CN101051897B - Biological information certifying method - Google Patents
Biological information certifying method Download PDFInfo
- Publication number
- CN101051897B CN101051897B CN2006100742882A CN200610074288A CN101051897B CN 101051897 B CN101051897 B CN 101051897B CN 2006100742882 A CN2006100742882 A CN 2006100742882A CN 200610074288 A CN200610074288 A CN 200610074288A CN 101051897 B CN101051897 B CN 101051897B
- Authority
- CN
- China
- Prior art keywords
- server
- client
- authentication
- biological
- certificate scheme
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The method includes following procedures: when supporting multiple authentication schemes, client end determines priority sequence for these schemes; through request message of biological authentication, the client end sends the supported multiple authentication schemes to server, and in the request message, the multiple schemes are sorted according to priority; selecting schemes with high priorities in preference, server sends the selected authentication scheme to client end through response message of biological authentication; client end carries out biological authentication according to authentication scheme selected by server, and informs result of authentication to server. The invention saves resources of network and system, raises efficiency of authentication.
Description
Technical field
The present invention relates to the network security technology field, be specifically related to a kind of biological information certifying method.
Background technology
Along with the network fast development, ecommerce has obtained a large amount of application, and Web bank, transaction etc. are also more general.Network fraud in recent years, the phenomenon that the account usurps is increasing, protects personal account information obviously to be not enough to play safe effect in the conventional cipher mode.Therefore, personal information guarantee, the authentication mechanism of higher security arrangement need be provided for the user.
PKI (Public Key Infrastructure, authentication public key system) has obtained application to a certain degree at present.This authentication mechanism is provided public key certificate by authoritative institution and is given the terminal use, and has deposited user's PKI and other information in certificate.Taken care of by user oneself with the corresponding private key of PKI, PKI and private key are well-determined relation, can not infer private key from PKI, but the information of public key encryption can be passed through the unique deciphering of private key.This specific character of PKI can guarantee whether the verifier can provide private key to confirm whether the user is the entity of stating on the public key certificate according to the user, and then guarantee that user profile can illegally not stolen.In this mechanism, the protection private key for user is crucial, and private key generally is that the mode with electronic information leaves some in above the hardware.If private key is lost, also lost guarantee with regard to the personal information that means the user.
Utilize personal biological information (for example, fingerprint, iris etc.) to carry out the effective ways that authentication is a kind of resource conservation.Consider the particularity of biological information itself and the particular surroundings of network ID authentication, the biological information a kind of safer authentication architecture of formation that combines with PKI is become a very competitive research field.
TSM (Telebiometric System Mechanism) inquires into biological information to combine with PKI and realize a project of authentication safer on the public network at present, it is with TLS (Transport Layer Security, Transport Layer Security) combines with biological identification, guarantee further that with biological information the terminal use is the registered user.
TSM is divided into 9 types according to the provider location that biological template (authoritative institution's extraction user biological information was used for providing the model foundation for the checking of back when Biometric Template user registered) deposit position, biological identification carry out with carrying out biological identification on the public network, and is as shown in table 1 below:
Table 1:
Wherein, Client is the terminal (generally can gather user biological information) of user's use; Server just permits the resource that its visit provides self for the equipment of service is provided after must verifying the user; TTP (Trusted Third Party, believable third party) is the third party, is generally the mechanism that Client and Server trust;
Local is the local authentication model, and template stores is compared the biological information and the template of gathering in this locality, forms the biometric information authentication result and also carries out in this locality; Download authentication model, template be not in this locality, but therefore biological identification need download to this locality with biological template from Server in this locality, carries out biological identification then; RFC3739 Client/Server Matching is an authentication model of having used for reference RFC3739, is client or server-side certificate;
Attached represents that client sends to Server with the biological template information of this locality storage with other information, is mated by Server; Center represents the only responsible biological information of gathering of client, and biological template is stored in the Server place, is mated by Server;
Matching sourcing by Client/Server represents that Client/Server end stores biological template, and the biological information of this biological template and the collection of Client end is sent to TTP in the mode of attached (adding), is mated by TTP; Storage ﹠amp; Matching Outsourcing represents that biological template is stored in TTP, and the Client end mails to TTP with the biological information of gathering, and is mated by TTP.
For example, the Local authentication model among the TSM as shown in Figure 1.
TSM is primarily aimed at two kinds of situations: the public key certificate of (1) client public key certificate and Client (client) is one (for example PC, personal mobile phone); (2) the client public key certificate is two different (for example laboratory gate control systems) with the public key certificate of Client, and biological identification is combined the authentication architecture that provides biological information to combine with PKI with TLS (Transport Layer Security) agreement based on PKI.
TSM has provided the process of biometric authentication in its biological identification model.Send in Biometric Client Hello (biological identification request) message of Server at Client, comprised information such as the biological data type that client can provide, biometric authentication model.If support multiple proof scheme, list with tabular form, and TSM has provided its ASN.1 coding.But also there is following shortcoming in this ASN.1 coding structure:
(1) not unique corresponding the time for biological data type and biological identification model, the BiometricMethod that ASN.1 represents (certificate scheme) can be very complicated, make that the data in the Biometric Client Hello message are oversize, thereby take too much network and system resource;
(2) when multiple certificate scheme, which kind of scheme the ListofBiometricMethod that ASN.1 represents (certificate scheme tabulation) selects to use do not provide effective information for Server.
In addition, in the processing procedure of TSM, require biological template to download to the Validation Mode of Client end from Server for download etc., TSM not explanation by which kind of mode downloads; For the situation that needs TTP to participate in, MatchingOutsourcingByClient pattern for example, TSM does not illustrate how TTP communicates with Client and Server; And, if a kind of proof scheme authentication failed, Server only sends to next proof scheme the Client end, and this processing mode is unfavorable for that the Client end detects self problem, form necessary report, and carry out necessary information interaction with the householder or with the attendant.
Summary of the invention
The purpose of this invention is to provide the authentication method that a kind of biological information combines with PKI, to overcome in the prior art information complexity of the transmission between the Client and Server when multiple authentication mode is arranged, and can not transmit the shortcoming of enough effective informations, interactive information to Client and Server is optimized, save network and system resource, improve authentication efficient.
For this reason, the invention provides following technical scheme:
A kind of biological information certifying method, described method comprises step:
When client is supported multiple certificate scheme, determine the priority orders of these certificate schemes;
Client sends to server with the multiple certificate scheme of its support by the biological identification request message, and in this request message, described multiple certificate scheme comprises one or more network authentication model according to prioritization in every kind of certificate scheme;
Server is preferentially selected the high certificate scheme of priority, if and the network authentication model in the certificate scheme selected of described server do not need server and believable third party's exchange message, then send its certificate scheme of selecting to client by response message of biological authentication;
Client is carried out biological identification according to the selected certificate scheme of server, and with the authentication result announcement server.
Described multiple certificate scheme is listed with tabular form.
When described certificate scheme tabulation comprises the multiple network authentication model, arrange these network authentication model with the priority orders of client approval.
Alternatively, described method further comprises:
If the network authentication model in the certificate scheme that server is selected requires server that client's biological template is sent to client, then in described response message of biological authentication, comprise this biological template.
Alternatively, described method further comprises:
If the network authentication model in the certificate scheme that server is selected requires server and believable third party's exchange message, then server and described believable third party communicate, and finish the biological identification process.
Described server and described believable third party communicate, and the step of finishing the biological identification process comprises:
Whether the server inspection has concerted in advance and described third-party communication mode;
If have, then communicate by described concerted in advance communication mode;
If no, then server through consultation mode set up and described believable third-party secured communication channel, and communicate by this secured communication channel.
If server mode is through consultation set up and described believable third-party secured communication channel failure, then the selected again certificate scheme of server sends to client and carries out re-authentication, perhaps notifies client authentication process to finish.
Alternatively, described method further comprises:
If the network authentication model in the selected certificate scheme of server requires client and believable third party's exchange message, then client through consultation mode set up with described believable third-party secured communication channel and communicate, finish the biological identification process.
If client mode is through consultation set up and described believable third-party secured communication channel failure, the direct announcement server authentification failure of client then, and in this notification message, carry failure cause information.
If described client or described third party judge the biological identification failure, then in sending to the authentication result notification message of server, carry failure cause information.
If server is judged the biological identification failure, then send in the re-authentication or authentication end of client at it, carry failure cause information.
By above technical scheme provided by the invention as can be seen, when the present invention supports multiple certificate scheme when client, determine the priority orders of these certificate schemes, and with it according to prioritization, send to server by the biological identification request message, thereby make server can preferentially select the high certificate scheme of priority targetedly, improve authentication efficient; And when the corresponding multiple network verification model of a kind of biological data type, these network verification models are included in a certificate scheme tabulation with priority orders send server to, thereby reduced the length that client sends to the biological identification request message of server, saved Internet resources greatly.Further, behind authentification failure, by expansion to existing Biometric Client Verify message and Biometric Retry Request message and Biometric Finished message, make client and/or server end send the reason of authentification failure to the other side, thereby can make client detect self problem, form necessary report, for user and system maintenance personnel provide effective reference information, make the server can be simultaneously with reference to failure cause, select a kind of certificate scheme down effectively, improved the validity of authentication.
Description of drawings
Fig. 1 is the Local authentication model among the TSM;
Fig. 2 is the biological identification model of TLS session when the client public key certificate is identical with the Client public key certificate among the TSM;
Fig. 3 is client public key certificate and the Client public key certificate biological identification model of TLS session simultaneously not among the TSM;
Fig. 4 is the realization flow figure of the inventive method;
Fig. 5 utilizes the inventive method to carry out the message interaction process of client, server and TTP in the biological identification process.
Embodiment
In order to make those skilled in the art person understand the present invention program better, at first two kinds of authentication scenario among the TSM are carried out simple declaration.
The biological identification model of TLS session when reference client public key certificate shown in Figure 2 is identical with the Client public key certificate:
In this authentication model, the public key certificate of client public key certificate and Client is one, for example PC, personal mobile phone etc.Client and user's public key certificate is same, and Server (server) has verified the certificate of Client, has also just verified the user.Therefore after the TLS passage was set up, Server had promptly be sure of user's identity, with launching biometric information verification with Client.
Reference client public key certificate shown in Figure 3 and Client public key certificate be the biological identification model of TLS session simultaneously not:
In this authentication model, the client public key certificate is different two with the public key certificate of Client, for example the laboratory gate control system.Server at first verifies the public key certificate of Client, sets up the TLS passage with Client.On this passage, Server is by TLS Handshake with Biometric Authentication (TLS shakes hands and the combining of biological identification), the user is carried out PKI authentication public key and biological identification, after authentication finishes, set up the session channel of TLS between Server and the user.
Wherein, it is identical with tls protocol to set up the machinery of consultation of TLS session channel.After the TLS session is successfully set up, begin to carry out biological identification immediately.
The present invention has done further optimization promptly at above-mentioned these two kinds and biological identification model similar with it to the interacting message between Client end and Server, can provide enough information needed mutually to guarantee Client end and Server, and improve authentication efficient.
Message provided by the present invention and reciprocal process are not only applicable to above-mentioned these two kinds of biological identification models, also can be applicable to the biological identification model of other similar frameworks, but for more convenient, clearly the present invention described, below be the example explanation with above-mentioned first kind of biological identification model.
The present invention is described in further detail below in conjunction with drawings and embodiments.
With reference to Fig. 4, Fig. 4 shows the realization flow figure of the inventive method:
Step 401: when client is supported multiple certificate scheme, determine the priority orders of these certificate schemes.
Can preestablish the priority orders of these certificate schemes of client support according to the practical capacity of application need and client.
Step 402: client sends to server with the multiple certificate scheme of its support by the biological identification request message, and in this request message, described multiple certificate scheme is according to prioritization.
In the biological identification request message, comprise the biological data type that client can provide, such as, fingerprint, iris, ear shape etc., also comprise the network authentication model that client is supported, such as Local, Download, RFC3739 Client Matching, Attached, Center, RFC3739 Server Matching, MatchingOutsourcing by Client, Matching Outsourcing by Server, Storage ﹠amp; Among the MatchingOutsourcing any one or more.In addition, if verification process needs TTP to participate in, then in this message, also comprise the information of TTP etc.
Described multiple certificate scheme can be listed with the form of tabulation, and according to prioritization.And in order to save message load, each certificate scheme tabulation can comprise one or more network authentication model.
Biological identification scheme for client-requested, can be described below by the ASN.1 coded system: RequestBiometricModel::=SEQUENCE{ requestNum INTEGER, (certificate scheme number) listofBiometricMethod BiometricMethod (certificate scheme tabulation)
}
Wherein, the certificate scheme tabulation is arranged with the definite priority orders of client.ListofBiometricMethod::=SET?SIZE(requestNUM)OF?BiometricMethodBiometricMethod::=SEQUENCE{
BiometricType BiometricType,--(biological data type, the type of CBEFF definition)
BiometricFunctionProvider BFPSchema,--(biological function provides information, the type of BioAPI definition)
NetworkAuthenticationModelInfo NetworkAuthenticationModelInfo, (network authentication model information)
ThirdPartyInfo UTF8String (third party's information trusty)
}
The network authentication model information content comprises: NetworkAuthenticationModelInfo::=SEQUENCE{
ModelNum INTEGER, (number of network authentication model)
ListofNetworkAuthenticationModel NetworkAuthenticationModel (network authentication model tabulation)
}
Wherein, network authentication model is arranged with priority orders.
Same prior art that NetworkAuthenticationModel defines and ASN.1 encodes can be above-mentioned 9 kinds of biological identification models and other similar biological identification models.
Step 403: server is preferentially selected the high certificate scheme of priority, and the certificate scheme that it is selected sends client to by response message of biological authentication.
Server is according to a plurality of certificate schemes tabulations among the RequestBiometricModel of client transmission, select its acceptable certificate scheme tabulation in conjunction with the characteristics of self, select the superior at first to send to client according to priority, the authentication requesting parameter with each scheme sends to client together simultaneously.If the network authentication model that server is selected, the indication server must send Template (template) and give client, such as, when the selected network authentication model of server is the download pattern, then server need have this Template information in giving the response message of client, be about to TemplateID and send to server, the definition of TemplateID is identical with TSM.
The present invention is as follows to the expansion of Biometric Server Hello (biological identification response) message: BiometricAuthenticationRequest SEQUENCE{ biometricMethod BiometricMethod, (biological identification scheme) requestFMR BioAPI-FAR,--(requiring the satisfied rate that mismatches) requestTrialNumber INTEGER (1..15), (permission number of retries) requestQuality INTEGER (0, ..255) (quality of data of requirement) templateID TemplateID (OPTIONAL) (the biological template sign is for optional) } END
If the RequestBiometricModel that server sends according to client, affirmation must be communicated by letter with TTP, and then server need be confirmed the communication pattern with TTP at this moment.If prior concerted communication means is arranged, then adopts this communication means; Otherwise server is set up escape way in PKI (authentication public key system) certificate verification of initiating with TTP on the basis; In addition, can also pass through the escape way that TLS (Transport Layer Security) consults foundation and TTP.
Like this, if behind the selected certificate scheme of server, affirmation need be communicated by letter with TTP, then at first according to the policy configurations of server self and the information of TTP, with TTP negotiation communication passage.If consult failure, then server is thought this authentication failed, can select to finish the authentication (sending BiometricFinished message) with client, perhaps selects next certificate scheme, and the notice client authenticates again.
Step 404: client is carried out biological identification according to the selected certificate scheme of server, and with the authentication result announcement server.
After client is received Biometric Server Hello (biological identification response) message of server, if the network authentication model that server is determined in this message is the Download model, then whether client need comprise Template Information in the BiometricAuthenticationRequest structure of further this message of inspection, if do not comprise, then client is thought this message error, this authentification failure of client announcement server.
If the authentication model that server is selected requires client to communicate by letter with TTP, then client is at first initiated TLS and is consulted the escape way of foundation and TTP.
For example, for RFC3739 Client matching model, perhaps Matching Outsourcing byClient Model, perhaps Storage ﹠amp; Matching Outsourcing Model authentication model, client at first utilize tls protocol to consult escape way with TTP, if consult failure, then this authentification failure of client announcement server.
