CN101459514A - Biological identification method and device and encryption method of biological characteristic data thereof - Google Patents
Biological identification method and device and encryption method of biological characteristic data thereofDownload PDFInfo
- Publication number
- CN101459514A CN101459514ACN 200710199631CN200710199631ACN101459514ACN 101459514 ACN101459514 ACN 101459514ACN 200710199631CN200710199631CN 200710199631CN 200710199631 ACN200710199631 ACN 200710199631ACN 101459514 ACN101459514 ACN 101459514A
- Authority
- CN
- China
- Prior art keywords
- data
- value
- biological
- attribute data
- biological attribute
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)
- Collating Specific Patterns (AREA)
Abstract
Description
Technical field
The invention relates to a kind of biological identification, and particularly relevant for the biological identification method and apparatus of a kind of integration password (Cryptography) technology.
Background technology
Visit the progress of Information technology and grant, real-life affairs and program are gradually towards digitized processing.The life drop that people will accumulate is recorded in personal computer, Digital Media and the running gear with the intention of performance.Wisdom and secret that mode secret, authentication that people utilize protects these accumulations for years to get off.Traditional maintaining secrecy and authentication mode such as personal identification number has been difficult to guarantee authenticating safety, and the user be except that need memory multiple cipher and may leading to errors, the danger of the more likely stolen or invasion of simple cipher authentication.If utilize " physiology password " (similarly being) of individual unique biological feature institute identification by people's face, fingerprint, idiograph and iris identification etc., be difficult to the characteristic of duplicating or being stolen owing to have, can really effectively solve the safety certification problem.
Figure 1 shows that the flow chart of traditional biological identification method.Generally speaking, need certain characteristic value of registration in advance/storage (step S110) for comparison.After being ready for the registration feature value, the biological identification device can allow the user import biological attribute data (step S120), and comparison registration feature value and biological attribute data (step S130), to judge the two whether conform to (step S140).If the two conforms to the biological attribute data of registration feature value and the user of storage input in advance, then the biological identification device will be exported the identification result (step S150) of " by verifying ".Otherwise, if the biological attribute data of registration feature value and the user of storage input in advance the two do not conform to, then the biological identification device will export the identification result (step S160) of " passing through to verify ".Generally speaking, above-mentioned steps S110 is similar to the implementation of step S120.For example, step S120 is divided into biological data input (Data Collection, step S121), signal pre-treatment (Signal Processing, step S122), characteristic value acquisition (Biometric Feature Extraction, step S123), acquisition biological attribute data substeps such as (step S124).
For comparison registration feature value and biological attribute data among the step S130, a thresholding (threshold) value is got in the authentication of biological identification usually, and the value within threshold value can be accepted, and the value that surpasses threshold value is just refused.Different with cryptographic technique is, the comparison of these authentications does not need to reach hundred-percent accuracy, and just the data of two comparisons can be allowed error to a certain degree.For example, suppose some registration feature values be 35 and threshold value be 5; The two conforms to if biological attribute data in 30~40 scope, is then thought registration feature value and biological attribute data; The two is not conform to if biological attribute data, then can be thought registration feature value and biological attribute data less than 30 or greater than 40.For the password identification, suppose that log-in password is 35; If the password value imported is 37, then password value of being imported and log-in password the two do not conform to; If the password value imported is 35, then password value of being imported and log-in password the two conform to.Table 1 is depicted as the comparison of biological identification and password identification.
The comparison of table 1 biological identification and password discrimination method
| The password identification | Biological identification | |
| Authentication mode | Use digital form | Use analog form |
| Principle is accepted in authentication | Admissible error not fully | The tolerable error |
| Data processing | Data are upset | Data processing, but do not upset |
| Cryptographic technique is used | Can be with data encryption, stamped signature | Can't be with data encryption, stamped signature |
Yet general traditional biometric authentication method can only directly be compared at proximal device, and can't combine with cryptographic technique.Because, as long as after these were allowed that the biological attribute data of error is to a certain degree handled via cryptographic algorithm, these data will be upset, and can't possess the function of comparison originally totally.In addition, when the biological attribute data of prior foundation exists in the biological identification device as the registration feature value, and when carrying out the comparison authentication of biological attribute data, may face following threat:
(1) assailant may crack the registration feature data that obtain existing on the biological identification device.
Because of allowing some error, make to utilize such as the action of private datas such as hash function or encryption biological attribute data is encrypted during (2) owing to the biological attribute data comparison.Therefore, if when carrying out long-range comparison, the assailant may listen to biological attribute data.
Summary of the invention
The invention provides a kind of encryption method of biological attribute data, even make the assailant obtain existing the registration feature data on the biological identification device, it also is difficult to deciphering and obtains biological attribute data.Therefore when carrying out long-range comparison, even the assailant listens to enciphered data, it also is difficult to deciphering and obtains biological attribute data.
The invention provides a kind of biological identification method and apparatus, success is in conjunction with the advantage of biological identification and password identification.That is biological attribute data can be encrypted, possess the characteristics that some error is allowed in the biological attribute data comparison simultaneously.The present invention can be applicable in the integration of biological characteristic and cryptographic technique, promote the storage of biological characteristic and utilize the fail safe of biological characteristic identification, can prevent effectively that the program of malice or assailant from usurping biological attribute data and being the legal user of personation, also can utilize biological characteristic to reach encryption, authentication, identification, stamped signature, hash, serve as golden key and use ... wait cryptographic function.
For addressing the above problem, the present invention proposes a kind of encryption method of biological attribute data.One biological characteristic at first is provided.According to a threshold value, define a plurality of number ranges, wherein those number ranges have a quantized value separately.If biological attribute data fall into those number ranges one of them, then with the quantized value of this number range as quantization characteristic data to replace this biological attribute data.Carry out the one-way function computing, so that the quantization characteristic data are converted to the encrypted feature data.
The present invention proposes a kind of biological identification method.The encrypting registration data at first are provided, and the acquisition biological attribute data.According to a threshold value, define a plurality of number ranges, wherein those number ranges have a quantized value separately.If biological attribute data fall into those number ranges one of them, then with the quantized value of this number range as the quantization characteristic data to replace this biological attribute data.Carry out the one-way function computing, so that the quantization characteristic data are converted to the encrypted feature data.Comparison encrypting registration data and encrypted feature data.
The present invention proposes a kind of biological identification device, comprises acquisition unit, database and processing unit.Acquisition unit is in order to the acquisition biological attribute data.Database is in order to write down at least one encrypting registration data.Processing unit is coupled to acquisition unit and database.According to a threshold value, processing unit defines a plurality of number ranges, and wherein those number ranges have a quantized value separately.If biological attribute data fall into those number ranges one of them, then processing unit with the quantized value of this number range as the quantization characteristic data, to replace this biological attribute data.Processing unit carries out an one-way function computing so that the quantization characteristic data are converted to the encrypted feature data, and comparison encrypting registration data and encrypted feature data.
The present invention is because of quantizing biological attribute data, and the quantization characteristic data are carried out the one-way function computing, thus the present invention can be successfully in conjunction with the advantage of biological identification and password identification.That is biological attribute data can be encrypted, possess the characteristics that some error is allowed in the biological attribute data comparison simultaneously.Even the assailant obtains existing the registration feature data on the biological identification device, it also is difficult to deciphering and obtains biological attribute data.Especially when carrying out long-range comparison, even the assailant listens to enciphered data, it also is difficult to deciphering and obtains biological attribute data.
For above-mentioned feature and advantage of the present invention can be become apparent, preferred embodiment cited below particularly, and cooperate appended graphicly, be described in detail below.
Description of drawings
Figure 1 shows that the flow chart of traditional biological identification method.
Fig. 2 is the enforcement example that a kind of biological identification device is described according to the present invention.
Fig. 3 illustrates a kind of biological identification method flow diagram according to the embodiment of the invention.
Fig. 4 is according to another embodiment of the present invention explanation biological identification method flow diagram.
The primary clustering symbol description
S110~S160: each step of traditional biological identification method
200: the biological identification device
210: acquisition unit
220: processing unit
230: database
S310~S360: according to each step of the illustrated a kind of biological identification method flow of the embodiment of the invention
S414~S484: according to each step of the illustrated a kind of biological identification method flow of the embodiment of the invention
Embodiment
Fig. 2 is the enforcement example that a kind of biological identification device is described according to the present invention.Please refer to Fig. 2,biological identification device 200 comprisesacquisition unit 210,processing unit 220 and database 230.Processing unit 220 is coupled toacquisition unit 210 and database 230.Acquisition unit 210 is in order to the acquisition biological attribute data.Aforementioned biological attribute data can be the fingerprint characteristic value.In other embodiments, this biological attribute data may be iris feature value, " palm print characteristics value " or " pupil characteristic value " etc.
If the biological attribute data exported ofacquisition unit 210 falls into one of them number range, thenprocessing unit 220 will be with the quantized value of this number range as " quantization characteristic data " to replace the biological attribute data thatacquisition unit 210 is exported.For example, if the biological attribute data exported ofacquisition unit 210 is 30, because 30 fall into number range (25~32), soprocessing unit 220 will be with the quantized value 28 of number range (25~32) as " quantization characteristic data ".At this moment, the biological attribute data " 30 " exported ofacquisition unit 210 just is quantized/is substituted by quantization characteristic data " 28 ".
Next,processing unit 220 will carry out " one-way function computing " the quantization characteristic data are converted to " encrypted feature data ".Aforementioned one-way function computing can be hash (Hash) functional operation or other encryption function computing.Writing down at least one encrypting registration data in the database 230.Therefore,processing unit 220 processing of can comparing is to have or not any encrypting registration data to be consistent with " encrypted feature data " in the comparison database 230.If be stored in advance in the database 230 a certain registration feature value and " encrypted feature data " the two conform to, thenprocessing unit 220 will be exported the identification result of " by verify ".Otherwise, if aforementioned the two do not conform to, thenprocessing unit 220 will export the identification result of " by verify ".
Above-mentioned for wherein a kind of enforcement example of biological identification device of the present invention.The enforcement example of biological identification method and biological attribute data encryption method thereof below will be described.This area has knows the knowledgeable usually except realizing the present invention with hardware mode, form that can also computer program realizes the present invention and following embodiment, and utilize computer readable memory medium to store this computer program, carry out biological identification method or biological attribute data encryption method in order to computer.
Fig. 3 illustrates a kind of biological identification method flow diagram according to the embodiment of the invention.Need registration in advance/the provide comparison operation of " encrypting registration data " (step S310 holds the back explanation) at this in order to step S330.These encrypting registration data are to use the embodiment of the invention " biological attribute data encryption method " with the prior ciphered data of registration feature data.After being ready for the encrypting registration data, biological identification device or biological identification programming system can allow the user pass through sensing component and/or its driver input biological data (step S321).Step S321 is biological data (as fingerprint, people's face, the iris etc.) input that will compare, generally needs a sensor (sensor) that reads biological data, uses and reads individual's certain (or some) biological attribute data on one's body.
Next can carry out signal pre-treatment (Signal Processing, step S322) at biological data.Step S322 is that the biological data that will read carries out signal processing, for example level and smooth (Gaussian smoothing), the block diagram method of average (Histogram equalization) of Gauss, normalization (Normalization), binaryzation, disconnection (Opening), graph thinning, graph thinning repairing and acquisition characteristic point etc.
After finishing the signal pre-treatment, next just can carry out characteristic value acquisition (Biometric Feature Extraction, step S323), to obtain one or more biological attribute datas to biological data.Biological data has the characteristic point of numerous species, and for example end points of fingerprint characteristic and bifurcation, general fingerprint identification algorithm also all are acquisition end points and the bifurcation features as comparison.Step S323 is exactly the one or more characteristic points that are used for capturing biological data, with as biological attribute data.With the identification of fingerprint is example, and " characteristic value acquisition " algorithm that step S323 carried out can be structure comparison method or onion stratum comparison method etc.In other embodiments, the characteristic value that captured of step S323 may be " iris feature value ", " palm print characteristics value ", " pupil characteristic value " or other various characteristic values.
Next just to carry out " encryption method of biological attribute data " S370,, and become the encrypted feature data so that biological attribute data is encrypted.In the present embodiment, the encryption method S370 of biological attribute data can comprise step S371 and S372 etc.
Step S371 does numerical quantization with the biological attribute data that step S323 handled, and the value of this quantification can cooperate cryptographic technique to use.Step S371 can define a plurality of number ranges according to threshold value, and wherein these number ranges have a quantized value separately.If a certain biological attribute data falls into one of them number range, then with the quantized value of this number range as " quantization characteristic data " to replace " biological attribute data ".Can dynamically set (step S373) in this threshold value, also can cancellation step S373 and with step S371 a certain fixed value decided at the higher level but not officially announced decide it.
Suppose that it is positive and negative t (t is a threshold value) that biological characteristic is compared permissible error range, and sampling value between (0, L) between, then the mode of Liang Huaing is interval with p, and signal value is quantified as 0, p, 2p ... the np equivalence, p=2t wherein,
If a biological characteristic w between (0, L) between and satisfy that (kp-p/2)≤w<(kp+p/2), then this signal value w should be quantified as wq=kp.For example, if threshold value t is 4, then number range may be (1~8), (9~16), (17~24), (25~32), (33~40) ... etc.; And the quantized value of these number ranges can be 4,12,20,28,36 separately ... etc.If the biological attribute data that provides of step S323 is 30, because 30 fall into number range (25~32), so step S371 will be with the quantized value 28 of number range (25~32) as " quantization characteristic data ".At this moment, the biological attribute data " 30 " that provides of step S323 just is quantized/is substituted by quantization characteristic data " 28 ".Again for example, if the biological attribute data that step S323 provides is 5 data such as (28,37,19,62,54), and t=5 (being p=10), then biological attribute data can be quantified as (30,40,20,60,50) respectively.
Behind completing steps S371, next " quantization characteristic data " are carried out an one-way function computing (step S372), to obtain " encrypted feature data " (step S324).Aforementioned one-way function computing can be hash function computing or other encryption function computing.Be to use the hash function computing to carry out cryptographic operation in the present embodiment.Use hash function the quantization characteristic data confidentiality can be got up, to prevent the biological attribute data leakage or to be stolen.Although, also can't learn original biological attribute data because the assailant obtains being stored in the encrypting registration data of database the inside or the encrypted feature data in delivering path.In other embodiments, step S372 also may together carry out the hash function computing with " quantization characteristic data " and " golden key value ".Above-mentioned " golden key value " can be fixed default value (initial value), random number or other numerical value (real number) etc.
Next comparison " encrypting registration data " and " encrypted feature data " (step S330) is to judge the two whether conform to (step S340).When comparison, present embodiment is " the two is consistent " therefore can improve comparison speed with the two absolutely identical just being considered as.If the two conforms to encrypting registration data and encrypted feature data, then biological identification device/program will be exported the identification result (step S350) of " by checking ".Otherwise the two does not conform to as if encrypting registration data and encrypted feature data, and then biological identification device/program will be exported the identification result (step S360) of " by checking ".
The implementation of above-mentioned registration/provide " encrypting registration data " step is similar to step S321~S324 and S370.Step S310 can comprise substep S311, S312, S313, S380 and S314.Biological identification device or biological identification programming system can allow the user pass through sensing component and/or its driver input biological data (step S311).Step S311 is biological data (as fingerprint, people's face, the iris etc.) input that will compare, generally needs a sensor that reads biological data, uses and reads individual's certain (or some) biological attribute data on one's body.
Next can carry out signal pre-treatment (step S312) at biological data.Step S312 is that the biological data that will read carries out signal processing, and for example Gauss is level and smooth, the block diagram method of average, normalization, binaryzation, disconnection, graph thinning, graph thinning is repaired and acquisition characteristic point etc.After finishing the signal pre-treatment, next just can carry out characteristic value acquisition (step S313), to obtain one or more registration feature data to biological data.With the identification of fingerprint is example, and " characteristic value acquisition " algorithm that step S313 carried out can be structure comparison method or onion stratum comparison method etc.In other embodiments, the characteristic value that captured of step S313 may be " iris feature value ", " palm print characteristics value ", " pupil characteristic value " or other various characteristic values.
Next just to carry out " encryption method of biological attribute data " S380,, and become the encrypting registration data so that the registration feature data are encrypted.In the present embodiment, the encryption method S380 of registration feature data can implement it with reference to step S370, so repeat no more.Behind completing steps S380, biological identification device/program just with the encrypting registration storage in database, utilize in order to step S330.
The foregoing description guarantees all the acceptable values in threshold value because the value of certain biological characteristic all is quantized into a free from error value, not influencing under the safe situation, all can be quantized into same value.These values are except utilizing hash or encryption function protect; can also be by similarly being that stamped signature, golden key produce, the exchange of golden key ... etc. cryptographic technique or other numerical value derive and do further application, to prevent to exist biological attribute data in the storage to leak or to be stolen.And when comparison, absolutely correct value could be compared and pass through, and can improve the comparison speed of machine.
Fig. 4 is according to another embodiment of the present invention explanation biological identification method flow diagram.Part steps embodiment illustrated in fig. 4 can be implemented it with reference to the illustrated content of Fig. 3, so repeat no more.Please refer to Fig. 4, come registration in advance/preparation " encrypting registration data " at this via step S311, S312, S313, S480 and S414, in order to the comparison operation of step S330.Wherein, step S480 uses the embodiment of the invention " biological attribute data encryption method " that " registration feature data " are encrypted and obtains " encrypting registration data " and " adjusted value ".Present embodiment is that encrypting registration data and adjusted value are stored in the database of biological identification device/program (step S414), utilizes in order to step S330 and S470.
After being ready for encrypting registration data and adjusted value, biological identification device or biological identification programming system just can provide the biological identification function.The user imports biological data (step S321) afterwards by sensing component and/or its driver, and step S322 can carry out the signal pre-treatment at biological data.After finishing the signal pre-treatment, step S323 just can carry out the characteristic value acquisition to biological data, to obtain one or more biological attribute datas.Next just to carry out " encryption method of biological attribute data " S470.In the present embodiment, step S470 can extract the adjusted value corresponding to biological attribute data from the database of biological identification device/program, use this adjusted value that the biological attribute data that step S323 is obtained is encrypted then, to obtain encrypted feature data (step S324).
In the present embodiment, above-mentioned steps S470 can comprise substep S471, S472 and S473 etc., and above-mentioned steps S480 can comprise substep S481, S482 and S483 etc.Step S482 does numerical quantization with the registration feature data w that step S313 handled, and the value of this quantification (quantizes log-on data wq) can cooperate cryptographic technique to use.The execution mode of step S482 can be implemented it with reference to the step S371 of Fig. 3, can also come performing step S482 by other any quantification technique.At this, step S482 quantizes required " threshold value t " can dynamically set (step S484), also can cancellation step S484 and with step S482 a certain fixed value decided at the higher level but not officially announced decide it.
Behind completing steps S482, next will " quantize log-on data wq" carry out an one-way function computing (step S483), to obtain " encrypted feature data h (wq) ".Aforementioned one-way function computing can be hash function computing or other encryption function computing.Be to use the hash function computing to carry out cryptographic operation in the present embodiment.In other embodiments, step S483 also may will " quantize log-on data wq" together carry out the hash function computing with " golden key value ", to obtain " encrypted feature data h (wq) ".Above-mentioned " golden key value " can be fixed default value (initial value), random number or other numerical value (real number) etc.Via step S414, encrypted feature data h (wq) can be stored in the database of biological identification device/program, utilize in order to step S330.
In addition, step S481 is the value w that will finely tune in the quantizing processaNote the value of this fine setting (adjusted value wa) discrimination power that quantizes the back reduction can be reduced to discrimination power originally, and can any influence not arranged to safety.In this embodiment, the adjustment calculation method can be wa=wq-w.Behind completing steps S482, just can calculate " quantification log-on data wq" with the difference of " registration feature data w ", to obtain adjusted value wa(step S481).For instance, be that registration feature data w can be quantified as (30,40,20,60,50), then adjusted value w under the situation of (28,37,19,62,54) and p=10 (definition of this p please refer to previous embodiment) at registration feature data waJust equal (30-28,40-37,20-19,60-62,50-54)=(2,3,1 ,-2 ,-4).Via step S414, adjusted value waBe stored in the database of biological identification device/program, utilize in order to step S471.
When the user imported biological attribute data w ', step S471 can obtain the corresponding adjusted value w with biological attribute data w ' from the database of biological identification device/programa, and according to adjusted value waAdjust biological attribute data w '.In this embodiment, step S471 can be w "=w '-waThat is, behind completing steps S323, just can calculate " biological attribute data w ' " and " adjusted value wa" difference, to obtain adjusted biological attribute data w " (step S471).
Step S472 is the biological attribute data w that step S471 was handled " do numerical quantization, the value of this quantification (quantization characteristic data wq') can cooperate cryptographic technique to use.The execution mode of step S472 can be implemented it with reference to the step S371 of Fig. 3, can also come performing step S472 by other any quantification technique.At this, step S472 quantizes required " threshold value t " can dynamically set (step S474), also can cancellation step S474 and with step S472 a certain fixed value decided at the higher level but not officially announced decide it.The two is consistent for " threshold value " of step S472 and " threshold value " of step S482.
For instance, be under the situation of (29,40,18,59,49) and p=10 at biological attribute data w ', if adjusted value waBe (2,3,1 ,-2 ,-4) then adjusted biological attribute data w " be (29-2,40-3,18-1,59+2,49+4)=(27,37,19,61,53).This adjusted biological attribute data w " after quantizing, can be converted into (30,40,20,60,50), this is quantization characteristic data wq'.
Utilize the processing procedure of step S471 and step S472, guarantee all the acceptable values in threshold value,, all can be quantized into same value not influencing under the safe situation.But because in the positive and negative t of error range, the sampling value of hitting it (biological attribute data w ') between (0, the L) value between, probability is about 2t/L; And after quantizing, the sampling value of hitting it (biological attribute data w ') between (0, the L) quantized value between, probability is about 1/n, wherein
The probability of the value before quantizing of hitting it with quantize after the probability of value be the same, so the action of quantification does not influence fail safe.
Behind completing steps S472, next with " quantization characteristic data wq' " carry out an one-way function computing (step S473), to obtain " encrypted feature data h (wq') " (step S324).Aforementioned one-way function computing can be hash function computing or other encryption function computing.Be to use the hash function computing to carry out cryptographic operation in the present embodiment.In other embodiments, step S473 also may be with " quantization characteristic data wq' " together carry out the hash function computing with " golden key value ", to obtain " encrypted feature data h (wq') ".In other words, step S473 " one-way function computing " and step S483 " the one-way function computing " carried out the two be consistent.
By the foregoing description as can be known; do not changing as far as possible under the present biological identification method framework; can on the prior biological identification system, add a subsystem; the function that can reach cryptographic technique is incorporated on the biological identification; strengthen the fail safe of biological identification; there is the biological data of database in protection, and may be used on long-range comparison.Moreover the foregoing description can prevent effectively that the program of malice or assailant from usurping biological attribute data and being the legal user of personation.This field has knows that usually the knowledgeable also can utilize biological characteristic to reach encryption, authentication, identification, stamped signature, hash with reference to above-mentioned explanation, serve as golden key use ... wait cryptographic function (can be used on bank, replace IC-card, replace seal, authenticate dual identification with other).Because the present invention and the foregoing description can be protected biological attribute data by cryptographic means, except the characteristic value that can avoid biological data is captured and usurps, can also realize the characteristics such as confidentiality, integrality, non-repudiation of data.By the decision of " threshold value t ", the discrimination power that is increased to script under the safe situation can not influenced in addition.
Though the present invention discloses as above with preferred embodiment; right its is not in order to limit the present invention; have in the technical field under any and know the knowledgeable usually; without departing from the spirit and scope of the present invention; when can doing a little change and retouching, so protection scope of the present invention is as the criterion when looking accompanying the claim person of defining.
Claims (24)
1. the encryption method of a biological attribute data is characterized in that comprising:
Biological attribute data is provided;
According to threshold value, define a plurality of number ranges, wherein those number ranges have quantized value separately;
If this biological attribute data fall into those number ranges one of them, then with the quantized value of this number range as the quantization characteristic data to replace this biological attribute data; And
Carry out the one-way function computing, so that these quantization characteristic data are converted to the encrypted feature data.
2. the encryption method of biological attribute data as claimed in claim 1 is characterized in that also comprising this threshold value of setting.
3. the encryption method of biological attribute data as claimed in claim 1 is characterized in that this biological attribute data comprises fingerprint characteristic value, iris feature value, palm print characteristics value or pupil characteristic value.
4. the encryption method of biological attribute data as claimed in claim 1 is characterized in that this one-way function computing comprises the hash function computing.
5. the encryption method of biological attribute data as claimed in claim 1, the step that it is characterized in that carrying out this one-way function computing comprises these quantization characteristic data and golden key value is together carried out the hash function computing.
6. the encryption method of biological attribute data as claimed in claim 5 is characterized in that this gold key value comprises: default value, random number or real number.
7. the encryption method of biological attribute data as claimed in claim 1 is characterized in that also comprising:
Calculate the difference of these quantization characteristic data and this biological attribute data, to obtain adjusted value; And
Store this adjusted value and this encrypted feature data.
8. biological identification method is characterized in that comprising:
The encrypting registration data are provided;
The acquisition biological attribute data;
According to threshold value, define a plurality of number ranges, wherein those number ranges have quantized value separately;
If this biological attribute data fall into those number ranges one of them, then with the quantized value of this number range as the quantization characteristic data to replace this biological attribute data;
Carry out the one-way function computing, so that these quantization characteristic data are converted to the encrypted feature data; And
Compare these encrypting registration data and this encrypted feature data.
9. biological identification method as claimed in claim 8 is characterized in that also comprising this threshold value of setting.
10. biological identification method as claimed in claim 8 is characterized in that this biological attribute data comprises fingerprint characteristic value, iris feature value, palm print characteristics value or pupil characteristic value.
11. biological identification method as claimed in claim 8 is characterized in that this one-way function computing comprises the hash function computing.
12. biological identification method as claimed in claim 8, the step that it is characterized in that carrying out this one-way function computing comprises these quantization characteristic data and golden key value is together carried out the hash function computing.
13. biological identification method as claimed in claim 12 is characterized in that this gold key value comprises: default value, random number or real number.
14. biological identification method as claimed in claim 8 is characterized in that providing the step of these encrypting registration data to comprise:
Acquisition registration feature data;
According to this threshold value, define those number ranges, wherein those number ranges have quantized value separately;
If these registration feature data fall into those number ranges one of them, then with the quantized value of this number range as quantizing log-on data to replace this registration feature data; And
Carry out this one-way function computing, be converted to this encrypting registration data should quantize log-on data.
15. biological identification method as claimed in claim 14 is characterized in that providing the step of these encrypting registration data also to comprise:
Calculate the difference of this quantification log-on data and these registration feature data, to obtain adjusted value; And
Store this adjusted value and this encrypting registration data.
16. biological identification method as claimed in claim 15 is characterized in that also comprising according to this adjusted value and adjusts this biological attribute data.
17. a biological identification device is characterized in that comprising:
Acquisition unit is in order to the acquisition biological attribute data;
Database is in order to write down at least one encrypting registration data; And
Processing unit is coupled to this acquisition unit and this database, in order to the foundation threshold value, defines a plurality of number ranges, and wherein those number ranges have quantized value separately; If this biological attribute data fall into those number ranges one of them, then with the quantized value of this number range as the quantization characteristic data to replace this biological attribute data; Carry out the one-way function computing so that these quantization characteristic data are converted to the encrypted feature data; And compare these encrypting registration data and this encrypted feature data.
18. biological identification device as claimed in claim 17 is characterized in that this biological attribute data comprises fingerprint characteristic value, iris feature value, palm print characteristics value or pupil characteristic value.
19. biological identification device as claimed in claim 17 is characterized in that this one-way function computing comprises the hash function computing.
20. biological identification device as claimed in claim 17 is characterized in that this one-way function computing that this processing unit carries out, and is that these quantization characteristic data and golden key value are together carried out the hash function computing.
21. biological identification device as claimed in claim 20 is characterized in that this gold key value comprises: default value, random number or real number.
22. biological identification device as claimed in claim 17 is characterized in that this processing unit is in advance by these acquisition unit acquisition registration feature data; If these registration feature data fall into those number ranges one of them, then with the quantized value of this number range as quantizing log-on data to replace this registration feature data; And carry out this one-way function computing, be converted to this encrypting registration data should quantize log-on data, and with this encrypting registration data record in this database.
23. biological identification device as claimed in claim 22 is characterized in that this processing unit calculates the difference of this quantification log-on data and these registration feature data, to obtain adjusted value; And with this adjusted value and this encrypting registration storage in this database.
24. biological identification device as claimed in claim 23 is characterized in that this processing unit adjusts this biological attribute data according to this adjusted value.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200710199631CN101459514B (en) | 2007-12-11 | 2007-12-11 | Biometric identification method and device and encryption method for biometric data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200710199631CN101459514B (en) | 2007-12-11 | 2007-12-11 | Biometric identification method and device and encryption method for biometric data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101459514Atrue CN101459514A (en) | 2009-06-17 |
| CN101459514B CN101459514B (en) | 2013-01-30 |
Family
ID=40770158
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200710199631ActiveCN101459514B (en) | 2007-12-11 | 2007-12-11 | Biometric identification method and device and encryption method for biometric data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101459514B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103841108A (en)* | 2014-03-12 | 2014-06-04 | 北京天诚盛业科技有限公司 | Authentication method and system of biological characteristics of user |
| CN106295286A (en)* | 2015-06-04 | 2017-01-04 | 联想移动通信软件(武汉)有限公司 | A kind of encrypting fingerprint processing method, device and terminal |
| CN106302336A (en)* | 2015-05-25 | 2017-01-04 | 四川长虹电器股份有限公司 | A kind of method, system and equipment realizing user fingerprints safety based on cloud computing |
| CN106446867A (en)* | 2016-10-13 | 2017-02-22 | 济南大学 | Double-factor palmprint identification method based on random projection encryption |
| CN107733933A (en)* | 2017-11-30 | 2018-02-23 | 中国电力科学研究院有限公司 | A kind of double factor identity authentication method and system based on biological identification technology |
| CN110362977A (en)* | 2018-04-10 | 2019-10-22 | 义隆电子股份有限公司 | Biological characteristic identification method and electronic device with biological characteristic identification function |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FR2776153B1 (en)* | 1998-03-10 | 2000-07-28 | Ordicam Rech Et Dev | METHOD FOR SECURITY IDENTIFICATION OF A PERSON AND PORTABLE DEVICE FOR IMPLEMENTING THE METHOD |
| DE19940341A1 (en)* | 1999-08-25 | 2001-03-01 | Kolja Vogel | Data protection procedures |
| CN101059863A (en)* | 2006-04-20 | 2007-10-24 | 刘瑞祯 | Embed and detection method for identifying water mark, its system and uses |
- 2007
- 2007-12-11CNCN 200710199631patent/CN101459514B/enactiveActive
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103841108A (en)* | 2014-03-12 | 2014-06-04 | 北京天诚盛业科技有限公司 | Authentication method and system of biological characteristics of user |
| CN103841108B (en)* | 2014-03-12 | 2018-04-27 | 北京天诚盛业科技有限公司 | The authentication method and system of user biological feature |
| CN106302336A (en)* | 2015-05-25 | 2017-01-04 | 四川长虹电器股份有限公司 | A kind of method, system and equipment realizing user fingerprints safety based on cloud computing |
| CN106295286A (en)* | 2015-06-04 | 2017-01-04 | 联想移动通信软件(武汉)有限公司 | A kind of encrypting fingerprint processing method, device and terminal |
| CN106446867A (en)* | 2016-10-13 | 2017-02-22 | 济南大学 | Double-factor palmprint identification method based on random projection encryption |
| CN106446867B (en)* | 2016-10-13 | 2019-03-15 | 济南大学 | A two-factor palmprint recognition method based on random projection encryption |
| CN107733933A (en)* | 2017-11-30 | 2018-02-23 | 中国电力科学研究院有限公司 | A kind of double factor identity authentication method and system based on biological identification technology |
| CN107733933B (en)* | 2017-11-30 | 2021-08-17 | 中国电力科学研究院有限公司 | A method and system for two-factor identity authentication based on biometric technology |
| CN110362977A (en)* | 2018-04-10 | 2019-10-22 | 义隆电子股份有限公司 | Biological characteristic identification method and electronic device with biological characteristic identification function |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101459514B (en) | 2013-01-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11251958B2 (en) | Security system with adaptive authentication based on tokenization chaining | |
| US8312290B2 (en) | Biometric method and apparatus and biometric data encryption method thereof | |
| US10396985B1 (en) | Federated identity management based on biometric data | |
| US10454677B1 (en) | Cryptographic key generation from biometric data | |
| CN101098232B (en) | An identity authentication method combining dynamic password and multi-biometric features | |
| CN105429761B (en) | A kind of key generation method and device | |
| EP2513834B1 (en) | System and method for verifying the identity of an individual by employing biometric data features associated with the individual as well as a computer program product for performing said method | |
| CN101561873B (en) | Multimode authentication equipment with functions of iris recognition and USB Key | |
| US9384338B2 (en) | Architectures for privacy protection of biometric templates | |
| NL1036400C2 (en) | Method and system for verifying the identity of an individual by employing biometric data features associated with the individual. | |
| Matyas Jr et al. | A biometric standard for information management and security | |
| Zheng et al. | UDhashing: Physical unclonable function-based user-device hash for endpoint authentication | |
| CN103699995A (en) | Payment authentication method based on fingerprints and finger veins | |
| CN101459514A (en) | Biological identification method and device and encryption method of biological characteristic data thereof | |
| US7272245B1 (en) | Method of biometric authentication | |
| Nair et al. | An approach to improve the match-on-card fingerprint authentication system security | |
| Wickramaarachchi et al. | An effective iris biometric privacy protection scheme with renewability | |
| CN110738499A (en) | User identity authentication method and device, computer equipment and storage medium | |
| Rudrakshi et al. | A model for secure information storage and retrieval on cloud using multimodal biometric cryptosystem | |
| Meenakshi et al. | Securing iris templates using combined user and soft biometric based password hardened fuzzy vault | |
| CN112200168B (en) | Method and system for secure access of mobile storage device | |
| Zhang et al. | Generalized optimal thresholding for biometric key generation using face images | |
| Akanbi et al. | Biocryptosystems for Template Protection: A Survey of Fuzzy Vault | |
| Malallah et al. | Online signature template protection by shuffling and one time pad schemes with neural network verification | |
| Uchenna et al. | Evaluation of a fingerprint recognition technology for a biometric security system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |