CN105635099A - Identity authentication method, identity authentication system, terminal and server - Google Patents
Identity authentication method, identity authentication system, terminal and server Download PDFInfo
- Publication number
- CN105635099A CN105635099A CN201510439665.7A CN201510439665A CN105635099A CN 105635099 A CN105635099 A CN 105635099A CN 201510439665 A CN201510439665 A CN 201510439665A CN 105635099 A CN105635099 A CN 105635099A
- Authority
- CN
- China
- Prior art keywords
- information
- biological
- euclidean distance
- vector
- biological information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Biomedical Technology (AREA)
- Computing Systems (AREA)
- General Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Biodiversity & Conservation Biology (AREA)
- Life Sciences & Earth Sciences (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Collating Specific Patterns (AREA)
Abstract
The invention provides an identity authentication method, an identity authentication system, a terminal and a server. The identity authentication method comprises the following steps: collecting first biological characteristic information of a preset user; expressing at least one item of first attribute information of the first biological characteristic information in a vector form, and carrying out homomorphic encryption processing on the at least one item of first attribute information expressed in the vector form according to a preset key to generate a first biological characteristic vector; and sending the first biological characteristic vector to the server, thus allowing the server to store the first biological characteristic vector as a first biological characteristic template vector. By adopting the identity authentication method provided by the technical scheme, the secure storage and efficient authentication of the biological characteristic information of the user are realized.
Description
Technical field
The present invention relates to technical field of biometric identification, in particular to a kind of identity identifying method, a kind of identity authorization system, a kind of terminal and a kind of server.
Background technology
At present, biological identification technology refers to the technology utilizing human body biological characteristics to carry out authentication, and common biological identification technology includes fingerprint recognition, recognition of face, iris identification etc.
The safety of the information on mobile terminal can be effectively protected in the upper integrated bio identification technology of mobile terminal (such as mobile phone); wherein; the storage of biometric templates data is a crucial problem; because the rogue program on mobile terminal may steal the biometric templates data of storage on mobile terminal; thus easily passing through biometric authentication; cause the leakage of important information, bring bad experience to user.
Homomorphic cryptography is a kind of special encryption technology, and it allows people that ciphertext carries out specific algebraic operation, and the operation result obtained is the same with to the result expressly carrying out same computing. In other words, this technology make us can be operated in the data of encryption, draw correct result, and without data are decrypted in whole processing procedure. But current homomorphic cryptography technology also cannot be directly applied to biometric templates mates in such complex calculation.
Therefore, need a kind of new identity identifying method, biological identification technology can be combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and can effectively avoid in prior art because user biological characteristic information being stored on terminal and server the problem easily maliciously stolen, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
Summary of the invention
The present invention is based on the problems referred to above, propose a kind of new technical scheme, by biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem effectively avoiding easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In view of this, first aspect of the present invention it is proposed a kind of identity identifying method, for terminal, including: gather first biological information of pre-set user; At least one first attribute information of described first biological information is represented in the form of vectors, and according to preset-key, at least one first attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the first biological characteristic vector; Described first biological characteristic vector is sent to server, for described server, described first biological characteristic vector is stored as the first biometric templates vector.
In this technical scheme, first the pre-stored process of the first biometric templates vector is carried out, specifically, by the first attribute information being available for authentication in the first biological information of the pre-set user collected is represented in the form of vectors, wherein, the first attribute information being available for authentication has one or more, and represent each item the first attribute information by vector form, a Vector Groups representing the first biological information can be obtained, each in this Vector Groups point vector is carried out homomorphic cryptography by the preset-key according to storage, the first biological characteristic vector can be obtained, then the first thing characteristic vector is sent to server, it is stored as the first biometric templates vector by server, wherein, preset-key can be that terminal randomly generates, setting can also be actually needed according to user, it is ultimately stored in terminal, it is about to the first biometric templates vector through homomorphic cryptography generates store in the server, and the preset-key for deciphering stores in the terminal, then server cannot know this preset-key, so, by biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, it is preferable that also include: gather second biological information of active user; At least one second attribute information of described second biological information is represented in the form of vectors, and according to described preset-key, at least one second attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the second biological characteristic vector; Sending described second biological characteristic vector to described server, and described first biometric templates vector vectorial according to described second biological characteristic for described server generates the first Euclidean distance; Receive described first Euclidean distance from described server; Described first Euclidean distance is carried out homomorphic decryption process and obtains the second Euclidean distance; Determine whether described second biological information mates with described first biological information according to described second Euclidean distance, whether successful with the certification that determines one's identity.
In this technical scheme, by the second attribute information being available for authentication in second biological information of the active user collected is represented in the form of vectors, wherein, the second attribute information being available for authentication has one or more, and represent each item the second attribute information by vector form, a Vector Groups representing the second biological information can be obtained, according to preset-key, each in this Vector Groups point vector is carried out homomorphic cryptography, the second biological characteristic vector can be obtained, then the second biological characteristic vector is sent to server, for server in the case of non-decrypting, calculate the first Euclidean distance of the second biological characteristic vector and the first biometric templates vector of its pre-stored, certainly, first Euclidean distance is also encryption, server also cannot know the concrete outcome of the first Euclidean distance, so, it is possible to prevent the first biometric templates vector of server abuse user, ensure that the safety of matching result.
Additionally, by the first biometric templates vector is stored in the server, compared with prior art, avoid the problem easily maliciously stolen because being stored in terminal by the first biometric templates vector, calculated first Euclidean distance is sent to terminal by server, by terminal, it is carried out homomorphic decryption and obtain the second Euclidean distance, and then can determine whether the second biological information mates with described first biological information according to the second Euclidean distance, whether successful with the certification that determines one's identity, namely store in the terminal for the preset-key of homomorphic decryption, server cannot know this preset-key, further ensure that the safety and reliability of authentication.
By biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, preferably, determine whether described second biological information mates with described first biological information according to described second Euclidean distance, whether successful with the certification that determines one's identity, specifically include: judge that whether described second Euclidean distance is less than or equal to predeterminable range; And when judging described second Euclidean distance less than or equal to described predeterminable range, described second biological information is successful with described first biometric information matches, then authentication success; When judging described second Euclidean distance more than described predeterminable range, described second biological information is failed with described first biometric information matches, then authentication failure.
In this technical scheme, whether the second biological information mates with described first biological information is determined by the second Euclidean distance, by judging that the second Euclidean distance can determine if to mate with the size of predeterminable range, specifically, when judging the second Euclidean distance less than or equal to predeterminable range, second biological information and described first biometric information matches success, then show authenticating user identification success, otherwise, authentication failure, so, effectively avoid the problem easily maliciously stolen in prior art because being stored in terminal by the first biometric templates vector, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience. wherein, predeterminable range can need to calculate out according to practical application scene.
In technique scheme, it is preferable that described first biological information and described second biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
In this technical scheme, first biological information and the second biological information include at least but are not limited to one below or its combination: information in fingerprint, iris image information and human face image information, namely this programme can realize based on different biological informations, so that server need not be deciphered just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by the first biometric templates vector in prior art, and then improve the effect of the safety and reliability of the authentication based on biological information, further increase the suitability of authentication.
According to the second aspect of the invention, it is proposed that a kind of identity authorization system, for terminal, including: acquisition module, for gathering the first biological information of pre-set user; Encrypting module, for at least one first attribute information of described first biological information is represented in the form of vectors, and according to preset-key, at least one first attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the first biological characteristic vector; First sending module, for sending described first biological characteristic vector to server, is stored as the first biometric templates for described server vectorial by described first biological characteristic vector.
In this technical scheme, first the pre-stored process of the first biometric templates vector is carried out, specifically, by the first attribute information being available for authentication in the first biological information of the pre-set user collected is represented in the form of vectors, wherein, the first attribute information being available for authentication has one or more, and represent each item the first attribute information by vector form, a Vector Groups representing the first biological information can be obtained, each in this Vector Groups point vector is carried out homomorphic cryptography by the preset-key according to storage, the first biological characteristic vector can be obtained, then the first thing characteristic vector is sent to server, it is stored as the first biometric templates vector by server, wherein, preset-key can be that terminal randomly generates, setting can also be actually needed according to user, it is ultimately stored in terminal, it is about to the first biometric templates vector through homomorphic cryptography generates store in the server, and the preset-key for deciphering stores in the terminal, then server cannot know this preset-key, so, by biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, it is preferable that described acquisition module is additionally operable to gather second biological information of active user; Described encrypting module is additionally operable to represent at least one second attribute information of described second biological information in the form of vectors, and according to described preset-key, at least one second attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the second biological characteristic vector; Described first sending module is additionally operable to send to described server described second biological characteristic vector, and described first biometric templates vector vectorial according to described second biological characteristic for described server generates the first Euclidean distance; And described identity authorization system also includes: the first receiver module, for receiving described first Euclidean distance from described server; Deciphering module, obtains the second Euclidean distance for described first Euclidean distance carries out homomorphic decryption process; Judge module, for determining whether described second biological information mates with described first biological information according to described second Euclidean distance, whether successful with the certification that determines one's identity.
In this technical scheme, by the second attribute information being available for authentication in second biological information of the active user collected is represented in the form of vectors, wherein, the second attribute information being available for authentication has one or more, and represent each item the second attribute information by vector form, a Vector Groups representing the second biological information can be obtained, according to preset-key, each in this Vector Groups point vector is carried out homomorphic cryptography, the second biological characteristic vector can be obtained, then the second biological characteristic vector is sent to server, for server in the case of non-decrypting, calculate the first Euclidean distance of the second biological characteristic vector and the first biometric templates vector of its pre-stored, certainly, first Euclidean distance is also encryption, server also cannot know the concrete outcome of the first Euclidean distance, so, it is possible to prevent the first biometric templates vector of server abuse user, ensure that the safety of matching result.
Additionally, by the first biometric templates vector is stored in the server, compared with prior art, avoid the problem easily maliciously stolen because being stored in terminal by the first biometric templates vector, calculated first Euclidean distance is sent to terminal by server, by terminal, it is carried out homomorphic decryption and obtain the second Euclidean distance, and then can determine whether the second biological information mates with described first biological information according to the second Euclidean distance, whether successful with the certification that determines one's identity, namely store in the terminal for the preset-key of homomorphic decryption, server cannot know this preset-key, further ensure that the safety and reliability of authentication.
By biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, it is preferable that described judge module is specifically for judging that whether described second Euclidean distance is less than or equal to predeterminable range; And when judging described second Euclidean distance less than or equal to described predeterminable range, described second biological information is successful with described first biometric information matches, then authentication success; When judging described second Euclidean distance more than described predeterminable range, described second biological information is failed with described first biometric information matches, then authentication failure.
In this technical scheme, whether the second biological information and the first biological information mate is determined by the second Euclidean distance, by judging that the second Euclidean distance can determine if to mate with the size of predeterminable range, specifically, when judging the second Euclidean distance less than or equal to predeterminable range, second biological information and the success of the first biometric information matches, then show authenticating user identification success, otherwise, authentication failure, so, effectively avoid the problem easily maliciously stolen in prior art because being stored in terminal by the first biometric templates vector, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience. wherein, predeterminable range can need to calculate out according to practical application scene.
In technique scheme, it is preferable that described first biological information and described second biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
In this technical scheme, first biological information and the second biological information include at least but are not limited to one below or its combination: information in fingerprint, iris image information and human face image information, namely this programme can realize based on different biological informations, so that server need not be deciphered just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by the first biometric templates vector in prior art, and then improve the effect of the safety and reliability of the authentication based on biological information, further increase the suitability of authentication.
According to the third aspect of the invention we, it is proposed that a kind of identity identifying method, for server, including: receive the 3rd biological characteristic vector of self terminal; Described 3rd biological characteristic vector is stored as described second biometric templates vector, wherein, described 3rd biological characteristic vector is that at least one the 3rd attribute information of the 3rd biological information of the described terminal pre-set user to collecting carries out homomorphic cryptography and processes and obtain.
In this technical scheme, first the process of the second biometric templates vector storage is carried out, specifically, by the 3rd biological characteristic vector carrying out self terminal received is stored as the second biometric templates vector, think the premise guarantee being smoothed out providing necessity of subsequent match step, wherein, 3rd biological characteristic vector is that each item the 3rd attribute information being available for authentication of the 3rd biological information of the terminal pre-set user to collecting carries out homomorphic cryptography and processes and obtain, namely it is the vector that obtains of encrypted process, server cannot know its particular content equally, so, avoid the biological information of server abuse user, further increase the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, preferably, also include: receive the 4th biological characteristic vector from described terminal, wherein, described 4th biological characteristic vector is that at least one the 4th attribute information of the 4th biological information of the described terminal active user to collecting carries out homomorphic cryptography and processes and obtain; The 3rd Euclidean distance is obtained with the second biometric templates vector according to described 4th biological characteristic vector; Described 3rd Euclidean distance is sent to described terminal, determines whether described 4th biological information mates with described 3rd biological information for described terminal according to described 3rd Euclidean distance; And described 3rd biological information and described 4th biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
In this technical scheme, by sending to terminal with the second calculated 3rd Euclidean distance of biometric templates vector according to the 4th biological characteristic vector, for terminal, it is carried out homomorphic decryption, and then whether the certification that determines one's identity is successful, wherein, 4th biological characteristic vector is that each item the 4th attribute information being available for authentication of the 4th biological information of the terminal active user to collecting carries out homomorphic cryptography and processes and obtain, namely it is the vector that obtains of encrypted process, server cannot know its particular content, so, by biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, avoid the biological information of server abuse user, further increase the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
Additionally, 3rd biological information and the 4th biological information include at least but are not limited to one below or its combination: information in fingerprint, iris image information and human face image information, namely this programme can realize based on different biological informations, so that server need not decipher the problem that just can carry out correct biometric information matches and can effectively avoid easily maliciously being stolen because being stored in terminal by the second biometric templates vector in prior art, and then improve the effect of the safety and reliability of the authentication based on biological information, further increase the suitability of authentication.
According to the fourth aspect of the invention, it is proposed that a kind of identity authorization system, for server, including: the second receiver module, the 3rd biological characteristic vector for receiving self terminal; Memory module, for the described 3rd biological characteristic vector being stored as described second biometric templates vector, wherein, described 3rd biological characteristic vector is that at least one the 3rd attribute information of the 3rd biological information of the described terminal pre-set user to collecting carries out homomorphic cryptography and processes and obtain.
In this technical scheme, first the process of the second biometric templates vector storage is carried out, specifically, by the 3rd biological characteristic vector carrying out self terminal received is stored as the second biometric templates vector, think the premise guarantee being smoothed out providing necessity of subsequent match step, wherein, 3rd biological characteristic vector is that each item the 3rd attribute information being available for authentication of the 3rd biological information of the terminal pre-set user to collecting carries out homomorphic cryptography and processes and obtain, namely it is the vector that obtains of encrypted process, server cannot know its particular content equally, so, avoid the biological information of server abuse user, further increase the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, preferably, described second receiver module is additionally operable to receive the 4th biological characteristic vector from described terminal, wherein, described 4th biological characteristic vector is that at least one the 4th attribute information of the 4th biological information of the described terminal active user to collecting carries out homomorphic cryptography and processes and obtain; Described identity authorization system also includes: processing module is additionally operable to obtain the 3rd Euclidean distance according to described 4th biological characteristic vector with the second biometric templates vector; And described identity authorization system also includes: the second sending module, for sending described 3rd Euclidean distance to described terminal, determine whether described 4th biological information mates with described 3rd biological information for described terminal according to described 3rd Euclidean distance; And described 3rd biological information and described 4th biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
In this technical scheme, by sending to terminal with the second calculated 3rd Euclidean distance of biometric templates vector according to the 4th biological characteristic vector, for terminal, it is carried out homomorphic decryption, and then whether the certification that determines one's identity is successful, wherein, 4th biological characteristic vector is that each item the 4th attribute information being available for authentication of the 4th biological information of the terminal active user to collecting carries out homomorphic cryptography and processes and obtain, namely it is the vector that obtains of encrypted process, server cannot know its particular content, so, by biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, avoid the biological information of server abuse user, further increase the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
Additionally, 3rd biological information and the 4th biological information include at least but are not limited to one below or its combination: information in fingerprint, iris image information and human face image information, namely this programme can realize based on different biological informations, so that server need not decipher the problem that just can carry out correct biometric information matches and can effectively avoid easily maliciously being stolen because being stored in terminal by the second biometric templates vector in prior art, and then improve the effect of the safety and reliability of the authentication based on biological information, further increase the suitability of authentication.
According to the fifth aspect of the invention, propose a kind of terminal, including: the identity authorization system as described in terminal according to any one of technique scheme, therefore there are all beneficial effects of the identity authorization system described in terminal according to any one of technique scheme, repeat no more here.
According to the sixth aspect of the invention, propose a kind of server, including: the identity authorization system as described in server according to any one of technique scheme, therefore there are all beneficial effects of the identity authorization system described in server according to any one of technique scheme, repeat no more here.
Pass through technical scheme, biological identification technology can be combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
Accompanying drawing explanation
Fig. 1 illustrates the schematic flow sheet of identity identifying method according to an embodiment of the invention;
Fig. 2 illustrates the block diagram of identity authorization system according to an embodiment of the invention;
Fig. 3 illustrates the schematic flow sheet of identity identifying method according to another embodiment of the invention;
Fig. 4 illustrates the block diagram of identity authorization system according to another embodiment of the invention;
Fig. 5 illustrates the block diagram of terminal according to an embodiment of the invention;
Fig. 6 illustrates the block diagram of server according to an embodiment of the invention;
Fig. 7 illustrates the schematic flow sheet of identity identifying method according to still another embodiment of the invention;
Fig. 8 illustrates the schematic flow sheet of biological information register method according to an embodiment of the invention.
Detailed description of the invention
In order to the above-mentioned purpose of the present invention, feature and advantage can be more clearly understood that, below in conjunction with the drawings and specific embodiments, the present invention is further described in detail. It should be noted that when not conflicting, embodiments herein and the feature in embodiment can be mutually combined.
Elaborate a lot of detail in the following description so that fully understanding the present invention; but; the present invention can also adopt other to be different from other modes described here to implement, and therefore, protection scope of the present invention is by the restriction of following public specific embodiment.
Fig. 1 illustrates the schematic flow sheet of identity identifying method according to an embodiment of the invention.
As it is shown in figure 1, the identity identifying method of one embodiment of the present of invention, for terminal, including: step 102, gather the first biological information of pre-set user; At least one first attribute information of described first biological information is represented by step 104 in the form of vectors, and according to preset-key, at least one first attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the first biological characteristic vector; Described first biological characteristic vector is sent to server by step 106, for described server, described first biological characteristic vector is stored as the first biometric templates vector.
In this technical scheme, first the pre-stored process of the first biometric templates vector is carried out, specifically, by the first attribute information being available for authentication in the first biological information of the pre-set user collected is represented in the form of vectors, wherein, the first attribute information being available for authentication has one or more, and represent each item the first attribute information by vector form, a Vector Groups representing the first biological information can be obtained, each in this Vector Groups point vector is carried out homomorphic cryptography by the preset-key according to storage, the first biological characteristic vector can be obtained, then the first thing characteristic vector is sent to server, it is stored as the first biometric templates vector by server, wherein, preset-key can be that terminal randomly generates, setting can also be actually needed according to user, it is ultimately stored in terminal, it is about to the first biometric templates vector through homomorphic cryptography generates store in the server, and the preset-key for deciphering stores in the terminal, then server cannot know this preset-key, so, by biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, it is preferable that also include: gather second biological information of active user; At least one second attribute information of described second biological information is represented in the form of vectors, and according to described preset-key, at least one second attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the second biological characteristic vector; Sending described second biological characteristic vector to described server, and described first biometric templates vector vectorial according to described second biological characteristic for described server generates the first Euclidean distance; Receive described first Euclidean distance from described server; Described first Euclidean distance is carried out homomorphic decryption process and obtains the second Euclidean distance; Determine whether described second biological information mates with described first biological information according to described second Euclidean distance, whether successful with the certification that determines one's identity.
In this technical scheme, by the second attribute information being available for authentication in second biological information of the active user collected is represented in the form of vectors, wherein, the second attribute information being available for authentication has one or more, and represent each item the second attribute information by vector form, a Vector Groups representing the second biological information can be obtained, according to preset-key, each in this Vector Groups point vector is carried out homomorphic cryptography, the second biological characteristic vector can be obtained, then the second biological characteristic vector is sent to server, for server in the case of non-decrypting, calculate the first Euclidean distance of the second biological characteristic vector and the first biometric templates vector of its pre-stored, certainly, first Euclidean distance is also encryption, server also cannot know the concrete outcome of the first Euclidean distance, so, it is possible to prevent the first biometric templates vector of server abuse user, ensure that the safety of matching result.
Additionally, by the first biometric templates vector is stored in the server, compared with prior art, avoid the problem easily maliciously stolen because being stored in terminal by the first biometric templates vector, calculated first Euclidean distance is sent to terminal by server, by terminal, it is carried out homomorphic decryption and obtain the second Euclidean distance, and then can determine whether the second biological information mates with described first biological information according to the second Euclidean distance, whether successful with the certification that determines one's identity, namely store in the terminal for the preset-key of homomorphic decryption, server cannot know this preset-key, further ensure that the safety and reliability of authentication.
By biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, preferably, determine whether described second biological information mates with described first biological information according to described second Euclidean distance, whether successful with the certification that determines one's identity, specifically include: judge that whether described second Euclidean distance is less than or equal to predeterminable range; And when judging described second Euclidean distance less than or equal to described predeterminable range, described second biological information is successful with described first biometric information matches, then authentication success; When judging described second Euclidean distance more than described predeterminable range, described second biological information is failed with described first biometric information matches, then authentication failure.
In this technical scheme, whether the second biological information mates with described first biological information is determined by the second Euclidean distance, by judging that the second Euclidean distance can determine if to mate with the size of predeterminable range, specifically, when judging the second Euclidean distance less than or equal to predeterminable range, described second biological information and described first biometric information matches success, then show authenticating user identification success, otherwise, authentication failure, so, effectively avoid the problem easily maliciously stolen in prior art because being stored in terminal by the first biometric templates vector, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience. wherein, predeterminable range can need to calculate out according to practical application scene.
In technique scheme, it is preferable that described first biological information and described second biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
In this technical scheme, first biological information and the second biological information include at least but are not limited to one below or its combination: information in fingerprint, iris image information and human face image information, namely this programme can realize based on different biological informations, so that server need not be deciphered just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by the first biometric templates vector in prior art, and then improve the effect of the safety and reliability of the authentication based on biological information, further increase the suitability of authentication.
Fig. 2 illustrates the block diagram of identity authorization system according to an embodiment of the invention.
As in figure 2 it is shown, the identity authorization system 200 of one embodiment of the present of invention, for terminal, including: acquisition module 202, for gathering the first biological information of pre-set user; Encrypting module 204, for at least one first attribute information of described first biological information is represented in the form of vectors, and according to preset-key, at least one first attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the first biological characteristic vector; First sending module 206, for sending described first biological characteristic vector to server, is stored as the first biometric templates for described server vectorial by described first biological characteristic vector.
In this technical scheme, first the pre-stored process of the first biometric templates vector is carried out, specifically, by the first attribute information being available for authentication in the first biological information of the pre-set user collected is represented in the form of vectors, wherein, the first attribute information being available for authentication has one or more, and represent each item the first attribute information by vector form, a Vector Groups representing the first biological information can be obtained, each in this Vector Groups point vector is carried out homomorphic cryptography by the preset-key according to storage, the first biological characteristic vector can be obtained, then the first thing characteristic vector is sent to server, it is stored as the first biometric templates vector by server, wherein, preset-key can be that terminal randomly generates, setting can also be actually needed according to user, it is ultimately stored in terminal, it is about to the first biometric templates vector through homomorphic cryptography generates store in the server, and the preset-key for deciphering stores in the terminal, then server cannot know this preset-key, so, by biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, it is preferable that described acquisition module 202 is additionally operable to gather second biological information of active user; Described encrypting module 204 is additionally operable to represent at least one second attribute information of described second biological information in the form of vectors, and according to described preset-key, at least one second attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the second biological characteristic vector; Described first sending module 206 is additionally operable to send to described server described second biological characteristic vector, and described first biometric templates vector vectorial according to described second biological characteristic for described server generates the first Euclidean distance; And described identity authorization system 200 also includes: the first receiver module 208, for receiving described first Euclidean distance from described server; Deciphering module 210, obtains the second Euclidean distance for described first Euclidean distance carries out homomorphic decryption process; Judge module 212, for determining whether described second biological information mates with described first biological information according to described second Euclidean distance, whether successful with the certification that determines one's identity.
In this technical scheme, by the second attribute information being available for authentication in second biological information of the active user collected is represented in the form of vectors, wherein, the second attribute information being available for authentication has one or more, and represent each item the second attribute information by vector form, a Vector Groups representing the second biological information can be obtained, according to preset-key, each in this Vector Groups point vector is carried out homomorphic cryptography, the second biological characteristic vector can be obtained, then the second biological characteristic vector is sent to server, for server in the case of non-decrypting, calculate the first Euclidean distance of the second biological characteristic vector and the first biometric templates vector of its pre-stored, certainly, first Euclidean distance is also encryption, server also cannot know the concrete outcome of the first Euclidean distance, so, it is possible to prevent the first biometric templates vector of server abuse user, ensure that the safety of matching result.
Additionally, by the first biometric templates vector is stored in the server, compared with prior art, avoid the problem easily maliciously stolen because being stored in terminal by the first biometric templates vector, calculated first Euclidean distance is sent to terminal by server, by terminal, it is carried out homomorphic decryption and obtain the second Euclidean distance, and then can determine whether the second biological information mates with described first biological information according to the second Euclidean distance, whether successful with the certification that determines one's identity, namely store in the terminal for the preset-key of homomorphic decryption, server cannot know this preset-key, further ensure that the safety and reliability of authentication.
By biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, it is preferable that described judge module 212 is specifically for judging that whether described second Euclidean distance is less than or equal to predeterminable range; And when judging described second Euclidean distance less than or equal to described predeterminable range, described second biological information is successful with described first biometric information matches, then authentication success; When judging described second Euclidean distance more than described predeterminable range, described second biological information is failed with described first biometric information matches, then authentication failure.
In this technical scheme, whether the second biological information and the first biological information mate is determined by the second Euclidean distance, by judging that the second Euclidean distance can determine if to mate with the size of predeterminable range, specifically, when judging the second Euclidean distance less than or equal to predeterminable range, second biological information and the success of the first biometric information matches, then show authenticating user identification success, otherwise, authentication failure, so, effectively avoid the problem easily maliciously stolen in prior art because being stored in terminal by the first biometric templates vector, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience. wherein, predeterminable range can need to calculate out according to practical application scene.
In technique scheme, it is preferable that described first biological information and described second biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
In this technical scheme, first biological information and the second biological information include at least but are not limited to one below or its combination: information in fingerprint, iris image information and human face image information, namely this programme can realize based on different biological informations, so that server need not be deciphered just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by the first biometric templates vector in prior art, and then improve the effect of the safety and reliability of the authentication based on biological information, further increase the suitability of authentication.
Fig. 3 illustrates the schematic flow sheet of identity identifying method according to another embodiment of the invention.
As it is shown on figure 3, the identity identifying method of an alternative embodiment of the invention, for server, including: step 302, receive the 3rd biological characteristic vector of self terminal; Step 304, described 3rd biological characteristic vector is stored as described second biometric templates vector, wherein, described 3rd biological characteristic vector is that at least one the 3rd attribute information of the 3rd biological information of the described terminal pre-set user to collecting carries out homomorphic cryptography and processes and obtain.
In this technical scheme, first the process of the second biometric templates vector storage is carried out, specifically, by the 3rd biological characteristic vector carrying out self terminal received is stored as the second biometric templates vector, think the premise guarantee being smoothed out providing necessity of subsequent match step, wherein, 3rd biological characteristic vector is that each item the 3rd attribute information being available for authentication of the 3rd biological information of the terminal pre-set user to collecting carries out homomorphic cryptography and processes and obtain, namely it is the vector that obtains of encrypted process, server cannot know its particular content equally, so, avoid the biological information of server abuse user, further increase the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, preferably, also include: receive the 4th biological characteristic vector from described terminal, wherein, described 4th biological characteristic vector is that at least one the 4th attribute information of the 4th biological information of the described terminal active user to collecting carries out homomorphic cryptography and processes and obtain; The 3rd Euclidean distance is obtained with the second biometric templates vector according to described 4th biological characteristic vector; Described 3rd Euclidean distance is sent to described terminal, determines whether described 4th biological information mates with described 3rd biological information for described terminal according to described 3rd Euclidean distance; And described 3rd biological information and described 4th biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
In this technical scheme, by sending to terminal with the second calculated 3rd Euclidean distance of biometric templates vector according to the 4th biological characteristic vector, for terminal, it is carried out homomorphic decryption, and then whether the certification that determines one's identity is successful, wherein, 4th biological characteristic vector is that each item the 4th attribute information being available for authentication of the 4th biological information of the terminal active user to collecting carries out homomorphic cryptography and processes and obtain, namely it is the vector that obtains of encrypted process, server cannot know its particular content, so, by biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, avoid the biological information of server abuse user, further increase the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
Additionally, 3rd biological information and the 4th biological information include at least but are not limited to one below or its combination: information in fingerprint, iris image information and human face image information, namely this programme can realize based on different biological informations, so that server need not decipher the problem that just can carry out correct biometric information matches and can effectively avoid easily maliciously being stolen because being stored in terminal by the second biometric templates vector in prior art, and then improve the effect of the safety and reliability of the authentication based on biological information, further increase the suitability of authentication.
Fig. 4 illustrates the block diagram of identity authorization system according to another embodiment of the invention.
As shown in Figure 4, the identity authorization system 400 of an alternative embodiment of the invention, for server, including: the second receiver module 402, the 3rd biological characteristic vector for receiving self terminal; Memory module 404, for the described 3rd biological characteristic vector being stored as described second biometric templates vector, wherein, described 3rd biological characteristic vector is that at least one the 3rd attribute information of the 3rd biological information of the described terminal pre-set user to collecting carries out homomorphic cryptography and processes and obtain.
In this technical scheme, first the process of the second biometric templates vector storage is carried out, specifically, by the 3rd biological characteristic vector carrying out self terminal received is stored as the second biometric templates vector, think the premise guarantee being smoothed out providing necessity of subsequent match step, wherein, 3rd biological characteristic vector is that each item the 3rd attribute information being available for authentication of the 3rd biological information of the terminal pre-set user to collecting carries out homomorphic cryptography and processes and obtain, namely it is the vector that obtains of encrypted process, server cannot know its particular content equally, so, avoid the biological information of server abuse user, further increase the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, preferably, described second receiver module 402 is additionally operable to receive the 4th biological characteristic vector from described terminal, wherein, described 4th biological characteristic vector is that at least one the 4th attribute information of the 4th biological information of the described terminal active user to collecting carries out homomorphic cryptography and processes and obtain; And described identity authorization system also includes: processing module 406, for obtaining the 3rd Euclidean distance according to described 4th biological characteristic vector with the second biometric templates vector; According to described 3rd Euclidean distance, second sending module 408, for sending described 3rd Euclidean distance to described terminal, determines whether described 4th biological information mates with described 3rd biological information for described terminal; And described 3rd biological information and described 4th biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
In this technical scheme, by sending to terminal with the second calculated 3rd Euclidean distance of biometric templates vector according to the 4th biological characteristic vector, for terminal, it is carried out homomorphic decryption, and then whether the certification that determines one's identity is successful, wherein, 4th biological characteristic vector is that each item the 4th attribute information being available for authentication of the 4th biological information of the terminal active user to collecting carries out homomorphic cryptography and processes and obtain, namely it is the vector that obtains of encrypted process, server cannot know its particular content, so, by biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, avoid the biological information of server abuse user, further increase the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
Additionally, 3rd biological information and the 4th biological information include at least but are not limited to one below or its combination: information in fingerprint, iris image information and human face image information, namely this programme can realize based on different biological informations, so that server need not decipher the problem that just can carry out correct biometric information matches and can effectively avoid easily maliciously being stolen because being stored in terminal by the second biometric templates vector in prior art, and then improve the effect of the safety and reliability of the authentication based on biological information, further increase the suitability of authentication.
Fig. 5 illustrates the block diagram of terminal according to an embodiment of the invention.
As shown in Figure 5, the terminal 500 of one embodiment of the present of invention, including: the identity authorization system 200 as described in terminal 500 according to any one of technique scheme, therefore there are all beneficial effects of the identity authorization system 200 described in terminal 500 according to any one of technique scheme, repeat no more here.
Fig. 6 illustrates the block diagram of server according to an embodiment of the invention.
As shown in Figure 6, the server 600 of one embodiment of the present of invention, including: the identity authorization system 400 as described in server 600 according to any one of technique scheme, therefore there are all beneficial effects of the identity authorization system 400 described in server 600 according to any one of technique scheme, repeat no more here.
Technical scheme is described in detail below in conjunction with Fig. 7 and Fig. 8:
Fig. 7 illustrates the schematic flow sheet of identity identifying method according to still another embodiment of the invention.
Fig. 8 illustrates the schematic flow sheet of biological information register method according to an embodiment of the invention.
In the present embodiment biometric templates (i.e. the first biometric templates vector) is expressed as the form of vector, and each component of this vector is carried out homomorphic cryptography respectively, at least one second attribute information of second biological information is represented in the form of vectors, and according to preset-key, at least one second attribute information represented in the form of vectors is carried out homomorphic cryptography process, to generate the second biological characteristic vector; Similarity between two vectors (i.e. the second biological characteristic vector and the first biological characteristic masterplate vector) is determined by the Euclidean distance of the two vector, when distance therebetween is less than certain threshold value (i.e. predeterminable range), thinking that the match is successful, otherwise it fails to match; Calculate the Euclidean distance (i.e. the first Euclidean distance) between two vectors after encryption beyond the clouds, after result is sent to mobile phone terminal, mobile phone terminal deciphering obtains the Euclidean distance (i.e. the second Euclidean distance) between two vectors of unencrypted, thus judging user, whether certification is successful.
Enc in this programme descriptionkRepresent and perform homomorphic cryptography operation, Dec with k for keykRepresent and perform homomorphic decryption operation with k for key;
This programme includes two flow processs: biological characteristic registration and upload procedure, authentication procedures.
As it is shown in fig. 7, the identity identifying method of another embodiment of the present invention, specifically include:
Step 702, mobile phone gathers the biometric image (i.e. the second biological information) of user.
Step 704, processes biometric image, extracts the feature that vector form represents different, forms biological characteristic Vector Groups, such as (t1',t'2,����,t'n)��
Step 706, reads the key group (k of mobile phone storage1,k2,����,kn), component each in features described above vector is carried out homomorphic cryptography respectively, obtains(i.e. the second biological characteristic vector), wherein i=1,2 ..., n.
Represent in the form of vectors by least one second attribute information of the second biological information, and according to preset-key, at least one second attribute information represented in the form of vectors is carried out homomorphic cryptography process, to generate the second biological characteristic vector.
Step 708, by (e1',e'2,����,e'n) (namely second biological characteristic vector) be uploaded to Cloud Server.
Step 710, Cloud Server reads stored encryption biometric templates (e1,e2,����,en)��
Step 712, Cloud Server calculate input biological characteristic and register the Euclidean distance of biometric templates asNamely server generates the first Euclidean distance according to described second biological characteristic vector with the first biological characteristic vector.
Step 714, Euclidean distance (i.e. the first Euclidean distance) is sent to mobile phone by Cloud Server.
Step 716, Euclidean distance (i.e. the first Euclidean distance) result is deciphered by mobile phone, obtains the second Euclidean distance.
Step 718, according to the value of dist (i.e. the second Euclidean distance), mobile phone judges that whether user authentication is successful, if dist is more than or equal to certain threshold value h, then certification success, otherwise authentification failure
As shown in Figure 8, the biological information register method of one embodiment of the present of invention, including:
Step 802, mobile phone gathers the biological characteristic (i.e. the first biological information) of active user, and biological attribute data here may refer to stricture of vagina, iris, face etc., and what collect is the image of fingerprint, iris, face etc.
Step 804, processes biometric image, extracts the characteristic (i.e. the first attribute information) being available for identification, and represents in the form of vectors and different characteristic form Vector Groups, such as (t1,t2,����,tn)��
Step 806, selectes a group key (i.e. preset-key) such as: k1,k2,����,kn, to Vector Groups (t1,t2,����,tn) in each component carry out homomorphic cryptography respectively, obtain(i.e. the second biological characteristic vector), wherein i=1,2 ..., n.
Step 808, by (e1,e2,����,en) (namely first biological characteristic vector) be uploaded to Cloud Server, for server, described first biological characteristic vector is stored as the second biometric templates vector.
Step 810, mobile phone storage key group (k1,k2,����,kn)��
The beneficial effect of the present embodiment:
1, mobile phone this locality does not store biometric templates, and this locality does not have disclosure risk;
2, the biometric templates of high in the clouds storage is through encryption, will not leak;
3, homomorphic encryption scheme is used, it is ensured that the biometric templates through encryption need not be deciphered and just can perform user authentication.
In the present embodiment, mobile phone gathers the biological attribute data of user, form after vector encrypting and transmitting to Cloud Server (i.e. server), under Cloud Server helps, mobile phone calculates the Euclidean distance between gathered biological attribute data and registration biometric templates (i.e. the second biological characteristic vector and the first biometric templates vector), and judges that whether certification is successful according to result.
Technical scheme is described in detail above in association with accompanying drawing, by biological identification technology is combined with homomorphic cryptography technology, make server to decipher just to carry out correct biological special information and levy coupling, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations. All within the spirit and principles in the present invention, any amendment of making, equivalent replacement, improvement etc., should be included within protection scope of the present invention.
Claims (14)
1. an identity identifying method, for terminal, it is characterised in that including:
Gather the first biological information of pre-set user;
At least one first attribute information of described first biological information is represented in the form of vectors, and according to preset-key, at least one first attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the first biological characteristic vector;
Described first biological characteristic vector is sent to server, for described server, described first biological characteristic vector is stored as the first biometric templates vector.
2. identity identifying method according to claim 1, it is characterised in that also include:
Gather second biological information of active user;
At least one second attribute information of described second biological information is represented in the form of vectors, and according to described preset-key, at least one second attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the second biological characteristic vector;
Sending described second biological characteristic vector to described server, and described first biometric templates vector vectorial according to described second biological characteristic for described server generates the first Euclidean distance;
Receive described first Euclidean distance from described server;
Described first Euclidean distance is carried out homomorphic decryption process and obtains the second Euclidean distance;
Determine whether described second biological information mates with described first biological information according to described second Euclidean distance, whether successful with the certification that determines one's identity.
3. identity identifying method according to claim 2, it is characterised in that determine whether described second biological information mates with described first biological information according to described second Euclidean distance, whether successful with the certification that determines one's identity, specifically include:
Judge that whether described second Euclidean distance is less than or equal to predeterminable range; And
When judging described second Euclidean distance less than or equal to described predeterminable range, described second biological information is successful with described first biometric information matches, then authentication success;
When judging described second Euclidean distance more than described predeterminable range, described second biological information is failed with described first biometric information matches, then authentication failure.
4. identity identifying method according to any one of claim 1 to 3, it is characterised in that
Described first biological information and described second biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
5. an identity authorization system, for terminal, it is characterised in that including:
Acquisition module, for gathering the first biological information of pre-set user;
Encrypting module, for at least one first attribute information of described first biological information is represented in the form of vectors, and according to preset-key, at least one first attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the first biological characteristic vector;
First sending module, for sending described first biological characteristic vector to server, is stored as the first biometric templates for described server vectorial by described first biological characteristic vector.
6. identity authorization system according to claim 5, it is characterised in that
Described acquisition module is additionally operable to gather second biological information of active user;
Described encrypting module is additionally operable to represent at least one second attribute information of described second biological information in the form of vectors, and according to described preset-key, at least one second attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the second biological characteristic vector;
Described first sending module is additionally operable to send to described server described second biological characteristic vector, and described first biometric templates vector vectorial according to described second biological characteristic for described server generates the first Euclidean distance; And
Described identity authorization system also includes:
First receiver module, for receiving described first Euclidean distance from described server;
Deciphering module, obtains the second Euclidean distance for described first Euclidean distance carries out homomorphic decryption process;
Judge module, for determining whether described second biological information mates with described first biological information according to described second Euclidean distance, whether successful with the certification that determines one's identity.
7. identity authorization system according to claim 6, it is characterised in that described judge module is specifically for judging that whether described second Euclidean distance is less than or equal to predeterminable range; And
When judging described second Euclidean distance less than or equal to described predeterminable range, described second biological information is successful with described first biometric information matches, then authentication success;
When judging described second Euclidean distance more than described predeterminable range, described second biological information is failed with described first biometric information matches, then authentication failure.
8. the identity authorization system according to any one of claim 5 to 7, it is characterised in that
Described first biological information and described second biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
9. an identity identifying method, for server, it is characterised in that including:
Receive the 3rd biological characteristic vector of self terminal;
Described 3rd biological characteristic vector is stored as described second biometric templates vector, wherein, described 3rd biological characteristic vector is that at least one the 3rd attribute information of the 3rd biological information of the described terminal pre-set user to collecting carries out homomorphic cryptography and processes and obtain.
10. identity identifying method according to claim 9, it is characterised in that also include:
Receiving the 4th biological characteristic vector from described terminal, wherein, described 4th biological characteristic vector is that at least one the 4th attribute information of the 4th biological information of the described terminal active user to collecting carries out homomorphic cryptography and processes and obtain;
The 3rd Euclidean distance is obtained with the second biometric templates vector according to described 4th biological characteristic vector;
Described 3rd Euclidean distance is sent to described terminal, determines whether described 4th biological information mates with described 3rd biological information for described terminal according to described 3rd Euclidean distance; And
Described 3rd biological information and described 4th biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
11. an identity authorization system, for server, it is characterised in that including:
Second receiver module, the 3rd biological characteristic vector for receiving self terminal;
Memory module, for the described 3rd biological characteristic vector being stored as described second biometric templates vector, wherein, described 3rd biological characteristic vector is that at least one the 3rd attribute information of the 3rd biological information of the described terminal pre-set user to collecting carries out homomorphic cryptography and processes and obtain.
12. identity authorization system according to claim 11, it is characterized in that, described second receiver module is additionally operable to receive the 4th biological characteristic vector from described terminal, wherein, described 4th biological characteristic vector is that at least one the 4th attribute information of the 4th biological information of the described terminal active user to collecting carries out homomorphic cryptography and processes and obtain; And
Described identity authorization system also includes:
Processing module, for obtaining the 3rd Euclidean distance according to described 4th biological characteristic vector with the second biometric templates vector;
According to described 3rd Euclidean distance, second sending module, for sending described 3rd Euclidean distance to described terminal, determines whether described 4th biological information mates with described 3rd biological information for described terminal; And described 3rd biological information and described 4th biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
13. a terminal, it is characterised in that include the identity authorization system as described in any one of claim 5 to 8.
14. a server, it is characterised in that include the identity authorization system as described in claim 11 or 12.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510439665.7A CN105635099A (en) | 2015-07-23 | 2015-07-23 | Identity authentication method, identity authentication system, terminal and server |
PCT/CN2015/088472 WO2017012175A1 (en) | 2015-07-23 | 2015-08-30 | Identity authentication method, identity authentication system, terminal and server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510439665.7A CN105635099A (en) | 2015-07-23 | 2015-07-23 | Identity authentication method, identity authentication system, terminal and server |
Publications (1)
Publication Number | Publication Date |
---|---|
CN105635099A true CN105635099A (en) | 2016-06-01 |
Family
ID=56049595
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510439665.7A Pending CN105635099A (en) | 2015-07-23 | 2015-07-23 | Identity authentication method, identity authentication system, terminal and server |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN105635099A (en) |
WO (1) | WO2017012175A1 (en) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106951865A (en) * | 2017-03-21 | 2017-07-14 | 东莞理工学院 | A kind of secret protection biometric discrimination method based on Hamming distances |
CN107079034A (en) * | 2016-11-15 | 2017-08-18 | 深圳达闼科技控股有限公司 | A kind of identity authentication method, terminal device, certificate server and electronic equipment |
CN107196918A (en) * | 2017-04-27 | 2017-09-22 | 北京小米移动软件有限公司 | A kind of method and apparatus of matched data |
CN107919965A (en) * | 2018-01-05 | 2018-04-17 | 杭州电子科技大学 | A kind of biological characteristic sensitive information outsourcing identity identifying method based on homomorphic cryptography |
WO2018133282A1 (en) * | 2017-01-19 | 2018-07-26 | 华为技术有限公司 | Dynamic recognition method and terminal device |
CN108509874A (en) * | 2018-03-16 | 2018-09-07 | 联想(北京)有限公司 | A kind of data processing method and electronic equipment, computer storage media |
CN108933655A (en) * | 2018-07-12 | 2018-12-04 | 江苏慧学堂系统工程有限公司 | A kind of computer network authentication system |
CN109150538A (en) * | 2018-07-16 | 2019-01-04 | 广州大学 | A kind of fingerprint merges identity identifying method with vocal print |
CN109145829A (en) * | 2018-08-24 | 2019-01-04 | 中共中央办公厅电子科技学院 | A kind of safe and efficient face identification method based on deep learning and homomorphic cryptography |
CN109714148A (en) * | 2018-12-13 | 2019-05-03 | 北京九州云腾科技有限公司 | The method that remote multi-party certification is carried out to user identity |
CN112084476A (en) * | 2020-09-02 | 2020-12-15 | 支付宝(杭州)信息技术有限公司 | Biological identification identity verification method, client, server, equipment and system |
US11277258B1 (en) | 2020-09-11 | 2022-03-15 | Alipay (Hangzhou) Information Technology Co., Ltd. | Privacy protection-based user recognition methods, apparatuses, and devices |
CN115086014A (en) * | 2022-06-13 | 2022-09-20 | 中国银行股份有限公司 | Face comparison method and device |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112163542A (en) * | 2020-10-12 | 2021-01-01 | 桂林电子科技大学 | ElGamal encryption-based palm print privacy authentication method |
WO2023228140A2 (en) * | 2022-05-27 | 2023-11-30 | Vaultavo Inc | Digital custody |
CN117201698B (en) * | 2023-11-07 | 2024-01-12 | 北京隐算科技有限公司 | Safe and efficient image recognition method |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101984576A (en) * | 2010-10-22 | 2011-03-09 | 北京工业大学 | Method and system for authenticating anonymous identity based on face encryption |
CN102664885A (en) * | 2012-04-18 | 2012-09-12 | 南京邮电大学 | Identity authentication method based on biological feature encryption and homomorphic algorithm |
CN103731271A (en) * | 2013-12-30 | 2014-04-16 | 北京工业大学 | On-line face identity authentication method based on homomorphic encrypting and chaotic scrambling |
US20140281567A1 (en) * | 2013-03-15 | 2014-09-18 | Mitsubishi Electric Research Laboratories, Inc. | Method for Authenticating an Encryption of Biometric Data |
CN104598835A (en) * | 2014-12-29 | 2015-05-06 | 无锡清华信息科学与技术国家实验室物联网技术中心 | Cloud-based real number vector distance calculation method for protecting privacy |
-
2015
- 2015-07-23 CN CN201510439665.7A patent/CN105635099A/en active Pending
- 2015-08-30 WO PCT/CN2015/088472 patent/WO2017012175A1/en active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101984576A (en) * | 2010-10-22 | 2011-03-09 | 北京工业大学 | Method and system for authenticating anonymous identity based on face encryption |
CN102664885A (en) * | 2012-04-18 | 2012-09-12 | 南京邮电大学 | Identity authentication method based on biological feature encryption and homomorphic algorithm |
US20140281567A1 (en) * | 2013-03-15 | 2014-09-18 | Mitsubishi Electric Research Laboratories, Inc. | Method for Authenticating an Encryption of Biometric Data |
CN103731271A (en) * | 2013-12-30 | 2014-04-16 | 北京工业大学 | On-line face identity authentication method based on homomorphic encrypting and chaotic scrambling |
CN104598835A (en) * | 2014-12-29 | 2015-05-06 | 无锡清华信息科学与技术国家实验室物联网技术中心 | Cloud-based real number vector distance calculation method for protecting privacy |
Cited By (23)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107079034B (en) * | 2016-11-15 | 2020-07-28 | 深圳达闼科技控股有限公司 | Identity authentication method, terminal equipment, authentication server and electronic equipment |
CN107079034A (en) * | 2016-11-15 | 2017-08-18 | 深圳达闼科技控股有限公司 | A kind of identity authentication method, terminal device, certificate server and electronic equipment |
WO2018133282A1 (en) * | 2017-01-19 | 2018-07-26 | 华为技术有限公司 | Dynamic recognition method and terminal device |
CN108496170B (en) * | 2017-01-19 | 2021-05-07 | 华为技术有限公司 | Dynamic identification method and terminal equipment |
CN108496170A (en) * | 2017-01-19 | 2018-09-04 | 华为技术有限公司 | A kind of method and terminal device of Dynamic Recognition |
US11328044B2 (en) | 2017-01-19 | 2022-05-10 | Huawei Technologies Co., Ltd. | Dynamic recognition method and terminal device |
CN106951865A (en) * | 2017-03-21 | 2017-07-14 | 东莞理工学院 | A kind of secret protection biometric discrimination method based on Hamming distances |
CN106951865B (en) * | 2017-03-21 | 2020-04-07 | 东莞理工学院 | Privacy protection biological identification method based on Hamming distance |
CN107196918A (en) * | 2017-04-27 | 2017-09-22 | 北京小米移动软件有限公司 | A kind of method and apparatus of matched data |
CN107196918B (en) * | 2017-04-27 | 2020-10-30 | 北京小米移动软件有限公司 | Data matching method and device |
CN107919965A (en) * | 2018-01-05 | 2018-04-17 | 杭州电子科技大学 | A kind of biological characteristic sensitive information outsourcing identity identifying method based on homomorphic cryptography |
CN107919965B (en) * | 2018-01-05 | 2020-10-09 | 杭州电子科技大学 | Biological characteristic sensitive information outsourcing identity authentication method based on homomorphic encryption |
CN108509874A (en) * | 2018-03-16 | 2018-09-07 | 联想(北京)有限公司 | A kind of data processing method and electronic equipment, computer storage media |
CN108933655A (en) * | 2018-07-12 | 2018-12-04 | 江苏慧学堂系统工程有限公司 | A kind of computer network authentication system |
CN109150538A (en) * | 2018-07-16 | 2019-01-04 | 广州大学 | A kind of fingerprint merges identity identifying method with vocal print |
CN109150538B (en) * | 2018-07-16 | 2021-06-25 | 广州大学 | Fingerprint and voiceprint fusion identity authentication method |
CN109145829A (en) * | 2018-08-24 | 2019-01-04 | 中共中央办公厅电子科技学院 | A kind of safe and efficient face identification method based on deep learning and homomorphic cryptography |
CN109714148A (en) * | 2018-12-13 | 2019-05-03 | 北京九州云腾科技有限公司 | The method that remote multi-party certification is carried out to user identity |
CN109714148B (en) * | 2018-12-13 | 2022-06-10 | 北京九州云腾科技有限公司 | Method for remote multi-party authentication of user identity |
CN112084476A (en) * | 2020-09-02 | 2020-12-15 | 支付宝(杭州)信息技术有限公司 | Biological identification identity verification method, client, server, equipment and system |
US11277258B1 (en) | 2020-09-11 | 2022-03-15 | Alipay (Hangzhou) Information Technology Co., Ltd. | Privacy protection-based user recognition methods, apparatuses, and devices |
TWI767675B (en) * | 2020-09-11 | 2022-06-11 | 大陸商支付寶(杭州)信息技術有限公司 | User identification method, device and equipment under privacy protection |
CN115086014A (en) * | 2022-06-13 | 2022-09-20 | 中国银行股份有限公司 | Face comparison method and device |
Also Published As
Publication number | Publication date |
---|---|
WO2017012175A1 (en) | 2017-01-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105635099A (en) | Identity authentication method, identity authentication system, terminal and server | |
CN110414200B (en) | Identity authentication method, identity authentication device, storage medium and computer equipment | |
CN111738238B (en) | Face recognition method and device | |
US9621342B2 (en) | System and method for hierarchical cryptographic key generation using biometric data | |
CN106612259B (en) | Identity recognition, business processing and biological characteristic information processing method and equipment | |
US9218473B2 (en) | Creation and authentication of biometric information | |
CN103324879A (en) | System and method for identification verification on mobile terminal and based on face recognition and intelligent card | |
CN111095246B (en) | Method and electronic device for authenticating user | |
CN104751154A (en) | Fingerprint safe encryption method based on intelligent mobile information device | |
CN106936775A (en) | A kind of authentication method and system based on fingerprint recognition | |
CN113114668A (en) | Information transmission method, mobile terminal, storage medium and electronic equipment | |
CN112381000A (en) | Face recognition method, device, equipment and storage medium based on federal learning | |
CN114996727A (en) | Biological feature privacy encryption method and system based on palm print and palm vein recognition | |
CN109889532A (en) | Internet of things equipment safety certification and cryptographic key negotiation method based on environmental context | |
CN110619228B (en) | File decryption method, file encryption method, file management system and storage medium | |
US12019719B2 (en) | Method and electronic device for authenticating a user | |
US20230108664A1 (en) | Method for verifying liveness, and server using the same | |
CN114553528B (en) | Internal and external network data safety transmission system and transmission method thereof | |
KR101750292B1 (en) | Portable finger vein reader and biometric authentication method thereof | |
CN104601333A (en) | Two-dimensional code remote authentication method based on man-machine features | |
CN107818263B (en) | Electronic document processing method and device, and electronic document encryption method and device | |
CN109005158B (en) | Authentication method of dynamic gesture authentication system based on fuzzy safe | |
KR102528040B1 (en) | Kiosk and its control method | |
CN113079017B (en) | Fingerprint real-name authentication method and system for electronic signature | |
KR102476270B1 (en) | Wearalble device, authentication method thereof, and authentication method of authentication sever |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160601 |
|
RJ01 | Rejection of invention patent application after publication |