TWM632837U - Dual authentication device - Google Patents
Dual authentication device Download PDFInfo
- Publication number
- TWM632837U TWM632837U TW111206727U TW111206727U TWM632837U TW M632837 U TWM632837 U TW M632837U TW 111206727 U TW111206727 U TW 111206727U TW 111206727 U TW111206727 U TW 111206727U TW M632837 U TWM632837 U TW M632837U
- Authority
- TW
- Taiwan
- Prior art keywords
- image
- password
- user
- password image
- mentioned
- Prior art date
Links
Images
Landscapes
- Measuring Pulse, Heart Rate, Blood Pressure Or Blood Flow (AREA)
- Radar Systems Or Details Thereof (AREA)
Abstract
本新型提供一種雙重驗證裝置,係當使用者欲解密第一裝置 (例如為保險櫃)時,先透過雙重驗證裝置產生解密資訊後,再將解密資訊以視覺機密分享的演算法轉換第一密碼圖像以及第二密碼圖像,並分別將第一密碼圖像傳輸至使用者裝置,以及第二密碼圖像傳輸至第一裝置。從而使用者透過所屬的上述使用者裝置掃描上述顯示模組取得上述第二密碼圖像時,以將上述第一密碼圖像以及上述第二密碼圖像以圖像疊合並解密後,即可獲得解密資訊,以解密上述第一裝置,本新型係可解決過去直接取得解密資訊之單一驗證模式,可能會產生的潛在安全疑慮。The present invention provides a double verification device. When the user wants to decrypt the first device (for example, a safe), the decryption information is first generated through the double verification device, and then the decryption information is converted into the first password with an algorithm of visual secret sharing. image and the second password image, and respectively transmit the first password image to the user device and the second password image to the first device. Therefore, when the user scans the display module to obtain the second password image through the corresponding user device, the first password image and the second password image can be overlapped and decrypted to obtain The decryption information is used to decrypt the above-mentioned first device. The present invention can solve the potential security concerns that may arise from the single verification mode that directly obtains the decryption information in the past.
Description
一種驗證裝置,特別是將密碼透過視覺機密分享 (Visual secret sharing, VSS)的演算法轉換為至少二密碼圖像進行驗證的雙重驗證裝置。A verification device, in particular a dual verification device that converts a password into at least two password images for verification through a visual secret sharing (VSS) algorithm.
目前許多的驗證機制大多數仍以一次性密碼 (One-time password, OTP)進行,但透過一次性密碼認證的安全機制直至今日已出現明顯的漏洞,如,駭客會攔截一次性密碼將使用者帳戶的餘額轉出。At present, most of the verification mechanisms are still based on one-time password (OTP), but the security mechanism through one-time password authentication has obvious loopholes until today, for example, hackers will intercept the one-time password that will be used The balance of the account is transferred out.
再者,目前許多銀行的提供給用戶儲存貴重物品的保險箱,仍分別以使用者與銀行方各保存一支鑰匙的傳統方式管理。而在使用者欲開啟保險箱的當下,銀行方須派出一名攜帶鑰匙的代表,以銀行方與使用者所持有的兩支鑰匙解鎖保險箱。如此,銀行方不僅需肩負管理鑰匙的責任,還要安排人力協助使用者開啟保險箱,費時又費力。然而,以現有的一次性密碼作為管理保險箱的安全機制,將會有諸多的安全性問題,導致於目前保險箱仍無法實現以全面電子化的方式進行管理。Moreover, the safe deposit box that many banks provide to the user to store valuables at present is still managed in a traditional manner in which the user and the bank each keep a key respectively. When the user wants to open the safe, the bank must send a representative carrying the key to unlock the safe with the two keys held by the bank and the user. In this way, the bank not only needs to shoulder the responsibility of managing the keys, but also arranges manpower to assist the user to open the safe, which is time-consuming and laborious. However, using the existing one-time password as a security mechanism for managing the safe will have many security problems, resulting in the fact that the current safe cannot be managed in a fully electronic manner.
據此,鑒於目前一次性密碼存在的安全問題以及目前未有保險箱以電子化管理的問題,在所屬領域中已然成為有待解決的問題。Accordingly, in view of the security problems existing in the current one-time password and the problem that there is no safe box for electronic management, it has become a problem to be solved in the field.
具體來說,根據一實施例,本新型提供一種雙重驗證裝置,訊號連接至少一使用者裝置以及至少一第一裝置,以提供一使用者解密上述第一裝置,其中上述第一裝置包括一顯示模組,上述雙重驗證裝置包括:第一驗證模組以及第二驗證模組。上述第一驗證模組,訊號連接上述使用者裝置,用以接收上述使用者欲解密上述第一裝置對應傳輸的一解密指令,並產生用於解密上述第一裝置的一解密資訊。上述第二驗證模組,訊號連接上述第一驗證模組以及上述使用者裝置,以一視覺機密分享 (Visual secret sharing, VSS)的演算法,將上述解密資訊轉換產生並傳輸一第一密碼圖像至上述使用者裝置,以及一第二密碼圖像至上述第一裝置。其中,上述第一密碼圖像以及上述第二密碼圖像係不一致。其中,上述第二密碼圖像將顯示於上述顯示模組。其中,當上述使用者透過所屬的上述使用者裝置掃描上述顯示模組取得上述第二密碼圖像時,以將上述第一密碼圖像以及上述第二密碼圖像以圖像疊合並解密後,產生上述解密資訊,以讓上述使用者透過上述解密資訊解密上述第一裝置。Specifically, according to an embodiment, the present invention provides a dual authentication device, which is signal-connected to at least one user device and at least one first device, so as to provide a user with a way to decrypt the first device, wherein the first device includes a display The module, the above-mentioned dual verification device includes: a first verification module and a second verification module. The above-mentioned first verification module is connected to the above-mentioned user device by a signal, and is used for receiving a decryption command that the above-mentioned user wants to decrypt correspondingly transmitted by the above-mentioned first device, and generating a decryption information for decrypting the above-mentioned first device. The above-mentioned second verification module is signal-connected to the above-mentioned first verification module and the above-mentioned user device, and uses a visual secret sharing (VSS) algorithm to convert the above-mentioned decrypted information into a first password map and transmit it an image to the user device, and a second password image to the first device. Wherein, the above-mentioned first password image and the above-mentioned second password image are inconsistent. Wherein, the above-mentioned second password image will be displayed on the above-mentioned display module. Wherein, when the above-mentioned user scans the above-mentioned display module to obtain the above-mentioned second password image through the above-mentioned user device, after overlapping and decrypting the above-mentioned first password image and the above-mentioned second password image, The decryption information is generated to allow the user to decrypt the first device through the decryption information.
根據另一實施例,上述解密資訊選自由一次性密碼 (One-time password, OTP)以及圖形密碼所組成的群組。According to another embodiment, the above-mentioned decryption information is selected from the group consisting of a one-time password (One-time password, OTP) and a graphic password.
根據另一實施例,每次解密上述第一裝置的上述解密資訊係為彼此不一致。According to another embodiment, the decryption information for each decryption of the first device is inconsistent with each other.
根據另一實施例,上述使用者裝置係為具有拍照或掃描功能的一可攜式裝置。According to another embodiment, the above-mentioned user device is a portable device capable of taking pictures or scanning.
根據另一實施例,當上述第一裝置歸屬於複數個使用者時,上述第二驗證模組將對應上述複數個使用者的數量,傳輸彼此不一致的該第一密碼圖像至每一上述複數個使用者的上述使用者裝置。According to another embodiment, when the above-mentioned first device belongs to multiple users, the above-mentioned second verification module will transmit the inconsistent first password image to each of the above-mentioned multiple users corresponding to the number of the above-mentioned multiple users. the above-mentioned user device for each user.
根據另一實施例,當上述第一裝置歸屬於複數個使用者時,將由上述複數個使用者其中之一作為代表,掃描取得其他上述複數個使用者顯示於所屬上述使用者裝置上的上述第一密碼圖像以及上述第一裝置上的上述第二密碼圖像後,以獲得上述解密資訊。According to another embodiment, when the above-mentioned first device belongs to multiple users, one of the above-mentioned multiple users will be used as a representative to scan and obtain the above-mentioned first device displayed on the above-mentioned user device by the other above-mentioned multiple users. A password image and the second password image on the first device are used to obtain the decryption information.
根據另一實施例,上述第一裝置更包括一輸入模組,以提供輸入上述解密資訊的介面。According to another embodiment, the above-mentioned first device further includes an input module to provide an interface for inputting the above-mentioned decryption information.
根據另一實施例,上述雙重驗證裝置更包括一圖像解密模組,訊號連接上述使用者裝置,上述圖像解密模組具有上述視覺機密分享的演算法之一加密資訊,用以將上述第一密碼圖像以及上述第二密碼圖像疊合並根據上述加密規則解密,以產生上述解密資訊。According to another embodiment, the above-mentioned dual authentication device further includes an image decryption module, which is signally connected to the above-mentioned user device, and the above-mentioned image decryption module has one of the encryption information of the above-mentioned visual secret sharing algorithm, and is used to convert the above-mentioned first A password image and the second password image are superimposed and decrypted according to the encryption rule to generate the decryption information.
根據另一實施例,當上述第二驗證模組傳輸上述第一密碼圖像至上述使用者裝置時,將以一密碼加密上述第一密碼圖像。According to another embodiment, when the second verification module transmits the first password image to the user device, it will encrypt the first password image with a password.
根據另一實施例,上述第一密碼圖像以及上述第二密碼圖像係為互補的影像。According to another embodiment, the first password image and the second password image are complementary images.
根據另一實施例,上述密碼為上述使用者的生日、身分證字號、手機號碼或事先預設的密碼。According to another embodiment, the password is the user's birthday, ID number, mobile phone number or a preset password.
根據另一實施例,上述第一裝置為一保險箱、一押送現金箱或一密碼鎖。According to another embodiment, the above-mentioned first device is a safe, an escort cash box or a combination lock.
根據以上所述,本新型主張的功效包括:(1) 改善既有密碼管理 (如,一次性密碼)的安全性問題。(2) 解決現有銀行某些業務 (如,保險箱業務) 需要同時使用使用者(存戶)與銀行方的鑰匙才能開啟保險箱的問題。(3) 減少銀行業務所需人力 (例如押送現金箱人員以及保管箱管理人員)。(4) 本新型亦可應用在提款業務上,例如上述第一裝置可為自動櫃員機 (Automated Teller Machine, ATM),以透過雙重驗證執行無卡提款。According to the above, the efficacy of the present invention includes: (1) improving the security of existing password management (such as one-time password). (2) Solve the problem that some existing bank businesses (such as safe deposit box business) need to use the keys of the user (depositor) and the bank at the same time to open the safe deposit box. (3) Reduce the manpower required for banking operations (such as escorting cash box personnel and safe deposit box management personnel). (4) The present model can also be applied to cash withdrawal business. For example, the above-mentioned first device can be an automated teller machine (Automated Teller Machine, ATM) to perform cardless cash withdrawal through double verification.
為更具體說明本新型之各實施例,以下輔以附圖進行說明。In order to describe various embodiments of the present invention more specifically, the accompanying drawings are used for description below.
請參閱圖1,圖1所繪為根據本新型之一實施例之一種雙重驗證裝置之第一架構示意圖。Please refer to FIG. 1 . FIG. 1 is a schematic diagram of a first structure of a dual authentication device according to an embodiment of the present invention.
如圖1,根據一實施例,本新型提供一種雙重驗證裝置100,訊號連接至少一使用者裝置120以及至少一第一裝置140,以提供一使用者解密上述第一裝置140,其中上述第一裝置140包括一顯示模組142,上述雙重驗證裝置100包括:第一驗證模組102以及第二驗證模組104。上述第一驗證模組102,訊號連接上述使用者裝置120,用以接收上述使用者欲解密上述第一裝置140對應傳輸的一解密指令,並產生用於解密上述第一裝置140的一解密資訊。上述第二驗證模組104,訊號連接上述第一驗證模組102以及上述使用者裝置120,以一視覺機密分享 (Visual secret sharing, VSS)的演算法,將上述解密資訊轉換產生並傳輸一第一密碼圖像至上述使用者裝置120,以及一第二密碼圖像至上述第一裝置140。其中,上述第一密碼圖像以及上述第二密碼圖像係不一致。其中,上述第二密碼圖像將顯示於上述顯示模組142。其中,當上述使用者透過所屬的上述使用者裝置120掃描上述顯示模組142取得上述第二密碼圖像時,以將上述第一密碼圖像以及上述第二密碼圖像以圖像疊合並解密後,產生上述解密資訊,以讓上述使用者透過上述解密資訊解密上述第一裝置140。上述雙重驗證裝置100例如可為伺服器主機、租借的雲端主機或多個主機聯合形成的服務裝置,並具備資訊處理與網路連線能力。上述第一裝置140例如可為具備資訊處理與網路連線能力的計算機裝置,並具備儲存貴重品的空間,如鈔票、黃金、房地契等。As shown in Fig. 1, according to an embodiment, the present invention provides a two-
根據另一實施例,上述解密資訊選自由一次性密碼 (One-time password, OTP)以及圖形密碼所組成的群組。According to another embodiment, the above-mentioned decryption information is selected from the group consisting of a one-time password (One-time password, OTP) and a graphic password.
根據另一實施例,每次解密上述第一裝置140的上述解密資訊係為彼此不一致。According to another embodiment, the decryption information for each decryption of the
根據另一實施例,上述使用者裝置120係為具有拍照或掃描功能的一可攜式裝置。According to another embodiment, the above-mentioned
根據另一實施例,當上述第一裝置140歸屬於複數個使用者時,上述第二驗證模組104將對應上述複數個使用者的數量,傳輸彼此不一致的該第一密碼圖像至每一上述複數個使用者的上述使用者裝置120。According to another embodiment, when the
根據另一實施例,當上述第一裝置140歸屬於複數個使用者時,將由上述複數個使用者其中之一作為代表,掃描取得其他上述複數個使用者顯示於所屬上述使用者裝置120上的上述第一密碼圖像以及上述第一裝置140上的上述第二密碼圖像後,以獲得上述解密資訊。According to another embodiment, when the above-mentioned
根據以上實施例之具體範例為,透過視覺機密分享(visual secret sharing, VSS)的演算法,可將機密影像或資料轉成的多張雜亂 (如前文所述的第一密碼圖像以及第二密碼圖像)的分享影像,分享給多個參與者 (如前述的使用者),每一位參與者擁有一張分享影像,當要還原機密影像時,藉由分享影像的疊合即可顯現出機密資訊 (如前述的解密資訊)。例如,以機密資訊分給兩個參與者為例,機密影像上的每一點像素會擴展為2×2 的影像區塊,產生如表1所示的模型 (如前文所述,本新型最少的兩個參與者分別為一個使用者以及一個第一裝置140)。According to the specific example of the above embodiments, through the visual secret sharing (VSS) algorithm, the confidential image or data can be converted into multiple random pieces (such as the first password image and the second password image mentioned above). Password image) shared image, shared with multiple participants (such as the aforementioned users), each participant has a shared image, when it is necessary to restore the confidential image, it can be displayed by superimposing the shared images Export confidential information (such as the aforementioned decrypted information). For example, in the case of distributing confidential information to two participants, each pixel on the confidential image will be expanded into a 2×2 image block, resulting in a model as shown in Table 1 (as mentioned above, the minimum The two participants are respectively a user and a first device 140).
表1:視覺機密分享(visual secret sharing, VSS) 模型範例
如表1,當像素為黑點 (B)時,從表1的左邊兩列任選一列成為兩張圖片中的區塊內容,如果是白點 (W)則從右邊兩列的組合中隨意挑選。圖片上的每一個區塊內容只有兩種可能型態 (BWWB、WBBW),所以每一個影像區塊上的黑白分佈的比例均相同,加上選取影像區塊是以隨機的方式決定,因此無法從單張圖片上發現機密資訊的內容,因而達到資訊的機密性與安全性。當疊合兩張圖片時,機密影像的黑點部份會組合出全黑的區塊,而白點部份則組合出半黑半白的區塊,因此產生 50% 的色差對比。As shown in Table 1, when the pixel is a black point (B), choose one column from the left two columns of Table 1 to become the block content in the two pictures, and if it is a white point (W), choose from the combination of the two right columns pick. The content of each block on the picture has only two possible types (BWWB, WBBW), so the proportion of black and white distribution on each image block is the same, and the selected image block is determined randomly, so it cannot Discover the content of confidential information from a single image, thereby achieving the confidentiality and security of information. When superimposing two pictures, the black dot part of the classified image will combine to form a completely black block, while the white dot part will combine to form a half black and half white block, thus producing a 50% color difference contrast.
根據另一實施例,上述第一裝置140更包括一輸入模組144,以提供輸入上述解密資訊的介面。According to another embodiment, the
請參閱同時圖1-2,圖2所繪為根據本新型之一實施例之一種雙重驗證裝置之第二架構示意圖。Please refer to FIGS. 1-2 at the same time. FIG. 2 is a schematic diagram of a second structure of a dual authentication device according to an embodiment of the present invention.
根據另一實施例,上述雙重驗證裝置100更包括一圖像解密模組106,訊號連接上述使用者裝置120,上述圖像解密模組106具有上述視覺機密分享的演算法之一加密資訊,用以將上述第一密碼圖像以及上述第二密碼圖像疊合並根據上述加密規則解密,以產生上述解密資訊。According to another embodiment, the
根據另一實施例,當上述第二驗證模組104傳輸上述第一密碼圖像至上述使用者裝置120時,將以一密碼加密上述第一密碼圖像。According to another embodiment, when the
根據另一實施例,上述第一密碼圖像以及上述第二密碼圖像係為互補的影像。According to another embodiment, the first password image and the second password image are complementary images.
根據另一實施例,上述密碼為上述使用者的生日、身分證字號、手機號碼或事先預設的密碼。According to another embodiment, the password is the user's birthday, ID number, mobile phone number or a preset password.
根據另一實施例,上述第一裝置140為一保險箱、一押送現金箱或一密碼鎖。According to another embodiment, the above-mentioned
根據另一實施例,上述第一驗證模組102、第二驗證模組104、圖像解密模組106、顯示模組142以及輸入模組144可以由硬體電路與軟體來實現,或者全部由硬體電路來實現。According to another embodiment, the
請參閱圖3,圖3所繪為根據本新型之一實施例之一種雙重驗證裝置之實施流程圖。圖3包含步驟300-340,詳述如下。Please refer to FIG. 3 . FIG. 3 is a flow chart illustrating the implementation of a dual authentication device according to an embodiment of the present invention. Figure 3 includes steps 300-340, which are described in detail below.
在步驟300,使用者透過所屬使用者裝置傳輸解密第一裝置(保險裝置)的解密指令。In
在步驟310,透過第一驗證模組產生用於解密上述第一裝置的解密資訊。In
在步驟320,透過第二驗證模組以視覺機密分享的演算法,將上述解密資訊轉換產生並傳輸第一密碼圖像至上述使用者裝置,以及第二密碼圖像至上述第一裝置。In
在步驟330,上述第一密碼圖像與上述第二密碼圖像疊合並解密後是否可產生上述解密資訊。如是,則繼續步驟340a;如否,則繼續步驟340b。In
在步驟340a,輸入上述解密資訊,解密上述第一裝置。In step 340a, the decryption information is input to decrypt the first device.
在步驟340b,無法取得上述解密資訊,以解密上述第一裝置。In
本新型在本文中僅以較佳實施例揭露,然任何熟習本技術領域者應能理解的是,上述實施例僅用於描述本新型,並非用以限定本新型所主張之專利權利範圍。舉凡與上述實施例均等或等效之變化或置換,皆應解讀為涵蓋於本新型之精神或範疇內。因此,本新型之保護範圍應以下述之申請專利範圍所界定者為準。The present invention is only disclosed in preferred embodiments, but anyone familiar with the technical field should understand that the above embodiments are only used to describe the present invention, and are not intended to limit the scope of patent rights claimed by the present invention. All changes or substitutions that are equal or equivalent to the above-mentioned embodiments should be interpreted as falling within the spirit or scope of the present invention. Therefore, the scope of protection of the present invention should be defined by the scope of the following patent application.
100:雙重驗證裝置 102:第一驗證模組 104:第二驗證模組 106:圖像解密模組 120:使用者裝置 140:第一裝置 142:顯示模組 144:輸入模組 300-340:步驟 100: double authentication device 102: The first verification module 104: The second verification module 106:Image decryption module 120: user device 140: First device 142:Display module 144: input module 300-340: steps
為讓本新型之上述技術和其他目的、特徵、優點與實施例能更明顯易懂,所附附圖之說明如下: 圖1所繪為根據本新型之一實施例之一種雙重驗證裝置之第一架構示意圖。 圖2所繪為根據本新型之一實施例之一種雙重驗證裝置之第二架構示意圖。 圖3所繪為根據本新型之一實施例之一種雙重驗證裝置之實施流程圖。 In order to make the above-mentioned technology and other purposes, features, advantages and embodiments of the present invention more obvious and understandable, the accompanying drawings are described as follows: FIG. 1 is a schematic diagram of a first structure of a dual authentication device according to an embodiment of the present invention. FIG. 2 is a schematic diagram of a second structure of a double verification device according to an embodiment of the present invention. FIG. 3 is a flowchart illustrating the implementation of a double authentication device according to an embodiment of the present invention.
100:雙重驗證裝置 100: double authentication device
102:第一驗證模組 102: The first verification module
104:第二驗證模組 104: The second verification module
120:使用者裝置 120: user device
140:第一裝置 140: First device
142:顯示模組 142:Display module
144:輸入模組 144: input module
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW111206727U TWM632837U (en) | 2022-06-24 | 2022-06-24 | Dual authentication device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW111206727U TWM632837U (en) | 2022-06-24 | 2022-06-24 | Dual authentication device |
Publications (1)
Publication Number | Publication Date |
---|---|
TWM632837U true TWM632837U (en) | 2022-10-01 |
Family
ID=85460916
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW111206727U TWM632837U (en) | 2022-06-24 | 2022-06-24 | Dual authentication device |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWM632837U (en) |
-
2022
- 2022-06-24 TW TW111206727U patent/TWM632837U/en unknown
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110419044B (en) | Information processing apparatus and information processing method | |
Liu et al. | A turtle shell-based visual secret sharing scheme with reversibility and authentication | |
US8386793B2 (en) | Method and apparatus for implementing electronic seal | |
US20160162897A1 (en) | System and method for user authentication using crypto-currency transactions as access tokens | |
CN108475237A (en) | Storage operation is encrypted | |
CN105323064B (en) | In on line add instant file dynamic labels, encrypted system and method | |
CN104125210A (en) | Head-mounted display apparatus with enhanced security and method for accessing encrypted information by same | |
TWI648679B (en) | License management system and method using blockchain | |
Bharathi et al. | Secure file storage using hybrid cryptography | |
Goots et al. | Modern Cryptography Protect your data with fast block CIPHERS | |
CN107154850A (en) | A kind of processing method and processing device of block chain data | |
CN106663389A (en) | Methods and apparatus for cryptography | |
US20220284448A1 (en) | Anti-counterfeiting and encryption method based on local random image transformation technique | |
TW201419208A (en) | Picture delivering system based on visual cryptography and related computer program product | |
CN105490814B (en) | A kind of ticketing service real name identification method and system based on three-dimension code | |
Thawre et al. | Survey on security of biometric data using cryptography | |
TWM632837U (en) | Dual authentication device | |
WO2024015105A1 (en) | Delivering random number keys securely for one-time pad symmetric key encryption | |
US11132674B2 (en) | Micro trusted network | |
Kumar et al. | Administration of Digital Identities Using Blockchain | |
CN106209380A (en) | A kind of input type dynamic cipher device device, system and method | |
Wu et al. | PrivApollo–secret ballot E2E-V internet voting | |
Rathod et al. | Secure bank transaction using data hiding mechanisms | |
Chhetri | Novel approach towards authentication using multi level password system | |
CN107809428A (en) | A kind of information ciphering method, decryption method, device and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
GD4K | Issue of patent certificate for granted utility model filed before june 30, 2004 |