201021498 六、發明說明: 【發明所屬之技術領域】 本發明侧於—繼證系統及方法,特職__種運關像式認證 瑪的5¾證系統及方法β 【先前技術】 &今各種安全防護系統中’設置密瑪以防止他人竊取資訊或重要物品 已是-種廣為使用的方法。然而,密碼的形式隨著時代的演進,亦以不同 的態樣展現,例如:燒錄於磁卡之IC晶片中的密碼、聲紋密碼或利用其他 生物雛觀騎碼等。在使略碼的方式上,仙安全彡騎不同而有 所差異,有些甚至結合兩種不同的保護措施,以提升安全性。 以傳統密碼來說,使用者往往需要記住密碼並且輸入。如果忘記密碼, 必須重新申請,待系統埃認身份後,才會核發新的密碼。如果丟失密碼, 則可能遭盜用。而且,傳統密碼容易被盜取或破解,尤其是在不安全的網 路環境令,骇客經常利用木馬程式或螺蟲程式植入使用者的電腦以竊取私 人密瑪。 在保全系統方面,以利用磁性感應的門禁卡來說,有一個潛在危險是 可能會被侧錄,意欲闖入者利用電子側錄設備擷取資訊,偽造另—張可通 行之磁卡,藉以闖入。 在應用生物特徵辨識技術於安全系統方面,目前可供辨識的生物特徵 有:指紋辨識、眼球虹膜辨識、聲紋辨識、臉孔辨識、及DNA排序辨識等。 利用生物特徵進行辨識最大的問題在於隱私權的問題,例如儲存於系統中 的指紋檔一旦流出,可能會遭不法份子濫用。 201021498 - 有鑑於上述單一密碼之缺失,故發展出一次性密碼(〇ne_time password)。所謂-次性密碼’係指密邮紐用_次,使贿後即失效。 使用一次性密碼可有效解決密碼被盜用的問題。然而,使用一次性密碼時, 使用者往往需要攜帶-姐密、碼魅卫具,再舰指稍人輯,以通過 認證’這對使用者來說’操作上非常麻煩。 【發明内容】 本發明之一目的在於提供一種認證系統,以使使用者能夠透過圖像式 φ 認證碼取得認證,而無需手動輸入認證碼。 本發明之另一目的在於提供一種使用者端認證模組,以產生圖像式認 證碼。 本發明之另一目的在於提供一種服務端驗證模組,以驗證圖像式認證 碼。 本發明之另一目的在於提供一種認證方法,使用者運用圖像式認證碼 以取得認證。 ❹ 依本發明之一目的,本發明提供一種運用圖像式認證碼的認證系統’ 其包含一認證碼產生器,用於產生字元形式之認證碼;一認證碼轉圖像轉 換器,用於將該字元形式之認證碼轉換成圖像;一圖像擷取控制與處理單 元,用於控制一影像擷取裝置以擷取該圖像,且對該圖像進行影像處理; 以及一轉譯與驗證單元,用於將該圖像轉譯成字元形式之認證碼,並且驗 證轉譯後之字元形式之認證瑪以判定使用者是否能夠認證通過。 依本發明之另一目的’本發明提供一種使用者端認證模組,包含一認 證碼產生器,用於產生字元形式之認證碼;以及一認證碼轉圓像轉換器’ 201021498 . 用於將該字元形式之認證碼轉換成圖像,其中該圖像用於使用者認證時, 予以通行之憑藉。 依本發明之另一目的’本發明提供一種服務端驗證模組,包含一圖像 棟取控制與處理單元,用於控制一影像擷取裝置以操取内含認證碼資訊之 圖像,並對該圖像進行影像處理;以及一轉譯與驗證單元,用於將該圖像 轉譯成字元形式之認證碼,並驗證轉譯後之字元形式之認證碼以判定使用 者是否能夠認證通過。 〇 前述使用者端認證模組中的認證瑪轉圖像轉換器可將認證碼轉換成複 數幅圖像,重複播放該等圖像以作為圖像式認證碼。或者,將認證碼以及 其他相關資訊(例如:認證碼檔案大小、及金餘長度等)轉換成重複播放的 複數幅圖像。相應地,前述服務端驗證模組中的轉譯與驗證單元可將該等 圖像轉譯成字元形式之認證碼,再予以驗證。 依本發明之另一目的,本發明提供一種運用圖像式認證碼的認證方法, 包含步驟:產生字元形式之認證碼;將該字元形式之認證碼轉換成圖像; ®擷取該圖像並對該圖像進行影像處理;以及將該圖像轉譯成字元形式之認 $碼’並驗證轉譯後之字元形式之認證碼以判定使用者是否能夠認證通過。 本發明並可利用一次性密碼的概念,當使用者需要認證時,才產生認證 碼。由於每次產生的認證碼皆不同,故可作為「一次性密碼」以登入或取 得服務端提供之服務◊本發明將傳統一次性的文字密碼,轉成圖像後進行 轉譯與驗證,無需使用者手動輸入密碼。 於一實施例中,於需要認證時,使用者利用行動裝置(如:手機、個人 數位助理)產生認證碼’並將認證碼轉換成二維條碼 201021498 “ barcode)。透過影像掏取裝置擷取該二維條碼後,服務端將該二維條碼轉換 成字元形式的認證碼,而後再進行驗證以判定使用者是否能夠認證通過。 【實施方式】 為讓本發明之上述内容能更明顯易懂,下文特舉較佳實施例’並配合 所附圖式,作詳細說明如下: 第1圖係顯示依本發明實施之認證系統的方塊圖。本發明之認證系統 包括使用者端認證模組10、服務端驗證模組20。當使用者需經認證時,使 ❹ 用者端認證模組1〇產生認證碼,並將認證碼轉換成圖像式認證碼(亦即内 含認證瑪資訊之圖像)。使用者於認證時,與傳統認證方法不同的是,使用 者無須手動輸入字元形式的認證碼,而是將圖像式認證碼透過影像擷取裝 置312的擷取,傳送至服務端驗證模組20以茲驗證。服務端驗證模組20 將圖像式認證碼内含的認證瑪資訊取出,或者是將圖像式認證碼轉譯成字 元形式的認證碼,藉以判定使用者是否能夠認證通過。本發明可省去使用 者須手動輸入認證碼的麻煩’於使用上更為便利,另一方面於安全性上, 0 本發明並不會因為取消手動輸入認證瑪而降低安全性,反而更方便與其他 資訊安全系統結合,而提昇安全性。 於進行使用者驗證之前’使用者需先向服務端驗證模組2〇註冊,以將 使用者之相關資料’例如:帳號、密碼、生日、電話、及住址等,存入使 用者資料庫201。服務端驗證模組20根據儲存於使用者資料庫2〇1的個人 資料產生金鑰,一方面將金鑰保存於服務端驗證模組20之金鑰管理單元22 中,另一方面將金錄匯入使用者端認證模組10之金鑰管理單元12。使用者 端認證模組10具有一通訊介面11 ’服務端驗證模組20具有一通訊介面21, 201021498 • 使用者端認證模組10與服務端驗證模組20藉由此兩通訊介面u、21以互 相傳遞信息。例如服務端驗證模組20之金鎗管理單元22產生之金錄透過 通訊介面21傳送至使用者端認證模組10之通訊介面η,金鑰再儲存於金 鑰管理單元12,金鑰管理單元12 ϋ將接收成功之信息依序透過通訊介面 11、通訊介面21以告知服務端驗證模組20。 為達透過圖像式認證碼以供驗證之功能,本發明之使用者端認證模組 10包括一認證瑪產生器14,用以根據產生認證碼;一認證碼轉圖像轉換器 0 16,用以將認證碼產生器Η產生之認證碼轉換成圖像式認證碼。本發明之 服務端驗證模組20包括一圖像擷取控制與處理單元26,用以控制影像擷取 裝置312以擷取使用者端認證模組1〇之認證碼轉圖像轉換器16轉換之圖 像式認證瑪’並對該圖像式認證碼進行影像處理;一轉譯與驗證單元24 , 用以將處理後之圖像式認證碼轉譯成字元形式之認證碼,並驗證轉譯後之 認證碼。簡言之,使用者使用該圖像式認證碼,作為取得認證之憑藉,以 登入或取得服務端提供之服務。 〇 於進行使用者驗證時,認證碼產生器14根據使用者認證資訊產生認證 碼’轉譯與驗證單元24判斷根據使用者參考認證資訊是否能夠產生與該轉 譯後之認證碼相同的認證瑪’以判定使用者是否能夠認證通過。舉例而言, 如果使用者認證資訊與使用者參考認證資訊有相同的内容’則依相同的認 證碼產生法則,即能產生同樣的認證瑪。使用者認證資訊係為使用者端認 證模組10之認證碼產生器Μ產生認證碼時之依據,金鑰配合使用者資料 和認證當時時間兩者至少一者皆可作為使用者認證資訊。類似地,使用者 參考認證資訊係為服務端驗證模組20之轉譯與驗證單元24驗證認證碼時 201021498 * 之依據,金輪配合使用者資料和認證當時時間兩者至少一者皆可作為使用 者參考認證資訊。舉例而言,利用金鑰及使用者資料兩者作為使用者認證 資訊和使用者參考認證資訊’因在使用者端和服務端,相同的使用者帳號 資料會有相_使用者認證資訊和使用者參考認證資訊,卿能夠產生同 樣的認證碼。反之’在使用者端和服務端,不同的使用者帳號資料會有不 同的使用者認證資訊和使用者參考認證資訊’亦即無法產生同樣的認證 碼。於進行使用者驗證時,使用者端會根據使用者認證資訊來產生認證碼, ❹本發明藉由在服務端判斷根據使用者參考認證資訊是否能夠產生與使用者 端產生之認證碼相同的認證碼,依此方式來認證使用者。然而,需注意的 是,本發明不僅限於此種認證方式,其他的認證方式亦可應用於本發明。 本發明之使用者端認證模組10可應用於行動通訊設備,例如:手機、 智慧型手機、及個人數位助理(PDA)等,或者是具有顯示圖像之功能的裝 置’例如:數位相機、筆記型電腦、迷你型筆記型電腦、及影音播放器等。 本發明之服務端驗證模組20係用於驗證使用者端認證模組1〇使用之圖像 φ 式認證碼’可應用於伺服器或工作站。此外,使用者端認證模組1〇 (服務端 驗證模組20)可為硬體、韌體、積體電路、或安裝具有使用者端認證模組 10 (服務端驗證模組20)之功能的應用程式之硬體或勃體。 第2圖係顯示依本發明實施之認證方法的流程圖。以下將配合第1圖 及第2圖詳細說明本發明。 步驟S210 :認證碼產生器14根據使用者認證資訊透過赫序函數扣也 fimction)產生認證碼。於此例中’使用者認證資訊包括使用者資料及來自 金鑰管理單元22傳送自金餘管理單元12的金鑰。赫序函數可將不同構案 201021498 - 大小的資料’輸出為固定長度之位元串。著名的赫序函數的有Ronald L. divest開發的md2及,美國的國家標準與技術局⑽灯)提出的 SHA-l ' SHA-2、及SHA-3,曰本電話電報公司(NTT)發展的N_Hash,以 及源於歐洲RIPE計晝的ripE_md。 步驟S220 :認證碼轉圖像轉換器16將認證碼轉換成圖像。於此步驟 中’認證·@像轉換器16可將其他相關資訊,例如:使用赫序函數之類 型、遇證碼標案大小、及金鑰長度等資訊,連同認證碼一起轉換成圖像, 0 以使圖像包3該等數位資訊。此外,執行圖像轉換前,認證碼轉圖像轉換 器16並可產生錯誤更正碼(err〇r_c〇rrecting CQde),用以在擁取圖像時因 光影或其齡在目素造取錯_情況下,料更正之肖。本發明可將 (two·— barcode) ’ 4者歧認證碼及其他 相關資訊轉成二維條碼,二維條碼的種類繁多,例如:在日本廣為流行的 QR碼(QR Code)、台灣廠商開發設計的Quick Mark行動條碼、韓國手機 通常使用的 Color 碼(ColorCode)、Magi 碼(MagiCode)、其他如 Sema 碼 參(SemaCode)、Shot 碼(ShotCode )、及 Veri 碼(VeriCode )等。 步驟S232:圖像擷取控制與處理單元26控制影像擷取裝置312以擷取 步驟S220轉換之圖像。對於所擷取之圖像,圖像揭取控制與處理單元加 初步判斷該圖像是否為服務端驗證模組20所支援之類型。舉例而言,若服 務端驗證模組20無法支援Sema Code類型的二維條碼,只能判讀QRc〇de 及Quick Mark,則Sema Code將無法讀出。 步驟S234 :若圖像擷取控制與處理單元26經步驟S232初步判斷搁取 之圖像為服務端驗證模組20所支援之類型,則對該圖像進行影像處理。以 201021498 - 娜黑白影像的二維條碼為例,由於影像榻取裝置犯在擁取時,容易受 到周遭環境絲的辟,使得娜刺二維條碼之影像麟為純黑及純白 的區塊所構成,而是不同程度的灰階,擷取之影像因而造成些許失真。為 解決此問題’操取之影像可透過演算法算出每—像素對應的門黯,以還 原其原本正確之顏色,使得擷取之影像接近原本之二維條碼真正的黑色與 白色之配置。另外,在擷取影像時,無論是受到光影折射的影響或使用者 在影像揭取時座標軸的不同,皆會造成與真實坐標不同調的情形,因此需 φ 要算出誤差並且執行座標轉換,以將擷取到的影像標示成真實的二維座標。 步驟S240 :轉譯與驗證單元24將步驟S234擷取及處理後之圖像轉譯 成認證碼。以黑白影像的二維條碼為例,轉譯與驗證單元24讀取經步驟 S234處理後之圖像的每一個像素值,將圖像上黑色點設成數位資料為丄, 白色點設成數位資料為0,以將該圖像轉譯回步驟S22〇提及之内含認證碼 之數位資訊’同時利用錯誤更正碼進行檢查及更正。轉譯與驗證單元24並 驗證數位資訊中内含的認證碼。舉例而言,轉譯與驗證單元24判斷根據使 用者參考遇證資訊能否產生該轉譯後之認證碼,如果可以產生該轉譯後之 認證碼’則使用者可被認證通過’否則使用者無法認證通過。於此例中, 與使用者認證資訊相應地,使用者參考認證資訊包括儲存於使用者資料庫 201的使用者資料、及儲存於金鑰管理單元22的金鑰。由於在使用者端和 服務端同一使用者帳號會有相同内容的使用者認證資訊和使用者參考認證 資訊,依相同的認證碼產生法則,服務端能夠產生與使用者端相同的認證 碼,亦即可以認證通過。反之,不同的使用者帳號因使用者認證資訊和使 用者參考認證資訊不同,故在服務端與使用者端無法產生相同認證碼,亦 201021498 即無法認證通過。另外,若使用者端使用的帳號,在服務端並無對應之帳 號資料,則亦無法認證通過。然而,需注意的是,本發明不僅限於此種認 證方式,其他的認證方式亦可應用於本發明》 本發明並可利用「一次性密瑪」(one-timepassword)的概念,當使用者 需要認證時’使用者端認證模組10之認證瑪產生器14產生認證碼,認證 碼產生過程並利用當時的時間作為赫序函數之參數,亦即使用者認證資訊 包含有金鑰、使用者資料、及認證當時的時間,如此每次產生之認證碼皆 φ 不同。因此,此認證碼可作為「一次性密碼」以登入或取得服務端提供之 服務。服務端驗證模組20之轉譯與驗證單元24驗證該認證碼時,依據的 使用者參考認證資訊亦包含與使用者認證資訊相應之金鑰、使用者資料、 及認證當時的時間三者。 需注意的是,於步驟S220中,使用者端認證模組1〇之認證碼轉圖像 轉換器I6可將認證碼轉換成複數幅圖像,重複播放該等圖像以作為圖像式 認證碼。或者’將認證碼以及步驟S22〇提及之其他相關資訊(使用赫序函 ❹數之類型、認證碼標案大小、及金鑰長度等)轉換成重複播放的複數幅圖 像。服務端驗證模組20再透過影像梅取裝置312擷取該等重複播放的複數 巾田圖像以重複播放的複數幅二維條瑪之圖像為例,由於每張二維條碼之 圖像所能儲存的數位資訊有限,故可先將認證碼及上述相關資訊分成數個 部分,再將該等部分轉換成二維條碼,例如將認證碼及上述相關資訊分成 數個子碼絲鋪⑽縣二維細。耕,每個.可加上更正碼, 以作為檢查及更正之用。服務端驗證模组2〇中的圓像操取控制與處理單元 26對所触雜數幅二維_,像飾_理後,轉譯與驗證單元24 11 201021498 刀別轉譯該等複數幅二維條碼之圖像所包含的數位資訊。使用重複播放的 、5圖像相較於使用單-幅圖像作為圖像式認證碼,由於複雜度以及被 從中摘截_難度更高,故具有健的安全性。 然而’使用重複播放的複數幅圖像作為圖像式認證碼會產生顯示圖像 與操取圖像不同步的問題。舉例來說,如果四張圖像中每張圖像顯示之時 間間隔為〇·5秒,服務端驗證模組20之影像擷取裝置312每隔1秒擷取一 張圖像’則只能擷取到兩張不同内容的圖像,此時必須調整圖像的顯示速 〇 度或重新設定影像擷取裝置312擷取圖像的時間間隔。本發明於圖像擷取 過程中’如果經一預定時間後’使用者端認證模組1〇還沒有接收到服務端 驗證模組20發出擷取完成的信息’則使用者端認證模組10將圖像的播放 速度調慢。例如,上述的例子中,將每張圖像顯示之時間間隔調整為1秒, 以使得影像操取裝置312可以完整擷取所有的圖像《或者,如果經一預定 時間後’服務端驗證模組20還沒將預定數目的圖像擷取完成,則服務端驗 證模組20減少影像擷取裝置312擷取圖像的時間間隔,以加快擷取的速 φ 度。例如,上述的例子中,將擷取圊像的時間間隔設為〇.5秒,以使得影像 擷取裝置312可以完整擷取所有的圖像。 第3圖係顯示依本發明實施之另一認證系統的方塊圖。第3圖顯示之 認證系統其結構及功能與第2圖類似,皆是運用圖像式認證碼以認證使用 者’但是圖像之擷取與影像處理係於第3圖所示之存取端控制模組30進 行,擷取與影像處理後之圖像透過通訊介面31傳送至服務端驗證模組20。 於此實施例中,服務端驗證模組20透過通訊介面21接收來自存取端控制 模組30之圖像擷取控制與處理單元36處理後之圖像’以轉譯及驗證圖像 12 201021498 所包含之數位資訊中的認證碼。 於進行使用者驗證之前,使用者需先註冊,可透過存取端控制模組% 向服務端驗證觀20轉’靖使用者之細龍,存人麵者資料庫 【當使用者透過存取端控制模組3〇來存取特定資源時,這裡所說的特 定資源可缺實雜置錢銳祕,魏_獅对要求服務端驗 證模組2〇驗證使用者的身分。此時,使用者需將使用者端認證模組ι〇產 ❹201021498 VI. Description of the Invention: [Technical Field of the Invention] The present invention is a side-by-side verification system and method, and a special-purpose __-------------------------------------------- In the security system, it is a widely used method to set up Mima to prevent others from stealing information or important items. However, the form of the password has evolved in different ways with the evolution of the times, such as passwords, voiceprint passwords, or other creatures used in the IC chip of the magnetic card. In terms of making the code slightly, there are differences between the different types of safety, and some even combine two different protection measures to improve safety. In the case of traditional passwords, users often need to remember the password and enter it. If you forget your password, you must re-apply and wait until the system recognizes your identity before issuing a new password. If you lose your password, you may be stolen. Moreover, traditional passwords are easily stolen or cracked, especially in an insecure network environment where hackers often use trojans or snails to embed a user's computer to steal private megabytes. In terms of security systems, there is a potential danger of using magnetically-sensing access cards, which may be recorded. The intruder intends to use electronic side-recording equipment to capture information and to falsify another magnetic card that can be used for intrusion. In the application of biometrics technology to security systems, the currently available biometrics include fingerprint identification, iris recognition, voiceprint recognition, face recognition, and DNA sequencing. The biggest problem with biometrics is the issue of privacy. For example, once the fingerprint file stored in the system flows out, it may be abused by illegal elements. 201021498 - In view of the lack of the above single password, a one-time password (〇ne_time password) has been developed. The so-called "secondary password" refers to the use of the secret mail for _ times, which invalidates the bribe. Using a one-time password can effectively solve the problem of password theft. However, when using a one-time password, the user often needs to carry a sister-in-law, a code-guard, and a re-introduction to pass the authentication, which is very troublesome for the user. SUMMARY OF THE INVENTION An object of the present invention is to provide an authentication system that enables a user to obtain authentication through an image type φ authentication code without manually inputting an authentication code. Another object of the present invention is to provide a client authentication module for generating an image authentication code. Another object of the present invention is to provide a server authentication module for verifying an image authentication code. Another object of the present invention is to provide an authentication method in which a user uses an image authentication code to obtain authentication. According to one aspect of the present invention, the present invention provides an authentication system using an image authentication code, which includes an authentication code generator for generating an authentication code in the form of a character; an authentication code to image converter, Converting the authentication code in the form of a character into an image; an image capture control and processing unit for controlling an image capture device to capture the image and performing image processing on the image; A translation and verification unit for translating the image into an authentication code in the form of a character, and verifying the authentication of the translated character form to determine whether the user can pass the authentication. According to another aspect of the present invention, the present invention provides a user end authentication module, including an authentication code generator for generating an authentication code in the form of a character; and an authentication code to round image converter '201021498. The authentication code in the form of a character is converted into an image, wherein the image is used for user authentication. According to another aspect of the present invention, the present invention provides a server-side verification module, comprising an image acquisition control and processing unit for controlling an image capture device to acquire an image containing authentication code information, and Image processing is performed on the image; and a translation and verification unit is configured to translate the image into an authentication code in the form of a character, and verify the authentication code in the form of the translated character to determine whether the user can pass the authentication.认证 The authentication image conversion image converter in the aforementioned user authentication module can convert the authentication code into a plurality of images and repeatedly play the images as an image authentication code. Alternatively, the authentication code and other related information (for example, the size of the authentication code file, and the length of the gold remainder) are converted into a plurality of images that are repeatedly played. Correspondingly, the translation and verification unit in the server verification module can translate the images into an authentication code in the form of a character and then verify. According to another object of the present invention, the present invention provides an authentication method using an image authentication code, comprising the steps of: generating an authentication code in the form of a character; converting the authentication code in the form of a character into an image; The image is image processed; and the image is translated into a recognized form of the character in the form of a character and the translated code in the form of the character is verified to determine whether the user can pass the authentication. The present invention can utilize the concept of a one-time password to generate an authentication code when the user requires authentication. Since the authentication code generated each time is different, it can be used as a "one-time password" to log in or obtain the service provided by the server. The present invention converts the traditional one-time text password into an image for translation and verification without using Enter the password manually. In an embodiment, when authentication is required, the user generates an authentication code using a mobile device (eg, a mobile phone or a personal digital assistant) and converts the authentication code into a two-dimensional barcode 201021498 "barcode". After the two-dimensional barcode, the server converts the two-dimensional barcode into an authentication code in the form of a character, and then performs verification to determine whether the user can pass the authentication. [Embodiment] To make the above content of the present invention more obvious The following is a detailed description of the preferred embodiment of the present invention as follows: FIG. 1 is a block diagram showing an authentication system implemented in accordance with the present invention. The authentication system of the present invention includes a user authentication module. 10. The server verification module 20. When the user needs to be authenticated, the user authentication module 1 generates an authentication code and converts the authentication code into an image authentication code (that is, the authentication information is included) The image is different from the traditional authentication method when the user authenticates, the user does not need to manually input the authentication code in the form of a character, but the image authentication code is captured through the image. The capture of the device 312 is transmitted to the server verification module 20 for verification. The server verification module 20 takes out the authentication information contained in the image authentication code, or translates the image authentication code into a character. The authentication code of the form is used to determine whether the user can pass the authentication. The invention can save the user the trouble of manually inputting the authentication code, which is more convenient in use, and on the other hand, in terms of security, the present invention does not Because the manual input of authentication code is reduced to reduce security, it is more convenient to integrate with other information security systems to improve security. Before user authentication, the user must first register with the server verification module 2 to use The relevant information 'for example: account number, password, birthday, phone number, and address, etc., is stored in the user database 201. The server verification module 20 generates a key according to the personal data stored in the user database 2〇1, On the one hand, the key is stored in the key management unit 22 of the server verification module 20, and on the other hand, the account is transferred to the key management unit 12 of the user authentication module 10. The authentication module 10 has a communication interface 11 'The server authentication module 20 has a communication interface 21, 201021498. The user authentication module 10 and the server authentication module 20 are mutually connected by the two communication interfaces u and 21 For example, the information generated by the golden gun management unit 22 of the server verification module 20 is transmitted to the communication interface η of the user authentication module 10 through the communication interface 21, and the key is stored in the key management unit 12, gold. The key management unit 12 sequentially transmits the successfully received information to the server verification module 20 through the communication interface 11 and the communication interface 21. The user authentication of the present invention is a function for verifying the image authentication code. The module 10 includes an authentication generator 14 for generating an authentication code according to an authentication code, and an authentication code to image converter 0 16 for converting the authentication code generated by the authentication code generator into an image authentication code. The server verification module 20 of the present invention includes an image capture control and processing unit 26 for controlling the image capture device 312 to capture the authentication code to image converter 16 of the user authentication module 1 Image-based authentication and processing of the image-based authentication code; a translation and verification unit 24 for translating the processed image-based authentication code into an authentication code in the form of a character, and verifying the translation The authentication code. In short, the user uses the image authentication code as a means of obtaining authentication to log in or obtain the service provided by the server. When the user authentication is performed, the authentication code generator 14 generates an authentication code based on the user authentication information, and the translation and verification unit 24 determines whether the authentication certificate according to the user's reference authentication information can generate the same authentication code as the translated authentication code. Determine if the user can pass the authentication. For example, if the user authentication information has the same content as the user reference authentication information, the same authentication code can be generated according to the same authentication code generation rule. The user authentication information is used as the basis for generating the authentication code by the authentication code generator of the user authentication module 10. At least one of the key and the user data and the time of the authentication can be used as the user authentication information. Similarly, the user reference authentication information is based on the 201021498 * when the translation and verification unit 24 of the server verification module 20 verifies the authentication code. At least one of the golden wheel and the user data and the time of the authentication can be used as the user. Refer to the certification information. For example, both the key and the user data are used as the user authentication information and the user reference authentication information. [On the user side and the server side, the same user account data may have phase_user authentication information and use. Referring to the certification information, Qing can generate the same authentication code. On the other hand, in the user and server, different user account information may have different user authentication information and user reference authentication information, that is, the same authentication code cannot be generated. When performing user authentication, the user end generates an authentication code according to the user authentication information, and the present invention determines by the server whether the authentication information according to the user reference can generate the same authentication code generated by the user end. Code, in this way to authenticate users. However, it should be noted that the present invention is not limited to this type of authentication, and other authentication methods are also applicable to the present invention. The user end authentication module 10 of the present invention can be applied to a mobile communication device, such as a mobile phone, a smart phone, a personal digital assistant (PDA), or the like, or a device having a function of displaying an image, such as a digital camera. Notebook computers, mini notebook computers, and audio and video players. The server authentication module 20 of the present invention is used to verify that the image authentication code used by the user authentication module 1 can be applied to a server or a workstation. In addition, the user authentication module 1 (the server verification module 20) may be a hardware, a firmware, an integrated circuit, or a function with a user authentication module 10 (the server authentication module 20). The hardware or body of the app. Figure 2 is a flow chart showing an authentication method implemented in accordance with the present invention. Hereinafter, the present invention will be described in detail with reference to Figs. 1 and 2 . Step S210: The authentication code generator 14 generates an authentication code according to the user authentication information through the epoch function. In this example, the user authentication information includes the user profile and the key transmitted from the key management unit 12 from the key management unit 22. The epoch function can output different structures 201021498 - size data as a fixed length string. The well-known he-order function is developed by Ronald L. divest and md2 developed by the National Institute of Standards and Technology (10). The SHA-l 'SHA-2 and SHA-3, developed by the Telephone and Telegraph Corporation (NTT) N_Hash, and ripE_md from the European RIPE program. Step S220: The authentication code to image converter 16 converts the authentication code into an image. In this step, the 'authentication@image converter 16 can convert other related information, such as the type of the heuristic function, the size of the syndrome code, and the length of the key, together with the authentication code into an image. 