CN112994896A - Vein identification based digital certificate authentication method - Google Patents

Vein identification based digital certificate authentication method Download PDF

Info

Publication number
CN112994896A
CN112994896A CN202110286084.XA CN202110286084A CN112994896A CN 112994896 A CN112994896 A CN 112994896A CN 202110286084 A CN202110286084 A CN 202110286084A CN 112994896 A CN112994896 A CN 112994896A
Authority
CN
China
Prior art keywords
vein
digital certificate
public key
information
visitor
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110286084.XA
Other languages
Chinese (zh)
Inventor
李晓坤
徐龙
刘清源
董潍赫
黄逸群
付文香
张心雨
陈伟良
赵瑞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Heilongjiang Hengxun Technology Co ltd
Original Assignee
Heilongjiang Hengxun Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Heilongjiang Hengxun Technology Co ltd filed Critical Heilongjiang Hengxun Technology Co ltd
Priority to CN202110286084.XA priority Critical patent/CN112994896A/en
Publication of CN112994896A publication Critical patent/CN112994896A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F18/00Pattern recognition
    • G06F18/20Analysing
    • G06F18/24Classification techniques
    • G06F18/241Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06NCOMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
    • G06N3/00Computing arrangements based on biological models
    • G06N3/02Neural networks
    • G06N3/08Learning methods
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/14Vascular patterns

Abstract

The invention provides a method for network security, which comprises the following steps: enough preprocessed vein images are collected to form a vein image database. And inputting the images in the database into a depth residual error network (ResNet) for feature learning, outputting distinguishing real-value features, and learning the obtained real-value features by using a discrete hash algorithm to generate binarization features. And obtaining the rejection information about the veins according to the binarization characteristics, wherein the rejection information of each vein image can generate a unique key with a specified number of bits. The digital certificate utilizes a vein recognition algorithm to carry out asymmetric encryption on information and issues a public key to a Certificate Authentication (CA) center. And the CA center decrypts the encrypted information with the unique private key of the visitor's digital certificate, thereby authenticating the identity of the visitor. The function of accurately and quickly authenticating the identity of the visitor is realized.

Description

Vein identification based digital certificate authentication method
Technical Field
The invention relates to the field of network authentication, in particular to a vein identification-based digital certificate authentication method.
Background
Since network information authentication is a rigid demand in the modern science and technology era, how to improve the accuracy and security level of network information authentication becomes a major problem that needs to be considered at present.
In the authentication process of the network, there may exist serious potential safety hazards such as information leakage with people and virus intrusion. When a user accesses a page, the conventional encryption algorithm cannot guarantee the safety level of information while ensuring accurate authentication. The webpage is easy to be maliciously attacked by a third party, information is tampered, information is intercepted, and the like. The digital certificate encrypts information by using an asymmetric encryption algorithm based on vein recognition, and sends the information to a CA center after a public key signature, so as to be published to all users. The CA center can verify that the user holds the unique private key of the digital certificate, realize the function of accurately authenticating the identity of the visitor, ensure that the security level of network authentication is effectively ensured, and is quick and convenient.
Disclosure of Invention
Aiming at the defects of the prior art, the invention aims to create a vein identification-based digital certificate authentication method, the provided method realizes a safer and more accurate network information authentication function, and has the advantages of high accuracy, quick identification, strong anti-theft level, convenient use and the like.
The invention aims at a digital certificate authentication method, in particular to a digital certificate authentication method based on vein identification, which comprises the following steps: collecting a large number of vein images, and carrying out preprocessing such as high-pass filtering, graying, normalization and the like to prepare a vein image database; using a deep residual network with an infrastructure of ResNet50, data is randomly fetched from a database as inputXXEach pass through a convolutional layer is subject to batch normalization and transformation of the activation function.
Mapping identities into branchesXAnd residual learning branchF X Introduced into the whole residual error network, thenkResidual error module tok+mThe real-valued characteristics of each ResNet50 residual module can be expressed as:
Figure DEST_PATH_IMAGE001
simultaneously, taking an additive edge loss function as a supervision signal to capture real-value features of the inputted vein image
Figure 935116DEST_PATH_IMAGE002
Classifying correct label values and corner parameters with vein imagesnRepresents the loss function:
Figure 792869DEST_PATH_IMAGE004
at this time, the loss function needs to satisfy the following condition:
Figure 759557DEST_PATH_IMAGE006
by usingkNRespectively representing the number of batches and the number of categories,W j representing a weight matrixWThe (c) th column of (a),
Figure DEST_PATH_IMAGE007
features representing the ith sampleSequence, radius of hyperspheresAnd (4) showing.
Decimation from real-valued features output from a residual network using SDH algorithmmA sample
Figure 83660DEST_PATH_IMAGE008
And corresponding label matrix
Figure DEST_PATH_IMAGE009
Learning binary vector features
Figure 402427DEST_PATH_IMAGE010
And binary coding derived by the SDH algorithm is used for multi-classification:
Figure DEST_PATH_IMAGE011
in the above formulaWRepresents a weight matrix from 1 toCThe number of the categories is one,Yrepresenting a true tag, λ andErespectively represent regularization parameters and binary coding, andU X presentation feature andXmapping out dimensions asmRandomly initializing a column vector of lengthLENBinary vector of
Figure 661108DEST_PATH_IMAGE012
Iterative learning
Figure DEST_PATH_IMAGE013
Finally, obtaining binary characteristics, and obtaining the exception information of the vein image according to the binary characteristics, thereby generating a unique key.
The information is asymmetrically encrypted by a vein recognition algorithm for a digital certificate, the encrypted public key is sent to a CA center, the CA center discloses the public key, all users can hold the public key, an accessor decrypts the public key by using a unique private key of the digital certificate, the CA center can authenticate whether the private key is matched with the public key, if the private key decrypts the public key, the authentication is successful, the accessor can check the information in the digital certificate, if the private key used for authentication is not matched with the public key, the authentication is failed, and the accessor cannot access the information.
Drawings
FIG. 1 illustrates a flow diagram for vein-based identification digital certificate authentication, according to an example embodiment of the present invention.
Detailed Description
As shown in fig. 1, an embodiment of the present invention provides a method for identifying a digital certificate based on a vein.
First, a large number of vein images are collected in step S101, and a vein image database is created by preprocessing such as high-pass filtering, graying, and normalization.
Next, in step S102, data is randomly fetched from the databaseXInputting into deep residual error network with basic structure ResNet50XEach pass through a convolutional layer is preceded by a batch normalization and transformation of the activation function. Mapping identities into branchesXAnd residual learning branch
Figure DEST_PATH_IMAGE015
Introduced into the whole residual error network, then in the residual error networkkFrom module to modulek+mThe characteristics of each ResNet50 module can be expressed as:
Figure DEST_PATH_IMAGE017
finally obtaining the real-valued features
Figure DEST_PATH_IMAGE019
In step S103, a real-valued feature of the input vein image is captured using the additive edge loss function as a supervision signal
Figure 322550DEST_PATH_IMAGE019
Classifying correct label values and corner parameters with vein imagesnRepresents the loss function:
Figure DEST_PATH_IMAGE021
at this time, the loss function needs to satisfy the following condition:
Figure DEST_PATH_IMAGE023
by usingkNRespectively representing the number of batches and the number of categories,
Figure DEST_PATH_IMAGE025
representing a weight matrixWThe (c) th column of (a),
Figure 322781DEST_PATH_IMAGE007
represents a characteristic sequence of the ith sample, andsrepresenting the radius of the hypersphere.
Decimation from the real valued features output by the residual network in step 104 using the SDH algorithmmA sample
Figure DEST_PATH_IMAGE027
And corresponding label matrix
Figure DEST_PATH_IMAGE029
Learning binary vector features
Figure DEST_PATH_IMAGE031
. And binary coding derived by the SDH algorithm is used for multi-classification:
Figure DEST_PATH_IMAGE033
in the above formulaWRepresents a weight matrix from 1 toCA category。YRepresenting a real tag. λ andErespectively representing regularization parameters and binary coding. While
Figure DEST_PATH_IMAGE035
Presentation feature andXmapping out dimensions asmThe column vector of (2). Randomly initializing a length ofLENBinary vector of
Figure DEST_PATH_IMAGE037
. Iterative learning
Figure DEST_PATH_IMAGE039
And finally obtaining the binarization characteristics.
In step S105, the difference information of the vein image is obtained based on the binarization characteristics. The digital certificate may generate a unique key using the exception information.
The digital certificate encrypts information using the generated key and transmits a public key to the CA center, disclosing the encrypted information to all users in step S106.
In S107, the CA center authenticates the private key held by the visitor, and if the authentication is successful, the user can access the information in the digital certificate; if the authentication fails, the visitor is denied.

Claims (3)

1. It is proposed herein a vein identification based digital certificate authentication method, the method comprising: collecting a large number of vein images, and carrying out preprocessing such as high-pass filtering, graying, normalization and the like to prepare a vein image database;
capturing real-value characteristics of inputted vein images by adopting a depth residual error network with an infrastructure of ResNet50 and taking an additive edge loss function as a supervision signal
Figure 138319DEST_PATH_IMAGE001
Discretizing the high-dimensional real value feature by a discrete hash (SDH) algorithm with a supervision mechanism, and converting the high-dimensional real value feature into a low-dimensional binary feature
Figure 130677DEST_PATH_IMAGE002
Obtaining the difference removal information of the vein image according to the binary characteristics, thereby generating a unique key;
the digital certificate carries out asymmetric encryption on the information by using a vein recognition algorithm, and sends an encrypted public key to a CA center; the CA center discloses the public key, all users can hold the public key, the visitor enables the unique private key of the digital certificate to decrypt the public key, the CA center can authenticate whether the private key is matched with the public key, if the private key decrypts the public key, the authentication is successful, the visitor can check the information in the digital certificate, and if the private key used for authentication is not matched with the public key, the authentication is failed, and the visitor cannot access the information.
2. The ResNet50 structure of claim 1, wherein the input X passes through a batch normalization and activation function before passing through each convolutional layer, and the residual network has two unique branches, one is a learning branch of the residual networkF X The other is an identity mapping branchXIn depth ResNetkResidual error module tok+mThe real-valued characteristics of the individual ResNet50 modules can be expressed as:
Figure 530435DEST_PATH_IMAGE003
the use of a additive angular function, as a loss function of the residual network,
classifying correct label values and corner parameters with vein imagesnRepresents the loss function:
Figure 859391DEST_PATH_IMAGE004
at this time, the loss function needs to satisfy the following condition:
Figure 319192DEST_PATH_IMAGE005
by usingkNRespectively representing the number of batches and the number of categories,
Figure 674212DEST_PATH_IMAGE006
representing a weight matrixWThe (c) th column of (a),
Figure 877660DEST_PATH_IMAGE007
represents a characteristic sequence of the ith sample, andsrepresenting the radius of the hypersphere.
3. The SDH algorithm, according to claim 1, selects from the real valued features of the residual network outputmA sample
Figure 4666DEST_PATH_IMAGE008
Mapping out a column vector of dimension m using Radial Basis Function (RBF) kernel computation
Figure 464728DEST_PATH_IMAGE009
Where σ represents the width of the kernel, a binary vector of length LEN can be arbitrarily initialized
Figure 477684DEST_PATH_IMAGE010
Iterative learning
Figure 484823DEST_PATH_IMAGE011
And finally obtaining the binarization characteristics.
CN202110286084.XA 2021-03-17 2021-03-17 Vein identification based digital certificate authentication method Pending CN112994896A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110286084.XA CN112994896A (en) 2021-03-17 2021-03-17 Vein identification based digital certificate authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110286084.XA CN112994896A (en) 2021-03-17 2021-03-17 Vein identification based digital certificate authentication method

Publications (1)

Publication Number Publication Date
CN112994896A true CN112994896A (en) 2021-06-18

Family

ID=76334097

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110286084.XA Pending CN112994896A (en) 2021-03-17 2021-03-17 Vein identification based digital certificate authentication method

Country Status (1)

Country Link
CN (1) CN112994896A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101986597A (en) * 2010-10-20 2011-03-16 杭州晟元芯片技术有限公司 Identity authentication system with biological characteristic recognition function and authentication method thereof
US20180212782A1 (en) * 2014-08-18 2018-07-26 Balazs Csik Methods For Digitally Signing An Electronic File And Authentication Method
CN110427906A (en) * 2019-08-07 2019-11-08 上海应用技术大学 In conjunction with the Hybrid Encryption recognition methods of fingerprint and finger vein biometric feature
CN110543822A (en) * 2019-07-29 2019-12-06 浙江理工大学 finger vein identification method based on convolutional neural network and supervised discrete hash algorithm
US20200145408A1 (en) * 2018-11-05 2020-05-07 International Business Machines Corporation System to effectively validate the authentication of otp usage

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101986597A (en) * 2010-10-20 2011-03-16 杭州晟元芯片技术有限公司 Identity authentication system with biological characteristic recognition function and authentication method thereof
US20180212782A1 (en) * 2014-08-18 2018-07-26 Balazs Csik Methods For Digitally Signing An Electronic File And Authentication Method
US20200145408A1 (en) * 2018-11-05 2020-05-07 International Business Machines Corporation System to effectively validate the authentication of otp usage
CN110543822A (en) * 2019-07-29 2019-12-06 浙江理工大学 finger vein identification method based on convolutional neural network and supervised discrete hash algorithm
CN110427906A (en) * 2019-08-07 2019-11-08 上海应用技术大学 In conjunction with the Hybrid Encryption recognition methods of fingerprint and finger vein biometric feature

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
吴微等: "一种存储伪图像的手掌静脉识别研究", 《光学学报》 *
宋宪荣等: "网络可信身份认证技术问题研究", 《网络空间安全》 *
张娜等: "基于深度残差网络与离散哈希的指静脉识别方法", 《浙江理工大学学报(自然科学版)》 *
徐辉等: "结合生物特征的PKI/CA认证系统设计", 《通信技术》 *
陈春宇: ""基于深度学习和离散哈希的指静脉识别方法研究"", 《中国优秀博硕士学位论文全文数据库(硕士)基础科学辑》 *

Similar Documents

Publication Publication Date Title
JP7060619B2 (en) Biometric identification system and method
Lee et al. Biometric key binding: Fuzzy vault based on iris images
Sandhya et al. Biometric template protection: A systematic literature review of approaches and modalities
Zhao et al. Negative iris recognition
US10425408B2 (en) Encrypted biometric authenication
Lim et al. Biometric feature-type transformation: Making templates compatible for secret protection
Eskander et al. A bio-cryptographic system based on offline signature images
Murakami et al. Cancelable permutation-based indexing for secure and efficient biometric identification
CN105471575A (en) Information encryption, decryption method and device
US10425232B2 (en) Encrypted biometric registration
Bolle et al. Anonymous and revocable fingerprint recognition
Ali et al. Cancelable biometrics technique for iris recognition
EP2517150B1 (en) Method and system for generating a representation of a finger print minutiae information
CN110535630B (en) Key generation method, device and storage medium
Conti et al. Fingerprint traits and RSA algorithm fusion technique
CN107181598B (en) Fingerprint key processing method and device
Nazari et al. A discriminant binarization transform using genetic algorithm and error-correcting output code for face template protection
Bringer et al. Extending match-on-card to local biometric identification
CN114065169B (en) Privacy protection biometric authentication method and device and electronic equipment
US20230246820A1 (en) Dynamic privacy-preserving application authentication
CN112994896A (en) Vein identification based digital certificate authentication method
CN113691367B (en) Desensitization safety biological characteristic identity authentication method
CN114996727A (en) Biological feature privacy encryption method and system based on palm print and palm vein recognition
Sheena et al. Multimodal biometric authentication: secured encryption of iris using fingerprint ID
Xi et al. FE-SViT: A SViT-based fuzzy extractor framework

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20210618