CN110650013A - Key recovery method based on biological characteristics - Google Patents
Key recovery method based on biological characteristics Download PDFInfo
- Publication number
- CN110650013A CN110650013A CN201810678164.8A CN201810678164A CN110650013A CN 110650013 A CN110650013 A CN 110650013A CN 201810678164 A CN201810678164 A CN 201810678164A CN 110650013 A CN110650013 A CN 110650013A
- Authority
- CN
- China
- Prior art keywords
- password
- owner
- operator
- user
- management device
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
A key recovery method based on biological characteristics, when a digital asset management device is issued, the information of an owner of the digital asset management device is stored in an issuing database, and the information comprises the biological characteristics of the owner, image information of the owner and hardware information of the digital asset management device; the maintenance server compares the two-dimension code displayed by the input equipment with the device identification code stored in an issuing database in the maintenance server, and enters a decryption process after the data comparison is matched; after entering the decryption process, the owner provides the identification material issued by the authority organization; after the first operator saves the digitized file of the certification material, the owner's picture provided by the owner is compared with the original owner's picture saved in the issuing server; after confirmation, the first operator may communicate the two-dimensional code to the second operator. The second operator provides a decrypted passcode with a signature of the second operator identity.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a key recovery method based on biological characteristics.
Background
The existing digital asset protection mechanism usually adopts a password encryption language authentication mechanism. After the user inputs the password and the verification is passed, the user can enter an operation interface to perform management distribution and other operations on the belonged digital assets. When the user forgets the password, the password can be restored or reconstructed with help of a secret (mnemonic). In reality, the user forgets the password and the secret language, and when the user forgets the password and the secret language, all systems are applied unsuspectingly, and the user's assets cannot be retrieved, which is not acceptable for the user.
Therefore, users want to backup passwords and keys by all methods, the backup means includes paper backup, magnetic medium backup, optical recording medium backup and other means, but at the same time, a new problem is brought, that is, the more backups, the greater the probability of disclosure.
Disclosure of Invention
The invention provides a unique password recovery method based on biological characteristic verification, which aims to avoid the problems that the probability of password leakage is increased due to excessive unnecessary backups and the user assets cannot be found back due to the loss of password passphrases which are important as well.
In one embodiment of the present invention, a password recovery method for a digital asset management device includes:
step 1, when the digital asset management device is issued, storing information of an owner of the digital asset management device in an issuing database, wherein the information comprises biological characteristics of the owner, image information of the owner and hardware information of the digital asset management device;
step 2, when the owner forgets the password, the digital asset management device prompts whether the password needs to be recovered through the whisper, and after the owner selects to enter the whisper input interface, if the owner selects the interface option of forgetting the whisper, the digital asset management device displays a two-dimensional code containing a device identification number;
step 3, the maintenance server compares the two-dimension code displayed by the input equipment with the device identification code stored in the issuing database in the maintenance server, and enters a decryption process after the data comparison is matched;
step 4, after entering the decryption process, the owner provides the identification material issued by the authority organization;
step 5, after the first operator saves the digitized file of the certification material, comparing the owner photo provided by the owner with the original owner photo saved in the issuing server;
step 6, after the confirmation, the first operator transmits the two-dimensional code to the second operator;
step 7, the second operator provides a decryption password code with the second operator identity signature;
8, after receiving the decryption password code signed by the second operator, the first operator signs again, and then displays the decryption password in a two-dimensional code mode;
step 9, the digital asset management device scans the two-dimensional code containing the decryption password to obtain the decryption password, and after the decryption password is obtained, the password containing the signatures of the second operator and the first operator is stored in the digital asset management device and enters a decryption program;
step 10, after entering a decryption program, the decryption program decrypts the biological characteristic data stored in the digital asset management device through a decryption instruction, and recovers the secret language by using the pre-stored biological characteristic information according to the process of generating the secret language;
step 12, after the secret language is obtained, the user can reset the password according to the secret language and generate a new check code of the password;
and step 13, the user establishes the updated user biological characteristic information data and generates a new user secret language.
The invention solves the key recovery problem of the digital asset management device by adopting a third party authority authentication method and combining the generation, recovery and identification of the biological characteristic information key of the owner of the digital asset management device.
Drawings
The above and other objects, features and advantages of exemplary embodiments of the present invention will become readily apparent from the following detailed description read in conjunction with the accompanying drawings. Several embodiments of the invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which:
fig. 1 is a schematic diagram of a password generation relationship in an embodiment of the present invention.
Detailed Description
As shown in fig. 1, the key recovery method based on biometrics of the invention comprises the following steps:
1, after the digital asset management device is issued, all customer information including customer biological characteristic values, image data and device information is stored in an issuing database.
2, when the password is forgotten, the equipment prompts whether the password needs to be recovered through the secret language, and after the secret language input interface is entered, if the secret language is forgotten, the equipment displays the two-dimensional code of the cwID and prompts that the maintenance server needs to scan the two-dimensional code for assistance.
And 3, at the moment, the manufacturer is required to cooperate to solve the asset retrieving work, the maintenance server enters data comparison of the cwID two-dimensional code displayed by the input equipment, and a decryption process is entered after the data comparison is matched.
4, after entering the decryption process, the client needs to provide personal identification materials provided by the public security department or the identification materials of the agent and the relationship certification of the holder.
And 5, after the maintainer logs in by using the real-name identity and passes the verification of the biological characteristic information, storing a digital file for proving the original or the copy of the material, and manually comparing the original user photo in the material provided by the client with the original portrait characteristic established by the issuing server, wherein the process replaces the automatic biological characteristic comparison in the normal process.
After the confirmation passes, the maintenance personnel will pass the cwID to the software personnel.
7, the software personnel provides a decryption password with the identity signature of the software personnel; this passcode is also stored in an offline storage medium within the organization.
And 8, after receiving the password code signed by the software personnel, the maintenance personnel needs to sign the password code again and then display the password code in a two-dimensional code mode.
And 9, the equipment scans and acquires a decryption password code through a camera, the decryption password code comprises fwPass and a decryption instruction, and after equipment software obtains the decryption password, the password code comprising the signatures of software personnel and maintenance personnel is stored in the equipment and enters a decryption program.
And 10, after entering a decryption program, the decryption program decrypts the biological characteristic data stored in the equipment through fwPass in the decryption instruction, and the system recovers the secret language by using the human biological characteristic information prestored in the system according to the process of generating the secret language.
And 12, after obtaining the secret language, the user can reset the password according to the secret language, generate a new chkPass, store the new chkPass in an fwPass encryption mode, and document the original chkPass identification.
13, the user needs to establish a second user biological characteristic information data at the same time, and generates a new user whisper and a new cwPass, wherein the new userPass is encrypted and stored by the new cwPass.
At this time, the new user has a new userPass, a new whisper, a new biometric record, and also has an original whisper, the digital assets in the original account belong to a managed state, the managed person is the new user, and at this time, the cold wallet enters a "second-hand mode". The new user can dispose of the original account's assets.
The decryption process does not delete any history and saves the process record for later querying.
The Encryption algorithms adopted for Encryption storage in the process are all symmetric Encryption algorithms, namely Advanced Encryption Standard (AES).
The invention provides a method for setting up a password system of a user, which organizes and records stored effective equipment information and user information when the user obtains the equipment, and takes a biological characteristic information image uploaded when the user establishes the own password system as a manual comparison target; the user identity certificate or the social relation certificate with legal effect provided by the authority is used as a comparison source; and manually comparing the target with the source, acquiring the fwPass stored in an organization in an off-line manner, and enabling the user to obtain the use permission of the equipment again. The premise of ensuring the password recovery safety is that the password generation mechanism, the password re-encryption mechanism and the password dependence are adopted.
It should be noted that while the foregoing has described the spirit and principles of the invention with reference to several specific embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, nor is the division of aspects, which is for convenience only as the features in these aspects cannot be combined. The invention is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.
Claims (2)
1. A method for recovering a key based on biometrics, the method comprising the steps of:
step 1, when the digital asset management device is issued, storing information of an owner of the digital asset management device in an issuing database, wherein the information comprises biological characteristics of the owner, image information of the owner and hardware information of the digital asset management device;
step 2, when the owner forgets the password, the digital asset management device prompts whether the password needs to be recovered through the whisper, and after the owner selects to enter the whisper input interface, if the owner selects the interface option of forgetting the whisper, the digital asset management device displays a two-dimensional code containing a device identification number;
step 3, the maintenance server compares the two-dimension code displayed by the input equipment with the device identification code stored in the issuing database in the maintenance server, and enters a decryption process after the data comparison is matched;
step 4, after entering the decryption process, the owner provides the identification material issued by the authority organization;
step 5, after the first operator saves the digitized file of the certification material, comparing the owner photo provided by the owner with the original owner photo saved in the issuing server;
step 6, after the confirmation, the first operator transmits the two-dimensional code to the second operator;
step 7, the second operator provides a decryption password code with the second operator identity signature;
8, after receiving the decryption password code signed by the second operator, the first operator signs again, and then displays the decryption password in a two-dimensional code mode;
step 9, the digital asset management device scans the two-dimensional code containing the decryption password to obtain the decryption password, and after the decryption password is obtained, the password containing the signatures of the second operator and the first operator is stored in the digital asset management device and enters a decryption program;
step 10, after entering a decryption program, the decryption program decrypts the biological characteristic data stored in the digital asset management device through a decryption instruction, and recovers the secret language by using the pre-stored biological characteristic information according to the process of generating the secret language;
step 12, after the secret language is obtained, the user can reset the password according to the secret language and generate a new check code of the password;
and step 13, the user establishes the updated user biological characteristic information data and generates a new user secret language.
2. The biometric-based key recovery method as claimed in claim 1, wherein the password generation method is:
the cipher is generated by two cipher seeds from different sources,
one source is a father private key generated by the issuing server according to the equipment serial number, the generated father private key is encrypted by the server by using an initialization password and then is stored in the user equipment, and the initialization password is stored in the issuing server;
the other source is data from user biological characteristic information, the user biological characteristic information generates secret words, password seeds and equipment passwords of the digital asset management device after a series of irreversible hash function operations and other interference algorithms; after the password generation process is finished, the user biological characteristic information data is encrypted by a firmware password solidified in the equipment, the solidified password is stored by an organization, and the equipment password is encrypted and stored by the user password; the user biological characteristic data partial password generation process is as follows:
1, after data containing biological characteristics are obtained, carrying out Hash operation on the data to obtain a group of numbers with fixed length, wherein the length is recorded as Lhash;
2, after the hash operation result is obtained, the mechanism intercepts two parts of data from the result, which are respectively marked as BioL and BioR, and the length of the BioL or BioR is marked as Lb,0<Lb<Lhash;
3, calculating the obtained BioL to obtain a secret language;
4, generating a seed of the digital asset management device called cwSeed after operation of the secret language;
5, splicing the BioR obtained in the step 2 with the cwSeed obtained in the step 4 in the following way: cwSeed + BioL or BioL + cwSeed;
6, taking the result obtained in the step 5 after the Hash operation as a cold wallet password, and recording as cwPass;
7, uploading the biological characteristic information image of the user to a storage medium in the organization for standby by the user;
the key used by the user to manage the important data is generated by the two source passwords through Hash operation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810678164.8A CN110650013B (en) | 2018-06-27 | 2018-06-27 | Key recovery method based on biological characteristics |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810678164.8A CN110650013B (en) | 2018-06-27 | 2018-06-27 | Key recovery method based on biological characteristics |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110650013A true CN110650013A (en) | 2020-01-03 |
CN110650013B CN110650013B (en) | 2022-10-18 |
Family
ID=69008963
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810678164.8A Active CN110650013B (en) | 2018-06-27 | 2018-06-27 | Key recovery method based on biological characteristics |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110650013B (en) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8898476B1 (en) * | 2011-11-10 | 2014-11-25 | Saife, Inc. | Cryptographic passcode reset |
US20150365232A1 (en) * | 2014-06-13 | 2015-12-17 | BicDroid Inc. | Methods, systems and computer program product for providing verification code recovery and remote authentication |
CN105577664A (en) * | 2015-12-22 | 2016-05-11 | 深圳前海微众银行股份有限公司 | Cipher reset method and system, client and server |
CN106341227A (en) * | 2016-10-27 | 2017-01-18 | 北京瑞卓喜投科技发展有限公司 | Protective password resetting method, device and system based on decryption cryptograph of server |
CN106452755A (en) * | 2016-10-27 | 2017-02-22 | 北京瑞卓喜投科技发展有限公司 | Method, apparatus and system for resetting protection passwords, based on decryption cryptograph of client |
CN107332668A (en) * | 2017-06-05 | 2017-11-07 | 国政通科技股份有限公司 | A kind of method and apparatus for handling encrypted message |
-
2018
- 2018-06-27 CN CN201810678164.8A patent/CN110650013B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8898476B1 (en) * | 2011-11-10 | 2014-11-25 | Saife, Inc. | Cryptographic passcode reset |
US20150365232A1 (en) * | 2014-06-13 | 2015-12-17 | BicDroid Inc. | Methods, systems and computer program product for providing verification code recovery and remote authentication |
CN105577664A (en) * | 2015-12-22 | 2016-05-11 | 深圳前海微众银行股份有限公司 | Cipher reset method and system, client and server |
CN106341227A (en) * | 2016-10-27 | 2017-01-18 | 北京瑞卓喜投科技发展有限公司 | Protective password resetting method, device and system based on decryption cryptograph of server |
CN106452755A (en) * | 2016-10-27 | 2017-02-22 | 北京瑞卓喜投科技发展有限公司 | Method, apparatus and system for resetting protection passwords, based on decryption cryptograph of client |
CN107332668A (en) * | 2017-06-05 | 2017-11-07 | 国政通科技股份有限公司 | A kind of method and apparatus for handling encrypted message |
Also Published As
Publication number | Publication date |
---|---|
CN110650013B (en) | 2022-10-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7900061B2 (en) | Method and system for maintaining backup of portable storage devices | |
US9189612B2 (en) | Biometric verification with improved privacy and network performance in client-server networks | |
US20050228994A1 (en) | Method for encryption backup and method for decryption restoration | |
AU2020386382B2 (en) | Cryptographic key management | |
CN101118586A (en) | Information processing apparatus, data processing apparatus, and methods thereof | |
CA3057398C (en) | Securely performing cryptographic operations | |
US20150101065A1 (en) | User controlled data sharing platform | |
CN111581659A (en) | Method and device for calling electronic evidence | |
CN110402440A (en) | Segment key Verification System | |
CN113779534A (en) | Personal information providing method and service platform based on digital identity | |
GB2507935A (en) | Method, system, mediation server, client, and computer program for deleting information in order to maintain security level | |
CN110650013B (en) | Key recovery method based on biological characteristics | |
WO2017091133A1 (en) | Method and system for secure storage of information | |
US20230388107A1 (en) | System and method for encrypted multimedia information management | |
KR101449806B1 (en) | Method for Inheriting Digital Information | |
JP2004023122A (en) | Encryption system utilizing ic card | |
KR102289478B1 (en) | System and method for providing electronic signature service | |
TWI444849B (en) | System for monitoring personal data file based on server verifying and authorizing to decrypt and method thereof | |
JP2019028940A (en) | Data management program and data management method | |
CN117938546B (en) | Verification and data access method of electronic account | |
WO2020246402A1 (en) | Identity verification program, identity verification method, user terminal, and user authentication program | |
CN116582281B (en) | Safe face recognition method, system and equipment based on password technology | |
US11522691B2 (en) | Techniques for virtual cryptographic key ceremonies | |
TWI706277B (en) | Data backup method, computer device and computer readable recording medium | |
AU2022308058A1 (en) | System and method for secure storage using offline public keys |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |