METHODS AND SYSTEMS FOR AUTHENTICATION

US 20090271635A1
Filed: 02/18/2009
Published: 10/29/2009
Est. Priority Date: 08/18/2006
Status: Abandoned Application

First Claim

Patent Images

1. A method for authentication through combination of identity and privilege, comprising:

acquiring the privilege security level corresponding to a client-end;

inquiring the identity security level corresponding to the privilege security level according to an established relation of association between privilege security level and identity security level;

determining the authentication parameters for identity authentication according to the identity security level;

performing identity authentication on the client-end using the authentication parameters; and

obtaining an authentication result.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention discloses a method and system for authentication. The method for authentication includes: acquiring the privilege security level corresponding to a client-end; inquiring the identity security level corresponding to the privilege security level according to an established relation of association between privilege security level and identity security level; determining the authentication parameters for identity authentication according to the identity security level; performing identity authentication on the client-end using the authentication parameters; and obtaining an authentication result. The identity authentication and privilege authentication are combined, and identity authentication is performed according to the identity security level in accord with the privilege security level so that rules of identity authentication can be adjusted, and the flexibility of the process of authentication may be improved.

Citations

19 Claims

1. A method for authentication through combination of identity and privilege, comprising:
- acquiring the privilege security level corresponding to a client-end;
  
  inquiring the identity security level corresponding to the privilege security level according to an established relation of association between privilege security level and identity security level;
  
  determining the authentication parameters for identity authentication according to the identity security level;
  
  performing identity authentication on the client-end using the authentication parameters; and
  
  obtaining an authentication result.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method for authentication through combination of identity and privilege according to claim 1, wherein the established relation of association between privilege security level and identity security level is stored in a biometric algorithm certificate, or in a database, or in a file.
  - 3. The method for authentication through combination of identity and privilege according to claim 1, wherein the acquiring the privilege security level corresponding to a client-end comprises:
    - receiving an access request from the client-end;
      
      sending a request for biometric certificate and attribute certificate to the client-end; and
      
      acquiring the privilege security level from the attribute certificate received from the client-end.
  - 4. The method for authentication through combination of identity and privilege according to claim 1, wherein the authentication parameters comprise:
    - parameters of algorithm for processing alive-being biometric template, matching algorithm parameters and threshold.
  - 5. The method for authentication through combination of identity and privilege according to claim 4, wherein the performing identity authentication on the client-end using the authentication parameters comprises:
    - acquiring biometric template of user from the biometric certificate received from the client-end;
      
      generating alive-being biometric template according to the biometric information of user received from the client-end;
      
      matching the alive-being biometric template with the biometric template of user to obtain a matching score;
      
      generating the result that the authentication on the client-end is passed if the matching score is greater than or equal to the threshold; and
      
      generating the result that the authentication on the client-end is not passed if the matching score is less than the threshold.
  - 6. The method for authentication through combination of identity and privilege according to claim 1, further comprising:
    - sending the authentication result to the client-end.

7. A system for authentication through combination of identity and privilege, comprising:
- an extracting unit, a biometric processing unit and an authenticating unit, wherein;
  
  the extracting unit is configured to acquire the privilege security level corresponding to a client-end, and send the privilege security level to the biometric processing unit;
  
  the biometric processing unit is configured to inquire the identity security level corresponding to the privilege security level according to an established relation of association between privilege security level and identity security level, determine the authentication parameters for identity authentication according to the identity security level, and send the authentication parameters to the authenticating unit; and
  
  the authenticating unit is configured to perform identity authentication on the client-end using the authentication parameters.
- View Dependent Claims (8, 9)
- - 8. The system for authentication through combination of identity and privilege according to claim 7, further comprising:
    - an application unit, a unit for transferring identity information, and a unit for collecting biometric information, wherein;
      
      the application unit is configured to receive an access request from the client-end;
      
      invoke the unit for transferring identity information after receiving the access request from the client-end;
      
      the unit for transferring identity information is configured to send a request for attribute certificate and biometric certificate to the client-end, receive the attribute certificate and biometric certificate from the client-end, send the attribute certificate to the extracting unit, send the biometric certificate to the authenticating unit, and invoke the biometric processing unit;
      
      the unit for collecting biometric information is configured to collect biometric information of user and send the biometric information of user to the biometric processing unit.
  - 9. The system for authentication through combination of identity and privilege according to claim 7, wherein the biometric processing unit comprises an associating unit, a parameter generating unit, a unit for generating alive-being biometric template, and a unit for extracting biometric certificate, wherein:
    - the associating unit is configured to acquire the relation of association between privilege security level and identity security level;
      
      inquire the identity security level corresponding to the privilege security according to the relation of association between privilege security level and identity security level;
      
      send the identity security level to the parameter generating unit;
      
      the parameter generating unit is configured to generate authentication parameters corresponding to the identity security level received from the associating unit, and send the parameters to the unit for generating alive-being biometric template;
      
      the unit for generating alive-being biometric template is configured to generate alive-being biometric template according to the authentication parameters from the parameter generating unit and biometric information of user; and
      
      the unit for extracting biometric certificate is configured to extract biometric template of user from a received biometric certificate.

10. A method for biometric authentication, comprising:
- acquiring a unique identifier for parameter information;
  
  inquiring the biometric authentication parameters corresponding to the unique identifier for parameter information according to an established list of biometric security level;
  
  receiving biometric information of user from a client-end; and
  
  performing biometric authentication on the biometric information of user from the client-end according to the biometric authentication parameters.
- View Dependent Claims (11, 12, 13, 14, 15)
- - 11. The method for biometric authentication according to claim 10, wherein the acquiring a unique identifier for parameter information comprises:
    - acquiring the unique identifier for parameter information from an attribute certificate from the client-end or from a database or from a third party.
  - 12. The method for biometric authentication according to claim 10, wherein the established list of biometric security level is stored in a database, or a file, or a biometric certificate in the authentication-end.
  - 13. The method for biometric authentication according to claim 10, wherein the list of biometric security level comprises:
    - the relation of association between unique identifier for parameter information and the parameters comprising security level, policies, biometric type, biometric algorithm or false matching rate; and
      
      the biometric authentication parameters comprising policies, biometric type, biometric algorithm, or false matching rate.
  - 14. The method for biometric authentication according to claim 13, further comprising:
    - sending the policies of the biometric authentication parameters to the client-end; and
      
      receiving biometric information of user from the client-end after the authentication performed by the client-end on the policies is passed.
  - 15. The method for biometric authentication according to claim 13, further comprising:
    - receiving biometric certificate from the client-end;
      
      verifying whether the biometric certificate is validate or not;
      
      acquiring biometric template of user from the biometric certification if the biometric certificate is validate and there is binding relation between the biometric certificate and the attribute certification;
      
      and wherein performing biometric authentication on the biometric information of user from the client-end according to the biometric authentication parameters comprises;
      
      generating alive-being biometric template according to biometric information of user, the biometric type and biometric algorithm;
      
      matching the alive-being biometric template with biometric template of user, to obtain a matching score;
      
      evaluating the matching score according to the FMR value; and
      
      generating authentication result.

16. A system for biometric authentication, comprising a authentication-end, whereinthe authentication-end is configured to acquire, from a client-end, a unique identifier for parameter information and biometric information of user, inquire the biometric authentication parameters corresponding to the unique identifier for parameter information according to an established list of biometric security level, and perform biometric authentication on the biometric information of user from the client-end according to the biometric authentication parameters.
- View Dependent Claims (17, 18, 19)
- - 17. The system for biometric authentication according to claim 16, wherein:
    - the authentication-end is further configured to send policies included in the authentication parameters to the client-end after acquiring the authentication parameters corresponding to the unique identifier for parameter information, and receive biometric information of user from the client-end after the authentication performed by the client-end on the policies is passed.
  - 18. The system for biometric authentication according to claim 16, further comprising a client-end, wherein the client-end comprises:
    - a sending unit, configured to send the authentication-end the biometric certificate including biometric template of user and the attributer certificate including the unique identifier for parameter information; and
      
      a unit for reading biometric information, configured to read biometric information of user provided by the user, and send the biometric information of user to the authentication-end via the sending unit.
  - 19. The system for biometric authentication according to claim 16, wherein the authentication-end comprises:
    - a receiving unit, a certificate extracting unit, an authentication processing unit, a unit for processing biometric template, a unit for matching biometric template and a determining unit, whereinthe receiving unit is configured to receive biometric certificate and attribute certificate from the client-end, send the biometric certificate and attribute certificate to the certificate extracting unit, receive biometric information of user from the client-end, and send the biometric information of user to the authentication processing unit;
      
      the certificate extracting unit is configured to extract biometric template of user from biometric certificate, send the biometric template of user to the unit for matching biometric template, and send the result extracted from the biometric certificate to the authentication processing unit;
      
      the authentication processing unit is configured to obtain the biometric information of user from the receiving unit according to the result extracted from the biometric algorithm certificate, and send the biometric information of user to the unit for processing biometric template;
      
      the unit for processing biometric template is configured to generate alive-being biometric template according to the biometric information of user from the authentication processing unit, and send the alive-being biometric template to the unit for matching biometric template;
      
      the unit for matching biometric template is configured to match the alive-being biometric template from the unit for processing biometric template with the biometric template of user to obtain a matching score, and send the matching score to the determining unit; and
      
      the determining unit is configured to determine whether the authentication is passed or not according to the matching score from the unit for matching biometric template, and output the result of authentication.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Original Assignee
Huawei Technologies Co., Ltd. (Huawei Investment & Holding Co., Ltd.)
Inventors
Liu, Bing, Liu, Hongwei, Wei, Jiwei, Liu, Shuling

Application Number

US12/388,315
Publication Number

US 20090271635A1
Time in Patent Office

Days
Field of Search
US Class Current

713/186
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06Q 20/229   Hierarchy of users of accounts

G06Q 20/388   using mutual authentication...

G06Q 20/405   Establishing or using trans...

G06Q 20/40975   using encryption therefor

G07C 9/37   using biometric data, e.g. ...

G07F 7/1008   Active credit-cards provide...

G07F 7/122   Online card verification

H04L 2209/56   Financial cryptography, e.g...

H04L 9/3231   Biological data, e.g. finge...

H04L 9/3263   involving certificates, e.g...

H04L 9/3273   for mutual authentication n...

METHODS AND SYSTEMS FOR AUTHENTICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND SYSTEMS FOR AUTHENTICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links