TWM549918U - Cross verification system implemented along with a mobile device - Google Patents

Cross verification system implemented along with a mobile device Download PDF

Info

Publication number
TWM549918U
TWM549918U TW106207252U TW106207252U TWM549918U TW M549918 U TWM549918 U TW M549918U TW 106207252 U TW106207252 U TW 106207252U TW 106207252 U TW106207252 U TW 106207252U TW M549918 U TWM549918 U TW M549918U
Authority
TW
Taiwan
Prior art keywords
mobile device
dimensional barcode
app
server
hash value
Prior art date
Application number
TW106207252U
Other languages
Chinese (zh)
Inventor
王瑤璋
Original Assignee
台新國際商業銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 台新國際商業銀行股份有限公司 filed Critical 台新國際商業銀行股份有限公司
Priority to TW106207252U priority Critical patent/TWM549918U/en
Publication of TWM549918U publication Critical patent/TWM549918U/en

Links

Landscapes

  • Telephone Function (AREA)

Description

配合一行動裝置實現的交互驗證系統Interactive verification system implemented with a mobile device

本創作係關於一種交互驗證系統,特別係關於一種配合一行動裝置實現的交互驗證系統。This creation is about an interactive verification system, in particular, an interactive verification system implemented in conjunction with a mobile device.

隨著網際網路普及化,金融業者不斷新增不同機能的連外渠道,以開拓業務發展,並確保營運服務品質。例如:增加各式網站功能、各式行動裝置APP功能、遠端連線行動辦公室、遠端維護作業系統等連外渠道。相較於早年僅開放分行、ATM據點的營運模式及連外方式(封閉網路至開放網路),已完全不同。With the popularity of the Internet, financial operators are constantly adding new channels of different functions to develop business development and ensure the quality of operational services. For example: increase the various website functions, various mobile device APP functions, remote connection action office, remote maintenance operation system and other external channels. Compared with the opening of branches, the operation mode of ATM bases and the external mode (closed network to open network), it is completely different.

然而,網際網路之安全性存有疑慮,近年來駭客不斷發展出各種電腦病毒、蠕蟲、釣魚網站、社交工程、側錄型木馬程式等攻擊手段,其目的在於取得電腦系統資源,進而獲取不法利益。現行多數金融業者仍依循傳統模式,以密碼管制電腦系統資源,是以駭客亦多以竊取系統密碼作為攻擊手段的目標。面對這種攻擊手法,現行多數金融業者仍多以要求增長密碼長度、限制密碼編碼規則、縮短密碼變更週期、加強員工資安訓練或增添各式資安機能的軟硬體設備等防護措施,以保護電腦系統資源。惟此種方式治標不治本,一旦使用者帳號與密碼遭到竊取時,駭客即有機會冒用使用者身份,自行內(Intranet)或行外(Internet)登入電腦系統竊取資料,對於金融業者將可能衍生機敏資料外洩、財務與商譽損失、甚或危及公司營運等災難。However, there are doubts about the security of the Internet. In recent years, hackers have continuously developed various computer viruses, worms, phishing websites, social projects, and side-recording Trojans. The purpose is to obtain computer system resources, and then Get illegal benefits. Most of the current financial industry still follow the traditional model, using passwords to control computer system resources, which is the target of hackers to steal system passwords as a means of attack. In the face of this kind of attack, most financial companies still use protective measures such as increasing the length of passwords, restricting password coding rules, shortening the password change cycle, strengthening employee security training, or adding various hardware and software devices. To protect computer system resources. However, if the user's account number and password are stolen, the hacker has the opportunity to fraudulently use the user's identity and log in to the computer system to steal information on the intranet or the Internet. Disasters may be derived from the leakage of sensitive information, loss of financial and goodwill, or even the operation of the company.

職此之故,如何提供一種驗證系統,即為金融業者面臨之重要課題,其重要性可見一斑。For this reason, how to provide a verification system, which is an important issue facing financial institutions, is evident in its importance.

有鑑於此,本創作提供一種配合一行動裝置實現的交互驗證系統,可用以解決上開問題。In view of this, the present invention provides an interactive verification system implemented with a mobile device, which can be used to solve the above problem.

在一方面,本創作揭示一種配合一行動裝置實現的交互驗證系統。該配合一行動裝置實現的交互驗證系統包含一伺服器、一二維條碼以及一軟體產品(App)。該二維條碼由該伺服器產生。該軟體產品下載自該伺服器,並安裝於該行動裝置。In one aspect, the present disclosure discloses an interactive verification system implemented in conjunction with a mobile device. The interactive verification system implemented by the mobile device includes a server, a two-dimensional barcode, and a software product (App). The two-dimensional barcode is generated by the server. The software product is downloaded from the server and installed on the mobile device.

其中,該二維條碼藉由包含下列步驟之方法產生:該伺服器接收一使用者帳號、該行動裝置的一識別資訊、以及一文摘,自複數個組合方法中隨機挑選一特定組合方法,並根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第一金鑰;以及該伺服器基於該第一金鑰對一原碼內容進行加密,以獲得一加密內容,並根據該加密內容產生該二維條碼,其中該原碼內容包括該文摘、以及該第一金鑰的一第一雜湊值,該第一雜湊值藉由一雜湊方法產生。The two-dimensional barcode is generated by the method comprising: receiving, by the server, a user account, an identification information of the mobile device, and an abstract, randomly selecting a specific combination method from the plurality of combination methods, and Combining the user account and the identification information according to the specific combination method to generate a first key; and the server encrypts an original code content based on the first key to obtain an encrypted content, and according to the The encrypted content generates the two-dimensional barcode, wherein the original code content includes the abstract and a first hash value of the first key, the first hash value being generated by a hash method.

其中,該伺服器基於該第一金鑰對該使用者帳號加密以獲得一App標籤檔,並提供予該行動裝置儲存。此外,該伺服器、該二維條碼以及該App係藉由包含以下步驟之方法互相驗證:該App向該伺服器傳送該使用者密碼以及取得自該行動裝置之該App標籤檔,該伺服器確認無誤後,向該App傳送一加密資訊、以及該第一雜湊值,該加密資訊包括:用於辨識該特定組合方法之第一編號;該App自該行動裝置取得該使用者帳號及該識別資訊,並根據該第一編號挑選出該特定組合方法,再根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第二金鑰;該App藉由該雜湊方法產生該第二金鑰的一第二雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性,若驗證通過,在該行動裝置上顯示一掃描介面,用於掃描該二維條碼;及該App藉由該第二金鑰解譯所讀取到的該二維條碼的該加密內容,以得到該原碼內容及其中的該第一雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性。The server encrypts the user account based on the first key to obtain an App tag file, and provides the mobile device with storage. In addition, the server, the two-dimensional barcode, and the application are mutually authenticated by a method comprising: the App transmitting the user password to the server and the App label file obtained from the mobile device, the server After the confirmation is correct, the encrypted information and the first hash value are transmitted to the App, and the encrypted information includes: a first number for identifying the specific combination method; the App obtains the user account and the identification from the mobile device Information, and selecting the specific combination method according to the first number, and combining the user account and the identification information according to the specific combination method to generate a second key; the App generates the second by the hash method a second hash value of the key, and verifying the consistency of the first hash value and the second hash value, if the verification is passed, displaying a scan interface on the mobile device for scanning the two-dimensional barcode; The app interprets the encrypted content of the two-dimensional barcode read by the second key to obtain the original code content and the first hash value thereof, and verifies the first hash value and the first Consistency hash value.

根據本創作,該二維條碼較佳為一實體二維條碼,包括一基質及顯示於其上的二維條碼。According to the present invention, the two-dimensional barcode is preferably a solid two-dimensional barcode comprising a substrate and a two-dimensional barcode displayed thereon.

在本創作之部分具體實施例中,該二維條碼為一QR碼(QR code)。In some embodiments of the present creation, the two-dimensional barcode is a QR code.

在本創作之部分具體實施例中,該軟體產品內建有複數個組合方法及其對應的編號,使該軟體產品可根據該編號挑選出該特定組合方法。In some embodiments of the present invention, the software product has a plurality of combination methods and corresponding numbers embedded therein, so that the software product can select the specific combination method according to the number.

在本創作之部分具體實施例中,該文摘係由該行動裝置之使用者自行選擇。In some embodiments of the present work, the abstract is selected by the user of the mobile device.

在本創作之部分具體實施例中,所述識別資訊包含IMEI、UDID、鑰匙圈(Keychain)、MAC位址、手機號碼或其組合。In some specific embodiments of the present invention, the identification information includes an IMEI, a UDID, a keychain, a MAC address, a mobile number, or a combination thereof.

另一方面,本創作提供一種配合一行動裝置實現的交互驗證方法。該配合一行動裝置實現的交互驗證方法包含下列步驟:一伺服器產生一二維條碼,其中該二維條碼藉由包含下列步驟之方法產生:接收一使用者帳號、該行動裝置的一識別資訊、以及一文摘,自複數個組合方法中隨機挑選一特定組合方法,並根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第一金鑰;及基於該第一金鑰對一原碼內容進行加密,以獲得一加密內容,並根據該加密內容產生該二維條碼,其中該原碼內容包括該文摘、以及該第一金鑰的一第一雜湊值,該第一雜湊值藉由一雜湊方法產生;該伺服器基於該第一金鑰對該使用者帳號加密以獲得一App標籤檔,並提供予該行動裝置儲存;一軟體產品(App),下載自該伺服器並安裝於該行動裝置,向該伺服器傳送該使用者密碼以及取得自該行動裝置之該App標籤檔,該伺服器確認無誤後,向該App傳送一加密資訊、以及該第一雜湊值,該加密資訊包括:用於辨識該特定組合方法之第一編號;該App自該行動裝置取得該使用者帳號及該識別資訊,並根據該第一編號挑選出該特定組合方法,再根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第二金鑰;該App藉由該雜湊方法產生該第二金鑰的一第二雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性,若驗證通過,在該行動裝置上顯示一掃描介面,用於掃描該二維條碼;及該App藉由該第二金鑰解譯所讀取到的該二維條碼的該加密內容,以得到該原碼內容及其中的該第一雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性。On the other hand, the present invention provides an interactive verification method implemented in conjunction with a mobile device. The interactive verification method implemented by the mobile device includes the following steps: a server generates a two-dimensional barcode, wherein the two-dimensional barcode is generated by the method comprising: receiving a user account, and identifying information of the mobile device; And an abstract, randomly selecting a specific combination method from the plurality of combination methods, and combining the user account and the identification information according to the specific combination method to generate a first key; and based on the first key pair An original code content is encrypted to obtain an encrypted content, and the two-dimensional barcode is generated according to the encrypted content, wherein the original code content includes the abstract, and a first hash value of the first key, the first hash The value is generated by a hash method; the server encrypts the user account based on the first key to obtain an App tag file, and provides the mobile device with storage; a software product (App) is downloaded from the server. And installing on the mobile device, transmitting the user password to the server and the App label file obtained from the mobile device, and the server confirms the error Transmitting, to the App, an encrypted information, and the first hash value, the encrypted information includes: a first number for identifying the specific combination method; the App obtains the user account and the identification information from the mobile device, and according to the The first number selects the specific combination method, and then combines the user account and the identification information according to the specific combination method to generate a second key; the App generates the second key by the hash method. a second hash value, and verifying the consistency of the first hash value and the second hash value, if the verification is passed, displaying a scan interface on the mobile device for scanning the two-dimensional barcode; and the App is The second key interprets the encrypted content of the read two-dimensional barcode to obtain the original code content and the first hash value thereof, and verify that the first hash value is consistent with the second hash value Sex.

在本創作之部分具體實施例中,該二維條碼為一實體二維條碼,包括一基質及顯示於其上的二維條碼。In some embodiments of the present invention, the two-dimensional barcode is a physical two-dimensional barcode comprising a substrate and a two-dimensional barcode displayed thereon.

在本創作之部分具體實施例中,該二維條碼為一QR碼(QR code)。In some embodiments of the present creation, the two-dimensional barcode is a QR code.

在本創作之部分具體實施例中,該文摘係由該行動裝置之使用者自行選擇。In some embodiments of the present work, the abstract is selected by the user of the mobile device.

在本創作之部分具體實施例中,該軟體產品內建有複數個組合方法及其對應的編號,使該軟體產品可根據該編號挑選出該特定組合方法。In some embodiments of the present invention, the software product has a plurality of combination methods and corresponding numbers embedded therein, so that the software product can select the specific combination method according to the number.

在本創作之部分具體實施例中,所述識別資訊包含IMEI、UDID、鑰匙圈(Keychain)、MAC位址、手機號碼或其組合。In some specific embodiments of the present invention, the identification information includes an IMEI, a UDID, a keychain, a MAC address, a mobile number, or a combination thereof.

本創作所揭露之配合一行動裝置實現的交互驗證系統及方法,在行動裝置及伺服器產生之二維條碼二者相互分離之情況下,可用於提供一種安全登入機制,以令使用者不需要密碼即可登入辦公室電腦系統,一改習知以使用者帳號及密碼做為登入辦公室電腦系統的唯一身份鑑別機制。再者,由於本創作所揭露之配合一行動裝置實現的交互驗證系統及方法並不需要密碼,對於使用者而言並沒有保管、變更、遺失、遭竊或忘記密碼之負擔及風險。此外,駭客亦無法藉由病毒、蠕蟲、釣魚網站、社交工程、木馬程式、APT等攻擊手段,取得辦公室電腦系統登入權限(密碼)。The interactive verification system and method implemented by the present invention combined with a mobile device can be used to provide a secure login mechanism for users not to be separated when the mobile device and the two-dimensional barcode generated by the server are separated from each other. The password can be used to log into the office computer system, and the user identification and password can be used as the unique identity authentication mechanism for logging into the office computer system. Moreover, since the interactive verification system and method implemented by the present invention combined with a mobile device does not require a password, there is no burden or risk to the user to store, change, lose, stolen or forget the password. In addition, hackers cannot obtain access to the office computer system (password) through attacks such as viruses, worms, phishing websites, social projects, Trojans, and APT.

本創作之其他目的及優點一部分記載於下述說明中,或可透過本創作的實施例而理解。應了解前文之創作內容及下文之實施方式僅為例示性及闡釋性之說明,而非如申請專利範圍般限定本創作。Other objects and advantages of the present invention are described in the following description or may be understood by the embodiments of the present invention. It is to be understood that the foregoing description of the present invention and the following description of the present invention are intended to be illustrative and illustrative only.

需注意的是,除非另有指明,所有在此處使用的技術性和科學性術語具有如同本創作所屬技術領域中之通常技術者一般所瞭解的意義。再者,本說明書所使用的「一」乙詞,如未特別指明,係指至少一個(一個或一個以上)之數量,合先說明。It is to be noted that all technical and scientific terms used herein have the meaning as commonly understood by one of ordinary skill in the art to which this invention belongs, unless otherwise indicated. In addition, the word "a" used in the specification, unless otherwise specified, means the quantity of at least one (one or more).

在一方面,本創作提供一種配合一行動裝置實現的交互驗證系統,其包含一伺服器、一二維條碼以及一軟體產品(App)。該二維條碼由該伺服器產生。該軟體產品下載自該伺服器,並安裝於該行動裝置。其中,該二維條碼藉由包含下列步驟之方法產生:該伺服器接收(例如,由該行動裝置的使用者自行登錄)一使用者帳號、該行動裝置的一識別資訊、以及一文摘,自複數個組合方法中隨機挑選一特定組合方法,並根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第一金鑰;該伺服器基於該第一金鑰對一原碼內容進行加密,以獲得一加密內容,並根據該加密內容產生該二維條碼,其中該原碼內容包括該文摘、以及該第一金鑰的一第一雜湊值,該第一雜湊值藉由一雜湊方法產生。In one aspect, the present disclosure provides an interactive verification system implemented in conjunction with a mobile device that includes a server, a two-dimensional barcode, and a software product (App). The two-dimensional barcode is generated by the server. The software product is downloaded from the server and installed on the mobile device. The two-dimensional barcode is generated by the method comprising: the server receiving (for example, logging in by the user of the mobile device) a user account, an identification information of the mobile device, and an abstract, Selecting a specific combination method in a plurality of combination methods, and combining the user account and the identification information according to the specific combination method to generate a first key; the server is based on the first key content of the first key pair Encrypting to obtain an encrypted content, and generating the two-dimensional barcode according to the encrypted content, wherein the original code content includes the abstract, and a first hash value of the first key, the first hash value is The hash method is produced.

該伺服器基於該第一金鑰對該使用者帳號加密以獲得一App標籤檔,並提供予該行動裝置儲存。此外,該伺服器、該二維條碼以及該App係藉由包含以下步驟之方法互相驗證:該App向該伺服器傳送該使用者密碼以及取得自該行動裝置之該App標籤檔,該伺服器確認無誤後,向該App傳送一加密資訊、以及該第一雜湊值,該加密資訊包括:用於辨識該特定組合方法之第一編號;該App自該行動裝置取得該使用者帳號及該識別資訊,並根據該第一編號挑選出該特定組合方法,再根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第二金鑰;該App藉由該雜湊方法產生該第二金鑰的一第二雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性,若驗證通過,在該行動裝置上顯示一掃描介面,用於掃描該二維條碼;及該App藉由該第二金鑰解譯所讀取到的該二維條碼的該加密內容,以得到該原碼內容及其中的該第一雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性。The server encrypts the user account based on the first key to obtain an App tag file and provides the mobile device with storage. In addition, the server, the two-dimensional barcode, and the application are mutually authenticated by a method comprising: the App transmitting the user password to the server and the App label file obtained from the mobile device, the server After the confirmation is correct, the encrypted information and the first hash value are transmitted to the App, and the encrypted information includes: a first number for identifying the specific combination method; the App obtains the user account and the identification from the mobile device Information, and selecting the specific combination method according to the first number, and combining the user account and the identification information according to the specific combination method to generate a second key; the App generates the second by the hash method a second hash value of the key, and verifying the consistency of the first hash value and the second hash value, if the verification is passed, displaying a scan interface on the mobile device for scanning the two-dimensional barcode; The app interprets the encrypted content of the two-dimensional barcode read by the second key to obtain the original code content and the first hash value thereof, and verifies the first hash value and the first Consistency hash value.

根據本創作,所配合之該行動裝置包括但不限於一平板電腦或一智慧型手機。該行動裝置可包含一儲存單元,儲存有該軟體產品之程式碼,以及一處理單元,用於執行該軟體產品之程式碼。在本創作之較佳具體實施例中,所配合之該行動裝置為一智慧型手機。例如,使用者可透過該軟體產品輸入該使用者帳號及一啟用密碼,以登入該伺服器。該啟用密碼可於該軟體產品及其與該行動裝置之綁定經該伺服器認證後,由該伺服器傳送予該使用者。According to the present creation, the mobile device is included, but is not limited to a tablet computer or a smart phone. The mobile device can include a storage unit storing the code of the software product, and a processing unit for executing the code of the software product. In a preferred embodiment of the present invention, the mobile device is a smart phone. For example, the user can enter the user account and an activation password through the software product to log in to the server. The activation password can be transmitted by the server to the user after the software product and its binding to the mobile device are authenticated by the server.

本創作之系統可進一步包含該行動裝置,換言之,本創作亦提供一種交互驗證系統,其包含如上述之伺服器、二維條碼、行動裝置及軟體產品(App)。The system of the present invention may further include the mobile device. In other words, the present invention also provides an interactive verification system including the server, the two-dimensional barcode, the mobile device, and the software product (App) as described above.

根據本創作,該軟體產品較佳係為一行動軟體產品(mobile application, App)。According to the present creation, the software product is preferably a mobile application (App).

根據本創作之較佳具體實施例,該App標籤檔係隨該App下載至該行動裝置。According to a preferred embodiment of the present invention, the App tag file is downloaded to the mobile device with the App.

在本創作之部分具體實施例中,該二維條碼為一實體二維條碼,包括一基質及顯示於其上的二維條碼。例如,該二維條碼為一二維條碼貼紙,使用者可將該二維條碼貼紙黏貼於(該行動裝置之外的)一隨身物品,以便於需要時藉由該行動裝置掃描。In some embodiments of the present invention, the two-dimensional barcode is a physical two-dimensional barcode comprising a substrate and a two-dimensional barcode displayed thereon. For example, the two-dimensional barcode is a two-dimensional barcode sticker, and the user can paste the two-dimensional barcode sticker on a portable item (other than the mobile device) so as to be scanned by the mobile device when needed.

在本創作之部分具體實施例中,該二維條碼為一QR碼(QR code)。In some embodiments of the present creation, the two-dimensional barcode is a QR code.

根據本創作之一較佳具體實施例,該文摘為一使用者自選文摘。According to a preferred embodiment of the present invention, the abstract is a user-selected abstract.

在本創作之部分具體實施例中,該識別資訊包含IMEI、UDID、鑰匙圈(Keychain)、MAC位址、手機號碼或其組合。In some embodiments of the present invention, the identification information includes an IMEI, a UDID, a Keychain, a MAC address, a mobile number, or a combination thereof.

在本創作之部分具體實施例中,該軟體產品內建有複數個組合方法及其對應的編號,使該軟體產品可根據該編號挑選出該特定組合方法。In some embodiments of the present invention, the software product has a plurality of combination methods and corresponding numbers embedded therein, so that the software product can select the specific combination method according to the number.

另一方面,本創作提供一種配合一行動裝置實現的交互驗證方法,該方法包含:一伺服器產生一二維條碼,其中該二維條碼藉由包含下列步驟之方法產生:接收一使用者帳號、該行動裝置的一識別資訊、以及一文摘,自複數個組合方法中隨機挑選一特定組合方法,並根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第一金鑰;及基於該第一金鑰對一原碼內容進行加密,以獲得一加密內容,並根據該加密內容產生該二維條碼,其中該原碼內容包括該文摘、以及該第一金鑰的一第一雜湊值,該第一雜湊值藉由一雜湊方法產生;該伺服器基於該第一金鑰對該使用者帳號加密以獲得一App標籤檔,並提供予該行動裝置儲存;一軟體產品(App),下載自該伺服器並安裝於該行動裝置,向該伺服器傳送該使用者密碼以及取得自該行動裝置之該App標籤檔,該伺服器確認無誤後,向該App傳送一加密資訊、以及該第一雜湊值,該加密資訊包括:用於辨識該特定組合方法之第一編號;該App自該行動裝置取得該使用者帳號及該識別資訊,並根據該第一編號挑選出該特定組合方法,再根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第二金鑰;該App藉由該雜湊方法產生該第二金鑰的一第二雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性,若驗證通過,在該行動裝置上顯示一掃描介面,用於掃描該二維條碼;及該App藉由該第二金鑰解譯所讀取到的該二維條碼的該加密內容,以得到該原碼內容及其中的該第一雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性。In another aspect, the present invention provides an interactive verification method implemented by a mobile device, the method comprising: a server generating a two-dimensional barcode, wherein the two-dimensional barcode is generated by the method comprising: receiving a user account An identification information of the mobile device, and an abstract, randomly selecting a specific combination method from the plurality of combination methods, and combining the user account and the identification information according to the specific combination method to generate a first key; And encrypting an original code content based on the first key to obtain an encrypted content, and generating the two-dimensional barcode according to the encrypted content, wherein the original code content includes the abstract, and a first key of the first key a hash value, the first hash value is generated by a hash method; the server encrypts the user account based on the first key to obtain an App tag file, and provides the mobile device with storage; a software product ( App), downloaded from the server and installed in the mobile device, transmitting the user password to the server and the App tag obtained from the mobile device After the server confirms that the error is correct, transmitting an encrypted information and the first hash value to the App, the encrypted information includes: a first number for identifying the specific combination method; the App obtains the user from the mobile device An account number and the identification information, and selecting the specific combination method according to the first number, and combining the user account and the identification information according to the specific combination method to generate a second key; the App uses the hash method Generating a second hash value of the second key, and verifying the consistency of the first hash value and the second hash value. If the verification is passed, displaying a scan interface on the mobile device for scanning the two-dimensional a barcode; and the app interprets the encrypted content of the two-dimensional barcode read by the second key to obtain the original code content and the first hash value thereof, and verify the first hash value Consistency with the second hash value.

在本創作之部分具體實施例中,該文摘係由該行動裝置之使用者自行選擇。In some embodiments of the present work, the abstract is selected by the user of the mobile device.

在本創作之部分具體實施例中,該二維條碼為一實體二維條碼,包括一基質及顯示於其上的二維條碼。在本創作之部分具體實施例中,該二維條碼為一QR碼(QR code)。In some embodiments of the present invention, the two-dimensional barcode is a physical two-dimensional barcode comprising a substrate and a two-dimensional barcode displayed thereon. In some embodiments of the present creation, the two-dimensional barcode is a QR code.

根據本創作之較佳具體實施例,該App標籤檔係隨該App下載至該行動裝置。According to a preferred embodiment of the present invention, the App tag file is downloaded to the mobile device with the App.

根據本創作之一較佳具體實施例,該文摘為一使用者自選文摘。According to a preferred embodiment of the present invention, the abstract is a user-selected abstract.

在本創作之部分具體實施例中,該識別資訊包含IMEI、UDID、鑰匙圈(Keychain)、MAC位址、手機號碼或其組合。In some embodiments of the present invention, the identification information includes an IMEI, a UDID, a Keychain, a MAC address, a mobile number, or a combination thereof.

在本創作之部分具體實施例中,該軟體產品內建有複數個組合方法及其對應的編號,使該軟體產品可根據該編號挑選出該特定組合方法。In some embodiments of the present invention, the software product has a plurality of combination methods and corresponding numbers embedded therein, so that the software product can select the specific combination method according to the number.

現配合圖1及圖2說明本創作之配合一行動裝置實現的交互驗證系統及方法的較佳具體實施例。A preferred embodiment of the interactive verification system and method implemented by the mobile device in conjunction with FIG. 1 and FIG. 2 will now be described.

請參見圖1,所示為本創作之一具體實施例之配合一行動裝置實現的交互驗證系統。在本具體實施例中,配合一行動裝置實現的交互驗證系統1包含一伺服器10、一二維條碼11以及一軟體產品12。該二維條碼11由該伺服器10產生。該軟體產品12下載自該伺服器10,並安裝於一行動裝置9。Referring to FIG. 1, an interactive verification system implemented by a mobile device according to an embodiment of the present invention is shown. In this embodiment, the interactive verification system 1 implemented by a mobile device includes a server 10, a two-dimensional barcode 11 and a software product 12. The two-dimensional barcode 11 is generated by the server 10. The software product 12 is downloaded from the server 10 and mounted to a mobile device 9.

在本創作之部分具體實施例中,該二維條碼11為一實體二維條碼,包括一基質及顯示於其上的二維條碼。該二維條碼11藉由包含下列步驟之方法產生:該伺服器10接收(例如,由該行動裝置9的使用者自行登錄)一使用者帳號、該行動裝置9的一識別資訊、以及一文摘,自複數個組合方法中隨機挑選一特定組合方法,並根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第一金鑰。In some embodiments of the present invention, the two-dimensional barcode 11 is a solid two-dimensional barcode comprising a substrate and a two-dimensional barcode displayed thereon. The two-dimensional barcode 11 is generated by a method comprising: the server 10 receiving (for example, logging in by the user of the mobile device 9) a user account, an identification information of the mobile device 9, and an abstract And randomly selecting a specific combination method from the plurality of combination methods, and combining the user account and the identification information according to the specific combination method to generate a first key.

於部分具體實施例中,該文摘為一使用者自選文摘。例如,由使用者自行選擇的一篇短文或一段歌詞等等。其中,該文摘之位元數較佳係介於512位元至1024位元之間。此外,該特定組合方法係將該使用者帳號及該識別資訊做隨機組合,其組合方式包括但不限於:單一欄位或多欄位的完整資料組合,多欄位之部份資料組合,及/或同一欄位資料的多次組合。In some embodiments, the abstract is a user-selected abstract. For example, a short essay or a piece of lyrics, etc., selected by the user. The number of bits in the abstract is preferably between 512 and 1024 bits. In addition, the specific combination method randomly combines the user account and the identification information, and the combination manner includes but is not limited to: a complete data combination of a single field or multiple fields, a partial data combination of multiple fields, and / or multiple combinations of the same field data.

該伺服器10基於該第一金鑰對一原碼內容進行加密,以獲得一加密內容,並根據該加密內容產生該二維條碼11。其中該原碼內容包括該文摘、以及該第一金鑰的一第一雜湊值,該第一雜湊值藉由一雜湊方法產生。The server 10 encrypts an original code content based on the first key to obtain an encrypted content, and generates the two-dimensional barcode 11 according to the encrypted content. The content of the original code includes the digest, and a first hash value of the first key, the first hash value is generated by a hash method.

此外,該伺服器10基於該第一金鑰對該使用者帳號加密以獲得一App標籤檔,並提供予該行動裝置9儲存。其中,該伺服器10、該二維條碼11以及該App係藉由包含以下步驟之方法互相驗證:該App向該伺服器10傳送該使用者密碼以及取得自該行動裝置9之該App標籤檔,該伺服器10確認無誤後,向該App傳送一加密資訊、以及該第一雜湊值。In addition, the server 10 encrypts the user account based on the first key to obtain an App tag file, and provides the mobile device 9 for storage. The server 10, the two-dimensional barcode 11 and the App system mutually authenticate each other by the method comprising the following steps: the App transmits the user password to the server 10 and the App label file obtained from the mobile device 9. After the server 10 confirms that it is correct, it transmits an encrypted information and the first hash value to the App.

上述之該加密資訊包括:用於辨識該特定組合方法之第一編號;該App自該行動裝置9取得該使用者帳號及該識別資訊,並根據該第一編號挑選出該特定組合方法,再根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第二金鑰。The encrypted information includes: a first number for identifying the specific combination method; the App obtains the user account and the identification information from the mobile device 9, and selects the specific combination method according to the first number, and then The user account and the identification information are combined according to the specific combination method to generate a second key.

接著,該App藉由該雜湊方法產生該第二金鑰的一第二雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性。若驗證通過,在該行動裝置9上顯示一掃描介面,可透過該掃描介面掃描該二維條碼11。此外,該App藉由該第二金鑰解譯所讀取到的該二維條碼11的該加密內容,以得到該原碼內容及其中的該第一雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性。Then, the App generates a second hash value of the second key by the hash method, and verifies the consistency of the first hash value and the second hash value. If the verification is passed, a scanning interface is displayed on the mobile device 9, and the two-dimensional barcode 11 can be scanned through the scanning interface. In addition, the app interprets the encrypted content of the two-dimensional barcode 11 read by the second key to obtain the original code content and the first hash value thereof, and verify the first hash value. Consistency with the second hash value.

在部分具體實施例中,該配合一行動裝置實現的交互驗證系統1所配合之該行動裝置9可為一平板電腦或一智慧型手機。在本創作之較佳具體實施例中,配合一行動裝置實現的交互驗證系統1所配合之該行動裝置9為一智慧型手機。此外,該行動裝置9可包含一掃描元件(未顯示於圖式中),用以掃描該二維條碼11。舉例而言,掃描元件可為一照相元件。該二維條碼11可為一QR碼(QR code)。In some embodiments, the mobile device 9 cooperated with the interactive verification system 1 implemented by a mobile device may be a tablet computer or a smart phone. In the preferred embodiment of the present invention, the mobile device 9 cooperated with the interactive verification system 1 implemented by a mobile device is a smart phone. In addition, the mobile device 9 can include a scanning element (not shown) for scanning the two-dimensional barcode 11. For example, the scanning element can be a photographic element. The two-dimensional barcode 11 can be a QR code.

另外,在部分具體實施例中,伺服器10可包含一資料庫(未顯示於圖式中),用以儲存前述之特定組合方法。Additionally, in some embodiments, server 10 may include a database (not shown) for storing the particular combination method described above.

在部分具體實施例中,所述識別資訊包含IMEI、UDID、鑰匙圈(Keychain)、MAC位址、及手機號碼之中的一或多者,但本創作不以此為限。In some embodiments, the identification information includes one or more of an IMEI, a UDID, a keychain, a MAC address, and a mobile phone number, but the present invention is not limited thereto.

另一方面,本創作提供一配合一行動裝置實現的交互驗證方法。請參見圖2,圖2係繪示本創作之一具體實施例之配合一行動裝置實現的交互驗證方法之流程圖。如圖所示,該方法包含下列步驟:(S20)一伺服器產生一二維條碼,其中該二維條碼藉由包含下列步驟之方法產生:接收一使用者帳號、該行動裝置的一識別資訊、以及一文摘,自複數個組合方法中隨機挑選一特定組合方法,並根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第一金鑰;基於該第一金鑰對一原碼內容進行加密,以獲得一加密內容,並根據該加密內容產生該二維條碼,其中該原碼內容包括該文摘、以及該第一金鑰的一第一雜湊值,該第一雜湊值藉由一雜湊方法產生;(S21)該伺服器基於該第一金鑰對該使用者帳號加密以獲得一App標籤檔,並提供予該行動裝置儲存;(S22)一軟體產品(App)下載自該伺服器並安裝於該行動裝置,向該伺服器傳送該使用者密碼以及取得自該行動裝置之該App標籤檔,該伺服器確認無誤後,向該App傳送一加密資訊、以及該第一雜湊值,該加密資訊包括:用於辨識該特定組合方法之第一編號;(S23)該App自該行動裝置取得該使用者帳號及該識別資訊,並根據該第一編號挑選出該特定組合方法,再根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第二金鑰;(S24)該App藉由該雜湊方法產生該第二金鑰的一第二雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性,若驗證通過,在該行動裝置上顯示一掃描介面,用於掃描該二維條碼;及(S25)該App藉由該第二金鑰解譯所讀取到的該二維條碼的該加密內容,以得到該原碼內容及其中的該第一雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性。On the other hand, the present invention provides an interactive verification method implemented in conjunction with a mobile device. Referring to FIG. 2, FIG. 2 is a flow chart showing an interactive verification method implemented by a mobile device according to an embodiment of the present invention. As shown, the method includes the following steps: (S20) a server generates a two-dimensional barcode, wherein the two-dimensional barcode is generated by a method comprising: receiving a user account, an identification information of the mobile device And an abstract, randomly selecting a specific combination method from the plurality of combination methods, and combining the user account and the identification information according to the specific combination method to generate a first key; and based on the first key pair The original code content is encrypted to obtain an encrypted content, and the two-dimensional barcode is generated according to the encrypted content, wherein the original code content includes the abstract, and a first hash value of the first key, the first hash value (S21) the server encrypts the user account based on the first key to obtain an App tag file, and provides the mobile device file for storage; (S22) downloading a software product (App) The server is installed in the mobile device, and transmits the user password and the App tag file obtained from the mobile device to the server. After the server confirms the error, the server The app transmits an encrypted information, and the first hash value, the encrypted information includes: a first number used to identify the specific combination method; (S23) the App obtains the user account and the identification information from the mobile device, and Selecting the specific combination method according to the first number, and combining the user account and the identification information according to the specific combination method to generate a second key; (S24) the App generates the second by the hash method a second hash value of the key, and verifying the consistency of the first hash value and the second hash value, if the verification is passed, displaying a scan interface on the mobile device for scanning the two-dimensional barcode; and S25) the App interprets the encrypted content of the two-dimensional barcode read by the second key to obtain the original code content and the first hash value thereof, and verify the first hash value and The consistency of the second hash value.

其中,該二維條碼為一實體二維條碼,包括一基質及顯示於其上的二維條碼,該二維條碼為一QR碼(QR code)。該App標籤檔係隨該App下載至該行動裝置。該文摘為一使用者自選文摘。該識別資訊包含IMEI、UDID、鑰匙圈(Keychain)、MAC位址、手機號碼或其組合。The two-dimensional barcode is a physical two-dimensional barcode, and includes a matrix and a two-dimensional barcode displayed thereon, the two-dimensional barcode is a QR code. The App tag file is downloaded to the mobile device with the app. The abstract is a user-selected abstract. The identification information includes an IMEI, a UDID, a keychain, a MAC address, a mobile number, or a combination thereof.

應注意的是,本創作之配合一行動裝置實現的交互驗證方法可配合或不配合前述之配合一行動裝置實現的交互驗證系統1完成。It should be noted that the interactive verification method implemented by the present invention in conjunction with a mobile device may be completed with or without the aforementioned interactive verification system 1 implemented by a mobile device.

綜上所述,由於近年來駭客不斷發展出各種電腦病毒、蠕蟲、釣魚網站、社交工程、側錄型木馬程式等攻擊手段,其目的在於取得電腦系統資源,進而獲取不法利益。現行多數金融業者仍依循傳統模式,以密碼管制電腦系統資源,是以駭客亦多以竊取系統密碼作為攻擊手段的目標。一旦使用者帳號與密碼遭到竊取時,駭客即有機會冒用使用者身份,自行內或行外登入電腦系統竊取資料,對於金融業者將可能衍生機敏資料外洩、財務與商譽損失、甚或危及公司營運等災難。相較於習知技術,本創作之配合一行動裝置實現的交互驗證系統及方法至少可達成以下功效: 1.         在行動裝置及伺服器產生之二維條碼,二者實體相互分離之情況下,提供一種安全登入機制,以令使用者不需要密碼即可登入辦公室電腦系統,一改習知以使用者帳號及密碼做為登入辦公室電腦系統的唯一身份鑑別機制。 2.         由於不需要密碼,對於使用者而言並沒有保管、變更、遺失、遭竊或忘記密碼之負擔及風險。 3.         駭客無法藉由病毒、蠕蟲、釣魚網站、社交工程、木馬程式、APT等攻擊手段,取得辦公室電腦系統登入權限(密碼)。In summary, in recent years, hackers have continuously developed various computer viruses, worms, phishing websites, social projects, and side-recording Trojans. The purpose is to obtain computer system resources and obtain illegal interests. Most of the current financial industry still follow the traditional model, using passwords to control computer system resources, which is the target of hackers to steal system passwords as a means of attack. Once the user's account and password are stolen, the hacker has the opportunity to fraudulently use the user's identity and log in to the computer system to steal information either internally or externally. For the financial industry, the risky information leakage, financial and goodwill loss, Even jeopardizing disasters such as company operations. Compared with the prior art, the interactive verification system and method implemented by the present invention combined with a mobile device can achieve at least the following effects: 1. In the case where the two-dimensional barcode generated by the mobile device and the server is physically separated from each other, A secure login mechanism is provided to enable the user to log into the office computer system without a password, and to change the user identity account and password as the only identity authentication mechanism for logging into the office computer system. 2. Since no password is required, there is no burden or risk to the user to keep, change, lose, stolen or forget the password. 3. The hacker cannot obtain the login permission (password) of the office computer system by means of viruses, worms, phishing websites, social engineering, Trojans, APT and other means of attack.

藉由上開具體實施例之詳述,係希望能更加清楚描述本創作之特徵與精神,而並非以上述所揭露之具體實施例限制本創作之範疇。相反地,其目的係希望能涵蓋各種改變及具相等性的安排於本創作所欲申請之專利範圍的範疇內。The features and spirit of the present invention are intended to be more apparent from the detailed description of the preferred embodiments. On the contrary, it is intended to cover a variety of variations and equivalent arrangements within the scope of the scope of the patent application.

1‧‧‧配合一行動裝置實現的交互驗證系統
10‧‧‧伺服器
11‧‧‧二維條碼
12‧‧‧軟體產品
9‧‧‧行動裝置
S20~S25‧‧‧步驟流程
 1 ‧‧‧Interactive verification system with a mobile device
10 ‧‧‧Server
11 ‧‧‧2D barcode
12 ‧‧‧Software products
9 ‧‧‧Mobile devices
S20~S25 ‧‧‧Step process

圖1係繪示本創作之一具體實施例之配合一行動裝置實現的交互驗證系統之方塊圖。1 is a block diagram showing an interactive verification system implemented by a mobile device in one embodiment of the present invention.

圖2係繪示本創作之一具體實施例之配合一行動裝置實現的交互驗證方法之流程圖。FIG. 2 is a flow chart showing an interactive verification method implemented by a mobile device according to an embodiment of the present invention.

1‧‧‧配合一行動裝置實現的交互驗證系統 1 ‧‧‧Interactive verification system with a mobile device

10‧‧‧伺服器 10 ‧‧‧Server

11‧‧‧二維條碼 11 ‧‧‧2D barcode

12‧‧‧軟體產品 12 ‧‧‧Software products

9‧‧‧行動裝置 9 ‧‧‧Mobile devices

Claims (6)

一種配合一行動裝置實現的交互驗證系統,包含: 一伺服器; 一二維條碼,由該伺服器產生;以及 一軟體產品(App),下載自該伺服器並安裝於該行動裝置; 其中,該二維條碼藉由包含下列步驟之方法產生: 該伺服器接收一使用者帳號、該行動裝置的一識別資訊、以及一文摘,自複數個組合方法中隨機挑選一特定組合方法,並根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第一金鑰;及 該伺服器基於該第一金鑰對一原碼內容進行加密,以獲得一加密內容,並根據該加密內容產生該二維條碼,其中該原碼內容包括該文摘、以及該第一金鑰的一第一雜湊值,該第一雜湊值藉由一雜湊方法產生; 其中,該伺服器基於該第一金鑰對該使用者帳號加密以獲得一App標籤檔,並提供予該行動裝置儲存;且 其中,該伺服器、該二維條碼以及該App係藉由包含以下步驟之方法互相驗證:         該App向該伺服器傳送該使用者密碼以及取得自該行動裝置之該App標籤檔,該伺服器確認無誤後,向該App傳送一加密資訊、以及該第一雜湊值,該加密資訊包括:用於辨識該特定組合方法之第一編號;         該App自該行動裝置取得該使用者帳號及該識別資訊,並根據該第一編號挑選出該特定組合方法,再根據該特定組合方法組合該使用者帳號及該識別資訊,以產生一第二金鑰; 該App藉由該雜湊方法產生該第二金鑰的一第二雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性,若驗證通過,在該行動裝置上顯示一掃描介面,用於掃描該二維條碼;及 該App藉由該第二金鑰解譯所讀取到的該二維條碼的該加密內容,以得到該原碼內容及其中的該第一雜湊值,並驗證該第一雜湊值與該第二雜湊值的一致性。An interactive verification system implemented by a mobile device, comprising: a server; a two-dimensional barcode generated by the server; and a software product (App) downloaded from the server and installed in the mobile device; The two-dimensional barcode is generated by the method comprising the following steps: the server receives a user account, an identification information of the mobile device, and an abstract, randomly selecting a specific combination method from the plurality of combination methods, and according to the The specific combination method combines the user account and the identification information to generate a first key; and the server encrypts an original code content based on the first key to obtain an encrypted content, and according to the encrypted content Generating the two-dimensional barcode, wherein the original code content includes the digest, and a first hash value of the first key, the first hash value is generated by a hash method; wherein the server is based on the first gold The key is encrypted to obtain an App tag file and provided to the mobile device for storage; and wherein the server, the 2D barcode, and the Ap The p is mutually verified by the method comprising the following steps: the App transmits the user password to the server and the App tag file obtained from the mobile device, and after the server confirms the error, transmits an encrypted information to the App, And the first hash value, the encrypted information includes: a first number for identifying the specific combination method; the App obtains the user account and the identification information from the mobile device, and selects the specific number according to the first number Combining the method, combining the user account and the identification information according to the specific combination method to generate a second key; the App generates a second hash value of the second key by using the hash method, and verifying the Consistency of the first hash value and the second hash value, if the verification is passed, displaying a scanning interface on the mobile device for scanning the two-dimensional barcode; and reading the application by the second key interpretation Obtaining the encrypted content of the two-dimensional barcode to obtain the original code content and the first hash value thereof, and verifying the first hash value and the second hash value Consistency. 如請求項1之系統,其中該二維條碼為一實體二維條碼,包括一基質及顯示於其上的二維條碼。The system of claim 1, wherein the two-dimensional barcode is a physical two-dimensional barcode comprising a substrate and a two-dimensional barcode displayed thereon. 如請求項1或2之系統,其中該二維條碼為一QR碼(QR code)。The system of claim 1 or 2, wherein the two-dimensional barcode is a QR code. 如請求項1之系統,其中該App標籤檔係隨該App下載至該行動裝置。The system of claim 1, wherein the App tag file is downloaded to the mobile device with the App. 如請求項1之系統,其中該文摘為一使用者自選文摘。The system of claim 1, wherein the digest is a user-selected digest. 如請求項1之系統,其中該識別資訊包含IMEI、UDID、鑰匙圈(Keychain)、MAC位址、手機號碼或其組合。The system of claim 1, wherein the identification information comprises an IMEI, a UDID, a keychain, a MAC address, a mobile number, or a combination thereof.
TW106207252U 2017-05-19 2017-05-19 Cross verification system implemented along with a mobile device TWM549918U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW106207252U TWM549918U (en) 2017-05-19 2017-05-19 Cross verification system implemented along with a mobile device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW106207252U TWM549918U (en) 2017-05-19 2017-05-19 Cross verification system implemented along with a mobile device

Publications (1)

Publication Number Publication Date
TWM549918U true TWM549918U (en) 2017-10-01

Family

ID=61012983

Family Applications (1)

Application Number Title Priority Date Filing Date
TW106207252U TWM549918U (en) 2017-05-19 2017-05-19 Cross verification system implemented along with a mobile device

Country Status (1)

Country Link
TW (1) TWM549918U (en)

Similar Documents

Publication Publication Date Title
CN109951489B (en) Digital identity authentication method, equipment, device, system and storage medium
US10491379B2 (en) System, device, and method of secure entry and handling of passwords
KR102493744B1 (en) Security Verification Method Based on Biometric Characteristics, Client Terminal, and Server
US9350548B2 (en) Two factor authentication using a protected pin-like passcode
JP6702874B2 (en) Method and apparatus for providing client-side score-based authentication
CN103390124B (en) Safety input and the equipment, system and method for processing password
JP2023502346A (en) Quantum secure networking
WO2015188424A1 (en) Key storage device and method for using same
CN108989346A (en) The effective identity trustship agility of third party based on account concealment authenticates access module
TR201810238T4 (en) The appropriate authentication method and apparatus for the user using a mobile authentication application.
CN108965222A (en) Identity identifying method, system and computer readable storage medium
JP7309261B2 (en) Authentication method for biometric payment device, authentication device for biometric payment device, computer device, and computer program
US20180262471A1 (en) Identity verification and authentication method and system
Sharma et al. A two-tier security solution for storing data across public cloud
TWI640887B (en) User verification system implemented along with a mobile device and method thereof
US20220263818A1 (en) Using a service worker to present a third-party cryptographic credential
JP2007060581A (en) Information management system and method
TWI640928B (en) System for generating and decrypting two-dimensional codes and method thereof
Kim et al. Security analysis and bypass user authentication bound to device of windows hello in the wild
TWI644227B (en) Cross verification system implemented along with a mobile device and method thereof
TWM551721U (en) Login system implemented along with a mobile device without password
TWI670618B (en) Login system implemented along with a mobile device without password and method thereof
TWM549918U (en) Cross verification system implemented along with a mobile device
TWM555518U (en) User verification system implemented along with a mobile device
Chahal et al. Challenges and security issues of NoSQL databases