TW200904114A - Method of subscriber terminal providing identity verification for server terminal, computer accessible storage media, transaction safety verification method and its system - Google Patents

Method of subscriber terminal providing identity verification for server terminal, computer accessible storage media, transaction safety verification method and its system Download PDF

Info

Publication number
TW200904114A
TW200904114A TW96124725A TW96124725A TW200904114A TW 200904114 A TW200904114 A TW 200904114A TW 96124725 A TW96124725 A TW 96124725A TW 96124725 A TW96124725 A TW 96124725A TW 200904114 A TW200904114 A TW 200904114A
Authority
TW
Taiwan
Prior art keywords
identity
transaction
ciphertext
server
transaction data
Prior art date
Application number
TW96124725A
Other languages
Chinese (zh)
Inventor
kai-wen Zheng
jian-zhong Shi
Original Assignee
Paysecure Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Paysecure Technology Co Ltd filed Critical Paysecure Technology Co Ltd
Priority to TW96124725A priority Critical patent/TW200904114A/en
Publication of TW200904114A publication Critical patent/TW200904114A/en

Links

Abstract

This invention discloses a method of a subscriber terminal to provide identity verification for a server terminal. The method is performed by the subscriber terminal and includes steps as: (a) receiving an identity code and encrypting the identity code to generate an encrypted code; (b) combining the encrypted code with a transaction detail to generate an encrypted transaction data; and (c) transmitting the encrypted transaction data to the server terminal. This invention encrypts the identity code at the subscriber terminal and attaches a transaction detail thereto to prevent someone with ulterior intention from intercepting and stealing the identity code to cause damage and misappropriate the data. This invention also simplifies the transaction flow to speed up the transaction processes.

Description

200904114 九、發明說明: 【發明所屬之技術領域】 本發明是有關於-種身分驗證方法、儲存媒體、交易 方法及其系統,特別是指一種防止交易資料被盜用且能提 昇父易速度的一用戶端對一飼服端提供身分驗證之方法、 電腦可讀儲存媒體、交易安全驗證方法及其系統。 【先前技術】 隨著通訊技術及網際網路的普及化,金融服務亦進入 了—_新㈣代’藉由無遠弗屆的通訊技術及網際網路 ,使用者無須親自到金融機構的臨櫃也能進行例如轉帳、 講買商品或繳款等金融交易,而為了防範使用者的重要資 料被盜用,目前亦發展了各種保護交易安全的驗證法。 以一種「行動金融服務」的交易安全防護為例,係由 -金融機構與一電信業者合作,當一使用者申請此服務, 且在金融機構之網站輸入一筆交易資料後,則由金融機構 的伺服系統通知電信業者之系統轉發—含有—動態密碼 (One Time passw0rd;簡稱〇τρ)的簡訊至使用者的行動電話 ,讓使用者能以自己的行動電話輸入該動態密碼並透過電 信業者之系統回覆金融機構的伺服系統,當金融機構的伺 服系統收到來自s亥行動電話之確認,才會處理該筆交易, 如此即完成整個交易過程。 另有一種方式則是在行動電話中使用一電信業者提供 之具有STK(SIM Tool Kit)功能之晶片卡’使用者在行動電 話上安裝該晶片卡後,直接就可在行動電話的顯示晝面中 200904114 依據指不操作’此種晶片卡之交易安全防護係採用三重加 解搶(Triple DES)技術,加密/解密技術較為複雜,此方式具 有硬體之限制,也就是必須向電信業者購買並安裝此種晶 片卡才能享受金融機構提供的「行動金融服務」。 因此,目前的交易驗證方法具有以下的缺點: 1·無論是簡訊或晶片卡的身分驗證方式,皆有透過如 電t業者之第三者身分的介入,資料安全在多一手的傳輸 過程中被盜用的風險將提高。 2.由於使用者需要等候簡訊往返的確認時間,因此整 個交易過程較為耗時。 3·使用者需自行負擔簡訊費用,或申請晶片卡也有費用 產生,讓一般消費者的使用意願大為降低。 【發明内容】 有鑒於目前透過通訊技術及網際網路提供的金融服務 由於對父易資料的安全疑慮,金融機構仍需透過與電信 業者σ作,但此舉造成盜用風險增加及相關費用增加等缺 點,使得消費者的使用意願降低。 处。因此,本發明之一目的,即在提供一種對使用者而言 月匕操作簡便且能保護使用者身份不至夂外沒的-用戶端對_ ㈣端提供身分驗證之方法、電腦可㈣存媒體、交易安 全驗證方法及其系統。 本發明之另一目的,即在提供一種無須透過電信業者 而能使-用戶端直接對一飼服端提供身分驗證之方法、電 腦可讀儲存媒體、交易安全驗證方法及其系統。 200904114 本發明的一用戶*山y-, 技丄 P ^對一伺服端提供身分驗證之方法, 係=端執行並包含下述步驟,接受一身分識別碼 對^㈣別料行加妓其心—敎;⑻將該密 整合為—加密交易資料;及⑷傳送該加密 交易資料予該伺服端。 在 一田本發明電腦可讀儲存媒體紀錄有-程式,該程式可供 =料取並執行以對—伺服端提供身分驗證 式 =:成 Π:—·::,且 __二 為-加密交易資料^ : 文與一交易内容整合 。 枓,及(C)傳送該加密交易資料予該伺服端 本發明交易安全驗證方法適 之間,該方法包含下述步驟: 該交=!:行包括τ述步驟:(ai)接收,資料, 八、 身分朗碼及-交以容;㈣對^ 識別碼進行加密使其成為-密文;及㈣接收=身 、’將心文與該交易内容整合為—加密交易資料。 該伺服端執行包括τ述步驟 戶端之身分缉7表侑儲存有該用 料.nJ 別資料庫;(bl)接收該加密交易資 万:(2)對該加密交易資料之密文解密出該身 、 3)核對該身分識別碼是否存在該識別資料庫,二, ’則執行該交易内容。 、 右存在 本發明父易安全驗證系統,包括: 於 端與一伺服端 一用戶端,具有一輸入單元 、_ 控制單元 顯示單 200904114 兀及整合單元。該輸入單元供輸入一身分識別碼;該控 制單元用以產生對該身分識別碼加密的一密文;該顯示單 :用以顯示該控制單元處理之結果;該整合單元用以將該 雄文與一父易内容整合為一加密交易資料。 一伺服端,具有一接收單元、一處理單元及一識別資 料庫。該接收單元接收該加密交易資料;該識別資料庫儲 存有β亥用戶端之身分識別碼;該處理單元對該加密交易資 料之密文解密㈣身分朗碼,幻线該身分制碼是否 存在該識別資料庫,若存在,_行該交易内容。 本發明的一用戶端對一词服端提供身分驗證之方法、 電腦可讀儲存媒體、交易安全驗證方法及其系統,主要是 藉由在用戶端對使用者的—身分識別碼加密,可防止使用 者身分資料被有心人士次用咨Μ 士现用資枓,且由伺服端解密後進行 身分驗證,若無誤即直接執杆 伐钒仃父易内谷,無須透過電信業 者,因此能簡化目前多重鹼俄认敏a + ^ 夕垔驗证的繁複流程,使交易過程更 為迅速,因而能有效提昇— 促升叙4費者的使用意願。 【實施方式】 有關本發明之前述及其他技術内容、特點與功效,在 以下配合參考圖式之數個較佳實施例的詳細說明中,將可 U的呈現。在本發明被⑼描述之前,要注意 以下=說明内容中,類似的㈣是以相同的編號來表示。 參閱圖1,本發明的一用戶端對 之方法的較佳實施例是由—交 -*驗證 該用戶端!是透過一網際網路^^統100執行, 傳遞資科給伺服端2。 200904114 用戶端1 φ· m- r .. 裒有—電腦可讀儲存婵餺η , 或一記憶卡, 子螺體11,如一隨身碟 電知可讀儲存媒體u τ 以執行該用戶端 内並,,、己錄有-程式,用 參閲网,”飢2如供身分驗證之方法。 者5的I 及圖2,該程式係執行下述 者5的身分識別喝(步驟】#收-使用 使其成為—密 耵该身分識別碼進行加密 在文(步驟〗02);將該密文 六 一加密交易眘社 、又易内各整合為 旬又易貝#(步驟1〇3),·及傳 ^ 端2(步驟1〇4)。 加狁乂易資料予伺服 前述方法中,對身分識別碼的 加密法、—^ & 係知用一動態密碼 對私式岔鑰加密法或一非 a 此外,p I 3 At +無式也、鑰加密法; /、要疋旎用來辨識使用者5的 用於商聿六的身为識別碼且 仃為’均U於本發明用戶端1㈣服端2 供身々驗證之方法可實施的範疇。 參閱圖3’飼服端2具有一處理單元2〇、一接收單元 及1別資料庫22,識„料庫22料有使 身分識別碼。 :閱圖3及圖4,伺服端2之接收單元21用以接收來 :端之加密交易資料(步驟2〇1);處理單元2〇用以對該 在父易育料之密文解密出該身分識別碼(步驟搬),並核 •、該身分識別碼是否存在該識別資料庫22(步驟2〇3)?若存 2則執行該交易内容(步驟204);若不存在,則視為錯誤 料’不處理該交易内容(步驟2〇5)。 參閱圖1,祠服端2用以對該加密交易資料之密文解密 糸對應用戶瑞1採用-動熊穷應_法、一對稱式密鍮解 200904114 密法或一非對稱式密鑰解密法。 /閱圖5 ’本發明之另_較佳實施例,交易安全驗 統100包括複數用戶端 °且’、 用戶及-伺服端2’其中,用戶 有多種類型,包括一杆叙 ^ 1 仃動通5fl裝置12、一電腦裝 連接有-硬體裝置14之電腦裝置15等。 置13及- 其中’行動通《置12或電腦裝置13均可安裝 式UO,且該程式11()用劫一兑 用執仃如則述圖2之程序。使用者 5可使用行動通訊裝置12透 使用者 葡兮翁斗、 逋訊網路4自伺服端2下 ^ 1 並將其載入行動通訊裝置12中 梦罟衣1 甲,或者以電腦 义置13透過一網際網路 其載入電《置13中。 端下载該程式U〇並將 述的程式軟體型式,也可製成-種硬體裝置 141 一置14類似—密碼產生裝置,包括-輸入單元 控制單元142及一 gg n — j j 1 有-整合單元144。 .4…⑷,且電腦裝置U具 其身八W丨輸人早7^ 141 S —數字鍵盤,供使用者5輸入 密刀:別碼;控制單& 142用以產生對該身分識別碼加 …顯示單元⑷用以顯示控制單元142處理之 -果’即該身分識別碼轉㈣密文,供制者5查看。 一私實際使用時,例如:一金融機構的網站除了要求輸入 交易内容’還可要求使用者5輸入對其身分識別碼 I八 吏用者5可猎由輸入單元141輸入其 ^識別碼,確認後由控制單元142產生密文,然後在顯 疋143顯不出來。於是,使用者5就可將該密文輸入 10 200904114 需要填入賴位中;最後,由電腦裝置15的整合單元⑷ 將交易内容與密文整合為—加密交易資料⑼㈣㈣2。 由於此種硬體裝置14是與電腦裝置15分離設置,不 會在電腦裝置15留下身分識別碼的資料,因此能避免他人 使用電腦裝置15時竊取或盜用資料的風險。 歸納上述,本發明的一用戶端〗對―伺服端2提供 分驗證之Μ、電腦可讀儲存㈣u、交易安全驗證方法 及交易安全驗證系統⑽,主要是藉由在用戶端U使用者 5的-身分識別碼加密’可防止使用者5身分資料被有心人 士盜用資料,且由舰$ 2解密後進行身分驗證若無誤 即^妾執行交易内纟,無須電信業者的介人,因此能簡化 目則多重驗證的繁複流程,使交易過程更為迅速能有效 提昇一般消費者的使用意願。 &惟以上所述者’僅為本發明之較佳實施例巾已,當不 :以此限定本發明實施之範圍,即大凡依本發明申請專利 範圍及發明說明内容所作之簡單的等效變化與修飾皆仍 屬本發明專利涵蓋之範圍内。 【圖式簡單說明】 圖1是一系統方塊圖,說明本發明交易安全驗證系統 中 用戶端對一伺服端提供身分驗證之方法之較佳實施 例; 圖2是一流程圖,說明交易安全驗證系統於該用戶端 之執行步驟; 圖3是一電路方塊圖,說明交易安全驗證系統之伺服 11 200904114 端; ' 圖4是一流程圖,說明交易安全驗證系統於該伺服端 ‘ 之執行步驟;及 圖5是一系統方塊圖,說明交易安全驗證系統之用戶 端可有多種不同的類型。 12 200904114 【主要元件符號說明】 1 .......... 用戶端 144....... _整合單元 11......... 儲存媒體 2 .......... •伺服端 101〜104 步驟 20......... •處理單元 12......... 行動通訊裝置 21......... •接收單元 13......... 電腦裝置 22......... •識別資料庫 14......... 硬體裝置 201〜205 步驟 141 ....... 輸入單元 3 .......... •網際網路 142....... 控制單元 4 .......... •通訊網路 143....... 顯示單元 5 .......... 使用者 13200904114 IX. Description of the invention: [Technical field to which the invention pertains] The present invention relates to an authentication method, a storage medium, a transaction method and a system thereof, and more particularly to a method for preventing transaction data from being stolen and improving the speed of the parent. The client provides a method for identity verification, a computer readable storage medium, a transaction security verification method and a system thereof for a feeding end. [Prior Art] With the popularization of communication technology and the Internet, financial services have also entered the _ new (four) generation of 'without far-reaching communication technology and the Internet, users do not have to go to the financial institutions personally Cabinets can also carry out financial transactions such as transfer, purchase of goods or payment, and in order to prevent theft of important data of users, various verification methods for protecting transaction security have been developed. Take the transaction security protection of an "action financial service" as an example. A financial institution cooperates with a telecom operator. When a user applies for the service and enters a transaction information on the financial institution's website, the financial institution The servo system notifies the carrier of the system to forward the message containing the One Time passw0rd (referred to as 〇τρ) to the user's mobile phone, so that the user can input the dynamic password through his own mobile phone and through the system of the carrier. Responding to the financial institution's servo system, when the financial institution's servo system receives confirmation from the shai mobile phone, the transaction will be processed, thus completing the entire transaction process. Another way is to use a chip card with STK (SIM Tool Kit) function provided by a telecom operator in the mobile phone. After the user installs the chip card on the mobile phone, the user can directly display the mobile phone.中200904114 According to the operation of the chip card, the transaction security system adopts triple DES technology, and the encryption/decryption technology is more complicated. This method has hardware limitations, that is, it must be purchased from the telecom operator. To install such a chip card, you can enjoy the "action financial services" provided by financial institutions. Therefore, the current transaction verification method has the following disadvantages: 1. Whether it is the identity verification method of the SMS or the chip card, the data security is transmitted in the process of one-handed transmission through the intervention of the third party identity of the operator. The risk of misappropriation will increase. 2. The entire transaction process is time consuming because the user needs to wait for the confirmation time of the newsletter round trip. 3. The user has to bear the cost of the newsletter, or apply for the chip card, and the cost is generated, so that the general consumer's willingness to use is greatly reduced. [Invention] In view of the current financial services provided through communication technology and the Internet, due to the security concerns of the father's data, financial institutions still need to work with the telecom operators, but this will increase the risk of misappropriation and related costs. Disadvantages, the consumer's willingness to use is reduced. At the office. Therefore, it is an object of the present invention to provide a method for verifying the user's identity and simplifying the user's identity for the user, and providing a method for verifying the identity of the user terminal, and the computer can (4) save the method. Media, transaction security verification methods and their systems. Another object of the present invention is to provide a method, a computer readable storage medium, a transaction security verification method, and a system thereof that enable a client to directly provide identity verification to a food service end without passing through a telecommunications carrier. 200904114 A user of the present invention*, 丄P, provides a method for identity verification on a server, which is executed by the terminal and includes the following steps, accepting an identity code to ^(4) other lines of interest - (8) integrating the secret into - encrypted transaction data; and (4) transmitting the encrypted transaction data to the server. In the computer readable storage medium of the invention, there is a program, the program is available for the material to be fetched and executed to provide the identity verification type for the server:: Π::·::, and __ two for - encryption Transaction data ^ : The text is integrated with a transaction content.枓, and (C) transmitting the encrypted transaction data to the server for the transaction security verification method of the present invention, the method comprising the following steps: the intersection =!: the line includes the step τ: (ai) receiving, data, 8. The identity of the language and the confession; (4) encrypting the identification code to become ciphertext; and (4) receiving = body, 'integrating the heart and the transaction into the encrypted transaction data. The server executes the identity of the client terminal including the step 缉7 table, stores the material.nJ database; (b) receives the encrypted transaction capital: (2) decrypts the ciphertext of the encrypted transaction data. The body, 3) check whether the identity identification code exists in the identification database, and second, 'execute the transaction content. There is a parent-safety verification system of the present invention, including: a terminal and a server, a client, an input unit, a control unit, a display unit, a 200904114, and an integration unit. The input unit is configured to input an identity identifier; the control unit is configured to generate a ciphertext encrypted by the identity identifier; the display list is used to display the result of the control unit processing; the integration unit is configured to use the identity unit to A parent-friendly content is integrated into an encrypted transaction data. A server has a receiving unit, a processing unit and an identification database. The receiving unit receives the encrypted transaction data; the identification database stores the identity identifier of the β-Hai client; the processing unit decrypts the ciphertext of the encrypted transaction data (4) the identity of the identity, and whether the identity code exists for the identity code Identify the database, if it exists, _ the transaction content. The method for providing identity verification, the computer readable storage medium, the transaction security verification method and the system thereof for a word end of the present invention are mainly implemented by encrypting the user's identity identification code at the user end, thereby preventing The user's identity data is used by the person who is interested in the use of the consultant, and the server is used to verify the identity. If the error is correct, the employee can directly control the vanadium, and it is not necessary to pass the telecommunications industry. The complex process of multi-alkaline sensitization a + ^ 垔 垔 verification makes the transaction process more rapid, and thus can effectively improve the willingness of the use of the promotion. The above and other technical contents, features and effects of the present invention will be described in the following detailed description of several preferred embodiments with reference to the drawings. Before the present invention is described by (9), it is to be noted that the following = in the description, similar (four) is denoted by the same reference numerals. Referring to Figure 1, a preferred embodiment of a client-side method of the present invention is to verify that the client is executed through an Internet Protocol 100 and to transfer the client to the server 2. 200904114 Client 1 φ· m- r .. 裒 — - computer readable storage 婵馎 η , or a memory card, sub-spin 11 , such as a floppy disk readable storage medium u τ to execute within the user terminal ,,, have recorded - program, use the reference network, "Hungry 2 as a method for identity verification. 5 and I of Figure 5, the program is to perform the following 5 identity recognition drink (step) #收- The use of the identity identifier to encrypt the text (step 02); the ciphertext sixty-one encryption transaction Shenshe, and Yiyi are integrated into Xunyi Yibei # (step 1〇3), · and pass the end 2 (step 1〇4). Add the information to the servo in the above method, the encryption method of the identity identification code, -^ & know to use a dynamic password to private key encryption or a non-a, in addition, p I 3 At + no-form, key cryptography; /, 疋旎 used to identify the user 5 for the 聿 的 的 身 识别 识别 识别 识别 仃 ' ' ' ' ' End 1 (4) Service End 2 The scope of the method for the verification of the body. Referring to Figure 3, the feeding end 2 has a processing unit 2, a receiving unit and a 1 database. The material library 22 has the identity identification code. See Figure 3 and Figure 4. The receiving unit 21 of the server 2 receives the encrypted transaction data (step 2〇1); the processing unit 2 Decrypting the identity identifier (step move) to the ciphertext of the parent puberty, and verifying whether the identity identifier exists in the identity identifier 22 (step 2〇3). If the file is stored 2, the transaction is executed. Content (step 204); if it does not exist, it is regarded as the error material 'Do not process the transaction content (step 2〇5). Referring to Figure 1, the server 2 is used to decrypt the ciphertext of the encrypted transaction data, corresponding to the user瑞1 adopts - mobile bear poor _ method, a symmetric cryptographic solution 200904114 secret method or an asymmetric key decryption method. / Figure 5 'The other embodiment of the present invention, transaction security check 100 Including a plurality of user terminals ° and ', user and - servo terminal 2', wherein the user has a variety of types, including a lever ^ 1 仃 通 5 5 装置 device 12, a computer connected with a hardware device 14 computer device 15 Set 13 and - where 'action pass' 12 or computer device 13 can be installed UO, and the program 11 () with robbery For example, the user 5 can use the mobile communication device 12 to pass through the user's Portuguese mobile phone, and the network 4 is connected to the mobile terminal 2 and loaded into the mobile communication device 12. The dream dress 1 A, or the computer set 13 through an Internet, it is loaded into the electricity "Set 13. The program downloads the program U 〇 and the program software type, can also be made - a hardware device 141 A similar 14-cryptographic generating device includes an input unit control unit 142 and a gg n — jj 1 yes-integrated unit 144. .4...(4), and the computer device U has its body eight W丨 input person early 7^ 141 S-numeric keypad for the user 5 to input the secret knife: another code; the control list & 142 is used to generate the identity identification code The display unit (4) is used to display the processing result of the control unit 142, that is, the identity identification code is transferred to the (four) ciphertext for viewing by the producer 5. When a private application is used, for example, a financial institution's website requires a user to enter the transaction content, and may also require the user 5 to input its identity identification code I. The user 5 can enter the identification code of the input unit 141 to confirm the identification code. The ciphertext is then generated by the control unit 142 and then displayed at the display 143. Therefore, the user 5 can input the ciphertext into the 200904114 and fill in the vacancy; finally, the transaction unit and the ciphertext are integrated by the integration unit (4) of the computer device 15 into the encrypted transaction data (9) (4) (4) 2. Since the hardware device 14 is provided separately from the computer device 15, the data of the identity code is not left in the computer device 15, so that the risk of stealing or stealing the data when the user uses the computer device 15 can be avoided. In summary, a user terminal of the present invention provides a verification verification, a computer readable storage (4) u, a transaction security verification method, and a transaction security verification system (10) for the server 2, mainly by using the user 5 at the user terminal U. - Identity identification code encryption can prevent the user 5 from being misappropriated by the person who is interested in the data, and the identity verification by the ship $2 will be carried out. If the error is correct, the transaction will be executed without the need of a telecom operator. The complicated process of multiple verification makes the transaction process more rapid and can effectively enhance the willingness of ordinary consumers to use. The above is merely a preferred embodiment of the present invention, and is not intended to limit the scope of the invention, that is, the simple equivalent of the scope of the invention and the description of the invention. Variations and modifications are still within the scope of the invention. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a system block diagram showing a preferred embodiment of a method for a client to provide identity verification to a server in the transaction security verification system of the present invention; FIG. 2 is a flow chart illustrating transaction security verification. Figure 3 is a circuit block diagram illustrating the servo 11 200904114 end of the transaction security verification system; 'Figure 4 is a flow chart illustrating the execution steps of the transaction security verification system at the server end; And Figure 5 is a system block diagram showing that the client of the transaction security verification system can have many different types. 12 200904114 [Explanation of main component symbols] 1 .......... Client 144....... _Integration unit 11.... Storage medium 2 ..... ..... • Servo terminals 101 to 104 Step 20......... • Processing unit 12... Mobile communication device 21... Unit 13......... Computer device 22.........•Recognition database 14......Hardware devices 201~205 Step 141 ..... .. Input unit 3 .......... • Internet 142....... Control unit 4 .......... • Communication network 143... Display unit 5 .......... user 13

Claims (1)

200904114 十、申請專利範圍: 1 ·種—用戶端對一伺服端提供身分驗噔 r 用戶端執行並包含下述步驟: …法,係由該 (a) 接受一身分識別碼,且 密使其成為-密文; 十為身分識別碼進行加 ⑻將該密文與4易内容整合為—加密交易資料; 及 (c)傳送該加密交易資料予該伺服端。 2·請專利範圍第,項所述之—用戶端對一祠服端提 驗證之方法,其中步驟⑷之加密係採用-動態密 :加擒法、-對稱式密鑰加密法或—非對稱式密鑰加密 法。 3. :種電腦可讀儲存媒體,紀錄有一程式,可供一用戶端 子取並執行以對—伺服端提供身分驗證,該程式包含下 述程序: ⑷接收-身分識別碼,且對該身分識別碼進行加密 使其成為一密文; (b) 將該密文與一交易内容整合為_加密交易資料 ;及 (c)傳送該加密交易資料予該伺服端。 4_依據中請專利範圍第3項所述之電腦可讀儲存媒體,其 係一隨身碟或一記憶卡。 5·依據巾請專利範圍第3項所述之電腦可讀儲存媒體,其 中,該步驟(a)之加密係採用一動態密碼加密法、一對稱 14 200904114 式密鑰加密H非對稱式密輪加密法。 6. —種交易安全驗證方法,商 間,該方法包含下述步驟:力帛戶女而與—饲服端之 該用戶端執行包括下述步驟. (al)接收一交易資料,上 碼及-交易内容; μ父易資料包括一身分識別 (a2)對該身分識別 ⑽接收該密文,二:r使其成為—密文;及 -加密交易資料】…文與該交易内容整合為 该伺服端執行包括下述步驟· 料庫⑽製備—儲存有_戶端之身分識別碼之識別資 (bl)接收該加密交易資料; :及⑽對該加密交易資料之密文解密出該身分識別碼 ⑽核對該身分識_是否存在該 存在,則執行該交易内容。 負科犀右 7·:據::專利範圍第6項所述之交易安全驗證方法,立 稱式二Γ:2)之加密係採用—動態密碼加密法、-對 ",〇在法或—非對稱式密鑰加密法,且兮步驟 稱式密鑰解广&2)的一動態密碼解密法、-對 山法或一非對稱式密鑰解密法。 8· -種交易安全驗證系統,包括: 一用戶端,具有: 15 200904114 一輸入單元,供輪入一身分識別碼; ――控制單元’用以產生對該身分識別竭加密的 -密文’並將該密文與該交易内容整合為 易資料; 在乂 ;及 顯示單元,用以顯示該控制單元處理之結杲 5單元用以將該密文與一交易内容整入 為一加密交易資料;及 0 一伺服端,具有: —接收單元,接收該加密交易資料; ;-識別資料庫,儲存有制戶端之身分識別碍 處理早疋,對該加密交易資料之密文解 該身分識別碼’並核對該身分 別資料庫,若存在,則執行該交易内容。存在该識 9. :據申請專利範圍第8項所述之交易安全驗 中,該用戶端係採用一電腦及愈該電腦、其 讀儲存媒體,該電腦τ 線的—電腦可 卡。 W了讀儲存媒體係-隨身碟或一記憶 10. 依據申請專利範圍第8 , ^ $所迷之父易安全驗蹲备从 中,該用戶端之加密係椟田 飨也系統,其 式禮鑰加密法或— 在去、一對稱 F 2了%式雄、鍮加密法, 解密係對應該用戶端援用壬 且該伺服端之 密鑰解密法或一非對 在巧解在去、-對稱式 开對%式密鑰解密法。 、 16200904114 X. Patent application scope: 1 · Kind—The client provides an identity check to a server. The client executes and includes the following steps: ..., the (a) accepts an identity code and makes it a secret - ciphertext; ten for the identity identification code plus (8) the ciphertext and the 4 easy content are integrated into - encrypted transaction data; and (c) the encrypted transaction data is transmitted to the server. 2. Please refer to the method of the patent scope, the method of verifying the user's end to the service, wherein the encryption of step (4) adopts - dynamic density: twisting method, - symmetric key encryption method or - asymmetric Key encryption method. 3. A computer-readable storage medium having a program for a user terminal to take and execute to provide identity verification for the server. The program includes the following procedures: (4) Receiving-identity identification code and identifying the identity The code is encrypted to be a ciphertext; (b) the ciphertext is integrated with a transaction content into _crypted transaction data; and (c) the encrypted transaction data is transmitted to the server. 4_ The computer readable storage medium according to the third aspect of the patent application, which is a flash drive or a memory card. 5. The computer readable storage medium according to the third aspect of the invention, wherein the encryption of the step (a) adopts a dynamic password encryption method, a symmetric 14 200904114 type key encryption H asymmetric symmetric wheel Encryption method. 6. A transaction security verification method, the method comprises the following steps: the execution of the client and the client terminal of the feeding service comprises the following steps: (al) receiving a transaction data, coding and - transaction content; μ father data includes a identity identification (a2) identification of the identity (10) receiving the ciphertext, two: r making it a ciphertext; and - encrypting the transaction data] ... the text and the transaction content integrated into the The server performs the following steps: the library (10) preparation - the identification resource (b) storing the identity identifier of the account is received (bl) to receive the encrypted transaction data; and (10) the ciphertext of the encrypted transaction data is decrypted to identify the identity The code (10) checks the identity _ whether the existence exists, and executes the transaction content. Negative Science Rhino Right 7: According to:: The transaction security verification method described in Item 6 of the patent scope, the second name: 2) The encryption system adopts - dynamic password encryption, -pair ", 〇法 or - Asymmetric key cryptography, and a dynamic cryptographic decryption method of the step-by-step key ambiguity & 2), a pair of mountain methods or an asymmetric key decryption method. 8· - A transaction security verification system, comprising: a client, having: 15 200904114 an input unit for dialing an identity code; - a control unit 'for generating a secret ciphertext for the identification of the identity" And integrating the ciphertext with the transaction content into an easy-to-use data; and a display unit for displaying the node 5 processed by the control unit for merging the ciphertext with a transaction content into an encrypted transaction data And 0 a server, having: - receiving unit, receiving the encrypted transaction data; ; - identifying the database, storing the identification of the identity of the user terminal, processing the ciphertext of the encrypted transaction data to identify the identity The code 'checks the database separately, and if it exists, executes the transaction. The existence of this knowledge 9. According to the transaction security test described in item 8 of the patent application scope, the user terminal uses a computer and the computer, the storage medium for reading the computer, and the computer card of the computer τ line. W read the storage media department - flash drive or a memory 10. According to the patent application scope 8 , ^ $ the father of the easy security check from the user, the encryption of the user system is also the system, the ceremony key Encryption method or - in the symmetry F 2 % type male, 鍮 encryption method, the decryption system corresponds to the user side, and the server's key decryption method or a non-pair in the dexterous solution, the - symmetry Open the % key decryption method. , 16
TW96124725A 2007-07-06 2007-07-06 Method of subscriber terminal providing identity verification for server terminal, computer accessible storage media, transaction safety verification method and its system TW200904114A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW96124725A TW200904114A (en) 2007-07-06 2007-07-06 Method of subscriber terminal providing identity verification for server terminal, computer accessible storage media, transaction safety verification method and its system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW96124725A TW200904114A (en) 2007-07-06 2007-07-06 Method of subscriber terminal providing identity verification for server terminal, computer accessible storage media, transaction safety verification method and its system

Publications (1)

Publication Number Publication Date
TW200904114A true TW200904114A (en) 2009-01-16

Family

ID=44722266

Family Applications (1)

Application Number Title Priority Date Filing Date
TW96124725A TW200904114A (en) 2007-07-06 2007-07-06 Method of subscriber terminal providing identity verification for server terminal, computer accessible storage media, transaction safety verification method and its system

Country Status (1)

Country Link
TW (1) TW200904114A (en)

Similar Documents

Publication Publication Date Title
US11477180B2 (en) Differential client-side encryption of information originating from a client
US6539093B1 (en) Key ring organizer for an electronic business using public key infrastructure
WO2020192698A1 (en) Data secure backup and secure recovery methods, and electronic device
CN110740136B (en) Network security control method for open bank and open bank platform
CN102790767B (en) Information safety control method, information safety display equipment and electronic trading system
CN103942896A (en) System for money withdrawing without card on ATM
CN113015991A (en) Secure digital wallet processing system
CN111698312A (en) Service processing method, device, equipment and storage medium based on open platform
WO2015168878A1 (en) Payment method and device and payment factor processing method and device
US10715497B1 (en) Digital safety box for secure communication between computing devices
CN112202794A (en) Transaction data protection method and device, electronic equipment and medium
TWI428752B (en) Electronic file delivering system, portable communication apparatus with decryption functionality, and related computer program product
US20230090972A1 (en) Online secret encryption
TW200904114A (en) Method of subscriber terminal providing identity verification for server terminal, computer accessible storage media, transaction safety verification method and its system
CN114095254B (en) Message encryption method, server device, client device and storage medium
CN110719264B (en) Information processing method and device, electronic equipment and storage medium
CN117294484A (en) Method, apparatus, device, medium and product for data interaction
CN117196875A (en) Account data verification method, device, equipment and storage medium
CN116362748A (en) Safe transaction method and device
CN115730349A (en) Data encryption method based on different service scenes, computer equipment and computer readable storage medium
CN112837063A (en) Block chain-based electronic receipt storage method and device
CN112650438A (en) Terminal interaction method and related device
CN115345606A (en) Resource transfer request processing method and device, computer equipment and storage medium
CN116415945A (en) Hardware wallet cancellation method, management platform, digital currency application device and system
ZA200706657B (en) A method of authenticating a user and a system therefor