if not identical, authentication result is unsuccessfully;
In addition, after step 108, described authentication window also can arrange scheduled time window, when in described scheduled time window, described authentication server is not to described authentication window return authentication result, described authentication window reminding user re-enters described dynamic password, and authentication server and token device perform a heavy synchronizing process simultaneously; Described identity identifying method also can comprise, and after step 110, if authentication result is successfully, then described authentication window prompting user is validated user, if authentication result is unsuccessfully, then described authentication window prompting user is disabled user; And described identity identifying method also can comprise, when authentication server to described authentication window return authentication result be repeatedly unsuccessfully time, described authentication window locking, and forbid that user continues the described authentication window of access on the same day.
In addition, described fingerprint reading systems, described image processing equipment, described identification of fingerprint equipment and described first counter can all be integrated in described token device, described second counter can be integrated in described authentication server, and described first counter and described second counter are count synchronization; In described identity identifying method, described real time fingerprint characteristic and described pre-stored fingerprint characteristic all comprise fingerprint general characteristic and fingerprint local feature, and described fingerprint general characteristic can comprise ring-like, arcuate and spiral type.
Wherein, SHA-1 algorithm is the member of SHA algorithm family, and SHA algorithm is U.S.National Security Agency (NSA) design, a series of Cryptographic Hash Functions that National Institute of Standards and Technology (NIST) issues.Formal name is SHA.SHA family first member is published on 1993.But people have got an informal title SHA-0 to avoid obscuring with his succession to it.After 2 years, SHA-1, the succession of first SHA has issued.Also have four kinds of variants in addition, once issued scope and some trickle designs of change of promoting output: SHA-224, SHA-256, SHA-384 and SHA-512 (these are sometimes also referred to as SHA-2).SHA-0 and SHA-1 can produce the summary of a string 160 bits from the information of a maximum 2^64 bit, then encrypts based on the similar principle designing MD4 and MD5 message digest algorithm.
Wherein, hash computing is also known as hash function, and Hash function (also claiming hash function or hash algorithm), is changing into input message string long arbitrarily a kind of function of the output string of fixed length exactly.Hash function is a very important instrument in information security, and he applies operation to the message m of a random length, and return Hash Value h (m) of a regular length, hash function need not be maintained secrecy to processing procedure disclosed in being.
Then, with reference to figure 2 continuation, the present invention will be described, Fig. 2 is the block diagram of the identity authorization system based on finger print information illustrated according to an embodiment of the present invention, described identity authorization system comprises token device 21, communication network 22 and authentication server 23, fingerprint reading systems is integrated with in token device 21, image processing equipment, identification of fingerprint equipment and the first counter, the second counter is integrated with in authentication server 23, described first counter and described second counter are count synchronization, token device 21 inputs fingerprint based on user and generates digitize fingerprint characteristic, and based on digitize fingerprint characteristic, current slot and token identifications coding, generate and show dynamic password, the dynamic password generated is inputted the authentication window corresponding with authentication server 23 by user, to send to authentication server 23 place to carry out certification by communication network 22 dynamic password, authentication result is turned back to described authentication window place by communication network 22 by authentication server 23 equally.
Adopt the identity identifying method based on finger print information of the present invention, forming element for existing time synchronized dynamic password generate pattern is single, be easy to the technical problem that cracks, the distinctive digitize fingerprint characteristic of adding users carries out the generation of dynamic password, use the complexity of finger print information, improve the complexity of Verification System and crack difficulty, by introducing less hardware cost, improve the reliability of Verification System largely, promote the use confidence of user, widen the application market of Related product.
Be understandable that, although the present invention with preferred embodiment disclose as above, but above-described embodiment and be not used to limit the present invention.For any those of ordinary skill in the art, do not departing under technical solution of the present invention ambit, the technology contents of above-mentioned announcement all can be utilized to make many possible variations and modification to technical solution of the present invention, or be revised as the Equivalent embodiments of equivalent variations.Therefore, every content not departing from technical solution of the present invention, according to technical spirit of the present invention to any simple modification made for any of the above embodiments, equivalent variations and modification, all still belongs in the scope of technical solution of the present invention protection.