[go: up one dir, main page]

TWI896725B - High-security information transmission system and method - Google Patents

High-security information transmission system and method

Info

Publication number
TWI896725B
TWI896725B TW110129280A TW110129280A TWI896725B TW I896725 B TWI896725 B TW I896725B TW 110129280 A TW110129280 A TW 110129280A TW 110129280 A TW110129280 A TW 110129280A TW I896725 B TWI896725 B TW I896725B
Authority
TW
Taiwan
Prior art keywords
information
client
user
computer device
confidential
Prior art date
Application number
TW110129280A
Other languages
Chinese (zh)
Other versions
TW202307710A (en
Inventor
張裕隆
Original Assignee
系微股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 系微股份有限公司 filed Critical 系微股份有限公司
Priority to TW110129280A priority Critical patent/TWI896725B/en
Publication of TW202307710A publication Critical patent/TW202307710A/en
Application granted granted Critical
Publication of TWI896725B publication Critical patent/TWI896725B/en

Links

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Computer And Data Communications (AREA)

Abstract

本發明係一種高安全性的資訊傳輸系統及方法,主要係應用於管理端與用戶端之間,並分別以一伺服器與一電腦裝置透過網路連結;當用戶端的該電腦裝置執行BIOS程序時,先行對管理端的該伺服器發出一用戶機密資訊,該伺服器根據該用戶機密資訊來判斷是否已與該電腦裝置建立一專屬金鑰識別機制,若是,則允許與該電腦裝置直接傳輸一加密資訊;藉由在用戶端與管理端之間利用網路連線,並透過BIOS建立該專屬金鑰識別機制,提前建立專屬的傳輸機制,並以高安全性的方式進行資訊傳輸,以達到提升資訊傳輸安全性之目的。The present invention relates to a highly secure information transmission system and method, primarily applied between a management terminal and a client terminal, each connected via a network using a server and a computer device. When the client computer device executes the BIOS program, it first sends a user's confidential information to the management server. The server uses the user's confidential information to determine whether a dedicated key identification mechanism has been established with the computer device. If so, it allows direct transmission of encrypted information with the computer device. By utilizing a network connection between the client and the management terminal and establishing the dedicated key identification mechanism through the BIOS, a dedicated transmission mechanism is pre-established, and information transmission is performed in a highly secure manner, thereby achieving the purpose of enhancing information transmission security.

Description

高安全性的資訊傳輸系統及方法High-security information transmission system and method

本發明係關於一種資訊傳輸系統及方法,尤指一種高安全性的資訊傳輸系統及方法。The present invention relates to an information transmission system and method, and more particularly to a highly secure information transmission system and method.

隨著科技日新月異,網路的發達使得許多較為機密的資訊在傳輸過程中容易被不肖人士竊取以進行不正當的使用,例如:個資、公司機密文件等等,為了保護這些機密資訊不被輕易竊取,必需更加的注重保護措施,因此如何提升資訊傳輸的安全性便成為主要課題之一。With the rapid advancement of technology and the development of the Internet, confidential information, such as personal information and confidential company documents, can be easily stolen and misused during transmission. To protect this confidential information from being easily stolen, greater attention must be paid to protective measures. Therefore, improving the security of information transmission has become a major issue.

目前市面上已知的傳輸系統雖然可對於欲傳輸的資訊進行加密保護,例如:傳輸方(管理端)對欲傳輸的一資訊設置一密碼,接收方(用戶端)必需輸入該密碼才能取得該資訊;但是現有技術在實際應用時,傳輸方(管理端)仍需要透過網路提早或同時將密碼提供給接收方(用戶端),然而當每次傳輸資訊都要透過網路提供密碼,也增加了密碼在網路上進行傳輸的次數,如此一來,不肖人士竊取密碼的機會也會隨之提升;此外,現有技術在資訊傳輸的過程中,也需要不斷的輸入密碼來取得加密的資訊,因此也顯得較無效率。Although existing transmission systems can encrypt and protect transmitted information, for example, the transmitter (administrator) sets a password for the information to be transmitted, and the receiver (client) must enter the password to access the information. However, in practical applications, the transmitter (administrator) still needs to provide the password to the receiver (client) via the network in advance or simultaneously. However, since the password must be provided over the network every time information is transmitted, the number of times the password is transmitted over the network increases, thereby increasing the chances of unscrupulous persons stealing the password. In addition, the existing technology also requires continuous password input to obtain encrypted information during the information transmission process, making it relatively inefficient.

然而現有技術中,當管理端與用戶端在網路上進行遠端資料交換時,相當容易受到不肖人士(駭客)攻擊,例如:假冒用戶端,透過假冒用戶端裝置之身份而取得機密資訊,現有技術中並無法在資料交換時判別用戶端是否為假冒者,故對於資料安全性而言,存在較高的風險。However, existing technologies, when a management terminal and a client exchange data remotely over the network, are vulnerable to attacks from unscrupulous individuals (hackers). For example, a fake client could obtain confidential information by impersonating the client device. Existing technologies cannot determine whether a client is an imposter during data exchange, thus posing a high risk to data security.

因此,現有技術確實有待進一步提供更佳改良方案的必要性。Therefore, the existing technology is indeed in need of further providing better improvement solutions.

有鑑於上述現有技術之不足,本發明的主要目的在於提供一種高安全性的資訊傳輸系統及方法,主要係應用於管理端與用戶端之間,且利用網路連線,並透過BIOS提前建立傳輸機制,以提升資訊傳輸之安全性。In view of the above-mentioned shortcomings of the existing technology, the main purpose of the present invention is to provide a highly secure information transmission system and method, which is mainly applied between the management end and the client end, and utilizes the network connection and establishes the transmission mechanism in advance through the BIOS to enhance the security of information transmission.

為達成上述目的所採取的主要技術手段係令前述高安全性的資訊傳輸方法,係以一管理端與一用戶端透過網路連結,該方法係於該管理端執行以下步驟: 接收一用戶機密資訊; 根據該用戶機密資訊來判斷是否已與該用戶端建立一專屬金鑰識別機制; 若是,則允許與該用戶端直接傳輸一加密資訊。 The primary technical means employed to achieve the aforementioned objectives is to implement the aforementioned highly secure information transmission method, which involves connecting a management terminal and a client terminal via a network. The method involves the management terminal performing the following steps: Receive confidential user information; Based on the confidential user information, determine whether a unique key identification mechanism has been established with the client terminal; If so, allow direct transmission of encrypted information with the client terminal.

透過上述方法,在該用戶端執行BIOS程序時,該管理端接收到該用戶端發送的該用戶機密資訊,該管理端根據該用戶機密資訊來判斷是否已與該用戶端建立該專屬金鑰識別機制,若是,則允許與該用戶端直接傳輸該加密資訊;藉由提前建立專屬的傳輸機制,以高安全性的方式進行傳輸資訊,以達到提升資訊傳輸安全性之目的。Through the above method, when the client executes the BIOS program, the management terminal receives the user's confidential information sent by the client. The management terminal determines whether the dedicated key identification mechanism has been established with the client based on the user's confidential information. If so, the management terminal allows the encrypted information to be directly transmitted with the client. By establishing a dedicated transmission mechanism in advance, information is transmitted in a highly secure manner, thereby achieving the purpose of improving information transmission security.

為達成上述目的所採取的又一主要技術手段係令前述高安全性的資訊傳輸系統包括: 一用戶端的電腦裝置,係於開機時執行BIOS程序; 一管理端的伺服器,透過網路與該電腦裝置連結,並接收該電腦裝置發送的一用戶機密資訊; 其中,該伺服器根據該用戶機密資訊來判斷是否已與該電腦裝置建立一專屬金鑰識別機制,若是,則允許與該電腦裝置直接傳輸一加密資訊。 Another key technical approach employed to achieve the aforementioned objectives is to provide the aforementioned highly secure information transmission system, comprising: A client-side computer device that executes a BIOS program upon startup; A management-side server connected to the computer device via a network and receiving confidential user information sent by the computer device; Based on the confidential user information, the server determines whether a unique key identification mechanism has been established with the computer device. If so, the server permits direct transmission of encrypted information with the computer device.

透過上述構造,當該電腦裝置執行BIOS程序時,先行對該伺服器發送該用戶機密資訊,該伺服器根據該用戶機密資訊來判斷是否已與該電腦裝置建立該專屬金鑰識別機制,若是,則允許與該電腦裝置直接傳輸該加密資訊;藉由提前建立專屬的傳輸機制,以高安全性的方式進行資訊傳輸,以達到提升資訊傳輸安全性之目的。With the above structure, when the computer device executes the BIOS program, it first sends the user's confidential information to the server. The server determines whether the dedicated key identification mechanism has been established with the computer device based on the user's confidential information. If so, it allows the encrypted information to be directly transmitted with the computer device. By establishing a dedicated transmission mechanism in advance, information transmission is carried out in a highly secure manner, thereby achieving the purpose of improving information transmission security.

關於本發明高安全性的資訊傳輸系統之較佳實施例,請參考圖1所示,主要係應用於一管理端與一用戶端之間,其包括一管理端的伺服器10與一用戶端的電腦裝置20,該伺服器10係透過網路與該電腦裝置20連結;當該用戶端的電腦裝置20開機執行BIOS程序,該電腦裝置20先對該管理端的伺服器10發送一用戶機密資訊,該伺服器10根據該用戶機密資訊來判斷是否已與該電腦裝置20建立一專屬金鑰識別機制,若是,則允許與該電腦裝置20直接傳輸一加密資訊。Regarding a preferred embodiment of the highly secure information transmission system of the present invention, please refer to FIG1 . The system is primarily used between a management terminal and a client terminal, and includes a management server 10 and a client computer 20. The server 10 is connected to the computer 20 via a network. When the client computer 20 boots up and executes the BIOS program, the computer 20 first sends a user secret to the management server 10. The server 10 determines whether a unique key identification mechanism has been established with the computer 20 based on the user secret. If so, it allows the direct transmission of encrypted information with the computer 20.

於本較佳實施例中,該用戶機密資訊可包括一用戶端型號、一用戶端地址以及一用戶端金鑰等等的用戶機密資料;該專屬金鑰識別機制係由該伺服器10對該等用戶機密資料進行一機密資料認證程序,當該機密資料認證程序完成,則建立該專屬金鑰識別機制;於本較佳實施例中,於建立該專屬金鑰識別機制後,該管理端的伺服器10將一管理端金鑰發送至該用戶端的電腦裝置20,以提供該電腦裝置20對欲傳輸至該伺服器10的資訊進行加密。In the preferred embodiment, the user confidential information may include user confidential data such as a client model, a client address, and a client key; the dedicated key identification mechanism is a confidential data authentication process performed by the server 10 on the user confidential data. When the confidential data authentication process is completed, the dedicated key identification mechanism is established; in the preferred embodiment, after the dedicated key identification mechanism is established, the server 10 on the management end sends a management end key to the computer device 20 on the client end to provide the computer device 20 with the encryption of the information to be transmitted to the server 10.

因此,本發明主要係於該電腦裝置20執行BIOS程序時,先行對該伺服器10發送該用戶機密資訊,藉由在用戶端與管理端之間利用網路連線並透過BIOS建立該專屬金鑰識別機制,提前於執行BIOS程序時建立專屬的傳輸機制,並以高安全性的方式進行資訊傳輸,以提升資訊傳輸安全性。Therefore, the present invention primarily sends the user's confidential information to the server 10 when the computer device 20 executes the BIOS program. By utilizing a network connection between the client and the management terminal and establishing the dedicated key identification mechanism through the BIOS, a dedicated transmission mechanism is established in advance when the BIOS program is executed, and information is transmitted in a highly secure manner to enhance information transmission security.

為進一步說明本較佳實施例的又一應用方式,請參考圖2所示,其進一步包括一用戶端的行動裝置30,該行動裝置30係透過網路與該用戶端的電腦裝置20連結;當該電腦裝置20與該管理端的伺服器10建立該專屬金鑰識別機制後,該用戶端的行動裝置30可透過掃描該電腦裝置20提供的一用戶專屬二維碼來發送該行動裝置30的用戶機密資料至該管理端的伺服器10,並建立一專屬使用者介面,該用戶端的行動裝置30透過登錄該專屬使用者介面以進行與該管理端伺服器10的機密資料認證程序,當該機密資料認證程序完成後,兩者可透過該電腦裝置20直接傳輸該加密資訊,藉由該行動裝置30的進一步認證,以提升資訊傳輸的安全性以及防止被假冒的作用。To further illustrate another application of the preferred embodiment, please refer to FIG. 2 , which further includes a client mobile device 30, which is connected to the client computer device 20 via a network; after the computer device 20 and the management server 10 establish the unique key identification mechanism, the client mobile device 30 can scan a user-specific QR code provided by the computer device 20 to send the mobile device 30's The user's confidential data is transmitted to the management server 10, and a dedicated user interface is established. The client's mobile device 30 logs into the dedicated user interface to perform a confidential data authentication process with the management server 10. Once the confidential data authentication process is completed, the two parties can directly transmit the encrypted information through the computer device 20. Further authentication by the mobile device 30 enhances the security of information transmission and prevents impersonation.

由上述較佳實施例的具體應用方式及技術內容,本發明進一步歸納出一種高安全性的資訊傳輸方法,主要係應用於前述的管理端與用戶端之間,並且執行於該管理端的伺服器10與該用戶端的電腦裝置20上,如圖3所示,該方法包括以下步驟: 由該管理端的伺服器10接收一用戶機密資訊(S31); 由該管理端的伺服器10根據該用戶機密資訊來判斷是否已與該用戶端的電腦裝置20建立一專屬金鑰識別機制(S32); 若是,則允許該管理端的伺服器10與該用戶端的電腦裝置20直接傳輸一加密資訊(S33)。 Based on the specific application methods and technical content of the above-mentioned preferred embodiments, the present invention further provides a highly secure information transmission method, which is primarily applied between the aforementioned management end and the client end, and is executed on the management end's server 10 and the client end's computer device 20. As shown in Figure 3, the method includes the following steps: The management end's server 10 receives user confidential information (S31); The management end's server 10 determines, based on the user confidential information, whether a unique key identification mechanism has been established with the client end's computer device 20 (S32); If so, the management end's server 10 is allowed to directly transmit encrypted information to the client end's computer device 20 (S33).

透過上述方法,於本較佳實施例中,該伺服器10係在該電腦裝置20執行BIOS程序時,接收該電腦裝置20發送的該用戶機密資訊;藉由提前於執行BIOS程序時完成建立該專屬金鑰識別機制,以高安全性的方式傳輸資訊,提升資訊傳輸安全性。Through the above method, in this preferred embodiment, the server 10 receives the user confidential information sent by the computer device 20 when the computer device 20 executes the BIOS program; by completing the establishment of the dedicated key identification mechanism in advance when executing the BIOS program, information is transmitted in a highly secure manner, thereby improving information transmission security.

進一步的,於本較佳實施例中,當該方法執行至前述「由該管理端的伺服器10根據該用戶機密資訊來判斷是否已與該用戶端的電腦裝置20建立一專屬金鑰識別機制(S32)」之步驟,如圖3所示,該方法更包括以下步驟: 若否,則進行註冊,並透過該用戶機密資訊建立該專屬金鑰識別機制(S34);以及 接續執行前述「允許該管理端的伺服器10與該用戶端的電腦裝置20直接傳輸一加密資訊(S33)」之步驟。 Furthermore, in this preferred embodiment, when the method reaches the aforementioned step of "the management server 10 determines whether a unique key identification mechanism has been established with the client computer device 20 based on the user's confidential information (S32)", as shown in Figure 3, the method further includes the following steps: If not, registering and establishing the unique key identification mechanism using the user's confidential information (S34); and Continuing with the aforementioned step of "allowing the management server 10 and the client computer device 20 to directly transmit encrypted information (S33)".

於本較佳實施例中,可進一步提供該用戶端的行動裝置30,並透過網路與該用戶端的電腦裝置20連結,當該方法執行至前述「若否,則進行註冊,並透過該用戶機密資訊建立該專屬金鑰識別機制(S34)」之步驟,如圖4所示,該方法更包括以下子步驟: 根據該用戶端發送的該用戶機密資訊進行註冊,並透過該用戶機密資訊建立該專屬金鑰識別機制(S341); 由該用戶端的電腦裝置20產生一用戶專屬二維碼(S342),該用戶專屬二維碼係用以提供該用戶端的行動裝置30掃描並完成認證;於本較佳實施例中,其中該行動裝置30主要係藉由掃描該用戶專屬二維碼,以發送該行動裝置30的用戶機密資料至該管理端的伺服器10,並建立一專屬使用者介面,該行動裝置30透過登錄該專屬使用者介面以進行與該管理端伺服器10的機密資料認證程序,以建立該專屬金鑰識別機制,進一步達到即時、又具專屬的保密性之功效。 In this preferred embodiment, the client's mobile device 30 may be further provided and connected to the client's computer device 20 via a network. When the method reaches the aforementioned step "If not, then register and establish the unique key identification mechanism using the user's confidential information (S34)", as shown in Figure 4, the method further includes the following sub-steps: Registering based on the user's confidential information sent by the client and establishing the unique key identification mechanism using the user's confidential information (S341); The client computer 20 generates a user-specific QR code (S342). The user-specific QR code is scanned by the client mobile device 30 to complete authentication. In the preferred embodiment, the mobile device 30 primarily scans the user-specific QR code to transmit the user's confidential information to the management server 10, thereby establishing a dedicated user interface. The mobile device 30 then logs into the dedicated user interface to perform confidential information authentication with the management server 10, thereby establishing the dedicated key identification mechanism, further achieving instant and dedicated confidentiality.

再進一步的,於本較佳實施例中,當該方法執行至前述「若是,則允許該管理端的伺服器10與該用戶端的電腦裝置20直接傳輸一加密資訊(S33)」之步驟,如圖5所示,該方法更包括以下子步驟: 由該管理端的伺服器10對一第一信息封包進行加密並發送一第一加密資訊至該用戶端的電腦裝置20(S331); 由該用戶端的電腦裝置20使用該用戶端金鑰對該第一加密資訊進行解密以獲得該第一信息封包(S332); 由該用戶端的電腦裝置20對一第二信息封包進行加密並發送一第二加密資訊至該管理端的伺服器10(S333); 由該管理端的伺服器10使用該管理端金鑰對該第二加密資訊進行解密以獲得該第二信息封包(S334)。 Furthermore, in this preferred embodiment, when the method reaches the aforementioned step of "If yes, then allow the management server 10 and the client computer device 20 to directly transmit an encrypted message (S33)", as shown in Figure 5, the method further includes the following sub-steps: The management server 10 encrypts a first information packet and sends the first encrypted message to the client computer device 20 (S331); The client computer device 20 decrypts the first encrypted message using the client key to obtain the first information packet (S332); The client computer device 20 encrypts a second information packet and sends the second encrypted message to the management server 10 (S333); The management server 10 uses the management key to decrypt the second encrypted information to obtain the second information packet (S334).

再進一步的,於本較佳實施例中,當該方法執行至前述「若是,則允許該管理端的伺服器10與該用戶端的電腦裝置20直接傳輸加密資訊(S33)」之步驟,如圖6所示,該方法更包括以下子步驟: 由該用戶端的電腦裝置20對一第三信息封包進行加密並發送一第三加密資訊至該管理端的伺服器10(S335); 由該管理端的伺服器10使用該管理端金鑰對該第三加密資訊進行解密以獲得該第三信息封包(S336); 由該管理端的伺服器10對一第四信息封包進行加密並發送一第四加密資訊至該用戶端的電腦裝置20(S337); 由該用戶端的電腦裝置20使用該用戶端金鑰對該第四加密資訊進行解密以獲得該第四信息封包(S338)。 Furthermore, in this preferred embodiment, when the method reaches the aforementioned step of "If yes, then allow the management server 10 and the client computer device 20 to directly transmit encrypted information (S33)", as shown in Figure 6, the method further includes the following sub-steps: The client computer device 20 encrypts a third information packet and sends the third encrypted information to the management server 10 (S335); The management server 10 decrypts the third encrypted information using the management key to obtain the third information packet (S336); The management server 10 encrypts a fourth information packet and sends the fourth encrypted information to the client computer device 20 (S337); The client computer device 20 uses the client key to decrypt the fourth encrypted information to obtain the fourth information packet (S338).

於本較佳實施例中,該等信息封包可分別為數據、資料、密碼、文件以及檔案等等任何可於網路上傳輸的資訊,關於上述的該等信息封包,在此僅是舉例而非加以限制。In the preferred embodiment, the information packets can be any information that can be transmitted on the Internet, such as data, information, passwords, documents, and files. The above-mentioned information packets are only examples and not limitations.

10:伺服器 20:電腦裝置 30:行動裝置 10: Server 20: Computer 30: Mobile Device

圖1 係本發明之較佳實施例之系統方塊圖。 圖2 係本發明之較佳實施例之又一系統方塊圖。 圖3 係本發明之較佳實施例之方法流程圖。 圖4 係本發明之較佳實施例之又一方法流程圖。 圖5 係本發明之較佳實施例之另一方法流程圖。 圖6 係本發明之較佳實施例之再一方法流程圖。 Figure 1 is a system block diagram of a preferred embodiment of the present invention. Figure 2 is a system block diagram of another preferred embodiment of the present invention. Figure 3 is a method flow chart of a preferred embodiment of the present invention. Figure 4 is a method flow chart of another preferred embodiment of the present invention. Figure 5 is another method flow chart of a preferred embodiment of the present invention. Figure 6 is a still further method flow chart of a preferred embodiment of the present invention.

10 伺服器 20 電腦裝置10 Servers 20 Computer Devices

Claims (8)

一種高安全性的資訊傳輸方法,係以一管理端與一用戶端透過網路連結,該方法係於該管理端執行以下步驟: 自該用戶端接收一用戶機密資訊; 根據該用戶機密資訊來判斷該管理端是否已與該用戶端建立一專屬金鑰識別機制; 若是,則允許該管理端與該用戶端直接透過該網路傳輸一加密資訊; 若否,則進行註冊並建立該專屬金鑰識別機制,且接續執行「允許該管理端與該用戶端直接透過該網路傳輸一加密資訊」之步驟。A highly secure information transmission method connects a management terminal and a client terminal via a network. The method involves the management terminal performing the following steps: receiving confidential user information from the client terminal; determining, based on the confidential user information, whether the management terminal has established a unique key identification mechanism with the client terminal; if so, allowing the management terminal to directly transmit encrypted information with the client terminal via the network; if not, registering and establishing the unique key identification mechanism, and then performing the step of "allowing the management terminal to directly transmit encrypted information with the client terminal via the network." 如請求項1所述之高安全性的資訊傳輸方法,當該方法執行至「允許該管理端與該用戶端直接透過該網路傳輸一加密資訊」之步驟,該方法更包括以下子步驟: 由該管理端對一第一信息封包進行加密並發送一第一加密資訊至該用戶端; 由該用戶端對該第一加密資訊進行解密,以獲得該第一信息封包; 由該用戶端對一第二信息封包進行加密並發送一第二加密資訊至該管理端; 由該管理端對該第二加密資訊進行解密,以獲得該第二信息封包。The highly secure information transmission method as described in claim 1, when the method executes the step of "allowing the management terminal and the client terminal to directly transmit an encrypted message through the network", further includes the following sub-steps: the management terminal encrypts a first information packet and sends a first encrypted message to the client terminal; the client terminal decrypts the first encrypted message to obtain the first information packet; the client terminal encrypts a second information packet and sends a second encrypted message to the management terminal; the management terminal decrypts the second encrypted message to obtain the second information packet. 如請求項1所述之高安全性的資訊傳輸方法,當該方法執行至「允許該管理端與該用戶端直接透過該網路傳輸一加密資訊」之步驟,該方法更包括以下子步驟: 由該用戶端對一第三信息封包進行加密並發送一第三加密資訊至該管理端; 由該管理端對該第三加密資訊進行解密,以獲得該第三信息封包; 由該管理端對一第四信息封包進行加密並發送一第四加密資訊至該用戶端; 由該用戶端對該第四加密資訊進行解密,以獲得該第四信息封包。The highly secure information transmission method as described in claim 1, when the method executes the step of "allowing the management terminal and the client terminal to directly transmit an encrypted message through the network", further includes the following sub-steps: the client terminal encrypts a third information packet and sends a third encrypted message to the management terminal; the management terminal decrypts the third encrypted message to obtain the third information packet; the management terminal encrypts a fourth information packet and sends a fourth encrypted message to the client terminal; the client terminal decrypts the fourth encrypted message to obtain the fourth information packet. 如請求項1所述之高安全性的資訊傳輸方法,當該方法執行至「若否,則進行註冊並建立該專屬金鑰識別機制」之步驟,該方法更包括以下子步驟: 根據該用戶端發送的該用戶機密資訊進行註冊並建立該專屬金鑰識別機制; 由該用戶端產生一用戶專屬二維碼,以供該用戶端的一行動裝置掃描認證,以致該行動裝置藉由掃描該用戶專屬二維碼,以發送該行動裝置的一用戶機密資料至該管理端,並建立一專屬使用者介面,該行動裝置透過登錄該專屬使用者介面以進行與該管理端的一機密資料認證程序,以建立該專屬金鑰識別機制。The high-security information transmission method as described in claim 1, when the method is executed to the step of "if not, register and establish the exclusive key identification mechanism", the method further includes the following sub-steps: registering and establishing the exclusive key identification mechanism based on the user confidential information sent by the client; generating a user-exclusive QR code by the client for scanning and authentication by a mobile device of the client, so that the mobile device sends a user confidential data of the mobile device to the management end by scanning the user-exclusive QR code, and establishes a exclusive user interface, and the mobile device logs in to the exclusive user interface to perform a confidential data authentication procedure with the management end to establish the exclusive key identification mechanism. 一種高安全性的資訊傳輸系統,其包括: 一用戶端的電腦裝置,係於開機時執行BIOS程序; 一管理端的伺服器,透過網路與該電腦裝置連結,並接收該電腦裝置發送的一用戶機密資訊; 其中,該伺服器根據該用戶機密資訊來判斷是否已與該電腦裝置建立一專屬金鑰識別機制,若是,則允許與該電腦裝置透過該網路直接傳輸一加密資訊,若否,則進行註冊並建立該專屬金鑰識別機制; 其中,該專屬金鑰識別機制建立後,該伺服器將一管理端金鑰發送至該電腦裝置,以供該電腦裝置對欲傳輸至該伺服器的資訊進行加密。A highly secure information transmission system comprises: a client-side computer device that executes a BIOS program upon startup; a management-side server that connects to the computer device via a network and receives confidential user information sent by the computer device; wherein, based on the confidential user information, the server determines whether a dedicated key identification mechanism has been established with the computer device. If so, it allows direct transmission of encrypted information with the computer device via the network; if not, it registers and establishes the dedicated key identification mechanism; wherein, after the dedicated key identification mechanism is established, the server sends a management-side key to the computer device, which the computer device uses to encrypt information to be transmitted to the server. 如請求項5所述之高安全性的資訊傳輸系統,其中,該用戶機密資訊包括一用戶端型號、一用戶端地址以及一用戶端金鑰。A high-security information transmission system as described in claim 5, wherein the user confidential information includes a client model, a client address, and a client key. 如請求項5所述之高安全性的資訊傳輸系統,其中,該專屬金鑰識別機制係於該電腦裝置在開機執行BIOS程序時,即建立完成。As described in claim 5, the highly secure information transmission system, wherein the unique key identification mechanism is established when the computer device is turned on and executes the BIOS program. 如請求項5所述之高安全性的資訊傳輸系統,其進一步包括一用戶端的行動裝置,該行動裝置係與該電腦裝置連結;當該伺服器根據該用戶機密資訊來判斷是否已與該電腦裝置建立該專屬金鑰識別機制,若否,則該伺服器根據該電腦裝置發送的該用戶機密資訊進行註冊並建立該專屬金鑰識別機制,及由該電腦裝置產生一用戶專屬二維碼,以供該行動裝置掃描認證,以致該行動裝置藉由掃描該用戶專屬二維碼,以發送該行動裝置的一用戶機密資料至該伺服器,並建立一專屬使用者介面,該行動裝置透過登錄該專屬使用者介面以進行與該伺服器的一機密資料認證程序,以建立該專屬金鑰識別機制。The highly secure information transmission system as described in claim 5 further comprises a mobile device at the client end, the mobile device being connected to the computer device; when the server determines whether the unique key identification mechanism has been established with the computer device based on the user confidential information, if not, the server registers and establishes the unique key identification mechanism based on the user confidential information sent by the computer device, and The computer device generates a user-specific QR code for the mobile device to scan and authenticate. The mobile device scans the user-specific QR code to send confidential user information of the mobile device to the server and establishes a dedicated user interface. The mobile device logs into the dedicated user interface to perform a confidential information authentication process with the server to establish the dedicated key identification mechanism.
TW110129280A 2021-08-09 2021-08-09 High-security information transmission system and method TWI896725B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW110129280A TWI896725B (en) 2021-08-09 2021-08-09 High-security information transmission system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110129280A TWI896725B (en) 2021-08-09 2021-08-09 High-security information transmission system and method

Publications (2)

Publication Number Publication Date
TW202307710A TW202307710A (en) 2023-02-16
TWI896725B true TWI896725B (en) 2025-09-11

Family

ID=86661193

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110129280A TWI896725B (en) 2021-08-09 2021-08-09 High-security information transmission system and method

Country Status (1)

Country Link
TW (1) TWI896725B (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040006700A1 (en) * 2002-06-26 2004-01-08 International Business Machines Corporation Secure method for system attribute modification
EP1705854A1 (en) * 2005-03-22 2006-09-27 Research In Motion Limited Method and apparatus for sharing cryptographic information in a mobile communication system
EP1229442B1 (en) * 2001-01-22 2007-03-21 Sun Microsystems, Inc. Peer-to-peer computing architecture
US20160050565A1 (en) * 2014-08-18 2016-02-18 Qualcomm Incorporated Secure provisioning of an authentication credential
US9491564B1 (en) * 2009-01-28 2016-11-08 Headwater Partners I Llc Mobile device and method with secure network messaging for authorized components
CN107508796A (en) * 2017-07-28 2017-12-22 北京明朝万达科技股份有限公司 A kind of data communications method and device
CN108809954A (en) * 2018-05-22 2018-11-13 北京海泰方圆科技股份有限公司 The methods, devices and systems of data transmission
US20190260719A1 (en) * 2016-06-24 2019-08-22 Sony Corporation Data communications
US10425401B1 (en) * 2018-10-31 2019-09-24 ISARA Corporation Extensions for using a digital certificate with multiple cryptosystems
US20190340364A1 (en) * 2018-05-04 2019-11-07 Dell Products L.P. Secure bios attribute system
CN110851737A (en) * 2019-11-13 2020-02-28 哈工大机器人湖州国际创新研究院 Recommendation method and device, electronic equipment and computer storage medium

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1229442B1 (en) * 2001-01-22 2007-03-21 Sun Microsystems, Inc. Peer-to-peer computing architecture
US20040006700A1 (en) * 2002-06-26 2004-01-08 International Business Machines Corporation Secure method for system attribute modification
EP1705854A1 (en) * 2005-03-22 2006-09-27 Research In Motion Limited Method and apparatus for sharing cryptographic information in a mobile communication system
US9491564B1 (en) * 2009-01-28 2016-11-08 Headwater Partners I Llc Mobile device and method with secure network messaging for authorized components
US20160050565A1 (en) * 2014-08-18 2016-02-18 Qualcomm Incorporated Secure provisioning of an authentication credential
US20190260719A1 (en) * 2016-06-24 2019-08-22 Sony Corporation Data communications
CN107508796A (en) * 2017-07-28 2017-12-22 北京明朝万达科技股份有限公司 A kind of data communications method and device
US20190340364A1 (en) * 2018-05-04 2019-11-07 Dell Products L.P. Secure bios attribute system
CN108809954A (en) * 2018-05-22 2018-11-13 北京海泰方圆科技股份有限公司 The methods, devices and systems of data transmission
US10425401B1 (en) * 2018-10-31 2019-09-24 ISARA Corporation Extensions for using a digital certificate with multiple cryptosystems
CN110851737A (en) * 2019-11-13 2020-02-28 哈工大机器人湖州国际创新研究院 Recommendation method and device, electronic equipment and computer storage medium

Also Published As

Publication number Publication date
TW202307710A (en) 2023-02-16

Similar Documents

Publication Publication Date Title
EP3661120B1 (en) Method and apparatus for security authentication
CN109040067B (en) A user authentication device and authentication method based on physical unclonable technology PUF
CN101978650B (en) Secure network authentication system and method
JP4746333B2 (en) Efficient and secure authentication of computing systems
CN102217277B (en) Method and system for token-based authentication
US8214649B2 (en) System and method for secure communications between at least one user device and a network entity
WO2016177052A1 (en) User authentication method and apparatus
CN100574511C (en) Method and system for peer identity confirmation in mobile terminal communication
US20030196084A1 (en) System and method for secure wireless communications using PKI
CN116233832A (en) Verification information sending method and device
CN107733933B (en) A method and system for two-factor identity authentication based on biometric technology
KR100957044B1 (en) Mutual authentication method using Kerberos and its system
JP2017521934A (en) Method of mutual verification between client and server
CN101183932A (en) A security authentication system for wireless application service and its registration and login method
CN110493162A (en) Identity identifying method and system based on wearable device
DK2414983T3 (en) Secure computer system
CN114513339A (en) Security authentication method, system and device
WO2014141263A1 (en) Asymmetric otp authentication system
CN101808077B (en) Information security input processing system and method and smart card
CN105281902B (en) A kind of Web system safe login method based on mobile terminal
JP2001186122A (en) Authentication system and authentication method
CN116707961A (en) User authentication method, computer equipment and computer storage medium
JP2003188874A (en) System for secure data transmission
CN105024813A (en) A server, a user equipment, and an interaction method between the user equipment and the server
US20050210247A1 (en) Method of virtual challenge response authentication