[go: up one dir, main page]

TWI897686B - Signature certification authorization system, method and computer readable medium - Google Patents

Signature certification authorization system, method and computer readable medium

Info

Publication number
TWI897686B
TWI897686B TW113139812A TW113139812A TWI897686B TW I897686 B TWI897686 B TW I897686B TW 113139812 A TW113139812 A TW 113139812A TW 113139812 A TW113139812 A TW 113139812A TW I897686 B TWI897686 B TW I897686B
Authority
TW
Taiwan
Prior art keywords
behavior
client
module
network token
json
Prior art date
Application number
TW113139812A
Other languages
Chinese (zh)
Inventor
薛仲佑
劉秋宗
張家棟
陳秋玉
Original Assignee
中華電信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中華電信股份有限公司 filed Critical 中華電信股份有限公司
Priority to TW113139812A priority Critical patent/TWI897686B/en
Application granted granted Critical
Publication of TWI897686B publication Critical patent/TWI897686B/en

Links

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

The invention discloses a signature certification authorization system, method and computer readable medium. A signature web service module receives a signature request from a user terminal, a behavior analysis module retrieves the user terminal's previous user behavior data from a user behavior log based on the signature request to further analyze the user terminal's multiple behavior indicators, and then a behavior scoring module calculates the user terminal's behavior score based on the multiple behavior indicators. Furthermore, a JSON Web Token control module embeds the user terminal's behavior score into a payload of a JSON Web Token. During authentication or verification, the JSON Web Token control module authenticates or verifies validity of the JSON Web Token, and then provides a processing method for distinguishing different permissions based on the user terminal's behavior score, so as to efficiently control the user terminal's permission.

Description

簽署認證授權系統、方法及電腦可讀媒介 Signature authentication authorization system, method and computer-readable medium

本發明係關於一種簽署認證授權技術,特別是指一種簽署認證授權系統、方法及電腦可讀媒介。 The present invention relates to a signature authentication and authorization technology, and more particularly to a signature authentication and authorization system, method, and computer-readable medium.

在迅速演變之網路開發世界中,需要強大且安全之認證機制,JSON網路令牌(JSON Web Token;JWT)已成為一種流行之解決方案,並徹底改變了應用程式處理用戶端之認證方式。 In the rapidly evolving world of web development, strong and secure authentication mechanisms are needed. JSON Web Token (JWT) has become a popular solution and has revolutionized the way applications handle client authentication.

然而,在傳統方式下,通常會直接將授權指派給個別之用戶端,但用戶端之角色或行為發生變化時,則需要手動調整用戶端之權限,這導致安全性之風險問題。 However, in traditional approaches, authorization is typically assigned directly to individual clients. However, if a client's role or behavior changes, the client's permissions need to be manually adjusted, which can lead to security risks.

在現有情況下,簽署網頁服務前台會經由會員管理模組直接對應至簽署服務介接應用程式介面(Application Programming Interface;API),但此種設計無法偵測用戶端之可疑活動,亦無法依據用戶端之行為模式調整認證之優先權(Priority)。 Currently, the signature web service frontend directly connects to the signature service application programming interface (API) through the member management module. However, this design cannot detect suspicious client activity or adjust authentication priority based on client behavior patterns.

另外,現有技術並無法依據用戶端之用戶行為日誌(Log)分析出複數行為指標,亦無法依據複數行為指標計算出用戶端之行為分數,也無法將用戶端之行為分數嵌入JSON網路令牌之酬載中以作為權限之動態調整或管控之依據。 Furthermore, existing technologies are unable to analyze multiple behavioral indicators based on the client's user behavior log, nor are they able to calculate the client's behavior score based on multiple behavioral indicators. Furthermore, they are unable to embed the client's behavior score into the payload of a JSON network token to serve as a basis for dynamic adjustment or control of permissions.

因此,如何提供一種創新之簽署認證授權技術,以解決上述之任一問題,亦或提供相關之系統及其方法,已成為本領域技術人員之一大研究課題。 Therefore, providing an innovative signature authentication and authorization technology to resolve any of the aforementioned issues, or providing related systems and methods, has become a major research topic for technical personnel in this field.

本發明之簽署認證授權系統包括:一簽署網頁服務模組、一行為分析模組與一行為評分模組,簽署網頁服務模組用以接收用戶端之簽署請求,以由行為分析模組依據簽署網頁服務模組所接收之用戶端之簽署請求從用戶行為日誌中擷取出用戶端先前之複數用戶行為資料,再由行為分析模組依據用戶端先前之複數用戶行為資料分析出用戶端之複數行為指標,俾由行為評分模組依據行為分析模組所分析出之用戶端之複數行為指標計算出用戶端之行為分數;以及一JSON網路令牌管控模組,係通訊連結行為評分模組,以由JSON網路令牌管控模組將行為評分模組所計算出之用戶端之行為分數嵌入有關用戶端之JSON網路令牌之酬載中,其中,當對用戶端之JSON網路令牌進行認證或驗證時,由JSON網路令牌管控模組認證或驗證用戶端之JSON網路令牌之有效性,俾於用戶端之JSON網路令牌經認證或驗證為有效時,由JSON網路令牌管控模組依據JSON網路令牌之酬載中之用戶端之行為分數提供有關用戶端之不同權限區分之處理方式,以供管控用戶端之權限。 The signature authentication and authorization system of the present invention includes: a signature web service module, a behavior analysis module and a behavior scoring module. The signature web service module is used to receive the signature request of the client, so that the behavior analysis module extracts the client's previous multiple user behavior data from the user behavior log according to the signature request of the client received by the signature web service module, and then the behavior analysis module analyzes the client's multiple behavior indicators based on the client's previous multiple user behavior data, so that the behavior scoring module calculates the client's behavior score based on the client's multiple behavior indicators analyzed by the behavior analysis module; and a JSON network token management module, which is used to The JSON Network Token Control Module embeds the client's behavior score calculated by the Behavior Scoring Module into the payload of the client's JSON Network Token. When authenticating or validating the client's JSON Network Token, the JSON Network Token Control Module authenticates or verifies the validity of the client's JSON Network Token. If the client's JSON Network Token is authenticated or verified as valid, the JSON Network Token Control Module provides a method for differentiating permissions for the client based on the client's behavior score in the JSON Network Token's payload, thereby controlling the client's permissions.

本發明之簽署認證授權方法包括:由一簽署網頁服務模組接收用戶端之簽署請求,以由一行為分析模組依據簽署網頁服務模組所接收之用戶端之簽署請求從用戶行為日誌中擷取出用戶端先前之複數用戶行為資料,再由行為分析模組依據用戶端先前之複數用戶行為資料分析出用戶端之複數行為指標,俾由一行為評分模組依據行為分析模組所分析出之用戶端之複數行為指標計算出用戶端之行為分數;以及由一JSON網路令牌管控模組將行為評分模組所計算出之用戶端之行為分數嵌入有關用戶端之JSON網路令牌之酬載中,其中,當對用戶端之JSON網路令牌進行認證或驗證時,由JSON網路令牌管控模組認證或驗證用戶端之JSON網路令牌之有效性,俾於用戶端之JSON網路令牌經認證或驗證為有效時,由JSON網路令牌管控模組依據JSON網路令牌之酬載中之用戶端之行為分數提供有關用戶端之不同權限區分之處理方式,以供管控用戶端之權限。 The signature authentication and authorization method of the present invention includes: a signature web service module receives a signature request from a client, a behavior analysis module extracts a plurality of previous user behavior data of the client from a user behavior log according to the signature request received by the signature web service module, and then the behavior analysis module analyzes a plurality of behavior indicators of the client according to the plurality of previous user behavior data of the client, so that a behavior scoring module calculates a behavior score of the client according to the plurality of behavior indicators of the client analyzed by the behavior analysis module; and a JSON network token control module converts the signature request received by the signature web service module into a signature request. The client's behavior score calculated by the behavior scoring module is embedded in the payload of the client's JSON network token. When the client's JSON network token is authenticated or verified, the JSON network token control module authenticates or verifies the validity of the client's JSON network token. If the client's JSON network token is authenticated or verified as valid, the JSON network token control module provides a method for differentiating permissions for the client based on the client's behavior score in the JSON network token payload, thereby managing the client's permissions.

本發明之電腦可讀媒介應用於計算裝置或電腦中,係儲存有指令,並透過處理器與記憶體執行電腦可讀媒介,以於執行電腦可讀媒介時,執行上述之簽署認證授權方法。 The computer-readable medium of the present invention is used in a computing device or computer to store instructions. The computer-readable medium is executed by a processor and memory to perform the aforementioned signature authentication and authorization method.

因此,本發明提供一種創新之簽署認證授權系統、方法及電腦可讀媒介,係能由行為分析模組自動地依據用戶端之用戶行為日誌分析出複數行為指標,亦能由行為評分模組依據複數行為指標迅速地計算出用戶端之行為分數,也能由JSON網路令牌管控模組將用戶端之行為分數自動嵌入JSON網路令牌之酬載中,以有效作為權限之動態調整或管控之依據。 Therefore, the present invention provides an innovative signature authentication and authorization system, method, and computer-readable medium. This system enables a behavior analysis module to automatically analyze multiple behavioral indicators based on a client's behavior log. A behavior scoring module can also rapidly calculate a client's behavior score based on these multiple behavioral indicators. Furthermore, a JSON network token management module can automatically embed the client's behavior score into the payload of a JSON network token, effectively serving as a basis for dynamic adjustment or control of permissions.

換言之,本發明之簽署網頁服務模組能自動接收用戶端之簽署請求,以利於行為分析模組能依據簽署請求從用戶行為日誌中即時地擷取出用戶 端先前之複數用戶行為資料,亦能從複數用戶行為資料中迅速地分析出用戶端之有用之複數行為指標,俾利於行為評分模組能依據複數行為指標精確地計算出用戶端之行為分數。 In other words, the signature web service module of the present invention can automatically receive signature requests from clients, enabling the behavior analysis module to instantly retrieve the client's previous multiple user behavior data from the user behavior log based on the signature request. It can also quickly analyze the multiple useful behavioral indicators of the client from this multiple user behavior data, allowing the behavior scoring module to accurately calculate the client's behavior score based on these multiple behavioral indicators.

再者,本發明之JSON網路令牌管控模組能將行為分數自動嵌入有關用戶端之JSON網路令牌之酬載中,亦能立即地認證或驗證用戶端之JSON網路令牌之有效性,也能依據用戶端之行為分數提供不同權限區分之處理方式,俾利於有效率地管控用戶端之權限。 Furthermore, the JSON network token management module of the present invention can automatically embed the behavior score into the payload of the client's JSON network token, instantly authenticate or verify the validity of the client's JSON network token, and provide different permission-based processing methods based on the client's behavior score, thereby facilitating efficient control of client permissions.

為使本發明之上述特徵與優點能更明顯易懂,下文特舉實施例,並配合所附圖式作詳細說明。在以下描述內容中將部分闡述本發明之額外特徵及優點,且此等特徵及優點將部分自所述描述內容可得而知,或可藉由對本發明之實踐習得。應理解,前文一般描述與以下詳細描述兩者均為例示性及解釋性的,且不欲約束本發明所欲主張之範圍。 To make the above-mentioned features and advantages of the present invention more readily apparent, the following examples are provided with accompanying drawings for detailed description. Additional features and advantages of the present invention will be partially explained in the following description, and some of these features and advantages will be apparent from the description or may be learned through practice of the present invention. It should be understood that both the foregoing general description and the following detailed description are illustrative and explanatory only and are not intended to limit the scope of the present invention.

1:簽署認證授權系統 1: Signature Authentication and Authorization System

10:簽署網頁服務模組 10: Signature web service module

11:簽署請求 11: Signature Request

20:用戶管理模組 20: User Management Module

21:用戶行為日誌 21: User behavior log

30:行為分析模組 30: Behavior Analysis Module

31:用戶行為資料 31: User behavior data

32:行為指標 32: Behavioral indicators

40:行為評分模組 40: Behavior Scoring Module

41:行為分數 41: Behavior score

42:優先權 42: Priority

43:預測模型 43: Prediction Model

50:JSON網路令牌管控模組 50:JSON network token management module

51:JSON網路令牌 51:JSON Network Token

52:標頭 52: Header

53:酬載 53: Payload

54:簽名 54:Signature

60:簽署服務介接應用程式介面 60: Signature Service Interface Application Programming Interface

61:應用程式介面 61: Application Programming Interface

A:用戶端 A: Client

B:身份資訊 B: Identity information

S1至S5:步驟 S1 to S5: Steps

圖1為本發明之簽署認證授權系統之架構示意圖。 Figure 1 is a schematic diagram of the signature authentication and authorization system of the present invention.

圖2為本發明之簽署認證授權方法之流程示意圖。 Figure 2 is a schematic diagram of the signature authentication and authorization process of the present invention.

以下藉由特定的具體實施形態說明本發明之實施方式,熟悉此技術之人士可由本說明書所揭示之內容瞭解本發明之其他優點與功效,亦可因而藉由其他不同具體等同實施形態加以施行或運用。 The following describes the implementation of the present invention using specific embodiments. Those skilled in the art will understand the other advantages and benefits of the present invention from the disclosure herein and will be able to implement or utilize the present invention through other equivalent embodiments.

圖1為本發明之簽署認證授權系統1之架構示意圖。如圖1所示,簽署認證授權系統1可包括互相通訊連結之一簽署網頁服務模組10、一用戶管理模組20、一行為分析模組30、一行為評分模組40、一JSON網路令牌管控模組50與一簽署服務介接應用程式介面(API)60等。 Figure 1 is a schematic diagram of the signature authentication and authorization system 1 of the present invention. As shown in Figure 1, the signature authentication and authorization system 1 may include a signature web service module 10, a user management module 20, a behavior analysis module 30, a behavior scoring module 40, a JSON network token management module 50, and a signature service interface application programming interface (API) 60, all of which are interconnected.

在一實施例中,簽署網頁服務模組10可分別通訊連結用戶端A、用戶管理模組20與行為分析模組30等,用戶管理模組20可進一步通訊連結行為分析模組30、行為評分模組40、JSON網路令牌管控模組50與簽署服務介接應用程式介面(API)60等,行為評分模組40可進一步通訊連結行為分析模組30與JSON網路令牌管控模組50等,JSON網路令牌管控模組50可進一步通訊連結簽署服務介接應用程式介面(API)60等。 In one embodiment, the signature web service module 10 can communicate with client A, the user management module 20, and the behavior analysis module 30. The user management module 20 can further communicate with the behavior analysis module 30, the behavior scoring module 40, the JSON network token management module 50, and the signature service interface application programming interface (API) 60. The behavior scoring module 40 can further communicate with the behavior analysis module 30 and the JSON network token management module 50. The JSON network token management module 50 can further communicate with the signature service interface application programming interface (API) 60.

在一實施例中,用戶端A可為用戶(使用者)、客戶端、會員及/或所使用之電子裝置,且電子裝置可為智慧型手機、智慧型手錶、平板電腦、個人電腦、桌上型電腦、筆記型電腦等。簽署網頁服務模組10可為簽署網頁服務前台、簽署網頁服務伺服器、簽署網頁服務軟體、網頁登入服務軟體、網頁登入服務介面等,用戶管理模組20可為用戶管理裝置、用戶管理伺服器、用戶管理系統、用戶管理軟體、會員管理模組、會員管理系統等。行為分析模組30可為行為分析器(晶片/電路)、行為分析軟體(程式)等,行為評分模組40可為行為評分器(晶片/電路)、行為評分軟體(程式)、行為分數預測器(晶片/電路)、行為分數預測軟體(程式)等,JSON網路令牌管控模組50可為JSON網路令牌控制器(晶片/電路)、JSON網路令牌管控軟體(程式)等。 In one embodiment, client A can be a user, client, member, and/or electronic device used. The electronic device can be a smartphone, smartwatch, tablet, personal computer, desktop computer, laptop, etc. The signature web service module 10 can be a signature web service frontend, a signature web service server, signature web service software, web login service software, web login service interface, etc. The user management module 20 can be a user management device, a user management server, a user management system, user management software, a member management module, a member management system, etc. The behavior analysis module 30 can be a behavior analyzer (chip/circuit), behavior analysis software (program), etc. The behavior scoring module 40 can be a behavior scorer (chip/circuit), behavior scoring software (program), behavior score predictor (chip/circuit), behavior score prediction software (program), etc. The JSON network token management module 50 can be a JSON network token controller (chip/circuit), JSON network token management software (program), etc.

在一實施例中,行為分析模組30所分析出之用戶端A之複數行為指標32可包括用戶端A之活動頻率(activity frequency)、筆數(transaction count)、API平均執行時間(API average execution time)、請求頻率、登入頻率、登入次數、訪問歷史、訪問之資源(頁面)與操作之敏感性等其中數者(如至少二者)。例如,活動頻率可為每小時之請求次數,筆數可為每日之操作次數,API平均執行時間可為平均每次API(應用程式介面)執行花費之時間。 In one embodiment, the multiple behavioral indicators 32 of client A analyzed by the behavioral analysis module 30 may include one or more (e.g., at least two) of client A's activity frequency, transaction count, average API execution time, request frequency, login frequency, number of logins, access history, accessed resources (pages), and operation sensitivity. For example, activity frequency may be the number of requests per hour, transaction count may be the number of operations per day, and average API execution time may be the average time spent on each API (application programming interface) execution.

在一實施例中,JSON網路令牌管控模組50所管控(管理/控制)之JSON網路令牌(JWT)51可由下列三個部分組成,[1]標頭(Header)52、[2]酬載(Payload)53、[3]簽名(Signature)54。同時,令牌(Token)亦可稱通證(通行證)、權仗等並具有臨時性之涵義,而酬載(Payload)也可稱載荷等並能紀錄用戶端A之身份資訊B、行為分數41等。 In one embodiment, the JSON Web Token (JWT) 51 managed (managed/controlled) by the JSON Web Token Management Module 50 may be composed of the following three parts: [1] Header 52, [2] Payload 53, and [3] Signature 54. Meanwhile, the token may also be referred to as a pass, a token, etc. and has a temporary meaning, while the payload may also be referred to as a load, etc. and may record the identity information B of the client A, the behavior score 41, etc.

在一實施例中,應用程式介面(API)61可為簽署應用程式介面、查詢應用程式介面、授權應用程式介面、會員功能修改應用程式介面等,身份資訊、用戶日誌資訊、簽署請求亦可分別稱為身份信息、用戶日誌信息、簽署要求。 In one embodiment, the application programming interface (API) 61 may be a signing API, a query API, an authorization API, a member function modification API, etc. Identity information, user log information, and signature request may also be referred to as identity information, user log information, and signature request, respectively.

本發明所述「至少一」代表一個以上(如一、二或三個以上),「複數」代表二個以上(如二、三、四或十個以上),「通訊連結」代表透過資料、訊號、電性、有線方式(如有線網路)、或無線方式(如無線網路)等各種形式互相通訊或連結。但是,本發明並不以各實施例所提及者為限。 As used herein, "at least one" means more than one (e.g., one, two, or three or more), "plurality" means more than two (e.g., two, three, four, or ten or more), and "communication link" means communicating or connecting with each other via various means, such as data, signals, electrical properties, wired means (e.g., wired network), or wireless means (e.g., wireless network). However, the present invention is not limited to the embodiments described herein.

簽署網頁服務模組10可接收至少一(如複數)用戶端A之簽署請求11,以由行為分析模組30依據簽署網頁服務模組10所接收之用戶端A之簽署請求11,從用戶管理模組20所收集(管理)之用戶行為日誌21中擷取出用戶端A先前(如歷史或過往)之複數用戶行為資料31(如訪問頻率、訪問時間、API總執行時間、API執行結果、執行時間區間及/或API執行功能等),再由行為分析模 組30依據用戶端A先前之複數用戶行為資料31分析(計算)出用戶端A之有用之複數行為指標32(如活動頻率、筆數、API平均執行時間等)。 The signature web service module 10 can receive a signature request 11 from at least one (e.g., multiple) client A. Based on the signature request 11 received by the signature web service module 10, the behavior analysis module 30 extracts client A's previous (e.g., historical or past) multiple user behavior data 31 (e.g., access frequency, access time, total API execution time, API execution results, execution time range, and/or API execution function, etc.) from the user behavior log 21 collected (managed) by the user management module 20. The behavior analysis module 30 then analyzes (calculates) client A's previous multiple user behavior data 31 to generate multiple useful behavioral indicators 32 (e.g., activity frequency, number of transactions, average API execution time, etc.) for client A.

當用戶端A登入時,行為評分模組40可依據用戶端A之行為模式(如正常行為/異常行為)動態調整認證之優先權(Priority)42,且行為評分模組40能依據行為分析模組30所分析出之用戶端A之複數行為指標32(如登入頻率、請求頻率、訪問之資源等)判斷用戶端A之可信度與優先權42以計算出用戶端A之行為分數41。同時,行為評分模組40亦可利用有關用戶端A之用戶行為日誌21(如過往行為或過往紀錄等用戶行為紀錄),以動態調整用戶端A之行為分數41與JSON網路令牌(JWT)51之發放策略。 When client A logs in, the behavior scoring module 40 dynamically adjusts the authentication priority 42 based on client A's behavior pattern (e.g., normal behavior/abnormal behavior). Furthermore, the behavior scoring module 40 determines client A's credibility and priority 42 based on multiple behavioral indicators 32 (e.g., login frequency, request frequency, resources accessed, etc.) analyzed by the behavior analysis module 30 to calculate client A's behavior score 41. Furthermore, the behavior scoring module 40 utilizes client A's user behavior log 21 (e.g., past behavior or past records) to dynamically adjust client A's behavior score 41 and the issuance policy for JSON Web Tokens (JWTs) 51.

例如,行為評分模組40能對具有可信度高於門檻值(高度可信)之用戶端A發放有效期較長之JSON網路令牌(JWT)51,亦能對具有可信度低於門檻值(低度可信)之用戶端A發放有效期較短之JSON網路令牌(JWT)51或限制用戶端A之訪問權限。如果用戶端A表現出異常活動(如可疑活動),則行為評分模組40可降低用戶端A之權限之優先權42,以確保系統之安全性。相反地,如果用戶端A為一個經常使用之合法用戶,則行為評分模組40可提高用戶端A之權限之優先權42。因此,本發明之行為評分模組40能通過動態調整用戶端A之權限之優先權42,以使JSON網路令牌(JWT)51之簽署認證授權機制更加智能與靈活。 For example, the behavior scoring module 40 can issue a JSON Web Token (JWT) 51 with a longer validity period to a client A whose trustworthiness exceeds a threshold (high trustworthiness). Alternatively, it can issue a JSON Web Token (JWT) 51 with a shorter validity period to a client A whose trustworthiness falls below a threshold (low trustworthiness), or restrict the access permissions of client A. If client A exhibits unusual activity (e.g., suspicious activity), the behavior scoring module 40 can lower the priority 42 of client A's permissions to ensure system security. Conversely, if client A is a regular and legitimate user, the behavior scoring module 40 can increase the priority 42 of client A's permissions. Therefore, the behavior scoring module 40 of the present invention can dynamically adjust the priority 42 of the permissions of client A to make the signing, authentication, and authorization mechanism of the JSON Web Token (JWT) 51 more intelligent and flexible.

本發明提出基於用戶端A之複數行為指標32動態調整JSON網路令牌(JWT)51之酬載(Payload)53中之行為分數41以進行管理授權之應用方法。每次用戶端A登入時,JSON網路令牌管控模組50會針對用戶端A生成一個JSON網路令牌(JWT)51,以由JSON網路令牌管控模組50將用戶端A之身 份資訊B與行為分數41自動嵌入有關用戶端A之JSON網路令牌(JWT)51之酬載(Payload)53中。 This invention proposes an application method for managing authorization by dynamically adjusting the behavior score 41 in the payload 53 of a JSON Web Token (JWT) 51 based on multiple behavioral indicators 32 of client A. Each time client A logs in, the JSON Web Token control module 50 generates a JSON Web Token (JWT) 51 for client A. The JSON Web Token control module 50 then automatically embeds client A's identity information B and the behavior score 41 into the payload 53 of the JSON Web Token (JWT) 51 associated with client A.

用戶端A之行為分數41可由用戶管理模組20所收集之用戶行為日誌21(如用戶行為紀錄或用戶日誌資訊)計算而得,且用戶行為日誌21可包括例如登入次數、訪問之頁面、介接之應用程式介面61等各項敏感性之資訊,其中之應用程式介面61可例如為簽署應用程式介面、查詢應用程式介面、授權應用程式介面、會員功能修改應用程式介面等。 Client A's behavior score 41 can be calculated from the user behavior log 21 (e.g., user behavior records or user log information) collected by the user management module 20. The user behavior log 21 may include various sensitive information such as login times, pages visited, and application program interfaces 61 connected. The application program interfaces 61 may include, for example, the Signature Application Program Interface, the Query Application Program Interface, the Authorization Application Program Interface, and the Member Function Modification Application Program Interface.

行為評分模組40可利用用戶端A之用戶行為日誌21(如用戶行為紀錄或用戶日誌資訊),並依據用戶端A之複數行為指標32計算出用戶端A之行為分數41。亦即,行為評分模組40可依據用戶端A之複數行為指標32(如活動頻率、筆數、API平均執行時間等)精確地計算出用戶端A之行為分數41,再由JSON網路令牌管控模組50將用戶端A之身份資訊B與行為分數41自動嵌入JSON網路令牌(JWT)51之酬載(Payload)53中。 The behavior scoring module 40 utilizes client A's user behavior log 21 (e.g., user behavior records or user log information) and calculates client A's behavior score 41 based on client A's multiple behavioral indicators 32. Specifically, the behavior scoring module 40 accurately calculates client A's behavior score 41 based on client A's multiple behavioral indicators 32 (e.g., activity frequency, number of transactions, average API execution time, etc.). The JSON web token management module 50 then automatically embeds client A's identity information B and the behavior score 41 into the payload 53 of the JSON web token (JWT) 51.

當對用戶端A之JSON網路令牌(JWT)51進行認證或驗證時,由JSON網路令牌管控模組50認證或驗證用戶端A之JSON網路令牌(JWT)51之有效性,俾於用戶端A之JSON網路令牌(JWT)51經認證或驗證為有效時,由JSON網路令牌管控模組51依據JSON網路令牌(JWT)51之酬載(Payload)53中之用戶端A之行為分數41之高低,提供有關用戶端A之不同權限區分之處理方式,以利有效率地管控用戶端A之權限。 When authenticating or validating Client A's JSON Web Token (JWT) 51, the JSON Web Token Management Module 50 authenticates or verifies the validity of Client A's JSON Web Token (JWT) 51. If Client A's JSON Web Token (JWT) 51 is authenticated or verified as valid, the JSON Web Token Management Module 51 provides a method for differentiating permissions for Client A based on the behavior score 41 of Client A in the payload 53 of the JSON Web Token (JWT) 51, thereby efficiently managing the permissions of Client A.

在一實施例中,JSON網路令牌管控模組50可利用JSON網路令牌(JWT)51之酬載(Payload)53中之行為分數41之高低,以針對具有行為分數41高於分數門檻值(如高分或高度可信)之用戶端A提供較高之權限或未限縮之權 限,且針對具有行為分數41低於分數門檻值(如低分或低度可信)之用戶端A提供較低之權限或限縮之權限。 In one embodiment, the JSON Web Token Management Module 50 can utilize the behavior score 41 in the payload 53 of the JSON Web Token (JWT) 51 to provide higher permissions or unrestricted permissions to clients A with a behavior score 41 above a threshold (e.g., a high score or high trustworthiness), and to provide lower permissions or restricted permissions to clients A with a behavior score 41 below a threshold (e.g., a low score or low trustworthiness).

在另一實施例中,JSON網路令牌管控模組50可利用JSON網路令牌(JWT)51之酬載(Payload)53中之行為分數41,以針對具有行為分數41高於第一分數門檻值(如高分或高度可信)之用戶端A提供較高之權限或未限縮之權限,並針對具有行為分數41低於第二分數門檻值(如低分或低度可信)之用戶端A提供較低之權限或限縮之權限,且針對具有行為分數41介於第一分數門檻值與第二分數門檻值(如介於高分與低分或介於高度可信與低度可信)之用戶端A提供中等之權限或稍微限縮之權限,其中,可基於行為分數41介於第一分數門檻值與第二分數門檻值之比例決定其權限。 In another embodiment, the JSON web token control module 50 may utilize the behavior score 41 in the payload 53 of the JSON web token (JWT) 51 to provide higher permissions or unrestricted permissions to a client A having a behavior score 41 higher than a first score threshold (e.g., high score or highly trusted), and to provide higher permissions or unrestricted permissions to a client A having a behavior score 41 lower than a second score threshold (e.g., For client A with a behavior score 41 between a first threshold and a second threshold (e.g., between a high score and a low score, or between high trust and low trust), lower permissions or restricted permissions are provided. Furthermore, for client A with a behavior score 41 between a first threshold and a second threshold (e.g., between a high score and a low score, or between high trust and low trust), medium permissions or slightly restricted permissions are provided. The permissions may be determined based on the ratio of the behavior score 41 between the first threshold and the second threshold.

用戶管理模組20可持續監控用戶端A之用戶行為活動,以於用戶端A每次登入時,由行為評分模組40依據用戶端A之新的用戶行為日誌21(如用戶行為紀錄或用戶日誌資訊)重新評估用戶端A之行為分數41,再由JSON網路令牌管控模組50依據用戶端A之行為分數41發放新的JSON網路令牌(JWT)51,俾由JSON網路令牌管控模組50依據新的JSON網路令牌(JWT)51動態調整用戶端A之權限。 The user management module 20 can continuously monitor the user behavior of client A. Each time client A logs in, the behavior scoring module 40 re-evaluates client A's behavior score 41 based on client A's new user behavior log 21 (such as user behavior records or user log information). The JSON network token control module 50 then issues a new JSON network token (JWT) 51 based on client A's behavior score 41. The JSON network token control module 50 then dynamically adjusts client A's permissions based on the new JSON network token (JWT) 51.

JSON網路令牌管控模組50可對複數用戶端A之JSON網路令牌(JWT)51之有效性進行認證或驗證,以於複數用戶端A之JSON網路令牌(JWT)51經認證或驗證皆為有效時,由JSON網路令牌管控模組50依據複數用戶端A之行為分數41之高低,將複數用戶端A分類為不同(複數)用戶群組,例如,第一、第二及/或第三用戶群組等。 The JSON web token control module 50 can authenticate or verify the validity of the JSON web tokens (JWT) 51 of multiple clients A. If the JSON web tokens (JWT) 51 of multiple clients A are authenticated or verified to be valid, the JSON web token control module 50 can classify the multiple clients A into different user groups (e.g., first, second, and/or third user groups) based on the behavior scores 41 of the multiple clients A.

同時,JSON網路令牌管控模組50可針對不同用戶群組之用戶端A設定不同權限,例如具有風險高於門檻值(高風險)之用戶群組之用戶端A僅能訪問應用程式介面(API)61之受限頁面或受限服務,而具有風險低於門檻值(低風險)之用戶群組之用戶端A則可以不受限制而能訪問應用程式介面(API)61之全部頁面或全部服務。 At the same time, the JSON network token management module 50 can set different permissions for client A in different user groups. For example, client A in a user group with a risk higher than a threshold (high risk) can only access restricted pages or services of the application programming interface (API) 61, while client A in a user group with a risk lower than a threshold (low risk) can access all pages or services of the application programming interface (API) 61 without restrictions.

當用戶端A欲訪問應用程式介面61(如簽署應用程式介面、查詢應用程式介面、授權應用程式介面或會員功能修改應用程式介面)時,JSON網路令牌管控模組50可認證或驗證JSON網路令牌(JWT)51中之簽名54與行為分數41。如果JSON網路令牌(JWT)51為無效、或行為分數41低於分數門檻值(分數過低)而未符合要求,則JSON網路令牌管控模組50可拒絕用戶端A訪問特定之應用程式介面(API)61。 When client A attempts to access an API 61 (such as the Sign API, Query API, Authorize API, or Member Function Modification API), the JSON Web Token Control Module 50 authenticates or verifies the signature 54 and behavior score 41 in the JSON Web Token (JWT) 51. If the JSON Web Token (JWT) 51 is invalid or the behavior score 41 is below the threshold (too low) and does not meet the requirements, the JSON Web Token Control Module 50 may deny client A access to the specific API 61.

圖2為本發明之簽署認證授權方法之流程示意圖,並參閱圖1所示之簽署認證授權系統1一併說明,且簽署認證授權方法可包括例如下列步驟S1至步驟S5所述之技術內容。 Figure 2 is a flowchart illustrating the signature authentication and authorization method of the present invention, and is described together with the signature authentication and authorization system 1 shown in Figure 1. The signature authentication and authorization method may include, for example, the technical contents described in the following steps S1 to S5.

步驟S1:用戶管理模組20可持續收集用戶端A之用戶行為日誌21(如用戶行為紀錄或用戶日誌資訊)。 Step S1: The user management module 20 can continuously collect the user behavior log 21 of client A (such as user behavior records or user log information).

步驟S2:每次用戶端A欲向簽署服務介接應用程式介面(API)60申請簽署(如簽名/簽章)相關之服務或文件時,行為分析模組30可擷取用戶端A之用戶行為日誌21中之特定欄位(如欲分析之欄位)與特定時間區間(如欲分析之登入時間至登出時間之時間區間)之複數用戶行為資料31進行分析,以得到用戶端A之複數行為指標32(如活動頻率、筆數、API平均執行時間等)。 Step S2: Each time client A requests a signature (e.g., signature/stamp)-related service or document from the signing service API 60, the behavior analysis module 30 extracts and analyzes multiple user behavior data 31 from client A's user behavior log 21, including specific fields (e.g., the fields to be analyzed) and specific time periods (e.g., the time period from login time to logout time to be analyzed), to obtain multiple behavioral indicators 32 of client A (e.g., activity frequency, number of transactions, average API execution time, etc.).

步驟S3:行為評分模組40可利用行為分析模組30所得到之複數行為指標32以計算(推估)出用戶端A之行為分數41。 Step S3: The behavior scoring module 40 can use the multiple behavior indicators 32 obtained by the behavior analysis module 30 to calculate (estimate) the behavior score 41 of client A.

步驟S4:JSON網路令牌管控模組50可將用戶端A之身份資訊B與行為分數41自動嵌入JSON網路令牌(JWT)51之酬載(Payload)53中。 Step S4: The JSON Web Token Management Module 50 can automatically embed the identity information B and behavior score 41 of client A into the payload 53 of the JSON Web Token (JWT) 51.

步驟S5:JSON網路令牌管控模組50可認證或驗證JSON網路令牌(JWT)51,以於JSON網路令牌(JWT)51為無效、或酬載(Payload)53中之行為分數41低於分數門檻值(如行為分數41過低)時,由JSON網路令牌管控模組50拒絕將用戶端A介接至特定之應用程式介面(API)61。 Step S5: The JSON Web Token control module 50 may authenticate or verify the JSON Web Token (JWT) 51. If the JSON Web Token (JWT) 51 is invalid or the behavior score 41 in the payload 53 is below a threshold (e.g., the behavior score 41 is too low), the JSON Web Token control module 50 may refuse to connect client A to the specified application programming interface (API) 61.

舉例而言,本發明之簽署認證授權系統1及其方法中,行為評分模組40可依據用戶端A之用戶行為日誌21(如過往行為或過往紀錄等用戶行為紀錄)動態調整欲簽署授權之優先權42,以利提升系統之效能與安全性。例如,用戶端A欲執行簽署服務或文件前已具備會員身份,且用戶端A可登入簽署網頁服務模組10(如簽署網頁服務前台或網頁登入服務軟體)。 For example, in the signature authentication and authorization system 1 and method of the present invention, the behavior scoring module 40 can dynamically adjust the priority 42 of authorized signatures based on the user behavior log 21 of client A (e.g., past actions or records), thereby improving system performance and security. For example, client A has already obtained membership status before executing a signing service or document, and client A can log in to the signing web service module 10 (e.g., a signing web service front desk or web login service software).

當簽署網頁服務模組10接收到用戶端A欲執行之簽署請求11時,行為分析模組30可從用戶管理模組20所收集(管理)之用戶行為日誌21中擷取出用戶端A先前之複數用戶行為資料31(如訪問頻率、訪問時間、API總執行時間、API執行結果、執行時間區間及/或API執行功能等),以由行為分析模組30依據用戶端A先前之複數用戶行為資料31分析(計算)出用戶端A之有用之複數行為指標32(如活動頻率、筆數、API平均執行時間等)。接著,行為評分模組40可利用邏輯迴歸(Logistic Regression;LR)法或人工智慧(AI)技術以依據用戶端A之複數行為指標32生成評分或預測出用戶端A之行為分數41。 When the signature web service module 10 receives a signature request 11 from client A, the behavior analysis module 30 can extract client A's previous multiple user behavior data 31 (such as access frequency, access time, total API execution time, API execution results, execution time range, and/or API execution function, etc.) from the user behavior log 21 collected (managed) by the user management module 20. Based on client A's previous multiple user behavior data 31, the behavior analysis module 30 analyzes (calculates) client A's useful multiple behavior indicators 32 (such as activity frequency, number of transactions, average API execution time, etc.). Next, the behavior scoring module 40 can use Logistic Regression (LR) or artificial intelligence (AI) technology to generate a score based on the multiple behavioral indicators 32 of client A or predict the behavior score 41 of client A.

在一實施例中,此人工智慧(AI)技術可為卷積神經網路(Convolutional Neural Network;CNN)、遞歸神經網路(Recurrent Neural Network;RNN)、長短期記憶(Long Short-Term Memory;LSTM)網路、機器學習(Machine Learning;ML)法、深度學習(Deep Learning;DL)法等各種神經網路或AI演算法,但不以此為限。 In one embodiment, the artificial intelligence (AI) technology may be various neural networks or AI algorithms, such as convolutional neural networks (CNN), recurrent neural networks (RNN), long short-term memory (LSTM), machine learning (ML), and deep learning (DL), but is not limited thereto.

亦即,當用戶端A發動簽署請求11時,行為分析模組30可透過用戶管理模組20擷取用戶行為日誌21之特定時間之複數用戶行為資料31,以由行為分析模組30依據複數用戶行為資料31分析/整理出用戶端A之複數行為指標32(如活動頻率、筆數、API平均執行時間等)。然後,行為評分模組40可利用邏輯迴歸(LR)法或人工智慧(AI)技術依據用戶端A之複數行為指標32以預測出用戶端A之行為分數41。例如,行為評分模組40可將用戶端A之複數行為指標32視為複數特徵(features),並將用戶端A之行為分數41(如最終行為分數)視為目標變數(target variable),再利用邏輯迴歸(LR)法或人工智慧(AI)技術依據用戶端A之複數行為指標32預測出用戶端A之行為分數41。 Specifically, when client A initiates a signature request 11, the behavior analysis module 30 can retrieve multiple user behavior data 31 from the user behavior log 21 at a specific time through the user management module 20. Based on this multiple user behavior data 31, the behavior analysis module 30 can analyze and organize multiple behavior indicators 32 of client A (such as activity frequency, number of transactions, average API execution time, etc.). The behavior scoring module 40 can then use logical regression (LR) or artificial intelligence (AI) technology to predict a behavior score 41 for client A based on these multiple behavior indicators 32. For example, the behavior scoring module 40 may treat the multiple behavior indicators 32 of client A as multiple features and the behavior score 41 of client A (e.g., the final behavior score) as the target variable. It then uses logical regression (LR) or artificial intelligence (AI) technology to predict the behavior score 41 of client A based on the multiple behavior indicators 32 of client A.

申言之,本發明之簽署認證授權系統1及其方法可包括下列程序[1]至程序[7]所述之技術內容。 In other words, the signature authentication authorization system 1 and its method of the present invention may include the technical contents described in the following procedures [1] to [7].

[1]資料收集:用戶管理模組20可收集用戶端A之用戶行為日誌21,以將用戶行為日誌21整理成至少一資料集,且此資料集中之每筆資料可包括行為指標32與相應之行為分數41。 [1] Data collection: The user management module 20 can collect the user behavior log 21 of the client A to organize the user behavior log 21 into at least one data set, and each data in the data set can include a behavior indicator 32 and a corresponding behavior score 41.

[2]資料前處理:行為評分模組40可對用戶管理模組20所整理或集中管理之用戶行為日誌21之資料進行清理、填充缺失值及/或標準化等操作。 [2] Data pre-processing: The behavior scoring module 40 can clean, fill in missing values and/or standardize the data of the user behavior log 21 organized or centrally managed by the user management module 20.

[3]特徵選擇:行為評分模組40可從用戶端A之複數行為指標32中選擇要用於預測之複數特徵。例如,行為評分模組40可選擇用戶端A之活動頻率、筆數與API平均執行時間等複數行為指標32作為複數特徵。 [3] Feature selection: The behavior scoring module 40 can select multiple features to be used for prediction from the multiple behavior indicators 32 of client A. For example, the behavior scoring module 40 can select multiple behavior indicators 32 of client A, such as activity frequency, number of transactions, and average API execution time, as multiple features.

[4]建立預測模型43:行為評分模組40可利用邏輯迴歸(LR)法或人工智慧技術(如AI演算法),以自動地建立可預測用戶端A之行為分數41之邏輯迴歸(LR)模型或人工智慧(AI)模型作為預測模型43。 [4] Establishing a prediction model 43: The behavior scoring module 40 may utilize a logical regression (LR) method or artificial intelligence technology (such as an AI algorithm) to automatically establish a logical regression (LR) model or an artificial intelligence (AI) model that can predict the behavior score 41 of the client A as the prediction model 43.

[5]訓練預測模型43:行為評分模組40可利用訓練資料集訓練邏輯迴歸(LR)模型或人工智慧(AI)模型以作為預測模型43,以使邏輯迴歸(LR)模型或人工智慧(AI)模型等預測模型43學習用戶端A之複數行為指標32(複數特徵)之值與行為分數41之間的關係。同時,邏輯迴歸(LR)模型或人工智慧模型等預測模型43之輸入為用戶端A之複數行為指標32(複數特徵),且複數行為指標32(複數特徵)會通過邏輯迴歸(LR)模型或人工智慧模型等預測模型43之分析或處理,以得到邏輯迴歸(LR)模型或人工智慧模型等預測模型43之輸出為用戶端A之行為分數41,如下列程序[6]所述。 [5] Training the prediction model 43: The behavior scoring module 40 may use the training data set to train a logical regression (LR) model or an artificial intelligence (AI) model as a prediction model 43, so that the prediction model 43 such as the logical regression (LR) model or the artificial intelligence (AI) model learns the relationship between the values of the multiple behavior indicators 32 (multiple features) of the client A and the behavior score 41. At the same time, the input of the prediction model 43 such as the logical regression (LR) model or the artificial intelligence model is the multiple behavior indicators 32 (multiple features) of the client A, and the multiple behavior indicators 32 (multiple features) will be analyzed or processed by the prediction model 43 such as the logical regression (LR) model or the artificial intelligence model to obtain the output of the prediction model 43 such as the logical regression (LR) model or the artificial intelligence model as the behavior score 41 of the client A, as described in the following procedure [6].

[6]預測行為分數41:在行為分析模組30從欲預測之用戶行為日誌21之複數用戶行為資料31中分析出用戶端A之複數行為指標32後,行為評分模組40可將用戶端A之複數行為指標32輸入已完成訓練之邏輯迴歸(LR)模型或人工智慧(AI)模型等預測模型43中,以進一步預測出用戶端A之行為分數41。接著,行為評分模組40於計算出用戶端A之行為分數41(如行為分數總分)後,可依據用戶端A之行為分數41動態調整JSON網路令牌(JWT)51之發放策略。然後,行為評分模組40可在JSON網路令牌(JWT)51之酬載(Payload)53中 添加一個自定義之優先權(Priority)42之欄位,以將用戶端A之行為分數41之值作為優先權42之欄位之值。 [6] Predicting behavior score 41: After the behavior analysis module 30 analyzes the multiple behavior indicators 32 of client A from the multiple user behavior data 31 in the user behavior log 21 to be predicted, the behavior scoring module 40 can input the multiple behavior indicators 32 of client A into the prediction model 43 such as the trained logical regression (LR) model or artificial intelligence (AI) model to further predict the behavior score 41 of client A. Then, after calculating the behavior score 41 of client A (such as the total behavior score), the behavior scoring module 40 can dynamically adjust the issuance strategy of the JSON web token (JWT) 51 according to the behavior score 41 of client A. The behavior scoring module 40 can then add a custom priority 42 field to the payload 53 of the JSON Web Token (JWT) 51, using the value of client A's behavior score 41 as the value of the priority 42 field.

[7]授予權限或限制權限:JSON網路令牌管控模組50可依據用戶端A之不同高低之行為分數41授予較高之權限、較低之權限或限制權限。當用戶端A之行為分數41低於分數門檻值(分數較低)時,JSON網路令牌管控模組50可限制用戶端A僅准許訪問特定之資源、頁面或服務,亦可限制或拒絕用戶端A介接至特定之應用程式介面(API)61。例如,在簽署服務介接應用程式介面(API)60進行應用程式介面(API)請求時,先由JSON網路令牌管控模組50認證或驗證用戶端A之JSON網路令牌(JWT)51,再由JSON網路令牌管控模組50利用認證或驗證機制依據低於分數門檻值之行為分數41而拒絕用戶端A訪問特定之應用程式介面(API)61。 [7] Granting or restricting permissions: The JSON network token control module 50 can grant higher permissions, lower permissions, or restrict permissions based on the different behavior scores 41 of client A. When the behavior score 41 of client A is lower than the score threshold (low score), the JSON network token control module 50 can restrict client A to only allow access to specific resources, pages, or services, and can also restrict or deny client A from connecting to a specific application programming interface (API) 61. For example, when signing a service interface API 60 to make an API request, the JSON Web Token Control Module 50 first authenticates or verifies the JSON Web Token (JWT) 51 of Client A. The JSON Web Token Control Module 50 then uses the authentication or verification mechanism to deny Client A access to the specified API 61 if the behavior score 41 is below the score threshold.

再者,本發明之簽署認證授權系統1及其方法中,有關「申請授權方法」可包括下列程序[1]至程序[6]所述之技術內容。 Furthermore, in the signature authentication authorization system 1 and its method of the present invention, the "application authorization method" may include the technical contents described in the following procedures [1] to [6].

[1]簽署網頁服務模組10(如簽署網頁服務前台)接收用戶端A之簽署請求11。 [1] The signature web service module 10 (such as the signature web service front end) receives the signature request 11 from the client A.

[2]行為分析模組30透過用戶管理模組20擷取用戶端A之用戶行為日誌21以進行用戶端A之行為分析。亦即,行為分析模組30可依據行為分析策略對用戶端A之前一次或前數次登入所留存之紀錄進行行為分析,以由行為分析模組30將用戶端A先前之複數用戶行為資料31(如訪問頻率、訪問時間、API總執行時間、API執行結果、執行時間區間及/或API執行功能等)轉換成複數行為指標32。 [2] The behavior analysis module 30 captures the user behavior log 21 of client A through the user management module 20 to perform behavior analysis on client A. That is, the behavior analysis module 30 can perform behavior analysis on the records retained by client A's previous one or several logins according to the behavior analysis strategy, so that the behavior analysis module 30 converts the client A's previous multiple user behavior data 31 (such as access frequency, access time, total API execution time, API execution results, execution time range and/or API execution function, etc.) into multiple behavior indicators 32.

[3]行為評分模組40依據自訂或預設之預測方式對複數行為指標32進行評分。亦即,行為評分模組40可將用戶端A之複數行為指標32視為複數特徵(features),並將最終之行為分數41視為目標變數(target variable),以由行為評分模組40利用邏輯迴歸(LR)法或人工智慧(AI)技術等各種選定之方式,將複數行為指標32轉換成用戶端A之行為分數41。 [3] The behavior scoring module 40 scores the multiple behavior indicators 32 according to a custom or preset prediction method. That is, the behavior scoring module 40 can regard the multiple behavior indicators 32 of client A as multiple features and the final behavior score 41 as a target variable. The behavior scoring module 40 uses various selected methods such as logical regression (LR) method or artificial intelligence (AI) technology to convert the multiple behavior indicators 32 into the behavior score 41 of client A.

[4]行為評分模組40訂立策略並依據行為分數41動態調整用戶端A之權限。亦即,行為評分模組40可將用戶端A之行為分數41作為權限之動態調整(如調升或調降)之依據,例如行為評分模組40可動態調整JSON網路令牌(JWT)51之有效期之長短,亦可准許或拒絕用戶端A所申請之簽署請求11(如授權請求)。 [4] The behavior scoring module 40 establishes policies and dynamically adjusts the permissions of client A based on the behavior score 41. That is, the behavior scoring module 40 can use the behavior score 41 of client A as a basis for dynamic adjustment (such as increase or decrease) of permissions. For example, the behavior scoring module 40 can dynamically adjust the validity period of the JSON Web Token (JWT) 51, and can also approve or reject the signature request 11 (such as an authorization request) applied for by client A.

[5]JSON網路令牌管控模組50將用戶端A之身份資訊B與行為分數41自動嵌入JSON網路令牌(JWT)51之酬載(Payload)53中。 [5] The JSON Web Token Management Module 50 automatically embeds the identity information B and behavior score 41 of client A into the payload 53 of the JSON Web Token (JWT) 51.

[6]用戶管理模組20持續更新用戶端A之用戶行為日誌21,以由行為評分模組40依據新的行為分數41動態調整用戶端A之權限。亦即,每次簽署網頁服務模組10接收到用戶端A之簽署請求11時,行為評分模組40會重新計算用戶端A之行為分數41,以使行為分數41經由JSON網路令牌管控模組50嵌入JSON網路令牌(JWT)51之酬載(Payload)53中,俾由JSON網路令牌管控模組50持續依照已重新計算之行為分數41來動態調整或更新JSON網路令牌(JWT)51。 [6] The user management module 20 continuously updates the user behavior log 21 of client A so that the behavior scoring module 40 can dynamically adjust the permissions of client A based on the new behavior score 41. That is, each time the signature web service module 10 receives a signature request 11 from client A, the behavior scoring module 40 will recalculate the behavior score 41 of client A so that the behavior score 41 is embedded in the payload 53 of the JSON web token (JWT) 51 through the JSON web token control module 50, so that the JSON web token control module 50 can continuously dynamically adjust or update the JSON web token (JWT) 51 based on the recalculated behavior score 41.

另外,本發明之簽署認證授權系統1及其方法中,有關「JSON網路令牌(JWT)51之認證或驗證方法」可包括下列程序[1]至程序[3]所述之技術內容。 In addition, in the signature authentication authorization system 1 and its method of the present invention, the "Authentication or Verification Method of JSON Web Token (JWT) 51" may include the technical contents described in the following procedures [1] to [3].

[1]JSON網路令牌管控模組50認證或驗證用戶端A之JSON網路令牌(JWT)51之有效性。 [1] The JSON Web Token Management Module 50 authenticates or verifies the validity of the JSON Web Token (JWT) 51 of Client A.

[2]依據JSON網路令牌管控模組50所訂立之策略進行管控。亦即,JSON網路令牌管控模組50可採用已嵌入JSON網路令牌(JWT)51之酬載(Payload)53中之行為分數41作為權限之動態調整或管控之依據。 [2] Control is performed based on the policy established by the JSON Web Token Control Module 50. That is, the JSON Web Token Control Module 50 can use the behavior score 41 embedded in the payload 53 of the JSON Web Token (JWT) 51 as the basis for dynamic adjustment or control of permissions.

[3]當JSON網路令牌管控模組50認證或驗證通過JSON網路令牌(JWT)51之有效性時,JSON網路令牌管控模組50依據JSON網路令牌(JWT)51之酬載(Payload)53中之行為分數41之高低,以判斷應准許或拒絕用戶端A執行簽署服務介接應用程式介面(API)60或者訪問應用程式介面(API)61。 [3] When the JSON Web Token Control Module 50 authenticates or verifies the validity of the JSON Web Token (JWT) 51, the JSON Web Token Control Module 50 determines whether to allow or deny Client A to execute the signing service interface application programming interface (API) 60 or access the application programming interface (API) 61 based on the behavior score 41 in the payload 53 of the JSON Web Token (JWT) 51.

此外,本發明還提供一種針對簽署認證授權方法之電腦可讀媒介,係應用於具有處理器與記憶體之計算裝置或電腦中,且電腦可讀媒介儲存有指令,並可利用計算裝置或電腦透過處理器與記憶體執行電腦可讀媒介,以於執行電腦可讀媒介時,執行上述內容。在另一實施例中,此電腦可讀媒介係非暫時性(non-transitory)之電腦可讀儲存媒介。 The present invention also provides a computer-readable medium for a signature authentication and authorization method, which is applied to a computing device or computer having a processor and memory. The computer-readable medium stores instructions, and the computing device or computer can execute the computer-readable medium through the processor and memory. When the computer-readable medium is executed, the aforementioned contents are executed. In another embodiment, the computer-readable medium is a non-transitory computer-readable storage medium.

在一實施例中,處理器可為中央處理器(CPU)、圖形處理器(GPU)、微處理器(MPU)、微控制器(MCU)、人工智慧(AI)處理器等,記憶體可為隨機存取記憶體(RAM)、唯讀記憶體(ROM)、快閃(Flash)記憶體、記憶卡、硬碟(如雲端/網路/外接式硬碟)、光碟、隨身碟、資料庫等,且計算裝置或電腦可為計算機、智慧手機、平板電腦、個人電腦、筆記型電腦、桌上型電腦、伺服器(如雲端/遠端/網路/人工智慧伺服器)等。 In one embodiment, the processor may be a central processing unit (CPU), a graphics processing unit (GPU), a microprocessor (MPU), a microcontroller (MCU), an artificial intelligence (AI) processor, etc.; the memory may be random access memory (RAM), read-only memory (ROM), flash memory, a memory card, a hard drive (such as a cloud/network/external hard drive), an optical disk, a flash drive, a database, etc.; and the computing device or computer may be a computer, a smartphone, a tablet, a personal computer, a laptop, a desktop computer, a server (such as a cloud/remote/network/AI server), etc.

綜上,本發明之簽署認證授權系統1、方法及電腦可讀媒介係至少具有下列特色、優點或技術功效。 In summary, the signature authentication and authorization system 1, method, and computer-readable medium of the present invention have at least the following features, advantages, or technical effects.

一、本發明之簽署網頁服務模組10能自動接收用戶端A之簽署請求,以利行為分析模組30能自動地依據用戶端A之用戶行為日誌21分析出複數行為指標32,亦利行為評分模組40能善用複數行為指標32判斷用戶端A之可信度與優先權42,也能依據複數行為指標32精確地計算出用戶端A之行為分數41。 1. The signature web service module 10 of the present invention can automatically receive signature requests from client A, enabling the behavior analysis module 30 to automatically analyze multiple behavior indicators 32 based on client A's user behavior log 21. This also enables the behavior scoring module 40 to utilize these multiple behavior indicators 32 to determine client A's credibility and priority 42, and accurately calculate client A's behavior score 41 based on these multiple behavior indicators 32.

二、本發明之行為評分模組40能依據用戶端A之用戶行為日誌21或行為模式動態調整欲簽署授權或認證之優先權42,以利提升系統之效能與安全性。 2. The behavior scoring module 40 of the present invention can dynamically adjust the priority 42 of signing authorization or authentication based on the user behavior log 21 or behavior pattern of client A, thereby improving the performance and security of the system.

三、本發明之行為評分模組40能善用用戶端A之用戶行為日誌21以動態調整用戶端A之行為分數41與JSON網路令牌(JWT)51之發放策略,亦能通過動態調整用戶端A之權限之優先權42,以使JSON網路令牌(JWT)51之簽署認證授權機制更加智能與靈活。 3. The behavior scoring module 40 of the present invention can leverage client A's user behavior log 21 to dynamically adjust client A's behavior score 41 and the issuance policy for the JSON Web Token (JWT) 51. It can also dynamically adjust client A's permission priority 42 to make the signing, authentication, and authorization mechanism for the JSON Web Token (JWT) 51 more intelligent and flexible.

四、本發明之行為評分模組40能依據複數行為指標32自動地計算出用戶端A之行為分數41,以利於JSON網路令牌管控模組50將身份資訊B與行為分數41自動嵌入JSON網路令牌(JWT)51之酬載(Payload)53中,俾有效地作為權限之動態調整或管控之依據。 4. The behavior scoring module 40 of the present invention can automatically calculate a behavior score 41 for client A based on multiple behavior indicators 32, enabling the JSON web token management module 50 to automatically embed identity information B and the behavior score 41 into the payload 53 of the JSON web token (JWT) 51, effectively serving as a basis for dynamic adjustment or control of permissions.

五、本發明之JSON網路令牌管控模組50能以JSON網路令牌(JWT)51作為用戶端A之身份認證或驗證機制之依據,亦能將用戶端A之身份資訊B與行為分數41等有關權限之優先權42之參數自動嵌入JSON網路令牌(JWT)51之酬載(Payload)53中,俾利於有效確保安全之用戶端A之訪問,亦利於達成同時考量優先權42及支援認證授權之簽署認證授權系統1。 5. The JSON Web Token Management Module 50 of the present invention can use a JSON Web Token (JWT) 51 as the basis for the identity authentication or verification mechanism of Client A. It can also automatically embed parameters related to the priority 42 of permission, such as Client A's identity information B and behavior score 41, into the payload 53 of the JSON Web Token (JWT) 51, thereby effectively ensuring secure access by Client A and facilitating the establishment of a signed authentication and authorization system 1 that simultaneously considers the priority 42 and supports authentication and authorization.

六、本發明之行為評分模組40能善用邏輯迴歸(LR)法或人工智慧(AI)技術,以利於依據用戶端A之複數行為指標32迅速地生成評分或精確地計算出用戶端A之行為分數41。 6. The behavior scoring module 40 of the present invention can make use of logical regression (LR) or artificial intelligence (AI) technology to quickly generate a score or accurately calculate the behavior score 41 of client A based on the multiple behavioral indicators 32 of client A.

七、本發明之行為評分模組40能善用邏輯迴歸(LR)法或人工智慧技術(如AI演算法),以自動地建立可預測行為分數41之邏輯迴歸(LR)模型或人工智慧(AI)模型作為預測模型43,俾利於透過預測模型43迅速地預測出用戶端A之行為分數41。 7. The behavior scoring module 40 of the present invention can utilize logical regression (LR) methods or artificial intelligence technology (such as AI algorithms) to automatically establish a logical regression (LR) model or artificial intelligence (AI) model that can predict the behavior score 41 as a prediction model 43, thereby facilitating the rapid prediction of the behavior score 41 of client A through the prediction model 43.

八、本發明之JSON網路令牌管控模組50能有效地依據用戶端A之不同之行為分數41授予各種之權限(如未限制權限、受限制權限等),亦能依據JSON網路令牌(JWT)51之酬載(Payload)53中之行為分數41有效率地判斷應准許或拒絕用戶端A執行簽署服務介接應用程式介面(API)60或者訪問應用程式介面(API)61。 8. The JSON Web Token Management Module 50 of the present invention can effectively grant various permissions (such as unrestricted permissions, restricted permissions, etc.) to Client A based on its different behavior scores 41. It can also effectively determine whether to allow or deny Client A to execute the signing service API 60 or access the API 61 based on the behavior score 41 in the payload 53 of the JSON Web Token (JWT) 51.

九、本發明之JSON網路令牌管控模組50能支持不同(複數)用戶群組之用戶端A,且不同用戶群組之用戶端A可具有不同權限,以利於有效限制高風險之用戶群組之用戶端A僅能訪問應用程式介面(API)61之受限頁面或服務,亦利於低風險之用戶群組之用戶端A不會受到限制而能即時地訪問應用程式介面(API)61之全部頁面或服務。 9. The JSON network token control module 50 of the present invention can support clients A from different (plural) user groups, and clients A from different user groups can have different permissions. This effectively restricts clients A from high-risk user groups to only access restricted pages or services of the application programming interface (API) 61, while also ensuring that clients A from low-risk user groups are not restricted and can access all pages or services of the application programming interface (API) 61 in real time.

上述實施形態僅例示性說明本發明之原理、特點及其功效,並非用以限制本發明之可實施範疇,任何熟習此項技藝之人士均能在不違背本發明之精神及範疇下,對上述實施形態進行修飾與改變。任何使用本發明所揭示內容而完成之等效改變及修飾,均仍應為申請專利範圍所涵蓋。因此,本發明之權利保護範圍應如申請專利範圍所列。 The above embodiments are merely illustrative of the principles, features, and effects of the present invention and are not intended to limit the scope of its implementation. Anyone skilled in the art may modify and alter the above embodiments without departing from the spirit and scope of the present invention. Any equivalent changes and modifications achieved using the disclosure of this invention should still be covered by the scope of the patent application. Therefore, the scope of protection of this invention should be as set forth in the patent application.

1:簽署認證授權系統 1: Signature Authentication and Authorization System

10:簽署網頁服務模組 10: Signature web service module

11:簽署請求 11: Signature Request

20:用戶管理模組 20: User Management Module

21:用戶行為日誌 21: User behavior log

30:行為分析模組 30: Behavior Analysis Module

31:用戶行為資料 31: User behavior data

32:行為指標 32: Behavioral indicators

40:行為評分模組 40: Behavior Scoring Module

41:行為分數 41: Behavior score

42:優先權 42: Priority

43:預測模型 43: Prediction Model

50:JSON網路令牌管控模組 50:JSON network token management module

51:JSON網路令牌 51:JSON Network Token

52:標頭 52: Header

53:酬載 53: Payload

54:簽名 54:Signature

60:簽署服務介接應用程式介面 60: Signature Service Interface Application Programming Interface

61:應用程式介面 61: Application Programming Interface

A:用戶端 A: Client

B:身份資訊 B: Identity information

Claims (13)

一種簽署認證授權系統,包括: A signature authentication and authorization system, comprising: 一簽署網頁服務模組、一行為分析模組與一行為評分模組,該簽署網頁服務模組用以接收用戶端之簽署請求,以由該行為分析模組依據該簽署網頁服務模組所接收之該用戶端之簽署請求從用戶行為日誌中擷取出該用戶端先前之複數用戶行為資料,再由該行為分析模組依據該用戶端先前之複數用戶行為資料分析出該用戶端之複數行為指標,俾由該行為評分模組依據該行為分析模組所分析出之該用戶端之複數行為指標計算出該用戶端之行為分數;以及 A signature web service module, a behavior analysis module, and a behavior scoring module. The signature web service module is used to receive a signature request from a client, so that the behavior analysis module extracts the client's previous multiple user behavior data from the user behavior log based on the signature request received by the signature web service module. The behavior analysis module then analyzes the client's previous multiple user behavior data to obtain multiple behavior indicators, so that the behavior scoring module calculates the client's behavior score based on the multiple behavior indicators of the client analyzed by the behavior analysis module; and 一JSON網路令牌管控模組,係通訊連結該行為評分模組,以由該JSON網路令牌管控模組將該行為評分模組所計算出之該用戶端之行為分數嵌入有關該用戶端之JSON網路令牌之酬載中,其中,當對該用戶端之JSON網路令牌進行認證或驗證時,由該JSON網路令牌管控模組認證或驗證該用戶端之JSON網路令牌之有效性,俾於該用戶端之JSON網路令牌經認證或驗證為有效時,由該JSON網路令牌管控模組依據該JSON網路令牌之酬載中之該用戶端之行為分數提供有關該用戶端之不同權限區分之處理方式,以供管控該用戶端之權限。 A JSON network token control module is communicatively linked to the behavior scoring module, so that the JSON network token control module embeds the client's behavior score calculated by the behavior scoring module into the payload of the client's JSON network token. When the client's JSON network token is authenticated or verified, the JSON network token control module authenticates or verifies the validity of the client's JSON network token. If the client's JSON network token is authenticated or verified as valid, the JSON network token control module provides a method for differentiating permissions for the client based on the client's behavior score in the payload of the JSON network token, thereby controlling the client's permissions. 如請求項1所述之簽署認證授權系統,其中,該行為評分模組更依據該用戶端之用戶行為給予具有優先權之該JSON網路令牌,且利用該用戶端之用戶行為日誌動態調整該用戶端之行為分數與該JSON網路令牌之發放策略。 The signature authentication and authorization system as described in claim 1, wherein the behavior scoring module further assigns the JSON network token with priority based on the user behavior of the client, and dynamically adjusts the client's behavior score and the issuance policy of the JSON network token using the client's user behavior log. 如請求項1所述之簽署認證授權系統,其中,該JSON網路令牌管控模組更利用該JSON網路令牌之酬載中之該行為分數之高低,以針對具有 該行為分數高於分數門檻值之用戶端提供較高之權限或未限縮之權限,且針對具有該行為分數低於該分數門檻值之用戶端提供較低之權限或限縮之權限。 The signing authentication and authorization system as described in claim 1, wherein the JSON network token control module further utilizes the behavior score in the payload of the JSON network token to provide higher permissions or unrestricted permissions to clients with a behavior score higher than a score threshold, and to provide lower permissions or restricted permissions to clients with a behavior score lower than the score threshold. 如請求項1所述之簽署認證授權系統,其中,該JSON網路令牌管控模組更對複數用戶端之JSON網路令牌之有效性進行認證或驗證,以於該複數用戶端之JSON網路令牌經認證或驗證皆為有效時,由該JSON網路令牌管控模組依據該複數用戶端之行為分數之高低將該複數用戶端分類為不同用戶群組,再由該JSON網路令牌管控模組針對該不同用戶群組之用戶端設定不同權限。 The signing authentication and authorization system as described in claim 1, wherein the JSON network token control module further authenticates or verifies the validity of the JSON network tokens of multiple clients. If the JSON network tokens of the multiple clients are all valid after authentication or verification, the JSON network token control module categorizes the multiple clients into different user groups based on their behavior scores, and then the JSON network token control module sets different permissions for the clients in the different user groups. 如請求項1所述之簽署認證授權系統,更包括一用戶管理模組,其中,當該簽署網頁服務模組接收到該用戶端之簽署請求時,由該行為分析模組從該用戶管理模組所收集之該用戶行為日誌中擷取出該用戶端之複數用戶行為資料,以由該行為分析模組依據該用戶端之複數用戶行為資料分析出該用戶端之複數行為指標,再由該行為評分模組利用邏輯迴歸法或人工智慧技術以依據該用戶端之複數行為指標預測出該用戶端之行為分數。 The signature authentication and authorization system as described in claim 1 further includes a user management module, wherein when the signature web service module receives a signature request from the client, the behavior analysis module extracts multiple user behavior data of the client from the user behavior log collected by the user management module, analyzes the multiple user behavior data of the client to generate multiple behavior indicators of the client, and then the behavior scoring module uses logical regression or artificial intelligence technology to predict the behavior score of the client based on the multiple behavior indicators of the client. 如請求項1所述之簽署認證授權系統,更包括一用戶管理模組,係持續監控該用戶端之用戶行為活動,以於該用戶端每次登入時,由該行為評分模組依據該用戶端之新的用戶行為日誌重新評估該用戶端之行為分數,再由該JSON網路令牌管控模組依據該用戶端之行為分數發放新的JSON網路令牌,俾由該JSON網路令牌管控模組依據該新的JSON網路令牌動態調整該用戶端之權限。 The signing authentication and authorization system described in claim 1 further includes a user management module that continuously monitors the user behavior of the client. Each time the client logs in, the behavior scoring module re-evaluates the client's behavior score based on the client's new user behavior log. The JSON network token management module then issues a new JSON network token based on the client's behavior score, allowing the JSON network token management module to dynamically adjust the client's permissions based on the new JSON network token. 一種簽署認證授權方法,包括: A signature authentication authorization method, comprising: 由一簽署網頁服務模組接收用戶端之簽署請求,以由一行為分析模組依據該簽署網頁服務模組所接收之該用戶端之簽署請求從用戶行為日誌中擷取出該用戶端先前之複數用戶行為資料,再由該行為分析模組依據該用戶端先前之複數用戶行為資料分析出該用戶端之複數行為指標,俾由一行為評分模組依據該行為分析模組所分析出之該用戶端之複數行為指標計算出該用戶端之行為分數;以及 A signature web service module receives a signature request from a client, and a behavior analysis module extracts the client's previous multiple user behavior data from the user behavior log based on the signature request received by the signature web service module. The behavior analysis module then analyzes the client's previous multiple user behavior data to obtain multiple behavior indicators, and a behavior scoring module calculates the client's behavior score based on the multiple behavior indicators of the client analyzed by the behavior analysis module; and 由一JSON網路令牌管控模組將該行為評分模組所計算出之該用戶端之行為分數嵌入有關該用戶端之JSON網路令牌之酬載中,其中,當對該用戶端之JSON網路令牌進行認證或驗證時,由該JSON網路令牌管控模組認證或驗證該用戶端之JSON網路令牌之有效性,俾於該用戶端之JSON網路令牌經認證或驗證為有效時,由該JSON網路令牌管控模組依據該JSON網路令牌之酬載中之該用戶端之行為分數提供有關該用戶端之不同權限區分之處理方式,以供管控該用戶端之權限。 A JSON network token control module embeds the client's behavior score calculated by the behavior scoring module into the payload of the client's JSON network token. When the client's JSON network token is authenticated or verified, the JSON network token control module authenticates or verifies the validity of the client's JSON network token. If the client's JSON network token is authenticated or verified as valid, the JSON network token control module provides a method for differentiating permissions for the client based on the client's behavior score in the payload of the JSON network token, thereby managing the client's permissions. 如請求項7所述之簽署認證授權方法,更包括由該行為評分模組依據該用戶端之用戶行為給予具有優先權之該JSON網路令牌,且利用該用戶端之用戶行為日誌動態調整該用戶端之行為分數與該JSON網路令牌之發放策略。 The signature authentication authorization method as described in claim 7 further includes the behavior scoring module assigning the JSON network token with priority based on the user behavior of the client, and dynamically adjusting the client's behavior score and the issuance policy of the JSON network token using the client's user behavior log. 如請求項7所述之簽署認證授權方法,更包括由該JSON網路令牌管控模組利用該JSON網路令牌之酬載中之該行為分數之高低,以針對具有該行為分數高於分數門檻值之用戶端提供較高之權限或未限縮之權限,且針對具有該行為分數低於該分數門檻值之用戶端提供較低之權限或限縮之權限。 The signing authentication authorization method as described in claim 7 further includes the JSON network token control module utilizing the behavior score in the payload of the JSON network token to provide higher permissions or unrestricted permissions to clients with a behavior score higher than a score threshold, and to provide lower permissions or restricted permissions to clients with a behavior score lower than the score threshold. 如請求項7所述之簽署認證授權方法,更包括由該JSON網路令牌管控模組對複數用戶端之JSON網路令牌之有效性進行認證或驗證,以於該複數用戶端之JSON網路令牌經認證或驗證皆為有效時,由該JSON網路令牌管控模組依據該複數用戶端之行為分數之高低將該複數用戶端分類為不同用戶群組,再由該JSON網路令牌管控模組針對該不同用戶群組之用戶端設定不同權限。 The signature authentication and authorization method described in claim 7 further includes the JSON network token control module authenticating or verifying the validity of the JSON network tokens of multiple clients. If the JSON network tokens of the multiple clients are all valid after authentication or verification, the JSON network token control module categorizes the multiple clients into different user groups based on their behavior scores, and then the JSON network token control module sets different permissions for the clients in the different user groups. 如請求項7所述之簽署認證授權方法,更包括當該簽署網頁服務模組接收到該用戶端之簽署請求時,由該行為分析模組從一用戶管理模組所收集之該用戶行為日誌中擷取出該用戶端之複數用戶行為資料,以由該行為分析模組依據該用戶端之複數用戶行為資料分析出該用戶端之複數行為指標,再由該行為評分模組利用邏輯迴歸法或人工智慧技術以依據該用戶端之複數行為指標預測出該用戶端之行為分數。 The signature authentication and authorization method as described in claim 7 further includes: when the signature web service module receives the signature request from the client, the behavior analysis module extracts the client's multiple user behavior data from the user behavior log collected by a user management module, analyzes the client's multiple user behavior data by the behavior analysis module to generate multiple behavior indicators of the client, and then uses logical regression or artificial intelligence technology to predict the client's behavior score based on the multiple behavior indicators of the client. 如請求項7所述之簽署認證授權方法,更包括由一用戶管理模組持續監控該用戶端之用戶行為活動,以於該用戶端每次登入時,由該行為評分模組依據該用戶端之新的用戶行為日誌重新評估該用戶端之行為分數,再由該JSON網路令牌管控模組依據該用戶端之行為分數發放新的JSON網路令牌,俾由該JSON網路令牌管控模組依據該新的JSON網路令牌動態調整該用戶端之權限。 The signature authentication and authorization method described in claim 7 further includes a user management module continuously monitoring the user behavior of the client. Each time the client logs in, the behavior scoring module re-evaluates the client's behavior score based on the client's new user behavior log. The JSON network token control module then issues a new JSON network token based on the client's behavior score, allowing the JSON network token control module to dynamically adjust the client's permissions based on the new JSON network token. 一種電腦可讀媒介,應用於計算裝置或電腦中,係儲存有指令,並透過處理器與記憶體執行該電腦可讀媒介,以於執行該電腦可讀媒介時,執行如請求項7至12中任一項所述之簽署認證授權方法。 A computer-readable medium, used in a computing device or computer, stores instructions, and is executed by a processor and memory. When the computer-readable medium is executed, the signature authentication and authorization method described in any one of claims 7 to 12 is executed.
TW113139812A 2024-10-18 2024-10-18 Signature certification authorization system, method and computer readable medium TWI897686B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW113139812A TWI897686B (en) 2024-10-18 2024-10-18 Signature certification authorization system, method and computer readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW113139812A TWI897686B (en) 2024-10-18 2024-10-18 Signature certification authorization system, method and computer readable medium

Publications (1)

Publication Number Publication Date
TWI897686B true TWI897686B (en) 2025-09-11

Family

ID=97832062

Family Applications (1)

Application Number Title Priority Date Filing Date
TW113139812A TWI897686B (en) 2024-10-18 2024-10-18 Signature certification authorization system, method and computer readable medium

Country Status (1)

Country Link
TW (1) TWI897686B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150089605A1 (en) * 2013-09-25 2015-03-26 EVRYTHNG Limited Enabling digital transactions with credential provided by interaction with an object
TW202001640A (en) * 2018-06-22 2020-01-01 美商奧誓公司 Native single sign-on (SSO) for mobile applications
CN118484235A (en) * 2024-07-05 2024-08-13 北京九一科创科技有限公司 An AI tool management backend system for user behavior analysis
CN118555104A (en) * 2024-05-23 2024-08-27 北京炼石网络技术有限公司 Method and system for safely accessing database
CN118694699A (en) * 2024-08-26 2024-09-24 成都无糖信息技术有限公司 A method and system for identity recording, retention and switching for unauthorized testing
CN118784313A (en) * 2024-07-10 2024-10-15 浪潮云信息技术股份公司 A gateway-based permission authentication method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150089605A1 (en) * 2013-09-25 2015-03-26 EVRYTHNG Limited Enabling digital transactions with credential provided by interaction with an object
TW202001640A (en) * 2018-06-22 2020-01-01 美商奧誓公司 Native single sign-on (SSO) for mobile applications
CN118555104A (en) * 2024-05-23 2024-08-27 北京炼石网络技术有限公司 Method and system for safely accessing database
CN118484235A (en) * 2024-07-05 2024-08-13 北京九一科创科技有限公司 An AI tool management backend system for user behavior analysis
CN118784313A (en) * 2024-07-10 2024-10-15 浪潮云信息技术股份公司 A gateway-based permission authentication method
CN118694699A (en) * 2024-08-26 2024-09-24 成都无糖信息技术有限公司 A method and system for identity recording, retention and switching for unauthorized testing

Similar Documents

Publication Publication Date Title
US11763305B1 (en) Distributed ledger for device management
US8789194B2 (en) Risk adjusted, multifactor authentication
KR101764197B1 (en) Continuous multi-factor authentication
EP2234324B1 (en) Method and apparatus for processing biometric information
US9069943B2 (en) Method and apparatus for token-based tamper detection
US8336091B2 (en) Multi-level authentication
US8572683B2 (en) Method and apparatus for token-based re-authentication
US8713672B2 (en) Method and apparatus for token-based context caching
TW202004606A (en) Identity verification method and apparatus
US8539558B2 (en) Method and apparatus for token-based token termination
US20100132019A1 (en) Redundant multifactor authentication in an identity management system
CN105871854A (en) Self-adaptive cloud access control method based on dynamic authorization mechanism
JP2015501996A (en) Secure user authentication and certification against remote servers
US8474056B2 (en) Method and apparatus for token-based virtual machine recycling
US8458781B2 (en) Method and apparatus for token-based attribute aggregation
US8726361B2 (en) Method and apparatus for token-based attribute abstraction
CN118509212A (en) A zero-trust access control method based on blockchain and policy classification
CN118568752A (en) Node identity authentication method of grain blockchain tracing system integrating zero trust mechanism
US9361443B2 (en) Method and apparatus for token-based combining of authentication methods
CN119995943A (en) A trust evaluation method and system based on credit dynamic access control
TWI897686B (en) Signature certification authorization system, method and computer readable medium
US20130047215A1 (en) Method and apparatus for token-based reassignment of privileges
CN107995204A (en) Hadoop framework method for evaluating trust based on Bayes models
CN116567083B (en) Business data processing methods, devices, equipment and media
CN115118517B (en) An application authentication method based on application access