KR101750292B1 - Portable finger vein reader and biometric authentication method thereof - Google Patents

Portable finger vein reader and biometric authentication method thereof Download PDF

Info

Publication number
KR101750292B1
KR101750292B1 KR1020150108052A KR20150108052A KR101750292B1 KR 101750292 B1 KR101750292 B1 KR 101750292B1 KR 1020150108052 A KR1020150108052 A KR 1020150108052A KR 20150108052 A KR20150108052 A KR 20150108052A KR 101750292 B1 KR101750292 B1 KR 101750292B1
Authority
KR
South Korea
Prior art keywords
authentication
feature vector
portable
finger vein
reader
Prior art date
Application number
KR1020150108052A
Other languages
Korean (ko)
Other versions
KR20170014522A (en
Inventor
고하준
Original Assignee
고하준
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 고하준 filed Critical 고하준
Priority to KR1020150108052A priority Critical patent/KR101750292B1/en
Publication of KR20170014522A publication Critical patent/KR20170014522A/en
Application granted granted Critical
Publication of KR101750292B1 publication Critical patent/KR101750292B1/en

Links

Images

Classifications

    • G06K9/32
    • G06K9/00885
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/401Transaction verification
    • G06Q20/4014Identity check for transactions
    • G06Q20/40145Biometric identity checks
    • G06K2009/00932

Abstract

The present invention relates to a portable fingerprint reader and a biometric authentication method using the device.
According to the present invention, the authentication server 300 transmits data of a pair of (authentication session ID, communication encryption key) to the portable MFP reader 100 as a user device and stores the data in the memory 140 of the portable MFP reader ID, communication encryption key, secret hash key) pair data. In the database 310 of the authentication server 300, a first feature vector set corresponding to the finger vein body object is stored in advance.
The portable finger vein reader acquires the finger vein image data and transmits the hashed second feature vector set extracted from the finger vein image data to the authentication mediating device by short range wireless communication. The biometric image data and the second feature vector set are deleted from the memory. The authentication intermediary device transmits a second feature vector set to the authentication server, and the authentication server compares the first feature vector set and the second feature vector set to perform authentication.

Description

[0001] Description [0002] PORTABLE FINGER VEIN READER AND BIOMETRIC AUTHENTICATION METHOD THEREOF [0003]

The present invention relates to a biometric authentication technique. And more particularly to the application of security authentication using fingerprint authentication technology.

Credit cards are widely used in online or offline electronic commerce. In financial settlements such as account transfers, OPT and security cards are used. Financial settlement using media is vulnerable to loss of media. There have been many studies and attempts to improve these problems. As a representative example, a method of using an authentication technique for biometric information and biometric information has been known.

It is a key point of bio-information technology that biometric information unique to each person can be acquired, and it can easily perform security authentication by fully recognizing the biometric information. Biometric information is unique to humans and can not be separated, so it can not be lost. Such biometric information can include face, voice, and signature, but fingerprints, finger veins, and irregularities are mainly studied. In view of the development of technology, the installation and configuration of the equipment, and the ease of recognition, it is preferable to use the finger of a user.

In the case of fingerprint recognition, there is a problem that the front of the fingerprint can be forged. In addition, frequent authentication errors were pointed out, such as when moisture or foreign matter is present on the finger or when the finger skin is damaged or deformed. The recognition rate of fingerprint recognition is known to be about 5%. For example, five out of 100 fingerprints can not be recognized.

On the other hand, the irregularity recognition technology has pointed out the error problem by distance and angle. In addition, there was a problem that the subject failed authentication when wearing a color contact lens or undergoing LASIK or LASIK surgery. Especially, the time required for authentication was long.

Fingerprint authentication technology is superior to biometrics technology in that it provides superior biometric information in all aspects, such as inferiority composition, false acceptance rate, false rejection rate, failure to enroll rate, It was announced. The finger vein authentication technique is a technique of recognizing a vein pattern by transmitting a near infrared ray to a finger. Because it authenticates the inside of a vein, it can not be tampered with and can utilize a finger pattern of a dead person.

Korean Patent Laid-Open No. 10-2010-0049407 proposes a finger vein authentication method and apparatus using an average curvature. Korean Patent No. 1496852 discloses a finger vein authentication method in which a vein pattern is recognized by analyzing a level set curvature And a finger vein authentication system for distinguishing the finger vein authentication system.

This fingerprint authentication technology combines a hardware device technology for obtaining a finger vein image using a CCD camera and a software technique for filtering a finger vein image using a pattern processing program or extracting vein patterns . The fingerprint authentication technology is certainly more accurate and stable than other biometric information. However, when a biometric information reader acquires biometric information, if the biometric data is maliciously hacked or stolen, it causes a catastrophic situation. Therefore, security issues that prevent malicious access and hacking of biometric information databases are significant.

Furthermore, a malicious shop owner can anticipate an accident in which a biometric information reader is unauthorizedly converted to acquire biometric data of a customer. Until these fatal problems are completely resolved, authentication using biometric information is not universally available. The greater the advantages of fingerprint authentication, the more threatening the security issue.

The inventor of the present invention has studied for a long time to solve such a problem, and after the careful completion, the present invention has been completed.

It is an object of the present invention to propose a new authentication method that can completely prevent the risk of hacking or theft of a server or a device when authenticating a fingerprint authentication device.

It is another object of the present invention to provide a user-oriented portable device that supports such a novel fingerprint authentication method.

Yet another object of the present invention is to provide a methodology for effectively authenticating biometric information even if the fingerprint information is not stored on the server side.

On the other hand, other unspecified purposes of the present invention will be further considered within the scope of the following detailed description and easily deduced from the effects thereof.

In order to accomplish the above object, a first aspect of the present invention is a portable personal finger vein image scanning apparatus equipped with a battery,

A scanner receiving unit;

An image acquiring device that acquires finger vein image data of a biological object through the scanner receiver;

A memory in which an encryption key database is built in advance and stores biometric program codes;

A short range communication module for wirelessly communicating with an external authentication device; And

Controlling the operation of recognizing the finger vein image data obtained from the image acquiring device by executing the biometric program code and confidentializing the finger vein image data of the recognized biometric object stored in the cryptographic key database And generating a feature vector set of the finger vein image data, and controlling the feature vector set to be wirelessly transmitted to the external authentication apparatus.

Further, in the finger vein image scanning apparatus according to the preferred embodiment of the present invention, when the predetermined time has elapsed from generation of the finger vein image data or generation of the feature vector set, You can control to delete feature vector sets from memory.

Further, in the finger vein image scanning apparatus according to the preferred embodiment of the present invention, the cryptographic key database stores one or more (authentication session ID, communication encryption key, secret) pairs, And the communication encryption key may be used to encrypt a random number received from the external authentication device.

Further, in the finger vein image scanning apparatus according to any one of the preferred embodiments of the present invention, the image acquiring apparatus may include a light source for irradiating the scanner receiving unit with light, and a CCD camera for photographing the biological object located in the scanner receiving unit can do.

A second aspect of the present invention is a biometrics authentication method using a portable finger vein reader,

(a) storing in advance in the database an authentication server having a first hash hash function set having N elements (N is an integer greater than 1) corresponding to a biological object;

(b) acquiring finger vein image data corresponding to the bio-object by an image acquisition device of a portable finger vein reader;

(c) a control unit of the portable FGM reader transmits a hash-shaped second feature vector set having P (P is an integer larger than 1) extracted from the finger vein image data to the authentication intermediary device by short-range wireless communication (The finger vein image data and the second feature vector set are deleted from the memory of the portable FEC MAC reader);

(d) the authentication intermediary device sending the second set of feature vectors to the authentication server; And

(e) the authentication server compares the first feature vector set and the second feature vector set to perform authentication.

Further, in the biometrics authentication method using a portable MFP reader according to a preferred embodiment of the present invention, before executing the step (a), the authentication server transmits authentication authentication information to the portable dedicated MFP reader (authentication session ID, Pair data to store the data of the pair (authentication session ID, communication encryption key, secret hash key) in the memory of the portable digital rights management (MAC) reader.

In addition, in the biometrics authentication method using the portable finger vein reader according to the preferred embodiment of the present invention, between steps (c) and (d)

The portable finger vein reader transmits a hardware ID to the authentication mediator in short-range wireless communication, and the authentication mediator transmits the hardware idea to the authentication server; And

Further comprising the step of the authentication server transmitting (random number, authentication session ID) to the authentication intermediary device and the authentication intermediary device transmitting (random number, authentication session ID) to the portable finger vein reader in short range wireless communication ≪ / RTI &

The authentication server authenticates the portable FEC direct reader by receiving and decrypting a random number encrypted by a communication encryption key stored in advance in the portable FEC accessor via the authentication mediating device.

In the biometrics authentication method using a portable MFP reader according to a preferred embodiment of the present invention, when the portable MFP reader transmits the random number to the authentication server via the authentication mediator, (Random number, second feature vector) encrypted with a key to the authentication server via the authentication intermediary device.

Further, in the biometrics authentication method using the portable finger vein reader according to any one of the preferred embodiments of the present invention, the authentication in the step (e) includes comparing the set of the first feature vector with the set of the second feature vector, When the number of vector elements is equal to or greater than a predetermined reference number, the authentication success is determined.

In the biometrics authentication method using a portable MFP reader according to a preferred embodiment of the present invention, in the step (c), the finger vein image data and the second feature vector set are deleted from the memory of the portable MFP reader The generation of the finger vein image data or the generation of the second feature vector set is set to be deleted after a predetermined reference time has elapsed.

According to the present invention, there is an advantage that authentication can be performed more securely from malicious third party's attacks. Particularly, the present invention proposes a new concept of a portable scanning apparatus. In the finger vein authentication method of the present invention, even if a user loses a device or a third party maliciously hacks, even if the authentication server loses or hacks DB information, It is possible to prevent intrinsic use of inherent biometric information.

Also, according to the present invention, since it provides a perfect and secure authentication method, it has a remarkable effect that it can be utilized in all commercial or administrative procedures requiring authentication of a personal authentication.

On the other hand, even if the effects are not explicitly mentioned here, the effect described in the following specification, which is expected by the technical features of the present invention, and its potential effects are treated as described in the specification of the present invention.

1 shows a system configuration diagram according to an embodiment of the present invention.
FIG. 2 shows an example of the configuration of the table 3100 built in the authentication server database 310 according to an embodiment of the present invention.
3 shows an example of a configuration of a table 1400 built in a cryptographic key database built in a memory of a portable MFP reader 100 according to an embodiment of the present invention.
FIG. 4 shows an example of an electronic configuration of a portable digital rights management (MAC) controller 100 according to an embodiment of the present invention.
5 is a diagram showing a concept of a feature vector set of a biometric image in any embodiment of the present invention.
6 is a view schematically showing an overall process of a biometric authentication method according to a preferred embodiment of the present invention.
7 is a diagram conceptually illustrating a scenario using the method of the present invention.
* The accompanying drawings illustrate examples of the present invention in order to facilitate understanding of the technical idea of the present invention, and thus the scope of the present invention is not limited thereto.

In the following description of the present invention, a detailed description of known functions and configurations incorporated herein will be omitted when it may obscure the subject matter of the present invention.

1 shows a system configuration according to an embodiment of the present invention. In the present invention, the user device is a portable finger vein reader 100. In other words, the spirit of the present invention is premised on that the user carries the portable finger vein reader 100. In addition, the system according to the present embodiment includes an authentication mediator 200 that performs short-range wireless communication with the mobile FEC's 100, and an authentication server 300 connected to the authentication mediator 200 in a wired or wireless manner .

The fingerprint information of the user is stored in the database 310 of the authentication server 300 in advance. It should be noted that the biometric database 310 does not have actual finger vein biometric information. What is stored in advance in the biometric database 310 is biometric information necessary for biometric authentication, and will be described in detail below.

The biometric database may include a customer ID, a hardware unique ID for the portable digital rights management processor 100, an authentication session ID, and encryption key information. In particular, in the present invention, the feature vector set of the finger vein image is stored using the hash function in the biometric database 310. This hashized feature vector set is called a first feature vector set.

Fig. 2 shows an example of the configuration of the table 3100 of the biometric database 310 that is built in advance in the authentication server 300. Fig. A customer ID set 3101, a user device hardware ID set 3102, an authentication session ID set 3103, a communication encryption key set 3104 and a hashed first feature vector set 3105 Lt; / RTI > The dual customer ID and hardware ID can be used to identify the customer and the user device, respectively. The authentication session ID and the communication encryption key may be used to determine whether the authentication procedure with the user device is legitimate. The first feature vector set may also be used to determine whether authentication is successful or unsuccessful.

In order to perform finger vein authentication using the authentication session ID 3103, the communication encryption key set 3104 and the hashed first feature vector set 3105 in the table 3100 of the biometric database shown in Fig. 2, There is a table of the corresponding database stored in the memory of the MFP reader 100. [

Fig. 3 shows an example of the configuration of the table 1400 stored in the memory of the portable finger vein reader 100. Fig. This table 1400 is an example of an encryption key database built in the apparatus. An authentication session ID set 1403, a communication encryption key set 1404, and a secret hash key set 1405. [ The authentication session ID of the table 1400 of the user device is the same as the authentication session ID of the table 3100 of the authentication server. Similarly, the communication encryption key of the table 1400 of the user device corresponds to the communication encryption key of the authentication server. The secret hash key is a hash key used in the process of hashing the finger feature vector (second feature vector) to be transmitted to the authentication server by the user device, and is stored uniquely for each authentication session ID.

In the actual authentication procedure, as described in detail below, the first feature vector set stored in the database of the authentication server 300 and the second feature vector set of the finger vein transmitted by the portable VF MAC reader 100 are compared It is decided whether or not to succeed. And compare the hashed data. And malicious hacking is basically blocked by using the same pair (authentication session ID, communication encryption key) stored in advance in the authentication server 300 and the portable finger vein reader 100. [

In other words, the authentication server 300 has a pair for each customer (authentication session, ID, and communication encryption key), and similarly, the portable finger vein reader 100 holds different pairs (authentication session ID, communication encryption key) .

FIG. 4 shows an example of an internal electronic configuration of the portable FVMC reader 100 according to the preferred embodiment of the present invention.

The portable finger vein reader 100 of the present invention may include a scanner receiving unit 120, an image obtaining apparatus 130, a memory 140, an NFC (Near Field Communication) module 150, and a control unit 110. Further, although not shown, a rechargeable battery and an on-off switch may be further included.

When the user approaches the scanner receiving unit 120, the image obtaining apparatus 130 can obtain the biometric image data of the biometric object. The biological object of the present invention can be preferably a finger. In a preferred embodiment of the present invention, the biometric image data may be a designation of a biometric object. It goes without saying that the fingerprint may be a fingerprint in some variations.

The image acquisition device 130 may include a light source 131 and a CCD camera 132. The light source 131 irradiates light to the scanner receiving unit 120, and the CCD camera 132 can capture image data of a finger vein by capturing a bio-object.

In the memory 140, an encryption key database 141 is built in advance, and stores a biometrics program code for a finger vein, though not shown.

Also, the short-range communication module 150 can wirelessly communicate with the external authentication device through the NFC method.

The control unit 110 may use a series of instructions to receive and process input and output data between components of the device. The control unit 110 controls the operation of recognizing the finger vein image data obtained from the image capturing apparatus 130 by executing the biometric program code and transmits the finger vein image data of the recognized bio object to the cryptographic key database 141) to generate a feature vector set (a second feature vector set) of the biometric image data. In addition, the control unit 110 controls to transmit the second set of feature vectors wirelessly to the external authentication apparatus.

In addition, the controller 110 may control to delete the second feature vector set in the memory 140 after a predetermined reference time has elapsed from generation of finger vein image data or generation of a second feature vector set. The finger vein image data can be deleted immediately after extracting the feature vector set. It is preferable to delete the second feature vector that has been hashed in the memory 140 when one minute has elapsed from the time when the finger vein image data is generated or one minute has passed since the second feature vector set was generated. In this way, the control unit 110 deletes both the finger vein image and the hashed second feature vector, so that malicious hacking or biometric information theft to the device can be blocked.

The encryption key database 141 stores one or more (authentication session ID, communication encryption key, secret) pairs as described above. It is a good idea to match the authentication session ID to a secret one-to-one. The communication encryption key may be used to encrypt a random number received from an external authentication device, which will be described again.

The portable finger vein reader of the present invention has the above-described configurations and is an electronic device that can be easily carried by a user. Let us look at a second set of feature vectors to be hashed by the secret sharing that is permanently stored in the cryptographic key database 141 of the memory 140 of such electronic device.

5 shows pixels of the finger vein image 50 of the present invention. The image acquisition device 130 acquires the finger vein image data of the biological object. One feature vector can be generated by connecting the two feature points 51 and 52 in the finger vein image 50 at the shortest distance.

The feature points 51 and 52 may be intersections where two lines of the vein intersect or meet, or the vein pixel value may be the darkest local maximum. After detecting all of these feature points in one finger vein image, the vectors including all the feature point pairs existing in two feature points are expressed as feature vectors. A plurality of feature vectors exist.

Among these feature vectors, the number of feature vectors having the shortest length can be predetermined. For example, 15, the set of 15 feature vectors becomes the second feature vector set. Then, authentication is performed by comparing the 15 sets of second feature vectors with a set of first feature vectors previously built in the authentication server. For example, if ten or more feature vectors out of the 15 second feature vector sets match the first feature vector of the authentication server, it can be determined that the authentication is successful.

However, as shown in FIG. 5, when the feature points 51 and 52 are physically located very close to the neighboring pixels, they can be specified with an error of one pixel value for each measurement. Therefore, an error of one pixel value may occur in the feature vector generation. To prevent this, if the feature point is located closer to a predetermined distance than a neighboring pixel (for example, less than a 1/5 distance of one pixel width), all the feature vectors that can be generated including all neighboring neighboring pixels are generated have.

5, the feature points 51 and 52 are located at the C and H pixels, but are very close to the neighboring pixels A, B, and D pixels and E, F, and G pixels, respectively. Therefore, in this case, when generating the feature vector for the pair of two feature points 51 and 52, it is possible to include all 16 possible feature vectors. These feature vectors are AE, AF, AG, AH, BE, BF, BG, BH, CE, CF, CG, CH, DE, DF, DG and DH respectively. The number of maximum error range feature vectors for each feature vector is 16.

If the feature values of a user's fingerprint data are defined as 15 shortest feature vectors, the maximum size of a user's finger feature values is 16 × 15 = 240 two-dimensional vectors. Each feature vector may be hashed to a hash value of preferably 20 bytes in size using a hash function. Then, the maximum size of the finally hashized finger feature values for one bio-object may be 20x240 = 4.8 kilobytes.

Consider a case where a user tries to authenticate with his or her own portable Mackie reader. This user device can hash the fifteen feature vector values in the finger vein image of the user's bio-object scanned and transmit it to the external device. Preferably to the intermediate apparatus 200 via NFC. Since each of the feature vector values may include up to 16 error range vectors as described above, the second feature vector set can be transmitted with a maximum of 240 vector values.

For example, the authentication server 300 selects, from among the fifteen hashed feature vector values included in the transmitted second feature vector set, a hashized first feature vector set in which ten or more are stored in advance in the biometrics database 310 The authentication success can be determined.

That is, the authentication server 300 compares fifteen hashed 20 byte vector values for authentication. However, since each vector may include up to 16 error range hash vector values, the authentication server 300 performs a task of comparing the size of the 20-byte data pair 240 times as the maximum number of times. This is an authentication task that can be done in a very short time.

6 is a diagram showing an overall process of a biometric authentication method according to a preferred embodiment of the present invention. The user device in the drawing refers to the above-mentioned portable finger vein reader. That is, the biometrics authentication method of the present invention assumes that the user uses a portable finger vein reader.

First, a cryptographic key database is constructed in the portable MFP reader (S100). For example, the authentication server transmits data of a pair (authentication session ID, communication encryption key) to a portable digital rights management (MAC) reader, and stores data of (pair of authentication session ID, communication encryption key and secret hash key) The encryption key database shown in FIG. 3 can be constructed in the user device.

Next, the authentication server stores in advance a first feature vector set corresponding to the biometric object in the biometric database (S110). The first feature vector set is a set of all-hash feature vectors having N (N is an integer greater than 1) elements. The bio-object refers to the bio-object of the portable finger vein reader user. The step S110 is a step of previously registering the data on the biometric authentication of the user in the database of the authentication server. At this time, the user can register his / her personal information and the hardware unique ID of the portable digital rights management device. By performing the user registration in this manner, the authentication server can construct the table of FIG. 2 for a plurality of users.

In the embodiment of FIG. 6, step S110 is performed after step S100, but steps S100 and S110 may be done in an integral manner as one pre-registration process. Alternatively, the step S100 may be executed after the step S110 is performed first. Further, while building a database necessary for authentication, hardware / software equipment required for authentication is installed in the authentication server, and program codes for biometric authentication can be stored in the user device. These two steps create a database and software environment for the authentication server and the user device, respectively, to execute the authentication process.

Next, we start actual certification. The image acquiring device of the portable FG Mac reader acquires the finger vein image data from the user's biological object (S120). In some embodiments of the present invention, the biometric image data may be fingerprint data.

The control unit of the portable Fingerprint reader transmits a second set of feature vectors extracted from the biometric image data acquired by the image acquisition apparatus to the authentication server (S130). At this time, P (P is an integer larger than 1) elements constituting the second feature vector set are all hashized feature vectors, and these feature vectors are pairs of two feature points as described in the embodiment of FIG.

In a preferred embodiment of the present invention, the step S130 is performed via the authentication intermediary device. And transmits the second feature vector set to the authentication mediator using the NFC module of the portable MFP reader. At this time, the control unit of the portable FGM reader deletes the finger vein image data and the second feature vector set from the memory. It is preferable that the biometric data is automatically deleted when generation of the finger vein image data or a predetermined reference time from the generation time of the second feature vector set, for example, one minute after that time, is set.

Next, the authentication intermediary device transmits the second set of feature vectors received from the user device to the authentication server through the wired / wireless network.

In step S140, the authentication server compares the first feature vector set registered in advance in the biometric database with the second feature vector set received through the authentication mediator to perform authentication. At this time, the first feature vector set and the second feature vector set are compared, and authentication success can be determined when the number of identical feature vector elements is equal to or greater than a predetermined reference number.

The finger vein authentication process according to the preferred embodiment of the present invention is roughly the same as the above. More preferably, finger vein authentication and device authentication are performed at the same time. To block malicious attacks more strongly.

Enhanced authentication is, for example, this. The authentication server requests the hardware ID of the user device via the authentication intermediary device. The hardware ID is the MAC address of the device. The portable MFP reader may then send the hardware identity to the authentication intermediary device via short-range wireless communication and then cause the authentication intermediary device to transmit the hardware idea to the authentication server. The authentication server then transmits (random number, authentication session ID) through the authentication intermediary device. For a random number received from the authentication intermediary device in short-range wireless communication, the portable FEC reader encrypts the random number with a communication encryption key stored in advance, and stores the characteristic vector of the finger vein image data (Random number, second feature vector set) to the authentication intermediary apparatus NFC. Then, the authentication intermediary device transmits (random number, second feature vector set) to the authentication server.

Here, the role of the random number is to prevent a malicious attacker from intercepting a packet transmitted from a user device to be transmitted to a financial company server to prevent a replay attack. The authentication server discards the random number generated by itself when it exceeds a predetermined time.

Since the authentication server receives only the hash values of the finger feature vectors, it does not have information about the user's biometric image. This hash function is a cryptographic hash function that can not predict the input value based on the output value. Such hash functions include, for example, SHA and MD5. Since the hashing is performed by the device-specific confidentiality pre-registered in the user device, even if the attacker finds the input value of the output value of the hash function by the Brute-force calculation attack, the user can acquire the finger vein image There is no. Nevertheless, the authentication server can authenticate the user using the feature vector of the transmitted hash finger vein image. This is because there is a first feature vector set that is constructed in advance. The authentication server decrypts the random number received via the authentication intermediary device to authenticate the portable fingerprint reader, and authenticates the user by comparing the first feature vector set and the second feature vector set.

Consider the above-described real scenario with the present invention applying the authentication method. Suppose that the user is in the store, the store is installed with the authentication intermediary device, and is connected to the authentication server of the remote financial institution via a network. In FIG. 7, the communication between the portable finger vein reader 100 and the authentication bridge device 200 of the store is based on NFC communication.

First, the user turns on the portable dedicated MAC reader 100 and scans the finger vein image with his or her finger placed on the scanner receiving unit. Then, the biometrics program code of the portable finger vein reader 100 is executed to extract and select a predetermined number of feature vectors from the scanned finger vein image. Then, the finger vein image is immediately erased from the memory, And temporarily stores it on the memory of the Mac reader. These values can also be automatically deleted from memory one minute after the feature vector set is created. When the portable finger vein reader generates the feature vector set, the user starts the NFC communication by approaching the authentication mediator 200 installed in the shop, for example, one minute later. Then, the authentication intermediary apparatus 200 of the store requests a hardware ID to the portable finger vein reader 100, and the portable finger vein reader transmits a hardware ID to the authentication intermediary apparatus 200 (S1).

The Fingerprint authentication mediator transmits the hardware ID of the received user device to the authentication server 300 of the financial institution interlocked with the authentication mediator (S2).

The authentication server 300 of the financial institution can recognize personal information such as the resident registration number of the owner of the user device stored in advance in the database on the basis of the received hardware ID of the portable FEC access controller. Further, it is possible to know the communication encryption key which is agreed with the user device in advance. After generating the random number, the authentication server 300 transmits the random number and the authentication session ID of the user to the authentication intermediary device (S3).

The fingerprint authentication mediator 200 of the store can transmit the encrypted random number and the user's authentication session ID from the authentication server to the user device by the NFC method (S4).

By referring to the received authentication session ID, the portable finger vein reader 100 can read out from the memory which encryption key it should use to encrypt the response message. As shown in FIG. 3, the memory has a plurality of communication encryption keys corresponding to a plurality of authentication servers and a secret key, respectively. The memory has a one-to-one correspondence with an authentication session ID for confidentiality with a communication encryption key corresponding to the current authentication server 300 It is because it is. First, the second feature vector set can be generated by hashing the feature vectors related to the finger vein biometric information of the user temporarily activated in the memory of the portable finger vein reader 100 using the secret mask. Further, the random number and the second feature vector set are grouped and encrypted using the communication encryption key, and transmitted to the authentication intermediary apparatus 200 through the NFC scheme (S5).

The authentication mediator 200 can not read the user's biometric information data in the received packet. This is because it does not know the communication encryption key agreed between the authentication server 300 and the portable MFP reader 100. Therefore, encrypted biometric data can not be decrypted.

The authentication mediator 200 transfers the encrypted packet to the financial institution authentication server 300 (S6).

Then, the financial institution authentication server decrypts the packet with the communication encryption key, examines the internal random number, compares the attached customer's hashed second feature vector set with the first feature vector set stored in advance in the server database, After checking whether or not the predetermined number matches with each other, authentication success / failure is determined and notified (S7).

For reference, the biometrics authentication method using the digital fingerprint reader according to various preferred embodiments of the present invention may be implemented in the form of a program command that can be executed through various computer means and recorded in a computer readable medium. The computer-readable medium may include program instructions, data files, data structures, and the like, alone or in combination. The program instructions recorded on the medium may be those specially designed and constructed for the present invention or may be available to those skilled in the art of computer software. Examples of computer-readable media include magnetic media such as hard disks, floppy disks and magnetic tape, optical recording media such as CD-ROMs, DVDs, magneto-optical media such as floptical disks, A hard disk drive, a flash memory, and the like. Examples of program instructions include high-level language code that can be executed by a computer using an interpreter, as well as machine accords such as those produced by a compiler. A hardware device may be configured to operate as one or more software modules to perform the operations of the present invention, and vice versa.

The scope of protection of the present invention is not limited to the description and the expression of the embodiments explicitly described in the foregoing. It is again to be understood that the present invention is not limited by the modifications or substitutions that are obvious to those skilled in the art.

Claims (10)

(a) storing in advance in the database an authentication server having a first hash hash function set having N elements (N is an integer greater than 1) corresponding to a biological object;
(b) acquiring finger vein image data corresponding to the bio-object by an image acquisition device of a portable finger vein reader;
(c) a control unit of the portable FGM reader transmits a hash-shaped second feature vector set having P (P is an integer larger than 1) extracted from the finger vein image data to the authentication intermediary device by short-range wireless communication Causing the finger vein image data and the second feature vector set to be deleted from the memory of the portable VF card reader;
(d) the authentication intermediary device sending the second set of feature vectors to the authentication server; And
(e) comparing the first feature vector set and the second feature vector set by the authentication server and performing authentication. The method according to claim 1,
Before executing the step (a), the authentication server transmits data of an authentication session ID and a communication encryption key pair to a portable MFP reader, and stores authentication session ID, communication encryption key, secret And a step of storing data of the hash key pair in advance. The method according to claim 1,
Between step (c) and step (d)
The portable finger vein reader transmits a hardware ID to the authentication mediator in short-range wireless communication, and the authentication mediator transmits the hardware ID to the authentication server; And
Wherein the authentication server transmits a random number and an authentication session ID to the authentication intermediary device and the authentication intermediary device transmits a random number and an authentication session ID to the portable finger vein reader in a short distance wireless communication,
Characterized in that the portable cassette reader (1) authenticates the portable FEC accessor by receiving and decrypting a random number encrypted by a communication encryption key stored in advance in the portable FEC Macro reader via the authentication server . The method of claim 3,
When the portable finger vein reader transmits the random number to the authentication server via the authentication intermediary device, transmits a random number encrypted with a previously stored communication encryption key and a second feature vector pair to the authentication server via the authentication intermediary device To the biometrics authentication method using the portable finger vein reader. The method according to claim 1,
The authentication in the step (e) includes comparing the set of the first feature vector with the set of the second feature vector, and determining success of authentication when the number of identical feature vector elements is equal to or greater than a predetermined reference number. A biometric authentication method using a Mac reader. The method according to claim 1,
Wherein the finger vein image data and the second feature vector set are deleted from the memory of the portable VF card reader in step (c), wherein the generation of the finger vein image data or the generation of the second feature vector set Is set to be deleted after a predetermined reference time elapses from a predetermined time. delete delete delete delete
KR1020150108052A 2015-07-30 2015-07-30 Portable finger vein reader and biometric authentication method thereof KR101750292B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150108052A KR101750292B1 (en) 2015-07-30 2015-07-30 Portable finger vein reader and biometric authentication method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150108052A KR101750292B1 (en) 2015-07-30 2015-07-30 Portable finger vein reader and biometric authentication method thereof

Publications (2)

Publication Number Publication Date
KR20170014522A KR20170014522A (en) 2017-02-08
KR101750292B1 true KR101750292B1 (en) 2017-06-23

Family

ID=58154983

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150108052A KR101750292B1 (en) 2015-07-30 2015-07-30 Portable finger vein reader and biometric authentication method thereof

Country Status (1)

Country Link
KR (1) KR101750292B1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108520214A (en) * 2018-03-28 2018-09-11 五邑大学 A kind of finger vein identification method based on multiple dimensioned HOG and SVM
CN113792649A (en) * 2021-09-13 2021-12-14 广州广电运通金融电子股份有限公司 Rapid authentication method, device and medium based on finger vein biological identification technology

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4664316B2 (en) * 2007-01-09 2011-04-06 株式会社エヌ・ティ・ティ・ドコモ Signature method, signer side communication terminal, signature server, site server, and signature system

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4664316B2 (en) * 2007-01-09 2011-04-06 株式会社エヌ・ティ・ティ・ドコモ Signature method, signer side communication terminal, signature server, site server, and signature system

Also Published As

Publication number Publication date
KR20170014522A (en) 2017-02-08

Similar Documents

Publication Publication Date Title
US10681025B2 (en) Systems and methods for securely managing biometric data
CN105389500B (en) The method for unlocking another equipment using an equipment
JP5859953B2 (en) Biometric authentication system, communication terminal device, biometric authentication device, and biometric authentication method
US9749131B2 (en) System and method for implementing a one-time-password using asymmetric cryptography
KR101198120B1 (en) Iris information based 3-factor user authentication method for otp generation and secure two way authentication system of wireless communication device authentication using otp
US9218473B2 (en) Creation and authentication of biometric information
US20140093144A1 (en) More-Secure Hardware Token
CN101958892A (en) Electronic data protection method, device and system based on face recognition
CN106936775A (en) A kind of authentication method and system based on fingerprint recognition
JP2011165102A (en) Biometrics authentication system and portable terminal
KR20210006329A (en) Remote biometric identification
JP2006262333A (en) Living body authentication system
KR101750292B1 (en) Portable finger vein reader and biometric authentication method thereof
US9413533B1 (en) System and method for authorizing a new authenticator
KR101468192B1 (en) Secure User Authentication Scheme Based on Facial Recognition for Smartwork Environment
CN110619228B (en) File decryption method, file encryption method, file management system and storage medium
Thawre et al. Survey on security of biometric data using cryptography
US20210365531A1 (en) Method and electronic device for authenticating a user
TWI736280B (en) Identity verification method based on biometrics
CN109005158B (en) Authentication method of dynamic gesture authentication system based on fuzzy safe
JP2018113504A (en) Secure element, UIM card, authentication method, and authentication program
Dimitriadis et al. A protocol for incorporating biometrics in 3G with respect to privacy
KR20130131752A (en) Mobile user identification security system and method in cloud computing environment using iris identification and augmented reality
KR20190044785A (en) Method for Controlling Distributed Facility Access

Legal Events

Date Code Title Description
A201 Request for examination
E701 Decision to grant or registration of patent right
GRNT Written decision to grant