TW202137032A - Dynamic password system and method for obtaining dynamic password - Google Patents
Dynamic password system and method for obtaining dynamic password Download PDFInfo
- Publication number
- TW202137032A TW202137032A TW109110345A TW109110345A TW202137032A TW 202137032 A TW202137032 A TW 202137032A TW 109110345 A TW109110345 A TW 109110345A TW 109110345 A TW109110345 A TW 109110345A TW 202137032 A TW202137032 A TW 202137032A
- Authority
- TW
- Taiwan
- Prior art keywords
- account
- information
- community
- real
- time password
- Prior art date
Links
Images
Landscapes
- Preparation Of Compounds By Using Micro-Organisms (AREA)
- Information Transfer Between Computers (AREA)
Abstract
Description
一種密碼系統,尤其是一種動態密碼系統。A cryptographic system, especially a dynamic cryptographic system.
在一些企業中,員工每日上班在開啟工作電腦時,需要登入企業內部的區域網路,使用內部區域網路中的資源或訊息,以進行個人的工作。每一個員工有其專屬的工作帳號與登入密碼,當登入內部區域網路後取得其部門權限或個人權限。In some companies, employees need to log in to the company's internal local network when they turn on their work computers every day when they go to work, and use the resources or messages in the internal local network to perform personal work. Each employee has his own work account and login password. After logging in to the intranet, he obtains his or her departmental authority or personal authority.
因此,為了確保內部區域網路的安全性,避免工作帳號被他人冒用,通常會建議員工定期變更登入密碼。然而,由於惰性,多數人在未發生意外前,並不會變更登入密碼,再者,反覆變更的密碼不易記憶,使用上非常不便。Therefore, in order to ensure the security of the internal local area network and avoid fraudulent use of work accounts by others, it is usually recommended that employees change their login passwords on a regular basis. However, due to inertia, most people will not change the login password before an accident occurs. Moreover, the password that is changed repeatedly is not easy to remember, and it is very inconvenient to use.
鑑於上述問題,本發明提供一種動態密碼系統包含帳號管理主機、服務主機以及聊天機器人帳號。帳號管理主機包含:帳號資料庫,包含複數帳號資訊,每帳號資訊包含社群帳號與即時密碼資訊;及動態密碼模組,依照變更規則變更每帳號資訊之即時密碼資訊。服務主機連接帳號管理主機,於接收社群帳號與詢問指令時,比對社群帳號是否存在於帳號資料庫,並依據詢問指令取得對應社群帳號的即時密碼資訊。聊天機器人帳號,設置於即時通訊伺服器,當行動裝置連接即時通訊伺服器,以一個社群帳號傳送詢問指令予聊天機器人帳號,聊天機器人帳號傳送社群帳號與詢問指令至服務主機,並自服務主機取得對應社群帳號的即時密碼資訊。In view of the foregoing problems, the present invention provides a dynamic password system including an account management host, a service host, and a chat robot account. The account management host includes: account database, including plural account information, each account information includes community account and real-time password information; and dynamic password module, which changes the real-time password information of each account information according to the change rules. The service host is connected to the account management host, and when receiving the community account and the inquiry instruction, it checks whether the community account exists in the account database, and obtains the real-time password information of the corresponding community account according to the inquiry instruction. The chat bot account is set on the instant messaging server. When the mobile device is connected to the instant messaging server, a social account is used to send inquiry commands to the chat bot account. The chat bot account sends the community account and inquiry instructions to the service host and serves itself. The host obtains the real-time password information of the corresponding community account.
本發明也提供一種取得動態密碼的方法,包含以下步驟:建立複數帳號資訊,每一個帳號資訊包含社群帳號與即時密碼資訊;依照變更規則變更每帳號資訊之即時密碼資訊;以一個社群帳號傳送詢問指令予聊天機器人帳號;以聊天機器人帳號傳送社群帳號與查詢指令;以服務主機接收社群帳號與查詢指令,依據查詢指令取得對應社群帳號的即時密碼資訊;以聊天機器人帳號接收對應社群帳號的即時密碼資訊,並傳送即時密碼資訊至社群帳號。The present invention also provides a method for obtaining dynamic passwords, which includes the following steps: creating plural account information, each account information including community account and real-time password information; changing the real-time password information of each account information according to the change rule; using a community account Send inquiry commands to the chatbot account; send community accounts and query commands through the chatbot account; receive community accounts and query commands through the service host, obtain the real-time password information of the corresponding community accounts according to the query instructions; receive the correspondence through the chatbot account Real-time password information of the community account, and send real-time password information to the community account.
透過本發明所揭示的動態密碼系統與取得動態密碼的方法,使用者無需安裝額外的應用程式或是經過繁複的身分驗證程序,便可取得專屬使用者的即時密碼資訊。換言之,由於使用者已於創建社群帳號時驗證身分,透過社群帳號傳送詢問指令,可省略再次驗證身分的程序。並且,使用者於應用程序介面輸入文字即可查詢密碼,操作方式相當直覺。Through the dynamic password system and the method for obtaining the dynamic password disclosed in the present invention, the user does not need to install additional applications or go through complicated identity verification procedures to obtain the real-time password information of the exclusive user. In other words, since the user has already verified the identity when creating the community account, sending the inquiry command through the community account can omit the process of re-verifying the identity. Moreover, the user can query the password by entering text in the application interface, and the operation method is quite intuitive.
以下舉出具體實施例以詳細說明本發明之內容,並以圖式作為輔助說明。說明書中提及之符號係參閱符號說明。Specific embodiments are listed below to illustrate the content of the present invention in detail, and the drawings are used as an auxiliary description. The symbols mentioned in the manual refer to the symbol description.
請參閱圖1所示,圖1為本發明一實施例之動態密碼之系統方塊圖(一)。本發明之動態密碼系統主要包含帳號管理主機1、服務主機2以及聊天機器人帳號31。Please refer to FIG. 1. FIG. 1 is a block diagram (1) of a dynamic password system according to an embodiment of the present invention. The dynamic password system of the present invention mainly includes an account management host 1, a
帳號管理主機1主要包含帳號資料庫11與動態密碼模組13。於一實施態樣,帳號資料庫11包含複數帳號資訊,每一個帳號資訊包含一個社群帳號41與一個對應社群帳號41的即時密碼資訊。在此,社群帳號41可為各種即時通訊軟體(Instant Messenger)之帳號,例如是Messenger、LINE、Wechat或WhatsApp等,也可以是社群網路軟體(Social Network APP)之帳號,例如是Facebook或Instagram等,然而本發明不以此為限。例如在帳號資訊的帳號資訊中,社群帳號41可以是員工甲的LINE帳號,即時密碼資訊則可以是員工甲的工作電腦的登入密碼,並非是員工甲的LINE的密碼。The account management host 1 mainly includes an
然而,於另一實施態樣中,每一個帳號資訊除了包含一個社群帳號41與一個對應社群帳號41的即時密碼資訊,更可包含一個對應社群帳號41的身分資訊,身分資訊例如是員工編號或是身分證字號等,也就是說,例如在帳號資訊的帳號資訊中,社群帳號41可以是員工甲的LINE帳號,身分資訊例如是員工甲的員工編號或是身分證字號,即時密碼資訊則可以是員工甲的工作電腦的登入密碼,因此,在帳號資料庫11中,可利用員工甲的社群帳號41查詢(或取得)員工甲的身分資訊(例如員工編號或是身分證字號)與員工甲的即時密碼資訊(例如工作電腦的登入密碼),亦可利用員工甲的身分資訊查詢(或取得)員工甲的社群帳號41與即時密碼資訊。However, in another implementation aspect, each account information includes not only a
動態密碼模組13,依照變更規則變更每帳號資訊之即時密碼資訊。在此,變更規則例如是密碼設定規則,如密碼必須由大寫字母加上數字共八位等。並且,動態密碼模組13可以是於定期地依照變更規則變更每個帳號資訊之即時密碼資訊,舉例來說,動態密碼模組13於每日早上5點變更每一個帳號所對應的密碼。此外,動態密碼模組13也可以不定期地依照變更規則變更即時密碼資訊,例如,隨機於間隔3、4、5或6小時變更每一個帳號所對應的密碼。避免不法人士取得密碼後盜用內部網路的資訊,或是破壞內部網路的資訊。The
聊天機器人帳號31,設置於即時通訊伺服器3。在此,即時通訊伺服器3為前述通訊軟體或社群網路軟體之伺服器,而聊天機器人帳號31為設置於前述即時通訊軟體或社群網路軟體的聊天機器人的帳號。使用者(例如企業的員工)的社群帳號41與聊天機器人帳號31建立連接關係後(即在前述即時通訊軟體或社群網路軟體中加聊天機器人為好友),可透過應用程序介面(API,Application Interface)與社群帳號41互動。The
請參閱圖1與圖3A所示,圖3A為本發明一實施例之動態密碼系統之行動裝置的外觀示意圖(一)。使用者例如企業的員工甲,當其過社群帳號41傳送詢問指令,舉例來說,員工甲於行動裝置4的LINE聊天介面輸入「我要密碼」或「密碼」等文字,接著,聊天機器人帳號31根據詢問指令傳送員工甲之社群帳號41(即員工甲的LINE ID)與詢問指令至即時通訊伺服器3,再由即時通訊伺服器3自服務主機2取得對應員工甲之社群帳號41的即時密碼資訊。在此,服務主機2例如是企業內部網路的主機,而行動裝置4例如是行動電話、平板電腦等,又或是智慧型手錶等其他可攜式電子裝置。Please refer to FIG. 1 and FIG. 3A. FIG. 3A is a schematic diagram (1) of the appearance of a mobile device of a dynamic password system according to an embodiment of the present invention. A user, such as employee A of a company, sends an inquiry command through the
接下來,服務主機2接收社群帳號41與詢問指令後,依據員工甲的社群帳號41取得帳號管理主機1內對應社群帳號41的即時密碼資訊,並傳送至即時通訊伺服器3,聊天機器人帳號31即可取得即時密碼資訊後,顯示於員工甲於行動裝置4的LINE聊天介面(即安裝在行動裝置4上之通訊軟體),此時,員工甲取得即時密碼資訊而可進行登入工作電腦的程序,並於員工甲的工作電腦登入後,進入內部區域網路並依據其部門權限或個人權限取得工作訊息。Next, after the
由前述可知,多個使用者(意即多個員工)可分別以其社群帳號41與同一個聊天機器人帳號31建立連接(意即加為好友),不同使用者以不同的社群帳號41透過聊天機器人帳號31取得其個人的即時密碼資訊。由於社群帳號41具有綁定功能,例如綁定手機門號,因此,使用者是無法使用他人的社群帳號41取得非屬本人的即時密碼資訊,可避免遭到同事或他人盜取即時密碼資訊。From the foregoing, it can be seen that multiple users (meaning multiple employees) can use their
因此,透過本發明所揭示的動態密碼系統,使用者無需安裝額外的應用程式或是經過繁複的身分驗證程序,便可取得自己的即時密碼資訊,並且,任何人均無法使用他人的社群帳號41取得非屬本人的即時密碼資訊。再者,使用者於應用程序介面輸入文字即可查詢密碼,操作方式相當直覺。Therefore, through the dynamic password system disclosed in the present invention, users can obtain their own real-time password information without installing additional applications or going through complicated identity verification procedures, and no one can use another's
請參閱圖2所示,圖2為本發明一實施例之動態密碼之系統方塊圖(二)。於一實施態樣,使用者可經由行動裝置4掃描條碼資訊5,使社群帳號41與聊天機器人帳號31建立連接關係。在此,行動裝置4更可包含掃描模組42,掃描條碼資訊5後,取得聊天機器人帳號31的ID後,能聊天機器人帳號31建立連接關係並與聊天機器人帳號31互動。在此,條碼資訊5可以印刷於員工手冊、海報、貼紙等印刷品上,抑或是以郵件發送並顯示於顯示屏幕上。Please refer to FIG. 2. FIG. 2 is a block diagram (2) of a dynamic password system according to an embodiment of the present invention. In an implementation aspect, the user can scan the barcode information 5 via the
請再參閱圖2所示。於一實施態樣,帳號資料庫11於建立一個新的社群帳號時,自動產生對應社群帳號41之ID的即時密碼資訊。在此,帳號管理主機1更可包含密碼產生模組15,自動地產生對應於社群帳號41的即時密碼資訊。舉例來說,當有新進員工,並將其社群帳號41(例如是LINE ID)建立於帳號資料庫11的同時,密碼產生模組15便會自動地產生對應新進員工社群帳號41的即時密碼資訊,惟本發明不以此為限,帳號資料庫11於建立一個新的社群帳號41時,也可由使用者(例如新進員工或資訊管理人員)自行設定對應的即時密碼資訊。Please refer to Figure 2 again. In an implementation aspect, the
請參閱圖3B所示,為本發明一實施例之動態密碼系統之行動裝置的外觀示意圖(二)。於一實施態樣,使用者也可以選擇退出本發明的動態密碼系統,詳細而言,使用者透過社群帳號41傳送退出指令,例如於行動裝置4的LINE聊天介面輸入「我要退出」或「退出」等文字,接著聊天機器人帳號31根據退出指令傳送網路位址,使用者可透過網路位址連接至網頁,並於網頁操作退出的程序,並於退出之後,動態密碼模組13不再變更其帳號資訊之即時密碼資訊,或是於退出之後,聊天機器人帳號31不再提供即時密碼資訊之查詢或取得功能。Please refer to FIG. 3B, which is a schematic diagram (2) of the appearance of a mobile device of a dynamic password system according to an embodiment of the present invention. In an implementation aspect, the user can also choose to opt out of the dynamic password system of the present invention. Specifically, the user sends an opt-out command through the
請參閱圖4所示,圖4為本發明的其中一些實施例之取得動態密碼的方法的步驟流程圖。取得動態密碼的方法,包含以下步驟:Please refer to FIG. 4, which is a flowchart of the method for obtaining a dynamic password according to some embodiments of the present invention. The method of obtaining a dynamic password includes the following steps:
步驟S01:建立複數帳號資訊,每一個帳號資訊包含社群帳號41與即時密碼資訊。Step S01: Create plural account information, and each account information includes
複數帳號資訊係建立於帳號資料庫11,每一個帳號資訊包含一個社群帳號41與一個對應社群帳號41的即時密碼資訊,其同於前述說明,故於此不再累述。The plural account information is established in the
步驟S02:依照變更規則變更每帳號資訊之即時密碼資訊。Step S02: Change the real-time password information of each account information according to the change rule.
係透過帳號管理主機1的動態密碼模組13變更即時密碼資訊。動態密碼模組13可定期或不定期變更每帳號資訊之即時密碼資訊,其相同於前文舉例說明,故於此不再累述。The real-time password information is changed through the
步驟S03:以一個社群帳號41傳送詢問指令予聊天機器人帳號31。Step S03: Use a
使用者以行動裝置4將其社群帳號41與聊天機器人帳號31建立連結後(即在前述即時通訊軟體或社群網路軟體中加聊天機器人為好友),傳送詢問指令予聊天機器人帳號31,例如使用者於行動裝置4的LINE聊天介面輸入「我要密碼」或「密碼」等文字。在此,行動裝置4、聊天機器人帳號31同於前述說明,故於此不再累述。After the user establishes a link between his
步驟S04:以聊天機器人帳號31傳送社群帳號41與詢問指令。Step S04: Use the
聊天機器人帳號31係設置於即時通訊伺服器3,詢問指令係透過聊天機器人帳號31傳送至即時通訊伺服器3,即時通訊伺服器3進一步傳送前述社群帳號41與詢問指令於服務主機2,其相同於前述說明,故於此不再累述。The
步驟S05:以服務主機2接收社群帳號41之ID與詢問指令,依據詢問指令取得對應社群帳號41的即時密碼資訊。Step S05: The
服務主機2接收社群帳號41與詢問指令後,依據社群帳號41取得帳號管理主機1內對應社群帳號41的即時密碼資訊,並傳送至即時通訊伺服器3,其相同於前述說明,故於此不再累述。After receiving the
步驟S06:以聊天機器人帳號31接收對應社群帳號41的即時密碼資訊,並傳送即時密碼資訊至社群帳號41。Step S06: Use the
服務主機2傳送對應社群帳號41的即時密碼資訊於即時通訊伺服器3,顯示於行動裝置4包含聊天機器人帳號31與社群帳號41的聊天室,意即,傳送即時密碼資訊至社群帳號41。此時,使用者取得即時密碼資訊而可進行後續的登入程序,其相同於前述說明,故於此不再累述。The
於一實施態樣,於前述步驟S01,建立複數帳號資訊之步驟中,更包含步驟:自動產生對應社群帳號41的即時密碼資訊,換言之,建立複數帳號資訊於帳號管理主機1的同時,會自動產生對應社群帳號41的即時密碼資訊。In an implementation aspect, in the step S01, the step of creating plural account information, it further includes the step of automatically generating real-time password information corresponding to the
在此,如前所述,帳號管理主機1更可包含密碼產生模組15,產生專屬於社群帳號41之ID的即時密碼資訊。須說明的是,然而本發明不以此為限,也可由使用者自行設定密碼。Here, as mentioned above, the account management host 1 may further include a
於一實施態樣,於前述步驟S03以一個社群帳號41傳送詢問指令予聊天機器人帳號31之步驟前,可以包含步驟:掃描條碼資訊5,而使社群帳41號與聊天機器人帳號31建立連接關係。In an implementation aspect, before the step of sending an inquiry command to the
行動裝置4更可包含掃描模組42,掃描條碼資訊5後,取得聊天機器人帳號31的ID,而能與聊天機器人帳號31互動,其同於前述說明,故於此不再累述。The
綜上所述,透過本發明所揭示的動態密碼與取得動態密碼的方法,使用者無需安裝額外的應用程式或是經過繁複的身分驗證程序,便可取得自己的即時密碼資訊,並且,任何人均無法使用他人的社群帳號41取得非屬本人的即時密碼資訊。再者,使用者於應用程序介面輸入文字即可查詢密碼,操作方式相當直覺。In summary, through the dynamic password and the method for obtaining the dynamic password disclosed in the present invention, users can obtain their own real-time password information without installing additional applications or going through complicated identity verification procedures. It is not possible to use another's
雖然本發明的技術內容已經以較佳實施例揭露如上,然其並非用以限定本發明,任何熟習此技藝者,在不脫離本發明之精神所作些許之更動與潤飾,皆應涵蓋於本發明的範疇內,因此本發明之保護範圍當視後附之申請專利範圍所界定者為準。Although the technical content of the present invention has been disclosed in the preferred embodiments as above, it is not intended to limit the present invention. Anyone who is familiar with this technique and makes some changes and modifications without departing from the spirit of the present invention should be covered by the present invention. Therefore, the scope of protection of the present invention shall be subject to the scope of the attached patent application.
1:帳號管理主機 11:帳號資料庫 13:動態密碼模組 15:密碼產生模組 2:服務主機 3:即時通訊伺服器 31:聊天機器人帳號 4:行動裝置 41:社群帳號 42:掃描模組 5:條碼資訊 S01、S02、S03、S04、S05、S06:步驟1: Account management host 11: Account database 13: Dynamic password module 15: Password generation module 2: service host 3: instant messaging server 31: Chatbot account 4: mobile device 41: Community Account 42: Scanning module 5: Barcode information S01, S02, S03, S04, S05, S06: steps
[圖1] 為本發明一實施例之動態密碼之系統方塊圖(一)。 [圖2] 為本發明一實施例之動態密碼之系統方塊圖(二)。 [圖3A] 為本發明一實施例之動態密碼系統之行動裝置的外觀示意圖(一)。 [圖3B] 為本發明一實施例之動態密碼系統之行動裝置的外觀示意圖(二)。 [圖4] 為本發明的其中一些實施例之取得動態密碼的方法的步驟流程圖。[Figure 1] is a system block diagram (1) of a dynamic password according to an embodiment of the present invention. [Figure 2] is a system block diagram (2) of a dynamic password according to an embodiment of the present invention. [Fig. 3A] is a schematic diagram (1) of the appearance of a mobile device of a dynamic password system according to an embodiment of the present invention. [Figure 3B] is a schematic diagram (2) of the external appearance of a mobile device of a dynamic password system according to an embodiment of the present invention. [Figure 4] is a flowchart of the steps of the method for obtaining a dynamic password in some embodiments of the present invention.
1:帳號管理主機1: Account management host
11:帳號資料庫11: Account database
13:動態密碼模組13: Dynamic password module
2:服務主機2: service host
3:即時通訊伺服器3: instant messaging server
31:聊天機器人帳號31: Chatbot account
4:行動裝置4: mobile device
41:社群帳號41: Community Account
Claims (9)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW109110345A TWI772768B (en) | 2020-03-26 | 2020-03-26 | Dynamic password system and method for obtaining dynamic password |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW109110345A TWI772768B (en) | 2020-03-26 | 2020-03-26 | Dynamic password system and method for obtaining dynamic password |
Publications (2)
Publication Number | Publication Date |
---|---|
TW202137032A true TW202137032A (en) | 2021-10-01 |
TWI772768B TWI772768B (en) | 2022-08-01 |
Family
ID=79601319
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW109110345A TWI772768B (en) | 2020-03-26 | 2020-03-26 | Dynamic password system and method for obtaining dynamic password |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI772768B (en) |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101166091B (en) * | 2006-10-19 | 2010-08-11 | 阿里巴巴集团控股有限公司 | A dynamic password authentication method and service end system |
TW201002025A (en) * | 2008-06-20 | 2010-01-01 | Otp Systems Corp | Method and system of using OTP dynamic password verification combined with a pay platform |
TWI357752B (en) * | 2008-07-09 | 2012-02-01 | Chunghwa Telecom Co Ltd | Network user id verification system and method |
CN107508742B (en) * | 2017-07-25 | 2018-07-24 | 深圳市爱的网络科技有限公司 | A kind of social intercourse system, terminal and computer readable storage medium |
-
2020
- 2020-03-26 TW TW109110345A patent/TWI772768B/en active
Also Published As
Publication number | Publication date |
---|---|
TWI772768B (en) | 2022-08-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8266443B2 (en) | Systems and methods for secure and authentic electronic collaboration | |
US8850536B2 (en) | Methods and systems for identity verification in a social network using ratings | |
JP5133248B2 (en) | Offline authentication method in client / server authentication system | |
JP3956130B2 (en) | Authentication device, authentication system, authentication method, program, and recording medium | |
CN201467167U (en) | Password encoder and password protection system | |
US20150312252A1 (en) | Method of allowing establishment of a secure session between a device and a server | |
US9112847B2 (en) | Authentication method | |
CN111433770B (en) | Method and apparatus for user authentication and computer readable medium | |
JP2007058469A (en) | Authentication system, authentication server, authentication method, and authentication program | |
US20170019398A1 (en) | System And Method For Providing A One-Time Key For Identification | |
CN101291227A (en) | Password inputting method, device and system | |
CN105208013A (en) | Cross-device high-security non-password login method | |
JP4913624B2 (en) | Authentication system and authentication method | |
WO2020012343A1 (en) | System and method for confirming instructions over a communication channel | |
TWI772768B (en) | Dynamic password system and method for obtaining dynamic password | |
CN104021322A (en) | Electronic signature method, electronic signature equipment and electronic signature client | |
JP2011164837A (en) | Authentication system and authentication method | |
US10701105B2 (en) | Method for website authentication and for securing access to a website | |
US8533802B2 (en) | Authentication system and related method | |
CN107169341A (en) | Picture password generation method and picture password generating means | |
TWM580720U (en) | System for assisting a network service user in setting password for the first time | |
KR20080109580A (en) | Server certification system and method thereof | |
JP6080282B1 (en) | Authentication processing system, authentication auxiliary server, and web display program | |
CN101242276A (en) | A method for solving Internet honesty issue | |
US20130104209A1 (en) | Authentication system |