[go: up one dir, main page]

CN103997504B - Authentication system and auth method - Google Patents

Authentication system and auth method Download PDF

Info

Publication number
CN103997504B
CN103997504B CN201410264485.5A CN201410264485A CN103997504B CN 103997504 B CN103997504 B CN 103997504B CN 201410264485 A CN201410264485 A CN 201410264485A CN 103997504 B CN103997504 B CN 103997504B
Authority
CN
China
Prior art keywords
data
biological information
value
binary
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201410264485.5A
Other languages
Chinese (zh)
Other versions
CN103997504A (en
Inventor
谭知微
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Pei Zheng Middle School Macao
Original Assignee
Pei Zheng Middle School Macao
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Pei Zheng Middle School Macao filed Critical Pei Zheng Middle School Macao
Priority to CN201410264485.5A priority Critical patent/CN103997504B/en
Publication of CN103997504A publication Critical patent/CN103997504A/en
Priority to HK15105489.0A priority patent/HK1202025A2/en
Application granted granted Critical
Publication of CN103997504B publication Critical patent/CN103997504B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Collating Specific Patterns (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a kind of authentication system and auth method, and auth method includes biological information acquisition and storing step:Obtain biological information, and the biological information of acquisition is quantized, the biological information of logarithm value is encrypted, and the data decentralized processing after encryption is formed to the data block of more than three, each data block is respectively stored into different storage devices, and each data block does not include the partial data of biological information;Verification step:Obtain the data that multiple storage devices are stored, the data of acquisition are merged, by the data deciphering after merging, the data after the biological information that the data after decryption obtain with identity-validation device is quantized are contrasted, and the authenticity of identity is verified according to comparing result.Authentication system should be verified to identity with the aforedescribed process.The present invention can improve the security of data storage, avoid leaking data from causing complete leakage of personal information.

Description

Identity verification system and identity verification method
Technical Field
The invention relates to the field of identity authentication, in particular to an identity authentication system and a method for authenticating identity by applying the system.
Background
People usually need to perform identity verification when going out or entering the house, such as scanning and identifying fingerprints. The conventional method is that the entry and exit management department obtains the fingerprint information of people in advance, for example, when making the entry and exit certificate, the fingerprint of people is scanned in advance, and the scanned fingerprint image is digitized and stored in the server of the entry and exit management department. When people exit or enter, the fingerprint scanning equipment scans the fingerprint, and the fingerprint scanning equipment acquires the fingerprint image, digitalizes the fingerprint image and compares the fingerprint image with the fingerprint information stored in the exit and entry management department server, thereby verifying the authenticity of the exit and entry personnel.
With the development of network technology and electronic technology, cloud storage technology becomes a commonly applied internet storage technology. To secure data stored on a network, the stored data is usually protected by a password. However, since the password requirements are different on many different systems and platforms, the passwords stored on the different systems are often different, causing difficulties in human memory and management.
Moreover, if data is stored in a single network system, a great risk is posed to the security of the data. For example, data leakage may be caused by external attacks, hacker intrusion or virus intrusion on the network system, data copy and theft may also be caused by data management bugs, and data may be modified accidentally or maliciously, stolen or sold, lost, and the like. In addition, improper use by a data manager, such as one department being able to view data stored on a server in another department at will, leads to leakage of data stored on the network.
Once the fingerprint information of people stored by the entry and exit management department is leaked, the personal information of people is leaked. Moreover, once the fingerprint information of people is utilized by lawless persons, the fingerprint information of people also causes great harm to the society. Therefore, how to guarantee the security of data stored in the internet cloud storage technology, especially the security of data directly related to personal information of people, becomes an important issue of the current internet data storage technology.
Disclosure of Invention
The invention mainly aims to provide an identity authentication system for effectively guaranteeing the data storage security.
Another object of the present invention is to provide an authentication method for personal identification information which is not easy to leak.
In order to achieve the above-mentioned main object, the identity verification system provided by the present invention comprises a biological information obtaining and storing device, which comprises a biological information obtaining module for obtaining biological information and digitizing the obtained biological information, wherein the biological information obtaining and storing device further comprises a distributed processing module for encrypting the digitized biological information and dispersedly processing the encrypted data to form more than three data blocks, each data block is stored in a different storing device, and each data block does not contain complete data of the biological information, the identity verification system further comprises a verification device, which comprises a data obtaining module, a data merging module and a verification module, the data obtaining module is used for obtaining data stored in a plurality of storing devices, the data merging module is used for merging the obtained data and decrypting the merged data, the verification module compares the decrypted data with the data obtained by the identity verification device after the biological information is digitalized, and verifies the authenticity of the identity according to the comparison result.
According to the scheme, after the biological information acquisition and storage device digitizes the biological information such as fingerprint information and the like, a plurality of data blocks are formed in a scattered mode and are stored in different storage devices respectively, and each data block does not contain complete biological information. Therefore, even if a certain storage device is attacked to cause data leakage, the complete biological information leakage can not be caused, the safety of data storage is ensured, and the personal information safety of people is guaranteed.
The distributed processing module is used for processing the encrypted data in a distributed mode to form a plurality of data blocks, selecting a unitary quadratic function and a key pair, converting binary values of the encrypted data into a plurality of matrixes which are not less than the number of storage devices, and taking a value of one column of each matrix as a value of the unitary quadratic function with the key pair and the binary values as parameters and taking each matrix as one data block.
Therefore, the distributed processing module does not simply divide the data into a plurality of data blocks, but converts the data into a plurality of matrixes, and the content of each matrix cannot reflect the condition of the original data, so that the distributed processing of the distributed processing module is more beneficial to improving the safety of the data.
The further scheme is that when the data merging module merges data, the initial value of the matrix obtained by the data acquisition module is set, the intercept of the unary quadratic function corresponding to each matrix is calculated, and the binary value corresponding to the intercept is found out according to the lookup table of the key pair.
Therefore, the original data can be quickly and effectively merged through the operation of the data merging module, and the authentication time is short.
The verification device is further provided with a data recovery module, and when the data merging module merges errors in the data, the data after the biological information encryption is generated according to the data stored in the at least three storage devices, and the data are subjected to decentralized processing.
Therefore, once the data stored in a certain storage device is modified, the original data can be recovered through the data recovery module, so that the data loss is avoided, and the safety of data storage is greatly improved.
In order to achieve the above another object, the present invention provides an authentication method comprising the steps of: acquiring biological information, digitizing the acquired biological information, encrypting the digitized biological information, performing distributed processing on the encrypted data to form more than three data blocks, and respectively storing each data block into different storage devices, wherein each data block does not contain complete data of the biological information; a verification step: the method comprises the steps of acquiring data stored by a plurality of storage devices, merging the acquired data, decrypting the merged data, comparing the decrypted data with data obtained by identity verification equipment after biological information is digitalized, and verifying the authenticity of identity according to the comparison result.
According to the scheme, each digitalized data is not stored in a single storage device, but is respectively stored in a plurality of storage devices after being dispersed, so that the problem that the complete data is leaked due to the fact that a certain storage device is attacked can be effectively avoided, and the safety of data storage is improved. In addition, since the complete biological information of the individual is not easy to leak, the individual information can be effectively protected, and the risk of leaking the individual information is reduced.
Drawings
Fig. 1 is a block diagram of the configuration of the authentication system of the present invention.
Fig. 2 is a flow chart of the steps of acquiring and storing the biometric information in the authentication method of the present invention.
Fig. 3 is a flow chart of the authentication steps in the identity authentication method of the present invention.
The invention is further explained with reference to the drawings and the embodiments.
Detailed Description
The identity verification system is used for the entry and exit management department to verify the identity of the entry and exit personnel, and the identity verification method mainly adopts the identity verification system to verify the identity of the entry and exit personnel. Of course, the authentication system can also be applied to other occasions requiring authentication, such as a vault of a bank, an office of a government security department, a meeting place allowing only members to enter, and the like.
The identity verification system of the invention needs to acquire biological information of people, including fingerprint information or iris information, the fingerprint information can be acquired by a fingerprint scanner, the iris information can be acquired by an iris scanner, the fingerprint scanner and the iris scanner are common prior art, and the invention is not elaborated in detail.
Referring to fig. 1, the identity verification system of the present invention has a fingerprint information acquisition and storage device 10 and a verification device 15, the fingerprint information acquisition and storage device 10 has a fingerprint information acquisition module 11 and a distributed processing module 12, and the verification device 15 has a data acquisition module 16, a data merging module 17, a data recovery module 18 and a verification module 19.
The fingerprint information acquiring module 11 may acquire a fingerprint image generated by a fingerprint scanner, digitize the fingerprint image, that is, convert the image into digital data, and extract feature information of the fingerprint. The distributed processing module 12 is configured to perform distributed processing on the acquired data to form more than three data blocks, where each data block does not contain complete fingerprint information, that is, any data block that is acquired cannot generate complete fingerprint information. Meanwhile, the distributed processing module 12 stores the plurality of data blocks in different storage devices, respectively.
As shown in fig. 1, the distributed processing module 12 stores a plurality of data blocks in at least three storage devices 21, 22, and 23, respectively, preferably, the storage devices 21, 22, and 23 are memories disposed at three different places, and the storage devices 21, 22, and 23 apply different data security processing technologies to secure data, so as to prevent the storage devices 21, 22, and 23 from being attacked at the same time. For example, the three parts of data are respectively stored on a storage chip of the identity card of the person, a server of the entry and exit management department and a server of the public security department.
Certainly, the encrypted data may be dispersed to form more data blocks, for example, five data blocks, three of the data blocks are respectively stored in the storage chip of the identification card of the person, the server of the entry and exit management department and the server of the public security department, the other two data blocks are used as spare data blocks for data recovery, the spare data blocks may be stored in a special server of the entry and exit management department, and the server may be accessed only under specific conditions.
The data acquisition module 16 of the authentication device 15 is used to acquire data from a plurality of different storage devices 21, 22, 23, such as read data stored in an identification card memory chip from an identification card reader.
The data merging module 17 is configured to merge the acquired data, where the merged data is data obtained by digitizing biological information. Of course, once the data stored in any storage device is modified and the data merge is faulty, the data recovery module 18 performs data recovery using the data stored in at least three storage devices, and stores the recovered data in a plurality of storage devices respectively.
The verification module 19 receives data from the fingerprint information acquisition device 20, and the fingerprint information acquisition device 20 is a fingerprint scanner, scans a fingerprint image of a person, digitizes the fingerprint image, and extracts fingerprint characteristic information. Meanwhile, the verification module 19 compares the data obtained from the fingerprint information acquisition device 20 with the data obtained from the data merging module 17, and if the comparison result is that the two data are the same, the authentication is successful, otherwise, the authentication is failed.
Next, the operation of the fingerprint information acquisition and storage device 10 will be described with reference to fig. 2. First, the fingerprint information obtaining module 11 obtains fingerprint information, that is, the fingerprint scanner scans a fingerprint image of a person in step S1, and then the fingerprint information obtaining module performs step S2 to digitize the fingerprint image and extract fingerprint feature information. Next, step S3 is executed to encrypt the obtained data. The invention can adopt an iteration replacement encryption method or a digital replacement encryption method to realize encryption, and can also be realized by combining the two encryption methods.
The iterative permutation encryption method is digital iteration realized by applying Ruffini's theorem. The data theory of the iterative encryption method is presented below. Assuming that σ is a function from the set {1, 2, 3.., M } to itself, σ is called a permutation on this set. If σ is a one-to-one function, i.e. for any j1,j2∈ {1, 2, 3.., M }, if σ (j)1)=σ(j2) Constant has j1=j2. This application defines SMIs the sum of all permutations on {1, 2, …, M }.
The total number of permutations on the set {1, 2, 3.., M } is M | provided that M is 10, there are 3628800 permutations on the set {1, 2, 3.., 10 }. provided that σ ∈ S is assumedMJ ∈ {1, 2, 3.., M }, setting σ0(j)=j,σk+1(j)=σ(σk(j) Where k is 0, 1,2, …, there is a minimum positive integer kminSo that k isminM is less than or equal to M anddefinition of k in this applicationminAn iteration period of permutation σ for integer j, and is denoted as Tj
According to the above theory, Ruffini' S theorem is as follows, known as σ ∈ SMAnd set TσIs the smallest positive integer such that σ is satisfied for all j ═ 1,2, …, MT(j) J, then TσIs to arrange sigma over all iteration periods T1,T2,…,TMIs least common multiple of, and TσCalled the order of the permutation sigma.
Let σ ∈ SMAnd j is1=1,Let j2Is less than or equal to M and is not at A1Is the smallest positive integer ofAnd j is3Is smallIs equal to or more than M and is not at A1And A2Is the smallest positive integer ofThis is done until the finite steps are stopped.
If it can continue indefinitely and AiIs not less than 1, which is not possible because 1,2, …, M is a finite set. Thus, a limited set of sequences A is available1,A2,…,Ar. Set AiThe number of elements isThenAnd TσIs also thatThe least common multiple of. The present application defines the mode of permutation σ as
For example, suppose S10If the iteration cycles of the pattern are arranged from large to small without loss of generality, T is satisfied again on the set {1, 2, …, 10}, and1the possible modes of ≧ 5 are
(10)
(9)(1)
(8)(2),(8)(1)(1)
(7)(3),(7)(2)(1),(7)(1)(1)(1)
(6)(4),(6)(3)(1),(6)(2)(2),(6)(2)(1)(1),(6)(1)(1)(1)(1)
(5)(5),(5)(4)(1),(5)(3)(2),(5)(3)(1)(1),(5)(2)(2)(1),(5)(2)(1)(1)(1),(5)(1)(1)(1)(1)(1)
It can be seen that the maximum value of the least common multiple corresponding to the above modes is 5 × 3 × 2 ═ 30, which is given by modes (5), (3), (2)1If < 5, the possible values of each iteration cycle are 1,2, 3 and 4, so the corresponding least common multiple is less than the least common multiple of 3 and 4, namely 12. Thus at S10In the arrangement in the pattern of (5), (3) and (2), the order is the largest and equal to 30. For example
j 1 2 3 4 5 6 7 8 9 10
σ(j) 2 3 4 5 1 7 8 6 10 9
The order T of σ is arrangedσ30. The pattern of σ is denoted as (12345) (678) (910).
The binary data after the fingerprint information is digitalized is regarded as a binary character string, and the numerical values of the binary character string are arranged and combined by applying the mode, so that the sequence of each character of the character string can be changed, and the data can be encrypted.
The number substitution encryption method is an encryption method in which letters or characters are rearranged. For example, the input of the desired letter is realized by using typewriter coding, i.e. the desired letter is not required to be typed in, but rather a key corresponding to the letter is input. For example, the letter to be input is "I love you", and only "8 o9f 3697" needs to be input through numerical permutation. The digital substitution encryption method is realized by substituting other characters in original data by specific characters.
Certainly, in practical application, more encryption methods can be provided, and the existing common encryption methods can all realize the encryption of the digitized fingerprint information.
Then, the distributed processing module 12 executes step S4 to perform distributed processing on the encrypted data, that is, to convert the data into a plurality of data blocks not less than the number of required storage devices. For example, if the number of the storage devices is three, the number of the formed data blocks is not less than three, and if the number of the storage devices is five, the number of the formed data blocks is not less than five.
The mathematical theoretical basis for the decentralized processing of data is presented below.
Suppose (x)0,y0),(x1,y1) And (x)2,y2) Three points on the real domain and satisfying x0,x1And x2Is different for a quadratic function f (x) a0+a1(x-x0)+a2(x-x0)(x-x1) If the following conditions are satisfied: a is0,a1And a2Is an unknown constant, and
f(x0)=a0
f(x1)=a0+a1(x1-x0)
f(x2)=a0+a1(x2-x0)+a2(x2-x0)(x2-x1)
using an alternative solution, it can be calculated
Thus, a Newton polynomial can be obtained
When x is equal to 0, then
It can be seen that f (0) is the intercept of the quadratic function f.
Setting a real number m1And m2And satisfies 1 < m1<m2The present application defines the ordinal pair (m)1,m2) Is a key pair (key pair),αβ is defined as a bit pair, if α and β take on the value of 0 or 1, then for any bit pair αβ, a quadratic function f is definedαβIs composed of
For variable x in real domain, the following table can be obtained:
α β fαβ(x) fαβ(0)
0 0 f00(x)=(x-1)(x-1) f00(0)=1
1 0 f10(x)=(x-m1)(x-1) f10(0)=m1
0 1 f01(x)=(x-1)(x-m2) f01(0)=m2
1 1 f11(x)=(x-m1)(x-m2) f11(0)=m1m2
due to 1, m1,m2And m1m2Are different from each other, therefore, the pairs αβ and fαβ(0) I.e. function fαβIs in a one-to-one correspondence. The present application thus defines a correlation key pair (m)1,m2) The Look-up table (Look up table) of (1) is as follows:
α β fαβ(0)
0 0 1
1 0 m1
0 1 m2
1 1 m1m2
wherein,
for example, set m1=2,m2If 3, the lookup table of the key pair (2, 3) is
α β fαβ(0)
0 0 1
1 0 2
0 1 3
1 1 6
And fαβ(x)=(x-2α)(x-3β)。
The following describes the process of converting a binary string using the above-described mathematical theory.
Let N be a positive integer, s be a binary string of length 2N, if s is α1β1α2β2…αNβNAnd αkAnd βkIs 0 or 1.
Presetting a key pair (m)1,m2) And set c1,c2,…,cMM distinct real numbers, and M > 3 in the present application, M is the number of data blocks into which the data is divided, M is at least 3 and M is a positive integer due to data merging and data recovery requirements, and for a 2N length binary string s is α1β1α2β2…αNβNS is relative to the key pair (m)1,m2) And the sequence of integers M is a sequence C consisting of M N × 2 matrices1,C2,…,CMAnd satisfy
And j is 1,2, …, M, and
for example, let (m)1,m2)=(2,3),M=5,cjJ (j is 1,2, 3, 4, 5) if the binary string s is α1β1α2β2α3β3α4β400101101, then the j-th data block C of sjIs a 4 × 2 matrix, which is as follows:
wherein j is 1,2, 3, 4, 5. Thus, five matrices can be calculated as follows:
where the second matrix exhibits a unique negative value, the quadratic function may be modified for computational convenience, e.g. by
Then C isjEach is a positive integer.
Assuming that binary data obtained by digitizing fingerprint information is regarded as a binary string s, the binary string with a length of 2N can be converted into M matrices by the above method, and each matrix is a data block obtained by dispersion. When converting a binary string into a plurality of data blocks, each value and key pair of the binary string is actually used as a parameter of a unitary quadratic function to calculate a column of the matrix.
Finally, the distributed processing module 12 executes step S5 to store the plurality of matrices in the plurality of storage devices, respectively.
The operation of the authentication device is described below with reference to fig. 3. First, the verification module 19 acquires data of the fingerprint information acquisition device 20, that is, executes step S11, the fingerprint scanner scans the fingerprint to acquire a fingerprint image, and executes step S12, the fingerprint image is digitized to extract feature information of the fingerprint.
Meanwhile, the data obtaining module 16 performs the step S13 to obtain data from at least three storage devices, and the data merging module 17 performs the step S14 to merge the obtained data. The specific process of data merging is described below.
First, a key pair (m) used for data distribution is acquired1,m2) And a corresponding unary twoSubfunction, assuming any three different data blocks of a binary string sAndas follows
Setting collection matrix (collector matrix)Where the kth row (row) of the collection matrix K is denoted as KkThen there is
Setting k to 1 and a character string s of length 2NR=s1s2s3s4…s2N-1s2NEach term is 0, read the K row of the collection matrix KFor the formation of a structural formula consisting ofkRead out three phase outliersAndit can be calculated that:
thus, a quadratic function f through three distinct points can be calculatedkThe intercept of the light beam.
Then, according to the key pair (m)1,m2) The lookup table of the above step is searched for the character pair αβ corresponding to the intercept calculated in the above step, and then s is set2k-1α and s2kThe calculation is repeated until k equals N, and the character string s is outputR. If the character string is not calculated, k is made k +1 and the calculation is continued.
For example, the key pair of the character string is (2, 3), cjJ, j is 1,2, 3, 4, 5, i.e. there are 5 data blocks. Suppose that three of the data blocks are acquired as follows:
the collection matrix K is then as follows:
the initial value of the set string is s, i.e. each character of the set string is 0R=s1s2s3s4s5s6s7s8When it is 00000000, then K is1=[1 0 3 4 4 9]. At this time, (c) can be obtained1,f1(c1))=(1,0),(c3,f1(c3) Is (3, 4) and (c)4,f1(c4) Two phase (4, 9) three phase difference point. Calculate f1Has an intercept of
The lookup table for the lookup key pair (2, 3) is as follows:
α β f(0)
0 0 1
1 0 2
0 1 3
1 1 6
and (x-2) according to the function f (x)α)(x-3β) Can obtain f1(x)=(x-20)(x-30). Thus, s can be calculated1=0,s20. Then, let k be k +1, repeat the above process until k > 4. Thus, s can be calculated3=1,s4=0,s5=1,s6=1,s7=0,s81. Finally, the character string s is calculatedR00101101, namely, the merging and recovery of data are realized.
If the data of each data block is not modified, it can be calculated that the intercepts corresponding to the collection matrix can find the corresponding numerical values in the lookup table, that is, the value of each character in the character string S is 0 or 1. Once a certain data block is modified, the intercept corresponding to the collection matrix cannot find the corresponding numerical value in the lookup table, that is, the value of each character in the character string cannot be calculated, and the data merging fails.
Therefore, in step S15, the data merging module may determine whether the data merging is erroneous, if there is no error, it indicates that the data block is not modified, then step S16 is performed to decrypt the merged data, where the decryption process is the reverse process of the encryption process, so as to obtain the decrypted data.
If the fingerprint information acquisition and storage device 10 encrypts the data using the iterative encryption method, the generated pattern of permutation and combination is applied to reverse the permutation and combination manner of the original data, thereby decrypting the data. If the digital encryption method is used for encryption, the opposite replacement is carried out according to the replacement corresponding relation of the characters, and then the decryption can be realized.
In step S15, if it is determined that the data merging fails, indicating that the data of at least one data block is modified, step S17 is performed to recover the data. According to the data merging process, all data blocks are not required to be acquired for data merging, and only three data blocks are required for data merging. The data restoring step calculates original data by using the three data blocks stored in the other storage devices, and performs the dispersion processing on the data as in step S4, thereby obtaining data blocks stored in each storage device, and storing the restored data blocks in the corresponding storage devices, respectively.
If the data merging is successful, step S18 is executed, the verification module 19 determines whether the data merged by the data merging module 17 is the same as the data acquired by the fingerprint information acquisition device 20, if the two data are consistent, step S19 is executed to output the information that the identity verification is passed, otherwise, step S20 is executed to output the information that the identity verification fails.
According to the method, the data of the fingerprint information of people is not singly stored on one storage device, even if one storage device is attacked to cause data leakage, the fingerprint information of people is not leaked, and the safety of the data is greatly improved. In addition, even if the data stored in one storage device is modified, the data can be quickly recovered through the data stored in other storage devices, and the safety of the data can be further improved.
Certainly, the above embodiments are only preferred embodiments of the present invention, and in practical applications, there may be more changes, for example, the encryption and decryption methods of data may be the existing common encryption and decryption methods; alternatively, the number of data blocks to be formed in a distributed manner may be increased or decreased depending on the actual situation, and such a change may also achieve the object of the present invention.
Finally, it should be emphasized that the present invention is not limited to the above embodiments, and variations such as changes of the selected unary quadratic function, changes of the pair of selection keys, etc. should also be included in the protection scope of the claims of the present invention.

Claims (6)

1. An identity verification system comprising:
the biological information acquisition and storage device comprises a biological information acquisition module, a biological information storage module and a biological information acquisition module, wherein the biological information acquisition module is used for acquiring biological information and digitizing the acquired biological information;
the method is characterized in that:
the biological information acquisition and storage device also comprises a decentralized processing module which is used for encrypting the digitized biological information and decentralized processing the encrypted data to form more than three data blocks, and each data block is respectively stored in different storage devices and does not contain complete data of the biological information;
the identity verification system also has a verification device, and the verification device has
The data acquisition module is used for acquiring data stored by the plurality of storage devices;
the data merging module is used for merging the obtained data and decrypting the merged data;
the verification module compares the decrypted data with the data obtained by digitizing the biological information and obtained by the biological information acquisition module, and verifies the authenticity of the identity according to the comparison result;
when the decentralized processing module dispersedly processes the encrypted data to form a plurality of data blocks, a unitary quadratic function and a key pair (m) are selected1,m2) Using the binary value of the encrypted data as a binary string s, wherein two adjacent characters in the binary string form a bit pair αβ, the length of the string s is set to be 2N, and s is α1β1α2β2…αNβNAnd the unary quadratic function isAnd converts the binary values into a plurality of matrices of not less than the number of the memory devices,
a plurality of matrices are
Wherein j is 1,2, …, M, andm is the number of the data blocks, and k is a natural number with the values of 1,2 and 3 … N;
when values of α and β are (α -0, β -0), (α -0, β -1), (α -1, β -0), and (α -1, β -1), respectively, f is calculatedαβ(0) And using the value of α, the value of β, and fαβ(0)The values of (a) form a lookup table;
the value of a column of each matrix is the value of the unary quadratic function taking the key pair and the binary value as parameters, and each matrix is taken as one data block;
the verification device is also provided with a data recovery module, and when the data merging module merges data and generates errors, the data after the encryption of the biological information is generated according to the data stored in the other three storage devices, and the data is subjected to decentralized processing.
2. The identity verification system of claim 1, wherein:
when the data merging module merges data, the matrixes of any three data blocks are obtained and merged to form a collection matrix, a row of data of the collection matrix is selected as a character string, an initial value of the character string is set, the intercept of the unary quadratic function corresponding to the character string is calculated, a binary number corresponding to the intercept is found out according to the lookup table, the found binary number is used as values of a bit pair alpha and beta, the unary quadratic function is substituted according to the values of the alpha and the beta, and the merged character string is obtained through repeated calculation.
3. The identity verification system according to claim 1 or 2, wherein:
the distributed processing module encrypts the biological information by using an iterative replacement encryption method and/or a digital replacement encryption method.
4. An identity authentication method comprising
Biological information acquisition and storage: acquiring biological information and digitizing the acquired biological information;
the method is characterized in that:
encrypting the digitized biological information, performing distributed processing on the encrypted data to form more than three data blocks, and respectively storing each data block into different storage devices, wherein each data block does not contain complete data of the biological information;
a verification step: acquiring data stored by a plurality of storage devices, merging the acquired data, decrypting the merged data, comparing the decrypted data with the data obtained by digitizing the biological information acquired by the biological information acquisition module, and verifying the authenticity of the identity according to the comparison result;
in the biological information acquiring and storing step, the step of forming a plurality of data blocks by dispersedly processing the encrypted data is: selecting a unary-quadratic function and a key pair (m)1,m2) Using the binary value of the encrypted data as a binary string s, wherein two adjacent characters in the binary string form a bit pair αβ, the length of the string s is set to be 2N, and s is α1β1α2β2…αNβNAnd the unary quadratic function isAnd converts the binary values into a plurality of matrices of not less than the number of the memory devices,
a plurality of matrices are
Wherein j is 1,2, …, M, andm is the number of the data blocks, and k is a natural number with the values of 1,2 and 3 … N;
when values of α and β are (α -0, β -0), (α -0, β -1), (α -1, β -0), and (α -1, β -1), respectively, f is calculatedαβ(0) And using the value of α, the value of β, and fαβ(0) The values of (a) form a lookup table;
the value of a column of each matrix is the value of the unary quadratic function taking the key pair and the binary value as parameters, and each matrix is taken as one data block;
and the verification step is also provided with a data recovery step, after data combination is wrong, the data after the biological information encryption is generated according to the data stored in other three storage devices, and the data after the biological information encryption is subjected to decentralized processing.
5. The identity verification method of claim 4, wherein:
in the verifying step, the step of merging the data includes: acquiring matrixes of any three data blocks, merging the matrixes to form a collection matrix, selecting a row of data of the collection matrix as a character string, setting an initial value of the character string, calculating an intercept of the unary quadratic function corresponding to the character string, finding out a binary number value corresponding to the intercept according to the lookup table, taking the found binary number value as values of a bit pair alpha and beta, substituting the unary quadratic function according to the values of the alpha and the beta, and repeatedly calculating to obtain the merged character string.
6. An authentication method according to claim 4 or 5, characterized in that:
and in the step of dispersedly processing the encrypted data to form more than three data blocks, the dispersedly processing is carried out by applying an iterative permutation encryption method and/or a digital permutation encryption method.
CN201410264485.5A 2014-06-13 2014-06-13 Authentication system and auth method Expired - Fee Related CN103997504B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201410264485.5A CN103997504B (en) 2014-06-13 2014-06-13 Authentication system and auth method
HK15105489.0A HK1202025A2 (en) 2014-06-13 2015-06-09 System and method for user authentication

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410264485.5A CN103997504B (en) 2014-06-13 2014-06-13 Authentication system and auth method

Publications (2)

Publication Number Publication Date
CN103997504A CN103997504A (en) 2014-08-20
CN103997504B true CN103997504B (en) 2017-11-10

Family

ID=51311510

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410264485.5A Expired - Fee Related CN103997504B (en) 2014-06-13 2014-06-13 Authentication system and auth method

Country Status (2)

Country Link
CN (1) CN103997504B (en)
HK (1) HK1202025A2 (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105763504A (en) * 2014-12-15 2016-07-13 中兴通讯股份有限公司 Method and device for realizing identity authentication
CN105260636A (en) * 2015-09-17 2016-01-20 宇龙计算机通信科技(深圳)有限公司 Information storage method, information storage device, and terminal
CN105260672A (en) * 2015-09-18 2016-01-20 宇龙计算机通信科技(深圳)有限公司 Bio-information storage method, bio-information storage apparatus and terminal
CN105516763B (en) * 2015-12-09 2019-05-31 深圳市纽格力科技有限公司 Encipher-decipher method, device and the digital program system of certificate granting card identification information
WO2017128044A1 (en) * 2016-01-26 2017-08-03 华为技术有限公司 User identity authentication method and server
CN107612683B (en) * 2017-09-30 2020-10-27 上海众人网络安全技术有限公司 An encryption and decryption method, apparatus, system, device and storage medium

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1485770A (en) * 2002-09-26 2004-03-31 关玉英 Status recognition community service system
JP2005006824A (en) * 2003-06-18 2005-01-13 Seiko Instruments Inc Individual authentication device
JP2005115800A (en) * 2003-10-10 2005-04-28 Oki Electric Ind Co Ltd Personal authentication method and its system
CN1952985A (en) * 2005-10-19 2007-04-25 日立欧姆龙金融系统有限公司 IC card authentication system
CN101256628A (en) * 2007-03-02 2008-09-03 富士通株式会社 Biometric authentication method and biometric authentication device
CN101330386A (en) * 2008-05-19 2008-12-24 刘洪利 Authentication system based on biological characteristics and identification authentication method thereof
CN100522058C (en) * 2005-10-27 2009-08-05 富士通株式会社 Biological feature authentication system and method
CN101755270A (en) * 2007-07-11 2010-06-23 富士通株式会社 User authentication device, user authentication method, and user authentication program
CN101815063A (en) * 2009-12-04 2010-08-25 强敏 File security management system applied to network and management method thereof
CN101960774A (en) * 2008-02-29 2011-01-26 罗伯特·尼格尔 System for controlled data exchange between at least two data carriers using mobile read-write memory
CN102349263A (en) * 2009-03-30 2012-02-08 松下电器产业株式会社 Healthcare system
CN102413148A (en) * 2012-01-03 2012-04-11 西安电子科技大学 Biometric Remote Authentication Method Based on Visual Password
CN103067460A (en) * 2012-12-14 2013-04-24 厦门天聪智能软件有限公司 Corrective biology identification long distance identity checking method towards judicial community
US8565494B2 (en) * 2009-06-17 2013-10-22 Fujitsu Limited Biometric authentication device, biometric authentication method, and computer program for biometric authentication

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1485770A (en) * 2002-09-26 2004-03-31 关玉英 Status recognition community service system
JP2005006824A (en) * 2003-06-18 2005-01-13 Seiko Instruments Inc Individual authentication device
JP2005115800A (en) * 2003-10-10 2005-04-28 Oki Electric Ind Co Ltd Personal authentication method and its system
CN1952985A (en) * 2005-10-19 2007-04-25 日立欧姆龙金融系统有限公司 IC card authentication system
CN100522058C (en) * 2005-10-27 2009-08-05 富士通株式会社 Biological feature authentication system and method
CN101256628A (en) * 2007-03-02 2008-09-03 富士通株式会社 Biometric authentication method and biometric authentication device
CN101755270A (en) * 2007-07-11 2010-06-23 富士通株式会社 User authentication device, user authentication method, and user authentication program
CN101960774A (en) * 2008-02-29 2011-01-26 罗伯特·尼格尔 System for controlled data exchange between at least two data carriers using mobile read-write memory
CN101330386A (en) * 2008-05-19 2008-12-24 刘洪利 Authentication system based on biological characteristics and identification authentication method thereof
CN102349263A (en) * 2009-03-30 2012-02-08 松下电器产业株式会社 Healthcare system
US8565494B2 (en) * 2009-06-17 2013-10-22 Fujitsu Limited Biometric authentication device, biometric authentication method, and computer program for biometric authentication
CN101815063A (en) * 2009-12-04 2010-08-25 强敏 File security management system applied to network and management method thereof
CN102413148A (en) * 2012-01-03 2012-04-11 西安电子科技大学 Biometric Remote Authentication Method Based on Visual Password
CN103067460A (en) * 2012-12-14 2013-04-24 厦门天聪智能软件有限公司 Corrective biology identification long distance identity checking method towards judicial community

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Visual Cryptography for Biometric Privacy;Arun Ross;《IEEE Transactions on Information Forensics and Security》;20110331;第6卷(第1期);全文 *
Visual Cryptography for General Access Structure;G Ateniese;《Information & Computer》;19961231;第129卷(第2期);全文 *

Also Published As

Publication number Publication date
HK1202025A2 (en) 2015-09-11
CN103997504A (en) 2014-08-20

Similar Documents

Publication Publication Date Title
CN102215223B (en) Fuzzy strong box remote identity authentication method based on face feature
Lee et al. Biometric key binding: Fuzzy vault based on iris images
CN103997504B (en) Authentication system and auth method
Leng et al. Dual-key-binding cancelable palmprint cryptosystem for palmprint protection and information security
Chen et al. Biometric based cryptographic key generation from faces
RU2263407C2 (en) Data protection method
US11101991B2 (en) Practical reusable fuzzy extractor based on the learning-with-error assumption and random oracle
Barman et al. Fingerprint-based crypto-biometric system for network security
US20170078091A1 (en) One-Time Passcodes with Asymmetric Keys
US8495379B2 (en) Method and system for managing a hierarchy of passwords
WO2008010773A1 (en) Method for generating cryptographic key from biometric data
Chavan et al. Signature based authentication using contrast enhanced hierarchical visual cryptography
Riaz et al. Biometric template security: an overview
CN114065169A (en) Privacy protection biometric authentication method and device and electronic equipment
Kaur et al. Cryptographic key generation from multimodal template using fuzzy extractor
Loukhaoukha et al. An efficient image encryption algorithm based on blocks permutation and Rubik's cube principle for iris images
Hong et al. The vulnerabilities analysis of fuzzy vault using password
US11601291B2 (en) Authentication method and device for matrix pattern authentication
US12417273B2 (en) Management system and method for user authentication on password based systems
Ziauddin et al. Robust iris verification for key management
Sreelaja et al. An image edge based approach for image password encryption
Alarcon-Aquino et al. Biometric Cryptosystem based on Keystroke Dynamics and K-medoids
Bhase et al. An access control system using visual cryptography and steganography
Xi et al. FE-SViT: A SViT-based fuzzy extractor framework
CN116561788B (en) Electronic identity code encryption, decoding and key management system and method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20171110

Termination date: 20200613

CF01 Termination of patent right due to non-payment of annual fee