200949765 九、發明說明: 【發明所屬之技術領域】 本發明係關於一種晶片卡驗證系統及其方法,尤指一 種適用於晶片卡儲值之驗證系統及其方法。 5 【先前技術】 近戍年來智慧卡、晶片卡(Smart Card)的發展與運用, φ 已經到了相當成熟普及的境地,特別是近年來詐騙集團猖 狼’使得政府、企業加速將傳統磁條卡替換成晶片卡如 1〇 T無論是電話卡、健保卡都已是晶片卡,包括便利超商的 消費儲值卡也是晶片卡’手機内的㈣⑽似如—卿 Module)卡、報稅與監理所服務的自然人憑證卡、視訊機頂 盒的收視訂閱戶辨識卡等也都是採用晶片卡,甚至交通運 輸搭乘與停車付費之用的悠遊卡(EasyCard),更是用非接觸 15 的感應式晶片卡。 今曰晶片卡之所以大量取代磁條卡,首要的需求考量 即疋女全性,錶然晶片卡之安全性高於磁條卡,但並非表 不曰曰片卡安全性的風險為零故持續強化其安全性也是晶 片卡必然的課題,舉例來說,目前晶片卡储值點數寫入之 20網頁丨程式語法在網頁為明碼顯示或使用工6位元碼加 密,使用者可輕易解瑪還原破解,且儲值點數並無加密, 有心人士可透過封包側錄方式改寫點數,使得其安全性風 險增加不/’故有必要改善其驗證機制來降低資料可能被 慕改之風險。 5 200949765 【發明内容】 帛於上述習知之網路安全性風險的問題’本發明提供 種於電腦上執行晶片卡寫人储值單位之驗證方法,電腦 連接讀卡機以讀取晶片卡之㈣,電職存有—劉覽程 5式,劉覽程式包括一介面控制單元,透過讀卡機對晶片卡 進饤資料讀或寫之動作,並透過網路連線至一飼服器進行 資料傳輸,词服器儲存有一網站,網站中包含程式函數及 認證程式,伺服器經由網路分別連結電腦、一資料庫及_ 加密裝置,驗證方法主要包括下述之步驟,首先,測覽程 10 <對伺服器傳送-晶片卡寫人請求及儲值單位,伺服器網 站中之程式函數回傳-指令至劉覽程式之介面控制單元, 介面控制單元透過讀卡機讀取晶片卡中之資料,將儲值單 位進行加密並產生一驗證碼,再將加密資料及驗證碼傳送 至伺服器,伺服器之認證程式將加密資料及驗證瑪與資料 15庫進行比對,判斷晶片卡是否為開通狀態且資料正確,若 資料正確則連線至加密裝置進行認證,確認晶片卡持有者 ® 之身份是否正確,若是,則伺服器之認證程式將加密資料 及驗證碼回傳至電腦之瀏覽程式之介面控制單元,透過讀 卡機將儲值單位寫入晶片卡中。 " 20 本發明所提出之晶片卡驗證系統,主要包括一讀卡 機、一電腦、一伺服器、一資料庫以及一加密裝置,資料 庫儲存有晶片卡資料,加密裝置係提供加解密之處理讀 卡機連接電腦’以讀取晶片卡之資料’伺服器儲存有一 L 站’網站中包含程式函數及認證程式,伺服器經由網路分 6 200949765 - 別連結電腦、資料庫及加密裝置,電腦儲存有一網路瀏覽 程式,網路瀏覽程式包括一介面控制單元,例如一 Active X 控制項,透過讀卡機對晶片卡進行資料讀或寫,並透過網 路瀏覽伺服器之網站頁面進行資料傳輸。 5 其中,當瀏覽程式對伺服器傳送一晶片卡寫入請求及 儲值單位時,網站中之程式函數,例如Javascript函數,回 傳指令至網路瀏覽程式之介面控制單元,以透過讀卡機讀 取晶片卡中之資料,對儲值單位進行加密處理,例如以資 〇 料加密標準演算法(Data Encryption Standard,DES)進行加 10 密,並產生一驗證碼,例如一文件訊息驗證碼(Message Authentication Code,MAC),加密後之資料及驗證碼再經 過網路傳送至伺服器,伺服器之認證程式將接收到之加密 資料及驗證碼與資料庫進行比對,確認晶片卡為開通狀態 且資料正確後,再連線至加密裝置,例如一網路硬體加密 15 模組進行認證,以確認晶片卡持有者之身份,若身份確認 無誤,伺服器之認證程式將加密資料及驗證碼回傳至電腦 φ 之瀏覽程式之介面控制單元,透過讀卡機將儲值單位寫入 晶片卡中。 20 【實施方式】 為能讓讀者更瞭解本發明之技術内容,特以一晶片卡 驗證系統為較佳具體實施例說明如下,請先參閱圖1,圖1 係本發明一較佳實施例之晶片卡驗證系統示意圖,其包括 一讀卡機10、一電腦12、一伺服器13、一資料庫14以及一 200949765 5 10 15 加密裝置15,再請參閱圊2,圖2係本發明一較隹實施例之 晶片卡驗證系統架構圖,其亦顯示前述讀卡機10、電腦12、 伺服器13、資料庫14以及加密裝置15,其中’資料庫14儲 存有晶片卡資料,加密裝置15係提供加解密之處理’讀卡 機10連接至電腦12,以讀取晶片卡11之資料’狗服器13儲 存有一網站130,其包含程式函數131及認證程式132 ’祠服 器13經由網路分別連結電腦12、資料庫14及加密裝置15 ’ 電腦12並儲存有一網路瀏覽程式120,其包括一介面控制單 元121,於本實施例中,介面控制單元較佳為一 Active X控 制項,以透過讀卡機10對晶片卡11進行資料讀或寫’並透 過網路瀏覽伺服器13之網站130頁面進行資料傳輸。 其中,當瀏覽程式120對伺服器13傳送一晶片卡寫入請 求及儲值單位’時,網站130中之程式函數131,於本實施例 中,程式函數較佳為一 Javascript函數,回傳指令至網路潘J 覽程式120之介面控制單元121,以透過讀卡機1〇讀取晶片 卡11中之資料,對儲值單位進行加密處理並產生一驗證 碼,於本實施例中,較佳之加密方法為一資料加密標準演 算法(Data Encryption Standard,DES),驗證碼較佳為一文 件訊息驗證碼(Message Authentication Code,MAC),加密 後之資料和驗證碼再經過網路傳送至伺服器13,伺服器13 之認證程式132將加密資料及驗證碼與資料庫14進行比 對’請參閱圖3,圖3係本發明一較佳實施例之資料庫内容 示意圖’確認晶片卡11為開通狀態且資料正確後,再連線 至加密裝置15進行認證,於本實施例中,加密裝置較佳為 20 200949765 一網路硬體加密模組’確認晶片卡持有者之身份正確後’ 伺服器13之認證程式將加密資料及驗證碼回傳至電腦12之 潘!覽程式120之介面控制單元121 ’透過讀卡機1〇將儲值單 位寫入晶片卡11中。 5 ❹ 10 15 請參閱圖4,圖4係本發明一較佳實施例之晶片卡寫入 驗證方法流程圖,首先,瀏覽程式120對伺服器13傳送一晶 片卡寫入請求及儲值單位(步驟2〇),飼服器網站13〇中之程 式函數131回傳指令至瀏覽程式120之介面控制單元121(步 驟21),於本實施例中,程式函數較佳為一 Javascript函數, 介面控制單元較佳為一 Active X控制項,介面控制單元121 透過讀卡機10讀取晶片卡11中之資料,將儲值單位進行加 密並產生一驗證碼(步驟22),於本實施例中,較佳之加密方 法為一資料加密標準演算法(Data Encryption Standard, DES),驗證碼較佳為一文件訊息驗證碼(Message Authentication Code,MAC),介面控制單元121將加密資料 及驗證碼傳送至伺服器13,伺服器13之認證程式132將加密 資料及驗證碼與資料庫14進行比對(步驟23),判斷晶片卡11 是否為開通狀態且資料正確(步驟24),若否,認證程式132 傳送一錯誤訊息至瀏覽程式(步驟26),以告知其晶片卡尚未 開通或資料錯誤,若資料正確則連線至加密裝置15進行認 證,於本實施例中,加密裝置較佳為一網路硬體加密模組, 以確認晶片卡持有者之身份是否正確(步驟25),若否,認證 程式132傳送一錯誤訊息至瀏覽程式(步驟26),以告知其耳 份錯誤,若身份正確,則伺服器13之認證程式132將加密資 20 200949765 ' 料及驗證碼回傳至電腦之瀏覽程式120之介面控制單元 121(步驟27),再透過讀卡機10將儲值單位寫入晶片卡11中 (步驟28)。 於本發明較佳實施例之晶片卡驗證系統中,對儲值單 5 位使用之加密方法較佳為一資料加密標準演算法(Data Encryption Standard,DES),驗證碼較佳為一文件訊息驗證 碼(Message Authentication Code,MAC),其中文件訊息驗 證碼可用以驗證文件訊息是否為約定好通訊的雙方所傳 © 送,並可驗證文件訊息在傳遞過程中是否遭到篡改,此外, 10 於確認晶片卡11為開通狀態且資料正確後,再連線至加密 裝置15進行認證,以確認晶片卡持有者之身份,因此,本 發明所提出之晶片卡驗證系統俾能大幅提升晶片卡資料之 安全性,以確保晶片卡持有者及發行商家之權益。 上述實施例僅係為了方便說明而舉例而已,本發明所 15 主張之權利範圍自應以申請專利範圍所述為準,而非僅限 於上述實施例。 【圖式簡單說明】 圖1係本發明一較佳實施例之晶片卡驗證系統示意圖。 20 圖2係本發明一較佳實施例之晶片卡驗證系統架構圖。 圖3係本發明一較佳實施例之資料庫内容示意圖。 圖4係本發明一較佳實施例之晶片卡寫入驗證方法流程圖。 【主要元件符號說明】 200949765 讀卡機ίο 瀏覽程式120 網站130 資料庫14 晶片卡11 介面控制單元121 程式函數131 加密裝置15 20,21,22,23,24,25,26,27,28 步驟 電腦12 伺服器13 認證程式132BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a wafer card verification system and method thereof, and more particularly to a verification system and method for a chip card stored value. 5 [Prior Art] In recent years, the development and application of smart cards and smart cards have become quite mature and popular, especially in recent years, the fraud group wolf has made the government and enterprises accelerate the traditional magnetic stripe card. Replace it with a chip card, such as a 1T. Whether it is a phone card or a health insurance card, it is already a chip card, including a convenient value-added consumer value card. It is also a chip card's (4) (10) like the "Modern Module" card, tax filing and supervision service. The natural person voucher card, the video set-top box's viewing subscriber identification card, etc. are also chip cards, and even the EasyCard for transportation and parking, and the non-contact 15 inductive chip card. The reason why the current chip card has replaced the magnetic stripe card in a large amount, the primary requirement is the fullness of the prostitute. The security of the chip card is higher than that of the magnetic stripe card, but it is not the risk of the safety of the card. Continuously strengthening its security is also an inevitable task of the chip card. For example, the current 20-page program syntax of the chip card stored value is encrypted on the webpage or encrypted by the 6-digit code. The user can easily solve the problem. Ma restores the crack, and the stored value points are not encrypted. Those who are interested can rewrite the points by means of packet side-recording, which increases the security risk. Therefore, it is necessary to improve the verification mechanism to reduce the risk that the data may be altered. . 5 200949765 [Summary of the Invention] The problem of the above-mentioned conventional network security risk 'The present invention provides a verification method for executing a chip card writer's stored value unit on a computer, and the computer is connected to the card reader to read the wafer card (4) The electric service is stored in the form of Liu Liucheng. The Liu Lan program includes an interface control unit that reads or writes data into the chip card through the card reader and connects to a feeding device via the Internet. The transmission, the word server stores a website, the website includes a program function and an authentication program, and the server respectively connects the computer, a database and the _ encryption device via the network, and the verification method mainly includes the following steps. First, the measurement process 10 <for the server transfer - the chip card writer request and stored value unit, the program function return command in the server website - the command to the interface control unit of the browser, the interface control unit reads the chip card through the card reader Data, the stored value unit is encrypted and a verification code is generated, and then the encrypted data and the verification code are transmitted to the server, and the server authentication program encrypts the data and the verification data and the data. The library compares to determine whether the chip card is open and the data is correct. If the data is correct, connect to the encryption device for authentication to confirm whether the identity of the chip card holder is correct. If yes, the server authentication program will The encrypted data and the verification code are transmitted back to the interface control unit of the browsing program of the computer, and the stored value unit is written into the wafer card through the card reader. " 20 The wafer card verification system proposed by the invention mainly comprises a card reader, a computer, a server, a database and an encryption device, the database stores the chip card data, and the encryption device provides encryption and decryption. Handle the card reader to connect to the computer to read the data of the chip card. The server stores a L station. The website contains program functions and authentication programs. The server is divided into networks via the network. 6 200949765 - Do not connect computers, databases and encryption devices. The computer stores a web browsing program. The web browsing program includes an interface control unit, such as an Active X control item, which reads or writes data to the chip card through the card reader and browses the web page of the server through the web page. transmission. 5 When the browser sends a chip card write request and a stored value unit to the server, the program function in the website, such as a Javascript function, returns the command to the interface control unit of the web browser to pass the card reader. Reading the data in the chip card, encrypting the stored value unit, for example, adding a 10 cryptography with a Data Encryption Standard (DES), and generating a verification code, such as a file message verification code ( Message Authentication Code (MAC), the encrypted data and verification code are transmitted to the server through the network, and the server authentication program compares the received encrypted data and the verification code with the database to confirm that the chip card is turned on. After the data is correct, it is connected to the encryption device, for example, a network hardware encryption 15 module for authentication to confirm the identity of the chip card holder. If the identity is confirmed, the server authentication program will encrypt the data and verify. The code is transmitted back to the interface control unit of the browser of the computer φ, and the stored value unit is written into the wafer card through the card reader. [Embodiment] In order to make the reader more aware of the technical content of the present invention, a wafer card verification system is described as a preferred embodiment. Please refer to FIG. 1 , which is a preferred embodiment of the present invention. A schematic diagram of a chip card verification system, comprising a card reader 10, a computer 12, a server 13, a database 14, and a 200949765 5 10 15 encryption device 15, see also 圊 2, Figure 2 is a comparison of the present invention The chip card verification system architecture diagram of the embodiment also shows the card reader 10, the computer 12, the server 13, the database 14, and the encryption device 15, wherein the 'database 14 stores the wafer card data, and the encryption device 15 The process of providing encryption and decryption is performed. The card reader 10 is connected to the computer 12 to read the data of the chip card 11. The dog server 13 stores a website 130, which includes a program function 131 and an authentication program 132. The server 13 is connected to the network. The computer 12 is connected to the computer 12, the data library 14 and the encryption device 15'. The computer 12 is stored with a web browser 120, which includes an interface control unit 121. In this embodiment, the interface control unit is preferably an Active X controller. Items, for reading or writing data through the chip card reader 10 pairs 11 'and transmitted through a web browser server website 13 130 pages of data transmission. Wherein, when the browser 120 transmits a chip card write request and a stored value unit to the server 13, the program function 131 in the website 130, in this embodiment, the program function is preferably a Javascript function, and the command is returned. The interface control unit 121 of the network access program 120 reads the data in the wafer card 11 through the card reader 1 and encrypts the stored value unit to generate a verification code. In this embodiment, The encryption method is a Data Encryption Standard (DES). The verification code is preferably a Message Authentication Code (MAC). The encrypted data and verification code are transmitted to the servo through the network. The authentication program 132 of the server 13 compares the encrypted data and the verification code with the database 14 'Please refer to FIG. 3 , which is a schematic diagram of the contents of the database according to a preferred embodiment of the present invention. After the state is turned on and the data is correct, the device is connected to the encryption device 15 for authentication. In this embodiment, the encryption device is preferably 20 200949765. A network hardware encryption module 'confirmation chip After the identity of the holder is correct, the authentication program of the server 13 transmits the encrypted data and the verification code to the interface of the computer 12; the interface control unit 121 of the program 120 transmits the stored value unit to the chip through the card reader 1 Card 11 in. 5 ❹ 10 15 Referring to FIG. 4, FIG. 4 is a flowchart of a method for verifying the writing of a wafer card according to a preferred embodiment of the present invention. First, the browsing program 120 transmits a wafer card writing request and a stored value unit to the server 13. Step 2:), the program function 131 in the feeding machine website 13 returns the command to the interface control unit 121 of the browser 120 (step 21). In this embodiment, the program function is preferably a Javascript function, interface control. The unit is preferably an Active X control item. The interface control unit 121 reads the data in the chip card 11 through the card reader 10, encrypts the stored value unit and generates a verification code (step 22). In this embodiment, Preferably, the encryption method is a Data Encryption Standard (DES), the verification code is preferably a Message Authentication Code (MAC), and the interface control unit 121 transmits the encrypted data and the verification code to the servo. The authentication program 132 of the server 13 compares the encrypted data and the verification code with the database 14 (step 23), and determines whether the wafer card 11 is in the on state and the data is correct (step 24). If not, the authentication program 132 transmits an error message to the browsing program (step 26) to inform that the wafer card has not been opened or the data is incorrect, and if the data is correct, it is connected to the encryption device 15 for authentication. In this embodiment, the encryption is performed. Preferably, the device is a network hardware encryption module to confirm whether the identity of the chip card holder is correct (step 25). If not, the authentication program 132 transmits an error message to the browser (step 26) to inform the device. If the identity is correct, the authentication program 132 of the server 13 transmits the encrypted resource and the verification code to the interface control unit 121 of the browser 120 of the computer (step 27), and then passes through the card reader 10. The stored value unit is written in the wafer card 11 (step 28). In the chip card verification system of the preferred embodiment of the present invention, the encryption method for storing the 5-digit value of the stored value is preferably a Data Encryption Standard (DES), and the verification code is preferably a file message verification. Message Authentication Code (MAC), where the file message verification code can be used to verify whether the file message is sent by both parties who have agreed to communicate, and can verify whether the file message has been tampered with during the delivery process. In addition, 10 After the chip card 11 is in the on state and the data is correct, it is connected to the encryption device 15 for authentication to confirm the identity of the wafer card holder. Therefore, the wafer card verification system proposed by the present invention can greatly enhance the wafer card data. Security to ensure the rights of the chip card holder and the issuing merchant. The above-described embodiments are merely examples for convenience of description, and the scope of the claims of the present invention is determined by the scope of the claims, and is not limited to the above embodiments. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a schematic diagram of a wafer card verification system in accordance with a preferred embodiment of the present invention. 20 is a block diagram of a wafer card verification system in accordance with a preferred embodiment of the present invention. 3 is a schematic diagram showing the contents of a database according to a preferred embodiment of the present invention. 4 is a flow chart of a wafer card writing verification method according to a preferred embodiment of the present invention. [Main component symbol description] 200949765 Card reader ίο Browser 120 Website 130 Library 14 Chip card 11 Interface control unit 121 Program function 131 Encryption device 15 20, 21, 22, 23, 24, 25, 26, 27, 28 Computer 12 server 13 authentication program 132