CN110392030B - Identity authentication and service processing method and system based on biological characteristics - Google Patents
Identity authentication and service processing method and system based on biological characteristics Download PDFInfo
- Publication number
- CN110392030B CN110392030B CN201810362579.4A CN201810362579A CN110392030B CN 110392030 B CN110392030 B CN 110392030B CN 201810362579 A CN201810362579 A CN 201810362579A CN 110392030 B CN110392030 B CN 110392030B
- Authority
- CN
- China
- Prior art keywords
- data
- user
- user identification
- identification information
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Biodiversity & Conservation Biology (AREA)
- Life Sciences & Earth Sciences (AREA)
- Collating Specific Patterns (AREA)
Abstract
The invention discloses an identity authentication and service processing method and system based on biological characteristics, relating to the technical field of biological identification.A terminal acquires biological characteristic information and user identification information of a user and generates a characteristic value and user data; the server authenticates the user identity according to the user identification information and the characteristic value contained in the received service processing request and the stored characteristic value corresponding to the user identification information, and responds or terminates the service processing request according to the authentication result. The invention does not need to store the biological characteristic information of the user, avoids the leakage of the biological characteristic information of the user and improves the safety of identity authentication. Meanwhile, the terminal eliminates illegal users through authentication, and the authentication pressure of the server is reduced.
Description
Technical Field
The invention relates to the technical field of biological characteristic data processing, in particular to an identity authentication and service processing method and system based on biological characteristics.
Background
Biometric identification technology has been widely used in the fields of smart device unlocking, mobile payment authentication, and the like. However, the existing biometric identification technology needs to store the registered biometric information, and the biometric information may be leaked when the biometric information is transmitted and stored, thereby bringing information security hidden trouble to users.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide an identity authentication and service processing method and system based on biological characteristics, which effectively eliminate illegal users, improve the security of identity authentication and reduce the data processing pressure of a server.
In order to achieve the above purposes, the technical scheme adopted by the invention is as follows: a method for identity authentication and service processing based on biological characteristics comprises the following steps:
the identity authentication and service processing method based on the biological characteristics comprises a registration process and an authentication process:
the registration process comprises:
a1, the terminal receives the registration application of the user, and acquires the biological characteristic information and the user identification information B of the user who initiates the registration application;
a2, the terminal generates high-entropy data S from the biological characteristic information by adopting a preset algorithm; calculating the high-entropy data S by adopting a key generation algorithm to obtain data K; taking the data K as a secret key, and encrypting the user identification information B by adopting a symmetric encryption algorithm to obtain a characteristic value O; the key generation algorithm comprises a pseudo-random number generation algorithm or a one-way hash algorithm;
a3, the terminal calculates the first data Q by the user identification information B and the high-entropy data S; the first data Q is used as a secret key, a symmetric encryption algorithm is used for encrypting the characteristic value O to obtain user data M, and the user data M and the user identification information B are stored in the terminal in a correlation mode;
a4, the terminal sends the user identification information B and the characteristic value O to a server, and the server stores the user identification information B and the characteristic value O in a server database in a correlation manner;
the authentication process includes:
b1, the terminal receives the service application of the user and obtains the biological characteristic information and the user identification information B' of the user who initiates the service application;
b2, the terminal detects whether the user data M 'associated with the user identification information B' is stored; if yes, go to step B3; if not, go to step B5;
b3, the terminal generates high-entropy data S' from the biological characteristic information by adopting a preset algorithm; obtaining first data Q ' by adopting the same calculation method in the registration process for the user identification information B ' and the high-entropy data S '; the first data Q ' is used as a secret key, and the same symmetric encryption algorithm in the registration process is used for decrypting the data M ' corresponding to the user identification information B ' in the terminal;
b4, the terminal judges whether the decryption is successful, if so, the terminal obtains a characteristic value O', and the step B6 is entered; if not, go to step B11;
b5, the terminal generates data M ' and characteristic value O ' corresponding to the user identification B ' by adopting the same calculation algorithm in the registration process for the biological characteristic information, and stores the newly generated user identification information B ' and the user data M ' in the terminal in a correlation manner;
b6, the terminal sends the service request containing the user identification information B 'and the characteristic value O' to the server;
b7, the server receives the service request, and compares whether the characteristic value O 'contained in the service request and the characteristic value corresponding to the user identification information B' in the database are the same, if yes, the step B8 is entered; if not, go to step B9;
b8, the server executes the service request; returning authentication success information; finishing;
b9, the server terminates the service request; returning authentication failure information;
b10, when the terminal receives the authentication failure information sent by the server, if M 'corresponding to the user identification B' is not newly generated, directly ending; if the user data M 'corresponding to the user identification B' is newly generated, clearing the user identification B 'and the corresponding user data M', and ending;
b11, returning authentication failure information, and ending.
On the basis of the technical scheme, the preset algorithm comprises fuzzy extraction, fuzzy commitment and a fuzzy safety box.
On the basis of the above technical solution, the process of the terminal in step a3 of calculating the first data Q by the user identification information B and the high-entropy data S includes:
performing exclusive-or operation, interpolation operation or cascade operation on the user identification information B and the high-entropy data S to obtain second data I, and calculating the second data I by adopting a key generation algorithm to obtain first data Q; the key generation algorithm includes a pseudo-random number generation algorithm or a one-way hash algorithm.
On the basis of the technical scheme, the biological characteristic information comprises one or more of a human face, an iris, a fingerprint, a sclera, a finger vein and a palm vein.
On the basis of the technical scheme, the symmetric encryption algorithm is one of SM4, DES, 3DES, IDEA and AES.
The invention also discloses an identity authentication and service processing system based on biological characteristics, which comprises a terminal and a server:
the terminal includes:
the user information acquisition module is used for receiving a registration application of a user by a terminal in a registration process and acquiring biological characteristic information and user identification information B of the user initiating the registration application; in the authentication process, a terminal receives a service application of a user and acquires biological characteristic information and user identification information B' of the user who initiates the service application;
the detection module is used for detecting whether the terminal stores the user data M 'associated with the user identification information B' in the authentication process;
the characteristic value generation module is used for generating high-entropy data S by adopting the biological characteristic information in the registration process; calculating the high-entropy data S by adopting a key generation algorithm to obtain data K; taking the data K as a secret key, and encrypting the user identification information B by adopting a symmetric encryption algorithm to obtain a characteristic value O; in the authentication process, when the detection module detects that the user data M 'associated with the user identification information B' is not stored, the terminal generates a characteristic value O 'corresponding to the user identification B' by adopting the same calculation algorithm in the registration process for the biological characteristic information;
the user data generation module is used for calculating first data Q for the user identification information B and the high-entropy data S in the registration process; the first data Q is used as a secret key, a symmetric encryption algorithm is used for encrypting the characteristic value O to obtain user data M, and the user data M and the user identification information B are stored in the terminal in a correlation mode; in the authentication process, when the detection module detects that the user data M ' associated with the user identification information B ' is not stored, the terminal generates the user data M ' by adopting the same calculation algorithm in the registration process for the biological characteristic information;
the decryption module is used for generating high-entropy data S ' by adopting the biological characteristic information when the detection module detects that the user data M ' associated with the user identification information B ' is stored in the authentication process; obtaining first data Q ' by adopting the same calculation method in the registration process for the user identification information B ' and the high-entropy data S '; the first data Q ' is used as a secret key, and the same symmetric encryption algorithm in the registration process is used for decrypting the data M ' corresponding to the user identification information B ' in the terminal; when the decryption is successful, obtaining a characteristic value O'; when decryption fails, authentication failure is returned;
the transmission module is used for sending the information containing the user identification information B and the characteristic value O to a server in the registration process;
the service request module is used for sending a service request containing user identification information B 'and a characteristic value O' to the server in the authentication process;
the user data updating module is used for clearing the user identification B 'and the corresponding user data M' when receiving authentication failure information sent by the server and if the user data M 'corresponding to the user identification B' is newly generated; otherwise, no clearing is needed;
the server includes:
the storage module is used for storing the user identification information B and the characteristic value O which are sent by the terminal in a server database in a correlation manner;
the authentication module is used for receiving the service request and comparing whether the characteristic value O 'contained in the service request and the characteristic value corresponding to the user identification information B' in the database are the same or not; if the authentication information is the same as the service request, the service request is executed and authentication success information is returned to the terminal; if not, terminating the service request and returning authentication failure information to the terminal.
On the basis of the above technical solution, the process of the user data generation module calculating the first data Q for the user identification information B and the high-entropy data S includes:
performing exclusive-or operation, interpolation operation or cascade operation on the user identification information B and the high-entropy data S to obtain second data I, and calculating the second data I by adopting a key generation algorithm to obtain first data Q; the key generation algorithm includes a pseudo-random number generation algorithm or a one-way hash algorithm.
On the basis of the technical scheme, the biological characteristic information comprises one or more of a human face, an iris, a fingerprint, a sclera, a finger vein and a palm vein.
On the basis of the technical scheme, the symmetric encryption algorithm is one of SM4, DES, 3DES, IDEA and AES.
On the basis of the technical scheme, the preset algorithm comprises fuzzy extraction, fuzzy commitment and a fuzzy safety box.
Compared with the prior art, the invention has the advantages that:
(1) the invention does not need to store the biological characteristic information of the user, effectively prevents the biological characteristic information of the user from being leaked, and improves the safety of identity authentication.
(2) The invention firstly authenticates the terminal, eliminates illegal users and then authenticates the server, thereby reducing the data processing pressure of the server.
(3) The invention stores the user data and the user identification information at the server end, and even if the terminal is damaged or lost, the user can complete the identity authentication through the server and realize the updating of the terminal registration information.
Drawings
FIG. 1 is a flow chart illustrating a registration procedure of a method for identity authentication and service processing based on biometric features according to an embodiment of the present invention;
FIG. 2 is a flow chart illustrating an authentication procedure of a method for identity authentication and service processing based on biometric features according to an embodiment of the present invention;
fig. 3 is a schematic flow chart of the system for identity authentication and service processing based on biometrics in the embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples.
The embodiment of the invention provides an identity authentication and service processing method based on biological characteristics, which comprises a registration process and an authentication process:
referring to fig. 1, the registration process includes:
a1, the terminal receives the registration application of the user, and acquires the biological characteristic information and the user identification information B of the user who initiates the registration application; the biometric information includes one or more of a face, an iris, a fingerprint, a sclera, a finger vein, and a palm vein. The user identification information may be a user number, a user name, a user ID, etc. of the user
A2, the terminal generates high-entropy data S from the biological characteristic information by adopting a preset algorithm; calculating the high-entropy data S by adopting a key generation algorithm to obtain data K; taking the data K as a secret key, and encrypting the user identification information B by adopting a symmetric encryption algorithm to obtain a characteristic value O; the key generation algorithm comprises a pseudo-random number generation algorithm or a one-way hash algorithm; the preset algorithm may be fuzzy extraction, fuzzy commitment, fuzzy safe, or other algorithms, which are not specifically limited herein. The symmetric encryption algorithm is one of SM4, DES, 3DES, and AES. The one-way hashing algorithm is one of MD5, SHA-1, SHA-2, SHA-3, MAC and SM 3. The key generation algorithm may be a pseudo-random number generation algorithm or a one-way hash algorithm.
A3, the terminal calculates the first data Q by the user identification information B and the high-entropy data S; the first data Q is used as a secret key, the characteristic value O is encrypted by adopting a symmetric encryption algorithm to obtain user data M, and the user data M and the user identification information B are stored in the terminal in a correlation manner;
the process of the terminal calculating the first data Q by the user identification information B and the high-entropy data S in the step a3 includes:
and carrying out XOR operation, interpolation operation or cascade operation on the user identification information B and the high-entropy data S to obtain second data I, and carrying out key generation calculation on the second data I to obtain first data Q.
A4, the terminal sends the user identification information B and the characteristic value O to a server, and the server stores the user identification information B and the characteristic value O in a server database in a correlation manner;
referring to fig. 2, the authentication process includes:
b1, the terminal receives the service application of the user and obtains the biological characteristic information and the user identification information B' of the user who initiates the service application;
b2, the terminal detects whether the user data M 'associated with the user identification information B' is stored; if yes, go to step B3; if not, go to step B5;
b3, the terminal generates high-entropy data S' by adopting the biological characteristic information; obtaining first data Q ' by adopting the same calculation method in the registration process for the user identification information B ' and the high-entropy data S '; the first data Q ' is used as a secret key, and the same symmetric encryption algorithm in the registration process is used for decrypting the data M ' corresponding to the user identification information B ' in the terminal;
b4, the terminal judges whether the decryption is successful, if so, the terminal obtains a characteristic value O', and the step B6 is entered; if not, go to step B11;
b5, the terminal generates data M ' and characteristic value O ' corresponding to the user identification B ' by adopting the same calculation algorithm in the registration process for the biological characteristic information, and stores the newly generated user identification information B ' and the user data M ' in the terminal in a correlation manner;
b6, the terminal sends the service request containing the user identification information B 'and the characteristic value O' to the server;
b7, the server receives the service request, and compares whether the characteristic value O 'contained in the service request and the characteristic value corresponding to the user identification information B' in the database are the same, if yes, the step B8 is entered; if not, go to step B9;
b8, executing the service request; returning authentication success information; finishing;
b9, terminating the service request; returning authentication failure information;
b10, when the terminal receives the authentication failure information sent by the server, if M 'corresponding to the user identification B' is not newly generated, directly ending; if the user data M 'corresponding to the user identification B' is newly generated, clearing the user identification B 'and the corresponding user data M', and ending;
b11, returning authentication failure information, and ending.
Example 2:
referring to fig. 3, the embodiment discloses an identity authentication and service processing system based on biological characteristics, which includes a terminal and a server:
the terminal includes:
1. the user information acquisition module is used for receiving a registration application of a user by a terminal in a registration process and acquiring biological characteristic information and user identification information B of the user initiating the registration application; in the authentication process, the terminal receives a service application of a user and acquires the biological characteristic information and the user identification information B of the user who initiates the service application.
2. And the detection module is used for detecting whether the terminal stores the user data M 'associated with the user identification information B' or not in the authentication process.
3. The characteristic value generation module is used for generating high-entropy data S by adopting the biological characteristic information in the registration process; calculating the high-entropy data S by adopting a key generation algorithm to obtain data K; taking the data K as a secret key, and encrypting the user identification information B by adopting a symmetric encryption algorithm to obtain a characteristic value O; in the authentication process, when the detection module detects that the user data M 'associated with the user identification information B' is not stored, the terminal generates a characteristic value O 'corresponding to the user identification B' by adopting the same calculation algorithm in the registration process for the biological characteristic information.
4. The user data generation module is used for calculating first data Q for the user identification information B and the high-entropy data S in the registration process; the first data Q is used as a secret key, a symmetric encryption algorithm is used for encrypting the characteristic value O to obtain user data M, and the user data M and the user identification information B are stored in the terminal in a correlation mode; in the authentication process, when the detection module detects that the user data M ' associated with the user identification information B ' is not stored, the terminal generates the user data M ' by adopting the same calculation algorithm in the registration process for the biological feature information.
The process of calculating the first data Q for the user identification information B and the high-entropy data S by the user data generation module includes:
carrying out XOR operation, interpolation operation or cascade operation on the user identification information B and the high-entropy data S to obtain second data I, and calculating the second data I through a secret key generation algorithm to obtain second data Q; SHA-1, SHA-2, SHA-3, MAC and SM 3. The key generation algorithm may be a pseudo-random number generation algorithm or a one-way hash algorithm.
5. The decryption module is used for generating high-entropy data S ' by adopting the biological characteristic information when the detection module detects that the user data M ' associated with the user identification information B ' is stored in the authentication process; obtaining first data Q ' by adopting the same calculation method in the registration process for the user identification information B ' and the high-entropy data S '; the first data Q ' is used as a secret key, and the same symmetric encryption algorithm in the registration process is used for decrypting the data M ' corresponding to the user identification information B ' in the terminal; when the decryption is successful, obtaining a characteristic value O'; and when the decryption fails, returning authentication failure.
6. And the transmission module is used for sending the user identification information B and the characteristic value O to a server in the registration process.
7. And the service request module is used for sending a service request containing the user identification information B 'and the characteristic value O' to the server in the authentication process.
8. The user data updating module is used for clearing the user identification B 'and the corresponding user data M' when receiving authentication failure information sent by the server and if the user data M 'corresponding to the user identification B' is newly generated; otherwise, no clean-up is necessary.
The server includes:
1. the storage module is used for storing the user identification information B and the characteristic value O which are sent by the terminal in a server database in a correlation manner;
2. the authentication module is used for receiving the service request and comparing whether the characteristic value O 'contained in the service request and the characteristic value corresponding to the user identification information B' in the database are the same or not; if the authentication information is the same as the service request, the service request is executed and authentication success information is returned to the terminal; if not, terminating the service request and returning authentication failure information to the terminal.
The present invention is not limited to the above-described embodiments, and it will be apparent to those skilled in the art that various modifications and improvements can be made without departing from the principle of the present invention, and such modifications and improvements are also considered to be within the scope of the present invention. Those not described in detail in this specification are within the skill of the art.
Claims (9)
1. A method for identity authentication and service processing based on biological characteristics is characterized in that:
the identity authentication and service processing method based on the biological characteristics comprises a registration process and an authentication process:
the registration process comprises:
a1, the terminal receives the registration application of the user, and acquires the biological characteristic information and the user identification information B of the user who initiates the registration application;
a2, the terminal generates high-entropy data S from the biological characteristic information by adopting a preset algorithm; calculating the high-entropy data S by adopting a key generation algorithm to obtain data K; taking the data K as a secret key, and encrypting the user identification information B by adopting a symmetric encryption algorithm to obtain a characteristic value O; the key generation algorithm comprises a pseudo-random number generation algorithm or a one-way hash algorithm;
a3, the terminal calculates the first data Q by the user identification information B and the high-entropy data S; the first data Q is used as a secret key, a symmetric encryption algorithm is used for encrypting the characteristic value O to obtain user data M, and the user data M and the user identification information B are stored in the terminal in a correlation mode;
a4, the terminal sends the user identification information B and the characteristic value O to a server, and the server stores the user identification information B and the characteristic value O in a server database in a correlation manner;
the authentication process includes:
b1, the terminal receives the service application of the user and obtains the biological characteristic information and the user identification information B' of the user who initiates the service application;
b2, the terminal detects whether the user data M 'associated with the user identification information B' is stored; if yes, go to step B3; if not, go to step B5;
b3, the terminal generates high-entropy data S' from the biological characteristic information by adopting a preset algorithm; obtaining first data Q ' by adopting the same calculation method in the registration process for the user identification information B ' and the high-entropy data S '; the first data Q ' is used as a secret key, and the same symmetric encryption algorithm in the registration process is used for decrypting the data M ' corresponding to the user identification information B ' in the terminal;
b4, the terminal judges whether the decryption is successful, if so, the terminal obtains a characteristic value O', and the step B6 is entered; if not, go to step B11;
b5, the terminal generates data M ' and characteristic value O ' corresponding to the user identification B ' by adopting the same calculation algorithm in the registration process for the biological characteristic information, and stores the newly generated user identification information B ' and the user data M ' in the terminal in a correlation manner;
b6, the terminal sends the service request containing the user identification information B 'and the characteristic value O' to the server;
b7, the server receives the service request, and compares whether the characteristic value O 'contained in the service request and the characteristic value corresponding to the user identification information B' in the database are the same, if yes, the step B8 is entered; if not, go to step B9;
b8, the server executes the service request; returning authentication success information; finishing;
b9, the server terminates the service request; returning authentication failure information;
b10, when the terminal receives the authentication failure information sent by the server, if M 'corresponding to the user identification B' is not newly generated, directly ending; if the user data M 'corresponding to the user identification B' is newly generated, clearing the user identification B 'and the corresponding user data M', and ending;
b11, returning authentication failure information, and ending.
