[go: up one dir, main page]

CN105550562B - A kind of information management system and method based on iris recognition identification certification - Google Patents

A kind of information management system and method based on iris recognition identification certification Download PDF

Info

Publication number
CN105550562B
CN105550562B CN201511021514.6A CN201511021514A CN105550562B CN 105550562 B CN105550562 B CN 105550562B CN 201511021514 A CN201511021514 A CN 201511021514A CN 105550562 B CN105550562 B CN 105550562B
Authority
CN
China
Prior art keywords
iris
user
information
management
feature information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN201511021514.6A
Other languages
Chinese (zh)
Other versions
CN105550562A (en
Inventor
王超楠
郭慧杰
杨倩倩
韩梁
韩一梁
杨昆
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Radio Metrology and Measurement
Original Assignee
Beijing Institute of Radio Metrology and Measurement
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Radio Metrology and Measurement filed Critical Beijing Institute of Radio Metrology and Measurement
Priority to CN201511021514.6A priority Critical patent/CN105550562B/en
Publication of CN105550562A publication Critical patent/CN105550562A/en
Application granted granted Critical
Publication of CN105550562B publication Critical patent/CN105550562B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Collating Specific Patterns (AREA)
  • Measurement Of The Respiration, Hearing Ability, Form, And Blood Characteristics Of Living Organisms (AREA)

Abstract

本发明公开了一种基于虹膜识别身份认证的信息管理系统及方法,该系统包括:虹膜信息采集与注册模块,用于采集用户的虹膜特征信息,对用户的基本身份信息进行注册,并将用户的虹膜特征信息和基本身份信息上传至虹膜数据服务器;虹膜数据服务器,用于汇总和存储各个用户的虹膜特征信息和基本身份信息,建立统一共享的用户资料数据库;虹膜身份认证模块,用于将待认证用户现场采集的虹膜特征信息与虹膜数据服务器存储的虹膜特征信息进行对比,对待认证用户的身份进行验证,授权其登陆各个业务子系统。本发明基于虹膜识别技术进行身份认证,识别率高、安全性好,操作简单便捷,能够有效提升业务效率,实现数据的安全、可靠交换。

The invention discloses an information management system and method based on iris recognition identity authentication. The system includes: an iris information collection and registration module, which is used to collect user iris feature information, register the user's basic identity information, and The iris feature information and basic identity information uploaded to the iris data server; the iris data server is used to summarize and store the iris feature information and basic identity information of each user, and establish a unified and shared user profile database; the iris identity authentication module is used to The iris feature information collected on-site by the user to be authenticated is compared with the iris feature information stored in the iris data server, the identity of the user to be authenticated is verified, and he is authorized to log in to each business subsystem. The invention performs identity authentication based on the iris recognition technology, has high recognition rate, good security, simple and convenient operation, can effectively improve business efficiency, and realize safe and reliable exchange of data.

Description

一种基于虹膜识别身份认证的信息管理系统及方法An information management system and method based on iris recognition identity authentication

技术领域technical field

本发明涉及信息技术领域,尤其涉及一种基于虹膜识别身份认证的信息管理系统及方法。The invention relates to the field of information technology, in particular to an information management system and method based on iris recognition identity authentication.

背景技术Background technique

在保密型军工单位、重点国家机关等一些对身份认证要求较高的单位,其办公平台往往是一个十分庞大严密的信息系统,需要强大的身份认证技术予以支撑。目前绝大多数单位均使用传统的一卡通、用户名口令认证或者数字证书技术进行不同场合的身份认证和权限管理,对于使用者来说十分繁琐不便;且这些认证载体一旦丢失或被窃取,将为使用者和单位带来严重的安全威胁。In some units with high requirements for identity authentication, such as confidential military industrial units and key state agencies, their office platform is often a very large and rigorous information system, which requires strong identity authentication technology to support it. At present, most units use traditional one-card, user name and password authentication or digital certificate technology for identity authentication and authority management in different occasions, which is very cumbersome and inconvenient for users; and once these authentication carriers are lost or stolen, it will It poses a serious security threat to users and organizations.

发明内容Contents of the invention

本发明的目的在于提供一种基于虹膜识别身份认证的信息管理系统及方法,解决现有的信息管理系统身份认证和权限管理繁琐不便、安全隐患高的技术问题。The purpose of the present invention is to provide an information management system and method based on iris recognition identity authentication, which solves the technical problems of the existing information management system identity authentication and authority management which are cumbersome and inconvenient, and have high potential safety hazards.

为达到上述目的,本发明采用下述技术方案:To achieve the above object, the present invention adopts the following technical solutions:

一种基于虹膜识别身份认证的信息管理系统,包括:An information management system based on iris recognition authentication, including:

虹膜信息采集与注册模块,用于采集用户的虹膜特征信息,对用户的基本身份信息进行注册,并将用户的虹膜特征信息和基本身份信息上传至虹膜数据服务器;The iris information collection and registration module is used to collect the user's iris feature information, register the user's basic identity information, and upload the user's iris feature information and basic identity information to the iris data server;

虹膜数据服务器,用于汇总和存储各个用户的虹膜特征信息和基本身份信息,建立统一共享的用户资料数据库,并向虹膜身份认证模块提供用户的虹膜特征信息和基本身份信息;The iris data server is used to summarize and store the iris feature information and basic identity information of each user, establish a unified and shared user profile database, and provide the user's iris feature information and basic identity information to the iris identity authentication module;

虹膜身份认证模块,用于将待认证用户现场采集的虹膜特征信息与所述虹膜数据服务器存储的虹膜特征信息进行对比,对待认证用户的身份进行验证,并在验证通过后授权其登陆各个业务子系统。The iris identity authentication module is used to compare the iris feature information collected on-site by the user to be authenticated with the iris feature information stored in the iris data server, verify the identity of the user to be authenticated, and authorize it to log in to each business sub system.

优选地,所述基本身份信息包括用户的姓名、性别、单位、部门、职务和注册图像,所述注册图像包括用户的人脸信息,所述注册图像采用Base64算法进行加密,并不定期更换密钥。Preferably, the basic identity information includes the user's name, gender, unit, department, position and registration image, the registration image includes the user's face information, the registration image is encrypted using the Base64 algorithm, and the encryption is not changed periodically. key.

优选地,所述虹膜数据服务器中存储的虹膜特征信息包括用户双目的虹膜特征信息,该虹膜特征信息利用所述虹膜数据服务器与各个业务子系统协商的密钥进行加密,并不定期更换密钥。Preferably, the iris feature information stored in the iris data server includes user binocular iris feature information, and the iris feature information is encrypted using a key negotiated between the iris data server and each service subsystem, and the key is not changed periodically. key.

优选地,所述虹膜身份认证模块包括:Preferably, the iris authentication module includes:

系统管理子模块,用于进行系统用户管理、系统用户角色管理、系统用户权限管理和系统用户认证管理;The system management sub-module is used for system user management, system user role management, system user authority management and system user authentication management;

用户管理子模块,用于进行用户管理、用户属性管理和用户权限管理;The user management sub-module is used for user management, user attribute management and user authority management;

授权管理子模块,用于进行角色管理、任务管理、资源管理和操作管理;Authorization management sub-module for role management, task management, resource management and operation management;

认证授权子模块,用于进行虹膜识别认证、指纹识别认证和密码认证;The authentication and authorization sub-module is used for iris recognition authentication, fingerprint recognition authentication and password authentication;

数据管理子模块,用于进行日志保存管理、日志查询管理、日志导出管理和日志共享管理;The data management sub-module is used for log storage management, log query management, log export management and log sharing management;

所述系统管理子模块、所述用户管理子模块、所述授权管理子模块、所述认证授权子模块、以及所述数据管理子模块均与所述虹膜数据服务器相连。The system management submodule, the user management submodule, the authorization management submodule, the authentication authorization submodule, and the data management submodule are all connected to the iris data server.

优选地,所述业务子系统包括:Preferably, the business subsystem includes:

计算机及网络安全登陆子系统,用于负责办公信息系统网络和涉密计算机登录时的身份认证;员工出入考勤统计子系统,用于负责门禁出入时的人员身份认证,以及在识别日志基础上的员工考勤统计;The computer and network security login subsystem is used for identity authentication when logging in to the office information system network and confidential computers; the employee access and attendance statistics subsystem is used for personnel identity authentication when access control is in and out, as well as identification logs. Employee attendance statistics;

涉密载体流通管理子系统,用于负责对涉密载体的借出及归还进行操作人员身份确认;Secret-related carrier circulation management subsystem, which is responsible for confirming the identity of the operator when lending and returning secret-related carriers;

保密柜安全管理子系统,用于负责对保密柜锁进行操作人员权限控制;The safe management subsystem of the safe is used to control the authority of the operator on the safe;

文件资料借阅子系统,用于负责对涉密文档的借出及归还进行操作人员身份确认;The document borrowing subsystem is used to confirm the identity of the operator for the lending and returning of confidential documents;

文档输出管理子系统,用于负责执行打印、复印等文档输出任务时的操作人员权限认证。The document output management subsystem is used for operator authority authentication when performing document output tasks such as printing and copying.

优选地,所述信息管理系统包括多个虹膜信息采集与注册模块,多个所述虹膜信息采集与注册模块同时对多个用户进行虹膜特征信息的并行采集。Preferably, the information management system includes multiple iris information collection and registration modules, and the multiple iris information collection and registration modules simultaneously collect iris characteristic information of multiple users in parallel.

优选地,所述信息管理系统中的通信信道为采用VPN专用网络的加密传输信道。Preferably, the communication channel in the information management system is an encrypted transmission channel using a VPN private network.

一种基于虹膜识别身份认证的信息管理方法,包括以下步骤:An information management method based on iris recognition identity authentication, comprising the following steps:

虹膜信息采集与注册模块采集用户的虹膜特征信息,并对用户的基本身份信息进行注册;The iris information collection and registration module collects the user's iris feature information, and registers the user's basic identity information;

所述虹膜信息采集与注册模块将用户的虹膜特征信息和基本身份信息上传至虹膜数据服务器;The iris information collection and registration module uploads the user's iris feature information and basic identity information to the iris data server;

所述虹膜数据服务器汇总和存储各个用户的虹膜特征信息和基本身份信息,建立统一共享的用户资料数据库;The iris data server summarizes and stores iris feature information and basic identity information of each user, and establishes a unified shared user data database;

当待认证用户登陆各个业务子系统时,所述虹膜身份认证模块使用其自带的虹膜采集设备现场采集待认证用户的虹膜特征信息,并将现场采集的虹膜特征信息与所述虹膜数据服务器存储并提供的虹膜特征信息进行对比,如果两者一致,则验证通过,所述虹膜身份认证模块授权该用户登陆各个业务子系统。When the user to be authenticated logs into each service subsystem, the iris identity authentication module uses its own iris collection device to collect the iris characteristic information of the user to be authenticated on the spot, and store the iris characteristic information collected on the spot with the iris data server And compare the iris feature information provided, if the two are consistent, the verification is passed, and the iris identity authentication module authorizes the user to log in to each business subsystem.

优选地,所述虹膜数据服务器对所述虹膜特征信息和所述基本身份信息进行存储时采用的密钥与所述虹膜数据服务器对所述虹膜特征信息和所述基本身份信息进行传输时采用的密钥不相同。Preferably, the key used by the iris data server to store the iris feature information and the basic identity information is the same as the key used by the iris data server to transmit the iris feature information and the basic identity information The keys are not the same.

优选地,当待认证用户登录不同的业务子系统时,所述虹膜数据服务器与不同的业务子系统之间协商不同的密钥对所述虹膜特征信息进行加密。Preferably, when the user to be authenticated logs in to a different service subsystem, the iris data server negotiates with the different service subsystems to encrypt the iris characteristic information using different keys.

本发明具有以下有益效果:The present invention has the following beneficial effects:

虹膜识别技术是目前最先进的生物识别技术,具有识别率高、可靠性好、难以伪造、安全性高的优点,其非接触性也容易被用户接受。本发明所提供的信息管理系统使用虹膜特征信息进行身份认证,可从根本上杜绝一卡通、密码、数字证书丢失所造成的安全隐患,且对于用户来说更为简单便捷,无需携带任何载体即可完成身份认证,能够有效提升业务效率,实现部门之间数据的安全、可靠交换,实现全方位安全监控,形成生物智能信息化支撑的整体联合办公系统。Iris recognition technology is currently the most advanced biometric technology, which has the advantages of high recognition rate, good reliability, difficult to forge, high security, and its non-contact is also easy to be accepted by users. The information management system provided by the present invention uses iris characteristic information for identity authentication, which can fundamentally eliminate potential safety hazards caused by the loss of one-card, passwords, and digital certificates, and is simpler and more convenient for users without carrying any carrier. Completing identity authentication can effectively improve business efficiency, realize safe and reliable exchange of data between departments, realize all-round security monitoring, and form an overall joint office system supported by biological intelligence informatization.

附图说明Description of drawings

下面结合附图对本发明的具体实施方式作进一步详细的说明。The specific implementation manners of the present invention will be further described in detail below in conjunction with the accompanying drawings.

图1是本发明实施例所提供的信息管理系统的示意图;FIG. 1 is a schematic diagram of an information management system provided by an embodiment of the present invention;

图2是本发明实施例中虹膜身份认证模块的示意图;Fig. 2 is the schematic diagram of iris identity authentication module in the embodiment of the present invention;

图3是本发明实施例所提供的信息管理方法的流程图。Fig. 3 is a flowchart of an information management method provided by an embodiment of the present invention.

具体实施方式Detailed ways

为了更清楚地说明本发明,下面结合优选实施例和附图对本发明做进一步的说明。附图中相似的部件以相同的附图标记进行表示。本领域技术人员应当理解,下面所具体描述的内容是说明性的而非限制性的,不应以此限制本发明的保护范围。In order to illustrate the present invention more clearly, the present invention will be further described below in conjunction with preferred embodiments and accompanying drawings. Similar parts in the figures are denoted by the same reference numerals. Those skilled in the art should understand that the content specifically described below is illustrative rather than restrictive, and should not limit the protection scope of the present invention.

本发明首先提供了一种基于虹膜识别身份认证的信息管理系统,如图1所示,所述信息管理系统包括:The present invention at first provides a kind of information management system based on iris recognition authentication, as shown in Figure 1, described information management system comprises:

虹膜信息采集与注册模块1,用于采集用户的虹膜特征信息,对用户的基本身份信息进行注册,并将用户的虹膜特征信息和基本身份信息上传至虹膜数据服务器2;The iris information collection and registration module 1 is used to collect the user's iris feature information, register the user's basic identity information, and upload the user's iris feature information and basic identity information to the iris data server 2;

虹膜数据服务器2,用于汇总和存储各个用户的虹膜特征信息和基本身份信息,建立统一共享的用户资料数据库,进行数据库管理,并向虹膜身份认证模块3提供用户的虹膜特征信息和基本身份信息;The iris data server 2 is used to summarize and store the iris characteristic information and basic identity information of each user, establish a unified and shared user profile database, perform database management, and provide the user's iris characteristic information and basic identity information to the iris identity authentication module 3 ;

虹膜身份认证模块3,用于将待认证用户现场采集的虹膜特征信息与虹膜数据服务器2存储的虹膜特征信息进行对比,对待认证用户的身份进行验证,并在验证通过后授权其登陆各个业务子系统4。The iris identity authentication module 3 is used to compare the iris feature information collected on-site by the user to be authenticated with the iris feature information stored in the iris data server 2, verify the identity of the user to be authenticated, and authorize it to log in to each business sub-service after the verification is passed. System 4.

虹膜识别技术是目前最先进的生物识别技术,具有识别率高、可靠性好、难以伪造、安全性高的优点,其非接触性也容易被用户接受。Iris recognition technology is currently the most advanced biometric technology, which has the advantages of high recognition rate, good reliability, difficult to forge, high security, and its non-contact is also easy to be accepted by users.

本发明所提供的信息管理系统使用虹膜特征信息进行身份认证,可从根本上杜绝一卡通、密码、数字证书丢失所造成的安全隐患,且对于用户来说更为简单便捷,无需携带任何载体即可完成身份认证,真正做到“看一眼便知是我”,从而有效提升业务效率,实现部门之间数据的安全、可靠交换,实现全方位安全监控,形成生物智能信息化支撑的整体联合办公系统。The information management system provided by the present invention uses iris characteristic information for identity authentication, which can fundamentally eliminate potential safety hazards caused by the loss of one-card, passwords, and digital certificates, and is simpler and more convenient for users without carrying any carrier. Complete identity authentication and truly achieve "knowing who I am at a glance", thereby effectively improving business efficiency, realizing safe and reliable exchange of data between departments, realizing all-round security monitoring, and forming an overall joint office system supported by biological intelligence informatization .

优选地,虹膜信息采集与注册模块1包括便携式虹膜采集设备和相应的计算机设备,以实现对用户虹膜特征信息的采集和记录。Preferably, the iris information collection and registration module 1 includes a portable iris collection device and corresponding computer equipment, so as to realize the collection and recording of user iris feature information.

在本发明中,所述基本身份信息包括用户的姓名、性别、单位、部门、职务等个人信息和注册图像,所述注册图像包括用户的人脸信息,所述注册图像采用Base64算法进行加密,并不定期更换密钥,以提高数据存储的安全性。In the present invention, the basic identity information includes personal information such as the user's name, gender, unit, department, position, and a registered image, and the registered image includes the user's face information, and the registered image is encrypted using the Base64 algorithm. The key is not changed regularly to improve the security of data storage.

这里的用户资料数据库可以采用SQL Server、Oracle等数据库模式。虹膜数据服务器2中存储的虹膜特征信息包括用户双目的虹膜特征信息,该虹膜特征信息利用虹膜数据服务器2与各个业务子系统4协商的密钥进行加密,并不定期更换密钥,以提高数据存储的安全性。The user information database here can adopt database modes such as SQL Server and Oracle. The iris feature information stored in the iris data server 2 includes the user's binocular iris feature information, and the iris feature information utilizes the key negotiated between the iris data server 2 and each service subsystem 4 to encrypt, and the key is not regularly changed to improve Security of data storage.

进一步地,如图2所示,虹膜身份认证模块3包括:Further, as shown in Figure 2, the iris identity verification module 3 includes:

系统管理子模块31,用于进行系统用户管理、系统用户角色管理、系统用户权限管理和系统用户认证管理;The system management sub-module 31 is used for system user management, system user role management, system user authority management and system user authentication management;

用户管理子模块32,用于进行用户管理、用户属性管理和用户权限管理;User management sub-module 32, used for user management, user attribute management and user authority management;

授权管理子模块33,用于进行角色管理、任务管理、资源管理和操作管理;Authorization management sub-module 33, used for role management, task management, resource management and operation management;

认证授权子模块34,用于进行虹膜识别认证、指纹识别认证和密码认证;Authentication and authorization sub-module 34, used for iris recognition authentication, fingerprint recognition authentication and password authentication;

数据管理子模块35,用于进行日志保存管理、日志查询管理、日志导出管理和日志共享管理;The data management sub-module 35 is used for log storage management, log query management, log export management and log sharing management;

其中,系统管理子模块31、用户管理子模块32、授权管理子模块33、认证授权子模块34、以及数据管理子模块35均与虹膜数据服务器2相连,根据虹膜数据服务器2中存储的用户资料进行相应的认证和授权操作。Wherein, the system management submodule 31, the user management submodule 32, the authorization management submodule 33, the authentication authorization submodule 34, and the data management submodule 35 are all connected with the iris data server 2, according to the user data stored in the iris data server 2 Perform corresponding authentication and authorization operations.

进一步地,参考图1,业务子系统4包括:Further, referring to Fig. 1, the business subsystem 4 includes:

计算机及网络安全登陆子系统,用于负责办公信息系统网络和涉密计算机登录时的身份认证;The computer and network security login subsystem is responsible for the identity authentication of the office information system network and confidential computer login;

员工出入考勤统计子系统,用于负责门禁出入时的人员身份认证,以及在识别日志基础上的员工考勤统计;The employee access and attendance statistics subsystem is used for personnel identity authentication when access control is in and out, and employee attendance statistics based on identification logs;

涉密载体流通管理子系统,用于负责对涉密载体的借出及归还进行操作人员身份确认;Secret-related carrier circulation management subsystem, which is responsible for confirming the identity of the operator when lending and returning secret-related carriers;

保密柜安全管理子系统,用于负责对保密柜锁进行操作人员权限控制;The safe management subsystem of the safe is used to control the authority of the operator on the safe;

文件资料借阅子系统,用于负责对涉密文档的借出及归还进行操作人员身份确认;The document borrowing subsystem is used to confirm the identity of the operator for the lending and returning of confidential documents;

文档输出管理子系统,用于负责执行打印、复印等文档输出任务时的操作人员权限认证。The document output management subsystem is used for operator authority authentication when performing document output tasks such as printing and copying.

以办公系统为例,单位内部相关部门可利用共享的用户资料数据库中的虹膜特征信息作为识别用户身份的标识,从而有效提升用户体验好感度,提高智能部门运作效率。Taking the office system as an example, the relevant internal departments of the unit can use the iris feature information in the shared user profile database as an identifier to identify the user's identity, thereby effectively improving the user experience and improving the operational efficiency of the intelligent department.

可以理解的是,业务子系统4并不限于以上列举的子系统,还可以包括具有其他扩展功能的子系统。因此,本发明所提供的信息管理系统具有较强的可扩展性,能够为将来新系统、新应用的无缝集成提供高效的适配接口,尤其适合用于对身份认证要求比较高且认证场合比较多的单位办公用信息管理系统。It can be understood that the business subsystem 4 is not limited to the subsystems listed above, and may also include subsystems with other extended functions. Therefore, the information management system provided by the present invention has strong scalability, and can provide an efficient adaptation interface for the seamless integration of new systems and applications in the future, and is especially suitable for authentication occasions with relatively high requirements for identity authentication. Many units use information management systems for their offices.

优选地,所述信息管理系统包括多个虹膜信息采集与注册模块1,多个虹膜信息采集与注册模块1,可同时对多个用户进行虹膜特征信息的并行采集,以节约时间,提高注册效率。Preferably, the information management system includes multiple iris information collection and registration modules 1, and multiple iris information collection and registration modules 1 can simultaneously collect iris feature information for multiple users in parallel to save time and improve registration efficiency .

相应地,本发明还提供了一种基于虹膜识别身份认证的信息管理方法,如图3所示,所述信息管理方法包括以下步骤:Correspondingly, the present invention also provides an information management method based on iris recognition identity authentication, as shown in FIG. 3 , the information management method includes the following steps:

虹膜信息采集与注册模块采集用户的虹膜特征信息,并对用户的基本身份信息进行注册;The iris information collection and registration module collects the user's iris feature information, and registers the user's basic identity information;

所述虹膜信息采集与注册模块将用户的虹膜特征信息和基本身份信息上传至虹膜数据服务器;The iris information collection and registration module uploads the user's iris feature information and basic identity information to the iris data server;

所述虹膜数据服务器汇总和存储各个用户的虹膜特征信息和基本身份信息,建立统一共享的用户资料数据库;The iris data server summarizes and stores iris feature information and basic identity information of each user, and establishes a unified shared user data database;

当待认证用户登陆各个业务子系统时,所述虹膜身份认证模块使用其自带的虹膜采集设备现场采集待认证用户的虹膜特征信息,并When the user to be authenticated logs into each business subsystem, the iris identity authentication module uses its own iris collection device to collect the iris feature information of the user to be authenticated on the spot, and

将现场采集的虹膜特征信息与所述虹膜数据服务器存储并提供的虹膜特征信息进行对比,如果两者一致,则验证通过,所述虹膜身份认证模块授权该用户登陆各个业务子系统,并进行日志记录。Comparing the iris feature information collected on-site with the iris feature information stored and provided by the iris data server, if the two are consistent, the verification is passed, and the iris identity authentication module authorizes the user to log in to each business subsystem, and logs Record.

为了防止采集到的虹膜特征信息在进行网络传输时被截取从而发生泄密事件,为充分保障通信信道的传输安全,本发明对数据和信道采取双重保护机制:In order to prevent the collected iris characteristic information from being intercepted during network transmission and leaking events, and to fully ensure the transmission security of the communication channel, the present invention adopts a dual protection mechanism for data and channels:

首先,所述虹膜数据服务器对所述虹膜特征信息和所述基本身份信息进行存储时采用的密钥与所述虹膜数据服务器对所述虹膜特征信息和所述基本身份信息进行传输时采用的密钥不相同;并且,当待认证用户登录不同的业务子系统时,所述虹膜数据服务器与不同的业务子系统之间协商不同的密钥对所述虹膜特征信息进行加密。First, the key used by the iris data server to store the iris feature information and the basic identity information is the same as the key used by the iris data server to transmit the iris feature information and the basic identity information The keys are different; and, when the user to be authenticated logs in to a different service subsystem, the iris data server and the different service subsystems negotiate different keys to encrypt the iris feature information.

其次,所述信息管理系统中的通信信道为采用VPN专用网络的加密传输信道。Secondly, the communication channel in the information management system is an encrypted transmission channel using a VPN private network.

也就是说,所述虹膜数据服务器向各个业务子系统下发数据(例如注册图像、虹膜特征信息)时,敏感信息可在传输前进行加密,或压缩后再进行加密,以提高加密速度和传输速度。为增加整个系统的安全性,传输时的加密密钥可与所述虹膜数据服务器本地存储时的加密密钥不同。例如,所述虹膜数据服务器使用A密钥加密本地存储的注册信息,向业务子系统下发数据时,先将本地加密数据取出并将A密钥解密后,使用B密钥重新加密后再下发。并且,每个业务子系统都可以与所述虹膜数据服务器协商设置不一样的密钥。That is to say, when the iris data server sends data (such as registration images, iris feature information) to each business subsystem, sensitive information can be encrypted before transmission, or encrypted after compression, to improve encryption speed and transmission speed. In order to increase the security of the whole system, the encryption key during transmission may be different from the encryption key during local storage on the iris data server. For example, the iris data server uses the A key to encrypt the registration information stored locally. When sending data to the business subsystem, it first takes out the local encrypted data and decrypts the A key, and then uses the B key to re-encrypt it before downloading. send. Moreover, each business subsystem can negotiate with the iris data server to set different keys.

本发明使用虹膜特征信息进行身份认证,可从根本上杜绝一卡通、密码、数字证书丢失所造成的安全隐患,且对于用户来说更为简单便捷,无需携带任何载体即可完成身份认证,能够有效提升业务效率,实现部门之间数据的安全、可靠交换,实现全方位安全监控,形成生物智能信息化支撑的整体联合办公系统。The present invention uses iris characteristic information for identity authentication, which can fundamentally eliminate potential safety hazards caused by the loss of one-card, passwords, and digital certificates, and is simpler and more convenient for users, and identity authentication can be completed without carrying any carrier, which can effectively Improve business efficiency, realize safe and reliable exchange of data between departments, realize all-round security monitoring, and form an overall joint office system supported by biological intelligence informatization.

显然,本发明的上述实施例仅仅是为清楚地说明本发明所作的举例,而并非是对本发明的实施方式的限定,对于所属领域的普通技术人员来说,在上述说明的基础上还可以做出其它不同形式的变化或变动,这里无法对所有的实施方式予以穷举,凡是属于本发明的技术方案所引伸出的显而易见的变化或变动仍处于本发明的保护范围之列。Apparently, the above-mentioned embodiments of the present invention are only examples for clearly illustrating the present invention, and are not intended to limit the implementation of the present invention. Those of ordinary skill in the art can also make It is impossible to exhaustively list all the implementation modes here, and any obvious changes or changes derived from the technical solutions of the present invention are still within the scope of protection of the present invention.

Claims (9)

  1. A kind of 1. information management system based on iris recognition identification certification, it is characterised in that including:
    Iris information gathers and registration module, for gathering the iris feature information of user, to the basic identity information of user into Row registration, and the iris feature information and basic identity information of user are uploaded to iris data server;
    Iris data server, for collecting and storing the iris feature information and basic identity information of each user, establishes system One shared user profile database, and believe to the iris feature information and basic identity of iris authentication module offer user Breath;
    Iris authentication module, for by the iris feature information of user's collection in worksite to be certified and the iris data service The iris feature information of device storage is contrasted, and the identity of user to be certified is verified, and authorize it after being verified Log in each service sub-system;
    Wherein, the iris authentication module includes:
    System administration submodule, for carrying out system user management, system user Role Management, system user rights management and being System user authentication management;
    User management submodule, for carrying out user management, user property management and user authority management;
    Empowerment management submodule, for carrying out Role Management, task management, resource management and operational administrative;
    Certificate Authority submodule, for carrying out iris recognition certification, fingerprint recognition certification and cipher authentication;
    Data management submodule, shares pipe for carrying out daily record preservation management, log query management, daily record export management and daily record Reason;
    The system administration submodule, the user management submodule, the empowerment management submodule, the Certificate Authority submodule Block and the data management submodule are connected with the iris data server.
  2. 2. information management system according to claim 1, it is characterised in that the basic identity information includes the surname of user Name, gender, unit, department, post and registered images, the registered images include the face information of user, the registered images It is encrypted using Base64 algorithms, does not regularly replace key.
  3. 3. information management system according to claim 1, it is characterised in that the rainbow stored in the iris data server Film characteristic information includes the iris feature information of user's binocular, iris data server described in the iris feature Information Pull with it is each The key that a service sub-system is consulted is encrypted, and does not regularly replace key.
  4. 4. information management system as claimed in any of claims 1 to 3, it is characterised in that the service sub-system Including:
    Computer techno-stress lands safely subsystem, for the body being responsible for when office information system network and relating computer log in Part certification;
    Employee's discrepancy work attendance statistics subsystem, for the personnel identity certification being responsible for when gate inhibition comes in and goes out, and in identification daily record base Staff attendance statistics on plinth;
    Concerning security matters carrier circulation control subsystem, it is true for being responsible for the lending to concerning security matters carrier and giving back progress operating personnel's identity Recognize;
    Safe cabinet security management subsystem, operating personnel's control of authority is carried out for being responsible for locking safe cabinet;
    Documentation borrows subsystem, and operating personnel's identity validation is carried out for being responsible for the lending to security files and giving back;
    Document outgoing management subsystem, operating personnel's authority for being responsible for performing printing, duplicating when document exports task are recognized Card.
  5. 5. information management system as claimed in any of claims 1 to 3, it is characterised in that described information management system System includes multiple iris information collections and registration module, and multiple iris information collections are with registration module at the same time to multiple users Carry out the parallel acquisition of iris feature information.
  6. 6. information management system as claimed in any of claims 1 to 3, it is characterised in that described information management system Communication channel in system is the encrypted transmission channel using VPN dedicated networks.
  7. 7. a kind of information management system based on as claimed in claim 1 based on iris recognition identification certification is known based on iris The approaches to IM of other authentication, it is characterised in that comprise the following steps:
    Iris information gathers the iris feature information with registration module collection user, and the basic identity information of user is noted Volume;
    The iris feature information and basic identity information of user are uploaded to iris number by the iris information collection with registration module According to server;
    The iris data server collects and stores the iris feature information and basic identity information of each user, establishes unified Shared user profile database;
    When user to be certified logs in each service sub-system, iris capturing that the iris authentication module is carried using it Device context gathers the iris feature information of user to be certified, and by the iris feature information of collection in worksite and the iris data The server storage and iris feature information provided is contrasted, if both are consistent, is verified, the iris identity is recognized Card module mandate the user logs in each service sub-system.
  8. 8. approaches to IM according to claim 7, it is characterised in that the iris data server is to the iris The key that characteristic information and the basic identity information use when being stored is with the iris data server to the iris The key that characteristic information and the basic identity information use when being transmitted differs.
  9. 9. approaches to IM according to claim 7, it is characterised in that when user to be certified logs in different business Consult different keys during system, between the iris data server and different service sub-systems to believe the iris feature Breath is encrypted.
CN201511021514.6A 2015-12-31 2015-12-31 A kind of information management system and method based on iris recognition identification certification Expired - Fee Related CN105550562B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201511021514.6A CN105550562B (en) 2015-12-31 2015-12-31 A kind of information management system and method based on iris recognition identification certification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201511021514.6A CN105550562B (en) 2015-12-31 2015-12-31 A kind of information management system and method based on iris recognition identification certification

Publications (2)

Publication Number Publication Date
CN105550562A CN105550562A (en) 2016-05-04
CN105550562B true CN105550562B (en) 2018-05-15

Family

ID=55829749

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201511021514.6A Expired - Fee Related CN105550562B (en) 2015-12-31 2015-12-31 A kind of information management system and method based on iris recognition identification certification

Country Status (1)

Country Link
CN (1) CN105550562B (en)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106096556A (en) * 2016-06-14 2016-11-09 夏烬楚 A kind of iris image identification, chaos encryption integral system and method
CN106339737A (en) * 2016-08-31 2017-01-18 北京欧凯罗信息系统有限公司 Special vehicle electronic driving system
CN106411856A (en) * 2016-09-06 2017-02-15 北京交通大学 Authentication method and apparatus based on face recognition of mobile terminal
CN106503621A (en) * 2016-09-26 2017-03-15 北京无线电计量测试研究所 A kind of method for collecting iris and system
CN106845445A (en) * 2017-02-16 2017-06-13 东华大学 A kind of personal identification method based on wireless network and iris recognition
CN111669408A (en) * 2017-03-30 2020-09-15 阿里巴巴集团控股有限公司 Method and device for identity registration and authentication
CN107220806A (en) * 2017-05-23 2017-09-29 合肥昊思云科科技有限公司 One kind automation workman's job placement management system
CN107220804A (en) * 2017-05-23 2017-09-29 合肥昊思云科科技有限公司 A kind of intelligent work management method based on big data
CN107358086B (en) * 2017-08-25 2022-05-31 成都悍力鼎科技有限公司 U shield safety management system
CN107809416A (en) * 2017-09-19 2018-03-16 周美琳 Intelligent building safety control system and control method
CN107861699A (en) * 2017-11-09 2018-03-30 北京无线电计量测试研究所 A kind of office print system and method based on iris authentication and smart card authentication
CN108449320B (en) * 2018-02-09 2020-08-14 北京百悟科技有限公司 Intelligent automatic safe office system and method
CN108960769A (en) * 2018-06-20 2018-12-07 太仓苏易信息科技有限公司 The office management system of identity-based
CN109255223B (en) * 2018-08-23 2020-11-20 杭州天谷信息科技有限公司 Identity verification safety authentication system based on pupil image acquisition technology
CN109859338A (en) * 2018-12-10 2019-06-07 北京无线电计量测试研究所 A kind of multiterminal networking type iris recognition attendance checking system and method
CN114611086A (en) * 2020-12-09 2022-06-10 深圳迈瑞生物医疗电子股份有限公司 Sample analysis system, sample analyzer and sample analysis method
CN112564904A (en) * 2020-12-11 2021-03-26 山东极光智能科技有限公司 Data encryption system based on quantum communication and use method thereof
CN112817960A (en) * 2021-02-26 2021-05-18 上海帕科信息科技有限公司 Processing platform based on field data governance
CN113158158A (en) * 2021-04-09 2021-07-23 上海龙旗科技股份有限公司 Method and equipment for managing security prototype

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN2413168Y (en) * 2000-01-25 2001-01-03 许榕 A multi-purpose tube lamp
CN103368920A (en) * 2012-04-06 2013-10-23 上海博泰悦臻电子设备制造有限公司 Information service providing method, information service system and vehicle-mounted system
CN103532956A (en) * 2013-10-18 2014-01-22 浪潮电子信息产业股份有限公司 Biological information-based authentication method in cloud operation system
CN105160302A (en) * 2015-08-10 2015-12-16 西安凯虹电子科技有限公司 Multi-model biological recognition general platform and multi-model biological recognition identity authentication method
CN204926094U (en) * 2015-08-26 2015-12-30 广州市鑫澳康科技有限公司 System based on authentication is carried out to biological characteristics information

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN2413168Y (en) * 2000-01-25 2001-01-03 许榕 A multi-purpose tube lamp
CN103368920A (en) * 2012-04-06 2013-10-23 上海博泰悦臻电子设备制造有限公司 Information service providing method, information service system and vehicle-mounted system
CN103532956A (en) * 2013-10-18 2014-01-22 浪潮电子信息产业股份有限公司 Biological information-based authentication method in cloud operation system
CN105160302A (en) * 2015-08-10 2015-12-16 西安凯虹电子科技有限公司 Multi-model biological recognition general platform and multi-model biological recognition identity authentication method
CN204926094U (en) * 2015-08-26 2015-12-30 广州市鑫澳康科技有限公司 System based on authentication is carried out to biological characteristics information

Also Published As

Publication number Publication date
CN105550562A (en) 2016-05-04

Similar Documents

Publication Publication Date Title
CN105550562B (en) A kind of information management system and method based on iris recognition identification certification
JP6941146B2 (en) Data security service
CN102761521B (en) Cloud security storage and sharing service platform
US9189612B2 (en) Biometric verification with improved privacy and network performance in client-server networks
CN103124269B (en) Based on the Bidirectional identity authentication method of dynamic password and biological characteristic under cloud environment
CN106534199B (en) Distributed system authentication and rights management platform based on XACML and SAML in big data environment
IL290334B2 (en) A cryptoasset custodial system with custom logic
CN102448061B (en) Method and system for preventing phishing attack on basis of mobile terminal
US20170142082A1 (en) System and method for secure deposit and recovery of secret data
CN108446680A (en) A kind of method for secret protection in face authentication system based on edge calculations
CN104392405A (en) Electronic medical record safety system
CN1588853A (en) Uniform identication method and system based on network
CN116170143A (en) A smart community data security transmission, storage and integrated use system based on national secret algorithm
CN104992100B (en) Iris dynamic encryption decryption system and method for electronic document circulation
CN102215214A (en) Selective-transparent-encryption/decryption-based file protection method and system
CN116566663A (en) Threat data dynamic processing and efficient sharing method suitable for industrial control system
CN213122985U (en) PIS authentication system
CN115834165A (en) File access control method, system, equipment and medium for double-key encryption
CN117454397B (en) File secure transmission interactive system based on cloud computing
CN118709225A (en) A method for integrating and acquiring multi-source heterogeneous data based on trusted data space
Chen et al. Design of a secure medical data sharing system via an authorized mechanism
CN115659359A (en) Business system access active auditing method and system
CN115720152A (en) Intelligent medical big data processing method combined with digitization
Zhang Research on the application of computer big data technology in cloud storage security
Vanjipriya et al. Blockchain-Based Access Control with Decentralized Architecture for Data Storage and Transfer

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20180515