TW201901510A - User verification system implemented along with a mobile device and method thereof - Google Patents

User verification system implemented along with a mobile device and method thereof Download PDF

Info

Publication number
TW201901510A
TW201901510A TW106117621A TW106117621A TW201901510A TW 201901510 A TW201901510 A TW 201901510A TW 106117621 A TW106117621 A TW 106117621A TW 106117621 A TW106117621 A TW 106117621A TW 201901510 A TW201901510 A TW 201901510A
Authority
TW
Taiwan
Prior art keywords
dimensional barcode
mobile device
hash value
app
server
Prior art date
Application number
TW106117621A
Other languages
Chinese (zh)
Other versions
TWI640887B (en
Inventor
王瑤璋
Original Assignee
台新國際商業銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 台新國際商業銀行股份有限公司 filed Critical 台新國際商業銀行股份有限公司
Priority to TW106117621A priority Critical patent/TWI640887B/en
Application granted granted Critical
Publication of TWI640887B publication Critical patent/TWI640887B/en
Publication of TW201901510A publication Critical patent/TW201901510A/en

Links

Landscapes

  • Telephone Function (AREA)

Abstract

The present invention provides a user verification system implemented along with a mobile device. The user verification system comprises a server, a two-dimensional code and a software product. The server generates a first key, which comprises a first hash value. The software product generates a second key, which comprises a second hash value. The mobile device may be used to scan the two-dimensional code, and the mobile device verifies consistency between the first and second hash values based on an encrypted content of the two-dimensional code, for confirming the permission of the two-dimensional code. If the two-dimensional code is permitted, a verification data is transmitted to the server from the two-dimensional code, for verifying the identity of a user.

Description

配合一行動裝置實現的使用者身分驗證系統及方法User identity verification system and method implemented by a mobile device

本發明係關於一種使用者身分驗證系統及方法,特別係關於一種配合一行動裝置實現的使用者身分驗證系統及方法。The present invention relates to a user identity verification system and method, and more particularly to a user identity verification system and method implemented in conjunction with a mobile device.

隨著網際網路普及化,金融業者不斷新增不同機能的連外渠道,以開拓業務發展,並確保營運服務品質。例如:增加各式網站功能、各式行動裝置APP功能、遠端連線行動辦公室、遠端維護作業系統等連外渠道。相較於早年僅開放分行、ATM據點的營運模式及連外方式(封閉網路至開放網路),已完全不同。With the popularity of the Internet, financial operators are constantly adding new channels of different functions to develop business development and ensure the quality of operational services. For example: increase the various website functions, various mobile device APP functions, remote connection action office, remote maintenance operation system and other external channels. Compared with the opening of branches, the operation mode of ATM bases and the external mode (closed network to open network), it is completely different.

然而,網際網路之安全性存有疑慮,近年來駭客不斷發展出各種電腦病毒、蠕蟲、釣魚網站、社交工程、側錄型木馬程式等攻擊手段,其目的在於取得電腦系統資源,進而獲取不法利益。現行多數金融業者仍依循傳統模式,以密碼管制電腦系統資源,是以駭客亦多以竊取系統密碼作為攻擊手段的目標。面對這種攻擊手法,現行多數金融業者仍多以要求增長密碼長度、限制密碼編碼規則、縮短密碼變更週期、加強員工資安訓練或增添各式資安機能的軟硬體設備等防護措施,以保護電腦系統資源。惟此種方式治標不治本,一旦使用者帳號與密碼遭到竊取時,駭客即有機會冒用使用者身份,自行內(Intranet)或行外(Internet)登入電腦系統竊取資料,對於金融業者將可能衍生機敏資料外洩、財務與商譽損失、甚或危及公司營運等災難。However, there are doubts about the security of the Internet. In recent years, hackers have continuously developed various computer viruses, worms, phishing websites, social projects, and side-recording Trojans. The purpose is to obtain computer system resources, and then Get illegal benefits. Most of the current financial industry still follow the traditional model, using passwords to control computer system resources, which is the target of hackers to steal system passwords as a means of attack. In the face of this kind of attack, most financial companies still use protective measures such as increasing the length of passwords, restricting password coding rules, shortening the password change cycle, strengthening employee security training, or adding various hardware and software devices. To protect computer system resources. However, if the user's account number and password are stolen, the hacker has the opportunity to fraudulently use the user's identity and log in to the computer system to steal information on the intranet or the Internet. Disasters may be derived from the leakage of sensitive information, loss of financial and goodwill, or even the operation of the company.

職此,如何提供一種驗證系統,即為金融業者面臨之重要課題,其重要性可見一斑。In this regard, how to provide a verification system, which is an important issue facing financial operators, is evident in its importance.

有鑑於此,本發明提供一種配合一行動裝置實現的使用者身分驗證系統及方法,可用以解決上開問題。In view of this, the present invention provides a user identity verification system and method implemented in conjunction with a mobile device, which can be used to solve the above problem.

在一方面,本發明揭示一種配合一行動裝置實現的使用者身分驗證系統。該配合一行動裝置實現的使用者身分驗證系統包含一伺服器、一二維條碼以及一軟體產品(App)。該二維條碼由該伺服器產生。該軟體產品下載自該伺服器,並安裝於該行動裝置。In one aspect, the present invention discloses a user identity verification system implemented in conjunction with a mobile device. The user identity verification system implemented by the mobile device includes a server, a two-dimensional barcode, and a software product (App). The two-dimensional barcode is generated by the server. The software product is downloaded from the server and installed on the mobile device.

其中,該二維條碼藉由包含下列步驟之方法產生:該伺服器接收一使用者帳號、該行動裝置的一識別資訊、以及一文摘,自複數個組合方法中隨機挑選一特定組合方法,並根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第一金鑰;以及該伺服器基於該第一金鑰對一原碼內容進行加密,以獲得一加密內容,並根據該加密內容產生該二維條碼,其中該原碼內容包括該文摘、以及該第一金鑰的一第一雜湊值,該第一雜湊值藉由一雜湊方法產生。The two-dimensional barcode is generated by the method comprising: receiving, by the server, a user account, an identification information of the mobile device, and an abstract, randomly selecting a specific combination method from the plurality of combination methods, and Combining the user account and the identification information according to the specific combination method to generate a first key; and the server encrypts an original code content based on the first key to obtain an encrypted content, and according to the The encrypted content generates the two-dimensional barcode, wherein the original code content includes the abstract and a first hash value of the first key, the first hash value being generated by a hash method.

