[go: up one dir, main page]

TWI818750B - Authentication system and method - Google Patents

Authentication system and method Download PDF

Info

Publication number
TWI818750B
TWI818750B TW111136830A TW111136830A TWI818750B TW I818750 B TWI818750 B TW I818750B TW 111136830 A TW111136830 A TW 111136830A TW 111136830 A TW111136830 A TW 111136830A TW I818750 B TWI818750 B TW I818750B
Authority
TW
Taiwan
Prior art keywords
verification
user terminal
phone number
code
service server
Prior art date
Application number
TW111136830A
Other languages
Chinese (zh)
Other versions
TW202414251A (en
Inventor
李奇育
謝宜臻
林津緯
陳凱文
Original Assignee
國立陽明交通大學
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 國立陽明交通大學 filed Critical 國立陽明交通大學
Priority to TW111136830A priority Critical patent/TWI818750B/en
Application granted granted Critical
Publication of TWI818750B publication Critical patent/TWI818750B/en
Publication of TW202414251A publication Critical patent/TW202414251A/en

Links

Images

Landscapes

  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Communication Control (AREA)

Abstract

An authentication device, includes a storage, a communication interface, and a processor. The authentication device is configured to receive an authentication code request from a first user end through a security connection, wherein the authentication code request includes a device phone number which corresponds to the first user end, and the authentication code request is related to an identity authentication service which is applied by the first user end to a service server. The authentication device is further configured to transmit an authentication code to the first user end. The authentication device is further configured to receive an identification data request from the service server, and the identification data request includes an unauthenticated code. The authentication device is further configured to transmit an identification data which corresponds to the device phone number according to the unauthenticated code to the service server.

Description

驗證裝置及方法Verification device and method

本揭露有關於一種驗證裝置與方法,特別是有關於一種基於核心網路之網際網路協定位址多媒體子系統的驗證裝置與方法。The present disclosure relates to a verification device and method, and in particular to a verification device and method of a core network-based Internet Protocol address multimedia subsystem.

為了保障身分不被盜用,許多網路服務皆需要先進行驗證,通過驗證確認使用者身分後方提供服務。最常見的做法為由使用者設定一組帳號和密碼,但隨著註冊的服務增加,需記憶的帳號和密碼也越來越多,且容易被破解。In order to protect identity from being stolen, many online services require verification before providing services after confirming the user's identity. The most common method is for users to set a set of accounts and passwords. However, as the number of registered services increases, more and more accounts and passwords need to be remembered, and they are easily cracked.

另外亦有一種驗證方式為第三方認證,主要可分為兩種方法,一種為利用使用者已登入之具公信力的網路服務提供者(例如:Google、Facebook)帳戶進行驗證,但此方法仍需要使用帳號和密碼登入第三方網路服務;另一種為利用手機號碼進行驗證,使用者透過將傳送到其手機的簡訊中所載的驗證碼,以輸入網頁或其他方式驗證身分,然而此種方法需要額外以簡訊服務傳送驗證碼,且使用者需要手動將驗證碼輸入裝置並傳送,程序繁複。There is also a verification method called third-party authentication, which can be divided into two main methods. One is to use the account of a credible network service provider (such as Google, Facebook) that the user has logged in to verify, but this method is still You need to use an account and password to log in to third-party online services; the other is to use a mobile phone number for verification. The user verifies their identity by entering a verification code contained in a text message sent to their mobile phone or by other means. However, this This method requires an additional SMS service to send the verification code, and the user needs to manually enter the verification code into the device and send it, which is a complicated procedure.

有鑑於此,如何以更簡便的方式,完成具安全性且不易遭盜用的身分驗證技術,乃業界亟需努力之目標。In view of this, how to implement identity verification technology in a simpler way that is secure and less susceptible to theft is an urgent goal that the industry needs to work hard on.

本揭露提供一種驗證裝置,包含一儲存器、一通訊介面以及一處理器。該儲存器用以儲存複數個電話號碼以及對應該等電話號碼各者之一識別資料。該通訊介面通訊連接一第一使用者終端及一服務伺服器,其中該第一使用者終端與該通訊介面透過一核心網路之一安全連線通訊連接。該處理器電性連接至該儲存器及該通訊介面。其中該驗證裝置用以執行以下運作:該通訊介面透過該安全連線接收來自該第一使用者終端之一驗證碼請求,其中該驗證碼請求包含對應該第一使用者終端的一裝置電話號碼,且該驗證碼請求與該第一使用者終端於該服務伺服器申請之一身份驗證服務有關;該處理器透過該通訊介面傳送一驗證碼至該第一使用者終端;該通訊介面自該服務伺服器接收一識別資料請求,該識別資料請求包含一待驗證碼;以及該處理器基於該待驗證碼,傳送對應該裝置電話號碼之該識別資料至該服務伺服器。The disclosure provides a verification device, which includes a storage, a communication interface and a processor. The storage is used to store a plurality of telephone numbers and identification data corresponding to each of the telephone numbers. The communication interface communicates with a first user terminal and a service server, wherein the first user terminal and the communication interface communicate with each other through a secure connection of a core network. The processor is electrically connected to the storage and the communication interface. The verification device is used to perform the following operations: the communication interface receives a verification code request from the first user terminal through the secure connection, wherein the verification code request includes a device phone number corresponding to the first user terminal , and the verification code request is related to an identity verification service applied by the first user terminal at the service server; the processor sends a verification code to the first user terminal through the communication interface; the communication interface is from the The service server receives an identification data request, the identification data request includes a code to be verified; and the processor sends the identification data corresponding to the phone number of the device to the service server based on the code to be verified.

本揭露還提供一種驗證方法,用於一驗證裝置,該驗證裝置包含一儲存器、一通訊介面以及一處理器。該儲存器用以儲存複數個電話號碼以及對應該等電話號碼各者之一識別資料。該通訊介面通訊連接一第一使用者終端及一服務伺服器,其中該第一使用者終端與該通訊介面透過一核心網路之一安全連線通訊連接。該處理器電性連接至該儲存器及該通訊介面。該驗證方法包含下列步驟:該通訊介面透過該安全連線接收來自該第一使用者終端之一驗證碼請求,其中該驗證碼請求包含對應該第一使用者終端的一裝置電話號碼,且該驗證碼請求與該第一使用者終端於該服務伺服器申請之一身份驗證服務有關;該處理器透過該通訊介面傳送一驗證碼至該第一使用者終端;該通訊介面自該服務伺服器接收一識別資料請求,該識別資料請求包含一待驗證碼;以及該處理器基於該待驗證碼,傳送對應該裝置電話號碼之該識別資料至該服務伺服器。The disclosure also provides a verification method for a verification device, where the verification device includes a storage, a communication interface and a processor. The storage is used to store a plurality of telephone numbers and identification data corresponding to each of the telephone numbers. The communication interface communicates with a first user terminal and a service server, wherein the first user terminal and the communication interface communicate with each other through a secure connection of a core network. The processor is electrically connected to the storage and the communication interface. The verification method includes the following steps: the communication interface receives a verification code request from the first user terminal through the secure connection, wherein the verification code request includes a device phone number corresponding to the first user terminal, and the The verification code request is related to an identity verification service applied by the first user terminal at the service server; the processor sends a verification code to the first user terminal through the communication interface; the communication interface is from the service server Receive an identification data request, the identification data request includes a code to be verified; and the processor sends the identification data corresponding to the phone number of the device to the service server based on the code to be verified.

應該理解的是,前述的一般性描述和下列具體說明僅僅是示例性和解釋性的,並旨在提供所要求的本揭露的進一步說明。It is to be understood that both the foregoing general description and the following specific description are exemplary and explanatory only and are intended to provide further explanation of the present disclosure as claimed.

為了使本揭露之敘述更加詳盡與完備,可參照所附之圖式及以下所述各種實施例,圖式中相同之號碼代表相同或相似之元件。In order to make the description of the present disclosure more detailed and complete, reference may be made to the attached drawings and the various embodiments described below. The same numbers in the drawings represent the same or similar components.

當使用者需要存取某些資料、登入帳戶或接受網路服務時,時常需要透過一終端裝置先進行身分驗證,使提供資訊或服務的服務伺服器確認該終端裝置之一使用者的身分,並進一步提供該使用者所具有權限內可使用的服務或可存取的資料。When a user needs to access certain information, log in to an account, or receive online services, he or she often needs to perform identity verification through a terminal device so that the service server that provides information or services can confirm the identity of a user of the terminal device. And further provide services that can be used or data that can be accessed within the authority of the user.

請參照第1圖,其為本揭露第一實施方式驗證裝置100之示意圖。驗證裝置100包含通訊介面120、處理器140以及儲存器160,其中通訊介面120透過核心網路CN通訊連接第一使用者終端200,並通訊連接服務伺服器300。第一使用者終端200通訊連接服務伺服器300。Please refer to FIG. 1 , which is a schematic diagram of the verification device 100 according to the first embodiment of the present disclosure. The verification device 100 includes a communication interface 120, a processor 140 and a storage 160. The communication interface 120 is connected to the first user terminal 200 and the service server 300 through the core network CN. The first user terminal 200 communicates with the service server 300 .

核心網路CN係一基於電話號碼作為定址依據之網路通訊架構,用以提供網路架構中的多個裝置傳送、接收資料,其中該些裝置各者對應一電話號碼,該些裝置根據該些電話號碼作為辨識封包來源以及傳送封包對象之依據。The core network CN is a network communication architecture based on telephone numbers as the basis for addressing. It is used to provide multiple devices in the network architecture to transmit and receive data. Each of these devices corresponds to a telephone number. These devices are based on the These phone numbers are used as the basis for identifying the source of the packet and the recipient of the packet.

在本揭露部分實施例中,核心網路CN可包含第四代行動通訊網路(4th generation mobile networks;4G)和/或第五代行動通訊網路(5th generation mobile networks;5G)。核心網路CN包含一網際網路協定位址多媒體子系統(IP Multimedia Subsystem;IMS),並且支援傳送對話啟動協定(Session Initiation Protocol;SIP)封包。核心網路CN根據一裝置所包含的使用者身分模組(Subscriber Identity Module;SIM)確認該裝置所對應的一電話號碼。In some embodiments of the present disclosure, the core network CN may include fourth generation mobile networks (4G) and/or fifth generation mobile networks (5G). The core network CN includes an Internet Protocol Address Multimedia Subsystem (IP Multimedia Subsystem; IMS) and supports the transmission of Session Initiation Protocol (Session Initiation Protocol; SIP) packets. The core network CN confirms a phone number corresponding to a device based on the Subscriber Identity Module (SIM) included in the device.

需要說明的是,多個裝置透過核心網路CN彼此通訊連接時,該些裝置之間會建立一安全連線,例如:該些裝置之間基於一使用者身分模組透過網際網路協定多媒體子系統建立該安全連線。同時,核心網路CN亦可以透過該安全連線確認該裝置之電話號碼,而不被偽造封包來源。此外,透過第四代行動通訊網路和/或第五代行動通訊網路傳遞封包,可確保核心網路CN具有電信等級(carrier grade)的通訊安全性。It should be noted that when multiple devices communicate with each other through the core network CN, a secure connection will be established between the devices. For example, the devices will establish a secure connection through the Internet Protocol Multimedia based on a user identity module. The subsystem establishes the secure connection. At the same time, the core network CN can also confirm the phone number of the device through the secure connection without forging the source of the packet. In addition, transmitting packets through the fourth generation mobile communication network and/or the fifth generation mobile communication network can ensure that the core network CN has carrier grade communication security.

其中,核心網路CN中的裝置傳送一封包時,核心網路CN會將一傳送方裝置的一電話號碼加入該封包中標頭(header)的欄位(例如:From欄位),以使該封包的一接收方裝置得以根據該封包中的該電話號碼辨識該封包之來源(即,該傳送方裝置)。另一方面,根據該傳送方裝置所提供的一接收方電話號碼,核心網路CN會將該接收方電話號碼加入該封包中標頭的欄位(例如:To欄位),以確認該封包傳送之對象(即,該接收方裝置)。Among them, when a device in the core network CN transmits a packet, the core network CN will add a phone number of a transmitting device to the header field (for example: From field) in the packet, so that the A recipient device of the packet can identify the source of the packet (ie, the sender device) based on the phone number in the packet. On the other hand, based on a recipient phone number provided by the transmitter device, the core network CN will add the recipient phone number to the header field (such as the To field) in the packet to confirm the packet delivery. object (i.e., the recipient device).

在本揭露部分實施例中,第一使用者終端200為一使用者所操作之一裝置,第一使用者終端200可包含智慧型手機、平板電腦、電腦主機、車載裝置和/或其他可存取核心網路CN之通訊裝置。第一使用者終端200包含一使用者身分模組以及一核心網路通訊模組,例如:第四代行動通訊網路長期演進技術(Long Term Evolution;LTE)模組和第五代行動通訊網路長期演進技術模組,以使第一使用者終端200透過核心網路CN向驗證裝置100之通訊介面120和/或服務伺服器300傳送和接收資料。該使用者身分模組對應至一裝置電話號碼,其中該裝置電話號碼用以在核心網路CN中識別和定址第一使用者終端200。In some embodiments of the present disclosure, the first user terminal 200 is a device operated by a user. The first user terminal 200 may include a smart phone, a tablet computer, a computer host, a vehicle-mounted device and/or other storage devices. Get the communication device of the core network CN. The first user terminal 200 includes a user identity module and a core network communication module, such as a fourth-generation mobile communication network long-term evolution (LTE) module and a fifth-generation mobile communication network long-term evolution (LTE) module. The evolution technology module enables the first user terminal 200 to transmit and receive data to the communication interface 120 of the verification device 100 and/or the service server 300 through the core network CN. The user identity module corresponds to a device phone number, where the device phone number is used to identify and address the first user terminal 200 in the core network CN.

在一實施例中,驗證裝置100係透過一網際網路協定位址多媒體子系統與第一使用者終端200建立一安全連線,其中建立該安全連線包含以下運作:由第一使用者終端200基於一使用者身分模組,透過該網際網路協定位址多媒體子系統與驗證裝置100之通訊介面120建立該安全連線。In one embodiment, the verification device 100 establishes a secure connection with the first user terminal 200 through an Internet Protocol address multimedia subsystem, wherein establishing the secure connection includes the following operations: by the first user terminal 200 Based on a user identity module, the secure connection is established through the Internet Protocol address multimedia subsystem and the communication interface 120 of the verification device 100 .

在本揭露部分實施例中,第一使用者終端200亦可包含其他有線和無線通訊介面,例如:Wi-Fi、藍芽(Bluetooth)和乙太網路,以使第一使用者終端200向服務伺服器300傳送和接收資料。In some embodiments of the present disclosure, the first user terminal 200 may also include other wired and wireless communication interfaces, such as Wi-Fi, Bluetooth, and Ethernet, so that the first user terminal 200 can The service server 300 transmits and receives data.

在本揭露部分實施例中,服務伺服器300由一網路服務提供者所維護之網路伺服器,用以透過網路向該使用者接收資料並傳送資料和/或服務。服務伺服器300進一步用以儲存一使用者資料,該使用者資料可包含使用者名稱、電子郵件地址、手機號碼和/或其他有關該使用者之識別資訊。該使用者資料係用以識別使用者的身分,使服務伺服器300提供對應該使用者之服務和/或資料。In some embodiments of the present disclosure, the service server 300 is a network server maintained by an Internet service provider for receiving data and transmitting data and/or services to the user through the network. The service server 300 is further used to store a user information, which may include a user name, email address, mobile phone number and/or other identification information about the user. The user information is used to identify the user so that the service server 300 can provide services and/or information corresponding to the user.

在本揭露部分實施例中,通訊介面120包含一使用者身分模組以及一核心網路通訊模組,例如:第四代行動通訊技術長期演進技術模組和第五代行動通訊技術長期演進技術模組,以使通訊介面120透過核心網路CN向第一使用者終端200和/或服務伺服器300傳送和接收資料。該使用者身分模組對應至一驗證電話號碼,其中該驗證電話號碼用以在核心網路CN中識別和定址驗證裝置100。In some embodiments of the present disclosure, the communication interface 120 includes a user identity module and a core network communication module, such as: the fourth generation mobile communication technology long-term evolution technology module and the fifth generation mobile communication technology long-term evolution technology The module enables the communication interface 120 to transmit and receive data to the first user terminal 200 and/or the service server 300 through the core network CN. The user identity module corresponds to a verification phone number, where the verification phone number is used to identify and address the verification device 100 in the core network CN.

在本揭露部分實施例中,通訊介面120亦可包含其他有線和無線通訊介面,例如:Wi-Fi、藍芽(Bluetooth)和乙太網路,以使通訊介面120向服務伺服器300傳送和接收資料。In some embodiments of the present disclosure, the communication interface 120 may also include other wired and wireless communication interfaces, such as Wi-Fi, Bluetooth, and Ethernet, so that the communication interface 120 transmits and Receive information.

在本揭露部分實施例中,處理器140用以執行運算作業。處理器140包含中央處理單元(central processing unit,CPU)、多重伺服器、分散式處理系統、特殊應用積體電路(application specific integrated circuit,ASIC)和/或其他合適的處理單元。In some embodiments of the present disclosure, the processor 140 is used to perform computing operations. The processor 140 includes a central processing unit (CPU), multiple servers, a distributed processing system, an application specific integrated circuit (ASIC), and/or other suitable processing units.

在本揭露部分實施例中,儲存器160用以儲存複數個電話號碼以及對應該等電話號碼各者之一識別資料。其中該等電話號碼各者對應一使用者之電話號碼,用以判斷封包來源是否為該使用者之裝置;該識別資料可包含識別碼、身分證字號、使用者名稱、電子郵件地址、手機號碼和/或其他有關該使用者之識別資訊。儲存器160可包含記憶體、通用串列匯流排(Universal Serial Bus;USB)碟、硬碟、光碟、隨身碟和/或其他儲存媒體或電路。In some embodiments of the present disclosure, the storage 160 is used to store a plurality of telephone numbers and identification data corresponding to each of the telephone numbers. Each of these phone numbers corresponds to a user's phone number, which is used to determine whether the source of the packet is the user's device; the identification information may include an identification code, ID card number, user name, email address, mobile phone number and/or other identifying information about the user. The storage 160 may include memory, a Universal Serial Bus (USB) disk, a hard disk, an optical disk, a pen drive, and/or other storage media or circuits.

驗證裝置100用以提供該使用者身分驗證服務,其利用該核心網路CN可確保封包來源正確性和建立一安全連線的特性,確認對應第一使用者終端200之一裝置電話號碼,並進一步確認該裝置電話號碼對應之使用者。The verification device 100 is used to provide the user identity verification service. It utilizes the characteristics of the core network CN to ensure the correctness of the packet source and establish a secure connection, confirms the phone number of a device corresponding to the first user terminal 200, and Further confirm the user corresponding to the phone number of the device.

在本揭露部分實施例中,該使用者以第一使用者終端200透過一驗證應用程式,將該裝置電話號碼以及該識別資料傳送至驗證裝置100;該使用者以第一使用者終端200透過一服務應用程式,將該使用者資料傳送至服務伺服器300。In some embodiments of the present disclosure, the user uses the first user terminal 200 to transmit the device phone number and the identification information to the verification device 100 through a verification application; A service application transmits the user information to the service server 300.

其中,該驗證應用程式用以使第一使用者終端200與驗證裝置100接收和傳送資料,並完成驗證作業;該服務應用程式則用以使第一使用者終端200與服務伺服器300接收和傳送資料或使第一使用者終端200得以使用服務伺服器300所提供之服務。該驗證應用程式和該服務應用程式之間可互相接收和傳送資料,在一實施例中,該驗證應用程式和該服務應用程式之間以WebSocket協定傳輸資料。Among them, the verification application is used to enable the first user terminal 200 and the verification device 100 to receive and transmit data, and complete the verification operation; the service application is used to enable the first user terminal 200 and the service server 300 to receive and transmit data. Transmitting data may enable the first user terminal 200 to use services provided by the service server 300 . The verification application and the service application can receive and transmit data to each other. In one embodiment, the verification application and the service application transmit data using the WebSocket protocol.

須說明的是,該識別資料以及該使用者資料皆為對應該使用者之資料,其中該識別資料與該使用者資料皆包含至少一對應之一比對資料,該比對資料可為身份證字號、電話號碼、隨機生成的唯一字串或其他對應該使用者且不和其他使用者重複的資訊。當服務伺服器300接收該識別資料時,該比對資料用以提供服務伺服器300比對該使用者資料,並對應至該使用者。It should be noted that the identification information and the user information are both information corresponding to the user, and the identification information and the user information both include at least one corresponding comparison information, and the comparison information can be an identity card. Font size, phone number, randomly generated unique string, or other information that corresponds to that user and is not duplicated by other users. When the service server 300 receives the identification information, the comparison information is used to provide the service server 300 to compare the user information and map it to the user.

在本揭露部分實施例中,通訊介面120用以透過核心網路CN之一安全連線接收來自第一使用者終端200之一驗證碼請求,其中該驗證碼請求包含對應第一使用者終端200的一裝置電話號碼,且該驗證碼請求與第一使用者終端200於服務伺服器300申請之一身份驗證服務有關。In some embodiments of the present disclosure, the communication interface 120 is used to receive a verification code request from the first user terminal 200 through a secure connection of the core network CN, where the verification code request includes information corresponding to the first user terminal 200 A device phone number, and the verification code request is related to an identity verification service applied by the first user terminal 200 at the service server 300 .

在一實施例中,通訊介面120係自第一使用者終端200透過核心網路CN的該網際網路協定位址多媒體子系統接收該驗證碼請求。In one embodiment, the communication interface 120 receives the verification code request from the first user terminal 200 through the Internet Protocol address multimedia subsystem of the core network CN.

在一實施例中,該驗證碼請求係透過一對話啟動協定封包傳送,且對應該對話啟動協定封包之一標頭欄位包含該裝置電話號碼。具體而言,該驗證碼請求包含核心網路CN在該對話啟動協定封包標頭中From欄位寫入的該裝置電話號碼,例如:+886987654321。In one embodiment, the verification code request is sent via a Session Initiation Protocol packet, and a header field corresponding to the Session Initiation Protocol packet contains the device phone number. Specifically, the verification code request includes the device phone number written by the core network CN in the From field of the session initiation protocol packet header, for example: +886987654321.

在一實施例中,當該使用者操作第一使用者終端200,透過該服務應用程式登入服務伺服器300所提供之服務時,第一使用者終端200於服務伺服器300申請該身份驗證服務。進而,服務伺服器300傳送一驗證資訊至第一使用者終端200。該驗證碼請求係根據該驗證資訊所產生,其中該驗證資訊包含對應該驗證裝置之該驗證電話號碼。In one embodiment, when the user operates the first user terminal 200 and logs in to the service provided by the service server 300 through the service application, the first user terminal 200 applies for the identity authentication service from the service server 300 . Furthermore, the service server 300 sends a verification information to the first user terminal 200. The verification code request is generated based on the verification information, wherein the verification information includes the verification phone number corresponding to the verification device.

在本揭露部分實施例中,處理器140透過通訊介面120傳送一驗證碼至第一使用者終端200,該驗證碼用以作為後續驗證作業之比對依據。In some embodiments of the present disclosure, the processor 140 sends a verification code to the first user terminal 200 through the communication interface 120, and the verification code is used as a comparison basis for subsequent verification operations.

在一實施例中,該驗證碼為數字、字串或其他資料型態之資料。處理器140每次產生該驗證碼時,皆產生與先前產生之驗證碼不相同之驗證碼,並且將該驗證碼儲存於儲存器160,與對應該使用者之該裝置電話號碼和/或該識別資料關聯儲存。In one embodiment, the verification code is a number, a string or other data type. Each time the processor 140 generates the verification code, it generates a verification code that is different from the previously generated verification code, and stores the verification code in the storage 160 with the device phone number corresponding to the user and/or the Identification data are stored in association with each other.

在一實施例中,為了維持驗證作業之時效性,處理器140產生該驗證碼後一定時間內(例如:五分鐘)會將其刪除或標記為失效,使該驗證碼失效而不具有驗證功能。In one embodiment, in order to maintain the timeliness of the verification operation, the processor 140 will delete or mark the verification code as invalid within a certain period of time (for example, five minutes) after generating it, making the verification code invalid and without verification function. .

在一實施例中,該驗證碼係根據該裝置電話號碼產生。例如以該裝置電話號碼作為一隨機數函式之一種子參數,並利用該隨機數函式產生一隨機數作為該驗證碼。In one embodiment, the verification code is generated based on the device phone number. For example, the device phone number is used as a seed parameter of a random number function, and the random number function is used to generate a random number as the verification code.

在本揭露其他實施例中,在傳送該驗證碼前,處理器140用以比對該裝置電話號碼及儲存器160儲存之該等電話號碼,以判斷該等電話號碼中是否具有符合該裝置電話號碼之一第一電話號碼。In other embodiments of the present disclosure, before sending the verification code, the processor 140 compares the phone number of the device with the phone numbers stored in the memory 160 to determine whether any of the phone numbers matches the phone number of the device. One of the numbers is the first phone number.

響應於該裝置電話號碼不符合該第一電話號碼,即儲存器160儲存之該等電話號碼中不包含符合該裝置電話號碼之該第一電話號碼,通訊介面120傳送一驗證失敗訊息至第一使用者終端200。當儲存器160中並未具有儲存與該裝置電話號碼相同之該第一電話號碼時,則驗證失敗,因此通訊介面120傳送該驗證失敗訊息至第一使用者終端200,並結束驗證作業。In response to the device phone number not matching the first phone number, that is, the phone numbers stored in the storage 160 do not include the first phone number that matches the device phone number, the communication interface 120 sends a verification failure message to the first phone number. User terminal 200. When the first phone number that is the same as the phone number of the device is not stored in the storage 160, the verification fails, so the communication interface 120 sends the verification failure message to the first user terminal 200 and ends the verification operation.

另一方面,響應於該裝置電話號碼符合該第一電話號碼,處理器140產生對應該第一電話號碼之該驗證碼。由於驗證裝置100確認第一使用者終端200對應之該使用者與該電話號碼對應之使用者相同,因此產生該驗證碼,該驗證碼用以作為後續驗證作業之比對依據。On the other hand, in response to the device phone number matching the first phone number, the processor 140 generates the verification code corresponding to the first phone number. Since the verification device 100 confirms that the user corresponding to the first user terminal 200 is the same as the user corresponding to the phone number, the verification code is generated, and the verification code is used as a comparison basis for subsequent verification operations.

在本揭露部分實施例中,儲存器160進一步用以儲存一服務資料,以及該驗證碼請求進一步包含一請求服務,且該驗證裝置更執行以下運作以產生該驗證碼。處理器140用以比對該裝置電話號碼之運作進一步包含比對該請求服務是否符合該儲存器中的該服務資料;以及處理器140產生該驗證碼之運作進一步包含響應於該裝置電話號碼符合該第一電話號碼以及該請求服務符合該服務資料,處理器140才產生該驗證碼。In some embodiments of the present disclosure, the storage 160 is further used to store a service information, and the verification code request further includes a request service, and the verification device further performs the following operations to generate the verification code. The operation of the processor 140 to compare the phone number of the device further includes comparing whether the requested service matches the service data in the storage; and the operation of the processor 140 to generate the verification code further includes responding to the device phone number matching. The processor 140 generates the verification code only when the first phone number and the requested service match the service information.

須說明的是,該服務資料和該請求服務為對應服務伺服器300之字串、數字和/或其他用於識別服務伺服器300之資料。該服務資料用以紀錄驗證裝置100支援並提供驗證服務之服務伺服器300,換言之,若非驗證裝置100支援並提供驗證服務之其他伺服器,驗證裝置100將不會提供驗證服務。It should be noted that the service information and the requested service are strings, numbers and/or other information used to identify the service server 300 corresponding to the service server 300 . The service information is used to record the service server 300 that the verification device 100 supports and provides verification services. In other words, if it is not another server that the verification device 100 supports and provides verification services, the verification device 100 will not provide verification services.

因此,該驗證碼請求進一步包含該請求服務,而處理器140在比對該裝置電話號碼是否符合儲存器160中的電話號碼之運作時,亦比對該請求服務是否符合儲存器160中的該服務資料,而當兩者條件皆符合時,處理器140才產生該驗證碼。Therefore, the verification code request further includes the requested service, and when the processor 140 compares whether the device phone number matches the phone number in the storage 160, it also compares whether the requested service matches the phone number in the storage 160. Service information, and when both conditions are met, the processor 140 generates the verification code.

在一實施例中,該服務資料可包含服務伺服器300之網際網路位址、電話號碼和/或其他用以定址服務伺服器300之資料。In one embodiment, the service information may include the Internet address of the service server 300, a phone number, and/or other information used to address the service server 300.

在本揭露部分實施例中,通訊介面120用以傳送該驗證碼至第一使用者終端200。在一實施例中,通訊介面120係透過核心網路CN傳送該驗證碼至第一使用者終端200。In some embodiments of the present disclosure, the communication interface 120 is used to transmit the verification code to the first user terminal 200. In one embodiment, the communication interface 120 transmits the verification code to the first user terminal 200 through the core network CN.

在本揭露部分實施例中,通訊介面120自服務伺服器300接收一識別資料請求,該識別資料請求包含一待驗證碼。其中,通訊介面120可透過核心網路CN和/或其他通訊手段自服務伺服器300接收該待驗證碼。In some embodiments of the present disclosure, the communication interface 120 receives an identification data request from the service server 300, and the identification data request includes a code to be verified. Among them, the communication interface 120 can receive the code to be verified from the service server 300 through the core network CN and/or other communication means.

在本揭露部分實施例中,第一使用者終端200接收該驗證碼後,將該驗證碼傳送至服務伺服器300。在一實施例中,第一使用者終端200係透過該驗證應用程式自通訊介面120接收該驗證碼,並將該驗證碼提供該服務應用程式,再透過該服務應用程式傳送該驗證碼至服務伺服器300。In some embodiments of the present disclosure, after receiving the verification code, the first user terminal 200 transmits the verification code to the service server 300 . In one embodiment, the first user terminal 200 receives the verification code from the communication interface 120 through the verification application, provides the verification code to the service application, and then sends the verification code to the service through the service application. Server 300.

在一實施例中,其中該待驗證碼係由服務伺服器300根據自第一使用者終端200接收之該驗證碼所產生。具體而言,服務伺服器300接收該驗證碼後,將該驗證碼作為該待驗證碼傳送至驗證裝置100。In one embodiment, the code to be verified is generated by the service server 300 based on the verification code received from the first user terminal 200 . Specifically, after receiving the verification code, the service server 300 sends the verification code to the verification device 100 as the code to be verified.

在本揭露部分實施例中,在接收該識別資料請求後,處理器140基於該待驗證碼,傳送對應該裝置電話號碼之該識別資料至服務伺服器300。In some embodiments of the present disclosure, after receiving the identification data request, the processor 140 sends the identification data corresponding to the phone number of the device to the service server 300 based on the code to be verified.

在本揭露其他實施例中,處理器140比對該待驗證碼是否符合該驗證碼。具體而言,處理器140比對該待驗證碼是否與該驗證碼相同。In other embodiments of the present disclosure, the processor 140 compares whether the code to be verified matches the verification code. Specifically, the processor 140 compares whether the code to be verified is the same as the verification code.

在本揭露部分實施例中,響應於該待驗證碼不符合該驗證碼,通訊介面120傳送一驗證失敗訊息至第一使用者終端200。當儲存器160並未具有儲存與該待驗證碼相同之該驗證碼時,則驗證失敗,因此通訊介面120傳送該驗證失敗訊息至第一使用者終端200,並結束驗證作業。In some embodiments of the present disclosure, in response to the code to be verified not matching the verification code, the communication interface 120 sends a verification failure message to the first user terminal 200 . When the storage 160 does not store the verification code that is the same as the code to be verified, the verification fails, so the communication interface 120 sends the verification failure message to the first user terminal 200 and ends the verification operation.

在本揭露部分實施例中,響應於該待驗證碼符合該驗證碼,處理器140透過通訊介面120傳送該識別資料至服務伺服器300,其中該識別資料對應該第一電話號碼。若該待驗證碼和該驗證碼相同,驗證裝置100確認服務伺服器300所傳送的該待驗證碼係該使用者所提供的該驗證碼,因此驗證成功,通訊介面120並傳送對應該使用者之該識別資料至服務伺服器300,完成驗證作業。In some embodiments of the present disclosure, in response to the code to be verified matching the verification code, the processor 140 sends the identification data to the service server 300 through the communication interface 120, where the identification data corresponds to the first phone number. If the code to be verified is the same as the verification code, the verification device 100 confirms that the code to be verified sent by the service server 300 is the verification code provided by the user, so the verification is successful, and the communication interface 120 sends the verification code corresponding to the user. The identification information is sent to the service server 300 to complete the verification operation.

在本揭露部分實施例中,服務伺服器300在接收該識別資料後,可根據該識別資料比對服務伺服器300中的該使用者資料,以判斷第一使用者終端200所對應的該使用者之身分,並提供對應之資料和/或服務。In some embodiments of the present disclosure, after receiving the identification data, the service server 300 can compare the user information in the service server 300 according to the identification data to determine the usage corresponding to the first user terminal 200. identity of the person and provide corresponding information and/or services.

根據上述第一實施例方式,驗證裝置100可提供一身分驗證服務,利用核心網路CN,驗證裝置100得以確認終端裝置200之電話號碼,進一步確認該使用者之身分。According to the above first embodiment, the verification device 100 can provide an identity verification service. Using the core network CN, the verification device 100 can confirm the phone number of the terminal device 200 and further confirm the identity of the user.

本揭露之第二實施方式為驗證方法400,其流程圖係描繪於第2圖中,驗證方法400包含步驟S402至S428。驗證方法400適用於一驗證裝置(例如:第一實施方式之驗證裝置100)、一第一使用者終端(例如:第一實施方式之第一使用者終端200)以及一服務伺服器(例如:第一實施方式之服務伺服器300)。該驗證裝置包含一通訊介面、一處理器以及一儲存器。該儲存器儲存一電話號碼以及對應該等電話號碼之一識別資料。該通訊介面透過一核心網路通訊連接一第一使用者終端。The second embodiment of the present disclosure is a verification method 400, the flow chart of which is depicted in Figure 2. The verification method 400 includes steps S402 to S428. The verification method 400 is applicable to a verification device (for example: the verification device 100 of the first embodiment), a first user terminal (for example: the first user terminal 200 of the first embodiment) and a service server (for example: Service server 300 of the first embodiment). The verification device includes a communication interface, a processor and a storage. The memory stores a telephone number and identification data corresponding to the telephone number. The communication interface is connected to a first user terminal through a core network communication.

在步驟S402中,該第一使用者終端根據該驗證電話號碼透過該核心網路傳送一驗證碼請求至該驗證裝置,其中該驗證碼請求包含對應該第一使用者終端之該裝置電話號碼。In step S402, the first user terminal transmits a verification code request to the verification device through the core network according to the verification phone number, wherein the verification code request includes the device phone number corresponding to the first user terminal.

接著,在步驟S404中,該驗證裝置接收該驗證碼請求,並根據該驗證碼請求中包含的該裝置電話號碼確認該第一使用者終端。Next, in step S404, the verification device receives the verification code request and confirms the first user terminal according to the device phone number included in the verification code request.

之後,在步驟S406中,該驗證裝置比對該裝置電話號碼及該儲存器儲存之該等電話號碼,以判斷該等電話號碼中是否具有符合該裝置電話號碼之一第一電話號碼。Then, in step S406, the verification device compares the phone number of the device with the phone numbers stored in the memory to determine whether one of the phone numbers has a first phone number that matches the phone number of the device.

響應於該裝置電話號碼不符合該第一電話號碼,即該儲存器儲存之該等電話號碼中不包含符合該裝置電話號碼之該第一電話號碼,則驗證失敗,該驗證裝置執行步驟S426,傳送一驗證失敗訊息至該第一使用者終端,並結束驗證作業。進一步地,該第一使用者終端執行步驟S428,接收該驗證失敗訊息。In response to the device phone number not matching the first phone number, that is, the phone numbers stored in the storage do not include the first phone number that matches the device phone number, the verification fails, and the verification device executes step S426, Send a verification failure message to the first user terminal and end the verification operation. Further, the first user terminal executes step S428 to receive the verification failure message.

另一方面,響應於該裝置電話號碼符合該第一電話號碼,即該裝置電話號碼和該第一電話號碼相同,該驗證裝置執行步驟S408,產生並傳送對應該第一電話號碼之該驗證碼至該第一使用者終端。由於該驗證裝置確認該第一使用者終端對應之該使用者與該第一電話號碼對應之使用者相同,因此產生該驗證碼,該驗證碼用以作為後續驗證作業之比對依據。On the other hand, in response to the device phone number matching the first phone number, that is, the device phone number is the same as the first phone number, the verification device executes step S408 to generate and transmit the verification code corresponding to the first phone number. to the first user terminal. Since the verification device confirms that the user corresponding to the first user terminal is the same as the user corresponding to the first phone number, the verification code is generated, and the verification code is used as a comparison basis for subsequent verification operations.

之後,在步驟S418中,該驗證裝置自該服務伺服器接收一待驗證碼。其中,該驗證裝置可透過該核心網路和/或其他通訊手段自該服務伺服器接收該待驗證碼。Afterwards, in step S418, the verification device receives a code to be verified from the service server. Wherein, the verification device can receive the code to be verified from the service server through the core network and/or other communication means.

在本揭露部分實施例中,該第一使用者終端在步驟S410中接收該驗證碼後,該第一使用者終端進一步執行步驟S412,將該驗證碼傳送至該服務伺服器。In some embodiments of the present disclosure, after the first user terminal receives the verification code in step S410, the first user terminal further executes step S412 to transmit the verification code to the service server.

在一實施例中,步驟S418中的該待驗證碼係該服務伺服器執行S414,接收該驗證碼後,根據該驗證碼所產生。具體而言,該服務伺服器接收該驗證碼後,該服務伺服器執行步驟S416,將該驗證碼作為該待驗證碼傳送至該驗證裝置。In one embodiment, the code to be verified in step S418 is generated based on the verification code after the service server executes S414 and receives the verification code. Specifically, after the service server receives the verification code, the service server executes step S416 and sends the verification code to the verification device as the code to be verified.

在步驟S418後,該驗證裝置進一步執行步驟S420,比對該待驗證碼是否符合該驗證碼。具體而言,該驗證裝置比對該待驗證碼是否與該驗證碼相同。After step S418, the verification device further executes step S420 to compare whether the code to be verified matches the verification code. Specifically, the verification device compares whether the code to be verified is the same as the verification code.

進一步地,響應於該待驗證碼不符合該驗證碼,該驗證裝置執行步驟S426,傳送一驗證失敗訊息至該第一使用者終端。當該驗證裝置並未儲存與該待驗證碼相同之該驗證碼時,則驗證失敗,因此該驗證裝置傳送該驗證失敗訊息至該第一使用者終端,並結束驗證作業。Further, in response to the code to be verified not matching the verification code, the verification device executes step S426 and sends a verification failure message to the first user terminal. When the verification device does not store the verification code that is the same as the code to be verified, the verification fails, so the verification device sends the verification failure message to the first user terminal and ends the verification operation.

另一方面,響應於該待驗證碼符合該驗證碼,該驗證裝置執行步驟S422,傳送該識別資料至該服務伺服器,其中該識別資料對應該第一電話號碼。若該待驗證碼和該驗證碼相同,該驗證裝置確認該服務伺服器所傳送的該待驗證碼係該使用者所提供的該驗證碼,因此驗證成功,該通訊介面並傳送對應該使用者之該識別資料至該服務伺服器,完成驗證作業。On the other hand, in response to the code to be verified matching the verification code, the verification device executes step S422 to send the identification data to the service server, where the identification data corresponds to the first phone number. If the code to be verified is the same as the verification code, the verification device confirms that the code to be verified sent by the service server is the verification code provided by the user, so the verification is successful, and the communication interface sends a message corresponding to the user Send the identification information to the service server to complete the verification operation.

在本揭露部分實施例中,該服務伺服器執行步驟S424,接收該識別資料後,可根據該識別資料比對該服務伺服器中的該使用者資料,以判斷該第一使用者終端所對應的該使用者之身分,並提供對應之資料和/或服務。In some embodiments of the present disclosure, the service server executes step S424. After receiving the identification data, it can compare the user information in the service server according to the identification data to determine the location of the first user terminal. the identity of the user and provide corresponding information and/or services.

根據上述第二實施例方式,驗證方法400可提供一身分驗證服務,利用該核心網路,該驗證裝置得以確認該終端裝置之電話號碼,進一步確認該使用者之身分。According to the above second embodiment, the verification method 400 can provide an identity verification service. Using the core network, the verification device can confirm the phone number of the terminal device and further confirm the identity of the user.

請參照第3圖,其為本揭露第三實施方式驗證裝置100之示意圖。Please refer to Figure 3, which is a schematic diagram of the verification device 100 according to the third embodiment of the present disclosure.

需要注意的是,第3圖所繪示之驗證裝置100與第1圖所繪示之驗證裝置100相同;第3圖所繪示之通訊介面120與第1圖所繪示之通訊介面120相同;第3圖所繪示之處理器140與第1圖所繪示之處理器140相同;第3圖所繪示之儲存器160與第1圖所繪示之儲存器160相同;第3圖所繪示之核心網路CN與第1圖所繪示之核心網路CN相同;第3圖所繪示之服務伺服器300與第1圖所繪示之服務伺服器300相同。為了簡潔起見,接下來將聚焦在第三實施方式和第一實施方式之差異進行描述。It should be noted that the verification device 100 shown in Figure 3 is the same as the verification device 100 shown in Figure 1; the communication interface 120 shown in Figure 3 is the same as the communication interface 120 shown in Figure 1 ; The processor 140 shown in Figure 3 is the same as the processor 140 shown in Figure 1 ; the memory 160 shown in Figure 3 is the same as the memory 160 shown in Figure 1 ; Figure 3 The core network CN shown in FIG. 1 is the same as the core network CN shown in FIG. 1; the service server 300 shown in FIG. 3 is the same as the service server 300 shown in FIG. 1. For the sake of simplicity, the following description will focus on the differences between the third embodiment and the first embodiment.

如第3圖所示,第一使用者終端220更基於一認證連線通訊連接至第二使用者終端240,且由第二使用者終端240於服務伺服器300申請該身份驗證服務。具體而言,第一使用者終端220以及第二使用者終端240之該認證連線可透過藍芽、Wi-Fi、乙太網路和/或其他通訊方式實現。As shown in FIG. 3 , the first user terminal 220 is further connected to the second user terminal 240 based on an authentication connection communication, and the second user terminal 240 applies for the identity verification service from the service server 300 . Specifically, the authentication connection between the first user terminal 220 and the second user terminal 240 can be implemented through Bluetooth, Wi-Fi, Ethernet and/or other communication methods.

第一使用者終端220為一使用者所操作之一裝置,第一使用者終端220可包含智慧型手機、平板電腦、電腦主機、車載裝置和/或其他可存取核心網路CN之通訊裝置。第一使用者終端220包含一使用者身分模組以及一核心網路通訊模組,例如:第四代行動通訊網路長期演進技術模組和第五代行動通訊網路長期演進技術模組,以使第一使用者終端220透過核心網路CN向驗證裝置100之通訊介面120傳送和接收資料。該使用者身分模組對應至一裝置電話號碼,其中該裝置電話號碼用以在核心網路CN中識別和定址第一使用者終端220。The first user terminal 220 is a device operated by a user. The first user terminal 220 may include a smartphone, a tablet, a computer host, a vehicle-mounted device, and/or other communication devices that can access the core network CN. . The first user terminal 220 includes a user identity module and a core network communication module, such as a fourth-generation mobile communication network long-term evolution technology module and a fifth-generation mobile communication network long-term evolution technology module, so as to enable The first user terminal 220 transmits and receives data to the communication interface 120 of the verification device 100 through the core network CN. The user identity module corresponds to a device phone number, where the device phone number is used to identify and address the first user terminal 220 in the core network CN.

在本揭露部分實施例中,第一使用者終端220用以透過核心網路CN傳送一驗證碼請求至通訊介面120,其中該驗證碼請求包含對應第一使用者終端220的一裝置電話號碼;以及第一使用者終端220用以自通訊介面120接收一驗證碼。In some embodiments of the present disclosure, the first user terminal 220 is used to send a verification code request to the communication interface 120 through the core network CN, where the verification code request includes a device phone number corresponding to the first user terminal 220; And the first user terminal 220 is used to receive a verification code from the communication interface 120.

第二使用者終端240為一使用者所操作之另一裝置,第二使用者終端240可包含智慧型手機、平板電腦、電腦主機、車載裝置和/或其他通訊裝置。在本揭露部分實施例中,第二使用者終端240通訊連接服務伺服器300,並用以自服務伺服器300接收該驗證資訊。The second user terminal 240 is another device operated by a user. The second user terminal 240 may include a smartphone, a tablet computer, a computer host, a vehicle-mounted device, and/or other communication devices. In some embodiments of the present disclosure, the second user terminal 240 communicates with the service server 300 and is used to receive the verification information from the service server 300 .

在一實施例中,第一使用者終端220係一智慧型手機,第二使用者終端240係一電腦裝置,第一使用者終端220和第二使用者終端240透過藍芽低功耗(Bluetooth Low Energy;BLE)技術通訊連接,其中第一使用者終端220作為GATT(Generic Attribute Profile)伺服器,進行藍芽廣播(advertisement),第二使用者終端240則作為GATT客戶端,以此傳輸資料。In one embodiment, the first user terminal 220 is a smart phone, the second user terminal 240 is a computer device, and the first user terminal 220 and the second user terminal 240 communicate through Bluetooth low power consumption (Bluetooth low power consumption). Low Energy; BLE) technology communication connection, in which the first user terminal 220 acts as a GATT (Generic Attribute Profile) server to perform Bluetooth advertising (advertisement), and the second user terminal 240 acts as a GATT client to transmit data. .

在本揭露部分實施例中,該使用者可操作第二使用者終端240接收服務伺服器300所傳送之資料。當需要向服務伺服器300執行身分驗證時,服務伺服器300傳送一驗證資訊至第二使用者終端240,其中該驗證資訊包含對應該驗證裝置之該驗證電話號碼。In some embodiments of the present disclosure, the user can operate the second user terminal 240 to receive data sent by the service server 300. When identity verification needs to be performed to the service server 300, the service server 300 sends verification information to the second user terminal 240, where the verification information includes the verification phone number corresponding to the verification device.

進一步地,第二使用者終端240傳送該驗證資訊至第一使用者終端220,第一使用者終端220根據該驗證電話號碼傳送該驗證碼請求至通訊介面120。Further, the second user terminal 240 sends the verification information to the first user terminal 220, and the first user terminal 220 sends the verification code request to the communication interface 120 according to the verification phone number.

在本揭露部分實施例中,第一使用者終端220用以自通訊介面120接收一驗證碼,並進一步將該驗證碼傳送至第二使用者終端240,第二使用者終端240接收該驗證碼後,傳送該驗證碼至服務伺服器300。In some embodiments of the present disclosure, the first user terminal 220 is used to receive a verification code from the communication interface 120 and further transmit the verification code to the second user terminal 240. The second user terminal 240 receives the verification code. Then, the verification code is sent to the service server 300.

根據上述第三實施例方式,驗證裝置100可提供一身分驗證服務,利用核心網路CN,驗證裝置100得以確認第一使用者終端220之電話號碼,進一步確認該使用者之身分。與第一實施方式不同的是,該使用者以第二使用者終端240向服務伺服器300接收、傳送資料以及取得服務;並以第一使用者終端220向驗證裝置100接收、傳送資料,進一步完成驗證。如此一來,該使用者欲使用第二使用者終端240自服務伺服器300取得資料或服務時,得透過可存取核心網路CN之第一使用者終端220完成驗證。According to the above third embodiment, the verification device 100 can provide an identity verification service. Using the core network CN, the verification device 100 can confirm the phone number of the first user terminal 220 and further confirm the identity of the user. Different from the first embodiment, the user uses the second user terminal 240 to receive and transmit data to the service server 300 and obtain services; and uses the first user terminal 220 to receive and transmit data to the verification device 100, and further Complete verification. In this way, when the user wants to use the second user terminal 240 to obtain data or services from the service server 300, the user can complete the verification through the first user terminal 220 that can access the core network CN.

本揭露之第四實施方式為驗證方法500,其流程圖係描繪於第4圖中,驗證方法500包含步驟S502至S532。驗證方法500適用於一驗證裝置(例如:第三實施方式之驗證裝置100)、一第一使用者終端(例如:第三實施方式之第一使用者終端220)、一第二使用者終端(例如:第三實施方式之第二使用者終端240)以及一服務伺服器(例如:第三實施方式之服務伺服器300)。該驗證裝置包含一通訊介面、一處理器以及一儲存器。該儲存器儲存複數個電話號碼以及對應該等電話號碼之一識別資料。該通訊介面透過一核心網路通訊連接一第一使用者終端。該第一使用者終端包含一第一使用者終端以及一第二使用者終端。The fourth embodiment of the present disclosure is a verification method 500, the flow chart of which is depicted in Figure 4. The verification method 500 includes steps S502 to S532. The verification method 500 is applicable to a verification device (for example: the verification device 100 of the third embodiment), a first user terminal (for example: the first user terminal 220 of the third embodiment), a second user terminal ( For example: the second user terminal 240 of the third embodiment) and a service server (for example: the service server 300 of the third embodiment). The verification device includes a communication interface, a processor and a storage. The storage stores a plurality of telephone numbers and identification data corresponding to one of the telephone numbers. The communication interface is connected to a first user terminal through a core network communication. The first user terminal includes a first user terminal and a second user terminal.

需要注意的是,第4圖所繪示之步驟S506與第2圖所繪示之步驟S406相同;第4圖所繪示之步驟S520與第2圖所繪示之步驟S416相同;第4圖所繪示之步驟S522與第2圖所繪示之步驟S418相同;第4圖所繪示之步驟S524與第2圖所繪示之步驟S420相同;第4圖所繪示之步驟S526與第2圖所繪示之步驟S422相同;第4圖所繪示之步驟S528與第2圖所繪示之步驟S424相同。為了簡潔起見,接下來將聚焦在第四實施方式和第二實施方式之差異進行描述。It should be noted that step S506 shown in Figure 4 is the same as step S406 shown in Figure 2; step S520 shown in Figure 4 is the same as step S416 shown in Figure 2; Figure 4 Step S522 shown in Figure 2 is the same as step S418 shown in Figure 2; Step S524 shown in Figure 4 is the same as step S420 shown in Figure 2; Step S526 shown in Figure 4 is the same as step S420 shown in Figure 2. Step S422 shown in Figure 2 is the same; step S528 shown in Figure 4 is the same as step S424 shown in Figure 2 . For the sake of simplicity, the following description will focus on the differences between the fourth embodiment and the second embodiment.

步驟S502中,該第一使用者終端根據一驗證電話號碼透過一核心網路傳送一驗證碼請求至該驗證裝置,其中該驗證碼請求包含對應一第一使用者終端之一裝置電話號碼。In step S502, the first user terminal transmits a verification code request to the verification device through a core network based on a verification phone number, wherein the verification code request includes a device phone number corresponding to a first user terminal.

步驟S508中,該驗證裝置產生並傳送該驗證碼至該第一使用者終端。由於該驗證裝置確認該第一使用者終端對應之該使用者與該第一電話號碼對應之使用者相同,因此產生該驗證碼,該驗證碼用以作為後續驗證作業之比對依據。In step S508, the verification device generates and sends the verification code to the first user terminal. Since the verification device confirms that the user corresponding to the first user terminal is the same as the user corresponding to the first phone number, the verification code is generated, and the verification code is used as a comparison basis for subsequent verification operations.

在步驟S522中,該驗證裝置自該服務伺服器接收一待驗證碼。其中,該驗證裝置可透過該核心網路和/或其他通訊手段自該服務伺服器接收該待驗證碼。In step S522, the verification device receives a code to be verified from the service server. Wherein, the verification device can receive the code to be verified from the service server through the core network and/or other communication means.

在本揭露部分實施例中,該第一使用者終端在步驟S510中接收該驗證碼後,該第一使用者終端進一步執行步驟S512,將該驗證碼傳送至該第二使用者終端。In some embodiments of the present disclosure, after the first user terminal receives the verification code in step S510, the first user terminal further executes step S512 to transmit the verification code to the second user terminal.

之後,該第二使用者終端在步驟S514中接收該驗證碼後,該第二使用者終端進一步執行步驟S516,將該驗證碼傳送至該服務伺服器,而該服務伺服器在步驟S518中接收該驗證碼。Afterwards, after the second user terminal receives the verification code in step S514, the second user terminal further executes step S516 to transmit the verification code to the service server, and the service server receives the verification code in step S518. the verification code.

另一方面,響應於步驟S506中該驗證裝置比對該儲存器中的該等電話號碼並未包含符合該驗證碼請求中該裝置電話號碼之一第一電話號碼,該驗證裝置執行步驟S530,傳送一驗證失敗訊息至該第一使用者終端,對應地,該第一使用者終端在步驟S532接收該驗證失敗訊息。On the other hand, in response to the verification device comparing the phone numbers in the storage in step S506 and not including a first phone number that matches the phone number of the device in the verification code request, the verification device executes step S530, A verification failure message is sent to the first user terminal. Correspondingly, the first user terminal receives the verification failure message in step S532.

根據上述第四實施例方式,驗證方法500可提供一身分驗證服務,利用該核心網路,該驗證裝置得以確認該終端裝置之電話號碼,進一步確認該使用者之身分。與第二實施方式不同的是,該使用者以該第二使用者終端向該服務伺服器接收、傳送資料以及取得服務;並以該第一使用者終端向該驗證裝置接收、傳送資料,進一步完成驗證。如此一來,該使用者欲使用該第二使用者終端自該服務伺服器取得資料或服務時,得透過可存取該核心網路之該第一使用者終端完成驗證。According to the above fourth embodiment, the verification method 500 can provide an identity verification service. Using the core network, the verification device can confirm the phone number of the terminal device and further confirm the identity of the user. What is different from the second embodiment is that the user uses the second user terminal to receive and transmit data to the service server and obtain services; and uses the first user terminal to receive and transmit data to the verification device, and further Complete verification. In this way, when the user wants to use the second user terminal to obtain information or services from the service server, the user can complete the verification through the first user terminal that can access the core network.

由上述各實施方式之說明可知,本揭露所描述之驗證裝置及方法提供具安全性且不易遭盜用的一身分驗證技術。此外,在第三和第四實施方式中,更可以使一使用者操作一第二使用者終端存取資料及服務,而以一第一使用者終端完成驗證之技術。It can be seen from the description of each of the above embodiments that the verification device and method described in the present disclosure provide an identity verification technology that is secure and difficult to be stolen. In addition, in the third and fourth embodiments, a user can operate a second user terminal to access data and services, and a first user terminal is used to complete the verification technology.

雖以數個實施例詳述如上作為示例,然本揭露所提出之驗證裝置及方法亦得以其他系統、硬體、軟體、儲存媒體或其組合實現。因此,本揭露之保護範圍不應受限於本揭露實施例所描述之特定實現方式,當視後附之申請專利範圍所界定者為準。Although several embodiments are described in detail above as examples, the verification device and method proposed in the present disclosure can also be implemented in other systems, hardware, software, storage media, or combinations thereof. Therefore, the protection scope of the present disclosure should not be limited to the specific implementation manners described in the embodiments of the present disclosure, but shall be determined by the appended patent application scope.

對於本揭露所屬技術領域中具有通常知識者顯而易見的是,在不脫離本揭露的範圍或精神的情況下,可以對本揭露的結構進行各種修改和變化。鑑於前述,本揭露之保護範圍亦涵蓋在後附之申請專利範圍內進行之修改和變化。It will be obvious to a person of ordinary skill in the art to which this disclosure belongs that various modifications and changes can be made in the structure of the present disclosure without departing from the scope or spirit of the present disclosure. In view of the foregoing, the protection scope of the present disclosure also covers modifications and changes within the scope of the appended patent applications.

100:驗證裝置100: Verification device

120:通訊介面120: Communication interface

140:處理器140: Processor

160:儲存器160:Storage

200:第一使用者終端200: First user terminal

300:服務伺服器300:Service server

CN:核心網路CN: Core Network

400:驗證方法400:Verification method

S402~S428:步驟S402~S428: steps

220:第一使用者終端220: First user terminal

240:第二使用者終端240: Second user terminal

500:驗證方法500:Verification method

S502~S532:步驟S502~S532: steps

為讓本揭露之上述和其他目的、特徵、優點與實施例能更明顯易懂,所附圖式之說明如下: 第1圖為本揭露第一實施方式之驗證裝置之示意圖; 第2圖為本揭露第二實施方式之驗證方法之流程圖; 第3圖為本揭露第三實施方式之驗證裝置之示意圖;以及 第4圖為本揭露第四實施方式之驗證方法之流程圖。 In order to make the above and other objects, features, advantages and embodiments of the present disclosure more obvious and understandable, the accompanying drawings are described as follows: Figure 1 is a schematic diagram of a verification device according to the first embodiment of the present disclosure; Figure 2 is a flow chart of the verification method of the second embodiment of the present disclosure; Figure 3 is a schematic diagram of a verification device according to the third embodiment of the present disclosure; and Figure 4 is a flow chart of a verification method according to the fourth embodiment of the present disclosure.

國內寄存資訊(請依寄存機構、日期、號碼順序註記) 無 國外寄存資訊(請依寄存國家、機構、日期、號碼順序註記) 無 Domestic storage information (please note in order of storage institution, date and number) without Overseas storage information (please note in order of storage country, institution, date, and number) without

100:驗證裝置 100: Verification device

120:通訊介面 120: Communication interface

140:處理器 140: Processor

160:儲存器 160:Storage

200:第一使用者終端 200: First user terminal

300:服務伺服器 300:Service server

CN:核心網路 CN: Core Network

Claims (8)

一種驗證裝置,包含:一儲存器,用以儲存複數個電話號碼以及對應該等電話號碼各者之一識別資料;一通訊介面,通訊連接一第一使用者終端及一服務伺服器,其中該第一使用者終端與該通訊介面透過一核心網路之一安全連線通訊連接;以及一處理器,電性連接至該儲存器及該通訊介面;其中,該驗證裝置用以執行以下運作:該通訊介面透過該安全連線接收來自該第一使用者終端之一驗證碼請求,其中該驗證碼請求包含對應該第一使用者終端的一裝置電話號碼,且該驗證碼請求與該第一使用者終端於該服務伺服器申請之一身份驗證服務有關,其中該驗證碼請求係根據該服務伺服器傳送至該第一使用者終端之一驗證資訊所產生,該驗證資訊包含對應該驗證裝置之一驗證電話號碼,該第一使用者終端更基於一認證連線通訊連接至一第二使用者終端,且由該第二使用者終端於該服務伺服器申請該身份驗證服務;該處理器透過該通訊介面傳送一驗證碼至該第一使用者終端;該通訊介面自該服務伺服器接收一識別資料請求,該識別資料請求包含一待驗證碼;以及該處理器基於該待驗證碼,傳送對應該裝置電話號碼之該識別資料至該服務伺服器。 A verification device includes: a storage for storing a plurality of phone numbers and identification data corresponding to each of the phone numbers; a communication interface that communicates with a first user terminal and a service server, wherein the The first user terminal is connected to the communication interface through a secure connection of a core network; and a processor is electrically connected to the storage and the communication interface; wherein, the verification device is used to perform the following operations: The communication interface receives a verification code request from the first user terminal through the secure connection, wherein the verification code request includes a device phone number corresponding to the first user terminal, and the verification code request is consistent with the first user terminal. The user terminal applies for an identity verification service at the service server, and the verification code request is generated based on the verification information sent to the first user terminal by the service server. The verification information includes a corresponding verification device. a verification phone number, the first user terminal is further connected to a second user terminal based on an authentication connection communication, and the second user terminal applies for the identity verification service at the service server; the processor Send a verification code to the first user terminal through the communication interface; the communication interface receives an identification data request from the service server, the identification data request includes a verification code; and the processor based on the verification code, Send the identification data corresponding to the device phone number to the service server. 如請求項1所述之驗證裝置,其中該待驗證碼係由該服務伺服器根據自該第一使用者終端接收之該驗證碼所產生。 The verification device of claim 1, wherein the code to be verified is generated by the service server based on the verification code received from the first user terminal. 如請求項1所述之驗證裝置,其中該驗證裝置更執行以下運作以產生該驗證碼:該處理器比對該裝置電話號碼及該儲存器儲存之該等電話號碼,以判斷該等電話號碼中是否具有符合該裝置電話號碼之一第一電話號碼;以及響應於該裝置電話號碼符合該第一電話號碼,該處理器產生對應該第一電話號碼之該驗證碼。 The verification device as described in claim 1, wherein the verification device further performs the following operations to generate the verification code: the processor compares the phone number of the device with the phone numbers stored in the memory to determine the phone numbers. whether there is a first phone number that matches the device phone number; and in response to the device phone number matching the first phone number, the processor generates the verification code corresponding to the first phone number. 如請求項3所述之驗證裝置,其中該儲存器進一步用以儲存一服務資料,該驗證碼請求進一步包含一請求服務,且該驗證裝置更執行以下運作以產生該驗證碼:該處理器比對該請求服務是否符合該儲存器中的該服務資料;以及響應於該裝置電話號碼符合該第一電話號碼以及該請求服務符合該服務資料,該處理器產生對應該第一電話號碼之該驗證碼。 The verification device of claim 3, wherein the storage is further used to store a service data, the verification code request further includes a request service, and the verification device further performs the following operations to generate the verification code: the processor is whether the requested service matches the service data in the storage; and in response to the device phone number matching the first phone number and the requested service matching the service data, the processor generates the verification corresponding to the first phone number code. 如請求項1所述之驗證裝置,其中該驗證裝 置係透過一網際網路協定位址多媒體子系統與該第一使用者終端建立該安全連線,其中建立該安全連線包含以下運作:由該第一使用者終端基於一使用者身分模組,透過該網際網路協定位址多媒體子系統與該驗證裝置之該通訊介面建立該安全連線。 The verification device as described in claim 1, wherein the verification device The device establishes the secure connection with the first user terminal through an Internet Protocol address multimedia subsystem, wherein establishing the secure connection includes the following operations: by the first user terminal based on a user identity module , establishing the secure connection through the Internet Protocol address multimedia subsystem and the communication interface of the verification device. 如請求項1所述之驗證裝置,其中該驗證碼請求係透過一對話啟動協定封包傳送,且對應該對話啟動協定封包之一標頭欄位包含該裝置電話號碼。 The verification device of claim 1, wherein the verification code request is transmitted through a session initiation protocol packet, and a header field corresponding to the session initiation protocol packet contains the device phone number. 如請求項1所述之驗證裝置,該驗證裝置更執行以下運作:該處理器比對該待驗證碼是否符合該驗證碼;以及響應於該待驗證碼符合該驗證碼,該處理器透過該通訊介面傳送對應該裝置電話號碼之該識別資料至該服務伺服器。 The verification device as described in claim 1, the verification device further performs the following operations: the processor compares whether the code to be verified matches the verification code; and in response to the code to be verified matching the verification code, the processor uses the The communication interface sends the identification data corresponding to the device phone number to the service server. 一種驗證方法,用於一驗證裝置,該驗證裝置包含一儲存器、一通訊介面以及一處理器,其中:該儲存器用以儲存複數個電話號碼以及對應該等電話號碼各者之一識別資料;該通訊介面通訊連接一第一使用者終端及一服務伺服器,其中該第一使用者終端與該通訊介面透過一核心網路之一 安全連線通訊連接;以及該處理器電性連接至該儲存器及該通訊介面;其中該驗證方法包含下列步驟:該通訊介面透過該安全連線接收來自該第一使用者終端之一驗證碼請求,其中該驗證碼請求包含對應該第一使用者終端的一裝置電話號碼,且該驗證碼請求與該第一使用者終端於該服務伺服器申請之一身份驗證服務有關,其中該驗證碼請求係根據該服務伺服器傳送至該第一使用者終端之一驗證資訊所產生,該驗證資訊包含對應該驗證裝置之一驗證電話號碼,該第一使用者終端更基於一認證連線通訊連接至一第二使用者終端,且由該第二使用者終端於該服務伺服器申請該身份驗證服務;該處理器透過該通訊介面傳送一驗證碼至該第一使用者終端;該通訊介面自該服務伺服器接收一識別資料請求,該識別資料請求包含一待驗證碼;以及該處理器基於該待驗證碼,傳送對應該裝置電話號碼之該識別資料至該服務伺服器。 A verification method for a verification device, the verification device includes a storage, a communication interface and a processor, wherein: the storage is used to store a plurality of telephone numbers and identification data corresponding to each of the telephone numbers; The communication interface communicates with a first user terminal and a service server, wherein the first user terminal and the communication interface communicate through one of a core network a secure connection communication connection; and the processor is electrically connected to the storage and the communication interface; wherein the verification method includes the following steps: the communication interface receives a verification code from the first user terminal through the secure connection request, wherein the verification code request includes a device phone number corresponding to the first user terminal, and the verification code request is related to an identity verification service applied by the first user terminal on the service server, wherein the verification code The request is generated based on verification information sent to the first user terminal by the service server. The verification information includes a verification phone number corresponding to the verification device. The first user terminal is further based on an authentication connection communication connection. to a second user terminal, and the second user terminal applies for the identity verification service at the service server; the processor sends a verification code to the first user terminal through the communication interface; the communication interface automatically The service server receives an identification data request, the identification data request includes a code to be verified; and the processor sends the identification data corresponding to the phone number of the device to the service server based on the code to be verified.
TW111136830A 2022-09-28 2022-09-28 Authentication system and method TWI818750B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW111136830A TWI818750B (en) 2022-09-28 2022-09-28 Authentication system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW111136830A TWI818750B (en) 2022-09-28 2022-09-28 Authentication system and method

Publications (2)

Publication Number Publication Date
TWI818750B true TWI818750B (en) 2023-10-11
TW202414251A TW202414251A (en) 2024-04-01

Family

ID=89857604

Family Applications (1)

Application Number Title Priority Date Filing Date
TW111136830A TWI818750B (en) 2022-09-28 2022-09-28 Authentication system and method

Country Status (1)

Country Link
TW (1) TWI818750B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWM554596U (en) * 2017-09-05 2018-01-21 Far Eastern Int Bank System of security mechanisms corresponding to multi-authentication
US20200404019A1 (en) * 2016-05-30 2020-12-24 Christopher Nathan Tyrwhitt Drake Mutual authentication security system with detection and mitigation of active man-in-the-middle browser attacks, phishing, and malware and other security improvements
TW202236834A (en) * 2021-03-05 2022-09-16 中華電信股份有限公司 Two-way number-concealed call method and corresponding system and computer readable medium

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200404019A1 (en) * 2016-05-30 2020-12-24 Christopher Nathan Tyrwhitt Drake Mutual authentication security system with detection and mitigation of active man-in-the-middle browser attacks, phishing, and malware and other security improvements
TWM554596U (en) * 2017-09-05 2018-01-21 Far Eastern Int Bank System of security mechanisms corresponding to multi-authentication
TW202236834A (en) * 2021-03-05 2022-09-16 中華電信股份有限公司 Two-way number-concealed call method and corresponding system and computer readable medium

Also Published As

Publication number Publication date
TW202414251A (en) 2024-04-01

Similar Documents

Publication Publication Date Title
CN107770182B (en) Data storage method of home gateway and home gateway
CN103840944B (en) A short message authentication method, server and system
JP4964338B2 (en) User confirmation apparatus, method and program
US20110145273A1 (en) Verifying network delivery of information to a device based on physical characteristics
US9230286B2 (en) Methods and systems for associating users through network societies
JPWO2007110951A1 (en) User confirmation apparatus, method and program
CN101355555A (en) Authentication system and authentication method
CN102045335B (en) Terminal device, signature generation server, simple id management system, simple id management method
CN107612949A (en) A kind of intelligent wireless terminal access authentication method and system based on radio-frequency fingerprint
CN109495458A (en) A kind of method, system and the associated component of data transmission
CN108718323A (en) A kind of identity identifying method and system
JP6533963B2 (en) User terminal, authentication terminal, authentication method and program
CN105993156A (en) Server access verification method and device
CN103401686A (en) User Internet identity authentication system and application method thereof
CN104301288A (en) Method and system for online identity authentication, online transaction certification, and online certification protection
JP5456842B2 (en) User confirmation apparatus, method, and user authentication system
CN102143091B (en) Cross-domain operation realization method, system, server and browser
TWI818750B (en) Authentication system and method
CN107147661A (en) A system and method for enhancing FTP protocol security based on dynamic password
JP2013251000A (en) User verification device, method, and program
CN105100107B (en) The method and apparatus of agent client account certification
JP2008146363A (en) Authentication method in computer network
KR101879842B1 (en) User authentication method and system using one time password
CN115277090B (en) A security authentication system based on lightweight algorithm and its working method
CN104394170B (en) Secured account application method, safety device, server and system