CN113704728A - Fingerprint authentication method based on D-H key exchange and key sharing - Google Patents
Fingerprint authentication method based on D-H key exchange and key sharing Download PDFInfo
- Publication number
- CN113704728A CN113704728A CN202110814999.3A CN202110814999A CN113704728A CN 113704728 A CN113704728 A CN 113704728A CN 202110814999 A CN202110814999 A CN 202110814999A CN 113704728 A CN113704728 A CN 113704728A
- Authority
- CN
- China
- Prior art keywords
- key
- template
- fingerprint
- authentication method
- method based
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 230000015654 memory Effects 0.000 claims description 5
- 238000013507 mapping Methods 0.000 claims description 3
- 238000005516 engineering process Methods 0.000 abstract description 8
- 238000004422 calculation algorithm Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 238000010835 comparative analysis Methods 0.000 description 1
- 230000000052 comparative effect Effects 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Collating Specific Patterns (AREA)
Abstract
The invention discloses a fingerprint authentication method based on D-H key exchange and key sharing, which comprises the steps of firstly utilizing a key sharing technology to distribute keys required to be stored by each entity in a system to different servers for dispersed storage, then utilizing the D-H key exchange technology to generate the same primary random keys at a user side and a reference template storage end respectively in an inquiry stage, and encrypting an inquiry template and a reference template respectively to realize the randomness and diversity of the inquiry fingerprint template and the reference fingerprint template of a user, and finally designing a safe fingerprint authentication method with privacy protection characteristic by judging whether an authentication result passes under the condition of not specifically calculating the Euclidean distance between two fingerprints.
Description
Technical Field
The invention relates to the technical field of key security, in particular to a fingerprint authentication method based on D-H key exchange and key sharing.
Background
The identity authentication technology based on biological characteristics is widely applied to daily life of people, and can effectively solve the problems of easy loss, forgetting and the like of the traditional identity authentication. Fingerprint identification is a mature technology in a biological characteristic identification system and is applied in different fields, but no better solution is provided for the problem of protecting template data and user characteristic information in the fingerprint identification process at present, the risk of key leakage or loss exists in the encryption storage stage, and lawless persons can easily track each server to carry out cross matching attack to acquire information in the query and template authorization stages.
Disclosure of Invention
The invention aims to provide a fingerprint authentication method based on D-H key exchange and key sharing, and aims to provide a safe fingerprint authentication method with privacy protection characteristic.
In order to achieve the above object, the present invention provides a fingerprint authentication method based on D-H key exchange and key sharing, comprising the following steps:
managing a secret key;
exchanging an encryption process by using a D-H key;
and carrying out secret comparison and authentication.
In the key management process, a plurality of null sub memories are used for storing reference fingerprint templates registered by users in a distributed mode on the basis of bilinear mapping.
And the encrypted secret number is shared and stored by the reference fingerprint template.
In the process of exchanging encryption by using the D-H key, the same primary random keys are respectively generated at the user side and the memory side of the reference template by using the D-H key exchange technology, and the inquiry fingerprint template and the reference fingerprint template are respectively encrypted.
In the process of authentication through secret comparison, under the condition that the Euclidean distance between the encrypted inquiry fingerprint template and the reference fingerprint template is not specifically calculated, the comparison with a preset threshold value is realized, and an authentication result is obtained.
The invention relates to a fingerprint authentication method based on D-H key exchange and key sharing, which comprises the steps of firstly utilizing a key sharing technology to distribute keys required to be stored by each entity in a system to different servers for dispersed storage, then utilizing the D-H key exchange technology to generate the same primary random keys at a user side and a reference template storage end respectively in an inquiry stage, and encrypting an inquiry template and a reference template respectively to realize the randomness and diversity of the inquiry fingerprint template and the reference fingerprint template of a user, and finally under the condition that the Euclidean distance between two fingerprints is not calculated specifically, designing a safe fingerprint authentication method with privacy protection characteristic by judging whether an authentication result passes or not.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic flowchart of a fingerprint authentication method based on D-H key exchange and key sharing according to the present invention.
Fig. 2 is a system architecture diagram of a fingerprint authentication method based on D-H key exchange and key sharing according to the present invention.
FIG. 3 is a comparative EER before and after fingerprint template protection for an emulated embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
Referring to fig. 1, the present invention provides a fingerprint authentication method based on D-H key exchange and key sharing, which includes the following steps:
s1: managing a secret key;
s2: exchanging an encryption process by using a D-H key;
s3: and carrying out secret comparison and authentication.
In the key management process, on the basis of bilinear mapping, a plurality of null sub memories are used for storing reference fingerprint templates registered by users in a distributed mode.
And the reference fingerprint template carries out encrypted secret number sharing and storage.
In the process of exchanging encryption by using the D-H key, the same primary random keys are generated at the user side and the reference template memory side respectively by using the D-H key exchange technology, and the inquiry fingerprint template and the reference fingerprint template are encrypted respectively.
In the process of carrying out authentication by secret comparison, under the condition that the Euclidean distance between the encrypted inquiry fingerprint template and the reference fingerprint template is not specifically calculated, the comparison with a preset threshold value is realized, and an authentication result is obtained.
The system architecture of the present invention is shown in FIG. 2, and the system parameters disclosed in the template storage center at the system initialization stage areAnd q (e.g., q-5) empty sub-memories prepared for distributed storage of the reference fingerprint template registered by the user are respectivelyWherein G and GTAs a bilinear mapTwo multiplication cyclic groups of prime p in the middle, G and h being two generators of group G, yTSIs the public key of the template repository,for cryptographic hash functions, τ is a predetermined threshold, λTAnd λIRespectively the length of the user fingerprint template and the identity. Let the user select 3 random numbers in the key generation phaseComputingWherein KiRepresenting a secret number encrypting the registered reference fingerprint template, user UiThe private key of (A) is Uski=(Uski,1,Uski,2)=(xi,1,xi,2) The public key is Upki=(Upki,1,Upki,2)=(yi,1,yi,2). Likewise, in the key generation phase, the certification authority selects 1 random numberThen calculateThe private key of the certificate authority is Mskl=xlThe public key is Mpkl=yl。
The specific implementation steps are as follows:
A. key management
(1) Due to the correspondence of each sub-memoryThe security problem of the template in the query process is concerned, so the template needs to be changed into share for storage. Randomly selecting q polynomials of degree t-1
(2) Likewise, a secret number K for encrypting the registered reference fingerprint templateiThe security of the template is also concerned, and the template is also changed into sharing and saving. Randomly selecting a t-1 degree polynomial f (x) Ki+b1x+b2x2+…bt-1xt-1Handle KiAnd changing into n shares for storage.
B. Exchanging encryption procedures with D-H keys
(3) Let user obtain original fingerprint characteristic template through fingerprint sensorFor template security, the user first uses K before enrollingiCarrying out encryption processing on an original fingerprint template:
note the bookThen the public key UpkiIdentity information of a userAnd encrypted original fingerprint templateAnd sending the fingerprint template to a fingerprint template storage center. Fingerprint template storage center stores user's informationRandomly stored in q sub-memories, corresponding to sub-memory identitiesAnd sending the identity to the user as the user response pseudo identity.
(4) After registration is complete, the user may initiate an authentication query to the authentication authority. Suppose that a user has obtained a fresh fingerprint feature template Y before formally initiating a certification query to a certification authorityi=(yi1,yi2,…yin)。
1) The user selects a random numberAnd a positive random numberComputingCarrying out the following encryption on the obtained fresh fingerprint characteristic template
Handle (W, T)i) Sent to a certification authority, where TiIs a time stamp.
4) The authentication authority selects a random numberComputingHandleSending to a fingerprint template storage center, whereinAnd TlRespectively, the identity of the certification authority and the timestamp.
5) Fingerprint template storage center computationAnd checks whether the following two conditions are satisfied
And
if both are satisfied, receivingAndthen calculateAnd handle sub-memoryIn corresponding to identity ofAll the reference fingerprint templates use kiAnd (3) encryption:
6) Fingerprint template storage center selects 2 random numbersComputing ciphertext tuple Gj,i=(Gj,i,1,Gj,i,2,Gj,i,3) Wherein
Handle (G)j,i,Tj,i) Sent to a certification authority, where Tj,iIs a time stamp.
C. Secret comparison process
After the above process is finished, the certification authority can obtain the inquiry fingerprint template Y to be certifiedi"and reference fingerprint template Xi。
(5) The euclidean distance of two fingerprints can be calculated using the following formula:
(6) order the authentication resultIf the authentication result RS is 1, the authentication is successful, otherwise, the authentication fails.
Further, the correctness of the invention is theoretically demonstrated as follows:
first, W in the ciphertext W5Can be verified by equation (1):
second is W in the ciphertext W4And VlCan pass the verification of (2) and (3) respectively
And
finally, a valid ciphertext Gj,iMust be able to pass the verification of equation (4):
thus proving the correctness of the scheme.
Further, simulation experiments were performed on the above scheme using Matlab language, etc. The used database is a public fingerprint data set consisting of 408 grayscale fingerprint images acquired by a CrossMatch verifier 300 sensor, and the operating system is a Windows 10 computer with 8 cores and 3.00GHz Intel i7 CPU and 16GB RAM.
We performed comparative analysis on the performance of the template before and after protection. Table 1 and fig. 3 show the relationship between the Equal Error Rate (EER) (error rate when the error acceptance rate (FAR) and the error rejection rate (FRR) are equal) and the threshold value in the alignment before and after encryption.
TABLE 1 EER before and after protection
Therefore, the fingerprint template protection method and the privacy comparison method which do not specifically calculate the Euclidean distance between two fingerprint characteristics have no influence on the performance of the fingerprint identification system, and fully show that the template protection scheme provided by the invention ensures the identification performance and the feasibility of the fingerprint identification system.
However, the invention researches the effectiveness of the protection of the encrypted fingerprint template instead of the fingerprint identification algorithm, so that the final identification precision of the invention is slightly different from the precision obtained by the related fingerprint identification algorithm. If advanced optimization techniques can be combined, the identification performance of the whole scheme can meet practical requirements.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.
Claims (5)
1. A fingerprint authentication method based on D-H key exchange and key sharing is characterized by comprising the following steps:
managing a secret key;
exchanging an encryption process by using a D-H key;
and carrying out secret comparison and authentication.
2. The fingerprint authentication method based on D-H key exchange and key sharing of claim 1, wherein in the key management process, a plurality of blank sub-memories are used to perform distributed storage on the reference fingerprint template registered by the user based on bilinear mapping.
3. The fingerprint authentication method based on D-H key exchange and key sharing according to claim 2, wherein the reference fingerprint template performs encrypted secret number sharing saving.
4. The fingerprint authentication method based on D-H key exchange and key sharing of claim 1, wherein during the encryption process using D-H key exchange, the same primary random keys are generated at the user side and the memory side of the reference template respectively using D-H key exchange technique, and the query fingerprint template and the reference fingerprint template are encrypted respectively.
5. The fingerprint authentication method based on D-H key exchange and key sharing of claim 1, wherein in the process of authentication by security comparison, the comparison with the predetermined threshold is implemented without specifically calculating the euclidean distance between the encrypted inquiry fingerprint template and the reference fingerprint template, and the authentication result is obtained.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110814999.3A CN113704728B (en) | 2021-07-19 | 2021-07-19 | Fingerprint authentication method based on D-H key exchange and key sharing |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110814999.3A CN113704728B (en) | 2021-07-19 | 2021-07-19 | Fingerprint authentication method based on D-H key exchange and key sharing |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113704728A true CN113704728A (en) | 2021-11-26 |
CN113704728B CN113704728B (en) | 2024-03-01 |
Family
ID=78649001
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110814999.3A Active CN113704728B (en) | 2021-07-19 | 2021-07-19 | Fingerprint authentication method based on D-H key exchange and key sharing |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113704728B (en) |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060153371A1 (en) * | 2005-01-07 | 2006-07-13 | Beeson Curtis L | Generating digital signatures using ephemeral cryptographic key |
US20110040972A1 (en) * | 2008-04-21 | 2011-02-17 | Estem Limited | Terminal for strong authentication of a user |
CN102710417A (en) * | 2012-06-18 | 2012-10-03 | 杭州电子科技大学 | Fuzzy vault method based on fingerprint features and Internet key exchange protocol |
CN102750529A (en) * | 2012-07-24 | 2012-10-24 | 南京邮电大学 | Biometric fingerprint authentication method based on quantum fuzzy commitment |
CN104065487A (en) * | 2014-07-08 | 2014-09-24 | 华南理工大学 | Random secret value IBC identity authentication method based on digital fingerprint |
CN106411533A (en) * | 2016-11-10 | 2017-02-15 | 西安电子科技大学 | On-line fingerprint authentication system and method based on bidirectional privacy protection |
US20180375859A1 (en) * | 2017-06-26 | 2018-12-27 | Electronics And Telecommunications Research Institute | Method and apparatus for authentication of user using biometric |
-
2021
- 2021-07-19 CN CN202110814999.3A patent/CN113704728B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060153371A1 (en) * | 2005-01-07 | 2006-07-13 | Beeson Curtis L | Generating digital signatures using ephemeral cryptographic key |
US20110040972A1 (en) * | 2008-04-21 | 2011-02-17 | Estem Limited | Terminal for strong authentication of a user |
CN102710417A (en) * | 2012-06-18 | 2012-10-03 | 杭州电子科技大学 | Fuzzy vault method based on fingerprint features and Internet key exchange protocol |
CN102750529A (en) * | 2012-07-24 | 2012-10-24 | 南京邮电大学 | Biometric fingerprint authentication method based on quantum fuzzy commitment |
CN104065487A (en) * | 2014-07-08 | 2014-09-24 | 华南理工大学 | Random secret value IBC identity authentication method based on digital fingerprint |
CN106411533A (en) * | 2016-11-10 | 2017-02-15 | 西安电子科技大学 | On-line fingerprint authentication system and method based on bidirectional privacy protection |
US20180375859A1 (en) * | 2017-06-26 | 2018-12-27 | Electronics And Telecommunications Research Institute | Method and apparatus for authentication of user using biometric |
Non-Patent Citations (2)
Title |
---|
HUIYONG WANG 等: "Privacy-Preserving Fingerprint Authentication Using D-H Key Exchange and Secret Sharing", 《HTTPS://DL.ACM.ORG/DOI/10.1155/2021/5344696》, pages 1 - 2 * |
王会勇 等: "生物特征识别模板保护综述", 《计算机研究与发展》, vol. 57, no. 5 * |
Also Published As
Publication number | Publication date |
---|---|
CN113704728B (en) | 2024-03-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111639361B (en) | Block chain key management method, multi-person common signature method and electronic device | |
Jiang et al. | Three-factor authentication protocol using physical unclonable function for IoV | |
EP3069249B1 (en) | Authenticatable device | |
CN112926092A (en) | Privacy-protecting identity information storage and identity authentication method and device | |
Dwivedi et al. | A fingerprint based crypto-biometric system for secure communication | |
Zhu et al. | Efficient and privacy-preserving online fingerprint authentication scheme over outsourced data | |
Sarier | Comments on biometric-based non-transferable credentials and their application in blockchain-based identity management | |
CN114640444B (en) | Privacy protection set intersection acquisition method and device based on domestic cryptographic algorithm | |
Bringer et al. | Extended private information retrieval and its application in biometrics authentications | |
CN112329519A (en) | Safe online fingerprint matching method | |
Wang et al. | Attribute-based equality test over encrypted data without random oracles | |
Fan et al. | Verifiable attribute-based multi-keyword search over encrypted cloud data in multi-owner setting | |
Hossain et al. | ICAS: Two-factor identity-concealed authentication scheme for remote-servers | |
Wu et al. | Privacy-preserving cancelable biometric authentication based on RDM and ECC | |
CN114996727A (en) | Biological feature privacy encryption method and system based on palm print and palm vein recognition | |
Meshram et al. | An efficient remote user authentication with key agreement procedure based on convolution-Chebyshev chaotic maps using biometric | |
GB2578864A (en) | Trusted ring | |
Zhu et al. | A Novel and Provable Authenticated Key Agreement Protocol with Privacy Protection Based on Chaotic Maps towards Mobile Network. | |
Xu et al. | Efficient privacy-preserving electronic voting scheme based on blockchain | |
Zhu et al. | An efficient biometric authenticated protocol for arbitrary-domain-server with blockchain technology | |
Hamian et al. | Blockchain-based User Re-enrollment for Biometric Authentication Systems | |
Wong et al. | A privacy-preserving biometric matching protocol for iris codes verification | |
CN113704728B (en) | Fingerprint authentication method based on D-H key exchange and key sharing | |
Soni et al. | Provably secure and biometric-based secure access of E-Governance services using mobile devices | |
WO2021167534A1 (en) | Biometric template recognition system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |