TWI698113B - Identification method and systerm of electronic device - Google Patents

Identification method and systerm of electronic device Download PDF

Info

Publication number
TWI698113B
TWI698113B TW108136651A TW108136651A TWI698113B TW I698113 B TWI698113 B TW I698113B TW 108136651 A TW108136651 A TW 108136651A TW 108136651 A TW108136651 A TW 108136651A TW I698113 B TWI698113 B TW I698113B
Authority
TW
Taiwan
Prior art keywords
verification
authentication
client
data
public key
Prior art date
Application number
TW108136651A
Other languages
Chinese (zh)
Other versions
TW202116038A (en
Inventor
郭谷彰
Original Assignee
郭谷彰
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 郭谷彰 filed Critical 郭谷彰
Priority to TW108136651A priority Critical patent/TWI698113B/en
Application granted granted Critical
Publication of TWI698113B publication Critical patent/TWI698113B/en
Publication of TW202116038A publication Critical patent/TW202116038A/en

Links

Images

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Storage Device Security (AREA)

Abstract

An identification method of an electronic device is disclosed. The identification method is applied to a blockchain network which includes a plurality of node devices, wherein the node devices includes a service end, a client end and at least one verification end. The identification method of the present invention includes the following steps: the service end issues an identification service contract, such that the client end initiates an identification process by recording verification data to the identification service contract; the verification end verifies the client end via verification mechanism according to the verification data, so as to generate an identification result; the verification end records the identification result to an identification management contract.

Description

電子裝置之認證方法及系統Authentication method and system of electronic device

本發明係關於一種電子裝置之認證方法及系統,特別是一種涉及區塊鏈智能合約之運用的電子裝置之認證方法及系統。The present invention relates to an authentication method and system for electronic devices, in particular to an authentication method and system for electronic devices involving the use of blockchain smart contracts.

隨著網路普及與通訊技術不斷的提升,許多交易多可透過網路來實現。為確保網路交易安全,需有識別、確認網路使用者身分的機制,其中利用數位憑證即屬方式之一。目前的數位憑證發行流程是網路使用者向被認為應具公信力之憑證管理中心(Certificate Authority, CA)提出憑證簽章請求(Certificate Singing Request, CSR)後,由憑證管理中心對該使用者進行身分驗證,並於驗證通過後始簽發憑證。With the popularity of the Internet and the continuous improvement of communication technology, many transactions can be realized through the Internet. In order to ensure the security of online transactions, a mechanism for identifying and confirming the identity of online users is required, and the use of digital certificates is one of the methods. The current digital certificate issuance process is that after a network user submits a Certificate Singing Request (CSR) to a certificate management center (Certificate Authority, CA) that is considered to be credible, the certificate management center will make a request to the user Identity verification, and the certificate will be issued after verification.

然而,由單一的憑證管理中心對網路使用者做身分確認之動作可能還是會有可信度的問題,故而使用者雖然取得某一憑證管理中心所簽發之憑證,但未必會被某服務提供者所信賴,且對於可能沒有實際使用者在操作的物聯網(Internet of Things)裝置來說,傳統憑證管理中心之身分驗證方式也難以適用。因此,實有必要思考一種新的身分驗證機制,以改善前揭提到的問題。However, the action of a single certificate management center to confirm the identity of network users may still have credibility issues. Therefore, although users obtain a certificate issued by a certain certificate management center, they may not be provided by a certain service For Internet of Things (Internet of Things) devices that may not be operated by actual users, the identity verification method of the traditional certificate management center is also difficult to apply. Therefore, it is really necessary to think about a new identity verification mechanism to improve the problems mentioned in the previous disclosure.

本發明之主要目的係在提供一種運用區塊鏈智能合約實現認證作業之電子裝置之認證方法。The main purpose of the present invention is to provide an authentication method for an electronic device that uses blockchain smart contracts to implement authentication operations.

本發明之另一主要目的係在提供一種執行上述方法之電子裝置之認證系統。Another main objective of the present invention is to provide an authentication system for an electronic device implementing the above method.

為達成上述之目的,本發明之電子裝置之認證方法應用於區塊鏈網路,其中區塊鏈網路包括有複數節點裝置,複數節點裝置包括服務端、用戶端及至少一驗證端。本發明之認證方法包括下列步驟:服務端發布一認證服務合約,以使用戶端透過將一驗證資料記錄於認證服務合約中而發起認證程序;驗證端依據驗證資料,以一驗證機制對用戶端進行驗證,以產生一認證結果;驗證端將該認證結果記錄於一認證管理合約。In order to achieve the above objective, the authentication method of the electronic device of the present invention is applied to a blockchain network, where the blockchain network includes a plurality of node devices, and the plurality of node devices includes a server, a client, and at least one verification terminal. The authentication method of the present invention includes the following steps: the server issues an authentication service contract, so that the client initiates an authentication process by recording a verification data in the authentication service contract; the verifier uses a verification mechanism to respond to the client based on the verification data Perform verification to generate an authentication result; the verifier records the authentication result in an authentication management contract.

本發明之電子裝置之認證系統,運作於一區塊鏈網路,認證系統包括服務端以及至少一驗證端。服務端用以發布一認證服務合約,以使用戶端透過將一驗證資料記錄於該認證服務合約中而發起認證程序。驗證端用以依據該驗證資料,以一驗證機制對該用戶端進行驗證,以產生一認證結果,並將該認證結果記錄於一認證管理合約。The authentication system of the electronic device of the present invention operates on a blockchain network, and the authentication system includes a server terminal and at least one verification terminal. The server is used for publishing an authentication service contract, so that the client initiates an authentication process by recording a verification data in the authentication service contract. The verification terminal is used for verifying the client terminal with a verification mechanism according to the verification data to generate a verification result, and record the verification result in a verification management contract.

為能讓 貴審查委員能更瞭解本發明之技術內容,特舉較佳具體實施例說明如下。In order to allow your reviewer to better understand the technical content of the present invention, preferred specific embodiments are described as follows.

以下請先參考圖1至圖2。圖1係本發明之電子裝置之認證系統之一實施例之使用環境示意圖;圖2係本發明之電子裝置之認證系統之驗證端之一實施例之系統架構圖。Please refer to Figure 1 to Figure 2 first. FIG. 1 is a schematic diagram of the usage environment of an embodiment of the authentication system of the electronic device of the present invention; FIG. 2 is a system architecture diagram of an embodiment of the verification end of the authentication system of the electronic device of the present invention.

如圖1所示,在本發明之一實施例中,本發明之電子裝置之認證系統1運用於區塊鏈網路100中,其中區塊鏈網路100包括複數節點裝置。複數節點裝置包括有服務端10、複數驗證端20以及用戶端90。具體實施例中,各節點裝置例如可為但不限於伺服器、桌上型電腦、智慧型手機或其他具無線通訊功能之物聯網裝置。本發明之認證系統1包括服務端10以及驗證端20。As shown in FIG. 1, in an embodiment of the present invention, the authentication system 1 of the electronic device of the present invention is applied to a blockchain network 100, wherein the blockchain network 100 includes a plurality of node devices. The plural node device includes a server 10, a plural verification terminal 20, and a client 90. In specific embodiments, each node device may be, for example, but not limited to, a server, a desktop computer, a smart phone, or other IoT devices with wireless communication functions. The authentication system 1 of the present invention includes a server 10 and a verification terminal 20.

在本發明之一實施例中,服務端10係用以透過區塊鏈交易發布認證服務合約11及認證管理合約12。用戶端90可透過將驗證資料記錄於認證服務合約11中而發起認證程序。在此所提到的認證服務合約11及認證管理合約12均為區塊鏈智能合約(Smart Contract),是指能依據既定條件及輸入的資料來驅動執行指令的電腦程式。由於如何在區塊鏈網路100上佈署可產生特定功能之智能合約為現有技術,其原理及實施方法已為所屬領域具有通常知識者所熟知,故在此不多做贅述。In an embodiment of the present invention, the server 10 is used to issue the authentication service contract 11 and the authentication management contract 12 through blockchain transactions. The client 90 can initiate the authentication process by recording the authentication data in the authentication service contract 11. The authentication service contract 11 and the authentication management contract 12 mentioned here are both blockchain smart contracts (Smart Contract), which refers to a computer program that can drive execution instructions based on predetermined conditions and input data. Since how to deploy a smart contract that can generate a specific function on the blockchain network 100 is an existing technology, its principle and implementation method are already well-known to those with ordinary knowledge in the field, so I won't repeat it here.

在本發明之一實施例中,複數驗證端20用以依據用戶端90記錄於認證服務合約11中的驗證資料,以一驗證機制來對該用戶端90進行身分確認之驗證動作,以產生一認證結果。當各驗證端20產生認證結果後,不論認證結果為驗證成功或驗證失敗,驗證端20皆會分別將取得的認證結果記錄於認證管理合約12中。在本實施例中,驗證資料為憑證請求檔案(Certificate Signing Request, CSR),當中包括有區塊鏈帳戶資料、用戶公鑰及統一資源識別碼(Uniform Resource Identifier, URI)之資料,其中區塊鏈帳戶資料為用戶端90在此區塊鏈網路100上公開的帳戶資料,但本發明之驗證資料並不以此為限。In an embodiment of the present invention, the plural verification terminal 20 is used for verifying the identity of the client 90 with a verification mechanism based on the verification data recorded in the authentication service contract 11 of the client 90 to generate a Authentication result. After each verification end 20 generates an authentication result, regardless of whether the authentication result is a successful verification or a verification failure, the verification end 20 will record the obtained authentication results in the authentication management contract 12 respectively. In this embodiment, the verification data is a certificate request file (Certificate Signing Request, CSR), which includes blockchain account data, user public key, and Uniform Resource Identifier (URI) data, where the block The chain account data is the account data disclosed by the client 90 on the blockchain network 100, but the verification data of the present invention is not limited to this.

如圖2所示,在本發明之一實施例中,驗證端20包括有發送模組21、驗證模組23、加密模組25及擷取模組27。關於各模組執行之功能,以下將會有更詳細之說明,在此暫不予贅述。As shown in FIG. 2, in an embodiment of the present invention, the verification terminal 20 includes a sending module 21, a verification module 23, an encryption module 25 and a capture module 27. Regarding the functions performed by each module, there will be more detailed descriptions below, which will not be repeated here.

需注意的是,上述各個模組除可配置為硬體裝置、軟體程式、韌體或其組合外,亦可藉電路迴路或其他適當型式配置;並且,各個模組除可以單獨之型式配置外,亦可以結合之型式配置。一個較佳實施例是各模組皆為軟體程式儲存於記憶體(圖未示)中,藉由處理單元(圖未示)執行各模組以達成本發明之功能。此外,本實施方式僅例示本創作之較佳實施例,為避免贅述,並未詳加記載所有可能的變化組合。然而,本領域之通常知識者應可理解,上述各模組或元件未必皆為必要。且為實施本創作,亦可能包含其他較細節之習知模組或元件。各模組或元件皆可能視需求加以省略或修改,且任兩模組間未必不存在其他模組或元件。It should be noted that each of the above modules can be configured as a hardware device, software program, firmware, or a combination thereof, but can also be configured by circuit loops or other appropriate types; and each module can be configured separately , Can also be combined with the type configuration. A preferred embodiment is that each module is a software program stored in the memory (not shown), and the processing unit (not shown) executes each module to achieve the functions of the invention. In addition, this implementation mode only exemplifies a preferred embodiment of the creation, and in order to avoid redundant description, it does not describe all possible variations and combinations in detail. However, those skilled in the art should understand that not all of the above-mentioned modules or components are necessary. In order to implement this creation, other more detailed conventional modules or components may also be included. Each module or component may be omitted or modified as required, and there may not be other modules or components between any two modules.

接著,請一併參考圖1至圖5,其中圖3係本發明之電子裝置之認證方法之步驟流程圖,圖4係表示認證方法之一驗證機制之步驟流程圖,圖5係表示認證方法之另一驗證機制之步驟流程圖,以下將配合圖1及2來說明圖3至圖5中所示之各步驟。此處需注意的是,以下雖以上述認證系統1為例說明本發明之電子裝置之認證方法,但本發明之認證方法並不以使用在上述相同結構的認證系統1為限。Next, please refer to Figures 1 to 5 together. Figure 3 is a flowchart of the steps of the authentication method of the electronic device of the present invention, Figure 4 is a flowchart of the steps of a verification mechanism of the authentication method, and Figure 5 is a flowchart of the authentication method The flow chart of the steps of another verification mechanism. The steps shown in FIGS. 3 to 5 will be described below in conjunction with FIGS. 1 and 2. It should be noted here that although the above authentication system 1 is used as an example to describe the authentication method of the electronic device of the present invention, the authentication method of the present invention is not limited to the authentication system 1 with the same structure described above.

如圖3所示,首先進行步驟S1:服務端發布認證服務合約及認證管理合約,以使用戶端透過將一驗證資料記錄於該認證服務合約中而發起認證程序。As shown in Fig. 3, step S1 is first performed: the server issues an authentication service contract and an authentication management contract, so that the client initiates an authentication process by recording a verification data in the authentication service contract.

在本發明之一實施例中,服務端10首先會在區塊鏈網路100上透過區塊鏈交易發布一認證服務合約11。認證服務合約11發布後,區塊鏈網路100上的任一節點裝置如欲進行認證,可提供驗證資料記錄於該認證服務合約11中,藉以發起認證程序。在此提供驗證資料記錄於認證服務合約11之節點裝置即為用戶端90。在本實施例中,驗證資料為憑證請求檔案,當中包含有區塊鏈帳戶資料、用戶公鑰及統一資源識別碼,但本發明不以此為限。In an embodiment of the present invention, the server 10 first issues an authentication service contract 11 on the blockchain network 100 through a blockchain transaction. After the authentication service contract 11 is issued, if any node device on the blockchain network 100 wants to be authenticated, it can provide verification data recorded in the authentication service contract 11 to initiate the authentication process. Here, the node device that provides the verification data recorded in the authentication service contract 11 is the client 90. In this embodiment, the verification data is a certificate request file, which includes blockchain account data, user public key, and uniform resource identification code, but the invention is not limited to this.

接著,執行步驟S2:驗證端依據驗證資料,以一驗證機制對用戶端進行驗證,以產生一認證結果。Then, step S2 is performed: the verifier verifies the client by a verification mechanism according to the verification data to generate a verification result.

在本發明之一實施例中,區塊鏈網路100上任一節點裝置可依據記錄在認證服務合約11中的驗證資料,以一驗證機制對提供該驗證資料之用戶端90進行驗證,以產生一認證結果。在此以驗證機制對用戶端90進行驗證之節點裝置即為驗證端20。在本發明之具體實施例中,驗證端20會依照用戶端90之選擇就三種驗證方式擇一進行驗證作業,但本發明不以此為限,在其他實施例中,也可限以單一特定之驗證機制進行驗證。In an embodiment of the present invention, any node device on the blockchain network 100 can use a verification mechanism to verify the client 90 that provides the verification data based on the verification data recorded in the verification service contract 11 to generate One certification result. Here, the node device that uses the verification mechanism to verify the client 90 is the verification terminal 20. In the specific embodiment of the present invention, the verification terminal 20 will select one of the three verification methods to perform the verification operation according to the selection of the client 90. However, the present invention is not limited to this. In other embodiments, it may be limited to a single specific The verification mechanism for verification.

圖4所示為第一種驗證機制之流程圖。在此一驗證機制下,首先會由驗證端20之發送模組21根據用戶端90提供的區塊鏈帳戶資料透過區塊鏈交易發送第一加密代幣至該用戶端90(即執行步驟S201)。接著,驗證端20之驗證模組23會判斷是否有接收到來自該用戶端90回傳的第二加密代幣(即執行步驟S202)。如果驗證端20有接收到來自該用戶端90的第二加密代幣,則應可認定該用戶端90確實為該區塊鏈帳戶資料之擁有者,因此驗證模組23將會產生驗證成功之認證結果(即執行步驟S203),以完成驗證機制之作業。反之,如果驗證模組23在預設時間內並未接收到來自該用戶端90的第二加密代幣,則驗證端20會重新再以相同的驗證機制對該用戶端90進行驗證(即重複實施步驟S201及步驟S202)。當驗證端20以相同驗證機制對用戶端90進行多次驗證,例如已達五次的預設次數後,如驗證端20均未能接收到來自該用戶端90的第二加密代幣,則驗證端20之驗證模組23將會產生驗證失敗之認證結果(即執行步驟S205),以完成驗證機制之作業。Figure 4 shows the flow chart of the first verification mechanism. Under this verification mechanism, the sending module 21 of the verification terminal 20 first sends the first encrypted token to the client 90 through a blockchain transaction based on the blockchain account information provided by the client 90 (that is, step S201 is executed). ). Next, the verification module 23 of the verification terminal 20 will determine whether the second encrypted token sent back from the client terminal 90 is received (ie, step S202 is executed). If the verification terminal 20 receives the second encrypted token from the client 90, it should be possible to determine that the client 90 is indeed the owner of the blockchain account data, so the verification module 23 will generate a successful verification The authentication result (that is, step S203 is executed) to complete the operation of the authentication mechanism. Conversely, if the verification module 23 does not receive the second encrypted token from the client 90 within the preset time, the verification terminal 20 will re-verify the client 90 with the same verification mechanism (ie repeat Steps S201 and S202) are implemented. When the verifier 20 uses the same verification mechanism to verify the client 90 multiple times, for example, after the preset number of times has been reached, if the verifier 20 fails to receive the second encrypted token from the client 90, then The verification module 23 of the verification terminal 20 will generate the verification result that the verification fails (ie, perform step S205) to complete the verification mechanism.

圖5所示為第二種驗證機制之流程圖。在此一驗證機制下,首先會先由驗證端20之加密模組25利用用戶公鑰、驗證私鑰及亂數字串以非對稱式加密方法產生加密訊息(即執行步驟S206)。接著,驗證端20之發送模組21依據統一資源識別碼將該加密訊息及驗證公鑰發送至用戶端90(即執行步驟S207),其中此處的驗證公鑰與驗證私鑰為驗證端20所產生的相對應密碼組。用戶端90接收到來自驗證端20的加密訊息後,會以驗證端20傳來的驗證公鑰及用戶私鑰對該加密訊息解密,以產生一驗證字串,其中用戶公鑰與用戶私鑰為用戶端90所產生的相對應密碼組。驗證端20之擷取模組27接著會依據統一資源識別碼至用戶端90擷取經解密所產生的驗證字串(即執行步驟S208)。取得驗證字串後,驗證端20之驗證模組23會比對該驗證字串是否與加密時所用的該亂數字串相符(即執行步驟S209)。如果有相符,應可認定用戶端90確實為用戶公鑰的擁有者,並且也是統一資源識別碼所記載的網域名稱(Domain name)或網際網路協定位址(Internet Protocol Address)的擁有者,因此驗證模組23將會產生驗證成功之認證結果(即執行步驟S210),以完成驗證機制之作業。相反地,如果該驗證字串比對結果與該亂數字串並不相符時,則驗證端20會重新再以相同的驗證機制對用戶端90進行驗證(即重複實施步驟S206~步驟S209)。當驗證端20以相同驗證機制對用戶端90進行多次驗證,例如已達五次的預設次數後,如驗證端20均未能擷取到與該亂數字串相符的驗證字串,則驗證端20之驗證模組23將會產生驗證失敗之認證結果(即執行步驟S212),以完成驗證機制之作業。Figure 5 shows the flow chart of the second verification mechanism. Under this verification mechanism, the encryption module 25 of the verification terminal 20 first uses the user public key, verification private key, and random number string to generate an encrypted message in an asymmetric encryption method (ie, step S206 is executed). Then, the sending module 21 of the verification terminal 20 sends the encrypted message and the verification public key to the client 90 according to the uniform resource identification code (ie, step S207 is performed), where the verification public key and verification private key are the verification terminal 20 The generated corresponding password group. After the client 90 receives the encrypted message from the verifier 20, it decrypts the encrypted message with the verification public key and the user private key from the verifier 20 to generate a verification string, where the user public key and the user private key It is the corresponding password group generated by the client 90. The capture module 27 of the verification terminal 20 then retrieves the decrypted verification string from the client 90 according to the uniform resource identification code (ie, step S208 is performed). After obtaining the verification string, the verification module 23 of the verification terminal 20 compares whether the verification string is consistent with the random number string used in encryption (that is, step S209 is executed). If there is a match, it should be determined that the client 90 is indeed the owner of the user's public key, and is also the owner of the domain name or Internet Protocol Address recorded in the uniform resource identification code Therefore, the verification module 23 will generate a successful verification result (ie, perform step S210) to complete the verification mechanism. Conversely, if the verification string comparison result does not match the random number string, the verification terminal 20 will re-verify the user terminal 90 with the same verification mechanism (ie, repeat steps S206 to S209). When the verifier 20 uses the same verification mechanism to verify the client 90 multiple times, for example, after the preset number of times has been reached, if the verifier 20 fails to retrieve a verification string that matches the random number string, then The verification module 23 of the verification terminal 20 will generate the verification result that the verification fails (ie, perform step S212) to complete the verification mechanism.

第三種驗證機制為類似現有憑證管理中心採用的傳統驗證方式。舉例而言,可透過發送驗證連結至用戶端90所提供的電子郵件,再根據是否有接收到來自用戶端90點選該驗證連結之結果來產生所述之認證結果(同樣可包含驗證成功或驗證失敗之認證結果)。The third authentication mechanism is similar to the traditional authentication method adopted by the existing credential management center. For example, the verification result can be generated by sending a verification link to the email provided by the client 90, and then generating the verification result according to whether the verification link is clicked by the client 90 (also may include verification success or The result of the verification failed).

根據上開說明可知,前揭提到的第二種驗證機制具有雙重確認機制,包含是否擁有用戶公鑰以及網域名稱或網際網路協定位址之確認,故認證結果具有較高之可信度。本發明之認證方法可提供用戶端90依照其自身需求選擇其中一種驗證機制,且不同驗證機制須提供的驗證資料內容可為不同,因此在其他實施例中,如果用戶端90僅欲選擇以第一種驗證機制進行驗證,可僅提供區塊鏈帳戶資料即可,不需要有用戶公鑰及統一資源識別碼。此外,需應注意的是,本發明所述驗證機制並不以前揭所提到的方式為限。According to the above explanation, the second authentication mechanism mentioned in the previous disclosure has a double confirmation mechanism, including the confirmation of whether the user has the public key and the domain name or Internet protocol address, so the authentication result is highly credible degree. The authentication method of the present invention can provide the client 90 to select one of the verification mechanisms according to its own needs, and the content of the verification data to be provided by different verification mechanisms may be different. Therefore, in other embodiments, if the client 90 only wants to select A verification mechanism for verification can only provide blockchain account information, without the need for user public keys and uniform resource identification codes. In addition, it should be noted that the verification mechanism of the present invention is not limited to the methods mentioned in the previous disclosure.

如圖3所示,執行步驟S3:驗證端將該認證結果記錄於認證管理合約。As shown in Fig. 3, step S3 is performed: the verification terminal records the authentication result in the authentication management contract.

在本發明之一實施例中,當驗證端20各自發起驗證並取得認證結果後,不論認證結果為驗證成功或驗證失敗,驗證端20之驗證模組23皆會將取得的認證結果記錄於認證管理合約12中。在具體實施例中,被記錄在認證管理合約12中的資訊包含驗證成功或驗證失敗之認證結果資訊、執行驗證之驗證端資訊以及通過認證的用戶端資訊,但本發明不以此為限。通過認證的用戶端資訊可提供區塊鏈網路100上任一節點裝置瀏覽知悉用戶端90是否經過認證及被認證的次數,藉以讓欲訪問該用戶端90之節點裝置可以在參考後決定是否與該用戶端90連線。驗證端資訊之紀錄可讓服務端10追蹤驗證過程,對於不實驗證之驗證端20施予制裁。In an embodiment of the present invention, after the verification end 20 initiates verification and obtains the verification result, regardless of whether the verification result is a successful verification or a verification failure, the verification module 23 of the verification end 20 will record the obtained verification result in the verification Management contract 12. In a specific embodiment, the information recorded in the authentication management contract 12 includes authentication result information of successful or failed authentication, information of the authentication terminal that performs the authentication, and information of the authenticated client, but the invention is not limited to this. The authenticated client information can provide any node device on the blockchain network 100 to browse to know whether the client 90 has been authenticated and the number of times it has been authenticated, so that the node device that wants to access the client 90 can decide whether to contact The client 90 is connected. The record of the verifier information allows the server 10 to track the verification process and impose sanctions on the verifier 20 that is not verified.

執行步驟S4:服務端比對記錄於認證管理合約中有關該用戶端驗證成功之認證結果次數是否達於一發證標準值。Step S4 is executed: the server compares the number of authentication results recorded in the authentication management contract with respect to whether the number of authentication results of the client's successful verification reaches a certificate issuance standard value.

在本發明之實施例中,服務端10會比對用戶端90成功通過驗證而被記錄於認證管理合約12中的認證結果(即驗證成功之認證結果)次數是否達於一發證標準值。也就是說,不同的節點裝置在完成對用戶端90的驗證後,均會將取得的認證結果記錄於認證管理合約12中,用戶端90通過越多節點裝置(即驗證端)的認證,即表示該用戶端90的安全可信賴度越高。In the embodiment of the present invention, the server 10 compares whether the number of authentication results recorded in the authentication management contract 12 after the client 90 has successfully passed the authentication (ie, the authentication results for successful authentication) has reached a standard value for issuance. In other words, after different node devices have completed the verification of the client 90, they will all record the obtained authentication results in the authentication management contract 12. The more node devices (that is, the verification end) the client 90 passes the authentication, that is, It means that the reliability of the client 90 is higher.

執行步驟S5:服務端發送一憑證檔案至用戶端。Perform step S5: the server sends a certificate file to the client.

步驟S4完成後,當比對結果為用戶端90被不同驗證端20驗證成功的認證結果次數合計已達發證標準值時,服務端10便會發送憑證檔案至用戶端90。舉例而言,假設用戶端90所記錄的驗證資料為憑證請求檔案,並且選擇以前揭提到的第二種驗證機制進行驗證時,由於第二種驗證機制具較高的安全可信賴度,因此可設定發證標準值為十次,亦即只要該用戶端90通過了十個不同驗證端20以第二種驗證機制所進行驗證後,服務端10便會根據記錄於認證管理合約12中的十次驗證成功的認證結果發送憑證檔案至用戶端90。再舉例言之,假設用戶端90所記錄的驗證資料為憑證請求檔案,並且選擇以前揭提到的第一種驗證機制進行驗證時,由於第一種驗證機制安全可信賴度較第二種驗證機制低,因此可設定發證標準值為二十次,亦即要該用戶端90通過了二十個不同驗證端20以第一種驗證機制所進行驗證後,服務端10才會根據記錄於認證管理合約12中的二十次驗證成功之認證結果發送憑證檔案至用戶端90。After step S4 is completed, when the comparison result is that the total number of authentication results successfully verified by different verification ends 20 for the client 90 has reached the certificate issuance standard value, the server 10 will send the certificate file to the client 90. For example, suppose that the verification data recorded by the client 90 is a certificate request file, and when the second verification mechanism mentioned in the previous disclosure is selected for verification, since the second verification mechanism has a higher degree of security and reliability, The standard value of certificate issuance can be set ten times, that is, as long as the client 90 has passed the verification by ten different verification terminals 20 with the second verification mechanism, the server 10 will follow the records recorded in the certification management contract 12 The certificate file is sent to the client 90 with the authentication result after ten successful verifications. For another example, suppose that the verification data recorded by the client 90 is a certificate request file, and when the first verification mechanism mentioned in the previous disclosure is selected for verification, the first verification mechanism is more secure and reliable than the second verification. The mechanism is low, so the certificate issuance standard value can be set to 20 times, that is, the server 10 will only be recorded according to the record after the client 90 has passed the verification by the first verification mechanism by 20 different verification terminals 20 The authentication results of the 20 successful verifications in the authentication management contract 12 send the certificate file to the client 90.

另需注意的是,在其他實施例中,用戶端90可單純請求驗證即可,而不以要求發送憑證為必要。也就是說,本發明之認證方法也可提供用戶端90選擇僅由驗證端20完成驗證並記錄認證結果於認證管理合約12中即可,此時用戶端90提供記錄在認證服務合約11中的驗證資料可以不是憑證請求檔案,換言之,前揭所述的步驟S4和步驟S5是可以省略的。由於記錄於認證管理合約12中的認證結果可作為其他節點裝置是否信任用戶端90裝置的依據,故即便沒有憑證,其他節點裝置也可以認證管理合約12中有關用戶端90認證結果之次數來作為決定是否訪問該用戶端90的判斷依據。It should also be noted that, in other embodiments, the client 90 may simply request verification, and it is not necessary to request the certificate to be sent. That is to say, the authentication method of the present invention can also provide the client 90 to select only the verification end 20 to complete the verification and record the authentication result in the authentication management contract 12. At this time, the client 90 provides the information recorded in the authentication service contract 11. The verification data may not be a credential request file. In other words, the steps S4 and S5 mentioned in the previous disclosure can be omitted. Since the authentication result recorded in the authentication management contract 12 can be used as the basis for whether other node devices trust the client 90 device, even if there is no certificate, other node devices can also authenticate the number of authentication results of the client 90 in the authentication management contract 12 as The basis for determining whether to access the client 90.

經由前揭說明可知,本發明揭露之認證方法是以區塊鏈上分散的各個節點裝置作為獨立的認證裝置,亦即區塊鏈上的任一節點裝置均可對請求被認證的用戶端90進行身分驗證。因區塊鏈網路可追溯紀錄且紀錄不易被竄改的特性,而可免去現有技術之憑證管理中心並達到多重驗證之功效,提高認證結果的可信賴度。並且,本發明之認證方法提供有多種驗證機制,可供用戶端90依照其自身認證強度需求做選擇。From the foregoing disclosure, it can be known that the authentication method disclosed in the present invention uses each node device dispersed on the blockchain as an independent authentication device, that is, any node device on the blockchain can authenticate the client 90 requesting authentication. Perform identity verification. Due to the characteristics of the blockchain network that records can be traced back and the records are not easily tampered with, the prior art certificate management center can be eliminated and the effect of multiple verifications can be achieved, thereby increasing the reliability of the certification results. In addition, the authentication method of the present invention provides multiple authentication mechanisms for the client 90 to choose according to its own authentication strength requirements.

雖然本發明已以實施例揭露如上實施例,然其並非用以限定本發明,任何所屬技術領域中具有通常知識者,在不脫離本發明之精神和範圍內,當可作些許之更動與修飾,皆應為本專利所主張之權利範圍,故本專利之保護範圍當視後附之專利申請範圍所界定者為準。Although the present invention has disclosed the above-mentioned embodiments with examples, it is not intended to limit the present invention. Anyone with ordinary knowledge in the relevant technical field can make some changes and modifications without departing from the spirit and scope of the present invention. , Should be the scope of rights claimed in this patent, so the scope of protection of this patent shall be subject to the scope of the attached patent application.

1:認證系統 10:服務端 11:認證服務合約 12:認證管理合約 20:驗證端 21:發送模組 23:驗證模組 25:加密模組 27:擷取模組 90:用戶端 100:區塊鏈網路 1: Authentication system 10: Server 11: Certification service contract 12: Certification management contract 20: Verifier 21: Send module 23: Verification Module 25: Encryption module 27: Capture module 90: client 100: Blockchain network

圖1係本發明之電子裝置之認證系統之一實施例之使用環境示意圖。 圖2係本發明之電子裝置之認證系統之驗證端之一實施例之系統架構圖。 圖3係本發明之電子裝置之認證方法之步驟流程圖。 圖4係表示認證方法之一驗證機制之步驟流程圖。 圖5係表示認證方法之另一驗證機制之步驟流程圖。 FIG. 1 is a schematic diagram of the use environment of an embodiment of the authentication system of the electronic device of the present invention. 2 is a system architecture diagram of an embodiment of the verification terminal of the authentication system of the electronic device of the present invention. FIG. 3 is a flowchart of the steps of the authentication method of the electronic device of the present invention. Figure 4 is a flow chart showing the steps of a verification mechanism of one of the authentication methods. Figure 5 is a flowchart showing the steps of another verification mechanism of the authentication method.

1:認證系統 1: Authentication system

10:服務端 10: Server

11:認證服務合約 11: Certification service contract

12:認證管理合約 12: Certification management contract

20:驗證端 20: Verifier

90:用戶端 90: client

100:區塊鏈網路 100: Blockchain network

Claims (12)

一種電子裝置之認證方法,應用於一區塊鏈網路,該區塊鏈網路包括複數節點裝置,該複數節點裝置包括一服務端、一用戶端及至少一驗證端,該認證方法包括下列步驟:該服務端發布一認證服務合約,以使該用戶端透過將一驗證資料記錄於該認證服務合約中而發起認證程序;該至少一驗證端依據該驗證資料,以一驗證機制對該用戶端進行驗證,以產生一認證結果;以及該至少一驗證端將該認證結果記錄於一認證管理合約。 An authentication method for an electronic device is applied to a blockchain network. The blockchain network includes a plurality of node devices. The plurality of node devices includes a server, a client and at least one verification terminal. The authentication method includes the following Steps: The server issues an authentication service contract so that the client initiates an authentication process by recording a verification data in the authentication service contract; the at least one verifier uses a verification mechanism to the user based on the verification data Verifying by the end to generate an authentication result; and the at least one verifying end records the authentication result in an authentication management contract. 如申請專利範圍第1項所述之認證方法,其中該驗證資料包括一區塊鏈帳戶資料,該驗證機制包括:該至少一驗證端根據該區塊鏈帳戶資料發送一第一加密代幣至該用戶端;該至少一驗證端判斷是否有接收到來自該用戶端之一第二加密代幣;以及若是,則該至少一驗證端產生該認證結果。 For example, the authentication method described in item 1 of the scope of patent application, wherein the verification data includes a blockchain account data, and the verification mechanism includes: the at least one verification terminal sends a first encrypted token to the The user end; the at least one verification end determines whether a second encrypted token is received from the user end; and if so, the at least one verification end generates the authentication result. 如申請專利範圍第1項所述之認證方法,其中該驗證資料包括一區塊鏈帳戶資料、一用戶公鑰及一統一資源識別碼,該驗證機制包括:該至少一驗證端利用該用戶公鑰、一驗證私鑰及一亂數字串加密產生一加密訊息; 該至少一驗證端依據該統一資源識別碼將該加密訊息及一驗證公鑰發送至該用戶端,其中該驗證公鑰與該驗證私鑰為該驗證端所產生之密碼組;該至少一驗證端依據該統一資源識別碼至該用戶端擷取一驗證字串,其中該驗證字串係由該用戶端利用該驗證公鑰及一用戶私鑰對該加密訊息解密後所產生,該用戶公鑰與該用戶私鑰為該用戶端所產生之密碼組;以及該至少一驗證端比對該驗證字串是否與該亂數字串相符;若是,則該至少一驗證端產生該認證結果。 For example, the authentication method described in item 1 of the scope of patent application, wherein the verification data includes a blockchain account data, a user public key and a uniform resource identification code, and the verification mechanism includes: the at least one verification terminal uses the user public Key, a verification private key and a random number string encryption to generate an encrypted message; The at least one verification terminal sends the encrypted message and a verification public key to the client terminal according to the uniform resource identification code, wherein the verification public key and the verification private key are the password sets generated by the verification terminal; the at least one verification The terminal retrieves a verification string to the client according to the uniform resource identification code, wherein the verification string is generated by the client after decrypting the encrypted message using the verification public key and a user private key. The key and the user private key are the cipher set generated by the client; and the at least one verifier compares whether the verification string matches the random number string; if so, the at least one verifier generates the verification result. 如申請專利範圍第1項所述之認證方法,其中該驗證資料為一憑證請求檔案,該認證方法更包括以下步驟:該服務端比對記錄於該認證管理合約中有關該用戶端驗證成功之認證結果次數是否達於一發證標準值;以及若是,該服務端發送一憑證檔案至該用戶端。 For example, the authentication method described in item 1 of the scope of patent application, wherein the verification data is a certificate request file, the authentication method further includes the following steps: the server comparison record is recorded in the authentication management contract regarding the successful verification of the client Whether the number of authentication results reaches a certification standard value; and if so, the server sends a certificate file to the client. 如申請專利範圍第2或3項所述之認證方法,其中該驗證資料包括一憑證請求檔案,該認證方法更包括以下步驟:該服務端比對記錄於該認證管理合約中有關該用戶端驗證成功之認證結果次數是否達於一發證標準值;以及若是,該服務端發送一憑證檔案至該用戶端。 For example, the authentication method described in item 2 or 3 of the scope of patent application, wherein the verification data includes a certificate request file, and the authentication method further includes the following steps: the server compares the records in the authentication management contract regarding the client verification Whether the number of successful authentication results reaches a certification standard value; and if so, the server sends a certificate file to the client. 如申請專利範圍第1項所述之認證方法,其中該驗證機制係根據該用戶端之選擇而執行。 Such as the authentication method described in item 1 of the scope of patent application, wherein the authentication mechanism is executed according to the selection of the client. 一種電子裝置之認證系統,運作於一區塊鏈網路,該區塊鏈網路包括複數節點裝置,該認證系統包括:一服務端,為該複數節點裝置之其中一節點裝置,用以發布一認證服務合約,以使一用戶端透過將一驗證資料記錄於該認證服務合約中而發起認證程序;以及至少一驗證端,為該複數節點裝置之其中至少一節點裝置,用以依據該驗證資料,以一驗證機制對該用戶端進行驗證,以產生一認證結果,並將該認證結果記錄於一認證管理合約。 An authentication system for an electronic device operates on a blockchain network. The blockchain network includes a plurality of node devices. The authentication system includes: a server, which is one of the node devices for publishing An authentication service contract, so that a client initiates an authentication process by recording a verification data in the authentication service contract; and at least one verification terminal is at least one of the plurality of node devices, and is used for verifying The data is verified by a verification mechanism to the client to generate an authentication result, and the authentication result is recorded in an authentication management contract. 如申請專利範圍第7項所述之認證系統,其中該驗證資料包括一區塊鏈帳戶資料,該至少一驗證端包括:一發送模組,用以根據該區塊鏈帳戶資料發送一第一加密代幣至該用戶端;以及一驗證模組,用以判斷是否有接收到來自該用戶端之一第二加密代幣,並在有接收到該第二加密代幣時,產生該認證結果,以完成該驗證機制。 For example, the authentication system described in item 7 of the scope of patent application, wherein the verification data includes a blockchain account data, and the at least one verification terminal includes: a sending module for sending a first Encrypting tokens to the client; and a verification module for determining whether a second encrypted token from the client is received, and generating the authentication result when the second encrypted token is received To complete the verification mechanism. 如申請專利範圍第7項所述之認證系統,其中該驗證資料包括一區塊鏈帳戶資料、一用戶公鑰及一統一資源識別碼,該至少一驗證端包括:一加密模組,用以利用該用戶公鑰、一驗證私鑰及一亂數字串加密產生一加密訊息;一發送模組,用以依據該統一資源識別碼將該加密訊息及一驗證公鑰發送至該用戶端,其中該驗證公鑰與該驗證私鑰為該驗證端所產生之密碼組; 一擷取模組,用以依據該統一資源識別碼至該用戶端擷取一驗證字串,其中該驗證字串係由該用戶端利用該驗證公鑰及一用戶私鑰對該加密訊息解密後所產生,該用戶公鑰與該用戶私鑰為該用戶端所產生之密碼組;以及一驗證模組,用以比對該驗證字串是否與該亂數字串相符,並在該驗證字串與該亂數字串相符時,產生該認證結果,以完成該驗證機制。 For example, the authentication system described in item 7 of the scope of patent application, wherein the verification data includes a blockchain account data, a user public key and a uniform resource identification code, and the at least one verification terminal includes: an encryption module for Use the user public key, a verification private key and a random number string to encrypt to generate an encrypted message; a sending module for sending the encrypted message and a verification public key to the client according to the uniform resource identification code, wherein The verification public key and the verification private key are cipher sets generated by the verification terminal; An acquisition module for extracting a verification string to the client according to the uniform resource identification code, wherein the verification string is used by the client to decrypt the encrypted message using the verification public key and a user private key Generated later, the user public key and the user private key are cipher sets generated by the client; and a verification module for comparing whether the verification string matches the random number string, and in the verification word When the string matches the random number string, the authentication result is generated to complete the verification mechanism. 如申請專利範圍第7項所述之認證系統,其中該驗證資料為一憑證請求檔案,該服務端更用以比對記錄於該認證管理合約中有關該用戶端驗證成功之認證結果次數是否達於一發證標準值,並在該用戶端之認證結果次數達於該發證標準值時,發送一憑證檔案至該用戶端。 For example, in the authentication system described in item 7 of the scope of patent application, the authentication data is a certificate request file, and the server is used to compare whether the number of authentication results recorded in the authentication management contract about the successful authentication of the client has reached At a certification standard value, and when the number of authentication results of the client reaches the certification standard value, a certificate file is sent to the client. 如申請專利範圍第8或9項所述之認證系統,其中該驗證資料為一憑證請求檔案,該服務端更用以比對記錄於該認證管理合約中有關該用戶端驗證成功之認證結果次數是否達於一發證標準值,並在該用戶端之認證結果次數達於該發證標準值時,發送一憑證檔案至該用戶端。 For example, the authentication system described in item 8 or 9 of the scope of patent application, wherein the authentication data is a certificate request file, and the server is used to compare the number of authentication results recorded in the authentication management contract regarding the successful authentication of the client Whether it reaches a certification standard value, and when the number of authentication results of the client reaches the certification standard value, send a certificate file to the client. 如申請專利範圍第7項所述之認證系統,其中該驗證機制係根據該用戶端之選擇而執行。 For example, in the authentication system described in item 7 of the scope of patent application, the authentication mechanism is executed according to the selection of the client.
TW108136651A 2019-10-09 2019-10-09 Identification method and systerm of electronic device TWI698113B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW108136651A TWI698113B (en) 2019-10-09 2019-10-09 Identification method and systerm of electronic device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW108136651A TWI698113B (en) 2019-10-09 2019-10-09 Identification method and systerm of electronic device

Publications (2)

Publication Number Publication Date
TWI698113B true TWI698113B (en) 2020-07-01
TW202116038A TW202116038A (en) 2021-04-16

Family

ID=72601876

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108136651A TWI698113B (en) 2019-10-09 2019-10-09 Identification method and systerm of electronic device

Country Status (1)

Country Link
TW (1) TWI698113B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI766608B (en) * 2021-03-10 2022-06-01 新加坡商捷普電子(新加坡)公司 Program signing method

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101930825B1 (en) * 2017-01-23 2018-12-19 주식회사 데일리인텔리전스 System and method for authenticating users and synchronizing blocks using a block-chain network
US20190005470A1 (en) * 2015-10-16 2019-01-03 Coinplug, Inc. Accredited certificate issuance system based on block chain and accredited certificate issuance method based on block chain using same, and accredited certificate authentication system based on block chain and accredited certificate authentication method based on block chain using same

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20190005470A1 (en) * 2015-10-16 2019-01-03 Coinplug, Inc. Accredited certificate issuance system based on block chain and accredited certificate issuance method based on block chain using same, and accredited certificate authentication system based on block chain and accredited certificate authentication method based on block chain using same
KR101930825B1 (en) * 2017-01-23 2018-12-19 주식회사 데일리인텔리전스 System and method for authenticating users and synchronizing blocks using a block-chain network

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI766608B (en) * 2021-03-10 2022-06-01 新加坡商捷普電子(新加坡)公司 Program signing method

Also Published As

Publication number Publication date
TW202116038A (en) 2021-04-16

Similar Documents

Publication Publication Date Title
US9992189B2 (en) Generation and validation of derived credentials
WO2020062668A1 (en) Identity authentication method, identity authentication device, and computer readable medium
US10567370B2 (en) Certificate authority
US11095635B2 (en) Server authentication using multiple authentication chains
US8924714B2 (en) Authentication with an untrusted root
US8196186B2 (en) Security architecture for peer-to-peer storage system
US20170149774A1 (en) Multi factor user authentication on multiple devices
US9172541B2 (en) System and method for pool-based identity generation and use for service access
US20160080157A1 (en) Network authentication method for secure electronic transactions
AU2017225928A1 (en) Systems and methods for distributed data sharing with asynchronous third-party attestation
US10904004B2 (en) User-session management in a zero-knowledge environment
CN109981287B (en) Code signing method and storage medium thereof
JP2001326632A (en) Distribution group management system and method
KR102137122B1 (en) Security check method, device, terminal and server
JP2001186122A (en) Authentication system and authentication method
JP2022534677A (en) Protecting online applications and web pages that use blockchain
CN101582876A (en) Method, device and system for registering user generated content (UGC)
JP5186648B2 (en) System and method for facilitating secure online transactions
TWI698113B (en) Identification method and systerm of electronic device
KR20200018546A (en) Public key infrastructure based service authentication method and system
CN110855442A (en) PKI (public key infrastructure) technology-based inter-device certificate verification method
CN115242471A (en) Information transmission method and device, electronic equipment and computer readable storage medium
JP5793593B2 (en) Network authentication method for securely verifying user identification information
JP2021040278A (en) Key management system, signing device, method for managing key, and program
JP4219076B2 (en) Electronic document management method, electronic document management system, and recording medium

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees