摘要 |
A method and system for information security authentication. The method comprises the steps of: an user initiating an access request which includes an attribute certificate setting with an extended identifier which indicates a biometric certificate associating with the attribute certificate; obtaining the biometric certificate, and determining whether the biometric certificate obtained associates with the attribute certificate in the access request based on the extended identifier, and if the biometric certificate associates with the attribute certificate, obtaining the biometric feature data of the user, and authenticating the identity based on the biometric feature data and the biometric certificate; authenticating the right using the attribute certificate; controlling the information requested by the user based on the identity authentication result and the right authentication result.
|