525096 經濟部智慧財產局員工消費合作社印製 A7 B7 五、發明説明() <發明領域〉 本發明係有關於一種利用生物特徵在遠端認證身份之 系統,尤指一種藉由遠端辨識設備,以快速辨識近端或中 間端設備給予的生物辨識資料(生物特徵值及身份索引資 料)之身份認證系統。 <發明背景及先前技藝> 按,網際網路(internet)為目前最為方便取得資訊的 媒介,舉凡是任何有關於經濟、政治、科學、軍事、教育、 娛樂···專等各項各類之資訊,皆可輕易地經由網際網 路之連結而迅速獲取相關之資訊’而這些資訊的取得絕大 部份是來自位於網際網路中的眾多網站,而在網站或遠端 的資料庫’為了方便管理起見’通常會加設以使用者ID 及密碼的門戶管理措施,使網際網路近端之使用者必需通 過身份認證後,方能取得或閱覽所需之資訊。 然而,上述習知的網際網路在於作近端使用者及網站 或遠端資料庫間之認證式,如普遍採用的使用者統一編號 (USER ID)及密碼(PASSWORD)之認證方式,則易被近端 的使用者假造、同一組使用者ID及密碼供多人輪流冒名 使用或相互盜取使用,造成網站或遠端資料庫無法辨別使 用者之身份是否為真實,致使網站或遠端資料庫的認證系 統形同虛設,因而蒙受大量的金錢損失,並且,極易有遭 冒名駭客入侵破壞系統之危險,實乃目前網際網路認證處 理上之一大困擾及隱憂。 此外,在某些區域網路辛,如企業中的近端使用者與 ----2______ 本纸張尺度適用中國國家標準(CNS)A4規格(210X297公釐) (請屯閲讀背面之注意事項再填寫本頁}525096 Printed by the Consumer Property Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7 V. Description of the Invention () Field of Invention The present invention relates to a system that uses biological characteristics to authenticate identity at a remote site, especially a remote identification device , An authentication system for quickly identifying biometric data (biometric values and identity index data) given by near-end or middle-end equipment. < Background of Invention and Previous Techniques > According to the Internet, the Internet is currently the most convenient medium for obtaining information. For example, there are all kinds of issues related to economics, politics, science, military, education, entertainment ... This kind of information can be quickly obtained through the Internet links and related information 'and most of these information are obtained from many websites located on the Internet, and on the website or remote databases 'For the convenience of management', portal management measures with user ID and password are usually added, so that users on the near end of the Internet must obtain identity authentication before they can obtain or view the required information. However, the above-mentioned conventional Internet is used as an authentication method between a near-end user and a website or a remote database. It is easy to use the commonly used user ID and password authentication methods. Forged by a near-end user, the same set of user IDs and passwords are used by multiple people in an impostor or stolen from each other, causing the website or remote database to be unable to distinguish whether the user's identity is true, resulting in the website or remote data The authentication system of the library is a virtual one, so it suffers a lot of money loss, and it is very easy to be invaded by an impersonated hacker to damage the system, which is one of the major problems and concerns of the current Internet authentication processing. In addition, in some local networks, such as near-end users in enterprises and ---- 2______ This paper size applies to China National Standard (CNS) A4 specification (210X297 mm) (Please read the precautions on the back) Fill out this page again}
525096 A7 ___ B7 _____ 五、發明説明() (請先閱讀背面之注意事項再填寫本頁 遠端的資料庫連結上,亦是採用上述習知的網際網路之使 用者ID及密碼輸入的認證方式’相同地’在s忍邊上亦會 產生上述的造假使用、冒名頂替使用及相互盜取使用之問 題。 或有因而萌生改良者,在近端的使用者主機上加設以 指紋或卡片資料辨識系統,藉以結合使用者ID及密碼認 證方式,而達到雙重認證之效果,但是在於卡片認證部份’ 其效果是與使用者ID與密碼認證方式一樣,是容易被造 假使用 '冒名頂替或相互盜取使用的,因此其認證效果並 不佳;而在指紋的辨識認證方面,由於其認證方式是採以 將遠端資料庫儲存之註冊指紋資料送到近端主機上,而由 近端主機内建的指紋辨識系統將輸入之使用者指紋與註冊 指紋作比對,易遭駭客直接仿冒近端主機發出假的驗證結 果給遠端主機,而衍生出更嚴重的假認證問題。 經濟部智慧財產局員工消費合作社印製 另外,在傳統的金融交易體系中,亦存有相同之認證 問題,如以習知的ATM自動櫃員機付款時,則藉由金融 磁卡或1C卡直接交由機器判讀後,再輸入使用者密碼之 自動認證付款方式,則極易因金融磁卡或1C卡遺失或遭 複製盜用,而致使冒用卡片盜領金錢之違法事件層出不 > 窮’導致金融信用之危機,實乃目前金融交易上之一大問 題。 而上述的習知以近端的指紋資料或卡片資料輸入,再 加上使用者編號、密碼的雙重認證模式,在實際應用上, 由於僅在使用端作認證處理,無法符合CA的第三者認證 ----- 3 ------- 本紙張尺度適用中國國家樣準(CNs ) A4規格(210X 297公釐) 需求及精神。 將複雜及精確的指紋資料比對及認證工作交由遠端 機來執行時,若不使用平衡負載的機制,在於網際網路的 應用上,因數量龐大的使用者同時對遠端的單一的資料庠 或主機要求指紋輸入認證,造成嚴重的認證時間延滯,、 其認證主機當機,無法執行認證工作,將會造成使用者2、 不便及困擾。 、 除此之外,在各種不同資訊系統整合上,則將因指紋 擷取並未元件化,致使資訊工程師需花大量時間撰寫指故 擷取的程式,甚至無法撰寫,且隨著指紋掃瞄設備的更新 而相對更新其系統及軟體,形成應用上之困擾。 <發明目的及概述> 本發明之主要目的即是在於提供一種利用生物特徵在 遠端認證身份之系統,使指紋、聲紋等等生物特徵辨識 得以在遠端進行而可有效杜絕卡片遭盜用、多人冒名使用 或駭客入侵之情形。 本發明之第二目的即是在於提供一種利用生物特徵在 遠端認證身份之系統,在遠端具有平衡負載系統之設計, 使生物特徵值在遠端進行辨識認證之速度更快,而不會有 認證延滯之問題或其中一認證主機當機,可由另一認證主 機繼續執行認證工作。 本發明之第三目的即是在於提供一種利用生物特徵在 遠端認證身份之系統,可符合網際網路中的CA第三人認 證之精神,而適用於CA之認證系統。 6 09 5 2 5 經濟部智慧財產局員工消費合作社印製 A7 B7_ ---—_______________ ________ 發明説明() 本發明之第四目的即是在於提供一種利用生物特徵在 遠端認證身份之系統,使該遠端的生物特徵值辨識具有模 組化的元件,而不必隨生物特徵掃齡元件更新而更換。 為達上述之目的,本發明遠端生物特徵的身份認證系 统,包含一近端輸入設備,以於近端中供使用者輸入指紋、 掌紋、視網膜、聲紋、臉面…等等生物特徵及外加的磁卡 或1C卡等身份索引資料,加密並製作電子簽章後,經由 網路連結送入一中間端設備(網站)_,其具有一生物辨識 資料傳送中繼元件,用以將加密的生物特徵值、身份索引 資料及電子簽章送入一遠端辨識設備t,該遠端辨識設備 中包括一平衡負載伺服器組及生物特徵辨識伺服器組,以 利用ROUND ROBIN DNS原理指定平衡負載伺服器組中 —平衡負載伺服器,其平衡負載伺服器將生物辨識資料依 其辨識方法分別以平衡負載的優先分配處理方式,送入生 物辨識伺服器組中的各個相對應間置的生物特徵辨識飼服 器中加以快速辨識及區別身份,並將其結果以加密及電子 簽章方式傳回中間端設備中,供中間端設備得知身份真偽 的依據。 /… 以下為使貴審查委員對本發明之詳細技術内容及應 用狀態有進一步之瞭解,以下茲列舉若干實施例,並配合 佐以各圖式來作進一步之說明,其中: (一)圖式簡單說明: 第一圖為本發明之利用生物特徵在遠端認證身份之系 統方塊圖; 本纸浪尺度適用中國國家標準(CNS ) Μ規格(210X 297公釐) 525096 at B7 五、發明説明() 第二圖為本發明之利用生物特徵在遠端認證身份之系 統流程圖; 第三圖為本發明中之近端輸入設備的輸入資料處理元 件之方塊圖; 第四圖為本發明中之近端輸入設備的輸入資料處理元 件之系統流程圖; 第五圖為本發明中之生物辨識資料傳送中繼元件的方 塊圖; 第六圖為本發明中之生物辨識資料傳送中繼元件的系 統流程圖;; 第七圖係本發明中之平衡負載伺服器之方塊圖; 第八圖係本發明中之平衡負載伺服器之系統流程圖; 第九圖為本發明中生物特徵辨識伺服器組中之生物特 徵辨識伺服器之方塊圖; 第十圖為本發明中生物特徵辨識伺服器組中之生物特 徵辨識伺服器之系統流程圖; 經濟部智慧財產局員工消費合作社印災 第十一圖為本發明中的平衡負載伺服器取得生物特徵 辨識伺服器組間負載狀況的流程圖; 第十二圖為本發明中的生物特徵辨識伺服器組通知平 衡負載伺服器負載狀況流程圖; (二)圖號說明 100認證糸統 10 近端輸入設備 11 生物資料輸入處理元件 ___-6—--- 本纸張尺度適用中國國家標準(CNS ) A4規格(210X 297公釐) 525096 at B7 五、發明説明 12 應用程式模組 200外加輸入裝置 300生物特徵擷取裝置 20 中間端設備 21 中間端應用程式模組 22 生物辨識資料傳送t繼元件 30 遠端辨識設備 31 平衡負載伺服器組 31’平衡負載伺服器 32 生物特徵辨識伺服器組 321、321’、322、323、324、325’生物特徵辨識伺服 器 400資料庫 111控制單元 112資料讀取單元 113生物特徵值產生單元 114電子簽章單元 經濟部智慧財產局員工消費合作社印製 115加密單元 221控制單元 222第一傳送及接收單元 223監聽璋 224第二傳送接收單元 225’解密單元 226電子簽章核對單元 本纸張尺度適用中國國家標隼(CNS ) A4規格(210X297公釐) 525096 A7 B7 五、發明説明() 經濟部智慧財產局員工消費合作社印製 311控制單元 312第一傳送及接收單元 313生物辨識分配服務單元 314生物特徵辨識伺服器負載清單存取單元 315’第二傳送及接收單元 316接收廣播單元 317第一監聽埠 318第二監聽埠 33 控制單元 331傳送及接收單元 332負載數存取單元 333解密單元 333’加密單元 334電子簽章核對單元 334’電子簽章單元 335’資料存取單元 336辨識比對單元 337結果產生單元 338監聽琿 339對外廣播單元 <發明之詳細說明> 首先請參閱第一圖所示,本發明之利用生物特徵在遠 端認證身份之系統,在以下稱認證系統,並在各相關圖式 中,以100編號來標示之。其中,該認證系統100包含一 _____3___-__ 本纸張尺度適用中國國家標準(CNS ) A4規格(2l〇X297公釐) A7 525096 五、發明説明() 近端輸入設備10,其型態不限,在本發明中所列舉之實為 近端使用者的個人電腦主機,該近端輸入設備包含一 生物資料輸入處理疋件11及_應用程式模組12,該生物 資料輸入處理元件11是用來供以連結一外加輸入裝置200 及生物特徵擷取裝置300,以分別輸入身份索引資料及生 物特徵值資料,且該外加輪入裝置2⑻不限何種型態,如 磁碟、鍵盤、1C卡、智慧卡、磁卡…等等外加身份索引資 料的讀取設備,在本發明中所列舉的應用例是以IC:卡為 其說明的實施例,藉以輪入近端使用者的索引資料,如編 號(ID) 〇 上述的近端輸入設備10所連結的生物特徵搁取裝置 300 ’其型態亦不加以拘限,可為指紋、掌紋、聲紋、視 網膜、臉面…料生物特徵值的擷取設備,在本發明中則 是以指紋為其㈣时_,用讀人生物_部份的特 徵值,而該生物資料輸人處理元件u則將此兩種資料加 以處理’而該應用程式模組12則泛指電腦主機中 控制及通訊平台,如網際網路之流覽器或复 ' 經 濟 部 智 慧 財 產 局 員 工 消 費 合 h 社 印 製 程式,以將上述之身份索引㈣及生物之軟體 結而傳輸至-巾。 錢透過網路連 上述的中間端設備20,其型態亦不拘限,在本义 列舉之實施例是網站之主機或伺服器,其中,节中^月所 備20中包括有一中間端應用程式模組21 =]端叹 傳送中繼元件22,該中間端應用程式模組21之型料 本纸浪尺度適用中國國豕標準(CNS ) Α4規格(210x29*7公董 在本發明t所列舉之實施例為電腦主機或伺服器;不限’ ; ; —;~ ---Q____ ° T < 網際 525096 A7 B7 五、發明説明() 網路通訊平台,藉以接收來自近端輸入設備10的應用程 式模組12所送出加密的身份索引資料、生物特徵值及電 子簽章並送入生物辨識資料傳送中繼元件22作處理,而 該生物辨識資料傳送中繼元件22則將此生物辨識資料及 電子簽章經網路連結而傳送至一遠端辨識備30中。 上述的遠端辨識設備30之型態不拘,在本發明中則 是以遠端大型主機或伺服系統為其說明的實施例,其中, 包括一平衡負載伺器組31及一生物特徵辨識伺服器組 32,該平衡負載服器組31包含有若干個平衡負載伺服器3Γ, 由其中之一平衡負載伺服器31’來接收中間端設備20之生 物辨識資料傳送中繼元件22所傳送出來的生物辨識資料 及電子簽章,以將生物辨識資料及電子簽章以平衡負載控 制模式送入生物特徵辨識伺服器組32内作生物特徵之辨 識,而該生物特徵辨識伺服器組32係包含有若干個生物 特徵辨識伺服器321、32Γ ' 322、323、324、325’,其數 量不拘,在本發明中所列舉之數量為六個,且該生物特徵 辨識伺服器321、32Γ為一對表示不同的指紋辨識方法之 經濟部智慧財產局員工消費合作社印製 伺服器,而生物特徵辨識伺服器322〜325’為獨立的伺服 器型態,其分別代表聲紋、掌紋、視網膜、臉面的生物特 徵辨識伺服器,可分別透過網路連至一資料庫400,以將 資料庫400内所建立的使用者之指紋、聲紋、掌紋、視網 膜或臉面等生物特徵值資料取出後,再與原先自中間端設 備20所取得的生物特徵值進行比對辨識,並將其加密的 辨識結果及電子簽章經由平衡負載伺服器31’丟回中間端 ____ 10 _ 本纸張尺度適用中國國家標準(CNS ) A4規格(210X 297公釐) 525096 A7 B7 五、發明説明() 設備20中,而由該_間端設備2〇(網站),依據遠端辨識 設備30通知近端使用者身份的真偽作合理的動作。 而在上述的遠端辨識設備30之平衡負載飼服器31,對 該生物特徵辨識伺器组32的各生物特徵辨識伺服器321、 JI 填 、322、323、324、325’則具有平衡負載控制及資料傳 輸之功能,其詳細的操作說明及其產生之功能,在以下文 中將有詳盡之說明,容後陳明。 請再配合第二圖所示,為本發明之認證系統1〇〇的系 統流程圖,其步驟包括有·· (210)呼叫資料輸入處理元件;即由該近端輸入設備1〇的 應用程式模組12呼叫該生物資料輸入處理元件11, 供以輸入身分索引資料及生物特徵資料; (215)輸入使用者之身份索引資料;即藉由外加輸入裝置 200來對該近端輸入設備1〇輸入磁碟、鍵盤、IC卡、 智慧卡 '磁卡…等等型態的外加身份索引資料,如使 用者編號(ID)等資料。 (220)輸入生物特徵資料;藉由近端輸入設備1〇外部連結 經濟部智慧財產局員工消費合作社印製 的生物特徵擷取裝置300供近端使用者輸入指紋、聲 紋、掌紋、視網膜、臉面等生物特徵資料,即生物特 徵值之輸入。 (225)生物辨識資料加密處理及製作電子簽章;即由近端輸 入設備10中的生物輪入資料處理元件U將身份索引 資料及生物特徵資料予以加密及製作電子簽章後,送 至應用程式模組12。 _______ 11 ( 210X297^^7 525096 at B7 五、發明説明() (230)傳送加密的生物辨識資料及電子簽章至中間蠕< 即藉由近端輸入設備10的應用程式模組觜, L. 將經生物 一貝料輸入處理元件11處理過後加密的身份索久 料、生物特徵值資料及電子簽章經網路傳 2 ' 設備20中。 中間端 (235)加密的生物辨識資料及電子簽章送入生 . 資料偟 迗中繼元件;即由中間端設備20的中間端應 、 模組21將自近端輸入設備10傳送過來已加密=裎式 辨識資料及電子簽章送入生物辨識資料傳送繼生物 22中作傳輸之準備。 、’ 7°件 (240)將生物辨識資料傳送至平衡負載伺服器,·即 識資料傳送中繼元件22將上述已加密=物辨 料及電子簽章利用ROUND R〇BlN DNS原理識資 遠端辨識設備30的平衡負載飼服器組二理傳送至 載伺服器3Γ中。 、平衡負 (245)將生物辨識資料傳送至生物特徵辨識 經濟部智慧財產局員工消費合作社印製 衡負載伺服器31,依平衡負载原理及…即由平 求’將生物辨識資料傳送至生物特徵辨識方法需 中負載較輕或閒置的相同生物辨識方Η服器級32 識伺服器321〜325,之一者中,如、之生物特徵辨 紋辨識為實施例,若要求指紋辨識方^明中是以指 識飼服器321的辨識方法相同 二生物特徵辨 物特徵辨識伺服器321中輕負载者。送對象就為生 (25〇)將生物辨識資料解密並加以比對驗签 —-12 且,即由步驟 五、發明説明 中所揭示的生物特徵辨識伺服 紋資料加以相 該生物辨識資料進行解密中輕負載者者對 _中取得咖仏章及自資料庫 互比對驗證。 者扣 (255)依原路㈣㈣料 借·而#丄Η 果及電子簽章至中間端設 三 iKfJ-'477rvif 猎由步驟250的生物特徵辨識伺服器321中輕 ^者對f7特徵值驗證後,將其驗證結果加密及製 包子簽早’並透過平衡負載舰器31,傳送回生物 辨識:料傳送中繼轉22後解密驗證結果及核對電 子簽早,再傳送回中間端設備20的t間端應用程式 模組21中。 )由中間端設備得知最後之驗證處理;即由中間端設備 中的中間鳊應用程式模組21得知生物特徵辨識伺 服器321所送出之驗證結果,以對近端輸入設備1〇 作相對的同意或拒絕使用之動作。 蛵濟部智慧財產局員工消費合作社印製 因此由以上第二圖的步驟210〜260的各項流程及步驟中, 可相當清楚地顯示,在第一圖中所敘述的近端輸入設備 、中間端設備20及遠端辨識設備30間的相對遠端身份 及生物特徵辨識驗證的動作關係及流程;同理,有關於註 ΠΠ, 2Φ- ~β- 一貝料的模式亦可透過類同的關係及流程動作來實 施。 請再配合第三圖所示,係分別為第一圖及第二圖所示 本發明的認證系統100中的近端輸入設備10的生物資料 輸入處理元件11之實施例的詳細方塊圖,惟該實施例的 13 本纸張尺度適用中國國家標準(CNS ) Α4規格(210X 297公釐) 525096 A7 B7 五、發明説明() :示2是了便於說明其技術内容而非是用以拘限其範 可。其中,該生物資料輪入♦ σ 针輸入處理單元包括有-控制單元 了料讀取単二112、生物特徵值產生單元u3、電子 食早單元114及加密單元 5,該資料讀取單元112係與 ^輸入裝置綱相連結,用以取得磁碟'鍵盤、IC卡、 ln'r一-填 11];) Z :、卡、磁卡...等等型態輪人的外加身份索引資料給控制 …1’由控制單元U1交給電子簽章單元114及加密 生„_ 5予乂:別加达及製作電子簽章;而生物特徵值產 β p 113則是與生物特_取裝置则相連結,其型態 =生物特徵擷取裝置3⑽所輪人的生物特徵辨識型態是 m,如以本發明中所列舉的實施例為指紋辨識 =特徵值產生單元113所產生的即是指紋特徵值,同理, 疋^由控制交給電子簽章單元114及加密單元 再將加以 子簽章之動作,並_元件111 的諸索料料、生㈣徵”料及電子簽章 运入應用程式模組12中。 經 濟 部 智 慧 財 產 局 消 f 合 社 印 製 識次,所示’為第三圖所示本發明的生物辨 不在步㈣〜步驟395中,其中,步驟 = 處:元…的資料讀取單元二 'b \ 的貝料輪入控制流程;而步驟355〜牛驟375 == 二:資料輪入處理元件η中的生_值產 一:=取=的生物_制取 _ 乂驟380〜步驟395,則是針對控制單元 本纸張尺度朝帽龄_ 525096 A7 五、發明説明 將上述的身份索引資料及生物特徵值資料交由電子簽章單 2 m及加密單元115分別作電子簽章及加密動作,以將 貝;斗及電子簽早送入應用程式模組12的控制流程。因此, 藉由這些控制流程步驟,可使身份索引資料及生物特徵值 貧枓^行輸入、電子簽章、加密及回傳之動作。 ,明再配合第五圖所示,為本發明中的生物辨識資料傳 运中繼元件22的實施例之系統方塊圖,其中,該生物辨 識資料傳送中繼元件22係包括有一控制單元221、第_傳 C及接故單元222、監聽埠223、第二傳送接收單元224、 解後單元225及電子簽章核對單元226,該第一傳送及接 收單το 222係負責自中間端用程式模組2ι中將已加密的 生物辨識貝料及電子簽章,經由控制單元⑵及第二傳送 及接收單το 224傳送至平衡負載伺服器組31中一平衡負 載伺服器’以及’經由平衡負載伺服器將已加密的驗證結 果資料及電子簽章經由第二傳送及接收單元似傳送至控 制單元221 ’而由控制單元221將驗證結果丟到解密單元 225及電子簽章核對單^ 226中予以解密及核對電子簽章 後再父還控制單疋221,而控制單元221則將解密及核對 電子簽章無誤的驗證結果資料經第一傳送及接收單元222 傳回中間端應用程式模組21中,而有關於第一傳送及接 收單兀222與中間端應用程式模組21間的資料傳送及接 收控制,則由監聽埠223對控制單元221提供監聽資訊, 以使控制單元221可進一步協調第一傳送及接收單元222 與中間端應用程式模組21間的資料連結及傳輸動作。 _ ________ 15 ‘纸張尺度適用中國國家^準(CNS ) A4規格(210X297公釐) " y-7:v;/^:r‘v*::-.'zr;--:-imn'T-ia、v'r?v<¥:525096 A7 ___ B7 _____ V. Description of the invention () (Please read the notes on the back before filling in the database link on the remote side of this page. It is also the user ID and password input authentication using the above-mentioned conventional Internet. The method "same way" will also cause the above-mentioned problems of counterfeit use, impostor use, and stolen use. If there is an improvement, a fingerprint or card is added to the near-end user host. The data identification system combines the user ID and password authentication methods to achieve the effect of two-factor authentication, but in the card authentication part, the effect is the same as the user ID and password authentication methods. It is stolen from each other, so its authentication effect is not good. As for fingerprint identification and authentication, the authentication method is to send the registered fingerprint data stored in the remote database to the near-end host, and The built-in fingerprint recognition system of the host will compare the input user fingerprint with the registered fingerprint, which is vulnerable to hackers directly impersonating the near-end host to issue fake verification. If it is given to a remote host, it will lead to more serious false authentication problems. Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs In addition, the same authentication problems also exist in the traditional financial transaction system, such as the conventional ATM For automatic teller machine payment, the financial magnetic card or 1C card is directly handed over to the machine for interpretation, and then the user's password is automatically authenticated. The payment method is very easy to cause fraud because the financial magnetic card or 1C card is lost or copied. Illegal incidents of card theft of money > poor 'leading to the crisis of financial credit is actually a major problem in financial transactions at present. And the above-mentioned knowledge is input by near-end fingerprint data or card data, plus The two-factor authentication mode of user number and password, in practical applications, because it is only used for authentication at the user end, it cannot meet the third-party certification of CA ----- 3 ------- This paper standard is applicable to China National Standards (CNs) A4 specification (210X 297 mm) Requirements and spirit. When the complex and accurate fingerprint data comparison and authentication work is performed by a remote machine, if the balance is not used, The mechanism is based on the application of the Internet. Due to the large number of users simultaneously requesting fingerprint input authentication for a single remote data host or the host, the serious authentication time is delayed, and the authentication host is down and cannot be executed. Authentication will cause users 2 inconveniences and troubles. In addition, on the integration of various different information systems, fingerprint acquisition is not componentized, which will cause information engineers to spend a lot of time writing instructions. The program can not even be written, and its system and software are relatively updated with the update of the fingerprint scanning device, forming a problem in application. ≪ Objective and Summary of the Invention > The main purpose of the present invention is to provide a utilization The system of biometric authentication at the remote end enables fingerprint, voiceprint and other biometric identification to be performed at the remote end, which can effectively prevent the card from being stolen, used by multiple persons or hacked. The second object of the present invention is to provide a system that uses biometrics to authenticate identities at the remote end, and has a design of a balanced load system at the remote end, so that the biometric value can be identified and authenticated at the remote end faster, without If there is a delay in authentication or one of the authentication hosts is down, the other authentication host can continue to perform authentication. The third object of the present invention is to provide a system for remotely authenticating identity by using biometrics, which can conform to the spirit of CA third-party authentication in the Internet and is applicable to CA's authentication system. 6 09 5 2 5 Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs A7 B7_ -------_______________ ________ Description of the Invention () The fourth purpose of the present invention is to provide a system that uses biometrics to authenticate identities remotely, so that The remote biometric value identification has a modularized component, and does not have to be replaced as the biometric age sweeping component is updated. In order to achieve the above-mentioned objective, the remote biometric identity authentication system of the present invention includes a near-end input device for users to input fingerprints, palm prints, retinas, voice prints, faces, etc. in the near-end and add biometric features and additional After the identity index data such as the magnetic card or 1C card is encrypted and an electronic signature is created, it is sent to a middle-end device (website) via a network link. It has a biometric data transmission relay element for transmitting encrypted biometrics. The characteristic value, identity index data and electronic signature are sent to a remote identification device t. The remote identification device includes a balanced load server group and a biometric server group to specify a balanced load server using the ROUND ROBIN DNS principle. In the server group—balanced load server, the balanced load server sends biometric data according to its identification method to the balanced load priority distribution processing method, and sends it to each corresponding biometric identification in the biometric server group Quickly identify and identify in the feeder, and return the result to the middle-end device by encryption and electronic signature , According to middle end equipment for the authenticity of that identity. / ... The following is to make your reviewing committee have a better understanding of the detailed technical content and application status of the present invention. Here are a few examples, which will be further explained with the accompanying drawings. Among them: (1) The drawing is simple Explanation: The first picture is the block diagram of the system of using the biometrics to authenticate the identity remotely in the present invention; the paper scale is applicable to the Chinese National Standard (CNS) M specification (210X 297 mm) 525096 at B7 5. Description of the invention () The second figure is a flowchart of a system for authenticating identity at a remote end using a biometric feature of the present invention; the third figure is a block diagram of input data processing elements of a near-end input device in the present invention; System flow chart of input data processing element of terminal input device; the fifth diagram is a block diagram of the biometric data transmission relay element in the present invention; the sixth diagram is the system flow of the biometric data transmission relay element in the present invention Figure; Figure 7 is a block diagram of a balanced load server in the present invention; Figure 8 is a system flowchart of a balanced load server in the present invention The ninth figure is a block diagram of the biometric identification server in the biometric identification server group of the present invention; the tenth figure is a system flowchart of the biometric identification server in the biometric identification server group of the present invention; The 11th figure of the Ministry of Intellectual Property Bureau employee consumer cooperative printing disaster is a flowchart of obtaining the load status between the biometric identification server groups by the balanced load server in the present invention; the 12th figure is the biometric identification server in the present invention Group notification balance load server load flow chart; (two) drawing number description 100 certification system 10 near-end input device 11 biological data input processing element ___- 6 --- --- This paper size applies to Chinese national standards (CNS ) A4 specification (210X 297 mm) 525096 at B7 V. Description of the invention 12 Application module 200 plus input device 300 Biometric capture device 20 Intermediate device 21 Intermediate application module 22 Biometric data transmission relay device 30 Remote identification equipment 31 Balanced load server group 31 'Balanced load server 32 Biometric identification server group 321, 321', 322, 323, 324, 325 'Biometric identification server 400 Database 111 Control unit 112 Data reading unit 113 Biometric value generation unit 114 Electronic signature unit Intellectual property unit of Ministry of Economic Affairs Intellectual Property Bureau Printing 115 Encryption unit 221 Control Unit 222 The first transmitting and receiving unit 223 monitors 224 The second transmitting and receiving unit 225 'Decryption unit 226 Electronic signature verification unit This paper size is applicable to China National Standard (CNS) A4 specification (210X297 mm) 525096 A7 B7 5 Description of the invention () Printed by the Intellectual Property Bureau of the Ministry of Economic Affairs, Consumer Consumption Cooperative 311 Control unit 312 First transmission and reception unit 313 Biometric distribution service unit 314 Biometric server load list access unit 315 'Second transmission and reception unit 316 receive broadcast unit 317 first monitor port 318 second monitor port 33 control unit 331 transmit and receive unit 332 load number access unit 333 decryption unit 333 'encryption unit 334 electronic signature verification unit 334' electronic signature unit 335 'data The access unit 336 identifies the comparison unit 337 and the result generation unit 338 listens to 珲 339 pairs. Broadcasting unit < Detailed description of the invention > First, please refer to the first figure. The system of using the biometrics to authenticate the identity remotely in the present invention is hereinafter referred to as the authentication system, and is numbered 100 in each related drawing. To mark it. Among them, the certification system 100 includes a _____ 3 ___-__ This paper size is applicable to the Chinese National Standard (CNS) A4 specification (21 × 297 mm) A7 525096 5. Description of the invention () Proximal input device 10, its type is not However, the personal computer host listed in the present invention is a near-end user. The near-end input device includes a biological data input processing file 11 and an application program module 12. The biological data input processing element 11 is It is used to connect an external input device 200 and a biometric extraction device 300 to input identity index data and biometric value data, respectively, and the external rotation device 2 is not limited to any type, such as a disk, a keyboard, 1C card, smart card, magnetic card, etc., plus the reading device of identity index data, the application examples enumerated in the present invention are the IC: card as the embodiment, by which the index data of the near-end user is rotated. Such as the number (ID) 〇 The above-mentioned biometric holding device 300 connected to the above-mentioned near-end input device 10 is also not limited in type, and can be used for fingerprints, palm prints, voice prints, retinas, faces, etc. In the present invention, the device for acquiring the characteristic value of an object uses a fingerprint as its time_, and uses the characteristic value of a human biological_ part, and the biological data input processing element u processes the two types of data. 'And the application module 12 generally refers to the control and communication platform in the host computer, such as the Internet browser or the Internet'. The program is printed by the employee consumer agency of the Intellectual Property Bureau of the Ministry of Economic Affairs to index the above identity. The soft tissues of creatures and creatures are transferred to the towel. Money is connected to the above-mentioned middle-end device 20 through the network, and its type is not limited. The embodiment listed in the original meaning is the host or server of the website. Among them, the middle-end application program 20 includes a middle-end application program module. Group 21 =] end sigh transmission relay element 22, the paper size of the middle-end application module 21 is applicable to the China National Standard (CNS) A4 specification (210x29 * 7) The embodiment is a computer host or server; unlimited '; ;; ~ --- Q____ ° T < Internet 525096 A7 B7 V. Description of the invention () Network communication platform to receive applications from the near-end input device 10 The encrypted identity index data, biometric value and electronic signature sent by the program module 12 are sent to the biometric data transmission relay element 22 for processing, and the biometric data transmission relay element 22 sends the biometric data and The electronic signature is transmitted to a remote identification device 30 via a network connection. The type of the remote identification device 30 described above is not limited, and in the present invention, a remote mainframe or servo system is used as an example for description. ,among them, It includes a balanced load server group 31 and a biometric identification server group 32. The balanced load server group 31 includes a plurality of balanced load servers 3Γ, and one of the balanced load servers 31 ′ receives the intermediate device. The biometric data and electronic signature transmitted by the biometric data transmission relay element 20 of 20 are sent to the biometric identification server group 32 as a biometric feature in a balanced load control mode by the biometric data and electronic signature. Identification, and the biometric identification server group 32 includes a plurality of biometric identification servers 321, 32 '' 322, 323, 324, 325 ', the number of which is not limited, the number enumerated in the present invention is six, Moreover, the biometric identification servers 321 and 32Γ are a pair of printed server printed by employees of the Intellectual Property Bureau of the Ministry of Economic Affairs and Intellectual Property Cooperatives, which indicate different fingerprint identification methods, and the biometric identification servers 322 to 325 'are independent server types. , Which respectively represent the voiceprint, palmprint, retina, and face biometric recognition servers, which can be connected to a database 400 through the network to After the user's fingerprint, voiceprint, palm print, retina, or face biometric data is created in the library 400, it is compared with the biometric value originally obtained from the middle-end device 20, and it is identified. The encrypted identification result and electronic signature are returned to the middle end via the balanced load server 31 '____ 10 _ This paper size applies to the Chinese National Standard (CNS) A4 specification (210X 297 mm) 525096 A7 B7 V. Description of the invention ( ) Device 20, and the remote device 20 (website), based on the remote identification device 30 to notify the near-end user of the authenticity of a reasonable action. On the balanced load feeder 31 of the remote identification device 30 described above, each of the biometric identification servers 321, JI, 322, 323, 324, and 325 'of the biometric identification server group 32 has a balanced load. The functions of control and data transmission, its detailed operation instructions and the functions it generates will be explained in detail in the following text, which will be described later. Please cooperate with the second figure as shown in the system flow chart of the authentication system 100. The steps include: (210) call data input processing element; that is, the application program of the near-end input device 10. The module 12 calls the biological data input processing element 11 for inputting identity index data and biometric data; (215) inputting user's identity index data; that is, the input device 200 is added to the near-end input device 1 by adding an input device 200. Enter disk, keyboard, IC card, smart card, 'magnetic card', etc. plus additional identification index data, such as user ID (ID). (220) Input biometric data; the near-end input device 10 is externally connected to the biometric capture device 300 printed by the employee's consumer cooperative of the Intellectual Property Bureau of the Ministry of Economy for the near-end user to input fingerprints, voiceprints, palm prints, retinas, Face and other biometric data, that is, the input of biometric values. (225) Cryptographic processing of biometric data and production of electronic signatures; that is, biometric data processing elements U in the near-end input device 10 encrypt the identity index data and biometric data and make electronic signatures before sending them to the application Program module 12. _______ 11 (210X297 ^^ 7 525096 at B7 V. Description of the invention () (230) Send encrypted biometric data and electronic signature to the middle worm < that is, through the application module of the near-end input device 10, L The encrypted identity data, biometric value data and electronic signature after being processed by the bio-shell material input processing element 11 are transmitted to the 2 ′ device 20 via the network. The biometric data and electronics encrypted at the middle end (235) are encrypted. The signature is sent to the student. The data is a relay element; that is, the middle-end device of the middle-end device 20 and the module 21 transmit the encrypted data from the near-end input device 10 to the device, and the electronic signature is sent to the organism. The identification data transmission is prepared for transmission in the biological creature 22. The 7 ° piece (240) transmits the biological identification data to the balanced load server, that is, the identification data transmission relay element 22 encrypts the above-mentioned encrypted objects and electronic signatures. Chapter 2 uses the ROUND ROBN DNS principle to identify the balanced load feeder group of the remote identification device 30 and transfer it to the load server 3Γ. The balance negative (245) sends the biometric data to the biometric identification ministry of wisdom property Bureau ’s consumer cooperative prints a balanced load server 31, according to the principle of balanced load and ... that is, Ping Qiu ’s transfer of biometric data to the biometric identification method requires the same biometric server with a lighter load or idle 32 In one of the identification servers 321 to 325, the biometric identification pattern identification of such as is an example. If fingerprint identification is required, the identification method of the feeding device 321 is the same as the identification method of the biometric identification object. Identify the light loader in the server 321. Send the object for a living (25) to decrypt the biometric data and check it for verification—-12 And, that is, the biometric recognition servo pattern disclosed in step 5 and the description of the invention The data is compared with the biometric data for decryption. The light loader paired it with _Zhong to obtain the coffee seal and verify the comparison with the database. The deduction (255) is based on the original way. In the middle of the chapter, there are three iKfJ-'477rvif hunting biometric identification server 321 in step 250. After verifying the f7 feature value, the verification result is encrypted and the buns are signed early. , Send Back to biometrics: After the relay is transferred to 22, the verification result is decrypted and the electronic signature is checked early, and then sent back to the t-end application module 21 of the middle-end device 20.) The middle-end device learns the final verification process; That is, the middle-field application module 21 in the middle-end device learns the verification result sent by the biometric identification server 321, so as to relatively agree or refuse to use the near-end input device 10. Printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs. Therefore, from the processes and steps of steps 210 to 260 in the second picture above, the near-end input device and the middle described in the first picture can be displayed quite clearly. The relative remote identity and biometric identification and verification of the action relationship and process between the end device 20 and the remote identification device 30; similarly, regarding the ΠΠ, 2Φ- ~ β- one shell material model can also be similarly Relationships and process actions. Please cooperate with the third figure, which are detailed block diagrams of the embodiment of the biological data input processing element 11 of the near-end input device 10 in the authentication system 100 of the present invention shown in the first and second figures, respectively; The 13 paper sizes of this embodiment are applicable to the Chinese National Standard (CNS) A4 specification (210X 297 mm) 525096 A7 B7 V. Description of the invention (): Shown 2 is for the convenience of explaining its technical content and is not intended to limit Its Fan Ke. Among them, the biological data input ♦ σ pin input processing unit includes-control unit data reading unit 112, biometric value generation unit u3, electronic breakfast unit 114 and encryption unit 5, the data reading unit 112 is Linked with the ^ input device program, used to obtain the disk 'keyboard, IC card, ln'r a-fill 11];) Z :, card, magnetic card ... and other types of identity identification data for Control ... 1 'is given by the control unit U1 to the electronic signature unit 114 and the encrypted student „_ 5 to 乂: Begada and the production of electronic signatures; and the biometric value production β p 113 is related to the biological special _ take device Linked, its type = the biometric identification type of the person selected by the biometric extraction device 3⑽ is m, as in the embodiment listed in the present invention is fingerprint identification = the fingerprint generated by the feature value generating unit 113 is the fingerprint Characteristic value, the same, 疋 ^ Control is passed to the electronic signature unit 114 and the encryption unit, and then the sub-signature will be performed, and the materials, electronic materials, and electronic signatures of the element 111 will be transported into the application. Program module 12. The Intellectual Property Bureau of the Ministry of Economic Affairs has printed the identification number, and it shows that the biological identification of the present invention shown in the third picture is not in step ㈣ ~ step 395, where step = where: Yuan ... 'b \' shellfish turn-in control flow; and steps 355 ~ cattle step 375 == two: raw_value production in the data rotation processing element η one: = 取 = 的 生物 _ 制 取 _ step 380 ~ steps 395, it is for the age of the paper size of the control unit. 525096 A7 V. Description of the invention The above-mentioned identity index data and biometric value data are submitted to the electronic signature sheet 2 m and the encryption unit 115 is used for electronic signature and Encrypt action to send the shell, bucket and electronic signature to the control flow of the application module 12 early. Therefore, through these control flow steps, the identity index data and biometric values can be inputted, electronically signed, encrypted and returned. As shown in FIG. 5, the system block diagram of the embodiment of the biometric data transmission relay element 22 in the present invention is shown. The biometric data transmission relay element 22 includes a control unit 221, The first transmission and reception unit 222, the monitoring port 223, the second transmission and reception unit 224, the post-solution unit 225, and the electronic signature verification unit 226, the first transmission and reception order το 222 is responsible for using a program model from the middle end In the group 2ι, the encrypted biometric material and electronic signature are transmitted to the balanced load server in the balanced load server group 31 through the control unit ⑵ and the second transmission and receiving order το 224. and 'via the balanced load server The encrypted verification result data and electronic signature are transmitted to the control unit 221 through the second transmitting and receiving unit, and the control unit 221 throws the verification result into the decryption unit 225 and the electronic signature verification list ^ 226 for decryption and After checking the electronic signature, the parent also controls the ticket 221, and the control unit 221 passes the verification result data of decryption and verification of the electronic signature through the first transmitting and receiving unit 222 It is returned to the middle-end application module 21, and regarding the data transmission and reception control between the first transmitting and receiving unit 222 and the middle-end application module 21, the monitoring port 223 provides monitoring information to the control unit 221 In order to enable the control unit 221 to further coordinate the data connection and transmission actions between the first transmitting and receiving unit 222 and the middle-end application module 21. _ ________ 15 'The paper size is applicable to China National Standard (CNS) A4 (210X297 mm) " y-7: v; / ^: r'v * ::-.' Zr;-:-imn ' T-ia, v'r? V < ¥:
經濟部智慧財產局員工消費合作社印製 525096 A7 B7 五、發明説明() 請再參閱第六圖所示,為對應上述第五圖所示,本發 明中的生物辨識資料傳送中繼元件22之系統控制流程圖, 其中,該詳細的動作步驟則被顯示在步驟4丨〇〜45〇中, 步驟410、步驟415及步驟42〇則顯示中間端應用程式模 、、且21經第一傳送及接收單元222、控制單元221、第二傳 迈及接收單元224傳送待驗證之生物辨識資料及電子簽章 至平衡負載伺服器的流程;而步,驟425〜㈣45〇則顯示 :衡負載伺服H將生物特徵驗證結果及電子❹經第二傳 =接收單it 224接收後’由控制單元221交由解密單元 後,^電子簽Ϊ核對單^ 226予以解密及核對電子簽章 至中門::制早凡221交由第一傳送及接收單元222傳送 間端應用程式模組21的流程。 衡配合#圖所示,為本發明紐系統刚中之平 :負載伺服器31,的實施例之 = 服益,係包括有―控制 料衡負載伺 312、生物辨識分配服務單元31; 1 傳送及接收單元 载清單存取單元31 °生物特徵辨識伺服器負 經濟部智慧財產局員工消費合作社印製 播口。- 弟二傳送及接收單元川,^命 播早π M6、第—監聽埠 接收早7" 315、接收廣 第—傳送及接收單元312 監聽棒318,其中, 傳送中介元件22間的斗蚀貝控制單元川與辨識資料 工作則由第_監聽埠317來运及接收’其間之通訊協調 元化,則負責與生物特徵辨識該第二傳送及接收單 及接收,且其控制動作則由5 5服斋組32間的資料傳送 清單存取單元314、接收廣辨識服務單元3U、負載 。朵尺度適用中國國及第二監聽埠318 〇 X 297公赛 A7 B7 五、發明説明 來負責協調,而复古斗、 ,、万式為採取負載平衡之模式進行,其詳 細的步驟則在以下今+ ^ 隹以下文中及第八圖令有詳細之敘述。 月再 > 閱第八圖所示,為對應上述第七圖所示本發明 之平衡負載伺服哭 V- 一 时31的控制流程圖,其詳細步驟則被顯 不在步驟51〇〜59n & ^ 叫中,其中,步驟510〜530則顯示自生 物辨識資料傳送中_ _ ^ 、中繼几件22中取得待辨識的生物辨識資 料及電子答壹·二i ’而步驟54〇則是由生物辨識服務單元313 同的生物辨識方法予以給予服務代碼,而在步驟550 〜557 、 560〜567 、 : 570〜577及580〜587等步驟則針對四 忾的生物特徵辨識方法A、B、c及D及各個生物特 徵辨識伺服g # Uh、 貝戰狀況,予以作生物辨識資料及電子簽章 =至生物特徵辨識飼服器組32中各對應負載較低的生 =徵辨識伺服器321、321,及322、323、324與奶,, 1刀別執仃其生物特徵辨識,如針對指紋、聲紋、掌紋、 二:或臉面等生物特徵辨識方式,以及,接收生物特徵 =:服器組32傳出的加密認證結果及電子簽章,而步 經濟部智慧財產局員工消費合作社印製 。+,則是由生物特徵辨識伺服器組的加密認證結果及 章㈣—傳送及接收單元312傳回至生物辨 傳达中繼元件22之流程。 服哭f再配合第九®所示,為本發”之生物特徵辨識伺 态、、且4的各生物特徵辨識伺服器321、321,、322、、 324及325,實施例之系統方塊圖,其中,係以生物 =::321來力,說明,該各生物特徵辨識飼服器 匕括一控制單元33、傳送及接收單元331、負载數存 ㉛尺度適用中J祕)——~~ - 525096 五、發明説明 '\ν:,:η:?ν:·^--:ί{-τ..1^\--Η\ΓΙ.場々 r-r、·!' 取單元332解搶單元333、電子簽章核對單元说、資料 存取單元335,、加密單元333,、電子簽章單元334,、辨 識比=單元336、結果產生單元337、監聽璋㈣及對外 廣播單το 339該傳送及接收單^ 331係負責與平衡負載 伺服器31間的貝料傳送及接收,並由監聽蜂别及對外 f播單元339加以協調之,而該負載存取單元332、解密 單元 電子簽早核對單元334貝U是將平衡負載词服器 3Γ送來待辨識之生物辨識資料及電子❹予以解密及核 對电子簽早後丢回控制單元33,再由控制單元Μ配合資 料存取單元335,自資料庫働中取出已預先建立的使用者 1紋資料:並藉由辨識比對單^ 336加以比對辨識,並由 單元337產生遂證結果,並由加密單元Μ],及電 子簽章單元334,將其認證結果加密並製作電子簽章後,由 傳送及接收單元331傳回平衡負载词服器Η,,由平衡負 載伺服器31,再傳回中間端設備2〇中。 口月再參閱第十圖所不’為對應第九圖所示的生物特徵 辨識伺服器32!之控制流程圖,其詳細的步驟皆顯示於步 經濟部智慧財產局員工消費合作社印製 一 V驟690中’其中’該步驟600〜步驟615則顯 示待辨識之資料自平衡負載飼服器31,傳送至生物特徵辨 識伺服器321内之流程,而步驟62〇〜步驟665,則是針 對該待辨識之生物辨識資料予以解密、核對電子簽章及自 資^庫400取出已建檑之資料加以比對驗證產生結果或將 首人輸入之生物辨識資料予以註冊並於資料庫4⑼中建檔 之流程;而步驟67G〜步驟=則分卿示對生物特徵^ 私纸浪尺中^準(CNS ) M規格(2丨〇>< 297公釐了 *~*----— 525096 A7 B7 五 發明説明( 識認證結果或註冊結果予以加密、製作電子簽章及回傳至 平衡負載伺服器31’中的流程。 :再配α第十-圖及第十二圖所示,則揭示本發明的 認證系統100中的平衡負載伺服器31,對生物特徵辨識伺 服器321的連結及傳輸結構的實施例流程圖,其中,係以 兩組平衡負载伺服器31,及四組(兩對)生物特徵辨識伺服 器321及321,為例子來列舉說明,該平衡負載之效果及作 用’其中’在第十—圖中的步驟700〜步驟755間,則顯 示了兩個平衡負載伺服器31,間與生物特徵辨識飼服器奶 及32i間的連結動作;而第十二圖中的步驟嶋〜步驟謂 及〜步驟97。間’則顯示兩對生物特徵辨識服器 ’以不同的生物特徵辨識方法Α及Β配合上述 兩平衡負載伺服器31,進行平衡負載辨識之作法好 可使待辨識生物辨識資料直接獲得快逮之辨識: 式則可使生物辨識資料在進行生物特徵辨識時,可不 人同時連線使用之影響,且可有效解決辨識時間的 大量資料等待傳送之問題。 / 經 濟 部 智 慧 財 產 X 消 費 入 社 印 製 本發明之發明精神,係在於以最為簡捷 式,以利用生物特徵在遠端認證身份模式,搭配以 載㈣料傳輸及比對方式,可使生物特徵辨識之過 果之貝料絕不會被擷取、冒名替用或 速認證之效果,以及可結合如磁碟、鍵盤、持快 u » 边卡、智攀士、 磁卡…專等型態輸入的外加身份索引資料 ^ & 果^確有效’ 叫產㈣關值之高 本尺度適用中國國2ΐ〇χ 297公变) A7 525096 B7 五、發明説明() 度創作。 上述第一圖〜第十二圖所示本發明之利用生物特徵在 遠端認證身份系統,其中所揭示之說明及圖式,係為便於 闡明本發明之技術内容及技術手段,所揭示較佳實施例之 一隅,並不因而拘限其範疇。並且,舉凡一切針對本發明 之結構細部修飾、變更,或者是元件之等效替代、置換, 當不脫離本發明之發明精神及範疇,其範圍將由以下之申 請專利範圍來界定之。 經濟部智慧財產局員工消費合作社印製 20 本纸張尺度適用中國國家標準(CNS ) A4規格(210X 297公釐)Printed by the Intellectual Property Bureau of the Ministry of Economic Affairs's Consumer Cooperatives 525096 A7 B7 V. Description of the invention () Please refer to the sixth figure, which corresponds to the fifth figure, the biometric data transmission relay element 22 in the present invention The system control flowchart, where the detailed action steps are displayed in steps 4 丨 ~ 45〇, steps 410, 415, and 42 are displayed in the middle-end application mode, and 21 is transmitted through the first and The receiving unit 222, the control unit 221, the second transmission step and the receiving unit 224 transmit the biometric data to be verified and the electronic signature to the load balancing server; and steps 425 to 〇45 are displayed: the load balancing servo H Pass the biometric verification result and the electronic pass through the second pass = after receiving it 224. After receiving it from the control unit 221 to the decryption unit, ^ electronic signature checklist ^ 226 to decrypt and verify the electronic signature to the central door :: The process of making Zaofan 221 to the first transmitting and receiving unit 222 for transmitting the application module 21 at the end.量 配 # As shown in the figure, this is the embodiment of the new system of the present invention: the load server 31, an embodiment of = service benefit, which includes ―control load balance load server 312, biometric distribution service unit 31; 1 transmission And receiving unit load list access unit 31 ° biometric identification server negative consumer goods cooperatives printed by the Ministry of Economic Affairs Intellectual Property Bureau. -The second transmission and reception unit, Chuan Mingming, M6, No.1-Listening port receiving as early as 7 " 315, Receiving wide-transmission and receiving unit 312, monitoring rod 318, of which, the transmission mediation element 22 bucket erosion shell The control unit and the identification data work are carried and received by the _ listening port 317, and the communication coordination between them is responsible for identifying the second transmission and receiving order and receiving with the biometrics, and the control action is controlled by 5 5 The data transfer list access unit 314, the receiving wide identification service unit 3U, and the load among the 32 service groups. The scale is applicable to China and the second monitoring port 318 OX 297 public race A7 B7 V. The description of the invention is responsible for coordination, and the retro bucket,, and Wan style are carried out in a load balancing mode. The detailed steps are as follows + ^ 隹 This is described in more detail below and in Figure 8. Monthly Re-> As shown in the eighth figure, it is a control flowchart corresponding to the balanced load servo cry V- 1:00 31 of the present invention shown in the seventh figure, and the detailed steps are not shown in steps 51-59n & ^ Calling, among which, steps 510 ~ 530 show that the biometric data to be identified and the electronic answer one or two are obtained from the biometric data transmission _ _ ^, the relay pieces 22 and step 54. The identification service unit 313 gives a service code to the same biometric identification method, and in steps 550 to 557, 560 to 567, 570 to 577, and 580 to 587, the biometric identification methods A, B, c, and D and each biometric identification server g # Uh, and the state of the battle, biometric data and electronic signatures are used = to the biometric identification server group 32 corresponding to the lower load of health = sign identification servers 321, 321 , And 322, 323, 324 and milk, one knife does not insist on its biometric identification, such as fingerprint, voiceprint, palm print, two: or facial and other biometric identification methods, and receiving biological characteristics =: server group 32 outgoing encrypted authentication results Electronic signature, while step Ministry of Economic Affairs Intellectual Property Office employees consumer cooperatives printed. + Is the process of the encrypted authentication result from the biometric identification server group and Chapter ㈣—the transmitting and receiving unit 312 returns to the biometric transmitting relay element 22. The service cry f cooperates with the biometric identification server shown in the ninth ®, and each of the biometric identification servers 321, 321, 322, 324, and 325 of the present invention, the system block diagram of the embodiment Among them, it is based on biological = :: 321 to explain that the biometric identification feeding device includes a control unit 33, a transmitting and receiving unit 331, and the load number storage standard is applicable.) -525096 V. Description of the invention '\ ν:,: η:? Ν: · ^-: ί {-τ..1 ^ \-Η \ ΓΙ. FIELD々rr, ·!' 333, electronic signature verification unit, data access unit 335, encryption unit 333, electronic signature unit 334, identification ratio = unit 336, result generation unit 337, monitoring unit, and external broadcast order το 339 the transmission The receiving and receiving order ^ 331 is responsible for the transmission and reception of the shell material with the balanced load server 31, and is coordinated by the monitoring beekeeper and the external broadcast unit 339, and the load access unit 332 and the decryption unit are electronically checked early. The unit 334 sends the biometric data and the electronic data to be identified by the balanced load server 3Γ for decryption and verification. It was thrown back to the control unit 33 later, and the control unit M cooperated with the data access unit 335 to retrieve the pre-established user profile data from the database 働: and compared and identified by the identification comparison list ^ 336, The authentication result is generated by the unit 337, and the encryption unit M] and the electronic signature unit 334 encrypt the authentication result and make an electronic signature, and then the transmission and reception unit 331 returns the balanced load server Η, , From the balanced load server 31, and then returned to the middle-end device 20. Orientation Refer to the tenth figure again, which is a control flowchart corresponding to the biometric identification server 32! Shown in the ninth figure, and its details The steps are displayed in the step V690 printed by the Consumer Cooperative of the Intellectual Property Bureau of the Ministry of Economic Affairs. Among which, steps 600 to 615 show the data to be identified. Self-balanced load feeder 31 is transmitted to the biometric identification server. The process in the device 321, and steps 62 to 665 are to decrypt the biometric data to be identified, check the electronic signature, and take out the established data from the self-funded library 400 for comparison and verification to produce a result or The biometric data entered by the first person is registered and filed in the database 4⑼; and steps 67G ~ step = then the biometric characteristics are displayed ^ Private Paper Wave Ruler Medium (CNS) M Specification (2 丨 〇 > < 297 mm * ~ * ----— 525096 A7 B7 Five invention instructions (the process of identifying the authentication result or registration result, encrypting it, making an electronic signature, and returning it to the load balancing server 31 '. : If it is further equipped with α as shown in the tenth and twelfth figures, the embodiment flowchart of the connection and transmission structure of the balanced load server 31 and the biometric identification server 321 in the authentication system 100 of the present invention is disclosed. Among them, two sets of balanced load servers 31 and four sets (two pairs) of biometric identification servers 321 and 321 are used as examples to illustrate the effect and effect of the balanced load 'wherein' is in the tenth figure. Steps 700 to 755 show the linking action between the two balanced load servers 31, and the biometric identification feeder milk and 32i; and steps 嶋 ~ steps and steps in the twelfth figure 97. Between the two pairs of biometric identification servers, using different biometric identification methods A and B in conjunction with the above two balanced load servers 31 to perform a balanced load identification method so that the biometric data to be identified can be obtained quickly. Recognition: This mode can make the biometric data not affected by simultaneous connection when performing biometric identification, and can effectively solve the problem of waiting for transmission of a large amount of data during recognition time. / Intellectual property of the Ministry of Economic Affairs X printed the invention spirit of the invention, which is based on the most simple and convenient way to use biometrics to remotely authenticate the identity mode, combined with the transmission and comparison of data to enable biometric identification. The fruit of the fruit will never be captured, impostored, or quick authenticated, and it can be combined with special types of input such as disks, keyboards, fast cards »edge cards, smart climbers, magnetic cards ... Plus the identity index data ^ & fruit ^ really effective 'is called the high value of the production threshold. This standard applies to China ’s 2ΐ〇χ 297 public variable) A7 525096 B7 V. Description of the invention () Degree of creation. The first to twelfth figures above show the invention utilizes biological features to remotely authenticate the identity system of the present invention. The descriptions and drawings disclosed therein are for the convenience of clarifying the technical content and technical means of the present invention. One of the embodiments does not limit its scope. In addition, all modifications, changes, or equivalent substitutions and replacements of the structural details of the present invention without departing from the spirit and scope of the present invention will be defined by the scope of the following patent applications. Printed by the Consumer Cooperatives of the Intellectual Property Bureau of the Ministry of Economic Affairs 20 The paper size is applicable to the Chinese National Standard (CNS) A4 (210X 297 mm)