201036397 ,六、發明說明: 【發明所屬之技術領域】 本發明係關於一種網站使用者身分認證系統與方 法,更詳而-言之,係一種利用加密的帳號資料與識別碼來 進行身分認證之網站使用者身分認證系統與方法。 【先前技術】 網路使用越來越大眾化,隨著網路的蓬勃發展,網路 的建構及擴展已漸漸地改變人類的行為模式。舉例來說, 〇 由於網路相當的普及,使大部分的使用者透過網路搜集資 料、瀏覽知識、購買商品、工作、討論問題與交朋友。因 此,各式各樣的網路服務平台出現於網路上,藉由與各種 不同的網路社群進行互動,使得人類的行為更方便、更快 速且更科技。 一般來說,使用者登入網路服務平台,必須先註冊使 用者帳號並設定密碼,當使用者具有多數網路服務平台的 q 帳號與密碼時,記憶大量的帳號與密碼常對使用者造成困 擾。若使用者設定相同的帳號與密碼,一但資料外洩(例 如遭駭客盜取帳號或詐騙網站竊取個人資料),非法之用戶 即可輕易地以該帳號與密碼登入網路,假冒使用者身分在 網路上進行商業行為,交友或發表言論,使真正使用者造 成極大損害。 目前針對帳號與密碼自動輸入的技術有Cookie或寫 入註冊機碼,然而此類的技術仍然有帳號與密碼被盜取的 可能性。且使用者除了登入網站時需輸入帳號密碼外,於 3 11095b 201036397 執行網路交易、付費等較重要的動作時,尚須額外輸入其 他認證密瑪。如此繁複的動作,不但讓使用者連結網站的 意願降低,也連帶影響網站的營運。 另一方面,基於方便性與成本上的考量,多人共用同 一網站的使用者帳號已經是一種趨勢,然而一般網站所提 供的服務内容無法對同一使用者帳號作功能上或使用權限 的限制,造成管理上的不便。例如影音服務網站無法針對 同一使用者帳號作影音内容分級,因此家庭中的未成年子 女只要取得父母的使用者帳號密碼即可任意瀏覽下載限制 級的影音資料,因此對於父母管理使用者帳號密碼時的不 便利性。 然而,上述習知技術存在以下的問題: (1) 安全性不足。網路服務平台的業者所建構的身分認 證機制通常僅利用繁複的帳號與密碼來增加資料被盜取的 難度,然而駭客藉由不斷的嘗試後仍有可能找出破解的方 法,因此會影響網路服務平台的安全性。 (2) 便利性不足。使用者於登入特定網站時,需輸入該 特定網站的帳號密碼。然而當使用者具有多數網站的帳號 密碼或同一網站具有多種帳號密碼時,如何找出對應該網 站的帳號密碼藉以登入該特定網站係使用者所面臨的一大 難題,因此也造成使用上的不便利。 (3) 使用者無法有效管理網站服務的内容。於多人共用 同一使用者帳號時,網路服務平台不具備服務内容分級或 分類的機制,因此無法對使用者的權限或網站服務内容作 4 110956 201036397 ^ 管理與限制。 综上所述,如何能提供一種可解決上述習知技術缺點 的網站使用者身分認證系統與方法,遂成為目前亟待解決 的課題。 . .-.- 【發明内容】 為解決前述習知技術之缺失,本發明提供一種網站使 用者身分認證系統,係應用於網路系統中,該網站使用者 身分認證系統包括:用戶端裝置;網路服務平台,係透過 ® 該網路系統連結該用戶端裝置,以提供網路服務内容予該 用戶端裝置;以及認證平台,係透過該網路系統連結該用 戶端裝置與該網路服務平台,以於該用戶端裝置登入至該 網路服務平台時,由該認證平台對該用戶端裝置進行登入 認證,其中,該用戶端裝置包括:用戶端輸入介面,用以 提供使用者輸入帳號資料,以將該帳號資料傳予該認證平 台進行初始認證,並於通過初始認證後提供該使用者輸入 Q 識別碼;資料加密模組,用以將該使用者輸入的帳號資料 與識別碼形成加密檔並儲存於該用戶端裝置;公開資訊介 面,用以於該用戶端裝置登入至該網路服務平台而由該認 證平台進行登入認證時,提供該用戶端之公開資訊予該認 證平台,以由該認證平台透過預設之規則計算出識別參 數;伺服端存取介面,用以提供該認證平台輸入該識別參 數以使該認證平台由該用戶端裝置擷取該加密檔,俾該認 證平台將該加密檔解密並取出該帳號資料以確認該使用者 的身份;以及用戶端存取介面,用以於該用戶端裝置請求 5 110956 201036397 該網路服務平台提供特定服務時,提供該使用者輸入該識 別碼,於該識別碼確認無誤後將該加密檔傳予該認證平台 進行解密以對該使用者進行身份確認。 本發明又提供一種網站使用者身分認證方法,係應用 於網路系統中,該網站使用者身分認證方法包括:(1)將帳 號資料輸入用戶端裝置之用戶端輸入介面’以將該帳號資 料傳予認證平台進行初始認證,並於通過初始認證後再輸 入識別碼;(2)將所輸入的帳號資料與識別碼形成加密檔並 儲存於用戶端裝置;(3)於該用戶端裝置登入至網路服務平 台而由認證平台進行登入認證時’將該用戶端裝置之公開 資訊傳予該認證平台,以由該認證平台透過預設之規則計 算出識別參數;(4)將該識別參數輸入該用戶端裝置之伺服 端存取介面以使該認證平台由該用戶端裝置掘取s亥加密 樓,俾該認證平台將該加密檔解密並取出該帳號資料以確 認該使用者的身份;以及(5)於該用戶端裝置請求該網路服 務平台提供特定服務時’將該識別碼輸入該用戶端裝置之 用戶端存取介面,於該識別碼確認無誤後對該加密標解密 以取出對應之帳號資料並傳予該認證平台進行確認或計 算。 相較於習知的技術,本發明之網站使用者身分認證系 統與方法解決了習知網站認證系統的缺點。本發明之網站 使用者身分認證系統與方法應用一種安全認證平台’當用 戶登入特定網站服務系統時,由此認證平台替代該網站服 務系統對使用者進行身分認證。透過於用戶端先行對身分 6 110956 201036397 \ 資料與識別碼進行加密以形成加密檔,待認證平台擷取加 密檔進行解碼及比對後,即可完成身分認證動作。由於用 戶身分資料須經加密及解密處理,其安全性自然比習知技 術要高。網站服務業者也無需另外建構認證機制。且於 一般的使用者,也可將多種網路服務網站的帳號設定為相 同的識別碼,提昇使用的便利性。駭客就算能取得使用者 的資料檔,也無法對該資料檔進行解密。另外,使用者可 針對同一網站的不同服務内容設定不同的識別碼,並將識 〇 別碼分別交給特定用戶。由於用戶僅能使用對應該識別碼 的服務内容,因此具體實現單一帳號可進行服務内容分級 與分類的功能。 【實施方式】 以下係藉由特定的具體實施例說明本發明之實施方 式,熟悉此技術之人士可由本說明書所揭示之内容輕易地 瞭解本發明之其他優點與功效。本發明亦可藉由其他不同 Q 的具體實施例加以施行或應用。 請參閱第1圖,其係本發明之網站使用者身分認證系 統的架構圖。如圖所示,本發明之網站使用者身分認證系 統係應用於網路系統10,包括用戶端裝置11、網路服務平 台12以及認證平台13。 網路系統10用以作為資料傳輸的媒介,其連結方式 可例如為採用有線式之ADSL或FTTB之網路連結及/或採 用無線式之網路連結。本發明之網路安全認證系統所採用 之架構為網際網路,但並不因而限制本發明之範圍,也就 i10956 201036397 是並不排除適用於如組織内網路系統、組織間網路系統、 區域網路系統、廣域網路系統或虛擬私人網路系統等網路 系統之可能性。 用戶端..裝置11係為可存取資料並進行資料處理之電 子設備,例如桌上型電腦、筆記型電腦、個人數位助理及/ 或行動電話。只要具有網路連線功能且具有資料處理與存 取功能之設備均可作為此處之用戶端裝置11。 網路服務平台12係提供使用者各種網路服務的網站 或伺服器,例如多媒體訊息提供網站、拍賣網站、電信服 務網站及/或金融服務網站。 認證平台13係用以對連結該網路服務平台12之該用 戶端裝置進行身分認證。 於用戶端裝置11中設置用戶端輸入介面110、資料加 密模組111、公開資訊介面112、伺服端存取介面113及用 戶端存取介面114。 本發明具體實施時,可包含三個認證階段。第一階段 為初始認證,使用者藉由用戶端裝置11之用戶端輸入介面 110輸入帳號資料,以將該帳號資料傳予認證平台13進行 初始認證,於認證平台13比對無誤後即通過初始認證,再 通知使用者輸入對應之識別碼。於使用者輸入帳號資料與 識別碼時,資料加密模組111會將該些資料形成加密檔並 儲存於該用戶端裝置11。 第二階段為登入認證,當使用者欲登入網路服務平台 12時,網路服務平台12會通知認證平台13對使用者進行 8 110956 201036397 ‘登入認證。此時,認證平台13透過公開資訊介面112擷取 儲存於用戶端裝置11之公開資訊,再透過預設之演算規則 計算出特定之識別參數,接著,認證平台13透過伺服端存 取介面114將該識別參數輸入以擷取該加密槽、。最後.,.對 該加密檔解密並取出該帳號資料進行比對,以確認該使用 者的身份。若確認身份無誤,即可告知網路服務平台接受 該使用者的登入。因此,於第二階段的認證中使用者無須 進行任何操作,皆由認證平台13自動進行。 ❹ 第三階段為識別碼認證,若使用者於該網路服務平台 12欲請求特定的服務時(例如消費),必須用戶端存取介面 114輸入識別碼,若用戶端裝置確認該識別碼輸入無誤, 則將加密檔傳予該認證平台13進行解密以對使用者進行 身份確認。例如於上述的消費動作,可由認證平台13將加 密檔解密取出銀行帳號資料或***資料,以將該些資料 告知網路服務平台12進行扣款,亦或是由認證平台13進 行扣款。 請參閱第2圖,其係本發明之網站使用者身分認證系 統一具體實施例。其中,而認證平台23復包含連線單元 230、應用管理單元231及資料庫單元232。 連線單元230係透過該網路系統20與用戶端裝置21 及網路服務平台22進行連結並傳遞資料。應用管理單元 231係用以提供使用者進行註冊及各項帳號資料的設定與 認證,以及擷取各項公開資訊、帳號資料、服務資料、識 別碼或加密檔。通常用戶端裝置21及網路服務平台的資料 II0956 201036397 可預先設定於認證平台23之資料庫單元232,當認證平台 23取得用戶端裝置21所提供之身分資料加密檔時,資料 庫單元232可將此加密檔解密以進行資料比對與認證。而 資料庫單元232也儲存用戶端裝置21與網路服務平台22 之各項帳號資料。其中,該帳號資料可為用戶端裝置21 之身分資料、身分識別碼、消費密碼、親子鎖、該網路服 務平台之帳號密碼及/或特定之網站服務内容。 於本實施例,首先,用戶端裝置21將各種身分資料 或帳號資料加密形成加密檔,接著,透過網路20連結該網 路服務平台22請求登入,此時網路服務平台22主動與認 證平台23之連線單元230連結並通知認證平台23對用戶 端裝置21進行身分認證。認證平台23透過連線單元230 主動與用戶端裝置21連線並利用應用管理單元231擷取其 加密檔,以將加密檔解密取得用戶身分資料。再透過資料 庫單元232比對身分資料以確認用戶端裝置21為合法用戶 後,將認證結果傳回該網路服務平台22使該平台允許用戶 端裝置21的登入並獲得使用授權。 請再參閱第3圖,係本發明之網站使用者身分認證系 統另一具體實施例。本實施例中包括用戶電腦31、影音服 務網站32a、拍賣網站32b、金融服務網站32c以及透過乙 太網路30連結之身分認證平台33。其中,用戶電腦31可 為不同或相同的使用者所有,而除了上述網站種類僅為一 範例說明,本發明可實施於各種不同種類的網站。 用戶電腦31中具有資料加密軟體,係用以將個別網 10 110956 201036397 ' 站的帳號、密碼、識別碼及身分資料進行加密。當網站需 要進行登入認證時5由第3圖之說明可知身分認證平台3 3 即可自動完成所有認證動作。身分認證平台3 3包含網頁連 .線主機33Q、用戶資料管理主機331以及資料庫.车機332, 用以提供用戶電腦31進行連線、註冊、資料設定、資料擷 取、身分認證及資料儲存。 具體實施時,須先進行初始認證。使用者於用戶電腦 31設定身分資料與對應影音服務網站32a、拍賣網站32b ❹及金融服務網站32c的帳號密碼,由身分認證平台33初始 認證通過後再設定一組識別碼,用以代替網站的帳號密 碼。用戶電腦31於儲存上述資料前必須先經加密動作,其 目的是防止資料傳輸時遭駭客攔截,故藉由加密來提昇資 料的安全性。完成加密並儲存後,即完成初始認證流程。 於登入認證流程,用戶電腦31可選擇透過乙太網路 30登入影音服務網站32a,此時影音服務網站32a會主動 q 與身分認證平台33連結並請求對用戶電腦31進行身分認 證。身分認證平台33以用戶資料管理主機331透過用戶電 腦31的介面擷取加密檔,並將該加密檔案解密以取得使用 者設定流程中所設定之身分資料。接著使資料庫主機332 將該身分資料進行比對或將身分資料傳回影音服務網站 32a進行比對。當確認用戶電腦31為合法用戶後,身分認 證平台33將認證結果傳回該影音服務網站32a使該網站允 許用戶電腦31的登入並獲得使用影音服務的授權。 該用戶電腦31於影音服務網站32a進行付費時,將 II0956 201036397 該識別碼輸入用戶電腦3】 心益抑m 1 用戶端存取介面,於該識別碼 確5忍無㈣料該身分認證平 以對使用者進行身份確切施 進打解山 气、俾於確認無誤後執行扣款作掌 或將扣款帳號資料交曲影立 L仃扣冰忭系 办曰服務網站32a執行扣 於一較佳實施例中, ^ ^ ^ „ 述之用戶電腦31於初始認證 流f壬中可设疋一親子銷,甘201036397, VI, invention description: [Technical field of invention] The present invention relates to a website user identity authentication system and method, and more specifically, an encrypted account data and identification code for identity authentication Website user identity authentication system and method. [Prior Art] The use of the Internet has become more and more popular. With the rapid development of the Internet, the construction and expansion of the Internet has gradually changed the behavior patterns of human beings. For example, 〇 Due to the popularity of the Internet, most users use the Internet to collect information, browse knowledge, purchase goods, work, discuss issues and make friends. As a result, a wide variety of Internet service platforms appear on the Internet, making it easier, faster, and more technologically responsive to interact with a variety of different online communities. Generally speaking, when users log in to the web service platform, they must first register the user account and set a password. When the user has the q account and password of most network service platforms, remembering a large number of accounts and passwords often causes problems for the user. . If the user sets the same account number and password, once the data is leaked (for example, the hacker steals the account or the fraudulent website steals the personal data), the illegal user can easily log in to the network with the account and password, and impersonate the user. The identity of doing business on the Internet, making friends or making speeches, causing great damage to real users. At present, the technology for automatically inputting accounts and passwords has a cookie or a registered machine code. However, such technology still has the possibility that the account and password are stolen. In addition to entering the account password, the user must enter additional authentication key when performing more important actions such as online transactions and payment on 3 11095b 201036397. Such complicated actions not only reduce the user's willingness to link to the website, but also affect the operation of the website. On the other hand, based on convenience and cost considerations, it is a trend for multiple users to share user accounts of the same website. However, the service content provided by the general website cannot be restricted by functions or usage rights of the same user account. Causes management inconvenience. For example, the audio and video service website cannot classify audio and video content for the same user account. Therefore, the minor children in the family can browse and download the video and audio data of the restricted level as long as they obtain the password of the parent user account. Therefore, when the parent manages the user account password, Inconvenience. However, the above conventional techniques have the following problems: (1) Insufficient security. The identity authentication mechanism built by the operators of the Internet service platform usually only uses complicated accounts and passwords to increase the difficulty of data theft. However, after continuous trial, the hacker may still find the method of cracking, which will affect The security of the web service platform. (2) Insufficient convenience. When a user logs in to a specific website, he or she needs to enter the account password of the specific website. However, when the user has the account password of most websites or the multiple passwords of the same website, how to find out the password of the account corresponding to the website is a major problem faced by the user of the particular website, and thus the use is not convenient. (3) Users cannot effectively manage the content of the website service. When multiple users share the same user account, the network service platform does not have a mechanism for categorizing or classifying the service content, and therefore cannot manage or restrict the user's rights or website service content. In summary, how to provide a website user identity authentication system and method that can solve the above-mentioned shortcomings of the prior art has become an urgent problem to be solved. In order to solve the above-mentioned shortcomings of the prior art, the present invention provides a website user identity authentication system, which is applied to a network system, and the website user identity authentication system includes: a client device; The network service platform connects the client device to the client device through the network system, and the authentication platform connects the client device and the network service through the network system. a platform, wherein the client device performs login authentication on the client device when the client device logs in to the network service platform, wherein the client device includes: a user input interface for providing a user input account Data, the account data is transmitted to the authentication platform for initial authentication, and the user input Q identification code is provided after the initial authentication; the data encryption module is configured to form the account data and the identification code input by the user. Encrypting files are stored in the client device; a public information interface is used to log in to the network service platform of the client device When the authentication platform performs login authentication, the public information of the client is provided to the authentication platform, so that the authentication platform calculates the identification parameter through a preset rule; the server access interface is used to provide the authentication platform input. The identification parameter is such that the authentication platform retrieves the encrypted file from the client device, the authentication platform decrypts the encrypted file and extracts the account data to confirm the identity of the user; and the user access interface is used for When the client device requests 5 110956 201036397, the network service platform provides a specific service, and the user is provided to input the identification code, and after the identification code is confirmed, the encrypted file is transmitted to the authentication platform for decryption for use. Confirmation of identity. The invention further provides a website user identity authentication method, which is applied to a network system, and the website user identity authentication method comprises: (1) inputting account data into a user input interface of the user device to use the account data. Pass the authentication platform to the initial authentication, and then input the identification code after the initial authentication; (2) form the encrypted account file and the identification code into the client device; (3) log in to the user device. When the login authentication is performed by the authentication platform to the network service platform, the public information of the client device is transmitted to the authentication platform, so that the authentication platform calculates the identification parameter through a preset rule; (4) the identification parameter Entering a server access interface of the client device, so that the authentication platform is hacked by the client device, and the authentication platform decrypts the encrypted file and retrieves the account data to confirm the identity of the user; And (5) inputting the identification code into the client of the client device when the client device requests the network service platform to provide a specific service Take interface standard to confirm correct and decrypting the encrypted identification code to the extracted information corresponding to the account number and transmitted to the authentication confirmation or computer platform. Compared with the prior art, the website user identity authentication system and method of the present invention solves the shortcomings of the conventional website authentication system. The website user authentication system and method of the present invention employs a secure authentication platform. When a user logs into a specific website service system, the authentication platform replaces the website service system to authenticate the user. Through the user's first access to the identity 6 110956 201036397 \ data and identification code encryption to form an encrypted file, after the authentication platform captures the encryption file for decoding and comparison, the identity authentication action can be completed. Since user identity data must be encrypted and decrypted, its security is naturally higher than that of conventional technology. Website service providers do not need to construct an additional authentication mechanism. For ordinary users, the accounts of various Internet service websites can also be set to the same identification code to improve the convenience of use. Even if the hacker can obtain the user's data file, the data file cannot be decrypted. In addition, the user can set different identification codes for different service contents of the same website, and hand the identification codes to specific users. Since the user can only use the service content corresponding to the identification code, the function of classifying and classifying the service content can be realized by implementing a single account. [Embodiment] The embodiments of the present invention are described below by way of specific embodiments, and those skilled in the art can readily understand other advantages and effects of the present invention from the disclosure. The invention may also be embodied or applied by other specific embodiments of Q. Please refer to Fig. 1, which is a block diagram of the website user identity authentication system of the present invention. As shown, the website user identity authentication system of the present invention is applied to the network system 10, including the client device 11, the network service platform 12, and the authentication platform 13. The network system 10 is used as a medium for data transmission, and may be connected by, for example, a wired ADSL or FTTB network connection and/or a wireless network connection. The architecture adopted by the network security authentication system of the present invention is an internet network, but does not limit the scope of the present invention. Therefore, i10956 201036397 does not exclude application to an intra-organizational network system, an inter-organizational network system, The possibility of a network system such as a local area network system, a wide area network system or a virtual private network system. The client device 11 is an electronic device that can access data and process data, such as a desktop computer, a notebook computer, a personal digital assistant, and/or a mobile phone. Any device having a network connection function and having data processing and access functions can be used as the client device 11 herein. The web service platform 12 is a website or server that provides users with various web services, such as a multimedia message providing website, an auction website, a telecommunications service website, and/or a financial service website. The authentication platform 13 is used for identity authentication of the user device connected to the network service platform 12. A client input interface 110, a data encryption module 111, a public information interface 112, a server access interface 113, and a user access interface 114 are provided in the client device 11. When the invention is embodied, three authentication stages may be included. The first stage is the initial authentication. The user inputs the account data through the user input interface 110 of the client device 11 to transmit the account data to the authentication platform 13 for initial authentication. After the authentication platform 13 is correct, the user passes the initial authentication. After the authentication, the user is notified to input the corresponding identification code. When the user inputs the account data and the identification code, the data encryption module 111 forms the encrypted file and stores it in the client device 11. The second stage is login authentication. When the user wants to log in to the network service platform 12, the network service platform 12 notifies the authentication platform 13 to perform 8110956 201036397 ‘login authentication. At this time, the authentication platform 13 retrieves the public information stored in the client device 11 through the public information interface 112, and then calculates a specific identification parameter through a preset calculation rule. Then, the authentication platform 13 passes through the server access interface 114. The identification parameter is input to capture the encryption slot. Finally, the encrypted file is decrypted and the account data is retrieved for comparison to confirm the identity of the user. If you confirm your identity, you can tell the web service platform to accept the user's login. Therefore, the user does not need to perform any operations in the second stage of authentication, and the authentication platform 13 automatically performs the operation. ❹ The third stage is the identification code authentication. If the user wants to request a specific service (for example, consumption), the user access interface 114 must input the identification code, if the user equipment confirms the identification code input. If not, the encrypted file is transmitted to the authentication platform 13 for decryption to confirm the identity of the user. For example, in the above-mentioned consumption action, the authentication platform 13 may decrypt the encrypted file to take out the bank account data or the credit card data, so as to inform the network service platform 12 of the deduction, or the debit payment by the authentication platform 13. Please refer to FIG. 2, which is a specific embodiment of the website user identity authentication system of the present invention. The authentication platform 23 further includes a connection unit 230, an application management unit 231, and a database unit 232. The connection unit 230 connects to the client device 21 and the network service platform 22 through the network system 20 and transmits the data. The application management unit 231 is used to provide users with registration and setting and authentication of various account materials, as well as to retrieve various public information, account information, service materials, identification codes or encrypted files. Generally, the data of the client device 21 and the network service platform II0956 201036397 may be preset in the database unit 232 of the authentication platform 23. When the authentication platform 23 obtains the encrypted file of the identity data provided by the client device 21, the database unit 232 may Decrypt this encrypted file for data comparison and authentication. The database unit 232 also stores various account materials of the client device 21 and the network service platform 22. The account information may be the identity data of the client device 21, the identity identifier, the consumption password, the parent-child lock, the account password of the network service platform, and/or the specific website service content. In this embodiment, first, the client device 21 encrypts various identity data or account data to form an encrypted file, and then connects to the network service platform 22 through the network 20 to request login. At this time, the network service platform 22 actively and the authentication platform. The connection unit 230 of 23 is connected and notifies the authentication platform 23 to perform identity authentication on the client device 21. The authentication platform 23 actively connects with the client device 21 through the connection unit 230 and retrieves the encrypted file by using the application management unit 231 to decrypt the encrypted file to obtain the user identity data. After the database unit 232 compares the identity data to confirm that the client device 21 is a legitimate user, the authentication result is transmitted back to the network service platform 22 to enable the platform to allow the user device 21 to log in and obtain the use authorization. Please refer to FIG. 3 again, which is another specific embodiment of the website user identity authentication system of the present invention. The embodiment includes a user computer 31, an audio-visual service website 32a, an auction website 32b, a financial service website 32c, and an identity authentication platform 33 connected via the Ethernet 30. The user computer 31 can be owned by different or the same users, and the present invention can be implemented in various kinds of websites in addition to the above-mentioned website types. The user computer 31 has data encryption software for encrypting the account number, password, identification code and identity data of the individual network 10 110956 201036397 ' station. When the website needs to perform login authentication, 5 by the description in Figure 3, the identity authentication platform 3 3 can automatically complete all authentication actions. The identity authentication platform 3 3 includes a webpage connection host 33Q, a user data management host 331, and a database. The vehicle 332 is configured to provide the user computer 31 for connection, registration, data setting, data retrieval, identity authentication, and data storage. . For specific implementation, initial certification is required. The user sets the identity data and the account passwords of the corresponding audio-visual service website 32a, the auction website 32b, and the financial service website 32c on the user computer 31, and then sets a group of identification codes after the initial authentication by the identity authentication platform 33 to replace the website. account password. The user computer 31 must be encrypted before storing the above data. The purpose of the user computer 31 is to prevent the hacker from intercepting the data, so the security of the data is enhanced by encryption. Once the encryption is complete and stored, the initial certification process is completed. During the login authentication process, the user computer 31 can choose to log in to the video service website 32a via the Ethernet 30. At this time, the video service website 32a will actively connect with the identity authentication platform 33 and request identity authentication for the user computer 31. The identity authentication platform 33 retrieves the encrypted file from the user data management host 331 through the interface of the user computer 31, and decrypts the encrypted file to obtain the identity data set in the user setting process. The database host 332 then compares the identity data or transmits the identity data back to the video service website 32a for comparison. When it is confirmed that the user computer 31 is a legitimate user, the identity authentication platform 33 transmits the authentication result back to the video service website 32a so that the website allows the user computer 31 to log in and obtain authorization to use the video service. When the user computer 31 pays on the audio-visual service website 32a, the identification code of II0956 201036397 is input into the user computer 3], and the user access interface is used, and the identification code is confirmed to be 5 (4). The user is given the exact identity to solve the problem, and after confirming the correctness, the deduction will be executed or the debit account information will be handed over to the L. In the embodiment, ^ ^ ^ „ the user computer 31 can set a parent-child pin in the initial authentication flow f壬,
Hg^,air,.. ,、中该親子鎖係一種對應該影音 服務網站32a不同影音服游^ θ服務的認證識別碼。例如,影音服 務網站32a提供多種不回接 ’ 、, 门種痛的影片’由於限制級的影片 並不適合未成年人觀嘗, 口此使用者可針對同一個影音服 務’周站32a的帳號’依據不同的服務内容設定不同的識別 碼。親子鎖可設定限制使用者收看色情 '暴力等影片,因 此父母親可利用親子鎖㈣定達成影片分級與管制的效 果。 參閱第4圖,係本發明之網站使用者身分認證方法的 流程圖。如圖料,此㈣使用者身分魏线係應用於 上述之網站使用者身分認證系統中,其包括以下的步驟。 於步驟S40中,將帳號資料輸入用戶端裝置之用戶端 輪入介面,以將該帳號資料傳予認證平台進行初始認證, 並於通過初始認證後再輸入識別碼。用戶端裝置可為桌上 型電腦、筆記犁電腦、個人數位助理及/或行動電話。網路 系統可為網際網路、組織内網路系統、組織間網路系統、 區域網路系統、廣域網路系統及/或虛擬私人網路系統。接 著進至步驟S41。 於步驟S41中,將所輸入的帳號資料與識別碼形成加 110956 12 201036397 密槽並儲存於用戶端裝置。接者進至步驟S42。 於步驟S42中,於該兩戶端裝置登入至網路服務平台 而由認證平台進行登入認證時,將該用戶端裝置之公開資 訊傳予該認證果台,以由輩認證平台透過預設之規則計算 出識別參數。網路服務平台可為拍賣網站、交友網站、影 音服務網站、電信服務網站及/或金融服務網站等。接著進 至步驟S43。 於步驟S43中,將該識別參數輪入該用戶端裝置之祠 服端存取介面以使該認證平台由該用戶端裂置搁取該加密 標,俾該認證平台將該加密播解密並取出該帳號資料以確 認該使用者的身份。接著進至步驟S44。 於步驟S44中,於該用戶端農置請求該網路服務平台 提供特定服務時,將該識別碼輸入該用戶端裝置之用戶端 存取介面,於該識別碼確認無誤後將該加密稽傳予該認證 平台進行解密以對使用者進行身份確認。 〇 參閱第5圖,係本發明之網站使用者身分認證方法一 具體實施例的流程圖。 步驟S50中,使用者於初始認證時設定登入影音服務 網站的識別碼、消費密碼、身份資料及限制特定内容之親 子鎖。於較佳的實施例中,使用者可針對限制級的影音内 容設定親子鎖。接著進至步驟S51。 於步驟S51中,使用者進行帳號資料加密並將加密後 之加密檔儲存於用戶端裝置。接著進至步驟S52。 於步驟S52中’使用者連結該影音服務網站。然而影 Π0956 201036397 音服務網站僅為一範例,本發明之方法可應用於不同種類 的網路服務平台,例如拍賣網站、電信服務網站及/或金融 服務網站。接著進至步驟S53。 於步驟S53中,影音服務網站請求認證平台對使_用-者 進行登入認證。接著進至步驟S54。 於步驟S54中,認證平台由用戶端裝置擷取加密檔。 接著進至步驟S55。 於步驟S55中,認證平台將加密檔解密以取出帳號資 料並與儲存於資料庫之身份資料進行比對與驗證。接著進 至步驟S 5 6。 於步驟S56中,通過驗證後,認證系統將認證結果傳 給影音服務網站,完成使用者授權。使用者即可任意使用 影音服務網站的内容。於一較佳實施例,使用者可預先設 定付費資料(如金融卡帳號、***號或轉帳帳號)並加 密,接著設定一對應之付費密碼。當影音服務網站要求使 用者付費時,透過本發明之認證平台,使用者只須輸入付 費密碼,認證平台即可主動擷取付費加密資料檔並對其解 密以獲得付費資料,並通知影音服務網站完成付費動作。 因此,透故上述實施例的說明可知本發明之網站使用 者身分認證系統與方法能適用於不同的網路服務平台,並 提供一種整合式的認證方法,確保使用者連結網路服務平 台時的安全性及方便性,並提供使用者對於特定網站服務 内容的限制與管理。 透過前述本發明之網站使用者身分認證系統與方 14 110956 201036397 法,可實現以下功效。 (1)透過加密方式解決身分資料外汽時所產生的資訊 安全風險。 … (2)利甩單一 线別碼替代網站的帳號密碼以增加使用 者進行身分認證時的便利性。 (3)針對不同網站服務内容設定不同的認證碼以便利 使用者管理與限制特定網站服務内容。 綜上所述,本發明之網站使用者身分認證系統與方 〇 法,提供一種能適用於不同網路服務平台之身分認證系 統,能減少一般網路服務之用戶須記憶並輸入多種不同帳 號密碼的不便利性,利用資料加解密的機制降低個人身分 資料外洩所產生之資訊安全風險以及提供使用者針對特定 網站服務内容作分級與管理。 上述實施例僅為例示性說明本發明之原理及其功 效,而非用於限制本發明。任何熟習此項技術之人均可在 Q 不違背本發明之精神及範疇下,對上述實施例進行修飾與 變化。 【圖式簡單說明】 第1圖為本發明之網站使用者身分認證系統之架構 圖; 第2圖為本發明之網站使用者身分認證系統一具體實 施例之架構圖; 第3圖為本發明之網站使用者身分認證系統另一具體 實施例之架構圖; 15 110956 201036397 第4圖為本發明之網站使用者身分認證方法的流程 圖;以及 第5圖為本發明之網站使用者身分認證方法一具體實 施例的流程圖。..... - 【主要元件符號說明】 10 網路系統 11 用戶端裝置 110 用戶端輸入介面 111 貢料加密权組 112 公開資訊介面 113 伺服端存取介面 114 用戶端存取介面 12 網路服務平台 13 認證平台 20 網路系統 21 用戶端裝置 22 網路服務平台 23 認證平台 230 連線單元 231 應用管理單元 232 資料庫單元 30 乙太網路 31 用戶電腦 32a 影音服務網站 16 110956 201036397 32b 拍賣網站 32c 金融服務網站 33 身分認證平台 330 網頁.連線主機 331 用戶資料管理主機 332 資料庫主機 S40 〜S44 步驟 S50〜S56 步驟 οHg^,air,..,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, For example, the video service website 32a provides a variety of films that do not answer back, and the door pains. Because the restricted-level videos are not suitable for minors, the user can serve the same video service '周站32a's account'. Set different identification codes according to different service contents. Parent-child locks can be set to restrict users from watching pornographic videos such as violence, so parents can use parent-child locks (4) to achieve the effect of film grading and regulation. Referring to Figure 4, there is shown a flow chart of a method for authenticating a user identity of a website of the present invention. As shown in the figure, the (4) user identity Wei line is applied to the above-mentioned website user identity authentication system, which includes the following steps. In step S40, the account data is input into the client wheeling interface of the client device, and the account data is transmitted to the authentication platform for initial authentication, and the identifier is input after the initial authentication. The client device can be a desktop computer, a note plow computer, a personal digital assistant, and/or a mobile phone. The network system can be an internet network, an intra-organizational network system, an inter-organizational network system, a regional network system, a wide area network system, and/or a virtual private network system. Then, the process proceeds to step S41. In step S41, the input account data and the identification code are formed into a 110956 12 201036397 slot and stored in the client device. The process proceeds to step S42. In step S42, when the two-terminal device logs in to the network service platform and the login authentication is performed by the authentication platform, the public information of the user device is transmitted to the authentication fruit station, and the generation authentication platform transmits the preset information. The rules calculate the identification parameters. The web service platform can be an auction website, a dating website, a video service website, a telecommunications service website, and/or a financial service website. Then, it proceeds to step S43. In step S43, the identification parameter is rounded into the server access interface of the client device, so that the authentication platform is detached by the client to obtain the encryption target, and the authentication platform decrypts and retrieves the encryption. The account information is used to confirm the identity of the user. Then it proceeds to step S44. In step S44, when the user terminal requests the network service platform to provide a specific service, the identifier is input into the client access interface of the client device, and the encrypted message is transmitted to the client after the identifier is confirmed. The authentication platform decrypts to authenticate the user.参阅 Referring to FIG. 5, it is a flowchart of a specific embodiment of a method for authenticating a website user identity of the present invention. In step S50, the user sets the identification code, the consumption password, the identity data, and the parental lock that restricts the specific content at the initial authentication. In a preferred embodiment, the user can set a parent-child lock for the video content of the restricted level. Then it proceeds to step S51. In step S51, the user encrypts the account data and stores the encrypted encrypted file in the client device. Then it proceeds to step S52. In step S52, the user connects to the video service website. However, the audio service website of the 0956 201036397 is only an example, and the method of the present invention can be applied to different kinds of network service platforms, such as auction websites, telecommunication service websites, and/or financial service websites. Then it proceeds to step S53. In step S53, the video service website requests the authentication platform to perform login authentication for the user. Then it proceeds to step S54. In step S54, the authentication platform retrieves the encrypted file from the client device. Then it proceeds to step S55. In step S55, the authentication platform decrypts the encrypted file to retrieve the account data and compare and verify the identity data stored in the database. Then, it proceeds to step S56. In step S56, after passing the verification, the authentication system transmits the authentication result to the video service website to complete the user authorization. Users can use the content of the audio and video service website freely. In a preferred embodiment, the user can pre-set payment data (such as a financial card account number, credit card number, or transfer account number) and encrypt it, and then set a corresponding paying password. When the video service website requires the user to pay, through the authentication platform of the present invention, the user only needs to input the payment password, and the authentication platform can actively retrieve the encrypted encrypted data file and decrypt it to obtain the paid data, and notify the video service website. Complete the payment action. Therefore, the description of the above embodiments shows that the website user identity authentication system and method of the present invention can be applied to different network service platforms, and provides an integrated authentication method to ensure that users connect to the network service platform. Security and convenience, and provide users with restrictions and management of the content of specific website services. Through the foregoing website user identity authentication system of the present invention and the method of the party 14 110956 201036397, the following effects can be achieved. (1) Information security risks arising from the use of encryption to resolve the identity of foreign trade. ... (2) Leo single line code replaces the account password of the website to increase the convenience of the user for identity authentication. (3) Different authentication codes are set for different website service contents to facilitate user management and restriction of specific website service contents. In summary, the website user identity authentication system and the method of the method of the present invention provide an identity authentication system that can be applied to different network service platforms, and users who can reduce the general network service must memorize and input a plurality of different account passwords. The inconvenience of using data encryption and decryption mechanism to reduce the information security risks arising from the leakage of personal identity data and to provide users with the classification and management of specific website service content. The above embodiments are merely illustrative of the principles and effects of the invention and are not intended to limit the invention. Modifications and variations of the above-described embodiments can be made by those skilled in the art without departing from the spirit and scope of the invention. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a structural diagram of a website user identity authentication system of the present invention; FIG. 2 is an architectural diagram of a specific embodiment of a website user identity authentication system of the present invention; FIG. 4 is a flowchart of a method for authenticating a website user identity according to the present invention; and FIG. 5 is a method for authenticating a website user identity according to the present invention; A flow chart of a specific embodiment. ..... - [Main component symbol description] 10 Network system 11 Client device 110 Client input interface 111 Accession encryption group 112 Public information interface 113 Servo access interface 114 Client access interface 12 Network Service platform 13 Authentication platform 20 Network system 21 Client device 22 Network service platform 23 Authentication platform 230 Connection unit 231 Application management unit 232 Database unit 30 Ethernet 31 User computer 32a Video service website 16 110956 201036397 32b Auction Website 32c Financial Services Website 33 Identity Authentication Platform 330 Web Page. Connection Host 331 User Data Management Host 332 Database Host S40 ~ S44 Steps S50 ~ S56 Step ο