CN109391622A - A kind of the finger print identifying cloud security system and method for loading rule - Google Patents
A kind of the finger print identifying cloud security system and method for loading rule Download PDFInfo
- Publication number
- CN109391622A CN109391622A CN201811281278.5A CN201811281278A CN109391622A CN 109391622 A CN109391622 A CN 109391622A CN 201811281278 A CN201811281278 A CN 201811281278A CN 109391622 A CN109391622 A CN 109391622A
- Authority
- CN
- China
- Prior art keywords
- rule
- module
- finger print
- print identifying
- cloud
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0861—Network architectures or network communication protocols for network security for authentication of entities using biometrical features, e.g. fingerprint, retina-scan
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Health & Medical Sciences (AREA)
- Biomedical Technology (AREA)
- General Health & Medical Sciences (AREA)
- Collating Specific Patterns (AREA)
Abstract
For the Replay Attack defendd in cloud security certification, in particular for the rogue attacks of finger print identifying mode.The present invention provides the finger print identifying cloud security system and method for a kind of loading rule: the system is made of fingerprint authentication module 1, Certificate Authority module 2, cloud service module 3, customer service module 4, rule execution module 7, rule engine module 8.Client 5 includes total authentication module 9 and customer service module 4.Cloud 6 includes Certificate Authority module 2 and cloud service module 3 and rule engine module 8.Cloud setting is based on time, place, the compound rule of professional level.Positioned at client rule execution module receive based on the time, place, professional level compound rule, executing rule.The fingerprint authentication module of client obtains finger print information, carries out finger print identifying, if finger print identifying passes through, call time in client, place, professional level compound rule implementing result to cloud;If finger print identifying does not pass through, client sends finger print identifying and does not pass through information to cloud.Positioned at cloud Certificate Authority module and rule engine module receive client send authentication information, and carry out the time, place, professional level compound rule meet sex determination.If rule meets, authorization cloud service module carries out respective service;If rule is not met, refusal authorization cloud service module carries out respective service.
Description
Technical field
It is a kind of reinforcement safety that the present invention relates to information security technologies for resisting the rogue attacks for being directed to finger print identifying
The finger print identifying cloud security system and method for property.
Background technique
Cloud computing as a kind of new calculation and business model, by internet for user provide Dynamical Deployment, by
The resource services such as distribution, calculating, storage, software, platform are needed, and monitor resource service condition in real time.Most as current development
For one of rapid new industry, cloud computing is had a vast market foreground, while being also faced with unprecedented security challenge.
It shows according to investigations, cloud security not only becomes the primary barrier that user is widely popularized using the maximum misgivings and cloud application of cloud service
One of hinder.
In order to guarantee the safety of cloud service, it is necessary to effective authentication is carried out to the user for entering system, according to identifying
User identity and authorization data storehouse matching, to determine that can user Internet access resource.And fingerprint recognition is to use at present
A kind of more cloud safety certification method.The essence of fingerprint recognition is pattern-recognition, and fingerprint recognition is related to fingerprint collecting, at image
4 reason, characteristics extraction, fingerprint matching steps, and fingerprint characteristic template is stored by fingerprint database.But the fingerprint of current mainstream
Cloud security method is authenticated, Replay Attack can not be defendd.
Summary of the invention
For the rogue attacks defendd in cloud security certification, in particular for the attack of finger print identifying mode.The present invention mentions
For the finger print identifying cloud security system and method for a kind of loading rule, by setting a series of physical rules, physical rules packet
Containing rules such as time rule, place rule, professional level rules, cloud is logged on from by what finger print identifying passed through,
It was found that rogue attacks, and then be on the defensive.Meanwhile the physical rules of setting, have substantially no effect on the use of legitimate user.
The present invention proposes the finger print identifying cloud security system and method for a kind of loading rule, it is characterised in that it includes fingerprint
Authentication module 1, Certificate Authority module 2, cloud service module 3, customer service module 4, rule execution module 7, rule engine module
8.Fingerprint authentication module 1 and the composition of rule execution module 7 authenticate total module 9.Client 5 includes that total authentication module 9 and client take
Business module 4.Cloud 6 includes Certificate Authority module 2 and cloud service module 3 and rule engine module 8.
It authenticates total module 9 and obtains finger print information in client, executing rule, generates finger print identifying information M01 and rule is recognized
Demonstrate,prove information M02.Finger print identifying information M01 includes finger print identifying information, and regular authentication information M02 includes time, place, professional level
Compound rule execution information.
A kind of finger print identifying cloud security method of loading rule, key step include:
Step 101 cloud rule engine module 8 setting based on the time, place, professional level compound rule M03.
Step 201 client rule execution module 7 receive based on the time, place, professional level compound rule M03, execute rule
Then.
Step 301 client fingerprint authentication module 1 obtains finger print information, carries out finger print identifying.
Step 401 client fingerprint authentication module 1 generates finger print identifying information M01 and regular authentication information M02.
Step 501 client fingerprint authentication module 1 reports finger print identifying information M01 and rule authentication information M02 to cloud.
Step 601 cloud Certificate Authority module 2 is awarded according to finger print identifying information M01 and regular authentication information M02
Power/do not authorize respective service.
Step 101 setting based on the time, place, professional level compound rule, function includes but is not limited to include but unlimited
In the compound rule of the rule of some period, locations and regions rule, professional level authorization rule and these rules.
Step 201 client, which receives, is based on the time, place, the compound rule of professional level, executing rule, and function includes but not
It is limited to time record and judgement, place record and judgement, professional level identifies and judges.
Step 301 client obtains finger print information, carries out finger print identifying, and function includes but is not limited to fingerprint collecting, figure
As processing, characteristics extraction, fingerprint matching.
Step 401 generates finger print identifying information M01 and rule authentication information M02, finger print identifying information M01
In finger print identifying information, regular authentication information M02 including but not limited to the time, place, professional level compound rule execution information.
The method of the present invention is suitable for fingerprint authentication module, the equipment such as cloud authorization identifying module.The present invention can apply
In the security fields of fingerprint application as described above, such as bank finance, online shopping, security system etc..
For the present invention by the finger print identifying mode of loading rule, refusal service, which is not met, sets regular finger print identifying authorization
Request improves safety protection level compared with the finger print identifying cloud security method without rule.
Detailed description of the invention
The finger print identifying cloud security system of Fig. 1 loading rule of the present invention.
The finger print identifying cloud security method of Fig. 2 loading rule of the present invention.
Specific embodiment
As shown in Figure 1, the present invention proposes a kind of cloud security system of the finger print identifying of loading rule, it is characterised in that: it
Including fingerprint authentication module 1, Certificate Authority module 2, cloud service module 3, customer service module 4, rule execution module 7, rule
Engine modules 8.Fingerprint authentication module 1 and the composition of rule execution module 7 authenticate total module 9.Client 5 includes authenticating total module 9
With customer service module 4.Cloud 6 includes Certificate Authority module 2 and cloud service module 3 and rule engine module 8.Finger print identifying mould
Block 1 provides finger print identifying information M01 and regular authentication information M02 to Certificate Authority module 2, and rule engine module 8 is held to rule
Row module 7 provides compound rule M03.
The rule engine module 8 of this system introduction has the function that Rule Information M03 is sent to rule execution module.This
The rule execution module 7 of method introduction has the function of receiving Rule Information M03, has the function of executing rule information M03.
Rule Information M03 can be the rule of the constraint definition according to physical time.The constraint of physical time refers to certain section of rule
Just allow to authorize in the fixed time and log in, as effectively, other times are invalid in 8 points to 18 points of working times.
Rule Information M03 can be the constraint of physical location, including but not limited to determine just to allow to award in defined place
Power logs in, forbids logging in the place of multiple Steric clashes.
Rule Information M03 can be professional level Rule Information, refer to the rule defined according to the constraint of professional level department.Including but
Being not limited to functional department as defined in having determined just allows the user of authorization login, regulation professional level that authorization is just allowed to log in.
Rule Information M03 can be the compound rule of time rule, place rule, professional level rule.
Fingerprint authentication module 1 obtains fingerprint image, calculates fingerprint matching as a result, reporting fingerprint finger print identifying information M01.
Rule execution module 7 is according to defined rule, such as time rule, place rule, professional level rule, computation rule
With judging result, regular authentication information M02 is reported.
Certificate Authority module 2 carries out the judgement for authorizing or not authorizing according to authentication information 101, executes authorization or not
The function of authorization.
Claims (7)
1. a kind of finger print identifying cloud security system of loading rule, it is characterised in that: it includes fingerprint authentication module 1, authenticates and award
Weigh module 2, cloud service module 3, customer service module 4, rule execution module 7, rule engine module 8, in which: finger print identifying mould
Block 1 and the composition of rule execution module 7 authenticate total module 9;It authenticates total module 9 and customer service module forms 4 clients 5;Certification
Authorization module 2, cloud service module 3 and rule engine module 8 form cloud 6;Authenticate fingerprint authentication module 1 in total module 9 to
Certificate Authority module 2 in cloud 6 provides finger print identifying information M01 and regular authentication information M02, and rule engine module 8 is to rule
Then execution module 7 provides compound rule M03.
2. finger print identifying cloud security system as described in claim 1, which is characterized in that the total module 9 of certification is in client 5
Finger print information is obtained, executing rule generates finger print identifying information M01 and regular authentication information M02;Finger print identifying information M01 packet
Information containing finger print identifying;Regular authentication information M02 include the time, place, professional level compound rule execution information.
3. a kind of finger print identifying cloud security method of loading rule, which is characterized in that be based on finger print identifying described in claim 1
Cloud security system, key step include:
Step 101 cloud rule engine module 8 setting based on the time, place, professional level compound rule M03;
Step 201 client rule execution module 7 receive based on the time, place, professional level compound rule M03, executing rule;
Step 301 client fingerprint authentication module 1 obtains finger print information, carries out finger print identifying;
Step 401 client fingerprint authentication module 1 generates finger print identifying information M01 and regular authentication information M02;
Step 501 client fingerprint authentication module 1 reports finger print identifying information M01 and rule authentication information M02 to cloud;
Step 601 cloud Certificate Authority module 2 is according to finger print identifying information M01 and regular authentication information M02, whether authorization
Respective service.
4. finger print identifying cloud security method as claimed in claim 3, which is characterized in that the step 101 cloud regulation engine mould
Block 8 setting based on the time, place, professional level compound rule, function includes but is not limited to the rule of some period, place area
The compound rule of domain rule, professional level authorization rule and these rules.
5. finger print identifying cloud security method as claimed in claim 3, which is characterized in that the step 201 client rule is held
Row module 7 receive be based on the time, place, the compound rule of professional level, executing rule, function include but is not limited to the time record and
Judgement, place record and judgement, professional level identify and judge.
6. finger print identifying cloud security method as claimed in claim 3, which is characterized in that the step 301 client fingerprint is recognized
It demonstrate,proves module 1 and obtains finger print information, carry out finger print identifying, function includes but is not limited to fingerprint collecting, image procossing, and characteristic value mentions
It takes, fingerprint matching.
7. finger print identifying cloud security method as claimed in claim 3, which is characterized in that the step 401 client fingerprint is recognized
It demonstrate,proves module 1 and generates finger print identifying information M01 and regular authentication information M02, finger print identifying information M01 recognizes including but not limited to fingerprint
Demonstrate,prove information, regular authentication information M02 including but not limited to the time, place, professional level compound rule execution information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811281278.5A CN109391622A (en) | 2018-10-31 | 2018-10-31 | A kind of the finger print identifying cloud security system and method for loading rule |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811281278.5A CN109391622A (en) | 2018-10-31 | 2018-10-31 | A kind of the finger print identifying cloud security system and method for loading rule |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109391622A true CN109391622A (en) | 2019-02-26 |
Family
ID=65427368
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811281278.5A Pending CN109391622A (en) | 2018-10-31 | 2018-10-31 | A kind of the finger print identifying cloud security system and method for loading rule |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109391622A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112395574A (en) * | 2020-12-04 | 2021-02-23 | 航天信息股份有限公司 | Safety login management method |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103595719A (en) * | 2013-11-15 | 2014-02-19 | 清华大学 | Authentication method and system based on fingerprints |
| CN103873244A (en) * | 2012-12-13 | 2014-06-18 | 航天信息股份有限公司 | Identity authentication method and system in mobile payment based on fingerprint identification |
| CN104392226A (en) * | 2014-12-15 | 2015-03-04 | 金虎林 | Fingerprint authentication system and method |
| CN105912901A (en) * | 2016-04-06 | 2016-08-31 | 深圳市金立通信设备有限公司 | Fingerprint authentication method and terminal |
| CN107438854A (en) * | 2015-02-06 | 2017-12-05 | 维里迪乌姆Ip有限责任公司 | The system and method that the image captured using mobile device performs the user authentication based on fingerprint |
| CN108092938A (en) * | 2016-11-23 | 2018-05-29 | 中移(杭州)信息技术有限公司 | Authentication method based on fingerprint, first server and terminal based on finger print identifying |
| US20180278600A1 (en) * | 2016-01-19 | 2018-09-27 | Regwez, Inc. | Multi-factor masked access control system |
-
2018
- 2018-10-31 CN CN201811281278.5A patent/CN109391622A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103873244A (en) * | 2012-12-13 | 2014-06-18 | 航天信息股份有限公司 | Identity authentication method and system in mobile payment based on fingerprint identification |
| CN103595719A (en) * | 2013-11-15 | 2014-02-19 | 清华大学 | Authentication method and system based on fingerprints |
| CN104392226A (en) * | 2014-12-15 | 2015-03-04 | 金虎林 | Fingerprint authentication system and method |
| CN107438854A (en) * | 2015-02-06 | 2017-12-05 | 维里迪乌姆Ip有限责任公司 | The system and method that the image captured using mobile device performs the user authentication based on fingerprint |
| US20180278600A1 (en) * | 2016-01-19 | 2018-09-27 | Regwez, Inc. | Multi-factor masked access control system |
| CN105912901A (en) * | 2016-04-06 | 2016-08-31 | 深圳市金立通信设备有限公司 | Fingerprint authentication method and terminal |
| CN108092938A (en) * | 2016-11-23 | 2018-05-29 | 中移(杭州)信息技术有限公司 | Authentication method based on fingerprint, first server and terminal based on finger print identifying |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112395574A (en) * | 2020-12-04 | 2021-02-23 | 航天信息股份有限公司 | Safety login management method |
| CN112395574B (en) * | 2020-12-04 | 2024-02-23 | 航天信息股份有限公司 | Safe login management method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Pourvahab et al. | An efficient forensics architecture in software-defined networking-IoT using blockchain technology | |
| CN105678125B (en) | A kind of user authen method, device | |
| Panaousis et al. | Cybersecurity games and investments: A decision support approach | |
| CN109450959A (en) | A kind of multiple-factor identity identifying method based on threat level | |
| Ahmed et al. | Detecting Computer Intrusions Using Behavioral Biometrics. | |
| KR101985421B1 (en) | Method and apparatus for security investment based on evaluating security risks | |
| Baca et al. | Prioritizing countermeasures through the countermeasure method for software security (CM-Sec) | |
| CN110717164A (en) | Intelligent multidimensional weighting identity authentication and risk control method and system | |
| WO2016048129A2 (en) | A system and method for authenticating a user based on user behaviour and environmental factors | |
| CN116418568A (en) | Data security access control method, system and storage medium based on dynamic trust evaluation | |
| Dostálek | Multi-factor authentication modeling | |
| CN109391622A (en) | A kind of the finger print identifying cloud security system and method for loading rule | |
| EP4068125B1 (en) | Method of monitoring and protecting access to an online service | |
| De et al. | Trusted cloud-and femtocell-based biometric authentication for mobile networks | |
| Al-Ayed et al. | An Efficient Practice of Privacy Implementation: Kerberos and Markov Chain to Secure File Transfer Sessions. | |
| Salami et al. | SIMP-REAUTH: a simple multilevel real user remote authentication scheme for mobile cloud computing | |
| Konoplev et al. | Access control method in distributed grid computing networks | |
| Huang et al. | A trust-based cloud computing access control model | |
| Shao et al. | A Dynamic Access Control Model Based on Game Theory for the Cloud | |
| Haqani et al. | Biometric verified access control of critical data on a cloud | |
| Wang et al. | ExBLACR: extending BLACR system | |
| Jaiswal et al. | Biometric Authentication for the Cloud Computing | |
| Ali et al. | AI-Enabled Cloud Security Based on Organized Identity System | |
| CN118041513B (en) | Agricultural product supply chain-based data access control method and apparatus | |
| Kanth et al. | Enhanced capsule generative adversarial network with Blockchain fostered Intrusion Detection System for Enhancing Cyber security in Cloud |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20190226 |