CN111131153A - Biological identity information authentication method based on 5G cloud and mist mixed unified authentication platform - Google Patents

Biological identity information authentication method based on 5G cloud and mist mixed unified authentication platform Download PDF

Info

Publication number
CN111131153A
CN111131153A CN201911129276.9A CN201911129276A CN111131153A CN 111131153 A CN111131153 A CN 111131153A CN 201911129276 A CN201911129276 A CN 201911129276A CN 111131153 A CN111131153 A CN 111131153A
Authority
CN
China
Prior art keywords
biological
cloud
sbc
authentication
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911129276.9A
Other languages
Chinese (zh)
Other versions
CN111131153B (en
Inventor
王珂
付玉龙
袁心怡
曹进
李晖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201911129276.9A priority Critical patent/CN111131153B/en
Publication of CN111131153A publication Critical patent/CN111131153A/en
Application granted granted Critical
Publication of CN111131153B publication Critical patent/CN111131153B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The invention belongs to the technical field of information identification, and discloses a biological identity information authentication method based on a 5G cloud and mist mixed unified authentication platform; the authentication request is submitted to the unified authentication cloud by the user through the fog computing center, the user characteristics are submitted and stored in the characteristic management library before, and the biological information is encrypted and stored. The unified authentication cloud randomly selects user characteristics and informs a user to collect the user characteristics through the fog computing center. The terminal collects the biological characteristics of the user as core characteristics through interaction, collects the soft biological characteristics corresponding to the user as key encryption biological characteristics, and uploads the key encryption biological characteristics to the authentication server for comparison. And the soft biological feature fusion calculation process of the user is outsourced to a fog calculation platform to be completed, and fusion conversion is completed through a mapping function. And after the authentication server compares and calculates, confirming the identity of the user. Traditional biometrics are combined with soft biometrics to improve the efficiency and accuracy of identification authentication. And the data storage and outsourcing safety of the biological characteristic template are guaranteed.

Description

Biological identity information authentication method based on 5G cloud and mist mixed unified authentication platform
Technical Field
The invention belongs to the technical field of information identification, and particularly relates to a biological identity information authentication method based on a 5G cloud and mist mixed unified authentication platform.
Background
Currently, the closest prior art: biometric authentication is a technique for identifying people in security applications using biometric data, and is an alternative method of identity authentication and identification. Many biometric features may be used in an identity authentication system, which features are unique to a person. Conventional biometric identification uses physical attributes of the user, such as the face, iris, fingerprint, etc., or behavioral attributes, such as gait. Among the widely used biometric techniques, fingerprints and facial features have a wide range of applications in every life, as they can be easily obtained by some procedures. Low-cost audio and video capture sensors and fingerprint sensors on smart phones, notebook computers and tablet computers are ubiquitous, so that the advantages of fingerprint and facial biometric identification technologies are more prominent than those of other biometric identification technologies. Biometric authentication has various advantages compared to conventional authentication methods. They are considered more secure because biometrics are difficult to copy and more reliable because they are difficult to share/distribute and require the presence of the user at the time of authentication. Whereas softbiometric identification utilizes human labels, metrics and descriptions for identification. These features lack uniqueness and persistence, and a single feature does not identify a unique individual, thus requiring multiple features to be used in combination. Since soft biometrics is used to compensate for the drawbacks of conventional biometrics, biometric fusion methods have to be applied. One chooses a number of different features to combine for identification and authentication in order to achieve greater accuracy.
There are some problems in authentication using a single biometric alone, such as the influence on the performance of recognition when the gesture, light, occlusion, and expression change. Therefore, this class of methods is more suitable for constraint recognition scenarios. Also, the use of a single biometric is easily affected by noise and variations in biometric information, and there are also problems of non-universality, intra-class variation, inter-class variation, and vulnerability to spoofing attacks. Moreover, with the rapid deployment of biometric authentication, the privacy issue of biometric features is getting more and more attention, especially when authentication is performed on a cloud platform.
In summary, the problems of the prior art are as follows:
(1) when the existing method for authenticating the single biological characteristics independently uses the gesture, the illumination, the shielding and the expression to change, the problems of inaccurate identification, increased error rate or longer comparison time and the like can occur, so that the performance of biological identification is reduced. And there are problems of non-universality, intra-class variation, inter-class variation, and vulnerability to spoofing attacks. The most likely scenario is identity theft, in which case a malicious individual or group can steal someone's biometric data and use that data to perform financial fraud and even more for terrorist activities.
(2) Conventional fingerprint recognition also has a number of problems, such as: fraud can be accessed and identified by easily counterfeiting the fingerprint using different types of instruments (e.g., wood glue, gelatin, silicone, or printed fingerprints).
(3) And fingerprint deformation and noise are introduced into a touch point-based finger touch sensor acquisition method, so that the fingerprint identification precision is reduced.
The difficulty of solving the technical problems is as follows:
to improve the accuracy and the living body detection rate of the biometric feature identification, more verification and calculation may need to be added, and a simple algorithm is not enough to resist the problems of spoofing attack, window attack and the like, which means more time complexity and calculation overhead are added to ensure the identification efficiency. And also to ensure the security requirements of the data, if security is not a concern, the user's sensitive information can be revealed. Therefore, the proposed scheme should achieve privacy in storage, transmission and computation.
The significance of solving the technical problems is as follows:
the same biometric is used in different applications because of the consistency of our biometric data, which means that data stolen from one application may be abused in other applications. However, a biological characteristic identification and authentication mechanism with privacy protection capability based on soft biological characteristics is provided, the technical difficulty of multi-characteristic fusion credible authentication is solved, the user can conveniently, accurately and quickly experience identity authentication, and the privacy of the biological characteristic data of the user is protected. On one hand, the safety of the biological characteristic data can be ensured, and meanwhile, the efficiency and the accuracy of identification can also be ensured. On the other hand, the combination with the soft biological characteristics can effectively prevent the non-living body from pretending to be as an authenticator for authentication, improve the living body detection rate and reduce the search space by using the soft biological characteristics.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a biological identity information authentication method based on a 5G cloud and mist mixed unified authentication platform.
The invention is realized in such a way that a biological identity information authentication method based on a 5G cloud and mist mixed unified authentication platform comprises the following steps:
step one, an authentication request is submitted to a unified authentication cloud by a user through a fog computing center, user characteristics are submitted and stored in a characteristic management library before, and biological information is encrypted and stored;
secondly, randomly selecting soft biological characteristics and biological characteristics by the unified authentication cloud, and informing a user to collect the soft biological characteristics and the biological characteristics through a fog computing center;
thirdly, the terminal acquires the biological characteristics of the user as core characteristics through interaction, acquires the soft biological characteristics corresponding to the user as key encryption biological characteristics, and uploads the key encryption biological characteristics to an authentication server for comparison;
and fourthly, the authentication server confirms the identity of the user after comparing and calculating.
Further, the biometric identity information authentication method based on the 5G cloud and mist mixed unified authentication platform further comprises the following steps: in the registration stage, the user UE registers on a feature library DB, the DB stores the biological features and soft biological features of the UEs, and the biological features and the soft biological features are marked as < BC >, < SBC > sets, and the mark number < SN > of a feature sequence is formed between the UE and the DB.
Further, the biometric identity information authentication method based on the 5G cloud and mist mixed unified authentication platform further comprises the following steps: an authentication stage;
(1) UE sends an authentication request Auth _ Req to a unified authentication Cloud through a mist computing center FCC, and transmits the biological characteristics supported by an equipment sensor and a soft biological characteristic List SN _ List;
(2) randomly selecting a biological feature sequence SQ and a soft biological feature sequence SQ to be acquired from an SN _ List by the Cloud through an SQ (SN _ List), and directly sending the SQ to the DB through an Auth _ Req _ Info;
(3) DB searches all UEs containing SQ, and generates a group of vectors V _ SBC for SQ of all UEs meeting the requirementsiSearch (sq), and transform the ids Uid of these UEs to generate set S _ Uid', and then send V _ SBC via Auth _ Res _ Info messageiAnd S _ uid' to Cloud;
(4) cloud storage V _ SBCiAnd S _ uid', according to the previously received Fid, sending SQ, SRid and the session identification Sid of this time to the previous FCC;
(5) after receiving the Sid, the SRid and the SQ, the FCC sends the SQ to the UE according to the SRid, the UE acquires according to the SQ, records the acquired soft biological characteristics as V _ SBC ', records the biological characteristics as V _ BC', and submits the soft biological characteristics to the FCC;
(6) FCC Generation of Soft biometric Key K Using V _ SBCSBC', using a secret key KSBC'encrypting the biometric information V _ BC' generates a ciphertext C. Then, the generated ciphertext C, V _ SBC', Sid, SRid and Fid are sent to Cloud together through Auth _ Res message;
(7) cloud uses a feature recognition algorithm to group V _ SBC' and vector groups V _ SBCiMatching is performed to find out all soft biometric vector groups V _ SBC that may belong to the same personj(ii) a Subsequently using KSBCTry toDecrypting the ciphertext, if the ciphertext cannot be decrypted successfully, failing to authenticate, and returning an authentication error message to the user; if the decryption is successful, the V _ BC' and the soft biological feature vector V _ SBC obtained by the decryption are usedjThe corresponding V _ uid' is sent to the DB;
(8) DB algorithmically translates V _ Uid 'to Uid and saves the user's template V _ BC using biometric recognition algorithmjAnd V _ BC' for comparison matching.
Further, the authentication request Auth _ Req includes an identifier SRid of the sensor, an identifier Fid of the cloud computing center, and a List SN _ List of biometrics that the sensor can collect;
processing the identity identifier Uid of the UEs to generate a set S _ Uid, wherein the set S _ Uid is { Uid | contains the id of the UEs requiring SQ }, and generating a Uid pseudonym set S _ Uid' after the S _ Uid passes through a translation algorithm f 1; v _ SBC is then coupled via Auth _ Res _ Info messageiAnd S _ uid' to Cloud.
Further, a ciphertext C is generated. The functions f2 and f3 are selected, SBC ═ f2(SBC1, SBC2, … …, SBCj), KSBC’=f3(SBC),KSBC' key required for later authentication; wherein f2 and f3 guarantee FCC calculated key KSBC'and Cloud' calculated secret key KSBCKeeping consistent; and sending the generated ciphertext C, V _ SBC', Sid, SRid and Fid to Cloud together through an Auth _ Res message.
Further, Cloud uses a feature recognition algorithm to group V _ SBC' and vector groups V _ SBCiMatching is performed to find out all soft biometric vector groups V _ SBC that may belong to the same personjExtracting the pseudonym id of the UE to which the soft biological feature vector belongs to generate a set V _ Uid ' ═ Uid ' | of pseudonym ids of UEs conforming to V _ SBC '; cloud uses the set of soft biometric vectors V _ SBCjGenerating a unique KSBC(ii) a Using the same method and function as FCC, ensure consistent key generation; subsequently using KSBCAttempting to decrypt the ciphertext, and if the ciphertext cannot be decrypted successfully, failing to authenticate; if the decryption is available, the decrypted V _ BC' and the soft biological feature vector V _ SBCjThe corresponding V _ uid' is sent to the DB;
DB algorithmically translates V _ Uid 'to Uid and saves the user's template V _ BC using biometric recognition algorithmjCarrying out comparison matching with V _ BC'; if V _ BC' is associated with the saved template V _ BCjIf one of the similarity values is larger than the specified threshold value, the user authentication is successful, and Auth _ Success is returned; otherwise, returning Auth _ Fail indicates authentication failure.
Another object of the present invention is to provide a biological identity information authentication system based on a 5G cloud and mist mixed unified authentication platform, which implements the biological identity information authentication method based on a 5G cloud and mist mixed unified authentication platform, and the biological identity information authentication system based on a 5G cloud and mist mixed unified authentication platform includes:
the biological information processing module is used for realizing that the user side acquires soft biological characteristics and biological characteristics through the sensor; the authentication request is submitted to the unified authentication cloud by the user through the fog computing center, the user characteristics are submitted and stored in the characteristic management library before, and the biological information is encrypted and stored;
the soft biological feature fusion conversion module is used for outsourcing the soft biological feature fusion calculation process of the user to a fog calculation platform for completion, and the fusion conversion is completed through the mapping function by adopting a normalization method for the features of different dimensions;
the core characteristic processing module is used for acquiring biological characteristics of the user as core characteristics by the terminal sensor;
the biological characteristic comparison module is used for acquiring soft biological characteristics corresponding to the user as secret keys to encrypt the biological characteristics through interaction by the terminal and uploading the biological characteristics to the authentication server for comparison; and after the authentication server compares and calculates, confirming the identity of the user.
Further, the biometric identity information authentication system based on the 5G cloud and mist mixed unified authentication platform further comprises:
the registration stage module is used for realizing registration of user UE on a feature library DB, wherein the DB stores biological features and soft biological features of the UEs and is marked as < BC >, < SBC > sets, and a mark number < SN > of a feature sequence is formed between the UE and the DB;
and the authentication stage module is used for realizing comparison of the biological characteristic information and confirming the identity of the user.
The invention also aims to provide an information data processing terminal for realizing the biological identity information authentication method based on the 5G cloud and mist mixed unified authentication platform.
Another object of the present invention is to provide a computer-readable storage medium, which includes instructions that, when executed on a computer, cause the computer to execute the biometric identity information authentication method based on a 5G cloud and mist mixed unified authentication platform.
In summary, the advantages and positive effects of the invention are:
in summary, the advantages and positive effects of the invention are: the invention combines the traditional biological characteristic authentication and the soft biological characteristic to improve the efficiency and the precision of the identification authentication based on the identity authentication technology of face identification and fingerprint identification and the soft biological characteristic identification technology which can be used as auxiliary information. The soft biological feature is used for assisting to effectively reduce the search space and improve the identification efficiency. And an encryption key is generated by using the weak characteristic and the non-uniqueness of the soft biological characteristic, so that the biological characteristic data of the user is protected. Meanwhile, the privacy problem existing in the biological characteristic authentication is considered, and the security of the data storage and outsourcing of the biological characteristic template is guaranteed.
The authentication method based on the biological/soft biological characteristics fuses the soft biological characteristics to a certain extent, improves the accuracy and efficiency of biological characteristic authentication, and realizes the privacy protection of outsourced data. In other schemes, a new and efficient method is provided for realizing the confidential face recognition in the cloud environment. By utilizing a random technology, an affine transformation consisting of permutation, diffusion fusion and shift transformation is provided so as to protect the privacy of the face. The feature extraction and recognition processes are both performed in the encrypted domain with no interaction. Meanwhile, the scheme also provides an optimization technology for improving the encryption efficiency. The accuracy of this scheme is shown by correctness analysis to be theoretically consistent with a scheme without privacy protection. In another scheme, a new privacy-protecting online fingerprint authentication scheme e-Finga is provided. In the scheme, the fingerprint registered by the user in the trust authority can be outsourced to different servers through user authorization, and the safe, accurate and efficient authentication service can be provided under the condition of not revealing fingerprint information. The automatic fingerprint identification system can directly calculate the matching criterion of the ciphertext without decryption, and the accuracy of the fingerprint identification system is not influenced. Specifically, an improved homomorphic encryption technology is provided for safe Euclidean distance calculation, and the efficient online fingerprint matching algorithm is used for outsourcing the encrypted fingerprint data. However, in this scheme, the encrypted ciphertexts are compared, which may cause a certain error and delay the authentication speed, so that the authentication efficiency is reduced, especially when a large number of users request access together.
Drawings
Fig. 1 is a flowchart of a biometric identity information authentication method based on a 5G cloud and mist mixed unified authentication platform according to an embodiment of the present invention.
FIG. 2 is a schematic diagram of a CAS + language modeling implementation according to an embodiment of the present invention.
FIG. 3 is a diagram of the CAS + language to HLPSL language conversion provided by the embodiment of the present invention.
Fig. 4 is a message sequence chart provided by the embodiment of the invention.
Fig. 5 is a schematic diagram of the results of analysis performed by selecting the OFMC analysis technique according to the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Aiming at the problems in the prior art, the invention provides a biological identity information authentication method based on a 5G cloud and mist mixed unified authentication platform, and the invention is described in detail below with reference to the accompanying drawings.
As shown in fig. 1, the biometric identity information authentication method based on the 5G cloud and mist mixed unified authentication platform provided by the embodiment of the present invention includes the following steps:
s101: the authentication request is submitted to the unified authentication cloud by the user through the fog computing center, the user characteristics are submitted and stored in the characteristic management library before, and the biological information is encrypted and stored;
s102: the unified authentication cloud randomly selects soft biological characteristics and biological characteristics, and informs a user to collect the soft biological characteristics and the biological characteristics through a fog computing center;
s103: the terminal acquires the biological characteristics of the user as core characteristics through interaction, acquires the soft biological characteristics corresponding to the user as key encryption biological characteristics, and uploads the key encryption biological characteristics to the authentication server for comparison;
s104: and after the authentication server compares and calculates, confirming the identity of the user.
The technical solution of the present invention is further described with reference to the following specific examples.
The biological identity information authentication method based on the 5G cloud and mist mixed unified authentication platform provided by the embodiment of the invention specifically comprises the following steps:
first, registration stage
The user UE registers on a feature library DB, which stores the biometrics and soft biometrics of UEs, denoted as < BC >, < SBC > sets, and forms the signature < SN > of the feature sequence between the UE and the DB.
Second, authentication phase
The method comprises the steps that 1, UE sends an authentication request Auth _ Req to a unified authentication Cloud through a fog computing center FCC, wherein the authentication request Auth _ Req comprises an identifier SRid of a sensor, an identifier Fid of the fog computing center and a biological characteristic and a soft biological characteristic List SN _ List which can be collected by the sensor;
randomly selecting a biological characteristic sequence SQ and a soft biological characteristic sequence SQ to be acquired from an SN _ List by the Cloud through an SQ (SN _ List), and then directly sending the SQ to the DB through an Auth _ Req _ Info;
DB searches all UEs containing SQ, and generates a group of vectors V _ SBC for SQ of all UEs meeting the requirementiSearch (sq). And processing the identities Uid of the UEs to generate a set S _ Uid, where S _ Uid includes the id of the UEs that require SQAfter the over-translation algorithm f1, a Uid pseudonym set S _ Uid' is generated. V _ SBC is then coupled via Auth _ Res _ Info messageiAnd S _ uid' to Cloud;
cloud storage V _ SBCiAnd S _ uid', then according to the previously received Fid, sending SQ, SRid and the session identification Sid of this time to the previous FCC;
after receiving the Sid, the SRid and the SQ, the FCC sends the SQ to the UE according to the SRid, the UE acquires according to the SQ, records the acquired soft biological characteristics as V _ SBC ', records the biological characteristics as V _ BC', and submits the soft biological characteristics to the FCC;
FCC Generation of Soft biometric Key K Using V _ SBCSBC', using a secret key KSBC'encrypting the biometric information V _ BC' generates a ciphertext C. Wherein, suitable functions f2 and f3 are selected, SBC ═ f2(SBC1, SBC2, … …, SBCj), KSBC’=f3(SBC),KSBC' is a key required for later authentication. Wherein f2 and f3 can guarantee FCC calculated key KSBC'and Cloud' calculated secret key KSBCAnd the consistency is maintained. Then the generated ciphertext, V _ SBC', Sid, SRid and Fid are sent to Cloud together through Auth _ Res message;
cloud uses a feature recognition algorithm to group V _ SBC' and vector groups V _ SBCiMatching is performed to find out all soft biometric vector groups V _ SBC that may belong to the same personj. And extracting the pseudonym id of the UE to which the soft biological feature vectors belong to generate a set V _ Uid ' ═ Uid ' | according with the pseudonym id of the UEs of V _ SBC '. Thereafter, Cloud uses the set of soft biometric vectors V _ SBCjGenerating a unique KSBC. The same methods and functions as FCC are used here to ensure consistent key generation. Subsequently using KSBCAnd (4) attempting to decrypt the ciphertext, if the ciphertext cannot be decrypted successfully, failing to authenticate, and returning an authentication error message to the user. If the decryption is available, the decrypted V _ BC' and the soft biological feature vector V _ SBCjThe corresponding V _ uid' is sent to the DB;
DB algorithmically translating V _ Uid' to Uid and using biometric recognition algorithm to save user template V _ BCjAnd V _ BC' for comparison matching. If V _ BC' and guaranteedStored template V _ BCjIf one of the similarity values is larger than the specified threshold value, the user authentication is successful, and Auth _ Success is returned. Otherwise, returning Auth _ Fail indicates authentication failure.
The technical effects of the present invention will be described in detail with reference to simulations.
Formal proof was performed to verify the security of the present invention. The method comprises the following specific steps:
the method comprises the following steps: as shown in FIG. 2, the process of the present invention is established into a formal model in CAS + language, and the model includes the body of the session, the messages sent, the knowledge held by the intruders possibly present in the session, and the security targets to be verified.
Step two: the CAS + language is converted to the HLPSL language in the Assistant SPAN of AVISPA, as shown in FIG. 3.
Step three: the use of tools results in a message sequence chart of the present invention as shown in fig. 4.
Step four: the present invention was analyzed by selecting the OFMC analysis technique and concluded as shown in fig. 5.
The identity information authentication method can be used for large-scale identity authentication under the mobile Internet, can be applied to some intelligent service products, provides a flexible user access scheme for an intelligent customer service system by researching the soft biological characteristic fusion identity authentication scheme, simplifies user authentication operation, reduces the burden of service request steps for users, and realizes convenient and safe service access control. The intelligent service is adapted to more application scenes, is not limited to mainstream traditional industries such as telecommunication, finance and government affairs, and can improve the market occupancy rate in emerging industries such as new retail, economy sharing, online tourism/medical treatment/education and the like.
It should be noted that the embodiments of the present invention can be realized by hardware, software, or a combination of software and hardware. The hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the apparatus and methods described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided on a carrier medium such as a disk, CD-or DVD-ROM, programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier, for example. The apparatus and its modules of the present invention may be implemented by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., or by software executed by various types of processors, or by a combination of hardware circuits and software, e.g., firmware.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (10)

1. A biological identity information authentication method based on a 5G cloud and mist mixed unified authentication platform is characterized by comprising the following steps:
step one, an authentication request is submitted to a unified authentication cloud by a user through a fog computing center, user characteristics are submitted and stored in a characteristic management library before, and biological information is encrypted and stored;
secondly, randomly selecting soft biological characteristics and biological characteristics by the unified authentication cloud, and informing a user to collect the soft biological characteristics and the biological characteristics through a fog computing center;
thirdly, the terminal acquires the biological characteristics of the user as core characteristics through interaction, acquires the soft biological characteristics corresponding to the user as key encryption biological characteristics, and uploads the key encryption biological characteristics to an authentication server for comparison;
and fourthly, the authentication server confirms the identity of the user after comparing and calculating.
2. The biometric identity information authentication method based on the 5G cloud and mist mixed unified authentication platform as claimed in claim 1, wherein the biometric identity information authentication method based on the 5G cloud and mist mixed unified authentication platform further comprises: in the registration stage, the user UE registers on a feature library DB, the DB stores the biological features and soft biological features of the UEs, and the biological features and the soft biological features are marked as < BC >, < SBC > sets, and the mark number < SN > of a feature sequence is formed between the UE and the DB.
3. The biometric identity information authentication method based on the 5G cloud and mist mixed unified authentication platform as claimed in claim 1, wherein the biometric identity information authentication method based on the 5G cloud and mist mixed unified authentication platform further comprises: an authentication stage;
(1) UE sends an authentication request Auth _ Req to a unified authentication Cloud through a mist computing center FCC, and transmits the biological characteristics supported by an equipment sensor and a soft biological characteristic List SN _ List;
(2) randomly selecting a biological feature sequence SQ and a soft biological feature sequence SQ to be acquired from an SN _ List by the Cloud through an SQ (SN _ List), and directly sending the SQ to the DB through an Auth _ Req _ Info;
(3) DB searches all UEs containing SQ, and generates a group of vectors V _ SBC for SQ of all UEs meeting the requirementsiSearch (sq), and transform the ids Uid of these UEs to generate set S _ Uid', and then send V _ SBC via Auth _ Res _ Info messageiAnd S _ uid' to Cloud;
(4) cloud storage V _ SBCiAnd S _ uid', according to the previously received Fid, sending SQ, SRid and the session identification Sid of this time to the previous FCC;
(5) after receiving the Sid, the SRid and the SQ, the FCC sends the SQ to the UE according to the SRid, the UE acquires according to the SQ, records the acquired soft biological characteristics as V _ SBC ', records the biological characteristics as V _ BC', and submits the soft biological characteristics to the FCC;
(6) FCC Generation of Soft biometric Key K Using V _ SBCSBC', using a secret key KSBC'encrypting the biometric information V _ BC' generates a ciphertext C. Then, the generated ciphertext C, V _ SBC', Sid, SRid and Fid are sent to Cloud together through Auth _ Res message;
(7) cloud use characteristicsThe identification algorithm combines V _ SBC' and vector group V _ SBCiMatching is performed to find out all soft biometric vector groups V _ SBC that may belong to the same personj(ii) a These soft biometric vector sets are then used to generate a unique key KSBCAnd use of KSBCAttempting to decrypt the ciphertext, if the ciphertext cannot be decrypted successfully, failing to authenticate, and returning an authentication error message to the user; if the decryption is successful, the V _ BC' and the soft biological feature vector V _ SBC obtained by the decryption are usedjThe corresponding V _ uid' is sent to the DB;
(8) DB algorithmically translates V _ Uid 'to Uid and saves the user's template V _ BC using biometric recognition algorithmjAnd V _ BC' for comparison matching.
4. The biometric identity information authentication method based on the 5G cloud and mist mixed unified authentication platform as claimed in claim 3, wherein the authentication request Auth _ Req comprises the identification SRid of the sensor, the identifier Fid of the mist computing center and the biometric features and soft biometric feature List SN _ List which can be collected by the sensor;
processing the identity identifier Uid of the UEs to generate a set S _ Uid, wherein the set S _ Uid is { Uid | contains the id of the UEs requiring SQ }, and generating a Uid pseudonym set S _ Uid' after the S _ Uid passes through a translation algorithm f 1; v _ SBC is then coupled via Auth _ Res _ Info messageiAnd S _ uid' to Cloud.
5. The biometric identity information authentication method based on the 5G cloud and mist mixed unified authentication platform as claimed in claim 3, wherein a ciphertext C is generated. The functions f2 and f3 are selected, SBC ═ f2(SBC1, SBC2, … …, SBCj), KSBC’=f3(SBC),KSBC' key required for later authentication; wherein f2 and f3 guarantee FCC calculated key KSBC'and Cloud' calculated secret key KSBCKeeping consistent; and sending the generated ciphertext, V _ SBC', Sid, SRid and Fid to Cloud together through an Auth _ Res message.
6. The biometric identity information authentication method based on the 5G cloud and mist mixed unified authentication platform as claimed in claim 3The method is characterized in that Cloud uses a feature recognition algorithm to combine V _ SBC' and vector group V _ SBCiMatching is performed to find out all soft biometric vector groups V _ SBC that may belong to the same personjExtracting the pseudonym id of the UE to which the soft biological feature vector belongs to generate a set V _ Uid ' ═ Uid ' | of pseudonym ids of UEs conforming to V _ SBC '; cloud uses the set of soft biometric vectors V _ SBCjGenerating a unique KSBC(ii) a Using the same method and function as FCC, ensure consistent key generation; subsequently using KSBCAttempting to decrypt the ciphertext, and if the ciphertext cannot be decrypted successfully, failing to authenticate; if the decryption is available, the decrypted V _ BC' and the soft biological feature vector V _ SBCjThe corresponding V _ uid' is sent to the DB;
DB algorithmically translates V _ Uid 'to Uid and saves the user's template V _ BC using biometric recognition algorithmjCarrying out comparison matching with V _ BC'; if V _ BC' is associated with the saved template V _ BCjIf one of the similarity values is larger than the specified threshold value, the user authentication is successful, and Auth _ Success is returned; otherwise, returning Auth _ Fail indicates authentication failure.
7. A biological identity information authentication system based on a 5G cloud and mist mixed unified authentication platform for implementing the biological identity information authentication method based on the 5G cloud and mist mixed unified authentication platform according to any one of claims 1 to 6, wherein the biological identity information authentication system based on the 5G cloud and mist mixed unified authentication platform comprises:
the biological information processing module is used for realizing that the user side acquires soft biological characteristics and biological characteristics through the sensor; the authentication request is submitted to the unified authentication cloud by the user through the fog computing center, the user characteristics are submitted and stored in the characteristic management library before, and the biological information is encrypted and stored;
the soft biological feature fusion conversion module is used for outsourcing the soft biological feature fusion calculation process of the user to a fog calculation platform for completion, and the fusion conversion is completed through the mapping function by adopting a normalization method for the features of different dimensions;
the core characteristic processing module is used for acquiring biological characteristics of the user as core characteristics by the terminal sensor;
the biological characteristic comparison module is used for acquiring soft biological characteristics corresponding to the user as secret keys to encrypt the biological characteristics through interaction by the terminal and uploading the biological characteristics to the authentication server for comparison; and after the authentication server compares and calculates, confirming the identity of the user.
8. The biometric identity information authentication system based on the 5G cloud and mist mixed unified authentication platform as claimed in claim 7, wherein the biometric identity information authentication system based on the 5G cloud and mist mixed unified authentication platform further comprises:
the registration stage module is used for realizing registration of user UE on a feature library DB, wherein the DB stores biological features and soft biological features of the UEs and is marked as < BC >, < SBC > sets, and a mark number < SN > of a feature sequence is formed between the UE and the DB;
and the authentication stage module is used for realizing comparison of the biological characteristic information and confirming the identity of the user.
9. An information data processing terminal for implementing the biological identity information authentication method based on the 5G cloud and mist mixed unified authentication platform according to any one of claims 1 to 6.
10. A computer-readable storage medium comprising instructions that, when executed on a computer, cause the computer to perform the biometric identity information authentication method based on a 5G cloud and mist mixed unified authentication platform according to any one of claims 1 to 6.
CN201911129276.9A 2019-11-18 2019-11-18 Biological identity information authentication method based on 5G cloud and mist mixed unified authentication platform Active CN111131153B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911129276.9A CN111131153B (en) 2019-11-18 2019-11-18 Biological identity information authentication method based on 5G cloud and mist mixed unified authentication platform

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911129276.9A CN111131153B (en) 2019-11-18 2019-11-18 Biological identity information authentication method based on 5G cloud and mist mixed unified authentication platform

Publications (2)

Publication Number Publication Date
CN111131153A true CN111131153A (en) 2020-05-08
CN111131153B CN111131153B (en) 2021-11-23

Family

ID=70495785

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911129276.9A Active CN111131153B (en) 2019-11-18 2019-11-18 Biological identity information authentication method based on 5G cloud and mist mixed unified authentication platform

Country Status (1)

Country Link
CN (1) CN111131153B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111917759A (en) * 2020-07-27 2020-11-10 八维通科技有限公司 Data security interaction method for gas station
CN114553413A (en) * 2022-02-28 2022-05-27 西安电子科技大学 Access authentication and key derivation method and system for biological identification identity authentication

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6490680B1 (en) * 1997-12-04 2002-12-03 Tecsec Incorporated Access control and authorization system
CN103124269A (en) * 2013-03-05 2013-05-29 桂林电子科技大学 Bidirectional identity authentication method based on dynamic password and biologic features under cloud environment
CN104065487A (en) * 2014-07-08 2014-09-24 华南理工大学 Random secret value IBC identity authentication method based on digital fingerprint
CN104168112A (en) * 2014-07-07 2014-11-26 中国科学院信息工程研究所 Secret key generation method based on multi-modal biological characteristics
CN106357395A (en) * 2016-09-13 2017-01-25 深圳大学 Outsourcing access control method and system aiming at fog computing
CN109359691A (en) * 2018-10-24 2019-02-19 全链通有限公司 Auth method and system based on block chain

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6490680B1 (en) * 1997-12-04 2002-12-03 Tecsec Incorporated Access control and authorization system
CN103124269A (en) * 2013-03-05 2013-05-29 桂林电子科技大学 Bidirectional identity authentication method based on dynamic password and biologic features under cloud environment
CN104168112A (en) * 2014-07-07 2014-11-26 中国科学院信息工程研究所 Secret key generation method based on multi-modal biological characteristics
CN104065487A (en) * 2014-07-08 2014-09-24 华南理工大学 Random secret value IBC identity authentication method based on digital fingerprint
CN106357395A (en) * 2016-09-13 2017-01-25 深圳大学 Outsourcing access control method and system aiming at fog computing
CN109359691A (en) * 2018-10-24 2019-02-19 全链通有限公司 Auth method and system based on block chain

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111917759A (en) * 2020-07-27 2020-11-10 八维通科技有限公司 Data security interaction method for gas station
CN111917759B (en) * 2020-07-27 2021-02-19 八维通科技有限公司 Data security interaction method for gas station
CN114553413A (en) * 2022-02-28 2022-05-27 西安电子科技大学 Access authentication and key derivation method and system for biological identification identity authentication
CN114553413B (en) * 2022-02-28 2023-10-13 西安电子科技大学 Access authentication and key derivation method and system for biometric identity authentication

Also Published As

Publication number Publication date
CN111131153B (en) 2021-11-23

Similar Documents

Publication Publication Date Title
JP7421766B2 (en) Public key/private key biometric authentication system
US11329981B2 (en) Issuing, storing and verifying a rich credential
Kaur et al. Privacy preserving remote multi-server biometric authentication using cancelable biometrics and secret sharing
JP6037366B2 (en) Method for authenticating user corresponding to encrypted data and system for authenticating user corresponding to biometric data
Pagnin et al. Privacy‐Preserving Biometric Authentication: Challenges and Directions
Chen et al. Mobile device integration of a fingerprint biometric remote authentication scheme
KR101169100B1 (en) Method and system for asymmetric key security
US9219722B2 (en) Unclonable ID based chip-to-chip communication
WO2017000829A1 (en) Method for checking security based on biological features, client and server
KR20070024633A (en) Renewable and private biometrics
US10015171B1 (en) Authentication using metadata from posts made to social networking websites
KR20040000477A (en) Application-specific biometric templates
WO2019205389A1 (en) Electronic device, authentication method based on block chain, and program and computer storage medium
Torres et al. Effectiveness of fully homomorphic encryption to preserve the privacy of biometric data
CN111131153B (en) Biological identity information authentication method based on 5G cloud and mist mixed unified authentication platform
Ziyad et al. Critical review of authentication mechanisms in cloud computing
Lei et al. PRIVFACE: Fast privacy-preserving face authentication with revocable and reusable biometric credentials
CN114547589A (en) Privacy-protecting user registration and user authentication method and device
Ernst et al. A framework for UC secure privacy preserving biometric authentication using efficient functional encryption
Verma et al. A novel model to enhance the data security in cloud environment
CN115550002B (en) TEE-based intelligent home remote control method and related device
Abdulmalik et al. Secure two-factor mutual authentication scheme using shared image in medical healthcare environment
Lei et al. A practical privacy-preserving face authentication scheme with revocability and reusability
Wilusz et al. Security analysis of transaction authorization methods for next generation electronic payment services
KR20220122224A (en) Integrated user authentication method based on decentralized identity in user device and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant