TWI789972B - Transaction verification system and method capable of suspending connection - Google Patents

Transaction verification system and method capable of suspending connection Download PDF

Info

Publication number
TWI789972B
TWI789972B TW110140904A TW110140904A TWI789972B TW I789972 B TWI789972 B TW I789972B TW 110140904 A TW110140904 A TW 110140904A TW 110140904 A TW110140904 A TW 110140904A TW I789972 B TWI789972 B TW I789972B
Authority
TW
Taiwan
Prior art keywords
verification
transaction
bank server
message
mobile device
Prior art date
Application number
TW110140904A
Other languages
Chinese (zh)
Other versions
TW202209228A (en
Inventor
楊嘉齡
Original Assignee
華南商業銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 華南商業銀行股份有限公司 filed Critical 華南商業銀行股份有限公司
Priority to TW110140904A priority Critical patent/TWI789972B/en
Publication of TW202209228A publication Critical patent/TW202209228A/en
Application granted granted Critical
Publication of TWI789972B publication Critical patent/TWI789972B/en

Links

Images

Abstract

A transaction verification system, comprises: a bank server and a mobile device. The bank server is configured to output a coded message when receiving a transaction request. A mobile device connecting to the bank server, the mobile device has a user interface to receive a transaction command. The mobile device outputs the transaction request to the bank server when receiving the transaction command. The mobile device receives the coded message and generates a verification message according to the coded message. The mobile device further inputs the verification message to a verification column of the user interface to output the verification message to the bank server through the user interface. The bank server further performs a verification procedure based on the received verification message. The bank server performs the transaction request when the verification message passes the verification procedure. The present disclosure further discloses a transaction verification method.

Description

可中斷連接之交易驗證系統及方法Transaction verification system and method with interruptible connection

本發明係關於一種可中斷連接之交易驗證系統及方法,特別係關於一種行動裝置及銀行伺服器可以彼此驗證合法性的可中斷連接之交易驗證系統及方法。The present invention relates to an interruptible connection transaction verification system and method, in particular to an interruptible connection transaction verification system and method in which a mobile device and a bank server can verify each other's legitimacy.

為了提供使用者便利及安全的網路交易機制,現行許多銀行機構都藉由簡訊傳送驗證密碼以進行驗證,讓使用者不須另外準備其他硬體設備,僅須透過與銀行約定之行動裝置門號,即可於提出交易或進行身份驗證請求時,及時獲取驗證密碼以完成交易或身份驗證。In order to provide users with a convenient and secure online transaction mechanism, many banking institutions currently send verification passwords through SMS for verification, so that users do not need to prepare other hardware devices, and only need to pass through the mobile device door agreed with the bank number, you can obtain the verification password in time to complete the transaction or identity verification when making a transaction or making an identity verification request.

然而,以簡訊傳送驗證密碼僅能供銀行伺服器判斷行動裝置的合法性,而行動裝置無法判斷銀行伺服器的合法性,且當訊息在傳送行動裝置與銀行伺服器之間傳送的過程中,若遭發動中間人攻擊(Man-in-the-middle attack,MITM),行動裝置及銀行伺服器更無法及時發現,增加了用戶於收到訊息時誤將驗證訊息輸入至釣魚網站的風險。However, the verification password sent by SMS can only be used by the bank server to judge the legitimacy of the mobile device, and the mobile device cannot judge the legitimacy of the bank server, and when the message is transmitted between the mobile device and the bank server, If a Man-in-the-middle attack (MITM) is launched, mobile devices and bank servers will not be able to detect it in time, which increases the risk of users mistakenly entering verification information into phishing websites when receiving messages.

鑒於上述,本發明提供一種以滿足上述需求的可中斷連接之交易驗證系統及方法。In view of the above, the present invention provides a transaction verification system and method that can interrupt the connection to meet the above requirements.

依據本發明一實施例的可中斷連接之交易驗證系統,包含:一銀行伺服器,用以於收到一交易請求時隨機產生及輸出一編碼訊息;以及一行動裝置,連接於該銀行伺服器,該行動裝置具有一使用者介面以接收一交易指令,並於收到該交易指令時輸出該交易請求至該銀行伺服器,該行動裝置接收該編碼訊息,並依據該編碼訊息產生一驗證訊息,該行動裝置更將該驗證訊息輸入至該使用者介面的一驗證欄位,以透過該使用者介面將該驗證訊息輸出至該銀行伺服器,其中該銀行伺服器於接收到該驗證訊息後更基於該驗證訊息執行一驗證程序,該銀行伺服器係於該驗證訊息通過該驗證程序時執行該交易請求,其中該編碼訊息包含關聯於該交易請求的一關鍵字以及一驗證代碼,該關鍵字包含一轉出帳戶、一交易金額及一交易類型,該行動裝置更判斷該關鍵字是否為該交易請求的一部份,該行動裝置係於判斷該關鍵字係該交易請求的一部份時將該驗證代碼解碼為一驗證字串,並以該驗證字串做為該驗證訊息,該行動裝置於判斷該關鍵字非該交易請求的一部份時,中斷該使用者介面與該銀行伺服器的連接。According to an embodiment of the present invention, the transaction verification system with interruptible connection includes: a bank server, which is used to randomly generate and output a coded message when receiving a transaction request; and a mobile device, connected to the bank server , the mobile device has a user interface to receive a transaction instruction, and output the transaction request to the bank server when receiving the transaction instruction, the mobile device receives the coded message, and generates a verification message according to the coded message , the mobile device further inputs the verification message into a verification field of the user interface, so as to output the verification message to the bank server through the user interface, wherein the bank server receives the verification message Further executing a verification procedure based on the verification message, the bank server executes the transaction request when the verification message passes the verification procedure, wherein the coded message includes a keyword associated with the transaction request and a verification code, the key The words include a transfer account, a transaction amount and a transaction type, and the mobile device further judges whether the keyword is a part of the transaction request, and the mobile device judges that the keyword is a part of the transaction request When decoding the verification code into a verification string, and using the verification string as the verification message, when the mobile device determines that the keyword is not part of the transaction request, it interrupts the user interface and the bank Server connection.

依據本發明一實施例的可中斷連接之交易驗證方法,包含:以一行動裝置的一使用者介面接收一交易指令;以該行動裝置於收到該交易指令時輸出一交易請求至一銀行伺服器;以該銀行伺服器於收到該交易請求時隨機產生及輸出一編碼訊息至該行動裝置;以該行動裝置依據該編碼訊息產生一驗證訊息;以該行動裝置將該驗證訊息輸入至該使用者介面的一驗證欄位,以透過該使用者介面將該驗證訊息輸出至該銀行伺服器;以該銀行伺服器基於該驗證訊息執行一驗證程序;以及當該驗證訊息通過該驗證程序時,以該銀行伺服器執行該交易請求,其中該編碼訊息包含關聯於該交易請求的一關鍵字以及一驗證代碼,該關鍵字包含一轉出帳戶、一交易金額及一交易類型,以該行動裝置依據該編碼訊息產生該驗證訊息係:以該行動裝置判斷該關鍵字是否為該交易請求的一部份;當該行動裝置判斷該關鍵字為該交易請求的一部份時,以該行動裝置將該驗證代碼解碼為一驗證字串,並以該驗證字串做為該驗證訊息;以及當該行動裝置判斷該關鍵字非該交易請求的一部份時,以該行動裝置中斷該使用者介面與該銀行伺服器的連接。According to an embodiment of the present invention, a transaction verification method that can interrupt connection includes: receiving a transaction instruction with a user interface of a mobile device; outputting a transaction request to a bank server when receiving the transaction instruction with the mobile device device; the bank server randomly generates and outputs a coded message to the mobile device when receiving the transaction request; the mobile device generates a verification message based on the coded message; and the mobile device inputs the verification message to the mobile device a verification field of the user interface, so as to output the verification message to the bank server through the user interface; execute a verification procedure based on the verification message with the bank server; and when the verification message passes the verification procedure , execute the transaction request with the bank server, wherein the encoded message includes a keyword associated with the transaction request and a verification code, the keyword includes a transfer-out account, a transaction amount and a transaction type, and the action The device generates the verification message based on the coded message: the mobile device determines whether the keyword is part of the transaction request; when the mobile device determines that the keyword is a part of the transaction request, the action The device decodes the verification code into a verification string, and uses the verification string as the verification message; and when the mobile device determines that the keyword is not part of the transaction request, the mobile device terminates the use The connection between the operator interface and the bank's server.

綜上所述,依據本發明一或多個實施例所示的可中斷連接之交易驗證系統及方法,可以讓行動裝置及銀行伺服器交互判斷彼此的合法性,以避免產生資安漏洞。此外,依據本發明一或多個實施例所示的交易驗證系統及方法,更可以讓行動裝置及銀行伺服器及時發現訊息傳輸的過程中是否遭到攔截或被發動中間人攻擊,並據以執行應對方案,且更可以避免用戶於收到訊息時誤將驗證訊息輸入至釣魚網站的風險。To sum up, according to the transaction verification system and method with interruptible connection shown in one or more embodiments of the present invention, the mobile device and the bank server can interactively determine each other's legitimacy, so as to avoid information security loopholes. In addition, according to the transaction verification system and method shown in one or more embodiments of the present invention, the mobile device and the bank server can find out in time whether the message is intercepted or attacked by a man-in-the-middle, and based on this Implement countermeasures, and avoid the risk of users mistakenly entering verification information into phishing websites when receiving messages.

以上之關於本揭露內容之說明及以下之實施方式之說明係用以示範與解釋本發明之精神與原理,並且提供本發明之專利申請範圍更進一步之解釋。The above description of the disclosure and the following description of the implementation are used to demonstrate and explain the spirit and principle of the present invention, and provide a further explanation of the patent application scope of the present invention.

以下在實施方式中詳細敘述本發明之詳細特徵以及優點,其內容足以使任何熟習相關技藝者了解本發明之技術內容並據以實施,且根據本說明書所揭露之內容、申請專利範圍及圖式,任何熟習相關技藝者可輕易地理解本發明相關之目的及優點。以下之實施例係進一步詳細說明本發明之觀點,但非以任何觀點限制本發明之範疇。The detailed features and advantages of the present invention are described in detail below in the implementation mode, and its content is enough to make any person familiar with the related art understand the technical content of the present invention and implement it accordingly, and according to the content disclosed in this specification, the scope of the patent application and the drawings , anyone skilled in the art can easily understand the purpose and advantages of the present invention. The following examples are to further describe the concept of the present invention in detail, but not to limit the scope of the present invention in any way.

請參考圖1,圖1係依據本發明一實施例所繪示的可中斷連接之交易驗證系統的方塊圖。本發明所示的可中斷連接之交易驗證系統較佳包含一行動裝置10以及一銀行伺服器20,且行動裝置10通訊連接於銀行伺服器20。Please refer to FIG. 1 . FIG. 1 is a block diagram of a transaction verification system that can interrupt connections according to an embodiment of the present invention. The transaction verification system with interruptible connection shown in the present invention preferably includes a mobile device 10 and a bank server 20 , and the mobile device 10 is connected to the bank server 20 in communication.

本發明所示的行動裝置10例如是手機、筆記型電腦、平板型電腦等;銀行伺服器20較佳係銀行內部的伺服器或是銀行內部其他具有運算能力及訊號傳輸能力的運算裝置等。此外,本發明所示的行動裝置10較佳可以用以呈現一使用者介面,且使用者介面係透過行動裝置10連接於銀行伺服器20,以將資料傳輸至銀行伺服器20,或是從銀行伺服器20接收資料。The mobile device 10 shown in the present invention is, for example, a mobile phone, a notebook computer, a tablet computer, etc.; the bank server 20 is preferably a server inside the bank or other computing devices with computing capability and signal transmission capability inside the bank. In addition, the mobile device 10 shown in the present invention can preferably be used to present a user interface, and the user interface is connected to the bank server 20 through the mobile device 10, so as to transmit data to the bank server 20, or from The bank server 20 receives the data.

為了更詳細說明本發明所揭示的可中斷連接之交易驗證系統及方法,請一併參考圖1及圖2,其中圖2係依據本發明一實施例所繪示的可中斷連接之交易驗證方法的流程圖。In order to explain in detail the transaction verification system and method with interruptible connection disclosed in the present invention, please refer to Fig. 1 and Fig. 2 together, wherein Fig. 2 is a transaction verification method with interruptible connection according to an embodiment of the present invention flow chart.

步驟S10:接收交易指令。Step S10: Receive a transaction instruction.

行動裝置10可以呈現如上述的使用者介面,以接收一交易指令。舉例而言,行動裝置10呈現的使用者介面可以具有一指令輸入欄位,以供使用者於該指令輸入欄位輸入交易指令,其中指令輸入欄位可以是一空白欄位,以供使用者自行輸入交易指令,指令輸入欄位亦可以是由一或多個指令鍵所組成,使用者即可點選其中一個指令健做為交易指令。The mobile device 10 can present the above-mentioned user interface to receive a transaction instruction. For example, the user interface presented by the mobile device 10 may have an order input field for the user to enter a transaction order in the order input field, wherein the order input field may be a blank field for the user to enter Enter the transaction order by yourself. The order input field can also be composed of one or more order keys, and the user can click one of the order keys as a transaction order.

步驟S20:輸出交易請求至銀行伺服器。Step S20: Output the transaction request to the bank server.

行動裝置10的使用者介面在接收到交易指令後,即將交易指令轉換為交易請求,並將交易請求輸出至銀行伺服器20。詳言之,因交易指令係由使用者輸入,故行動裝置10的使用者介面在接收到交易指令後,較佳係將交易指令轉換為對應的交易請求,並將交易請求輸出至銀行伺服器20。After receiving the transaction instruction, the user interface of the mobile device 10 converts the transaction instruction into a transaction request, and outputs the transaction request to the bank server 20 . In detail, since the transaction instruction is input by the user, after receiving the transaction instruction, the user interface of the mobile device 10 preferably converts the transaction instruction into a corresponding transaction request, and outputs the transaction request to the bank server 20.

舉例而言,行動裝置10經使用者介面接收的交易指令可以為「從本行A帳戶轉帳5000元至B帳戶」,在收到交易指令後,使用者介面即可將「從本行A帳戶轉帳5000元至B帳戶」轉換為對應的交易請求,且交易請求包含「A帳戶的帳號」、「B帳戶的帳號」以及「轉帳5000元」,並透過行動裝置10將交易請求輸出至銀行伺服器20。For example, the transaction instruction received by the mobile device 10 through the user interface can be "transfer 5,000 yuan from account A of the bank to account B of the bank". After receiving the transaction instruction, the user interface can transfer "transfer from account A of the bank "Transfer 5,000 yuan to account B" is converted into a corresponding transaction request, and the transaction request includes "account number of account A", "account number of account B" and "transfer 5,000 yuan", and the transaction request is output to the bank server through the mobile device 10 device 20.

步驟S30:輸出編碼訊息至行動裝置。Step S30: Output the coded message to the mobile device.

銀行伺服器20於收到交易請求後,即基於交易請求輸出對應的編碼訊息至行動裝置10。亦即,銀行伺服器20的記憶體可以預存有一對應表,且該對應表係記錄每一交易請求所對應的編碼訊息。此外,銀行伺服器20亦可以是於收到交易請求後,隨機產生編碼訊息,再將產生的編碼訊息及對應的交易請求儲存至記憶體以供日後存取。換言之,編碼訊息的內容可以是由英文字母、數字、中文字、符號等的其中之一或多個的組合而成的內容,本發明不對編碼訊息的內容予以限制。After receiving the transaction request, the bank server 20 outputs a corresponding coded message to the mobile device 10 based on the transaction request. That is, the memory of the bank server 20 may pre-store a corresponding table, and the corresponding table records the coded information corresponding to each transaction request. In addition, the bank server 20 may also randomly generate a coded message after receiving the transaction request, and then store the generated coded message and the corresponding transaction request in the memory for future access. In other words, the content of the coded message may be a combination of one or more of English letters, numbers, Chinese characters, symbols, etc., and the present invention does not limit the content of the coded message.

舉例而言,銀行伺服器20產生的編碼訊息例如係包含一驗證代碼的訊息,銀行伺服器20在將包含驗證代碼的編碼訊息輸出至行動裝置10的同時,更可以將驗證代碼、交易請求及行動裝置10的基本資料(例如,電話號碼、定位位置、用以進入使用者介面的帳號密碼等)等一併儲存至記憶體。銀行伺服器20產生包含驗證代碼的編碼訊息的實施樣態將於下圖3詳述。For example, the coded message generated by the bank server 20 is, for example, a message including a verification code. When the bank server 20 outputs the coded message including the verification code to the mobile device 10, it can also send the verification code, transaction request and The basic information of the mobile device 10 (for example, phone number, location, account password for entering the user interface, etc.) and the like are stored in the memory. The implementation of the bank server 20 generating the encoded message including the verification code will be described in detail in FIG. 3 below.

步驟S40:依據編碼訊息產生驗證訊息。Step S40: Generate a verification message according to the coded message.

行動裝置10於收到編碼訊息後,即可依據編碼訊息產生對應的驗證訊息。亦即,行動裝置10接收到的編碼訊息可以僅包含上述的驗證代碼,或是包含驗證代碼以及關於交易請求的文字敘述。當編碼訊息僅包含驗證代碼時,則驗證訊息可以即為所述的驗證代碼;當編碼訊息包含驗證代碼以及關於交易請求的文字敘述時,則驗證訊息可以包含驗證代碼以及關於交易請求的關鍵字等。步驟S40的細部流程請參照以下圖3的說明。After receiving the coded message, the mobile device 10 can generate a corresponding verification message according to the coded message. That is to say, the coded message received by the mobile device 10 may only include the above-mentioned verification code, or include the verification code and a text description about the transaction request. When the coded message only includes a verification code, the verification message can be the verification code; when the coded message includes a verification code and a text description about the transaction request, the verification message can include the verification code and keywords about the transaction request wait. Please refer to the description of FIG. 3 below for the detailed flow of step S40.

請先接續參考步驟S50:將驗證訊息輸入至使用者介面的驗證欄位。Please continue to refer to step S50: inputting the verification information into the verification field of the user interface.

行動裝置10將其產生的驗證訊息輸入至使用者介面的驗證欄位,以供使用者於確認驗證訊息已填入驗證欄位時,在使用者介面輸入確認指令(例如,確認鍵),當行動裝置10以使用者介面接收到確認指令時,便透過使用者介面將驗證訊息輸出至銀行伺服器20。The mobile device 10 inputs the verification message generated by it into the verification field of the user interface, so that when the user confirms that the verification message has been filled in the verification field, he can input a confirmation command (for example, a confirmation key) on the user interface. When the mobile device 10 receives the confirmation command through the user interface, it outputs the verification message to the bank server 20 through the user interface.

步驟S60:基於驗證訊息執行驗證程序。Step S60: Execute a verification procedure based on the verification message.

銀行伺服器20可以基於收到的驗證訊息執行驗證程序,以藉由驗證訊息判斷行動裝置10是否為通過驗證的裝置。此述的驗證程序將於以下圖4及圖5詳細說明。The bank server 20 can execute a verification program based on the received verification message, so as to determine whether the mobile device 10 is a verified device according to the verification message. The verification procedure described above will be described in detail in FIG. 4 and FIG. 5 below.

步驟S70:執行交易請求。Step S70: Execute the transaction request.

當銀行伺服器20判斷驗證訊息通過驗證程序時,表示行動裝置10為通過驗證的裝置。因此,銀行伺服器20於判斷證訊息通過驗證程序時,即可執行其收到的交易請求。亦即,以上述包含「A帳戶的帳號」、「B帳戶的帳號」以及「轉帳5000元」的交易請求為例,銀行伺服器20可以於判斷驗證訊息通過驗證程序時,執行轉帳程序,以將5000元的金額從A帳戶轉帳至B帳戶。When the bank server 20 determines that the verification message has passed the verification procedure, it indicates that the mobile device 10 is a device that has passed the verification. Therefore, when the bank server 20 judges that the certificate message has passed the verification procedure, it can execute the transaction request it receives. That is, taking the above-mentioned transaction request including "account number of account A", "account number of account B" and "transfer 5,000 yuan" as an example, the bank server 20 may execute the transfer procedure when judging that the verification message has passed the verification procedure, so as to Transfer the amount of 5,000 yuan from account A to account B.

據此,當使用者輸入交易指令時,銀行伺服器20可以係於確認行動裝置10為通過驗證的裝置時執行對應交易指令的交易請求,以避免在銀行伺服器20將驗證訊息輸出至行動裝置10的過程中,驗證訊息遭有心人士攔截,造成資安漏洞。Accordingly, when the user inputs a transaction instruction, the bank server 20 can execute the transaction request corresponding to the transaction instruction when confirming that the mobile device 10 is a verified device, so as to avoid outputting the verification message to the mobile device by the bank server 20 During the process of 10, the verification message was intercepted by someone with intentions, resulting in information security loopholes.

請一併參考圖1及圖3,其中圖3係繪示圖2所示的步驟S40的細部流程圖。在銀行伺服器20於步驟S20輸出編碼訊息至行動裝置10後,行動裝置10即可於步驟S40依據編碼訊息產生驗證訊息。Please refer to FIG. 1 and FIG. 3 together, wherein FIG. 3 is a detailed flow chart of step S40 shown in FIG. 2 . After the bank server 20 outputs the coded message to the mobile device 10 in step S20, the mobile device 10 can generate a verification message according to the coded message in step S40.

請先參考圖3的步驟S401:判斷關鍵字是否為交易請求的一部份。Please refer to step S401 in FIG. 3 : determine whether the keyword is part of the transaction request.

詳細而言,行動裝置10收到的編碼訊息可以包含關聯於交易請求的一關鍵字以及上述的驗證代碼。行動裝置10係於判斷編碼訊息中所含的關鍵字為交易請求的一部份時,判斷銀行伺服器20係收到正確的交易請求,故行動裝置10可以執行下述的步驟S403。Specifically, the coded message received by the mobile device 10 may include a keyword associated with the transaction request and the aforementioned verification code. When the mobile device 10 judges that the keyword contained in the encoded message is a part of the transaction request, it determines that the bank server 20 has received the correct transaction request, so the mobile device 10 can execute the following step S403.

以上述包含「A帳戶的帳號」、「B帳戶的帳號」以及「轉帳5000元」的交易請求為例,當行動裝置10收到的編碼訊息包含「轉帳」及/或「5000元」等的關鍵字時,行動裝置10即可判斷「A帳戶的帳號」、「B帳戶的帳號」以及「轉帳5000元」的交易請求是否包含「轉帳」及/或「5000元」等的關鍵字。需特別說明的是,此述的「轉帳」及/或「5000元」關鍵字僅為示例,關鍵字亦可以是「A帳戶的帳號」及/或「B帳戶的帳號」等,本發明不對關鍵字的類型予以限制。Taking the above-mentioned transaction request including "account number of account A", "account number of account B" and "transfer 5000 yuan" as an example, when the coded message received by mobile device 10 contains "transfer" and/or "5000 yuan" etc. keywords, the mobile device 10 can determine whether the transaction requests of "account number of account A", "account number of account B" and "transfer 5000 yuan" include keywords such as "transfer" and/or "5000 yuan". It should be noted that the keywords "transfer" and/or "5000 yuan" mentioned above are only examples, and the keywords can also be "account number of account A" and/or "account number of account B", etc. The type of keyword to be restricted.

當行動裝置10判斷交易請求不包含關鍵字時,則可以執行步驟S402:控制使用者介面中斷與銀行伺服器之間的連接。When the mobile device 10 determines that the transaction request does not contain a keyword, it may execute step S402: control the user interface to disconnect from the bank server.

亦即,行動裝置10可以控制使用者介面登出,以中斷與銀行伺服器20之間的連接。由於當行動裝置10判斷交易請求不包含關鍵字時,表示其於步驟S20輸出至銀行伺服器20的交易請求可能遭到攔截竄改,或是其於步驟S30從銀行伺服器20收到的編碼訊息遭到攔截竄改。因此,行動裝置10可以控制使用者介面中斷與銀行伺服器20之間的連接,以避免後續行動裝置10與銀行伺服器20之間的訊息/訊號傳遞再次遭到攔截竄改。That is, the mobile device 10 can control the user interface to log out, so as to terminate the connection with the bank server 20 . Because when the mobile device 10 judges that the transaction request does not contain keywords, it means that the transaction request output to the bank server 20 in step S20 may be intercepted and tampered with, or the encoded message received from the bank server 20 in step S30 Tampering was blocked. Therefore, the mobile device 10 can control the user interface to interrupt the connection with the bank server 20 to prevent subsequent messages/signal transmission between the mobile device 10 and the bank server 20 from being intercepted and tampered with again.

此外,行動裝置10亦可以於判斷交易請求不包含關鍵字時,再次由使用者介面呈現指令輸入欄位,以供使用者再次於使用者介面輸入交易指令。In addition, when the mobile device 10 determines that the transaction request does not contain keywords, the user interface may display an instruction input field again for the user to input the transaction instruction in the user interface again.

請繼續參考步驟S401,當行動裝置10判斷關鍵字為交易請求的一部份時,行動裝置10即可執行步驟S403:將驗證代碼解碼為驗證字串。Please continue to refer to step S401. When the mobile device 10 determines that the keyword is part of the transaction request, the mobile device 10 can execute step S403: decode the verification code into a verification string.

詳言之,銀行伺服器20產生的驗證代碼例如為一次性密碼(One Time Password,OTP),且每一則一次性密碼在一次的驗證結束後即會被刪除,銀行伺服器20於下一次驗證時再生成另一則一次性密碼,不僅可以節省銀行伺服器20的記憶體空間,更可以必免因重覆使用一次性密碼而造成資安漏洞的問題。In detail, the verification code generated by the bank server 20 is, for example, a one-time password (One Time Password, OTP), and each one-time password will be deleted after one verification is completed, and the bank server 20 will verify it in the next verification. Regenerating another one-time password from time to time not only saves the memory space of the bank server 20, but also avoids the problem of information security loopholes caused by repeated use of the one-time password.

舉例而言,一次性密碼形式的驗證代碼可以係銀行伺服器20隨機生成的驗證代碼,且驗證代碼可以係由英文字母、數字、符號等的一或多個組合而成,本發明不對驗證代碼的形式予以限制。For example, the verification code in the form of a one-time password can be a verification code randomly generated by the bank server 20, and the verification code can be composed of one or more combinations of English letters, numbers, symbols, etc. The present invention does not apply to the verification code form is restricted.

此外,行動裝置10可以係依據一預存解碼規則將驗證代碼解碼為驗證字串。舉例而言,預存解碼規則例如是「0」對應英文字母「A」;「1」對應英文字母「B」;「2」對應英文字母「C」;「25」對應英文字母「Z」等等以此類推。因此,當驗證代碼為「2.14.3.4」時,行動裝置10即可將驗證代碼解碼為「CODE」的驗證字串。又或者,當驗證代碼為「13.0.12.4」行動裝置10即可將驗證代碼解碼為「NAME」,並以「NAME」做為驗證字串,行動裝置10亦可依據「NAME」判斷銀行伺服器20係請求使用者的姓名做為驗證字串,故行動裝置10將驗證代碼解碼所產生的驗證字串例如為使用者的姓名「王小明」。In addition, the mobile device 10 can decode the verification code into a verification string according to a pre-stored decoding rule. For example, the pre-stored decoding rules such as "0" corresponds to the English letter "A"; "1" corresponds to the English letter "B"; "2" corresponds to the English letter "C"; "25" corresponds to the English letter "Z" and so on and so on. Therefore, when the verification code is "2.14.3.4", the mobile device 10 can decode the verification code into a verification string of "CODE". Or, when the verification code is "13.0.12.4", the mobile device 10 can decode the verification code into "NAME", and use "NAME" as the verification string, and the mobile device 10 can also judge the bank server based on "NAME". 20 is to request the user's name as a verification string, so the mobile device 10 decodes the verification code to generate a verification string, for example, the user's name "Wang Xiaoming".

前述的預存解碼規則僅為示例,數字對應英文字母亦可以是「25」對應英文字母「A」;「24」對應英文字母「B」;「23」對應英文字母「C」;「0」對應英文字母「Z」等等以此類推,或是將驗證代碼以英文字母呈現,並將驗證字串以數字呈現。The aforementioned pre-stored decoding rules are just examples. Numbers can also correspond to English letters. "25" corresponds to the English letter "A"; "24" corresponds to the English letter "B"; "23" corresponds to the English letter "C"; "0" corresponds to The English letter "Z" and so on, or the verification code is presented in English letters, and the verification string is presented in numbers.

行動裝置10在產生驗證字串後,執行步驟S405:以驗證字串做為驗證訊息。After generating the verification string, the mobile device 10 executes step S405: using the verification string as a verification message.

以上述的驗證字串為例,行動裝置10即可將「CODE」、「王小明」等的驗證字串做為驗證訊息,或是當行動裝置10判斷驗證代碼係來自銀行伺服器20時,直接將「2.14.3.4」的驗證代碼做為驗證訊息。Taking the above verification string as an example, the mobile device 10 can use the verification strings such as "CODE" and "Wang Xiaoming" as the verification message, or when the mobile device 10 judges that the verification code is from the bank server 20, it can directly Use the verification code of "2.14.3.4" as the verification message.

據此,行動裝置10即可於步驟S50將驗證訊息輸入至使用者介面的驗證欄位,以將驗證訊息輸出至銀行伺服器20。Accordingly, the mobile device 10 can input the verification information into the verification field of the user interface in step S50 , so as to output the verification information to the bank server 20 .

請一併參考圖1及圖4,圖4係依據本發明一實施例所繪示的驗證程序的流程圖。Please refer to FIG. 1 and FIG. 4 together. FIG. 4 is a flowchart of a verification procedure according to an embodiment of the present invention.

在銀行伺服器20收到來自行動裝置10的驗證訊息後(步驟S50),銀行伺服器20即可基於驗證訊息執行驗證程序。After the bank server 20 receives the verification message from the mobile device 10 (step S50 ), the bank server 20 can execute the verification procedure based on the verification message.

步驟S601a:判斷驗證字串是否對應於驗證代碼。Step S601a: Determine whether the verification character string corresponds to the verification code.

以上述的驗證字串為例,銀行伺服器20可以判斷驗證字串「CODE」是否對應於驗證代碼「2.14.3.4」;驗證字串「NAME」是否對應於驗證代碼「13.0.12.4」;驗證字串「王小明」是否對應於驗證代碼「13.0.12.4」等,以判斷驗證字串是否對應於驗證代碼。Taking the above verification string as an example, the bank server 20 can determine whether the verification string "CODE" corresponds to the verification code "2.14.3.4"; whether the verification string "NAME" corresponds to the verification code "13.0.12.4"; Whether the string "Wang Xiaoming" corresponds to the verification code "13.0.12.4", etc., to determine whether the verification string corresponds to the verification code.

當銀行伺服器20判斷驗證字串不對應於驗證代碼時,銀行伺服器20執行步驟S602a:產生關聯於行動裝置的異常記錄。When the bank server 20 determines that the verification string does not correspond to the verification code, the bank server 20 executes step S602a: generating an exception record associated with the mobile device.

亦即,當銀行伺服器20判斷驗證字串不對應於驗證代碼時,表示銀行伺服器20在輸出編碼訊息至行動裝置10的過程,及/或行動裝置10在輸出驗證訊息至銀行伺服器20的過程中,訊息可能遭到中間人攻擊(Man-in-the-middle attack,MITM),例如係訊息在傳輸的過程中遭攔截,或是訊息在傳輸的過程中遭到竄改。因此,銀行伺服器20即可產生關聯於行動裝置10的異常記錄,並將異常記錄儲存至銀行資料庫,且異常記錄例如包含從行動裝置10收到驗證訊息的時間、從行動裝置10得到用以接收交易請求的帳號密碼等。此外,銀行伺服器20亦可以在判斷驗證字串不對應於驗證代碼時,中斷銀行伺服器20與行動裝置10之間的連線。That is, when the bank server 20 judges that the verification string does not correspond to the verification code, it means that the bank server 20 is in the process of outputting a coded message to the mobile device 10, and/or the mobile device 10 is outputting a verification message to the bank server 20 During the process, the message may be attacked by Man-in-the-middle attack (MITM), for example, the message is intercepted during transmission, or the message is tampered with during transmission. Therefore, the bank server 20 can generate an abnormal record associated with the mobile device 10, and store the abnormal record in the bank database, and the abnormal record includes, for example, the time when the verification message is received from the mobile device 10, and the user information obtained from the mobile device 10. To receive the account password of the transaction request, etc. In addition, the bank server 20 may also interrupt the connection between the bank server 20 and the mobile device 10 when judging that the verification string does not correspond to the verification code.

在銀行伺服器20執行步驟S601a之前,銀行伺服器20更可以先判斷是否在一預設時間內收到驗證訊息,其中預設時間例如為5分鐘等,然本發明不對預設時間的實際長度予以限制。當銀行伺服器20判斷未在預設時間內收到驗證訊息時,則執行步驟S602a,或中斷銀行伺服器20與行動裝置10之間的連線,以避免訊息再度遭到攔截;並且當銀行伺服器20判斷係在預設時間內收到驗證訊息時,則進一步執行步驟S601a判斷驗證字串是否對應於驗證代碼。Before the bank server 20 executes step S601a, the bank server 20 can further judge whether the verification message is received within a preset time, wherein the preset time is, for example, 5 minutes, etc., but the present invention does not determine the actual length of the preset time be restricted. When the bank server 20 judges that the verification message has not been received within the preset time, then execute step S602a, or interrupt the connection between the bank server 20 and the mobile device 10, so as to avoid the message being intercepted again; and when the bank When the server 20 determines that the verification message is received within the preset time, it further executes step S601a to determine whether the verification string corresponds to the verification code.

請再回到步驟S601a,當銀行伺服器20判斷驗證字串對應於驗證代碼時,銀行伺服器20即可執行步驟S603a:判斷驗證訊息通過驗證程序。亦即,當銀行伺服器20判斷驗證字串對應於驗證代碼時,表示銀行伺服器20判斷行動裝置10係為認證裝置,且來自行動裝置10的交易請求係為可執行的交易請求,故銀行伺服器20可以執行如圖2所示的步驟S70:執行交易請求。Please return to step S601a. When the bank server 20 determines that the verification string corresponds to the verification code, the bank server 20 can execute step S603a: determine that the verification message has passed the verification procedure. That is, when the bank server 20 judges that the verification string corresponds to the verification code, it means that the bank server 20 judges that the mobile device 10 is an authentication device, and the transaction request from the mobile device 10 is an executable transaction request, so the bank The server 20 can execute step S70 as shown in FIG. 2: execute the transaction request.

請一併參考圖1及圖5,圖5係依據本發明另一實施例所繪示的驗證程序的流程圖。Please refer to FIG. 1 and FIG. 5 together. FIG. 5 is a flowchart of a verification procedure according to another embodiment of the present invention.

步驟S601b:判斷驗證訊息是否符合編碼訊息,且交易金額是否未達異常金額。Step S601b: Determine whether the verification message matches the coded message, and whether the transaction amount has not reached the abnormal amount.

銀行伺服器20判斷驗證訊息是否符合編碼訊息可以是相同於上述圖4步驟S601a的判斷方式,且當銀行伺服器20判斷驗證訊息不符合編碼訊息時,則銀行伺服器20可以執行步驟S602b:產生關聯於行動裝置的異常記錄,其中此述的異常記錄可以係相同於圖4步驟S602a的異常記錄,故關於驗證訊息的判斷方式及判斷為「否」時所執行的步驟S602a不再於此贅述。Whether the bank server 20 judges whether the verification message conforms to the coded message can be the same as the judging method of the above-mentioned step S601a in FIG. The exception record associated with the mobile device, wherein the above-mentioned exception record can be the same as the exception record of step S602a in FIG. .

而所述的異常金額係一常態交易金額加上一異常額度。常態交易金額例如是由使用者平常執行該項交易時的金額所構成的範圍,而異常額度例如是常態交易金額的範圍上限值的50%,然本發明不對異常額度的設定予以限制。The abnormal amount is a normal transaction amount plus an abnormal amount. The normal transaction amount is, for example, the range formed by the amount when the user usually executes the transaction, and the abnormal amount is, for example, 50% of the upper limit of the normal transaction amount range, but the present invention does not limit the setting of the abnormal amount.

舉例而言,使用者通常輸入轉帳指令時係要求從本行A帳戶轉帳3000元至B帳戶,而異常額度例如為1500元時,異常金額即為4500元,則當交易指令例如為「從本行A帳戶轉帳5000元至B帳戶」時,銀行伺服器20可以判斷5000元的交易金額是否超過4500元的異常金額。For example, when a user usually inputs a transfer instruction, he requests to transfer 3,000 yuan from account A of the bank to account B, and when the abnormal amount is, for example, 1,500 yuan, the abnormal amount is 4,500 yuan. When bank A transfers 5,000 yuan to account B", the bank server 20 can determine whether the transaction amount of 5,000 yuan exceeds the abnormal amount of 4,500 yuan.

當銀行伺服器20判斷交易金額達異常金額時,則銀行伺服器20可以執行步驟S602b:產生關聯於行動裝置的異常記錄。且此述的異常記錄可以更包含此次交易的記錄,例如是交易金額、從行動裝置10收到交易請求的時間等。據此,若銀行伺服器20收到的交易請求是有心人士盜用所提出的交易請求時,銀行伺服器20可以將異常記錄留存以供日後存取,銀行伺服器20亦可以將異常記錄輸出至銀行的終端裝置以通知銀行行員,或是將異常記錄輸出至檢調單位以通知供查閱。When the bank server 20 determines that the transaction amount reaches an abnormal amount, the bank server 20 may execute step S602b: generate an abnormal record associated with the mobile device. And the abnormal record mentioned above may further include the record of this transaction, such as the transaction amount, the time when the transaction request is received from the mobile device 10 , and so on. Accordingly, if the transaction request received by the bank server 20 is a proposed transaction request stolen by a malicious person, the bank server 20 can save the abnormal record for future access, and the bank server 20 can also output the abnormal record to The bank's terminal device can notify the bank clerk, or output the abnormal record to the inspection unit for notification.

請繼續參考步驟S601b,當銀行伺服器20判斷驗證訊息符合編碼訊息,且交易金額未達異常金額時,則銀行伺服器20執行步驟S603b:判斷驗證訊息及交易金額通過驗證程序。Please continue to refer to step S601b. When the bank server 20 judges that the verification message matches the encoded message and the transaction amount does not reach the abnormal amount, the bank server 20 executes step S603b: judging that the verification message and the transaction amount pass the verification procedure.

亦即,當驗證訊息符合編碼訊息,且交易金額未達異常金額時,表示銀行伺服器20判斷其收到的交易請求是可執行的交易請求,故銀行伺服器20可以執行如圖2所示的步驟S70。That is, when the verification message matches the encoded message, and the transaction amount does not reach the abnormal amount, it means that the bank server 20 judges that the transaction request it receives is an executable transaction request, so the bank server 20 can perform the transaction as shown in Figure 2. Step S70.

綜上所述,依據本發明一或多個實施例所示的可中斷連接之交易驗證系統及方法,可以讓行動裝置及銀行伺服器交互判斷彼此的合法性,以避免產生資安漏洞。此外,依據本發明一或多個實施例所示的可中斷連接之交易驗證系統及方法,更可以讓行動裝置及銀行伺服器及時發現訊息傳輸的過程中是否遭到攔截或被發動中間人攻擊,並據以執行應對方案,且更可以避免用戶於收到訊息時誤將驗證訊息輸入至釣魚網站的風險。To sum up, according to the transaction verification system and method with interruptible connection shown in one or more embodiments of the present invention, the mobile device and the bank server can interactively determine each other's legitimacy, so as to avoid information security loopholes. In addition, according to the transaction verification system and method that can interrupt the connection shown in one or more embodiments of the present invention, it is also possible for the mobile device and the bank server to discover in time whether the message is being intercepted or attacked by a man-in-the-middle , and implement the countermeasure accordingly, and can avoid the risk of the user mistakenly inputting the verification information into the phishing website when receiving the message.

雖然本發明以前述之實施例揭露如上,然其並非用以限定本發明。在不脫離本發明之精神和範圍內,所為之更動與潤飾,均屬本發明之專利保護範圍。關於本發明所界定之保護範圍請參考所附之申請專利範圍。Although the present invention is disclosed by the aforementioned embodiments, they are not intended to limit the present invention. Without departing from the spirit and scope of the present invention, all changes and modifications are within the scope of patent protection of the present invention. For the scope of protection defined by the present invention, please refer to the appended scope of patent application.

10:行動裝置 20:銀行伺服器10:Mobile device 20: Bank server

圖1係依據本發明一實施例所繪示的可中斷連接之交易驗證系統的方塊圖。 圖2係依據本發明一實施例所繪示的可中斷連接之交易驗證方法的流程圖。 圖3係繪示圖2所示的步驟S40的細部流程圖。 圖4係依據本發明一實施例所繪示的驗證程序的流程圖。 圖5係依據本發明另一實施例所繪示的驗證程序的流程圖。FIG. 1 is a block diagram of a transaction verification system that can interrupt connections according to an embodiment of the present invention. FIG. 2 is a flowchart of a transaction verification method that can interrupt a connection according to an embodiment of the present invention. FIG. 3 is a detailed flowchart of step S40 shown in FIG. 2 . FIG. 4 is a flowchart of a verification procedure according to an embodiment of the present invention. FIG. 5 is a flowchart of a verification procedure according to another embodiment of the present invention.

10:行動裝置 10:Mobile device

20:銀行伺服器 20: Bank server

Claims (8)

一種可中斷連接之交易驗證系統,包含:一銀行伺服器,用以於收到一交易請求時隨機產生及輸出一編碼訊息;以及一行動裝置,連接於該銀行伺服器,該行動裝置具有一使用者介面以接收一交易指令,並於收到該交易指令時輸出該交易請求至該銀行伺服器,該行動裝置接收該編碼訊息,並依據該編碼訊息產生一驗證訊息,該行動裝置更將該驗證訊息輸入至該使用者介面的一驗證欄位,以透過該使用者介面將該驗證訊息輸出至該銀行伺服器,其中該銀行伺服器於接收到該驗證訊息後更基於該驗證訊息執行一驗證程序,該銀行伺服器係於該驗證訊息通過該驗證程序時執行該交易請求,其中該編碼訊息包含關聯於該交易請求的一關鍵字以及一驗證代碼,該關鍵字包含一轉出帳戶、一交易金額及一交易類型,該行動裝置更判斷該關鍵字是否為該交易請求的一部份,該行動裝置係於判斷該關鍵字係該交易請求的一部份時將該驗證代碼解碼為一驗證字串,並以該驗證字串做為該驗證訊息,該行動裝置於判斷該關鍵字非該交易請求的一部份時,中斷該使用者介面與該銀行伺服器的連接。A transaction verification system with interruptible connection, comprising: a bank server, used to randomly generate and output a coded message when receiving a transaction request; and a mobile device, connected to the bank server, the mobile device has a The user interface is used to receive a transaction instruction, and output the transaction request to the bank server when receiving the transaction instruction, the mobile device receives the coded message, and generates a verification message according to the coded message, and the mobile device will further The verification message is input into a verification field of the user interface, so as to output the verification message to the bank server through the user interface, wherein the bank server further executes based on the verification message after receiving the verification message a verification procedure, the bank server executes the transaction request when the verification message passes the verification procedure, wherein the coded message includes a keyword associated with the transaction request and a verification code, the keyword includes a transfer-out account , a transaction amount and a transaction type, the mobile device further determines whether the keyword is a part of the transaction request, and the mobile device decodes the verification code when judging that the keyword is a part of the transaction request is a verification string, and using the verification string as the verification message, when the mobile device determines that the keyword is not a part of the transaction request, it terminates the connection between the user interface and the bank server. 如請求項1所述的可中斷連接之交易驗證系統,其中該交易請求包含一交易金額,該銀行伺服器執行該驗證程序包含:該銀行伺服器判斷該驗證訊息是否符合該編碼訊息,且該交易金額是否未達一異常金額,該銀行伺服器係於判斷該驗證訊息符合該編碼訊息,且該交易金額未達該異常金額時判斷該驗證訊息通過該驗證程序,其中該異常金額係一常態交易金額加上一異常額度。The transaction verification system with interruptible connection as described in claim item 1, wherein the transaction request includes a transaction amount, and the bank server executes the verification procedure including: the bank server judges whether the verification message conforms to the coded message, and the Whether the transaction amount does not reach an abnormal amount, the bank server judges that the verification message has passed the verification program when it judges that the verification message matches the coded message and the transaction amount does not reach the abnormal amount, wherein the abnormal amount is a normal The transaction amount plus an abnormal amount. 如請求項2所述的可中斷連接之交易驗證系統,其中該銀行伺服器執行該驗證程序更包含:當該銀行伺服器判斷該交易金額達該異常金額時,該銀行伺服器產生關聯於該交易金額的一異常記錄,並將該異常記錄儲存於一銀行資料庫。The transaction verification system that can interrupt the connection as described in claim 2, wherein the bank server executes the verification program further includes: when the bank server judges that the transaction amount reaches the abnormal amount, the bank server generates an association with the An abnormal record of the transaction amount is stored in a bank database. 如請求項1所述的可中斷連接之交易驗證系統,其中該銀行伺服器執行該驗證程序包含:該銀行伺服器判斷該驗證字串是否對應於該驗證代碼,該銀行伺服係於判斷該驗證字串對應於該驗證代碼時,判斷該驗證訊息通過該驗證程序。The transaction verification system that can interrupt the connection as described in claim 1, wherein the bank server executes the verification program includes: the bank server judges whether the verification character string corresponds to the verification code, and the bank server determines whether the verification When the character string corresponds to the verification code, it is judged that the verification message passes the verification procedure. 一種可中斷連接之交易驗證方法,包含:以一行動裝置的一使用者介面接收一交易指令;以該行動裝置於收到該交易指令時輸出一交易請求至一銀行伺服器;以該銀行伺服器於收到該交易請求時隨機產生及輸出一編碼訊息至該行動裝置;以該行動裝置依據該編碼訊息產生一驗證訊息;以該行動裝置將該驗證訊息輸入至該使用者介面的一驗證欄位,以透過該使用者介面將該驗證訊息輸出至該銀行伺服器;以該銀行伺服器基於該驗證訊息執行一驗證程序;以及當該驗證訊息通過該驗證程序時,以該銀行伺服器執行該交易請求,其中該編碼訊息包含關聯於該交易請求的一關鍵字以及一驗證代碼,該關鍵字包含一轉出帳戶、一交易金額及一交易類型,以該行動裝置依據該編碼訊息產生該驗證訊息係:以該行動裝置判斷該關鍵字是否為該交易請求的一部份;當該行動裝置判斷該關鍵字為該交易請求的一部份時,以該行動裝置將該驗證代碼解碼為一驗證字串,並以該驗證字串做為該驗證訊息;以及當該行動裝置判斷該關鍵字非該交易請求的一部份時,以該行動裝置中斷該使用者介面與該銀行伺服器的連接。A transaction verification method capable of interrupting connection, comprising: receiving a transaction instruction with a user interface of a mobile device; outputting a transaction request to a bank server when the mobile device receives the transaction instruction; using the bank server When receiving the transaction request, the device randomly generates and outputs a coded message to the mobile device; generates a verification message based on the coded message with the mobile device; inputs the verification message into the user interface for verification with the mobile device field, so as to output the verification message to the bank server through the user interface; use the bank server to execute a verification process based on the verification message; and when the verification message passes the verification process, use the bank server Execute the transaction request, wherein the coded message includes a keyword associated with the transaction request and a verification code, the keyword includes a transfer-out account, a transaction amount and a transaction type, generated by the mobile device according to the coded message The verification message is: use the mobile device to determine whether the keyword is a part of the transaction request; when the mobile device determines that the keyword is a part of the transaction request, use the mobile device to decode the verification code is a verification string, and uses the verification string as the verification message; and when the mobile device determines that the keyword is not part of the transaction request, the mobile device interrupts the user interface and the bank server device connection. 如請求項5所述的可中斷連接之交易驗證方法,其中該交易請求包含一交易金額,以該銀行伺服器執行該驗證程序包含:以該銀行伺服器判斷該驗證訊息是否符合該編碼訊息,且該交易金額是否未達一異常金額,其中該異常金額係一常態交易金額加上一異常額度;以及當以該銀行伺服器判斷該驗證訊息符合該編碼訊息,且時該交易金額未達該異常金額時,以該銀行伺服器判斷該交易請求通過該驗證程序。The transaction verification method with interruptible connection as described in claim item 5, wherein the transaction request includes a transaction amount, and executing the verification procedure with the bank server includes: judging whether the verification message matches the coded message with the bank server, And whether the transaction amount has not reached an abnormal amount, wherein the abnormal amount is a normal transaction amount plus an abnormal amount; When the amount is abnormal, the bank server judges that the transaction request passes the verification procedure. 如請求項6所述的可中斷連接之交易驗證方法,其中以該銀行伺服器執行該驗證程序更包含:當該交易金額達該異常金額時,以該銀行伺服器產生關聯於該交易金額的一異常記錄,並將該異常記錄儲存於一銀行資料庫。The connection-interruptible transaction verification method as described in Claim 6, wherein executing the verification program with the bank server further includes: when the transaction amount reaches the abnormal amount, use the bank server to generate an error message associated with the transaction amount an exception record, and store the exception record in a bank database. 如請求項5所述的可中斷連接之交易驗證方法,其中以該銀行伺服器執行該驗證程序包含:以該銀行伺服器判斷該驗證字串是否對應於該驗證代碼;以及當以該銀行伺服器判斷該驗證字串對應於該驗證代碼,且該驗證訊息符合該編碼訊息時,以該銀行伺服器判斷該交易請求通過該驗證程序。The transaction verification method with interruptible connection as described in claim 5, wherein executing the verification program with the bank server includes: judging whether the verification string corresponds to the verification code with the bank server; and when using the bank server When the server judges that the verification character string corresponds to the verification code, and the verification message matches the coded message, the bank server judges that the transaction request passes the verification procedure.
TW110140904A 2020-05-15 2020-05-15 Transaction verification system and method capable of suspending connection TWI789972B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW110140904A TWI789972B (en) 2020-05-15 2020-05-15 Transaction verification system and method capable of suspending connection

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110140904A TWI789972B (en) 2020-05-15 2020-05-15 Transaction verification system and method capable of suspending connection

Publications (2)

Publication Number Publication Date
TW202209228A TW202209228A (en) 2022-03-01
TWI789972B true TWI789972B (en) 2023-01-11

Family

ID=81747145

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110140904A TWI789972B (en) 2020-05-15 2020-05-15 Transaction verification system and method capable of suspending connection

Country Status (1)

Country Link
TW (1) TWI789972B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103765861A (en) * 2011-06-27 2014-04-30 亚马逊技术股份有限公司 Payment selection and authorization by a mobile device
WO2015101273A1 (en) * 2013-12-30 2015-07-09 腾讯科技(深圳)有限公司 Security verification method, and related device and system
US20150254662A1 (en) * 2014-03-05 2015-09-10 Mastercard International Incorporated Verifying transaction context data at wallet service provider
CN107851254A (en) * 2015-07-20 2018-03-27 维萨国际服务协会 At utmost reduce the seamless transaction of user's input
TW201812666A (en) * 2016-09-26 2018-04-01 李謙牧 Commercial communication method and integrated platform thereof using real experience of members to facilitate commercial exchanges
TWI633507B (en) * 2017-06-13 2018-08-21 財金資訊股份有限公司 System for mobile payment, payment method thereof, computer program product
CN109949111A (en) * 2019-03-06 2019-06-28 深圳市智税链科技有限公司 Electronic bill mark distributing method, electronic bill generation method, apparatus and system

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103765861A (en) * 2011-06-27 2014-04-30 亚马逊技术股份有限公司 Payment selection and authorization by a mobile device
WO2015101273A1 (en) * 2013-12-30 2015-07-09 腾讯科技(深圳)有限公司 Security verification method, and related device and system
US20150254662A1 (en) * 2014-03-05 2015-09-10 Mastercard International Incorporated Verifying transaction context data at wallet service provider
CN107851254A (en) * 2015-07-20 2018-03-27 维萨国际服务协会 At utmost reduce the seamless transaction of user's input
TW201812666A (en) * 2016-09-26 2018-04-01 李謙牧 Commercial communication method and integrated platform thereof using real experience of members to facilitate commercial exchanges
TWI633507B (en) * 2017-06-13 2018-08-21 財金資訊股份有限公司 System for mobile payment, payment method thereof, computer program product
CN109949111A (en) * 2019-03-06 2019-06-28 深圳市智税链科技有限公司 Electronic bill mark distributing method, electronic bill generation method, apparatus and system

Also Published As

Publication number Publication date
TW202209228A (en) 2022-03-01

Similar Documents

Publication Publication Date Title
US10187211B2 (en) Verification of password using a keyboard with a secure password entry mode
EP1946514B1 (en) System and method for conducting secure transactions
TWI522836B (en) Network authentication method and system for secure electronic transaction
CN109922035B (en) Password resetting method, request terminal and verification terminal
JP6804696B1 (en) User selection key authentication
JP6034995B2 (en) Method and system for authenticating services
US20190377863A1 (en) Password input method, computer device and storage medium
CN111783049A (en) User information processing method and system based on block chain
JP6378870B2 (en) Authentication system, authentication method, and authentication program
TWM602250U (en) Transaction certification system
TWI789972B (en) Transaction verification system and method capable of suspending connection
KR101537564B1 (en) Biometrics used relay authorization system and its method
TWI789971B (en) Transaction verification system and method for cross validation
JP5317795B2 (en) Authentication system and authentication method
WO2019114784A1 (en) Method for resetting password, request terminal and check terminal
TWI747287B (en) Transaction verification system and method
KR101308152B1 (en) Registration method for mobile otp device by smart device
KR20150133938A (en) One click log-in method using anonymous ID and system thereof
TWM599939U (en) System for identity verification
KR20150104667A (en) Authentication method
KR102281580B1 (en) Authentication system and method of performing authentication in authentication system
TWI755693B (en) Method for identity verification and system using the same
CN114697956B (en) Secure communication method and device based on double links
TWM605340U (en) Identity Verification System
TWI450125B (en) A password generating method for indicating whether a service system has been logged in via the password by a third party, and a method for locking and unlocking service system, and an apparatus using the methods