CN110012034B - Biological characteristic authentication method with privacy protection function in cloud environment - Google Patents
Biological characteristic authentication method with privacy protection function in cloud environment Download PDFInfo
- Publication number
- CN110012034B CN110012034B CN201910387698.XA CN201910387698A CN110012034B CN 110012034 B CN110012034 B CN 110012034B CN 201910387698 A CN201910387698 A CN 201910387698A CN 110012034 B CN110012034 B CN 110012034B
- Authority
- CN
- China
- Prior art keywords
- palm print
- server
- identity
- pseudo
- revocable
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Collating Specific Patterns (AREA)
Abstract
A biometric authentication method under the cloud environment with privacy protection is characterized in that the authentication processes of the biometric are respectively placed in three different servers, and in a revocable feature server, revocable biometric features are generated by using a revocable palm print competition code feature identification method of IoM, so that the security of the biometric features is ensured; in the pseudo-biometric server, processing a pseudo-random number sequence by using a cyclic XOR algorithm to obtain a pseudo-identity feature; finally, in the identity authentication server, identity authentication is realized by comparing the pseudo identity characteristics; by using the algorithm, the security of the biological characteristics can be ensured, the security and the privacy of the template can be ensured, and the remote cloud identity authentication can be realized.
Description
Technical Field
The invention relates to the field of biological characteristic authentication, in particular to a biological characteristic authentication method with privacy protection in a cloud environment.
Background
Biometric identification technology has become a popular application for identity management today. However, if only unprotected biometric templates are stored, some security and privacy issues may result when the biometric templates are destroyed. For example, an attacker may make an illegal access to the system using a stolen template. Furthermore, once compromised, the biometric is no longer valid due to its irrevocability. Therefore, biometric template protection is crucial for biometric recognition systems. In general, biometric template protection falls into two broad categories: biometric and biometric cryptography (or biometric encryption) may be eliminated.
It is understood that the potential safety hazards of the biometric encryption technologies such as fingerprints, human faces, irises and the like are gradually shown in recent years, and the largest hacker alliance in europe, namely the chaos computer club, has mastered new technologies, and can reproduce the fingerprints of people through a plurality of finger photos. Different from the above technologies, the palm print identification encryption technology has the advantages of difficulty in imitation, strong privacy, high safety and the like.
The fingerprint, the face and the iris have the defects, the fingerprint is easy to remain in various places, and the face and the iris are exposed for a long time. In the field of private security, the security of fingerprints, faces and irises is inferior to that of palmprints. If people are not provided to others actively, the palm print leakage probability is extremely low. The palm print is used as a new non-contact biological feature recognition technology, and is a technology for acquiring the hand palm texture by using infrared radiation and other modes, extracting features by using a special algorithm and using the features as a user identity recognition mark. Compared with other biological characteristics used for identification, the palm print has the advantage of being irreplaceable. However, the existing syndrome recognition technology is easy to expose privacy in a cloud environment, and cannot well realize security.
Disclosure of Invention
In order to overcome the defects of the technology, the invention provides the method for authenticating the biological characteristics under the cloud environment with the privacy protection, which can protect the safety of the biological characteristics and realize the remote authentication of the user identity, and the characteristics used by the authentication are revocable and have high safety.
The technical scheme adopted by the invention for overcoming the technical problems is as follows:
a biometric authentication method under a cloud environment with privacy protection comprises the following steps:
a) the authentication user puts forward an authentication request to an identity authentication server, the identity authentication server identifies the ID and the password of the user, the identification is transmitted to a database server through a network by a back identity authentication server, the database server indexes the palm print Feature when the user registers through the user ID, and the database returns the palm print Feature to a revocable Feature server;
b) the revocable Feature server extracts competition code features of special vectors in the palm print Feature after obtaining the palm print Feature, IoM processes the obtained competition code features to obtain revocable palm print Feature B, and sends the revocable palm print Feature B to the pseudo biological Feature server;
c) the method comprises the steps that a pseudo-biometric server generates a binary random number sequence with the same length as a revocable palm print feature B, the binary random number sequence and the revocable palm print feature B are subjected to exclusive-or processing to obtain a process variable C, a seed secret key seed2 is used, the binary random number sequence is processed by a cyclic exclusive-or algorithm to obtain a pseudo-identity feature PI, the life cycle T of the pseudo-identity feature PI is set, and the pseudo-identity feature PI is transmitted to an identity authentication server;
d) the identity authentication server sends a request to an authentication user to request the authentication user to input a palm print characteristic;
e) the method comprises the steps that an authenticated user acquires a palm print image of the user by using a palm print image acquisition device, the acquired palm print image is preprocessed, an ROI (region of interest) image of the palm print image is extracted, and binarization processing is carried out on the ROI image;
f) using a Gabor filter bank through formula GR(u,v)=(4u2-2)exp(-u2-v2) Filtering the ROI image after binarization to obtain a filtered image GR(u, v) where u is the abscissa of the ROI image and v is the ordinate of the ROI image, by the formulaFor filtered image GR(u, v) carrying out normalization processing to obtain palm print competition code characteristics CompCode (x, y), wherein I (x, y) is a point with x abscissa and y ordinate in the palm print image, represents convolution operation, and thetajJ pi/J, J being { 0., J-1}, J being the number of directions in which palm print images are acquired, J being 8;
g) transmitting the palm print competition code characteristic CompCode (x, y) to a revocable characteristic server through an identity authentication server, and the revocable characteristic server IoM processing the palm print competition code characteristic CompCode (x, y) to obtain a revocable palm print characteristic B ', and feeding back the revocable palm print characteristic B' to a pseudo-biometric characteristic server; h) the pseudo-biometric server performs exclusive-or processing on the revocable palm print characteristic B 'and the process variable C to obtain a binary random sequence, the binary random sequence is processed by using a seed key seed2 through a cyclic exclusive-or algorithm to obtain a pseudo-identity characteristic PI', the pseudo-identity characteristic PI 'is transmitted to the identity authentication server, and the identity authentication server realizes identity authentication by comparing the pseudo-identity characteristic PI with the pseudo-identity characteristic PI'.
Further, the identity authentication server in the step a) adopts an identity authentication system.
Further, the palm print image is preprocessed in step e) by the PAD or the mobile device.
Preferably, the seed key seed2 is used in step h) using a formula
Generating a mapping value x of a binary random sequencen+1In the formula xnThe value of the nth input of the system is r, which is a control parameter and has a value range of (0,4), and mod (1) is a remainder function.
The invention has the beneficial effects that: the authentication process of the biological characteristics is respectively put into three different servers, and in the revocable characteristic server, the revocable biological characteristics are generated by using a revocable palm print competition code characteristic identification method of IoM, so that the safety of the biological characteristics is ensured; in the pseudo-biometric server, processing a pseudo-random number sequence by using a cyclic XOR algorithm to obtain a pseudo-identity feature; finally, in the identity authentication server, identity authentication is realized by comparing the pseudo identity characteristics; by using the algorithm, the security of the biological characteristics can be ensured, the security and the privacy of the template can be ensured, and the remote cloud identity authentication can be realized.
Drawings
FIG. 1 is a flow chart of the present invention;
FIG. 2 is a flow chart of the LTSS complex chaotic system according to the present invention;
FIG. 3 is a LTSS composite chaotic map bifurcation diagram in accordance with the present invention;
FIG. 4 is a LTSS complex chaotic Lyapunov index diagram of the present invention.
Detailed Description
The invention will be further explained with reference to fig. 1, fig. 2 and fig. 3.
A biometric authentication method under a cloud environment with privacy protection comprises the following steps:
a) the authentication user puts forward an authentication request to an identity authentication server, the identity authentication server identifies the ID and the password of the user, the identification is transmitted to a database server through a network by a back identity authentication server, the database server indexes the palm print Feature when the user registers through the user ID, and the database returns the palm print Feature to a revocable Feature server;
b) the revocable Feature server extracts competition code features of special vectors in the palm print Feature after obtaining the palm print Feature, IoM processes the obtained competition code features to obtain revocable palm print Feature B, and sends the revocable palm print Feature B to the pseudo biological Feature server;
c) the method comprises the steps that a pseudo-biometric server generates a binary random number sequence with the same length as a revocable palm print feature B, the binary random number sequence and the revocable palm print feature B are subjected to exclusive-or processing to obtain a process variable C, a seed secret key seed2 is used, the binary random number sequence is processed by a cyclic exclusive-or algorithm to obtain a pseudo-identity feature PI, the life cycle T of the pseudo-identity feature PI is set, and the pseudo-identity feature PI is transmitted to an identity authentication server;
d) the identity authentication server sends a request to an authentication user to request the authentication user to input a palm print characteristic;
e) the method comprises the steps that an authenticated user acquires a palm print image of the user by using a palm print image acquisition device, the acquired palm print image is preprocessed, an ROI (region of interest) image of the palm print image is extracted, and binarization processing is carried out on the ROI image;
f) using a Gabor filter bank through formula GR(u,v)=(4u2-2)exp(-u2-v2) Filtering the ROI image after binarization to obtain a filtered image GR(u, v) where u is the abscissa of the ROI image and v is the ordinate of the ROI image, by the formulaFor filtered image GR(u, v) carrying out normalization processing to obtain palm print competition code characteristics CompCode (x, y), wherein I (x, y) is a point with x abscissa and y ordinate in the palm print image, represents convolution operation, and thetajJ pi/J, J being { 0., J-1}, J being the number of directions in which palm print images are acquired, J being 8;
g) transmitting the palm print competition code characteristic CompCode (x, y) to a revocable characteristic server through an identity authentication server, and the revocable characteristic server IoM processing the palm print competition code characteristic CompCode (x, y) to obtain a revocable palm print characteristic B ', and feeding back the revocable palm print characteristic B' to a pseudo-biometric characteristic server;
h) the pseudo-biometric server performs exclusive-or processing on the revocable palm print characteristic B 'and the process variable C to obtain a binary random sequence, the binary random sequence is processed by using a seed key seed2 through a cyclic exclusive-or algorithm to obtain a pseudo-identity characteristic PI', the pseudo-identity characteristic PI 'is transmitted to the identity authentication server, and the identity authentication server realizes identity authentication by comparing the pseudo-identity characteristic PI with the pseudo-identity characteristic PI'.
The authentication process of the biological characteristics is respectively put into three different servers, and in the revocable characteristic server, the revocable biological characteristics are generated by using a revocable palm print competition code characteristic identification method of IoM, so that the safety of the biological characteristics is ensured; in the pseudo-biometric server, processing a pseudo-random number sequence by using a cyclic XOR algorithm to obtain a pseudo-identity feature; finally, in the identity authentication server, identity authentication is realized by comparing the pseudo identity characteristics; by using the algorithm, the security of the biological characteristics can be ensured, the security and the privacy of the template can be ensured, and the remote cloud identity authentication can be realized.
Preferably, the identity authentication server in step a) adopts an identity authentication system.
Preferably, the palm print image is preprocessed in step e) by the PAD or the mobile device.
Further, the seed key seed2 is used in step h) using a formula
Generating a mapping value x of a binary random sequencen+1In the formula xnThe value of the nth input of the system is r, which is a control parameter and has a value range of (0,4), and mod (1) is a remainder function. The LTSS composite chaotic system is formed by compounding a logistic chaotic map, a tent chaotic map and a sine chaotic map. As shown in the attached figure 1, the LTSS composite chaotic system ensures the chaotic degree of the composite chaotic system through two times of additive combination by logistic, tent and sine chaotic mapping, and ensures that a chaotic sequence is always between 0 and 1 through two times of mod residue taking functions. First, assume the value of the system's nth input is xnX is to benRespectively input into a one-dimensional logistic chaotic map, a one-dimensional tend map and a one-dimensional sine map. Combining the mapping value of the logistic chaos and the mapping value of the tend chaos through an adder, and then performing remainder operation to ensure that the combined mapping value is between 0 and 1. And performing second additive composition on the sine chaotic mapping value and the mapping value obtained after the processing, and taking the remainder. Finally obtaining the mapping value x of the whole LTSS chaotic systemn+1. By continuously repeating the operations, a sequence with stronger randomness than the traditional one-dimensional chaotic sequence can be obtained. The way of using the LTSS chaotic system to generate the chaotic sequence is to give an initial parameter r and an initial value x0These two parameters are input into the system, and the mapping value x can be obtained according to the formula (1)1. Then the parameter r and the mapping value x are used1Inputting the data into the system to obtain a mapping value x2. The above process is repeated continuously, and any required chaotic sequence can be obtained. Fig. 3 and 4 are a bifurcation diagram and a Lyapunov index diagram of the LTSS chaotic system. Can be used forThe bifurcation diagram of the LTSS chaotic system is more uniform, the Lyapunov indexes corresponding to the chaotic systems are quantitatively analyzed, the Lyapunov indexes of the LTSS chaotic system are about 1.4 and are always greater than 0, and the chaotic system is proved to have better chaos and randomness.
Claims (4)
1. A biometric authentication method under a cloud environment with privacy protection is characterized by comprising the following steps:
a) the authentication user puts forward an authentication request to an identity authentication server, the identity authentication server identifies the ID and the password of the user, the identification is transmitted to a database server through a network by a back identity authentication server, the database server indexes the palm print Feature when the user registers through the user ID, and the database returns the palm print Feature to a revocable Feature server;
b) the revocable Feature server extracts competition code features of special vectors in the palm print Feature after obtaining the palm print Feature, IoM processes the obtained competition code features to obtain revocable palm print Feature B, and sends the revocable palm print Feature B to the pseudo biological Feature server;
c) the method comprises the steps that a pseudo-biometric server generates a binary random number sequence with the same length as a revocable palm print feature B, the binary random number sequence and the revocable palm print feature B are subjected to exclusive-or processing to obtain a process variable C, a seed secret key seed2 is used, the binary random number sequence is processed by a cyclic exclusive-or algorithm to obtain a pseudo-identity feature PI, the life cycle T of the pseudo-identity feature PI is set, and the pseudo-identity feature PI is transmitted to an identity authentication server;
d) the identity authentication server sends a request to an authentication user to request the authentication user to input a palm print characteristic;
e) the method comprises the steps that an authenticated user acquires a palm print image of the user by using a palm print image acquisition device, the acquired palm print image is preprocessed, an ROI (region of interest) image of the palm print image is extracted, and binarization processing is carried out on the ROI image;
f) using a Gabor filter bank through formula GR(u,v)=(4u2-2)exp(-u2-v2) Filtering the ROI image after binarization to obtain a filtered image GR(u, v) where u is the abscissa of the ROI image and v is the ordinate of the ROI image, by the formulaFor filtered image GR(u, v) carrying out normalization processing to obtain palm print competition code characteristics CompCode (x, y), wherein I (x, y) is a point with x abscissa and y ordinate in the palm print image, represents convolution operation, and thetajJ pi/J, J being { 0., J-1}, J being the number of directions in which palm print images are acquired, J being 8;
g) transmitting the palm print competition code characteristic CompCode (x, y) to a revocable characteristic server through an identity authentication server, and the revocable characteristic server IoM processing the palm print competition code characteristic CompCode (x, y) to obtain a revocable palm print characteristic B ', and feeding back the revocable palm print characteristic B' to a pseudo-biometric characteristic server;
h) the pseudo-biometric server performs exclusive-or processing on the revocable palm print characteristic B 'and the process variable C to obtain a binary random sequence, the binary random sequence is processed by using a seed key seed2 through a cyclic exclusive-or algorithm to obtain a pseudo-identity characteristic PI', the pseudo-identity characteristic PI 'is transmitted to the identity authentication server, and the identity authentication server realizes identity authentication by comparing the pseudo-identity characteristic PI with the pseudo-identity characteristic PI'.
2. The method for biometric authentication in a cloud environment with privacy protection according to claim 1, wherein: the identity authentication server in the step a) adopts an identity card authentication system.
3. The method for biometric authentication in a cloud environment with privacy protection according to claim 1, wherein: and e) preprocessing the palm print image by the mobile equipment.
4. The method for biometric authentication in a cloud environment with privacy protection according to claim 1, wherein: using seed key seed2 in step h) using a formula
Generating a mapping value x of a binary random sequencen+1In the formula xnThe value of the nth input of the system is r, which is a control parameter and has a value range of (0,4), and mod (1) is a remainder function.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910387698.XA CN110012034B (en) | 2019-05-10 | 2019-05-10 | Biological characteristic authentication method with privacy protection function in cloud environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910387698.XA CN110012034B (en) | 2019-05-10 | 2019-05-10 | Biological characteristic authentication method with privacy protection function in cloud environment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110012034A CN110012034A (en) | 2019-07-12 |
CN110012034B true CN110012034B (en) | 2021-06-01 |
Family
ID=67176493
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910387698.XA Expired - Fee Related CN110012034B (en) | 2019-05-10 | 2019-05-10 | Biological characteristic authentication method with privacy protection function in cloud environment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110012034B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101227269A (en) * | 2007-01-18 | 2008-07-23 | 中国科学院自动化研究所 | Method for binding and publishing digital information or cryptographic key based on fingerprint frequency domain |
CN104268533A (en) * | 2014-10-10 | 2015-01-07 | 南昌航空大学 | Non-contact revocable palm print bimodal authentication method |
CN106789063A (en) * | 2016-12-05 | 2017-05-31 | 济南大学 | A kind of double factor authentication method based on convolution and circulation dual coding |
CN107958211A (en) * | 2017-11-20 | 2018-04-24 | 济南大学 | A kind of palm grain identification method based on matrix conversion |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7325134B2 (en) * | 2002-10-08 | 2008-01-29 | Koolspan, Inc. | Localized network authentication and security using tamper-resistant keys |
US8249314B2 (en) * | 2008-06-16 | 2012-08-21 | International Business Machines Corporation | Anonymous and revocable fingerprint recognition |
CN106250823A (en) * | 2016-07-21 | 2016-12-21 | 同济大学 | A kind of palm print and palm vein recognition methods and palm print and palm vein image capture instrument |
CN109145791A (en) * | 2018-08-09 | 2019-01-04 | 深圳大学 | One kind being based on the contactless fingers and palms recognition methods in mobile terminal and system |
-
2019
- 2019-05-10 CN CN201910387698.XA patent/CN110012034B/en not_active Expired - Fee Related
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101227269A (en) * | 2007-01-18 | 2008-07-23 | 中国科学院自动化研究所 | Method for binding and publishing digital information or cryptographic key based on fingerprint frequency domain |
CN104268533A (en) * | 2014-10-10 | 2015-01-07 | 南昌航空大学 | Non-contact revocable palm print bimodal authentication method |
CN106789063A (en) * | 2016-12-05 | 2017-05-31 | 济南大学 | A kind of double factor authentication method based on convolution and circulation dual coding |
CN107958211A (en) * | 2017-11-20 | 2018-04-24 | 济南大学 | A kind of palm grain identification method based on matrix conversion |
Non-Patent Citations (3)
Title |
---|
PALMHASH CODE FOR PALMPRINT VERIFICATION AND PROTECTION;Lu Leng;《2012 25th IEEE Canadian Conference on Electrical and Computer Engineering》;20121022;第1-4页 * |
Ranking-Based Locality Sensitive Hashing-Enabled Cancelable Biometrics: Index-of-Max Hashing;Zhe Jin;《IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY》;20170915;第13卷(第2期);第393-407页 * |
二维正交Log-Gabor 滤波器结合混沌加密的掌纹认证方法;焦阳;《河南理工大学学报( 自然科学版)》;20160714;第35卷(第4期);第545-550页 * |
Also Published As
Publication number | Publication date |
---|---|
CN110012034A (en) | 2019-07-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Uludag et al. | Biometric cryptosystems: issues and challenges | |
US9189612B2 (en) | Biometric verification with improved privacy and network performance in client-server networks | |
Kaur et al. | Biometric template protection using cancelable biometrics and visual cryptography techniques | |
Abd Razak et al. | Data anonymization using pseudonym system to preserve data privacy | |
Mehta et al. | An efficient and lossless fingerprint encryption algorithm using Henon map & Arnold transformation | |
Tarek et al. | Image-based Multimodal Biometric Authentication Using Double Random Phase Encoding. | |
Ara et al. | An efficient privacy-preserving user authentication scheme using image processing and blockchain technologies | |
Saraswathi et al. | Retinal biometrics based authentication and key exchange system | |
Brindha | Biometric template security using fuzzy vault | |
Jasmine et al. | A privacy preserving based multi-biometric system for secure identification in cloud environment | |
CN110516425B (en) | Secret sharing method and system | |
Ashish et al. | Biometric Temp | |
Machado et al. | Securing ATM pins and passwords using Fingerprint based Fuzzy Vault System | |
Barman et al. | Revocable key generation from irrevocable biometric data for symmetric cryptography | |
CN110012034B (en) | Biological characteristic authentication method with privacy protection function in cloud environment | |
Islam et al. | Technology review: image enhancement, feature extraction and template protection of a fingerprint authentication system | |
Rudrakshi et al. | A model for secure information storage and retrieval on cloud using multimodal biometric cryptosystem | |
Trainys et al. | Encryption Keys Generation Based on Bio-Cryptography Finger Vein Method | |
Ghouzali | Multimodal Biometric Watermarking-based Transfer Learning Authentication | |
Giri et al. | Authentication method to secure cloud data centres using biometric technology | |
Ganjewar et al. | Privacy threat reduction using modified multi-line code generation algorithm (MMLCGA) for cancelable biometric technique (CBT) | |
Karunathilake et al. | A steganography-based fingerprint authentication mechanism to counter fake physical biometrics and trojan horse attacks | |
Selvarani et al. | To enhance the data security in cloud computing using multimodal biometric system | |
Ajith et al. | Iris Cryptography for Security Purpose | |
Han et al. | An Improved Biometric Template Protection Method based on Non-Uniform Quantization. |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20210601 |