[go: up one dir, main page]

CN101030239A - Account management system and account management method with security function - Google Patents

Account management system and account management method with security function Download PDF

Info

Publication number
CN101030239A
CN101030239A CNA2007100868809A CN200710086880A CN101030239A CN 101030239 A CN101030239 A CN 101030239A CN A2007100868809 A CNA2007100868809 A CN A2007100868809A CN 200710086880 A CN200710086880 A CN 200710086880A CN 101030239 A CN101030239 A CN 101030239A
Authority
CN
China
Prior art keywords
user
authentication
user password
unit
account management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CNA2007100868809A
Other languages
Chinese (zh)
Inventor
陈奇卿
赵克立
吴春台
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xude Digit Co ltd
Original Assignee
Xude Digit Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xude Digit Co ltd filed Critical Xude Digit Co ltd
Priority to CNA2007100868809A priority Critical patent/CN101030239A/en
Publication of CN101030239A publication Critical patent/CN101030239A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

The invention discloses an account management system with a security function and an account management method. The account management system comprises an authentication unit, a certification unit, a portable communication device and an authentication device, wherein the certification unit generates a user password after receiving request information sent by the portable communication device and transmits the user password to the portable communication device and the authentication unit, and the user inputs the user password received by the portable communication device into the authentication device and cooperates with the use of a user account, so that the authentication device can pass through an authentication program of the authentication unit and achieve the aim of connecting with the authentication unit.

Description

具有保密功能的帐户管理系统及帐户管理方法Account management system and account management method with security function

技术领域technical field

本发明涉及一种具有保密功能的帐户管理系统及帐户管理方法,主要是通过发证单位传输的一使用者密码,以达到防止资料外泄的目的。The invention relates to an account management system and an account management method with a secret function, mainly through a user password transmitted by a certificate-issuing unit to prevent information leakage.

背景技术Background technique

随着社会的不断进步,各种交易行为或管理行为也不断地演变。最常见的便是当人们欲从事交易行为或管理行为时,仅需使用代表个人身份的使用者帐户及使用者密码进行登入,即可取得相关的控制及管理权限。例如:操作者欲进行相关的控制及管理权限时,可通过操作面板输入使用者帐户及使用者密码,便可顺利取得操作权限并进行相关资料的管理。With the continuous progress of society, various trading behaviors or management behaviors are also constantly evolving. The most common thing is that when people want to engage in trading or management activities, they only need to log in with a user account and user password representing their personal identity to obtain relevant control and management authority. For example, when the operator wants to perform relevant control and management authority, he can enter the user account and user password through the operation panel, and then he can successfully obtain the operation authority and manage relevant data.

前述的管理权限可应用在国防、在线游戏及金融交易等,并通过正确的使用者帐户及使用者密码进行登入及操作的行为。例如,利用自动柜员机(automated teller machine,ATM)进行金融交易行为时,操作者在自动柜员机输入使用者帐户及使用者密码,以取得操作权限并从事金融交易行为。当然,在线游戏玩家欲从事在线游戏或对其在线游戏帐户进行储值时,也可以一组相应的使用者帐户及通行资料取得相关的权限。The aforementioned management rights can be applied to national defense, online games and financial transactions, etc., and the behavior of logging in and operating through the correct user account and user password. For example, when using an automated teller machine (automated teller machine, ATM) to conduct financial transactions, the operator enters the user account and user password in the automatic teller machine to obtain operation authority and engage in financial transactions. Certainly, when an online game player wants to engage in online games or recharge his online game account, he can also obtain relevant permissions with a set of corresponding user accounts and pass information.

图1为常见的帐户管理系统。该帐户管理系统包括有一认证装置111和一认证单位13,其中,认证单位13包含有一存储装置131,并于存储装置131内储存有复数个使用者密码133和复数个使用者帐户14,其中一个使用者帐户14可定义为一连线使用者帐户141。一般而言连线使用者帐户141和使用者密码133是由使用者事先决定,并储存在认证单位13的存储装置131中。当使用者欲进入认证单位13并取得相关权限时,可由认证装置111输入预先决定的连线使用者帐户141和相对应的使用者密码133,并经由认证装置111将连线使用者帐户141及使用者密码135传送至认证单位13。认证单位13将对认证装置111传送的连线使用者帐户141及使用者密码133进行一认证程序,在确认资料无误后使用者即可取得连线使用者帐户141的相关权限,例如可进一步进行相关资料的操作及管理。Figure 1 is a common account management system. The account management system includes an authentication device 111 and an authentication unit 13, wherein the authentication unit 13 includes a storage device 131, and stores a plurality of user passwords 133 and a plurality of user accounts 14 in the storage device 131, one of which The user account 14 can be defined as a connection user account 141 . Generally speaking, the connection user account 141 and the user password 133 are determined by the user in advance and stored in the storage device 131 of the authentication unit 13 . When the user wants to enter the authentication unit 13 and obtain the relevant authority, the authentication device 111 can input the predetermined connection user account 141 and the corresponding user password 133, and the connection user account 141 and the corresponding user password 133 will be connected through the authentication device 111. The user password 135 is sent to the authentication unit 13 . The authentication unit 13 will carry out an authentication procedure on the connection user account 141 and the user password 133 sent by the authentication device 111. After confirming that the information is correct, the user can obtain the relevant authority of the connection user account 141, for example, further Operation and management of related data.

由于连线使用者帐户141和使用者密码133经常性的储存在认证单位13,无形中提供了骇客对认证单位13进行攻击并取得连线使用者帐户141及相对应的使用者密码133的机会,进而造成使用者的权利遭受损害。一般的认证单位13往往会定期或不定期要求使用者更改连线使用者帐户141及使用者密码133,以防止资料流出所造成的影响,然而这样的方式对资料本身的安全性来说并未有显著的提升。且就多数使用者的使用习惯而言,使用者密码133经常性的变更,将会对使用者带来不必要的麻烦。Since the connection user account 141 and the user password 133 are regularly stored in the authentication unit 13, it is virtually possible for hackers to attack the authentication unit 13 and obtain the connection user account 141 and the corresponding user password 133. opportunities, thereby causing the rights of users to be compromised. The general certification unit 13 often requires the user to change the connection user account 141 and the user password 133 regularly or irregularly to prevent the impact caused by the outflow of data, but such a method is not good for the security of the data itself. There is a significant improvement. And with regard to the usage habit of most users, the regular change of user password 133 will bring unnecessary trouble to the user.

发明内容Contents of the invention

本发明的主要目的是提供一种具有保密功能的帐户管理系统和帐户管理方法,其主要是以一不同的发证单位产生一连线使用者帐户需要的使用者密码,并以该连线使用者帐户及使用者密码登入认证单位,藉此对帐户管理系统进行有效的控管,以防止骇客入侵所造成的资料流失。The main purpose of the present invention is to provide an account management system and an account management method with a security function, which mainly uses a different certification unit to generate a user password required for a connection user account, and use the connection User account and user password to log in to the authentication unit, so as to effectively control the account management system to prevent data loss caused by hacker intrusion.

本发明的次要目的是提供一种具有保密功能的帐户管理方法,其中使用者密码是由发证单位所产生,而连线使用者帐户储存在认证单位,因此骇客必须同时入侵认证单位及发证单位,才可能通过认证单位的认证程序,藉此提高帐户管理系统的安全性。The secondary purpose of the present invention is to provide a method of account management with a security function, wherein the user password is generated by the certification unit, and the account of the connected user is stored in the certification unit, so hackers must simultaneously invade the certification unit and It is possible for the issuing unit to pass the certification procedure of the certification unit, thereby improving the security of the account management system.

本发明的又一目的是提供一种具有保密功能的帐户管理方法,其中发证单位仅在接收到可携式通信装置所发出的请求讯息后,才会即时产生使用者密码,即使骇客侵入发证单位也无法取得使用者密码,可有效提高资料的保密性。Another object of the present invention is to provide an account management method with a security function, wherein the certificate issuing unit will only generate the user password immediately after receiving the request message sent by the portable communication device, even if hackers intrude The certificate-issuing unit cannot obtain the user's password, which can effectively improve the confidentiality of the data.

本发明的又一目的是提供一种具有保密功能的帐户管理方法,其中使用者密码在认证程序完成后便立即失效,即便骇客取得使用者密码也无法反复进行使用,从而保护使用者的权利。Another object of the present invention is to provide an account management method with a security function, wherein the user password becomes invalid immediately after the authentication process is completed, even if a hacker obtains the user password, it cannot be used repeatedly, thereby protecting the user's rights .

本发明的又一目的是提供一种具有保密功能的帐户管理系统,其中发证单位、认证单位、认证装置及可携式通讯装置均设置有至少一编解码器,并可将所传输的资料进行加密和解密,避免在资料传输的过程中造成资料的流失,有效提高资料传输的安全性。Another object of the present invention is to provide an account management system with a security function, wherein the issuing unit, the authenticating unit, the authenticating device and the portable communication device are all provided with at least one codec, and the transmitted data can be Perform encryption and decryption to avoid data loss during data transmission and effectively improve the security of data transmission.

本发明的又一目的是提供一种具有保密功能的帐户管理系统,该帐户管理系统包括可携式通讯装置,可携式通讯装置包括有一资料清除器,可在一定时间内将使用者密码予以清除,以防止使用者密码泄漏。Another object of the present invention is to provide an account management system with a security function. The account management system includes a portable communication device. The portable communication device includes a data clearer, which can clear the user password within a certain period of time. Clear to prevent user password leakage.

本发明的又一目的是提供一种具有保密功能的帐户管理系统,其中发证单位所产生的使用者密码具有一定的使用时效并在一特定时间后失效,以提高使用者帐户的安全性。Another object of the present invention is to provide an account management system with a security function, wherein the user password generated by the issuing unit has a certain time limit and expires after a specific time, so as to improve the security of the user account.

为实现上述目的,本发明采用以下技术方案:本发明提供一种具有保密功能的帐户管理方法,其主要步骤包括:由一可携通讯装置传送一请求讯息至一发证单位;发证单位在接收请求讯息后,产生一使用者密码;将发证单位所产生的使用者密码传送至可携式通讯装置和认证单位;输入连线使用者帐户及可携式通讯装置所接收的使用者密码至认证装置;认证装置与认证单位连线并进行一认证程序。In order to achieve the above object, the present invention adopts the following technical solutions: the present invention provides a method for account management with a security function, the main steps of which include: sending a request message from a portable communication device to a certificate issuing unit; After receiving the request message, generate a user password; send the user password generated by the issuing unit to the portable communication device and the certification unit; enter the connection user account and the user password received by the portable communication device to the authentication device; the authentication device connects with the authentication unit and performs an authentication procedure.

又,本发明还提供一种具有保密功能的帐户管理方法,其主要步骤包括:一发证单位在一单位时间间隔内产生一使用者密码;将发证单位所产生的使用者密码传送至一可携式通讯装置及一认证单位;输入一连线使用者帐户及可携式通讯装置所接收的使用者密码至认证装置;认证装置与认证单位连线并进行一认证程序。Moreover, the present invention also provides an account management method with a confidentiality function, the main steps of which include: a certificate issuing unit generates a user password within a unit time interval; the user password generated by the certificate issuing unit is transmitted to a A portable communication device and an authentication unit; input a connected user account and a user password received by the portable communication device to the authentication device; the authentication device connects with the authentication unit and performs an authentication procedure.

本发明还提供一种具有保密功能的帐户管理方法,其主要步骤包括:一可携式通讯装置产生一使用者密码;将可携式通讯装置所产生的使用者密码传送至一认证单位;输入一连线使用者帐户及可携式通讯装置所产生的使用者密码至一认证装置;认证装置与认证单位连线并进行一认证程序。The present invention also provides an account management method with a security function, the main steps of which include: a portable communication device generating a user password; sending the user password generated by the portable communication device to an authentication unit; inputting A connection user account and a user password generated by the portable communication device are sent to an authentication device; the authentication device connects with the authentication unit and performs an authentication procedure.

本发明还提供一种具有保密功能的帐户管理系统,其主要包括:一认证单位,包括有一用以储存复数个使用者帐户的存储装置,并定义其中一使用者帐户为一连线使用者帐户,而以认证单位进行一认证程序;一发证单位,通过第一连接线路与认证单位相连接,发证单位包括有一使用者密码产生器,使用者密码产生器将依据一请求讯息而产生一与连线使用者帐户相对应的使用者密码,并将使用者密码经由第一连接线路传送至认证单位;及一用户端,用户端通过第二连接线路与发证单位相连接,其包括有一认证装置及一可携式通讯装置,可携式通讯装置用以向发证单位传送请求信息,使发证单位产生使用者密码,并经第二连接线路传送至可携式通讯装置,认证装置将依据使用者密码及连线使用者帐户与认证单位连线以进行认证程序。The present invention also provides an account management system with a security function, which mainly includes: an authentication unit, including a storage device for storing a plurality of user accounts, and defining one of the user accounts as a connection user account , and carry out an authentication procedure with the authentication unit; a certificate issuing unit is connected with the authentication unit through the first connection line, the certificate issuing unit includes a user password generator, and the user password generator will generate a request message according to a request message The user password corresponding to the connection user account, and the user password is transmitted to the certification unit through the first connection line; and a user terminal, which is connected to the certification unit through the second connection line, which includes a The authentication device and a portable communication device, the portable communication device is used to transmit the request information to the certificate issuing unit, so that the certificate issuing unit generates the user password, and transmits it to the portable communication device through the second connection line, the authentication device The authentication process will be performed by connecting with the authentication unit based on the user password and the connection user account.

本发明还提供一种具有保密功能的帐户管理系统,其主要包括有:一认证单位,包括有一用以储存复数个使用者帐户的存储装置,并定义其中一使用者帐户为一连线使用者帐户,以认证单位进行一认证程序;一发证单位,通过第一连接线路与认证单位相连接,其包括有一使用者密码产生器,使用者密码产生器将在一单位时间间隔内产生一与连线使用者帐户相对应的使用者密码,并将使用者密码经由第一连接线路传送至认证单位;及一用户端,通过第二连接线路与发证单位相连接,其包括有一认证装置及一可携式通讯装置,发证单位经由第二连接电路而将使用者密码传送至可携式通讯装置,认证装置将依据使用者密码及连线使用者帐户与认证单位连线以进行认证程序。The present invention also provides an account management system with a security function, which mainly includes: an authentication unit, including a storage device for storing a plurality of user accounts, and defining one of the user accounts as a connected user The account is to carry out an authentication program with the authentication unit; a certificate issuing unit is connected with the authentication unit through the first connection line, which includes a user password generator, and the user password generator will generate a and Connect the user password corresponding to the user account, and transmit the user password to the authentication unit through the first connection line; and a user terminal, connected to the certificate issuing unit through the second connection line, which includes an authentication device and A portable communication device, the issuing unit transmits the user password to the portable communication device through the second connection circuit, and the authentication device will connect with the authentication unit according to the user password and the connection user account to perform the authentication procedure .

本发明还提供一种具有保密功能的帐户管理系统,其主要包括有:一认证单位,包括有一用以储存复数个使用者帐户的存储装置,并定义其中一使用者帐户为一连线使用者帐户,而以认证单位进行一认证程序;及一用户端,用户端与发证单位相连接,并包括有一认证装置及一可携式通讯装置,其中,可携式通讯装置包含有一使用者密码产生器,并以使用者密码产生器产生一与连线使用者帐户相对应的使用者密码,再将使用者密码传送至认证装置,认证装置将依据使用者密码及连线使用者帐户与认证单位连线以进行认证程序。The present invention also provides an account management system with a security function, which mainly includes: an authentication unit, including a storage device for storing a plurality of user accounts, and defining one of the user accounts as a connected user account, and an authentication procedure is carried out by the authentication unit; and a user terminal, which is connected with the certification unit, and includes an authentication device and a portable communication device, wherein the portable communication device includes a user password Generator, and use the user password generator to generate a user password corresponding to the connection user account, and then send the user password to the authentication device, the authentication device will use the user password and the connection user account to authenticate The unit is wired for the authentication process.

附图说明Description of drawings

图1是常见的帐户管理系统系统连接示意图;Figure 1 is a schematic diagram of the system connection of a common account management system;

图2是本发明具有保密功能的帐户管理系统一较佳实施例系统连接示意图;Fig. 2 is a schematic diagram of the system connection of a preferred embodiment of the account management system with a security function in the present invention;

图3是本发明帐户管理方法一较佳实施例的流程图;Fig. 3 is a flowchart of a preferred embodiment of the account management method of the present invention;

图4是本发明帐户管理系统又一实施例系统连接示意图;Fig. 4 is a schematic diagram of the system connection of another embodiment of the account management system of the present invention;

图5是本发明帐户管理方法又一实施例的流程图;Fig. 5 is a flowchart of another embodiment of the account management method of the present invention;

图6是本发明帐户管理系统又一实施例系统连接示意图;Fig. 6 is a schematic diagram of system connection in another embodiment of the account management system of the present invention;

图7是本发明帐户管理方法又一实施例的流程图;Fig. 7 is a flowchart of another embodiment of the account management method of the present invention;

图8是本发明帐户管理系统又一实施例系统统连接示意图。Fig. 8 is a schematic diagram of system connection of another embodiment of the account management system of the present invention.

具体实施方式Detailed ways

首先,请参阅图2和图3。图2、图3分别为本发明具有保密功能的帐户管理系统的系统连接示意图和帐户管理方法流程图。如图所示,帐户管理系统20包括有一认证单位23、一发证单位25和一用户端21,其中用户端21包含有一认证装置211及一可携式通讯装置22。发证单位25通过第一连接线路261与认证单位23相连接,并通过第二连接线路263与可携式通讯装置22相连接,以进行发证单位25与可携式通讯装置22及认证单位23之间的资料传输,认证装置211是以第三连接线路265与认证单位23连接,且第一连接线路261、第二连接线路263及第三连接线路265均可为一有线或无线的传输线路。First, see Figures 2 and 3. Fig. 2 and Fig. 3 are the system connection schematic diagram and the account management method flowchart of the account management system with security function of the present invention respectively. As shown in the figure, the account management system 20 includes an authentication unit 23 , a certificate issuing unit 25 and a client terminal 21 , wherein the client terminal 21 includes an authentication device 211 and a portable communication device 22 . The issuing unit 25 is connected with the certification unit 23 through the first connection line 261, and is connected with the portable communication device 22 through the second connection line 263, so that the certification unit 25, the portable communication device 22 and the certification unit 23, the authentication device 211 is connected to the authentication unit 23 through the third connection line 265, and the first connection line 261, the second connection line 263 and the third connection line 265 can all be a wired or wireless transmission line.

认证单位23包括有一存储装置231,该存储装置231储存有复数个使用者帐户24及/或至少一使用者密码253,以达到认证单位23进行认证程序的目的。发证单位25则包括有一使用者密码产生器251,并以该使用者密码产生器251产生使用者密码253,再将使用者密码253进行传送。The authentication unit 23 includes a storage device 231 , and the storage device 231 stores a plurality of user accounts 24 and/or at least one user password 253 for the purpose of the authentication unit 23 performing an authentication procedure. The issuing unit 25 includes a user password generator 251, and uses the user password generator 251 to generate a user password 253, and then transmits the user password 253.

本发明所述的帐户管理方法如下,请同时参阅图2和图3,在本发明实施例中,发证单位25的使用者密码253的产生主要是由可携式通讯装置22触发,使用者通过可携式通讯装置22产生一请求信号(未显示),经第二连接线路263将请求信息传送至发证单位25,如步骤31所示。发证单位25的使用者密码产生器251在接收到此请求信息后,将对可携式通讯装置22进行辨识并产生一相对应的使用者密码253,如步骤33所示。The account management method of the present invention is as follows, please refer to Fig. 2 and Fig. 3 at the same time, in the embodiment of the present invention, the generation of the user password 253 of the issuing unit 25 is mainly triggered by the portable communication device 22, and the user A request signal (not shown) is generated by the portable communication device 22 , and the request information is sent to the certificate issuing unit 25 via the second connection line 263 , as shown in step 31 . After receiving the request message, the user password generator 251 of the issuing unit 25 will identify the portable communication device 22 and generate a corresponding user password 253 , as shown in step 33 .

在使用者密码产生器251完成使用者密码253的产生动作后,发证单位25会将使用者密码253经第二连接线路263传输到可携式通讯装置22,并将使用者密码253由第一连接线路261传送至认证单位23,如步骤35所示。例如,当可携式通讯装置22为一行动电话时,发证单位25可对行动电话的号码或SIM卡编号进行辨识,以传送相对应于可携式通讯装置22的使用者密码253。After the user password generator 251 finishes generating the user password 253, the issuing unit 25 will transmit the user password 253 to the portable communication device 22 through the second connection line 263, and transfer the user password 253 from the second connection line 263 to the portable communication device 22. A connection line 261 is sent to the authentication unit 23, as shown in step 35. For example, when the portable communication device 22 is a mobile phone, the issuing unit 25 can identify the number of the mobile phone or the SIM card number to transmit the user password 253 corresponding to the portable communication device 22 .

认证单位23在接收到使用者密码253后,会将使用者密码253储存在认证单位23内部的存储装置231内,且该使用者密码253对应于原本便储存在存储装置231的一连线使用者帐户241,例如,在存储装置231内储存有复数个使用者帐户24,而在复数个使用者帐户24当中是可定义其中一个使用者帐户为一连线使用者帐户241,该连线使用者帐户241与该使用者密码253相对应,换言之,使用者必须输入相对应的连线使用者帐户241及使用者密码253,才可以通过认证单位23的认证程序,并进一步取得后续的资料管理及使用权限。After receiving the user password 253, the authentication unit 23 will store the user password 253 in the internal storage device 231 of the authentication unit 23, and the user password 253 corresponds to a connection that was originally stored in the storage device 231. or account 241, for example, a plurality of user accounts 24 are stored in the storage device 231, and among the plurality of user accounts 24, one of the user accounts can be defined as a connection user account 241, the connection uses The user account 241 corresponds to the user password 253. In other words, the user must enter the corresponding online user account 241 and user password 253 to pass the authentication procedure of the authentication unit 23 and further obtain subsequent data management. and usage rights.

使用者密码253在回传至可携式通讯装置22后,将暂存在可携式通讯装置22上,使用者将通过可携式通讯装置22得知使用者密码253。例如,可携式通讯装置22可为一行动电话或个人数位助理(Personal Digital Assistant,PDA),而认证装置211可选择为一自动柜员机、电脑及键盘等具有输入功能的装置。使用者可将可携式通讯装置22所接收的使用者密码253,及与该使用者密码253相对应的连线使用者帐户241输入认证装置211,如步骤37所示。After the user password 253 is sent back to the portable communication device 22 , it will be temporarily stored on the portable communication device 22 , and the user will know the user password 253 through the portable communication device 22 . For example, the portable communication device 22 can be a mobile phone or a personal digital assistant (Personal Digital Assistant, PDA), and the authentication device 211 can be selected as an automatic teller machine, a computer, a keyboard and other devices with input functions. The user can input the user password 253 received by the portable communication device 22 and the connection user account 241 corresponding to the user password 253 into the authentication device 211 , as shown in step 37 .

认证装置21将通过第三连接线路265与认证单位23进行连线,并以认证单位23进行认证程序,该连线使用者帐户241及使用者密码253将以无线或有线的方式传送至认证单位23,待认证单位23接收到认证装置211所传送的连线使用者帐户241及使用者密码253后,将进一步与储存在存储装置231内部的连线使用者帐户241及使用者密码253进行比对,而对认证装置211所传送的连线使用者帐户241及使用者密码253进行认证程序,例如比对资料是否相同,如步骤39所示。藉此,使用者将可以通过使用者密码253的取得,并配合原本使用者所记忆的连线使用者帐户241进入并通过认证单位23的认证程序。The authentication device 21 will be connected with the authentication unit 23 through the third connection line 265, and the authentication procedure will be performed by the authentication unit 23, and the connected user account 241 and the user password 253 will be transmitted to the authentication unit in a wireless or wired manner 23. After the authentication unit 23 receives the connection user account 241 and user password 253 sent by the authentication device 211, it will further compare with the connection user account 241 and user password 253 stored in the storage device 231. Yes, and perform an authentication procedure on the connection user account 241 and user password 253 sent by the authentication device 211 , such as comparing whether the data are the same, as shown in step 39 . In this way, the user can enter and pass the authentication procedure of the authentication unit 23 through the acquisition of the user password 253 and cooperate with the connection user account 241 originally memorized by the user.

在以认证单位23进行认证程序时,连线使用者帐户241必须要与特定的使用者密码253进行搭配才可通过认证程序,例如,连线使用者帐户241与使用者密码253相对应。而在本发明实施例中,使用者密码253及连线使用者帐户241并不会经常性的储存于同一装置上。因此,骇客必须同时入侵认证单位23及可携式通讯装置22,才可取得使用者密码253及连线使用者帐户241,从而有效地防止骇客通过认证单位23的认证程序。When using the authentication unit 23 to perform the authentication procedure, the connection user account 241 must be matched with a specific user password 253 to pass the authentication procedure. For example, the connection user account 241 corresponds to the user password 253 . However, in the embodiment of the present invention, the user password 253 and the connection user account 241 are not always stored on the same device. Therefore, the hacker must invade the authentication unit 23 and the portable communication device 22 at the same time to obtain the user password 253 and the connection user account 241, thereby effectively preventing the hacker from passing through the authentication procedure of the authentication unit 23.

且,在可携式通讯装置22传送请求信息至发证单位25后,发证单位25的使用者密码产生器251才会产生使用者密码253。即,认证单位23、发证单位25、认证装置211及可携式通讯装置22上皆不会经常性的储存有使用者密码253。只有在可携式通讯装置22发出要求的请求信息后,使用者密码产生器251才会进行使用者密码253的产生,并将所产生的使用者密码253进行传输,因此,即使骇客侵入发证单位25也无法顺利取得使用者密码253。Moreover, the user password generator 251 of the certificate issuing unit 25 will generate the user password 253 after the portable communication device 22 sends the request message to the certificate issuing unit 25 . That is, the authentication unit 23 , the certificate issuing unit 25 , the authentication device 211 and the portable communication device 22 do not always store the user password 253 . Only after the portable communication device 22 sends the required request information, the user password generator 251 will generate the user password 253, and transmit the generated user password 253, therefore, even if hackers invade the sending The certification unit 25 also cannot obtain the user password 253 smoothly.

在本发明实施例中,使用者密码253为一仅能使用一次的使用者密码253,并使得使用者密码253在认证程序完成后失效。换言之,使用者密码253是在使用者操作可携式通讯装置22后产生,并于认证装置211输入连线使用者帐户241及使用者密码253,以通过认证单位23的认证程序后失效。藉此,防止骇客取得使用者密码253,从而获得连线使用者帐户241的存取权限,即使骇客通过侧录传输资料方式取得连线使用者帐户241及相对应的使用者密码253,其所侧录的资料也无法使用。此外,在认证过程当中,在同一时间内认证单位23仅允许以一组相同的连线使用者帐户241及相对应的使用者密码253进行登入,以提高帐户管理系统20的安全性。In the embodiment of the present invention, the user password 253 is a user password 253 that can only be used once, and makes the user password 253 invalid after the authentication procedure is completed. In other words, the user password 253 is generated after the user operates the portable communication device 22 , and enters the connection user account 241 and the user password 253 into the authentication device 211 to pass the authentication procedure of the authentication unit 23 and becomes invalid. In this way, hackers are prevented from obtaining the user password 253, thereby obtaining the access authority of the connection user account 241, even if the hacker obtains the connection user account 241 and the corresponding user password 253 by skimming transmission data, The data recorded by it cannot be used. In addition, during the authentication process, the authentication unit 23 only allows the same set of online user accounts 241 and corresponding user passwords 253 to log in at the same time, so as to improve the security of the account management system 20 .

前述的系统可使用于多种需要使用者帐户24以取得存取权限的系统架构。例如:在线游戏的认证单位23(即伺服器)可预先储存有复数个使用者帐户24,当使用者(即玩家)欲以其中一连线使用者帐户241登入游戏介面以取得游戏权限或是进行储值时,需经由可携式通讯装置22(例如:行动电话)连接发证单位25,并对发证单位25发出要求请求信息,此时,发证单位25的使用者密码产生器251将会产生与使用者帐户相对应的使用者密码253,并将使用者密码253分别传送至可携式通讯装置22及认证单位23。当使用者收到使用者密码253后,可于认证装置211(例如:电脑)输入连线使用者帐户241及使用者密码253,并与认证单位23连线以进行认证程序。The foregoing system can be used in a variety of system architectures that require a user account 24 to gain access. For example: the authentication unit 23 (i.e. the server) of the online game can store a plurality of user accounts 24 in advance, when the user (i.e. the player) wants to log in the game interface with one of the online user account 241 to obtain the game authority or When storing value, it is necessary to connect the issuing unit 25 via the portable communication device 22 (such as a mobile phone), and send a request request message to the issuing unit 25. At this time, the user password generator 251 of the issuing unit 25 A user password 253 corresponding to the user account will be generated, and the user password 253 will be sent to the portable communication device 22 and the authentication unit 23 respectively. After receiving the user password 253, the user can enter the connection user account 241 and the user password 253 in the authentication device 211 (for example: a computer), and connect with the authentication unit 23 to perform the authentication procedure.

又,在进行各种金融交易或是帐户管理时,也可使用上述帐户管理系统20的架构进行。金融业者的认证单位23(即伺服器)储存有复数组使用者帐户24。当使用者欲以其中一连线使用者帐户241进行连线以完成后续的金融交易或帐户管理时,需经可携式通讯装置22(例如:行动电话)连接发证单位25,并对发证单位25的使用者密码产生器251发出要求。此时,使用者密码产生器251将产生使用者密码253,并将使用者密码253分别传输至可携式通讯装置22及认证单位23。当使用者收到使用者密码253后,可于认证装置211,例如:自动柜员机(automatedteller machine,ATM)或是电脑系统输入连线使用者帐户241及相对应的使用者密码253,并将认证单位23连线以通过认证程序。In addition, various financial transactions or account management can also be performed using the structure of the account management system 20 described above. The authentication unit 23 (that is, the server) of the financial company stores a plurality of user accounts 24 . When the user intends to connect with one of the online user accounts 241 to complete subsequent financial transactions or account management, he needs to connect to the issuing unit 25 through a portable communication device 22 (such as a mobile phone), and send The user code generator 251 of the certificate unit 25 sends a request. At this time, the user password generator 251 will generate the user password 253 and transmit the user password 253 to the portable communication device 22 and the authentication unit 23 respectively. After the user receives the user password 253, he can enter the connection user account 241 and the corresponding user password 253 at the authentication device 211, such as an automatic teller machine (automated teller machine, ATM) or a computer system, and authenticate Unit 23 is wired to pass the certification process.

当然,前述的系统也可应用于国防机密的控管,或是其他需要经由连线使用者帐户241及使用者密码253进行登入权限画分的各种系统中,在此便不加以赘述。Of course, the above-mentioned system can also be applied to the control and management of national defense secrets, or other various systems that need to divide the login authority through the connection user account 241 and the user password 253 , and will not be described in detail here.

发证单位25、认证单位23、可携式通讯装置22及/或认证装置211均包括有至少一编解码器,并在使用者密码253传输前进行加密。例如,在发证单位25上设置有一编解码器255;认证单位23上设置有一编解码器235;认证装置211上设置有一编解码器215;可携式通讯装置22上设置有一编解码器225。上述的编解码器215、225、235、255是用以将传输的资料进行加密,并对所接收的资料进行解密,以提高资料在传输过程的安全性。The issuing unit 25 , the authenticating unit 23 , the portable communication device 22 and/or the authenticating device 211 all include at least one codec, and encrypt the user password 253 before transmission. For example, a codec 255 is provided on the issuing unit 25; a codec 235 is provided on the certification unit 23; a codec 215 is provided on the authentication device 211; a codec 225 is provided on the portable communication device 22 . The aforementioned codecs 215, 225, 235, and 255 are used to encrypt the transmitted data and decrypt the received data, so as to improve the security of the data during transmission.

可携式通讯装置22还包括有一资料清除器221,是在可携式通讯装置22接收使用者密码253一间隔时间后,将所接收到的使用者密码253进行清除。此外,发证单位25也可对使用者密码253设定清除权限,并于使用者密码253传输至可携式通讯装置22后,清除使用者密码产生器251所产生的使用者密码253,当然认证单位23及认证装置211也可设定于一时间间隔后将使用者密码235及/或连线使用者帐户241予以清除。例如,该清除步骤是在一间隔时间后将可携式通讯装置22及/或发证单位25的使用者密码253予与清除,也可在完成认证程序后将认证装置211及/或存储装置231所储存的使用者密码235清除。The portable communication device 22 also includes a data clearer 221 for clearing the received user password 253 after the portable communication device 22 receives the user password 253 at an interval. In addition, the certificate issuing unit 25 can also set the clearance authority for the user password 253, and after the user password 253 is transmitted to the portable communication device 22, clear the user password 253 generated by the user password generator 251, of course The authentication unit 23 and the authentication device 211 can also be set to clear the user password 235 and/or the connection user account 241 after a time interval. For example, the clearing step is to clear the user password 253 of the portable communication device 22 and/or the issuing unit 25 after an interval, and also clear the authentication device 211 and/or the storage device after completing the authentication procedure. The stored user password 235 at 231 is cleared.

使用者密码253也可设定一使用时效,使得使用者密码产生器251所产生的使用者密码253在一特定时间后失效,以提高帐户管理系统20的安全性。使用者密码253可选择为一文字资料、数字资料、符号资料、声音资料、影像资料及其组合式其中之一,使用者密码253及相对应的连线使用者帐户241的搭配,将可以通过认证单位23的认证程序,取得相关资料控制及管理的权限。The user password 253 can also be set with a time limit, so that the user password 253 generated by the user password generator 251 becomes invalid after a certain period of time, so as to improve the security of the account management system 20 . The user password 253 can be selected as one of text data, numerical data, symbol data, sound data, video data and combinations thereof, and the combination of the user password 253 and the corresponding connection user account 241 will be able to pass the authentication The authentication procedure of unit 23 obtains the authority of relevant data control and management.

本发明上述的使用者密码产生器251及资料清除器221可选择为由电器元件构成的硬体构件或由计算机软件编写而成,例如,在可携式通讯装置22内部的资料清除器221是以JAVA语言进行编程而成,使资料清除器221具有上述的功能。又,在实际使用帐户管理系统20时,会在短时间内将会有复数个不同的可携式通讯装置22要求发证单位25产生不同的使用者密码253,因此发证单位25将可以同时产生复数个不同的使用者密码253并进行传输。而认证单位23的存储装置231上亦可同时储存有复数笔不同的使用者密码253及相对应的连线使用者帐户241,并同时进行复数笔使用者密码253及连线使用者帐户241的认证程序。The above-mentioned user password generator 251 and data clearer 221 of the present invention can be selected as hardware components composed of electrical components or written by computer software. For example, the data clearer 221 inside the portable communication device 22 is It is programmed with JAVA language, so that the data clearer 221 has the above-mentioned functions. Also, when the account management system 20 is actually used, a plurality of different portable communication devices 22 will require the issuing unit 25 to generate different user passwords 253 in a short period of time, so the issuing unit 25 will be able to simultaneously A plurality of different user passwords 253 are generated and transmitted. And on the storage device 231 of authentication unit 23, also can store multiple different user passwords 253 and corresponding connection user accounts 241 at the same time, and carry out multiple user passwords 253 and connection user accounts 241 at the same time Certification program.

请参阅图4及图5,图4、图5分别为本发明帐户管理系统又一实施例的系统连接示意图及帐户管理方法的流程图。如图所示,帐户管理系统40包括有一认证单位23、一发证单位25及一用户端41,并通过认证单位23进行连线使用者帐户241及使用者密码253的认证程序。Please refer to FIG. 4 and FIG. 5 . FIG. 4 and FIG. 5 are respectively a schematic diagram of system connection and a flow chart of an account management method in another embodiment of the account management system of the present invention. As shown in the figure, the account management system 40 includes an authentication unit 23 , a certificate issuing unit 25 and a client terminal 41 , and the authentication procedure of the connected user account 241 and the user password 253 is performed through the authentication unit 23 .

发证单位25包括有一使用者密码产生器251,该使用者密码产生器251固定在一单位时间间隔内产生使用者密码253,如步骤51所示。在使用者密码253产生后,发证单位25会向认证单位23及用户端41的可携式通讯装置42传送使用者密码253,如步骤53所示,例如,发证单位25的使用者密码产生器251固定每24小时产生一组新的使用者密码253,并由发证单位25将使用者密码253传送至可携式通讯装置42及认证单位23。The issuing unit 25 includes a user password generator 251 , and the user password generator 251 generates a user password 253 within a unit time interval, as shown in step 51 . After the user password 253 is generated, the certificate issuing unit 25 will send the user password 253 to the portable communication device 42 of the authentication unit 23 and the user terminal 41, as shown in step 53, for example, the user password of the certificate issuing unit 25 The generator 251 generates a new set of user passwords 253 every 24 hours, and the issuing unit 25 transmits the user passwords 253 to the portable communication device 42 and the authentication unit 23 .

在可携式通讯装置42接收到使用者密码253后,使用者可以输入连线使用者帐户241及相对应的使用者密码253至认证装置411,如步骤55所示。认证装置411将与认证单位23进行连线,并将所接收的连线使用者帐户241及使用者密码253传送至认证单位23,认证单位23将进行一认证程序,如步骤57所示。After the portable communication device 42 receives the user password 253 , the user can input the connection user account 241 and the corresponding user password 253 to the authentication device 411 , as shown in step 55 . The authentication device 411 will connect with the authentication unit 23, and transmit the received connected user account 241 and user password 253 to the authentication unit 23, and the authentication unit 23 will perform an authentication procedure, as shown in step 57.

在实际应用时,发证单位25必须将不同的使用者密码253传送至不同的可携式通讯装置42,例如,第一可携式通讯装置422...至第n可携式通讯装置428。由于对不同的可携式通讯装置42而言皆具有不同的代码,例如当可携式通讯装置422/.../428为一行动电话时,行动电话号码或SIM卡号码将可以当作不同行动电话的代码,并作为发证单位25发送不同使用者密码253至不同可携式通讯装置42的认证依据。In actual application, the issuing unit 25 must transmit different user passwords 253 to different portable communication devices 42, for example, the first portable communication device 422... to the nth portable communication device 428 . Since different portable communication devices 42 have different codes, for example, when the portable communication device 422/.../428 is a mobile phone, the mobile phone number or SIM card number can be regarded as different The code of the mobile phone is used as the authentication basis for the issuing unit 25 to send different user passwords 253 to different portable communication devices 42 .

又,设置在每一可携式通讯装置422/.../428内的编解码器4252/.../4258的编解码方式皆有所差异,且每一可携式通讯装置422/.../428内的编解码器4252/.../4258皆与发证单位25内的编解码器255相对应,以执行编解码功能。例如:使用者在加入本发明的帐户管理系统30后,可取得一个人化的第一编解码器4252,并将第一编解码器4252设置在第一可携式通讯装置422中。In addition, the encoding and decoding methods of the codecs 4252/.../4258 set in each portable communication device 422/.../428 are different, and each portable communication device 422/. The codecs 4252/.../4258 in ../428 are all corresponding to the codecs 255 in the issuing unit 25 to perform codec functions. For example: after joining the account management system 30 of the present invention, the user can obtain a personalized first codec 4252 and set the first codec 4252 in the first portable communication device 422 .

发证单位25内的编解码器255将依据所欲传输对象的不同,将对使用者密码253进行不同的加密动作,并将加密后的使用者密码253传输至相对应的可携式通讯装置422/.../428,例如,发证单位25的编解码器255将对使用者密码253进行编码,并将编码后的使用者密码253传送至第一可携式通讯装置422,而第一可携式通讯装置422内的第一编解码器4252将在接收到使用者密码253后进行解码的动作,以还原该使用者密码253的原始资料,从而提高资料传输时的安全性,即使骇客在传输过程中取得使用者密码253,或发证单位25在传输使用者密码253的过程中出现错误,亦将因为使用者密码253已经过加密处理,而将使用者密码253泄露的机率降到最低。当然设置在可携式通讯装置422/.../428内的编解码器4252/.../4258可由一硬体装置或一软体程序编写而成,例如,可以是用JAVA语言编写的软件编解码器4252/.../4258。The codec 255 in the issuing unit 25 will perform different encryption actions on the user password 253 according to the different objects to be transmitted, and transmit the encrypted user password 253 to the corresponding portable communication device 422/.../428, for example, the codec 255 of the issuing unit 25 will encode the user password 253, and transmit the encoded user password 253 to the first portable communication device 422, and the second The first codec 4252 in a portable communication device 422 will perform the decoding action after receiving the user password 253, to restore the original data of the user password 253, thereby improving the security during data transmission, even if If a hacker obtains the user password 253 during transmission, or the issuing unit 25 makes an error during the transmission of the user password 253, the probability of leaking the user password 253 will also be due to the fact that the user password 253 has been encrypted. drop to lowest. Of course, the codec 4252/.../4258 set in the portable communication device 422/.../428 can be written by a hardware device or a software program, for example, it can be software written in JAVA language Codec 4252/.../4258.

请参阅图6及图7。图6、图7为本发明具有保密功能的帐户管理系统又一实施例的系统连接示意图及帐户管理方法的方法流程图。如图所示,帐户管理系统60主要包括有一认证单位23及一用户端61,其中用户端61包含有一认证装置611和一可携式通讯装置62,并通过可携式通讯装置62产生一使用者密码623,以进行后续的认证程序。Please refer to Figure 6 and Figure 7. Fig. 6 and Fig. 7 are schematic diagrams of system connection and method flow chart of the account management method of another embodiment of the account management system with security function according to the present invention. As shown in the figure, the account management system 60 mainly includes an authentication unit 23 and a user terminal 61, wherein the user terminal 61 includes an authentication device 611 and a portable communication device 62, and generates a usage information through the portable communication device 62. password 623 for subsequent authentication procedures.

当使用者欲操作帐户管理系统60时,进行可携式通讯装置62的操作,例如,使用者可操作可携式通讯装置62,并以可携式通讯装置62内部所设置的使用者密码产生器621产生一使用者密码623,如步骤71所示。当然,在本发明另一实施例中也可由使用者自行决定使用者密码623。在本发明的另一实施例中,可在使用者操作使用者密码产生器621以产生使用者密码623之前,要求使用者输入一相关的密码,才可以进行使用者密码623的产生。When the user wants to operate the account management system 60, the operation of the portable communication device 62 is carried out. The device 621 generates a user password 623, as shown in step 71. Certainly, in another embodiment of the present invention, the user password 623 can also be determined by the user himself. In another embodiment of the present invention, before the user operates the user password generator 621 to generate the user password 623 , the user is required to input a related password to generate the user password 623 .

在使用者密码623产生后,可将使用者密码623由可携式通讯装置62传送至认证单位23,以有利于认证单位23进行后续的认证程序,如步骤73所示。本发明实施例所述的认证单位23及用户端61的结构及功能大致上与图2所述相同,但,可携式通讯装置62内包含有一使用者密码产生器621,并用以产生一使用者密码623,其中该使用者密码623是对应于连线使用者帐户241。此外在可携式通讯装置62将使用者密码623传送至认证单位23时,也可将一代表可携式通讯装置62的代码一并传输至认证单位23,认证单位23将对可携式通讯装置62进行辨识,并进一步确认使用者密码623的正确性。After the user password 623 is generated, the user password 623 can be transmitted from the portable communication device 62 to the authentication unit 23, so as to facilitate the authentication unit 23 to carry out subsequent authentication procedures, as shown in step 73 . The structures and functions of the authentication unit 23 and the user terminal 61 described in the embodiment of the present invention are substantially the same as those described in FIG. or password 623 , wherein the user password 623 corresponds to the connection user account 241 . In addition, when the portable communication device 62 transmits the user password 623 to the authentication unit 23, a code representing the portable communication device 62 can also be transmitted to the authentication unit 23, and the authentication unit 23 will verify the password of the portable communication device 623. The device 62 performs identification and further confirms the correctness of the user password 623 .

当然,在可携式通讯装置62上也可增设有一编解码器625,并在认证单位23上设置有一相对应的编解码器235。通过编解码器235、625的设置对可携式通讯装置62及认证单位23之间所传送的资料进行加密及解密,例如对使用者密码623进行加密及解密。此外,也可通过编解码器235、625的编码方式不同达到认证单位23对可携式通讯装置62进行辨识的目的,例如,对不同的可携式通讯装置62而言,对使用者密码623进行加密外的方式皆有所差异,藉此,认证单位23将可以依据使用者密码623的编码方式的不同,达到对可携式通讯装置62进行辨识的目的。Of course, a codec 625 can also be added on the portable communication device 62 , and a corresponding codec 235 can be set on the authentication unit 23 . The data transmitted between the portable communication device 62 and the authentication unit 23 is encrypted and decrypted by setting the codec 235 and 625 , for example, the user password 623 is encrypted and decrypted. In addition, the purpose of identifying the portable communication device 62 by the authentication unit 23 can also be achieved through the different coding methods of the codecs 235 and 625. For example, for different portable communication devices 62, the user password 623 The methods other than encryption are different, so that the authentication unit 23 can achieve the purpose of identifying the portable communication device 62 according to the different encoding methods of the user password 623 .

使用者在可携式通讯装置62产生使用者密码623后,可将可携式通讯装置62所显示的使用者密码623及所记忆的连线使用者帐户241输入认证装置611,如步骤75所示。认证装置611会进一步将输入的连线使用者帐户241及相对应的使用者密码623传送至认证单位23,待认证单位23接收连线使用者帐户241及使用者密码623后将进行一认证程序,如步骤77所示。当然可携式通讯装置62也可选择设置有一资料清除器627,用于在可携式通讯装置62将使用者密码623传送至认证单位23后,将使用者密码产生器621所产生的使用者密码623进行清除。After the user generates the user password 623 in the portable communication device 62, the user password 623 displayed on the portable communication device 62 and the connected user account 241 stored in memory can be input into the authentication device 611, as shown in step 75. Show. The authentication device 611 will further transmit the input connection user account 241 and the corresponding user password 623 to the authentication unit 23, and the authentication unit 23 will carry out an authentication procedure after receiving the connection user account 241 and the user password 623 , as shown in step 77. Of course, the portable communication device 62 can also optionally be provided with a data clearer 627, which is used to delete the user password generated by the user password generator 621 after the portable communication device 62 transmits the user password 623 to the authentication unit 23. Password 623 to clear.

由于连线使用者帐户241必须要与相对应的使用者密码623进行搭配,才可以通过认证单位23的认证程序,且所有操作过程皆为即时且在短时间内完成。故,骇客即使同时入侵认证单位23及可携式通讯装置62,也不见得可以顺利取得使用者密码623及连线使用者帐户241。又,使用者密码623可为一仅能使用一次的使用者密码623,并于传输过程中进行加密的步骤,将可以进一步确保帐户管理系统60的安全性。Since the connection user account 241 must be matched with the corresponding user password 623, the authentication procedure of the authentication unit 23 can be passed, and all operations are completed immediately and within a short time. Therefore, even if hackers invade the authentication unit 23 and the portable communication device 62 at the same time, they may not be able to successfully obtain the user password 623 and the connection user account 241 . In addition, the user password 623 can be a user password 623 that can only be used once, and the step of encrypting during transmission will further ensure the security of the account management system 60 .

本发明实施例所述的帐户管理系统60还可选择包括有一监控单位67,监控单位67用以接收可携式通讯装置62所产生的使用者密码623。且监控单位67包含有一存储装置671,并以存储装置671将使用者密码产生器621所产生的使用者密码623及/或相对应的连线使用者帐户241予以储存,以便事后进行查核。监控单位67包含有一编解码器675,以对加密的使用者密码623进行解密。The account management system 60 described in the embodiment of the present invention can also optionally include a monitoring unit 67 for receiving the user password 623 generated by the portable communication device 62 . And the monitoring unit 67 includes a storage device 671, and uses the storage device 671 to store the user password 623 generated by the user password generator 621 and/or the corresponding connection user account 241, so as to check afterwards. The monitoring unit 67 includes a codec 675 to decrypt the encrypted user password 623 .

请参阅图8,图8为本发明具有保密功能的帐户管理系统又一实施例的系统连接示意图。如图所示,本发明所述的帐户管理系统80与图7所述的实施例相异之处在于:本实施例是通过监控单位87将可携式通讯装置62所产生的使用者密码623传送至认证单位23,以提高使用者密码623传输过程的安全性。Please refer to FIG. 8 . FIG. 8 is a system connection diagram of another embodiment of an account management system with a security function according to the present invention. As shown in the figure, the difference between the account management system 80 of the present invention and the embodiment described in FIG. Send it to the authentication unit 23 to improve the security of the user password 623 transmission process.

以上所述,仅为本发明的较佳实施例而已,并非用来限定本发明保护范围,凡依本发明专利范围所述的形状、构造、特征及精神所为的等效变化与修饰,均应包括在本发明申请的专利保护范围之内。The above description is only a preferred embodiment of the present invention, and is not used to limit the protection scope of the present invention. All equivalent changes and modifications based on the shape, structure, characteristics and spirit described in the patent scope of the present invention are all It should be included in the patent protection scope of the application for the present invention.

Claims (21)

1、一种具有保密功能的帐户管理方法,其包括以下步骤:1. An account management method with a confidentiality function, comprising the following steps: 由一可携通讯装置传送一请求信号至一发证单位;Sending a request signal to a certificate issuing unit from a portable communication device; 该发证单位在接收到请求信息后,产生一使用者密码;The certificate issuing unit generates a user password after receiving the request information; 将该发证单位所产生的使用者密码传送至可携式通讯装置及一认证单位;transmit the user password generated by the issuing unit to the portable communication device and an authenticating unit; 输入一连线使用者帐户及该可携式通讯装置所接收的使用者密码至认证装置;input a connection user account and the user password received by the portable communication device into the authentication device; 认证装置与认证单位连线并进行一认证程序。The authentication device is connected with the authentication unit and performs an authentication procedure. 2、根据权利要求1所述的帐户管理方法,其特征在于:所述使用者密码与所述连线使用者帐户相对应。2. The account management method according to claim 1, wherein the user password corresponds to the online user account. 3、根据权利要求1所述的帐户管理方法,其特征在于:该帐户管理方法还包括有一步骤:在该使用者密码传送前进行加密。3. The account management method according to claim 1, characterized in that: the account management method further comprises a step of encrypting the user password before transmission. 4、根据权利要求1所述的帐户管理方法,其特征在于:该帐户管理方法还包括有一清除步骤:清除所述使用者密码。4. The account management method according to claim 1, characterized in that: the account management method further comprises a clearing step: clearing the user password. 5、根据权利要求1所述的帐户管理方法,其特征在于:所述使用者密码在认证程序完成后将会失效。5. The account management method according to claim 1, wherein the user password will become invalid after the authentication procedure is completed. 6、一种具有保密功能的帐户管理方法,其包括以下主要步骤:6. An account management method with a confidentiality function, which includes the following main steps: 一发证单位在一单位时间间隔内产生一使用者密码;A certificate issuing unit generates a user password within a unit time interval; 将该发证单位所产生的使用者密码传送至一可携式通讯装置和一认证单位;transmit the user password generated by the issuing unit to a portable communication device and an authenticating unit; 输入一连线使用者帐户及该可携式通讯装置所接收的使用者密码至认证装置;input a connection user account and the user password received by the portable communication device into the authentication device; 认证装置与认证单位连线并进行一认证程序。The authentication device is connected with the authentication unit and performs an authentication procedure. 7、根据权利要求6所述的帐户管理方法,其特征在于:该帐户管理方法还包括有一清除步骤:清除使用者密码。7. The account management method according to claim 6, characterized in that: the account management method further comprises a clearing step: clearing the user password. 8、根据权利要求6所述的帐户管理方法,其特征在于:所述使用者密码在认证程序完成后将会失效。8. The account management method according to claim 6, wherein the user password will become invalid after the authentication process is completed. 9、一种具有保密功能的帐户管理方法,其包括以下主要步骤:9. An account management method with a confidentiality function, which includes the following main steps: 一可携式通讯装置产生一使用者密码;A portable communication device generates a user password; 将该可携式通讯装置所产生的使用者密码传送至一认证单位;transmit the user password generated by the portable communication device to an authentication unit; 输入一连线使用者帐户及该可携式通讯装置所产生的使用者密码至一认证装置;inputting a connected user account and a user password generated by the portable communication device into an authentication device; 认证装置与认证单位连线并进行一认证程序。The authentication device is connected with the authentication unit and performs an authentication procedure. 10、根据权利要求9所述的帐户管理方法,其特征在于:该帐户管理方法还包括有一清除步骤:清除使用者密码。10. The account management method according to claim 9, characterized in that: the account management method further comprises a clearing step: clearing the user password. 11、根据权利要求9所述的帐户管理方法,其特征在于:所述使用者密码在认证程序完成后将会失效。11. The account management method according to claim 9, wherein the user password will become invalid after the authentication procedure is completed. 12、一种具有保密功能的帐户管理系统,其特征在于:该帐户管理系统包括有:12. An account management system with confidentiality function, characterized in that: the account management system includes: 一认证单位,该认证单位包括有一用以储存复数个使用者帐户的存储装置,并定义其中一使用者帐户为一连线使用者帐户,而以该认证单位进行一认证程序;An authentication unit, the authentication unit includes a storage device for storing a plurality of user accounts, and one of the user accounts is defined as a connection user account, and an authentication procedure is performed with the authentication unit; 一发证单位,通过第一连接线路与认证单位相连接,该发证单位包括有一使用者密码产生器,该使用者密码产生器将依据一请求信息产生一与该连线使用者帐户相对应的使用者密码,并将该使用者密码经由第一连接线路传送至认证单位;及A certificate-issuing unit connected to the certification unit through a first connection line, the certificate-issuing unit includes a user password generator, and the user password generator will generate a password corresponding to the connection user account according to a request message and transmit the user password to the authentication unit via the first connection line; and 一用户端,通过第二连接线路与发证单位相连接,该用户端包括有一认证装置和一可携式通讯装置,该可携式通讯装置用以向所述发证单位传送请求信息,致使发证单位产生使用者密码,并经由第二连接线路传送至可携式通讯装置,认证装置将依据该使用者密码及连线使用者帐户与认证单位连线以进行认证程序。A user terminal is connected to the certificate issuing unit through the second connection line, the user terminal includes an authentication device and a portable communication device, and the portable communication device is used to transmit request information to the certificate issuing unit, so that The certificate-issuing unit generates a user password and transmits it to the portable communication device through the second connection line. The authentication device will connect with the authentication unit according to the user password and the connection user account to perform the authentication procedure. 13、根据权利要求12所述的帐户管理系统,其特征在于:所述使用者密码仅能使用一次。13. The account management system according to claim 12, wherein the user password can only be used once. 14、根据权利要求12所述的帐户管理系统,其特征在于:所述可携式通讯装置还包括有一用以清除使用者密码的资料清除器。14. The account management system according to claim 12, wherein said portable communication device further comprises a data clearer for clearing user passwords. 15、根据权利要求12所述的帐户管理系统,其特征在于:该帐户管理系统还包括有至少一编解码器,该编解码器可选择地设置在所述发证单位、认证单位、认证装置、可携式通讯装置以及其组合式的其中之一。15. The account management system according to claim 12, characterized in that: the account management system further includes at least one codec, and the codec can be selectively set in the certificate issuing unit, the certification unit, and the certification device , a portable communication device and one of its combined types. 16、根据权利要求12所述的帐户管理系统,其特征在于:所述发证单位在将使用者密码传输至所述可携式通讯装置及认证单位后,将使用者密码产生器所产生的使用者密码清除。16. The account management system according to claim 12, characterized in that: the certificate issuing unit transmits the user password generated by the user password generator to the portable communication device and the authentication unit User password cleared. 17、根据权利要求12所述的帐户管理系统,其特征在于:所述认证单位在一时间间隔后将存储装置所储存的使用者密码予以清除。17. The account management system according to claim 12, wherein the authentication unit clears the user password stored in the storage device after a time interval. 18、一种具有保密功能的帐户管理系统,其特征在于:该帐户管理系统包括有:18. An account management system with confidentiality function, characterized in that: the account management system includes: 一认证单位,该认证单位包括有一用以储存复数个使用者帐户的存储装置,并定义其中一使用者帐户为一连线使用者帐户,而以该认证单位进行一认证程序;An authentication unit, the authentication unit includes a storage device for storing a plurality of user accounts, and one of the user accounts is defined as a connection user account, and an authentication procedure is performed with the authentication unit; 一发证单位,通过第一连接线路与所述认证单位相连接,该发证单位包括有一使用者密码产生器,该使用者密码产生器将在一单位时间间隔内产生一与连线使用者帐户相对应的使用者密码,并将该使用者密码经由第一连接线路传送至认证单位;及A certificate-issuing unit is connected to the authentication unit through a first connection line, the certificate-issuing unit includes a user password generator, and the user password generator will generate a connection with the connected user within a unit time interval. the user password corresponding to the account, and transmit the user password to the authentication unit through the first connection line; and 一用户端,通过第二连接线路与发证单位相连接,用户端包括有一认证装置和一可携式通讯装置,所述发证单位经由第二连接电路将使用者密码传送至可携式通讯装置,该认证装置依据使用者密码及连线使用者帐户与认证单位连线以进行认证程序。A user terminal is connected to the certificate issuing unit through the second connection circuit, the user terminal includes an authentication device and a portable communication device, and the certificate issuing unit transmits the user password to the portable communication device through the second connection circuit The authentication device connects with the authentication unit according to the user password and the connection user account to perform the authentication procedure. 19、一种具有保密功能的帐户管理系统,其特征在于:该帐户管理系统包括有:19. An account management system with a confidential function, characterized in that: the account management system includes: 一认证单位,该认证单位包括有一用以储存复数个使用者帐户的存储装置,并定义其中一使用者帐户为一连线使用者帐户,而以该认证单位进行一认证程序;An authentication unit, the authentication unit includes a storage device for storing a plurality of user accounts, and one of the user accounts is defined as a connection user account, and an authentication procedure is performed with the authentication unit; 一用户端,该用户端与发证单位相连接,并包括有一认证装置和一可携式通讯装置,其中,可携式通讯装置包含有一使用者密码产生器,该使用者密码产生器产生一与连线使用者帐户相对应的使用者密码,并将该使用者密码传送至认证装置,认证装置将依据该使用者密码及该连线使用者帐户与认证单位连线以进行认证程序。A user end, the user end is connected with the certificate issuing unit, and includes an authentication device and a portable communication device, wherein the portable communication device includes a user password generator, and the user password generator generates a The user password corresponding to the connection user account, and the user password is sent to the authentication device, and the authentication device will connect with the authentication unit according to the user password and the connection user account to perform the authentication procedure. 20、根据权利要求19所述的帐户管理系统,其特征在于:该帐户管理系统还包括有一与所述可携式通讯装置相连接的监控单位。20. The account management system according to claim 19, characterized in that the account management system further comprises a monitoring unit connected with the portable communication device. 21、根据权利要求19所述的帐户管理系统,其特征在于:所述可携式通讯装置通过一监控装置将使用者密码传送至认证单位。21. The account management system according to claim 19, wherein the portable communication device transmits the user password to the authentication unit through a monitoring device.
CNA2007100868809A 2007-03-21 2007-03-21 Account management system and account management method with security function Pending CN101030239A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNA2007100868809A CN101030239A (en) 2007-03-21 2007-03-21 Account management system and account management method with security function

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNA2007100868809A CN101030239A (en) 2007-03-21 2007-03-21 Account management system and account management method with security function

Publications (1)

Publication Number Publication Date
CN101030239A true CN101030239A (en) 2007-09-05

Family

ID=38715579

Family Applications (1)

Application Number Title Priority Date Filing Date
CNA2007100868809A Pending CN101030239A (en) 2007-03-21 2007-03-21 Account management system and account management method with security function

Country Status (1)

Country Link
CN (1) CN101030239A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101887575A (en) * 2010-07-26 2010-11-17 北京交通大学 A Robust Watermarking Method Against Various Geometric Attacks
CN102663314A (en) * 2012-03-23 2012-09-12 邱漫 Anti-theft and information security protecting method and device for portable terminal
WO2017028171A1 (en) * 2015-08-17 2017-02-23 张焰焰 Method and mobile terminal for authenticating account login via voice and number information
WO2017028249A1 (en) * 2015-08-18 2017-02-23 张焰焰 Method and mobile terminal for logging in to account with voice
WO2017031704A1 (en) * 2015-08-25 2017-03-02 张焰焰 Method and mobile terminal for logging in to account with fingerprint
CN107636722A (en) * 2015-06-10 2018-01-26 株式会社宙连 Management method and management server for utilizing multiple SIM cards

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101887575A (en) * 2010-07-26 2010-11-17 北京交通大学 A Robust Watermarking Method Against Various Geometric Attacks
CN102663314A (en) * 2012-03-23 2012-09-12 邱漫 Anti-theft and information security protecting method and device for portable terminal
CN107636722A (en) * 2015-06-10 2018-01-26 株式会社宙连 Management method and management server for utilizing multiple SIM cards
WO2017028171A1 (en) * 2015-08-17 2017-02-23 张焰焰 Method and mobile terminal for authenticating account login via voice and number information
WO2017028249A1 (en) * 2015-08-18 2017-02-23 张焰焰 Method and mobile terminal for logging in to account with voice
WO2017031704A1 (en) * 2015-08-25 2017-03-02 张焰焰 Method and mobile terminal for logging in to account with fingerprint

Similar Documents

Publication Publication Date Title
US9292665B2 (en) Secure serial number
US9009484B2 (en) Method and system for securing communication
CN102217277B (en) Method and system for token-based authentication
CN110149328B (en) Interface authentication method, device, equipment and computer readable storage medium
KR20180048428A (en) Method for authenticating a user by means of a non-secure terminal
CN1879072A (en) System and method providing disconnected authentication
CN1697367A (en) A method and system for recovering password protected private data via a communication network without exposing the private data
CN1439207A (en) Platforms and methods for establishing verifiable identities while maintaining confidentiality
US10623400B2 (en) Method and device for credential and data protection
CN112653556A (en) TOKEN-based micro-service security authentication method, device and storage medium
CN101030239A (en) Account management system and account management method with security function
CN110650021A (en) Authentication terminal network real-name authentication method and system
CN101924734A (en) Identity authentication method and authentication device based on Web form
CN104753886B (en) It is a kind of to the locking method of remote user, unlocking method and device
CN109981677B (en) Credit granting management method and device
CN112383401A (en) User name generation method and system for providing identity authentication service
CN114070571B (en) Method, device, terminal and storage medium for establishing connection
CN107292133B (en) Artificial intelligence confusion technical method and device
CN116911988B (en) Transaction data processing method, system, computer equipment and storage medium
KR20180048423A (en) Method for securing a transaction performed from a non-secure terminal
CN1801699A (en) Method for accessing cipher device
CN114079568B (en) Information transmission encryption protection method and implementation system thereof
KR20180048425A (en) Method for securely transmitting a secret data to a user of a terminal
KR20180048424A (en) Method for authenticating a user by means of a non-secure terminal
CN114401117A (en) Account login verification system based on block chain

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication