TWI759090B - Platform login method - Google Patents
Platform login method Download PDFInfo
- Publication number
- TWI759090B TWI759090B TW110103357A TW110103357A TWI759090B TW I759090 B TWI759090 B TW I759090B TW 110103357 A TW110103357 A TW 110103357A TW 110103357 A TW110103357 A TW 110103357A TW I759090 B TWI759090 B TW I759090B
- Authority
- TW
- Taiwan
- Prior art keywords
- server
- user
- digital certificate
- target blockchain
- name
- Prior art date
Links
Images
Abstract
一種平台登入方法,藉由一包含一網路平台並連接至少一區塊鏈及一使用端的伺服端實施,該使用端儲存有一私鑰、一包括一公鑰的數位憑證所對應的一數位憑證辨識碼及儲存該數位憑證之一目標區塊鏈所對應的一目標區塊鏈名稱,當該伺服端自該使用端接收該數位憑證辨識碼及該目標區塊鏈名稱時,根據該目標區塊鏈名稱自該目標區塊鏈獲得該公鑰並產生一認證碼傳送至該使用端,以使該使用端根據該私鑰加密該認證碼產生並傳送一加密後的認證資料至該伺服端,並根據該公鑰解密該加密後的認證資料判斷等於該認證碼時認證該使用端可登入至該網路平台。A platform login method is implemented by a server including a network platform and connected to at least one block chain and a user, the user stores a private key, a digital certificate corresponding to a digital certificate including a public key The identification code and a target blockchain name corresponding to a target blockchain that stores the digital certificate, when the server receives the digital certificate identification code and the target blockchain name from the user, according to the target area The blockchain name obtains the public key from the target blockchain and generates an authentication code and sends it to the user, so that the user encrypts the authentication code according to the private key to generate and transmit an encrypted authentication data to the server , and decrypt the encrypted authentication data according to the public key when it is judged that the authentication code is equal to the authentication code to authenticate that the user can log in to the network platform.
Description
本發明是有關於一種使用者認證方法,特別是指一種利用數位憑證的登入方法。The present invention relates to a user authentication method, in particular to a login method using a digital certificate.
在現今社會中,一般人欲使用各種網站服務時,例如臉書或是谷歌的各種服務,使用者多是利用其使用端電子裝置先至欲使用服務的該網站註冊一組對應其自身的帳號及密碼,之後該使用端電子裝置連結至該網站並經由該使用者的輸入操作於該網站的登入頁面輸入該帳號及密碼,以使該網站的伺服端確認該帳號是否存在於該網站以及該密碼是否正確,當該伺服端確認無誤後,該使用者被允許登入該網站。然而,使用者每次登入網站時皆須輸入該帳號密碼,容易發生帳號密碼被不肖份子趁機竊取並利用該帳號密碼非法登入網站的風險。In today's society, when ordinary people want to use various website services, such as various services of Facebook or Google, users mostly use their end-use electronic devices to first go to the website where they want to use the service to register a set of accounts corresponding to themselves and After that, the user's electronic device is linked to the website and the user's input operation is used to input the account and password on the login page of the website, so that the server of the website can confirm whether the account exists in the website and the password. Is it correct? After the server confirms that it is correct, the user is allowed to log in to the website. However, users must enter the account password every time they log in to the website, which is prone to the risk that the account password will be stolen by unscrupulous elements and use the account password to illegally log in to the website.
有鑑於此,實有必要提出一種全新解決方法,以解決目前使用者需要提供帳號密碼等個人隱私資料以登入網路平台的問題。In view of this, it is necessary to propose a new solution to solve the current problem that users need to provide personal privacy information such as account numbers and passwords to log in to the online platform.
因此,本發明的目的,即在提供一種不需提供個人隱私資料的平台登入方法。Therefore, the purpose of the present invention is to provide a platform login method that does not need to provide personal privacy information.
於是,本發明平台登入方法,藉由一伺服端實施,該伺服端包含一用以供一使用者登入的網路平台,並經由一通訊網路連接至少一區塊鏈及一由該使用者所持有的使用端,該使用端儲存有一金鑰對中之一私鑰、該使用者所對應之一數位憑證所對應的一數位憑證辨識碼,及儲存該數位憑證之一目標區塊鏈所對應的一目標區塊鏈名稱,該數位憑證包括該金鑰對中之一公鑰,本發明平台登入方法包含一步驟(A)、一步驟(B)、一步驟(C)、一步驟(D),及一步驟(E)。Therefore, the platform login method of the present invention is implemented by a server terminal, the server terminal includes a network platform for a user to log in, and is connected to at least one block chain through a communication network and a user-defined network platform. A user held by the user, the user stores a private key in a key pair, a digital certificate identification code corresponding to a digital certificate corresponding to the user, and a target blockchain that stores the digital certificate. A corresponding target block chain name, the digital certificate includes a public key in the key pair, and the platform login method of the present invention includes a step (A), a step (B), a step (C), a step ( D), and a step (E).
在該步驟(A)中,當該伺服端自該使用端接收到該數位憑證辨識碼及該目標區塊鏈名稱時,藉由該伺服端,根據該目標區塊鏈名稱自該目標區塊鏈獲得該數位憑證辨識碼所對應之該數位憑證所包括的該公鑰。In this step (A), when the server receives the digital certificate identification code and the target block chain name from the user side, the server side will select the target block chain name from the target block according to the target block chain name. The chain obtains the public key included in the digital certificate corresponding to the digital certificate identification code.
在該步驟(B)中,藉由該伺服端,產生一認證碼並傳送至該使用端,以使該使用端根據該私鑰對該認證碼加密以產生並傳送一加密後的認證資料至該伺服端。In step (B), the server generates an authentication code and sends it to the user, so that the user encrypts the authentication code according to the private key to generate and transmit an encrypted authentication data to the user. the server side.
在該步驟(C)中,當該伺服端自該使用端接收到該加密後的認證資料時,藉由該伺服端,根據該公鑰對該加密後的認證資料解密以獲得一解密值。In the step (C), when the server receives the encrypted authentication data from the user, the server decrypts the encrypted authentication data according to the public key to obtain a decrypted value.
在該步驟(D)中,藉由該伺服端,判斷該解密值是否等於該認證碼。In the step (D), it is determined by the server whether the decrypted value is equal to the authentication code.
在該步驟(E)中,當該伺服端判定出該解密值等於該認證碼時,該伺服端認證該使用端可登入至該網路平台。In the step (E), when the server determines that the decryption value is equal to the authentication code, the server authenticates that the user can log in to the network platform.
再者,本發明平台登入方法,藉由一由一使用者所持有的使用端實施,該使用端經由一通訊網路連接一伺服端,並儲存有一金鑰對中之一私鑰、該使用者所對應之一數位憑證所對應的一數位憑證辨識碼,及儲存該數位憑證之一目標區塊鏈所對應的一目標區塊鏈名稱,該數位憑證包括該金鑰對中之一公鑰,該伺服端包含一用以供一使用者登入的網路平台,並經由該通訊網路連接至少一區塊鏈,該平台登入方法包含一步驟(A)及一步驟(B)。Furthermore, the platform login method of the present invention is implemented by a user terminal held by a user, the user terminal is connected to a server terminal through a communication network, and stores a private key in a key pair, the use terminal A digital certificate identification code corresponding to a digital certificate corresponding to the digital certificate, and a target blockchain name corresponding to a target blockchain that stores the digital certificate, and the digital certificate includes a public key in the key pair , the server includes a network platform for a user to log in, and is connected to at least one block chain via the communication network. The platform login method includes a step (A) and a step (B).
在該步驟(A)中,該使用端傳送該數位憑證辨識碼及該目標區塊鏈名稱至該伺服端,以使該伺服端根據該目標區塊鏈名稱自該目標區塊鏈獲得該數位憑證辨識碼所對應之該數位憑證所包括的該公鑰,並傳送一認證碼至該使用端。In step (A), the user sends the digital certificate identification code and the target blockchain name to the server, so that the server obtains the digital certificate from the target blockchain according to the target blockchain name the public key included in the digital certificate corresponding to the certificate identification code, and send an authentication code to the user.
在該步驟(B)中,當該使用端接收來自該伺服端的該認證碼時,藉由該使用端,根據該私鑰對該認證碼加密以產生並傳送一加密後的認證資料至該伺服端,以使該伺服端根據該公鑰對該加密後的認證資料解密以獲得一解密值並判斷該解密值是否等於該認證碼,且當該伺服端判定出該解密值等於該認證碼時,認證該使用端可登入至該網路平台。In step (B), when the user receives the authentication code from the server, the user encrypts the authentication code according to the private key to generate and transmit an encrypted authentication data to the server. so that the server can decrypt the encrypted authentication data according to the public key to obtain a decrypted value and judge whether the decrypted value is equal to the authentication code, and when the server determines that the decrypted value is equal to the authentication code , to authenticate that the user can log in to the network platform.
本發明的功效在於:藉由該伺服端根據該數位憑證辨識碼及該目標區塊鏈名稱,自該目標區塊鏈獲得該公鑰並傳送該認證碼至該使用端,以使該使用端根據該認證碼產生並傳送該加密後的認證資料至該伺服端,且該伺服端根據該公鑰解密該加密後的認證資料以獲得該解密值,並透過判斷該解密值是否等於該認證碼以決定是否認證該使用端登入至該網路平台,藉此,該使用端僅需傳送該數位憑證辨識碼及該目標區塊鏈名稱至該伺服端以登入該網路平台而非傳送帳號密碼至該伺服端。The effect of the present invention is: the server obtains the public key from the target blockchain according to the digital certificate identification code and the name of the target blockchain and transmits the authentication code to the user, so that the user can Generate and transmit the encrypted authentication data to the server according to the authentication code, and the server decrypts the encrypted authentication data according to the public key to obtain the decrypted value, and determines whether the decrypted value is equal to the authentication code To determine whether to authenticate the user to log in to the network platform, the user only needs to send the digital certificate identification code and the target blockchain name to the server to log in to the network platform instead of sending the account password to the server.
在本發明被詳細描述之前,應當注意在以下的說明內容中,類似的元件是以相同的編號來表示。Before the present invention is described in detail, it should be noted that in the following description, similar elements are designated by the same reference numerals.
參閱圖1,本發明平台登入方法的一實施例,藉由一系統來實施,該系統包含一伺服端1以及經由一通訊網路100連接該伺服端1的一使用端2與至少一區塊鏈3。Referring to FIG. 1 , an embodiment of the platform login method of the present invention is implemented by a system including a server 1 and a
該伺服端1儲存有一用以供一使用者21登入的網路平台。The server 1 stores a network platform for a
該使用端2由該使用者21所持有,並儲存有一金鑰對中之一私鑰、該使用者21所對應之一數位憑證所對應的一數位憑證辨識碼,及儲存該數位憑證之一目標區塊鏈所對應的一目標區塊鏈名稱,其中,該數位憑證辨識碼係自該目標區塊鏈新增該數位憑證時所產生之對應該數位憑證的一雜湊值。The
參閱圖2,本發明平台登入方法,包含一步驟401、一步驟402、一步驟403、一步驟404、一步驟405、一步驟406,及一步驟407,並說明該伺服端1如何判斷該使用端2是否可登入至該網路平台。2, the platform login method of the present invention includes a
在該步驟401中,當該伺服端1透過該通訊網路100接收到來自該使用端2的該數位憑證辨識碼及該目標區塊鏈名稱時,該伺服端1根據該目標區塊鏈名稱自該目標區塊鏈獲得該數位憑證辨識碼所對應之該數位憑證所包括的該公鑰。值得一提的是,該數位憑證係由該使用者21向一數位憑證頒發機構提出申請而獲得該數位憑證,其中該使用者21所提出的申請內容中須包括對應該使用者21的一個人資料,例如姓名、身分證字號、生日等等,因此該數位憑證中的該公鑰能夠與該使用者21有所關聯,亦即該公鑰具有實名制的特性,或是該使用端2傳送該個人資料及該公鑰至一區塊鏈系統中的一處理節點,其中該個人資料包括對應該使用者的一電話號碼,使該處理節點根據該電話號碼利用例如nexmo簡訊平台的簡訊推播技術傳送一驗證碼至該使用端2,該使用端2透過該使用者根據該驗證碼的輸入操作回傳一驗證資料至該處理節點,使該處理節點比對該驗證資料相符於該驗證碼時,根據包括該電話號碼的該個人資料利用該雜湊演算法產生相關於該個人資料的一雜湊值,並根據該雜湊值及該公鑰產生並新增包含該雜湊值及該公鑰的該數位憑證至對應該區塊鏈系統的該區塊鏈中,由於該電話號碼係對應該使用者本人,亦即該電話號碼具有實名制,因此使該數位憑證與對應該數位憑證的該公鑰同樣具有實名制的特性,另外,參閱圖3,該步驟401包括一子步驟411、一子步驟412,及一子步驟413,說明該伺服端1如何獲得該數位憑證辨識碼所對應之該數位憑證所包括的該公鑰。In
在該子步驟411中,當該伺服端1透過該通訊網路100接收到來自該使用端2的該數位憑證辨識碼及該目標區塊鏈名稱時,該伺服端1判斷該伺服端1所連接之該至少一區塊鏈中,是否存在有對應該目標區塊鏈名稱的該目標區塊鏈。當該伺服端1判斷不存在有對應該目標區塊鏈名稱的該目標區塊鏈時,該伺服端1產生一相關於不存在該目標區塊鏈的錯誤訊息並傳送至該使用端2,亦即該子步驟412,當該伺服端1判斷存在有對應該目標區塊鏈名稱的該目標區塊鏈時,該伺服端1根據該目標區塊鏈名稱自該目標區塊鏈獲得該數位憑證辨識碼所對應之該數位憑證所包括的該公鑰,亦即該子步驟413。In this
在該步驟402中,該伺服端1產生一認證碼並傳送至該使用端2。而為了避免使用相同內容的認證碼時遭到不良份子竊取該相同內容的認證碼所對應的認證資料,並利用相同內容的認證碼所對應的該認證資料登入該網路平台的風險,因此該認證碼的態樣為一個一次性密碼(one-time password, OTP),使得每次產生的認證碼其內容皆不相同,進而避免上述風險。In
需要注意的是,在本實施例中,該伺服端1係先執行該子步驟411、該子步驟412,及該子步驟413後,並在子步驟413後,接著執行該步驟402,但在其他實施例中,該伺服端亦可在執行該子步驟411後同時執行該步驟402及該子步驟412或該子步驟413,亦即當該伺服端1透過該通訊網路100接收到來自該使用端2的該數位憑證辨識碼及該目標區塊鏈名稱時,該伺服端1產生該認證碼並傳送至該使用端2,並判斷所連接之該至少一區塊鏈中,是否存在有對應該目標區塊鏈名稱的該目標區塊鏈,當判斷存在有對應該目標區塊鏈名稱的該目標區塊鏈時,根據該目標區塊鏈名稱自該目標區塊鏈獲得該數位憑證辨識碼所對應之該數位憑證所包括的該公鑰,並接著執行步驟404;當判斷不存在有對應該目標區塊鏈名稱的該目標區塊鏈時,執行完子步驟412後流程即結束。It should be noted that, in this embodiment, the server 1 executes the
在該步驟403中,當該使用端2接收到來自該伺服端1的該認證碼時,該使用端2根據該私鑰對該認證碼加密以產生並傳送一加密後的認證資料至該伺服端1。In
在該步驟404中,當該伺服端1自該使用端2接收到該加密後的認證資料時,該伺服端1根據該公鑰對該加密後的認證資料解密以獲得一解密值。In
在該步驟405中,該伺服端1判斷該解密值是否等於該認證碼。當該伺服端1判斷該解密值不等於該認證碼時,該伺服端1產生一相關於該使用端2與該數位憑證並不對應的錯誤訊息並傳送至該使用端,亦即該步驟406,當該伺服端1判斷該解密值等於該認證碼時,該伺服端1確認該使用端2對應該數位憑證,並認證該使用端可登入至該網路平台,亦即該步驟407。In
綜上所述,本發明平台登入方法,藉由該伺服端1根據該數位憑證辨識碼及該目標區塊鏈名稱,自該目標區塊鏈獲得該公鑰並傳送一認證碼至該使用端2,以使該使用端2根據該認證碼產生並傳送一加密後的認證資料至該伺服端1,且該伺服端1透過根據該公鑰解密該加密後的認證資料所獲得的該解密值是否等於該認證碼,判斷該使用端2是否可以登入該網路平台,藉此,該使用端2僅需傳送該數位憑證辨識碼及該目標區塊鏈名稱至該伺服端1以登入該網路平台而非傳送帳號密碼等個人隱私資料,避免不肖份子攔截帳號密碼等個人隱私資料,進而利用該帳號密碼非法登入該網路平台的風險。此外,對應提供不同網路平台的不同伺服端1而言,當每一伺服端1皆透過同樣的方法認證該使用端是否可以登入時,該使用者21只需藉由該使用端2傳送同一組數位憑證辨識碼及目標區塊鏈名稱至不同的伺服端1以登入不同的網路平台,而非傳送多組帳號密碼,進而節省管理用以分別登入不同網路平台的多組帳號密碼的時間與心力。另一方面,對於該伺服端1,僅需根據該數位憑證辨識碼及該目標區塊鏈名稱獲得該公鑰,並利用該公鑰解密該加密後的認證資料後獲得該解密值進而根據該解密值及該認證碼判斷該使用端2是否可以登入該網路平台,節省了建立資料庫儲存對應每一使用者的帳號密碼的資源成本,故確實能達成本發明的目的。To sum up, in the platform login method of the present invention, the server 1 obtains the public key from the target blockchain according to the digital certificate identification code and the name of the target blockchain and transmits an authentication code to the
惟以上所述者,僅為本發明的實施例而已,當不能以此限定本發明實施的範圍,凡是依本發明申請專利範圍及專利說明書內容所作的簡單的等效變化與修飾,皆仍屬本發明專利涵蓋的範圍內。However, the above are only examples of the present invention, and should not limit the scope of implementation of the present invention. Any simple equivalent changes and modifications made according to the scope of the patent application of the present invention and the contents of the patent specification are still included in the scope of the present invention. within the scope of the invention patent.
1:伺服端
100:通訊網路
2:使用端
21:使用者
3:區塊鏈
401~407:步驟
411~413:子步驟1: Servo side
100: Communication Network
2: Use side
21: User
3:
本發明的其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中:
圖1是一方塊圖,說明執行本發明平台登入方法的一實施例之一系統;
圖2是一流程圖,說明本發明平台登入方法之實施例;及
圖3是一流程圖,說明本發明平台登入方法之實施例中的一步驟401的子步驟。
Other features and effects of the present invention will be clearly presented in the embodiments with reference to the drawings, wherein:
1 is a block diagram illustrating a system for implementing an embodiment of the platform login method of the present invention;
FIG. 2 is a flow chart illustrating an embodiment of the platform login method of the present invention; and
FIG. 3 is a flowchart illustrating sub-steps of a
401~407:步驟 401~407: Steps
Claims (4)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW110103357A TWI759090B (en) | 2021-01-29 | 2021-01-29 | Platform login method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW110103357A TWI759090B (en) | 2021-01-29 | 2021-01-29 | Platform login method |
Publications (2)
Publication Number | Publication Date |
---|---|
TWI759090B true TWI759090B (en) | 2022-03-21 |
TW202230171A TW202230171A (en) | 2022-08-01 |
Family
ID=81711066
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW110103357A TWI759090B (en) | 2021-01-29 | 2021-01-29 | Platform login method |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI759090B (en) |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180030382A1 (en) * | 2016-07-26 | 2018-02-01 | The Procter & Gamble Company | Automatic Dishwashing Detergent Composition |
CN107832632A (en) * | 2017-10-30 | 2018-03-23 | 天逸财金科技服务股份有限公司 | Asset certification authorization query method, system, electronic device and computer readable storage medium |
CN110602088A (en) * | 2019-09-11 | 2019-12-20 | 北京京东振世信息技术有限公司 | Block chain-based right management method, block chain-based right management device, block chain-based right management equipment and block chain-based right management medium |
CN110636043A (en) * | 2019-08-16 | 2019-12-31 | 中国人民银行数字货币研究所 | File authorization access method, device and system based on block chain |
-
2021
- 2021-01-29 TW TW110103357A patent/TWI759090B/en active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20180030382A1 (en) * | 2016-07-26 | 2018-02-01 | The Procter & Gamble Company | Automatic Dishwashing Detergent Composition |
CN107832632A (en) * | 2017-10-30 | 2018-03-23 | 天逸财金科技服务股份有限公司 | Asset certification authorization query method, system, electronic device and computer readable storage medium |
CN110636043A (en) * | 2019-08-16 | 2019-12-31 | 中国人民银行数字货币研究所 | File authorization access method, device and system based on block chain |
CN110602088A (en) * | 2019-09-11 | 2019-12-20 | 北京京东振世信息技术有限公司 | Block chain-based right management method, block chain-based right management device, block chain-based right management equipment and block chain-based right management medium |
Also Published As
Publication number | Publication date |
---|---|
TW202230171A (en) | 2022-08-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11855980B2 (en) | Trusted communication session and content delivery | |
US9838205B2 (en) | Network authentication method for secure electronic transactions | |
US8532620B2 (en) | Trusted mobile device based security | |
US9231925B1 (en) | Network authentication method for secure electronic transactions | |
US8606234B2 (en) | Methods and apparatus for provisioning devices with secrets | |
US10356079B2 (en) | System and method for a single sign on connection in a zero-knowledge vault architecture | |
JP5602165B2 (en) | Method and apparatus for protecting network communications | |
US8397281B2 (en) | Service assisted secret provisioning | |
CN105827395A (en) | Network user authentication method | |
JP5992535B2 (en) | Apparatus and method for performing wireless ID provisioning | |
JP2016521029A (en) | Network system comprising security management server and home network, and method for including a device in the network system | |
CN107347073A (en) | A kind of resource information processing method | |
US20090319778A1 (en) | User authentication system and method without password | |
JP6240102B2 (en) | Authentication system, authentication key management device, authentication key management method, and authentication key management program | |
TWI652594B (en) | Authentication method for login | |
KR102053993B1 (en) | Method for Authenticating by using Certificate | |
EP2916509B1 (en) | Network authentication method for secure user identity verification | |
JP2012181662A (en) | Account information cooperation system | |
TWI759090B (en) | Platform login method | |
TWI698113B (en) | Identification method and systerm of electronic device | |
TWI761053B (en) | Digital certificate processing method | |
JP2015176167A (en) | Network authentication method for secure user identification information verification | |
JP2014081887A (en) | Secure single sign-on system and program | |
TW201935357A (en) | Method and system for electrical transaction | |
CN108234136B (en) | A kind of safety access method, terminal device and system |