CN112994896A - Vein identification based digital certificate authentication method - Google Patents
Vein identification based digital certificate authentication method Download PDFInfo
- Publication number
- CN112994896A CN112994896A CN202110286084.XA CN202110286084A CN112994896A CN 112994896 A CN112994896 A CN 112994896A CN 202110286084 A CN202110286084 A CN 202110286084A CN 112994896 A CN112994896 A CN 112994896A
- Authority
- CN
- China
- Prior art keywords
- vein
- digital certificate
- public key
- information
- visitor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
- G06F18/241—Classification techniques relating to the classification model, e.g. parametric or non-parametric approaches
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06N—COMPUTING ARRANGEMENTS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N3/00—Computing arrangements based on biological models
- G06N3/02—Neural networks
- G06N3/08—Learning methods
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V40/00—Recognition of biometric, human-related or animal-related patterns in image or video data
- G06V40/10—Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
- G06V40/14—Vascular patterns
Abstract
The invention provides a method for network security, which comprises the following steps: enough preprocessed vein images are collected to form a vein image database. And inputting the images in the database into a depth residual error network (ResNet) for feature learning, outputting distinguishing real-value features, and learning the obtained real-value features by using a discrete hash algorithm to generate binarization features. And obtaining the rejection information about the veins according to the binarization characteristics, wherein the rejection information of each vein image can generate a unique key with a specified number of bits. The digital certificate utilizes a vein recognition algorithm to carry out asymmetric encryption on information and issues a public key to a Certificate Authentication (CA) center. And the CA center decrypts the encrypted information with the unique private key of the visitor's digital certificate, thereby authenticating the identity of the visitor. The function of accurately and quickly authenticating the identity of the visitor is realized.
Description
Technical Field
The invention relates to the field of network authentication, in particular to a vein identification-based digital certificate authentication method.
Background
Since network information authentication is a rigid demand in the modern science and technology era, how to improve the accuracy and security level of network information authentication becomes a major problem that needs to be considered at present.
In the authentication process of the network, there may exist serious potential safety hazards such as information leakage with people and virus intrusion. When a user accesses a page, the conventional encryption algorithm cannot guarantee the safety level of information while ensuring accurate authentication. The webpage is easy to be maliciously attacked by a third party, information is tampered, information is intercepted, and the like. The digital certificate encrypts information by using an asymmetric encryption algorithm based on vein recognition, and sends the information to a CA center after a public key signature, so as to be published to all users. The CA center can verify that the user holds the unique private key of the digital certificate, realize the function of accurately authenticating the identity of the visitor, ensure that the security level of network authentication is effectively ensured, and is quick and convenient.
Disclosure of Invention
Aiming at the defects of the prior art, the invention aims to create a vein identification-based digital certificate authentication method, the provided method realizes a safer and more accurate network information authentication function, and has the advantages of high accuracy, quick identification, strong anti-theft level, convenient use and the like.
The invention aims at a digital certificate authentication method, in particular to a digital certificate authentication method based on vein identification, which comprises the following steps: collecting a large number of vein images, and carrying out preprocessing such as high-pass filtering, graying, normalization and the like to prepare a vein image database; using a deep residual network with an infrastructure of ResNet50, data is randomly fetched from a database as inputX,XEach pass through a convolutional layer is subject to batch normalization and transformation of the activation function.
Mapping identities into branchesXAnd residual learning branchF X Introduced into the whole residual error network, thenkResidual error module tok+mThe real-valued characteristics of each ResNet50 residual module can be expressed as:
simultaneously, taking an additive edge loss function as a supervision signal to capture real-value features of the inputted vein imageClassifying correct label values and corner parameters with vein imagesnRepresents the loss function:
at this time, the loss function needs to satisfy the following condition:
by usingk、NRespectively representing the number of batches and the number of categories,W j representing a weight matrixWThe (c) th column of (a),features representing the ith sampleSequence, radius of hyperspheresAnd (4) showing.
Decimation from real-valued features output from a residual network using SDH algorithmmA sampleAnd corresponding label matrixLearning binary vector features。
And binary coding derived by the SDH algorithm is used for multi-classification:
in the above formulaWRepresents a weight matrix from 1 toCThe number of the categories is one,Yrepresenting a true tag, λ andErespectively represent regularization parameters and binary coding, andU X presentation feature andXmapping out dimensions asmRandomly initializing a column vector of lengthLENBinary vector of ,Iterative learningFinally, obtaining binary characteristics, and obtaining the exception information of the vein image according to the binary characteristics, thereby generating a unique key.
The information is asymmetrically encrypted by a vein recognition algorithm for a digital certificate, the encrypted public key is sent to a CA center, the CA center discloses the public key, all users can hold the public key, an accessor decrypts the public key by using a unique private key of the digital certificate, the CA center can authenticate whether the private key is matched with the public key, if the private key decrypts the public key, the authentication is successful, the accessor can check the information in the digital certificate, if the private key used for authentication is not matched with the public key, the authentication is failed, and the accessor cannot access the information.
Drawings
FIG. 1 illustrates a flow diagram for vein-based identification digital certificate authentication, according to an example embodiment of the present invention.
Detailed Description
As shown in fig. 1, an embodiment of the present invention provides a method for identifying a digital certificate based on a vein.
First, a large number of vein images are collected in step S101, and a vein image database is created by preprocessing such as high-pass filtering, graying, and normalization.
Next, in step S102, data is randomly fetched from the databaseXInputting into deep residual error network with basic structure ResNet50XEach pass through a convolutional layer is preceded by a batch normalization and transformation of the activation function. Mapping identities into branchesXAnd residual learning branchIntroduced into the whole residual error network, then in the residual error networkkFrom module to modulek+mThe characteristics of each ResNet50 module can be expressed as:
In step S103, a real-valued feature of the input vein image is captured using the additive edge loss function as a supervision signalClassifying correct label values and corner parameters with vein imagesnRepresents the loss function:
at this time, the loss function needs to satisfy the following condition:
by usingk、NRespectively representing the number of batches and the number of categories,representing a weight matrixWThe (c) th column of (a),represents a characteristic sequence of the ith sample, andsrepresenting the radius of the hypersphere.
Decimation from the real valued features output by the residual network in step 104 using the SDH algorithmmA sampleAnd corresponding label matrixLearning binary vector features. And binary coding derived by the SDH algorithm is used for multi-classification:
in the above formulaWRepresents a weight matrix from 1 toCA category。YRepresenting a real tag. λ andErespectively representing regularization parameters and binary coding. WhilePresentation feature andXmapping out dimensions asmThe column vector of (2). Randomly initializing a length ofLENBinary vector of. Iterative learningAnd finally obtaining the binarization characteristics.
In step S105, the difference information of the vein image is obtained based on the binarization characteristics. The digital certificate may generate a unique key using the exception information.
The digital certificate encrypts information using the generated key and transmits a public key to the CA center, disclosing the encrypted information to all users in step S106.
In S107, the CA center authenticates the private key held by the visitor, and if the authentication is successful, the user can access the information in the digital certificate; if the authentication fails, the visitor is denied.
Claims (3)
1. It is proposed herein a vein identification based digital certificate authentication method, the method comprising: collecting a large number of vein images, and carrying out preprocessing such as high-pass filtering, graying, normalization and the like to prepare a vein image database;
capturing real-value characteristics of inputted vein images by adopting a depth residual error network with an infrastructure of ResNet50 and taking an additive edge loss function as a supervision signalDiscretizing the high-dimensional real value feature by a discrete hash (SDH) algorithm with a supervision mechanism, and converting the high-dimensional real value feature into a low-dimensional binary featureObtaining the difference removal information of the vein image according to the binary characteristics, thereby generating a unique key;
the digital certificate carries out asymmetric encryption on the information by using a vein recognition algorithm, and sends an encrypted public key to a CA center; the CA center discloses the public key, all users can hold the public key, the visitor enables the unique private key of the digital certificate to decrypt the public key, the CA center can authenticate whether the private key is matched with the public key, if the private key decrypts the public key, the authentication is successful, the visitor can check the information in the digital certificate, and if the private key used for authentication is not matched with the public key, the authentication is failed, and the visitor cannot access the information.
2. The ResNet50 structure of claim 1, wherein the input X passes through a batch normalization and activation function before passing through each convolutional layer, and the residual network has two unique branches, one is a learning branch of the residual networkF X The other is an identity mapping branchXIn depth ResNetkResidual error module tok+mThe real-valued characteristics of the individual ResNet50 modules can be expressed as:
the use of a additive angular function, as a loss function of the residual network,
classifying correct label values and corner parameters with vein imagesnRepresents the loss function:
at this time, the loss function needs to satisfy the following condition:
3. The SDH algorithm, according to claim 1, selects from the real valued features of the residual network outputmA sampleMapping out a column vector of dimension m using Radial Basis Function (RBF) kernel computationWhere σ represents the width of the kernel, a binary vector of length LEN can be arbitrarily initializedIterative learningAnd finally obtaining the binarization characteristics.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110286084.XA CN112994896A (en) | 2021-03-17 | 2021-03-17 | Vein identification based digital certificate authentication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110286084.XA CN112994896A (en) | 2021-03-17 | 2021-03-17 | Vein identification based digital certificate authentication method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112994896A true CN112994896A (en) | 2021-06-18 |
Family
ID=76334097
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110286084.XA Pending CN112994896A (en) | 2021-03-17 | 2021-03-17 | Vein identification based digital certificate authentication method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112994896A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101986597A (en) * | 2010-10-20 | 2011-03-16 | 杭州晟元芯片技术有限公司 | Identity authentication system with biological characteristic recognition function and authentication method thereof |
US20180212782A1 (en) * | 2014-08-18 | 2018-07-26 | Balazs Csik | Methods For Digitally Signing An Electronic File And Authentication Method |
CN110427906A (en) * | 2019-08-07 | 2019-11-08 | 上海应用技术大学 | In conjunction with the Hybrid Encryption recognition methods of fingerprint and finger vein biometric feature |
CN110543822A (en) * | 2019-07-29 | 2019-12-06 | 浙江理工大学 | finger vein identification method based on convolutional neural network and supervised discrete hash algorithm |
US20200145408A1 (en) * | 2018-11-05 | 2020-05-07 | International Business Machines Corporation | System to effectively validate the authentication of otp usage |
-
2021
- 2021-03-17 CN CN202110286084.XA patent/CN112994896A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101986597A (en) * | 2010-10-20 | 2011-03-16 | 杭州晟元芯片技术有限公司 | Identity authentication system with biological characteristic recognition function and authentication method thereof |
US20180212782A1 (en) * | 2014-08-18 | 2018-07-26 | Balazs Csik | Methods For Digitally Signing An Electronic File And Authentication Method |
US20200145408A1 (en) * | 2018-11-05 | 2020-05-07 | International Business Machines Corporation | System to effectively validate the authentication of otp usage |
CN110543822A (en) * | 2019-07-29 | 2019-12-06 | 浙江理工大学 | finger vein identification method based on convolutional neural network and supervised discrete hash algorithm |
CN110427906A (en) * | 2019-08-07 | 2019-11-08 | 上海应用技术大学 | In conjunction with the Hybrid Encryption recognition methods of fingerprint and finger vein biometric feature |
Non-Patent Citations (5)
Title |
---|
吴微等: "一种存储伪图像的手掌静脉识别研究", 《光学学报》 * |
宋宪荣等: "网络可信身份认证技术问题研究", 《网络空间安全》 * |
张娜等: "基于深度残差网络与离散哈希的指静脉识别方法", 《浙江理工大学学报(自然科学版)》 * |
徐辉等: "结合生物特征的PKI/CA认证系统设计", 《通信技术》 * |
陈春宇: ""基于深度学习和离散哈希的指静脉识别方法研究"", 《中国优秀博硕士学位论文全文数据库(硕士)基础科学辑》 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP7060619B2 (en) | Biometric identification system and method | |
Lee et al. | Biometric key binding: Fuzzy vault based on iris images | |
Sandhya et al. | Biometric template protection: A systematic literature review of approaches and modalities | |
Zhao et al. | Negative iris recognition | |
US10425408B2 (en) | Encrypted biometric authenication | |
Lim et al. | Biometric feature-type transformation: Making templates compatible for secret protection | |
Eskander et al. | A bio-cryptographic system based on offline signature images | |
Murakami et al. | Cancelable permutation-based indexing for secure and efficient biometric identification | |
CN105471575A (en) | Information encryption, decryption method and device | |
US10425232B2 (en) | Encrypted biometric registration | |
Bolle et al. | Anonymous and revocable fingerprint recognition | |
Ali et al. | Cancelable biometrics technique for iris recognition | |
EP2517150B1 (en) | Method and system for generating a representation of a finger print minutiae information | |
CN110535630B (en) | Key generation method, device and storage medium | |
Conti et al. | Fingerprint traits and RSA algorithm fusion technique | |
CN107181598B (en) | Fingerprint key processing method and device | |
Nazari et al. | A discriminant binarization transform using genetic algorithm and error-correcting output code for face template protection | |
Bringer et al. | Extending match-on-card to local biometric identification | |
CN114065169B (en) | Privacy protection biometric authentication method and device and electronic equipment | |
US20230246820A1 (en) | Dynamic privacy-preserving application authentication | |
CN112994896A (en) | Vein identification based digital certificate authentication method | |
CN113691367B (en) | Desensitization safety biological characteristic identity authentication method | |
CN114996727A (en) | Biological feature privacy encryption method and system based on palm print and palm vein recognition | |
Sheena et al. | Multimodal biometric authentication: secured encryption of iris using fingerprint ID | |
Xi et al. | FE-SViT: A SViT-based fuzzy extractor framework |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20210618 |