CN105635099A - Identity authentication method, identity authentication system, terminal and server - Google Patents

Identity authentication method, identity authentication system, terminal and server Download PDF

Info

Publication number
CN105635099A
CN105635099A CN201510439665.7A CN201510439665A CN105635099A CN 105635099 A CN105635099 A CN 105635099A CN 201510439665 A CN201510439665 A CN 201510439665A CN 105635099 A CN105635099 A CN 105635099A
Authority
CN
China
Prior art keywords
information
biological
euclidean distance
vector
biological information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510439665.7A
Other languages
Chinese (zh)
Inventor
钟焰涛
傅文治
林荣辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Original Assignee
Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yulong Computer Telecommunication Scientific Shenzhen Co Ltd filed Critical Yulong Computer Telecommunication Scientific Shenzhen Co Ltd
Priority to CN201510439665.7A priority Critical patent/CN105635099A/en
Priority to PCT/CN2015/088472 priority patent/WO2017012175A1/en
Publication of CN105635099A publication Critical patent/CN105635099A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Biomedical Technology (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The invention provides an identity authentication method, an identity authentication system, a terminal and a server. The identity authentication method comprises the following steps: collecting first biological characteristic information of a preset user; expressing at least one item of first attribute information of the first biological characteristic information in a vector form, and carrying out homomorphic encryption processing on the at least one item of first attribute information expressed in the vector form according to a preset key to generate a first biological characteristic vector; and sending the first biological characteristic vector to the server, thus allowing the server to store the first biological characteristic vector as a first biological characteristic template vector. By adopting the identity authentication method provided by the technical scheme, the secure storage and efficient authentication of the biological characteristic information of the user are realized.

Description

Identity identifying method, identity authorization system, terminal and server
Technical field
The present invention relates to technical field of biometric identification, in particular to a kind of identity identifying method, a kind of identity authorization system, a kind of terminal and a kind of server.
Background technology
At present, biological identification technology refers to the technology utilizing human body biological characteristics to carry out authentication, and common biological identification technology includes fingerprint recognition, recognition of face, iris identification etc.
The safety of the information on mobile terminal can be effectively protected in the upper integrated bio identification technology of mobile terminal (such as mobile phone); wherein; the storage of biometric templates data is a crucial problem; because the rogue program on mobile terminal may steal the biometric templates data of storage on mobile terminal; thus easily passing through biometric authentication; cause the leakage of important information, bring bad experience to user.
Homomorphic cryptography is a kind of special encryption technology, and it allows people that ciphertext carries out specific algebraic operation, and the operation result obtained is the same with to the result expressly carrying out same computing. In other words, this technology make us can be operated in the data of encryption, draw correct result, and without data are decrypted in whole processing procedure. But current homomorphic cryptography technology also cannot be directly applied to biometric templates mates in such complex calculation.
Therefore, need a kind of new identity identifying method, biological identification technology can be combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and can effectively avoid in prior art because user biological characteristic information being stored on terminal and server the problem easily maliciously stolen, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
Summary of the invention
The present invention is based on the problems referred to above, propose a kind of new technical scheme, by biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem effectively avoiding easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In view of this, first aspect of the present invention it is proposed a kind of identity identifying method, for terminal, including: gather first biological information of pre-set user; At least one first attribute information of described first biological information is represented in the form of vectors, and according to preset-key, at least one first attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the first biological characteristic vector; Described first biological characteristic vector is sent to server, for described server, described first biological characteristic vector is stored as the first biometric templates vector.
In this technical scheme, first the pre-stored process of the first biometric templates vector is carried out, specifically, by the first attribute information being available for authentication in the first biological information of the pre-set user collected is represented in the form of vectors, wherein, the first attribute information being available for authentication has one or more, and represent each item the first attribute information by vector form, a Vector Groups representing the first biological information can be obtained, each in this Vector Groups point vector is carried out homomorphic cryptography by the preset-key according to storage, the first biological characteristic vector can be obtained, then the first thing characteristic vector is sent to server, it is stored as the first biometric templates vector by server, wherein, preset-key can be that terminal randomly generates, setting can also be actually needed according to user, it is ultimately stored in terminal, it is about to the first biometric templates vector through homomorphic cryptography generates store in the server, and the preset-key for deciphering stores in the terminal, then server cannot know this preset-key, so, by biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, it is preferable that also include: gather second biological information of active user; At least one second attribute information of described second biological information is represented in the form of vectors, and according to described preset-key, at least one second attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the second biological characteristic vector; Sending described second biological characteristic vector to described server, and described first biometric templates vector vectorial according to described second biological characteristic for described server generates the first Euclidean distance; Receive described first Euclidean distance from described server; Described first Euclidean distance is carried out homomorphic decryption process and obtains the second Euclidean distance; Determine whether described second biological information mates with described first biological information according to described second Euclidean distance, whether successful with the certification that determines one's identity.
In this technical scheme, by the second attribute information being available for authentication in second biological information of the active user collected is represented in the form of vectors, wherein, the second attribute information being available for authentication has one or more, and represent each item the second attribute information by vector form, a Vector Groups representing the second biological information can be obtained, according to preset-key, each in this Vector Groups point vector is carried out homomorphic cryptography, the second biological characteristic vector can be obtained, then the second biological characteristic vector is sent to server, for server in the case of non-decrypting, calculate the first Euclidean distance of the second biological characteristic vector and the first biometric templates vector of its pre-stored, certainly, first Euclidean distance is also encryption, server also cannot know the concrete outcome of the first Euclidean distance, so, it is possible to prevent the first biometric templates vector of server abuse user, ensure that the safety of matching result.
Additionally, by the first biometric templates vector is stored in the server, compared with prior art, avoid the problem easily maliciously stolen because being stored in terminal by the first biometric templates vector, calculated first Euclidean distance is sent to terminal by server, by terminal, it is carried out homomorphic decryption and obtain the second Euclidean distance, and then can determine whether the second biological information mates with described first biological information according to the second Euclidean distance, whether successful with the certification that determines one's identity, namely store in the terminal for the preset-key of homomorphic decryption, server cannot know this preset-key, further ensure that the safety and reliability of authentication.
By biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, preferably, determine whether described second biological information mates with described first biological information according to described second Euclidean distance, whether successful with the certification that determines one's identity, specifically include: judge that whether described second Euclidean distance is less than or equal to predeterminable range; And when judging described second Euclidean distance less than or equal to described predeterminable range, described second biological information is successful with described first biometric information matches, then authentication success; When judging described second Euclidean distance more than described predeterminable range, described second biological information is failed with described first biometric information matches, then authentication failure.
In this technical scheme, whether the second biological information mates with described first biological information is determined by the second Euclidean distance, by judging that the second Euclidean distance can determine if to mate with the size of predeterminable range, specifically, when judging the second Euclidean distance less than or equal to predeterminable range, second biological information and described first biometric information matches success, then show authenticating user identification success, otherwise, authentication failure, so, effectively avoid the problem easily maliciously stolen in prior art because being stored in terminal by the first biometric templates vector, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience. wherein, predeterminable range can need to calculate out according to practical application scene.
In technique scheme, it is preferable that described first biological information and described second biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
In this technical scheme, first biological information and the second biological information include at least but are not limited to one below or its combination: information in fingerprint, iris image information and human face image information, namely this programme can realize based on different biological informations, so that server need not be deciphered just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by the first biometric templates vector in prior art, and then improve the effect of the safety and reliability of the authentication based on biological information, further increase the suitability of authentication.
According to the second aspect of the invention, it is proposed that a kind of identity authorization system, for terminal, including: acquisition module, for gathering the first biological information of pre-set user; Encrypting module, for at least one first attribute information of described first biological information is represented in the form of vectors, and according to preset-key, at least one first attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the first biological characteristic vector; First sending module, for sending described first biological characteristic vector to server, is stored as the first biometric templates for described server vectorial by described first biological characteristic vector.
In this technical scheme, first the pre-stored process of the first biometric templates vector is carried out, specifically, by the first attribute information being available for authentication in the first biological information of the pre-set user collected is represented in the form of vectors, wherein, the first attribute information being available for authentication has one or more, and represent each item the first attribute information by vector form, a Vector Groups representing the first biological information can be obtained, each in this Vector Groups point vector is carried out homomorphic cryptography by the preset-key according to storage, the first biological characteristic vector can be obtained, then the first thing characteristic vector is sent to server, it is stored as the first biometric templates vector by server, wherein, preset-key can be that terminal randomly generates, setting can also be actually needed according to user, it is ultimately stored in terminal, it is about to the first biometric templates vector through homomorphic cryptography generates store in the server, and the preset-key for deciphering stores in the terminal, then server cannot know this preset-key, so, by biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, it is preferable that described acquisition module is additionally operable to gather second biological information of active user; Described encrypting module is additionally operable to represent at least one second attribute information of described second biological information in the form of vectors, and according to described preset-key, at least one second attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the second biological characteristic vector; Described first sending module is additionally operable to send to described server described second biological characteristic vector, and described first biometric templates vector vectorial according to described second biological characteristic for described server generates the first Euclidean distance; And described identity authorization system also includes: the first receiver module, for receiving described first Euclidean distance from described server; Deciphering module, obtains the second Euclidean distance for described first Euclidean distance carries out homomorphic decryption process; Judge module, for determining whether described second biological information mates with described first biological information according to described second Euclidean distance, whether successful with the certification that determines one's identity.
In this technical scheme, by the second attribute information being available for authentication in second biological information of the active user collected is represented in the form of vectors, wherein, the second attribute information being available for authentication has one or more, and represent each item the second attribute information by vector form, a Vector Groups representing the second biological information can be obtained, according to preset-key, each in this Vector Groups point vector is carried out homomorphic cryptography, the second biological characteristic vector can be obtained, then the second biological characteristic vector is sent to server, for server in the case of non-decrypting, calculate the first Euclidean distance of the second biological characteristic vector and the first biometric templates vector of its pre-stored, certainly, first Euclidean distance is also encryption, server also cannot know the concrete outcome of the first Euclidean distance, so, it is possible to prevent the first biometric templates vector of server abuse user, ensure that the safety of matching result.
Additionally, by the first biometric templates vector is stored in the server, compared with prior art, avoid the problem easily maliciously stolen because being stored in terminal by the first biometric templates vector, calculated first Euclidean distance is sent to terminal by server, by terminal, it is carried out homomorphic decryption and obtain the second Euclidean distance, and then can determine whether the second biological information mates with described first biological information according to the second Euclidean distance, whether successful with the certification that determines one's identity, namely store in the terminal for the preset-key of homomorphic decryption, server cannot know this preset-key, further ensure that the safety and reliability of authentication.
By biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, it is preferable that described judge module is specifically for judging that whether described second Euclidean distance is less than or equal to predeterminable range; And when judging described second Euclidean distance less than or equal to described predeterminable range, described second biological information is successful with described first biometric information matches, then authentication success; When judging described second Euclidean distance more than described predeterminable range, described second biological information is failed with described first biometric information matches, then authentication failure.
In this technical scheme, whether the second biological information and the first biological information mate is determined by the second Euclidean distance, by judging that the second Euclidean distance can determine if to mate with the size of predeterminable range, specifically, when judging the second Euclidean distance less than or equal to predeterminable range, second biological information and the success of the first biometric information matches, then show authenticating user identification success, otherwise, authentication failure, so, effectively avoid the problem easily maliciously stolen in prior art because being stored in terminal by the first biometric templates vector, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience. wherein, predeterminable range can need to calculate out according to practical application scene.
In technique scheme, it is preferable that described first biological information and described second biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
In this technical scheme, first biological information and the second biological information include at least but are not limited to one below or its combination: information in fingerprint, iris image information and human face image information, namely this programme can realize based on different biological informations, so that server need not be deciphered just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by the first biometric templates vector in prior art, and then improve the effect of the safety and reliability of the authentication based on biological information, further increase the suitability of authentication.
According to the third aspect of the invention we, it is proposed that a kind of identity identifying method, for server, including: receive the 3rd biological characteristic vector of self terminal; Described 3rd biological characteristic vector is stored as described second biometric templates vector, wherein, described 3rd biological characteristic vector is that at least one the 3rd attribute information of the 3rd biological information of the described terminal pre-set user to collecting carries out homomorphic cryptography and processes and obtain.
In this technical scheme, first the process of the second biometric templates vector storage is carried out, specifically, by the 3rd biological characteristic vector carrying out self terminal received is stored as the second biometric templates vector, think the premise guarantee being smoothed out providing necessity of subsequent match step, wherein, 3rd biological characteristic vector is that each item the 3rd attribute information being available for authentication of the 3rd biological information of the terminal pre-set user to collecting carries out homomorphic cryptography and processes and obtain, namely it is the vector that obtains of encrypted process, server cannot know its particular content equally, so, avoid the biological information of server abuse user, further increase the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, preferably, also include: receive the 4th biological characteristic vector from described terminal, wherein, described 4th biological characteristic vector is that at least one the 4th attribute information of the 4th biological information of the described terminal active user to collecting carries out homomorphic cryptography and processes and obtain; The 3rd Euclidean distance is obtained with the second biometric templates vector according to described 4th biological characteristic vector; Described 3rd Euclidean distance is sent to described terminal, determines whether described 4th biological information mates with described 3rd biological information for described terminal according to described 3rd Euclidean distance; And described 3rd biological information and described 4th biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
In this technical scheme, by sending to terminal with the second calculated 3rd Euclidean distance of biometric templates vector according to the 4th biological characteristic vector, for terminal, it is carried out homomorphic decryption, and then whether the certification that determines one's identity is successful, wherein, 4th biological characteristic vector is that each item the 4th attribute information being available for authentication of the 4th biological information of the terminal active user to collecting carries out homomorphic cryptography and processes and obtain, namely it is the vector that obtains of encrypted process, server cannot know its particular content, so, by biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, avoid the biological information of server abuse user, further increase the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
Additionally, 3rd biological information and the 4th biological information include at least but are not limited to one below or its combination: information in fingerprint, iris image information and human face image information, namely this programme can realize based on different biological informations, so that server need not decipher the problem that just can carry out correct biometric information matches and can effectively avoid easily maliciously being stolen because being stored in terminal by the second biometric templates vector in prior art, and then improve the effect of the safety and reliability of the authentication based on biological information, further increase the suitability of authentication.
According to the fourth aspect of the invention, it is proposed that a kind of identity authorization system, for server, including: the second receiver module, the 3rd biological characteristic vector for receiving self terminal; Memory module, for the described 3rd biological characteristic vector being stored as described second biometric templates vector, wherein, described 3rd biological characteristic vector is that at least one the 3rd attribute information of the 3rd biological information of the described terminal pre-set user to collecting carries out homomorphic cryptography and processes and obtain.
In this technical scheme, first the process of the second biometric templates vector storage is carried out, specifically, by the 3rd biological characteristic vector carrying out self terminal received is stored as the second biometric templates vector, think the premise guarantee being smoothed out providing necessity of subsequent match step, wherein, 3rd biological characteristic vector is that each item the 3rd attribute information being available for authentication of the 3rd biological information of the terminal pre-set user to collecting carries out homomorphic cryptography and processes and obtain, namely it is the vector that obtains of encrypted process, server cannot know its particular content equally, so, avoid the biological information of server abuse user, further increase the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, preferably, described second receiver module is additionally operable to receive the 4th biological characteristic vector from described terminal, wherein, described 4th biological characteristic vector is that at least one the 4th attribute information of the 4th biological information of the described terminal active user to collecting carries out homomorphic cryptography and processes and obtain; Described identity authorization system also includes: processing module is additionally operable to obtain the 3rd Euclidean distance according to described 4th biological characteristic vector with the second biometric templates vector; And described identity authorization system also includes: the second sending module, for sending described 3rd Euclidean distance to described terminal, determine whether described 4th biological information mates with described 3rd biological information for described terminal according to described 3rd Euclidean distance; And described 3rd biological information and described 4th biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
In this technical scheme, by sending to terminal with the second calculated 3rd Euclidean distance of biometric templates vector according to the 4th biological characteristic vector, for terminal, it is carried out homomorphic decryption, and then whether the certification that determines one's identity is successful, wherein, 4th biological characteristic vector is that each item the 4th attribute information being available for authentication of the 4th biological information of the terminal active user to collecting carries out homomorphic cryptography and processes and obtain, namely it is the vector that obtains of encrypted process, server cannot know its particular content, so, by biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, avoid the biological information of server abuse user, further increase the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
Additionally, 3rd biological information and the 4th biological information include at least but are not limited to one below or its combination: information in fingerprint, iris image information and human face image information, namely this programme can realize based on different biological informations, so that server need not decipher the problem that just can carry out correct biometric information matches and can effectively avoid easily maliciously being stolen because being stored in terminal by the second biometric templates vector in prior art, and then improve the effect of the safety and reliability of the authentication based on biological information, further increase the suitability of authentication.
According to the fifth aspect of the invention, propose a kind of terminal, including: the identity authorization system as described in terminal according to any one of technique scheme, therefore there are all beneficial effects of the identity authorization system described in terminal according to any one of technique scheme, repeat no more here.
According to the sixth aspect of the invention, propose a kind of server, including: the identity authorization system as described in server according to any one of technique scheme, therefore there are all beneficial effects of the identity authorization system described in server according to any one of technique scheme, repeat no more here.
Pass through technical scheme, biological identification technology can be combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
Accompanying drawing explanation
Fig. 1 illustrates the schematic flow sheet of identity identifying method according to an embodiment of the invention;
Fig. 2 illustrates the block diagram of identity authorization system according to an embodiment of the invention;
Fig. 3 illustrates the schematic flow sheet of identity identifying method according to another embodiment of the invention;
Fig. 4 illustrates the block diagram of identity authorization system according to another embodiment of the invention;
Fig. 5 illustrates the block diagram of terminal according to an embodiment of the invention;
Fig. 6 illustrates the block diagram of server according to an embodiment of the invention;
Fig. 7 illustrates the schematic flow sheet of identity identifying method according to still another embodiment of the invention;
Fig. 8 illustrates the schematic flow sheet of biological information register method according to an embodiment of the invention.
Detailed description of the invention
In order to the above-mentioned purpose of the present invention, feature and advantage can be more clearly understood that, below in conjunction with the drawings and specific embodiments, the present invention is further described in detail. It should be noted that when not conflicting, embodiments herein and the feature in embodiment can be mutually combined.
Elaborate a lot of detail in the following description so that fully understanding the present invention; but; the present invention can also adopt other to be different from other modes described here to implement, and therefore, protection scope of the present invention is by the restriction of following public specific embodiment.
Fig. 1 illustrates the schematic flow sheet of identity identifying method according to an embodiment of the invention.
As it is shown in figure 1, the identity identifying method of one embodiment of the present of invention, for terminal, including: step 102, gather the first biological information of pre-set user; At least one first attribute information of described first biological information is represented by step 104 in the form of vectors, and according to preset-key, at least one first attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the first biological characteristic vector; Described first biological characteristic vector is sent to server by step 106, for described server, described first biological characteristic vector is stored as the first biometric templates vector.
In this technical scheme, first the pre-stored process of the first biometric templates vector is carried out, specifically, by the first attribute information being available for authentication in the first biological information of the pre-set user collected is represented in the form of vectors, wherein, the first attribute information being available for authentication has one or more, and represent each item the first attribute information by vector form, a Vector Groups representing the first biological information can be obtained, each in this Vector Groups point vector is carried out homomorphic cryptography by the preset-key according to storage, the first biological characteristic vector can be obtained, then the first thing characteristic vector is sent to server, it is stored as the first biometric templates vector by server, wherein, preset-key can be that terminal randomly generates, setting can also be actually needed according to user, it is ultimately stored in terminal, it is about to the first biometric templates vector through homomorphic cryptography generates store in the server, and the preset-key for deciphering stores in the terminal, then server cannot know this preset-key, so, by biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, it is preferable that also include: gather second biological information of active user; At least one second attribute information of described second biological information is represented in the form of vectors, and according to described preset-key, at least one second attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the second biological characteristic vector; Sending described second biological characteristic vector to described server, and described first biometric templates vector vectorial according to described second biological characteristic for described server generates the first Euclidean distance; Receive described first Euclidean distance from described server; Described first Euclidean distance is carried out homomorphic decryption process and obtains the second Euclidean distance; Determine whether described second biological information mates with described first biological information according to described second Euclidean distance, whether successful with the certification that determines one's identity.
In this technical scheme, by the second attribute information being available for authentication in second biological information of the active user collected is represented in the form of vectors, wherein, the second attribute information being available for authentication has one or more, and represent each item the second attribute information by vector form, a Vector Groups representing the second biological information can be obtained, according to preset-key, each in this Vector Groups point vector is carried out homomorphic cryptography, the second biological characteristic vector can be obtained, then the second biological characteristic vector is sent to server, for server in the case of non-decrypting, calculate the first Euclidean distance of the second biological characteristic vector and the first biometric templates vector of its pre-stored, certainly, first Euclidean distance is also encryption, server also cannot know the concrete outcome of the first Euclidean distance, so, it is possible to prevent the first biometric templates vector of server abuse user, ensure that the safety of matching result.
Additionally, by the first biometric templates vector is stored in the server, compared with prior art, avoid the problem easily maliciously stolen because being stored in terminal by the first biometric templates vector, calculated first Euclidean distance is sent to terminal by server, by terminal, it is carried out homomorphic decryption and obtain the second Euclidean distance, and then can determine whether the second biological information mates with described first biological information according to the second Euclidean distance, whether successful with the certification that determines one's identity, namely store in the terminal for the preset-key of homomorphic decryption, server cannot know this preset-key, further ensure that the safety and reliability of authentication.
By biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, preferably, determine whether described second biological information mates with described first biological information according to described second Euclidean distance, whether successful with the certification that determines one's identity, specifically include: judge that whether described second Euclidean distance is less than or equal to predeterminable range; And when judging described second Euclidean distance less than or equal to described predeterminable range, described second biological information is successful with described first biometric information matches, then authentication success; When judging described second Euclidean distance more than described predeterminable range, described second biological information is failed with described first biometric information matches, then authentication failure.
In this technical scheme, whether the second biological information mates with described first biological information is determined by the second Euclidean distance, by judging that the second Euclidean distance can determine if to mate with the size of predeterminable range, specifically, when judging the second Euclidean distance less than or equal to predeterminable range, described second biological information and described first biometric information matches success, then show authenticating user identification success, otherwise, authentication failure, so, effectively avoid the problem easily maliciously stolen in prior art because being stored in terminal by the first biometric templates vector, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience. wherein, predeterminable range can need to calculate out according to practical application scene.
In technique scheme, it is preferable that described first biological information and described second biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
In this technical scheme, first biological information and the second biological information include at least but are not limited to one below or its combination: information in fingerprint, iris image information and human face image information, namely this programme can realize based on different biological informations, so that server need not be deciphered just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by the first biometric templates vector in prior art, and then improve the effect of the safety and reliability of the authentication based on biological information, further increase the suitability of authentication.
Fig. 2 illustrates the block diagram of identity authorization system according to an embodiment of the invention.
As in figure 2 it is shown, the identity authorization system 200 of one embodiment of the present of invention, for terminal, including: acquisition module 202, for gathering the first biological information of pre-set user; Encrypting module 204, for at least one first attribute information of described first biological information is represented in the form of vectors, and according to preset-key, at least one first attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the first biological characteristic vector; First sending module 206, for sending described first biological characteristic vector to server, is stored as the first biometric templates for described server vectorial by described first biological characteristic vector.
In this technical scheme, first the pre-stored process of the first biometric templates vector is carried out, specifically, by the first attribute information being available for authentication in the first biological information of the pre-set user collected is represented in the form of vectors, wherein, the first attribute information being available for authentication has one or more, and represent each item the first attribute information by vector form, a Vector Groups representing the first biological information can be obtained, each in this Vector Groups point vector is carried out homomorphic cryptography by the preset-key according to storage, the first biological characteristic vector can be obtained, then the first thing characteristic vector is sent to server, it is stored as the first biometric templates vector by server, wherein, preset-key can be that terminal randomly generates, setting can also be actually needed according to user, it is ultimately stored in terminal, it is about to the first biometric templates vector through homomorphic cryptography generates store in the server, and the preset-key for deciphering stores in the terminal, then server cannot know this preset-key, so, by biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, it is preferable that described acquisition module 202 is additionally operable to gather second biological information of active user; Described encrypting module 204 is additionally operable to represent at least one second attribute information of described second biological information in the form of vectors, and according to described preset-key, at least one second attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the second biological characteristic vector; Described first sending module 206 is additionally operable to send to described server described second biological characteristic vector, and described first biometric templates vector vectorial according to described second biological characteristic for described server generates the first Euclidean distance; And described identity authorization system 200 also includes: the first receiver module 208, for receiving described first Euclidean distance from described server; Deciphering module 210, obtains the second Euclidean distance for described first Euclidean distance carries out homomorphic decryption process; Judge module 212, for determining whether described second biological information mates with described first biological information according to described second Euclidean distance, whether successful with the certification that determines one's identity.
In this technical scheme, by the second attribute information being available for authentication in second biological information of the active user collected is represented in the form of vectors, wherein, the second attribute information being available for authentication has one or more, and represent each item the second attribute information by vector form, a Vector Groups representing the second biological information can be obtained, according to preset-key, each in this Vector Groups point vector is carried out homomorphic cryptography, the second biological characteristic vector can be obtained, then the second biological characteristic vector is sent to server, for server in the case of non-decrypting, calculate the first Euclidean distance of the second biological characteristic vector and the first biometric templates vector of its pre-stored, certainly, first Euclidean distance is also encryption, server also cannot know the concrete outcome of the first Euclidean distance, so, it is possible to prevent the first biometric templates vector of server abuse user, ensure that the safety of matching result.
Additionally, by the first biometric templates vector is stored in the server, compared with prior art, avoid the problem easily maliciously stolen because being stored in terminal by the first biometric templates vector, calculated first Euclidean distance is sent to terminal by server, by terminal, it is carried out homomorphic decryption and obtain the second Euclidean distance, and then can determine whether the second biological information mates with described first biological information according to the second Euclidean distance, whether successful with the certification that determines one's identity, namely store in the terminal for the preset-key of homomorphic decryption, server cannot know this preset-key, further ensure that the safety and reliability of authentication.
By biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, it is preferable that described judge module 212 is specifically for judging that whether described second Euclidean distance is less than or equal to predeterminable range; And when judging described second Euclidean distance less than or equal to described predeterminable range, described second biological information is successful with described first biometric information matches, then authentication success; When judging described second Euclidean distance more than described predeterminable range, described second biological information is failed with described first biometric information matches, then authentication failure.
In this technical scheme, whether the second biological information and the first biological information mate is determined by the second Euclidean distance, by judging that the second Euclidean distance can determine if to mate with the size of predeterminable range, specifically, when judging the second Euclidean distance less than or equal to predeterminable range, second biological information and the success of the first biometric information matches, then show authenticating user identification success, otherwise, authentication failure, so, effectively avoid the problem easily maliciously stolen in prior art because being stored in terminal by the first biometric templates vector, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience. wherein, predeterminable range can need to calculate out according to practical application scene.
In technique scheme, it is preferable that described first biological information and described second biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
In this technical scheme, first biological information and the second biological information include at least but are not limited to one below or its combination: information in fingerprint, iris image information and human face image information, namely this programme can realize based on different biological informations, so that server need not be deciphered just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by the first biometric templates vector in prior art, and then improve the effect of the safety and reliability of the authentication based on biological information, further increase the suitability of authentication.
Fig. 3 illustrates the schematic flow sheet of identity identifying method according to another embodiment of the invention.
As it is shown on figure 3, the identity identifying method of an alternative embodiment of the invention, for server, including: step 302, receive the 3rd biological characteristic vector of self terminal; Step 304, described 3rd biological characteristic vector is stored as described second biometric templates vector, wherein, described 3rd biological characteristic vector is that at least one the 3rd attribute information of the 3rd biological information of the described terminal pre-set user to collecting carries out homomorphic cryptography and processes and obtain.
In this technical scheme, first the process of the second biometric templates vector storage is carried out, specifically, by the 3rd biological characteristic vector carrying out self terminal received is stored as the second biometric templates vector, think the premise guarantee being smoothed out providing necessity of subsequent match step, wherein, 3rd biological characteristic vector is that each item the 3rd attribute information being available for authentication of the 3rd biological information of the terminal pre-set user to collecting carries out homomorphic cryptography and processes and obtain, namely it is the vector that obtains of encrypted process, server cannot know its particular content equally, so, avoid the biological information of server abuse user, further increase the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, preferably, also include: receive the 4th biological characteristic vector from described terminal, wherein, described 4th biological characteristic vector is that at least one the 4th attribute information of the 4th biological information of the described terminal active user to collecting carries out homomorphic cryptography and processes and obtain; The 3rd Euclidean distance is obtained with the second biometric templates vector according to described 4th biological characteristic vector; Described 3rd Euclidean distance is sent to described terminal, determines whether described 4th biological information mates with described 3rd biological information for described terminal according to described 3rd Euclidean distance; And described 3rd biological information and described 4th biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
In this technical scheme, by sending to terminal with the second calculated 3rd Euclidean distance of biometric templates vector according to the 4th biological characteristic vector, for terminal, it is carried out homomorphic decryption, and then whether the certification that determines one's identity is successful, wherein, 4th biological characteristic vector is that each item the 4th attribute information being available for authentication of the 4th biological information of the terminal active user to collecting carries out homomorphic cryptography and processes and obtain, namely it is the vector that obtains of encrypted process, server cannot know its particular content, so, by biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, avoid the biological information of server abuse user, further increase the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
Additionally, 3rd biological information and the 4th biological information include at least but are not limited to one below or its combination: information in fingerprint, iris image information and human face image information, namely this programme can realize based on different biological informations, so that server need not decipher the problem that just can carry out correct biometric information matches and can effectively avoid easily maliciously being stolen because being stored in terminal by the second biometric templates vector in prior art, and then improve the effect of the safety and reliability of the authentication based on biological information, further increase the suitability of authentication.
Fig. 4 illustrates the block diagram of identity authorization system according to another embodiment of the invention.
As shown in Figure 4, the identity authorization system 400 of an alternative embodiment of the invention, for server, including: the second receiver module 402, the 3rd biological characteristic vector for receiving self terminal; Memory module 404, for the described 3rd biological characteristic vector being stored as described second biometric templates vector, wherein, described 3rd biological characteristic vector is that at least one the 3rd attribute information of the 3rd biological information of the described terminal pre-set user to collecting carries out homomorphic cryptography and processes and obtain.
In this technical scheme, first the process of the second biometric templates vector storage is carried out, specifically, by the 3rd biological characteristic vector carrying out self terminal received is stored as the second biometric templates vector, think the premise guarantee being smoothed out providing necessity of subsequent match step, wherein, 3rd biological characteristic vector is that each item the 3rd attribute information being available for authentication of the 3rd biological information of the terminal pre-set user to collecting carries out homomorphic cryptography and processes and obtain, namely it is the vector that obtains of encrypted process, server cannot know its particular content equally, so, avoid the biological information of server abuse user, further increase the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
In technique scheme, preferably, described second receiver module 402 is additionally operable to receive the 4th biological characteristic vector from described terminal, wherein, described 4th biological characteristic vector is that at least one the 4th attribute information of the 4th biological information of the described terminal active user to collecting carries out homomorphic cryptography and processes and obtain; And described identity authorization system also includes: processing module 406, for obtaining the 3rd Euclidean distance according to described 4th biological characteristic vector with the second biometric templates vector; According to described 3rd Euclidean distance, second sending module 408, for sending described 3rd Euclidean distance to described terminal, determines whether described 4th biological information mates with described 3rd biological information for described terminal; And described 3rd biological information and described 4th biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
In this technical scheme, by sending to terminal with the second calculated 3rd Euclidean distance of biometric templates vector according to the 4th biological characteristic vector, for terminal, it is carried out homomorphic decryption, and then whether the certification that determines one's identity is successful, wherein, 4th biological characteristic vector is that each item the 4th attribute information being available for authentication of the 4th biological information of the terminal active user to collecting carries out homomorphic cryptography and processes and obtain, namely it is the vector that obtains of encrypted process, server cannot know its particular content, so, by biological identification technology is combined with homomorphic cryptography technology, make server to decipher and just can carry out correct biometric information matches, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, avoid the biological information of server abuse user, further increase the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
Additionally, 3rd biological information and the 4th biological information include at least but are not limited to one below or its combination: information in fingerprint, iris image information and human face image information, namely this programme can realize based on different biological informations, so that server need not decipher the problem that just can carry out correct biometric information matches and can effectively avoid easily maliciously being stolen because being stored in terminal by the second biometric templates vector in prior art, and then improve the effect of the safety and reliability of the authentication based on biological information, further increase the suitability of authentication.
Fig. 5 illustrates the block diagram of terminal according to an embodiment of the invention.
As shown in Figure 5, the terminal 500 of one embodiment of the present of invention, including: the identity authorization system 200 as described in terminal 500 according to any one of technique scheme, therefore there are all beneficial effects of the identity authorization system 200 described in terminal 500 according to any one of technique scheme, repeat no more here.
Fig. 6 illustrates the block diagram of server according to an embodiment of the invention.
As shown in Figure 6, the server 600 of one embodiment of the present of invention, including: the identity authorization system 400 as described in server 600 according to any one of technique scheme, therefore there are all beneficial effects of the identity authorization system 400 described in server 600 according to any one of technique scheme, repeat no more here.
Technical scheme is described in detail below in conjunction with Fig. 7 and Fig. 8:
Fig. 7 illustrates the schematic flow sheet of identity identifying method according to still another embodiment of the invention.
Fig. 8 illustrates the schematic flow sheet of biological information register method according to an embodiment of the invention.
In the present embodiment biometric templates (i.e. the first biometric templates vector) is expressed as the form of vector, and each component of this vector is carried out homomorphic cryptography respectively, at least one second attribute information of second biological information is represented in the form of vectors, and according to preset-key, at least one second attribute information represented in the form of vectors is carried out homomorphic cryptography process, to generate the second biological characteristic vector; Similarity between two vectors (i.e. the second biological characteristic vector and the first biological characteristic masterplate vector) is determined by the Euclidean distance of the two vector, when distance therebetween is less than certain threshold value (i.e. predeterminable range), thinking that the match is successful, otherwise it fails to match; Calculate the Euclidean distance (i.e. the first Euclidean distance) between two vectors after encryption beyond the clouds, after result is sent to mobile phone terminal, mobile phone terminal deciphering obtains the Euclidean distance (i.e. the second Euclidean distance) between two vectors of unencrypted, thus judging user, whether certification is successful.
Enc in this programme descriptionkRepresent and perform homomorphic cryptography operation, Dec with k for keykRepresent and perform homomorphic decryption operation with k for key;
This programme includes two flow processs: biological characteristic registration and upload procedure, authentication procedures.
As it is shown in fig. 7, the identity identifying method of another embodiment of the present invention, specifically include:
Step 702, mobile phone gathers the biometric image (i.e. the second biological information) of user.
Step 704, processes biometric image, extracts the feature that vector form represents different, forms biological characteristic Vector Groups, such as (t1',t'2,����,t'n)��
Step 706, reads the key group (k of mobile phone storage1,k2,����,kn), component each in features described above vector is carried out homomorphic cryptography respectively, obtains(i.e. the second biological characteristic vector), wherein i=1,2 ..., n.
Represent in the form of vectors by least one second attribute information of the second biological information, and according to preset-key, at least one second attribute information represented in the form of vectors is carried out homomorphic cryptography process, to generate the second biological characteristic vector.
Step 708, by (e1',e'2,����,e'n) (namely second biological characteristic vector) be uploaded to Cloud Server.
Step 710, Cloud Server reads stored encryption biometric templates (e1,e2,����,en)��
Step 712, Cloud Server calculate input biological characteristic and register the Euclidean distance of biometric templates asNamely server generates the first Euclidean distance according to described second biological characteristic vector with the first biological characteristic vector.
Step 714, Euclidean distance (i.e. the first Euclidean distance) is sent to mobile phone by Cloud Server.
Step 716, Euclidean distance (i.e. the first Euclidean distance) result is deciphered by mobile phone, obtains the second Euclidean distance.
Step 718, according to the value of dist (i.e. the second Euclidean distance), mobile phone judges that whether user authentication is successful, if dist is more than or equal to certain threshold value h, then certification success, otherwise authentification failure
As shown in Figure 8, the biological information register method of one embodiment of the present of invention, including:
Step 802, mobile phone gathers the biological characteristic (i.e. the first biological information) of active user, and biological attribute data here may refer to stricture of vagina, iris, face etc., and what collect is the image of fingerprint, iris, face etc.
Step 804, processes biometric image, extracts the characteristic (i.e. the first attribute information) being available for identification, and represents in the form of vectors and different characteristic form Vector Groups, such as (t1,t2,����,tn)��
Step 806, selectes a group key (i.e. preset-key) such as: k1,k2,����,kn, to Vector Groups (t1,t2,����,tn) in each component carry out homomorphic cryptography respectively, obtain(i.e. the second biological characteristic vector), wherein i=1,2 ..., n.
Step 808, by (e1,e2,����,en) (namely first biological characteristic vector) be uploaded to Cloud Server, for server, described first biological characteristic vector is stored as the second biometric templates vector.
Step 810, mobile phone storage key group (k1,k2,����,kn)��
The beneficial effect of the present embodiment:
1, mobile phone this locality does not store biometric templates, and this locality does not have disclosure risk;
2, the biometric templates of high in the clouds storage is through encryption, will not leak;
3, homomorphic encryption scheme is used, it is ensured that the biometric templates through encryption need not be deciphered and just can perform user authentication.
In the present embodiment, mobile phone gathers the biological attribute data of user, form after vector encrypting and transmitting to Cloud Server (i.e. server), under Cloud Server helps, mobile phone calculates the Euclidean distance between gathered biological attribute data and registration biometric templates (i.e. the second biological characteristic vector and the first biometric templates vector), and judges that whether certification is successful according to result.
Technical scheme is described in detail above in association with accompanying drawing, by biological identification technology is combined with homomorphic cryptography technology, make server to decipher just to carry out correct biological special information and levy coupling, and the problem that can effectively avoid easily maliciously being stolen because being stored in terminal by user biological characteristic information in prior art, achieve the safe storage of user biological characteristic information, improve the safety and reliability of the authentication based on biological information, thus improving Consumer's Experience.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations. All within the spirit and principles in the present invention, any amendment of making, equivalent replacement, improvement etc., should be included within protection scope of the present invention.

Claims (14)

1. an identity identifying method, for terminal, it is characterised in that including:
Gather the first biological information of pre-set user;
At least one first attribute information of described first biological information is represented in the form of vectors, and according to preset-key, at least one first attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the first biological characteristic vector;
Described first biological characteristic vector is sent to server, for described server, described first biological characteristic vector is stored as the first biometric templates vector.
2. identity identifying method according to claim 1, it is characterised in that also include:
Gather second biological information of active user;
At least one second attribute information of described second biological information is represented in the form of vectors, and according to described preset-key, at least one second attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the second biological characteristic vector;
Sending described second biological characteristic vector to described server, and described first biometric templates vector vectorial according to described second biological characteristic for described server generates the first Euclidean distance;
Receive described first Euclidean distance from described server;
Described first Euclidean distance is carried out homomorphic decryption process and obtains the second Euclidean distance;
Determine whether described second biological information mates with described first biological information according to described second Euclidean distance, whether successful with the certification that determines one's identity.
3. identity identifying method according to claim 2, it is characterised in that determine whether described second biological information mates with described first biological information according to described second Euclidean distance, whether successful with the certification that determines one's identity, specifically include:
Judge that whether described second Euclidean distance is less than or equal to predeterminable range; And
When judging described second Euclidean distance less than or equal to described predeterminable range, described second biological information is successful with described first biometric information matches, then authentication success;
When judging described second Euclidean distance more than described predeterminable range, described second biological information is failed with described first biometric information matches, then authentication failure.
4. identity identifying method according to any one of claim 1 to 3, it is characterised in that
Described first biological information and described second biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
5. an identity authorization system, for terminal, it is characterised in that including:
Acquisition module, for gathering the first biological information of pre-set user;
Encrypting module, for at least one first attribute information of described first biological information is represented in the form of vectors, and according to preset-key, at least one first attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the first biological characteristic vector;
First sending module, for sending described first biological characteristic vector to server, is stored as the first biometric templates for described server vectorial by described first biological characteristic vector.
6. identity authorization system according to claim 5, it is characterised in that
Described acquisition module is additionally operable to gather second biological information of active user;
Described encrypting module is additionally operable to represent at least one second attribute information of described second biological information in the form of vectors, and according to described preset-key, at least one second attribute information described in representing in the form of vectors is carried out homomorphic cryptography process, to generate the second biological characteristic vector;
Described first sending module is additionally operable to send to described server described second biological characteristic vector, and described first biometric templates vector vectorial according to described second biological characteristic for described server generates the first Euclidean distance; And
Described identity authorization system also includes:
First receiver module, for receiving described first Euclidean distance from described server;
Deciphering module, obtains the second Euclidean distance for described first Euclidean distance carries out homomorphic decryption process;
Judge module, for determining whether described second biological information mates with described first biological information according to described second Euclidean distance, whether successful with the certification that determines one's identity.
7. identity authorization system according to claim 6, it is characterised in that described judge module is specifically for judging that whether described second Euclidean distance is less than or equal to predeterminable range; And
When judging described second Euclidean distance less than or equal to described predeterminable range, described second biological information is successful with described first biometric information matches, then authentication success;
When judging described second Euclidean distance more than described predeterminable range, described second biological information is failed with described first biometric information matches, then authentication failure.
8. the identity authorization system according to any one of claim 5 to 7, it is characterised in that
Described first biological information and described second biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
9. an identity identifying method, for server, it is characterised in that including:
Receive the 3rd biological characteristic vector of self terminal;
Described 3rd biological characteristic vector is stored as described second biometric templates vector, wherein, described 3rd biological characteristic vector is that at least one the 3rd attribute information of the 3rd biological information of the described terminal pre-set user to collecting carries out homomorphic cryptography and processes and obtain.
10. identity identifying method according to claim 9, it is characterised in that also include:
Receiving the 4th biological characteristic vector from described terminal, wherein, described 4th biological characteristic vector is that at least one the 4th attribute information of the 4th biological information of the described terminal active user to collecting carries out homomorphic cryptography and processes and obtain;
The 3rd Euclidean distance is obtained with the second biometric templates vector according to described 4th biological characteristic vector;
Described 3rd Euclidean distance is sent to described terminal, determines whether described 4th biological information mates with described 3rd biological information for described terminal according to described 3rd Euclidean distance; And
Described 3rd biological information and described 4th biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
11. an identity authorization system, for server, it is characterised in that including:
Second receiver module, the 3rd biological characteristic vector for receiving self terminal;
Memory module, for the described 3rd biological characteristic vector being stored as described second biometric templates vector, wherein, described 3rd biological characteristic vector is that at least one the 3rd attribute information of the 3rd biological information of the described terminal pre-set user to collecting carries out homomorphic cryptography and processes and obtain.
12. identity authorization system according to claim 11, it is characterized in that, described second receiver module is additionally operable to receive the 4th biological characteristic vector from described terminal, wherein, described 4th biological characteristic vector is that at least one the 4th attribute information of the 4th biological information of the described terminal active user to collecting carries out homomorphic cryptography and processes and obtain; And
Described identity authorization system also includes:
Processing module, for obtaining the 3rd Euclidean distance according to described 4th biological characteristic vector with the second biometric templates vector;
According to described 3rd Euclidean distance, second sending module, for sending described 3rd Euclidean distance to described terminal, determines whether described 4th biological information mates with described 3rd biological information for described terminal; And described 3rd biological information and described 4th biological information at least include one below or its combination: information in fingerprint, iris image information and human face image information.
13. a terminal, it is characterised in that include the identity authorization system as described in any one of claim 5 to 8.
14. a server, it is characterised in that include the identity authorization system as described in claim 11 or 12.
CN201510439665.7A 2015-07-23 2015-07-23 Identity authentication method, identity authentication system, terminal and server Pending CN105635099A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201510439665.7A CN105635099A (en) 2015-07-23 2015-07-23 Identity authentication method, identity authentication system, terminal and server
PCT/CN2015/088472 WO2017012175A1 (en) 2015-07-23 2015-08-30 Identity authentication method, identity authentication system, terminal and server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510439665.7A CN105635099A (en) 2015-07-23 2015-07-23 Identity authentication method, identity authentication system, terminal and server

Publications (1)

Publication Number Publication Date
CN105635099A true CN105635099A (en) 2016-06-01

Family

ID=56049595

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510439665.7A Pending CN105635099A (en) 2015-07-23 2015-07-23 Identity authentication method, identity authentication system, terminal and server

Country Status (2)

Country Link
CN (1) CN105635099A (en)
WO (1) WO2017012175A1 (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106951865A (en) * 2017-03-21 2017-07-14 东莞理工学院 A kind of secret protection biometric discrimination method based on Hamming distances
CN107079034A (en) * 2016-11-15 2017-08-18 深圳达闼科技控股有限公司 A kind of identity authentication method, terminal device, certificate server and electronic equipment
CN107196918A (en) * 2017-04-27 2017-09-22 北京小米移动软件有限公司 A kind of method and apparatus of matched data
CN107919965A (en) * 2018-01-05 2018-04-17 杭州电子科技大学 A kind of biological characteristic sensitive information outsourcing identity identifying method based on homomorphic cryptography
WO2018133282A1 (en) * 2017-01-19 2018-07-26 华为技术有限公司 Dynamic recognition method and terminal device
CN108509874A (en) * 2018-03-16 2018-09-07 联想(北京)有限公司 A kind of data processing method and electronic equipment, computer storage media
CN108933655A (en) * 2018-07-12 2018-12-04 江苏慧学堂系统工程有限公司 A kind of computer network authentication system
CN109150538A (en) * 2018-07-16 2019-01-04 广州大学 A kind of fingerprint merges identity identifying method with vocal print
CN109145829A (en) * 2018-08-24 2019-01-04 中共中央办公厅电子科技学院 A kind of safe and efficient face identification method based on deep learning and homomorphic cryptography
CN109714148A (en) * 2018-12-13 2019-05-03 北京九州云腾科技有限公司 The method that remote multi-party certification is carried out to user identity
CN112084476A (en) * 2020-09-02 2020-12-15 支付宝(杭州)信息技术有限公司 Biological identification identity verification method, client, server, equipment and system
US11277258B1 (en) 2020-09-11 2022-03-15 Alipay (Hangzhou) Information Technology Co., Ltd. Privacy protection-based user recognition methods, apparatuses, and devices
CN115086014A (en) * 2022-06-13 2022-09-20 中国银行股份有限公司 Face comparison method and device

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112163542A (en) * 2020-10-12 2021-01-01 桂林电子科技大学 ElGamal encryption-based palm print privacy authentication method
WO2023228140A2 (en) * 2022-05-27 2023-11-30 Vaultavo Inc Digital custody
CN117201698B (en) * 2023-11-07 2024-01-12 北京隐算科技有限公司 Safe and efficient image recognition method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101984576A (en) * 2010-10-22 2011-03-09 北京工业大学 Method and system for authenticating anonymous identity based on face encryption
CN102664885A (en) * 2012-04-18 2012-09-12 南京邮电大学 Identity authentication method based on biological feature encryption and homomorphic algorithm
CN103731271A (en) * 2013-12-30 2014-04-16 北京工业大学 On-line face identity authentication method based on homomorphic encrypting and chaotic scrambling
US20140281567A1 (en) * 2013-03-15 2014-09-18 Mitsubishi Electric Research Laboratories, Inc. Method for Authenticating an Encryption of Biometric Data
CN104598835A (en) * 2014-12-29 2015-05-06 无锡清华信息科学与技术国家实验室物联网技术中心 Cloud-based real number vector distance calculation method for protecting privacy

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101984576A (en) * 2010-10-22 2011-03-09 北京工业大学 Method and system for authenticating anonymous identity based on face encryption
CN102664885A (en) * 2012-04-18 2012-09-12 南京邮电大学 Identity authentication method based on biological feature encryption and homomorphic algorithm
US20140281567A1 (en) * 2013-03-15 2014-09-18 Mitsubishi Electric Research Laboratories, Inc. Method for Authenticating an Encryption of Biometric Data
CN103731271A (en) * 2013-12-30 2014-04-16 北京工业大学 On-line face identity authentication method based on homomorphic encrypting and chaotic scrambling
CN104598835A (en) * 2014-12-29 2015-05-06 无锡清华信息科学与技术国家实验室物联网技术中心 Cloud-based real number vector distance calculation method for protecting privacy

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107079034B (en) * 2016-11-15 2020-07-28 深圳达闼科技控股有限公司 Identity authentication method, terminal equipment, authentication server and electronic equipment
CN107079034A (en) * 2016-11-15 2017-08-18 深圳达闼科技控股有限公司 A kind of identity authentication method, terminal device, certificate server and electronic equipment
WO2018133282A1 (en) * 2017-01-19 2018-07-26 华为技术有限公司 Dynamic recognition method and terminal device
CN108496170B (en) * 2017-01-19 2021-05-07 华为技术有限公司 Dynamic identification method and terminal equipment
CN108496170A (en) * 2017-01-19 2018-09-04 华为技术有限公司 A kind of method and terminal device of Dynamic Recognition
US11328044B2 (en) 2017-01-19 2022-05-10 Huawei Technologies Co., Ltd. Dynamic recognition method and terminal device
CN106951865A (en) * 2017-03-21 2017-07-14 东莞理工学院 A kind of secret protection biometric discrimination method based on Hamming distances
CN106951865B (en) * 2017-03-21 2020-04-07 东莞理工学院 Privacy protection biological identification method based on Hamming distance
CN107196918A (en) * 2017-04-27 2017-09-22 北京小米移动软件有限公司 A kind of method and apparatus of matched data
CN107196918B (en) * 2017-04-27 2020-10-30 北京小米移动软件有限公司 Data matching method and device
CN107919965A (en) * 2018-01-05 2018-04-17 杭州电子科技大学 A kind of biological characteristic sensitive information outsourcing identity identifying method based on homomorphic cryptography
CN107919965B (en) * 2018-01-05 2020-10-09 杭州电子科技大学 Biological characteristic sensitive information outsourcing identity authentication method based on homomorphic encryption
CN108509874A (en) * 2018-03-16 2018-09-07 联想(北京)有限公司 A kind of data processing method and electronic equipment, computer storage media
CN108933655A (en) * 2018-07-12 2018-12-04 江苏慧学堂系统工程有限公司 A kind of computer network authentication system
CN109150538A (en) * 2018-07-16 2019-01-04 广州大学 A kind of fingerprint merges identity identifying method with vocal print
CN109150538B (en) * 2018-07-16 2021-06-25 广州大学 Fingerprint and voiceprint fusion identity authentication method
CN109145829A (en) * 2018-08-24 2019-01-04 中共中央办公厅电子科技学院 A kind of safe and efficient face identification method based on deep learning and homomorphic cryptography
CN109714148A (en) * 2018-12-13 2019-05-03 北京九州云腾科技有限公司 The method that remote multi-party certification is carried out to user identity
CN109714148B (en) * 2018-12-13 2022-06-10 北京九州云腾科技有限公司 Method for remote multi-party authentication of user identity
CN112084476A (en) * 2020-09-02 2020-12-15 支付宝(杭州)信息技术有限公司 Biological identification identity verification method, client, server, equipment and system
US11277258B1 (en) 2020-09-11 2022-03-15 Alipay (Hangzhou) Information Technology Co., Ltd. Privacy protection-based user recognition methods, apparatuses, and devices
TWI767675B (en) * 2020-09-11 2022-06-11 大陸商支付寶(杭州)信息技術有限公司 User identification method, device and equipment under privacy protection
CN115086014A (en) * 2022-06-13 2022-09-20 中国银行股份有限公司 Face comparison method and device

Also Published As

Publication number Publication date
WO2017012175A1 (en) 2017-01-26

Similar Documents

Publication Publication Date Title
CN105635099A (en) Identity authentication method, identity authentication system, terminal and server
CN110414200B (en) Identity authentication method, identity authentication device, storage medium and computer equipment
CN111738238B (en) Face recognition method and device
US9621342B2 (en) System and method for hierarchical cryptographic key generation using biometric data
CN106612259B (en) Identity recognition, business processing and biological characteristic information processing method and equipment
US9218473B2 (en) Creation and authentication of biometric information
CN103324879A (en) System and method for identification verification on mobile terminal and based on face recognition and intelligent card
CN111095246B (en) Method and electronic device for authenticating user
CN104751154A (en) Fingerprint safe encryption method based on intelligent mobile information device
CN106936775A (en) A kind of authentication method and system based on fingerprint recognition
CN113114668A (en) Information transmission method, mobile terminal, storage medium and electronic equipment
CN112381000A (en) Face recognition method, device, equipment and storage medium based on federal learning
CN114996727A (en) Biological feature privacy encryption method and system based on palm print and palm vein recognition
CN109889532A (en) Internet of things equipment safety certification and cryptographic key negotiation method based on environmental context
CN110619228B (en) File decryption method, file encryption method, file management system and storage medium
US12019719B2 (en) Method and electronic device for authenticating a user
US20230108664A1 (en) Method for verifying liveness, and server using the same
CN114553528B (en) Internal and external network data safety transmission system and transmission method thereof
KR101750292B1 (en) Portable finger vein reader and biometric authentication method thereof
CN104601333A (en) Two-dimensional code remote authentication method based on man-machine features
CN107818263B (en) Electronic document processing method and device, and electronic document encryption method and device
CN109005158B (en) Authentication method of dynamic gesture authentication system based on fuzzy safe
KR102528040B1 (en) Kiosk and its control method
CN113079017B (en) Fingerprint real-name authentication method and system for electronic signature
KR102476270B1 (en) Wearalble device, authentication method thereof, and authentication method of authentication sever

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20160601

RJ01 Rejection of invention patent application after publication