KR20040082898A - Autochangeable PIN management method using fingerprint(Not only one finger but two or three) - Google Patents

Abstract

The present invention is a system for flexibly managing a personal password by mounting a fingerprint recognition module on a device that requires security such as a desktop computer, a note book computer, a server, a mobile communication terminal, a PDA, a fingerprint recognition door lock, and an access control system. It solves the problems of the generated fingerprint information and password leakage that can theoretically occur in the existing fingerprint recognition system and at the same time, even if the floating password registered for authentication is leaked, it is characterized by a system that is not hackable. In addition, by registering the unspecified multiple fingerprints by breaking the existing single fingerprint registration method, it is possible to prevent hacking and theft due to theoretically possible copying of fingerprints and leakage of specific fingerprint information.

The present invention solves the disadvantages of the inconvenience of having to change the password every time, even if the encryption algorithm or security medium is strengthened, but it is not possible to prevent the damage when the personal password is leaked by the insider or insider.

Description

Automated PIN management method using fingerprint (Not only one finger but two or three)}

The present invention aims to construct a complete personal authentication system by applying a fingerprint recognition technology to a system requiring personal security, and the existing fingerprint recognition system registers a single fingerprint to store characteristic information of the fingerprint, By comparing the characteristic information of the stored fingerprints to authenticate individuals, in this case, in addition to the security problem that the fingerprint can be cloned theoretically, the password management systems of various fields are already available. Since 8-digit password system is used, there is a problem in interworking with the existing system. In addition, the existing fingerprint feature registration system cannot change the fingerprint feature information, and in the event of an external leak of fingerprint feature information, a unique security key of the individual can be stolen, which can cause serious security problems. have.

Due to these shortcomings, the existing fingerprint recognition system may be limited in its use range.

Accordingly, in order to solve the conventional problem, the present invention generates a new fingerprint password converted into a password system suitable for the currently commercialized password management system using a hash function of the fingerprint feature information, and registers the feature information of the fingerprint. In case of registration, two fingerprints for ID and password are registered like the one used in Login System, and individual fingerprints can be selected and registered from 10 finger fingerprints regardless of order and redundancy. Can be. In addition, after the fingerprint password is generated, the characteristic information of the fingerprint is deleted and does not exist anywhere, and when a fingerprint password is changed, a new fingerprint password can be generated at any time, and when the fingerprint authentication process is normally performed through the fingerprint recognition sensor, Even if the enrollment fingerprint is not changed automatically through the new hash function and encryption decryption algorithm, the fingerprint password and the hash function and encryption decryption algorithm are changed randomly so that even if the fingerprint password is leaked, hacking is meaningless.

1) Hash / Encryption Decryption Algorithm Porting (Firmware Module Production System) is for porting arbitrary Hash function to the first firmware and user's equipment. In order to prevent hacking after leaking Algorithm and acquiring user's information, this is a description of the system so that the developer does not know which Hash function and encryption decryption Algorithm are ported to which device.

2) Fingerprint Registration Flow (Firmware Internal Architecture) of a user describes the procedure of registering a fingerprint on a device to which the patent is applied when the user initializes all data due to a first time or a device failure.

Fig. 3) General Use Flow of the User (Firmware Internal Architecture) shows the internal procedure of using the device to which the patent is applied to the user who first registered the fingerprint in Fig. 2).

The present invention is based on the Hash / Encryption Decryption Algorithm Porting (Firmware Module Production System) of FIG. 1) and the Fingerprint Registration Flow (Firmware Internal Architecture) of the User of FIG. 2) and the General Use Flow (Firmware Internal Architecture) of the User of FIG. Is done.

FIG. 1 is a system for minimizing hacking due to leakage of an algorithm by an insider when porting a hash function and an encryption decryption algorithm to be used for firmware and other equipment to which the present invention is applied. First, N number of Hash functions developed by the developer and the object code generated by compiling the encryption / decryption algorithm are stored in the hash / encryption decryption algorithm server. Any number of object codes can be ported to the firmware and user equipment that will use this object code, and random hash function and encryption and decryption algorithm that differ from firmware to user equipment among 1 ~ N object codes through random function Porting will be done. This system structure makes hacking difficult by not knowing which Hash function and encryption decryption algorithm are ported to which device in the future.

"User's Fingerprint Registration Flow (Firmware Internal Architecture)" of FIG. 2) registers the password generated through the fingerprint input when the user wants to use the equipment produced through the process of FIG. This is a procedure to register the password generated by fingerprint when the internal program is initialized because of this. It is the internal procedure of equipment and firmware. Here, the user selects and inputs an arbitrary finger out of ten fingers. For example, you can use your right thumb as your ID fingerprint, your left thumb as your Password fingerprint, or your left hand stop as your ID fingerprint.

The finger to be used is decided and ID fingerprint and password fingerprint are input through fingerprint recognition sensor and fingerprint data is created temporarily. ID / PWD fingerprint synthesis data is generated by combining ID fingerprint data and password fingerprint data. Random function selects one hash function among N hash functions stored internally.

The password is generated through the selected Hash function and one algorithm is selected from the N encryption algorithms stored internally by the Random function. In the Encrypt section, the password generated by the Hash function is encrypted to store the encrypted password. Also, the encrypted Hash function key is stored by encrypting the hash function key to find the hash function used to generate the password for the next time. Store the encryption / decryption algorithm key for the same purpose. When the key and password are stored normally, the completion message is sent and the ID / PWD fingerprint data, ID / PWD fingerprint composite data, and other temporary data generated in the previous process are deleted. Here, the encrypted password, hash function key, and decryption algorithm key can be stored and used in the server on the network according to the type of the applied system. By doing so, it is possible to prevent hacking and theft of digitized fingerprint information generated by an individual entering a fingerprint.

The user's general use flow (Firmware Internal Architecture) of FIG. 3) is a procedure for a user who enrolls a fingerprint when fingerprint authentication is required again, and is encrypted and stored internally actively whenever a normal fingerprint authentication is performed. Your password will continue to change.

The user enters the ID and Password fingerprints into the fingerprint sensor. Generates ID / PWD fingerprint synthesis data from ID / PWD fingerprint data synthesis module by receiving fingerprint data.

Encryption / Decryption Algorithm Key Selection and Hash Function Key Decryption Module Hash function encrypted and stored in server on the device and network in the module and encryption algorithm using encryption algorithm key and decrypted hash key encrypted by the algorithm. Find the key. Select Hash Function Select the hash function that generated the saved password by using the hash function key decrypted in the module. The password is generated by executing the selected Hash function. Using the encryption Algorithm Key, the encryption algorithm is selected in the Encryption Algorithm Selection Module and the password generated by the Hash function is encrypted. In the password comparison authentication module, the password currently encrypted and stored in the module is loaded and compared with the newly created encrypted password by the above process.If authentication error occurs, the fingerprint information is re-entered and all temporary data generated are deleted. do. If authentication succeeds, it executes sub-module A part of Flow to change the current encrypted password into a completely new password. First, randomly selects one of N hash functions currently stored with the Random function. Generate password using ID / PWD fingerprint composition data in selected hash function. Select the encryption algorithm with the random function to encrypt the generated password and hash key, and change the existing encrypted hash function key, password, and encryption algorithm key.

If the change is successfully completed, delete all temporary data such as ID / PWD fingerprint data and ID / PWD fingerprint composite data, display the change completion message, and then complete the task. Move to message display module, execute Data Initialization Module and re-enter fingerprint information. Through this process, the user's password is continuously changed, the user himself cannot know what his password is, and the insiders of the device and the company that developed the algorithm also have no encryption algorithm or hash function. Since it is not known whether porting is done, hacking by insider competition can be prevented.

As described above, the flexible password management method using unspecified multi-fingerprint identification can be used for financial / credit payment and personal authentication of mobile communication terminals, and for financial / credit payment and personal authentication through DeskTop Computer, PDA, and Note Book Computer. Can be used. In addition, it can maintain reliable security in the access control system.

Claims (1)

1) Hash / Encryption Decryption Algorithm Porting part of user's firmware and equipment Develop a number of hash functions and encryption / decryption algorithms to generate object code, and randomly select Hash function and encryption decryption algorithm with module and random function to generate firmware. And Module porting to the equipment. 2) Module for inputting multiple ID and password fingerprints in the user's fingerprint registration flow, a fingerprint information input module capable of arbitrary fingerprint input, and a module for combining input fingerprint information into ID / PWD fingerprint data and a random function. Hash function selection module to select random hash function, password generation module to hash function, encryption algorithm to randomly select encryption algorithm with random function Encrypt to save password, hash function key, encryption algorithm key to encrypt ) Module, Temporary Data Delete Module to delete created temporary Data. Figure 3) Module to input multiple ID fingerprint and Password fingerprint in general use flow of user, fingerprint information input module that enables arbitrary fingerprint input, and module that synthesizes input fingerprint information into ID / PWD fingerprint data, encryption / decryption Algorithm Key Selection and Hash Key Decryption Module, Hash Key Selection with Hash Key Module, Password Generation Module with Hash Function, Encryption Algorithm Key Encryption Algorithm Module, Random Password Select again, create password with Hash function, encrypt with Algorithm with Random function, Encrypt and delete temporary data to save new password, encrypted Hash function key, encryption Algorithm Key