CN101521572A - Method for verifying server device - Google Patents

Abstract

A method for verifying authenticity of a server-side device is suitable for verifying authenticity of the server-side device at a client-side device. The method comprises the steps that firstly, the client device transmits authentication data to the server device so that the server device verifies that a user sends the authentication data. Then, the receiving and sending server device must transmit back the sending initial number stored by the user to verify whether the initial number is correct. If the initial number is incorrect, the connection with the server-side device is interrupted. Therefore, the verification efficiency of the server end can be enhanced, and the safety is improved.

Description

Translated fromChinese

验证服务器端装置的方法Method for authenticating server-side device

技术领域technical field

本发明涉及一种验证身分的方法，且特别是涉及一种可在客户端装置验证服务器端装置身分的方法。The present invention relates to a method for verifying identity, and in particular to a method for verifying the identity of a server device at a client device.

背景技术Background technique

近年来，网络已逐渐成为社会上另外一种信息传播、交流工具。由于网络具有的及时性、便利性、普及性等等，使得网络购物、网络拍卖、网络搜寻引擎、甚至是网络银行等等的网络应用，已逐渐为社会大众所接受。In recent years, the Internet has gradually become another tool for information dissemination and communication in society. Due to the timeliness, convenience, and popularity of the Internet, network applications such as online shopping, online auctions, online search engines, and even online banking have gradually been accepted by the public.

随着多元化网络服务普及化，为了便于管理使用者权限，众多的网站便纷纷采取会员制度，例如使用账号与密码作为认证数据，不仅可验证使用者的身分，亦能够有效管理使用者权限。然而，另一方面，随着网络的普及化，网络攻击事件也层出不穷。例如不肖黑客利用电子邮件或实时信息软件来散播木马程序，藉由木马程序来盗取使用者的重要信息。With the popularization of diversified network services, in order to facilitate the management of user rights, many websites have adopted membership systems. For example, using account numbers and passwords as authentication data can not only verify the identity of users, but also effectively manage user rights. However, on the other hand, with the popularization of the network, network attacks are also emerging in an endless stream. For example, unscrupulous hackers use e-mail or real-time messaging software to spread Trojan horse programs, and use Trojan horse programs to steal important information from users.

而目前更出现一种新兴的诈骗手法，诈骗者利用伪网站来盗取使用者的账号与密码，也就是一般所谓的网络钓鱼(Phishing)。网络钓鱼手法是利用与官方网站几乎是一模一样的伪网站，再藉由各种方法(例如数据过期等方法)诱骗使用者连结上伪网站，而将自己的账号与密码登入。因此，在使用者输入账号与密码之后，其账号与密码则随即被盗取，更甚者连姓名、地址、电话及信用卡号码等私人数据都会被盗取。And there is a new kind of fraudulent technique at present, scammers use fake website to steal user's account number and password, just generally so-called phishing (Phishing). The phishing method is to use a fake website that is almost identical to the official website, and then use various methods (such as data expiration, etc.) to trick users into connecting to the fake website and log in with their account number and password. Therefore, after the user enters the account number and password, the account number and password are stolen immediately, what's more, even personal data such as name, address, phone number and credit card number will be stolen.

发明内容Contents of the invention

有鉴于此，本发明提供一种验证服务器端装置的方法，不仅服务器端装置能够验证客户端装置，客户端装置亦能够验证服务器端装置，据以达到交互验证身分的功效。In view of this, the present invention provides a method for verifying a server-side device, not only the server-side device can verify the client-side device, but also the client-side device can also verify the server-side device, so as to achieve the effect of interactive identity verification.

本发明提出一种验证服务器端装置的方法，适用于在客户端装置验证服务器端装置的身分。此方法首先将认证数据传送至服务器端装置，以使服务器端装置验证认证数据。接着，接收服务器端装置所回传的初始号码，以验证初始号码是否正确。若初始号码不正确，则中断与服务器端装置的联机。The invention proposes a method for authenticating a server-end device, which is suitable for verifying the identity of the server-end device in a client device. This method first transmits the authentication data to the server-end device, so that the server-end device verifies the authentication data. Next, receiving the initial number returned by the server device to verify whether the initial number is correct. If the initial number is incorrect, the connection with the server device is terminated.

在本发明的一实施例中，在将认证数据传送至服务器端装置步骤之后，还包括接收服务器端装置所回传的通知信息，以重新传送认证数据。In an embodiment of the present invention, after the step of transmitting the authentication data to the server-end device, it further includes receiving notification information returned by the server-end device to re-transmit the authentication data.

在本发明的一实施例中，在验证初始号码是否正确的步骤之前，还包括判断是否在一特定时间内，接收到服务器端装置所回传的初始号码。若在特定时间内未接收到初始号码，客户端装置可判别服务器端装置是否在网页的固定字段有回传初始号码，如果经特定时间未收到回传的初始号码，则判定为假网站，并出现警示信息。如果有收到服务器端回传的初始号码，再交由客户端装置自行判别初始号码是否正确。另外，当验证初始号码为不正确时，系统更可提示一警示信息，并且自动将服务器端装置的网域名称记录至封锁名单。In an embodiment of the present invention, before the step of verifying whether the initial number is correct, it further includes judging whether the initial number returned by the server-end device is received within a specific time. If the initial number is not received within a certain period of time, the client device can determine whether the server-side device has returned the initial number in the fixed field of the webpage. If the initial number is not received within a certain period of time, it will be judged as a fake website. And a warning message appears. If the initial number returned by the server is received, then the client device will judge whether the initial number is correct or not. In addition, when the verified initial number is incorrect, the system can prompt a warning message, and automatically record the domain name of the server-side device into the block list.

在本发明的一实施例中，在传送认证数据至服务器端装置步骤之前，还包括建立认证数据至服务器端装置，并且，提供初始号码至服务器端装置。In an embodiment of the present invention, before the step of transmitting the authentication data to the server-end device, it further includes establishing the authentication data to the server-end device, and providing the initial number to the server-end device.

在本发明的一实施例中，在传送认证数据至服务器端装置步骤之后，由服务器端装置验证认证数据是否正确。当认证数据正确时，服务器端装置回传初始号码至客户端装置；反之，当认证数据不正确时，服务器端装置回传一通知信息至客户端装置。其中，当认证数据不正确时，还包括累计一登入错误次数，以判断登入错误次数是否达到一特定次数。当登入错误次数达到特定次数时，服务器端装置便中断与客户端装置的联机；反之，当登入错误次数尚未达到特定次数时，服务器端装置则回传通知信息至客户端装置。In an embodiment of the present invention, after the step of transmitting the authentication data to the server-end device, the server-end device verifies whether the authentication data is correct. When the authentication data is correct, the server device returns the initial number to the client device; otherwise, when the authentication data is incorrect, the server device returns a notification message to the client device. Wherein, when the authentication data is incorrect, it also includes accumulating a number of login errors to determine whether the number of login errors reaches a specific number of times. When the number of login errors reaches a certain number of times, the server-side device disconnects the connection with the client device; otherwise, when the number of login errors does not reach a certain number of times, the server-side device returns a notification message to the client device.

在本发明的一实施例中，认证数据为使用者账号、通行码，以及身分证号码。In an embodiment of the present invention, the authentication data is a user account number, a passcode, and an ID card number.

本发明先由客户端装置传送认证数据至服务器端装置，在服务器端装置验证此一认证数据正确之后，再由服务器端装置回传一初始号码，使得客户端装置藉由初始号码来验证服务器端装置的身分，据此，即可达到双方互相验证的功效，据以强化验证身分的功能，进一步防止伪网站的攻击。In the present invention, the client device first transmits the authentication data to the server device, and after the server device verifies that the authentication data is correct, the server device returns an initial number, so that the client device uses the initial number to verify the server The identity of the device, based on which, can achieve the effect of mutual verification between the two parties, so as to strengthen the function of verifying the identity and further prevent the attack of fake websites.

为让本发明的上述特征和优点能更明显易懂，下文特举较佳实施例，并配合附图，作详细说明如下。In order to make the above-mentioned features and advantages of the present invention more comprehensible, preferred embodiments will be described in detail below together with the accompanying drawings.

附图说明Description of drawings

图1是依照本发明一实施例所示出的验证服务器端装置的方法流程图。FIG. 1 is a flowchart of a method for authenticating a server device according to an embodiment of the invention.

图2是依照本发明一实施例所示出的交互验证身分方法的流程图。FIG. 2 is a flow chart of a method for interactive identity verification according to an embodiment of the present invention.

附图符号说明Description of reference symbols

S101-S107：本发明一实施例的验证服务器端装置的方法的各步骤S201-S219：本发明一实施例的交互验证身分方法的各步骤。S101-S107: each step of the method for verifying the server-end device according to an embodiment of the present invention S201-S219: each step of the method for interactively verifying identity according to an embodiment of the present invention.

具体实施方式Detailed ways

为了使本发明的内容更为明了，以下特举实施例作为本发明确实能够据以实施的范例。此领域具有通常知识者可以计算机程序的形式实现下述诸实施例，并利用计算机可读取存储媒体(例如硬盘、随身碟等)存储此一计算机程序，以利计算机执行之，让验证服务器端装置的方法以电子自动化的方式完成。In order to make the content of the present invention clearer, the following specific examples are given as examples in which the present invention can actually be implemented. Those with ordinary knowledge in this field can implement the following embodiments in the form of computer programs, and use computer-readable storage media (such as hard disks, flash drives, etc.) to store this computer program, so that the computer can execute it, and let the verification server end The method of the device is performed electronically and automatically.

图1是依照本发明一实施例所示出的验证服务器端装置的方法流程图。请参照图1，首先，当使用者欲通过网络，登入至服务器端装置以进行在线交易等动作时，如步骤S101所示，客户端装置先将认证数据传送至服务器端装置，使得服务器端装置能够藉由此认证数据来验证客户端装置的身分(也就是使用者的身分)。此认证数据例如是使用者账号、通行码以及身分证号码。FIG. 1 is a flowchart of a method for authenticating a server device according to an embodiment of the invention. Please refer to Fig. 1, firstly, when the user intends to log in to the server-side device through the network to conduct online transactions, etc., as shown in step S101, the client-side device first sends the authentication data to the server-side device, so that the server-side device The identity of the client device (that is, the identity of the user) can be verified by the authentication data. The authentication data is, for example, a user account number, a passcode, and an ID card number.

举例来说，以网络银行而言，银行的服务器端装置会授予使用者一组使用者账号与通行码，并且由使用者提供一身分证号码至银行的服务器端装置。当使用者欲登入银行的服务器端装置时，必须输入正确的身分证号码、使用者账号与通行码，方能登入。当然，使用者亦可更改由服务器端装置所授予的通行码。然在此仅为举例说明，实际应用中亦可仅使用一组使用者账号与通行码，来作为认证数据，可视实际情况来决定，在此并不限制认证数据的应用范围。For example, in the case of online banking, the bank's server-side device will grant the user a set of user account numbers and passcodes, and the user will provide an identity card number to the bank's server-side device. When the user wants to log in to the bank's server device, he must enter the correct ID card number, user account number and passcode to log in. Of course, the user can also change the passcode granted by the server-side device. However, this is just an example. In practical applications, only a set of user account numbers and passcodes can be used as authentication data, depending on the actual situation. The scope of application of the authentication data is not limited here.

接着，在服务器端装置验证认证数据无误之后，在步骤S103中，由客户端装置接收服务器端装置所回传的一初始号码。换言之，在服务器端装置确认使用者的身分之后，便会将对应此一认证数据的初始号码回传至客户端装置。Next, after the server device verifies that the authentication data is correct, in step S103, the client device receives an initial number returned by the server device. In other words, after the server-side device confirms the user's identity, it will return the initial number corresponding to the authentication data to the client-side device.

若以网络银行而言，使用者在银行开户时，可事先设定一组初始号码在银行的服务器端装置，当使用者在自己的计算机(即客户端装置)上通过网络进行网络交易(例如转帐或查询余额等动作)时，待银行的服务器端装置确认使用者所输入的认证数据正确之后，则将回传此认证数据所对应的初始号码至使用者的计算机。注意客户端使用者得视需要，随时异动此一初始号码，以维持此一初始号码的安全性。In the case of online banking, when a user opens an account at the bank, he can pre-set a group of initial numbers on the bank's server-side device. When the user conducts network transactions (such as When the bank's server device confirms that the authentication data entered by the user is correct, it will return the initial number corresponding to the authentication data to the user's computer. Note that the client user can change this initial number at any time as needed to maintain the security of this initial number.

之后，在步骤S105中，客户端装置验证初始号码是否正确。例如，判断初始号码是否符合一预设初始号码，以验证目前所登入的服务器端装置的身分。在实际应用中，可事先将设置在服务器端装置的初始号码，输入至客户端装置中，以作为预设初始号码。当客户端装置接收到服务器端装置所发送的初始号码时，即可比对是否与预设初始号码相同。当然，亦可直接由使用者进行判断，即是当客户端装置接收到服务器端装置所回传的初始号码，而显示至屏幕上时，由使用者进行手动认证。然在此仅为举例说明，并不以此限制实际应用的范围。Afterwards, in step S105, the client device verifies whether the initial number is correct. For example, judging whether the initial number matches a preset initial number, so as to verify the identity of the currently logged-in server device. In practical applications, the initial number set on the server-end device can be input into the client device in advance as the default initial number. When the client device receives the initial number sent by the server device, it can compare whether it is the same as the preset initial number. Of course, the judgment can also be made directly by the user, that is, when the client device receives the initial number returned by the server device and displays it on the screen, the user performs manual authentication. However, this is only for illustration and does not limit the scope of practical application.

另外，客户端装置在验证初始号码是否正确之前，更可先判断是否在一特定时间内，接收到服务器端装置所回传的初始号码。若在此一特定时间内，客户端装置未接收到初始号码，则客户端装置将提示一警示信息，以通知使用者此一服务器端装置可能并非为有效的服务器端装置。举例来说，当服务器端装置为一伪网站时，由于伪网站无法得知认证数据对应的初始号码，因而便无法回传初始号码。此时，在经过一特定时间之后，客户端装置因响应逾期便提示一警示信息来通知使用者。In addition, before verifying whether the initial number is correct, the client device can first judge whether it has received the initial number sent back by the server device within a certain period of time. If the client device does not receive the initial number within a certain period of time, the client device will prompt a warning message to inform the user that the server device may not be a valid server device. For example, when the server device is a fake website, since the fake website cannot know the initial number corresponding to the authentication data, it cannot return the initial number. At this time, after a certain time elapses, the client device will prompt a warning message to notify the user because the response is overdue.

接着，当初始号码不正确时(例如不符合预设初始号码)，如步骤S107所示，客户端装置将立即中断与服务器端装置的联机。另外，客户端装置更可提示一警示信息，以通知使用者所登入的服务器端装置可能为一伪网站，并且亦将此服务器端装置的网域名称记录至封锁名单。Next, when the initial number is incorrect (for example, does not match the preset initial number), as shown in step S107, the client device will immediately disconnect from the server device. In addition, the client device can further prompt a warning message to inform the user that the server device logged in may be a fake website, and also record the domain name of the server device in the block list.

以网络银行而言，当服务器端装置所回传之初始号码错误时，客户端装置便立即中断与服务器端装置的联机，同时，使用者可马上打电话至银行以停止其账户的存取，据以降低存款被盗领的风险。In the case of online banking, when the initial number returned by the server-side device is wrong, the client-side device will immediately disconnect from the server-side device, and at the same time, the user can immediately call the bank to stop the access to the account. In order to reduce the risk of deposit being stolen.

返回步骤S105，当初始号码正确时，则结束验证，以继续后续动作，例如开始进行网络交易。Returning to step S105, when the initial number is correct, the verification is ended to continue subsequent actions, such as starting to conduct network transactions.

综上所述，藉由上述实施例的方法，即可验证服务器端装置的身分，据以有效防止伪网站的诱骗。To sum up, with the method of the above embodiment, the identity of the server device can be verified, so as to effectively prevent deception by fake websites.

以下再举一实施例详细说明，客户端装置与服务器端装置间的交互验证身分方法的各步骤。图2是依照本发明一实施例所示出的交互验证身分方法的流程图。请参照图2，首先，在步骤S201中，客户端装置将认证数据传送至服务器端装置，以登入服务器端装置。例如，使用者在客户端装置输入使用者账号与通行码，以登入服务器端装置。Hereinafter, another embodiment will be given to describe in detail the steps of the method for interactively verifying the identity between the client device and the server device. FIG. 2 is a flow chart of a method for interactive identity verification according to an embodiment of the present invention. Please refer to FIG. 2 , firstly, in step S201 , the client device transmits authentication data to the server device to log into the server device. For example, the user enters a user account and a passcode on the client device to log in to the server device.

当服务器端装置接收到认证数据之后，如步骤S203所示，服务器端装置便验证此一认证数据是否正确。例如，服务器端装置接收到使用者账号与通行码之后，自其数据库中搜寻是否存在此一使用者账号。若存在，接着判断所接收的通行码是否正确。After the server device receives the authentication data, as shown in step S203, the server device verifies whether the authentication data is correct. For example, after receiving the user account and the passcode, the server-side device searches its database to see if the user account exists. If it exists, then judge whether the received passcode is correct.

倘若认证数据不正确时，如步骤S205所示，服务器端装置累计一登入错误次数。接着，在步骤S207中，服务器端装置判断登入错误次数是否达到特定次数。若尚未达到特定次数，则执行步骤S209，回传一通知信息至客户端装置，使得客户端装置再一次传送认证数据至服务器端装置；反之，若已达到特定次数，则执行步骤S211，服务器端装置中断与客户端装置的联机。If the authentication data is incorrect, as shown in step S205, the server-side device accumulates a number of login errors. Next, in step S207, the server device determines whether the number of login errors reaches a specific number of times. If the specific number of times has not been reached, then execute step S209, and return a notification message to the client device, so that the client device sends the authentication data to the server device again; otherwise, if the specific number of times has been reached, then execute step S211, the server The device disconnected from the client device.

举例来说，以网络银行而言，银行的服务器端装置可设定在认证数据输入3次(特定次数)皆不正确后，即停止与客户端装置的联机，以避免有心人士重复测试而盗取使用者账号与通行码。另外，银行的服务器端装置亦可在登入错误次数达到3次后，将登入失败的客户端装置的联机来源网络IP地址记录下来，并且中止被重复测试的使用者账号的权限。For example, in the case of online banking, the server device of the bank can be set to stop the connection with the client device after the authentication data is entered incorrectly for 3 times (a specific number of times), so as to prevent malicious people from repeatedly testing and stealing. Get the user account and passcode. In addition, the bank's server-side device can also record the connection source network IP address of the client device that failed to log in after the number of login errors reaches 3 times, and suspend the authority of the user account that has been repeatedly tested.

接着，返回步骤S203，若认证数据正确，则执行步骤S213，服务器端装置回传对应认证数据的初始号码至客户端装置。之后，在步骤S215中，客户端装置接收服务器端装置所回传的初始号码。Next, return to step S203, if the authentication data is correct, execute step S213, the server device returns the initial number corresponding to the authentication data to the client device. Afterwards, in step S215, the client device receives the initial number returned by the server device.

然后，在步骤S217中，客户端装置即验证初始号码是否正确，以确认服务器端装置的身分。本实施例的步骤S217与上述实施例的步骤S105相同或相似，故在此不在详述。当客户端装置验证初始号码正确时，便结束验证流程，以继续进行后续动作，例如网络银行的在线交易。相反地，当客户端装置验证初始号码不正确时，如步骤S219所示，客户端装置便立即中断与服务器端装置的联机，并亦提示一警示信息，同时也将此服务器端装置的网域名称记录至封锁名单Then, in step S217, the client device verifies whether the initial number is correct, so as to confirm the identity of the server device. Step S217 of this embodiment is the same as or similar to step S105 of the above embodiment, so it will not be described in detail here. When the client device verifies that the initial number is correct, the verification process is ended to continue subsequent actions, such as online transactions of the Internet bank. Conversely, when the client device verifies that the initial number is incorrect, as shown in step S219, the client device immediately terminates the connection with the server device, and also prompts a warning message. Record name to blocklist

综上所述，上述实施例的方法，不仅服务器端装置能够验证欲登入其的客户端装置，客户端装置亦能够验证其欲登入的服务器端装置是否为伪网站，据以确保服务器端装置为正确的官方网站，进一步强化身分验证的功能。To sum up, with the method of the above embodiment, not only the server device can verify the client device that wants to log in, but the client device can also verify whether the server device that it wants to log in is a fake website, so as to ensure that the server device is a fake website. The correct official website further strengthens the function of identity verification.

虽然本发明已以较佳实施例揭露如上，然其并非用以限定本发明，任何所属技术领域中具有通常知识者，在不脱离本发明的精神和范围内，当可作些许的更动与润饰，因此本发明的保护范围当视本发明的申请专利范围所界定者为准。Although the present invention has been disclosed above with preferred embodiments, it is not intended to limit the present invention. Anyone with ordinary knowledge in the technical field may make some modifications and changes without departing from the spirit and scope of the present invention. Modification, so the scope of protection of the present invention should be defined by the patent scope of the present invention.

Claims (10)

Translated fromChinese

1.一种验证服务器端装置的方法，适用于在一客户端装置验证一服务器端装置的身分，该方法包括：1. A method for verifying a server device, suitable for verifying the identity of a server device at a client device, the method comprising:传送一认证数据至该服务器端装置，以使该服务器端装置验证该认证数据；sending an authentication data to the server device, so that the server device verifies the authentication data;接收该服务器端装置所回传的一初始号码；receiving an initial number returned by the server device;验证该初始号码是否正确；以及verify that the initial number is correct; and若该初始号码不正确，则中断与该服务器端装置的联机。If the initial number is incorrect, the connection with the server device is terminated.2.如权利要求1所述的验证服务器端装置的方法，其中，在传送该认证数据至该服务器端装置步骤之后，还包括：2. The method for verifying a server-side device as claimed in claim 1, wherein, after the step of transmitting the authentication data to the server-side device, further comprising:接收该服务器端装置所回传的一通知信息，以重新传送该认证数据。A notification message returned by the server device is received to retransmit the authentication data.3.如权利要求1所述的验证服务器端装置的方法，其中，在验证该初始号码是否正确的步骤之前，还包括：3. The method for verifying a server-side device as claimed in claim 1, wherein, before the step of verifying whether the initial number is correct, further comprising:判断是否在一特定时间内，接收到该服务器端装置所回传的该初始号码；以及judging whether the initial number returned by the server device is received within a specific time; and若在该特定时间内未接收到该初始号码，则提示一警示信息。If the initial number is not received within the specified time, a warning message will be prompted.4.如权利要求1所述的验证服务器端装置的方法，其中，若该初始号码不正确，还包括：4. The method for verifying a server-side device as claimed in claim 1, wherein, if the initial number is incorrect, further comprising:提示一警示信息。Prompt a warning message.5.如权利要求1所述的验证服务器端装置的方法，其中，在传送该认证数据至该服务器端装置步骤之前，还包括：5. The method for verifying a server-side device as claimed in claim 1, wherein, before the step of transmitting the authentication data to the server-side device, further comprising:建立该认证数据至该服务器端装置。Establish the authentication data to the server device.6.如权利要求1所述的验证服务器端装置的方法，其中，在传送该认证数据至该服务器端装置步骤之前，还包括：6. The method for verifying a server-side device as claimed in claim 1, wherein, before the step of transmitting the authentication data to the server-side device, further comprising:提供该初始号码至该服务器端装置。providing the initial number to the server device.7.如权利要求1所述的验证服务器端装置的方法，其中，当该初始号码不正确时，还包括：7. The method for verifying a server-side device as claimed in claim 1, wherein, when the initial number is incorrect, further comprising:将该服务器端装置的一网域名称记录至一封锁名单。Recording a domain name of the server device into a block list.8.如权利要求1所述的验证服务器端装置的方法，其中，在传送该认证数据至该服务器端装置步骤之后，还包括：8. The method for authenticating a server-side device as claimed in claim 1, wherein, after the step of transmitting the authentication data to the server-side device, further comprising:该服务器端装置验证该认证数据是否正确；The server device verifies whether the authentication data is correct;当该认证数据正确时，该服务器端装置回传该初始号码至该客户端装置；以及When the authentication data is correct, the server device returns the initial number to the client device; and当该认证数据不正确时，该服务器端装置回传一通知信息至该客户端装置。When the authentication data is incorrect, the server device returns a notification message to the client device.9.如权利要求8所述的验证服务器端装置的方法，其中，当该认证数据不正确时，还包括：9. The method for verifying a server-side device as claimed in claim 8, wherein, when the authentication data is incorrect, further comprising:累计一登入错误次数；Cumulative number of login errors;判断该登入错误次数是否达到一特定次数；Determine whether the number of login errors reaches a specific number of times;当该登入错误次数达到该特定次数时，该服务器端装置中断与该客户端装置的联机；以及When the number of login errors reaches the specified number of times, the server-side device disconnects from the client device; and当该登入错误次数尚未达到该特定次数时，该服务器端装置回传该通知信息至该客户端装置。When the number of login errors has not reached the specific number, the server device returns the notification message to the client device.10.如权利要求1所述的验证服务器端装置的方法，其中，该认证数据为使用者账号、通行码，以及身分证号码。10. The method for authenticating a server-side device as claimed in claim 1, wherein the authentication data is a user account number, a passcode, and an ID card number.

Images