TWI416922B - Authentication system utilizing image authentication code and method thereof - Google Patents

Authentication system utilizing image authentication code and method thereof Download PDF

Info

Publication number
TWI416922B
TWI416922B TW97146322A TW97146322A TWI416922B TW I416922 B TWI416922 B TW I416922B TW 97146322 A TW97146322 A TW 97146322A TW 97146322 A TW97146322 A TW 97146322A TW I416922 B TWI416922 B TW I416922B
Authority
TW
Taiwan
Prior art keywords
authentication
image
user
code
authentication code
Prior art date
Application number
TW97146322A
Other languages
Chinese (zh)
Other versions
TW201021498A (en
Inventor
Shi Cho Cha
Jian Guang Lin
Hsiao Yung Chen
Pei Wen Juo
li ting Liu
Kuan Ju Huang
Original Assignee
Univ Nat Taiwan Science Tech
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Univ Nat Taiwan Science Tech filed Critical Univ Nat Taiwan Science Tech
Priority to TW97146322A priority Critical patent/TWI416922B/en
Publication of TW201021498A publication Critical patent/TW201021498A/en
Application granted granted Critical
Publication of TWI416922B publication Critical patent/TWI416922B/en

Links

Landscapes

  • Storage Device Security (AREA)
  • Cash Registers Or Receiving Machines (AREA)

Abstract

An authentication system comprises an authentication code generator, for generating an authentication code; and an authentication code to image converter, for transforming the authentication code to an image; an image capture control and recognition unit, for controlling an image capturing device to capture the image and processing the image; and a translation and verification unit, for translating the image into the authentication code and verifying the correctness of the authentication code for determining whether an user is authenticated or not.

Description

運用圖像式認證碼的認證系統及其方法Authentication system using image authentication code and method thereof

本發明係關於一種認證系統及方法,特別係關於一種運用圖像式認證碼的認證系統及方法。The present invention relates to an authentication system and method, and more particularly to an authentication system and method using an image authentication code.

當今各種安全防護系統中,設置密碼以防止他人竊取資訊或重要物品已是一種廣為使用的方法。然而,密碼的形式隨著時代的演進,亦以不同的態樣展現,例如:燒錄於磁卡之IC晶片中的密碼、聲紋密碼或利用其他生物特徵製成的密碼等。在使用密碼的方式上,也因安全系統的不同而有所差異,有些甚至結合兩種不同的保護措施,以提升安全性。In today's security systems, setting passwords to prevent others from stealing information or important items is a widely used method. However, the form of the password has evolved in different ways with the times, such as passwords, voiceprint passwords, or passwords made using other biometrics, which are burned in the IC chip of the magnetic card. The way passwords are used varies from security system to system, and some even combine two different protection measures to improve security.

以傳統密碼來說,使用者往往需要記住密碼並且輸入。如果忘記密碼,必須重新申請,待系統確認身份後,才會核發新的密碼。如果丟失密碼,則可能遭盜用。而且,傳統密碼容易被盜取或破解,尤其是在不安全的網路環境中,駭客經常利用木馬程式或蠕蟲程式植入使用者的電腦以竊取私人密碼。In the case of traditional passwords, users often need to remember the password and enter it. If you forget your password, you must re-apply and wait until the system confirms your identity before issuing a new password. If you lose your password, you may be stolen. Moreover, traditional passwords are easily stolen or cracked, especially in an insecure network environment where hackers often use Trojans or worms to embed a user's computer to steal private passwords.

在保全系統方面,以利用磁性感應的門禁卡來說,有一個潛在危險是可能會被側錄,意欲闖入者利用電子側錄設備擷取資訊,偽造另一張可通行之磁卡,藉以闖入。In terms of security systems, there is a potential danger of using magnetically-sensing access cards, which may be recorded. The intruder intends to use electronic skimming equipment to capture information and falsify another passable magnetic card for intrusion.

在應用生物特徵辨識技術於安全系統方面,目前可供辨識的生物特徵有:指紋辨識、眼球虹膜辨識、聲紋辨識、臉孔辨識、及DNA排序辨識等。利用生物特徵進行辨識最大的問題在於隱私權的問題,例如儲存於系統中的指紋檔一旦流出,可能會遭不法份子濫用。In the application of biometrics technology to security systems, the currently available biometrics include fingerprint identification, iris recognition, voiceprint recognition, face recognition, and DNA sequencing. The biggest problem with biometrics is the issue of privacy. For example, once the fingerprint file stored in the system flows out, it may be abused by illegal elements.

有鑑於上述單一密碼之缺失,故發展出一次性密碼(one-time password)。所謂一次性密碼,係指密碼只能使用一次,使用過後即失效。使用一次性密碼可有效解決密碼被盜用的問題。然而,使用一次性密碼時,使用者往往需要攜帶一次性密碼產生工具,再按照指示輸入密碼,以通過認證,這對使用者來說,操作上非常麻煩。In view of the lack of the above single password, a one-time password has been developed. The so-called one-time password means that the password can only be used once, and it will be invalid after use. Using a one-time password can effectively solve the problem of password theft. However, when using a one-time password, the user often needs to carry a one-time password generation tool, and then enter the password according to the instructions to pass the authentication, which is very troublesome for the user.

本發明之一目的在於提供一種認證系統,以使使用者能夠透過圖像式認證碼取得認證,而無需手動輸入認證碼。It is an object of the present invention to provide an authentication system that enables a user to obtain authentication through an image authentication code without manually entering an authentication code.

本發明之另一目的在於提供一種使用者端認證模組,以產生圖像式認證碼。Another object of the present invention is to provide a user authentication module to generate an image authentication code.

本發明之另一目的在於提供一種服務端驗證模組,以驗證圖像式認證碼。Another object of the present invention is to provide a server authentication module to verify an image authentication code.

本發明之另一目的在於提供一種認證方法,使用者運用圖像式認證碼以取得認證。Another object of the present invention is to provide an authentication method in which a user uses an image authentication code to obtain authentication.

依本發明之一目的,本發明提供一種運用圖像式認證碼的認證系統,其包含一認證碼產生器,用於產生字元形式之認證碼;一認證碼轉圖像轉換器,用於將該字元形式之認證碼轉換成圖像;一圖像擷取控制與處理單元,用於控制一影像擷取裝置以擷取該圖像,且對該圖像進行影像處理;以及一轉譯與驗證單元,用於將該圖像轉譯成字元形式之認證碼,並且驗證轉譯後之字元形式之認證碼以判定使用者是否能夠認證通過。According to one aspect of the present invention, the present invention provides an authentication system using an image authentication code, which includes an authentication code generator for generating an authentication code in the form of a character; an authentication code to image converter for Converting the authentication code in the form of a character into an image; an image capture control and processing unit for controlling an image capture device to capture the image and performing image processing on the image; and a translation And an authentication unit for translating the image into an authentication code in the form of a character, and verifying the authentication code in the form of the translated character to determine whether the user can pass the authentication.

依本發明之另一目的,本發明提供一種使用者端認證模組,包含一認證碼產生器,用於產生字元形式之認證碼;以及一認證碼轉圖像轉換器,用於將該字元形式之認證碼轉換成圖像,其中該圖像用於使用者認證時,予以通行之憑藉。According to another aspect of the present invention, the present invention provides a user end authentication module, including an authentication code generator for generating an authentication code in the form of a character, and an authentication code to image converter for The authentication code in the form of a character is converted into an image, wherein the image is used for user authentication.

依本發明之另一目的,本發明提供一種服務端驗證模組,包含一圖像擷取控制與處理單元,用於控制一影像擷取裝置以擷取內含認證碼資訊之圖像,並對該圖像進行影像處理;以及一轉譯與驗證單元,用於將該圖像轉譯成字元形式之認證碼,並驗證轉譯後之字元形式之認證碼以判定使用者是否能夠認證通過。According to another aspect of the present invention, a server authentication module includes an image capture control and processing unit for controlling an image capture device to capture an image containing authentication code information, and Image processing is performed on the image; and a translation and verification unit is configured to translate the image into an authentication code in the form of a character, and verify the authentication code in the form of the translated character to determine whether the user can pass the authentication.

前述使用者端認證模組中的認證碼轉圖像轉換器可將認證碼轉換成複數幅圖像,重複播放該等圖像以作為圖像式認證碼。或者,將認證碼以及其他相關資訊(例如:認證碼檔案大小、及金鑰長度等)轉換成重複播放的複數幅圖像。相應地,前述服務端驗證模組中的轉譯與驗證單元可將該等圖像轉譯成字元形式之認證碼,再予以驗證。The authentication code to image converter in the foregoing user end authentication module can convert the authentication code into a plurality of images and repeatedly play the images as an image authentication code. Alternatively, the authentication code and other related information (eg, authentication code file size, key length, etc.) are converted into a plurality of images that are repeatedly played. Correspondingly, the translation and verification unit in the server verification module can translate the images into an authentication code in the form of a character and then verify.

依本發明之另一目的,本發明提供一種運用圖像式認證碼的認證方法,包含步驟:產生字元形式之認證碼;將該字元形式之認證碼轉換成圖像;擷取該圖像並對該圖像進行影像處理;以及將該圖像轉譯成字元形式之認證碼,並驗證轉譯後之字元形式之認證碼以判定使用者是否能夠認證通過。According to another object of the present invention, the present invention provides an authentication method using an image authentication code, comprising the steps of: generating an authentication code in the form of a character; converting the authentication code in the form of a character into an image; And image processing the image; and translating the image into an authentication code in the form of a character, and verifying the verified authentication code in the form of a character to determine whether the user can pass the authentication.

本發明並可利用一次性密碼的概念,當使用者需要認證時,才產生認證碼。由於每次產生的認證碼皆不同,故可作為「一次性密碼」以登入或取得服務端提供之服務。本發明將傳統一次性的文字密碼,轉成圖像後進行轉譯與驗證,無需使用者手動輸入密碼。The invention can utilize the concept of a one-time password, which is generated when the user requires authentication. Since the authentication code generated each time is different, it can be used as a "one-time password" to log in or obtain the service provided by the server. The invention converts the traditional one-time text password into an image and then translates and verifies the user without manually inputting the password.

於一實施例中,於需要認證時,使用者利用行動裝置(如:手機、個人數位助理)產生認證碼,並將認證碼轉換成二維條碼(two-dimensional barcode)。透過影像擷取裝置擷取該二維條碼後,服務端將該二維條碼轉換成字元形式的認證碼,而後再進行驗證以判定使用者是否能夠認證通過。In an embodiment, when authentication is required, the user generates an authentication code using a mobile device (eg, a mobile phone, a personal digital assistant), and converts the authentication code into a two-dimensional barcode. After the image capturing device captures the two-dimensional barcode, the server converts the two-dimensional barcode into an authentication code in the form of a character, and then performs verification to determine whether the user can pass the authentication.

為讓本發明之上述內容能更明顯易懂,下文特舉較佳實施例,並配合所附圖式,作詳細說明如下:第1圖係顯示依本發明實施之認證系統的方塊圖。本發明之認證系統包括使用者端認證模組10、服務端驗證模組20。當使用者需經認證時,使用者端認證模組10產生認證碼,並將認證碼轉換成圖像式認證碼(亦即內含認證碼資訊之圖像)。使用者於認證時,與傳統認證方法不同的是,使用者無須手動輸入字元形式的認證碼,而是將圖像式認證碼透過影像擷取裝置312的擷取,傳送至服務端驗證模組20以茲驗證。服務端驗證模組20將圖像式認證碼內含的認證碼資訊取出,或者是將圖像式認證碼轉譯成字元形式的認證碼,藉以判定使用者是否能夠認證通過。本發明可省去使用者須手動輸入認證碼的麻煩,於使用上更為便利,另一方面於安全性上,本發明並不會因為取消手動輸入認證碼而降低安全性,反而更方便與其他資訊安全系統結合,而提昇安全性。In order to make the above description of the present invention more comprehensible, the preferred embodiments of the present invention are described in detail below with reference to the accompanying drawings. FIG. 1 is a block diagram showing an authentication system implemented in accordance with the present invention. The authentication system of the present invention includes a user end authentication module 10 and a server end verification module 20. When the user needs to be authenticated, the user authentication module 10 generates an authentication code and converts the authentication code into an image authentication code (that is, an image containing the authentication code information). When the user authenticates, unlike the traditional authentication method, the user does not need to manually input the authentication code in the form of a character, but transmits the image authentication code to the server verification mode through the image capturing device 312. Group 20 is verified. The server verification module 20 extracts the authentication code information contained in the image authentication code, or translates the image authentication code into an authentication code in the form of a character, thereby determining whether the user can pass the authentication. The invention can save the trouble that the user has to manually input the authentication code, and is more convenient to use. On the other hand, in terms of security, the invention does not reduce the security by canceling the manual input of the authentication code, but is more convenient and convenient. Other information security systems combine to enhance security.

於進行使用者驗證之前,使用者需先向服務端驗證模組20註冊,以將使用者之相關資料,例如:帳號、密碼、生日、電話、及住址等,存入使用者資料庫201。服務端驗證模組20根據儲存於使用者資料庫201的個人資料產生金鑰,一方面將金鑰保存於服務端驗證模組20之金鑰管理單元22中,另一方面將金鑰匯入使用者端認證模組10之金鑰管理單元12。使用者端認證模組10具有一通訊介面11,服務端驗證模組20具有一通訊介面21,使用者端認證模組10與服務端驗證模組20藉由此兩通訊介面11、21以互相傳遞信息。例如服務端驗證模組20之金鑰管理單元22產生之金鑰透過通訊介面21傳送至使用者端認證模組10之通訊介面11,金鑰再儲存於金鑰管理單元12,金鑰管理單元12並將接收成功之信息依序透過通訊介面11、通訊介面21以告知服務端驗證模組20。Before the user is authenticated, the user needs to register with the server verification module 20 to store the relevant information of the user, such as account number, password, birthday, phone number, and address, into the user database 201. The server verification module 20 generates a key according to the personal data stored in the user database 201, and stores the key in the key management unit 22 of the server verification module 20 on the one hand, and imports the key on the other hand. The key management unit 12 of the client authentication module 10. The user authentication module 10 has a communication interface 11, and the server authentication module 20 has a communication interface 21, and the user authentication module 10 and the server authentication module 20 are mutually connected by the two communication interfaces 11, 21. Send message. For example, the key generated by the key management unit 22 of the server verification module 20 is transmitted to the communication interface 11 of the user authentication module 10 through the communication interface 21, and the key is stored in the key management unit 12, and the key management unit 12, and the information about the success of the reception is sequentially transmitted to the server verification module 20 through the communication interface 11 and the communication interface 21.

為達透過圖像式認證碼以供驗證之功能,本發明之使用者端認證模組10包括一認證碼產生器14,用以根據產生認證碼;一認證碼轉圖像轉換器16,用以將認證碼產生器14產生之認證碼轉換成圖像式認證碼。本發明之服務端驗證模組20包括一圖像擷取控制與處理單元26,用以控制影像擷取裝置312以擷取使用者端認證模組10之認證碼轉圖像轉換器16轉換之圖像式認證碼,並對該圖像式認證碼進行影像處理;一轉譯與驗證單元24,用以將處理後之圖像式認證碼轉譯成字元形式之認證碼,並驗證轉譯後之認證碼。簡言之,使用者使用該圖像式認證碼,作為取得認證之憑藉,以登入或取得服務端提供之服務。In order to achieve the function of verifying the image authentication code, the user authentication module 10 of the present invention includes an authentication code generator 14 for generating an authentication code according to an authentication code to the image converter 16, The authentication code generated by the authentication code generator 14 is converted into an image authentication code. The server verification module 20 of the present invention includes an image capture control and processing unit 26 for controlling the image capture device 312 to capture the authentication code to image converter 16 of the user authentication module 10 An image authentication code, and performing image processing on the image authentication code; a translation and verification unit 24 for translating the processed image authentication code into an authentication code in a character form, and verifying the translated image Authentication Code. In short, the user uses the image authentication code as a means of obtaining authentication to log in or obtain the service provided by the server.

於進行使用者驗證時,認證碼產生器14根據使用者認證資訊產生認證碼,轉譯與驗證單元24判斷根據使用者參考認證資訊是否能夠產生與該轉譯後之認證碼相同的認證碼,以判定使用者是否能夠認證通過。舉例而言,如果使用者認證資訊與使用者參考認證資訊有相同的內容,則依相同的認證碼產生法則,即能產生同樣的認證碼。使用者認證資訊係為使用者端認證模組10之認證碼產生器14產生認證碼時之依據,金鑰配合使用者資料和認證當時時間兩者至少一者皆可作為使用者認證資訊。類似地,使用者參考認證資訊係為服務端驗證模組20之轉譯與驗證單元24驗證認證碼時之依據,金鑰配合使用者資料和認證當時時間兩者至少一者皆可作為使用者參考認證資訊。舉例而言,利用金鑰及使用者資料兩者作為使用者認證資訊和使用者參考認證資訊,因在使用者端和服務端,相同的使用者帳號資料會有相同的使用者認證資訊和使用者參考認證資訊,亦即能夠產生同樣的認證碼。反之,在使用者端和服務端,不同的使用者帳號資料會有不同的使用者認證資訊和使用者參考認證資訊,亦即無法產生同樣的認證碼。於進行使用者驗證時,使用者端會根據使用者認證資訊來產生認證碼,本發明藉由在服務端判斷根據使用者參考認證資訊是否能夠產生與使用者端產生之認證碼相同的認證碼,依此方式來認證使用者。然而,需注意的是,本發明不僅限於此種認證方式,其他的認證方式亦可應用於本發明。When performing user authentication, the authentication code generator 14 generates an authentication code based on the user authentication information, and the translation and verification unit 24 determines whether the authentication code corresponding to the translated authentication code can be generated according to the user reference authentication information to determine Whether the user can pass the certification. For example, if the user authentication information has the same content as the user reference authentication information, the same authentication code can be generated according to the same authentication code generation rule. The user authentication information is used as the basis for generating the authentication code by the authentication code generator 14 of the user authentication module 10. At least one of the key and the user data and the time of the authentication can be used as the user authentication information. Similarly, the user reference authentication information is the basis for the translation and verification unit 24 of the server verification module 20 to verify the authentication code, and at least one of the key and the user data and the time of the authentication can be used as a user reference. Certification information. For example, both the key and the user data are used as the user authentication information and the user reference authentication information, because the same user account information has the same user authentication information and usage on the user side and the server side. Referring to the certification information, the same authentication code can be generated. Conversely, on the user side and the server side, different user account data may have different user authentication information and user reference authentication information, that is, the same authentication code cannot be generated. When performing user authentication, the user end generates an authentication code according to the user authentication information. The present invention determines, by the server, whether the authentication code generated by the user end can generate the same authentication code as the authentication code generated by the user end. In this way, the user is authenticated. However, it should be noted that the present invention is not limited to this type of authentication, and other authentication methods are also applicable to the present invention.

本發明之使用者端認證模組10可應用於行動通訊設備,例如:手機、智慧型手機、及個人數位助理(PDA)等,或者是具有顯示圖像之功能的裝置,例如:數位相機、筆記型電腦、迷你型筆記型電腦、及影音播放器等。本發明之服務端驗證模組20係用於驗證使用者端認證模組10使用之圖像式認證碼,可應用於伺服器或工作站。此外,使用者端認證模組10(服務端驗證模組20)可為硬體、韌體、積體電路、或安裝具有使用者端認證模組10(服務端驗證模組20)之功能的應用程式之硬體或韌體。The user end authentication module 10 of the present invention can be applied to a mobile communication device, such as a mobile phone, a smart phone, a personal digital assistant (PDA), or the like, or a device having a function of displaying an image, such as a digital camera, Notebook computers, mini notebook computers, and audio and video players. The server authentication module 20 of the present invention is used for verifying the image authentication code used by the client authentication module 10, and can be applied to a server or a workstation. In addition, the user end authentication module 10 (the server end verification module 20) may be a hardware, a firmware, an integrated circuit, or a function having a user authentication module 10 (the server authentication module 20). The hardware or firmware of the application.

第2圖係顯示依本發明實施之認證方法的流程圖。以下將配合第1圖及第2圖詳細說明本發明。Figure 2 is a flow chart showing an authentication method implemented in accordance with the present invention. Hereinafter, the present invention will be described in detail with reference to Figs. 1 and 2 .

步驟S210:認證碼產生器14根據使用者認證資訊透過赫序函數(hash function)產生認證碼。於此例中,使用者認證資訊包括使用者資料及來自金鑰管理單元22傳送自金鑰管理單元12的金鑰。赫序函數可將不同檔案大小的資料,輸出為固定長度之位元串。著名的赫序函數的有Ronald L. Rivest開發的MD2及MD5,美國的國家標準與技術局(NIST)提出的SHA-1、SHA-2、及SHA-3,日本電話電報公司(NTT)發展的N-Hash,以及源於歐洲RIPE計畫的RIPE-MD。Step S210: The authentication code generator 14 generates an authentication code according to the user authentication information through a hash function. In this example, the user authentication information includes the user profile and the key transmitted from the key management unit 12 from the key management unit 22. The Her-order function can output data of different file sizes as a fixed-length string of bits. The famous he-order functions are MD2 and MD5 developed by Ronald L. Rivest, SHA-1, SHA-2, and SHA-3 proposed by the National Institute of Standards and Technology (NIST) of the United States, and the development of the Japan Telephone and Telegraph Corporation (NTT). N-Hash, and RIPE-MD from the European RIPE program.

步驟S220:認證碼轉圖像轉換器16將認證碼轉換成圖像。於此步驟中,認證碼轉圖像轉換器16可將其他相關資訊,例如:使用赫序函數之類型、認證碼檔案大小、及金鑰長度等資訊,連同認證碼一起轉換成圖像,以使圖像包含該等數位資訊。此外,執行圖像轉換前,認證碼轉圖像轉換器16並可產生錯誤更正碼(error-correcting code),用以在擷取圖像時,因光影或其他外在因素造成讀取錯誤的情況下,作為更正之用。本發明可將認證碼轉換成二維條碼(two-dimensional barcode),或者是將認證碼及其他相關資訊轉成二維條碼,二維條碼的種類繁多,例如:在日本廣為流行的QR碼(QR Code)、台灣廠商開發設計的Quick Mark行動條碼、韓國手機通常使用的Color碼(ColorCode)、Magi碼(MagiCode)、其他如Sema碼(SemaCode)、Shot碼(ShotCode)、及Veri碼(VeriCode)等。Step S220: The authentication code to image converter 16 converts the authentication code into an image. In this step, the authentication code to image converter 16 can convert other related information, for example, using the type of the heuristic function, the size of the authentication code file, and the length of the key, together with the authentication code into an image, Make the image contain the digit information. In addition, before the image conversion is performed, the authentication code is rotated to the image converter 16 and an error-correcting code can be generated to cause a reading error due to light and shadow or other external factors when capturing the image. In the case, it is used as a correction. The invention can convert the authentication code into a two-dimensional barcode, or convert the authentication code and other related information into a two-dimensional barcode, and the two-dimensional barcode has various types, for example, a QR code popular in Japan. (QR Code), Quick Mark action bar code developed and designed by Taiwanese manufacturers, ColorCode, MagiCode, and other SemaCode, ShotCode, and Veri code commonly used in Korean mobile phones. VeriCode) and so on.

步驟S232:圖像擷取控制與處理單元26控制影像擷取裝置312以擷取步驟S220轉換之圖像。對於所擷取之圖像,圖像擷取控制與處理單元26初步判斷該圖像是否為服務端驗證模組20所支援之類型。舉例而言,若服務端驗證模組20無法支援Sema Code類型的二維條碼,只能判讀QR Code及Quick Mark,則Sema Code將無法讀出。Step S232: The image capturing control and processing unit 26 controls the image capturing device 312 to capture the image converted in step S220. For the captured image, the image capture control and processing unit 26 initially determines whether the image is of the type supported by the server verification module 20. For example, if the server verification module 20 cannot support the 2D barcode of the Sema Code type and can only interpret the QR Code and the Quick Mark, the Sema Code cannot be read.

步驟S234:若圖像擷取控制與處理單元26經步驟S232初步判斷擷取之圖像為服務端驗證模組20所支援之類型,則對該圖像進行影像處理。以擷取黑白影像的二維條碼為例,由於影像擷取裝置312在擷取時,容易受到周遭環境光影的影響,使得擷取到的二維條碼之影像並非為純黑及純白的區塊所構成,而是不同程度的灰階,擷取之影像因而造成些許失真。為解決此問題,擷取之影像可透過演算法算出每一像素對應的門檻值,以還原其原本正確之顏色,使得擷取之影像接近原本之二維條碼真正的黑色與白色之配置。另外,在擷取影像時,無論是受到光影折射的影響或使用者在影像擷取時座標軸的不同,皆會造成與真實坐標不同調的情形,因此需要算出誤差並且執行座標轉換,以將擷取到的影像標示成真實的二維座標。Step S234: If the image capture control and processing unit 26 initially determines in step S232 that the captured image is of a type supported by the server verification module 20, the image is processed. Taking the two-dimensional bar code of the black and white image as an example, since the image capturing device 312 is easily affected by the surrounding ambient light and shadow, the captured image of the two-dimensional bar code is not a pure black and pure white block. It is composed of different degrees of gray scale, and the captured image thus causes some distortion. In order to solve this problem, the captured image can calculate the threshold value corresponding to each pixel through the algorithm to restore the original correct color, so that the captured image is close to the original black and white configuration of the original two-dimensional barcode. In addition, when capturing images, whether it is affected by the refraction of light and shadow or the coordinate axis of the user when the image is captured, the situation will be different from the real coordinates. Therefore, it is necessary to calculate the error and perform coordinate conversion to The captured image is labeled as a true two-dimensional coordinate.

步驟S240:轉譯與驗證單元24將步驟S234擷取及處理後之圖像轉譯成認證碼。以黑白影像的二維條碼為例,轉譯與驗證單元24讀取經步驟S234處理後之圖像的每一個像素值,將圖像上黑色點設成數位資料為1,白色點設成數位資料為0,以將該圖像轉譯回步驟S220提及之內含認證碼之數位資訊,同時利用錯誤更正碼進行檢查及更正。轉譯與驗證單元24並驗證數位資訊中內含的認證碼。舉例而言,轉譯與驗證單元24判斷根據使用者參考認證資訊能否產生該轉譯後之認證碼,如果可以產生該轉譯後之認證碼,則使用者可被認證通過,否則使用者無法認證通過。於此例中,與使用者認證資訊相應地,使用者參考認證資訊包括儲存於使用者資料庫201的使用者資料、及儲存於金鑰管理單元22的金鑰。由於在使用者端和服務端同一使用者帳號會有相同內容的使用者認證資訊和使用者參考認證資訊,依相同的認證碼產生法則,服務端能夠產生與使用者端相同的認證碼,亦即可以認證通過。反之,不同的使用者帳號因使用者認證資訊和使用者參考認證資訊不同,故在服務端與使用者端無法產生相同認證碼,亦即無法認證通過。另外,若使用者端使用的帳號,在服務端並無對應之帳號資料,則亦無法認證通過。然而,需注意的是,本發明不僅限於此種認證方式,其他的認證方式亦可應用於本發明。Step S240: The translation and verification unit 24 translates the image captured and processed in step S234 into an authentication code. Taking the two-dimensional barcode of the black and white image as an example, the translation and verification unit 24 reads each pixel value of the image processed in step S234, and sets the black point on the image to be digital data to 1, and the white point to digital data. It is 0 to translate the image back to the digital information contained in the authentication code mentioned in step S220, and to check and correct it by using the error correction code. The translation and verification unit 24 verifies the authentication code contained in the digital information. For example, the translation and verification unit 24 determines whether the translated authentication code can be generated according to the user reference authentication information. If the translated authentication code can be generated, the user can be authenticated, otherwise the user cannot pass the authentication. . In this example, corresponding to the user authentication information, the user reference authentication information includes the user data stored in the user database 201 and the key stored in the key management unit 22. Since the same user account has the same content user authentication information and user reference authentication information on the user side and the server side, according to the same authentication code generation rule, the server can generate the same authentication code as the user end. That is, you can pass the certification. On the other hand, different user accounts are different from the user authentication information and the user reference authentication information. Therefore, the server and the user cannot generate the same authentication code, that is, the authentication cannot be passed. In addition, if the account used by the user does not have corresponding account information on the server, the authentication cannot be passed. However, it should be noted that the present invention is not limited to this type of authentication, and other authentication methods are also applicable to the present invention.

本發明並可利用「一次性密碼」(one-time password)的概念,當使用者需要認證時,使用者端認證模組10之認證碼產生器14產生認證碼,認證碼產生過程並利用當時的時間作為赫序函數之參數,亦即使用者認證資訊包含有金鑰、使用者資料、及認證當時的時間,如此每次產生之認證碼皆不同。因此,此認證碼可作為「一次性密碼」以登入或取得服務端提供之服務。服務端驗證模組20之轉譯與驗證單元24驗證該認證碼時,依據的使用者參考認證資訊亦包含與使用者認證資訊相應之金鑰、使用者資料、及認證當時的時間三者。The present invention can utilize the concept of "one-time password". When the user needs authentication, the authentication code generator 14 of the user authentication module 10 generates an authentication code, and the authentication code generation process uses the current The time is used as the parameter of the epoch function, that is, the user authentication information includes the key, the user data, and the time at the time of the authentication, so that the authentication code generated each time is different. Therefore, this authentication code can be used as a "one-time password" to log in or obtain the services provided by the server. When the translation and verification unit 24 of the server verification module 20 verifies the authentication code, the user reference authentication information according to the user authentication information also includes the key corresponding to the user authentication information, the user data, and the time at the time of authentication.

