WO2010020658A1 - Procédé cryptographique et procédé d’identification sur la base de données biométriques - Google Patents
Procédé cryptographique et procédé d’identification sur la base de données biométriques Download PDFInfo
- Publication number
- WO2010020658A1 WO2010020658A1 PCT/EP2009/060718 EP2009060718W WO2010020658A1 WO 2010020658 A1 WO2010020658 A1 WO 2010020658A1 EP 2009060718 W EP2009060718 W EP 2009060718W WO 2010020658 A1 WO2010020658 A1 WO 2010020658A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- data
- values
- biometric
- determined
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
Definitions
- the present invention relates to a method for encrypting and / or signing data by means of at least one key.
- the message or part of the message is encrypted by the sender with the secret key.
- the recipient of the message decrypts the message with the public key and compares it with the additionally transmitted unencrypted message or partial message and can determine if it matches that the signature originated from the owner of the secret key and no one since the encrypted part of the document has changed.
- symmetric methods In addition to the asymmetric methods with a public and a secret key, there are also so-called symmetric methods in which only a secret key is used for encryption and decryption.
- Known symmetrical methods are the Drive according to the Data Encryption Standard (DES method) or the Advanced Encoding Standard (AES method). This method is a block ciphering method in which information blocks are encrypted with keys of a certain length.
- the problem is that at least one secret key must be stored in order to have it available for encryption and / or decryption. So if the secret key falls into the wrong hands, the encryption system is ineffective. Overall, the system is only as secure as the secret key is protected against unauthorized access.
- the present invention thus has the object to provide an encryption method and a method for signing data, which has a higher security compared to the known methods.
- the corresponding encryption and / or Signierbacter should be easy to implement and feasible.
- a software program product for implementing the method to data processing systems and appropriately protected memory areas are to be made available.
- the invention is based on the recognition that compared to stored keys for encrypting and / or signing data thereby a higher security standard can be achieved when the corresponding secret key does not need to be stored, but can be generated again and again in a reproducible manner.
- biometric methods such as those used to identify persons in access control to security-relevant areas, such as secure houses and the like or in access to data processing systems, can be used correspondingly to at least one of them in a reproducible manner So to generate the secret key.
- biometric methods for identifying persons are described, for example, in WO 98/06020 A1 or US Pat. No.
- biometric information can be used, such as the image of the eyes, in particular the iris, image of the face or the image of a fingerprint.
- At least one characteristic parameter can be determined, which is used to determine the at least one key.
- several characteristic parameters of the biometric information can be used to determine the key.
- longer key can be obtained from several characteristic parameters by e.g. Create concatenation of the corresponding values of the characteristic parameters.
- the characteristic parameters may include, for example, with respect to images of the eyes, fingerprints, or faces, corresponding data about survey values such as eye distances, distances of the fingerprint lines, or density of the fingerprint lines, or the like.
- the characteristic parameters may comprise different values.
- these may include values regarding the holding time of all or certain keys, the transition period from releasing one key to pressing the next key, the transition period from releasing one key to releasing the next key, the transition period from pressing a key to pressing the next key , the frequency or frequency of errors, the tip rate, ie the number of words typed in a certain time, the velocity of the attack, So be the number of actuated keys in a certain time, etc.
- the tip rate ie the number of words typed in a certain time, the velocity of the attack, So be the number of actuated keys in a certain time, etc.
- single or multiple repetitions, ie pressing the next key before the previous key is released the frequency of use of certain function keys, the selection of alternatively available keys, such as the selection of the left or right shift key or the like be used.
- statistical values such as frequency distributions or probability values, can be determined from this.
- characteristic parameters also other special temporal or key-related abnormalities can be used.
- numerical values representing the key can then be determined via mathematical functions. For example, average values may be determined from the characteristic parameters that correspond to at least one mathematical function, e.g. Division by a constant and / or rounding to be subjected. The corresponding numerical values can be used as keys since they are generated reproducibly.
- a one-way function can be performed, in which it is possible to calculate a result in a calculation direction very quickly, while the reverse direction, so the backward calculation is very time consuming.
- values may be determined, for example, according to the characteristic parameters of a biometric information, also called a biometric sample, such as the average holding time of all keys or a certain key and values of other characteristic parameters, then a one-way function is applied to determine a key.
- the key can comprise at least one numerical value or several numerical values.
- the numerical values can be determined such that the numerical values for different biometric samples of one type, ie biometric information either from the typing behavior or from the face recognition, are constant for a person.
- equivalent numerical values are also determined, which, however, enable mutual encryption and decryption. This means that not every biometric sample, ie a person's recorded biometric data, such as the recorded keypad data, must result in the identical numerical values or values of the key, but that different equivalent numerical values are possible, but that are equivalent in nature, that they allow for mutual encryption or decryption.
- the numerical value a is generated, while in the case of the detection of the sample B the numerical value b is determined.
- the numerical values a and b are equivalent so that encryption with the key based on the numerical value a and decryption with the key on the basis of the numerical value b is possible, and vice versa.
- a key can be generated or even a key pair or multiple keys so that in a key pair similar to the PGP method one of the keys can be provided as a public key.
- the generation of a key or a plurality of keys can also simplify an identification procedure for a person in such a way that complex comparison of reference patterns acquired in an access attempt with stored characteristic reference patterns no longer has to take place, but rather that of the characteristic parameters of FIG or the corresponding keys are generated and then only the keys are compared, ie the key generated during the access attempt with a stored reference key.
- the identification of a person can be simplified by generating a corresponding key.
- encrypted information can also be compared in order not to have to store a reference key.
- the method according to the invention which can preferably be realized as a computer program, allows data to be encrypted and decrypted without having to store a secret key of the corresponding person since the biometric data are always available again for generating the secret key.
- the numerical values for the key could be constant for different biometric samples or give equivalent numerical values.
- Tipproh stylist When typing a text that is to be sent as an encrypted message Tipproh stylist are detected, which exist for example in the timed sequence of key presses. From these tipproh data, also known as a biometric sample, characteristic parameters such as the average holding time of all keys or the average holding time of a certain key or the frequency distribution of holding periods of all keys or specific keys, the probabilities of typing errors, the probability of their use determined certain keys etc.
- a secret key for symmetrical encryption and decryption can then be generated by corresponding methods, the key consisting of one or more numerical values.
- the numerical values can be determined, for example, by forming average values based on values of the characteristic parameters, such as, for example, the holding periods and the transition periods.
- the average values can be divided by a constant specified for the corresponding characteristic parameter and the result rounded to the nearest integer.
- the corresponding rounding results can be hanged together (concatenated) to form the key.
- the determined average value d fl of the first characteristic parameter fl is 103.5, while d_f2 of a second characteristic parameter f2 is 18, etc.
- the constant c fl is 15, while c_f 2 is 10.
- the rounded, concatenated values give 72 as the constant value of the biometric sample, e.g. a tip sample, and can be used as a key value.
- the so-called RSA system can form the basis for this.
- the next higher prime number can be determined from the determined characteristic values, and a so-called RSA modulus N can be calculated from two prime numbers by prime multiplication.
- the Euler function ⁇ can be applied to the RSA module, which serves to determine the second numerical value next to the RSA module for, for example, the public key. For example, a divisive number e greater than 1 and less than the value of the euler function of the RSA module N can be selected. From this, the second numerical value of the secret or private key d can then be determined as a multiplicative inverse of the modulus of the Euler function ⁇ (N).
- the recipient can determine whether the text has been changed when sending and actually comes from the owner of the secret key to the public key.
- the recipient of the public key can send messages to the person from whom the biometric data originates in an encrypted manner by using the
- Encrypted message with the public key and the recipient decrypts the encrypted message with the secret key.
- the secret key can be generated at any time by the recipient from his biometric information available only to him, for example when identifying the recipient via the biometrics. see data when logging in to the data processing system over which the encrypted message is received.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Collating Specific Patterns (AREA)
- Storage Device Security (AREA)
Abstract
La présente invention concerne un procédé pour chiffrer et/ou signer des données avec au moins une clé, laquelle clé étant définie à partir d'un échantillon biométrique. La présente invention concerne en outre un procédé pour identifier une personne à l'aide d'un échantillon biométrique, ledit procédé consistant à déterminer des paramètres de l'échantillon biométrique et à déterminer à partir des paramètres au moins une clé qui sert ensuite à l'identification. La présente invention concerne en outre un produit-programme informatique correspondant et un emplacement de mémoire avec des données chiffrées à l'avenant.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
DE102008041392.5 | 2008-08-20 | ||
DE102008041392A DE102008041392A1 (de) | 2008-08-20 | 2008-08-20 | Kryptographieverfahren und Identifizierungsverfahren auf Basis biometrischer Daten |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2010020658A1 true WO2010020658A1 (fr) | 2010-02-25 |
Family
ID=41217573
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/EP2009/060718 WO2010020658A1 (fr) | 2008-08-20 | 2009-08-19 | Procédé cryptographique et procédé d’identification sur la base de données biométriques |
Country Status (2)
Country | Link |
---|---|
DE (1) | DE102008041392A1 (fr) |
WO (1) | WO2010020658A1 (fr) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5541994A (en) * | 1994-09-07 | 1996-07-30 | Mytec Technologies Inc. | Fingerprint controlled public key cryptographic system |
WO1999026372A1 (fr) * | 1997-11-14 | 1999-05-27 | Digital Persona, Inc. | Creation de cle de chiffrement au moyen de donnees biometriques |
EP1043862A2 (fr) * | 1999-04-08 | 2000-10-11 | Lucent Technologies Inc. | Génération de clés cryptographiques répétables basées sur des paramètres variables |
WO2002078249A8 (fr) * | 2001-03-23 | 2003-12-18 | Kent Ridge Digital Labs | Procede d'utilisation de donnees biometriques pour la creation de secret |
WO2006115491A1 (fr) * | 2005-04-25 | 2006-11-02 | Tecsec, Incorporated | Procede de chiffrement et commande fonctionnelle d'elements de donnees etiquetes |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
DE19631484C1 (de) | 1996-08-03 | 1998-03-05 | Dieter Bartmann | Verfahren zur Verifizierung der Identität eines Benutzers einer mit einer Tastatur zur Erzeugung alphanumerischer Zeichen zu bedienenden Datenverarbeitungsanlage |
KR19990009965A (ko) | 1997-07-14 | 1999-02-05 | 정명식 | 타자 패턴을 이용한 사용자 인증 방법 |
JPH11187007A (ja) * | 1997-12-17 | 1999-07-09 | Casio Comput Co Ltd | 暗号化・復号化装置およびその方法 |
US6694025B1 (en) * | 1999-06-02 | 2004-02-17 | Koninklijke Philips Electronics N.V. | Method and apparatus for secure distribution of public/private key pairs |
JP4519963B2 (ja) * | 1999-06-21 | 2010-08-04 | 富士通株式会社 | 生体情報の暗号化・復号化方法および装置並びに、生体情報を利用した本人認証システム |
JP2001168854A (ja) * | 1999-12-13 | 2001-06-22 | Sony Corp | 暗号鍵生成装置、暗号化・復号化装置および暗号鍵生成方法、暗号化・復号化方法、並びにプログラム提供媒体 |
EP1677537A1 (fr) * | 2004-12-31 | 2006-07-05 | Swisscom Mobile AG | Méthode et appareil pour la réception de données avec accès conditionnel et serveur distant |
JP4792771B2 (ja) * | 2005-03-07 | 2011-10-12 | ソニー株式会社 | データ処理方法およびデータ処理システム |
DE102006049814B4 (de) * | 2006-10-17 | 2009-08-06 | Fraunhofer-Gesellschaft zur Förderung der angewandten Forschung e.V. | Verfahren und Vorrichtung zum Erzeugen und Speichern von einer Geheimkombination zugeordneten Hilfsgrößen sowie zum Wiedergewinnen der Geheimkombination |
-
2008
- 2008-08-20 DE DE102008041392A patent/DE102008041392A1/de not_active Withdrawn
-
2009
- 2009-08-19 WO PCT/EP2009/060718 patent/WO2010020658A1/fr active Application Filing
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5541994A (en) * | 1994-09-07 | 1996-07-30 | Mytec Technologies Inc. | Fingerprint controlled public key cryptographic system |
WO1999026372A1 (fr) * | 1997-11-14 | 1999-05-27 | Digital Persona, Inc. | Creation de cle de chiffrement au moyen de donnees biometriques |
EP1043862A2 (fr) * | 1999-04-08 | 2000-10-11 | Lucent Technologies Inc. | Génération de clés cryptographiques répétables basées sur des paramètres variables |
WO2002078249A8 (fr) * | 2001-03-23 | 2003-12-18 | Kent Ridge Digital Labs | Procede d'utilisation de donnees biometriques pour la creation de secret |
WO2006115491A1 (fr) * | 2005-04-25 | 2006-11-02 | Tecsec, Incorporated | Procede de chiffrement et commande fonctionnelle d'elements de donnees etiquetes |
Non-Patent Citations (1)
Title |
---|
JAIN A K ET AL: "Biometric Cryptosystems: Issues and Challenges", PROCEEDINGS OF THE IEEE, IEEE. NEW YORK, US, vol. 92, no. 6, 1 June 2004 (2004-06-01), pages 948 - 960, XP011112757, ISSN: 0018-9219 * |
Also Published As
Publication number | Publication date |
---|---|
DE102008041392A1 (de) | 2010-02-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
DE102009001718B4 (de) | Verfahren zur Bereitstellung von kryptografischen Schlüsselpaaren | |
DE69725659T2 (de) | Verfahren und Einrichtung zur Ablage eines in einem RSA-Kryptosystem benutzten Geheimschlüssels | |
DE102011120968B4 (de) | Erzeugen von sicheren Schlüsseln auf Anforderung | |
Blanton et al. | Secure and efficient protocols for iris and fingerprint identification | |
DE69731025T2 (de) | Verschlüsselungsverfahren, Entschlüsselungsverfahren und Beglaubigungsverfahren | |
EP2433241B1 (fr) | Procédé de codage | |
DE69534192T2 (de) | Verfahren zur gemeinsamen Nutzung einer geheimen Information, zur Erzeugung einer digitalen Unterschrift und zur Ausführung einer Beglaubigung in einem Kommunikationssystem mit mehreren Informationsverarbeitungseinrichtungen und Kommunikationssystem zur Anwendung dieses Verfahrens | |
EP2340502B1 (fr) | Système de traitement de données pour préparer des clés d'autorisation | |
DE102016002792A1 (de) | Biometrie-Geheimnis-Bindungsschema mit verbessertem Datenschutz | |
EP3443705B1 (fr) | Procédé et dispositif d'établissement d'une communication sécurisée entre un premier dispositif de réseau (initiateur) et un deuxième dispositif de réseau (répondant) | |
EP2810400B1 (fr) | Procédé d'authentification et d'identification cryptographique à chiffrement en temps réel | |
DE102015208142A1 (de) | Kompakter unscharfer privater Abgleich unter Verwendung einer vollhomomorphen Verschlüsselungsmethode | |
EP2656535B1 (fr) | Procédé cryptographique | |
DE10148415C2 (de) | Verfahren und Vorrichtung zum Verschlüsseln und Entschlüsseln von Daten | |
EP1687932B1 (fr) | Autorisation d'une transaction | |
DE69826778T2 (de) | Vorrichtungen zum Verschlüsseln und Entschlüsseln einer Schlüsselwiedergewinnungsbedingung | |
WO2010020658A1 (fr) | Procédé cryptographique et procédé d’identification sur la base de données biométriques | |
DE60021985T2 (de) | Verfahren ind vorrichtung zur sicheren erzeugung von öffentlichen/geheimen schlüsselpaaren | |
DE102017202940A1 (de) | Verfahren und Vorrichtung zum Erzeugen kryptografischer Schlüssel | |
DE102006049814B4 (de) | Verfahren und Vorrichtung zum Erzeugen und Speichern von einer Geheimkombination zugeordneten Hilfsgrößen sowie zum Wiedergewinnen der Geheimkombination | |
WO2001022654A1 (fr) | Procede de decryptage de documents cryptes selon un procede de cryptage hybride en cas de perte de la cle cryptographique privee | |
EP0616447B1 (fr) | Procédé de transmission sécurisée de données par une liaison non sécurisée | |
Costanzo | Biometric cryptography: Key generation using feature and parametric aggregation | |
DE102017202952A1 (de) | Zugangskontrollvorrichtung und Verfahren zur Authentisierung einer Zugangsberechtigung | |
EP2288073A1 (fr) | Dispositif destiné au codage de données |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 09781988 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 09781988 Country of ref document: EP Kind code of ref document: A1 |