DE102014010546A1 - Identification procedure - FingerIdent - Google Patents

Identification procedure - FingerIdent Download PDF

Info

Publication number
DE102014010546A1
DE102014010546A1 DE102014010546.6A DE102014010546A DE102014010546A1 DE 102014010546 A1 DE102014010546 A1 DE 102014010546A1 DE 102014010546 A DE102014010546 A DE 102014010546A DE 102014010546 A1 DE102014010546 A1 DE 102014010546A1
Authority
DE
Germany
Prior art keywords
hash
personal
identification
procedure
password
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
DE102014010546.6A
Other languages
German (de)
Inventor
Michael Lammerhirt
Pierre Tempel
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Pointmagic GmbH
Original Assignee
Pointmagic GmbH
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pointmagic GmbH filed Critical Pointmagic GmbH
Priority to DE102014010546.6A priority Critical patent/DE102014010546A1/en
Publication of DE102014010546A1 publication Critical patent/DE102014010546A1/en
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

1. Bezeichnung Verfahren zur Indentifikation von Personen (im Internet) anhand deren Fingerabdruck und derer persönlicher Daten. 2. Kurzfassung 2.1 Technisches Problem Die Identifikation einer Person im Internet wird bisher mittels seitens des Anbieters gespeicherten Personendaten und einem zugehörigen Hash eines Passworts abgewickelt. Für die Verifikation einer Person anhand seiner Personalien wie Personalausweis oder Reisepass wird bisher das PostIdent, BankIdent, OnlineIdent oder ein vergleichbares Verfahren verwendet. Aus diesen beiden Identifikationsverfahren ergeben sich mehrere sicherheitsbedenkliche Probleme, da bei jeder Anmeldung oder Verifikation personenbezogene Daten an mehrere Anbieter und Mittelsmänner übertragen und dort gespeichert werden. Ebenso führt der Verlust des Passwortes meist zum Verlust des Kontos beim Anbieter. 2 Lösung des Problems Um die bisher existenten Sicherheitsrisiken zu minimieren, wird das herkömmliche Passwort bei diesem Verfahren durch einen Fingerabdruck des Nutzers ersetzt. Dazu führt der Nutzer mit einem erworbenen und geeigneten Fingerabdruckscanner einen initialen Scan durch. Dieser Scan wird sofort in einen SHA256 Hash verrechnet. Mit diesem Hash und seinen Personal-Dokumenten führt der Nutzer ein gängiges Ident-Verfahren durch (PostIdent oder BankIdent). Während die Personalien im Ident-Verfahren geprüft werden, werden diese ebenfalls in einen SHA 256 Hash verrechnet. Anschließend wird ein 512 Bit langer Zahlenwert aus dem Fingerabdruck-Hash und dem Personalien-Hash gebildet. Dieser wird dann ebenfalls wieder in einen SHA256 Hash verrechnet und bildet somit den kombinierten Identifikations-Hash (ID-Hash). Bei erfolgreichem Ident-Verfahren werden der ID-Hash und der Personalien-Hash an eine Sicherheitsfirma übertragen und gespeichert.1. Identification Procedure for the identification of persons (on the internet) based on their fingerprints and their personal data. 2. Summary 2.1 Technical problem Identification of a person on the Internet has hitherto been handled by means of personal data stored by the provider and an associated hash of a password. For the verification of a person on the basis of his personal details such as identity card or passport the PostIdent, BankIdent, OnlineIdent or a similar procedure is used. From these two identification procedures, there are several security-related problems, since at each login or verification personal data is transmitted to several providers and middlemen and stored there. Likewise, the loss of the password usually leads to the loss of the account with the provider. 2 Solution to the problem In order to minimize the existing security risks, the traditional password in this procedure is replaced by a fingerprint of the user. To do this, the user performs an initial scan with an acquired and suitable fingerprint scanner. This scan is immediately billed into a SHA256 hash. With this hash and his personal documents the user carries out a common identification procedure (PostIdent or BankIdent). While the personal details are checked in the Ident method, they are also billed in a SHA 256 hash. Subsequently, a 512-bit number is formed from the fingerprint hash and the personal hash. This is then also offset back into a SHA256 hash and thus forms the combined identification hash (ID hash). If the Ident method is successful, the ID hash and the personal hash are transmitted to a security company and stored.

Description

Es ist bekannt, dass eine sichere Kommunikation auf Basis eindeutiger Identitäten benötigt wird. Hierzu existieren bereits verschiedene Identifikationsverfahren, wie z. B. das Post-Ident-Verfahren. In immer größerem Maße wird versucht, zum einen eine eindeutige Identifizierung zu ermöglichen und zum anderen die hochsensiblen Daten zu schützen und eigene Daten vor Zugriffen anderer zu schützen.It is known that secure communication based on unique identities is needed. For this purpose, there are already various identification methods, such. B. the post-identification procedure. Increasingly, an attempt is being made to enable unambiguous identification on the one hand, and to protect highly sensitive data on the other, and to protect one's own data from access by others.

Der im Patentanspruch angegebenen Erfindung liegt das Problem zu Grunde, dass die herkömmlichen Verfahren nebeneinander existierten und die Daten mit den einzelnen Identifikationmethoden verknüpft und auch entsprechend gemeinsam hinterlegt waren/sind. Hierdurch entsteht eine Sicherheitslücke.The invention specified in the claim is based on the problem that the conventional methods existed side by side and the data associated with the individual identification methods and also deposited accordingly are / are. This creates a security hole.

Dieses Problem wird durch die im Patenanspruch aufgeführten Merkmale gelöst.This problem is solved by the features listed in the patent claim.

Die mit der Erfindung erzielten Vorteile bestehen darin, dass zwei unabhängige Identifikationsverfahren zunächst getrennt voneinander in anonyme Werte umgerechnet werden und dann aus diesen Werten in einem weiteren Schritt eine nochmalige Umrechnung erfolgt. Der sich dann ergebende Hash-Wert liegt über jedem bekannten Sicherheitsstandard und ist einmalig. Er ergibt sich direkt aus der Identifikation der jeweiligen Person, jedoch aus zwei getrennten Verfahren und kann somit nicht reproduziert oder zurückgerechnet werden.The advantages achieved by the invention are that two independent identification methods are first converted separately into anonymous values and then from these values in a further step a further conversion takes place. The resulting hash value is above any known security standard and is unique. It results directly from the identification of the respective person, but from two separate procedures and thus can not be reproduced or back-calculated.

Claims (1)

Identifizierungsverfahren, um Datenzugänge zu schützen, dadurch gekennzeichnet, dass der Fingerabdruck und die persönlichen Daten unabhängig voneinander als SHA 256 Hash-Wert softwaretechnisch erfasst und dann anschließend zusammengefügt und in einen separaten SHA 256 Hash-Wert verrechnet werden.Identification method to protect data accesses, characterized in that the fingerprint and the personal data are independently detected by software as SHA 256 hash value and then subsequently merged and billed into a separate SHA 256 hash value.
DE102014010546.6A 2014-07-18 2014-07-18 Identification procedure - FingerIdent Ceased DE102014010546A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
DE102014010546.6A DE102014010546A1 (en) 2014-07-18 2014-07-18 Identification procedure - FingerIdent

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
DE102014010546.6A DE102014010546A1 (en) 2014-07-18 2014-07-18 Identification procedure - FingerIdent

Publications (1)

Publication Number Publication Date
DE102014010546A1 true DE102014010546A1 (en) 2016-01-21

Family

ID=55021411

Family Applications (1)

Application Number Title Priority Date Filing Date
DE102014010546.6A Ceased DE102014010546A1 (en) 2014-07-18 2014-07-18 Identification procedure - FingerIdent

Country Status (1)

Country Link
DE (1) DE102014010546A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102022107567A1 (en) 2022-03-30 2023-10-05 Zumtobel Lighting Gmbh Individually adjustable lighting system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120030743A1 (en) * 2009-04-09 2012-02-02 Fujitsu Limited Fingerprint authentication server, client computer and fingerprint authentication method

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120030743A1 (en) * 2009-04-09 2012-02-02 Fujitsu Limited Fingerprint authentication server, client computer and fingerprint authentication method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
DAS, A. K.: Cryptanalysis and further Improvement of a Biometric-Based Remote User Authentication Scheme Using Smart Cards, International Journal of Network Security & Its Applications (IJNSA), Vol.3, No.2, March 2011, DOI : 10.5121/ijnsa.2011.3202, URL: http://arxiv.org/ftp/arxiv/papers/1103/1103.3159.pdf [abgerufen im Internet am 10.04.2015] *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
DE102022107567A1 (en) 2022-03-30 2023-10-05 Zumtobel Lighting Gmbh Individually adjustable lighting system

Similar Documents

Publication Publication Date Title
DE112012000185T5 (en) Apparatus and method for identity authentication
DE102011089580B3 (en) Method for reading e.g. attribute stored in passport, for electronic-commerce application, involves examining whether attribute of security assertion markup language response fulfills criterion as premiss for contribution of service
DE102013108713B4 (en) Method for evaluating a document
CN105447364B (en) The method, apparatus and system that remote biometric identification logs in
DE112016006077T5 (en) SYSTEMS AND METHOD FOR PROVIDING A BLOCK CHAIN-BASED MULTIFACTOR IDENTITY TESTING OF PERSONS
US20150143483A1 (en) Device and Method for Identity Authentication Management
CN105337739B (en) Safe login method, device, server and terminal
CN104240348B (en) Admittance identity authentication method based on image identification
CN104240347B (en) Admission identity authorization system based on image recognition
CN104486306B (en) Identity authentication method is carried out based on finger hand vein recognition and cloud service
DE102011107586A1 (en) Method for operating a network device
CN105260629A (en) Identity authentication apparatus for preventing taking examination for others
Robertson et al. Consolidation, wider reflection, and policy: Response to ‘Super‐recognisers: From the lab to the world and back again’
DE102014010546A1 (en) Identification procedure - FingerIdent
DE102017001879A1 (en) Method for verifying the identity of a user
Barabanov et al. Russian it security certification scheme: Steps toward common criteria approach
CN106790114A (en) A kind of code entry method with prompt facility
DE102005030305A1 (en) Service e.g. online banking, authentification method for computer, involves reading digital identification data, verifying if permissible link of identification data exists with identification, and supplying data if link exists
EP3510515B1 (en) Data glasses for cryptographically signing image data
DE102015225792B3 (en) A method and system for secure communication between a mobile device coupled to a smartphone and a server
Zia-ur-Rehman et al. Examination of the impression management of transformational leadership in public sector and governance
DE102016117482A1 (en) SAFE AND SAFE SAFETY SYSTEM
DE102005061999A1 (en) Data transmitting method, involves inputting data to be transmitted to data processing device e.g. computer, using input mask that is decrypted by optical filter and transmitting data to data processing device e.g. server
EP3283999A1 (en) Electronic system for producing a certificate
DE102012204821A1 (en) Providing identity attributes of a user

Legal Events

Date Code Title Description
R086 Non-binding declaration of licensing interest
R012 Request for examination validly filed
R002 Refusal decision in examination/registration proceedings
R003 Refusal decision now final