200818837 九、發明說明: 【發明所屬之技術領域】 本發明係有關一種以指紋認證之網路系統及方法,尤適於應用在 區域網路的認證端設備上如存取點、認證伺服器或類似裝置及方法以 作為身份辨識者。 【先前技術】 在科技發達的現代,人們藉由電腦來提升工作上的效率,也藉由 網路來通往虛擬的世界,在瀏覽器的推出之後,已是一般民眾都可以 使用,且是日長生活息息相關一部份。並隨著網路的使用頻繁,人們 的依賴網路的使用也越來越高。 、、、二過了這幾年的發展,在區域網路的基礎建設方面,,從早期的 10Mbps推向目前的100Mbps的基礎建設。而無線區域網路的技術也日 漸成熟,目前已有臟 802· llb 11Mbps、8〇2· lla 54Mbps 及 8〇2· W 54Mbps二轉輸速率的產品祕市面上。在晴的使關繁下,產生 了網路安全上的疑慮,不管有誠無線區域網路―樣都會遭受到駭客 的攻擊,基本上,有線或無線區域網路所能提供的功能是一致的,但 是因為無線傳輸的特性,1作站只要是在Ap訊號涵蓋的範圍下就可以 上網,不像有線網路必須在有提供網路接頭的地點才可以連上網路, 因此,在無線網路上更易受到攻擊,造成安全上的漏洞,對於網路的 應用產生了重大的影響。 在無線區域網路的相關標準中,其通訊協定以美國電機電子工程 師協會(IEEE)所制定的IEE麗系列相關的標準為主, 5 線網路通訊安全,802· 11系列標準中尚定義有WEP(Wired Equivalent Privacy)安全協定,此規格採用RC4串流式(Stream)加密方式,加密 金输長度僅40個位元’所以其安全度一直飽受質疑。且WEP的金錄共 享採用手動輸入的方式,並未定義金鑰共享的方法,金鑰更新不易, 易遭暴力搜尋或已知明文攻擊法來攻擊之。 而Wi-Fi聯盟與IEEE聯手推出的Wi-Fi強化板安全規格-Wi-Fi保 護存取規格(Wi-Fi Protected Access, WPA),用以取代既有但安全性 較差的WEP標準。WPA規格上採用暫時密鑰完整性協定(Temporal Key200818837 IX. Description of the Invention: [Technical Field] The present invention relates to a network system and method for fingerprint authentication, which is particularly suitable for application on an authentication end device of a regional network such as an access point, an authentication server or Similar devices and methods are used as identifiers. [Prior Art] In the modern technology, people use computers to improve their work efficiency, and also use the Internet to lead to the virtual world. After the launch of the browser, it is already available to the general public. The long life of the day is closely related. And with the frequent use of the Internet, people's use of relying on the Internet is getting higher and higher. In the past few years, the development of the regional network, from the early 10Mbps to the current 100Mbps infrastructure. The technology of wireless local area network is becoming more and more mature. At present, there are products on the market of dirty 802·llb 11Mbps, 8〇2·lla 54Mbps and 8〇2· W 54Mbps. In the sunny era, there are doubts about network security. No matter whether the wireless local area network is attacked by hackers, basically, the functions provided by wired or wireless local area networks are consistent. However, because of the characteristics of wireless transmission, the station can access the Internet as long as it is covered by the Ap signal. Unlike wired networks, the network must be connected to the network where the network connector is provided. Therefore, in the wireless network. The road is more vulnerable to attacks, resulting in security vulnerabilities that have a major impact on the application of the network. Among the standards related to wireless local area networks, the communication protocol is based on the standards of the IEE series developed by the Institute of Electrical and Electronics Engineers (IEEE). The 5-wire network communication security is defined in the 802·11 series of standards. WEP (Wired Equivalent Privacy) security protocol, this specification uses RC4 Stream (Stream) encryption, the encryption gold input length is only 40 bits' so its security has been questioned. The WEP's golden record sharing method is manually input. The method of key sharing is not defined. The key update is not easy, and it is vulnerable to violent search or known plaintext attack. Wi-Fi Alliance and IEEE have jointly launched Wi-Fi Protected Access (WPA) to replace the existing but less secure WEP standard. Temporal Key Agreement (Wemporal Key)
Integrity Protocol, TKIP),它採用128位元RC4加密演算法,強化 資料加始女全性’並且加入了訊息驗證碼(Message Authentication Code,MAC)的檢驗,以確保訊息的完整性,防止訊息重送攻擊^另外m 也提供使用者登入的認證功能,WPA内建8〇21χ與延伸認證協定 (Extensible Aunthentication Protocol,ΕΑΡ),使用者要登入網路前 必須先經過巾央錬㈣織,麟漏讀才⑽連上騎網路或 進行計費(Accounting)。 然’就上叙規格雖可以加強袖路上的安全認證鋪,但在網 路的應用上還是時常有傳出龜客破解網路安全認證機制,入侵系統 内部’造成資料上的遺失,對企業或個人形成巨大的損失。 、有鑑於此,本發明人擬提供一種在認證機制上加入指紋特徵,以 達到有效控__統’令配設有指紋顧之醜系統具有身分辨識 之功能,而可提高安全等級者。 【發明内容】 :\ 200818837 200818837 本發明之主要目的, 在提供一種在網路系統中加 方式以增強網路的安全防護者 入指紋特徵的認證 梢之次-目的’在提供—種令配___路系統具 有身分辨紅雜,而可提高安”級者。 她^目i她—種恤她峨之網路系統具 有身义辨識之魏,而可提高計f準確性者。 _ 為達成上述目的,本發明係—種以餘認證之網路系統及方法, 主要係包含有-制者端及_認證端來認證及授權,該賴者端係設 有-指紋擷取裝置,其裝置係有_指紋取像單元一指紋處理單元及 -傳輸單元,該指紋取像單元铜於使用者指紋影像,而指紋處 =單元係接_絲像單元觸取之指郷像,賴裝成可自我描 =非固定長叙封包龍,_傳輸單元係傳送献處理單元之封 包貧料’另認證端係設有_認證錢,其裝置内係設有—傳輸單元、 心、、、文處理控制單元、—:細轉單元及—介面單元,轉輸單元係 '文掏取衣置之傳輸單元所傳送的封包資料,而指紋處理控制單 係接收雜輪單元傳送之封包資料,並與資料儲存單元内已登錄之 特彳U作比對’而該資料儲存單元係配設連結於指紋處理控制單 用於儲存指紋特徵點資料與相關使用者資料,該介面單元係將指 翅里彳工制單元之比對結果轉化為控制訊號並回覆認證結果,藉此, /成以缺特徵來認證烟者,並確認朗者身份及被允許授權的權 限’而授與使用者使狀權力。 7 200818837 本發明之其他特點及具體實施例可於以下配合附圖之詳細說明 中,進一步瞭解。 【實施方式】 請參第1圖,係為本發明以指紋認證之網路系統的主架構之方塊 示意圖,主要係包含有一使用者端A及一認證端B來認證及授權,該 使用者端A係設有一指紋擷取裝置丄,其裝置係有一指紋取像單元工 1、一指紋處理單元12及一傳輸單元13,該指紋取像單元丄工係 用於擷取使用者指紋影像,而指紋處理單元丄2係接收該指紋取像單 元11所擷取之指紋影像,並封裝成可自我描述及非固定長度之封包 資料’而該傳輸單元13係傳送指紋處理單元12之封包資料,另1 證端B係設有一認證裝置2,其裝置内係設有一傳輸單元2丄一指紋 處理控制單S22、-資料儲存單元23及-介面單元24,該傳輸 單元21,係接收指紋擷取裝置i之傳輸單元丄3所傳送的封包資 料,指紋處理控制單元2 2係接收該傳輸單元2 i傳送之封包資料, 並與資料儲存單元2 3内已登錄之指紋特徵點作比對,而該資料儲存 單元23係配設連結於該指紋處理控制單元22,用於儲存指紋特徵 點資料與相關使用者資料,該介面單元2 4,係將指紋處理控制單元 2 2之比對結果轉化為控制訊號2 5並回覆認證結果,藉此,形成以 指紋特徵來認證使用者,並確認使用者身份及被允許授權的權限,而 授與使用者使用之權力。 請蒼第2圖,係為本發明以指紋認證之網路系統之方法的步驟流 程示意圖,係為使用者端A與認證端B共享一個秘密值,由認證端b 200818837 达出俯返機亂數值至使用者端A,使用者端A將使用者指紋影像、 秘山值及Ik機亂數值連接起來,形成一封包傳回認證端B,認證端b 執行運I轉指紋影像、加密鍵值及隨機有效時序值,以認證使 用者及確認封包之時雜,&括T列麵: 乂缽3 1、使用者端指示認證協定開始; ^ 3 2、由認證端要求使用者輸入指紋影像; 步驟二3 3、由使用者端之指紋擷取裝置擷取指紋影像; =驟四3 4、認證端送出-隨機有效時序值至使用者端; ,、、5使用者、執行運异,將指紋影像、加密鍵值及隨機、 ^ 有放4序值連接起來,形成-封包傳回認證端; μ 3 6、執行運算,認證端自認證裝置中讀取指紋特 徵資料,來比對指紋特徵; 步驟七3 7、比對吻合即通過認證,授權使用者存取網路資源並 回覆認證結果。 示 意^ Γ圖’絲本發明以指紋認證之網路系統中第一應用狀態 如錢/使用者^ Α之指紋擷取裝置1係與個人行動通訊裝置4 〇. 手钱、PDA·..等結合,裝設於個人行動通1壯 1、筆,料 ⑽通5隨置的内部’或與電腦4 丄聿兄型電腦42或精簡型電腦…箄… 筆記型電亦可裝設於電腦4 1、 ι电月自4 2或精簡型電腦 擷取使用者的指”像,、, 軸紋練袭置1來 "ess 認證裝置2內〃亚將指紋影像以封包方式傳輸到認證端Β之 内,該認證蠕Β之認證裝置2係與存取點43(te 9 200818837 t w_ 4 3物卩,綱齡綱無線雙 。專輸方式或有線雙向傳輸方式,而透過認證之認證裝置2内將 接收到的封包執行運算,並作錢特徵輯,來認證使用者,比對吻 口即通過。忍',而授權使用者存取網路資源包含網際網路使用4 5、 網路應用4 6、網路服務4 7…等。Integrity Protocol (TKIP), which uses the 128-bit RC4 encryption algorithm to enhance the data and add a message authentication code (MAC) test to ensure the integrity of the message and prevent the message from being heavy. Sending an attack ^ Another m also provides user authentication for login. WPA has built-in 8〇21χ and Extensible Aunthentication Protocol (ΕΑΡ). Users must go through the towel (4) before they log in to the network. Read (10) to connect to the network or to conduct accounting (Accounting). However, although the above specifications can strengthen the security certification shop on the sleeves, but in the application of the network, there are often reports that the turtles cracked the network security authentication mechanism, and the internals of the intrusion system caused the loss of data to the enterprise or Individuals form huge losses. In view of the above, the inventors intend to provide a fingerprint feature on the authentication mechanism to achieve the function of effectively controlling the identity of the fingerprint system, and improving the security level. SUMMARY OF THE INVENTION: \ 200818837 200818837 The main purpose of the present invention is to provide a method for adding a method in a network system to enhance the security of a security guard of a network. __The road system has the body to distinguish the red, but can improve the level of the person. She ^ eyes i she - the network system of her 具有 具有 具有 具有 具有 具有 具有 具有 具有 具有 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 网路 , 网路 , , , In order to achieve the above object, the present invention is a network system and method for authenticity certification, which mainly includes a system-side and an authentication terminal for authentication and authorization, and the user terminal is provided with a fingerprint capture device. The device is provided with a fingerprint processing unit, a fingerprint processing unit and a transmission unit, wherein the fingerprint image capturing unit is coppered on the user's fingerprint image, and the fingerprint portion=the unit is connected to the finger image of the silk image unit. Self-drawing = non-fixed long-selling package dragon, _transmission unit is the package of the processing unit, the package is poor, 'the other end of the authentication system is _ certification money, the device is equipped with - transmission unit, heart,,, text processing Control unit, -: fine-turn unit and interface Yuan, the transfer unit is the packet data transmitted by the transmission unit of the textbook, and the fingerprint processing control unit receives the packet data transmitted by the miscellaneous unit and compares with the registered U in the data storage unit. And the data storage unit is provided with a fingerprint processing control unit for storing fingerprint feature point data and related user data, and the interface unit converts the comparison result of the finger-finished unit into a control signal and Replying to the authentication result, thereby, the user is authenticated by the missing feature, and the identity of the person and the authority to be authorized is confirmed. The user is given the power to make the decision. 7 200818837 Other features and embodiments of the present invention may be The following is a detailed description of the drawings in conjunction with the accompanying drawings. [Embodiment] FIG. 1 is a block diagram showing the main structure of a fingerprint authentication network system according to the present invention, which mainly includes a user terminal A and An authentication terminal B is provided with authentication and authorization. The user terminal A is provided with a fingerprint capture device, and the device is provided with a fingerprint image capturing unit 1, a fingerprint processing unit 12 and a The transmission unit 13 is configured to capture a fingerprint image of the user, and the fingerprint processing unit 2 receives the fingerprint image captured by the fingerprint image capturing unit 11 and encapsulates the self-description and non-description. The transmission unit 13 transmits the packet data of the fingerprint processing unit 12, and the other terminal B is provided with an authentication device 2, and the device is provided with a transmission unit 2, a fingerprint processing control unit S22, a data storage unit 23 and an interface unit 24, the transmission unit 21 receives the packet data transmitted by the transmission unit 丄3 of the fingerprint capture device i, and the fingerprint processing control unit 2 2 receives the packet transmitted by the transmission unit 2 i The data is compared with the fingerprint feature points registered in the data storage unit 23, and the data storage unit 23 is coupled to the fingerprint processing control unit 22 for storing fingerprint feature point data and related user data. The interface unit 24 converts the comparison result of the fingerprint processing control unit 2 2 into a control signal 25 and replies the authentication result, thereby forming a fingerprint feature for authentication. And confirm user identity and authorization permissions are allowed, but give users the power to use it. Please refer to Figure 2, which is a schematic flow chart of the method for the fingerprint authentication network system of the present invention. The user terminal A and the authentication terminal B share a secret value, and the authentication terminal b 200818837 reaches the reversing machine chaos. The value is connected to the user terminal A, and the user terminal A connects the user fingerprint image, the secret mountain value and the Ik machine random number to form a packet and sends it back to the authentication terminal B, and the authentication terminal b performs the operation of the fingerprint image and the encryption key value. And the random effective timing value, in order to authenticate the user and confirm the time of the packet, & include the T column surface: 乂钵 3 1, the user end indicates the start of the authentication agreement; ^ 3 2, the authentication end requires the user to input the fingerprint image Step 2 3 3. Capture the fingerprint image by the user's fingerprint capture device; = Step 4: 4, the authentication end sends out the random effective timing value to the user end; , , 5 users, perform the operation, The fingerprint image, the encryption key value, and the random, ^4 value are connected to form a packet to be sent back to the authentication end; μ 3 6. Execute the operation, and the authentication end reads the fingerprint feature data from the authentication device to compare the fingerprint Features; Steps 7 3 7. Comparison Kiss That is authenticated, authorized user access to network resources and respond to the authentication result. ^ Γ ' ' 丝 丝 丝 丝 ' 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本 本Combined, installed in the personal action pass 1 strong 1, pen, material (10) through 5 with the internal 'or with the computer 4 丄聿 brother type computer 42 or a compact computer ... 箄 ... notebook type can also be installed in the computer 4 1, ι 电月 from 4 2 or a compact computer to capture the user's finger "image,,, axis pattern training set to 1" ess authentication device 2 〃 将 将 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹 指纹The authentication device 2 of the authentication worm is connected to the access point 43 (te 9 200818837 t w_ 4 3 object, the syllabus wireless double. The special transmission mode or the wired two-way transmission mode, and the authentication device 2 is authenticated. The received packet will perform the operation and make a feature set to authenticate the user, and the kiss will pass. The authorized user accesses the network resources including the Internet usage. 4 6. Internet service 4 7...etc.
月同1·,⑦1、4圖,鮮4圖係為本發明以指紋認證之網路系 統中第二應用狀態示意圖,該使用者端A之指紋擷取裝置工係與個人 行動通訊裝置4 0如手機、ΡΜ...等結合,裝設於個人行動通訊裝置4 〇的内部’或與電腦4 i、筆記型電腦4 2或精簡型電腦...等结人, 亦可裝設於電腦4 i、筆記型電腦4 2或精簡型電腦的内部或外^ _紋擷取裝置!來齡使用者的指紋影像,並將指紋影像以封包 方式傳輸到認證端B之認證裝置2内,該認證端β之認證裝置2係與 存取點(Access Point)4 3及認證伺服器4 4(Sever)結合,裝設於存 取點(Access Point)4 3及認證伺服器(免槪)4 4的内部,其中該認 證端B之認證裝置2之指紋處理控制單元2 2及資料處存單元2 : 裝設於認證飼服器(SER職)44内,而傳輸單元2工及介面單元Μ 係裝設於存取點(Ac㈣PQint)4 3内,而傳輸的方式係為線雙向 傳輸方式錢線雙向傳輸方式,經將仙者端A的指紋影像以封包方 式傳輪到認證端B的存取點4 3中,再傳遞到認證飼服器4 4内,透 過認證飼服器4 4内指紋處理控制單元2 2將接收到的封包執行運 算’並從資料儲存單元2 3中尋找指紋特徵點來作指紋特徵比對,來 200818837 認證使用者,比對吻合即通過認證,並確認使用者身份及被允許授權 的權限,比對完成後將比對結果傳回存取點4 3中的介面單元2 4, 並轉化為控制訊號2 5來使用網路資源包含網際網路使用4 5、網路 應用4 6、網路服務4 7…等。 另可與企業或 ISP(Internet Service Provider)藉由 IEEE802· 1χ 協疋、AAA(Authentication Authorization、Account)伺服器、與使 肖者指紋龍庫結合,用以管理行動使用者對無職域網路的存取行 • 為使用者在獲彳于技權進入以IEEE802· IX管制的I線區域網路之前, 使用者首先必須經由EAP0L,並透過無線擷取器或無線寬頻路由器,來 S供指紋、數位公錄憑證或其他可供認證使用者的資訊後端的編伺 服為。經伺職認證通過的合法朗者才可使用無線區域網路,使用 系統所提供的服務。AAA #服器也會記載使用者登入與登出的時間資 汛’以作為計費或網路使用狀態監控的用途。 本發明的另—特點係藉由特殊的SPVL (Self-desoribed Protocol • 祕VaHable Length)通訊協定設計來達到彈性化的多功能應用, 該通訊協定具有各類型資料自我描述的功能及可變長度的特性。請參 閱第5圖,該狐絲的封包型式係'包含表頭⑽職)5 〇,資料 主體(DATA BODY) 5 1,及檢查碼⑽CKSUM) 5 2。該表頭5 〇内 包括: 操作代碼(Opcode) 5 Q 1 ’用於存放遙控操作代碼。 裝置識別碼(Device Id) 5 Q 2,用於存放手持遙控裝置識別碼。 11 200818837 資料長度(Data Length) 5 0 3 :用於存放封包内資料主體5 的長度。 該資料主體51内包括: 資料内容(〇8七8(:01^6111:)5 10,其係各式資料型態(])对&办1^) 值的承載體(Payload)。 資料内容摘要(Data Descriptor) 5 1 2,其係一種資料描述符 號,用於描述資料内容51〇的資料型別與長度。The same as 1·, 71, 4, and fresh 4 are the second application state diagram of the fingerprint authentication network system of the present invention, and the user terminal A's fingerprint capture device system and personal mobile communication device 40 Such as mobile phone, ΡΜ, etc., installed inside the personal mobile communication device 4 或 or with the computer 4 i, notebook computer 4 2 or a compact computer ... can also be installed in the computer 4 i, notebook computer 4 2 or thin computer internal or external ^ _ pattern capture device! The fingerprint image of the user of the age is transmitted to the authentication device 2 of the authentication terminal B in a packet mode, and the authentication device 2 of the authentication terminal β is connected to the access point 4 3 and the authentication server 4 4 (Sever) combination, installed in the access point (Access Point) 43 and the authentication server (free) 4 4, wherein the authentication terminal B of the authentication device 2 fingerprint processing control unit 2 2 and the data office The storage unit 2 is installed in the certified feeding machine (SER) 44, and the transmission unit 2 and the interface unit are installed in the access point (Ac) P4, and the transmission method is the line bidirectional transmission. The two-way transmission mode of the money line is transmitted to the access point 43 of the authentication terminal B by means of a packet, and then transmitted to the authentication feeding device 44, and passed through the authentication feeding device 4 The internal fingerprint processing control unit 2 2 performs the operation of the received packet and searches for the fingerprint feature points from the data storage unit 23 for fingerprint feature comparison. The authenticated user is authenticated in 200818837, and the comparison is authenticated and confirmed. User identity and permission to be authorized, the comparison is completed The comparison result is transmitted back to the interface unit 24 in the access point 4 3 and converted into the control signal 25 to use the network resources to include the Internet usage 4 5 , the network application 4 6 , the network service 4 7... Wait. It can also be used in conjunction with enterprises or ISPs (Internet Service Providers) through IEEE 802. χ 疋, AAA (Authentication Authorization, Account) servers, and the hacker fingerprint library to manage mobile users' non-local network. Access Lines • Before users can access the I-line area network controlled by IEEE802·IX under the right of technology, users must first use EAP0L and send fingerprints via wireless pick-up or wireless broadband router. The number of registered voucher or other information available to the authenticated user is compiled. A legally identifiable person who has been certified by the service can use the wireless local area network to use the services provided by the system. The AAA # server also records the time and time of user login and logout as a means of billing or network usage status monitoring. Another feature of the present invention is the flexible multi-functional application by a special SPVL (Self-desoribed Protocol) communication protocol, which has various types of data self-describing functions and variable lengths. characteristic. Please refer to Fig. 5, the package type of the fox is 'including the head (10)) 5 〇, the data body (DATA BODY) 5 1, and the check code (10) CKSUM) 5 2. The header 5 includes: Operation code (Opcode) 5 Q 1 ' is used to store the remote operation code. Device Id 5 Q 2, used to store the handheld remote control ID. 11 200818837 Data Length 5 0 3 : Used to store the length of the data body 5 in the package. The data body 51 includes: data content (〇8 7 8 (: 01^6111:) 5 10, which is a carrier of various data types (]) for & 1^) values (Payload). Data Descriptor 5 1 2, which is a data descriptor number used to describe the data type and length of the data content.
該檢查碼5 2係整個封包總合檢查值。 該資料内容摘要5 1 2具有自我描述的功能,且非固定長度,可 依據傳輸資料特誠變動,使封包變小,以提高資料傳輸速度,並提 供封包可不按餐的功能,藉此來翻彈性化的多魏細,省略紀 錄封包順序的資訊。 由上可知,以本發明具有如下優點: 1、 於網路系、统上之認證端加入指紋顺的裝置,形成以指紋特徵來 認證使用者,以增強網路的安全防護者。 2、 令配設有指、故特徵之網路系統具有身分辨識之功能,而可提高安 全專級者。 3、 令配钟缺之_、統具有身分辨識之魏,可提高計 費準確性者。 、斤L者僅為本發明之較佳實施例而已,舉凡依本發明申这 專利範圍所做之均等設計變化,⑽林案之技躺涵蓋。μ 12 200818837 綜上所述,本發明揭示一獨特以指紋認證之網路系統及方法,以 指紋特徵來認證使用者,並確認使用者身份及被允許授權的權限,而 授與使用者使用之權力,令配設有指紋特徵之網路系統,安全性更加 提昇及提高安全等級,具有新穎性,以及產業上之利用價值,爰依法 提出發明專利申請。The check code 52 is the total packet inspection value. The summary of the data content 5 1 2 has a self-describing function, and is not fixed length, and can be changed according to the transmission data, so that the packet is reduced to improve the data transmission speed, and the package can be turned off without the function of the meal. The flexibility of the multi-wei, omitting the information of the order of the packet. It can be seen from the above that the present invention has the following advantages: 1. The device of the fingerprint system is added to the authentication end of the network system and the system to form a fingerprint feature to authenticate the user to enhance the security of the network. 2. The network system with the characteristics of the finger and the feature has the function of identity recognition, which can improve the security level. 3, the lack of the clock, the identity of the Wei, can improve the accuracy of the bill. It is only the preferred embodiment of the present invention, and the equivalent design changes made by the invention according to the scope of the invention, (10) the technical case of the forest case is covered. μ 12 200818837 In summary, the present invention discloses a unique fingerprint authentication network system and method for authenticating a user with a fingerprint feature, and confirming the identity of the user and the permission to be authorized, and granting the user the use. Power, the network system equipped with fingerprint features, the security is improved and the security level is improved. It has novelty and industrial use value, and the invention patent application is filed according to law.
13 200818837 【圖式簡單說明】 第1圖係為本發明主架構之方塊示意圖。 第2圖係為本發明步驟流程示意圖。 第3圖係為本發明第一應用狀態示意圖。 第4圖係為本發明第二應用狀態示意圖。 第5圖係為本發明之SPVL通訊協定定義之封包格式示意圖。 【主要元件符號說明】 A、 使用者端 B、 認證端 1、 指紋擷取裝置 1 1、指紋取像單元 12、 指紋處理單元 13、 傳輸單元 2、 認證裝置 2 1、傳輸單元 2 2、指紋處理控制單元 2 3、資料儲存單元 2 4、介面單元 2 5、控制訊號 31、步驟一 3 2、步驟二 3 3、步驟三 14 200818837 3 4、步驟四 3 5、步驟五 3 6、步驟六 ; 3 7、步驟七 : 4 0、個人行動通訊裝置 4 1、電腦 4 2、筆記型電腦 _ 4 3、存取點(Access Point) 4 4、認證伺服器(Sever) 4 5、網際網路使用 4 6、網路應用 4 7、網路服務 5 0、表頭(HEADER) 5 0 1、操作代碼(OpCode) ® 5 0 2、裝置識別碼(Device Id) 5 0 3、資料長度(Data Length) 5 1、資料主體(DATA BODY) . 5 1 0、資料内容(Data Content) _ 5 1 2、資料内容摘要(Data Descriptor) 5 2、檢查碼(CHECKSUM) 1513 200818837 [Simple description of the diagram] Figure 1 is a block diagram of the main architecture of the present invention. Figure 2 is a schematic flow chart of the steps of the present invention. Figure 3 is a schematic view of the first application state of the present invention. Figure 4 is a schematic view of the second application state of the present invention. Figure 5 is a schematic diagram of the packet format defined by the SPVL communication protocol of the present invention. [Description of main component symbols] A, user terminal B, authentication terminal 1, fingerprint capture device 1 1, fingerprint image capture unit 12, fingerprint processing unit 13, transmission unit 2, authentication device 2 1, transmission unit 2, fingerprint Process control unit 2 3, data storage unit 2 4, interface unit 2 5, control signal 31, step one 3, step two 3 3, step three 14 200818837 3 4, step four 3 5, step five 3 6, step six 3 7. Step 7: 4 0. Personal mobile communication device 4 1. Computer 4 2. Notebook computer _ 4 3. Access point 4 4. Authentication server (Sever) 4 5. Internet Use 4 6, network application 4 7, network service 5 0, header (HEADER) 5 0 1, operation code (OpCode) ® 5 0 2, device ID (Device Id) 5 0 3, data length (Data Length) 5 1. Data body (DATA BODY) . 5 1 0, Data Content _ 5 1 2. Data Descriptor 5 2. Check code (CHECKSUM) 15