CN110392030A - A kind of authentication based on biological characteristic, method for processing business and system - Google Patents

A kind of authentication based on biological characteristic, method for processing business and system Download PDF

Info

Publication number
CN110392030A
CN110392030A CN201810362579.4A CN201810362579A CN110392030A CN 110392030 A CN110392030 A CN 110392030A CN 201810362579 A CN201810362579 A CN 201810362579A CN 110392030 A CN110392030 A CN 110392030A
Authority
CN
China
Prior art keywords
data
user
terminal
identity information
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810362579.4A
Other languages
Chinese (zh)
Other versions
CN110392030B (en
Inventor
魏长伟
刘黎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Zhen Yuan Biological Data Co Ltd
Original Assignee
Wuhan Zhen Yuan Biological Data Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Zhen Yuan Biological Data Co Ltd filed Critical Wuhan Zhen Yuan Biological Data Co Ltd
Priority to CN201810362579.4A priority Critical patent/CN110392030B/en
Publication of CN110392030A publication Critical patent/CN110392030A/en
Application granted granted Critical
Publication of CN110392030B publication Critical patent/CN110392030B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0861Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The invention discloses a kind of authentication based on biological characteristic, method for processing business and systems, are related to technical field of biometric identification, and terminal obtains the biological information and user identity information of user, generate characteristic value and user data;Server user identity information and characteristic value according to included in the business processing request received, and user identity is authenticated according to the stored user identity information corresponding characteristic value, business processing request is responded or terminated according to authentication result.The present invention need not store the biological information of user, avoid user biological characteristic information from revealing, improve the safety of authentication.Meanwhile illegal user is excluded by certification in terminal, reduce server authentication pressure.

Description

A kind of authentication based on biological characteristic, method for processing business and system
Technical field
The present invention relates to biological attribute data processing technology fields, and in particular to a kind of identity based on biological characteristic is recognized Card, method for processing business and system.
Background technique
Biological identification technology has been widely used for the fields such as smart machine unlock, mobile payment certification.But existing biology is known Other technology needs to store the biological information of registration, is likely to cause biological spy when sending and storing biological information The leakage of reference breath, to bring information security hidden danger to user.
Summary of the invention
In view of the deficiencies in the prior art, the purpose of the present invention is to provide a kind of identity based on biological characteristic to recognize Card, method for processing business and system, effectively exclusion illegal user, improve the safety of authentication, and reduce server count According to processing pressure.
To achieve the above objectives, the technical solution adopted by the present invention is that: a kind of authentication based on biological characteristic, business Processing method:
Authentication, method for processing business based on biological characteristic include registration process and verification process:
The registration process includes:
A1, terminal receive the application for registration of user, obtain the biological information for initiating the user of application for registration and user Identification information B;
The biological information is generated high entropy data S using preset algorithm by A2, terminal;The high entropy data S is adopted Data K is calculated with key schedule;Using data K as key, and using symmetric encipherment algorithm to the user identifier Information B is encrypted to obtain characteristic value O;The key schedule includes Pseudo-Random Number or one-way Hash algorithm;
A3, terminal calculate the first data Q to the user identity information B and the high entropy data S;Using described first Data Q is encrypted to obtain user data M to the characteristic value O as key, and using symmetric encipherment algorithm, and by the use The associated storage of the user data M and user identity information B is in the terminal;
The user identity information B and the characteristic value O are sent to server by A4, terminal, and server is by the user The identification information B and characteristic value O is associated is stored in server database;
The verification process includes:
B1, terminal receive the business application of user, and obtain the biological information and use of the user of initiation business application Family identification information B ';
B2, terminal detect whether to save and the associated user data M ' of user identity information B ';If so, entering step B3;If it is not, entering step B5;
Biological information is generated high entropy data S ' using preset algorithm by B3, terminal;To user identity information B ' and height Entropy data S ' obtains the first data Q ' using identical calculation method in registration process;Key is used as using the first data Q ', and Using symmetric encipherment algorithm identical in registration process, to user identity information B ', corresponding data M ' is decrypted in the terminal;
B4, terminal judge whether decryption succeeds, if so, terminal obtains characteristic value O ', enter step B6;If it is not, entering step Rapid B11;
B5, it is corresponding that terminal generates user identifier B ' using computational algorithm identical in registration process to biological information Data M ' and characteristic value O ', and in the terminal by the newly-generated associated preservation of user identity information B ' and user data M ';
The service request for containing user identity information B ' and characteristic value O ' is sent to server by B6, terminal;
B7, server receives service request, and compares the characteristic value O ' and user identity information B ' for including in service request Whether corresponding characteristic value is identical in the database, if so, entering step B8;If it is not, entering step B9;
B8, server execute service request;Return authentication successful information;Terminate;
B9, server terminate service request;Return authentication failure information;
B10, when terminal receives the authentication failure message of server end transmission, if the corresponding M ' of user identifier B ' is not When newly-generated, directly terminate;If the corresponding user data M ' of user identifier B ' is newly-generated, remove user identifier B ' and Corresponding user data M ' terminates;
B11, return authentication failure information terminate.
Based on the above technical solution, the preset algorithm includes fuzzy extraction, obscures and promises to undertake, obscures safety cabinet.
Based on the above technical solution, in step A3 terminal to the user identity information B and the high entropy data S The process for calculating the first data Q includes:
XOR operation, interpolation arithmetic or cascaded operational is carried out to the user identity information B and high entropy data S to obtain The first data Q is calculated using key schedule to the second data I in second data I;The key schedule packet Include Pseudo-Random Number or one-way Hash algorithm.
Based on the above technical solution, the biological information include face, iris, fingerprint, sclera, refer to it is quiet One of arteries and veins, vena metacarpea are a variety of.
Based on the above technical solution, the symmetric encipherment algorithm is one in SM4, DES, 3DES, IDEA and AES Kind.
The invention also discloses a kind of authentications based on biological characteristic, transaction processing system, including terminal and service Device:
The terminal includes:
User profile acquisition module is used in registration process, and terminal receives the application for registration of user, is obtained and is initiated registration The biological information and user identity information B of the user of application;In verification process, terminal receives the business application of user, and Obtain the biological information and user identity information B ' of the user of initiation business application;
Detection module is used in verification process, and whether detection terminal saves and the associated use of user identity information B ' User data M ';
Characteristic value generation module, is used in registration process, generates high entropy data S using the biological information;It is right Data K is calculated using key schedule in the high entropy data S;Using data K as key, and use symmetric encipherment algorithm The user identity information B is encrypted to obtain characteristic value O;In verification process, detection module, which detects, not to be saved and user When the associated user data M ' of identification information B ', terminal is raw using computational algorithm identical in registration process to biological information At the corresponding characteristic value O ' of user identifier B ';
User data generation module, is used in registration process, to the user identity information B and the high entropy data S Calculate the first data Q;Using the first data Q as key, and the characteristic value O is carried out using symmetric encipherment algorithm Encryption obtains user data M, in the terminal by the associated storage of the user data M and the user identity information B;It authenticated Cheng Zhong, detection module detects when not saving user data M ' associated with user identity information B ', and terminal believes biological characteristic Breath generates user data M ' using computational algorithm identical in registration process;
Deciphering module is used in verification process, detection module detect save it is associated with user identity information B ' When user data M ', high entropy data S ' is generated using the biological information;To the user identity information B ' and high entropy number The first data Q ' is obtained using identical calculation method in registration process according to S ';Key is used as using the first data Q ', and Using symmetric encipherment algorithm identical in registration process, to user identity information B ', corresponding data M ' is decrypted in the terminal;Decryption When success, characteristic value O ' is obtained;When decryption failure, return authentication failure;
Transmission module is used in registration process, and the user identity information B and characteristic value O that contains is sent To server;
Service request module, is used in verification process, and transmission contains the industry of user identity information B ' and characteristic value O ' Business is requested to server;
User data update module, when being used to receive the authentication failure message of server end transmission, if user identifier When the corresponding user data M ' of B ' is newly-generated, user identifier B ' and corresponding user data M ' is removed;Conversely, need not be clear It removes;
Server includes:
Memory module, be used to send terminal by the user identity information B and the associated storage of characteristic value O In server database;
Authentication module is used to receive the service request, and compare the characteristic value O ' for including in the service request and Whether corresponding characteristic value is identical in the database by the user identity information B ';If they are the same, then the service request is executed simultaneously To terminal return authentication successful information;If it is different, then terminating the service request and to terminal return authentication failure information.
Based on the above technical solution, the user data generation module is to the user identity information B and described The process that high entropy data S calculates the first data Q includes:
XOR operation, interpolation arithmetic or cascaded operational is carried out to the user identity information B and high entropy data S to obtain The first data Q is calculated using key schedule to the second data I in second data I;The key schedule packet Include Pseudo-Random Number or one-way Hash algorithm.
Based on the above technical solution, the biological information include face, iris, fingerprint, sclera, refer to it is quiet One of arteries and veins, vena metacarpea are a variety of.
Based on the above technical solution, the symmetric encipherment algorithm is one in SM4, DES, 3DES, IDEA and AES Kind.
Based on the above technical solution, the preset algorithm includes fuzzy extraction, obscures and promises to undertake, obscures safety cabinet.
Compared with the prior art, the advantages of the present invention are as follows:
(1) present invention need not store the biological information of user, and user biological characteristic information is effectively prevent to reveal, and improve The safety of authentication.
(2) present invention is first authenticated in terminal, illegal user is excluded, then authenticated in server, to reduce clothes Business device data processing pressure.
(3) present invention stores user data and user identity information in server end, even if terminal damage or loss, are used Family can also be completed authentication by server and realize the update to endpoint to register information.
Detailed description of the invention
Fig. 1 be authentication based on biological characteristic in the embodiment of the present invention, method for processing business registration regulation stream Journey schematic diagram;
Fig. 2 be authentication based on biological characteristic in the embodiment of the present invention, method for processing business certification regulation stream Journey schematic diagram;
Fig. 3 is the flow diagram of authentication based on biological characteristic in the embodiment of the present invention, transaction processing system.
Specific embodiment
Invention is further described in detail with reference to the accompanying drawings and embodiments.
The embodiment of the present invention provides a kind of authentication based on biological characteristic, method for processing business, is based on biological characteristic Authentication, method for processing business include registration process and verification process:
Shown in Figure 1, registration process includes:
A1, terminal receive the application for registration of user, obtain the biological information for initiating the user of application for registration and user Identification information B;Biological information includes face, iris, fingerprint, sclera, one of refers to vein, vena metacarpea or a variety of.With Family identification information can be user number, user name, User ID of user etc.
Biological information is generated high entropy data S using preset algorithm by A2, terminal;It is raw using key to high entropy data S Data K is calculated at algorithm;Using data K as key, and user identity information B is encrypted using symmetric encipherment algorithm Obtain characteristic value O;Key schedule includes Pseudo-Random Number or one-way Hash algorithm;Preset algorithm can be fuzzy It extracts, obscures and promise to undertake, obscure safety cabinet, be also possible to other algorithms and be not specifically limited herein.Symmetric encipherment algorithm be SM4, One of DES, 3DES and AES.One-way Hash algorithm is one of MD5, SHA-1, SHA-2, SHA-3, MAC and SM3.It is close Key generating algorithm can be Pseudo-Random Number or one-way Hash algorithm.
A3, terminal calculate the first data Q to user identity information B and high entropy data S;Using the first data Q as close Key, and characteristic value O is encrypted using symmetric encipherment algorithm to obtain user data M, and user data M and user identifier are believed Cease the associated storage of B in the terminal;
Terminal includes: to user identity information B and high entropy data the S process for calculating the first data Q in step A3
XOR operation, interpolation arithmetic or cascaded operational are carried out to user identity information B and high entropy data S and obtain the second data I generates calculation using key to the second data I and the first data Q is calculated.
User identity information B and characteristic value O are sent to server by A4, terminal, and server is by user identity information B and spy Value indicative O is associated to be stored in server database;
Shown in Figure 2, verification process includes:
B1, terminal receive the business application of user, and obtain the biological information and use of the user of initiation business application Family identification information B ';
B2, terminal detect whether to save and the associated user data M ' of user identity information B ';If so, entering step B3;If it is not, entering step B5;
B3, terminal generate high entropy data S ' using biological information;User identity information B ' and high entropy data S ' are adopted The first data Q ' is obtained with calculation method identical in registration process;Key is used as using the first data Q ', and using registered To user identity information B ', corresponding data M ' is decrypted identical symmetric encipherment algorithm in the terminal in journey;
B4, terminal judge whether decryption succeeds, if so, terminal obtains characteristic value O ', enter step B6;If it is not, entering step Rapid B11;
B5, it is corresponding that terminal generates user identifier B ' using computational algorithm identical in registration process to biological information Data M ' and characteristic value O ', and in the terminal by the newly-generated associated preservation of user identity information B ' and user data M ';
The service request for containing user identity information B ' and characteristic value O ' is sent to server by B6, terminal;
B7, server receives service request, and compares the characteristic value O ' and user identity information B ' for including in service request Whether corresponding characteristic value is identical in the database, if so, entering step B8;If it is not, entering step B9;
B8 executes service request;Return authentication successful information;Terminate;
B9 terminates service request;Return authentication failure information;
B10, when terminal receives the authentication failure message of server end transmission, if the corresponding M ' of user identifier B ' is not When newly-generated, directly terminate;If the corresponding user data M ' of user identifier B ' is newly-generated, remove user identifier B ' and Corresponding user data M ' terminates;
B11, return authentication failure information terminate.
Embodiment 2:
Shown in Figure 3, present embodiment discloses a kind of authentication based on biological characteristic, transaction processing system, packets Include terminal and server:
The terminal includes:
1. User profile acquisition module is used in registration process, terminal receives the application for registration of user, obtains and initiates note The biological information and user identity information B of the user of volume application;In verification process, terminal receives the business application of user, And obtain the biological information and user identity information B of the user of initiation business application.
2. detection module is used in verification process, it is associated with user identity information B ' whether detection terminal saves User data M '.
3. characteristic value generation module, is used in registration process, high entropy data S is generated using the biological information; Data K is calculated using key schedule to the high entropy data S;Using data K as key, and calculated using symmetric cryptography Method is encrypted to obtain characteristic value O to the user identity information B;In verification process, detection module, which detects, not to be saved and uses When the associated user data M ' of family identification information B ', terminal is to biological information using identical computational algorithm in registration process Generate the corresponding characteristic value O ' of user identifier B '.
4. user data generation module, is used in registration process, to the user identity information B and the high entropy data S calculates the first data Q;Using the first data Q as key, and using symmetric encipherment algorithm to the characteristic value O into Row encryption obtains user data M, in the terminal by the associated storage of the user data M and the user identity information B;Certification In the process, detection module detects that terminal is to biological characteristic when not saving user data M ' associated with user identity information B ' Information generates user data M ' using computational algorithm identical in registration process.
User data generation module includes: to user identity information B and high entropy data the S process for calculating the first data Q
XOR operation, interpolation arithmetic or cascaded operational are carried out to user identity information B and high entropy data S and obtain the second data The second data Q is calculated through code key generating algorithm in I, the second data I;One in SHA-1, SHA-2, SHA-3, MAC and SM3 Kind.Key schedule can be Pseudo-Random Number or one-way Hash algorithm.
5. deciphering module is used in verification process, detection module is detected to save and is associated with user identity information B ' User data M ' when, using the biological information generate high entropy data S ';To the user identity information B ' and high entropy Data S ' obtains the first data Q ' using identical calculation method in registration process;Key is used as using the first data Q ', And to user identity information B ', corresponding data M ' is decrypted in the terminal using identical symmetric encipherment algorithm in registration process;Solution When close success, characteristic value O ' is obtained;When decryption failure, return authentication failure.
6. transmission module is used in registration process, the user identity information B and the characteristic value O are sent to clothes Business device.
7. service request module, is used in verification process, transmission contains user identity information B's ' and characteristic value O ' Service request is to server.
8. user data update module, when being used to receive the authentication failure message of server end transmission, if user marks When the corresponding user data M ' of knowledge B ' is newly-generated, user identifier B ' and corresponding user data M ' is removed;Conversely, need not be clear It removes.
Server includes:
1. memory module, be used to send terminal by the user identity information B and the characteristic value O is associated deposits Storage is in server database;
2. authentication module is used to receive the service request, and compares the characteristic value O ' for including in the service request Whether corresponding characteristic value is identical in the database with the user identity information B ';If they are the same, then the service request is executed And to terminal return authentication successful information;If it is different, then terminating the service request and to terminal return authentication failure information.
The present invention is not limited to the above-described embodiments, for those skilled in the art, is not departing from Under the premise of the principle of the invention, several improvements and modifications can also be made, these improvements and modifications are also considered as protection of the invention Within the scope of.The content being not described in detail in this specification belongs to the prior art well known to professional and technical personnel in the field.

Claims (10)

1. a kind of authentication based on biological characteristic, method for processing business, it is characterised in that:
Authentication, method for processing business based on biological characteristic include registration process and verification process:
The registration process includes:
A1, terminal receive the application for registration of user, obtain the biological information and user identifier for initiating the user of application for registration Information B;
The biological information is generated high entropy data S using preset algorithm by A2, terminal;To the high entropy data S using close Data K is calculated in key generating algorithm;Using data K as key, and using symmetric encipherment algorithm to the user identity information B It is encrypted to obtain characteristic value O;The key schedule includes Pseudo-Random Number or one-way Hash algorithm;
A3, terminal calculate the first data Q to the user identity information B and the high entropy data S;Using first data Q is encrypted to obtain user data M to the characteristic value O as key, and using symmetric encipherment algorithm, and by the number of users In the terminal according to the associated storage of M and the user identity information B;
The user identity information B and the characteristic value O are sent to server by A4, terminal, and server is by the user identifier The information B and characteristic value O is associated is stored in server database;
The verification process includes:
B1, terminal receive the business application of user, and obtain the biological information and user's mark of the user of initiation business application Know information B ';
B2, terminal detect whether to save and the associated user data M ' of user identity information B ';If so, entering step B3;If It is no, enter step B5;
Biological information is generated high entropy data S ' using preset algorithm by B3, terminal;To user identity information B ' and high entropy number The first data Q ' is obtained using identical calculation method in registration process according to S ';Key is used as using the first data Q ', and is used To user identity information B ', corresponding data M ' is decrypted identical symmetric encipherment algorithm in the terminal in registration process;
B4, terminal judge whether decryption succeeds, if so, terminal obtains characteristic value O ', enter step B6;If it is not, entering step B11;
B5, terminal generate the corresponding data of user identifier B ' using computational algorithm identical in registration process to biological information M ' and characteristic value O ', and in the terminal by the newly-generated associated preservation of user identity information B ' and user data M ';
The service request for containing user identity information B ' and characteristic value O ' is sent to server by B6, terminal;
B7, server receives service request, and compares the characteristic value O ' for including in service request and user identity information B ' in number It is whether identical according to characteristic value corresponding in library, if so, entering step B8;If it is not, entering step B9;
B8, server execute service request;Return authentication successful information;Terminate;
B9, server terminate service request;Return authentication failure information;
B10, when terminal receives the authentication failure message of server end transmission, if the corresponding M ' of user identifier B ' is not newborn At when, directly terminate;If the corresponding user data M ' of user identifier B ' is newly-generated, removes user identifier B ' and correspond to User data M ', terminate;
B11, return authentication failure information terminate.
2. a kind of authentication based on biological characteristic as described in claim 1, method for processing business, it is characterised in that: institute Stating preset algorithm includes fuzzy extraction, obscures and promises to undertake, obscures safety cabinet.
3. a kind of authentication based on biological characteristic as described in claim 1, method for processing business, it is characterised in that:
Terminal includes: to the user identity information B and the high entropy data S process for calculating the first data Q in step A3
XOR operation, interpolation arithmetic or cascaded operational are carried out to the user identity information B and high entropy data S and obtain second The first data Q is calculated using key schedule to the second data I in data I;The key schedule includes puppet Generating Random Number or one-way Hash algorithm.
4. a kind of authentication based on biological characteristic as described in claim 1, method for processing business, it is characterised in that:
The biological information includes face, iris, fingerprint, sclera, one of refers to vein, vena metacarpea or a variety of.
5. a kind of authentication based on biological characteristic as described in claim 1, method for processing business, it is characterised in that:
The symmetric encipherment algorithm is one of SM4, DES, 3DES, IDEA and AES.
6. a kind of authentication based on biological characteristic, transaction processing system, which is characterized in that including terminal and server:
The terminal includes:
User profile acquisition module is used in registration process, and terminal receives the application for registration of user, is obtained and is initiated application for registration User biological information and user identity information B;In verification process, terminal receives the business application of user, and obtains The biological information and user identity information B ' of the user of initiation business application;
Detection module is used in verification process, and whether detection terminal saves and the associated number of users of user identity information B ' According to M ';
Characteristic value generation module, is used in registration process, generates high entropy data S using the biological information;To described Data K is calculated using key schedule in high entropy data S;Using data K as key, and using symmetric encipherment algorithm to institute User identity information B is stated to be encrypted to obtain characteristic value O;In verification process, detection module, which detects, not to be saved and user identifier When the associated user data M ' of information B ', terminal is generated biological information using computational algorithm identical in registration process and used Family identifies the corresponding characteristic value O ' of B ';
User data generation module, is used in registration process, calculates the user identity information B and high entropy data S First data Q out;Using the first data Q as key, and the characteristic value O is encrypted using symmetric encipherment algorithm User data M is obtained, in the terminal by the associated storage of the user data M and the user identity information B;Verification process In, detection module detects that terminal is to biological information when not saving user data M ' associated with user identity information B ' User data M ' is generated using computational algorithm identical in registration process;
Deciphering module is used in verification process, and detection module, which detects, to be saved and the associated user of user identity information B ' When data M ', high entropy data S ' is generated using the biological information;To the user identity information B ' and high entropy data S ' First data Q ' is obtained using calculation method identical in registration process;Key is used as using the first data Q ', and is used To user identity information B ', corresponding data M ' is decrypted identical symmetric encipherment algorithm in the terminal in registration process;Successful decryption When, obtain characteristic value O ';When decryption failure, return authentication failure;
Transmission module is used in registration process, contains user identity information B and the characteristic value O is sent to clothes for described Business device;
Service request module, is used in verification process, and transmission contains user identity information B ' and the business of characteristic value O ' is asked It asks to server;
User data update module, when being used to receive the authentication failure message of server end transmission, if user identifier B ' is right When the user data M ' answered is newly-generated, user identifier B ' and corresponding user data M ' is removed;Conversely, need not remove;
Server includes:
Memory module, be used to send terminal by the user identity information B and the characteristic value O is associated is stored in clothes It is engaged in device database;
Authentication module is used to receive the service request, and compares the characteristic value O ' for including in the service request and described Whether corresponding characteristic value is identical in the database by user identity information B ';If they are the same, then the service request is executed and to end Hold return authentication successful information;If it is different, then terminating the service request and to terminal return authentication failure information.
7. a kind of authentication based on biological characteristic as claimed in claim 6, transaction processing system, it is characterised in that:
The user data generation module calculates the mistake of the first data Q to the user identity information B and the high entropy data S Journey includes:
XOR operation, interpolation arithmetic or cascaded operational are carried out to the user identity information B and high entropy data S and obtain second The first data Q is calculated using key schedule to the second data I in data I;The key schedule includes puppet Generating Random Number or one-way Hash algorithm.
8. a kind of authentication based on biological characteristic as claimed in claim 6, transaction processing system, it is characterised in that:
The biological information includes face, iris, fingerprint, sclera, one of refers to vein, vena metacarpea or a variety of.
9. a kind of authentication based on biological characteristic as claimed in claim 6, transaction processing system, it is characterised in that:
The symmetric encipherment algorithm is one of SM4, DES, 3DES, IDEA and AES.
10. a kind of authentication based on biological characteristic as claimed in claim 6, transaction processing system, it is characterised in that: institute Stating preset algorithm includes fuzzy extraction, obscures and promises to undertake, obscures safety cabinet.
CN201810362579.4A 2018-04-20 2018-04-20 Identity authentication and service processing method and system based on biological characteristics Active CN110392030B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810362579.4A CN110392030B (en) 2018-04-20 2018-04-20 Identity authentication and service processing method and system based on biological characteristics

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810362579.4A CN110392030B (en) 2018-04-20 2018-04-20 Identity authentication and service processing method and system based on biological characteristics

Publications (2)

Publication Number Publication Date
CN110392030A true CN110392030A (en) 2019-10-29
CN110392030B CN110392030B (en) 2021-12-14

Family

ID=68284220

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810362579.4A Active CN110392030B (en) 2018-04-20 2018-04-20 Identity authentication and service processing method and system based on biological characteristics

Country Status (1)

Country Link
CN (1) CN110392030B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110807186A (en) * 2019-11-06 2020-02-18 杭州华澜微电子股份有限公司 Method, device, equipment and storage medium for safe storage of storage equipment
CN111355588A (en) * 2020-02-19 2020-06-30 武汉大学 Wearable device double-factor authentication method and system based on PUF and fingerprint characteristics
CN113838238A (en) * 2021-09-26 2021-12-24 北京紫光展锐通信技术有限公司 Service processing method, device and equipment

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101013943A (en) * 2007-02-14 2007-08-08 北京邮电大学 Method for binding/recovering key using fingerprint details
CN101345619A (en) * 2008-08-01 2009-01-14 清华大学深圳研究生院 Electronic data protection method and device based on biological characteristic and mobile cryptographic key
CN101674299A (en) * 2009-10-16 2010-03-17 西安电子科技大学 Method for generating key based on amalgamation of multiple features in encryption area
US20130232542A1 (en) * 2012-03-02 2013-09-05 International Business Machines Corporation System and method to provide server control for access to mobile client data
CN105357194A (en) * 2015-10-28 2016-02-24 广东欧珀移动通信有限公司 Password updating method and password updating system
CN106487517A (en) * 2016-09-30 2017-03-08 北京瑞卓喜投科技发展有限公司 data encryption and decryption method and device
CN106506168A (en) * 2016-12-07 2017-03-15 北京信任度科技有限公司 A kind of safe method based on biological characteristic long-distance identity-certifying
CN107171791A (en) * 2017-05-24 2017-09-15 舒翔 A kind of data encryption/decryption method and encrypting and deciphering system based on biological characteristic
CN107733933A (en) * 2017-11-30 2018-02-23 中国电力科学研究院有限公司 A kind of double factor identity authentication method and system based on biological identification technology

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101013943A (en) * 2007-02-14 2007-08-08 北京邮电大学 Method for binding/recovering key using fingerprint details
CN101345619A (en) * 2008-08-01 2009-01-14 清华大学深圳研究生院 Electronic data protection method and device based on biological characteristic and mobile cryptographic key
CN101674299A (en) * 2009-10-16 2010-03-17 西安电子科技大学 Method for generating key based on amalgamation of multiple features in encryption area
US20130232542A1 (en) * 2012-03-02 2013-09-05 International Business Machines Corporation System and method to provide server control for access to mobile client data
CN105357194A (en) * 2015-10-28 2016-02-24 广东欧珀移动通信有限公司 Password updating method and password updating system
CN106487517A (en) * 2016-09-30 2017-03-08 北京瑞卓喜投科技发展有限公司 data encryption and decryption method and device
CN106506168A (en) * 2016-12-07 2017-03-15 北京信任度科技有限公司 A kind of safe method based on biological characteristic long-distance identity-certifying
CN107171791A (en) * 2017-05-24 2017-09-15 舒翔 A kind of data encryption/decryption method and encrypting and deciphering system based on biological characteristic
CN107733933A (en) * 2017-11-30 2018-02-23 中国电力科学研究院有限公司 A kind of double factor identity authentication method and system based on biological identification technology

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
杨得新等: "基于生物特征和口令放大的远程认证协议", 《计算机工程与应用》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110807186A (en) * 2019-11-06 2020-02-18 杭州华澜微电子股份有限公司 Method, device, equipment and storage medium for safe storage of storage equipment
CN111355588A (en) * 2020-02-19 2020-06-30 武汉大学 Wearable device double-factor authentication method and system based on PUF and fingerprint characteristics
CN111355588B (en) * 2020-02-19 2021-01-15 武汉大学 Wearable device double-factor authentication method and system based on PUF and fingerprint characteristics
CN113838238A (en) * 2021-09-26 2021-12-24 北京紫光展锐通信技术有限公司 Service processing method, device and equipment

Also Published As

Publication number Publication date
CN110392030B (en) 2021-12-14

Similar Documents

Publication Publication Date Title
CN103124269B (en) Based on the Bidirectional identity authentication method of dynamic password and biological characteristic under cloud environment
Gunasinghe et al. PrivBioMTAuth: Privacy preserving biometrics-based and user centric protocol for user authentication from mobile phones
JP5859953B2 (en) Biometric authentication system, communication terminal device, biometric authentication device, and biometric authentication method
US9384338B2 (en) Architectures for privacy protection of biometric templates
WO2017012175A1 (en) Identity authentication method, identity authentication system, terminal and server
CN107919965B (en) Biological characteristic sensitive information outsourcing identity authentication method based on homomorphic encryption
CN110392027A (en) Authentication, method for processing business and system based on biological characteristic
CN101420301A (en) Human face recognizing identity authentication system
US20180247313A1 (en) Fingerprint security element (se) module and payment verification method
US20150113283A1 (en) Protecting credentials against physical capture of a computing device
CN101174953A (en) Identity authentication method based on S/Key system
JP7259868B2 (en) system and client
CN110392030A (en) A kind of authentication based on biological characteristic, method for processing business and system
Sui et al. Biometrics-based authentication: A new approach
CN105450419A (en) Method, device and system
Han et al. An Improved Biometric Based Authentication Scheme with User Anonymity Using Elliptic Curve Cryptosystem.
Radha et al. An evaluation of fingerprint security using noninvertible biohash
CN106936775A (en) A kind of authentication method and system based on fingerprint recognition
JP2006262333A (en) Living body authentication system
CN109961542A (en) A kind of entrance guard device, verifying device, verifying system and its verification method
CN112311794A (en) Bidirectional identity authentication method based on MFA algorithm
CN107888376A (en) NFC Verification Systems based on quantum communication network
CN204347841U (en) A kind of fingerprint identification device
WO2019103677A1 (en) Biometric template handling involving a key carrying device
Chikouche et al. An authentication protocol based on combined RFID-biometric system RFID-biometric system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant