CN101764688A

CN101764688A - Remote assistance method and remote assistance system

Info

Publication number: CN101764688A
Application number: CN200810184932A
Authority: CN
Inventors: 邓博元; 郭伦嘉; 黄义雄; 柯力群
Original assignee: Industrial Technology Research Institute ITRI
Current assignee: Industrial Technology Research Institute ITRI
Priority date: 2008-12-23
Filing date: 2008-12-23
Publication date: 2010-06-30
Anticipated expiration: 2028-12-23
Also published as: CN101764688B

Abstract

The invention relates to a remote assistance method, which is applied to a remote assistance system. The remote assistance system comprises a server device, a help seeking end device and an assistance end device. The remote assistance method includes the following steps. First, in response to a help seeking event, the ticket information is encrypted according to the first key so as to provide the encrypted ticket information to the server device. And then, the encrypted ticket information provided by the help-seeking terminal device is decoded according to the second key so as to obtain the ticket information through decoding. And finally, providing the ticket information obtained by decoding to the assisting end device, so that the assisting end device can log in the help seeking end device and perform remote assisting operation.

Description

Remote assistance method and remote assistance system

技术领域technical field

本发明涉及一种通讯系统，且特别是涉及一种用以实现远方协助功能的远方协助系统。The invention relates to a communication system, and in particular to a remote assistance system for realizing the remote assistance function.

背景技术Background technique

在科技发展日新月异的现今时代中，许多通讯技术系被广泛地应用在许多应用场合中，以便利人们的日常生活。在一种应用场合中，电子产品供货商的客户服务部门提供产品操作协助服务给无法正常使用其供应的电子产品的远程使用。In today's era of rapid technological development, many communication technologies are widely used in many applications to facilitate people's daily life. In one application, the customer service department of an electronic product supplier provides product operation assistance services to remote users who cannot use the electronic products it supplies normally.

在现有的常见技术中，处于远程的电子产品使用者需自行通过室内电话、移动电话或网络等通讯连结向客户服务部门取得操作教示及协助。然而，如何利用现有的通讯技术来设计出更为便利且操作方便的远程协助系统为业界不断致力的方向之一。In the existing common technology, remote users of electronic products need to obtain operation instructions and assistance from the customer service department through communication links such as indoor telephones, mobile phones or the Internet. However, how to use the existing communication technology to design a more convenient and easy-to-operate remote assistance system is one of the directions that the industry is constantly working on.

发明内容Contents of the invention

本发明的目的在于提供一种安全地远程登入他人装置的方法，让某一使用者可登入至他人装置进行问题处理或系统修复的功用，对被协助者来说，本发明达到简易操作即可进行被他人协助的行为，本发明亦考虑通讯时的各种安全性、实时性及系统实作的灵活性，为此，本发明提供一种远程协助方法及远程协助系统。The purpose of the present invention is to provide a method for remotely logging into other people's devices safely, so that a certain user can log in to other people's devices for problem solving or system repair. For the person being assisted, the present invention can achieve simple operation. For the act of being assisted by others, the present invention also considers various security, real-time and system implementation flexibility during communication. Therefore, the present invention provides a remote assistance method and a remote assistance system.

为达成所述目的，本发明提供一种远程协助方法及远程协助系统如下所述：To achieve the above purpose, the present invention provides a remote assistance method and a remote assistance system as follows:

本发明提供一种远程协助系统，其中的求助端装置(即是使用者端操作的装置)是响应于求助事件来将门票信息经由远程协助系统的服务器装置提供至协助端装置。如此，协助端装置可根据门票信息登入至求助端装置，以协助求助端装置排除操作问题。The present invention provides a remote assistance system, wherein a help-seeking device (that is, a device operated by a user terminal) responds to a help-seeking event to provide ticket information to the assisting device via a server device of the remote assistance system. In this way, the assistance terminal device can log in to the assistance terminal device according to the ticket information, so as to assist the assistance terminal device to troubleshoot operation problems.

根据本发明提出一种远程协助方法，应用于远程协助系统。远程协助系统包括服务器装置、求助端装置及协助端装置。远程协助方法包括下列的步骤。首先响应于求助事件，根据第一金钥(Key)对门票(Ticket)信息进行加密，以提供第一加密门票(Ticket)信息至服务器装置。接着根据第二金钥对求助端装置提供的第一加密门票信息进行译码，以译码得到门票信息。之后，提供译码得到的门票信息至协助端装置，由此，协助端装置可登入求助端装置，并进行远程协助操作。According to the present invention, a remote assistance method is provided, which is applied to a remote assistance system. The remote assistance system includes a server device, a help-seeking device and an assisting device. The remote assistance method includes the following steps. Firstly, in response to the help request event, the ticket information is encrypted according to the first key (Key), so as to provide the first encrypted ticket information to the server device. Then, according to the second key, the first encrypted ticket information provided by the help-calling device is decoded to obtain the ticket information. Afterwards, the decoded ticket information is provided to the assisting device, so that the assisting device can log in to the assisting device and perform remote assistance operations.

根据本发明提出一种远程协助系统，包括求助端装置、服务器装置及协助端装置。求助端装置具有第一金钥，求助端装置响应于求助事件，根据第一金钥对门票信息进行加密，以提供第一加密门票信息。服务器装置具有第二金钥，服务器装置根据第二金钥对第一加密门票信息进行译码，以译码得到并提供门票信息。协助端装置接收服务器装置提供的门票信息，由此，协助端装置可登入求助端装置，并进行远程协助操作。According to the present invention, a remote assistance system is proposed, including a help-seeking terminal device, a server device, and an assistance terminal device. The help-seeking device has a first key, and in response to a help-seeking event, the help-calling device encrypts the ticket information according to the first key to provide first encrypted ticket information. The server device has a second key, and the server device decodes the first encrypted ticket information according to the second key, so as to obtain and provide the ticket information by decoding. The assistance terminal device receives the ticket information provided by the server device, so that the assistance terminal device can log in to the assistance terminal device and perform remote assistance operations.

根据本发明提出一种远程协助系统，用以与协助端装置进行通讯操作。远程协助系统包括求助端装置及服务器装置。求助端装置具有第一金钥，求助端装置响应于求助事件根据第一金钥对门票信息进行加密，以提供第一加密门票信息。服务器装置具有第二金钥，服务器装置根据第二金钥对第一加密门票信息进行译码，以译码得到并提供门票信息至协助端装置。由此，协助端装置可登入求助端装置，并进行远程协助操作。According to the present invention, a remote assistance system is provided, which is used for communicating with an assistance terminal device. The remote assistance system includes a help request terminal device and a server device. The help-calling device has a first key, and the help-calling device encrypts the ticket information according to the first key in response to a help-calling event, so as to provide first encrypted ticket information. The server device has a second key, and the server device decodes the first encrypted ticket information according to the second key, so as to obtain and provide the ticket information to the assisting terminal device. Thus, the assisting device can log in to the assisting device and perform remote assistance operations.

本发明有益效果：一般远程联机作法多为两台主机间预先共享某种秘密(例如账号密码)，再加上一额外Channel(如手机简讯)而进行登入。而本发明的方法达到的效果是，通过一服务器主机协助，让第三方协助端装置与被登入目标装置间不需预先有任何共享秘密而能够安全地进行远程联机，解决目标装置位于浮动IP地址与防火墙后端的问题，也不限定协助端装置的特定身份，随时可动态调整。技术上本发明服务器主机可利用多信道方式将目标装置数据传给协助装置，以增加数据传输的安全性，并通过Secret Sharing信息封装来增加系统的可靠度，与现有技术相比，具显著的进步性。Beneficial effects of the present invention: In common remote connection methods, some kind of secret (such as an account password) is pre-shared between two hosts, and an additional Channel (such as a mobile phone text message) is added to log in. The effect achieved by the method of the present invention is that, through the assistance of a server host, the third-party assistance terminal device and the logged-in target device can safely perform remote connection without any shared secret in advance, and solve the problem that the target device is located at a floating IP address. Issues with the backend of the firewall are not limited to the specific identity of the assisting device, and can be adjusted dynamically at any time. Technically, the server host of the present invention can transmit the data of the target device to the assisting device in a multi-channel manner to increase the security of data transmission, and increase the reliability of the system through Secret Sharing information encapsulation. Compared with the prior art, it has a significant progress.

附图说明Description of drawings

图1绘示依照本发明实施例的远程协助系统的方块图。FIG. 1 is a block diagram of a remote assistance system according to an embodiment of the present invention.

图2绘示乃图1的操作次序图。FIG. 2 shows the operation sequence diagram of FIG. 1 .

图3绘示依照本发明实施例的远程协助系统的另一方块图。FIG. 3 is another block diagram of a remote assistance system according to an embodiment of the present invention.

图4绘示乃图3的操作次序图。FIG. 4 shows the operation sequence diagram of FIG. 3 .

图5绘示依照本发明实施例的远程协助系统的再一方块图。FIG. 5 is another block diagram of the remote assistance system according to an embodiment of the present invention.

图6绘示乃图5的操作次序图。FIG. 6 shows the operation sequence diagram of FIG. 5 .

图7绘示依照本发明实施例的远程协助系统的再一方块图。FIG. 7 is another block diagram of the remote assistance system according to an embodiment of the present invention.

图8绘示乃图7的操作次序图。FIG. 8 shows the operation sequence diagram of FIG. 7 .

图9绘示依照本发明实施例的远程协助系统的再一方块图。FIG. 9 is another block diagram of the remote assistance system according to an embodiment of the present invention.

图10绘示依照本发明实施例的远程协助系统的再一方块图。FIG. 10 is another block diagram of the remote assistance system according to the embodiment of the present invention.

图11绘示乃图10的操作次序图。FIG. 11 shows the operation sequence diagram of FIG. 10 .

【主要元件符号说明】[Description of main component symbols]

1、2、3、4、5：远程协助系统1, 2, 3, 4, 5: remote assistance system

12、22、32、42、42′、52：求助端装置12, 22, 32, 42, 42', 52: help-side device

14、24、34、44、44′、54：服务器装置14, 24, 34, 44, 44', 54: server device

16、26、36、46、46′、56：协助端装置16, 26, 36, 46, 46', 56: Assist end device

C、Cm-Cm、C1′、Cj′、C1″、Cj″：通讯信道C, Cm-Cm, C1', Cj', C1", Cj": communication channel

具体实施方式Detailed ways

为让本发明的上述内容能更明显易懂，下文特举一较佳实施例，并配合附图，作详细说明如下：In order to make the above-mentioned content of the present invention more obvious and understandable, a preferred embodiment is specially cited below, together with the accompanying drawings, and described in detail as follows:

请参照图1及图2，图1绘示依照本发明实施例的远程协助系统的方块图，图2绘示乃图1的操作次序图。远程协助系统1包括求助端装置12、服务器装置14及协助端装置16。举例来说，求助端装置12为通过家庭网关器(Home Gateway)联机至网络的家电装置。如此，求助端装置12具有可响应于经由网络及家庭网关器提供的指令执行对应操作的远程操作功能。在一个例子中，此电子式家电装置例如为数字电视装置。Please refer to FIG. 1 and FIG. 2 , FIG. 1 is a block diagram of a remote assistance system according to an embodiment of the present invention, and FIG. 2 is an operation sequence diagram of FIG. 1 . The remote assistance system 1 includes a help request terminal device 12 , a server device 14 and an assistance terminal device 16 . For example, the help-seeking device 12 is a home appliance device connected to the network through a home gateway (Home Gateway). In this way, the help-calling device 12 has a remote operation function capable of performing corresponding operations in response to instructions provided via the network and the home gateway. In one example, the electronic home appliance device is, for example, a digital television device.

求助端装置12具有金钥(Key)KeyN。求助端装置12响应于求助事件Eh，根据金钥KeyN来对门票(Ticket)信息IT进行加密，以提供加密门票信息IT_k与求助指令Chp。举例来说，门票信息IT_k例如包括使用者账号信息、密码信息及网络地址(IP)地址信息。求助事件Eh例如为使用者启动求助端装置12的控制面板上的求助控制按键的事件。The helper device 12 has a key (Key) KeyN. In response to the help-seeking event Eh, the help-seeking device 12 encrypts the ticket information IT according to the key KeyN, so as to provide the encrypted ticket information IT_k and the help-seeking command Chp. For example, the ticket information IT_k includes user account information, password information and IP address information. The help-seeking event Eh is, for example, an event that the user activates the help-seeking control button on the control panel of the help-calling device 12 .

服务器装置14，具有金钥KeyS。服务器装置14响应于求助指令Chp，根据金钥KeyS对加密门票信息IT_k进行译码，以译码得到门票信息IT。The server device 14 has a key KeyS. In response to the help command Chp, the server device 14 decodes the encrypted ticket information IT_k according to the key KeyS to obtain the ticket information IT by decoding.

在一个例子中，求助端装置12还包括装置序号SN，并响应于求助事件提供装置序号SN至服务器装置14。而求助端装置12的金钥KeyS和服务器装置14的金钥KeyN例如满足：In one example, the help-seeking device 12 further includes a device serial number SN, and provides the device serial number SN to the server device 14 in response to the help-seeking event. And the key KeyS of the help-seeking device 12 and the key KeyN of the server device 14 satisfy, for example:

KeyN＝Hash(KeyS‖SN)KeyN=Hash(KeyS∥SN)

如此，经由凑杂(Hash)运算，服务器装置14可根据其具有的金钥KeyS和求助端装置12提供的装置序号SN运算产生金钥KeyN，并据以对加密门票信息IT_k译码产生门票信息IT。In this way, through a hash operation, the server device 14 can generate the key KeyN according to the key KeyS it has and the device serial number SN provided by the help-end device 12, and then decode the encrypted ticket information IT_k to generate the ticket information IT.

服务器装置14还将译码得到的门票信息IT提供至协助端装置16，如此，协助端装置16可根据门票信息IT登入求助端装置12，并进行远程协助操作。The server device 14 also provides the decoded ticket information IT to the assistance terminal device 16, so that the assistance terminal device 16 can log in to the assistance terminal device 12 according to the ticket information IT, and perform remote assistance operations.

在一个例子中，服务器装置14和协助端装置16间的数据传输操作例如应用验证码(Authentication Code)机制来保护。在验证码机制中，服务器装置14为动态产生验证码Rn，并经由特定的通讯信道C将验证码Rn提供至协助端装置16(即单信道路径(Single Channel)实施方式)。In one example, the data transmission operation between the server device 14 and the assisting device 16 is protected by using, for example, an authentication code (Authentication Code) mechanism. In the verification code mechanism, the server device 14 dynamically generates the verification code Rn, and provides the verification code Rn to the assisting end device 16 via a specific communication channel C (that is, a single channel implementation).

举例来说，此通讯信道C可为网络传输信道及全球行动电话(GlobalSystem for Mobile Communication，GSM)通讯信道。验证码Rn可经由应用前述通讯信道进行传输的通讯协议(例如是电子邮件、网络语音留言、电话系统语音留言或电话系统简讯等)来传输验证码Rn。For example, the communication channel C can be a network transmission channel and a Global System for Mobile Communication (GSM) communication channel. The verification code Rn can be transmitted through the communication protocol (such as e-mail, voicemail, telephone system voicemail or telephone system SMS, etc.) using the aforementioned communication channel for transmission.

协助端装置16接收验证码Rn，并于接收到验证码Rn时对应地回传响应信息SRn以登入服务器装置14。举例来说，协助端装置16直接将接收到的验证码Rn做为响应信息SRn回传至服务器装置14以登入服务器装置14。服务器装置14于接收到响应信息SRn后决定协助端装置16验证成功，如此，协助端装置16可取得服务器装置14中的门票信息IT，并据以登入求助端装置12，以协助其进行对应的使用操作。The assistant device 16 receives the verification code Rn, and correspondingly returns a response message SRn to log in to the server device 14 when receiving the verification code Rn. For example, the assistant device 16 directly returns the received verification code Rn as the response message SRn to the server device 14 to log in to the server device 14 . After receiving the response message SRn, the server device 14 determines that the verification of the assisting end device 16 is successful. In this way, the assisting end device 16 can obtain the ticket information IT in the server device 14, and log in to the assisting end device 12 accordingly to assist it in the corresponding Use the action.

在本实施例中，虽仅以服务器装置14和协助端装置16经由一个通讯信道C来传输验证码Rn、响应信息SRn及门票信息IT的情形为例作说明，然而，本实施例的远程协助系统1并不局限于此。在另一个例子中，本实施例的服务器装置14亦可通过多信道路径(Multiple Channels)来进行门票信息IT的传输。In this embodiment, although only the situation where the server device 14 and the assisting terminal device 16 transmit the verification code Rn, the response information SRn and the ticket information IT via a communication channel C is used as an example for illustration, however, the remote assistance of this embodiment System 1 is not limited to this. In another example, the server device 14 of this embodiment can also transmit the ticket information IT through multiple channels.

请参照图3，其绘示依照本发明实施例的远程协助系统的另一方块图。在这个例子中，服务器装置24和协助端装置26间包括m个通讯信道C 1、C2、...、Cm，m为大于1的自然数。服务器装置24经由此m个通讯信道C1-Cm来提供验证码Rn1-Rnm至协助端装置26。Please refer to FIG. 3 , which shows another block diagram of the remote assistance system according to an embodiment of the present invention. In this example, there are m communication channels C1, C2, . The server device 24 provides the verification codes Rn1-Rnm to the assistant device 26 via the m communication channels C1-Cm.

请参照图4，其绘示乃图3的操作次序图。举例来说，验证码Rn1-Rnm具有不同的数据值c。在这个例子中，协助端装置26可根据验证码Rn1-Rnm其中的任一子集合(Subset)(例如是验证码{Rn3}，{Rn1，Rn2}，或{Rn1，Rn3}...等)对应地产生响应信息SRn回传至服务器装置24，以完成服务器装置24和协助端装置26间的认证操作。Please refer to FIG. 4 , which shows the operation sequence diagram of FIG. 3 . For example, the verification codes Rn1-Rnm have different data values c. In this example, the assisting terminal device 26 can be based on any subset (Subset) of the verification code Rn1-Rnm (for example, the verification code {Rn3}, {Rn1, Rn2}, or {Rn1, Rn3}...etc. ) correspondingly generates a response message SRn and sends it back to the server device 24, so as to complete the authentication operation between the server device 24 and the assistant device 26.

在本实施例中虽仅以应用验证码机制来保护服务器装置14和协助端装置16间的数据传输操作的情形为例作说明，然而，本实施例的远程协助系统1并不局限于此，而还可通过其它形式的机制来保护服务器装置14和协助端装置16间的数据传输操作。In this embodiment, only the case where the verification code mechanism is applied to protect the data transmission operation between the server device 14 and the assisting end device 16 is used as an example for illustration, however, the remote assistance system 1 of this embodiment is not limited to this, However, other forms of mechanisms can also be used to protect the data transmission operation between the server device 14 and the assisting device 16 .

请参照图5及图6，图5绘示依照本发明实施例的远程协助系统的再一方块图，图6绘示乃图5的操作次序图。在这个例子中，服务器装置34和协助端装置36间的数据传输操作经由密码分享(Secret Sharing)机制来进行保护。服务器装置34将一把金钥SK来对门票信息IT进行加密，以得到加密门票信息IT_SK。举例来说，加密门票信息IT_SK包括账号信息和金钥SK的互斥或(Exclusive OR)结果、密码信息和金钥SK的互斥或结果、IP信息、时间参数信息及密码信息、账号信息和IP信息的凑杂验证信息。Please refer to FIG. 5 and FIG. 6 , FIG. 5 shows another block diagram of the remote assistance system according to an embodiment of the present invention, and FIG. 6 shows the operation sequence diagram of FIG. 5 . In this example, the data transmission operation between the server device 34 and the assisting device 36 is protected through a secret sharing mechanism. The server device 34 encrypts the ticket information IT with a key SK to obtain the encrypted ticket information IT_SK. For example, the encrypted ticket information IT_SK includes the exclusive OR result of the account information and the key SK, the exclusive OR result of the password information and the key SK, IP information, time parameter information and password information, account information and The hash verification information of IP information.

服务器装置34还将金钥SK分成j个子金钥SK_1、SK_2、...、SK_j，并设定可根据j个子金钥SK_1-SK_j中的i份子金钥即可计算得到金钥SK，j为大于1的自然数，i为小于j的自然数。The server device 34 also divides the key SK into j sub-keys SK_1, SK_2, ..., SK_j, and sets that the key SK, j can be calculated according to i sub-keys in the j sub-keys SK_1-SK_j is a natural number greater than 1, and i is a natural number less than j.

服务器装置34分别经由j个通讯信道C1′、C2′、...、Cj′来分别将子金钥SK_1-SK_j和加密门票信息IT_SK提供至协助端装置36。The server device 34 provides the sub-keys SK_1-SK_j and the encrypted ticket information IT_SK to the assistant device 36 via j communication channels C1 ′, C2 ′, . . . , Cj ′ respectively.

举例来说，服务器装置34根据Shamir′s密码分享机制来进行金钥SK的分解。使金钥SK具有数值1234，j和i分别等于6和3，而服务器装置34还动态设定参数a1等于166及参数a2等于94。在这样子的条件下，服务器装置34例如取得多项式：For example, the server device 34 decomposes the key SK according to Shamir's password sharing mechanism. The key SK has a value of 1234, j and i are equal to 6 and 3 respectively, and the server device 34 also dynamically sets the parameter a1 equal to 166 and the parameter a2 equal to 94. Under such conditions, the server device 34 obtains the polynomial, for example:

f(x)＝1234+a₁x+a₂x²＝1234+166x+94x² f(x)＝1234+a ₁ x+a ₂ x ² ＝1234+166x+94x ²

分别以条件：Separately with the condition:

x＝1；x＝2；x＝3；x＝4；x＝5；x＝6x=1; x=2; x=3; x=4; x=5; x=6

带入前述多项式中可得6组解集合(x，f(x))：Putting it into the aforementioned polynomial can get 6 sets of solution sets (x, f(x)):

(1，1494)、(2，1942)、(3，2578)、(4，3402)、(5，4414)及(6，5614)。(1, 1494), (2, 1942), (3, 2578), (4, 3402), (5, 4414) and (6, 5614).

将分解得到的6组解集合分别做为子金钥SK_1-SK_6分别经由对应的通讯信道提供至协助端装置36。假设协助端装置36接收子金钥SK_2、SK_5及SK_6，则协助端装置36可根据此第2、第5及第6笔子金钥通过下列方程式还原得到金钥SK：The six solution sets obtained by decomposing are respectively provided to the assisting end device 36 as sub-keys SK_1-SK_6 through corresponding communication channels. Assuming that the assisting device 36 receives the sub-keys SK_2, SK_5 and SK_6, the assisting device 36 can obtain the key SK according to the second, fifth and sixth sub-keys through the following equation:

SK_2＝(x₀，y₀)＝(2，1942)；SK_4＝(x₁，y₁)＝(4，3402)；SK_5＝(x₂，y₂)＝(5，5614)；SK_2=(x ₀ , y ₀ )=(2, 1942); SK_4=(x ₁ , y ₁ )=(4, 3402); SK_5=(x ₂ , y ₂ )=(5, 5614);

${l l}_{00} ((x x)) = = \frac{x x - - {x x}_{11}}{{x x}_{00} - - {x x}_{11}} \times \times \frac{x x - - {x x}_{22}}{{x x}_{00} - - {x x}_{22}} = = \frac{x x - - 44}{22 - - 44} \times \times \frac{x x - - 55}{22 - - 55} = = \frac{11}{66} {x x}^{22} - - 11 \frac{11}{22} x x + + 33 \frac{11}{33}$

${l l}_{11} ((x x)) = = \frac{x x - - {x x}_{00}}{{x x}_{11} - - {x x}_{00}} \times \times \frac{x x - - {x x}_{22}}{{x x}_{11} - - {x x}_{22}} = = \frac{x x - - 22}{44 - - 22} \times \times \frac{x x - - 55}{44 - - 55} = = - - \frac{11}{22} {x x}^{22} + + 33 \frac{11}{22} x x - - 55$

${l l}_{33} ((x x)) = = \frac{x x - - {x x}_{00}}{{x x}_{22} - - {x x}_{00}} \times \times \frac{x x - - {x x}_{11}}{{x x}_{22} - - {x x}_{11}} = = \frac{x x - - 22}{55 - - 22} \times \times \frac{x x - - 44}{55 - - 44} = = \frac{11}{33} {x x}^{22} - - 22 x x + + 22 \frac{22}{33}$

$f f ((x x)) = = {Σ Σ}_{z z = = 00}^{22} {y the y}_{z z} \times \times {l l}_{z z} ((x x)) = = 19421942 {{\frac{11}{66} {x x}^{22} - - 11 \frac{11}{22} x x - - 33 \frac{11}{33}}} + + 34023402 {{- - \frac{11}{22} {x x}^{22} + + 33 \frac{11}{22} x x - - 55}} + + 44144414 {{\frac{11}{33} {x x}^{22} - - 22 x x + + 22 \frac{22}{33}}}$

$= = 12341234 + + 166166 x x + + 9494 {x x}^{22} = = SK SK + + 166166 x x + + 9494 {x x}^{22}$

如此，协助端装置36可根据前述操作得到金钥SK，并据以对加密门票信息IT_SK进行译码得到门票信息IT。In this way, the assistant device 36 can obtain the key SK according to the aforementioned operations, and decode the encrypted ticket information IT_SK to obtain the ticket information IT.

在本实施例中虽仅以一个Shamir′s秘密分享(Secret Sharing)机制的操作为例作说明，然而，本实施例的服务器装置34和挟制端装置36间的数据传输并不局限于使用Shamir′s秘密分享机制来进行保护，而金钥SK、i和j亦并不局限于前述例子的设定，而还可为其它符合对应的秘密分享机制的数值设定。Although in this embodiment only the operation of a Shamir's Secret Sharing (Secret Sharing) mechanism is used as an example for illustration, however, the data transmission between the server device 34 and the host device 36 of this embodiment is not limited to the use of Shamir's 's secret sharing mechanism for protection, and the key SK, i, and j are not limited to the settings of the foregoing example, but can also be other values that conform to the corresponding secret sharing mechanism.

在本实施例中虽仅以求助端装置12提供验证码Rn至协助端装置16，以验证登入求助端装置12的协助端装置16的身份的操作为例作说明，然而，本实施例的远程协助系统1并不局限于为此。Although in this embodiment, the operation of verifying the identity of the assisting device 16 logging in to the assisting device 12 by providing the verification code Rn to the assisting device 16 by the help-seeking device 12 is taken as an example, however, the remote The assistance system 1 is not limited to this.

请参照图7及图8，图7绘示依照本发明实施例的远程协助系统的再一方块图，图8绘示乃图7的操作次序图。在另一个例子中，服务器装置44提供验证码Rn″至求助端装置42，并经由求助端装置42提供验证码Rn″至协助端装置46。之后，协助端装置46根据求助端装置42提供的验证码Rn″产生回传信息SRn′至服务器装置44以登入服务器装置44。如此，协助端装置46亦可从服务器装置44端得到门票信息IT，以登入求助端装置32。Please refer to FIG. 7 and FIG. 8 , FIG. 7 is another block diagram of the remote assistance system according to an embodiment of the present invention, and FIG. 8 is an operation sequence diagram of FIG. 7 . In another example, the server device 44 provides the verification code Rn″ to the helper device 42 , and provides the verification code Rn″ to the assistance device 46 via the helper device 42 . Afterwards, the assisting device 46 generates a return message SRn' to the server device 44 according to the verification code Rn" provided by the requesting device 42 to log in to the server device 44. In this way, the assisting device 46 can also obtain the ticket information IT from the server device 44. , to log in to the help-side device 32 .

在本实施例中，虽仅以服务器装置14和求助端装置12间通过固定的金钥KeyN和KeyS进行加密的情形为例作说明，然而，服务器装置14和求助端装置12间的加密操作并不局限于为此。In this embodiment, although only the situation of encrypting by the fixed keys KeyN and KeyS between the server device 14 and the help-side device 12 is used as an example for illustration, the encryption operation between the server device 14 and the help-side device 12 does not Not limited to this.

请参照图9，其绘示依照本发明实施例的远程协助系统的再一方块图。在另一个例子中，验证码Rn″是由求助端装置42′产生，并提供至服务器装置44′及协助端装置46′。之后，协助端装置46′提供验证码Rn″至服务器装置44，以取得门票信息IT，并登入求助端装置44′。Please refer to FIG. 9 , which shows another block diagram of the remote assistance system according to an embodiment of the present invention. In another example, the verification code Rn" is generated by the helper device 42' and provided to the server device 44' and the assisting device 46'. Afterwards, the assisting device 46' provides the verification code Rn" to the server device 44, To obtain the ticket information IT, and log in to the help terminal device 44'.

请参照图10及图11，图10绘示依照本发明实施例的远程协助系统的再一方块图，图11绘示乃10图的操作次序图。在另一个例子中，在服务器装置54根据装置序号SN求得金钥KeyN后，服务器装置54还动态产生动态金钥SK′，并提供动态金钥SK′和金钥KeyN的互斥或结果Sxr至求助端装置52。如此，求助端装置52可根据互斥或结果Sxr得到动态金钥SK′，并据以对门票信息IT进行加密，并将加密门票信息IT_SK′提供至服务器装置54。在一个例子中，服务器装置54还提供时间参数信息及时间参数和动态金钥SK的杂凑验证信息至求助端装置52，以验证动态金钥SK。Please refer to FIG. 10 and FIG. 11 , FIG. 10 is another block diagram of the remote assistance system according to an embodiment of the present invention, and FIG. 11 is an operation sequence diagram of FIG. 10 . In another example, after the server device 54 obtains the key KeyN according to the device serial number SN, the server device 54 also dynamically generates the dynamic key SK', and provides the mutually exclusive or result Sxr of the dynamic key SK' and the key KeyN. To the help-side device 52. In this way, the helper device 52 can obtain the dynamic key SK′ according to the mutual exclusion or the result Sxr, and encrypt the ticket information IT accordingly, and provide the encrypted ticket information IT_SK′ to the server device 54 . In one example, the server device 54 also provides the time parameter information and hash verification information of the time parameter and the dynamic key SK to the requesting end device 52 to verify the dynamic key SK.

接着，服务器装置54执行与服务器装置34实质上相同的操作，以经由Shamir′s密码分享机制提供加密门票信息IT_SK′至协助端装置56。如此，协助端装置56可取得并根据门票信息IT_SK′登入求助端装置52。Next, the server device 54 performs substantially the same operation as the server device 34 to provide the encrypted ticket information IT_SK' to the assistant device 56 via Shamir's password sharing mechanism. In this way, the assistance terminal device 56 can obtain and log in the assistance terminal device 52 according to the ticket information IT_SK′.

在本实施例中，虽以求助端装置12与服务器装置14间的通讯传输通过应用杂凑运算与对称加密的机制的金钥来进行加密保护的情形为例作说明，本实施例的求助端装置12与服务器装置14间的通讯传输并不局限于此。在其它例子中，求助端装置12与服务器装置14间的传输亦可通过金钥(Public Key)密码系统的方式来进行加密保护。In this embodiment, although the communication transmission between the help-calling device 12 and the server device 14 is encrypted and protected by using a hash operation and a symmetric encryption mechanism as an example for illustration, the help-calling device in this embodiment The communication transmission between 12 and the server device 14 is not limited to this. In other examples, the transmission between the help-seeking device 12 and the server device 14 can also be encrypted and protected by means of a public key cryptosystem.

综上所述，虽然本发明已以一较佳实施例公开如上，然而其并非用以限定本发明。本发明所属技术领域中具有通常知识，在不脱离本发明的精神和范围内，当可作各种的更动与润饰。因此，本发明的保护范围当视后附的权利要求所界定的为准。To sum up, although the present invention has been disclosed as above with a preferred embodiment, it is not intended to limit the present invention. Those who have common knowledge in the technical field of the present invention can make various changes and modifications without departing from the spirit and scope of the present invention. Therefore, the scope of protection of the present invention should be defined by the appended claims.

Claims

1. A remote assistance method applied to a remote assistance system, characterized in that: the remote assistance system includes a server device, a help-seeking terminal device and an assistance terminal device, and the remote assistance method includes:

(a) receiving a first encrypted ticket information, the first encrypted ticket information is generated by encrypting a ticket information according to a first key in response to a help request event;

(b) decrypting the first encrypted ticket information provided by the help-calling device according to a second key, so as to obtain the ticket information by decoding; and

(c) providing the decoded ticket information to the assistance terminal device, so that the assistance terminal device can log in to the assistance terminal device and perform remote assistance operations.

2. The remote assistance method according to claim 1, characterized in that: step (a) further comprises:

Device serial number information is received, and the device serial number information is generated by the help-calling end device.

3. The remote assistance method according to claim 2, characterized in that: step (b) comprises:

(b1) performing a hash operation with the second key according to the device serial number information to obtain the first key; and

(b2) Decipher the first encrypted ticket information according to the first key, so as to obtain the ticket information.

4. The remote assistance method according to claim 1, further comprising:

(d) generating an authentication message;

(e) sending the authentication information to the assisting device via a Single Channel, and the assisting device is used to return a response message according to the authentication information; and

(f) Determine whether the response message is received to determine whether the assisting device is successfully authenticated, and if so, perform step (c).

5. The remote assistance method according to claim 1, further comprising:

(d) generating an authentication message;

(e) sending the authentication information to the assisting device via a multi-channel path, and the assisting device is used to return a response message according to the authentication information; and

6. The remote assistance method according to claim 1, further comprising:

(d) generating an authentication message;

(e) providing the authentication information to the assisting device through the requesting device, and the assisting device is used to return a response message according to the authentication information; and

7. The remote assistance method according to claim 1, characterized in that: step (c) further comprises:

(c1) generating and encrypting the ticket information according to a third key to generate a second encrypted ticket information;

(c2) Decompose the third key according to the secret sharing mechanism to obtain N pieces of decomposed key information, where N is a natural number greater than 1; and

(c3) Sending the N split key information and the second encrypted ticket information to the assistant device through N communication channels.

8. The remote assistance method according to claim 7, wherein the assisting device obtains the third key by synthesizing at least M pieces of decomposition key information among the N pieces of decomposition key information, and obtains the third key according to the first The third key decrypts the second encrypted ticket information to obtain the ticket information, and M is a natural number smaller than N.

9. The remote assistance method according to claim 1, further comprising:

(d) generating an authentication message;

(e) providing the authentication information to the help-calling device;

(f) providing the authentication information received by the help-calling device to the assisting device, and the assisting device provides a response message to the server device according to the authentication information; and

(g) Determine whether the response message is received to determine whether the assisting device is successfully authenticated, and if so, perform step (c).

10. The remote assistance method according to claim 1, wherein the first key is a public key.

11. A remote assistance system, comprising:

A help-seeking terminal device has a first key, and the help-seeking terminal device encrypts a ticket information according to the first key in response to a help-seeking event, so as to provide a first encrypted ticket information;

A server device having a second key, the server device decodes the first encrypted ticket information according to the second key, to obtain and provide the ticket information by decoding; and

An assistance terminal device receives the ticket information provided by the server device, and the assistance terminal device can log into the assistance terminal device and perform remote assistance operations.

12. The remote assistance system according to claim 10, wherein the help-seeking device also generates and provides a device serial number information to the server device.

13. The remote assistance system according to claim 12, wherein the server device performs a hash operation with the second key according to the device serial number information to obtain the first key, and the server device also calculates the first key according to The first key decodes the first encrypted ticket information to obtain the ticket information.

14. The remote assistance system according to claim 11, characterized in that:

The server device also generates authentication information, and sends the authentication information to the assisting device through a single channel path (SingleChannel), and the assisting device is used to return a response message according to the authentication information; and

The server device also judges whether the response message is received to determine whether the assisting device is successfully authenticated. When the server device receives the response message, the server device judges that the assisting device is authenticated successfully, and provides the ticket information to the Assist end device.

15. The remote assistance system according to claim 11, characterized in that:

The server device generates authentication information, and sends the authentication information to the assisting device through a multi-channel path, and the assisting device is used to return a response message according to the authentication information; and

16. The remote assistance system according to claim 11, characterized in that:

generating authentication information, and providing the authentication information to the assisting device through the help-calling device, and the assisting device is used to return a response message according to the authentication information; and

17. The remote assistance system as claimed in claim 16, wherein the authentication information is generated by the server device or the help-requesting terminal device.

18. The remote assistance system according to claim 11, wherein the server device generates and encrypts the ticket information according to a third key to generate a second encrypted ticket information;

The server device also decomposes the third key according to the secret sharing mechanism to obtain N pieces of decomposed key information, where N is a natural number greater than 1;

The server device also sends the N pieces of decomposition key information and the second encrypted ticket information to the assistant device through N communication channels.

19. The remote assistance system according to claim 18, wherein the assisting device obtains the third key by synthesizing at least M pieces of decomposition key information among the N pieces of decomposition key information, and obtains the third key according to the first The third key decrypts the second encrypted ticket information to obtain the ticket information, and M is a natural number smaller than N.

20. The remote assistance system according to claim 11, characterized in that:

The server device also generates authentication information and provides the authentication information to the help-requesting device;

The help-calling device provides the authentication information to the assisting device, and the assisting device provides a response message to the server device according to the authentication information; and

21. The remote assistance system as claimed in claim 11, wherein the first key is a public key.

22. A remote assistance system, characterized in that it is used to communicate with an assistance terminal device, and the remote assistance system includes:

A help-calling terminal device having a first key, the help-calling terminal device encrypts a ticket information according to the first key in response to a help-calling event, so as to provide a first encrypted ticket information; and

A server device has a second key, and the server device decodes the first encrypted ticket information according to the second key, so as to obtain and provide the ticket information to the assisting terminal device, thus, the The assisting device can log in to the assisting device and perform remote assistance operations.

23. The remote assistance system according to claim 22, wherein the help-seeking device further provides a device serial number information to the server device.

24. The remote assistance system according to claim 23, wherein the server device performs a hash operation with the second key according to the device serial number information to obtain the first key, and the server device also calculates the first key according to The first key decodes the first encrypted ticket information to obtain the ticket information.

25. The remote assistance system as claimed in claim 22, characterized in that: the server device also generates authentication information, and sends the authentication information to the assisting end device via a single channel path (Single Channel), and the assisting end device for returning a response message according to the authentication message; and

26. The remote assistance system according to claim 22, characterized in that:

The server device also generates authentication information, and sends the authentication information to the assisting device through a multi-channel path, and the assisting device is used to return a response message according to the authentication information; and

27. The remote assistance system according to claim 22, characterized in that:

28. The remote assistance system as claimed in claim 27, wherein the authentication information is generated by the server device or the help-requesting terminal device.

29. The remote assistance system according to claim 22, characterized in that:

The server device generates and encrypts the ticket information according to a third key to generate a second encrypted ticket information;

30. The remote assistance system according to claim 29, wherein the assisting device obtains the third key by synthesizing at least M pieces of decomposition key information among the N pieces of decomposition key information, and obtains the third key according to the first The third key decrypts the second encrypted ticket information to obtain the ticket information, and M is a natural number smaller than N.

31. The remote assistance system according to claim 22, characterized in that:

32. The remote assistance system as claimed in claim 22, wherein the first key is a public key.