CN117058719A - Secure fingerprint identification method, system, equipment and storage medium - Google Patents

Secure fingerprint identification method, system, equipment and storage medium Download PDF

Info

Publication number
CN117058719A
CN117058719A CN202310819314.3A CN202310819314A CN117058719A CN 117058719 A CN117058719 A CN 117058719A CN 202310819314 A CN202310819314 A CN 202310819314A CN 117058719 A CN117058719 A CN 117058719A
Authority
CN
China
Prior art keywords
user
fingerprint
database
ciphertext
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310819314.3A
Other languages
Chinese (zh)
Inventor
姚锋
张忠山
王涛
沈大勇
陈英武
吕济民
何磊
陈宇宁
陈盈果
刘晓路
杜永浩
闫俊刚
王沛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
National University of Defense Technology
Original Assignee
National University of Defense Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National University of Defense Technology filed Critical National University of Defense Technology
Priority to CN202310819314.3A priority Critical patent/CN117058719A/en
Publication of CN117058719A publication Critical patent/CN117058719A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/12Fingerprints or palmprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06VIMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
    • G06V40/00Recognition of biometric, human-related or animal-related patterns in image or video data
    • G06V40/10Human or animal bodies, e.g. vehicle occupants or pedestrians; Body parts, e.g. hands
    • G06V40/12Fingerprints or palmprints
    • G06V40/1347Preprocessing; Feature extraction

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Multimedia (AREA)
  • Human Computer Interaction (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Vision & Pattern Recognition (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The application discloses a safe fingerprint identification method, a system, equipment and a storage medium, which comprise the steps of carrying out key matching according to an encryption index user unique identifier to obtain a user public key corresponding to an encryption index user private key, decrypting encryption index user fingerprint data ciphertext according to the encryption index user public key to obtain user fingerprint data plaintext, carrying out key matching according to an encryption index to generate a corresponding symmetric key, decrypting fingerprint feature ciphertext of an encryption index database according to the encryption index symmetric key to obtain fingerprint feature plaintext of the encryption index database, comparing the encryption index user fingerprint data plaintext with the fingerprint feature plaintext of the encryption index database to obtain a fingerprint identification result, and decrypting data only when the fingerprint feature data is compared, so that the risk of information leakage in the use process of fingerprint identification is reduced, and the safety of private data is improved.

Description

Secure fingerprint identification method, system, equipment and storage medium
Technical Field
The present application relates to the field of fingerprint identification technologies, and in particular, to a method, a system, an apparatus, and a storage medium for secure fingerprint identification.
Background
With the vigorous development of information security technology and the rapid update of security concepts, the application of human body biological recognition technology in the fields of information security and identity authentication is in the process of growing, and the human body biological recognition technology is more and more highly valued by governments around the world. In the international passing technical standards of information security level, human body biometric authentication has been determined as an identity authentication technology adopted by a high-level information security system. It is generally considered that the human body biological feature recognition is gradually replacing the traditional identity authentication technology, and the representative fingerprint recognition technology as the tip of the human body biological recognition technology plays an increasingly unique role with high accuracy and high unique reliability.
The fingerprint is taken as individual characteristics of human beings, belongs to individual privacy data, is closely related to personal rights and interests, and can cause great loss to the information security of the individuals if the fingerprint information is revealed, so that how to prevent information disclosure in the use process of fingerprint identification and protect the individual fingerprint privacy information is a technical problem to be solved in identity authentication.
Disclosure of Invention
The present application aims to at least solve the technical problems existing in the prior art. Therefore, the application provides a safe fingerprint identification method, a system, equipment and a storage medium, which can prevent information leakage in the fingerprint identification use process and improve the security of private data.
The first aspect of the present application provides a secure fingerprint identification method for comparing servers, comprising the steps of:
receiving a user unique identifier and a user fingerprint data ciphertext from an authentication server, wherein the user unique identifier is generated when the authentication server receives terminal registration information, and the user fingerprint data ciphertext is obtained by encrypting user fingerprint data by a pre-stored user private key;
performing key matching according to the unique user identifier to obtain a user public key corresponding to the user private key;
decrypting the user fingerprint data ciphertext according to the user public key to obtain user fingerprint data plaintext;
receiving an encryption index and a fingerprint characteristic ciphertext of the database from the database according to the unique user identifier;
performing key matching according to the encryption index to generate a corresponding symmetric key;
decrypting the fingerprint characteristic ciphertext of the database according to the symmetric key to obtain a fingerprint characteristic plaintext of the database;
and comparing the user fingerprint data plaintext with the fingerprint feature plaintext of the database to obtain a fingerprint identification result.
The control method according to the embodiment of the application has at least the following beneficial effects:
according to the method, key matching is carried out according to the unique identification of the encryption index user, a user public key corresponding to the private key of the encryption index user is obtained, the fingerprint data ciphertext of the encryption index user is decrypted according to the encryption index user public key, a user fingerprint data plaintext is obtained, key matching is carried out according to the encryption index, a corresponding symmetric key is generated, the fingerprint feature ciphertext of the encryption index database is decrypted according to the encryption index symmetric key, the fingerprint feature plaintext of the encryption index database is obtained, the fingerprint identification result is obtained by comparing the fingerprint data plaintext of the encryption index user with the fingerprint feature plaintext of the encryption index database, and the risk of information leakage in the fingerprint identification using process is reduced by only decrypting the data when the fingerprint feature data is compared, so that the security of the private data is improved.
According to some embodiments of the application, after comparing the user fingerprint data plaintext with the fingerprint feature plaintext of the database to obtain a fingerprint identification result, the method further includes:
and sending the fingerprint identification result to the authentication server so that the authentication server sends the fingerprint identification result to the terminal according to the unique user identifier.
According to some embodiments of the application, before receiving the fingerprint signature ciphertext of the database from the database according to the user unique identification, the method comprises:
receiving the unique user identifier and a user registration fingerprint data ciphertext from the authentication server, wherein the user registration fingerprint data ciphertext is obtained by encrypting user registration fingerprint data by a pre-stored user private key;
performing key matching according to the unique user identifier to obtain a user public key corresponding to the user private key;
decrypting the user registration fingerprint data ciphertext according to the user public key to obtain a user registration fingerprint data plaintext, and extracting user fingerprint characteristic data from the user registration fingerprint data plaintext;
performing characteristic data symmetric encryption on the user fingerprint characteristic data through a KMS according to the encryption index to obtain fingerprint characteristic ciphertext of a database;
and sending the encryption index, the user unique identifier and the fingerprint characteristic ciphertext of the database to the database so that the database stores the encryption index, the user unique identifier and the fingerprint characteristic ciphertext of the database.
According to some embodiments of the application, the terminal obtains the user fingerprint data ciphertext by:
receiving a user private key sent by the comparison server;
collecting a user fingerprint image, and extracting the user fingerprint data from the user fingerprint image;
and encrypting the user fingerprint data by adopting the user private key to obtain the user fingerprint data ciphertext.
According to some embodiments of the application, the database obtains the fingerprint feature ciphertext and the encryption index of the database by:
receiving the unique user identification sent by the authentication server;
and carrying out data matching according to the unique user identifier to obtain the fingerprint characteristic ciphertext and the encryption index of the database.
According to some embodiments of the application, the performing key matching according to the encryption index to obtain a corresponding symmetric key includes:
and performing key matching according to the encryption index, and generating a corresponding symmetric key through the KMS.
According to some embodiments of the application, before the performing the key matching according to the unique user identifier to obtain the public user key corresponding to the private user key, the method further includes:
and generating the user private key and a user public key corresponding to the user private key through an asymmetric encryption algorithm.
In a second aspect of the present application, there is provided a secure fingerprint identification system for comparing servers, the secure fingerprint identification system comprising:
the data acquisition module is used for receiving a user unique identifier and a user fingerprint data ciphertext from an authentication server, wherein the user unique identifier is generated when the authentication server receives terminal registration information, and the user fingerprint data ciphertext is obtained by encrypting user fingerprint data by a pre-stored user private key;
the key matching module is used for carrying out key matching according to the unique user identifier to obtain a user public key corresponding to the user private key;
the user data decryption module is used for decrypting the user fingerprint data ciphertext according to the user public key to obtain user fingerprint data plaintext;
the encryption index and ciphertext acquisition module is used for receiving the encryption index and fingerprint characteristic ciphertext of the database from the database according to the unique user identifier;
the symmetric key matching module is used for carrying out key matching according to the encryption index to generate a corresponding symmetric key;
the database ciphertext decrypting module is used for decrypting the fingerprint characteristic ciphertext of the database according to the symmetric key to obtain the fingerprint characteristic plaintext of the database;
and the fingerprint identification module is used for comparing the user fingerprint data plaintext with the fingerprint feature plaintext of the database to obtain a fingerprint identification result.
According to the system, key matching is carried out according to the unique identification of the encryption index user, a user public key corresponding to the private key of the encryption index user is obtained, the fingerprint data ciphertext of the encryption index user is decrypted according to the public key of the encryption index user, a user fingerprint data plaintext is obtained, key matching is carried out according to the encryption index, a corresponding symmetric key is generated, the fingerprint feature ciphertext of the encryption index database is decrypted according to the symmetric key of the encryption index, the fingerprint feature plaintext of the encryption index database is obtained, the fingerprint identification result is obtained by comparing the fingerprint data plaintext of the encryption index user with the fingerprint feature plaintext of the encryption index database, and the risk of information leakage in the fingerprint identification using process is reduced by only decrypting the data when the fingerprint feature data is compared, so that the security of the private data is improved.
In a third aspect of the application, a secure fingerprint identification electronic device is provided comprising at least one control processor and a memory for communication connection with the at least one control processor; the memory stores instructions executable by the at least one control processor to enable the at least one control processor to perform the secure fingerprinting method described above.
In a fourth aspect of the present application, there is provided a computer-readable storage medium storing computer-executable instructions for causing a computer to perform the above-described secure fingerprint identification method.
It should be noted that the advantages of the second to fourth aspects of the present application and the prior art are the same as those of the above-described security fingerprint identification system and the prior art, and will not be described in detail here.
Additional aspects and advantages of the application will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the application.
Drawings
The foregoing and/or additional aspects and advantages of the application will become apparent and may be better understood from the following description of embodiments taken in conjunction with the accompanying drawings in which:
FIG. 1 is a flow chart of a security fingerprint identification method according to an embodiment of the present application;
fig. 2 is a schematic structural diagram of a security fingerprint recognition system according to an embodiment of the present application.
Detailed Description
Embodiments of the present application are described in detail below, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to like or similar elements or elements having like or similar functions throughout. The embodiments described below by referring to the drawings are illustrative only and are not to be construed as limiting the application.
In the description of the present application, the description of first, second, etc. is for the purpose of distinguishing between technical features only and should not be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated or implicitly indicating the precedence of the technical features indicated.
In the description of the present application, it should be understood that the direction or positional relationship indicated with respect to the description of the orientation, such as up, down, etc., is based on the direction or positional relationship shown in the drawings, is merely for convenience of describing the present application and simplifying the description, and does not indicate or imply that the apparatus or element referred to must have a specific orientation, be constructed and operated in a specific orientation, and thus should not be construed as limiting the present application.
In the description of the present application, unless explicitly defined otherwise, terms such as arrangement, installation, connection, etc. should be construed broadly and the specific meaning of the terms in the present application can be determined reasonably by a person skilled in the art in combination with the specific content of the technical solution.
With the vigorous development of information security technology and the rapid update of security concepts, the application of human body biological recognition technology in the fields of information security and identity authentication is in the process of growing, and the human body biological recognition technology is more and more highly valued by governments around the world. In the international passing technical standards of information security level, human body biometric authentication has been determined as an identity authentication technology adopted by a high-level information security system. It is generally considered that the human body biological feature recognition is gradually replacing the traditional identity authentication technology, and the representative fingerprint recognition technology as the tip of the human body biological recognition technology plays an increasingly unique role with high accuracy and high unique reliability.
The fingerprint is taken as individual characteristics of human beings, belongs to individual privacy data, is closely related to personal rights and interests, and can cause great loss to the information security of the individuals if the fingerprint information is revealed, so that how to prevent information disclosure in the use process of fingerprint identification and protect the individual fingerprint privacy information is a technical problem to be solved in identity authentication.
In order to solve the above technical drawbacks, referring to fig. 1, the present application provides a secure fingerprint identification method for comparing servers, including:
step S101, receiving a user unique identifier and a user fingerprint data ciphertext from an authentication server, wherein the user unique identifier is generated when the authentication server receives terminal registration information, and the user fingerprint data ciphertext is obtained by encrypting user fingerprint data by a pre-stored user private key;
step S102, carrying out key matching according to the unique user identifier to obtain a user public key corresponding to the user private key;
step S103, decrypting the ciphertext of the user fingerprint data according to the public key of the user to obtain the plaintext of the user fingerprint data;
step S104, receiving the encryption index and the fingerprint characteristic ciphertext of the database from the database according to the unique user identifier;
step 105, performing key matching according to the encryption index to generate a corresponding symmetric key;
s106, decrypting the fingerprint feature ciphertext of the database according to the symmetric key to obtain a fingerprint feature plaintext of the database;
and S107, comparing the user fingerprint data plaintext with the fingerprint feature plaintext of the database to obtain a fingerprint identification result.
According to the method, key matching is carried out according to the unique identification of the encryption index user, a user public key corresponding to the private key of the encryption index user is obtained, the fingerprint data ciphertext of the encryption index user is decrypted according to the encryption index user public key, a user fingerprint data plaintext is obtained, key matching is carried out according to the encryption index, a corresponding symmetric key is generated, the fingerprint feature ciphertext of the encryption index database is decrypted according to the encryption index symmetric key, the fingerprint feature plaintext of the encryption index database is obtained, the fingerprint identification result is obtained by comparing the fingerprint data plaintext of the encryption index user with the fingerprint feature plaintext of the encryption index database, and the risk of information leakage in the fingerprint identification using process is reduced by only decrypting the data when the fingerprint feature data is compared, so that the security of the private data is improved.
In some embodiments, after comparing the user fingerprint data plaintext with the fingerprint feature plaintext of the database to obtain the fingerprint identification result, the method further includes:
and sending the fingerprint identification result to the authentication server so that the authentication server sends the fingerprint identification result to the terminal according to the unique user identification.
In some embodiments, prior to receiving the fingerprint signature ciphertext of the database from the database based on the user unique identification, the method comprises:
receiving a user unique identifier and a user registration fingerprint data ciphertext from an authentication server, wherein the user registration fingerprint data ciphertext is obtained by encrypting user registration fingerprint data by a pre-stored user private key;
performing key matching according to the unique user identifier to obtain a user public key corresponding to the user private key;
decrypting the user registration fingerprint data ciphertext according to the user public key to obtain the user registration fingerprint data plaintext, and extracting user fingerprint characteristic data from the user registration fingerprint data plaintext;
performing characteristic data symmetric encryption on the user fingerprint characteristic data through the KMS according to the encryption index to obtain fingerprint characteristic ciphertext of the database;
and sending the encryption index, the unique user identifier and the fingerprint characteristic ciphertext of the database to the database so that the database stores the encryption index, the unique user identifier and the fingerprint characteristic ciphertext of the database.
In some embodiments, the terminal obtains the user fingerprint data ciphertext by:
receiving a user private key sent by a comparison server;
collecting a user fingerprint image, and extracting user fingerprint data from the user fingerprint image;
and encrypting the user fingerprint data by adopting the user private key to obtain a user fingerprint data ciphertext.
In some embodiments, the database obtains the fingerprint feature ciphertext and the encryption index of the database by:
receiving a user unique identifier sent by an authentication server;
and carrying out data matching according to the unique user identifier to obtain the fingerprint characteristic ciphertext and the encryption index of the database.
In some embodiments, performing key matching according to the encryption index to obtain a corresponding symmetric key includes:
and performing key matching according to the encryption index, and generating a corresponding symmetric key through the KMS.
In some embodiments, before performing key matching according to the unique user identifier to obtain the public user key corresponding to the private user key, the method further includes:
and generating a user private key and a user public key corresponding to the user private key through an asymmetric encryption algorithm.
In addition, referring to fig. 2, an embodiment of the present application provides a secure fingerprint identification system for comparing servers, which includes a data acquisition module 1100, a key matching module 1200, a user data decryption module 1300, an encryption index and ciphertext acquisition module 1400, a symmetric key matching module 1500, a database ciphertext decryption module 1600, and a fingerprint identification module 1700, wherein:
the data acquisition module 1100 is configured to receive a user unique identifier and a user fingerprint data ciphertext from an authentication server, where the user unique identifier is generated when the authentication server receives terminal registration information, and the user fingerprint data ciphertext is obtained by encrypting user fingerprint data with a pre-stored user private key;
the key matching module 1200 is configured to perform key matching according to the unique identifier of the user, so as to obtain a public key of the user corresponding to the private key of the user;
the user data decryption module 1300 is configured to decrypt the ciphertext of the user fingerprint data according to the user public key to obtain the plaintext of the user fingerprint data;
the encryption index and ciphertext obtaining module 1400 is configured to receive the encryption index and the fingerprint feature ciphertext of the database from the database according to the unique user identifier;
the symmetric key matching module 1500 is configured to perform key matching according to the encryption index, and generate a corresponding symmetric key;
the database ciphertext decrypting module 1600 is configured to decrypt the fingerprint feature ciphertext of the database according to the symmetric key to obtain a fingerprint feature plaintext of the database;
the fingerprint identification module 1700 is used for comparing the user fingerprint data plaintext with the fingerprint feature plaintext of the database to obtain a fingerprint identification result.
According to the system, key matching is carried out according to the unique identification of the encryption index user, a user public key corresponding to the private key of the encryption index user is obtained, the fingerprint data ciphertext of the encryption index user is decrypted according to the public key of the encryption index user, a user fingerprint data plaintext is obtained, key matching is carried out according to the encryption index, a corresponding symmetric key is generated, the fingerprint feature ciphertext of the encryption index database is decrypted according to the symmetric key of the encryption index, the fingerprint feature plaintext of the encryption index database is obtained, the fingerprint identification result is obtained by comparing the fingerprint data plaintext of the encryption index user with the fingerprint feature plaintext of the encryption index database, and the risk of information leakage in the fingerprint identification using process is reduced by only decrypting the data when the fingerprint feature data is compared, so that the security of the private data is improved.
It should be noted that, the system embodiment and the above-mentioned system embodiment are based on the same inventive concept, so that the relevant content of the above-mentioned method embodiment is also applicable to the system embodiment, and is not repeated here.
The application also provides a secure fingerprint identification electronic device, comprising: memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing when executing the computer program: such as the secure fingerprint identification method described above.
The processor and the memory may be connected by a bus or other means.
The memory, as a non-transitory computer readable storage medium, may be used to store non-transitory software programs as well as non-transitory computer executable programs. In addition, the memory may include high-speed random access memory, and may also include non-transitory memory, such as at least one magnetic disk storage device, flash memory device, or other non-transitory solid state storage device. In some embodiments, the memory optionally includes memory remotely located relative to the processor, the remote memory being connectable to the processor through a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The non-transitory software program and instructions required to implement the secure fingerprint identification method of the above-described embodiment are stored in the memory, and when executed by the processor, the secure fingerprint identification method in the above-described embodiment is performed, for example, the method steps S101 to S107 in fig. 1 described above are performed.
The present application also provides a computer-readable storage medium storing computer-executable instructions for performing: such as the secure fingerprint identification method described above.
The computer-readable storage medium stores computer-executable instructions that are executed by a processor or controller, for example, by a processor in the above-described electronic device embodiment, which may cause the processor to perform the secure fingerprint identification method in the above-described embodiment, for example, to perform the method steps S101 to S107 in fig. 1 described above.
Those of ordinary skill in the art will appreciate that all or some of the steps, systems, and methods disclosed above may be implemented as software, firmware, hardware, and suitable combinations thereof. Some or all of the physical components may be implemented as software executed by a processor, such as a central processing unit, digital signal processor, or microprocessor, or as hardware, or as an integrated circuit, such as an application specific integrated circuit. Such software may be distributed on computer readable media, which may include computer storage media (or non-transitory media) and communication media (or transitory media). The term computer storage media includes both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program elements or other data, as known to those skilled in the art. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital Versatile Disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by a computer. Furthermore, as is well known to those of ordinary skill in the art, communication media typically embodies computer readable instructions, data structures, program elements or other data in a modulated data signal such as a carrier wave or other transport mechanism and may include any information delivery media.
The embodiments of the present application have been described in detail with reference to the accompanying drawings, but the present application is not limited to the above embodiments, and various changes can be made within the knowledge of one of ordinary skill in the art without departing from the spirit of the present application.

Claims (10)

1. A secure fingerprint identification method for a comparison server, the secure fingerprint identification method comprising:
receiving a user unique identifier and a user fingerprint data ciphertext from an authentication server, wherein the user unique identifier is generated when the authentication server receives terminal registration information, and the user fingerprint data ciphertext is obtained by encrypting user fingerprint data by a pre-stored user private key;
performing key matching according to the unique user identifier to obtain a user public key corresponding to the user private key;
decrypting the user fingerprint data ciphertext according to the user public key to obtain user fingerprint data plaintext;
receiving an encryption index and a fingerprint characteristic ciphertext of the database from the database according to the unique user identifier;
performing key matching according to the encryption index to generate a corresponding symmetric key;
decrypting the fingerprint characteristic ciphertext of the database according to the symmetric key to obtain a fingerprint characteristic plaintext of the database;
and comparing the user fingerprint data plaintext with the fingerprint feature plaintext of the database to obtain a fingerprint identification result.
2. The method according to claim 1, wherein after comparing the user fingerprint data plaintext with the fingerprint feature plaintext of the database to obtain a fingerprint identification result, further comprising:
and sending the fingerprint identification result to the authentication server so that the authentication server sends the fingerprint identification result to the terminal according to the unique user identifier.
3. A method of secure fingerprinting as defined in claim 1, comprising, prior to receiving a database of fingerprint signature ciphertexts from a database based on the user unique identification:
receiving the unique user identifier and a user registration fingerprint data ciphertext from the authentication server, wherein the user registration fingerprint data ciphertext is obtained by encrypting user registration fingerprint data by a pre-stored user private key;
performing key matching according to the unique user identifier to obtain a user public key corresponding to the user private key;
decrypting the user registration fingerprint data ciphertext according to the user public key to obtain a user registration fingerprint data plaintext, and extracting user fingerprint characteristic data from the user registration fingerprint data plaintext;
performing characteristic data symmetric encryption on the user fingerprint characteristic data through a KMS according to the encryption index to obtain fingerprint characteristic ciphertext of a database;
and sending the encryption index, the user unique identifier and the fingerprint characteristic ciphertext of the database to the database so that the database stores the encryption index, the user unique identifier and the fingerprint characteristic ciphertext of the database.
4. The method for identifying the secure fingerprint according to claim 1, wherein the terminal obtains the user fingerprint data ciphertext by:
receiving a user private key sent by the comparison server;
collecting a user fingerprint image, and extracting the user fingerprint data from the user fingerprint image;
and encrypting the user fingerprint data by adopting the user private key to obtain the user fingerprint data ciphertext.
5. The method for identifying the secure fingerprint according to claim 1, wherein the database obtains the fingerprint feature ciphertext and the encryption index of the database by:
receiving the unique user identification sent by the authentication server;
and carrying out data matching according to the unique user identifier to obtain the fingerprint characteristic ciphertext and the encryption index of the database.
6. The method for secure fingerprint identification according to claim 1, wherein said performing key matching according to the encryption index to obtain a corresponding symmetric key comprises:
and performing key matching according to the encryption index, and generating a corresponding symmetric key through the KMS.
7. The method for secure fingerprint identification according to claim 1, further comprising, before said performing key matching according to said user unique identifier to obtain a user public key corresponding to said user private key:
and generating the user private key and a user public key corresponding to the user private key through an asymmetric encryption algorithm.
8. A secure fingerprint identification system for use with an alignment server, the secure fingerprint identification system comprising:
the data acquisition module is used for receiving a user unique identifier and a user fingerprint data ciphertext from an authentication server, wherein the user unique identifier is generated when the authentication server receives terminal registration information, and the user fingerprint data ciphertext is obtained by encrypting user fingerprint data by a pre-stored user private key;
the key matching module is used for carrying out key matching according to the unique user identifier to obtain a user public key corresponding to the user private key;
the user data decryption module is used for decrypting the user fingerprint data ciphertext according to the user public key to obtain user fingerprint data plaintext;
the encryption index and ciphertext acquisition module is used for receiving the encryption index and fingerprint characteristic ciphertext of the database from the database according to the unique user identifier;
the symmetric key matching module is used for carrying out key matching according to the encryption index to generate a corresponding symmetric key;
the database ciphertext decrypting module is used for decrypting the fingerprint characteristic ciphertext of the database according to the symmetric key to obtain the fingerprint characteristic plaintext of the database;
and the fingerprint identification module is used for comparing the user fingerprint data plaintext with the fingerprint feature plaintext of the database to obtain a fingerprint identification result.
9. A secure fingerprint identification device comprising at least one control processor and a memory for communication connection with said at least one control processor; the memory stores instructions executable by the at least one control processor to enable the at least one control processor to perform a secure fingerprinting method as claimed in any one of claims 1 to 7.
10. A computer-readable storage medium, characterized by: the computer-readable storage medium stores computer-executable instructions for causing a computer to perform a secure fingerprint identification method according to any one of claims 1 to 7.
CN202310819314.3A 2023-07-05 2023-07-05 Secure fingerprint identification method, system, equipment and storage medium Pending CN117058719A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310819314.3A CN117058719A (en) 2023-07-05 2023-07-05 Secure fingerprint identification method, system, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310819314.3A CN117058719A (en) 2023-07-05 2023-07-05 Secure fingerprint identification method, system, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117058719A true CN117058719A (en) 2023-11-14

Family

ID=88654287

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310819314.3A Pending CN117058719A (en) 2023-07-05 2023-07-05 Secure fingerprint identification method, system, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117058719A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105207776A (en) * 2014-06-18 2015-12-30 中标软件有限公司 Fingerprint authentication method and system
CN110392029A (en) * 2018-04-20 2019-10-29 武汉真元生物数据有限公司 Identity identifying method and system based on biological identification
CN113378136A (en) * 2021-06-08 2021-09-10 罗克佳华(重庆)科技有限公司 Fingerprint identification method and device, password key and storage medium

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105207776A (en) * 2014-06-18 2015-12-30 中标软件有限公司 Fingerprint authentication method and system
CN110392029A (en) * 2018-04-20 2019-10-29 武汉真元生物数据有限公司 Identity identifying method and system based on biological identification
CN113378136A (en) * 2021-06-08 2021-09-10 罗克佳华(重庆)科技有限公司 Fingerprint identification method and device, password key and storage medium

Similar Documents

Publication Publication Date Title
US20220312208A1 (en) Access method and system of internet of things equipment based on 5g, and storage medium
CN108173871B (en) Wireless network access authentication system and method based on radio frequency fingerprint and biological fingerprint
US20090158033A1 (en) Method and apparatus for performing secure communication using one time password
WO2017012175A1 (en) Identity authentication method, identity authentication system, terminal and server
CN101958892A (en) Electronic data protection method, device and system based on face recognition
CN109145628B (en) Data acquisition method and system based on trusted execution environment
CN105099690A (en) OTP and user behavior-based certification and authorization method in mobile cloud computing environment
CN107733636B (en) Authentication method and authentication system
CN106789024B (en) A kind of remote de-locking method, device and system
CN103067390A (en) User registration authentication method and system based on facial features
CN112565265B (en) Authentication method, authentication system and communication method between terminal devices of Internet of things
CN113114668A (en) Information transmission method, mobile terminal, storage medium and electronic equipment
US9954853B2 (en) Network security
CN104767616A (en) Message processing method, system and related device
US20150328119A1 (en) Method of treating hair
Griffin Telebiometric authentication objects
CN106792669A (en) Information of mobile terminal encryption method and device based on Hybrid Encryption algorithm
CN114996727A (en) Biological feature privacy encryption method and system based on palm print and palm vein recognition
CN108989331B (en) Use authentication method of data storage device, device and storage medium thereof
CN116709325B (en) Mobile equipment security authentication method based on high-speed encryption algorithm
CN117692185A (en) Electronic seal using method and device, electronic equipment and storage medium
CN110807210B (en) Information processing method, platform, system and computer storage medium
KR101745482B1 (en) Communication method and apparatus in smart-home system
JP2004013560A (en) Authentication system, communication terminal, and server
KR100422198B1 (en) Public Key Infrastructure using biometrics and digital watermark

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination