User authenticating system and method using one-time fingerprint template
First Claim
1. A user authenticating system including a web server for providing web services, a user'"'"'s PC, which is a client desiring a user authentication for access to the web server through a network, and an authenticating server for performing authentication upon request thereof by the user, the request transferred from the client through the web server through connection to the web server, characterized in that the client comprises:
- a client communication interface for communication with the client;
a fingerprint input means for reading-in a user'"'"'s fingerprint for obtaining authentication from the authenticating server;
a fingerprint feature data extracting means for extracting fingerprint feature data from the inputted fingerprint;
a one-time template (OTT) key request means for requesting from the authenticating server a transfer of an OTT key;
an OTT key receiving means for receiving the OTT key transferred from the authenticating server;
an OTT generation means for generating an OTT by combining the received OTT key with the fingerprint feature data; and
an OTT encrypting means for encrypting the OTT in a predetermined manner,and the web server, which provides a web page to be actually used by the user, comprises;
a first server communication interface for communication with the client server;
a second server communication interface for communication with the authenticating server;
a data interchange means for interchanging data between the client and the authenticating server;
and an authentication result receiving means for receiving an authentication result transferred from the authenticating server, and transmitting the web page to the client,and the authenticating server comprises;
an authentication server communication interface for communicating with the web server;
an OTT key generation means for generating an OTT key upon request of the OTT key from the client;
an OTT key storing means for storing the generated OTT key;
an OTT key transfer means for transmitting the generated OTT key to the client;
an OTT receiving means for receiving the encrypted OTT transferred from the client;
an OTT decrypting means for restoring the original OTT by decrypting the encrypted and received OTT;
an OTT key extracting means for extracting an OTT key from the restored OTT;
an OTT key validity determination means for determining validity of the OTT key by comparing the OTT key stored in the OTT storing means and the OTT key extracted by the OTT key extracting means;
a fingerprint authentication means for authenticating an access of the user based on the fingerprint thereof by comparing registered fingerprint feature data with the inputted fingerprint feature data, if the OTT key is determined to be valid, and refusing authentication if the OTT key is determined to be at least one of invalid an the fingerprint feature data do not coincide with each other as a result of comparison; and
an OTT key deletion means for deleting the OTT key used for determining validity of the OTT key upon completion of the authenticating process by the fingerprint authentication means so that another OTT key newly generated by the OTT key generation means can be used for a next user authentication,whereby the authentication result receiving means provides the web page to the client upon receipt of the authentication allowing result through the web server transferred from the fingerprint authenticating means of the authenticating server, and denies the user'"'"'s log-in upon receipt of the authentication refusing result through the web server transferred from the fingerprint authenticating means of the authenticating server.
2 Assignments
0 Petitions
Accused Products
Abstract
This invention relates to a user authenticating system and a method using aone-time fingerprint template. The system and the method according to the invention are improvements of the conventional user authentication based on the manner of comparing the fingerprint feature data only, for the purpose of preventing a false authentication by misusing fingerprint feature data, if exposed in the course of transfer thereof. In the system and the method according to the invention, fingerprint feature data of a user are combined with an OTT key transferred from a server. The combined result is encoded and transferred to an authenticating server. The authenticating server then confirms validity of the OTT key and authenticates the user based on the fingerprint. Thus, the present invention has an advantage of preventing a false authentication through hacking, etc., even if the OTT key is exposed to a network, because the OTT key is used only once for authentication.
-
Citations
16 Claims
-
1. A user authenticating system including a web server for providing web services, a user'"'"'s PC, which is a client desiring a user authentication for access to the web server through a network, and an authenticating server for performing authentication upon request thereof by the user, the request transferred from the client through the web server through connection to the web server, characterized in that the client comprises:
-
a client communication interface for communication with the client; a fingerprint input means for reading-in a user'"'"'s fingerprint for obtaining authentication from the authenticating server; a fingerprint feature data extracting means for extracting fingerprint feature data from the inputted fingerprint; a one-time template (OTT) key request means for requesting from the authenticating server a transfer of an OTT key; an OTT key receiving means for receiving the OTT key transferred from the authenticating server; an OTT generation means for generating an OTT by combining the received OTT key with the fingerprint feature data; and an OTT encrypting means for encrypting the OTT in a predetermined manner, and the web server, which provides a web page to be actually used by the user, comprises; a first server communication interface for communication with the client server; a second server communication interface for communication with the authenticating server; a data interchange means for interchanging data between the client and the authenticating server; and an authentication result receiving means for receiving an authentication result transferred from the authenticating server, and transmitting the web page to the client, and the authenticating server comprises; an authentication server communication interface for communicating with the web server; an OTT key generation means for generating an OTT key upon request of the OTT key from the client; an OTT key storing means for storing the generated OTT key; an OTT key transfer means for transmitting the generated OTT key to the client; an OTT receiving means for receiving the encrypted OTT transferred from the client; an OTT decrypting means for restoring the original OTT by decrypting the encrypted and received OTT; an OTT key extracting means for extracting an OTT key from the restored OTT; an OTT key validity determination means for determining validity of the OTT key by comparing the OTT key stored in the OTT storing means and the OTT key extracted by the OTT key extracting means; a fingerprint authentication means for authenticating an access of the user based on the fingerprint thereof by comparing registered fingerprint feature data with the inputted fingerprint feature data, if the OTT key is determined to be valid, and refusing authentication if the OTT key is determined to be at least one of invalid an the fingerprint feature data do not coincide with each other as a result of comparison; and an OTT key deletion means for deleting the OTT key used for determining validity of the OTT key upon completion of the authenticating process by the fingerprint authentication means so that another OTT key newly generated by the OTT key generation means can be used for a next user authentication, whereby the authentication result receiving means provides the web page to the client upon receipt of the authentication allowing result through the web server transferred from the fingerprint authenticating means of the authenticating server, and denies the user'"'"'s log-in upon receipt of the authentication refusing result through the web server transferred from the fingerprint authenticating means of the authenticating server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
Specification