CN1322703C - Self-determined authentication card with multiplayer ciphers, system, method and authentication telephone set - Google Patents

Self-determined authentication card with multiplayer ciphers, system, method and authentication telephone set Download PDF

Info

Publication number
CN1322703C
CN1322703C CNB2005100426683A CN200510042668A CN1322703C CN 1322703 C CN1322703 C CN 1322703C CN B2005100426683 A CNB2005100426683 A CN B2005100426683A CN 200510042668 A CN200510042668 A CN 200510042668A CN 1322703 C CN1322703 C CN 1322703C
Authority
CN
China
Prior art keywords
authentication
card
network
certificate server
biological characteristic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2005100426683A
Other languages
Chinese (zh)
Other versions
CN1696966A (en
Inventor
刘小鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CNB2005100426683A priority Critical patent/CN1322703C/en
Publication of CN1696966A publication Critical patent/CN1696966A/en
Priority to PCT/CN2006/000951 priority patent/WO2006122484A1/en
Application granted granted Critical
Publication of CN1322703C publication Critical patent/CN1322703C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K7/00Methods or arrangements for sensing record carriers, e.g. for reading patterns
    • G06K7/10Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation
    • G06K7/10544Methods or arrangements for sensing record carriers, e.g. for reading patterns by electromagnetic radiation, e.g. optical sensing; by corpuscular radiation by scanning of the records by radiation in the optical part of the electromagnetic spectrum
    • G06K7/10554Moving beam scanning
    • G06K7/10594Beam path
    • G06K7/10683Arrangement of fixed elements

Abstract

The present invention relates to a biologic self-determined authentication card with multilayer ciphers, a system, a method and an authentication telephone thereof, which is characterized in that an authentication party inputts an identity cipher and acquires biological characters via the portable authentication card or a device on the authentication telephone; the identity cipher and the biological characters which are acquired are compared with an identity cipher and biological characters which are stored in the card and the telephone in advance; if the test is passed, a new identity cipher key is generated in the card and telephone; simultaneously, identity information and application information are sent to an authentication server of a third party via the card, the device on the telephone and a network; the obtained identity information is compared with identity information which is stored in advance and a new generated identity cipher key via the authentication server; the authentication is carried out again; after the test is passed, the application information is sent to an application server via the network; the application server performs application treatment and leads application treatment results to be returned to the authentication server; the application results and set identity information are sent to an authentication device via the authentication server; the authentication party obtains the identity information and the application results, and leads the identity information and the application results to be returned to the authentication server; the results are returned to the card and the telephone via the authentication server.

Description

Multilayer password biology is from master authentication card and system, method and authentication telephone set
Technical field
The present invention relates to a kind of multilayer password biology from master authentication card and system, method and authentication telephone set, belong to field of identity authentication, be applicable to network system construction merchant and Internet Service Provider, on its network, build and provide independently identity authentication function of multilayer password biology; Also be applicable to card and telephone set, mobile-phone manufacturers, to produce multilayer password biology from master authentication card and authentication telephone set; Be specially adapted to mobile radio network construction, service provider and mobile-phone manufacturers, build and provide biological autonomous Verification System of multilayer password and function on its mobile radio network, manufacturing can be carried out authentication card and the authentication mobile phone of multilayer password biology from master authentication.
Background technology
Along with the development of electronic technology, network and social diversification, authentication is more and more general.Particularly carry out authentication by electronic installation and network because convenient, fast, greatly the aspect people's life, become the option of following social life.
Present field of identity authentication, identity authorization system and the method standard that neither one is unified, that be fit to all application, but according to the needs of using, set up identity authorization system voluntarily, its identification authentication mode is varied: by the identity information of authenticating parties such as storage password on an ID card, as bank card, read identity informations such as password on the card by the reader device of authentication and compare with the data in its identity database and confirm identity; Need not block in addition, the use biological characteristic, as the patent 99110825.6 of having authorized identity identifying method based on iris recognition, disclosed patent 200310118507.9 is confirmed system in conjunction with the speaker ' s identity of semantic and voiceprint, all need on the physical characteristics collecting device of authentication, gather biological characteristic, compare with the biological characteristic of storing in advance in the authentication identity database and confirm identity; Also have card and biological characteristic to combine, utilize the system of fingerprint recognition personal identification as the patent 98125160.9 of having authorized, with information stores such as biological characteristic the card on, read biological characteristic and information on the card by the reader device of authentication during authentication, collect biological characteristic by the physical characteristics collecting device, the biological characteristic on the card is compared with biological characteristic that collects and the information in the database confirmed identity.All there are following deficiency in these identity authorization systems and method: the identity information of authenticating party and biological characteristic are to be stored in the database of authentication, make some personally identifiable informations, comprise the danger that disclosed identity information exists the side of being verified to leak of being reluctant of some privacies (as identification cipher, biological characteristic etc.); During authentication, all need read identity information on the reader device of authentication and physical characteristics collecting device, gather biological characteristic, not have the aforementioned means of authentication just can not carry out authentication, be passive authentication; The identification authentication data storehouse spreads all over all trades and professions, the authentication people needs a kind of service, just need to store identity information one time, or obtain an ID card, understand the ID card that people of appearance holds tens up to a hundred identity information basically identicals simultaneously but can't be general, can't carry one by one, cause the repeated construction and the waste of society; Authentication can only provide authentication to the authentication people who has stored identity information in its identity database, to other not or be reluctant that in its identity database the people of storage identity information can not provide authentication.
Aspect the password authentication, authentication as bank card, on Automatic Teller Machine, withdraw deposit, be to read card number and password on the bank card, carry out authentication with the comparison of the password in the database again, recognize card (password) and do not recognize people by the reader device on the Automatic Teller Machine, withdraw deposit at the manual service sales counter, though need show personal identity card, the forgery of identity card is very easy, almost also is to recognize card (password) not recognize people; A large amount of radio frequency smart cards that adopt in the gate inhibition are to carry out identity validation by password and identity information that reader device reads on the card equally for another example, are to recognize card not recognize people too.Caused opportunity to the undesirable like this.
At the biometric identity authenticated connection, because when any physical characteristics collecting device is compared at a large amount of different biological characteristic of collection, comparison all can occur and recognize false and genuine situation is refused in comparison, have certain comparison accuracy of system identification and comparison and refuse sincerely, have true and false situation about being regardless of; Even some the time Zhang San authenticated be Li Si.These situations increase along with the expansion of identity data storage capacity.
No matter be above-mentioned which kind of authentication, as long as existing in the device of authentication reads and writes ID card or biological characteristic is gathered, the same device in same place, can only satisfy limited authenticating party uses, in some places, as Automatic Teller Machine, often can see the situation of authenticating party queuing.
In the time of more,, still adopt the natural person to add identity card (card) and carry out authentication, manually register, authenticate modes such as people's signature then, can not prevent to palm off authenticator's (holding false identity card) like this, also waste time waste of manpower as some machine-operated gate inhibitions.
Authentication in sum, its authentication principles is: authenticating party and authentication both sides make an appointment, and at identification cipher, the biological characteristic of the device stored authenticating party of authentication, authenticating party is according to identification cipher, biological characteristic or store the card of identification cipher, biological characteristic, and typing password, biological characteristic authenticate with password, the biological characteristic comparison of storage in advance on the demo plant of authentication.Be to dominate and leading fixing passive, have the authentication of certain pressure color by authentication; The authentication and application be combined as a whole, authenticating party to the authentication methods without any right to choose; Verification process has only authenticating party and authentication to participate in, and lacks an effective third party, and the notarization of authentication and reliability can not get ensureing.
Lack a unified reliable identity Verification System of authority and method at present, effectively to overcome above-mentioned deficiency.
Summary of the invention
In view of this, the present invention at first become the passive authentication of taking as the leading factor with authentication into take as the leading factor with authenticating party from master authentication; Will the side of application, authentication is with the verification process relative separation, make it only to enjoy the achievement of authentication, and needn't the degree of depth participate in verification process; Set up the third party, improve the fairness and the reliability of authentication; Overcome many deficiencies of existing authentication.Specifically the purpose that will realize is as follows:
One object of the present invention is to provide a kind of that can be carried by authenticating party, multilayer password biology from master authentication card (hereinafter to be referred as authentication card or card), has identification cipher input unit, physical characteristics collecting device, identity information storage device, identity information and handle comparison device and identity information output, receiving system on the same card; Make authenticating party pass through entrained card input identification cipher, gather biological characteristic, and in card, carry out the comparison of identification cipher and biological characteristic, and identity information can be transmitted to other devices; Be used for authenticating party by authentication card and third party, provide autonomous authentication and application message to application side and authentication.Authenticating party is stored in identity informations such as identification cipher and biological characteristic authentication card and third party in advance, authenticating party is when authenticating, earlier in the identification cipher and the authentication card carried of biological characteristic typing with oneself, with the identification cipher of storage and biological characteristic comparison in advance in the card, after comparison is passed through, generate new identity key, and the identity information in will blocking sends to the third party, further to compare authentication, send the identity information of process authentication again by third direction authentication and application side.Authenticating party need not deposit identification cipher or biological characteristic in the device of authentication, need in the device of authentication, not import password yet or gather biological characteristic, with the problem of avoiding leakage of the above-mentioned identity information side of being verified and passive authentication, waiting in line, avoid recognizing the problem that card is not recognized people by the combination of password and biological characteristic, stick into capable authentication by individual specific authentication, the biological characteristic of an authentication storage side in the card avoids the appearance comparison to recognize false and genuine situation is refused in comparison.
Second purpose of the present invention is to provide a kind of multilayer password biological autonomous Verification System (hereinafter to be referred as Verification System or system), third party's certificate server is set in system, block with authentication by network, writing station in advance, authentication is connected with application side, receive the identity information that the authentication card sends, and compare authentication once more, send the identity information of process authentication to application side and authentication by third party's certificate server, be used for authenticating party by the authentication card, network, certificate server provides autonomous authentication and application message to application side and authentication.Make application side and authentication need not to carry out collection, storage, comparison and the authentication of identity information, can provide authentication service widely to all application sides and authentication.Need the input of identity database and password, physical characteristics collecting device be set at authentication, avoid a large amount of repeated construction, avoid the problem of the leakage of the identity information side of being verified, passive authentication, queuing, avoid recognizing the problem that card is not recognized people by the combination of password and biological characteristic, stick into the authentication of row oneself by individual specific authentication, the biological characteristic of an authentication storage side in the card avoids the appearance comparison to recognize false and genuine situation is refused in comparison.
The 3rd purpose of the present invention is to provide a kind of multilayer password biological autonomous authentication method (hereinafter to be referred as authentication method or method), authenticating party is stored in identity informations such as identification cipher and biological characteristic in authentication card and the third party's certificate server by writing station in advance, authenticating party is when authenticating, earlier in the authentication card that identification cipher and biological characteristic typing are carried, with the identification cipher of storage and biological characteristic comparison in advance in the card, and generate new identity key, identity information sent to certificate server in the back will be blocked by network, and with the identification cipher of storing in advance in the certificate server, biological characteristic and the identity key comparison that generates voluntarily, after comparison is passed through, send application message by certificate server to application side, after application side handles with application result return authentication server, send identity information and application result by network to authentication by certificate server again, by authentication.Be used for authenticating party by authentication card, network, certificate server, provide autonomous authentication and application message to application side and authentication.Need the input of identity database and password, physical characteristics collecting device be set at authentication, avoided a large amount of repeated construction, avoid the problem of the leakage of the identity information side of being verified, passive authentication, queuing, avoid recognizing the problem that card is not recognized people by the combination of password and biological characteristic, stick into capable authentication by authenticating party individual specific authentication, the biological characteristic of an authentication storage side in the card avoids the appearance comparison to recognize false and genuine situation is refused in comparison; Multilayer authentication by people and Ka, card and network, card and certificate server, provide the identity information that is identified by network and certificate server third direction authentication with application side, not only can improve the reliability of authentication, also make authentication more oversimplify and popularize.
The 4th purpose of the present invention is to provide a kind of multilayer password biology from master authentication telephone set (hereinafter to be referred as authentication telephone set or machine), and identification authentication system and telephone device in the authentication card are integrated, and makes it to have authentication and telephony feature simultaneously.Be used for authenticating party by authentication telephone set, Verification System, provide autonomous authentication and application message, be used for authenticating party and telephony feature controlled by the authentication function in the machine to application side and authentication.Realize the combination of authentication and telephony feature.
To achieve these goals, multilayer password biology of the present invention is from the master authentication card, realizing authenticating card is carried by authenticating party, gather biological characteristic, input identification cipher and in card, carry out the comparison of identity information by the authentication card, the output of the information of carrying out and reception, on the master authentication card, setting is equipped with at a portable multilayer password biology:
A processor is connected with each device in following all cards, is used to handle all identity informations, data and application message;
Storage stack, be connected with processor, comprise: main storage, be used for the biological characteristic of authentication storage side in advance, identification cipher, privacy identity informations such as ID, open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation, internal storage data calls for processor, with by memory read, be used to store open identity information and the application message that demo plant sends outside the authentication card, and reception memorizer, the receiving system that is used for the authentication storage card is from certificate server and other cards, identity information and application message that device receives;
At least a physical characteristics collecting device, be connected with processor, be used to gather the biological characteristic of authenticating party, biological characteristic comprises the figure and features and the behavioural characteristic that can illustrate, confirm, prove authenticating party identity characteristics, as features such as fingerprint, palmmprint, cheilogramma, iris, face, voice, consideration is used on the card of limited bulk and weight, the miniaturization as far as possible of physical characteristics collecting device, should at first adopt the fingerprint characteristic harvester, along with the development of technology, progressively adopt other biological collection apparatus device;
An input unit is connected with processor, is used for identification cipher, authentication number, the application message of input authentication side, can directly adopt existing microminiature keyboard, as calculator and cell phone keyboard;
One group of output device, be connected with processor, comprise: the network output device that sends identity information, authentication number, application message by network to third party's certificate server, with the direct output device that directly sends identity information, application message to other devices, as radio frequency, bluetooth, IEEE802.11 (IEEE802.11a, IEEE802.11b), wireless output devices such as super wideband is wireless, infrared ray;
One group of received device, be connected with processor, comprise: receive the identity information of third party's certificate server transmission, the network receiving system of application message by network, with the direct receiving system that directly receives identity information, number, application message from other devices, as radio frequency, bluetooth, IEEE802.11 (IEEE802.11a, IEEE802.11b), radio receiver such as wireless, infrared ray of super wideband, as receive this identity number from Automatic Teller Machine, ID from this device of gate inhibition's demo plant reception receives the ID of these commodity etc. from commodity;
A network interface card, be connected with network output device, network receiving system, and be connected with processor by network output device, network receiving system, be used for connection with network, as the wireless network card of mobile radio network, wired network adapter etc., have one group of unique sign indicating number number in network, number and ID corresponding one by one in the network interface card, identity information, authentication number and application message are sent to third party's certificate server by network interface card by network;
One group interface, be connected with processor, comprise: the system program installation, identity information, the typing in advance of feature and the main interface of storage, setting and modification that are used to authenticate card, be connected with other devices with being used for, carry out the information interface of information exchange and processing, be connected with computer as make the authentication card by this interface;
A display is connected with all devices by processor, is used to show various information, data;
A power supply is connected with device in all cards by processor, is used for to all device provisioning electric power.
In order to cooperate the application of above-mentioned authentication card, also need have: third party's certificate server, by network and access code number, number is with the authentication card, the application server of application side, the demo plant of authentication, writing station is connected in advance, certificate server includes Verification System and identity database, store the biological characteristic of authenticating party in advance, identification cipher, privacy identity informations such as ID, open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation; Writing station in advance, be connected with certificate server by network, be connected with the authentication card by the interface on the authentication card, be used for to the authentication card, certificate server writes the biological characteristic of authenticating party, identification cipher, privacy identity informations such as ID, open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation, also be used for above-mentioned information, the reparation of data and modification, under other situation, writing station only writes the system program that authentication blocks in advance at authentication card and certificate server in advance, application message, the card sending mechanism feature, card number information, data, the biological characteristic of authenticating party, identification cipher, privacy identity informations such as ID, open identity information, information such as service department's feature, data are blocked one-time write by authenticating party by authentication; Transmission network, with the authentication card, certificate server, application server, writing station, demo plant are connected in advance, be used to authenticate between card and the certificate server, the information between certificate server and the demo plant, between certificate server and the application server transmits, network all is assigned different access codes unique in network number, number for certificate server, every authentication card, each application server, each demo plant; Demo plant, be connected with certificate server by network and access code number, number, be used to receive the identity information and the application message of certificate server and the transmission of authentication card, demo plant comprises following kind: the authentication card of other said structure, can receive identity information, application message that certificate server and authentication card send simultaneously, be used to confirm the identity and the application message of authenticating party, other demo plants can receive identity information and application message that certificate server and authentication card send; Application server connects with certificate server by network, stores the application data and the application message of authenticating party.
The common authentication card of forming of said apparatus is used for authenticating party by authentication card, network, certificate server, provides autonomous authentication and application message to the demo plant of application server and authentication; Be used for authenticating party by authentication card, network, certificate server, provide autonomous authentication and application message to application server; Also can be used for authenticating party by the authentication card, provide autonomous authentication and application message to demo plant.
Above-mentioned authentication card is used for authenticating party by authentication card, network, certificate server, provides the flow process of autonomous authentication and application message as follows to the demo plant of application server and authentication:
Authenticating party is by input unit input in the above-mentioned card or by direct receiving system Receipt Validation side number, application message, by input unit input identification cipher, gather the biological characteristic of authenticating party by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the main storage, comparison result is inconsistent, can show by display: authentification failure in the card, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, to disclose identity information simultaneously deposits in by memory read, send by direct output device demo plant outside the authentication card that is in same place, or pass through network interface card, network, certificate server is transmitted the open identity information of authenticating party to the demo plant in strange land by network, and with identification cipher, biological characteristic, key, ID, card sending mechanism, service department's feature, identity informations such as number, the demo plant number of authentication, application message is by the network output device, network interface card is sent to certificate server by network, further authenticate by certificate server, after application server is used processing, send the setting identity information and the application message of authenticating party to the demo plant of authentication by certificate server; The demo plant of authentication comprises authentication card and other demo plant of other said structure; When demo plant is the authentication card of other said structure, demo plant directly receives by direct receiving system, or receive the open identity information of authenticating party by network, receive the setting identity information and the application result of the above-mentioned authenticating party that sends by certificate server by network interface card and network receiving system, by the demo plant processor with the computing of comparing of these two kinds of identity informations, comparison result can not pass through, can show authentification failure by display, comparison result passes through, the setting identity information that can show authenticating party by display, by authentication, demo plant is replied authentication result to certificate server, and certificate server is replied authentication card and application server again.
The common authentication card of forming of said apparatus is used for authenticating party by authentication card, network, certificate server, provides the flow process of autonomous authentication and application message as follows to application server:
Authenticating party receives the application message that other devices send by above-mentioned input unit input or by direct receiving system, identification cipher by input unit input authentication side, gather biological characteristic by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the main storage, comparison result is inconsistent, can show by display: authentification failure in the card, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, and with identification cipher, biological characteristic, key, ID, card sending mechanism, service department's feature, identity informations such as number, application message is by the network output device, network interface card is sent to certificate server by network, further authenticate by certificate server, after application server is used processing, reply application result by certificate server to the authentication card again.
The common authentication card of forming of said apparatus is used for authenticating party by the authentication card, provides the flow process of autonomous authentication and application message as follows to demo plant:
Authenticating party is by the input of above-mentioned input unit or authentication number and application message by direct receiving system Receipt Validation device transmission, by input unit input identification cipher, gather the biological characteristic of authenticating party by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the main storage, comparison result is inconsistent, can show by display: authentification failure in the card, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, and with identification cipher, biological characteristic, key, ID, card sending mechanism, service department's feature, identity informations such as number, application message sends to demo plant by the direct output device of authentication card, authenticate by demo plant, and after using processing, reply application result by demo plant to the authentication card again.
Above-mentioned open identity information, being meant can be to the disclosed identity information of society, as name, sex etc.; Above-mentioned setting identity information, be meant by authenticating party set up on their own to the disclosed identity information of authentication, as name, sex, age, identification number, contact method, residence etc.
Above-mentioned authentication card is with the difference of existing user authentication card: all identity informations are stored in authenticating party self-contained the authentication card and third party's certificate server, but not are stored in authentication; Password input, physical characteristics collecting and the comparison thereof of all verification process, identity information send to certificate server, all by the self-contained authentication card of authenticating party, independently finish by device in blocking, and do not need device Card Reader, input password and gather biological characteristic by authentication; The authentication card goes for the authentication of all application services, and then can change a kind of card of a kind of authentication method of a kind of application server.
The beneficial effect of above-mentioned authentication card is: make authenticating party need not to carry out passive authentication on the device of authentication, but can stick into the autonomous authentication of row by the authentication of carrying whenever and wherever possible as required; Effectively prevent the leakage of identity information; Improve the reliability of authentication.
The biological autonomous Verification System of multilayer password of the present invention is used and applied environment for above-mentioned authentication card provides, and is the necessary condition that the authentication card uses and uses, and its system comprises:
A portable multilayer password biology is from the master authentication card, network interface card by in the card is connected with certificate server by network, and the authentication card comprises: a processor, be connected with device in all cards, be used to handle all identity informations, data and application message; Storage stack, be connected with processor, comprise: main storage, be used for the biological characteristic of authentication storage side in advance, identification cipher, privacy identity informations such as ID, open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation, internal storage data calls for processor, with by memory read, be used to store open identity information and the application message that demo plant sends outside the authentication card, and reception memorizer, the receiving system that is used for the authentication storage card is from certificate server and other cards, identity information and application message that device receives; At least a physical characteristics collecting device, be connected with processor, be used to gather the biological characteristic of authenticating party, biological characteristic comprises the figure and features and the behavioural characteristic that can illustrate, confirm, prove authenticating party identity characteristics, as features such as fingerprint, palmmprint, cheilogramma, iris, face, voice, consideration is used on the card of limited bulk and weight, and the fingerprint characteristic harvester should be at first adopted in the miniaturization as far as possible of physical characteristics collecting device; An input unit is connected with processor, is used for identification cipher, authentication number, the application message of input authentication side; One group of output device is connected with processor, comprising: send the network output device of identity information, authentication number, application message and install the direct output device that directly sends identity information, application message to other to certificate server by network; One group of received device is connected with processor, comprising: receive the network receiving system of identity information that certificate server sends, application message and directly receive the direct receiving system of identity information, number, application message from other devices by network; A network interface card, be connected with network output device, network receiving system, and be connected with processor by network output device, network receiving system, be used for connection with network, one group of unique sign indicating number number in network, number are arranged in the network interface card, corresponding one by one with ID, identity information, authentication number and application message are sent to certificate server by network interface card by network; One group interface, be connected with processor, comprise: the system program installation, identity information, the typing in advance of feature and the main interface of storage, setting and modification that are used to authenticate card, be connected with other devices with being used for, carry out the information interface of information exchange and processing, be connected with computer as make the authentication card by this interface; A display is connected with all devices by processor, is used to show various information, data; A power supply is connected with device in all cards by processor, is used for to all device provisioning electric power;
A certificate server, by network and access code, sign indicating number number with authentication card, application server, demo plant, writing station is connected in advance, include Verification System and identity database, store feature, number, application message and the system program of the privacy identity informations such as biological characteristic, identification cipher, ID of authenticating party, open identity information and card sending mechanism, service department in advance, and computing composition rule, function, relation between above-mentioned feature;
A writing station in advance, be connected with certificate server by network, be connected with the authentication card by the interface on the authentication card, be used for to the authentication card, certificate server writes the biological characteristic of authenticating party, identification cipher, privacy identity informations such as ID, open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation, also be used for above-mentioned information, the reparation of data and modification, under other situation, writing station only writes the system program that authentication blocks in advance at authentication card and certificate server in advance, application message, the card sending mechanism feature, card number information, data, the biological characteristic of authenticating party, identification cipher, privacy identity informations such as ID, open identity information, information such as service department's feature, data are blocked one-time write by authenticating party by authentication;
A transmission network, with the authentication card, certificate server, application server, writing station in advance, demo plant is connected, be used between authentication card and the certificate server, between certificate server and the demo plant, information between certificate server and the application server, data transmit, as mobile radio network, cable network, communication network, the Internet etc., network is given certificate server, every authentication card, each application server, each demo plant all is assigned different access codes unique in network number, number, as the wireless mobile network number, the cable network number, IP address etc.;
A demo plant, be connected with certificate server with access code by network, be used to receive the identity information and the application message of certificate server and the transmission of authentication card, demo plant comprises following kind: the authentication card of other said structure, can receive identity information, application message that certificate server and authentication card send simultaneously, be used to confirm the identity and the application message of authenticating party, other demo plants can receive identity information and application message that certificate server and authentication card send;
One group of application server is connected with certificate server by network, stores the application data and the application message of authenticating party.
The common Verification System of forming of said apparatus, be used for authenticating party by authentication card, network, certificate server, demo plant to application server and authentication provides autonomous authentication and application message, be used for authenticating party by authentication card, network, certificate server, provide autonomous authentication and application message to application server.
Above-mentioned Verification System is used for authenticating party by authentication card, network, certificate server, provides the flow process of autonomous authentication and application message as follows to the demo plant of application server and authentication:
Authenticating party is by input unit input in the card or by direct receiving system Receipt Validation side number, application message, identification cipher by input unit input authentication side, gather biological characteristic by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the main storage, comparison result is inconsistent, can show by display: authentification failure in the card, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, to disclose identity information simultaneously deposits in by memory read, send by direct output device demo plant outside the authentication card that is in same place, or pass through network interface card, network, certificate server is transmitted the open identity information of authenticating party by network to the demo plant in strange land, and with identification cipher, biological characteristic, key, ID, card sending mechanism, service department's feature, identity informations such as number, the authentication number, application message is by the network output device, network interface card is sent to certificate server by network;
Certificate server receives the identity information that the authentication card is sent, authentication number and application message, according to program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, with this identity key be stored in identification cipher in the identity database in advance, biological characteristic, identification cipher with the transmission of authentication card, biological characteristic and key are compared, comparison result is inconsistent, certificate server is replied the authentication card by network and access code, authentification failure, the comparison result unanimity, application message is sent to application server, after the application server processes result is turned back to certificate server, the authentication number that certificate server is sent according to the authentication card is by setting identity information and the application result of network to demo plant transmission authenticating party;
The demo plant of authentication comprises authentication card and other demo plant of other said structure;
When demo plant is the authentication card of other said structure, demo plant directly receives by direct receiving system, or receive the open identity information of authenticating party by network, receive the setting identity information and the application result of the above-mentioned authenticating party that sends by certificate server by network interface card and network receiving system, by processor with the computing of comparing of these two kinds of identity informations, comparison result can not pass through, can show authentification failure by display, comparison result passes through, the setting identity information that can show authenticating party by display, by, accept authentication;
Demo plant by authentication to authenticating party after (no matter authentication result be failure or by), reply authentication result, obtain or abandon the affirmation information of application result to certificate server by network;
Certificate server is replied authentication result and application result according to the return information of authentication to the authentication card, replys to application server and confirms the result.
The common Verification System of forming of said apparatus is used for authenticating party by authentication card, network, certificate server, provides the flow process of autonomous authentication and application message as follows to application server:
Authenticating party receives the application message that other devices send by input unit input in blocking or by direct receiving system, identification cipher by input unit input authentication side, gather biological characteristic by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the main storage, comparison result is inconsistent, can show by display: authentification failure in the card, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, and with identification cipher, biological characteristic, key, ID, card sending mechanism, service department's feature, identity informations such as number, application message is by the network output device, network interface card is sent to certificate server by network;
After certificate server receives the identity information and application message that authentication card sends, according to program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, with this key be stored in identification cipher in the identity database in advance, biological characteristic, identification cipher with the transmission of authentication card, biological characteristic and key are compared, comparison result is inconsistent, certificate server is replied the authentication card by network and access code: authentification failure, the comparison result unanimity, application message is sent to application server, after the application server processes result is turned back to certificate server, certificate server is replied application result by network to the authentication card.
Above-mentioned Verification System is with the difference of existing identity authorization system: all identity informations are stored in authenticating party self-contained the authentication card and third-party certificate server, but not are stored in the authentication device; Password input, physical characteristics collecting and the comparison thereof of all verification process, identity information carry out the identity information comparison to certificate server transmission, certificate server, all independently finish by the self-contained authentication card of authenticating party, what demo plant obtained is direct reliable identity information, and does not need device Card Reader, the input password by authentication and gather biological characteristic; Network and certificate server are as the third party, identity to authenticating party is carried out further authentication, and send identity information to demo plant by certificate server, improve the reliability of authentication, thereby changed the situation of having only authenticating party, authentication both sides to authenticate; Verification System goes for the authentication of the application side of all categories, and then can change the situation of a kind of Verification System of a kind of application server.
The beneficial effect of above-mentioned Verification System is: make authenticating party need not to carry out passive authentication on the device of authentication, but the authentication that can carry by authenticating party as required sticks into the autonomous authentication of row whenever and wherever possible; Effectively prevent the leakage of identity information; Improve the reliability of authentication; With the service of authentication as a kind of specialty, need the authentication of authentication and application service side that professional reliable identity authentication service is provided to all, make authentication and application side need not to build special Verification System and identity database, make authentication and application service become more simple, reliable.
The biological autonomous authentication method of a kind of multilayer password of the present invention, be step and the flow process that authentication card and Verification System are carried out authentication, wherein above-mentioned authentication card is made up of the processor, memory, physical characteristics collecting device, input unit, output device, receiving system, network interface card, information interface, display, the power supply that are installed in the card, by the authentication card, network, certificate server, writing station, application server, demo plant are connected by network in advance, constitute Verification System, said method comprises the following steps:
1. above-mentioned writing station in advance is with feature, number, application message and the system program of privacy identity informations such as the biological characteristic of authenticating party, identification cipher, ID, open identity information and card sending mechanism, service department, and computing composition rule, function, relation between above-mentioned feature write the memory and the certificate server of authentication card; Under other situation, writing station only writes system program, application message, card sending mechanism feature, card number information, the data that authentication blocks in advance at authentication card and certificate server in advance, and information, data such as privacy identity informations such as the biological characteristic of authenticating party, identification cipher, ID, open identity information, service department's feature are write and store to card built-in storage and certificate server identity database by the authentication card is disposable by authenticating party;
2. above-mentioned authenticating party is by the input of the input unit in it or by direct receiving system Receipt Validation side's number and application message, identification cipher by input unit input authentication side, gather biological characteristic by the physical characteristics collecting device, and with the identification cipher that obtains, biological characteristic is with the identification cipher and the biological characteristic comparison of storage in advance in the card built-in storage, block interior authentication, compare inconsistent, authentification failure in the card, comparison is consistent, the card inner treater is by the computing composition rule between above-mentioned feature, function, relation generates new identity key, demo plant outside card sends by direct output device or network will to disclose identity information simultaneously, with identification cipher, biological characteristic, key, authentication sign indicating number number, application message, ID, card sending mechanism, service department's feature, identity informations such as number are by the network output device, network interface card is sent to certificate server by network;
3. above-mentioned certificate server receives the identity information that the authentication card is sent, after authentication number and the application message, according to program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, with this key be stored in identification cipher in the identity database in advance, biological characteristic, identification cipher with the transmission of authentication card, biological characteristic and key are compared, comparison result is inconsistent, certificate server is replied the authentication card by network: authentification failure, the comparison result unanimity, application message is sent to application server, after the application server processes result is turned back to certificate server, the authentication number that certificate server is sent according to the authentication card is by setting identity information and the application result of network to the demo plant transmission authenticating party of authentication;
4. the demo plant of above-mentioned authentication comprises authentication card and other demo plant of other said structure; When demo plant is the authentication card of other said structure, demo plant directly receives by direct receiving system in it, or receive the open identity information of authenticating party by network, receive the setting identity information and the application result of the above-mentioned authenticating party that sends by certificate server by network interface card and network receiving system, by processor with the computing of comparing of these two kinds of identity informations, comparison result can not pass through, can show authentification failure by display, comparison result passes through, the setting identity information that can show authenticating party by display, by, accept authentication; Demo plant is replied authentication result by network to certificate server by after the authentication to authenticating party, obtains or abandon application result; Certificate server is replied authentication result and application result according to the return information of authentication demo plant to the authentication card, replys to application server and confirms the result.
If belong to authenticating party by authentication card, network, certificate server, provide the situation of autonomous authentication and application message to application server, in above-mentioned steps the 2. in the step, do not import or not Receipt Validation side's number, sign indicating number number; 3. in the step, after the application server processes application result is turned back to certificate server in above-mentioned steps the, certificate server is replied application result by network to the authentication card, and flow process finishes, and does not have the 4. step;
If belong to authenticating party by the authentication card, the situation of autonomous authentication and application message is provided to demo plant, in 2. top step the goes on foot, after authenticating in the card, do not send information to certificate server, but with identification cipher, biological characteristic, key, authentication sign indicating number number, application message, ID, card sending mechanism, identity informations such as service department's characteristic number, or above-mentioned part identity information directly sends to demo plant, authenticate by demo plant, after using processing, directly reply application result to authentication card by demo plant, flow process finishes, and does not have the 3., 4. step.
Above-mentioned authentication method, be used for authenticating party by authentication card, network, certificate server, demo plant to application server and authentication provides autonomous authentication and application message, be used for authenticating party by authentication card, network, certificate server, provide autonomous authentication and application message to application server, be used for authenticating party by the authentication card, provide autonomous authentication and application message to demo plant.
Above-mentioned authentication method is with the difference of existing identity identifying method: all identity informations are stored in authenticating party self-contained the authentication card and third-party certificate server, but not are stored in the authentication device; Password input, physical characteristics collecting and the comparison thereof of all verification process, identity information carry out the identity information comparison to certificate server transmission, certificate server, all independently finish by the self-contained authentication card of authenticating party, what authentication obtained is direct reliable identity information, and does not need device Card Reader, the input password by authentication and gather biological characteristic; Network and certificate server are as the third party, identity to authenticating party is carried out further authentication, and send identity information to authentication by certificate server, improve the reliability of authentication, thereby changed the situation of having only authenticating party authentication both sides to authenticate; Authentication method goes for the authentication that all categories is used, and then can change the situation of a kind of Verification System of a kind of application server.
The beneficial effect of above-mentioned authentication method is: make authenticating party need not to carry out passive authentication on the device of authentication, but can stick into the autonomous authentication of row by the authentication of carrying whenever and wherever possible as required; Effectively prevent the leakage of identity information; Improve the reliability of authentication; With the service of authentication as a kind of specialty, need the authentication of authentication and application service that professional reliable identity authentication service is provided to all, make authentication and application side need not to build special Verification System and identity database, make authentication and application service become more simple, reliable.
Multilayer password biology of the present invention organically combines identification authentication system and telephone device in a machine from the master authentication telephone set, on same authentication telephone set, is equipped with simultaneously:
One cover phone integrated circuit board is connected with the authentication card; One width of cloth microphone, a set of headphones, a block power supply all is connected with the phone integrated circuit board;
An authentication card is connected with the phone integrated circuit board, comprising: a processor, be connected with device in all cards, and be used to handle all identity informations, data and application message; Storage stack, be connected with processor, comprise: main storage, be used for the biological characteristic of authentication storage side in advance, identification cipher, privacy identity informations such as ID, open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation, internal storage data calls for processor, with by memory read, be used to store open identity information and the application message that demo plant sends outside the authentication card, and reception memorizer, the receiving system that is used for the authentication storage card is from certificate server and other cards, identity information and application message that device receives; At least a physical characteristics collecting device, be connected with processor, be used to gather the biological characteristic of authenticating party, biological characteristic comprises the figure and features and the behavioural characteristic that can illustrate, confirm, prove authenticating party identity characteristics, as features such as fingerprint, palmmprint, cheilogramma, iris, face, voice, consideration is used on the card of limited bulk and weight, and the fingerprint characteristic harvester should be at first adopted in the miniaturization as far as possible of physical characteristics collecting device; An input unit is connected with processor, is used for identification cipher, authentication number, the application message of input authentication side; One group of output device is connected with processor, comprising: send the network output device of identity information, authentication number, application message and install the direct output device that directly sends identity information, application message to other to certificate server by network; One group of received device is connected with processor, comprising: receive the network receiving system of identity information that certificate server sends, application message and directly receive the direct receiving system of identity information, number, application message from other devices by network; A network interface card, be connected with network output device, network receiving system, and be connected with processor by network output device, network receiving system, be used for connection with network, network interface card as mobile radio network, have one group of unique sign indicating number number in network, number and ID corresponding one by one in the network interface card, identity information, authentication number and application message are sent to certificate server by network interface card by network; One group interface, be connected with processor, comprise: the system program installation, identity information, the typing in advance of feature and the main interface of storage, setting and modification that are used to authenticate card, be connected with other devices with being used for, carry out the information interface of information exchange and processing, be connected with computer as make the authentication telephone set by this interface; A display is connected with all devices by processor, is used to show various information, data; A power supply is connected with device in all cards by processor, is used for to all device provisioning electric power;
One group of change over switch that is installed on the input unit is used for the conversion between telephony feature and the authentication function;
Above-mentioned input unit, display all are connected with the phone integrated circuit board, are phone integrated circuit board and authentication card composite device; For other situation, what adopt as phone and authentication is same transmission network, and above-mentioned network interface card is connected with the phone integrated circuit board, is phone integrated circuit board and authentication card composite device.
The authentication telephone set that said apparatus is formed, except that telephony feature, be used for authenticating party by authentication telephone set, network, certificate server, demo plant to application server and authentication provides autonomous authentication and application message, be used for authenticating party by authentication telephone set, network, certificate server, provide autonomous authentication and application message to application server, be used for authenticating party by the authentication telephone set, provide autonomous authentication and application message to demo plant, be used for authenticating party and telephony feature controlled by the authentication card in the machine.
The common authentication telephone set of forming of said apparatus except that telephony feature, is used for authenticating party by authentication telephone set, network, certificate server, provides the flow process of autonomous authentication and application message as follows to the demo plant of application server and authentication:
Authenticating party is by input unit input in the machine or by direct receiving system Receipt Validation side number, application message, identification cipher by input unit input authentication side, gather biological characteristic by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the password and the biological characteristic of storage are compared in advance in the main storage, comparison result is inconsistent, can show by display: authentification failure in the machine, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, to disclose identity information simultaneously deposits in by memory read, send by direct output device demo plant outside the machine that is in same place, or pass through network interface card, network, certificate server is transmitted the open identity information of authenticating party to the demo plant in strange land by network, and with identification cipher, biological characteristic, key, ID, card sending mechanism, service department's feature, identity informations such as number, the authentication number, application message is by the network output device, network interface card is sent to certificate server by network, further authenticate by certificate server, after application server is used processing, send the setting identity information and the application result of authenticating party to the demo plant of authentication by certificate server;
The demo plant of authentication comprises authentication telephone set and other demo plant of other said structure;
When demo plant is the authentication telephone set of other said structure, demo plant directly receives by direct receiving system in it, or receive the open identity information of authenticating party by network, receive the setting identity information and the application result of the above-mentioned authenticating party that sends by certificate server by network interface card and network receiving system, by the demo plant processor with the computing of comparing of these two kinds of identity informations, comparison result can not pass through, can show authentification failure by display, comparison result passes through, the setting identity information that can show authenticating party by display, by authentication, demo plant is replied authentication result to certificate server, and certificate server is replied authentication telephone set and application server again.
The common authentication telephone set of forming of said apparatus is used for authenticating party by authentication telephone set, network, certificate server, carries out self-authentication and use the flow process of handling as follows to application server:
Authenticating party receives the application message that other devices send by above-mentioned input unit input or by direct receiving system, identification cipher by input unit input authentication side, gather biological characteristic by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the main storage, comparison result is inconsistent, can show by display: authentification failure in the machine, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, and with identification cipher, biological characteristic, key, ID, card sending mechanism, service department's feature, identity informations such as number, application message is by the network output device, network interface card is sent to certificate server by network, further authenticate by certificate server, after application server is used processing, reply application result by certificate server to the authentication telephone set again.
The common authentication telephone set of forming of said apparatus is used for authenticating party by the authentication telephone set, provides the flow process of autonomous authentication and application message as follows to demo plant:
Authentication number and application message that authenticating party passes through the interior input unit input of machine or sends by direct receiving system Receipt Validation device, by input unit input identification cipher, gather the biological characteristic of authenticating party by the physical characteristics collecting device, said apparatus will be imported, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the main storage, comparison result is inconsistent, can show by display: authentification failure in the machine, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, and with identification cipher, biological characteristic, key, ID, card sending mechanism, service department's feature, identity informations such as number, application message sends to demo plant by the direct output device of authentication telephone set, authenticate by demo plant, and after using processing, reply application result by demo plant to the authentication telephone set again.
The common authentication telephone set of forming of said apparatus, it is as follows to be used for the flow process that authenticating party controls telephony feature by the authentication card in the machine:
The authentication telephone set is carrying out phone, information is dialed and connected with telephony feature and is selected, during setting, authenticating party is earlier by input unit input identification cipher in the machine, gather biological characteristic by the physical characteristics collecting device, said apparatus will be imported, the identification cipher that collects, biological characteristic is sent to processor, processor is compared the identification cipher and the biological characteristic that obtain with identification cipher and the biological characteristic stored in advance in the main storage, comparison result is inconsistent, can show by display: authentification failure in the machine, dial and connect, function selecting, setting can not be passed through, the comparison result unanimity is dialed and connected, function selecting, set and pass through smoothly.
As a rule, the phone integrated circuit board of installing on same authentication telephone set is the phone integrated circuit board of wireless mobile mobile phone, and microphone, earphone are microphone, the earphone of wireless mobile mobile phone.This kind authentication telephone set also can be called wireless mobile authentication telephone set or authentication mobile phone.
Above-mentioned authentication telephone set is with the difference of existing simple function telephone set and single authentication card: on the basis of telephone set, increased the biological autonomous authentication function of multilayer password; On the basis of authentication card, increased the function of phone.
The authentication function of authentication telephone set is with the difference of existing authentication: all identity informations are stored in authenticating party self-contained the authentication telephone set and certificate server, but not are stored in authentication; Password input, physical characteristics collecting and the comparison thereof of all verification process, identity information send to certificate server, all by the self-contained authentication telephone set of authenticating party, independently finish by device in the machine, and do not need device Card Reader, input password and gather biological characteristic by authentication; The authentication telephone set goes for the authentication of all application, and then can change a kind of card of a kind of authentication method of a kind of application service.
The beneficial effect of above-mentioned authentication telephone set is: biological autonomous authentication function of multilayer password and telephony feature are combined together, and are the extensions of single telephone set and single authentication card function, and purposes is more extensive.
The beneficial effect of the authentication function of above-mentioned authentication telephone set is: make authenticating party need not to carry out passive authentication on the device of authentication, but can carry out autonomous authentication by the authentication telephone set of carrying whenever and wherever possible as required; Effectively prevent the leakage of identity information; Improve the reliability of authentication.
For above-mentioned and other purpose of the present invention, feature and advantage can be become apparent, integrated optimization embodiment of the present invention cited below particularly, and conjunction with figs. is elaborated.
Description of drawings
Fig. 1 is the front plan view of embodiment of the invention authentication card;
Fig. 2 is an embodiment of the invention authentication card along Fig. 1 inwardly perpendicular to the profile of in-plane;
Fig. 3 is the structure chart of embodiment of the invention Verification System;
Fig. 4 is that the embodiment of the invention provides flow for authenticating ID figure to application server and demo plant;
Fig. 5 is that the embodiment of the invention provides flow for authenticating ID figure to application server;
Fig. 6 is that the embodiment of the invention provides flow for authenticating ID figure to demo plant;
Fig. 7 is the front plan view of embodiment of the invention authentication telephone set;
Fig. 8 is an embodiment of the invention authentication telephone set along Fig. 7 inwardly perpendicular to the profile of in-plane.
Fig. 9 is that embodiment of the invention authentication telephone set is to telephone dial connection function control flow chart in the machine.
The drawing reference numeral explanation
The shell of 0~authentication card and authentication mobile phone;
1~authentication card; 1A~demo plant interface;
Main interface in 11~authentication card;
Information interface in 12~authentication card;
2~authentication card display; 2A~demo plant display;
3~authentication card physical characteristics collecting device; 3A~demo plant physical characteristics collecting device
4~authentication card input unit; 4A~demo plant input unit;
5~authentication card-receiving device; 5A~demo plant receiving system
Network receiving system in 51~authentication card-receiving device;
Direct receiving system in 52~authentication card-receiving device;
6~authentication card output device; 6A~demo plant output device;
Network output device in 61~authentication card output device;
Direct output device in 62~authentication card output device;
7~authentication Card processor; 7A~demo plant processor;
8~authentication card memory; 8A~demo plant memory;
Main storage in 81~authentication card memory;
82~authentication in the card memory by memory read;
Reception memorizer in 82~authentication card memory;
9~authentication card power supply;
10~authentication card network interface card; 10A~demo plant network interface card;
13~authentication mobile phone integrated circuit board;
14~authentication cellular phone power supplies;
15~authentication handset earphone;
16~authentication mobile phone microphone;
17~authentication mobile phone change over switch;
30~Verification System certificate server and identity database;
31~Verification System transmission network;
32~in advance writing stations;
33~application server network interface card;
34~application server and application data base.
Embodiment
The portable multilayer password of embodiment of the invention biology from the master authentication card as shown in Figure 1 and Figure 2.Embodiment authenticates card and is used for authenticating party and carries, and carries out autonomous authentication, and device comprises in its card:
A processor 7 is connected with device in following all cards, is used to handle all identity informations, data and application message;
Storage stack 8, be connected with processor 7, comprise: main storage 81, be used for the biological characteristic of authentication storage side in advance, identification cipher, privacy identity informations such as ID, open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation, internal storage data calls for processor 7, with by memory read 82, be used to store open identity information and the application message that demo plant sends outside the authentication card, with reception memorizer 83, the receiving system 5 that is used for the authentication storage card is from certificate server 30 and other cards, identity information and application message that device receives;
At least a physical characteristics collecting device 3, be connected with processor 7, be used to gather the biological characteristic of authenticating party, biological characteristic comprises the figure and features and the behavioural characteristic that can illustrate, confirm, prove authenticating party identity characteristics, as features such as fingerprint, palmmprint, cheilogramma, iris, face, voice, consideration is used on the card of limited bulk and weight, physical characteristics collecting device 3 miniaturization as much as possible, and present embodiment adopts the fingerprint characteristic harvester;
An input unit 4 is connected with processor 7, is used for identification cipher, authentication number, the application message of input authentication side;
One group of received device 5, be connected with processor 7, comprise: receive the identity information of certificate server 30 transmissions, the network receiving system 51 of application message by network 31, with the direct receiving system 52 that directly receives identity information, number, application message from other devices, as receiving systems such as radio-frequency (RF) Receiving Device, wireless blue tooths, present embodiment adopts the direct receiving system of wireless blue tooth;
One group of output device 6, be connected with processor 7, comprise: the network output device 61 that sends identity information, authentication number, application message by network 31 to certificate server 30, with the direct output device 62 that directly sends identity information, application message to other devices, as radio frequency output device, wireless blue tooth output device, present embodiment adopts the direct output device of wireless blue tooth;
A network interface card 10, be connected with network output device 61, network receiving system 51, and be connected with processor 7 by network output device 61, network receiving system 51, be used for connection with network 31, one group of unique sign indicating number number in network 31, number are arranged in the network interface card 10, corresponding one by one with ID, identity information, authentication number and application message by network interface card 10 and wherein correspondence code number be sent to certificate server 30 by network 31;
One group interface 1, be connected with processor 7, comprise: the system program installation, identity information, the typing in advance of feature and the main interface 11 of storage, setting and modification that are used to authenticate card, be connected with other devices with being used for, carry out the information interface 12 of information exchange and processing, be connected with computer as make the authentication card by this interface;
A display 2 is connected with all devices by processor 7, is used to show various information;
A power supply 9 is connected with all said apparatus by processor 7, is used for to each device provisioning electric power.
Connecting line in the foregoing description authentication card between each device is two groups, and wherein: one group is data line, and one group is power line, all adopts the mode of printed circuit to lay circuit.
In order to cooperate the application of the foregoing description authentication card, need have embodiment Verification System as shown in Figure 3, the present embodiment Verification System comprises:
A certificate server 30 connects with authentication card, application server 34, demo plant by network 31; Certificate server 30 includes Verification System and identity database, store feature, number, application message and the system program of the privacy identity informations such as biological characteristic, identification cipher, ID of authenticating party, open identity information and card sending mechanism, service department in advance, and computing composition rule, function, relation between above-mentioned feature;
A writing station 32 in advance, be connected with certificate server 30 by network 31, be connected with the authentication card by the interface 1 on the authentication card, be used for to the authentication card, certificate server 30 writes the biological characteristic of authenticating party, identification cipher, privacy identity informations such as ID, open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation, also be used for above-mentioned information, the reparation of data and modification, under other situation, 32 of writing stations are authenticating the system programs that card and certificate server 30 write the authentication card in advance in advance, application message, the card sending mechanism feature, card number information, data, the biological characteristic of authenticating party, identification cipher, privacy identity informations such as ID, open identity information, information such as service department's feature, by authentication card one-time write, present embodiment authenticates all identity informations in card and the certificate server 30 to data by authenticating party, application message and system program, data all write by writing station 32 in advance;
A transmission network 31, with the authentication card, certificate server 30, application server 34, writing station 32 in advance, demo plant is connected, be used between authentication card and the certificate server 30, between certificate server 30 and the authentication, information between certificate server 30 and the application server 34, data transmit, network 31 is given certificate server 30, every authentication card, each application server 34, each demo plant all is assigned different access codes unique in network 31 number, number, network 31 can adopt various forms of networks, as cable network, mobile radio network, 3G network etc., between authentication card and the certificate server 30, between certificate server 30 and the demo plant, between certificate server 30 and the application server 34, transmission network 31 between writing station 32 and the certificate server 30 can be same network in advance, it also can be different networks, the network 31 of this Verification System embodiment, what adopt is cordless communication network, and what adopt between above-mentioned each device is same network;
A demo plant, connect with certificate server 30 by network 31, be used to receive the identity information and the application message of certificate server 30 and the transmission of authentication card, demo plant comprises following kind: the authentication card of other said structure, can receive identity information, application message that certificate server 30 and authentication card send simultaneously, be used to confirm the identity and the application message of authenticating party, form by processor 7A, memory 8A, physical characteristics collecting device 3A, input unit 4A, receiving system 5A, output device 6A, network interface card 10A, interface 1A, display 2A and power supply; Other demo plants can receive identity information and application message that certificate server 30 and authentication card send;
One group of application server 34 connects with certificate server 30 by network 31, stores the application data and the application message of authenticating party;
An authentication card authenticates as described in the card as above-mentioned embodiment.
The foregoing description Verification System has only been enumerated an authentication card, a demo plant and one group of application server 34, and in the application of reality, authentication card, demo plant and application server all are unlimited many.
Before the foregoing description authentication card and embodiment Verification System enter use, by feature, number, application message and the system program of writing station 32 in advance with privacy identity information, open identity information and card sending mechanism such as the biological characteristic of authenticating party, identification cipher, ID, service department, and computing composition rule, function, relation between above-mentioned feature, write embodiment simultaneously and authenticate main storage 81 and certificate server 30 in the card.
The foregoing description authentication card and embodiment Verification System are used for authenticating party by authenticating card, network 31, certificate server 30, provide autonomous authentication and application message to the demo plant of application server 34 and authentication; Be used for authenticating party by authentication card, network 31, certificate server 30, provide autonomous authentication and application message to application server 34.
The foregoing description authentication card also can be used for authenticating party by the authentication card, provides autonomous authentication and application message to demo plant.
The foregoing description authentication card and embodiment Verification System are used for authenticating party by authenticating card, network 31, certificate server 30, the flow process that provides autonomous authentication and application message to the demo plant of application server 34 and authentication as shown in Figure 4:
Authenticating party is by input unit 4 inputs of the foregoing description authentication card or by direct receiving system 52 Receipt Validation side's numbers, application message (step S110);
By the identification cipher of input unit 4 input authentication sides, gather biological characteristic (step S111) by physical characteristics collecting device 3;
Information, identification cipher, biological characteristic that said apparatus will be imported, receive, collects are sent to processor 7, processor 7 with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage compare (step S112) in advance in the main storage 81;
Comparison result inconsistent (denying) can show by display 2: authentification failure (step S114) in the card;
Comparison result unanimity (being), processor 7 can be according to program stored, function, relation are synthesized identity informations such as identification cipher and biological characteristic in advance, generate new identity key, will disclose identity information simultaneously and deposit in by memory read 82 (step S113);
To being in the open identity information (step S118) that same place demo plant sends authenticating party, or transmit the open identity information (step S117) of authenticating party to the demo plant in strange land by network 31 by network interface card 10, network 31, certificate server 30 by direct output device 62;
Identity informations such as identification cipher, biological characteristic, key, ID, card sending mechanism, service department's characteristic number, authentication number, application message are sent (step S115) by network 31 to certificate server 30 by network output device 61, network interface card 10;
Certificate server 30 receives whole identity informations, authentication number and the application message (step S116) that the authentication card is sent, according to program stored, function, relation are synthesized identity informations such as identification cipher and biological characteristic in advance, generate new identity key, with this identity key be stored in identification cipher, biological characteristic in the identity database in advance, identification cipher, biological characteristic and the key that sends with the authentication card compare (step S119);
Comparison result inconsistent (denying), certificate server 30 is replied the authentication card by network 31: authentification failure (step S121), the comparison result unanimity, application message is sent to application server 34 (step S120), after application server 34 is handled result is turned back to certificate server 30 (step S122), certificate server 30 carries out judgment processing (step S123) according to the application result of application server 34, the authentication number that certificate server 30 is sent according to the authentication card is by setting identity information and the application result (step S124) of network 31 to demo plant transmission authenticating party;
The demo plant of present embodiment is the authentication card of other said structure, demo plant directly receives (step S118) by receiving system 5A in it, or the network interface card 10A that passes through network 31, demo plant receives (step S117), the foregoing description authentication cartoon is crossed (the step S115) that its direct output device 62 sends, or the open identity information of (step S115) authenticating party of being transmitted by certificate server 30 by network 31, network interface card 10;
Network interface card 10A by demo plant and receiving system 5A receive the setting identity information and the application result (step S125) of the above-mentioned authenticating party that is sent by certificate server 30, these two kinds of identity informations are compared and handle (step S126) by processor 7A, comparison result can not pass through (denying), can show authentification failure (step S127) by display, comparison result is by (being), the setting identity information that can show authenticating party by display, by, accept authentication (step S128);
Demo plant by authentication to authenticating party after (no matter authentication result be failure or by), reply authentication results, obtain or abandon the affirmation information (step S129) of application result to certificate server 30 by network 31;
Certificate server 30 is replied authentication result and application result according to the return information of demo plant to the authentication card, replys to application server 34 and confirms result (step S130).
The foregoing description authentication card and embodiment Verification System are used for authenticating party by authenticating card, network 31, certificate server 30, the flow process that provides autonomous authentication and application message to application server 34 as shown in Figure 5:
Authenticating party receives application message (step S210) by input unit 4 inputs of the foregoing description authentication card or by direct receiving system 52;
By the identification cipher of input unit 4 input authentication sides, gather biological characteristic (step S211) again by physical characteristics collecting device 3;
Information, identification cipher, biological characteristic that said apparatus will be imported, receive, collects are sent to processor 7, processor 7 with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage compare (step S212) in advance in the main storage 81;
Comparison result inconsistent (denying) can show by display 2: authentification failure (step S214) in the card;
Comparison result unanimity (being), processor 7 meeting bases program stored, function, relation are in advance synthesized identity informations such as identification cipher and biological characteristic, generate new identity key (step S213);
Embodiment authenticates card identity informations such as identification cipher, biological characteristic, key, ID, card sending mechanism, service department's feature, number, application message is sent (step S215) by network 31 to certificate server 30 by network output device 61, network interface card 10;
Certificate server 30 receives whole identity informations, the application message (step S216) that the authentication card is sent, according to program stored, function, relation are synthesized identity informations such as identification cipher and biological characteristic in advance, generate new identity key, with this identity key be stored in identification cipher, biological characteristic in the identity database in advance, identification cipher, biological characteristic and the key that sends with the authentication card compare (step S219);
Comparison result inconsistent (denying), certificate server 30 is replied the authentication card by network 31, authentification failure (step S221), the comparison result unanimity, application message is sent to application server 34 (step S220), after application server 34 is handled result is turned back to certificate server 30 (step S222), certificate server 30 is replied application result (step S223) by network 31 to the authentication card.
The foregoing description authentication card is used for authenticating party by the authentication card, the flow process that provides autonomous authentication and application message to demo plant as shown in Figure 6:
Authenticating party receives application message (step S310) by input unit 4 inputs of the foregoing description authentication card or by direct receiving system 52;
By input unit 4 input identification ciphers, gather the biological characteristic (step S311) of authenticating party by physical characteristics collecting device 3;
Information, identification cipher, biological characteristic that said apparatus will be imported, receive, collects are sent to processor 7, processor 7 with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage compare (step S312) in advance in the main storage 81;
Comparison result inconsistent (denying) can show by display 2: authentification failure (step S314) in the card;
Comparison result unanimity (being), processor 7 meeting bases program stored, function, relation are in advance synthesized identity informations such as identification cipher and biological characteristic, generate new identity key (step S313);
Embodiment authenticates cartoon and crosses direct output device 62 identity information, application messages such as identification cipher, biological characteristic, key, ID, card sending mechanism, service department's feature, number are directly sent (step S315) to demo plant;
Demo plant receives whole identity informations and application message (step S316), with identification cipher, biological characteristic and key with the judgement (step S319) of comparing of the identification cipher, biological characteristic and the key that are stored in the authenticating party in the demo plant in advance;
Comparison result inconsistent (denying) is replied to the authentication card: authentification failure (step S321);
Comparison result unanimity (being), demo plant is used processing, and replys application result (step S323) to the authentication card.
The foregoing description authentication card and Verification System are with the difference of existing user authentication card and Verification System: all identity informations are stored in the self-contained authentication card of the authenticating party interior memory 8 and third-party certificate server 30, but not are stored in the demo plant; Password input, physical characteristics collecting and the comparison thereof of all verification process, identity information carry out the identity information comparison to certificate server 30 transmissions, certificate server 30, all independently finish by the self-contained authentication card of authenticating party, what demo plant obtained is direct reliable identity information, and does not need device Card Reader, the input password by authentication and gather biological characteristic; Network 31 and certificate server 30 are as the third party, identity to authenticating party is carried out further authentication, and send identity information to demo plant by certificate server 30, improve the reliability of authentication, thereby changed the situation of having only authenticating party, authentication both sides to carry out authentication; Embodiment authenticates card and Verification System goes for the authentication of all categories application side, and then can change the situation of a kind of Verification System of a kind of application server.
The beneficial effect of the foregoing description authentication card and Verification System is: make authenticating party need not to carry out passive authentication on the device of authentication, but the authentication that can carry by authenticating party as required sticks into the autonomous authentication of row whenever and wherever possible; Effectively prevent the leakage of identity information; Improve the reliability of authentication; Eliminate the queuing phenomena of majority when the authentication of same place; With the service of authentication as a kind of specialty, need the authentication of authentication and use the reliable identity authentication service that specialty is provided to all, make authentication and application side need not to build special Verification System and identity database, make authentication and application service become more simple, reliable.
The portable multilayer password biology of the embodiment of the invention is from master authentication telephone set such as Fig. 7, shown in Figure 8.It is to be used for the authentication mobile phone that authenticating party is carried that embodiment authenticates telephone set, has autonomous authentication and telephony feature.On same authentication mobile phone, be equipped with simultaneously:
One cover mobile phone integrated circuit board 13 is connected with the authentication card; 15, cellular phone power supplies 14 of one width of cloth mobile phone microphone, 16, one assistant's earphones all are connected with the mobile phone integrated circuit board;
An authentication card is connected with the mobile phone integrated circuit board, comprising: a processor 7, be connected with each device in following all cards, and be used to handle all identity informations, data and application message; Storage stack 8, be connected with processor 7, comprise: main storage 81, be used for the biological characteristic of authentication storage side in advance, identification cipher, privacy identity informations such as ID, open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation, internal storage data calls for processor 7, with by memory read 82, be used to store open identity information and the application message that demo plant sends outside the authentication card, with reception memorizer 83, be used to store receiving system 5 from certificate server 30 and other cards, identity information and application message that device receives; At least a physical characteristics collecting device 3 is connected with processor 7, is used to gather the biological characteristic of authenticating party, and what present embodiment adopted is fingerprint collection apparatus device; An input unit 4 is connected with processor 7, is used for identification cipher, authentication number, the application message of input authentication side; One group of output device 6, be connected with processor 7, comprise: send the network output device 61 of identity information, authentication number, application message and install the direct output device 62 that directly sends identity information, application message to certificate server 30 by network 31: the wireless blue tooth output device to other; One group of received device 5, be connected with processor 7, comprise: receive the network receiving system 51 of identity information that certificate servers 30 send, application message and directly receive the direct receiving system 52 of identity information, number, application message from other devices by network 31: the wireless blue tooth receiving system; A network interface card 10, be connected with network output device 61, network receiving system 51, and be connected with processor 7 by network output device 61, network receiving system 51, be used for connection with network 31, one group of unique sign indicating number number in network 31, number are arranged in the network interface card 10, corresponding one by one with ID, identity information, authentication number and application message number are sent to certificate server 30 by network 31 by network interface card 10 and correspondence code wherein; One group interface 1, be connected with processor 7, comprise: the system program installation, identity information, the typing in advance of feature and the main interface 11 of storage, setting and modification that are used to authenticate card, be connected with other devices with being used for, carry out the information interface 12 of information exchange and processing, be connected with computer as make the authentication mobile phone by this interface; A display 2 is connected with all devices by processor 7, is used to show various information; A power supply 9 is connected with all said apparatus by processor 7, is used for to each device provisioning electric power;
One group of change over switch 17 that is installed on the input unit 4 is used for the conversion between telephony feature and the authentication function;
Input unit 4, display 2 in the foregoing description authentication mobile phone all are connected with the mobile phone integrated circuit board, are phone integrated circuit board and authentication card composite device; In the present embodiment, what phone and authentication were adopted is same wireless-transmission network, and the network interface card 10 of above-mentioned authentication card is connected with the mobile phone integrated circuit board, is mobile phone integrated circuit board and authentication card composite device.
The common embodiment of the invention authentication mobile phone of forming of said apparatus, except that telephony feature, be used for authenticating party and authenticate mobile phone, network 31, certificate server 30, provide autonomous authentication and application message to the demo plant of application server 34 and authentication by embodiment; Be used for authenticating party and authenticate mobile phone, network 31, certificate server 30, provide autonomous authentication and application message to application server 34 by embodiment; Be used for authenticating party and authenticate mobile phone, provide autonomous authentication and application message to demo plant by embodiment; Be used for authenticating party and dialing and connecting of phone controlled authentication by the authentication card in the machine.
The common embodiment of the invention authentication mobile phone of forming of said apparatus, the flow process of carrying out authentication is consistent with the identifying procedure of embodiment Verification System with the foregoing description authentication card:
Before the foregoing description authentication mobile phone enters use, by feature, number, application message and the system program of writing station 32 in advance with privacy identity information, open identity information and card sending mechanism such as the biological characteristic of authenticating party, identification cipher, ID, service department, and computing composition rule, function, relation between above-mentioned feature, write embodiment simultaneously and authenticate main storage 81 and certificate server 30 in the mobile phone.
The foregoing description authentication mobile phone is used for authenticating party by authentication mobile phone, network 31, certificate server 30, the flow process that provides autonomous authentication and application message to the demo plant of application server 34 and authentication as shown in Figure 4:
Authenticating party is by input unit 4 inputs of the foregoing description authentication mobile phone or by direct receiving system 52 Receipt Validation side's numbers, application message (step S110);
By the identification cipher of input unit 4 input authentication sides, gather biological characteristic (step S111) by physical characteristics collecting device 3;
Information, identification cipher, biological characteristic that said apparatus will be imported, receive, collects are sent to processor 7, processor 7 with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage compare (step S112) in advance in the main storage 81;
Comparison result inconsistent (denying) can show by display 2: authentification failure (step S114) in the machine;
Comparison result unanimity (being), processor 7 can be according to program stored, function, relation are synthesized identity informations such as identification cipher and biological characteristic in advance, generate new identity key, will disclose identity information simultaneously and deposit in by memory read 82 (step S113);
Send the open identity information (step S118) of authenticating party by direct output device 62 to the demo plant that is in same place, or transmit the open identity information (step S117) of authenticating party by network interface card 10, network 31, certificate server 30 by network 31 to the demo plant in strange land;
Identity informations such as identification cipher, biological characteristic, key, ID, card sending mechanism, service department's characteristic number, authentication sign indicating number number, application message are sent (step S115) by network 31 to certificate server 30 by network output device 61, network interface card 10;
Certificate server 30 receives whole identity informations, authentication number and the application message (step S116) that the authentication mobile phone is sent, according to program stored, function, relation are synthesized identity informations such as identification cipher and biological characteristic in advance, generate new identity key, with this identity key be stored in identification cipher, biological characteristic in the identity database in advance, identification cipher, biological characteristic and the key that sends with the authentication mobile phone compare (step S119);
Comparison result inconsistent (denying), certificate server 30 is replied the authentication mobile phone by network 31: authentification failure (step S121), the comparison result unanimity, application message is sent to application server 34 (step S120), after application server 34 is handled result is turned back to certificate server 30 (step S122), certificate server 30 carries out judgment processing (step S123) according to the application result of application server 34, the authentication number that certificate server 30 sends according to the authentication mobile phone is by setting identity information and the application result (step S124) of network 31 to demo plant transmission authenticating party;
The demo plant of present embodiment is the authentication mobile phone of other said structure, demo plant directly receives (step S118) by receiving system 5A in it, or receive (step S117) by network 31, demo plant network interface card 10A, (the step S115) that the foregoing description authentication mobile phone sends by its direct output device 62, or pass through network 31, network interface card 10 are transmitted the authenticating party of (step S115) by certificate server 30 open identity information;
Receive the setting identity information and the application result (step S125) of the above-mentioned authenticating party that sends by certificate server 30 by demo plant network interface card 10A and receiving system 5A, these two kinds of identity informations are compared and handle (step S126) by processor 7A, comparison result can not pass through (denying), can show authentification failure (step S127) by display, comparison result is by (being), the setting identity information that can show authenticating party by display, by, accept authentication (step S128);
Demo plant by authentication to authenticating party after (though authentication result be failure or by), reply authentication results, obtain or abandon the affirmation information (step S129) of application result to certificate server 30 by network 31;
Certificate server 30 is replied authentication result and application result according to the return information of demo plant to the authentication mobile phone, replys to application server 34 and confirms result (step S130).
The foregoing description authentication mobile phone is used for authenticating party by authentication mobile phone, network 31, certificate server 30, the flow process that provides autonomous authentication and application message to application server 34 as shown in Figure 5:
Authenticating party receives application message (step S210) by input unit 4 inputs of the foregoing description authentication mobile phone or by direct receiving system 52;
By the identification cipher of input unit 4 input authentication sides, gather biological characteristic (step S211) again by physical characteristics collecting device 3;
Information, identification cipher, biological characteristic that said apparatus will be imported, receive, collects are sent to processor 7, processor 7 with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage compare (step S212) in advance in the main storage 81;
Comparison result inconsistent (denying) can show by display 2: authentification failure (step S214) in the machine;
Comparison result unanimity (being), processor 7 meeting bases program stored, function, relation are in advance synthesized identity informations such as identification cipher and biological characteristic, generate new identity key (step S213);
Embodiment authenticates mobile phone identity informations such as identification cipher, biological characteristic, key, ID, card sending mechanism, service department's feature, number, application message is sent (step S215) by network 31 to certificate server 30 by network output device 61, network interface card 10;
Certificate server 30 receives whole identity informations, the application message (step S216) that the authentication mobile phone is sent, according to program stored, function, relation are synthesized identity informations such as identification cipher and biological characteristic in advance, generate new identity key, with this identity key be stored in identification cipher, biological characteristic in the identity database in advance, identification cipher, biological characteristic and the key that sends with the authentication mobile phone compare (step S219);
Comparison result inconsistent (denying), certificate server 30 is replied the authentication mobile phone by network 31: authentification failure (step S221), the comparison result unanimity, application message is sent to application server 34 (step S220), after application server 34 is handled result is turned back to certificate server 30 (step S222), certificate server 30 is replied application result (step S223) by network 31 to the authentication mobile phone.
The foregoing description authentication mobile phone is used for authenticating party by the authentication mobile phone, the flow process that provides autonomous authentication and application message to demo plant as shown in Figure 6:
Authenticating party receives application message (step S310) by input unit 4 inputs of the foregoing description authentication mobile phone or by direct receiving system 52;
By input unit 4 input identification ciphers, gather the biological characteristic (step S311) of authenticating party by physical characteristics collecting device 3 again;
Information, identification cipher, biological characteristic that said apparatus will be imported, receive, collects are sent to processor 7, processor 7 with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage compare (step S312) in advance in the main storage 81;
Comparison result inconsistent (denying) can show by display 2: authentification failure (step S314) in the machine;
Comparison result unanimity (being), processor 7 meeting bases program stored, function, relation are in advance synthesized identity informations such as identification cipher and biological characteristic, generate new identity key (step S313);
Embodiment authenticates mobile phone and by direct output device 62 identity information, application messages such as identification cipher, biological characteristic, key, ID, card sending mechanism, service department's feature, number is directly sent (step S315) to demo plant;
Demo plant receives whole identity informations and application message (step S316), with identification cipher, biological characteristic and key with the judgement (step S319) of comparing of the identification cipher, biological characteristic and the key that are stored in the authenticating party in the demo plant in advance;
Comparison result inconsistent (denying) is replied to the authentication mobile phone: authentification failure (step S321);
Comparison result unanimity (being), demo plant is used processing, and replys application result (step S323) to the authentication mobile phone.
The foregoing description authentication mobile phone is used for authenticating party and by the authenticate device in the machine telephone dial connection function is carried out control flow as shown in Figure 9:
The foregoing description authentication mobile phone is when telephone dial connection, pass through the identification cipher of input unit 4 input authentication sides earlier, gather biological characteristic (step S411) by physical characteristics collecting device 3, said apparatus will be imported, the identification cipher that collects, biological characteristic is sent to processor 7, processor 7 with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage compare (step S412) in advance in the main storage 81, comparison result inconsistent (denying), can show by display 2: authentification failure in the machine, dial and connect and to pass through (step S414), comparison result unanimity (being), telephone dial connection are smoothly by (step S413).
The foregoing description authentication mobile phone is with the difference of existing single mobile phone and single authentication card: on the basis of mobile phone, increased the biological autonomous authentication function of multilayer password; On the basis of authentication card, increased cell-phone function.
The identity authentication function of the foregoing description authentication mobile phone is with the difference of existing authentication: all identity informations are stored in authenticating party self-contained the authentication mobile phone and certificate server 30, but not are stored in authentication; Password input, physical characteristics collecting and the comparison thereof of all verification process, identity information send to certificate server 30, all by the self-contained authentication mobile phone of authenticating party, independently finish by device in the machine, and do not need device Card Reader, input password and gather biological characteristic by authentication; The authentication mobile phone goes for the authentication of all application services, and then changes a kind of card of a kind of authentication method of a kind of application server.
The beneficial effect of the foregoing description authentication mobile phone is: biological autonomous authentication function of multilayer password and telephony feature are merged and one, are the extensions of single mobile phone and single authentication card function, and purposes is more extensive.
The beneficial effect of the authentication function of the foregoing description authentication mobile phone is: make authenticating party need not to carry out passive authentication on the device of authentication, but the authentication mobile phone that can carry by authenticating party as required carries out autonomous authentication whenever and wherever possible; Effectively prevent the leakage of identity information; Improve the reliability of authentication.
Though the present invention by the foregoing description openly as above; but it is not in order to restriction the present invention; any professional and technical personnel still can do a little change and modification without departing from the spirit and scope of the present invention, so protection scope of the present invention is when being as the criterion with the scope that claims of the present invention were defined.

Claims (18)

1. a portable multilayer password biology is from the master authentication card, be used for authenticating party by authentication card, network, certificate server, demo plant and application server to authentication provide autonomous authentication and application message, it is characterized in that: on the master authentication card, be equipped with at a portable multilayer password biology:
A processor is connected with following each device, is used to handle all identity informations, data and application message;
Storage stack, be connected with processor, be used for the biological characteristic of authentication storage side in advance, identification cipher, privacy identity informations such as ID, open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation, internal storage data calls for processor, be used for storage demo plant outside the authentication card and send open identity information and application message, the receiving system that is used for the authentication storage card is from certificate server and other cards, identity information and application message that device receives;
At least a physical characteristics collecting device is connected with processor, is used to gather the biological characteristic of authenticating party;
An input unit is connected with processor, is used for identification cipher, authentication number, the application message of input authentication side;
One group of output device is connected with processor, comprise by network to certificate server send identity information, authentication number, application message the network output device and
Directly send the direct output device of identity information, application message to other devices;
One group of received device is connected with processor, comprise by network receive identity information that certificate server sends, application message the network receiving system and
Directly receive the direct receiving system of identity information, number, application message from other devices;
A network interface card, be connected with network output device, network receiving system, and be connected with processor by network output device, network receiving system, be used for connection with network, one group of unique sign indicating number number in network is arranged in the network interface card, corresponding one by one with ID, identity information, authentication number and application message are sent to certificate server by network interface card by network;
One group interface is connected with processor, comprise the typing in advance of the system program installation that is used to authenticate card, identity information, feature and storage, setting and modification main interface and
Be used for being connected, carry out the information interface of information exchange and processing with other devices;
A display is connected with all devices by processor, is used to show various information;
A power supply is connected with device in all cards by processor, is used for to all device provisioning electric power.
2. multilayer password biology as claimed in claim 1 is from the master authentication card, it is characterized in that authenticating party by authenticating card, network, certificate server, provides the flow process of autonomous authentication and application message to be to the demo plant and the application server of authentication:
Authenticating party is by the input of above-mentioned input unit or by direct receiving system Receipt Validation side sign indicating number number, application message, by input unit input identification cipher, gather the biological characteristic of authenticating party by the physical characteristics collecting device, to import, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the memory, comparison result is inconsistent, authentification failure in the card, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, to disclose identity information simultaneously deposits in by memory read, send by direct output device demo plant outside the authentication card that is in same place, or pass through network interface card, network, certificate server is transmitted the open identity information of authenticating party to the demo plant in strange land by network, and with identification cipher, biological characteristic, key, ID, card sending mechanism, service department's feature, identity informations such as number, the demo plant number of authentication, application message is by the network output device, network interface card is sent to certificate server by network, further authenticate by certificate server, after application server is used processing, send the setting identity information and the application result of authenticating party to the demo plant of authentication by certificate server;
The demo plant of authentication comprises other authentication card and other demo plant;
When demo plant is other authentication card, demo plant directly receives by direct receiving system, or receive the open identity information of authenticating party by network, receive the setting identity information and the application result of the above-mentioned authenticating party that sends by certificate server by network interface card and network receiving system, by the demo plant processor with the computing of comparing of these two kinds of identity informations, comparison result can not pass through, can show authentification failure by display, comparison result passes through, the setting identity information that can show authenticating party by display, demo plant is replied authentication result to certificate server, and certificate server is replied authentication card and application server again.
3. multilayer password biology as claimed in claim 1 is characterized in that from the master authentication card authenticating party by authenticating card, network, certificate server, provides the flow process of autonomous authentication and application message to be to application server:
Authenticating party receives the application message that other devices send by above-mentioned input unit input or by direct receiving system, identification cipher by input unit input authentication side, gather biological characteristic by the physical characteristics collecting device, to import, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the memory, comparison result is inconsistent, authentification failure in the card, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, and with identification cipher, biological characteristic, key, ID, card sending mechanism, service department's feature, identity informations such as number, application message is by the network output device, network interface card is sent to certificate server by network, further authenticate by certificate server, after application server is used processing, reply application result by certificate server to the authentication card again.
4. multilayer password biology as claimed in claim 1 is characterized in that from the master authentication card authenticating party passes through the authentication card, provides the flow process of autonomous authentication and application message to be to demo plant:
Authenticating party is by the input of above-mentioned input unit or authentication number and application message by direct receiving system Receipt Validation device transmission, by input unit input identification cipher, gather the biological characteristic of authenticating party by the physical characteristics collecting device, to import, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the memory, comparison result is inconsistent, authentification failure in the card, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, and with identification cipher, biological characteristic, key, ID, card sending mechanism, service department's feature, identity informations such as number, application message sends to demo plant by the direct output device of authentication card, authenticate by demo plant, and after using processing, reply application result by demo plant to the authentication card again.
5. multilayer password biology as claimed in claim 1 is characterized in that from the master authentication card physical characteristics collecting device is the fingerprint harvester, and directly output device is wireless output device, and directly receiving system is a radio receiver, and network interface card is a wireless network card.
6. the biological autonomous Verification System of a multilayer password, be used for authenticating party by authentication card, network, certificate server, demo plant, application server to authentication provide autonomous authentication and application message, be used for authenticating party by authentication card, network, certificate server, provide autonomous authentication and application message to application server, it is characterized in that said system comprises:
A portable multilayer password biology is from the master authentication card, and the network interface card by in blocking is connected with certificate server with network, and the authentication card comprises a processor, is connected with device in all cards, is used to handle all identity informations, data and application message; Storage stack, be connected with processor, be used for the biological characteristic of authentication storage side in advance, identification cipher, privacy identity informations such as ID, open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation, internal storage data calls for processor, be used to store open identity information and the application message that demo plant sends outside the authentication card, the receiving system that is used for the authentication storage card is from certificate server and other cards, identity information and application message that device receives; At least a physical characteristics collecting device is connected with processor, is used to gather the biological characteristic of authenticating party; An input unit is connected with processor, is used for identification cipher, authentication number, the application message of input authentication side; One group of output device is connected with processor, comprises by network sending the network output device of identity information, authentication number, application message and installing the direct output device that directly sends identity information, application message to other to certificate server; One group of received device is connected with processor, comprises by network receiving the network receiving system of identity information that certificate server sends, application message and directly receiving the direct receiving system of identity information, number, application message from other devices; A network interface card, be connected with network output device, network receiving system, and be connected with processor by network output device, network receiving system, be used for connection with network, one group of unique sign indicating number number in network is arranged in the network interface card, corresponding one by one with ID, identity information, authentication number and application message are sent to certificate server by network interface card by network; One group interface, be connected with processor, comprise the system program installation, identity information, password, the typing in advance of feature and the main interface of storage, setting and modification that are used to authenticate card, be connected with other devices, carry out the information interface of information exchange and processing with being used for; A display is connected with all devices by processor, is used to show various information; A power supply is connected with device in all cards by processor, is used for to all device provisioning electric power;
A certificate server, by network and access code, sign indicating number number with authentication card, application server, demo plant, writing station is connected in advance, include Verification System and identity database, store feature, number, application message and the system program of the privacy identity informations such as biological characteristic, identification cipher, ID of authenticating party, open identity information and card sending mechanism, service department in advance, and computing composition rule, function, relation between above-mentioned feature;
A writing station in advance, be connected with certificate server by network, be connected with the authentication card by the interface on the authentication card, be used for to the authentication card, certificate server writes the biological characteristic of authenticating party, identification cipher, privacy identity informations such as ID, open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation, be used for above-mentioned information, the reparation of data and modification, under other situation, writing station only writes the system program that authentication blocks in advance at authentication card and certificate server in advance, application message, the card sending mechanism feature, card number information, data, the biological characteristic of authenticating party, identification cipher, privacy identity informations such as ID, open identity information, information such as service department's feature, data are blocked one-time write by authenticating party by authentication;
A transmission network, with the authentication card, certificate server, application server, writing station, demo plant are connected in advance, be used to authenticate between card and the certificate server, information, data between certificate server and the demo plant, between certificate server and the application server transmit, network all is assigned different access codes unique in network number, number for certificate server, every authentication card, each application server, each demo plant;
A demo plant, be connected with certificate server with access code by network, be used to receive the identity information and the application message of certificate server and the transmission of authentication card, demo plant comprises other authentication card, can receive identity information, application message that certificate server and authentication card send simultaneously, be used to confirm the identity and the application message of authenticating party, other demo plants can receive identity information and application message that certificate server and authentication card send;
One group of application server connects with certificate server by network, stores the application data and the application message of authenticating party.
7. the biological autonomous Verification System of multilayer password as claimed in claim 6 is characterized in that authenticating party by authenticating card, network, certificate server, provides the flow process of autonomous authentication and application message to be to the demo plant of application server and authentication:
Authenticating party is by input unit input in the card or by direct receiving system Receipt Validation side number, application message, identification cipher by input unit input authentication side, gather biological characteristic by the physical characteristics collecting device, to import, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the memory, comparison result is inconsistent, authentification failure in the card, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, to disclose identity information simultaneously deposits in by memory read, send by direct output device demo plant outside the authentication card that is in same place, or pass through network interface card, network, certificate server is transmitted the open identity information of authenticating party by network to the demo plant in strange land, and with identification cipher, biological characteristic, key, ID, card sending mechanism, service department's feature, identity informations such as number, the authentication number, application message is by the network output device, network interface card is sent to certificate server by network;
Certificate server receives the identity information that the authentication card is sent, after authentication number and the application message, according to program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, with this identity key be stored in identification cipher in the identity database in advance, biological characteristic, identification cipher with the transmission of authentication card, biological characteristic and key are compared, comparison result is inconsistent, certificate server is replied authentication card authentification failure by network and access code, the comparison result unanimity, application message is sent to application server, after the application server processes result is turned back to certificate server, the authentication number that certificate server is sent according to the authentication card is by setting identity information and the application result of network to demo plant transmission authenticating party;
The demo plant of authentication comprises other authentication card and other demo plant;
When demo plant is other authentication card, demo plant directly receives by direct receiving system, or receive the open identity information of authenticating party by network, receive the setting identity information and the application result of the above-mentioned authenticating party that sends by certificate server by network interface card and network receiving system, by processor with the computing of comparing of these two kinds of identity informations, comparison result can not pass through, can show authentification failure by display, comparison result passes through, and can show the setting identity information of authenticating party by display;
Demo plant is replied authentication result by network to certificate server by after the authentication to authenticating party, obtains or abandon the affirmation information of application result;
Certificate server is replied authentication result and application result according to the return information of authentication to the authentication card, replys to application server and confirms the result.
8. the biological autonomous Verification System of multilayer password as claimed in claim 6 is characterized in that authenticating party by authenticating card, network, certificate server, provides the flow process of autonomous authentication and application message to be to application server:
Authenticating party receives the application message that other devices send by input unit input in blocking or by direct receiving system, identification cipher by input unit input authentication side, gather biological characteristic by the physical characteristics collecting device, to import, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the memory, comparison result is inconsistent, authentification failure in the card, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, and with identification cipher, biological characteristic, key, ID, card sending mechanism, service department's feature, identity informations such as number, application message is by the network output device, network interface card is sent to certificate server by network;
After certificate server receives the identity information and application message that authentication card sends, according to program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, with this key be stored in identification cipher in the identity database in advance, biological characteristic, identification cipher with the transmission of authentication card, biological characteristic and key are compared, comparison result is inconsistent, certificate server is replied authentication card authentification failure by network and access code, the comparison result unanimity, application message is sent to application server, after the application server processes result is turned back to certificate server, certificate server is replied application result by network to the authentication card.
9. the biological autonomous Verification System of multilayer password as claimed in claim 6 is characterized in that network is a mobile radio network.
10. the biological autonomous authentication method of a multilayer password, be used for authenticating party by the authentication card, network, certificate server, demo plant to application server and authentication provides autonomous authentication and application message, be used for authenticating party by the authentication card, network, certificate server, provide autonomous authentication and application message to application server, be used for authenticating party by the authentication card, provide autonomous authentication and application message to demo plant, wherein above-mentioned authentication card is by the processor that is installed in the card, memory, the physical characteristics collecting device, input unit, output device, receiving system, network interface card, information interface, display, power supply is formed, and by the authentication card, certificate server, application server, demo plant, writing station is connected to form Verification System by network in advance, and said method comprises the following steps:
1. above-mentioned writing station in advance is with feature, number, application message and the system program of privacy identity informations such as the biological characteristic of authenticating party, identification cipher, ID, open identity information and card sending mechanism, service department, and computing composition rule, function, relation between above-mentioned feature write the memory and the certificate server of authentication card; Under other situation, writing station only writes system program, application message, card sending mechanism feature, card number information, the data that authentication blocks in advance at authentication card and certificate server in advance, and information, data such as privacy identity informations such as the biological characteristic of authenticating party, identification cipher, ID, open identity information, service department's feature are write to card built-in storage and certificate server identity database by the authentication card is disposable by authenticating party;
2. above-mentioned authenticating party is by the input of the input unit in it or by direct receiving system Receipt Validation side's number and application message, identification cipher by input unit input authentication side, gather biological characteristic by the physical characteristics collecting device, and with the identification cipher that obtains, biological characteristic is with the identification cipher and the biological characteristic comparison of storage in advance in the card built-in storage, block interior authentication, compare inconsistent, authentification failure in the card, comparison is consistent, the card inner treater is by the computing composition rule between above-mentioned feature, function, relation generates new identity key, demo plant outside card sends by direct output device or network will to disclose identity information simultaneously, with identification cipher, biological characteristic, key, authentication sign indicating number number, application message, ID, card sending mechanism, service department's feature, identity informations such as number are by the network output device, network interface card is sent to certificate server by network;
3. above-mentioned certificate server receives the identity information that the authentication card is sent, after authentication number and the application message, according to program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, with this key be stored in identification cipher in the identity database in advance, biological characteristic, identification cipher with the transmission of authentication card, biological characteristic and key are compared, comparison result is inconsistent, certificate server is replied authentication card authentification failure by network, the comparison result unanimity, application message is sent to application server, after the application server processes application result is turned back to certificate server, the authentication number that certificate server is sent according to the authentication card is by setting identity information and the application result of network to the demo plant transmission authenticating party of authentication;
4. the demo plant of above-mentioned authentication comprises authentication card and other demo plant of other said structure; When demo plant is the authentication card of other said structure, demo plant directly receives by direct receiving system in it, or receive the open identity information of authenticating party by network, receive the setting identity information and the application result of the authenticating party that sends by certificate server by network interface card and network receiving system, by processor with the computing of comparing of these two kinds of identity informations, comparison result can not pass through, can show authentification failure by display, comparison result passes through, and can show the setting identity information of authenticating party by display; Demo plant is replied authentication result by network to certificate server by after the authentication to authenticating party, obtains or abandon application result; Certificate server is replied authentication result and application result according to the return information of authentication demo plant to the authentication card, replys to application server and confirms the result.
11. the biological autonomous authentication method of multilayer password as claimed in claim 10, it is characterized in that authenticating party is by authenticating card, network, certificate server, when application server provides autonomous authentication and application message, in 2. step the goes on foot, do not import or Receipt Validation side's number not; In 3. step the goes on foot, after the application server processes application result is turned back to certificate server, certificate server is replied application result by network to the authentication card.
12. the biological autonomous authentication method of multilayer password as claimed in claim 10, it is characterized in that authenticating party passes through the authentication card, when demo plant provides autonomous authentication and application message, in 2. step the goes on foot, after authenticating in the card, do not send information to certificate server, but with identification cipher, biological characteristic, key, authentication sign indicating number number, application message, ID, card sending mechanism, identity informations such as service department's characteristic number, or above-mentioned part identity information directly sends to demo plant, authenticate by demo plant, after using processing, directly reply application result to the authentication card by demo plant.
13. a multilayer password biology is from the master authentication telephone set, except that telephony feature, be used for authenticating party by the authentication telephone set, network, certificate server, demo plant to application server and authentication provides autonomous authentication and application message, be used for authenticating party by the authentication telephone set, network, certificate server, provide autonomous authentication and application message to application server, be used for authenticating party by the authentication telephone set, provide autonomous authentication and application message to demo plant, being used for authenticating party controls telephony feature by the authentication card in the machine, it is characterized in that: on same authentication telephone set, be equipped with simultaneously:
One cover phone integrated circuit board is connected with the authentication card; One width of cloth microphone, a set of headphones, a block power supply all is connected with the phone integrated circuit board;
An authentication card is connected with the phone integrated circuit board, comprises a processor, is connected with device in all cards, is used to handle all identity informations, data and application message; Storage stack, be connected with processor, be used for the biological characteristic of authentication storage side in advance, identification cipher, privacy identity informations such as ID, open identity information and card sending mechanism, the feature of service department, number, application message and system program, and the computing composition rule between above-mentioned feature, function, relation, internal storage data calls for processor, be used to store open identity information and the application message that demo plant sends outside the authentication card, the receiving system that is used for the authentication storage card is from certificate server and other cards, identity information and application message that device receives; At least a physical characteristics collecting device is connected with processor, is used to gather the biological characteristic of authenticating party; An input unit is connected with processor, is used for identification cipher, authentication number, the application message of input authentication side; One group of output device is connected with processor, comprises by network sending the network output device of identity information, authentication number, application message and installing the direct output device that directly sends identity information, application message to other to certificate server; One group of received device is connected with processor, comprises by network receiving the network receiving system of identity information that certificate server sends, application message and directly receiving the direct receiving system of identity information, number, application message from other devices; A network interface card, be connected with network output device, network receiving system, and be connected with processor by network output device, network receiving system, be used for connection with network, one group of unique sign indicating number number in network is arranged in the network interface card, corresponding one by one with ID, identity information, authentication number and application message are sent to certificate server by network interface card by network; One group interface, be connected with processor, comprise the system program installation, identity information, password, the typing in advance of feature and the main interface of storage, setting and modification that are used to authenticate card, be connected with other devices, carry out the information interface of information exchange and processing with being used for; A display is connected with all devices by processor, is used to show various information; A power supply is connected with device in all cards by processor, is used for to all device provisioning electric power;
One group of change over switch that is installed on the input unit is used for the conversion between telephony feature and the authentication function;
Above-mentioned input unit, display all are connected with the phone integrated circuit board, are phone integrated circuit board and authentication card composite device; For other situation, above-mentioned network interface card is connected with the phone integrated circuit board, is phone integrated circuit board and authentication card composite device.
14. multilayer password biology as claimed in claim 13 is from the master authentication telephone set, it is characterized in that authenticating party by authenticating telephone set, network, certificate server, provide the flow process of autonomous authentication and application message to be to the demo plant of application server and authentication:
Authenticating party is by input unit input in the machine or by direct receiving system Receipt Validation side number, application message, identification cipher by input unit input authentication side, gather biological characteristic by the physical characteristics collecting device, to import, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the password and the biological characteristic of storage are compared in advance in the memory, comparison result is inconsistent, authentification failure in the machine, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, to disclose identity information simultaneously deposits in by memory read, send by direct output device demo plant outside the machine that is in same place, or pass through network interface card, network, certificate server is transmitted the open identity information of authenticating party to the demo plant in strange land by network, and with identification cipher, biological characteristic, key, ID, card sending mechanism, service department's feature, identity informations such as number, the authentication number, application message is by the network output device, network interface card is sent to certificate server by network, further authenticate by certificate server, after application server is used processing, send the setting identity information and the application result of authenticating party to the demo plant of authentication by certificate server;
The demo plant of authentication comprises other authentication telephone set and other demo plant;
When demo plant is other authentication telephone set, demo plant directly receives by direct receiving system in it, or receive the open identity information of authenticating party by network, receive the setting identity information and the application result of the above-mentioned authenticating party that sends by certificate server by network interface card and network receiving system, by the demo plant processor with the computing of comparing of these two kinds of identity informations, comparison result can not pass through, can show authentification failure by display, comparison result passes through, the setting identity information that can show authenticating party by display, demo plant is replied authentication result to certificate server, and certificate server is replied authentication telephone set and application server again.
15. multilayer password biology as claimed in claim 13, is characterized in that authenticating party from the master authentication telephone set by authenticating telephone set, network, certificate server, carries out self-authentication and use the flow process of handling to application server being:
Authenticating party receives the application message that other devices send by above-mentioned input unit input or by direct receiving system, identification cipher by input unit input authentication side, gather biological characteristic by the physical characteristics collecting device, to import, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the memory, comparison result is inconsistent, authentification failure in the machine, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, and with identification cipher, biological characteristic, key, ID, card sending mechanism, service department's feature, identity informations such as number, application message is by the network output device, network interface card is sent to certificate server by network, further authenticate by certificate server, after application server is used processing, reply application result by certificate server to the authentication telephone set again.
16. multilayer password biology as claimed in claim 13, is characterized in that authenticating party by authenticating telephone set, provides the flow process of autonomous authentication and application message to be to demo plant from the master authentication telephone set:
Authentication number and application message that authenticating party passes through the interior input unit input of machine or sends by direct receiving system Receipt Validation device, by input unit input identification cipher, gather the biological characteristic of authenticating party by the physical characteristics collecting device, to import, receive, the information that collects, identification cipher, biological characteristic is sent to processor, processor with the identification cipher of the authenticating party that obtains and biological characteristic with the identification cipher and the biological characteristic of storage are compared in advance in the memory, comparison result is inconsistent, authentification failure in the machine, the comparison result unanimity, processor meeting basis is program stored in advance, function, relation is synthesized identity informations such as identification cipher and biological characteristic, generate new identity key, and with identification cipher, biological characteristic, key, ID, card sending mechanism, service department's feature, identity informations such as number, application message sends to demo plant by the direct output device of authentication telephone set, authenticate by demo plant, and after using processing, reply application result by demo plant to the authentication telephone set again.
17. multilayer password biology as claimed in claim 13, is characterized in that the flow process that authenticating party is controlled telephony feature by the authentication card in the machine is from the master authentication telephone set:
The authentication telephone set is carrying out phone, information is dialed and connected with telephony feature and is selected, during setting, authenticating party needs earlier by input unit input identification cipher in the machine, gather biological characteristic by the physical characteristics collecting device, to import, the identification cipher that collects, biological characteristic is sent to processor, processor is compared the identification cipher and the biological characteristic that obtain with identification cipher and the biological characteristic stored in advance in the memory, comparison result is inconsistent, authentification failure in the machine, dial and connect, function selecting, setting can not be passed through, the comparison result unanimity is dialed and connected, function selecting, set and pass through smoothly.
18. multilayer password biology according to claim 13 is from the master authentication telephone set, it is characterized in that: the phone integrated circuit board of installing on same authentication telephone set is the phone integrated circuit board of wireless mobile phone, microphone, earphone are microphone, the earphone of wireless mobile phone, and network interface card is the network interface card of mobile radio network.
CNB2005100426683A 2005-05-16 2005-05-16 Self-determined authentication card with multiplayer ciphers, system, method and authentication telephone set Expired - Fee Related CN1322703C (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CNB2005100426683A CN1322703C (en) 2005-05-16 2005-05-16 Self-determined authentication card with multiplayer ciphers, system, method and authentication telephone set
PCT/CN2006/000951 WO2006122484A1 (en) 2005-05-16 2006-05-12 Autonomous authentication card with multilayer ciphers, system, method and authentication telephone set thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB2005100426683A CN1322703C (en) 2005-05-16 2005-05-16 Self-determined authentication card with multiplayer ciphers, system, method and authentication telephone set

Publications (2)

Publication Number Publication Date
CN1696966A CN1696966A (en) 2005-11-16
CN1322703C true CN1322703C (en) 2007-06-20

Family

ID=35349683

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2005100426683A Expired - Fee Related CN1322703C (en) 2005-05-16 2005-05-16 Self-determined authentication card with multiplayer ciphers, system, method and authentication telephone set

Country Status (2)

Country Link
CN (1) CN1322703C (en)
WO (1) WO2006122484A1 (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101101687B (en) 2006-07-05 2010-09-01 山谷科技有限责任公司 Method, apparatus, server and system using biological character for identity authentication
CN101296080B (en) * 2007-04-29 2013-03-13 晨星半导体股份有限公司 Authorized consumer affirmation method and related device thereof
CN101141534B (en) * 2007-10-08 2010-12-15 刘小鹏 Combining network address coding system and method
CN101217372B (en) * 2008-01-02 2011-06-15 刘小鹏 An identification mutual authentication system and method integrated net addresses
CN102044099B (en) * 2009-10-21 2013-03-20 张小鹏 Universal identity representation and operation control system
WO2016018028A1 (en) * 2014-07-31 2016-02-04 Samsung Electronics Co., Ltd. Device and method of setting or removing security on content
CN104506315A (en) * 2014-08-28 2015-04-08 金硕澳门离岸商业服务有限公司 Method, equipment and system for biometric authentication
CN111833503A (en) * 2020-07-16 2020-10-27 中国建设银行股份有限公司 Safe management method and device for vault, electronic equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1202288A (en) * 1995-09-15 1998-12-16 文件证实系统公司 Document authentication system and method
CN1272188A (en) * 1998-05-21 2000-11-01 保仓丰 Authentication card system
CN1321036A (en) * 2000-03-28 2001-11-07 日本电气株式会社 Personal verifying method using portable phone
CN1403941A (en) * 2001-09-03 2003-03-19 王柏东 Safety confirming method combining cipher and biological recognition technology
CN1588850A (en) * 2004-06-30 2005-03-02 大唐微电子技术有限公司 Network identifying method and system
CN1588388A (en) * 2004-07-27 2005-03-02 杭州中正生物认证技术有限公司 Cell phone paying method with finger print identification

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100486062B1 (en) * 1997-05-09 2005-04-29 지티이 서비스 코포레이션 Biometric certificates
CN1329418A (en) * 2001-07-24 2002-01-02 巨龙信息技术有限责任公司 Method for authenticating network user identity and method for overcoming user password loophole in Kerberous authentication system
CN1403942A (en) * 2001-09-03 2003-03-19 王柏东 Biological specificity confirming equipment based on network

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1202288A (en) * 1995-09-15 1998-12-16 文件证实系统公司 Document authentication system and method
CN1272188A (en) * 1998-05-21 2000-11-01 保仓丰 Authentication card system
CN1321036A (en) * 2000-03-28 2001-11-07 日本电气株式会社 Personal verifying method using portable phone
CN1403941A (en) * 2001-09-03 2003-03-19 王柏东 Safety confirming method combining cipher and biological recognition technology
CN1588850A (en) * 2004-06-30 2005-03-02 大唐微电子技术有限公司 Network identifying method and system
CN1588388A (en) * 2004-07-27 2005-03-02 杭州中正生物认证技术有限公司 Cell phone paying method with finger print identification

Also Published As

Publication number Publication date
CN1696966A (en) 2005-11-16
WO2006122484A1 (en) 2006-11-23

Similar Documents

Publication Publication Date Title
CN1322703C (en) Self-determined authentication card with multiplayer ciphers, system, method and authentication telephone set
US20080148059A1 (en) Universal, Biometric, Self-Authenticating Identity Computer Having Multiple Communication Ports
US8782426B2 (en) Security for a personal communication device
CN105164689B (en) Customer certification system and method
JP4352312B2 (en) Information processing apparatus and method, program, and recording medium
CN101321069A (en) Mobile phone biological identity certification production and authentication method, and its authentication system
US20050138394A1 (en) Biometric access control using a mobile telephone terminal
GB2517775A (en) Apparatus and methods for identity verification
AU3259101A (en) Method and device for identification and authentication
CN102523213A (en) Server and terminal authenticating method and server and terminal
MX2008010786A (en) A method and apparatus for a token.
EP2102778A1 (en) Method and arrangement for secure user authentication based on a biometric data detection device
CN101330386A (en) Authentication system based on biological characteristics and identification authentication method thereof
JP5095672B2 (en) Fingerprint authentication method for human body communication
US20130179944A1 (en) Personal area network (PAN) ID-authenticating systems, apparatus, method
JP3258632B2 (en) Fingerprint authentication device
CN110297922A (en) Information processing method, device, electronic equipment and computer readable storage medium
CN106992956A (en) A kind of methods, devices and systems for realizing inter-device authentication
CN101765998A (en) Using an authentication ticket to initialize a computer
CN107395634A (en) A kind of wearable device without password authentication method
CN107133500A (en) The encryption method and mobile terminal of a kind of application program
Hwang et al. Design of portable biometric authenticators-energy, performance, and security tradeoffs
JP2002189702A (en) Individual authentication information output device
KR20010110084A (en) Mobile banking method using fingerprint recognition of a mobile terminal
CN101443722A (en) Wireless telecommunication device with output control function and transaction authentication system using the same

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
DD01 Delivery of document by public notice

Addressee: Liu Xiaopeng

Document name: Notification to Pay the Fees

DD01 Delivery of document by public notice

Addressee: Liu Xiaopeng

Document name: Notification of Termination of Patent Right

CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20070620

Termination date: 20150516

EXPY Termination of patent right or utility model