CN115396220A - Iris privacy authentication system and method based on block chain - Google Patents

Iris privacy authentication system and method based on block chain Download PDF

Info

Publication number
CN115396220A
CN115396220A CN202211047622.0A CN202211047622A CN115396220A CN 115396220 A CN115396220 A CN 115396220A CN 202211047622 A CN202211047622 A CN 202211047622A CN 115396220 A CN115396220 A CN 115396220A
Authority
CN
China
Prior art keywords
iris
module
matrix
ipe
block chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211047622.0A
Other languages
Chinese (zh)
Inventor
王强
江铭轩
王子豪
王琪
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Northeastern University China
Original Assignee
Northeastern University China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Northeastern University China filed Critical Northeastern University China
Priority to CN202211047622.0A priority Critical patent/CN115396220A/en
Publication of CN115396220A publication Critical patent/CN115396220A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The invention provides an iris privacy authentication system and method based on a block chain, and relates to the technical field of identity authentication. The system specifically comprises an identity identification module, an iris extraction module, an inner product encryption module, a key generation module and a verification module; the invention can enhance the safety of iris information storage on the basis of realizing iris identification under the condition of no encryption, avoids information leakage or stealing by utilizing the safety mechanism of the block chain and greatly improves the storage efficiency. Meanwhile, the matching efficiency is improved by the undeciphered iris feature matching algorithm.

Description

Iris privacy authentication system and method based on block chain
Technical Field
The invention relates to the technical field of identity authentication, in particular to an iris privacy authentication system and method based on a block chain.
Background
With the rapid development of modern social technologies and the change of life styles of people, the demand of high-precision identity authentication technology is steadily increasing in various industries. The identity authentication technology is a technology for confirming the identity of a user through specific data, and is one of the most important means for guaranteeing information security.
Existing identity authentication techniques can be divided into three categories according to the data required for authentication: one is authentication based on specific knowledge (e.g., passwords), one is authentication based on trusted items (e.g., identification cards, keys), and one is authentication based on biometric features (e.g., irises, fingerprints, voiceprints). The identity authentication technology based on the biological characteristics is more suitable for the future information security field compared with the traditional authentication technology because the biological characteristics have the advantages of stable characteristics, difficulty in counterfeiting, convenience in carrying and the like.
The biological characteristics applied to identity authentication are mainly physiological characteristics or behavior characteristics which are inherent to a person, have differences among individuals and can be kept stable and unchanged in mature individuals. The iris is located between the sclera and the pupil of the human eye and comprises a large number of abundant and highly recognizable texture features which tend to be stable after 10 months of birth and remain unchanged throughout life. Therefore, compared with other biological characteristics, the biological characteristic recognition based on the iris has extremely high recognition accuracy and is a technology with the lowest accepted error rate in the academic and industrial fields at present. In addition, as an externally visible characteristic, the iris does not need to be touched and sensed when identity authentication is carried out, the collection of a sample can be completed only by shooting, and the identification process is convenient and fast. Based on the advantages, the iris feature recognition is widely applied to the industries of finance, medical treatment, public safety and the like, and plays an important role in daily life of people.
However, with the rapid development of technologies such as cloud computing and cloud storage, people pay more and more attention to the protection of personal information, and the importance of secure transmission, secure use and secure storage of private data is self-evident.
For the moment, the calculation of hamming distance, a key part of iris recognition technology, is generally calculated by the following formula:
Figure BDA0003821716920000011
wherein code A and code B are iris features of two contrasts respectivelyThe eigenvectors, mask A and mask B, are the noise templates corresponding to the respective iris feature vectors (the noise vectors associated with the acquisition of the iris feature vectors are used to screen the irrelevant bits). Wherein, within the molecule
Figure BDA0003821716920000012
The result is the hamming distance. The result calculated by the formula is one in [0,1 ]]A positive number in the interval is closer to 0, which means that the similarity degree of the two iris samples is higher, and vice versa, which means that the similarity degree of the two iris samples is low. Obtaining a threshold value p epsilon (0, 1) through experiments, and judging that two iris images come from one iris when delta (A, B) is less than or equal to p; otherwise, when delta (A, B)>p, the two iris images originate from different irises. The final result of the system is to judge whether the iris meets the requirement according to whether the normalized Hamming distance delta is smaller than a threshold value.
In the process of authentication by using the iris identification technology, the authentication server needs to store a large number of iris feature templates of users in advance so as to be matched with the iris features of the visitor acquired during each authentication, the iris feature templates stored in the system are not encrypted, and once the system is attacked from the outside, the iris features of the users are easily revealed; meanwhile, the iris feature template is inherent, unique and difficult to forge, so that when the iris features are revealed, a user cannot reduce loss by changing the iris features of the user, and the consequence of revealing the iris feature template is more serious than that of the traditional authentication mode. At present, various attacking means are becoming more mature, it is very important to select an authentication method which protects the security of the user biometric template and simultaneously considers the identification accuracy to ensure the transmission security of the personal iris characteristic information.
The Hamming distance algorithm aiming at iris recognition in the current market needs to decrypt the encrypted iris information when iris feature matching is carried out, so that the accuracy and the efficiency of iris feature matching are reduced while the safety of transmission and storage of the Hamming distance information is greatly reduced.
Besides the fact that the personal biological information can be spread all around, besides the iris information of the user is leaked in the information transmission process, the personal biological information also has a certain relation with the mainstream internet of things architecture in the current market. The traditional internet of things is provided with a centralized data center for collecting information of all connected devices, but the traditional internet of things has serious defects in the aspects of cost, information safety and the like. The information security problem has not been solved well. For example, some smart homes are invaded to cause personal privacy leakage, government security departments may review data content stored in a central server in an unauthorized manner, operators may sell user privacy data to advertising companies for commercial benefit, and so on. In conclusion, the existing centralized internet of things architecture has the disadvantages of privacy disclosure, low security, high maintenance cost and the like.
Disclosure of Invention
Aiming at the defects of the prior art, the invention provides an iris privacy authentication system and method based on a block chain.
An iris privacy authentication system based on a block chain comprises an identity identification module, an iris extraction module, an inner product encryption module, a key generation module and a verification module;
the identity recognition module is used for performing identity recognition operation when a user registers or logs in through a client, and specifically comprises an NFC reading module and a card information acquisition module; the NFC reading module prompts a user to place an identity card for information reading, after the user places the identity card, the card information acquisition module sends an APDU request of an IsoDep protocol to the identity card, reads file content, acquires personal information in the card and displays the personal information on a server side, and prompts the user to perform the next operation;
the iris extraction module comprises a picture screening module and a picture sampling module, the picture sampling module shoots an iris picture of a user, the picture screening module receives the shot iris picture, and an iris feature matrix and an iris noise matrix are output through an iris algorithm library osiris to obtain an iris vector;
the inner product encryption module encrypts the iris vector to obtain an iris vector ciphertext; the key generation module executes an IPE.KeyGen algorithm to obtain a function key;
the verification module is used for judging the consistency of the user iris information and the user iris information stored in the world state of the block chain, so as to verify the login state of the user;
an iris privacy authentication method based on a block chain is realized based on the iris privacy authentication system based on the block chain, and specifically comprises the following steps:
step 1: the user checks personal information obtained according to NFC card swiping;
if the information is correct, entering the step 2 to carry out iris recognition; if the card is wrong, the NFC card swiping identification is carried out again;
step 2: the iris extraction module screens and samples the irises of the users;
step 2.1: when a user registers the system, the iris of the user is recognized for the first time, the iris is converted into an mxn picture after being recognized, wherein m is the width, n is the height, a feature extraction program is used, six composite 2D-Gabor filters are used, and after the picture obtained by shooting through a picture sampling module passes through a filter configured by the filters, a binarized mxn iris feature matrix code and an mxn iris noise matrix mask are output;
step 2.2: respectively equally dividing the iris characteristic matrix code and the iris noise matrix mask into 128 multiplied by 8 blocks, wherein the size of each block is
Figure BDA0003821716920000031
Taking out the same bit position of each block in the 128 multiplied by 8 blocks, combining the same bit position into a 128 multiplied by 8bit matrix, converting the 128 multiplied by 8bit matrix into a 1 multiplied by 1024bit form, and obtaining a 1024-dimensional iris feature vector code and a 1024-dimensional noise template vector mask;
step 2.3: ANDing the iris feature vector and the noise template vector
The method comprises the steps of (1) strengthening 1024-dimensional iris feature vector code into {1, -1} code, keeping 1024-dimensional noise template vector mask unchanged, and carrying out AND operation on the {1,0} binary code in a 1 x 1024 form bit by bit to obtain a 1024-dimensional ternary {1,0, -1} vector for carrying out inner product function encryption algorithm;
and 3, step 3: an undecrypted iris feature matching algorithm based on an inner product encryption scheme;
defining safety parameter lambda epsilon N, setting positive integer N as plaintext length to be encrypted, and setting S as positive integer field Z of modulus q q A polynomial-sized subset of (ii) is encrypted using an asymmetric bilinear group-constructed inner product function encryption scheme [/] ipe = (ipe. Setup, ipe. Keygen, ipe. Encrypt, ipe. Decrypt) as follows:
setup up (1) in which the inner product encrypts the initialization function ipe λ S) inputting a security parameter lambda and generating an asymmetric bilinear group (q, G) by means of an initialization algorithm 1 ,G 2 ,G T E) where q is a large prime number related to the safety parameter λ, G 1 ,G 2 Is a cyclic group of addition of order q, G T Is a multiplicative cyclic group of order q, e is a bilinear map e G 1 ×G 2 =G T While selecting the generator g 1 ∈G 1 、g 2 ∈G 2 An n × n matrix B is randomly generated and a companion matrix B for B is defined * =det(B)(B -1 ) T Det is the determinant of the matrix B, and finally the common parameter pp = (q, G) 1 ,G 2 S, e) and master key msk = (pp, g) 1 ,g 2 ,B,B * ) Wherein G1 and G2 are each G 1 、G 2 Pp is a public parameter;
inner product Key Generation Algorithm IPE.KeyGen (msk, x) input Master Key msk and vector
Figure BDA0003821716920000041
Figure BDA0003821716920000042
For an n-dimensional vector, each of which belongs to Zq, i.e. [0, q), the key generation algorithm selects a random element
Figure BDA0003821716920000043
Outputting a secret key:
Figure BDA0003821716920000044
K 1 、K 2 is a function key;
inner product encryption function IPE. Encrypt (msk, y) input master key msk and vector
Figure BDA0003821716920000045
Selection of a random element by an encryption algorithm
Figure BDA0003821716920000046
And (3) outputting a ciphertext:
Figure BDA0003821716920000047
C 1 、C 2 meaning the plaintext after function inner product encryption
Decryption function IPE, decrypt (pp, msk, ct), inputting public parameter pp, private key sk = (K) 1 ,K 2 ) And ciphertext ct = (C) 1 ,C 2 ) The decryption algorithm comprises the following steps:
D 1 =e(C 1 ,K 1 ) D 2 =e(C 2 ,K 2 )
D 1 、D 2 meaning the result of decrypting the ciphertext using the function key;
and 4, step 4: judging whether z belongs to S satisfaction (D) 1 ) z =D 2 If yes, outputting z by the decryption algorithm; otherwise, outputting an algorithm; this decryption algorithm is only valid when | S | = poly (λ) is established;
the method comprises the steps of inputting a security parameter lambda, outputting a public parameter pp and a master key msk through initialization operation IPE.SetUp, and handing output results to each client virtual machine for storage; the identity recognition module automatically enters a 'registration' operation when detecting that the identity recognition module is authenticated for the first time according to personal information acquired by NFC card swiping, and executes the step S1; if the authentication is not the first authentication, automatically entering a login operation, and executing the step D1;
step S1: encrypting the iris matrix obtained in the step 2 and transmitting the encrypted iris matrix to a client;
performing inner product encryption-based iris feature matching encryption on the iris feature matrix, calculating an IPE.
Step S2: the client uploads the encrypted ciphertext ct to the world state of the super account block chain in a key-value pair mode through an interface with the Hyperhedger Fabric super account, and meanwhile returns to a successful registration interface, and iris verification is completed through an iris authentication system;
step D1: encrypting the iris matrix obtained in the step 2 and transmitting the encrypted iris matrix to a client;
iris feature matching encryption based on inner product encryption is carried out on the iris feature matrix, an IPE.KeyGen function is calculated, a master key msk and an obtained iris feature matrix x are input, a key sk is output, and the key sk is transmitted to a client;
step D2: the client uploads the encrypted key sk to a node of the block chain of the super account book through an interface between the client and the super account book of the Hyperhedger Fabric;
and D3: the block chain calls an intelligent contract for verification;
the block chain takes a ciphertext ct taken out from the world state of the Hyperhedger Fabric hyper book and an introduced function key sk as input and uses an inner product encryption decryption IPE. Decryption algorithm deployed by an intelligent contract to compare whether the Hamming distance between the ciphertext ct and the function key sk is smaller than an initial limited threshold value; if the value is less than the threshold value, the verification is successful, and the iris verification is completed; if the value is larger than the threshold value, the verification fails, and the step D4 is skipped.
Step D4: returning a verification result;
and (3) selecting to re-identify the iris or re-NFC card swiping, re-identifying the iris, skipping to the step 2, and re-swiping the card, skipping to the step 1.
Adopt the produced beneficial effect of above-mentioned technical scheme to lie in:
compared with the prior art, the iris privacy authentication system and method based on the block chain can enhance the safety of iris information storage on the basis of realizing iris identification without encryption, avoid information leakage or stealing by using the safety mechanism of the block chain, and greatly improve the storage efficiency. Meanwhile, the matching efficiency is improved by the undeciphered iris feature matching algorithm. Has the following beneficial effects:
1. iris feature matching is completed under the condition of no decryption;
the invention completes the encryption of the inner product algorithm at the beginning of information collection, and simultaneously directly processes the ciphertext in the subsequent transmission process, thereby avoiding the leakage and the stealing of plaintext information, protecting the security of the user biological template and simultaneously ensuring the transmission security of the personal iris characteristic information by taking the authentication method of the identification accuracy into account.
2. Innovations are made for the calculation of the normalized Hamming distance;
the concept of normalizing hamming distance is proposed according to a calculation formula of hamming distance in general. Meanwhile, the calculation mode of the normalized Hamming distance is improved according to the characteristics of the iris, so that the method is more suitable for secondary processing of computer programming, and meanwhile, the iris distance can still be calculated in an encrypted state, and the information safety is greatly improved.
3. Tamper-proof
By creating unalterable and end-to-end encrypted records, the blockchain helps prevent fraud and unauthorized activity. Privacy issues may also be addressed by blocking chains setting anonymous personal data and usage rights to prevent access. Information is stored on a computer network rather than on a single server, which makes the data extremely difficult to leak.
4. High transparency
Without blockchains, each organization must maintain a separate database. Because blockchains use a distributed ledger, transactions and data are recorded identically at multiple locations. All network participants with access rights see the completely transparent and identical information at the same time. All transactions are immutable records and have time and date stamps. This allows the administrator to view the entire transaction history, virtually eliminating any chance of fraud.
5. Traceability
The blockchain creates an audit trail, recording the source of the asset at each step of its process. In the present platform, this helps to provide evidence. The traceability data can also expose any weakness in the supply chain, namely, an administrator can complete the weakness exposed in the implementation process of the platform in time, and good expandability is improved.
6. High efficiency automation
The conventional centralized database is time-consuming to use, prone to human error, and often requires third-party mediation. By simplifying these processes using blockchains, transactions can be completed faster and more efficiently. The document may be stored on the blockchain along with the transaction details without exchanging data. There is no need to reconcile multiple ledgers and thus clearing and settlement can be faster. At the same time, the transaction can even be automated through "smart contracts", thereby improving efficiency and further speeding up the process. Once the pre-specified conditions are met, the next step of the transaction or process will be automatically triggered. The intelligent contract reduces human intervention and reduces reliance on third parties to verify that the contract terms are satisfied.
Drawings
FIG. 1 is an overall flow chart of iris recognition in an embodiment of the present invention;
FIG. 2 is a flow chart of a registration function in an embodiment of the present invention;
FIG. 3 is a flowchart illustrating a login function according to an embodiment of the present invention.
Detailed Description
The following detailed description of embodiments of the present invention is provided in connection with the accompanying drawings and examples. The following examples are intended to illustrate the invention but are not intended to limit the scope of the invention.
An iris privacy authentication system based on a block chain comprises an identity identification module, an iris extraction module, an inner product encryption module, a key generation module and a verification module;
the identity recognition module is used for performing identity recognition operation when a user registers or logs in through a client, and specifically comprises an NFC reading module and a card information acquisition module; the NFC reading module prompts a user to place an identity card for information reading, after the user places the identity card, the card information acquisition module sends an APDU request of an IsoDep protocol to the identity card, reads file content, acquires personal information in the card and displays the personal information on a server side, and prompts the user to perform the next operation;
the iris extraction module comprises a picture screening module and a picture sampling module, and is used for calculating an iris vector code and a noise template mask. The system prompts the user to carry out iris acquisition work, and after the system acquires the iris of the user, the iris of the user can be analyzed in all directions. The picture screening operation outputs the shot m × n iris pictures as a binarized m × n iris-related feature matrix code and an m × n iris-related information (noise template) matrix mask through an osiris library. The iris sampling operation can convert the matrix into a one-dimensional vector, so that the subsequent encryption and decryption operation is facilitated. The image sampling module shoots an iris image of a user, the image screening module receives the shot iris image, and an iris feature matrix and an iris noise matrix are output through an iris algorithm library osiris to obtain an iris vector;
the inner product encryption module ensures the safety of user identity information in a safe and privacy-protecting mode, which is very important in the process of realizing privacy authentication by the system. When a user registers, the iris vector of a new user needs to be encrypted by IPE. At the moment, the recognizer executes the function of 'recording', and the system needs to pass the obtained iris vector through the inner product encryption module so as to obtain a corresponding ciphertext. Meanwhile, for safety, the ciphertext obtained by the iris vector obtained by the module through an encryption algorithm needs to be saved in the world state of the block chain. Encrypting the iris vector to obtain an iris vector ciphertext;
the key generation module corresponds to the inner product encryption module. When a user logs in, the recognizer executes a verification function, and the system needs to execute an IPE.KeyGen algorithm by combining an iris vector obtained by the iris extraction module and a master key to obtain a function secret key; the secret key is uploaded to a system, so that the subsequent verification of the login information is facilitated;
the verification module is used for judging the consistency of the user iris information and the user iris information stored in the world state of the block chain, so as to verify the login state of the user; the verification module firstly obtains a picture of the iris of the user through an iris recognition instrument, then converts the picture into a vector of 0,1 and 1, and calls IPE. The block chain connection module in the verification module takes out the ciphertext of the corresponding user from the world state, and in combination with the function key obtained by the key generation module, a decryption algorithm IPE. Decryption is used to obtain g1 and g2, wherein g2= g1^ k, and k is an inner product. And the Hamming distance calculation module calculates the Hamming distance between the scanned iris vector and the corresponding user vector in the block chain through inner product, and if the Hamming distance is smaller than a system set threshold, the verification is successful.
An iris privacy authentication method based on a block chain is realized based on the iris privacy authentication system based on the block chain, and as shown in fig. 1, the iris privacy authentication method specifically comprises the following steps:
step 1: the user checks the personal information obtained according to NFC card swiping;
if the information is correct, entering the step 2 to carry out iris recognition; if the card is wrong, the NFC card swiping identification is carried out again;
and 2, step: the iris extraction module screens and samples the irises of the users;
step 2.1: when a user registers a system, the iris of the user is recognized for the first time, the iris is converted into an mxn bmp-form picture after being recognized, wherein m is the width, n is the height, a feature extraction program is used, six composite 2D-Gabor filters are used, and after the picture obtained by shooting through a picture sampling module passes through a filter configured by the filters, a binarized mxn iris feature matrix code and an mxn iris noise matrix mask are output;
step 2.2: respectively combining the iris feature matrices code andthe iris noise matrix mask is divided equally into 128 x 8 blocks, each block having a size of
Figure BDA0003821716920000071
The width of the file in the form is multiple of 128, the height n is multiple of 8, the same bit position of each block in the 128 x 8 blocks is taken out and combined into a matrix of 128 x 8 bits, and the matrix of 128 x 8 bits is converted into a form of 1 x 1024 bits to obtain an iris feature vector code of 1024 dimensions and a noise template vector mask of 1024 dimensions;
step 2.3: ANDing the iris feature vector and the noise template vector
The method comprises the steps of (1) strengthening 1024-dimensional iris feature vector code into {1, -1} code, keeping 1024-dimensional noise template vector mask unchanged, and carrying out AND operation on the {1,0} binary code in a 1 x 1024 form bit by bit to obtain a 1024-dimensional ternary {1,0, -1} vector for carrying out inner product function encryption algorithm;
the standardized images of the iris and the noise are 512 x 128 pixels in size, and because six composite 2D-Gabor filters are used in the feature extraction program, six iris feature codes are output by the program for each input iris image, and the size of each binary image is 512 x 128 pixels; screening a binary characteristic image with the best coding effect in six iris characteristic codes, namely sampling a part of characteristic binary images with the most obvious characteristics, and carrying out dimensionality reduction sampling on the image and a noise standardized image to obtain a characteristic code and a noise template of 128 multiplied by 8 pixels; the image after dimensionality reduction sampling is used for encryption authentication of the next stage;
and step 3: an undecrypted iris feature matching algorithm based on an inner product encryption scheme;
the Inner Product Encryption algorithm scheme for Function Hiding (Sam Kim, kevin Lewis, avradip Mandal, hart Montgomery, arnab Roy, david J.Wu Function-high Inner Product Encryption is Practical) is briefly introduced as follows:
defining safety parameter lambda epsilon N, setting positive integer N as plaintext length to be encrypted, and setting S as positive integer field Z of modulus q q Using asymmetric bilinear groupsEncryption scheme pi for constructing inner product function ipe = (ipe. Setup, ipe. Keygen, ipe. Encrypt, ipe. Decrypt) as follows:
setup up (1) in which the inner product encrypts the initialization function ipe λ S) inputting a security parameter lambda and generating an asymmetric bilinear group (q, G) by means of an initialization algorithm 1 ,G 2 ,G T E) where q is a large prime number related to the safety parameter λ, G 1 ,G 2 Is a cyclic group of addition of order q, G T Is a multiplicative cyclic group of order q, e is a bilinear map e G 1 ×G 2 =G T While selecting the generator g 1 ∈G 1 、g 2 ∈G 2 An n × n matrix B is randomly generated and a companion matrix B for B is defined * =det(B)(B -1 ) T Det is the determinant of the matrix B, and finally the common parameter pp = (q, G) 1 ,G 2 S, e) and master key msk = (pp, g) 1 ,g 2 ,B,B * ) Wherein G1 and G2 are each G 1 、G 2 Pp is a common parameter;
inner product Key Generation Algorithm IPE.KeyGen (msk, x) input Master Key msk and vector
Figure BDA0003821716920000081
Figure BDA0003821716920000082
For an n-dimensional vector, each of which belongs to Zq, i.e. [0, q), the key generation algorithm selects a random element
Figure BDA0003821716920000083
Outputting a secret key:
Figure BDA0003821716920000084
it is noted that the second element in parentheses is a set of vectors. K 1 、K 2 Is a function key;
inner product encryption function IPE. Encrypt (msk, y) input master key msk and vector
Figure BDA0003821716920000091
Selection of a random element by an encryption algorithm
Figure BDA0003821716920000092
And (3) outputting a ciphertext:
Figure BDA0003821716920000093
C 1 、C 2 meaning the plaintext after function inner product encryption
Decryption function IPE, decrypt (pp, msk, ct) input public parameter pp, private key sk = (K) 1 ,K 2 ) And ciphertext ct = (C) 1 ,C 2 ) The decryption algorithm comprises the following steps:
D 1 =e(C 1 ,K 1 ) D 2 =e(C 2 ,K 2 )
D 1 、D 2 meaning the result of decrypting the ciphertext using the function key;
and 4, step 4: judging whether z belongs to S satisfaction (D) 1 ) z =D 2 If yes, the decryption algorithm outputs z; otherwise, outputting an algorithm; this decryption algorithm is only valid when | S | = poly (λ) is established;
the method comprises the steps of inputting a security parameter lambda, outputting a public parameter pp and a master key msk through initialization operation IPE.SetUp, and handing output results to each client virtual machine for storage; the identity recognition module automatically enters a registration operation when detecting that the personal information is acquired by NFC card swiping and is first authentication, and step S1 is executed, as shown in FIG. 2; if the authentication is not the first authentication, automatically entering a login operation, and executing a step D1, as shown in FIG. 3;
step S1: encrypting the iris matrix obtained in the step 2 and transmitting the encrypted iris matrix to a client;
iris feature matching encryption based on inner product encryption is carried out on the iris feature matrix, an IPE.
Step S2: the client uploads the encrypted ciphertext ct to the world state of the super account block chain in a key value pair mode through an interface with the Hyperhedger Fabric super account, and meanwhile returns to a successful registration interface, and iris verification is completed through an iris authentication system;
step D1: encrypting the iris matrix obtained in the step (2) and transmitting the encrypted iris matrix into a client;
iris feature matching encryption based on inner product encryption is carried out on the iris feature matrix, an IPE.KeyGen function is calculated, a master key msk and an obtained iris feature matrix x are input, a key sk is output, and the key sk is transmitted to a client;
step D2: the client uploads the encrypted key sk to a node of a block chain of the hyper-ledger Fabric through an interface between the key sk and the hyper-ledger Fabric hyper-ledger;
and D3: the block chain calls an intelligent contract for verification;
the block chain takes a ciphertext ct taken out from the world state of the Hyperhedger Fabric hyper book and an introduced function key sk as input and uses an inner product encryption decryption IPE-decryption algorithm deployed by an intelligent contract to compare whether the Hamming distance between the ciphertext ct and the function key sk is smaller than an initial limited threshold value; if the value is less than the threshold value, the verification is successful, and the iris verification is completed; if the value is larger than the threshold value, the verification fails, and the step D4 is skipped.
Step D4: returning a verification result;
and (3) selecting to re-identify the iris or re-NFC card swiping, re-identifying the iris, skipping to the step 2, and re-swiping the card, skipping to the step 1.
In the current research, regarding iris recognition, the algorithm δ regarding the iris error rate in iris comparison with noise template is shown as follows:
Figure BDA0003821716920000101
wherein code A and code B are iris feature vectors of two contrasts respectively, and mask A and mask B are correspondingObtaining noise vectors associated with the iris feature vectors for screening the irrelevant bits according to the noise templates of the respective iris feature vectors
Figure BDA0003821716920000102
The result is the hamming distance.
The final result of the current research is to determine whether the iris meets the requirement according to whether the iris error rate delta is smaller than a threshold value. Then the numerator and denominator need to be calculated separately during the comparison. Let iris feature vector code = code a ≦ code B, and noise template mask = mask a ≦ mask B.
However, if the algorithm is applied in the invention, according to the calculation sequence of the molecules in the algorithm, the operations of encrypting the noise template mask and the related IPE inner product cannot be completed in the recognizer, so that the data transmission amount is increased, and more importantly, for a client, the noise template mask corresponding to each iris feature vector code needs to be stored in a block chain every time the noise template mask is recorded; in each verification, the noise template mask corresponding to the verified iris feature vector code is transmitted to the block chain together for verification, but for the safety consideration, the invention needs to carry out authentication under the encryption condition, and if the iris feature vector code is exposed, the encryption is meaningless in the whole process.
Therefore, it is necessary to combine the practical effects to change the molecular decomposition in the formula of the iris error rate algorithm into the following form as much as possible:
Figure BDA0003821716920000103
for this reason, considering that the Hamming distance is mostly suitable for binary codes, the optimization of the inner product algorithm is generally considered in the calculation process, and for a binary code { -1, +1}, the vector
Figure BDA0003821716920000104
The relationship between the Hamming distance and the inner product thereof is:
Figure BDA0003821716920000105
the procedure was demonstrated as follows:
is provided with
Figure BDA0003821716920000106
Respectively an n-dimensional binary vector, hamming distance d.
Comparing bit by bit to obtain
The same number (n) same ) + different numbers (n) diff ) Total length (n).
Solving equations from inner products
Figure BDA0003821716920000111
When a is i =b i When (in total n) same One)
a i ·b i =1
When a is i ≠b i When (in total n) diff One)
a i ·b i =﹣1
The calculation of the general hamming distance can then be derived as follows:
Figure BDA0003821716920000112
is finished to obtain
Figure BDA0003821716920000113
In the present invention, the influence of the noise template on the iris feature vector needs to be considered, so that it is difficult to compromise only by using the binary code. Besides, it should be conceivable to perform and operation on the iris feature vector code and the noise template mask in advance to achieve the above-mentioned purpose of deformation decomposition. Therefore, in order to achieve the purpose of deformation decomposition, to adapt to the condition that verification can be carried out under the encryption condition and to reduce the calculation load of each entity, a solving formula for the Hamming distance of the {1,0, -1} vector is provided.
After the original iris feature vector is strengthened into a {1, -1} binary code, the sum of the original iris feature vector and the binary code only contains a {1,0} noise template to carry out AND operation.
After the AND operation is complete, a vector of three values {1,0, -1} is obtained. The proof process for hamming distance solution for this three-valued code with reference to the two-valued code above can be analogized as follows:
is provided with
Figure BDA0003821716920000114
Respectively, n-dimensional binary vectors, and the numerator of an iris error rate algorithm formula is d.
Solving equations by inner product
Figure BDA0003821716920000115
When a is i And b i When both are 1 or-1 (denoted as n) same )
a i ·b i =1
When a is i And b i Wherein 0 (denoted as n) ignore )
a i ·b i =0
When a is i And b i When 1 and-1 respectively (denoted as n) diff )
a i ·b i =﹣1
Then there are
n diff +n ignore +n same = n (total length)
So that there are
Figure BDA0003821716920000121
By substituting the above formula, can further derive
Figure BDA0003821716920000122
Is finished to obtain
Figure BDA0003821716920000123
The obtained formula for solving d can be suitable for solving the numerator in the iris error rate algorithm formula. The influence of the noise template is considered in advance, verification can be performed under the encryption condition, the encryption process is more reliable, the encryption safety is improved, and the whole process is clear, concise and efficient.
For the denominator | | mask a | mask B | | |, it is actually the calculation of the length of the valid comparison bit (i.e., the valid bit length of the noise template) during the comparison of the two iris feature vectors.
The derivation of the solution for this equation is as follows:
since mask A and mask B are both n-dimensional binary {1,0} vectors, set to
Figure BDA0003821716920000124
Then for
Figure BDA0003821716920000125
The AND operation of (1), bit-by-bit comparison, is derived as follows:
when a is i And b i When the sum is 1 (denoted as n) valid )
a i ·b i =1
When a is i And b i Wherein 0 (denoted as n) invalid )
a i ·b i =0
Therefore, it is easy to obtain:
Figure BDA0003821716920000126
to ensure consistency with the molecular calculations, the following formula is substituted:
n valid +n invalid =n
obtaining:
Figure BDA0003821716920000131
finishing to obtain:
||maskA∩maskB||=n-n invalid
in summary, the iris error rate algorithm formula can be organized as:
Figure BDA0003821716920000132
wherein n is ignore =n invalid . Because the iris feature vector code only contains {1, -1}, after the AND operation of the sum noise template mask, according to the AND operation rule, the number of 0 in the result, namely n ignore Is equal to the number of 0's contained in the mask of the noise template, and n invalid The meaning of the self-expression is the number of 0 contained in the noise template mask. So that they are equal.
The foregoing description is only exemplary of the preferred embodiments of the disclosure and is illustrative of the principles of the technology employed. It will be appreciated by those skilled in the art that the scope of the invention in the embodiments of the present disclosure is not limited to the specific combination of the above-mentioned features, but also encompasses other embodiments in which any combination of the above-mentioned features or their equivalents is made without departing from the inventive concept as defined above. For example, the above features and (but not limited to) the features with similar functions disclosed in the embodiments of the present disclosure are mutually replaced to form the technical solution.

Claims (8)

1. An iris privacy authentication system based on a block chain is characterized by comprising an identity identification module, an iris extraction module, an inner product encryption module, a key generation module and a verification module;
the identity recognition module is used for performing identity recognition operation when a user registers or logs in through a client, and specifically comprises an NFC reading module and a card information acquisition module; the NFC reading module prompts a user to place an identity card for information reading, after the user places the identity card, the card information acquisition module sends an APDU request of an IsoDep protocol to the identity card, reads file contents, acquires personal information in the card and displays the personal information on a server side, and prompts the user to perform the next operation;
the iris extraction module comprises a picture screening module and a picture sampling module, the picture sampling module shoots an iris picture of a user, the picture screening module receives the shot iris picture, and an iris feature matrix and an iris noise matrix are output through an iris algorithm library osiris to obtain an iris vector;
the inner product encryption module encrypts the iris vector to obtain an iris vector ciphertext; the key generation module executes an IPE.KeyGen algorithm to obtain a function key;
the checking module is used for judging the consistency of the user iris information and the user iris information stored in the world state of the block chain, so that the user login state is checked.
2. An iris privacy authentication method based on a block chain, based on the realization of claim 1, characterized by comprising the following steps:
step 1: the user checks the personal information obtained according to NFC card swiping;
if the information is correct, entering the step 2 to carry out iris recognition; if the card is wrong, the NFC card swiping identification is carried out again;
step 2: the iris extraction module screens and samples the irises of the users;
and step 3: an undecrypted iris feature matching algorithm based on an inner product encryption scheme;
and 4, step 4: judging whether z belongs to S satisfaction (D) 1 ) z =D 2 And if so, decryptingOutputting z by an algorithm; otherwise, outputting an algorithm; this decryption algorithm is only valid when | S | = poly (λ) is established; the method comprises the steps of inputting a security parameter lambda, outputting a public parameter pp and a master key msk through initialization operation IPE.SetUp, and handing output results to each client virtual machine for storage; the identity recognition module automatically enters a 'registration' operation when detecting that the identity recognition module is authenticated for the first time according to personal information acquired by NFC card swiping, and executes the step S1; if the authentication is not the first authentication, the operation of 'login' is automatically entered, and the step D1 is executed.
3. The iris privacy authentication method based on the block chain as claimed in claim 2, wherein the step 2 specifically comprises the following steps:
step 2.1: when a user registers the system, the iris of the user is recognized for the first time, the iris is converted into an mxn picture after being recognized, wherein m is the width, n is the height, a feature extraction program is used, six composite 2D-Gabor filters are used, and after the picture obtained by shooting through a picture sampling module passes through a filter configured by the filters, a binarized mxn iris feature matrix code and an mxn iris noise matrix mask are output;
step 2.2: respectively dividing the iris characteristic matrix code and the iris noise matrix mask into 128 x 8 blocks, wherein the size of each block is
Figure FDA0003821716910000021
Taking out the same bit position of each block in the 128 multiplied by 8 blocks, combining the same bit position into a 128 multiplied by 8bit matrix, converting the 128 multiplied by 8bit matrix into a 1 multiplied by 1024bit form, and obtaining a 1024-dimensional iris feature vector code and a 1024-dimensional noise template vector mask;
step 2.3: ANDing the iris feature vector and the noise template vector
The 1024-dimensional iris feature vector code is strengthened into a {1, -1} code, the 1024-dimensional noise template vector mask is unchanged and is still a 1,0} binary code in a 1 x 1024 form, and the two codes are subjected to 'AND' operation bit by bit to obtain a 1024-dimensional ternary {1,0, -1} vector for performing an inner product function encryption algorithm.
4. The iris privacy authentication method based on the block chain as claimed in claim 2, wherein the step 3 is specifically as follows:
defining safety parameter lambda epsilon N, setting positive integer N as plaintext length to be encrypted, and setting S as positive integer field Z of modulus q q A polynomial-sized subset of (ii) is encrypted using an asymmetric bilinear group-constructed inner product function encryption scheme [/] ipe = (ipe. Setup, ipe. Keygen, ipe. Encrypt, ipe. Decrypt) as follows:
setup up (1) in which the inner product encrypts the initialization function ipe λ S) inputting a security parameter lambda, generating an asymmetric bilinear group (q, G) by means of an initialization algorithm 1 ,G 2 ,G T E) where q is a large prime number, G, related to the safety parameter lambda 1 ,G 2 Is a cyclic group of addition of order q, G T Is a multiplication loop group of order q, e is a bilinear map e: G 1 ×G 2 =G T While selecting the generator g 1 ∈G 1 、g 2 ∈G 2 An n x n matrix B is randomly generated and a companion matrix for B is defined
Figure FDA0003821716910000029
det is determinant of matrix B, and finally common parameter pp = (q, G) 1 ,G 2 S, e) and master key msk = (pp, g) 1 ,g 2 ,B,B * ) Wherein G1 and G2 are each G 1 、G 2 Pp is a common parameter;
inner product key generation algorithm ipe. Keygen (msk, x): input master key msk and vector
Figure FDA0003821716910000022
Figure FDA0003821716910000023
For an n-dimensional vector, each of which belongs to Zq, i.e. [0, q), the key generation algorithm selects a random element
Figure FDA0003821716910000024
Outputting a secret key:
Figure FDA0003821716910000025
K 1 、K 2 is a function key;
inner product encryption function IPE. Encrypt (msk, y) input master key msk and vector
Figure FDA0003821716910000026
Selection of a random element by an encryption algorithm
Figure FDA0003821716910000027
And (3) outputting a ciphertext:
Figure FDA0003821716910000028
C 1 、C 2 the meaning is the plaintext after function inner product encryption;
decryption function IPE, decrypt (pp, msk, ct), inputting public parameter pp, private key sk = (K) 1 ,K 2 ) And ciphertext ct = (C) 1 ,C 2 ) The decryption algorithm comprises the following steps:
D 1 =e(C 1 ,K 1 )D 2 =e(C 2 ,K 2 )
D 1 、D 2 meaning the result of decrypting the ciphertext using the function key.
5. The iris privacy authentication method based on the block chain as claimed in claim 2, wherein the step 4 of registering comprises the following steps:
step S1: encrypting the iris matrix obtained in the step 2 and transmitting the encrypted iris matrix to a client;
step S2: and the client uploads the encrypted ciphertext ct to the world state of the block chain of the hyper-ledger Fabric through an interface with the hyper-ledger Fabric hyper-ledger in a key-value pair mode, and returns to a successful registration interface at the same time, so that the iris verification is completed through the iris authentication system.
6. The iris privacy authentication method based on the block chain as claimed in claim 5, wherein the step S1 is specifically as follows: and performing inner product encryption-based iris feature matching encryption on the iris feature matrix, calculating an IPE.
7. The iris privacy authentication method based on the block chain as claimed in claim 2, wherein the step 4 of logging in comprises the following steps:
step D1: encrypting the iris matrix obtained in the step (2) and transmitting the encrypted iris matrix into a client;
performing iris feature matching encryption based on inner product encryption on the iris feature matrix, calculating an IPE.KeyGen function, inputting a master key msk and an acquired iris feature matrix x, outputting a key sk, and transmitting the key sk to a client;
step D2: the client uploads the encrypted key sk to a node of the block chain of the super account book through an interface between the client and the super account book of the Hyperhedger Fabric;
and D3: the block chain calls an intelligent contract for verification;
step D4: returning a verification result;
and (3) selecting to re-identify the iris or re-NFC card swiping, re-identifying the iris, skipping to the step 2, and re-swiping the card, skipping to the step 1.
8. The iris privacy authentication method based on the block chain as claimed in claim 7, wherein the step D3 is specifically as follows: the block chain takes a ciphertext ct taken out from the world state of the Hyperhedger Fabric hyper book and an introduced function key sk as input and uses an inner product encryption decryption IPE. Decryption algorithm deployed by an intelligent contract to compare whether the Hamming distance between the ciphertext ct and the function key sk is smaller than an initial limited threshold value; if the value is less than the threshold value, the verification is successful, and the iris verification is completed; if the value is larger than the threshold value, the verification fails, and the step D4 is skipped.
CN202211047622.0A 2022-08-30 2022-08-30 Iris privacy authentication system and method based on block chain Pending CN115396220A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211047622.0A CN115396220A (en) 2022-08-30 2022-08-30 Iris privacy authentication system and method based on block chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211047622.0A CN115396220A (en) 2022-08-30 2022-08-30 Iris privacy authentication system and method based on block chain

Publications (1)

Publication Number Publication Date
CN115396220A true CN115396220A (en) 2022-11-25

Family

ID=84125051

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211047622.0A Pending CN115396220A (en) 2022-08-30 2022-08-30 Iris privacy authentication system and method based on block chain

Country Status (1)

Country Link
CN (1) CN115396220A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109100048A (en) * 2018-09-06 2018-12-28 广州小童学教育科技有限公司 A method of the non-contact infrared body temperature detection based on NFC
CN112348527A (en) * 2020-11-17 2021-02-09 上海桂垚信息科技有限公司 Identity authentication method in bank transaction system based on voice recognition
CN112926092A (en) * 2021-03-30 2021-06-08 支付宝(杭州)信息技术有限公司 Privacy-protecting identity information storage and identity authentication method and device
US20210211290A1 (en) * 2020-01-08 2021-07-08 Tata Consultancy Services Limited Method and system for biometric verification
CN113591747A (en) * 2021-08-06 2021-11-02 合肥工业大学 Multi-scene iris recognition method based on deep learning

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109100048A (en) * 2018-09-06 2018-12-28 广州小童学教育科技有限公司 A method of the non-contact infrared body temperature detection based on NFC
US20210211290A1 (en) * 2020-01-08 2021-07-08 Tata Consultancy Services Limited Method and system for biometric verification
CN112348527A (en) * 2020-11-17 2021-02-09 上海桂垚信息科技有限公司 Identity authentication method in bank transaction system based on voice recognition
CN112926092A (en) * 2021-03-30 2021-06-08 支付宝(杭州)信息技术有限公司 Privacy-protecting identity information storage and identity authentication method and device
CN113591747A (en) * 2021-08-06 2021-11-02 合肥工业大学 Multi-scene iris recognition method based on deep learning

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
SAM KIM,KEVIN LEWI,AVRADIP MANDAL,HART MONTGOMERY,ARNAB ROY,DAVID J. WU: "Function-Hiding Inner Product Encryption is Practical", pages 1 - 34, Retrieved from the Internet <URL:https://klewi.com/> *

Similar Documents

Publication Publication Date Title
US20220052852A1 (en) Secure biometric authentication using electronic identity
US10484178B2 (en) Systems and methods for providing a universal decentralized solution for verification of users with cross-verification features
US10341123B2 (en) User identification management system and method
Mohsin et al. Real-time medical systems based on human biometric steganography: A systematic review
US20180343120A1 (en) Systems and methods for providing a universal decentralized solution for verification of users with cross-verification features
US6311272B1 (en) Biometric system and techniques suitable therefor
US7522751B2 (en) System and method for protecting the privacy and security of stored biometric data
Aydar et al. Private key encryption and recovery in blockchain
WO2010070787A1 (en) Biometric authentication system and method therefor
El-Hameed et al. Cancelable biometric security system based on advanced chaotic maps
Ali et al. A secure and efficient multi-factor authentication algorithm for mobile money applications
Bernal-Romero et al. A review on protection and cancelable techniques in biometric systems
Kaur et al. Template and database security in Biometrics systems: A challenging task
WO2019209291A1 (en) Systems and methods for providing a universal decentralized solution for verification of users with cross-verification features
CN114844652A (en) Cloud authentication service system based on block chain and big data mining method
US20240022404A1 (en) Non-hackable digital identity
CN110535630B (en) Key generation method, device and storage medium
Sharma et al. A survey on biometric cryptosystems and their applications
Aanjanadevi et al. Face Attribute Convolutional Neural Network System for Data Security with Improved Crypto Biometrics.
Selimović et al. Authentication based on the image encryption using delaunay triangulation and catalan objects
EP1877887B1 (en) A system and method for protecting the privacy and security of stored biometric data
US20220277102A1 (en) Process using one-way hashing function for secure collection, presentation and storage of PII
Cimato et al. Privacy in biometrics
CN115396220A (en) Iris privacy authentication system and method based on block chain
Ameh et al. Securing cardless automated teller machine transactions using bimodal authentication system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination