CN108521418B - Identity authentication method and system fusing block chain and biological feature recognition - Google Patents
Identity authentication method and system fusing block chain and biological feature recognition Download PDFInfo
- Publication number
- CN108521418B CN108521418B CN201810298504.4A CN201810298504A CN108521418B CN 108521418 B CN108521418 B CN 108521418B CN 201810298504 A CN201810298504 A CN 201810298504A CN 108521418 B CN108521418 B CN 108521418B
- Authority
- CN
- China
- Prior art keywords
- biological characteristic
- information
- identity
- user
- biometric
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Collating Specific Patterns (AREA)
Abstract
The invention discloses an identity authentication method integrating block chains and biological feature recognition, which comprises the following steps: when the service request is responded, the identity information of the current user is obtained, and the identity of the current user is verified according to the identity information; obtaining the biological characteristic information to be verified of the current user after the identity verification is successful; acquiring a corresponding user identity hash value in a main chain of a block chain; extracting standard biological characteristic information corresponding to the biological characteristic information to be verified from a side chain of the block chain; matching the extracted standard biological characteristic information with biological characteristic information to be verified; and determining the result of the identity authentication according to the matching result of the standard biological characteristic information and the biological characteristic information to be verified. The invention also discloses an identity authentication system integrating the block chain and biological feature recognition. The invention fuses the block chain technology and the biological characteristic identification technology, improves the safety of the user identity verification process, and simultaneously ensures the data sharing and the tamper resistance of the biological characteristics in the block chain.
Description
Technical Field
The invention relates to the technical field of data information, in particular to an identity authentication method and system fusing block chains and biological feature recognition.
Background
Mobile operating systems are increasingly used for authentication, and besides traditional password authentication, biometric authentication methods such as fingerprint identification, iris identification and face identification are also available. The accuracy, convenience and confidentiality of identity authentication are important considerations in the existing identity recognition technology. But the biological characteristic information is complicated, different mechanisms independently store own biological characteristic identification databases, the existing centralized storage mode is easy to attack, the data storage structure is simple and easy to tamper, information is easy to leak in the biological authentication process of a user, the user information is easy to tamper, and the verification result is wrong.
Disclosure of Invention
The embodiment of the invention aims to provide an identity authentication method and system fusing a block chain and biological feature recognition, which can improve the safety of a user identity authentication process and the accuracy of a user identity authentication result.
In order to achieve the above object, an embodiment of the present invention provides an identity authentication method fusing a block chain and biometric feature recognition, including:
when a service request is responded, the identity information of the current user is obtained, and the identity of the current user is verified according to the identity information;
obtaining the biological characteristic information to be verified of the current user after the identity verification is successful;
acquiring a corresponding user identity hash value in a main chain of a block chain according to the identity information;
extracting standard biological characteristic information corresponding to the biological characteristic information to be verified from a side chain of the block chain according to the user identity hash value;
matching the extracted standard biological characteristic information with the biological characteristic information to be verified;
determining the result of identity authentication according to the matching result of the standard biological characteristic information and the biological characteristic information to be verified;
the main chain of the block chain comprises N blocks, wherein N is an integer and is more than or equal to 1; each block structure of a main chain of the block chain comprises a last block head hash value, a main chain block timestamp, a main chain block record number, a main chain block multiple digital signature, a main chain Merck tree and a user identity information record, wherein the user identity information record comprises a user identity number hash value, user identity information, an identity information timestamp, an identity information digital signature and a last user identity information record hash value;
wherein the side chain of the block chain comprises n blocks, n is an integer and is more than or equal to 1; each block structure of the side chain of the block chain comprises a last block head hash value, a side chain block timestamp, a side chain block record number, a side chain block multiple digital signature, a side chain Merck tree and a user biological characteristic record, wherein the user biological characteristic record comprises a user identity number hash value, a biological characteristic timestamp, a biological characteristic information type, biological characteristic information, a last biological characteristic information record hash value, a biological characteristic digital signature and an enrollment mechanism code.
As an improvement of the above scheme, the matching the extracted standard biometric information and the biometric information to be verified specifically includes:
extracting characteristic values of the biological characteristic information to be verified to generate corresponding first biological characteristic values;
extracting a characteristic value of the standard biological characteristic information to generate a corresponding second biological characteristic value;
comparing the first biometric value to the second biometric value;
and when the matching degree of the first biological characteristic value and the second biological characteristic value is greater than a preset biological characteristic preset value, judging that the extracted standard biological characteristic information is successfully matched with the biological characteristic information to be verified.
As an improvement of the above scheme, the obtaining of the biometric information to be verified of the current user after the identity verification is successful specifically includes:
after the identity verification is successful, acquiring a plurality of pieces of to-be-verified biological characteristic information of the current user, which is required by the strength of the service request;
then, the determining, according to the matching result of the standard biometric information and the biometric information to be verified, the result of the identity authentication specifically includes:
determining a matching intensity value with the standard biological characteristic information in all the obtained biological characteristic information to be verified of the current user;
and when the matching strength value is larger than a preset verification strength threshold value of the service request, judging that the identity authentication of the current user is successful.
As an improvement of the above scheme, the performing identity verification on the user according to the identity information includes:
acquiring acquired biological feature information to be matched of a current user;
extracting standard biological characteristic information corresponding to the biological characteristic information to be matched from a side chain of the block chain;
matching the biological characteristic information to be matched with the standard biological characteristic information;
after the matching is successful, extracting standard identity information corresponding to the standard biological characteristic information from the main chain according to the user identity hash value in the side chain;
and verifying the standard identity information with the identity information provided by the current user.
As an improvement of the above scheme, the identity authentication method for fusing the block chain and biometric feature recognition further includes:
after responding to the service request, acquiring an operation record of the current user;
performing data processing on the operation record to obtain processed operation data, and sending the processed operation data to a database for storage;
when a preset condition is reached, extracting the processed operation data from the database; the preset conditions comprise each service request response, preset time or preset service record number;
and performing data analysis on the processed operation data to obtain an operation record analysis report.
In order to achieve the above object, an embodiment of the present invention further provides an identity authentication system fusing a block chain and biometric feature recognition, including:
the identity information processing unit is used for acquiring the identity information of the current user when responding to the service request and carrying out identity verification on the current user according to the identity information;
the biometric characteristic obtaining unit is used for obtaining the biometric characteristic information to be verified of the current user after the identity verification is successful;
the user identity hash value acquisition unit is used for acquiring a corresponding user identity hash value in a main chain of the block chain according to the identity information;
the biological characteristic extraction unit is used for extracting standard biological characteristic information corresponding to the biological characteristic information to be verified from a side chain of the block chain according to the user identity hash value;
the biological characteristic matching unit is used for matching the extracted standard biological characteristic information with the biological characteristic information to be verified;
the identity authentication result unit is used for determining the result of identity authentication according to the matching result of the standard biological characteristic information and the biological characteristic information to be verified;
the main chain of the block chain comprises N blocks, wherein N is an integer and is more than or equal to 1; each block structure of a main chain of the block chain comprises a last block head hash value, a main chain block timestamp, a main chain block record number, a main chain block multiple digital signature, a main chain Merck tree and a user identity information record, wherein the user identity information record comprises a user identity number hash value, user identity information, an identity information timestamp, an identity information digital signature and a last user identity information record hash value;
wherein the side chain of the block chain comprises n blocks, n is an integer and is more than or equal to 1; each block structure of the side chain of the block chain comprises a last block head hash value, a side chain block timestamp, a side chain block record number, a side chain block multiple digital signature, a side chain Merck tree and a user biological characteristic record, wherein the user biological characteristic record comprises a user identity number hash value, a biological characteristic timestamp, a biological characteristic information type, biological characteristic information, a last biological characteristic information record hash value, a biological characteristic digital signature and an enrollment mechanism code.
As an improvement of the above, the biometric matching unit includes:
the first biological characteristic value generating module is used for extracting the characteristic value of the biological characteristic information to be verified to generate a corresponding first biological characteristic value;
the second biological characteristic value generating module is used for extracting the characteristic value of the standard biological characteristic information to generate a corresponding second biological characteristic value;
and the biometric value matching module is used for comparing the first biometric value with the second biometric value, and when the matching degree of the first biometric value and the second biometric value is greater than a preset biometric value, judging that the extracted standard biometric information is successfully matched with the biometric information to be verified.
As an improvement of the above scheme, the biometric obtaining unit is specifically configured to obtain, after the identity verification is successful, a plurality of pieces of biometric information to be verified of the current user, which is required by the strength of the service request;
the identity authentication result unit is further configured to determine a matching strength value between the acquired all to-be-authenticated biometric information of the current user and the standard biometric information, and determine that the identity authentication of the current user is successful when the matching strength value is greater than a preset authentication strength threshold of the service request.
As an improvement of the above scheme, the biometric acquiring unit is further configured to acquire acquired biometric information of the current user to be matched; the biological feature extraction unit is further used for extracting standard biological feature information corresponding to the biological feature information to be matched from a side chain of the block chain;
the identity information processing unit specifically comprises:
the identity information acquisition module is used for acquiring the identity information of the user when responding to the service request;
the identity verification module is used for matching the biological characteristic information to be matched with the standard biological characteristic information; after the matching is successful, extracting standard identity information corresponding to the standard biological characteristic information from the main chain according to the user identity hash value in the side chain; and verifying the standard identity information with the identity information provided by the current user.
As an improvement of the above scheme, the identity authentication system with fusion block chain and biometric feature recognition further includes an operation record processing unit, and the operation record processing unit includes:
the operation record acquisition module is used for acquiring the operation record of the current user after responding to the service request;
the data processing module is used for carrying out data processing on the operation records to obtain processed operation data and sending the processed operation data to a database for storage;
the operation record extraction module is used for extracting the processed operation data from the database when a preset condition is reached; the preset conditions comprise each service request response, preset time or preset service record number;
and the analysis report generation module is used for carrying out data analysis on the processed operation data to obtain an operation record analysis report.
Compared with the prior art, the method and the system have the advantages that the biological characteristic information of the user is identified, the biological characteristic information collected by each biological characteristic identification terminal is processed and then sent to the background, the corresponding information of the user is inquired in the block chain and compared with the identification information, and whether the identity authentication of the user is passed or not is verified according to the comparison result. The identity authentication method and system fusing the block chain and biological feature recognition provided by the invention have the following beneficial effects:
(1) the user biological characteristic information is encrypted between the verification station and the block chain, and useful information cannot be obtained even if the user biological characteristic information is illegally obtained, the separation of the user basic information and the biological characteristic information is realized through the structure between the main chain and the side chain, the identification terminal of the user identity is isolated from actual data, only the processed result is contacted, a verifier cannot obtain the user biological characteristic information, and the adverse effect of single-chain leakage is controlled.
(2) Each verification station can independently verify, information can be conveniently and quickly inquired in the block chain, and meanwhile, the existing biological feature recognition is quite mature, simple and feasible.
(3) Information in the block chain is maintained by a plurality of trust mechanisms together, so that the reliability of the information is ensured.
Drawings
FIG. 1 is a flowchart illustrating an identity authentication method for merging blockchains and biometric identification according to an embodiment;
FIG. 2 is a schematic diagram showing the relationship between the main chain and the side chain in the first embodiment;
FIG. 3 is a block structure of a main chain according to an embodiment;
FIG. 4 is a block structure of a side chain in accordance with an embodiment;
FIG. 5 is a flowchart illustrating step S5 according to one embodiment;
FIG. 6 is a flow diagram of identity authentication in one embodiment;
FIG. 7 is a flowchart of identity verification in accordance with one embodiment;
FIG. 8 is a flowchart of steps S101 to S104 according to the first embodiment;
fig. 9 is a block diagram illustrating an identity authentication system 100 with a block chain and biometric identification according to the second embodiment;
fig. 10 is a block diagram showing the configuration of the biometric matching unit 5 according to the second embodiment;
FIG. 11 is a block diagram showing the configuration of an identity information processing unit 1 according to the second embodiment;
fig. 12 is a block diagram of the operation record processing unit 7 in the second embodiment.
Detailed Description
Referring to fig. 1, an identity authentication method for fusing a block chain and biometric identification is provided in this embodiment, and includes:
s1, when responding to the service request, acquiring the identity information of the current user, and carrying out identity verification on the current user according to the identity information;
s2, obtaining the biological feature information to be verified of the current user after the identity verification is successful;
s3, acquiring a corresponding user identity hash value in a main chain of the block chain according to the identity information;
s4, extracting standard biological characteristic information corresponding to the biological characteristic information to be verified from the side chain of the block chain according to the user identity hash value;
s5, matching the extracted standard biological characteristic information with biological characteristic information to be verified;
s6, determining the result of identity authentication according to the matching result of the standard biological characteristic information and the biological characteristic information to be verified; specifically, when the matching of the standard biometric information and the biometric information to be verified is unsuccessful, it is determined that the identity authentication has failed.
Referring to the relationship between the main chain and the side chain in fig. 2, the main chain of the block chain stores the identity information of each user and the user identity hash value to which each identity information is correspondingly bound, and the side chain of the block chain stores the standard biometric information of each user and the user identity hash value to which each standard biometric information is correspondingly bound. The main side chain architecture has the advantages that codes and data are independent, the side chain has an independent block chain, the burden of the main chain is not increased, data over-expansion is avoided, and the main side chain architecture is actually a natural fragmentation mechanism. The main chain and the side chain realize the separation of the basic information and the biological characteristic information of the user and control the adverse effect of single-chain leakage.
The user identity hash value is generated according to the identity information, and preferably, the user identity hash value is generated through a hash value generation verification tool.
The embodiment is suitable for the authentication institution to perform identity authentication on the user needing to transact business, including banks, schools or government departments.
The identity information in step S1 may include a user number, a user password, a name, a user avatar, or certificate information, such as identity card information. Preferably, the certification authority may verify the identity of the user manually based on the identification card information provided by the user. Preferably, the certification authority can also verify the identity of the user through a machine verification mode, and the user can input identity information such as a user number and a user password at the current machine, so that the identity of the user can be verified through a background. Preferably, the service authority of the user can be determined after the user identity is verified.
In step S2, after the authentication mechanism confirms that the identity information of the current user is correct, biometric information to be verified of the user is obtained, where the biometric information to be verified includes iris features, finger vein features, fingerprint features, or face features.
In particular, all main and side chain transaction records in the blockchain exist as transaction formations. The latest transaction of each user is called an effective transaction, the combination of all effective transactions is called an effective transaction set, each node in a block chain is generally stored in a database in a memory, different main chains and side chains maintain different effective transaction sets, and the speed of data query can be increased. And inquiring the effective transaction set of the main chain through the user identity information and acquiring the corresponding latest transaction, thereby extracting the user identity hash value corresponding to the identity information from the main chain.
In step S4, the standard biometric information corresponds to the identity information, and the authentication mechanism queries the valid transaction set of the side chain according to the user identity hash value and extracts the standard biometric information corresponding to the user identity hash value. If the biometric information to be verified is right-eye iris information, the standard biometric information extracted from the side chain is the right-eye iris information which is collected and stored in the side chain by the authentication mechanism before the user.
Preferably, in step S5, the similarity between the standard biometric information and the biometric information to be verified is measured by using a corresponding matching algorithm.
Referring to FIG. 3, the main chain includes N blocks, N is an integer and N ≧ 1, and each block structure of the main chain includes:
the last block head hash value A is obtained by calculation according to the content of the last block, the last block can be prevented from being tampered, and the chain structure of the block chain is linked through the hash value of each block containing the last block head;
a main chain block timestamp B, a timestamp generated by the current block;
the main chain block record number C refers to the number of user identity information records contained in the current block;
a main chain block multiple digital signature D, which determines whether the block is valid;
the main chain of the Mercker tree E is used for inducing all transactions in a block and provides an effective way for checking whether a certain transaction exists in the block;
and the user identity information record F comprises a user identity number hash value, user identity information, an identity information timestamp, an identity information digital signature and a previous user identity information record hash value.
Referring to FIG. 4, the side chain includes n blocks, n is an integer and n ≧ 1, and each block of the side chain has a structure including:
the last block head hash value a is calculated according to the content of the last block, so that the last block is prevented from being tampered;
a side-chain block timestamp b, a timestamp generated by the current block;
the side-chain block record number c refers to the number of user biological characteristic records contained in the current block;
determining whether the block is valid or not by using the side-chain block multiple digital signature d;
the side chain Merck tree e is used for inducing all transactions in a block and provides an effective way for checking whether a certain transaction exists in the block;
and the user biological characteristic record f comprises a user identity number hash value, a biological characteristic timestamp, a biological characteristic information type, biological characteristic information, a last biological characteristic information record hash value, a biological characteristic digital signature and an enrollment mechanism code.
Referring to fig. 5, the step S5 of the certification authority matching the standard biometric information and the biometric information to be verified by checking the similarity includes:
s51, extracting characteristic values of the biological characteristic information to be verified to generate corresponding first biological characteristic values;
s52, extracting the characteristic value of the standard biological characteristic information to generate a corresponding second biological characteristic value;
s53, comparing the first biological characteristic value with the second biological characteristic value;
and S54, when the matching degree of the first biological characteristic value and the second biological characteristic value is larger than a preset biological characteristic preset value, judging that the extracted standard biological characteristic information is successfully matched with the biological characteristic information to be verified, and otherwise, judging that the extracted standard biological characteristic information is not successfully matched with the biological characteristic information to be verified.
Step S2 specifically includes: after the identity verification is successful, acquiring a plurality of pieces of biological characteristic information to be verified of the current user, which is required by the strength of the service request; then, step S6 includes: determining the matching intensity value with the standard biological characteristic information in all the obtained biological characteristic information to be verified of the current user; and when the matching strength value is larger than a preset verification strength threshold value of the service request, judging that the identity authentication of the current user is successful.
Specifically, the authentication mechanism sets a verification strength threshold according to the service request of the user so as to perform multiple identity verifications according to the biological characteristics of the user, and each biological characteristic of the user has a strength value, for example, the strength value of a fingerprint is 0.5. If the certification authority is a bank, when balance inquiry is carried out, the verification intensity threshold is set to be common intensity, such as 0.5; when a small transfer transaction is conducted, the verification strength threshold is set to a medium strength, such as 1; when a large transfer transaction is conducted, the verification intensity threshold is set to a high level intensity m, such as m > 1. The multiple identity authentication protects the access of the user to data and application programs, and the safety is high.
Step S2 is that the biological characteristic information of the current user is obtained according to the intensity of the user' S service request, if the transfer transaction is small, two items of biological characteristic information to be verified of the user are obtained, such as right-eye iris information and left-hand thumb fingerprint information, and step S4 is that corresponding standard right-eye iris information and standard left-hand thumb fingerprint information are extracted from the side chain; step S5 calculates a first matching strength value of the right-eye iris information and the standard right-eye iris information, and a second matching strength value of the left-hand thumb fingerprint information and the standard left-hand thumb fingerprint information, and when the sum of the first matching strength value and the second matching strength value is greater than the medium strength, it is determined that the identity authentication is successful. When the sum of the first matching intensity value and the second matching intensity value is smaller than the medium intensity, a biometric information of the user, such as the left iris information, is collected, and the steps S2 to S5 are referred to in the specific process from the collection to the calculation of the matching degree of the left iris information. Until the sum of the matching intensity values of all the collected biometric information is greater than the medium intensity, it is determined that the identity authentication is successful, and a specific identity authentication process may refer to fig. 6.
The main chains and the side chains are mutually dependent and cooperate with each other to realize the identity authentication work of the user. And the identity authentication with different strengths is met under the matching of the identity authentication strength adapter.
Referring to fig. 7, the identity check of step S1 includes:
s11, acquiring the collected biological feature information to be matched of the current user,
s12, extracting standard biological characteristic information corresponding to the biological characteristic information to be matched from the side chain of the block chain;
s13, matching the biological characteristic information to be matched with the standard biological characteristic information, and specifically judging whether the matching is successful or not by judging the similarity between the biological characteristic information to be matched and the standard biological characteristic information;
s14, extracting standard identity information corresponding to the standard biological characteristic information from the main chain according to the user identity Hash value in the side chain after matching is successful;
and S15, verifying the standard identity information with the identity information provided by the current user, specifically, verifying the standard identity information extracted from the main chain with the identity information provided by the current user, wherein if the verification is successful, the identity verification is successful.
Referring to fig. 8, the present embodiment further includes:
s101, after responding to a service request, acquiring an operation record of a current user;
s102, performing data processing on the operation records to obtain processed operation data, and sending the processed operation data to a database for storage;
s103, extracting the processed operation data from the database when a preset condition is reached; the preset conditions comprise each service request response, preset time or preset service record number;
and S104, performing data analysis on the processed operation data to obtain an operation record analysis report.
Specifically, the operation record in step 101 includes operation information such as operator name, operation time, service type, authentication information type, and authentication success rate. The data processing in step S102 includes classifying information and filtering invalid messages, and the processed operation record is stored as an XML (extensible markup language) file.
In step S103, the certification authority extracts the user operation record each time the user transacts the service, or extracts the user operation record within a period of time (for example, one year), or extracts the user operation record after the user transacts the service for a certain number of times. In step S104, the certification authority may obtain information such as the consumption time and consumption habit of the user from the analysis report, so that the enterprise can conveniently make a corresponding product policy based on the information.
The method and the device solve the problems that the user information is falsified and the verification result is wrong due to the fact that the biological characteristic information of the user is easily leaked in the process of carrying out biological authentication on the user, and improve the safety of the user identity verification process and the accuracy of the verification result.
Referring to fig. 9, the second embodiment provides an identity authentication system 100 for fusing block chains and biometric identification, which includes:
the identity information processing unit 1 is used for acquiring the identity information of the current user when responding to the service request and verifying the identity of the current user according to the identity information;
the biological characteristic obtaining unit 2 is used for obtaining the biological characteristic information to be verified of the current user after the identity verification is successful;
the user identity hash value acquisition unit 3 is used for acquiring a corresponding user identity hash value in a main chain of the block chain according to the identity information;
the biological characteristic extraction unit 4 is used for extracting standard biological characteristic information corresponding to the biological characteristic information to be verified from a side chain of the block chain according to the user identity hash value;
the biological characteristic matching unit 5 is used for matching the extracted standard biological characteristic information with biological characteristic information to be verified;
the identity authentication result unit 6 is used for determining the result of identity authentication according to the matching result of the standard biological characteristic information and the biological characteristic information to be verified;
the main chain of the block chain stores the identity information of each user and the user identity hash value correspondingly bound with the identity information, and the side chain of the block chain stores the standard biological characteristic information of each user and the user identity hash value correspondingly bound with the standard biological characteristic information.
For the specific functions of each unit, refer to the processes of steps S1-S6 in the first embodiment, which are not described herein again.
Referring to fig. 10, the biometric matching unit 5 includes:
the first biometric characteristic value generating module 51 is configured to perform characteristic value extraction on biometric characteristic information to be verified, and generate a corresponding first biometric characteristic value;
the second biological characteristic value generating module 52 is configured to perform characteristic value extraction on the standard biological characteristic information to generate a corresponding second biological characteristic value;
and the biometric value matching module 53 is configured to compare the first biometric value with the second biometric value, and when a matching degree of the first biometric value and the second biometric value is greater than a preset biometric value, determine that the extracted standard biometric information is successfully matched with the biometric information to be verified.
For the specific functions of each module, refer to the processes of steps S51-S54 in the first embodiment, which are not described herein again.
Preferably, the biometric acquisition unit 2 includes:
after the identity verification is successful, acquiring a plurality of pieces of biological characteristic information to be verified of the current user, which is required by the strength of the service request; the identity authentication result unit 6 includes: determining the matching intensity value with the standard biological characteristic information in all the obtained biological characteristic information to be verified of the current user; and when the matching strength value is larger than a preset verification strength threshold value of the service request, judging that the identity authentication is successful.
Referring to fig. 11, the identity information processing unit 1 includes:
an identity information obtaining module 11, configured to obtain identity information of a user when responding to a service request;
the identity verification module 12 is used for matching the biological characteristic information to be matched with the standard biological characteristic information; after matching is successful, extracting standard identity information corresponding to the standard biological characteristic information from the main chain according to the user identity Hash value in the side chain; and verifying the standard identity information with the identity information provided by the current user.
Then, the biometric feature obtaining unit 2 is further configured to obtain the collected biometric feature information to be matched of the current user; the biological feature extraction unit 4 is further configured to extract standard biological feature information corresponding to the biological feature information to be matched from a side chain of the blockchain according to the biological feature information to be matched.
The functions of the identity information processing unit 1 refer to the working processes of steps S11-S15 in the first embodiment, and are not described herein again.
Preferably, the identity authentication system 100 with fused block chains and biometric features further includes an operation record processing unit 7, referring to fig. 12, where the operation record processing unit 7 includes:
an operation record obtaining module 71, configured to obtain an operation record of a current user after responding to the service request;
the data processing module 72 is configured to perform data processing on the operation record to obtain processed operation data, and send the processed operation data to the database for storage;
an operation record extracting module 73, configured to extract the processed operation data from the database when a preset condition is reached; the preset conditions comprise each service request response, preset time or preset service record number;
and the analysis report generating module 74 is configured to perform data analysis on the processed operation data to obtain an operation record analysis report.
The function of the operation record processing unit 7 refers to the working process of steps S101 to S104 in the first embodiment, and is not described herein again.
The embodiment improves the safety of the user identity authentication process and the accuracy of the authentication result.
Claims (10)
1. An identity authentication method fusing block chains and biological feature recognition is characterized by comprising the following steps:
when a service request is responded, the identity information of the current user is obtained, and the identity of the current user is verified according to the identity information;
obtaining the biological characteristic information to be verified of the current user after the identity verification is successful;
acquiring a corresponding user identity hash value in a main chain of a block chain according to the identity information;
extracting standard biological characteristic information corresponding to the biological characteristic information to be verified from a side chain of the block chain according to the user identity hash value;
matching the extracted standard biological characteristic information with the biological characteristic information to be verified;
determining the result of identity authentication according to the matching result of the standard biological characteristic information and the biological characteristic information to be verified;
the main chain of the block chain comprises N blocks, wherein N is an integer and is more than or equal to 1; each block structure of a main chain of the block chain comprises a last block head hash value, a main chain block timestamp, a main chain block record number, a main chain block multiple digital signature, a main chain Merck tree and a user identity information record, wherein the user identity information record comprises a user identity number hash value, user identity information, an identity information timestamp, an identity information digital signature and a last user identity information record hash value;
wherein the side chain of the block chain comprises n blocks, n is an integer and is more than or equal to 1; each block structure of the side chain of the block chain comprises a last block head hash value, a side chain block timestamp, a side chain block record number, a side chain block multiple digital signature, a side chain Merck tree and a user biological characteristic record, wherein the user biological characteristic record comprises a user identity number hash value, a biological characteristic timestamp, a biological characteristic information type, biological characteristic information, a last biological characteristic information record hash value, a biological characteristic digital signature and an enrollment mechanism code.
2. The identity authentication method based on fusion of blockchains and biometric identification according to claim 1, wherein the matching of the extracted standard biometric information and the biometric information to be verified specifically comprises:
extracting characteristic values of the biological characteristic information to be verified to generate corresponding first biological characteristic values;
extracting a characteristic value of the standard biological characteristic information to generate a corresponding second biological characteristic value;
comparing the first biometric value to the second biometric value;
and when the matching degree of the first biological characteristic value and the second biological characteristic value is greater than a preset biological characteristic preset value, judging that the extracted standard biological characteristic information is successfully matched with the biological characteristic information to be verified.
3. The identity authentication method fusing block chaining and biometric identification according to claim 1, wherein the obtaining of the biometric information to be verified of the current user after the identity verification is successful specifically comprises:
after the identity verification is successful, acquiring a plurality of pieces of to-be-verified biological characteristic information of the current user, which is required by the strength of the service request;
then, the determining, according to the matching result of the standard biometric information and the biometric information to be verified, the result of the identity authentication specifically includes:
determining a matching intensity value with the standard biological characteristic information in all the obtained biological characteristic information to be verified of the current user;
and when the matching strength value is larger than a preset verification strength threshold value of the service request, judging that the identity authentication of the current user is successful.
4. The method for identity authentication with fusion of blockchain and biometric identification according to claim 1, wherein the identity verification of the user according to the identity information comprises:
acquiring acquired biological feature information to be matched of a current user;
extracting standard biological characteristic information corresponding to the biological characteristic information to be matched from a side chain of the block chain;
matching the biological characteristic information to be matched with the standard biological characteristic information;
after the matching is successful, extracting standard identity information corresponding to the standard biological characteristic information from the main chain according to the user identity hash value in the side chain;
and verifying the standard identity information with the identity information provided by the current user.
5. The method of identity authentication fusing blockchain and biometric identification according to claim 1, further comprising:
after responding to the service request, acquiring an operation record of the current user;
performing data processing on the operation record to obtain processed operation data, and sending the processed operation data to a database for storage;
when a preset condition is reached, extracting the processed operation data from the database; the preset conditions comprise each service request response, preset time or preset service record number;
and performing data analysis on the processed operation data to obtain an operation record analysis report.
6. An identity authentication system fusing block chains and biometric identification, comprising:
the identity information processing unit is used for acquiring the identity information of the current user when responding to the service request and carrying out identity verification on the current user according to the identity information;
the biometric characteristic obtaining unit is used for obtaining the biometric characteristic information to be verified of the current user after the identity verification is successful;
the user identity hash value acquisition unit is used for acquiring a corresponding user identity hash value in a main chain of the block chain according to the identity information;
the biological characteristic extraction unit is used for extracting standard biological characteristic information corresponding to the biological characteristic information to be verified from a side chain of the block chain according to the user identity hash value;
the biological characteristic matching unit is used for matching the extracted standard biological characteristic information with the biological characteristic information to be verified;
the identity authentication result unit is used for determining the result of identity authentication according to the matching result of the standard biological characteristic information and the biological characteristic information to be verified;
the main chain of the block chain comprises N blocks, wherein N is an integer and is more than or equal to 1; each block structure of a main chain of the block chain comprises a last block head hash value, a main chain block timestamp, a main chain block record number, a main chain block multiple digital signature, a main chain Merck tree and a user identity information record, wherein the user identity information record comprises a user identity number hash value, user identity information, an identity information timestamp, an identity information digital signature and a last user identity information record hash value;
wherein the side chain of the block chain comprises n blocks, n is an integer and is more than or equal to 1; each block structure of the side chain of the block chain comprises a last block head hash value, a side chain block timestamp, a side chain block record number, a side chain block multiple digital signature, a side chain Merck tree and a user biological characteristic record, wherein the user biological characteristic record comprises a user identity number hash value, a biological characteristic timestamp, a biological characteristic information type, biological characteristic information, a last biological characteristic information record hash value, a biological characteristic digital signature and an enrollment mechanism code.
7. The system of claim 6, wherein the biometric matching unit comprises:
the first biological characteristic value generating module is used for extracting the characteristic value of the biological characteristic information to be verified to generate a corresponding first biological characteristic value;
the second biological characteristic value generating module is used for extracting the characteristic value of the standard biological characteristic information to generate a corresponding second biological characteristic value;
and the biometric value matching module is used for comparing the first biometric value with the second biometric value, and when the matching degree of the first biometric value and the second biometric value is greater than a preset biometric value, judging that the extracted standard biometric information is successfully matched with the biometric information to be verified.
8. The system for fusing identity authentication of blockchain and biometric identification according to claim 6, wherein the biometric obtaining unit is specifically configured to obtain a plurality of biometric information to be verified of the current user required by the strength of the service request after the identity verification is successful;
the identity authentication result unit is further configured to determine a matching strength value between the acquired all to-be-authenticated biometric information of the current user and the standard biometric information, and determine that the identity authentication of the current user is successful when the matching strength value is greater than a preset authentication strength threshold of the service request.
9. The system for fusing identity authentication of blockchain and biometric identification according to claim 6, wherein the biometric obtaining unit is further configured to obtain the collected biometric information of the current user to be matched; the biological feature extraction unit is further used for extracting standard biological feature information corresponding to the biological feature information to be matched from a side chain of the block chain;
the identity information processing unit specifically comprises:
the identity information acquisition module is used for acquiring the identity information of the user when responding to the service request;
the identity verification module is used for matching the biological characteristic information to be matched with the standard biological characteristic information; after the matching is successful, extracting standard identity information corresponding to the standard biological characteristic information from the main chain according to the user identity hash value in the side chain; and verifying the standard identity information with the identity information provided by the current user.
10. The system for identity authentication with fused blockchain and biometric identification according to claim 6, further comprising an operation record processing unit; wherein the operation record processing unit includes:
the operation record acquisition module is used for acquiring the operation record of the current user after responding to the service request;
the data processing module is used for carrying out data processing on the operation records to obtain processed operation data and sending the processed operation data to a database for storage;
the operation record extraction module is used for extracting the processed operation data from the database when a preset condition is reached; the preset conditions comprise each service request response, preset time or preset service record number;
and the analysis report generation module is used for carrying out data analysis on the processed operation data to obtain an operation record analysis report.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810298504.4A CN108521418B (en) | 2018-04-04 | 2018-04-04 | Identity authentication method and system fusing block chain and biological feature recognition |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810298504.4A CN108521418B (en) | 2018-04-04 | 2018-04-04 | Identity authentication method and system fusing block chain and biological feature recognition |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108521418A CN108521418A (en) | 2018-09-11 |
| CN108521418B true CN108521418B (en) | 2020-08-18 |
Family
ID=63431875
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810298504.4A Active CN108521418B (en) | 2018-04-04 | 2018-04-04 | Identity authentication method and system fusing block chain and biological feature recognition |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108521418B (en) |
Families Citing this family (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109039655A (en) * | 2018-09-13 | 2018-12-18 | 全链通有限公司 | Real name identity identifying method and device, identity block chain based on block chain |
| CN109299192A (en) * | 2018-09-19 | 2019-02-01 | 广州善康生物科技有限公司 | A kind of anti-cheating biological characteristic record system and method based on block chain technology |
| CN109447604A (en) * | 2018-10-19 | 2019-03-08 | 华侨大学 | A kind of block chain payment system that security performance is high |
| CN109359601A (en) * | 2018-10-19 | 2019-02-19 | 平安科技(深圳)有限公司 | Authentication recognition methods, electronic device and computer readable storage medium |
| CN109344160A (en) * | 2018-10-31 | 2019-02-15 | 国网电子商务有限公司 | A kind of photovoltaic poverty alleviation user identification method and identifying system |
| CN109788348A (en) * | 2018-12-05 | 2019-05-21 | 安徽站乾科技有限公司 | A kind of anti-intrusion method based on Intelligent set top box |
| CN109547462A (en) * | 2018-12-14 | 2019-03-29 | 深圳壹账通智能科技有限公司 | A kind of intelligent logging-on authentication method and relevant device based on block chain |
| DE102018010027A1 (en) * | 2018-12-19 | 2020-06-25 | Daimler Ag | Settlement system |
| CN110059552A (en) * | 2019-03-12 | 2019-07-26 | 上海大学 | A kind of identity identifying method of block chain in conjunction with biological characteristic |
| CN109948320B (en) * | 2019-03-22 | 2021-08-10 | 泰康保险集团股份有限公司 | Block chain-based identity recognition management method, device, medium and electronic equipment |
| CN109995780A (en) * | 2019-03-29 | 2019-07-09 | 华中师范大学 | Education services transaction agent personal identification method and system based on block chain |
| CN110083071B (en) * | 2019-04-28 | 2022-12-06 | 泰康保险集团股份有限公司 | Intelligent building implementation method, device, medium and electronic equipment |
| CN110120953B (en) * | 2019-05-20 | 2021-09-07 | 大连交通大学 | Railway passenger identity authentication system facing smart phone client |
| CN110278255B (en) * | 2019-06-13 | 2021-10-15 | 深圳前海微众银行股份有限公司 | Method and device for communication between IOT (Internet of things) devices based on block chain |
| CN110334681B (en) * | 2019-07-12 | 2020-12-01 | 蚌埠科睿达机械设计有限公司 | Finger vein identity recognition method and system based on block chain |
| CN110519297B (en) * | 2019-09-17 | 2021-06-15 | 腾讯科技(深圳)有限公司 | Data processing method and device based on block chain private key |
| US11328080B2 (en) | 2019-11-18 | 2022-05-10 | Frostbyte, Llc | Cryptographic key management |
| CN111669377B (en) * | 2020-05-27 | 2023-02-03 | 国家广播电视总局广播电视规划院 | Safety control method for block chain chaining information |
| CN112287393A (en) * | 2020-11-24 | 2021-01-29 | 国网新疆电力有限公司信息通信公司 | Credible identity authentication method and device based on Internet of things and block chain |
| CN112785766B (en) * | 2020-12-30 | 2022-07-19 | 广东赛诺科技股份有限公司 | Access control permission distribution authorization method based on block chain |
| CN112784877A (en) * | 2020-12-30 | 2021-05-11 | 杭州趣链科技有限公司 | Large-scale image template matching method and device based on block chain |
| CN112991042A (en) * | 2021-02-26 | 2021-06-18 | 中国工商银行股份有限公司 | Block chain-based identity authentication method, device, system and medium |
| CN113516807A (en) * | 2021-05-18 | 2021-10-19 | 深圳市亲邻科技有限公司 | Access control management method and device based on block chain and access control equipment |
| CN113191902A (en) * | 2021-05-24 | 2021-07-30 | 中国工商银行股份有限公司 | Transaction processing method and device based on block chain, electronic equipment and medium |
| CN115022030B (en) * | 2022-05-31 | 2024-04-19 | 中国银行股份有限公司 | Bank business handling request processing method and device based on blockchain |
| CN115037483B (en) * | 2022-06-20 | 2024-04-09 | 中国联合网络通信集团有限公司 | Authentication method and device based on biological characteristics in blockchain |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101216958A (en) * | 2007-01-04 | 2008-07-09 | 财团法人车辆研究测试中心 | Vehicle duplexing authentication starting method and device integrated with biological identification technology |
| CN104881667A (en) * | 2014-02-28 | 2015-09-02 | 阿里巴巴集团控股有限公司 | Characteristic information extraction method and apparatus |
| AU2016101183A4 (en) * | 2016-07-20 | 2016-09-22 | Platform Secured Pty Ltd | Network System Innovation Method using blockchain identity based single and multi facial, voice and other bio recognition encryption protocols from existing binary packets to blockchain blocks where the actual member/ user in the blockchain becomes the fully encrypted and shielded block |
| CN107480559A (en) * | 2017-08-25 | 2017-12-15 | 北京中星仝创科技有限公司 | Safe storage system and method for a kind of block chain from chain data |
| CN107846282A (en) * | 2017-11-03 | 2018-03-27 | 法信公证云(厦门)科技有限公司 | A kind of electronic data distribution keeping method and system based on block chain technology |
-
2018
- 2018-04-04 CN CN201810298504.4A patent/CN108521418B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101216958A (en) * | 2007-01-04 | 2008-07-09 | 财团法人车辆研究测试中心 | Vehicle duplexing authentication starting method and device integrated with biological identification technology |
| CN104881667A (en) * | 2014-02-28 | 2015-09-02 | 阿里巴巴集团控股有限公司 | Characteristic information extraction method and apparatus |
| AU2016101183A4 (en) * | 2016-07-20 | 2016-09-22 | Platform Secured Pty Ltd | Network System Innovation Method using blockchain identity based single and multi facial, voice and other bio recognition encryption protocols from existing binary packets to blockchain blocks where the actual member/ user in the blockchain becomes the fully encrypted and shielded block |
| CN107480559A (en) * | 2017-08-25 | 2017-12-15 | 北京中星仝创科技有限公司 | Safe storage system and method for a kind of block chain from chain data |
| CN107846282A (en) * | 2017-11-03 | 2018-03-27 | 法信公证云(厦门)科技有限公司 | A kind of electronic data distribution keeping method and system based on block chain technology |
Non-Patent Citations (1)
| Title |
|---|
| 分布式账本技术研究进展综述;姚前;《武汉金融》;20180331;第4-9页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108521418A (en) | 2018-09-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108521418B (en) | Identity authentication method and system fusing block chain and biological feature recognition | |
| TWI707244B (en) | Block chain cross-chain authentication method, system, server and readable storage medium | |
| US20200252203A1 (en) | Biometric verification of a blockchain database transaction contributor | |
| CN108650231B (en) | Block chain-based biological feature acquisition method and system | |
| EP3236630B1 (en) | Apparatus authentication method and device | |
| US20160330035A1 (en) | User Identification Management System and Method | |
| CN111415163B (en) | Block chain-based service processing and verifying method, system and verifying node | |
| IL270824B2 (en) | Distributed ledger for physical material | |
| CN110086608A (en) | User authen method, device, computer equipment and computer readable storage medium | |
| EP2639726A1 (en) | Service provision system and unit device | |
| CN108540470B (en) | Authentication system and method based on electronic authentication mark | |
| US20200143377A1 (en) | Systems and methods for user identity authentication | |
| CN105550928A (en) | System and method of network remote account opening for commercial bank | |
| CN114444105A (en) | Intelligent audit data reporting safety method | |
| CN111784342B (en) | Dynamic monitoring management system based on big data centralized payment | |
| CN111768180B (en) | Block chain account balance deposit certificate and recovery method | |
| US10693651B1 (en) | System and method for authentication using biometric hash strings | |
| KR20030052194A (en) | A system for user verification using biometric information, a method for registering certificates in the system and a user verification method | |
| WO2005054977A2 (en) | A method and system to electronically identify and verify an individual presenting himself for such identification and verification | |
| CN111524000B (en) | Identity authentication method and system | |
| EP3217593A1 (en) | Two-factor authentication method for increasing the security of transactions between a user and a transaction point or system | |
| CN114926173A (en) | Digital content heterogeneous chain cross-chain transaction security verification method based on block chain | |
| TWI793479B (en) | A data processing method, device and system | |
| CN114757664A (en) | Block chain transaction processing method, device and system and storage medium | |
| KR20230025727A (en) | DID Access Certifying System by Using Smart Treminal and Method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |