CN101316169A

Movatterモバイル変換

Info

Publication number: CN101316169A
Application number: CNA200810116849XA
Authority: CN
Inventors: 张曌; 蒲正武; 高原
Original assignee: Individual
Current assignee: Individual
Priority date: 2008-07-18
Filing date: 2008-07-18
Publication date: 2008-12-03
Anticipated expiration: 2028-07-18
Also published as: CN101316169B

Abstract

The invention provides a network identity authentication method based on the biological characteristic authentication of a third party on the Internet. The biological characteristics (fingerprint, human face, iris, lip membrane and so on) are used as the identity identification of the user, the user can obtain an authentication request from the third party by submitting the biological characteristic codes through a client terminal widget provided by the third party, the identity authentication is carried out through the request password process and the matching algorithm, the Internet identity authentication can be carried out through a fully cooperative website or an application program provided by a cooperative network in a self-help mode, the third party provides request interfaces containing the registration, verification, reset of the biological characteristics, binding information,etc., the third party needs not to know the name of the user in the cooperative website or the application program provided by the cooperative network, thus avoiding to obtain the other information of the user in the cooperative website or the application program provided by the cooperative network, the reliability at the service terminal and the communication safety among the three parties can be guaranteed through the complete active service request of the cooperative website or the application program provided by the cooperative network, the Cookie, SSL, multi-encryption, digital signature of the widget, user-defined words or pictures,etc.

Description

Network identity validation method based on internet third party biological characteristic validation

Technical field

The present invention is applied to the internet, belongs to network identity recognition technology field, and being specifically related to a kind of is that the website provides by using various biometric device to gather the verification method of biometric identity with third party's approach to cooperation.

Background technology

The password authentification service of traditional the Internet is based on the Validation Mode of " ID number+character string password ", and is based on＜ID number+" biological condition code " based on the biological characteristic validation service of the Internet〉Validation Mode.

There are some problems in traditional verification mode always, forgets easily as password, and is stolen by the people easily.The user has forgotten password, gently then can cause to enter mailbox, forum, heavy then do not login operation system, even owing to forgotten administrator's password and need reinstall whole system, if password is stolen by the people and is gone then thing that consequence is serious especially, and in fact, tradition character string password steal and be one and be relatively easy to thing, just can successful stealing passwords as long as others is careful you in the password typing of terminal, even can guess out your password by your relevant informations such as birthday, so needing often to change password at ordinary times, the user guarantees safety, this has increased the memory burden concerning the user, and do not tackle the problem at its root yet, it is believed that breath, thereby need not remember and storing googol in the biological characteristic, effective in addition property can not guessed right and be stolen.

In recent years, send the internet of information automatically, bring people's convenience and interests, among increasing fast, but also therefore produced a lot of problems, especially aspect information security.No matter be group or individual's information, all fear on the network that extends in all direction, to transmit and diminish the thing of rights and interests.Because biological characteristic can be verified by the Internet, pass through biometrics identification technology, qualification has only the people of appointment could visit relevant information, can greatly improve the fail safe of network information, like this, comprise a series of network commercial behaviors of Web bank, internet trade, ecommerce, amusement community, security guarantee has just been arranged.

Summary of the invention

The present invention aims to provide a kind of based on the internet third party biological characteristic validation network identity validation method, pass through biometrics identification technology, improve the fail safe of network information, like this, comprise a series of network commercial behaviors of Web bank, internet trade, ecommerce, amusement community, security guarantee has just been arranged.

For solving the problems of the technologies described above, the present invention by the following technical solutions:

A kind of network identity validation method based on internet third party biological characteristic validation, submit biological condition code to third party to obtain checking request as the User Identity user by the website with biological characteristic, carry out authentication by request token flow process and alignment algorithm, carry out the Internet authentication by complete user website or the self-service form of cooperative network application program, end user's association binding, and registration is finished voluntarily by the website fully, the third party only accepts user's registration by user or website at the identifier of third-party registration, again binding, the checking request, reset requests such as biological information, need not to know the user's name of user in the website, thereby avoid obtaining user's other content information in the website, the complete active request service in partner site and pass through Cookie, SSL, the multi-enciphering mode, modes such as User Defined literal and picture guarantee service end reliability and Three Party Communication content security.

Said method comprising the steps of:

(1) client (C) obtains the employed collecting device kind of user by collecting user computer registration table and USB port scanning information, and submit the Reader API request that dynamically updates to biological characteristic validation server (A), to drive the dissimilar equipment of user, client (C) shows custom images and the literal of once uploading in advance to the user, true for User Recognition third party biological characteristic validation service end, correctness, and fill in the account number of partner site or cooperative network application program (B), account is submitted to partner site or cooperative network application program (B);

(2) partner site or cooperative network application program (B) are tied up by the account number inquiry of partner site or cooperative network application program (B) and are ordered the ID sequence number that relational database is found biological characteristic validation server (A), and the ID sequence number of described biological characteristic validation server (A) and described partner site or cooperative network application program (B) write Cookie at the website of biological characteristic validation server registration ID, simultaneously the ID sequence number of described biological characteristic validation server (A) and partner site or cooperative network application program (B) are sent to biological characteristic validation server (A) at the website of biological characteristic validation server registration ID;

(3) biological characteristic validation server (A) the ID sequence number and partner site (B) that receive described biological characteristic validation server (A) checks behind the ID of the website of biological characteristic validation server registration whether these two ID exist, and if there is no then generates empty login token and returns to partner site or cooperative network application program (B); Login token and return to the partner site or cooperative network application program (B) if exist then generate non-NULL, the described login token that will generate simultaneously deposits database in to be put on record;

(4) partner site or cooperative network application program (B) judge whether the login token is empty after receiving described login token, if the login token is sky then generates failure jump page address and return to client (C); If login token non-NULL then described login token is write Cookie and database is put on record returns login token and consumer premise justice literal or image simultaneously and gives client (C);

(5) after client (C) receives login token and consumer premise justice literal or image, explicit user predefine literal or image, begin to gather biological characteristic, and carry out biological characteristic and extract and handle, then the biological attribute data after described login token and the processing is sent to biological characteristic validation server (A);

(6) after biological characteristic validation server (A) receives the described biological attribute data that described login token and client (C) send over, this biological attribute data of checking comparison generates biological condition code, and whether this condition code is removed to verify the daily record library inquiry in the past fixed by checking (because of the duplicate probability of condition code is imitated little) if find duplicate meeting to come according to the level of security strategy, if with in the past any on all four condition code is arranged, then system is identified as illegal condition code automatically; If comparison good authentication server merges to the new characteristic point intelligence of this condition code of intelligent extraction in the feature database, complete gradually to guarantee every piece of fingerprint characteristic quantity, then comparison result is deposited in database, will compare success message simultaneously and return to client (C);

(7) client (C) receives and receives the comparison success message and this comparison success message is sent to partner site (B);

(8) partner site or cooperative network application program (B) receive the ID sequence number that takes out biological characteristic validation server (A) behind the comparison success message in the Cookie and partner site or cooperative network application program (B) and send to biological characteristic validation server (A) in the website ID and the login token information of biological characteristic validation server (A) registration;

(9) biological characteristic validation server (A) receives the ID sequence number of described biological characteristic validation server (A) and partner site or cooperative network application program (B) behind the website of biological characteristic validation server registration ID and login token, whether ID sequence number by token ID and biological characteristic validation server (A) and partner site or cooperative network application program (B) be legal at the website ID of biological characteristic validation server (A) registration checking login token, if non-rule produces error message, if legal by this user in the partner site or cooperative network application program (B) this time land employed number of the account of request and the login biological characteristic comparison result of token from database lookup step (6), error message or described comparison result are returned to partner site or cooperative network application program (B);

(10) partner site or cooperative network application program (B) receive the comparison result that returns and judge whether success of login, if the comparison failure is the jump page address then generation is failed, if compare successfully then generate login Cookie and generate successful jump page address, at last the jump page address is returned to client (C), remove the Cookie that the ID sequence number of biological characteristic validation server (A) and partner site or cooperative network application program (B) are write at the website of biological characteristic validation server registration ID simultaneously;

(11) client (C) receives the jump page address and carries out page jump, and login process finishes.

The present invention is with biological characteristic (fingerprint, people's face, iris, other biological characteristics such as lip film) submit to biological condition code to obtain the checking request as the User Identity user by the website to the third party, carry out authentication by request token flow process and alignment algorithm, carry out the Internet authentication by complete user website or the self-service form of cooperative network application program, the third party need not to know that the user is in the partner site or the user's name of cooperative network application program, thereby avoid obtaining the user in the partner site or other content information of cooperative network application program, the complete active request service of partner site or cooperative network application program and pass through Cookie, SSL, the multi-enciphering mode, the control digital signature, modes such as User Defined literal and picture guarantee service end reliability and Three Party Communication content security.

Description of drawings

Figure 1 shows that the network identity validation method system schematic that the present invention is based on internet third party biological characteristic validation;

Figure 2 shows that the network identity validation method flow chart based on internet third party biological characteristic validation disclosed by the invention.

Embodiment

Below according to Figure of description to the further detailed presentations of technical scheme of the present invention.

Be illustrated in figure 1 as system of the present invention and form schematic diagram, the network identity validation system based on internet third party biological characteristic validation disclosed by the invention comprises: client, partner site or cooperative network application program and as third-party biological characteristic validation server.Client can be work station, portable computer, and other SmartClient, in client physical characteristics collecting equipment is installed, can gather, handle and encrypt comprising other biological characteristics such as fingerprint, people's face, iris, lip film, generation has " biological characteristic " condition code, obtain the checking request to third party's " biological characteristic " authentication server then, and by request token flow process and alignment algorithm, carry out network identity validation, thereby avoid obtaining the user in the partner site or other content information of cooperative network application program.

Be illustrated in figure 2 as biological characteristic validation method flow diagram disclosed by the invention, technical scheme of the present invention may further comprise the steps:

1) client (C) obtains the employed collecting device kind of user by collecting user computer registration table and USB port scanning information, and submit the Reader API request that dynamically updates to biological characteristic validation server (A), show self-defining image and the literal of once uploading in advance to the user to drive the dissimilar equipment of user, client (C), authenticity for User Recognition third party biological characteristic validation service end, and fill in the account number of partner site or cooperative network application program (B), account is submitted to partner site or cooperative network application program (B);

2) partner site or cooperative network application program (B) are tied up by the account number inquiry of partner site or cooperative network application program (B) and are ordered the ID sequence number that relational database is found biological characteristic validation server (A), and the ID sequence number of described biological characteristic validation server (A) and described partner site or cooperative network application program (B) write Cookie at the partner site or the cooperative network application program ID of biological characteristic validation server registration, simultaneously the ID sequence number of described biological characteristic validation server (A) and partner site or cooperative network application program (B) are sent to biological characteristic validation server (A) at the partner site or the cooperative network application program ID of biological characteristic validation server registration;

3) biological characteristic validation server (A) receives the ID sequence number of described biological characteristic validation server (A) and partner site or cooperative network application program (B) and check whether these two ID exist behind the partner site of biological characteristic validation server registration or cooperative network application program ID, if there is no then generates empty login token and returns to partner site or cooperative network application program (B); Login token and return to the partner site or cooperative network application program (B) if exist then generate non-NULL, the described login token that will generate simultaneously deposits database in to be put on record;

4) partner site or cooperative network application program (B) judge whether the login token is empty after receiving described login token, if the login token is sky then generates failure jump page address and return to client (C); If login token non-NULL then described login token is write Cookie and database is put on record returns login token and consumer premise justice literal or image simultaneously and gives client (C);

5) after client (C) receives login token and consumer premise justice literal or image, explicit user predefine literal or image, begin to gather biological characteristic, and carry out biological characteristic and extract and handle, then the biological attribute data after described login token and the processing is sent to biological characteristic validation server (A);

6) after biological characteristic validation server (A) receives the described biological attribute data that described login token and client (C) send over, this biological attribute data of checking comparison generates biological condition code, and whether this condition code removed to verify the daily record library inquiry in the past fixed by checking if find duplicate meeting to come according to the level of security strategy: (because of the duplicate probability of condition code less), if when with in the past any on all four condition code being arranged, then system is identified as illegal condition code automatically; If comparison good authentication server merges to the new characteristic point intelligence of this condition code of intelligent extraction in the feature database, complete gradually to guarantee every piece of fingerprint characteristic quantity, then comparison result is deposited in database, will compare success message simultaneously and return to client (C);

7) client (C) receives and receives the comparison success message and this comparison success message is sent to partner site or cooperative network application program (B);

8) partner site or cooperative network application program (B) receive the ID sequence number that takes out biological characteristic validation server (A) behind the comparison success message in the Cookie and partner site or cooperative network application program (B) in the partner site of biological characteristic validation server (A) registration or cooperative network application program ID and login token information send to biological characteristic validation server (A);

9) biological characteristic validation server (A) receives the ID sequence number of described biological characteristic validation server (A) and partner site or cooperative network application program (B) behind the partner site or cooperative network application program ID and login token of biological characteristic validation server registration, whether ID sequence number by token ID and biological characteristic validation server (A) and partner site or cooperative network application program (B) be legal at the partner site or the cooperative network application program ID checking login token of biological characteristic validation server (A) registration, if non-rule produces error message, if legal by this user in the partner site or cooperative network application program (B) this time land employed number of the account of request and the login biological characteristic comparison result of token from database lookup step (6), error message or described comparison result are returned to partner site or cooperative network application program (B);

10) partner site or cooperative network application program (B) receive the comparison result that returns and judge whether success of login, if the comparison failure is the jump page address then generation is failed, if compare successfully then generate login Cookie and generate successful jump page address, at last the jump page address is returned to client (C), remove the Cookie that the ID sequence number of biological characteristic validation server (A) and partner site or cooperative network application program (B) are write at the partner site or the cooperative network application program ID of biological characteristic validation server registration simultaneously;

11) client (C) receives the jump page address and carries out page jump, and login process finishes.

After gathering biological characteristic, the biometric feature sign indicating number that is extracted is carried out carrying out symmetric cryptography with token ID, timestamp as Key.Partner site or cooperative network application program are by the new user of registration provided by the present invention and bind original user's interface, carry out related with third party's biological characteristic server user ID website or cooperative network application user, go to inquire about in third party's biological characteristic user library by the Email in the log-on message of submitting the user to, authentication server uses the Email of partner site or cooperative network application user as unique identification, if exist represent this user may be in other partner site or the cooperative network application program registered, so needn't carry out the registration in third party's biological characteristic storehouse again, directly find relative users user ID third party's biological characteristic storehouse returns from the biological characteristic storehouse, partner site or cooperative network application program are bound, save typing biological characteristic process again, reset the biological characteristic user can be in the partner site or the cooperative network application program enter and reset the biological characteristic page by inputing old biological characteristic and answering replacement biological characteristic problem password.

Verification method disclosed in this invention is by carrying out the Internet authentication by partner site or the self-service form of cooperative network application program fully, end user's association binding and registration are finished voluntarily by website or cooperative network application program fully, identifier and Email that third party's biological characteristic validation server (A) is only registered by user or partner site or cooperative network application program (B), accept to register by the mode that interface is provided from the user of partner site or cooperative network application program (B), again binding, the checking request, reset the biological information active request, the third party need not to know the user in the partner site or the user's name of cooperative network application program, thereby avoids obtaining the user in the partner site or other content information of cooperative network application program (B).

Communication between biological characteristic validation server (A), partner site or cooperative network application program (B) and the client (C) is not all distorted with the data that guarantee communication by the SSL mode, and control adopts Microsoft's digital signature to prevent to be added into bad code.

Biological characteristic of the present invention can be for as other biological characteristics such as the fingerprint of User Identity, people's face, iris, lip films.

Claims

1, a kind of network identity validation method based on internet third party biological characteristic validation, described verification method with biological characteristic validation server (A) as the third party, with biological characteristic as User Identity, the user asks to obtain checking as third-party biological characteristic validation server (A) by gathering and encrypt biological condition code in client (C), and by request token flow process and alignment algorithm, carry out network identity validation, thereby avoid obtaining the user in the partner site or other content information of cooperative network application program, it is characterized by, said method comprising the steps of:

(1) client (C) obtains the employed collecting device kind of user by collecting user computer registration table and USB port scanning information, and submit the Reader API request that dynamically updates to biological characteristic validation server (A), to drive the dissimilar equipment of user, client (C) shows custom images and the literal of once uploading in advance to the user, authenticity for User Recognition third party biological characteristic validation service end, correctness, and fill in the account number of partner site or cooperative network application program (B), account is submitted to partner site or cooperative network application program (B);

(3) biological characteristic validation server (A) receives the ID sequence number of described biological characteristic validation server (A) and partner site or cooperative network application program (B) and checks behind the ID of the website of biological characteristic validation server registration whether these two ID exist, and if there is no then generates empty login token and returns to partner site or cooperative network application program (B); Login token and return to the partner site or cooperative network application program (B) if exist then generate non-NULL, the described login token that will generate simultaneously deposits database in to be put on record;

(4) partner site or cooperative network application program (B) judge whether the login token is empty after receiving described login token, if the login token is sky then generates failure jump page address and return to client (C); If the login token is non-NULL then described login token is write Cookie and database is put on record, return login token and consumer premise justice literal or image simultaneously and give client (C);

(6) after biological characteristic validation server (A) receives the described biological attribute data that described login token and client (C) send over, the checking comparison biological condition code that this biological attribute data generated, if comparison good authentication server merges to feature database with the new characteristic point of this condition code of intelligent extraction, to guarantee that every piece of fingerprint characteristic quantity increases gradually to complete, then comparison result is deposited in database, will compare success message simultaneously and return to client (C);

(7) client (C) receives and receives the comparison success message and this comparison success message is sent to partner site or cooperative network application program (B);

2, the network identity validation method based on internet third party biological characteristic validation according to claim 1 is characterized by:

After gathering biological characteristic, the biometric feature sign indicating number that is extracted is carried out so that token ID, timestamp carry out symmetric cryptography as Key at random, Key is dynamic, even cryptographic algorithm also can change at random be taken condition code to guarantee quilt simultaneously, also can't encrypt with new cipher mode can be by normal decrypted data, because asymmetric, so the data after the service end deciphering are invalid.

3, the network identity validation method based on internet third party biological characteristic validation according to claim 1 is characterized by:

Described verification method carries out the Internet authentication by complete user website or the self-service form of cooperative network application program (B), end user's association binding and registration are finished voluntarily by the website fully, identifier and Email that third party's biological characteristic validation server (A) is only registered by user or partner site or cooperative network application program (B), accept to register by the mode that interface is provided from the user of partner site or cooperative network application program (B), again binding, the checking request, reset the biological information active request, need not to know the user's name of user, thereby avoid obtaining the user in the partner site or other content information of cooperative network application program (B) in the website.

4, the network identity validation method based on internet third party biological characteristic validation according to claim 1 is characterized by:

5, the network identity validation method based on internet third party biological characteristic validation according to claim 1 is characterized by:

Described biological characteristic validation server (A) is after receiving the described biological attribute data that described login token and client (C) send over, the biological condition code that this biological attribute data of checking comparison generates, and remove to verify the daily record library inquiry in the past, determine whether by checking according to the level of security strategy, because the duplicate probability of condition code is very little, when described biological condition code and any condition code in the past were in full accord, system was identified as illegal condition code automatically.

6, the network identity validation method based on internet third party biological characteristic validation according to claim 1 is characterized by:

In step (4), the described token that lands together returns with self-defined literal or the custom images that the user deposits in advance, thereby whether the user truly judges the server authenticity by identification literal or image.

7, according to the described network identity validation method of claim 1-6, it is characterized by based on internet third party biological characteristic validation:

Described biological characteristic is meant other biological characteristics such as fingerprint as User Identity, people's face, iris, lip film.