提出一种在计算机应用系统中集成口令、令牌及各种生物认证的通用集成认证框架和支撑框架的认证协议.该认证协议把消息的验证过程逆向转化为传统的生物特征识别过程,利用各种生物特征识别技术固有的容错能力解决生物特征数据的不确定性问题,从而提供一种可重用的集成认证框架.采用该框架可以实现相关技术的标准化,有助于全面提升系统的安全层次.%This paper proposes a practical framework for multifactor authentication using password, token and biometrics. In particular,it provides a unified interface for various biometrics typing subsystems,such as fingerprint,retina scan, hand geometry, face pattern,even the potential DNA typing subsystems. A revised challenge-response protocol is developed to brings all these modules to work together in order to prevent identity theft,which uses a variant of identity-based signature scheme suggested by Shamir to recover biometrics templates from valid challenge-response codes.
展开▼