[go: up one dir, main page]

CN114168918A - Face information protection and bidirectional authentication system based on PUF - Google Patents

Face information protection and bidirectional authentication system based on PUF Download PDF

Info

Publication number
CN114168918A
CN114168918A CN202111428444.1A CN202111428444A CN114168918A CN 114168918 A CN114168918 A CN 114168918A CN 202111428444 A CN202111428444 A CN 202111428444A CN 114168918 A CN114168918 A CN 114168918A
Authority
CN
China
Prior art keywords
puf
face
template
revocable
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111428444.1A
Other languages
Chinese (zh)
Inventor
李冰
马茜雅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Institute Of Southeast University
Original Assignee
Shenzhen Institute Of Southeast University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Institute Of Southeast University filed Critical Shenzhen Institute Of Southeast University
Priority to CN202111428444.1A priority Critical patent/CN114168918A/en
Publication of CN114168918A publication Critical patent/CN114168918A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • G06F21/445Program or device authentication by mutual authentication, e.g. between devices or programs

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Collating Specific Patterns (AREA)

Abstract

The invention discloses a face information protection and bidirectional authentication system based on PUF, which comprises a revocable face template generation stage, a registration stage, a client verification stage and a server verification stage; the revocable face template generation stage comprises a feature extraction module and a random replacement module; the registration phase comprises an auxiliary information generation module; the client verification stage comprises an error correction code module and a Hash verification module; the server side verification stage comprises a template restoration module and a template matching module; the invention can revoke the combination of the biological template and the PUF, can realize the bidirectional identity authentication between the terminal equipment and the terminal user, and can resist the leakage of face information.

Description

Face information protection and bidirectional authentication system based on PUF
Technical Field
The invention relates to a face information protection and bidirectional authentication system based on PUF (physical unclonable function), which is used for realizing bidirectional identity verification between terminal equipment and a terminal user and belongs to the field of identity authentication based on biological characteristics.
Background
With the progress of society and the development of information technology, people pay more and more attention to the problem of information security, and the identity authentication of legal users is of great importance in various fields. In a conventional identity authentication system, physical objects such as keys, certificates, smart cards, etc. are used for identity authentication, and these entities are at risk of being lost or stolen. The cryptography technology provides powerful guarantee for information security, and the secret key is widely applied to various authentication systems: if the secret key is very short, the safety of the identity authentication mechanism is very weak, and guessing attack and brute force attack are easy to happen; if the key is long, it is difficult for the user to remember it accurately. Biometric identification technology is also increasingly widely applied to identity authentication systems in various fields, and is used as the physical identity of a user in the fields of internet of things, block chains, cloud computing and the like. In recent years, privacy and security of biometric data have received increasing attention. The biometric data is permanently associated with the identity of the user, and once stolen, sensitive information is leaked, and the biometric information of the user cannot be revoked, so that irreversible serious loss is caused. The method has the advantages that the revocable biological template is provided, original biological information is protected, the original biological information is combined with random numbers, and revocable and irreversibility are achieved through certain guard transformation. These random numbers still need to be stored in the physical device and there is also a risk of theft and loss.
Each person's biometric information is unique, and a PUF is a physical "fingerprint" that is unique to the device. Each transistor in an integrated circuit may produce a measurable output difference due to process variations in deep sub-micron manufacturing processes, which physical difference is unclonable and unpredictable to replicate. Only one response output exists at one excitation input, so that the PUF can assist the storage of secret data, and the protection data is not directly stored in a nonvolatile memory (NVM), so that the traditional physical attack is resisted, and the information leakage is avoided.
Disclosure of Invention
The invention aims to solve the technical problem of providing a face information protection and bidirectional authentication system based on PUF, which generates random number seeds through a PUF of user equipment to generate a revocable face biological template without storing random numbers to avoid the attack of an attacker on face information. Meanwhile, the uniqueness of the PUF as a physical fingerprint is utilized to complete the verification of the client to the server. In addition, the PUF at the server side is utilized to assist in protecting the storage of the revocable biological template of the user, so that the leakage of information is avoided, and the original biological information of the user is further protected.
In order to solve the technical problems, the face information protection and bidirectional authentication system based on the PUF comprises a revocable face template generation stage, an enrollment stage, a client verification stage and a server verification stage.
The revocable face template generation stage comprises a feature extraction module and a random replacement module, wherein the feature extraction module is used for extracting the features of the collected face image and extracting the features into 512-bit binary codes, in order to improve the performance of feature extraction in the aspects of ambient illumination change, face direction change, face shielding and the like, the feature extraction module extracts feature vectors from the face image by using a FaceNet-based depth CNN model, generates face vectors through L2 normalization and finally extracts the face vectors into 512-dimensional feature vectors. The random replacement module is used for generating a random number for performing replacement operation on the original biological template, and generating the revocable face template by taking the PUF response as a random number seed. In order to protect the random number of the revocable biometric template from being stolen, the random replacement module takes the PUF response as a generation seed for replacing the random number according to the CRPs of the PUF in the client, and only the PUF stimulus is stored in the client database. Generating a random number by taking the PUF response as a seed of a random number generator, and finishing the replacement operation of the original biological template to generate a revocable biological template; the user only keeps PUF excitation locally, so that the risk that random numbers are stolen is avoided, and an attacker cannot reverse the original biological template; at the same time, the revocable of the biological template can be completed by replacing CRP of PUF.
The registration stage comprises an auxiliary information generation module, and the auxiliary information generation module is used for generating auxiliary information which is required by the verification stage and can restore the revocable face template in the registration stage, so that the hiding of the face information storage stage is realized, and information leakage is resisted.
The client verification stage comprises an error correction code module and a hash verification module, wherein the error correction code module is used for removing noise in PUF response and realizing stable generation of 512-bit PUF response; in order to correct the influence on the PUF response caused by noise and the like, the error correction code module adopts a double-layer error correction technology combining a Hadamard code and a Reed-Solomon code to correct the influence on the PUF response caused by the noise, so that the generation of the revocable template is completed when the user verifies. The Hash verification module is used for verifying the authenticity of the server by the user and realizing the identity verification of the server by the user. The hash verification module adopts an MD5 message digest algorithm.
The server side verification stage comprises a template restoring module and a template matching module, wherein the template restoring module is used for restoring the revocable biological characteristics of the server side in the registration stage; and the template matching module is used for verifying the identity information of the user by the server and determining whether the identity information passes the verification or not by comparing the Hamming distances of the two groups of biological templates.
The face information protection and bidirectional authentication system based on the PUF comprises the following steps:
revocable face template generation stage: (1) the method comprises the steps that a camera collects a face image, the face image is extracted by adopting a depth CNN framework, and 512-dimensional binary face vectors are generated through L2 normalization; (2) the PUF of the embedded equipment of the user randomly generates a group of CRPs, the response of the CRPs is used as the seed of a random number to generate 512-bit random numbers, the sizes of the random numbers are randomly arranged in (1,512), and the binary face vector is subjected to replacement operation to generate a revocable face biological template T;
a registration stage: step A, sending a user ID, a revocable face biological template T and a hash value H (R) of a user PUF response to a server; b, randomly generating a group of CRPs by an embedded device PUF at a server end, carrying out exclusive or operation on the response of 512 bits and Tb after the revocable face biological template is coded by a Reed-Muller code to generate auxiliary information HelpData, reserving Challenge (S), and deleting Reverse (S); step C, packaging and storing the user ID, the auxiliary information HelpData, the service terminal challenge (S) and the hash value H (R) of the response of the user PUF in a memory; step D, after the registration is finished, the client only stores challenge (C) and the user ID;
a client verification stage: (i) a user sends a verification request to a server, and the sending content comprises a user ID and a random number N; (ii) after receiving the verification request, the server side searches a hash value H (R) corresponding to the user ID in the database, performs hash operation on the H (R) and the random number N to obtain HS, and sends the HS to the client side; (iii) the client PUF obtains response (C) after double error correction according to the locally stored challenge (C) as an incentive, calculates a hash value H (R) of the response, further calculates a hash value HC of H (R) and N, compares whether HC is the same as HS in the step (ii), and if the HC is the same as HS in the step (ii), the client verification is successful;
and a server side verification stage: (a) after the client successfully verifies, the client generates a revocable biological template T 'according to the newly acquired face image and response (C) as a replacement random number, and sends the revocable biological template T' to the server for verification request; (b) generating PUF response (S) (response) according to the challenge (S) corresponding to the user ID, carrying out exclusive OR on the response (S) (response) and the auxiliary information HelpData, and decoding and restoring the revocable biological template T when the registration is carried out through a Reed-Muller code; (c) the server side makes a Hamming distance between the received revocable biological template T' and the restored revocable biological template T, if the Hamming distance is smaller than the threshold tau, the server side is successfully verified, otherwise, the server side fails.
Only the auxiliary information HelpData is stored instead of directly storing the revocable biological template, so that the identity information of the user is protected, and the information leakage is resisted. Meanwhile, through the encoding and decoding of the error correcting code, the fluctuation of the PUF caused by the influence of noise and the like can be eliminated.
Compared with the prior art, the invention has the following beneficial technical effects:
(1) because the second step of the generation stage of the revocable face template is adopted, the response of the PUF of the user equipment is used as the seed generated by the random number, the random number does not need to be directly stored in the memory, the attack that an attacker steals the random number to restore the original face template is resisted, the revocable property of the template is simultaneously completed, and the random number can be replaced by replacing the response of the PUF, namely the random number seed.
(2) Because the second step of the registration stage, the third step of the client verification stage and the second step of the server verification stage all adopt an error correction code mechanism to obtain stable PUF response output, the accuracy of the biological characteristic identification technology is improved, and the failure of verification caused by the influence of noise and the like is avoided.
(3) Due to the three steps of the client verification stage, the identity verification of the client to the server is completed by responding the hash value and combining the hash value with the random number, and an attacker is prevented from simulating the server to repeatedly collect the personal template information of the user.
(4) Due to the three steps of the server authentication phase, the PUF response and the auxiliary information are used for restoring the user revocable biological template information in the registration phase. And the user template information is not directly stored, so that the leakage of the user information is avoided. Meanwhile, as the PUF is unique and not clonable, the PUF response is not stored, and an attacker cannot deduce the template information of the user according to the auxiliary information.
Drawings
The present invention will be described in further detail with reference to the accompanying drawings and specific embodiments.
Fig. 1 is a detailed step diagram of a revocable face template generation stage and an enrollment stage of a PUF-based face information protection and mutual authentication system.
Fig. 2 is a diagram illustrating specific steps of a client verification stage and a server verification stage of the PUF-based face information protection and mutual authentication system.
Detailed Description
The invention relates to a face information protection and bidirectional authentication system based on PUF, which mainly comprises four parts of a revocable face template generation stage, an enrollment stage, a client verification stage and a server verification stage.
Fig. 1 is a diagram of specific steps in a revocable face template generation stage and an enrollment stage, as shown in fig. 1, a user device PUF is used as a seed of a random number generator, a feature vector obtained by face image feature extraction is subjected to a replacement operation according to a random number, and an exclusive or is performed on a generated revocable biometric template and a server PUF encoded by a Reed-Muller code to obtain auxiliary information. And finally, storing the user ID, the response hash value of the user equipment PUF and the auxiliary information HelpData into a nonvolatile memory of the server. The method comprises the following specific steps:
step A1: feature vectors are extracted from the face image using a FaceNet based depth CNN model and 512-dimensional binary face vectors are generated by L2 normalization.
Step A2: 512 bits are seeded by the user device PUF to generate a random number array with each bit value between (1,512), and this random array is permuted with the binary face vector to generate a revocable face biometric template, while the stimulus and response hash values for the response are computed and retained.
Step A3: and the response of the PUF at the server side is subjected to exclusive OR operation with the revocable face biological template in the step A2 after being coded by the Reed-Muller code, and HelpData is generated. And finally, storing the PUF stimulus, the hash value of the response of the user device PUF in the step A2, HelpData and the user ID into the NVM of the server.
The face information protection and bidirectional authentication system based on the PUF adopts the PUF response as the seed of the random number generator, so that the safety of the random number can be ensured, namely the random number cannot be stolen or changed. Meanwhile, the revocable biological template is irreversible and revocable according to the position permutation of the random number aiming at the original biological template.
Fig. 2 is a diagram of specific steps in a client authentication phase and a server authentication phase, where in the client authentication phase, a user device PUF generates a response according to an excitation, generates a stable PUF response through an error correction code, and sends a request for authentication of a user ID and a random number N to the server, the authenticity of the server is authenticated by comparing Hash (r) i N) transmitted by the server, and a biometric template to be authenticated is sent after authentication is successful, as shown in fig. 2. And in the verification stage of the server, the server PUF generates a response according to the excitation, the response is subjected to exclusive OR with the auxiliary information and then is subjected to error correction code decoding to recover the revocable biological template, the hamming distance is matched with the verification template sent by the user, and the verification is successful when the hamming distance is smaller than a threshold value. The method comprises the following specific steps:
step B1: and the user sends an authentication request to the server and simultaneously sends the user ID and the random number N to authenticate the authenticity of the server. The PUF of the user generates a Response according to the stored excitation, and the Response 'is obtained through double-layer error correction combining a Hadamard code and a Reed-Solomon code, and further the Hash value Hash (R)'.
Step B2: after receiving the user ID and the random number N, the server inquires a user PUF response hash value stored in the database, sends a verification formula to the client, and if the following formula is met, the verification is successful:
Hash(Hash(R)’||N)=Hash(Hash(R)||N)
step B3: and B1, using the Response 'in the step B1 as a seed of a random number generator to generate a random number, and performing replacement operation on the random number and a feature vector acquired according to the new face image in the authentication process to generate the revocable biometric template T'.
Step B4: and after the client successfully verifies, the user sends the revocable biological template T' of the user to the server.
Step B5: the server PUF generates a response according to the stored stimulus, and restores the revocable biological template T when the server PUF is registered after being subjected to exclusive OR with the auxiliary information HelpData through Reed-Muller code decoding operation, and if the following formula is met, the verification is successful:
Hamming(T,T’)<τ
the face information protection and bidirectional authentication system based on the PUF adopts Hadamard codes, Reed-Solomon codes and Reed-Muller codes as error correcting codes. The Hadamard code and the Reed-Solomon code are used for response correction of the client PUF, a double code correction technology is adopted because high accuracy is required, and the PUF as a random number seed has no deviation, otherwise, the authentication of a real user fails. When the revocable biological template of the server side is recovered, the Reed-Muller code is adopted, the error correction capability of the system can be flexibly designed through the adjustment of R, K, and response errors caused by noise are solved.
The CRP, uniqueness and unclonability of the PUF are adopted in the face information protection and bidirectional authentication system based on the PUF, so that the random number when the template is generated and the biological characteristic template stored when the server side is registered are not directly stored in the memory, the attack of an attacker and the information leakage are avoided, and the bidirectional identity authentication is completed through the PUF.
The above embodiments do not limit the present invention in any way, and all technical solutions obtained by means of equivalent substitution or equivalent transformation fall within the protection scope of the present invention.

Claims (7)

1.基于PUF的人脸信息保护及双向认证系统,其特征在于包括可撤销人脸模板生成阶段、注册阶段、客户端验证阶段、服务端验证阶段;1. based on the PUF-based face information protection and two-way authentication system, it is characterized in that comprising revocable face template generation stage, registration stage, client verification stage, server verification stage; 所述可撤销人脸模板生成阶段包括特征提取模块、随机置换模块;所述注册阶段包括辅助信息生成模块;所述客户端验证阶段包括纠错码模块、哈希验证模块;所述服务端验证阶段包括模板还原模块、模板匹配模块;The revocable face template generation stage includes a feature extraction module and a random replacement module; the registration stage includes an auxiliary information generation module; the client verification stage includes an error correction code module and a hash verification module; the server verification The stage includes template restoration module and template matching module; 所述特征提取模块,用于提取采集到的人脸图像特征,将其特征提取为512位二进制码;所述随机置换模块,用于生成对原始生物模板进行置换操作的随机数,以PUF响应作为随机数种子,实现可撤销人脸模板的生成;The feature extraction module is used to extract the collected face image features, and the features are extracted as 512-bit binary codes; the random replacement module is used to generate a random number for performing a replacement operation on the original biological template, and responds with PUF As a random number seed, realize the generation of a revocable face template; 所述辅助信息生成模块,用于注册阶段生成验证阶段所需的可以还原可撤销人脸模板的辅助信息,实现对人脸信息存储阶段的隐藏,抵御信息泄露;The auxiliary information generation module is used in the registration stage to generate auxiliary information required in the verification stage that can restore the revocable face template, so as to hide the face information in the storage stage and resist information leakage; 所述纠错码模块,用于完成PUF响应中噪声的去除,实现稳定的512位PUF响应的生成;所述哈希验证模块,用于用户验证服务端的真实性,实现用户对服务端的身份验证;The error correction code module is used to complete the removal of noise in the PUF response and realize the generation of a stable 512-bit PUF response; the hash verification module is used for the user to verify the authenticity of the server and realize the user's identity verification to the server ; 所述模板还原模块,用于服务端对注册阶段可撤销生物特征的还原;所述模板匹配模块,用于服务端对用户身份信息的验证。The template restoration module is used for the server to restore the revocable biometrics in the registration stage; the template matching module is used for the server to verify the user identity information. 2.根据权利要求1所述的基于PUF的人脸信息保护及双向认证系统,其特征在于:所述特征提取模块使用基于FaceNet的深度CNN模型从人脸图像中提取特征向量,并通过L2归一化生成人脸向量,最终提取为512维特征向量。2. the facial information protection and bidirectional authentication system based on PUF according to claim 1, it is characterized in that: described feature extraction module uses the deep CNN model based on FaceNet to extract feature vector from facial image, and by L2 normalization. The face vector is generated by a normalization, and finally extracted as a 512-dimensional feature vector. 3.根据权利要求1所述的基于PUF的人脸信息保护及双向认证系统,其特征在于:所述随机置换模块依据客户端中PUF的CRPs,将PUF响应作为将置换随机数的生成种子,客户端数据库中仅存储PUF激励。3. The face information protection and bidirectional authentication system based on PUF according to claim 1, it is characterized in that: described random replacement module according to the CRPs of PUF in the client, the PUF response is used as the generation seed that will replace random number, Only PUF incentives are stored in the client database. 4.根据权利要求3所述的基于PUF的人脸信息保护及双向认证系统,其特征在于:以PUF响应作为随机数生成器的种子生成随机数,完成对原始生物模板的置换操作以生成可撤销的生物模板;用户本地只保留PUF激励,避免了随机数被窃取的风险,攻击者无法可逆出原始生物模板;同时,通过替换PUF的CRP即可完成生物模板的可撤销性。4. the face information protection and bidirectional authentication system based on PUF according to claim 3, it is characterized in that: generate random number with PUF response as the seed of random number generator, complete the replacement operation to the original biological template to generate the random number. Revoked biological template; the user only retains the PUF incentive locally, avoiding the risk of random number being stolen, and the attacker cannot reverse the original biological template; at the same time, the revocability of the biological template can be completed by replacing the CRP of the PUF. 5.根据权利要求1所述的基于PUF的人脸信息保护及双向认证系统,其特征在于:所述纠错码模块采用Hadamard码和Reed-Solomon码相结合的双层纠错技术,纠正因噪声对于PUF响应造成的影响,从而在用户验证时完成可撤销模板的生成。5. the facial information protection based on PUF according to claim 1 and the two-way authentication system, it is characterized in that: described error correction code module adopts the double-layer error correction technology that Hadamard code and Reed-Solomon code combine, corrects the cause of the error. The effect of noise on the PUF response to complete the generation of revocable templates during user authentication. 6.根据权利要求1所述的基于PUF的人脸信息保护及双向认证系统,其特征在于:所述哈希验证模块采用的是MD5消息摘要算法。6 . The PUF-based face information protection and bidirectional authentication system according to claim 1 , wherein the hash verification module adopts an MD5 message digest algorithm. 7 . 7.根据权利要求1所述的基于PUF的人脸信息保护及双向认证系统,其特征在于包括如下步骤:7. the facial information protection based on PUF according to claim 1 and the bidirectional authentication system, it is characterized in that comprising the steps: 可撤销人脸模板生成阶段:(1)摄像头采集人脸图像,采用深度CNN架构提取人脸图像,并通过L2归一化生成512维二值人脸向量;(2)用户的嵌入式设备PUF随机生成一组CRP,将其响应作为随机数的种子生成512位随机数,其随机数的大小都于(1,512)中随机排列,对二值人脸向量进行置换操作,生成可撤销的人脸生物模板T;The revocable face template generation stage: (1) The camera collects the face image, uses the deep CNN architecture to extract the face image, and generates a 512-dimensional binary face vector through L2 normalization; (2) The user's embedded device PUF Randomly generate a set of CRPs, and use the responses as the seeds of random numbers to generate 512-bit random numbers. The random numbers are randomly arranged in (1,512), and perform a replacement operation on the binary face vector to generate a revocable face. biological template T; 注册阶段:步骤A、将用户ID、可撤销的人脸生物模板T、用户PUF响应的哈希值H(R)发送至服务器端;步骤B、服务器端的嵌入式设备PUF随机生成一组CRP,将512位的响应与可撤销的人脸生物模板经Reed-Muller码编码后的Tb做异或操作,生成辅助信息HelpData,保留Challenge(S),删除Reponse(S);步骤C、将用户ID、辅助信息HelpData、服务端Challenge(S)、用户PUF响应的哈希值H(R)打包存储在存储器中;步骤D、注册完成后,客户端仅保存Challenge(C)、用户ID;Registration stage: Step A, send the user ID, the revocable face biological template T, and the hash value H(R) of the user's PUF response to the server; Step B, the embedded device PUF on the server randomly generates a set of CRPs, The 512-bit response and the revocable face biological template are XORed with the Tb encoded by the Reed-Muller code to generate auxiliary information HelpData, retain Challenge(S), and delete Reponse(S); Step C, the user ID , auxiliary information HelpData, server Challenge (S), the hash value H (R) of user PUF response are packaged and stored in the memory; Step D, after the registration is completed, the client only saves Challenge (C), user ID; 客户端验证阶段:(i)用户向服务端发送验证请求,发送内容包括用户ID与一个随机数N;(ii)服务端接收到验证请求后,查找数据库中该用户ID所对应的哈希值H(R),将H(R)与随机数N一起做哈希运算得到HS,将HS发送回客户端;(iii)客户端PUF根据本地保存的Challenge(C)作为激励,将响应经过双重纠错之后得到Response(C)’,计算该响应的哈希值H(R)’,进一步计算H(R)’与N的哈希值HC,比较HC与步骤(ii)中的HS是否相同,若完全相同则客户端验证成功;Client verification stage: (i) the user sends a verification request to the server, and the sent content includes the user ID and a random number N; (ii) after receiving the verification request, the server searches the database for the hash value corresponding to the user ID H(R), hash H(R) and random number N together to get HS, and send the HS back to the client; (iii) The client PUF uses the locally saved Challenge(C) as an incentive, and sends the response through double After error correction, Response(C)' is obtained, the hash value H(R)' of the response is calculated, and the hash value HC of H(R)' and N is further calculated, and HC and HS in step (ii) are compared whether they are the same , if they are identical, the client authentication is successful; 服务端验证阶段:(a)客户端验证成功后,客户端根据新采集到的人脸图像、Response(C)’作为置换随机数生成可撤销生物模板T’,发送至服务端请求验证;(b)根据用户ID对应的Challenge(S)生成PUF响应Response(S)’,将Response(S)’与辅助信息HelpData异或,经过Reed-Muller码解码还原注册时的可撤销生物模板T;(c)服务端将接收到的可撤销生物模板T’与还原的可撤销生物模板T做汉明距离,小于阈值τ则为服务端验证成功,否则失败。Server-side verification stage: (a) After the client-side verification is successful, the client-side generates a revocable biological template T' according to the newly collected face image and Response(C)' as a replacement random number, and sends it to the server-side for verification; ( b) Generate the PUF response Response(S)' according to the Challenge(S) corresponding to the user ID, XOR the Response(S)' with the auxiliary information HelpData, and restore the revocable biological template T during registration through Reed-Muller code decoding; ( c) The server performs the Hamming distance between the received revocable biological template T' and the restored revocable biological template T. If the distance is less than the threshold τ, the verification of the server is successful, otherwise it fails.
CN202111428444.1A 2021-11-29 2021-11-29 Face information protection and bidirectional authentication system based on PUF Pending CN114168918A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111428444.1A CN114168918A (en) 2021-11-29 2021-11-29 Face information protection and bidirectional authentication system based on PUF

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111428444.1A CN114168918A (en) 2021-11-29 2021-11-29 Face information protection and bidirectional authentication system based on PUF

Publications (1)

Publication Number Publication Date
CN114168918A true CN114168918A (en) 2022-03-11

Family

ID=80481256

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111428444.1A Pending CN114168918A (en) 2021-11-29 2021-11-29 Face information protection and bidirectional authentication system based on PUF

Country Status (1)

Country Link
CN (1) CN114168918A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115150192A (en) * 2022-08-03 2022-10-04 安徽大学 A revocable biometric template protection method based on index self-encoding
CN116545625A (en) * 2023-06-05 2023-08-04 东南大学 Block chain private key generation method and system based on fusion of human face biological characteristics and PUFs
CN119788290A (en) * 2025-01-10 2025-04-08 西安热工研究院有限公司 A human-machine authentication method and device based on fingerprint features

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115150192A (en) * 2022-08-03 2022-10-04 安徽大学 A revocable biometric template protection method based on index self-encoding
CN116545625A (en) * 2023-06-05 2023-08-04 东南大学 Block chain private key generation method and system based on fusion of human face biological characteristics and PUFs
CN119788290A (en) * 2025-01-10 2025-04-08 西安热工研究院有限公司 A human-machine authentication method and device based on fingerprint features

Similar Documents

Publication Publication Date Title
Lee et al. Biometric key binding: Fuzzy vault based on iris images
Hao et al. Combining cryptography with biometrics effectively
US11741263B1 (en) Systems and processes for lossy biometric representations
TWI479427B (en) Defining classification thresholds in template protection systems
CN114065169B (en) Privacy protection biometric authentication method and device and electronic equipment
WO2019034589A1 (en) BIOMETRIC CRYPTOGRAPHIC SYSTEM
Yang et al. A delaunay triangle-based fuzzy extractor for fingerprint authentication
Feng et al. Protecting face biometric data on smartcard with reed-solomon code
CN114168918A (en) Face information protection and bidirectional authentication system based on PUF
CN115913577B (en) Anti-physical clone equipment authentication system and method based on lightweight SPONGENT hash algorithm
Liu et al. Encrypted domain matching of fingerprint minutia cylinder-code (MCC) with l1 minimization
CN108429614B (en) A fuzzy vault realization method based on fingerprint and face feature-level fusion
KR101077975B1 (en) Method of generating fuzzy vault based on biometric information and verifying user&#39;s indentification using fuzzy vault
Cimato et al. A multi-biometric verification system for the privacy protection of iris templates
Al-Assam et al. Combining steganography and biometric cryptosystems for secure mutual authentication and key exchange
Chafia et al. A biometric crypto-system for authentication
CN113691367B (en) Desensitization safety biological characteristic identity authentication method
Martínez et al. Secure crypto-biometric system for cloud computing
KR101275590B1 (en) Rn-ecc based real fuzzy vault for protecting biometric template
Lin et al. Digital signature systems based on smart card and fingerprint feature
Sarala et al. Blended substitution attack independent; fuzzy vault for fingerprint template security
Dong et al. Security enhancement of biometrics, cryptography and data hiding by their combinations
Soltane et al. A review regarding the biometrics cryptography challenging design and strategies
Nandakumar BioSAKE: Biometrics-based secure authentication and key exchange
Ziauddin et al. Robust iris verification for key management

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20220311