CN110210199B - Internet of things equipment identity authentication method based on fingerprint acquisition and identification - Google Patents
Internet of things equipment identity authentication method based on fingerprint acquisition and identification Download PDFInfo
- Publication number
- CN110210199B CN110210199B CN201910462894.9A CN201910462894A CN110210199B CN 110210199 B CN110210199 B CN 110210199B CN 201910462894 A CN201910462894 A CN 201910462894A CN 110210199 B CN110210199 B CN 110210199B
- Authority
- CN
- China
- Prior art keywords
- fingerprint
- equipment
- identity authentication
- information
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
Abstract
The invention relates to an identity authentication method of Internet of things equipment based on fingerprint acquisition and identification, which completes the identity authentication process of the equipment through fingerprints through a series of steps of random cutting of fingerprints, slice encryption transmission, decryption, image matching and the like, and realizes the identity authentication of the Internet of things equipment based on fingerprint identification; the information security of the identity authentication of the equipment of the Internet of things is protected; the identity authentication model randomly segmented by the fingerprint has higher safety and is not easy to be broken; when relevant parameters of the equipment are modified, fingerprint and password are required to carry out double-factor authentication, so that the safety of the equipment is high; the system has wide market prospects in the aspects of military management, intelligent home, warehouse management, commerce and the like.
Description
Technical Field
The invention relates to a device security authentication technology in the Internet of things, in particular to an Internet of things device identity authentication method based on fingerprint acquisition and identification.
Background
The internet of things is an important component of a new generation of information technology, and is a science and technology surge of another information industry after computers and the internet. At present, the technology of the internet of things is in a high-speed development stage, and the life of people is influenced and changed in a wider range in the future. But it is also worth noting that while the technology of the internet of things brings convenience to our lives, the development of the internet of things also faces various challenges such as market fragmentation, lack of unified access standards, and insufficient equipment safety performance. Especially in terms of safety, it is even possible to jeopardize the personal safety of the user directly, once a safety problem arises. Therefore, reliable and effective safety guarantee is the premise of continuous and stable operation of the Internet of things system. Identity authentication and data privacy disclosure of internet of things equipment are two main factors restricting rapid development of the internet of things.
Currently, scholars propose a dynamic password technology and a static password technology in the aspect of authentication technology, but the use of the static password in the environment of the internet of things easily leads to low security of the system. In addition, the digital certificate as a main authentication method increases time delay and reduces efficiency.
Disclosure of Invention
The invention provides an identity authentication method of equipment of the Internet of things based on fingerprint acquisition and identification, aiming at the problems of low static password security and large digital certificate delay in the environment of the Internet of things, and aims to realize convenient, quick, safe and credible identity authentication.
The technical scheme of the invention is as follows: an identity authentication method of Internet of things equipment based on fingerprint collection and identification is disclosed, wherein the Internet of things equipment is provided with a fingerprint collection module, and under the condition that a communication key M1 between the equipment is safe, the identity authentication method comprises the following steps:
1) a user logs in an equipment configuration interface through an initial configuration account password of equipment A and modifies an equipment management password; configuring relevant information of the equipment to enable the equipment to be normally connected to a security gateway of the Internet of things; inputting fingerprint information through a fingerprint acquisition module, and setting an inter-device communication key M1;
the device B is subjected to the same operation;
2) after the device A acquires the fingerprint information of the user, the device A randomly generates a secret key Ma, and the original input fingerprint information is encrypted and stored by adopting a symmetric encryption algorithm so as to ensure the information security of the acquired fingerprint; meanwhile, a device communication key M1 is saved, and a key M1 is used as a public key for encryption and decryption among devices;
3) after the device B acquires the fingerprint information of the user, the device B randomly generates a secret key Mb, and the original input fingerprint information is encrypted and stored by adopting a symmetric encryption algorithm so as to ensure the information security of the acquired fingerprint; meanwhile, a device communication key M1 is saved, and a key M1 is used as a public key for encryption and decryption among devices;
4) when the equipment A needs to perform identity authentication with the equipment B, the equipment A firstly decrypts the originally recorded fingerprint information by using the secret key Ma, and after the decryption of the fingerprint information is completed, the equipment A randomly cuts the fingerprint picture to obtain a fingerprint image slice P1, and ensures that the area of the fingerprint image slice P1 is not less than alpha percent of the area of the original fingerprint, and the alpha is a parameter set according to the actual condition;
5) the device A adopts a symmetric encryption algorithm, takes M1 as an encryption key, encrypts the fingerprint image slice P1, and transmits an encrypted data packet to the device B through a credible network channel, wherein the data packet contains information of the fingerprint image slice P1;
6) after receiving the data packet sent by the device A, the device B decrypts the received data packet by using the communication key M1 to restore the fingerprint image slice P1; simultaneously, decrypting the originally input fingerprint information by using the key Mb to obtain the plaintext information of the originally input fingerprint;
7) the device B carries out image matching on the fingerprint image slice P1 and the originally input fingerprint information, when the similarity reaches a set similarity beta, the matching is successful, and when the identity authentication is successful, the device B sends a return value of the successful authentication to the device A; when the matching result does not meet the requirement and the identity authentication fails, the equipment B sends a return value of the authentication failure to the equipment A;
8) after the device A successfully receives the successfully matched return value of the device B and confirms the identity of the return value sender, the identity authentication process is completed, and subsequent related operations such as communication, management, control or data sharing among devices can be carried out; and if the authentication failure result is received, the identity authentication is tried again through the operations of the steps 4) to 8).
The invention has the beneficial effects that: the identity authentication method of the Internet of things equipment based on fingerprint acquisition and identification realizes the identity authentication of the Internet of things equipment based on fingerprint identification; the information security of the identity authentication of the equipment of the Internet of things is protected; the identity authentication model which is randomly segmented by the fingerprint has higher safety and is not easy to break; fingerprint and password dual-factor authentication is needed when relevant parameters of the equipment are modified, and the safety of the equipment is high; the method has wide market prospect in the aspects of military management, intelligent home, warehouse management, commerce and the like.
Drawings
FIG. 1 is a schematic diagram of the identity authentication information interaction process of the device of the present invention;
fig. 2 is a schematic diagram of the whole process of identity authentication of the internet of things equipment.
Detailed Description
The equipment identity card authentication comprises a fingerprint acquisition and encryption storage module, a fingerprint segmentation module, a slice encryption module and a fingerprint matching module.
Fingerprint collection and encryption storage module: after the device A acquires the fingerprint information of the user, the device A randomly generates a secret key Ma, and the input fingerprint information is encrypted and stored by adopting a symmetric encryption algorithm so as to ensure the safety of the acquired fingerprint;
a fingerprint segmentation module: when the equipment A needs to perform identity authentication with the equipment B, the equipment A firstly decrypts the originally recorded fingerprint information by using the secret key Ma, and after the decryption of the fingerprint information is completed, the equipment A randomly cuts the fingerprint picture to obtain a fingerprint image slice P1, and the area of the slice P1 is not less than alpha% (parameter) of the area of the original fingerprint.
A slice encryption module: the device A adopts a symmetric encryption algorithm, encrypts the fingerprint slice P1 by taking a secret key M1 (an inter-device communication key) as an encryption key, and transmits an encrypted data packet (the data packet comprises fingerprint image slice P1 information) to the device B through a credible network channel;
fingerprint matching module:
1. after the device B receives the data packet sent by the device A, the received data packet is decrypted by using the communication key M1, and the plaintext information of the fingerprint image slice P1 is restored; and simultaneously, decrypting the originally input fingerprint information by using the key Mb to obtain the plaintext information of the originally input fingerprint.
2. The device B carries out image matching on the fingerprint image slice P1 and the originally input fingerprint information, when the similarity reaches beta (the set matching similarity), the matching is successful, and when the identity authentication is successful, the device B sends a return value of the successful authentication to the device A; when the matching result does not meet the requirement and the identity authentication fails, the equipment B sends a return value of the authentication failure to the equipment A;
3. after the device A successfully receives the successfully matched return value of the device B and confirms the identity of the return value sender, the identity authentication process is completed, and then subsequent related operations such as communication, management, control or data sharing among devices can be carried out; and if the result of authentication failure is received, the operation is tried again for identity authentication.
Fig. 1 is a schematic diagram of an interaction process of device identity authentication information. When an internet of things equipment identity authentication scheme based on fingerprint identification is researched, the owned internet of things equipment is assumed to be provided with a fingerprint acquisition module; assuming that the communication link is secure and reliable; it is assumed that the inter-device communication key M1 is secure and cannot be stolen. As shown in fig. 2, the overall process of identity authentication of the internet of things device is as follows:
the first step is as follows: a user logs in an equipment configuration interface through an initial configuration account password of equipment A and modifies an equipment management password; configuring relevant information of the equipment to enable the equipment to be normally connected to a security gateway of the Internet of things; inputting fingerprint information through a fingerprint acquisition module, and setting an inter-device communication key M1; (apparatus B was subjected to the same operation as described above)
The second step is that: after the device A acquires the fingerprint information of the user, the device A randomly generates a secret key Ma, and the original input fingerprint information is encrypted and stored by adopting a symmetric encryption algorithm so as to ensure the information security of the acquired fingerprint; meanwhile, a device communication key M1 is saved, and a key M1 is used as a public key for encryption and decryption among devices; the equipment B is subjected to the same operation;
the third step: after the device B acquires the fingerprint information of the user, the device B randomly generates a secret key Mb, and the original input fingerprint information is encrypted and stored by adopting a symmetric encryption algorithm so as to ensure the information security of the acquired fingerprint; meanwhile, a device communication key M1 is saved, and a key M1 is used as a public key for encryption and decryption among devices;
the fourth step: when the equipment A needs to perform identity authentication with the equipment B, the equipment A firstly decrypts the originally recorded fingerprint information by using the secret key Ma, and after the decryption of the fingerprint information is completed, the equipment A randomly cuts the fingerprint picture to obtain a fingerprint image slice P1, and ensures that the area of the fingerprint image slice P1 is not less than alpha percent of the area of the original fingerprint, and the alpha is a parameter set according to the actual condition;
the fifth step: the device A adopts a symmetric encryption algorithm, takes M1 as an encryption key, encrypts the fingerprint image slice P1 and transmits an encrypted data packet (the data packet contains fingerprint image slice P1 information) to the device B through a trusted network channel;
and a sixth step: after receiving the data packet sent by the device A, the device B decrypts the received data packet by using the communication key M1 to restore the fingerprint image slice P1; meanwhile, decrypting the originally input fingerprint information by using the key Mb to obtain the plaintext information of the originally input fingerprint;
the seventh step: the device B carries out image matching on the fingerprint image slice P1 and the originally input fingerprint information, when the similarity reaches beta, the matching is successful, and when the identity authentication is successful, the device B sends a return value of the successful authentication to the device A; when the matching result does not meet the requirement and the identity authentication fails, the equipment B sends a return value of the authentication failure to the equipment A;
the eighth step: after the device A successfully receives the successfully matched return value of the device B and confirms the identity of the return value sender, the identity authentication process is completed, and then subsequent related operations such as communication, management, control or data sharing among devices can be carried out; and if the authentication failure result is received, the operations of the second step to the eighth step are tried again for identity authentication. .
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the present invention, and any modifications, equivalents, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (1)
1. An identity authentication method of internet of things equipment based on fingerprint collection and identification is characterized in that the internet of things equipment is provided with a fingerprint collection module, and under the condition that a communication key M1 between the equipment is safe, the identity authentication method comprises the following steps:
1) a user logs in an equipment configuration interface through an initial configuration account password of equipment A and modifies an equipment management password; configuring relevant information of the equipment to enable the equipment to be normally connected to the Internet of things security gateway; inputting fingerprint information through a fingerprint acquisition module, and setting an inter-device communication key M1;
the device B is subjected to the same operation;
2) after the device A acquires the fingerprint information of the user, the device A randomly generates a secret key Ma, and the original input fingerprint information is encrypted and stored by adopting a symmetric encryption algorithm so as to ensure the information security of the acquired fingerprint; meanwhile, a device communication key M1 is saved, and a key M1 is used as a public key for encryption and decryption among devices;
3) after the device B acquires the fingerprint information of the user, the device B randomly generates a secret key Mb, and the original input fingerprint information is encrypted and stored by adopting a symmetric encryption algorithm so as to ensure the information security of the acquired fingerprint; meanwhile, a device communication key M1 is saved, and a key M1 is used as a public key for encryption and decryption among devices;
4) when the equipment A needs to perform identity authentication with the equipment B, the equipment A firstly decrypts the originally recorded fingerprint information by using the secret key Ma, and after the decryption of the fingerprint information is completed, the equipment A randomly cuts the fingerprint picture to obtain a fingerprint image slice P1, and ensures that the area of the fingerprint image slice P1 is not less than alpha percent of the area of the original fingerprint, and the alpha is a parameter set according to the actual condition;
5) the device A adopts a symmetric encryption algorithm, takes M1 as an encryption key, encrypts the fingerprint image slice P1, and transmits an encrypted data packet to the device B through a credible network channel, wherein the data packet contains information of the fingerprint image slice P1;
6) after receiving the data packet sent by the device A, the device B decrypts the received data packet by using the communication key M1 to restore the fingerprint image slice P1; simultaneously, decrypting the originally input fingerprint information by using the key Mb to obtain the plaintext information of the originally input fingerprint;
7) the device B carries out image matching on the fingerprint image slice P1 and the originally input fingerprint information, when the similarity reaches a set similarity beta, the matching is successful, and when the identity authentication is successful, the device B sends a return value of the successful authentication to the device A; when the matching result does not meet the requirement and the identity authentication fails, the equipment B sends a return value of the authentication failure to the equipment A;
8) after the device A successfully receives the successfully matched return value of the device B and confirms the identity of the return value sender, the identity authentication process is completed, and subsequent inter-device communication, management, control or data sharing operation can be carried out; and if the authentication failure result is received, the identity authentication is tried again through the operations of the steps 4) to 8).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910462894.9A CN110210199B (en) | 2019-05-30 | 2019-05-30 | Internet of things equipment identity authentication method based on fingerprint acquisition and identification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910462894.9A CN110210199B (en) | 2019-05-30 | 2019-05-30 | Internet of things equipment identity authentication method based on fingerprint acquisition and identification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110210199A CN110210199A (en) | 2019-09-06 |
| CN110210199B true CN110210199B (en) | 2022-07-15 |
Family
ID=67789613
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910462894.9A Active CN110210199B (en) | 2019-05-30 | 2019-05-30 | Internet of things equipment identity authentication method based on fingerprint acquisition and identification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110210199B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111444815A (en) * | 2020-03-24 | 2020-07-24 | 中国南方电网有限责任公司 | Substation identity authentication method, system and device and computer equipment |
| CN113162903B (en) * | 2021-02-02 | 2022-11-04 | 上海大学 | Authentication method based on connection information in network slice |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2000165378A (en) * | 1998-11-26 | 2000-06-16 | Kodo Ido Tsushin Security Gijutsu Kenkyusho:Kk | Fingerprint authentication device |
| CN102799869A (en) * | 2012-07-10 | 2012-11-28 | 广东工业大学 | Embedded fingerprint identification system based on FPGA |
| CN104283881A (en) * | 2014-10-11 | 2015-01-14 | 上海华和得易信息技术发展有限公司 | Method and system for certificate authority and safety use of sensing equipment of Internet of Things |
| CN105051753A (en) * | 2012-11-02 | 2015-11-11 | 维普公司 | Fingerprint enrolment algorithm |
| CN105791272A (en) * | 2016-02-23 | 2016-07-20 | 青岛海尔智能家电科技有限公司 | Method and device for secure communication in Internet of Things |
| CN106062778A (en) * | 2016-04-01 | 2016-10-26 | 深圳市汇顶科技股份有限公司 | Fingerprint identification method, device and terminal |
| WO2017000344A1 (en) * | 2015-06-30 | 2017-01-05 | 宇龙计算机通信科技(深圳)有限公司 | Operating method and terminal based on fingerprint recognition |
| CN107370597A (en) * | 2017-07-11 | 2017-11-21 | 深圳市雪球科技有限公司 | Safety certifying method and security certification system based on Internet of Things |
| CN108985146A (en) * | 2017-06-02 | 2018-12-11 | 三星电子株式会社 | The operating method of fingerprint sensor and display equipment including fingerprint sensor |
| CN109511011A (en) * | 2018-09-27 | 2019-03-22 | 东南大学 | A kind of finger print data base construction method towards YouTube DASH encrypted video |
| CN110225014A (en) * | 2019-05-30 | 2019-09-10 | 上海应用技术大学 | The internet of things equipment identity identifying method of lower hairdo is concentrated based on fingerprint |
| CN110581768A (en) * | 2019-10-11 | 2019-12-17 | 上海应用技术大学 | Registration login system based on block chain zero-knowledge proof and application |
-
2019
- 2019-05-30 CN CN201910462894.9A patent/CN110210199B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2000165378A (en) * | 1998-11-26 | 2000-06-16 | Kodo Ido Tsushin Security Gijutsu Kenkyusho:Kk | Fingerprint authentication device |
| CN102799869A (en) * | 2012-07-10 | 2012-11-28 | 广东工业大学 | Embedded fingerprint identification system based on FPGA |
| CN105051753A (en) * | 2012-11-02 | 2015-11-11 | 维普公司 | Fingerprint enrolment algorithm |
| CN104283881A (en) * | 2014-10-11 | 2015-01-14 | 上海华和得易信息技术发展有限公司 | Method and system for certificate authority and safety use of sensing equipment of Internet of Things |
| WO2017000344A1 (en) * | 2015-06-30 | 2017-01-05 | 宇龙计算机通信科技(深圳)有限公司 | Operating method and terminal based on fingerprint recognition |
| CN105791272A (en) * | 2016-02-23 | 2016-07-20 | 青岛海尔智能家电科技有限公司 | Method and device for secure communication in Internet of Things |
| CN106062778A (en) * | 2016-04-01 | 2016-10-26 | 深圳市汇顶科技股份有限公司 | Fingerprint identification method, device and terminal |
| CN108985146A (en) * | 2017-06-02 | 2018-12-11 | 三星电子株式会社 | The operating method of fingerprint sensor and display equipment including fingerprint sensor |
| CN107370597A (en) * | 2017-07-11 | 2017-11-21 | 深圳市雪球科技有限公司 | Safety certifying method and security certification system based on Internet of Things |
| CN109511011A (en) * | 2018-09-27 | 2019-03-22 | 东南大学 | A kind of finger print data base construction method towards YouTube DASH encrypted video |
| CN110225014A (en) * | 2019-05-30 | 2019-09-10 | 上海应用技术大学 | The internet of things equipment identity identifying method of lower hairdo is concentrated based on fingerprint |
| CN110581768A (en) * | 2019-10-11 | 2019-12-17 | 上海应用技术大学 | Registration login system based on block chain zero-knowledge proof and application |
Non-Patent Citations (6)
| Title |
|---|
| Combined Contourlet and Non-subsampled Contourlet Transforms Based Approach for Personal Identification using Palmprint;Hassan Masood;《2009 Digital Image Computing: Techniques and Applications》;20091231;第1-5页 * |
| Efficient Pairing-Based Threshold Proxy Signature Scheme with Known Signers;Haifeng QIAN,Zhenfu CAO,Qingshui XUE;《2005 Institute of Mathematics and Informatics, Vilnius》;20050401;第16卷(第2期);第261-274页 * |
| 一种基于独立分类特征的指纹多级分类算法;左 龙;《计算机应用与软件》;20130331;第30卷(第3期);第132-135页 * |
| 基于物联网设备指纹的情境认证方法;杜俊雄;《计算机应用》;20190210;第39卷(第2期);第464-469页 * |
| 基于认证的移动学习私密保护模型和方案;李凤英;《现代远程教育研究》;20130525;第72-77页 * |
| 生物特征识别:小面积指纹识别算法(一);Mx-sh双子养双鱼;《https://zhuanlan.zhihu.com/p/29136395》;20181030;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110210199A (en) | 2019-09-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100490372C (en) | A method for backup and recovery of encryption key | |
| CN104917741B (en) | A kind of plain text document public network secure transmission system based on USBKEY | |
| EP2466508A1 (en) | Deduplicated and encrypted backups | |
| EP3337088B1 (en) | Data encryption method, decryption method, apparatus, and system | |
| CN112311865B (en) | File encryption transmission method and device | |
| US9313185B1 (en) | Systems and methods for authenticating devices | |
| CN110225014B (en) | Internet of things equipment identity authentication method based on fingerprint centralized issuing mode | |
| CN111954211B (en) | Novel authentication key negotiation system of mobile terminal | |
| CN109474583B (en) | Data security management system | |
| CN113541935B (en) | Encryption cloud storage method, system, equipment and terminal supporting key escrow | |
| CN103731475A (en) | Data protection system | |
| CN103546421A (en) | Network work communication security and secrecy system on basis of PKI (public key infrastructure) technology and method for implementing network work communication security and secrecy system | |
| CN103559453A (en) | Hardware encryption protection method and system for cellphone data | |
| CN111970114B (en) | File encryption method, system, server and storage medium | |
| CN104660397A (en) | Secret key managing method and system | |
| CN105656862A (en) | Authentication method and device | |
| CN110210199B (en) | Internet of things equipment identity authentication method based on fingerprint acquisition and identification | |
| CN112866227A (en) | File authorization protection method and system | |
| CN103051459A (en) | Management method and device of traction secrete key of safety card | |
| CN111163108A (en) | Electric power Internet of things security terminal chip composite encryption system and method | |
| US11784812B1 (en) | Device, system, and method to facilitate secure data transmission, storage and key management | |
| CN109698839B (en) | Desensitization data comparison method and device based on asymmetric algorithm | |
| CN111698253A (en) | Computer network safety system | |
| CN114286331B (en) | Identity authentication method and system suitable for electric power Internet of things 5G data terminal | |
| CN107404476B (en) | Method and device for protecting data security in big data cloud environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20230601 Address after: 200333 room 1109, No.4, Lane 800, Tongpu Road, Putuo District, Shanghai Patentee after: Shanghai Qiyue Information Technology Co.,Ltd. Address before: 200235 No. 120, Xuhui District, Shanghai, Caobao Road Patentee before: SHANGHAI INSTITUTE OF TECHNOLOGY |
|
| TR01 | Transfer of patent right |