其中,該伺服器基於該第一金鑰對該使用者帳號加密以獲得一App標籤檔,並提供予該行動裝置儲存。此外,該伺服器、該二維條碼以及該App係藉由包含以下步驟之方法互相驗證:該App向該伺服器傳送該使用者密碼以及取得自該行動裝置之該App標籤檔,該伺服器確認無誤後,向該App傳送一加密資訊、以及該第一雜湊值,該加密資訊包括:用於辨識該特定組合方法之第一編號、用於辨識一加密方法之第二編號、以及一取樣位置;該App自該行動裝置取得該使用者帳號及該識別資訊,並根據該第一編號挑選出該特定組合方法,再根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第二金鑰;該App藉由該雜湊方法產生該第二金鑰的一第二雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性,若驗證通過,在該行動裝置上顯示一掃描介面,用於掃描該二維條碼;該App藉由該第二金鑰解譯所讀取到的該二維條碼的該加密內容,以得到該原碼內容及其中的該第一雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性,以確認該二維條碼之合法性;及若該二維條碼為合法,該App向該伺服器傳送一驗證資料,以供該伺服器驗證使用者身分,其中,該驗證資料包括一第一資料,該第一資料係藉由包含以下步驟之方法取得:根據該取樣位置以及該第二編號對應的加密方法,對解譯得到的文摘進行取樣及加密,得到一第一子資料;以及,基於該第二金鑰對該第一子資料及一第二子資料加密,以獲得該第一資料,其中該第二子資料為解譯得到的文摘的一雜湊值。The server encrypts the user account based on the first key to obtain an App tag file, and provides the mobile device with storage. In addition, the server, the two-dimensional barcode, and the application are mutually authenticated by a method comprising: the App transmitting the user password to the server and the App label file obtained from the mobile device, the server After the confirmation is correct, the encrypted information is transmitted to the App, and the first hash value includes: a first number for identifying the specific combination method, a second number for identifying an encryption method, and a sampling a location; the app obtains the user account and the identification information from the mobile device, and selects the specific combination method according to the first number, and then combines the user account and the identification information according to the specific combination method to generate a a second key; the app generates a second hash value of the second key by the hash method, and verifies the consistency between the first hash value and the second hash value, and if the verification passes, the mobile device Displaying a scanning interface for scanning the two-dimensional barcode; the App interprets the encrypted content of the two-dimensional barcode read by the second key to obtain the original content and The first hash value in the verification, and verifying the consistency of the first hash value and the second hash value to confirm the validity of the two-dimensional barcode; and if the two-dimensional barcode is legal, the App is directed to the server Transmitting a verification data for the server to verify the identity of the user, wherein the verification data includes a first data obtained by the method comprising the following steps: corresponding to the sampling location and the second number Encrypting method, sampling and encrypting the extracted abstract to obtain a first sub-data; and encrypting the first sub-data and a second sub-data based on the second key to obtain the first data , wherein the second sub-data is a hash value of the extracted abstract.

根據本發明,該二維條碼較佳為一實體二維條碼,包括一基質及顯示於其上的二維條碼。According to the invention, the two-dimensional barcode is preferably a solid two-dimensional barcode comprising a substrate and a two-dimensional barcode displayed thereon.

在本發明之部分具體實施例中,該二維條碼為一QR碼(QR code)。In some embodiments of the present invention, the two-dimensional barcode is a QR code.

在本發明之部分具體實施例中,該App標籤檔係隨該App下載至該行動裝置。In some embodiments of the invention, the App tag file is downloaded to the mobile device with the App.

在本發明之部分具體實施例中,該軟體產品內建有複數個組合方法及其對應的編號,使該軟體產品可根據該編號挑選出該特定組合方法。In some embodiments of the present invention, the software product has a plurality of combination methods and corresponding numbers embedded therein, so that the software product can select the specific combination method according to the number.

在本發明之部分具體實施例中,該文摘係由該行動裝置之使用者自行選擇。In some embodiments of the invention, the abstract is selected by the user of the mobile device.

在本發明之部分具體實施例中,所述識別資訊包含IMEI、UDID、鑰匙圈(Keychain)、MAC位址、手機號碼或其組合。In some embodiments of the present invention, the identification information includes an IMEI, a UDID, a keychain, a MAC address, a mobile number, or a combination thereof.

另一方面,本發明提供一種配合一行動裝置實現的使用者身分驗證方法。該配合一行動裝置實現的使用者身分驗證方法包含下列步驟:一伺服器產生一二維條碼,其中該二維條碼藉由包含下列步驟之方法產生:接收一使用者帳號、該行動裝置的一識別資訊、以及一文摘,自複數個組合方法中隨機挑選一特定組合方法,並根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第一金鑰;及基於該第一金鑰對一原碼內容進行加密,以獲得一加密內容,並根據該加密內容產生該二維條碼,其中該原碼內容包括該文摘、以及該第一金鑰的一第一雜湊值,該第一雜湊值藉由一雜湊方法產生;該伺服器基於該第一金鑰對該使用者帳號加密以獲得一App標籤檔,並提供予該行動裝置儲存;一軟體產品(App),下載自該伺服器並安裝於該行動裝置,向該伺服器傳送該使用者密碼以及取得自該行動裝置之該App標籤檔,該伺服器確認無誤後,向該App傳送一加密資訊、以及該第一雜湊值,該加密資訊包括:用於辨識該特定組合方法之第一編號、用於辨識一加密方法之第二編號、以及一取樣位置;該App自該行動裝置取得該使用者帳號及該識別資訊,並根據該第一編號挑選出該特定組合方法,再根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第二金鑰;該App藉由該雜湊方法產生該第二金鑰的一第二雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性,若驗證通過,在該行動裝置上顯示一掃描介面,用於掃描該二維條碼;該App藉由該第二金鑰解譯所讀取到的該二維條碼的該加密內容,以得到該原碼內容及其中的該第一雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性,以確認該二維條碼之合法性;及若該二維條碼為合法,該App向該伺服器傳送一驗證資料,以供該伺服器驗證使用者身分,其中,該驗證資料包括一第一資料,該第一資料係藉由包含以下步驟之方法取得:根據該取樣位置以及該第二編號對應的加密方法,對解譯得到的文摘進行取樣及加密,得到一第一子資料;以及,基於該第二金鑰對該第一子資料及一第二子資料加密,以獲得該第一資料,其中該第二子資料為解譯得到的文摘的一雜湊值。In another aspect, the present invention provides a user identity verification method implemented in conjunction with a mobile device. The user identity verification method implemented by the mobile device includes the following steps: a server generates a two-dimensional barcode, wherein the two-dimensional barcode is generated by the method comprising: receiving a user account, and the mobile device Identifying information, and an abstract, randomly selecting a specific combination method from the plurality of combination methods, and combining the user account and the identification information according to the specific combination method to generate a first key; and based on the first gold The key encrypts an original code content to obtain an encrypted content, and generates the two-dimensional barcode according to the encrypted content, wherein the original code content includes the abstract, and a first hash value of the first key, the first a hash value is generated by a hash method; the server encrypts the user account based on the first key to obtain an App tag file, and provides the mobile device with storage; a software product (App), downloaded from the The server is installed on the mobile device, and transmits the user password and the App tag file obtained from the mobile device to the server, and the server confirms After the error, transmitting an encrypted information to the App, and the first hash value, the encrypted information includes: a first number for identifying the specific combination method, a second number for identifying an encryption method, and a sampling position The app obtains the user account and the identification information from the mobile device, and selects the specific combination method according to the first number, and then combines the user account and the identification information according to the specific combination method to generate a first a second key; the app generates a second hash value of the second key by the hash method, and verifies the consistency between the first hash value and the second hash value, and if the verification is passed, on the mobile device Displaying a scan interface for scanning the two-dimensional barcode; the App interprets the encrypted content of the read two-dimensional barcode by the second key to obtain the original code content and the first one of the content Patching the value and verifying the consistency of the first hash value with the second hash value to confirm the validity of the two-dimensional barcode; and if the two-dimensional barcode is legal, the App transmits a verification data to the server, For The server verifies the user identity, wherein the verification data includes a first data, and the first data is obtained by the method comprising the following steps: according to the sampling location and the encryption method corresponding to the second number, the interpretation is obtained Sampling and encrypting to obtain a first sub-data; and encrypting the first sub-data and a second sub-data based on the second key to obtain the first data, wherein the second sub-data is Interpret a hash value of the abstract.

在本發明之部分具體實施例中,該二維條碼為一實體二維條碼,包括一基質及顯示於其上的二維條碼。In some embodiments of the present invention, the two-dimensional barcode is a solid two-dimensional barcode comprising a substrate and a two-dimensional barcode displayed thereon.

在本發明之部分具體實施例中,該二維條碼為一QR碼(QR code)。In some embodiments of the present invention, the two-dimensional barcode is a QR code.

在本發明之部分具體實施例中,其中該App標籤檔係隨該App下載至該行動裝置。In some embodiments of the invention, the App tag file is downloaded to the mobile device with the App.

在本發明之部分具體實施例中,該文摘係由該行動裝置之使用者自行選擇。In some embodiments of the invention, the abstract is selected by the user of the mobile device.

在本發明之部分具體實施例中,該軟體產品內建有複數個組合方法及其對應的編號,使該軟體產品可根據該編號挑選出該特定組合方法。In some embodiments of the present invention, the software product has a plurality of combination methods and corresponding numbers embedded therein, so that the software product can select the specific combination method according to the number.

在本發明之部分具體實施例中,所述識別資訊包含IMEI、UDID、鑰匙圈(Keychain)、MAC位址、手機號碼或其組合。In some embodiments of the present invention, the identification information includes an IMEI, a UDID, a keychain, a MAC address, a mobile number, or a combination thereof.

本發明所揭露之配合一行動裝置實現的使用者身分驗證系統及方法,在行動裝置及伺服器產生之二維條碼二者相互分離之情況下,可用於提供一種安全登入機制,以令使用者不需要密碼即可登入辦公室電腦系統,一改習知以使用者帳號及密碼做為登入辦公室電腦系統的唯一身份鑑別機制。再者,由於本發明所揭露之配合一行動裝置實現的使用者身分驗證系統及方法並不需要密碼,對於使用者而言並沒有保管、變更、遺失、遭竊或忘記密碼之負擔及風險。此外,駭客亦無法藉由病毒、蠕蟲、釣魚網站、社交工程、木馬程式、APT等攻擊手段,取得辦公室電腦系統登入權限(密碼)。The user identity verification system and method implemented by the mobile device disclosed in the present invention can be used to provide a secure login mechanism for the user when the mobile device and the two-dimensional barcode generated by the server are separated from each other. You can log in to the office computer system without a password, and change the user ID and password as the only identity authentication mechanism for logging into the office computer system. Moreover, since the user identity verification system and method implemented by the mobile device disclosed in the present invention does not require a password, the user does not have the burden and risk of storing, changing, losing, stolen or forgetting the password. In addition, hackers cannot obtain access to the office computer system (password) through attacks such as viruses, worms, phishing websites, social projects, Trojans, and APT.

本發明之其他目的及優點一部分記載於下述說明中,或可透過本發明的實施例而理解。應了解前文之發明內容及下文之實施方式僅為例示性及闡釋性之說明,而非如申請專利範圍般限定本發明。Other objects and advantages of the invention will be set forth in the description which follows. It is to be understood that the foregoing description of the invention and the invention are intended to

需注意的是,除非另有指明,所有在此處使用的技術性和科學性術語具有如同本發明所屬技術領域中之通常技術者一般所瞭解的意義。再者,本說明書所使用的「一」乙詞,如未特別指明,係指至少一個(一個或一個以上)之數量,合先說明。It is to be noted that all technical and scientific terms used herein have the same meaning as commonly understood by the ordinary skill in the art to which the invention pertains, unless otherwise indicated. In addition, the word "a" used in the specification, unless otherwise specified, means the quantity of at least one (one or more).

在一方面,本發明提供一種配合一行動裝置實現的使用者身分驗證系統,其包含一伺服器、一二維條碼以及一軟體產品(App)。該二維條碼由該伺服器產生。該軟體產品下載自該伺服器,並安裝於該行動裝置。其中,該二維條碼藉由包含下列步驟之方法產生:該伺服器接收(例如,由該行動裝置的使用者自行登錄)一使用者帳號、該行動裝置的一識別資訊、以及一文摘,自複數個組合方法中隨機挑選一特定組合方法,並根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第一金鑰;該伺服器基於該第一金鑰對一原碼內容進行加密,以獲得一加密內容,並根據該加密內容產生該二維條碼,其中該原碼內容包括該文摘、以及該第一金鑰的一第一雜湊值,該第一雜湊值藉由一雜湊方法產生。In one aspect, the present invention provides a user identity verification system implemented in conjunction with a mobile device, including a server, a two-dimensional barcode, and a software product (App). The two-dimensional barcode is generated by the server. The software product is downloaded from the server and installed on the mobile device. The two-dimensional barcode is generated by the method comprising: the server receiving (for example, logging in by the user of the mobile device) a user account, an identification information of the mobile device, and an abstract, Selecting a specific combination method in a plurality of combination methods, and combining the user account and the identification information according to the specific combination method to generate a first key; the server is based on the first key content of the first key pair Encrypting to obtain an encrypted content, and generating the two-dimensional barcode according to the encrypted content, wherein the original code content includes the abstract, and a first hash value of the first key, the first hash value is The hash method is produced.

該伺服器基於該第一金鑰對該使用者帳號加密以獲得一App標籤檔,並提供予該行動裝置儲存。此外,該伺服器、該二維條碼以及該App係藉由包含以下步驟之方法互相驗證:該App向該伺服器傳送該使用者密碼以及取得自該行動裝置之該App標籤檔,該伺服器確認無誤後,向該App傳送一加密資訊、以及該第一雜湊值,該加密資訊包括:用於辨識該特定組合方法之第一編號、用於辨識一加密方法之第二編號、以及一取樣位置;該App自該行動裝置取得該使用者帳號及該識別資訊,並根據該第一編號挑選出該特定組合方法,再根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第二金鑰;該App藉由該雜湊方法產生該第二金鑰的一第二雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性,若驗證通過,在該行動裝置上顯示一掃描介面,用於掃描該二維條碼;該App藉由該第二金鑰解譯所讀取到的該二維條碼的該加密內容,以得到該原碼內容及其中的該第一雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性,以確認該二維條碼之合法性;及若該二維條碼為合法,該App向該伺服器傳送一驗證資料,以供該伺服器驗證使用者身分,其中,該驗證資料包括一第一資料,該第一資料係藉由包含以下步驟之方法取得:根據該取樣位置以及該第二編號對應的加密方法,對解譯得到的文摘進行取樣及加密,得到一第一子資料;以及,基於該第二金鑰對該第一子資料及一第二子資料加密,以獲得該第一資料,其中該第二子資料為解譯得到的文摘的一雜湊值。The server encrypts the user account based on the first key to obtain an App tag file and provides the mobile device with storage. In addition, the server, the two-dimensional barcode, and the application are mutually authenticated by a method comprising: the App transmitting the user password to the server and the App label file obtained from the mobile device, the server After the confirmation is correct, the encrypted information is transmitted to the App, and the first hash value includes: a first number for identifying the specific combination method, a second number for identifying an encryption method, and a sampling a location; the app obtains the user account and the identification information from the mobile device, and selects the specific combination method according to the first number, and then combines the user account and the identification information according to the specific combination method to generate a a second key; the app generates a second hash value of the second key by the hash method, and verifies the consistency between the first hash value and the second hash value, and if the verification passes, the mobile device Displaying a scanning interface for scanning the two-dimensional barcode; the App interprets the encrypted content of the two-dimensional barcode read by the second key to obtain the original content and The first hash value in the verification, and verifying the consistency of the first hash value and the second hash value to confirm the validity of the two-dimensional barcode; and if the two-dimensional barcode is legal, the App is directed to the server Transmitting a verification data for the server to verify the identity of the user, wherein the verification data includes a first data obtained by the method comprising the following steps: corresponding to the sampling location and the second number Encrypting method, sampling and encrypting the extracted abstract to obtain a first sub-data; and encrypting the first sub-data and a second sub-data based on the second key to obtain the first data , wherein the second sub-data is a hash value of the extracted abstract.

根據本發明,所配合之該行動裝置包括但不限於一平板電腦或一智慧型手機。該行動裝置可包含一儲存單元,儲存有該軟體產品之程式碼,以及一處理單元,用於執行該軟體產品之程式碼。在本發明之較佳具體實施例中,所配合之該行動裝置為一智慧型手機。例如,使用者可透過該軟體產品輸入該使用者帳號及一啟用密碼,以登入該伺服器。該啟用密碼可於該軟體產品及其與該行動裝置之綁定經該伺服器認證後,由該伺服器傳送予該使用者。According to the present invention, the mobile device is included, but is not limited to a tablet computer or a smart phone. The mobile device can include a storage unit storing the code of the software product, and a processing unit for executing the code of the software product. In a preferred embodiment of the invention, the mobile device is a smart phone. For example, the user can enter the user account and an activation password through the software product to log in to the server. The activation password can be transmitted by the server to the user after the software product and its binding to the mobile device are authenticated by the server.

根據本發明,該軟體產品較佳係為一行動軟體產品(mobile application, App)。According to the invention, the software product is preferably a mobile application (App).

根據本發明之較佳具體實施例,該App標籤檔係隨該App下載至該行動裝置。In accordance with a preferred embodiment of the present invention, the App tag file is downloaded to the mobile device with the App.

在本發明之部分具體實施例中,該二維條碼為一實體二維條碼,包括一基質及顯示於其上的二維條碼。例如,該二維條碼為一二維條碼貼紙,使用者可將該二維條碼貼紙黏貼於(該行動裝置之外的)一隨身物品,以便於需要時藉由該行動裝置掃描。In some embodiments of the present invention, the two-dimensional barcode is a solid two-dimensional barcode comprising a substrate and a two-dimensional barcode displayed thereon. For example, the two-dimensional barcode is a two-dimensional barcode sticker, and the user can paste the two-dimensional barcode sticker on a portable item (other than the mobile device) so as to be scanned by the mobile device when needed.

在本發明之部分具體實施例中,該二維條碼為一QR碼(QR code)。In some embodiments of the present invention, the two-dimensional barcode is a QR code.

根據本發明之一較佳具體實施例,該文摘為一使用者自選文摘。According to a preferred embodiment of the present invention, the abstract is a user-selected abstract.

在本發明之部分具體實施例中,該識別資訊包含IMEI、UDID、鑰匙圈(Keychain)、MAC位址、手機號碼或其組合。In some embodiments of the present invention, the identification information includes an IMEI, a UDID, a Keychain, a MAC address, a mobile number, or a combination thereof.

在本發明之部分具體實施例中,該軟體產品內建有複數個組合方法及其對應的編號,使該軟體產品可根據該編號挑選出該特定組合方法。In some embodiments of the present invention, the software product has a plurality of combination methods and corresponding numbers embedded therein, so that the software product can select the specific combination method according to the number.

另一方面,本發明提供一種配合一行動裝置實現的使用者身分驗證方法,該方法包含:一伺服器產生一二維條碼,其中該二維條碼藉由包含下列步驟之方法產生:接收一使用者帳號、該行動裝置的一識別資訊、以及一文摘,自複數個組合方法中隨機挑選一特定組合方法,並根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第一金鑰;及基於該第一金鑰對一原碼內容進行加密,以獲得一加密內容,並根據該加密內容產生該二維條碼,其中該原碼內容包括該文摘、以及該第一金鑰的一第一雜湊值,該第一雜湊值藉由一雜湊方法產生;該伺服器基於該第一金鑰對該使用者帳號加密以獲得一App標籤檔,並提供予該行動裝置儲存;一軟體產品(App),下載自該伺服器並安裝於該行動裝置,向該伺服器傳送該使用者密碼以及取得自該行動裝置之該App標籤檔,該伺服器確認無誤後,向該App傳送一加密資訊、以及該第一雜湊值,該加密資訊包括:用於辨識該特定組合方法之第一編號、用於辨識一加密方法之第二編號、以及一取樣位置;該App自該行動裝置取得該使用者帳號及該識別資訊,並根據該第一編號挑選出該特定組合方法,再根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第二金鑰;該App藉由該雜湊方法產生該第二金鑰的一第二雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性,若驗證通過,在該行動裝置上顯示一掃描介面,用於掃描該二維條碼;及該App藉由該第二金鑰解譯所讀取到的該二維條碼的該加密內容,以得到該原碼內容及其中的該第一雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性,以確認該二維條碼之合法性;及若該二維條碼為合法,該App向該伺服器傳送一驗證資料,以供該伺服器驗證使用者身分,其中,該驗證資料包括一第一資料,該第一資料係藉由包含以下步驟之方法取得:根據該取樣位置以及該第二編號對應的加密方法,對解譯得到的文摘進行取樣及加密,得到一第一子資料;以及,基於該第二金鑰對該第一子資料及一第二子資料加密,以獲得該第一資料,其中該第二子資料為解譯得到的文摘的一雜湊值。In another aspect, the present invention provides a user identity verification method implemented by a mobile device, the method comprising: a server generating a two-dimensional barcode, wherein the two-dimensional barcode is generated by the method comprising: receiving a use a user account, an identification information of the mobile device, and an abstract, randomly selecting a specific combination method from the plurality of combination methods, and combining the user account and the identification information according to the specific combination method to generate a first gold And encrypting an original code content based on the first key to obtain an encrypted content, and generating the two-dimensional barcode according to the encrypted content, wherein the original code content includes the abstract, and the first key a first hash value, the first hash value is generated by a hash method; the server encrypts the user account based on the first key to obtain an App tag file, and provides the mobile device with storage; a software An application (App) downloaded from the server and installed in the mobile device, transmitting the user password to the server and the A obtained from the mobile device The pp tag file, after the server confirms that the error is correct, the device transmits an encrypted information and the first hash value, the encrypted information includes: a first number for identifying the specific combination method, and a method for identifying an encryption method. a second number and a sampling location; the App obtains the user account and the identification information from the mobile device, and selects the specific combination method according to the first number, and then combines the user account according to the specific combination method and The identification information is generated to generate a second key; the App generates a second hash value of the second key by the hash method, and verifies the consistency between the first hash value and the second hash value, Passing the verification, displaying a scanning interface on the mobile device for scanning the two-dimensional barcode; and the app interpreting the encrypted content of the two-dimensional barcode read by the second key to obtain the The original code content and the first hash value thereof, and verifying the consistency of the first hash value and the second hash value to confirm the validity of the two-dimensional barcode; and if the two-dimensional barcode is legal, the App To the wait Transmitting a verification data for the server to verify the identity of the user, wherein the verification data includes a first data obtained by the method comprising: following the sampling location and the second number Corresponding encryption method, sampling and encrypting the extracted abstract to obtain a first sub-data; and encrypting the first sub-data and a second sub-data based on the second key to obtain the first The data, wherein the second sub-data is a hash value of the extracted abstract.

在本發明之部分具體實施例中,該文摘係由該行動裝置之使用者自行選擇。In some embodiments of the invention, the abstract is selected by the user of the mobile device.

在本發明之部分具體實施例中,該二維條碼為一實體二維條碼,包括一基質及顯示於其上的二維條碼。在本發明之部分具體實施例中,該二維條碼為一QR碼(QR code)。In some embodiments of the present invention, the two-dimensional barcode is a solid two-dimensional barcode comprising a substrate and a two-dimensional barcode displayed thereon. In some embodiments of the present invention, the two-dimensional barcode is a QR code.

根據本發明之較佳具體實施例,該App標籤檔係隨該App下載至該行動裝置。In accordance with a preferred embodiment of the present invention, the App tag file is downloaded to the mobile device with the App.

根據本發明之一較佳具體實施例,該文摘為一使用者自選文摘。According to a preferred embodiment of the present invention, the abstract is a user-selected abstract.

在本發明之部分具體實施例中,該識別資訊包含IMEI、UDID、鑰匙圈(Keychain)、MAC位址、手機號碼或其組合。In some embodiments of the present invention, the identification information includes an IMEI, a UDID, a Keychain, a MAC address, a mobile number, or a combination thereof.

在本發明之部分具體實施例中,該軟體產品內建有複數個組合方法及其對應的編號,使該軟體產品可根據該編號挑選出該特定組合方法。In some embodiments of the present invention, the software product has a plurality of combination methods and corresponding numbers embedded therein, so that the software product can select the specific combination method according to the number.

現配合圖1及圖2說明本發明之配合一行動裝置實現的使用者身分驗證系統及方法的較佳具體實施例。A preferred embodiment of the user identity verification system and method implemented by the present invention in conjunction with a mobile device will now be described with reference to FIGS. 1 and 2.

請參見圖1,所示為本發明之一具體實施例之配合一行動裝置實現的使用者身分驗證系統。在本具體實施例中,配合一行動裝置實現的使用者身分驗證系統1包含一伺服器10、一二維條碼11以及一軟體產品12。該二維條碼11由該伺服器10產生。該軟體產品12下載自該伺服器10,並安裝於一行動裝置9。Referring to FIG. 1, a user identity verification system implemented by a mobile device according to an embodiment of the present invention is shown. In the specific embodiment, the user identity verification system 1 implemented by a mobile device includes a server 10, a two-dimensional barcode 11 and a software product 12. The two-dimensional barcode 11 is generated by the server 10. The software product 12 is downloaded from the server 10 and mounted to a mobile device 9.

在本發明之部分具體實施例中,該二維條碼11為一實體二維條碼,包括一基質及顯示於其上的二維條碼。該二維條碼11藉由包含下列步驟之方法產生:該伺服器10接收(例如,由該行動裝置9的使用者自行登錄)一使用者帳號、該行動裝置9的一識別資訊、以及一文摘,自複數個組合方法中隨機挑選一特定組合方法,並根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第一金鑰。In some embodiments of the present invention, the two-dimensional barcode 11 is a solid two-dimensional barcode comprising a substrate and a two-dimensional barcode displayed thereon. The two-dimensional barcode 11 is generated by a method comprising: the server 10 receiving (for example, logging in by the user of the mobile device 9) a user account, an identification information of the mobile device 9, and an abstract And randomly selecting a specific combination method from the plurality of combination methods, and combining the user account and the identification information according to the specific combination method to generate a first key.

於部分具體實施例中,該文摘為一使用者自選文摘。例如,由使用者自行選擇的一篇短文或一段歌詞等等。其中,該文摘之位元數較佳係介於512位元至1024位元之間。此外,該特定組合方法係將該使用者帳號及該識別資訊做隨機組合,其組合方式包括但不限於:單一欄位或多欄位的完整資料組合,多欄位之部份資料組合,及/或同一欄位資料的多次組合。In some embodiments, the abstract is a user-selected abstract. For example, a short essay or a piece of lyrics, etc., selected by the user. The number of bits in the abstract is preferably between 512 and 1024 bits. In addition, the specific combination method randomly combines the user account and the identification information, and the combination manner includes but is not limited to: a complete data combination of a single field or multiple fields, a partial data combination of multiple fields, and / or multiple combinations of the same field data.

該伺服器10基於該第一金鑰對一原碼內容進行加密,以獲得一加密內容,並根據該加密內容產生該二維條碼11。其中該原碼內容包括該文摘、以及該第一金鑰的一第一雜湊值,該第一雜湊值藉由一雜湊方法產生。The server 10 encrypts an original code content based on the first key to obtain an encrypted content, and generates the two-dimensional barcode 11 according to the encrypted content. The content of the original code includes the digest, and a first hash value of the first key, the first hash value is generated by a hash method.

此外,該伺服器10基於該第一金鑰對該使用者帳號加密以獲得一App標籤檔,並提供予該行動裝置9儲存。其中,該伺服器10、該二維條碼11以及該App係藉由包含以下步驟之方法互相驗證:該App向該伺服器10傳送該使用者密碼以及取得自該行動裝置9之該App標籤檔,該伺服器10確認無誤後,向該App傳送一加密資訊、以及該第一雜湊值。In addition, the server 10 encrypts the user account based on the first key to obtain an App tag file, and provides the mobile device 9 for storage. The server 10, the two-dimensional barcode 11 and the App system mutually authenticate each other by the method comprising the following steps: the App transmits the user password to the server 10 and the App label file obtained from the mobile device 9. After the server 10 confirms that it is correct, it transmits an encrypted information and the first hash value to the App.

上述之該加密資訊包括:用於辨識該特定組合方法之第一編號、用於辨識一加密方法之第二編號、以及一取樣位置;該App自該行動裝置9取得該使用者帳號及該識別資訊,並根據該第一編號挑選出該特定組合方法,再根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第二金鑰。The encrypted information includes: a first number for identifying the specific combination method, a second number for identifying an encryption method, and a sampling location; the App obtains the user account and the identification from the mobile device 9. The information is selected according to the first number, and the user account and the identification information are combined according to the specific combination method to generate a second key.

接著,該App藉由該雜湊方法產生該第二金鑰的一第二雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性。若驗證通過,在該行動裝置9上顯示一掃描介面,可透過該掃描介面掃描該二維條碼11。此外,該App藉由該第二金鑰解譯所讀取到的該二維條碼11的該加密內容,以得到該原碼內容及其中的該第一雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性。Then, the App generates a second hash value of the second key by the hash method, and verifies the consistency of the first hash value and the second hash value. If the verification is passed, a scanning interface is displayed on the mobile device 9, and the two-dimensional barcode 11 can be scanned through the scanning interface. In addition, the app interprets the encrypted content of the two-dimensional barcode 11 read by the second key to obtain the original code content and the first hash value thereof, and verify the first hash value. Consistency with the second hash value.

在部分具體實施例中,該配合一行動裝置實現的使用者身分驗證系統1所配合之該行動裝置9可為一平板電腦或一智慧型手機。在本發明之較佳具體實施例中,配合一行動裝置實現的使用者身分驗證系統1所配合之該行動裝置9為一智慧型手機。此外,該行動裝置9可包含一掃描元件(未顯示於圖式中),用以掃描該二維條碼11。舉例而言,掃描元件可為一照相元件。該二維條碼11可為一QR碼(QR code)。In some embodiments, the mobile device 9 cooperated with the user identity verification system 1 implemented by a mobile device may be a tablet computer or a smart phone. In a preferred embodiment of the present invention, the mobile device 9 cooperated with the user identity verification system 1 implemented by a mobile device is a smart phone. In addition, the mobile device 9 can include a scanning element (not shown) for scanning the two-dimensional barcode 11. For example, the scanning element can be a photographic element. The two-dimensional barcode 11 can be a QR code.

另外,在部分具體實施例中,伺服器10可包含一資料庫(未顯示於圖式中),用以儲存前述之特定組合方法。Additionally, in some embodiments, server 10 may include a database (not shown) for storing the particular combination method described above.

在部分具體實施例中,該App標籤檔係隨該App下載至該行動裝置9。In some embodiments, the App tag file is downloaded to the mobile device 9 with the App.

在部分具體實施例中,所述識別資訊包含IMEI、UDID、鑰匙圈(Keychain)、MAC位址、及手機號碼之中的一或多者,但本發明不以此為限。In some embodiments, the identification information includes one or more of an IMEI, a UDID, a keychain, a MAC address, and a mobile phone number, but the invention is not limited thereto.

另一方面,本發明提供一配合一行動裝置實現的使用者身分驗證方法。請參見圖2,圖2係繪示本發明之一具體實施例之配合一行動裝置實現的使用者身分驗證方法之流程圖。如圖所示,該方法包含下列步驟:(S20)一伺服器產生一二維條碼,其中該二維條碼藉由包含下列步驟之方法產生:接收一使用者帳號、該行動裝置的一識別資訊、以及一文摘,自複數個組合方法中隨機挑選一特定組合方法,並根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第一金鑰;基於該第一金鑰對一原碼內容進行加密,以獲得一加密內容,並根據該加密內容產生該二維條碼,其中該原碼內容包括該文摘、以及該第一金鑰的一第一雜湊值,該第一雜湊值藉由一雜湊方法產生;(S21)該伺服器基於該第一金鑰對該使用者帳號加密以獲得一App標籤檔,並提供予該行動裝置儲存;(S22)一軟體產品(App)下載自該伺服器並安裝於該行動裝置,向該伺服器傳送該使用者密碼以及取得自該行動裝置之該App標籤檔,該伺服器確認無誤後,向該App傳送一加密資訊、以及該第一雜湊值,該加密資訊包括:用於辨識該特定組合方法之第一編號、用於辨識一加密方法之第二編號、以及一取樣位置;(S23)該App自該行動裝置取得該使用者帳號及該識別資訊,並根據該第一編號挑選出該特定組合方法,再根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第二金鑰;(S24)該App藉由該雜湊方法產生該第二金鑰的一第二雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性,若驗證通過,在該行動裝置上顯示一掃描介面,用於掃描該二維條碼;及(S25)該App藉由該第二金鑰解譯所讀取到的該二維條碼的該加密內容,以得到該原碼內容及其中的該第一雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性。In another aspect, the present invention provides a user identity verification method implemented in conjunction with a mobile device. Referring to FIG. 2, FIG. 2 is a flow chart of a user identity verification method implemented by a mobile device according to an embodiment of the present invention. As shown, the method includes the following steps: (S20) a server generates a two-dimensional barcode, wherein the two-dimensional barcode is generated by a method comprising: receiving a user account, an identification information of the mobile device And an abstract, randomly selecting a specific combination method from the plurality of combination methods, and combining the user account and the identification information according to the specific combination method to generate a first key; and based on the first key pair The original code content is encrypted to obtain an encrypted content, and the two-dimensional barcode is generated according to the encrypted content, wherein the original code content includes the abstract, and a first hash value of the first key, the first hash value (S21) the server encrypts the user account based on the first key to obtain an App tag file, and provides the mobile device file for storage; (S22) downloading a software product (App) The server is installed in the mobile device, and transmits the user password and the App tag file obtained from the mobile device to the server. After the server confirms the error, the server The App transmits an encrypted information, and the first hash value, the encrypted information includes: a first number for identifying the specific combination method, a second number for identifying an encryption method, and a sampling position; (S23) The user obtains the user account and the identification information from the mobile device, and selects the specific combination method according to the first number, and then combines the user account and the identification information according to the specific combination method to generate a second gold. Key (S24), the App generates a second hash value of the second key by the hash method, and verifies the consistency of the first hash value and the second hash value, and if the verification passes, the mobile device Displaying a scan interface for scanning the two-dimensional barcode; and (S25) the App interprets the encrypted content of the two-dimensional barcode read by the second key to obtain the original code content and The first hash value is verified, and the consistency of the first hash value with the second hash value is verified.

其中,該二維條碼為一實體二維條碼,包括一基質及顯示於其上的二維條碼,該二維條碼為一QR碼(QR code)。該App標籤檔係隨該App下載至該行動裝置。該文摘為一使用者自選文摘。該識別資訊包含IMEI、UDID、鑰匙圈(Keychain)、MAC位址、手機號碼或其組合。The two-dimensional barcode is a physical two-dimensional barcode, and includes a matrix and a two-dimensional barcode displayed thereon, the two-dimensional barcode is a QR code. The App tag file is downloaded to the mobile device with the app. The abstract is a user-selected abstract. The identification information includes an IMEI, a UDID, a keychain, a MAC address, a mobile number, or a combination thereof.

應注意的是,本發明之配合一行動裝置實現的使用者身分驗證方法可配合或不配合前述之配合一行動裝置實現的使用者身分驗證系統1完成。It should be noted that the user identity verification method implemented by the present invention in conjunction with a mobile device can be completed with or without the aforementioned user identity verification system 1 implemented with a mobile device.

綜上所述,由於近年來駭客不斷發展出各種電腦病毒、蠕蟲、釣魚網站、社交工程、側錄型木馬程式等攻擊手段,其目的在於取得電腦系統資源,進而獲取不法利益。現行多數金融業者仍依循傳統模式,以密碼管制電腦系統資源,是以駭客亦多以竊取系統密碼作為攻擊手段的目標。一旦使用者帳號與密碼遭到竊取時,駭客即有機會冒用使用者身份,自行內或行外登入電腦系統竊取資料,對於金融業者將可能衍生機敏資料外洩、財務與商譽損失、甚或危及公司營運等災難。相較於習知技術,本發明之配合一行動裝置實現的使用者身分驗證系統及方法至少可達成以下功效: 1. 在行動裝置及伺服器產生之二維條碼,二者實體相互分離之情況下,提供一種安全登入機制,以令使用者不需要密碼即可登入辦公室電腦系統,一改習知以使用者帳號及密碼做為登入辦公室電腦系統的唯一身份鑑別機制。 2. 由於不需要密碼,對於使用者而言並沒有保管、變更、遺失、遭竊或忘記密碼之負擔及風險。 3. 駭客無法藉由病毒、蠕蟲、釣魚網站、社交工程、木馬程式、APT等攻擊手段,取得辦公室電腦系統登入權限(密碼)。In summary, in recent years, hackers have continuously developed various computer viruses, worms, phishing websites, social projects, and side-recording Trojans. The purpose is to obtain computer system resources and obtain illegal interests. Most of the current financial industry still follow the traditional model, using passwords to control computer system resources, which is the target of hackers to steal system passwords as a means of attack. Once the user's account and password are stolen, the hacker has the opportunity to fraudulently use the user's identity and log in to the computer system to steal information either internally or externally. For the financial industry, the risky information leakage, financial and goodwill loss, Even jeopardizing disasters such as company operations. Compared with the prior art, the user identity verification system and method implemented by the mobile device of the present invention can achieve at least the following effects: 1. The two-dimensional barcode generated by the mobile device and the server is physically separated from each other. Next, a secure login mechanism is provided to enable the user to log into the office computer system without a password, and to change the user identity account and password as the only identity authentication mechanism for logging into the office computer system. 2. Since no password is required, there is no burden or risk to the user to keep, change, lose, stolen or forget the password. 3. The hacker cannot obtain the login permission (password) of the office computer system by means of viruses, worms, phishing websites, social engineering, Trojans, APT and other means of attack.

藉由上開具體實施例之詳述,係希望能更加清楚描述本發明之特徵與精神,而並非以上述所揭露之具體實施例限制本發明之範疇。相反地,其目的係希望能涵蓋各種改變及具相等性的安排於本發明所欲申請之專利範圍的範疇內。The features and spirit of the present invention are intended to be more apparent from the detailed description of the embodiments. On the contrary, the intention is to cover various modifications and equivalents within the scope of the invention as claimed.

1‧‧‧配合一行動裝置實現的使用者身分驗證系統 1 ‧‧‧ User identity verification system implemented with a mobile device

10‧‧‧伺服器 10 ‧‧‧Server

11‧‧‧二維條碼 11 ‧‧‧2D barcode

12‧‧‧軟體產品 12 ‧‧‧Software products

9‧‧‧行動裝置 9 ‧‧‧Mobile devices

S20~S25‧‧‧步驟流程 S20~S25 ‧‧‧Step process

圖1係繪示本發明之一具體實施例之配合一行動裝置實現的使用者身分驗證系統之方塊圖。1 is a block diagram of a user identity verification system implemented in conjunction with a mobile device in accordance with an embodiment of the present invention.

圖2係繪示本發明之一具體實施例之配合一行動裝置實現的使用者身分驗證方法之流程圖。FIG. 2 is a flow chart showing a user identity verification method implemented by a mobile device according to an embodiment of the present invention.

no

Claims (14)

一種配合一行動裝置實現的使用者身分驗證系統,包含: 一伺服器; 一二維條碼,由該伺服器產生;以及 一軟體產品(App),下載自該伺服器並安裝於該行動裝置; 其中,該二維條碼藉由包含下列步驟之方法產生: 該伺服器接收一使用者帳號、該行動裝置的一識別資訊、以及一文摘,自複數個組合方法中隨機挑選一特定組合方法,並根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第一金鑰;及 該伺服器基於該第一金鑰對一原碼內容進行加密,以獲得一加密內容,並根據該加密內容產生該二維條碼,其中該原碼內容包括該文摘、以及該第一金鑰的一第一雜湊值,該第一雜湊值藉由一雜湊方法產生; 其中,該伺服器基於該第一金鑰對該使用者帳號加密以獲得一App標籤檔,並提供予該行動裝置儲存;且 其中,該伺服器、該二維條碼以及該App係藉由包含以下步驟之方法互相驗證: 該App向該伺服器傳送該使用者密碼以及取得自該行動裝置之該App標籤檔,該伺服器確認無誤後,向該App傳送一加密資訊、以及該第一雜湊值,該加密資訊包括:用於辨識該特定組合方法之第一編號、用於辨識一加密方法之第二編號、以及一取樣位置; 該App自該行動裝置取得該使用者帳號及該識別資訊,並根據該第一編號挑選出該特定組合方法,再根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第二金鑰; 該App藉由該雜湊方法產生該第二金鑰的一第二雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性,若驗證通過,在該行動裝置上顯示一掃描介面,用於掃描該二維條碼; 該App藉由該第二金鑰解譯所讀取到的該二維條碼的該加密內容,以得到該原碼內容及其中的該第一雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性,以確認該二維條碼之合法性;及 若該二維條碼為合法,該App向該伺服器傳送一驗證資料,以供該伺服器驗證使用者身分,其中,該驗證資料包括一第一資料,該第一資料係藉由包含以下步驟之方法取得:根據該取樣位置以及該第二編號對應的加密方法,對解譯得到的文摘進行取樣及加密,得到一第一子資料;以及,基於該第二金鑰對該第一子資料及一第二子資料加密,以獲得該第一資料,其中該第二子資料為解譯得到的文摘的一雜湊值。A user identity verification system implemented by a mobile device includes: a server; a two-dimensional barcode generated by the server; and a software product (App) downloaded from the server and installed in the mobile device; The two-dimensional barcode is generated by the method comprising the following steps: the server receives a user account, an identification information of the mobile device, and an abstract, randomly selecting a specific combination method from the plurality of combination methods, and Combining the user account and the identification information according to the specific combination method to generate a first key; and the server encrypts an original code content based on the first key to obtain an encrypted content, and according to the The encrypted content generates the two-dimensional barcode, wherein the original code content includes the abstract and a first hash value of the first key, the first hash value is generated by a hash method; wherein the server is based on the first a key is encrypted to obtain an App tag file and provided to the mobile device for storage; and wherein the server, the two-dimensional barcode And the app is mutually authenticated by the method comprising the following steps: the App transmits the user password to the server and the App tag file obtained from the mobile device, and after the server confirms the error, transmits an encryption to the App. Information and the first hash value, the encrypted information comprising: a first number for identifying the particular combination method, a second number for identifying an encryption method, and a sampling location; the App obtaining the from the mobile device a user account and the identification information, and selecting the specific combination method according to the first number, and combining the user account and the identification information according to the specific combination method to generate a second key; The hash method generates a second hash value of the second key, and verifies the consistency of the first hash value with the second hash value, and if the verification passes, displays a scan interface on the mobile device for scanning the a two-dimensional barcode; the App interprets the encrypted content of the two-dimensional barcode read by the second key to obtain the original code content and the first hash value thereof, and verify The first hash value is consistent with the second hash value to confirm the validity of the two-dimensional barcode; and if the two-dimensional barcode is legal, the App transmits a verification data to the server for the server Verifying the identity of the user, wherein the verification data includes a first data obtained by the method comprising the following steps: extracting the abstracted digest according to the sampling location and the encryption method corresponding to the second number Sampling and encrypting to obtain a first sub-data; and encrypting the first sub-data and a second sub-data based on the second key to obtain the first data, wherein the second sub-data is interpreted A hash value of the resulting digest. 如請求項1之系統,其中該二維條碼為一實體二維條碼,包括一基質及顯示於其上的二維條碼。The system of claim 1, wherein the two-dimensional barcode is a physical two-dimensional barcode comprising a substrate and a two-dimensional barcode displayed thereon. 如請求項1或2之系統,其中該二維條碼為一QR碼(QR code)。The system of claim 1 or 2, wherein the two-dimensional barcode is a QR code. 如請求項1之系統,其中該App標籤檔係隨該App下載至該行動裝置。The system of claim 1, wherein the App tag file is downloaded to the mobile device with the App. 如請求項1之系統,其中該文摘為一使用者自選文摘。The system of claim 1, wherein the digest is a user-selected digest. 如請求項1之系統,其中該驗證資料更包括一第二資料,該第二資料為該第二雜湊值。The system of claim 1, wherein the verification data further comprises a second data, the second data being the second hash value. 如請求項1之系統,其中該識別資訊包含IMEI、UDID、鑰匙圈(Keychain)、MAC位址、手機號碼或其組合。The system of claim 1, wherein the identification information comprises an IMEI, a UDID, a keychain, a MAC address, a mobile number, or a combination thereof. 一種配合一行動裝置實現的使用者身分驗證方法,包含: 一伺服器產生一二維條碼,其中該二維條碼藉由包含下列步驟之方法產生: 接收一使用者帳號、該行動裝置的一識別資訊、以及一文摘,自複數個組合方法中隨機挑選一特定組合方法,並根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第一金鑰;及 基於該第一金鑰對一原碼內容進行加密,以獲得一加密內容,並根據該加密內容產生該二維條碼,其中該原碼內容包括該文摘、以及該第一金鑰的一第一雜湊值,該第一雜湊值藉由一雜湊方法產生; 該伺服器基於該第一金鑰對該使用者帳號加密以獲得一App標籤檔,並提供予該行動裝置儲存; 一軟體產品(App)下載自該伺服器並安裝於該行動裝置,向該伺服器傳送該使用者密碼以及取得自該行動裝置之該App標籤檔,該伺服器確認無誤後,向該App傳送一加密資訊、以及該第一雜湊值,該加密資訊包括:用於辨識該特定組合方法之第一編號; 該App自該行動裝置取得該使用者帳號及該識別資訊,並根據該第一編號挑選出該特定組合方法,再根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第二金鑰; 該App藉由該雜湊方法產生該第二金鑰的一第二雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性,若驗證通過,在該行動裝置上顯示一掃描介面,用於掃描該二維條碼; 該App藉由該第二金鑰解譯所讀取到的該二維條碼的該加密內容,以得到該原碼內容及其中的該第一雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性,以確認該二維條碼之合法性;及 若該二維條碼為合法,該App向該伺服器傳送一驗證資料,以供該伺服器驗證使用者身分,其中,該驗證資料包括一第一資料,該第一資料係藉由包含以下步驟之方法取得:根據該取樣位置以及該第二編號對應的加密方法,對解譯得到的文摘進行取樣及加密,得到一第一子資料;以及,基於該第二金鑰對該第一子資料及一第二子資料加密,以獲得該第一資料,其中該第二子資料為解譯得到的文摘的一雜湊值。A user identity verification method implemented by a mobile device includes: a server generating a two-dimensional barcode, wherein the two-dimensional barcode is generated by the method comprising: receiving a user account, and identifying the mobile device Information, and an abstract, randomly selecting a specific combination method from the plurality of combination methods, and combining the user account and the identification information according to the specific combination method to generate a first key; and based on the first key Encrypting an original code content to obtain an encrypted content, and generating the two-dimensional barcode according to the encrypted content, wherein the original code content includes the abstract, and a first hash value of the first key, the first The hash value is generated by a hash method; the server encrypts the user account based on the first key to obtain an App tag file, and provides the mobile device with storage; a software product (App) is downloaded from the server And installing on the mobile device, transmitting the user password to the server and the App label file obtained from the mobile device, the server confirms that there is no And transmitting, to the App, an encrypted information, and the first hash value, the encrypted information includes: a first number used to identify the specific combination method; the App obtains the user account and the identification information from the mobile device, And selecting the specific combination method according to the first number, and combining the user account and the identification information according to the specific combination method to generate a second key; the App generates the second key by the hash method a second hash value, and verifying the consistency of the first hash value and the second hash value, if the verification is passed, displaying a scan interface on the mobile device for scanning the two-dimensional barcode; The second key interprets the encrypted content of the read two-dimensional barcode to obtain the original code content and the first hash value thereof, and verify the first hash value and the second hash value. Consistency to confirm the legality of the two-dimensional barcode; and if the two-dimensional barcode is legal, the App transmits a verification data to the server for the server to verify the identity of the user, wherein the verification data includes a first data obtained by sampling and encrypting the extracted abstract according to the sampling location and the encryption method corresponding to the second number to obtain a first sub-data; And encrypting the first sub-data and the second sub-data based on the second key to obtain the first data, where the second sub-data is a hash value of the extracted abstract. 如請求項8之方法,其中該二維條碼為一實體二維條碼,包括一基質及顯示於其上的二維條碼。The method of claim 8, wherein the two-dimensional barcode is a physical two-dimensional barcode comprising a substrate and a two-dimensional barcode displayed thereon. 如請求項8或9之方法,其中該二維條碼為一QR碼(QR code)。The method of claim 8 or 9, wherein the two-dimensional barcode is a QR code. 如請求項8之方法,其中該App標籤檔係隨該App下載至該行動裝置。The method of claim 8, wherein the App tag file is downloaded to the mobile device with the App. 如請求項8之方法,其中該文摘為一使用者自選文摘。The method of claim 8, wherein the digest is a user-selected digest. 如請求項8之方法,其中該驗證資料更包括一第二資料,該第二資料為該第二雜湊值。The method of claim 8, wherein the verification data further comprises a second data, the second data being the second hash value. 如請求項8之方法,其中該識別資訊包含IMEI、UDID、鑰匙圈(Keychain)、MAC位址、手機號碼或其組合。The method of claim 8, wherein the identification information comprises an IMEI, a UDID, a keychain, a MAC address, a mobile number, or a combination thereof.
TW106117621A 2017-05-26 2017-05-26 User verification system implemented along with a mobile device and method thereof TWI640887B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW106117621A TWI640887B (en) 2017-05-26 2017-05-26 User verification system implemented along with a mobile device and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW106117621A TWI640887B (en) 2017-05-26 2017-05-26 User verification system implemented along with a mobile device and method thereof

Publications (2)

Publication Number Publication Date
TWI640887B TWI640887B (en) 2018-11-11
TW201901510A true TW201901510A (en) 2019-01-01

Family

ID=65034263

Family Applications (1)

Application Number Title Priority Date Filing Date
TW106117621A TWI640887B (en) 2017-05-26 2017-05-26 User verification system implemented along with a mobile device and method thereof

Country Status (1)

Country Link
TW (1) TWI640887B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI774963B (en) * 2019-06-12 2022-08-21 遊戲橘子數位科技股份有限公司 How to force a password change

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10528944B2 (en) * 2012-04-13 2020-01-07 Mastercard International Incorporated Systems, methods, and computer readable media for conducting a transaction using cloud based credentials
CN103281340B (en) * 2013-06-26 2016-12-28 百度在线网络技术(北京)有限公司 2 D code verification method, system, client, issue and cloud server
CN105099673A (en) * 2014-04-15 2015-11-25 阿里巴巴集团控股有限公司 Authorization method, authorization requesting method and devices
CN104065652B (en) * 2014-06-09 2015-10-14 北京石盾科技有限公司 A kind of auth method, device, system and relevant device
TWI529641B (en) * 2014-07-17 2016-04-11 捷碼數位科技股份有限公司 System for verifying data displayed dynamically by mobile and method thereof

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI774963B (en) * 2019-06-12 2022-08-21 遊戲橘子數位科技股份有限公司 How to force a password change

Also Published As

Publication number Publication date
TWI640887B (en) 2018-11-11

Similar Documents

Publication Publication Date Title
US10491379B2 (en) System, device, and method of secure entry and handling of passwords
JP6606156B2 (en) Data security service
US9350548B2 (en) Two factor authentication using a protected pin-like passcode
US20200211002A1 (en) System and method for authorization token generation and transaction validation
US8640203B2 (en) Methods and systems for the authentication of a user
JP6702874B2 (en) Method and apparatus for providing client-side score-based authentication
CN103390124B (en) Safety input and the equipment, system and method for processing password
WO2015188424A1 (en) Key storage device and method for using same
TR201810238T4 (en) The appropriate authentication method and apparatus for the user using a mobile authentication application.
JP7309261B2 (en) Authentication method for biometric payment device, authentication device for biometric payment device, computer device, and computer program
CN101420302A (en) Safe identification method and device
CN104881595B (en) The self-help remote unlocking method managed based on PIN code
CN112202794A (en) Transaction data protection method and device, electronic equipment and medium
TWI640887B (en) User verification system implemented along with a mobile device and method thereof
TWI640928B (en) System for generating and decrypting two-dimensional codes and method thereof
TWI644227B (en) Cross verification system implemented along with a mobile device and method thereof
CN114238915A (en) Digital certificate adding method and device, computer equipment and storage medium
TWM551721U (en) Login system implemented along with a mobile device without password
TWI670618B (en) Login system implemented along with a mobile device without password and method thereof
Caballero-Gil et al. Research on smart-locks cybersecurity and vulnerabilities
TWM549918U (en) Cross verification system implemented along with a mobile device
TWM555518U (en) User verification system implemented along with a mobile device
Chahal et al. Challenges and security issues of NoSQL databases
US20240054494A1 (en) Pufduf methods and systems for authenticating identity
TWM553464U (en) Login system without password