TWI759090B - Platform login method - Google Patents

Platform login method Download PDF

Info

Publication number
TWI759090B
TWI759090B TW110103357A TW110103357A TWI759090B TW I759090 B TWI759090 B TW I759090B TW 110103357 A TW110103357 A TW 110103357A TW 110103357 A TW110103357 A TW 110103357A TW I759090 B TWI759090 B TW I759090B
Authority
TW
Taiwan
Prior art keywords
server
user
digital certificate
target blockchain
name
Prior art date
Application number
TW110103357A
Other languages
Chinese (zh)
Other versions
TW202230171A (en
Inventor
林詠章
Original Assignee
國立中興大學
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 國立中興大學 filed Critical 國立中興大學
Priority to TW110103357A priority Critical patent/TWI759090B/en
Application granted granted Critical
Publication of TWI759090B publication Critical patent/TWI759090B/en
Publication of TW202230171A publication Critical patent/TW202230171A/en

Links

Images

Abstract

一種平台登入方法,藉由一包含一網路平台並連接至少一區塊鏈及一使用端的伺服端實施,該使用端儲存有一私鑰、一包括一公鑰的數位憑證所對應的一數位憑證辨識碼及儲存該數位憑證之一目標區塊鏈所對應的一目標區塊鏈名稱,當該伺服端自該使用端接收該數位憑證辨識碼及該目標區塊鏈名稱時,根據該目標區塊鏈名稱自該目標區塊鏈獲得該公鑰並產生一認證碼傳送至該使用端,以使該使用端根據該私鑰加密該認證碼產生並傳送一加密後的認證資料至該伺服端,並根據該公鑰解密該加密後的認證資料判斷等於該認證碼時認證該使用端可登入至該網路平台。A platform login method is implemented by a server including a network platform and connected to at least one block chain and a user, the user stores a private key, a digital certificate corresponding to a digital certificate including a public key The identification code and a target blockchain name corresponding to a target blockchain that stores the digital certificate, when the server receives the digital certificate identification code and the target blockchain name from the user, according to the target area The blockchain name obtains the public key from the target blockchain and generates an authentication code and sends it to the user, so that the user encrypts the authentication code according to the private key to generate and transmit an encrypted authentication data to the server , and decrypt the encrypted authentication data according to the public key when it is judged that the authentication code is equal to the authentication code to authenticate that the user can log in to the network platform.

Description

平台登入方法Platform login method

本發明是有關於一種使用者認證方法,特別是指一種利用數位憑證的登入方法。The present invention relates to a user authentication method, in particular to a login method using a digital certificate.

在現今社會中,一般人欲使用各種網站服務時,例如臉書或是谷歌的各種服務,使用者多是利用其使用端電子裝置先至欲使用服務的該網站註冊一組對應其自身的帳號及密碼,之後該使用端電子裝置連結至該網站並經由該使用者的輸入操作於該網站的登入頁面輸入該帳號及密碼,以使該網站的伺服端確認該帳號是否存在於該網站以及該密碼是否正確,當該伺服端確認無誤後,該使用者被允許登入該網站。然而,使用者每次登入網站時皆須輸入該帳號密碼,容易發生帳號密碼被不肖份子趁機竊取並利用該帳號密碼非法登入網站的風險。In today's society, when ordinary people want to use various website services, such as various services of Facebook or Google, users mostly use their end-use electronic devices to first go to the website where they want to use the service to register a set of accounts corresponding to themselves and After that, the user's electronic device is linked to the website and the user's input operation is used to input the account and password on the login page of the website, so that the server of the website can confirm whether the account exists in the website and the password. Is it correct? After the server confirms that it is correct, the user is allowed to log in to the website. However, users must enter the account password every time they log in to the website, which is prone to the risk that the account password will be stolen by unscrupulous elements and use the account password to illegally log in to the website.

有鑑於此,實有必要提出一種全新解決方法,以解決目前使用者需要提供帳號密碼等個人隱私資料以登入網路平台的問題。In view of this, it is necessary to propose a new solution to solve the current problem that users need to provide personal privacy information such as account numbers and passwords to log in to the online platform.

因此,本發明的目的,即在提供一種不需提供個人隱私資料的平台登入方法。Therefore, the purpose of the present invention is to provide a platform login method that does not need to provide personal privacy information.

於是,本發明平台登入方法,藉由一伺服端實施,該伺服端包含一用以供一使用者登入的網路平台,並經由一通訊網路連接至少一區塊鏈及一由該使用者所持有的使用端,該使用端儲存有一金鑰對中之一私鑰、該使用者所對應之一數位憑證所對應的一數位憑證辨識碼,及儲存該數位憑證之一目標區塊鏈所對應的一目標區塊鏈名稱,該數位憑證包括該金鑰對中之一公鑰,本發明平台登入方法包含一步驟(A)、一步驟(B)、一步驟(C)、一步驟(D),及一步驟(E)。Therefore, the platform login method of the present invention is implemented by a server terminal, the server terminal includes a network platform for a user to log in, and is connected to at least one block chain through a communication network and a user-defined network platform. A user held by the user, the user stores a private key in a key pair, a digital certificate identification code corresponding to a digital certificate corresponding to the user, and a target blockchain that stores the digital certificate. A corresponding target block chain name, the digital certificate includes a public key in the key pair, and the platform login method of the present invention includes a step (A), a step (B), a step (C), a step ( D), and a step (E).

在該步驟(A)中,當該伺服端自該使用端接收到該數位憑證辨識碼及該目標區塊鏈名稱時,藉由該伺服端,根據該目標區塊鏈名稱自該目標區塊鏈獲得該數位憑證辨識碼所對應之該數位憑證所包括的該公鑰。In this step (A), when the server receives the digital certificate identification code and the target block chain name from the user side, the server side will select the target block chain name from the target block according to the target block chain name. The chain obtains the public key included in the digital certificate corresponding to the digital certificate identification code.

在該步驟(B)中,藉由該伺服端,產生一認證碼並傳送至該使用端,以使該使用端根據該私鑰對該認證碼加密以產生並傳送一加密後的認證資料至該伺服端。In step (B), the server generates an authentication code and sends it to the user, so that the user encrypts the authentication code according to the private key to generate and transmit an encrypted authentication data to the user. the server side.

在該步驟(C)中,當該伺服端自該使用端接收到該加密後的認證資料時,藉由該伺服端,根據該公鑰對該加密後的認證資料解密以獲得一解密值。In the step (C), when the server receives the encrypted authentication data from the user, the server decrypts the encrypted authentication data according to the public key to obtain a decrypted value.

在該步驟(D)中,藉由該伺服端,判斷該解密值是否等於該認證碼。In the step (D), it is determined by the server whether the decrypted value is equal to the authentication code.

在該步驟(E)中,當該伺服端判定出該解密值等於該認證碼時,該伺服端認證該使用端可登入至該網路平台。In the step (E), when the server determines that the decryption value is equal to the authentication code, the server authenticates that the user can log in to the network platform.

再者,本發明平台登入方法,藉由一由一使用者所持有的使用端實施,該使用端經由一通訊網路連接一伺服端,並儲存有一金鑰對中之一私鑰、該使用者所對應之一數位憑證所對應的一數位憑證辨識碼,及儲存該數位憑證之一目標區塊鏈所對應的一目標區塊鏈名稱,該數位憑證包括該金鑰對中之一公鑰,該伺服端包含一用以供一使用者登入的網路平台,並經由該通訊網路連接至少一區塊鏈,該平台登入方法包含一步驟(A)及一步驟(B)。Furthermore, the platform login method of the present invention is implemented by a user terminal held by a user, the user terminal is connected to a server terminal through a communication network, and stores a private key in a key pair, the use terminal A digital certificate identification code corresponding to a digital certificate corresponding to the digital certificate, and a target blockchain name corresponding to a target blockchain that stores the digital certificate, and the digital certificate includes a public key in the key pair , the server includes a network platform for a user to log in, and is connected to at least one block chain via the communication network. The platform login method includes a step (A) and a step (B).

在該步驟(A)中,該使用端傳送該數位憑證辨識碼及該目標區塊鏈名稱至該伺服端,以使該伺服端根據該目標區塊鏈名稱自該目標區塊鏈獲得該數位憑證辨識碼所對應之該數位憑證所包括的該公鑰,並傳送一認證碼至該使用端。In step (A), the user sends the digital certificate identification code and the target blockchain name to the server, so that the server obtains the digital certificate from the target blockchain according to the target blockchain name the public key included in the digital certificate corresponding to the certificate identification code, and send an authentication code to the user.

在該步驟(B)中,當該使用端接收來自該伺服端的該認證碼時,藉由該使用端,根據該私鑰對該認證碼加密以產生並傳送一加密後的認證資料至該伺服端,以使該伺服端根據該公鑰對該加密後的認證資料解密以獲得一解密值並判斷該解密值是否等於該認證碼,且當該伺服端判定出該解密值等於該認證碼時,認證該使用端可登入至該網路平台。In step (B), when the user receives the authentication code from the server, the user encrypts the authentication code according to the private key to generate and transmit an encrypted authentication data to the server. so that the server can decrypt the encrypted authentication data according to the public key to obtain a decrypted value and judge whether the decrypted value is equal to the authentication code, and when the server determines that the decrypted value is equal to the authentication code , to authenticate that the user can log in to the network platform.

本發明的功效在於:藉由該伺服端根據該數位憑證辨識碼及該目標區塊鏈名稱,自該目標區塊鏈獲得該公鑰並傳送該認證碼至該使用端,以使該使用端根據該認證碼產生並傳送該加密後的認證資料至該伺服端,且該伺服端根據該公鑰解密該加密後的認證資料以獲得該解密值,並透過判斷該解密值是否等於該認證碼以決定是否認證該使用端登入至該網路平台,藉此,該使用端僅需傳送該數位憑證辨識碼及該目標區塊鏈名稱至該伺服端以登入該網路平台而非傳送帳號密碼至該伺服端。The effect of the present invention is: the server obtains the public key from the target blockchain according to the digital certificate identification code and the name of the target blockchain and transmits the authentication code to the user, so that the user can Generate and transmit the encrypted authentication data to the server according to the authentication code, and the server decrypts the encrypted authentication data according to the public key to obtain the decrypted value, and determines whether the decrypted value is equal to the authentication code To determine whether to authenticate the user to log in to the network platform, the user only needs to send the digital certificate identification code and the target blockchain name to the server to log in to the network platform instead of sending the account password to the server.

在本發明被詳細描述之前,應當注意在以下的說明內容中,類似的元件是以相同的編號來表示。Before the present invention is described in detail, it should be noted that in the following description, similar elements are designated by the same reference numerals.

參閱圖1,本發明平台登入方法的一實施例,藉由一系統來實施,該系統包含一伺服端1以及經由一通訊網路100連接該伺服端1的一使用端2與至少一區塊鏈3。Referring to FIG. 1 , an embodiment of the platform login method of the present invention is implemented by a system including a server 1 and a user 2 connected to the server 1 via a communication network 100 and at least one blockchain 3.

該伺服端1儲存有一用以供一使用者21登入的網路平台。The server 1 stores a network platform for a user 21 to log in.

該使用端2由該使用者21所持有,並儲存有一金鑰對中之一私鑰、該使用者21所對應之一數位憑證所對應的一數位憑證辨識碼,及儲存該數位憑證之一目標區塊鏈所對應的一目標區塊鏈名稱,其中,該數位憑證辨識碼係自該目標區塊鏈新增該數位憑證時所產生之對應該數位憑證的一雜湊值。The user 2 is held by the user 21, and stores a private key in a key pair, a digital certificate identification code corresponding to a digital certificate corresponding to the user 21, and stores the digital certificate. A target blockchain name corresponding to a target blockchain, wherein the digital certificate identification code is a hash value corresponding to the digital certificate generated when the digital certificate is added from the target blockchain.

參閱圖2,本發明平台登入方法,包含一步驟401、一步驟402、一步驟403、一步驟404、一步驟405、一步驟406,及一步驟407,並說明該伺服端1如何判斷該使用端2是否可登入至該網路平台。2, the platform login method of the present invention includes a step 401, a step 402, a step 403, a step 404, a step 405, a step 406, and a step 407, and describes how the server 1 determines the usage Whether terminal 2 can log in to the network platform.

在該步驟401中,當該伺服端1透過該通訊網路100接收到來自該使用端2的該數位憑證辨識碼及該目標區塊鏈名稱時,該伺服端1根據該目標區塊鏈名稱自該目標區塊鏈獲得該數位憑證辨識碼所對應之該數位憑證所包括的該公鑰。值得一提的是,該數位憑證係由該使用者21向一數位憑證頒發機構提出申請而獲得該數位憑證,其中該使用者21所提出的申請內容中須包括對應該使用者21的一個人資料,例如姓名、身分證字號、生日等等,因此該數位憑證中的該公鑰能夠與該使用者21有所關聯,亦即該公鑰具有實名制的特性,或是該使用端2傳送該個人資料及該公鑰至一區塊鏈系統中的一處理節點,其中該個人資料包括對應該使用者的一電話號碼,使該處理節點根據該電話號碼利用例如nexmo簡訊平台的簡訊推播技術傳送一驗證碼至該使用端2,該使用端2透過該使用者根據該驗證碼的輸入操作回傳一驗證資料至該處理節點,使該處理節點比對該驗證資料相符於該驗證碼時,根據包括該電話號碼的該個人資料利用該雜湊演算法產生相關於該個人資料的一雜湊值,並根據該雜湊值及該公鑰產生並新增包含該雜湊值及該公鑰的該數位憑證至對應該區塊鏈系統的該區塊鏈中,由於該電話號碼係對應該使用者本人,亦即該電話號碼具有實名制,因此使該數位憑證與對應該數位憑證的該公鑰同樣具有實名制的特性,另外,參閱圖3,該步驟401包括一子步驟411、一子步驟412,及一子步驟413,說明該伺服端1如何獲得該數位憑證辨識碼所對應之該數位憑證所包括的該公鑰。In step 401 , when the server 1 receives the digital certificate identification code and the target blockchain name from the user 2 through the communication network 100 , the server 1 automatically configures itself according to the target blockchain name. The target blockchain obtains the public key included in the digital certificate corresponding to the digital certificate identification code. It is worth mentioning that the digital certificate is obtained by the user 21 applying to a digital certificate issuing agency to obtain the digital certificate, wherein the content of the application submitted by the user 21 must include a personal data corresponding to the user 21, For example, name, ID number, birthday, etc., so the public key in the digital certificate can be associated with the user 21, that is, the public key has the property of real-name system, or the user 2 transmits the personal data and the public key to a processing node in a block chain system, wherein the personal data includes a phone number corresponding to the user, so that the processing node uses, for example, the short message push technology of the nexmo short message platform to send a message according to the phone number. The verification code is sent to the user 2, and the user 2 returns a verification data to the processing node through the user's input operation according to the verification code, so that when the processing node compares the verification data with the verification code, according to The personal data including the phone number uses the hash algorithm to generate a hash value related to the personal data, and generates and adds the digital certificate including the hash value and the public key to the hash value and the public key according to the hash value and the public key. In the blockchain corresponding to the blockchain system, since the phone number corresponds to the user himself, that is, the phone number has a real-name system, the digital certificate and the public key corresponding to the digital certificate have the same real-name system. In addition, referring to FIG. 3, the step 401 includes a sub-step 411, a sub-step 412, and a sub-step 413, explaining how the server 1 obtains the digital certificate corresponding to the digital certificate identification code. public key.

在該子步驟411中,當該伺服端1透過該通訊網路100接收到來自該使用端2的該數位憑證辨識碼及該目標區塊鏈名稱時,該伺服端1判斷該伺服端1所連接之該至少一區塊鏈中,是否存在有對應該目標區塊鏈名稱的該目標區塊鏈。當該伺服端1判斷不存在有對應該目標區塊鏈名稱的該目標區塊鏈時,該伺服端1產生一相關於不存在該目標區塊鏈的錯誤訊息並傳送至該使用端2,亦即該子步驟412,當該伺服端1判斷存在有對應該目標區塊鏈名稱的該目標區塊鏈時,該伺服端1根據該目標區塊鏈名稱自該目標區塊鏈獲得該數位憑證辨識碼所對應之該數位憑證所包括的該公鑰,亦即該子步驟413。In this sub-step 411, when the server 1 receives the digital certificate identification code and the target blockchain name from the user 2 through the communication network 100, the server 1 determines that the server 1 is connected to Whether there is the target blockchain corresponding to the name of the target blockchain in the at least one blockchain. When the server 1 determines that the target blockchain corresponding to the target blockchain name does not exist, the server 1 generates an error message related to the absence of the target blockchain and transmits it to the user 2, That is, in sub-step 412, when the server 1 determines that there is the target blockchain corresponding to the target blockchain name, the server 1 obtains the digit from the target blockchain according to the target blockchain name. The public key included in the digital certificate corresponding to the certificate identification code is the sub-step 413 .

在該步驟402中,該伺服端1產生一認證碼並傳送至該使用端2。而為了避免使用相同內容的認證碼時遭到不良份子竊取該相同內容的認證碼所對應的認證資料,並利用相同內容的認證碼所對應的該認證資料登入該網路平台的風險,因此該認證碼的態樣為一個一次性密碼(one-time password, OTP),使得每次產生的認證碼其內容皆不相同,進而避免上述風險。In step 402 , the server 1 generates an authentication code and sends it to the user 2 . In order to avoid the risk of bad actors stealing the authentication data corresponding to the authentication code of the same content and using the authentication data corresponding to the authentication code of the same content to log in to the network platform when using the authentication code of the same content, the The form of the authentication code is a one-time password (OTP), so that the content of the authentication code generated each time is different, thereby avoiding the above risks.

需要注意的是,在本實施例中,該伺服端1係先執行該子步驟411、該子步驟412,及該子步驟413後,並在子步驟413後,接著執行該步驟402,但在其他實施例中,該伺服端亦可在執行該子步驟411後同時執行該步驟402及該子步驟412或該子步驟413,亦即當該伺服端1透過該通訊網路100接收到來自該使用端2的該數位憑證辨識碼及該目標區塊鏈名稱時,該伺服端1產生該認證碼並傳送至該使用端2,並判斷所連接之該至少一區塊鏈中,是否存在有對應該目標區塊鏈名稱的該目標區塊鏈,當判斷存在有對應該目標區塊鏈名稱的該目標區塊鏈時,根據該目標區塊鏈名稱自該目標區塊鏈獲得該數位憑證辨識碼所對應之該數位憑證所包括的該公鑰,並接著執行步驟404;當判斷不存在有對應該目標區塊鏈名稱的該目標區塊鏈時,執行完子步驟412後流程即結束。It should be noted that, in this embodiment, the server 1 executes the sub-step 411 , the sub-step 412 , and the sub-step 413 first, and then executes the step 402 after the sub-step 413 . In other embodiments, the server can also execute the step 402 and the sub-step 412 or the sub-step 413 at the same time after executing the sub-step 411 , that is, when the server 1 receives a message from the user through the communication network 100 When the identification code of the digital certificate and the name of the target blockchain of the terminal 2, the server terminal 1 generates the verification code and transmits it to the user terminal 2, and judges whether there is a correct code in the connected at least one blockchain The target blockchain with the target blockchain name, when it is judged that there is a target blockchain corresponding to the target blockchain name, obtain the digital certificate identification from the target blockchain according to the target blockchain name The public key included in the digital certificate corresponding to the code, and then step 404 is executed; when it is determined that there is no target blockchain corresponding to the target blockchain name, the process ends after sub-step 412 is executed.

在該步驟403中,當該使用端2接收到來自該伺服端1的該認證碼時,該使用端2根據該私鑰對該認證碼加密以產生並傳送一加密後的認證資料至該伺服端1。In step 403, when the user 2 receives the authentication code from the server 1, the user 2 encrypts the authentication code according to the private key to generate and transmit an encrypted authentication data to the server end 1.

在該步驟404中,當該伺服端1自該使用端2接收到該加密後的認證資料時,該伺服端1根據該公鑰對該加密後的認證資料解密以獲得一解密值。In step 404, when the server 1 receives the encrypted authentication data from the user 2, the server 1 decrypts the encrypted authentication data according to the public key to obtain a decrypted value.

在該步驟405中,該伺服端1判斷該解密值是否等於該認證碼。當該伺服端1判斷該解密值不等於該認證碼時,該伺服端1產生一相關於該使用端2與該數位憑證並不對應的錯誤訊息並傳送至該使用端,亦即該步驟406,當該伺服端1判斷該解密值等於該認證碼時,該伺服端1確認該使用端2對應該數位憑證,並認證該使用端可登入至該網路平台,亦即該步驟407。In step 405, the server 1 determines whether the decrypted value is equal to the authentication code. When the server 1 determines that the decryption value is not equal to the authentication code, the server 1 generates an error message that the user 2 does not correspond to the digital certificate and sends it to the user, that is, step 406 , when the server 1 determines that the decryption value is equal to the authentication code, the server 1 confirms that the user 2 corresponds to the digital certificate, and authenticates that the user can log in to the network platform, that is, step 407 .

綜上所述,本發明平台登入方法,藉由該伺服端1根據該數位憑證辨識碼及該目標區塊鏈名稱,自該目標區塊鏈獲得該公鑰並傳送一認證碼至該使用端2,以使該使用端2根據該認證碼產生並傳送一加密後的認證資料至該伺服端1,且該伺服端1透過根據該公鑰解密該加密後的認證資料所獲得的該解密值是否等於該認證碼,判斷該使用端2是否可以登入該網路平台,藉此,該使用端2僅需傳送該數位憑證辨識碼及該目標區塊鏈名稱至該伺服端1以登入該網路平台而非傳送帳號密碼等個人隱私資料,避免不肖份子攔截帳號密碼等個人隱私資料,進而利用該帳號密碼非法登入該網路平台的風險。此外,對應提供不同網路平台的不同伺服端1而言,當每一伺服端1皆透過同樣的方法認證該使用端是否可以登入時,該使用者21只需藉由該使用端2傳送同一組數位憑證辨識碼及目標區塊鏈名稱至不同的伺服端1以登入不同的網路平台,而非傳送多組帳號密碼,進而節省管理用以分別登入不同網路平台的多組帳號密碼的時間與心力。另一方面,對於該伺服端1,僅需根據該數位憑證辨識碼及該目標區塊鏈名稱獲得該公鑰,並利用該公鑰解密該加密後的認證資料後獲得該解密值進而根據該解密值及該認證碼判斷該使用端2是否可以登入該網路平台,節省了建立資料庫儲存對應每一使用者的帳號密碼的資源成本,故確實能達成本發明的目的。To sum up, in the platform login method of the present invention, the server 1 obtains the public key from the target blockchain according to the digital certificate identification code and the name of the target blockchain and transmits an authentication code to the user 2, so that the user 2 generates and transmits an encrypted authentication data to the server 1 according to the authentication code, and the server 1 obtains the decrypted value by decrypting the encrypted authentication data according to the public key Whether it is equal to the authentication code, it is determined whether the user 2 can log in to the network platform, whereby the user 2 only needs to send the digital certificate identification code and the target blockchain name to the server 1 to log in to the network Instead of transmitting personal privacy information such as account passwords, the Internet platform avoids the risk of unscrupulous elements intercepting personal privacy information such as account passwords, and then using the account password to illegally log in to the online platform. In addition, for different servers 1 that provide different network platforms, when each server 1 authenticates whether the user can log in through the same method, the user 21 only needs to send the same message through the user 2 Instead of sending multiple sets of account passwords, it saves the time of managing multiple sets of account passwords for logging in to different network platforms separately time and effort. On the other hand, for the server 1, it only needs to obtain the public key according to the digital certificate identification code and the target blockchain name, and use the public key to decrypt the encrypted authentication data to obtain the decrypted value, and then obtain the decrypted value according to the The decryption value and the authentication code determine whether the user 2 can log in to the network platform, which saves the resource cost of establishing a database to store the account password corresponding to each user, and thus can indeed achieve the purpose of the present invention.

惟以上所述者,僅為本發明的實施例而已,當不能以此限定本發明實施的範圍,凡是依本發明申請專利範圍及專利說明書內容所作的簡單的等效變化與修飾,皆仍屬本發明專利涵蓋的範圍內。However, the above are only examples of the present invention, and should not limit the scope of implementation of the present invention. Any simple equivalent changes and modifications made according to the scope of the patent application of the present invention and the contents of the patent specification are still included in the scope of the present invention. within the scope of the invention patent.

1:伺服端 100:通訊網路 2:使用端 21:使用者 3:區塊鏈 401~407:步驟 411~413:子步驟1: Servo side 100: Communication Network 2: Use side 21: User 3: Blockchain 401~407: Steps 411~413: Substeps

本發明的其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中: 圖1是一方塊圖,說明執行本發明平台登入方法的一實施例之一系統; 圖2是一流程圖,說明本發明平台登入方法之實施例;及 圖3是一流程圖,說明本發明平台登入方法之實施例中的一步驟401的子步驟。 Other features and effects of the present invention will be clearly presented in the embodiments with reference to the drawings, wherein: 1 is a block diagram illustrating a system for implementing an embodiment of the platform login method of the present invention; FIG. 2 is a flow chart illustrating an embodiment of the platform login method of the present invention; and FIG. 3 is a flowchart illustrating sub-steps of a step 401 in an embodiment of the platform login method of the present invention.

401~407:步驟 401~407: Steps

Claims (4)

一種平台登入方法,藉由一伺服端實施,該伺服端包含一用以供一使用者登入的網路平台,並經由一通訊網路連接至少一區塊鏈及一由該使用者所持有的使用端,該使用端儲存有一金鑰對中之一私鑰、該使用者所對應之一數位憑證所對應的一數位憑證辨識碼,及儲存該數位憑證之一目標區塊鏈所對應的一目標區塊鏈名稱,該數位憑證包括該金鑰對中之一公鑰,該平台登入方法包含以下步驟: (A)當該伺服端自該使用端接收到該數位憑證辨識碼及該目標區塊鏈名稱時,藉由該伺服端,根據該目標區塊鏈名稱自該目標區塊鏈獲得該數位憑證辨識碼所對應之該數位憑證所包括的該公鑰; (B)藉由該伺服端,產生一認證碼並傳送至該使用端,以使該使用端根據該私鑰對該認證碼加密以產生並傳送一加密後的認證資料至該伺服端; (C)當該伺服端自該使用端接收到該加密後的認證資料時,藉由該伺服端,根據該公鑰對該加密後的認證資料解密以獲得一解密值; (D)藉由該伺服端,判斷該解密值是否等於該認證碼;及 (E)當該伺服端判定出該解密值等於該認證碼時,該伺服端認證該使用端可登入至該網路平台。 A platform login method is implemented by a server, the server includes a network platform for a user to log in, and connects at least a block chain and a blockchain held by the user via a communication network The user side stores a private key in a key pair, a digital certificate identification code corresponding to a digital certificate corresponding to the user, and a target blockchain corresponding to the digital certificate. The name of the target blockchain, the digital certificate includes a public key in the key pair, and the platform login method includes the following steps: (A) When the server receives the digital certificate identification code and the target blockchain name from the user, the server obtains the digital certificate from the target blockchain according to the target blockchain name the public key included in the digital certificate corresponding to the identification code; (B) generating an authentication code by the server and sending it to the user, so that the user encrypts the authentication code according to the private key to generate and transmit an encrypted authentication data to the server; (C) when the server receives the encrypted authentication data from the user, the server decrypts the encrypted authentication data according to the public key to obtain a decrypted value; (D) by the server, determine whether the decryption value is equal to the authentication code; and (E) When the server determines that the decryption value is equal to the authentication code, the server authenticates that the user can log in to the network platform. 如請求項1所述的平台登入方法,其中,該步驟(A)還包含以下子步驟: (A-1)當該伺服端自該使用端接收到該數位憑證辨識碼及該目標區塊鏈名稱時,藉由該伺服端,判斷該伺服端所連接之該至少一區塊鏈中,是否存在有對應該目標區塊鏈名稱的該目標區塊鏈;及 (A-2)當該伺服端確認存在有對應該目標區塊鏈名稱的該目標區塊鏈時,藉由該伺服端,根據該目標區塊鏈名稱自該目標區塊鏈獲得該數位憑證辨識碼所對應之該數位憑證所包括的該公鑰。 The platform login method according to claim 1, wherein the step (A) further comprises the following sub-steps: (A-1) When the server receives the digital certificate identification code and the target blockchain name from the user, the server determines that the server is connected to the at least one blockchain, whether there is a target blockchain corresponding to the target blockchain name; and (A-2) When the server confirms that there is the target blockchain corresponding to the target blockchain name, the server obtains the digital certificate from the target blockchain according to the target blockchain name The public key included in the digital certificate corresponding to the identification code. 一種平台登入方法,藉由一由一使用者所持有的使用端實施,該使用端經由一通訊網路連接一伺服端,並儲存有一金鑰對中之一私鑰、該使用者所對應之一數位憑證所對應的一數位憑證辨識碼,及儲存該數位憑證之一目標區塊鏈所對應的一目標區塊鏈名稱,該數位憑證包括該金鑰對中之一公鑰,該伺服端包含一用以供一使用者登入的網路平台,並經由該通訊網路連接至少一區塊鏈,該平台登入方法包含以下步驟: (A)該使用端傳送該數位憑證辨識碼及該目標區塊鏈名稱至該伺服端,以使該伺服端根據該目標區塊鏈名稱自該目標區塊鏈獲得該數位憑證辨識碼所對應之該數位憑證所包括的該公鑰,並傳送一認證碼至該使用端;及 (B)當該使用端接收來自該伺服端的該認證碼時,藉由該使用端,根據該私鑰對該認證碼加密以產生並傳送一加密後的認證資料至該伺服端,以使該伺服端根據該公鑰對該加密後的認證資料解密以獲得一解密值並判斷該解密值是否等於該認證碼,且當該伺服端判定出該解密值等於該認證碼時,認證該使用端可登入至該網路平台。 A platform login method is implemented by a user terminal held by a user, the user terminal is connected to a server terminal through a communication network, and stores a private key in a key pair, the corresponding key of the user A digital certificate identification code corresponding to a digital certificate, and a target blockchain name corresponding to a target blockchain that stores the digital certificate, the digital certificate includes a public key in the key pair, the server A network platform is included for a user to log in, and at least one block chain is connected through the communication network. The platform login method includes the following steps: (A) The user sends the digital certificate identification code and the target blockchain name to the server, so that the server obtains the corresponding digital certificate identification code from the target blockchain according to the target blockchain name. the public key included in the digital certificate, and send an authentication code to the consumer; and (B) When the user receives the authentication code from the server, the user encrypts the authentication code according to the private key to generate and transmit an encrypted authentication data to the server, so that the The server decrypts the encrypted authentication data according to the public key to obtain a decrypted value and determines whether the decrypted value is equal to the authentication code, and when the server determines that the decrypted value is equal to the authentication code, authenticate the user Can log in to the web platform. 如請求項3所述的平台登入方法,其中,在該步驟(A)中,該使用端傳送該數位憑證辨識碼及該目標區塊鏈名稱至該伺服端,以使該伺服端判斷其所連接之該至少一區塊鏈中,是否存在有對應該目標區塊鏈名稱的該目標區塊鏈,且當該伺服端確認存在有對應該目標區塊鏈名稱的該目標區塊鏈時,根據該目標區塊鏈名稱自該目標區塊鏈獲得該數位憑證辨識碼所對應之該數位憑證所包括的該公鑰。The platform login method according to claim 3, wherein, in the step (A), the user sends the digital certificate identification code and the target blockchain name to the server, so that the server can determine the Whether there is a target blockchain corresponding to the target blockchain name in the at least one connected blockchain, and when the server confirms that there is a target blockchain corresponding to the target blockchain name, The public key included in the digital certificate corresponding to the digital certificate identification code is obtained from the target blockchain according to the target blockchain name.
TW110103357A 2021-01-29 2021-01-29 Platform login method TWI759090B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW110103357A TWI759090B (en) 2021-01-29 2021-01-29 Platform login method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110103357A TWI759090B (en) 2021-01-29 2021-01-29 Platform login method

Publications (2)

Publication Number Publication Date
TWI759090B true TWI759090B (en) 2022-03-21
TW202230171A TW202230171A (en) 2022-08-01

Family

ID=81711066

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110103357A TWI759090B (en) 2021-01-29 2021-01-29 Platform login method

Country Status (1)

Country Link
TW (1) TWI759090B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180030382A1 (en) * 2016-07-26 2018-02-01 The Procter & Gamble Company Automatic Dishwashing Detergent Composition
CN107832632A (en) * 2017-10-30 2018-03-23 天逸财金科技服务股份有限公司 Asset certification authorization query method, system, electronic device and computer readable storage medium
CN110602088A (en) * 2019-09-11 2019-12-20 北京京东振世信息技术有限公司 Block chain-based right management method, block chain-based right management device, block chain-based right management equipment and block chain-based right management medium
CN110636043A (en) * 2019-08-16 2019-12-31 中国人民银行数字货币研究所 File authorization access method, device and system based on block chain

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180030382A1 (en) * 2016-07-26 2018-02-01 The Procter & Gamble Company Automatic Dishwashing Detergent Composition
CN107832632A (en) * 2017-10-30 2018-03-23 天逸财金科技服务股份有限公司 Asset certification authorization query method, system, electronic device and computer readable storage medium
CN110636043A (en) * 2019-08-16 2019-12-31 中国人民银行数字货币研究所 File authorization access method, device and system based on block chain
CN110602088A (en) * 2019-09-11 2019-12-20 北京京东振世信息技术有限公司 Block chain-based right management method, block chain-based right management device, block chain-based right management equipment and block chain-based right management medium

Also Published As

Publication number Publication date
TW202230171A (en) 2022-08-01

Similar Documents

Publication Publication Date Title
US11855980B2 (en) Trusted communication session and content delivery
US9838205B2 (en) Network authentication method for secure electronic transactions
US8532620B2 (en) Trusted mobile device based security
US9231925B1 (en) Network authentication method for secure electronic transactions
US8606234B2 (en) Methods and apparatus for provisioning devices with secrets
US10356079B2 (en) System and method for a single sign on connection in a zero-knowledge vault architecture
JP5602165B2 (en) Method and apparatus for protecting network communications
US8397281B2 (en) Service assisted secret provisioning
CN105827395A (en) Network user authentication method
JP5992535B2 (en) Apparatus and method for performing wireless ID provisioning
JP2016521029A (en) Network system comprising security management server and home network, and method for including a device in the network system
CN107347073A (en) A kind of resource information processing method
US20090319778A1 (en) User authentication system and method without password
JP6240102B2 (en) Authentication system, authentication key management device, authentication key management method, and authentication key management program
TWI652594B (en) Authentication method for login
KR102053993B1 (en) Method for Authenticating by using Certificate
EP2916509B1 (en) Network authentication method for secure user identity verification
JP2012181662A (en) Account information cooperation system
TWI759090B (en) Platform login method
TWI698113B (en) Identification method and systerm of electronic device
TWI761053B (en) Digital certificate processing method
JP2015176167A (en) Network authentication method for secure user identification information verification
JP2014081887A (en) Secure single sign-on system and program
TW201935357A (en) Method and system for electrical transaction
CN108234136B (en) A kind of safety access method, terminal device and system