If the network authentication model that server is determined is the authentication model that is mated by client itself, such as, the Local model, the Download model, RFC3739 ClientMatching model etc., when then client is carried out biological identification according to the selected certificate scheme of server, after client image data and the execution authentication, if data result itself can not satisfy the authentication requesting in the response message of biological authentication of server, FMR (erroneous matching rate) for example, client is thought needs this authentification failure of announcement server by this authentification failure.
Understand the reason of authentification failure in order to make client and server, so that client detects self problem better, form necessary report, carry out necessary information interaction for user or attendant and client reference is provided, and be convenient to server and select the suitable network authentication model targetedly, improve authentication efficient.
Therefore, the present invention expands the Biometric Client Verify message that client sends to server, carries the authentification failure reason in this message, and its ASN.1 coding is as follows: BiometricClientVerifyResult::={
BiometricVerifyCode INTEGER, (showing the checking result) if failure provides failure cause
BiometricClientVerifyContents BiometricClientVerifyContents, (define with TSM, when BiometricClientVerifyResult shows this failure, can not contain Contents member among the Biometric Client Verify)
}
After server is received the execution result of client, if judge a kind of certificate scheme result failure, and decision selects next certificate scheme to send to client when authenticating again, except informing the new certificate scheme parameter of client, also needs to notify the client certificate error reason.Equally,, select next certificate scheme, when the notice client authenticates again, also need server notification client certificate error reason if server and TTP consult failure.Equally, if all authentications are ended in the server decision, it also is necessary then notifying the client error reason.
These error reasons can be that hardware operation failure, communication port are set up the reasons such as requirement that failure, TTP operation failure, client image data, matching result etc. do not satisfy server end and caused.This error reason defines with BiometricVerifyCode, and type is an integer.
For this reason, the present invention expands Biometric Retry Request (biological re-authentication request) message and Biometric Finished (biological identification is finished) message that client sends to server, makes it carry the authentification failure cause information.
ASN.1 coding after the expansion is as follows: BiometricRetryRequest::=BEGINEBiometricVerifyCode INTEGER, (showing the checking result, if failure provides failure cause) biometncAuthenticationRequest SEQUENCE{
biometricMethod BiometricMethod,
requestFMR BioAPI-FAR,
requestTrialNumber?INTEGER,
requestQuality INTEGER}ENDBiometric?Finished::=BEGIN
biometricAuthenticationResult::=INTEGEREND
Further specify the message interaction process that the present invention carries out client, server and TTP in the biological identification process below with reference to Fig. 5.
Step 1.Client sends Biometric Client Hello (biological identification request) message and gives Server, if in this message, comprise multiple certificate scheme, then these schemes are arranged according to priority orders, and comprise one or more network authentication model in every kind of certificate scheme, these network authentication model are also with prioritization;
Certificate scheme and self restriction that step 2.Server sends according to Client, selected a kind of certificate scheme;
Whether the network authentication model in the certificate scheme that step 3.Server determines needs Server and TTP exchange message, such as Matching sourcing by Server authentication model; If desired, then enter step 4, otherwise, enter step 6;
Step 4.Server mode through consultation sets up secured communication channel with TTP, perhaps communicates by letter with TTP according to strategy decided at the higher level but not officially announced;
If step 5. secured communication channel is set up successfully, then Server communicates according to network verification model and TTP;
If the network authentication model in the certificate scheme that step 6. Server determines does not need Server and TTP exchange message, then directly send Biometric Server Hello (biological identification response) message to Client, in this message, comprise the selected biological data type of server end, the network verification model is for the information lists such as quality of measurement data.And, if the selected network verification model of server end needs Server that client's biological template is sent to Client, then in this message, also comprise described biological template information;
Step 7.Client judges network authentication model whether needs Client and TTP exchange message in the definite certificate scheme of Server according to the message received, such as Matching sourcing by Client authentication model or Storage ﹠amp; Matching Outsourcing authentication model; If desired, then enter step 8, otherwise, enter step 10;
Step 8.Client mode through consultation sets up secured communication channel with TTP;
If step 9. secured communication channel is set up successfully, then Client communicates according to network verification model and TTP;
If the network authentication model in the certificate scheme that step 10. Server determines does not need Client and TTP exchange message, then Client mates according to the biological information and the biological template of this network authentication model to its collection;
Step 11.Client sends to Server with execution result by Biometric Client Verify (biological identification verification) message;
Step 12.Server determines whether to carry out re-authentication or finishes authentication according to this execution result, and re-authentication then enters step 13 if desired; If the end verification process then enters step 14;
If the result of step 13. checking is failure, then Server sends to Client according to the selected once more cover proof scheme of the information of self information and the transmission of Client end by Biometric Retry Request (biological re-authentication request) message;
If step 14. Server confirms that Client by authentication, perhaps decides the end verification process in its sole discretion, then send Biometric Finished (biological identification is finished) message to Client.
If desired, then in above-mentioned Biometric Retry Request message, Biometric Client Verify message and Biometric Finished message, comprise the authentication error cause information.
In addition, if in step 4 Server through consultation mode set up and the failure of the secured communication channel of TTP, then the selected again certificate scheme of Server sends to client and carries out re-authentication, perhaps notifies client authentication process to finish.
If in step 8 Client through consultation mode set up and the failure of the secured communication channel of TTP the direct announcement server authentification failure of client then, and in this notification message, carry failure cause information.
If Client or TTP carry out the biological identification failure, then in sending to the authentication result notification message of server, carry failure cause information.
Though described the present invention by embodiment, those of ordinary skills know, the present invention has many distortion and variation and do not break away from spirit of the present invention, wish that appended claim comprises these distortion and variation and do not break away from spirit of the present invention.
Claims (11)
1. a biological information certifying method is characterized in that, described method comprises step:
When client is supported multiple certificate scheme, determine the priority orders of these certificate schemes;
Client sends to server with the multiple certificate scheme of its support by the biological identification request message, and in this request message, described multiple certificate scheme comprises one or more network authentication model according to prioritization in every kind of certificate scheme;
Server is preferentially selected the high certificate scheme of priority, if and the network authentication model in the certificate scheme selected of described server do not need server and believable third party's exchange message, then send its certificate scheme of selecting to client by response message of biological authentication;
Client is carried out biological identification according to the selected certificate scheme of server, and with the authentication result announcement server.
2. method according to claim 1 is characterized in that,
Described multiple certificate scheme is listed with tabular form.
3. method according to claim 2 is characterized in that,
When described certificate scheme tabulation comprises the multiple network authentication model, arrange these network authentication model with the priority orders of client approval.
4. method according to claim 1 is characterized in that, described method further comprises:
If the network authentication model in the certificate scheme that server is selected requires server that client's biological template is sent to client, then in described response message of biological authentication, comprise this biological template.
5. method according to claim 1 is characterized in that, described method further comprises:
If the network authentication model in the certificate scheme that server is selected requires server and believable third party's exchange message, then server and described believable third party communicate, and finish the biological identification process.
6. method according to claim 5 is characterized in that, described server and described believable third party communicate, and the step of finishing the biological identification process comprises:
Whether the server inspection has concerted in advance and described third-party communication mode;
If have, then communicate by described concerted in advance communication mode;
If no, then server through consultation mode set up and described believable third-party secured communication channel, and communicate by this secured communication channel.
7. method according to claim 6 is characterized in that,
If server mode is through consultation set up and described believable third-party secured communication channel failure, then the selected again certificate scheme of server sends to client and carries out re-authentication, perhaps notifies client authentication process to finish.
8. method according to claim 1 is characterized in that, described method further comprises:
If the network authentication model in the selected certificate scheme of server requires client and believable third party's exchange message, then client through consultation mode set up with described believable third-party secured communication channel and communicate, finish the biological identification process.
9. method according to claim 8 is characterized in that,
If client mode is through consultation set up and described believable third-party secured communication channel failure, the direct announcement server authentification failure of client then, and in this notification message, carry failure cause information.
10. according to claim 6 or 8 described methods, it is characterized in that,
If described client or described third party judge the biological identification failure, then in sending to the authentication result notification message of server, carry failure cause information.
11. according to claim 1 or 7 described methods, it is characterized in that,
If server is judged the biological identification failure, then send in the re-authentication or authentication end of client at it, carry failure cause information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2006100742882A CN101051897B (en) | 2006-04-07 | 2006-04-07 | Biological information certifying method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2006100742882A CN101051897B (en) | 2006-04-07 | 2006-04-07 | Biological information certifying method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101051897A CN101051897A (en) | 2007-10-10 |
| CN101051897B true CN101051897B (en) | 2010-07-28 |
Family
ID=38783113
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2006100742882A Expired - Fee Related CN101051897B (en) | 2006-04-07 | 2006-04-07 | Biological information certifying method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101051897B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102510387B (en) * | 2011-12-29 | 2014-06-04 | 西安西电捷通无线网络通信股份有限公司 | Transport layer security (TLS) handshaking method and device, and trusted third party (TTP) |
| CN102510338B (en) * | 2011-12-31 | 2015-01-07 | 中国工商银行股份有限公司 | System, device and method for security certificate for multi-organization interconnection system |
| CN104506317A (en) * | 2014-12-01 | 2015-04-08 | 金硕澳门离岸商业服务有限公司 | An authentication method and device based on multiple authentication modes |
| JP7013193B2 (en) * | 2017-10-10 | 2022-01-31 | キヤノン株式会社 | System, system control method, voice control device, voice control device control method, and program |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5054090A (en) * | 1990-07-20 | 1991-10-01 | Knight Arnold W | Fingerprint correlation system with parallel FIFO processor |
| US6052468A (en) * | 1998-01-15 | 2000-04-18 | Dew Engineering And Development Limited | Method of securing a cryptographic key |
| CN1486013A (en) * | 2002-09-23 | 2004-03-31 | 华为技术有限公司 | Method for network access user authentication |
-
2006
- 2006-04-07 CN CN2006100742882A patent/CN101051897B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5054090A (en) * | 1990-07-20 | 1991-10-01 | Knight Arnold W | Fingerprint correlation system with parallel FIFO processor |
| US6052468A (en) * | 1998-01-15 | 2000-04-18 | Dew Engineering And Development Limited | Method of securing a cryptographic key |
| CN1486013A (en) * | 2002-09-23 | 2004-03-31 | 华为技术有限公司 | Method for network access user authentication |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101051897A (en) | 2007-10-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11832099B2 (en) | System and method of notifying mobile devices to complete transactions | |
| CN108369697B (en) | System and method for issuing certificate based on block chain | |
| US8180686B2 (en) | Multi-step authentication-based electronic payment method using mobile terminal | |
| RU2638741C2 (en) | Method and user authentication system through mobile device with usage of certificates | |
| CN101547095B (en) | Application service management system and management method based on digital certificate | |
| US20170353442A1 (en) | Proximity-based authentication | |
| US11108558B2 (en) | Authentication and fraud prevention architecture | |
| EP2834730B1 (en) | Secure authentication in a multi-party system | |
| CN100580610C (en) | Security link management method in dynamic networks | |
| CN1859096B (en) | Safety verifying system and method | |
| EP3454504B1 (en) | Service provider certificate management | |
| US8533482B2 (en) | Method for generating a key pair and transmitting a public key or request file of a certificate in security | |
| JP5604176B2 (en) | Authentication cooperation apparatus and program thereof, device authentication apparatus and program thereof, and authentication cooperation system | |
| US20030084282A1 (en) | Method and apparatus for certification and authentication of users and computers over networks | |
| AU2017234653A1 (en) | Validation cryptogram for interaction | |
| CN101785276A (en) | Method and system for performing delegation of resources | |
| CN101262342A (en) | Distributed authorization and validation method, device and system | |
| CN101547097B (en) | Digital media management system and management method based on digital certificate | |
| JP2017152880A (en) | Authentication system, key processing coordination method, and key processing coordination program | |
| CN101610515A (en) | A kind of Verification System and method based on WAPI | |
| US20170104748A1 (en) | System and method for managing network access with a certificate having soft expiration | |
| CN101051897B (en) | Biological information certifying method | |
| US20080301788A1 (en) | Identity assertion | |
| JP2003338816A (en) | Service providing system for verifying personal information | |
| CN103346889A (en) | Digital certificate authentication method, system, client-side and digital certificate carrier |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100728 |