1. Field of the Invention
The present invention relates to a user authorization authentication technique, and more particularly, to a fingerprint authentication method for accessing wireless networking systems.
2. Description of Related Art
Wireless networking technology has improved greatly in recent years, facilitating a trend away from wired networking to wireless networking. Presently, most wireless networks are installed at the user end, which puts much of the burden of controlling access rights to the wireless network at the user end. Except for the conventional and relatively insecure access control modes such as inputting account numbers and passwords, users often find other more robust methods too complicated to use or too difficult to implement in practical application. Moreover, such access control mechanisms and techniques are mostly designed to be implement at the user end. For example, a company employee may use a specific permit to obtain access to computer wireless networking; or simply log on to a computer system by inputting a legitimate user log-in account number and password to enter into a wireless networking system via an application program called “Network Connection” provided by the Windows operating system. However, this method of controlling wireless access rights is mechanical and inflexible. For instance, users are forced to input legal user account numbers and passwords in order to log in to the Windows operating system and perform desired tasks even if users do not need to use wireless networking, thereby greatly inconveniencing users at work.
To resolve the foregoing problem, Taiwanese Patent Publication Gazette No. 200529091 discloses a method that uses the input of fingerprints to help identify users, the method comprising first configuring URL web addresses or identification numbers, wherein account numbers and passwords of users are previously stored in an application program so that when users open the URL web addresses or the application programs, the users are instructed to input fingerprint images that are then converted to fingerprint identification codes that enables the fingerprint identification codes to be compared with pre-stored identification codes, and, if the codes match each other, corresponding user account numbers and passwords are then acquired to be automatic populated into corresponding form positions. Although this technique can simplify the steps for inputting user account numbers and passwords, it still utilizes user account numbers and passwords as a means and standard for authenticating users and granting user access to network resources, thus failing to address the risk of user account numbers and passwords being misappropriated. In addition, the foregoing method basically enforces access rights to a computer rather than the resources of a wireless network. In other words, this method utilizes computer techniques on the local computer to control network access, thus only indirectly limiting the use of wireless network resources. As such, it fails to effectively provide for the security of network resources.
In view of the drawbacks discussed above, Taiwanese Patent Publication Gazette N200605599 discloses a system to address such shortcoming comprising: a Pre-share Key that is divided into a user name (UN) portion and a password portion (PW); a secret key SKEYID deduced from the exchange definition of an Internet secret key (IKE); and a secret key value (HMAC_I) integrating a user name and a password added to a message abstract functional sector, thus enabling an initiator to transmit the secret key value to a responder. Thereafter, the responder calculates the secret key values of all users in a user database and stores the calculated result; and, when the responder receives the user secret key value (HMAC_I) that is compared with the secret key value stored in the database, a secret key value (HMAC_R) is calculated based on the result of the comparison and transmitted to the initiator so as to analyze whether the result of the comparison is correct or not. If the result is correct, the responder and the initiator are connected, whereas if the result is incorrect, the connection between the two is terminated. However, this technique is deficient in that the transmission of these authentication messages between the responder and the initiator need to continue without interruption to provide authentication, and if the computer of the initiator or the responder is invaded by a virus program, such as a worm virus program or a malicious hacking intention, the infected computer can continuously send out such messages, which can adversely affect system performance. Moreover, if the initiator (or the responder) is an access point (base station) for a wideband wireless network, because of its CSMA-CA's TDMA nature, the effective connection speed for other connected users will be seriously reduced by the numerous requests and/or responses involving authentication, so much so that it may even paralyze the whole network system as a result. The possibility of this situation can be happened by choosing either the PCF (Point Coordination Function) or DCF (Distributed Coordination Function) MAC state machine for WLAN operation. Such a scenario is shown in FIG. 1, where a personal computer at a user end 31′ continuously transmits an account number and password to request network connection, which, in turn, causes the wireless network switch apparatus 5′ providing an access point to respond continuously, thus adversely affecting the quality and speed of connection provided by the wireless network switch apparatus 5′ to other users 32′ of the Internet 7′.
Therefore, it is highly desirable for the industry to develop a novel mechanism that can improve on the drawbacks of prior art techniques by more easily controlling wireless network access and that is also convenient to manage and maintain, thus preventing access authentication problems that decrease the efficiency of wireless network utilization, thereby increasing the quality of wireless network connection, and effectively increasing the safety of the verification mechanisms use to achieve information resource security.