200830833 九、發明說明: 【發明所屬之技術領域】 本發日服供-種資料安全纽及其保齡法,尤指一種應用 於網路傳輸之資料安全系統及其保護方法。 【先前技術】 商2分細電子資絲進行溝觀_時代巾,無論是處 。么務或者是私人事務很多都會透過電子郵件來進行,但 對於-些極為重要而具械密性的資料,若存在於不安全加密裝 置之儲存器中,很容易被非授權者所截 機密性及安全性。 梭取目而無法確保資料的 ㈣力為!^瓣’嶋有了態_键生,所謂的 二=疋防制資料於儲存器或網路傳輸過程中被非授權取得 方式。-麟.密歧將可轉的 =密去資料的-種計算形式,而解密就是加密的反向過 實的加密資料還原為可理解的資料的一種逆運算 2際應叫’峨綱峨麵理_嶋後,再敍 :網際醜姐_路)的傳輪_趣來。: =索這些資料的時候,具有解密權利的使用者將加密資料: 解在後,才能獲得原來可利用的資料。 隨著電子與通訊科技的曰益進步,透過網路更可 帳戶、購物以及報I.等電询的進行’因此提供人們生活: 200830833 求的便利性以及節省寶貴的時間。然而,在追求便概的同時, 網路安全卻成為-個潛在的問題。由於網際網路與區域網路之間 賴 TOVIP ' UDP ' FTP、RPC、趾、HTTp、賺、赃臟 3 等等種種不_通祕絲溝通,而先天上,這些協定都沒有任 何加密機制,以致於我們有個公開的網路環境’非授權者只要擁 取使用者在網路上傳送的龍,透過適當㈣料組合,就可以達 到竊取資料的目的。顯然將重要資料於網路中傳送時,若未對所 鲁傳輸的資料進行較完善的加密處理以及未對網路中的各個層次之 間訂定有關的安全通鶴定之情況下,將無法讓晴巾傳輸的資 料獲得強而有力的安全保護。 再者,無線行動通訊服務已經成為現代通信服務的主流,有 線的電話、線路、專線或是先魏訊系、統的架設不易,勢必由無線 通訊系統取而代之。因此,ffiEE做了 ffiEE說u無線區域網 路的標準,於安全相關服務的設計中,則包括有由網景公司為 • 細㈣⑧家族產品設計的SSL (Secure Socket Layer)通訊協定(如200830833 IX. Description of the invention: [Technical field to which the invention pertains] The present invention provides a data security link and a bowling method thereof, and more particularly relates to a data security system and a protection method thereof for network transmission. [Prior Art] Business 2 points fine electrons to carry out the gulf view _ era towel, no matter where it is. Many of the services or private affairs are carried out by e-mail, but for some extremely important and confidential information, if it exists in the storage of the insecure encryption device, it is easy to be intercepted by unauthorized persons. And security. The purpose of the shuttle is to ensure that the data is (4) force! ^ flaps 嶋 have state _ key, the so-called two = 疋 control data in the storage or network transmission process is unauthorized access. - Lin. Miqi will turn the == secret data to the form of calculation, and decryption is the inverse of the encrypted reversed real encrypted data to an incomprehensible data. After the _ 嶋 , 再 再 再 再 再 再 再 : : : : : : : : : : : : = When accessing this information, the user with the right to decrypt will encrypt the data: After the solution, the original available data will be available. With the advancement of electronics and communication technology, the Internet can be used for account, shopping, and reporting. I therefore provide people with life: 200830833 for convenience and valuable time. However, while pursuing the convenience, network security has become a potential problem. Because the Internet and the local network rely on TOVIP 'UDP' FTP, RPC, toe, HTTp, earn, dirty 3, etc., and innately, these agreements do not have any encryption mechanism. As a result, we have an open network environment. 'Unauthorized users can grab the dragons transmitted by users on the Internet. Through appropriate (four) material combinations, the purpose of stealing data can be achieved. Obviously, when important data is transmitted over the network, if the data transmitted by Rulu is not properly encrypted and the relevant security is not established between the various layers in the network, it will not be allowed. The information transmitted by the clear towel is protected by strong security. Furthermore, wireless mobile communication services have become the mainstream of modern communication services. Wired telephones, lines, leased lines, or the establishment of the first Weixun system are not easy, and will be replaced by wireless communication systems. Therefore, ffiEE has made ffiEE the standard for wireless local area networks. In the design of security-related services, it includes SSL (Secure Socket Layer) communication protocols designed by Netscape for the fine (four) 8 family products (such as
Netscape®於美國專利號5,657,390中所揭露),SSL是利用公開金 鑰的加密技術(RSA)來做為用戶端與主機端在傳送機密資料時的 加毪通訊協疋’目鈿SSL技術已被大部份的網路飼服器及瀏覽器 所廣泛使用;以及電子交易(Electronic Commerce)安全付費機制的 女全電子父易(Secure Electronic Transaction,SET)協定,SET 是用 來保護消費者在開放型網路持卡付款交易安全的標準,由 6 200830833 VISA®、MasterCard® ' IBM®、Microsoft®、Netscape®、GTE®、Netscape® is disclosed in US Patent No. 5,657,390. SSL is a public key encryption technology (RSA) used as a coordinating communication protocol between the client and the host when transmitting confidential information. Most of the networked feeders and browsers are widely used; and the Electronic Commerce's secure payment mechanism, the Secure Electronic Transaction (SET) agreement, is used to protect consumers from opening up. The standard for secure network card payment transactions is 6 200830833 VISA®, MasterCard® 'IBM®, Microsoft®, Netscape®, GTE®,
VeriSign®、SAIC®、Tbrisa®等公司聯合制訂,運用RSA資料安全 的公開金输加密技術來保護交易資料之安全及隱密性。這些便是 目韵最常使用的安全機制,其中以無線區域網路而言,其前身即 為無線數據機(WirelessModem),該無線數據機的最大缺點是僅能 作點對點田“^邮的連繫’並且採取射頻⑽加^^胃,^ 作為無線傳輸媒介(WirelessTransmissionMedium),所以非常容易 ⑩ 被不法人士竊聽、竊用或破壞,因此其安全性方面的考量就十分 重要。 综觀上述習知電子交易之最大缺點在於欠缺完善的網路安全 防護考量以及無線通訊架構時僅能作點對點的資料傳輸下所產生 的問題。所以如何以一種網路通訊架構來進行安全交易之系統, 而使交易中的雙方皆能達成安全交易以及隨時隨地進行交易處 理,乃是待解決的問題。 【發明内容】 本發明之主要目的為提供使用者在進行網路資料傳輪時,一 種保護資料的安全純及方法。較时在登人識师料不慎遭 到竊取時,仍然能保有資料的安全性。 ^ 為達上述目的,本發明之一較廣義實施樣態為提 資钮&入/ 八^裡網路 、七王錢,包括-客端主機;—認證分配伺服器,透過網路 與該客端主機連接,該認證分_服器包含—第—酬裝置,用 7 200830833 來辨識該客駐赌人之_資料是否正確;以及_個憑證產 生器’在辨識該識別資料為正確時,在第一時間產生一使用憑證 給該客端线’且該使縣證具有—職使用憑證有效期限;以 及複數個分散伺服器,經由網路與該客端主機及該認證分配伺服 器連接’用來接收來自該客端主機在第二時間之請求,該複數個 分散伺服各包含m概置,經由網路無客端主機及 該認證分配舰器連接,用來確認來自該客端主機之該使用憑證 # 是否正確,並判別該第-時間與該第二時間之時間間隔是否超過 該使用憑證有效期限;以及-處職,絲在該第二卿裝置確 認該使用憑證為正確且在未超過該使用憑證有效期限後,執行來 自該客端主機之該請求。 根據上述構想,該第二細裝置進—步與該認證分配祠服器 確認該使用憑證是否正確。 根據上述構想,該複數個分散伺服器皆各進一步包含一更新 ❿憑證產生器,在該第二判別裝置判別該第一時間與該第二時間之 時間間隔超過該㈣憑證有效期限時,絲產生—更新憑證給該 認證分配概ϋ及-憑證_通知給該客端主機,其中該更新憑 證具有一預設更新憑證有效期限。 根據上述構想,麵證分關縣在㈣來自該客端主機輸 入之識別資料時’進-步要求該客端主機輸人另—組識別資料, 以達到雙重保護的功能。 200830833 根據上述構想,該認證分配伺服器可經由手機簡訊的方式傳 送另一組識別資料並要求該客端主機輸入此另一組識別資料。 根據上述構想,該認證分配伺服器可經由電子郵件的方式傳 送另一組識別資料並要求該客端主機輸入此另一組識別資料。 根據上述構想,該識別資料為使用者帳號與密碼。 根據上述構想,該複數個分散伺服器包括應用程式伺服器、 通訊伺服器、下載伺服器、檔案伺服器、郵件伺服器等習知的各 _ 種型態服務伺服器。 根據上述構想,該使用憑證更包含一金鑰(key)與一數位簽章 (digital signature) 〇 根據上述構想,該認證分配伺服器與該複數個分散伺服器構 成一分散式處理系統。 為達上述目的,本發明之一較廣義實施樣態為提供一種網路 貝料保濩方法,其步驟包括a)使用者輸入至少一識別資料;b)辨 •識該識別資料是否正確;c)若該識別資料辨識為正確,則在第一時 _傳-使㈣證給制者,該賴憑證具有—預設使用憑證有 效期限;d则者在第二時間發出—請求及該使用憑證;e)確認該 使用憑證是否正確及判斷該第—時間與第二時間的時間間隔是否 超過該預設使賴證有效期限;以及胳該使㈣證確認為正確 且未超過該預設使用憑證有效期限,則執行該請求。 根據上述構想,進-步包括下列步驟g細者在第三時間發 200830833 出另一請求及該使用憑證;h)判斷該第一時間與第三時間的時間間 隔是否超過該預設使用憑證有效期限;i)若判斷超過該預設使用憑 證有效期限,則產生一使用憑證到期通知及一更新憑證,該更新 憑證具有一預設更新憑證有效期限;j)使用者輸入該使用憑證;k) 確認該使用憑證是否正確;1)若該使用憑證確認為正確,則在第四 時間回傳該更新憑證給使用者;m)使用者在第五時間重新發出該 另一請求及該更新憑證;η)確認該更新憑證是否正確及判斷該第四 鲁 時間與該第五時間的時間間隔是否超過該預設更新憑證有效期 限;以及〇)若該更新憑證確認為正確且未超過該預設更新憑證有 效期限,則執行該另一請求。 根據上述構想,該識別資料為使用者帳號與密碼。 根據上述構想,該使用憑證更包含一金鑰(key)與一數位簽章 (digital signature) 〇 【實施方式】 鲁 體現本發明特徵與優點的一些典型實施例將在後段的說明中 詳細敘述。應理解的是本發明能夠在不同的態樣上具有各種的變 化,其皆不脫離本發明的範圍,且其中的說明及圖式在本質上僅 當作說明之用,而非用以限制本發明。 请參閱第1圖’第1圖揭示本發明較佳實施例之—種網路資 料安全系統之架構示意圖。本發明之網路資料安全祕包括客端 主機1〇、認證分配伺服器、2〇及分散伺服器群組30。-般伺服器 可依照不同的魏而將之區分為朗程式伺縣、通訊伺服器、 200830833 下载伺服器、檔案伺服器、郵件伺服器等習知的各種型態服務伺 服器。在此所指之分散伺服器群組30即為前述不同功能伺服器之 組合名稱。本發明之網路資料安全系統亦可僅包含單一伺服器的 情況。其中分散伺服器群組30中之伺服器各別更包含第二判別裝 置32、處理器33、更新憑證產生器31。而認證分配伺服器20更 包含第一判別裝置22、使用憑證產生器21。前述各個裝置的功能 將於後續詳加描述。 # 第3A圖到第3C圖揭示本發明之一種網路資料保護之方法流 程圖。請先參閱第3A圖,首先,客端主機1〇輸入使用者帳號與 密碼給認證分配伺服器20進行辨識,如圖式步驟S301所示。然 後,透過網路與客端主機10及分散伺服器群組3〇連接之認證分 配伺服器20中之第一判別裝置22,將針對客端主機1〇所輸入之 使用者帳號與密碼進行辨識,如圖式步驟S302所示。當認證分配 伺服益20之第一判別裝置22辨識使用者帳號與密碼皆為正確 • 時,認證分配伺服器20之使用憑證產生器21將會產生並回傳一 個使用憑證給客端主機10 ’如圖式步驟S304所示,其中使用憑證 產生器21在產生使用憑證時,會同時將一個使用憑證有效期限加 密於其中,這個使用憑證有效期限的時間長短可由認證分配飼服 器20所預設,以避免使用憑證不慎被非授權者所竊取而盜用,導 致資料外洩;而當使用者帳號與密碼辨識為不正確時,認證分配 伺服器20將不繼續進行後續步驟,如圖式步驟S303所示。 11 200830833 當客端主機10收到來自認證分配伺服器20所回傳之使用憑 也後’各端主機1〇㉛可依此作為憑藉’向分散飼服器群組提 出睛求(例如:下載、存取、通訊等),如圖式步驟S305所示。 當分散伺服器群組30收到客端主機1〇的請求時,依照請求的種 類’請求將被分配給分散伺服器群組3〇中負責該請求之相關伺服 器以進行後續處理。舉例來說,當客端主機1〇發出下載的請求時, 此睛求指令連同憑證將傳送到分散伺服器群組3〇中之下載伺服 器’再由下載伺服器内之第二姻裝置32進一步m總分配伺服 器20確認使用憑證是否與認證分配飼服器2〇所提供、給客端主機 1〇之使用憑證-致,如圖式步驟S3G6所示。接下來,若使用憑證 不正癌,則將不執行下載請求,而回到步驟S303。 而若第二判別裝置32確認使用憑證為正確,第二判別裝置& 將會進一步判斷使用憑證產生器21產生使用憑證與客端主機⑺ 發出請求的時間間隔是否超過使用憑證有效期限,如圖式步驟 S307所示。若第二判別裝置32判斷並未超過使用憑證有效期限, 則下載伺服器之處理器33將會執行客端主機所提出之下載枝 求’如圖式步驟S308所示;而若判斷超過使用憑證有效期限,則 更新憑證產生器31將會發出一個憑證到期通知給客端主機1〇,要 求客端主機10更新原有使用憑證,在這同時,更新憑證產生哭 也會產生一個更新憑證給認證分配伺服器20,如圖式步驟S3⑽ 所示。 12 200830833 上述僅為客端主機10發出一個請求的情況下之流程。當客端 主機10欲執行超過一個請求時,為了防止憑證在客端主機由 認證分配伺服器20取得後,被非經授權的第三者所竊取或冒用, 本發明進一步藉由每隔一段時間要求客端主機10重新取得一更新 ,憑證的方法來防止憑證被遭到竊取或冒用。 接下來’请參閱弟犯圖’其接續上述之步驟S308。當客端 主機10再發出另一請求,如圖式步驟S310所示,舉例來說,發 • 出一存取請求。在分散伺服器群組3〇收到客端主機10的存取請 求及使用憑證後,會將存取請求及使用憑證分配給檔案伺服器以 進行後續處理。然後,檔案伺服器内之第二判別裝置32會先與認 證分配伺服器20確認使用憑證是否與認證分配伺服器2〇所提供 給客端主機10之使用憑證一致,如圖式步驟S311所示。接下來, 若使用憑證不正確,則將不執行其存取請求,如圖式步驟s3i2所 示。 _ ❿右第二判別裝置32確認使用憑證為正確,將會進一步判斷 使用憑證產生器21產生使用憑證與客端主機1()發贿取請求的 時間間隔是否超過使用憑證有效期限,如圖式步驟S3n所示。若 第二期裝置32判斷並未超過使㈣證有效期限,職案飼服器 之處理器33將會執行客端主機10所提出之存取請求,如圖式步 驟S315所示^若麟超過使㈣證有效紐,職案伺服器内 之更新憑證產生器31將會發出-個憑證到期通知給客駐機 13 200830833 10,要求客端主機10更新原有使用憑證,在這同時,更新憑證產 生器31也會產生一個更新憑證給認證分配伺服器2〇,如圖式步驟 S314所示’其中更新憑證產生器31在產生更新憑證時,會同時將 -個更新憑證有效舰加密於其巾,這個更概證有效期限的時 間長短如同使用憑證有效期限可由認證分配伺服器2〇所預設,如 前所述’以避免使用憑證不慎被非授權者所竊取而盜用,導致資 料外洩。 _ 冑後’請參閱第2圖及第3C圖,其接續上述之步驟 S309 〇 當客端主機10收到來自更新憑證產生器31所發出之憑證到期通 知,若客端主機10要發出任何其他新的請求時,必須先更新其原 有之使用憑證才能完成所欲執行之其他請求。 物,客端主機10只要憑藉原有之使用憑證,而不需重新輸 入使用者帳叙③碼,即可向麵分_則2G轉纟更新憑證 產生器31所產生之更新憑證,如圖式步驟S316所示。認證分配 •舰器20將進一步確認使用憑證是否正確,如圖式步驟ssn所 不。右使用/1迅不正確,則將不執行接續步驟,如圖式步驟s3i8 所不’亦即將不回傳更新憑證給客端主機ι〇。反之,若使用憑證 正確,則將回傳更新憑證給客端主機1〇,如圖式步驟s3i9所示。 田客端主機10收到來自認證分配伺服器所回傳之更新憑 證後,客端主機1〇即可依此作為憑藉,向分散祠服器群組30重 新提出另明求,在此假設為存取請求,如圖式步驟说〇所示。 200830833 當分散飼服器群組30之檔案飼服器收到客端主機1〇之存取請求 牯檔案伺服器之第二判別裝置32將確認來自客端主機之更 新憑證是否與更新憑證產生器31所產生之更新憑證一致,如圖式 步驟S321所示。在此,若該更新憑證是由該同一檔案祠服器所發 出,則,該檔案伺服器將不需再向認證分配伺服器2〇進行進一步 的確認動作。 當更新憑證不正確,將不執行其存取請求,而回到圖式步驟 • S318。而當更新憑證確認為正確時,第二判別裝置32將會進一步 判斷認證分配伺服器20發出更新憑證與客端主機1〇發出存取請 求的時間間隔是否超過更新憑證有效期限,如圖式步驟S322所 不。若第二判別裝置32判斷並未超過更新憑證有效期限,則檔案 伺服器之處理器33將會執行客端主機10所提出之存取請求,如 圖式步驟S324所示;而若判斷超過更新憑證有效期限,則檔案伺 服器内之更新憑證產生器31將會發出另一個憑證到期通知給客端 • 主機10,要求客端主機1〇再次更新原有更新憑證,在這同時,更 新憑證產生器31也會產生另一個更新憑證給認證分配伺服器 20,如圖式步驟S323所示。 為了加強網路資料之安全性,認證分配伺服器2〇在收到來自 客端主機10輸入之使用者帳號與密碼時,可另外透過手機簡訊或 電子郵件的方式傳送另一組識別資料並進一步要求客端主機10再 輸入此另一組識別資料,以達到雙重保護的功能。 15 200830833 縱使本發明已由上述之實施例詳細敘述而可由熟悉本技藝之 人士任施匠思而為諸般修飾,然皆不脫如附申請專利範圍所欲保 護者。 200830833 【圖式簡單說明】 第1圖揭示本發明之一種網路資料安全系統示意圖。 第2圖揭示本發明之更新憑證系統示意圖。 第3A圖到第3C圖揭示本發明之一種網路資料保護之方法流 程圖。 【主要元件符號說明】 10客端主機 20認證分配伺服器 21使用憑證產生器 22第一判別裝置 30分散伺服器群組 31更新憑證產生器 32第二判別裝置 S301〜S324步驟 33處理器 17Companies such as VeriSign®, SAIC®, and Tbrisa® have jointly developed and protected the security and confidentiality of transactional data using RSA data security public access encryption technology. These are the most commonly used security mechanisms. In terms of wireless local area networks, the predecessor is the wireless modem (Wireless Modem). The biggest disadvantage of the wireless data machine is that it can only be used as a point-to-point connection. It is also a radio transmission medium (10) plus ^^ stomach, ^ as a wireless transmission medium (Wireless Transmission Medium), so it is very easy to be eavesdropped, stolen or destroyed by unscrupulous people, so its safety considerations are very important. The biggest shortcoming of electronic trading is the lack of perfect network security considerations and the problems that can only be generated by peer-to-peer data transmission in the wireless communication architecture. So how to use a network communication architecture to conduct secure transaction systems and make transactions The two parties can achieve secure transactions and transaction processing anytime and anywhere, which is a problem to be solved. [Invention] The main purpose of the present invention is to provide a user with a safe and secure data protection when carrying out network data transmission. And methods. At the same time, when the person is accidentally stolen, the data can still be kept safe. ^ In order to achieve the above purposes, one of the more general implementations of the present invention is a fundraising button & in/eight network, seven king money, including - client host; - authentication distribution server, through the network and The client host is connected, the authentication server includes a -first payment device, and 7 200830833 is used to identify whether the data of the guest gambler is correct; and _ a credential generator 'when the identification data is recognized as correct , in the first time, a usage certificate is generated for the client line 'and the county certificate has a validity period of the employment certificate; and a plurality of distributed servers are connected to the client host and the authentication distribution server via the network' The method is configured to receive a request from the host host at a second time, where the plurality of distributed servers each include an m-preparation, and the client-free host and the authentication distribution ship connection are used to confirm the slave host from the network. Whether the use credential # is correct, and whether the time interval between the first time and the second time exceeds the expiration date of the use credential; and - the service, in the second device confirms that the use credential is correct After the expiration date of the use credential is not exceeded, the request from the host host is executed. According to the above concept, the second thin device further confirms whether the use credential is correct with the authentication distribution server. Each of the plurality of scatter servers further includes an update vouchers, and when the second discriminating device determines that the time interval between the first time and the second time exceeds the validity period of the (4) voucher, the wire generates an update voucher to the The authentication allocation profile and the voucher_notification are sent to the client host, wherein the update voucher has a preset update voucher expiration date. According to the above concept, the voucher is located in (4) when the identification data input from the client host is input' The step-by-step requesting the client host to input another group identification data to achieve the dual protection function. 200830833 According to the above concept, the authentication distribution server can transmit another set of identification data and request the client via the mobile phone short message. The host enters this other set of identification data. According to the above concept, the authentication distribution server can transmit another set of identification data via email and request the guest host to input the other set of identification data. According to the above concept, the identification data is a user account and a password. According to the above concept, the plurality of distributed servers include various types of service servers, such as an application server, a communication server, a download server, a file server, and a mail server. According to the above concept, the use certificate further includes a key and a digital signature. According to the above concept, the authentication distribution server and the plurality of distributed servers form a distributed processing system. In order to achieve the above object, a generalized implementation of the present invention provides a method for protecting a network of bedding materials, the steps comprising: a) inputting at least one identification data by a user; b) identifying whether the identification data is correct; If the identification data is recognized as correct, then at the first time, the _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ ; e) confirming whether the proof of use is correct and determining whether the time interval between the first time and the second time exceeds the preset validity period; and determining that the (four) certificate is correct and does not exceed the preset use certificate The expiration date is executed. According to the above concept, the step further comprises the following steps: the third time is sent to the third time 200830833 for another request and the use certificate; h) determining whether the time interval between the first time and the third time is more than the preset use certificate is valid. a period; i) if it is determined that the expiration date of the preset use certificate is exceeded, a use certificate expiration notice and an update voucher are generated, the update voucher having a preset update voucher expiration date; j) the user inputting the use voucher; k Confirm that the proof of use is correct; 1) if the proof of use is confirmed to be correct, return the update credential to the user at the fourth time; m) the user reissues the other request and the update credential at the fifth time ; η) confirming whether the update voucher is correct and determining whether the time interval between the fourth time and the fifth time exceeds the expiration date of the preset update voucher; and 〇) if the update voucher is confirmed to be correct and the preset is not exceeded The update request expires and the other request is executed. According to the above concept, the identification data is a user account and a password. According to the above concept, the use certificate further includes a key and a digital signature. [Embodiment] Some exemplary embodiments embodying the features and advantages of the present invention will be described in detail in the following description. It is to be understood that the invention is capable of various modifications in the various embodiments of the invention invention. 1 is a schematic diagram showing the architecture of a network material security system in accordance with a preferred embodiment of the present invention. The network data security secret of the present invention includes a client host 1, a certificate assignment server, a class 2, and a distributed server group 30. The general server can be divided into various types of service servers such as the Langshi County, the communication server, the 200830833 download server, the file server, and the mail server according to different Wei. The distributed server group 30 referred to herein is the combined name of the aforementioned different function servers. The network data security system of the present invention may also include only a single server. The servers in the distributed server group 30 each further include a second determining device 32, a processor 33, and an update credential generator 31. The authentication assignment server 20 further includes a first discriminating unit 22 and a use credential generator 21. The functions of the foregoing various devices will be described in detail later. #3A to 3C show a flow chart of a method for protecting network data according to the present invention. Please refer to FIG. 3A first. First, the client host 1 enters the user account and password to identify the authentication assignment server 20, as shown in step S301. Then, the first discriminating device 22 in the authentication distribution server 20 connected to the client host 10 and the distributed server group 3 through the network identifies the user account and password input to the client host 1 , as shown in step S302. When the first discriminating device 22 of the authentication allocation servo benefit 20 recognizes that the user account and the password are both correct, the use credential generator 21 of the authentication distribution server 20 will generate and return a use credential to the client host 10'. As shown in step S304, wherein the use credential generator 21 encrypts a validity period of the use credential at the same time when the use credential is generated, the length of time for which the validity period of the use credential can be preset by the authentication distribution feeder 20 In order to avoid the use of the voucher inadvertently stolen by unauthorized persons, resulting in data leakage; and when the user account and password are identified as incorrect, the authentication distribution server 20 will not proceed to the subsequent steps, as shown in the following steps. S303 is shown. 11 200830833 When the client host 10 receives the use of the return from the authentication distribution server 20, the 'ends of the host 1 〇 31 can be used as the basis for the 'distributed feeder group' (for example: download , access, communication, etc.), as shown in step S305. When the scatter server group 30 receives a request from the client host 1, the request in accordance with the requested type 'requests' will be assigned to the associated server in the scatter server group 3 that is responsible for the request for subsequent processing. For example, when the client host 1 issues a download request, the command and the voucher will be transmitted to the download server in the scatter server group 3, and then the second scam device 32 in the download server. Further, the m total distribution server 20 confirms whether the use voucher is provided with the use certificate provided to the client host 1 by the authentication distribution server 2, as shown in step S3G6. Next, if the certificate is not cancerous, the download request will not be executed, and the process returns to step S303. If the second discriminating device 32 confirms that the use credential is correct, the second discriminating device & will further determine whether the time interval between the use of the credential generator 21 and the request of the client host (7) by the use of the credential generator 21 exceeds the expiration date of the use credential, as shown in the figure. The sequence is shown in step S307. If the second discriminating device 32 determines that the expiration date of the use credential is not exceeded, the processor 33 of the download server will execute the download request proposed by the guest host as shown in step S308; and if the judgment exceeds the use credential After the expiration date, the update credential generator 31 will issue a voucher expiration notification to the client host 1 to request the client host 10 to update the original use credential. At the same time, the update credential will also generate an update credential to the credential. The authentication assignment server 20 is as shown in step S3(10). 12 200830833 The above process is only for the case where the client host 10 issues a request. When the client host 10 wants to execute more than one request, in order to prevent the voucher from being stolen or fraudulently used by the non-authorized third party after the client host is obtained by the authentication distribution server 20, the present invention further utilizes every other segment. The time requires the client host 10 to re-acquire an update, voucher method to prevent the voucher from being stolen or fraudulent. Next, please refer to the "Personal Plot" to continue the above step S308. When the client host 10 issues another request, as shown in step S310, for example, an access request is issued. After the scatter server group 3 receives the access request and the use credential of the client host 10, the access request and the use credential are assigned to the file server for subsequent processing. Then, the second discriminating device 32 in the file server first confirms with the authentication assignment server 20 whether the use credential is consistent with the use credential provided by the authentication assignment server 2 to the client host 10, as shown in step S311. . Next, if the credentials are incorrect, the access request will not be executed, as shown in step s3i2. _ ❿ Right second discriminating device 32 confirms that the use credential is correct, and further judges whether the time interval between the use credential generator 21 generating the use credential and the client host 1 () to make a bribe request exceeds the expiration date of the use credential, as shown in the figure Step S3n is shown. If the second-stage device 32 determines that the expiration date of the (4) certificate is not exceeded, the processor 33 of the service server will execute the access request made by the client host 10, as shown in step S315. If the (4) certificate is valid, the update certificate generator 31 in the job server will issue a voucher expiration notification to the passenger station 13 200830833 10, requesting the client host 10 to update the original use certificate, and at the same time, update The credential generator 31 also generates an update credential to the authentication assignment server 2, as shown in step S314, where the update credential generator 31 encrypts the updated credential valid ship at the same time when generating the update credential Tow, the length of the validity period of this certificate is as long as the validity period of the certificate can be preset by the authentication distribution server 2, as described above, to avoid the use of the certificate and theft by the unauthorized person. vent. _ 胄 ' 'Please refer to Figure 2 and Figure 3C, which continues with the above step S309. When the client host 10 receives the certificate expiration notification from the update credential generator 31, if the client host 10 wants to issue any For other new requests, you must first update their original usage credentials to complete the other requests you want to execute. The client host 10 can update the voucher generated by the voucher generator 31 by using the original voucher without re-entering the user account 3 code. Step S316 is shown. Certification Assignment • The vessel 20 will further confirm that the usage credentials are correct, as shown in the step ssn. If the right use /1 is not correct, the connection step will not be executed. As shown in the following step s3i8, the update certificate will not be returned to the client host. Conversely, if the credentials are correct, the update credentials will be returned to the client host 1 as shown in step s3i9. After the Tianke host 10 receives the update certificate returned from the authentication distribution server, the client host 1 can use this as a basis to re-submit the request to the distributed server group 30, which is assumed to be Access the request, as shown in the figure. 200830833 When the file feeder of the distributed feeder group 30 receives the access request from the client host, the second discriminating device 32 of the file server will confirm whether the update credential from the client host is updated with the credential generator The updated credentials generated by 31 are identical, as shown in step S321. Here, if the update voucher is issued by the same file server, the file server will not need to perform further confirmation operation to the authentication distribution server. When the update credentials are incorrect, their access request will not be executed and will return to the schema step • S318. When the update credential is confirmed to be correct, the second discriminating device 32 further determines whether the time interval between the update credential 20 issuing the update credential and the client host 1 issuing the access request exceeds the expiration date of the update credential, as shown in the following steps. S322 does not. If the second discriminating device 32 determines that the expiration date of the update credential is not exceeded, the processor 33 of the file server will execute the access request made by the client host 10, as shown in step S324; If the voucher is valid, the update voucher generator 31 in the file server will issue another voucher expiration notification to the client/host 10, requesting the client host 1 to update the original update voucher again, and at the same time, update the voucher. The generator 31 also generates another update credential to the authentication assignment server 20, as shown in step S323. In order to enhance the security of the network data, the authentication distribution server 2 can transmit another set of identification data and further through the mobile phone newsletter or email when receiving the user account and password input from the client host 10. The client host 10 is required to input the other set of identification data again to achieve the dual protection function. Although the present invention has been described in detail by the above-described embodiments, it can be modified by those skilled in the art, without departing from the scope of the appended claims. 200830833 [Simple Description of the Drawings] Fig. 1 is a schematic diagram showing a network data security system of the present invention. Figure 2 is a schematic diagram showing an updated voucher system of the present invention. Figures 3A through 3C illustrate a flow chart of a method of network data protection in accordance with the present invention. [Description of main component symbols] 10 client host 20 authentication distribution server 21 use credential generator 22 first discriminating device 30 distributed server group 31 update credential generator 32 second discriminating device S301 to S324 step 33 processor 17