TWI782678B

Movatterモバイル変換

Info

Publication number: TWI782678B
Application number: TW110131712A
Authority: TW
Inventors: 夏希璿; 黃昭綺; 薛仲佑; 張家棟; 陳秋玉
Original assignee: 中華電信股份有限公司
Priority date: 2021-08-26
Filing date: 2021-08-26
Publication date: 2022-11-01
Also published as: TW202310585A

Abstract

The disclosure provides an authentication system and method applied to digital signature components. The method includes: in response to receiving an execution request from a functional webpage, verifying the execution request, wherein the execution request includes a carrier function of a carrier function module and a functional parameter required to execute the carrier function; in response to determining that the execution request has been verified, generating an authorization request based on a carrier function, a function parameter, a first instruction code valid time, and a unique verification module characteristic value; sending the authorization request to a authorization module in a remote server; in response to a authorization passed request received from the authorization module, verifying the authorization passed request; and in response to determining that the authorization passed request has been verified, requesting the carrier function module to execute the carrier function.

Description

Translated fromChinese

應用於數位簽署元件的認證系統及方法Authentication system and method applied to digitally signed components

本發明是有關於一種認證系統及方法，且特別是有關於一種應用於數位簽署元件的認證系統及方法。The present invention relates to an authentication system and method, and in particular to an authentication system and method applied to digital signature components.

在數位簽署的應用情境中，往往需要使用用戶所持有之裝置或載具資源，才能完成完整流程，因此皆須要透過用戶端元件的存在，作為一個供遠端服務存取載具資源的介面。而此元件需要讓遠端服務得以連接其介面，又需要於用戶環境中存取高機敏性的裝置或載具資源，因此其本身之安全性由為重要。In the application context of digital signature, it is often necessary to use the device or carrier resources held by the user to complete the complete process. Therefore, it is necessary to use the existence of client components as an interface for remote services to access carrier resources. . And this component needs to allow remote services to connect to its interface, and needs to access highly sensitive device or vehicle resources in the user environment, so its own security is very important.

然而，早期在使用用戶端元件的技術上，往往依賴於瀏覽器本身來進行驗證，但此一方式近年來開始被視為不安全的使用，逐漸被各瀏覽器關閉。而現今的技術往往要求用戶預先於其使用環境內安裝元件，以本地伺服器的形式建置，等待遠端服務的呼叫使用。然而，此一預先安裝於用戶環境之方法，亦存在了元件內容被以惡意手法竄改的可能性。However, in the early days, the technology of using user-side components often relied on the browser itself for authentication. However, this method has been considered unsafe in recent years and has been gradually closed by various browsers. Today's technology often requires users to pre-install components in their use environment, build them in the form of local servers, and wait for calls from remote services to use. However, in this method of pre-installing in the user environment, there is also the possibility that the component content is tampered with in malicious ways.

有鑑於此，本發明提供應用於數位簽署元件的認證系統及方法，其可用於解決上述技術問題。In view of this, the present invention provides an authentication system and method applied to digital signature components, which can be used to solve the above technical problems.

本發明提供一種應用於數位簽署元件的認證系統，其包括一電子裝置。電子裝置安裝有一數位簽署元件，其中數位簽署元件包括一本地伺服器及一載具功能模組，且電子裝置經配置以：反應於驗證模組從電子裝置的一功能網頁接收一執行需求，由驗證模組驗證執行需求，其中執行需求包括載具功能模組的一載具功能及用於執行載具功能所需的一功能參數；反應於判定執行需求通過驗證，由驗證模組基於載具功能、功能參數、一第一指令碼有效時間及驗證模組的唯一驗證模組特徵值產生一授權需求；由驗證模組透過功能網頁向一遠端伺服器中的一授權模組發出授權需求；反應於驗證模組從授權模組接收一授權通過需求，驗證授權通過需求；以及反應於判定授權通過需求通過驗證，由驗證模組要求載具功能模組執行載具功能。The invention provides an authentication system applied to digital signature components, which includes an electronic device. The electronic device is equipped with a digital signature component, wherein the digital signature component includes a local server and a carrier function module, and the electronic device is configured to: respond to the authentication module receiving an execution request from a function webpage of the electronic device, by The verification module verifies the execution requirements, wherein the execution requirements include a vehicle function of the vehicle function module and a function parameter required for executing the vehicle function; in response to judging that the execution requirements pass the verification, the verification module is based on the vehicle Function, function parameter, valid time of a first instruction code and unique verification module characteristic value of the verification module generate an authorization request; the verification module sends an authorization request to an authorization module in a remote server through the function webpage ; in response to the verification module receiving an authorization pass request from the authorization module, verifying the authorization pass request; and in response to determining that the authorization pass request has been verified, the verification module requires the vehicle function module to execute the vehicle function.

本發明提供一種應用於數位簽署元件的認證方法，適於包括一電子裝置的一認證系統。電子裝置安裝有一數位簽署元件，其中數位簽署元件包括一本地伺服器及一載具功能模組。且所述方法包括：反應於驗證模組從電子裝置的一功能網頁接收一執行需求，由驗證模組驗證執行需求，其中執行需求包括載具功能模組的一載具功能及用於執行載具功能所需的一功能參數；反應於判定執行需求通過驗證，由驗證模組基於載具功能、功能參數、一第一指令碼有效時間及驗證模組的唯一驗證模組特徵值產生一授權需求；由驗證模組透過功能網頁向一遠端伺服器中的一授權模組發出授權需求；反應於驗證模組從授權模組接收一授權通過需求，驗證授權通過需求；以及反應於判定授權通過需求通過驗證，由驗證模組要求載具功能模組執行載具功能。The invention provides an authentication method applied to a digital signature component, which is suitable for an authentication system including an electronic device. The electronic device is equipped with a digital signature component, wherein the digital signature component includes a local server and a carrier function module. And the method includes: in response to the verification module receiving an execution requirement from a function web page of the electronic device, verifying the execution requirement by the verification module, wherein the execution requirement includes a carrier function of the carrier function module and a function for executing the carrier A function parameter required by the function; in response to the determination that the execution requirement is passed the verification, the verification module generates an authorization based on the vehicle function, function parameters, a first instruction code valid time and the unique verification module characteristic value of the verification module Requirement; the verification module sends an authorization request to an authorization module in a remote server through the functional web page; responds to the verification module receiving an authorization pass request from the authorization module, verifies the authorization pass request; and responds to judging the authorization Passing the requirement verification, the verification module requires the vehicle function module to execute the vehicle function.

請參照圖1，其是依據本發明之一實施例繪示的應用於數位簽署元件的認證系統示意圖。在圖1中，認證系統10包括電子裝置11及遠端伺服器300。在本發明的實施例中，電子裝置11例如是各式電腦裝置及/或智慧型裝置，並可用於在瀏覽器200上存取功能網頁201。在一些實施例中，功能網頁201可用於讓使用者存取某些載具（例如自然人憑證、金融卡等）的資訊/功能。Please refer to FIG. 1 , which is a schematic diagram of an authentication system applied to digital signature components according to an embodiment of the present invention. In FIG. 1 , anauthentication system 10 includes anelectronic device 11 and aremote server 300 . In the embodiment of the present invention, theelectronic device 11 is, for example, various computer devices and/or smart devices, and can be used to access thefunctional web page 201 on thebrowser 200 . In some embodiments, thefunctional web page 201 can be used to allow users to access information/functions of certain carriers (such as natural person certificates, financial cards, etc.).

在一實施例中，電子裝置11可安裝有數位簽署元件12，其中數位簽署元件12可包括本地伺服器100、載具功能模組111及112。在不同的實施例中，載具功能模組111及112例如是將某些載具的功能進行實作的程式。在一些實施例中，載具功能模組111及112可依載具廠商的不同或是所執行的功能分類來作區分。舉例而言，A廠牌的載具例如可呼叫載具功能模組111，而B廠牌的載具例如可呼叫載具功能模組112。舉另一例而言，A廠牌的載具的卡片連線功能例如可實現為載具功能模組111，而A廠牌的載具的卡片簽章功能例如可實現為載具功能模組112，但可不限於此。In one embodiment, theelectronic device 11 can be installed with adigital signature component 12 , wherein thedigital signature component 12 can include a local server 100 , andcarrier function modules 111 and 112 . In different embodiments, thevehicle function modules 111 and 112 are, for example, programs for implementing certain vehicle functions. In some embodiments, thevehicle function modules 111 and 112 can be distinguished according to different vehicle manufacturers or the types of functions they perform. For example, the vehicle of brand A can call thevehicle function module 111 , and the vehicle of brand B can call the vehicle function module 112 . As another example, the card connection function of the carrier of brand A can be realized as thecarrier function module 111, and the card signature function of the carrier of brand A can be realized as the carrier function module 112, for example. , but not limited to this.

在一實施例中，本地伺服器100可包括驗證模組101，而此驗證模組101可用於執行本發明提出的應用於數位簽署元件的認證方法，其細節將在之後作進一步說明。In one embodiment, the local server 100 may include averification module 101, and theverification module 101 may be used to implement the verification method applied to the digital signature component proposed by the present invention, and the details thereof will be further described later.

請參照圖2，其是依據本發明之一實施例繪示的應用於數位簽署元件的認證方法流程圖。本實施例的方法可由圖1的電子裝置11執行，以下即搭配圖1所示的元件說明圖2各步驟的細節。Please refer to FIG. 2 , which is a flowchart of an authentication method applied to digital signature components according to an embodiment of the present invention. The method of this embodiment can be executed by theelectronic device 11 in FIG. 1 , and the details of each step in FIG. 2 will be described below with the components shown in FIG. 1 .

概略而言，本發明的認證方法可應用於線上進行數位簽署的流程中。具體而言，當在線上進行流程時，往往需要整合用戶端的機敏設備與資訊，例如用戶端的私密金鑰或是存放於特殊裝置中的敏感個資，才能完成完整的數位簽署流程。In a nutshell, the authentication method of the present invention can be applied to the online digital signature process. Specifically, when the process is carried out online, it is often necessary to integrate the sensitive equipment and information of the client, such as the private key of the client or sensitive personal information stored in a special device, in order to complete the complete digital signature process.

然而，透過功能網頁無法直接取得用戶端的資訊與設備，因此本發明的方法可用於協助功能網頁呼叫用戶端的裝置或是取得資訊。在啟動此一流程前，需先將數位簽署元件12安裝於用戶端系統（例如電子裝置11）中。在一實施例中，本地伺服器提供與瀏覽器200介接之介面，各載具功能模組111及112則提供數位簽署流程中所需要的功能。另外，可於遠端伺服器300中建置功能網頁201與授權模組301，並於執行時透過瀏覽器200將功能網頁201下載至用戶端系統中（例如電子裝置11）。However, the information and equipment of the client cannot be obtained directly through the functional webpage, so the method of the present invention can be used to assist the functional webpage to call the device of the client or obtain information. Before starting this process, thedigital signature component 12 needs to be installed in the client system (such as the electronic device 11 ). In one embodiment, the local server provides an interface with thebrowser 200, and thecarrier function modules 111 and 112 provide functions required in the digital signature process. In addition, thefunctional webpage 201 and theauthorization module 301 can be built in theremote server 300 , and thefunctional webpage 201 can be downloaded to the client system (such as the electronic device 11 ) through thebrowser 200 during execution.

在一實施例中，當使用者欲存取某個載具（例如自然人憑證）的資訊/功能時，使用者例如可操作功能網頁201以向驗證模組101發起執行需求R1。為便於說明，以下假設載具功能模組111即為用於存在上述載具的資訊/功能，但可不限於此。In one embodiment, when a user wants to access information/functions of a certain carrier (such as a natural person certificate), the user can, for example, operate thefunction web page 201 to initiate an execution request R1 to theauthentication module 101 . For ease of description, it is assumed below that thevehicle function module 111 is the information/function for storing the above-mentioned vehicle, but it is not limited thereto.

在此情況下，執行需求R1例如可包括載具功能模組111的載具功能F1及用於執行載具功能F1所需的功能參數P1。In this case, the execution requirement R1 may include, for example, the vehicle function F1 of thevehicle function module 111 and the function parameters P1 required for executing the vehicle function F1.

在一些實施例中，本發明所稱的載具功能與功能參數是指在實作上，將載具底層所提供的指令，分成幾組可以重複使用的功能，而在執行過程中所需要外部提供之資訊，即為功能參數。舉例而言，假設載具功能F1為自然人憑證登入，即使用者插入自然人憑證並確認其PIN碼。在此情況下，功能參數P1例如是使用者輸入的PIN碼。舉另一例而言，假設載具功能F1為憑證簽署，例如利用自然人憑證簽署資料。在此情況下，功能參數P1例如是待簽署的資料，但可不限於此。In some embodiments, the vehicle functions and function parameters referred to in the present invention refer to dividing the instructions provided by the bottom layer of the vehicle into several groups of reusable functions in practice, and the external The information provided is the function parameter. For example, assume that the vehicle function F1 is natural person certificate login, that is, the user inserts the natural person certificate and confirms its PIN code. In this case, the function parameter P1 is, for example, a PIN code input by the user. For another example, assume that the vehicle function F1 is certificate signing, for example, using a natural person certificate to sign data. In this case, the function parameter P1 is, for example, the document to be signed, but it is not limited thereto.

相應地，在步驟S210中，反應於驗證模組101從電子裝置11的功能網頁201接收執行需求R1，驗證模組101可驗證執行需求R1。Correspondingly, in step S210 , in response to theverification module 101 receiving the execution requirement R1 from thefunction webpage 201 of theelectronic device 11 , theverification module 101 may verify the execution requirement R1 .

在一實施例中，在驗證模組101驗證執行需求R1的過程中，驗證模組101例如可判斷執行需求R1中的載具功能F1是否處於可執行狀態、功能參數P1是否有缺漏，且功能參數P1的格式是否正確。在一實施例中，反應於判定執行需求R1中的載具功能F1處於可執行狀態、功能參數P1未有缺漏，且功能參數P1的格式正確，驗證模組101可判定執行需求R1通過驗證，反之則可判定執行需求R1未通過驗證，但可不限於此。In one embodiment, during the process of verifying the execution requirement R1 by theverification module 101, theverification module 101 can, for example, determine whether the vehicle function F1 in the execution requirement R1 is in an executable state, whether the function parameter P1 is missing, and the function Whether the format of parameter P1 is correct. In one embodiment, in response to determining that the vehicle function F1 in the execution requirement R1 is executable, the function parameter P1 is not missing, and the format of the function parameter P1 is correct, theverification module 101 may determine that the execution requirement R1 has passed the verification, Otherwise, it may be determined that the execution requirement R1 has not passed the verification, but it is not limited thereto.

在一些實施例中，反應於判定執行需求R1未通過驗證，驗證模組101可將從功能網頁201收到的資訊清除，並將一錯誤訊息發送至功能網頁201，以相應地告知使用者，但可不限於此。In some embodiments, in response to determining that the execution requirement R1 has not passed the verification, theverification module 101 may clear the information received from thefunction web page 201 and send an error message to thefunction web page 201 to inform the user accordingly, But not limited to this.

之後，在步驟S220中，反應於判定執行需求R1通過驗證，驗證模組101可基於載具功能F1、功能參數P1、第一指令碼有效時間及驗證模組101的唯一驗證模組特徵值U1產生授權需求G1。Afterwards, in step S220, in response to determining that the execution requirement R1 has passed the verification, theverification module 101 may base on the vehicle function F1, the function parameter P1, the valid time of the first instruction code and the unique verification module characteristic value U1 of theverification module 101 Generate authorization requirements G1.

在一實施例中，在產生授權需求G1的過程中，驗證模組101可基於載具功能F1及功能參數P1產生待授權指令碼C1。In one embodiment, during the process of generating the authorization requirement G1, theverification module 101 can generate the instruction code C1 to be authorized based on the vehicle function F1 and the function parameter P1.

在一實施例中，待授權指令碼C1例如是實作時由載具底層所提供的指令。由於許多指令需整合功能參數P1的內容，因此待授權指令碼C1為執行時動態產生。在一實施例中，載具功能F1可能對應一系列的指令碼，或是僅對應單一的指令碼，視情況而定。舉例而言，假設載具功能F1及功能參數P1對應於卡片登入，則相關的待授權指令碼C1例如可對應於連線載具、驗證載具合法性、驗證使用者PIN碼等。舉另一例而言，假設載具功能F1及功能參數P1對應於憑證簽署，則相關的待授權指令碼C1例如可對應於「將帶簽署資料送入卡片進行簽署」這項指令，但可不限於此。In one embodiment, the instruction code C1 to be authorized is, for example, an instruction provided by the bottom layer of the carrier during implementation. Since many commands need to integrate the content of the function parameter P1, the pending authorization command code C1 is dynamically generated when it is executed. In one embodiment, the vehicle function F1 may correspond to a series of command codes, or only correspond to a single command code, depending on the situation. For example, assuming that the vehicle function F1 and the function parameter P1 correspond to card login, the related command code C1 to be authorized may correspond to connecting the vehicle, verifying the legitimacy of the vehicle, and verifying the user's PIN code, for example. For another example, assuming that the vehicle function F1 and the function parameter P1 correspond to certificate signing, the related command code C1 to be authorized may correspond to the command "send the signed data into the card for signing", but it is not limited to this.

此外，驗證模組101還可產生第一指令碼有效時間T1。在一些實施例中，第一指令碼有效時間T1例如是待授權指令碼C1的有效時間（例如120秒），其可由設計者依需求而定。In addition, theverification module 101 can also generate the valid time T1 of the first instruction code. In some embodiments, the valid time T1 of the first command code is, for example, the valid time of the command code C1 to be authorized (for example, 120 seconds), which can be determined by the designer according to requirements.

此外，驗證模組101可具有唯一驗證模組特徵值U1，其例如是任何可唯一地表徵驗證模組101的身分的特徵值。在一實施例中，唯一驗證模組特徵值U1例如可基於驗證模組101中具有版本區別程式碼區段以雜湊演算法運算所得，但可不限於此。In addition, theverification module 101 may have a unique verification module characteristic value U1 , which is, for example, any characteristic value that can uniquely characterize the identity of theverification module 101 . In one embodiment, the unique verification module characteristic value U1 can be obtained based on, for example, a version-discriminated code segment in theverification module 101 by a hash algorithm, but it is not limited thereto.

在一實施例中，驗證模組101可以對應於驗證模組101的第一加密金鑰K1將待授權指令碼C1、第一指令碼有效時間T1及唯一驗證模組特徵值U1加密為第一待授權指令密文E1；以及將第一待授權指令密文E1及唯一驗證模組特徵值U1作為授權需求G1。In one embodiment, theverification module 101 can encrypt the command code C1 to be authorized, the valid time T1 of the first command code and the unique characteristic value U1 of the verification module corresponding to the first encryption key K1 of theverification module 101 into the first The ciphertext E1 of the instruction to be authorized; and the first ciphertext E1 of the instruction to be authorized and the characteristic value U1 of the unique verification module as the authorization requirement G1.

接著，在步驟S230中，驗證模組101透過功能網頁201向遠端伺服器300中的授權模組301發出授權需求G1。在一實施例中，驗證模組101與功能網頁201之間可預先建立有一安全套接字層（Secure Sockets Layer，SSL）連線，用以傳送授權需求G1，但可不限於此。Next, in step S230 , theverification module 101 sends an authorization request G1 to theauthorization module 301 in theremote server 300 through thefunctional webpage 201 . In one embodiment, a Secure Sockets Layer (Secure Sockets Layer, SSL) connection may be pre-established between theverification module 101 and thefunctional web page 201 for transmitting the authorization request G1, but it is not limited thereto.

在功能網頁201接收授權需求G1後，功能網頁201可將授權需求G1轉傳至遠端伺服器300中的授權模組301。After thefunctional web page 201 receives the authorization request G1 , thefunctional web page 201 can forward the authorization request G1 to theauthorization module 301 in theremote server 300 .

在一實施例中，反應於授權模組301接收功能網頁轉傳的授權需求G1，授權模組301可判斷授權需求G1中的唯一驗證模組特徵值U1是否存在。在一些實施例中，唯一驗證模組特徵值U1可在數位簽署元件12安裝於電子裝置11之前即已記錄於授權模組301中，但可不限於此。In one embodiment, in response to theauthorization module 301 receiving the authorization requirement G1 forwarded by the function webpage, theauthorization module 301 can determine whether the unique verification module characteristic value U1 in the authorization requirement G1 exists. In some embodiments, the unique verification module characteristic value U1 may be recorded in theauthorization module 301 before thedigital signature element 12 is installed in theelectronic device 11 , but it is not limited thereto.

因此，在授權模組301收到授權需求G1，可先確認授權需求G1中的唯一驗證模組特徵值U1是否匹配於授權模組301所儲存的任一已有的驗證模組特徵值。反應於判定授權模組301所儲存的任一已有的驗證模組特徵值匹配於授權需求G1中的唯一驗證模組特徵值U1，授權模組301可判定授權需求G1中的唯一驗證模組特徵值U1存在，反之則可判定授權需求G1中的唯一驗證模組特徵值U1不存在，但可不限於此。Therefore, when theauthorization module 301 receives the authorization request G1 , it can first confirm whether the unique verification module characteristic value U1 in the authorization request G1 matches any existing verification module characteristic value stored in theauthorization module 301 . In response to determining that any existing verification module characteristic value stored in theauthorization module 301 matches the unique verification module characteristic value U1 in the authorization requirement G1, theauthorization module 301 may determine the unique verification module in the authorization requirement G1 If the characteristic value U1 exists, otherwise, it can be determined that the unique verification module characteristic value U1 in the authorization requirement G1 does not exist, but it is not limited thereto.

反應於判定授權需求G1中的唯一驗證模組特徵值U1存在，授權模組301可取得對應於第一加密金鑰K1的一第一解密金鑰K1a，並以第一解密金鑰K1a將授權需求G1中的第一待授權指令密文E1解密為待授權指令碼C1、第一指令碼有效時間T1及唯一驗證模組特徵值U1。In response to determining that the unique verification module characteristic value U1 in the authorization requirement G1 exists, theauthorization module 301 can obtain a first decryption key K1a corresponding to the first encryption key K1, and use the first decryption key K1a to authorize The ciphertext E1 of the first command to be authorized in the requirement G1 is decrypted into the command code C1 to be authorized, the valid time T1 of the first command code and the characteristic value U1 of the unique verification module.

在一些實施例中，在數位簽署元件12安裝於電子裝置11中之後，授權模組301例如可預存有對應於驗證模組101的第一加密金鑰K1的一第一解密金鑰K1a，且其可用於解密由第一加密金鑰K1所加密後的資料，但可不限於此。In some embodiments, after thedigital signature element 12 is installed in theelectronic device 11, theauthorization module 301 may, for example, pre-store a first decryption key K1a corresponding to the first encryption key K1 of theverification module 101, and It can be used to decrypt data encrypted by the first encryption key K1, but is not limited thereto.

接著，授權模組301例如可驗證第一待授權指令密文E1中的待授權指令碼C1、第一指令碼有效時間T1及唯一驗證模組特徵值U1。在一實施例中，授權模組301可判斷收到授權需求G1的時間是否已超過第一指令碼有效時間T1對應的時間區間，以及判斷唯一驗證模組特徵值U1是否正確。在一實施例中，反應於判定收到授權需求G1的時間未已超過第一指令碼有效時間T1對應的時間區間，且唯一驗證模組特徵值U1正確，授權模組301可判定第一待授權指令密文中E1的第一指令碼有效時間T1及唯一驗證模組特徵值U1通過驗證，反之亦反。Next, theauthorization module 301 can verify, for example, the command code C1 to be authorized in the first command ciphertext E1 to be authorized, the valid time T1 of the first command code, and the unique verification module characteristic value U1. In one embodiment, theauthorization module 301 can determine whether the time of receiving the authorization request G1 has exceeded the time interval corresponding to the first instruction code valid time T1, and determine whether the unique verification module characteristic value U1 is correct. In one embodiment, theauthorization module 301 may determine that the time interval for receiving the authorization request G1 has not exceeded the time interval corresponding to the first instruction code valid time T1, and the characteristic value U1 of the unique verification module is correct. The valid time T1 of the first command code of E1 in the authorization command ciphertext and the characteristic value U1 of the unique verification module pass the verification, and vice versa.

在一實施例中，假設數位簽署元件12中的載具功能模組111受到竄改或置換，則授權模組301即可因無法識別唯一驗證模組特徵值U1而判定唯一驗證模組特徵值U1不正確，進而中止後續的操作，但可不限於此。藉此，可保證所呼叫的載具功能模組111是正確且安全的。In one embodiment, assuming that thecarrier function module 111 in thedigital signature element 12 is tampered with or replaced, theauthorization module 301 can determine the unique verification module characteristic value U1 because it cannot recognize the unique verification module characteristic value U1 Incorrect, and then suspend subsequent operations, but not limited to this. In this way, it can be ensured that the calledvehicle function module 111 is correct and safe.

此外，授權模組301還可判斷待授權指令碼C1是否合法/正確。若是，則授權模組301可判定待授權指令碼C1通過驗證，反之亦反。In addition, theauthorization module 301 can also determine whether the instruction code C1 to be authorized is legal/correct. If yes, theauthorization module 301 can determine that the command code C1 to be authorized has passed the verification, and vice versa.

在一實施例中，反應於判定第一待授權指令密文E1中的待授權指令碼C1、第一指令碼有效時間T1及唯一驗證模組特徵值U1通過驗證，授權模組301可解析待授權指令碼C1以取得載具功能F1及功能參數P1，並據以找出對應於載具功能模組111的一功能模組名稱N1及一功能模組特徵值N2。In one embodiment, theauthorization module 301 can analyze the pending authorization command code C1, the first valid time T1 of the first command code, and the unique verification module characteristic value U1 in the first pending authorization command ciphertext E1 to pass the verification. The command code C1 is authorized to obtain the vehicle function F1 and the function parameter P1, and a function module name N1 and a function module characteristic value N2 corresponding to thevehicle function module 111 are found accordingly.

在一些實施例中，載具功能模組111的功能模組名稱N1例如可已預先註冊於授權模組301中，而授權模組301例如可記錄有載具功能模組111的唯一特徵值作為功能模組特徵值N2，但可不限於此。在一實施例中，功能模組名稱N1例如是載具功能模組111的名稱，而產生功能模組特徵值N2的方式例如可相同於產生唯一驗證模組特徵值U1，但可不限於此。In some embodiments, the function module name N1 of thevehicle function module 111 may be pre-registered in theauthorization module 301, and theauthorization module 301 may record the unique characteristic value of thevehicle function module 111 as The feature value N2 of the functional module, but not limited thereto. In one embodiment, the function module name N1 is, for example, the name of thevehicle function module 111 , and the method of generating the function module characteristic value N2 may be the same as generating the unique verification module characteristic value U1 , but it is not limited thereto.

之後，授權模組301例如可基於待授權指令碼C1及第二指令碼有效時間T2產生待執行指令I1。在一實施例中，第二指令碼有效時間T2例如是待執行指令I1的有效時間（例如120秒），其可由設計者依需求而定。在一些實施例中，待執行指令I1可理解為加上第二指令碼有效時間T2作為時間限制的待授權指令碼C1，但可不限於此。Afterwards, theauthorization module 301 can generate the instruction I1 to be executed based on the instruction code C1 to be authorized and the valid time T2 of the second instruction code, for example. In one embodiment, the second instruction code valid time T2 is, for example, the valid time of the instruction I1 to be executed (for example, 120 seconds), which can be determined by the designer according to requirements. In some embodiments, the to-be-executed instruction I1 can be understood as the to-be-authorized instruction code C1 with the second instruction code valid time T2 as a time limit, but it is not limited thereto.

接著，授權模組301可基於對應於授權模組301的第二加密金鑰K2將待執行指令I1、功能模組名稱N1及功能模組特徵值N2加密為一待執行指令密文E2，並可透過功能網頁201發送授權通過需求G2至驗證模組101，其中授權通過需求G2可包括待執行指令密文E2。Then, theauthorization module 301 can encrypt the instruction I1 to be executed, the name of the function module N1 and the feature value N2 of the function module based on the second encryption key K2 corresponding to theauthorization module 301 into a ciphertext E2 of the instruction to be executed, and The authorization pass request G2 can be sent to theverification module 101 through thefunction web page 201 , wherein the authorization pass request G2 can include the cipher text E2 of the command to be executed.

在一實施例中，功能網頁201可透過上述SSL連線將授權通過需求G2發送至驗證模組101，但可不限於此。In one embodiment, thefunctional web page 201 can send the authorization pass request G2 to theverification module 101 through the above-mentioned SSL connection, but it is not limited thereto.

在步驟S240中，反應於驗證模組101從授權模組301接收授權通過需求G2，驗證模組101可驗證授權通過需求G2。In step S240, in response to theverification module 101 receiving the authorization passing requirement G2 from theauthorization module 301, theverification module 101 may verify the authorization passing requirement G2.

在一實施例中，反應於接收授權通過需求G2，基於對應於第二加密金鑰K2的第二解密金鑰K2a解密授權通過需求G2中的待執行指令密文E2，以取得待執行指令I1、功能模組名稱N1及功能模組特徵值N2。In one embodiment, in response to receiving the authorization request G2, the ciphertext E2 of the instruction to be executed in the authorization request G2 is decrypted based on the second decryption key K2a corresponding to the second encryption key K2, so as to obtain the instruction I1 to be executed , the function module name N1 and the function module characteristic value N2.

在一實施例中，在數位簽署元件12安裝於電子裝置11中之後，驗證模組101例如可預存有對應於授權模組301的第二加密金鑰K2的第二解密金鑰K2a，且其可用於解密由第二加密金鑰K2所加密後的資料，但可不限於此。In one embodiment, after thedigital signature element 12 is installed in theelectronic device 11, theverification module 101 may, for example, pre-store the second decryption key K2a corresponding to the second encryption key K2 of theauthorization module 301, and its It can be used to decrypt data encrypted by the second encryption key K2, but is not limited thereto.

在一實施例中，驗證模組101可判斷功能模組名稱N1是否存在、功能模組特徵值N2是否匹配於電子裝置11中的載具功能模組111的唯一特徵值，且待執行指令I1是否合法。在一實施例中，反應於判定功能模組名稱N1存在（例如電子裝置11中確實已安裝有名為功能模組名稱N1的載具功能模組111）、功能模組特徵值N2匹配於電子裝置11中的載具功能模組111的唯一特徵值，且待執行指令I1合法，驗證模組101可判定授權通過需求G2通過驗證，反之亦反。In one embodiment, theverification module 101 can determine whether the function module name N1 exists, whether the function module characteristic value N2 matches the unique characteristic value of thecarrier function module 111 in theelectronic device 11, and the instruction I1 is to be executed. is it legal. In one embodiment, in response to determining that the function module name N1 exists (for example, theelectronic device 11 has indeed installed thecarrier function module 111 named the function module name N1), the feature value N2 of the function module matches the electronic device The unique characteristic value of thevehicle function module 111 in 11, and the instruction I1 to be executed is legal, theverification module 101 can determine that the authorization passes the verification requirement G2, and vice versa.

在一實施例中，驗證模組101可判斷待執行指令I1的執行順序是否合法。若是，則驗證模組101可判定待執行指令I1合法。另一方面，若待執行指令I1的執行順序未得到適當的安排，則驗證模組101可判定待執行指令I1不合法。舉例而言，假設執行需求R1另經配置以要求載具功能模組112執行某載具功能F2，而認證系統10已依先前實施例中的教示產生對應的待執行指令I2，且待執行指令I2需在待執行指令I1之前執行。在此情況下，若驗證模組101判定待執行指令I2被安排於待執行指令I1之後執行，或是待執行指令I1被安排為單獨執行，則驗證模組101可因待執行指令I1的執行順序未得到適當的安排而判定待執行指令I1/待執行指令I2不合法，但可不限於此。In one embodiment, theverification module 101 can determine whether the execution sequence of the instruction I1 to be executed is legal. If yes, theverification module 101 can determine that the instruction I1 to be executed is legal. On the other hand, if the execution order of the instruction I1 to be executed is not properly arranged, theverification module 101 may determine that the instruction I1 to be executed is illegal. For example, assume that the execution requirement R1 is additionally configured to require the vehicle function module 112 to execute a certain vehicle function F2, and theauthentication system 10 has generated the corresponding instruction I2 to be executed according to the teaching in the previous embodiment, and the instruction to be executed I2 needs to be executed before the instruction I1 to be executed. In this case, if theverification module 101 determines that the to-be-executed instruction I2 is scheduled to be executed after the to-be-executed instruction I1, or the to-be-executed instruction I1 is scheduled to be executed independently, theverification module 101 may It is determined that the instruction I1/I2 to be executed is illegal if the order is not properly arranged, but it is not limited thereto.

在步驟S250中，反應於判定授權通過需求G2通過驗證，驗證模組101可要求載具功能模組111執行載具功能F1。在一實施例中，驗證模組101可呼叫載具功能模組111執行待執行指令I1，以執行載具功能F1，但可不限於此。In step S250 , in response to determining that the authorization passes the verification requirement G2 , theverification module 101 may request thevehicle function module 111 to execute the vehicle function F1 . In one embodiment, theverification module 101 can call thevehicle function module 111 to execute the instruction I1 to be executed to execute the vehicle function F1, but it is not limited thereto.

在一實施例中，在驗證模組101要求載具功能模組111執行載具功能F1之前，驗證模組101可先判斷收到授權通過需求G2的時間是否已超過第二指令碼有效時間T2對應的時間區間。若否，驗證模組101可不要求載具功能模組111執行載具功能F1。另一方面，反應於判定收到授權通過需求G2的時間未超過第二指令碼有效時間T2對應的時間區間，驗證模組101可相應地要求載具功能模組111執行載具功能F1，但可不限於此。In one embodiment, before theverification module 101 requests thevehicle function module 111 to execute the vehicle function F1, theverification module 101 may first determine whether the time for receiving the authorization pass request G2 has exceeded the second instruction code valid time T2 the corresponding time interval. If not, theverification module 101 may not require thecarrier function module 111 to execute the carrier function F1. On the other hand, in response to determining that the time for receiving the authorization to pass the requirement G2 does not exceed the time interval corresponding to the second instruction code valid time T2, theverification module 101 can correspondingly request thevehicle function module 111 to execute the vehicle function F1, but It is not limited to this.

在一實施例中，反應於判定載具功能模組111成功執行載具功能F1，載具功能模組111可回傳執行結果R2至功能網頁201，但可不限於此。In one embodiment, in response to determining that thevehicle function module 111 successfully executes the vehicle function F1, thevehicle function module 111 may return the execution result R2 to thefunction webpage 201, but it is not limited thereto.

在一些實施例中，反應於判定授權通過需求G2未通過驗證，驗證模組101可將從功能網頁201收到的資訊清除，並將一錯誤訊息發送至功能網頁201，以相應地告知使用者，但可不限於此。In some embodiments, in response to determining that the authorization requirement G2 has not passed the verification, theverification module 101 may clear the information received from thefunction web page 201, and send an error message to thefunction web page 201, so as to inform the user accordingly , but not limited to this.

綜上所述，本發明藉由架構於用戶端（例如電子裝置）的本地伺服器與位於網路端的遠端伺服器，來進行交互認證，以確保所呼叫的數位簽署元件的功能是正確且安全的。在上述認證過程中，本發明利用加密方法以及預先交換的機密進行演算來保護認證資料，並在遠端與本地伺服器之間交換以進行交互認證，來達成安全使用用戶端元件功能的目的。透過本發明的方法，可確保在用戶端部署的數位簽署元件不至於被置換其內容或是藉由竄改功能網頁來進行不當使用，並加上有效時間區間認證，避免內容被截取後重複使用。To sum up, the present invention uses a local server on the client side (such as an electronic device) and a remote server on the network side to perform mutual authentication, so as to ensure that the function of the called digital signature component is correct and safe. In the above authentication process, the present invention utilizes encryption methods and pre-exchanged secrets to perform calculations to protect authentication data, and exchange between remote and local servers for interactive authentication, so as to achieve the purpose of safely using user-end component functions. Through the method of the present invention, it can be ensured that the digital signature component deployed on the client side will not be replaced by its content or improperly used by tampering with the functional webpage, and the effective time interval authentication is added to prevent the content from being intercepted and reused.

此外，本發明至少具備以下特點：（1）本發明可對部署在用戶端元件之完整性進行保護，使用其功能前先進行驗證，確保元件檔案或程式碼不被置換取代；（2）本發明可對用戶端元件功能進行保護，以加密運算後的指令來進行元件功能的呼叫，避免產生不合法或是預期以外的功能使用；（3）本發明整合指令有效時效區間認證，指令僅在固定的時間區間內有效，避免指令被截取後重複使用。In addition, the present invention has at least the following characteristics: (1) The present invention can protect the integrity of the components deployed on the client side, and verify the functions before using them to ensure that the component files or program codes are not replaced; (2) The invention can protect the component functions of the user end, and use the encrypted instructions to call the component functions to avoid illegal or unexpected use of functions; It is valid within a fixed time interval to avoid repeated use of instructions after being intercepted.

雖然本發明已以實施例揭露如上，然其並非用以限定本發明，任何所屬技術領域中具有通常知識者，在不脫離本發明的精神和範圍內，當可作些許的更動與潤飾，故本發明的保護範圍當視後附的申請專利範圍所界定者為準。Although the present invention has been disclosed above with the embodiments, it is not intended to limit the present invention. Anyone with ordinary knowledge in the technical field may make some changes and modifications without departing from the spirit and scope of the present invention. The scope of protection of the present invention should be defined by the scope of the appended patent application.

10:認證系統 11:電子裝置 12:數位簽署元件 100:本地伺服器 111, 112:載具功能模組 200:瀏覽器 201:功能網頁 300:遠端伺服器 R1:執行需求 F1:載具功能 P1:功能參數 U1:唯一驗證模組特徵值 G1:授權需求 E1:第一待授權指令密文 G2:授權通過需求 E2:待執行指令密文 R2:執行結果 S210~S250:步驟10: Authentication system 11: Electronic device 12:Digital Signature Components 100:local server 111, 112: Vehicle function modules 200: browser 201: Functional web page 300: remote server R1: Execution Requirements F1: Vehicle function P1: Function parameters U1: unique verification module characteristic value G1: Authorization requirements E1: The ciphertext of the first instruction to be authorized G2: Authorization through requirements E2: The ciphertext of the instruction to be executed R2: Execution result S210~S250: steps

圖1是依據本發明之一實施例繪示的應用於數位簽署元件的認證系統示意圖。圖2是依據本發明之一實施例繪示的應用於數位簽署元件的認證方法流程圖。FIG. 1 is a schematic diagram of an authentication system applied to digital signature components according to an embodiment of the present invention. FIG. 2 is a flow chart of an authentication method applied to a digital signature component according to an embodiment of the present invention.

S210~S250:步驟S210~S250: steps

Claims

Translated fromChinese

一種應用於數位簽署元件的認證系統，包括：一電子裝置，其安裝有一數位簽署元件，其中該數位簽署元件包括一本地伺服器、一驗證模組及一載具功能模組，且該電子裝置經配置以：反應於該驗證模組從該電子裝置的一功能網頁接收一執行需求，由該驗證模組驗證該執行需求，其中該執行需求包括該載具功能模組的一載具功能及用於執行該載具功能所需的一功能參數；基於該載具功能及該功能參數產生一待授權指令碼，其中該待授權指令碼對應於一第一指令碼；產生該第一指令碼的一第一指令碼有效時間，其中該待授權指令碼的一授權指令碼有效時間對應於該第一指令碼的該第一指令碼有效時間；反應於判定該執行需求通過驗證，由該驗證模組基於該載具功能、該功能參數、該第一指令碼有效時間及該驗證模組的唯一驗證模組特徵值產生一授權需求；由該驗證模組透過該功能網頁向一遠端伺服器中的一授權模組發出該授權需求；反應於該驗證模組從該授權模組接收一授權通過需求，驗證該授權通過需求；以及反應於判定該授權通過需求通過驗證，由該驗證模組要求該載具功能模組執行該載具功能。An authentication system applied to digital signature components, comprising: an electronic device installed with a digital signature component, wherein the digital signature component includes a local server, a verification module and a carrier function module, and the electronic device configured to: respond to the verification module receiving an execution request from a function web page of the electronic device, verifying the execution request by the verification module, wherein the execution request includes a carrier function and a carrier function of the carrier function module A function parameter required for executing the vehicle function; generating a command code to be authorized based on the vehicle function and the function parameter, wherein the command code to be authorized corresponds to a first command code; generating the first command code A valid time of a first command code, wherein an authorized command code valid time of the command code to be authorized corresponds to the valid time of the first command code of the first command code; in response to determining that the execution requirement passes the verification, the verification The module generates an authorization request based on the vehicle function, the function parameter, the valid time of the first command code and the unique verification module characteristic value of the verification module; the verification module sends a remote server through the function web page An authorization module in the device sends the authorization request; in response to the verification module receiving an authorization pass request from the authorization module, verifying the authorization pass request; andIn response to determining that the authorization passes the verification, the verification module requires the vehicle function module to execute the vehicle function.

如請求項1所述的系統，其中該電子裝置經配置以：反應於判定該執行需求中的該載具功能處於一可執行狀態、該功能參數未有缺漏，且該功能參數的格式正確，判定該執行需求通過驗證。The system as claimed in claim 1, wherein the electronic device is configured to: respond to determining that the vehicle function in the execution request is in an executable state, the function parameter is not missing, and the format of the function parameter is correct, It is determined that the execution requirement passes the verification.

如請求項1所述的系統，其中該電子裝置經配置以：以對應於該驗證模組的一第一加密金鑰將該待授權指令碼、該第一指令碼有效時間及該唯一驗證模組特徵值加密為一第一待授權指令密文；以及將該第一待授權指令密文及該唯一驗證模組特徵值作為該授權需求。The system as claimed in claim 1, wherein the electronic device is configured to: use a first encryption key corresponding to the verification module to the command code to be authorized, the first command code valid time and the unique verification module The group feature value is encrypted into a first ciphertext of the command to be authorized; and the ciphertext of the first command to be authorized and the unique verification module feature value are used as the authorization requirement.

如請求項3所述的系統，更包括該遠端伺服器，其經配置以：反應於該授權模組接收該功能網頁轉傳的該授權需求，判斷該授權需求中的該唯一驗證模組特徵值是否存在；反應於判定該授權需求中的該唯一驗證模組特徵值存在，由該授權模組取得對應於該第一加密金鑰的一第一解密金鑰，並以該第一解密金鑰將該授權需求中的該第一待授權指令密文解密為該待授權指令碼、該第一指令碼有效時間及該唯一驗證模組特徵值；反應於判定該第一待授權指令密文中的該待授權指令碼、該第一指令碼有效時間及該唯一驗證模組特徵值通過驗證，由該授權模組解析該待授權指令碼以取得該載具功能及該功能參數，並據以找出對應於該載具功能模組的一功能模組名稱及一功能模組特徵值；由該授權模組基於該待授權指令碼及一第二指令碼有效時間產生一待執行指令；由該授權模組基於對應於該授權模組的一第二加密金鑰將該待執行指令、該功能模組名稱及該功能模組特徵值加密為一待執行指令密文；以及由該授權模組透過該功能網頁發送該授權通過需求至該驗證模組，其中該授權通過需求包括該待執行指令密文。The system as described in claim 3 further includes the remote server configured to: respond to the authorization request forwarded by the function webpage received by the authorization module, and determine the unique verification module in the authorization request Whether the feature value exists; in response to determining that the unique authentication module feature value in the authorization requirement exists, the authorization module obtains a first decryption key corresponding to the first encryption key, and uses the first decryption key The key decrypts the ciphertext of the first instruction to be authorized in the authorization requirement into the instruction code to be authorized, the valid time of the first instruction code and the characteristic value of the unique verification module; The instruction code to be authorized, the effective time of the first instruction code and the characteristic value of the unique verification module in the text have been verified, and the authorizedThe module analyzes the instruction code to be authorized to obtain the vehicle function and the function parameter, and accordingly finds out a function module name and a function module characteristic value corresponding to the vehicle function module; generating an instruction to be executed based on the instruction code to be authorized and a valid time of a second instruction code; the instruction to be executed, the function module by the authorization module based on a second encryption key corresponding to the authorization module The name and the feature value of the functional module are encrypted into a ciphertext of the command to be executed; and the authorization module sends the authorization pass request to the verification module through the function webpage, wherein the authorization pass request includes the ciphertext of the command to be executed .

如請求項4所述的系統，其中對應於該載具功能模組的該功能模組名稱及該功能模組特徵值預先註冊於該授權模組中。The system as claimed in claim 4, wherein the function module name and the function module characteristic value corresponding to the vehicle function module are pre-registered in the authorization module.

如請求項4所述的系統，其中該電子裝置經配置以：反應於接收該授權通過需求，基於對應於該第二加密金鑰的一第二解密金鑰解密該授權通過需求中的該待執行指令密文，以取得該待執行指令、該功能模組名稱及該功能模組特徵值；反應於判定該功能模組名稱存在、該功能模組特徵值匹配於該電子裝置中的該載具功能模組，且該待執行指令合法，由該驗證模組判定該授權通過需求通過驗證。The system of claim 4, wherein the electronic device is configured to: in response to receiving the authorization request, decrypt the pending authorization request in the authorization request based on a second decryption key corresponding to the second encryption key Execute the instruction ciphertext to obtain the instruction to be executed, the name of the functional module and the characteristic value of the functional module; in response to determining that the name of the functional module exists and the characteristic value of the functional module matches the loaded There is a functional module, and the command to be executed is legal, and the verification module determines that the authorization passes the verification.

如請求項6所述的系統，其中該電子裝置經配置以：反應於判定該授權通過需求通過驗證，由該驗證模組呼叫該載具功能模組執行該待執行指令，以執行該載具功能。The system of claim 6, wherein the electronic device is configured to:In response to determining that the authorization passes the requirement verification, the verification module calls the vehicle function module to execute the instruction to be executed, so as to execute the vehicle function.

如請求項1所述的系統，其中該電子裝置更經配置以：反應於判定該載具功能模組成功執行該載具功能，由該載具功能模組回傳一執行結果至該功能網頁。The system as described in claim 1, wherein the electronic device is further configured to: in response to determining that the vehicle function module successfully executes the vehicle function, the vehicle function module returns an execution result to the function web page .