0 to make the image pack 3 the digit information. In addition, before the image conversion is performed, the authentication code is rotated to the image converter 16 and an error correction code (err〇r_c〇rrecting CQde) can be generated for making an error in capturing the image due to the light shadow or its age. In the case of _, the correction is expected. The invention can convert the (two--barcode) '4-identification authentication code and other related information into a two-dimensional barcode, and the two-dimensional barcode has various types, for example, a QR code popular in Japan, a Taiwanese manufacturer. Developed Quick Mark action bar code, Color Code, MagiCode, and other Sema Code, ShotCode, and VeriCode. Step S232: The image capturing control and processing unit 26 controls the image capturing device 312 to capture the image converted in step S220. For the captured image, the image removal control and processing unit adds a preliminary determination as to whether the image is of a type supported by the server verification module 20. For example, if the server verification module 20 cannot support the 2D barcode of the Sema Code type and can only interpret the QRc〇de and the Quick Mark, the Sema Code cannot be read. Step S234: If the image capture control and processing unit 26 initially determines in step S232 that the image to be taken is of a type supported by the server verification module 20, the image is processed. Taking the 2D barcode of 201021498 - Na black and white image as an example, because the image couching device is arbitrarily caught, it is easy to be affected by the surrounding environment, making the image of Nana's two-dimensional bar code a pure black and pure white block. It is composed of different degrees of gray scale, and the captured image thus causes some distortion. In order to solve this problem, the image taken by the algorithm can calculate the threshold corresponding to each pixel to restore the original correct color, so that the captured image is close to the original black and white configuration of the original two-dimensional barcode. In addition, when capturing images, whether it is affected by the refraction of light and shadow or the coordinate axis of the user when the image is taken out, it will cause a different tone from the real coordinates. Therefore, it is necessary to calculate the error and perform the coordinate conversion. Mark the captured image as a true two-dimensional coordinate. Step S240: The translation and verification unit 24 translates the image captured and processed in step S234 into an authentication code. Taking the two-dimensional barcode of the black and white image as an example, the translation and verification unit 24 reads each pixel value of the image processed in step S234, and sets the black point on the image to digital data, and the white point to digital data. If it is 0, the image is translated back to the digital information containing the authentication code mentioned in step S22, and the error correction code is used for checking and correction. The translation and verification unit 24 verifies the authentication code contained in the digital information. For example, the translation and verification unit 24 determines whether the translated authentication code can be generated according to the user's reference to the witness information. If the translated authentication code can be generated, the user can be authenticated. Otherwise, the user cannot authenticate. by. In this example, the user reference authentication information includes the user data stored in the user database 201 and the key stored in the key management unit 22, corresponding to the user authentication information. Since the same user account has the same content user authentication information and user reference authentication information on the user side and the server side, according to the same authentication code generation rule, the server can generate the same authentication code as the user end. That is, you can pass the certification. On the other hand, different user accounts are different from the user authentication information and the user reference authentication information. Therefore, the same authentication code cannot be generated on the server and the user end, and 201021498 cannot be authenticated. In addition, if the account used by the user does not have corresponding account information on the server, it will not be authenticated. However, it should be noted that the present invention is not limited to this type of authentication, and other authentication methods can also be applied to the present invention. The present invention can utilize the concept of "one-time password" when the user needs At the time of authentication, the authentication generator generator 14 of the user authentication module 10 generates an authentication code, and the authentication code generation process uses the current time as a parameter of the epoch function, that is, the user authentication information includes the key and the user data. And the time at the time of certification, so the authentication code generated each time is different. Therefore, this authentication code can be used as a "one-time password" to log in or obtain the services provided by the server. When the translation and verification unit 24 of the server verification module 20 verifies the authentication code, the user reference authentication information according to the user authentication information also includes the key corresponding to the user authentication information, the user data, and the time at the time of authentication. It should be noted that, in step S220, the authentication code to image converter I6 of the user authentication module 1 can convert the authentication code into a plurality of images, and repeatedly play the images as image authentication. code. Or 'convert the authentication code and other related information mentioned in step S22 (using the type of the epoch function, the size of the authentication code, and the length of the key, etc.) into a plurality of images that are repeatedly played. The server verification module 20 then captures the repeated images of the plurality of towel fields through the image capturing device 312 to repeat the image of the plurality of two-dimensional bars, as the image of each two-dimensional barcode can The stored digital information is limited, so the authentication code and the related information can be divided into several parts, and then the parts are converted into two-dimensional barcodes, for example, the authentication code and the related information are divided into several sub-codes (10) county two-dimensional fine. Tillage, each. A correction code can be added for inspection and correction. The circular image manipulation control and processing unit 26 in the server verification module 2〇 pairs the two-dimensional two-dimensional _, the image processing, the translation and verification unit 24 11 201021498, and the translation of the plurality of two-dimensional The digital information contained in the image of the barcode. The use of the repeated playback of the 5 image is more robust than the use of the single-image as the image-based authentication code because of the complexity and the difficulty of being extracted from it. However, using a plurality of images repeatedly played as an image authentication code causes a problem that the display image is out of sync with the captured image. For example, if the time interval of each image in the four images is 〇·5 seconds, the image capturing device 312 of the server verification module 20 captures an image every 1 second. To capture images of two different contents, it is necessary to adjust the display speed of the image or reset the time interval at which the image capturing device 312 captures the image. In the image capturing process, if the user authentication module 1 has not received the information that the server verification module 20 issues the retrieval completion after a predetermined time, the user authentication module 10 is used. Slow down the playback speed of the image. For example, in the above example, the time interval for displaying each image is adjusted to 1 second, so that the image capturing device 312 can completely capture all the images "or, if after a predetermined period of time," the server-side verification module The group 20 has not yet completed the predetermined number of images, and the server verification module 20 reduces the time interval during which the image capturing device 312 captures images to speed up the capture speed φ. For example, in the above example, the time interval for capturing the image is set to 〇.5 seconds, so that the image capturing device 312 can completely capture all the images. Figure 3 is a block diagram showing another authentication system implemented in accordance with the present invention. The structure and function of the authentication system shown in Figure 3 are similar to those in Figure 2. The image authentication code is used to authenticate the user's. However, the image capture and image processing are based on the access terminal shown in Figure 3. The image is processed by the control module 30, and the image after the image processing is transmitted to the server verification module 20 through the communication interface 31. In this embodiment, the server verification module 20 receives the image processed by the image capture control and processing unit 36 from the access control module 30 through the communication interface 21 to translate and verify the image 12 201021498. The authentication code contained in the digital information. Before the user is authenticated, the user needs to register first, and the access control module can verify the view to the server through the access control module %, and the user database is stored. When the end control module 3 accesses a specific resource, the specific resource mentioned here may be lacking in real money, and the Wei _ lion requires the server authentication module 2 to verify the identity of the user. At this point, the user needs to use the user authentication module to produce ❹
生之圖像式認證碼透過影像揭取裝置312的榻取輸出至存取端控制模組 3〇,存取猶制做3Q 取與雜處職之哪傳送紐細驗證模組 2〇。服務端驗證模紐20再將該圖像轉譯成認證碼,並驗證該認證瑪以判定 使用者是否能夠認證通過。服務端驗證模組2〇並將驗證之結果傳給使用者 _證_ 10&#__她3G。存取雜讎㈣啊冑過該驗證 結果來決讀时是否可料人或以提供服料練帛者。需注意的 是’使用者端認證模組10可將認證碼轉換成複數幅圖像重複播放該等圖 像以作為®像式繼碼,透過存取端㈣敝3()之圖雜取控制與處理單 疋26控制影像擁取裝置312擷取該等圖像後,服務端驗證模組2〇再將該 等圖像轉成繼碼,並魏該纖碼_定者是碰_證通過。 本發明之存取端控麵組3G可於各式終端模組,修^應用於個 人電腦、手提電腦、及具有控制存取功能的終端機(例如:提款機、自動概 員機、補摺機、及收銀機等)。存取端控制模組3〇可為硬體、勃體 '積餿電 路或女裝具有存取端控制模组3〇之功能的應用程式之硬體或物體。 综上所述,雖然本發明已用較佳實施例揭露如上,然其並非用以限定 本發明,本發騎屬技魏域巾具有通常知識者,在不麟本侧之精神 13 201021498 和範圍内’當可作各種之更動與潤飾,因此本發明之保護當視後附之 申請專利範圍所界定者為準。 【圖式簡單說明】 第1圖係顯示依本發明實施之認證系統的方塊圖。 第2圖係顯示依本發明實施之認證方法的流程圖。 第3圖係顯示依本發明實施之另一認證系統的方塊圖。 【主要元件符號說明】 10 使用者端認證模組 11 通訊介面 12 金鑰管理單元 14 認證碼產生器 16 認證碼轉圖像轉換器 20 服務端驗證模組 21 通訊介面 22 金鑰管理單元 24 轉譯與驗證單元 26 圖像擷取控制與處理單元 201 使用者資料庫 30 存取端控制模組 31 通訊介面 36 圖像擷取控制與處理單元 312 影像擷取裝置 S210 步驟 S220 步驟 S232 步驟 S234 步驟 S240 步驟 ❹ ❹The image authentication code of the image is outputted to the access control module 3 through the image pickup device 312, and the transmission key authentication module 2 of the 3Q acquisition and the miscellaneous service is accessed. The server verification module 20 then translates the image into an authentication code and verifies the authentication to determine if the user is authenticated. The server verifies the module 2 and transmits the result of the verification to the user _ _ _ 10 &#__ her 3G. Access to the magazine (4) 胄 该 该 该 该 该 该 该 该 该 该 该 该 该 该 该 该 该 该 该 该 该 该 该 该 该It should be noted that the 'user end authentication module 10 can convert the authentication code into a plurality of images to repeatedly play the images as the image-like relay code, and through the access terminal (four) 敝 3 () After the processing unit 312 controls the image capturing device 312 to capture the images, the server verification module 2 converts the images into relay codes, and the code is determined to be passed. . The access terminal control group 3G of the present invention can be applied to various types of terminal modules, and is applied to personal computers, laptop computers, and terminals having control access functions (for example, cash dispensers, automatic cash registers, and supplements). Folding machine, cash register, etc.). The access control module 3 can be a hardware or object of an application that is a hardware, a body, or an application that has a function of accessing the control module. In summary, although the present invention has been disclosed in the above preferred embodiments, it is not intended to limit the present invention, and the present invention is generally known to those skilled in the art. The invention may be modified and modified as such, and the protection of the present invention is defined by the scope of the appended claims. BRIEF DESCRIPTION OF THE DRAWINGS Fig. 1 is a block diagram showing an authentication system implemented in accordance with the present invention. Figure 2 is a flow chart showing an authentication method implemented in accordance with the present invention. Figure 3 is a block diagram showing another authentication system implemented in accordance with the present invention. [Main component symbol description] 10 User authentication module 11 Communication interface 12 Key management unit 14 Authentication code generator 16 Authentication code to image converter 20 Server verification module 21 Communication interface 22 Key management unit 24 Translation And verification unit 26 image capture control and processing unit 201 user database 30 access terminal control module 31 communication interface 36 image capture control and processing unit 312 image capture device S210 step S220 step S232 step S234 step S240 Step ❹ ❹