TW202145036A - Method of identity verification based on biometrics which is implemented by a verification server - Google Patents
Method of identity verification based on biometrics which is implemented by a verification server Download PDFInfo
- Publication number
- TW202145036A TW202145036A TW109117180A TW109117180A TW202145036A TW 202145036 A TW202145036 A TW 202145036A TW 109117180 A TW109117180 A TW 109117180A TW 109117180 A TW109117180 A TW 109117180A TW 202145036 A TW202145036 A TW 202145036A
- Authority
- TW
- Taiwan
- Prior art keywords
- verification
- encrypted
- user
- authentication
- data
- Prior art date
Links
Images
Landscapes
- Collating Specific Patterns (AREA)
Abstract
Description
本發明是有關於一種身分驗證方法,特別是指一種基於生物特徵的身分驗證方法。The present invention relates to an identity verification method, in particular to an identity verification method based on biometrics.
生物特徵辨識技術主要是指透過人類生物特徵進行身分認證的一種技術,經由生物特徵辨識使得使用者不需要輸入密碼即可實現身分認證,方便又迅速。Biometric identification technology mainly refers to a technology that uses human biometrics for identity authentication. Through biometric identification, users can realize identity authentication without entering a password, which is convenient and fast.
現有的生物特徵辨識技術大多利用特定演算法提取生物特徵資料並儲存於驗證伺服器中,用於身分認證。Most of the existing biometric identification technologies use a specific algorithm to extract biometric data and store it in an authentication server for identity authentication.
生物特徵主要為指紋、人臉、虹膜、靜脈、聲紋等,生物特徵具有唯一性、不變性,及可測量性等特點,然而,由於生物特徵具有上述特點,若生物特徵被竊取可能會造成使用者的隱私洩漏,且生物特徵無法掛失、變更,一旦驗證伺服器被駭客入侵,儲存在驗證伺服器的生物特徵資料被竊,則後果將無法估量。Biometrics are mainly fingerprints, faces, iris, veins, voiceprints, etc. Biometrics have the characteristics of uniqueness, invariance, and measurability. However, due to the above characteristics of biometrics, if biometrics are stolen, it may cause The user's privacy is leaked, and the biometrics cannot be reported or changed. Once the verification server is hacked and the biometric data stored in the verification server is stolen, the consequences will be immeasurable.
因此,本發明的目的,即在提供一種不需要將生物特徵資料儲存於驗證伺服器的基於生物特徵的身分驗證方法。Therefore, the purpose of the present invention is to provide a biometric-based authentication method without storing biometric data in the authentication server.
於是,本發明基於生物特徵的身分驗證方法,用以驗證一攜帶有一使用者載具的使用者,由一驗證系統來實施,該驗證系統包括一驗證裝置及一驗證伺服器,該使用者載具及該驗證裝置經由一通訊網路與該驗證伺服器連接,該驗證伺服器儲存有多個私鑰,該使用者載具儲存有一公鑰及一驗證資料,該驗證資料包括一相關於該使用者的驗證用生物特徵,該方法包含一步驟(A)、一步驟(B)、一步驟(C)、一步驟(D),及一步驟(E)。Therefore, the biometric-based identity verification method of the present invention is used to verify a user carrying a user carrier, and is implemented by a verification system. The verification system includes a verification device and a verification server. The user carrier The device and the verification device are connected to the verification server via a communication network, the verification server stores a plurality of private keys, the user vehicle stores a public key and a verification data, the verification data includes a The method comprises a step (A), a step (B), a step (C), a step (D), and a step (E).
在該步驟(A)中,該驗證伺服器接收來自該驗證裝置的一由該驗證裝置擷取該使用者的生物特徵所產生的使用者生物特徵。In the step (A), the authentication server receives a user biometric feature generated by the authentication device capturing the user's biometric feature from the authentication device.
在該步驟(B)中,當該驗證伺服器接收到來自該使用者載具的一由該使用者載具利用該公鑰將該驗證資料加密的加密後驗證資料時,該驗證伺服器判定是否能以該等私鑰解密該加密後驗證資料。In the step (B), when the authentication server receives from the user vehicle an encrypted authentication data encrypted by the user vehicle using the public key, the authentication server determines that the authentication data is encrypted by the user vehicle. Whether the encrypted verification data can be decrypted with the private keys.
在該步驟(C)中,當該驗證伺服器判定出能以該等私鑰之其中一者解密該加密後驗證資料時,該驗證伺服器解密該加密後驗證資料。In the step (C), when the authentication server determines that the encrypted authentication data can be decrypted with one of the private keys, the authentication server decrypts the encrypted authentication data.
在該步驟(D)中,該驗證伺服器判定解密後的該加密後驗證資料的驗證用生物特徵與該使用者生物特徵是否匹配。In step (D), the verification server determines whether the verification biometric feature of the decrypted encrypted verification data matches the user biometric feature.
在該步驟(E)中,當該驗證伺服器判定出解密後的該加密後驗證資料的驗證用生物特徵與該使用者生物特徵匹配時,該驗證伺服器產生並傳送一驗證成功訊息至該驗證裝置。In the step (E), when the verification server determines that the verification biometrics of the decrypted encrypted verification data match the user's biometrics, the verification server generates and transmits a verification success message to the verification server. Verify the device.
本發明的功效在於:藉由該驗證伺服器收到來自該使用者載具該加密後驗證資料,並在判定出能以該等私鑰之其中一者解密該加密後驗證資料後,該驗證伺服器以該加密後驗證資料的驗證用生物特徵驗證該使用者的身分,而不需要儲存任何生物特徵資料。The effect of the present invention is: after the verification server receives the encrypted verification data from the user, and determines that the encrypted verification data can be decrypted with one of the private keys, the verification The server authenticates the identity of the user with the biometric feature based on the verification of the encrypted authentication data without storing any biometric data.
在本發明被詳細描述的前,應當注意在以下的說明內容中,類似的元件是以相同的編號來表示。Before the present invention is described in detail, it should be noted that in the following description, similar elements are designated by the same reference numerals.
參閱圖1、2,說明用來實施本發明基於生物特徵的身分驗證方法的一實施例的驗證系統1,該驗證系統1用以驗證一攜帶有一使用者載具2的使用者,並包含一驗證裝置11及一驗證伺服器12。1 and 2, an authentication system 1 for implementing an embodiment of the biometric-based identity authentication method of the present invention is described. The authentication system 1 is used to authenticate a user carrying a
該使用者載具2經由一通訊網路100連接該驗證伺服器12,並儲存有一公鑰及一驗證資料,該驗證資料包括一相關於該使用者的驗證用生物特徵、一相關於該使用者載具2的硬體資訊,及一相關於該使用者的個人資訊。該使用者載具2例如為智慧型手機,該通訊網路100例如為網際網路(Internet),該硬體資訊為代表該使用者載具2的唯一識別碼,例如國際行動裝置辨識碼(International Mobile Equipment Identity, IMEI)、行動裝置識別碼(Mobile Equipment Identifier, MEID),電子序列號(Electronic Serial Number, ESN),或媒體存取控制位址(Media Access Control Address, MAC Address),在本實施例中,該驗證用生物特徵例如為人臉特徵,在其他實施方式中,該驗證用生物特徵亦可為指紋特徵、虹膜特徵、靜脈特徵,或聲紋特徵,但不以此為限。The
該驗證裝置11包括一用以擷取生物特徵的生物特徵擷取模組111、一經由該通訊網路100連接該驗證伺服器12的通訊模組112,及一電連接該生物特徵擷取模組111及該通訊模組112的處理模組113。在本實施例中,該生物特徵擷取模組111例如為攝影機,用來擷取人臉影像,在其他實施方式中,該生物特徵擷取模組111亦可為指紋辨識器、虹膜辨識器、靜脈辨識器,或聲紋辨識器,不以此為限。The
該驗證伺服器12連接該通訊網路100,並儲存有多個私鑰、多筆分別對應該等私鑰的合法硬體資訊,及多筆分別對應該等私鑰的合法個人資訊。The
參閱圖1及圖3,說明該驗證系統1如何執行本發明基於生物特徵的身分驗證方法之該實施例。以下詳細說明該實施例所包含的步驟。Referring to FIG. 1 and FIG. 3 , it is described how the authentication system 1 implements the embodiment of the biometric-based authentication method of the present invention. The steps involved in this embodiment are described in detail below.
在步驟301中,該驗證裝置11的該生物特徵擷取模組111擷取該使用者的生物特徵,該驗證裝置11的該處理模組113產生一使用者生物特徵,並經由該驗證裝置11的該通訊模組112傳送該使用者生物特徵至該驗證伺服器12。In
在步驟302中,該使用者載具2利用該公鑰將該驗證資料加密成一加密後驗證資料,並經由該通訊網路100將該加密後驗證資料傳送至該驗證伺服器12。In
在步驟303中,該驗證伺服器12判定是否能以該等私鑰解密該加密後驗證資料。當該驗證伺服器12判定出不能以該等私鑰解密該加密後驗證資料時,流程進行步驟304;而當該驗證伺服器12判定出能以該等私鑰之其中一者解密該加密後驗證資料時,則流程進行步驟305。In
在步驟304中,該驗證伺服器12產生並經由該通訊網路100傳送一驗證失敗訊息至該驗證裝置11。In step 304 , the
在步驟305中,該驗證伺服器12利用該等私鑰之其中該者解密該加密後驗證資料。In
在步驟306中,該驗證伺服器12判定解密後的該加密後驗證資料的硬體資訊與步驟305用以解密的私鑰所對應的合法硬體資訊是否匹配。當該驗證伺服器12判定出解密後的該加密後驗證資料的硬體資訊與該合法硬體資訊不匹配時,流程進行步驟304;而當該驗證伺服器12判定出解密後的該加密後驗證資料的硬體資訊與該合法硬體資訊匹配時,則流程進行步驟307。In
在步驟307中,該驗證伺服器12判定解密後的該加密後驗證資料的個人資訊與步驟305用以解密的私鑰所對應的合法個人資訊是否匹配。當該驗證伺服器12判定出解密後的該加密後驗證資料的個人資訊與該合法個人資訊不匹配時,流程進行步驟304;而當該驗證伺服器12判定出解密後的該加密後驗證資料的個人資訊與該合法個人資訊匹配時,則流程進行步驟308。In
在步驟308中,該驗證伺服器12判定解密後的該加密後驗證資料的驗證用生物特徵與該使用者生物特徵是否匹配。當該驗證伺服器12判定出解密後的該加密後驗證資料的驗證用生物特徵與該使用者生物特徵不匹配時,流程進行步驟304;而當該驗證伺服器12判定出解密後的該加密後驗證資料的驗證用生物特徵與該使用者生物特徵匹配時,則流程進行步驟309。In
在步驟309中,該驗證伺服器12產生並經由該通訊網路100傳送一驗證成功訊息至該驗證裝置11。In
要特別注意的是,在本實施例中步驟301在步驟303之前,在其他實施方式中,步驟301可在步驟303~步驟308之間進行,不以此為限。It should be particularly noted that, in this embodiment,
要再注意的是,在本實施例中,在步驟303:該驗證伺服器12判定是否能以該等私鑰解密該加密後驗證資料後,還需要再進行步驟306:該驗證伺服器12判定解密後的該加密後驗證資料的硬體資訊與該合法硬體資訊是否匹配,以及進行步驟307:該驗證伺服器12判定解密後的該加密後驗證資料的個人資訊與該合法個人資訊是否匹配,以確認該加密後驗證資料是否為合法資料,並在確認該加密後驗證資料為合法資料後,再進行步驟308:該驗證伺服器12判定解密後的該加密後驗證資料的驗證用生物特徵與該使用者生物特徵是否匹配,以確認該使用者是否為該加密後驗證資料所相關的使用者,在其他實施方式中,在步驟303後,可僅進行步驟306或步驟307之其中一者,再進行步驟308,亦或是在步驟303後,直接進行步驟308,不以此為限。It should be further noted that, in this embodiment, after step 303: the
綜上所述,本發明基於生物特徵的身分驗證方法,藉由該驗證伺服器12接收來自該使用者載具2的該加密後驗證資料,並在判定出能以該等私鑰之其中一者解密該加密後驗證資料後,且在判定出解密後的該加密後驗證資料的硬體資訊與該合法硬體資訊,以及解密後的該加密後驗證資料的個人資訊與該合法個人資訊匹配後,該驗證伺服器12以該加密後驗證資料的驗證用生物特徵驗證該使用者的身分,而不需要儲存任何生物特徵資料,故確實能達成本發明的目的。To sum up, in the biometric-based authentication method of the present invention, the
惟以上所述者,僅為本發明的實施例而已,當不能以此限定本發明實施的範圍,凡是依本發明申請專利範圍及專利說明書內容所作的簡單的等效變化與修飾,皆仍屬本發明專利涵蓋的範圍內。However, the above are only examples of the present invention, and should not limit the scope of implementation of the present invention. Any simple equivalent changes and modifications made according to the scope of the patent application of the present invention and the contents of the patent specification are still included in the scope of the present invention. within the scope of the invention patent.
1:驗證系統
11:驗證裝置
111:生物特徵擷取模組
112:通訊模組
113:處理模組
12:驗證伺服器
100:通訊網路
2:使用者載具
301~309:步驟1: Verify the system
11: Verification device
111: Biometric Capture Module
112: Communication module
113: Processing modules
12: Verify the server
100: Communication Network
2:
本發明的其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中: 圖1是一方塊圖,說明用來實施本發明基於生物特徵的身分驗證方法的一實施例的一驗證系統; 圖2是一示意圖,說明該驗證系統;及 圖3是一流成圖,說明本發明基於生物特徵的身分驗證方法的該實施例。Other features and effects of the present invention will be clearly presented in the embodiments with reference to the drawings, wherein: 1 is a block diagram illustrating an authentication system for implementing an embodiment of the biometric-based authentication method of the present invention; Figure 2 is a schematic diagram illustrating the verification system; and 3 is a flow-through diagram illustrating this embodiment of the biometric-based authentication method of the present invention.
301~309:步驟301~309: Steps
Claims (5)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW109117180A TWI736280B (en) | 2020-05-22 | 2020-05-22 | Identity verification method based on biometrics |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW109117180A TWI736280B (en) | 2020-05-22 | 2020-05-22 | Identity verification method based on biometrics |
Publications (2)
Publication Number | Publication Date |
---|---|
TWI736280B TWI736280B (en) | 2021-08-11 |
TW202145036A true TW202145036A (en) | 2021-12-01 |
Family
ID=78283105
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW109117180A TWI736280B (en) | 2020-05-22 | 2020-05-22 | Identity verification method based on biometrics |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI736280B (en) |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130342314A1 (en) * | 2012-06-22 | 2013-12-26 | Gun Chen | Smart lock structure and operating method thereof |
CN106296197A (en) * | 2015-06-25 | 2017-01-04 | 深圳市中兴微电子技术有限公司 | A kind of method, apparatus and system of payment |
TWI573921B (en) * | 2015-07-06 | 2017-03-11 | 陳啟揚 | Method And System Of Unlocking Digital Lock |
CN106899570B (en) * | 2016-12-14 | 2019-11-05 | 阿里巴巴集团控股有限公司 | The processing method of two dimensional code, apparatus and system |
TWI666908B (en) * | 2018-04-27 | 2019-07-21 | 來毅數位科技股份有限公司 | Key management method and system |
-
2020
- 2020-05-22 TW TW109117180A patent/TWI736280B/en active
Also Published As
Publication number | Publication date |
---|---|
TWI736280B (en) | 2021-08-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20180082050A1 (en) | Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device | |
JP5859953B2 (en) | Biometric authentication system, communication terminal device, biometric authentication device, and biometric authentication method | |
CN107294900B (en) | Identity registration method and device based on biological characteristics | |
CN109005155B (en) | Identity authentication method and device | |
US9654468B2 (en) | System and method for secure remote biometric authentication | |
CN102045367B (en) | Registration method and authentication server of real-name authentication | |
US9384338B2 (en) | Architectures for privacy protection of biometric templates | |
CN110290134B (en) | Identity authentication method, identity authentication device, storage medium and processor | |
JP2018521417A (en) | Safety verification method based on biometric features, client terminal, and server | |
KR20070024633A (en) | Renewable and private biometrics | |
JP7309261B2 (en) | Authentication method for biometric payment device, authentication device for biometric payment device, computer device, and computer program | |
US20190311100A1 (en) | System and methods for securing security processes with biometric data | |
CN111541713A (en) | Identity authentication method and device based on block chain and user signature | |
JP2008167107A (en) | Challenge response authentication method using public key infrastructure | |
CN109960916A (en) | A kind of identity authentication method and system | |
KR20210006329A (en) | Remote biometric identification | |
EP3443501B1 (en) | Account access | |
CN113779534A (en) | Personal information providing method and service platform based on digital identity | |
CN112887308B (en) | Non-inductive network identity authentication method and system | |
TWI736280B (en) | Identity verification method based on biometrics | |
US11671475B2 (en) | Verification of data recipient | |
CN114070571A (en) | Method, device, terminal and storage medium for establishing connection | |
Johnson et al. | With vaulted voice verification my voice is my key | |
KR101705293B1 (en) | Authentication System and method without secretary Password | |
TW202101299A (en) | Multi-factor dynamic quick response code authentication system and method |