CN100576797C - Network identity validation method based on fingerprint - Google Patents
Network identity validation method based on fingerprint Download PDFInfo
- Publication number
- CN100576797C CN100576797C CN200710163458A CN200710163458A CN100576797C CN 100576797 C CN100576797 C CN 100576797C CN 200710163458 A CN200710163458 A CN 200710163458A CN 200710163458 A CN200710163458 A CN 200710163458A CN 100576797 C CN100576797 C CN 100576797C
- Authority
- CN
- China
- Prior art keywords
- network identifier
- fingerprint
- user
- web server
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
- Collating Specific Patterns (AREA)
Abstract
Current, the network identity validation mode is mainly in " ID+ password " mode, although it is simple and convenient that this mode is set up, increasing network safety event proves the verification mode of " ID+ password ", is difficult to guarantee the accuracy and the fail safe of authentication.The invention provides the method for a kind of internet authentication, with the main means of fingerprint authentication, take simultaneously web server and client are carried out the bidirectional identification checking, fingerprint character code is limited timeliness, generates cookie with the reliability of these measures of sign user identity with the realization checking as authentication.
Description
Technical field
The present invention relates to a kind of method of network identity validation, particularly a kind of network identity validation method based on fingerprint.
Background technology
Current, the network identity validation mode is mainly in " ID+ password " mode, although it is simple and convenient that this mode is set up, increasing network safety event proves the verification mode of " ID+ password ", is difficult to guarantee the accuracy and the fail safe of authentication." ID+ password " mode is subjected to hacking techniques such as a large amount of wooden horses, virus, fishing network and threatens at present, be easy to be stolen and any at any time state under be used, can't effectively ensure the accuracy and the fail safe of authentication.
Summary of the invention
The object of the present invention is to provide a kind of method of the network identity validation based on fingerprint, described method is taked web server and client are carried out the bidirectional identification checking, fingerprint character code is limited timeliness, generates cookie with the reliability of these measures of sign user identity with the realization checking with the main means of fingerprint recognition as authentication simultaneously.
For realizing the object of the invention, the invention provides a kind of the Internet fingerprint verification system and method, may further comprise the steps:
Step 1: the web server end is received the user that client sends and is landed request, and generated query request network identifier a also deposits database in and puts on record
Step 2: the network identifier a that in client downloads website ID, verification step one, generates
Step 3: at the client scan fingerprint character code, encrypt and obtain user ID with network identifier a
Step 4: client sends website ID, user ID, fingerprint character code, network identifier a to the fingerprint authentication server
Step 5: fingerprint authentication server comparison fingerprint characteristic code data, if failure then return step 3
Step 6: if be proved to be successful, the fingerprint authentication server generates the checking result, network identifier b deposits database side by side in website ID, user ID, network identifier a and puts on record
Step 7: the fingerprint authentication server sends user ID, network identifier b to client
Step 8: client receives data and transmits user ID, network identifier b to the web server end
Step 9: the web server end deposits user ID, network identifier b in database and network identifier a puts on record side by side
Step 10: the network identifier b that the web server end sends website ID, user ID and obtains to the fingerprint authentication server
Step 11: the fingerprint authentication server goes out network identifier a by website ID, user ID, network identifier b data base querying
Step 12: the fingerprint authentication server sends network identifier a to the Web server end
Step 13: the network identifier a that prestores in network identifier a that web server end contrast fingerprint authentication server sends and the database
Step 14: the contrast unanimity then is successfully, generates to land the professional page of cookie redirect.
Preferred embodiment provided by the invention is that described website ID, user ID are the querying condition in the comparison process.
Preferred embodiment provided by the invention is for after client scan obtains fingerprint character code, with timestamp to the fingerprint characteristic code encryption.
Preferred embodiment provided by the invention is that the web server end writes request cookie with generated query request network identifier a in the step 1.Whether behind the network identifier a that web server end reception fingerprint authentication server end sends, it is consistent with the request cookie in the step 1 to inquire about this request cookie.
Preferred embodiment provided by the invention is that described network identifier comprises the identifier (GUID) that the whole world is unified.
In this programme, web server end, client adopt the https mode to be connected the legitimacy that guarantees data transmission security and communicating pair with the interactive communication process of fingerprint authentication server; And see through the mutual contrast verification process of network identifier a, network identifier b, and realized the bidirectional identification checking of web server end and client, eliminated the potential safety hazard of cheating client, web server end; Obtain fingerprint character code and incorporate the timestamp encryption technology by special algorithm behind the scanning user fingerprints image, make condition code disposable at short notice effectively, it is then invalid to verify, and also can't verify once more even be stolen; Generate cookie with the sign user identity, if like this at the synchronization of user rs authentication, the hacker takes fingerprint, but the hacker holds computer not have cookie, and then authentication is also invalid.
Description of drawings
Below with reference to the accompanying drawings, the preferred embodiments of the present invention are at length set forth.
Fig. 1 is the schematic diagram that is used to realize the example computer system of the embodiment of the invention.
Fig. 2 is the flow chart of a kind of the Internet fingerprint authentication method among the present invention.
Embodiment
With reference to figure 1, a kind of network fingerprinting verification method disclosed by the invention is based on following hardware foundation: client, fingerprint authentication server, web server.Wherein the fingerprint authentication server is the third party who is independent of client and web server; Client is equipped with the finger scan device, and topmost function is to sweep fingerprint, generate fingerprint character code, fingerprint character code is encrypted and notified the web server initiatively to obtain the result to the fingerprint authentication server.
With reference to figure 2, it discloses the program step for a kind of network fingerprinting verification method of finishing main purpose of the present invention.
The flow chart indication of Fig. 2 is in step 1, and the web server end is received the user and landed request, and generated query request network identifier a writes request cookie and deposits network identifier a in database.In this step, query requests network identifier a is used for proving the web server identity at next step to client that generating cookie is for checking user profile source in subsequent step.Network identifier can be the unified identifier (GUID) in the whole world in the present embodiment.
Step 2: the request network identifier a that in client downloads website ID, verification step one, generates.Website ID gives unique identify label to variant web server, and among the present invention, client can communicate with a plurality of websites, so should download the ID of respective site to determine the client-requested object before checking request network identifier a.
Step 3: the client scan fingerprint character code, with network identifier a to the fingerprint characteristic code encryption and obtain user ID.After client obtains fingerprint character code, can be further with timestamp to the fingerprint characteristic code encryption, this makes fingerprint character code only once effective in the specific short time, it is then invalid to verify, and also can't verify once more even data are stolen.
Step 4: client sends website ID, user ID, fingerprint character code, request network identifier a to the fingerprint authentication server.Among the present invention, the fingerprint authentication server is the third party who is independent of client and web server, this is based on communicating by letter of carrying out between user and the multi-site, adopt this scheme, if a tame web server site is cracked, can not threaten yet, prevent the malicious attack between web server site rival simultaneously yet other web server sites.
Step 5: fingerprint authentication server authentication fingerprint characteristic code data, if the failure would return step 3, carry out finger scan again.The website ID, the user ID that receive during previous step is rapid are the querying condition in the proof procedure in this step.
Step 6: if be proved to be successful, fingerprint authentication server generated query network identifier b returns the checking result and deposits database side by side in website ID, user ID, network identifier a.Network identifier b is used for to web server proof fingerprint authentication server identity.
Step 7: the fingerprint authentication server sends user ID, network identifier b to client
Step 8: client receives data, and transmits user ID, network identifier b to the web server end
Step 9: the Web server end deposits user ID, network identifier b in database and network identifier a puts on record side by side
Step 10: the network identifier b that the Web server end sends website ID, user ID and obtains to the fingerprint authentication server
Step 11: the fingerprint authentication server goes out network identifier a by website ID, user ID, network identifier b data base querying.Described network identifier a generates in step 1, is sent via client arrival authentication server end by the web server, and deposits database in step 6 in by the authentication server end.
Step 12: the fingerprint authentication server returns network identifier a to the web server end
Whether the web server end receives network identifier query requests cookie consistent with the request cookie in the step 1, if unanimity then enters step 13, network identifier a in network identifier a that contrast receives and the database destroys request cookie after comparison is finished.
Step 14: the contrast unanimity then is successfully, generates to land the professional page of cookie redirect.
Adopt above scheme, realized the bidirectional identification checking of web server end and client, to guarantee the corresponding one by one of checking flow process, promptly the fingerprint authentication server is guaranteed it is the request that inquiry is initiated by the web server, the web server is guaranteed it is the result that the fingerprint authentication server returns, eliminated the potential safety hazard of cheating client, web server end; Obtain fingerprint character code and incorporate the timestamp encryption technology by special algorithm after the scanning user fingerprint image, make condition code disposable at short notice effectively, it is then invalid to verify, and also can't verify once more even be stolen; Generate cookie with the sign user identity, if like this at the synchronization of user rs authentication, the hacker takes fingerprint, but the hacker holds computer not have cookie, and then authentication is also invalid.
Preferred embodiment of the present invention is with reference to annexed drawings set forth, can make amendment, be out of shape according to it after those of ordinary skills read or be equal to replacement, and similar various variations or remodeling can not break away from the desired protection range of claim of the present invention.
Claims (5)
1, a kind of network identity validation method based on fingerprint, described method is based on the hardware foundation that has client, fingerprint authentication server, web server end three parts, it is characterized in that, and described method comprises following steps:
Step 1: the web server end is received the user that client sends and is landed request, and the network identifier a of generated query request also deposits database in and puts on record;
Step 2: the network identifier a that generates in client downloads website ID, the verification step one;
Step 3: the client scan fingerprint character code, with network identifier a to the fingerprint characteristic code encryption and obtain user ID;
Step 4: client sends website ID, user ID, fingerprint character code and network identifier a to the fingerprint authentication server;
Step 5: fingerprint authentication server authentication fingerprint character code, if the failure would return step 3;
Step 6: if be proved to be successful, the fingerprint authentication server generates the checking result, network identifier b deposits database side by side in website ID, user ID and network identifier a and puts on record;
Step 7: the fingerprint authentication server sends user ID and network identifier b to client;
Step 8: client receives data and transmits user ID and network identifier b to the web server end;
Step 9: the web server end is with user ID and network identifier b deposits database in and network identifier a puts on record side by side;
Step 10: the network identifier b that the web server end sends website ID, user ID and obtains to the fingerprint authentication server;
Step 11: the fingerprint authentication server goes out network identifier a by website ID, user ID and network identifier b from data base querying;
Step 12: the fingerprint authentication server sends network identifier a to the web server end;
Step 13: the network identifier a that prestores in network identifier a that web server end contrast fingerprint authentication server sends and the database;
Step 14: the contrast unanimity then is successfully, jumps to the professional page.
2, the network identity validation method based on fingerprint according to claim 1 is characterized in that, described website ID and user ID are the querying condition in the proof procedure.
3, the network identity validation method based on fingerprint according to claim 1 is characterized in that, after client scan obtains fingerprint character code, with timestamp to the fingerprint characteristic code encryption.
4, the network identity validation method based on fingerprint according to claim 1 is characterized in that, the web server end writes request cookie with the network identifier a of the query requests of generation in the step 1.
5, the network identity validation method based on fingerprint according to claim 1 is characterized in that, described network identifier a and network identifier b comprise the identifier (GUID) that the whole world is unified.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200710163458A CN100576797C (en) | 2007-10-25 | 2007-10-25 | Network identity validation method based on fingerprint |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN200710163458A CN100576797C (en) | 2007-10-25 | 2007-10-25 | Network identity validation method based on fingerprint |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101150407A CN101150407A (en) | 2008-03-26 |
CN100576797C true CN100576797C (en) | 2009-12-30 |
Family
ID=39250761
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN200710163458A Expired - Fee Related CN100576797C (en) | 2007-10-25 | 2007-10-25 | Network identity validation method based on fingerprint |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN100576797C (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10778680B2 (en) | 2013-08-02 | 2020-09-15 | Alibaba Group Holding Limited | Method and apparatus for accessing website |
Families Citing this family (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101388777B (en) * | 2008-10-16 | 2013-01-16 | 中兴通讯股份有限公司 | Third party authentication method and system for cross-system access in communication system |
CN101741561B (en) * | 2008-11-17 | 2012-06-06 | 联想(北京)有限公司 | Method and system for authenticating two-way hardware |
CN101872436A (en) * | 2009-04-22 | 2010-10-27 | 上海幻维数码创意科技有限公司 | Multi-user synchronous fingerprint authentication method |
CN102769623B (en) * | 2012-07-24 | 2014-03-05 | 北京华财理账顾问有限公司 | Two-factor authentication method based on digital certificate and biological identification information |
CN102833235B (en) * | 2012-08-13 | 2016-04-27 | 鹤山世达光电科技有限公司 | Identity card management device |
CN103414562B (en) * | 2013-08-02 | 2017-07-11 | 广州市动景计算机科技有限公司 | User authority control method and device based on URL fingerprint techniques |
CN104780170A (en) * | 2015-04-16 | 2015-07-15 | 宁波保税区攀峒信息科技有限公司 | Security verification method and device |
CN105550879A (en) * | 2015-07-01 | 2016-05-04 | 南京酷派软件技术有限公司 | Encryption method and apparatus |
KR101792862B1 (en) * | 2015-12-23 | 2017-11-20 | 주식회사 케이티 | Authentication apparatus based on biometric information, control server, and login method based on biometric information thereof |
CN107239683B (en) * | 2016-03-29 | 2020-09-25 | 华为技术有限公司 | Identity verification method, device and system based on fingerprint identification |
CN107463851B (en) * | 2016-06-02 | 2020-11-27 | 阿里巴巴(中国)有限公司 | Page verification method, device and system |
CN107454086B (en) * | 2017-08-11 | 2019-11-08 | 杭州邦睿科技有限公司 | A kind of automatic processing method for verifying gateway |
CN110213232B (en) * | 2019-04-26 | 2020-01-31 | 特斯联(北京)科技有限公司 | fingerprint feature and key double verification method and device |
CN110262365A (en) * | 2019-07-19 | 2019-09-20 | 苏州天一信德环保科技有限公司 | The basic model total quantity monitoring instrument of device with fingerprint |
-
2007
- 2007-10-25 CN CN200710163458A patent/CN100576797C/en not_active Expired - Fee Related
Non-Patent Citations (2)
Title |
---|
基于指纹识别的网络身份认证系统. 吴教育,曾东海.计算机技术与发展,第17卷第1期. 2007 |
基于指纹识别的网络身份认证系统. 吴教育,曾东海.计算机技术与发展,第17卷第1期. 2007 * |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10778680B2 (en) | 2013-08-02 | 2020-09-15 | Alibaba Group Holding Limited | Method and apparatus for accessing website |
US11128621B2 (en) | 2013-08-02 | 2021-09-21 | Alibaba Group Holdings Limited | Method and apparatus for accessing website |
Also Published As
Publication number | Publication date |
---|---|
CN101150407A (en) | 2008-03-26 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN100576797C (en) | Network identity validation method based on fingerprint | |
CN106330850B (en) | Security verification method based on biological characteristics, client and server | |
KR102193644B1 (en) | Facility verification method and device | |
CN106341429B (en) | A kind of authentication method for protecting server data safety | |
CN108880822B (en) | Identity authentication method, device and system and intelligent wireless equipment | |
Huang et al. | A generic framework for three-factor authentication: Preserving security and privacy in distributed systems | |
CN105187431B (en) | Login method, server, client and the communication system of third-party application | |
US9736150B2 (en) | Authentication system and method | |
US11356442B2 (en) | Wearable device-based identity authentication method and system | |
CN109583181A (en) | A kind of authentication method, device and machine readable storage medium | |
CN107809438A (en) | A kind of network authentication method, system and its user agent device used | |
CN101174953A (en) | Identity authentication method based on S/Key system | |
CN104283886A (en) | Web safety access implementation method based on intelligent terminal local authentication | |
CN103024706A (en) | Short message based device and short message based method for bidirectional multiple-factor dynamic identity authentication | |
JP2001344212A (en) | Method for limiting application of computer file by biometrics information, method for logging in to computer system, and recording medium | |
CN110995661B (en) | Network card platform | |
CN104618356A (en) | Identity verification method and device | |
CN104579681A (en) | Identity authentication system for mutual-trust application systems | |
CN105681350B (en) | One kind is based on the similar zero interaction two-factor authentication system and method for environment | |
CN110855664A (en) | Network certificate system | |
JP7079528B2 (en) | Service provision system and service provision method | |
CN109729045B (en) | Single sign-on method, system, server and storage medium | |
KR100750214B1 (en) | Log-in Method Using Certificate | |
JP6887551B1 (en) | Authentication system, authentication system control method and authentication device | |
Ahmad et al. | Trusted Computing based open environment user authentication model |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C56 | Change in the name or address of the patentee | ||
CP03 | Change of name, title or address |
Address after: No. two, 21-2 weft Road, Liaoning, Shenyang 1-501 Patentee after: Wang Song Address before: No. two, 21-2 weft Road, Jilin, Shenyang 1-501 Patentee before: Wang Song |
|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C17 | Cessation of patent right | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20091230 Termination date: 20121025 |