TW201249158A - Producing and application method for one time password - Google Patents

Producing and application method for one time password Download PDF

Info

Publication number
TW201249158A
TW201249158A TW100117126A TW100117126A TW201249158A TW 201249158 A TW201249158 A TW 201249158A TW 100117126 A TW100117126 A TW 100117126A TW 100117126 A TW100117126 A TW 100117126A TW 201249158 A TW201249158 A TW 201249158A
Authority
TW
Taiwan
Prior art keywords
dynamic password
terminal
server
electronic device
bank
Prior art date
Application number
TW100117126A
Other languages
Chinese (zh)
Inventor
Wen-Yuan Chen
Hsiu-Kang Chen
Original Assignee
Sage Information Systems Cort Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sage Information Systems Cort Ltd filed Critical Sage Information Systems Cort Ltd
Priority to TW100117126A priority Critical patent/TW201249158A/en
Publication of TW201249158A publication Critical patent/TW201249158A/en

Links

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

A producing and application method for one time password (OTP) first sends a request by a web-bank server to an OTP server when an even is asked to execute on a website of web-bank. The OTP server is then produces an OTP according to request data. After the OTP is produced by the OTP server, a SMS server produces a SMS which includes the OTP and sends to user. User can then replies the OTP in the received SMS to the web-bank via different route by using different terminals. Finally, the web-bank permits to execute the asked even when the OTP the user replied is verified. For the different ways to replies the OTP to the web-bank, the present invention can not only increase security of network behavior, but also increase convenience of using OTP.

Description

201249158 六、發明說明: 【發明所屬之技術領域】 [0001] 本發明係有關於動態密碼,尤其更有關於在網路上使用 的動態密碼的產生方法以及應用方法。 【先前技術】 [0002] 近年來,電子產業蓬勃發展,各式電子設備充斥於一般 大眾的生活週遭。並且,隨著網際網路的普及化,使用 · 者可不必出門,在家中即可使用桌上型電腦、平板電腦 ' 、智慧型行動電話等電子設備,通過網際網路來進行網 〇 路購物、預約掛號、網路交易等動作,相當方便。 [0003] 然而,當使用者通過網路來進行與金錢有關的交易時, 常常會與個人的銀行帳戶或是信用卡等資訊息息相關, 對使用者來說,安全性問題不可不審慎注意。例如使用 銀行所提供的網路銀行服務,進行轉帳、換匯、繳款等 網路交易行為時,常常需要輸入使用者的個人帳號、密 碼、交易帳號、信用卡資料等等相當私密的資訊,若有 安全性的問題發生,例如遭受網路駭客的攔截,或電腦 y 病毒程式的侧錄等,則將會對使用者造成無法回復的重 大損害。 [0004] 是以,市面上即有人提出動態密碼(又稱為一次性密碼,201249158 VI. Description of the Invention: [Technical Field] [0001] The present invention relates to a dynamic password, and more particularly to a method and a method for generating a dynamic password for use on a network. [Prior Art] [0002] In recent years, the electronics industry has flourished, and various electronic devices are flooding the lives of the general public. Moreover, with the popularization of the Internet, users can use the electronic devices such as desktop computers, tablet computers, and smart mobile phones at home to make online shopping through the Internet. , appointment registration, online transactions and other actions, quite convenient. [0003] However, when a user conducts a money-related transaction through the Internet, it is often related to an individual's bank account or credit card information. For the user, security issues cannot be ignored. For example, when using the online banking service provided by the bank to conduct online transactions such as transfer, exchange, payment, etc., it is often necessary to input the user's personal account number, password, transaction account number, credit card information, etc., if the information is quite private, if Security issues such as interception by Internet hackers or side-by-side recording of computer y virus programs can cause significant damage to users. [0004] Therefore, some people have proposed dynamic passwords (also known as one-time passwords).

One Time Password,OTP)的方式,來增加網路交易行 為的安全性。主要係使用一動態密碼產生器,結合使用 者的信用卡、提款卡等晶片卡,於輸入卡片的密碼後, 產生一組動態密碼。使用者於網路上進行交易行為時, 除了輸入上述的個人帳號、密碼及交易資料之外,更需 100117126 表單編號A0101 第4頁/共24頁 1002028792-0 201249158 [0005] Ο [0006] 在义的條件之下輪入该動態密碼,待網路銀行確認動 態密碼正確後,才可成功執行該交易。 然而,動態密碼產生器需要另外購買,對使用者而言係 為額外的支出’不常通過網路進行交易的使用者通常無 法接受此祕法。再者,使时的個人帳號、密碼、交 易資料及祕密碼都是透—管料雜(通常為網際 網路),當㈣客財_,或者㈣者㈣子設備中留 有病毒時,只要使用者在網站上輸人上述資料,即會被 有心人輕易地竊取甚至竄改。如此—來,動態密碼的產 生與使用將形同虛設。 綜上所述’市面上實應提供—賴_動_碼產生與 應用方式,*但能夠藉由動態密碼來提高網路交易行為 或非交易料的安全性’並且還能讓動態密碼在應Τ 具有相當的彈性,藉以令使用者輕鬆學會並且樂於使= ❹ [0⑻7] [0008]One Time Password (OTP) is a way to increase the security of online trading behavior. Mainly using a dynamic password generator, combined with the user's credit card, ATM card and other chip cards, after entering the card password, a set of dynamic passwords is generated. When the user conducts trading on the Internet, in addition to inputting the above personal account number, password and transaction data, 100117126 is also required. Form No. A0101 Page 4 / Total 24 Page 1002028792-0 201249158 [0005] Ο [0006] The dynamic password is entered under the condition, and the online bank can confirm the dynamic password correctly before the transaction can be successfully executed. However, dynamic password generators require additional purchases, which are additional expenses for the user. Users who do not trade frequently through the Internet often cannot accept this secret. Moreover, the personal account number, password, transaction data and secret code of the time-keeping are all through-pipeline (usually the Internet), when (4) the customer _, or (4) the (4) child device has a virus, as long as When a user enters the above information on the website, it will be easily stolen or even tampered by the person concerned. In this way, the generation and use of dynamic passwords will be ineffective. In summary, the 'real market should provide - Lai _ _ _ code generation and application, * but can use dynamic passwords to improve the security of online transactions or non-transactions' and also allow dynamic passwords Τ It has considerable flexibility so that users can easily learn and be happy to make = ❹ [0(8)7] [0008]

【發明内容】 本發明之主要目的,在於提供一種動態密碼的產生與 用方法。係可於使用者在網路上請求執行特定事件時應 產生動態密碼以待驗證’藉以提高網路行為的^全 本發明之另一主要目❾,在於S供一種動態密瑪的產 與應用方法。使用者可以選擇各種不同的使用 生 及傳輸管道’將待驗證的動態密碼回覆給網路费, 人 以提高使用上的便利性。 T 藉 [0009] 為達上述目的,本發明係於使用者在網 路銀行的網站 上 100117126 表單編號Α0101 第5頁/共24頁 1002028792-0 201249158 請求執行一事件時,由一網路銀行伺服器對一動態密碼 伺服器發出請求,並由動態密碼伺服器依據請求資料產 生動態密碼。接著,由一簡訊伺服器產生記載有動態密 碼的一簡訊,並將簡訊傳送給使用者。使用者可通過各 種使用者終端,以不同的管道將簡訊中記載的動態密碼 回覆給網路銀行,當回覆的動態密碼通過驗證後,網路 銀行即可允許使用者執行所請求的事件。 [0010] 通過本發明的動態密碼的產生與應用方法,主要係令使 用者可以使用不同的終端設備,例如電腦、行動電話、 傳真機等,通過不同的管道,例如網際網路或行動通訊 網路,將所接收、待驗證的動態密碼回覆給網路銀行。 如此,可在不降低動態密碼的安全性的前提之下,大幅 提昇動態密碼在使用上的便利性。 【實施方式】 [0011] 茲就本發明之一較佳實施例,配合圖式,詳細說明如後 〇 [0012] 首請參閱第一圖,為本發明之一較佳具體實施例之系統 架構圖。本發明的動態密碼(又稱為一次性密碼,One Time Password, OTP)的產生與應用方法,主要係應用 於一網路銀行10、一網路銀行伺服器1、一動態密碼伺服 器2、一簡訊伺服器3、及至少一使用者終端4之間。 [0013] 該至少一使用者終端4主要可包括一第一終端41、一第二 終端42、與一第三終端43,該第一終端41、該第二終端 42、及該第三終端43可為相同的一個電子設備,亦可為 不同的兩個或三個電子設備(容下詳述),藉以分別達成 100117126 表單編號 A0101 第 6 頁/共 24 頁 1002028792-0 201249158 [0014]SUMMARY OF THE INVENTION A primary object of the present invention is to provide a method for generating and using a dynamic password. Another major goal of the present invention is to generate a dynamic password for the user to perform a specific event on the network to be verified. . The user can select a variety of different usage and transmission channels to reply the network password to the network fee, so as to improve the convenience of use. T [0009] For the above purposes, the present invention is applied to a user on the Internet Banking website 100117126 Form No. 1010101 Page 5 / Total 24 Page 1002028792-0 201249158 When an event is requested, an online banking server The device makes a request to a dynamic password server, and the dynamic password server generates a dynamic password based on the requested data. Then, a short message server generates a short message in which the dynamic password is recorded, and transmits the short message to the user. The user can reply the dynamic password recorded in the newsletter to the online bank through different channels through various user terminals. After the replying dynamic password is verified, the online bank can allow the user to execute the requested event. [0010] The method for generating and applying a dynamic password according to the present invention mainly enables a user to use different terminal devices, such as a computer, a mobile phone, a fax machine, etc., through different pipes, such as an internet or a mobile communication network. , reply the received dynamic password to be verified to the online bank. In this way, the convenience of using the dynamic password can be greatly improved without reducing the security of the dynamic password. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS [0011] A preferred embodiment of the present invention, in conjunction with the drawings, is described in detail below. [0012] Referring first to the first figure, a system architecture is a preferred embodiment of the present invention. Figure. The method and application method of the dynamic password (also known as One Time Password, OTP) of the present invention are mainly applied to an online banking 10, an online banking server 1, a dynamic password server 2, A short message server 3 and at least one user terminal 4. [0013] The at least one user terminal 4 can mainly include a first terminal 41, a second terminal 42, and a third terminal 43, the first terminal 41, the second terminal 42, and the third terminal 43. Can be the same electronic device, can also be two or three different electronic devices (to be detailed), to achieve 100117126 respectively Form No. A0101 Page 6 / 24 Page 1002028792-0 201249158 [0014]

不同功效,不應加以限定。 請同時參閱第_ 一圏,為本發明之一較佳具體實施例之流 程圖。首先,你田 κ用者使用該第一終端41登入該網路銀行 10(步驟S200),* θ 更具體而言,係使用該第一終端41,通 過網際網路a Λ 、' 且入該網路銀行10的網站,並操作該網站上 頁1〇〇(例如第三圖中所示的網頁100)。接著’於該 社銀行1〇明求執行一事件(步驟S202),其中,主要是 '' f 而要'經過驗證後才能被允許執行的特殊事件 ’例如查詢帳戶明細、登出等非交易行為,或轉帳、兒 換外幣等交$行為ϋ,網路行為是需要經過驗 迅後才旎被允許執行的特殊事件,係可由該網路銀行1〇 的管理者設;t,或由使用者自訂,不應加以限定。 [_值得-提的是,本發㈣令較易行為也能通過動態密 碼來判斷是否允許執行,實可大大提昇網路行為的安全 性。並且’在非交易行為中,使用者並不需要輸入任何 資料,因此操作上也會更快速、更直覺。Different functions should not be limited. Please also refer to the first section, which is a flow chart of a preferred embodiment of the present invention. First, the user of the field κ uses the first terminal 41 to log in to the online bank 10 (step S200), * θ more specifically, using the first terminal 41, through the Internet a 、 , ' The website of the online banking 10, and operate on the first page of the website (for example, the web page 100 shown in the third figure). Then, the company bank executes an event (step S202), which is mainly a special event that is ''f' and is verified to be allowed to execute', for example, querying account details, logout, etc. , or transfer money, change foreign currency, etc., the behavior of the Internet is a special event that needs to be executed after the expedited test, which can be set by the administrator of the online bank; t, or by the user Customized, should not be limited. [_Worth-mentioned is that this (4) makes it easier for behaviors to judge whether or not to allow execution through dynamic passwords, which can greatly improve the security of network behavior. And in the non-transaction behavior, the user does not need to input any information, so the operation will be faster and more intuitive.

[0016] 上述該步驟S202之後’ _路銀行lQ透過朗路銀行飼 服器i,請求該動態密碼伺服器2產生一組動態密碼ρι ( 4S204) t具體而& ’係由該網路銀行伺服器^發出 -請求資料R1至該動態密仙服器2,藉以請求該動態密 碼伺服器2產生動態密碼pi。其中 該網路銀行伺服器1 主要係可通過安全套接層 Secure Sockets Lay- e r,S S L)封包格式,傳送該請灰次n , 邊明永賁料R1至該動態密碼伺 服器2,但不以此為限。 100117126 表單編號A0101 第7頁/共24頁 1002028792-0 201249158 [0017] 值得一提的是,若上述事件為一不需使用者輪 料,例如為查詢帳戶明細、登出等非交易行 ^^ 馬時’該網 路銀行伺服器1僅發出該請求資料R1至該動態$。[0016] After the step S202, the _ road bank lQ requests the dynamic password server 2 to generate a set of dynamic passwords ρι (4S204) t by the lang bank feeding device i, and the network bank The server sends a request data R1 to the dynamic secret server 2, thereby requesting the dynamic password server 2 to generate the dynamic password pi. The online banking server 1 is mainly capable of transmitting the request through the Secure Sockets Layer (SSL) packet format, and the R1 to the dynamic password server 2, but not Limited. 100117126 Form No. A0101 Page 7 / Total 24 Page 1002028792-0 201249158 [0017] It is worth mentioning that if the above event is a non-user rotation, for example, to query account details, logout and other non-transaction lines ^^ Ma Shi's online banking server 1 only sends the request data R1 to the dynamic $.

2;然而,若該事件為一需要輸入交易資料Tl DD 乂·易^(于为> ,則於使用者輸入該交易資料T1並請求執行該事~ 該網路銀行伺服器1將該交易資料T1及該請求= 貧料R1 (即 ,SSL封包)同時傳送至該動態密碼伺服器2。其中該产易 資料T1,可例如為第三圖B中所示的交易帳號Tll、上 金額T12等,但不加以限定。 [0018] 該動態密碼伺服器2接收該請求資料R1後,即依诚 f) 队爆該請求 資料R1產生該動態密碼P1 (步驟S206)。更具體而+, 本實施例中,該動態密碼伺服器2主要係採用以時間為基 礎(Time based)的OATH (initiative f〇r 〇pen Authentication)規範,並依據SSL封包的區段碼 (Section ID)作為參數,以產生該動態密碼P1,但不以 此為限。 [0019]於該步驟32〇6之後,該動態密碼伺服器2將所產生的該動 態密碼P1傳送至該簡訊伺服器3(步驟S208)。並且,若 於上列步驟中’有該交易資料T1的產生’則該動態密瑪 伺服器2同時將該交易資料T1與該動態密碼P1傳送至該簡 訊祠服器3。該簡訊伺服器3於接收資料後’依據所接收 的資料内容產生一簡訊S1(步驟S210),更具體而言,該 簡訊S1中記栽有該動態密碼pi,而若該簡訊伺服器3同時 接收該交易資料T1及該動態密碼P1,則該簡訊S1中同時 記載有該交易資料T1及該動態密碼P1。接著,該簡訊飼 100117126 表單編號A0101 第8頁/共24頁 1002028792-0 201249158 服器3將所產生的該簡訊si傳送至該第二終端42(步驟 S212),更具體而言,該簡訊伺服器3係通過行動通訊網 路’將該簡訊S1傳送至該第二終端42。 [0020] 0 [0021] [0022] 於該步驟S212之後,使用者可通過該第二終端42所接收 的該簡訊S1,得到該動態密碼P1的内容。並且,若該簡 訊S1中同時記載有該交易資料T1,則使用者可藉由該簡 訊S1再次確認於該網路銀行1〇中輸入的該交易資料T1有 無錯誤,藉以避免潛在的風險。 接著,使用者通過該第三終端43,回覆該簡訊S1中記栽 的該動態密碼P1至該網路銀行1〇(步驟S214)。值得一提 的是’該第三終端43可與該第一終端41,及/或該第二 終端42為同一電子設備,或為完全不同的電子設備,藉 以,可通過網際網路或行動通訊網路回覆該動態密碼?1 至該網路銀行10 ’不應加以限定。 該網路銀行10接收使用者回覆的該動態密碼P1之後,通 過該網路銀行伺服器1,將所接收的該動態密碼?丨轉發至 該動態密碼伺服器2(步驟S216)。藉以,由該動態密碼词 服器2來進行使用者所回覆的該動態密碼pi的驗證動作( 步驟S218)。即’於本實施例中,該網路銀行10僅接收並 轉發使用者回覆的該動態密碼P1,但無法直接判斷該動 態密碼P1是否正確’如此更可提高該動態密碼?1的安全 性。 最後’該動態密碼伺服器2回傳驗證結果至該網路銀行飼 服器1(步驟S220) ’藉以,由該網路銀行來判斷該動 100117126 表單編號A0101 第9頁/共24頁 1002028792-0 [0023] 201249158 態密碼P1是否通過驗證(步驟S222)。若使用者回覆的該 動態密碼P1沒有通過驗證,則該網路銀行10不允許該事 件的執行(步驟S224);反之,若使用者回覆的該動態密 碼P1通過驗證,則該網路銀行10允許該事件的執行(步驟 S226)。 [0024] 續請參閱第三圖A及第三圖B,為本發明的第一具體實施 例及第二具體實施例之事件請求示意圖。該第一終端41 主要為具有網際網路功能的電子設備,例如桌上型電腦 、個人數位助理、平板電腦、行動電話等,但不加以限 定。該第一終端41主要係通過網際網路連接該網路銀行 10,並用來顯示、操作該網路銀行10的網頁100。第三圖 A中所示,使用者係通過該第一終端41,於該網路銀行10 請求執行一非交易行為,如圖中所示為請求查詢帳戶明 細,當使用者按下確定鍵後,該網路銀行10隨即請求該 動態密碼伺服器2產生該動態密碼P1。而如第三圖B中所 示,係通過該第一終端41,於該網路銀行10請求執行一 交易行為,如圖中所示,該網頁100顯示使用者在該交易 行為中,自行輸入的該交易帳號T11與該交易金額T12, 以令使用者於再次確認之後,確定或取消進行交易。然 而,該交易資料T1更可包含其他資訊,例如約定曰期、 轉入銀行等,不可加以限定。 [0025] 續請參閱第四圖A及第四圖B,為本發明的第一具體實施 例及第二具體實施例之簡訊内容示意圖。該第二終端42 主要係通過行動通訊網路與該簡訊伺服器3連接,以接收 該簡訊伺服器3產生並傳送的該簡訊S1。 100117126 表單編號A0101 第10頁/共24頁 1002028792-0 201249158 100261值得〜提的是,該第二終端42係可與該第一終端41為相 同的電子設備,例如為兼具網際網路功能及行動通訊功 能的行動電話或平板電腦等,使用者可使用該電子設備 ’通過網際網路登入該網路銀行1〇,以請求執行該事件 ’並通過行動通訊網路接收該簡訊S1 ;再者,該第二終 端42可與該第一終端41為完全不同的電子設備,例如該 第一终端41為一可連接網際網路的筆記型電腦,而該第 一終端42為一可收發簡訊的行動電話,但不加以限定。 Q [〇〇2?]如第四圖A中所示,若該使用者係請求執行一非交易行為 ,則该簡訊S1中僅記載有該動態密碼pi ;而如第四圖B中 所示,若該使用者係請求執行一交易行為,則該簡訊S1 中同時記載有該交易資料T1及該動態密碼ρι ◊值得一提 的是,該動態密碼伺服器2主要係通過TIME MSED的 oath規範來產生該動態密碼?1,因此每一組動態密碼?1 皆有使用期限’該簡訊51中可同時記載該動態密瑪?1的 使用期限。 〇 闺最後請參閱第五圖卜第五圖B及第五圖C,為本發明的第 -具體實施例、第二具體實施例、及第三具體實施例的 動態雄碼使用示意圖。該第三終端43主要係通過預定管 道與該網路銀行1Q連接,藉以將該簡訊S1中記載的該動 態密碼P1回覆給該網路銀行1(),以進行驗證。該第三終 端43主要可具有下列幾種型態: [0029] i•該第三終端43可與該第—終端41為相同的電子裝置, 例如為具網際網路功能的電腦。當使用者通過電腦, 在該網路銀行10清求執行該事件時,該網路銀行Η請求 100117126 表單編號麵 第U心24 i __ 201249158 該動態密碼伺服器2產生該動態密碼pi,同時,該網路銀 行10傳輸一動態密碼的輪入頁面並顯示於該電腦上。藉 以’使用者通過該第二終端42接收該簡訊S1後,可使用 該電腦,於該動態密碼的輸入頁面上,輸入該簡訊S1中 記載的該動態密碼P1 ; [0030] 2.該第三終端43可與該第二終端42為相同的電子裝置, 例如為一具行動通訊功能的行動電話。當使用者通過該 行動電話接收該簡訊S1時,可直接將該簡訊S1轉寄至該 網路銀行10,更具體而言,係轉寄至該網路銀行10指定 的號碼。如此一來’該網路銀行10可於接收該轉寄的該 簡訊S1後,再將該簡訊S1中記載的該動態密碼P1傳送至 該動態密碼伺服器2進行驗證; [〇〇31] 3.該第一終端41、該第二終端42、及該第三終端43可為 相同的電子裝置’例如為一兼具網際網路功能及行動通 訊功能的行動電話。於本實施例中,使用者可使用單一 的行動電話,通過網際網路及行動通訊網路二種管道, 分別執行該事件的請求、該簡訊“的接收,以及該動態 密瑪P1的回覆等動作’ [〇〇32] 4.該第三終端43可為獨立的電子裝置,例如為一傳真機 ,益通過行動通訊網路與該網路銀行10連接。如此一來 ,使用者可使用該第二終端42接收該簡訊S1後,將該簡 訊S1中記載的該動態密瑪P1填寫於一文件F1上,再使用 該第三終端43,通過行動通訊網路將該文件傳真至該網 路銀行。 100117126 表單煸號A0101 第12頁/共24頁 201249158 [0033]本發明中,係不限制該動態密碼pi的回覆方式及回覆管 道,亦不限制該第一終端41、該第二終端42、及該第三 終端43的種類及數量,因此,使用者在運用動態密碼時 ’係可具有較大的便利性。並且,不會因為提昇了使用 上的便利性’而降低了動態密碼的本身的安全性。 [0034] 以上所述僅為本發明之較佳具體實例,非因此即侷限本 發明之專利範圍,故舉凡運用本發明内容所為之等效變 化,均同理皆包含於本發明之範圍内,合予陳明。 0 【圖式簡單說明】 [0035] 第一圖係本發明之一較佳具體實施例之系統架構圖。 [0036] 第二圖係本發明之一較佳具體實施例之流程圖。 [0〇37]第三圖A係本發明之第一具體實施例之事件請求示意圖。 [0038]第三圖B係本發明之第二具體實施例之事件請求示意圖。 _]帛四圖A係本發明之第一具體實施例之簡訊内容示意圖。 闺帛”本發狀第二具體實_之簡㈣容示意圖。 _1]帛五圖A係本發明之第-具體實施例之動態密碼使用示意 圖。 [0042] 第五圖B係本發明之第二具體實施例之動態密瑪使用示意 圖。 [0043] 第五圖C係本發明之第三具體實施例之動態密瑪使用承意 圖。 【主要元件符號說明】 1002028792-0 100117126 表單編號A0101 第13頁/共24頁 201249158 [0044] 1…網路銀行伺服器 [0045] 10…網路銀行 [0046] 1 00…網頁 [0047] 2…動態密碼伺服器 [0048] 3…簡訊伺服器 [0049] 4…使用者終端 [0050] 41…第一終端 [0051] 42···第二終端 [0052] 43…第三終端 [0053] T1···交易資料 [0054] T11…交易帳號 [0055] T12…交易金額 [0056] R1…請求資料 [0057] P1 · · ·動態密瑪 [0058] S1…簡訊 [0059] F1…文件 [0060] S200~S226…步驟 100117126 表單編號A0101 第14頁/共24頁 1002028792-02; However, if the event is a need to enter the transaction data Tl DD 乂 · 易 ^ (Yu Wei >, then the user enters the transaction data T1 and requests to perform the matter ~ the online banking server 1 the transaction The data T1 and the request = the poor material R1 (ie, the SSL packet) are simultaneously transmitted to the dynamic password server 2. The production data T1 can be, for example, the transaction account number T11 and the upper amount T12 shown in the third figure B. [0018] After receiving the request data R1, the dynamic password server 2 generates the dynamic password P1 by the team expiring the request data R1 (step S206). More specifically, in this embodiment, the dynamic cryptographic server 2 mainly adopts a time-based OATH (initiative f〇r 〇pen Authentication) specification, and according to the section code of the SSL packet (Section) ID) as a parameter to generate the dynamic password P1, but not limited thereto. After the step 32〇6, the dynamic password server 2 transmits the generated dynamic password P1 to the short message server 3 (step S208). Further, if the generation of the transaction data T1 is performed in the above step, the dynamic MME server 2 simultaneously transmits the transaction data T1 and the dynamic password P1 to the short message server 3. After receiving the data, the short message server 3 generates a short message S1 according to the received data content (step S210), and more specifically, the dynamic password pi is recorded in the short message S1, and if the short message server 3 is simultaneously Receiving the transaction data T1 and the dynamic password P1, the transaction data T1 and the dynamic password P1 are simultaneously recorded in the SMS S1. Next, the newsletter feed 100117126 Form No. A0101 Page 8 / Total 24 pages 1002028792-0 201249158 The server 3 transmits the generated SMS si to the second terminal 42 (step S212), more specifically, the SMS servo The device 3 transmits the short message S1 to the second terminal 42 via the mobile communication network. [0022] [0022] After the step S212, the user can obtain the content of the dynamic password P1 through the SMS S1 received by the second terminal 42. Moreover, if the transaction data T1 is simultaneously recorded in the message S1, the user can reconfirm the transaction data T1 entered in the online bank 1 by the short message S1 to avoid potential risks. Then, the user replies to the dynamic password P1 recorded in the SMS S1 to the online bank through the third terminal 43 (step S214). It is worth mentioning that the third terminal 43 can be the same electronic device as the first terminal 41 and/or the second terminal 42 or be a completely different electronic device, thereby being available through the Internet or a mobile communication network. Reply to the dynamic password? 1 to the online bank 10 ’ should not be limited. After the online bank 10 receives the dynamic password P1 replied by the user, the online banking server 1 receives the dynamic password. The message is forwarded to the dynamic password server 2 (step S216). Therefore, the dynamic password cipher 2 performs the verification operation of the dynamic password pi that the user replies (step S218). That is, in the embodiment, the online bank 10 only receives and forwards the dynamic password P1 replied by the user, but cannot directly determine whether the dynamic password P1 is correct. Thus, the dynamic password can be improved. 1 security. Finally, the dynamic password server 2 returns the verification result to the online bank server 1 (step S220) 'by the network bank to determine the motion 100117126 form number A0101 page 9 / total 24 page 1002028792- [0023] 201249158 Whether the state password P1 passes the verification (step S222). If the dynamic password P1 replied by the user fails to pass the verification, the online bank 10 does not allow the execution of the event (step S224); otherwise, if the dynamic password P1 replied by the user passes the verification, the online bank 10 The execution of the event is allowed (step S226). [0024] Referring to FIG. 3A and FIG. BB, FIG. 3 is a schematic diagram of an event request according to a first embodiment and a second embodiment of the present invention. The first terminal 41 is mainly an electronic device having an Internet function, such as a desktop computer, a personal digital assistant, a tablet computer, a mobile phone, etc., but is not limited. The first terminal 41 is mainly connected to the online bank 10 via the Internet, and is used to display and operate the webpage 100 of the online bank 10. As shown in the third figure A, the user requests to perform a non-transaction behavior at the online bank 10 through the first terminal 41, as shown in the figure, requesting to query the account details, when the user presses the OK button. The online bank 10 then requests the dynamic password server 2 to generate the dynamic password P1. As shown in the third figure B, the online terminal 10 requests to perform a transaction behavior through the first terminal 41. As shown in the figure, the web page 100 displays the user inputting the transaction behavior. The transaction account number T11 and the transaction amount T12 are used to confirm or cancel the transaction after the user confirms again. However, the transaction data T1 may contain other information, such as appointments, transfer to banks, etc., and cannot be limited. [0025] Referring to FIG. 4A and FIG. 24B, FIG. 4 is a schematic diagram showing the contents of the first embodiment and the second embodiment of the present invention. The second terminal 42 is mainly connected to the SMS server 3 via a mobile communication network to receive the SMS S1 generated and transmitted by the SMS server 3. 100117126 Form No. A0101 Page 10 of 24 1002028792-0 201249158 100261 It is worth mentioning that the second terminal 42 can be the same electronic device as the first terminal 41, for example, having both Internet functions and The mobile phone or tablet computer of the mobile communication function, the user can use the electronic device to log in to the online bank through the Internet to request the execution of the event' and receive the newsletter S1 through the mobile communication network; The second terminal 42 can be a completely different electronic device from the first terminal 41. For example, the first terminal 41 is an Internet-connected notebook computer, and the first terminal 42 is an action capable of sending and receiving a short message. Phone, but not limited. Q [〇〇2?] As shown in the fourth figure A, if the user requests to perform a non-transactional behavior, only the dynamic password pi is recorded in the short message S1; and as shown in the fourth figure B If the user requests to perform a transaction, the newsletter S1 also records the transaction data T1 and the dynamic password ρι. It is worth mentioning that the dynamic password server 2 mainly passes the oath specification of TIME MSED. To generate this dynamic password? 1, so each group of dynamic passwords? 1 There is a period of use. 'The dynamic Mima can be recorded in the newsletter 51 at the same time? 1 period of use.闺 闺 Finally, please refer to FIG. 5B, FIG. 5B and FIG. 5C, which are schematic diagrams showing the use of the dynamic male code of the first embodiment, the second embodiment, and the third embodiment of the present invention. The third terminal 43 is mainly connected to the online bank 1Q through a predetermined pipe, so that the dynamic password P1 recorded in the SMS S1 is replied to the online bank 1 () for verification. The third terminal 43 can have the following types: [0029] i The third terminal 43 can be the same electronic device as the first terminal 41, for example, an Internet-enabled computer. When the user passes the computer and asks the online bank 10 to perform the event, the online bank requests 100117126 form number face U heart 24 i __ 201249158 The dynamic password server 2 generates the dynamic password pi, and The online banking 10 transmits a dynamic password wheeled page and displays it on the computer. After the user receives the newsletter S1 through the second terminal 42, the computer can be used to input the dynamic password P1 recorded in the newsletter S1 on the input page of the dynamic password; [0030] 2. The third The terminal 43 can be the same electronic device as the second terminal 42, for example, a mobile phone with mobile communication function. When the user receives the newsletter S1 via the mobile phone, the short message S1 can be forwarded directly to the online bank 10, and more specifically, to the number designated by the online bank 10. In this way, the online bank 10 can transmit the dynamic password P1 recorded in the SMS S1 to the dynamic password server 2 for verification after receiving the forwarded message S1; [〇〇31] 3 The first terminal 41, the second terminal 42, and the third terminal 43 can be the same electronic device, for example, a mobile phone having both an Internet function and a mobile communication function. In this embodiment, the user can use a single mobile phone to perform the request for the event, the reception of the message, and the reply of the dynamic MME P1 through the Internet and the mobile communication network. [〇〇32] 4. The third terminal 43 can be an independent electronic device, such as a facsimile machine, connected to the online bank 10 via a mobile communication network. Thus, the user can use the second terminal. After receiving the short message S1, the terminal 42 fills in the dynamic timma P1 recorded in the short message S1 on a file F1, and then uses the third terminal 43 to fax the file to the online bank through the mobile communication network. Form No. A0101 Page 12 of 24 201249158 [0033] In the present invention, the reply mode and the reply pipe of the dynamic password pi are not limited, and the first terminal 41, the second terminal 42, and the first terminal 41 are not limited. The type and number of the third terminal 43, therefore, the user can have greater convenience when using the dynamic password. And, the user of the dynamic password is not lowered because the convenience in use is improved. The above is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention, and equivalent changes to the present invention are included in the present invention. BRIEF DESCRIPTION OF THE DRAWINGS [0036] The first figure is a system architecture diagram of a preferred embodiment of the present invention. [0036] The second figure is one of the present invention. A flowchart of a specific embodiment of the present invention is a schematic diagram of an event request according to a first embodiment of the present invention. [0038] FIG. 3B is an event request of a second embodiment of the present invention. 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 _1] Figure 5 is a schematic diagram of the use of dynamic passwords in the first embodiment of the present invention. [0042] Fig. B is a schematic diagram of the use of dynamic smatter in the second embodiment of the present invention. [0043] FIG. 5C is a diagram of the dynamic mega-use use of the third embodiment of the present invention. [Main component symbol description] 1002028792-0 100117126 Form number A0101 Page 13 of 24 201249158 [0044] 1...Internet banking server [0045] 10...Internet banking [0046] 1 00...Webpage [0047] 2 ...Dynamic Password Server [0048] 3...SMS Server [0049] 4...User Terminal [0050] 41...First Terminal [0051] 42···Second Terminal [0052] 43...Third Terminal [0053] T1···Transaction Information [0054] T11...Transaction Account [0055] T12...Transaction Amount [0056] R1...Request Information [0057] P1 · · Dynamic Mum [0058] S1...Newsletter [0059] F1...File [ 0060] S200~S226...Step 100117126 Form No. A0101 Page 14 of 24 1002028792-0

Claims (1)

201249158 七、申請專利範圍: 1 . 一種動態密碼的產生與應用方法,係包括: a) 使用第一終端通過網際網路登入網路銀行; b) 於該網路銀行的網頁請求執行一事件; c) 步驟b後,網路銀行伺服器請求動態密碼伺服器產生動 態密碼; • d)該動態密碼伺服器依據請求資料產生一組動態密碼; • e)依據該動態密碼的内容產生一簡訊; Ο通過行動通訊網路將該簡訊傳送至第二終端; 1 ' g)步驟f後,通過第三終端回覆該簡訊中記載的該動態密 碼至該網路銀行; h) 該網路銀行將所接收的該動態密碼轉發至該動態密碼伺 服器; i) 該動態密碼伺服器對該動態密碼進行驗證; j) 步驟i後,該動態密碼伺服器回傳驗證結果至該網路銀 行; k) 步驟j後,若驗證通過,允許該事件的執行。 ' 2.如請求項1所述的動態密碼的產生與應用方法,其中該第 一終端與該第二終端為同一電子設備,該步驟a係使用該 電子設備,通過網際網路登入該網路銀行,該步驟f係通 過行動通訊網路,將該簡訊傳送至該電子設備。 3 .如請求項2所述的動態密碼產生與應用方法,其中該第一 終端、該第二使用者及該第三終端為同一電子設備,該步 驟g係通過行動通訊網路,將該電子設備所接收的該簡訊 轉寄至該網路銀行。 100117126 表單編號A0101 第15頁/共24頁 1002028792-0 201249158 4 .如請求項3所述的動態密碼的產生與應用方法,其中該電 子設備為一行動電話。 5 .如請求項1所述的動態密碼產生與應用方法,其中該第一 終端與該第三終端為同一電子設備,該步驟a係使用該電 子設備,通過網際網路登入該網路銀行,該步驟g係使用 該電子設備,通過網際網路於該網路銀行的網頁中輸入該 簡訊中記載的該動態密碼。 6 .如請求項1所述的動態密碼產生與應用方法,其中該第三 終端為一傳真機,該步驟g係通過行動通訊網路,將填寫 有該動態密碼的文件傳真至該網路銀行。 7 .如請求項1所述的動態密碼的產生與應用方法,其中該步 驟c中,該網路銀行伺服器通過安全套接層(Secure Sockets Layer, SSL)封包傳送該請求資料至該動態密碼 伺服器。 8 .如請求項7所述的動態密碼的產生與應用方法,其中該步 驟d中,該動態密碼伺服器係採用以時間為基礎(Time based)的OATH規範,並依據SSL封包的區段碼(Section ID)作為參數以產生該動態密碼。 9 .如請求項7所述的動態密碼的產生與應用方法,其中該步 驟b中,更於該網路銀行的網頁輸入一交易資料,該步驟c 中,該網路銀行伺服器將該交易資料及該SSL封包一起傳 送至該動態密碼伺服器。 10 .如請求項9所述的動態密碼的產生與應用方法,其中該簡 訊中同時記載有該動態密碼及該交易資料。 11 . 一種動態密碼的產生與應用方法,係包括: a)使用第一終端,通過網際網路登入網路銀行; 100117126 表單編號A0101 第16頁/共24頁 1002028792-0 201249158 b)於該網路銀行的網頁請求執行一事件,並輸入一交易資 料; c )網路銀行伺服器傳送該交易資料及一請求資料至動態密 碼伺服器; d) 該動態密碼伺服器依據該請求資料產生一組動態密碼; e) 該動態密碼伺服器將該動態密碼及該交易資料傳送至簡 . 訊伺服器; - f )該簡訊飼服器產生一簡訊,其中該簡訊中記載有該動態 密碼及該交易資料; ^ g)通過行動通訊網路,將該簡訊傳送至第二終端; h) 步驟g後,通過第三終端回覆該簡訊中記載的該動態密 碼至該網路銀行; i) 該網路銀行將所接收的該動態密碼轉發至該動態密碼伺 服器; j) 該動態密碼伺服器對該動態密碼進行驗證; k) 步驟j後,該動態密碼伺服器回傳驗證結果至該網路銀 行; ^ 1)步驟k後,若驗證通過,允許該事件的執行。 12 .如請求項11所述的動態密碼的產生與應用方法,其中該步 驟c中,該網路銀行伺服器通過安全套接層封包傳送該請 求資料至該動態密碼伺服器。 13 .如請求項12所述的動態密碼的產生與應用方法,其中該步 驟d中,該動態密碼伺服器係採用以時間為基礎的OATH規 範,並依據SSL封包的區段“作為參數以產生該動態密碼 〇 14 .如請求項13所述的動態密碼的產生與應用方法,其中該第 100117126 表單編號 A0101 第 17 頁/共 24 頁 1002028792-0 201249158 一終端與該第二終端為同一電子設備,並且該電子設備為 一行動電話。 15 .如請求項13所述的動態密碼產生與應用方法,其中該第二 終端與該第三終端為同一電子設備,該步驟h係通過行動 通訊網路,將該電子設備所接收的該簡訊轉寄至該網路銀 行。 16 .如請求項13所述的動態密碼產生與應用方法,其中該第一 終端與該第三終端為同一電子設備,該步驟h係使用該第 三終端,通過網際網路於該網路銀行的網頁中輸入該簡訊 中記載的該動態密碼。 17 .如請求項13所述的動態密碼產生與應用方法,其中該第三 終端為一傳真機,該步驟h係通過行動通訊網路,將填寫 有該簡訊中記載的該動態密碼的文件傳真至該網路銀行。 100117126 表單編號A0101 第18頁/共24頁 1002028792-0201249158 VII. Patent application scope: 1. A method for generating and applying dynamic passwords, comprising: a) using a first terminal to log in to an online bank via the Internet; b) requesting an event on the webpage of the online bank; c) After step b, the online banking server requests the dynamic password server to generate a dynamic password; • d) the dynamic password server generates a dynamic password according to the request data; • e) generates a short message according to the content of the dynamic password;传送 transmitting the short message to the second terminal through the mobile communication network; 1 ' g) after step f, replying the dynamic password recorded in the short message to the online bank through the third terminal; h) the online bank will receive The dynamic password is forwarded to the dynamic password server; i) the dynamic password server verifies the dynamic password; j) after step i, the dynamic password server returns the verification result to the online bank; k) After j, if the verification is passed, the execution of the event is allowed. 2. The method for generating and applying a dynamic password according to claim 1, wherein the first terminal and the second terminal are the same electronic device, and the step a uses the electronic device to log in to the network through the Internet. The bank, the step f, transmits the short message to the electronic device through the mobile communication network. The method for generating and applying a dynamic password according to claim 2, wherein the first terminal, the second user, and the third terminal are the same electronic device, and the step g is to use the mobile communication network to connect the electronic device. The received newsletter is forwarded to the online bank. 100117126 Form No. A0101 Page 15 of 24 1002028792-0 201249158 4. The method of generating and applying a dynamic password as claimed in claim 3, wherein the electronic device is a mobile phone. The dynamic password generation and application method of claim 1, wherein the first terminal and the third terminal are the same electronic device, and the step a uses the electronic device to log in to the online banking through the Internet. In the step g, the electronic device is used to input the dynamic password recorded in the newsletter on the webpage of the online bank through the Internet. 6. The dynamic password generation and application method according to claim 1, wherein the third terminal is a facsimile machine, and the step g is to fax the file filled in the dynamic password to the online bank through the mobile communication network. 7. The method for generating and applying a dynamic password according to claim 1, wherein in the step c, the online banking server transmits the request data to the dynamic password server through a Secure Sockets Layer (SSL) packet. Device. 8. The method for generating and applying a dynamic password according to claim 7, wherein in the step d, the dynamic password server adopts a time based OATH specification and is based on a segment code of the SSL packet. (Section ID) as a parameter to generate the dynamic password. 9. The method for generating and applying a dynamic password according to claim 7, wherein in the step b, a transaction data is input to the webpage of the online bank, and in the step c, the online banking server uses the transaction. The data is transmitted to the dynamic password server along with the SSL packet. 10. The method of generating and applying a dynamic password according to claim 9, wherein the dynamic password and the transaction data are simultaneously recorded in the message. 11. A method for generating and applying a dynamic password, comprising: a) using a first terminal to log in to an online bank via the Internet; 100117126 Form No. A0101 Page 16 of 24 1002028792-0 201249158 b) The bank's webpage requests to execute an event and enters a transaction data; c) the online banking server transmits the transaction data and a request data to the dynamic password server; d) the dynamic password server generates a group according to the request data a dynamic password; e) the dynamic password server transmits the dynamic password and the transaction data to the simple server; - f) the short message server generates a short message, wherein the dynamic password and the transaction are recorded in the newsletter Data; ^g) transmitting the short message to the second terminal through the mobile communication network; h) after step g, replying the dynamic password recorded in the newsletter to the online bank through the third terminal; i) the online banking Forwarding the received dynamic password to the dynamic password server; j) the dynamic password server verifies the dynamic password; k) after step j, the action Password server to return a verification result the bank network; after ^ 1) step k, if verified, the event is allowed to execute. 12. The method for generating and applying a dynamic password according to claim 11, wherein in the step c, the online banking server transmits the request data to the dynamic password server through a secure socket layer packet. 13. The method for generating and applying a dynamic password according to claim 12, wherein in the step d, the dynamic cryptographic server adopts a time-based OATH specification, and generates a section according to the SSL packet as a parameter. The dynamic password 〇14. The method and the application method of the dynamic password according to claim 13, wherein the terminal is the same electronic device as the second terminal, and the terminal is numbered as A01101, page 17 of 241002028792-0 201249158 And the electronic device is a mobile phone. The dynamic password generating and applying method according to claim 13, wherein the second terminal and the third terminal are the same electronic device, and the step h is through a mobile communication network. The method for forwarding the short message received by the electronic device to the online banking device. The dynamic password generating and applying method according to claim 13, wherein the first terminal and the third terminal are the same electronic device, the step h is to use the third terminal to input the dynamic password recorded in the newsletter on the webpage of the online bank via the Internet. The method for generating and applying a dynamic password according to 13, wherein the third terminal is a facsimile machine, and the step h is to fax, by using a mobile communication network, a file filled with the dynamic password recorded in the short message to the online bank. 100117126 Form No. A0101 Page 18 of 24 1002028792-0
TW100117126A 2011-05-16 2011-05-16 Producing and application method for one time password TW201249158A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW100117126A TW201249158A (en) 2011-05-16 2011-05-16 Producing and application method for one time password

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW100117126A TW201249158A (en) 2011-05-16 2011-05-16 Producing and application method for one time password

Publications (1)

Publication Number Publication Date
TW201249158A true TW201249158A (en) 2012-12-01

Family

ID=48138930

Family Applications (1)

Application Number Title Priority Date Filing Date
TW100117126A TW201249158A (en) 2011-05-16 2011-05-16 Producing and application method for one time password

Country Status (1)

Country Link
TW (1) TW201249158A (en)

Similar Documents

Publication Publication Date Title
US11222312B2 (en) Method and system for a secure registration
US20220198415A1 (en) Vendor token generator
US11979390B2 (en) Email-based authentication for account login, account creation and security for passwordless transactions
CN104094270B (en) User certificate is protected for computing device
US11551209B2 (en) Financial account authentication
JP6012125B2 (en) Enhanced 2CHK authentication security through inquiry-type transactions
TWI260146B (en) Method and system for native authentication protocols in a heterogeneous federated environment
JP5802137B2 (en) Centralized authentication system and method with secure private data storage
CN109417574A (en) Manage the authority of multiple users on electronic equipment
CN116128497A (en) Facilitating funds transfer between user accounts
JP2005269158A (en) Electronic signature guarantee system, method, program, and apparatus
TW201027384A (en) Digital rights management (DRM)-enabled policy management for an identify provider in a federated environment
CN102694781A (en) Internet-based system and method for security information interaction
CN104200365A (en) Writing and paying method for electronic check
TW201317911A (en) Cloud credit card transaction system and transaction method thereof
JP2018139078A (en) Signature assist server, relay server, signature assist program, and relay program
WO2019027409A1 (en) Modular data processing and storage system
US10592898B2 (en) Obtaining a signature from a remote user
TW201101215A (en) Two-factor authentication method and system for securing online transactions
TWI607402B (en) Online fund transfer methods and systems
TW201249158A (en) Producing and application method for one time password
Al-Dala’in et al. A prototype design for enhancing customer trust in online payments
Al-Dala'in et al. Using a mobile device to enhance customer trust in the security of remote transactions
CN103337021A (en) Film card and secure transaction method based on same
Al-Dala’in et al. A review of current online payment systems related to security and trust solutions