TW201843613A - Personal identity authentication method and system using graphic lock capable of ensuring a high-security identity authentication - Google Patents

Personal identity authentication method and system using graphic lock capable of ensuring a high-security identity authentication Download PDF

Info

Publication number
TW201843613A
TW201843613A TW106114458A TW106114458A TW201843613A TW 201843613 A TW201843613 A TW 201843613A TW 106114458 A TW106114458 A TW 106114458A TW 106114458 A TW106114458 A TW 106114458A TW 201843613 A TW201843613 A TW 201843613A
Authority
TW
Taiwan
Prior art keywords
code
graphic
input
user
predetermined
Prior art date
Application number
TW106114458A
Other languages
Chinese (zh)
Other versions
TWI621029B (en
Inventor
曾致崴
陳建旭
Original Assignee
中國信託商業銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中國信託商業銀行股份有限公司 filed Critical 中國信託商業銀行股份有限公司
Priority to TW106114458A priority Critical patent/TWI621029B/en
Application granted granted Critical
Publication of TWI621029B publication Critical patent/TWI621029B/en
Publication of TW201843613A publication Critical patent/TW201843613A/en

Links

Landscapes

  • Collating Specific Patterns (AREA)

Abstract

In a personal identity authentication method and system using a graphic lock, a user end provides a graphic input interface having N graphic areas, and obtains N graphic values respectively representing the graphic areas according to a stored specific identity identification code of a specific user and a predetermined reference code. Furthermore, when an input graphic trajectory (P<=N) passing through P graphic areas is generated via a user's sliding operation on the graphic input interface, an input code is generated according to P graphic values corresponding to P graphic areas by using a predetermined data encryption and a numerical value-to-letter code conversion method. A verification end determines whether the identity of the user is authenticated or not according to the input code from the user end and a stored reference verification code corresponding to the identity identification code.

Description

利用圖形鎖的個人身分認證方法及系統Personal identity authentication method and system using graphic lock

本發明是有關於一種個人身分認證方法及系統,特別是一種利用圖形鎖的個人身分認證方法及系統。The invention relates to a personal identity authentication method and system, in particular to a personal identity authentication method and system using a graphic lock.

由於行動通信及網路技術的快速發展,藉由行動裝置,使用者不僅可實現即時通訊,還可滿足行動支付等需求。有鑑於此,針對行動裝置的用戶身分認證已變得更為重要。舉例來說,在利用行動裝置執行網路支付處理時,個人身分認證關係到付款者的財務安全,或者,當使用者欲利用行動裝置登入網路銀行的個人帳戶時,亦需要先進行個人身分認證。Thanks to the rapid development of mobile communication and network technologies, mobile devices can not only realize instant messaging but also meet the needs of mobile payment. In view of this, user identity authentication for mobile devices has become more important. For example, when performing a network payment process using a mobile device, personal identity authentication is related to the financial security of the payer, or when the user wants to use the mobile device to log into the personal account of the online bank, the personal identity is also required. Certification.

雖然目前用於行動裝置的身分認證方式通常可包括經由人為輸入操作的密碼認證、圖形鎖認證等方式,但使用者恐因忘記密碼或密碼輸入錯誤而導致認證失敗,或者使用者在輸入密碼或解鎖圖形時,密碼或解鎖圖形被他人竊取而導致個人身分被盜用。故,現有身分認證技術仍有很大的改良空間。因此,為了確保使用者資訊安全,亟需發展出一種免除記憶密碼且具高安全性的個人身分認證方法。Although the current authentication method for mobile devices may generally include password authentication, graphic lock authentication, etc. via human input operation, the user may lose the authentication due to forgetting the password or password input error, or the user inputs the password or When unlocking a graphic, the password or unlocked graphic is stolen by others and the identity of the individual is stolen. Therefore, the existing identity authentication technology still has a lot of room for improvement. Therefore, in order to ensure the security of user information, it is urgent to develop a personal identity authentication method that is free of memory passwords and has high security.

因此,本發明的一目的,即在提供一種利用圖形鎖的個人身分認證方法,其能克服習知技藝的缺點。Accordingly, it is an object of the present invention to provide a personal identity authentication method utilizing a graphics lock that overcomes the shortcomings of the prior art.

於是,本發明提供了一種個人身分認證方法,其藉由一使用者端、及一經由一通訊網路連接該使用者端的驗證端來實施,該使用者端提供有一具有N個不同圖形區域的圖形輸入介面。該個人身分認證方法包含以下步驟:(A)藉由該使用者端,儲存一唯一指派給一特定使用者的身分識別碼、及一預定參考碼;(B)藉由該使用者端,根據該身分識別碼及該預定參考碼,至少利用一預定編碼方式,獲得一組對應於該身分識別碼的N個分別代表該等N個圖形區域的圖形數值;(C)藉由該驗證端,儲存一唯一對應於該身分識別碼的參考驗證碼;(D)藉由該使用者端,當經由一使用者在該圖形輸入介面上的一滑移操作而產生的一經過該等N個圖形區域其中P個圖形區域的輸入圖形軌跡時,根據該等P個圖形區域在該輸入圖形軌跡上出現的先後順序,將該等P個圖形區域分別定義為第一至第P輸入圖形區域,其中P≤N;(E)藉由該使用者端,根據該等N個圖形數值其中的P個分別代表該第一至第P輸入圖形區域的圖形數值,利用一預定資料加密演算法及一預定數值轉字碼方式,產生一輸入碼,並將該輸入碼經由該通訊網路傳送至該驗證端;及(F)藉由該驗證端,在接收到來自該使用者端的該輸入碼時,根據該輸入碼及該參考驗證碼,判定該使用者的身分是否被成功認證。Therefore, the present invention provides a personal identity authentication method, which is implemented by a user terminal and a verification terminal connected to the user terminal via a communication network, and the user terminal provides a graphic with N different graphic regions. Input interface. The personal identity authentication method includes the following steps: (A) storing, by the user terminal, an identity identifier uniquely assigned to a specific user, and a predetermined reference code; (B) by the user terminal, according to And the at least one predetermined coding mode is used to obtain a set of N graphic values corresponding to the identity identification codes respectively representing the N graphic regions; (C) by using the verification end, Storing a reference verification code uniquely corresponding to the identity identifier; (D) passing the N graphics generated by a sliding operation of the user on the graphic input interface by the user terminal When the input graphics track of the P graphics area is in the region, the P graphics regions are respectively defined as the first to Pth input graphics regions according to the order in which the P graphics regions appear on the input graphics track, wherein P ≤ N; (E) by the user end, according to the P values of the N graphical values respectively representing the graphical values of the first to P input graphic regions, using a predetermined data encryption algorithm and a predetermined Numerical turn a code mode, generating an input code, and transmitting the input code to the verification terminal via the communication network; and (F) by the verification terminal, when receiving the input code from the user end, according to the input code And the reference verification code determines whether the identity of the user is successfully authenticated.

因此,本發明的另一目的,即在提供一種利用圖形鎖的個人身分認證系統,其能克服習知技藝的缺點。Accordingly, it is another object of the present invention to provide a personal identity authentication system that utilizes a graphical lock that overcomes the shortcomings of the prior art.

於是,本發明 提供了一種個人身分認證系統,其包含一使用者端及一驗證端。Accordingly, the present invention provides a personal identity authentication system including a user terminal and a verification terminal.

一使用者端包括一使用者輸入/輸出單元、一儲存單元、一通訊模組及一處理單元。該使用者輸入/輸出單元提供有一具有N個不同圖形區域的圖形輸入介面,該儲存單元儲存有一唯一指派給一特定使用者的身分識別碼、及一預定參考碼,該通訊模組連接一通訊網路,該處理單元電連接該使用者輸入/輸出單元、該儲存單元、及該通訊模組,並包含一編碼模組,該編碼模組根據該儲存單元所儲存的該身分識別碼及該預定參考碼,至少利用一預定編碼方式,獲得一組對應於該身分識別碼的N個分別代表該等N個圖形區域的圖形數值。A user terminal includes a user input/output unit, a storage unit, a communication module, and a processing unit. The user input/output unit is provided with a graphic input interface having N different graphic areas, the storage unit stores an identity identifier uniquely assigned to a specific user, and a predetermined reference code, and the communication module is connected to a communication network. The processing unit is electrically connected to the user input/output unit, the storage unit, and the communication module, and includes an encoding module, and the encoding module stores the identity identifier and the reservation according to the storage unit. The reference code obtains, by using at least one predetermined coding mode, a set of N graphic values corresponding to the identity identification codes respectively representing the N graphic regions.

該驗證端連接該通訊網路,並儲存有一唯一對應於該身分識別碼的參考驗證碼。The verification terminal is connected to the communication network and stores a reference verification code uniquely corresponding to the identity identifier.

該使用者輸入/輸出單元根據經由一使用者在該圖形輸入介面上的一滑移操作產生一經過該等N個圖形區域其中P個圖形區域的輸入圖形軌跡,其中P≤N,並將一對應於該輸入圖形軌跡的輸入結果輸出至該處理單元,該處理2單元按照該輸入結果所指使出該等P個圖形區域在該輸入圖形軌跡上出現的先後順序,將該等P個圖形區域分別定義為第一至第P輸入圖形區域。該處理單元根據該編碼模組所獲得的該等N個圖形數值其中的P個分別代表該第一至第P輸入圖形區域的圖形數值,利用一預定資料加密演算法及一預定數值轉字碼方式,產生一輸入碼。該處理單元透過該通訊模組將該輸入碼經由該通訊網路傳送至該驗證端。該驗證端在接收到來自該使用者端的該輸入碼時,根據該輸入碼及該參考驗證碼,判定該使用者的身分是否被成功認證。The user input/output unit generates an input graphic trajectory through the P graphics regions of the N graphics regions according to a slip operation on the graphics input interface by a user, where P≤N, and one Outputting an input result corresponding to the input graphic trajectory to the processing unit, the processing 2 unit, according to the input result, ordering the P graphic regions to appear on the input graphic trajectory, and the P graphic regions They are defined as first to Pth input graphic areas, respectively. The processing unit uses a predetermined data encryption algorithm and a predetermined value transcoding method according to the graphic values of the first to the Pth input graphic regions, respectively, according to the P values of the N graphic values obtained by the encoding module. , generating an input code. The processing unit transmits the input code to the verification terminal via the communication network through the communication module. When receiving the input code from the user end, the verification terminal determines whether the identity of the user is successfully authenticated according to the input code and the reference verification code.

本發明的功效在於:由於該特定使用者所持有的該使用者端具有一組根據該身分識別碼與該預定參考碼的編碼而獲得的圖形數值,經由將P個對應於該輸入圖形軌跡的圖形數值以該預定資料加密演算法加密所產生的該輸入碼實難以破解,故能確保高安全性的身分認證。The effect of the present invention is that since the user end held by the specific user has a set of graphic values obtained according to the code of the identity identification code and the predetermined reference code, by P corresponding to the input graphic track The input value generated by the predetermined data encryption algorithm is difficult to be solved, so that high security identity authentication can be ensured.

參閱圖1及圖2,本發明個人身分認證系統100的一實施例包含一使用者端1及一驗證端2。在本實施例中,該使用者端1可被實施為如智慧型手機或平板電腦的行動裝置,且由一特定使用者所持有。Referring to FIG. 1 and FIG. 2, an embodiment of the personal identity authentication system 100 of the present invention includes a user terminal 1 and a verification terminal 2. In this embodiment, the user terminal 1 can be implemented as a mobile device such as a smart phone or a tablet, and is held by a specific user.

該使用者端1包括一使用者輸入/輸出單元11、一儲存單元12、一通訊模組13、及一處理單元14。該使用者輸入/輸出單元11提供有一具有N(例如,N=9)個不同圖形區域A1~A9的圖形輸入介面111(見圖2),該通訊模組13連接例如網際網路的一通訊網路200,該處理單元14電連接該使用者輸入/輸出單元11、該儲存單元12及該通訊模組13,並包含一編碼模組141、一加密模組142及一處理模組143。值得注意的是,該圖形輸入介面111可被視為一圖形鎖介面。The user terminal 1 includes a user input/output unit 11, a storage unit 12, a communication module 13, and a processing unit 14. The user input/output unit 11 is provided with a graphic input interface 111 (see FIG. 2) having N (for example, N=9) different graphic areas A1 to A9, and the communication module 13 is connected to a communication network such as the Internet. The processing unit 14 is electrically connected to the user input/output unit 11, the storage unit 12, and the communication module 13, and includes an encoding module 141, an encryption module 142, and a processing module 143. It is worth noting that the graphical input interface 111 can be viewed as a graphical lock interface.

該個人身分認證系統100在實際執行一個人身分認證程序之前,必須對於該特定使用者以及該使用者端1完成一註冊程序。另一方面,該使用者端1可經由執行一相關應用程式(圖未示)來進行該註冊程序的相關處理。舉例來說,該相關應用程式可為一相關於登入網路銀行的應用程式,而一銀行伺服器可作為該驗證端2,但不在此限。The personal identity authentication system 100 must complete a registration procedure for the particular user and the client 1 before actually executing the identity authentication program. On the other hand, the user terminal 1 can perform related processing of the registration program by executing an associated application (not shown). For example, the related application may be an application related to login to the online banking, and a banking server may serve as the verification terminal 2, but not limited thereto.

以下,將參閱圖1、圖3及圖4來詳細地說明該個人身分認證系統100如何執行該註冊程序。Hereinafter, how the personal identity authentication system 100 executes the registration procedure will be described in detail with reference to FIGS. 1, 3, and 4.

首先,在步驟S31中,該處理單元14在該使用者輸入/輸出單元11經由該特定使用者的一操作而獲得一唯一指派給該特定使用者的身分識別碼後,將該身分識別碼儲存於該儲存單元12(圖1)並利用該通訊模組13,將一包含該身分識別碼的註冊請求經由該通訊網路200傳送至該驗證端2。在本實施例中,該身分識別碼例如為一身分證字號,但不在此限。該身分識別碼具有一例如含有一英文字的文字碼部分、及一由N(例如,N=9)個數字碼所組成的數字碼部分。在本實施例中,該數字碼部分例如被表示為d1 d2 ..dN-1 dNFirst, in step S31, the processing unit 14 stores the identity identifier after the user input/output unit 11 obtains an identity identifier uniquely assigned to the specific user via an operation of the specific user. The storage unit 12 (FIG. 1) uses the communication module 13 to transmit a registration request including the identity identification code to the verification terminal 2 via the communication network 200. In this embodiment, the identity identifier is, for example, an identity card number, but is not limited thereto. The identity identification code has, for example, a character code portion containing an English word, and a digital code portion composed of N (e.g., N = 9) digital codes. In the present embodiment, the digital code portion is represented, for example, as d 1 d 2 ..d N-1 d N .

接著,在步驟S32中,該驗證端2在接收到來自該使用者端1的該註冊請求時,回應於該註冊請求,將包含一預定參考碼的回覆經由該通訊網路200傳送該使用者端1。在本實施例中,該預定參考碼係由N個數字碼所組成並且例如可被表示為r1 r2 ..rN-1 rN 。值得注意的是,該預定參考碼例如可以由該驗證端2所預先設定,但不在此限,並可用作後續編碼處理的一私鑰。Next, in step S32, the verification terminal 2, upon receiving the registration request from the user terminal 1, responds to the registration request, and transmits a reply including a predetermined reference code to the user terminal via the communication network 200. 1. In the present embodiment, the predetermined reference code is composed of N digital codes and can be expressed, for example, as r 1 r 2 ..r N-1 r N . It should be noted that the predetermined reference code may be preset by the verification terminal 2, for example, but not limited thereto, and may be used as a private key for subsequent encoding processing.

然後,在步驟S33中,當該使用者端1接收到來自該驗證端2的該回覆時,該處理模組143將該預定參考碼儲存於該儲存單元12(圖1),並且該編碼模組141根據該儲存單元12所儲存的該身分識別碼及該預定參考碼,利用一預定編碼方式及一預定文字轉數字方式,獲得一組對應於該身分識別碼的N(例如,N=9)個分別代表該等9個圖形區域A1~A9的圖形數值R1 ~RN 。在本實施例中,該預定文字轉數字方式例如可利用一ASCII碼查找表(圖未示),但不在此限。更明確地,該編碼模組141先將該身分識別碼的該文字碼部分被轉換為一數字M,並且根據該預定編碼方式,執行以下運算: d'x =dx +rx ,其中x=1,2,…,N; S=sum(d'1 +d'2 +…+d'N );及 Ry =MOD(M´S+d'y ,100)+Py ,其中y=1,2,…,N,Ry 表示該等N個圖形數值其中一個對應於第y個圖形區域的圖形數值,且Py 表示一分派給該第y個圖形區域的參數值,因而獲得該等N個圖形數值R1 ~RN 。於是,該處理模組143將該等N個圖形數值R1 ~RN 儲存於該儲存單元12(步驟S34)。Then, in step S33, when the user terminal 1 receives the reply from the verification terminal 2, the processing module 143 stores the predetermined reference code in the storage unit 12 (FIG. 1), and the coding mode The group 141 obtains a set of N corresponding to the identity identification code by using a predetermined coding mode and a predetermined text-to-digital method according to the identity identification code stored in the storage unit 12 and the predetermined reference code (for example, N=9). The graphic values R 1 to R N representing the nine graphic areas A1 to A9, respectively. In this embodiment, the predetermined text-to-digital method may use, for example, an ASCII code lookup table (not shown), but is not limited thereto. More specifically, the encoding module 141 first converts the text code portion of the identity identification code into a number M, and according to the predetermined encoding mode, performs the following operation: d' x =d x +r x , where x =1,2,...,N; S=sum(d' 1 +d' 2 +...+d' N ); and R y =MOD(M ́S+d' y ,100)+P y , where y =1, 2, . . . , N, R y represents that one of the N graphical values corresponds to the graphical value of the yth graphical region, and P y represents a parameter value assigned to the yth graphical region, thereby obtaining The N graphical values R 1 ~ R N . Then, the processing module 143 stores the N pieces of graphic values R 1 to R N in the storage unit 12 (step S34).

例如,在該身分識別碼為A100000015且該預定參考碼為374987245(也就是,該身分識別碼的該文字碼部分是一單一個英文字母A、d1 d2 ..d8 d9 =100000015、及r1 r2 ..r8 r9 =374987245)並且該等9個參數P1~ P9 分別為100,200,300,400,500,600,700,800及900的情況下,英文字母A被轉換為M且M=65,並經由執行上述運算獲得以下結果 d'1 =1+3=4,d'2 =7,d'3 =4,d'4 =9,d'5 =8,d'6 =7,d'7 =2,d'8 =1+4=5,d'9 =5+5=10, S=4+7+4+9+8+7+2+5+10=56, R1 =MOD(65´56+4,100)+100=144, R2 =MOD(65´56+7,100)+200=247, R3 =MOD(65´56+4,100)+300=344, R4 =MOD(65´56+9,100)+400=449, R5 =MOD(65´56+8,100)+500=548, R6 =MOD(65´56+7,100)+600=647, R7 =MOD(65´56+2,100)+700=742, R8 =MOD(65´56+5,100)+800=845,及 R9 =MOD(65´56+10,100)+900=950。For example, the identity identifier is A100000015 and the predetermined reference code is 374987245 (that is, the character code portion of the identity identifier is a single English letter A, d 1 d 2 ..d 8 d 9 = 100000015, And r 1 r 2 ..r 8 r 9 =374987245) and the nine parameters P 1~ P 9 are 100, 200, 300, 400, 500, 600, 700, 800 and 900, respectively, in English letters A is converted to M and M=65, and the following result is obtained by performing the above operation d' 1 =1+3=4, d' 2 =7, d' 3 =4, d' 4 =9, d' 5 = 8,d' 6 =7,d' 7 =2,d' 8 =1+4=5,d' 9 =5+5=10, S=4+7+4+9+8+7+2+ 5+10=56, R 1 =MOD(65 ́56+4,100)+100=144, R 2 =MOD(65 ́56+7,100)+200=247, R 3 =MOD(65 ́56 +4,100)+300=344, R 4 =MOD(65 ́56+9,100)+400=449, R 5 =MOD(65 ́56+8,100)+500=548, R 6 =MOD (65 ́56+7,100)+600=647, R 7 =MOD(65 ́56+2,100)+700=742, R 8 =MOD(65 ́56+5,100)+800=845, And R 9 = MOD (65 ́56 + 10, 100) + 900 = 950.

接著,在步驟S35中,在該使用者輸入/輸出單元11經由該特定使用者在該圖形輸入介面111上的一滑移操作產生一經過該等N(例如,N=9)個圖形區域A1~A9其中的P個所欲圖形區域的特定圖形軌跡T並將一對應於該特定圖形軌跡T的特定輸入結果輸出至該處理單元14後,該處理模組143按照該特定輸入結果所指示出該等P個所欲圖形區域在該特定圖形軌跡T上出現的先後順序,將該等P個所欲圖形區域分別定義為第一至第P所欲圖形區域,其中P≤N。在本實施例中,例如,P=6,但不在此限。舉例來說,如圖4所示,經過該等六個圖形區域A1,A4,A5,A7,A8,A9的該所欲圖形軌跡T被表示為A4→A5→A9→A8→A7→A1,也就是說,該處理模組143根據該特定輸入結果,將該等圖形區域A4,A5,A9,A8,A7,A1分別定義為該第一至第六所欲圖形區域。Next, in step S35, the user input/output unit 11 generates a passing of the N (for example, N=9) graphic areas A1 by a slip operation of the specific user on the graphic input interface 111. After a specific graphic track T of the P desired graphic areas is output to the processing unit 14 , the processing module 143 indicates the specific input result. The order in which the P desired graphic regions appear on the specific graphic track T is defined as the first to the Pth desired graphic regions, respectively, where P≤N. In the present embodiment, for example, P=6, but not limited thereto. For example, as shown in FIG. 4, the desired graphic track T passing through the six graphic areas A1, A4, A5, A7, A8, A9 is represented as A4→A5→A9→A8→A7→A1, That is, the processing module 143 defines the graphic regions A4, A5, A9, A8, A7, and A1 as the first to sixth desired graphic regions, respectively, according to the specific input result.

在步驟S36中,該處理單元14根據該儲存單元12所儲存的等N個圖形數值R1 ~RN 其中的P個分別代表該第一至第P所欲圖形區域的圖形數值,利用一預定資料加密演算法及一預定數值轉字碼方式,產生一唯一對應於該身分識別碼的參考驗證碼。以下,參閱圖5,進一步詳細說明該處理單元14如何產生該參考驗證碼。In step S36, the processing unit 14 uses a predetermined one according to the graphical values of the first and the Pth desired graphic regions, respectively, according to the P values of the N graphical values R 1 to R N stored by the storage unit 12 . The data encryption algorithm and a predetermined value transcoding method generate a reference verification code uniquely corresponding to the identity identification code. Hereinafter, referring to FIG. 5, how the processing unit 14 generates the reference verification code will be described in further detail.

該處理模組143先將該等P個分別代表該第一至第P所欲圖形區域的圖形數值分別定義為第一至第P參考圖形數值(步驟S51)。舉例來說,依照上述例子,六個分別代表該第一至第六所欲圖形區域A4,A5,A9,A8,A7,A1的圖形數值R4 (=449),R5 (=548),R9 (=950),R8 (=845),R7 (=742), R1 (=144)分別定義為該第一至第六參考圖形數值。The processing module 143 first defines the P graphic values representing the first to Pth desired graphic regions as the first to Pth reference graphic values, respectively (step S51). For example, according to the above example, six graphical values R 4 (= 449), R 5 (= 548) representing the first to sixth desired pattern areas A4, A5, A9, A8, A7, A1, respectively. R 9 (= 950), R 8 (= 845), R 7 (= 742), and R 1 (= 144) are defined as the first to sixth reference pattern values, respectively.

然後,該加密模組142利用該預定資料加密演算法,以該第一參考圖形數值為一第一密鑰加密該第二參考圖形數值,以便獲得一第一加密數值,並將該第i加密數值作為一第(i+1)密鑰且以該第(i+1)密鑰加密該第(i+2)參考圖形數值,以便獲得一第(i+1)加密數值,其中i=1,2,…,(P-2)(步驟S52)。在本實施例中,該預定資料加密演算法例如為一三重加密資料演算法(Triple Data Encryption Algorithm),但不在此限,並且該第一至第(P-1)加密數值均為十六進制的數值。舉例來說,依照上述例子,並在P=6且使用例如一初始向量為bf0d80b16262738f(H) 的情況下:以449(第一參考圖形數值/R4)為第一密鑰加密548(第二參考圖形數值/R5)而獲得76f9e33fb0fb0dab9a5(H) (第一加密數值);以76f9e33fb0fb0dab9a5(H) 為第二密鑰加密950(第三參考圖形數值/R9)而獲得22fdd3bccac50c14(H) (第二加密數值);以22fdd3bccac50c14(H) 為第三密鑰加密845(第四參考圖形數值/R8)而獲得fea646465c3853364(H) (第三加密數值);以fea646465c3853364(H) 為第三密鑰加密742(第五參考圖形數值/R7)而獲得9a27610b6ab5fd46(H) (第四加密數值);以9a27610b6ab5fd46(H) 為第四密鑰加密144(第六參考圖形數值/R1)而獲得624b2d5a442db931(H) (第五加密數值)。Then, the encryption module 142 uses the predetermined data encryption algorithm to encrypt the second reference graphic value by using the first reference graphic value as a first key, so as to obtain a first encrypted value, and encrypt the ith. The value is used as an (i+1)th key and the (i+2)th reference pattern value is encrypted with the (i+1)th key to obtain an (i+1)th encrypted value, where i=1 , 2, ..., (P-2) (step S52). In this embodiment, the predetermined data encryption algorithm is, for example, a Triple Data Encryption Algorithm, but not limited thereto, and the first to (P-1) encrypted values are all sixteen. The value of the hexadecimal. For example, in accordance with the above example, and where P=6 and using, for example, an initial vector of bf0d80b16262738f (H) : 449 (first reference pattern value /R4) is used as the first key encryption 548 (second reference) Numerical graphics / R5) obtained 76f9e33fb0fb0dab9a5 (H) (first encrypted value); in 76f9e33fb0fb0dab9a5 (H) a second encryption key 950 (third reference pattern value / R9) obtained 22fdd3bccac50c14 (H) (a second encrypted value ; obtaining a fea646465c3853364 (H) (third encrypted value) with 22fdd3bccac50c14 (H) as the third key encryption 845 (fourth reference pattern value /R8); encrypting 742 with fea646465c3853364 (H) as the third key (the first key ) 5 reference pattern value /R7) to obtain 9a27610b6ab5fd46 (H) (fourth encrypted value); 9a27610b6ab5fd46 (H) for the fourth key encryption 144 (sixth reference figure value /R1) to obtain 624b2d5a442db931 (H) (fifth Encrypted value).

之後,該編碼模組141利用該預定數值轉字碼方式,將該第(P-1)加密數值轉換為一字碼(步驟S53)。在本實施例中,該預定數值轉字碼方式係根據例如base64編碼技術,但不在此限。舉例來說,依照上述例子,624b2d5a442db931(H) (第五加密數值)被轉換成YksWkQtuTE=。Thereafter, the encoding module 141 converts the (P-1) encrypted value into a word code by using the predetermined value transcoding method (step S53). In the present embodiment, the predetermined value transcoding method is based on, for example, a base64 encoding technique, but is not limited thereto. For example, according to the above example, 624b2d5a442db931 (H) (fifth encrypted value) is converted to YksWkQtuTE=.

最後,該處理模組143自該字碼擷取出一含有該字碼的前Q個碼字的字碼部分,並且將該字碼部分依照一預定碼字取代邏輯處理後獲得該參考驗證碼。在本實施例中,例如Q=12,但不在此限,並且該預定碼字取代邏輯例如包含以「/」取代「a」,以「+」取代「b」、及以「=」取代「c」,但不在此限。舉例來說,依照前例,由於YksWkQtuTE=剛好具有12個碼字,因此該字碼部分就是該字碼,並且其中最後一個碼字「=」被「c」取代後獲得YksWkQtuTEc作為該參考驗證碼。Finally, the processing module 143 extracts a portion of the word code containing the first Q code words of the word code from the word code, and replaces the code portion with a predetermined code word to obtain the reference verification code. In this embodiment, for example, Q=12, but not limited thereto, and the predetermined codeword replacement logic includes, for example, replacing "a" with "/", "b" with "+", and "=" with "=". c", but not limited to this. For example, according to the previous example, since YksWkQtuTE= has exactly 12 code words, the word code portion is the word code, and the last code word "=" is replaced by "c" to obtain YksWkQtuTEc as the reference verification code.

在步驟S37中(圖3),該處理單元14利用該通訊模組13,經由該通訊網路200,將該參考驗證碼連同該儲存單元12所儲存的該身分識別碼一併傳送至該驗證端2。於是,當該驗證端2接收到來自該使用者端1的該參考驗證碼及該身分識別碼時,該驗證端2例如以一唯一對應的方式儲存該參考驗證碼及該身分識別碼(步驟S38)。至此,該註冊程序被完成。In step S37 (FIG. 3), the processing unit 14 uses the communication module 13 to transmit the reference verification code to the verification terminal together with the identity identification code stored in the storage unit 12 via the communication network 200. 2. Then, when the verification terminal 2 receives the reference verification code and the identity identification code from the user terminal 1, the verification terminal 2 stores the reference verification code and the identity identification code in a unique corresponding manner, for example. S38). At this point, the registration process is completed.

以下,將參閱圖1及圖6來詳細地說明該個人身分認證系統100如何執行該個人身分認證程序。Hereinafter, how the personal identity authentication system 100 executes the personal identity authentication program will be described in detail with reference to FIGS. 1 and 6.

首先,在步驟S61中,在該使用者輸入/輸出單元11經由一使用者在該圖形輸入介面111上的一滑移操作產生一經過該等N(例如,N=9)個圖形區域A1~A9其中的P(例如,P=6)個輸入圖形區域的輸入圖形軌跡並將一對應於該輸入圖形軌跡的輸入結果輸出至該處理單元14後,該處理模組143按照該輸入結果所指示出該等P個輸入圖形區域在該輸入圖形軌跡上出現的先後順序,將該等P個輸入圖形區域分別定義為第一至第P輸入圖形區域。First, in step S61, the user input/output unit 11 generates a passing of the N (for example, N=9) graphic areas A1 through a sliding operation of the user on the graphic input interface 111. After A9 (for example, P=6) input graphic traces of the input graphic area and outputting an input result corresponding to the input graphic track to the processing unit 14, the processing module 143 is instructed according to the input result. The order in which the P input pattern regions appear on the input pattern track is defined as the first to Pth input pattern regions, respectively.

在步驟S62中,該處理單元14根據該儲存單元12所儲存的等N個圖形數值R1 ~RN 其中的P個分別代表該第一至第P輸入圖形區域的圖形數值,利用該預定資料加密演算法及該預定數值轉字碼方式,產生一輸入碼。以下,參閱圖7,進一步詳細說明該處理單元14如何產生該輸入碼。In step S62, the processing unit 14 uses the predetermined data according to the graphical values of the first to the Pth input graphic regions, respectively, according to the P values of the N pieces of the graphic values R 1 to R N stored by the storage unit 12 . The encryption algorithm and the predetermined value transcoding method generate an input code. Hereinafter, referring to FIG. 7, how the processing unit 14 generates the input code will be described in further detail.

相似於步驟S51,該處理模組143先將該等P個分別代表該第一至第P輸入圖形區域的圖形數值分別定義為第一至第P參考圖形數值(步驟S71)。Similar to step S51, the processing module 143 first defines the P-shaped graphic values representing the first to P-th input graphic regions as the first to P-th reference graphic values, respectively (step S71).

然後,該加密模組142根據該第一至第P參考圖形數值,利用該預定資料加密演算法,獲得第一至第(P-1)加密數值(步驟S72)。更明確地,例如,P=6,該加密模組142以該第一參考圖形數值為一第一密鑰加密該第二參考圖形數值以便獲得一第一加密數值,並將該第一加密數值作為一第二密鑰;以該第二密鑰加密該第三參考圖形數值以便獲得一第二加密數值,並將該第二加密數值作為一第三密鑰;以該第三密鑰加密該第四參考圖形數值以便獲得一第三加密數值,並將該第三加密數值作為一第四密鑰;以該第四密鑰加密該第五參考圖形數值以便獲得一第四加密數值,並將該第四加密數值作為一第五密鑰;及以該第五密鑰加密該第六參考圖形數值以便獲得一第五加密數值。Then, the encryption module 142 obtains the first to (P-1) encrypted values by using the predetermined data encryption algorithm according to the first to Pth reference pattern values (step S72). More specifically, for example, P=6, the encryption module 142 encrypts the second reference pattern value by using the first reference pattern value as a first key to obtain a first encrypted value, and the first encrypted value. As a second key; encrypting the third reference pattern value with the second key to obtain a second encrypted value, and using the second encrypted value as a third key; encrypting the third key with the third key The fourth reference graphic value is used to obtain a third encrypted value, and the third encrypted value is used as a fourth key; the fifth reference graphic value is encrypted with the fourth key to obtain a fourth encrypted value, and The fourth encrypted value is used as a fifth key; and the sixth reference graphic value is encrypted with the fifth key to obtain a fifth encrypted value.

之後,相似於步驟S53,該編碼模組141利用該預定數值轉字碼方式,將該第(P-1)加密數值轉換為一字碼(步驟S73)。Thereafter, similarly to step S53, the encoding module 141 converts the (P-1)th encrypted value into a one-word code by using the predetermined value transcoding method (step S73).

最後,相似於步驟S54,該處理模組143自步驟S73所得的該字碼擷取出一含有該字碼的前Q個碼字的字碼部分,並且將該字碼部分依照上述該預定碼字取代邏輯處理後獲得該輸入碼。Finally, similar to step S54, the processing module 143 extracts a portion of the word code containing the first Q code words of the word code from the word code obtained in step S73, and replaces the code portion with the predetermined code word in place of the logic processing. Obtain the input code.

在步驟S63中(圖3),該處理單元14利用該通訊模組13,經由該通訊網路200,將該輸入碼連同該儲存單元12所儲存的該身分識別碼一併傳送至該驗證端2。In step S63 (FIG. 3), the processing unit 14 uses the communication module 13 to transmit the input code to the verification terminal 2 together with the identity identification code stored in the storage unit 12 via the communication network 200. .

在步驟S64中,當該驗證端2接收到來自該使用者端1的該輸入碼及該身分識別碼時,該驗證端2根據該輸入碼及該驗證端2所儲存且對應於該身分識別碼的該參考驗證碼,判定該使用者的身分是否被成功認證。更明確地,該驗證端2係經由判定該輸入碼是否相符於對應於該身分識別碼的該參考驗證碼來決定該使用者的身分是否被成功認證(也就是說,該使用者身分是否為該特定使用者身分)。理想上,例如,若該輸入圖形軌跡依序經過該等六個輸入圖形區域A4,A5,A9,A8,A7,A1,如圖4所示,且被表示為A4→A5→A9→A8→A7→A1,也就是說,該輸入圖形軌跡完全相同於該特定圖形軌跡T,在此情況下,該驗證端2判定出該輸入碼相符於對應於該身分識別碼的該參考驗證碼時,則該驗證端2判定出該使用者的身分被成功認證,接著,流程進行至步驟S65。相反地,若該輸入圖形軌跡不同於該特定圖形軌跡時,該驗證端2判定出該輸入碼不符於對應於該身分識別碼的該參考驗證碼時,於是,該驗證端2判定出該使用者的身分的認證失敗,接著,流程進行至步驟S66。至此,該個人身分認證程序被完成。In step S64, when the verification terminal 2 receives the input code and the identity identification code from the user terminal 1, the verification terminal 2 stores the identifier according to the input code and the verification terminal 2 and corresponds to the identity identification. The reference verification code of the code determines whether the identity of the user is successfully authenticated. More specifically, the verification terminal 2 determines whether the identity of the user is successfully authenticated by determining whether the input code conforms to the reference verification code corresponding to the identity identification code (that is, whether the user identity is The specific user identity). Ideally, for example, if the input graphic trajectory sequentially passes through the six input graphic areas A4, A5, A9, A8, A7, A1, as shown in FIG. 4, and is represented as A4→A5→A9→A8→ A7→A1, that is, the input graphic trajectory is exactly the same as the specific graphic trajectory T. In this case, when the verification terminal 2 determines that the input code matches the reference verification code corresponding to the identity identification code, Then, the verification terminal 2 determines that the identity of the user is successfully authenticated, and then the flow proceeds to step S65. Conversely, if the input graphic track is different from the specific graphic track, the verification terminal 2 determines that the input code does not correspond to the reference verification code corresponding to the identity identification code, and then the verification terminal 2 determines the use. The authentication of the identity of the person fails, and then the flow proceeds to step S66. At this point, the personal identity authentication process is completed.

在步驟S65中,該驗證端2將一指示出該使用者的身分被成功認證的成功訊息,經由該通訊網路200傳送至該使用者端1。於是,該使用者端1在接收到來自該驗證端2的該成功訊息時,允許該使用者執行後續處理,例如,登入該使用者在網路銀行的個人帳戶。In step S65, the verification terminal 2 transmits a success message indicating that the identity of the user is successfully authenticated to the user terminal 1 via the communication network 200. Therefore, when receiving the success message from the verification terminal 2, the user terminal 1 allows the user to perform subsequent processing, for example, logging in the personal account of the user at the online bank.

在步驟S66中,該驗證端2將一指示出該使用者身分認證失敗的失敗訊息,經由該通訊網路200傳送至該使用者端。於是,該使用者端1在接收到來自該驗證端2的該失敗訊息時,不允許該使用者執行後續處理。In step S66, the verification terminal 2 transmits a failure message indicating that the user identity authentication failed to the user terminal via the communication network 200. Therefore, when receiving the failure message from the verification terminal 2, the user terminal 1 does not allow the user to perform subsequent processing.

綜上所述,由於該特定使用者所持有的該使用者端1在註冊階段,已獲得並儲存了一組對應於該身分識別碼N個圖形數值,此等N個圖形數值可被視為一對應於該身分識別碼(該特定使用者)的圖形鎖。因此,不同的身分識別碼(使用者)將對應有不同的圖形鎖。於是,即使在產生該輸入圖形軌跡的階段,遭人窺伺到該輸入圖形軌跡,因缺乏對應的該等N個圖形數值,故,無法產生可被成功認證的該輸入碼。此外,經由將P個對應於該輸入圖形軌跡的圖形數值以該預定資料加密演算法加密所產生的該輸入碼實難以破解,故能確保高安全性的身分認證。因此,確實能達成本發明的目的。In summary, since the user terminal 1 held by the specific user has obtained and stored a set of N graphical values corresponding to the identity identifier during the registration phase, the N graphical values can be viewed. Is a graphic lock corresponding to the identity identifier (the specific user). Therefore, different identity codes (users) will have different graphic locks. Thus, even if the input pattern trajectory is sneaked at the stage of generating the input pattern trajectory, the input code that can be successfully authenticated cannot be generated due to the lack of the corresponding N pattern values. In addition, the input code generated by encrypting the P graphic values corresponding to the input graphic trajectory by the predetermined data encryption algorithm is difficult to be solved, so that high security identity authentication can be ensured. Therefore, the object of the present invention can be achieved.

惟以上所述者,僅為本發明的實施例而已,當不能以此限定本發明實施的範圍,凡是依本發明申請專利範圍及專利說明書內容所作的簡單的等效變化與修飾,皆仍屬本發明專利涵蓋的範圍內。However, the above is only the embodiment of the present invention, and the scope of the invention is not limited thereto, and all the simple equivalent changes and modifications according to the scope of the patent application and the patent specification of the present invention are still Within the scope of the invention patent.

100‧‧‧個人身分認證系統100‧‧‧personal identity authentication system

1‧‧‧使用者端1‧‧‧User side

11‧‧‧使用者輸入/輸出單元11‧‧‧User input/output unit

111‧‧‧圖形輸入介面111‧‧‧Graphic input interface

12‧‧‧儲存單元12‧‧‧ storage unit

13‧‧‧通訊模組13‧‧‧Communication module

14‧‧‧處理單元14‧‧‧Processing unit

141‧‧‧編碼模組141‧‧‧Code Module

142‧‧‧加密模組142‧‧‧Encryption Module

143‧‧‧處理模組143‧‧‧Processing module

2‧‧‧驗證端2‧‧‧Verification

200‧‧‧通訊網路200‧‧‧Communication network

A1-A6‧‧‧圖形區域A1-A6‧‧‧ graphic area

S31-S38‧‧‧步驟S31-S38‧‧‧Steps

S51-S54‧‧‧步驟S51-S54‧‧‧Steps

S61-S66‧‧‧步驟S61-S66‧‧‧Steps

S71-S74‧‧‧步驟S71-S74‧‧‧Steps

本發明的其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中: 圖1是一方塊圖,示例地說明本發明個人身分認證系統的一實施例; 圖2是一示意圖,示例地繪示出該實施例的一圖形輸入介面; 圖3是一流程圖,示例地說明該實施例如何執行一註冊程序; 圖4是一示意圖,示例地繪示出在該圖形輸入介面上所產生的一特定圖形軌跡; 圖5是一流程圖,示例地說明該實施例的一處理單元如何產生一參考驗證碼; 圖6是一流程圖,示例地說明該實施例如何執行一個人身分認證程序;及 圖7是一流程圖,示例地說明該處理單元如何產生一輸入碼。Other features and advantages of the present invention will be apparent from the embodiments of the present invention, wherein: FIG. 1 is a block diagram illustrating an embodiment of the personal identification system of the present invention. FIG. An exemplary input interface of the embodiment is shown by way of example; FIG. 3 is a flow chart illustrating an example of how the embodiment performs a registration procedure; FIG. 4 is a schematic diagram illustrating the graphical input interface. Figure 5 is a flow chart illustrating an example of how a processing unit of the embodiment generates a reference verification code. Figure 6 is a flow chart illustrating an example of how the embodiment performs a person identity. The authentication procedure; and Figure 7 is a flow chart illustrating, by way of example, how the processing unit generates an input code.

Claims (18)

一種個人身分認證方法,藉由一使用者端、及一經由一通訊網路連接該使用者端的驗證端來實施,該使用者端提供有一具有N個不同圖形區域的圖形輸入介面,該個人身分認證方法包含以下步驟: (A)藉由該使用者端,儲存一唯一指派給一特定使用者的身分識別碼、及一預定參考碼; (B)藉由該使用者端,根據該身分識別碼及該預定參考碼,至少利用一預定編碼方式,獲得一組對應於該身分識別碼的N個分別代表該等N個圖形區域的圖形數值; (C)藉由該驗證端,儲存一唯一對應於該身分識別碼的參考驗證碼; (D)藉由該使用者端,當經由一使用者在該圖形輸入介面上的一滑移操作而產生的一經過該等N個圖形區域其中P個圖形區域的輸入圖形軌跡時,根據該等P個圖形區域在該輸入圖形軌跡上出現的先後順序,將該等P個圖形區域分別定義為第一至第P輸入圖形區域,其中P≤N; (E)藉由該使用者端,根據該等N個圖形數值其中的P個分別代表該第一至第P輸入圖形區域的圖形數值,利用一預定資料加密演算法及一預定數值轉字碼方式,產生一輸入碼,並將該輸入碼經由該通訊網路傳送至該驗證端;及 (F)藉由該驗證端,在接收到來自該使用者端的該輸入碼時,根據該輸入碼及該參考驗證碼,判定該使用者的身分是否被成功認證。A personal identity authentication method is implemented by a user terminal and a verification terminal connected to the user end via a communication network, the user terminal providing a graphic input interface having N different graphic areas, the personal identity authentication The method comprises the following steps: (A) storing, by the user end, an identity identifier uniquely assigned to a specific user, and a predetermined reference code; (B) by the user terminal, according to the identity identifier And the predetermined reference code, at least using a predetermined encoding manner, obtaining a set of N graphic values corresponding to the identity identification codes respectively representing the N graphic regions; (C) storing a unique correspondence by using the verification terminal And a reference verification code of the identity identifier; (D) a P-type of the N graphics regions generated by a sliding operation of the user on the graphics input interface by the user terminal When inputting the graphic trajectory of the graphic area, the P graphic areas are respectively defined as the first to Pth input patterns according to the order in which the P graphic areas appear on the input graphic trajectory a field, wherein P ≤ N; (E) by the user end, using a predetermined data encryption algorithm according to P values of the N to the P input graphics regions respectively represented by the N graphical values And a predetermined value transcoding method, generating an input code, and transmitting the input code to the verification terminal via the communication network; and (F) by the verification terminal, when receiving the input code from the user end And determining, according to the input code and the reference verification code, whether the identity of the user is successfully authenticated. 如請求項1所述的個人身分認證方法,在步驟(B)與步驟(C)之間,還包含以下步驟: (G)藉由該使用者端,經由該特定使用者在該圖形輸入介面上的一滑移操作,產生一經過該等N個圖形區域其中P個所欲圖形區域的特定圖形軌跡,並根據該等P個所欲圖形區域在該特定圖形軌跡上出現的先後順序,將該等P個所欲圖形區域分別定義為第一至第P所欲圖形區域; (H)藉由該使用者端,根據該等N個圖形數值其中的P個分別代表該第一至第P所欲圖形區域的圖形數值,利用該預定資料加密演算法及該預定數值轉字碼方式,產生該參考驗證碼;及 (I)藉由該使用者端,經由該通訊網路,將該參考驗證碼傳送至該驗證端; 其中,該驗證端在接收到來自該使用者端的該參考驗證碼時執行步驟(C)。The personal identity authentication method according to claim 1, further comprising the following steps between the step (B) and the step (C): (G) by the user terminal, the graphic input interface via the specific user a sliding operation on the top, generating a specific pattern trajectory through the P pattern regions in the N graphics regions, and according to the order in which the P graphics regions appear on the specific graphics track, The P desired graphic regions are respectively defined as the first to the Pth desired graphic regions; (H) by the user terminal, the P pixels representing the first to the Pth desired graphics respectively according to the N graphic values a graphical value of the region, using the predetermined data encryption algorithm and the predetermined value transcoding method to generate the reference verification code; and (I) transmitting, by the user terminal, the reference verification code to the a verification terminal; wherein the verification terminal performs step (C) upon receiving the reference verification code from the user end. 如請求項1所述的個人身分認證方法,其中: 在步驟(A)中,該身分識別碼具有一文字碼部分、及一由N個數字碼所組成的數字碼部分並且該數字碼部分被表示為d1 d2 ..dN-1 dN ,且該預定參考碼由N個數字碼所組成並被表示為r1 r2 ..rN-1 rN ;及 在步驟(B)中,該使用者端還利用一預定文字轉數字方式,將該身分識別碼的該文字碼部分被轉換為一數字M,並且根據該預定編碼方式,執行以下運算 d'x =dx +rx ,其中x=1,2,…,N, S=sum(d'1 +d'2 +…+d'N ),及 Ry =MOD(M´S+d'y ,100)+Py ,其中y=1,2,…,N,Ry 表示該等N個圖形數值其中一個對應於第y個圖形區域的圖形數值,且Py 表示一分派給該第y個圖形區域的參數值。The personal identity authentication method according to claim 1, wherein: in the step (A), the identity identification code has a character code portion, and a digital code portion composed of N digital codes and the digital code portion is represented. Is d 1 d 2 ..d N-1 d N , and the predetermined reference code is composed of N digital codes and is represented as r 1 r 2 ..r N-1 r N ; and in step (B) The user end further converts the character code portion of the identity identification code into a number M by using a predetermined text-to-digital method, and according to the predetermined coding mode, performs the following operation d' x =d x +r x , where x=1,2,...,N, S=sum(d' 1 +d' 2 +...+d' N ), and R y =MOD(M ́S+d' y ,100)+P y Where y = 1, 2, ..., N, R y represents one of the N graphical values corresponding to the graphical value of the yth graphical region, and P y represents a parameter value assigned to the yth graphical region . 如請求項3所述的個人身分認證方法,其中,該預定文字轉數字方式利用一ASCII碼查找表。The personal identity authentication method of claim 3, wherein the predetermined text-to-digital method utilizes an ASCII code lookup table. 如請求項3所述的個人身分認證方法,其中,該身分識別碼為一身分證字號,且N=9。The personal identity authentication method according to claim 3, wherein the identity identifier is an identity card number and N=9. 如請求項1所述的個人身分認證方法,其中,步驟(E)包含以下子步驟: (E1)藉由該使用者端,將該等P個分別代表該第一至第P輸入圖形區域的圖形數值分別定義為第一至第P參考圖形數值; (E2)藉由該使用者端,利用該預定資料加密演算法,以該第一參考圖形數值為一第一密鑰加密該第二參考圖形數值,以便獲得一第一加密數值,並將該第i加密數值作為一第(i+1)密鑰且以該第(i+1)密鑰加密該第(i+2)參考圖形數值,以便獲得一第(i+1)加密數值,其中i=1,2,…,(P-2);及 (E3)藉由該使用者端,利用該預定數值轉字碼方式,將該第(P-1)加密數值轉換為一字碼,並根據該字碼,產生該輸入碼。The personal identity authentication method according to claim 1, wherein the step (E) comprises the following sub-steps: (E1) by the user terminal, the P pixels respectively represent the first to the Pth input graphic regions. The graphic values are respectively defined as first to Pth reference graphic values; (E2) by the user end, using the predetermined data encryption algorithm, encrypting the second reference with the first reference graphic value as a first key Graphical value to obtain a first encrypted value, and using the ith encrypted value as an (i+1)th key and encrypting the (i+2)th reference graphic value by the (i+1)th key In order to obtain an (i+1)th encrypted value, wherein i=1, 2, . . . , (P-2); and (E3) by using the predetermined value by the user end, the first (P-1) The encrypted value is converted into a word code, and the input code is generated based on the word code. 如請求項6所述的個人身分認證方法,其中,該預定資料加密演算法為一三重資料加密演算法且該第一至第(P-1)加密數值均為十六進制的數值,並且該預定數值轉字碼方式係根據base64編碼技術。The personal identity authentication method according to claim 6, wherein the predetermined data encryption algorithm is a triple data encryption algorithm and the first to (P-1) encryption values are hexadecimal values. And the predetermined value transcoding method is based on the base64 encoding technique. 如請求項6所述的個人身分認證方法,其中,在步驟(E3)中,該使用者端自該字碼擷取出一含有該字碼的前Q個碼字的字碼部分,並且將該字碼部分依照一預定碼字取代邏輯處理後獲得該輸入碼。The personal identity authentication method according to claim 6, wherein in step (E3), the user terminal extracts a word code portion containing the first Q code words of the word code from the word code, and the code portion is in accordance with A predetermined codeword is substituted for the logical process to obtain the input code. 如請求項8所述的個人身分認證方法,其中,該預定碼字取代邏輯包含以「/」取代「a」,以「+」取代「b」、及以「=」取代「c」。The personal identity authentication method of claim 8, wherein the predetermined codeword substitution logic comprises "a" instead of "a", "+" instead of "b", and "c" instead of "c". 一種個人身分認證系統,包含: 一使用者端,包括 一使用者輸入/輸出單元,提供有一具有N個不同圖形區域的圖形輸入介面; 一儲存單元,儲存有一唯一指派給一特定使用者的身分識別碼、及一預定參考碼, 一通訊模組,連接一通訊網路,及 一處理單元,電連接該使用者輸入/輸出單元、該儲存單元、及該通訊模組,並包含一編碼模組,該編碼模組根據該儲存單元所儲存的該身分識別碼及該預定參考碼,至少利用一預定編碼方式,獲得一組對應於該身分識別碼的N個分別代表該等N個圖形區域的圖形數值;及 一驗證端,連接該通訊網路並儲存有一唯一對應於該身分識別碼的參考驗證碼; 其中,該使用者輸入/輸出單元根據經由一使用者在該圖形輸入介面上的一滑移操作產生一經過該等N個圖形區域其中P個圖形區域的輸入圖形軌跡,其中P≤N,並將一對應於該輸入圖形軌跡的輸入結果輸出至該處理單元,該處理單元按照該輸入結果所指示出該等P個圖形區域在該輸入圖形軌跡上出現的先後順序,將該等P個圖形區域分別定義為第一至第P輸入圖形區域; 其中,該處理單元根據該編碼模組所獲得的該等N個圖形數值其中的P個分別代表該第一至第P輸入圖形區域的圖形數值,利用一預定資料加密演算法及一預定數值轉字碼方式,產生一輸入碼; 其中,該處理單元透過該通訊模組將該輸入碼經由該通訊網路傳送至該驗證端;及 其中,該驗證端在接收到來自該使用者端的該輸入碼時,根據該輸入碼及該參考驗證碼,判定該使用者的身分是否被成功認證。A personal identity authentication system includes: a user terminal, including a user input/output unit, providing a graphic input interface having N different graphic areas; and a storage unit storing an identity uniquely assigned to a specific user An identification code, a predetermined reference code, a communication module, a communication network, and a processing unit electrically connected to the user input/output unit, the storage unit, and the communication module, and including an encoding module And the encoding module obtains, according to the identity identification code and the predetermined reference code stored by the storage unit, a set of N corresponding to the identity identification code to represent the N graphic regions, at least by using a predetermined encoding manner. a graphical value; and a verification terminal connected to the communication network and storing a reference verification code uniquely corresponding to the identity identifier; wherein the user input/output unit is based on a slide on the graphical input interface via a user The shift operation generates an input pattern trajectory through the P graphics regions of the N graphics regions, where P ≤ N, and one The input result of the input graphic track is output to the processing unit, and the processing unit indicates, according to the input result, the order in which the P graphic areas appear on the input graphic track, and the P graphic areas are respectively The first to the Pth input graphic area are defined by the processing unit, wherein the P pieces of the N pieces of the graphic values obtained by the processing unit respectively represent the graphic values of the first to Pth input graphic areas. a predetermined data encryption algorithm and a predetermined value transcoding method to generate an input code; wherein the processing unit transmits the input code to the verification terminal via the communication network through the communication module; and wherein the verification end is Upon receiving the input code from the user end, based on the input code and the reference verification code, it is determined whether the identity of the user is successfully authenticated. 如請求項10所述的個人身分認證系統,其中,該驗證端所儲存的該參考驗證碼是經由該使用者端執行以下步驟而獲得: 該使用者輸入/輸出單元經由該特定使用者在該圖形輸入介面上的一滑移操作,產生一經過該等N個圖形區域其中P個所欲圖形區域的特定圖形軌跡,並將一對應於該特定圖形軌跡的特定輸入結果輸出至該處理單元,該處理模組按照該特定輸入結果所指使出該等P個所欲圖形區域在該特定圖形軌跡上出現的先後順序,將該等P個所欲圖形區域分別定義為第一至第P所欲圖形區域; 該處理單元根據該編碼模組所獲得的該等N個圖形數值其中的P個分別代表該第一至第P所欲圖形區域的圖形數值,利用該預定資料加密演算法及該預定數值轉字碼方式,產生該參考驗證碼;及 該處理單元透過該通訊模組將該參考驗證碼經由該通訊網路傳送至該驗證端,以致該驗證端在接收到來自該使用者端的該參考驗證碼時儲存該參考驗證碼。The personal identity authentication system of claim 10, wherein the reference verification code stored by the verification terminal is obtained by the user terminal performing the following steps: the user input/output unit is located by the specific user a sliding operation on the graphic input interface, generating a specific graphic trajectory passing through the P desired graphic regions of the N graphic regions, and outputting a specific input result corresponding to the specific graphic trajectory to the processing unit, The processing module defines, according to the specific input result, the order in which the P desired graphic regions appear on the specific graphic track, and defines the P desired graphic regions as the first to Pth desired graphic regions respectively; The processing unit uses the predetermined data encryption algorithm and the predetermined value transcoding code according to the graphic values of the first to Pth desired graphic regions, respectively, according to the P values of the N graphic values obtained by the encoding module. The method, the reference verification code is generated; and the processing unit transmits the reference verification code to the verification terminal via the communication network through the communication module Such that the verification is received from the terminal in the user terminal when the reference storing the reference code verification codes. 如請求項10所述的個人身分認證系統,其中: 該身分識別碼具有一文字碼部分、及一由N個數字碼所組成的數字碼部分並且該數字碼部分被表示為d1 d2 ..dN-1 dN ,且該預定參考碼由N個數字碼所組成並被表示為r1 r2 ..rN-1 rN ;及 該編碼模組還利用一預定文字轉數字方式,將該身分識別碼的該文字碼部分被轉換為一數字M,並且根據該預定編碼方式,執行以下運算 d'x =dx +rx ,其中x=1,2,…,N, S=sum(d'1 +d'2 +…+d'N ),及 Ry =MOD(M´S+d'y ,100)+Py ,其中y=1,2,…,N,Ry 表示該等N個圖形數值其中一個對應於第y個圖形區域的圖形數值,且Py 表示一分派給該第y個圖形區域的參數值。The personal identity authentication system of claim 10, wherein: the identity identification code has a character code portion, and a digital code portion consisting of N digital codes and the digital code portion is represented as d 1 d 2 .. d N-1 d N , and the predetermined reference code is composed of N digital codes and is represented as r 1 r 2 ..r N-1 r N ; and the coding module further utilizes a predetermined text to digital method, The character code portion of the identity identification code is converted into a number M, and according to the predetermined coding mode, the following operation d' x = d x + r x is performed , where x = 1, 2, ..., N, S = Sum(d' 1 +d' 2 +...+d' N ), and R y =MOD(M ́S+d' y ,100)+P y , where y=1,2,...,N,R y Representing one of the N graphical values corresponding to the graphical value of the yth graphical region, and P y representing a parameter value assigned to the yth graphical region. 如請求項12所述的個人身分認證系統,其中,該預定文字轉數字方式利用一ASCII碼查找表。The personal identity authentication system of claim 12, wherein the predetermined text-to-digital method utilizes an ASCII code lookup table. 如請求項12所述的個人身分認證系統,其中,該身分識別碼為一身分證字號,且N=9。The personal identity authentication system of claim 12, wherein the identity identifier is an identity card number and N=9. 如請求項10所述的個人身分認證系統,其中,該處理單元還包括一處理模組及一加密模組,該加密模組將該等P個分別代表該第一至第P輸入圖形區域的圖形數值分別定義為第一至第P參考圖形數值,且利用該預定資料加密演算法,以該第一參考圖形數值為一第一密鑰加密該第二參考圖形數值,以便獲得一第一加密數值,並將該第i加密數值作為一第(i+1)密鑰且以該第(i+1)密鑰加密該第(i+2)參考圖形數值,以便獲得一第(i+1)加密數值,其中i=1,2,…,(P-2),該編碼模組利用該預定數值轉字碼方式,將該第(P-1)加密數值轉換為一字碼,該處理模組根據該字碼,產生該輸入碼。The personal identity authentication system of claim 10, wherein the processing unit further includes a processing module and an encryption module, wherein the encryption module respectively represents the first to the Pth input graphic regions. The graphic values are respectively defined as first to Pth reference graphic values, and the predetermined data encryption algorithm is used to encrypt the second reference graphic value by using the first reference graphic value as a first key to obtain a first encryption. a value, and the ith encrypted value is used as an (i+1)th key and the (i+2)th reference graphic value is encrypted by the (i+1)th key to obtain an (i+1)th Encrypted value, wherein i=1, 2, ..., (P-2), the encoding module converts the (P-1) encrypted value into a word code by using the predetermined value transcoding method, the processing module The input code is generated based on the word. 如請求項15所述的個人身分認證系統,其中,該預定資料加密演算法為一三重資料加密演算法且該第一至第(P-1)加密數值均為十六進制的數值,並且該預定數值轉字碼方式係根據base64編碼技術。The personal identity authentication system of claim 15, wherein the predetermined data encryption algorithm is a triple data encryption algorithm and the first to (P-1) encryption values are hexadecimal values. And the predetermined value transcoding method is based on the base64 encoding technique. 如請求項15所述的個人身分認證系統,其中,該處理模組自該字碼擷取出一含有該字碼的前Q個碼字的字碼部分,並且將該字碼部分依照一預定碼字取代邏輯處理後獲得該輸入碼。The personal identity authentication system of claim 15, wherein the processing module extracts a portion of the word code containing the first Q code words of the word code from the word code, and replaces the code portion with a predetermined code word. The input code is obtained later. 如請求項17所述的個人身分認證方法,其中,該預定碼字取代邏輯包含以「/」取代「a」,以「+」取代「b」、及以「=」取代「c」。The personal identity authentication method of claim 17, wherein the predetermined codeword substitution logic comprises "a" instead of "a", "+" instead of "b", and "c" instead of "c".
TW106114458A 2017-05-02 2017-05-02 Personal identity authentication method and system using graphic lock TWI621029B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW106114458A TWI621029B (en) 2017-05-02 2017-05-02 Personal identity authentication method and system using graphic lock

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW106114458A TWI621029B (en) 2017-05-02 2017-05-02 Personal identity authentication method and system using graphic lock

Publications (2)

Publication Number Publication Date
TWI621029B TWI621029B (en) 2018-04-11
TW201843613A true TW201843613A (en) 2018-12-16

Family

ID=62639886

Family Applications (1)

Application Number Title Priority Date Filing Date
TW106114458A TWI621029B (en) 2017-05-02 2017-05-02 Personal identity authentication method and system using graphic lock

Country Status (1)

Country Link
TW (1) TWI621029B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109118215B (en) * 2018-06-12 2021-04-27 创新先进技术有限公司 Payment processing method and device and server
CN112203277B (en) * 2020-09-21 2024-03-15 咪咕文化科技有限公司 Route generation method, verification method, server and electronic equipment

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110260829A1 (en) * 2010-04-21 2011-10-27 Research In Motion Limited Method of providing security on a portable electronic device having a touch-sensitive display
US9514297B2 (en) * 2011-03-28 2016-12-06 Htc Corporation Systems and methods for gesture lock obfuscation
KR20130039586A (en) * 2011-10-12 2013-04-22 삼성전자주식회사 Method and apparatus for providing lock function of touch device
GB201212878D0 (en) * 2012-07-20 2012-09-05 Pike Justin Authentication method and system

Also Published As

Publication number Publication date
TWI621029B (en) 2018-04-11

Similar Documents

Publication Publication Date Title
US11652816B1 (en) Biometric knowledge extraction for mutual and multi-factor authentication and key exchange
CN108064440B (en) FIDO authentication method, device and system based on block chain
CN101765996B (en) Device and method for remote authentication and transaction signatures
CN102804200B (en) Two-factor user authentication system, and method therefor
CN103929306B (en) The approaches to IM of intelligent cipher key equipment and intelligent cipher key equipment
CN100533456C (en) Security code production method and methods of using the same, and programmable device therefor
JP5710439B2 (en) Template delivery type cancelable biometric authentication system and method
KR20210091155A (en) Biocrypt Digital Wallet
CN105052072A (en) Remote authentication and transaction signatures
US9986433B2 (en) Wireless application protocol gateway
JP2017503253A (en) Authentication system and method using QR code
CN102132288A (en) Biometric authentication system and method therefor
US20150149784A1 (en) Communication method utilizing fingerprint information authentication
CN108777615B (en) Dynamic password authentication method and device
CN107277059A (en) A kind of one-time password identity identifying method and system based on Quick Response Code
CN106060073B (en) Channel key machinery of consultation
CN109961276A (en) Digital cash wallet, method of commerce, transaction system and computer storage medium
CN101944216A (en) Two-factor online transaction safety authentication method and system
CN103297391A (en) Graphical dynamic password inputting and verifying method
CN110635900B (en) Key management method and system suitable for Internet of things system
TWI621029B (en) Personal identity authentication method and system using graphic lock
CN114978525A (en) Data security authentication method and system based on BIM
CN116543486B (en) Offline control method of coded lock and coded lock system
JP7250960B2 (en) User authentication and signature device using user biometrics, and method thereof
CN111489462A (en) Personal Bluetooth key system