Deprecated: The each() function is deprecated. This message will be suppressed on further calls in /home/zhenxiangba/zhenxiangba.com/public_html/phproxy-improved-master/index.php on line 456
CN112651007B - Threshold predicate encryption biological characteristic authentication method based on digital watermark - Google Patents
[go: Go Back, main page]

CN112651007B - Threshold predicate encryption biological characteristic authentication method based on digital watermark - Google Patents

Threshold predicate encryption biological characteristic authentication method based on digital watermark Download PDF

Info

Publication number
CN112651007B
CN112651007B CN202011634886.7A CN202011634886A CN112651007B CN 112651007 B CN112651007 B CN 112651007B CN 202011634886 A CN202011634886 A CN 202011634886A CN 112651007 B CN112651007 B CN 112651007B
Authority
CN
China
Prior art keywords
biometric
user
server
challenge
template
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN202011634886.7A
Other languages
Chinese (zh)
Other versions
CN112651007A (en
Inventor
胡红爽
吴永东
翁健
魏凯敏
罗伟其
张继连
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinan University
Original Assignee
Jinan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinan University filed Critical Jinan University
Priority to CN202011634886.7A priority Critical patent/CN112651007B/en
Publication of CN112651007A publication Critical patent/CN112651007A/en
Application granted granted Critical
Publication of CN112651007B publication Critical patent/CN112651007B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/16Program or content traceability, e.g. by watermarking
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Collating Specific Patterns (AREA)
  • Editing Of Facsimile Originals (AREA)
  • Image Processing (AREA)

Abstract

本发明公开的一种基于数字水印的阈值谓词加密生物特征认证方法,包括以下步骤,获取用户的生物特征,对每个用户的生物特征生成参考模板并存储在服务端;用户发起认证请求;服务端收到认证请求,将向用户发送挑战;客户端收到挑战后将采集客户端新的生物特征样本,并得到生物特性向量,经过嵌入水印信息操作,进而得到质询模板并发送至服务端;服务端收到质询模板,进行每个片段中检测向量的信号计算,判断水印信息是否正确,根据水印信息的判断结果得到第一步认证结果;进行总相关值计算,根据总相关值和第一步认证结果得出最终认证结果;本申请可以防止系统受到欺骗攻击,且计算简单、效率高,可以使生物特征认证工作安全高效的进行。

Figure 202011634886

A digital watermark-based threshold predicate encryption biological feature authentication method disclosed by the present invention includes the following steps: acquiring the user's biological feature, generating a reference template for each user's biological feature and storing it in the server; the user initiates an authentication request; After receiving the authentication request, the terminal will send a challenge to the user; after receiving the challenge, the client will collect a new biometric sample of the client, and obtain a biometric vector, and after embedding the watermark information, obtain a challenge template and send it to the server; The server receives the challenge template, calculates the signal of the detection vector in each segment, judges whether the watermark information is correct, and obtains the authentication result of the first step according to the judgment result of the watermark information; calculates the total correlation value, according to the total correlation value and the first The final authentication result can be obtained through the step authentication result; this application can prevent the system from being cheated and attacked, and the calculation is simple and efficient, which can make the biometric authentication work safe and efficient.

Figure 202011634886

Description

Threshold predicate encryption biological characteristic authentication method based on digital watermark
Technical Field
The invention relates to the field of research of biological feature authentication, in particular to a threshold predicate encryption biological feature authentication method based on digital watermarking.
Background
The biological characteristic template has the advantages of irreversibility and cancelability. Where irreversibility refers to irreversible conversion of a biometric template to a corresponding biometric, and cancelability refers to the ability to update, undo, and reconstruct a single template. Once these advantages are compromised, however, an attacker can reconstruct the biometric vector from the compromised template, sometimes even obtaining the original biometric sample. The attacker can then use the resulting biometric template to launch replay attacks or provide a spoofed sample/template to spoof the authentication server, with a consequent reduction in the security of the biometric authentication system. Although european authorities have promulgated a series of legal regulations to standardize the application of biometric identification techniques in other fields such as finance in order to ensure the privacy and data security of all citizens, the security of biometric templates still faces serious challenges.
Disclosure of Invention
The invention aims to overcome the defects and shortcomings of the prior art and provide a threshold predicate encryption biological characteristic authentication method based on digital watermarking. However, when an attacker sends a random template or a query template obtained by eavesdropping to the server, the server can be deceived, and random attack, replay attack and collusion attack can be launched on the server, and the success rate is high. Therefore, in order to secure the biometric authentication system, its resistance to the impersonation attack must be improved.
The aim of the invention is achieved by the following technical scheme:
a threshold predicate encryption biometric authentication method based on digital watermarking, as shown in figure 1, comprises the following steps:
acquiring biological characteristics of users through a client, generating a reference template for the biological characteristics of each user, and storing the reference template in a server;
a user initiates an authentication request to a server through a client;
the server receives the authentication request of the client and sends a challenge to the user;
after the client receives the challenge, a new biological characteristic sample of the client is collected, a biological characteristic vector is obtained, and the biological characteristic vector of the challenge is obtained through watermark information embedding operation, so that a challenge template is obtained
Figure BDA0002878165050000021
And sending the data to a server;
the server receives the inquiry template, carries out signal calculation of detection vectors in each segment, judges whether watermark information is correct, and obtains a first-step authentication result according to the judgment result of the watermark information; and calculating the total correlation value, and obtaining a final authentication result according to the total correlation value and the authentication result of the first step.
Further, the method includes the steps of obtaining the biological characteristics of the users through the client, generating a reference template for the biological characteristics of each user, and storing the reference template in the server, and specifically includes the following steps:
s101, acquiring system parameters;
wherein the system parameters param are as follows:
param={n,θ},
wherein n represents the number of elements in the feature vector, and θ is a threshold;
s102, the client generates a private key sk for the user,
generating a private random arrangement function pi for each biometric fragment of the user, and if q elements are contained in the biometric fragment, generating two (q+3) x (q+3) random matrices M 1 and M2 And then generates a private key sk:
sk={M 1 ,M 2 ,n,π},
s103, the user registers the biometric template vector x and the private key sk at the client to generate a reference template C x
S104, generating a reference template C x Stored in the server.
Further, the reference template C x The code is needed to be obtained by the code, and the code is specifically as follows:
the client registers its biometric as a reference template C on the server using the private key sk x
If q elements are contained in the first biometric fragment, then a q+3-dimensional vector is created:
Figure BDA0002878165050000022
where beta is a random positive number,
Figure BDA0002878165050000023
also random numbers;
construction of a diagonal matrix diag (X) 1 )=π 1 (x′ 1), wherein π1 (x′ 1 ) Representing the displacement vector x' 1 The position of the medium element;
constructing a (q+3) × (q+3) lower triangular matrix
Figure BDA0002878165050000024
The diagonal elements of the matrix are all 1;
obtaining a reference template of a first fragment in a biometric template of a user:
Figure BDA0002878165050000025
wherein ,M1 and M2 In the form of a random matrix,
Figure BDA0002878165050000026
is a triangular matrix;
finally, connecting the reference templates of all fragments to obtain a finished reference template C x
Further, the user initiates an authentication request to the server through the client, specifically: and the user initiates an authentication request to the server through the client by using the identity ID.
Further, the server receives the authentication request of the client and sends a challenge to the user, which specifically includes the following steps:
s301, after receiving an authentication request of a user, a server reads a reference template of the user
Figure BDA0002878165050000031
S302, the server randomly selects one and a reference template
Figure BDA0002878165050000032
Nonsingular matrix R with same dimension i The operation is carried out with the above-mentioned formula to obtain the challenge->
Figure BDA0002878165050000033
S303, let u= { U 1 ,U 2 ,…,U p And (3) sending the information to the client.
Further, the watermark information embedding operation, namely watermark encryption is performed on the biometric vector, specifically as follows:
if the biological feature vector y is divided into p segments, two vectors m= { m are randomly selected 1 ,m 2 ,…,m p} and {θ12 ,…,θ p And the two vectors satisfy the following relationship:
Figure BDA0002878165050000034
wherein q represents the number of elements in the ith fragment, θ 12 ,…θ p Is a value interval of [0,1 ]]And satisfy θ 12 +…+θ p Relation of =θ, m 1 ,m 2 ,…,m p Is a random number and satisfies m 1 +m 2 +…+m p A relation of =0;
constructing a bipolar vector w= { w 1 ,w 2 ,…,w q The following are noted:
Figure BDA0002878165050000035
wherein Sign (·) represents a Sign function with a value of 1 or-1, m i Random number, θ, representing the ith fragment i A threshold value representing the ith fragment;
then calculating h=hash (w) using a one-way Hash function;
selecting p random numbers ry 1 ,ry 2 ,…,ry p And a random positive number alpha, while w is given to i And y is i The combination produces a new vector:
y′ i =α(y i ,m ii ,0,r yi ),i=1,2,…,p,
wherein ,yi The expression of the i-th fragment of the biological feature,
Figure BDA0002878165050000036
a random number representing the ith biometric fragment, α being a randomly generated positive number.
Further, the challenged biometric vector is specifically as follows:
for any one y 'of y' i Constructing a diagonal matrix Y i Wherein diag (Y) i )=π i (y′ i );
Selecting a lower triangular matrix S of (q+3) x (q+3) yi And the diagonal element of the matrix is 1;
constructing sub-challenge biometric templates as:
Figure BDA0002878165050000041
wherein
Figure BDA0002878165050000042
and
Figure BDA0002878165050000043
Is extracted from the key sk;
the final challenge biometric template is obtained as follows:
Figure BDA0002878165050000044
wherein ,
Figure BDA0002878165050000045
the challenge biological characteristic template of the ith segment is represented, and after the challenge biological characteristic templates of p segments are spliced, the complete challenge biological characteristic template T is obtained y
Further, the method also comprises the step of feature decoding, wherein the feature decoding is specifically as follows:
by calculating a matrix C x and Ty Constructing a detection matrix v, then:
Figure BDA0002878165050000046
wherein ,Cxi Representing the ith fragment in the reference template.
Further, the signal calculation of the detection vector in each segment is carried out, whether watermark information is correct or not is judged, and a first authentication result is obtained according to the judgment result of the watermark information; calculating a total correlation value, and obtaining a final authentication result according to the total correlation value and the authentication result of the first step, wherein the final authentication result is specifically as follows:
the client receives the challenge template V and performs the following calculations:
Figure BDA0002878165050000047
wherein ,Ri The server randomly selects a nonsingular square matrix, U i The challenge is sent to the user for the service end;
calculating a watermark signal of the detection vector v; if w is empty, authentication fails; otherwise, h=hash (w); the calculation process is as follows:
whether watermark information is correct or not is judged by calculating signals of detection vectors in each segment, and the calculation process is as follows:
for any one element v in the detection vector v i Calculating the signals of the elements:
Figure BDA0002878165050000051
wherein ,vi Is the correlation value of the ith biological feature fragment.
If h is equal to Hash (w), the output watermark is the signal w, otherwise, the output watermark is null;
finally, the server calculates v' =v 1 +v 2 +…+c p As a total correlation value; if v' < 0, the user fails to authenticate the same; otherwise, the watermark is considered to be correctly extracted, and the user authentication is successful.
Compared with the prior art, the invention has the following advantages and beneficial effects:
1. the authentication watermark is randomly generated, the watermark is embedded into each inquiry biological characteristic section according to the bit, the randomness of the watermark ensures that the watermark cannot be copied intentionally, and the safety of the system is improved;
2. compared with the common watermarking technology, the watermarking encryption method based on the one-way hash function is high in calculation efficiency, the result is unique, once an attacker falsifies or counterfeits to inquire the biological characteristic information, the biological characteristic information can be identified at the first time, and the success rate of simulating the attack is greatly reduced;
3. in the method, the watermark is used as a shared key for generating the key between the user and the server, so that the key cannot be easily cracked.
Drawings
Fig. 1 is a flowchart of a threshold predicate encryption biometric authentication method based on digital watermarking.
Detailed Description
The present invention will be described in further detail with reference to examples and drawings, but embodiments of the present invention are not limited thereto.
Examples:
a threshold predicate encryption biometric authentication method based on digital watermarking, as shown in figure 1, comprises the following steps:
acquiring biological characteristics of users through a client, generating a reference template for the biological characteristics of each user, and storing the reference template in a server;
a user initiates an authentication request to a server through a client;
the server receives the authentication request of the client and sends a challenge to the user;
after the client receives the challenge, a new biological characteristic sample of the client is collected, a biological characteristic vector is obtained, and the biological characteristic vector of the challenge is obtained through watermark information embedding operation, so that a challenge template is obtained
Figure BDA0002878165050000052
And sending the data to a server;
the server receives the inquiry template, carries out signal calculation of detection vectors in each segment, judges whether watermark information is correct, and obtains a first-step authentication result according to the judgment result of the watermark information; and calculating the total correlation value, and obtaining a final authentication result according to the total correlation value and the authentication result of the first step.
The method comprises the following steps:
the predicate encryption algorithm based on the digital watermark comprises the following specific steps:
step 1: parameter setting
Generating a system parameter param = { n, θ }, where n represents the number of elements in the feature vector and θ is a threshold, which is dependent on the application.
Step 2: key generation
The client generates a private key sk for Alice. The private key is a randomly generated multidimensional parameter matrix, and the number of elements of the fragment to be encrypted determines the dimension of the matrix. The system will generate its private random permutation function pi for each biometric fragment of Alice. If the biometric fragment contains q elements, the system will generate two (q+3) x (q+3) random matrices M 1 and M2 The final generated key is:
sk={M 1 ,M 2 ,n,π}
step 3: code encoding
In this step, the client uses asThe private key sk generated by Alice registers its biological characteristics as a reference template C on the server x
If q elements are contained in the first biometric fragment, then a q+3-dimensional vector is created:
Figure BDA0002878165050000061
where beta is a random positive number,
Figure BDA0002878165050000062
also random numbers.
Build a diagonal matrix diag (X) 1 )=π 1 (x′ 1), wherein π1 (x′ 1 ) Representing the displacement vector x' 1 The position of the element in (c).
Constructing a lower triangular matrix of (q+3) × (q+3)
Figure BDA0002878165050000063
The diagonal elements of the matrix are all 1.
Obtaining a reference template for the first fragment in Alice's biometric template:
Figure BDA0002878165050000071
finally, the reference templates of all fragments are connected to obtain the completed reference template C x
Step 4: embedding watermark information
In this step, after Alice obtains her biometric vector y and private key sk, in order to ensure the security of y, watermark encryption is performed on it, and the process is as follows:
if the biometric vector y can be divided into p segments, then two vectors m= { m are randomly chosen 1 ,m 2 ,…,m p} and {θ12 ,…,θ p And the two vectors satisfy the following relationship:
Figure BDA0002878165050000072
where q represents the number of elements in the ith fragment.
Build a bipolar vector w= { w 1 ,w 2 ,…,w q The following are noted:
Figure BDA0002878165050000073
h=hash (w) is then calculated using a one-way Hash function.
Select p random numbers ry 1 ,ry 2 ,…,ry p And a random positive number alpha, while w is given to i And y is i Combining to generate a new vector
Figure BDA0002878165050000074
Step 5: generating biometric vectors of challenges
In this step, a biometric vector T of the challenge will be generated y The process is as follows:
any one y 'of the pair y' i Constructing a diagonal matrix Y i Wherein diag (Y) i )=π i (y′ i )。
Selecting a lower triangular matrix of (q+3) × (q+3)
Figure BDA0002878165050000075
And the diagonal element of the matrix is 1.
Constructing the sub-templates as
Figure BDA0002878165050000076
wherein
Figure BDA0002878165050000077
and
Figure BDA0002878165050000078
Is derived from the extraction of the key sk,
the final template is
Figure BDA0002878165050000079
Step 6: feature decoding
In this step, the matrix C is calculated x and Ty To construct a detection matrix v
Figure BDA0002878165050000081
Step 7: watermark extraction
The step judges whether the watermark information is correct by calculating the signal of the detection vector in each segment, and the calculation process is as follows:
for any one element v in the detection vector v i Calculate its signal
Figure BDA0002878165050000082
If h is equal to Hash (w), the output watermark is the signal w, otherwise the output watermark is null.
On the basis of the algorithm, the authentication method capable of realizing the biological characteristics comprises the following steps:
step 1: preparation link
The step generates a reference template for the biological characteristics of each user and stores the reference template in a service end of the system, and the process is as follows:
as shown in algorithm steps 1,2, first the parameters param= { n, θ } and the key sk corresponding to each user of the system are obtained
To obtain the response of the server, alice will register its biometric template vector x and key sk at the client to generate a reference template C x
Generated reference template C x Will be stored in the server.
Step 2: initializing links
In this step. Alice sends her identity ID to the server, initiating an authentication request.
Step 3: challenge link
After receiving the request of the user, the server sends a challenge U to the user, and the process is as follows:
after receiving the ID of the user, the server reads Alice's reference template C x
The server randomly selects one and
Figure BDA0002878165050000083
nonsingular matrix R with same dimension i Performing operation to obtain new matrix ∈>
Figure BDA0002878165050000084
Let u= { U 1 ,U 2 ,…,U p And (3) sending the information to the client.
Step 4: response link
In this step, after receiving the challenge U, the client acquires a new feature sample of Alice, and obtains a feature vector y. Then obtaining the biological characteristic vector T of the inquiry after a series of operations such as embedding watermark information y . The client calculates all
Figure BDA0002878165050000091
And sends it to the server together with the hash value h.
Step 5: authentication link
The client receives the challenge template V and performs the following calculations:
Figure BDA0002878165050000092
referring to algorithm 7, a watermark signal of the detection vector v is calculated. If w is empty, authentication fails. Otherwise, h=hash (w).
Finally, the server calculates v' =v 1 +v 2 +…+c p As a total correlation value. If v' < 0, the user fails to authenticate as well. Otherwise, consider the watermark to beCorrectly extracted, and the user authentication is successful.
The above examples are preferred embodiments of the present invention, but the embodiments of the present invention are not limited to the above examples, and any other changes, modifications, substitutions, combinations, and simplifications that do not depart from the spirit and principle of the present invention should be made in the equivalent manner, and the embodiments are included in the protection scope of the present invention.

Claims (8)

1.一种基于数字水印的阈值谓词加密生物特征认证方法,其特征在于,包括以下步骤:1. A threshold predicate encryption biometric authentication method based on digital watermark, characterized by comprising the following steps: 通过客户端获取用户的生物特征,对每个用户的生物特征生成一个参考模板,并存储在服务端;The user's biometric features are obtained through the client, a reference template is generated for each user's biometric features, and stored on the server; 用户通过客户端向服务端发起认证请求;The user initiates an authentication request to the server through the client; 服务端收到客户端的认证请求,将向用户发送挑战;The server receives the authentication request from the client and sends a challenge to the user; 客户端收到挑战后,将采集客户端新的生物特征样本,并得到生物特性向量,经过嵌入水印信息操作,得到质询的生物特性向量,进而得到质询模板并发送至服务端;After receiving the challenge, the client will collect a new biometric sample of the client and obtain a biometric vector. After embedding the watermark information, the biometric vector of the challenge is obtained, and then the challenge template is obtained and sent to the server. 所述嵌入水印信息操作,即对生物特征向量进行水印加密,具体如下:The operation of embedding watermark information, i.e. encrypting the biometric feature vector with a watermark, is as follows: 若生物特征向量y分为p个片段,则随机选取两个向量m={m1,m2,…,mp}和{θ12,…,θp},并且这两个向量满足以下的关系:If the biometric vector y is divided into p segments, two vectors m = {m 1 ,m 2 ,…,m p } and {θ 12 ,…,θ p } are randomly selected, and the two vectors satisfy the following relationship:
Figure FDA0004071054170000011
Figure FDA0004071054170000011
其中,q表示第i个片段中元素的个数,θ12,…θp是取值区间为[0,1]的随机数,且满足θ12+…+θp=θ的关系,m1,m2,…,mp为随机数,且满足m1+m2+…+mp=0的关系;Wherein, q represents the number of elements in the i-th segment, θ 12 ,…θ p are random numbers with a value interval of [0,1] and satisfy the relationship θ 12 +…+θ p =θ, m 1 ,m 2 ,…, mp are random numbers and satisfy the relationship m 1 +m 2 +…+ mp =0; 构建一个双极向量w={w1,w2,…,wq}如下:Construct a bipolar vector w = {w 1 ,w 2 ,…,w q } as follows:
Figure FDA0004071054170000012
Figure FDA0004071054170000012
其中,Sign(·)表示取值为1或-1的符号函数,mi表示第i个片段的随机数,θi表示第i个片段的阈值;Wherein, Sign(·) represents a sign function with a value of 1 or -1, mi represents the random number of the i-th segment, and θi represents the threshold of the i-th segment; 然后使用单向哈希函数计算h=Hash(w);Then use the one-way hash function to calculate h = Hash (w); 选择p个随机数字ry1,ry2,…,ryp以及一个随机正数α,同时将wi与yi相结合产生新的向量:Select p random numbers ry 1 ,ry 2 ,…,ry p and a random positive number α, and combine wi with yi to generate a new vector:
Figure FDA0004071054170000013
Figure FDA0004071054170000013
其中,yi表示第i个生物特征片段,
Figure FDA0004071054170000014
表示第i个生物特征片段的随机数,α是随机产生的正数;
Where yi represents the i-th biometric feature fragment,
Figure FDA0004071054170000014
represents the random number of the i-th biometric feature segment, α is a randomly generated positive number;
服务端收到质询模板,进行每个片段中检测向量的信号计算,判断水印信息是否正确,根据水印信息的判断结果得到第一步认证结果;进行总相关值计算,根据总相关值和第一步认证结果得出最终认证结果。The server receives the challenge template, calculates the signal of the detection vector in each fragment, determines whether the watermark information is correct, and obtains the first step authentication result based on the judgment result of the watermark information; calculates the total correlation value, and obtains the final authentication result based on the total correlation value and the first step authentication result.
2.根据权利要求1所述的一种基于数字水印的阈值谓词加密生物特征认证方法,其特征在于,所述通过客户端获取用户的生物特征,对每个用户的生物特征生成一个参考模板,并存储在服务端,具体包括以下步骤:2. According to claim 1, a threshold predicate encryption biometric authentication method based on digital watermark is characterized in that the biometrics of the user are obtained through the client, a reference template is generated for each user's biometrics, and stored in the server, specifically comprising the following steps: S101、获取系统参数;S101, obtaining system parameters; 其中系统参数param如下所示:The system parameters param are as follows: param={n,θ},param={n,θ}, 其中n表示特征向量中的元素个数,θ是阈值;Where n represents the number of elements in the feature vector, and θ is the threshold; S102、客户端为用户生成私钥sk,S102, the client generates a private key sk for the user, 对用户的每个生物特征片段生成私有的随机排列函数π,若该生物特征片段中含有q个元素,则生成两个(q+3)×(q+3)随机矩阵M1和M2,进而生成私钥sk:Generate a private random permutation function π for each biometric segment of the user. If the biometric segment contains q elements, generate two (q+3)×(q+3) random matrices M1 and M2 , and then generate the private key sk: sk={M1,M2,n,π},sk={M 1 ,M 2 ,n,π}, S103、用户将在客户端注册其生物特征模板向量x和私钥sk,用以生成参考模板CxS103, the user registers his/her biometric template vector x and private key sk on the client to generate a reference template C x ; S104、将生成的参考模板Cx存储在服务端中。S104: Store the generated reference template C x in the server. 3.根据权利要求2所述的一种基于数字水印的阈值谓词加密生物特征认证方法,其特征在于,所述参考模板Cx需要通过密码编码获得,具体如下:3. According to the digital watermark-based threshold predicate encryption biometric authentication method of claim 2, it is characterized in that the reference template Cx needs to be obtained by password encoding, specifically as follows: 客户端使用私钥sk在服务器上将其生物特征注册为参考模板CxThe client uses the private key sk to register its biometrics as a reference template Cx on the server. 若第一个生物特征片段中含有q个元素,则创建一个q+3维的向量:If the first biometric segment contains q elements, create a q+3-dimensional vector:
Figure FDA0004071054170000021
Figure FDA0004071054170000021
其中,β是随机的正数,
Figure FDA0004071054170000022
也是随机数;
Among them, β is a random positive number,
Figure FDA0004071054170000022
It is also a random number;
构建一个对角矩阵diag(X1)=π1(x1′),其中π1(x1′)表示置换向量x1′中元素的位置;Construct a diagonal matrix diag(X 1 )=π 1 (x 1 ′), where π 1 (x 1 ′) represents the position of the elements in the permutation vector x 1 ′; 构建一个(q+3)×(q+3)的下三角矩阵Sx1,该矩阵的对角线元素都为1;Construct a (q+3)×(q+3) lower triangular matrix S x1 whose diagonal elements are all 1; 得到用户的生物特征模板中的第一个片段的参考模板:Get the reference template of the first segment in the user's biometric template:
Figure FDA0004071054170000023
Figure FDA0004071054170000023
其中,M1和M2为随机矩阵,
Figure FDA0004071054170000024
为下三角矩阵;
Among them, M1 and M2 are random matrices,
Figure FDA0004071054170000024
is a lower triangular matrix;
最终,将所有片段的参考模板连接起来,得到完成的参考模板CxFinally, the reference templates of all segments are connected to obtain the completed reference template C x .
4.根据权利要求1所述的一种基于数字水印的阈值谓词加密生物特征认证方法,其特征在于,所述用户通过客户端向服务端发起认证请求,具体为:用户使用身份ID通过客户端向服务端发起认证请求。4. According to the threshold predicate encryption biometric authentication method based on digital watermarking in claim 1, it is characterized in that the user initiates an authentication request to the server through the client, specifically: the user uses the identity ID to initiate an authentication request to the server through the client. 5.根据权利要求1所述的一种基于数字水印的阈值谓词加密生物特征认证方法,其特征在于,所述服务端收到客户端的认证请求,将向用户发送挑战,具体包括以下步骤:5. According to claim 1, a threshold predicate encryption biometric authentication method based on digital watermark is characterized in that the server receives the authentication request from the client and sends a challenge to the user, specifically comprising the following steps: S301、服务端接收到用户的认证请求后,读取用户的参考模板
Figure FDA0004071054170000031
S301: After receiving the user's authentication request, the server reads the user's reference template
Figure FDA0004071054170000031
S302、服务端随机选取一个与参考模板
Figure FDA0004071054170000032
维度相同的非奇异方阵Ri与其进行运算,得到新的矩阵
Figure FDA0004071054170000033
S302: The server randomly selects a template that matches the reference template.
Figure FDA0004071054170000032
The non-singular square matrix R i of the same dimension is operated with it to obtain a new matrix
Figure FDA0004071054170000033
S303、将U={U1,U2,…,Up}发送给客户端。S303: Send U={U 1 ,U 2 ,…,U p } to the client.
6.根据权利要求1所述的一种基于数字水印的阈值谓词加密生物特征认证方法,其特征在于,所述得到质询的生物特征向量,具体如下:6. The method of biometric authentication based on threshold predicate encryption using digital watermark according to claim 1, wherein the biometric vector of the challenge is as follows: 对y′的任意一个yi′,构造一个对角线矩阵Yi,其中diag(Yi)=πi(yi′);For any y i ′ of y ′, construct a diagonal matrix Yi , where diag(Y i )=π i (y i ′); 选取一个(q+3)×(q+3)的下三角矩阵
Figure FDA0004071054170000034
且该矩阵的对角线元素为1;
Select a (q+3)×(q+3) lower triangular matrix
Figure FDA0004071054170000034
And the diagonal elements of the matrix are 1;
构造子质询生物特征模板为:The constructor challenge biometric template is:
Figure FDA0004071054170000035
Figure FDA0004071054170000035
其中,
Figure FDA0004071054170000036
Figure FDA0004071054170000037
是由密钥sk提取而得到的;
in,
Figure FDA0004071054170000036
and
Figure FDA0004071054170000037
is extracted from the key sk;
得到最终的质询生物特征模板为:The final challenge biometric template is:
Figure FDA0004071054170000038
Figure FDA0004071054170000038
其中,
Figure FDA0004071054170000039
表示第i个片段的质询生物特征模板,p个片段的质询生物特征模板拼接后,得到完整的质询生物特征模板Ty
in,
Figure FDA0004071054170000039
It represents the challenge biometric template of the ith segment. After the challenge biometric templates of p segments are concatenated, a complete challenge biometric template Ty is obtained.
7.根据权利要求6所述的一种基于数字水印的阈值谓词加密生物特征认证方法,其特征在于,还包括步骤特征解码,所述特征解码具体如下:7. According to claim 6, a threshold predicate encrypted biometric authentication method based on digital watermark, characterized in that it also includes a feature decoding step, and the feature decoding is specifically as follows: 通过计算矩阵Cx和Ty的迹,构造一个检测矩阵v,则有:By calculating the traces of matrices C x and Ty , we construct a detection matrix v, and we have:
Figure FDA00040710541700000310
Figure FDA00040710541700000310
其中,Cxi表示参考模板中的第i个片段。Where C xi represents the i-th segment in the reference template.
8.根据权利要求7所述的一种基于数字水印的阈值谓词加密生物特征认证方法,其特征在于,所述进行每个片段中检测向量的信号计算,判断水印信息是否正确,根据水印信息的判断结果得到第一步认证结果;进行总相关值计算,根据总相关值和第一步认证结果得出最终认证结果,具体为:8. According to claim 7, a threshold predicate encrypted biometric authentication method based on digital watermark is characterized in that the signal calculation of the detection vector in each segment is performed to determine whether the watermark information is correct, and the first authentication result is obtained according to the judgment result of the watermark information; the total correlation value is calculated, and the final authentication result is obtained according to the total correlation value and the first authentication result, which is specifically: 服务端收到质询模板V,并且进行以下的计算:The server receives the challenge template V and performs the following calculations:
Figure FDA00040710541700000311
Figure FDA00040710541700000311
其中,Ri服务端随机选取非奇异方阵,Ui为服务端向用户发送的挑战;Among them, R i is a non-singular matrix randomly selected by the server, and U i is the challenge sent by the server to the user; 计算检测向量v的水印信号;若w为空,则认证失败;否则,h=Hash(w);计算过程如下:Calculate the watermark signal of the detection vector v; if w is empty, the authentication fails; otherwise, h = Hash (w); the calculation process is as follows: 通过计算每个片段中检测向量的信号来判断水印信息是否正确,计算过程如下:The watermark information is judged to be correct by calculating the signal of the detection vector in each segment. The calculation process is as follows: 针对检测向量v中的任意一个元素vi,计算其元素的信号:For any element vi in the detection vector v, calculate the signal of its element:
Figure FDA0004071054170000041
Figure FDA0004071054170000041
其中,vi为第i个生物特征片段的相关值;Where, vi is the correlation value of the i-th biometric feature segment; 如果h与Hash(w)相等,则输出的水印即为信号w,否则输出水印为空;If h is equal to Hash(w), the output watermark is the signal w, otherwise the output watermark is empty; 最后,服务端将计算v′=v1+v2+…+cp作为总相关值;若v′<0,用户同样认证失败;反之,则认为水印被正确地提取出来,用户认证成功。Finally, the server will calculate v′=v 1 +v 2 +…+ cp as the total correlation value; if v′<0, the user authentication also fails; otherwise, it is considered that the watermark is correctly extracted and the user authentication succeeds.
CN202011634886.7A 2020-12-31 2020-12-31 Threshold predicate encryption biological characteristic authentication method based on digital watermark Expired - Fee Related CN112651007B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011634886.7A CN112651007B (en) 2020-12-31 2020-12-31 Threshold predicate encryption biological characteristic authentication method based on digital watermark

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011634886.7A CN112651007B (en) 2020-12-31 2020-12-31 Threshold predicate encryption biological characteristic authentication method based on digital watermark

Publications (2)

Publication Number Publication Date
CN112651007A CN112651007A (en) 2021-04-13
CN112651007B true CN112651007B (en) 2023-05-23

Family

ID=75366901

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011634886.7A Expired - Fee Related CN112651007B (en) 2020-12-31 2020-12-31 Threshold predicate encryption biological characteristic authentication method based on digital watermark

Country Status (1)

Country Link
CN (1) CN112651007B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115913580B (en) * 2023-02-21 2023-07-25 杭州天谷信息科技有限公司 Biological authentication method and system based on homomorphic encryption

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102306305A (en) * 2011-07-06 2012-01-04 北京航空航天大学 Method for authenticating safety identity based on organic characteristic watermark
WO2017100929A1 (en) * 2015-12-15 2017-06-22 Applied Recognition Inc. Systems and methods for authentication using digital signature with biometrics
WO2020040634A1 (en) * 2018-08-23 2020-02-27 Mimos Berhad Integration of biometric and challenge response authentication

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150237045A1 (en) * 2014-02-18 2015-08-20 Werner Blessing Method and system for enhanced biometric authentication

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102306305A (en) * 2011-07-06 2012-01-04 北京航空航天大学 Method for authenticating safety identity based on organic characteristic watermark
WO2017100929A1 (en) * 2015-12-15 2017-06-22 Applied Recognition Inc. Systems and methods for authentication using digital signature with biometrics
WO2020040634A1 (en) * 2018-08-23 2020-02-27 Mimos Berhad Integration of biometric and challenge response authentication

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
PassBio: Privacy-Preserving User-Centric Biometric Authentication;Kai Zhou et al;《INFORMATION FORENSICS AND SECURITY》;20181231;正文第1页第1段-第16页最后1段 *

Also Published As

Publication number Publication date
CN112651007A (en) 2021-04-13

Similar Documents

Publication Publication Date Title
US8838990B2 (en) Bio-cryptography: secure cryptographic protocols with bipartite biotokens
Uludag et al. Fuzzy vault for fingerprints
JP4996904B2 (en) Biometric authentication system, registration terminal, authentication terminal, and authentication server
CN114065169B (en) Privacy protection biometric authentication method and device and electronic equipment
US8526606B2 (en) On-demand secure key generation in a vehicle-to-vehicle communication network
CN114170658B (en) A method and system for face recognition encryption and authentication that combines watermarking and deep learning
TWI479427B (en) Defining classification thresholds in template protection systems
Zheng et al. Cryptographic key generation from biometric data using lattice mapping
CN1281608A (en) Cryptographic key generation using biometric data
Khan Fingerprint biometric-based self-authentication and deniable authentication schemes for the electronic world
JP2010039890A (en) Authentication terminal, authentication server, authentication system, authentication method and authentication program
CN102215223A (en) Fuzzy strong box remote identity authentication method based on face feature
CN119696800B (en) Data signing method, device, computer equipment and medium based on biological characteristics
WO2009073144A2 (en) Bio-cryptography: secure cryptographic protocols with bipartite biotokens
CN114168918A (en) Face information protection and bidirectional authentication system based on PUF
CN112651007B (en) Threshold predicate encryption biological characteristic authentication method based on digital watermark
WO2006091301A2 (en) Passcodes
CN112733111B (en) Threshold predicate encryption biological feature authentication method based on segment segmentation
CN112287316B (en) Biological authentication method and system based on elliptic curve and removable biological characteristics
CN113691367B (en) Desensitization safety biological characteristic identity authentication method
Barman et al. Approach to cryptographic key generation from fingerprint biometrics
CN116629871A (en) An order online payment system and payment method
Dong et al. Security enhancement of biometrics, cryptography and data hiding by their combinations
Barman et al. An approach to cryptographic key exchange using fingerprint
Mehra et al. Remote user authentication and issues: A survey

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20230523