TWI604330B - Methods for dynamic user identity authentication - Google Patents

Description

Dynamic user identity verification method

The present invention relates to a method of verifying user identity, and more particularly to a dynamic user identity verification method.

With the development of Internet technology, users often use network services or access network content through electronic devices. In order to maintain the privacy of user accounts and to secure the security of transactions or services, access to many such services or content is restricted, that is, users must indicate their identity through a verification process before they can use or access them. Limited service or content.

Traditionally, users are often required to enter a user account and password to verify the user's identity; however, if the password is stolen or cracked by others, the user's identity will be fraudulently exploited by others. In other words, the traditional user identity verification cannot confirm whether the person who entered the relevant account number and password information is the real user himself.

On the other hand, different websites may have different requirements for establishing user accounts and passwords, resulting in users having to manage a combination of multiple account passwords.

In order to improve the security problem, some verification mechanisms have been used to identify biometric information, such as comparing fingerprints, sounds, and facial features of users. For example, the electronic device can capture the influence of the user and use the facial feature recognition software to identify the user identity. However, such verification methods can only provide a certain degree of additional protection, and cannot completely prevent others from using the user identity. Taking facial feature recognition as an example, others may use the user's photo to pass the verification. Furthermore, not all electronic devices are equipped with devices capable of capturing one or more biological information, so the field of use is also limited.

In view of the above problems, there is a need in the art to provide a simpler and more secure method for user identity verification.

SUMMARY OF THE INVENTION The Summary of the Disclosure is intended to provide a basic understanding of the present disclosure. This Summary is not an extensive overview of the disclosure, and is not intended to be an

One aspect of the present invention relates to a dynamic user identity verification method. One of the features of the method is the use of air signature verification technology to enhance the security of user accounts. Moreover, in some embodiments, the air signature verification procedure can be used to replace the traditional user account and/or password verification steps, which further simplifies the user identity verification procedure. Moreover, in an optional implementation manner, the dynamic user identity verification method may further compare whether the signature device used for air signature is a signed signature device to further improve user account security. .

According to some embodiments of the present invention, when the user identity of the login device is verified by the dynamic user identity verification method, the following steps are included. First, an access request from the login device is received using a web server. Then, the web server generates the resource address information and the session identifier (session identifier) based on the received access request, and transmits the resource address information and the work phase identification code to the login device. Thereafter, the activation signal is generated by the login device and transmitted to the signature device, wherein the activation signal includes the resource address information and the work phase identification code. Next, the signature program is used to initiate an air signature program based on the received activation signal; the signature device includes a motion sensor that can be used to sense a mobile feature of the user's mobile signature device to generate a target signature. Then, the determining module determines whether the target signature matches the basic signature, generates a verification message based on the determination result, and transmits the verification message to the web server according to the resource address information; the verification message includes signature matching degree information and Work phase identification code. Next, the web server determines whether to accept the access request based on the received verification message.

According to an optional embodiment, the access request from the login device may also include a user account entered in the login device. Also optionally, the access request from the login device may also include a user account and password entered in the login device.

In various embodiments of the present invention, the activation signal generated by the login device and transmitted to the signature device can be encoded into any of the following types: optically identifiable data, tone data, and data that can be transmitted through the communication device.

According to various embodiments of the present invention, the motion sensor in the signature device can sense at least one or more of the following mobile features of the user when moving the signature device: direction of movement, acceleration, and angular velocity.

In an optional embodiment of the present invention, the determining module pre-stores one or more basic signatures, and the determining module can compare the similarity between the target signature and the basic signature at least in the moving direction, the acceleration, and/or the angular velocity, and When the similarity is higher than the threshold, the determining module determines that the target signature matches the basic signature.

In some embodiments, the determining module is disposed in the signature device; or the determining module is disposed in the air signature verification server.

According to some optional embodiments, the verification message further includes a device identification code of the signature device. In these embodiments, the dynamic verification method further includes the steps of: using a web server to compare the device identification code and the associated device identification code associated with the user to obtain a comparison result; and using the web server to match the signature based Information and comparison results, decide whether to accept access requests.

Another aspect of the present invention relates to a dynamic user identity verification method. One of the features of the method is to use an air signature verification technology and a device identification code to enhance user account security.

According to various embodiments of the present invention, the dynamic user identity verification method includes the following steps. First, an access request from the login device is received using a web server. Then, the resource address information and the work phase identification code are generated by the web server based on the access request and transmitted to the login device. Thereafter, the activation signal including the resource address information and the work phase identification code is generated by the login device, and the activation signal is transmitted to the signature device. Next, the signature process is initiated by the signature device based on the activation signal, wherein the signature device includes a motion sensor that can be used to sense the mobile feature of the user's mobile signature device to generate a target signature. Then, using the determining module located in the signature device to determine whether the target signature matches the basic signature, and when the target signature matches the basic signature, the determining module generates a verification message including the work phase identification code and the device identification code, and This verification message is sent to the web server. Next, the web server is used to compare the device identification code with the associated device identification code associated with the user to obtain a comparison result. Thereafter, the web server determines whether to accept the access request based on the comparison result.

As can be appreciated, the various embodiments described in the previous aspect of the invention, as per the allowable range, are also applicable to this aspect.

Another aspect of the present invention relates to a dynamic user identity verification method. One of the features of the method is to use an air signature verification technology to enhance the security of user accounts. In addition, this method allows the signature device to interact with the web server without providing a more convenient verification process.

In accordance with various embodiments of the present invention, the method includes the steps of first sensing a mobile signature of a user's mobile signature device using a signature device that includes a motion sensor and stored with an air signature program to generate a target signature. Next, the determining module determines whether the target signature matches the basic signature. When the target signature matches the base signature, the method then generates a verification pass message using the decision module or the signature device and transmits the verification message to the login device.

In some optional implementations, the verification pass message includes a user account and password, but does not include resource address information. At this time, the method includes receiving an input of resource address information by using the login device, and using the login device to bring in the user account and password in the verification pass message to complete the login.

In still other optional embodiments, the verification pass message includes both resource address information and a user account and password. In this case, the method includes using the login device to bring in the resource address information and the user account and password to complete the login.

According to other optional embodiments, the verification pass message includes resource address information, but does not include a user account and password. In this embodiment, the login device may be provided with an external module, and the user account and password are stored in the plug-in module; in this case, the method may first use the plug-in module to bring in the resources in the verification pass message. Address information, and then bring in the user account and password stored in the plug-in module to complete the login.

As can be appreciated, another aspect of the present invention is directed to a computer storable medium. The computer storable medium has computer readable instructions stored thereon, and when executed, the instructions can be used to perform the dynamic user identity verification method described in the above aspects/embodiments of the present invention.

In another aspect, an aspect of the invention is directed to a system for performing the dynamic user identity verification method described above. For example, the system can include a login device and a signature device. In some embodiments, the system can also include a web server and/or an air signature verification server.

The basic spirit and other objects of the present invention, as well as the technical means and implementations of the present invention, will be readily apparent to those skilled in the art of the invention.

The description of the embodiments of the present invention is intended to be illustrative and not restrictive. The features of the various embodiments, as well as the method steps and sequences thereof, are constructed and manipulated in the embodiments. However, other specific embodiments may be utilized to achieve the same or equivalent functions and sequence of steps.

The scientific and technical terms used herein have the same meaning as commonly understood by those of ordinary skill in the art to which the invention pertains, unless otherwise defined herein. In the absence of conflict with context, the singular noun used in this specification covers the plural of the noun, and the plural noun used also covers the singular of the noun. In addition, in the scope of the present specification and the patent application, the expressions "at least one" and "one or more" have the same meaning, and both represent one, two, three or more. What is more, in the scope of this specification and the patent application, "at least one of A, B and C", "at least one of A, B or C" and at least one of "A, B and / or C" It refers to only A, only B, only C, A and B, B and C, A and C, and A, B and C.

One aspect of the present invention is directed to a dynamic user identity verification method. When a user attempts to access a restricted network service or content through the login device, the dynamic user identity verification method proposed herein can be activated to verify whether the user is a real user through an air signature program. To ensure account security.

The flowchart of FIG. 1 illustrates an exemplary dynamic user identity verification method 100; as shown, the method steps of the embodiment are indicated by solid lines (steps S101-S115); and the steps involving user interaction are It is indicated by a dotted line (steps S201, S203); further, the steps according to an alternative embodiment are indicated by broken lines (step S113'). 2 and 3 respectively illustrate an exemplary system for implementing a dynamic user identity verification method (eg, method 100) according to various embodiments of the present invention, and methods and components of the system for implementing the present invention. The interaction of time.

Before explaining the method of the present invention in detail, the basic apparatus included in the system for carrying out the invention will be briefly described. Taking the system 200 shown in FIG. 2 as an example, it includes a web server 210, a login device 220, and a signature device 230.

In general, to transfer data over the Internet (World Wide Web), Hypertext Transfer Protocol (HTTP) is required; and web server 210 is a computer system capable of processing HTTP requests or used to process HTTP. Requested computer software. The main function of web server 210 is to store, process, and deliver web content (eg, text, images, formats, scripts, etc.). The web server 210 described herein may be provided in a single system or device, or may be provided in a distributed computing environment.

The login device 220 is an electronic device with a processor; in order to implement the method proposed in the present application, the login device 220 can also be provided with appropriate input and output components and communication components for the user to access the network content and The login device 220 can interact with the web server 210 and the signature device 230. As can be understood, the login device 220 generally has at least some form of storage medium; the storage medium includes an electrical, non-electrical, removable, and non-removable media, and an appropriate method can be applied. Or technology that enables the above media to be used to store the desired information (eg, computer readable instructions, data structures, application modules, and other materials). Storage media includes but is not limited to: RAM, ROM, EEPROM, flash memory, or other memory technology, CD-ROM, digital versatile audio and video (DVD), or other optical storage, magnetic tape, tape, disk A slice memory, as well as other magnetic storage devices, or any other medium that can be used to store the required information and be accessible to the processor. In general, communication components can be used to implement computer readable instructions, data, structures, application modules and other data into various data signals and can be transmitted through any communication medium. By way of illustration and not limitation, communication media includes wired media (such as a wired network or direct wired connection) and wireless media (such as sonic, infrared, radio, microwave, spread spectrum, and other wireless media technologies). Furthermore, computer readable media as used herein refers to any available media that can be accessed by the processor, such as the storage media described above, communication components, or a combination of both. By way of illustration and not limitation, the login device 220 can be a desktop computer, a server computer, a handheld or laptop device, a personal digital assistant, a multi-processor system, a microprocessor-based system, a set-top box , programmable consumer electronics, mobile phones (especially smart phones), network computers, mini computers, host computers, distributed computing environments containing any of the above systems or devices, and the like.

Signature device 230 is a device that is capable of executing an air signature program and can sense one or more mobile features generated during the user's movement of the signature device 230 to generate a target signature. In order to carry out the aforementioned functions, the signature device 230 includes at least a processor, a storage medium, an input device, an output device, a communication component to execute an air signature program, and other devices in the system (eg, web server 210, login device 220) The components described above for the login device 220 are also applicable to the signature device 230, and are not described herein again. Additionally, the signature device 230 can also include an accelerometer and/or a gyro sensor to sense the moving features. An accelerometer can be used to measure linear acceleration; for example, the accelerometer can be a single or multi-axis accelerometer. After the accelerometer senses the acceleration readings of the various axes in the axial direction, the accelerometer can transmit it to the application executing the air signature program for recording the speed of movement of the signature device 230 in each axial direction. In a preferred embodiment, the accelerometer provides instant three-dimensional acceleration data. In addition, accelerometer readings can be utilized to measure the acceleration effects of the Earth's gravitational force on the signature device 230, and the degree of tilt of the signature device 230 relative to the direction of gravity of the Earth is calculated by accelerometer readings in the X, Y, and Z axes. Gyro sensors, on the other hand, can be used to measure the angular velocity of the signature device 230 at various axial directions. The signature device 230 can be any electronic device that can be used by the user to perform an air signature action; when it is conceivable, the signature device 230 should be easily moved to facilitate the user to perform an air signature. By way of illustration and not limitation, the signature device 230 can be implemented as a variety of types of mobile phones (especially smart phones), personal digital assistants, and other programmable consumer electronics. The programmable consumer electronic product may be a tablet device, a wearable smart device (eg, a smart bracelet, a smart watch, a smart ring) or a handheld input device (eg, an electronic pen, a joystick, a remote control) The invention is not limited thereto.

According to some embodiments of the present invention, a determination module 240 is further disposed in the signature device 230. The determining module 240 can be used to compare whether the target signature received by the signature device 230 matches a pre-stored basic signature.

Next, referring to FIG. 1 and FIG. 2, the illustrated dynamic user authentication method 100 will be described. According to some embodiments of the present invention, when the user wants to access a specific web service or content through the web server 210, the user may transmit an access request to the web server 210 by using the login device 220 in the user interaction step S201. Request, AR).

In accordance with the principles and spirit of the present invention, the particular network service or content is restricted access resources; such as account data, payment authorization, customized pages, printing privilege, paid content, and the like. In general, the address of the specific network service or content to be accessed is the resource address described in this article; such address is usually in the form of a uniform resource locator (URL). Said.

Generally, when the user issues the access request AR, the user can initiate communication between the login device 220 and the web server 210 through a user agent (such as a web browser) stored in the login device 220. For example, the user can enter a login address information in the web browser, and the browser will present a login page for the user to perform the subsequent identity verification step. In this embodiment, the access request AR sent by the login device 220 will carry information containing the login address information.

According to some embodiments of the present invention, the user identity is verified using the air signature program described below, so that when the user issues an access request AR, the user account and/or password may not be entered. However, if necessary, the user may be required to first enter the user account or the user account and password in the login page, and transmit the account and/or password information as part of the access request AR. To web server 210.

In step S101 of the present invention, the web server 210 receives the access request AR from the login device 220. Thereafter, the web server 210 may generate a resource address information (URL) and a session ID (SID) based on the access request AR, and transmit the generated resource address information URL and the work phase identification code SID to The device 220 is logged in (step S103 of the present invention). For example, the web server 210 may perform packet processing on the resource address information URL and the work phase identification code SID, and convert the signal into a signal that can be received and recognized by the login device 220. In step S103 of the present invention, the web server 210 also transmits the generated signal (i.e., the signal including the resource address information URL and the work phase identification code SID) to the login device 220.

It is conceivable that in some embodiments, the login address entered in step S101 of the present invention is the resource address where the service or content to be accessed is located. In other modes, the login address and the resource address are different addresses; that is, after the user inputs the login address through the browser and completes the identity verification, the browser may be based on the web server 210 in step S103 of the present invention. The generated resource address information is directed to the address of the specific network service or content to be accessed, and the related content is presented.

In step S105 of the present invention, the login device 220 generates an initiation signal (I) after receiving the signal including the resource address information URL and the work phase identification code SID. The activation signal I includes the resource address information URL and the work phase identification code SID. In addition, the enable signal I can be encoded as an encoded version that can be received and recognized by the signature device 230; for example, any of the following types of encoding: optically identifiable data, tonal data, or data that can be transmitted through a communication device. For example, the optically identifiable data may be a quick response code (commonly known as a QR code), a bar code, a picture, a text string, or a combination of light flicker frequencies, or a combination of the above signals. In terms of tone data, the enable signal I can be encoded as: a dual tone multi-frequency (DTFM) signal, a music, a voice, or a frequency signal that is inaudible to the human ear, or a combination of the above signals. In addition, the enable signal I can also be encoded as data that can be transmitted through the following communication devices: near field communication (NFC), specific network (ad-hoc), WiFi wireless network (WiFi), Bluetooth Bluetooth, Z-Wave, XBee wireless network or other local radio frequency.

It can be understood that when the login device 220 converts the resource address information URL and the session identification code SID into the activation signal I by using the desired coding pattern, the login device 220 is provided with an output capable of transmitting such a specific coding type signal. The component, and the signature device 230 also needs to be provided with an input element that can receive such a signal. For example, the login device 220 may package and convert the resource address information URL and the work phase identification code SID into a QR code. At this time, the login device 220 may be equipped with a screen to present the QR code, and the signature device 230 may be equipped with An image capture device (eg, a camera) to receive input of a QR code. The above-mentioned coding modes and transmission and reception devices are merely exemplary, and the present invention is not limited thereto; those skilled in the art having the knowledge of the present invention can implement the login device 220 by using techniques and devices known or equivalent in the art. Signal transmission between signature devices 230.

Next, in step S107 of the present invention, when the signature device 230 receives the activation signal I, an air signature procedure (AS) is started. The air signature procedure is an action-based identity recognition method proposed by the inventor of the present invention. The air signature program is characterized by a basic signature group obtained through the training phase and calculating the rigor associated with the signature; and a comparison phase to compare the target signature with the base signature group, and the target signature has arrived relative to the base signature When the similarity threshold is used, it is considered to grant the user relevant authority through the verification program. In some embodiments, such an air signature program can identify air signature features in less than 0.1 seconds with an accuracy of greater than 99%.

When the signature device 230 is activated, the signature device 230 can issue a prompt (such as message, sound, vibration, flash, etc.) to the user in an appropriate manner to remind the user to start the air signature (user interaction step S203). At this time, the user can move the signature device 230, and the motion sensor in the signature device 230 senses one or more moving features generated by the user during the process of moving the signature device 230, and generates a target signature (target signature, TS).

According to various embodiments of the present invention, the motion sensor of the signature device 230 may sense at least one of the following parameters: the direction of movement of the signature device 230, the acceleration and the angular velocity; to generate the target signature TS.

Next, in step S109 of the present invention, it is determined by the determination module 240 provided in the signature device 230 whether the target signature TS generated by the signature device 230 and the reference signature (RS) match. The base signature RS described herein is the base signature RS captured and stored by the air signature program AS during the previous training phase. In different embodiments, the determining module 240 can compare the similarity of one or more features of the target signature TS and the base signature RS in the moving direction, the acceleration and the angular velocity, and make a determination result. According to the principle and spirit of the present invention, when the determining module 240 determines that the similarity is higher than a predetermined threshold, the determining module 240 determines that the target signature TS matches the basic signature RS.

In accordance with an optional embodiment of the present invention, the air signature program AS may store one or more base signature RSs for a single signature scheme (e.g., John Smith). In addition, the air signature program AS can store one or more base signature RSs of a plurality of different signature methods (eg, John Smith, John, Smith, J Smith, JS1, or JS2, etc.). What is more, in the embodiment adopted as needed, the access permission of a restricted network resource may be associated with one or more of the plurality of signature manners; or the number of accesses may be The permissions of the restricted network resources are respectively associated with one or more of the plurality of signature methods described above. By way of illustration and not limitation, the user may pre-set the following associations through the air signature program AS: associate the signatures "John Smith", "J Smith", and "JS1" with the rights to access the first website; "John" and "Smith" respectively associate with the access rights of the second and third websites; associate the signature method "JS1" with the online payment authority of the first credit card; and sign the "JS2" and the second credit card Network payment permissions are associated, etc.

In general, the air signature program can be implemented as one or more computer executable instructions (eg, a program module) that can be used by a computer or various devices having comparable processing capabilities (eg, signature device 230). carried out. In general, program modules include, but are not limited to, routines, programs, objects, components, and data structures that perform specific tasks or implement specific abstract data types. When the dynamic user identity verification method 100 is implemented using the system shown in FIG. 2, the air signature program is implemented in a single device (e.g., signature device 230). However, the air signature program can also be implemented in a decentralized computing environment, and the entire air signature program can be completed by a plurality of remote processing devices connected through a communication network. In a distributed computing environment, each of the cooperating devices may include a memory device to store one or all of the program modules for implementing the air signature program AS (see the related description of FIG. 3 below).

After the determination module 240 completes the determination, in the step S111 of the present invention, the determination module 240 generates an authentication information (AI) based on the determination result, and transmits the verification message AI to the web server 210 (for example, The determining module 240 can transmit the verification message AI to the web server 210 via the communication component of the signature device 230. In detail, the verification message AI includes a signature matching degree information and a work phase identification code SID. The signature match information can be used to indicate the similarity between the target signature TS and the base signature RS. In an embodiment, the signature match information only presents the similarity determined by the determination module 240. In an alternative embodiment, the signature match information includes a predetermined similarity threshold in addition to the similarity described above. Alternatively, the signature match information may be used to indicate whether the similarity between the target signature TS and the base signature RS is higher than a predetermined similarity threshold.

Thereafter, the web server 210 determines whether to accept the access request AR based on at least the received verification message AI.

According to some embodiments, in step S113 of the present invention, the web server 210 determines based on the signature matching information in the verification message AI; when the signature matching information indicates that the target signature TS is verified by the air signature program AS, In the inventive step S115, the web server 210 accepts the access request AR, thereby allowing the user to access the restricted network resources.

In some embodiments, the verification message AI further includes the device identification code of the signature device 230. On the other hand, the associated device identification code of the signature device 230 can be stored in the web server 210 in advance. At this time, after the step S111 of the present invention, the step S113' of the present invention can be performed, and the web server 210 compares the device identification code of the signature device 230 for performing the air signature program AS with the pre-stored associated device identification code. And the web server 210 can decide whether to accept the access request AR based on the signature matching degree information in the verification message AI and the comparison result of the device identification code. When the signature matching degree information indicates that the target signature TS is verified by the air signature program AS and the comparison result of the web server shows that the device identification code of the signature device 230 is the same as the associated device identification code, in step S115 of the present invention, the web server is used. 210 accepts the access request AR, thereby allowing the user to access restricted network resources. The user account security can be further enhanced by the dual mechanism of the air signature program AS and the comparison device identifier.

Alternatively, the verification message AI may also have no signature match information. For example, after the determining module 340 determines that the signature similarity exceeds the threshold, the signature device 230 sends the verification message AI; the verification message AI includes the work phase identification code SID and the device identification code for comparison by the web server. . In this case, the web server 210 compares the device identification code of the signature device 230 for performing the air signature program AS with the pre-stored associated device identification code, and determines whether to accept based on the comparison result. Access request AR.

In addition to the system 200 described above, the system 300 shown in FIG. 3 can also be utilized to implement the dynamic user identity verification method 100 of the present invention. The system 300 shown in FIG. 3 is the same as the system 200 shown in FIG. 2, and the main difference between the two is that the determination module 340 is not disposed in the signature device 330; otherwise, the determination module 340 can be set in an air signature servo. In the device 350, and in communication with the signature device 330, the target signature TS from the signature device 330 is received, and the verification message AI is generated after the determination. The verification message AI is then transmitted by the air signature server 350 to the web server 310. According to an alternative embodiment of the present invention, the signature device 330 can also transmit the device identification code when transmitting the target signature TS to the determination module 340; and the determination module 340 can also be included in the device when the verification message AI is generated. Identification code information.

The invention also proposes another dynamic user identity verification method. One of the features of the method is to use the air signature verification technology to strengthen the security of the user account. In addition, the method can make the signature device do not need to interact with the web server, and can provide a more convenient verification process when the connection capability between the signature device and the web server is limited.

The flowchart of FIG. 4 illustrates an exemplary dynamic user identity verification method 400; as shown, the method steps of the embodiment are indicated by solid lines (steps S401-S409); and the steps involving user interaction are It is indicated by a dotted line (step S501). 5 and 6 respectively illustrate an exemplary system for implementing a dynamic user identity verification method (eg, method 400) in accordance with various embodiments of the present invention, and methods of implementing the present invention in various devices/elements within the system The interaction of time. The devices and components included in the systems shown in Figures 5 and 6 are similar to those in Figures 2 and 3, respectively. The main difference is that the interactions of the devices/components in implementing the dynamic user identity verification method are different; Only the differences are explained. For the structure of each device/element and the functions that it can perform, refer to the related description above for Figures 1-3.

According to an embodiment of the present invention, the flow of user identity verification using the dynamic user identity verification method 400 and the system 200 is as follows. The user initiates an air signature program in the signature device 230. For example, the user can select or input the name or address of the restricted resource to be accessed through the user interface of the air signature program, and then perform an air signature in the user interaction step S501.

When the user performs an air signature, the signature device 230 senses the movement characteristics of the user's mobile signature device 230 and generates a target signature TS (step S401 of the present invention).

Thereafter, at S403, the determination module 240 located in the signature device 230 determines whether the target signature TS matches the basic signature RS, and makes a determination result.

In the step S405 of the present invention, when the determining module 240 determines whether the similarity between the target signature TS and the basic signature RS is higher than the threshold, the determining module 240 determines that the target signature matches the basic signature, and generates a verification pass message ( PASS). Also in step S405 of the present invention, the signature device 230 encodes the verification pass message PASS into an appropriate format and transmits it to the login device 220. For example, the signature device 230 encodes the verification message PASS into a QR code, and the image capture device of the login device 220 retrieves the QR code.

In some optional implementations, the verification pass message PASS includes the user account and password, but does not include the resource address information URL. At this time, the method 400 includes receiving the input of the resource address information URL by using the login device 220, and using the login device 220 to bring in the user account and password in the verification pass message PASS. For example, the login device 220 can present a browser interface for the user to input the resource address information URL. After receiving the QR code from the login device 220, the login device 220 automatically brings in the QR code to point to the resource address information URL. User account and password required by web server 210 (step 407 of the present invention).

Alternatively, the verification pass message PASS includes both the resource address information URL and the user account and password. In this case, method 400 includes utilizing login device 220 to bring in a resource address information URL and a user account and password. In other words, after receiving the QR code, the login device 220 presents a browser interface, and the browser interface has automatically brought in the resource address information URL, user account and password encoded in the QR code (step 407 of the present invention). ).

According to other optional embodiments, the verification pass message PASS includes the resource address information URL, but does not include the user account and password. In this embodiment, the login device 220 can be provided with a plug-in module, and the user account and password are stored in the plug-in module; in this case, the method 400 can be brought into the verification pass message by using the plug-in module. The resource address information URL is then brought into the user account and password stored in the plug-in module. In such an embodiment, after receiving the QR code, the login device 220 presents a browser interface that enables the plug-in module, and the browser interface automatically brings in the resource address information URL encoded in the QR code and pre-stored. User account and password in the plug-in module (step 407 of the present invention).

Thereafter, in step S409 of the present invention, the login device 220 transmits an access request AR to the web server 210. According to the principle and spirit of the present invention, the access request AR includes information such as a resource address information URL, a user account and a password, and the web server 210 can decide to accept or reject the user's use based on the access request AR. Restricted resources.

Moreover, dynamic user identity verification method 400 can also be utilized in system 300 in accordance with certain embodiments of the present invention. The difference between the system 200 shown in FIG. 5 and the system 300 shown in FIG. 6 is as described above, and reference is made to FIGS. 4 and 6 below, and a dynamic user identity verification method is implemented for the same with the operating system 200. The difference of 400 is explained.

In the present embodiment, the user activates the air signature program in the signature device 330 and performs an air signature by the mobile signature device 330 (user interaction step S501). After the signature device 330 generates the target signature TS (step S401 of the present invention), the target signature TS is transmitted to the determination module 340 via the communication component (for example, the determination module 340 disposed in the air signature server 350), and then the determination module The group 340 judges the similarity between the target signature TS and the base signature RS (step S403 of the present invention). The determination module 340 generates a verification message AI based on the above determination result, and transmits it to the signature device 330 through the communication component of the air signature server 350. In step S405 of the present invention, when the verification message AI indicates that the similarity between the TS and the base signature RS is higher than the threshold value, the signature device 330 determines that the target signature matches the base signature and generates a verification pass message (PASS). Also in step S405 of the present invention, the signature device 330 encodes the verification pass message PASS into an appropriate format and transmits it to the login device 320. Then, in step 407 of the present invention, after receiving the verification pass message PASS, the login device 320 can use any of the methods described above to bring the code into the verification pass message PASS or the user through the browser interface. The resource address information URL input by the input device of the login device 220, and the user account and password encoded in the verification pass message PASS or brought by the plug-in module. Finally, in step S409 of the present invention, the login device 320 transmits an access request AR to the web server 310, and the web server 210 determines whether to accept based on the resource address information URL and the user account and password in the access request AR. Users use restricted resources.

The dynamic user identity verification methods 100, 400 described above are all from the perspective of completing the entire dynamic user identity verification process. As can be imagined, the scope of the present invention also covers the flow of methods performed from the perspective of any of the web server, the login device, the signature device, or the judging module.

Starting from the action performed by the web server, the dynamic user identity verification method according to some embodiments of the present invention includes the following steps: (1) receiving an access request from the login device by using a web server; (2) Generating, by the web server, a resource address information and a work phase identification code based on the access request, and transmitting the same to the login device, wherein the login device generates the resource address information and the work phase identification code. Transmitting a signal and transmitting it to a signature device, wherein the signature device activates an air signature program based on the activation signal, by using a motion sensor to sense a movement feature of the user moving the signature device to generate a a target signature, when a determining module determines whether the target signature matches a basic signature, generates a verification message, and transmits the verification message to the web server, the verification message includes a signature matching degree information and the working stage An identification code; and (3) using the web server to determine whether to accept the access request based on the verification message

Starting from the action performed by the login device, the dynamic user identity verification method according to some embodiments of the present invention includes the following steps: (1) sending an access request to the web server by using the login device, wherein the web server is based on the access Requesting to generate a resource address information and a work phase identifier and transmitting the same to the login device; and (2) using the login device to generate a start signal including the resource address information and the session identifier Transmitting it to a signature device, such that the signature device activates an air signature program based on the activation signal to sense a user moving the signature feature of the signature device through a motion sensor and generate a target signature. When the determining module determines whether the target signature matches a basic signature, generating a verification message, and transmitting the verification message to the webpage server, the verification message includes a signature matching degree information and the session identifier. And using the web server to determine whether to accept the access request based on the verification message.

Starting from the action performed by the signature device, the dynamic user identity verification method according to some embodiments of the present invention includes the following steps: (1) when a web server receives an access request from the login device, the web server is based on the The access request generates a resource address information and a work phase identification code and transmits the same to the login device, and the login device generates a start signal including the resource address information and the work phase identification code, and uses a signature device Receiving an activation signal and initiating an air signature program based on the activation signal, wherein the signature device includes a motion sensor for sensing a movement feature of the user to move the signature device to generate a target signature; and (2) Determining whether the target signature matches a basic signature by using a determining module of the signature device to generate a verification message, and transmitting the verification message to the web server, the verification message including a signature matching degree information and the work The stage identification code, if the web server determines whether to accept the access based on the verification message .

Starting from the action performed by the signature device, the dynamic user identity verification method according to some embodiments of the present invention includes the following steps: (1) when a web server receives an access request from the login device, the web server is based on the The access request generates a resource address information and a work phase identification code and transmits the same to the login device, and the login device generates a start signal including the resource address information and the work phase identification code, and uses a signature device Receiving an activation signal and initiating an air signature program based on the activation signal, wherein the signature device includes a motion sensor for sensing a movement feature of the user to move the signature device to generate a target signature; and (2) Using the signature device to transmit the target signature to a determination module, if the determination module determines whether the target signature matches a basic signature, to generate a verification message, and transmit the verification message to the web server, The verification message includes a signature match information and the session ID, and the web server is based on the Card message, decide whether to accept the access request.

As can be appreciated, another aspect of the present invention is directed to a computer storable medium (e.g., a program module). The computer storable medium has computer readable instructions stored thereon, and when executed, the instructions can be used to perform the dynamic user identity verification method described in the above aspects/embodiments of the present invention. Taking a program module as an example, the web server, the login device, the signature device and/or the determination module for executing the method respectively store one or all of the program modules in order to cooperate with each other to complete the operation. The dynamic user identity verification method. Alternatively, one or all of the program modules may be stored in a device or location other than one or more of the web server, the login device, the signature device, and the determination module, and may be transmitted through an appropriate transmission mechanism (eg, The communication component is transmitted to the devices/components.

In another aspect, an aspect of the invention is directed to a system for performing the dynamic user identity verification method described above. For example, the system can include a login device and a signature device. In some embodiments, the system can also include a web server and/or an air signature verification server. The structure and function of the various devices/elements included in the system are as described above.

Although the embodiments of the present invention are disclosed in the above embodiments, the present invention is not intended to limit the invention, and the present invention may be practiced without departing from the spirit and scope of the invention. Various changes and modifications may be made thereto, and the scope of the invention is defined by the scope of the appended claims.

The symbols are as follows:
100, 400‧‧‧ method
S101~S115, S201~S203, S401~S409, S501‧‧‧ steps
200, 300‧‧‧ system
210, 310‧‧‧Web server
220, 320‧‧‧ Login device
230, 330‧‧‧ Signature device
240, 340‧‧‧ judgment module
350‧‧‧Air signature server
AI‧‧‧ verification message
AR‧‧‧ access request
I‧‧‧ start signal
PASS‧‧‧Verification pass message
SID‧‧‧Working Stage ID
TS‧‧‧Target Signature
URL‧‧‧Resource Address Information

The above and other objects, features, advantages and embodiments of the present invention will become more apparent and understood. The description of the drawings is as follows: FIG. 1 is a flow chart illustrating a dynamic user in accordance with an embodiment of the present invention. FIG. 2 is a schematic diagram showing the interaction between the system and the device/component for performing the dynamic user identity verification method 100 according to an embodiment of the invention; FIG. 3 is a schematic diagram showing Another embodiment of the present invention is a system and apparatus/component interaction for performing the dynamic user identity verification method 100. FIG. 4 is a flow chart illustrating dynamic user identity verification according to another embodiment of the present invention. FIG. 5 is a schematic diagram showing a system and apparatus/component interaction for performing a dynamic user identity verification method 400 according to still another embodiment of the present invention; and FIG. 6 is a schematic diagram showing Another embodiment of the present invention is used to perform the interaction between the system and device/components of the dynamic user identity verification method 400.

The various features and elements in the figures are not drawn to scale, and are in the In addition, similar elements/components are referred to by the same or similar element symbols throughout the different drawings.

100‧‧‧ method

S101~S203‧‧‧Steps

Claims (16)

A dynamic user identity verification method for verifying a user identity of a login device includes the steps of: receiving an access request from the login device using a web server; and utilizing the web server based on the access Requesting to generate a resource address information and a work phase identification code, and transmitting the same to the login device; using the login device to generate an activation signal including the resource address information and the work phase identification code and transmitting the same to the The signing device is different from a signature device; the signature device is used to activate an air signature program based on the activation signal, wherein the signature device includes a motion sensor for sensing a movement feature of the user to move the signature device to generate a target signature; determining whether the target signature matches a basic signature by using a determining module to generate a verification message, and transmitting the verification message to the web server according to the resource address information, the verification message including a signature Conformity information and the work phase identification code; and using the web server based on the verification message Decide whether to accept the access request. The method of claim 1, wherein the access request comprises: a user account entered in the login device or inputting a user account and password. The method of claim 1, wherein the activation signal is encoded as an optically identifiable material, tonal data, or data transmittable by the communication device. The method of claim 3, wherein the optically identifiable material is a quick response (QR) code, a bar code, a picture, a text string, or a combination of light flicker frequencies. The method of claim 1, wherein the moving feature comprises at least one of: a moving direction, an acceleration, and an angular velocity. The method of claim 5, wherein the determining module compares a moving direction, an acceleration, and/or an angular velocity of the target signature with a moving direction, an acceleration, and/or an angular velocity of the base signature, and when When the similarity is higher than a threshold, the determining module determines that the target signature matches the basic signature. The method of claim 1, wherein the verification message further comprises a device identification code of the signature device, and the method further comprises: utilizing the web server to associate the device identification code with an associated with the user The device identification code is used to obtain a comparison result; and the web server is used to determine whether to accept the access request based on the signature matching degree information and the comparison result. The method of claim 1, wherein the determining module is disposed in the signature device. The method of claim 1, wherein the determining module is disposed in an air signature verification server. A dynamic user identity verification method for verifying a user identity of a login device includes the steps of: receiving an access request from the login device using a web server; and utilizing the web server based on the access Requesting to generate a resource address information and a work phase identification code, and transmitting the same to the login device; using the login device to generate an activation signal including the resource address information and the work phase identification code and transmitting the same to the a different signature device of the login device; Using the signature device to initiate an air signature program based on the activation signal, wherein the signature device includes a motion sensor for sensing a movement feature of the user to move the signature device to generate a target signature; using a determination module Determining whether the target signature is consistent with a basic signature, wherein the determining module is located in the signature device, and when the target signature matches the basic signature, the determining module generates a verification message, and the verification message is The resource address information is transmitted to the webpage server, and the verification message includes the work phase identification code and a device identification code; the server identifier is used to compare the device identification code with an associated device identification code associated with the user, To obtain a comparison result; and using the web server to determine whether to accept the access request based on the comparison result. The method of claim 10, wherein the access request comprises: a user account entered in the login device or a user account and password. The method of claim 10, wherein the activation signal is encoded as an optically identifiable material, tonal data, or data transmittable by the communication device. The method of claim 12, wherein the optically identifiable material is a quick response (QR) code, a bar code, a picture, a text string, or a combination of light flicker frequencies. The method of claim 10, wherein the moving feature comprises at least one of: a moving direction, an acceleration, and an angular velocity. The method of claim 14, wherein the determining module compares a moving direction, an acceleration, and/or an angular velocity of the target signature with a moving direction, an acceleration, and/or an angular velocity of the base signature, and when When the similarity is higher than a threshold, the determining module determines that the target signature matches the basic signature. A dynamic user identity verification method for verifying a user identity of a login device includes the steps of: sensing, by a signature device different from the login device, a user moving a mobile feature of the signature device to generate a a target signature, wherein the signature device includes a mobile sensor and stores an air signature program; determining, by a determining module, whether the target signature matches a basic signature; and when the target signature matches the basic signature, using the determination The module or signature device generates a verification pass message and transmits it to the login device, the verification pass message may include resource address information and/or a user account and password; wherein: (1) when the verification pass message only contains When the user account and the password are used, the login device receives the input of the resource address information and brings in the user account and password in the verification pass message; (2) when the verification pass message includes the resource address information And the user account and password, using the login device to bring in the resource address information and the user account and password Or (3) when the verification pass message contains only the resource address information, the login device includes an external module, and the user account and password are stored in the plug-in module, wherein the plug-in module is used first Bringing the resource address information in the verification pass message to the user account and password; using the login device to transmit an access request to a web server, wherein the access request includes a resource address information and the User account and password; and Based on the access request, the web server determines whether to accept the user's use of the restricted resource.