CN101976312A - Method for enhancing security of Biohashing system - Google Patents

Abstract

The invention discloses a method for enhancing security of Biohashing system, which is used for solving the poor system security technical problem that the conventional Biohashing method. The technical scheme is that: auxiliary data obtained based on key generation is adopted to enhance the security of the Biohashing system; the auxiliary data HelperData is generated by using a biological characteristic template and a token held by a user; and on the basis of not increasing the system distortion rate, when the token is lost or is obtained by an attacker, the system is not subjected to security threat and the system security is improved.

Description

Strengthen the method for Biohashing security of system

Technical field

The present invention relates to a kind of Biohashing method, particularly strengthen the method for Biohashing security of system.

Background technology

In the biological characteristic field of encryption, the protection problem of biological template roughly can be divided into two kinds: biological hash method (Biohashing) and based on the method (HelperData) of auxiliary data.Document " Cancellable biometrics andannotations on BioHash.Pattern Recognition, 2008,41 (6): 2034-2044. " discloses a kind of Biohashing method:

(1) feature extraction.From the primeval life feature templates, extract the biological attribute data sequence

N represents the length of biological attribute data sequence,

The expression set of real numbers;

(2), generate N random series r based on the random number seed token that sets in the known token ₁, r ₂..., Wherein N represents the biological attribute data sequence length in the above-mentioned steps (1);

(3) according to the biological attribute data sequence r of Gram-Schmidt method with generation in the step (2) ₁, r ₂...,

Unit orthogonalization generates one group of new sequence or ₁, or ₂..., or _N.

(4) to each or _i, calculate Inner and amass＜v or _i, and setting threshold τ, obtain a discrete data b _i, wherein: i=1,2 ... N.Specific algorithm is as follows:

$b_i=\left\{\begin{array}{cc}0& <v,{\mathrm{or}}_i>\&le;\mathrm{\&tau;}\\ 1& <v,{\mathrm{or}}_i>>\mathrm{\&tau;}\end{array}\right.$ I=1 wherein, 2 ... N

The Biohashing method is a kind of scheme of effective revocable biological template, the pseudo-random sequence of utilizing token at random to generate carries out with the biological template data that Inner is long-pending to disperse, well annotated the intension of revocable biological template method: when changing at random token, just can regenerate new revocable template.In the verification process, if token is correct at random, the misclassification rate of system will reduce greatly, even the phenomenon of zero misclassification rate may occur.

Yet because the internal mechanism of Biohashing method, the effect of token in total system is very large, can be described as dominance, and this deviates from the original idea of using biological character for identity authentication.When the token that obtains user's token or user as the assailant leaked, the safety of system will be subjected to very big influence.For example, after assailant A obtains the token of user B, use the token of B and the biological characteristic of self, promptly might be by the authentication of system.And for token,, easily be stolen or leak because be that the user outside is held, therefore, need a kind of can be in the still guaranteed improvement project of security of system after the token lost.

Existing improving one's methods all is to increase parameter in the middle flow process of system or the generative process of last biological Hash code word (BiohashCode); or changing traditional discrete logarithm comes total system is protected, and does not fundamentally solve token and loses the safety problem of system afterwards.

Summary of the invention

In order to overcome the deficiency of existing Biohashing method security of system difference, the invention provides a kind of method of the Biohashing of enhancing security of system.This method adopts the auxiliary data based on key generation gained to strengthen the Biohashing security of system, the token that uses biometric templates and user to hold generates auxiliary data HelperData, on the basis that does not increase the systematic distortion rate, when token is lost or victim when resultant, system can not be subjected to security threat, can improve the security of system.

The technical solution adopted for the present invention to solve the technical problems: a kind of method that strengthens the Biohashing security of system is characterized in comprising the steps:

(1) extract intermediate data Aid in biometric templates, wherein Aid is that element value is 0 or 1 matrix, and its line number and columns are by setting threshold P in the extraction algorithm and unimodular value C _xAnd C _yDecision:

(1.1) point with curvature maximum in the biometric templates is a central point, and is the center of circle with the central point, and central spot field of direction direction is an x axle positive dirction, rotates counterclockwise 90 ° and is y axle positive dirction, sets up plane right-angle coordinate;

(1.2) be as the criterion with the coordinate system in the step (1.1), extract the coordinate information M of all bifurcations in the minutiae point in the biometric templates _i(x _i, y _i), wherein i is an integer;

(1.3), calculate to each bifurcation i

ρ i represents the distance of fingerprint minutiae to central point, and setting threshold P, works as ρ _iDuring＜P, this point enters the processing sequence, otherwise discards the information of this point, and wherein i is an integer;

(1.4) the unimodular value C of x axle and y axle in the setting coordinate system _xAnd C _y, then, calculate the positional information of each bifurcation i in matrix A id (x ', y '), computing method are as follows:

$\left[\begin{array}{c}{x}^{\&prime;}\\ y^{\&prime;}\end{array}\right]=\left[\begin{array}{c}(x_i+P)/C_x\\ (y_i+P)/C_y\end{array}\right]$

(1.5), behavior x ' among the matrix A id and the element value of classifying y ' as are defined as 1, and other element value among the matrix A id is defined as 0 according to the position of each bifurcation i in the step (1.4) in matrix A id (x ', y ');

(2) use the random number seed token that sets in the token of user's input and each row element of matrix A id to carry out XOR by turn, obtain matrix with matrix A id homotype as auxiliary data HelperData;

(3), generate biological Hash code word BiohashCode based on auxiliary data HelperData and original Biohashing algorithm:

(3.1) each capable being input in the original Biohashing algorithm as random seed among the auxiliary data HelperData is gone;

(3.2) with each row of auxiliary data HelperData as the token in the original Biohashing algorithm, generate a cryptographic hash Code by original Biohashing algorithm;

(3.3) with the sequencing of all cryptographic hash Code, combine, form final biological Hash code word BiohashCode according to generation.

The invention has the beneficial effects as follows: owing to adopt auxiliary data to strengthen the Biohashing security of system based on key generation gained, the token that uses biometric templates and user to hold generates auxiliary data HelperData, on the basis that does not increase the systematic distortion rate, when token is lost or victim when resultant, system can not be subjected to security threat, has improved the security of system.

Below in conjunction with the drawings and specific embodiments the present invention is elaborated.

Description of drawings

Accompanying drawing is the method flow synoptic diagram that the present invention strengthens the Biohashing security of system.

Embodiment

Explanation of nouns:

Aid: in auxiliary data HelperData generative process, by the intermediate data that extracts in the biological data.This intermediate data is by extracting a certain amount of information in the biological data.This information is limited the quantity of, and according to Aid, the assailant can not reconstruct biological template, and promptly Aid is the one group of data that can represent the primeval life template to a certain extent and can not reconstruct the primeval life template according to Aid

HelperData: unite the data of generation by token and intermediate data Aid, participate directly in the Biohashing algorithm operating, play with original Biohashing system in the identical effect of token, promptly occur as random seed.

Present embodiment is example explanation the present invention with the fingerprint picture of 256*360pi (pi is a pixel).Other biological characteristic also is fit to the present invention as iris, people's face, palmmprint etc.By to system input identical token and different pictures, verify when token lose or victim obtain after the security of system.

With reference to accompanying drawing, each width of cloth picture enters and all passes through following processing after the system, the match information when obtaining canned data in the server end database or authentication.

(1) extracts intermediate data Aid.

(1.1) point of curvature maximum is a central point in the searching fingerprint image, is the center of circle with the central point, and central spot field of direction direction is an x axle positive dirction, rotates counterclockwise 90 ° and is y axle positive dirction, sets up plane right-angle coordinate;

(1.2) be as the criterion with the coordinate system in the step (1.1), extract the coordinate information M of all bifurcations in the minutiae point in the fingerprint characteristic template _i(x _i, y _i), wherein i is an integer;

(1.3), calculate to each bifurcation i

ρ _iThe expression fingerprint minutiae is to the distance of central point, and setting threshold P, works as ρ _iDuring＜P, this point enters the processing sequence, otherwise discards the information of this point, and wherein i is an integer.Set P=128pi;

(1.4) the unimodular value C of x axle and y axle in the setting coordinate system _xAnd C _y, then, calculate the positional information of each bifurcation i in matrix A id (x ', y '), computing method are as follows:

$\left[\begin{array}{c}{x}^{\&prime;}\\ y^{\&prime;}\end{array}\right]=\left[\begin{array}{c}(x_i+P)/C_x\\ (y_i+P)/C_y\end{array}\right]$

Here, make C _x=C _y=8pi;

(1.5) according to the position of each bifurcation i in the step (1.4) in matrix A id (x ', y '), behavior x ' among the matrix A id and the element value of classifying y ' as are defined as 1, other element value of matrix A id is defined as 0; So just extract matrix A id, regard this matrix as two-dimensional array Aid[] [] use; Work as C _x=C _yDuring=8pi, two-dimensional array is Aid[32] [32].

(2) use the token and the Aid[of user's input] [] carry out XOR line by line, obtains HelperData[] [].That is:

$\mathrm{HelperData}\left[i\right]\left[\right]=\mathrm{token}\&CirclePlus;\mathrm{Aid}\left[i\right]\left[\right]$ Wherein: i=0,1 ... 31

The setting token is a sexadecimal number, and length is 8.

(3) HelperData is loaded into original Biohashing system.

(3.1) with HelperData[] [] take out line by line, each row HelperData[i] [] be input in the original Biohashing system as a random seed and go;

(3.2) HelperData[i] code word Code of [] generation _i

(3.3) all code word Code that step (3.2) is generated _iSize order according to i couples together, and forms final biological Hash code word BiohashCode;

The above-mentioned last BiohashCode of operation generation of token process that fingerprint image all needs and matches with it when system registry and authentication.The BiohashCode that registration generates is stored in the server end database, and the BiohashCode that generates during authentication will mate with the data in the server database.

(4) matching process.

The BiohashCode that generates in the time of might as well making registration is B ^E, the BiohashCode that generates during the order authentication is B ^QMatching process is as follows:

(4.1) relatively

With

The use Hamming distance is described distance D between the two _i, then

Wherein

For forming B ^E, B ^QBy the Code that generates in (3.2) _iValue; Valuei is

With

Between Hamming distance and Code _iThe ratio of length.

Setting threshold VA, length is 32 array SA, works as Value _iDuring＜VA, make SA (i)=1, otherwise, SA (i)=0 made.Here get VA ∈ (0.1,0.15);

(4.2) calculate the coupling mark.

$\mathrm{Score}(E,Q)=\frac{{\mathrm{\&Sigma;}}_{i=0}^{31}\mathrm{SA}\left(i\right)}{T}$

Wherein: (E Q) is B to Score ^EAnd B ^QThe coupling mark; T is the number of i,, is set at 32 here.

(4.3) setting threshold SC, when Score (E, Q) 〉=during SC, think that then the match is successful, otherwise it fails to match.Here set SC ∈ (0.75,0.8).

Claims (1)

1. a method that strengthens the Biohashing security of system is characterized in that comprising the steps:

(1) extract intermediate data Aid in biometric templates, wherein Aid is that element value is 0 or 1 matrix, and its line number and columns are by setting threshold P in the extraction algorithm and unimodular value C _xAnd C _yDecision:

(1.1) point with curvature maximum in the biometric templates is a central point, and is the center of circle with the central point, and central spot field of direction direction is an x axle positive dirction, rotates counterclockwise 90 ° and is y axle positive dirction, sets up plane right-angle coordinate;

(1.2) be as the criterion with the coordinate system in the step (1.1), extract the coordinate information M of all bifurcations in the minutiae point in the biometric templates _i(x _i, y _i), wherein i is an integer;

(1.3), calculate to each bifurcation i

ρ _iThe expression fingerprint minutiae is to the distance of central point, and setting threshold P, works as ρ _iDuring＜P, this point enters the processing sequence, otherwise discards the information of this point, and wherein i is an integer;

(1.4) the unimodular value C of x axle and y axle in the setting coordinate system _xAnd C _y, then, calculate the positional information of each bifurcation i in matrix A id (x ', y '), computing method are as follows:

$\left[\begin{array}{c}{x}^{\&prime;}\\ y^{\&prime;}\end{array}\right]=\left[\begin{array}{c}(x_i+P)/C_x\\ (y_i+P)/C_y\end{array}\right]$

(1.5), behavior x ' among the matrix A id and the element value of classifying y ' as are defined as 1, and other element value among the matrix A id is defined as 0 according to the position of each bifurcation i in the step (1.4) in matrix A id (x ', y ');

(2) use the random number seed token that sets in the token of user's input and each row element of matrix A id to carry out XOR by turn, obtain matrix with matrix A id homotype as auxiliary data HelperData;

(3), generate biological Hash code word BiohashCode based on auxiliary data HelperData and original Biohashing algorithm:

(3.1) each capable being input in the original Biohashing algorithm as random seed among the auxiliary data HelperData is gone;

(3.2) with each row of auxiliary data HelperData as the token in the original Biohashing algorithm, generate a cryptographic hash Code by original Biohashing algorithm;

(3.3) with the sequencing of all cryptographic hash Code, combine, form final biological Hash code word BiohashCode according to generation.

Images