KR20180069669A - System for non-password secure biometric digital signagure - Google Patents

Abstract

The present invention relates to a digital signature system safe from a public key certificate leakage and a password detection attack on a private key. The digital signature system having no password using biometric information according to the present invention stores the private key of an authentication certificate encrypted with biometric information in a safe storage place, performs authentication and digital signature securely in a secure execution environment, converts the feature information of a fingerprint into a bio template to encrypt the private key, and provides an extensible framework to integrate various authentication techniques provided by an FIDO supporting terminal with an authentication certificate as a result of chemically combining FIDO, which is a global authentication technology standard, with a national authentication system. The digital signature system includes a client and a service providing sever.

Description

[0001] SYSTEM FOR NON-PASSWORD SECURE BIOMETRIC DIGITAL SIGNAGURE [0002]

The present invention relates to an electronic signature system secure from a public key certificate disclosure and a password detection attack on a private key.

Since the certification system was introduced to protect identity verification and message contents, the number of certificates issued exceeds 35.44 million as of December 2016, and the number of certificates issued is steadily increasing.

Authorized certificates of public key infrastructure are protected for issuance and use by international standard cryptographic algorithms used worldwide for reliable and secure transactions such as public key encryption / decryption algorithm and hash algorithm.

The public key is included in the public certificate, and the private key, which is paired with the public key, is encrypted and stored according to the security risk, such as the use of the private key at the time of leakage.

However, since the certificate and the private key exist in the form of a file, there is a problem that the location (NPKI) stored in the hard disk is easy to access, and the copy / use is easy because of the security.

In recent years, a malicious code installed in a user PC has frequently caused a leakage of a user's certificate, a private key file, and related electronic financial information.

As of August 2015, approximately 7810 authorized certificates have been hacked. As users use easy-to-remember and easy-to-input passwords, the leaked private keys are decrypted by a password detection attack and used illegally There is a problem.

SUMMARY OF THE INVENTION The present invention has been proposed in order to solve the above problems, and it is an object of the present invention to provide a secure digital signature system that prevents a problem of leakage of an authorized certificate and protects an encrypted private key from a password detection attack.

The secure digital signature system using biometric information according to the present invention stores a public key of a public key certificate encrypted with bio information in a secure repository so that authentication and digital signature can be safely performed in a security execution environment, It is used to encrypt the private key by converting it into a biotemplate. By chemically integrating FIDO, a global authentication technology standard, with the national authentication system, various authentication methods provided by FIDO supporting terminals can be extended Thereby providing a framework.

Compared with a method of encrypting a private key using a user input password according to the related art, the secure digital signature system using the biometric information according to the present invention has a entropy of about 22.7 times higher than that of the password method, It is impossible to decrypt the private key.

In addition, according to the present invention, a user can easily and conveniently utilize a public certificate without having to store a complex password by allowing the user to generate an electronic signature by simply and conveniently recognizing the bio information without inputting a password when using the public certificate There is an effect that it is possible to provide secure security strength from a hacking attack such as leakage of a public certificate and a random attack.

The effects of the present invention are not limited to those mentioned above, and other effects not mentioned can be clearly understood by those skilled in the art from the following description.

1 is a system configuration diagram for a secure digital signature without a password according to an embodiment of the present invention.
2 is a diagram illustrating a configuration of a mobile terminal environment according to an embodiment of the present invention.
3 is a view showing a configuration of a biotemplate according to an embodiment of the present invention.
4 is a diagram illustrating a private key encryption method using biometric information according to an embodiment of the present invention.
5 is a diagram illustrating a process of encrypting and decrypting a private key using biometric information according to an embodiment of the present invention.
6 is a diagram illustrating a certificate issuance procedure according to an embodiment of the present invention.
7 is a flowchart illustrating a certificate renewal process according to an embodiment of the present invention.
8 is a diagram illustrating a certificate revocation procedure according to an embodiment of the present invention.
9 is a diagram illustrating a certificate registration procedure according to an embodiment of the present invention.
10 is a diagram showing an authentication and digital signature procedure according to an embodiment of the present invention.
11 is a block diagram illustrating a service component according to an embodiment of the present invention.
FIG. 12 is a diagram illustrating a FIDO registration and authorization certificate issuing procedure according to an embodiment of the present invention.
FIG. 13 is a view showing a detailed procedure of FIDO registration and issuance of an authorized certificate according to the embodiment of the present invention shown in FIG.
FIG. 14 is a diagram illustrating FIDO authentication and authorized digital signature procedures according to an embodiment of the present invention.
FIG. 15 is a view showing a detailed procedure of the FIDO authentication and the authorized digital signature according to the embodiment of the present invention shown in FIG.
FIG. 16 is a diagram illustrating division of fingerprint images according to minutiae angles according to an embodiment of the present invention.

BRIEF DESCRIPTION OF THE DRAWINGS The above and other objects, advantages and features of the present invention and methods of achieving them will be apparent from the following detailed description of embodiments thereof taken in conjunction with the accompanying drawings.

The present invention may, however, be embodied in many different forms and should not be construed as being limited to the exemplary embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, And advantages of the present invention are defined by the description of the claims.

It is to be understood that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. In the present specification, the singular form includes plural forms unless otherwise specified in the specification. &Quot; comprises "and / or" comprising ", as used herein, unless the recited component, step, operation, and / Or added.

Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings.

1. Secure Digital Signature without Password

1. 1. Configuration of Secure Digital Signature System without Password

1 is a block diagram illustrating a secure digital signature system without a password according to an embodiment of the present invention.

According to the embodiment of the present invention, the private key of the public key is encrypted using the bio information (fingerprint) registered in advance in the terminal (client, 100, PC or mobile), and the encrypted private key is stored in a secure storage space ).

The user generates the digital signature by simply recognizing the bio information without inputting the password when using the authorized certificate.

Referring to FIG. 1, biometric information (fingerprint) recognition and usage techniques used in a secure digital signature scheme without a password are designed to interoperate with a communication protocol provided by the FIDO UAF protocol.

This is to provide an extensible framework for developing various bio information such as iris, vein, voice, face and the like in the future. The system configuration in the mobile according to the present embodiment includes a general execution environment (REE , Rich Execution Environment (TEE), and Trusted Execution Environment (TEE). The security execution environment is designed to securely store bio information and private key and use it for digital signature.

In a secure execution environment, it consists of a fingerprint reader application, a FIDO client application, a certificate management module, and a secure storage area.

A secure storage space in a terminal generates and stores a key pair, and a certificate management module (Certificate Management) operates in a trusted security execution environment for issuing new certificates, issuing renewals, revoking certificates, and the like.

The service provider (200, Service Provider, Relying Party) includes a service server (FIDO server), a certificate validation module (Certificate and Signature Verification) .

The FIDO server registers the user's certificate and verifies the digital signature.

The Certification Authority (300, CA) operates the CA Server for certificate issuance and operates the Certificate Directory (LDAP Directory) and OCSP Server (OCSP Server) to provide validation of the certificate. do.

1.2 Configuring the Client Environment

Referring to FIG. 2, an environment configuration in a client device is designed to operate a security execution environment standardized on a global platform to operate in accordance with a secure digital signature technique without a password.

2, a service application in a general execution environment (REE) is installed in a pair with a service application in a security execution environment (TEE), and a fingerprint authentication application (Authenticator Application), an FIDO client application (FIDO Client Application) May be installed in a security execution environment (TEE) to operate only in a trusted environment, or may be installed in a general execution environment (REE).

Authorized certificates and private keys are stored in secure storage and fingerprinting devices so that they can only be accessed by trusted applications in the Secure Execution Environment (TEE).

Also, the biometric information is recognized, and the digital signature using the private key is performed only through a trusted application in the security execution environment, which is performed independently by allocating a separate memory.

2. Private key cryptography using bio information

2. 1. Bio-template extraction method

According to the embodiment of the present invention, the feature point information of the fingerprint is extracted using the fingerprint recognition device fundamentally mounted on the mobile and the biotemplate is stored in a separate secure storage area in the biometric device.

The structure of the bio-template according to the embodiment of the present invention is as shown in FIG.

The bio-template is used for encrypting and decrypting the private key. The bio-information is obtained by dividing the ridge, the branch point, and the end point, which are characteristic information of the fingerprint, The information stored in 5 bytes is shown in [Table 1] below.

division size Characteristics of feature points (bifurcation and end points) 2bit Absolute value of X coordinate 14bit Absolute value of Y coordinate 14bit Angle of feature point 8bit Feature point reliability 2bit Sum 40bit

2.2. Private key cryptography using biometric information

The private key is encrypted and stored using the biometric information converted into the biotemplate.

The private key encryption method using bio information is as shown in FIG.

(1) Use the PBES2 encryption scheme defined in PKCS # 5. At this time, PBKDF2 key generation function and block encryption algorithm are used.

(2) PBKDF2 The parameters when using the key generation function are defined as [Table 2] below.

parameter Explanation Password - Password entered by the user
- Bio information (ex. Fingerprint feature information) Salt 8byte Random Value Iteration Count 1024

(3) A 20-byte extraction key is derived using the PBKDF2 key generation function, the first 16 bytes are defined as an encryption key, and the remaining 16 bytes are generated by hashing the remaining 4 bytes with SHA-1 as the initial vector define

The private key encryption and decryption process using bio information that summarizes the above-described process is as shown in FIG.

According to the embodiment of the present invention, an algorithm is defined so that the password defined in the existing PKCS # 5 standard can be used as the feature information of the fingerprint, the encryption / decryption key is derived through the PBKDF2 key generation function, To encrypt and decrypt the private key.

3. Certificate management in the mobile environment

3. 1. Certificate issuance procedure

6, in accordance with an embodiment of the present invention, a certificate public key and a private key pair are generated in a safe storage space in a mobile, a certificate is directly issued using RFC 4210 CMP protocol, Store in storage space.

The user generates a public certificate request format including one-time information and the public key of the subscriber to form a format capable of preventing replay attack and message tampering, and transmits a certificate request format to the authorized certificate authority or the registration agency do.

(1) The user 100 visits the certification authority (CA 300) or the registration agency in order to issue a certificate, and forms an application for certificate issuance and confirms that the user is the principal.

(2) The certification authority (300) or the registration agency will face the user and issue a reference number (ID) / authorization code (PW) by confirming the real name through proof of identity such as resident registration card and driver's license.

(3) The user 100 activates the mobile service application and inputs a reference number / authorization code, a user name (DN), and a resident registration number (IDN) in order to issue a certificate.

(4) The certificate management module 130 generates a general request message (genm, general message).

(5) The certificate management module 130 delivers the general request message to the certification authority (CA).

(6) The certification authority 300 generates a general response message (genp, general response) using the received initialization request message.

(7) The certification authority 300 delivers a general response message to the certificate management module.

(8) The certificate management module 130 delivers necessary information to a secure storage 110 (110) for creating a user's certificate.

(9) The secure storage 110 delivers the bio information request (br) to the fingerprint recognition device 120.

(10) The fingerprint recognition device 120 drives the fingerprint recognition device using the fingerprint request message received from the secure storage 110, and transmits the fingerprint request message to the service application 150.

(11) The service application 150 receives the fingerprint of the user and transmits bio information to the fingerprint recognition device 120 through a bio information response (bp).

(12) The fingerprint recognition device 120 compares the user's biometric information with pre-registered biometric information to confirm that the user is a legitimate user, and generates a biokey by hashing the previously registered biometric information.

(13) The biometric device 120 delivers the generated biometric key to the secure repository 110.

(14) The secure storage 110 generates an initialization request (ir) using the collected information.

(15) The secure storage 110 delivers the generated initialization request message to the certificate management module 130.

(16) The certificate management module 130 transmits the initialization request message received from the secure repository 110 to the certification authority 300.

(17) The certification authority 300 confirms the initialization request message received from the certificate management module 130 and generates an initialization response (ip) message.

(18) The certification authority 300 transmits the generated initialization response message ( ip ) to the user's certificate management module 130.

(19) The certificate management module 130 transfers the initialization response message received from the certification authority 300 to the secure repository 110.

(20) The secure store 110 decrypts the initialization response message with the user's private key.

(21) The secure repository (110) delivers the certificate issued by the certification authority (300) to the certificate management module (130).

(22) The certificate management module 130 assigns an index number to manage the certificate received from the secure repository 110, and transmits the index number to the fingerprint recognition device.

(23) The fingerprint recognition device stores pre-registered biometric information together with the index number of the certificate.

(24) The certificate management module 130 transfers the same information to the secure storage 110

(25) The secure store 110 stores the encrypted private key with the index number of the certificate, and generates the result (Result).

(26) The secure storage 110 delivers the generated result to the certificate management module 130.

(27) The certificate management module 130 encrypts the result value with the public key of the certification authority 300 to generate a confirmation message (conf).

(28) The certificate management module 130 transmits the generated confirmation message to the certification authority 300.

(29) The certification authority 300 decrypts the received confirmation message with the private key of the certification authority 300 and confirms the random number sent to the previous user. If the certificate is normally issued, the certification authority 300 announces the user's certificate to the directory.

(30) The certification authority 300 transmits a certificate issuance confirmation message to the certificate management module 120 normally indicating that the user's certificate has been issued.

(31) The certificate management module 130 transmits a message to the service application 150 to confirm that the user's certificate has been normally issued

3.2 Certificate renewal process

According to the embodiment of the present invention, a certificate renewal issuance request format is constructed and created from one month before expiration of the user's certificate to the expiration date, and the certificate renewal issuance request form is transmitted to an accredited certification authority or a registration agency.

Such an update issuance may occur when a key exchange does not occur, when a key exchange occurs, and in this specification, an update issuance procedure when a key exchange occurs.

The certificate update issuing procedure according to the embodiment of the present invention is as shown in FIG. 7, and the public key and the private key pair stored in the secure storage space in the mobile are reused to renew the certificate using the RFC 4210 certificate management protocol And stores it in a safe storage space.

(1) The user 100 selects certificate update issuance in the service application 150.

(2) The service application 150 requests a certificate list from the certificate management module 130 (Certificate Management).

(3) The user 100 selects a certificate to be updated from the stored certificate list in the mobile.

(4) The certificate management module 130 generates a general message (genm).

(5) The certificate management module 130 transmits a general request message to the certification authority 300 (CA).

(6) The certification authority 300 generates a general response message (genp, general response) using the received general request message.

(7) The certification authority 300 delivers a general response message to the certificate management module 130.

(8) The certificate management module 130 transfers necessary information for issuing the certificate update to the fingerprint recognition device.

(9) The fingerprint recognition device 120 requests the service application 150 to request a bio information request (br).

(10) The service application 150 converts the bio information received from the user into a bio information response (bp) and transmits the bio information response to the fingerprint recognition device.

(11) The fingerprint recognition apparatus 120 compares the user's biometric information with previously registered biometric information using the index number assigned to the certificate, confirms that the user is a legitimate user, hashes the previously registered biometric information, ).

(12) The fingerprint recognition device 120 delivers necessary information to the secure storage 110 for certificate renewal issuance.

(13) The secure storage 110 generates a key update request message based on the information received from the fingerprint recognition device 120.

(14) The secure repository (110) passes the key update request message to the certificate management module (130).

(15) The certificate management module 130 delivers the key update request message to the certification authority 300.

(16) The certification authority 300 confirms the key update request message received from the user's certificate management module 130, and generates a key update response message (kup, key update response).

(17) The certification authority 300 transmits the generated key update response message to the user's certificate management module 130.

(18) The certificate management module 130 delivers the key update response message received from the certification authority 300 to the secure repository 110.

(19) The secure store 110 identifies the key update response message with its private key.

(20) The secure repository (110) passes the renewed certificate to the certificate management module (130).

(21) The certificate management module 130 assigns an identification number to the renewed certificate and transmits the identification number to the fingerprint recognition device 120.

(22) The fingerprint recognition device 120 stores the biotemplate corresponding to the identification number of the updated certificate received from the certificate management module 130 as well.

(23) The certificate management module delivers the updated certificate with the identification number to the secure repository.

(24) The secure repository stores the updated certificate with the identification number as an encrypted private key and generates a confirmation message (conf, confirmation).

(25) The secure repository 110 passes the generated confirmation message to the certificate management module 130.

(26) The certificate management module 130 transmits the confirmation message received from the secure repository 110 to the certification authority 300.

(27) The certification authority 300 decrypts the confirmation message, and confirms the user's reference number and an arbitrary random number.

(28) The certification authority 300 sends a certificate update issuance confirmation message to the certificate management module 130.

(29) The certificate management module 130 delivers the certificate update issuance confirmation message received from the certification authority 300 to the service application 150.

3.3 Certificate revocation procedure

8 according to an embodiment of the present invention. FIG. 8 illustrates a certificate revocation procedure. When a user revokes a certificate by stealing or leaking personal information through a service application, the procedure shown in FIG. 8 is followed.

If the user requests the revocation of the certificate and if the subscriber's creation key is lost, damaged or stolen / leaked, the user shall prepare a revocation request form and forward it to the certification body or the registration agency.

(1) The user 100 selects certificate revocation from the menu of the service application 150, and requests the certificate list from the fingerprint recognition device 120 to show the list of certificates to be revoked to the user.

(2) The fingerprint recognition device 120 delivers the certificate list matching the information of the user to the service application 150.

(3) The user 100 selects a certificate to be revoked from the service application 150, and transfers the selection result to the certificate management module 130. [

(4) The certificate management module 130 transmits the identification number of the certificate to be abolished to the fingerprint recognition device.

(5) The fingerprint recognition device 120 delivers a bio information request (br) to the service application.

(6) The user 100 recognizes his / her fingerprint and transmits the fingerprint response message (bp, bio information response) to the fingerprint recognition device 120.

(7) The fingerprint recognition device 120 compares the fingerprint information recognized by the user with the biotemplate of the certificate to be revoked, and generates a bio-key to be used for decryption of the private key.

(8) The fingerprint recognition device 120 transmits the identification number of the certificate to be abolished and the bio-key to the secure storage 110.

(9) The secure storage 110 generates a revocation request message (rr) for the certificate to be revoked by the user.

(10) The secure repository (110) passes the revocation request message to the certificate management module (130).

(11) The certificate management module 130 transmits the certificate to be revoked and the revocation request message to the certification authority.

(12) The certification authority 300 confirms the revocation request message, inserts the user's certificate and reason for revocation into the revocation list, and generates a revocation response (rp) message.

(13) The certification authority 300 transmits the generated certificate revocation response message to the user's certificate management module.

(14) The certificate management module 130 delivers the certificate revocation response message received from the certificate authority to the secure repository.

(15) The secure storage 110 confirms the certificate revocation response message and generates a confirmation message (conf, confirmation) after generating the result of the certificate revocation confirmation.

(16) The secure store 110 passes the confirmation message for certificate revocation to the certificate management module 130.

(17) The certificate management module 130 transmits a confirmation message for certificate revocation to the certification authority 300.

(18) The certification authority 300 decrypts the confirmation message received from the certificate management module and confirms the random number with the sender.

(14) The certification authority 300 transmits the certificate revocation confirmation result to the user's certificate management module 130.

(15) The certificate management module 130 delivers the certificate revocation confirmation result to the service application 150.

4. How to use certificates in mobile environment

4. 1. Certificate Registration Procedure

According to the embodiment of the present invention, when the web service is used, the public key information of the user is registered for the first time so that the user can be identified and authenticated without further information submission. The certificate registration procedure is as shown in FIG. 9 .

(1) The service application 150 delivers the URL for secure communication with the service providing server.

(2) The service providing server 210 transmits a login form to confirm that the user is a member of the web service.

(3) The user 100 inputs the ID and the password, and transmits the input value to the service providing server.

(4) The service providing server 210 confirms the input value received from the user.

(5) The service providing server 210 requests the FIDO server 220 for the UAF registration message.

(6) The FIDO server 220 delivers a UAF registration request message.

(7) The service providing server 210 transmits the UAF registration request message received from the FIDO server 220 to the service application 150 of the user.

(8) The service application 150 transmits the UAF registration request message received from the service providing server together with the ID of the user and the ID of the application to the FIDO client 140.

(9) The FIDO client 140 requests the service providing server 210 for a list of the biometric device corresponding to the application ID.

(10) The service providing server 210 transmits the list of biometric devices available to the user to the FIDO client 140 together with a random number through the received application ID.

(11) The FIDO client 140 selects a fingerprint recognition device from the list of the bio-identification devices transmitted from the service providing server 210 and transmits a value for certificate registration.

(12) The fingerprint recognition device 120 transmits a certificate list and a bio information request message to the service application.

(13) The user 100 selects a certificate to be registered, recognizes the fingerprint, and transmits the bio information response message (bp, bio information response) to the fingerprint recognition device 120.

(14) The fingerprint recognition device 120 generates a bio-key using the certificate and the biometric template received from the service application 150.

(15) The fingerprint recognition device 120 transfers a value required for certificate registration to the secure storage.

(16) The secure store 110 creates a KRD object for certificate enrollment.

(17) The secure storage 110 delivers the KRD object to the fingerprint recognition device 120.

(18) The fingerprint recognition device 120 delivers the certificate to be registered with the KRD to the FIDO client 140.

(19) The FIDO client 140 delivers the UAF registration response message to the service application 150.

(20) The service application 150 transmits a UAF registration response message to the service providing server.

(21) The service providing server 210 delivers the UAF registration response message to the FIDO server 220.

(22) The FIDO server 220 requests the certification authority 300 to verify the validity of the user's certificate.

(23) The certification authority 300 verifies the validity of the user certificate and transmits the result to the FIDO server 220.

(24) The FIDO server 220 confirms the KRD and registers the public key of the user.

(25) The FIDO server 220 delivers the user public key registration result to the service providing server 210.

(26) The service providing server 210 delivers the user registration result to the service application 150.

FIG. 11 is a block diagram illustrating a service component according to an embodiment of the present invention, and is a system constructed in accordance with a linkage scheme that enables secure use of a public certificate using an FIDO in an OS as well as an example of the mobile.

11, a PC browser or a mobile application is activated in a normal world of a client (user device), that is, a general execution environment (REE), and a secure world, that is, a secure execution environment (TEE) , FIDO Authenticator, PKI Library, and PKI secure repository. The FIDO client can run in a normal execution environment as well as a security execution environment.

The server (service providing server, relying party) includes a PKI server and an FIDO server, and the certification authority (CA) includes an external PKI service server and a FIDO metadata service server.

FIG. 12 is a diagram illustrating a FIDO registration and authorization certificate issuing procedure according to an embodiment of the present invention.

The client transmits a subscriber authentication request including a name, a social security number, an account number, and an account password.

The service providing server confirms the subscriber and sends a FIDO registration request to the client.

In the client, biometric information (e.g., iris, fingerprint) is registered, an FIDO key pair is generated in the FIDO client, an electronic signature value (Attestation) is generated, and the FIDO registration response (public key, digital signature value) is transmitted.

The service providing server receives the FIDO registration response, verifies the digital signature value, registers the FIDO public key, and requests the public certificate issuance information (CA certificate).

The client performs biometric authentication, generates an authorized certificate key pair from the PKI library, generates R, EVID (value encrypted with the resident number), and sends a certificate issuance request after POP digital signature.

At this time, the request for issuing the authorized certificate includes the reference number, the POP digital signature value, and the EVID.

The service providing server verifies the POP digital signature, issues a public key certificate, issues an issuance response, and the client stores the public key certificate and requests the issuance confirmation of the public key certificate.

The service providing server receives the authorization certificate issuance confirmation request and transmits a notification about the completion of the FIDO registration to the client.

Referring to FIG. 13, when a user clicks or inputs a URL, the user agent receives the login form from the RP server (service providing server) and transmits the login form to the user.

If there is a request to submit a name, password, etc. from the user, the user agent delivers it to the RP server, the RP server performs verification of the user name and password, and sends a UAF registration procedure start request to the FIDO server.

The FIDO server delivers the UAF registration request message, and the RP server transmits it to the user agent. The FIDO client receives the ID of the user and the ID of the application, and requests the list of the biometric device.

When the biometric device list is returned from the RP server, the FIDO client transmits a value for certificate registration to the fingerprint recognition device, for example, and the fingerprint recognition device generates a KH access token.

The user performs biometric information recognition (e.g., voice recognition, iris recognition, fingerprint recognition according to the present description, and the like), and the fingerprint recognition device transmits the recognized biometric information to the FIDO client.

The FIDO client sends a response to the UAF registration request to the user agent, which is forwarded to the RP server.

The FIDO server that receives the response to the UAF registration from the RP server transmits the validation result to the RP server, and the user agent sends the certificate issuance request to the PKI library.

Upon receiving the user authentication request from the PKI library, the authenticator requests the user to authenticate the user and sends the authentication result to the PKI library.

The PKI library sends an initialization request message to the PKI server and receives an initialization response message from the PKI server to generate the key pair.

The PKI library transmits an IR message (initialization request message) to the PKI server, POP verification and certificate generation are performed, and an initialization response message (IP) message is received.

The PKI library requests storage of the certificate and the private key in the PKI storage, and the PKI storage stores the certificate and the private key, and transmits the result of the storage to the PKI library.

The PKI library encrypts the result value with the public key to generate and send a confirmation message. The PKI server notifies the PKI library of the completion of the issuance of the authorized certificate after the certificate is published, and the issuance completion notification is transmitted to the user agent.

4.2. Authentication and Digital Signature Procedures

The authentication and digital signature procedure according to the embodiment of the present invention is as shown in FIG. 10, and when a digital signature of a user is required when using a Web service such as money transfer, card settlement, agreement of agreement, Performs a digital signature on the message with the private key.

The user's private key for the digital signature is stored in a secure repository in the mobile and the digital signature is performed by a trusted application accessible in the secure execution environment to prevent forgery and falsification of the message.

(1) The service application 150 delivers the URL to the service providing server for secure communication.

(2) The service providing server 210 requests the FIDO server 220 for a UAF authentication request message.

(3) The FIDO server 220 generates and transmits a UAF authentication request message to the service providing server 210.

(4) The service providing server 210 transmits a UAF authentication request message to the service application 150.

(5) The service application 150 requests the FIDO client 140 for a response to the UAF authentication request message.

(6) The FIDO client 140 requests the service providing server 210 for a list of available authentication devices.

(7) The FIDO client 140 transmits a list of available authentication devices to the service providing server 210 and an arbitrary random number.

 (8) The FIDO client 140 sends a digital signature original sent to the fingerprint recognition device to request a digital signature.

(9) The fingerprint recognition apparatus 120 requests the user to input a fingerprint (br bio information).

(10) The user recognizes a fingerprint registered in advance and transmits a fingerprint response message (bp, bio inforamtion response) to the fingerprint recognition device 120.

(11) The fingerprint recognition device 120 generates a biometric key for requesting a signature to the secure storage 110.

(12) The fingerprint recognition device 120 transmits the original electronic signature and other information to the secure storage 110 and requests the signature.

(13) The secure repository 110 generates an electronic signature through the received information.

(14) The secure storage 110 transfers the generated SD object to the fingerprint recognition device 120.

(15) The fingerprint recognition device 120 transmits the digital signature original text, the user's certificate, and the SD object to the FIDO client 140. [

(16) The FIDO client 140 generates and transmits a UAF authentication response message to the service application 150.

(17) The service application 150 delivers a UAF authentication response message to the service providing server 210.

(18) The service providing server 210 delivers the UAF authentication response message to the FIDO server 220.

(19) The FIDO server 220 requests the certification authority 300 to verify the validity of the user's certificate.

(20) The certification authority 300 transmits the certificate validity verification result to the FIDO server 220.

(21) The FIDO server 220 verifies the digital signature with the public key of the registered user.

(22) The FIDO server 220 delivers the digital signature verification result to the service providing server 210.

(23) The service providing server 210 delivers the digital signature verification result to the service application 150.

FIG. 14 is a diagram illustrating FIDO authentication and authorized digital signature procedures according to an embodiment of the present invention.

When the client requests the subscriber authentication to the service providing server (for example, after requesting the account inquiry or transfer execution request), the service providing server transmits the FIDO authentication request to the client.

The client transmits the FIDO authentication response to the service providing server after authenticating the biometric information, and the service providing server verifies the authentication to the FIDO and delivers the original digital signature.

Since the biometric information of the user is inputted in the biometric information authentication, the biometric information authentication is performed before the generation of the authorized digital signature, but the active biometric information recognition of the user is not performed again.

The service providing server which has received the official digital signature from the client verifies the validity of the authorized certificate and the authorized digital signature, and transmits the result of the signature verification to the client.

Referring to FIG. 15, a user transmits an execution request through a web browser or an application, and the user agent requests and receives a certificate list from the PKI storage.

The user agent displays the certificate list and transmits a certificate selection request to the user.

The certificate selected by the user is temporarily stored in the user agent, and the user agent requests UAF authentication to the FIDO server through the RP server.

The FIDO server receives the UAF authentication request message, the FIDO client requests the RP server for the available authentication device list, and the FIDO client requests the digital signature with the ASM / Authenticator.

The fingerprint recognition device requests the user to input a fingerprint, and transmits a fingerprint response message after recognizing the fingerprint.

The FIDO client generates a UAF authentication response message containing sign data and sends it to the user agent, which is forwarded to the RP server.

The RP server transmits the UAF authentication response message to the FIDO server to request validation, and the FIDO server transmits the verification result to the RP server.

The RP server transmits the digital signature verification result to the user agent, and the user agent requests the digital signature as the PKI library.

The PKI library requests and receives a certificate / private key from the PKI storage, generates a digital signature statement and sends it to the user agent.

The user agent sends a verification request for the digital signature and receives the digital signature verification result.

Hereinafter, the results of comparative analysis of the security method and the performance of the password method according to the prior art and the secure digital signature method according to the embodiment of the present invention will be described in detail.

5. Comparison of Security and Performance

5. 1. Define the comparison object

Security analysis analyzes the number and entropy of the most important input information in encrypting the private key according to the public key cryptography standard PKCS # 5, PKCS # 8, and analyzes the encryption computation amount of the encrypted private key. Measure the time taken to decode by performance.

Table 3 below shows the comparative analysis for security analysis.

division Password method Secure Digital Signature Method Input information 10 digit character information 56 fingerprint feature information Detailed Input Value Capital letters (A to Z)
Lowercase letters (a to z)
Numbers (0 to 9)
Special Characters Characteristics of feature points
Coordinates of the fingerprint image
Angle of feature point
Reliability of feature points Private key encryption algorithm PKCS # 5, PKCS # 8 PKCS # 5, PKCS # 8 Where to store the encrypted private key NPKI folder
USB storage
Security Token
Web browser storage Secure storage on your smartphone

5. 2. Comparison of security and performance

5. 2. 1. Security comparison analysis

The entropy of the method of encrypting the private key with the password inputted by the user and the method of encrypting the private key through the feature information of the user fingerprint are analyzed.

Entropy is a measure of randomness, randomness, or variability of information, which means information uncertainty or amount of information.

 Entropy analysis is an important indicator because it means the amount of information that is attempted to digitally sign an encrypted private key using an attack technique such as random attack or dictionary attack.

Table 4 below shows the security analysis results through entropy.

division Password method Secure Digital Signature Method Input information 10 digit character information 56 fingerprint feature information Detailed input information Capital letters (A to Z)
Lowercase letters (a to z)
Numbers (0 to 9)
Special Characters Characteristics of feature points
Coordinates of the fingerprint image
Angle of feature point
Reliability of feature points Number of cases for input information 92 kinds 38 kinds Length of input information 10 56 Number of cases 92 ¹⁰ 38 ⁵⁶ Entropy 65.2356 bits 1,480.531752 bits

1) Entropy analysis of existing password method

There are 92 characters that can be used as passwords: numbers (0 ~ 9), upper case letters (A ~ Z), lower case letters (a ~ z)

If you use a character string consisting of four digits and a length of 10 digits as the password, the number of possible passwords is 92 ¹⁰ = 43,438,845,422,363,213,824.

That is, if a character string composed of four types of characters and composed of 10 digits is used as a password, the entropy for the password is about 65.2356 bits.

Assuming that SHA-256 is used as a PRF (Pseudorandom function) in PBKDF2 of PKCS # 5, and assuming that a string composed of 10 types of characters is input to PBKDF2 as a password with four types of character configuration, the entropy of the password is about 65.2356 Bit, the maximum entropy for the output of SHA-256 is about 65.2356 bits.

Therefore, even though the key to be used for private key encryption is generated by using SHA-256 in PBKDF2, the maximum entropy for the key is not about 256 bits but about 65.2356 bits. Thus, the maximum entropy for the encrypted private key is also about 65.2356 bits.

2) Entropy Analysis of Secure Digital Signature Method

When storing the fingerprint information, various pieces of information related to the fingerprint recognition system are stored as well as information about the fingerprint minutiae. Among the stored information, the information whose value changes according to the fingerprint is the type of the feature point, the angle of the feature point, and the x and y coordinates of the feature point. Information other than this information is fixed according to the fingerprint recognition system.

A) Entropy analysis according to type of minutiae

The feature point type is determined by three values (0x0, 1, 2). When classifying feature points, the probability of occurrence of feature points is very low. Therefore, feature points are largely divided into 'ridge end points' and 'ridge bifurcations'.

In order to calculate the entropy value for the feature point type, the probability that the feature point is' other 'is 1/100, the probability that the feature point is' end point of ridge' is 49/100, and the probability that the feature point is' 50/100.

From this, the entropy for the minutiae type is calculated as shown in Equation (1), and the entropy for the minutiae type is about 1.0707 bits.

B) Analysis of entropy according to angle of feature points

For each angle of the fingerprint image, we calculate the entropy of the angle of the feature point at 8 θ / 2 for the total angle of 2 °.

Then, the entropy is added to the coordinates where the minutia can exist, and the total entropy is divided by the number of coordinates where the minutia can exist, and the average entropy value of the minutia is calculated.

For convenience of calculation, the fingerprint image is divided as shown in FIG.

16 corresponds to the upper left portion of the fingerprint image and is a quarter of the entire fingerprint image.

Fingerprint images were divided into A, B, ..., F to make it easy to calculate the entropy according to the angle of the feature points.

Partition regions are divided according to the range of the measurable feature point angles, the range of the feature point angles in addition to the angles of the measurable feature points, and whether or not the portions that can be the angles of the feature points cause interference with each other.

을 계산할 수 있다. The entropy value of each region is used to calculate the entropy

Can be calculated.

Therefore, the entropy for 8-bit information for storing the angle of the feature point is 7.400487 bits.

C) Entropy analysis according to x, y coordinates of feature points

The fingerprint image was divided into A, B, B ', C, and D to easily integrate the entropy according to the angle of the feature point. The divided region was divided according to the size of the angles of the measurable feature points.

A: an area where all angles of the minutiae point can be measured

B: An area in which the angle of the feature point can not be measured with respect to a circle arc centered on the feature point cut by the x-axis of the fingerprint image

B 'is an area where the angle of the feature point can not be measured with respect to a circle arc centered at the feature point cut by the y-axis of the fingerprint image

C: An area where the angle of the feature point can not be measured with respect to the circle arc centered on the feature point cut by the x, y axis of the fingerprint image

D: An area where the angle of the feature point can not be measured for the two arcs of circles centered on the feature points cut by the x and y axes of the fingerprint image

The values calculated by this method are as follows.

Sum of possible angles at each coordinate of A

Sum of possible angles at each coordinate of B

The sum of the angles possible at each coordinate of B '

Sum of possible angles at each coordinate in C

Sum of possible angles at each coordinate of D

Therefore, T = A + B + B '+ C + D = 377946.685, and the coordinate entropy at A, B, B', C,

Sum of coordinate entropy in A

Sum of coordinate entropy in B

Sum of coordinate entropy in B '

Sum of coordinate entropy in C

Sum of coordinate entropy in D

Therefore, the entropy required to represent the coordinates in the fingerprint image is 4 (3.72788 + 0.36488 x 2 + 0.02393 + 0.01014) = 17.96688.

Considering all the above processes, the entropy of one feature point is about 26.438067 bits, and according to the embodiment of the present invention, since 56 feature points are extracted, it has about 1,480.531752 bits of entropy.

Performance comparison analysis

Hereinafter, SHA-256 is used as a PRF in PBKDF2 of PKCS # 5, a value generated using a conventional password method and a secure digital signature is input to PBKDF2, and a random attack is applied to a derived key to induce PBKDF2 The password used to generate the generated key, and the time required to recover the feature information of the black fingerprint.

Table 5 shows the performance comparison results for random attacks.

division Password method Secure Digital Signature Method SHA-256 input 22 bytes 44 bytes Processing message 64 bytes 64 bytes SHA-256 one time execution time 2,2326.72 lops 4,653.4Flops Number of SHA-256 Performances 1,000 times 1,000 times SHA-256 999 times execution time 4,439,804.8 Flops 6,783,316.96 Flops Entropy 65.2456 bits 1,480.531752 bits Encryption computation amount 2 ^65.2356 times 2 ²⁵⁶ times Random Attack Time 180.60 2 ^198.87

The random attack used the most powerful supercomputer (Tianhe-2) known to date. The performance of the supercomputer is shown in [Table 6].

division Detailed performance Core 3,120,000 Linpack Performance 33,862.7 TFlop / s Theoretical Peak 54,902.4 TFlop / s Nmax 9,960,000 Memory 1,024,000 GB Processor Intel Xeon E5-2692v2 12C 2.2GHz

1) Analysis of random attack performance against existing password method

A total of 92 characters can be used as passwords, including numbers (0 to 9), uppercase letters (A to Z), lowercase letters (a to z), and special characters (excluding ',', \, and I).

These four kinds of character configuration are used as a password to input into PBKDF2 of PKCS # 5 with a string composed of 10 digits.

The speed of the supercomputer is 33,862,700,000,000,000 Flops / s, and the speed of SHA-256 is 26.44 cycles / byte for 64 byte messages. The characters used as passwords are each 8 bits in length as ASCII codes.

Since a string consisting of 10 digits is used as a password, a total of 22 bytes are input to SHA-256 including 8-byte Salt and 4-byte integer 1.

Therefore, applying 26.44 cycles / byte of SHA-256 to a 64-byte message for SHA-256 to process these passwords requires (26.44 cycles / byte) x (22 bytes) = 581.68 cycles.

Since it is possible to perform 4 Flops per 1 clock cycle, when the execution time of SHA-256 in which 22 bytes are input is expressed by Flop unit, it is 2,326.72 Flops.

In PBKDF2 of PKCS # 5, SHA-256 must be performed 1,000 times, and the password and SHA-256 output are concatenated and input to SHA-256 is repeated.

Therefore, when SHA-256 is repeatedly performed, 42 bytes are input to SHA-256.

Applying a rate of 26.44 cycles / byte for SHA-256 to a 64-byte message in order for SHA-256 to handle this input requires (26.44 cycles / byte) x (42 bytes) = 1,110.48 cycles.

Since it is possible to perform 4 Flops per 1 clock cycle, when the execution time of SHA-256 is expressed in Flop unit, it is 4,441.92 Flops.

From this, the time required to perform SHA-256 1,000 times in PBKDF2 of PKCS # 5 is (2,326.72 + 4,441.92x999) = 4,439,804.8 Flops.

From this, it can be calculated that the super computer (Tianhe-2) can perform PBKDF2 of PKCS # 5 about 7,627,069,550 (= 33,862,700,000,000 / 4,439,804.8) times per second.

Since the entropy for the password is about 65.2356 bits, 2 ^65,2356 enciphers are required for a random attack.

If you run this on a supercomputer, you can calculate that about 5,695,274,729 seconds is needed, which is about 180.60 years.

2) Analysis of random attack performance against secure digital signature method

According to the embodiment of the present invention, the private key encryption method using the biometric information includes a biometric information header (16 bytes), biometric information (280 bytes), and signature information (24 bytes).

The hash value of SHA-256 for the 320 bytes of information thus constructed is used as a password to be input into PBKDF2 of PKCS # 5.

The speed of the supercomputer is 33,862,700,000,000,000 Flops / s, and the speed of SHA-256 is 26.44 cycles / byte for a 64 byte message and 13.16 cycles / byte for a 576 byte message.

The value to be used as a password is 32 bytes since it is a hash value of SHA-256 for 320 bytes of bio information.

First, to calculate this password, applying 13.16 cycles / byte, which is the speed of SHA-256 for the 576 byte message, requires (13.16 cycles / byte) x (319 bytes) = 4,198.04 cycles, which is 16,792.16 Flops.

In PBKDF2 of PKCS # 5, SHA-256 must be performed 1,000 times, and the password and SHA-256 output are concatenated and input to SHA-256 is repeated.

At first in PBKDF2, 32 bytes of SHA-256 password, 8 bytes of salt, and 4 byte integer 1 are input.

This 44-byte input is handled by SHA-256. Applying a rate of 26.44 cycles / byte for SHA-256 for a 64-byte message requires (16.44 cycles / byte) x (44 bytes) = 1,163.36 cycles, 6533.44 Flops.

In PBKDF2, while the remaining 999 SHA-256s are repeated, the length of the message input is 64 bytes since the password is 32 bytes and the previous output is 32 bytes.

Applying a speed of SHA-256 of 26.44 cycles / byte for a 64 byte message requires (26.44 cycles / byte) x (64 bytes) = 1,692.16 cycles, which is 6,768.64 Flops.

Therefore, the time required to induce the key is 6,783,316.96 Flops.

From this, it can be calculated that the supercomputer can execute PBKDF2 of PKCS # 5 approximately 4,992,056,276 times per second.

The entropy of one feature point of the fingerprint is about 26.438067 bits, and if the information of 56 feature points is included in 320 bytes of bio information, the entropy for bio information is about 1,480.531752.

It can be expected that the key has an entropy of 256 bits because the length of the key is longer than 256 bits.

Therefore, for the password created using this biometric information, it is necessary to encrypt 2 ²⁵⁶ times for random attack.

It can be calculated that a time of about 2 ^223.78 seconds (2 ²⁵⁶ + 4,992,056,276) is required by the super computer (Tianhe-2), which means that about 2 ^198.87 years of time is consumed.

5.3 Comparison of security and performance

According to the embodiment of the present invention, a private key cryptosystem using feature point information of a fingerprint is proposed to solve the problem of a conventional password-based private key cryptosystem.

Then, the number of cases and entropy for the input values of the password method and the proposed method are analyzed and the time taken to decode the performance of the supercomputer through the analysis of the encryption computation amount of the encrypted private key is measured.

As a result of the performance analysis, according to the embodiment of the present invention, the entropy is about 22.7 times higher than the password method, and the password method takes about 180 years to decrypt the private key encrypted with the super computer. It was analyzed that it was almost impossible to decrypt the key (about 2 ¹⁹⁸ years).

division Password method Suggested method Input value 10-digit string
(Uppercase letters, lowercase letters, numbers, special characters) 56 fingerprint feature information (feature point type, angle, fingerprint image coordinates) Number of cases 92 ¹⁰
(Excluding 4 special characters) 38 ⁵⁶
(Feature point type 2 bits, feature point angle 8 bits, fingerprint image coordinates 28 bits) Entropy analysis 65.2456 bits 1,480.531752 bits
* 56 feature points * 1 feature points entropy (26.438067) Encryption computation amount 2 ^65.2356 times 2 ²⁵⁶ times Random Attack Time 180.60 2 ^198.87

The embodiments of the present invention have been described above. It will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the spirit and scope of the invention as defined by the appended claims. Therefore, the disclosed embodiments should be considered in an illustrative rather than a restrictive sense. The scope of the present invention is defined by the appended claims rather than by the foregoing description, and all differences within the scope of equivalents thereof should be construed as being included in the present invention.

Claims (16)

A client for performing subscriber authentication by transmitting subscriber information, generating a FIDO key pair by registering biometric information in response to a FIDO registration request, and generating an authorized certificate key pair through biometrics authentication in response to a request for issuing an authorized certificate; And
A service providing server for receiving the subscriber authentication request, confirming the subscriber and transmitting the FIDO registration request, and transmitting a public certificate issuance response in response to the authorization certificate issuing request
A password-free electronic signature system using biometric information.
The method according to claim 1,
In the client, a service application in a general execution environment and a service application in a security execution environment are installed in a pair
Password - Free Digital Signature System Using In - Bio Information.
The method according to claim 1,
The client stores the public key and the private key in the storage unit and the biometric information recognizing unit and performs access control on the service application in the secure execution environment
Password - Free Digital Signature System Using In - Bio Information.
The method according to claim 1,
The client extracts minutia information of a fingerprint inputted as biometric information, and stores the biotemplate in a storage unit
Password - Free Digital Signature System Using In - Bio Information.
The method according to claim 1,
The client compares the biometric information of the user with pre-registered biometric information, and when it is confirmed that the user is a legitimate user, the client generates the biometric key by hashing the pre-registered biometric information
Password - Free Digital Signature System Using In - Bio Information.
The method according to claim 1,
After local authentication based on biometric information authentication, an object for generating an encryption / decryption key for digital signature generation information or performing encryption / decryption / signature is used
Password-free electronic signature system using biometric information.
The method according to claim 1,
The biometric key generated through the biometric information of the user is used as the digital signature generation information cipher. The encryption method is based on a cryptographic technique defined in PKCS # 5 or PKCS # 8
Password-free electronic signature system using biometric information.
The method according to claim 1,
The encryption of digital signature generation information is extended through a plurality of biometric information based passwords generated through a plurality of authentication means
Password-free electronic signature system using biometric information.
The method according to claim 1,
Encrypting digital signature generation information by combining authorized certificate password, financial transaction card, and biometric information recognition
Password-free electronic signature system using biometric information.
The method according to claim 1,
The client decrypts the certificate response message received from the certificate authority with the user's private key
Password - Free Digital Signature System Using In - Bio Information.
The method according to claim 1,
The client assigns an index number of the certificate and stores previously registered biometric information together with the index number
Password - Free Digital Signature System Using In - Bio Information.
The method according to claim 1,
When the certificate renewal issuance is selected, the client selects the renewal certificate by inquiring the certificate list, compares the biometric information inputted from the user with the previously registered biometric information, and generates a renewal request message To the agency
Password - Free Digital Signature System Using In - Bio Information.
The method according to claim 1,
The client receives a UAF registration request message, an ID of a user and an application received from the service providing server, requests a list of the biometric information recognizing device, selects a biometric information recognizing device, and transmits a value for certificate registration to the FIDO Including clients
Password - Free Digital Signature System Using In - Bio Information.
The method according to claim 1,
The client stores the public key and the private key in the storage unit and the biometric information recognizing unit and performs access control on the service application in the secure execution environment
Password - Free Digital Signature System Using In - Bio Information.
The method according to claim 1,
The service providing server generates a UAF registration request message and transmits the UAF registration request message to the service application of the client. The service providing server transmits a list of biometric information recognizing devices available to the user using an application ID received from the client's FIDO client, To the FIDO client
Password - Free Digital Signature System Using In - Bio Information.
The method according to claim 1,
The service providing server generates a UAF authentication request message, requests a response to the FIDO client included in the client, provides a list of available authentication devices according to the request of the FIDO client, receives a UAF authentication response message To request validation of the user's certificate as a certificate authority
Password - Free Digital Signature System Using In - Bio Information.

Images