201042964 一 六、發明說明: 【發明所屬之技術領域】 本發明係關於一種應用於電子商務身份雙認證之手機裝置服務系統, 對於參與之人員,藉由客戶識別模塊(SIM卡)、憑證與密碼學的處理,透過 無線通信與電信語音服務的整合,確實控管使用者身份認證與授權機制。 【先前技術】 個人身份認證在近年來越來越受到重視,以往在確認個人身份如銀行 開戶時,只需要持有本人之身份證件即可證明;但隨者犯罪手法的曰益更 ©新,身份證件若遺失,就有可能被偽照或是被冒用。現今作法除了持有個 人身份證件外’還需要搭配第二證件作為輔助,才能雜個人身份之認證, 但還是無法避免同時遺失證件之箸境。再者網路的興起,讓企業透過網際 網路提供多樣化的服務’無線通信服務也因應而生。綜觀現有手機裝置無 線通信應用,只透過簡單之帳號與密碼作認證服務,一來資料的保密與安 全讓人質疑與掛憂;二來少有全盤安全機制之流程,讓參與之人員不知個 人或交易資料是否會外洩或遭人冒用。 本發明有鑑於上述習用方式仍有諸多缺失,而祕加以改良創新,經 〇乡處賴II集各方意驗,研發完成树制於f子痛之綠雙認證手 機裝置服務系統。本發明藉由雙認證之識別與雙管道之授權機制,透過本 發明人開發的手機裝置服務模組,除了可解決實體上同時遺失證件之窘 境’若使用者不小心遺失手機裝置,藉由密碼的保護,不用擔心遭到冒用 之危機;同時藉由層層關卡(雙認證、授權)之保護,讓使用者即時、且 安全的使用電子商務之服務。 由此可見’上述習用方式仍有諸多不足,實非一良善之設計,而亟待 加以改良。 本案發明人鑑於上述習用方式所衍生的各項缺點,乃亟思加以改良創 201042964 '新’並年苦心雜潛心、研究後,終於成俩發絲本件制於電子商 務身份雙認證之手機裝置服務系統。 【發明内容】 本發明之目的即在於提供一種電子商務身份雙認證之手機裝置服務模 組及方法剌’麵構完善之電子商務健流程,提供雙重認證以及雙重 管道授權機制之手機裝置服務,並使用多重載具、手機装置、身份認證、 通訊傳輸等元件,完整且安全賴護姻者f訊與重要眺上資料,以期 在安全環境下,提供便利而有效率的交易作業環境。 〇 達成上述發明目的之應用於電子商務身份雙認證之手機裝置服務系 統,係利用多個元件組合成身份雙認證之手機裝置服務系統,達到使用者 能夠及時、快速並安全使用的電子商務服務。 則述身份雙認證之手機裝置服務,係由無線通信服務與電信語音的整 合服務’主要利用該使用者之客戶識別模塊(SIM卡),先註冊在身份認證中 心。當使用者藉由不同廠牌之手機,透過無線通信服務作電子商務時,會 啟動多重載具與手機裝置服務,得知使用者之手機廠牌與型號,並將該使 用者之客戶識別模塊(SIM卡)回傳至身份認證中心,身份認證中心會要求使 Q 用者輸入SIM卡之密碼’且比對SIM卡是否正確作為第一次身份之識別。 其次藉由公正機關所發行之憑證(如政府憑證管理中心GCA '組織及團體 憑證中心XCA),會將公鑰與私鑰寫入該使用者之SIM卡中;同樣透過無 線通信服務’藉由身份認證中心會要求使用者輸入憑證之密碼,作第二次 身份認證,以達雙重認證之功效。身份認證中心包含客戶識別模塊(SIM卡) 認證元件、憑證認證元件以及授權元件》確認用戶身份之認證後,系統會 動態產生一組授權之密碼,並將此授權碼藉由多媒體簡訊服務(MMS)之方 式’傳送至該使用者之手機門號中。使用者只需點選手機簡訊内容之連結, 輸入系統提問之相關資訊並將授權碼登入至身份認證中心,即可使用電子 商務等相關之功能。 201042964 刖述組授權之⑥、碼為動態且隨機產生之授權碼,又稱可為一次性密 瑪(One Time Pass赠d,〇τρ)。透過本身份認證元件,每次產生一次使用 之授權密碼,制者f透過手鮮舰簡訊服務(MMS)之連結,將授權碼 登入至身份認證中心,以確保此次交易是被授權的,且此授權碼只允許在 -定時例如30分鐘)制,若使用者沒有在這段時間内輸入該授權 碼’則該授權碼即予消失》上述一組授權之密碼機制中,每次產生的密碼 都不相同’僅為該使用者得知此組授權碼,且所產生之授權碼不會重複。 【實施方式】 Ο $參關—所7F ’為本發明應驗電子商務身份雙認證之手機裝置服 務系統架構圖,主要包括: -多重載具模組卜係為—般手機或智慧型手機等,並提供參與之人員 透過多重載具介崎呈現的資料介Φ料,並由鱗通信服務2進入手機 裝置模組3; 一手機裝置模組3,係由兩台伺服器提供,並由無線通信服務2供載具 進入手機裝置服m且對制者提供乡重載具的龍格式,並且透過 專屬閘道4 ’與身份認證模組5進行驗證資料傳輸; 〇 一身份認證模組5,係接收手機裝置模組透過專屬閘道4所傳輸的驗證 資料’進行身份驗證’在驗證完成後產生一授權碼,並透過專遵閘道4將 授權瑪經由手塢_置模组3儋至通訊係檢描組6 ; 一通訊傳輸模組6,係透過手機裝置模组3接收身份認證雄组5所傳輪 並將授權碼等資訊寫入簡訊内容,並透過電信語音服務7將傳 簡訊内容傳至參與人員之多重載具模組1。 明參閲圖一所示’為本發明應用於電子商務身份雙認證之手機裝置服 務系統之資料流程圖,主要包括: 一多重載具模組1 ’係提供使用者多種資料介面格式(如超文件標示語 言(HTML)、無線應用通訊協定(WAP)等格式),並按不同截I透過手機裝鱟 201042964 — 棋組3採赁料格式; .一手機裝置模組3 ’係包括手機識別子元件S1、SIM卡識別子元件32, 係透過手機醜識別使用者手機祕與却號,拍读遇客番裁具元 件1提供缝魅格式,以及經由㈣卡識别子开件Μ牌你用去之siM ί資料傳至_身份認證拔知s : 一身份猶歓5 ’係接收手齡置模轉送資料,以提供雙重識別使 用者身伤,並包括SIM卡認證子元件51、憑證認證子元件52、授權子元件 53 ’ -開始SIM卡認證子元件Μ會要求使用者輸入SJM卡之密碼,並比 〇 對手齡組3之酬卡酬子元件32所傳輸之SIM卡資料與密碼是 否正確,作為第一次身份之識別;再藉由憑證認證子元件52要求使用者輸 入憑證之密碼,比對憑證與密碼是否正確作為第二次身份之識別;最後透 過授權子元件53產生此次交易授權碼與簡訊内容,其中該簡訊内容會要求 使用者填寫相關資訊,如父親出生曰期或是畢業國小等,或是利用圖檔、 照片等方式,使用者需填入該照片人物之姓名,若資料都吻合,系統會對 該次的流程作授權之處理;經過身份認證模組5認証完成後可進入通訊傳 輸模組6 ; ❹ 一通訊傳輸模組6 ’係包括簡訊傳輸子元件61,經由過電信網路之服 務’將身份認證模組5所傳送的内容,透過簡訊傳輸子元件61,傳送授權 碼與簡訊之内容,來達成無線通信與電信語音雙結合之jj艮務。 請參閱圖三所示,為本發明應用於電子商務身份雙認證之手機裝置服 務系統之身份認證流程圖,步驟包括: 步驟1 :使用者以系統提供的多重載具介面所呈現的資料介面格式,進入手 機裝置服務系統; 步驟2 :手機裝置服務系統將手機裝置之驗證資料交付身份認證中心進行 SIM卡與憑證驗證; 步驟3 :完成驗證後,身份認證中心產生授權碼’並將授權碼等資訊寫入簡 201042964 訊内容’其中授權碼係由身份認證中心動態且隨機產生之一次性密 碼(OneTime Password,οχ?) ’且此授權碼只允許在一定時間内使 用; 步驟4 :身份認證中心透過電信語音服務,將簡訊送往至該用戶之手機門 號; 步驟5 :最後該者點顧訊魄之連結,系統會要求使时輸入相關資 訊,系統驗證無誤後即完成該次流程之授權作業。 本發明所提供之應用於電子商務身份雙認證之手機裝置服務系統,與 〇 其他習用技術相互比較時,更具備下列優點: 1. 本發明可在無線通信服務進行電子商務系統所有作業流程,非受限 於-般網_路(lntemet),其實雜與彈性實非f職術採用單一 目的、獨立功能的系、統可以達到’以增加本發明應用的廣泛性。 2. 本發明_身份雙紐之機制。透過客戶識職塊(sim卡)與密碼 先作第_次綠勤j,猶恥正_(如紐細巾心)所發放之憑 證與密碼’對使用者進行第二次身份認證,以達成雙重認證之功效。 3. j㈣制雙重管道之處理,且增加娜控管之機制。透過無線通 :) 紐務與電信語音之結合,即便網_客能擷取單—管道傳輸過 程’卻無朗_取雙重f道之龍傳輸;再者增加_控管之機 制’每-次交易之授權碼都不相同,確保使用者線上交易之作業, 其安全性實非習賴術採聰號密碼f控可⑽擬。減可以讓參 八人員放〜地進行各項作業,降低對電子網路的不信賴感,提高使 用意願^ 4. 本發明採用多重載具介面,讓參與之人員不論何時何地使用一般手 機、智慧型手機等不同載具都可方便地進入系統進行各項作業。其 便繼實非習用技術採用單一載具或單一流程可以達到。如此可大 幅提高使用率’讓使用者即使不在辦公室,也能辦公事。 201042964 5.本發明減個人_保護法,德f訊安錄與正魏 資料保護。 上列詳細說明係針對本發明之一可行實施例之具體說明,惟該實施 並非用以關本㈣之專魏圍,凡未麟本發職騎神所為之等效實 施或變更,均應包含於本案之專利範圍中。 综上所述,本案不但在技術思想上確屬創新,並能較習用物品增進上 述多項功效,應已充分符合新穎性及進步性之法定發明專利要件,爰依法 提出申請’懇請貴局核准本件發明專利申請案,以勵發明,至感德便。 Q 【圖式簡單說明】 圖一為本發明應用於電子商務身份雙認證之手機裝置服務系統架構 圖; 圖二為本發明應用於電子商務身份雙認證之手機裝置服務系統之資料 架構圖;以及 圖三為本發明應用於電子商務身份雙認證之手機裝置服務系統之流程 圖。 【主要元件符號說明】 1多重載具模具 2無線通信服務 3手機裝置模具 31手機裝置元件 32 SIM識別子元件 4專屬閘道 5身份認證模組 51 SIM認證子元件 52憑證認證子元件 53授權子元件 6通訊傳輸模組 201042964 61簡訊傳輸子元件 7電信語音腋務201042964 1-6, invention description: [Technical field of invention] The present invention relates to a mobile phone device service system applied to dual authentication of e-commerce identity, with a customer identification module (SIM card), credentials and password for participating personnel The processing of learning, through the integration of wireless communication and telecom voice services, does control the user identity authentication and authorization mechanism. [Prior Art] Personal identity authentication has received more and more attention in recent years. In the past, when confirming personal identity, such as bank account opening, you only need to hold your identity document to prove it; but the benefits of the criminal method are more new. If the identity document is lost, it may be faked or fraudulently used. In addition to holding personal identification documents, the current practice requires the use of a second document as an aid to authenticate individual identity, but it is still impossible to avoid the dilemma of losing the document at the same time. In addition, the rise of the Internet has enabled enterprises to provide diversified services through the Internet. Wireless communication services have also emerged. Looking at the wireless communication application of the existing mobile phone device, only the simple account and password are used for the authentication service. The confidentiality and security of the data are questionable and worrying. Secondly, there is little process of the whole security mechanism, so that the participants do not know the individual or Whether the transaction data will be leaked or used. In view of the above-mentioned conventional methods, the present invention still has many shortcomings, and the secrets are improved and innovated. According to the opinions of all parties in the township, the research and development of the green double-certified mobile phone device service system of the tree. The invention realizes the dilemma of the lost mobile phone at the same time through the identification of the dual authentication and the authorization mechanism of the dual pipe through the mobile device device service module developed by the inventor, if the user accidentally loses the mobile phone device, the password is used. Protection, do not have to worry about the crisis of fraudulent use; at the same time, through the protection of multiple levels (dual authentication, authorization), users can use e-commerce services instantly and safely. It can be seen that there are still many shortcomings in the above-mentioned methods of use. It is not a good design and needs to be improved. In view of the shortcomings derived from the above-mentioned conventional methods, the inventor of the present invention has improved the creation of 201042964 'new' and has worked hard for a long time. After research, it finally became a two-certified mobile phone device service for e-commerce identity. system. SUMMARY OF THE INVENTION The object of the present invention is to provide a mobile phone device service module and method for e-commerce identity dual authentication, a well-formed e-commerce health process, and a mobile device device service with dual authentication and dual pipe authorization mechanism, and The use of multiple vehicles, mobile devices, identity authentication, communication transmission and other components, complete and safe care of the marriage and important information, in order to provide a convenient and efficient trading environment in a safe environment.手机 The mobile phone device service system for dual-certification of e-commerce identity that achieves the above-mentioned object of the invention is a mobile device device service system that combines multiple components into an identity dual authentication to achieve e-commerce services that users can use in a timely, fast and secure manner. The mobile phone device service of the dual authentication is an integrated service of the wireless communication service and the telecommunication voice. The user identification module (SIM card) of the user is mainly used to register in the identity authentication center. When users use the mobile phones of different brands to conduct e-commerce through wireless communication services, they will start multi-carrier and mobile device services, learn the user's mobile phone label and model, and set the user's customer identification module. (SIM card) is passed back to the identity authentication center, and the identity authentication center will ask the Q user to enter the password of the SIM card' and compare the correct identity of the SIM card as the identification of the first identity. Secondly, the certificate issued by the impartial authority (such as the Government Credential Management Center GCA 'Organization and Group Credential Center XCA) will write the public key and private key into the user's SIM card; also through the wireless communication service' The identity authentication center will ask the user to enter the password of the certificate for the second identity authentication to achieve the dual authentication effect. After the identity authentication center includes the customer identification module (SIM card) authentication component, the certificate authentication component, and the authorization component, the system dynamically generates a set of authorized passwords, and the authorization code is used by the multimedia message service (MMS). The way 'transfer' to the user's mobile phone number. Users only need to click on the link of the mobile phone newsletter content, enter the relevant information of the system question and log in the authorization code to the identity authentication center to use the related functions such as e-commerce. 201042964 The authorization code of the group is a dynamic and randomly generated authorization code, which can also be called a one-time secret (One Time Pass gift d, 〇τρ). Through this identity authentication component, each time an authorization password is used, the manufacturer f logs the authorization code to the identity authentication center through the link of the hand-held ship newsletter service (MMS) to ensure that the transaction is authorized, and This authorization code is only allowed to be in-timed, for example, 30 minutes. If the user does not enter the authorization code during this time, the authorization code will disappear. The password generated each time in the above-mentioned authorized password mechanism. Not the same 'only for this user to know the group authorization code, and the generated authorization code will not be repeated. [Embodiment] Ο $ Participating - 7F' is the architecture diagram of the mobile device installation service system for the e-commerce identity authentication of the invention, which mainly includes: - The multi-carrier module is a general mobile phone or a smart mobile phone, etc. The information provided by the participating personnel through the multi-carrier Jisaki is introduced into the mobile device module 3 by the scale communication service 2; a mobile device module 3 is provided by two servers and is wirelessly communicated. Service 2 is for the vehicle to enter the mobile phone device service m and provides the dragon format of the rural heavy vehicle, and the verification data transmission is performed through the exclusive gateway 4' and the identity authentication module 5; The verification data 'Authentication' transmitted by the receiving mobile device module through the dedicated gateway 4 generates an authorization code after the verification is completed, and transmits the authorization to the communication via the hand-held docking module 3 through the dedicated gateway 4 A scanning transmission group 6; a communication transmission module 6 receives the transmission volume of the identity authentication group 5 through the mobile device module 3, and writes the authorization code and the like into the content of the short message, and transmits the content of the short message through the telecommunication voice service 7 pass To the multi-carrier module 1 of the participating personnel. Referring to FIG. 1 , the data flow chart of the mobile phone device service system for the dual authentication of the e-commerce identity of the present invention mainly includes: a multi-carrier module 1 'provides a user with multiple data interface formats (eg Super file markup language (HTML), wireless application protocol (WAP) and other formats, and according to different cuts I installed through the mobile phone 201042964 - chess group 3 mining material format; a mobile device device module 3 'including mobile phone identifier The component S1 and the SIM card identification sub-element 32 identify the user's mobile phone secret and slogan through the mobile phone ugly, and the singularity of the singularity of the singularity of the singer and the singularity of the singularity of the singularity of the singer The siM ί data is transmitted to the _ identity authentication s: one identity is still 5' is to receive the age-old transfer data to provide double identification of the user's body injury, and includes the SIM card authentication sub-element 51, the credential authentication sub-element 52 Authorizing the sub-element 53' - starting the SIM card authentication sub-component, the user is required to input the password of the SJM card, and the SIM card data and password transmitted by the reward card component 32 of the age group 3 are correct. Identification of the identity; the voucher authentication sub-component 52 then asks the user to enter the password of the voucher, and compares the voucher and the password as the identification of the second identity; finally, the authorization sub-tag 53 generates the transaction authorization code and the newsletter. Content, in which the content of the newsletter will require the user to fill in relevant information, such as the father’s birth or the graduation of the national, or use the image, photo, etc., the user needs to fill in the name of the photo person, if the information is The system will authorize the process of the process; after the authentication module 5 is authenticated, it can enter the communication transmission module 6; ❹ a communication transmission module 6' includes the message transmission sub-element 61, via telecommunications The service of the network 'transmits the content transmitted by the identity authentication module 5 through the short message transmission sub-element 61, and transmits the content of the authorization code and the short message to achieve the combination of wireless communication and telecommunication voice. Please refer to FIG. 3 , which is a flow chart of the identity authentication of the mobile phone device service system for the dual-certification of the e-commerce identity of the present invention. The steps include: Step 1: The data interface format presented by the user in the multi-carrier interface provided by the system Enter the mobile device service system; Step 2: The mobile device service system delivers the verification data of the mobile device to the identity authentication center for SIM card and voucher verification; Step 3: After the verification is completed, the identity authentication center generates the authorization code 'and the authorization code, etc. The information is written to Jan. 201042964. The content 'where the authorization code is a one-time password (OneTime Password, οχ?) generated dynamically and randomly by the identity authentication center' and this authorization code is only allowed to be used within a certain period of time; Step 4: Identity Authentication Center Send the SMS to the mobile phone number of the user through the telecom voice service; Step 5: Finally, the person will click on the link of the message, the system will ask for the relevant information to be input in time, and the system is authorized to complete the authorization of the process. operation. The mobile phone device service system applied to the e-commerce identity dual authentication provided by the invention has the following advantages when compared with other conventional technologies: 1. The invention can perform all the operation processes of the electronic commerce system in the wireless communication service, Limited to the general network _ road (lntemet), in fact, the use of a single purpose, independent function of the system of miscellaneous and elastic non-fractal can achieve 'to increase the breadth of the application of the invention. 2. The mechanism of the invention _ identity double button. Through the customer identification block (sim card) and password first for the first time _ times green diligence j, humiliating _ (such as the button and password issued by the nickname) to the user's second identity authentication to achieve The effect of dual certification. 3. j (four) system double pipe processing, and increase the mechanism of Na control. Through the wireless communication :) The combination of the new service and the telecom voice, even if the network _ guest can take the single-pipeline transmission process, but there is no lang _ take the dual f-channel dragon transmission; then increase the _ control mechanism 'every time The authorization codes of the transactions are different, ensuring the user's online trading operations, and the security is not the same as the syllabus. The reduction can allow the eight personnel to carry out various operations, reduce the sense of distrust of the electronic network, and increase the willingness to use. 4. The present invention uses a multi-carrier interface to allow the participating personnel to use the general mobile phone whenever and wherever. Different vehicles such as smart phones can easily enter the system for various tasks. It can be achieved by using a single vehicle or a single process. This can greatly increase the usage rate, allowing users to work even if they are not in the office. 201042964 5. The invention reduces personal _ protection law, de f-signal and positive Wei data protection. The detailed description above is for the specific description of one of the possible embodiments of the present invention, but the implementation is not intended to be used in the context of this (4) special Wei Wei, and the equivalent implementation or change of the unmanned Riding God shall include In the scope of the patent in this case. In summary, this case is not only innovative in terms of technical thinking, but also able to enhance the above-mentioned multiple functions compared with conventional articles. It should fully comply with the statutory invention patent requirements of novelty and progressiveness, and submit an application according to law. Invention patent application, in order to invent invention, to the sense of virtue. [FIG. 1] FIG. 1 is a structural diagram of a mobile phone device service system applied to e-commerce identity dual authentication according to the present invention; FIG. 2 is a data architecture diagram of a mobile phone device service system applied to e-commerce identity dual authentication according to the present invention; FIG. 3 is a flow chart of a mobile phone device service system applied to e-commerce identity dual authentication according to the present invention. [Main component symbol description] 1 multi-carrier mold 2 wireless communication service 3 mobile phone device mold 31 mobile phone device component 32 SIM identification sub-component 4 exclusive gateway 5 identity authentication module 51 SIM authentication sub-element 52 voucher authentication sub-element 53 authorized sub-component 6 communication transmission module 201042964 61 short message transmission sub-component 7 telecom voice service
99