TWI465128B - Method, system of server authentication, and a computer-readable medium - Google Patents
Method, system of server authentication, and a computer-readable medium Download PDFInfo
- Publication number
- TWI465128B TWI465128B TW101140963A TW101140963A TWI465128B TW I465128 B TWI465128 B TW I465128B TW 101140963 A TW101140963 A TW 101140963A TW 101140963 A TW101140963 A TW 101140963A TW I465128 B TWI465128 B TW I465128B
- Authority
- TW
- Taiwan
- Prior art keywords
- authentication
- server
- mobile communication
- communication device
- information
- Prior art date
Links
Landscapes
- Telephonic Communication Services (AREA)
- Mobile Radio Communication Systems (AREA)
- Information Transfer Between Computers (AREA)
Description
本發明為一種伺服器認證方法與系統,特別是利用一第三方認證機制產生之驗證碼達成存取特定伺服器或特定目的的認證方法與系統。The present invention is a server authentication method and system, and in particular, an authentication method and system for accessing a specific server or a specific purpose by using a verification code generated by a third-party authentication mechanism.
登入特定裝置時所需鍵入的密碼是一般用於防止別人竊取資訊用的手段之一,傳統密碼為固定式的,當被人竊取時,竊取的人就可以冒名使用他人的資訊,產生網路安全的問題,因而習知技術發展一種每次認證時產生不同密碼的動態密碼的技術。The password you need to type when logging in to a specific device is one of the means used to prevent others from stealing information. The traditional password is fixed. When it is stolen, the stolen person can use the information of others to create a network. The problem of security, and thus the prior art, develops a technique for generating dynamic passwords of different passwords per authentication.
此類動態密碼比如為一次式密碼(one-time password,OTP),在啟動此類動態密碼機制時,使用者所取得的密碼由特定演算法產生,僅一次有效,參考的變數有當下的時間、次數或輸入內容等,這些可作為動態密碼的種值(seed),經輸入演算法後得到結果,並轉換成密碼,由於此種值為根據變動的資訊所產生,因此每次產生的密碼都不相同,即便被人知道,卻因為僅用一次就失效,因此可以達到安全認證的目的。Such a dynamic password is, for example, a one-time password (OTP). When such a dynamic password mechanism is activated, the password obtained by the user is generated by a specific algorithm, and is valid only once, and the reference variable has the current time. , the number of times or the input content, etc., these can be used as the seed of the dynamic password. After inputting the algorithm, the result is obtained and converted into a password. Since this value is generated according to the changed information, the password generated each time. It is different, even if it is known, it will be invalidated only once, so it can achieve the purpose of safety certification.
根據習知產生動態密碼的技術之一,提供一種具有顯示螢幕的動態密碼鑰匙,稱為Token裝置,此Token裝置內嵌有一計時電路,以及依據特定演算法的密碼產生器,可由認證單位提供。其中計時電路已經Token裝置初始化設定與認證的伺服器同步。當使用者登入特定伺服器時,伺服器的登入畫面將要求Token裝置依據計時電路產生的 資訊而產生動態密碼,由使用者填入動態密碼後完成登入。According to one of the techniques for generating a dynamic password, a dynamic cryptographic key having a display screen, called a Token device, is embedded in the Token device, and a cryptographic generator according to a specific algorithm can be provided by the certification unit. The timing circuit has been initialized with the Token device and synchronized with the authenticated server. When the user logs in to a specific server, the login screen of the server will ask the Token device to generate it based on the timing circuit. The information generates a dynamic password, and the user fills in the dynamic password to complete the login.
習知技術產生動態密碼的網路架構可參考圖1所示之示意圖,圖中所示在使用者端的動態密碼鑰匙102即可為前述的Token裝置,其中載有動態密碼產生的演算法,而且與提供認證的認證管理伺服器104的演算法一致,並且可設定同步產生密碼的機制,並且認證管理伺服器104載有各使用者所持有的動態密碼鑰匙102的硬體資訊,與產生的時機配合,可作為密碼產生的種值(seed)。The network architecture for generating a dynamic password can be referred to the schematic diagram shown in FIG. 1. The dynamic cipher key 102 shown at the user end can be the aforementioned Token device, which carries an algorithm for generating dynamic ciphers, and It is consistent with the algorithm of the authentication management server 104 that provides authentication, and can set a mechanism for synchronously generating a password, and the authentication management server 104 carries the hardware information of the dynamic password key 102 held by each user, and the generated The timing is matched as a seed generated by the password.
圖中顯示使用者透過使用者電腦101連線一網路伺服器103,當進行連線時,網路伺服器103一旦獲得登入的請求後,其後端或是相關的認證管理伺服器104將會依據演算碼與對應的動態密碼鑰匙102產生動態密碼,同時,動態密碼鑰匙102亦同步產生密碼,比如每分鐘產生一次,因此使用者可依據動態密碼鑰匙102顯示的一次式密碼經使用者電腦101登入網路伺服器103。網路伺服器103將由認證管理伺服器104取得認證的資料,依此判斷是否成功登入。The figure shows that the user connects to the network server 103 through the user computer 101. When the connection is made, the network server 103, once the login request is obtained, the back end or the associated authentication management server 104 will The dynamic password is generated according to the calculation code and the corresponding dynamic password key 102. At the same time, the dynamic password key 102 also generates the password synchronously, for example, once every minute, so that the user can use the one-time password displayed by the dynamic password key 102 via the user computer. 101 logs into the web server 103. The network server 103 will obtain the authenticated data by the authentication management server 104, and thereby determine whether the login is successful.
其他一次式密碼的機制如一種簡訊密碼,也就是伺服器與電信業者合作,於使用者登入特定伺服器時,伺服器先取得登入資料,協同電信業者(或認證業者)發送簡訊密碼給使用者,由使用者填入簡訊密碼後完成登入。Other one-time password mechanisms, such as a SMS password, that is, the server cooperates with the telecom operator. When the user logs in to a specific server, the server first obtains the login data, and cooperates with the carrier (or the certification provider) to send the password to the user. After the user fills in the SMS password, the login is completed.
為提供一多重身份認證的機制,本發明提出一種伺服器認證方法與系統,並一載有執行認證方法的程式指令的 電腦可讀取媒體。根據發明實施例的描述,此認證方法特別是利用第三方認證機制達成高安全性的身份認證的方式,其中利用使用者手持行動通訊裝置產生驗證碼,再經認證機制確認使用者身份,以達成伺服器登入目的。In order to provide a mechanism for multiple identity authentication, the present invention provides a server authentication method and system, and a program instruction that executes an authentication method is provided. The computer can read the media. According to the description of the embodiments of the present invention, the authentication method uses a third-party authentication mechanism to achieve a high-security identity authentication method, wherein the user-held mobile communication device generates a verification code, and then the user is authenticated by the authentication mechanism to achieve Server login purpose.
根據發明實施例,所提出的伺服器認證方法特別適用於一架設於網路上的身份認證系統,此系統中可載有一網路伺服模組與一認證伺服模組,網路伺服模組與認證伺服模組除了可設於同一個身份認證系統之下,更在一特定實施方式中可分別為設於不同位置的網路伺服器與認證伺服器,而此認證伺服器特別可為一第三方所提供認證用、獨立運作的伺服器。According to an embodiment of the invention, the proposed server authentication method is particularly suitable for an identity authentication system installed on a network, which can carry a network servo module and an authentication servo module, a network servo module and authentication. The servo module can be set under the same identity authentication system, and in a specific implementation, it can be a network server and an authentication server set in different locations, and the authentication server can be a third party. A server that provides authentication and operates independently.
根據實施例,伺服器認證方法適用於包括一網路伺服模組與一認證伺服模組的認證系統,方法步驟包括由網路伺服模組接收自終端對伺服器端的存取,包括登入、任何存取行為的訊息,以進行一存取程序;接著,認證伺服模組將取得由存取訊息所擷取的認證資料,以產生傳送至對應該存取訊息的行動通訊裝置的一認證訊息,特別係以推播型式的方式經網路傳送。According to an embodiment, the server authentication method is applicable to an authentication system including a network servo module and an authentication servo module, and the method steps include receiving, by the network servo module, access from the terminal to the server end, including login, any Accessing the behavior message to perform an access procedure; then, the authentication server module will obtain the authentication data retrieved by the access message to generate an authentication message transmitted to the mobile communication device corresponding to the message. In particular, it is transmitted over the network in a push-type manner.
傳送認證訊息至行動通訊裝置後,認證伺服模組接收自行動通訊裝置產生的一驗證碼,驗證碼係根據認證訊息以及載於行動通訊裝置內的個人化資訊所產生。After transmitting the authentication message to the mobile communication device, the authentication servo module receives a verification code generated by the mobile communication device, and the verification code is generated according to the authentication message and the personalized information contained in the mobile communication device.
之後,經認證伺服模組對網路伺服模組確認驗證碼後,則能完成對應存取程序的認證程序。After the verified servo module confirms the verification code to the network servo module, the authentication procedure corresponding to the access program can be completed.
前述驗證碼係依據該次存取程序中的資訊所產生,產生驗證碼的步驟為於行動通訊裝置接收來自認證伺服模組所傳送的認證訊息後,載於行動通訊裝置內的一軟體程式 解析認證訊息內容,以判斷認證訊息所載內容所符合的一樣板,之後根據所判斷的樣板,軟體程式可以順利擷取當中的資訊,作為產生驗證碼的依據。The verification code is generated according to the information in the access procedure, and the step of generating the verification code is a software program carried in the mobile communication device after the mobile communication device receives the authentication message transmitted from the authentication servo module. The content of the authentication message is parsed to determine the same board as the content of the authentication message, and then the software program can smoothly retrieve the information according to the model that is judged, as the basis for generating the verification code.
根據認證方法的另一實施例,登入程序開始時,由使用者透過電腦裝置欲登入一伺服器,比如為認證系統中的網路伺服模組,此網路伺服模組負責處理第一身份認證程序,比如透過網頁登入介面所填入的使用者帳號與密碼。之後,經網路伺服模組接收使用者於電腦裝置之登入認證資料後,此網路伺服模組再傳遞登入認證資料至處理第二身份認證程序的認證伺服模組。According to another embodiment of the authentication method, when the login program starts, the user wants to log in to a server through the computer device, such as a network servo module in the authentication system, and the network servo module is responsible for processing the first identity authentication. Programs, such as user accounts and passwords entered through the web login interface. After receiving the login authentication data of the user on the computer device via the network servo module, the network servo module transmits the login authentication data to the authentication server module for processing the second identity authentication program.
此時,認證伺服模組將產生一認證資訊通知(notification),並傳遞至使用者所持有的行動通訊裝置,當行動通訊裝置接收認證資訊通知後,即取出其中所預載的種值(seed),經運算產生驗證碼,之後系統中網路伺服模組與認證伺服模組將依據驗證碼,確認是否讓使用者以電腦裝置登入網路伺服模組。At this time, the authentication servo module will generate an authentication information notification (notification) and transmit it to the mobile communication device held by the user. When the mobile communication device receives the authentication information notification, the pre-loaded seed value is taken out ( Seed), the verification code is generated by the operation, and then the network servo module and the authentication servo module in the system will confirm whether to allow the user to log in to the network servo module by using the computer device according to the verification code.
根據實施例,前述用以產生驗證密碼的初始種值為方法執行之間由認證伺服模組取得使用者所提供個人化資訊所產生的個人化種值,因為使用者之間所持有的裝置與所提供的資料都會有差異,因此藉此產生的種值也都為專屬的資訊。此處,個人化資訊如行動通訊裝置之硬體資訊、使用者提供之資料,或者可以行動通訊裝置之一近場通訊電路之通訊資訊作為個人化資訊。之後,所產生的種值將傳遞至行動通訊裝置,以儲存在記憶體中。According to an embodiment, the initial seed value used to generate the verification password is a personalized value generated by the authentication server module to obtain personalized information provided by the user between the execution of the method, because the device held between the users There will be differences from the information provided, so the resulting values are also proprietary information. Here, personalized information such as hardware information of the mobile communication device, information provided by the user, or communication information of the near field communication circuit of the mobile communication device can be used as personalized information. The resulting seed value is then passed to the mobile communication device for storage in memory.
根據再一實施例中,當行動通訊裝置根據種值產生驗證碼後,使用者可以將此驗證碼填入原本欲登入網路伺服 模組的介面上,經網路伺服模組與認證伺服模組確認身份後,能完成登入程序。在另一實施例中,當行動通訊裝置根據種值產生驗證碼後,可以直接傳送到認證伺服模組,由認證伺服模組與網路伺服模組根據驗證碼確認使用者身份,以完成登入程序。According to still another embodiment, after the mobile communication device generates the verification code according to the seed value, the user can fill in the verification code to log in to the network servo. After the network server module and the authentication servo module confirm the identity on the interface of the module, the login procedure can be completed. In another embodiment, when the mobile communication device generates the verification code according to the seed value, it can be directly transmitted to the authentication servo module, and the authentication servo module and the network servo module confirm the user identity according to the verification code to complete the login. program.
根據實施例所載的範例,若行動通訊裝置支援近場通訊(near-field communication,NFC),前述所提供的個人化資訊可以為此近場通訊電路的通訊資訊。當行動通訊裝置接收到前述由認證伺服模組所傳送的認證資訊通知時,即可利用行動通訊裝置內之近場通訊電路之通訊資訊開啟種值,以運算產生驗證碼。比如,使用者手持一近場通訊的近場認證載具,經近距離連線行動通訊裝置後,所產生的近場通訊資訊將用以取得授權而開啟其中所預載的種值。According to the example set forth in the embodiment, if the mobile communication device supports near-field communication (NFC), the personalized information provided above may be the communication information of the near field communication circuit. When the mobile communication device receives the authentication information notification sent by the authentication servo module, the communication information of the near field communication circuit in the mobile communication device can be used to open the seed value to calculate the verification code. For example, if the user holds a near field authentication vehicle for near field communication, the near field communication information generated by the proximity communication device will be used to obtain authorization and open the preloaded value.
前述伺服器登入之身份認證系統在一實施例中主要包括有設於不同兩個伺服器,或是在一個系統內的網路伺服模組與認證伺服模組。網路伺服模組透過網路接收一或多個使用者透過電腦裝置執行第一身份認證程序,比如是使用者透過網頁登入伺服器的方式;認證伺服模組將執行第二身份認證程序,於接收使用者的認證請求時,產生對各使用者所持有之行動通訊裝置傳遞之通知,可以直接取得由使用者端的行動通訊裝置產生的驗證碼,以進行身份認證;或可透過網路伺服模組接收由行動通訊裝置產生之驗證碼,再確認使用者之身份。In the embodiment, the identity authentication system of the server login system mainly includes a network servo module and an authentication servo module which are disposed on two different servers or in one system. The network servo module receives one or more users through the network to perform a first identity authentication process, such as a way for a user to log in to the server through a webpage; the authentication servo module performs a second identity authentication procedure. When receiving the authentication request of the user, a notification is transmitted to the mobile communication device held by each user, and the verification code generated by the mobile communication device of the user end can be directly obtained for identity authentication; or the network servo can be obtained. The module receives the verification code generated by the mobile communication device and confirms the identity of the user.
本發明更提供一種電腦可讀取媒體,其中所載之程式集係執行於前述行動通訊裝置內,用以執行伺服器登入之身份認證,程式集包括有連線設於身份認證系統中之認證 伺服模組之程式指令、接收認證伺服模組所產生的認證資訊通知之程式指令、執行近場通訊程序之程式指令、取得記載於行動通訊裝置內一種值之程式指令、依據種值產生驗證碼之程式指令、顯示驗證碼之程式指令,以及傳送驗證碼至認證伺服模組之程式指令。The invention further provides a computer readable medium, wherein the program set is executed in the foregoing mobile communication device for performing identity authentication of the server login, and the program set includes the authentication provided in the identity authentication system. The program command of the servo module, the program command for receiving the authentication information notification generated by the authentication servo module, the program command for executing the near field communication program, the program command for obtaining a value recorded in the mobile communication device, and the verification code according to the seed value The program instructions, the program instructions for displaying the verification code, and the program instructions for transmitting the verification code to the authentication servo module.
本發明提出的認證系統可用於登入特定伺服器的認證需求,亦可應用在任何處理透過網路存取的認證需要,比如網路交易、網路銀行等,當使用者完成存取程序後,認證系統將提供一安全又節省成本的認證機制。The authentication system proposed by the present invention can be used to log in the authentication requirements of a specific server, and can also be applied to any authentication requirements for processing access through the network, such as online transactions, online banking, etc., when the user completes the access procedure, The certification system will provide a secure and cost-effective authentication mechanism.
伺服器認證系統提供一認證伺服器,在一實施例中,認證伺服器提供一個第三方認證機制,取代原本由使用者直接登入的一網路伺服器(如遊戲伺服器、網路銀行)認證機制(此可稱為第一身份認證程序),即透過此認證伺服器負責認證進入網路伺服器的使用者身份(此為輔助第一身份認證程序的第二身份認證程序),之後認證伺服器將認證結果提供給網路伺服器作為登入成功與否的依據。The server authentication system provides an authentication server. In an embodiment, the authentication server provides a third-party authentication mechanism to replace a network server (such as a game server or online banking) that is directly logged in by the user. Mechanism (this can be called the first identity authentication procedure), that is, through the authentication server, it is responsible for authenticating the identity of the user entering the network server (this is the second identity authentication program that assists the first identity authentication program), and then authenticating the server. The server provides the authentication result to the web server as the basis for the success of the login.
根據本發明實施例之一,伺服器認證系統特別應用了使用者所持有的行動通訊裝置作為認證的手段之一,此行動通訊裝置至少具有網路連線,或於一實施例中更設有近場通訊(NFC)的相關電路模組。其中,利用網路連線取得與認證伺服器的連線,並傳遞相關認證檔案,而近場通訊係用以與使用者端的電腦系統作近場通訊連線,透過此方式確認登入網路伺服器的使用者確實為電腦的使用者。According to one of the embodiments of the present invention, the server authentication system specifically uses the mobile communication device held by the user as one of the means for authentication, and the mobile communication device has at least a network connection, or is further configured in an embodiment. There are related circuit modules for Near Field Communication (NFC). Among them, the network connection is used to obtain the connection with the authentication server, and the relevant authentication file is transmitted, and the near field communication system is used for the near field communication connection with the computer system of the user end, and the login network servo is confirmed by this method. The user of the device is indeed the user of the computer.
實施例可參閱圖2所示本發明伺服器認證之網路架構 示意圖之一。For an embodiment, refer to the network architecture of the server authentication of the present invention shown in FIG. 2. One of the schematics.
此例圖示包括有使用者端的使用者電腦201,此電腦201的型式並不限於圖中所示,可為任何允許登入特定網路伺服器203的電腦裝置。使用者更須有一行動通訊裝置202,為執行本發明實施例所示認證方法之必要手段,可為具有通訊功能的智慧型手機、平板電腦,或是其他具有通訊功能的電子裝置。This example shows a user computer 201 including a user terminal. The type of the computer 201 is not limited to that shown in the drawing, and can be any computer device that allows login to a specific network server 203. The user must have a mobile communication device 202, which is a necessary means for performing the authentication method shown in the embodiment of the present invention, and can be a smart phone, a tablet computer, or other electronic device having a communication function.
圖中顯示有認證系統20,其主要包括了網路伺服器203與認證伺服器204,其中網路伺服器203可為提供使用者登入服務的伺服器,比如遊戲伺服器、網路銀行的伺服器、企業伺服器,或是其他特別需要安全認證的伺服器,由於使用者在當中所存取的資料有安全上的需求,因此可應用本發明所提供的伺服器認證方法與系統。The figure shows an authentication system 20, which mainly includes a network server 203 and an authentication server 204. The network server 203 can be a server that provides a user login service, such as a game server or an online banking server. The server, the enterprise server, or other servers that require security authentication in particular, the server authentication method and system provided by the present invention can be applied because the data accessed by the user has security requirements.
與網路伺服器連結的有一認證伺服器204,此認證伺服器204主要提供使用者於登入網路伺服器203時,除了一般登入畫面所提供的第一身份認證程序外,更提供了雙重認證的第二身份認證程序。An authentication server 204 is connected to the network server. The authentication server 204 mainly provides the user with two-factor authentication in addition to the first identity authentication program provided by the general login screen when logging in to the network server 203. The second identity authentication program.
根據發明實施例,認證伺服器204可以為第三方所提供認證用、獨立運作的伺服器,因此可以以類似的認證機制同時服務多個前端的網路伺服器203。According to the embodiment of the invention, the authentication server 204 can provide an authentication, independent operation server for the third party, so that the network server 203 of the plurality of front ends can be simultaneously served by a similar authentication mechanism.
在另一實施例中,網路伺服器203與認證伺服器204除了可為兩個分別設於不同位置的兩個伺服器外,更可為設於同一系統(20)內的兩個伺服模組,比如用軟體或硬體實現的網路伺服模組與認證伺服模組,兩個伺服模組分別處理不同的工作。網路伺服模組可透過網路接收一或多個使用者透過電腦裝置(如使用者電腦201)執行第一身份 認證程序,如網頁所提供的帳號、密碼或是相關認證技術的登入畫面;認證伺服模組執行第二身份認證程序,當接收使用者的認證請求時,將產生對各使用者所持有之一行動通訊裝置傳遞之通知,如行動裝置的推播技術(notification),並直接或透過網路伺服模組接收由行動通訊裝置202產生之驗證碼,用以確認使用者身份。此處採用的驗證碼可為多種型式的驗證碼,比如一次式密碼(one-time password,OTP)。In another embodiment, the network server 203 and the authentication server 204 may be two servos respectively disposed in different positions, and may be two servo modules disposed in the same system (20). Groups, such as network servo modules and authentication servo modules implemented by software or hardware, and two servo modules handle different jobs. The network servo module can receive one or more users through the network to perform the first identity through the computer device (such as the user computer 201) The authentication program, such as the account number, password or login screen of the relevant authentication technology provided by the webpage; the authentication servo module executes the second identity authentication procedure, and when receiving the authentication request of the user, it will be generated for each user. A notification transmitted by the mobile communication device, such as a notification of the mobile device, and the verification code generated by the mobile communication device 202 is received directly or through the network servo module to confirm the identity of the user. The verification code used here can be a plurality of types of verification codes, such as one-time password (OTP).
再者,本發明所提出的認證方法並非僅限於登入特定伺服器時的登入資料,比如身份認證的資料,而是可應用於執行特定存取程序,比如前述網路伺服器203提供網路購物,當使用者執行網路交易時,也會傳輸一些必要個人資訊,這些資訊將經網路伺服器203轉送(或以某種型態的數據)給認證伺服器204,由認證伺服器204對使用者的行動通訊裝置202傳送認證訊息,接著利用裝置202產生的驗證碼(例如一次式密碼)確認該次交易是由該使用者執行。Furthermore, the authentication method proposed by the present invention is not limited to login information when logging in to a specific server, such as identity authentication data, but can be applied to execute a specific access procedure, such as the aforementioned web server 203 providing online shopping. When the user performs the online transaction, some necessary personal information is also transmitted, and the information is forwarded (or with some type of data) to the authentication server 204 via the web server 203, and the authentication server 204 is The user's mobile communication device 202 transmits an authentication message, and then uses the verification code (e.g., a one-time password) generated by the device 202 to confirm that the transaction was performed by the user.
再如網路銀行的應用上,前述網路伺服器203可為特定銀行提供的虛擬銀行的伺服器,當使用者欲於其中執行金融交易、信用卡、金融商品等存取服務時,亦可採用本發明提供的認證方法,由認證伺服器204對行動通訊裝置202執行驗證碼認證,認證成功表示經過交換的驗證碼所載資訊為正確,也就能順利完成此次網路銀行的操作。For example, in the application of the online banking, the network server 203 can be a virtual banking server provided by a specific bank, and can also be used when the user wants to perform an access service such as a financial transaction, a credit card, or a financial product. According to the authentication method provided by the present invention, the authentication server 204 performs verification code authentication on the mobile communication device 202, and the authentication success indicates that the information contained in the exchanged verification code is correct, and the operation of the online banking can be successfully completed.
再一實施例可參閱圖3所示本發明伺服器認證之系統架構示意圖。此例係於使用者端設有行動通訊裝置30,透過網路3與網路伺服器301、認證伺服器303建立連線。For another embodiment, reference may be made to the system architecture of the server authentication of the present invention shown in FIG. In this example, the mobile communication device 30 is provided on the user side, and the network server 3 and the authentication server 303 are connected through the network 3.
此例說明使用者端可僅設有可以接收前述推播訊息的行動通訊裝置30,透過此行動通訊裝置30所載的軟體(如APP或是套裝軟體)根據推播的訊息產生驗證碼,而驗證碼的產生方式可應用如圖4所載初始流程產生的種值(seed)配合蓋次交易資訊所產生;或是根據該次交易資訊、個人資訊與初始流程註冊的內容經一演算法所產生,主要是藉此動態產生的驗證碼確認該次交易為正確使用者執行。In this example, the user terminal can only provide the mobile communication device 30 that can receive the push message, and the software (such as the APP or the software package) carried by the mobile communication device 30 generates a verification code according to the pushed message. The verification code can be generated by using the seed generated by the initial process as shown in Figure 4 to generate the transaction information, or the content of the transaction information, personal information and initial process registration. This is generated mainly by using the dynamically generated verification code to confirm that the transaction is executed by the correct user.
舉例來說,使用者使用行動通訊裝置30連線網路伺服器301,以登入伺服器為例,使用者可以透過特定軟體介面執行登入,網路伺服器301接收到相關登入資訊,會轉送到認證伺服器303,認證伺服器303中載有該使用者的註冊資訊,比如一些基本資料、行動通訊裝置30的資料(如電話號碼、國際移動設備識別碼(International Mobile,Equipment Identity,IMEI)等)。For example, the user uses the mobile communication device 30 to connect to the network server 301 to log in to the server. The user can perform login through a specific software interface, and the network server 301 receives the relevant login information and forwards it to the server. The authentication server 303, the authentication server 303 carries registration information of the user, such as some basic data, information of the mobile communication device 30 (such as a phone number, International Mobile Equipment Identity (IMEI), etc.) ).
認證伺服器303接著根據註冊資訊(資料庫)傳送推播至使用者所登記的行動通訊裝置30上,由行動通訊裝置30產生驗證碼,使用者在以此驗證碼繼續完成之前登入的程序。當驗證碼產生時,使用者可以繼續透過登入介面填入驗證碼,或是直接回傳給認證伺服器303,由認證伺服器303確認該次存取程序,也就是讓網路伺服器301得到認證成功的通知,而允許使用者完成登入。The authentication server 303 then transmits the verification message to the mobile communication device 30 registered by the user according to the registration information (database), and the verification code is generated by the mobile communication device 30, and the user continues to complete the previously logged in program with this verification code. When the verification code is generated, the user can continue to fill in the verification code through the login interface, or directly return it to the authentication server 303, and the authentication server 303 confirms the access procedure, that is, the network server 301 obtains A successful notification of the authentication, allowing the user to complete the login.
前述由行動通訊裝置產生驗證碼的程序的前提為預先在認證伺服器註冊使用者資料,認證伺服器將根據註冊資料(如個人基本資料、驗證資料、裝置資訊等個人化資訊)產生一個日後作為產生驗證碼的種值(seed),可參閱圖4所示流程描述本發明認證系統採用種值之產生步驟實施 例。The premise of the above procedure for generating a verification code by the mobile communication device is that the user data is registered in advance on the authentication server, and the authentication server will generate a future based on the registration data (such as personal basic data, verification data, device information, etc.). The seed value of the verification code is generated, and the process of generating the value of the authentication system of the present invention can be implemented by referring to the process shown in FIG. example.
使用者在使用本發明所提供的身份認證機制前,應先成為一註冊使用者,使用者較佳地可以先在個人的行動通訊裝置安裝一執行此認證方法的軟體程式,如手機的的應用程式(APP),此軟體程式將直接對應到相關的認證伺服器,或是特定伺服器內的認證伺服模組。使用者一開始即可透過此軟體程式註冊一組認證資料,比如使用者帳號或密碼,亦不排除其他的登入認證的可能。Before using the identity authentication mechanism provided by the present invention, the user should first become a registered user. The user preferably installs a software program that executes the authentication method, such as a mobile phone application, on the personal mobile communication device. Program (APP), this software program will directly correspond to the relevant authentication server, or the authentication server module in a specific server. Users can register a set of authentication materials, such as user accounts or passwords, from the beginning, and do not exclude other login authentication possibilities.
註冊時,相關的認證伺服器將要求使用者傳送個人化資訊,比如使用者所使用的行動通訊裝置的硬體資訊,如硬體的編號、網路硬體資訊等,更可為行動通訊裝置所支援的近場通訊(NFC)電路的通訊資料;個人化資訊也不排除其他使用者所提供的資訊,比如使用者設定的一組認證碼(pin code),這些個人化資訊之一或是組合都可成為產生一種值(seed)的資料來源。At the time of registration, the relevant authentication server will require the user to transmit personalized information, such as hardware information of the mobile communication device used by the user, such as hardware number, network hardware information, etc., and may also be a mobile communication device. The communication data of the supported near field communication (NFC) circuit; the personalized information does not exclude the information provided by other users, such as a set of pin code set by the user, one of these personalized information or Combinations can be a source of information that produces a seed.
經認證伺服器取得個人化資訊後(步驟S401),將執行一種值產生程序(步驟S403),比如透過程式執行一種值的產生運算式,此類方法為本發明所屬技術領域的人可以獲知,且並不限於特定方式,主要是由系統端所提供,目的是能根據個人化資訊計算產生個人化的種值,讓每個使用者都能夠獲得專屬而特別的種值(步驟S405)。After the authentication server obtains the personalized information (step S401), a value generating program (step S403) is executed, for example, a value generating expression is executed by the program, and such a method is known to those skilled in the art to which the present invention pertains. It is not limited to a specific method, and is mainly provided by the system side, and the purpose is to generate a personalized value based on the personalized information calculation, so that each user can obtain a unique and special seed value (step S405).
值得一提的是,此處種值的產生所引入的參數為個人化資訊,其中所使用的參數組合可以為使用者自行輸入的認證碼加上近場通訊的資訊,或是認證碼加上行動通訊裝置的硬體資訊,或是行動通訊裝置的硬體資訊加上近場通訊的資訊等。此處所提出的近場通訊的資訊可為行動通訊 裝置中的近場通訊模組與另一外部近場認證載具結合後產生的資訊。之後,這些產生種值的參數也可作為取出種值的必要資訊。It is worth mentioning that the parameters introduced by the generation of the values here are personalized information, wherein the combination of parameters used can be the user-entered authentication code plus the near field communication information, or the authentication code plus The hardware information of the mobile communication device, or the hardware information of the mobile communication device plus the information of the near field communication. The information on the near field communication proposed here can be mobile communication. Information generated by the combination of the near field communication module in the device and another external near field authentication vehicle. These parameters that produce seed values can then be used as information necessary to extract the seed values.
藉此初始註冊程序所產生的種值將可傳遞至對應之行動通訊裝置(步驟S407),並儲存種值在行動通訊裝置中的記憶體中(步驟S409)。此種值因涉及個人的身份認證資訊,應被有效保護,比如加密。因此,前述使用者所提供的個人化資訊可用以解密此種值,比如,在開啟種值前應輸入所設定的認證碼,或是利用一近場認證載具(如NFC卡、dongle)接近此行動通訊裝置,經成功連線後,可以根據所交換的通訊資訊將種值解密取得出。比如使用者手持近場認證載具接近預先設定配對好的行動通訊裝置,於一短距離內以近場通訊技術交換了通訊資訊,可以根據所交換的通訊資訊確認是否為預設的資訊,以確認可以執行種值解密的程序。The seed value generated by the initial registration procedure can be transmitted to the corresponding mobile communication device (step S407), and the seed value is stored in the memory in the mobile communication device (step S409). Such values should be effectively protected, such as encryption, as they relate to personal identity authentication information. Therefore, the personalized information provided by the user can be used to decrypt such a value. For example, the authentication code should be input before the seed value is turned on, or it can be approximated by a near field authentication vehicle (such as NFC card, dongle). After successfully connecting, the mobile communication device can decrypt the seed value according to the exchanged communication information. For example, the user holds the near-field authentication vehicle close to the pre-set paired mobile communication device, exchanges the communication information with the near field communication technology within a short distance, and can confirm whether it is the preset information according to the exchanged communication information, to confirm A program that can perform seed value decryption.
圖5接著顯示本發明伺服器認證方法之流程圖之一,此例中,流程涵蓋了行動通訊裝置51、使用者電腦52、網路伺服器53與認證伺服器54之間的程序。5 is a flow chart showing the server authentication method of the present invention. In this example, the flow covers the program between the mobile communication device 51, the user computer 52, the network server 53, and the authentication server 54.
步驟一開始,如步驟501所示,使用者電腦52根據使用者的操作登入網路伺服器53,目的是進行一登入程序,以此第一身份認證程序的登入過程中,會填入相關身份認證的資訊,比如使用者帳號、密碼,或是其他可以辨識使用者身份的資訊,亦不排除其他可能利用生物辨識技術的方式。At the beginning of the step, as shown in step 501, the user computer 52 logs into the web server 53 according to the user's operation, and the purpose is to perform a login procedure, so that the login process of the first identity authentication program is filled in with the relevant identity. Certified information, such as user accounts, passwords, or other information that identifies the user, does not exclude other ways in which biometrics may be used.
經網路伺服器53取得使用者的認證資料後,這些資料 可傳遞至認證伺服器54,如步驟502,由認證伺服器54確認該次登入者的身份。此時,網路伺服器53的狀態是等待由認證伺服器54的第二身份認證程序的結果,以確認登入權限。After obtaining the user's authentication data via the web server 53, the data Passed to the authentication server 54, as in step 502, the identity of the secondary registrant is confirmed by the authentication server 54. At this time, the state of the network server 53 is the result of waiting for the second identity authentication program by the authentication server 54 to confirm the login authority.
接著,認證伺服器54將執行第二身份認證程序,產生如推播至使用者端行動通訊裝置51的通知(notification),如步驟503所示,由認證伺服器54傳遞認證訊息至行動通訊裝置51。此處所描述的推播訊息的方式一般會透過特定系統業者的服務器轉發,服務器會針對系統提供的推播的對象(如手機號碼)將訊息發送出去。Next, the authentication server 54 will execute the second identity authentication procedure to generate a notification such as push to the user-side mobile communication device 51. As shown in step 503, the authentication server 54 transmits the authentication message to the mobile communication device. 51. The method of pushing a message described here is generally forwarded by a server of a specific system operator, and the server sends a message to the object (such as a mobile phone number) provided by the system.
經行動通訊裝置51接收此通知後,使用者將可操作行動通訊裝置51產生驗證碼,驗證碼係依據該次登入程序中的資訊所產生,如步驟504,提供給使用者電腦52使用。其中的驗證碼係由行動通訊裝置51根據一預載的種值(seed)以及對應該次登入程序的資訊運算所產生,種值產生的方式可參考圖4的流程。而種值的取出可能如前述的實施例,包括由使用者填入認證碼(pin code)解密種值,或是利用近場通訊電路完成通訊號執行解密,目的是為了要使用者本身才能取得種值。After receiving the notification by the mobile communication device 51, the user will operate the mobile communication device 51 to generate a verification code generated according to the information in the login program. In step 504, the user is provided to the user computer 52 for use. The verification code is generated by the mobile communication device 51 according to a preloaded seed value and an information operation corresponding to the secondary login program. The manner in which the seed value is generated can be referred to the flow of FIG. The extraction of the seed value may be as in the foregoing embodiment, including the user filling in the pin code to decrypt the seed value, or using the near field communication circuit to complete the communication number to perform the decryption, in order to obtain the user itself. Kind of value.
之後,根據如步驟505所示的實施例,使用者利用顯示於行動通訊裝置51上的驗證碼登入網路伺服器53,比如開啟一個視窗要求在一有限時間內填入驗證碼。由於認證伺服器54已經在使用者註冊或初始化時載有此種值的資訊,可參閱圖4的流程,因此認證伺服器54可以對此時產生的驗證碼作確認,如步驟506,由網路伺服器53取得後,將遞送至認證伺服器54確認使用者輸入的驗證碼。Thereafter, according to the embodiment shown in step 505, the user logs into the web server 53 using the verification code displayed on the mobile communication device 51, such as opening a window requesting that the verification code be filled in for a limited time. Since the authentication server 54 has already loaded the information of such a value when the user registers or initializes, refer to the flow of FIG. 4, so the authentication server 54 can confirm the verification code generated at this time, as in step 506, the network After the route server 53 is obtained, it is delivered to the authentication server 54 to confirm the verification code input by the user.
經認證伺服器54確認後,如步驟507,將確認資訊傳送給網路伺服器53,並由網路伺服器53通知使用者登入成功,如步驟508。After being confirmed by the authentication server 54, as shown in step 507, the confirmation information is transmitted to the network server 53, and the network server 53 notifies the user that the login is successful, as in step 508.
若以另一實施例為例,前述行動通訊裝置51所產生的驗證碼將會被傳遞至認證伺服器54,由認證伺服器54對網路伺服器53確認驗證碼後,網路伺服器45將允許使用者以使用者電腦52完成該次登入程序。If another embodiment is taken as an example, the verification code generated by the mobile communication device 51 will be transmitted to the authentication server 54, and after the authentication server 54 confirms the verification code to the network server 53, the network server 45 The user will be allowed to complete the login procedure with the user computer 52.
圖6顯示本發明伺服器認證方法之流程圖之二,此例同樣透過於行動通訊裝置51、使用者電腦52、網路伺服器53以及認證伺服器54之間的認證訊息往來達成身份認證的目的。6 shows a second flowchart of the server authentication method of the present invention. This example also achieves identity authentication through authentication messages between the mobile communication device 51, the user computer 52, the network server 53, and the authentication server 54. purpose.
其中步驟601、602、603同樣有使用者透過使用者電腦52登入網路伺服器53,相關認證資訊將由網路伺服器53傳遞至認證伺服器54,並由認證伺服器54產生一個如推播的訊息至行動通訊裝置51。In the steps 601, 602, and 603, the user also logs in to the network server 53 through the user computer 52, and the related authentication information is transmitted from the network server 53 to the authentication server 54, and the authentication server 54 generates a push broadcast. The message to the mobile communication device 51.
接著,行動通訊裝置51將取出其中所載的種值,必要時應執行如前述圖5所述流程中的解碼步驟以取得經加密保護的種值,種值之目的為經運算產生驗證碼。此例特別的是,由行動通訊裝置51產生的驗證碼將直接傳遞到認證伺服器54,如步驟604,而非如圖5需要填入網路伺服器53提供的登入畫面。Next, the mobile communication device 51 will take out the seed value contained therein, and if necessary, perform a decoding step in the flow as described above with reference to FIG. 5 to obtain an encrypted protected seed value, the purpose of which is to generate a verification code by operation. In this case, in particular, the verification code generated by the mobile communication device 51 will be passed directly to the authentication server 54, as in step 604, instead of filling in the login screen provided by the network server 53 as shown in FIG.
此驗證碼在傳輸的過程中可以以字串或編碼過的碼進行傳輸,由於使用者在使用本發明方法之前經註冊已經在認證伺服器54記載了種值或是相關認證資訊,因此在此認證伺服器54可以直接認證自行動通訊裝置51接收的驗證 碼,經確認後,如步驟605,由認證伺服器54確認使用者身份,並再與網路伺服器53確認認證資料。再如步驟606,由網路伺服器53通知使用者端登入成功。The verification code can be transmitted in a string or encoded code during transmission. Since the user has registered the value or related authentication information on the authentication server 54 after registration using the method of the present invention, The authentication server 54 can directly authenticate the verification received from the mobile communication device 51. After the code is confirmed, in step 605, the authentication server 54 confirms the identity of the user, and then confirms the authentication data with the network server 53. In step 606, the network server 53 notifies the user that the login is successful.
此例中,認證伺服器54直接認證由行動通訊裝置51產生的驗證碼,因此無須在行動通訊裝置51的顯示器上顯示此密碼,也無須由使用者填入登入畫面,因此可以避免額外可能產生的錯誤與困擾。In this example, the authentication server 54 directly authenticates the verification code generated by the mobile communication device 51, so that it is not necessary to display the password on the display of the mobile communication device 51, and the user does not need to fill in the login screen, thereby avoiding additional possibility. The mistakes and troubles.
圖7顯示之流程為本發明伺服器認證方法實施例,特別是設計於行動通訊裝置71、網路伺服模組72與認證伺服模組73之間的認證流程。The flow shown in FIG. 7 is an embodiment of the server authentication method of the present invention, in particular, an authentication process designed between the mobile communication device 71, the network servo module 72, and the authentication servo module 73.
此例顯示為行動通訊裝置71與網路伺服模組72、認證伺服模組73執行的認證程序,其中網路伺服模組72與認證伺服模組73可為一個伺服主機內的兩個模組,或是分別設於不同伺服主機的兩個伺服程式,網路伺服模組72與認證伺服模組73之間可以網路或是任何數據傳輸的模式連線。This example shows the authentication procedure executed by the mobile communication device 71 and the network servo module 72 and the authentication servo module 73. The network servo module 72 and the authentication servo module 73 can be two modules in one servo host. Or two servo programs respectively set on different servo hosts, and the network servo module 72 and the authentication servo module 73 can be connected in a network or any data transmission mode.
當使用者使用行動通訊裝置71欲存取網路伺服模組72所提供內容時,如步驟701,對網路伺服模組72發出存取訊息,此存取訊息之目的係欲進行一存取程序,存取訊息包括使用者透過行動通訊裝置71執行特定存取服務的訊息,比如使用者帳號、密碼、伺服器資料、網路服務內容等,存取程序的行為如登入特定網站、執行交易等。網路伺服模組72因此會根據存取訊息擷取出認證資料,比如為使用者透過行動通訊裝置71所傳送的認證資料(如帳號、密碼),接著將這些認證資料傳遞給認證伺服模組73,如步驟702,由認證伺服模組73根據這些資料比對得到對應的使 用者資料,包括行動通訊裝置71的通訊資訊。When the user uses the mobile communication device 71 to access the content provided by the network servo module 72, in step 701, an access message is sent to the network servo module 72, and the purpose of the access message is to perform an access. The program, the access message includes a message that the user performs a specific access service through the mobile communication device 71, such as a user account, a password, a server profile, a web service content, etc., and the behavior of the access program is such as logging in to a specific website and executing a transaction. Wait. The network server module 72 will then retrieve the authentication data according to the access message, such as authentication data (such as an account number and password) transmitted by the user through the mobile communication device 71, and then transmit the authentication data to the authentication server module 73. In step 702, the authentication servo module 73 obtains corresponding correspondence according to the data comparison. User information, including communication information of the mobile communication device 71.
再如步驟703,由認證伺服模組73產生對應來源(行動通訊裝置71與使用者)的認證訊息,並傳送至行動通訊裝置71,此傳送方式特別可以推播的方式經由網路傳送。當行動通訊裝置71接收到認證伺服模組73傳送的認證訊息,這些訊息當對應到程序最初所要存取的資訊,由行動通訊裝置71所載的軟體程式接收,並據以產生一驗證碼,驗證碼的產生除了根據認證伺服模組73所傳送的訊息而產生之外,更可依據如圖4經初始化產生的種值配合本次存取程序中的認證訊息(如時間、網路位址)以一演算法產生。In step 703, the authentication server 63 generates an authentication message corresponding to the source (the mobile communication device 71 and the user), and transmits the authentication message to the mobile communication device 71. The transmission mode can be transmitted via the network in a particularly pushable manner. When the mobile communication device 71 receives the authentication message transmitted by the authentication server module 73, the message is received by the software program carried by the mobile communication device 71 corresponding to the information originally accessed by the program, and a verification code is generated accordingly. The generation of the verification code is generated in addition to the message transmitted by the authentication server module 73, and the authentication value (such as time and network address) in the access program can be matched according to the value generated by the initialization as shown in FIG. ) is generated by an algorithm.
接著,行動通訊裝置71傳遞驗證碼至認證伺服模組73,如步驟704,由認證伺服模組73進行比對,也就是認證伺服模組73能夠具有如同行動通訊裝置71產生驗證碼的所需資訊,包括產生的演算方式,因此可以判斷當次驗證碼是否正確,將確認驗證碼之資訊傳送給網路伺服模組72,如步驟705,經確認驗證碼後完成對應前述存取訊息的認證程序,以確認本次存取程序為經授權的使用者進行,再由網路伺服模組72通知行動通訊裝置71允許存取(步驟706)。經認證伺服模組73對網路伺服模組72確認驗證碼後,完成對應該次存取程序的認證程序。Next, the mobile communication device 71 transmits the verification code to the authentication servo module 73. In step 704, the authentication is performed by the authentication servo module 73, that is, the authentication servo module 73 can have the same requirement as the mobile communication device 71 generates the verification code. The information includes the generated calculation method, so that it can be judged whether the verification code is correct, and the information of the confirmation verification code is transmitted to the network servo module 72. In step 705, after the verification code is confirmed, the authentication corresponding to the access message is completed. The program confirms that the access procedure is performed by an authorized user, and then the network servo module 72 notifies the mobile communication device 71 to allow access (step 706). After the authentication servo module 73 confirms the verification code to the network servo module 72, the authentication procedure corresponding to the secondary access procedure is completed.
圖8所示的功能方塊圖描述本發明伺服器認證系統之實施例,其中認證程序可同時參閱圖10所描述的主要流程。The functional block diagram shown in Figure 8 depicts an embodiment of the server authentication system of the present invention, wherein the authentication procedure can refer to the main flow depicted in Figure 10 at the same time.
其中包括一認證系統80中所包載的網路伺服模組801與認證伺服模組802,分別處理登入的請求以及第二道認證 的程序。使用者端可以電腦裝置81連線認證系統80,執行第一身份認證程序,接下來,系統將要求使用者端行動通訊裝置82產生個人化的驗證碼,以提供更為安全的認證機制。The network servo module 801 and the authentication servo module 802 included in the authentication system 80 respectively process the login request and the second authentication. program of. The user terminal can connect the authentication system 80 to the computer device 81 to execute the first identity authentication procedure. Next, the system will require the client mobile communication device 82 to generate a personalized verification code to provide a more secure authentication mechanism.
根據實施例,使用者端的電腦裝置81如一般桌上型電腦、筆記型電腦、平板電腦或其他具有上網與開啟網頁等功能的電子裝置,其中至少設有網路單元811,讓電腦裝置81透過網路連線到認證系統80的網路伺服模組801。此網路伺服模組801為提供使用者特定服務的系統端軟體模組,或是特定伺服器,比如遊戲伺服器、網路銀行伺服器等。電腦裝置81設有連線到網路伺服模組801所提供登入介面的登入介面單元813,實際實施比如為一網頁瀏覽器或是特定軟體,同時提供使用者輸入登入認證資料的輸入單元815,比如使用者可透過鍵盤、滑鼠、軟體介面、觸控顯示器等方式執行輸入。According to an embodiment, the computer device 81 of the user end is a general desktop computer, a notebook computer, a tablet computer, or other electronic device having functions such as surfing the Internet and opening a webpage, and at least a network unit 811 is provided to allow the computer device 81 to pass through. The network is connected to the network servo module 801 of the authentication system 80. The network servo module 801 is a system-side software module for providing user-specific services, or a specific server, such as a game server, an online banking server, or the like. The computer device 81 is provided with a login interface unit 813 connected to the login interface provided by the network servo module 801. The actual implementation is, for example, a web browser or a specific software, and provides an input unit 815 for the user to input the login authentication data. For example, the user can perform input through a keyboard, a mouse, a software interface, a touch display, and the like.
當使用者透過輸入單元815輸入登入認證資料,如帳號、密碼或是其他用於身份認證的資料,這些資料可經登入介面單元813傳送給網路伺服模組801。此時,可參閱圖10的步驟S901,網路伺服模組801接收使用者利用電腦裝置81產生的登入認證資料。When the user inputs the login authentication data, such as an account number, a password or other information for identity authentication, through the input unit 815, the data can be transmitted to the network servo module 801 via the login interface unit 813. At this time, referring to step S901 of FIG. 10, the network servo module 801 receives the login authentication data generated by the user using the computer device 81.
接著,經認證系統80端的處理,如步驟S903,認證伺服模組802將取得這些認證資料,比如取得使用者的身份,因此可以根據使用者的註冊資料得到欲傳送訊息的對象。根據實施例之一,本發明之相關技術領域的人可以知道,認證系統80端應設有一資料庫(未顯示於圖中),資料庫記載使用者於註冊時,或是日後更新,所登錄的認證用 的資訊,包括對應各使用者(帳號、密碼或生物識別資訊)參與認證的行動通訊裝置的硬體資訊、使用者設定的資料,或是近場通訊電路產生的通訊資訊、近場認證載具83所載的通訊資訊等,更記載了藉此產生的種值。因此,而作為身份認證的認證伺服模組802可根據網路伺服模組801取得的使用者認證資料比對資料庫,而取得其聯絡的資料,特別是註冊時所登錄的行動通訊裝置82,因此經使用者發出登入請求時,認證伺服模組802將產生一個認證資訊通知(notification),如步驟S905,再透過網路傳送此認證資訊通知,如步驟S907,特別是以推播的技術,資料傳遞至行動通訊裝置82。Then, through the processing of the authentication system 80, in step S903, the authentication servo module 802 will obtain the authentication data, for example, the identity of the user, so that the object to be transmitted can be obtained according to the registration data of the user. According to one of the embodiments, those skilled in the relevant art of the present invention may know that the authentication system 80 end should be provided with a database (not shown in the figure), and the database records that the user is registered or updated in the future, and is logged in. Certification Information, including hardware information, user-set data, or communication information generated by near-field communication circuits, or near-field authentication vehicles, for mobile communication devices that participate in authentication for each user (account, password, or biometric information) The communication information contained in 83, etc., also records the kind of value generated by this. Therefore, the authentication authentication module 802 as the identity authentication can obtain the contact information according to the user authentication data obtained by the network servo module 801, in particular, the mobile communication device 82 registered at the time of registration. Therefore, when the user sends a login request, the authentication server module 802 generates a notification of the authentication information. In step S905, the authentication information notification is transmitted through the network. In step S907, in particular, the technique of pushing the broadcast. The data is passed to the mobile communication device 82.
此例中,行動通訊裝置82具有與認證伺服模組802聯繫的通訊單元821,其中更包括有記載有種值或是裝置82運作時需要的作業系統程式、執行本發明認證方法的程式集等的記憶單元823。In this example, the mobile communication device 82 has a communication unit 821 that is connected to the authentication servo module 802, and further includes an operating system program that records the type of value or the device 82 is required to operate, and a program that executes the authentication method of the present invention. Memory unit 823.
前述認證伺服模組802透過由網路伺服模組801執行的第一身份認證程序中得知有使用者的登入請求,即透過網路傳送認證資訊通知,當行動通訊裝置82接收通知後,可以經由輸入單元831進行操作,啟動對應本發明身份認證的軟體程式,由記憶單元823取得種值,再利用驗證碼產生單元825依據種值運算得出驗證碼,如步驟S909,之後可透過顯示單元827顯示出來,或是在如圖6所示的實施例,將密碼直接傳送至認證伺服模組802而無須顯示在終端裝置上。The authentication server module 802 can notify the user of the login request through the first identity authentication program executed by the network servo module 801, that is, the authentication information notification is transmitted through the network. When the mobile communication device 82 receives the notification, the mobile communication device 82 can receive the notification. The operation unit 831 is operated to start the software program corresponding to the identity authentication of the present invention, and the memory unit 823 obtains the seed value, and then the verification code generation unit 825 calculates the verification code according to the seed value calculation, such as step S909, and then transmits the display unit. 827 is shown, or in the embodiment shown in FIG. 6, the password is transmitted directly to the authentication servo module 802 without being displayed on the terminal device.
在實施例中,種值可能被任何加密的形式保護在記憶單元823中,因此前述軟體程式可以依照設定,讓使用者 輸入認證碼將種值解密得出;或是根據前述實施例,透過行動通訊裝置82中的近場通訊單元829與一外部的近場認證載具83達成近場通訊連線,其中當近場認證載具83接近行動通訊裝置82,能啟動如近場通訊單元829的近場通訊電路,經交換近場認證載具83所載的通訊資訊而確認開啟種值,包括解密取出種值。In an embodiment, the seed value may be protected in the memory unit 823 by any encrypted form, so the aforementioned software program may be configured according to the user. The input authentication code decrypts the seed value; or according to the foregoing embodiment, the near field communication unit 829 in the mobile communication device 82 and the external near field authentication carrier 83 reach a near field communication connection, wherein when the near field is used The authentication carrier 83 is in proximity to the mobile communication device 82, and can activate a near field communication circuit such as the near field communication unit 829, and exchanges the communication information contained in the near field authentication vehicle 83 to confirm the opening of the seed value, including decrypting the seed value.
因此,經行動通訊裝置82得出驗證碼後,可以直接傳送到系統端的認證伺服模組802,或是仍透過登入畫面填入驗證碼,再經由網路伺服模組801與認證伺服模組802確認使用者身份(如步驟S911),以完成登入程序(步驟S913)。Therefore, after the verification code is obtained by the mobile communication device 82, it can be directly transmitted to the authentication servo module 802 on the system side, or the verification code can still be filled through the login screen, and then the network servo module 801 and the authentication servo module 802. The user identity is confirmed (step S911) to complete the login process (step S913).
值得一提的是,欲應用本發明所提出的身份認證技術,所應用的行動通訊裝置應載有系統提供的應用程式,如智慧型手機、平板電腦內所載的應用程式(APP),此應用程式用於取得系統端所推播的訊息、解密種值、提供輸入認證碼的介面,、根據種值產生驗證碼的程式,以及顯示或是傳遞驗證碼的通訊功能等,而應用程式可於取得推播訊息而啟動,或是在執行認證前即需要啟動。It is worth mentioning that, in order to apply the identity authentication technology proposed by the present invention, the applied mobile communication device should carry an application provided by the system, such as an application (APP) contained in a smart phone or a tablet. The application is used to obtain the information pushed by the system, decrypt the seed value, provide the interface for inputting the authentication code, the program for generating the verification code based on the value, and the communication function for displaying or transmitting the verification code. Start when you get a push message, or you need to start it before you perform authentication.
在另一實施例中,如圖9所示由行動通訊裝置91連線認證系統9所形成的認證系統。In another embodiment, an authentication system formed by the authentication system 9 is connected by the mobile communication device 91 as shown in FIG.
此例顯示使用者直接操作行動通訊裝置91存取特定網站,比如圖中顯示設於特定伺服器內的網路伺服模組901所提供的網頁伺服器。此例所設的認證系統9除了網路伺服模組901外更具有一提供本發明認證機制的認證伺服模組902。This example shows that the user directly operates the mobile communication device 91 to access a specific website, such as a web server provided by the network servo module 901 provided in a specific server. In addition to the network servo module 901, the authentication system 9 provided in this example further has an authentication server module 902 that provides the authentication mechanism of the present invention.
在行動通訊裝置91中,包括有提供鍵盤輸入、語音輸 入、觸控輸入、手勢輸入等功能的輸入單元911,透過顯示單元912顯示出與認證系統9間的互動介面,特別是執行一軟體程式執行存取程序與認證程序的畫面。記憶單元914則是用以儲存行動通訊裝置91運作時必要的作業程式、軟體程式,當裝置啟動時,處理器(未顯示於此圖)將執行由此記憶單元914取得之必要的程式。In the mobile communication device 91, including providing keyboard input and voice input The input unit 911 for functions such as input, touch input, and gesture input displays the interactive interface with the authentication system 9 through the display unit 912, and in particular, executes a software program to execute the access program and the authentication program. The memory unit 914 is used to store the operating program and software program necessary for the operation of the mobile communication device 91. When the device is started, the processor (not shown) executes the necessary program acquired by the memory unit 914.
行動通訊裝置91透過通訊單元915與認證系統9連線、傳遞資訊,包括透過網路接收推播的訊息與傳送認證相關的數據內容。介面單元916則是提供執行存取指令與顯示畫面的使用者介面,比如一個一般目的使用的網頁瀏覽器、具有特定目的程式介面。The mobile communication device 91 is connected to the authentication system 9 via the communication unit 915 to transmit information, including receiving the pushed message through the network and transmitting the data content related to the authentication. The interface unit 916 is a user interface for providing an access command and a display screen, such as a general purpose web browser and a specific purpose programming interface.
當使用者透過行動通訊裝置91經由網路伺服模組901執行某種存取目的時,可參閱圖11所示流程描述的認證步驟,開始時,如步驟S111,網路伺服模組901將接收到來自行動通訊裝置91的存取請求,並接收相關該使用者的認證資料。When the user performs some access purpose through the network communication module 901 through the mobile communication device 91, the authentication step described in the flow shown in FIG. 11 can be referred to. At the beginning, in step S111, the network servo module 901 receives the access. An access request from the mobile communication device 91 is received, and the authentication material related to the user is received.
當網路伺服模組901接收到存取請求後,相關資料會轉送到認證伺服模組902,由認證伺服模組902根據認證資料取得相關該使用者的資料,包括經登記使用的行動通訊裝置91,因此可以據此產生欲傳送的認證訊息(步驟S113),比如利用網路傳輸推播資訊,將對應該次存取程序的訊息通知行動通訊裝置91,如步驟S115。After the network server module 901 receives the access request, the related data is forwarded to the authentication server module 902, and the authentication server module 902 obtains the data related to the user according to the authentication data, including the registered mobile communication device. 91. Therefore, the authentication message to be transmitted can be generated accordingly (step S113), for example, by using the network to transmit the push information, and notifying the mobile communication device 91 of the message corresponding to the access procedure, as by step S115.
當使用者由行動通訊裝置91取得認證訊息時,可以從其中取得該次存取程序的資訊,以確保為該次存取程序的認證步驟,根據實施例,經由推播傳遞的訊息可為使用者於註冊服務時填入的使用者資訊、行動通訊裝置91的硬體 資訊、該次存取的訊息(如網路交易相關資訊、金額、時間等)等對應該次存取程序的資訊。When the user obtains the authentication message from the mobile communication device 91, the information of the access program can be obtained therefrom to ensure the authentication step of the access program. According to the embodiment, the message transmitted through the push can be used. User information filled in when registering for service, hardware of mobile communication device 91 Information, information about the access (such as information related to online transactions, amount, time, etc.), etc., information about the access procedure.
前述認證訊息可由行動通訊裝置91所載軟體程式接收,並能觸發(自動或由使用者執行)產生驗證碼,驗證碼的產生可根據初始化時的資訊與當次存取資訊所產生,如種值、時間等,這些參數係根據驗證碼產生的演算法的需要,同步在認證伺服模組902中也會產生一致的結果。接著,行動通訊裝置91將驗證碼傳送到認證伺服模組902,如步驟S117,認證伺服模組902將會驗證接收的驗證碼是否符合該次存取的驗證碼。The foregoing authentication message can be received by the software program carried by the mobile communication device 91, and can be triggered (automatically or by the user) to generate a verification code, and the verification code can be generated according to the information at the time of initialization and the current access information, such as Values, time, etc., these parameters are based on the needs of the algorithm generated by the verification code, and synchronization results in the authentication servo module 902 will also produce consistent results. Next, the mobile communication device 91 transmits the verification code to the authentication servo module 902. In step S117, the authentication servo module 902 verifies whether the received verification code conforms to the verification code of the access.
經認證伺服模組902認證成功後,將通知提供存取服務的網路伺服模組901允許使用者進行存取,包括登錄伺服器、成功交易或是確認該次訊息正確等(步驟S119)。After the authentication by the authentication server module 902 is successful, the network servo module 901 that notifies the providing access service allows the user to access, including logging in to the server, successfully transacting, or confirming that the message is correct (step S119).
上述的驗證碼產生方法可能有多種,但不排除都是根據該次存取程序中的資訊以及使用者登錄系統時所記載的各種個人化資訊所產生,因此,此類會隨著時間變動的驗證碼為該次在特定短時間內有效。其中,安裝於行動通訊裝置上的軟體程式將根據由認證伺服器或認證伺服模組所傳送的認證訊息取得其中用以產生驗證碼的資訊,這些資訊可能為時間、交易資訊、使用者資訊或是認證伺服模組提供的資訊的其中之一或是組合。The above verification code generation methods may be various, but it is not excluded that the information is generated according to the information in the access program and various personalized information recorded when the user logs in to the system. Therefore, such a variation may occur over time. The verification code is valid for this time in a specific short time. The software program installed on the mobile communication device will obtain the information used to generate the verification code according to the authentication message transmitted by the authentication server or the authentication server module, and the information may be time, transaction information, user information or It is one or a combination of the information provided by the authentication servo module.
更者,本發明提供的伺服器認證系統與方法將適用各種網路服務的安全認證需要,而各種網路服務都有其對應的資訊,比如當認證伺服模組(或是伺服器)取得一個認證請求時,將根據資訊比對得出執行該次存取程序的使用者資料,而且該次網路服務也有其特殊性,因此當傳送( 推播)認證訊息到行動通訊裝置時,所載的訊息將會符合該次網路服務的特性。據此,根據本發明實施例,載於行動通訊裝置內的軟體程式應設有多種樣板(templates),可以根據解析結果取得重要資訊,因而這些資訊可用產生驗證碼。Moreover, the server authentication system and method provided by the present invention are applicable to the security authentication requirements of various network services, and various network services have corresponding information, such as when the authentication server module (or the server) obtains one. When the request is authenticated, the user data for executing the access procedure is obtained based on the information comparison, and the network service also has its particularity, so when transmitting ( When the authentication message is sent to the mobile communication device, the message contained will conform to the characteristics of the network service. Accordingly, according to an embodiment of the present invention, the software program contained in the mobile communication device should be provided with a plurality of templates, which can obtain important information according to the analysis result, and thus the information can be used to generate a verification code.
如圖12所載的流程,如步驟S11,行動通訊裝置接收來自認證伺服模組所傳送的認證訊息,比如在執行特定存取服務時透過推播方式即時接收的訊息。接著,軟體程式將解析內容,如步驟S12,判斷訊息所載的內容是符合哪一種樣板,如步驟S13,根據所判斷的樣板可以正確擷取當中的資訊,如步驟S14。As shown in FIG. 12, in step S11, the mobile communication device receives the authentication message transmitted from the authentication server module, such as the message received immediately by the push mode when performing the specific access service. Then, the software program will parse the content. In step S12, it is determined which template the content contained in the message conforms to. In step S13, the information in the template can be correctly retrieved according to the determined template, as in step S14.
舉例來說,若該次存取服務為特定網路交易,所接收到的認證訊息應會載有該次網路交易的相關資訊,如商品名稱、金額、交易時間、個人資訊等,這些應有的資訊配合應有的樣板,經過解析可以用來判斷訊息的屬性。For example, if the access service is a specific network transaction, the received authentication message should contain relevant information about the online transaction, such as the product name, amount, transaction time, personal information, etc. Some information is matched with the template that should be used. After parsing, it can be used to judge the attributes of the message.
之後,透過軟體程式結合所擷取相關該次存取服務的資訊以及前述載於行動通訊裝置內記憶體內的種值(步驟S15),而產生驗證碼,如步驟S16。這個驗證碼因為結合了使用者初始化時註冊的個人化資訊(不排除近場通訊的應用)以及該次存取服務的資訊,因此驗證碼為唯一且具有時效性,適合作為該次存取服務認證的用途。Then, the verification code is generated by the software program combining the information about the access service and the seed value contained in the memory in the mobile communication device (step S15), as shown in step S16. This verification code is unique and time-sensitive because it combines the personalized information registered by the user at the time of initialization (the application of the near field communication is not excluded) and the information of the access service. It is suitable as the access service. The purpose of certification.
本發明涉及一種電腦可讀取媒體,其中所載之程式集係執行於前述行動通訊裝置內,用以執行伺服器認證方法,程式集主要包括連線設於本發明提供的認證系統中之一認證伺服模組之程式指令、接收認證伺服模組所產生的認證資訊通知之程式指令、接收認證資訊通知後,執行近場 通訊程序之程式指令、完成近場通訊程序後,能取得記載於行動通訊裝置內種值之程式指令、依據種值產生驗證碼之程式指令,另外可包括顯示驗證碼之程式指令,並包括傳送驗證碼至系統端的認證伺服模組之程式指令。The present invention relates to a computer readable medium, wherein the program set is executed in the foregoing mobile communication device for executing a server authentication method, and the program mainly includes one of the authentication systems provided in the present invention. After executing the program command of the authentication servo module, receiving the program command of the authentication information notification generated by the authentication servo module, and receiving the notification of the authentication information, the near field is executed. After the program command of the communication program and the completion of the near field communication program, the program command recorded in the mobile communication device can be obtained, the program command for generating the verification code according to the seed value, and the program command for displaying the verification code, and the transmission can be included. Verification code to the program command of the authentication servo module on the system side.
綜上所述,本發明所提出的伺服器認證方法、系統與一電腦可讀取媒體主要是提出一種安全認證的機制,特別提供一個欲登入之網路伺服器以外的認證伺服器,透過此第三方提供的認證機制,讓使用者可以利用手持的行動通訊裝置動態產生的驗證碼提供安全的伺服器認證程序。In summary, the server authentication method and system and the computer readable medium proposed by the present invention mainly provide a mechanism for secure authentication, and particularly provide an authentication server other than the network server to be logged in. The authentication mechanism provided by the third party allows the user to provide a secure server authentication program using the verification code dynamically generated by the handheld mobile communication device.
惟以上所述僅為本發明之較佳可行實施例,非因此即侷限本發明之專利範圍,故舉凡運用本發明說明書及圖示內容所為之等效結構變化,均同理包含於本發明之範圍內,合予陳明。However, the above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Therefore, equivalent structural changes that are made by using the specification and the contents of the present invention are equally included in the present invention. Within the scope, it is combined with Chen Ming.
101‧‧‧使用者電腦101‧‧‧User computer
102‧‧‧動態密碼鑰匙102‧‧‧Dynamic password key
103‧‧‧網路伺服器103‧‧‧Web server
104‧‧‧認證管理伺服器104‧‧‧Certificate Management Server
201‧‧‧使用者電腦201‧‧‧User computer
202‧‧‧行動通訊裝置202‧‧‧Mobile communication device
203‧‧‧網路伺服器203‧‧‧Web server
204‧‧‧認證伺服器204‧‧‧Authentication server
20‧‧‧認證系統20‧‧‧Certification system
30‧‧‧行動通訊裝置30‧‧‧Mobile communication devices
3‧‧‧網路3‧‧‧Network
301‧‧‧網路伺服器301‧‧‧Web server
303‧‧‧認證伺服器303‧‧‧Authenticated server
51‧‧‧行動通訊裝置51‧‧‧Mobile communication devices
52‧‧‧使用者電腦52‧‧‧User computer
53‧‧‧網路伺服器53‧‧‧Web server
54‧‧‧認證伺服器54‧‧‧Authentication Server
71‧‧‧行動通訊裝置71‧‧‧Mobile communication devices
72‧‧‧網路伺服模組72‧‧‧Network Servo Module
73‧‧‧認證伺服模組73‧‧‧Certified Servo Module
80‧‧‧認證系統80‧‧‧Authorization System
801‧‧‧網路伺服模組801‧‧‧Network Servo Module
802‧‧‧認證伺服模組802‧‧‧ certified servo module
81‧‧‧電腦裝置81‧‧‧Computer equipment
811‧‧‧網路單元811‧‧‧Network Unit
813‧‧‧登入介面單元813‧‧‧ Login interface unit
815‧‧‧輸入單元815‧‧‧ input unit
82‧‧‧行動通訊裝置82‧‧‧Mobile communication device
821‧‧‧通訊單元821‧‧‧Communication unit
823‧‧‧記憶單元823‧‧‧ memory unit
825‧‧‧驗證碼產生單元825‧‧‧ verification code generation unit
827‧‧‧顯示單元827‧‧‧Display unit
829‧‧‧近場通訊單元829‧‧‧ Near Field Communication Unit
831‧‧‧輸入單元831‧‧‧ input unit
83‧‧‧近場認證載具83‧‧‧ Near-field certification vehicle
91‧‧‧行動通訊裝置91‧‧‧Mobile communication device
911‧‧‧輸入單元911‧‧‧ input unit
912‧‧‧顯示單元912‧‧‧Display unit
913‧‧‧驗證碼產生單元913‧‧‧Verification Code Generation Unit
914‧‧‧記憶單元914‧‧‧ memory unit
915‧‧‧通訊單元915‧‧‧Communication unit
916‧‧‧介面單元916‧‧‧Interface unit
9‧‧‧認證系統9‧‧‧Certification system
901‧‧‧網路伺服模組901‧‧‧Network Servo Module
902‧‧‧認證伺服模組902‧‧‧Certified Servo Module
步驟S401~S409‧‧‧種值產生流程Step S401~S409‧‧‧ kinds of value generation process
步驟501~508‧‧‧伺服器登入身份方法流程之一Step 501~508‧‧‧One of the server login identity method flow
步驟601~606‧‧‧伺服器登入身份方法流程之二Step 601~606‧‧‧ server login identity method flow 2
步驟701~706‧‧‧伺服器登入身份方法流程之三Step 701~706‧‧‧ server login identity method flow three
步驟S901~S913‧‧‧伺服器登入流程Step S901~S913‧‧‧Server Login Process
步驟S111~S121‧‧‧伺服器認證流程Step S111~S121‧‧‧Server authentication process
步驟S11~S16‧‧‧驗證碼產生流程Step S11~S16‧‧‧ verification code generation process
圖1顯示為習知技術使用動態密碼進行認證的網路架構圖;圖2顯示本發明伺服器登入身份認證之網路架構實施例示意圖之一;圖3顯示本發明伺服器登入身份認證之網路架構實施例示意圖之二;圖4所示流程描述所發明認證系統採用種值之產生步驟實施例;圖5顯示本發明伺服器認證方法之流程圖之一;圖6顯示本發明伺服器認證方法之流程圖之二;圖7顯示本發明伺服器認證方法之流程圖之三; 圖8顯示本發明認證系統實施例之功能方塊圖之一;圖9顯示本發明認證系統實施例之功能方塊圖之二;圖10所示流程描述利用本發明伺服器認證方法登入網路伺服器之實施例;圖11所示流程描述本發明伺服器認證方法的實施例步驟;圖12所示流程描述在本發明伺服器認證方法中行動通訊裝置端的步驟。FIG. 1 is a schematic diagram of a network architecture for authenticating a password using a dynamic password; FIG. 2 is a schematic diagram showing an embodiment of a network architecture for authenticating a server login identity authentication; FIG. 3 is a diagram showing a network for logging in to the identity authentication server of the present invention. 2 is a schematic diagram of the embodiment of the road architecture; the flow shown in FIG. 4 describes an embodiment of the method for generating the value of the authentication system of the invention; FIG. 5 shows one of the flowcharts of the server authentication method of the present invention; and FIG. 6 shows the server authentication of the present invention. Method flow chart 2; FIG. 7 shows the third flowchart of the server authentication method of the present invention; 8 is a functional block diagram of an embodiment of the authentication system of the present invention; FIG. 9 is a second functional block diagram of an embodiment of the authentication system of the present invention; and the flow chart shown in FIG. 10 is used to log in to a network server by using the server authentication method of the present invention. The embodiment shown in FIG. 11 describes the steps of the embodiment of the server authentication method of the present invention; the flow shown in FIG. 12 describes the steps of the mobile communication device in the server authentication method of the present invention.
201‧‧‧使用者電腦201‧‧‧User computer
202‧‧‧行動通訊裝置202‧‧‧Mobile communication device
203‧‧‧網路伺服器203‧‧‧Web server
204‧‧‧認證伺服器204‧‧‧Authentication server
20‧‧‧身份認證系統20‧‧‧ identity authentication system
Claims (20)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW101140963A TWI465128B (en) | 2012-11-05 | 2012-11-05 | Method, system of server authentication, and a computer-readable medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW101140963A TWI465128B (en) | 2012-11-05 | 2012-11-05 | Method, system of server authentication, and a computer-readable medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TW201419888A TW201419888A (en) | 2014-05-16 |
| TWI465128B true TWI465128B (en) | 2014-12-11 |
Family
ID=51294554
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW101140963A TWI465128B (en) | 2012-11-05 | 2012-11-05 | Method, system of server authentication, and a computer-readable medium |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWI465128B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107306270A (en) * | 2016-04-19 | 2017-10-31 | 李光耀 | High security user's multiple authentication system and method |
| TWI652595B (en) | 2017-06-30 | 2019-03-01 | 兆豐國際商業銀行股份有限公司 | System and method for one-time password delivering |
| TWI799702B (en) * | 2019-12-03 | 2023-04-21 | 大陸商支付寶(杭州)信息技術有限公司 | Safety authentication method, device and electronic equipment |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI548249B (en) * | 2014-08-08 | 2016-09-01 | 蓋特資訊系統股份有限公司 | Method for verifying secruity data, system, and a computer-readable storage device |
| TWI559165B (en) * | 2014-10-13 | 2016-11-21 | 優仕達資訊股份有限公司 | Wireless authentication system and wireless authentication method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW201015940A (en) * | 2008-10-01 | 2010-04-16 | Avermedia Tech Inc | Network authorization method and application thereof |
| US20120144004A1 (en) * | 2010-03-29 | 2012-06-07 | Rakuten, Inc. | Authentication server apparatus, authentication server apparatus-use program and authentication method |
-
2012
- 2012-11-05 TW TW101140963A patent/TWI465128B/en not_active IP Right Cessation
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW201015940A (en) * | 2008-10-01 | 2010-04-16 | Avermedia Tech Inc | Network authorization method and application thereof |
| US20120144004A1 (en) * | 2010-03-29 | 2012-06-07 | Rakuten, Inc. | Authentication server apparatus, authentication server apparatus-use program and authentication method |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107306270A (en) * | 2016-04-19 | 2017-10-31 | 李光耀 | High security user's multiple authentication system and method |
| TWI634450B (en) * | 2016-04-19 | 2018-09-01 | 李光耀 | High-safety user multi-authentication system and method |
| CN107306270B (en) * | 2016-04-19 | 2019-12-24 | 李光耀 | High-security user multiple authentication system and method |
| TWI652595B (en) | 2017-06-30 | 2019-03-01 | 兆豐國際商業銀行股份有限公司 | System and method for one-time password delivering |
| TWI799702B (en) * | 2019-12-03 | 2023-04-21 | 大陸商支付寶(杭州)信息技術有限公司 | Safety authentication method, device and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| TW201419888A (en) | 2014-05-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9741033B2 (en) | System and method for point of sale payment data credentials management using out-of-band authentication | |
| CN108809659B (en) | Dynamic password generation method, dynamic password verification method, dynamic password system and dynamic password verification system | |
| US9641521B2 (en) | Systems and methods for network connected authentication | |
| US9130929B2 (en) | Systems and methods for using imaging to authenticate online users | |
| US11501294B2 (en) | Method and device for providing and obtaining graphic code information, and terminal | |
| TWI548249B (en) | Method for verifying secruity data, system, and a computer-readable storage device | |
| US10045210B2 (en) | Method, server and system for authentication of a person | |
| US10484372B1 (en) | Automatic replacement of passwords with secure claims | |
| CN112953970B (en) | Identity authentication method and identity authentication system | |
| TR201810238T4 (en) | The appropriate authentication method and apparatus for the user using a mobile authentication application. | |
| US9124571B1 (en) | Network authentication method for secure user identity verification | |
| KR101210260B1 (en) | OTP certification device | |
| TWI465128B (en) | Method, system of server authentication, and a computer-readable medium | |
| CN106161475B (en) | Method and device for realizing user authentication | |
| CN108616352B (en) | Dynamic password generation method and system based on secure element | |
| KR101741917B1 (en) | Apparatus and method for authenticating using speech recognition | |
| WO2013152735A1 (en) | Electronic cipher generation method, apparatus and device, and electronic cipher authentication system | |
| WO2015168878A1 (en) | Payment method and device and payment factor processing method and device | |
| TW201544983A (en) | Data communication method and system, client terminal and server | |
| CN108768655A (en) | Dynamic password formation method and system | |
| CN110417784B (en) | Authorization method and device of access control equipment | |
| KR102032210B1 (en) | User authentication processing apparatus capable of simple authentication by inputting personal identification number and operating method thereof | |
| KR102313868B1 (en) | Cross authentication method and system using one time password | |
| JP2010117995A (en) | System, device and method for issuing application | |
| WO2014166193A1 (en) | Application encryption processing method, apparatus, and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MM4A | Annulment or lapse of patent due to non-payment of fees |