KR20030012196A - Method of user authentication based on the web using biometrics technology and thereof system - Google Patents

Abstract

PURPOSE: A method and a system for the web based user certification using a biometric recognition technology are provided to realize the user certification method without the danger from missing and robbery of a password by replacing the user text password with a biometric characteristic such as a voice password, a face and a fingerprint. CONSTITUTION: The system comprises a client(500) consisting of a certification performer automatically installed from a certification server when a web browser connects to a web server at the first time, and a terminal or other client(410,510) connecting to a voice communication network if the client(500) can't input the voice or the voice distortion due to the surrounding noises is great. The certification performer(500) performs various kinds of biometric characteristic certifications such as the voice, the fingerprint and the face. The certification server comprises a biometric protocol processor(600) processing the data transmission/reception by the biometric certification protocol, a database(700) managing a voice model of a user, a voice communication network client connector(800) performing the certification process through a voice communication network terminal, and a voice communication network certification performer(900).

Description

Web-based user authentication using biometric technology and its system {METHOD OF USER AUTHENTICATION BASED ON THE WEB USING BIOMETRICS TECHNOLOGY AND THEREOF SYSTEM}

The present invention relates to a method and system for authenticating a user when a user accesses a web document through the Internet. More particularly, the present invention relates to an authentication process in an existing web server using an HTTP method, which has become a standard of the current Internet access method. The present invention relates to a user authentication method and system of a client / server structure applying speaker recognition technology through voice in order to satisfy reliability, mobility, and convenience.

Prior art Publication No. 2000-0072758, entitled 'Client Program with User-Defined Environment, Logins to Security Server and Directly Accesses Desired Web Documents through Secured Path with One Click Without Logging In to Multiple Web Service Servers Security service system,

By using the secure client / server program, the login procedure for accessing multiple web service servers is reduced to one time. It allows users to directly access desired web documents without logging in to multiple web service servers. It is a security client program that enables user to define menu as user-defined connection environment. In more detail, it defines user environment and direct connection and connects directly to the desired web service server without login procedure. Bok, the encryptor. There is a user-defined browser, and when a user first connects to the server for user authentication using the client program for the first time, the server induces the user to join the public server and before the user enters personal information, Delivers the duplicates created by the encryptor generator. When the user sends the user's personal information, the copy and the encryption unit encrypts the information and transmits the encrypted information to the security server together with the serial number generated by the decryption and the encryptor. It finds the encryptor, interprets the user information, saves the user login information and user-defined connection environment in the server, replaces the web service server URL for the user-defined connection environment with the index number, and then directly connects the index number to the client's user-defined direct connection. By using this menu, the user can use the web service to login and necessary information destinations with one click. When the above menu is pressed, the client program creates a custom connection environment URL index number and copy and encryptor on the security server. When the service request is made to the server by encrypting the serial number, the security server accepts and interprets the request, changes the URL index to the actual URL, and sends the URL request information that requires login to the client program. The client deletes the copy and the encryptor after all the use is finished and the user exits the client program. The copy and the encryptor return the client's IP address to the security server. Here, the copy / encryptor returns the client's IP address to the security server every time it is copied or moved, reducing the risk of hacking the average change algorithm of the copy / encryptor and identifying the location of the cracker.

The web-based system, that is, a client accessing a specific web document through the Internet to a web server, is accessed through a web browser.

The web server includes a database that stores user information of the client, a web document, and an HTTP daemon that handles client access. The HTTP daemon handles HTTP, an application protocol based on the TCP / IP network protocol.

The client generally consists of simply a web browser. The web browser interprets the web document in HTML or XML form from the HTTP daemon of the web service server and displays it to the user. The web browser also works based on HTTP.

1 is a flowchart illustrating a conventional authentication method, and FIG. 2 illustrates a structure of a web server and a client as described above. As shown, the first client accessing the web server goes through the user information registration process web document, at which time the user typically provides a unique ID and password.

The ID and text password are stored in the database of the web server, and when the registered user accesses the web server again, the registered user inputs and transmits the registered ID and text password, and the web server searches for the received ID and text password in the database. By comparing, the user is authenticated.

However, the web-based user authentication process that is processed between the web server and the client has problems such as lost and stolen text passwords, restriction of text password input means, limitation of client portability and mobility, and inconvenience of user authentication process. There is this.

The text cipher system places a burden on the user to memorize the pre-registered text cipher. Also, the registered password is likely to be composed of strings that can be easily inferred due to the burden of memorization. Especially, when accessing a web document stored in different web servers, the registered password goes through several registration processes. There are a lot of cases to register.

The use of a certificate for supplementing the vulnerability of the character password as described above has a problem of restricting the portability and mobility of the client since the issued certificate is installed in the client.

Recently, due to the development of mobile communication, web document access is not limited to personal computers used in fixed places. Therefore, when accessing a web document from a client such as a mobile phone or a PDA, the character encryption method causes inconvenience due to the limitation of the input means that it is difficult to input various character strings.

As a solution to the weaknesses and problems of the existing character password authentication method, a client / server structure that can access a desired web document through a single registration procedure and authentication process has been proposed. It does not solve the problem, nor does the portable client.

In order to solve the above problems, the present invention, by replacing the user's character password with biometric features such as voice password, face, fingerprint, etc. to implement a user authentication method without the risk of loss or theft of the character password There is a purpose.

Another object of the present invention is to allow a user to receive a voice using a conventional voice communication network terminal without receiving a voice directly from a client managing a voice password of a user in an authentication server separate from a web server.

1 is a flowchart illustrating a conventional authentication method.

2 shows a conventional authentication system.

3 is a flowchart showing an authentication method in the present invention.

4 is a flowchart illustrating an authentication method when a voice input is available to a client in the present invention.

5 is a flowchart illustrating an authentication process using a voice communication terminal in the present invention.

Figure 6 illustrates a process for performing authentication using other biometric features other than voice in the present invention.

7 illustrates a system that constitutes the present invention.

According to an aspect of the present invention, there is provided a method of authenticating a user using voice, text, and biometric features when accessing a specific web document based on the web, comprising: executing a web browser on a client; Entering a URL of a web document to be accessed from a web browser, if a user authentication is required in the web document, executing an authenticator installed on the client, and if the authenticator is not installed, authenticating the authenticator from the authentication server. Inducing to download and install the automatic installation, the step of checking whether or not the client can perform the voice input, and if it is determined that the voice input is impossible because there is no voice input device or the ambient noise is too severe, Checking whether the voice communication terminal can be used; If it is impossible to use the terminal, checking whether other bio-features, such as a face or a fingerprint, can be used; and using the voice performer, using a voice communication terminal, or using a bio-feature, authentication is performed. And accessing a web document if successful.

Hereinafter, exemplary embodiments of the present invention will be described with reference to the accompanying drawings.

3 shows an authentication method in the present invention. As shown, step (A10) of running a web browser on the client, step (A20) of inputting a URL of a web document to be accessed from the web browser, and authentication required to be installed in the client if the web document requires user authentication. Executing the executor (A30) and, if the executor is not installed, instructing the executor to download the executor from the authentication server and automatically installing the executor; (A40), if it is determined that there is no voice input device or the ambient noise is so severe that voice input is impossible, checking whether the voice communication terminal can be used (A50), and the use of the voice communication terminal is impossible. (A80) checking whether or not other bio features such as a face or a fingerprint can be used; If the authentication is successful, using a voice communication terminal, or using a biometric feature, accessing the web document is performed (A110).

4 is a flowchart illustrating an authentication method when a voice input is available to the client. As shown, step (B10) of inputting a voice or text ID, and checking whether it is a registered ID by transmitting the input ID to the authentication server (B30), and, in the case of a registered ID, an encryption key from the server. And receiving a voice model (B50), receiving a user's voice password, and performing a comparison operation between the voice model and the voice password using a speaker recognition algorithm (B60), and the registered voice as a result of the comparison. If the password is matched, the web server and the authentication server transmit a result, and the web server transmits the requested web document (B80), and if it is determined that it is not a registered voice password, induces a retry (B70). )

The voice ID is made possible by recognizing unique words using voice recognition technology.

If a result of an ID not registered by the BAP (BIOMETRIC AUTHENTIACTION PROTOCOL) is returned from the server, the result is transmitted back to the web server so that the user can register a new one.

If it is determined that the voice password is not registered above and induces a retry (B70), when the user retries, the number is less than three times, and if it is determined that the voice password is not registered even after three or more attempts, authentication is performed. The failure result is transmitted to the web server and the authentication server, respectively (B90).

The web server receiving the authentication result from the client's authentication executor executes an information encryption and decryption process to increase the reliability of the authentication result. In this process, the client initially receives the encryption key from the authentication server, and encrypts and transmits the data to the web server. The web server further decrypts the authentication result from the client by requesting a decryption key from the authentication server. Include.

The decryption key transmission and reception between the web server and the authentication server is unique to the client's IP, authentication time, and ID.

5, a process of performing authentication processing using a voice communication terminal when voice cannot be received from a client is shown. As shown, the authentication performer of the client requests the authentication server to authenticate the voice communication terminal by the BAP, and sends a call from the authentication server to the voice communication terminal of the user registered through the voice communication network client connector ( C10), and after the user hears the voice password request from the authentication server through the voice communication terminal, inputting a voice password according to the guidance (C20), and comparing the input voice password with the registered voice model. (C30), a step of checking whether it is a registered ID (C40), a step of checking whether a voice password for the ID is correct if it is a registered ID (C60), and if it is a registered voice password, transmitting the authentication success result to the client Step C80 is made.

If it is determined that the ID is not registered in the above, the authentication failure result is transmitted to the client (C50).

If it is determined that the voice password is not registered in the above, retry (C70). If it is determined that the voice password is not registered even after retrying for a predetermined number of times, the authentication failure result is transmitted to the client (C90).

The authentication result compared with the above is transmitted together with the encryption key, and the result is encrypted by the client and transmitted to the web server, and the web server requests the decryption key from the authentication server through information such as the client's IP, authentication time, and ID. Then, the authentication result received from the client is decrypted using the received decryption key.

If the authentication result is successful, send the requested web document, and if it fails, encourage new registration or take other necessary measures.

As described above, when the voice is input from the client or the voice cannot be input through the voice communication terminal, authentication may be performed using other biometric features other than voice.

6 illustrates a process of performing authentication using other biometric features other than voice as above. As shown in the drawing, a step (D10) of inputting a biometric characteristic other than voice and a step (D20) of inputting a text ID are included. From the step of checking whether the input text ID is registered (D30 ~ D90) It is the same as the method for authenticating using the above voice.

In the above process of performing authentication using a biometric feature, when the client is equipped with a sensor for face recognition and fingerprint recognition, the authentication executor performs authentication through the same process as authentication via voice through an appropriate algorithm.

At this time, the communication with the authentication server is performed by the BAP in the same manner as the process using the voice, and is received in real time by receiving a biometric feature model, such as a face, fingerprint registered in the biometric specific database.

In particular, the authentication method using the biometric feature may be additionally performed to increase the reliability and accuracy of the authentication process using voice.

The BAP is an application protocol of an application layer operating based on TCP / IP, and is largely composed of a command link and a data link, and has a structure similar to an FPT for file transmission and reception.

The command link is a link for transmitting / receiving commands for transmitting various authentications and authentication results, and maintains a continuous connection while the authentication performer is executed to prevent the user from undergoing reauthentication once authentication is successful.

In addition, the voice can detect the change of the user's voice through the voice browser, the face recognition can detect the change of the face through the camera, and the fingerprint also detects the change when using a fingerprint recognition mouse, etc. Do it.

As described above, by periodically detecting the change in the biometric characteristics, the same user can recognize that the same user is accessing the web server, and does not require the authentication procedure when the user requires access to another web document.

The data link is created only when transmission and reception of various biometric features and transmission of encryption and decryption keys are needed, and then terminated.

FIG. 7 relates to a system constituting the present invention. As shown in FIG. 7, a client 500 including an authentication executor which is automatically installed from an authentication server when a web browser and a web server are first accessed, and a client have a voice input It is composed of a terminal or other clients 410 and 510 that can be connected to a voice communication network that can be used when it is determined that voice distortion is severe because of impossible or severe ambient noise.

The web browser 400 is the same as the general web browser used in the existing client, and interprets the HTML or XML web document received from the HTTP daemon 300 of the web service server and shows it to the user. It works based on

The authentication executor 500 is a part for various biometric characteristic authentication such as a fingerprint, a face, etc. including voice, and is a software that is automatically installed when a web server or web document requesting authentication is accessed or a device that is already installed. It is implemented, and after checking whether the proper biometric feature input means is installed in the client and the environment in which the appropriate biometric feature can be input, it is determined whether or not the input is possible.

When the proper biometric characteristic can be input, it transmits and receives data for authentication with the authentication server and returns the authentication result to the web server.

If the voice cannot be input, the user can use a pre-registered mobile phone or a wired phone, and induce direct authentication between the authentication server and the user.

On the other hand, the authentication performer is able to transmit and receive data with the authentication server by a biometric authentication protocol based on TCP / IP.

The voice network client 510 may be substituted if the biometric characteristic is voice and the actual voice input is impossible in the client on which the web browser and the authenticator are executed.

The authentication server includes a biometric protocol processor 600 that processes data transmission and reception by a biometric protocol protocol, a database 700 that manages a user's voice model, and a voice communication network to perform voice authentication on a client that cannot input voice. It consists of a voice communication network client connector 800 and a voice communication network authentication performer for performing the authentication process to the terminal.

The present invention enables the use of various types of biometric features in consideration of the situation in which the client of the user can be used in various environments, and has an effect of efficiently integrating and generalizing through an authentication method with the authentication server.

In addition, the present invention has an effect that the authentication process can be made by utilizing the existing communication infrastructure even if the client cannot accept the biometric features such as voice, fingerprint, face.

In addition, the present invention has the effect of minimizing the use of a high-performance server to directly process the biometric feature authentication procedure algorithm in each client, the authentication feature of each client.

Claims (5)

In a method for authenticating a user using voice, text, and biometric features when accessing a web document based on the web, Running a web browser on the client, Entering a URL of a web document to be accessed in a web browser, If the web document requires user authentication, executing the authenticator installed on the client, If the executor is not installed, inducing the certifier to be automatically installed by downloading the certifier from the authentication server; An executed authenticator checking whether a voice input is available at the client; If there is no voice input device or if the ambient noise is too severe and it is determined that voice input is impossible, checking whether the voice communication terminal can be used; If it is impossible to use a terminal for a voice communication network, checking whether other biometric features such as a face and a fingerprint can be used; And accessing a web document if the authentication is successful by using the voice executor, using a voice communication network terminal, or using a biometric feature. 2. The method of claim 2, Performing authentication using the voice performer, Inputting a voice or text ID; Transmitting the input ID to the authentication server to check whether the ID is registered; Receiving an encryption key and a voice model from a server in the case of a registered ID, Receiving a user's voice password and performing a comparison operation between the voice model and the voice password using a speaker recognition algorithm by the authenticator; If the result matches the registered voice password, the web server and the authentication server transmit the result, and the web server transmits the requested web document. If it is determined that the voice password is not registered, inducing a retry; Web-based user authentication method using a biometric technology, characterized in that it comprises a. The method of claim 2, Performing authentication using the voice communication terminal, Requesting, by the BAP, authentication from the client to the authentication server for authentication to the terminal for the voice communication network; Sending a call from the authentication server to a voice communication terminal of a registered user through a voice communication network client connector; After the user listens to the voice password request from the authentication server through the voice communication terminal and inputs the voice password according to the guide, Comparing the input voice password with the registered voice model; Checking whether it is a registered ID, If the ID is registered, the step of confirming that the voice password for the ID is correct, And transmitting the authentication success result to the client if it is a registered voice password. The method of claim 2, Performing authentication by using the biometric feature, Inputting biometric features other than voice; Entering a character ID, Confirming whether the input character ID is registered; Receiving an encryption key and a voice model from a server in the case of a registered ID, Receiving a user's voice password and performing a comparison operation between the voice model and the voice password using a speaker recognition algorithm by the authenticator; If the result matches the registered voice password, the web server and the authentication server transmit the result, and the web server transmits the requested web document. If it is determined that the voice password is not registered, inducing a retry; Web-based user authentication method using a biometric technology, characterized in that it comprises a. In a system that authenticates a user using voice, text, and biometric features when accessing a web document based on the web, A web service server including a user information database, a web document, an HTTP processor, Biometric sensor, web browser / HTTP / XML parser, and automatically installed when the user first accesses the web server, A client including an authentication executor (bio-authentication protocol) that determines whether the client can receive the bio-feature, and transmits and receives data to the authentication server and returns the result to the web server, if possible. Wow, Web-based user authentication system using a biometric technology, characterized in that the authentication server comprising a biometric protocol processor, a biometrics database, a voice communication network client connector, and a voice communication network authentication performer.