CN1696966A - Self-determined authentication card with multiplayer ciphers, system, method and authentication telephone set - Google Patents

Abstract

A biological autonomous identification device is features as using carry - on cord or phone to input status code and biological character by identifying party, comparing inputted data with preset data in card or phone and forming new status cipher key if test is passed, sending those information to identification server of third party for comparing them with preset data and sending application data to application server for processing if test is passed sending data back to identification server, sending result to verification server then identification server which sends final result back to the card or phone.

Description

Multilayer password biology is from master authentication card and system, method and authentication telephone set

Technical field

The present invention relates to a kind of multilayer password biology from master authentication card and system, method and authentication telephone set, belong to field of identity authentication, be applicable to network system construction merchant and Internet Service Provider, on its network, build and provide independently identity authentication function of multilayer password biology; Also be applicable to card and telephone set, mobile-phone manufacturers, to produce multilayer password biology from master authentication card and authentication telephone set; Be specially adapted to mobile radio network construction, service provider and mobile-phone manufacturers, build and provide biological autonomous Verification System of multilayer password and function on its mobile radio network, manufacturing can be carried out authentication card and the authentication mobile phone of multilayer password biology from master authentication.

Background technology

Along with the development of electronic technology, network and social diversification, authentication is more and more general.Particularly carry out authentication by electronic installation and network because convenient, fast, greatly the aspect people's life, become the option of following social life.

Present field of identity authentication, identity authorization system and the method standard that neither one is unified, that be fit to all application, but according to the needs of using, set up identity authorization system voluntarily, its identification authentication mode is varied: by the identity information of authenticating parties such as storage password on an ID (identity number) card, as bank card, read identity informations such as password on the card by the reader device of authentication and compare with the data in its identity database and confirm identity; Need not block in addition, the use biological characteristic, as the patent 99110825.6 of having authorized identity identifying method based on iris recognition, disclosed patent 200310118507.9 is confirmed system in conjunction with the speaker ' s identity of semantic and voiceprint, all need on the physical characteristics collecting device of authentication, gather biological characteristic, compare with the biological characteristic of storing in advance in the authentication identity database and confirm identity; Also have card and biological characteristic to combine, utilize the system of fingerprint recognition personal identification as the patent 98125160.9 of having authorized, with information stores such as biological characteristic the card on, read biological characteristic and information on the card by the reader device of authentication during authentication, collect biological characteristic by the physical characteristics collecting device, the biological characteristic on the card is confirmed identity with biological characteristic that collects and the information comparison in the database.All there are following deficiency in these identity authorization systems and method: the identity information of authenticating party and biological characteristic are to be stored in the database of authentication, make some personally identifiable informations, comprise the danger that disclosed identity information exists the side of being verified to leak of being reluctant of some privacies (as identification cipher, biological characteristic etc.); During authentication, all need read identity information on the reader device of authentication and physical characteristics collecting device, gather biological characteristic, not have the aforementioned means of authentication just can not carry out authentication, be passive authentication; The identification authentication data storehouse spreads all over all trades and professions, the authentication people needs a kind of service, just need to store identity information one time, or obtain an ID (identity number) card, understand the ID (identity number) card that people of appearance holds tens up to a hundred identity information basically identicals simultaneously but can't be general, can't carry one by one, cause the duplicate construction and the waste of society; Authentication can only provide authentication to the authentication people who has stored identity information in its identity database, to other not or be reluctant that in its identity database the people of storage identity information can not provide authentication.

Aspect the password authentication, authentication as bank card, on Automatic Teller Machine, withdraw deposit, be to read card number and password on the bank card, carry out authentication with the comparison of the password in the database again, recognize card (password) and do not recognize people by the reader device on the Automatic Teller Machine, withdraw deposit at the manual service sales counter, though need show personal identity card, the forgery of I.D. is very easy, almost also is to recognize card (password) not recognize people; A large amount of radio frequency smart cards that adopt in the gate inhibition are to carry out identity validation by password and identity information that reader device reads on the card equally for another example, are to recognize card not recognize people too.Caused opportunity to the undesirable like this.

At the biometric identity authenticated connection, because when any physical characteristics collecting device is compared at a large amount of different biological characteristic of collection, comparison all can occur and recognize false and genuine situation is refused in comparison, have certain comparison accuracy of system identification and comparison and refuse sincerely, have true and false situation about being regardless of; Even some the time Zhang San authenticated be Li Si.These situations increase along with the expansion of identity data storage capacity.

No matter be above-mentioned which kind of authentication, as long as existing in the device of authentication reads and writes ID (identity number) card or biological characteristic is gathered, the same device in same place, can only satisfy limited authenticating party uses, in some places, as Automatic Teller Machine, often can see the situation of authenticating party queuing.

In the time of more,, still adopt the nature person to add I.D. (card) and carry out authentication, manually register, authenticate modes such as people's signature then, can not prevent to palm off authenticator's (holding false I.D.) like this, also waste time waste of manpower as some machine-operated gate inhibitions.

Authentication in sum, its authentication principles is: authenticating party and authentication both sides make an appointment, and at identification cipher, the biological characteristic of the device stored authenticating party of authentication, authenticating party is according to identification cipher, biological characteristic or store the card of identification cipher, biological characteristic, and typing password, biological characteristic authenticate with password, the biological characteristic comparison of storage in advance on the demo plant of authentication.Be to dominate and leading fixing passive, have the authentication of certain pressure color by authentication; The authentication and application be combined as a whole, authenticating party to the authentication methods without any right to choose; Verification process has only authenticating party and authentication to participate in, and lacks an effective third party, and the notarization of authentication and reliability can not get ensureing.

Lack a unified reliable identity Verification System of authority and method at present, effectively to overcome above-mentioned deficiency.

Summary of the invention

In view of this, the present invention at first become the passive authentication of taking as the leading factor with authentication into take as the leading factor with authenticating party from master authentication; Will the side of application, authentication is with the verification process relative separation, make it only to enjoy the achievement of authentication, and needn't the degree of depth participate in verification process; Set up the third party, improve the fairness and the reliability of authentication; Overcome many deficiencies of existing authentication.Specifically the purpose that will realize is as follows:

One object of the present invention is to provide a kind of that can be carried by authenticating party, multilayer password biology from master authentication card (hereinafter to be referred as authentication card or card), has identification cipher input media, physical characteristics collecting device, identity information memory storage, identity information and handle comparison device and identity information output, receiving trap on the same card; Make authenticating party pass through entrained card input identification cipher, gather biological characteristic, and in card, carry out the comparison of identification cipher and biological characteristic, and identity information can be transmitted to other devices; Be used for authenticating party by authentication card and third party, provide autonomous authentication and application message to application side and authentication.Authenticating party is stored in identity informations such as identification cipher and biological characteristic authentication card and third party in advance, authenticating party is when authenticating, earlier in the identification cipher and the authentication card carried of biological characteristic typing with oneself, with the identification cipher of storage and biological characteristic comparison in advance in the card, after comparison is passed through, generate new identity key, and the identity information in will blocking sends to the third party, further to compare authentication, send the identity information of process authentication again by third direction authentication and application side.Authenticating party need not deposit identification cipher or biological characteristic in the device of authentication, need in the device of authentication, not import password yet or gather biological characteristic, with the problem of avoiding leakage of the above-mentioned identity information side of being verified and passive authentication, waiting in line, avoid recognizing the problem that card is not recognized people by the combination of password and biological characteristic, stick into capable authentication by individual specific authentication, the biological characteristic of an authentication storage side in the card avoids the appearance comparison to recognize false and genuine situation is refused in comparison.

Second purpose of the present invention is to provide a kind of multilayer password biological autonomous Verification System (hereinafter to be referred as Verification System or system), third party's certificate server is set in system, block with authentication by network, writing station in advance, authentication is connected with application side, receive the identity information that the authentication card sends, and compare authentication once more, send the identity information of process authentication to application side and authentication by third party's certificate server, be used for authenticating party by the authentication card, network, certificate server provides autonomous authentication and application message to application side and authentication.Make application side and authentication need not to carry out collection, storage, comparison and the authentication of identity information, can provide authentication service widely to all application sides and authentication.Need the input of identity database and password, physical characteristics collecting device be set at authentication, avoid a large amount of duplicate construction, avoid the problem of the leakage of the identity information side of being verified, passive authentication, queuing, avoid recognizing the problem that card is not recognized people by the combination of password and biological characteristic, stick into the authentication of row oneself by individual specific authentication, the biological characteristic of an authentication storage side in the card avoids the appearance comparison to recognize false and genuine situation is refused in comparison.

The 3rd purpose of the present invention is to provide a kind of multilayer password biological autonomous authentication method (hereinafter to be referred as authentication method or method), authenticating party is stored in identity informations such as identification cipher and biological characteristic in authentication card and the third party's certificate server by writing station in advance, authenticating party is when authenticating, earlier in the authentication card that identification cipher and biological characteristic typing are carried, with the identification cipher of storage and biological characteristic comparison in advance in the card, and generate new identity key, identity information sent to certificate server in the back will be blocked by network, and with the identification cipher of storing in advance in the certificate server, biological characteristic and the identity key comparison that generates voluntarily, after comparison is passed through, send application message by certificate server to application side, after application side handles with application result return authentication server, send identity information and application result by network to authentication by certificate server again, by authentication.Be used for authenticating party by authentication card, network, certificate server, provide autonomous authentication and application message to application side and authentication.Need the input of identity database and password, physical characteristics collecting device be set at authentication, avoided a large amount of duplicate construction, avoid the problem of the leakage of the identity information side of being verified, passive authentication, queuing, avoid recognizing the problem that card is not recognized people by the combination of password and biological characteristic, stick into capable authentication by authenticating party individual specific authentication, the biological characteristic of an authentication storage side in the card avoids the appearance comparison to recognize false and genuine situation is refused in comparison; Multilayer authentication by people and Ka, card and network, card and certificate server, provide the identity information that is identified by network and certificate server third direction authentication with application side, not only can improve the reliability of authentication, also make authentication more oversimplify and popularize.

The 4th purpose of the present invention is to provide a kind of multilayer password biology from master authentication telephone set (hereinafter to be referred as authentication telephone set or machine), and identification authentication system and telephone device in the authentication card are integrated, and makes it to have authentication and telephony feature simultaneously.Be used for authenticating party by authentication telephone set, Verification System, provide autonomous authentication and application message, be used for authenticating party and telephony feature controlled by the authentication function in the machine to application side and authentication.Realize the combination of authentication and telephony feature.

To achieve these goals, multilayer password biology of the present invention is from the master authentication card, realizing authenticating card is carried by authenticating party, gather biological characteristic, input identification cipher and in card, carry out the comparison of identity information by the authentication card, the output of the information of carrying out and reception, on the master authentication card, setting is equipped with at a portable multilayer password biology:

A processor is connected with each device in following all cards, is used to handle all identity informations, data and application message;

Storage stack, be connected with processor, comprise: primary memory, be used for the biological characteristic of authentication storage side in advance, identification cipher, privacy identity informations such as ID (identity number), open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation, internal storage data calls for processor, with by memory read, be used to store open identity information and the application message that demo plant sends outside the authentication card, and reception memorizer, the receiving trap that is used for the authentication storage card is from certificate server and other cards, identity information and application message that device receives;

At least a physical characteristics collecting device, be connected with processor, be used to gather the biological characteristic of authenticating party, biological characteristic comprises the figure and features and the behavioural characteristic that can illustrate, confirm, prove authenticating party identity characteristics, as features such as fingerprint, palmmprint, cheilogramma, iris, face, voice, consideration is used on the card of limited bulk and weight, the miniaturization as far as possible of physical characteristics collecting device, should at first adopt the fingerprint characteristic harvester, along with the development of technology, progressively adopt other biological collection apparatus device;

An input media is connected with processor, is used for identification cipher, authentication number, the application message of input authentication side, can directly adopt existing microminiature keyboard, as counter and cell phone keyboard;

One group of output unit, be connected with processor, comprise: the network output unit that sends identity information, authentication number, application message by network to third party's certificate server, with the direct output unit that directly sends identity information, application message to other devices, as radio frequency, bluetooth, IEEE802.11 (IEEE802.11a, IEEE802.11b), wireless output units such as super wideband is wireless, infrared ray;

One group of received device, be connected with processor, comprise: receive the identity information of third party's certificate server transmission, the network receiving trap of application message by network, with the direct receiving trap that directly receives identity information, number, application message from other devices, as radio frequency, bluetooth, IEEE802.11 (IEEE802.11a, IEEE802.11b), radio receiver such as wireless, infrared ray of super wideband, as receive this identity number from Automatic Teller Machine, ID (identity number) from this device of gate inhibition's demo plant reception receives the ID (identity number) of these commodity etc. from commodity;

A network interface card, be connected with network output unit, network receiving trap, and be connected with processor by network output unit, network receiving trap, be used for connection with network, as the wireless network card of mobile radio network, wired network adapter etc., have one group of unique sign indicating number number in network, number and ID (identity number) corresponding one by one in the network interface card, identity information, authentication number and application message are sent to third party's certificate server by network interface card by network;

One group interface, be connected with processor, comprise: the system program installation, identity information, the typing in advance of feature and the main interface of storage, setting and modification that are used to authenticate card, be connected with other devices with being used for, carry out the information interface of message exchange and processing, be connected with computing machine as make the authentication card by this interface;

A display is connected with all devices by processor, is used to show various information, data;

A power supply is connected with device in all cards by processor, is used for to all device provisioning electric power.

In order to cooperate the application of above-mentioned authentication card, also need have: third party's certificate server, by network and access code number, number is with the authentication card, the application server of application side, the demo plant of authentication, writing station is connected in advance, certificate server includes Verification System and identity database, store the biological characteristic of authenticating party in advance, identification cipher, privacy identity informations such as ID (identity number), open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the above-mentioned feature computing composition rule of asking, function, relation; Writing station in advance, be connected with certificate server by network, be connected with the authentication card by the interface on the authentication card, be used for to the authentication card, certificate server writes the biological characteristic of authenticating party, identification cipher, privacy identity informations such as ID (identity number), open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation, also be used for above-mentioned information, the reparation of data and modification, under other situation, writing station only writes the system program that authentication blocks in advance at authentication card and certificate server in advance, application message, the card sending mechanism feature, card number information, data, the biological characteristic of authenticating party, identification cipher, privacy identity informations such as ID (identity number), open identity information, information such as service department's feature, data are blocked one-time write by authenticating party by authentication; Transmission network, with the authentication card, certificate server, application server, writing station, demo plant are connected in advance, be used to authenticate between card and the certificate server, the information between certificate server and the demo plant, between certificate server and the application server transmits, network all is assigned different access codes unique in network number, number for certificate server, every authentication card, each application server, each demo plant; Demo plant, be connected with certificate server by network and access code number, number, be used to receive the identity information and the application message of certificate server and the transmission of authentication card, demo plant comprises following kind: the authentication card of other said structure, can receive identity information, application message that certificate server and authentication card send simultaneously, be used to confirm the identity and the application message of authenticating party, other demo plants can receive identity information and application message that certificate server and authentication card send; Application server connects with certificate server by network, stores the application data and the application message of authenticating party.

The common authentication card of forming of said apparatus is used for authenticating party by authentication card, network, certificate server, provides autonomous authentication and application message to the demo plant of application server and authentication; Be used for authenticating party by authentication card, network, certificate server, provide autonomous authentication and application message to application server; Also can be used for authenticating party by the authentication card, provide autonomous authentication and application message to demo plant.

Above-mentioned authentication card is used for authenticating party by authentication card, network, certificate server, provides the flow process of autonomous authentication and application message as follows to the demo plant of application server and authentication:

Authenticating party is by input media input in the above-mentioned card or by direct receiving trap Receipt Validation side number, application message, by input media input identification cipher, gather the biological characteristic of authenticating party by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the primary memory, comparison result is inconsistent, can show by display: authentification failure in the card, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, to disclose identity information simultaneously deposits in by memory read, send by direct output unit demo plant outside the authentication card that is in same place, or pass through network interface card, network, certificate server is transmitted the open identity information of authenticating party to the demo plant in strange land by network, and with identification cipher, biological characteristic, key, ID (identity number), card sending mechanism, service department's feature, identity informations such as number, the demo plant number of authentication, application message is by the network output unit, network interface card is sent to certificate server by network, further authenticate by certificate server, after application server is used processing, send the setting identity information and the application message of authenticating party to the demo plant of authentication by certificate server; The demo plant of authentication comprises authentication card and other demo plant of other said structure; When demo plant is the authentication card of other said structure, demo plant directly receives by direct receiving trap, or receive the open identity information of authenticating party by network, receive the setting identity information and the application result of the above-mentioned authenticating party that sends by certificate server by network interface card and network receiving trap, by the demo plant processor with the computing of comparing of these two kinds of identity informations, comparison result can not pass through, can show authentification failure by display, comparison result passes through, the setting identity information that can show authenticating party by display, by authentication, demo plant is replied authentication result to certificate server, and certificate server is replied authentication card and application server again.

The common authentication card of forming of said apparatus is used for authenticating party by authentication card, network, certificate server, provides the flow process of autonomous authentication and application message as follows to application server:

Authenticating party receives the application message that other devices send by above-mentioned input media input or by direct receiving trap, identification cipher by input media input authentication side, gather biological characteristic by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the primary memory, comparison result is inconsistent, can show by display: authentification failure in the card, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, and with identification cipher, biological characteristic, key, ID (identity number), card sending mechanism, service department's feature, identity informations such as number, application message is by the network output unit, network interface card is sent to certificate server by network, further authenticate by certificate server, after application server is used processing, reply application result by certificate server to the authentication card again.

The common authentication card of forming of said apparatus is used for authenticating party by the authentication card, provides the flow process of autonomous authentication and application message as follows to demo plant:

Authenticating party is by the input of above-mentioned input media or authentication number and application message by direct receiving trap Receipt Validation device transmission, by input media input identification cipher, gather the biological characteristic of authenticating party by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the primary memory, comparison result is inconsistent, can show by display: authentification failure in the card, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, and with identification cipher, biological characteristic, key, ID (identity number), card sending mechanism, service department's feature, identity informations such as number, application message sends to demo plant by the direct output unit of authentication card, authenticate by demo plant, and after using processing, reply application result by demo plant to the authentication card again.

Above-mentioned open identity information, being meant can be to the disclosed identity information of society, as name, sex etc.; Above-mentioned setting identity information, be meant by authenticating party set up on their own to the disclosed identity information of authentication, as name, sex, age, identification number, contact method, residence etc.

Above-mentioned authentication card is with the difference of existing user authentication card: all identity informations are stored in authenticating party self-contained the authentication card and third party's certificate server, but not are stored in authentication; Password input, physical characteristics collecting and the comparison thereof of all verification process, identity information send to certificate server, all by the self-contained authentication card of authenticating party, independently finish by device in blocking, and do not need device Card Reader, input password and gather biological characteristic by authentication; The authentication card goes for the authentication of all application services, and then can change a kind of card of a kind of authentication method of a kind of application server.

The beneficial effect of above-mentioned authentication card is: make authenticating party need not to carry out passive authentication on the device of authentication, but can stick into the autonomous authentication of row by the authentication of carrying whenever and wherever possible as required; Effectively prevent the leakage of identity information; Improve the reliability of authentication.

The biological autonomous Verification System of multilayer password of the present invention is used and applied environment for above-mentioned authentication card provides, and is the necessary condition that the authentication card uses and uses, and its system comprises:

A portable multilayer password biology is from the master authentication card, network interface card by in the card is connected with certificate server by network, and the authentication card comprises: a processor, be connected with device in all cards, be used to handle all identity informations, data and application message; Storage stack, be connected with processor, comprise: primary memory, be used for the biological characteristic of authentication storage side in advance, identification cipher, privacy identity informations such as ID (identity number), open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation, internal storage data calls for processor, with by memory read, be used to store open identity information and the application message that demo plant sends outside the authentication card, and reception memorizer, the receiving trap that is used for the authentication storage card is from certificate server and other cards, identity information and application message that device receives; At least a physical characteristics collecting device, be connected with processor, be used to gather the biological characteristic of authenticating party, biological characteristic comprises the figure and features and the behavioural characteristic that can illustrate, confirm, prove authenticating party identity characteristics, as features such as fingerprint, palmmprint, cheilogramma, iris, face, voice, consideration is used on the card of limited bulk and weight, and the fingerprint characteristic harvester should be at first adopted in the miniaturization as far as possible of physical characteristics collecting device; An input media is connected with processor, is used for identification cipher, authentication number, the application message of input authentication side; One group of output unit is connected with processor, comprising: send the network output unit of identity information, authentication number, application message and install the direct output unit that directly sends identity information, application message to other to certificate server by network; One group of received device is connected with processor, comprising: receive the network receiving trap of identity information that certificate server sends, application message and directly receive the direct receiving trap of identity information, number, application message from other devices by network; A network interface card, be connected with network output unit, network receiving trap, and be connected with processor by network output unit, network receiving trap, be used for connection with network, one group of unique sign indicating number number in network, number are arranged in the network interface card, corresponding one by one with ID (identity number), identity information, authentication number and application message are sent to certificate server by network interface card by network; One group interface, be connected with processor, comprise: the system program installation, identity information, the typing in advance of feature and the main interface of storage, setting and modification that are used to authenticate card, be connected with other devices with being used for, carry out the information interface of message exchange and processing, be connected with computing machine as make the authentication card by this interface; A display is connected with all devices by processor, is used to show various information, data; A power supply is connected with device in all cards by processor, is used for to all device provisioning electric power;

A certificate server, by network and access code, sign indicating number number with authentication card, application server, demo plant, writing station is connected in advance, include Verification System and identity database, store feature, number, application message and the system program of the privacy identity informations such as biological characteristic, identification cipher, ID (identity number) of authenticating party, open identity information and card sending mechanism, service department in advance, and computing composition rule, function, relation between above-mentioned feature;

A writing station in advance, be connected with certificate server by network, be connected with the authentication card by the interface on the authentication card, be used for to the authentication card, certificate server writes the biological characteristic of authenticating party, identification cipher, privacy identity informations such as ID (identity number), open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation, also be used for above-mentioned information, the reparation of data and modification, under other situation, writing station only writes the system program that authentication blocks in advance at authentication card and certificate server in advance, application message, the card sending mechanism feature, card number information, data, the biological characteristic of authenticating party, identification cipher, privacy identity informations such as ID (identity number), open identity information, information such as service department's feature, data are blocked one-time write by authenticating party by authentication;

A transmission network, with the authentication card, certificate server, application server, writing station in advance, demo plant is connected, be used between authentication card and the certificate server, between certificate server and the demo plant, information between certificate server and the application server, data transmit, as mobile radio network, cable network, communication network, internet etc., network is given certificate server, every authentication card, each application server, each demo plant all is assigned different access codes unique in network number, number, as the wireless mobile network number, the cable network number, IP address etc.;

A demo plant, be connected with certificate server with access code by network, be used to receive the identity information and the application message of certificate server and the transmission of authentication card, demo plant comprises following kind: the authentication card of other said structure, can receive identity information, application message that certificate server and authentication card send simultaneously, be used to confirm the identity and the application message of authenticating party, other demo plants can receive identity information and application message that certificate server and authentication card send;

One group of application server is connected with certificate server by network, stores the application data and the application message of authenticating party.

The common Verification System of forming of said apparatus, be used for authenticating party by authentication card, network, certificate server, demo plant to application server and authentication provides autonomous authentication and application message, be used for authenticating party by authentication card, network, certificate server, provide autonomous authentication and application message to application server.

Above-mentioned Verification System is used for authenticating party by authentication card, network, certificate server, provides the flow process of autonomous authentication and application message as follows to the demo plant of application server and authentication:

Authenticating party is by input media input in the card or by direct receiving trap Receipt Validation side number, application message, identification cipher by input media input authentication side, gather biological characteristic by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the primary memory, comparison result is inconsistent, can show by display: authentification failure in the card, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, to disclose identity information simultaneously deposits in by memory read, send by direct output unit demo plant outside the authentication card that is in same place, or pass through network interface card, network, certificate server is transmitted the open identity information of authenticating party by network to the demo plant in strange land, and with identification cipher, biological characteristic, key, ID (identity number), card sending mechanism, service department's feature, identity informations such as number, the authentication number, application message is by the network output unit, network interface card is sent to certificate server by network;

Certificate server receives the identity information that the authentication card is sent, authentication number and application message, according to program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, with this identity key be stored in identification cipher in the identity database in advance, biological characteristic, identification cipher with the transmission of authentication card, biological characteristic and key are compared, comparison result is inconsistent, certificate server is replied the authentication card by network and access code, authentification failure, the comparison result unanimity, application message is sent to application server, after the application server processes result is turned back to certificate server, the authentication number that certificate server is sent according to the authentication card is by setting identity information and the application result of network to demo plant transmission authenticating party;

The demo plant of authentication comprises authentication card and other demo plant of other said structure;

When demo plant is the authentication card of other said structure, demo plant directly receives by direct receiving trap, or receive the open identity information of authenticating party by network, receive the setting identity information and the application result of the above-mentioned authenticating party that sends by certificate server by network interface card and network receiving trap, by processor with the computing of comparing of these two kinds of identity informations, comparison result can not pass through, can show authentification failure by display, comparison result passes through, the setting identity information that can show authenticating party by display, by, accept authentication;

Demo plant by authentication to authenticating party after (no matter authentication result be failure or by), reply authentication result, obtain or abandon the affirmation information of application result to certificate server by network;

Certificate server is replied authentication result and application result according to the return information of authentication to the authentication card, replys to application server and confirms the result.

The common Verification System of forming of said apparatus is used for authenticating party by authentication card, network, certificate server, provides the flow process of autonomous authentication and application message as follows to application server:

Authenticating party receives the application message that other devices send by input media input in blocking or by direct receiving trap, identification cipher by input media input authentication side, gather biological characteristic by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the primary memory, comparison result is inconsistent, can show by display: authentification failure in the card, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, and with identification cipher, biological characteristic, key, ID (identity number), card sending mechanism, service department's feature, identity informations such as number, application message is by the network output unit, network interface card is sent to certificate server by network;

After certificate server receives the identity information and application message that authentication card sends, according to program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, with this key be stored in identification cipher in the identity database in advance, biological characteristic, identification cipher with the transmission of authentication card, biological characteristic and key are compared, comparison result is inconsistent, certificate server is replied the authentication card by network and access code: authentification failure, the comparison result unanimity, application message is sent to application server, after the application server processes result is turned back to certificate server, certificate server is replied application result by network to the authentication card.

Above-mentioned Verification System is with the difference of existing identity authorization system: all identity informations are stored in authenticating party self-contained the authentication card and third-party certificate server, but not are stored in the authentication device; Password input, physical characteristics collecting and the comparison thereof of all verification process, identity information carry out the identity information comparison to certificate server transmission, certificate server, all independently finish by the self-contained authentication card of authenticating party, what demo plant obtained is direct reliable identity information, and does not need device Card Reader, the input password by authentication and gather biological characteristic; Network and certificate server are as the third party, identity to authenticating party is carried out further authentication, and send identity information to demo plant by certificate server, improve the reliability of authentication, thereby changed the situation of having only authenticating party, authentication both sides to authenticate; Verification System goes for the authentication of the application side of all categories, and then can change the situation of a kind of Verification System of a kind of application server.

The beneficial effect of above-mentioned Verification System is: make authenticating party need not to carry out passive authentication on the device of authentication, but the authentication that can carry by authenticating party as required sticks into the autonomous authentication of row whenever and wherever possible; Effectively prevent the leakage of identity information; Improve the reliability of authentication; With the service of authentication as a kind of specialty, need the authentication of authentication and application service side that professional reliable identity authentication service is provided to all, make authentication and application side need not to build special Verification System and identity database, make authentication and application service become more simple, reliable.

The biological autonomous authentication method of a kind of multilayer password of the present invention, be step and the flow process that authentication card and Verification System are carried out authentication, wherein above-mentioned authentication card is made up of the processor, storer, physical characteristics collecting device, input media, output unit, receiving trap, network interface card, information interface, display, the power supply that are installed in the card, by the authentication card, network, certificate server, writing station, application server, demo plant are connected by network in advance, constitute Verification System, said method comprises the following steps:

1. above-mentioned writing station in advance is with feature, number, application message and the system program of privacy identity informations such as the biological characteristic of authenticating party, identification cipher, ID (identity number), open identity information and card sending mechanism, service department, and computing composition rule, function, relation between above-mentioned feature write the storer and the certificate server of authentication card; Under other situation, writing station only writes system program, application message, card sending mechanism feature, card number information, the data that authentication blocks in advance at authentication card and certificate server in advance, and information, data such as privacy identity informations such as the biological characteristic of authenticating party, identification cipher, ID (identity number), open identity information, service department's feature are write and store to card internal storage and certificate server identity database by the authentication card is disposable by authenticating party;

2. above-mentioned authenticating party is by the input of the input media in it or by direct receiving trap Receipt Validation side's number and application message, identification cipher by input media input authentication side, gather biological characteristic by the physical characteristics collecting device, and with the identification cipher that obtains, biological characteristic is with the identification cipher and the biological characteristic comparison of storage in advance in the card internal storage, block interior authentication, compare inconsistent, authentification failure in the card, comparison is consistent, the card inner treater is by the computing composition rule between above-mentioned feature, function, relation generates new identity key, demo plant outside card sends by direct output unit or network will to disclose identity information simultaneously, with identification cipher, biological characteristic, key, authentication sign indicating number number, application message, ID (identity number), card sending mechanism, service department's feature, identity informations such as number are by the network output unit, network interface card is sent to certificate server by network;

3. above-mentioned certificate server receives the identity information that the authentication card is sent, after authentication number and the application message, according to program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, with this key be stored in identification cipher in the identity database in advance, biological characteristic, identification cipher with the transmission of authentication card, biological characteristic and key are compared, comparison result is inconsistent, certificate server is replied the authentication card by network: authentification failure, the comparison result unanimity, application message is sent to application server, after the application server processes result is turned back to certificate server, the authentication number that certificate server is sent according to the authentication card is by setting identity information and the application result of network to the demo plant transmission authenticating party of authentication;

4. the demo plant of above-mentioned authentication comprises authentication card and other demo plant of other said structure; When demo plant is the authentication card of other said structure, demo plant directly receives by direct receiving trap in it, or receive the open identity information of authenticating party by network, receive the setting identity information and the application result of the above-mentioned authenticating party that sends by certificate server by network interface card and network receiving trap, by processor with the computing of comparing of these two kinds of identity informations, comparison result can not pass through, can show authentification failure by display, comparison result passes through, the setting identity information that can show authenticating party by display, by, accept authentication; Demo plant is replied authentication result by network to certificate server by after the authentication to authenticating party, obtains or abandon application result; Certificate server is replied authentication result and application result according to the return information of authentication demo plant to the authentication card, replys to application server and confirms the result.

If belong to authenticating party by authentication card, network, certificate server, provide the situation of autonomous authentication and application message to application server, in above-mentioned steps the 2. in the step, do not import or not Receipt Validation side's number, sign indicating number number; 3. in the step, after the application server processes application result is turned back to certificate server in above-mentioned steps the, certificate server is replied application result by network to the authentication card, and flow process finishes, and does not have the 4. step;

If belong to authenticating party by the authentication card, the situation of autonomous authentication and application message is provided to demo plant, in 2. top step the goes on foot, after authenticating in the card, do not send information to certificate server, but with identification cipher, biological characteristic, key, authentication sign indicating number number, application message, ID (identity number), card sending mechanism, identity informations such as service department's characteristic number, or above-mentioned part identity information directly sends to demo plant, authenticate by demo plant, after using processing, directly reply application result to authentication card by demo plant, flow process finishes, and does not have the 3., 4. step.

Above-mentioned authentication method, be used for authenticating party by authentication card, network, certificate server, demo plant to application server and authentication provides autonomous authentication and application message, be used for authenticating party by authentication card, network, certificate server, provide autonomous authentication and application message to application server, be used for authenticating party by the authentication card, provide autonomous authentication and application message to demo plant.

Above-mentioned authentication method is with the difference of existing identity identifying method: all identity informations are stored in authenticating party self-contained the authentication card and third-party certificate server, but not are stored in the authentication device; Password input, physical characteristics collecting and the comparison thereof of all verification process, identity information carry out the identity information comparison to certificate server transmission, certificate server, all independently finish by the self-contained authentication card of authenticating party, what authentication obtained is direct reliable identity information, and does not need device Card Reader, the input password by authentication and gather biological characteristic; Network and certificate server are as the third party, identity to authenticating party is carried out further authentication, and send identity information to authentication by certificate server, improve the reliability of authentication, thereby changed the situation of having only authenticating party authentication both sides to authenticate; Authentication method goes for the authentication that all categories is used, and then can change the situation of a kind of Verification System of a kind of application server.

The beneficial effect of above-mentioned authentication method is: make authenticating party need not to carry out passive authentication on the device of authentication, but can stick into the autonomous authentication of row by the authentication of carrying whenever and wherever possible as required; Effectively prevent the leakage of identity information; Improve the reliability of authentication; With the service of authentication as a kind of specialty, need the authentication of authentication and application service that professional reliable identity authentication service is provided to all, make authentication and application side need not to build special Verification System and identity database, make authentication and application service become more simple, reliable.

Multilayer password biology of the present invention organically combines identification authentication system and telephone device in a machine from the master authentication telephone set, on same authentication telephone set, is equipped with simultaneously:

One cover phone integrated circuit board is connected with the authentication card; One width of cloth microphone, a set of headphones, a block power supply all is connected with the phone integrated circuit board;

An authentication card is connected with the phone integrated circuit board, comprising: a processor, be connected with device in all cards, and be used to handle all identity informations, data and application message; Storage stack, be connected with processor, comprise: primary memory, be used for the biological characteristic of authentication storage side in advance, identification cipher, privacy identity informations such as ID (identity number), open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation, internal storage data calls for processor, with by memory read, be used to store open identity information and the application message that demo plant sends outside the authentication card, and reception memorizer, the receiving trap that is used for the authentication storage card is from certificate server and other cards, identity information and application message that device receives; At least a physical characteristics collecting device, be connected with processor, be used to gather the biological characteristic of authenticating party, biological characteristic comprises the figure and features and the behavioural characteristic that can illustrate, confirm, prove authenticating party identity characteristics, as features such as fingerprint, palmmprint, cheilogramma, iris, face, voice, consideration is used on the card of limited bulk and weight, and the fingerprint characteristic harvester should be at first adopted in the miniaturization as far as possible of physical characteristics collecting device; An input media is connected with processor, is used for identification cipher, authentication number, the application message of input authentication side; One group of output unit is connected with processor, comprising: send the network output unit of identity information, authentication number, application message and install the direct output unit that directly sends identity information, application message to other to certificate server by network; One group of received device is connected with processor, comprising: receive the network receiving trap of identity information that certificate server sends, application message and directly receive the direct receiving trap of identity information, number, application message from other devices by network; A network interface card, be connected with network output unit, network receiving trap, and be connected with processor by network output unit, network receiving trap, be used for connection with network, network interface card as mobile radio network, have one group of unique sign indicating number number in network, number and ID (identity number) corresponding one by one in the network interface card, identity information, authentication number and application message are sent to certificate server by network interface card by network; One group interface, be connected with processor, comprise: the system program installation, identity information, the typing in advance of feature and the main interface of storage, setting and modification that are used to authenticate card, be connected with other devices with being used for, carry out the information interface of message exchange and processing, be connected with computing machine as make the authentication telephone set by this interface; A display is connected with all devices by processor, is used to show various information, data; A power supply is connected with device in all cards by processor, is used for to all device provisioning electric power;

One group of switch that is installed on the input media is used for the conversion between telephony feature and the authentication function;

Above-mentioned input media, display all are connected with the phone integrated circuit board, are phone integrated circuit board and authentication card composite device; For other situation, what adopt as phone and authentication is same transmission network, and above-mentioned network interface card is connected with the phone integrated circuit board, is phone integrated circuit board and authentication card composite device.

The authentication telephone set that said apparatus is formed, except that telephony feature, be used for authenticating party by authentication telephone set, network, certificate server, demo plant to application server and authentication provides autonomous authentication and application message, be used for authenticating party by authentication telephone set, network, certificate server, provide autonomous authentication and application message to application server, be used for authenticating party by the authentication telephone set, provide autonomous authentication and application message to demo plant, be used for authenticating party and telephony feature controlled by the authentication card in the machine.

The common authentication telephone set of forming of said apparatus except that telephony feature, is used for authenticating party by authentication telephone set, network, certificate server, provides the flow process of autonomous authentication and application message as follows to the demo plant of application server and authentication:

Authenticating party is by input media input in the machine or by direct receiving trap Receipt Validation side number, application message, identification cipher by input media input authentication side, gather biological characteristic by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the password and the biological characteristic of storage are compared in advance in the primary memory, comparison result is inconsistent, can show by display: authentification failure in the machine, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, to disclose identity information simultaneously deposits in by memory read, send by direct output unit demo plant outside the machine that is in same place, or pass through network interface card, network, certificate server is transmitted the open identity information of authenticating party to the demo plant in strange land by network, and with identification cipher, biological characteristic, key, ID (identity number), card sending mechanism, service department's feature, identity informations such as number, the authentication number, application message is by the network output unit, network interface card is sent to certificate server by network, further authenticate by certificate server, after application server is used processing, send the setting identity information and the application result of authenticating party to the demo plant of authentication by certificate server;

The demo plant of authentication comprises authentication telephone set and other demo plant of other said structure;

When demo plant is the authentication telephone set of other said structure, demo plant directly receives by direct receiving trap in it, or receive the open identity information of authenticating party by network, receive the setting identity information and the application result of the above-mentioned authenticating party that sends by certificate server by network interface card and network receiving trap, by the demo plant processor with the computing of comparing of these two kinds of identity informations, comparison result can not pass through, can show authentification failure by display, comparison result passes through, the setting identity information that can show authenticating party by display, by authentication, demo plant is replied authentication result to certificate server, and certificate server is replied authentication telephone set and application server again.

The common authentication telephone set of forming of said apparatus is used for authenticating party by authentication telephone set, network, certificate server, carries out self-authentication and use the flow process of handling as follows to application server:

Authenticating party receives the application message that other devices send by above-mentioned input media input or by direct receiving trap, identification cipher by input media input authentication side, gather biological characteristic by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the primary memory, comparison result is inconsistent, can show by display: authentification failure in the machine, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, and with identification cipher, biological characteristic, key, ID (identity number), card sending mechanism, service department's feature, identity informations such as number, application message is by the network output unit, network interface card is sent to certificate server by network, further authenticate by certificate server, after application server is used processing, reply application result by certificate server to the authentication telephone set again.

The common authentication telephone set of forming of said apparatus is used for authenticating party by the authentication telephone set, provides the flow process of autonomous authentication and application message as follows to demo plant:

Authentication number and application message that authenticating party passes through the interior input media input of machine or sends by direct receiving trap Receipt Validation device, by input media input identification cipher, gather the biological characteristic of authenticating party by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the primary memory, comparison result is inconsistent, can show by display: authentification failure in the machine, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, and with identification cipher, biological characteristic, key, ID (identity number), card sending mechanism, service department's feature, identity informations such as number, application message sends to demo plant by the direct output unit of authentication telephone set, authenticate by demo plant, and after using processing, reply application result by demo plant to the authentication telephone set again.

The common authentication telephone set of forming of said apparatus, it is as follows to be used for the flow process that authenticating party controls telephony feature by the authentication card in the machine:

The authentication telephone set is carrying out phone, information is dialed and connected with telephony feature and is selected, during setting, authenticating party is earlier by input media input identification cipher in the machine, gather biological characteristic by the physical characteristics collecting device, said apparatus will be imported, the identification cipher that collects, biological characteristic is sent to processor, processor is compared the identification cipher and the biological characteristic that obtain with identification cipher and the biological characteristic stored in advance in the primary memory, comparison result is inconsistent, can show by display: authentification failure in the machine, dial and connect, function selecting, setting can not be passed through, the comparison result unanimity is dialed and connected, function selecting, set and pass through smoothly.

As a rule, the phone integrated circuit board of installing on same authentication telephone set is the phone integrated circuit board of wireless mobile mobile phone, and microphone, earphone are microphone, the earphone of wireless mobile mobile phone.This kind authentication telephone set also can be called wireless mobile authentication telephone set or authentication mobile phone.

Above-mentioned authentication telephone set is with the difference of existing simple function telephone set and single authentication card: on the basis of telephone set, increased the biological autonomous authentication function of multilayer password; On the basis of authentication card, increased the function of phone.

The authentication function of authentication telephone set is with the difference of existing authentication: all identity informations are stored in authenticating party self-contained the authentication telephone set and certificate server, but not are stored in authentication; Password input, physical characteristics collecting and the comparison thereof of all verification process, identity information send to certificate server, all by the self-contained authentication telephone set of authenticating party, independently finish by device in the machine, and do not need device Card Reader, input password and gather biological characteristic by authentication; The authentication telephone set goes for the authentication of all application, and then can change a kind of card of a kind of authentication method of a kind of application service.

The beneficial effect of above-mentioned authentication telephone set is: biological autonomous authentication function of multilayer password and telephony feature are combined together, and are the extensions of single telephone set and single authentication card function, and purposes is more extensive.

The beneficial effect of the authentication function of above-mentioned authentication telephone set is: make authenticating party need not to carry out passive authentication on the device of authentication, but can carry out autonomous authentication by the authentication telephone set of carrying whenever and wherever possible as required; Effectively prevent the leakage of identity information; Improve the reliability of authentication.

For above-mentioned and other purpose of the present invention, feature and advantage can be become apparent, integrated optimization embodiment of the present invention cited below particularly, and conjunction with figs. is elaborated.

Description of drawings

Fig. 1 is the front plan view of embodiment of the invention authentication card;

Fig. 2 is an embodiment of the invention authentication card along Fig. 1 inwardly perpendicular to the sectional view of in-plane;

Fig. 3 is the structural drawing of embodiment of the invention Verification System;

Fig. 4 is that the embodiment of the invention provides flow for authenticating ID figure to application server and demo plant;

Fig. 5 is that the embodiment of the invention provides flow for authenticating ID figure to application server;

Fig. 6 is that the embodiment of the invention provides flow for authenticating ID figure to demo plant;

Fig. 7 is the front plan view of embodiment of the invention authentication telephone set;

Fig. 8 is an embodiment of the invention authentication telephone set along Fig. 7 inwardly perpendicular to the sectional view of in-plane.

Fig. 9 is that embodiment of the invention authentication telephone set is to telephone dial connection function control flow chart in the machine.

The drawing reference numeral explanation

The shell of 0～authentication card and authentication mobile phone;

1～authentication card; 1A～demo plant interface;

Main interface in 11～authentication card;

Information interface in 12～authentication card;

2～authentication card display; 2A～demo plant display;

3～authentication card physical characteristics collecting device; 3A～demo plant physical characteristics collecting device

4～authentication card input media; 4A～demo plant input media;

5～authentication card-receiving device; 5A～demo plant receiving trap

Network receiving trap in 51～authentication card-receiving device;

Direct receiving trap in 52～authentication card-receiving device;

6～authentication card output unit; 6A～demo plant output unit;

Network output unit in 61～authentication card output unit;

Direct output unit in 62～authentication card output unit;

7～authentication Card processor; 7A～demo plant processor;

8～authentication card memory; 8A～demo plant storer;

Primary memory in 81～authentication card memory;

82～authentication in the card memory by memory read;

Reception memorizer in 82～authentication card memory;

9～authentication card power supply;

10～authentication card network interface card; 10A～demo plant network interface card;

13～authentication mobile phone integrated circuit board;

14～authentication cellular phone power supplies;

15～authentication handset earphone;

16～authentication mobile phone microphone;

17～authentication mobile phone switch;

30～Verification System certificate server and identity database;

31～Verification System transmission network;

32～in advance writing stations;

33～application server network interface card;

34～application server and application data base.

Embodiment

The portable multilayer password of embodiment of the invention biology from the master authentication card as shown in Figure 1 and Figure 2.Embodiment authenticates card and is used for authenticating party and carries, and carries out autonomous authentication, and device comprises in its card:

A processor 7 is connected with device in following all cards, is used to handle all identity informations, data and application message;

Storage stack 8, be connected with processor 7, comprise: primary memory 81, be used for the biological characteristic of authentication storage side in advance, identification cipher, privacy identity informations such as ID (identity number), open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation, internal storage data calls for processor 7, with by memory read 82, be used to store open identity information and the application message that demo plant sends outside the authentication card, with reception memorizer 83, the receiving trap 5 that is used for the authentication storage card is from certificate server 30 and other cards, identity information and application message that device receives;

At least a physical characteristics collecting device 3, be connected with processor 7, be used to gather the biological characteristic of authenticating party, biological characteristic comprises the figure and features and the behavioural characteristic that can illustrate, confirm, prove authenticating party identity characteristics, as features such as fingerprint, palmmprint, cheilogramma, iris, face, voice, consideration is used on the card of limited bulk and weight, physical characteristics collecting device 3 miniaturization as much as possible, and present embodiment adopts the fingerprint characteristic harvester;

An input media 4 is connected with processor 7, is used for identification cipher, authentication number, the application message of input authentication side;

One group of received device 5, be connected with processor 7, comprise: receive the identity information of certificate server 30 transmissions, the network receiving trap 51 of application message by network 31, with the direct receiving trap 52 that directly receives identity information, number, application message from other devices, as receiving traps such as radio-frequency (RF) Receiving Device, wireless blue tooths, present embodiment adopts the direct receiving trap of wireless blue tooth;

One group of output unit 6, be connected with processor 7, comprise: the network output unit 61 that sends identity information, authentication number, application message by network 31 to certificate server 30, with the direct output unit 62 that directly sends identity information, application message to other devices, as radio frequency output unit, wireless blue tooth output unit, present embodiment adopts the direct output unit of wireless blue tooth;

A network interface card 10, be connected with network output unit 61, network receiving trap 51, and be connected with processor 7 by network output unit 61, network receiving trap 51, be used for connection with network 31, one group of unique sign indicating number number in network 31, number are arranged in the network interface card 10, corresponding one by one with ID (identity number), identity information, authentication number and application message by network interface card 10 and wherein correspondence code number be sent to certificate server 30 by network 31;

One group interface 1, be connected with processor 7, comprise: the system program installation, identity information, the typing in advance of feature and the main interface 11 of storage, setting and modification that are used to authenticate card, be connected with other devices with being used for, carry out the information interface 12 of message exchange and processing, be connected with computing machine as make the authentication card by this interface;

A display 2 is connected with all devices by processor 7, is used to show various information;

A power supply 9 is connected with all said apparatus by processor 7, is used for to each device provisioning electric power.

Connecting line in the foregoing description authentication card between each device is two groups, and wherein: one group is data line, and one group is power lead, all adopts the mode of P.e.c. to lay circuit.

In order to cooperate the application of the foregoing description authentication card, need have embodiment Verification System as shown in Figure 3, the present embodiment Verification System comprises:

A certificate server 30 connects with authentication card, application server 34, demo plant by network 31; Certificate server 30 includes Verification System and identity database, store feature, number, application message and the system program of the privacy identity informations such as biological characteristic, identification cipher, ID (identity number) of authenticating party, open identity information and card sending mechanism, service department in advance, and computing composition rule, function, relation between above-mentioned feature;

A writing station 32 in advance, be connected with certificate server 30 by network 31, be connected with the authentication card by the interface 1 on the authentication card, be used for to the authentication card, certificate server 30 writes the biological characteristic of authenticating party, identification cipher, privacy identity informations such as ID (identity number), open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation, also be used for above-mentioned information, the reparation of data and modification, under other situation, 32 of writing stations are authenticating the system programs that card and certificate server 30 write the authentication card in advance in advance, application message, the card sending mechanism feature, card number information, data, the biological characteristic of authenticating party, identification cipher, privacy identity informations such as ID (identity number), open identity information, information such as service department's feature, by authentication card one-time write, present embodiment authenticates all identity informations in card and the certificate server 30 to data by authenticating party, application message and system program, data all write by writing station 32 in advance;

A transmission network 31, with the authentication card, certificate server 30, application server 34, writing station 32 in advance, demo plant is connected, be used between authentication card and the certificate server 30, between certificate server 30 and the authentication, information between certificate server 30 and the application server 34, data transmit, network 31 is given certificate server 30, every authentication card, each application server 34, each demo plant all is assigned different access codes unique in network 31 number, number, network 31 can adopt various forms of networks, as cable network, mobile radio network, 3G network etc., between authentication card and the certificate server 30, between certificate server 30 and the demo plant, between certificate server 30 and the application server 34, transmission network 31 between writing station 32 and the certificate server 30 can be same network in advance, it also can be different networks, the network 31 of this Verification System embodiment, what adopt is cordless communication network, and what adopt between above-mentioned each device is same network;

A demo plant, connect with certificate server 30 by network 31, be used to receive the identity information and the application message of certificate server 30 and the transmission of authentication card, demo plant comprises following kind: the authentication card of other said structure, can receive identity information, application message that certificate server 30 and authentication card send simultaneously, be used to confirm the identity and the application message of authenticating party, form by processor 7A, storer 8A, physical characteristics collecting device 3A, input media 4A, receiving trap 5A, output unit 6A, network interface card 10A, interface 1A, display 2A and power supply; Other demo plants can receive identity information and application message that certificate server 30 and authentication card send;

One group of application server 34 connects with certificate server 30 by network 31, stores the application data and the application message of authenticating party;

An authentication card authenticates as described in the card as above-mentioned embodiment.

The foregoing description Verification System has only been enumerated an authentication card, a demo plant and one group of application server 34, and in the application of reality, authentication card, demo plant and application server all are unlimited many.

Before the foregoing description authentication card and embodiment Verification System enter use, by feature, number, application message and the system program of writing station 32 in advance with privacy identity information, open identity information and card sending mechanism such as the biological characteristic of authenticating party, identification cipher, ID (identity number), service department, and computing composition rule, function, relation between above-mentioned feature, write embodiment simultaneously and authenticate primary memory 81 and certificate server 30 in the card.

The foregoing description authentication card and embodiment Verification System are used for authenticating party by authenticating card, network 31, certificate server 30, provide autonomous authentication and application message to the demo plant of application server 34 and authentication; Be used for authenticating party by authentication card, network 31, certificate server 30, provide autonomous authentication and application message to application server 34.

The foregoing description authentication card also can be used for authenticating party by the authentication card, provides autonomous authentication and application message to demo plant.

The foregoing description authentication card and embodiment Verification System are used for authenticating party by authenticating card, network 31, certificate server 30, the flow process that provides autonomous authentication and application message to the demo plant of application server 34 and authentication as shown in Figure 4:

Authenticating party is by input media 4 inputs of the foregoing description authentication card or by direct receiving trap 52 Receipt Validation side's numbers, application message (step S110);

By the identification cipher of input media 4 input authentication sides, gather biological characteristic (step S111) by physical characteristics collecting device 3;

Information, identification cipher, biological characteristic that said apparatus will be imported, receive, collects are sent to processor 7, processor 7 with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage compare (step S112) in advance in the primary memory 81;

Comparison result inconsistent (denying) can show by display 2: authentification failure (step S114) in the card;

Comparison result unanimity (being), processor 7 can be according to program stored, function, relation are synthesized identity informations such as identification cipher and biological characteristic in advance, generate new identity key, will disclose identity information simultaneously and deposit in by memory read 82 (step S113);

To being in the open identity information (step S118) that same place demo plant sends authenticating party, or transmit the open identity information (step S117) of authenticating party to the demo plant in strange land by network 31 by network interface card 10, network 31, certificate server 30 by direct output unit 62;

Identity informations such as identification cipher, biological characteristic, key, ID (identity number), card sending mechanism, service department's characteristic number, authentication number, application message are sent (step S115) by network 31 to certificate server 30 by network output unit 61, network interface card 10;

Certificate server 30 receives whole identity informations, authentication number and the application message (step S116) that the authentication card is sent, according to program stored, function, relation are synthesized identity informations such as identification cipher and biological characteristic in advance, generate new identity key, with this identity key be stored in identification cipher, biological characteristic in the identity database in advance, identification cipher, biological characteristic and the key that sends with the authentication card compare (step S119);

Comparison result inconsistent (denying), certificate server 30 is replied the authentication card by network 31: authentification failure (step S121), the comparison result unanimity, application message is sent to application server 34 (step S120), after application server 34 is handled result is turned back to certificate server 30 (step S122), certificate server 30 carries out judgment processing (step S123) according to the application result of application server 34, the authentication number that certificate server 30 is sent according to the authentication card is by setting identity information and the application result (step S124) of network 31 to demo plant transmission authenticating party;

The demo plant of present embodiment is the authentication card of other said structure, demo plant directly receives (step S118) by receiving trap 5A in it, or the network interface card 10A that passes through network 31, demo plant receives (step S117), the foregoing description authentication cartoon is crossed (the step S115) that its direct output unit 62 sends, or the open identity information of (step S115) authenticating party of being transmitted by certificate server 30 by network 31, network interface card 10;

Network interface card 10A by demo plant and receiving trap 5A receive the setting identity information and the application result (step S125) of the above-mentioned authenticating party that is sent by certificate server 30, these two kinds of identity informations are compared and handle (step S126) by processor 7A, comparison result can not pass through (denying), can show authentification failure (step S127) by display, comparison result is by (being), the setting identity information that can show authenticating party by display, by, accept authentication (step S128);

Demo plant by authentication to authenticating party after (no matter authentication result be failure or by), reply authentication results, obtain or abandon the affirmation information (step S129) of application result to certificate server 30 by network 31;

Certificate server 30 is replied authentication result and application result according to the return information of demo plant to the authentication card, replys to application server 34 and confirms result (step S130).

The foregoing description authentication card and embodiment Verification System are used for authenticating party by authenticating card, network 31, certificate server 30, the flow process that provides autonomous authentication and application message to application server 34 as shown in Figure 5:

Authenticating party receives application message (step S210) by input media 4 inputs of the foregoing description authentication card or by direct receiving trap 52;

By the identification cipher of input media 4 input authentication sides, gather biological characteristic (step S211) again by physical characteristics collecting device 3;

Information, identification cipher, biological characteristic that said apparatus will be imported, receive, collects are sent to processor 7, processor 7 with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage compare (step S212) in advance in the primary memory 81;

Comparison result inconsistent (denying) can show by display 2: authentification failure (step S214) in the card;

Comparison result unanimity (being), processor 7 meeting bases program stored, function, relation are in advance synthesized identity informations such as identification cipher and biological characteristic, generate new identity key (step S213);

Embodiment authenticates card identity informations such as identification cipher, biological characteristic, key, ID (identity number), card sending mechanism, service department's feature, number, application message is sent (step S215) by network 31 to certificate server 30 by network output unit 61, network interface card 10;

Certificate server 30 receives whole identity informations, the application message (step S216) that the authentication card is sent, according to program stored, function, relation are synthesized identity informations such as identification cipher and biological characteristic in advance, generate new identity key, with this identity key be stored in identification cipher, biological characteristic in the identity database in advance, identification cipher, biological characteristic and the key that sends with the authentication card compare (step S219);

Comparison result inconsistent (denying), certificate server 30 is replied the authentication card by network 31, authentification failure (step S221), the comparison result unanimity, application message is sent to application server 34 (step S220), after application server 34 is handled result is turned back to certificate server 30 (step S222), certificate server 30 is replied application result (step S223) by network 31 to the authentication card.

The foregoing description authentication card is used for authenticating party by the authentication card, the flow process that provides autonomous authentication and application message to demo plant as shown in Figure 6:

Authenticating party receives application message (step S310) by input media 4 inputs of the foregoing description authentication card or by direct receiving trap 52;

By input media 4 input identification ciphers, gather the biological characteristic (step S311) of authenticating party by physical characteristics collecting device 3;

Information, identification cipher, biological characteristic that said apparatus will be imported, receive, collects are sent to processor 7, processor 7 with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage compare (step S312) in advance in the primary memory 81;

Comparison result inconsistent (denying) can show by display 2: authentification failure (step S314) in the card;

Comparison result unanimity (being), processor 7 meeting bases program stored, function, relation are in advance synthesized identity informations such as identification cipher and biological characteristic, generate new identity key (step S313);

Embodiment authenticates cartoon and crosses direct output unit 62 identity information, application messages such as identification cipher, biological characteristic, key, ID (identity number), card sending mechanism, service department's feature, number are directly sent (step S315) to demo plant;

Demo plant receives whole identity informations and application message (step S316), with identification cipher, biological characteristic and key with the judgement (step S319) of comparing of the identification cipher, biological characteristic and the key that are stored in the authenticating party in the demo plant in advance;

Comparison result inconsistent (denying) is replied to the authentication card: authentification failure (step S321);

Comparison result unanimity (being), demo plant is used processing, and replys application result (step S323) to the authentication card.

The foregoing description authentication card and Verification System are with the difference of existing user authentication card and Verification System: all identity informations are stored in the self-contained authentication card of the authenticating party interior storer 8 and third-party certificate server 30, but not are stored in the demo plant; Password input, physical characteristics collecting and the comparison thereof of all verification process, identity information carry out the identity information comparison to certificate server 30 transmissions, certificate server 30, all independently finish by the self-contained authentication card of authenticating party, what demo plant obtained is direct reliable identity information, and does not need device Card Reader, the input password by authentication and gather biological characteristic; Network 31 and certificate server 30 are as the third party, identity to authenticating party is carried out further authentication, and send identity information to demo plant by certificate server 30, improve the reliability of authentication, thereby changed the situation of having only authenticating party, authentication both sides to carry out authentication; Embodiment authenticates card and Verification System goes for the authentication of all categories application side, and then can change the situation of a kind of Verification System of a kind of application server.

The beneficial effect of the foregoing description authentication card and Verification System is: make authenticating party need not to carry out passive authentication on the device of authentication, but the authentication that can carry by authenticating party as required sticks into the autonomous authentication of row whenever and wherever possible; Effectively prevent the leakage of identity information; Improve the reliability of authentication; Eliminate the queuing phenomena of majority when the authentication of same place; With the service of authentication as a kind of specialty, need the authentication of authentication and use the reliable identity authentication service that specialty is provided to all, make authentication and application side need not to build special Verification System and identity database, make authentication and application service become more simple, reliable.

The portable multilayer password biology of the embodiment of the invention is from master authentication telephone set such as Fig. 7, shown in Figure 8.It is to be used for the authentication mobile phone that authenticating party is carried that embodiment authenticates telephone set, has autonomous authentication and telephony feature.On same authentication mobile phone, be equipped with simultaneously:

One cover mobile phone integrated circuit board 13 is connected with the authentication card; 15, cellular phone power supplies 14 of one width of cloth mobile phone microphone, 16, one assistant's earphones all are connected with the mobile phone integrated circuit board;

An authentication card is connected with the mobile phone integrated circuit board, comprising: a processor 7, be connected with each device in following all cards, and be used to handle all identity informations, data and application message; Storage stack 8, be connected with processor 7, comprise: primary memory 81, be used for the biological characteristic of authentication storage side in advance, identification cipher, privacy identity informations such as ID (identity number), open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation, internal storage data calls for processor 7, with by memory read 82, be used to store open identity information and the application message that demo plant sends outside the authentication card, with reception memorizer 83, be used to store receiving trap 5 from certificate server 30 and other cards, identity information and application message that device receives; At least a physical characteristics collecting device 3 is connected with processor 7, is used to gather the biological characteristic of authenticating party, and what present embodiment adopted is fingerprint collection apparatus device; An input media 4 is connected with processor 7, is used for identification cipher, authentication number, the application message of input authentication side; One group of output unit 6, be connected with processor 7, comprise: send the network output unit 61 of identity information, authentication number, application message and install the direct output unit 62 that directly sends identity information, application message to certificate server 30 by network 31: the wireless blue tooth output unit to other; One group of received device 5, be connected with processor 7, comprise: receive the network receiving trap 51 of identity information that certificate servers 30 send, application message and directly receive the direct receiving trap 52 of identity information, number, application message from other devices by network 31: the wireless blue tooth receiving trap; A network interface card 10, be connected with network output unit 61, network receiving trap 51, and be connected with processor 7 by network output unit 61, network receiving trap 51, be used for connection with network 31, one group of unique sign indicating number number in network 31, number are arranged in the network interface card 10, corresponding one by one with ID (identity number), identity information, authentication number and application message number are sent to certificate server 30 by network 31 by network interface card 10 and correspondence code wherein; One group interface 1, be connected with processor 7, comprise: the system program installation, identity information, the typing in advance of feature and the main interface 11 of storage, setting and modification that are used to authenticate card, be connected with other devices with being used for, carry out the information interface 12 of message exchange and processing, be connected with computing machine as make the authentication mobile phone by this interface; A display 2 is connected with all devices by processor 7, is used to show various information; A power supply 9 is connected with all said apparatus by processor 7, is used for to each device provisioning electric power;

One group of switch 17 that is installed on the input media 4 is used for the conversion between telephony feature and the authentication function;

Input media 4, display 2 in the foregoing description authentication mobile phone all are connected with the mobile phone integrated circuit board, are phone integrated circuit board and authentication card composite device; In the present embodiment, what phone and authentication were adopted is same wireless-transmission network, and the network interface card 10 of above-mentioned authentication card is connected with the mobile phone integrated circuit board, is mobile phone integrated circuit board and authentication card composite device.

The common embodiment of the invention authentication mobile phone of forming of said apparatus, except that telephony feature, be used for authenticating party and authenticate mobile phone, network 31, certificate server 30, provide autonomous authentication and application message to the demo plant of application server 34 and authentication by embodiment; Be used for authenticating party and authenticate mobile phone, network 31, certificate server 30, provide autonomous authentication and application message to application server 34 by embodiment; Be used for authenticating party and authenticate mobile phone, provide autonomous authentication and application message to demo plant by embodiment; Be used for authenticating party and dialing and connecting of phone controlled authentication by the authentication card in the machine.

The common embodiment of the invention authentication mobile phone of forming of said apparatus, the flow process of carrying out authentication is consistent with the identifying procedure of embodiment Verification System with the foregoing description authentication card:

Before the foregoing description authentication mobile phone enters use, by feature, number, application message and the system program of writing station 32 in advance with privacy identity information, open identity information and card sending mechanism such as the biological characteristic of authenticating party, identification cipher, ID (identity number), service department, and computing composition rule, function, relation between above-mentioned feature, write embodiment simultaneously and authenticate primary memory 81 and certificate server 30 in the mobile phone.

The foregoing description authentication mobile phone is used for authenticating party by authentication mobile phone, network 31, certificate server 30, the flow process that provides autonomous authentication and application message to the demo plant of application server 34 and authentication as shown in Figure 4:

Authenticating party is by input media 4 inputs of the foregoing description authentication mobile phone or by direct receiving trap 52 Receipt Validation side's numbers, application message (step S110);

By the identification cipher of input media 4 input authentication sides, gather biological characteristic (step S111) by physical characteristics collecting device 3;

Information, identification cipher, biological characteristic that said apparatus will be imported, receive, collects are sent to processor 7, processor 7 with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage compare (step S112) in advance in the primary memory 81;

Comparison result inconsistent (denying) can show by display 2: authentification failure (step S114) in the machine;

Comparison result unanimity (being), processor 7 can be according to program stored, function, relation are synthesized identity informations such as identification cipher and biological characteristic in advance, generate new identity key, will disclose identity information simultaneously and deposit in by memory read 82 (step S113);

Send the open identity information (step S118) of authenticating party by direct output unit 62 to the demo plant that is in same place, or transmit the open identity information (step S117) of authenticating party by network interface card 10, network 31, certificate server 30 by network 31 to the demo plant in strange land;

Identity informations such as identification cipher, biological characteristic, key, ID (identity number), card sending mechanism, service department's characteristic number, authentication sign indicating number number, application message are sent (step S115) by network 31 to certificate server 30 by network output unit 61, network interface card 10;

Certificate server 30 receives whole identity informations, authentication number and the application message (step S116) that the authentication mobile phone is sent, according to program stored, function, relation are synthesized identity informations such as identification cipher and biological characteristic in advance, generate new identity key, with this identity key be stored in identification cipher, biological characteristic in the identity database in advance, identification cipher, biological characteristic and the key that sends with the authentication mobile phone compare (step S119);

Comparison result inconsistent (denying), certificate server 30 is replied the authentication mobile phone by network 31: authentification failure (step S121), the comparison result unanimity, application message is sent to application server 34 (step S120), after application server 34 is handled result is turned back to certificate server 30 (step S122), certificate server 30 carries out judgment processing (step S123) according to the application result of application server 34, the authentication number that certificate server 30 sends according to the authentication mobile phone is by setting identity information and the application result (step S124) of network 31 to demo plant transmission authenticating party;

The demo plant of present embodiment is the authentication mobile phone of other said structure, demo plant directly receives (step S118) by receiving trap 5A in it, or receive (step S117) by network 31, demo plant network interface card 10A, (the step S115) that the foregoing description authentication mobile phone sends by its direct output unit 62, or pass through network 31, network interface card 10 are transmitted the authenticating party of (step S115) by certificate server 30 open identity information;

Receive the setting identity information and the application result (step S125) of the above-mentioned authenticating party that sends by certificate server 30 by demo plant network interface card 10A and receiving trap 5A, these two kinds of identity informations are compared and handle (step S126) by processor 7A, comparison result can not pass through (denying), can show authentification failure (step S127) by display, comparison result is by (being), the setting identity information that can show authenticating party by display, by, accept authentication (step S128);

Demo plant by authentication to authenticating party after (though authentication result be failure or by), reply authentication results, obtain or abandon the affirmation information (step S129) of application result to certificate server 30 by network 31;

Certificate server 30 is replied authentication result and application result according to the return information of demo plant to the authentication mobile phone, replys to application server 34 and confirms result (step S130).

The foregoing description authentication mobile phone is used for authenticating party by authentication mobile phone, network 31, certificate server 30, the flow process that provides autonomous authentication and application message to application server 34 as shown in Figure 5:

Authenticating party receives application message (step S210) by input media 4 inputs of the foregoing description authentication mobile phone or by direct receiving trap 52;

By the identification cipher of input media 4 input authentication sides, gather biological characteristic (step S211) again by physical characteristics collecting device 3;

Information, identification cipher, biological characteristic that said apparatus will be imported, receive, collects are sent to processor 7, processor 7 with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage compare (step S212) in advance in the primary memory 81;

Comparison result inconsistent (denying) can show by display 2: authentification failure (step S214) in the machine:

Comparison result unanimity (being), processor 7 meeting bases program stored, function, relation are in advance synthesized identity informations such as identification cipher and biological characteristic, generate new identity key (step S213);

Embodiment authenticates mobile phone identity informations such as identification cipher, biological characteristic, key, ID (identity number), card sending mechanism, service department's feature, number, application message is sent (step S215) by network 31 to certificate server 30 by network output unit 61, network interface card 10;

Certificate server 30 receives whole identity informations, the application message (step S216) that the authentication mobile phone is sent, according to program stored, function, relation are synthesized identity informations such as identification cipher and biological characteristic in advance, generate new identity key, with this identity key be stored in identification cipher, biological characteristic in the identity database in advance, identification cipher, biological characteristic and the key that sends with the authentication mobile phone compare (step S219);

Comparison result inconsistent (denying), certificate server 30 is replied the authentication mobile phone by network 31: authentification failure (step S221), the comparison result unanimity, application message is sent to application server 34 (step S220), after application server 34 is handled result is turned back to certificate server 30 (step S222), certificate server 30 is replied application result (step S223) by network 31 to the authentication mobile phone.

The foregoing description authentication mobile phone is used for authenticating party by the authentication mobile phone, the flow process that provides autonomous authentication and application message to demo plant as shown in Figure 6:

Authenticating party receives application message (step S310) by input media 4 inputs of the foregoing description authentication mobile phone or by direct receiving trap 52;

By input media 4 input identification ciphers, gather the biological characteristic (step S311) of authenticating party by physical characteristics collecting device 3 again;

Information, identification cipher, biological characteristic that said apparatus will be imported, receive, collects are sent to processor 7, processor 7 with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage compare (step S312) in advance in the primary memory 81;

Comparison result inconsistent (denying) can show by display 2: authentification failure (step S314) in the machine;

Comparison result unanimity (being), processor 7 meeting bases program stored, function, relation are in advance synthesized identity informations such as identification cipher and biological characteristic, generate new identity key (step S313);

Embodiment authenticates mobile phone and by direct output unit 62 identity information, application messages such as identification cipher, biological characteristic, key, ID (identity number), card sending mechanism, service department's feature, number is directly sent (step S315) to demo plant:

Demo plant receives whole identity informations and application message (step S316), with identification cipher, biological characteristic and key with the judgement (step S319) of comparing of the identification cipher, biological characteristic and the key that are stored in the authenticating party in the demo plant in advance;

Comparison result inconsistent (denying) is replied to the authentication mobile phone: authentification failure (step S321);

Comparison result unanimity (being), demo plant is used processing, and replys application result (step S323) to the authentication mobile phone.

The foregoing description authentication mobile phone is used for authenticating party and by the authenticate device in the machine telephone dial connection function is carried out control flow as shown in Figure 9:

The foregoing description authentication mobile phone is when telephone dial connection, pass through the identification cipher of input media 4 input authentication sides earlier, gather biological characteristic (step S411) by physical characteristics collecting device 3, said apparatus will be imported, the identification cipher that collects, biological characteristic is sent to processor 7, processor 7 with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage compare (step S412) in advance in the primary memory 81, comparison result inconsistent (denying), can show by display 2: authentification failure in the machine, dial and connect and to pass through (step S414), comparison result unanimity (being), telephone dial connection are smoothly by (step S413).

The foregoing description authentication mobile phone is with the difference of existing single mobile phone and single authentication card: on the basis of mobile phone, increased the biological autonomous authentication function of multilayer password; On the basis of authentication card, increased cell-phone function.

The identity authentication function of the foregoing description authentication mobile phone is with the difference of existing authentication: all identity informations are stored in authenticating party self-contained the authentication mobile phone and certificate server 30, but not are stored in authentication; Password input, physical characteristics collecting and the comparison thereof of all verification process, identity information send to certificate server 30, all by the self-contained authentication mobile phone of authenticating party, independently finish by device in the machine, and do not need device Card Reader, input password and gather biological characteristic by authentication; The authentication mobile phone goes for the authentication of all application services, and then changes a kind of card of a kind of authentication method of a kind of application server.

The beneficial effect of the foregoing description authentication mobile phone is: biological autonomous authentication function of multilayer password and telephony feature are merged and one, are the extensions of single mobile phone and single authentication card function, and purposes is more extensive.

The beneficial effect of the authentication function of the foregoing description authentication mobile phone is: make authenticating party need not to carry out passive authentication on the device of authentication, but the authentication mobile phone that can carry by authenticating party as required carries out autonomous authentication whenever and wherever possible; Effectively prevent the leakage of identity information; Improve the reliability of authentication.

Though the present invention by the foregoing description openly as above; but it is not in order to restriction the present invention; any professional and technical personnel still can do a little change and modification without departing from the spirit and scope of the present invention, so protection scope of the present invention is when being as the criterion with the scope that claims of the present invention were defined.

Claims (7)

1. a portable multilayer password biology is from the master authentication card, be used for authenticating party by authentication card, network, certificate server, demo plant and application server to authentication provide autonomous authentication and application message, it is characterized in that: on the master authentication card, be equipped with at a portable multilayer password biology:

A processor is connected with following each device, is used to handle all identity informations, data and application message;

Storage stack, be connected with processor, comprise: primary memory, be used for privacy identity information, open identity information and the card sending mechanism such as biological characteristic, identification cipher, ID (identity number) of authentication storage side in advance, feature, number, application message and the system program of service department, and computing composition rule, function, relation between above-mentioned feature, internal storage data for processor call and

By memory read, be used for storing open identity information of demo plant transmission and application message outside authenticating card, and reception memorizer, the receiving trap that is used for the authentication storage card blocks, installs the identity information and the application message that receive from certificate server and other;

At least a physical characteristics collecting device is connected with processor, is used to gather the biological characteristic of authenticating party;

An input media is connected with processor, is used for identification cipher, authentication number, the application message of input authentication side;

One group of output unit is connected with processor, comprising: by network to certificate server send identity information, authentication number, application message the network output unit and

Directly send the direct output unit of identity information, application message to other devices;

One group of received device is connected with processor, comprising: by network receive identity information that certificate server sends, application message the network receiving trap and

Directly receive the direct receiving trap of identity information, number, application message from other devices;

A network interface card, be connected with network output unit, network receiving trap, and be connected with processor by network output unit, network receiving trap, be used for connection with network, one group of unique sign indicating number number in network is arranged in the network interface card, corresponding one by one with ID (identity number), identity information, authentication number and application message are sent to certificate server by network interface card by network;

One group interface is connected with processor, comprising: be used to authenticate the typing in advance of system program installation, identity information, feature of card and storage, setting and modification main interface and

Be used for being connected, carry out the information interface of message exchange and processing with other devices;

A display is connected with all devices by processor, is used to show various information;

A power supply is connected with device in all cards by processor, is used for to all device provisioning electric power;

The common authentication card of forming of said apparatus is used for authenticating party by authentication card, network, certificate server, provides the flow process of autonomous authentication and application message to be to the demo plant and the application server of authentication:

Authenticating party is by the input of above-mentioned input media or by direct receiving trap Receipt Validation side sign indicating number number, application message, by input media input identification cipher, gather the biological characteristic of authenticating party by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the primary memory, comparison result is inconsistent, can show by display: authentification failure in the card, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, to disclose identity information simultaneously deposits in by memory read, send by direct output unit demo plant outside the authentication card that is in same place, or pass through network interface card, network, certificate server is transmitted the open identity information of authenticating party to the demo plant in strange land by network, and with identification cipher, biological characteristic, key, ID (identity number), card sending mechanism, service department's feature, identity informations such as number, the demo plant number of authentication, application message is by the network output unit, network interface card is sent to certificate server by network, further authenticate by certificate server, after application server is used processing, send the setting identity information and the application result of authenticating party to the demo plant of authentication by certificate server;

The demo plant of authentication comprises authentication card and other demo plant of other said structure;

When demo plant is the authentication card of other said structure, demo plant directly receives by direct receiving trap, or receive the open identity information of authenticating party by network, receive the setting identity information and the application result of the above-mentioned authenticating party that sends by certificate server by network interface card and network receiving trap, by the demo plant processor with the computing of comparing of these two kinds of identity informations, comparison result can not pass through, can show authentification failure by display, comparison result passes through, the setting identity information that can show authenticating party by display, demo plant is replied authentication result to certificate server, and certificate server is replied authentication card and application server again;

The common authentication card of forming of said apparatus is used for authenticating party by authentication card, network, certificate server, provides the flow process of autonomous authentication and application message to be to application server:

Authenticating party receives the application message that other devices send by above-mentioned input media input or by direct receiving trap, identification cipher by input media input authentication side, gather biological characteristic by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the primary memory, comparison result is inconsistent, can show by display: authentification failure in the card, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, and with identification cipher, biological characteristic, key, ID (identity number), card sending mechanism, service department's feature, identity informations such as number, application message is by the network output unit, network interface card is sent to certificate server by network, further authenticate by certificate server, after application server is used processing, reply application result by certificate server to the authentication card again;

The common authentication card of forming of said apparatus is used for authenticating party by the authentication card, provides the flow process of autonomous authentication and application message to be to demo plant:

Authenticating party is by the input of above-mentioned input media or authentication number and application message by direct receiving trap Receipt Validation device transmission, by input media input identification cipher, gather the biological characteristic of authenticating party by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the primary memory, comparison result is inconsistent, can show by display: authentification failure in the card, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, and with identification cipher, biological characteristic, key, ID (identity number), card sending mechanism, service department's feature, identity informations such as number, application message sends to demo plant by the direct output unit of authentication card, authenticate by demo plant, and after using processing, reply application result by demo plant to the authentication card again.

2. multilayer password biology as claimed in claim 1 is characterized in that from the master authentication card physical characteristics collecting device is the fingerprint harvester, and directly output unit is wireless output unit, and directly receiving trap is a radio receiver, and network interface card is a wireless network card.

3. the biological autonomous Verification System of a multilayer password, be used for authenticating party by authentication card, network, certificate server, demo plant, application server to authentication provide autonomous authentication and application message, be used for authenticating party by authentication card, network, certificate server, provide autonomous authentication and application message to application server, it is characterized in that said system comprises:

A portable multilayer password biology is from the master authentication card, network interface card by in blocking is connected with certificate server with network, and the authentication card comprises: a processor, be connected with device in all cards, be used to handle all identity informations, data and application message; Storage stack, be connected with processor, comprise: primary memory, be used for the biological characteristic of authentication storage side in advance, identification cipher, privacy identity informations such as ID (identity number), open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation, internal storage data calls for processor, with by memory read, be used to store open identity information and the application message that demo plant sends outside the authentication card, and reception memorizer, the receiving trap that is used for the authentication storage card is from certificate server and other cards, identity information and application message that device receives; At least a physical characteristics collecting device is connected with processor, is used to gather the biological characteristic of authenticating party; An input media is connected with processor, is used for identification cipher, authentication number, the application message of input authentication side; One group of output unit is connected with processor, comprising: send the network output unit of identity information, authentication number, application message and install the direct output unit that directly sends identity information, application message to other to certificate server by network; One group of received device is connected with processor, comprising: receive the network receiving trap of identity information that certificate server sends, application message and directly receive the direct receiving trap of identity information, number, application message from other devices by network; A network interface card, be connected with network output unit, network receiving trap, and be connected with processor by network output unit, network receiving trap, be used for connection with network, one group of unique sign indicating number number in network is arranged in the network interface card, corresponding one by one with ID (identity number), identity information, authentication number and application message are sent to certificate server by network interface card by network; One group interface, be connected with processor, comprise: be used to authenticate system program installation, identity information, password, the typing in advance of feature and the main interface of storage, setting and modification of card, be connected with other devices, carry out the information interface of message exchange and processing with being used for; A display is connected with all devices by processor, is used to show various information; A power supply is connected with device in all cards by processor, is used for to all device provisioning electric power;

A certificate server, by network and access code, sign indicating number number with authentication card, application server, demo plant, writing station is connected in advance, include Verification System and identity database, store feature, number, application message and the system program of the privacy identity informations such as biological characteristic, identification cipher, ID (identity number) of authenticating party, open identity information and card sending mechanism, service department in advance, and computing composition rule, function, relation between above-mentioned feature;

A writing station in advance, be connected with certificate server by network, be connected with the authentication card by the interface on the authentication card, be used for to the authentication card, certificate server writes the biological characteristic of authenticating party, identification cipher, privacy identity informations such as ID (identity number), open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation, be used for above-mentioned information, the reparation of data and modification, under other situation, writing station only writes the system program that authentication blocks in advance at authentication card and certificate server in advance, application message, the card sending mechanism feature, card number information, data, the biological characteristic of authenticating party, identification cipher, privacy identity informations such as ID (identity number), open identity information, information such as service department's feature, data are blocked one-time write by authenticating party by authentication;

A transmission network, with the authentication card, certificate server, application server, writing station, demo plant are connected in advance, be used to authenticate between card and the certificate server, information, data between certificate server and the demo plant, between certificate server and the application server transmit, network all is assigned different access codes unique in network number, number for certificate server, every authentication card, each application server, each demo plant;

A demo plant, be connected with certificate server with access code by network, be used to receive the identity information and the application message of certificate server and the transmission of authentication card, demo plant comprises following kind: the authentication card of other said structure, can receive identity information, application message that certificate server and authentication card send simultaneously, be used to confirm the identity and the application message of authenticating party, other demo plants can receive identity information and application message that certificate server and authentication card send;

One group of application server connects with certificate server by network, stores the application data and the application message of authenticating party;

The common Verification System of forming of said apparatus is used for authenticating party by authentication card, network, certificate server, provides the flow process of autonomous authentication and application message to be to the demo plant of application server and authentication:

Authenticating party is by input media input in the card or by direct receiving trap Receipt Validation side number, application message, identification cipher by input media input authentication side, gather biological characteristic by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the primary memory, comparison result is inconsistent, can show by display: authentification failure in the card, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, to disclose identity information simultaneously deposits in by memory read, send by direct output unit demo plant outside the authentication card that is in same place, or pass through network interface card, network, certificate server is transmitted the open identity information of authenticating party by network to the demo plant in strange land, and with identification cipher, biological characteristic, key, ID (identity number), card sending mechanism, service department's feature, identity informations such as number, the authentication number, application message is by the network output unit, network interface card is sent to certificate server by network;

Certificate server receives the identity information that the authentication card is sent, after authentication number and the application message, according to program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, with this identity key be stored in identification cipher in the identity database in advance, biological characteristic, identification cipher with the transmission of authentication card, biological characteristic and key are compared, comparison result is inconsistent, certificate server is replied the authentication card by network and access code: authentification failure, the comparison result unanimity, application message is sent to application server, after the application server processes result is turned back to certificate server, the authentication number that certificate server is sent according to the authentication card is by setting identity information and the application result of network to demo plant transmission authenticating party;

The demo plant of authentication comprises authentication card and other demo plant of other said structure;

When demo plant is the authentication card of other said structure, demo plant directly receives by direct receiving trap, or receive the open identity information of authenticating party by network, receive the setting identity information and the application result of the above-mentioned authenticating party that sends by certificate server by network interface card and network receiving trap, by processor with the computing of comparing of these two kinds of identity informations, comparison result can not pass through, can show authentification failure by display, comparison result passes through, and can show the setting identity information of authenticating party by display;

Demo plant is replied authentication result by network to certificate server by after the authentication to authenticating party, obtains or abandon the affirmation information of application result;

Certificate server is replied authentication result and application result according to the return information of authentication to the authentication card, replys to application server and confirms the result;

The common Verification System of forming of said apparatus is used for authenticating party by authentication card, network, certificate server, provides the flow process of autonomous authentication and application message to be to application server:

Authenticating party receives the application message that other devices send by input media input in blocking or by direct receiving trap, identification cipher by input media input authentication side, gather biological characteristic by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the primary memory, comparison result is inconsistent, can show by display: authentification failure in the card, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, and with identification cipher, biological characteristic, key, ID (identity number), card sending mechanism, service department's feature, identity informations such as number, application message is by the network output unit, network interface card is sent to certificate server by network;

After certificate server receives the identity information and application message that authentication card sends, according to program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, with this key be stored in identification cipher in the identity database in advance, biological characteristic, identification cipher with the transmission of authentication card, biological characteristic and key are compared, comparison result is inconsistent, certificate server is replied the authentication card by network and access code: authentification failure, the comparison result unanimity, application message is sent to application server, after the application server processes result is turned back to certificate server, certificate server is replied application result by network to the authentication card.

4. the biological autonomous Verification System of multilayer password as claimed in claim 3 is characterized in that network is a mobile radio network.

5. the biological autonomous authentication method of a multilayer password, be used for authenticating party by the authentication card, network, certificate server, demo plant to application server and authentication provides autonomous authentication and application message, be used for authenticating party by the authentication card, network, certificate server, provide autonomous authentication and application message to application server, be used for authenticating party by the authentication card, provide autonomous authentication and application message to demo plant, wherein above-mentioned authentication card is by the processor that is installed in the card, storer, the physical characteristics collecting device, input media, output unit, receiving trap, network interface card, information interface, display, power supply is formed, and by the authentication card, certificate server, application server, demo plant, writing station is connected to form Verification System by network in advance, and said method comprises the following steps:

1. above-mentioned writing station in advance is with feature, number, application message and the system program of privacy identity informations such as the biological characteristic of authenticating party, identification cipher, ID (identity number), open identity information and card sending mechanism, service department, and computing composition rule, function, relation between above-mentioned feature write the storer and the certificate server of authentication card; Under other situation, writing station only writes system program, application message, card sending mechanism feature, card number information, the data that authentication blocks in advance at authentication card and certificate server in advance, and information, data such as privacy identity informations such as the biological characteristic of authenticating party, identification cipher, ID (identity number), open identity information, service department's feature are write to card internal storage and certificate server identity database by the authentication card is disposable by authenticating party;

2. above-mentioned authenticating party is by the input of the input media in it or by direct receiving trap Receipt Validation side's number and application message, identification cipher by input media input authentication side, gather biological characteristic by the physical characteristics collecting device, and with the identification cipher that obtains, biological characteristic is with the identification cipher and the biological characteristic comparison of storage in advance in the card internal storage, block interior authentication, compare inconsistent, authentification failure in the card, comparison is consistent, the card inner treater is by the computing composition rule between above-mentioned feature, function, relation generates new identity key, demo plant outside card sends by direct output unit or network will to disclose identity information simultaneously, with identification cipher, biological characteristic, key, authentication sign indicating number number, application message, ID (identity number), card sending mechanism, service department's feature, identity informations such as number are by the network output unit, network interface card is sent to certificate server by network;

3. above-mentioned certificate server receives the identity information that the authentication card is sent, after authentication number and the application message, according to program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, with this key be stored in identification cipher in the identity database in advance, biological characteristic, identification cipher with the transmission of authentication card, biological characteristic and key are compared, comparison result is inconsistent, certificate server is replied the authentication card by network: authentification failure, the comparison result unanimity, application message is sent to application server, after the application server processes application result is turned back to certificate server, the authentication number that certificate server is sent according to the authentication card is by setting identity information and the application result of network to the demo plant transmission authenticating party of authentication;

4. the demo plant of above-mentioned authentication comprises authentication card and other demo plant of other said structure; When demo plant is the authentication card of other said structure, demo plant directly receives by direct receiving trap in it, or receive the open identity information of authenticating party by network, receive the setting identity information and the application result of the authenticating party that sends by certificate server by network interface card and network receiving trap, by processor with the computing of comparing of these two kinds of identity informations, comparison result can not pass through, can show authentification failure by display, comparison result passes through, and can show the setting identity information of authenticating party by display; Demo plant is replied authentication result by network to certificate server by after the authentication to authenticating party, obtains or abandon application result; Certificate server is replied authentication result and application result according to the return information of authentication demo plant to the authentication card, replys to application server and confirms the result;

If belong to authenticating party by authentication card, network, certificate server, provide the situation of autonomous authentication and application message to application server, in above-mentioned steps the 2. in the step, do not import or Receipt Validation side's number not; 3. in the step, after the application server processes application result is turned back to certificate server in above-mentioned steps the, certificate server is replied application result by network to the authentication card;

If belong to authenticating party by the authentication card, the situation of autonomous authentication and application message is provided to demo plant, in 2. top step the goes on foot, after authenticating in the card, do not send information to certificate server, but with identity informations such as identification cipher, biological characteristic, key, authentication sign indicating number number, application message, ID (identity number), card sending mechanism, service department's characteristic numbers, or above-mentioned part identity information directly sends to demo plant, authenticate by demo plant, after using processing, directly reply application result to the authentication card by demo plant.

6. a multilayer password biology is from the master authentication telephone set, except that telephony feature, be used for authenticating party by the authentication telephone set, network, certificate server, demo plant to application server and authentication provides autonomous authentication and application message, be used for authenticating party by the authentication telephone set, network, certificate server, provide autonomous authentication and application message to application server, be used for authenticating party by the authentication telephone set, provide autonomous authentication and application message to demo plant, being used for authenticating party controls telephony feature by the authentication card in the machine, it is characterized in that: on same authentication telephone set, be equipped with simultaneously:

One cover phone integrated circuit board is connected with the authentication card; One width of cloth microphone, a set of headphones, a block power supply all is connected with the phone integrated circuit board;

An authentication card is connected with the phone integrated circuit board, comprising: a processor, be connected with device in all cards, and be used to handle all identity informations, data and application message; Storage stack, be connected with processor, comprise: primary memory, be used for the biological characteristic of authentication storage side in advance, identification cipher, privacy identity informations such as ID (identity number), open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation, internal storage data calls for processor, with by memory read, be used to store open identity information and the application message that demo plant sends outside the authentication card, and reception memorizer, the receiving trap that is used for the authentication storage card is from certificate server and other cards, identity information and application message that device receives; At least a physical characteristics collecting device is connected with processor, is used to gather the biological characteristic of authenticating party; An input media is connected with processor, is used for identification cipher, authentication number, the application message of input authentication side; One group of output unit is connected with processor, comprising: send the network output unit of identity information, authentication number, application message and install the direct output unit that directly sends identity information, application message to other to certificate server by network; One group of received device is connected with processor, comprising: receive the network receiving trap of identity information that certificate server sends, application message and directly receive the direct receiving trap of identity information, number, application message from other devices by network; A network interface card, be connected with network output unit, network receiving trap, and be connected with processor by network output unit, network receiving trap, be used for connection with network, one group of unique sign indicating number number in network is arranged in the network interface card, corresponding one by one with ID (identity number), identity information, authentication number and application message are sent to certificate server by network interface card by network; One group interface, be connected with processor, comprise: be used to authenticate system program installation, identity information, password, the typing in advance of feature and the main interface of storage, setting and modification of card, be connected with other devices, carry out the information interface of message exchange and processing with being used for; A display is connected with all devices by processor, is used to show various information; A power supply is connected with device in all cards by processor, is used for to all device provisioning electric power;

One group of switch that is installed on the input media is used for the conversion between telephony feature and the authentication function;

Above-mentioned input media, display all are connected with the phone integrated circuit board, are phone integrated circuit board and authentication card composite device; For other situation, above-mentioned network interface card is connected with the phone integrated circuit board, is phone integrated circuit board and authentication card composite device;

The common authentication telephone set of forming of said apparatus except that telephony feature, is used for authenticating party by authentication telephone set, network, certificate server, provides the flow process of autonomous authentication and application message to be to the demo plant of application server and authentication:

Authenticating party is by input media input in the machine or by direct receiving trap Receipt Validation side number, application message, identification cipher by input media input authentication side, gather biological characteristic by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the password and the biological characteristic of storage are compared in advance in the primary memory, comparison result is inconsistent, can show by display: authentification failure in the machine, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, to disclose identity information simultaneously deposits in by memory read, send by direct output unit demo plant outside the machine that is in same place, or pass through network interface card, network, certificate server is transmitted the open identity information of authenticating party to the demo plant in strange land by network, and with identification cipher, biological characteristic, key, ID (identity number), card sending mechanism, service department's feature, identity informations such as number, the authentication number, application message is by the network output unit, network interface card is sent to certificate server by network, further authenticate by certificate server, after application server is used processing, send the setting identity information and the application result of authenticating party to the demo plant of authentication by certificate server;

The demo plant of authentication comprises authentication telephone set and other demo plant of other said structure;

When demo plant is the authentication telephone set of other said structure, demo plant directly receives by direct receiving trap in it, or receive the open identity information of authenticating party by network, receive the setting identity information and the application result of the above-mentioned authenticating party that sends by certificate server by network interface card and network receiving trap, by the demo plant processor with the computing of comparing of these two kinds of identity informations, comparison result can not pass through, can show authentification failure by display, comparison result passes through, the setting identity information that can show authenticating party by display, demo plant is replied authentication result to certificate server, and certificate server is replied authentication telephone set and application server again;

The common authentication telephone set of forming of said apparatus is used for authenticating party by authentication telephone set, network, certificate server, carries out self-authentication and use the flow process of handling to application server being:

Authenticating party receives the application message that other devices send by above-mentioned input media input or by direct receiving trap, identification cipher by input media input authentication side, gather biological characteristic by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the primary memory, comparison result is inconsistent, can show by display: authentification failure in the machine, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, and with identification cipher, biological characteristic, key, ID (identity number), card sending mechanism, service department's feature, identity informations such as number, application message is by the network output unit, network interface card is sent to certificate server by network, further authenticate by certificate server, after application server is used processing, reply application result by certificate server to the authentication telephone set again;

The common authentication telephone set of forming of said apparatus is used for authenticating party by the authentication telephone set, provides the flow process of autonomous authentication and application message to be to demo plant:

Authentication number and application message that authenticating party passes through the interior input media input of machine or sends by direct receiving trap Receipt Validation device, by input media input identification cipher, gather the biological characteristic of authenticating party by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the primary memory, comparison result is inconsistent, can show by display: authentification failure in the machine, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, and with identification cipher, biological characteristic, key, ID (identity number), card sending mechanism, service department's feature, identity informations such as number, application message sends to demo plant by the direct output unit of authentication telephone set, authenticate by demo plant, and after using processing, reply application result by demo plant to the authentication telephone set again;

The common authentication telephone set of forming of said apparatus is used for the flow process that authenticating party controls telephony feature by the authentication card in the machine and is:

The authentication telephone set is carrying out phone, information is dialed and connected with telephony feature and is selected, during setting, authenticating party needs earlier by input media input identification cipher in the machine, gather biological characteristic by the physical characteristics collecting device, said apparatus will be imported, the identification cipher that collects, biological characteristic is sent to processor, processor is compared the identification cipher and the biological characteristic that obtain with identification cipher and the biological characteristic stored in advance in the primary memory, comparison result is inconsistent, show by display: authentification failure in the machine, dial and connect, function selecting, setting can not be passed through, the comparison result unanimity is dialed and connected, function selecting, set and pass through smoothly.

7. multilayer password biology according to claim 6 is from the master authentication telephone set, it is characterized in that: the phone integrated circuit board of installing on same authentication telephone set is the phone integrated circuit board of wireless mobile phone, microphone, earphone are microphone, the earphone of wireless mobile phone, and network interface card is the network interface card of mobile radio network.

Images