KR102322435B1 - Method for extracting a same key from fuzzy data and method for authenticating user using the same - Google Patents

Abstract

A method of extracting a key from biometric information is disclosed. The method for extracting the key is performed in a user terminal, and includes a setup step of generating helper data and a first key by using a security constant, a system parameter, and s pieces of first user data, and the system parameter, the helper data, and extracting a second key having the same value as the first key by using second user data, wherein the helper data includes a threshold value and an arbitrary value.

Description

A method for extracting the same key from fuzzy data and a method for user authentication using the same

The present invention relates to a method for extracting a key from fuzzy data such as biometric data and a method for authenticating a user using the same.

ECDSA Elliptic Curve Digital Signature Algorithm.

)와 검증키(Verification key,

)를 출력하며, 검증키(

)는 공개하고 서명키(

)는 안전하게 보관한다. 서명 알고리즘(Sign)에서는 서명자가 서명키(

)를 이용하여 메시지(

)에 대한 서명(

)을 생성하며, 검증 알고리즘(Verify)에서는 검증자가 서명자의 검증키(

)와 메시지(

)를 이용하여 서명(

)을 검증한다.The ECDSA technique is a digital signature that operates on an elliptic curve, and there are a signer that generates a signature and a verifier that verifies the signature. The ECDSA technique consists of three polynomial-time algorithms: a key generation algorithm (KeyGen), a signature algorithm (Sign), and a verification algorithm (Verify). In the key generation algorithm (KeyGen), the signing key (Signing key,

) and the verification key (Verification key,

) and the verification key (

) is public and the signing key (

) are stored safely. In the signature algorithm (Sign), the signer uses the signing key (

) to message (

) for signature (

), and in the verification algorithm (Verify), the verifier uses the signer's verification key (

) and the message (

) to sign (

) is verified.

(Elliptic curve base point), 그리고 위수

(integer order of

)을 포함할 수 있다. ECDSA 기법의 구체적인 동작은 다음과 같다.DSA (Digital Signature Algorithm) is one of the digital signature standards adopted by the US National Institute of Standards and Technology (NIST), and ECDSA refers to a technique that implements DSA on an elliptic curve. It is assumed that the information on the elliptic curve used in the system is shared with users, and the elliptic curve information includes the elliptic curve field and equation, the generator

(Elliptic curve base point), and the order

(integer order of

) may be included. A detailed operation of the ECDSA technique is as follows.

를 입력으로 받아 서명키

(

)와 검증키

(

)를 출력한다. 이때,

는 타원곡선 상에서의 상수 곱(Elliptic curve point multiplication by a scalar)을 의미한다.

는 공개하고

는 안전하게 저장한다.· Key Generation (KeyGen). The signer is a security constant

takes as input the signing key

(

) and the verification key

(

) is output. At this time,

denotes an elliptic curve point multiplication by a scalar.

is disclosed

is stored securely.

과 자신의 서명키

를 입력으로 하여 다음과 같이 서명

를 출력한다.·Sign. The signer is the message to sign

and your signature key

as input to sign as follows

to output

을 계산한다. (

는 암호학적인 해쉬 함수를 의미한다.)①

to calculate (

is a cryptographic hash function.)

의 최상위

비트를

로 설정한다. (

은

의 비트 길이를 의미한다.)②

top of

a bit

set to (

silver

of the bit length.)

를 선택하여 타원곡선 상의 점

를 계산한다.③ Any integer

to select a point on the elliptic curve

to calculate

을 계산한다. (만약

이면, ①로 돌아간다.)④

to calculate (if

If so, return to ①.)

을 계산한다. (만약

이면, ①로 돌아간다.)⑤

to calculate (if

If so, return to ①.)

에 대한 서명

를 출력한다.⑥ Message

signature for

to output

, 메시지

, 그리고 서명자의 검증키

를 입력으로 하여 다음과 같이 서명을 검증한다.·Verify. Validators sign

, message

, and the signer's verification key

is input and the signature is verified as follows.

,

을 만족하는지 확인한다. (만족하지 않으면

를 출력한다.)①

,

check that it satisfies (if not satisfied

prints out.)

을 계산하고,

의 최상위

비트를

로 설정한다.②

calculate,

top of

a bit

set to

을 계산한다.③

to calculate

과

을 계산한다.④

class

to calculate

를 계산한다.⑤ Point on the elliptic curve

to calculate

이 성립하면

를 출력하고, 그렇지 않으면

를 출력한다.⑥

If this is achieved

output, otherwise

to output

Challenge-Response Mechanism.

The question-response mechanism is a method in which the prover responds to the query using its secret value by sending the challenge generated by the verifier to the prover. The important point here is that only a prover who knows the secret value should be able to give a correct response to a given query. If a fixed query is used, an attacker who does not know a valid secret value can eavesdrop on the previous response, store it, and retransmit it. Also, when using expected queries, an attacker could generate a legitimate response without a secret value. Therefore, the freshness of the query must be guaranteed, and for this, the verifier must use a newly generated query value that the prover does not expect. When the verifier asks a random query, the prover's response to it also changes every time.

Republic of Korea Patent No. 1853610 (2018.05.02. Announcement) Republic of Korea Patent Publication No. 2018-0128451 (published on Dec. 3, 2018)

An object of the present invention is to provide a method of extracting the same key from fuzzy data including noise and a method of authenticating a user using the same.

), 시스템 파라미터(

), 및

(

) 개의 제1 사용자 데이터들(

,

,

은 임의의 자연수)을 이용하여 헬퍼 데이터(

)와 제1 키(

)를 생성하는 셋업 단계, 및 상기 시스템 파라미터(

), 상기 헬퍼 데이터(

), 및 제2 사용자 데이터(

)를 이용하여 상기 제1 키(

)와 동일한 값을 갖는 제2 키(

)를 추출하는 키 추출 단계를 포함하고, 상기 헬퍼 데이터(

)는 임계치(

)와 임의의 값(

)을 포함한다.A method of extracting a key according to an embodiment of the present invention is a method of extracting the same key from fuzzy data including noise, performed in a user terminal, and a security constant (

), system parameters (

), and

(

) first user data (

,

,

is an arbitrary natural number) using helper data (

) and the first key (

), and the system parameters (

), the helper data (

), and the second user data (

) using the first key (

) and the second key (

), including a key extraction step of extracting the helper data (

) is the threshold (

) and any value (

) is included.

), 및 검증키(

)를 상기 서버로 송신하는 사용자 등록 단계, 및 상기 적어도 하나의 사용자 단말에 포함되는 제2 사용자 단말이 상기 서버로부터 수신된 질의 메시지에 대응하는 응답 메시지를 상기 서버로 송신하는 사용자 인증 단계를 포함하고, 상기 헬퍼 데이터(

)는 임계치(

)와 임의의 값(

)을 포함하고, 상기 응답 메시지는 상기 질의 메시지에 포함된 질의값(

)에 대한 서명(

)을 포함한다.In addition, the user authentication method according to an embodiment of the present invention is performed between at least one user terminal and a server, and identification information and helper data for a first user terminal included in the at least one user terminal to identify the user (

), and the verification key (

) a user registration step of transmitting to the server, and a second user terminal included in the at least one user terminal comprising a user authentication step of transmitting a response message corresponding to the query message received from the server to the server, and , the helper data (

) is the threshold (

) and any value (

), and the response message is a query value (

) for signature (

) is included.

According to the key extraction method and the authentication method according to an embodiment of the present invention, there is an effect that a cryptographically usable key can be equally extracted every time from fuzzy data including noise without additional secret information.

In addition, by setting an optimal threshold for each user so that different keys are generated from information of different users, the false rejection rate (FRR) and false acceptance rate (FAR) can be lowered. have.

In addition, there is an effect that a key can be efficiently extracted because a complex operation such as exponentiation is not performed.

In order to more fully understand the drawings recited in the Detailed Description of the Invention, a detailed description of each drawing is provided.
1 shows a system according to an embodiment of the present invention.
FIG. 2 is a functional block diagram of the user terminal shown in FIG. 1 .
FIG. 3 is a flowchart illustrating a key extraction method performed in the user terminal shown in FIG. 1 .
FIG. 4 is a flowchart illustrating a user authentication method performed on the system shown in FIG. 1 .
FIG. 5 is a flowchart for explaining the user registration step shown in FIG. 4 .
FIG. 6 is a flowchart for explaining the user authentication step shown in FIG. 4 .

Specific structural or functional descriptions of the embodiments according to the concept of the present invention disclosed in this specification are only exemplified for the purpose of explaining the embodiments according to the concept of the present invention, and the embodiments according to the concept of the present invention are It may be implemented in various forms and is not limited to the embodiments described herein.

Since the embodiments according to the concept of the present invention may have various changes and may have various forms, the embodiments will be illustrated in the drawings and described in detail herein. However, this is not intended to limit the embodiments according to the concept of the present invention to specific disclosed forms, and includes all modifications, equivalents, or substitutes included in the spirit and scope of the present invention.

Terms such as first or second may be used to describe various elements, but the elements should not be limited by the terms. The above terms are used only for the purpose of distinguishing one element from another, for example, without departing from the scope of the inventive concept, a first element may be termed a second element and similarly a second element. A component may also be referred to as a first component.

When a component is referred to as being “connected” or “connected” to another component, it may be directly connected or connected to the other component, but it is understood that other components may exist in between. it should be On the other hand, when it is said that a certain element is "directly connected" or "directly connected" to another element, it should be understood that the other element does not exist in the middle. Other expressions describing the relationship between components, such as "between" and "immediately between" or "neighboring to" and "directly adjacent to", etc., should be interpreted similarly.

The terms used herein are used only to describe specific embodiments, and are not intended to limit the present invention. The singular expression includes the plural expression unless the context clearly dictates otherwise. In the present specification, terms such as "comprise" or "have" are intended to designate that a feature, number, step, operation, component, part, or combination thereof described herein exists, but one or more other features It is to be understood that it does not preclude the possibility of the presence or addition of numbers, steps, operations, components, parts, or combinations thereof.

Unless defined otherwise, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in a commonly used dictionary should be interpreted as having a meaning consistent with the meaning in the context of the related art, and should not be interpreted in an ideal or excessively formal meaning unless explicitly defined in the present specification. does not

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings. However, the scope of the patent application is not limited or limited by these examples. Like reference numerals in each figure indicate like elements.

The present invention proposes a method for extracting the same key (Fuzzy Extractor, FE) using fuzzy data including noise, such as biometric information, and a method for performing user authentication using the same. The biometric information may include iris information, fingerprint information, vein information, face image information, and the like. Specifically, the present invention consists of (1) a method of setting an optimal threshold for each user, (2) a method of extracting a key from user data and helper data, and (3) an authentication protocol using the same.

User data and thresholds are expressed in the form of vectors (or real vectors). A method of extracting user data in a vector form is widely known. For example, a method using a Gabor filter or a minutiae point is representative. The privacy of the user's data must be protected throughout the system, and the user's helper data including the threshold is disclosed.

와

의 거리는

로 정의될 수 있다.

가 임계치

보다 작다는 것은 모든

에 대하여

를 만족한다는 것을 의미한다. 또한, 상기

은 2 보다 크거나 같은 임의의 자연수(Natural number)일 수 있다.Two vectors herein

Wow

distance of

can be defined as

fall threshold

less than all

about

means that it satisfies Also, said

may be any natural number greater than or equal to 2.

는 반올림 연산(Rounding operation)을 의미하며,

는

를 키로 하는 의사난수함수(Pseudo-random function, PRF)를 의미한다.Also, in the present invention

means a rounding operation,

Is

It means a pseudo-random function (PRF) with a key.

Hereinafter, the present invention will be described in more detail.

(1) How to set a threshold for each user using user data

In order to minimize FRR (False Rejection Rate) and FAR (False Acceptance Rate) in the process of user authentication, it is necessary to set the optimal threshold for each user using the user data input during the registration process. do. The method of setting the threshold for each user consists of two steps: initialization (Init) and threshold generation (ThreGen).

reset( Init )

와 임계치의 대푯값('제2 대푯값'이라 명명될 수도 있음)

을 설정하여야 한다.

(

는 2 이상의 자연수) 개의 사용자 데이터

를 입력받았을 때, 아래와 같이

(

)번째 위치의 대푯값

와

를 생성한다.In order to set a threshold optimized for each user, a representative value of user data (which may be called a 'first representative value') from the user data input in the registration step first

and a representative value of the threshold (may also be referred to as a 'second representative value')

should be set.

(

is a natural number greater than or equal to 2) user data

When input is received,

(

) the representative value of the position

Wow

create

에서 이상치(Outlier)를 제거한다. 이상치를 제외한 데이터의 집합을

라고 하며, 이때의 인덱스(Index) 집합

는

를 만족한다. 본 단계는 데이터의 편차를 줄이기 위한 것이므로, 실시예에 따라 본 단계는 생략될 수도 있다. 이 경우, 단계 ②와 단계 ③에서는 이상치가 제거되지 않은 사용자 데이터

를 이용하여 대푯값을 설정할 수도 있다.①

Remove outliers from A set of data excluding outliers

, and the set of indexes at this time

Is

is satisfied with Since this step is to reduce data deviation, this step may be omitted depending on the embodiment. In this case, user data for which outliers are not removed in steps ② and ③

can also be used to set a representative value.

에서 이상치가 제거된 나머지 값들

을 대표하는 값을

로 설정한다. 대푯값으로는 평균(산술 평균, 기하 평균, 조화 평균, 가중 평균 등), 중앙값, 최빈값 등의 다양한 통계 지표가 사용될 수 있으며, 사용되는 환경에 따라 다르게 설정될 수 있다.②

Remaining values from which outliers have been removed

a value representing

set to As representative values, various statistical indicators such as mean (arithmetic mean, geometric mean, harmonic mean, weighted mean, etc.), median, and mode may be used, and may be set differently depending on the environment in which they are used.

에서 이상치가 제거된 나머지 값들

에 대하여 아래 수학식 1과 같이 임계치의 대푯값

를 설정한다.③

Remaining values from which outliers have been removed

A representative value of the threshold as shown in Equation 1 below for

to set

는 양의 실수로써

로 설정될 수 있으나, 시스템에서 사용하는 퍼지 데이터의 특성이나 응용 환경에 따라서 상이한 값으로 설정될 수도 있다.In Equation 1 above

is a positive real number

However, it may be set to a different value depending on the characteristics of the fuzzy data used in the system or the application environment.

In step ①, the outlier may be removed through a method using the IQR rule (Interquartile Range rule), Grubb's test, robust test, or the like. However, the scope of the present invention is not limited thereto, and a suitable outlier removal method may be used according to the characteristics of the fuzzy data used in the system or the application environment.

Create threshold ( ThreeGen )

,

을 이용하여 다음과 같이 사용자에게 최적화된 임계치 벡터

를 생성할 수 있다.Representative value set in the initialization phase

,

Threshold vector optimized for the user as follows using

can create

에 대하여

를 계산한다.① All

about

to calculate

에 대하여

와

를 계산한다.② All

about

Wow

to calculate

에 대하여

중

가 더 작은

를

로 설정한다.③ All

about

middle

is smaller

cast

set to

를 출력한다.④ Threshold

to output

로 설정할 수도 있으며, 설정 방법은 응용 환경에 따라 달라질 수 있다.In step ③ of the above-described threshold generation process, the smaller of the two values is selected.

It can also be set to , and the setting method may vary depending on the application environment.

(2) noise How to extract a key from embedded user data

,

의 거리가 임계치

보다 작은 경우(또는 작거나 같은 경우), 두 개의 데이터로부터 동일한 키가 생성되어야 한다.two user data

,

distance is the threshold

If less than (or less than or equal to), the same key must be generated from the two pieces of data.

는 의사난수함수

와 암호학적 해쉬 함수

로 구성되며, 시스템 내 모든 사용자는 동일한 시스템 파라미터를 사용한다. 즉, 시스템 파라미터

는 사전에 공개되어 모든 사용자 단말 각각에 의해 공유된 정보일 수 있다.system parameters

is a pseudo-random function

and cryptographic hash functions

, and all users in the system use the same system parameters. i.e. system parameters

may be information that has been previously disclosed and shared by each of all user terminals.

The method of extracting a cryptographic key from user data containing noise consists of the following two algorithms.

set up (FE.Setup)

와 시스템 파라미터

, 및

개의 사용자 데이터

를 입력으로 받아 다음과 같이 사용자 헬퍼 데이터

와 키

를 생성한다.security constant

and system parameters

, and

user data

takes as input the user helper data as

with key

create

와 사용자 임계치

를 설정한다.① A representative value of user data using the method (Init, ThreGen) of (1) described above

and user threshold

to set

를 랜덤하게 선택한다.②

is randomly selected.

에 대하여

를 계산한다.③ All

about

to calculate

에 대하여

를 계산한다.④ all

about

to calculate

를 계산한다.⑤

to calculate

와 키

를 출력한다.⑥ User helper data

with key

to output

Key Extraction Function (FE.Extract)

, 사용자 헬퍼 데이터

, 및 사용자의 데이터

을 입력으로 받아 다음과 같이 키

를 생성한다.system parameters

, user helper data

, and your data

takes as input and the key as

create

에 대하여

를 계산한다.① All

about

to calculate

에 대하여

를 계산한다.② All

about

to calculate

를 계산한다.③

to calculate

를 출력한다.④ key

to output

와 사용자의 데이터

사이의 거리가 임계치보다 작다면(또는 작거나 같다면), 키 추출 함수(EF.Extract)를 통해 추출된 키와 셋업(EF.Setup) 과정에서 생성된 키는 동일한 값을 가져야 한다.Here, the user's data representative value

and user data

If the distance between them is less than (or less than or equal to) the threshold, the key extracted through the key extraction function (EF.Extract) and the key generated in the setup (EF.Setup) process must have the same value.

(3) User authentication protocol in server-user model

In the server-user model, the user authenticates himself to the server. In this case, the user performs authentication using unique characteristics such as the user's biometric information without a password or other secret information. The authentication protocol consists of a registration step and an authentication step, and is designed using a function that extracts a key from user data containing noise and the ECDSA digital signature technique.

The specific steps of the authentication protocol are as follows. Here, the two algorithms of the function that extract the key from user data containing noise are expressed as FE.Setup and FE.Extract, respectively (described in (2)), and the three algorithms of the ECDSA technique are KeyGen, Sign, and Verify, respectively. express it

와 ECDSA에서 사용되는 타원곡선에 대한 정보는 시스템 전체적으로 사용되는 공개된 값으로, 시스템 내 모든 사용자들에게 주어진 값으로 가정한다.System parameters used by the fuzzy extractor (FE)

The information on the elliptic curve used in and ECDSA is a public value used throughout the system and is assumed to be a value given to all users in the system.

Enrollment Phase

를 추출한다.・Users have their own characteristic data such as biometric information

to extract

와 키

를 생성한다.・Users perform FE.Setup to obtain user helper data

with key

create

를 서명키

로 하는 검증키

를 생성한다. 즉, FE.Setup을 통해 생성된 키

가 바로 ECDSA의 서명키

로 사용되며, 이는 KeyGen에서

를 랜덤하게 선택하는 과정을 FE.Setup이 대체한다고 볼 수 있다.·Users perform KeyGen to

signing key

verification key with

create That is, the key generated through FE.Setup

is the signature key of ECDSA

, which is used by KeyGen

It can be seen that FE.Setup replaces the process of randomly selecting .

와 함께

를 등록한다.・Users have their IDs on the server

with

register

Authentication Phase

를 서버에 전송하고, 서버는 그에 대응하는 사용자 헬퍼 데이터

와 질의값

를 사용자에게 전송한다.・Users first enter their ID

to the server, and the server sends the corresponding user helper data

and query value

is sent to the user.

를 추출한다.・Users have their own characteristic data

to extract

를 생성한다.· The user executes FE.Extract to sign key

create

에 대한 서명

를 생성하고, 이를 서버에 전송한다. 즉, 서명

는 질의

에 대한 응답

으로 볼 수 있다.· Users sign

signature for

, and send it to the server. i.e. signature

is the query

response to

can be seen as

가

에 대한 사용자의 정당한 서명인지를 검증한다.· Server performs Verify

go

Verifies whether the user's signature is valid.

이면 정당한 사용자로, 출력이

이면 정당하지 않은 사용자로 판단한다.· output

If it is a legitimate user, the output is

Otherwise, it is judged as an invalid user.

1 shows a system according to an embodiment of the present invention.

Referring to FIG. 1 , a system 10 includes a plurality of user terminals 100 and a server 300 . Each of the plurality of user terminals 100 may perform an authentication operation with the server 300 in order to receive a predetermined content or service from the server 300 . The server 300 may provide predetermined content or services only to the user terminal that has completed the authentication operation.

Each of the plurality of user terminals 100 may extract the same key from the fuzzy data, and may perform an authentication operation with the server 300 using the extracted key. Each of the plurality of user terminals 100 is a computing device including at least one processor and a memory, and includes a personal computer (PC), a tablet PC, a notebook, a net-book, and an e-reader ( a data processing device such as an e-reader), a personal digital assistant (PDA), a portable multimedia player (PMP), an MP3 player, or an MP4 player, or a handheld device such as a mobile phone or a smart phone ( It can be implemented as a handheld device).

, 그리고 위수(integer order of

)

이 포함할 수 있다.The user terminal 100 and the server 300 included in the system 10 generate a signature using any electronic signature technique (eg, Digital Signature Algorithm (DSA), Elliptic Curve Digital Signature Algorithm (ECDSA), etc.) or Verification of the generated signature can be performed. In particular, when the ECDSA technique is used, it is assumed that the information on the elliptic curve used (elliptic curve information) is shared with the user terminals 100 and the server 300, and the elliptic curve information is the elliptic curve body and the equation ( Elliptic curve field and equation, Elliptic curve base point

, and the integer order of

)

This may include

In addition, although only four user terminals are illustrated in FIG. 1 , the present invention is not limited to the number of user terminals. Also, at least some of the plurality of user terminals may be terminals used by one user, or each terminal may be terminals of different users. That is, each user may perform an authentication operation with the server 300 using at least one terminal.

Specific operations of each of the plurality of user terminals 100 and the server 300 will be described later.

FIG. 2 is a functional block diagram of the user terminal shown in FIG. 1 .

Referring to FIG. 2 , the user terminal 100 includes a setup unit 110 and a key extraction unit 130 . According to an embodiment, the user terminal 100 may further include at least one of a registration unit 150 , an authentication unit 170 , and a storage unit 190 .

와 시스템 파라미터

, 및

(

) 개의 사용자 데이터

를 입력으로 받아 헬퍼 데이터

를 생성할 수 있다. 실시예에 따라, 셋업부(110)는 키

를 더 생성할 수도 있다. 이때, 시스템 파라미터

는 공개된 값으로, 사용자 단말(100)과 서버(300) 사이에서 미리 공유되어 저장부(190)에 저장되어 있는 정보일 수 있다.The setup unit 110 is a security constant

and system parameters

, and

(

) user data

Takes as input the helper data

can create According to the embodiment, the setup unit 110 is a key

can also be created. At this time, the system parameters

is a public value, and may be information previously shared between the user terminal 100 and the server 300 and stored in the storage unit 190 .

는 상기 퍼지 데이터로부터 추출된 데이터로써, 벡터(예컨대, 실수 벡터) 형태일 수 있다. 따라서, 셋업부(110)는 사용자로부터 입력받은 복수의 퍼지 데이터를 벡터 형태로 변화하는 동작을 수행할 수도 있다.Also, the setup unit 110 may receive fuzzy data multiple times (eg, s times) from the user through a predetermined interface. said user data

is data extracted from the fuzzy data, and may be in the form of a vector (eg, a real vector). Accordingly, the setup unit 110 may perform an operation of changing a plurality of fuzzy data received from a user into a vector form.

는 미리 입력받은 후 저장부(190)에 저장되어 있는 데이터일 수도 있다.According to an embodiment, the user data

may be data stored in the storage unit 190 after being input in advance.

의 생성 과정 및/또는 키

의 생성 과정은 다음과 같다.Helper data by the setup unit 110

creation process and/or key of

The creation process is as follows.

와 사용자 임계치

를 설정한다.① A representative value of user data using the method (Init, ThreGen) of (1) described above

and user threshold

to set

를 랜덤하게 선택한다.②

is randomly selected.

에 대하여

를 계산한다.③ All

about

to calculate

에 대하여

를 계산한다.④ all

about

to calculate

를 계산한다.⑤

to calculate

와 키

를 출력한다.⑥ User helper data

with key

to output

와 임의의 비트 스트림

(

)를 포함하는 헬퍼 데이터

를 생성할 수 있다. 또한, 셋업부(110)는 상술한 과정을 통하여 키

를 생성할 수도 있다.That is, the setup unit 110 is a threshold

and random bitstream

(

helper data containing )

can create In addition, the setup unit 110 through the above-described process

can also create

와 키

를 생성하고, 생성된 헬퍼 데이터

와 키

를 등록부(150)로 전송할 수도 있다. 실시예에 따라, 셋업부(110)는 임의의 서명 기법(예컨대, ECDSA 기법)의 키 생성 알고리즘(KeyGen)을 수행하여 키

를 서명키

로 하는 검증키

를 생성하고, 생성된 검증키

를 헬퍼 데이터

와 함께 등록부(150)로 송신할 수도 있다.In addition, the setup unit 110 according to the request of the registration unit 150, helper data

with key

, and the generated helper data

with key

may be transmitted to the registration unit 150 . According to an embodiment, the setup unit 110 performs a key generation algorithm (KeyGen) of an arbitrary signature technique (eg, ECDSA technique) to obtain a key

signing key

verification key with

and the generated verification key.

helper data

It may be transmitted to the registration unit 150 together with

, 사용자의 헬퍼 데이터

, 및 사용자의 데이터

를 입력으로 받아 키

를 생성(또는 추출)할 수 있다. 이때, 소정의 인터페이스를 통하여 사용자로부터 퍼지 데이터를 입력받을 수 있다. 사용자 데이터

은 상기 퍼지 데이터로부터 추출된 데이터로써, 벡터(예컨대, 실수 벡터) 형태일 수 있다. 따라서, 키 추출부(130)는 사용자로부터 입력받은 복수의 퍼지 데이터를 벡터 형태로 변화하는 동작을 수행할 수도 있다.The key extraction unit 130 is a system parameter

, the user's helper data

, and your data

take as input the key

can be created (or extracted). In this case, fuzzy data may be input from the user through a predetermined interface. user data

is data extracted from the fuzzy data, and may be in the form of a vector (eg, a real vector). Accordingly, the key extractor 130 may perform an operation of changing the plurality of fuzzy data received from the user into a vector form.

를 생성하거나 추출할 수 있다.Specifically, the key extraction unit 130 performs the following process

can be created or extracted.

에 대하여

를 계산한다.① All

about

to calculate

에 대하여

를 계산한다.② All

about

to calculate

를 계산한다.③

to calculate

를 출력한다.④ key

to output

와 사용자 데이터의 대푯값

사이의 거리

가 미리 정해진 임계치

보다 작거나 같아야(또는 작아야) 한다. 이를 위해, 키 추출부(130)는 사용자 데이터

와 사용자 데이터의 대푯값

사이의 거리

가 미리 정해진 임계치

보다 작은지(또는 작거나 같은지)를 판단한 후 이를 만족하는 경우에만 키 추출 동작을 수행할 수 있다. Through the above-described process, the key extractor 130 may extract a key having the same value every time from the fuzzy data including noise. Of course, the user data from which the key is extracted

and representative values of user data

distance between

is a predetermined threshold

It must be less than or equal to (or less than). To this end, the key extraction unit 130 is the user data

and representative values of user data

distance between

is a predetermined threshold

After determining whether it is less than (or less than or equal to), the key extraction operation can be performed only when it is satisfied.

는 상기 사용자를 인증하기 위한 과정 등에 이용될 수 있다. The key generated by the key extractor 130

may be used in a process for authenticating the user.

으로부터 키

를 추출한고 추출된 키

를 인증부(170)로 전송할 수도 있다. 이때, 키

는 임의의 전자 서명 기법(예컨대, ECDSA 기법)에서 사용되는 서명키

로 설정되기 때문에, 키 추출부(130)는 서명키

를 생성한 후 생성된 서명키

를 인증부(170)로 전송하는 것으로 이해될 수도 있다.In addition, the key extraction unit 130 according to the request of the authentication unit 170, user data

key from

and extract the extracted key

may be transmitted to the authenticator 170 . At this time, the key

is a signing key used in any digital signature technique (eg, ECDSA technique)

Since it is set to , the key extraction unit 130

Signing key generated after creating

may be understood to be transmitted to the authenticator 170 .

The registration unit 150 may register a user of the user terminal 100 through wired/wireless communication with the server 300 .

Specifically, the registration unit 150 may transmit a registration request message requesting registration of the user to the server 300 . In this case, the server 300 may transmit a registration information request message requesting information necessary for registration to the registration unit 150 in response to the registration request message.

와 임의의 비트 스트림

를 포함하는 헬퍼 데이터

, 및 상기 사용자의 검증키

를 포함할 수 있다. 이때, 상기 식별 정보는 소정의 인터페이스를 통하여 상기 사용자로부터 입력받은 것이거나 입력받은 후 저장부(190)에 저장되어 있는 것일 수 있다.Also, in response to the registration information request message, the registration unit 150 may transmit registration information, which is information required for registration of the user, to the server 300 . The registration information includes identification information for identifying the user (eg, an identifier such as an ID), a threshold

and random bitstream

helper data containing

, and the user's verification key

may include. In this case, the identification information may be input from the user through a predetermined interface or may be stored in the storage unit 190 after being input.

및/또는 상기 사용자의 검증키

는 셋업부(110)에 의해 생성된 후 등록부(150)로 전송되거나 셋업부(110)에 의해 생성된 후 저장부(190)에 저장된 것일 수 있다. 실시예에 따라, 셋업부(110)는 생성된 키

를 등록부(150)로 전송하고, 등록부(150)는 임의의 전자 서명 기법(예컨대, ECDSA 기법)의 키 생성 알고리즘(KeyGen)을 수행하여 키

를 서명키

로 하는 검증키

를 생성할 수도 있다.Also, helper data

and/or the user's verification key

may be generated by the setup unit 110 and then transmitted to the registration unit 150 or stored in the storage unit 190 after being generated by the setup unit 110 . According to an embodiment, the setup unit 110 generates the key

to the registration unit 150, and the registration unit 150 performs a key generation algorithm (KeyGen) of any electronic signature technique (eg, ECDSA technique) to obtain a key

signing key

verification key with

can also create

The registration information transmitted by the registration unit 150 is safely stored in the server 300, thereby completing the registration process for the user. After the registration of the user is completed, the registration unit 150 may receive a registration completion message, which is a message indicating registration completion, from the server 300 .

The authenticator 170 may perform an authentication operation for the user through wired/wireless communication with the server 300 . The authentication operation by the authentication unit 170 will be described in detail as follows.

First, the authentication unit 170 may transmit an authentication request message, which is a message requesting authentication for a user, to the server 300 . In this case, the authentication request message may include identification information for identifying the user (eg, an identifier such as an ID of the user).

와 질의값

을 포함할 수 있다.The server 300 receiving the authentication request message may transmit a query message for authentication of the user to the authentication unit 170 . The query message includes helper data corresponding to the user, that is, the identification information.

and query value

may include.

에 대한 서명

을 생성하고, 생성된 서명

를 서버(300)로 송신할 수 있다.The authenticator 170 may transmit a response message to the server 300 in response to the query message. The response message is a query value

signature for

to generate the generated signature

may be transmitted to the server 300 .

에 서명

가 임의의 서명 기법(예컨대, ECDSA(Elliptic Curve Digital Signature Algorithm))의 서명 알고리즘(예컨대, ECDSA의 서명 알고리즘(Sign))을 통해 생성되는 경우, 서명을 위한 서명키

가 필요하다. 서명키

는 키 추출부(130)에 의해 생성된 키

로써, 키 추출부(130)로부터 인증부(170)로 전송될 수 있다. 또한, 키 추출부(130)는 사용자로부터 수신된 데이터를 이용하여 키

를 생성할 수 있다.query value

sign on

When is generated through a signature algorithm (eg, ECDSA's signature algorithm (Sign)) of an arbitrary signature technique (eg, Elliptic Curve Digital Signature Algorithm (ECDSA)), a signing key for signing

is needed signing key

is the key generated by the key extraction unit 130

Accordingly, it may be transmitted from the key extraction unit 130 to the authentication unit 170 . In addition, the key extraction unit 130 uses the data received from the user to

can create

FIG. 3 is a flowchart illustrating a key generation method performed in the user terminal shown in FIG. 1 .

First, the key generation method may include a setup step (S11, S13, S15) performed by a first user terminal and a key extraction step (S17) performed by a second user terminal. The first user terminal and the second user terminal may mean the same terminal, but may mean different terminals according to embodiments. In addition, in the description of the key generation method, descriptions of contents overlapping with those described above will be omitted.

로부터 데이터의 대푯값

과 임계치

를 설정할 수 있다(S11).First, the setup unit of the first user terminal is a plurality of first user data

Representative values of data from

and threshold

can be set (S11).

를 구성하는 임의의 값

를 선택할 수 있다(S13). 또한, 상기 셋업부는 상기 임의의 값

와 임계치

를 포함하는 사용자 헬퍼 데이터

와 제1 키

를 생성할 수 있다(S15). 셋업 단계에서 수신되는 데이터, 생성되는 데이터 등은 상기 제1 사용자 단말의 저장부에 저장될 수 있다.After that, the setup unit is a user's helper data

any value that makes up

can be selected (S13). In addition, the set-up unit is the arbitrary value

and threshold

User helper data containing

and the first key

can be generated (S15). Data received in the setup step, generated data, etc. may be stored in a storage unit of the first user terminal.

를 수신하고, 상기 제2 사용자 데이터로부터 제2 키

를 추출할 수 있다(S17). 상기 데이터의 대푯값

과 상기 제2 사용자 데이터

의 거리는 임계치

보다 작기 때문에 제2 키

와 제1 키

는 동일한 값을 가질 수 있다.The key extracting unit of the second user terminal receives the second user data from the user.

receiving a second key from the second user data

can be extracted (S17). Representative values of the data

and the second user data

distance of the threshold

2nd key because less than

and the first key

may have the same value.

FIG. 4 is a flowchart illustrating a user authentication method performed on the system shown in FIG. 1 .

1 to 4 , the authentication method using fuzzy data (eg, biometric data of a user) includes a user registration step S100 and a user authentication step S300 .

The user registration step (S100) is a step of registering a user with the server 300 in order to receive a predetermined content or service from the server 300, and the user authentication step (S300) is a predetermined content or service from the server 300 It means a step of receiving authentication from the server 300 for authenticating the user to receive the. A user whose authentication has been completed may be provided with contents or services from the server 300 .

Specific details of the user registration step ( S100 ) and the user authentication step ( S300 ) will be described with reference to FIGS. 5 and 6 .

FIG. 5 is a flowchart for explaining the user registration step shown in FIG. 4 .

A user must register with the server 300 to receive content or services from the server 300 . To this end, the registration unit 150 of the user terminal 100 may transmit a registration request message for requesting registration of the user to the server 300 (S110).

In response to the registration request message received from the user terminal 100 , the server 300 transmits a registration information request message requesting registration information of a user to be registered to the user terminal 100 , The registration unit 150 may receive the registration information request message (S130).

The registration unit 150 may transmit the user's registration information to the server 300 in response to the registration information request message (S150). The registration information is information necessary to register the user with the server 300 , and may include identification information, helper data, and a verification key. The identification information is information for identifying the user and means an identifier such as a user ID, and the helper data means data used in the process of generating a response message by the user terminal 100 in the user authentication step, , the verification key may mean a key for verifying the signature transmitted by the user terminal 100 to the server 300 in the user authentication step.

After receiving the registration information, the server 300 may transmit the registration completion message to the user terminal 100 after storing the registration information in an internal storage device (S170).

Through the above-described process, registration for the user may be completed.

FIG. 6 is a flowchart for explaining the user authentication step shown in FIG. 4 . The user terminal performing the user registration step and the user terminal performing the user authentication step may be one terminal or different terminals. That is, the user may perform the user authentication step by using a user terminal that has performed the user registration step or using a user terminal different from the user terminal that has performed the user registration step.

In order for a user to receive a predetermined content or service from the server 300 , authentication of the user must be completed. To this end, the authentication unit 170 of the user terminal 100 may transmit an authentication request message requesting authentication for the user to the server 300 (S310). In this case, the authentication request message may include identification information for identifying the user (eg, an identifier such as an ID of the user).

및/또는 질의값

을 포함할 수 있다. 헬퍼 데이터

는 사용자 등록 단계에서 사용자 단말(100)로부터 수신되어 서버(300)에 저장되어 있는 정보일 수 있다. 사용자 등록 단계를 수행한 단말과 사용자 인증 단계를 수행하는 사용자 단말이 동일한 경우, 헬퍼 데이터

는 사용자 단말(100) 내에 저장되어 있을 수 있어 별도의 송신 과정이 불필요할 수 있다. 그러나, 사용자 등록 단계를 수행한 사용자 단말과 사용자 인증 단계를 수행하는 사용자 단말이 다를 경우, 헬퍼 데이터

는 사용자 단말 내에 존재하지 않기 때문에, 사용자 인증을 수행하는 사용자 단말은 서버(300)로부터 헬퍼 데이터

를 수신하여야 한다. 즉, 사용자 등록 단계와 사용자 인증 단계를 동일한 사용자 단말이 수행하는 경우, 상기 질의 메시지에는 헬퍼 데이터

가 포함되어 있지 않을 수도 있다.Upon receiving the authentication request message from the user terminal 100, the server 300 may transmit a query message to the user terminal 100 (S330). The query message is helper data

and/or query value

may include. helper data

may be information received from the user terminal 100 in the user registration step and stored in the server 300 . When the terminal performing the user registration step and the user terminal performing the user authentication step are the same, helper data

may be stored in the user terminal 100, so a separate transmission process may be unnecessary. However, when the user terminal performing the user registration step and the user terminal performing the user authentication step are different, helper data

does not exist in the user terminal, the user terminal performing user authentication is the helper data from the server 300

should receive That is, when the same user terminal performs the user registration step and the user authentication step, the query message includes helper data.

may not be included.

에 대한 서명

이 포함될 수 있다. 서명

을 생성하기 위해 필요한 서명키

는 키 추출부(130)에 의해 생성된 후 인증부(170)로 전송될 수 있다.Upon receiving the query message, the authenticator 170 may generate a response message and transmit the response message to the server 300 (S350). The response message includes a query value

signature for

may be included. signature

Signing key required to generate

may be generated by the key extraction unit 130 and then transmitted to the authentication unit 170 .

을 수신한 서버(300)는 미리 저장되어 있는 검증키

를 이용하여 서명

을 검증할 수 있다. 실시예에 따라, 서버(300)는 ECDSA 기법의 검증 알고리즘(Verify)을 이용하여 서명

을 검증할 수 있다. 서명

에 대한 검증이 성공적으로 완료된 경우, 서버(300)는 인증 완료 메시지를 사용자 단말(100)로 송신할 수 있다.signature from the user terminal 100

The server 300 receiving the verification key stored in advance

sign using

can be verified. According to the embodiment, the server 300 is signed using the verification algorithm (Verify) of the ECDSA technique.

can be verified. signature

When the verification is successfully completed, the server 300 may transmit an authentication completion message to the user terminal 100 .

The device described above may be implemented as a hardware component, a software component, and/or a set of hardware components and software components. For example, the devices and components described in the embodiments may include, for example, a processor, a controller, an arithmetic logic unit (ALU), a digital signal processor, a microcomputer, a field programmable array (FPA), and a PLU. It may be implemented using one or more general purpose computers or special purpose computers, such as a Programmable Logic Unit (Programmable Logic Unit), a microprocessor, or any other device capable of executing and responding to instructions. The processing device may execute an operating system (OS) and one or more software applications executed on the operating system. The processing device may also access, store, manipulate, process, and generate data in response to execution of the software. For convenience of understanding, although one processing device is sometimes described as being used, one of ordinary skill in the art will recognize that the processing device includes a plurality of processing elements and/or a plurality of types of processing elements. It can be seen that can include For example, the processing device may include a plurality of processors or one processor and one controller. Other Processing Configurations are also possible, such as a Parallel Processor.

The software may include a computer program, code, instructions, or a combination of one or more of these, and configure the processing device to operate as desired or independently or collectively processed You can command the device. The software and/or data may be any type of machine, component, physical device, virtual equipment, computer storage medium or device, to be interpreted by or provide instructions or data to the processing device. , or may be permanently or temporarily embodied in a transmitted signal wave (Signal Wave). The software may be distributed over networked computer systems, and stored or executed in a distributed manner. Software and data may be stored in one or more computer-readable recording media.

The method according to the embodiment may be implemented in the form of program instructions that can be executed through various computer means and recorded in a computer-readable medium. The computer-readable medium may include program instructions, data files, data structures, etc. alone or preferably. The program instructions recorded on the medium may be specially designed and configured for the embodiment, or may be known and used by those skilled in the art of computer software. Examples of the computer-readable recording medium include magnetic media such as hard disks, floppy disks, and magnetic tapes, optical recording media such as CD-ROMs and DVDs, and magnetic media such as floppy disks. - Includes hardware devices specially configured to store and execute program instructions, such as Magneto-optical Media, ROM, RAM, Flash memory, and the like. Examples of program instructions include not only machine language codes such as those generated by a compiler, but also high-level language codes that can be executed by a computer using an interpreter or the like. The hardware devices described above may be configured to operate as one or more software modules to perform the operations of the embodiments, and vice versa.

Although the present invention has been described with reference to the embodiment shown in the drawings, this is merely exemplary, and those skilled in the art will understand that various modifications and equivalent other embodiments are possible therefrom. For example, the described techniques are performed in an order different from the described method, and/or the described components of the system, structure, apparatus, circuit, etc. are combined or combined in a different form than the described method, or other components Or substituted or substituted by equivalents may achieve an appropriate result. Accordingly, the true technical protection scope of the present invention should be determined by the technical spirit of the appended claims.

10: system
100: user terminal
110: setup unit
130: key extraction unit
150: register
170: authentication unit
300 : server

Claims (9)

In the method of extracting the same key from fuzzy data including noise, performed in a user terminal,
security constant (

), system parameters (

), and

(

) first user data (

,

,

is an arbitrary natural number) using helper data (

) and the first key (

) to create a setup step; and
The system parameters (

), the helper data (

), and the second user data (

) using the first key (

) and the second key (

) comprising a key extraction step of extracting,
The helper data (

) is the threshold (

) and any value (

) containing,
How to extract the key.
According to claim 1,
The setup step is
A first representative value representing the first user data (

) and the threshold (

) to set;
Any value above (

) to select; and
the first key (

) comprising the step of creating
How to extract the key.
3. The method of claim 2,
The first representative value (

) and the threshold (

) is set,
removing an outlier among the first user data;
The first user data from which the outlier has been removed (

,

Any one of the mean, median, and mode of the first representative value (

) to set;
Using the first equation, the second representative value (

) to set;
every

(

) for the first calculated value (

) to calculate;
every

(

) for the second calculated value (

) and the third calculated value (

) to calculate; and
every

(

)about,

(

) is smaller

cast

or set to

is bigger

cast

comprising the steps of setting
The first equation is

ego,
remind

is a positive real number,
How to extract the key.
4. The method of claim 3,
the first key (

) to create the step,
every

(

) for the fourth calculated value (

) to calculate;
every

(

) for the fifth calculated value (

) to calculate;
6th calculated value (

) to calculate; and
The system parameters (

) in the cryptographic hash function (

) using the first key (

) comprising the steps of creating
The system parameters (

) included in the above

Is

is a pseudo-random function (PRE) with a key,
remind

means a rounding operation,
How to extract the key.
3. The method of claim 2,
The key extraction step is
every

(

) for the first calculated value (

) to calculate;
every

(

) for the second calculated value (

) to calculate;
the third calculated value (

) to calculate; and
The system parameters (

) in the cryptographic hash function (

) using the second key (

) comprising the steps of creating
The system parameters (

) included in

Is

is a pseudo-random function with a key,
remind

means a rounding operation,
How to extract the key.
In the method of authenticating a user, performed between at least one user terminal and a server,
Identification information, helper data (

), and the verification key (

) a user registration step of transmitting to the server; and
a user authentication step in which a second user terminal included in the at least one user terminal transmits a response message corresponding to the query message received from the server to the server,
The helper data (

) is the threshold (

) and any value (

), including
The response message is a query value (

) for signature (

) containing,
How to authenticate users.
7. The method of claim 6,
The user registration step is
transmitting, by the first user terminal, a registration request message to the server;
and transmitting, by the first user terminal, registration information corresponding to the registration information request message received from the server to the server,
The registration information includes the identification information, the helper data (

), and the verification key (

), including
The helper data (

)Is,

(

) first user data (

,

,

is the first representative value (

) and the threshold (

) to set; and
Any value above (

) is created by performing the step of selecting
The first representative value (

) and the threshold (

)Is,
removing an outlier among the first user data;
The first user data from which the outlier has been removed (

,

Any one of the mean, median, and mode of the first representative value (

) to set;
Using the first equation, the second representative value (

) to set;
every

(

) for the first calculated value (

) to calculate;
every

(

) for the second calculated value (

) and the third calculated value (

) to calculate; and
every

(

)about,

(

) is smaller

cast

or set to

is bigger

cast

It is created by performing the steps of setting
The first equation is

ego,
the verification key (

)Is,
every

(

) for the fourth calculated value (

) to calculate;
every

(

) for the fifth calculated value (

) to calculate;
6th calculated value (

) to calculate; and
system parameters (

) in the cryptographic hash function (

) to the first key (

) is created by performing the steps of generating
The system parameters (

) included in the above

Is

is a pseudo-random function with a key,
the verification key (

) is the first key (

)ego,
remind

means a rounding operation,
How to authenticate users.
7. The method of claim 6,
The user authentication step is
transmitting, by the second user terminal, an authentication request message including the identification information to the server;
The second user terminal is the helper data (

) and the query value (

) receiving a query message including a from the server; and
and transmitting, by the second user terminal, a response message corresponding to the query message to the server,
The response message is the query value (

) for signature (

), including
the signature (

) to generate a signing key (

) is the system parameter (

), the helper data (

), and the second user data (

) is created using
the signing key (

)Is,
every

(

) for the first calculated value (

) to calculate;
every

(

) for the second calculated value (

) to calculate;
the third calculated value (

) to calculate; and
system parameters (

) in the cryptographic hash function (

) to the second key (

) is created by performing the steps of generating
the signing key (

) is the second key (

)ego,
The system parameters (

) included in the above

Is

is a pseudo-random function with a key,
remind

means a rounding operation,
How to authenticate users.
9. The method of claim 8,
The server is the verification key (

) to the signature (

) to verify,
How to authenticate users.

Images