SSL VPN 是一種虛擬私有網路,可以在瀏覽器上使用,所有的網路資料傳輸都透過安全且經過身份認證的加密通道來進行傳輸。藉由SSL通訊協定可以提供客戶端與伺服器端之間更安全網路連結。在一般情況下,使用SSL VPN可以透過確認 LDAP 伺服器中的用戶憑證與密碼即可,但如果是要存取機密資料或是有特殊權限的使用者才可使用的資源,那我們就應該使用更高安全的身份驗證方法。故在本論文中提出一個使用者在登入使用SSLVPN之前,基於更高安全的理由,必須通過加入人臉辨識的雙層認證模式的SSLVPN架構。 在本系統架構中,使用者必須先通過SSL Handshake和使用者憑證認證,通過第一層的認證之後,以人臉辨識作為第二層的認證方法。系統使用從使用者端取的臉部資訊及參數進行人臉辨識,通過臉部辨識之後才可准許登入系統。 在實驗的部分人臉辨識率達88.7%,非本人辨識率達77%。由實驗結果得知,本論文提出以人臉辨識來加強SSL VPN身份認證的方法可以有效補強SSL VPN身份確認的功能,以降低在網路上頂替冒用身份的疑慮。 ;SSL VPN (Secure Sockets Layer Virtual Private Network) is a form of VPN that can be used with a standard web browser via a secure and authenticated pathway by encrypting all network traffic. This protocol achieves a higher level of compatibility with client and server platforms and hence provides a more reliable connection. In general, SSL VPN access can be granted by a user certificate and password in a LDAP. In some particular applications, SSL VPN intends to access important resources that are restricted and not as a general access solution. The resources require much higher secure authentication. In this thesis, we propose a novel SSL VPN double authentication scheme. An advanced feature is proposed based on endpoint security to check a connecting computer to make sure it passes facial recognition rules before allowing a user to log in to SSL VPN. In the proposed scheme, if the authentication successfully passes the SSL handshake process and certification, it is then passed the face recognition as the second layer authentication. The server requests the facial recognition parameters from the client for authentication. If the authentication is successful, the protocols go to the next stage or the protocols fail. The client can login to access the server if only all the protocols are successful. In our experiments, the accurate rate is 88.7% on images of person himself, and 77% on images of person non-self. From the experimental results, it indicates that our proposed scheme is an advance feature of identification on login to SSL VPN to decrease identification spoofing on the internet.