WO2019114813A1 - Biometric authentication system and method - Google Patents

Biometric authentication system and method Download PDF

Info

Publication number
WO2019114813A1
WO2019114813A1 PCT/CN2018/121086 CN2018121086W WO2019114813A1 WO 2019114813 A1 WO2019114813 A1 WO 2019114813A1 CN 2018121086 W CN2018121086 W CN 2018121086W WO 2019114813 A1 WO2019114813 A1 WO 2019114813A1
Authority
WO
WIPO (PCT)
Prior art keywords
template
password
biometric
encryption
matching
Prior art date
Application number
PCT/CN2018/121086
Other languages
French (fr)
Chinese (zh)
Inventor
杨骅
来诺依德⋅康斯维奇
凯文⋅霍罗维兹
Original Assignee
红石生物特征科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from CN201811528719.7A external-priority patent/CN109961291A/en
Application filed by 红石生物特征科技有限公司 filed Critical 红石生物特征科技有限公司
Priority to US16/954,179 priority Critical patent/US20210160076A1/en
Publication of WO2019114813A1 publication Critical patent/WO2019114813A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists

Definitions

  • the present invention relates to a biometric authentication system and method.
  • biometrics technology With the continuous development of biometrics technology, people began to apply biometric technology to financial fields such as bank deposit/deposit, mobile payment, etc., such as establishing communication between mobile phones, banks, and merchants, and authenticating corresponding biometrics and other identity information. To achieve online payment operations.
  • biometric information encryption there are still many security vulnerabilities in the prior art online payment and offline access and payment systems such as ATM machines.
  • the existing encryption methods cannot guarantee the absolute security of user information.
  • the biometric identification/authentication system generally compares the biometric template pre-stored by the user with the biometric feature collected by the user when the user authenticates. If the two match, the user passes the system authentication, and the existing biometric identification system is in the biometric template. There are three main ways to store:
  • Biometric templates can be stored in cards such as ID cards, bank cards, etc. that can be used to tag users.
  • the memory chips of such cards are usually read-only and have hardware encryption functions as creatures.
  • the storage medium of the feature template has high security.
  • the special ID card increases the production cost.
  • the use of a special ID card requires a specific reading device, which limits the user's use of the biometric template.
  • Biometric templates can be centrally stored on a networked server.
  • the advantage of this approach is that user authentication can be done on all terminal devices connected to the server.
  • servers that store biometric templates become the focus of hackers. Once the server is stolen, it will lead to the leakage of a large number of biometric templates, and the protection of user privacy is seriously harmed.
  • the biometric template can be stored on the user's personal device.
  • the personal device usually has various communication modules, and the user can directly connect to the server or the terminal device through the network or near field communication to perform identity. Authentication, at the same time, distributed storage also reduces the possibility of hacking, but personal devices are vulnerable to physical theft, and the security of individual devices is not as good as the server.
  • CN201510063624.2 discloses a payment method and system based on Bluetooth technology and biometric identification, and proposes to use Bluetooth search to limit the user range to improve recognition efficiency. And a scheme for encrypting the collected user biometrics, but it needs to match the current payer's biometrics with all potential payers, resulting in a large amount of matching operations, and the biometric template pre-stored on the server is not encrypted or solved. Passwords and encryption templates may be stored on the server, which may cause serious security problems; CN107196765A, discloses a remote biometric identity authentication method that enhances privacy protection, and improves the encryption of biometric templates and the encryption algorithm of data transmission process. .
  • the present invention discloses a biometric authentication system, which includes mutually independent template end and password end, and the template end is used for storing an encryption template generated by biometric template encryption, and the password end is used. And storing a decryption code that can decrypt the encrypted template.
  • the template end is one of a personal device and a server, and correspondingly, the password end is the other of the personal device and the server.
  • the biometric authentication system further includes an acquisition end, the collection end is the personal device, or the collection end is a terminal device connected to the server.
  • the biometric authentication system further includes a matching end for matching the biometric template and the biometric feature, and the matching end acquiring the solution from the password end.
  • a password the encryption template is obtained from the template end, and the encryption template is decoded according to the decryption code to obtain the biometric template; the matching end further acquires a biometric from the collection end.
  • the matching end is the personal device, the server, or the terminal device.
  • the collecting end is the same device as the template end, or the collecting end and the password end are the same device.
  • the matching end is the same device as the template end, or the matching end and the password end are the same device.
  • the matching end is the same device as the collecting end.
  • a biometric authentication method using the biometric authentication system according to the first aspect of the present invention wherein the registration phase comprises the steps of:
  • the identification code is generated by the encryption template, and the identification code uniquely corresponds to the encryption template.
  • the identification code is the same as the encryption code.
  • the data transfer between the ends is performed in an asymmetrically encrypted manner.
  • a biometrics authentication method using the biometrics authentication system of the first aspect of the present invention wherein the authentication phase comprises the steps of:
  • the collecting end collects a biometric feature, and the template end determines an encryption template that needs to be matched according to the identification code, and the password end determines, according to the identification code, a decryption code that needs to be matched;
  • the matching end obtains the encryption template, the decryption code, and the biometric feature from the template end, the password end, and the collection end, respectively, and the matching end decodes the encryption template by decoding the password and matches the biometric with the biometric feature.
  • the matching result is transmitted to the terminal device;
  • the data transfer between the ends is performed in an asymmetrically encrypted manner.
  • the acquiring the biometric feature at the collecting end refers to acquiring the biometric image or the biometric code using the collecting end.
  • the biometric feature is one or more of the following: (1) palm print; (2) human face; (3) eye print; (4) iris.
  • a fourth aspect of the present invention provides a biometric authentication method using the biometric authentication system according to the first aspect of the present invention, including a user registration phase, where the user registration phase includes the following steps:
  • the password end generates a pair of passwords, including adding a password, decrypting the password, and generating an identification code;
  • the password end sends the identification code to the template end, and sends the encryption code to the collection end directly or through a template end.
  • S173 The collecting end collects a biometric as an original template, and encrypts the biometric with the encryption code to form an encryption template.
  • S174 The collecting end sends the encryption template to the template end.
  • the collection end and the template end are the same device.
  • the collecting end and the password end are the same device.
  • a biometric authentication method using the biometric authentication system according to the first aspect of the present invention comprising a user authentication phase, the user authentication phase comprising the steps of:
  • the personal device sends the identification code to the server. If the personal device is the template end, the server uses the identification code to find the corresponding decryption password as the password end. If the personal device is the password end, the server uses the identification code to find the corresponding encryption. template;
  • S202 The template end sends the encryption template to the matching end, and the password end sends the decryption password to the matching end;
  • S203 The matching end decodes the encrypted template stored by the template end by using the decryption code
  • S204 The collecting end collects a biometric feature and sends the biometric feature to the matching end.
  • S207 The matching end deletes data acquired from other ends
  • the collection end is the same device as the template end or the password end.
  • the matching end is the same device as the template end or the password end.
  • the matching end is the same device as the collecting end.
  • step S204 further includes:
  • S2041 Generate a second password pair, including a second encryption password and a second decryption password, for encrypted transmission of biometrics;
  • S2042 Send the second encryption password to the collection end, and send the second decryption password to the matching end;
  • the collecting end encrypts the biometric feature to form an encryption feature by using the second encryption code, and sends the encryption feature to a matching end;
  • the matching end uses the second decryption code to decode the encryption feature to obtain the biometric feature.
  • the matching end further comprises a matching end, the matching end has a computing capability, can decrypt the encryption model, and matches the decrypted template with a biometric image, and the matching result can be used for identity authentication. After the matching is completed, the matching end will delete the encryption. And the decrypted template and the decryption code.
  • the collecting end is further provided with a biometric collecting hardware, such as a camera, and collecting hardware features of the user by using the collecting hardware to generate a biometric image or a feature code, if the template end, the password end, and the matching end have
  • a biometric collecting hardware such as a camera
  • collecting hardware features of the user by using the collecting hardware to generate a biometric image or a feature code, if the template end, the password end, and the matching end have
  • the hardware for collecting biometrics can also be the same device as the acquisition end.
  • the invention proposes a system scheme for safely storing a biometric template, that is, encrypting the biometric template immediately after the biometric template is generated, and storing the encrypted template and the decrypted password separately on the server and the personal device, only when the user is connected by the server.
  • the terminal device collects the decrypted password and the encrypted template in one place, and generates a template that can be used for matching. After the matching is completed, the decrypted password and the encrypted and decrypted template are immediately cleared. In this way, when the personal device or the server is stolen unilaterally, only the password or the encryption template is leaked, and the stealer cannot obtain the biometric information of the stolen user through them.
  • FIG. 1(a) and 1(b) are schematic diagrams showing the generation of an identification code and an encryption template in a biometric authentication method and system provided by the present invention
  • FIGS. 2(a) and 2(b) are schematic diagrams showing the encryption, decryption and storage locations in the biometric authentication method and system provided by the present invention
  • FIG. 3 is a schematic diagram of a user registration process in a biometric authentication method and system provided by the present invention.
  • FIG. 4 is a second schematic diagram of a user registration process in the biometric authentication method and system provided by the present invention.
  • FIG. 5 is a third schematic diagram of a user registration process in the biometric authentication method and system provided by the present invention.
  • FIG. 6 is a fourth schematic diagram of a user registration process in the biometric authentication method and system provided by the present invention.
  • FIG. 7 is a schematic diagram of a user authentication process in a biometric authentication method and system provided by the present invention.
  • FIG. 8 is a second schematic diagram of a user authentication process in the biometric authentication method and system provided by the present invention.
  • FIG. 9 is a third schematic diagram of a user authentication process in the biometric authentication method and system provided by the present invention.
  • FIG. 10 is a fourth schematic diagram of a user authentication process in the biometric authentication method and system provided by the present invention.
  • FIG. 11 is a fifth schematic diagram of a user authentication process in the biometric authentication method and system provided by the present invention.
  • FIG. 12 is a sixth schematic diagram of a user authentication process in a biometric authentication method and system provided by the present invention.
  • FIG. 13 is a schematic diagram of a user authentication process in the biometric authentication method and system provided by the present invention.
  • FIG. 14 is a schematic diagram of a user authentication process in the biometric authentication method and system provided by the present invention.
  • biometric template refers to a biometric of a pre-stored user during registration, and the pre-existing biometrics will be matched or compared with the biometrics collected at the time of authentication for identity authentication;
  • biological characteristics refers to physiological characteristics inherent in the human body, such as fingerprints, palm prints, irises, facial phases, DNA, etc.;
  • biometric image refers to image data such as pictures, videos, and the like of a biometric image captured by a camera or an image capture device;
  • biometric code refers to a mathematically-formed data or computer code of a vector, matrix, or the like of a biometric obtained directly in a form other than a biometric image, or obtained by processing a biometric image;
  • encryption template refers to a biometric template in which a biometric image or biometric code is encrypted
  • a "personal device” may be a personal device such as a mobile phone, a tablet, a computer, a smart watch or the like that is privately owned or used by the user;
  • a “server” may be a server used by an authentication service provider or a payment service provider to store, provide a network or communication connection, or may be a computer node in a network;
  • the "terminal device” may be an ATM device, a counter, a self-service server, or the like, which is set by an authentication service provider or a payment service provider;
  • the "collection end”, the “matching end”, the “password end”, and the “template end” are concepts defined according to the roles played by the personal device, the server, and the terminal device in the registration process or the authentication process.
  • the correspondence between each end and each device changes with the change of the solution. According to the actual situation, each end will have a coincidence.
  • the collection end and the matching end are both personal devices (registration method embodiment 1), the collection end and the matching.
  • the terminals are all terminal devices (the first embodiment of the authentication method). For the various cases, please refer to the following examples.
  • asymmetric encryption is a type of key algorithm, which is characterized in that a ciphering code and a ciphering code are generated in pairs, and the code values of the two are different, and the cryptographic calculation cannot be used to calculate the solution under the achievable calculation amount.
  • the password encrypted by the encryption code, can be decrypted by decrypting the password.
  • the biometric authentication method and system of the present invention separately store the biometric encryption template and the decryption password in two places, one for the personal device, including the mobile phone, the computer, the tablet computer, and the virtual reality helmet.
  • the other is a server connected to the terminal device, so that even if the server is compromised, it is still difficult for the hacker to pass the authentication of the authentication system because one of the decryption password or the encryption template is saved on the personal device.
  • the decryption password is stored in the personal device
  • the encryption template is stored in the server.
  • the personal device is the password end, and the server is the template end; (2) the encryption template is stored in the personal device, and the decryption code is stored. On the server, the personal device is the template end and the server is the password end.
  • the above solution password can be in the form of an asymmetric key.
  • Embodiment 1 of the registration method uses a personal device camera to collect a template, and the encryption template is stored in the personal device, and the decryption code is stored in the server, and the specific steps include: (FIG. 3):
  • Step1 The personal device establishes a connection with the server
  • Step 2 The server generates a pair of asymmetric passwords, plus password A and solution password B, and an identification code C.
  • Step 3 The server sends the encryption code A and the identification code C to the personal device;
  • Step4 The user uses the personal device camera to collect the biometrics to create an original template, and encrypts it with the encryption code A to generate an encryption template;
  • Step5 The personal device sends a confirmation to the server
  • Step 6 The server saves the records of the decryption password B and the identification code C;
  • Step 7 The personal device saves the encryption template and the identification code C, and clears the original template
  • the terminal device such as near field communication
  • the personal device is a collection end, and is also a template end, and the server is a password end.
  • the principle of other embodiments is similar, but the coincidence of each end and the correspondence between each end and each device may be different. .
  • the terminal device is used to collect the template, the encryption template is stored in the server, and the decrypted password is stored in the personal device.
  • the specific steps include: (FIG. 4):
  • Step1 The personal device establishes a connection with the terminal device and the server;
  • Step 2 The personal device generates a pair of asymmetric passwords, plus password A and solution password B, and an identification code C.
  • Step3 The personal device sends the encryption code A and the identification code C to the server;
  • Step4 The user uses the terminal device camera to collect biometrics to create an original template
  • Step 5 The terminal device obtains the encryption password A from the server, and encrypts the original template with the encryption password A to form an encryption template, and transmits the encryption template to the server;
  • Step6 The server sends a confirmation to the personal device
  • Step 7 The personal device saves the record of the decryption password B and the identification code C;
  • Step 8 The server saves the encryption template and the identification code C, and clears the original template.
  • the third embodiment of the registration method uses a personal device camera to collect a template, the encryption template is stored in the server, and the decryption code is stored in the personal device, and the specific steps include: (FIG. 5):
  • Step1 The personal device establishes a connection with the server
  • Step 2 The personal device generates a pair of asymmetric passwords, plus password A and solution password B, and an identification code C.
  • Step3 The user uses the personal device camera to collect the user biometrics to create an original template
  • Step 4 The personal device encrypts the original template with the encryption code A to form an encryption template, and transmits the encryption template and the identification code C to the server;
  • Step 5 The server sends a confirmation to the personal device
  • Step 6 The personal device saves the records of the decryption password B and the identification code C, and clears the original and the encryption template;
  • Step7 The server saves the encryption template and the identification code C;
  • the terminal device is used to collect the template, the encryption template is stored in the personal device, and the decrypted password is stored in the server.
  • the specific steps include: (FIG. 6):
  • Step1 The personal device establishes a connection with the terminal device and the server;
  • Step2 The server generates a pair of asymmetric passwords, plus password A and solution password B, and an identification code C;
  • Step3 The user creates an original template using the terminal device camera
  • Step 4 The terminal device obtains the encryption password A from the server, encrypts the original template with the encryption password A, and transmits the encryption template to the server;
  • Step 5 The server transmits the encryption template and the identification code C to the personal device;
  • Step6 The personal device sends a confirmation to the server
  • Step 7 The server saves the records of the decryption password B and the identification code C, and clears the original and the encryption template;
  • Step8 The personal device saves the encryption template and C;
  • Step 4 the terminal device can send the original template to the server, and the server encrypts the template.
  • the biometric authentication system can be used for authentication.
  • Embodiment 1 of the authentication method uses a terminal device camera to collect user biometrics, and the matching is completed in the terminal device, the encryption template is stored in the personal device, and the decryption password is stored in the server, and the specific steps include: (FIG. 7):
  • Step1 The personal device establishes a connection with the server and the terminal device;
  • Step 2 The personal device transmits the encryption template to the terminal device directly or through the server;
  • Step 3 The personal device transmits the identification code C to the server directly or through the terminal device;
  • Step 4 The server finds the decryption password B through the identification code C, and transmits the decryption password B to the terminal device;
  • Step 5 The terminal device decrypts the encryption template and opens the camera
  • Step 6 The terminal device camera collects the user biometrics, and the terminal device matches the decrypted template to complete the identity authentication;
  • Step 7 The terminal device clears the decryption password, the encryption template, and the decrypted template, and completes the subsequent operations according to the identity authentication result.
  • part of the steps may be replaced by the following means: in the case that the connection between the terminal device and the server is secure and trusted, for example, the two are the same device or connected through a secure intranet, the terminal device may send the collection to the server.
  • the biometrics are templated by the server and the identity authentication results are passed to the terminal device.
  • the terminal device is a collection end, and is also a matching end
  • the personal device is a template end
  • the server is a password end.
  • the principle of other embodiments is similar, but the coincidence of each end and the corresponding relationship between each end and each device may have The difference is not repeated here.
  • the template for encrypting the biometric information and the decryption code for decryption are stored in different devices separately, for example, the encryption template is stored in the personal device, and the decryption password is stored in the bank server, and the subsequent biometric identification system is needed. Verification, the terminal device must obtain both the encryption template stored in the personal device and the decryption code stored in the server, that is, separate storage and dual authentication are realized. Further, the matching process is performed by a terminal device other than the server and the personal device, and the terminal device can be randomly selected by the user (for example, an ATM machine is randomly selected), and at the same time, after the biometric identification system is verified, the terminal device is completed. The stored template and decryption password will be deleted immediately.
  • the second embodiment of the authentication method uses a personal device camera to collect user biometrics, the matching is completed in the terminal device, the encryption template is stored in the personal device, and the decryption password is stored in the server, and the specific steps include: (FIG. 8):
  • Step1 The personal device establishes a connection with the server and the terminal device;
  • Step 2 The personal device transmits the encryption template to the terminal device directly or through the server;
  • Step 3 The personal device transmits the identification code C to the server directly or through the terminal device;
  • Step 4 The server finds the decryption password B through the identification code C, and transmits the decryption password B to the terminal device;
  • Step 5 The server generates a pair of new asymmetric passwords, plus password A' and solution password B';
  • Step 6 The server sends the encryption code A' to the personal device, and sends the decryption code B' to the terminal device.
  • Step7 The user collects biometrics through the camera of the personal device
  • Step 8 The personal device encrypts the biometric with A' to become an encrypted biometric, and transmits the encrypted biometric and the encrypted template to the terminal device directly or through a server;
  • Step 9 The terminal device decrypts the template by using the decryption code B, decrypts the biometric feature with the decryption password B', and matches the two to complete the identity authentication;
  • Step 10 The terminal device clears the decryption password, the encryption template, the decrypted template, the encrypted biometrics, and the decrypted biometrics, and completes the subsequent operations according to the identity authentication result.
  • part of the steps may be replaced by the following means: in the case that the connection between the terminal device and the server is secure and trusted, for example, the two are the same device or connected through a secure intranet, the terminal device may send the collection to the server.
  • the biometrics are templated by the server and the identity authentication results are passed to the terminal device.
  • the third embodiment of the authentication method uses the terminal device camera to collect the user biometrics, the matching is completed in the personal device, the encrypted template is stored in the personal device, and the decrypted password is stored in the server, and the specific steps include: (FIG. 9):
  • Step1 The personal device establishes a connection with the server and the terminal device;
  • Step 2 The personal device transmits the identification code C to the server directly or through the terminal device;
  • Step3 The server finds the decryption password B through the identification code C, and transmits the decryption password B to the personal device;
  • Step4 The server generates a pair of new asymmetric passwords, plus a password A' and a decryption password B';
  • Step 5 The server sends a password A' to the terminal device, and sends a decryption code B' to the personal device;
  • Step 6 The user collects the user biometrics through the camera of the terminal device
  • Step 7 The terminal device encrypts the biometric feature with A' to form an encrypted biometric feature, and transmits the encrypted feature to the personal device directly or through a server;
  • Step 8 The personal device decrypts the template by using the decryption code B, decrypts the biometric feature with the decryption password B', and matches the two to complete the identity authentication;
  • Step 9 The personal device transmits the identity authentication result directly or through the server to the terminal device, and then clears the decryption password B, the decryption password B', the encrypted biometric feature, the decrypted biometric feature, the decrypted template, and only retains the original identification.
  • Code C and encryption template
  • Step 10 The terminal device completes the subsequent operations according to the authentication result.
  • the fourth embodiment of the authentication method uses a personal device camera to collect user biometrics.
  • the matching is completed in the personal device, the encrypted template is stored in the personal device, and the decrypted password is stored in the server.
  • the specific steps include: (FIG. 10):
  • Step1 The personal device establishes a connection with the server and the terminal device;
  • Step 2 The personal device transmits the identification code C to the server directly or through the terminal device;
  • Step 3 The server finds the decryption password B through the identification code C, and transmits the decryption password B to the personal device directly or through the terminal device;
  • Step4 The personal device decrypts the template with the decryption code B, and opens the camera;
  • Step 5 The personal device camera collects the user biometrics, and matches the decrypted template to complete the identity authentication on the personal device;
  • Step 6 The personal device transmits the identity authentication result to the terminal device directly or through the server, and then clears the decryption password B, the decrypted template, and the collected user biometrics, and only retains the original identification code C and the encryption template;
  • Step 7 The terminal device completes the subsequent operations according to the authentication result.
  • Embodiment 5 of the authentication method uses a personal device camera to collect user biometrics, the matching is completed in the personal device, the encrypted template is stored in the server, and the decrypted password is stored in the personal device, and the specific steps include: (FIG. 11):
  • Step1 The personal device establishes a connection with the server and the terminal device;
  • Step 2 The personal device transmits the identification code C to the server directly or through the terminal device;
  • Step 3 The server finds the encryption template through the identification code C, and transmits the encryption template to the personal device directly or through the terminal device;
  • Step4 The personal device uses the decryption B decryption template to open the camera;
  • Step 5 The personal device camera collects the user biometrics, matches them with the template, and completes identity authentication on the personal device;
  • Step 6 The personal device transmits the identity authentication result to the terminal device directly or through the server, and then clears the encryption template, the decrypted template, and the collected user biometrics, and only retains the original identification code C and the decryption password;
  • Embodiment 6 of the authentication method uses a personal device camera to collect user biometrics, the matching is completed in the terminal device, the encryption template is stored in the server, and the decrypted password is stored in the personal device, and the specific steps include: (FIG. 12):
  • Step1 The personal device establishes a connection with the server and the terminal device;
  • Step 2 The personal device transmits the identification code C to the server directly or through the terminal device;
  • Step 3 The server finds the encryption template through the identification code C and transmits it to the terminal device;
  • Step4 The server generates a pair of new asymmetric passwords, plus a password A' and a decryption password B';
  • Step 5 The server sends the encryption code A' to the personal device, and sends the decryption code B' to the terminal device;
  • Step6 The camera of the personal device collects biometrics
  • Step 7 The personal device encrypts the biometrics with A' to form an encrypted biometric, and transmits the encryption feature and the decryption password B directly or through the server to the terminal device;
  • Step 8 The terminal device decrypts the template by using the decryption code B, decrypts the biometric feature with the decryption password B', and matches the two to complete the identity authentication;
  • Step 9 The terminal device clears the decryption password, the encryption template, the decrypted template, the encrypted biometrics, and the decrypted biometrics, and completes the subsequent operations according to the identity authentication result.
  • part of the steps may be replaced by the following means: in the case that the connection between the terminal device and the server is secure and trusted, for example, the two are the same device or connected through a secure intranet, the terminal device may send the collection to the server.
  • the biometrics are templated by the server and the identity authentication results are passed to the terminal device.
  • Embodiment 7 of the authentication method uses the terminal device camera to collect the user biometrics, the matching is completed in the personal device, the encryption template is stored in the server, and the decrypted password is stored in the personal device, and the specific steps include: (FIG. 13):
  • Step1 The personal device establishes a connection with the server and the terminal device;
  • Step 2 The personal device transmits the identification code C to the server directly or through the terminal device;
  • Step3 The server finds the encryption template through the identification code C and transmits it to the personal device;
  • Step4 The server generates a pair of new asymmetric passwords, plus a password A' and a decryption password B';
  • Step 5 The server sends a password A' to the terminal device, and sends a decryption code B' to the personal device;
  • Step 6 The user collects biometrics through the camera of the terminal device
  • Step 7 The terminal device encrypts the biometrics with A' to form an encrypted biometric, and transmits the encrypted biometrics to the personal device directly or through a server;
  • Step 8 The personal device decrypts the template by using the decryption code B, decrypts the biometric feature with the decryption password B', and matches the two to complete the identity authentication;
  • Step 9 The personal device transmits the identity authentication result directly or through the server to the terminal device, and then clears the encryption template, the decrypted password B', the encrypted biometric feature, and the decrypted biometric feature, and only retains the original identification code C and the decryption password B;
  • Step 10 The terminal device completes the subsequent operations according to the authentication result.
  • the eighth embodiment of the authentication method uses the terminal device camera to collect the user biometrics, the matching is completed in the terminal device, the encryption template is stored in the server, and the decryption password is stored in the personal device, and the specific steps include: (FIG. 14):
  • Step1 The personal device establishes a connection with the server and the terminal device;
  • Step 2 the personal device transmits the decryption password B to the terminal device directly or through the server;
  • Step 3 The personal device transmits the identification code C to the server directly or through the terminal device;
  • Step 4 The server finds the encryption template through the identification code C, and transmits the encryption template to the terminal device;
  • Step 5 The terminal device decrypts the template by decrypting the password B, and opens the camera;
  • Step 6 The terminal device camera collects the user biometrics, matches the decrypted template, and completes the identity authentication in the terminal device.
  • Step 7 The terminal device clears the decrypted password and the original and decrypted encryption template, and completes the subsequent operations according to the identity authentication result.
  • part of the steps may be replaced by the following means: in the case that the connection between the terminal device and the server is secure and trusted, for example, the two are the same device or connected through a secure intranet, the terminal device may send the collection to the server. The image is compared by the server and the identity authentication result is passed to the terminal device.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Security & Cryptography (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • Physics & Mathematics (AREA)
  • General Business, Economics & Management (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Collating Specific Patterns (AREA)

Abstract

Provided is a biometric authentication system, comprising a template end and a password end, which are independent of each other, wherein the template end is used for storing an encrypted template generated by encrypting a biometric template, and the password end is used for storing a decryption code. The system further comprises a matching end, wherein the matching end acquires the decryption code from the password end and acquires the encrypted template from the template end, decrypts the encrypted template according to the decryption code and carries out template matching and completes identity authentication. The system separately arranges and stores an encrypted template and a decryption code, and combines the two only at the moment of matching, and immediately removes the two after matching is finished, thus realizing high security and solving the problem of existing online payment and offline deposit and withdrawal and payment systems, such as an ATM, having many security vulnerabilities.

Description

一种生物特征认证系统及方法Biometric authentication system and method 技术领域Technical field
本发明涉及一种生物特征认证系统及方法。The present invention relates to a biometric authentication system and method.
背景技术Background technique
随着生物识别技术领域的不断发展,人们开始将生物识别技术应用于银行提/存款、手机支付等金融领域,如通过建立手机、银行、商家之间的通讯,认证相应的生物特征等身份信息,从而实现线上支付操作。然而,尽管使用了生物特征信息加密,现有技术中线上支付以及ATM机等线下存取及支付系统仍然存在许多安全漏洞,现有的各种加密方式无法保证用户信息的绝对安全。With the continuous development of biometrics technology, people began to apply biometric technology to financial fields such as bank deposit/deposit, mobile payment, etc., such as establishing communication between mobile phones, banks, and merchants, and authenticating corresponding biometrics and other identity information. To achieve online payment operations. However, despite the use of biometric information encryption, there are still many security vulnerabilities in the prior art online payment and offline access and payment systems such as ATM machines. The existing encryption methods cannot guarantee the absolute security of user information.
生物特征识别/认证系统通常是将用户预先存储的生物特征模板与用户认证时采集的生物特征进行对比,如果两者匹配,则用户通过系统的认证,现有的生物特征识别系统在生物特征模板的存储方式上主要分为三种:The biometric identification/authentication system generally compares the biometric template pre-stored by the user with the biometric feature collected by the user when the user authenticates. If the two match, the user passes the system authentication, and the existing biometric identification system is in the biometric template. There are three main ways to store:
存于特制身份卡:生物特征模板可存于诸如身份证,银行卡等可以用于标记用户身份的卡里,这类卡的存储芯片通常是只读的且带有硬件加密的功能,作为生物特征模板的存储介质,具很高的安全性。但是特制身份卡增加了制作成本,同时,使用特制身份卡需要特定的读取装置,这一要求限制了用户使用生物特征模板的场合。Deposited in a special ID card: Biometric templates can be stored in cards such as ID cards, bank cards, etc. that can be used to tag users. The memory chips of such cards are usually read-only and have hardware encryption functions as creatures. The storage medium of the feature template has high security. However, the special ID card increases the production cost. At the same time, the use of a special ID card requires a specific reading device, which limits the user's use of the biometric template.
存于服务器上:生物特征模板可集中的存储在一个联网的服务器上。这一方式的优点是用户身份认证可以在所有与服务器连接的终端设备上进行。但是,存储生物特征模板的服务器会成为黑客攻击的焦点。而一旦服务器被盗入,将导致大量生物特征模板的泄露,对用户隐私的保护照成严重危害。Stored on the server: Biometric templates can be centrally stored on a networked server. The advantage of this approach is that user authentication can be done on all terminal devices connected to the server. However, servers that store biometric templates become the focus of hackers. Once the server is stolen, it will lead to the leakage of a large number of biometric templates, and the protection of user privacy is seriously harmed.
存于个人设备:生物特征模板可存于用户的个人设备上,与特制身份卡不同,个人设备通常拥有各类通信模块,用户可以通过网络或者近场通信与服务器或者终端设备直接连接,进行身份认证,同时,分布式的存储也降低了黑客攻击的可能性,但是,个人设备容易被物理盗取,而且单体设备的安全性不如服务器。In the personal device: the biometric template can be stored on the user's personal device. Unlike the special ID card, the personal device usually has various communication modules, and the user can directly connect to the server or the terminal device through the network or near field communication to perform identity. Authentication, at the same time, distributed storage also reduces the possibility of hacking, but personal devices are vulnerable to physical theft, and the security of individual devices is not as good as the server.
现有技术已有基于生物特征识别的支付方法和系统,比如,CN201510063624.2公开了一种基于蓝牙技术及生物特征识别的支付方法和系统,提出了使用蓝牙搜索限定用户范围以提高识别效率,以及在将采集的用户生物特征进行加密传输的方案,然而其需要对当前支付方 的生物特征与所有潜在支付方进行匹配导致匹配运算量较大,并且服务器上预存的生物特征模板没有加密或者解密码和加密模板可能均存储在服务器上会导致严重的安全问题;CN107196765A,公开了一种强化隐私保护的远程生物特征身份认证方法,对于生物特征模板的加密以及数据传输过程的加密算法提出了改进。The prior art has a biometrics-based payment method and system. For example, CN201510063624.2 discloses a payment method and system based on Bluetooth technology and biometric identification, and proposes to use Bluetooth search to limit the user range to improve recognition efficiency. And a scheme for encrypting the collected user biometrics, but it needs to match the current payer's biometrics with all potential payers, resulting in a large amount of matching operations, and the biometric template pre-stored on the server is not encrypted or solved. Passwords and encryption templates may be stored on the server, which may cause serious security problems; CN107196765A, discloses a remote biometric identity authentication method that enhances privacy protection, and improves the encryption of biometric templates and the encryption algorithm of data transmission process. .
有鉴于此,如何设计一种新的生物特征认证系统,以消除现有技术中的上述缺陷和不足,即简化了认证匹配的过程,又在注册和认证时将加密模板和解密码分置存放,仅在匹配的瞬间合于一处,而在匹配结束后立即清除,克服现有线上支付以及ATM机等线下存取及支付系统存在许多安全漏洞的问题,是业内相关技术人员亟待解决的一项课题。In view of this, how to design a new biometric authentication system to eliminate the above-mentioned defects and deficiencies in the prior art, that is, to simplify the process of authentication matching, and to store the encryption template and the decryption password separately during registration and authentication. It is a problem that the relevant technical personnel in the industry need to solve only when the matching moments are combined in one place and cleared immediately after the matching ends, overcoming the existing online payment and the existence of many security loops in the offline access and payment system of the ATM machine. Item.
发明内容Summary of the invention
为了实现上述发明目的,本发明所公开了一种生物特征认证系统,包括相互独立的模板端和密码端,所述模板端用于存储由生物特征模板加密生成的加密模板,所述密码端用于存储可解密所述加密模板的解密码。In order to achieve the above object, the present invention discloses a biometric authentication system, which includes mutually independent template end and password end, and the template end is used for storing an encryption template generated by biometric template encryption, and the password end is used. And storing a decryption code that can decrypt the encrypted template.
在另一优选例中,所述模板端为个人设备和服务器之一,相应地,所述密码端为所述个人设备和所述服务器中的另一个。In another preferred embodiment, the template end is one of a personal device and a server, and correspondingly, the password end is the other of the personal device and the server.
在另一优选例中,生物特征认证系统还包括采集端,所述采集端为所述个人设备,或者所述采集端为与所述服务器连接的终端设备。In another preferred embodiment, the biometric authentication system further includes an acquisition end, the collection end is the personal device, or the collection end is a terminal device connected to the server.
在另一优选例中,生物特征认证系统还包括匹配端和采集端,所述匹配端用于匹配所述生物特征模板和所述生物特征,所述匹配端从所述密码端获取所述解密码,从所述模板端获取所述加密模板,根据所述解密码解码所述加密模板,获取所述生物特征模板;所述匹配端还从所述采集端获取生物特征。In another preferred embodiment, the biometric authentication system further includes a matching end for matching the biometric template and the biometric feature, and the matching end acquiring the solution from the password end. a password, the encryption template is obtained from the template end, and the encryption template is decoded according to the decryption code to obtain the biometric template; the matching end further acquires a biometric from the collection end.
在另一优选例中,所述匹配端为所述个人设备、所述服务器或所述终端设备。In another preferred embodiment, the matching end is the personal device, the server, or the terminal device.
在另一优选例中,所述采集端与所述模板端是同一设备,或者,所述采集端与所述密码端是同一设备。In another preferred example, the collecting end is the same device as the template end, or the collecting end and the password end are the same device.
在另一优选例中,所述匹配端与所述模板端是同一设备,或者,所述匹配端与所述密码端是同一设备。In another preferred example, the matching end is the same device as the template end, or the matching end and the password end are the same device.
在另一优选例中,所述匹配端与所述采集端是同一设备。In another preferred embodiment, the matching end is the same device as the collecting end.
本发明第二方面,提供了一种利用本发明第一方面所述的生物特征认证系统进行的生物特征认证方法,其注册阶段包括步骤:According to a second aspect of the present invention, there is provided a biometric authentication method using the biometric authentication system according to the first aspect of the present invention, wherein the registration phase comprises the steps of:
(1)所述模板端和所述密码端建立连接,由所述模板端或者所述密码端生成一加密解密密码对和一辨识码;(1) establishing a connection between the template end and the password end, and generating an encryption and decryption password pair and an identification code by the template end or the password end;
(2)将生物特征生成生物特征模板并通过加密码进行加密形成加密模板,所述加密模 板与所述辨识码唯一对应;(2) Generating a biometric template from the biometric feature and encrypting by encrypting to form an encryption template, the encryption template uniquely corresponding to the identification code;
(3)所述加密模板以及所述辨识码存储在模板端,所述解密码以及所述辨识码存储在所述密码端,所有其他信息在各端清除。(3) The encryption template and the identification code are stored at the template end, and the decryption code and the identification code are stored at the password end, and all other information is cleared at each end.
在另一优选例中,所述辨识码由所述加密模板生成,辨识码与所述加密模板唯一对应。In another preferred example, the identification code is generated by the encryption template, and the identification code uniquely corresponds to the encryption template.
在另一优选例中,所述辨识码与加密码相同。In another preferred embodiment, the identification code is the same as the encryption code.
在另一优选例中,各端之间的数据传递以非对称加密的方式进行。In another preferred embodiment, the data transfer between the ends is performed in an asymmetrically encrypted manner.
本发明第三方面,提供了一种利用本发明第一方面所述的生物特征认证系统进行的生物特征认证方法,其认证阶段包括步骤:According to a third aspect of the present invention, there is provided a biometrics authentication method using the biometrics authentication system of the first aspect of the present invention, wherein the authentication phase comprises the steps of:
(a)所述采集端、匹配端、模板端和密码端建立连接;(a) establishing a connection between the collection end, the matching end, the template end, and the password end;
(b)所述采集端采集生物特征,所述模板端根据辨识码确定需要进行匹配的加密模板,所述密码端根据所述辨识码确定需要进行匹配的解密码;(b) The collecting end collects a biometric feature, and the template end determines an encryption template that needs to be matched according to the identification code, and the password end determines, according to the identification code, a decryption code that needs to be matched;
(c)所述匹配端从模板端、密码端和采集端分别获取所述加密模板、解密码和生物特征,所述匹配端通过解密码解码加密模板,并将其与所述生物特征进行匹配,匹配结果传至终端设备;(c) The matching end obtains the encryption template, the decryption code, and the biometric feature from the template end, the password end, and the collection end, respectively, and the matching end decodes the encryption template by decoding the password and matches the biometric with the biometric feature. The matching result is transmitted to the terminal device;
(d)当匹配结束后,除在所述模板端保存的所述加密模板和所述辨识码以及在所述密码端保存的所述解密码和所述辨识码外,所有其他信息在各端清除。(d) after the end of the matching, except for the encryption template and the identification code stored at the template end and the decryption code and the identification code stored at the password end, all other information is at each end Clear.
在另一优选例中,各端之间的数据传递以非对称加密的方式进行。In another preferred embodiment, the data transfer between the ends is performed in an asymmetrically encrypted manner.
在另一优选例中,所述采集端采集生物特征指的是,使用所述采集端获取生物特征图像或生物特征代码。In another preferred embodiment, the acquiring the biometric feature at the collecting end refers to acquiring the biometric image or the biometric code using the collecting end.
在另一优选例中,所述生物特征为以下中的一个或多个:(1)掌纹;(2)人脸;(3)眼纹;(4)虹膜。In another preferred embodiment, the biometric feature is one or more of the following: (1) palm print; (2) human face; (3) eye print; (4) iris.
本发明第四方面提供了一种利用本发明第一方面所述的生物特征认证系统进行的生物特征认证方法,包括用户注册阶段,所述用户注册阶段包括步骤:A fourth aspect of the present invention provides a biometric authentication method using the biometric authentication system according to the first aspect of the present invention, including a user registration phase, where the user registration phase includes the following steps:
S171:密码端生成一对密码,包括加密码、解密码,及生成一个辨识码;S171: The password end generates a pair of passwords, including adding a password, decrypting the password, and generating an identification code;
S172:所述密码端向所述模板端发送所述辨识码,并直接或通过模板端向采集端发送所述加密码;S172: The password end sends the identification code to the template end, and sends the encryption code to the collection end directly or through a template end.
S173:所述采集端采集生物特征作为原始模板,使用所述加密码加密所述生物特征形成加密模板;S173: The collecting end collects a biometric as an original template, and encrypts the biometric with the encryption code to form an encryption template.
S174:所述采集端将所述加密模板发送给所述模板端;S174: The collecting end sends the encryption template to the template end.
S175:除所述模板端保留所述辨识码和所述加密模板,所述密码端保留所述辨识码和所述解密码外,各端均删除其他数据。S175: Except that the template end retains the identification code and the encryption template, the password end retains the identification code and the decryption code, and each end deletes other data.
在另一优选例中,所述采集端和所述模板端是同一设备。In another preferred embodiment, the collection end and the template end are the same device.
在另一优选例中,所述采集端和所述密码端是同一设备。In another preferred embodiment, the collecting end and the password end are the same device.
本发明第五方面,提供了一种利用如本发明第一方面所述的生物特征认证系统进行的生物特征认证方法,包括用户认证阶段,所述用户认证阶段包括步骤:According to a fifth aspect of the present invention, there is provided a biometric authentication method using the biometric authentication system according to the first aspect of the present invention, comprising a user authentication phase, the user authentication phase comprising the steps of:
S201:个人设备将辨识码发给服务器,若个人设备是模板端,服务器作为密码端通过辨识码查找到对应解密码,若个人设备是密码端,服务器作为模板端通过辨识码查找到对应的加密模板;S201: The personal device sends the identification code to the server. If the personal device is the template end, the server uses the identification code to find the corresponding decryption password as the password end. If the personal device is the password end, the server uses the identification code to find the corresponding encryption. template;
S202:模板端将加密模板发送给匹配端,密码端将解密码发送给匹配端;S202: The template end sends the encryption template to the matching end, and the password end sends the decryption password to the matching end;
S203:所述匹配端通过所述解密码解码所述模板端存储的加密模板;S203: The matching end decodes the encrypted template stored by the template end by using the decryption code;
S204:所述采集端采集生物特征,并将其发送给匹配端;S204: The collecting end collects a biometric feature and sends the biometric feature to the matching end.
S205:所述匹配端将解码后的加密模板与所述生物特征进行匹配以完成认证;S205: The matching end matches the decoded encryption template with the biometric feature to complete authentication.
S206:所述匹配端将身份认证结果传递给终端设备;S206: The matching end transmits the identity authentication result to the terminal device.
S207:所述匹配端删除从其他端获取的数据;S207: The matching end deletes data acquired from other ends;
在另一优选例中,所述采集端与所述模板端或所述密码端是同一设备。In another preferred example, the collection end is the same device as the template end or the password end.
在另一优选例中,所述匹配端与所述模板端或所述密码端是同一设备。In another preferred example, the matching end is the same device as the template end or the password end.
在另一优选例中,所述匹配端与所述采集端是同一设备。In another preferred embodiment, the matching end is the same device as the collecting end.
在另一优选例中,所述步骤S204进一步包括:In another preferred embodiment, the step S204 further includes:
S2041:生成第二密码对,包括第二加密码及第二解密码,用于生物特征的加密传送;S2041: Generate a second password pair, including a second encryption password and a second decryption password, for encrypted transmission of biometrics;
S2042:将所述第二加密码发送给所述采集端,将所述第二解密码发送给匹配端;S2042: Send the second encryption password to the collection end, and send the second decryption password to the matching end;
S2043:所述采集端使用所述第二加密码加密所述生物特征形成加密特征,并将所述加密特征发送给匹配端;S2043: The collecting end encrypts the biometric feature to form an encryption feature by using the second encryption code, and sends the encryption feature to a matching end;
S2044:所述匹配端使用所述第二解密码解码所述加密特征得到所述生物特征。S2044: The matching end uses the second decryption code to decode the encryption feature to obtain the biometric feature.
优选地,还包括匹配端,匹配端拥有计算能力,能解密加密模形,并将解密的模板与一个生物特征图像进行匹配,匹配结果可以用于身份认证,匹配完成后,匹配端将删除加密以及解密后的模板以及解密码。Preferably, the matching end further comprises a matching end, the matching end has a computing capability, can decrypt the encryption model, and matches the decrypted template with a biometric image, and the matching result can be used for identity authentication. After the matching is completed, the matching end will delete the encryption. And the decrypted template and the decryption code.
优选地,还可以设有采集端,采集端拥有生物特征采集硬件,比如摄像头,并使用采集硬件采集用户的生物特征,生成生物特征图像或特征代码,如果模板端、密码端、匹配端具有可采集生物特征的硬件,也可以与采集端为同一设备。Preferably, the collecting end is further provided with a biometric collecting hardware, such as a camera, and collecting hardware features of the user by using the collecting hardware to generate a biometric image or a feature code, if the template end, the password end, and the matching end have The hardware for collecting biometrics can also be the same device as the acquisition end.
本发明提出了一个安全存储生物特征模板的系统方案,即在生物特征模板生成后立即加密,并将加密后的模板和解密的密码在服务器和个人设备上分开存放,只有在用户在于服务器连接的终端设备进行身份认证的短时间内,将解密码和加密模板集中于一处,生成可供匹配使用的模板,匹配完成后,立即清除解密码以及加密和解密后的模板。这样当个人设备或 者服务器单方被盗,泄露的只是解密码或者加密模板,盗取者无法通过它们获取被盗用户的生物特征信息。The invention proposes a system scheme for safely storing a biometric template, that is, encrypting the biometric template immediately after the biometric template is generated, and storing the encrypted template and the decrypted password separately on the server and the personal device, only when the user is connected by the server. In a short period of time, the terminal device collects the decrypted password and the encrypted template in one place, and generates a template that can be used for matching. After the matching is completed, the decrypted password and the encrypted and decrypted template are immediately cleared. In this way, when the personal device or the server is stolen unilaterally, only the password or the encryption template is leaked, and the stealer cannot obtain the biometric information of the stolen user through them.
附图说明DRAWINGS
图1(a)和图1(b)是本发明所提供的生物特征认证方法及系统中,辨识码、加密模板生成示意图;1(a) and 1(b) are schematic diagrams showing the generation of an identification code and an encryption template in a biometric authentication method and system provided by the present invention;
图2(a)和图2(b)是本发明所提供的生物特征认证方法及系统中,加密、解密及存储位置的示意图;2(a) and 2(b) are schematic diagrams showing the encryption, decryption and storage locations in the biometric authentication method and system provided by the present invention;
图3是本发明所提供的生物特征认证方法及系统中,用户注册过程示意图之一;3 is a schematic diagram of a user registration process in a biometric authentication method and system provided by the present invention;
图4是本发明所提供的生物特征认证方法及系统中,用户注册过程示意图之二;4 is a second schematic diagram of a user registration process in the biometric authentication method and system provided by the present invention;
图5是本发明所提供的生物特征认证方法及系统中,用户注册过程示意图之三;FIG. 5 is a third schematic diagram of a user registration process in the biometric authentication method and system provided by the present invention; FIG.
图6是本发明所提供的生物特征认证方法及系统中,用户注册过程示意图之四;6 is a fourth schematic diagram of a user registration process in the biometric authentication method and system provided by the present invention;
图7是本发明所提供的生物特征认证方法及系统中,用户认证过程示意图之一;7 is a schematic diagram of a user authentication process in a biometric authentication method and system provided by the present invention;
图8是本发明所提供的生物特征认证方法及系统中,用户认证过程示意图之二;8 is a second schematic diagram of a user authentication process in the biometric authentication method and system provided by the present invention;
图9是本发明所提供的生物特征认证方法及系统中,用户认证过程示意图之三;9 is a third schematic diagram of a user authentication process in the biometric authentication method and system provided by the present invention;
图10是本发明所提供的生物特征认证方法及系统中,用户认证过程示意图之四;10 is a fourth schematic diagram of a user authentication process in the biometric authentication method and system provided by the present invention;
图11是本发明所提供的生物特征认证方法及系统中,用户认证过程示意图之五;11 is a fifth schematic diagram of a user authentication process in the biometric authentication method and system provided by the present invention;
图12是本发明所提供的生物特征认证方法及系统中,用户认证过程示意图之六;12 is a sixth schematic diagram of a user authentication process in a biometric authentication method and system provided by the present invention;
图13是本发明所提供的生物特征认证方法及系统中,用户认证过程示意图之七;13 is a schematic diagram of a user authentication process in the biometric authentication method and system provided by the present invention;
图14是本发明所提供的生物特征认证方法及系统中,用户认证过程示意图之八;14 is a schematic diagram of a user authentication process in the biometric authentication method and system provided by the present invention;
具体实施方式Detailed ways
术语解释Explanation of terms
如本发明所用,“生物特征模板”,指的是注册过程中,预存的用户的生物特征,该预存的生物特征将与认证时采集的生物特征进行匹配或对比,以进行身份认证;As used in the present invention, a "biometric template" refers to a biometric of a pre-stored user during registration, and the pre-existing biometrics will be matched or compared with the biometrics collected at the time of authentication for identity authentication;
如本发明所用,“生物特征”指人体所固有的生理特征,如指纹、掌纹、虹膜、面相、DNA等;As used herein, "biological characteristics" refers to physiological characteristics inherent in the human body, such as fingerprints, palm prints, irises, facial phases, DNA, etc.;
如本发明所用,“生物特征图像”,指的是摄像头或图像采集设备拍摄的生物特征的图片、视频等影像数据;As used herein, "biometric image" refers to image data such as pictures, videos, and the like of a biometric image captured by a camera or an image capture device;
如本发明所用,“生物特征代码”,指的是以生物特征图像以外的形式,直接采集或者通过处理生物特征图像得到的生物特征的向量、矩阵等数学形式的数据或计算机代码;As used herein, "biometric code" refers to a mathematically-formed data or computer code of a vector, matrix, or the like of a biometric obtained directly in a form other than a biometric image, or obtained by processing a biometric image;
如本发明所用,“加密模板”,指的是生物特征图像或生物特征代码被加密后的生物特征 模板;As used herein, "encryption template" refers to a biometric template in which a biometric image or biometric code is encrypted;
如本发明所用,“个人设备”,可以是用户个人私有或使用的手机、平板、电脑、智能手表等个人设备;As used in the present invention, a "personal device" may be a personal device such as a mobile phone, a tablet, a computer, a smart watch or the like that is privately owned or used by the user;
如本发明所用,“服务器”,可以是认证服务提供商或支付服务提供商用于存储、提供网络或通讯连接的服务器,也可以是网络中的计算机节点;As used in the present invention, a "server" may be a server used by an authentication service provider or a payment service provider to store, provide a network or communication connection, or may be a computer node in a network;
如本发明所用,“终端设备”,可以是认证服务提供商或支付服务提供商所设置的ATM机、柜台、自助服务机等终端设备;As used in the present invention, the "terminal device" may be an ATM device, a counter, a self-service server, or the like, which is set by an authentication service provider or a payment service provider;
如本发明所用,“采集端”、“匹配端”、“密码端”、“模板端”,是根据个人设备、服务器、终端设备在注册过程或认证过程中所起的作用所定义的概念,各端与各设备的对应关系会随着方案的变化而变化,而且根据实际情况,各端会产生重合,比如采集端和匹配端均为个人设备(注册方法实施例一),采集端和匹配端均为终端设备(认证方法实施例一),多种情况请见下文实施例。As used in the present invention, the "collection end", the "matching end", the "password end", and the "template end" are concepts defined according to the roles played by the personal device, the server, and the terminal device in the registration process or the authentication process. The correspondence between each end and each device changes with the change of the solution. According to the actual situation, each end will have a coincidence. For example, the collection end and the matching end are both personal devices (registration method embodiment 1), the collection end and the matching. The terminals are all terminal devices (the first embodiment of the authentication method). For the various cases, please refer to the following examples.
如本发明所用,“非对称加密”,是一类密钥算法,其特征为加密码和解密码成对生成,两者码值不同,且由加密码无法在可实现的计算量下推算出解密码,由加密码加密的数据可以通过解密码解密。As used in the present invention, "asymmetric encryption" is a type of key algorithm, which is characterized in that a ciphering code and a ciphering code are generated in pairs, and the code values of the two are different, and the cryptographic calculation cannot be used to calculate the solution under the achievable calculation amount. The password, encrypted by the encryption code, can be decrypted by decrypting the password.
实施例Example
为保证用户生物特征数据的安全性,本发明的生物特征认证方法及系统将生物特征的加密模板和解密码分开存放于两处,一处为个人设备,包括手机,电脑,平板电脑,虚拟现实头盔等,另一处为与终端设备连接的服务器,这样即使在服务器被攻破的情况下,由于解密码或加密模板之一保存在个人设备上,黑客仍然难以通过本认证系统的认证。具体而言有两种方式:(1)解密码存于个人设备,加密模板存于服务器,此时个人设备为密码端,服务器为模板端;(2)加密模板存于个人设备,解密码存于服务器,此时个人设备为模板端,服务器为密码端。上述的解密码可以采用非对称密钥的形式。In order to ensure the security of the user's biometric data, the biometric authentication method and system of the present invention separately store the biometric encryption template and the decryption password in two places, one for the personal device, including the mobile phone, the computer, the tablet computer, and the virtual reality helmet. Etc., the other is a server connected to the terminal device, so that even if the server is compromised, it is still difficult for the hacker to pass the authentication of the authentication system because one of the decryption password or the encryption template is saved on the personal device. Specifically, there are two ways: (1) the decryption password is stored in the personal device, and the encryption template is stored in the server. At this time, the personal device is the password end, and the server is the template end; (2) the encryption template is stored in the personal device, and the decryption code is stored. On the server, the personal device is the template end and the server is the password end. The above solution password can be in the form of an asymmetric key.
首先介绍用户在本发明介绍的生物特征认证系统中注册的流程:First, the process of registering the user in the biometric authentication system introduced by the present invention is introduced:
注册方法实施例一,使用个人设备摄像头采集模板,加密模板存于个人设备,解密码存于服务器,具体步骤包括(图3):Embodiment 1 of the registration method uses a personal device camera to collect a template, and the encryption template is stored in the personal device, and the decryption code is stored in the server, and the specific steps include: (FIG. 3):
Step1:个人设备和服务器建立连接;Step1: The personal device establishes a connection with the server;
Step2:服务器生成一对不对称密码,加密码A和解密码B,以及一个辨识码C。Step 2: The server generates a pair of asymmetric passwords, plus password A and solution password B, and an identification code C.
Step3:服务器向个人设备发送加密码A和辨识码C;Step 3: The server sends the encryption code A and the identification code C to the personal device;
Step4:用户使用个人设备摄像头采集生物特征创建一个原始模板,用加密码A对其加密生成加密模板;Step4: The user uses the personal device camera to collect the biometrics to create an original template, and encrypts it with the encryption code A to generate an encryption template;
Step5:个人设备向服务器发确认;Step5: The personal device sends a confirmation to the server;
Step6:服务器保存解密码B和辨识码C的记录;Step 6: The server saves the records of the decryption password B and the identification code C;
Step7:个人设备保存加密模板以及辨识码C,清除原始模板;Step 7: The personal device saves the encryption template and the identification code C, and clears the original template;
在此实施例中,部分步骤可以由以下方式替代:(1)可以直接用加密码A作为辨识码,即A=C;(2)加密码,解密码,辨识码可以由个人设备生成,并传递给服务器;(3)个人设备与终端设备直接连接(比如近场通信)并通过终端设备与服务器连接。In this embodiment, some of the steps may be replaced by: (1) the password A may be directly used as the identification code, that is, A=C; (2) the password is added, the password is decrypted, and the identification code may be generated by the personal device, and Passed to the server; (3) The personal device is directly connected to the terminal device (such as near field communication) and connected to the server through the terminal device.
以此实施例中,个人设备为采集端,也为模板端,服务器为密码端,其他实施例原理类似,但各端的重合情况以及各端与各设备的对应关系可能有所不同,不再赘述。In this embodiment, the personal device is a collection end, and is also a template end, and the server is a password end. The principle of other embodiments is similar, but the coincidence of each end and the correspondence between each end and each device may be different. .
注册方法实施例二,使用终端设备摄像头采集模板,加密模板存于服务器,解密码存于个人设备,具体步骤包括(图4):In the second embodiment of the registration method, the terminal device is used to collect the template, the encryption template is stored in the server, and the decrypted password is stored in the personal device. The specific steps include: (FIG. 4):
Step1:个人设备与终端设备以及服务器建立连接;Step1: The personal device establishes a connection with the terminal device and the server;
Step2:个人设备生成一对不对称密码,加密码A和解密码B,以及一个辨识码C。Step 2: The personal device generates a pair of asymmetric passwords, plus password A and solution password B, and an identification code C.
Step3:个人设备向服务器发送加密码A和辨识码C;Step3: The personal device sends the encryption code A and the identification code C to the server;
Step4:用户使用终端设备摄像头采集生物特征创建一个原始模板;Step4: The user uses the terminal device camera to collect biometrics to create an original template;
Step5:终端设备从服务器获取加密码A,并用加密码A对原始模板加密形成加密模板,并将加密模板传送到服务器;Step 5: The terminal device obtains the encryption password A from the server, and encrypts the original template with the encryption password A to form an encryption template, and transmits the encryption template to the server;
Step6:服务器向个人设备发确认;Step6: The server sends a confirmation to the personal device;
Step7:个人设备保存解密码B和辨识码C的记录;Step 7: The personal device saves the record of the decryption password B and the identification code C;
Step8:服务器保存加密模板以及辨识码C,清除原始模板;Step 8: The server saves the encryption template and the identification code C, and clears the original template.
在此实施例中,部分步骤可由以下方式替代:(1)可以直接用加密码A作为辨识码A=C;(2)加密码,解密码,辨识码可以由服务器生成,并传递给个人设备;(3)个人设备与终端设备直接连接(比如近场通信)并通过终端设备与服务器连接;(4)在终端设备和服务器之间的连接是安全可信的情况下,比如两者为同一设备或通过安全内网连接,Step5中,终端设备可以向服务器发送原始模板,由服务器加密模板;In this embodiment, part of the steps can be replaced by: (1) the password A can be directly used as the identification code A=C; (2) the password is added, the password is decrypted, and the identification code can be generated by the server and transmitted to the personal device. (3) The personal device is directly connected to the terminal device (such as near field communication) and connected to the server through the terminal device; (4) in the case where the connection between the terminal device and the server is secure and reliable, for example, the two are the same The device is connected through a secure intranet. In Step 5, the terminal device can send the original template to the server, and the server encrypts the template.
注册方法实施例三,使用个人设备摄像头采集模板,加密模板存于服务器,解密码存于个人设备,具体步骤包括(图5):The third embodiment of the registration method uses a personal device camera to collect a template, the encryption template is stored in the server, and the decryption code is stored in the personal device, and the specific steps include: (FIG. 5):
Step1:个人设备与服务器建立连接;Step1: The personal device establishes a connection with the server;
Step2:个人设备生成一对不对称密码,加密码A和解密码B,以及一个辨识码C。Step 2: The personal device generates a pair of asymmetric passwords, plus password A and solution password B, and an identification code C.
Step3:用户使用个人设备摄像头采集用户生物特征创建一个原始模板;Step3: The user uses the personal device camera to collect the user biometrics to create an original template;
Step4:个人设备用加密码A对原始模板加密形成加密模板,并将加密模板与辨识码C传送到服务器;Step 4: The personal device encrypts the original template with the encryption code A to form an encryption template, and transmits the encryption template and the identification code C to the server;
Step5:服务器向个人设备发确认;Step 5: The server sends a confirmation to the personal device;
Step6:个人设备保存解密码B和辨识码C的记录,清除原始以及加密模板;Step 6: The personal device saves the records of the decryption password B and the identification code C, and clears the original and the encryption template;
Step7:服务器保存加密模板以及辨识码C;Step7: The server saves the encryption template and the identification code C;
在此实施例中,部分步骤可由以下方式替代:(1)可以直接用加密码A作为辨识码A=C;(2)加密码,解密码,辨识码可以由服务器生成,并传递给个人设备;(3)个人设备与终端设备直接连接(比如近场通信)并通过终端设备与服务器连接。In this embodiment, part of the steps can be replaced by: (1) the password A can be directly used as the identification code A=C; (2) the password is added, the password is decrypted, and the identification code can be generated by the server and transmitted to the personal device. (3) The personal device is directly connected to the terminal device (such as near field communication) and connected to the server through the terminal device.
注册方法实施例四,使用终端设备摄像头采集模板,加密模板存于个人设备,解密码存于服务器,具体步骤包括(图6):In the fourth embodiment of the registration method, the terminal device is used to collect the template, the encryption template is stored in the personal device, and the decrypted password is stored in the server. The specific steps include: (FIG. 6):
Step1:个人设备与终端设备以及服务器建立连接;Step1: The personal device establishes a connection with the terminal device and the server;
Step2:服务器生成一对不对称密码,加密码A和解密码B,以及一个辨识码C;Step2: The server generates a pair of asymmetric passwords, plus password A and solution password B, and an identification code C;
Step3:用户使用终端设备摄像头创建一个原始模板;Step3: The user creates an original template using the terminal device camera;
Step4:终端设备从服务器获取加密码A,并用加密码A对原始模板加密,并将加密模板传送到服务器;Step 4: The terminal device obtains the encryption password A from the server, encrypts the original template with the encryption password A, and transmits the encryption template to the server;
Step5:服务器向个人设备传送加密模板和辨识码C;Step 5: The server transmits the encryption template and the identification code C to the personal device;
Step6:个人设备向服务器发确认;Step6: The personal device sends a confirmation to the server;
Step7:服务器保存解密码B和辨识码C的记录,清除原始以及加密模板;Step 7: The server saves the records of the decryption password B and the identification code C, and clears the original and the encryption template;
Step8:个人设备保存加密模板以及C;Step8: The personal device saves the encryption template and C;
在此实施例中,部分步骤可由以下方式替代:(1)可以直接用加密码A作为辨识码A=C;In this embodiment, part of the steps can be replaced by: (1) can directly use the encryption code A as the identification code A = C;
(2)加密码,解密码,辨识码可以由个人设备生成,并传递给服务器;(3)个人设备与终端设备直接连接(比如近场通信)并通过终端设备与服务器连接;(4)在终端设备和服务器之间的连接是安全可信的情况下,比如两者为同一设备或通过安全内网连接,Step4中,终端设备可以向服务器发送原始模板,由服务器加密模板。(2) Adding a password, decrypting the password, the identification code can be generated by the personal device and transmitted to the server; (3) the personal device is directly connected to the terminal device (such as near field communication) and connected to the server through the terminal device; (4) In the case where the connection between the terminal device and the server is secure and trusted, for example, the two devices are the same device or connected through a secure intranet. In Step 4, the terminal device can send the original template to the server, and the server encrypts the template.
以上是注册流程的实施例。在用户完成注册后,即可使用生物特征认证系统进行认证。The above is an example of a registration process. After the user completes the registration, the biometric authentication system can be used for authentication.
认证方法实施例一,使用终端设备摄像头采集用户生物特征,匹配在终端设备完成,加密模板存于个人设备,解密码存于服务器,具体步骤包括(图7):Embodiment 1 of the authentication method uses a terminal device camera to collect user biometrics, and the matching is completed in the terminal device, the encryption template is stored in the personal device, and the decryption password is stored in the server, and the specific steps include: (FIG. 7):
Step1:个人设备和服务器以及终端设备建立连接;Step1: The personal device establishes a connection with the server and the terminal device;
Step2:个人设备直接或者通过服务器将加密模板传送给终端设备;Step 2: The personal device transmits the encryption template to the terminal device directly or through the server;
Step3:个人设备直接或者通过终端设备将辨识码C传递给服务器;Step 3: The personal device transmits the identification code C to the server directly or through the terminal device;
Step4:服务器通过辨识码C查找到解密码B,并将解密码B传递给终端设备;Step 4: The server finds the decryption password B through the identification code C, and transmits the decryption password B to the terminal device;
Step5:终端设备解密加密模板,打开摄像头;Step 5: The terminal device decrypts the encryption template and opens the camera;
Step6:终端设备摄像头采集用户生物特征,终端设备将之与解密后的模板进行匹配完成身份认证;Step 6: The terminal device camera collects the user biometrics, and the terminal device matches the decrypted template to complete the identity authentication;
Step7:终端设备清除解密码、加密模板、解密后的模板,并根据身份认证结果完成后续 操作。Step 7: The terminal device clears the decryption password, the encryption template, and the decrypted template, and completes the subsequent operations according to the identity authentication result.
在此实施例中,部分步骤可由以下方式替代:在终端设备和服务器之间的连接是安全可信的情况下,比如两者为同一设备或通过安全内网连接,终端设备可向服务器发送采集的生物特征,由服务器进行模板比对,并将身份认证结果传递给终端设备。In this embodiment, part of the steps may be replaced by the following means: in the case that the connection between the terminal device and the server is secure and trusted, for example, the two are the same device or connected through a secure intranet, the terminal device may send the collection to the server. The biometrics are templated by the server and the identity authentication results are passed to the terminal device.
在此实施例中,终端设备为采集端,也为匹配端,个人设备为模板端,服务器为密码端,其他实施例原理类似,但各端的重合情况以及各端与各设备的对应关系可能有所不同,不再赘述。In this embodiment, the terminal device is a collection end, and is also a matching end, the personal device is a template end, and the server is a password end. The principle of other embodiments is similar, but the coincidence of each end and the corresponding relationship between each end and each device may have The difference is not repeated here.
采用以上方式,生物特征信息加密后的模板和用于解密的解密码分开存放于不同的设备中,如加密模板存放于个人设备,解密码存放于银行服务器,此时如需进行后续生物识别系统的验证,终端设备必须同时获得存储于个人设备的加密模板和存储于服务器的解密码,即实现了分开存储、双重认证。进一步地,匹配的过程于服务器和个人设备以外的某个终端设备进行,该终端设备可由用户随机选定(例如随机选定一台ATM机),同时,生物特征识别系统验证完成后,终端设备存储的模板和解密码将会即刻删除。In the above manner, the template for encrypting the biometric information and the decryption code for decryption are stored in different devices separately, for example, the encryption template is stored in the personal device, and the decryption password is stored in the bank server, and the subsequent biometric identification system is needed. Verification, the terminal device must obtain both the encryption template stored in the personal device and the decryption code stored in the server, that is, separate storage and dual authentication are realized. Further, the matching process is performed by a terminal device other than the server and the personal device, and the terminal device can be randomly selected by the user (for example, an ATM machine is randomly selected), and at the same time, after the biometric identification system is verified, the terminal device is completed. The stored template and decryption password will be deleted immediately.
认证方法实施例二,使用个人设备摄像头采集用户生物特征,匹配在终端设备完成,加密模板存于个人设备,解密码存于服务器,具体步骤包括(图8):The second embodiment of the authentication method uses a personal device camera to collect user biometrics, the matching is completed in the terminal device, the encryption template is stored in the personal device, and the decryption password is stored in the server, and the specific steps include: (FIG. 8):
Step1:个人设备和服务器以及终端设备建立连接;Step1: The personal device establishes a connection with the server and the terminal device;
Step2:个人设备直接或者通过服务器将加密模板传送给终端设备;Step 2: The personal device transmits the encryption template to the terminal device directly or through the server;
Step3:个人设备直接或者通过终端设备将辨识码C传递给服务器;Step 3: The personal device transmits the identification code C to the server directly or through the terminal device;
Step4:服务器通过辨识码C查找到解密码B,并将解密码B传递给终端设备;Step 4: The server finds the decryption password B through the identification code C, and transmits the decryption password B to the terminal device;
Step5:服务器生成一对新的不对称密码,加密码A’和解密码B’;Step 5: The server generates a pair of new asymmetric passwords, plus password A' and solution password B';
Step6:服务器向个人设备发送加密码A’,向终端设备发送解密码B’Step 6: The server sends the encryption code A' to the personal device, and sends the decryption code B' to the terminal device.
Step7:用户通过个人设备的摄像头采集生物特征;Step7: The user collects biometrics through the camera of the personal device;
Step8:个人设备将生物特征用A’加密成为加密生物特征,并将加密生物特征和加密模板直接或者通过服务器传递给终端设备;Step 8: The personal device encrypts the biometric with A' to become an encrypted biometric, and transmits the encrypted biometric and the encrypted template to the terminal device directly or through a server;
Step9:终端设备用解密码B解密模板,用解密码B’解密生物特征,并将两者匹配完成身份认证;Step 9: The terminal device decrypts the template by using the decryption code B, decrypts the biometric feature with the decryption password B', and matches the two to complete the identity authentication;
Step10:终端设备清除解密码、加密模板、解密后的模板、加密生物特征及解密后的生物特征,并根据身份认证结果完成后续操作。Step 10: The terminal device clears the decryption password, the encryption template, the decrypted template, the encrypted biometrics, and the decrypted biometrics, and completes the subsequent operations according to the identity authentication result.
在此实施例中,部分步骤可由以下方式替代:在终端设备和服务器之间的连接是安全可信的情况下,比如两者为同一设备或通过安全内网连接,终端设备可向服务器发送采集的生物特征,由服务器进行模板比对,并将身份认证结果传递给终端设备。In this embodiment, part of the steps may be replaced by the following means: in the case that the connection between the terminal device and the server is secure and trusted, for example, the two are the same device or connected through a secure intranet, the terminal device may send the collection to the server. The biometrics are templated by the server and the identity authentication results are passed to the terminal device.
认证方法实施例三,使用终端设备摄像头采集用户生物特征,匹配在个人设备完成,加 密模板存于个人设备,解密码存于服务器,具体步骤包括(图9):The third embodiment of the authentication method uses the terminal device camera to collect the user biometrics, the matching is completed in the personal device, the encrypted template is stored in the personal device, and the decrypted password is stored in the server, and the specific steps include: (FIG. 9):
Step1:个人设备和服务器以及终端设备建立连接;Step1: The personal device establishes a connection with the server and the terminal device;
Step2:个人设备直接或者通过终端设备将辨识码C传递给服务器;Step 2: The personal device transmits the identification code C to the server directly or through the terminal device;
Step3:服务器通过辨识码C查找到解密码B,并将解密码B传递给个人设备;Step3: The server finds the decryption password B through the identification code C, and transmits the decryption password B to the personal device;
Step4:服务器生成一对新的不对称密码,加密码A’和解密码B’;Step4: The server generates a pair of new asymmetric passwords, plus a password A' and a decryption password B';
Step5:服务器向终端设备发送加密码A’,向个人设备发送解密码B’;Step 5: The server sends a password A' to the terminal device, and sends a decryption code B' to the personal device;
Step6:用户通过终端设备的摄像头采集用户生物特征;Step 6: The user collects the user biometrics through the camera of the terminal device;
Step7:终端设备将生物特征用A’加密形成加密生物特征,并将加密特征直接或者通过服务器传递给个人设备;Step 7: The terminal device encrypts the biometric feature with A' to form an encrypted biometric feature, and transmits the encrypted feature to the personal device directly or through a server;
Step8:个人设备用解密码B解密模板,用解密码B’解密生物特征,并将两者匹配完成身份认证;Step 8: The personal device decrypts the template by using the decryption code B, decrypts the biometric feature with the decryption password B', and matches the two to complete the identity authentication;
Step9:个人设备将身份认证结果直接或者通过服务器传递给终端设备,其后清除解密码B、解密码B’、加密生物特征、解密后的生物特征、解密后的模板,只保留原有的辨识码C和加密模板;Step 9: The personal device transmits the identity authentication result directly or through the server to the terminal device, and then clears the decryption password B, the decryption password B', the encrypted biometric feature, the decrypted biometric feature, the decrypted template, and only retains the original identification. Code C and encryption template;
Step10:终端设备根据认证结果完成后续操作。Step 10: The terminal device completes the subsequent operations according to the authentication result.
认证方法实施例四,使用个人设备摄像头采集用户生物特征,匹配在个人设备完成,加密模板存于个人设备,解密码存于服务器,具体步骤包括(图10):The fourth embodiment of the authentication method uses a personal device camera to collect user biometrics. The matching is completed in the personal device, the encrypted template is stored in the personal device, and the decrypted password is stored in the server. The specific steps include: (FIG. 10):
Step1:个人设备和服务器以及终端设备建立连接;Step1: The personal device establishes a connection with the server and the terminal device;
Step2:个人设备直接或者通过终端设备将辨识码C传递给服务器;Step 2: The personal device transmits the identification code C to the server directly or through the terminal device;
Step3:服务器通过辨识码C查找到解密码B,并将解密码B直接或通过终端设备传递给个人设备;Step 3: The server finds the decryption password B through the identification code C, and transmits the decryption password B to the personal device directly or through the terminal device;
Step4:个人设备用解密码B解密模板,并打开摄像头;Step4: The personal device decrypts the template with the decryption code B, and opens the camera;
Step5:个人设备摄像头采集用户生物特征,并将其与解密后的模板进行匹配,在个人设备上完成身份认证;Step 5: The personal device camera collects the user biometrics, and matches the decrypted template to complete the identity authentication on the personal device;
Step6:个人设备将身份认证结果直接或者通过服务器传递给终端设备,其后清除解密码B、解密后的模板、采集的用户生物特征,只保留原有的辨识码C和加密模板;Step 6: The personal device transmits the identity authentication result to the terminal device directly or through the server, and then clears the decryption password B, the decrypted template, and the collected user biometrics, and only retains the original identification code C and the encryption template;
Step7:终端设备根据认证结果完成后续操作。Step 7: The terminal device completes the subsequent operations according to the authentication result.
认证方法实施例五,使用个人设备摄像头采集用户生物特征,匹配在个人设备完成,加密模板存于服务器,解密码存于个人设备,具体步骤包括(图11):Embodiment 5 of the authentication method uses a personal device camera to collect user biometrics, the matching is completed in the personal device, the encrypted template is stored in the server, and the decrypted password is stored in the personal device, and the specific steps include: (FIG. 11):
Step1:个人设备和服务器以及终端设备建立连接;Step1: The personal device establishes a connection with the server and the terminal device;
Step2:个人设备直接或者通过终端设备将辨识码C传递给服务器;Step 2: The personal device transmits the identification code C to the server directly or through the terminal device;
Step3:服务器通过辨识码C查找到加密模板,并直接或者通过终端设备将加密模板传递 给个人设备;Step 3: The server finds the encryption template through the identification code C, and transmits the encryption template to the personal device directly or through the terminal device;
Step4:个人设备使用解密码B解密模板,打开摄像头;Step4: The personal device uses the decryption B decryption template to open the camera;
Step5:个人设备摄像头采集用户生物特征,将其与模板进行匹配,在个人设备上完成身份认证;Step 5: The personal device camera collects the user biometrics, matches them with the template, and completes identity authentication on the personal device;
Step6:个人设备将身份认证结果直接或者通过服务器传递给终端设备,其后清除加密模板、解密后的模板、采集的用户生物特征,只保留原有的辨识码C和解密码;Step 6: The personal device transmits the identity authentication result to the terminal device directly or through the server, and then clears the encryption template, the decrypted template, and the collected user biometrics, and only retains the original identification code C and the decryption password;
Step7:终端设备根据认证结果完成后续操作。Step 7: The terminal device completes the subsequent operations according to the authentication result.
认证方法实施例六,使用个人设备摄像头采集用户生物特征,匹配在终端设备完成,加密模板存于服务器,解密码存于个人设备,具体步骤包括(图12):Embodiment 6 of the authentication method uses a personal device camera to collect user biometrics, the matching is completed in the terminal device, the encryption template is stored in the server, and the decrypted password is stored in the personal device, and the specific steps include: (FIG. 12):
Step1:个人设备和服务器以及终端设备建立连接;Step1: The personal device establishes a connection with the server and the terminal device;
Step2:个人设备直接或者通过终端设备将辨识码C传递给服务器;Step 2: The personal device transmits the identification code C to the server directly or through the terminal device;
Step3:服务器通过辨识码C查找到加密模板,并将其传递给终端设备;Step 3: The server finds the encryption template through the identification code C and transmits it to the terminal device;
Step4:服务器生成一对新的不对称密码,加密码A’和解密码B’;Step4: The server generates a pair of new asymmetric passwords, plus a password A' and a decryption password B';
Step5:服务器向个人设备发送加密码A’,向终端设备发送解密码B’;Step 5: The server sends the encryption code A' to the personal device, and sends the decryption code B' to the terminal device;
Step6:个人设备的摄像头采集生物特征;Step6: The camera of the personal device collects biometrics;
Step7:个人设备将生物特征用A’加密形成加密生物特征,并将加密特征和解密码B直接或者通过服务器传递给终端设备;Step 7: The personal device encrypts the biometrics with A' to form an encrypted biometric, and transmits the encryption feature and the decryption password B directly or through the server to the terminal device;
Step8:终端设备用解密码B解密模板,用解密码B’解密生物特征,并将两者匹配完成身份认证;Step 8: The terminal device decrypts the template by using the decryption code B, decrypts the biometric feature with the decryption password B', and matches the two to complete the identity authentication;
Step9:终端设备清除解密码、加密模板、解密后的模板、加密生物特征及解密后的生物特征,并根据身份认证结果完成后续操作。Step 9: The terminal device clears the decryption password, the encryption template, the decrypted template, the encrypted biometrics, and the decrypted biometrics, and completes the subsequent operations according to the identity authentication result.
在此实施例中,部分步骤可由以下方式替代:在终端设备和服务器之间的连接是安全可信的情况下,比如两者为同一设备或通过安全内网连接,终端设备可向服务器发送采集的生物特征,由服务器进行模板比对,并将身份认证结果传递给终端设备。In this embodiment, part of the steps may be replaced by the following means: in the case that the connection between the terminal device and the server is secure and trusted, for example, the two are the same device or connected through a secure intranet, the terminal device may send the collection to the server. The biometrics are templated by the server and the identity authentication results are passed to the terminal device.
认证方法实施例七,使用终端设备摄像头采集用户生物特征,匹配在个人设备完成,加密模板存于服务器,解密码存于个人设备,具体步骤包括(图13):Embodiment 7 of the authentication method uses the terminal device camera to collect the user biometrics, the matching is completed in the personal device, the encryption template is stored in the server, and the decrypted password is stored in the personal device, and the specific steps include: (FIG. 13):
Step1:个人设备和服务器以及终端设备建立连接;Step1: The personal device establishes a connection with the server and the terminal device;
Step2:个人设备直接或者通过终端设备将辨识码C传递给服务器;Step 2: The personal device transmits the identification code C to the server directly or through the terminal device;
Step3:服务器通过辨识码C查找到加密模板,并将其传递给个人设备;Step3: The server finds the encryption template through the identification code C and transmits it to the personal device;
Step4:服务器生成一对新的不对称密码,加密码A’和解密码B’;Step4: The server generates a pair of new asymmetric passwords, plus a password A' and a decryption password B';
Step5:服务器向终端设备发送加密码A’,向个人设备发送解密码B’;Step 5: The server sends a password A' to the terminal device, and sends a decryption code B' to the personal device;
Step6:用户通过终端设备的摄像头采集生物特征;Step 6: The user collects biometrics through the camera of the terminal device;
Step7:终端设备将生物特征用A’加密形成加密生物特征,并将加密生物特征直接或者通过服务器传递给个人设备;Step 7: The terminal device encrypts the biometrics with A' to form an encrypted biometric, and transmits the encrypted biometrics to the personal device directly or through a server;
Step8:个人设备用解密码B解密模板,用解密码B’解密生物特征,并将两者匹配完成身份认证;Step 8: The personal device decrypts the template by using the decryption code B, decrypts the biometric feature with the decryption password B', and matches the two to complete the identity authentication;
Step9:个人设备将身份认证结果直接或者通过服务器传递给终端设备,其后清除加密模板、解密码B’、加密生物特征、解密后的生物特征,只保留原有的辨识码C和解密码B;Step 9: The personal device transmits the identity authentication result directly or through the server to the terminal device, and then clears the encryption template, the decrypted password B', the encrypted biometric feature, and the decrypted biometric feature, and only retains the original identification code C and the decryption password B;
Step10:终端设备根据认证结果完成后续操作。Step 10: The terminal device completes the subsequent operations according to the authentication result.
认证方法实施例八,使用终端设备摄像头采集用户生物特征,匹配在终端设备完成,加密模板存于服务器,解密码存于个人设备,具体步骤包括(图14):The eighth embodiment of the authentication method uses the terminal device camera to collect the user biometrics, the matching is completed in the terminal device, the encryption template is stored in the server, and the decryption password is stored in the personal device, and the specific steps include: (FIG. 14):
Step1:个人设备和服务器以及终端设备建立连接;Step1: The personal device establishes a connection with the server and the terminal device;
Step2:个人设备直接或者通过服务器将传送解密码B传送给终端设备;Step 2: the personal device transmits the decryption password B to the terminal device directly or through the server;
Step3:个人设备直接或者通过终端设备将辨识码C传递给服务器;Step 3: The personal device transmits the identification code C to the server directly or through the terminal device;
Step4:服务器通过辨识码C查找到加密模板,并将加密模板传递给终端设备;Step 4: The server finds the encryption template through the identification code C, and transmits the encryption template to the terminal device;
Step5:终端设备通过解密码B解密模板,并打开摄像头;Step 5: The terminal device decrypts the template by decrypting the password B, and opens the camera;
Step6:终端设备摄像头采集用户生物特征,将其与解密后的模板进行匹配,在终端设备完成身份认证;Step 6: The terminal device camera collects the user biometrics, matches the decrypted template, and completes the identity authentication in the terminal device.
Step7:终端设备清除解密码以及原始的和解密后的加密模板,并根据身份认证结果完成后续操作。Step 7: The terminal device clears the decrypted password and the original and decrypted encryption template, and completes the subsequent operations according to the identity authentication result.
在此实施例中,部分步骤可由以下方式替代:在终端设备和服务器之间的连接是安全可信的情况下,比如两者为同一设备或通过安全内网连接,终端设备可向服务器发送采集的图像,由服务器进行模板比对,并将身份认证结果传递给终端设备。In this embodiment, part of the steps may be replaced by the following means: in the case that the connection between the terminal device and the server is secure and trusted, for example, the two are the same device or connected through a secure intranet, the terminal device may send the collection to the server. The image is compared by the server and the identity authentication result is passed to the terminal device.
本说明书中所述的只是本发明的较佳具体实施例,以上实施例仅用以说明本发明的技术方案而非对本发明的限制。凡本领域技术人员依本发明的构思通过逻辑分析、推理或者有限的实验可以得到的技术方案,皆应在本发明的范围之内。The description of the present invention is only a preferred embodiment of the present invention, and the above embodiments are merely illustrative of the technical solutions of the present invention and are not intended to limit the present invention. Any technical solution that can be obtained by a person skilled in the art according to the concept of the present invention by logic analysis, reasoning or limited experimentation should be within the scope of the present invention.

Claims (24)

  1. 一种生物特征认证系统,其特征在于,包括相互独立的模板端和密码端,所述模板端用于存储由生物特征模板加密生成的加密模板,所述密码端用于存储可解密所述加密模板的解密码。A biometric authentication system, comprising: a template end and a password end independent of each other, the template end is configured to store an encryption template generated by biometric template encryption, and the password end is used for storing the decryption The solution password for the template.
  2. 如权利要求1所述的生物特征认证系统,其特征在于,所述模板端为个人设备和服务器之一,相应地,所述密码端为所述个人设备和所述服务器中的另一个。The biometric authentication system according to claim 1, wherein the template end is one of a personal device and a server, and correspondingly, the password end is the other of the personal device and the server.
  3. 如权利要求1所述的生物特征认证系统,其特征在于,还包括采集端,所述采集端为所述个人设备,或者所述采集端为与所述服务器连接的终端设备。The biometric authentication system according to claim 1, further comprising a collecting end, wherein the collecting end is the personal device, or the collecting end is a terminal device connected to the server.
  4. 如权利要求1所述的生物特征认证系统,其特征在于,还包括匹配端和采集端,所述匹配端用于匹配所述生物特征模板和所述生物特征,所述匹配端从所述密码端获取所述解密码,从所述模板端获取所述加密模板,根据所述解密码解码所述加密模板,获取所述生物特征模板;所述匹配端还从所述采集端获取生物特征。The biometric authentication system according to claim 1, further comprising a matching end and an acquisition end, wherein the matching end is configured to match the biometric template and the biometric, and the matching end is from the password The acquiring the decryption code, obtaining the encryption template from the template end, and decoding the encryption template according to the decryption code to obtain the biometric template; and the matching end further acquiring the biometric from the collection end.
  5. 如权利要求4所述的生物特征认证系统,其特征在于,所述匹配端为所述个人设备、所述服务器或所述终端设备。The biometric authentication system according to claim 4, wherein the matching end is the personal device, the server or the terminal device.
  6. 如权利要求3所述的生物特征认证系统,其特征在于,所述采集端与所述模板端是同一设备,或者,所述采集端与所述密码端是同一设备。The biometric authentication system according to claim 3, wherein the collection end and the template end are the same device, or the collection end and the password end are the same device.
  7. 如权利要求4所述的生物特征认证系统,其特征在于,所述匹配端与所述模板端是同一设备,或者,所述匹配端与所述密码端是同一设备。The biometric authentication system according to claim 4, wherein the matching end is the same device as the template end, or the matching end and the password end are the same device.
  8. 如权利要求4所述的生物特征认证系统,其特征在于,所述匹配端与所述采集端是同一设备。The biometric authentication system according to claim 4, wherein the matching end and the collecting end are the same device.
  9. 一种利用如权利要求1-8任一项所述的生物特征认证系统进行的生物特征认证方法,其注册阶段包括步骤:A biometric authentication method using the biometric authentication system according to any one of claims 1-8, wherein the registration phase comprises the steps of:
    (1)所述模板端和所述密码端建立连接,由所述模板端或者所述密码端生成一加密解密密码对和一辨识码;(1) establishing a connection between the template end and the password end, and generating an encryption and decryption password pair and an identification code by the template end or the password end;
    (2)将生物特征生成生物特征模板并通过加密码进行加密形成加密模板,所述加密模板与所述辨识码唯一对应;(2) generating a biometric template by using the biometric feature and encrypting by adding a password to form an encryption template, where the encryption template uniquely corresponds to the identification code;
    (3)所述加密模板以及所述辨识码存储在模板端,所述解密码以及所述辨识码存储在所述密码端,所有其他信息在各端清除。(3) The encryption template and the identification code are stored at the template end, and the decryption code and the identification code are stored at the password end, and all other information is cleared at each end.
  10. 如权利要求9所述的生物特征认证方法,其特征在于,所述辨识码由所述加密模板生成,辨识码与所述加密模板唯一对应。The biometric authentication method according to claim 9, wherein the identification code is generated by the encryption template, and the identification code uniquely corresponds to the encryption template.
  11. 如权利要求9所述的生物特征认证方法,其特征在于,所述辨识码与加密码相同。The biometric authentication method according to claim 9, wherein the identification code is the same as the encryption code.
  12. 如权利要求9所述的生物特征认证方法,其特征在于,各端之间的数据传递以非对称 加密的方式进行。The biometric authentication method according to claim 9, wherein the data transfer between the ends is performed in an asymmetrically encrypted manner.
  13. 一种利用如权利要求4-8任一项所述的生物特征认证系统进行的生物特征认证方法,其认证阶段包括步骤:A biometric authentication method using the biometric authentication system according to any one of claims 4-8, wherein the authentication phase comprises the steps of:
    (a)所述采集端、匹配端、模板端和密码端建立连接;(a) establishing a connection between the collection end, the matching end, the template end, and the password end;
    (b)所述采集端采集生物特征,所述模板端根据辨识码确定需要进行匹配的加密模板,所述密码端根据所述辨识码确定需要进行匹配的解密码;(b) The collecting end collects a biometric feature, and the template end determines an encryption template that needs to be matched according to the identification code, and the password end determines, according to the identification code, a decryption code that needs to be matched;
    (c)所述匹配端从模板端、密码端和采集端分别获取所述加密模板、解密码和生物特征,所述匹配端通过解密码解码加密模板,并将其与所述生物特征进行匹配,匹配结果传至终端设备;(c) The matching end obtains the encryption template, the decryption code, and the biometric feature from the template end, the password end, and the collection end, respectively, and the matching end decodes the encryption template by decoding the password and matches the biometric with the biometric feature. The matching result is transmitted to the terminal device;
    (d)当匹配结束后,除在所述模板端保存的所述加密模板和所述辨识码以及在所述密码端保存的所述解密码和所述辨识码外,所有其他信息在各端清除。(d) after the end of the matching, except for the encryption template and the identification code stored at the template end and the decryption code and the identification code stored at the password end, all other information is at each end Clear.
  14. 如权利要求13所述的生物特征认证方法,其特征在于,各端之间的数据传递以非对称加密的方式进行。The biometric authentication method according to claim 13, wherein the data transfer between the ends is performed in an asymmetric encryption manner.
  15. 如权利要求13所述的生物特征认证方法,其特征在于,所述采集端采集生物特征指的是,使用所述采集端获取生物特征图像或生物特征代码。The biometric authentication method according to claim 13, wherein the collecting the biometric feature refers to acquiring the biometric image or the biometric code by using the collecting end.
  16. 如权利要求9或13所述的生物特征认证方法,其特征在于,所述生物特征为以下中的一个或多个:(1)掌纹;(2)人脸;(3)眼纹;(4)虹膜。The biometric authentication method according to claim 9 or 13, wherein the biometric feature is one or more of the following: (1) palm print; (2) human face; (3) eye print; 4) Iris.
  17. 一种利用如权利要求4-8任一项所述的生物特征认证系统进行的生物特征认证方法,包括用户注册阶段,所述用户注册阶段包括步骤:A biometric authentication method using the biometric authentication system according to any one of claims 4-8, comprising a user registration phase, the user registration phase comprising the steps of:
    S171:密码端生成一对密码,包括加密码、解密码,及生成一个辨识码;S171: The password end generates a pair of passwords, including adding a password, decrypting the password, and generating an identification code;
    S172:所述密码端向所述模板端发送所述辨识码,并直接或通过模板端向采集端发送所述加密码;S172: The password end sends the identification code to the template end, and sends the encryption code to the collection end directly or through a template end.
    S173:所述采集端采集生物特征作为原始模板,使用所述加密码加密所述生物特征形成加密模板;S173: The collecting end collects a biometric as an original template, and encrypts the biometric with the encryption code to form an encryption template.
    S174:所述采集端将所述加密模板发送给所述模板端;S174: The collecting end sends the encryption template to the template end.
    S175:除所述模板端保留所述辨识码和所述加密模板,所述密码端保留所述辨识码和所述解密码外,各端均删除其他数据。S175: Except that the template end retains the identification code and the encryption template, the password end retains the identification code and the decryption code, and each end deletes other data.
  18. 如权利要求17所述的生物特征认证方法,其特征在于,所述采集端和所述模板端是同一设备。The biometric authentication method according to claim 17, wherein the collection end and the template end are the same device.
  19. 如权利要求17所述的生物特征认证方法,其特征在于,所述采集端和所述密码端是同一设备。The biometric authentication method according to claim 17, wherein the collection end and the password end are the same device.
  20. 一种利用如权利要求4-8任一项所述的生物特征认证系统进行的生物特征认证方法, 包括用户认证阶段,所述用户认证阶段包括步骤:A biometric authentication method using the biometric authentication system according to any one of claims 4-8, comprising a user authentication phase, the user authentication phase comprising the steps of:
    S201:个人设备将辨识码发给服务器,若个人设备是模板端,服务器作为密码端通过辨识码查找到对应解密码,若个人设备是密码端,服务器作为模板端通过辨识码查找到对应的加密模板;S201: The personal device sends the identification code to the server. If the personal device is the template end, the server uses the identification code to find the corresponding decryption password as the password end. If the personal device is the password end, the server uses the identification code to find the corresponding encryption. template;
    S202:模板端将加密模板发送给匹配端,密码端将解密码发送给匹配端;S202: The template end sends the encryption template to the matching end, and the password end sends the decryption password to the matching end;
    S203:所述匹配端通过所述解密码解码所述模板端存储的加密模板;S203: The matching end decodes the encrypted template stored by the template end by using the decryption code;
    S204:所述采集端采集生物特征,并将其发送给匹配端;S204: The collecting end collects a biometric feature and sends the biometric feature to the matching end.
    S205:所述匹配端将解码后的加密模板与所述生物特征进行匹配以完成认证;S205: The matching end matches the decoded encryption template with the biometric feature to complete authentication.
    S206:所述匹配端将身份认证结果传递给终端设备;S206: The matching end transmits the identity authentication result to the terminal device.
    S207:所述匹配端删除从其他端获取的数据;S207: The matching end deletes data acquired from other ends;
  21. 如权利要求20所述的生物特征认证方法,其特征在于,所述采集端与所述模板端或所述密码端是同一设备。The biometric authentication method according to claim 20, wherein the collection end is the same device as the template end or the password end.
  22. 如权利要求20所述的生物特征认证方法,其特征在于,所述匹配端与所述模板端或所述密码端是同一设备。The biometric authentication method according to claim 20, wherein the matching end is the same device as the template end or the password end.
  23. 如权利要求20所述的生物特征认证方法,其特征在于,所述匹配端与所述采集端是同一设备。The biometric authentication method according to claim 20, wherein the matching end and the collecting end are the same device.
  24. 如权利要求20-22任一项所述的生物特征认证方法,其特征在于,所述步骤S204进一步包括:The biometric authentication method according to any one of claims 20 to 22, wherein the step S204 further comprises:
    S2041:生成第二密码对,包括第二加密码及第二解密码,用于生物特征的加密传送;S2041: Generate a second password pair, including a second encryption password and a second decryption password, for encrypted transmission of biometrics;
    S2042:将所述第二加密码发送给所述采集端,将所述第二解密码发送给匹配端;S2042: Send the second encryption password to the collection end, and send the second decryption password to the matching end;
    S2043:所述采集端使用所述第二加密码加密所述生物特征形成加密特征,并将所述加密特征发送给匹配端;S2043: The collecting end encrypts the biometric feature to form an encryption feature by using the second encryption code, and sends the encryption feature to a matching end;
    S2044:所述匹配端使用所述第二解密码解码所述加密特征得到所述生物特征。S2044: The matching end uses the second decryption code to decode the encryption feature to obtain the biometric feature.
PCT/CN2018/121086 2017-12-14 2018-12-14 Biometric authentication system and method WO2019114813A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US16/954,179 US20210160076A1 (en) 2017-12-14 2018-12-14 System and method for secure biometric authentication

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
CN201711341533 2017-12-14
CN201711341533.6 2017-12-14
CN201811528719.7A CN109961291A (en) 2017-12-14 2018-12-13 A kind of biological characteristic authentication system and method
CN201811528719.7 2018-12-13

Publications (1)

Publication Number Publication Date
WO2019114813A1 true WO2019114813A1 (en) 2019-06-20

Family

ID=66819571

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/121086 WO2019114813A1 (en) 2017-12-14 2018-12-14 Biometric authentication system and method

Country Status (1)

Country Link
WO (1) WO2019114813A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020026574A1 (en) * 2000-08-31 2002-02-28 Sony Corporation Person authentication system, person authentication method , information processing apparatus, and program providing medium
CN201181472Y (en) * 2008-02-29 2009-01-14 北京华大恒泰科技有限责任公司 Hardware key device and movable memory system
CN101458750A (en) * 2008-11-21 2009-06-17 东莞市智盾电子技术有限公司 Data safety processing method and data safety storage apparatus
CN105808998A (en) * 2014-12-31 2016-07-27 北京华大智宝电子系统有限公司 Fingerprint identification device
CN106789096A (en) * 2017-03-30 2017-05-31 山东超越数控电子有限公司 A kind of biological characteristic cipher authentication method and device
CN107292152A (en) * 2017-05-24 2017-10-24 舒翔 A kind of biological characteristic authentication system and biometric authentication method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020026574A1 (en) * 2000-08-31 2002-02-28 Sony Corporation Person authentication system, person authentication method , information processing apparatus, and program providing medium
CN201181472Y (en) * 2008-02-29 2009-01-14 北京华大恒泰科技有限责任公司 Hardware key device and movable memory system
CN101458750A (en) * 2008-11-21 2009-06-17 东莞市智盾电子技术有限公司 Data safety processing method and data safety storage apparatus
CN105808998A (en) * 2014-12-31 2016-07-27 北京华大智宝电子系统有限公司 Fingerprint identification device
CN106789096A (en) * 2017-03-30 2017-05-31 山东超越数控电子有限公司 A kind of biological characteristic cipher authentication method and device
CN107292152A (en) * 2017-05-24 2017-10-24 舒翔 A kind of biological characteristic authentication system and biometric authentication method

Similar Documents

Publication Publication Date Title
US10681025B2 (en) Systems and methods for securely managing biometric data
US11223948B2 (en) Anonymous authentication and remote wireless token access
US11991175B2 (en) User authentication based on device identifier further identifying software agent
JP6381833B2 (en) Authentication in the ubiquitous environment
CN104321777B (en) Public identifier is generated to verify the personal method for carrying identification object
US20160012272A1 (en) Fingerprint authentication system and a fingerprint authentication method based on nfc
WO2017032179A1 (en) Fingerprint security element (se) module and payment verification method
CN110290134A (en) A kind of identity identifying method, device, storage medium and processor
JP2006107406A (en) Biometric authentication device and terminal
CN105791277A (en) Identity authentication method
ArunPrakash et al. Biometric encoding and biometric authentication (BEBA) protocol for secure cloud in m-commerce environment
CN104835039A (en) Data label generation method
KR101468192B1 (en) Secure User Authentication Scheme Based on Facial Recognition for Smartwork Environment
JP2019004475A (en) Authentication under ubiquitous environment
US20210160076A1 (en) System and method for secure biometric authentication
US20180253573A1 (en) Systems and Methods for Utilizing Magnetic Fingerprints Obtained Using Magnetic Stripe Card Readers to Derive Transaction Tokens
WO2019114813A1 (en) Biometric authentication system and method
Maheshwari et al. Secure authentication using biometric templates in Kerberos
CN109005158B (en) Authentication method of dynamic gesture authentication system based on fuzzy safe
US12022282B2 (en) Anonymous authentication and remote wireless token access
US20240022404A1 (en) Non-hackable digital identity
CN108075887B (en) Method, cloud platform, user equipment and system for encryption authentication of CPU card
CN113449621A (en) Biological feature recognition method, system and application thereof

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18889775

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18889775

Country of ref document: EP

Kind code of ref document: A1