US 12,265,601 B1
Secure and trusted three-party device fingerprint authentication method
Yanjiao Chen, Hangzhou (CN); Yinan Zhong, Hangzhou (CN); Wenyuan Xu, Hangzhou (CN); Qianhao Miao, Hangzhou (CN); Nige Li, Hangzhou (CN); and Jiahan Dong, Hangzhou (CN)
Assigned to Zhejiang University, Hangzhou (CN)
Filed by Zhejiang University, Hangzhou (CN)
Filed on Jul. 19, 2024, as Appl. No. 18/777,578.
Claims priority of application No. 202311278324.7 (CN), filed on Sep. 28, 2023.
Int. Cl. G06F 21/00 (2013.01); G06F 21/32 (2013.01); G06F 21/57 (2013.01)
CPC G06F 21/32 (2013.01) [G06F 21/57 (2013.01)] 4 Claims
OG exemplary drawing
 
1. A secure and trusted three-party device fingerprint authentication method, comprising the following steps:
(S1), performing an authentication preparation stage by dividing subjects involved in fingerprint authentication into a device party U, a service party P and a storage party V, uploading and verifying an execution program of a trusted execution environment TEE Programtee;
(S2), performing an authentication initialization stage by establishing the trusted execution environment TEE by the service party P, and establishing a security channel between the trusted execution environment TEE, the device party U and the storage party V; and
(S3), performing a device fingerprint authentication stage by uploading a fingerprint FP and a fingerprint library FPL to the trusted execution environment TEE through the security channel by the device party U and the storage party V, respectively, after completing a device fingerprint authentication, obtaining an authentication result through the security channel;
wherein (S1) comprises the following steps:
(S11), determining tripartite subjects by dividing the subjects involved in the fingerprint authentication into the U, P and V three parties, wherein U performs the device fingerprint authentication, P provides a fingerprint authentication service, and V stores the device fingerprint library;
(S12), generating private keys by the device party U and the storage party V by using an encryption algorithm to generate private keys KU and KV by the device party U and the storage party V, respectively, wherein, KU is a private key generated by the device party U using the encryption algorithm, and KV is a private key generated by the storage party V using the encryption algorithm;
(S13), uploading the execution program of the trusted execution environment TEE by the storage party V by determining that the execution program Programtee that to be executed in the trusted execution environment by the storage party V, and transferring the execution program to the service party P; and
(S14), verifying the execution program by the device party U by verifying that the execution program Programtee was transmitted from the storage party V to the service party P of the trusted execution environment TEE, confirming that the execution program correctly established the trusted execution environment TEE and does not disclose the device fingerprint information of the device party U.