TWM553448U - Multi-factor login system - Google Patents
Multi-factor login system Download PDFInfo
- Publication number
- TWM553448U TWM553448U TW106211476U TW106211476U TWM553448U TW M553448 U TWM553448 U TW M553448U TW 106211476 U TW106211476 U TW 106211476U TW 106211476 U TW106211476 U TW 106211476U TW M553448 U TWM553448 U TW M553448U
- Authority
- TW
- Taiwan
- Prior art keywords
- login
- host
- menu
- factor
- message
- Prior art date
Links
Landscapes
- Information Transfer Between Computers (AREA)
Description
本創作與網路系統的使用者登入驗證機制有關,具體而言是指一種多因子登入系統,利用系統主機動態指定登入主機,並搭配多重選單供使用者點選的方式進行使用者登入驗證,使用者在登入的整個過程當中不需要輸入任何密碼或憑證,兼顧便利性與安全性。 This creation is related to the user login verification mechanism of the network system. Specifically, it refers to a multi-factor login system, which uses the system host to dynamically specify the login host, and uses the multiple menus for the user to click to perform user login verification. The user does not need to enter any password or credentials during the login process, taking into account convenience and security.
現有網際網路的使用者登入驗證機制是以帳號搭配密碼為主,為了提高安全性,多半還會搭配數字驗證、圖形驗證或使用者憑證(例如自然人憑證),使得使用者的登入程序變得繁瑣。此外,許多應用系統會限制使用者所設定密碼的長度與組合難度,甚至強制要求使用者定期更換新的密碼,對使用者造成記憶及使用上極大的負擔。 The user authentication verification mechanism of the existing Internet is based on the account combination password. In order to improve security, digital authentication, graphic verification or user credentials (such as natural person credentials) are often used to make the user's login procedure become Cumbersome. In addition, many application systems limit the length and combination difficulty of the passwords set by the user, and even force the user to periodically change the new password, which causes a great burden on the user to memorize and use.
此外,使用帳號搭配密碼的登入方式很容易遭到駭客破解與竊取,或是以不斷嘗試登入的暴力方式干擾系統主機的正常運作。因此,如何設計出既方便又能兼顧安全性的使用者登入機制成為重要的課題。 In addition, the login method using the account and password is very easy to be cracked and stolen by the hacker, or the violent way of constantly trying to log in interferes with the normal operation of the system host. Therefore, how to design a user login mechanism that is both convenient and safe is an important issue.
有鑑於此,本創作提供一種多因子登入系統,包含有一系統主機,至少一選單主機與至少一使用者終端,其中系統主機收到一登入請求後會顯示一驗證資訊並發送一登入訊息,選單主機用來產生一多重選單內建驗證資訊與複數個無關資訊,並在多重選單中驗證資訊被點選時發送登入通知給系統主機,使用者終端能夠連線系統主機並提出登入請求,依據登入訊息與選單主機 建立連接後顯示多重選單供使用者點選,在該系統主機收到該登入通知後登入該系統主機。 In view of this, the present invention provides a multi-factor login system, including a system host, at least one menu host and at least one user terminal, wherein the system host displays a verification message and sends a login message after receiving a login request, the menu The host is configured to generate a multi-menu built-in verification information and a plurality of irrelevant information, and send a login notification to the system host when the verification information is selected in the multi-menu, and the user terminal can connect to the system host and make a login request, according to Login message and menu host After the connection is established, the multi-menu is displayed for the user to click, and the host of the system logs in to the system host after receiving the login notification.
藉此,本創作不需要使用者設定密碼,而改為要求使用者必須依據系統主機的登入訊息連線正確的選單主機,以作為第一道驗證機制,其次使用者必須點選多重選單內正確的驗證資訊,以作為第二道驗證機制,之後就能正確的登入系統主機進行作業,過程便捷而且符合直覺。而且本創作的登入訊息與多重選單都可以設定為動態產生,因此可以避免駭客使用暴力登入的方式來干擾系統主機的運作。 Therefore, this creation does not require the user to set a password, but instead requires the user to connect to the correct menu host according to the login message of the system host as the first verification mechanism, and secondly the user must select the correct one in the multiple menu. The verification information is used as the second verification mechanism, and then the correct login to the system host can be performed, and the process is convenient and intuitive. Moreover, the login message and the multi-menu of the creation can be set to be dynamically generated, so that the hacker can be prevented from using the violent login method to interfere with the operation of the system host.
