TWI495321B - Qr code authentication system combining dynamic passwords and method thereof - Google Patents
Qr code authentication system combining dynamic passwords and method thereof Download PDFInfo
- Publication number
- TWI495321B TWI495321B TW101123193A TW101123193A TWI495321B TW I495321 B TWI495321 B TW I495321B TW 101123193 A TW101123193 A TW 101123193A TW 101123193 A TW101123193 A TW 101123193A TW I495321 B TWI495321 B TW I495321B
- Authority
- TW
- Taiwan
- Prior art keywords
- code
- dynamic password
- authentication
- information
- user
- Prior art date
Links
- 238000000034 method Methods 0.000 title claims description 18
- 238000012795 verification Methods 0.000 claims description 25
- 230000005540 biological transmission Effects 0.000 claims description 21
- 230000007246 mechanism Effects 0.000 description 15
- 238000010586 diagram Methods 0.000 description 6
- 230000000694 effects Effects 0.000 description 5
- 238000009825 accumulation Methods 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000004806 packaging method and process Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000004080 punching Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Description
本發明係關於一種QR碼(Quick Response Code)認證服務機制,特別是關於一種用於驗證使用者於特定地點擷取QR碼之QR碼認證系統及其方法。The present invention relates to a QR code (Quick Response Code) authentication service mechanism, and more particularly to a QR code authentication system for verifying that a user retrieves a QR code at a specific place and a method thereof.
隨著科技日新月異,資訊傳遞不再僅能用文字或數字的方式來表達,目前也可以利用圖片隱藏資訊、條碼等其他方式,供使用者透過不同設備或方式取得其中的內容,如此有助於降低資訊呈現量(所需篇幅),且具有便於攜帶及取得等優勢。With the rapid development of technology, information transmission can no longer be expressed by words or numbers. At present, it is also possible to use image hiding information, barcodes and other means for users to obtain content through different devices or methods. Reduce the amount of information presented (the required length), and have the advantages of being easy to carry and obtain.
對圖片隱藏資訊來說,使用上需透過數學轉換計算才能得到內部所隱藏的資訊,生活中不常見且對於一般使用者而言有使用困難度。對於條碼而言,以往常見的為一維條碼,即以黑、白線條排列而成的圖案,係常見於產品包裝上,用於記載產品的生產國家、製造廠商、生產日期等,亦或者可用於圖書管理上,即以條碼對書籍進行分類或訊息記載,因而條碼在商品、圖書管理、甚至郵政或銀行等皆有廣泛應用。另外,目前常見的還有QR碼(一種常見的二維條碼),以黑白兩色的方形圖案呈現,其應用領域廣泛,凡舉農產履歷、政府/商業活動、商品內容、介紹導覽、商業活動折價卷及個人名片等,其內容多為文字顯示或連結至特定網頁讓使用者獲取欲傳遞之資訊,因而被廣泛利用。惟,因為QR碼容易複製,例如利用影印、拍照等方式 進行複製,故現行多著重在單純資訊傳遞或折價卷贈送等用途,其主因在於目前技術無法確定使用者是何時何地掃描特定QR碼,因此為避免造成投機或不合宜使用,目前仍難以進一步深層應用QR碼。For image hiding information, the use of mathematical conversion calculations in order to get the information hidden inside, is not common in life and is difficult to use for the average user. For bar codes, the ones that are commonly used in the past are one-dimensional bar codes, that is, patterns arranged in black and white lines, which are commonly used on product packaging to describe the country of manufacture, manufacturer, date of manufacture, etc. In the book management, the books are classified or recorded by barcodes, so the barcodes are widely used in commodities, book management, and even postal or banking. In addition, QR code (a common two-dimensional bar code) is commonly used, which is presented in a square pattern of black and white. It has a wide range of applications, including agricultural history, government/commercial activities, product content, and introduction guides. Commercial activity discounts and personal business cards, etc., are mostly used for text display or link to specific web pages for users to obtain information to be transmitted, and thus are widely used. However, because the QR code is easy to copy, for example, by photocopying, taking photos, etc. Reproduction, so the current emphasis on simple information transfer or discount volume gift, the main reason is that the current technology can not determine when and where the user scans a specific QR code, so in order to avoid speculation or inappropriate use, it is still difficult to further Deep application of QR code.
因此,如何提供一種確保QR碼正常使用的認證機制,在QR碼使用時同時提供其他輔助驗證,以避免QR碼遭複製後在不適宜時間或地點使用,或者將QR碼供他人使用,藉此可提升QR碼深層應用的應用範圍且確保QR碼的認證機制,實為目前亟欲解決之技術課題。Therefore, how to provide an authentication mechanism to ensure the normal use of the QR code, while providing other auxiliary verifications when the QR code is used, to avoid the QR code being copied and used at an inappropriate time or place, or to use the QR code for others. It can improve the application range of deep application of QR code and ensure the authentication mechanism of QR code, which is the technical problem that is currently being solved.
鑒於上述習知技術之缺點,本發明之目的係提供透過與動態密碼的結合以輔助QR碼驗證的QR碼認證系統及其方法。In view of the above disadvantages of the prior art, it is an object of the present invention to provide a QR code authentication system and method for assisting QR code verification by combining with a dynamic password.
