CN110650013A - Key recovery method based on biological characteristics - Google Patents

Key recovery method based on biological characteristics Download PDF

Info

Publication number
CN110650013A
CN110650013A CN201810678164.8A CN201810678164A CN110650013A CN 110650013 A CN110650013 A CN 110650013A CN 201810678164 A CN201810678164 A CN 201810678164A CN 110650013 A CN110650013 A CN 110650013A
Authority
CN
China
Prior art keywords
password
owner
operator
user
management device
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810678164.8A
Other languages
Chinese (zh)
Other versions
CN110650013B (en
Inventor
金世波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Win Hai Mdt Infotech Ltd
Original Assignee
Shanghai Win Hai Mdt Infotech Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Win Hai Mdt Infotech Ltd filed Critical Shanghai Win Hai Mdt Infotech Ltd
Priority to CN201810678164.8A priority Critical patent/CN110650013B/en
Publication of CN110650013A publication Critical patent/CN110650013A/en
Application granted granted Critical
Publication of CN110650013B publication Critical patent/CN110650013B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

A key recovery method based on biological characteristics, when a digital asset management device is issued, the information of an owner of the digital asset management device is stored in an issuing database, and the information comprises the biological characteristics of the owner, image information of the owner and hardware information of the digital asset management device; the maintenance server compares the two-dimension code displayed by the input equipment with the device identification code stored in an issuing database in the maintenance server, and enters a decryption process after the data comparison is matched; after entering the decryption process, the owner provides the identification material issued by the authority organization; after the first operator saves the digitized file of the certification material, the owner's picture provided by the owner is compared with the original owner's picture saved in the issuing server; after confirmation, the first operator may communicate the two-dimensional code to the second operator. The second operator provides a decrypted passcode with a signature of the second operator identity.

Description

Key recovery method based on biological characteristics
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a key recovery method based on biological characteristics.
Background
The existing digital asset protection mechanism usually adopts a password encryption language authentication mechanism. After the user inputs the password and the verification is passed, the user can enter an operation interface to perform management distribution and other operations on the belonged digital assets. When the user forgets the password, the password can be restored or reconstructed with help of a secret (mnemonic). In reality, the user forgets the password and the secret language, and when the user forgets the password and the secret language, all systems are applied unsuspectingly, and the user's assets cannot be retrieved, which is not acceptable for the user.
Therefore, users want to backup passwords and keys by all methods, the backup means includes paper backup, magnetic medium backup, optical recording medium backup and other means, but at the same time, a new problem is brought, that is, the more backups, the greater the probability of disclosure.
Disclosure of Invention
The invention provides a unique password recovery method based on biological characteristic verification, which aims to avoid the problems that the probability of password leakage is increased due to excessive unnecessary backups and the user assets cannot be found back due to the loss of password passphrases which are important as well.
In one embodiment of the present invention, a password recovery method for a digital asset management device includes:
step 1, when the digital asset management device is issued, storing information of an owner of the digital asset management device in an issuing database, wherein the information comprises biological characteristics of the owner, image information of the owner and hardware information of the digital asset management device;
step 2, when the owner forgets the password, the digital asset management device prompts whether the password needs to be recovered through the whisper, and after the owner selects to enter the whisper input interface, if the owner selects the interface option of forgetting the whisper, the digital asset management device displays a two-dimensional code containing a device identification number;
step 3, the maintenance server compares the two-dimension code displayed by the input equipment with the device identification code stored in the issuing database in the maintenance server, and enters a decryption process after the data comparison is matched;
step 4, after entering the decryption process, the owner provides the identification material issued by the authority organization;
step 5, after the first operator saves the digitized file of the certification material, comparing the owner photo provided by the owner with the original owner photo saved in the issuing server;
step 6, after the confirmation, the first operator transmits the two-dimensional code to the second operator;
step 7, the second operator provides a decryption password code with the second operator identity signature;
8, after receiving the decryption password code signed by the second operator, the first operator signs again, and then displays the decryption password in a two-dimensional code mode;
step 9, the digital asset management device scans the two-dimensional code containing the decryption password to obtain the decryption password, and after the decryption password is obtained, the password containing the signatures of the second operator and the first operator is stored in the digital asset management device and enters a decryption program;
step 10, after entering a decryption program, the decryption program decrypts the biological characteristic data stored in the digital asset management device through a decryption instruction, and recovers the secret language by using the pre-stored biological characteristic information according to the process of generating the secret language;
step 12, after the secret language is obtained, the user can reset the password according to the secret language and generate a new check code of the password;
and step 13, the user establishes the updated user biological characteristic information data and generates a new user secret language.
The invention solves the key recovery problem of the digital asset management device by adopting a third party authority authentication method and combining the generation, recovery and identification of the biological characteristic information key of the owner of the digital asset management device.
Drawings
The above and other objects, features and advantages of exemplary embodiments of the present invention will become readily apparent from the following detailed description read in conjunction with the accompanying drawings. Several embodiments of the invention are illustrated by way of example, and not by way of limitation, in the figures of the accompanying drawings and in which:
fig. 1 is a schematic diagram of a password generation relationship in an embodiment of the present invention.
Detailed Description
As shown in fig. 1, the key recovery method based on biometrics of the invention comprises the following steps:
1, after the digital asset management device is issued, all customer information including customer biological characteristic values, image data and device information is stored in an issuing database.
2, when the password is forgotten, the equipment prompts whether the password needs to be recovered through the secret language, and after the secret language input interface is entered, if the secret language is forgotten, the equipment displays the two-dimensional code of the cwID and prompts that the maintenance server needs to scan the two-dimensional code for assistance.
And 3, at the moment, the manufacturer is required to cooperate to solve the asset retrieving work, the maintenance server enters data comparison of the cwID two-dimensional code displayed by the input equipment, and a decryption process is entered after the data comparison is matched.
4, after entering the decryption process, the client needs to provide personal identification materials provided by the public security department or the identification materials of the agent and the relationship certification of the holder.
And 5, after the maintainer logs in by using the real-name identity and passes the verification of the biological characteristic information, storing a digital file for proving the original or the copy of the material, and manually comparing the original user photo in the material provided by the client with the original portrait characteristic established by the issuing server, wherein the process replaces the automatic biological characteristic comparison in the normal process.
After the confirmation passes, the maintenance personnel will pass the cwID to the software personnel.
7, the software personnel provides a decryption password with the identity signature of the software personnel; this passcode is also stored in an offline storage medium within the organization.
And 8, after receiving the password code signed by the software personnel, the maintenance personnel needs to sign the password code again and then display the password code in a two-dimensional code mode.
And 9, the equipment scans and acquires a decryption password code through a camera, the decryption password code comprises fwPass and a decryption instruction, and after equipment software obtains the decryption password, the password code comprising the signatures of software personnel and maintenance personnel is stored in the equipment and enters a decryption program.
And 10, after entering a decryption program, the decryption program decrypts the biological characteristic data stored in the equipment through fwPass in the decryption instruction, and the system recovers the secret language by using the human biological characteristic information prestored in the system according to the process of generating the secret language.
And 12, after obtaining the secret language, the user can reset the password according to the secret language, generate a new chkPass, store the new chkPass in an fwPass encryption mode, and document the original chkPass identification.
13, the user needs to establish a second user biological characteristic information data at the same time, and generates a new user whisper and a new cwPass, wherein the new userPass is encrypted and stored by the new cwPass.
At this time, the new user has a new userPass, a new whisper, a new biometric record, and also has an original whisper, the digital assets in the original account belong to a managed state, the managed person is the new user, and at this time, the cold wallet enters a "second-hand mode". The new user can dispose of the original account's assets.
The decryption process does not delete any history and saves the process record for later querying.
The Encryption algorithms adopted for Encryption storage in the process are all symmetric Encryption algorithms, namely Advanced Encryption Standard (AES).
The invention provides a method for setting up a password system of a user, which organizes and records stored effective equipment information and user information when the user obtains the equipment, and takes a biological characteristic information image uploaded when the user establishes the own password system as a manual comparison target; the user identity certificate or the social relation certificate with legal effect provided by the authority is used as a comparison source; and manually comparing the target with the source, acquiring the fwPass stored in an organization in an off-line manner, and enabling the user to obtain the use permission of the equipment again. The premise of ensuring the password recovery safety is that the password generation mechanism, the password re-encryption mechanism and the password dependence are adopted.
It should be noted that while the foregoing has described the spirit and principles of the invention with reference to several specific embodiments, it is to be understood that the invention is not limited to the disclosed embodiments, nor is the division of aspects, which is for convenience only as the features in these aspects cannot be combined. The invention is intended to cover various modifications and equivalent arrangements included within the spirit and scope of the appended claims.

Claims (2)

1. A method for recovering a key based on biometrics, the method comprising the steps of:
step 1, when the digital asset management device is issued, storing information of an owner of the digital asset management device in an issuing database, wherein the information comprises biological characteristics of the owner, image information of the owner and hardware information of the digital asset management device;
step 2, when the owner forgets the password, the digital asset management device prompts whether the password needs to be recovered through the whisper, and after the owner selects to enter the whisper input interface, if the owner selects the interface option of forgetting the whisper, the digital asset management device displays a two-dimensional code containing a device identification number;
step 3, the maintenance server compares the two-dimension code displayed by the input equipment with the device identification code stored in the issuing database in the maintenance server, and enters a decryption process after the data comparison is matched;
step 4, after entering the decryption process, the owner provides the identification material issued by the authority organization;
step 5, after the first operator saves the digitized file of the certification material, comparing the owner photo provided by the owner with the original owner photo saved in the issuing server;
step 6, after the confirmation, the first operator transmits the two-dimensional code to the second operator;
step 7, the second operator provides a decryption password code with the second operator identity signature;
8, after receiving the decryption password code signed by the second operator, the first operator signs again, and then displays the decryption password in a two-dimensional code mode;
step 9, the digital asset management device scans the two-dimensional code containing the decryption password to obtain the decryption password, and after the decryption password is obtained, the password containing the signatures of the second operator and the first operator is stored in the digital asset management device and enters a decryption program;
step 10, after entering a decryption program, the decryption program decrypts the biological characteristic data stored in the digital asset management device through a decryption instruction, and recovers the secret language by using the pre-stored biological characteristic information according to the process of generating the secret language;
step 12, after the secret language is obtained, the user can reset the password according to the secret language and generate a new check code of the password;
and step 13, the user establishes the updated user biological characteristic information data and generates a new user secret language.
2. The biometric-based key recovery method as claimed in claim 1, wherein the password generation method is:
the cipher is generated by two cipher seeds from different sources,
one source is a father private key generated by the issuing server according to the equipment serial number, the generated father private key is encrypted by the server by using an initialization password and then is stored in the user equipment, and the initialization password is stored in the issuing server;
the other source is data from user biological characteristic information, the user biological characteristic information generates secret words, password seeds and equipment passwords of the digital asset management device after a series of irreversible hash function operations and other interference algorithms; after the password generation process is finished, the user biological characteristic information data is encrypted by a firmware password solidified in the equipment, the solidified password is stored by an organization, and the equipment password is encrypted and stored by the user password; the user biological characteristic data partial password generation process is as follows:
1, after data containing biological characteristics are obtained, carrying out Hash operation on the data to obtain a group of numbers with fixed length, wherein the length is recorded as Lhash
2, after the hash operation result is obtained, the mechanism intercepts two parts of data from the result, which are respectively marked as BioL and BioR, and the length of the BioL or BioR is marked as Lb,0<Lb<Lhash
3, calculating the obtained BioL to obtain a secret language;
4, generating a seed of the digital asset management device called cwSeed after operation of the secret language;
5, splicing the BioR obtained in the step 2 with the cwSeed obtained in the step 4 in the following way: cwSeed + BioL or BioL + cwSeed;
6, taking the result obtained in the step 5 after the Hash operation as a cold wallet password, and recording as cwPass;
7, uploading the biological characteristic information image of the user to a storage medium in the organization for standby by the user;
the key used by the user to manage the important data is generated by the two source passwords through Hash operation.
CN201810678164.8A 2018-06-27 2018-06-27 Key recovery method based on biological characteristics Active CN110650013B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810678164.8A CN110650013B (en) 2018-06-27 2018-06-27 Key recovery method based on biological characteristics

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810678164.8A CN110650013B (en) 2018-06-27 2018-06-27 Key recovery method based on biological characteristics

Publications (2)

Publication Number Publication Date
CN110650013A true CN110650013A (en) 2020-01-03
CN110650013B CN110650013B (en) 2022-10-18

Family

ID=69008963

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810678164.8A Active CN110650013B (en) 2018-06-27 2018-06-27 Key recovery method based on biological characteristics

Country Status (1)

Country Link
CN (1) CN110650013B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8898476B1 (en) * 2011-11-10 2014-11-25 Saife, Inc. Cryptographic passcode reset
US20150365232A1 (en) * 2014-06-13 2015-12-17 BicDroid Inc. Methods, systems and computer program product for providing verification code recovery and remote authentication
CN105577664A (en) * 2015-12-22 2016-05-11 深圳前海微众银行股份有限公司 Cipher reset method and system, client and server
CN106341227A (en) * 2016-10-27 2017-01-18 北京瑞卓喜投科技发展有限公司 Protective password resetting method, device and system based on decryption cryptograph of server
CN106452755A (en) * 2016-10-27 2017-02-22 北京瑞卓喜投科技发展有限公司 Method, apparatus and system for resetting protection passwords, based on decryption cryptograph of client
CN107332668A (en) * 2017-06-05 2017-11-07 国政通科技股份有限公司 A kind of method and apparatus for handling encrypted message

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8898476B1 (en) * 2011-11-10 2014-11-25 Saife, Inc. Cryptographic passcode reset
US20150365232A1 (en) * 2014-06-13 2015-12-17 BicDroid Inc. Methods, systems and computer program product for providing verification code recovery and remote authentication
CN105577664A (en) * 2015-12-22 2016-05-11 深圳前海微众银行股份有限公司 Cipher reset method and system, client and server
CN106341227A (en) * 2016-10-27 2017-01-18 北京瑞卓喜投科技发展有限公司 Protective password resetting method, device and system based on decryption cryptograph of server
CN106452755A (en) * 2016-10-27 2017-02-22 北京瑞卓喜投科技发展有限公司 Method, apparatus and system for resetting protection passwords, based on decryption cryptograph of client
CN107332668A (en) * 2017-06-05 2017-11-07 国政通科技股份有限公司 A kind of method and apparatus for handling encrypted message

Also Published As

Publication number Publication date
CN110650013B (en) 2022-10-18

Similar Documents

Publication Publication Date Title
US7900061B2 (en) Method and system for maintaining backup of portable storage devices
US9189612B2 (en) Biometric verification with improved privacy and network performance in client-server networks
US20050228994A1 (en) Method for encryption backup and method for decryption restoration
AU2020386382B2 (en) Cryptographic key management
CN101118586A (en) Information processing apparatus, data processing apparatus, and methods thereof
CA3057398C (en) Securely performing cryptographic operations
US20150101065A1 (en) User controlled data sharing platform
CN111581659A (en) Method and device for calling electronic evidence
CN110402440A (en) Segment key Verification System
CN113779534A (en) Personal information providing method and service platform based on digital identity
GB2507935A (en) Method, system, mediation server, client, and computer program for deleting information in order to maintain security level
CN110650013B (en) Key recovery method based on biological characteristics
WO2017091133A1 (en) Method and system for secure storage of information
US20230388107A1 (en) System and method for encrypted multimedia information management
KR101449806B1 (en) Method for Inheriting Digital Information
JP2004023122A (en) Encryption system utilizing ic card
KR102289478B1 (en) System and method for providing electronic signature service
TWI444849B (en) System for monitoring personal data file based on server verifying and authorizing to decrypt and method thereof
JP2019028940A (en) Data management program and data management method
CN117938546B (en) Verification and data access method of electronic account
WO2020246402A1 (en) Identity verification program, identity verification method, user terminal, and user authentication program
CN116582281B (en) Safe face recognition method, system and equipment based on password technology
US11522691B2 (en) Techniques for virtual cryptographic key ceremonies
TWI706277B (en) Data backup method, computer device and computer readable recording medium
AU2022308058A1 (en) System and method for secure storage using offline public keys

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant