KR102008101B1 - Secure biometric authentication method using functional encryption - Google Patents

Abstract

Disclosed is a secure biometric authentication method using a functional password. According to one embodiment of the present invention, an authentication method performed in an authentication server comprises the following steps: registering biometric data of a user inputted to a local sensor; and authentication the biometric authentication data of the user in accordance with the calculation of the biometric authentication data inputted to the local sensor by combining at least one calculation method.

Description

SECURE BIOMETRIC AUTHENTICATION METHOD USING FUNCTIONAL ENCRYPTION}

The following description relates to security technology and to a method of authenticating bio data.

User authentication is a series of procedures that allows access by checking whether a user who attempts to access a particular system (eg computer, web server, smartphone, etc.) has access rights. Basic authentication, biometric authentication using fingerprints, irises, and face information, and proprietary authentication using hardware such as a card or dongle are used. Among these, bio-certification is being used in many places due to its convenience, but has one problem in terms of safety. In knowledge-based authentication, the password must be replaced when the password is leaked. In the case of ownership-based authentication, if the hardware for authentication is stolen or lost, the new hardware can be replaced. However, there is no appropriate countermeasure in case of bio data leakage. Therefore, in bio authentication, it is more important to securely manage bio data sources such as fingerprints and irises in the system than other types of authentications.

As an alternative to this problem, a cloud-like improvement scheme for storing bio data on a remote server managed more securely than a local system is widely considered. In this case, however, it is impossible to exclude the possibility that the remote cloud server utilizes the bio data without permission. Therefore, it is necessary to store the bio data in the converted form of the cloud server instead of the original (for example, a bitmap image of the iris). desirable. In this case, even if the cloud server attempts to exploit the data, the data is not a biodata source, but converted form, which is useless when leaked.

References: [1] Jong-Hyuk Im, JinChun Choi, DaeHun Nyang and Mun-Kyu Lee, "Privacy-Preserving Palm Print Authentication Using Homomorphic Encryption," 2nd Intl Conf on Big Data Intelligence and Computing (DataCom) 2016, pp. 878-881, 2016.

[2] Sam Kim, Kevin Lewi, Avradip Mandal, Hart William Montgomery, Arnab Roy and David J. Wu, "Function-Hiding Inner Product Encryption is Practical", IACR Cryptology ePrint Archive, 2016: 440, 2016.

The present invention can provide a method for performing secure biometric authentication using functional encryption technology.

The authentication method performed in the authentication server includes registering bio data of a user input to a local sensor; And authenticating the bio certification data of the user according to the calculation of the bio certification data input to the local sensor by combining at least one calculation method.

The registering of the bio data of the user may include registering the bio data of the user input to the local sensor as a secret key of a function password.

The authenticating the bio authentication data of the user may include authenticating the bio authentication data of the user by decrypting a cipher text calculated based on the bio authentication data input to the local sensor by combining at least one calculation method. can do.

The registering of the bio data of the user may include: a secret key ( sk ₁ , sk ₂₎ generated using the bio template ( x ) converted from the bio data of the user input to the local sensor and the master secret key of the key distribution server. ) To register the user's bio data.

The registering of the bio data of the user may include converting the bio data into an integer-type bio template x by the local sensor, and the bio template of the bio data is quantized using the precision parameters Q and S. As a bio template ( x ' ₁ , x' ₂ ) is calculated, a secret key (sk) generated using the master secret key ( msk ) and the quantized bio template ( x ' ₁ , x' ₂ ) at the key distribution server. ₁ , sk ₂ ) may be included.

The authenticating of the bio authentication data of the user may include: 1) a bio template ( y ), the master secret key ( msk ), and a precision parameter ( R ) or 2) converted based on the bio authentication data input to the local sensor. The bio template converted based on the bio data and the bio authentication data converted using the cipher text calculated by the local sensor using one of the bio template y and the master secret key msk are converted. Performing internal product calculation of the bio template.

The authenticating of the bio authentication data of the user may include converting the bio authentication data into an integer bio template ( y ) in the local sensor, 1) the master secret key ( msk ), and the bio template of the bio authentication data. ( y ) and a precision parameter ( R ) or 2) receiving a ciphertext ( c ₁ , c ₂ ) calculated using either the master secret key ( msk ) and the bio template ( y ) of the biometric data. It may include.

)을 획득하는 단계를 포함할 수 있다. The authenticating the bio authentication data of the user may include: a quantized bio template ( x ′ ₁ ) of any one bio data and a quantized bio template of the bio authentication data using a public parameter, the secret key, and the cipher text. dot product of y ' )

) May be obtained.

)을 획득하는 단계를 포함할 수 있다. The authenticating the bio authentication data of the user may include: a quantized bio template x ' ₂ of another bio data and a bio template y of the bio authentication data using a public parameter, the secret key, and the cipher text. Dot product of

) May be obtained.

또는

이고, The authenticating the biometric data of the user may include determining whether the authentication is successful based on any one of an OR condition, an AND condition, and a weight condition of at least one cosine similarity calculation method. The OR condition is,

or

ego,

그리고

이고, 상기 가중치 조건은,

일 수 있다. The AND condition is,

And

Wherein the weighting condition is

Can be.

The authentication server may include a registration unit that registers bio data of a user input to a local sensor; And an authentication unit configured to perform authentication on the bio authentication data of the user as the bio authentication data input to the local sensor is calculated by combining at least one calculation method.

The present invention can perform bio-authentication simply and quickly by using a function cipher in which the operation result between ciphertexts is derived as plain text.

The present invention can measure the distance between bio-templates based on the inner-function code through a modified cosine similarity calculation method capable of calculating the inner product of the vector and can be applied to various bio certification fields.

The present invention can perform more accurate bio-certification by combining the modified cosine similarity calculation method.

1 is a diagram illustrating an example of a network environment according to an embodiment.
2 is a block diagram illustrating a configuration of an authentication system according to an exemplary embodiment.
3 is a flowchart illustrating an authentication method of an authentication system according to an exemplary embodiment.
4 is a diagram for describing a bio data registration method in an authentication system, according to an exemplary embodiment.
5 is a diagram for describing a method of authenticating bio data in an authentication system, according to an exemplary embodiment.
6 is a diagram for describing a method of determining whether authentication is successful in an authentication system according to an exemplary embodiment.

Hereinafter, exemplary embodiments will be described in detail with reference to the accompanying drawings.

에 대한 암호문과 함수

에 대한 비밀키가 해독기(decryptor)에 주어지면, 해독기가 해당 비밀키를 이용해 암호문으로부터

을 계산할 수 있는 암호이다. 예를 들어, 함수

(a, b는 정수)에 대한 함수 암호는 평문

의 암호문

및

에 대한 비밀키

가 주어질 때 복호화 연산

를 만족하는 암호이다. 단,

를 보유한 측은 암호문에 대해 함수

에 대한 결과만을 복호화할 뿐, 다른 복호화는 불가능한 특성이 있다. 실시예에서는 내적 계산을 수행하는 함수 암호를 활용하는데, [2]에 따르면 이는 다음과 같은 기능들로 구성된다.Functional encryption is plaintext

Passphrases and Functions for

If the secret key for is given to the decrypter, the decrypter uses the secret key to

It is a password that can be calculated. For example, a function

The function password for (a, b is an integer) is plaintext

Ciphertext

And

Secret key for

Operation when is given

Is a password that satisfies. only,

Side holding the function

It only decodes the result, and other decoding is impossible. The embodiment utilizes a function cipher that performs an internal calculation, which according to [2] consists of the following functions.

)을 만족하는 공개 파라미터(pp), 마스터 비밀키(msk)를 생성한다. 다시 말해서, (pp, msk)= setup(L)(1) Initial setup work: given safety requirements (safety parameters

Create a public parameter ( pp ) and a master secret key ( msk ) that satisfy. In other words, ( pp , msk ) = setup ( L )

)로부터 비밀키(sk)를 생성한다. 즉, sk=keygen(msk,

)(2) Keygen operation: master secret key ( msk ) and input vector (

Generates a secret key ( sk ) from That is, sk = keygen ( msk ,

)

(3) Encrypt operation: Compute the ciphertext ( c ) from the master secret key ( msk ) and the vector ( y ). I.e. c = encrypt ( msk, y )

)와 벡터(y) 의 내적을 계산한다. 즉, r=decrypt(pp, sk, c)로 계산된 결과에 대해

가 만족된다.(4) Decrypt operation: input vector from public parameter ( pp ), secret key ( sk ), and ciphertext ( c )

) And the dot product of the vector ( y ). That is, for the result calculated by r = decrypt ( pp, sk, c )

Is satisfied.

1 is a diagram illustrating an example of a network environment according to an embodiment.

The network environment of FIG. 1 illustrates an example including a plurality of electronic devices 110, 120, 130, and 140, a plurality of servers 150 and 160, and a network 170. 1 is an example for describing the present invention, and the number of electronic devices or the number of servers is not limited as shown in FIG. 1.

The plurality of electronic devices 110, 120, 130, and 140 may be fixed terminals or mobile terminals implemented as computer devices. Examples of the plurality of electronic devices 110, 120, 130, and 140 include a smart phone, a mobile phone, a navigation device, a computer, a notebook computer, a digital broadcasting terminal, a personal digital assistant (PDA), and a portable multimedia player (PMP). Tablet PC). For example, the electronic device 1 110 may communicate with other electronic devices 120, 130, 140 and / or the server 150, 160 through a network 170 using a wireless or wired communication scheme. In an embodiment, the electronic device may be a device equipped with a camera and a sensor function for recognizing a user's bio data such as face recognition, fingerprint recognition, and iris recognition.

The communication method is not limited, and may include not only a communication method using a communication network (for example, a mobile communication network, a wired internet, a wireless internet, a broadcasting network) that the network 170 may include, but also a short range wireless communication between devices. For example, the network 170 may include a personal area network (PAN), a local area network (LAN), a campus area network (CAN), a metropolitan area network (MAN), a wide area network (WAN), and a broadband network (BBN). And one or more of networks such as the Internet. The network 170 may also include any one or more of network topologies, including bus networks, star networks, ring networks, mesh networks, star-bus networks, trees, or hierarchical networks, but It is not limited.

Each of the servers 150 and 160 communicates with the plurality of electronic devices 110, 120, 130, and 140 through the network 170 to provide a command, code, file, content, service, or the like. It may be implemented in devices.

In the following embodiment, the electronic device 110 may mean a local sensor that recognizes bio data input from a user, the server 150 may be a key generation server, and the server 160 may be an authentication server. Thus, the bio data registration process and the bio data authentication process between the local sensor, the key generation server and the authentication server will be described.

으로 변환하여 저장하고, 추후 사용자 인증에서는 같은 방식으로 바이오 데이터를 인식하여 템플릿 y 를 구성한 후

와 y의 유클리드 거리를 측정하는 방식으로 매칭을 수행한다. 이때, 바이오 데이터는 인식 시마다 약간의 오차가 생겨 정확히 동일한 벡터로 만들어지지는 않으나,

와 y가 동일한 사용자의 바이오 데이터로부터 생성된 벡터라면 차이가 매우 작을 것이기 때문에

와 y의 유클리드 거리는 매우 작게 된다. 반면, 다른 사람의 바이오 데이터로부터 생성된 템플릿은 유클리드 거리가 크다. 이에 따라, 경계값(threshold) T를 적절히 정하고, 두 템플릿 벡터의 거리가 T보다 작으면 동일 사용자로 인식하는 방식이 널리 이용된다. In general bio-certification, the bio data recognized at the time of user registration is a template in vector form.

Conversion to store and, after configuring the template y recognizes the bio-data in the same way in subsequent user authentication,

Matching is performed by measuring the Euclidean distance of and y . At this time, the bio data is not made to be exactly the same vector because there is a slight error every recognition.

If and y are vectors generated from biodata of the same user, the difference will be very small.

The Euclidean distance of and y becomes very small. On the other hand, templates generated from other people's biodata have a large Euclidean distance. Accordingly, a method of properly determining a threshold T and recognizing the same user when the distance between two template vectors is smaller than T is widely used.

, y 에 대해

,

를 두 벡터의 크기라 하고, 두 벡터 사이의 내각을

라 하면, 내적과 내각 사이에는

,The embodiment proposes a modified cosine similarity that can replace Euclidean distance as a new criterion for calculating a matching score of bio certification. First, two vectors

, for y

,

Is the magnitude of the two vectors, and the cabinet between

In other words, between the inner

,

In other words, equation A:

, y가 동일한 또는 유사한(거의 같은) 벡터라면

이 된다. 따라서, 유클리드 거리를 측정하는 대신

와 y 를 정규화(normalization)한 두 템플릿 벡터

와

간의 내적을 이용하여 코사인 값을 계산함으로써 1에 가까울 경우 인증에 성공하도록 하는 사용자 인증을 수행할 수 있다. 이는 기존에 여러 특성(attribute)을 가지는 데이터들 간의 유사도를 판별하기 위해 많이 이용하는 코사인 유사도에 기반한 방법이다. Since the relationship between

, if y is the same or similar (almost the same) vector

Becomes So instead of measuring Euclidean distance

Two template vectors normalized to y

Wow

By calculating the cosine value using the inner product of the liver, the user authentication can be performed to make the authentication successful when the value is close to 1. This method is based on the cosine similarity that is frequently used to determine the similarity between data having various attributes.

는 두 벡터

와 y 사이의 내각

만을 고려하기 때문에,

, y가 서로 다른 사용자 템플릿 벡터여서

,

가 다르더라도 벡터 간의 내각이 작다면 식 A에 의해 계산된

는 1에 가까울 가능성이 있어 동일한 사용자로 오인될 가능성이 있다. 이러한 문제를 보완하기 위하여 실시예에서는 변형된 코사인 유사도 계산 방법을 제안한다. 이를 위하여 식 A에서

를

로 대체하여, However, calculated using Equation A

Two vector

Cabinet between and y

Because only consider

, y are different user template vectors

,

Is different, but if the cabinet between vectors is small,

May be close to 1 and be mistaken for the same user. In order to solve this problem, the embodiment proposes a modified cosine similarity calculation method. To do this in Equation A

To

In place of

Equation B:

The authentication score r can be calculated.

, y 두 벡터가 동일한 사용자의 템플릿일 경우, 이 두 벡터 사이의 각

의 크기가 매우 작은 동시에

도

와 거의 같을 것이므로, r은 1에 가까운 값이 될 것이다. 다만, 낮은 확률이긴 하나,

, y가 동일한 또는 유사한(거의 같은) 벡터가 아니라도 벡터 y의

방향 성분인

가 우연히

와 거의 같아 식 B가 1에 가까운 경우가 생길 수 있다.if,

, y If two vectors are the same user's template, the angle between these two vectors

The size is very small at the same time

Degree

Since r is almost equal to, r will be close to one. But with a low probability,

, Y is the degree, not the same or similar (substantially the same) vector y

The aromatic component

By chance

Equation B can be close to 1

을 동시에 만족하면 인증에 성공하게 할 수 있다. 다만, 바이오 인증 응용에 따라서는 식 A 또는 식 B 중 한가지만을 고려하거나, 둘 다 고려하되

또는

중 하나만을 만족하면 인증에 성공하도록 구성할 수도 있다. 또한, 이 두 기준에 대해 각각 가중치를 부여하여 가중 평균을 계산하도록 할 수 있다. 즉, 적절한 두 상수 a, b에 대해

일 경우 인증에 성공하게 할 수 있다.Accordingly, in order to prevent both errors, a method of simultaneously considering Equations A and B will be proposed. In other words,

At the same time, the authentication can be successful. However, depending on the biocertification application, consider only one of Formula A or Formula B, or both.

or

If only one of them is satisfied, the authentication can be configured to succeed. In addition, each of these two criteria can be weighted to calculate a weighted average. That is, for two appropriate constants a and b

In this case, the authentication can be successful.

와

및 식 B에서 정규화된 벡터

의 원소는 매우 작은 소수들인 반면, 내적 함수 암호는 정수로 구성된 벡터에 대해서만 동작하므로, 계산의 정밀도를 유지하기 위해서는 양자화(quantization)를 적용할 수 있다. 즉, 식 A 및 식 B가 1인지를 확인하는 대신 큰 정수 Q, R에 대하여 식 D, 큰 정수 S에 대해 식 E로 나타낼 수 있음을 확인할 수 있다.Two vectors normalized in expression A

Wow

And vector normalized in equation B

The elements of are very small primes, whereas the inner function cipher works only on vectors of integers, so quantization can be applied to maintain the precision of the computation. That is, it can be confirmed that the expression E can be represented by the expression D and the large integer S for the large integers Q and R , instead of confirming whether the expressions A and B are 1.

Equation D:

E:

According to the present invention, the user stores the bio data in the encrypted state in the remote server at the time of registration, and during authentication, if the local sensor recognizes the bio data and transmits the encrypted data to the remote server in the encrypted state, the remote server has two data in the encrypted state. If the comparison is high, the authentication is successful. Although many attempts have been made to achieve this goal in the past, the present invention is more advanced than the conventional methods in the following aspects.

The remote bio-authentication method using the homologous cipher uses a homogeneous cipher that performs an encryption operation, but the homologous cipher has a cryptographic result (a template matching score in the case of bio authentication). Complex protocols are needed. However, the present invention can solve the above-mentioned problem by using a function cipher in which the operation result between ciphertexts is derived as plain text.

The existing remote bio-authentication method using a function cipher uses an inner function cipher (a function cipher that can calculate an inner product between ciphertext vectors) that provides practical performance only among various functional ciphers currently proposed. However, when the internal calculation is used directly, only Hamming distance between vectors can be calculated, and Euclidean distance calculation, which is more commonly used in bio authentication, cannot be calculated. Therefore, the application range of the existing remote bio authentication method using a function password is very limited. . In the present invention, the distance between the bio-templates is measured by using a modified cosine similarity having similar characteristics to that of the Euclidean distance, that is, replacing the Euclidean distance. Since the modified cosine similarity can be calculated only by the vector dot product, it can be easily implemented using the dot product cipher, and has similar characteristics to the Euclidean distance, so it can be applied to various bio authentication applications than the Hamming distance.

2 is a block diagram illustrating a configuration of an authentication system according to an embodiment, and FIG. 3 is a flowchart illustrating an authentication method of an authentication system according to an embodiment.

The processor 200 of the authentication server 160 may include a register 210 and an authenticator 220. The components of the processor 200 may be representations of different functions performed by the processor 200 according to a control command provided by program code stored in the authentication server. The processor 200 and the components of the processor 200 may control the authentication server to perform steps 310 to 320 included in the bio authentication method of FIG. 3. In this case, the processor 200 and the components of the processor 200 may be implemented to execute instructions according to code of an operating system included in a memory and code of at least one program.

The processor 200 may load program code stored in a file of a program for an authentication method into a memory. For example, when a program is executed in the authentication server, the processor may control the authentication server to load the program code from the file of the program into the memory under the control of the operating system. At this time, each of the processor 200 and the register 210 and the authentication unit 220 included in the processor 200 executes a command of a corresponding part of the program code loaded in the memory to perform subsequent steps 310 to 320. It may be different functional representations of the processor 200 for execution.

In operation 310, the registerer 210 may register the bio data of the user input to the local sensor. The registration unit 210 may register the bio data of the user input to the local sensor as the secret key of the function password. The registration unit 210 stores the secret key ( sk ₁ , sk ₂ ) generated by the key distribution server using the bio template ( x ) converted from the bio data of the user input to the local sensor and the master secret key of the key distribution server. To register the bio data of the user. Register 210 is bio-data from the local sensor is converted into a bio-template (x) of an integer, Bio template for the bio-data precision parameters bio template quantization using (Q, S), (x _'1, x' _{As 2} ) is calculated, the secret key ( sk1 _, sk ₂ ) generated using the master secret key ( msk ) and the quantized bio template ( x ' ₁ , x' ₂ ) can be stored in the key distribution server.

In operation 320, the authenticator 220 may authenticate the bio authentication data of the user by calculating the bio authentication data input to the local sensor by combining at least one or more calculation methods. The authenticator 220 may authenticate the biometric authentication data of the user by decrypting a ciphertext calculated based on the biometric data input to the local sensor by combining at least one calculation method. The authentication unit 220 converts the bio template ( y ), the master secret key ( msk ) and the precision parameter ( R ) or 2) the bio template (y) and the converted based on the bio authentication data input to the local sensor. The inner product of the bio template converted based on the bio data and the bio template converted based on the bio authentication data may be performed using the cipher text calculated by the local sensor using any one of the master secret key ( msk ). . The authentication unit 220 converts the bio authentication data into a bio template ( y ) in an integer form in a local sensor, 1) a master secret key ( msk ), a bio template ( y ) and a precision parameter ( R ) of bio authentication data, or 2) The ciphertext ( c ₁ , c ₂ ) calculated using one of the master secret key ( msk ) and the bio template ( y ) of the bio-authentication data can be received. The authentication unit 220 may obtain the inner product of the quantized bio template x ' ₁ of any one bio data and the quantized bio template y' of bio authentication data using the public parameter, the secret key, and the cipher text. have. The authenticator 220 may determine whether the authentication succeeds based on any one of an OR condition, an AND condition, and a weight condition of the at least one cosine similarity calculation method.

4 is a diagram for describing a bio data registration method in an authentication system, according to an exemplary embodiment.

The authentication system may consist of a local sensor, an authentication server, and a key distribution server. In FIG. 4, an operation of registering bio data through data transmission and reception between the local sensor 110, the authentication server 160, and the key distribution server 150 will be described in detail. In this case, the key distribution server 150 may generate the public parameter pp and the master secret key msk by ( pp, msk ) = setup ( L ). As the key distribution server 150 transmits the generated master secret key msk to the local sensor 110, the master secret key may be stored in the local sensor 110, and the public parameter pp may be transmitted to the authentication server 160. The public parameter pp may be stored in the authentication server 160 as transmitted to the. The key distribution server 150 may determine the precision parameters Q, R, and S and transmit the precision parameters to the local sensor 110 and the authentication server 150. The authentication server 160 may determine thresholds T _1, T _2, T _3, T _{4, and} T ₅ for performing matching in advance.

The local sensor 110 may receive bio data input from a user (401). For example, the local sensor may correspond to a biosensor on an access control system, a biosensor on a smart device, and the like. In addition, the bio data input from the user may refer to user-specific data capable of identifying the user, such as fingerprint, iris, and face recognition.

)으로 변환할 수 있다. 로컬 센서(110)는 정밀도 파라미터 Q, S를 이용하여 양자화된 바이오 템플릿(

와

)을 계산할 수 있다(403). The local sensor 110 may convert the bio data into digital data (402). In detail, the local sensor 110 may convert the bio data into digital data by performing image processing, normalization, and quantization on the bio data. In addition, by serializing the converted digital data (bio template in the form of an integer vector)

Can be converted to). The local sensor 110 uses a quantized bio template (using the precision parameters Q and S) .

Wow

) Can be calculated (403).

,

)을 이용하여

과

로 비밀키(sk ₁ , sk ₂ )를 생성할 수 있다. 키 분배 서버(150)로부터 생성된 비밀키(sk ₁ , sk ₂ )가 인증 서버에게 전달됨에 따라 인증 서버(160)에 비밀키(sk ₁ , sk ₂ )저장될 수 있다. 이러한 과정 통해 바이오 데이터가 등록될 수 있다. The key distribution server 150 has a master secret key ( msk ) and a normalized bio template (

,

)

and

You can create a secret key ( sk ₁ , sk ₂ ) with. As the secret keys sk ₁ and sk ₂ generated from the key distribution server 150 are delivered to the authentication server, the secret keys sk ₁ and sk ₂ may be stored in the authentication server 160. Through this process, bio data can be registered.

5 is a diagram for describing a method of authenticating bio data in an authentication system, according to an exemplary embodiment.

The authentication system may consist of a local sensor, an authentication server, and a key distribution server. In FIG. 5, a bio authentication operation will be described in detail through data transmission and reception between the local sensor 110, the authentication server 160, and the key distribution server 150.

The local sensor 110 may receive bio authentication data input from a user (501). For example, the local sensor may correspond to a biosensor on an access control system, a biosensor on a smart device, and the like. In addition, the bio-authentication data input from the user may refer to user-specific data that can identify the user, such as fingerprint, iris, and face recognition.

The local sensor 110 may convert biometric data into digital data (502). In detail, the local sensor 110 may convert the biometric data into digital data by performing image processing, normalization, and quantization. In addition, the converted digital data may be serialized and converted into a bio template y in the form of an integer vector.

와

로 암호문(c ₁ , c ₂ )를 계산하여 인증 서버(160)로 전송할 수 있다(503, 504). The local sensor 110 is configured from a master secret key (msk), a bio template (y) and a precision parameter (R).

Wow

The cipher text c ₁ , c ₂ may be calculated and transmitted to the authentication server 160 (503, 504).

로 바이오 데이터에 대한 양자화된 바이오 템플릿(

)과 바이오 인증 데이터에 대한 양자화된 바이오 템플릿(

)의 내적

을 획득할 수 있다. 또한, 인증 서버(160)는

로 바이오 데이터에 대한 양자화된 바이오 템플릿(

)과 바이오 인증 데이터에 대한 정수 형태의 템플릿(y)의 내적

을 획득할 수 있다. The authentication server 160 may obtain the inner product according to decryption using the public parameter pp , the secret keys sk ₁ , sk ₂ , and the cipher text c ₁ , c ₂ (505). Specifically, the authentication server 160

Quantized bio template for

) And quantized bio templates for biometric data (

Dot product

Can be obtained. In addition, the authentication server 160

Quantized bio template for

) And dot product of an integer template ( y ) for biometric data.

Can be obtained.

또는

인지 여부를 판단할 수 있다(621). 인증 서버(160)는

또는

일 경우, 인증에 성공한 것으로 판단할 수 있다(640). 또는, 인증 서버(160)가 AND 조건을 선택함에 따라

그리고

인지 여부를 포함할 수 있다. 인증 서버(160)가

그리고

일 경우, 인증에 성공한 것으로 판단할 수 있다(640). 또는, 인증 서버(160)가 가중치 조건을 선택함에 따라

인지 여부를 판단할 수 있다. 인증 서버(160)가

일 경우, 인증에 성공한 것으로 판단할 수 있다(640). 또한, 인증 서버(160)가 각각의 선택된 조건에 대하여 만족하지 못하는 경우, 인증에 실패한 것으로 판단할 수 있다(641). The authentication server 160 may determine whether the authentication succeeds based on the acquired inner product (506). The authentication server 160 may determine whether authentication succeeds by selecting any one of the following conditions. 6 is a view for explaining a method of determining whether or not authentication is successful. For example, any one of an OR condition, an AND condition, and a weight condition may be selected by the authentication server 160 (610). Alternatively, the condition may be selected by the user, or the condition may be randomly selected by the computer. As authentication server 160 selects an OR condition

or

It may be determined whether or not the recognition. Authentication server 160

or

In operation 640, it may be determined that authentication is successful. Or, as the authentication server 160 selects the AND condition

And

Recognition or not. The authentication server 160

And

In operation 640, it may be determined that authentication is successful. Alternatively, as the authentication server 160 selects a weighting condition

It can be determined whether or not. The authentication server 160

In operation 640, it may be determined that authentication is successful. In addition, when the authentication server 160 does not satisfy each of the selected conditions, it may be determined that authentication fails (641).

The biometric authentication method based on the internal function encryption provided by the encryption system according to an embodiment has the following advantages in terms of security.

When a local sensor is attacked, the master secret key ( msk ) is leaked, which does not contain any information about the bio data. However, for the bio-authentication session that proceeds after the key leakage, it is possible to recover the quantized bio template y ' and bio template y from the cipher texts c ₁ and c ₂ , so it is desirable to renew the master key as soon as the key is leaked.

Since the authentication server does not know the master secret key ( msk ), an attacker who attacks the authentication server or the authentication server cannot restore the user's bio data.

The apparatus described above may be implemented as a hardware component, a software component, and / or a combination of hardware components and software components. For example, the devices and components described in the embodiments are, for example, processors, controllers, arithmetic logic units (ALUs), digital signal processors, microcomputers, field programmable gate arrays (FPGAs). Can be implemented using one or more general purpose or special purpose computers, such as a programmable logic unit (PLU), a microprocessor, or any other device capable of executing and responding to instructions. The processing device may execute an operating system (OS) and one or more software applications running on the operating system. The processing device may also access, store, manipulate, process, and generate data in response to the execution of the software. For convenience of explanation, one processing device may be described as being used, but one of ordinary skill in the art will appreciate that the processing device includes a plurality of processing elements and / or a plurality of types of processing elements. It can be seen that it may include. For example, the processing device may include a plurality of processors or one processor and one controller. In addition, other processing configurations are possible, such as parallel processors.

The software may include a computer program, code, instructions, or a combination of one or more of the above, and configure the processing device to operate as desired, or process it independently or collectively. You can command the device. Software and / or data may be any type of machine, component, physical device, virtual equipment, computer storage medium or device in order to be interpreted by or to provide instructions or data to the processing device. It can be embodied in. The software may be distributed over networked computer systems so that they may be stored or executed in a distributed manner. Software and data may be stored on one or more computer readable recording media.

The method according to the embodiment may be embodied in the form of program instructions that can be executed by various computer means and recorded in a computer readable medium. The computer readable medium may include program instructions, data files, data structures, etc. alone or in combination. The program instructions recorded on the media may be those specially designed and constructed for the purposes of the embodiments, or they may be of the kind well-known and available to those having skill in the computer software arts. Examples of computer-readable recording media include magnetic media such as hard disks, floppy disks, and magnetic tape, optical media such as CD-ROMs, DVDs, and magnetic disks, such as floppy disks. Magneto-optical media, and hardware devices specifically configured to store and execute program instructions, such as ROM, RAM, flash memory, and the like. Examples of program instructions include not only machine code generated by a compiler, but also high-level language code that can be executed by a computer using an interpreter or the like.

Although the embodiments have been described by the limited embodiments and the drawings as described above, various modifications and variations are possible to those skilled in the art from the above description. For example, the described techniques may be performed in a different order than the described method, and / or components of the described systems, structures, devices, circuits, etc. may be combined or combined in a different form than the described method, or other components. Or even if replaced or substituted by equivalents, an appropriate result can be achieved.

Therefore, other implementations, other embodiments, and equivalents to the claims are within the scope of the claims that follow.

Claims (11)

delete delete delete In the authentication method performed in the authentication server,
Registering the bio data of the user input to the local sensor as a secret key of the function password; And
Authenticating the bio-authentication data of the user by decrypting the ciphertext calculated based on the bio-authentication data input to the local sensor by combining at least one or more calculation methods.
Including,
Registering the bio data of the user,
Registering the bio data of the user by storing the bio template ( x ) converted from the bio data of the user input to the local sensor and the secret key ( sk ₁ , sk ₂ ) generated using the master secret key of the key distribution server step
Authentication method comprising a. The method of claim 4, wherein
Registering the bio data of the user,
Wherein the bio-data from the local sensor is converted into a bio-template (x) of an integer, Bio template of the bio-data, the precision parameter bio template quantization using (Q, S) (x ' 1, x' 2) Storing the secret key (sk ₁ , sk ₂ ) generated using the master secret key ( msk ) and the quantized bio template ( x ' ₁ , x' ₂ ) by the calculated key distribution server.
Authentication method comprising a. In the authentication method performed in the authentication server,
Registering the bio data of the user input to the local sensor as a secret key of the function password; And
Authenticating the bio-authentication data of the user by decrypting the ciphertext calculated based on the bio-authentication data input to the local sensor by combining at least one or more calculation methods.
Including,
The step of authenticating the bio authentication data of the user,
1) Bio template ( y ) converted based on bio authentication data input to the local sensor, master secret key ( msk ) and precision parameter ( R ) of key distribution server or 2) the bio template (y) and the master The biotext is calculated by the local sensor using any one of a secret key msk , and the authentication server decrypts the calculated ciphertext using the secret keys sk ₁ and sk ₂ of the function cipher. Performing an inner product calculation of the converted bio template based on the data and the converted bio template based on the bio certification data
Authentication method comprising a. The method of claim 6,
The step of authenticating the bio authentication data of the user,
In the local sensor, the bio-certification data is converted into an integer bio template ( y ), and 1) the master secret key ( msk ), the bio-template ( y ) and the precision parameter ( R ) of the bio-certification data or 2) Receiving a cipher text ( c ₁ , c ₂ ) calculated using either the master secret key ( msk ) and the bio template ( y ) of the bio-authentication data
Authentication method comprising a. The method of claim 7, wherein
The step of authenticating the bio authentication data of the user,
A dot product of the quantized bio template ( x ' ₁ ) of any one bio data and the quantized bio template ( y' ) of the bio authentication data using a public parameter, a secret key ( sk ₁ , sk ₂ ) and the cipher text (

To obtain
Authentication method comprising a. The method of claim 7, wherein
The step of authenticating the bio authentication data of the user,
A dot product of the quantized bio template ( x ' ₂ ) of the other bio data and the bio template ( y ) of the bio authentication data using the public parameter, the secret key ( sk ₁ , sk ₂ ), and the cipher text (

To obtain
Authentication method comprising a. The method according to any one of claims 8 to 9,
The step of authenticating the bio authentication data of the user,
Determining whether the authentication is successful based on any one of an OR condition, an AND condition, and a weight condition of the at least one cosine similarity calculation method.
The OR condition is,

or

ego,
The AND condition is,

And

ego,
The weight condition is,

sign
Authentication method, characterized in that. In the authentication server,
A register that registers the bio data of the user input to the local sensor as a secret key of a function password; And
An authentication unit for authenticating the user's bio-authentication data by decrypting the cipher text calculated based on the bio-authentication data input to the local sensor by combining at least one calculation method.
Including,
The registration unit,
Registering the bio data of the user by storing the bio template (x) converted from the bio data of the user input to the local sensor and the secret key (sk ₁ , sk ₂ ) generated using the master secret key of the key distribution server
Authentication server.

Images