Access authentication and key derivation method and system for biometric identity authentication

Abstract

The invention belongs to the technical field of key management and identity authentication related application, and discloses an access authentication and key derivation method and system for biological recognition identity authentication, and the method comprises the steps: in a registration stage, a user registers at a credible authentication center, and uploads all information such as biological characteristics, soft biological characteristics and identity labels; the fog node performs access authentication at the unified authentication cloud to obtain an identity identifier issued by the unified authentication cloud and a shared root key obtained through key negotiation, and after registration is completed, the fog node accesses the cloud-fog hybrid network; in the authentication stage, the user uploads feature information, and identity recognition is conducted through biological features; and the fog node and the unified authentication cloud generate parameters required by a soft biological feature key by using soft biological feature fusion, and generate the soft biological feature key and a session key by using key derivation, which are respectively used for encrypting and decrypting biological features and session messages. According to the method, the risk that the secret key is decoded can be obviously reduced, and the confidentiality of the biological characteristic privacy information of the user is enhanced.

Description

technical field [0001] The invention belongs to the related application technical field of key management and identity authentication, and in particular relates to an access authentication and key derivation method and system for biometric identity authentication. Background technique [0002] At present, fog computing is an intermediate state between cloud computing and personal computing, and is a type of semi-virtual intelligent service computing. The low-cost fog nodes with certain information processing and storage capabilities share part of the work of the cloud, greatly reducing the pressure on the cloud; at the same time, as a distributed system closer to the bottom layer, fog nodes can process part of the user's business in time. Meet the needs of users in the mobile network for real-time services. Through the computing, storage and network communication services provided by fog nodes, the computing, analysis and processing of data is closer to the user, thereby re...

AI Technical Summary

Problems solved by technology

[0007] (1) The modes widely used in biometric authentication are to realize all the processes of biometric calculation and identification on the terminal device, which will cause the terminal device to frequently call the CPU and reduce the standby time

[0008] (2) A large number of user authentication requests in a short period of time will cause excessive load pressure on the authentication server and reduce the user's service experience. It is also a very high server maintenance cost for enterprises.

[0009] (3) The existing key agreement algorithm remains unchanged for a period of time, which will increase the risk of key leakage and cracking during information transmission, and the overhead of key management is also a problem

In addition, non-private soft biometric features are used to assist in the generation of soft biometric keys and encrypted biometric features, but the soft biometric features collected at different times and in different places are not exactly the same, and there are certain deviations. It is a problem that the node and the cloud generate the same soft biometric key. The proposed solution also solves this problem and effectively makes up for the patent "Biometric identity information authentication method based on 5G cloud-mist hybrid unified authentication platform" (patent number: ZL 201911129276.9 ) insufficiency in key generation and key management

Images