需注意的是,於步驟S220中,使用者端認證模組10之認證碼轉圖像轉換器16可將認證碼轉換成複數幅圖像,重複播放該等圖像以作為圖像式認證碼。或者,將認證碼以及步驟S220提及之其他相關資訊(使用赫序函數之類型、認證碼檔案大小、及金鑰長度等)轉換成重複播放的複數幅圖像。服務端驗證模組20再透過影像擷取裝置312擷取該等重複播放的複數幅圖像。以重複播放的複數幅二維條碼之圖像為例,由於每張二維條碼之圖像所能儲存的數位資訊有限,故可先將認證碼及上述相關資訊分成數個部分,再將該等部分轉換成二維條碼,例如將認證碼及上述相關資訊分成數個子碼或數個檔案再換成二維條碼。此外,每個部分可加上錯誤更正碼,以作為檢查及更正之用。服務端驗證模組20中的圖像擷取控制與處理單元26對所擷取的複數幅二維條碼之圖像進行影像處理後,轉譯與驗證單元24分別轉譯該等複數幅二維條碼之圖像所包含的數位資訊。使用重複播放的複數幅圖像相較於使用單一幅圖像作為圖像式認證碼,由於複雜度以及被從中攔截的困難度更高,故具有較佳的安全性。It should be noted that, in step S220, the authentication code to image converter 16 of the user authentication module 10 can convert the authentication code into a plurality of images, and repeatedly play the images as an image authentication code. . Alternatively, the authentication code and other related information mentioned in step S220 (using the type of the heuristic function, the authentication code file size, and the length of the key, etc.) are converted into a plurality of images that are repeatedly played. The server verification module 20 then retrieves the plurality of repeatedly played images through the image capturing device 312. Taking the image of the repeated two-dimensional barcode as an example, since the digital information that can be stored in each image of the two-dimensional barcode is limited, the authentication code and the related information may be first divided into several parts, and then the parts are divided into several parts. Converted into a two-dimensional barcode, for example, the authentication code and the related information are divided into several subcodes or several files and then replaced into two-dimensional barcodes. In addition, error correction codes can be added to each section for inspection and correction. After the image capturing control and processing unit 26 in the server verification module 20 performs image processing on the captured image of the plurality of two-dimensional barcodes, the translation and verification unit 24 respectively translates the plurality of two-dimensional barcodes. The digital information contained in the image. The use of repeated playback of a plurality of images as compared to the use of a single image as an image authentication code has better security due to the complexity and the difficulty of being intercepted therefrom.

然而,使用重複播放的複數幅圖像作為圖像式認證碼會產生顯示圖像與擷取圖像不同步的問題。舉例來說,如果四張圖像中每張圖像顯示之時間間隔為0.5秒,服務端驗證模組20之影像擷取裝置312每隔1秒擷取一張圖像,則只能擷取到兩張不同內容的圖像,此時必須調整圖像的顯示速度或重新設定影像擷取裝置312擷取圖像的時間間隔。本發明於圖像擷取過程中,如果經一預定時間後,使用者端認證模組10還沒有接收到服務端驗證模組20發出擷取完成的信息,則使用者端認證模組10將圖像的播放速度調慢。例如,上述的例子中,將每張圖像顯示之時間間隔調整為1秒,以使得影像擷取裝置312可以完整擷取所有的圖像。或者,如果經一預定時間後,服務端驗證模組20還沒將預定數目的圖像擷取完成,則服務端驗證模組20減少影像擷取裝置312擷取圖像的時間間隔,以加快擷取的速度。例如,上述的例子中,將擷取圖像的時間間隔設為0.5秒,以使得影像擷取裝置312可以完整擷取所有的圖像。However, using a plurality of images repeatedly played as an image authentication code causes a problem that the display image is not synchronized with the captured image. For example, if each image in the four images is displayed at a time interval of 0.5 seconds, the image capturing device 312 of the server verification module 20 captures an image every 1 second, and only captures an image. To the image of two different contents, the display speed of the image must be adjusted or the time interval at which the image capturing device 312 captures the image must be reset. In the image capturing process, if the user authentication module 10 has not received the information that the server verification module 20 issues the completion of the retrieval after a predetermined time, the user authentication module 10 will The playback speed of the image is slowed down. For example, in the above example, the time interval for displaying each image is adjusted to 1 second, so that the image capturing device 312 can completely capture all the images. Or, if the server verification module 20 has not completed the predetermined number of images after a predetermined time, the server verification module 20 reduces the time interval for the image capturing device 312 to capture images to speed up The speed of the capture. For example, in the above example, the time interval for capturing images is set to 0.5 seconds, so that the image capturing device 312 can completely capture all the images.

第3圖係顯示依本發明實施之另一認證系統的方塊圖。第3圖顯示之認證系統其結構及功能與第2圖類似,皆是運用圖像式認證碼以認證使用者,但是圖像之擷取與影像處理係於第3圖所示之存取端控制模組30進行,擷取與影像處理後之圖像透過通訊介面31傳送至服務端驗證模組20。於此實施例中,服務端驗證模組20透過通訊介面21接收來自存取端控制模組30之圖像擷取控制與處理單元36處理後之圖像,以轉譯及驗證圖像所包含之數位資訊中的認證碼。Figure 3 is a block diagram showing another authentication system implemented in accordance with the present invention. Figure 3 shows the authentication system whose structure and function are similar to those in Figure 2. The image authentication code is used to authenticate the user, but the image capture and image processing are based on the access terminal shown in Figure 3. The image is processed by the control module 30, and the image after the image processing is transmitted to the server verification module 20 through the communication interface 31. In this embodiment, the server verification module 20 receives the image processed by the image capture control and processing unit 36 from the access control module 30 through the communication interface 21 to translate and verify the image included. The authentication code in the digital information.

於進行使用者驗證之前,使用者需先註冊,可透過存取端控制模組30向服務端驗證模組20註冊,以將使用者之相關資料,存入使用者資料庫201。當使用者透過存取端控制模組30來存取特定資源時,這裡所說的特定資源可能是實體裝置或是資訊系統,存取端控制模組30會要求服務端驗證模組20驗證使用者的身分。此時,使用者需將使用者端認證模組10產生之圖像式認證碼透過影像擷取裝置312的擷取輸出至存取端控制模組30,存取端控制模組30將擷取與影像處理後之圖像傳送至服務端驗證模組20。服務端驗證模組20再將該圖像轉譯成認證碼,並驗證該認證碼以判定使用者是否能夠認證通過。服務端驗證模組20並將驗證之結果傳給使用者端認證模組10及存取端控制模組30。存取端控制模組30即可透過該驗證結果來決定使用者是否可以登入或是否提供服務予該使用者。需注意的是,使用者端認證模組10可將認證碼轉換成複數幅圖像,重複播放該等圖像以作為圖像式認證碼,透過存取端控制模組30之圖像擷取控制與處理單元26控制影像擷取裝置312擷取該等圖像後,服務端驗證模組20再將該等圖像轉成認證碼,並驗證該認證碼以判定使用者是否能夠認證通過。Before the user is authenticated, the user needs to register first, and can register with the server verification module 20 through the access control module 30 to store the related data of the user in the user database 201. When the user accesses the specific resource through the access control module 30, the specific resource mentioned herein may be a physical device or an information system, and the access control module 30 may request the server verification module 20 to verify the use. The identity of the person. At this time, the user needs to output the image authentication code generated by the user authentication module 10 to the access control module 30 through the image capturing device 312, and the access control module 30 will capture the image. The image processed with the image is transmitted to the server verification module 20. The server verification module 20 then translates the image into an authentication code and verifies the authentication code to determine whether the user can pass the authentication. The server verification module 20 transmits the verification result to the user authentication module 10 and the access control module 30. The access control module 30 can determine whether the user can log in or provide services to the user through the verification result. It should be noted that the user authentication module 10 can convert the authentication code into a plurality of images, and repeatedly play the images as an image authentication code, and the image is captured by the access control module 30. After the control and processing unit 26 controls the image capturing device 312 to capture the images, the server verification module 20 converts the images into an authentication code and verifies the authentication code to determine whether the user can pass the authentication.

本發明之存取端控制模組30可應用於各式終端模組,例如:應用於個人電腦、手提電腦、及具有控制存取功能的終端機(例如:提款機、自動櫃員機、補摺機、及收銀機等)。存取端控制模組30可為硬體、韌體、積體電路、或安裝具有存取端控制模組30之功能的應用程式之硬體或韌體。The access control module 30 of the present invention can be applied to various terminal modules, for example, applied to personal computers, laptop computers, and terminals with control access functions (for example, cash machines, ATMs, and tonics). Machine, cash register, etc.). The access control module 30 can be a hardware, a firmware, an integrated circuit, or a hardware or firmware that installs an application having the functionality of the access control module 30.

綜上所述,雖然本發明已用較佳實施例揭露如上,然其並非用以限定本發明,本發明所屬技術領域中具有通常知識者,在不脫離本發明之精神和範圍內,當可作各種之更動與潤飾,因此本發明之保護範圍當視後附之申請專利範圍所界定者為準。In view of the above, the present invention has been disclosed in the above preferred embodiments, and is not intended to limit the invention, and the present invention may be made without departing from the spirit and scope of the invention. Various modifications and refinements are made, and the scope of the present invention is defined by the scope of the appended claims.

10...使用者端認證模組10. . . User authentication module

11...通訊介面11. . . Communication interface

12...金鑰管理單元12. . . Key management unit

14...認證碼產生器14. . . Authentication code generator

16...認證碼轉圖像轉換器16. . . Authentication code to image converter

20...服務端驗證模組20. . . Server authentication module

21...通訊介面twenty one. . . Communication interface

22...金鑰管理單元twenty two. . . Key management unit

24...轉譯與驗證單元twenty four. . . Translation and verification unit

26...圖像擷取控制與處理單元26. . . Image capture control and processing unit

201...使用者資料庫201. . . User database

30...存取端控制模組30. . . Access control module

31...通訊介面31. . . Communication interface

36...圖像擷取控制與處理單元36. . . Image capture control and processing unit

312...影像擷取裝置312. . . Image capture device

S210...步驟S210. . . step

S220...步驟S220. . . step

S232...步驟S232. . . step

S234...步驟S234. . . step

S240...步驟S240. . . step

第1圖係顯示依本發明實施之認證系統的方塊圖。Figure 1 is a block diagram showing an authentication system implemented in accordance with the present invention.

第2圖係顯示依本發明實施之認證方法的流程圖。Figure 2 is a flow chart showing an authentication method implemented in accordance with the present invention.

第3圖係顯示依本發明實施之另一認證系統的方塊圖。Figure 3 is a block diagram showing another authentication system implemented in accordance with the present invention.

10...使用者端認證模組10. . . User authentication module

11...通訊介面11. . . Communication interface

12...金鑰管理單元12. . . Key management unit

14...認證碼產生器14. . . Authentication code generator

16...認證碼轉圖像轉換器16. . . Authentication code to image converter

20...服務端驗證模組20. . . Server authentication module

21...通訊介面twenty one. . . Communication interface

22...金鑰管理單元twenty two. . . Key management unit

24...轉譯與驗證單元twenty four. . . Translation and verification unit

26...圖像擷取控制與處理單元26. . . Image capture control and processing unit

201...使用者資料庫201. . . User database

312...影像擷取裝置312. . . Image capture device

Claims (43)

一種運用圖像式認證碼的認證系統,包含:一使用者端認證模組,包含:一認證碼產生器,用於產生一字元形式之認證碼,其中該認證碼包含認證當時的時間資訊;以及一認證碼轉圖像轉換器,用於將該字元形式之認證碼轉換成一圖像;以及一服務端驗證模組,包含:一圖像擷取控制與處理單元,用於控制一影像擷取裝置以擷取該圖像,且對該圖像進行影像處理;以及一轉譯與驗證單元,用於將該圖像轉譯成該字元形式之認證碼,並且驗證該轉譯後之字元形式之認證碼以判定使用者是否能夠認證通過。 An authentication system using an image authentication code, comprising: a user end authentication module, comprising: an authentication code generator, configured to generate an authentication code in the form of a character, wherein the authentication code includes time information at the time of authentication And an authentication code to image converter for converting the authentication code in the form of a character into an image; and a server verification module comprising: an image capture control and processing unit for controlling one An image capture device for capturing the image and performing image processing on the image; and a translation and verification unit for translating the image into an authentication code in the form of the character, and verifying the translated word The meta-form authentication code is used to determine whether the user can pass the authentication. 如申請專利範圍第1項所述之認證系統,其中該認證碼轉圖像轉換器係將該字元形式之認證碼轉換成複數幅圖像,該等圖像係重複播放。 The authentication system of claim 1, wherein the authentication code to image converter converts the authentication code in the form of a character into a plurality of images, the images being played repeatedly. 如申請專利範圍第2項所述之認證系統,其中該認證碼轉圖像轉換器係將該字元形式之認證碼分成複數個部分,每個部分轉換成一張圖像。 The authentication system of claim 2, wherein the authentication code to image converter divides the authentication code in the form of a character into a plurality of parts, each part being converted into an image. 如申請專利範圍第2項所述之認證系統,其中藉由調慢該等圖像的播放速度,以使該影像擷取裝置完整擷取該等圖像。 The authentication system of claim 2, wherein the image capturing device completely captures the images by slowing down the playback speed of the images. 如申請專利範圍第1項所述之認證系統,其中該圖像擷取控制與處理單元更對該擷取後之圖像執行座標旋轉處理。 The authentication system of claim 1, wherein the image capture control and processing unit performs coordinate rotation processing on the captured image. 如申請專利範圍第1項所述之認證系統,其中該認證碼產生器係根據使用者認證資訊以產生該字元形式之認證碼,該轉譯與驗證單元係根據使用者參考認證資訊來驗證該轉譯後之字元形式之認證碼,其中該使用者參考認證資訊係用以認證使用者,當該轉譯與驗證單元判定利用該使用者參考認證資訊能夠產生該轉譯後之字元形式之認證碼,則表示使用者認證通過。 The authentication system of claim 1, wherein the authentication code generator generates an authentication code in the form of a character according to user authentication information, and the translation and verification unit verifies the user according to the authentication information. a translated character in the form of a character, wherein the user reference authentication information is used to authenticate the user, and when the translation and verification unit determines that the user reference authentication information is used, the translated code in the form of the translated character can be generated. , indicating that the user authentication passed. 如申請專利範圍第6項所述之認證系統,其中該使用者認證資訊及該使用者參考認證資訊均包含金鑰及使用者資料。 For example, in the authentication system described in claim 6, wherein the user authentication information and the user reference authentication information include a key and a user data. 如申請專利範圍第7項所述之認證系統,其中該使用者認證資訊及該使用者參考認證資訊均更包含認證當時的時間。 For example, in the authentication system described in claim 7, wherein the user authentication information and the user reference authentication information further include the time of the certification. 如申請專利範圍第1項所述之認證系統,其中該圖像係為二維條碼(two-dimensional barcode)。 The authentication system of claim 1, wherein the image is a two-dimensional barcode. 如申請專利範圍第9項所述之認證系統,其中二維條碼之類型係選自由QR碼(QR Code)、Quick Mark行動條碼、Color碼(ColorCode)、Magi碼(MagiCode)、Sema碼(SemaCode)、Shot碼(ShotCode)、及Veri碼(VeriCode)所組成的群組。 For example, the authentication system described in claim 9 wherein the type of the two-dimensional barcode is selected from a QR code, a Quick Mark action bar code, a Color code, a Magi code, and a Sema code. ), the group of Shot code (ShotCode), and Veri code (VeriCode). 如申請專利範圍第1項所述之認證系統,其中該字元形式之認證碼係為藉由一赫序函數(hash function)產生之固定長度的位元串。 The authentication system of claim 1, wherein the authentication code in the character form is a fixed length bit string generated by a hash function. 如申請專利範圍第11項所述之認證系統,其中該赫序函數係選自由MD2、MD5、SHA-1、SHA-2、SHA-3、N-Hash、及RIPE-MD所組成的群組。 The authentication system of claim 11, wherein the heuristic function is selected from the group consisting of MD2, MD5, SHA-1, SHA-2, SHA-3, N-Hash, and RIPE-MD. . 如申請專利範圍第1項所述之認證系統,其中該認證碼轉圖像轉換 器將該字元形式之認證碼加上錯誤更正碼(error-correcting code)轉換成該圖像。 The authentication system described in claim 1, wherein the authentication code is converted to image conversion The character-form authentication code plus the error-correcting code is converted into the image. 一種使用者端認證模組,包含:一認證碼產生器,用於產生一字元形式之認證碼,其中該認證碼包含認證當時的時間資訊;以及一認證碼轉圖像轉換器,用於將該字元形式之認證碼轉換成一圖像,其中該圖像用於使用者認證時,予以通行之憑藉。 A user end authentication module includes: an authentication code generator for generating an authentication code in the form of a character, wherein the authentication code includes time information at the time of authentication; and an authentication code to image converter for The authentication code in the form of a character is converted into an image, wherein the image is used for user authentication. 如申請專利範圍第14項所述之使用者端認證模組,其中該認證碼轉圖像轉換器係將該字元形式之認證碼轉換成複數幅圖像,該等圖像係重複播放。 The user authentication module according to claim 14, wherein the authentication code to image converter converts the authentication code in the form of a character into a plurality of images, and the images are repeatedly played. 如申請專利範圍第15項所述之使用者端認證模組,其中該認證碼轉圖像轉換器藉由調慢該等圖像的播放速度,以使該等圖像可被完整擷取。 The user authentication module according to claim 15, wherein the authentication code to image converter slows down the playback speed of the images so that the images can be completely captured. 如申請專利範圍第14項所述之使用者端認證模組,其中該認證碼產生器係根據使用者認證資訊產生該字元形式之認證碼。 The user authentication module according to claim 14, wherein the authentication code generator generates the authentication code in the character form according to the user authentication information. 如申請專利範圍第17項所述之使用者端認證模組,其中該使用者認證資訊包含金鑰及使用者資料。 The user authentication module according to claim 17, wherein the user authentication information includes a key and a user data. 如申請專利範圍第18項所述之使用者端認證模組,其中該使用者認證資訊更包含認證當時的時間。 The user authentication module according to claim 18, wherein the user authentication information further includes the time of the authentication. 如申請專利範圍第14項所述之使用者端認證模組,其中該圖像係為二維條碼(two-dimensional barcode)。 The user authentication module according to claim 14, wherein the image is a two-dimensional barcode. 如申請專利範圍第14項所述之使用者端認證模組,其中該字元形式 之認證碼係為藉由一赫序函數(hash function)產生之固定長度的位元串。 For example, the user end authentication module described in claim 14 of the patent scope, wherein the character form The authentication code is a fixed length bit string generated by a hash function. 如申請專利範圍第14項所述之使用者端認證模組,其中該認證碼轉圖像轉換器將該字元形式之認證碼加上錯誤更正碼(error-correcting code)轉換成該圖像。 The user authentication module according to claim 14, wherein the authentication code to image converter converts the authentication code in the form of a character with an error-correcting code into the image. . 一種服務端驗證模組,包含:一圖像擷取控制與處理單元,用於控制一影像擷取裝置以擷取一內含認證碼資訊之圖像,並對該圖像進行影像處理,其中該認證碼包含認證當時的時間資訊;以及一轉譯與驗證單元,用於將該圖像轉譯成一字元形式之認證碼,並驗證該轉譯後之字元形式之認證碼以判定使用者是否能夠認證通過。 A server-side verification module includes: an image capture control and processing unit, configured to control an image capture device to capture an image containing the authentication code information, and perform image processing on the image, wherein The authentication code includes time information at the time of authentication; and a translation and verification unit for translating the image into an authentication code in the form of a character, and verifying the translated code in the form of the translated character to determine whether the user can Certification passed. 如申請專利範圍第23項所述之服務端驗證模組,其中該圖像擷取控制與處理單元係控制該影像擷取裝置擷取內含認證碼資訊且重複播放的複數幅圖像,並對該等圖像進行影像處理。 The server verification module according to claim 23, wherein the image capture control and processing unit controls the image capture device to capture a plurality of images including the authentication code information and repeatedly playing, and Image processing is performed on the images. 如申請專利範圍第24項所述之服務端驗證模組,其中該圖像擷取控制與處理單元藉由控制該影像擷取裝置加快該等圖像之擷取速度,以完整擷取該等圖像。 The server verification module according to claim 24, wherein the image capture control and processing unit speeds up the capture speed of the images by controlling the image capture device to completely capture the images. image. 如申請專利範圍第23項所述之服務端驗證模組,其中該圖像擷取控制與處理單元更對該擷取後之圖像執行座標旋轉處理。 The server verification module according to claim 23, wherein the image capture control and processing unit performs a coordinate rotation process on the captured image. 如申請專利範圍第23項所述之服務端驗證模組,其中該轉譯與驗證單元根據使用者參考認證資訊來認證使用者,該轉譯與驗證單元判斷根據該使用者參考認證資訊是否能夠產生該轉譯後之字元形式之認 證碼,以判定使用者是否能夠認證通過。 The server verification module according to claim 23, wherein the translation and verification unit authenticates the user according to the user reference authentication information, and the translation and verification unit determines whether the authentication information can be generated according to the user reference information. Recognition of the character form after translation The code is used to determine whether the user can pass the authentication. 如申請專利範圍第27項所述之服務端驗證模組,其中該使用者參考認證資訊包含金鑰及使用者資料。 For example, the server verification module described in claim 27, wherein the user reference authentication information includes a key and user data. 如申請專利範圍第28項所述之服務端驗證模組,其中該使用者參考認證資訊更包含認證當時的時間。 For example, the server verification module described in claim 28, wherein the user reference authentication information further includes the time at the time of authentication. 如申請專利範圍第23項所述之服務端驗證模組,其中該圖像係為二維條碼(two-dimensional barcode)。 The server verification module according to claim 23, wherein the image is a two-dimensional barcode. 如申請專利範圍第23項所述之服務端驗證模組,其中該字元形式之認證碼係為藉由一赫序函數(hash function)產生之固定長度的位元串。 The server verification module according to claim 23, wherein the authentication code in the character form is a fixed length bit string generated by a hash function. 一種運用圖像式認證碼的認證方法,包含步驟:採用一使用者端認證模組產生一字元形式之認證碼,其中該認證碼包含認證當時的時間資訊;採用該使用者端認證模組將該字元形式之認證碼轉換成一圖像;採用一服務端驗證模組擷取該圖像並對該圖像進行影像處理;以及採用該服務端驗證模組將該圖像轉譯成該字元形式之認證碼,並驗證該轉譯後之字元形式之認證碼以判定使用者是否能夠認證通過。 An authentication method using an image authentication code, comprising the steps of: generating a verification code in the form of a character by using a user authentication module, wherein the authentication code includes time information at the time of authentication; and using the user authentication module Converting the authentication code in the form of a character into an image; capturing the image by using a server verification module and performing image processing on the image; and translating the image into the word by using the server verification module The authentication code in the form of a meta-type, and the authentication code in the form of the translated character is verified to determine whether the user can pass the authentication. 如申請專利範圍第32項所述之認證方法,其中該字元形式之認證碼係轉換成複數幅圖像,該等圖像係重複播放。 The authentication method according to claim 32, wherein the authentication code of the character form is converted into a plurality of images, and the images are repeatedly played. 如申請專利範圍第33項所述之認證方法,其中藉由調慢該等圖像的播放速度,以完整擷取該等圖像。 The authentication method of claim 33, wherein the images are completely captured by slowing down the playback speed of the images. 如申請專利範圍第32項所述之認證方法,更包含對該擷取後之圖像執行座標旋轉處理之步驟。 The authentication method described in claim 32 of the patent application further includes the step of performing coordinate rotation processing on the captured image. 如申請專利範圍第32項所述之認證方法,其中於產生該字元形式之認證碼的步驟中,該字元形式之認證碼係根據使用者認證資訊而產生,於驗證該轉譯後之字元形式之認證碼的步驟中,該轉譯後之字元形式之認證碼係根據使用者參考認證資訊來驗證,其中該使用者參考認證資訊係用以認證使用者,當判定利用該使用者參考認證資訊能夠產生該轉譯後之字元形式之認證碼,則表示使用者認證通過。 The authentication method according to claim 32, wherein in the step of generating the authentication code in the character form, the authentication code in the character form is generated according to the user authentication information, and the word after the translation is verified. In the step of the authentication code of the meta-form, the authentication code in the form of the translated character is verified according to the user's reference authentication information, wherein the user refers to the authentication information for authenticating the user, and when determining to use the user reference The authentication information can generate the authentication code in the form of the translated character, indicating that the user authentication is passed. 如申請專利範圍第36項所述之認證方法,其中該使用者認證資訊及該使用者參考認證資訊均包含金鑰及使用者資料。 For example, the authentication method described in claim 36, wherein the user authentication information and the user reference authentication information both include a key and user data. 如申請專利範圍第37項所述之認證方法,其中該使用者認證資訊及該使用者參考認證資訊均更包含認證當時的時間。 For example, the authentication method described in claim 37, wherein the user authentication information and the user reference authentication information further include the time at the time of certification. 如申請專利範圍第32項所述之認證方法,其中該圖像係為二維條碼(two-dimensional barcode)。 The authentication method of claim 32, wherein the image is a two-dimensional barcode. 如申請專利範圍第39項所述之認證方法,其中二維條碼之類型係選自由QR碼(QR Code)、Quick Mark行動條碼、Color碼(ColorCode)、Magi碼(MagiCode)、Sema碼(SemaCode)、Shot碼(ShotCode)、及Veri碼(VeriCode)所組成的群組。 The authentication method described in claim 39, wherein the type of the two-dimensional barcode is selected from a QR code, a Quick Mark action bar code, a Color code, a Magi code, and a Sema code. ), the group of Shot code (ShotCode), and Veri code (VeriCode). 如申請專利範圍第32項所述之認證方法,其中該字元形式之認證碼係為藉由一赫序函數(hash function)產生之固定長度的位元串。 The authentication method of claim 32, wherein the authentication code of the character form is a fixed length bit string generated by a hash function. 如申請專利範圍第41項所述之認證方法,其中該赫序函數係選自由MD2、MD5、SHA-1、SHA-2、SHA-3、N-Hash、及RIPE-MD所組成的群組。 The authentication method according to claim 41, wherein the heuristic function is selected from the group consisting of MD2, MD5, SHA-1, SHA-2, SHA-3, N-Hash, and RIPE-MD. . 如申請專利範圍第32項所述之認證方法,其中係將該字元形式之認證碼加上錯誤更正碼(error-correcting code)轉換成該圖像。The authentication method according to claim 32, wherein the authentication code in the character form is added to the image by an error-correcting code.
TW97146322A 2008-11-28 2008-11-28 Authentication system utilizing image authentication code and method thereof TWI416922B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW97146322A TWI416922B (en) 2008-11-28 2008-11-28 Authentication system utilizing image authentication code and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW97146322A TWI416922B (en) 2008-11-28 2008-11-28 Authentication system utilizing image authentication code and method thereof

Publications (2)

Publication Number Publication Date
TW201021498A TW201021498A (en) 2010-06-01
TWI416922B true TWI416922B (en) 2013-11-21

Family

ID=44832646

Family Applications (1)

Application Number Title Priority Date Filing Date
TW97146322A TWI416922B (en) 2008-11-28 2008-11-28 Authentication system utilizing image authentication code and method thereof

Country Status (1)

Country Link
TW (1) TWI416922B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9979977B2 (en) 2015-09-18 2018-05-22 Industrial Technology Research Institute Methods and devices of generating and decoding image streams with respective verification data
US9984264B2 (en) 2015-10-29 2018-05-29 Industrial Technology Research Institute Data transmission apparatus, data read apparatus, data encoding and decoding apparatus, and method thereof for patternized data

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5904616B2 (en) * 2011-12-16 2016-04-13 インテル・コーポレーション Secure user authentication and certification against remote servers
TWI482093B (en) * 2013-08-13 2015-04-21 Mitac Int Corp Mobile device management system and method thereof
TWI585606B (en) * 2014-01-21 2017-06-01 人民股份有限公司 System and method for authentication
CN108681896A (en) 2018-03-29 2018-10-19 阿里巴巴集团控股有限公司 Displaying, recognition methods and the device of Quick Response Code

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200644562A (en) * 2005-03-16 2006-12-16 Sony Corp Communication system, communication device and method, recording medium, and program

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200644562A (en) * 2005-03-16 2006-12-16 Sony Corp Communication system, communication device and method, recording medium, and program

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9979977B2 (en) 2015-09-18 2018-05-22 Industrial Technology Research Institute Methods and devices of generating and decoding image streams with respective verification data
US9984264B2 (en) 2015-10-29 2018-05-29 Industrial Technology Research Institute Data transmission apparatus, data read apparatus, data encoding and decoding apparatus, and method thereof for patternized data

Also Published As

Publication number Publication date
TW201021498A (en) 2010-06-01

Similar Documents

Publication Publication Date Title
US9892245B2 (en) Method and apparatus for using a multi-factor password or a dynamic password for enhanced security on a device
CN106487762B (en) user identity recognition method, identity recognition application client and server
US8661254B1 (en) Authentication of a client using a mobile device and an optical link
ES2951585T3 (en) Transaction authentication using a mobile device identifier
KR100992573B1 (en) Authentication method and system using mobile terminal
US20080305769A1 (en) Device Method & System For Facilitating Mobile Transactions
WO2015188426A1 (en) Method, device, system, and related device for identity authentication
BR112015000980B1 (en) COMPUTER IMPLEMENTED VERIFICATION METHOD
TWI416922B (en) Authentication system utilizing image authentication code and method thereof
WO2015188424A1 (en) Key storage device and method for using same
JP2008544710A (en) Method and apparatus for implementing encryption
CN101951320A (en) Implementation method, device and system of dynamic password
CN102456102A (en) Method for carrying out identity recertification on particular operation of information system by using Usb key technology
US11240029B2 (en) Method of registration and access control of identity for third-party certification
WO2018043951A1 (en) Pos device and system for performing payment authentication using biometric information, and control method therefor
TW201710953A (en) Electronic device and system and method of controlling access to the same
CN111177674A (en) Device verification method and device
KR20190052405A (en) Computer security system and method using authentication function in smart phone
JP2014048713A (en) Input information authenticating device and program for the same
CN103049686A (en) Method for verifying information of database and user through universal serial bus (Usb) key
EP3757922A1 (en) Electronic payment system and method and program using biometric authentication
KR102196347B1 (en) System for electronic payment and method for operating the same
US11681787B1 (en) Ownership validation for cryptographic asset contracts using irreversibly transformed identity tokens
JP2006323691A (en) Authentication device, registration device, registration method and authentication method
JP2019050014A (en) Account opening system, account opening method, and program

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees