[go: up one dir, main page]

TWI704795B - Login authentication method - Google Patents

Login authentication method Download PDF

Info

Publication number
TWI704795B
TWI704795B TW108110157A TW108110157A TWI704795B TW I704795 B TWI704795 B TW I704795B TW 108110157 A TW108110157 A TW 108110157A TW 108110157 A TW108110157 A TW 108110157A TW I704795 B TWI704795 B TW I704795B
Authority
TW
Taiwan
Prior art keywords
computer
authentication
login
random string
service provider
Prior art date
Application number
TW108110157A
Other languages
Chinese (zh)
Other versions
TW202037111A (en
Inventor
何岳峰
Original Assignee
何六百有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 何六百有限公司 filed Critical 何六百有限公司
Priority to TW108110157A priority Critical patent/TWI704795B/en
Application granted granted Critical
Publication of TWI704795B publication Critical patent/TWI704795B/en
Publication of TW202037111A publication Critical patent/TW202037111A/en

Links

Images

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

A login authentication method provides a key verification code and a corresponding pair of public key and private key being respectively stored in the service provider and an user's computer. When the user login to the service, the service provider gives a random string and a returning signature URL to the user's computer. The user's computer encrypts the random string into a digital signature with a private key, and transmits it to the return signature website for the service provider computer. The service provider computer decrypts with the public key to verify that the random string is correct, and if correct, the user is logged into the service. By the above method, users may login to the service without reciting their account and password. There will be no problem with losing the account and password and the login procedure is simple and highly secure.

Description

登錄認證方法 Login authentication method

本發明涉及一種非對稱金鑰的認證方法,尤其涉及一種登錄時取得字串加密為簽章登錄的登錄認證方法。 The invention relates to an asymmetric key authentication method, in particular to a login authentication method in which a character string obtained during login is encrypted as a signature login.

現有的網路服務,例如電子郵件、社群網站或者即時通訊軟體在登錄服務時,主要是以註冊服務時所得到的帳號與密碼在個人電腦或手機登錄上述的網路服務,帳號通常是設定為使用者的電子郵件信箱,在使用者註冊後服務提供者將對應帳號的密碼寄往使用者的電子郵件信箱,供使用者接收並在序登錄服務時使用。 Existing network services, such as e-mail, social networking sites or instant messaging software, when logging in to the service, the account and password obtained when registering the service are mainly used to log in to the above-mentioned network service on a personal computer or mobile phone. The account is usually set It is the user's email box. After the user is registered, the service provider will send the password of the corresponding account to the user's email box for the user to receive and use when logging in to the service.

由於上述登錄網路服務的方式是以帳號、密碼的方式登錄服務,因此使用者需要在程式或網頁的介面中輸入帳號、密碼才能登錄服務,甚至有些人因為擔心遺忘帳號密碼而將帳號密碼寫在手札或筆記上,如此需要背誦帳號密碼的方式,除了使得登錄服務的過程較為麻煩以外,帳號密碼寫在札記或筆記上也容易被盜取而產生資訊安全上的問題。 Because the above method of logging in to the network service is to log in to the service in the form of account and password, users need to enter the account and password in the interface of the program or webpage to log in to the service. Some people even write the account and password because they are worried about forgetting the account and password. In the notes or notes, such a way of reciting the account and password, in addition to making the process of logging in to the service more troublesome, the account and password written on the notes or notes can also be easily stolen and cause information security problems.

由於現有登錄網路服務的方式需要使用帳號密碼,除了容易遺忘以外也容易被盜取造成安全性問題。為此,本發明利用成對的金鑰配合隨機字串的加解密,能夠達到安全且無需輸入帳號密碼的認證登錄效果。 Since the existing method of logging in to the network service requires the use of an account and password, in addition to being easy to forget, it is also easy to be stolen and cause security problems. For this reason, the present invention utilizes a pair of golden keys to cooperate with encryption and decryption of a random string, which can achieve a secure login effect without the need to input account passwords.

為達到上述目的,本發明提供一種服務提供者電腦端的登錄認證方法,其步驟包括:輸出隨機字串與網址:與一金鑰驗證碼對應的成對私鑰與公鑰分別儲存在一認證登錄電腦以及一服務提供者電腦,該服務提供者電腦提供一服務,該使用者欲於一登錄電腦登錄該服務時,該服務提供者電腦依該使用者要求給予一回傳簽章網址以及一隨機字串;接收數位簽章:該服務提供者電腦由該回傳簽章網址接收該認證登錄電腦回傳的一數位簽章,該數位簽章是該認證登錄電腦以該私鑰將該隨機字串加密而成,由該數位簽章能辨識出將其加密的該私鑰的金鑰驗證碼;以及認證登錄:該服務提供者電腦以對應該金鑰驗證碼的該公鑰解開該數位簽章,驗證該數位簽章內的該隨機字串與該服務提供者電腦給予使用者的該隨機字串是否相同,若相同則允許該使用者在該登錄電腦登錄該服務。 In order to achieve the above objective, the present invention provides a login authentication method on the computer side of a service provider. The steps include: outputting a random string and a website address: a pair of private key and public key corresponding to a key verification code are stored in an authentication login. A computer and a service provider computer. The service provider computer provides a service. When the user wants to log in to the service on a login computer, the service provider computer will give a return signature URL and a random address according to the user’s request String; receiving digital signature: the service provider’s computer receives a digital signature returned by the authentication login computer from the return signature URL, and the digital signature is the random character of the authentication login computer using the private key The key verification code of the private key that encrypted it can be identified by the digital signature; and the authentication login: the service provider computer uses the public key corresponding to the key verification code to unlock the digital Sign, verify whether the random string in the digital signature is the same as the random string given to the user by the service provider computer, and if they are the same, allow the user to log in to the service on the login computer.

較佳的,本發明在所述輸出隨機字串與網址的步驟中,所述服務提供者電腦在所述登錄電腦的一顯示器上顯示一二維條碼,該二維條碼的資訊包含所述的隨機字串與所述的回傳簽章網址,所述使用者在該認證登錄電腦執行一加密認證程式,利用該認證登錄電腦的一鏡頭拍攝、辨識該二維條碼取得該服務提供者電腦給予的該隨機字串與該回傳簽章網址;所述接收數位簽章的步驟中,該數位簽章是該認證登錄電腦執行該加密認證程式以該私鑰將該隨機字串加密而成。 Preferably, in the present invention, in the step of outputting the random string and the URL, the service provider computer displays a two-dimensional bar code on a display of the login computer, and the information of the two-dimensional bar code includes the Random string and the return signature URL, the user executes an encrypted authentication program on the authentication login computer, uses a lens of the authentication login computer to shoot and recognize the two-dimensional barcode to obtain the service provider’s computer In the step of receiving a digital signature, the digital signature is obtained by encrypting the random string with the private key by the authentication login computer executing the encryption authentication program.

較佳的,本發明在所述輸出隨機字串與網址的步驟中,所述服務提供者電腦在所述登錄電腦的一顯示器上顯示所述的隨機字串與所述的回傳簽章網址,所述使用者在該認證登錄電腦執行一加密認證程式並將該隨機字串與該回傳簽章網址輸入該加密認證程式,借此取得該服務提供者電腦給予的該隨 機字串與該回傳簽章網址;所述接收數位簽章的步驟中,該數位簽章是該認證登錄電腦執行該加密認證程式以該私鑰將該隨機字串加密而成。 Preferably, in the present invention, in the step of outputting the random string and the URL, the service provider computer displays the random string and the return signature URL on a display of the login computer , The user executes an encrypted authentication program on the authentication login computer and enters the random string and the return signature URL into the encrypted authentication program, thereby obtaining the random string provided by the service provider computer In the step of receiving the digital signature, the digital signature is obtained by encrypting the random string with the private key by the authentication login computer executing the encryption authentication program.

較佳的,本發明在所述輸出隨機字串與網址的步驟中,所述服務提供者電腦在所述登錄電腦的一顯示器上顯示提供所述使用者輸入的一手機號碼欄位或一電子信箱欄位;當所述認證登錄電腦是手機並且該使用者將手機號碼輸入該手機號碼欄位後,所述服務提供者電腦以簡訊將所述的隨機字串與所述的回傳簽章網址寄給該認證登錄電腦,使該認證登錄電腦取得該服務提供者電腦給予的該隨機字串與該回傳簽章網址;以及當使用者將該認證登錄電腦能接收的電子信箱輸入該電子信箱欄位後,該服務提供者電腦以電子郵件將所述的隨機字串與所述的回傳簽章網址寄給該認證登錄電腦,使該認證登錄電腦取得該服務提供者電腦給予的該隨機字串與該回傳簽章網址;在所述接收數位簽章的步驟中,該數位簽章是該認證登錄電腦執行一加密認證程式以該私鑰將該隨機字串加密而成。 Preferably, in the present invention, in the step of outputting a random string and a website address, the service provider computer displays a mobile phone number field or an electronic device input provided by the user on a display of the login computer. Mailbox field; when the authentication login computer is a mobile phone and the user enters the mobile phone number into the mobile phone number field, the service provider computer will send the random string and the return signature with a text message The website address is sent to the authentication login computer so that the authentication login computer obtains the random string and the return signature URL given by the service provider computer; and when the user enters the electronic mailbox that the authentication login computer can receive into the electronic After the mailbox field, the service provider computer sends the random string and the return signature URL to the authentication login computer by e-mail, so that the authentication login computer obtains the service provider’s computer. A random string and the return signature URL; in the step of receiving a digital signature, the digital signature is obtained by encrypting the random string with the private key by the authentication login computer executing an encryption authentication program.

較佳的,本發明在所述輸出隨機字串與網址的步驟中,所述服務提供者電腦在所述登錄電腦的一顯示器上顯示提供所述使用者輸入的一認證服務網址欄位;所述認證登錄電腦是伺服器並且執行一加密認證程式提供網路上的認證服務,當使用者將該認證服務的認證服務網址輸入該認證服務網址欄位後,該服務提供者電腦以查詢字串的方式將所述的隨機字串與所述的回傳簽章網址重導到認證服務網址,使該認證登錄電腦由該認證服務網址取得該服務提供者電腦給予的該隨機字串與該回傳簽章網址;所述接收數位簽章的步驟中,該數位簽章是該認證登錄電腦執行該加密認證程式以該私鑰將該隨機字串加密而成。 Preferably, in the present invention, in the step of outputting the random string and the URL, the service provider computer displays an authentication service URL field provided by the user on a display of the login computer; The authentication login computer is a server and runs an encrypted authentication program to provide authentication services on the Internet. When the user enters the authentication service URL of the authentication service into the authentication service URL field, the service provider computer can query the string Redirect the random character string and the return signature URL to the authentication service website, so that the authentication service website obtains the random character string and the return pass from the service provider’s computer. Signature URL; in the step of receiving a digital signature, the digital signature is obtained by encrypting the random string with the private key by the authentication login computer executing the encryption authentication program.

本發明又提供一種認證登錄電腦端的登錄認證方法,其步驟包括: 接收隨機字串與網址:與一金鑰驗證碼對應的成對私鑰與公鑰分別儲存在一認證登錄電腦以及一服務提供者電腦,該認證登錄電腦的使用者是該服務提供者電腦提供的一服務的使用者,當該使用者欲於一登錄電腦登錄該服務時,該服務提供者電腦依該使用者的要求給予一回傳簽章網址以及一隨機字串,該認證登錄電腦接收該回傳簽章網址以及該隨機字串;輸出數位簽章:該認證登錄電腦以該私鑰將該隨機字串加密為一數位簽章,由該數位簽章能辨識出將其加密的該私鑰的金鑰驗證碼,將該數位簽章輸出至該回傳簽章網址;以及被認證登錄:該數位簽章被該服務提供者電腦由該回傳簽章網址取得並以對應該金鑰驗證碼的該公鑰解開,若驗證該數位簽章內的該隨機字串與該服務提供者電腦給予使用者的該隨機字串相同,則允許該使用者在該登錄電腦登錄該服務。 The present invention also provides a login authentication method for authenticating a login computer terminal, the steps of which include: Receive random string and URL: the paired private key and public key corresponding to a key verification code are stored in a certified login computer and a service provider computer respectively, and the user of the certified login computer is provided by the service provider computer When a user of a service wants to log in to the service on a login computer, the service provider’s computer will give a postback signature URL and a random string according to the user’s request, and the authentication login computer will receive The return signature URL and the random string; output digital signature: The authentication login computer encrypts the random string into a digital signature with the private key, and the encrypted digital signature can be identified by the digital signature. The key verification code of the private key, the digital signature is output to the return signature URL; and the authenticated login: the digital signature is obtained by the service provider’s computer from the return signature URL and corresponds to the payment The public key of the key verification code is unlocked. If it is verified that the random string in the digital signature is the same as the random string given to the user by the service provider’s computer, the user is allowed to log in to the service on the login computer .

較佳的,本發明在所述接收隨機字串與網址的步驟中,所述服務提供者電腦在所述登錄電腦的一顯示器上顯示一二維條碼,該二維條碼的資訊包含所述的隨機字串與所述的回傳簽章網址,所述使用者在該認證登錄電腦執行一加密認證程式,利用該認證登錄電腦的一鏡頭拍攝、辨識該二維條碼取得該服務提供者電腦給予的該隨機字串與該回傳簽章網址;所述輸出數位簽章的步驟中,該數位簽章是該認證登錄電腦執行該加密認證程式以該私鑰將該隨機字串加密而成。 Preferably, in the step of receiving the random character string and the URL in the present invention, the service provider computer displays a two-dimensional barcode on a display of the login computer, and the information of the two-dimensional barcode includes the Random string and the return signature URL, the user executes an encrypted authentication program on the authentication login computer, uses a lens of the authentication login computer to shoot and recognize the two-dimensional barcode to obtain the service provider’s computer In the step of outputting the digital signature, the digital signature is obtained by encrypting the random string with the private key by the authentication login computer executing the encryption authentication program.

較佳的,本發明在所述接收隨機字串與網址的步驟中,所述服務提供者電腦在所述登錄電腦的一顯示器上顯示所述的隨機字串與所述的回傳簽章網址,所述使用者在該認證登錄電腦執行一加密認證程式並將該隨機字串與該回傳簽章網址輸入該加密認證程式,借此取得該服務提供者電腦給予的該隨 機字串與該回傳簽章網址;所述輸出數位簽章的步驟中,該數位簽章是該認證登錄電腦執行該加密認證程式以該私鑰將該隨機字串加密而成。 Preferably, in the step of receiving the random character string and the website address in the present invention, the service provider computer displays the random character string and the return signature website address on a display of the login computer , The user executes an encrypted authentication program on the authentication login computer and enters the random string and the return signature URL into the encrypted authentication program, thereby obtaining the random string provided by the service provider computer In the step of outputting the digital signature, the digital signature is obtained by encrypting the random string with the private key by the authentication login computer executing the encryption authentication program.

較佳的,本發明在所述接收隨機字串與網址的步驟中,所述服務提供者電腦在所述登錄電腦的一顯示器上顯示提供所述使用者輸入的一手機號碼欄位或一電子信箱欄位;當所述認證登錄電腦是手機並且該使用者將手機號碼輸入該手機號碼欄位後,所述服務提供者電腦以簡訊將所述的隨機字串與所述的回傳簽章網址寄給該認證登錄電腦,使該認證登錄電腦取得該服務提供者電腦給予的該隨機字串與該回傳簽章網址;以及當使用者將該認證登錄電腦能接收的電子信箱輸入該電子信箱欄位後,該服務提供者電腦以電子郵件將所述的隨機字串與所述的回傳簽章網址寄給該認證登錄電腦,使該認證登錄電腦取得該服務提供者電腦給予的該隨機字串與該回傳簽章網址;在所述輸出數位簽章的步驟中,該數位簽章是該認證登錄電腦執行一加密認證程式以該私鑰將該隨機字串加密而成。 Preferably, in the step of receiving a random string and a website address in the present invention, the service provider computer displays a mobile phone number field or an electronic device input provided by the user on a display of the login computer. Mailbox field; when the authentication login computer is a mobile phone and the user enters the mobile phone number into the mobile phone number field, the service provider computer will send the random string and the return signature with a text message The website address is sent to the authentication login computer so that the authentication login computer obtains the random string and the return signature URL given by the service provider computer; and when the user enters the electronic mailbox that the authentication login computer can receive into the electronic After the mailbox field, the service provider computer sends the random string and the return signature URL to the authentication login computer by e-mail, so that the authentication login computer obtains the service provider’s computer. Random string and the return signature URL; in the step of outputting the digital signature, the digital signature is obtained by encrypting the random string with the private key by the authentication login computer executing an encryption authentication program.

較佳的,本發明在所述接收隨機字串與網址的步驟中,所述服務提供者電腦在所述登錄電腦的一顯示器上顯示提供所述使用者輸入的一認證服務網址欄位;所述認證登錄電腦是伺服器並且執行一加密認證程式提供網路上的認證服務,當使用者將該認證服務的認證服務網址輸入該認證服務網址欄位後,該服務提供者電腦以查詢字串的方式將所述的隨機字串與所述的回傳簽章網址重導到認證服務網址,使該認證登錄電腦由該認證服務網址取得該服務提供者電腦給予的該隨機字串與該回傳簽章網址;所述輸出數位簽章的步驟中,該數位簽章是該認證登錄電腦執行該加密認證程式以該私鑰將該隨機字串加密而成。 Preferably, in the step of receiving the random string and the URL in the present invention, the service provider computer displays an authentication service URL field input by the user on a display of the login computer; The authentication login computer is a server and runs an encrypted authentication program to provide authentication services on the Internet. When the user enters the authentication service URL of the authentication service into the authentication service URL field, the service provider computer can query the string Redirect the random character string and the return signature URL to the authentication service website, so that the authentication service website obtains the random character string and the return pass from the service provider’s computer. Signature URL; in the step of outputting a digital signature, the digital signature is obtained by encrypting the random string with the private key by the authentication login computer executing the encryption authentication program.

本發明的功效在於,透過本發明的方法能讓服務提供者電腦給予認證登錄電腦隨機字串與回傳簽章網址,利用私鑰加密隨機字串為數位簽章 後,回傳至該回傳簽章網址供服務提供者電腦取得並進行使用者的身份驗證,過程加密且能在當下由隨機字串的比對,確認請求登錄服務者是否是對應金鑰驗證碼的該服務的使用者,讓使用者無需在登錄電腦輸入帳號、密碼,即可由成對的公鑰、私鑰加解密該隨機字串的方式,讓使用者在任一登錄電腦上登錄該服務,避免背誦帳號、密碼的不便以及帳號、密碼容易遺失可能造成的安全性問題。 The effect of the present invention is that, through the method of the present invention, the computer of the service provider can give authentication to log in the computer random string and return the signature URL, and use the private key to encrypt the random string as a digital signature. Then, return to the return signature URL for the service provider’s computer to obtain and verify the user’s identity. The process is encrypted and can be compared with a random string at the moment to confirm whether the requester to log in to the service is verified by the corresponding key. The user of this service can use the paired public key and private key to encrypt and decrypt the random string without entering the account and password on the login computer, allowing the user to log in to the service on any login computer , To avoid the inconvenience of reciting account numbers and passwords and the security problems that may be caused by easy loss of account numbers and passwords.

S01:步驟 S01: Step

S02:步驟 S02: Step

S03:步驟 S03: Step

S04:步驟 S04: Step

S05:步驟 S05: Step

S06:步驟 S06: Step

10:服務 10: service

11:服務提供者電腦 11: Service provider computer

12:認證登錄電腦 12: Authentication login computer

121:加密認證程式 121: Encryption Authentication Program

122:鏡頭 122: lens

13:登錄電腦 13: Log in to the computer

131:顯示器 131: Display

132:登錄時限 132: Login time limit

14:二維條碼 14: Two-dimensional barcode

141:隨機字串 141: Random string

142:回傳簽章網址 142: Return signature URL

20:公鑰 20: public key

21:私鑰 21: Private key

A:服務提供者 A: Service provider

B:使用者 B: User

C:數位簽章 C: digital signature

30:手機號碼欄位 30: Mobile phone number field

31:電子信箱欄位 31: E-mail field

32:認證服務網址欄位 32: Authentication service URL field

圖1是本發明第一較佳實施例方法的示意圖。 Fig. 1 is a schematic diagram of the method of the first preferred embodiment of the present invention.

圖2是本發明第一較佳實施例該服務提供者端的流程圖。 Fig. 2 is a flowchart of the service provider side of the first preferred embodiment of the present invention.

圖3是本發明第一較佳實施例該使用者端的流程圖。 Fig. 3 is a flowchart of the user end of the first preferred embodiment of the present invention.

圖4是本發明第二較佳實施例方法的示意圖。 Fig. 4 is a schematic diagram of a method according to a second preferred embodiment of the present invention.

圖5是本發明第三較佳實施例方法的示意圖。 Figure 5 is a schematic diagram of the third preferred embodiment of the present invention.

為能詳細瞭解本發明的技術特徵及實用功效,並可依照說明書的內容來實施,進一步以如圖式所示的較佳實施例,詳細說明如下。 In order to understand the technical features and practical effects of the present invention in detail, and implement it according to the content of the specification, the preferred embodiment shown in the figure is further described in detail as follows.

請參看如圖1至圖3所示的本發明第一較佳實施例,是提供一種登錄認證方法,用以登錄一服務提供者A提供的網路的服務10,例如電子郵件、社群網站、即時通訊軟體、購物網站、集資網站或網路論壇的服務。 Please refer to the first preferred embodiment of the present invention shown in FIGS. 1 to 3, which provides a login authentication method for logging in a service 10 provided by a service provider A on the Internet, such as e-mail, social networking sites , Instant messaging software, shopping websites, fund-raising websites or online forums.

上述的服務10是架設在一服務提供者電腦11,例如伺服器或雲端的虛擬伺服器,當一使用者B註冊該服務時是先以一認證登錄電腦12例如手機或平板,以該認證登錄電腦12網路瀏覽器執行的加解密程式,或預先安裝在該認 證登錄電腦12的一加密認證程式121連上該服務10進行帳號的註冊,在註冊過程中產生與一金鑰驗證碼(Key ID)對應且成對的公鑰20與私鑰21,其中公鑰20儲存在該服務提供者電腦11,該服務提供者A能以該金鑰驗證碼辨識該使用者B的身分以及對應該使用者B的公鑰20,該私鑰21則儲存在該認證登錄電腦12而能供該加密認證程式121使用。 The above-mentioned service 10 is set up on a service provider computer 11, such as a server or a virtual server in the cloud. When a user B registers for the service, he first logs in to the computer 12 such as a mobile phone or tablet, and logs in with the certificate. The encryption and decryption program executed by the Internet browser of the computer 12, or pre-installed in the authentication An encrypted authentication program 121 of the certificate login computer 12 connects to the service 10 to register an account. During the registration process, a pair of public key 20 and private key 21 corresponding to a Key ID is generated, where the public key is The key 20 is stored in the service provider computer 11, the service provider A can identify the identity of the user B and the public key 20 corresponding to the user B with the key verification code, and the private key 21 is stored in the certificate The computer 12 is logged in and can be used by the encrypted authentication program 121.

如圖1至圖2所示,在使用者B註冊該服務10之後,本較佳實施例的該服務提供者A接受使用者B登錄該服務10的步驟S01至步驟S03包括: As shown in Figures 1 to 2, after user B registers for the service 10, the service provider A of this preferred embodiment accepts user B to log on to the service 10, steps S01 to S03 include:

(S01)輸出隨機字串與網址:與一金鑰驗證碼(Key ID)對應的成對私鑰21與公鑰20已分別儲存在該認證登錄電腦12以及該服務提供者電腦11,該服務提供者電腦11提供一網路的服務10,該認證登錄電腦12執行一加密認證程式121。 (S01) Output random string and URL: the paired private key 21 and public key 20 corresponding to a key verification code (Key ID) have been stored in the authentication login computer 12 and the service provider computer 11, respectively, the service The provider computer 11 provides a network service 10, and the authentication login computer 12 executes an encrypted authentication program 121.

當使用者B要在某一登錄電腦13透過網路登錄該服務10時,該服務提供者電腦11依使用者B在該登錄電腦13上的要求,例如在該登錄電腦13的網路瀏覽器登錄該服務10時觸發登錄的要求,使得該服務提供者電腦11在一登錄時限132,例如90秒內於該登錄電腦13的顯示器131上顯示一二維條碼14,例如QR Code,該二維條碼14的資訊包含一隨機字串141與一回傳簽章網址142,每次登錄時限132內或分別刷新登錄網頁時產生在該顯示器131的二維條碼14所包含的隨機字串141不同。接著使用者B執行該加密認證程式121,利用該認證登錄電腦12的鏡頭122拍攝該二維條碼14,辨識後自動取得該服務提供者電腦11給予的該隨機字串141與該回傳簽章網址142。 When user B wants to log in to the service 10 through the Internet on a login computer 13, the service provider computer 11 will follow the user B's request on the login computer 13, for example, in the web browser of the login computer 13 The login request is triggered when the service 10 is logged in, so that the service provider computer 11 displays a two-dimensional barcode 14, such as a QR Code, on the display 131 of the login computer 13 within a login time limit 132, such as 90 seconds. The information of the barcode 14 includes a random character string 141 and a postback signature URL 142. The random character string 141 contained in the two-dimensional barcode 14 on the display 131 is different each time the login time limit 132 is reached or the login webpage is refreshed. Then user B executes the encrypted authentication program 121, uses the lens 122 of the authentication login computer 12 to photograph the two-dimensional barcode 14, and automatically obtains the random string 141 and the return signature given by the service provider computer 11 after identification URL 142.

(S02)接收數位簽章:該服務提供者電腦11由網路接收該認證登錄電腦12回傳至該回傳簽章網址142的一數位簽章C,該數位簽章C是該認證登錄電腦12執行該加密認證程式121以該私鑰21加密該隨機字串141而成,由該數位簽章C能辨識出將其加密的該私鑰的金鑰驗證碼。 (S02) Receiving a digital signature: The service provider computer 11 receives a digital signature C from the certified login computer 12 that is sent back to the return signature URL 142 from the network, and the digital signature C is the certified login computer 12 The encryption authentication program 121 is executed to encrypt the random string 141 with the private key 21, and the digital signature C can identify the key verification code of the encrypted private key.

(S03)認證登錄:該服務提供者電腦11以對應該金鑰驗證碼的該公鑰20解開該數位簽章C,驗證該數位簽章C內的該隨機字串141與該服務提供者電腦11當次的登錄時限132所輸出的該隨機字串141是否相同,若相同則允許該使用者B在該登錄電腦13登錄該服務10,若不同則拒絕該使用者B在該登錄電腦13登錄該服務10。 (S03) Authentication login: The service provider computer 11 unlocks the digital signature C with the public key 20 corresponding to the key verification code, and verifies the random string 141 in the digital signature C and the service provider Is the random string 141 output by the current login time limit 132 of the computer 11 the same? If they are the same, the user B is allowed to log in to the service 10 on the login computer 13; if they are different, the user B is denied to the login computer 13 Log into the service 10.

如圖1、圖3所示,在使用者B註冊該服務10之後,該使用者B登錄該服務10的步驟S04至步驟S06包括: As shown in Figures 1 and 3, after user B registers for the service 10, the steps S04 to S06 for the user B to log in to the service 10 include:

(S04)接收隨機字串與網址:與一金鑰驗證碼(Key ID)對應的成對私鑰21與公鑰20已分別儲存在該認證登錄電腦12以及該服務提供者電腦11,該使用者B為該服務提供者電腦11提供的一網路的服務10的使用者,且該認證登錄電腦12已安裝一加密認證程式121;該服務提供者電腦11依使用者B在某一登錄電腦13發出的登錄該服務10的要求,在一登錄時限132例如90秒內,於該登錄電腦13的顯示器131上顯示一二維條碼14,例如QR Code,該二維條碼14的資訊包含一隨機字串141與一回傳簽章網址142,每次登錄時限132或刷新登錄網頁時所產生的隨機字串141會逐次更新;使用者B透過執行該加密認證程式121驅動該認證登錄電腦12的鏡頭122拍攝辨識該二維條碼14,辨識後獲得該服務提供者電腦11給予的該隨機字串141與該回傳簽章網址142。 (S04) Receive random string and URL: the paired private key 21 and public key 20 corresponding to a key verification code (Key ID) have been stored in the authentication login computer 12 and the service provider computer 11, respectively. Person B is a user of a network service 10 provided by the service provider computer 11, and the authentication login computer 12 has installed an encrypted authentication program 121; the service provider computer 11 is based on user B in a login computer 13 requests to register the service 10, within a login time limit 132, for example, 90 seconds, a two-dimensional barcode 14, such as a QR Code, is displayed on the display 131 of the login computer 13, and the information of the two-dimensional barcode 14 includes a random The string 141 and a signature URL 142 are sent back. The random string 141 generated every time the login time limit is 132 or the login page is refreshed will be updated one by one; User B drives the authentication login computer 12 by running the encrypted authentication program 121 The lens 122 captures and recognizes the two-dimensional bar code 14, and after recognition, the random string 141 and the return signature URL 142 are obtained from the computer 11 of the service provider.

(S05)輸出數位簽章:該認證登錄電腦12執行的該加密認證程式121在取得該隨機字串141後,以該私鑰21將該隨機字串141加密為一數位簽章C,由該數位簽章C能辨識出將其加密的該私鑰的金鑰驗證碼,透過網路將該數位簽章C輸出至該回傳簽章網址142,供該服務提供者電腦11取得。 (S05) Output digital signature: After the encrypted authentication program 121 executed by the authentication registration computer 12 obtains the random string 141, it encrypts the random string 141 with the private key 21 into a digital signature C. The digital signature C can identify the key verification code of the encrypted private key, and output the digital signature C to the return signature URL 142 via the network for the service provider computer 11 to obtain.

(S06)被認證登錄:該數位簽章C被該服務提供者電腦11以對應該金鑰驗證碼的該公鑰20解開,驗證該數位簽章C內的該隨機字串141與該服務提供者電腦11當次的登錄時限132所輸出的該隨機字串141是否相同,若相同 則允許該使用者B在該登錄電腦13登錄該服務10,若不同則拒絕該使用者B在該登錄電腦13登錄該服務10。 (S06) Authenticated login: The digital signature C is unlocked by the service provider computer 11 with the public key 20 corresponding to the key verification code, and the random string 141 in the digital signature C is verified with the service Whether the random string 141 output by the provider computer 11’s current login time limit 132 is the same, if the same Then the user B is allowed to log in to the service 10 on the login computer 13, and if it is different, the user B is denied to log in to the service 10 on the login computer 13.

本發明除前述第一較佳實施例,在進行該輸出隨機字串與網址的步驟(S01)或該接收隨機字串與網址的步驟(S04)時,是以該認證登錄電腦12的鏡頭122拍攝該二維條碼14,辨識後取得該服務提供者電腦11給予的該隨機字串141與該回傳簽章網址142以外,該服務提供者電腦11於該登錄電腦13的顯示器131上顯示的二維條碼14,也能透過網路硬碟、藍牙傳輸、SD卡轉存等手段,將該二維條碼14的數位影像傳輸給該認證登錄電腦12的該加密認證程式121讀取,使該加密認證程式121辨識該二維條碼14的數位影像後,取得該服務提供者電腦11給予的該隨機字串141與該回傳簽章網址14。或者如以下所述的第二較佳實施例或第三較佳實施例,依使用者B的要求,該服務提供者電腦11可透過其他手段給予該隨機字串141與該回傳簽章網址142。 In addition to the aforementioned first preferred embodiment of the present invention, when performing the step of outputting a random string and URL (S01) or the step of receiving a random string and URL (S04), the lens 122 of the computer 12 is logged in with the authentication Take the two-dimensional bar code 14 and obtain the random string 141 given by the service provider’s computer 11 and the return signature URL 142 after identification. The service provider’s computer 11 displayed on the display 131 of the login computer 13 The two-dimensional barcode 14 can also be read by the encrypted authentication program 121 of the authentication registration computer 12 through network hard disk, Bluetooth transmission, SD card transfer and other means. After the encryption authentication program 121 recognizes the digital image of the two-dimensional barcode 14, it obtains the random string 141 and the return signature URL 14 given by the service provider computer 11. Or, as in the second preferred embodiment or the third preferred embodiment described below, the service provider computer 11 can give the random string 141 and the return signature URL through other means at the request of the user B 142.

如圖4所示的第二較佳實施例,該服務提供者電腦11依使用者B在該登錄電腦13上的要求,在所述的登錄時限132內於該登錄電腦13的顯示器131上顯示所述的隨機字串141與所述的回傳簽章網址142,每次登錄時限132或刷新登錄網頁時所產生的隨機字串141會逐次更新;使用者B將該隨機字串141與該回傳簽章網址142輸入該加密認證程式121,使該認證登錄電腦12手動地取得該服務提供者電腦11給予的該隨機字串141與該回傳簽章網址142,提供該加密認證程式121在後續的步驟(S02)或步驟(S05)執行使用。 As shown in the second preferred embodiment in FIG. 4, the service provider computer 11 displays on the display 131 of the login computer 13 within the login time limit 132 according to the request of the user B on the login computer 13 For the random character string 141 and the return signature URL 142, the random character string 141 generated every time the login time limit 132 or the login webpage is refreshed will be updated one by one; user B combines the random character string 141 with the The return signature URL 142 is input to the encrypted authentication program 121, so that the authentication login computer 12 manually obtains the random string 141 and the return signature URL 142 given by the service provider computer 11, and provides the encrypted authentication program 121 Use it in the subsequent step (S02) or step (S05).

如圖5所示的第三較佳實施例,該服務提供者電腦11依使用者B在該登錄電腦13上的要求,在該登錄電腦13的顯示器13上顯示提供使用者B輸入的手機號碼欄位30(若該認證登錄電腦12為手機)、電子信箱欄位31,或認證服務網址欄位32(若該認證登錄電腦12是伺服器,且執行所述加密認證程式121提供網路上的認證服務)。 As shown in the third preferred embodiment of FIG. 5, the service provider computer 11 displays the mobile phone number input by user B on the display 13 of the login computer 13 according to the request of user B on the login computer 13. Field 30 (if the authentication login computer 12 is a mobile phone), e-mail field 31, or authentication service URL field 32 (if the authentication login computer 12 is a server, and the encrypted authentication program 121 is executed to provide Internet Certification Services).

首先,當使用者B將該認證登錄電腦12(即手機)的手機號碼輸入該手機號碼欄位30後,該服務提供者電腦11以簡訊的方式將所述的隨機字串141與所述的回傳簽章網址142寄給該認證登錄電腦12,使該認證登錄電腦12自動地取得該服務提供者電腦11給予的該隨機字串141與該回傳簽章網址142,提供所述的加密認證程式121在後續的步驟(S02)或步驟(S05)執行使用。 First, after user B enters the mobile phone number of the authentication login computer 12 (ie mobile phone) into the mobile phone number field 30, the service provider computer 11 sends the random string 141 to the The return signature URL 142 is sent to the authentication login computer 12, so that the authentication login computer 12 automatically obtains the random string 141 and the return signature URL 142 given by the service provider computer 11, and provides the encryption The authentication program 121 is executed and used in the subsequent step (S02) or step (S05).

其次,當使用者B將該認證登錄電腦12能接收的電子信箱輸入該電子信箱欄位31後,該服務提供者電腦11以電子郵件的方式將所述的隨機字串141與所述的回傳簽章網址142寄給該認證登錄電腦12,使該認證登錄電腦12自動地取得該服務提供者電腦11給予的該隨機字串141與該回傳簽章網址142,提供所述的加密認證程式121在後續的步驟(S02)或步驟(S05)執行使用。 Secondly, when user B enters the e-mail box that can be received by the authentication login computer 12 into the e-mail box field 31, the service provider computer 11 sends the random string 141 to the reply by e-mail. The signature URL 142 is sent to the authentication login computer 12 so that the authentication login computer 12 automatically obtains the random string 141 and the return signature URL 142 given by the service provider computer 11, and provides the encryption authentication The program 121 is executed and used in the subsequent step (S02) or step (S05).

再者,當使用者B將該認證登錄電腦12(即伺服器)執行該加密認證程式121的認證服務網址輸入該認證服務網址欄位32後,該服務提供者電腦11以查詢字串(QueryString)的方式將所述的隨機字串141與所述的回傳簽章網址142重導到認證服務網址,使該認證登錄電腦12由該認證服務網址自動地取得該服務提供者電腦11給予的該隨機字串141與該回傳簽章網址142,提供所述的加密認證程式121在後續的步驟(S02)或步驟(S05)執行使用。 Furthermore, when the user B enters the authentication service URL field 32 of the authentication service URL field 32 of the authentication registration computer 12 (ie, the server) that executes the encrypted authentication program 121, the service provider computer 11 uses the query string (QueryString ) To redirect the random string 141 and the return signature URL 142 to the authentication service website, so that the authentication login computer 12 can automatically obtain the service provider computer 11 from the authentication service website. The random string 141 and the return signature URL 142 provide the encryption authentication program 121 for execution and use in the subsequent step (S02) or step (S05).

以上所述僅為本發明的較佳實施例而已,並非用以限定本發明主張的權利範圍,凡其它未脫離本發明所揭示的精神所完成的等效改變或修飾,均應包括在本發明的申請專利範圍內。 The foregoing descriptions are only preferred embodiments of the present invention, and are not intended to limit the scope of the rights claimed by the present invention. All other equivalent changes or modifications completed without departing from the spirit disclosed by the present invention shall be included in the present invention. Within the scope of patent application.

10:服務 10: service

11:服務提供者電腦 11: Service provider computer

12:認證登錄電腦 12: Authentication login computer

121:加密認證程式 121: Encryption Authentication Program

122:鏡頭 122: lens

13:登錄電腦 13: Log in to the computer

131:顯示器 131: Display

132:登錄時限 132: Login time limit

14:二維條碼 14: Two-dimensional barcode

141:隨機字串 141: Random string

142:回傳簽章網址 142: Return signature URL

20:公鑰 20: public key

21:私鑰 21: Private key

A:服務提供者 A: Service provider

B:使用者 B: User

C:數位簽章 C: digital signature

Claims (12)

一種登錄認證方法,其步驟包括: 輸出隨機字串與網址:與一金鑰驗證碼對應的成對私鑰與公鑰分別儲存在一認證登錄電腦以及一服務提供者電腦,該服務提供者電腦提供一服務,該使用者欲於一登錄電腦登錄該服務時,該服務提供者電腦依該使用者要求給予一回傳簽章網址以及一隨機字串; 接收數位簽章:該服務提供者電腦由該回傳簽章網址接收該認證登錄電腦回傳的一數位簽章,該數位簽章是該認證登錄電腦以該私鑰將該隨機字串加密而成,由該數位簽章能辨識出將其加密的該私鑰的金鑰驗證碼;以及 認證登錄:該服務提供者電腦以對應該金鑰驗證碼的該公鑰解開該數位簽章,驗證該數位簽章內的該隨機字串與該服務提供者電腦給予使用者的該隨機字串是否相同,若相同則允許該使用者在該登錄電腦登錄該服務。 A login authentication method, the steps include: Output random string and URL: the paired private key and public key corresponding to a key verification code are stored in an authentication login computer and a service provider computer. The service provider computer provides a service and the user wants to When logging in to the service on a computer, the service provider’s computer will give a postback signature URL and a random string according to the user’s request; Receiving digital signature: The service provider’s computer receives a digital signature returned by the certified login computer from the return signature URL. The digital signature is obtained by encrypting the random string by the certified login computer with the private key The digital signature can identify the key verification code of the private key that encrypted it; and Authentication login: The service provider computer unlocks the digital signature with the public key corresponding to the key verification code, and verifies the random string in the digital signature and the random word given to the user by the service provider computer Whether the strings are the same, if they are the same, the user is allowed to log in to the service on the login computer. 如請求項1之登錄認證方法,其中在所述輸出隨機字串與網址的步驟中,所述服務提供者電腦在所述登錄電腦的一顯示器上顯示一二維條碼,該二維條碼的資訊包含所述的隨機字串與所述的回傳簽章網址,所述使用者在該認證登錄電腦執行一加密認證程式,利用該認證登錄電腦的一鏡頭拍攝、辨識該二維條碼取得該服務提供者電腦給予的該隨機字串與該回傳簽章網址;所述接收數位簽章的步驟中,該數位簽章是該認證登錄電腦執行該加密認證程式以該私鑰將該隨機字串加密而成。For example, the login authentication method of claim 1, wherein in the step of outputting a random string and a URL, the service provider computer displays a two-dimensional bar code on a display of the login computer, and the information of the two-dimensional bar code Containing the random string and the return signature URL, the user executes an encrypted authentication program on the authentication login computer, and uses a lens of the authentication login computer to capture and recognize the two-dimensional barcode to obtain the service The random string and the return signature URL given by the provider’s computer; in the step of receiving the digital signature, the digital signature is the authentication log-in computer executing the encrypted authentication program and the private key to the random string Encrypted. 如請求項1之登錄認證方法,其中在所述輸出隨機字串與網址的步驟中,所述使用者在該認證登錄電腦執行一加密認證程式,所述服務提供者電腦傳輸一二維條碼的數位影像至該加密認證程式,該二維條碼的資訊包含所述的隨機字串與所述的回傳簽章網址,該加密認證程式辨識該二維條碼的數位影像取得該服務提供者電腦給予的該隨機字串與該回傳簽章網址;所述接收數位簽章的步驟中,該數位簽章是該認證登錄電腦執行該加密認證程式以該私鑰將該隨機字串加密而成。Such as the login authentication method of claim 1, wherein in the step of outputting a random string and a URL, the user executes an encrypted authentication program on the authentication login computer, and the service provider computer transmits a two-dimensional barcode The digital image to the encrypted authentication program, the information of the two-dimensional barcode includes the random string and the return signature URL, the encrypted authentication program recognizes the digital image of the two-dimensional barcode and obtains it from the service provider’s computer In the step of receiving a digital signature, the digital signature is obtained by encrypting the random string with the private key by the authentication login computer executing the encryption authentication program. 如請求項1之登錄認證方法,其中在所述輸出隨機字串與網址的步驟中,所述服務提供者電腦在所述登錄電腦的一顯示器上顯示所述的隨機字串與所述的回傳簽章網址,所述使用者在該認證登錄電腦執行一加密認證程式並將該隨機字串與該回傳簽章網址輸入該加密認證程式,借此取得該服務提供者電腦給予的該隨機字串與該回傳簽章網址;所述接收數位簽章的步驟中,該數位簽章是該認證登錄電腦執行該加密認證程式以該私鑰將該隨機字串加密而成。For example, the login authentication method of claim 1, wherein in the step of outputting a random string and a URL, the service provider computer displays the random string and the reply on a display of the login computer Pass the signature URL, the user executes an encrypted authentication program on the authentication login computer and enters the random string and the return signature URL into the encrypted authentication program, thereby obtaining the random authentication program given by the service provider’s computer In the step of receiving the digital signature, the digital signature is obtained by encrypting the random string with the private key by the authentication login computer executing the encryption authentication program. 如請求項1之登錄認證方法,其中在所述輸出隨機字串與網址的步驟中,所述服務提供者電腦在所述登錄電腦的一顯示器上顯示提供所述使用者輸入的一手機號碼欄位或一電子信箱欄位;當所述認證登錄電腦是手機並且該使用者將手機號碼輸入該手機號碼欄位後,所述服務提供者電腦以簡訊將所述的隨機字串與所述的回傳簽章網址寄給該認證登錄電腦,使該認證登錄電腦取得該服務提供者電腦給予的該隨機字串與該回傳簽章網址;以及 當使用者將該認證登錄電腦能接收的電子信箱輸入該電子信箱欄位後,該服務提供者電腦以電子郵件將所述的隨機字串與所述的回傳簽章網址寄給該認證登錄電腦,使該認證登錄電腦取得該服務提供者電腦給予的該隨機字串與該回傳簽章網址;在所述接收數位簽章的步驟中,該數位簽章是該認證登錄電腦執行一加密認證程式以該私鑰將該隨機字串加密而成。 For example, the login authentication method of claim 1, wherein in the step of outputting a random string and a URL, the service provider computer displays a cell phone number field provided by the user on a display of the login computer Digit or an e-mail field; when the authentication login computer is a mobile phone and the user enters the mobile phone number into the mobile phone number field, the service provider’s computer sends the random string to the Send the return signature URL to the authentication login computer, so that the authentication login computer can obtain the random string and the return signature URL given by the service provider computer; and After the user enters the e-mail box that the authentication login computer can receive into the e-mail box field, the service provider computer sends the random string and the return signature URL to the authentication login by email The computer enables the authentication login computer to obtain the random string and the return signature URL given by the service provider computer; in the step of receiving the digital signature, the digital signature is the authentication login computer performs an encryption The authentication program encrypts the random string with the private key. 如請求項1之登錄認證方法,其中在所述輸出隨機字串與網址的步驟中,所述服務提供者電腦在所述登錄電腦的一顯示器上顯示提供所述使用者輸入的一認證服務網址欄位;所述認證登錄電腦是伺服器並且執行一加密認證程式提供網路上的認證服務,當使用者將該認證服務的認證服務網址輸入該認證服務網址欄位後,該服務提供者電腦以查詢字串的方式將所述的隨機字串與所述的回傳簽章網址重導到認證服務網址,使該認證登錄電腦由該認證服務網址取得該服務提供者電腦給予的該隨機字串與該回傳簽章網址;所述接收數位簽章的步驟中,該數位簽章是該認證登錄電腦執行該加密認證程式以該私鑰將該隨機字串加密而成。For example, the login authentication method of claim 1, wherein in the step of outputting a random string and a website address, the service provider computer displays an authentication service website input provided by the user on a display of the login computer Field; the authentication login computer is a server and executes an encrypted authentication program to provide authentication services on the Internet. When the user enters the authentication service URL of the authentication service into the authentication service URL field, the service provider computer Redirect the random string and the return signature URL to the authentication service website by way of query string, so that the authentication login computer can obtain the random string given by the service provider computer from the authentication service website And the return signature URL; in the step of receiving the digital signature, the digital signature is obtained by encrypting the random string with the private key by the authentication login computer executing the encryption authentication program. 一種登錄認證方法,其步驟包括: 接收隨機字串與網址:與一金鑰驗證碼對應的成對私鑰與公鑰分別儲存在一認證登錄電腦以及一服務提供者電腦,該認證登錄電腦的使用者是該服務提供者電腦提供的一服務的使用者,當該使用者欲於一登錄電腦登錄該服務時,該服務提供者電腦依該使用者的要求給予一回傳簽章網址以及一隨機字串,該認證登錄電腦接收該回傳簽章網址以及該隨機字串; 輸出數位簽章:該認證登錄電腦以該私鑰將該隨機字串加密為一數位簽章,由該數位簽章能辨識出將其加密的該私鑰的金鑰驗證碼,將該數位簽章輸出至該回傳簽章網址;以及 被認證登錄:該數位簽章被該服務提供者電腦由該回傳簽章網址取得並以對應該金鑰驗證碼的該公鑰解開,若驗證該數位簽章內的該隨機字串與該服務提供者電腦給予使用者的該隨機字串相同,則允許該使用者在該登錄電腦登錄該服務。 A login authentication method, the steps include: Receive random string and URL: the paired private key and public key corresponding to a key verification code are stored in a certified login computer and a service provider computer respectively, and the user of the certified login computer is provided by the service provider computer When a user of a service wants to log in to the service on a login computer, the service provider’s computer will give a postback signature URL and a random string according to the user’s request, and the authentication login computer will receive The return signature URL and the random string; Output digital signature: The certified login computer uses the private key to encrypt the random string into a digital signature. The digital signature can identify the key verification code of the encrypted private key, and the digital signature The chapter is output to the URL of the return signature; and Authenticated login: The digital signature is obtained by the service provider’s computer from the return signature URL and unlocked with the public key corresponding to the key verification code. If the random string in the digital signature is verified with If the random string given to the user by the service provider computer is the same, the user is allowed to log in to the service on the login computer. 如請求項7之登錄認證方法,其中在所述接收隨機字串與網址的步驟中,所述服務提供者電腦在所述登錄電腦的一顯示器上顯示一二維條碼,該二維條碼的資訊包含所述的隨機字串與所述的回傳簽章網址,所述使用者在該認證登錄電腦執行一加密認證程式,利用該認證登錄電腦的一鏡頭拍攝、辨識該二維條碼取得該服務提供者電腦給予的該隨機字串與該回傳簽章網址;所述輸出數位簽章的步驟中,該數位簽章是該認證登錄電腦執行該加密認證程式以該私鑰將該隨機字串加密而成。For example, the login authentication method of claim 7, wherein in the step of receiving a random string and a URL, the service provider computer displays a two-dimensional bar code on a display of the login computer, and the information of the two-dimensional bar code Containing the random string and the return signature URL, the user executes an encrypted authentication program on the authentication login computer, and uses a lens of the authentication login computer to capture and recognize the two-dimensional barcode to obtain the service The random string and the return signature URL given by the provider’s computer; in the step of outputting the digital signature, the digital signature is the authentication log-in computer executing the encrypted authentication program and the private key to the random string Encrypted. 如請求項7之登錄認證方法,其中在所述接收隨機字串與網址的步驟中,所述使用者在該認證登錄電腦執行一加密認證程式,所述服務提供者電腦傳輸一二維條碼的數位影像至該加密認證程式,該二維條碼的資訊包含所述的隨機字串與所述的回傳簽章網址,該加密認證程式辨識該二維條碼的數位影像取得該服務提供者電腦給予的該隨機字串與該回傳簽章網址;所述輸出數位簽章的步驟中,該數位簽章是該認證登錄電腦執行該加密認證程式以該私鑰將該隨機字串加密而成。For example, the login authentication method of claim 7, wherein in the step of receiving a random string and a URL, the user executes an encrypted authentication program on the authentication login computer, and the service provider computer transmits a two-dimensional barcode The digital image to the encrypted authentication program, the information of the two-dimensional barcode includes the random string and the return signature URL, the encrypted authentication program recognizes the digital image of the two-dimensional barcode and obtains it from the service provider’s computer In the step of outputting the digital signature, the digital signature is obtained by encrypting the random string with the private key by the authentication login computer executing the encryption authentication program. 如請求項7之登錄認證方法,其中在所述接收隨機字串與網址的步驟中,所述服務提供者電腦在所述登錄電腦的一顯示器上顯示所述的隨機字串與所述的回傳簽章網址,所述使用者在該認證登錄電腦執行一加密認證程式並將該隨機字串與該回傳簽章網址輸入該加密認證程式,借此取得該服務提供者電腦給予的該隨機字串與該回傳簽章網址;所述輸出數位簽章的步驟中,該數位簽章是該認證登錄電腦執行該加密認證程式以該私鑰將該隨機字串加密而成。For example, the login authentication method of claim 7, wherein in the step of receiving a random character string and a website address, the service provider computer displays the random character string and the reply on a display of the login computer Pass the signature URL, the user executes an encrypted authentication program on the authentication login computer and enters the random string and the return signature URL into the encrypted authentication program, thereby obtaining the random authentication program given by the service provider’s computer In the step of outputting the digital signature, the digital signature is obtained by encrypting the random string with the private key by the authentication login computer executing the encryption authentication program. 如請求項7之登錄認證方法,其中在所述接收隨機字串與網址的步驟中,所述服務提供者電腦在所述登錄電腦的一顯示器上顯示提供所述使用者輸入的一手機號碼欄位或一電子信箱欄位;當所述認證登錄電腦是手機並且該使用者將手機號碼輸入該手機號碼欄位後,所述服務提供者電腦以簡訊將所述的隨機字串與所述的回傳簽章網址寄給該認證登錄電腦,使該認證登錄電腦取得該服務提供者電腦給予的該隨機字串與該回傳簽章網址;以及 當使用者將該認證登錄電腦能接收的電子信箱輸入該電子信箱欄位後,該服務提供者電腦以電子郵件將所述的隨機字串與所述的回傳簽章網址寄給該認證登錄電腦,使該認證登錄電腦取得該服務提供者電腦給予的該隨機字串與該回傳簽章網址;在所述輸出數位簽章的步驟中,該數位簽章是該認證登錄電腦執行一加密認證程式以該私鑰將該隨機字串加密而成。 For example, the login authentication method of claim 7, wherein in the step of receiving a random string and a website address, the service provider computer displays a mobile phone number field provided by the user on a display of the login computer Digit or an e-mail field; when the authentication login computer is a mobile phone and the user enters the mobile phone number into the mobile phone number field, the service provider’s computer sends the random string to the Send the return signature URL to the authentication login computer, so that the authentication login computer can obtain the random string and the return signature URL given by the service provider computer; and After the user enters the e-mail box that the authentication login computer can receive into the e-mail box field, the service provider computer sends the random string and the return signature URL to the authentication login by email The computer enables the authenticated login computer to obtain the random string and the return signature URL given by the service provider computer; in the step of outputting the digital signature, the digital signature is that the authenticated login computer performs an encryption The authentication program encrypts the random string with the private key. 如請求項7之登錄認證方法,其中在所述接收隨機字串與網址的步驟中,所述服務提供者電腦在所述登錄電腦的一顯示器上顯示提供所述使用者輸入的一認證服務網址欄位;所述認證登錄電腦是伺服器並且執行一加密認證程式提供網路上的認證服務,當使用者將該認證服務的認證服務網址輸入該認證服務網址欄位後,該服務提供者電腦以查詢字串的方式將所述的隨機字串與所述的回傳簽章網址重導到認證服務網址,使該認證登錄電腦由該認證服務網址取得該服務提供者電腦給予的該隨機字串與該回傳簽章網址;所述輸出數位簽章的步驟中,該數位簽章是該認證登錄電腦執行該加密認證程式以該私鑰將該隨機字串加密而成。For example, the login authentication method of claim 7, wherein in the step of receiving a random string and a website address, the service provider computer displays an authentication service website address provided by the user on a display of the login computer Field; the authentication login computer is a server and executes an encrypted authentication program to provide authentication services on the Internet. When the user enters the authentication service URL of the authentication service into the authentication service URL field, the service provider computer Redirect the random string and the return signature URL to the authentication service website by way of query string, so that the authentication login computer can obtain the random string given by the service provider computer from the authentication service website And the return signature URL; in the step of outputting the digital signature, the digital signature is obtained by encrypting the random string with the private key after the authentication login computer executes the encryption authentication program.
TW108110157A 2019-03-22 2019-03-22 Login authentication method TWI704795B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW108110157A TWI704795B (en) 2019-03-22 2019-03-22 Login authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW108110157A TWI704795B (en) 2019-03-22 2019-03-22 Login authentication method

Publications (2)

Publication Number Publication Date
TWI704795B true TWI704795B (en) 2020-09-11
TW202037111A TW202037111A (en) 2020-10-01

Family

ID=73644001

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108110157A TWI704795B (en) 2019-03-22 2019-03-22 Login authentication method

Country Status (1)

Country Link
TW (1) TWI704795B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060036864A1 (en) * 1999-12-28 2006-02-16 Parulski Kenneth A Digital camera with image authentication
CN1801029A (en) * 2004-12-31 2006-07-12 联想(北京)有限公司 Method for generating digital certificate and applying the generated digital certificate

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060036864A1 (en) * 1999-12-28 2006-02-16 Parulski Kenneth A Digital camera with image authentication
CN1801029A (en) * 2004-12-31 2006-07-12 联想(北京)有限公司 Method for generating digital certificate and applying the generated digital certificate

Also Published As

Publication number Publication date
TW202037111A (en) 2020-10-01

Similar Documents

Publication Publication Date Title
US11658961B2 (en) Method and system for authenticated login using static or dynamic codes
US12244589B2 (en) Systems and methods for managing digital identities associated with mobile devices
US11405380B2 (en) Systems and methods for using imaging to authenticate online users
US10498541B2 (en) Electronic identification verification methods and systems
US11750385B2 (en) System and method for authenticating a user
US9577999B1 (en) Enhanced security for registration of authentication devices
US9124571B1 (en) Network authentication method for secure user identity verification
US20160307194A1 (en) System and method for point of sale payment data credentials management using out-of-band authentication
TW201741922A (en) Biometric-based safety authentication method and device
KR20110081103A (en) Secure transaction system and method
CN108684041A (en) The system and method for login authentication
KR101025807B1 (en) Authentication method and certificate server
US20160323290A1 (en) Network Authentication Of Multiple Profile Accesses From A Single Remote Device
KR20130107188A (en) Server and method for authentication using sound code
US12463816B2 (en) Decentralized zero-trust identity verification-authentication system and method
CN105978994A (en) Web system oriented logging-in method
CN114422233B (en) Login method and system of private device
KR102313868B1 (en) Cross authentication method and system using one time password
TWI704795B (en) Login authentication method
KR102123405B1 (en) System and method for providing security membership and login hosting service
KR101936941B1 (en) Electronic approval system, method, and program using biometric authentication
CN120223421A (en) Management and verification method and device for ownership of IoT devices