TW201349825A - Identity verification method and system using QR code - Google Patents

Identity verification method and system using QR code Download PDF

Info

Publication number
TW201349825A
TW201349825A TW101117593A TW101117593A TW201349825A TW 201349825 A TW201349825 A TW 201349825A TW 101117593 A TW101117593 A TW 101117593A TW 101117593 A TW101117593 A TW 101117593A TW 201349825 A TW201349825 A TW 201349825A
Authority
TW
Taiwan
Prior art keywords
code
registration
password
verification
user
Prior art date
Application number
TW101117593A
Other languages
Chinese (zh)
Inventor
Kun-Da Wu
Original Assignee
Gamania Digital Entertainment Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gamania Digital Entertainment Co Ltd filed Critical Gamania Digital Entertainment Co Ltd
Priority to TW101117593A priority Critical patent/TW201349825A/en
Publication of TW201349825A publication Critical patent/TW201349825A/en

Links

Landscapes

  • Telephonic Communication Services (AREA)

Abstract

The invention relates to an identity verification method using a QR code. The method is used to verify a client computer to determine whether the client computer is allowed to use internet service providing by a server. The method comprises steps of verifying an ID and a password transferring from the client computer, generating a QR code based on an unlocking code of a user data corresponding to the client computer while the ID and the password are accessed, and returning the QR code to the client computer for decoding. Then, verifying the unlocking code decoding from the QR code, and if the unlocking code is accessed, accessing the ID with the password to make the client computer being allowed to use internet service providing by the server.

Description

使用QR Code的身份驗證方法及其系統QR Code authentication method and system thereof

本發明與網站身份驗證機制有關,尤其涉將QR Code與IMEI碼運用於身份驗證的技術。The invention relates to a website authentication mechanism, and in particular to a technique for applying a QR Code and an IMEI code to an authentication.

在現今社會中,藉由桌上型電腦及諸如筆記型電腦、行動電話、等各式可攜式裝置從網際網路取得各種網路服務,已經是人類生活中不可或缺的日常活動之一。提供這些服務的網站通常會有自己的身份驗證機制,用來驗證要求登入的使用者,藉以杜絕一些非法使用者假冒合法用戶盜用其網站上的資源。In today's society, access to various Internet services from the Internet through desktop computers and various portable devices such as notebook computers, mobile phones, and the like is already one of the indispensable daily activities in human life. . Websites that provide these services often have their own authentication mechanism to authenticate users who require logging in, in order to prevent illegal users from impersonating legitimate users from stealing resources on their websites.

一網站的身份驗證機制傳統上只驗證一帳號及一密碼,然而,這種傳統身份驗證機制隨著駭客、木馬程式、鍵盤側錄(keylogger)或後門程式技術的進步,已經不再安全了。目前,為了加強身份驗證上的安全性,許多網站不但使用傳統的帳號及密碼作為第一層驗證,還進一步使用所謂的電話安全鎖或簡訊安全鎖(以下統稱為通訊鎖)作為第二層身份驗證,例如台灣200938277、200612291 、I326183、M371367 、I271082、200840305、200709637、I288554、M354810等專利案,中國200410054863.3、101247336、1925397等專利案,以及EP1445917、US7565297、US7657743、US7590847及US7920851等專利案。A website's authentication mechanism traditionally only verifies an account number and a password. However, this traditional authentication mechanism is no longer safe with the advancement of hackers, Trojans, keyloggers or backdoors. . At present, in order to enhance the security of authentication, many websites not only use the traditional account and password as the first layer of authentication, but also use the so-called telephone security lock or SMS security lock (hereinafter collectively referred to as communication lock) as the second layer identity. For example, Taiwan Patent No. 200938277, 200612291, I326183, M371367, I271082, 200840305, 200109637, I288554, M354810, etc., China Patent No. 200410054863.3, 101247336, 1925397, and the like, and EP1445917, US7565297, US7657743, US7590847, and US7920851.

在加強身份驗證之安全性的議題上,台灣I271082專利案中進一步提到一種機器碼驗證,亦即,藉由驗證一電腦中的MAC位址、CPU序號或其它硬體序號來確認該電腦是否為合法的用戶端電腦。台灣200709637專利案則提到驗證一SIM卡的卡號。又台灣201135619專利案還提到證驗行動通信國際識別碼(IMEI)。On the issue of enhancing the security of identity verification, the Taiwan I271082 patent case further mentions a machine code verification, that is, by verifying the MAC address, CPU serial number or other hardware serial number in a computer to confirm whether the computer is For legitimate client computers. Taiwan's 200709637 patent case mentions verifying the card number of a SIM card. The Taiwan 201135619 patent case also refers to the International Code of Conduct for Authentication (IMEI).

此外,在台灣201021498還提到將一驗證碼轉換成QR碼(Quick Response Code),而台灣201135619則提到藉由一可攜式電子裝置拍攝及解譯一使用者憑證卡(信用卡)上的QR碼,並將解譯結果(使用者身份資料及信用卡卡號)提交到一電子交易終端,日本JP2008146363A、JP2009064400A等專利案中亦提及類似的技術內容。In addition, Taiwan 201021498 also mentioned converting a verification code into a QR code (Quick Response Code), while Taiwan 201135619 mentioned shooting and interpreting a user certificate card (credit card) by a portable electronic device. The QR code and the interpretation result (user identity data and credit card number) are submitted to an electronic transaction terminal, and similar technical contents are also mentioned in Japanese JP2008146363A, JP2009064400A and other patent cases.

使用上述通訊鎖作為第二層身份驗證的主要問題在於必需付出更多的成本,例如,網站的建置者需要花費高額費用向電話服務業者租用電話線路與建立能夠撥打及接收電話或簡訊的電信設備,而使用者每次登錄該網站則需要花費撥打電話或簡訊的費用。The main problem with using the above communication locks as Layer 2 authentication is that more costs are required. For example, website builders need to pay high fees to rent telephone lines to telephone service providers and establish telecommunications that can make and receive calls or text messages. Device, and the user has to pay for a call or text message each time they log in to the site.

本發明之使用QR Code的身份驗證方法及其系統,可有效解決上述問題,且安全性高而能有效防止帳號密碼被盜用。The QR Code authentication method and system thereof of the present invention can effectively solve the above problems, and the security is high, and the account password can be effectively prevented from being stolen.

更詳而言之,本發明之使用QR Code的身份驗證方法,係用於驗證一用戶端電腦,以決定該用戶端電腦是否能取用一網路端電腦設備所提供的網路服務。該服務端電腦設備的一資料庫中係儲存有一或多筆用戶的用戶資料,每一筆用戶資料都包含有一合法用戶的一帳號、一密碼及一解鎖碼。該方法首先對來自該用戶端電腦的一帳號及一密碼進行第一重驗證,並在驗證通過之後,根據對應該用戶端電腦的用戶資料中的一解鎖碼產生一QR Code,及將該QR Code回傳給該用戶端電腦。此時,該用戶端電腦的用戶可使用一解鎖裝置(行動電話)拍攝及解譯該用戶端電腦上的QR Code,並將從該QR Code解譯出來的解鎖碼傳送給該服務端電腦設備以進行第二重驗證。當從該QR Code解譯出來的解鎖碼係相同於該用戶資料中的解鎖碼時,即表示驗證通過,此時即解除該用戶資料的帳號及密碼的鎖定狀態,以使該用戶端電腦可取用該網路端電腦設備所提供的網路服務。More specifically, the QR Code authentication method of the present invention is used to verify a client computer to determine whether the client computer can access a network service provided by a network computer device. The database of the server computer device stores one or more user data of the user, and each user data includes an account, a password and an unlock code of a legitimate user. The method first performs a first re-authentication on an account number and a password from the client computer, and after verification, generates a QR Code according to an unlock code in the user profile corresponding to the client computer, and the QR code Code is passed back to the client computer. At this time, the user of the client computer can use an unlocking device (mobile phone) to capture and interpret the QR Code on the client computer, and transmit the unlock code decoded from the QR Code to the server device. For the second verification. When the unlock code decoded from the QR Code is the same as the unlock code in the user profile, the verification is passed, and the unlocked state of the account and password of the user profile is released, so that the client computer can be obtained. Use the network services provided by the network computer device.

較佳地,該解鎖碼係為該用戶端電腦的用戶的一行動電話中的IMEI碼、根據該IMEI碼隨機演算而成的一隨機碼、或此二者之組合。Preferably, the unlock code is an IMEI code in a mobile phone of a user of the client computer, a random code calculated according to the IMEI code, or a combination of the two.

又本發明還提供一種實施上述方法的網路系統,其包括上述的服務端電腦設備、用戶端電腦與解鎖裝置。其中,該服務端電腦設備安裝有一驗證程式,並能依據該驗證程式的指令執行上述的方法。該解鎖裝置安裝有一QR Code解譯程式,並能依據該QR Code解譯程式的指令執行拍攝及解譯該方法中所產生的QR Code之步驟。The invention also provides a network system for implementing the above method, which comprises the above server computer device, a client computer and an unlocking device. The server computer device is installed with a verification program, and can execute the above method according to the instructions of the verification program. The unlocking device is provided with a QR Code interpreter and can perform the steps of photographing and interpreting the QR Code generated in the method according to the instruction of the QR Code interpreter.

較佳地,該解鎖裝置係經由該網際網路自動回傳從該QR Code所解譯出來的該解鎖碼給該服務端電腦設備。Preferably, the unlocking device automatically returns the unlock code decoded from the QR Code to the server computer device via the Internet.

較佳地,該服務端電腦設備還安裝一註冊碼產生程式,該服務端電腦設備依據該註冊碼程式的指令執行一註冊碼產生方法,該方法係先驗證來自該用戶端電腦的一帳號及一密碼,並在驗證通過之後,將來自該用戶端電腦的一解鎖碼寫入該資料庫作為該用戶資料中的解鎖碼,根據該用戶資料中的解鎖碼產生一註冊碼,及傳送該註冊碼至該用戶端電腦。其中該解鎖碼係為一IMEI碼,且此一註冊碼可用來驗證該解鎖裝置中的QR Code解譯程式。Preferably, the server computer device further installs a registration code generation program, and the server computer device executes a registration code generation method according to the instruction of the registration code program, and the method first verifies an account number from the user terminal computer and a password, and after the verification is passed, an unlock code from the client computer is written into the database as an unlock code in the user profile, a registration code is generated according to the unlock code in the user profile, and the registration is transmitted. Code to the client computer. The unlock code is an IMEI code, and the registration code can be used to verify the QR Code interpreter in the unlocking device.

本發明提供一種QR Code解譯程式供安裝於該解鎖裝置,該 QR Code解譯程式係具有一註冊碼驗證模組,該解鎖裝置在啟動該QR Code解譯程式時,會在執行一拍攝及解譯QR Code之步驟之前,先依據該註冊碼驗證模組的指令執行一註冊碼驗證方法,該方法會根該解鎖裝置中的IMEI碼產生一本地註冊碼,並驗證上述的註冊碼是否相同於該本地註冊碼,一旦通過驗證,就令該QR Code解譯程式於下次被啟動時直接執行拍攝及解譯QR Code之步驟,不再優先執行該註冊碼驗證方法。The present invention provides a QR Code interpreter for installing the unlocking device. The QR Code interpreting program has a registration code verification module, and the unlocking device performs a shooting when the QR Code interpreting program is started. Before the step of interpreting the QR Code, a registration code verification method is executed according to the instruction of the registration code verification module, and the method generates a local registration code based on the IMEI code in the unlocking device, and verifies whether the registration code is the same. After the local registration code is verified, the QR Code interpreter directly performs the steps of shooting and interpreting the QR Code at the next startup, and the registration verification method is no longer prioritized.

本發明還提供另一種QR Code解譯程式,供安裝該解鎖裝置,該另一種QR Code解譯程式係具有一註冊模組,該解鎖裝置啟動該另一種QR Code解譯程式時,會在執行一拍攝及解譯QR Code之步驟之前先依據該註冊模組的指令執行一註冊方法。該方法會先將一帳號、一密碼及該解鎖裝置的IMEI碼傳送給該服務端電腦設備進行註冊驗證,並在接收到來自該服務端電腦設備之一註冊成功訊息時,令該QR Code解譯程式於下次被啟動時直接執行拍攝及解譯QR Code之步驟,不再優先執行該註冊方法。The present invention also provides another QR Code interpreter for installing the unlocking device. The other QR Code interpreting program has a registration module, and the unlocking device executes when the other QR Code interpreting program is started. Before the step of taking and interpreting the QR Code, a registration method is executed according to the instructions of the registration module. The method first transmits an account number, a password and an IMEI code of the unlocking device to the server computer device for registration verification, and when the registration success message is received from the server device, the QR Code is solved. The translation program directly performs the steps of shooting and interpreting the QR Code the next time it is launched, and the registration method is no longer prioritized.

較佳地,該服務端電腦設備安裝有一註冊驗證程式,且在接收到於該解鎖裝置所傳送的該帳號、密碼及IMEI碼之後,就開始依據該註冊驗證程式的指令執行該註冊驗證方法,該方法係先驗證來自該解鎖裝置傳來的帳號及密碼,並在通過驗證之後,將來自該解鎖裝置的IMEI碼寫入該資料庫作為該用戶資料中的解鎖碼,並回傳上述之註冊成功訊息給該解鎖裝置。Preferably, the server computer device is installed with a registration verification program, and after receiving the account number, password and IMEI code transmitted by the unlocking device, the registration verification method is executed according to the instruction of the registration verification program. The method first verifies the account number and password sent from the unlocking device, and after passing the verification, writes the IMEI code from the unlocking device into the database as the unlocking code in the user data, and returns the above registration. A success message is given to the unlocking device.

至於本發明的其它發明內容與更詳細的技術及功能說明,將揭露於隨後的說明。Other inventive aspects and more detailed technical and functional descriptions of the present invention are disclosed in the following description.

第一圖的方塊圖係顯示本發明系統的一個較佳實施例,該系統至少包括藉由網際網路9鏈結的一服務端電腦設備1、一用戶端電腦2與一解鎖裝置3。該服務端電腦設備1可由一或多台電腦所構成,並安裝有用以產生一網路服務所需要的作業系統(OS)、資料庫及相關程式。該些電腦較佳是選用伺服器等級的電腦。該網路服務較佳是一線上遊戲服務,但不以此為限。該用戶端電腦2可為一桌上型電腦、平板電腦、智慧型手機、筆記型電腦、或是其它可透過該網際網路9鏈結到該服務端電腦設備1的電子裝置。The block diagram of the first diagram shows a preferred embodiment of the system of the present invention, the system comprising at least a server computer device 1, a client computer 2 and an unlocking device 3 linked by the Internet 9. The server computer device 1 can be composed of one or more computers and installs an operating system (OS), a database, and related programs necessary for generating a network service. Preferably, the computers are server-class computers. The web service is preferably an online game service, but not limited to this. The client computer 2 can be a desktop computer, a tablet computer, a smart phone, a notebook computer, or other electronic device that can be linked to the server computer device 1 through the Internet.

該服務端電腦設備1的一資料庫10中係儲存有一或多筆用戶的用戶資料100,每一筆用戶資料100都包含有一合法用戶的一帳號101、一密碼102、一解鎖碼103及其它跟該合法用戶身份相關的資料。較佳地,該解鎖碼103係為該合法用戶的一行動電話的IMEI碼 (行動通信國際識別碼International Mobile Equipment Identity number)。此外,該解鎖碼103還可以是根據該IMEI碼隨機演算而成的一隨機碼、或該IMEI碼與該隨機碼之組合。The database 10 of the server device 1 stores one or more user data 100 of the user. Each user profile 100 includes an account 101, a password 102, an unlock code 103, and the like of a legitimate user. Information related to the legal user identity. Preferably, the unlock code 103 is an IMEI code (International Mobile Equipment Identity number) of a mobile phone of the legitimate user. In addition, the unlock code 103 may also be a random code randomly calculated according to the IMEI code, or a combination of the IMEI code and the random code.

當一新用戶欲取得該網路服務時,需依一既定的申請程序向該服務端電腦設備1提出申請,一旦完成申請,此一新用戶的用戶資料100即被寫入該資料庫10中。其中,該新用戶如果有進一步向該服務端電腦設備1申請一帳號鎖定服務,則其帳號101及密碼102是處於鎖定狀態,這表示日後需要藉其解鎖碼103才能予以解除鎖定,經解除鎖定的該帳號101及密碼102才能用於登入該服務端電腦設備1。其中,該解鎖碼103可在前述申請帳號鎖定服務的過程中,藉由該新用戶的手動輸入操作而寫入該資料庫10中,然而,也可以保留在執行第三圖所示的步驟S24時才寫入該資料庫10中,此容後再述。When a new user wants to obtain the network service, the application is submitted to the server device 1 according to an established application procedure. Once the application is completed, the user profile 100 of the new user is written into the database 10. . If the new user applies for an account lockout service to the server device 1, the account 101 and the password 102 are locked, which means that the unlock code 103 needs to be unlocked in the future to be unlocked. The account 101 and password 102 can be used to log in to the server device 1. The unlock code 103 may be written into the database 10 by the manual input operation of the new user in the process of applying for the account lock service. However, the unlock code 103 may be retained in the step S24 shown in the third figure. This is written into the database 10, which will be described later.

該服務端電腦設備1的一驗證伺服器11中還安裝有一驗證程式110,該驗證伺服器11依據該驗證程式110中的指令執行一使用QR Code的身份驗證方法。任一鏈結到該服務端電腦設備1的用戶端電腦2,必需先通過該方法所安排的身份驗證機制之後,才會被允許取得該網路服務。A verification program 110 is also installed in a verification server 11 of the server computer device 1. The verification server 11 executes an identity verification method using the QR Code according to the instructions in the verification program 110. Any client computer 2 linked to the server device 1 of the server device must be authenticated by the method and then allowed to obtain the network service.

該解鎖裝置3係為該用戶所擁有的一電腦裝置或電話裝置,其至少具有拍攝並解譯一QR Code的功能,例如具有照相功能且安裝有一QR Code解譯程式的智慧型手機或平板電腦。由於該解鎖裝置3可依據該QR Code解譯程式的指令執行執行拍攝及解譯一QR Code之步驟,因此,該用戶可以使用它來拍攝及解譯上述身份驗證方法執行過程中所產生的一QR Code。更詳而言之,如第二圖所示,該方法包括:The unlocking device 3 is a computer device or a telephone device owned by the user, and has at least a function of capturing and interpreting a QR Code, such as a smart phone or tablet having a camera function and having a QR Code interpreter installed thereon. . Since the unlocking device 3 can perform the steps of performing shooting and interpreting a QR Code according to the instruction of the QR Code interpreter, the user can use it to capture and interpret one of the above-mentioned authentication methods. QR Code. In more detail, as shown in the second figure, the method includes:

步驟S11:經由該網際網路9接收來自該用戶端電腦2的一帳號及一密碼。Step S11: Receive an account number and a password from the client computer 2 via the Internet 9.

步驟S12:比對該帳號及密碼是否分別相同於該資料庫10中其中一筆用戶資料100的帳號101及密碼102?Step S12: Is the account number and the password equal to the account number 101 and the password 102 of one of the user profiles 100 in the database 10?

步驟S13:當比對結果為「否」時,表示該用戶端電腦2的用戶為一非法用戶,此時,即經由該網際網路9回傳用以表示驗證失敗之一訊息給該用戶端電腦2。Step S13: When the comparison result is “No”, it indicates that the user of the client computer 2 is an illegal user, and at this time, a message indicating that the verification is failed is sent back to the client via the Internet 9 Computer 2.

步驟S14:當比對結果為「是」時,將該其中一筆用戶資料100的解鎖碼103及該驗證伺服器11的網址轉換成一QR Code。較佳地,也可以只是單獨將該其中一筆用戶資料100的解鎖碼103轉換成一QR Code,此時,安裝於該解鎖裝置3的QR Code解譯程式中需記錄有該驗證伺服器11的網址。Step S14: When the comparison result is YES, the unlock code 103 of one piece of user data 100 and the website address of the verification server 11 are converted into a QR Code. Preferably, the unlock code 103 of one of the user profiles 100 can be converted into a QR Code separately. At this time, the URL of the verification server 11 needs to be recorded in the QR Code interpreter installed in the unlocking device 3. .

步驟S15:經由該網際網路9傳送該QR Code至該用戶端電腦2。Step S15: The QR Code is transmitted to the client computer 2 via the Internet 9.

當該用戶端電腦2接收到來自該驗證伺服器11的該QR Code時,該用戶可使用該解鎖裝置3拍攝及解譯顯示在該用戶端電腦2的顯示器上的該QR Code,然後將該解鎖裝置3所解譯出來的解鎖碼回傳給該驗證伺服器11。回傳的方式有二,一種是由該解鎖裝置3經由該網際網路9自動回傳,另一種是當該解鎖裝置3不具備自動回傳的功能時,由該用戶觀看該解鎖裝置3所顯示的解譯結果,以手動方式將所解譯出來的結果,即該解鎖碼或是該解碼鎖及網址,輸入該用戶端電腦2,由該用戶端電腦2將所解譯出來的解鎖碼回傳給該驗證伺服器11。When the client computer 2 receives the QR Code from the verification server 11, the user can use the unlocking device 3 to capture and interpret the QR Code displayed on the display of the client computer 2, and then The unlock code decoded by the unlocking device 3 is transmitted back to the verification server 11. There are two ways of returning, one is automatically returned by the unlocking device 3 via the Internet 9, and the other is that when the unlocking device 3 does not have the function of automatic returning, the unlocking device 3 is viewed by the user. The result of the interpretation is displayed, and the decoded result, that is, the unlock code or the decoding lock and the website address, is manually input into the client computer 2, and the unlock code decoded by the client computer 2 is interpreted. It is passed back to the verification server 11.

通常,該驗證伺服器11會賦予該QR Code一段存活時間,該用戶必需在該段存活時間之內,根據該解鎖裝置3對該QR Code的解譯結果將所解譯出來的解鎖碼回傳給該驗證伺服器11,逾時,則該驗證伺服器11即不再理會該QR Code。此時,該用戶只能透過該用戶端電腦2鏈結該服務端電腦設備1,並再次傳送一帳號及一密碼,才能使該服務端電腦設備1的該驗證伺服器11依循上述過程傳送新的QR Code給該用戶端電腦2。Generally, the verification server 11 gives the QR Code a survival time, and the user must return the unlocked code decoded according to the interpretation result of the QR Code by the unlocking device 3 within the survival time of the segment. When the verification server 11 expires, the verification server 11 ignores the QR Code. At this time, the user can only link the server computer device 1 through the client computer 2, and transmit an account and a password again, so that the authentication server 11 of the server device 1 can transmit the new process according to the above process. The QR Code is given to the client computer 2.

接著,繼續執行以下步驟。Then proceed to the following steps.

步驟S16:經由該網際網路9接收從該QR Code解譯出來的該解鎖碼。Step S16: The unlock code decoded from the QR Code is received via the Internet 9.

步驟S17:比對從該QR Code解譯出來的該解鎖碼是否相同於該資料庫10中其中一筆用戶資料100的解鎖碼103。Step S17: Align whether the unlock code decoded from the QR Code is the same as the unlock code 103 of one of the user profiles 100 in the database 10.

步驟S18:當比對結果為「否」時,經由該網際網路9回傳用以表示解鎖失敗之一訊息給該用戶端電腦2,並繼續維持該其中一筆用戶資料100的帳號101及密碼102的鎖定狀態,以使該服務端電腦設備1拒絕提供該網路服務給該用戶端電腦2。Step S18: When the comparison result is "No", a message indicating that the unlocking failure is sent to the client computer 2 is returned via the Internet 9, and the account 101 and password of the one of the user profiles 100 are maintained. The locked state of 102 is such that the server computer device 1 refuses to provide the network service to the client computer 2.

步驟S19:當比對結果為「是」時,解除該其中一筆用戶資料100的帳號101及密碼102的鎖定狀態,以使該服務端電腦設備1提供該網路服務給該用戶端電腦2。Step S19: When the comparison result is "Yes", the locked state of the account 101 and the password 102 of the one of the user profiles 100 is released, so that the server computer device 1 provides the network service to the client computer 2.

從上述說明可知,本發明系統具備驗證帳號密碼之第一重驗證機制及驗證一解鎖碼(IMEI碼)之第二重驗證機制,且該第二重驗證機制中的解鎖碼係以QR Code的形式回傳給被驗證者,因此,本發明系統不但具有高安全性而能有效防止非法用戶侵入,且系統中的服務提供者無需租用電話線路與建立電信設備,系統中的用戶也不需要為了取用網路服務而額外花費撥打電話或簡訊的費用。As can be seen from the above description, the system of the present invention has a first re-authentication mechanism for verifying an account password and a second re-authentication mechanism for verifying an unlock code (IMEI code), and the unlock code in the second re-authentication mechanism is a QR Code. The form is transmitted back to the verified person. Therefore, the system of the present invention not only has high security but can effectively prevent illegal user intrusion, and the service provider in the system does not need to rent a telephone line and establish a telecommunication device, and the user in the system does not need to The cost of making a phone call or text message is extra for accessing the web service.

此外,本發明提供了兩種第三重驗證機制來進一步提高系統的安全性,其中一種主要是針對沒有具備鏈結網路功能的解鎖裝置3而設計,另一種則是針對具備鏈結網路功能的解鎖裝置3而設計,茲分述於以下之本發明另一較佳實施例及再一較佳實施例。請參閱第一圖,在本發明的另一較佳實施例中,該服務端電腦設備1中還安裝一註冊碼產生程式111(可選擇安裝於該驗證伺服器11或另一台伺服器),而該解鎖裝置3中的QR Code解譯程式則進一步包括一註冊模組。該服務端電腦設備1依據該註冊碼產生程式111的指令執行一註冊碼產生方法,如第三圖所示,該方法包括:In addition, the present invention provides two third re-authentication mechanisms to further improve the security of the system, one of which is mainly designed for the unlocking device 3 without the link network function, and the other is for the network with the link. The functional unlocking device 3 is designed to be further described in the following further preferred embodiments and further preferred embodiments of the present invention. Referring to the first figure, in another preferred embodiment of the present invention, the server computer device 1 further includes a registration code generating program 111 (optionally installed on the verification server 11 or another server). The QR Code interpreter in the unlocking device 3 further includes a registration module. The server device 1 executes a registration code generation method according to the instruction of the registration code generation program 111. As shown in the third figure, the method includes:

步驟S21:經由該網際網路9接收來自該用戶端電腦2的一帳號、一密碼及一解鎖碼。這些資料是由該用戶端電腦2的用戶手動輸入後傳送給該該服務端電腦設備1的。Step S21: Receive an account, a password and an unlock code from the client computer 2 via the Internet 9. The data is manually input by the user of the client computer 2 and transmitted to the server computer device 1.

步驟S22:比對該帳號及密碼是否分別相同於該資料庫10中其中一筆用戶資料100的帳號101及密碼102?Step S22: Is the account number and password equal to the account number 101 and password 102 of one of the user profiles 100 in the database 10?

步驟S23:當比對結果為「否」時,表示該用戶端電腦2的用戶為一非法用戶,此時,即經由該網際網路9回傳用以表示認證失敗之一訊息給該用戶端電腦2。Step S23: When the comparison result is "No", it indicates that the user of the client computer 2 is an illegal user, and at this time, a message indicating that the authentication failed is returned to the client via the Internet 9 Computer 2.

步驟S24:當比對結果為「是」時,將該解鎖碼寫入該資料庫10作為該其中一筆用戶資料100中的解鎖碼103;Step S24: When the comparison result is "Yes", the unlock code is written into the database 10 as the unlock code 103 in the piece of user data 100;

步驟S25:根據該其中一筆用戶資料100中的解鎖碼103產生一註冊碼;Step S25: generating a registration code according to the unlock code 103 in the piece of user data 100;

步驟S26:經由該網際網路9傳送該註冊碼至該用戶端電腦2。Step S26: The registration code is transmitted to the client computer 2 via the Internet 9.

接著,該用戶端電腦2的用戶就可以使用該註冊碼來「驗證」該解鎖裝置3上的QR Code解譯程式。更詳而言之,上述步驟S24中的解鎖碼103係為一IMEI碼,且該解鎖裝置在啟動該QR Code解譯程式時,會在上面述及之「拍攝及解譯該QR Code之步驟」之前先依據該註冊碼驗證模組的指令執行一註冊碼驗證方法,如第四圖所示,該方法包括:Then, the user of the client computer 2 can use the registration code to "verify" the QR Code interpreter on the unlocking device 3. In more detail, the unlock code 103 in the above step S24 is an IMEI code, and the unlocking device, when the QR Code interpreter is started, will follow the steps of “taking and interpreting the QR Code”. Before executing the registration code verification method according to the instruction of the registration code verification module, as shown in the fourth figure, the method includes:

步驟S31:接收由該用戶所輸入的該註冊碼。Step S31: Receive the registration code input by the user.

步驟S32:讀取該解鎖裝置3中的一IMEI碼。Step S32: Reading an IMEI code in the unlocking device 3.

步驟S33:根據所讀取到的該IMEI碼產生一本地註冊碼。由於產生該本地註冊碼的機制係相同於上述步驟25之產生該註冊碼的機制,因此,只要所讀到的該IMEI碼相同於步驟25中的解鎖碼103(IMEI碼),則於本步驟所產生出來的本地註冊碼就應該會相同於步驟S31中所接收的該註冊碼。Step S33: Generate a local registration code according to the read IMEI code. Since the mechanism for generating the local registration code is the same as the mechanism for generating the registration code in step 25 above, as long as the IMEI code read is the same as the unlock code 103 (IMEI code) in step 25, then this step is performed. The generated local registration code should be identical to the registration code received in step S31.

步驟S34:比對所接收到該註冊碼是否相同於該本地註冊碼;Step S34: comparing whether the registration code received is the same as the local registration code;

步驟S35:當比對結果為「否」時,令該QR Code解譯程式於下次被啟動時仍只優先執行該註冊碼驗證方法;或者,主動移除該QR Code解譯程式;或者,使該該QR Code解譯程式無法再被啟動;Step S35: When the comparison result is "No", the QR Code interpreter is only preferentially executed when the next time the program is started; or, the QR Code interpreter is actively removed; or, Making the QR Code interpreter no longer available;

步驟S36:當比對結果為「否」時,令該QR Code解譯程式於下次被啟動時直接執行拍攝及解譯該QR Code之步驟,不再優先執行該註冊碼驗證方法。Step S36: When the comparison result is “No”, the QR Code interpreter is directly executed to perform the process of capturing and interpreting the QR Code at the next startup, and the registration code verification method is no longer preferentially executed.

從上述該另一較佳實施例的說明中可知,本發明系統還進行了第三重驗證,其藉由該服務端電腦設備1根據該解鎖碼103(IMEI碼)所產生的該註冊碼來決定該解鎖裝置3(可不具備鏈結網路功能)上的QR Code解譯程式是否能被執行用於拍攝及解譯一QR Code。此舉當然可更進一步地提高整個系統的安全性。As can be seen from the description of the other preferred embodiment, the system of the present invention also performs a third re-verification by the server computer device 1 according to the registration code generated by the unlock code 103 (IMEI code). It is determined whether the QR Code interpreter on the unlocking device 3 (which may not have the link network function) can be executed for capturing and interpreting a QR Code. This will of course further improve the security of the entire system.

請再參閱第一圖,在本發明的再一較佳實施例中,該服務端電腦設備1中還安裝一註冊驗證程式112(可選擇安裝於該驗證伺服器11或另一台伺服器),而該解鎖裝置3中的QR Code解譯程式則進一步包括一註冊模組。Referring to the first figure, in another preferred embodiment of the present invention, the server computer device 1 further includes a registration verification program 112 (optionally installed on the verification server 11 or another server). The QR Code interpreter in the unlocking device 3 further includes a registration module.

更詳而言之,該解鎖裝置3在啟動該QR Code解譯程式時,會在上面述及之「拍攝及解譯該QR Code之步驟」之前先依據該註冊模組的指令執行一種註冊方法,如第五圖所示,該方法包括:In more detail, when the QR Code interpreter is activated, the unlocking device 3 performs a registration method according to the instruction of the registration module before the "step of capturing and interpreting the QR Code" described above. As shown in the fifth figure, the method includes:

步驟S41:接收由該用戶所輸入的一帳號及一密碼。Step S41: Receive an account number and a password input by the user.

步驟S42:讀取該該解鎖裝置3中的一IMEI碼。Step S42: Read an IMEI code in the unlocking device 3.

步驟S43:將所接收到的該帳號、密碼及所讀取到的該IMEI碼經由該網際網路9傳送到該服務端電腦設備1進行註冊驗證(此容後再述)。Step S43: The received account number, password and the read IMEI code are transmitted to the server computer device 1 via the Internet 9 for registration verification (described later).

步驟S44:在接收到來自該服務端電腦設備1之一註冊成功訊息時,令該QR Code解譯程式於下次被啟動時直接執行上述「拍攝及解譯該QR Code之步驟」,不再優先執行該註冊方法。相對的,如果所收到是一註冊失敗訊息時,則令該QR Code解譯程式於下次被啟動時仍只優先執行該註冊方法;或者,主動移除該QR Code解譯程式;或者,使該該QR Code解譯程式無法再被啟動。Step S44: When receiving the registration success message from the server computer device 1, the QR Code interpreter is directly executed to perform the above “step of shooting and interpreting the QR Code”, The registration method is executed first. In contrast, if the received registration failure message is sent, the QR Code interpreter will only preferentially execute the registration method when it is started next time; or, actively remove the QR Code interpreter; or, The QR Code interpreter can no longer be launched.

其中,該服務端電腦設備1在接收到於該解鎖裝置3於該步驟S43所傳送的資料之後,就開始依據該註冊驗證程式112執行一註冊驗證方法,如第六圖所示,該方法包括:After receiving the data transmitted by the unlocking device 3 in the step S43, the server computer device 1 starts to perform a registration verification method according to the registration verification program 112. As shown in the sixth figure, the method includes :

步驟S51:接收該解鎖裝置3傳來的該帳號、密碼及IMEI碼。Step S51: Receive the account number, password and IMEI code transmitted by the unlocking device 3.

步驟S52:比對所接收到的該帳號及密碼是否分別相同於該資料庫10中其中一筆用戶資料100的帳號101及密碼102。Step S52: Align whether the received account number and password are the same as the account number 101 and the password 102 of one of the user profiles 100 in the database 10.

步驟S53:當比對結果為「否」時,即經由該網際網路9回傳用以表示註冊失敗訊息給該解鎖裝置3。Step S53: When the comparison result is "No", the registration failure message is sent back to the unlocking device 3 via the Internet 9.

步驟S54:當比對結果為「是」時,將所接收到的該IMEI碼寫入該資料庫10作為該其中一筆用戶資料100中的解鎖碼103,並回傳用以該註冊成功訊息給該解鎖裝置3。Step S54: When the comparison result is “Yes”, the received IMEI code is written into the database 10 as the unlock code 103 in the one of the user profiles 100, and is returned to the registration success message. The unlocking device 3.

從上述該再一較佳實施例的說明中可知,本發明系統進行了第三重驗證,其藉由該服務端電腦設備1驗證該解鎖裝置3的IMEI碼之方式來決定該解鎖裝置3(具備鏈結網路功能)上的QR Code解譯程式是否能被執行用於拍攝及解譯一QR Code。這當然會提高整個系統的安全性。As can be seen from the above description of the further preferred embodiment, the system of the present invention performs a third verification that determines the unlocking device 3 by means of the manner in which the server computer device 1 verifies the IMEI code of the unlocking device 3 ( Whether the QR Code interpreter on the link network function can be executed to capture and interpret a QR Code. This of course will improve the security of the entire system.

無論如何,任何人都可以從上述說明獲得足夠教導,並據而了解本發明內容確實不同於先前技術,且具有產業上之利用性,及足具進步性。是本發明確已符合專利要件,爰依法提出申請。In any event, anyone can obtain sufficient teaching from the above description, and it is understood that the present invention is indeed different from the prior art, and is industrially usable and progressive. It is the invention that has indeed met the patent requirements and has filed an application in accordance with the law.

1...服務端電腦設備1. . . Server computer equipment

10...資料庫10. . . database

100...用戶資料100. . . user information

101...帳號101. . . account number

102...密碼102. . . password

103...解鎖碼103. . . Unlock code

11...驗證伺服器11. . . Authentication server

110...驗證程式110. . . Verifier

111...註冊碼產生程式111. . . Registration code generation program

112...註冊碼驗證程式112. . . Registration code verification program

2...用戶端電腦2. . . Client computer

3...解鎖裝置3. . . Unlocking device

9...網際網路9. . . Internet

第一圖,係本發明的系統方塊圖。The first figure is a block diagram of the system of the present invention.

第二圖中的流程圖係用以說明本發明使用QR Code的身份驗證方法。The flowchart in the second figure is for explaining the authentication method using the QR Code of the present invention.

第三圖中的流程圖係用以說明本發明之註冊碼產生方法。The flowchart in the third figure is for explaining the registration code generation method of the present invention.

第四圖中的流程圖係用以說明本發明之註冊碼驗證方法。The flowchart in the fourth figure is for explaining the registration code verification method of the present invention.

第五圖中的流程圖係用以說明本發明之註冊方法。The flowchart in the fifth figure is for explaining the registration method of the present invention.

第六圖中的流程圖係用說明本發明之註冊驗證方法。The flowchart in the sixth diagram illustrates the registration verification method of the present invention.

1...服務端電腦設備1. . . Server computer equipment

10...資料庫10. . . database

100...用戶資料100. . . user information

101...帳號101. . . account number

102...密碼102. . . password

103...解鎖碼103. . . Unlock code

11...驗證伺服器11. . . Authentication server

110...驗證程式110. . . Verifier

111...註冊碼產生程式111. . . Registration code generation program

112...註冊碼驗證程式112. . . Registration code verification program

2...用戶端電腦2. . . Client computer

3...解鎖裝置3. . . Unlocking device

9...網際網路9. . . Internet

Claims (11)

一種使用QR Code的身份驗證方法,係運用於一服務端電腦設備的一驗證伺服器,用以決定一用戶端電腦是否能取用該服務端電腦設備所提供的網路服務,該服務端電腦設備的一資料庫中係儲存有一或多筆用戶的用戶資料,每一筆用戶資料都包含有一用戶的一帳號、一密碼及一解鎖碼,該方法包括:
經由該網際網路接收來自該用戶端電腦的一帳號及一密碼;
比對該帳號及密碼是否分別相同於該資料庫中其中一筆用戶資料的帳號及密碼;
當比對結果為「否」時,經由該網際網路回傳用以表示驗證失敗之一訊息給該用戶端電腦;
當比對結果為「是」時,將該其中一筆用戶資料的解鎖碼轉換成一QR Code;
經由該網際網路傳送該QR Code至該用戶端電腦;
經由該網際網路接收從該QR Code解譯出來的解鎖碼;
比對從該QR Code解譯出來的解鎖碼是否相同於該資料庫中其中一筆用戶資料的解鎖碼;
當比對結果為「否」時,經由該網際網路回傳用以表示解鎖失敗之一訊息給該用戶端電腦,並繼續維持該其中一筆用戶資料的帳號及密碼的鎖定狀態;及
當比對結果為「是」時,解除該其中一筆用戶資料的帳號及密碼的鎖定狀態。An authentication method using QR Code, which is applied to a verification server of a server computer device for determining whether a client computer can access the network service provided by the server device, the server computer The user database of the device stores one or more user data of the user, and each user data includes an account, a password and an unlock code of the user, and the method includes:
Receiving an account and a password from the client computer via the internet;
Whether the account number and password are the same as the account number and password of one of the user data in the database;
When the comparison result is "No", a message indicating that the verification failed is sent back to the client computer via the Internet;
When the comparison result is "Yes", the unlock code of one of the user data is converted into a QR Code;
Transmitting the QR Code to the client computer via the internet;
Receiving an unlock code decoded from the QR Code via the internet;
Comparing whether the unlock code decoded from the QR Code is the same as the unlock code of one of the user data in the database;
When the comparison result is "No", a message indicating that the unlocking failure is sent to the client computer is returned via the Internet, and the lock state of the account and password of one of the user profiles is maintained; When the result is "Yes", the lock status of the account and password of one of the user data is released. 如申請專利範圍第1項所述的方法,其中該解鎖碼係為該用戶端電腦的用戶的一行動電話中的IMEI碼、根據該IMEI碼隨機演算而成的一隨機碼、或此二者之組合。The method of claim 1, wherein the unlocking code is an IMEI code in a mobile phone of a user of the client computer, a random code calculated according to the IMEI code, or both. The combination. 如申請專利範圍第1項所述的方法,其中於將該其中一筆用戶資料的解鎖碼轉換成該QR Code之步驟中,該其中一筆用戶資料的解鎖碼是跟該驗證伺服器的網址一起轉換成該QR Code。The method of claim 1, wherein in the step of converting the unlock code of one of the user data into the QR Code, the unlock code of one of the user data is converted together with the URL of the verification server. Into the QR Code. 一種網路系統,包括藉由網際網路鏈結的一服務端電腦設備、一用戶端電腦與一解鎖裝置,該服務端電腦設備係提供一網路服務,且具有安裝有一驗證程式之一驗證伺服器係及一資料庫,該資料庫中係儲存有一或多筆用戶的用戶資料,每一筆用戶資料都包含有一用戶的一帳號、一密碼及一解鎖碼,該驗證伺服器能依據該驗證程式的指令執行一使用QR Code的身份驗證方法,該方法包括:
經由該網際網路接收來自該用戶端電腦的一帳號及一密碼;
比對該帳號及密碼是否分別相同於該資料庫中其中一筆用戶資料的帳號及密碼;
當比對結果為「否」時,經由該網際網路回傳用以表示驗證失敗之一訊息給該用戶端電腦;
當比對結果為「是」時,將該其中一筆用戶資料的解鎖碼及該驗證伺服器的網址轉換成一QR Code;
經由該網際網路傳送該QR Code至該用戶端電腦;
經由該網際網路接收從該QR Code解譯出來的解鎖碼;
比對從該QR Code解譯出來的解鎖碼是否相同於該資料庫中其中一筆用戶資料的解鎖碼;
當比對結果為「否」時,經由該網際網路回傳用以表示解鎖失敗之一訊息給該用戶端電腦,並繼續維持該其中一筆用戶資料的帳號及密碼的鎖定狀態;及
當比對結果為「是」時,解除該其中一筆用戶資料的帳號及密碼的鎖定狀態;
其中,該解鎖裝置安裝有一QR Code解譯程式,並能依據該QR Code解譯程式的指令執行拍攝及解譯該QR Code之步驟。A network system includes a server computer device linked by an internet connection, a client computer and an unlocking device, wherein the server computer device provides a network service and has one of the verification programs installed to verify The server system and a database store one or more user data of the user, each user data includes an account, a password and an unlock code of the user, and the verification server can perform the verification according to the verification The program's instructions execute an authentication method using QR Code, which includes:
Receiving an account and a password from the client computer via the internet;
Whether the account number and password are the same as the account number and password of one of the user data in the database;
When the comparison result is "No", a message indicating that the verification failed is sent back to the client computer via the Internet;
When the comparison result is "Yes", the unlock code of one of the user data and the URL of the verification server are converted into a QR Code;
Transmitting the QR Code to the client computer via the internet;
Receiving an unlock code decoded from the QR Code via the internet;
Comparing whether the unlock code decoded from the QR Code is the same as the unlock code of one of the user data in the database;
When the comparison result is "No", a message indicating that the unlocking failure is sent to the client computer is returned via the Internet, and the lock state of the account and password of one of the user profiles is maintained; When the result is "Yes", the lock status of the account and password of one of the user data is released;
The unlocking device is installed with a QR Code interpreter and can perform the steps of capturing and interpreting the QR Code according to the instruction of the QR Code interpreter. 如申請專利範圍第4項所述的網路系統,該解鎖裝置還依據該QR Code解譯程式的指令執行以下步驟:
經由該網際網路自動回傳從該QR Code所解譯出來的該解鎖碼給該服務端電腦設備。For example, in the network system described in claim 4, the unlocking device performs the following steps according to the instruction of the QR Code interpreter:
The unlock code decoded from the QR Code is automatically returned to the server computer device via the Internet. 如申請專利範圍第4項所述的網路系統,該服務端電腦設備還安裝一註冊碼產生程式,該服務端電腦設備依據該註冊碼產生程式的指令執行一註冊碼產生方法,該方法包括:
經由該網際網路接收來自該用戶端電腦的一帳號、一密碼及一解鎖碼;
比對該帳號及密碼是否分別相同於該資料庫中其中一筆用戶資料的帳號及密碼;
當比對結果為「否」時,經由該網際網路回傳用以表示驗證失敗之一訊息給該用戶端電腦;
當比對結果為「是」時,將該解鎖碼寫入該資料庫作為該其中一筆用戶資料中的解鎖碼;
根據該其中一筆用戶資料中的解鎖碼產生一註冊碼;及
經由該網際網路傳送該註冊碼至該用戶端電腦。For example, in the network system described in claim 4, the server computer device further includes a registration code generating program, and the server computer device executes a registration code generating method according to the instruction of the registration code generating program, and the method includes :
Receiving an account, a password and an unlock code from the client computer via the internet;
Whether the account number and password are the same as the account number and password of one of the user data in the database;
When the comparison result is "No", a message indicating that the verification failed is sent back to the client computer via the Internet;
When the comparison result is "Yes", the unlock code is written into the database as an unlock code in the piece of user data;
Generating a registration code according to the unlock code in one of the user profiles; and transmitting the registration code to the client computer via the Internet. 如申請專利範圍第6項所述的網路系統,其中該其中一筆用戶資料的解鎖碼係為一IMEI碼,該QR Code解譯程式係具有一註冊碼驗證模組,該解鎖裝置在啟動該QR Code解譯程式時,會在拍攝及解譯該QR Code之步驟之前先依據該驗證模組的指令執行一註冊碼驗證方法,該方法包括:
接收由該用戶所輸入的該註冊碼;
讀取該解鎖裝置中一IMEI碼;
根據所讀取到該IMEI碼產生一本地註冊碼;
比對所接收到的該註冊碼是否相同於該本地註冊碼;及
當比對結果為「是」時,令該QR Code解譯程式於下次被啟動時直接執行拍攝及解譯該QR Code之步驟,不再優先執行該註冊碼驗證方法。The network system of claim 6, wherein the unlocking code of the one piece of user data is an IMEI code, and the QR Code interpreting program has a registration code verification module, and the unlocking device starts the When the QR Code interpreter is executed, a registration code verification method is executed according to the instruction of the verification module before the step of capturing and interpreting the QR Code, and the method includes:
Receiving the registration code entered by the user;
Reading an IMEI code in the unlocking device;
Generating a local registration code according to the read IMEI code;
Aligning whether the received registration code is the same as the local registration code; and when the comparison result is "Yes", causing the QR Code interpreter to directly perform shooting and interpreting the QR Code when it is started next time. In the step, the registration code verification method is no longer preferentially executed. 如申請專利範圍第4項所述的網路系統,其中該其中一筆用戶資料的解鎖碼係為一IMEI碼,該QR Code解譯程式係具有一註冊模組,該解鎖裝置在啟動該QR Code解譯程式時,會在拍攝及解譯該QR Code之步驟之前先依據該註冊模組的指令執行一註冊方法,該方法包括:
接收由該用戶所輸入的一帳號及一密碼;
讀取該該解鎖裝置的一IMEI碼;
將所接收到的該帳號、密碼及所讀取到的IMEI碼經由該網際網路傳送到該服務端電腦設備進行註冊驗證;及
在接收到來自該服務端電腦設備之一註冊成功訊息時,令該QR Code解譯程式於下次被啟動時直接執行拍攝及解譯該QR Code之步驟,不再優先執行該註冊方法。The network system of claim 4, wherein the unlock code of the one piece of user data is an IMEI code, and the QR Code interpreter has a registration module, and the unlocking device starts the QR Code. When interpreting the program, a registration method is executed according to the instructions of the registration module before the step of capturing and interpreting the QR Code, the method includes:
Receiving an account number and a password input by the user;
Reading an IMEI code of the unlocking device;
Receiving the received account number, password, and the read IMEI code to the server computer device via the Internet for registration verification; and upon receiving a registration success message from one of the server computer devices, The QR Code interpreter will directly perform the steps of shooting and interpreting the QR Code the next time it is launched, and the registration method will no longer be prioritized. 如申請專利範圍第8項所述的網路系統,該服務端電腦設備安裝有一註冊驗證程式,並依據該註冊驗證程式的指令執行一註冊驗證方法,該方法包括:
接收該解鎖裝置傳來的該帳號、密碼及IMEI碼;
比對所接收到的該帳號及密碼是否分別相同於該資料庫中其中一筆用戶資料的帳號及密碼;
當比對結果為「否」時,即經由該網際網路回傳用以表示註冊失敗訊息給該解鎖裝置;及
當比對結果為「是」時,則將該IMEI碼寫入該資料庫作為該其中一筆用戶資料中的解鎖碼,並回傳該註冊成功訊息給該解鎖裝置。For example, in the network system described in claim 8, the server computer device is installed with a registration verification program, and executes a registration verification method according to the instruction of the registration verification program, and the method includes:
Receiving the account number, password and IMEI code transmitted by the unlocking device;
Comparing whether the received account number and password are the same as the account number and password of one of the user data in the database;
When the comparison result is "No", the registration failure message is sent to the unlocking device via the Internet; and when the comparison result is "Yes", the IMEI code is written into the database. As the unlock code in one of the user profiles, the registration success message is returned to the unlocking device. 一種QR Code解譯程式,係供安裝於具有拍照功能且儲存有一IMEI碼的一解鎖裝置,該QR Code解譯程式係具有一註冊碼驗證模組,該解鎖裝置啟動該QR Code解譯程式時,會先依據該註冊碼驗證模組的指令執行一註冊碼驗證方法,該方法包括:
接收由該用戶所輸入的一註冊碼;
讀取該解鎖裝置中的IMEI碼;
根據所讀取到的該IMEI碼產生一本地註冊碼;
比對所接收到的該註冊碼是否相同於該本地註冊碼;及
當比對結果為「是」時,令該QR Code解譯程式於下次被啟動時直接執行拍攝及解譯一QR Code之步驟,不再優先執行該註冊碼驗證方法。A QR Code interpreting program for installing an unlocking device having a camera function and storing an IMEI code, the QR Code interpreting program having a registration code verification module, and the unlocking device starts the QR Code interpreting program A registration code verification method is first executed according to the instruction of the registration code verification module, and the method includes:
Receiving a registration code entered by the user;
Reading the IMEI code in the unlocking device;
Generating a local registration code according to the read IMEI code;
Comparing whether the received registration code is the same as the local registration code; and when the comparison result is "Yes", the QR Code interpreter is directly executed to perform shooting and interpretation of a QR Code when it is started next time. In the step, the registration code verification method is no longer preferentially executed. 一種QR Code解譯程式,係供安裝於具有拍照及鏈結網路功能且儲存有一IMEI碼的一解鎖裝置,該QR Code解譯程式係具有一註冊模組,該解鎖裝置啟動該QR Code解譯程式時,會先依據該註冊模組的指令執行一註冊方法,該方法包括:
接收由該用戶所輸入的一帳號及一密碼;
讀取該解鎖裝置中的IMEI碼;
將所接收到的該帳號、密碼及所讀取到的該IMEI碼經由該網際網路傳送到該服務端電腦設備進行註冊驗證;及
在接收到來自該服務端電腦設備之一註冊成功訊息時,令該QR Code解譯程式於下次被啟動時直接執行拍攝及解譯一QR Code之步驟,不再優先執行該註冊方法。A QR Code interpreting program for installing an unlocking device having a photo and link network function and storing an IMEI code, the QR Code interpreting program having a registration module, the unlocking device starting the QR Code solution When the program is translated, a registration method is first executed according to the instructions of the registration module, and the method includes:
Receiving an account number and a password input by the user;
Reading the IMEI code in the unlocking device;
Receiving the received account number, password and the read IMEI code via the Internet to the server computer device for registration verification; and upon receiving a registration success message from the server device In order to enable the QR Code interpreter to directly perform the steps of shooting and interpreting a QR Code at the next startup, the registration method is no longer prioritized.
TW101117593A 2012-05-17 2012-05-17 Identity verification method and system using QR code TW201349825A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW101117593A TW201349825A (en) 2012-05-17 2012-05-17 Identity verification method and system using QR code

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW101117593A TW201349825A (en) 2012-05-17 2012-05-17 Identity verification method and system using QR code

Publications (1)

Publication Number Publication Date
TW201349825A true TW201349825A (en) 2013-12-01

Family

ID=50157633

Family Applications (1)

Application Number Title Priority Date Filing Date
TW101117593A TW201349825A (en) 2012-05-17 2012-05-17 Identity verification method and system using QR code

Country Status (1)

Country Link
TW (1) TW201349825A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI569162B (en) * 2014-11-07 2017-02-01 中華國際通訊網路股份有限公司 Identity identification system and its implementing method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI569162B (en) * 2014-11-07 2017-02-01 中華國際通訊網路股份有限公司 Identity identification system and its implementing method

Similar Documents

Publication Publication Date Title
US8606234B2 (en) Methods and apparatus for provisioning devices with secrets
US20170353442A1 (en) Proximity-based authentication
US8468582B2 (en) Method and system for securing electronic transactions
US9485254B2 (en) Method and system for authenticating a security device
US8510811B2 (en) Network transaction verification and authentication
US20150222435A1 (en) Identity generation mechanism
KR101214836B1 (en) Authentication method and authentication system
US9602504B2 (en) Strong Authentication by presentation of a number
KR20170056566A (en) System and method for integrating an authentication service within a network architecture
US8973111B2 (en) Method and system for securing electronic transactions
JP4698751B2 (en) Access control system, authentication server system, and access control program
KR102116587B1 (en) Method and system using a cyber id to provide secure transactions
JP5317795B2 (en) Authentication system and authentication method
KR101619928B1 (en) Remote control system of mobile
US20220116390A1 (en) Secure two-way authentication using encoded mobile image
TW201349825A (en) Identity verification method and system using QR code
TWI466527B (en) System and method for generating a password according to an id code as well as a server of the system
TW201349824A (en) Identity verification method and system using device identifier
KR20150104667A (en) Authentication method
KR20120088236A (en) User authentification system for contents service and method thereof
Dressel et al. SecuriCast: zero-touch two-factor authentication using WebBluetooth
TWI450125B (en) A password generating method for indicating whether a service system has been logged in via the password by a third party, and a method for locking and unlocking service system, and an apparatus using the methods
Molla et al. Mobile User Authentication System for E-commerce Applications.
D’Alessandro et al. A Mechanism for e-Banking Frauds Prevention and User Privacy Protection
WO2013013367A1 (en) Method and device for authenticating identity of mobile terminal