本發明之另一目的係提供一種QR碼認證機制,以確認使用者是在特定時間和特定地點下使用QR碼,避免QR碼遭到不當使用。Another object of the present invention is to provide a QR code authentication mechanism to confirm that a user uses a QR code at a specific time and at a specific place to prevent the QR code from being improperly used.
為達成前述目的及其他目的,本發明提供一種結合動態密碼之QR碼認證系統,提供使用者透過用戶端裝置在認證平台進行QR碼認證,其中,用戶端裝置係用於擷取QR碼以解析該QR碼進而產生QR碼資訊,並且供使用者輸入動態密碼,而認證平台包括有傳輸模組及驗證模組,該傳輸模組接收該用戶端裝置所傳送之QR碼資訊與動態密碼,以及提供該認證平台的資料傳輸,而該驗證模組係接收該傳輸模組中之該QR碼資訊與該動態密碼以將該動態 密碼傳送至一認證伺服器,由該認證伺服器判斷該動態密碼之正確性後產生判斷資訊以傳送該判斷資訊至該驗證模組,該驗證模組係依據該QR碼資訊及該判斷資訊以產生認證資訊,俾使該認證資訊透過該傳輸模組回傳至該用戶端裝置。To achieve the foregoing and other objects, the present invention provides a QR code authentication system combining dynamic passwords, which provides a user to perform QR code authentication on a certification platform through a user terminal device, wherein the user terminal device is configured to retrieve a QR code for analysis. The QR code further generates QR code information, and the user inputs the dynamic password, and the authentication platform includes a transmission module and a verification module, and the transmission module receives the QR code information and the dynamic password transmitted by the user equipment, and Providing data transmission of the authentication platform, and the verification module receives the QR code information and the dynamic password in the transmission module to The password is transmitted to an authentication server, and the authentication server determines the correctness of the dynamic password, and then generates a judgment information to transmit the determination information to the verification module. The verification module is based on the QR code information and the determination information. The authentication information is generated, and the authentication information is transmitted back to the client device through the transmission module.
於一實施態樣中,該認證平台復包括登入模組,係用於提供使用者於QR碼認證之前進行會員登入。In an implementation aspect, the authentication platform includes a login module, which is used to provide a user to log in before the QR code is authenticated.
於又一實施態樣中,該認證平台復包括會員服務模組,係用於依據該驗證模組所產生之該認證資訊以提供服務訊息至該用戶端裝置。In another embodiment, the authentication platform includes a member service module for providing the service information to the client device according to the authentication information generated by the verification module.
於另一實施態樣中,該動態密碼係由動態密碼鎖產生,且該動態密碼係同步產生於該認證伺服器中。In another implementation, the dynamic password is generated by a dynamic password lock, and the dynamic password is generated synchronously in the authentication server.
本發明復提出一種結合動態密碼之QR碼認證方法,係包括下列步驟:(1)接收用戶端裝置所傳送之QR碼資訊及動態密碼以進行認證;(2)驗證該動態密碼之正確性後產生判斷資訊,且依據該判斷資訊及該QR碼資訊以產生認證資訊;(3)回傳該認證資訊至該用戶端裝置。The invention further provides a QR code authentication method combining dynamic password, which comprises the following steps: (1) receiving QR code information and dynamic password transmitted by the user equipment for authentication; (2) verifying the correctness of the dynamic password. Generating the judgment information, and generating the authentication information according to the judgment information and the QR code information; (3) returning the authentication information to the client device.
於一實施態樣中,該步驟(2)係判斷該動態密碼與一認證伺服器所產生之動態密碼兩者是否相同以產生該判斷資訊。In an implementation aspect, the step (2) determines whether the dynamic password and the dynamic password generated by an authentication server are the same to generate the determination information.
相較於習知技術,本發明之結合動態密碼之QR碼認證系統及其方法,係以動態密碼來輔助之QR碼認證,由於動態密碼是由動態密碼鎖所產生,故可藉此判斷所輸入的動態密碼是否正確,進而確認使用者是否位於QR碼所在 處,如此可避免QR碼遭複製而由他人或在他處使用,透過本發明之QR碼認證機制,利於服務提供端的廠商提供更深層的服務及資料應用,且對於服務提供者及使用者在商務服務上,確實有相當助益。Compared with the prior art, the QR code authentication system and the method thereof combined with the dynamic password are the QR code authentication assisted by the dynamic password. Since the dynamic password is generated by the dynamic password lock, the judgment can be made by Is the dynamic password entered correct to confirm whether the user is located in the QR code? In this way, the QR code can be prevented from being copied and used by others or elsewhere. Through the QR code authentication mechanism of the present invention, the service provider can provide a deeper service and data application, and for the service provider and the user. Business services are indeed quite helpful.
以下藉由特定的具體實施例說明本發明之技術內容,熟悉此技藝之人士可由本說明書所揭示之內容輕易地瞭解本發明之優點與功效。然本發明亦可藉由其他不同的具體實施例加以施行或應用。The technical contents of the present invention will be described below by way of specific embodiments, and those skilled in the art can easily understand the advantages and effects of the present invention from the contents disclosed in the present specification. However, the invention may be embodied or applied by other different embodiments.
請參閱第1圖,本發明之結合動態密碼之QR碼認證系統的系統示意圖。如圖所示,本發明之結合動態密碼之QR碼認證系統1主要提供使用者透過用戶端裝置2在認證平台3進行QR碼200的認證,其中,用戶端裝置2可例如為智慧型行動裝置或隨身電子裝置等,以提供QR碼200的擷取及資料輸入,因而使用者可透過用戶端裝置2擷取QR碼200並解析該QR碼200以產生QR碼資訊,且該用戶端裝置2供使用者輸入由動態密碼鎖(OTP Token)產生的動態密碼100,以供後續QR碼認證的程序。Please refer to FIG. 1 , which is a schematic diagram of a system of a QR code authentication system combining dynamic passwords according to the present invention. As shown in the figure, the QR code authentication system 1 of the present invention in combination with the dynamic password mainly provides the user to perform the authentication of the QR code 200 on the authentication platform 3 through the user device 2, wherein the client device 2 can be, for example, a smart mobile device. Or the portable electronic device or the like to provide the retrieval and data input of the QR code 200, so that the user can retrieve the QR code 200 through the user device 2 and parse the QR code 200 to generate the QR code information, and the user terminal device 2 A program for the user to input a dynamic password 100 generated by a dynamic password lock (OTP Token) for subsequent QR code authentication.
該認證平台3係用於QR碼200的驗證及提供相關商務服務,其包括:傳輸模組30以及驗證模組31。The authentication platform 3 is used for verification of the QR code 200 and provides related business services, and includes a transmission module 30 and a verification module 31.
傳輸模組30係接收該用戶端裝置2所傳送之QR碼資訊與動態密碼100,以及提供該認證平台3的資料傳輸。詳言之,傳輸模組30為與用戶端裝置2互動通訊管道,故用戶端裝置2將傳送自QR碼200所解析出來之QR碼資訊 與動態密碼100至傳輸模組30,以進行後續認證。The transmission module 30 receives the QR code information and the dynamic password 100 transmitted by the client device 2, and provides data transmission of the authentication platform 3. In detail, the transmission module 30 is an interactive communication channel with the client device 2, so the client device 2 transmits the QR code information parsed from the QR code 200. And the dynamic password 100 to the transmission module 30 for subsequent authentication.
驗證模組31係將接收來自傳輸模組30之QR碼資訊與動態密碼100,並將該動態密碼100傳送至認證伺服器4,由該認證伺服器4判斷該動態密碼100之正確性後產生判斷資訊以傳送該判斷資訊至該驗證模組31,此外,該驗證模組31依據該QR碼資訊及該判斷資訊以產生認證資訊,俾使該認證資訊透過該傳輸模組30回傳至該用戶端裝置2。具體來說,認證伺服器4是負責處理動態密碼100之正確性判斷,動態密碼100可由設置於商店內之動態密碼鎖產生,因動態密碼在一定時間內(如一分鐘)改變,故可確保使用者是在當下使用動態密碼,驗證模組31將動態密碼100傳送至認證伺服器4判斷動態密碼100之正確性後產生判斷資訊,接著驗證模組31依據QR碼資訊與認證伺服器4所回傳之判斷資訊以產生認證資訊,該認證資訊將透過傳輸模組30回傳到用戶端裝置2,以通知使用者是否認證成功。The verification module 31 will receive the QR code information and the dynamic password 100 from the transmission module 30, and transmit the dynamic password 100 to the authentication server 4, and the authentication server 4 determines the correctness of the dynamic password 100. Determining the information to transmit the determination information to the verification module 31. Further, the verification module 31 generates the authentication information according to the QR code information and the determination information, and causes the authentication information to be transmitted back to the transmission module 30. Client device 2. Specifically, the authentication server 4 is responsible for determining the correctness of the dynamic password 100. The dynamic password 100 can be generated by a dynamic password lock set in the store. Since the dynamic password is changed within a certain period of time (for example, one minute), the use can be ensured. After the dynamic password is used, the verification module 31 transmits the dynamic password 100 to the authentication server 4 to determine the correctness of the dynamic password 100, and then generates the judgment information, and then the verification module 31 returns the information according to the QR code information and the authentication server 4. The authentication information is transmitted to generate authentication information, and the authentication information is transmitted back to the client device 2 through the transmission module 30 to notify the user whether the authentication is successful.
此外,前述實施例中的認證伺服器4係設置於認證平台3外,若特別需要時亦可將認證伺服器4設置於結合動態密碼之QR碼認證系統1內,故本實施例中之認證伺服器4的設置僅是例示而非限制。In addition, the authentication server 4 in the foregoing embodiment is disposed outside the authentication platform 3, and the authentication server 4 may be disposed in the QR code authentication system 1 combined with the dynamic password if necessary, so the authentication in this embodiment The settings of the server 4 are merely illustrative and not limiting.
前述之動態密碼鎖可設置於店家內,其設定於特定時間下變換動態密碼,例如可設計每一分鐘變換一次動態密碼100,如此使用者僅能在當下使用該動態密碼100,可避免動態密碼100遭複製而轉由他人使用。此外,對於認證 伺服器4判斷機制,主要是認證伺服器4與動態密碼鎖兩者在時間同步下,會同步產生相同的一組動態密碼100,如此當用戶端裝置2將動態密碼100傳送至認證伺服器4時,藉由判斷兩個動態密碼是否相同(正確),即可知道該使用者是否是在特定位置且特定時間下所取得動態密碼100。The dynamic password lock can be set in the store, and the dynamic password can be changed at a specific time. For example, the dynamic password 100 can be changed once every minute, so that the user can only use the dynamic password 100 at present, and the dynamic password can be avoided. 100 was copied and transferred to others. In addition, for certification The server 4 determines the mechanism, that is, the authentication server 4 and the dynamic password lock both generate the same dynamic password 100 synchronously under time synchronization, so that when the client device 2 transmits the dynamic password 100 to the authentication server 4 By judging whether the two dynamic passwords are the same (correct), it is known whether the user is the dynamic password 100 obtained at a specific location and at a specific time.
透過上述認證機制,商店內的QR碼縱使遭到複製也無法拿到他處使用,例如商店提供使用者至特定地點掃描QR碼就送優惠的活動,有心人士可能將QR碼複製後大量散播,如此無法實現讓人潮前往特定地點的目的。若利用本發明所述之認證機制,將動態密碼設置於特定地點,使用者在擷取QR碼後一併輸入動態密碼,此時利用動態密碼的輔助認證,使用者僅能當場且在當下認證QR碼,否則事後輸入動態密碼將產生不一致的錯誤,故可防範QR碼被複製而不當使用之情況。Through the above-mentioned authentication mechanism, the QR code in the store cannot be used for copying even if it is copied. For example, the store provides the user to scan the QR code to a special place to send the discount, and the person who is interested may copy the QR code and distribute it in large quantities. This makes it impossible to make people go to specific locations. If the authentication mechanism is used to set the dynamic password to a specific location, the user inputs the dynamic password after the QR code is retrieved. At this time, the user can only authenticate on the spot and authenticate the current password. QR code, otherwise entering the dynamic password afterwards will produce inconsistent errors, so it can prevent the QR code from being copied and used improperly.
於具體實施上,商店可設置多個動態密碼鎖產生多個不同的動態密碼,以供應多位使用者同時掃瞄QR碼之服務使用,且一個動態密碼被使用認證後即失效,使用者需等待下一個動態密碼或使用由其他動態密碼鎖所產生的動態密碼。此外,動態密碼改變時間的週期可依需求設定,例如週末店家人潮多時可30秒變更一次。In a specific implementation, the store may set a plurality of dynamic password locks to generate a plurality of different dynamic passwords, so as to supply a plurality of users to simultaneously scan the service of the QR code, and a dynamic password is invalidated after being used for authentication, and the user needs to Wait for the next dynamic password or use a dynamic password generated by another dynamic password lock. In addition, the period of the dynamic password change time can be set according to requirements, for example, the weekend store family can change 30 seconds when the tide is too high.
請參閱第2圖,係說明本發明之結合動態密碼之QR碼認證系統之另一實施例的系統示意圖。如圖所示,該結合動態密碼之QR碼認證系統1同樣提供使用者透過用戶端 裝置2在認證平台3進行QR碼200的認證,其中,用戶端裝置2、認證平台3之傳輸模組30和驗證模組31、認證伺服器4之功能與第1圖所示的實施例相同,故不再贅述。本具體實施例主要說明該認證平台3復包括登入模組32、會員服務模組33。Please refer to FIG. 2, which is a system diagram showing another embodiment of the QR code authentication system incorporating the dynamic password of the present invention. As shown in the figure, the QR code authentication system 1 combined with the dynamic password also provides the user through the client. The device 2 performs authentication of the QR code 200 on the authentication platform 3, wherein the functions of the client device 2, the transmission module 30 of the authentication platform 3, the verification module 31, and the authentication server 4 are the same as those of the embodiment shown in FIG. Therefore, it will not be repeated. The specific embodiment mainly illustrates that the authentication platform 3 includes a login module 32 and a member service module 33.
登入模組32係提供使用者於QR碼200認證之前進行會員登入。為了讓使用者在掃描QR碼200後獲取更多服務,於本實施例中,利用會員資料庫(未圖示)的建立,可於使用者在會員登入並掃描QR碼200後,後端的系統同時紀錄該使用者(會員)讀取過哪些QR碼200,因此,使用者於掃描QR碼200之前透過登入模組32登入進行身分認證,之後當使用者掃描QR碼200後即可在會員資料庫中紀錄使用者曾經掃描的QR碼200、時間等資訊,如此亦可協助提供使用者其他服務。The login module 32 provides the user with a member login before the QR code 200 is authenticated. In order to enable the user to obtain more services after scanning the QR code 200, in the embodiment, the establishment of the member database (not shown) can be used after the user logs in and scans the QR code 200 after the member logs in. At the same time, it records the QR code 200 that the user (member) has read. Therefore, the user logs in through the login module 32 to perform identity authentication before scanning the QR code 200, and then the user can scan the QR code 200 after the member data. The library records the QR code 200, time and other information that the user has scanned, which can also assist in providing other services to the user.
會員服務模組33係依據該驗證模組31之認證資訊而提供服務訊息至該用戶端裝置2。具體而言,會員服務模組33可儲存有QR碼200相關資訊,例如可供回傳之優惠券、可額外提供的資訊等,因而於驗證模組31驗證後,依據認證資訊回傳服務訊息至用戶端裝置2。要說明的是,這裡所述服務訊息僅舉例說明,可能是優惠券、商品訊息或商店訊息等,如此可提供使用者除了QR碼資訊外更多的服務。The member service module 33 provides a service message to the client device 2 according to the authentication information of the verification module 31. Specifically, the member service module 33 can store the QR code 200 related information, such as the coupons that can be returned, the additional information, and the like. Therefore, after the verification module 31 verifies, the service information is returned according to the authentication information. To the client device 2. It should be noted that the service message described here is only an example, and may be a coupon, a product message or a store message, etc., so that the user can provide more services than the QR code information.
由上述內容可知,本發明之結合動態密碼之QR碼認證系統不僅提供更完整的認證機制,且透過與會員資料庫 的結合,可適時提供使用者其他資料,因此,透過本發明的認證機制不僅確保QR碼的使用過程,同時亦給予使用者更多服務。It can be seen from the above that the QR code authentication system combining the dynamic password of the present invention not only provides a more complete authentication mechanism, but also through the member database. The combination of the user can provide other information to the user in a timely manner. Therefore, the authentication mechanism of the present invention not only ensures the use of the QR code, but also gives the user more services.
為具體說明本發明之結合動態密碼之QR碼認證系統,以進行認證及服務等功能,接下來以第3圖所示之內容,且搭配前面第1、2圖所述之內容進行說明。In order to specifically describe the QR code authentication system incorporating the dynamic password of the present invention, functions such as authentication and service are performed, and the contents shown in FIG. 3 will be described next with the contents described in the first and second figures.
如第3圖所示,係說明本發明之結合動態密碼之QR碼認證系統具體實施的示意圖。於該圖中,於商店6內除了有QR碼200供使用者掃描外,另外還具有至少一動態密碼鎖60,也就是說,QR碼200與動態密碼鎖60係設置於相同地點(如商店6),其中,該動態密碼鎖60會於設定之一段時間內變化其動態密碼600,使用者可利用用戶端裝置2’掃描QR碼200並鍵入動態密碼600,該QR碼200和動態密碼600將由用戶端裝置2’掃描與輸入,用戶端裝置2’解析該QR碼200以產生QR碼資訊,該QR碼資訊將與動態密碼600一併傳送至認證平台3,認證平台3將該動態密碼600傳送至認證伺服器4以判斷該動態密碼600的正確性,認證伺服器4將判斷資訊回傳至認證平台3,並依據QR碼資訊及判斷資訊而產生認證資訊,最後認證平台3將認證資訊回傳至用戶端裝置2’,藉此結合動態密碼以完成QR碼認證的程序,其中,認證伺服器4之判斷方式係其內部具有與動態密碼鎖60相同軟體或運算機制,亦即兩者可同步產生相同動態密碼600,如此即可驗證用戶端裝置2’所傳送之動態密碼600與認證伺服器4產生之動態密碼 是否正確(如判斷是否相同)。As shown in FIG. 3, it is a schematic diagram illustrating a specific implementation of the QR code authentication system incorporating the dynamic password of the present invention. In the figure, in addition to the QR code 200 for the user to scan in the store 6, there is at least one dynamic password lock 60, that is, the QR code 200 and the dynamic password lock 60 are disposed at the same place (such as a store). 6), wherein the dynamic password lock 60 changes its dynamic password 600 within a set period of time, and the user can scan the QR code 200 by using the client device 2' and input the dynamic password 600, the QR code 200 and the dynamic password 600. The QR code 200 will be parsed and input by the client device 2' to generate QR code information, which will be transmitted together with the dynamic password 600 to the authentication platform 3, and the authentication platform 3 will be the dynamic password. 600 is sent to the authentication server 4 to determine the correctness of the dynamic password 600. The authentication server 4 returns the determination information to the authentication platform 3, and generates authentication information according to the QR code information and the judgment information. Finally, the authentication platform 3 will authenticate. The information is transmitted back to the client device 2', thereby combining the dynamic password to complete the QR code authentication process, wherein the authentication server 4 has the same software or operation mechanism as the dynamic password lock 60. I.e., both can be synchronized to produce the same dynamic password 600, thus generating the dynamic password to verify the client device 2 OTP 'transmitted with the authentication server 600 4 Is it correct (if it is judged whether it is the same).
為讓使用者在掃描QR碼200後可得到更多服務,可於掃描QR碼200之前先對用戶端裝置2進行會員登入驗證,在會員登入後用戶端裝置2’才擷取QR碼200和輸入動態密碼600,如此,後端的會員服務伺服器5便可提供除了QR碼訊息外的其他服務,如商品優惠資訊或商店資訊,較佳者,還可結合先前的會員登入機制,提供會員集點功能,如此讓使用者登入會員後所得到服務更多,相對地,服務提供端的廠商也可藉此收集使用者使用習慣(喜好),進而推廣其他收費服務。In order to allow the user to obtain more services after scanning the QR code 200, the user terminal device 2 can perform member login verification before scanning the QR code 200, and the user terminal device 2' captures the QR code 200 after the member logs in. Enter the dynamic password 600. In this way, the backend member service server 5 can provide other services besides the QR code message, such as product offer information or store information. Preferably, the member set can be combined with the previous member login mechanism. Point function, so that users get more services after logging in to the member. In contrast, the service provider can also collect user usage habits (likes) and promote other charging services.
此外,使用者復可透過社群網站7進行登入、活動訊息分享或打卡,並將分享或打卡等資訊記載於認證平台3內,如此可透過會員服務伺服器5累積紅利或現金,促使使用者主動傳遞商店6之訊息,如此對於使用者(可能是消費者)或商店6是為雙贏狀態。In addition, the user can log in, share the event information or punch the card through the social network website 7, and record information such as sharing or punching in the authentication platform 3, so that the user service server 5 can accumulate dividends or cash to promote the user. The message of the store 6 is actively delivered, so that the user (possibly the consumer) or the store 6 is in a win-win state.
由上述內容可知,本發明之結合動態密碼之QR碼認證系統,並無侷限僅能應用於商店6的優惠服務,舉例來說,可應用於紀錄使用者是否到過特定地點,商店6種類也非限制一般店家,亦可為需確認用戶到特定位置的公家單位,換言之,特別是針對要確認使用者是否到過特定地點之認證目的,更能突顯該QR碼認證系統的優點。It can be seen from the above that the QR code authentication system incorporating the dynamic password of the present invention is not limited to the preferential service of the store 6, and can be applied, for example, to whether the user has visited a specific place or not, and the type of the store 6 For non-restricted general stores, it can also be a public unit that needs to confirm the user's location to a specific location. In other words, especially for the purpose of verifying whether the user has been to a specific location, the advantages of the QR code authentication system can be highlighted.
配合前述第1-3圖所示之結合動態密碼之QR碼認證系統,以下將利用第4圖說明本發明之結合動態密碼之QR碼認證方法的步驟流程圖。In conjunction with the QR code authentication system incorporating the dynamic password shown in the above FIGS. 1-3, a flow chart of the steps of the QR code authentication method combining the dynamic password of the present invention will be described below using FIG.
於步驟S401中,係接收用戶端裝置所傳送之QR碼資訊及動態密碼以進行認證。具體來說,為了確保使用者是否於特定地點掃描QR碼,故要求使用者透過用戶端裝置除了擷取QR碼外,另外需輸入動態密碼,其中,前述之動態密碼係由動態密碼鎖所產生並設置於商店內,因而透過解析QR碼後產生之QR碼資訊及動態密碼以進行後續認證。接著進至步驟S402。In step S401, the QR code information and the dynamic password transmitted by the client device are received for authentication. Specifically, in order to ensure that the user scans the QR code at a specific location, the user is required to input a dynamic password in addition to the QR code through the user equipment, wherein the foregoing dynamic password is generated by the dynamic password lock. And it is set in the store, so the QR code information and dynamic password generated after parsing the QR code are used for subsequent authentication. Proceeding to step S402.
於步驟S402中,係驗證該動態密碼之正確性後產生判斷資訊,且依據該判斷資訊及該QR碼資訊以產生認證資訊。詳言之,後端系統對動態密碼進行正確性判斷,判斷該動態密碼是否為該時點所產生的動態密碼,以確認該動態密碼之正確性,亦即判斷由動態密碼鎖所產生之動態密碼與外部(或遠端)之認證伺服器所產生的動態密碼兩者是否相同,其中,兩者產生相同動態密碼之方法已於前面說明,於此不再贅述。最後,依據判斷資訊及QR碼資訊以產生認證資訊。接著進至步驟S403。In step S402, the verification information is generated after verifying the correctness of the dynamic password, and the authentication information is generated according to the determination information and the QR code information. In detail, the back-end system determines the correctness of the dynamic password, and determines whether the dynamic password is a dynamic password generated at the point in time to confirm the correctness of the dynamic password, that is, to determine the dynamic password generated by the dynamic password lock. Whether the dynamic password generated by the external (or remote) authentication server is the same, wherein the method for generating the same dynamic password is described above, and details are not described herein. Finally, the authentication information is generated based on the judgment information and the QR code information. Then it proceeds to step S403.
於步驟S403中,係回傳該認證資訊至該用戶端裝置。本步驟即將認證資訊,例如認證成功或認證失敗之訊息回傳至用戶端裝置,以告知使用者認證的結果。In step S403, the authentication information is returned to the client device. In this step, the authentication information, such as the authentication success or the authentication failure message, is transmitted back to the client device to inform the user of the result of the authentication.
於一具體實施例中,於該步驟S401之前復包括使用者執行會員登入。詳言之,為提供使用者更多服務內容,本實施例係於掃描QR碼之前先進行會員認證,如此後續掃描QR碼動作將被紀錄,以提供服務提供端的廠商提供更多優惠給使用者。In a specific embodiment, the user is required to perform the member login before the step S401. In detail, in order to provide users with more service content, this embodiment performs membership authentication before scanning the QR code, so that the subsequent scanning QR code action will be recorded, so as to provide more offers to the user of the service provider. .
於另一具體實施例中,於步驟S403之後復包括依據該認證資訊提供優惠訊息至該用戶端裝置。換言之,使用者於認證後,因後端系統已記載相關會員資料,故可提供符合該使用者喜好或習慣的優惠訊息,或者是其他商品資訊、商店資訊或累積消費情況,甚至可結合服務提供者,提供紅利累積或點數累積等功能。In another specific embodiment, after step S403, the method further includes providing the preferential information to the client device according to the authentication information. In other words, after the user authenticates, because the back-end system has recorded the relevant member information, it can provide preferential information that matches the user's preferences or habits, or other product information, store information or accumulated consumption, or even combined with the service. Provides bonus accumulation or point accumulation.
與習知技術相比較,本發明之結合動態密碼之QR碼認證系統及方法,透過動態密碼的使用以強化QR碼之認證程序,由於動態密碼僅能於特定地點取得,故可確認使用者是否於掃描QR碼當下也位於該地點,進一步可提供嚴格把關機制。例如廠商提供到店家掃描QR碼就送回饋金的活動,透過本發明之結合動態密碼之QR碼認證機制,便可避免如拍照後提供QR碼給其他未到場人員而使QR碼被複製濫用的情況。因此,在本發明之認證機制下,服務提供端可善用會員資訊而提供更深層服務,因而對服務提供端及使用者而言確實有所助益。Compared with the prior art, the QR code authentication system and method combining the dynamic password of the present invention enhances the QR code authentication procedure by using the dynamic password. Since the dynamic password can only be obtained at a specific place, it can be confirmed whether the user is The scanning QR code is also located at the location, which further provides a strict check mechanism. For example, the manufacturer provides the activity of returning the feed to the store to scan the QR code. Through the QR code authentication mechanism of the dynamic password combined with the present invention, it is possible to avoid the QR code being copied and abused by providing the QR code to other unseen persons after photographing. Case. Therefore, under the authentication mechanism of the present invention, the service provider can make use of the member information to provide deeper services, and thus it is indeed helpful to the service provider and the user.
上述實施例僅例示性說明本發明之原理及其功效,而非用於限制本發明。任何熟習此項技藝之人士均可在不違背本發明之精神及範疇下,對上述實施例進行修飾與改變。因此,本發明之權利保護範圍,應如後述之申請專利範圍所列。The above-described embodiments are merely illustrative of the principles of the invention and its effects, and are not intended to limit the invention. Modifications and variations of the above-described embodiments can be made by those skilled in the art without departing from the spirit and scope of the invention. Therefore, the scope of protection of the present invention should be as set forth in the scope of the claims described below.
1‧‧‧結合動態密碼之QR碼認證系統1‧‧‧ QR code authentication system combined with dynamic password
2、2’‧‧‧用戶端裝置2, 2'‧‧‧Customer device
3‧‧‧認證平台3‧‧‧ Certification Platform
30‧‧‧傳輸模組30‧‧‧Transmission module
31‧‧‧驗證模組31‧‧‧ verification module
32‧‧‧登入模組32‧‧‧ Login Module
33‧‧‧會員服務模組33‧‧‧Member Service Module
4‧‧‧認證伺服器4‧‧‧Authenticated server
5‧‧‧會員服務伺服器5‧‧‧Member Service Server
6‧‧‧商店6‧‧‧Store
60‧‧‧動態密碼鎖60‧‧‧Dynamic password lock
7‧‧‧社群網站7‧‧‧Community website
100、600‧‧‧動態密碼100, 600‧‧‧ dynamic password
200‧‧‧QR碼200‧‧‧ QR code
S401~S403‧‧‧步驟S401~S403‧‧‧Steps
第1圖係說明本發明之結合動態密碼之QR碼認證系統的系統示意圖; 第2圖係說明本發明之結合動態密碼之QR碼認證系統之另一實施例的系統示意圖;第3圖係說明本發明之結合動態密碼之QR碼認證系統具體實施的示意圖;以及第4圖係說明本發明之結合動態密碼之QR碼認證方法的步驟流程圖。1 is a schematic diagram showing a system of a QR code authentication system incorporating a dynamic password according to the present invention; 2 is a schematic diagram showing a system of another embodiment of a QR code authentication system incorporating a dynamic password according to the present invention; FIG. 3 is a schematic diagram showing a specific implementation of a QR code authentication system incorporating a dynamic password according to the present invention; and FIG. A flow chart showing the steps of the QR code authentication method of the present invention in combination with a dynamic password.
1‧‧‧結合動態密碼之QR碼認證系統1‧‧‧ QR code authentication system combined with dynamic password
2‧‧‧用戶端裝置2‧‧‧Customer device
3‧‧‧認證平台3‧‧‧ Certification Platform
30‧‧‧傳輸模組30‧‧‧Transmission module
31‧‧‧驗證模組31‧‧‧ verification module
4‧‧‧認證伺服器4‧‧‧Authenticated server
100‧‧‧動態密碼100‧‧‧ dynamic password
200‧‧‧QR碼200‧‧‧ QR code
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW101123193A TWI495321B (en) | 2012-06-28 | 2012-06-28 | Qr code authentication system combining dynamic passwords and method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW101123193A TWI495321B (en) | 2012-06-28 | 2012-06-28 | Qr code authentication system combining dynamic passwords and method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TW201401834A TW201401834A (en) | 2014-01-01 |
| TWI495321B true TWI495321B (en) | 2015-08-01 |
Family
ID=50345243
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW101123193A TWI495321B (en) | 2012-06-28 | 2012-06-28 | Qr code authentication system combining dynamic passwords and method thereof |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWI495321B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI772225B (en) * | 2021-11-11 | 2022-07-21 | 中華電信股份有限公司 | An attendance punch system and method based on fido, and computer-readable medium thereof |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106330286B (en) * | 2016-08-30 | 2020-01-31 | 西安小光子网络科技有限公司 | Relay transmission method for optical labels |
| CN113094668A (en) * | 2020-01-08 | 2021-07-09 | 林晖 | Publication Situation Assistance System |
| EP4435654A1 (en) | 2023-03-24 | 2024-09-25 | Amadeus S.A.S. | Multi-cryption model and single authentic qr generator |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW201004265A (en) * | 2008-07-09 | 2010-01-16 | Chunghwa Telecom Co Ltd | Network user ID verification system and method |
| US20110321133A1 (en) * | 2010-06-25 | 2011-12-29 | Google Inc. | System and method for authenticating web users |
| TWM426833U (en) * | 2011-11-16 | 2012-04-11 | Yue Jie Technology Co Ltd | Paperless ticketing system |
-
2012
- 2012-06-28 TW TW101123193A patent/TWI495321B/en not_active IP Right Cessation
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW201004265A (en) * | 2008-07-09 | 2010-01-16 | Chunghwa Telecom Co Ltd | Network user ID verification system and method |
| US20110321133A1 (en) * | 2010-06-25 | 2011-12-29 | Google Inc. | System and method for authenticating web users |
| TWM426833U (en) * | 2011-11-16 | 2012-04-11 | Yue Jie Technology Co Ltd | Paperless ticketing system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI772225B (en) * | 2021-11-11 | 2022-07-21 | 中華電信股份有限公司 | An attendance punch system and method based on fido, and computer-readable medium thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| TW201401834A (en) | 2014-01-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11139976B2 (en) | System and method, which using blockchain and mobile devices, provides the validated and authenticated identity of an individual to a valid and authenticated requestor | |
| CN103986688B (en) | Method of authenticating a user of a peripheral apparatus, a peripheral apparatus, and a system for authenticating a user of a peripheral apparatus | |
| US8214446B1 (en) | Segmenting access to electronic message boards | |
| CN102881071B (en) | Electronic ticket anti-counterfeiting system and method | |
| US20110270751A1 (en) | Electronic commerce system and system and method for establishing a trusted session | |
| US20130091002A1 (en) | System and method for coupon validation | |
| CN102821157A (en) | Method and device for adopting bar code images for communication | |
| US11171781B2 (en) | System and method which using blockchain protects the privacy of access code and the identity of an individual seeking online access | |
| US20140222691A1 (en) | System and method for formless, self-service registration for access to financial services | |
| US20160337358A1 (en) | Method for encoding an access to a computer resource | |
| US12293372B2 (en) | Systems and methods for deterring bot access of computer resource | |
| US20120197688A1 (en) | Systems and Methods for Verifying Ownership of Printed Matter | |
| CN107248084A (en) | Ticketing service method for managing security and device | |
| TWI495321B (en) | Qr code authentication system combining dynamic passwords and method thereof | |
| WO2014042687A1 (en) | A global identification number and portal platform technology | |
| JP2013073272A (en) | Authentication method of user and terminal device, authentication system, and authentication application program | |
| CA2874708A1 (en) | Systems, methods, and computer program products for providing offers to mobile wallets | |
| CN107240023A (en) | client identity confirmation method, device and system | |
| US10129266B2 (en) | Identity information systems and methods | |
| WO2009048191A1 (en) | Security authentication method and system | |
| KR100963930B1 (en) | Scanning data insurance product operation method and system and recording medium therefor | |
| JP2003187067A (en) | Stockholder information control method and stockholder information control program | |
| WO2007004865A1 (en) | Access check and ticket therefor | |
| JP7478404B1 (en) | Information processing system and information processing program | |
| KR101044518B1 (en) | Authentication system and authentication method for authenticating the signature of a document or authenticity of a product by using SSM of a mobile phone |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| MM4A | Annulment or lapse of patent due to non-payment of fees |