TWI679603B - System for assisting a financial card holder in setting password for the first time and method thereof - Google Patents
System for assisting a financial card holder in setting password for the first time and method thereof Download PDFInfo
- Publication number
- TWI679603B TWI679603B TW107145175A TW107145175A TWI679603B TW I679603 B TWI679603 B TW I679603B TW 107145175 A TW107145175 A TW 107145175A TW 107145175 A TW107145175 A TW 107145175A TW I679603 B TWI679603 B TW I679603B
- Authority
- TW
- Taiwan
- Prior art keywords
- financial card
- password
- authentication
- app
- cardholder
- Prior art date
Links
Abstract
本發明揭示一種用於幫助持卡人首次設定金融卡密碼之系統,及其方法。該系統包含一第一伺服器,設有一密碼設定模組,其包括一儲存子模組;一第二伺服器,與該第一伺服器電性連接,並設有一金融卡管理模組;一軟體產品(App),與該第一伺服器通訊連接,該App係安裝於該持卡人所持有的一行動裝置,且該App係經該密碼設定模組認證;以及一認證裝置,與該第二伺服器通訊連接,該認證裝置具有一顯示元件、一輸入元件及一金融卡讀寫元件。The invention discloses a system and a method for helping a cardholder to set a financial card password for the first time. The system includes a first server with a password setting module including a storage sub-module, a second server electrically connected with the first server, and a financial card management module; A software product (App) connected to the first server, the App is installed on a mobile device held by the cardholder, and the App is authenticated by the password setting module; and an authentication device, and The second server is communicatively connected, and the authentication device has a display element, an input element, and a financial card read-write element.
Description
本發明係關於一種用於幫助持卡人首次設定金融卡密碼之系統及其方法,特別係關於一種無需紙本金融卡密碼函的系統及方法。The present invention relates to a system and method for helping cardholders to set a password for a financial card for the first time, and particularly to a system and method that does not require a paper financial card password letter.
現行金融卡密碼函係由金融卡系統相關功能產出密碼檔後,由特定安管人員於指定環境下,以人工操作指定機器設備與交易功能,完成金融卡密碼函列印作業;之後,經由專人打包、運送、郵遞到各指定分行;最後,由各分行指定專人清點收妥後入庫、儲藏、保管;於客戶到分行臨櫃辦理新金融卡申請時,再經指定專人於主管審核後,自保險庫取得該金融卡之密碼函,連同新申請之金融卡一起交付持卡人簽收。Existing financial card password letters are generated by the related functions of the financial card system. After the password file is generated by the relevant functions of the financial card system, specific security personnel will manually operate the designated equipment and transaction functions under the specified environment to complete the printing of the financial card password letter. Packaged, transported, and mailed to designated branches by special persons; finally, designated persons at each branch will take inventory, store, store, and keep them; when a customer goes to the branch to apply for a new financial card in front of the counter, the designated person will review it with the supervisor. Obtain the cryptographic letter of the financial card from the vault, and deliver it to the cardholder for signing together with the newly applied financial card.
因此,對於金融業者而言,仍需要一種系統或方法,以取代現行通過人工操作列印密碼函的繁瑣程序,節省其間配套的相關人工作業、環境設施、列印機器、紙張、郵遞、保管儲存、資安控管及風險稽查等等作業成本負擔。此外,若能消除紙本金融卡密碼函之使用,亦能達到節能減碳的效果,有助於地球之環境保護。Therefore, for the financial industry, there is still a need for a system or method to replace the current tedious process of printing password letters by manual operation, saving related manual operations, environmental facilities, printing machines, paper, mailing, custody and storage. , Asset security control and risk audit, etc. In addition, if the use of paper financial card cipher letters can be eliminated, the effect of energy conservation and carbon reduction can also be achieved, which will contribute to the environmental protection of the planet.
有鑑於此,本發明提供用於幫助持卡人首次設定金融卡密碼之系統及其方法,其無需紙本金融卡密碼函即可完成金融卡密碼之首次設定,並能兼顧密碼設定之安全性。In view of this, the present invention provides a system and method for helping cardholders to set a password for a financial card for the first time. .
在一方面,本發明揭示一種用於幫助持卡人首次設定金融卡密碼之系統,包含: 一第一伺服器,設有一密碼設定模組,其包括一儲存子模組; 一第二伺服器,與該第一伺服器電性連接,並設有一金融卡管理模組; 一軟體產品(App),與該第一伺服器通訊連接,該App係安裝於該持卡人所持有的一行動裝置,且該App係經該密碼設定模組認證;以及 一認證裝置,與該第二伺服器通訊連接,該認證裝置具有一顯示元件、一輸入元件及一金融卡讀寫元件; 其中: 該密碼設定模組於一預先註冊程序中:接收一第一認證資料,其係由該行動裝置的識別資訊以及該持卡人的個人資訊所組成,並將該第一認證資料儲存於該儲存子模組;以及,接收一第二認證資料,其為一自選文摘,並將該第二認證資料儲存於該儲存子模組; 該App於啟動後自動觸發一事件,要求輸入個人資訊及金融卡之帳號,並將輸入之個人資訊及帳號傳送予該密碼設定模組; 該密碼設定模組於向該金融卡管理模組確認該金融卡之狀態之後:根據一組合方法組合該第一認證資料,以產生一第一金鑰,其中,該組合方法係隨機挑選自複數個組合方法,並具有一第一編號;自複數個加密方法中隨機挑選一加密方法,該加密方法具有一第二編號;以及,向該App傳送該第一編號,及基於該第一金鑰加密後的確認資料,該確認資料包括一加密資訊及該自選文摘,其中,該加密資訊包括該第二編號,及一開始取樣位置; 該App自該行動裝置取得該行動裝置的識別資訊以及該持卡人的個人資訊,並根據該第一編號所對應的組合方法,組合所述識別資訊及個人資訊,以產生一第二金鑰;使用該第二金鑰解譯得到該加密資訊及該自選文摘,並根據該第二編號所對應的加密方法及該開始取樣位置,對該自選文摘進行加密,得到一加密值;以及,基於該第二金鑰對該加密值進行加密後傳送予該密碼設定模組; 該密碼設定模組於確認該加密值的正確性後,向該金融卡管理模組發送取得認證碼之請求,並取得一認證碼;以及,產生一認證碼圖像,並傳送予該App; 該App顯示該認證碼圖像,以供該持卡人藉由認證裝置首次設定該金融卡之密碼時使用;以及 該認證裝置藉由該金融卡讀寫元件讀取該金融卡,並向該金融卡管理模組確認該金融卡之狀態,接著藉由該顯示元件提供一第一使用者介面,供該持卡人藉由該輸入元件輸入該認證碼以及該金融卡之新密碼,以完成首次密碼設定。In one aspect, the present invention discloses a system for helping cardholders to set a password for a financial card for the first time, including: a first server provided with a password setting module including a storage sub-module; a second server Is electrically connected to the first server and is provided with a financial card management module; a software product (App) is communicatively connected to the first server, and the App is installed in a card held by the cardholder A mobile device, and the App is authenticated by the password setting module; and an authentication device communicatively connected with the second server, the authentication device has a display element, an input element, and a financial card read-write element; wherein: The password setting module is in a pre-registration procedure: receiving a first authentication data, which is composed of identification information of the mobile device and personal information of the cardholder, and storing the first authentication data in the storage A sub-module; and, receiving a second authentication data, which is an optional digest, and storing the second authentication data in the storage sub-module; the App automatically triggers an event after the start, and requires input Enter the personal information and financial card account number, and send the entered personal information and account number to the password setting module; The password setting module after confirming the status of the financial card to the financial card management module: according to a combination method The first authentication data is combined to generate a first key, wherein the combination method is randomly selected from a plurality of combination methods and has a first number; and an encryption method is randomly selected from the plurality of encryption methods, and the encryption The method has a second number; and transmitting the first number to the App, and the confirmation data encrypted based on the first key, the confirmation data includes an encrypted information and the optional digest, wherein the encrypted information includes the The second number, and the initial sampling location; the app obtains the identification information of the mobile device and the personal information of the cardholder from the mobile device, and combines the identification information and the combination method corresponding to the first number and Personal information to generate a second key; use the second key to interpret the encrypted information and the optional digest, and use the second number A corresponding encryption method and the starting sampling position, encrypting the selected digest to obtain an encrypted value; and encrypting the encrypted value based on the second key and transmitting the encrypted value to the password setting module; the password setting module After confirming the correctness of the encrypted value, a request for obtaining an authentication code is sent to the financial card management module and an authentication code is obtained; and, an authentication code image is generated and transmitted to the App; the App displays the authentication Code image for use by the cardholder when setting the password of the financial card for the first time through the authentication device; and the authentication device reads the financial card through the financial card read-write component and sends it to the financial card management module Confirm the status of the financial card, and then provide a first user interface through the display element for the cardholder to input the authentication code and the new password of the financial card through the input element to complete the first password setting.
在本發明之部分具體實施例中,該密碼設定模組提供一第二使用者介面,供該金融卡之發卡方作業人員輸入該第一認證資料及該第二認證資料。In some specific embodiments of the present invention, the password setting module provides a second user interface for an operator of the issuer of the financial card to input the first authentication data and the second authentication data.
在本發明之部分具體實施例中,該App要求一啟動密碼。In some specific embodiments of the invention, the App requires an activation password.
在本發明之部分具體實施例中,該認證裝置的該第一使用者介面要求輸入認證碼及新密碼,以及該個人資訊的至少一部分,並基於所輸入的資料向該金融卡管理模組發送設定新密碼之請求。在特定具體實施例中,該金融卡管理模組確認接收到的認證碼及個人資料無誤後,取得經亂碼化的新密碼,並傳送予該認證裝置,供其藉由該金融卡讀寫元件寫入該經亂碼化的新密碼至該金融卡。In some specific embodiments of the present invention, the first user interface of the authentication device requires an authentication code and a new password, and at least a portion of the personal information, and sends the information to the financial card management module based on the input data. Request to set a new password. In a specific embodiment, after confirming that the received authentication code and personal data are correct, the financial card management module obtains a garbled new password and transmits it to the authentication device for reading and writing components by the financial card. Write the garbled new password to the debit card.
另一方面,本發明提供一種用於幫助持卡人首次設定金融卡密碼之方法,包含: 提供一第一伺服器,設有一密碼設定模組,其包括一儲存子模組; 一第二伺服器,與該第一伺服器電性連接,並設有一金融卡管理模組;一軟體產品(App),與該第一伺服器通訊連接,該App係安裝於該持卡人所持有的一行動裝置,且該App係經該密碼設定模組認證;以及一認證裝置,與該第二伺服器通訊連接,該認證裝置具有一顯示元件、一輸入元件及一金融卡讀寫元件; 該密碼設定模組於一預先註冊程序中:接收一第一認證資料,其係由該行動裝置的識別資訊以及該持卡人的個人資訊所組成,並將該第一認證資料儲存於該儲存子模組;以及,接收一第二認證資料,其為一自選文摘,並將該第二認證資料儲存於該儲存子模組; 該App於啟動後自動觸發一事件,要求輸入個人資訊及金融卡之帳號,並將輸入之個人資訊及帳號傳送予該密碼設定模組; 該密碼設定模組於向該金融卡管理模組確認該金融卡之狀態之後:根據一組合方法組合該第一認證資料,以產生一第一金鑰,其中,該組合方法係隨機挑選自複數個組合方法,並具有一第一編號;自複數個加密方法中隨機挑選一加密方法,該加密方法具有一第二編號;以及,向該App傳送該第一編號,及基於該第一金鑰加密後的確認資料,該確認資料包括一加密資訊及該自選文摘,其中,該加密資訊包括該第二編號,及一開始取樣位置; 該App自該行動裝置取得該行動裝置的識別資訊以及該持卡人的個人資訊,並根據該第一編號所對應的組合方法,組合所述識別資訊及個人資訊,以產生一第二金鑰;使用該第二金鑰解譯得到該加密資訊及該自選文摘,並根據該第二編號所對應的加密方法及該開始取樣位置,對該自選文摘進行加密,得到一加密值;以及,基於該第二金鑰對該加密值進行加密後傳送予該密碼設定模組; 該密碼設定模組於確認該加密值的正確性後,向該金融卡管理模組發送取得認證碼之請求,並取得一認證碼;以及,產生一認證碼圖像,並傳送予該App; 該App顯示該認證碼圖像,以供該持卡人藉由認證裝置首次設定該金融卡之密碼時使用;以及 該認證裝置藉由該金融卡讀寫元件讀取該金融卡,並向該金融卡管理模組確認該金融卡之狀態,接著藉由該顯示元件提供一第一使用者介面,供該持卡人藉由該輸入元件輸入該認證碼以及該金融卡之新密碼,以完成首次密碼設定。In another aspect, the present invention provides a method for helping a cardholder to set a password for a financial card for the first time, including: providing a first server with a password setting module including a storage sub-module; a second servo Device, which is electrically connected to the first server, and is provided with a financial card management module; a software product (App), which is communicatively connected to the first server, the App is installed in the cardholder's possession A mobile device, and the App is authenticated by the password setting module; and an authentication device is communicatively connected with the second server, the authentication device has a display element, an input element, and a financial card read-write element; the The password setting module is in a pre-registration procedure: it receives a first authentication data, which is composed of the identification information of the mobile device and the personal information of the cardholder, and stores the first authentication data in the storage sub-module. Module; and, receiving a second authentication data, which is an optional digest, and storing the second authentication data in the storage sub-module; the App automatically triggers an event after startup, and requires input of a Personal information and financial card account number, and send the entered personal information and account number to the password setting module; the password setting module after confirming the status of the financial card to the financial card management module: according to a combination method The first authentication data is used to generate a first key, wherein the combination method is randomly selected from a plurality of combination methods and has a first number; an encryption method is randomly selected from the plurality of encryption methods, and the encryption method Having a second number; and transmitting the first number to the App, and the confirmation data encrypted based on the first key, the confirmation data including an encrypted information and the optional digest, wherein the encrypted information includes the first The second number, and the first sampling location; the app obtains the identification information of the mobile device and the personal information of the cardholder from the mobile device, and combines the identification information and the individual according to the combination method corresponding to the first number Information to generate a second key; use the second key to decipher the encrypted information and the optional digest, and pair it according to the second number Encryption method and the starting sampling position, encrypt the selected digest to obtain an encrypted value; and encrypt the encrypted value based on the second key and send it to the password setting module; the password setting module is After confirming the correctness of the encrypted value, send a request for obtaining an authentication code to the financial card management module and obtain an authentication code; and, generate an authentication code image and transmit it to the App; the App displays the authentication code An image for use by the cardholder when setting the password of the financial card for the first time through the authentication device; and the authentication device reads the financial card through the financial card read-write component and confirms with the financial card management module The state of the financial card, and then a first user interface is provided through the display element for the cardholder to input the authentication code and the new password of the financial card through the input element to complete the first password setting.
在本發明之部分具體實施例中,該密碼設定模組提供一第二使用者介面,供該金融卡之發卡方作業人員輸入該第一認證資料及該第二認證資料。In some specific embodiments of the present invention, the password setting module provides a second user interface for an operator of the issuer of the financial card to input the first authentication data and the second authentication data.
在本發明之部分具體實施例中,該App要求一啟動密碼。In some specific embodiments of the invention, the App requires an activation password.
在本發明之部分具體實施例中,該認證裝置的該第一使用者介面要求輸入認證碼及新密碼,以及該個人資訊的至少一部分,並基於所輸入的資料向該金融卡管理模組發送設定新密碼之請求。在特定具體實施例中,該金融卡管理模組確認接收到的認證碼及個人資料無誤後,取得經亂碼化的新密碼,並傳送予該認證裝置,供其藉由該金融卡讀寫元件寫入該經亂碼化的新密碼至該金融卡。In some specific embodiments of the present invention, the first user interface of the authentication device requires an authentication code and a new password, and at least a portion of the personal information, and sends the information to the financial card management module based on the input data. Request to set a new password. In a specific embodiment, after confirming that the received authentication code and personal data are correct, the financial card management module obtains a garbled new password and transmits it to the authentication device for reading and writing components by the financial card. Write the garbled new password to the debit card.
本發明之其他目的及優點一部分記載於下述說明中,或可透過本發明的實施例而理解。應了解前文之發明內容及下文之實施方式僅為例示性及闡釋性之說明,而非如申請專利範圍般限定本發明。Other objects and advantages of the present invention are partly described in the following description, or can be understood through the embodiments of the present invention. It should be understood that the foregoing summary of the invention and the following embodiments are merely illustrative and explanatory illustrations, and do not limit the present invention as the scope of patent application.
需注意的是,除非另有指明,所有在此處使用的技術性和科學性術語具有如同本發明所屬技術領域中之通常技術者一般所瞭解的意義。再者,本說明書所使用的「一」乙詞,如未特別指明,係指至少一個(一個或一個以上)之數量,合先說明。It should be noted that, unless otherwise specified, all technical and scientific terms used herein have meanings as commonly understood by a person of ordinary skill in the technical field to which the present invention belongs. Furthermore, the word "a" as used in this specification refers to the quantity of at least one (one or more) unless otherwise specified.
在一方面,本發明提供一種一種用於幫助持卡人首次設定金融卡密碼之系統。所述系統包含:一第一伺服器、一第二伺服器、一軟體產品(App)以及一認證裝置。In one aspect, the present invention provides a system for helping cardholders to set a password for a financial card for the first time. The system includes a first server, a second server, a software product (App), and an authentication device.
該第一伺服器設有一密碼設定模組,其包括一儲存子模組。The first server is provided with a password setting module, which includes a storage sub-module.
該第二伺服器係與該第一伺服器電性連接,並設有一金融卡管理模組。The second server is electrically connected to the first server and is provided with a financial card management module.
根據本發明之較佳具體實施例,該第一及第二伺服器係設於該金融卡的發卡方。According to a preferred embodiment of the present invention, the first and second servers are disposed on a card issuer of the financial card.
該軟體產品(App)係與該第一伺服器通訊連接,並安裝於該持卡人所持有的一行動裝置,且該App係經該密碼設定模組認證。根據本發明,該行動裝置包括但不限於一平板電腦或一智慧型手機,且較佳為一智慧型手機。該行動裝置較佳不包括一筆記型電腦。所述通訊連接較佳為藉由一網際網路通訊連接。根據本發明,該軟體產品較佳係為一行動軟體產品(mobile application)。根據本發明,該行動裝置可包含一儲存單元,儲存有該軟體產品之程式碼,以及一處理單元,用於執行該軟體產品之程式碼。The software product (App) is communicatively connected to the first server and installed on a mobile device held by the cardholder, and the App is authenticated by the password setting module. According to the present invention, the mobile device includes, but is not limited to, a tablet computer or a smart phone, and is preferably a smart phone. The mobile device preferably does not include a notebook computer. The communication connection is preferably an Internet communication connection. According to the present invention, the software product is preferably a mobile application. According to the present invention, the mobile device may include a storage unit storing the code of the software product, and a processing unit for executing the code of the software product.
該認證裝置係與該第二伺服器通訊連接,且其具有一顯示元件、一輸入元件及一金融卡讀寫元件。在本發明之部分具體實施例中,該認證裝置為一自動櫃員機或一自動存提款機。根據本發明,該認證裝置較佳係藉由一專屬網路與該第二伺服器通訊連接。The authentication device is communicatively connected with the second server, and has a display element, an input element, and a financial card read-write element. In some embodiments of the present invention, the authentication device is an automatic teller machine or an automatic deposit and withdrawal machine. According to the present invention, the authentication device is preferably connected to the second server through a dedicated network.
在一預先註冊程序中,該密碼設定模組接收一第一認證資料及一第二認證資料,並將該第一及第二認證資料儲存於該儲存子模組。該第一認證資料係由該行動裝置的識別資訊以及該持卡人的個人資訊所組成,該第二認證資料則為一自選文摘。在該預先註冊程序中,該密碼設定模組可提供一第二使用者介面,以供該金融卡之發卡的方作業人員輸入該第一認證資料及該第二認證資料。前述識別資訊包含IMEI、UDID、鑰匙圈(Keychain)、MAC位址或其組合。該自選文摘可由該持卡人自行提供、或由該作業人員自該儲存子模組的資料庫中挑選、或由該密碼設定模組隨機自該儲存子模組的資料庫中挑選。In a pre-registration process, the password setting module receives a first authentication data and a second authentication data, and stores the first and second authentication data in the storage sub-module. The first authentication information is composed of identification information of the mobile device and personal information of the cardholder, and the second authentication information is an optional digest. In the pre-registration procedure, the password setting module may provide a second user interface for an operator of the issuing party of the financial card to input the first authentication information and the second authentication information. The aforementioned identification information includes IMEI, UDID, Keychain, MAC address, or a combination thereof. The optional digest may be provided by the cardholder, or selected by the operator from the database of the storage submodule, or randomly selected by the password setting module from the database of the storage submodule.
該App於啟動後自動觸發一事件,要求輸入個人資訊及金融卡之帳號,並將輸入之個人資訊及帳號傳送予該密碼設定模組。根據本發明的較佳具體實施例,該App要求一啟動密碼,驗證啟動密碼為正確後才會啟動該App。所述啟動密碼包括但不限於:圖形密碼、按鍵式密碼、指紋辨識或臉部辨識。After launching the App, an event is automatically triggered, which requires input of personal information and account number of the financial card, and transmits the entered personal information and account number to the password setting module. According to a preferred embodiment of the present invention, the App requires a startup password, and the App will not start until the startup password is verified to be correct. The startup password includes, but is not limited to, a graphic password, a touch-tone password, fingerprint recognition, or face recognition.
該密碼設定模組於向該金融卡管理模組確認該金融卡之狀態之後會執行以下步驟:(1) 根據一組合方法組合該第一認證資料,以產生一第一金鑰,其中,該組合方法係隨機挑選自複數個組合方法,並具有一第一編號;(2) 自複數個加密方法中隨機挑選一加密方法,該加密方法具有一第二編號;以及,(3) 將該第一編號以及基於該第一金鑰加密後的確認資料傳送予該App,該確認資料包括一加密資訊以及如前述之自選文摘,其中,該加密資訊包括該第二編號,及一開始取樣位置。根據本發明,所述組合方法包括但不限於:對該第一認證資料的單一欄位、或多個欄位的完整資料進行組合、或對該第一認證資料的多個欄位之部份資料進行組合、或對該第一認證資料的同一欄位資料進行多次組合。The password setting module performs the following steps after confirming the status of the financial card to the financial card management module: (1) combining the first authentication data according to a combination method to generate a first key, wherein the first key The combination method randomly selects a plurality of combination methods and has a first number; (2) randomly selects an encryption method from the plurality of encryption methods, the encryption method has a second number; and, (3) assigns the first A number and the confirmation data encrypted based on the first key are transmitted to the App. The confirmation data includes an encrypted information and an optional digest as described above, wherein the encrypted information includes the second number and a starting sampling position. According to the present invention, the combination method includes, but is not limited to: combining a single field of the first authentication data, or complete data of a plurality of fields, or a part of a plurality of fields of the first authentication data The data is combined, or the same field data of the first authentication data is combined multiple times.
該App自該行動裝置取得該行動裝置的識別資訊以及該持卡人的個人資訊,並根據該第一編號所對應的組合方法,組合所述識別資訊及個人資訊,以產生一第二金鑰;使用該第二金鑰解譯得到該加密資訊及該自選文摘,並根據該第二編號所對應的加密方法及該開始取樣位置,對該自選文摘進行加密,得到一加密值;以及,基於該第二金鑰對該加密值進行加密後傳送予該密碼設定模組。該持卡人的個人資訊可由該持卡人自行登錄並儲存於該行動裝置。所述開始取樣位置指示加密方法從該自選文摘的哪個位置的文字開始取樣進行加密。The App obtains the identification information of the mobile device and the personal information of the cardholder from the mobile device, and combines the identification information and personal information according to a combination method corresponding to the first number to generate a second key ; Use the second key to decipher the encrypted information and the optional digest, and encrypt the optional digest according to the encryption method corresponding to the second number and the starting sampling position to obtain an encrypted value; and, based on The second key encrypts the encrypted value and sends it to the password setting module. The cardholder's personal information can be registered by the cardholder and stored in the mobile device. The start sampling position indicates from which position of the selected digest the encryption method starts sampling and encrypting.
該密碼設定模組於確認該加密值的正確性後,向該金融卡管理模組發送取得認證碼之請求,並取得一認證碼;以及,產生一認證碼圖像,並傳送予該App。所述認證碼較佳為6至8碼的隨機數字,但不以此為限。在本發明一具體實施例中,採用視覺密碼學理論方法對該認證碼加密產出所述認證碼圖像,使其明碼值需要人工以眼睛目視方式才能正確讀取。After confirming the correctness of the encrypted value, the password setting module sends a request for obtaining an authentication code to the financial card management module and obtains an authentication code; and generates an authentication code image and transmits it to the App. The authentication code is preferably a random number of 6 to 8 codes, but is not limited thereto. In a specific embodiment of the present invention, the authentication code image is encrypted by using a visual cryptographic theory method to produce the authentication code image, so that the plain code value of the authentication code can be read manually by human eyes.
接著,該App會顯示該認證碼圖像,以供該持卡人藉由認證裝置首次設定該金融卡之密碼時使用。Then, the App displays the authentication code image for the cardholder to use when setting the password of the financial card for the first time through the authentication device.
最後,該認證裝置藉由該金融卡讀寫元件讀取該金融卡,並向該金融卡管理模組確認該金融卡之狀態,接著藉由該顯示元件提供一第一使用者介面,供該持卡人藉由該輸入元件輸入該認證碼以及該金融卡之新密碼,以完成首次密碼設定。Finally, the authentication device reads the financial card through the financial card read-write element, and confirms the status of the financial card to the financial card management module, and then provides a first user interface through the display element for the The cardholder enters the authentication code and the new password of the financial card through the input element to complete the first password setting.
在本發明之部分具體實施例中,該認證裝置的該第一使用者介面要求輸入認證碼及新密碼,以及該個人資訊的至少一部分,並基於所輸入的資料向該金融卡管理模組發送設定新密碼之請求。在特定具體實施例中,該金融卡管理模組確認接收到的認證碼及個人資料無誤後,取得經亂碼化的新密碼,並傳送予該認證裝置,供其藉由該金融卡讀寫元件寫入該經亂碼化的新密碼至該金融卡。In some specific embodiments of the present invention, the first user interface of the authentication device requires an authentication code and a new password, and at least a portion of the personal information, and sends the information to the financial card management module based on the input data. Request to set a new password. In a specific embodiment, after confirming that the received authentication code and personal data are correct, the financial card management module obtains a garbled new password and transmits it to the authentication device for reading and writing components by the financial card. Write the garbled new password to the debit card.
另一方面,本發明提供一種用於幫助持卡人首次設定金融卡密碼之方法,包含: 提供一第一伺服器,設有一密碼設定模組,其包括一儲存子模組; 一第二伺服器,與該第一伺服器電性連接,並設有一金融卡管理模組;一軟體產品(App),與該第一伺服器通訊連接,該App係安裝於該持卡人所持有的一行動裝置,且該App係經該密碼設定模組認證;以及一認證裝置,與該第二伺服器通訊連接,該認證裝置具有一顯示元件、一輸入元件及一金融卡讀寫元件; 該密碼設定模組於一預先註冊程序中:接收一第一認證資料,其係由該行動裝置的識別資訊以及該持卡人的個人資訊所組成,並將該第一認證資料儲存於該儲存子模組;以及,接收一第二認證資料,其為一自選文摘,並將該第二認證資料儲存於該儲存子模組; 該App於啟動後自動觸發一事件,要求輸入個人資訊及金融卡之帳號,並將輸入之個人資訊及帳號傳送予該密碼設定模組; 該密碼設定模組於向該金融卡管理模組確認該金融卡之狀態之後:根據一組合方法組合該第一認證資料,以產生一第一金鑰,其中,該組合方法係隨機挑選自複數個組合方法,並具有一第一編號;自複數個加密方法中隨機挑選一加密方法,該加密方法具有一第二編號;以及,向該App傳送該第一編號,及基於該第一金鑰加密後的確認資料,該確認資料包括一加密資訊及該自選文摘,其中,該加密資訊包括該第二編號,及一開始取樣位置; 該App自該行動裝置取得該行動裝置的識別資訊以及該持卡人的個人資訊,並根據該第一編號所對應的組合方法,組合所述識別資訊及個人資訊,以產生一第二金鑰;使用該第二金鑰解譯得到該加密資訊及該自選文摘,並根據該第二編號所對應的加密方法及該開始取樣位置,對該自選文摘進行加密,得到一加密值;以及,基於該第二金鑰對該加密值進行加密後傳送予該密碼設定模組; 該密碼設定模組於確認該加密值的正確性後,向該金融卡管理模組發送取得認證碼之請求,並取得一認證碼;以及,產生一認證碼圖像,並傳送予該App; 該App顯示該認證碼圖像,以供該持卡人藉由認證裝置首次設定該金融卡之密碼時使用;以及 該認證裝置藉由該金融卡讀寫元件讀取該金融卡,並向該金融卡管理模組確認該金融卡之狀態,接著藉由該顯示元件提供一第一使用者介面,供該持卡人藉由該輸入元件輸入該認證碼以及該金融卡之新密碼,以完成首次密碼設定。In another aspect, the present invention provides a method for helping a cardholder to set a password for a financial card for the first time, including: providing a first server with a password setting module including a storage sub-module; a second servo Device, which is electrically connected to the first server, and is provided with a financial card management module; a software product (App), which is communicatively connected to the first server, the App is installed in the cardholder's possession A mobile device, and the App is authenticated by the password setting module; and an authentication device is communicatively connected with the second server, the authentication device has a display element, an input element, and a financial card read-write element; the The password setting module is in a pre-registration procedure: it receives a first authentication data, which is composed of the identification information of the mobile device and the personal information of the cardholder, and stores the first authentication data in the storage sub-module. Module; and, receiving a second authentication data, which is an optional digest, and storing the second authentication data in the storage sub-module; the App automatically triggers an event after startup, and requires input of a Personal information and financial card account number, and send the entered personal information and account number to the password setting module; the password setting module after confirming the status of the financial card to the financial card management module: according to a combination method The first authentication data is used to generate a first key, wherein the combination method is randomly selected from a plurality of combination methods and has a first number; an encryption method is randomly selected from the plurality of encryption methods, and the encryption method Having a second number; and transmitting the first number to the App, and the confirmation data encrypted based on the first key, the confirmation data including an encrypted information and the optional digest, wherein the encrypted information includes the first The second number, and the first sampling location; the app obtains the identification information of the mobile device and the personal information of the cardholder from the mobile device, and combines the identification information and the individual according to the combination method corresponding to the first number Information to generate a second key; use the second key to decipher the encrypted information and the optional digest, and pair it according to the second number Encryption method and the starting sampling position, encrypt the selected digest to obtain an encrypted value; and encrypt the encrypted value based on the second key and send it to the password setting module; the password setting module is After confirming the correctness of the encrypted value, send a request for obtaining an authentication code to the financial card management module and obtain an authentication code; and, generate an authentication code image and transmit it to the App; the App displays the authentication code An image for use by the cardholder when setting the password of the financial card for the first time through the authentication device; and the authentication device reads the financial card through the financial card read-write component and confirms with the financial card management module The state of the financial card, and then a first user interface is provided through the display element for the cardholder to input the authentication code and the new password of the financial card through the input element to complete the first password setting.
在該預先註冊程序中,該密碼設定模組可提供一第二使用者介面,以供該金融卡之發卡的方作業人員輸入該第一認證資料及該第二認證資料。前述識別資訊包含IMEI、UDID、鑰匙圈(Keychain)、MAC位址或其組合。該自選文摘可由該持卡人自行提供、或由該作業人員自該儲存子模組的資料庫中挑選、或由該密碼設定模組隨機自該儲存子模組的資料庫中挑選。In the pre-registration procedure, the password setting module may provide a second user interface for an operator of the issuing party of the financial card to input the first authentication information and the second authentication information. The aforementioned identification information includes IMEI, UDID, Keychain, MAC address, or a combination thereof. The optional digest may be provided by the cardholder, or selected by the operator from the database of the storage submodule, or randomly selected by the password setting module from the database of the storage submodule.
在本發明之部分具體實施例中,該App要求一啟動密碼。所述啟動密碼包括但不限於:圖形密碼、按鍵式密碼、指紋辨識或臉部辨識。In some specific embodiments of the invention, the App requires an activation password. The startup password includes, but is not limited to, a graphic password, a touch-tone password, fingerprint recognition, or face recognition.
在本發明之部分具體實施例中,該認證裝置的該第一使用者介面要求輸入認證碼及新密碼,以及該個人資訊的至少一部分,並基於所輸入的資料向該金融卡管理模組發送設定新密碼之請求。在特定具體實施例中,該金融卡管理模組確認接收到的認證碼及個人資料無誤後,取得經亂碼化的新密碼,並傳送予該認證裝置,供其藉由該金融卡讀寫元件寫入該經亂碼化的新密碼至該金融卡。In some specific embodiments of the present invention, the first user interface of the authentication device requires an authentication code and a new password, and at least a portion of the personal information, and sends the information to the financial card management module based on the input data. Request to set a new password. In a specific embodiment, after confirming that the received authentication code and personal data are correct, the financial card management module obtains a garbled new password and transmits it to the authentication device for reading and writing components by the financial card. Write the garbled new password to the debit card.
現配合 圖 1及 圖 2說明本發明之幫助持卡人首次設定金融卡密碼之系統及方法的特定較佳具體實施例。 Now with FIGS. 1 and 2 to help illustrate the present invention and a method setting system Cardholder first debit card passwords specific preferred embodiments.
首先請參見 圖 1,所示為本發明之一具體實施例之幫助持卡人首次設定金融卡密碼之系統。在本具體實施例中,幫助持卡人首次設定金融卡密碼之系統 1包含一第一伺服器 10、一第二伺服器 20、一軟體產品(App) 30以及一認證裝置 40。該軟體產品 30可為一行動軟體產品,例如,金融業者發行之App。 First, see FIG. 1, the present invention is shown in one particular embodiment the first cardholder help embodiments set passwords debit card system. In this specific embodiment, the system 1 for helping cardholders to set a password for a financial card for the first time includes a first server 10 , a second server 20 , a software product (App) 30, and an authentication device 40 . The software product 30 may be a mobile software product, such as an app issued by a financial industry.
該第一伺服器 10設有一密碼設定模組 12,其包括一儲存子模組 122。 該第二伺服器 20係與該第一伺服器 10電性連接,並設有一金融卡管理模組 22。該第一及第二伺服器 10及 20可設於該金融卡的發卡方。 The first server 10 is provided with a password setting module 12 , which includes a storage sub-module 122 . The second server 20 is electrically connected to the first server 10 and is provided with a financial card management module 22 . The first and second servers 10 and 20 may be disposed on a card issuer of the financial card.
該App 30係與該第一伺服器 10通訊連接,並安裝於該持卡人所持有的一行動裝置 70,且該App 30係經該密碼設定模組 12認證。該行動裝置 70可為一平板電腦或一智慧型手機,較佳為一智慧型手機。 The App 30 is communicatively connected to the first server 10 and is installed on a mobile device 70 held by the cardholder, and the App 30 is authenticated by the password setting module 12 . The mobile device 70 may be a tablet computer or a smart phone, preferably a smart phone.
該認證裝置 40藉由一專屬網路與該第二伺服器 20通訊連接,且其具有一顯示元件 42、一輸入元件 44及一金融卡讀寫元件 46。在部分實例中,該認證裝置 40為一自動櫃員機或一自動存提款機。 The authentication device 40 is communicatively connected to the second server 20 through a dedicated network, and has a display element 42 , an input element 44, and a financial card read-write element 46 . In some examples, the authentication device 40 is an automatic teller machine or an automatic teller machine.
在一預先註冊程序中,該密碼設定模組 12接收一第一認證資料及一第二認證資料,並將該第一及第二認證資料儲存於該儲存子模組 122。該第一認證資料係由該行動裝置 70的識別資訊以及該持卡人的個人資訊所組成,該第二認證資料則為一自選文摘。該文摘之位元數較佳係介於512位元至1024位元之間。 In a pre-registration process, the password setting module 12 receives a first authentication data and a second authentication data, and stores the first and second authentication data in the storage sub-module 122 . The first authentication data is composed of the identification information of the mobile device 70 and the personal information of the cardholder, and the second authentication data is an optional digest. The number of bits in the digest is preferably between 512 bits and 1024 bits.
該App 30在啟動後會自動觸發一事件,要求輸入個人資訊及金融卡之帳號,並將輸入之個人資訊及帳號傳送予該密碼設定模組 12。較佳地,該App要求一啟動密碼,驗證啟動密碼為正確後才會啟動該App,以符合安全性需求。 After launching the App 30 , an event will be triggered automatically, requesting input of personal information and debit card account number, and transmitting the entered personal information and account number to the password setting module 12 . Preferably, the App requires a startup password, and the App will be launched only after verifying that the startup password is correct to meet security requirements.
該密碼設定模組 12於向該金融卡管理模組 22確認該金融卡之狀態之後會執行以下步驟:(1) 根據一組合方法組合該第一認證資料,以產生一第一金鑰,其中,該組合方法係隨機挑選自複數個組合方法,並具有一第一編號;(2) 自複數個加密方法中隨機挑選一加密方法,該加密方法具有一第二編號;以及,(3) 將該第一編號以及基於該第一金鑰加密後的確認資料傳送予該App,該確認資料包括一加密資訊以及如前述之自選文摘,其中,該加密資訊包括該第二編號,及一開始取樣位置。 The password setting module 12 performs the following steps after confirming the status of the financial card to the financial card management module 22 : (1) combining the first authentication data according to a combination method to generate a first key, wherein The combination method randomly selects a plurality of combination methods and has a first number; (2) randomly selects an encryption method from the plurality of encryption methods, and the encryption method has a second number; and (3) replaces The first number and the confirmation data encrypted based on the first key are transmitted to the App, the confirmation data includes an encrypted information and the optional digest as described above, wherein the encrypted information includes the second number, and sampling is started position.
該App 30會自該行動裝置 70取得該行動裝置 70的識別資訊以及該持卡人的個人資訊,並根據該第一編號所對應的組合方法,組合所述識別資訊及個人資訊,以產生一第二金鑰;使用該第二金鑰解譯得到該加密資訊及該自選文摘,並根據該第二編號所對應的加密方法及該開始取樣位置,對該自選文摘進行加密,得到一加密值;以及,基於該第二金鑰對該加密值進行加密後傳送予該密碼設定模組 12。 The App 30 obtains the identification information of the mobile device 70 and the personal information of the card holder from the mobile device 70 , and combines the identification information and personal information according to a combination method corresponding to the first number to generate a A second key; using the second key to decipher the encrypted information and the optional digest, and encrypt the optional digest according to the encryption method corresponding to the second number and the starting sampling position to obtain an encrypted value ; And, encrypting the encrypted value based on the second key and transmitting the encrypted value to the password setting module 12 .
於確認該加密值的正確性後,向該金融卡管理模組 22發送取得認證碼之請求,並取得一認證碼;以及,產生一認證碼圖像,並傳送予該App 30。該密碼設定模組 12可採用視覺密碼學理論方法對該認證碼加密產出所述認證碼圖像,使其明碼值需要人工以眼睛目視方式才能正確讀取。 After confirming the correctness of the encrypted value, a request for obtaining an authentication code is sent to the financial card management module 22 , and an authentication code is obtained; and an authentication code image is generated and transmitted to the App 30 . The password setting module 12 can encrypt the authentication code to produce the authentication code image by using a visual cryptography theory method, so that the plain code value of the authentication code can be read manually by human eyes.
接著,該App 30會顯示該認證碼圖像,以供該持卡人藉由該認證裝置 40首次設定該金融卡之密碼時使用。首次設定該金融卡之密碼時,該認證裝置 40藉由該金融卡讀寫元件 46讀取該金融卡,並向該金融卡管理模組 22確認該金融卡之狀態,接著藉由顯示元件 42自動提供一第一使用者介面,供該持卡人藉由該輸入元件 44輸入該認證碼以及該金融卡之新密碼,以完成首次密碼設定。 Then, the App 30 displays the authentication code image for use by the cardholder when setting the password of the financial card for the first time through the authentication device 40 . When the password of the financial card is set for the first time, the authentication device 40 reads the financial card through the financial card read-write component 46 , and confirms the status of the financial card with the financial card management module 22 , and then displays the component 42 through A first user interface is automatically provided for the cardholder to input the authentication code and the new password of the financial card through the input element 44 to complete the first password setting.
另一方面,本發明提供一種幫助持卡人首次設定金融卡密碼之方法。請參見 圖 2,其為本發明之幫助持卡人首次設定金融卡密碼之方法的一具體實施例之流程圖。如圖所示,該方法包含下列步驟:( S110)提供一第一伺服器,設有一密碼設定模組,其包括一儲存子模組; 一第二伺服器,與該第一伺服器電性連接,並設有一金融卡管理模組;一軟體產品(App),與該第一伺服器通訊連接,該App係安裝於該持卡人所持有的一行動裝置,且該App係經該密碼設定模組認證;以及一認證裝置,與該第二伺服器通訊連接,該認證裝置具有一顯示元件、一輸入元件及一金融卡讀寫元件;( S120)該密碼設定模組於一預先註冊程序中:接收一第一認證資料,其係由該行動裝置的識別資訊以及該持卡人的個人資訊所組成,並將該第一認證資料儲存於該儲存子模組;以及,接收一第二認證資料,其為一自選文摘,並將該第二認證資料儲存於該儲存子模組;( S210)該App於啟動後自動觸發一事件,要求輸入個人資訊及金融卡之帳號,並將輸入之個人資訊及帳號傳送予該密碼設定模組;( S220)該密碼設定模組於向該金融卡管理模組確認該金融卡之狀態之後:根據一組合方法組合該第一認證資料,以產生一第一金鑰,其中,該組合方法係隨機挑選自複數個組合方法,並具有一第一編號;自複數個加密方法中隨機挑選一加密方法,該加密方法具有一第二編號;以及,向該App傳送該第一編號,及基於該第一金鑰加密後的確認資料,該確認資料包括一加密資訊及該自選文摘,其中,該加密資訊包括該第二編號,及一開始取樣位置;( S230)該App自該行動裝置取得該行動裝置的識別資訊以及該持卡人的個人資訊,並根據該第一編號所對應的組合方法,組合所述識別資訊及個人資訊,以產生一第二金鑰;使用該第二金鑰解譯得到該加密資訊及該自選文摘,並根據該第二編號所對應的加密方法及該開始取樣位置,對該自選文摘進行加密,得到一加密值;以及,基於該第二金鑰對該加密值進行加密後傳送予該密碼設定模組;( S310)該密碼設定模組於確認該加密值的正確性後,向該金融卡管理模組發送取得認證碼之請求,並取得一認證碼;以及,產生一認證碼圖像,並傳送予該App; ( S320)該App顯示該認證碼圖像,以供該持卡人藉由認證裝置首次設定該金融卡之密碼時使用;以及,( S410)該認證裝置藉由該金融卡讀寫元件讀取該金融卡,並向該金融卡管理模組確認該金融卡之狀態,接著藉由該顯示元件提供一第一使用者介面,供該持卡人藉由該輸入元件輸入該認證碼以及該金融卡之新密碼,以完成首次密碼設定。 In another aspect, the present invention provides a method for helping a cardholder to set a password for a financial card for the first time. See flowchart of FIG. 2, which helps the present invention a method of setting the first cardholder financial card of a particular embodiment of a password. As shown in the figure, the method includes the following steps: ( S110 ) providing a first server with a password setting module including a storage sub-module; a second server electrically connected to the first server And a financial card management module; a software product (App) that communicates with the first server, the App is installed on a mobile device held by the cardholder, and the App is approved by the Password setting module authentication; and an authentication device in communication with the second server, the authentication device having a display element, an input element, and a financial card read-write element; ( S120 ) the password setting module is During the registration process: receiving a first authentication data, which is composed of identification information of the mobile device and personal information of the cardholder, and storing the first authentication data in the storage sub-module; and, receiving a The second authentication information is an optional digest, and the second authentication information is stored in the storage submodule; ( S210 ) After the app is started, an event is automatically triggered to request input of personal information and debit card account Number, and send the entered personal information and account number to the password setting module; ( S220 ) After the password setting module confirms the status of the financial card to the financial card management module: combine the first according to a combination method Authentication data to generate a first key, wherein the combination method is randomly selected from a plurality of combination methods and has a first number; among the plurality of encryption methods, an encryption method is randomly selected, and the encryption method has a first The second number; and transmitting the first number to the App and the confirmation data encrypted based on the first key, the confirmation data including an encrypted information and the optional digest, wherein the encrypted information includes the second number, And the first sampling location; ( S230 ) The App obtains the identification information of the mobile device and the personal information of the cardholder from the mobile device, and combines the identification information and the individual according to the combination method corresponding to the first number Information to generate a second key; use the second key to decipher the encrypted information and the optional digest, and according to the second number corresponding to The encryption method and the sampling start position, the encrypted digest managed to obtain an encrypted value; and, after encrypting the second key value based on the encrypted password is transmitted to the setting module; (S310) the password setting mode After confirming the correctness of the encrypted value, the group sends a request for obtaining an authentication code to the financial card management module and obtains an authentication code; and, generates an authentication code image and transmits it to the App; ( S320 ) the App displays the authentication code image for the cardholder to use when setting the password of the financial card for the first time through the authentication device; and ( S410 ) the authentication device reads the financial card through the financial card read-write element, And confirming the status of the financial card to the financial card management module, and then providing a first user interface through the display element for the cardholder to input the authentication code and the new password of the financial card through the input element To complete the first password setup.
本發明之幫助持卡人首次設定金融卡密碼之方法可配合或不配合前述之幫助持卡人首次設定金融卡密碼之系統 1完成。 The method of helping the cardholder to set the password of the financial card for the first time can be completed with or without the aforementioned system 1 for helping the cardholder to set the password of the financial card for the first time.
藉由以下實例更詳細地描述本發明的具體實施方式,但本發明並不受限於其中提供的特定配置、條件及方法。The specific embodiments of the present invention are described in more detail by the following examples, but the present invention is not limited to the specific configurations, conditions, and methods provided therein.
實例Examples 11 :前置作業: Pre-operation
金融業者提供一管理伺服器(第一伺服器),其安裝有密碼設定模組,供行員為申請辦理新金融卡的使用者(金融卡持卡人,在實例中以「使用者」稱之),註冊登錄所約定的認證資料,該註冊資料儲存於密碼設定模組的資料庫內。其相關交易功能及註冊內容如下:The financial industry provides a management server (first server), which is installed with a password setting module, for the clerk to apply for a new financial card user (financial card holder, in the example referred to as "user" ), Register the authentication information agreed upon, and the registration information is stored in the database of the password setting module. Its related transaction functions and registration contents are as follows:
1. 綁定使用者行動裝置設備認證資料(第一認證資料): a. 登錄IMEI/UDID/Keychain/MAC/身份證號/生日/手機電話號碼/等認證資料。 此處可由辦理新金融卡的使用者先到金融業者之分行櫃檯或預先在官方網站,自所屬手機查得IMEI/UDID/Keychain/MAC等資料後填入申請表單,行員配合申請單填寫內容將資料登錄系統。前述認證資料可與使用者的身份證號綁定。 b. 第一認證資料之使用: (1) 於綁定第一認證資料時,密碼設定模組當下自動隨機亂數指定其組合方法之初始值,並將該組合方法儲存於資料庫(3個Bytes)。 (2) 該組合方法係用於將IMEI/UDID/Keychain/MAC/身份證號/生日等欄位資料做隨機組合。 (3) 在資料庫儲存的「組合方法」(3個Bytes),實質是個數字,資料庫不 儲存經組合後的資料原始內容。此處資料庫儲存的「組合方法」值,僅為一個初始值,密碼設定模組於每次受理請求時應重新自動隨機亂數產出「組合方法」值,以新的「組合方法」值更新資料庫該欄值。 (4) 經組合後的資料原始內容,後續以「Current_key」(此處為第一金鑰)稱之,其長度應至少128個Bytes。此「Current_key」即為後續欲對敏感性資料以進階加密標準(AES)加密時的金鑰。欲知Current_key需先知它的「組合方法」以及其相對應程式碼,當原註冊登錄綁定的第一認證資料外洩時,亦未直接暴露該使用者的Current_key內容。1. Binding user mobile device equipment authentication information (first authentication information): a. Login IMEI / UDID / Keychain / MAC / ID number / birthday / mobile phone number / etc. Authentication information. Here, the user who applies for a new financial card can go to the financial institution's branch counter or visit the official website in advance to fill in the application form after checking the IMEI / UDID / Keychain / MAC and other information from their mobile phone. Information login system. The aforementioned authentication information can be bound to the user's ID number. b. Use of the first authentication data: (1) When the first authentication data is bound, the password setting module automatically and randomly specifies the initial value of its combination method, and stores the combination method in the database (3 Bytes). (2) This combination method is used to randomly combine fields such as IMEI / UDID / Keychain / MAC / ID number / birthday. (3) The "combination method" (3 Bytes) stored in the database is actually a number. The database does not store the original content of the combined data. The "combination method" value stored in the database here is only an initial value. The password setting module should automatically and randomly generate a "combination method" value every time it accepts a request, using the new "combination method" value. Update the value of this column in the database. (4) The original content of the combined data will be referred to as "Current_key" (here the first key), and its length should be at least 128 Bytes. This "Current_key" is the key when subsequent sensitive data is to be encrypted with Advanced Encryption Standard (AES). In order to know Current_key, it is necessary to know its "combination method" and its corresponding code. When the first authentication information bound by the original registration is leaked, the current_key content of the user is not directly exposed.
2. 綁定使用者識別資料(第二認證資料): 行員為申辦新金融卡的使用者登錄自選文摘1則(512 Bytes≦ 文摘 ≦1024 Bytes)。第二認證資料亦可與使用者的身份證號綁定。該自選文摘可由使用者提供、或由行員、或由系統隨機自資料庫為使用者挑選。2. Binding User Identification Information (Second Authentication Information): The clerk will register one digest of the user's choice for applying for a new financial card (512 Bytes ≦ Digest ≦ 1024 Bytes). The second authentication information can also be bound to the user's ID number. The optional digest can be provided by the user, or can be selected by the user for the user or by the system randomly from the database.
使用者於以上前置作業註冊資料完成後,即可操作交易裝置,從網路環境(Internet)下載/安裝「初始密碼應用程式」(軟體產品(App)),於完成安裝作業後,始告前置作業完成:After completing the pre-operation registration data above, the user can operate the trading device, download / install the "Initial Password Application" (software product (App)) from the Internet environment, and start to report after the installation is completed. Preparatory work completed:
1. App須強制提供圖形密碼、按鍵式密碼、指紋辨識、或臉部辨識等選項,供使用者設定App的啟動密碼。1. The app must provide options such as graphic password, touch-tone password, fingerprint recognition, or face recognition for users to set the startup password of the app.
2. 使用者於每次執行該App時,App須要求使用者輸入使用者身份證號、生日、及金融卡帳號,並即時發送上行電文給密碼設定模組完成初步鑑別使用者身份。 a. 上行電文內容需包含身份證號、生日、金融卡帳號、及App的版號、日期等資訊。 b. 伺服器端的密碼設定模組鑑別使用者身份及其行動裝置設備無誤之後,須儲存該App的版號、日期、本次申請金融卡帳號等上行電文資訊,供未來在交易作業階段鑑別App合法性之用。 c. 該「金融卡帳號」須為新申請且尚未變更金融卡初始密碼之金融卡帳號。2. Each time the user executes the app, the app must ask the user to enter the user's ID number, birthday, and debit card account number, and immediately send an uplink message to the password setting module to complete the initial identification of the user. a. The content of the uplink message must include the ID number, birthday, debit card account number, and app version number and date. b. After the server-side password setting module verifies that the user ’s identity and mobile device are correct, it must store the app ’s version number, date, and the current application ’s financial card account number and other upstream message information for future verification of the app during the transaction operation stage. For legitimacy. c. The "Financial Card Account Number" must be a newly applied financial card account number that has not changed its initial password.
實例Examples 22 :交易作業: Trading operations
1. 使用者在個人裝置介面登入「啟動密碼」後啟動如實例1之App,App要求使用者輸入身份鑑別資訊: a. App於個人裝置介面顯示訊息,要求輸入使用者身份證號、生日、及金融卡帳號。 b. 上行電文關鍵內容 = 身份證號、生日、金融卡帳號、以及安裝該APP之版號與日期等資訊。 c. 上行電文訊息經防火牆(Web AP F/W)解譯SSL加密內容後傳遞給密碼設定模組主機。 d. 密碼設定模組依據上行電文訊息審核該使用者所安裝App的合法性、以及確認使用者之金融卡帳號當下狀態。 (1) 該金融卡帳號須為新申請且尚未變更金融卡初始密碼之金融卡帳號。 (2) 該金融卡狀態須為正常戶。 (3) 當密碼設定模組資料庫有該帳號資料、但未逾時10分鐘以上,應拒絕App之本次交易重覆請求。 (4) 於鑑別使用者身份(身份證號、生日、金融卡帳號)不符合時,密碼設定模組須同步透過簡訊、電子郵件等通報持卡人。於累積錯誤次數超過4次時,系統應拒絕交易,並請使用者聯繫客服人員審核使用者身份之後重設累積錯誤次數。 e. 密碼設定模組審核上行電文訊息無誤後,產出下行電文回覆App: (1) 系統依據資料庫儲存該使用者的「組合方法」,以使用者原始綁定之行動裝置認證資料產出「Current_key」(第一金鑰)。 (2) 下行電文關鍵內容 = 網頁識別碼 + 組合方法 + 以「Current_key」AES(加密方法 + 自選文摘 + SHA-256(「Current_key」)) + App合法性鑑別結果,其中,SHA-256為一雜湊函式。 (a) 「加密方法」欄共計10個Bytes,前3個Bytes放置產出「Current_key」的「組合方法」、第4~6個Bytes放置當次加密方法項目、末4個Bytes放置當次加密時「自選文摘」的開始取樣位置。 (b) 上述「加密方法」值及「開始取樣位置」值均於交易當下隨機亂數產出,此隨機亂數值需異於前三次記錄。 (c)「網頁識別碼」為密碼設定模組、App、金融卡系統等多方系統針 對同一請求交易的共同識別序號,網頁識別碼值由密碼設定模組產生。網頁識別碼值生命週期,於密碼設定模組在此產出下行電文回覆App時產生、於App取得認證碼值圖像、持卡人操作自動存提款機特定功能完成金融卡新密碼設定後結束。 f. 將前述上行電文及下行電文內容儲存於密碼設定模組的資料庫,供後續交易鑑別勾稽使用者身份之用。1. The user launches the App such as Example 1 after logging in to the "Startup Password" on the personal device interface. The App requires the user to enter identity authentication information: a. The app displays a message on the personal device interface, asking for the user's ID number, birthday, And debit card accounts. b. Key content of the uplink message = ID number, birthday, debit card account number, and version number and date of the app. c. The uplink message is decoded by the firewall (Web AP F / W) and then transmitted to the host of the password setting module. d. The password setting module checks the legitimacy of the app installed by the user and confirms the current status of the user's financial card account according to the uplink message. (1) The account number of the debit card must be a debit card account that has been newly applied for and has not changed the initial password of the debit card. (2) The status of the debit card must be normal. (3) When the password setting module database has the account information, but it has not timed out for more than 10 minutes, it should reject the application's repeat request for this transaction. (4) When the identity of the user (identification number, birthday, debit card account) is not matched, the password setting module must notify the cardholder via SMS, email, etc. simultaneously. When the accumulated error count exceeds 4 times, the system should reject the transaction and ask the user to contact the customer service staff to review the user's identity and reset the accumulated error count. e. After the password setting module verifies that the uplink message is correct, it generates a reply to the downlink message App: (1) The system stores the user's "combination method" according to the database, and the mobile device authentication data originally bound by the user is output. "Current_key" (first key). (2) The key content of the downlink message = webpage identification code + combination method + "Current_key" AES (encryption method + optional digest + SHA-256 ("Current_key")) + App legitimacy authentication result, where SHA-256 is a Hash function. (a) The "Encryption method" column has a total of 10 Bytes. The first 3 Bytes are placed in the "Combination Method" that produces "Current_key", the 4th to 6th Bytes are placed in the current encryption method item, and the last 4 Bytes are placed in the current encryption. Start sampling position of "Selected Digest". (b) The above values of "encryption method" and "start sampling position" are both randomly generated at the moment of the transaction. This random random value needs to be different from the previous three records. (c) "Web page identification code" is a common identification number for multi-party systems such as the password setting module, App, and financial card system for the same requested transaction. The web page identification value is generated by the password setting module. The life cycle of the webpage identification code value is generated when the password setting module generates a downlink message in response to the App, obtains the authentication code value image in the App, and the cardholder operates the special function of the automatic deposit and withdrawal machine to complete the new password setting of the financial card End. f. Store the content of the aforementioned uplink message and downlink message in the database of the password setting module for subsequent transactions to verify the identity of the user.
2. App於收到密碼設定模組的下行電文後: a. 當下行電文內容之「App合法性鑑別結果」值是成功時,依據下行電文之「組合方法」值(下行電文之「加密方法」欄的前3個Bytes值),自使用者的行動裝置取得該裝置資料(包含IMEI/UDID/ Keychain/MAC等資訊),以及該使用者的個人資訊(身份證號/生日等資訊,可由該使用者自行登錄並儲存於該行動裝置),以 產出「Current_key」(第二金鑰)(亦即,該App內建有複數個組合方法,可依據所接獲的編號來確定使用的組合方法),一來對下行電文之「加密方法」欄做解密,取得當次「加密方法」明碼值;二來鑑別下行電文之SHA-256 (「Current_key」)欄值的一致性(鑑別當下App所連結之密碼設定模組主機的合法性)。 b. App再依當次「加密方法」(下行電文之「加密方法」欄的第4~6個Bytes值、以及末4個Bytes值)對「自選文摘」內容做加密並產出上行電文,向密碼設定模組發動取得認證碼請求(亦即,該App內建有複數個加密方法,可依據所接獲的編號來確定使用的加密方法)。 (1) 上行電文關鍵內容 = 網頁識別碼 + Mobile值 + Verify值 + 前述各步驟上下行電文的部份資料 (a) Mobile值 = SHA-256(從交易裝置本機產出的「Current_key」 (b) Verify值 = 以「Current_key」AES{(依加密方法對「自選文摘」內容做加密) + SHA-256(「自選文摘」內容)} ;「加密方法」欄共計10個Bytes,前3個Bytes放置產出「Current_key」的「組合方法」、第4~6個Bytes放置當次加密方法項目、末4個Bytes放置當次加密時「自選文摘」的開始取樣位置。App依據前述下行電文取得的「加密方法」值,以所指定「自選文摘」的「開始取樣位置」值做開始取樣、以所指定的「加密方法」編號值執行對應的加密用程式碼,經加密後產出x值,其長度應至少128個Bytes。之後,再以「Current_key」(第二金鑰)AES加密保護該x值以及相關雜湊函數值。 (2) App將本次上行電文經SSL加密後,傳送給密碼設定模組主機。2. After the App receives the downlink message of the password setting module: a. When the value of the "App legitimacy result" of the content of the downlink message is successful, according to the "combination method" value of the downlink message (the "encryption method of the downlink message") The first 3 Bytes of the column), get the device data (including IMEI / UDID / Keychain / MAC and other information) from the user ’s mobile device, and the user ’s personal information (identity number / birthday information, etc.) The user logs in and stores it on the mobile device by himself) to generate "Current_key" (second key) (that is, the App has a plurality of combination methods built-in, which can be determined according to the received number Combination method), one is to decrypt the "encryption method" column of the downlink message to obtain the current "encryption method" plain code value; the other is to identify the consistency of the value in the SHA-256 ("Current_key") column of the downstream message The password connected to the App sets the legitimacy of the module host). b. The App then encrypts the content of the "optional digest" according to the current "encryption method" (the 4th to 6th Bytes value and the last 4 Bytes value in the "encryption method" column of the downstream message), and generates an uplink message Send a request for obtaining an authentication code to the password setting module (that is, the App has a plurality of encryption methods built in, and the encryption method used can be determined according to the received number). (1) Key content of the uplink message = webpage identification code + Mobile value + Verify value + some data of the uplink and downlink messages in the previous steps (a) Mobile value = SHA-256 ("Current_key" ( b) Verify value = "Current_key" AES {(encrypt the "optional digest" content according to the encryption method) + SHA-256 ("optional digest" content)}; the "encryption method" column totals 10 bytes, the first 3 Bytes puts the "Combined Method" of "Current_key", the 4th to 6th Bytes puts the current encryption method item, and the last 4 Bytes puts the starting sampling position of "Selected Digest" when the current encryption is made. The app obtains it according to the aforementioned downlink message "Encryption method" value, start sampling with the "Start Sampling Position" value of the specified "Selected Digest", execute the corresponding encryption code with the specified "Encryption method" number value, and generate x value after encryption , Its length should be at least 128 Bytes. After that, the value of x and the related hash function value are protected by AES encryption of "Current_key" (second key). (2) The App sends the uplink message to the server after it is encrypted by SSL. Password setting Host module.
3. 密碼設定模組於收到App的上行電文(請求取得認證碼)後: a. 依據該使用者本次交易資訊,檢核App的本次上行電文內容,鑑別該行動裝置設備內容(IMEI/UDID/Keychain/MAC)、該使用者的個人資訊(身份證號/生日)等資料的合法性、以及所安裝App的正確性,從而達到鑑別使用者身份的目的。 b. 於鑑別使用者身份不符合時,密碼設定模組須同步透過簡訊、電子郵件等通報持卡人。於累積錯誤次數超過4次時,系統應拒絕交易,並請使用者聯繫客服人員審核使用者身份之後重設累積錯誤次數。 c. 於鑑別使用者身份符合後,密碼設定模組產出上行電文內容,向金融卡系統主機(第二伺服器)發動請求取得當次認證碼值。 (1) 上行電文內容包括:網頁識別碼、金融卡帳號、交易日期、交易時間、ATM機號(此處為空白值)、ATM交易序號(此處為空白值)、認證碼值(此處為空白值)等資料。 (2) 金融卡系統(金融卡管理模組)核驗上行電文無誤後,隨機產出「認證碼值」並回覆給密碼設定模組。 (a)「認證碼」係為後續供持卡人以新申請實體金融卡插入自動存提款機(認證裝置)並操作特定交易、完成金融卡新密碼設定作業時,做為金融卡系統對持卡人身份鑑別之用。 (b) 金融卡管理模組每次動態隨機產出的「認證碼」,有效期10分鐘、認證碼值為6~8碼隨機數字。 (c) 金融卡管理模組儲存此交易需求內容,供後續持卡人以新申請實體金融卡插入自動存提款機並操作特定交易、完成金融卡新密碼設定作業時,做為金融卡系統對持卡人身份鑑別之用。 d. 密碼設定模組於收妥認證碼值後,先採「視覺密碼學理論方法」對金融卡初始密碼值明碼 產出「認證碼值圖像」,之後再產出下行電文(含加密後認證碼值圖像),經SSL加密後回覆給App。 (1) 採「視覺密碼學理論方法」加密產出「認證碼值圖像」: (a) 步驟一:隨機取得底圖或底色 (b) 步驟二:在背景產製數條干擾線(線條顏色、粗細、長短、位置均隨機產生) (c) 步驟三:產製數字(隨機數字顏色、字體、字形、向不同方向(PIXEL)移位產製多 次相同數字) (d) 步驟四:在前景產製數條干擾線(線條顏色、粗細、長短、位置均隨機產生) (e) 步驟五:產生JPEG圖檔 (f) 經此方法將密碼值明碼做妥適加密保護之後,該圖像之明碼值需要人工以眼睛目視方式才能正確讀取。 (2) 下行電文關鍵內容:網頁識別碼、認證碼值圖像、App合法性鑑別結果等資料。 (3) 密碼設定模組更新資料庫之該使用者本次交易處理狀況與身份鑑別結果等資訊。 (4) 本次下行電文內容除了包含認證碼值圖像,另應包含通知持卡人儘速在限時內(例如,10分鐘) 操作自動存提款機特定功能完成金融卡新密碼設定。 (5) 密碼設定模組須同步透過簡訊、電子郵件通知持卡人:認證碼值完成交付,請持卡人儘速在限時內操作自動存提款機特定功能完成金融卡新密碼設定等訊息。3. After the password setting module receives the uplink message of the App (requesting an authentication code): a. According to the user's current transaction information, check the content of the App's uplink message to identify the mobile device device content (IMEI / UDID / Keychain / MAC), the legality of the user's personal information (ID card number / birthday), and the correctness of the installed app, so as to identify the user. b. When the identity of the user is not identified, the password setting module must notify the cardholder via SMS, email, etc. simultaneously. When the accumulated error count exceeds 4 times, the system should reject the transaction and ask the user to contact the customer service staff to review the user's identity and reset the accumulated error count. c. After verifying the identity of the user, the password setting module generates the content of the uplink message, and sends a request to the host of the financial card system (second server) to obtain the current authentication code value. (1) The content of the uplink message includes: web page identification code, financial card account number, transaction date, transaction time, ATM machine number (here blank value), ATM transaction serial number (here blank value), and authentication code value (here Is blank). (2) After the financial card system (financial card management module) verifies that the upstream message is correct, it randomly generates "authentication code value" and responds to the password setting module. (a) "Authentication code" is used as a financial card system for subsequent cardholders to insert a new physical financial card into an automatic deposit and withdrawal machine (authentication device), operate a specific transaction, and complete the setting of a new password for a financial card. Cardholder identification. (b) The "authentication code" generated dynamically and randomly by the financial card management module is valid for 10 minutes and the authentication code value is a random number of 6-8 digits. (c) The financial card management module stores this transaction requirement content for subsequent cardholders to use the new physical financial card to insert automatic deposit and withdrawal machines and operate specific transactions, and complete the new password setting of the financial card as a financial card system For cardholder identification. d. After receiving the authentication code value, the password setting module first adopts the "Visual Cryptography Theory Method" to clearly output the "authentication code value image" of the initial password value of the financial card, and then generates a downlink message (including the encrypted one). Authentication code value image), reply to App after SSL encryption. (1) The "authentication code value image" is encrypted using "theoretical method of visual cryptography": (a) Step 1: Randomly obtain the base map or background color (b) Step 2: Produce several interference lines in the background ( Line color, thickness, length, and position are randomly generated) (c) Step 3: Produce numbers (random number colors, fonts, glyphs, shift to different directions (PIXEL) to produce the same number multiple times) (d) Step 4 : Generate several interference lines in the foreground (line color, thickness, length, and position are randomly generated) (e) Step 5: Generate JPEG image file (f) After the password value is properly encrypted and protected by this method, the The clear value of the image needs to be read by human eyes. (2) The key content of the downlink message: webpage identification code, authentication code value image, app legitimacy authentication result and other data. (3) The password setting module updates the database's current transaction processing status and identity authentication results. (4) In addition to the image of the authentication code value, the content of this downlink message should also include informing the cardholder to operate the specific function of the automatic deposit and withdrawal machine to complete the new password setting of the financial card within a time limit (for example, 10 minutes). (5) The password setting module must simultaneously notify the cardholder via SMS and email: the authentication code value is completed, and the cardholder is requested to operate the specific function of the automatic deposit and withdrawal machine within the time limit to complete the new password setting of the financial card and other information .
4. App於收到密碼設定模組的下行電文(含認證碼值圖像)後: a. 顯示認證碼值圖像於個人裝置介面。 b. 顯示通知持卡人儘速在限時內操作自動存提款機特定功能完成金融卡新密碼設定等訊息於個人裝置介面。 c. App將本筆交易選擇重點資料儲存於個人裝置設備端的加密型檔案。該檔 案採先進先出法,最多儲存十筆交易記錄軌跡。4. After receiving the downlink message (including the authentication code value image) from the password setting module, the App: a. Display the authentication code value image on the personal device interface. b. Display a message informing the cardholder that the specific function of the ATM is completed within the time limit to complete the setting of the new password of the debit card and other information on the personal device interface. c. The app stores the key data of this transaction selection in an encrypted file on the personal device device side. This file uses the first-in-first-out method and stores a maximum of ten transaction records.
5. 使用者(持卡人)於取得認證碼後,須在限時內,以新申請實體金融卡插入自動存提款機(認證裝置)並操作特定交易,完成金融卡新密碼的設定作業。 a. 認證裝置的特定交易功能: (1) 該特定交易功能係參照現行分行櫃檯「金融卡重設密碼」交易功能(非金融卡密碼變更交易),供持卡人以新申請實體金融卡插入自動存提款機、在自動存提款機介面輸入當次認證碼值、以及自行設定的金融卡新密碼值,完成金融卡新密碼的設定作業。 (2) 特定交易功能資料處理流程: (a) 特定交易功能連線呼叫實體金融卡晶片內軟體,請其隨機產出一組亂數。 (b) 產出上行電文,向金融卡管理模組發動產出該金融卡新密碼值請求。上行電文關鍵資料:金融卡帳號、認證碼、金融卡新密碼、金融卡晶片軟體當次產出之亂數值等資料。 (c) 金融卡管理模組審核上行電文無誤後,連線呼叫實體亂碼化設備(Hardware DES)產出經亂碼化後的金融卡新密碼值。 (d) 金融卡管理模組產出下行電文(內含「經亂碼化後的金融卡新密碼值」)回覆給自動存提款機特定交易功能。 (e) 特定交易功能連線呼叫實體金融卡晶片內軟體,請其解鎖卡片、以及寫入「經亂碼化後的金融卡新密碼值」至晶片。 b. 金融卡管理模組每次動態隨機產出的「認證碼」,其具有特定有效時限,持卡人須在限時內)完成設定金融卡新密碼。 c. 當該金融卡已完成新密碼設定作業,自動存提款機應拒絕持卡人重覆執行特定交易功能。5. After obtaining the authentication code, the user (cardholder) must insert the new physical financial card into the automatic deposit and withdrawal machine (authentication device) and operate the specific transaction to complete the setting of the new password for the financial card. a. Specific transaction functions of the authentication device: (1) This specific transaction function refers to the current "Financial Card Reset Password" transaction function at the branch counter (non-financial card password change transaction) for cardholders to insert a new physical financial card application The automatic deposit and withdrawal machine, input the current authentication code value and the new password value of the financial card set on the interface of the automatic deposit and withdrawal machine, complete the setting of the new password of the financial card. (2) Data processing flow of specific transaction function: (a) The specific transaction function calls the software in the physical financial card chip, and asks it to randomly generate a random number. (b) Generate an uplink message and send a request to the financial card management module to generate a new password value for the financial card. Key data of the uplink message: financial card account number, authentication code, new password for the financial card, and chaotic values of the current output of the financial card chip software. (c) After the financial card management module verifies that the upstream message is correct, the connected calling entity's garbled device (Hardware DES) generates a garbled new financial card's new password value. (d) The financial card management module generates a downlink message (containing the "new garbled financial card password") and responds to the specific transaction function of the ATM. (e) The specific transaction function calls the software in the physical financial card chip, and asks it to unlock the card and write the "new garbled financial card password" to the chip. b. The "authentication code" that is dynamically and randomly generated by the financial card management module each time has a certain valid time limit, and the cardholder must complete the setting of the new password of the financial card within the time limit. c. When the debit card has completed the new password setting operation, the automatic deposit and withdrawal machine should refuse the cardholder to perform specific transaction functions repeatedly.
6. 當使用者(持卡人)忘記認證碼值時,使用者須重新執行交易作業(上述步驟1.~5.)的完整程序,以取得新的認證碼值。6. When the user (cardholder) forgets the authentication code value, the user must re-execute the complete procedure of the transaction operation (the above steps 1. to 5.) to obtain the new authentication code value.
7. 當使用者(持卡人)未能在限時內從自動存提款機完成金融卡新密碼設定時,當次認證碼將逾時失效,使用者須重新執行交易作業(上述步驟1.~6.)的完整程序,以取得新的認證碼值。7. When the user (cardholder) fails to complete the new password setting of the financial card from the automatic deposit and withdrawal machine within the time limit, the current authentication code will expire and the user must re-execute the transaction operation (step 1 above). ~ 6.) Complete procedure to get new authentication code value.
綜上所述,本發明在交易裝置(行動裝置設備)及認證裝置(自動存提款機)兩個實體裝置相互分離下,藉由持卡人以人工操作行動裝置取得認證碼,促使兩個實體裝置分工處理同一筆交易請求,限時限次的完成身份勾稽暨鑑別程序,讓持卡人可及時手持金融卡在自動存提款機操作完成金融卡新密碼的設定作業。此等多因子交易安全模式,不僅符合主管機關對於交易安全設計應具使用「兩項(含)以上技術」的要求、更可確保該電子交易為人工操作完成,完全防範木馬程式自遠端操控交易的風險。To sum up, the present invention separates the two physical devices of the transaction device (mobile device equipment) and the authentication device (automatic deposit and withdrawal machine) from each other, and the cardholder manually obtains the authentication code through the mobile device, prompting the two The physical device handles the same transaction request, and completes the identity check and authentication process within a limited time and time, so that the cardholder can operate the automatic deposit and withdrawal machine in time to complete the setting of the new password of the financial card. These multi-factor transaction security models not only meet the requirements of the competent authority for the use of "two or more technologies" for transaction security design, but also ensure that the electronic transaction is completed manually and completely prevent the remote control of Trojan horse programs. Trading risks.
本發明係採二階段身份鑑別模式(包含對使用者個資資料、對所綁定的交易裝置認證資料及使用者識別資料、對交易是否為人工操作),有別於往常以「密碼」為唯一鑑別模式,對於使用者身份鑑別的交易安全門檻,可收到全面性的、實質性的強化效果。The present invention adopts a two-stage identity authentication mode (including personal data of users, authentication data of binding transaction devices and user identification data, and whether the transaction is manual operation), which is different from the usual "password" as The unique authentication mode can comprehensively and substantially strengthen the transaction security threshold for user identification.
本發明之交易框架的操作行為,需要使用者手持實體金融卡片插入自動存提款機操作特定交易功能,輸入當次認證碼值、以及自行設定的金融卡新密碼值後,完成金融卡新密碼的設定作業。駭客無法自遠端操控上述人工操作行為來完成金融卡新密碼的設定作業。The operation of the transaction framework of the present invention requires a user to hold a physical financial card and insert an automatic deposit and withdrawal machine to operate a specific transaction function. After entering the current authentication code value and the new password value set by the financial card, the new password for the financial card is completed. Setting operation. The hacker cannot remotely control the manual operation to complete the setting of the new password of the debit card.
對於使用者而言,可排除紙本密碼函之相關保管、遺失、遭竊的負擔與風險。對於歹徒、駭客而言,需要同時取得使用者的實體金融卡、綁定的實體行動裝置、App的「啟動密碼」以及使用者個資之後,才有機會取得認證碼值 ,並需在限時內完成金融卡新密碼的設定作業。較諸往常只要取得紙本密碼函及實體金融卡後就可犯案,其防範門檻已明顯提昇。For the user, the burden and risks related to the safekeeping, loss, and theft of paper password letters can be excluded. For gangsters and hackers, they need to obtain the user ’s physical financial card, the bound physical mobile device, the “startup password” of the app, and the user ’s personal information before they have the opportunity to obtain the authentication code value. Set up the new password of the debit card within. More often than not, you can commit a crime only after obtaining a paper password and a physical financial card. The threshold for prevention has been raised significantly.
對於金融機構而言,本發明除了確保資訊安全門檻提昇外,可為金融機構取代現行人工操作列印密碼函的繁瑣程序,節省其間配套的相關人工作業、環境設施、列印機器、紙張、郵遞、保管儲存、資安控管及風險稽查等等作業成本負擔,並能達到節能減碳的效果。For financial institutions, in addition to ensuring that information security thresholds are raised, the present invention can replace the cumbersome procedures of printing manual password letters for financial institutions, saving related manual operations, environmental facilities, printing machines, paper, and postal services. , Custody, storage, information security control and risk audit, etc., and can achieve the effect of energy saving and carbon reduction.
1‧‧‧用於幫助持卡人首次設定金融卡密碼之系統 1 ‧‧‧A system for helping cardholders to set a password for a financial card for the first time
10‧‧‧第一伺服器 10 ‧‧‧First server
12‧‧‧密碼設定模組 12 ‧‧‧ Password Setting Module
122‧‧‧儲存子模組 122 ‧‧‧Storage Submodule
20‧‧‧第二伺服器 20 ‧‧‧Second server
22‧‧‧金融卡管理模組 22 ‧‧‧Financial Card Management Module
30‧‧‧軟體產品 30 ‧‧‧Software Products
40‧‧‧認證裝置 40 ‧‧‧certified device
42‧‧‧顯示元件 42 ‧‧‧Display element
44‧‧‧輸入元件 44 ‧‧‧input components
46‧‧‧金融卡讀寫元件 46 ‧‧‧Financial Card Reader
70‧‧‧行動裝置 70 ‧‧‧ mobile device
S110~S410‧‧‧步驟流程 S110 ~ S410 ‧‧‧ step flow
圖 1係繪示本發明之一具體實施例之系統之方塊圖。 FIG. 1 is a block diagram of a system according to a specific embodiment of the present invention.
圖 2係繪示本發明之一具體實施例之方法之流程圖。 FIG. 2 is a flowchart illustrating a method according to a specific embodiment of the present invention.
無no
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW107145175A TWI679603B (en) | 2018-12-14 | 2018-12-14 | System for assisting a financial card holder in setting password for the first time and method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW107145175A TWI679603B (en) | 2018-12-14 | 2018-12-14 | System for assisting a financial card holder in setting password for the first time and method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TWI679603B true TWI679603B (en) | 2019-12-11 |
| TW202022761A TW202022761A (en) | 2020-06-16 |
Family
ID=69582600
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW107145175A TWI679603B (en) | 2018-12-14 | 2018-12-14 | System for assisting a financial card holder in setting password for the first time and method thereof |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWI679603B (en) |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090106561A1 (en) * | 2007-10-16 | 2009-04-23 | Buffalo Inc. | Data management apparatus and data management method |
| CN101859454A (en) * | 2007-11-02 | 2010-10-13 | 张焕民 | Double-password bank card and card reading terminal |
| CN106411523A (en) * | 2016-08-24 | 2017-02-15 | 中国银行股份有限公司 | Generation and check methods and devices for bank card passwords, and system |
| TW201804389A (en) * | 2016-07-29 | 2018-02-01 | 臺灣行動支付股份有限公司 | Password resetting system for electronic transaction and method thereof using a third party platform server and a rigorous verification process to increase the security of password resetting for preventing the virtual card from malicious use |
| TWM563015U (en) * | 2017-12-28 | 2018-07-01 | 兆豐國際商業銀行股份有限公司 | Identity verification system |
| TWM578432U (en) * | 2018-12-14 | 2019-05-21 | 台新國際商業銀行股份有限公司 | System for assisting a financial card holder in setting password for the first time |
-
2018
- 2018-12-14 TW TW107145175A patent/TWI679603B/en active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090106561A1 (en) * | 2007-10-16 | 2009-04-23 | Buffalo Inc. | Data management apparatus and data management method |
| CN101859454A (en) * | 2007-11-02 | 2010-10-13 | 张焕民 | Double-password bank card and card reading terminal |
| TW201804389A (en) * | 2016-07-29 | 2018-02-01 | 臺灣行動支付股份有限公司 | Password resetting system for electronic transaction and method thereof using a third party platform server and a rigorous verification process to increase the security of password resetting for preventing the virtual card from malicious use |
| CN106411523A (en) * | 2016-08-24 | 2017-02-15 | 中国银行股份有限公司 | Generation and check methods and devices for bank card passwords, and system |
| TWM563015U (en) * | 2017-12-28 | 2018-07-01 | 兆豐國際商業銀行股份有限公司 | Identity verification system |
| TWM578432U (en) * | 2018-12-14 | 2019-05-21 | 台新國際商業銀行股份有限公司 | System for assisting a financial card holder in setting password for the first time |
Also Published As
| Publication number | Publication date |
|---|---|
| TW202022761A (en) | 2020-06-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7412420B2 (en) | Systems and methods for enrolling a token in an online authentication program | |
| US10045210B2 (en) | Method, server and system for authentication of a person | |
| CN105027153A (en) | Methods, devices, and systems for secure provisioning, transmission, and authentication of payment data | |
| JP2000222362A (en) | Method and device for realizing multiple security check point | |
| JP2009527835A (en) | PIN service | |
| CN101340294A (en) | Cipher keyboard apparatus and implementing method thereof | |
| CN101335754B (en) | Method for information verification using remote server | |
| US20150220912A1 (en) | Systems and methods for enrolling a token in an online authentication program | |
| US20110055586A1 (en) | Secure PIN Character Retrieval and Setting Using PIN Offset Masking | |
| JP2021108088A (en) | Authentication request system and authentication request method | |
| JP5431804B2 (en) | Authentication system and authentication method | |
| US11604870B2 (en) | Systems and methods for authentication code entry using mobile electronic devices | |
| TWI679603B (en) | System for assisting a financial card holder in setting password for the first time and method thereof | |
| EP3276878A1 (en) | Method for the safe authentication of a request made to a remote provider and generated in a personal device with bifurcation of the transmission of an authentication means | |
| AU2009202963B2 (en) | Token for use in online electronic transactions | |
| TWM578432U (en) | System for assisting a financial card holder in setting password for the first time | |
| TWI677842B (en) | System for assisting a financial card holder in setting password for the first time and method thereof | |
| TWM578411U (en) | System for assisting a financial card holder in setting password for the first time | |
| TWM580720U (en) | System for assisting a network service user in setting password for the first time | |
| JP2003323599A (en) | Smart card and smart card system | |
| KR101619282B1 (en) | Cloud system for manging combined password and control method thereof | |
| CN109285004A (en) | Business confirmation method and system based on mobile network's terminal | |
| CN109284999A (en) | Business confirmation method and system based on mobile network's terminal | |
| EP3203428B1 (en) | Transaction processing system and process | |
| TWM606254U (en) | Internet banking system for cross-device authentication to carry out non-predesignated account transfer |