[go: up one dir, main page]

CN100583762C - Online authentication method and system - Google Patents

Online authentication method and system Download PDF

Info

Publication number
CN100583762C
CN100583762C CN200510098393A CN200510098393A CN100583762C CN 100583762 C CN100583762 C CN 100583762C CN 200510098393 A CN200510098393 A CN 200510098393A CN 200510098393 A CN200510098393 A CN 200510098393A CN 100583762 C CN100583762 C CN 100583762C
Authority
CN
China
Prior art keywords
database
user
account
service
service provider
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN200510098393A
Other languages
Chinese (zh)
Other versions
CN1929375A (en
Inventor
王梁华
谢兆龙
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Auer Media & Entertainment Corp
Original Assignee
Auer Media & Entertainment Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Auer Media & Entertainment Corp filed Critical Auer Media & Entertainment Corp
Priority to CN200510098393A priority Critical patent/CN100583762C/en
Publication of CN1929375A publication Critical patent/CN1929375A/en
Application granted granted Critical
Publication of CN100583762C publication Critical patent/CN100583762C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

An online authentication method and system, the method includes: a user connecting to a telecommunication operator database by using a mobile phone; the telecommunication operator database transmits a user identification code of the mobile phone to an authentication database, and the authentication database records the user identification code and an account number which is owned by a user and corresponds to the user identification code in advance, and the account number enables the user to have the authority of using the service provided by a service provider database; and the authentication database transmits the account number corresponding to the user identification code of the mobile phone to the service provider database to start the account number, so that the user can log in the service provider database by using the account number and the corresponding password to obtain the service provided by the service provider database.

Description

线上认证方法及系统 Method and system for online authentication

技术领域 technical field

本发明是一种认证方法及系统,特别是涉及一种利用移动式电话的线上认证方法及系统。The invention relates to an authentication method and system, in particular to an online authentication method and system utilizing a mobile phone.

背景技术 Background technique

随着网际网路(Internet)相关技术的发展,现今人们已经可以利用上网装置(如个人电脑)连线至远端服务提供者所设置的服务伺服器,以取得所需的服务。在这些服务当中,有些是使用者一连上网际网路便可自由取用者,例如一般网站所提供的资讯浏览服务,有些则是需使用者先输入帐号与对应的密码后,方可获得取得服务的权限,例如线上游戏业者所提供的游戏服务或金融业者所提供的金流服务等。然而,即使使用者输入帐号与密码后,服务伺服器已利用某些认证机制来确保网路存取的安全性的情况下,骇客仍是有可能窃用使用者的帐号与密码来登入服务伺服器以谋取不法的利益。With the development of Internet-related technologies, people can use Internet devices (such as personal computers) to connect to service servers set up by remote service providers to obtain required services. Among these services, some users can freely access them once they are connected to the Internet, such as the information browsing services provided by general websites, while others require users to enter their account numbers and corresponding passwords before they can be obtained. The authority of services, such as game services provided by online game operators or cash flow services provided by financial operators, etc. However, even if the service server has used some authentication mechanism to ensure the security of network access after the user enters the account and password, hackers may still steal the user's account and password to log in to the service server. devices for unlawful gain.

发明内容 Contents of the invention

本发明的主要目的,是在于提供一种线上认证方法,可用以提高使用者借由网际网路取用服务提供者所提供的服务的安全性。The main purpose of the present invention is to provide an online authentication method, which can be used to improve the security of the user accessing the service provided by the service provider through the Internet.

本发明的一种线上认证方法包含下列步骤。使用者利用一移动式电话连线至一特定电信业者的电信业者资料库。接着,该电信业者资料库将该移动式电话的一使用者识别码传送至一认证资料库,其中该认证资料库中已预先记录有该使用者识别码以及一为该使用者所拥有且与该使用者识别码对应的帐号,该帐号使得该使用者具有能使用一服务提供者资料库所提供的服务的权限。然后,该认证资料库将该移动式电话的使用者识别码所对应的帐号传送至该服务提供者资料库,借以启用该帐号,因而该使用者能利用该帐号与对应的密码登入该服务提供者资料库,以取得该服务提供者资料库所提供的服务。An online authentication method of the present invention includes the following steps. A user connects to a carrier database of a particular carrier using a mobile phone. Then, the carrier database transmits a user ID of the mobile phone to an authentication database, wherein the authentication database has pre-recorded the user ID and a The account corresponding to the user identification code, the account enables the user to use the service provided by a service provider database. Then, the authentication database transmits the account number corresponding to the user identification code of the mobile phone to the service provider database, so as to activate the account number, so that the user can use the account number and the corresponding password to log in to the service provider provider database to obtain the services provided by the service provider database.

本发明的另一目的,是在于提供一种线上认证系统,可用以提高使用者借由网际网路取用服务提供者所提供的服务的安全性。Another object of the present invention is to provide an online authentication system, which can be used to improve the security of users accessing services provided by service providers through the Internet.

本发明的一种线上认证系统适用于使用者能用以将一帐号设定至一锁定状态,并借由一移动式电话来解除该锁定状态,借以使该使用者能利用一上网装置取得一服务,其中该帐号使得该使用者具有能使用该服务的权限,该线上认证系统包含一电信业者资料库、一认证资料库及一服务提供者资料库。该电信业者资料库用以接受该移动式电话的连线,并将该移动式电话的一使用者识别码向外传送。该认证资料库于一预先执行的帐号防盗服务的申请注册过程完成后,能用以储存该帐号及对应的使用者识别码,以及在该锁定状态的解除过程中,能用以接收该电信业者资料库所传来的使用者识别码,并将该使用者识别码对应的帐号向外传送,其中该帐号是借由该申请注册过程而进入该锁定状态。该服务提供者资料库用以接收该认证资料库所传来的帐号,以解除该帐号的锁定状态,继而提供该使用者利用该上网装置所能取得的服务。An online authentication system of the present invention is suitable for a user to set an account into a locked state and release the locked state through a mobile phone, so that the user can use an Internet access device to obtain A service, wherein the account number enables the user to have the authority to use the service, and the online authentication system includes a telecom operator database, an authentication database and a service provider database. The telecom operator database is used for accepting the connection of the mobile phone and sending out a user identification code of the mobile phone. The authentication database can be used to store the account number and the corresponding user identification code after a pre-executed application registration process of the account anti-theft service is completed, and can be used to receive the telecommunication operator during the unlocking process of the locked state. The user identification code transmitted from the database, and the account corresponding to the user identification code is sent out, wherein the account enters the locked state through the application registration process. The service provider database is used to receive the account number sent by the authentication database, so as to unlock the account number, and then provide the service that the user can obtain by using the Internet access device.

附图说明 Description of drawings

下面结合附图及实施例对本发明进行详细说明:Below in conjunction with accompanying drawing and embodiment the present invention is described in detail:

图1是一方块图,说明本发明线上认证系统的一较佳实施例的系统架构;Fig. 1 is a block diagram illustrating the system architecture of a preferred embodiment of the online authentication system of the present invention;

图2是一流程图,说明本发明线上认证方法的第一较佳实施例中帐号防盗服务的申请注册过程;Fig. 2 is a flowchart illustrating the application registration process of the account anti-theft service in the first preferred embodiment of the online authentication method of the present invention;

图3是一流程图,说明该第一较佳实施例中利用移动式电话传送简讯以解除帐号锁定的过程;FIG. 3 is a flow chart illustrating the process of using a mobile phone to send a short message to unlock an account in the first preferred embodiment;

图4是一流程图,说明该第一较佳实施例中利用移动式电话拨打特定电话号码以选择IVR的开锁选项,而解除帐号锁定的过程;Fig. 4 is a flowchart illustrating the process of using the mobile phone to dial a specific phone number to select the unlocking option of the IVR and unlock the account in the first preferred embodiment;

图5是一流程图,说明本发明线上认证方法的第二较佳实施例中帐号防盗服务的申请注册过程;FIG. 5 is a flow chart illustrating the application and registration process of the account anti-theft service in the second preferred embodiment of the online authentication method of the present invention;

图6是一流程图,说明该第二较佳实施例中利用WAP上网方式来解除帐号锁定的过程;Fig. 6 is a flow chart, illustrates the process that utilizes WAP to get online in the second preferred embodiment to unlock the account;

图7是一流程图,说明该第二较佳实施例中利用WAP上网方式来暂停帐号防盗服务的过程;Fig. 7 is a flowchart illustrating the process of suspending the account anti-theft service in the second preferred embodiment by means of WAP accessing the Internet;

图8是一流程图,说明该第二较佳实施例中利用WAP上网方式来取消帐号防盗服务的过程;Fig. 8 is a flow chart, illustrates the process of canceling the account anti-theft service by utilizing the WAP online mode in the second preferred embodiment;

图9是一流程图,说明该第二较佳实施例中利用WAP上网方式来强制登出帐号的过程;及Fig. 9 is a flowchart illustrating the process of using the WAP Internet access method to forcibly log out the account in the second preferred embodiment; and

图10是一流程图,说明该第二较佳实施例中当移动式电话遗失时,取消帐号防盗服务的过程。FIG. 10 is a flow chart illustrating the process of canceling the account anti-theft service when the mobile phone is lost in the second preferred embodiment.

具体实施方式 Detailed ways

参阅图1,本发明线上认证系统的一较佳实施例适用于一使用者1能用以将一帐号设定至一锁定状态,并借由一可连上电信网路的移动式电话12来解除该锁定状态,因而使该使用者可利用一可连上网际网路的上网装置11(如一个人电脑)取得一服务,其中该帐号使得该使用者1具有能使用该服务的权限,且该服务例如可为线上游戏业者所提供的线上游戏服务或金融业者所提供的金流服务等。Referring to Fig. 1, a preferred embodiment of the online authentication system of the present invention is applicable to a user 1 who can set an account to a locked state, and through a mobile phone 12 that can be connected to the telecommunications network To release the locked state, thereby enabling the user to obtain a service using an Internet access device 11 (such as a personal computer) that can be connected to the Internet, wherein the account enables the user 1 to have the authority to use the service, And the service can be, for example, an online game service provided by an online game company or a cash flow service provided by a financial company.

该线上认证系统包含一电信业者资料库23、一认证资料库22及一服务提供者资料库21,其中该电信业者资料库23、认证资料库22、服务提供者资料库21间是借由虚拟专线网路(Virtual Private Network,VPN)来连接。虚拟专线网路类似区域网路,不与网际网路连接,可避免骇客从中窃取使用者1的帐号及密码等相关资料。The online authentication system includes a telecom operator database 23, an authentication database 22 and a service provider database 21, wherein the telecom operator database 23, the authentication database 22, and the service provider database 21 are established through Virtual private network (Virtual Private Network, VPN) to connect. The virtual private line network is similar to a local area network, and is not connected to the Internet, which can prevent hackers from stealing user 1's account number and password and other related information.

该电信业者资料库23用以接受该移动式电话12的连线,并将该移动式电话12的一使用者识别码(User ID,UID)传送至该认证资料库22。在一预先执行的帐号防盗服务的申请注册过程(参阅图2及图5)完成后,该认证资料库22可用以储存该帐号及对应的使用者识别码,其中该帐号是借由该申请注册过程而进入该锁定状态。至于,在该锁定状态的解除过程中,该认证资料库22可用以接收该电信业者资料库23所传来的使用者识别码,并将该使用者识别码对应的帐号传送至服务提供者资料库21。该服务提供者资料库21用以接收该认证资料库21所传来的帐号,以解除该帐号的锁定状态,继而提供该使用者1利用该上网装置11所能取得的服务,其中该服务提供者资料库21例如可为线上游戏业者的游戏资料库或金融业者的金流资料库等。The carrier database 23 is used for accepting the connection of the mobile phone 12, and sending a user identification code (User ID, UID) of the mobile phone 12 to the authentication database 22. After a pre-executed application registration process (refer to FIG. 2 and FIG. 5) of the account anti-theft service is completed, the authentication database 22 can be used to store the account number and the corresponding user identification code, wherein the account number is registered through the application process to enter the locked state. As for, during the unlocking process of the locked state, the authentication database 22 can be used to receive the user identification code transmitted from the carrier database 23, and transmit the account number corresponding to the user identification code to the service provider information Library 21. The service provider database 21 is used to receive the account number sent by the authentication database 21, so as to unlock the account number, and then provide the service that the user 1 can obtain by using the Internet access device 11, wherein the service provides The operator database 21 can be, for example, a game database of an online game operator or a cash flow database of a financial operator.

配合参阅图2,本发明线上认证方法的第一较佳实施例需先进行如图2所示的申请注册过程,包括以下步骤。如步骤31所示,透过网际网路,该使用者1利用该上网装置11、帐号及对应的密码登入该服务提供者资料库21,并于该服务提供者资料库21的申请服务网页选择简讯(ShortMessage Service,SMS)或互动语音引导(Interactive Voice Response,IVR)的帐号防盗选项。With reference to Fig. 2, the first preferred embodiment of the online authentication method of the present invention needs to go through the registration application process as shown in Fig. 2, including the following steps. As shown in step 31, through the Internet, the user 1 uses the Internet access device 11, account number and corresponding password to log in to the service provider database 21, and selects SMS (ShortMessage Service, SMS) or interactive voice guidance (Interactive Voice Response, IVR) account anti-theft option.

接着,如步骤32所示,该服务提供者资料库21将该帐号传送至该认证资料库22。接着,如步骤33所示,该使用者1于该认证资料库22的申请服务网页选择所属电信业者。接着,如步骤34所示,使用者1于所属电信业者的申请服务网页输入移动式电话12的电话号码以及用户识别模组(Subscriber Identity Module,SIM)卡的密码。接着,如步骤35所示,该电信业者资料库23将该移动式电话12的使用者识别码传送至该认证资料库22。接着,如步骤36所示,该帐号及使用者识别码便被对应存入该认证资料库22中。然后,认证资料库22便将对应的帐号及使用者识别码传送至该服务提供者资料库21而完成整个申请流程,而使该帐号进入锁定状态。Next, as shown in step 32 , the service provider database 21 transmits the account number to the authentication database 22 . Next, as shown in step 33 , the user 1 selects a telecom operator on the application service web page of the authentication database 22 . Next, as shown in step 34, the user 1 enters the phone number of the mobile phone 12 and the password of the subscriber identity module (Subscriber Identity Module, SIM) card on the service application webpage of the telecommunications company. Next, as shown in step 35 , the carrier database 23 sends the user ID of the mobile phone 12 to the authentication database 22 . Then, as shown in step 36 , the account number and user identification code are correspondingly stored in the authentication database 22 . Then, the authentication database 22 sends the corresponding account number and user identification code to the service provider database 21 to complete the entire application process, and the account enters a locked state.

参阅图1、3,若使用者于图2步骤31是选择简讯时,接着便需进行如图3所示的流程以解除该帐号的锁定状态。如步骤371所示,使用者1利用移动式电话12直拨电信业者所指定的电话号码,以传送简讯至该电信业者资料库。Referring to FIGS. 1 and 3, if the user selects a text message in step 31 of FIG. 2, then the process shown in FIG. 3 needs to be performed to unlock the account. As shown in step 371, the user 1 uses the mobile phone 12 to directly dial the phone number designated by the carrier to send a short message to the carrier's database.

接着,如步骤372所示,电信业者资料库23根据所收到的简讯,将对应的移动式电话12的使用者识别码传送到认证资料库22。接着,如步骤373所示,该认证资料库22将该使用者识别码所对应的帐号传送至服务提供者资料库21。接着,如步骤374所示,服务提供者资料库21将该帐号解除锁定以启用该帐号,并发送简讯告知使用者1该帐号已开锁成功。此外,当该帐号已开锁成功后,若使用者1未于一预设时间(如5分钟)内登入服务,则本发明的系统可自动再度关闭该帐号,借以避免该帐号的开启状态维持过久时,骇客得以借机登入。Next, as shown in step 372 , the carrier database 23 transmits the corresponding user identification code of the mobile phone 12 to the authentication database 22 according to the received SMS. Next, as shown in step 373 , the authentication database 22 sends the account corresponding to the user ID to the service provider database 21 . Next, as shown in step 374 , the service provider database 21 unlocks the account to activate the account, and sends a text message to inform the user 1 that the account has been successfully unlocked. In addition, after the account has been successfully unlocked, if the user 1 does not log in to the service within a preset time (such as 5 minutes), the system of the present invention can automatically close the account again, so as to prevent the account from being opened for too long. After a long time, hackers were able to take the opportunity to log in.

于是,如步骤375所示,接着使用者1便可利用上网装置11,以该帐号及对应的密码登入该服务提供者资料库21。接着,如步骤376所示,该服务提供者资料库21检查该帐号是否为锁定状态?若检查结果为是,则使用者1便无法取得服务提供者资料库21所提供的服务。相反地,若检查结果为否,则如步骤377所示,使用者1便可线上取得服务提供者资料库21所提供的服务。然而,当使用者1一进入可取得服务的状态时,如步骤378所示,服务提供者资料库21随即恢复该帐号的锁定状态,并将该帐号已恢复锁定的讯息告知认证资料库22。借由此恢复锁定的机制可避免骇客与使用者1抢登服务帐号。Then, as shown in step 375 , the user 1 can use the Internet access device 11 to log in the service provider database 21 with the account number and the corresponding password. Then, as shown in step 376, the service provider database 21 checks whether the account is locked? If the checking result is yes, the user 1 cannot obtain the service provided by the service provider database 21 . On the contrary, if the checking result is negative, as shown in step 377 , the user 1 can obtain the service provided by the service provider database 21 online. However, as soon as the user 1 enters the state where the service can be obtained, as shown in step 378, the service provider database 21 restores the locked state of the account immediately, and informs the authentication database 22 that the account has been locked again. The mechanism of recovering the lock can prevent hackers and the user 1 from robbing the service account.

参阅图1、4,若使用者于图2步骤31是选择IVR时,接着便需进行如图4所示的流程以解除该帐号的锁定状态。如步骤381所示,使用者1利用移动式电话12直拨一特定电话号码,以进入电信业者的IVR系统,并以此IVR系统所指定的方式(如按移动式电话的数字键″1″)选择开锁选项。Referring to Figures 1 and 4, if the user selects IVR in step 31 of Figure 2, then the process shown in Figure 4 needs to be carried out to remove the locked state of the account. As shown in step 381, the user 1 utilizes the mobile phone 12 to directly dial a specific phone number to enter the IVR system of the telecommunication provider, and the method specified by the IVR system (such as pressing the number key "1" of the mobile phone) Select the unlock option.

接着,如步骤382所示,电信业者资料库23将该移动式电话12的使用者识别码传送到认证资料库22。接着,如步骤383所示,该认证资料库22将该使用者识别码所对应的帐号传送至服务提供者资料库21。接着,如步骤384所示,服务提供者资料库21将该帐号解除锁定以启用该帐号。Next, as shown in step 382 , the carrier database 23 transmits the user ID of the mobile phone 12 to the authentication database 22 . Next, as shown in step 383 , the authentication database 22 sends the account corresponding to the user ID to the service provider database 21 . Next, as shown in step 384, the service provider database 21 unlocks the account to activate the account.

于是,如步骤385所示,接着使用者1便可利用上网装置11,以该帐号及对应的密码登入该服务提供者资料库21。接着,如步骤386所示,该服务提供者资料库21检查该帐号是否为锁定状态?若检查结果为是,则使用者1便无法取得服务提供者资料库21所提供的服务。相反地,若检查结果为否,则如步骤387所示,使用者1便可线上取得服务提供者资料库21所提供的服务。然而,当使用者1一进入可取得服务的状态时,如步骤388所示,服务提供者资料库21便随即恢复该帐号的锁定状态,并将该帐号已恢复锁定的讯息告知认证资料库22。借由此恢复锁定的机制可避免骇客与使用者1抢登服务帐号。Then, as shown in step 385 , the user 1 can use the Internet access device 11 to log in the service provider database 21 with the account number and the corresponding password. Next, as shown in step 386, the service provider database 21 checks whether the account is locked? If the checking result is yes, the user 1 cannot obtain the service provided by the service provider database 21 . On the contrary, if the checking result is negative, as shown in step 387 , the user 1 can obtain the service provided by the service provider database 21 online. However, as soon as the user 1 enters the state where the service can be obtained, as shown in step 388, the service provider database 21 immediately recovers the locked state of the account, and informs the authentication database 22 that the account has been locked again. . The mechanism of recovering the lock can prevent hackers and the user 1 from robbing the service account.

参阅图1、5,本发明线上认证方法的第二较佳实施例需先进行如图5所示的申请注册过程,包括以下步骤。如步骤411所示,使用者1以移动式电话12登入无线应用程式通讯协定(Wireless ApplicationProtocol,WAP)网路。接着,使用者1以移动式电话12所浏览的网页随即转换至认证资料库22的加值服务网页,以供使用者1申请开启防盗服务,并令认证资料库22通知电信业者资料库开通服务。Referring to Figures 1 and 5, the second preferred embodiment of the online authentication method of the present invention needs to go through the registration application process as shown in Figure 5, including the following steps. As shown in step 411, the user 1 logs in the Wireless Application Protocol (WAP) network with the mobile phone 12 . Then, the webpage browsed by the user 1 with the mobile phone 12 is immediately switched to the value-added service webpage of the authentication database 22, for the user 1 to apply for opening the anti-theft service, and to make the authentication database 22 notify the telecom operator database to activate the service .

接着,如步骤412所示,使用者1于认证资料库22的网页输入该帐号以及对应的密码,且认证资料库22随即取得该移动式电话12的使用者识别码。接着,如步骤413所示,该认证资料库22将该帐号及对应的密码传送至该服务提供者资料库21。Next, as shown in step 412 , the user 1 enters the account number and the corresponding password on the web page of the authentication database 22 , and the authentication database 22 then obtains the user identification code of the mobile phone 12 . Next, as shown in step 413 , the authentication database 22 transmits the account number and the corresponding password to the service provider database 21 .

然后,如步骤414所示,该服务提供者资料库21判断该帐号以及对应的密码是否正确?若判断结果为正确,则如步骤415所示,该服务提供者资料库21开启该帐号的防盗服务;接着如步骤416所示,服务提供者资料库21通知认证资料库22对应储存该帐号、对应的密码以及移动式电话12的使用者识别码;然后如步骤417所示,认证资料库22的网页告知使用者1已完成防盗服务申请。Then, as shown in step 414, the service provider database 21 judges whether the account number and the corresponding password are correct? If the judgment result is correct, then as shown in step 415, the service provider database 21 opens the anti-theft service of the account; then as shown in step 416, the service provider database 21 notifies the authentication database 22 to store the account, The corresponding password and the user identification code of the mobile phone 12; then as shown in step 417, the webpage of the authentication database 22 informs the user 1 that the anti-theft service application has been completed.

相反地,若步骤414中的判断结果为否,则如步骤418所示,该认证资料库418的网页告知输入帐号/密码错误,并请使用者1重新输入;然后再重新进行步骤412等相关步骤。On the contrary, if the judgment result in step 414 is no, then as shown in step 418, the webpage of the authentication database 418 informs that the input account number/password is wrong, and asks user 1 to re-enter; step.

参阅图1、6,当本发明线上认证方法的第二较佳实施中已完成如图5所示的申请注册过程后,接着便可如图6所示,以WAP上网的方式来解除该帐号的锁定状态。如步骤420所示,使用者1以移动式电话12登入WAP。接着,使用者1所浏览的网页随即转换至认证资料库22的加值服务网页,以供使用者选择防盗服务。Referring to Fig. 1, 6, when the second preferred implementation of the online authentication method of the present invention has completed the application registration process as shown in Fig. 5, then as shown in Fig. 6, the mode of accessing the Internet with WAP is released The lockout status of the account. As shown in step 420 , the user 1 logs into the WAP with the mobile phone 12 . Then, the webpage browsed by the user 1 is switched to the value-added service webpage of the authentication database 22 for the user to select the anti-theft service.

接着,如步骤421所示,该认证资料库22检查该移动式电话12的使用者识别码是否已申请防盗服务?若检查结果为否,则如步骤422所示,该认证资料库22的网页告知使用者1尚未申请防盗服务。Next, as shown in step 421, the authentication database 22 checks whether the user identification code of the mobile phone 12 has applied for the anti-theft service? If the checking result is negative, as shown in step 422 , the webpage of the authentication database 22 informs the user 1 that he has not applied for the anti-theft service.

若该检查结果为是,则移动式电话12的WAP网页上接着出现数个防盗服务选项。于是,如步骤423所示,使用者1可选择其中″开锁″的防盗服务选项。接着,如步骤424所示,认证资料库22将使用者识别码所对应的帐号传送至服务提供者资料库21。然后,如步骤425所示,服务提供者资料库21将该帐号解除锁定以启用该帐号,并借由认证资料库22的网页告知使用者1已开锁成功。If the checking result is yes, several anti-theft service options then appear on the WAP web page of the mobile phone 12 . Then, as shown in step 423, the user 1 can select the anti-theft service option of "unlock". Next, as shown in step 424 , the authentication database 22 sends the account number corresponding to the user identification code to the service provider database 21 . Then, as shown in step 425 , the service provider database 21 unlocks the account to activate the account, and informs the user 1 that the account has been successfully unlocked through the webpage of the authentication database 22 .

于是,如步骤426所示,接着使用者1便可利用上网装置11,以该帐号及对应的密码登入该服务提供者资料库21。接着,如步骤427所示,该服务提供者资料库21检查该帐号是否为锁定状态?若检查结果为是,则使用者1便无法取得服务提供者资料库21所提供的服务。相反地,若检查结果为否,则如步骤428所示,使用者1便可线上取得服务提供者资料库21所提供的服务。然而,当使用者1一进入可取得服务的状态时,如步骤429所示,服务提供者资料库21随即恢复该帐号的锁定状态,并将该帐号已恢复锁定的讯息告知认证资料库22,且认证资料库22以WAP网页告知使用者1该帐号已恢复锁定状态。借由此恢复锁定的机制可避免骇客与使用者1抢登服务帐号。Then, as shown in step 426 , the user 1 can use the Internet access device 11 to log in the service provider database 21 with the account number and the corresponding password. Next, as shown in step 427, the service provider database 21 checks whether the account is locked? If the checking result is yes, the user 1 cannot obtain the service provided by the service provider database 21 . On the contrary, if the checking result is negative, as shown in step 428 , the user 1 can obtain the service provided by the service provider database 21 online. However, as soon as the user 1 enters the state where the service can be obtained, as shown in step 429, the service provider database 21 restores the locked state of the account immediately, and informs the authentication database 22 of the account has been locked again, And the authentication database 22 notifies the user 1 that the account has been locked again through the WAP web page. The mechanism of recovering the lock can prevent hackers and the user 1 from robbing the service account.

如图1、3、4及6-9所示,本发明中除可借由简讯、IVR及WAP三种方式来解除帐号的锁定状态外,还可借由此三种方式来暂停防盗服务、取消防盗服务或强制登出。接下来本说明书中只借由图7、8、9来分别说明应如何利用WAP上网方式来暂停服务、取消服务及强制登出,至于有关应如何借由简讯或IVR来暂停服务、取消服务及强制登出的细节,熟悉该项技艺者可参考图7、8、9的WAP操作方式而同样可比照实施。As shown in Figures 1, 3, 4 and 6-9, in addition to releasing the locked state of the account through SMS, IVR and WAP, the present invention can also suspend the anti-theft service, Cancel the anti-theft service or force logout. Next, this manual only uses Figures 7, 8, and 9 to explain how to use WAP to suspend service, cancel service and force logout respectively. As for how to use SMS or IVR to suspend service, cancel service and For the details of mandatory logout, those familiar with the art can refer to the WAP operation modes of FIGS.

参阅图7,以WAP上网方式暂停帐号防盗服务的流程包括以下步骤。如步骤441所示,使用者1以移动式电话12登入WAP。接着,使用者1所浏览的网页随即转换至认证资料库22的加值服务网页,以供使用者选择防盗服务。接着,如步骤442所示,该认证资料库22检查该移动式电话12的使用者识别码是否已申请防盗服务?若检查结果为否,则如步骤443所示,该认证资料库22的网页告知使用者1尚未申请防盗服务。Referring to FIG. 7 , the flow of suspending the account anti-theft service through WAP access includes the following steps. As shown in step 441 , the user 1 logs into the WAP with the mobile phone 12 . Then, the webpage browsed by the user 1 is switched to the value-added service webpage of the authentication database 22 for the user to select the anti-theft service. Next, as shown in step 442, the authentication database 22 checks whether the user ID of the mobile phone 12 has applied for the anti-theft service? If the checking result is negative, as shown in step 443 , the webpage of the authentication database 22 informs the user 1 that he has not applied for the anti-theft service.

若该检查结果为是,则如步骤444所示,使用者1接着选择WAP网页上的″暂停服务″的防盗服务选项。此″暂停服务″的选项为暂时性的关闭防盗服务,而非取消防盗服务,以便于使用者1需经常登出登入时使用。当防盗服务暂停后,使用者1便不需透过移动式电话12来解除帐号的锁定状态,而可直接登入服务提供者资料库21来取得所需的服务。If the check result is yes, then as shown in step 444, the user 1 then selects the anti-theft service option of "suspend service" on the WAP web page. The option of "suspending service" is to temporarily close the anti-theft service, rather than cancel the anti-theft service, so that it can be used when the user 1 needs to log out and log in frequently. When the anti-theft service is suspended, the user 1 does not need to use the mobile phone 12 to unlock the account, but can directly log in to the service provider database 21 to obtain the required service.

接着,如步骤445所示,认证资料库22将使用者1的移动式电话12的使用者识别码及所对应的帐号传送至服务提供者资料库21。然后,如步骤446所示,该服务提供者资料库21检查该使用者识别码及帐号是否对应正确?若检查结果为是,则如步骤447所示,服务提供者资料库21暂停提供防盗服务,并于认证资料库22的WAP网页显示″服务暂停″以告知使用者1。于是,使用者1不需先进行以移动式电话12来解除帐号锁定的动作,即可直接以上网装置11登入服务提供者资料库21以取得所需的服务。相反地,若步骤446的检查结果为否,则如步骤448所示,″暂停服务″的功能执行失败,而于认证资料库22的WAP网页显示错误讯息。Next, as shown in step 445 , the authentication database 22 sends the user identification code of the mobile phone 12 of the user 1 and the corresponding account number to the service provider database 21 . Then, as shown in step 446, the service provider database 21 checks whether the user identification code and the account number correspond correctly? If the check result is yes, then as shown in step 447, the service provider database 21 suspends providing the anti-theft service, and displays "service suspension" on the WAP web page of the authentication database 22 to inform the user 1. Therefore, the user 1 can directly log in the service provider database 21 with the Internet device 11 to obtain the required service without first unlocking the account with the mobile phone 12 . On the contrary, if the checking result of step 446 is negative, then as shown in step 448, the execution of the function of "suspend service" fails, and an error message is displayed on the WAP web page of the authentication database 22 .

参阅图8,以WAP上网方式取消帐号防盗服务的流程包括以下步骤。如步骤451所示,使用者1以移动式电话12登入WAP。接着,使用者1所浏览的网页随即转换至认证资料库22的加值服务网页,以供使用者选择防盗服务。接着,如步骤452所示,该认证资料库22检查该移动式电话12的使用者识别码是否已申请防盗服务?若检查结果为否,则如步骤457所示,该认证资料库22的网页告知使用者1尚未申请防盗服务。Referring to FIG. 8 , the process of canceling the account anti-theft service through WAP access includes the following steps. As shown in step 451 , the user 1 logs into the WAP with the mobile phone 12 . Then, the webpage browsed by the user 1 is switched to the value-added service webpage of the authentication database 22 for the user to select the anti-theft service. Next, as shown in step 452, the authentication database 22 checks whether the user ID of the mobile phone 12 has applied for the anti-theft service? If the checking result is negative, then as shown in step 457, the web page of the authentication database 22 informs the user 1 that he has not applied for the anti-theft service.

若该检查结果为是,则如步骤453所示,使用者1接着选择WAP网页上的″取消服务″的防盗服务选项。此″取消服务″的选项为永久性的取消防盗服务。当防盗服务取消后,该使用者识别码与帐号即没有对应关系,因此若要恢复帐号防盗功能,则必须重新申请帐号防盗的加值服务(即需再次进行图5的流程)。If the check result is yes, then as shown in step 453, the user 1 then selects the anti-theft service option of "cancel service" on the WAP web page. The option of "cancel service" is to permanently cancel the anti-theft service. After the anti-theft service is cancelled, the user identification code has no corresponding relationship with the account number. Therefore, if the account anti-theft function is to be restored, the account anti-theft value-added service must be re-applied (that is, the process in FIG. 5 needs to be performed again).

接着,如步骤454所示,该认证资料库22通知电信业者资料库23该移动式电话12的使用者识别码已取消防盗服务。接着,如步骤455所示,该认证资料库22的WAP网页显示″服务已关闭″的讯息告知使用者1,并通知服务提供者资料库21。接着,如步骤456所示,服务提供者资料库21借由解除该帐号的锁定状态以及将该帐号所对应的使用者识别码清除,以取消该帐号的防盗服务,于是使用者1不需先进行以移动式电话12来解除帐号锁定的动作,即可直接以上网装置11登入服务提供者资料库21以取得所需的服务。Next, as shown in step 454, the authentication database 22 notifies the carrier database 23 that the user identification code of the mobile phone 12 has canceled the anti-theft service. Then, as shown in step 455 , the WAP webpage of the authentication database 22 displays a message of “service is closed” to notify the user 1 and notify the service provider database 21 . Then, as shown in step 456, the service provider database 21 cancels the anti-theft service of the account by releasing the locked state of the account and clearing the user identification code corresponding to the account, so that the user 1 does not need to first Perform the action of unlocking the account with the mobile phone 12, and then directly log in the service provider database 21 with the Internet device 11 to obtain the required services.

参阅图9,以WAP上网方式强制登出的流程包括以下步骤。如步骤460所示,使用者1以移动式电话12登入WAP。接着,使用者1所浏览的网页随即转换至认证资料库22的加值服务网页,以供使用者选择防盗服务。接着,如步骤461所示,该认证资料库22检查该移动式电话12的使用者识别码是否已申请防盗服务?若检查结果为否,则如步骤462所示,该认证资料库22的网页告知使用者1尚未申请防盗服务。Referring to FIG. 9 , the process of forced logout by means of WAP includes the following steps. As shown in step 460 , the user 1 logs into the WAP with the mobile phone 12 . Then, the webpage browsed by the user 1 is switched to the value-added service webpage of the authentication database 22 for the user to select the anti-theft service. Next, as shown in step 461, the authentication database 22 checks whether the user identification code of the mobile phone 12 has applied for the anti-theft service? If the checking result is negative, as shown in step 462, the web page of the authentication database 22 informs the user 1 that he has not applied for the anti-theft service.

若该检查结果为是,则如步骤463所示,使用者1接着选择WAP网页上的″强制登出″的防盗服务选项。当使用者1发现自己无法登入服务提供者资料库21且不是由于伺服器或个人电脑网路等硬体因素时,即有可能是骇客入侵移动式电话12的帐号防盗机制,此时使用者1即可选择此″强制登出″选项,以将个人的帐号强制登出并暂时冻结此帐号,借以避免骇客窃用服务提供者资料库21对此帐号所提供的服务(如线上游戏中的宝物)。If the check result is yes, then as shown in step 463, the user 1 then selects the anti-theft service option of "forced logout" on the WAP web page. When the user 1 finds that he cannot log into the service provider database 21 and is not due to hardware factors such as server or personal computer network, it may be that the account number anti-theft mechanism of the hacker invaded the mobile phone 12. At this time, the user 1 can select this " forced to log out " option, with personal account number is forced to log out and temporarily freeze this account number, in order to prevent hacker from stealing the service that service provider database 21 provides to this account number (as in online game treasures).

接着,如步骤464所示,认证资料库22的WAP网页请使用者1再次确认是否要强制登出?若否,则不强制登出该帐号,且结束图9的流程。若是,则如步骤465所示,认证资料库22根据该移动式电话12的使用者识别码查询出欲强制登出的帐号。接着,如步骤466所示,认证资料库22将该使用者识别码与对应的帐号传送至服务提供者资料库21。然后,如步骤467所示,服务提供者资料库21检查该帐号及使用者识别码是否对应正确?若是,则如步骤468所示,该服务提供者资料库21将该帐号强制登出。相反地,若否,则不强制登出该帐号,且结束图9的流程。Then, as shown in step 464, the WAP web page of the authentication database 22 asks the user 1 to confirm again whether to force logout? If not, the account is not forcibly logged out, and the process in FIG. 9 ends. If yes, then as shown in step 465 , the authentication database 22 searches out the account to be forced to log out according to the user identification code of the mobile phone 12 . Next, as shown in step 466 , the authentication database 22 sends the user identification code and the corresponding account number to the service provider database 21 . Then, as shown in step 467, the service provider database 21 checks whether the account number and the user identification code correspond correctly? If yes, as shown in step 468, the service provider database 21 forcibly logs out the account. On the contrary, if no, the account is not forced to be logged out, and the process in FIG. 9 ends.

参阅图10,当使用者1遗失该移动式电话12时,可采取以下处理流程。如步骤471所示,使用者1直接与服务提供者资料库21所属公司联络,以告知欲取消防盗服务。接着,该公司向该使用者1确认身分以及欲取消防盗服务的帐号。然后,如步骤473所示,服务提供者资料库21通知认证资料库22取消该帐号与使用者识别码的对应关系以取消该帐号的防盗服务,于是当使用者1欲登入该帐号以取得服务提供者伺服器21所提供的服务的前,将不需再先行利用WAP网路进行解除帐号锁定的动作。此外,使用者也可直接向电信业者申请新的电话号码相同的SIM卡。由于此新的SIM卡的使用者识别码与已遗失的移动式电话12中SIM卡的使用者识别码完全相同,因此使用者1同样可借由此新的SIM卡与移动式电话12进入WAP网路以使用该帐号原先的各种帐号防盗服务。Referring to FIG. 10 , when the user 1 loses the mobile phone 12 , the following processing flow can be taken. As shown in step 471, the user 1 directly contacts the company to which the service provider database 21 belongs to inform that he intends to cancel the anti-theft service. Then, the company confirms the identity and the account number of the anti-theft service to be canceled to the user 1 . Then, as shown in step 473, the service provider database 21 notifies the authentication database 22 to cancel the corresponding relationship between the account and the user identification code to cancel the anti-theft service of the account, so when the user 1 intends to log in to the account to obtain the service Before the service provided by the provider server 21, there is no need to use the WAP network to unlock the account. In addition, the user can also directly apply for a new SIM card with the same phone number to the telecom operator. Because the user identification code of this new SIM card is exactly the same as the user identification code of the SIM card in the lost mobile phone 12, so user 1 can enter WAP by this new SIM card and mobile phone 12 equally. Internet to use the account's original account theft prevention services.

综观上述,本发明的构造特征,确能提供一种实用线上认证方法及系统,其中使用者1是透过网际网路或WAP上网方式将该帐号设定至锁定状态,并借由简讯、IVR或WAP上网方式来解除该锁定状态,借以使该使用者1能透过网际网路取得服务提供者资料库21所提供的服务,因而提高使用者1透过网际网路取用服务提供者所提供的服务的安全性。In view of the above, the structural features of the present invention can indeed provide a practical online authentication method and system, wherein the user 1 sets the account to a locked state through the Internet or WAP access, and through text messages, IVR or WAP access method to release the locked state, so that the user 1 can obtain the service provided by the service provider database 21 through the Internet, thereby improving the user 1 to obtain the service provider through the Internet. Security of Services Provided.

Claims (10)

1.一种线上认证方法,包含下列步骤:1. An online authentication method comprising the following steps: (a)通过互动语音引导以及简讯二者择一的方式而执行一帐号防盗服务的申请注册过程,而使该帐号进入一锁定状态;(a) Execute the application registration process of an account anti-theft service through interactive voice guidance and text messages, so that the account enters a locked state; (b)一使用者利用一移动式电话连线至一特定电信业者的电信业者资料库;(b) a user connects to a carrier database of a particular carrier using a mobile phone; (c)该电信业者资料库将该移动式电话的一使用者识别码传送至一认证资料库,其中该认证资料库中已预先记录有该使用者识别码以及一为该使用者所拥有且与该使用者识别码对应的帐号,该帐号使得该使用者具有能使用一服务提供者资料库所提供的服务的权限;及(c) the carrier database transmits a user ID of the mobile phone to an authentication database in which the user ID is pre-recorded and a user ID owned by the user and an account corresponding to the user identification code, which enables the user to use the services provided by a service provider database; and (d)该认证资料库将该移动式电话的使用者识别码所对应的帐号传送至该服务提供者资料库,借以启用该帐号,因而该使用者能利用该帐号与对应的密码登入该服务提供者资料库,以取得该服务提供者资料库所提供的服务,且通过解除步骤(a)的锁定状态而启用该帐号。(d) The authentication database transmits the account number corresponding to the user identification code of the mobile phone to the service provider database, so as to activate the account number, so that the user can use the account number and the corresponding password to log in to the service provider database to obtain the services provided by the service provider database, and activate the account by unlocking the lock status in step (a). 2.如权利要求1所述的线上认证方法,其特征在于:该电信业者资料库、服务提供者资料库分别通过虚拟专线网路与认证资料库相互连接。2. The online authentication method according to claim 1, wherein the telecom operator database and the service provider database are respectively connected to the authentication database through a virtual private line network. 3.如权利要求1所述的线上认证方法,其特征在于:该服务提供者资料库为游戏资料库以及金流资料库二者择一。3. The online authentication method according to claim 1, characterized in that: the service provider database is either a game database or a money flow database. 4.如权利要求1所述的线上认证方法,其特征在于:该(a)步骤包括下列子步骤:4. The online authentication method according to claim 1, characterized in that: the (a) step comprises the following sub-steps: (a-1)通过网际网路,该使用者利用该帐号与对应的密码登入该服务提供者资料库,并于该服务提供者资料库的申请服务网页选择互动语音引导以及简讯二者择一的帐号防盗选项;(a-1) Through the Internet, the user uses the account number and the corresponding password to log in to the service provider database, and chooses between interactive voice guidance and SMS on the application service page of the service provider database account anti-theft options; (a-2)该服务提供者资料库将该帐号传送至该认证资料库;(a-2) the service provider database transmits the account number to the authentication database; (a-3)该使用者于该认证资料库的申请服务网页选择所属电信业者;(a-3) The user selects the telecom operator on the application service webpage of the authentication database; (a-4)该使用者于该特定电信业者的申请服务网页输入该移动式电话的电话号码;(a-4) The user enters the phone number of the mobile phone on the application service webpage of the specific telecom operator; (a-5)该电信业者资料库将该移动式电话的使用者识别码传送至该认证资料库;及(a-5) the carrier database sends the mobile phone's user ID to the authentication database; and (a-6)将该帐号及使用者识别码对应存入该认证资料库中。(a-6) Correspondingly storing the account number and the user identification code in the authentication database. 5.一种线上认证方法,包含下列步骤:5. An online authentication method comprising the following steps: (a)通过无线通讯协议上网的方式而执行一帐号防盗服务的申请注册过程,而使该帐号进入一锁定状态;(a) Execute the application and registration process of an account anti-theft service through a wireless communication protocol to access the Internet, so that the account enters a locked state; (b)一使用者利用一移动式电话连线至一特定电信业者的电信业者资料库;(b) a user connects to a carrier database of a particular carrier using a mobile phone; (c)该电信业者资料库将该移动式电话的一使用者识别码传送至一认证资料库,其中该认证资料库中已预先记录有该使用者识别码以及一为该使用者所拥有且与该使用者识别码对应的帐号,该帐号使得该使用者具有能使用一服务提供者资料库所提供的服务的权限;及(c) the carrier database transmits a user ID of the mobile phone to an authentication database in which the user ID is pre-recorded and a user ID owned by the user and an account corresponding to the user identification code, which enables the user to use the services provided by a service provider database; and (d)该认证资料库将该移动式电话的使用者识别码所对应的帐号传送至该服务提供者资料库,借以启用该帐号,因而该使用者能利用该帐号与对应的密码登入该服务提供者资料库,以取得该服务提供者资料库所提供的服务,且通过解除步骤(a)的锁定状态而启用该帐号。(d) The authentication database transmits the account number corresponding to the user identification code of the mobile phone to the service provider database, so as to activate the account number, so that the user can use the account number and the corresponding password to log in to the service provider database to obtain the services provided by the service provider database, and activate the account by unlocking the lock status in step (a). 6.如权利要求5所述的线上认证方法,其特征在于:该(a)步骤包括下列子步骤:6. The online authentication method according to claim 5, characterized in that: the (a) step comprises the following sub-steps: (a-1)该使用者利用该移动式电话,以无线通讯协议上网的方式连上该电信业者资料库,继而连上该认证资料库的申请服务网页;(a-1) The user uses the mobile phone to connect to the database of the telecom operator through a wireless communication protocol, and then connects to the application service webpage of the authentication database; (a-2)该使用者于该认证资料库的申请服务网页输入该帐号及对应的密码;(a-2) The user enters the account number and corresponding password on the application service webpage of the authentication database; (a-3)该认证资料库将该帐号及对应的密码传送至该服务提供者资料库;及(a-3) the authentication database transmits the account number and corresponding password to the service provider database; and (a-4)该服务提供者资料库经判断该帐号及对应的密码正确无误后,通知该认证资料库将该帐号、对应的密码,以及该移动式电话的使用者识别码储存至该认证资料库中。(a-4) After the service provider database determines that the account number and the corresponding password are correct, it notifies the authentication database to store the account number, the corresponding password, and the user identification code of the mobile phone in the authentication database. in the database. 7.一种线上认证系统,适用于一使用者能用以将一帐号设定至一锁定状态,并通过一移动式电话来解除该锁定状态,借以使该使用者能利用一上网装置取得一服务,该帐号使得该使用者具有能使用该服务的权限,其中该线上认证系统包含一电信业者资料库及一服务提供者资料库,该电信业者资料库用以接受该移动式电话的连线,并将该移动式电话的一使用者识别码向外传送,其特征在于:7. An online authentication system, which is suitable for a user to set an account to a locked state, and unlock the locked state through a mobile phone, so that the user can use an Internet device to obtain A service, the account enables the user to have the authority to use the service, wherein the online authentication system includes a telecom operator database and a service provider database, the telecom operator database is used to accept the mobile phone Connecting, and sending out a user identification code of the mobile phone, it is characterized in that: 该线上认证系统还包含一认证资料库,所述认证资料库在一预先执行的帐号防盗服务的申请注册过程完成后,能用以储存该帐号及对应的使用者识别码,以及在该锁定状态的解除过程中,能用以接收该电信业者资料库所传来的使用者识别码,并将该使用者识别码对应的帐号向外传送,其中该帐号是通过该申请注册过程而进入该锁定状态,而该服务提供者资料库用以接收该认证资料库所传来的帐号,以解除该帐号的锁定状态,继而提供该使用者利用该上网装置所能取得的服务;The online authentication system also includes an authentication database, which can be used to store the account number and the corresponding user identification code after a pre-executed application registration process for the account anti-theft service is completed, and to In the process of canceling the state, it can be used to receive the user identification code transmitted from the database of the telecom operator, and send out the account corresponding to the user identification code, wherein the account is entered into the application through the registration process. Locked state, and the service provider database is used to receive the account number transmitted from the authentication database, so as to release the locked state of the account number, and then provide the service that the user can obtain by using the Internet access device; 该服务提供者资料库还提供一申请服务网页,用以提供互动语音引导以及简讯二者择一的帐号防盗选项,当该使用者执行该申请注册过程时,是先利用该上网装置连上网际网路,并利用该帐号与对应的密码登入该服务提供者资料库的申请服务网页,继而选择其中一帐号防盗选项,再依序连上该认证资料库以及电信业者资料库,并于该电信业者资料库的申请服务网页输入该移动式电话的电话号码,借以使得该认证资料库能对应储存该帐号及移动式电话的使用者识别码。The service provider database also provides an application service web page, which is used to provide an account anti-theft option of interactive voice guidance and SMS. When the user performs the application registration process, he first uses the Internet access device to connect to the Internet and use the account number and the corresponding password to log in to the application service web page of the service provider database, and then select one of the account anti-theft options, and then connect to the authentication database and the telecommunications operator database in sequence, and in the telecommunications The phone number of the mobile phone is input in the application service webpage of the operator database, so that the authentication database can store the account number and the user identification code of the mobile phone correspondingly. 8.如权利要求7所述的线上认证系统,其特征在于:该电信业者资料库、服务提供者资料库分别通过虚拟专线网路与认证资料库相互连接。8. The online authentication system according to claim 7, wherein the telecom operator database and the service provider database are respectively connected to the authentication database through a virtual private line network. 9.如权利要求7所述的线上认证系统,其特征在于:该服务提供者资料库为游戏资料库以及金流资料库二者择一。9. The online authentication system according to claim 7, wherein the service provider database is a game database and a cash flow database. 10.如权利要求7所述的线上认证系统,其特征在于:该使用者执行该申请注册过程时,是先利用该移动式电话,以无线通讯协议上网方式连上该电信业者资料库,再连上该认证资料库的申请服务网页以输入该帐号及对应的密码,并经该服务提供者资料库判断该帐号及对应的密码正确无误后,该认证资料库再对应储存该帐号及移动式电话的使用者识别码。10. The online authentication system according to claim 7, characterized in that: when the user executes the registration application process, he first uses the mobile phone to connect to the telecommunications provider's database by means of a wireless communication protocol. Then connect to the application service webpage of the authentication database to enter the account number and corresponding password, and after the service provider database judges that the account number and corresponding password are correct, the authentication database then stores the account number and mobile phone's user ID.
CN200510098393A 2005-09-09 2005-09-09 Online authentication method and system Expired - Fee Related CN100583762C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN200510098393A CN100583762C (en) 2005-09-09 2005-09-09 Online authentication method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN200510098393A CN100583762C (en) 2005-09-09 2005-09-09 Online authentication method and system

Publications (2)

Publication Number Publication Date
CN1929375A CN1929375A (en) 2007-03-14
CN100583762C true CN100583762C (en) 2010-01-20

Family

ID=37859177

Family Applications (1)

Application Number Title Priority Date Filing Date
CN200510098393A Expired - Fee Related CN100583762C (en) 2005-09-09 2005-09-09 Online authentication method and system

Country Status (1)

Country Link
CN (1) CN100583762C (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101163008B (en) * 2007-09-24 2012-07-18 林美华 Online game anti-cheat and anti-theft system
CN102739399A (en) * 2011-04-15 2012-10-17 威达软体有限公司 Unlocking method for online game communication lock
TW201244443A (en) * 2011-04-28 2012-11-01 Chunghwa Telecom Co Ltd Authentication system and method for cross-platform equipment membership
TW201342877A (en) * 2012-04-06 2013-10-16 Chunghwa Telecom Co Ltd Packets exchange customer service processing system and method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1305302A (en) * 2000-12-22 2001-07-25 冯珉 Application of mobile communication equipment in network access
US20030097444A1 (en) * 2001-11-08 2003-05-22 Santanu Dutta Method and apparatus for authorizing internet transactions using the public land mobile network (PLMN)
CN1459756A (en) * 2002-05-23 2003-12-03 财金资讯股份有限公司 Internet Financial Operation Method
US20040203595A1 (en) * 2002-08-12 2004-10-14 Singhal Tara Chand Method and apparatus for user authentication using a cellular telephone and a transient pass code
CN1652500A (en) * 2004-02-02 2005-08-10 英华达(上海)电子有限公司 Remote database inquiring method for mobile communication apparatus

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1305302A (en) * 2000-12-22 2001-07-25 冯珉 Application of mobile communication equipment in network access
US20030097444A1 (en) * 2001-11-08 2003-05-22 Santanu Dutta Method and apparatus for authorizing internet transactions using the public land mobile network (PLMN)
CN1459756A (en) * 2002-05-23 2003-12-03 财金资讯股份有限公司 Internet Financial Operation Method
US20040203595A1 (en) * 2002-08-12 2004-10-14 Singhal Tara Chand Method and apparatus for user authentication using a cellular telephone and a transient pass code
CN1652500A (en) * 2004-02-02 2005-08-10 英华达(上海)电子有限公司 Remote database inquiring method for mobile communication apparatus

Also Published As

Publication number Publication date
CN1929375A (en) 2007-03-14

Similar Documents

Publication Publication Date Title
JP4384117B2 (en) Data processing system user authentication method and system
AU2009323748B2 (en) Secure transaction authentication
KR100392792B1 (en) User authentication system and method using a second channel
JP4524059B2 (en) Method and apparatus for performing secure data transfer in a wireless communication network
CN102693381B (en) Method, device and system for anti-theft of portable computer equipment
CN107113613B (en) Server, mobile terminal, network real-name authentication system and method
US20210234850A1 (en) System and method for accessing encrypted data remotely
CN101568119A (en) Mobile terminal with antitheft function and antitheft method thereof
US20100291899A1 (en) Method and system for delivering a command to a mobile device
KR102116587B1 (en) Method and system using a cyber id to provide secure transactions
CN105809007A (en) Privacy protection method and device
EP2115675A1 (en) Method and system for securely executing a charge transaction
AU2017285865A1 (en) Mobile authentication method and system therefor
CN111404965B (en) Method for realizing mobile terminal application safety verification
CN109587683B (en) Method and system, application program and terminal information database for SMS anti-monitoring
CN100583762C (en) Online authentication method and system
RU2354066C2 (en) Method and system for authentication of data processing system user
CN110191464B (en) Method and system for preventing SIM card from being stolen
KR100563544B1 (en) User Authentication Using One-Time Password
CN109859349A (en) A kind of entrance guard authentication method and system based on data SMS technology
KR102196046B1 (en) Method for providing counselling service
CN110490587B (en) Method and device for rapidly locking bank card
JP2008217487A (en) Financial processing system, account lock method
JP2001211479A (en) Data communication system
KR20070076575A (en) How to handle customer authentication

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
ASS Succession or assignment of patent right

Owner name: ORR INFORMATION MULTIMEDIA CO., LTD.

Free format text: FORMER OWNER: YIXIANGTANG MOBILE DIGITAL CO., LTD.

Effective date: 20090904

C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20090904

Address after: China Taiwan Taipei County Banqiao Road 2 sections of cultural 285 32 Building

Applicant after: Auer Media & Entertainment Corp.

Address before: Taiwan, Kaohsiung, China Fengshan South Street No. 7, building 75

Applicant before: MOJO Digital Mobile Co., Ltd.

C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100120

Termination date: 20110909