2. The identity authentication and service processing method based on biological characteristics as claimed in claim 1, wherein: the preset algorithm comprises fuzzy extraction, fuzzy commitment and a fuzzy safe.
3. The identity authentication and service processing method based on biological characteristics as claimed in claim 1, wherein:
the process of the terminal in step a3 for calculating the first data Q from the user identification information B and the high-entropy data S includes:
performing exclusive-or operation, interpolation operation or cascade operation on the user identification information B and the high-entropy data S to obtain second data I, and calculating the second data I by adopting a key generation algorithm to obtain first data Q; the key generation algorithm includes a pseudo-random number generation algorithm or a one-way hash algorithm.
4. The identity authentication and service processing method based on biological characteristics as claimed in claim 1, wherein:
the biological characteristic information comprises one or more of human face, iris, fingerprint, sclera, finger vein and palm vein.
5. The identity authentication and service processing method based on biological characteristics as claimed in claim 1, wherein:
the symmetric encryption algorithm is one of SM4, DES, 3DES, IDEA and AES.
6. An identity authentication and service processing system based on biological characteristics is characterized by comprising a terminal and a server:
the terminal includes:
the user information acquisition module is used for receiving a registration application of a user by a terminal in a registration process and acquiring biological characteristic information and user identification information B of the user initiating the registration application; in the authentication process, a terminal receives a service application of a user and acquires biological characteristic information and user identification information B' of the user who initiates the service application;
the detection module is used for detecting whether the terminal stores the user data M 'associated with the user identification information B' in the authentication process;
the characteristic value generation module is used for generating high-entropy data S by adopting the biological characteristic information in the registration process; calculating the high-entropy data S by adopting a key generation algorithm to obtain data K; taking the data K as a secret key, and encrypting the user identification information B by adopting a symmetric encryption algorithm to obtain a characteristic value O; in the authentication process, when the detection module detects that the user data M 'associated with the user identification information B' is not stored, the terminal generates a characteristic value O 'corresponding to the user identification B' by adopting the same calculation algorithm in the registration process for the biological characteristic information;
the user data generation module is used for calculating first data Q for the user identification information B and the high-entropy data S in the registration process; the first data Q is used as a secret key, a symmetric encryption algorithm is used for encrypting the characteristic value O to obtain user data M, and the user data M and the user identification information B are stored in the terminal in a correlation mode; in the authentication process, when the detection module detects that the user data M ' associated with the user identification information B ' is not stored, the terminal generates the user data M ' by adopting the same calculation algorithm in the registration process for the biological characteristic information;
the decryption module is used for generating high-entropy data S ' by adopting the biological characteristic information when the detection module detects that the user data M ' associated with the user identification information B ' is stored in the authentication process; obtaining first data Q ' by adopting the same calculation method in the registration process for the user identification information B ' and the high-entropy data S '; the first data Q ' is used as a secret key, and the same symmetric encryption algorithm in the registration process is used for decrypting the data M ' corresponding to the user identification information B ' in the terminal; when the decryption is successful, obtaining a characteristic value O'; when decryption fails, authentication failure is returned;
the transmission module is used for sending the user identification information B and the characteristic value O to a server in the registration process;
the service request module is used for sending a service request containing user identification information B 'and a characteristic value O' to the server in the authentication process;
the user data updating module is used for clearing the user identification B 'and the corresponding user data M' when receiving authentication failure information sent by the server and if the user data M 'corresponding to the user identification B' is newly generated; otherwise, no clearing is needed;
the server includes:
the storage module is used for storing the user identification information B and the characteristic value O which are sent by the terminal in a server database in a correlation manner;
the authentication module is used for receiving the service request and comparing whether the characteristic value O 'contained in the service request and the characteristic value corresponding to the user identification information B' in the database are the same or not; if the authentication information is the same as the service request, the service request is executed and authentication success information is returned to the terminal; if not, terminating the service request and returning authentication failure information to the terminal.
7. A biometric-based identity authentication, transaction processing system as in claim 6, wherein:
the process of the user data generation module for calculating the first data Q for the user identification information B and the high-entropy data S includes:
performing exclusive-or operation, interpolation operation or cascade operation on the user identification information B and the high-entropy data S to obtain second data I, and calculating the second data I by adopting a key generation algorithm to obtain first data Q; the key generation algorithm includes a pseudo-random number generation algorithm or a one-way hash algorithm.
8. A biometric-based identity authentication, transaction processing system as in claim 6, wherein:
the biological characteristic information comprises one or more of human face, iris, fingerprint, sclera, finger vein and palm vein.
9. A biometric-based identity authentication, transaction processing system as in claim 6, wherein:
the symmetric encryption algorithm is one of SM4, DES, 3DES, IDEA and AES.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810362579.4A CN110392030B (en) | 2018-04-20 | 2018-04-20 | Identity authentication and service processing method and system based on biological characteristics |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810362579.4A CN110392030B (en) | 2018-04-20 | 2018-04-20 | Identity authentication and service processing method and system based on biological characteristics |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110392030A CN110392030A (en) | 2019-10-29 |
| CN110392030B true CN110392030B (en) | 2021-12-14 |
Family
ID=68284220
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810362579.4A Active CN110392030B (en) | 2018-04-20 | 2018-04-20 | Identity authentication and service processing method and system based on biological characteristics |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110392030B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110807186B (en) * | 2019-11-06 | 2022-04-15 | 杭州华澜微电子股份有限公司 | Method, device, equipment and storage medium for safe storage of storage equipment |
| CN111355588B (en) * | 2020-02-19 | 2021-01-15 | 武汉大学 | Wearable device double-factor authentication method and system based on PUF and fingerprint characteristics |
| CN113838238A (en) * | 2021-09-26 | 2021-12-24 | 北京紫光展锐通信技术有限公司 | Service processing method, device and equipment |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101013943A (en) * | 2007-02-14 | 2007-08-08 | 北京邮电大学 | Method for binding/recovering key using fingerprint details |
| CN101345619A (en) * | 2008-08-01 | 2009-01-14 | 清华大学深圳研究生院 | Electronic data protection method and device based on biological characteristic and mobile cryptographic key |
| CN101674299A (en) * | 2009-10-16 | 2010-03-17 | 西安电子科技大学 | Method for generating key based on amalgamation of multiple features in encryption area |
| CN105357194A (en) * | 2015-10-28 | 2016-02-24 | 广东欧珀移动通信有限公司 | Password updating method and password updating system |
| CN106487517A (en) * | 2016-09-30 | 2017-03-08 | 北京瑞卓喜投科技发展有限公司 | data encryption and decryption method and device |
| CN106506168A (en) * | 2016-12-07 | 2017-03-15 | 北京信任度科技有限公司 | A kind of safe method based on biological characteristic long-distance identity-certifying |
| CN107171791A (en) * | 2017-05-24 | 2017-09-15 | 舒翔 | A kind of data encryption/decryption method and encrypting and deciphering system based on biological characteristic |
| CN107733933A (en) * | 2017-11-30 | 2018-02-23 | 中国电力科学研究院有限公司 | A kind of double factor identity authentication method and system based on biological identification technology |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9594921B2 (en) * | 2012-03-02 | 2017-03-14 | International Business Machines Corporation | System and method to provide server control for access to mobile client data |
-
2018
- 2018-04-20 CN CN201810362579.4A patent/CN110392030B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101013943A (en) * | 2007-02-14 | 2007-08-08 | 北京邮电大学 | Method for binding/recovering key using fingerprint details |
| CN101345619A (en) * | 2008-08-01 | 2009-01-14 | 清华大学深圳研究生院 | Electronic data protection method and device based on biological characteristic and mobile cryptographic key |
| CN101674299A (en) * | 2009-10-16 | 2010-03-17 | 西安电子科技大学 | Method for generating key based on amalgamation of multiple features in encryption area |
| CN105357194A (en) * | 2015-10-28 | 2016-02-24 | 广东欧珀移动通信有限公司 | Password updating method and password updating system |
| CN106487517A (en) * | 2016-09-30 | 2017-03-08 | 北京瑞卓喜投科技发展有限公司 | data encryption and decryption method and device |
| CN106506168A (en) * | 2016-12-07 | 2017-03-15 | 北京信任度科技有限公司 | A kind of safe method based on biological characteristic long-distance identity-certifying |
| CN107171791A (en) * | 2017-05-24 | 2017-09-15 | 舒翔 | A kind of data encryption/decryption method and encrypting and deciphering system based on biological characteristic |
| CN107733933A (en) * | 2017-11-30 | 2018-02-23 | 中国电力科学研究院有限公司 | A kind of double factor identity authentication method and system based on biological identification technology |
Non-Patent Citations (1)
| Title |
|---|
| 基于生物特征和口令放大的远程认证协议;杨得新等;《计算机工程与应用》;20101021;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110392030A (en) | 2019-10-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10680808B2 (en) | 1:N biometric authentication, encryption, signature system | |
| JP5859953B2 (en) | Biometric authentication system, communication terminal device, biometric authentication device, and biometric authentication method | |
| CN105847247B (en) | Authentication system and working method thereof | |
| US20100138667A1 (en) | Authentication using stored biometric data | |
| Gomez-Barrero et al. | Privacy-preserving comparison of variable-length data with application to biometric template protection | |
| CN113114700B (en) | Method and equipment for processing identity recognition, business processing and biological characteristic information | |
| WO2017012175A1 (en) | Identity authentication method, identity authentication system, terminal and server | |
| JP7259868B2 (en) | system and client | |
| CN101420301A (en) | Human face recognizing identity authentication system | |
| CN101174953A (en) | Identity authentication method based on S/Key system | |
| CN110392030B (en) | Identity authentication and service processing method and system based on biological characteristics | |
| CN103067390A (en) | User registration authentication method and system based on facial features | |
| CA2686801C (en) | Authetication using stored biometric data | |
| WO2020121458A1 (en) | Collation system, client, and server | |
| CN113378136B (en) | Fingerprint identification method and device, password key and storage medium | |
| US11308190B2 (en) | Biometric template handling | |
| CN114547589A (en) | Privacy-protecting user registration and user authentication method and device | |
| JP6151627B2 (en) | Biometric authentication system, biometric authentication method, and computer program | |
| CN112311794A (en) | Bidirectional identity authentication method based on MFA algorithm | |
| CN111885069B (en) | Computer network safety system | |
| CN110768792B (en) | Main key generation method, device and encryption and decryption method for sensitive security parameters | |
| KR102561689B1 (en) | Apparatus and method for registering biometric information, apparatus and method for biometric authentication | |
| TWI736280B (en) | Identity verification method based on biometrics | |
| CN109005158B (en) | Authentication method of dynamic gesture authentication system based on fuzzy safe | |
| KR102210620B1 (en) | Method for Storing Secret Information in Server and Restoring it in Client Terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |