TWM458040U - Network security and identity verification device - Google Patents

Network security and identity verification device Download PDF

Info

Publication number
TWM458040U
TWM458040U TW101222117U TW101222117U TWM458040U TW M458040 U TWM458040 U TW M458040U TW 101222117 U TW101222117 U TW 101222117U TW 101222117 U TW101222117 U TW 101222117U TW M458040 U TWM458040 U TW M458040U
Authority
TW
Taiwan
Prior art keywords
otp
network security
time password
smart phone
app
Prior art date
Application number
TW101222117U
Other languages
Chinese (zh)
Inventor
Yao-Wei Lai
Original Assignee
Chunghwa Internat Comm Network Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chunghwa Internat Comm Network Co Ltd filed Critical Chunghwa Internat Comm Network Co Ltd
Priority to TW101222117U priority Critical patent/TWM458040U/en
Publication of TWM458040U publication Critical patent/TWM458040U/en

Links

Landscapes

  • Telephonic Communication Services (AREA)

Description

網路安全及身分驗證裝置Network security and identity verification device

本創作係有關一種網路安全及身分驗證裝置,尤指一種利用智慧型手機安裝應用程式(APP)及OTP認證系統,以作為傳送及接收一次性密碼OTP,當合作網站需要身分認證及密碼安全時,可達到安全機制之網路安全及身分驗證裝置。This creation is about a network security and identity verification device, especially a smart phone installation application (APP) and OTP authentication system for transmitting and receiving one-time password OTP. When the partner website requires identity authentication and password security. At this time, the network security and identity verification device of the security mechanism can be achieved.

按;一般的網際網路的網站經營者,對於客戶的身分往往無法確實的認證,造成許多無謂的困擾,且又存在有密碼被竊的風險。因此,市場上有用一次性密碼OTP來解決前述之問題。其原理就是利用其用之即失效的特性,降低密碼被竊的風險,也可作為確認使用者身份認證的依據。According to the general Internet website operators, the identity of the customer is often unable to be authenticated, causing many unnecessary troubles, and there is a risk of password theft. Therefore, the one-time password OTP is used in the market to solve the aforementioned problems. The principle is to use the characteristics of the failure, which reduces the risk of password theft, and can also be used as the basis for confirming the user identity authentication.

而目前市場上,有關一次性密碼OTP的使用方式,有結合實體裝置的動態密碼產生器(Token),有使用電話語音系統取得的密碼的方式,也有利用手機簡訊傳送一次性密碼的方式。然而在現今智慧型手機逐漸普及的潮流下,並沒有以智慧型手機做更經濟、方便及有效的解決方案。申請人有鑑於此,乃秉持從事該項業務多年之經驗,經不斷研究、實驗,遂萌生設計一種網路安全及身分驗證裝置,祈使網路認證更經濟、方便且更為有效。In the current market, the use of the one-time password OTP has a dynamic password generator (Token) combined with a physical device, a password obtained by using a telephone voice system, and a method of transmitting a one-time password by using a mobile phone short message. However, under the current trend of the popularity of smart phones, there is no more economical, convenient and effective solution for smart phones. In view of this, the applicant has been engaged in the business for many years. After continuous research and experimentation, Yan Mengsheng designed a network security and identity verification device to make network certification more economical, convenient and more effective.

本創作之主要目的,即在提供一種網路安全及身分驗證裝置,係利用智慧型手機安裝應用程式(APP)及OTP認證系統,以作為傳送及接收一次性密碼OTP,當合作網站需要身分認證及密碼安全時,可達到安全之機制。The main purpose of this creation is to provide a network security and identity verification device that uses a smart phone to install an application (APP) and an OTP authentication system as a one-time password for transmitting and receiving OTP. When the password is secure, a secure mechanism can be achieved.

前述之網路安全及身分驗證裝置,係至少包含智慧型手機及OTP認證系統。其中,智慧型手機係安裝有應用程式(APP),使其可構成上網之功能,該OTP認證系統係至少設有一資料庫,以供產生或接收一次性密碼(OTP)。俾當合作網站需要身分認證及密碼安全時,除了輸入網站上所提供的認證網頁內容,輸入相關資料以供驗證以外,再利用智慧型手機之手機應用程式接收及傳送一次性密碼(OTP),經由OTP驗證系統的比對,於確認無誤後,便可完成認證程序,藉由此驗證裝置從而達到安全的機制。The aforementioned network security and identity verification device includes at least a smart phone and an OTP authentication system. Among them, the smart phone is equipped with an application (APP), which can constitute a function of surfing the Internet. The OTP authentication system has at least one database for generating or receiving a one-time password (OTP). When the partner website needs identity authentication and password security, in addition to inputting the content of the authentication webpage provided on the website, input the relevant information for verification, and then receive and transmit the one-time password (OTP) by using the mobile phone application of the smart phone. Through the comparison of the OTP verification system, after the confirmation is correct, the authentication procedure can be completed, thereby verifying the device to achieve a secure mechanism.

請同時參閱第一圖及第一A圖,係為本創作之架構圖及立體圖。如圖所示,本創作之架構係至少包含能夠經由通訊網路A上網的智慧型手機1及OTP認證系統2,其中之智慧型手機1係安裝有應用程式(APP)11,該OTP認證系統2係可作為產生或接收一次性密碼(OTP)。OTP驗證系統2係包含資料庫21,以供儲存一次性密碼(OTP),作為比對資料之用。Please refer to the first figure and the first A picture at the same time, which is the architectural diagram and perspective view of the creation. As shown in the figure, the architecture of the present invention includes at least a smart phone 1 and an OTP authentication system 2 capable of accessing the Internet via the communication network A, wherein the smart phone 1 is equipped with an application (APP) 11, and the OTP authentication system 2 It can be used to generate or receive a one-time password (OTP). The OTP verification system 2 includes a database 21 for storing a one-time password (OTP) for comparison data.

本創作之一次性密碼(OTP)傳送方式,係區分為主動傳送方式及被動接收方式。The one-time password (OTP) transmission method of this creation is divided into an active transmission method and a passive reception method.

請參閱第二圖,係為本創作之主動傳送OTP方式流程圖。敬請配合第一圖及第一A圖,如圖所示,其包含以下之步驟:Please refer to the second figure, which is the flow chart of the active transmission OTP method for this creation. Please cooperate with the first picture and the first picture A, as shown in the figure, which includes the following steps:

1.客戶於合作網站經營者之網站,依其網站畫面主動輸入其智慧型手機1號碼(此為應用程式[APP]之註冊帳號或會員編號[卡號],此會員號碼先儲存於網站),同時啟動智慧型手機1應用程式(APP)11。1. On the website of the partner website operator, the customer actively enters the number of his smartphone 1 according to the website screen (this is the registered account number of the application [APP] or the member number [card number], this member number is first stored on the website) and starts at the same time. Smart Phone 1 Application (APP) 11.

2、合作網站將手機號碼通知OTP驗證系統2。2. The cooperation website will notify the OTP verification system 2 of the mobile phone number.

3、OTP驗證系統2便產生一組一次性密碼(OTP),回傳給合作網站,並顯示於其網頁上。3. The OTP verification system 2 generates a set of one-time passwords (OTP), which are transmitted back to the cooperation website and displayed on the web page.

4、客戶依照網站上顯示的一次性密碼(OTP),使用智慧型手機1應用程式(APP)11傳送OTP。4. The customer transmits the OTP using the smart phone 1 application (APP) 11 according to the one-time password (OTP) displayed on the website.

5、OTP驗證系統2於接收應用程式(APP)11傳來的OTP開始比對工作,並將驗證結果回傳給合作網站。5. The OTP verification system 2 starts the comparison work on the OTP received by the application (APP) 11, and returns the verification result to the cooperation website.

6、合作網站若收到OTP驗證系統2驗證正確通知,則客戶便可繼續使用網站所提供的各項服務,若收到驗證失敗通知,則顯示錯誤訊息,並得重新再一次輸入的動作。6. If the cooperation website receives the OTP verification system 2 to verify the correct notification, the customer can continue to use the services provided by the website. If the verification failure notification is received, an error message will be displayed and the action will be re-entered.

藉由前述之步驟,當合作網站需要身分認證及密碼安全時,經由OTP驗證系統2比對確認無誤,便可完成認證的程序,從而達到安全的機制。Through the foregoing steps, when the cooperation website needs identity authentication and password security, the authentication process can be completed through the OTP verification system 2, and the authentication process can be completed, thereby achieving a secure mechanism.

請參閱第三圖,係為本創作之被動傳送OTP方式流程圖。敬請配合第一圖及第一A圖,如圖所示,其包含以下之步驟:Please refer to the third figure, which is the flow chart of the passive transmission OTP method for this creation. Please cooperate with the first picture and the first picture A, as shown in the figure, which includes the following steps:

1、客戶依其網站畫面主動輸入其智慧型手機1號碼(此為應用程式[APP]11之註冊帳號或會員編號[卡號],此會員號碼與首先儲存於網站)同時啟動智慧型手機1應用程式(APP)11。1. The customer actively enters his smart phone 1 number according to his website screen (this is the registered account or member number [card number] of the application [APP]11, this member number is first stored on the website) and the smart phone 1 application is started at the same time. Program (APP) 11.

2、合作網站將手機號碼通知OTP驗證系統2。2. The cooperation website will notify the OTP verification system 2 of the mobile phone number.

3、OTP驗證系統2便產生一組一次性密碼(OTP),傳送到消費者的智慧型手機1上的應用程式(APP)11。3. The OTP verification system 2 generates a set of one-time passwords (OTPs) that are transmitted to the application (APP) 11 on the consumer's smart phone 1.

4、客戶再於合作網站輸入一次性密碼(OTP)。4. The customer then enters the one-time password (OTP) on the cooperation website.

5、合作網站再次傳送一次性密碼(OTP)給OTP驗證系統2。5. The cooperation website transmits the one-time password (OTP) to the OTP verification system 2 again.

6、OTP驗證系統2接收到合作網站一次性密碼(OTP)開始比對工作,並將驗證結果回傳給合作網站。6. The OTP verification system 2 receives the one-time password (OTP) of the cooperation website to start the comparison work, and returns the verification result to the cooperation website.

7、合作網站若收到OTP驗證系統2驗證正確通知,則客戶便可繼續使用網站所提供的各項服務,若收到驗證失敗通知,則顯示錯誤訊息,並得重新再一次輸入的動作。7. If the cooperation website receives the OTP verification system 2 to verify the correct notification, the customer can continue to use the services provided by the website. If the verification failure notification is received, an error message will be displayed and the action will be re-entered.

藉由前述之步驟,當合作網站需要身分認證及密碼安全時,經由OTP驗證系統2比對確認無誤,便可完成認證的程序,從而達到安全的機制。Through the foregoing steps, when the cooperation website needs identity authentication and password security, the authentication process can be completed through the OTP verification system 2, and the authentication process can be completed, thereby achieving a secure mechanism.

本創作係針對智慧型手機提出一次性密碼(OTP)的使用方式,與傳統的手機簡訊接受OTP最大的差異如下: This creation is based on the use of one-time password (OTP) for smart phones. The biggest difference between the traditional mobile phone newsletter and OTP is as follows:

前述實施例,僅為說明本創作之較佳實施方式,而非限制本創作之範圍,凡經由些微修飾、變更,仍不失本創作之要義所在,亦不脫本創作之精神範疇。The foregoing embodiments are merely illustrative of the preferred embodiments of the present invention, and are not intended to limit the scope of the present invention, and the details of the present invention are not deviated from the spirit of the present invention.

綜上所述,本創作利用智慧型手機之手機應用程式傳送或接收一次性密碼(OTP),經由OTP驗證系統,構成網路安全及身分驗證裝置。俾當合作網站需要身分認證及密碼安全時,經過比對確認無誤,便可完成認證程序,從而達到安全的機制。為一實用之設計,誠屬一俱新穎性之創作,爰依法提出專利之申請,祈 鈞局予以審查,早日賜准專利,至感德便。In summary, the creation uses a mobile phone application of a smart phone to transmit or receive a one-time password (OTP), and constitutes a network security and identity verification device via an OTP verification system. When the partner website needs identity authentication and password security, the authentication process can be completed after the comparison is confirmed, thus achieving a secure mechanism. For a practical design, it is a novelty creation. If you apply for a patent in accordance with the law, you will be punished by the Bureau of Public Information, and you will be granted a patent as soon as possible.

1‧‧‧智慧型手機1‧‧‧Smart mobile phone

11‧‧‧應用程式(APP)11‧‧‧Application (APP)

2‧‧‧OTP認證系統2‧‧‧OTP Certification System

21‧‧‧資料庫21‧‧‧Database

A‧‧‧通訊網路A‧‧‧Communication Network

第一圖係本創作之架構圖。The first picture is the architectural diagram of this creation.

第一A圖係本創作之立體圖。The first A picture is a perspective view of the creation.

第二圖係本創作之主動傳送OTP方式流程圖。The second picture is a flow chart of the active transmission OTP method of the present creation.

第三圖係本創作之被動傳送OTP方式流程圖。The third picture is the flow chart of the passive transmission OTP method of this creation.

1‧‧‧智慧型手機1‧‧‧Smart mobile phone

11‧‧‧應用程式(APP)11‧‧‧Application (APP)

2‧‧‧OTP認證系統2‧‧‧OTP Certification System

21‧‧‧資料庫21‧‧‧Database

Claims (3)

一種網路安全及身分驗證裝置,包含:可供上網之智慧型手機,其安裝有應用程式(APP),以供與OTP驗證系統連結;俾當OTP驗證系統需要網路安全及身分驗證時,依據OTP驗證系統上所提供的認證網頁內容,輸入相關資料以供驗證外,並藉由應用程式(APP)對認證網站系統接收或傳送一次性密碼(OTP);OTP驗證系統,係供產生或接收智慧型手機所傳送之一次性密碼(OTP),以及比對該一次性密碼(OTP),於確認無誤便可完成認證程序。 A network security and identity verification device comprising: a smart phone for Internet access, with an application (APP) installed for linking with an OTP verification system; and when the OTP verification system requires network security and identity verification, According to the content of the authentication webpage provided on the OTP verification system, input relevant data for verification, and receive or transmit a one-time password (OTP) to the authentication website system through an application (APP); the OTP verification system is for generating or Receiving the one-time password (OTP) transmitted by the smart phone, and comparing the one-time password (OTP), the authentication process can be completed without confirmation. 如申請專利範圍第1項所述之網路安全及身分驗證裝置,其中,智慧型手機應用程式(APP)之安裝註冊帳號,係為智慧型手機的電話號碼。 For example, the network security and identity verification device described in claim 1 is characterized in that the installation account of the smart phone application (APP) is the phone number of the smart phone. 如申請專利範圍第1項所述之網路安全及身分驗證裝置,其中,OTP驗證系統係包含資料庫,以供儲存一次性密碼(OTP),作為比對資料之用。 The network security and identity verification device according to claim 1, wherein the OTP verification system includes a database for storing a one-time password (OTP) for comparison data.
TW101222117U 2012-11-15 2012-11-15 Network security and identity verification device TWM458040U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW101222117U TWM458040U (en) 2012-11-15 2012-11-15 Network security and identity verification device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW101222117U TWM458040U (en) 2012-11-15 2012-11-15 Network security and identity verification device

Publications (1)

Publication Number Publication Date
TWM458040U true TWM458040U (en) 2013-07-21

Family

ID=49228523

Family Applications (1)

Application Number Title Priority Date Filing Date
TW101222117U TWM458040U (en) 2012-11-15 2012-11-15 Network security and identity verification device

Country Status (1)

Country Link
TW (1) TWM458040U (en)

Similar Documents

Publication Publication Date Title
JP5654642B1 (en) Authentication system and program
US8893251B2 (en) System and method for embedded authentication
CN101997824B (en) Identity identifying method based on mobile terminal and device thereof and system
US8887232B2 (en) Central biometric verification service
TWI632798B (en) Server, mobile terminal, and network real-name authentication system and method
WO2014201636A1 (en) Identity login method and device
WO2017054617A1 (en) Wifi network authentication method, device and system
WO2014183526A1 (en) Identity recognition method, device and system
JP2012530311A (en) How to log into a mobile radio network
RU2011153714A (en) SYSTEM AND METHOD OF ENSURING AUTHENTICATION FOR TRANSACTIONS WITHOUT THE CARD USING A MOBILE DEVICE
US20150286811A1 (en) Method for authenticating a user
CN106161475B (en) Method and device for realizing user authentication
JP2009282561A (en) User authentication system, user authentication method and program
JP2015201844A5 (en)
JP2015099470A (en) System, method, and server for authentication, and program
JPWO2020004486A5 (en)
JP2009118110A (en) Method and system for provisioning meta data of authentication system, its program and recording medium
KR20150003297A (en) Method and system using a cyber id to provide secure transactions
JP2017535893A (en) Payment verification method, apparatus and system
KR20150050280A (en) Authentication method using fingerprint information and certification number, user terminal and financial institution server
KR101294805B1 (en) 2-channel authentication method and system based on authentication application
KR20150025392A (en) System for securiting mobile and method therefor
CN103138935A (en) Identity authentication system based on telecom operators
CN104252676A (en) System and method for using real-time communication and digital certificate to authenticate Internet bank account identity
US20220116390A1 (en) Secure two-way authentication using encoded mobile image

Legal Events

Date Code Title Description
MM4K Annulment or lapse of a utility model due to non-payment of fees