TWM520168U - System generating multiple factor pledge - Google Patents

System generating multiple factor pledge Download PDF

Info

Publication number
TWM520168U
TWM520168U TW105201077U TW105201077U TWM520168U TW M520168 U TWM520168 U TW M520168U TW 105201077 U TW105201077 U TW 105201077U TW 105201077 U TW105201077 U TW 105201077U TW M520168 U TWM520168 U TW M520168U
Authority
TW
Taiwan
Prior art keywords
factor
token
client
real
generating
Prior art date
Application number
TW105201077U
Other languages
Chinese (zh)
Inventor
Hung-Yi Tu
Tzu-Ching Lien
Original Assignee
Taiwan Ca Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Taiwan Ca Inc filed Critical Taiwan Ca Inc
Priority to TW105201077U priority Critical patent/TWM520168U/en
Publication of TWM520168U publication Critical patent/TWM520168U/en

Links

Description

產生多因子信物之系統System for generating multi-factor tokens

一種產生多因子信物之系統,特別係指一種依據數位憑證與驗證資料產生多因子信物之系統。A system for generating multi-factor tokens, and more particularly to a system for generating multi-factor tokens based on digital credentials and verification data.

隨著網路的普及與相關應用的迅速發展,使得傳統商業行為的一部份逐漸轉向於線上進行,而由於線上交易所具備的便利性讓人們在不需出門的情況下即可在網路上尋得所需之商品並進行交易,所以線上交易的數量在近年來呈倍數快速成長。然而,線上交易是透過網路遠端進行,在交易款項的給付上必須仰賴特定的貨幣種類,例如:信用卡、金融卡等機制,而該等機制於交易過程中必須透過網路傳送的交易資料包括有使用者資料及貨款資料,因此,線上交易比起傳統的商業行為更需要有一套安全性佳的認證方法以保護使用者資料。其它相關應用諸如:網路銀行、證券期貨下單、自然人資料查詢等也同樣需要安全認證方法來保護使用者資料。With the popularity of the Internet and the rapid development of related applications, part of the traditional business behavior is gradually turned to online, and the convenience of online transactions allows people to go online without going out. The number of online transactions has grown exponentially in recent years by finding the goods they need and trading them. However, online transactions are conducted remotely through the Internet. Payments must be based on specific currency types, such as credit cards, financial cards, etc., and such transactions must be transmitted over the network during the transaction. Including user data and payment information, online transactions require a safer authentication method to protect user data than traditional business practices. Other related applications such as online banking, securities futures orders, and natural person data queries also require secure authentication methods to protect user data.

目前市面上常見的安全認證方法可分為兩類,第一類為使用固定密碼,使用者在電腦上輸入使用者名稱與固定密碼,此方法的問題是透過網際網路傳送資料時,容易被網路駭客側錄或監聽,造成資料外洩,所以安全性不足;第二類為使用動態密碼(One Time Password,OTP),根據不同交易或同一交易中的不同事件隨機產生不同的密碼,由於一個密碼只使用一次,所以可以防堵密碼被盜取的問題,而此方法又可依其所搭配之軟硬體主要分為三種型式,第一種為使用可產生動態密碼的硬體,例如動態密碼產生器,來隨機產生該次交易的動態密碼,然而,此種型式採購與建置成本較高且使用者需額外保管硬體並隨身攜帶,使用上並不方便;第二種為使用簡訊搭配手機,此種型式是由服務端產生動態密碼後,透過簡訊將動態密碼發送到使用者的手機上,由於手機隨身攜帶,因此解決了第一種型式不易攜帶的問題,然而,簡訊的保密安全性不高,且當使用者識別模組(Subscriber Identity Module, SIM)卡遭冒用時,他人同樣可以接收動態密碼並假冒該使用者進行交易;第三種為使用PUSH訊息搭配智慧型手機,此種型式是由服務端產生動態密碼後,透過PUSH訊息將動態密碼發送到使用者的智慧型手機上,同樣解決了第一種型式不易攜帶的問題,且PUSH訊息只會被傳送到經過認證的智慧型手機上,也解決了使用者識別模組卡被冒用的問題,然而,一旦手機遺失,他人仍然可以操作使用者的手機進行線上交易。At present, the common security authentication methods on the market can be divided into two categories. The first type is to use a fixed password. The user inputs the user name and the fixed password on the computer. The problem with this method is that it is easy to be transmitted when the data is transmitted through the Internet. Internet hackers record or monitor, causing data leakage, so the security is insufficient; the second type is the use of One Time Password (OTP), randomly generating different passwords according to different transactions or different events in the same transaction. Since a password is used only once, it can prevent the password from being stolen. This method can be mainly divided into three types according to the software and hardware to which it is matched. The first one is to use a hardware that can generate a dynamic password. For example, a dynamic password generator is used to randomly generate a dynamic password for the transaction. However, this type of procurement and construction cost is high and the user needs to keep the hardware and carry it with him, which is inconvenient to use; the second is Using a newsletter with a mobile phone, this type is generated by the server after the dynamic password is generated, and the dynamic password is sent to the user's mobile phone through the short message, because the mobile phone Carrying, so it solves the problem that the first type is not easy to carry. However, the confidentiality of the newsletter is not high, and when the Subscriber Identity Module (SIM) card is fraudulently used, others can also receive the dynamics. The password is used to impersonate the user to conduct the transaction; the third is to use the PUSH message to match the smart phone. This type is generated by the server after the dynamic password is generated, and the dynamic password is sent to the user's smart phone through the PUSH message. Solved the problem that the first type is not easy to carry, and the PUSH message will only be transmitted to the authenticated smart phone, which also solves the problem that the user identification module card is fraudulently used. However, once the mobile phone is lost, others still You can operate the user's mobile phone for online transactions.

綜上所述,可知先前技術中長期以來一直存在線上交易的安全認證不具有不可否認性的問題,因此有必要提出改進的技術手段,來解決此一問題。In summary, it can be seen that the security authentication of online transactions has not been undeniable for a long time in the prior art, and therefore it is necessary to propose an improved technical means to solve this problem.

有鑒於先前技術存在線上交易的安全認證不具有不可否認性的問題,本創作遂揭露一種產生多因子信物之系統,其中:In view of the fact that there is no undeniable security certification for online transactions in the prior art, the present disclosure discloses a system for generating multi-factor tokens, in which:

本創作所揭露之產生多因子信物之系統,至少包含:信物申請主機,用以接收與客戶端對應之實名認證資訊,並依據實名認證資訊申請數位憑證;信物管理主機,用以依據數位憑證及實名認證資訊產生與客戶端對應之多因子信物。The system for generating multi-factor tokens disclosed in the present invention includes at least: a token application host for receiving real-name authentication information corresponding to the client, and applying for a digital certificate according to the real-name authentication information; the token management host is configured to use the digital certificate and The real-name authentication information generates a multi-factor token corresponding to the client.

本創作所揭露之系統如上,與先前技術之間的差異在於本創作透過通過實名認證的實名認證資訊申請數位憑證,並依據所申請的數位憑證以及實名認證資訊產生多因子信物,使得客戶端可以依據多因子信務完成線上交易,藉以解決先前技術所存在的問題,並可以達成減少提供動態密碼之成本的技術功效。The system disclosed in the present application is as above, and the difference from the prior art is that the present application applies a digital certificate by real-name authentication information by real-name authentication, and generates a multi-factor token based on the applied digital certificate and real-name authentication information, so that the client can The online transaction is completed according to the multi-factor transaction, so as to solve the problems existing in the prior art, and the technical effect of reducing the cost of providing the dynamic password can be achieved.

以下將配合圖式及實施例來詳細說明本創作之特徵與實施方式,內容足以使任何熟習相關技藝者能夠輕易地充分理解本創作解決技術問題所應用的技術手段並據以實施,藉此實現本創作可達成的功效。The features and implementations of the present invention will be described in detail below in conjunction with the drawings and the embodiments, which are sufficient to enable any skilled person to fully understand the technical means to which the present invention solves the technical problems and implement them accordingly. The achievable effect of this creation.

本創作可以提供客戶端在完成實名認證後,線上申請多因子信物,並提供客戶端安裝所申請的多因子信物,使得客戶端可以使用安裝好的多因子信物完成線上交易。This creation can provide the client to apply for multi-factor tokens online after completing the real-name authentication, and provide multi-factor tokens applied by the client installation, so that the client can complete the online transaction using the installed multi-factor tokens.

其中,本創作所提之客戶端可以是智慧型手機或電腦等具備通訊功能與資料處理能力的裝置,本創作所提之實名認證則是可以確實判斷客戶端之使用者身分的認證方式,例如:臨櫃判別、使用手機號碼認證、使用電子郵件帳號或社群媒體帳號認證、使用金融卡或信用卡等金融支付工具認證、使用憑證或公開金鑰認證、使用網路銀行密碼認證、使用安裝應用程式時所產生之應用程式認證碼認證等,但本創作並不以此為限。Among them, the client mentioned in this creation can be a device with communication function and data processing capability such as a smart phone or a computer. The real name authentication mentioned in the creation is a method for authenticating the identity of the user of the client, for example, : identification by cabinet, use mobile phone number authentication, use email account or social media account authentication, use financial card or credit card and other financial payment instrument authentication, use certificate or public key authentication, use online banking password authentication, use install application Application authentication code generated during the program, etc., but this creation is not limited to this.

以下先以「第1圖」本創作所提之產生多因子信物之系統架構圖來說明本創作的系統運作。如「第1圖」所示,本創作之系統含有信物申請主機120以及信物管理主機130。The following is a description of the system architecture of the creation of multi-factor tokens in the "Picture 1". As shown in "FIG. 1", the system of the present creation includes a token application host 120 and a token management host 130.

信物申請主機120負責接收與客戶端150對應的實名認證資訊,並依據所接收到的實名認證資訊申請數位憑證,以及將所申請到的數位憑證提供給信物管理主機130。其中,本創作所提之實名認證資訊包含足以使得信物申請主機120申請數位憑證的申請人資料,例如:申請人姓名、聯絡方式等,另外,也包含足以辨識客戶端150的資料,例如:客戶端150的網路位址、客戶端150的序號、客戶端150的網路卡號(MAC address)等。The token application host 120 is responsible for receiving the real-name authentication information corresponding to the client 150, and applying the digital certificate according to the received real-name authentication information, and providing the applied digital certificate to the token management host 130. The real-name authentication information provided by the present application includes information about the applicant for the token application host 120 to apply for a digital certificate, such as the applicant's name, contact information, and the like, and also includes information sufficient to identify the client 150, for example, the customer The network address of the terminal 150, the serial number of the client 150, the MAC address of the client 150, and the like.

在部分的實施例中,信物申請主機120可以取得與客戶端150相對應的安裝目標資訊。信物申請主機120所取得的安裝目標資訊可以包含多因子信物的安裝目標,例如:應用程式名稱或是儲存路徑等,但本創作所提之安裝目標資訊並不以上述為限。In some embodiments, the token application host 120 can obtain installation target information corresponding to the client 150. The installation target information obtained by the token application host 120 may include the installation target of the multi-factor token, such as the application name or the storage path, but the installation target information proposed by the creation is not limited to the above.

信物申請主機120更可以包含安控元件123以及憑證註冊中心(Registration Authority, RA)125。The token application host 120 may further include a security control component 123 and a certificate authority (RA) 125.

安控元件123負責提供實名認證伺服器401與信物申請主機120連接,並對相連接之實名認證伺服器401進行驗證。The security control component 123 is responsible for providing the real name authentication server 401 to connect with the token application host 120 and verifying the connected real name authentication server 401.

安控元件123也負責在相連接之實名認證伺服器401通過驗證後,提供實名認證伺服器401將與客戶端150對應的實名認證資訊傳送至信物申請主機120。The security control component 123 is also responsible for providing the real-name authentication server 401 to transmit the real-name authentication information corresponding to the client 150 to the token application host 120 after the connected real-name authentication server 401 passes the verification.

憑證註冊中心125負責由實名認證伺服器401所傳送的實名認證資訊中讀取出必須的資料,並將所讀出的資料作為申請人資料向憑證發布中心(Certificate Authority, CA)405申請數位憑證,並接收憑證發布中心405簽署並傳回的數位憑證。The voucher registration center 125 is responsible for reading the necessary information in the real-name authentication information transmitted by the real-name authentication server 401, and applying the read data as the applicant data to the certificate authority (CA) 405 for applying for the digital certificate. And receiving the digital certificate signed and returned by the certificate issuing center 405.

信物管理主機130負責接收信物申請主機120所傳送的數位憑證以及實名認證資訊,並依據所接收到的數位憑證與實名認證資訊產生與客戶端150對應的多因子信物。The token management host 130 is responsible for receiving the digital certificate transmitted by the token application host 120 and the real-name authentication information, and generating a multi-factor token corresponding to the client 150 according to the received digital certificate and the real-name authentication information.

信物管理主機130所產生的多因子信物包含與客戶端150對應的憑證以及與客戶端150對應的驗證資料。一般而言,信物管理主機130可以依據所接收到的實名認證資訊產生與客戶端150對應的驗證資料。其中,本創作所提之驗證資料為不會重複且足以識別客戶端150的資料。例如客戶端為手機時,驗證資料可以是手機序號;又如客戶端為桌上型電腦或筆記型電腦時,驗證資料可以是網路卡號等,但本創作所提之驗證資料並不以上述為限。The multi-factor token generated by the token management host 130 includes a credential corresponding to the client 150 and verification data corresponding to the client 150. In general, the token management host 130 can generate verification data corresponding to the client 150 according to the received real-name authentication information. The verification data provided by the creation is information that is not repeated and is sufficient to identify the client 150. For example, when the client is a mobile phone, the verification data may be a mobile phone serial number; if the client is a desktop computer or a notebook computer, the verification data may be a network card number, etc., but the verification data provided by the creation is not the above. Limited.

在部分的實施例中,信物管理主機130所產生之多因子信物中包含的憑證可能經過加密,也就是客戶端150需要提供使用者輸入密碼後,才可以依據使用者輸入的密碼解密,並在線上交易的過程中使用經過解密的憑證。In some embodiments, the credentials contained in the multi-factor beacon generated by the token management host 130 may be encrypted, that is, the client 150 needs to provide the user to input a password before decrypting according to the password input by the user, and Decrypted credentials are used in the online transaction process.

信物管理主機130也可以傳送所產生的多因子信物至相對應的客戶端150,使客戶端150安裝相對應的多因子信物,藉以讓客戶端150可以使用多因子信物完成線上交易。The token management host 130 can also transmit the generated multi-factor tokens to the corresponding client 150, so that the client 150 installs a corresponding multi-factor token, so that the client 150 can use the multi-factor token to complete the online transaction.

接著以一個實施例來解說本創作的運作系統與方法,並請參照「第2圖」本創作所提之產生多因子信物之方法流程圖。在本實施例中,假設客戶端150為智慧型手機,但本創作並不以此為限。Next, the operation system and method of the present creation are explained by an embodiment, and please refer to the flowchart of the method for generating multi-factor tokens proposed in the "Fig. 2". In this embodiment, it is assumed that the client 150 is a smart phone, but the creation is not limited thereto.

首先,實名認證伺服器401可以提供客戶端150進行實名認證(步驟202)。使用者可以操作客戶端150連線到實名認證伺服器401,並可以使用電子郵件帳號與手機號碼進行實名認證、也可以使用金融支付工具與手機號碼進行實名認證、或可以使用網路銀行密碼與手機號碼進行實名認證,在本實施例中,假設使用者使用憑證與手機號碼進行實名認證。First, the real name authentication server 401 can provide the client 150 with real name authentication (step 202). The user can operate the client 150 to connect to the real-name authentication server 401, and can use the email account and the mobile phone number for real-name authentication, or use the financial payment tool and the mobile phone number for real-name authentication, or can use the online banking password and The mobile phone number is authenticated by real name. In this embodiment, it is assumed that the user uses the voucher and the mobile phone number for real name authentication.

在實名認證伺服器401完成使用者的實名認證後,實名認證伺服器401可以傳送與客戶端150相對應的實名認證資訊至信物申請主機120以進行線上註冊(步驟210)。在本實施例中,實名認證伺服器401可以透過信物申請主機120的安控元件123與信物申請主機120連接,並在信物申請主機120的安控元件123允許連線後,將與客戶端150相對應的實名認證資訊傳送到信物申請主機120。After the real name authentication server 401 completes the real name authentication of the user, the real name authentication server 401 can transmit the real name authentication information corresponding to the client 150 to the token application host 120 for online registration (step 210). In this embodiment, the real name authentication server 401 can be connected to the token application host 120 through the security control component 123 of the token application host 120, and will be associated with the client 150 after the security component 123 of the token application host 120 is allowed to connect. The corresponding real name authentication information is transmitted to the token application host 120.

在信物申請主機120接收到與客戶端150相對應的實名認證資訊後,信物申請主機120的憑證註冊中心125可以依據所接收到的實名認證資訊申請與客戶端150相對應的數位憑證(步驟220)。在本實施例中,假設信物申請主機120的憑證註冊中心125可以由所接收到之實名認證資訊中讀取出申請數位憑證的必要資料,並透過網路將所讀出的必要資料傳送給憑證發布中心405,並接收憑證發布中心405簽署並傳回的數位憑證。After the token application host 120 receives the real-name authentication information corresponding to the client 150, the credential registration center 125 of the token application host 120 may apply for the digital credential corresponding to the client 150 according to the received real-name authentication information (step 220). ). In this embodiment, it is assumed that the credential registration center 125 of the token application host 120 can read the necessary information of the application digital certificate from the received real-name authentication information, and transmit the necessary information read out to the voucher through the network. The center 405 is issued and receives the digital certificate signed and returned by the voucher publishing center 405.

在信物申請主機120申請到與客戶端150相對應的數位憑證後,信物申請主機120可以傳送所申請到的數位憑證與所接收到的實名認證資訊至信物管理主機130(步驟250),藉以為客戶端150申請與客戶端150相對應的多因子信物。After the token application host 120 applies for the digital certificate corresponding to the client 150, the token application host 120 can transmit the applied digital certificate and the received real-name authentication information to the token management host 130 (step 250). The client 150 applies for a multi-factor token corresponding to the client 150.

在信物管理主機130接收到信物申請主機120申請到的數位憑證與所接收到的實名認證資訊後,信物管理主機130可以依據所接收到的數位憑證與實名認證資訊產生與客戶端150相對應的多因子信物(步驟260)。在本實施例中,假設信物管理主機130可以由實名認證資訊中讀取出客戶端150的手機序號,並將所讀出的手機序號與所接收到的數位憑證合併為與客戶端150相對應的多因子信物。After the token management host 130 receives the digital certificate applied by the token application host 120 and the received real-name authentication information, the token management host 130 may generate a corresponding identifier corresponding to the client 150 according to the received digital certificate and the real-name authentication information. Multi-factor tokens (step 260). In this embodiment, it is assumed that the token management host 130 can read the mobile phone serial number of the client 150 from the real-name authentication information, and merge the read mobile phone serial number with the received digital voucher to correspond to the client 150. Multi-factor beacon.

在信物管理主機130產生與客戶端150相對應的多因子信物後,信物管理主機130可以將所產生的多因子信物傳送到相對應的客戶端150(步驟270)。在本實施例中,假設客戶端150在連線到實名認證伺服器401時,傳送了安裝目標資訊給實名認證伺服器401,且實名認證伺服器401將安裝目標資訊連同實名認證資訊傳送給信物註冊主機120,之後,信物註冊主機120也在傳送數位憑證與實名認證資訊給信物管理主機130時,一併傳送了安裝目標資訊,如此,信物管理主機130便可以依據所接收到的安裝目標資訊將所產生的多因子信物傳送給客戶端150。After the token management host 130 generates a multi-factor token corresponding to the client 150, the token management host 130 can transmit the generated multi-factor token to the corresponding client 150 (step 270). In this embodiment, it is assumed that when the client 150 is connected to the real-name authentication server 401, the installation target information is transmitted to the real-name authentication server 401, and the real-name authentication server 401 transmits the installation target information together with the real-name authentication information to the token. After registering the host 120, the token registration host 120 also transmits the installation target information together when transmitting the digital certificate and the real-name authentication information to the token management host 130. Thus, the token management host 130 can be based on the received installation target information. The generated multi-factor beacon is transmitted to the client 150.

在客戶端150接收到信物管理主機130所傳送的多因子信物後,可以安裝多因子信物(步驟280)。在本實施例中,客戶端150可以將所接收到的多因子信物儲存到憑證管理應用程式可存取的特定目錄中來完成多因子信物的安裝。After the client 150 receives the multi-factor token transmitted by the token management host 130, a multi-factor token can be installed (step 280). In this embodiment, the client 150 can store the received multi-factor tokens into a specific directory accessible by the credential management application to complete the installation of the multi-factor tokens.

之後,當使用者操作客戶端150進行線上交易時,客戶端150便可以使用多因子信物完成線上交易(步驟290)。在本實施例中,假設在線上交易的過程中,客戶端150可以傳送多因子信物以及手機序號給提供線上交易的交易伺服器,交易伺服器可以依據多因子信物中的憑證以及多因子信物中的驗證資料與客戶端150所傳送之手機序號的比對結果來確認進行線上交易的交易者是否為使用者本人,若否,則交易伺服器可以拒絕交易,若是,則交易伺服器可以允許客戶端150繼續交易過程以完成交易。Thereafter, when the user operates the client 150 to conduct an online transaction, the client 150 can complete the online transaction using the multi-factor token (step 290). In this embodiment, it is assumed that in the process of online transaction, the client 150 can transmit a multi-factor token and a mobile phone serial number to a transaction server that provides an online transaction, and the transaction server can be based on the voucher in the multi-factor message and the multi-factor token. The verification data is compared with the mobile phone serial number transmitted by the client 150 to confirm whether the trader who conducts the online transaction is the user himself. If not, the transaction server can reject the transaction, and if so, the transaction server can allow the client. End 150 continues the transaction process to complete the transaction.

另外,若客戶端150所儲存之多因子信物中的憑證經過加密,則在交易伺服器依據多因子信物中的憑證確認交易者是否為使用者本人之前,客戶端150的交易者需要先輸入密碼,使得交易伺服器可以成功對憑證解密以確認交易者身分。In addition, if the voucher in the multi-factor message stored by the client 150 is encrypted, the trader of the client 150 needs to input the password before the transaction server confirms whether the trader is the user himself or herself according to the voucher in the multi-factor message. So that the transaction server can successfully decrypt the voucher to confirm the identity of the trader.

如此,透過本創作,使用者便可以使用客戶端方便的在具有設備認證之安全環境中完成線上交易,無需使用動態密碼,同時,由於本創作也確認交易者為使用者本人,所以交易者的交易也具有不可否認性。In this way, through this creation, the user can use the client to conveniently complete the online transaction in a secure environment with device authentication, without using a dynamic password, and at the same time, since the creation also confirms that the trader is the user himself, the trader's Transactions are also non-repudiation.

綜上所述,可知本創作與先前技術之間的差異在於具有通過實名認證的實名認證資訊申請數位憑證,並依據所申請的數位憑證以及實名認證資訊產生多因子信物,使得客戶端可以依據多因子信務完成線上交易之技術手段,藉由此一技術手段可以來解決先前技術所存在線上交易的安全認證不具有不可否認性的問題,進而達成減少提供動態密碼之成本的技術功效。In summary, it can be seen that the difference between the present creation and the prior art is that the real-name authentication information application digital certificate is verified by the real-name authentication, and the multi-factor token is generated according to the applied digital certificate and the real-name authentication information, so that the client can have more basis. The technical means of completing the online transaction by the factor service can solve the problem that the security authentication of the online transaction existing in the prior art is not undeniable by the technical means, thereby achieving the technical effect of reducing the cost of providing the dynamic password.

再者,本創作可實現於硬體、軟體或硬體與軟體之組合中,亦可在電腦系統中以集中方式實現或以不同元件散佈於若干互連之電腦系統的分散方式實現。Furthermore, the creation can be implemented in hardware, software or a combination of hardware and software, or in a centralized manner in a computer system or in a distributed manner in which different components are interspersed among several interconnected computer systems.

雖然本創作所揭露之實施方式如上,惟所述之內容並非用以直接限定本創作之專利保護範圍。任何本創作所屬技術領域中具有通常知識者,在不脫離本創作所揭露之精神和範圍的前提下,對本創作之實施的形式上及細節上作些許之更動潤飾,均屬於本創作之專利保護範圍。本創作之專利保護範圍,仍須以所附之申請專利範圍所界定者為準。Although the embodiments disclosed in the present disclosure are as above, the contents are not intended to directly limit the scope of the patent protection of the present invention. Anyone who has the usual knowledge in the technical field of this creation, without any departure from the spirit and scope disclosed in this creation, makes some modifications to the form and details of the implementation of this creation, which are the patent protection of this creation. range. The scope of patent protection of this creation must be determined by the scope of the attached patent application.

120‧‧‧信物申請主機
123‧‧‧安控元件
125‧‧‧憑證註冊中心
130‧‧‧信物管理主機
150‧‧‧客戶端
401‧‧‧實名認證伺服器
405‧‧‧憑證發布中心
步驟202‧‧‧實名認證伺服器提供客戶端進行實名認證
步驟210‧‧‧實名認證伺服器傳送與客戶端對應之實名認證資訊至信物申請主機以進行註冊
步驟220‧‧‧信物申請主機依據實名認證資訊申請數位憑證
步驟250‧‧‧信物申請主機傳送實名認證資訊及數位憑證至信物管理主機
步驟260‧‧‧信物管理主機依據數位憑證及實名認證資訊產生與客戶端對應之多因子信物
步驟270‧‧‧信物管理主機傳送多因子信物至客戶端
步驟280‧‧‧客戶端安裝多因子信物
步驟290‧‧‧客戶端使用多因子信物完成線上交易120‧‧‧Relics application host
123‧‧‧Security components
125‧‧‧Voucher Registration Center
130‧‧‧Land Management Host
150‧‧‧Client
401‧‧‧Real-name authentication server
405‧‧‧Voucher Release Center Step 202‧‧‧Real-name authentication server provides client for real-name authentication Step 210‧‧‧ Real-name authentication server transmits real-name authentication information corresponding to the client to the token application host for registration step 220‧ ‧ ‧ 信 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请 申请Corresponding multi-factor beacon step 270‧‧‧ The token management host transmits multi-factor tokens to the client Step 280‧‧‧ Client installs multi-factor tokens Step 290‧‧‧ Clients use multi-factor tokens to complete online transactions

第1圖為本創作所提之產生多因子信物之系統架構圖。 第2圖為本創作所提之產生多因子信物之方法流程圖。The first picture is a system architecture diagram of the multi-factor token generated by the author. Figure 2 is a flow chart of the method for generating multi-factor tokens proposed by the author.

120‧‧‧信物申請主機 120‧‧‧Relics application host

123‧‧‧安控元件 123‧‧‧Security components

125‧‧‧憑證註冊中心 125‧‧‧Voucher Registration Center

130‧‧‧信物管理主機 130‧‧‧Land Management Host

150‧‧‧客戶端 150‧‧‧Client

401‧‧‧實名認證伺服器 401‧‧‧Real-name authentication server

405‧‧‧憑證發布中心 405‧‧‧Voucher Publishing Center

Claims (14)

一種產生多因子信物之系統,該系統至少包含: 一信物申請主機,用以接收與一客戶端對應之一實名認證資訊,並依據該實名認證資訊申請一數位憑證;及 一信物管理主機,用以依據該數位憑證及該實名認證資訊產生與該客戶端對應之一多因子信物。A system for generating a multi-factor token, the system comprising: a token requesting host, configured to receive a real-name authentication information corresponding to a client, and apply for a digital certificate according to the real-name authentication information; and a token management host, Generating a multi-factor token corresponding to the client according to the digital certificate and the real-name authentication information. 如申請專利範圍第1項所述之產生多因子信物之系統,其中該多因子信物包含與該客戶端對應之一憑證及與該客戶端對應之一驗證資料。The system for generating multi-factor tokens according to claim 1, wherein the multi-factor token comprises one of a voucher corresponding to the client and one of the verification materials corresponding to the client. 如申請專利範圍第2項所述之產生多因子信物之系統,其中該驗證資料為手機序號或網路卡號。The system for generating a multi-factor token according to claim 2, wherein the verification data is a mobile phone serial number or a network card number. 如申請專利範圍第2項所述之產生多因子信物之系統,其中該憑證經過加密。A system for generating a multi-factor token as described in claim 2, wherein the voucher is encrypted. 如申請專利範圍第1項所述之產生多因子信物之系統,其中該信物申請主機包含一憑證註冊中心(Registration Authority, RA)及一安控元件。The system for generating multi-factor tokens according to claim 1, wherein the token application host comprises a certificate authority (RA) and a security control component. 如申請專利範圍第1項所述之產生多因子信物之系統,其中該信物申請主機是向一憑證發布中心(Certificate Authority, CA)申請該數位憑證。The system for generating multi-factor tokens according to claim 1, wherein the token application host applies to the certificate authority (CA) for the digital certificate. 如申請專利範圍第1項所述之產生多因子信物之系統,其中該客戶端為手機或電腦。The system for generating multi-factor tokens according to claim 1, wherein the client is a mobile phone or a computer. 如申請專利範圍第1項所述之產生多因子信物之系統,其中該信物管理主機更用以傳送該多因子信物至該客戶端,使該客戶端安裝該多因子信物,藉以讓該客戶端使用該多因子信物完成線上交易。The system for generating multi-factor tokens according to claim 1, wherein the token management host is further configured to transmit the multi-factor token to the client, so that the client installs the multi-factor token, thereby allowing the client to Use this multi-factor token to complete online transactions. 如申請專利範圍第8項所述之產生多因子信物之系統,其中該信物申請主機更用以取得與該客戶端相對應之一安裝目標資訊,該信物管理主機更用以依據該安裝目標資訊傳送該多因子信物至該客戶端。The system for generating a multi-factor token according to claim 8, wherein the token application host is further configured to obtain one of the installation target information corresponding to the client, and the token management host is further configured to use the installation target information. Transmitting the multi-factor token to the client. 如申請專利範圍第1項所述之產生多因子信物之系統,其中該實名認證資訊是依據電子郵件帳號與手機號碼認證產生。The system for generating multi-factor tokens according to claim 1, wherein the real-name authentication information is generated according to an email account and a mobile phone number authentication. 如申請專利範圍第1項所述之產生多因子信物之系統,其中該實名認證資訊是依據公開金鑰產生。The system for generating a multi-factor token according to claim 1, wherein the real-name authentication information is generated according to a public key. 如申請專利範圍第1項所述之產生多因子信物之系統,其中該實名認證資訊是依據網路銀行密碼與手機號碼認證產生。The system for generating multi-factor tokens according to claim 1, wherein the real-name authentication information is generated according to an online banking password and a mobile phone number authentication. 如申請專利範圍第1項所述之產生多因子信物之系統,其中該實名認證資訊為依據金融卡、金融卡密碼及手機號碼認證產生。For example, the system for generating multi-factor tokens according to claim 1 of the patent scope, wherein the real-name authentication information is generated based on the financial card, the financial card password and the mobile phone number authentication. 如申請專利範圍第1項所述之產生多因子信物之系統,其中該實名認證資訊是依據應用程式認證碼與手機號碼認證產生。The system for generating multi-factor tokens according to claim 1, wherein the real-name authentication information is generated according to an application authentication code and a mobile phone number authentication.
TW105201077U 2016-01-25 2016-01-25 System generating multiple factor pledge TWM520168U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW105201077U TWM520168U (en) 2016-01-25 2016-01-25 System generating multiple factor pledge

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW105201077U TWM520168U (en) 2016-01-25 2016-01-25 System generating multiple factor pledge

Publications (1)

Publication Number Publication Date
TWM520168U true TWM520168U (en) 2016-04-11

Family

ID=56362269

Family Applications (1)

Application Number Title Priority Date Filing Date
TW105201077U TWM520168U (en) 2016-01-25 2016-01-25 System generating multiple factor pledge

Country Status (1)

Country Link
TW (1) TWM520168U (en)

Similar Documents

Publication Publication Date Title
KR102044751B1 (en) Method for providing reward according to user authentication based on blockchain
US11218480B2 (en) Authenticator centralization and protection based on authenticator type and authentication policy
US10586229B2 (en) Anytime validation tokens
US20180349894A1 (en) System of hardware and software to prevent disclosure of personally identifiable information, preserve anonymity and perform settlement of transactions between parties using created and stored secure credentials
JP2023062065A (en) Using contactless card to securely share personal data stored in blockchain
US20130219481A1 (en) Cyberspace Trusted Identity (CTI) Module
US20230360040A1 (en) Quantum-safe payment system
CN114666168B (en) Decentralized identity certificate verification method and device, and electronic equipment
US10867326B2 (en) Reputation system and method
KR101941625B1 (en) System for SNS finetech using authentication based selecting and method for operating the same
TWM520168U (en) System generating multiple factor pledge
TWI818679B (en) Non-fungible token login verification system and method
TW202409933A (en) Non-fungible token login verification system and method
WO2023144503A1 (en) Quantum-secure digital currency
AU2015200701A1 (en) Anytime validation for verification tokens
KR20140119450A (en) System for safety electronic payment and method for using the system

Legal Events

Date Code Title Description
MM4K Annulment or lapse of a utility model due to non-payment of fees