200904114 九、發明說明: 【發明所屬之技術領域】 本發明是有關於-種身分驗證方法、儲存媒體、交易 方法及其系統,特別是指一種防止交易資料被盜用且能提 昇父易速度的一用戶端對一飼服端提供身分驗證之方法、 電腦可讀儲存媒體、交易安全驗證方法及其系統。 【先前技術】 隨著通訊技術及網際網路的普及化,金融服務亦進入 了—_新㈣代’藉由無遠弗屆的通訊技術及網際網路 ,使用者無須親自到金融機構的臨櫃也能進行例如轉帳、 講買商品或繳款等金融交易,而為了防範使用者的重要資 料被盜用,目前亦發展了各種保護交易安全的驗證法。 以一種「行動金融服務」的交易安全防護為例,係由 -金融機構與一電信業者合作,當一使用者申請此服務, 且在金融機構之網站輸入一筆交易資料後,則由金融機構 的伺服系統通知電信業者之系統轉發—含有—動態密碼 (One Time passw0rd;簡稱〇τρ)的簡訊至使用者的行動電話 ,讓使用者能以自己的行動電話輸入該動態密碼並透過電 信業者之系統回覆金融機構的伺服系統,當金融機構的伺 服系統收到來自s亥行動電話之確認,才會處理該筆交易, 如此即完成整個交易過程。 另有一種方式則是在行動電話中使用一電信業者提供 之具有STK(SIM Tool Kit)功能之晶片卡’使用者在行動電 話上安裝該晶片卡後,直接就可在行動電話的顯示晝面中 200904114 依據指不操作’此種晶片卡之交易安全防護係採用三重加 解搶(Triple DES)技術,加密/解密技術較為複雜,此方式具 有硬體之限制,也就是必須向電信業者購買並安裝此種晶 片卡才能享受金融機構提供的「行動金融服務」。 因此,目前的交易驗證方法具有以下的缺點: 1·無論是簡訊或晶片卡的身分驗證方式,皆有透過如 電t業者之第三者身分的介入,資料安全在多一手的傳輸 過程中被盜用的風險將提高。 2.由於使用者需要等候簡訊往返的確認時間,因此整 個交易過程較為耗時。 3·使用者需自行負擔簡訊費用,或申請晶片卡也有費用 產生,讓一般消費者的使用意願大為降低。 【發明内容】 有鑒於目前透過通訊技術及網際網路提供的金融服務 由於對父易資料的安全疑慮,金融機構仍需透過與電信 業者σ作,但此舉造成盜用風險增加及相關費用增加等缺 點,使得消費者的使用意願降低。 处。因此,本發明之一目的,即在提供一種對使用者而言 月匕操作簡便且能保護使用者身份不至夂外沒的-用戶端對_ ㈣端提供身分驗證之方法、電腦可㈣存媒體、交易安 全驗證方法及其系統。 本發明之另一目的,即在提供一種無須透過電信業者 而能使-用戶端直接對一飼服端提供身分驗證之方法、電 腦可讀儲存媒體、交易安全驗證方法及其系統。 200904114 本發明的一用戶*山y-, 技丄 P ^對一伺服端提供身分驗證之方法, 係=端執行並包含下述步驟,接受一身分識別碼 對^㈣別料行加妓其心—敎;⑻將該密 整合為—加密交易資料;及⑷傳送該加密 交易資料予該伺服端。 在 一田本發明電腦可讀儲存媒體紀錄有-程式,該程式可供 =料取並執行以對—伺服端提供身分驗證 式 =:成 Π:—·::,且 __二 為-加密交易資料^ : 文與一交易内容整合 。 枓,及(C)傳送該加密交易資料予該伺服端 本發明交易安全驗證方法適 之間,該方法包含下述步驟: 該交=!:行包括τ述步驟:(ai)接收,資料, 八、 身分朗碼及-交以容;㈣對^ 識別碼進行加密使其成為-密文;及㈣接收=身 、’將心文與該交易内容整合為—加密交易資料。 該伺服端執行包括τ述步驟 戶端之身分缉7表侑儲存有該用 料.nJ 別資料庫;(bl)接收該加密交易資 万:(2)對該加密交易資料之密文解密出該身 、 3)核對該身分識別碼是否存在該識別資料庫,二, ’則執行該交易内容。 、 右存在 本發明父易安全驗證系統,包括: 於 端與一伺服端 一用戶端,具有一輸入單元 、_ 控制單元 顯示單 200904114 兀及整合單元。該輸入單元供輸入一身分識別碼;該控 制單元用以產生對該身分識別碼加密的一密文;該顯示單 :用以顯示該控制單元處理之結果;該整合單元用以將該 雄文與一父易内容整合為一加密交易資料。 一伺服端,具有一接收單元、一處理單元及一識別資 料庫。該接收單元接收該加密交易資料;該識別資料庫儲 存有β亥用戶端之身分識別碼;該處理單元對該加密交易資 料之密文解密㈣身分朗碼,幻线該身分制碼是否 存在該識別資料庫,若存在,_行該交易内容。 本發明的一用戶端對一词服端提供身分驗證之方法、 電腦可讀儲存媒體、交易安全驗證方法及其系統,主要是 藉由在用戶端對使用者的—身分識別碼加密,可防止使用 者身分資料被有心人士次用咨Μ 士现用資枓,且由伺服端解密後進行 身分驗證,若無誤即直接執杆 伐钒仃父易内谷,無須透過電信業 者,因此能簡化目前多重鹼俄认敏a + ^ 夕垔驗证的繁複流程,使交易過程更 為迅速,因而能有效提昇— 促升叙4費者的使用意願。 【實施方式】 有關本發明之前述及其他技術内容、特點與功效,在 以下配合參考圖式之數個較佳實施例的詳細說明中,將可 U的呈現。在本發明被⑼描述之前,要注意 以下=說明内容中,類似的㈣是以相同的編號來表示。 參閱圖1,本發明的一用戶端對 之方法的較佳實施例是由—交 -*驗證 該用戶端!是透過一網際網路^^統100執行, 傳遞資科給伺服端2。 200904114 用戶端1 φ· m- r .. 裒有—電腦可讀儲存婵餺η , 或一記憶卡, 子螺體11,如一隨身碟 電知可讀儲存媒體u τ 以執行該用戶端 内並,,、己錄有-程式,用 參閲网,”飢2如供身分驗證之方法。 者5的I 及圖2,該程式係執行下述 者5的身分識別喝(步驟】#收-使用 使其成為—密 耵该身分識別碼進行加密 在文(步驟〗02);將該密文 六 一加密交易眘社 、又易内各整合為 旬又易貝#(步驟1〇3),·及傳 ^ 端2(步驟1〇4)。 加狁乂易資料予伺服 前述方法中,對身分識別碼的 加密法、—^ & 係知用一動態密碼 對私式岔鑰加密法或一非 a 此外,p I 3 At +無式也、鑰加密法; /、要疋旎用來辨識使用者5的 用於商聿六的身为識別碼且 仃為’均U於本發明用戶端1㈣服端2 供身々驗證之方法可實施的範疇。 參閱圖3’飼服端2具有一處理單元2〇、一接收單元 及1別資料庫22,識„料庫22料有使 身分識別碼。 :閱圖3及圖4,伺服端2之接收單元21用以接收來 :端之加密交易資料(步驟2〇1);處理單元2〇用以對該 在父易育料之密文解密出該身分識別碼(步驟搬),並核 •、該身分識別碼是否存在該識別資料庫22(步驟2〇3)?若存 2則執行該交易内容(步驟204);若不存在,則視為錯誤 料’不處理該交易内容(步驟2〇5)。 參閱圖1,祠服端2用以對該加密交易資料之密文解密 糸對應用戶瑞1採用-動熊穷應_法、一對稱式密鍮解 200904114 密法或一非對稱式密鑰解密法。 /閱圖5 ’本發明之另_較佳實施例,交易安全驗 統100包括複數用戶端 °且’、 用戶及-伺服端2’其中,用戶 有多種類型,包括一杆叙 ^ 1 仃動通5fl裝置12、一電腦裝 連接有-硬體裝置14之電腦裝置15等。 置13及- 其中’行動通《置12或電腦裝置13均可安裝 式UO,且該程式11()用劫一兑 用執仃如則述圖2之程序。使用者 5可使用行動通訊裝置12透 使用者 葡兮翁斗、 逋訊網路4自伺服端2下 ^ 1 並將其載入行動通訊裝置12中 梦罟衣1 甲,或者以電腦 义置13透過一網際網路 其載入電《置13中。 端下载該程式U〇並將 述的程式軟體型式,也可製成-種硬體裝置 141 一置14類似—密碼產生裝置,包括-輸入單元 控制單元142及一 gg n — j j 1 有-整合單元144。 .4…⑷,且電腦裝置U具 其身八W丨輸人早7^ 141 S —數字鍵盤,供使用者5輸入 密刀:別碼;控制單& 142用以產生對該身分識別碼加 …顯示單元⑷用以顯示控制單元142處理之 -果’即該身分識別碼轉㈣密文,供制者5查看。 一私實際使用時,例如:一金融機構的網站除了要求輸入 交易内容’還可要求使用者5輸入對其身分識別碼 I八 吏用者5可猎由輸入單元141輸入其 ^識別碼,確認後由控制單元142產生密文,然後在顯 疋143顯不出來。於是,使用者5就可將該密文輸入 10 200904114 需要填入賴位中;最後,由電腦裝置15的整合單元⑷ 將交易内容與密文整合為—加密交易資料⑼㈣㈣2。 由於此種硬體裝置14是與電腦裝置15分離設置,不 會在電腦裝置15留下身分識別碼的資料,因此能避免他人 使用電腦裝置15時竊取或盜用資料的風險。 歸納上述,本發明的一用戶端〗對―伺服端2提供 分驗證之Μ、電腦可讀儲存㈣u、交易安全驗證方法 及交易安全驗證系統⑽,主要是藉由在用戶端U使用者 5的-身分識別碼加密’可防止使用者5身分資料被有心人 士盜用資料,且由舰$ 2解密後進行身分驗證若無誤 即^妾執行交易内纟,無須電信業者的介人,因此能簡化 目則多重驗證的繁複流程,使交易過程更為迅速能有效 提昇一般消費者的使用意願。 &惟以上所述者’僅為本發明之較佳實施例巾已,當不 :以此限定本發明實施之範圍,即大凡依本發明申請專利 範圍及發明說明内容所作之簡單的等效變化與修飾皆仍 屬本發明專利涵蓋之範圍内。 【圖式簡單說明】 圖1是一系統方塊圖,說明本發明交易安全驗證系統 中 用戶端對一伺服端提供身分驗證之方法之較佳實施 例; 圖2是一流程圖,說明交易安全驗證系統於該用戶端 之執行步驟; 圖3是一電路方塊圖,說明交易安全驗證系統之伺服 11 200904114 端; ' 圖4是一流程圖,說明交易安全驗證系統於該伺服端 ‘ 之執行步驟;及 圖5是一系統方塊圖,說明交易安全驗證系統之用戶 端可有多種不同的類型。 12 200904114 【主要元件符號說明】 1 .......... 用戶端 144....... _整合單元 11......... 儲存媒體 2 .......... •伺服端 101〜104 步驟 20......... •處理單元 12......... 行動通訊裝置 21......... •接收單元 13......... 電腦裝置 22......... •識別資料庫 14......... 硬體裝置 201〜205 步驟 141 ....... 輸入單元 3 .......... •網際網路 142....... 控制單元 4 .......... •通訊網路 143....... 顯示單元 5 .......... 使用者 13200904114 IX. Description of the invention: [Technical field to which the invention pertains] The present invention relates to an authentication method, a storage medium, a transaction method and a system thereof, and more particularly to a method for preventing transaction data from being stolen and improving the speed of the parent. The client provides a method for identity verification, a computer readable storage medium, a transaction security verification method and a system thereof for a feeding end. [Prior Art] With the popularization of communication technology and the Internet, financial services have also entered the _ new (four) generation of 'without far-reaching communication technology and the Internet, users do not have to go to the financial institutions personally Cabinets can also carry out financial transactions such as transfer, purchase of goods or payment, and in order to prevent theft of important data of users, various verification methods for protecting transaction security have been developed. Take the transaction security protection of an "action financial service" as an example. A financial institution cooperates with a telecom operator. When a user applies for the service and enters a transaction information on the financial institution's website, the financial institution The servo system notifies the carrier of the system to forward the message containing the One Time passw0rd (referred to as 〇τρ) to the user's mobile phone, so that the user can input the dynamic password through his own mobile phone and through the system of the carrier. Responding to the financial institution's servo system, when the financial institution's servo system receives confirmation from the shai mobile phone, the transaction will be processed, thus completing the entire transaction process. Another way is to use a chip card with STK (SIM Tool Kit) function provided by a telecom operator in the mobile phone. After the user installs the chip card on the mobile phone, the user can directly display the mobile phone.中200904114 According to the operation of the chip card, the transaction security system adopts triple DES technology, and the encryption/decryption technology is more complicated. This method has hardware limitations, that is, it must be purchased from the telecom operator. To install such a chip card, you can enjoy the "action financial services" provided by financial institutions. Therefore, the current transaction verification method has the following disadvantages: 1. Whether it is the identity verification method of the SMS or the chip card, the data security is transmitted in the process of one-handed transmission through the intervention of the third party identity of the operator. The risk of misappropriation will increase. 2. The entire transaction process is time consuming because the user needs to wait for the confirmation time of the newsletter round trip. 3. The user has to bear the cost of the newsletter, or apply for the chip card, and the cost is generated, so that the general consumer's willingness to use is greatly reduced. [Invention] In view of the current financial services provided through communication technology and the Internet, due to the security concerns of the father's data, financial institutions still need to work with the telecom operators, but this will increase the risk of misappropriation and related costs. Disadvantages, the consumer's willingness to use is reduced. At the office. Therefore, it is an object of the present invention to provide a method for verifying the user's identity and simplifying the user's identity for the user, and providing a method for verifying the identity of the user terminal, and the computer can (4) save the method. Media, transaction security verification methods and their systems. Another object of the present invention is to provide a method, a computer readable storage medium, a transaction security verification method, and a system thereof that enable a client to directly provide identity verification to a food service end without passing through a telecommunications carrier. 200904114 A user of the present invention*, 丄P, provides a method for identity verification on a server, which is executed by the terminal and includes the following steps, accepting an identity code to ^(4) other lines of interest - (8) integrating the secret into - encrypted transaction data; and (4) transmitting the encrypted transaction data to the server. In the computer readable storage medium of the invention, there is a program, the program is available for the material to be fetched and executed to provide the identity verification type for the server:: Π::·::, and __ two for - encryption Transaction data ^ : The text is integrated with a transaction content.枓, and (C) transmitting the encrypted transaction data to the server for the transaction security verification method of the present invention, the method comprising the following steps: the intersection =!: the line includes the step τ: (ai) receiving, data, 8. The identity of the language and the confession; (4) encrypting the identification code to become ciphertext; and (4) receiving = body, 'integrating the heart and the transaction into the encrypted transaction data. The server executes the identity of the client terminal including the step 缉7 table, stores the material.nJ database; (b) receives the encrypted transaction capital: (2) decrypts the ciphertext of the encrypted transaction data. The body, 3) check whether the identity identification code exists in the identification database, and second, 'execute the transaction content. There is a parent-safety verification system of the present invention, including: a terminal and a server, a client, an input unit, a control unit, a display unit, a 200904114, and an integration unit. The input unit is configured to input an identity identifier; the control unit is configured to generate a ciphertext encrypted by the identity identifier; the display list is used to display the result of the control unit processing; the integration unit is configured to use the identity unit to A parent-friendly content is integrated into an encrypted transaction data. A server has a receiving unit, a processing unit and an identification database. The receiving unit receives the encrypted transaction data; the identification database stores the identity identifier of the β-Hai client; the processing unit decrypts the ciphertext of the encrypted transaction data (4) the identity of the identity, and whether the identity code exists for the identity code Identify the database, if it exists, _ the transaction content. The method for providing identity verification, the computer readable storage medium, the transaction security verification method and the system thereof for a word end of the present invention are mainly implemented by encrypting the user's identity identification code at the user end, thereby preventing The user's identity data is used by the person who is interested in the use of the consultant, and the server is used to verify the identity. If the error is correct, the employee can directly control the vanadium, and it is not necessary to pass the telecommunications industry. The complex process of multi-alkaline sensitization a + ^ 垔 垔 verification makes the transaction process more rapid, and thus can effectively improve the willingness of the use of the promotion. The above and other technical contents, features and effects of the present invention will be described in the following detailed description of several preferred embodiments with reference to the drawings. Before the present invention is described by (9), it is to be noted that the following = in the description, similar (four) is denoted by the same reference numerals. Referring to Figure 1, a preferred embodiment of a client-side method of the present invention is to verify that the client is executed through an Internet Protocol 100 and to transfer the client to the server 2. 200904114 Client 1 φ· m- r .. 裒 — - computer readable storage 婵馎 η , or a memory card, sub-spin 11 , such as a floppy disk readable storage medium u τ to execute within the user terminal ,,, have recorded - program, use the reference network, "Hungry 2 as a method for identity verification. 5 and I of Figure 5, the program is to perform the following 5 identity recognition drink (step) #收- The use of the identity identifier to encrypt the text (step 02); the ciphertext sixty-one encryption transaction Shenshe, and Yiyi are integrated into Xunyi Yibei # (step 1〇3), · and pass the end 2 (step 1〇4). Add the information to the servo in the above method, the encryption method of the identity identification code, -^ & know to use a dynamic password to private key encryption or a non-a, in addition, p I 3 At + no-form, key cryptography; /, 疋旎 used to identify the user 5 for the 聿 的 的 身 识别 识别 识别 识别 仃 ' ' ' ' ' End 1 (4) Service End 2 The scope of the method for the verification of the body. Referring to Figure 3, the feeding end 2 has a processing unit 2, a receiving unit and a 1 database. The material library 22 has the identity identification code. See Figure 3 and Figure 4. The receiving unit 21 of the server 2 receives the encrypted transaction data (step 2〇1); the processing unit 2 Decrypting the identity identifier (step move) to the ciphertext of the parent puberty, and verifying whether the identity identifier exists in the identity identifier 22 (step 2〇3). If the file is stored 2, the transaction is executed. Content (step 204); if it does not exist, it is regarded as the error material 'Do not process the transaction content (step 2〇5). Referring to Figure 1, the server 2 is used to decrypt the ciphertext of the encrypted transaction data, corresponding to the user瑞1 adopts - mobile bear poor _ method, a symmetric cryptographic solution 200904114 secret method or an asymmetric key decryption method. / Figure 5 'The other embodiment of the present invention, transaction security check 100 Including a plurality of user terminals ° and ', user and - servo terminal 2', wherein the user has a variety of types, including a lever ^ 1 仃 通 5 5 装置 device 12, a computer connected with a hardware device 14 computer device 15 Set 13 and - where 'action pass' 12 or computer device 13 can be installed UO, and the program 11 () with robbery For example, the user 5 can use the mobile communication device 12 to pass through the user's Portuguese mobile phone, and the network 4 is connected to the mobile terminal 2 and loaded into the mobile communication device 12. The dream dress 1 A, or the computer set 13 through an Internet, it is loaded into the electricity "Set 13. The program downloads the program U 〇 and the program software type, can also be made - a hardware device 141 A similar 14-cryptographic generating device includes an input unit control unit 142 and a gg n — jj 1 yes-integrated unit 144. .4...(4), and the computer device U has its body eight W丨 input person early 7^ 141 S-numeric keypad for the user 5 to input the secret knife: another code; the control list & 142 is used to generate the identity identification code The display unit (4) is used to display the processing result of the control unit 142, that is, the identity identification code is transferred to the (four) ciphertext for viewing by the producer 5. When a private application is used, for example, a financial institution's website requires a user to enter the transaction content, and may also require the user 5 to input its identity identification code I. The user 5 can enter the identification code of the input unit 141 to confirm the identification code. The ciphertext is then generated by the control unit 142 and then displayed at the display 143. Therefore, the user 5 can input the ciphertext into the 200904114 and fill in the vacancy; finally, the transaction unit and the ciphertext are integrated by the integration unit (4) of the computer device 15 into the encrypted transaction data (9) (4) (4) 2. Since the hardware device 14 is provided separately from the computer device 15, the data of the identity code is not left in the computer device 15, so that the risk of stealing or stealing the data when the user uses the computer device 15 can be avoided. In summary, a user terminal of the present invention provides a verification verification, a computer readable storage (4) u, a transaction security verification method, and a transaction security verification system (10) for the server 2, mainly by using the user 5 at the user terminal U. - Identity identification code encryption can prevent the user 5 from being misappropriated by the person who is interested in the data, and the identity verification by the ship $2 will be carried out. If the error is correct, the transaction will be executed without the need of a telecom operator. The complicated process of multiple verification makes the transaction process more rapid and can effectively enhance the willingness of ordinary consumers to use. The above is merely a preferred embodiment of the present invention, and is not intended to limit the scope of the invention, that is, the simple equivalent of the scope of the invention and the description of the invention. Variations and modifications are still within the scope of the invention. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a system block diagram showing a preferred embodiment of a method for a client to provide identity verification to a server in the transaction security verification system of the present invention; FIG. 2 is a flow chart illustrating transaction security verification. Figure 3 is a circuit block diagram illustrating the servo 11 200904114 end of the transaction security verification system; 'Figure 4 is a flow chart illustrating the execution steps of the transaction security verification system at the server end; And Figure 5 is a system block diagram showing that the client of the transaction security verification system can have many different types. 12 200904114 [Explanation of main component symbols] 1 .......... Client 144....... _Integration unit 11.... Storage medium 2 ..... ..... • Servo terminals 101 to 104 Step 20......... • Processing unit 12... Mobile communication device 21... Unit 13......... Computer device 22.........•Recognition database 14......Hardware devices 201~205 Step 141 ..... .. Input unit 3 .......... • Internet 142....... Control unit 4 .......... • Communication network 143... Display unit 5 .......... user 13