本創作的較佳實施態樣為,選單主機的數量為複數個。此外,系統主機產生登入資訊時會自動進行一預定時間的倒數,若在預定時間內未收到選單主機發送的登入通知則拒絕使用者終端的登入請求,進而提高安全性。 In a preferred embodiment of the present invention, the number of menu hosts is plural. In addition, when the system host generates the login information, the reciprocal of the predetermined time is automatically performed. If the login notification sent by the menu host is not received within the predetermined time, the login request of the user terminal is rejected, thereby improving security.
前述多因子登入系統所使用的登入訊息為電子郵件或多媒體訊息,其內容包含有系統主機所指定選單主機的網址或IP位址,能夠適用於一個以上的使用者終端。當使用者終端的數量為二個時,其中一使用者終端連線系統主機並提出登入請求,另一使用者終端接收登入訊息並連線選單主機。如此一來,本創作可以讓使用者帳號對應設置的手機號碼或Email帳號作為驗證機制的一環。 The login message used by the multi-factor login system is an email or multimedia message, and the content thereof includes the URL or IP address of the menu host specified by the system host, and can be applied to more than one user terminal. When the number of user terminals is two, one of the user terminals connects to the system host and makes a login request, and the other user terminal receives the login message and connects to the menu host. In this way, the creation can make the mobile phone number or email account corresponding to the user account as a part of the verification mechanism.
10‧‧‧多因子登入系統 10‧‧‧Multi-factor login system
20‧‧‧系統主機 20‧‧‧System Host
30‧‧‧選單主機 30‧‧‧Menu Host
40‧‧‧使用者終端 40‧‧‧User terminal
S1~S6‧‧‧步驟 S1~S6‧‧‧Steps
圖1為本創作所提供實施例的系統方塊圖。 1 is a system block diagram of an embodiment provided by the author.
圖2為本創作所提供實施例的作業流程圖。 2 is a flow chart of the operation of the embodiment provided by the author.
圖3為本創作所提供實施例中選單主機所提供的多重選單示意圖。 FIG. 3 is a schematic diagram of multiple menus provided by a menu host in the embodiment provided by the author.
圖4為本創作所提供實施例中選單主機所提供的另一種多重選單示意圖。 FIG. 4 is a schematic diagram of another multiple menu provided by the menu host in the embodiment provided by the author.
為具體說明本創作的具體技術方案與所達成的技術功效,提供一較佳實施例並搭配圖式說明如下。請參閱圖1為本創作所提供一較佳實施例的系統方塊圖,多因子登入系統10包含有一系統主機20、複數個選單主機30與複數個使用者終端40。其中,系統主機20與選單主機30在本實施例中均為網路伺服器,使用者終端40則為使用者所擁有的運算裝置,例如筆電、平板電腦或手機。 In order to specify the specific technical solutions of the present invention and the technical effects achieved, a preferred embodiment is provided and the following description is given in conjunction with the drawings. Please refer to FIG. 1 , which is a system block diagram of a preferred embodiment of the present invention. The multi-factor login system 10 includes a system host 20 , a plurality of menu hosts 30 , and a plurality of user terminals 40 . In this embodiment, the system host 20 and the menu host 30 are network servers, and the user terminal 40 is an computing device owned by the user, such as a notebook, a tablet, or a mobile phone.
請參閱圖2為前述多因子登入系統的作業流程圖。首先為步驟S1,使用者啟動使用者終端40其中之一(例如筆電),隨後執行步驟S2讓使用者終端40與系統主機20建立連線並提出登入請求(在本實施例為一使用者帳號),系統主機20接收到登入請求之後會顯示一驗證資訊,隨後產生並發送一登入訊息到使用者另一個使用者終端(例如手機)。其中,驗證資訊在本實施例中為圖形與文字的組合,登入訊息則為電子郵件或多媒體訊息,其內容包含有系統主機20所指定該選單主機40其中之一的網址(URL)或IP位址。前述登入訊息的網址(URL)可以是以加密技術自動產生。系統主機20產生登入訊息之後可以連線所指定的選單主機30,並通知登入訊息所內含的驗證碼,確保只有依據前述登入訊息的使用者終端40才能與選單主機建立連線。 Please refer to FIG. 2 for a flowchart of the operation of the aforementioned multi-factor login system. First, in step S1, the user activates one of the user terminals 40 (eg, a notebook), and then performs step S2 to cause the user terminal 40 to establish a connection with the system host 20 and submit a login request (in this embodiment, a user) The account system, after receiving the login request, the system host 20 displays a verification message, and then generates and sends a login message to the user's other user terminal (such as a mobile phone). The verification information is a combination of graphics and text in the embodiment, and the login message is an email or multimedia message, and the content includes a URL (URL) or an IP address of one of the menu hosts 40 specified by the system host 20. site. The URL (URL) of the aforementioned login message may be automatically generated by encryption technology. After generating the login message, the system host 20 can connect the designated menu host 30 and notify the verification code contained in the login message to ensure that only the user terminal 40 according to the aforementioned login message can establish a connection with the menu host.
在步驟S2當中,系統主機20接收到登入請求後將自動隱藏使用者帳號,並顯示一倒數計時器進行預定時間的倒數。避免使用者重複登入,並通知使用者必須在預定時間內完成後續步驟。 In step S2, after receiving the login request, the system host 20 will automatically hide the user account and display a countdown timer to count down the predetermined time. Prevent users from logging in repeatedly and notify users that they must complete the next steps within the scheduled time.
使用者終端40接收到登入訊息之後可進行步驟S3,依據登入訊息而與被指定的選單主機30建立連線。接著在步驟S4,選單主機30會對應產生一多重選單具有複數個選項標誌(Banner)以分別顯示驗證資訊與複數個無關資訊。請參考圖3,由於驗證資訊在本實施例中為圖形與文字的組合(例如台中市政府托育一條龍文字與圖示logo),其他無關資訊同樣為圖形與文字的組合。對於使用者而言,只要點選所欲進行作業項目的選項標誌即為正確的驗證資訊,不需要去記憶並輸入複雜的密碼或是其他驗證機制,對於使用者來說完全沒有造成負擔。 After receiving the login message, the user terminal 40 may proceed to step S3 to establish a connection with the designated menu host 30 according to the login message. Next, in step S4, the menu host 30 correspondingly generates a multiple menu with a plurality of option flags to display the verification information and the plurality of irrelevant information respectively. Please refer to FIG. 3. Since the verification information is a combination of graphics and characters in the embodiment (for example, the Taichung City Government has a one-stop text and a logo), other irrelevant information is also a combination of graphics and text. For the user, simply clicking on the option flag of the desired work item is the correct verification information, and there is no need to memorize and input a complicated password or other verification mechanism, which is completely unnecessary for the user.
前述驗證資訊與無關資訊可以是文字、數字、圖形、色塊與動態圖片其中之一或其組合。例如使用文字與數字的組合作為驗證資訊與無關資訊,則多重選單的畫面可以參考圖4,系統主機將會顯示驗證資訊(如A3)而讓使用者有所指引。 The foregoing verification information and irrelevant information may be one of a text, a number, a graphic, a color block, and a dynamic picture or a combination thereof. For example, if a combination of text and numbers is used as the verification information and the irrelevant information, the screen of the multi-menu can refer to FIG. 4, and the system host will display the verification information (such as A3) to guide the user.
當完成步驟S4之後,使用者接著在步驟S5點選多重選單上正確的的選項標誌,被指定的選單主機30會發送一登入通知給系統主機20,最後進入步驟S6讓使用者順利登入系統主機,可以開始作業。 After step S4 is completed, the user then selects the correct option flag on the multi-menu in step S5, and the designated menu host 30 sends a login notification to the system host 20, and finally proceeds to step S6 to allow the user to successfully log in to the system host. , you can start work.
對於非使用者帳號的擁有者(例如駭客),將無法接收到登入訊息來得知正確的選單主機30,而且即使發現選單主機30的位址,也需要有內含正確驗證碼的網址(URL)才得以登入選單主機,且多重選單的設計也會讓非使用者帳號的擁有者無法以單機暴力方式進行破解。 For the owner of a non-user account (such as a hacker), the login message will not be received to know the correct menu host 30, and even if the address of the menu host 30 is found, a URL containing the correct verification code (URL) is required. ) It is possible to log in to the menu host, and the design of the multi-menu will also make the owner of the non-user account unable to crack in a single-machine violence.
此外,登入主機20要求使用者必須在預定時間內完成步驟S3至S5,否則會拒絕使用者終端40的登入請求,進一步提高了安全性。 In addition, the login host 20 requires the user to complete steps S3 to S5 within a predetermined time, otherwise the login request of the user terminal 40 is rejected, further improving security.
在其他的實施態樣中,選單主機及使用者終端的數量也可以減少為一個,同樣可以運用本創作的登入方法。 In other implementations, the number of menu hosts and user terminals can be reduced to one, and the login method of the author can also be used.
綜合上述說明,本創作的多因子登入系統與方法不使用傳統使用者帳號搭配密碼的登入方式,使用者無需記憶,也不會有帳號與密碼被竊取的風險。此外,本創作可以使用者憑證(例如自然人憑證或健保卡)來取代使用者帳號作為登入請求,使用上更加安全。 Based on the above description, the multi-factor login system and method of the present invention does not use the traditional user account and password login method, the user does not need to remember, and there is no risk of the account and password being stolen. In addition, this creation can replace the user account as a login request with a user credential (such as a natural person certificate or a health insurance card), which is more secure in use.
10‧‧‧多因子登入系統 10‧‧‧Multi-factor login system
20‧‧‧系統主機 20‧‧‧System Host
30‧‧‧選單主機 30‧‧‧Menu Host
40‧‧‧使用者終端 40‧‧‧User terminal
Claims (7)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW106211476U TWM553448U (en) | 2017-08-04 | 2017-08-04 | Multi-factor login system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW106211476U TWM553448U (en) | 2017-08-04 | 2017-08-04 | Multi-factor login system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| TWM553448U true TWM553448U (en) | 2017-12-21 |
Family
ID=61229438
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW106211476U TWM553448U (en) | 2017-08-04 | 2017-08-04 | Multi-factor login system |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWM553448U (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI638307B (en) * | 2017-08-04 | 2018-10-11 | 台灣資服科技股份有限公司 | Multi-factor login system and login method |
-
2017
- 2017-08-04 TW TW106211476U patent/TWM553448U/en unknown
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI638307B (en) * | 2017-08-04 | 2018-10-11 | 台灣資服科技股份有限公司 | Multi-factor login system and login method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3443724B1 (en) | Web service picture passwords | |
| EP3044987B1 (en) | Method and system for verifying an account operation | |
| US8731197B2 (en) | Secure randomized input | |
| US10356079B2 (en) | System and method for a single sign on connection in a zero-knowledge vault architecture | |
| US20080046723A1 (en) | Multi-factor authentication | |
| JP5568145B2 (en) | Biometric sensor and associated method for detecting human presence | |
| JP5777804B2 (en) | Web-based security authentication system and method | |
| US9077713B1 (en) | Typeless secure login to web-based services | |
| US10033726B2 (en) | Storage medium storing conference setting program and conference setting method | |
| US9172692B2 (en) | Systems and methods for securely transferring authentication information between a user and an electronic resource | |
| US20200252397A1 (en) | Secure two-way authentication using encoded mobile image | |
| WO2018059033A1 (en) | Verification method, server and system | |
| WO2014161259A1 (en) | Verification code processing method, device, terminal and server | |
| WO2015032281A1 (en) | Method and system for generating and processing challenge-response tests | |
| TWI696969B (en) | Client interaction method, client and server | |
| TWM553448U (en) | Multi-factor login system | |
| US20230008310A1 (en) | Communication device, non-transitory computer-readable recording medium storing computer-readable instructions for communication device, non-transitory computer-readable recording medium storing computer-readable instructions for server, and server | |
| WO2015151251A1 (en) | Network service providing device, network service providing method, and program | |
| TWI638307B (en) | Multi-factor login system and login method | |
| JP2015046059A (en) | Authentication system, authentication device, authentication method, and program | |
| CN107169341A (en) | Picture password generation method and picture password generating means | |
| JP6080282B1 (en) | Authentication processing system, authentication auxiliary server, and web display program | |
| JP2007065789A (en) | Authentication system and method | |
| KR20080033682A (en) | Server authentication system and method | |
| CN106888090B (en) | User verification method, device and system |