TWI838149B - Secure enabling system and method for enterprise authentication - Google Patents
Secure enabling system and method for enterprise authentication Download PDFInfo
- Publication number
- TWI838149B TWI838149B TW112107965A TW112107965A TWI838149B TW I838149 B TWI838149 B TW I838149B TW 112107965 A TW112107965 A TW 112107965A TW 112107965 A TW112107965 A TW 112107965A TW I838149 B TWI838149 B TW I838149B
- Authority
- TW
- Taiwan
- Prior art keywords
- terminal device
- key
- fido2
- dedicated terminal
- authentication
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims abstract description 26
- 230000004913 activation Effects 0.000 claims abstract description 54
- 238000012795 verification Methods 0.000 claims abstract description 36
- 238000012552 review Methods 0.000 claims description 12
- 230000005540 biological transmission Effects 0.000 claims description 4
- 238000010586 diagram Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 5
- 101001121408 Homo sapiens L-amino-acid oxidase Proteins 0.000 description 4
- 102100026388 L-amino-acid oxidase Human genes 0.000 description 4
- 238000013475 authorization Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 230000007613 environmental effect Effects 0.000 description 2
- 230000007246 mechanism Effects 0.000 description 2
- 101000827703 Homo sapiens Polyphosphoinositide phosphatase Proteins 0.000 description 1
- 102100023591 Polyphosphoinositide phosphatase Human genes 0.000 description 1
- 101100012902 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) FIG2 gene Proteins 0.000 description 1
- 101100233916 Saccharomyces cerevisiae (strain ATCC 204508 / S288c) KAR5 gene Proteins 0.000 description 1
- 230000003213 activating effect Effects 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 235000014510 cooky Nutrition 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
Description
本發明是有關於一種安全啟用系統及其方法,且特別是有關於一種企業認證的安全啟用系統及其方法。The present invention relates to a security activation system and method thereof, and in particular to an enterprise-certified security activation system and method thereof.
網路服務興起後的線上登入認證機制發展,一直在演進,僅憑單一密碼認證已不夠周全,企業為了增強內部資安的管理,單純使用帳號密碼,已經無法正確識別使用者身分。近幾年,提倡「無密碼時代」,使用者不再需要輸入繁瑣的密碼,改為以生物辨識、SMS驗證碼簡訊、輸入PIN碼等方式,解決密碼不安全的問題。但即使如此,都仍存在冒用的問題。After the rise of Internet services, the development of online login authentication mechanisms has been evolving. Authentication based on a single password is no longer comprehensive. In order to enhance internal information security management, companies have been unable to correctly identify users simply by using account passwords. In recent years, the "password-free era" has been promoted. Users no longer need to enter cumbersome passwords. Instead, they use biometrics, SMS verification code text messages, PIN code input, etc. to solve the problem of password insecurity. But even so, there is still the problem of fraudulent use.
本發明提供一種企業認證的安全啟用系統及其方法,利用專屬終端設備才能啟動已完成個人化設定但未啟用與綁定的認證器(EA token),確保認證器安全啟用,且透過金鑰綁定模組進行身份認證,避免重要資訊在未授權下的情況下,被無意或惡意地被讀取、使用甚至是變更等狀況。The present invention provides a secure activation system and method for enterprise authentication, which uses a dedicated terminal device to activate an EA token that has completed personalized settings but is not activated and bound, ensuring the secure activation of the authenticator, and performs identity authentication through a key binding module to prevent important information from being accidentally or maliciously read, used, or even changed without authorization.
本發明的一種企業認證的安全啟用系統,包括註冊於專屬終端設備管控系統之專屬終端設備、實名認證管控系統、FIDO2(Fast IDentity Online2)伺服器以及金鑰管控裝置。專屬終端設備包括專屬終端設備管控元件。金鑰管控裝置分別與專屬終端設備、專屬終端設備管控系統、實名認證管控系統、以及FIDO2伺服器通訊連接。其中,專屬終端設備經由專屬終端設備管控元件傳送身分驗證請求至金鑰管控裝置,金鑰管控裝置依據身分驗證請求以及實名認證管控系統驗證專屬終端設備的使用者身分,且令專屬終端設備取得登入金鑰管控裝置的終端設備有效性,金鑰管控裝置經由專屬終端設備通訊連接至近端身分認證行動裝置,金鑰管控裝置利用近端身分認證行動裝置進行FIDO2識別認證,以取得專屬終端設備註冊於專屬終端設備管控系統時綁定的FIDO2金鑰,並依據FIDO2金鑰產製FIDO2封包,並且金鑰管控裝置傳送FIDO2封包至FIDO2伺服器進行驗證,以於驗證FIDO2封包有效時生成啟用資訊至專屬終端設備,同時發送認證器密碼至使用者。其中,使用者輸入認證器密碼至專屬終端設備以生成金鑰註冊資訊,專屬終端設備經由金鑰管控裝置向FIDO2 伺服器進行驗證,以驗證FIDO2封包有效,並且確認啟用資訊及金鑰註冊資訊後執行認證器金鑰綁定操作,以啟用認證器。The enterprise authentication security activation system of the present invention includes a dedicated terminal device registered in a dedicated terminal device control system, a real-name authentication control system, a FIDO2 (Fast IDentity Online2) server, and a key control device. The dedicated terminal device includes a dedicated terminal device control element. The key control device is respectively connected to the dedicated terminal device, the dedicated terminal device control system, the real-name authentication control system, and the FIDO2 server. The dedicated terminal device transmits an identity verification request to the key control device via the dedicated terminal device control component. The key control device verifies the user identity of the dedicated terminal device based on the identity verification request and the real-name authentication control system, and enables the dedicated terminal device to obtain the terminal device validity of logging into the key control device. The key control device is connected to the proximal identity authentication mobile device via the dedicated terminal device communication. The key control device uses the proximal identity The authentication mobile device performs FIDO2 identification authentication to obtain the FIDO2 key bound when the dedicated terminal device is registered in the dedicated terminal device control system, and generates a FIDO2 packet based on the FIDO2 key. The key control device transmits the FIDO2 packet to the FIDO2 server for verification. When the FIDO2 packet is verified to be valid, activation information is generated to the dedicated terminal device, and the authenticator password is sent to the user at the same time. The user enters the authenticator password into the dedicated terminal device to generate key registration information. The dedicated terminal device authenticates the FIDO2 server through the key control device to verify that the FIDO2 package is valid, and after confirming the activation information and key registration information, performs the authenticator key binding operation to activate the authenticator.
本發明的一種企業認證的安全啟用方法,包括:註冊於一專屬終端設備管控系統之專屬終端設備經由專屬終端設備的專屬終端設備管控元件傳送身分驗證請求至金鑰管控裝置;金鑰管控裝置依據身分驗證請求以及與金鑰管控裝置通訊連接的實名認證管控系統驗證專屬終端設備的使用者身分,且令專屬終端設備取得登入金鑰管控裝置的終端設備有效性;金鑰管控裝置利用近端身分認證行動裝置進行FIDO2(Fast IDentity Online2)識別認證,以取得專屬終端設備註冊於專屬終端設備管控系統時綁定的FIDO2金鑰,並依據FIDO2金鑰產製FIDO2封包;金鑰管控裝置傳送FIDO2封包至FIDO2伺服器進行驗證,以於驗證FIDO2封包有效時生成啟用資訊至專屬終端設備,同時發送認證器密碼至使用者;使用者輸入認證器密碼至專屬終端設備以生成金鑰註冊資訊;以及FIDO2伺服器對FIDO2封包進行驗證,以驗證FIDO2封包有效,並且確認啟用資訊及金鑰註冊資訊後執行認證器金鑰綁定操作,以啟用認證器。The invention discloses a method for secure activation of enterprise authentication, comprising: a dedicated terminal device registered in a dedicated terminal device control system transmits an identity verification request to a key control device via a dedicated terminal device control component of the dedicated terminal device; the key control device verifies the user identity of the dedicated terminal device according to the identity verification request and the real-name authentication control system connected to the key control device, and enables the dedicated terminal device to obtain the terminal device validity of logging into the key control device; the key control device uses a proximal identity authentication mobile device to perform FIDO2 (Fast IDentity Online2) identification and authentication to obtain the FIDO2 key bound when the dedicated terminal device is registered in the dedicated terminal device management system, and generate a FIDO2 package based on the FIDO2 key; the key management device transmits the FIDO2 package to the FIDO2 server for verification, and generates activation information to the dedicated terminal device when the FIDO2 package is verified to be valid, and sends the authenticator password to the user at the same time; the user enters the authenticator password to the dedicated terminal device to generate key registration information; and the FIDO2 server verifies the FIDO2 package to verify that the FIDO2 package is valid, and after confirming the activation information and key registration information, performs the authenticator key binding operation to activate the authenticator.
基於上述,本發明提供一種企業認證的安全啟用系統及其方法,利用專屬終端設備才能啟動已完成個人化設定但未啟用與綁定的認證器(EA token),不僅確保認證器安全啟用,且透過金鑰綁定模組進行身份認證,避免重要資訊在未授權下的情況下,被無意或惡意地被讀取、使用甚至是變更等狀況,而對資訊進行保護、授權使用,在安全特定的環境下執行身分認證達到雙重身份審核及防止假冒本人使用專屬終端設備之目的,即使非法取得其設備或是資料,也無法輕易啟用,並且結合標準FIDO2認證流程,不僅更具有擴展性,可供企業快速導入,省去研發資源及人力成本,大幅提升企業管理和IT安全方面的服務。Based on the above, the present invention provides a secure activation system and method for enterprise authentication, which uses a dedicated terminal device to activate an authenticator (EA) that has completed personalized settings but is not activated and bound. Token) not only ensures the safe activation of the authenticator, but also performs identity authentication through the key binding module to prevent important information from being read, used or even changed unintentionally or maliciously without authorization, and protects and authorizes the use of information. Identity authentication is performed in a secure and specific environment to achieve double identity review and prevent the use of exclusive terminal devices by impersonating the person. Even if the device or data is illegally obtained, it cannot be easily activated. In addition, combined with the standard FIDO2 authentication process, it is not only more scalable, but also can be quickly introduced by enterprises, saving R&D resources and labor costs, and greatly improving enterprise management and IT security services.
為讓本發明的上述特徵和優點能更明顯易懂,下文特舉實施例,並配合所附圖式作詳細說明如下。In order to make the above features and advantages of the present invention more clearly understood, embodiments are specifically cited below and described in detail with reference to the accompanying drawings.
本發明的部份實施例接下來將會配合附圖來詳細描述,以下的描述所引用的元件符號,當不同附圖出現相同的元件符號將視為相同或相似的元件。這些實施例只是本發明的一部份,並未揭示所有本發明的可實施方式。Some embodiments of the present invention will be described in detail below with reference to the accompanying drawings. When the same element symbols appear in different drawings, they will be regarded as the same or similar elements. These embodiments are only part of the present invention and do not disclose all possible implementations of the present invention.
圖1是依照本發明的一實施例的一種企業認證的安全啟用系統的示意圖。FIG1 is a schematic diagram of an enterprise-certified security activation system according to an embodiment of the present invention.
請參照圖1,企業認證的安全啟用系統10為在限制環境條件(例如有安裝防毒軟體、有安裝OS更新、使用內部網路等)下開通的一種FIDO企業型認證器使用機制,企業認證的安全啟用系統10可包括註冊於專屬終端設備管控系統104之專屬終端設備102、實名認證管控系統103、FIDO2(Fast IDentity Online2)伺服器105以及金鑰管控裝置101。Please refer to FIG1 . The enterprise-authenticated
其中,專屬終端設備102包括專屬終端設備管控元件1021。在一實施例中,專屬終端設備102可以是桌上型電腦、筆記型電腦或智慧型行動裝置。專屬終端設備102為執行於已註冊專屬終端設備管控系統104通過終端設備審核之設備,專屬終端設備102裝載可識別環境資訊之工具,定時掃瞄環境狀態是否符合安全規範,並先於專屬終端設備管控系統104進行註冊、授權給特定使用者,以及時時更新終端裝置有效性。The dedicated
金鑰管控裝置101分別與專屬終端設備102、實名認證管控系統103、專屬終端設備管控系統104、以及FIDO2伺服器105通訊連接。其中,金鑰管控裝置可包括實名審核模組1011、終端設備審核模組1012、金鑰密碼發行模組1013以及金鑰綁定模組1014。實名審核模組1011、終端設備審核模組1012、金鑰密碼發行模組1013以及金鑰綁定模組1014可透過軟體、韌體、硬體電路的其中之一或其任意組合來實作,且本揭露不對實名審核模組1011、終端設備審核模組1012、金鑰密碼發行模組1013以及金鑰綁定模組1014的實作方式作出限制。The
專屬終端設備102經由專屬終端設備管控元件1021傳送身分驗證請求至金鑰管控裝置101,金鑰管控裝置101的實名審核模組1011通訊連接至實名認證管控系統103,依據身分驗證請求以及實名認證管控系統103驗證專屬終端設備102的使用者身分。終端設備審核模組1012通訊連接至專屬終端設備管控系統104,且終端設備審核模組1012與實名審核模組1011電性連接,以令專屬終端設備102取得登入金鑰管控裝置101的終端設備有效性。The dedicated
金鑰管控裝置101採多因子認證(MFA),經由專屬終端設備102通訊連接至近端身分認證行動裝置106,金鑰管控裝置101透過藍牙低功耗(Bluetooth Low Energy,BLE)傳輸協定觸發近端身分認證行動裝置106進行FIDO2識別認證,以取得專屬終端設備102註冊於專屬終端設備管控系統104時綁定的FIDO2金鑰,並依據FIDO2金鑰產製FIDO2封包,並且金鑰管控裝置101傳送FIDO2封包至FIDO2伺服器105進行驗證。The
其中FIDO2識別認證可包括指紋辨識、聲音辨識或輸入裝置 PIN碼的認證方式。本發明並不以此為限。金鑰管控裝置101透過個人行動裝置106經由上述認證方式進行身份認證,可證明為本人操作專屬終端設備102,不僅結合標準FIDO2認證流程,具有擴展性,且開發者不需考慮系統相容問題,讓企業快速導入,省去研發資源及人力成本,大幅提升企業管理和IT安全方面的服務。FIDO2 identification authentication may include fingerprint recognition, voice recognition or device PIN code input authentication methods. The present invention is not limited to this. The
金鑰密碼發行模組1013與終端設備審核模組1012電性連接,用以於驗證FIDO2封包有效時生成啟用資訊至專屬終端設備102,同時金鑰密碼發行模組1013發送認證器密碼至使用者108。在一實施例中,啟用資訊儲存於專屬終端設備102的用戶端瀏覽器(cookie)中。啟用資訊可包括安全金鑰啟用碼,用戶登入狀態以及終端設備有效性。本發明並不以此為限。The key and password issuing
金鑰綁定模組1014與金鑰密碼發行模組1013電性連接,用以執行認證器金鑰綁定操作,以啟用認證器107。The
具體而言,使用者108持配發的認證器107於專屬終端設備102,輸入認證器(EA token)密碼至專屬終端設備102以生成金鑰註冊資訊,專屬終端設備102經由金鑰管控裝置101向FIDO2 伺服器105進行驗證,以驗證FIDO2封包有效,並且確認啟用資訊及金鑰註冊資訊後執行認證器金鑰綁定操作,以啟用認證器107。上述啟用認證器的流程採用單向共享密鑰認證(Challenge/ Response),若安全金鑰啟用碼(access token)在傳輸時被攔截或從裝置裡被竊取使用時,因非原身分認證請求之專屬終端設備102,則無法解密進而啟用失敗,不僅可確保認證器107安全啟用,透過金鑰綁定模組1014進行認證,避免重要資訊在未授權下的情況下,被無意或惡意地被讀取、使用甚至是變更等狀況,而對資訊進行保護、授權使用。Specifically, the
下文中,將搭配圖1中的各項裝置、元件及模組說明本發明實施例所述之方法。本方法的各個流程可依照實施情形而隨之調整,且並不僅限於此。Hereinafter, the method described in the embodiment of the present invention will be described with reference to the devices, components and modules in FIG1. The various processes of the method can be adjusted according to the implementation situation, and are not limited thereto.
圖2及圖3是依照本發明的一實施例的進行身分驗證的示意圖。圖4是依照本發明的一實施例的認證器進行金鑰綁定的示意圖。圖5是依照本發明的一實施例的一種企業認證的安全啟用方法的流程圖。Figures 2 and 3 are schematic diagrams of identity verification according to an embodiment of the present invention. Figure 4 is a schematic diagram of key binding by an authenticator according to an embodiment of the present invention. Figure 5 is a flow chart of a security activation method for enterprise authentication according to an embodiment of the present invention.
請結合圖2至圖5,於步驟S101中,註冊於專屬終端設備管控系統104之專屬終端設備102經由專屬終端設備管控元件1021傳送身分驗證請求至金鑰管控裝置101。Please refer to FIG. 2 to FIG. 5 . In step S101 , the dedicated
於步驟S102中,金鑰管控裝置101依據身分驗證請求驗證專屬終端設備102的使用者身分,且令專屬終端設備102取得登入金鑰管控裝置101的終端設備有效性。In step S102 , the
於步驟S103中,金鑰管控裝置101利用近端身分認證行動裝置106進行FIDO2(Fast IDentity Online2)識別認證,以取得專屬終端設備102註冊於專屬終端設備管控系統104時綁定的FIDO2金鑰,並依據FIDO2金鑰產製FIDO2封包。In step S103, the
於步驟S104中,金鑰管控裝置101傳送FIDO2封包至FIDO2伺服器105進行驗證,以於驗證FIDO2封包有效時生成啟用資訊至專屬終端設備102,同時發送認證器密碼至使用者108。In step S104, the
於步驟S105中,使用者108輸入認證器密碼至專屬終端設備102以生成金鑰註冊資訊。In step S105, the
於步驟S106中,FIDO2伺服器105對FIDO2封包進行驗證,以驗證FIDO2封包有效,並且確認啟用資訊及金鑰註冊資訊後執行認證器金鑰綁定操作,以啟用認證器107。In step S106 , the
基於上述,本發明提供一種企業認證的安全啟用系統及其方法,利用專屬終端設備才能啟動已完成個人化設定但未啟用與綁定的認證器(EA token),不僅確保認證器安全啟用,且透過金鑰綁定模組進行身份認證,避免重要資訊在未授權下的情況下,被無意或惡意地被讀取、使用甚至是變更等狀況,而對資訊進行保護、授權使用,在安全特定的環境下執行身分認證達到雙重身份審核及防止假冒本人使用專屬終端設備之目的,即使非法取得其設備或是資料,也無法輕易啟用,並且結合標準FIDO2認證流程,不僅更具有擴展性,可供企業快速導入,省去研發資源及人力成本,大幅提升企業管理和IT安全方面的服務。Based on the above, the present invention provides a secure activation system and method for enterprise authentication, which uses a dedicated terminal device to activate an authenticator (EA) that has completed personalized settings but is not activated and bound. Token) not only ensures the safe activation of the authenticator, but also performs identity authentication through the key binding module to prevent important information from being read, used or even changed unintentionally or maliciously without authorization, and protects and authorizes the use of information. Identity authentication is performed in a secure and specific environment to achieve double identity review and prevent the use of exclusive terminal devices by impersonating the person. Even if the device or data is illegally obtained, it cannot be easily activated. In addition, combined with the standard FIDO2 authentication process, it is not only more scalable, but also can be quickly introduced by enterprises, saving R&D resources and labor costs, and greatly improving enterprise management and IT security services.
雖然本發明已以實施例揭露如上,然其並非用以限定本發明,任何所屬技術領域中具有通常知識者,在不脫離本發明的精神和範圍內,當可作些許的更動與潤飾,故本發明的保護範圍當視後附的申請專利範圍所界定者為準。Although the present invention has been disclosed as above by the embodiments, they are not intended to limit the present invention. Any person with ordinary knowledge in the relevant technical field can make some changes and modifications without departing from the spirit and scope of the present invention. Therefore, the protection scope of the present invention shall be defined by the scope of the attached patent application.
10:安全啟用系統 101:金鑰管控裝置 102:專屬終端設備 1021:專屬終端設備管控元件 1011:實名審核模組 1012:終端設備審核模組 1013:金鑰密碼發行模組 1014:金鑰綁定模組 103:實名認證管控系統 104:專屬終端設備管控系統 105:FIDO2 server、 FIDO2伺服器 106:近端身分認證行動裝置、個人行動裝置 107:認證器 108:使用者 S101、S102、S103、S104、S105、S106:步驟 10: Security activation system 101: Key control device 102: Dedicated terminal device 1021: Dedicated terminal device control element 1011: Real-name verification module 1012: Terminal device verification module 1013: Key password issuance module 1014: Key binding module 103: Real-name authentication control system 104: Dedicated terminal device control system 105: FIDO2 server, FIDO2 server 106: Near-end identity authentication mobile device, personal mobile device 107: Authenticator 108: User S101, S102, S103, S104, S105, S106: Steps
圖1是依照本發明的一實施例的一種企業認證的安全啟用系統的示意圖。 圖2及圖3是依照本發明的一實施例的進行身分驗證的示意圖。 圖4是依照本發明的一實施例的認證器進行金鑰綁定的示意圖。 圖5是依照本發明的一實施例的一種企業認證的安全啟用方法的流程圖。 FIG1 is a schematic diagram of a security activation system for enterprise authentication according to an embodiment of the present invention. FIG2 and FIG3 are schematic diagrams of identity verification according to an embodiment of the present invention. FIG4 is a schematic diagram of key binding by an authenticator according to an embodiment of the present invention. FIG5 is a flow chart of a security activation method for enterprise authentication according to an embodiment of the present invention.
10:安全啟用系統 10: Safely activate the system
101:金鑰管控裝置 101: Key control device
102:專屬終端設備 102: Dedicated terminal equipment
1021:專屬終端設備管控元件 1021: Dedicated terminal equipment control component
1011:實名審核模組 1011: Real-name verification module
1012:終端設備審核模組 1012: Terminal equipment review module
1013:金鑰密碼發行模組 1013: Key and password issuance module
1014:金鑰綁定模組 1014:Key binding module
103:實名認證管控系統 103: Real-name authentication control system
104:專屬終端設備管控系統 104: Dedicated terminal equipment control system
105:FIDO2 server、FIDO2伺服器 105:FIDO2 server, FIDO2 server
106:近端身分認證行動裝置、個人行動裝置 106: Proximal identity authentication mobile device, personal mobile device
107:認證器 107: Authenticator
108:使用者 108: User
Claims (11)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW112107965A TWI838149B (en) | 2023-03-06 | 2023-03-06 | Secure enabling system and method for enterprise authentication |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW112107965A TWI838149B (en) | 2023-03-06 | 2023-03-06 | Secure enabling system and method for enterprise authentication |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| TWI838149B true TWI838149B (en) | 2024-04-01 |
Family
ID=91618959
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW112107965A TWI838149B (en) | 2023-03-06 | 2023-03-06 | Secure enabling system and method for enterprise authentication |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWI838149B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114978543A (en) * | 2022-05-23 | 2022-08-30 | 飞天诚信科技股份有限公司 | Method and system for registering and authenticating certificate |
| US20220407723A1 (en) * | 2021-06-18 | 2022-12-22 | Capital One Services, Llc | Systems and methods for contactless card communication and multi-device key pair cryptographic authentication |
| US20220417020A1 (en) * | 2021-06-18 | 2022-12-29 | Yahoo Japan Corporation | Information processing device, information processing method, and non-transitory computer readable storage medium |
| US20230020611A1 (en) * | 2020-07-25 | 2023-01-19 | Login Id Inc. | User device gated secure authentication computing systems and methods |
| TWM637453U (en) * | 2022-09-02 | 2023-02-11 | 財金資訊股份有限公司 | Fido identity verification system based on chip financial card |
-
2023
- 2023-03-06 TW TW112107965A patent/TWI838149B/en active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20230020611A1 (en) * | 2020-07-25 | 2023-01-19 | Login Id Inc. | User device gated secure authentication computing systems and methods |
| US20220407723A1 (en) * | 2021-06-18 | 2022-12-22 | Capital One Services, Llc | Systems and methods for contactless card communication and multi-device key pair cryptographic authentication |
| US20220417020A1 (en) * | 2021-06-18 | 2022-12-29 | Yahoo Japan Corporation | Information processing device, information processing method, and non-transitory computer readable storage medium |
| CN114978543A (en) * | 2022-05-23 | 2022-08-30 | 飞天诚信科技股份有限公司 | Method and system for registering and authenticating certificate |
| TWM637453U (en) * | 2022-09-02 | 2023-02-11 | 財金資訊股份有限公司 | Fido identity verification system based on chip financial card |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI667585B (en) | Method and device for safety authentication based on biological characteristics | |
| JP6170158B2 (en) | Mobile multi single sign-on authentication | |
| US20170244676A1 (en) | Method and system for authentication | |
| US20200067705A1 (en) | Methods, apparatuses, and computer program products for frictionless electronic signature management | |
| US20110159848A1 (en) | Methods and apparatus for provisioning devices with secrets | |
| JP5571854B2 (en) | User account recovery | |
| JP2015535984A5 (en) | ||
| KR101028882B1 (en) | System and method for providing user authentication one time password using a wireless mobile terminal | |
| WO2011161461A1 (en) | Identity verification | |
| CN109716725B (en) | Data security system, method of operating the same, and computer-readable storage medium | |
| JP4334515B2 (en) | Service providing server, authentication server, and authentication system | |
| JP2008181310A (en) | Authentication server and authentication program | |
| JP2010506312A (en) | Reliable multi-channel authentication | |
| KR20220167366A (en) | Cross authentication method and system between online service server and client | |
| JP5849149B2 (en) | One-time password generation method and apparatus for executing the same | |
| US20220116390A1 (en) | Secure two-way authentication using encoded mobile image | |
| TW202207667A (en) | Authentication and validation procedure for improved security in communications systems | |
| CN114500074B (en) | Single-point system security access method and device and related equipment | |
| JP4914725B2 (en) | Authentication system, authentication program | |
| TWI838149B (en) | Secure enabling system and method for enterprise authentication | |
| CN113591053A (en) | Method and system for identifying general mobile equipment based on biological information | |
| Baghdasaryan et al. | FIDO Security Reference | |
| JP7403430B2 (en) | Authentication device, authentication method and authentication program | |
| US11575687B2 (en) | Holistic and verified security of monitoring protocols | |
| EP2860935B1 (en) | A computer implemented method to prevent attacks against authorization systems and computer programs products thereof |