CN110392030A - A kind of authentication based on biological characteristic, method for processing business and system - Google Patents
A kind of authentication based on biological characteristic, method for processing business and system Download PDFInfo
- Publication number
- CN110392030A CN110392030A CN201810362579.4A CN201810362579A CN110392030A CN 110392030 A CN110392030 A CN 110392030A CN 201810362579 A CN201810362579 A CN 201810362579A CN 110392030 A CN110392030 A CN 110392030A
- Authority
- CN
- China
- Prior art keywords
- data
- user
- terminal
- identity information
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3231—Biological data, e.g. fingerprint, voice or retina
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- Health & Medical Sciences (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Biodiversity & Conservation Biology (AREA)
- Life Sciences & Earth Sciences (AREA)
- Collating Specific Patterns (AREA)
Abstract
The invention discloses a kind of authentication based on biological characteristic, method for processing business and systems, are related to technical field of biometric identification, and terminal obtains the biological information and user identity information of user, generate characteristic value and user data;Server user identity information and characteristic value according to included in the business processing request received, and user identity is authenticated according to the stored user identity information corresponding characteristic value, business processing request is responded or terminated according to authentication result.The present invention need not store the biological information of user, avoid user biological characteristic information from revealing, improve the safety of authentication.Meanwhile illegal user is excluded by certification in terminal, reduce server authentication pressure.
Description
Technical field
The present invention relates to biological attribute data processing technology fields, and in particular to a kind of identity based on biological characteristic is recognized
Card, method for processing business and system.
Background technique
Biological identification technology has been widely used for the fields such as smart machine unlock, mobile payment certification.But existing biology is known
Other technology needs to store the biological information of registration, is likely to cause biological spy when sending and storing biological information
The leakage of reference breath, to bring information security hidden danger to user.
Summary of the invention
In view of the deficiencies in the prior art, the purpose of the present invention is to provide a kind of identity based on biological characteristic to recognize
Card, method for processing business and system, effectively exclusion illegal user, improve the safety of authentication, and reduce server count
According to processing pressure.
To achieve the above objectives, the technical solution adopted by the present invention is that: a kind of authentication based on biological characteristic, business
Processing method:
Authentication, method for processing business based on biological characteristic include registration process and verification process:
The registration process includes:
A1, terminal receive the application for registration of user, obtain the biological information for initiating the user of application for registration and user
Identification information B;
The biological information is generated high entropy data S using preset algorithm by A2, terminal;The high entropy data S is adopted
Data K is calculated with key schedule;Using data K as key, and using symmetric encipherment algorithm to the user identifier
Information B is encrypted to obtain characteristic value O;The key schedule includes Pseudo-Random Number or one-way Hash algorithm;
A3, terminal calculate the first data Q to the user identity information B and the high entropy data S;Using described first
Data Q is encrypted to obtain user data M to the characteristic value O as key, and using symmetric encipherment algorithm, and by the use
The associated storage of the user data M and user identity information B is in the terminal;
The user identity information B and the characteristic value O are sent to server by A4, terminal, and server is by the user
The identification information B and characteristic value O is associated is stored in server database;
The verification process includes:
B1, terminal receive the business application of user, and obtain the biological information and use of the user of initiation business application
Family identification information B ';
B2, terminal detect whether to save and the associated user data M ' of user identity information B ';If so, entering step
B3;If it is not, entering step B5;
Biological information is generated high entropy data S ' using preset algorithm by B3, terminal;To user identity information B ' and height
Entropy data S ' obtains the first data Q ' using identical calculation method in registration process;Key is used as using the first data Q ', and
Using symmetric encipherment algorithm identical in registration process, to user identity information B ', corresponding data M ' is decrypted in the terminal;
B4, terminal judge whether decryption succeeds, if so, terminal obtains characteristic value O ', enter step B6;If it is not, entering step
Rapid B11;
B5, it is corresponding that terminal generates user identifier B ' using computational algorithm identical in registration process to biological information
Data M ' and characteristic value O ', and in the terminal by the newly-generated associated preservation of user identity information B ' and user data M ';
The service request for containing user identity information B ' and characteristic value O ' is sent to server by B6, terminal;
B7, server receives service request, and compares the characteristic value O ' and user identity information B ' for including in service request
Whether corresponding characteristic value is identical in the database, if so, entering step B8;If it is not, entering step B9;
B8, server execute service request;Return authentication successful information;Terminate;
B9, server terminate service request;Return authentication failure information;
B10, when terminal receives the authentication failure message of server end transmission, if the corresponding M ' of user identifier B ' is not
When newly-generated, directly terminate;If the corresponding user data M ' of user identifier B ' is newly-generated, remove user identifier B ' and
Corresponding user data M ' terminates;
B11, return authentication failure information terminate.
Based on the above technical solution, the preset algorithm includes fuzzy extraction, obscures and promises to undertake, obscures safety cabinet.
Based on the above technical solution, in step A3 terminal to the user identity information B and the high entropy data S
The process for calculating the first data Q includes:
XOR operation, interpolation arithmetic or cascaded operational is carried out to the user identity information B and high entropy data S to obtain
The first data Q is calculated using key schedule to the second data I in second data I;The key schedule packet
Include Pseudo-Random Number or one-way Hash algorithm.
Based on the above technical solution, the biological information include face, iris, fingerprint, sclera, refer to it is quiet
One of arteries and veins, vena metacarpea are a variety of.
Based on the above technical solution, the symmetric encipherment algorithm is one in SM4, DES, 3DES, IDEA and AES
Kind.
The invention also discloses a kind of authentications based on biological characteristic, transaction processing system, including terminal and service
Device:
The terminal includes:
User profile acquisition module is used in registration process, and terminal receives the application for registration of user, is obtained and is initiated registration
The biological information and user identity information B of the user of application;In verification process, terminal receives the business application of user, and
Obtain the biological information and user identity information B ' of the user of initiation business application;
Detection module is used in verification process, and whether detection terminal saves and the associated use of user identity information B '
User data M ';
Characteristic value generation module, is used in registration process, generates high entropy data S using the biological information;It is right
Data K is calculated using key schedule in the high entropy data S;Using data K as key, and use symmetric encipherment algorithm
The user identity information B is encrypted to obtain characteristic value O;In verification process, detection module, which detects, not to be saved and user
When the associated user data M ' of identification information B ', terminal is raw using computational algorithm identical in registration process to biological information
At the corresponding characteristic value O ' of user identifier B ';
User data generation module, is used in registration process, to the user identity information B and the high entropy data S
Calculate the first data Q;Using the first data Q as key, and the characteristic value O is carried out using symmetric encipherment algorithm
Encryption obtains user data M, in the terminal by the associated storage of the user data M and the user identity information B;It authenticated
Cheng Zhong, detection module detects when not saving user data M ' associated with user identity information B ', and terminal believes biological characteristic
Breath generates user data M ' using computational algorithm identical in registration process;
Deciphering module is used in verification process, detection module detect save it is associated with user identity information B '
When user data M ', high entropy data S ' is generated using the biological information;To the user identity information B ' and high entropy number
The first data Q ' is obtained using identical calculation method in registration process according to S ';Key is used as using the first data Q ', and
Using symmetric encipherment algorithm identical in registration process, to user identity information B ', corresponding data M ' is decrypted in the terminal;Decryption
When success, characteristic value O ' is obtained;When decryption failure, return authentication failure;
Transmission module is used in registration process, and the user identity information B and characteristic value O that contains is sent
To server;
Service request module, is used in verification process, and transmission contains the industry of user identity information B ' and characteristic value O '
Business is requested to server;
User data update module, when being used to receive the authentication failure message of server end transmission, if user identifier
When the corresponding user data M ' of B ' is newly-generated, user identifier B ' and corresponding user data M ' is removed;Conversely, need not be clear
It removes;
Server includes:
Memory module, be used to send terminal by the user identity information B and the associated storage of characteristic value O
In server database;
Authentication module is used to receive the service request, and compare the characteristic value O ' for including in the service request and
Whether corresponding characteristic value is identical in the database by the user identity information B ';If they are the same, then the service request is executed simultaneously
To terminal return authentication successful information;If it is different, then terminating the service request and to terminal return authentication failure information.
Based on the above technical solution, the user data generation module is to the user identity information B and described
The process that high entropy data S calculates the first data Q includes:
XOR operation, interpolation arithmetic or cascaded operational is carried out to the user identity information B and high entropy data S to obtain
The first data Q is calculated using key schedule to the second data I in second data I;The key schedule packet
Include Pseudo-Random Number or one-way Hash algorithm.
Based on the above technical solution, the biological information include face, iris, fingerprint, sclera, refer to it is quiet
One of arteries and veins, vena metacarpea are a variety of.
Based on the above technical solution, the symmetric encipherment algorithm is one in SM4, DES, 3DES, IDEA and AES
Kind.
Based on the above technical solution, the preset algorithm includes fuzzy extraction, obscures and promises to undertake, obscures safety cabinet.
Compared with the prior art, the advantages of the present invention are as follows:
(1) present invention need not store the biological information of user, and user biological characteristic information is effectively prevent to reveal, and improve
The safety of authentication.
(2) present invention is first authenticated in terminal, illegal user is excluded, then authenticated in server, to reduce clothes
Business device data processing pressure.
(3) present invention stores user data and user identity information in server end, even if terminal damage or loss, are used
Family can also be completed authentication by server and realize the update to endpoint to register information.
Detailed description of the invention
Fig. 1 be authentication based on biological characteristic in the embodiment of the present invention, method for processing business registration regulation stream
Journey schematic diagram;
Fig. 2 be authentication based on biological characteristic in the embodiment of the present invention, method for processing business certification regulation stream
Journey schematic diagram;
Fig. 3 is the flow diagram of authentication based on biological characteristic in the embodiment of the present invention, transaction processing system.
Specific embodiment
Invention is further described in detail with reference to the accompanying drawings and embodiments.
The embodiment of the present invention provides a kind of authentication based on biological characteristic, method for processing business, is based on biological characteristic
Authentication, method for processing business include registration process and verification process:
Shown in Figure 1, registration process includes:
A1, terminal receive the application for registration of user, obtain the biological information for initiating the user of application for registration and user
Identification information B;Biological information includes face, iris, fingerprint, sclera, one of refers to vein, vena metacarpea or a variety of.With
Family identification information can be user number, user name, User ID of user etc.
Biological information is generated high entropy data S using preset algorithm by A2, terminal;It is raw using key to high entropy data S
Data K is calculated at algorithm;Using data K as key, and user identity information B is encrypted using symmetric encipherment algorithm
Obtain characteristic value O;Key schedule includes Pseudo-Random Number or one-way Hash algorithm;Preset algorithm can be fuzzy
It extracts, obscures and promise to undertake, obscure safety cabinet, be also possible to other algorithms and be not specifically limited herein.Symmetric encipherment algorithm be SM4,
One of DES, 3DES and AES.One-way Hash algorithm is one of MD5, SHA-1, SHA-2, SHA-3, MAC and SM3.It is close
Key generating algorithm can be Pseudo-Random Number or one-way Hash algorithm.
A3, terminal calculate the first data Q to user identity information B and high entropy data S;Using the first data Q as close
Key, and characteristic value O is encrypted using symmetric encipherment algorithm to obtain user data M, and user data M and user identifier are believed
Cease the associated storage of B in the terminal;
Terminal includes: to user identity information B and high entropy data the S process for calculating the first data Q in step A3
XOR operation, interpolation arithmetic or cascaded operational are carried out to user identity information B and high entropy data S and obtain the second data
I generates calculation using key to the second data I and the first data Q is calculated.
User identity information B and characteristic value O are sent to server by A4, terminal, and server is by user identity information B and spy
Value indicative O is associated to be stored in server database;
Shown in Figure 2, verification process includes:
B1, terminal receive the business application of user, and obtain the biological information and use of the user of initiation business application
Family identification information B ';
B2, terminal detect whether to save and the associated user data M ' of user identity information B ';If so, entering step
B3;If it is not, entering step B5;
B3, terminal generate high entropy data S ' using biological information;User identity information B ' and high entropy data S ' are adopted
The first data Q ' is obtained with calculation method identical in registration process;Key is used as using the first data Q ', and using registered
To user identity information B ', corresponding data M ' is decrypted identical symmetric encipherment algorithm in the terminal in journey;
B4, terminal judge whether decryption succeeds, if so, terminal obtains characteristic value O ', enter step B6;If it is not, entering step
Rapid B11;
B5, it is corresponding that terminal generates user identifier B ' using computational algorithm identical in registration process to biological information
Data M ' and characteristic value O ', and in the terminal by the newly-generated associated preservation of user identity information B ' and user data M ';
The service request for containing user identity information B ' and characteristic value O ' is sent to server by B6, terminal;
B7, server receives service request, and compares the characteristic value O ' and user identity information B ' for including in service request
Whether corresponding characteristic value is identical in the database, if so, entering step B8;If it is not, entering step B9;
B8 executes service request;Return authentication successful information;Terminate;
B9 terminates service request;Return authentication failure information;
B10, when terminal receives the authentication failure message of server end transmission, if the corresponding M ' of user identifier B ' is not
When newly-generated, directly terminate;If the corresponding user data M ' of user identifier B ' is newly-generated, remove user identifier B ' and
Corresponding user data M ' terminates;
B11, return authentication failure information terminate.
Embodiment 2:
Shown in Figure 3, present embodiment discloses a kind of authentication based on biological characteristic, transaction processing system, packets
Include terminal and server:
The terminal includes:
1. User profile acquisition module is used in registration process, terminal receives the application for registration of user, obtains and initiates note
The biological information and user identity information B of the user of volume application;In verification process, terminal receives the business application of user,
And obtain the biological information and user identity information B of the user of initiation business application.
2. detection module is used in verification process, it is associated with user identity information B ' whether detection terminal saves
User data M '.
3. characteristic value generation module, is used in registration process, high entropy data S is generated using the biological information;
Data K is calculated using key schedule to the high entropy data S;Using data K as key, and calculated using symmetric cryptography
Method is encrypted to obtain characteristic value O to the user identity information B;In verification process, detection module, which detects, not to be saved and uses
When the associated user data M ' of family identification information B ', terminal is to biological information using identical computational algorithm in registration process
Generate the corresponding characteristic value O ' of user identifier B '.
4. user data generation module, is used in registration process, to the user identity information B and the high entropy data
S calculates the first data Q;Using the first data Q as key, and using symmetric encipherment algorithm to the characteristic value O into
Row encryption obtains user data M, in the terminal by the associated storage of the user data M and the user identity information B;Certification
In the process, detection module detects that terminal is to biological characteristic when not saving user data M ' associated with user identity information B '
Information generates user data M ' using computational algorithm identical in registration process.
User data generation module includes: to user identity information B and high entropy data the S process for calculating the first data Q
XOR operation, interpolation arithmetic or cascaded operational are carried out to user identity information B and high entropy data S and obtain the second data
The second data Q is calculated through code key generating algorithm in I, the second data I;One in SHA-1, SHA-2, SHA-3, MAC and SM3
Kind.Key schedule can be Pseudo-Random Number or one-way Hash algorithm.
5. deciphering module is used in verification process, detection module is detected to save and is associated with user identity information B '
User data M ' when, using the biological information generate high entropy data S ';To the user identity information B ' and high entropy
Data S ' obtains the first data Q ' using identical calculation method in registration process;Key is used as using the first data Q ',
And to user identity information B ', corresponding data M ' is decrypted in the terminal using identical symmetric encipherment algorithm in registration process;Solution
When close success, characteristic value O ' is obtained;When decryption failure, return authentication failure.
6. transmission module is used in registration process, the user identity information B and the characteristic value O are sent to clothes
Business device.
7. service request module, is used in verification process, transmission contains user identity information B's ' and characteristic value O '
Service request is to server.
8. user data update module, when being used to receive the authentication failure message of server end transmission, if user marks
When the corresponding user data M ' of knowledge B ' is newly-generated, user identifier B ' and corresponding user data M ' is removed;Conversely, need not be clear
It removes.
Server includes:
1. memory module, be used to send terminal by the user identity information B and the characteristic value O is associated deposits
Storage is in server database;
2. authentication module is used to receive the service request, and compares the characteristic value O ' for including in the service request
Whether corresponding characteristic value is identical in the database with the user identity information B ';If they are the same, then the service request is executed
And to terminal return authentication successful information;If it is different, then terminating the service request and to terminal return authentication failure information.
The present invention is not limited to the above-described embodiments, for those skilled in the art, is not departing from
Under the premise of the principle of the invention, several improvements and modifications can also be made, these improvements and modifications are also considered as protection of the invention
Within the scope of.The content being not described in detail in this specification belongs to the prior art well known to professional and technical personnel in the field.
Claims (10)
1. a kind of authentication based on biological characteristic, method for processing business, it is characterised in that:
Authentication, method for processing business based on biological characteristic include registration process and verification process:
The registration process includes:
A1, terminal receive the application for registration of user, obtain the biological information and user identifier for initiating the user of application for registration
Information B;
The biological information is generated high entropy data S using preset algorithm by A2, terminal;To the high entropy data S using close
Data K is calculated in key generating algorithm;Using data K as key, and using symmetric encipherment algorithm to the user identity information B
It is encrypted to obtain characteristic value O;The key schedule includes Pseudo-Random Number or one-way Hash algorithm;
A3, terminal calculate the first data Q to the user identity information B and the high entropy data S;Using first data
Q is encrypted to obtain user data M to the characteristic value O as key, and using symmetric encipherment algorithm, and by the number of users
In the terminal according to the associated storage of M and the user identity information B;
The user identity information B and the characteristic value O are sent to server by A4, terminal, and server is by the user identifier
The information B and characteristic value O is associated is stored in server database;
The verification process includes:
B1, terminal receive the business application of user, and obtain the biological information and user's mark of the user of initiation business application
Know information B ';
B2, terminal detect whether to save and the associated user data M ' of user identity information B ';If so, entering step B3;If
It is no, enter step B5;
Biological information is generated high entropy data S ' using preset algorithm by B3, terminal;To user identity information B ' and high entropy number
The first data Q ' is obtained using identical calculation method in registration process according to S ';Key is used as using the first data Q ', and is used
To user identity information B ', corresponding data M ' is decrypted identical symmetric encipherment algorithm in the terminal in registration process;
B4, terminal judge whether decryption succeeds, if so, terminal obtains characteristic value O ', enter step B6;If it is not, entering step
B11;
B5, terminal generate the corresponding data of user identifier B ' using computational algorithm identical in registration process to biological information
M ' and characteristic value O ', and in the terminal by the newly-generated associated preservation of user identity information B ' and user data M ';
The service request for containing user identity information B ' and characteristic value O ' is sent to server by B6, terminal;
B7, server receives service request, and compares the characteristic value O ' for including in service request and user identity information B ' in number
It is whether identical according to characteristic value corresponding in library, if so, entering step B8;If it is not, entering step B9;
B8, server execute service request;Return authentication successful information;Terminate;
B9, server terminate service request;Return authentication failure information;
B10, when terminal receives the authentication failure message of server end transmission, if the corresponding M ' of user identifier B ' is not newborn
At when, directly terminate;If the corresponding user data M ' of user identifier B ' is newly-generated, removes user identifier B ' and correspond to
User data M ', terminate;
B11, return authentication failure information terminate.
2. a kind of authentication based on biological characteristic as described in claim 1, method for processing business, it is characterised in that: institute
Stating preset algorithm includes fuzzy extraction, obscures and promises to undertake, obscures safety cabinet.
3. a kind of authentication based on biological characteristic as described in claim 1, method for processing business, it is characterised in that:
Terminal includes: to the user identity information B and the high entropy data S process for calculating the first data Q in step A3
XOR operation, interpolation arithmetic or cascaded operational are carried out to the user identity information B and high entropy data S and obtain second
The first data Q is calculated using key schedule to the second data I in data I;The key schedule includes puppet
Generating Random Number or one-way Hash algorithm.
4. a kind of authentication based on biological characteristic as described in claim 1, method for processing business, it is characterised in that:
The biological information includes face, iris, fingerprint, sclera, one of refers to vein, vena metacarpea or a variety of.
5. a kind of authentication based on biological characteristic as described in claim 1, method for processing business, it is characterised in that:
The symmetric encipherment algorithm is one of SM4, DES, 3DES, IDEA and AES.
6. a kind of authentication based on biological characteristic, transaction processing system, which is characterized in that including terminal and server:
The terminal includes:
User profile acquisition module is used in registration process, and terminal receives the application for registration of user, is obtained and is initiated application for registration
User biological information and user identity information B;In verification process, terminal receives the business application of user, and obtains
The biological information and user identity information B ' of the user of initiation business application;
Detection module is used in verification process, and whether detection terminal saves and the associated number of users of user identity information B '
According to M ';
Characteristic value generation module, is used in registration process, generates high entropy data S using the biological information;To described
Data K is calculated using key schedule in high entropy data S;Using data K as key, and using symmetric encipherment algorithm to institute
User identity information B is stated to be encrypted to obtain characteristic value O;In verification process, detection module, which detects, not to be saved and user identifier
When the associated user data M ' of information B ', terminal is generated biological information using computational algorithm identical in registration process and used
Family identifies the corresponding characteristic value O ' of B ';
User data generation module, is used in registration process, calculates the user identity information B and high entropy data S
First data Q out;Using the first data Q as key, and the characteristic value O is encrypted using symmetric encipherment algorithm
User data M is obtained, in the terminal by the associated storage of the user data M and the user identity information B;Verification process
In, detection module detects that terminal is to biological information when not saving user data M ' associated with user identity information B '
User data M ' is generated using computational algorithm identical in registration process;
Deciphering module is used in verification process, and detection module, which detects, to be saved and the associated user of user identity information B '
When data M ', high entropy data S ' is generated using the biological information;To the user identity information B ' and high entropy data S '
First data Q ' is obtained using calculation method identical in registration process;Key is used as using the first data Q ', and is used
To user identity information B ', corresponding data M ' is decrypted identical symmetric encipherment algorithm in the terminal in registration process;Successful decryption
When, obtain characteristic value O ';When decryption failure, return authentication failure;
Transmission module is used in registration process, contains user identity information B and the characteristic value O is sent to clothes for described
Business device;
Service request module, is used in verification process, and transmission contains user identity information B ' and the business of characteristic value O ' is asked
It asks to server;
User data update module, when being used to receive the authentication failure message of server end transmission, if user identifier B ' is right
When the user data M ' answered is newly-generated, user identifier B ' and corresponding user data M ' is removed;Conversely, need not remove;
Server includes:
Memory module, be used to send terminal by the user identity information B and the characteristic value O is associated is stored in clothes
It is engaged in device database;
Authentication module is used to receive the service request, and compares the characteristic value O ' for including in the service request and described
Whether corresponding characteristic value is identical in the database by user identity information B ';If they are the same, then the service request is executed and to end
Hold return authentication successful information;If it is different, then terminating the service request and to terminal return authentication failure information.
7. a kind of authentication based on biological characteristic as claimed in claim 6, transaction processing system, it is characterised in that:
The user data generation module calculates the mistake of the first data Q to the user identity information B and the high entropy data S
Journey includes:
XOR operation, interpolation arithmetic or cascaded operational are carried out to the user identity information B and high entropy data S and obtain second
The first data Q is calculated using key schedule to the second data I in data I;The key schedule includes puppet
Generating Random Number or one-way Hash algorithm.
8. a kind of authentication based on biological characteristic as claimed in claim 6, transaction processing system, it is characterised in that:
The biological information includes face, iris, fingerprint, sclera, one of refers to vein, vena metacarpea or a variety of.
9. a kind of authentication based on biological characteristic as claimed in claim 6, transaction processing system, it is characterised in that:
The symmetric encipherment algorithm is one of SM4, DES, 3DES, IDEA and AES.
10. a kind of authentication based on biological characteristic as claimed in claim 6, transaction processing system, it is characterised in that: institute
Stating preset algorithm includes fuzzy extraction, obscures and promises to undertake, obscures safety cabinet.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810362579.4A CN110392030B (en) | 2018-04-20 | 2018-04-20 | Identity authentication and service processing method and system based on biological characteristics |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810362579.4A CN110392030B (en) | 2018-04-20 | 2018-04-20 | Identity authentication and service processing method and system based on biological characteristics |
Publications (2)
Publication Number | Publication Date |
---|---|
CN110392030A true CN110392030A (en) | 2019-10-29 |
CN110392030B CN110392030B (en) | 2021-12-14 |
Family
ID=68284220
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810362579.4A Active CN110392030B (en) | 2018-04-20 | 2018-04-20 | Identity authentication and service processing method and system based on biological characteristics |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110392030B (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110807186A (en) * | 2019-11-06 | 2020-02-18 | 杭州华澜微电子股份有限公司 | Method, device, equipment and storage medium for safe storage of storage equipment |
CN111355588A (en) * | 2020-02-19 | 2020-06-30 | 武汉大学 | Wearable device double-factor authentication method and system based on PUF and fingerprint characteristics |
CN113838238A (en) * | 2021-09-26 | 2021-12-24 | 北京紫光展锐通信技术有限公司 | Service processing method, device and equipment |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101013943A (en) * | 2007-02-14 | 2007-08-08 | 北京邮电大学 | Method for binding/recovering key using fingerprint details |
CN101345619A (en) * | 2008-08-01 | 2009-01-14 | 清华大学深圳研究生院 | Electronic data protection method and device based on biological characteristic and mobile cryptographic key |
CN101674299A (en) * | 2009-10-16 | 2010-03-17 | 西安电子科技大学 | Method for generating key based on amalgamation of multiple features in encryption area |
US20130232542A1 (en) * | 2012-03-02 | 2013-09-05 | International Business Machines Corporation | System and method to provide server control for access to mobile client data |
CN105357194A (en) * | 2015-10-28 | 2016-02-24 | 广东欧珀移动通信有限公司 | Password updating method and password updating system |
CN106487517A (en) * | 2016-09-30 | 2017-03-08 | 北京瑞卓喜投科技发展有限公司 | data encryption and decryption method and device |
CN106506168A (en) * | 2016-12-07 | 2017-03-15 | 北京信任度科技有限公司 | A kind of safe method based on biological characteristic long-distance identity-certifying |
CN107171791A (en) * | 2017-05-24 | 2017-09-15 | 舒翔 | A kind of data encryption/decryption method and encrypting and deciphering system based on biological characteristic |
CN107733933A (en) * | 2017-11-30 | 2018-02-23 | 中国电力科学研究院有限公司 | A kind of double factor identity authentication method and system based on biological identification technology |
-
2018
- 2018-04-20 CN CN201810362579.4A patent/CN110392030B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101013943A (en) * | 2007-02-14 | 2007-08-08 | 北京邮电大学 | Method for binding/recovering key using fingerprint details |
CN101345619A (en) * | 2008-08-01 | 2009-01-14 | 清华大学深圳研究生院 | Electronic data protection method and device based on biological characteristic and mobile cryptographic key |
CN101674299A (en) * | 2009-10-16 | 2010-03-17 | 西安电子科技大学 | Method for generating key based on amalgamation of multiple features in encryption area |
US20130232542A1 (en) * | 2012-03-02 | 2013-09-05 | International Business Machines Corporation | System and method to provide server control for access to mobile client data |
CN105357194A (en) * | 2015-10-28 | 2016-02-24 | 广东欧珀移动通信有限公司 | Password updating method and password updating system |
CN106487517A (en) * | 2016-09-30 | 2017-03-08 | 北京瑞卓喜投科技发展有限公司 | data encryption and decryption method and device |
CN106506168A (en) * | 2016-12-07 | 2017-03-15 | 北京信任度科技有限公司 | A kind of safe method based on biological characteristic long-distance identity-certifying |
CN107171791A (en) * | 2017-05-24 | 2017-09-15 | 舒翔 | A kind of data encryption/decryption method and encrypting and deciphering system based on biological characteristic |
CN107733933A (en) * | 2017-11-30 | 2018-02-23 | 中国电力科学研究院有限公司 | A kind of double factor identity authentication method and system based on biological identification technology |
Non-Patent Citations (1)
Title |
---|
杨得新等: "基于生物特征和口令放大的远程认证协议", 《计算机工程与应用》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110807186A (en) * | 2019-11-06 | 2020-02-18 | 杭州华澜微电子股份有限公司 | Method, device, equipment and storage medium for safe storage of storage equipment |
CN111355588A (en) * | 2020-02-19 | 2020-06-30 | 武汉大学 | Wearable device double-factor authentication method and system based on PUF and fingerprint characteristics |
CN111355588B (en) * | 2020-02-19 | 2021-01-15 | 武汉大学 | Wearable device double-factor authentication method and system based on PUF and fingerprint characteristics |
CN113838238A (en) * | 2021-09-26 | 2021-12-24 | 北京紫光展锐通信技术有限公司 | Service processing method, device and equipment |
Also Published As
Publication number | Publication date |
---|---|
CN110392030B (en) | 2021-12-14 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103124269B (en) | Based on the Bidirectional identity authentication method of dynamic password and biological characteristic under cloud environment | |
Gunasinghe et al. | PrivBioMTAuth: Privacy preserving biometrics-based and user centric protocol for user authentication from mobile phones | |
JP5859953B2 (en) | Biometric authentication system, communication terminal device, biometric authentication device, and biometric authentication method | |
US9384338B2 (en) | Architectures for privacy protection of biometric templates | |
WO2017012175A1 (en) | Identity authentication method, identity authentication system, terminal and server | |
CN107919965B (en) | Biological characteristic sensitive information outsourcing identity authentication method based on homomorphic encryption | |
CN110392027A (en) | Authentication, method for processing business and system based on biological characteristic | |
CN101420301A (en) | Human face recognizing identity authentication system | |
US20180247313A1 (en) | Fingerprint security element (se) module and payment verification method | |
US20150113283A1 (en) | Protecting credentials against physical capture of a computing device | |
CN101174953A (en) | Identity authentication method based on S/Key system | |
JP7259868B2 (en) | system and client | |
CN110392030A (en) | A kind of authentication based on biological characteristic, method for processing business and system | |
Sui et al. | Biometrics-based authentication: A new approach | |
CN105450419A (en) | Method, device and system | |
Han et al. | An Improved Biometric Based Authentication Scheme with User Anonymity Using Elliptic Curve Cryptosystem. | |
Radha et al. | An evaluation of fingerprint security using noninvertible biohash | |
CN106936775A (en) | A kind of authentication method and system based on fingerprint recognition | |
JP2006262333A (en) | Living body authentication system | |
CN109961542A (en) | A kind of entrance guard device, verifying device, verifying system and its verification method | |
CN112311794A (en) | Bidirectional identity authentication method based on MFA algorithm | |
CN107888376A (en) | NFC Verification Systems based on quantum communication network | |
CN204347841U (en) | A kind of fingerprint identification device | |
WO2019103677A1 (en) | Biometric template handling involving a key carrying device | |
Chikouche et al. | An authentication protocol based on combined RFID-biometric system RFID-biometric system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |