TWI399070B - Login verification method - Google Patents

Login verification method Download PDF

Info

Publication number
TWI399070B
TWI399070B TW99119407A TW99119407A TWI399070B TW I399070 B TWI399070 B TW I399070B TW 99119407 A TW99119407 A TW 99119407A TW 99119407 A TW99119407 A TW 99119407A TW I399070 B TWI399070 B TW I399070B
Authority
TW
Taiwan
Prior art keywords
server
website
verification
identification element
client device
Prior art date
Application number
TW99119407A
Other languages
Chinese (zh)
Other versions
TW201145962A (en
Inventor
Wei Jong Ho
Original Assignee
Chunghwa Telecom Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chunghwa Telecom Co Ltd filed Critical Chunghwa Telecom Co Ltd
Priority to TW99119407A priority Critical patent/TWI399070B/en
Publication of TW201145962A publication Critical patent/TW201145962A/en
Application granted granted Critical
Publication of TWI399070B publication Critical patent/TWI399070B/en

Links

Landscapes

  • Information Transfer Between Computers (AREA)

Description

驗證登入方法Verify login method

本發明係關於一種驗證登入方法,詳而言之,係為一種利用用戶識別要素及網站識別要素進行雙重驗證之驗證登入方法。The present invention relates to a verification login method, and more specifically, to a verification login method for double verification using a user identification element and a website identification element.

架設供使用者瀏覽、使用之網站伺服器乃現今資訊交流的主要趨勢,像是公司行號架設的宣傳網站、個人賣家架設的拍賣網站、及網路服務提供業者或系統服務應用商等服務業者架設的服務網站等,皆為日常生活中常見的網站伺服器類型。The establishment of a web server for users to browse and use is the main trend of information exchange today, such as the promotion website set up by the company's line number, the auction website set up by individual sellers, and the service providers such as Internet service providers or system service providers. The service websites set up are all the types of website servers that are common in daily life.

一般來說,使用者可將電腦連結上網際網路以瀏覽特定的網路頁面,而當使用者欲進一步使用相關的進階網路服務時,可能就需輸入預設的帳號及/或密碼予該網路頁面之網站伺服器,以完成身份認證等登入程序後,方能使用該些網路服務。例如,使用者可先進入服務業者架設的網站首頁,並將預設的帳號及/或密碼提供予業者之網站伺服器以進行身份驗證,當驗證完成後,使用者即可登入該網站伺服器,並進一步使用服務業者提供之電子信箱、線上消費等網路服務。In general, users can connect their computers to the Internet to view specific web pages. When users want to use the advanced Internet services further, they may need to enter a preset account and/or password. The web server of the web page can be used to complete the login process such as identity authentication before using the web service. For example, the user may first enter the homepage of the website set up by the service provider, and provide the preset account number and/or password to the website server of the service provider for identity verification. After the verification is completed, the user can log in to the website server. And further use Internet services such as e-mail and online consumption provided by service providers.

然而,由於網路駭客的猖獗,僅透過如帳號及/或密碼等的單一因素驗證的傳統登入方式,已無法有效保障使用者的資訊安全,以致各種資安事故頻繁地發生。為解決此一資安問題,遂有多家網路服務業者於網站伺服器上自行建置了第二道驗證程序,並要求使用者額外輸入第二道密碼,像是動態密碼,以期降低資料被盜取濫用之風險。However, due to the embarrassment of Internet hackers, the traditional login method, which is verified by a single factor such as account number and/or password, can no longer effectively protect the user's information security, so that various security incidents occur frequently. In order to solve this problem, there are a number of Internet service providers who have built a second verification program on the web server and asked the user to input a second password, such as a dynamic password, in order to reduce the data. The risk of being abused.

惟,此種作法有兩個主要的缺點,其一,網路服務業者必須要耗費額外的資源在網站伺服器上規劃出對應的驗證機制,始能進行對使用者輸入的第二道密碼進行驗證,對網路服務業者來說,大大提高了營運成本;其二,由於不同的網路服務業者所需要的第二道密碼往往也不相同,對使用者來說,除了需要額外記憶多組不同的第二道密碼外,亦有可能需要購買不同的密碼產生器,不但使用不便,也增加了負擔。隨著雲端運算技術的蓬勃發展,遠端存取及資料傳輸的資訊安全的重要性更是備受重視,相關業者無不積極開發一種更有效的驗證登入方式。However, this approach has two major drawbacks. First, the network service provider must spend additional resources to plan the corresponding authentication mechanism on the web server, and then can perform the second password input by the user. Verification, for Internet service providers, greatly increases operating costs; second, because the second passwords required by different Internet service providers are often different, for users, in addition to the need to memorize multiple groups In addition to the different second passwords, it is also possible to purchase different password generators, which is inconvenient to use and adds to the burden. With the rapid development of cloud computing technology, the importance of information security for remote access and data transmission is highly valued. Relevant operators are actively developing a more effective authentication login method.

有鑑於此,如何提供一種驗證登入方法,能在不提高服務業者的成本負擔外,復能降低使用者資訊安全的風險,,並兼顧使用者使用的便利性,實亟為各界所急待解決之課題。In view of this, how to provide a verification login method can reduce the risk of user information security without reducing the cost burden of service providers, and take into account the convenience of users, which is urgently needed to be solved by all walks of life. The subject.

鑒於上述習知技術之缺點,本發明乃提供一種驗證登入方法,以創造安全性高的網路使用環境,進而降低資訊安全的疑慮。In view of the above disadvantages of the prior art, the present invention provides a verification login method to create a highly secure network usage environment, thereby reducing information security concerns.

為達到上述目的及其他目的,本發明提供一種驗證登入方法,係應用於至少具有用戶端裝置、網站伺服器、及驗證伺服器的系統架構中,且該用戶端裝置、網站伺服器、及驗證伺服器係藉由網路系統予以連結,而該驗證登入方法包括以下步驟:(1)令該用戶端裝置及該網站伺服器分別向該驗證伺服器申請並取得專屬之用戶識別要素及網站識別要素;(2)令該用戶端裝置提供預設對應該網站伺服器之帳號及/或密碼予該網站伺服器,以進行驗證;(3)令通過驗證之該用戶端裝置將自該驗證伺服器取得之該用戶識別要素提供予該網站伺服器,以令該網站伺服器將該用戶端裝置提供之該用戶識別要素及自該驗證伺服器取得之該網站識別要素提供予該驗證伺服器,以令該驗證伺服器依據該用戶識別要素及該網站識別要素,針對該用戶端裝置及該網站伺服器進行驗證;以及(4)當該用戶端裝置及該網站伺服器通過該網站伺服器之驗證時,令通過驗證之該網站伺服器允許通過驗證之該用戶端裝置登入通過驗證之該網站伺服器。To achieve the above and other objects, the present invention provides a verification login method, which is applied to a system architecture having at least a client device, a website server, and a verification server, and the client device, the website server, and the verification The server is linked by the network system, and the verification login method includes the following steps: (1) causing the client device and the website server to separately apply to the verification server and obtain exclusive user identification elements and website identification. (2) causing the client device to provide a preset account and/or password corresponding to the website server to the website server for verification; (3) causing the verified client device to be authenticated from the server The user identification element obtained by the device is provided to the website server, so that the website server provides the user identification element provided by the client device and the website identification element obtained from the verification server to the verification server. In order for the verification server to verify the user device and the website server according to the user identification element and the website identification element. And (4) when the client device and the website server are authenticated by the website server, the verified website server allows the verified client device to log in to the verified website server.

依據本發明之一實施態樣,前述步驟(2)中之驗證步驟,係令該網站伺服器依據該預設對應該網站伺服器之帳號及/或密碼,針對該用戶端裝置的帳號及/或密碼進行驗證。According to an embodiment of the present invention, the verification step in the foregoing step (2) is to enable the website server to respond to the account and/or password of the website server according to the preset, and the account number of the client device and/or Or password to verify.

依據本發明之另一實施態樣,前述步驟(2)中之驗證步驟,係令該網站伺服器將該預設對應該網站伺服器之帳號及/或密碼提供予該驗證伺服器,並令該驗證伺服器依據該預設對應該網站伺服器之帳號及/或密碼針對該用戶端裝置帳號及/或密碼進行驗證。According to another embodiment of the present invention, the verification step in the foregoing step (2) is to enable the website server to provide the default account and/or password corresponding to the website server to the verification server, and The verification server verifies the account and/or password of the client device according to the preset account and/or password corresponding to the website server.

依據本發明之又一實施態樣,前述步驟(3)中之令該驗證伺服器依據該用戶識別要素及該網站識別要素,針對該用戶端裝置及該網站伺服器進行驗證的步驟,係包括令該網站伺服器先將該用戶端裝置提供之該用戶識別要素提供予該驗證伺服器,以令該驗證伺服器對該用戶識別要素進行驗證,並於驗證通過後,再令該網站伺服器將自該驗證伺服器取得之該網站識別要素提供予該驗證伺服器,以令該驗證伺服器對該網站識別要素進行驗證。According to still another embodiment of the present invention, the step of verifying, by the verification server, the client device and the website server according to the user identification element and the website identification element in the foregoing step (3) includes Having the website server first provide the user identification element provided by the client device to the verification server, so that the verification server verifies the user identification element, and after verifying, the website server is The website identification element obtained from the verification server is provided to the verification server to enable the verification server to verify the website identification element.

依據本發明之再一實施態樣,前述步驟(3)中之令該驗證伺服器依據該用戶識別要素及該網站識別要素,針對該用戶端裝置及該網站伺服器進行驗證的步驟,係包括令該網站伺服器先將自該驗證伺服器取得之該網站識別要素提供予該驗證伺服器,以令該驗證伺服器對該網站識別要素進行驗證,並於驗證通過後再令該網站伺服器將該用戶端裝置提供之該用戶識別要素提供予該驗證伺服器,以令該驗證伺服器對該用戶識別要素進行驗證。According to still another embodiment of the present invention, the step of verifying, by the verification server, the user equipment and the website server according to the user identification element and the website identification element in the foregoing step (3) includes Having the website server first provide the website identification element obtained from the verification server to the verification server, so that the verification server verifies the identification element of the website, and then the website server is verified after the verification is passed. The user identification element provided by the client device is provided to the verification server to enable the verification server to verify the user identification element.

依據本發明之又再一實施態樣,前述步驟(3)中之令該驗證伺服器依據該用戶識別要素及該網站識別要素,針對該用戶端裝置及該網站伺服器進行驗證的步驟,係包括令該網站伺服器一併將該用戶端裝置提供之該用戶識別要素及自該驗證伺服器取得之該網站識別要素提供予該驗證伺服器,以令該驗證伺服器對該用戶識別要素及該網站識別要素進行驗證。According to still another embodiment of the present invention, in the step (3), the verification server is configured to verify the user equipment and the website server according to the user identification element and the website identification element. The method includes: causing the website server to provide the user identification element provided by the client device and the website identification element obtained from the verification server to the verification server, so that the verification server identifies the user element and The site identifies the elements for verification.

相較於習知技術,本發明之驗證登入方法藉由用戶端裝置、網站伺服器、及驗證伺服器的協同運作,可於驗證完預設之帳號及/或密碼後,進一步藉由驗證伺服器對用戶識別要素及網站識別要素進行驗證,因此,不但不會增加服務業者的營運成本,也不會增加使用者的使用負擔,更藉此提高網路使用環境的安全性,進而有效降低資訊安全之疑慮。Compared with the prior art, the verification login method of the present invention can further verify the servo after verifying the preset account and/or password by the cooperative operation of the client device, the website server, and the verification server. The device verifies the user identification elements and the website identification elements, so it not only increases the operating cost of the service provider, but also increases the user's use burden, thereby improving the security of the network use environment, thereby effectively reducing the information. Safety concerns.

以下藉由特定的具體實施例說明本發明之技術內容,熟悉此技藝之人士可由本說明書所揭示之內容輕易地暸解本發明之其他優點與功效。本發明亦可藉由其他不同的具體實例加以施行或應用,本說明書中的各項細節亦可基於不同觀點與應用,在不悖離本發明之精神下進行各種修飾與變更。The other embodiments of the present invention will be readily understood by those skilled in the art from this disclosure. The present invention may be embodied or applied in various other specific embodiments, and various modifications and changes may be made without departing from the spirit and scope of the invention.

請併同參閱第1圖及第2圖,第1圖係為本發明之驗證登入方法之步驟流程圖,第2圖則係繪示本發明之驗證登入方法之應用系統架構圖。如第1圖及第2圖所示,本發明之驗證登入方法係應用於至少具有用戶端裝置a、網站伺服器b、及驗證伺服器c的系統架構中,而用戶端裝置a、網站伺服器b、及驗證伺服器c係藉由網路系統(未圖示)予以連結。Please refer to FIG. 1 and FIG. 2 together. FIG. 1 is a flow chart of steps of the verification login method of the present invention, and FIG. 2 is a diagram showing an application system architecture of the verification login method of the present invention. As shown in FIG. 1 and FIG. 2, the verification login method of the present invention is applied to a system architecture having at least a client device a, a website server b, and a verification server c, and the client device a and the website server The device b and the verification server c are connected by a network system (not shown).

於本實施態樣中,該網路系統可例如為網際網路、企業間網路及/或企業內網路,以區域網路、廣域網路及/或虛擬私有網路(VPN)之形態,透過有線及/或無線的方式進行資料傳輸,但不以此為限。此外,用戶端裝置a可例如為個人電腦、筆記型電腦或智慧型手機,網站伺服器b可為應用介接服務業者(YahooTM )用以架設網路服務(如電子郵件、拍賣、即時通訊等)網頁之伺服器,驗證伺服器c係可為提供網路服務之網路服務提供業者(例如中華電信TM )之中央伺服器。In this embodiment, the network system may be, for example, an Internet, an inter-enterprise network, and/or an intranet, in the form of a regional network, a wide area network, and/or a virtual private network (VPN). Data transmission via wired and/or wireless means, but not limited to. In addition, the client device may for example be a PC, laptop or smartphone, b web server can be accessed as an application service provider referral (Yahoo TM) to set up network services (such as e-mail, auctions, chat The server of the web page, the authentication server c is a central server for the network service provider (such as Chunghwa TelecomTM ) that provides network services.

需注意的是,用戶端裝置a、網站伺服器b、及驗證伺服器c的數量會隨著不同的實際情形而有所變更,亦即,實際應用時,用戶端裝置a及驗證伺服器c間係可連結有複數個網站伺服器b。It should be noted that the number of the client device a, the website server b, and the authentication server c may vary according to different actual situations, that is, the user device a and the authentication server c in actual application. A plurality of website servers b can be connected to each other.

於執行本實施態的驗證登入方法時,首先,於步驟S1中,令用戶端裝置a及網站伺服器b分別向驗證伺服器c申請並取得專屬用戶端裝置a之用戶識別要素及網站伺服器b之網站識別要素。具體而言,係令用戶端裝置a及網站伺服器b分別向驗證伺服器c提出申請,以令驗證伺服器c分別核發具有專屬性質之用戶識別要素及網站識別要素予用戶端裝置a及網站伺服器b。於核發的過程中,驗證伺服器c會一併記錄所核發之用戶識別要素及網站識別要素與用戶端裝置a及網站伺服器b的對應關係。於本實施態樣中,用戶識別要素及網站識別要素可為數字、字母、圖案、聲音、影像及/或符號所組成之識別碼(identifier)。於其他實施態樣中,用戶識別要素及網站識別要素更可分別對應於用戶端裝置a及網站伺服器b之網際協議位置(IP)。接著進至步驟S2。When performing the verification login method of the present embodiment, first, in step S1, the client device a and the website server b are respectively requested by the authentication server c to obtain the user identification element and the website server of the exclusive client device a. b website identification elements. Specifically, the client device a and the website server b are respectively applied to the verification server c, so that the verification server c respectively issues the user identification element and the website identification element with the specific attribute to the client device a and the website. Server b. During the issuance process, the verification server c records the correspondence between the user identification element and the website identification element issued by the verification server and the client device a and the website server b. In this embodiment, the user identification element and the website identification element may be an identifier composed of numbers, letters, patterns, sounds, images, and/or symbols. In other implementations, the user identification element and the website identification element may correspond to the Internet Protocol Location (IP) of the client device a and the website server b, respectively. Then it proceeds to step S2.

於步驟S2中,令用戶端裝置a提供預設對應該網站伺服器之帳號及/或密碼予網站伺服器b,以進行驗證,並於驗證通過後進至步驟S3。具體而言,使用者可藉由用戶端裝置a透過網路系統連結上網站伺服器b,並於網站伺服器b提供之服務網頁上輸入預設對應該網站伺服器之帳號及/或密碼,較佳者,該密碼可選擇性的為對應於該帳號之靜態密碼及/或動態密碼,以要求網站伺服器b利用使用者於服務網頁上輸入之帳號及/或密碼針對該用戶端裝置進行身份確認,而於確認通過後,即進至步驟S3。In step S2, the client device a is provided with a preset account and/or password corresponding to the website server to the website server b for verification, and after the verification is passed, the process proceeds to step S3. Specifically, the user can connect to the website server b through the network system through the client device a, and input the account and/or password corresponding to the website server on the service webpage provided by the website server b. Preferably, the password is selectively a static password and/or a dynamic password corresponding to the account, so that the website server b is required to use the account and/or password input by the user on the service webpage for the client device. The identity is confirmed, and after the confirmation is passed, the process proceeds to step S3.

於步驟S3中,係令通過驗證之用戶端裝置a將先前自驗證伺服器c取得之用戶識別要素提供予網站伺服器b,以令網站伺服器b將用戶端裝置a提供之用戶識別要素以及先前自驗證伺服器c取得之網站識別要素再提供予驗證伺服器c,以令該驗證伺服器依據該用戶識別要素及該網站識別要素,針對該用戶端裝置及該網站伺服器進行驗證,並於驗證通過後進至步驟S4。具體而言,使用者可以通過步驟S2中所述之帳號及/或密碼驗證之用戶端裝置a,將先前於步驟S1中自驗證伺服器c處取得之用戶識別要素提供予網站伺服器b。於本實施型態中,其可例如為令用戶端裝置a自動地將先前取得之用戶識別要素發送至網站伺服器b,亦或者以手動輸入之形式將先前取得之用戶識別要素輸入至網站伺服器b提供之服務網頁。接著,網站伺服器b會將由用戶端裝置a處接收到的用戶識別要素連同先前於步驟S1中由驗證伺服器c處取得之網站識別要素一併傳輸至驗證伺服器c,以令驗證伺服器c確認所接收到的用戶識別要素和發送該用戶識別要素之用戶端裝置a間之對應關係,同時確認所接收到的網站識別要素和發送該網站識別要素之網站伺服器b間之對應關係,亦即,可藉由先前之記錄來確認該用戶識別要素及該網站識別要素與該用戶端裝置a及網站伺服器b間之對應關係是否相同,而當確認結果為相同時,即完成驗證程序。In step S3, the authenticated user device a is used to provide the user identification element previously obtained by the verification server c to the website server b, so that the website server b can provide the user identification element provided by the client device a and The website identification element obtained by the verification server c is further provided to the verification server c, so that the verification server verifies the client device and the website server according to the user identification element and the website identification element, and After the verification is passed, the process proceeds to step S4. Specifically, the user can provide the user identification element previously obtained in the self-verification server c in step S1 to the website server b through the account device and/or the password verification client device a described in step S2. In this embodiment, for example, the user equipment a can automatically send the previously obtained user identification element to the website server b, or input the previously obtained user identification element to the website servo in the form of manual input. The service page provided by device b. Then, the website server b transmits the user identification element received by the client device a together with the website identification element previously obtained by the verification server c in step S1 to the verification server c, so as to enable the verification server. c confirming the correspondence between the received user identification element and the client device a transmitting the user identification element, and confirming the correspondence between the received website identification element and the website server b transmitting the website identification element, That is, the previous record can be used to confirm whether the correspondence between the user identification element and the website identification element and the client device a and the website server b is the same, and when the confirmation result is the same, the verification process is completed. .

於步驟S4中,係令通過驗證之網站伺服器b允許用戶端裝置a進行登入。具體而言,當驗證伺服器c完成步驟S3中所述之驗證程序後,即會發出訊息通知網站伺服器b,此時,網站伺服器b之服務網頁即會開放使用者藉由用戶端裝置a予以登入,以令使用者得以使用相關的網路服務。In step S4, the authenticated website server b is ordered to allow the client device a to log in. Specifically, when the verification server c completes the verification process described in step S3, a message is sent to the website server b, and at this time, the service page of the website server b is opened by the user terminal device. a Login to enable users to use the relevant network services.

值得一提的是,於不同的實施型態,在前述步驟S2中,網站伺服器b可自行對使用者所輸入之帳號及/或密碼進行驗證,亦可將使用者所輸入之帳號及/或密碼轉送至驗證伺服器c,並要求驗證伺服器c對使用者所輸入之帳號及/或密碼進行驗證。亦即,因應不同的實際需求,本發明可直接透過網站伺服器進行驗證,並不需要更動其原有驗證帳號及/或密碼的設定。當然,也可進一步簡化習知的網站伺服器的負擔,令其完全不需進行任何的驗證程序,更加減低服務業者的營運成本。It is worth mentioning that, in different implementation modes, in the foregoing step S2, the website server b can verify the account and/or password input by the user, and can also input the account entered by the user and/or Or the password is forwarded to the verification server c, and the verification server c is required to verify the account and/or password input by the user. That is, the present invention can be directly verified by the web server in response to different actual needs, and does not need to change the setting of the original verification account and/or password. Of course, the burden on the conventional web server can be further simplified, so that it does not need any verification procedure at all, and the service cost of the service provider is further reduced.

另外,於前述步驟S3中,網站伺服器b係可選擇性地藉由同步或非同步的方式,將用戶端裝置a所提供之用戶識別要素以及自驗證伺服器c取得之網站識別要素傳輸至驗證伺服器c,以要求驗證伺服器c進行同步或非同步的驗證。In addition, in the foregoing step S3, the website server b can selectively transmit the user identification element provided by the client device a and the website identification element obtained by the self-authentication server c to the website identification element provided by the client device a in a synchronous or asynchronous manner. Verify server c to require verification server c to perform synchronous or asynchronous verification.

申言之,於同步的傳輸方式下,網站伺服器b可一併將用戶端裝置a提供之用戶識別要素及先前自驗證伺服器c取得之網站識別要素傳輸至驗證伺服器c,並要求驗證伺服器c利用所具有之記錄同時驗證該用戶識別要素和用戶端裝置a以及該網站識別要素和網站伺服器b之對應關係。In a synchronous transmission mode, the website server b can transmit the user identification element provided by the client device a and the website identification element obtained by the previous self-authentication server c to the verification server c, and request verification. The server c simultaneously verifies the correspondence between the user identification element and the client device a and the website identification element and the website server b by using the record.

於非同步的傳輸方式下,網站伺服器b可先將用戶端裝置a提供之用戶識別要素傳輸至驗證伺服器c,以要求驗證伺服器c利用具有之記錄驗證該用戶識別要素和用戶端裝置a之對應關係,而於驗證通過後,再令網站伺服器b將先前自驗證伺服器c處取得之網站識別要素傳輸至驗證伺服器c,以令驗證伺服器c利用具有之記錄驗證該網站識別要素和網站伺服器b之對應關係。當然,網站伺服器b亦可先將自該驗證伺服器c處取得之網站識別要素傳輸至驗證伺服器c,以要求驗證伺服器c利用具有之記錄驗證該網站識別要素和網站伺服器b之對應關係,並於驗證通過後,再令網站伺服器b將用戶端裝置a提供之用戶識別要素傳輸至驗證伺服器c,以要求驗證伺服器c利用具有之記錄驗證該用戶識別要素和用戶端裝置a之對應關係。In the asynchronous transmission mode, the website server b may first transmit the user identification element provided by the client device a to the verification server c, so as to request the verification server c to verify the user identification element and the client device by using the record. a correspondence between a, and after the verification is passed, the website server b is further transmitted to the verification server c by the website identification element obtained from the previous verification server c, so that the verification server c can verify the website by using the record Identify the correspondence between the feature and the web server b. Of course, the website server b may first transmit the website identification element obtained from the verification server c to the verification server c, so that the verification server c uses the record with the record to verify the website identification element and the website server b. Corresponding relationship, and after the verification is passed, the website server b is further transmitted to the verification server c by the user identification element provided by the client device a, to request the verification server c to verify the user identification element and the client end by using the record Correspondence of device a.

因此,應用本發明之驗證登入方法,網路服務業者之網站伺服器完全不需浪費額外的資源自行建置相關的驗證機制,即可進行對應網路服務業者之網路伺服器之帳號及/或密碼外的第二道驗證程序。此外,需補充說明的是,由於本發明之驗證登入方法係可應用於具有多個網站伺服器b的網路系統架構中,且用戶端裝置a及網站伺服器b乃分別向驗證伺服器c取得專屬之用戶識別要素及網站識別要素。因此,對使用者而言,僅需藉由單一的用戶識別要素即可完成對應網路服務業者之網路伺服器之帳號及/或密碼驗證外的第二道驗證程序,進而登入不同的網站伺服器b來使用不同的網路服務。簡言之,使用者可簡單、輕易地使用本發明之驗證登入方法於不同的服務網頁上進行高安全性的驗證登入作業。Therefore, by applying the verification login method of the present invention, the web server of the network service provider can perform the relevant verification mechanism without wasting additional resources, and can perform the account of the network server of the corresponding network service provider and/or Or a second verification procedure outside the password. In addition, it should be added that the verification login method of the present invention is applicable to a network system architecture having a plurality of website servers b, and the client device a and the website server b are respectively directed to the authentication server c. Obtain exclusive user identification elements and website identification elements. Therefore, for the user, only a single user identification element can complete the second verification procedure of the account and/or password verification of the network server of the corresponding network service provider, and then log in to different websites. Server b uses different network services. In short, the user can easily and easily use the verification login method of the present invention to perform a high security verification login operation on different service web pages.

綜上所述,本發明之驗證登入方法藉由用戶端裝置、網站伺服器、及驗證伺服器的協同運作,可於驗證完帳號及/或密碼後,進一步藉由驗證伺服器驗證用戶識別要素及網站識別要素,以完成第二道驗證程序,提高網路使用環境的使用安全性,免除使用者對於資訊安全方面的疑慮。對網路服務業者而言,由於本發明之驗證登入方法可不需網路服務業者於網站伺服器自行建置第二道驗證機制,所以不會增加網路服務業者的營運成本。而對使用者而言,由於僅需單一的用戶識別要素即可於多個服務網頁上完成高安全性的驗證登入作業,也不會增加使用者的使用負擔。In summary, the verification login method of the present invention can further verify the user identification element by the verification server after verifying the account and/or password by the cooperative operation of the client device, the website server, and the verification server. And website identification elements to complete the second verification process, improve the security of the use of the network environment, and avoid users' doubts about information security. For the network service provider, the verification login method of the present invention does not require the network service provider to establish a second verification mechanism on the website server, so the operation cost of the network service provider is not increased. For the user, the high-security verification login operation can be completed on multiple service web pages by only a single user identification element, and the user's use burden is not increased.

以上所述之實施例,僅係用以說明本發明之特點及功效,而非用以限定本發明之實質技術內容的範圍,本發明之實質技術內容係廣義地定義於下述之申請專利範圍中,任何他人所完成之技術實體或方法,若與下述之所申請專利範圍定義者為完全相同、或是一種等效之變更,均將被視為涵蓋於此專利範圍中。The embodiments described above are only intended to illustrate the features and functions of the present invention, and are not intended to limit the scope of the technical scope of the present invention. The technical scope of the present invention is broadly defined in the following claims. Any technical entity or method completed by any other person, if it is identical to the definition of the patent scope described below, or an equivalent change, will be considered to cover the scope of this patent.

a‧‧‧用戶端裝置a‧‧‧Customer device

b‧‧‧網站伺服器b‧‧‧Web server

c‧‧‧驗證伺服器c‧‧‧Verification server

S1~S4‧‧‧步驟S1~S4‧‧‧ steps

第1圖係為本發明之驗證登入方法之步驟流程圖;以及第2圖係為本發明之驗證登入方法之應用系統架構圖。1 is a flow chart showing the steps of the verification login method of the present invention; and FIG. 2 is an application system architecture diagram of the verification login method of the present invention.

S1~S4...步驟S1~S4. . . step

Claims (10)

一種驗證登入方法,係應用於至少具有藉由網路系統予以連結之用戶端裝置、網站伺服器、及驗證伺服器的系統架構中,該驗證登入方法包括以下步驟:(1)令該用戶端裝置及該網站伺服器分別向該驗證伺服器申請並取得專屬之用戶識別要素及網站識別要素;(2)令該用戶端裝置提供預設對應該網站伺服器之帳號及/或密碼予該網站伺服器,以進行驗證;(3)令通過驗證之該用戶端裝置將自該驗證伺服器取得之該用戶識別要素提供予該網站伺服器,以令該網站伺服器將該用戶端裝置提供之該用戶識別要素及自該驗證伺服器取得之該網站識別要素提供予該驗證伺服器,以令該驗證伺服器依據該用戶識別要素及該網站識別要素,針對該用戶端裝置及該網站伺服器進行驗證;以及(4)當該用戶端裝置及該網站伺服器通過該網站伺服器之驗證時,令通過驗證之該網站伺服器允許通過驗證之該用戶端裝置登入通過驗證之該網站伺服器。 A verification login method is applied to a system architecture having at least a client device, a website server, and an authentication server connected by a network system, and the verification login method includes the following steps: (1) making the client The device and the website server separately apply to the verification server to obtain a unique user identification element and a website identification element; and (2) cause the client device to provide an account and/or password corresponding to the website server to the website. a server for verifying; (3) causing the authenticated user device to provide the user identification element obtained from the verification server to the website server, so that the website server provides the user terminal device The user identification element and the website identification element obtained from the verification server are provided to the verification server, so that the verification server is configured for the user equipment and the website server according to the user identification element and the website identification element. Verifying; and (4) verifying the website when the client device and the web server are authenticated by the web server The server allows the verified client device to log in to the verified web server. 如申請專利範圍第1項所述之驗證登入方法,其中,於步驟(2)中之驗證步驟,係令該網站伺服器依據該預設對應該網站伺服器之帳號及/或密碼針對該用戶端裝置的帳號及/或密碼進行驗證。 The verification login method as described in claim 1, wherein the verification step in the step (2) causes the website server to respond to the user account and/or password corresponding to the website server according to the preset. Verify the account number and / or password of the device. 如申請專利範圍第1項所述之驗證登入方法,其中,於 步驟(2)中之驗證步驟,係令該網站伺服器將該預設對應該網站伺服器之帳號及/或密碼提供予該驗證伺服器,並令該驗證伺服器依據該預設對應該網站伺服器之帳號及/或密碼針對該用戶端裝置的帳號及/或密碼進行驗證。 For example, the verification login method described in claim 1 of the patent scope, wherein The verification step in step (2) causes the website server to provide the default account and/or password corresponding to the website server to the verification server, and causes the verification server to correspond to the website according to the preset The account number and/or password of the server is verified for the account and/or password of the client device. 如申請專利範圍第1項所述之驗證登入方法,其中,於步驟(3)中,令該驗證伺服器依據該用戶識別要素及該網站識別要素,針對該用戶端裝置及該網站伺服器進行驗證的步驟,係包括令該網站伺服器先將該用戶端裝置提供之該用戶識別要素提供予該驗證伺服器,以令該驗證伺服器對該用戶識別要素進行驗證,並於驗證通過後,再令該網站伺服器將自該驗證伺服器取得之該網站識別要素提供予該驗證伺服器,以令該驗證伺服器對該網站識別要素進行驗證。 The verification login method according to claim 1, wherein in the step (3), the verification server is configured to perform, according to the user identification element and the website identification element, the client device and the website server. The step of verifying includes: causing the website server to first provide the user identification element provided by the client device to the verification server, so that the verification server verifies the user identification element, and after the verification is passed, The website server is further provided with the website identification element obtained from the verification server to the verification server, so that the verification server verifies the website identification element. 如申請專利範圍第1項所述之驗證登入方法,其中,於步驟(3)中,令該驗證伺服器依據該用戶識別要素及該網站識別要素,針對該用戶端裝置及該網站伺服器進行驗證的步驟,係包括令該網站伺服器先將自該驗證伺服器取得之該網站識別要素提供予該驗證伺服器,以令該驗證伺服器對該網站識別要素進行驗證,並於驗證通過後再令該網站伺服器將該用戶端裝置提供之該用戶識別要素提供予該驗證伺服器,以令該驗證伺服器對該用戶識別要素進行驗證。 The verification login method according to claim 1, wherein in the step (3), the verification server is configured to perform, according to the user identification element and the website identification element, the client device and the website server. The step of verifying includes: causing the website server to first provide the website identification element obtained from the verification server to the verification server, so that the verification server verifies the website identification element, and after the verification is passed And the website server further provides the user identification element provided by the client device to the verification server, so that the verification server verifies the user identification element. 如申請專利範圍第1項所述之驗證登入方法,其中,步 驟(3)中,令該驗證伺服器依據該用戶識別要素及該網站識別要素,針對該用戶端裝置及該網站伺服器進行驗證的步驟,係包括令該網站伺服器一併將該用戶端裝置提供之該用戶識別要素及自該驗證伺服器取得之該網站識別要素提供予該驗證伺服器,以令該驗證伺服器對該用戶識別要素及該網站識別要素進行驗證。 For example, the verification login method described in claim 1 of the patent scope, wherein In step (3), the step of verifying, by the verification server, the client device and the website server according to the user identification element and the website identification element comprises: causing the website server to The user identification element provided by the device and the website identification element obtained from the verification server are provided to the verification server, so that the verification server verifies the user identification element and the website identification element. 如申請專利範圍第1項所述之驗證登入方法,其中,該用戶識別要素及該網站識別要素係由數字、字母、圖案、聲音、影像及/或符號所組成之識別碼。 The verification login method of claim 1, wherein the user identification element and the website identification element are identification codes consisting of numbers, letters, patterns, sounds, images, and/or symbols. 如申請專利範圍第1項所述之驗證登入方法,其中,該用戶識別要素係對應於該用戶端裝置之網際協議位置,且該網站識別要素係對應於該網站伺服器之網際協議位置。 The verification login method of claim 1, wherein the user identification element corresponds to an internet protocol location of the client device, and the website identification element corresponds to an internet protocol location of the website server. 如申請專利範圍第1項所述之驗證登入方法,其中,該網路系統係為網際網路、企業間網路及/或企業內網路,以區域網路、廣域網路及/或虛擬私有網路之形態,透過有線及/或無線的方式進行資料傳輸。 The verification login method described in claim 1, wherein the network system is an internet network, an inter-enterprise network, and/or an intranet, and is a regional network, a wide area network, and/or a virtual private network. The form of the network, through the wired and / or wireless way of data transmission. 如申請專利範圍第1項所述之驗證登入方法,其中,該密碼係為靜態密碼及/或動態密碼。 The verification login method as described in claim 1, wherein the password is a static password and/or a dynamic password.
TW99119407A 2010-06-15 2010-06-15 Login verification method TWI399070B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW99119407A TWI399070B (en) 2010-06-15 2010-06-15 Login verification method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW99119407A TWI399070B (en) 2010-06-15 2010-06-15 Login verification method

Publications (2)

Publication Number Publication Date
TW201145962A TW201145962A (en) 2011-12-16
TWI399070B true TWI399070B (en) 2013-06-11

Family

ID=46766051

Family Applications (1)

Application Number Title Priority Date Filing Date
TW99119407A TWI399070B (en) 2010-06-15 2010-06-15 Login verification method

Country Status (1)

Country Link
TW (1) TWI399070B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106921650B (en) 2016-12-21 2021-01-19 创新先进技术有限公司 Cross-device login method, system and device

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1128628A1 (en) * 2000-02-23 2001-08-29 Tradesafely.com Limited Method and apparatus for Internet web site authentication
US7016960B2 (en) * 1999-07-08 2006-03-21 Microsoft Corporation Authenticating user access to a network server without communicating user authentication cookie to the network server
EP1752900A1 (en) * 2005-07-18 2007-02-14 Capricorp Limited Website content access control system
TW200814703A (en) * 2006-09-12 2008-03-16 Xin-Yuan Ye Method and system of authenticating the identity of the client
TW200922241A (en) * 2007-10-05 2009-05-16 Iti Scotland Ltd Authentication method and framework

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7016960B2 (en) * 1999-07-08 2006-03-21 Microsoft Corporation Authenticating user access to a network server without communicating user authentication cookie to the network server
EP1128628A1 (en) * 2000-02-23 2001-08-29 Tradesafely.com Limited Method and apparatus for Internet web site authentication
EP1752900A1 (en) * 2005-07-18 2007-02-14 Capricorp Limited Website content access control system
TW200814703A (en) * 2006-09-12 2008-03-16 Xin-Yuan Ye Method and system of authenticating the identity of the client
TW200922241A (en) * 2007-10-05 2009-05-16 Iti Scotland Ltd Authentication method and framework

Also Published As

Publication number Publication date
TW201145962A (en) 2011-12-16

Similar Documents

Publication Publication Date Title
US10686794B2 (en) System in which redirect URL is set for each access range of resource, method for the system, and storage medium for the method
TWI659313B (en) Automatic login method and device between multiple websites
JP5197843B1 (en) Authentication linkage system and ID provider device
CN105917630B (en) Use single-sign-on bootstrapping to the redirection for checking agency
US8799639B2 (en) Method and apparatus for converting authentication-tokens to facilitate interactions between applications
CN104094270B (en) User certificate is protected for computing device
TWI400922B (en) Authentication of a principal in a federation
US8504704B2 (en) Distributed contact information management
US8984621B2 (en) Techniques for secure access management in virtual environments
US6934848B1 (en) Technique for handling subsequent user identification and password requests within a certificate-based host session
US20100011431A1 (en) Methods and apparatus for authorizing access to data
US20120023332A1 (en) System and method for private social networking
CN109428891A (en) Permission transfer system and its control method and client
US10375177B1 (en) Identity mapping for federated user authentication
JP4964338B2 (en) User confirmation apparatus, method and program
JP5988699B2 (en) Cooperation system, its cooperation method, information processing system, and its program.
CN105049427B (en) The management method and device of application system login account
US10601809B2 (en) System and method for providing a certificate by way of a browser extension
JP2014157480A (en) Information processor, program, and control method
JP2005209208A (en) Method, system and program product for electronically executing contract within secure computer infrastructure
CN113922982B (en) Login method, electronic equipment and computer readable storage medium
JPWO2014049709A1 (en) Policy management system, ID provider system, and policy evaluation apparatus
US20230120160A1 (en) Authentication aggregator
JP2006031064A (en) Session management system and management method
JP4932154B2 (en) Method and system for providing user authentication to a member site in an identity management network, method for authenticating a user at a home site belonging to the identity management network, computer readable medium, and system for hierarchical distributed identity management

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees