| 主权项 |
1. A method for providing application service, comprising:
registering user fingerprint information to a wireless application protocol gateway; inputting, in a user mobile phone, application service information to be acquired, and inputting fingerprints on a touch screen of the user mobile phone; collecting, by the user mobile phone, the user fingerprints to generate second fingerprint data of the user, carrying the second fingerprint data in an application service acquisition request, and sending the application service acquisition request to the wireless application protocol gateway through an encrypted channel; receiving, by the wireless application protocol gateway, the application service acquisition request carrying the second fingerprint data from the user mobile phone, and extracting the second fingerprint data from the application service acquisition request; acquiring, by the wireless application protocol gateway, the security authentication data stored locally, according to information of the user mobile phone; acquiring, by the wireless application protocol gateway, the encryption key KEY according to the second fingerprint data and the security authentication data; decrypting, by the wireless application protocol gateway, the encrypted fingerprint template according to the obtained encryption key KEY, to obtain the fingerprint template of the user; comparing, by the wireless application protocol gateway, the acquired second fingerprint data with the fingerprint template of the user, determining that the user identity authentication is passed when a comparison result is that the two are matched, and sending the application service acquisition request to the application server; sending, by the application server, requested application service to the wireless application protocol gateway according to the application service acquisition request; providing, by the wireless application protocol gateway, the application service to the user mobile phone;
wherein the registering user fingerprint information to a wireless application protocol gateway comprises:inputting, by the user, fingerprints on a touch screen of a user mobile phone; generating, by the user mobile phone, first fingerprint data of the user, and sending the first fingerprint data to the wireless application protocol gateway through an encrypted channel;acquiring, by the wireless application protocol gateway, an encrypted fingerprint template of the user and an encryption key KEY corresponding to the encrypted fingerprint template from an application server through the encrypted channel, and saving the encrypted fingerprint template locally, wherein the encryption key KEY is generated randomly by the application server, the length of the encryption key KEY is 128 bits, and the encrypted fingerprint template is generated after the application server uses the encryption key KEY to encrypt a user fingerprint template;generating, by the wireless application protocol gateway, security authentication data according to the first fingerprint data and the encryption key; saving the security authentication data locally; and destroying the encryption key; and wherein the generating, by the wireless application protocol gateway, security authentication data according to the first fingerprint data and the encryption key; saving the security authentication data locally; and destroying the encryption key comprises: generating, by the wireless application protocol gateway, an encryption function of nine variables:
f(u)=aTu mod(p)=(a0u0+a1u1+ . . . a7u7+a8u8)mod(p),wherein a=[a0 a1 . . . a8]T, u=[u0 u1 . . . u8], and mod represents a modulo operation; splitting the encryption key KEY into eight non-overlapping segments, which are respectively s0, s1, . . . , s7, wherein each segment has 16 bits; setting a0=s0, a1=s1, . . . , a7=s7; connecting a0-a7 into a 128 bit string KEYC=a0 a1 . . . a7; calculating a cyclic redundancy check CRC-16 value C of the string KEYC, wherein C is a 16 bit check value; setting a8=C mod(p), wherein P is a prime number 65537; acquiring a set F={(x0, y0), (x1, y1), . . . , (xN-1, yN-1)} of minutiae plane coordinates in the first fingerprint data of the user, wherein (xi, yi) (i=0, . . . , N−1) are respectively minutiae plane coordinates, xi is the ith coordinate value of X axis of a minutiae plane coordinate, yi is the ith coordinate value of Y axis of a minutiae plane coordinate, and N is the total number of the minutiae; mapping each minutiae plane coordinate respectively into [0, 255]; connecting the mapped plane coordinates in series together to constitute 16 bit data mi, and obtaining a set H={m0, m1, . . . , mN-1}; taking each mi(i=0, . . . , N−1) as a 16 bit random number generator seed to generate eight random numbers ri1, ri2, . . . , ri8 in sequence, and obtaining a vector ui, wherein ui(mi)=[ui0 ui1 . . . ui8]=[mi ri1 . . . ri8]; substituting each ui into the encryption function f(u) to calculate a corresponding encryption function value f(ui), and obtaining a set G, wherein G is a set of the user encrypted fingerprint data constituted by the set H and the encryption function value corresponding to the elements in the set H, and G=((m0, f(u0(m0))), (m1, f(u1(m1))), . . . , (mN-1, f(uN-1(mN-1)))); generating an interference set C=((c0, d0), (c1, d1), . . . , (cM−1, dM−1)), wherein M is the number of elements of the set C; ci and di(i=0, . . . , M−1) are random numbers, and a distance between ci and mi is larger than a preset threshold value, and di≠f(ci); mixing the elements in the set G and in the set C randomly, to generate security authentication data VL={(v0, w0), (v1, w1), . . . , (vM+N-1, wM+N-1)}, wherein (vi, wi)(i=0, . . . , M−1) represent the elements in the set G and in the set C; saving, by the wireless application protocol gateway, the security authentication data locally; destroying, by the wireless application protocol gateway, the encryption key; and wherein the acquiring, by the wireless application protocol gateway, the encryption key KEY according to the second fingerprint data and the security authentication data comprises: extracting a minutiae set Q from the second fingerprint data, wherein Q={(xq0, yq0), (xq1, yq1), . . . , (xqN*−1, yqN*−1)}, N* is the total number of the minutiae in Q, N* is not equal to the total number N of the minutiae in the first fingerprint data; mapping minutiae plane coordinates xk and yk (i=0, . . . , N*−1) into [0, 255], wherein k=0, 1, 2, . . . , N−1; extracting v0, v1, . . . , vM+N-1 out from the security authentication data VL; splitting v0, v1, . . . , vM+N-1 respectively into two 8 bit numbers which are served as plane coordinates, obtaining a set RC={(xv0, yv0), (xv1, yv1), . . . , (xv(M+N-1), yv(M+N-1)}; if a distance between a certain minutiae A in the set Q and a certain minutiae B in the set RC is smaller than a preset threshold value, determining that A and B are a pair of matching points; adding (v, w) corresponding to B into a matching point set RG to obtain a set of nine points RG={(v0, w0), {v1, w1), . . . , (v8, w8)}; restoring the encryption key KEY by using the elements in the set RG; wherein the step of restoring the encryption key KEY by using the elements in the set RG comprises: for each viεRG, using the 16 bit random number generator same as the random number generator to generate eight random numbers ri1, ri2, . . . , ri8 by using vi as a seed; obtaining an equation set:
w0=(ad0u0,0+ad1u0,1+ . . . +ad7u0,7+ad8u0,8)mod(p)w1=(ad0u1,0,+ad1u1,1+ . . . +ad7u1,7+ad8u1,8)mod(p)w8=(ad0u8,0+ad1ud1+ . . . +ad7u8,7+ad8u8,8)mod(p)solving aT:adT=U−1w mod(p) whereinU=(u0,0…u0,8………u8,0…u8,8), w=[w0 w1 . . . w8]T, ad=[ad0 ad1 . . . ad8]T; connecting ad0, ad1, . . . , ad7 into a string KEY in series; and wherein the method further comprises: refusing, by the wireless application protocol gateway, to provide application service to the user when the comparison result is that the two are not matched, and sending message that the application service is refused to the user mobile phone. |
