TW201249158A - Producing and application method for one time password - Google Patents
Producing and application method for one time password Download PDFInfo
- Publication number
- TW201249158A TW201249158A TW100117126A TW100117126A TW201249158A TW 201249158 A TW201249158 A TW 201249158A TW 100117126 A TW100117126 A TW 100117126A TW 100117126 A TW100117126 A TW 100117126A TW 201249158 A TW201249158 A TW 201249158A
- Authority
- TW
- Taiwan
- Prior art keywords
- dynamic password
- terminal
- server
- electronic device
- bank
- Prior art date
Links
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
Description
201249158 六、發明說明: 【發明所屬之技術領域】 [0001] 本發明係有關於動態密碼,尤其更有關於在網路上使用 的動態密碼的產生方法以及應用方法。 【先前技術】 [0002] 近年來,電子產業蓬勃發展,各式電子設備充斥於一般 大眾的生活週遭。並且,隨著網際網路的普及化,使用 · 者可不必出門,在家中即可使用桌上型電腦、平板電腦 ' 、智慧型行動電話等電子設備,通過網際網路來進行網 〇 路購物、預約掛號、網路交易等動作,相當方便。 [0003] 然而,當使用者通過網路來進行與金錢有關的交易時, 常常會與個人的銀行帳戶或是信用卡等資訊息息相關, 對使用者來說,安全性問題不可不審慎注意。例如使用 銀行所提供的網路銀行服務,進行轉帳、換匯、繳款等 網路交易行為時,常常需要輸入使用者的個人帳號、密 碼、交易帳號、信用卡資料等等相當私密的資訊,若有 安全性的問題發生,例如遭受網路駭客的攔截,或電腦 y 病毒程式的侧錄等,則將會對使用者造成無法回復的重 大損害。 [0004] 是以,市面上即有人提出動態密碼(又稱為一次性密碼,201249158 VI. Description of the Invention: [Technical Field] [0001] The present invention relates to a dynamic password, and more particularly to a method and a method for generating a dynamic password for use on a network. [Prior Art] [0002] In recent years, the electronics industry has flourished, and various electronic devices are flooding the lives of the general public. Moreover, with the popularization of the Internet, users can use the electronic devices such as desktop computers, tablet computers, and smart mobile phones at home to make online shopping through the Internet. , appointment registration, online transactions and other actions, quite convenient. [0003] However, when a user conducts a money-related transaction through the Internet, it is often related to an individual's bank account or credit card information. For the user, security issues cannot be ignored. For example, when using the online banking service provided by the bank to conduct online transactions such as transfer, exchange, payment, etc., it is often necessary to input the user's personal account number, password, transaction account number, credit card information, etc., if the information is quite private, if Security issues such as interception by Internet hackers or side-by-side recording of computer y virus programs can cause significant damage to users. [0004] Therefore, some people have proposed dynamic passwords (also known as one-time passwords).
One Time Password,OTP)的方式,來增加網路交易行 為的安全性。主要係使用一動態密碼產生器,結合使用 者的信用卡、提款卡等晶片卡,於輸入卡片的密碼後, 產生一組動態密碼。使用者於網路上進行交易行為時, 除了輸入上述的個人帳號、密碼及交易資料之外,更需 100117126 表單編號A0101 第4頁/共24頁 1002028792-0 201249158 [0005] Ο [0006] 在义的條件之下輪入该動態密碼,待網路銀行確認動 態密碼正確後,才可成功執行該交易。 然而,動態密碼產生器需要另外購買,對使用者而言係 為額外的支出’不常通過網路進行交易的使用者通常無 法接受此祕法。再者,使时的個人帳號、密碼、交 易資料及祕密碼都是透—管料雜(通常為網際 網路),當㈣客財_,或者㈣者㈣子設備中留 有病毒時,只要使用者在網站上輸人上述資料,即會被 有心人輕易地竊取甚至竄改。如此—來,動態密碼的產 生與使用將形同虛設。 綜上所述’市面上實應提供—賴_動_碼產生與 應用方式,*但能夠藉由動態密碼來提高網路交易行為 或非交易料的安全性’並且還能讓動態密碼在應Τ 具有相當的彈性,藉以令使用者輕鬆學會並且樂於使= ❹ [0⑻7] [0008]One Time Password (OTP) is a way to increase the security of online trading behavior. Mainly using a dynamic password generator, combined with the user's credit card, ATM card and other chip cards, after entering the card password, a set of dynamic passwords is generated. When the user conducts trading on the Internet, in addition to inputting the above personal account number, password and transaction data, 100117126 is also required. Form No. A0101 Page 4 / Total 24 Page 1002028792-0 201249158 [0005] Ο [0006] The dynamic password is entered under the condition, and the online bank can confirm the dynamic password correctly before the transaction can be successfully executed. However, dynamic password generators require additional purchases, which are additional expenses for the user. Users who do not trade frequently through the Internet often cannot accept this secret. Moreover, the personal account number, password, transaction data and secret code of the time-keeping are all through-pipeline (usually the Internet), when (4) the customer _, or (4) the (4) child device has a virus, as long as When a user enters the above information on the website, it will be easily stolen or even tampered by the person concerned. In this way, the generation and use of dynamic passwords will be ineffective. In summary, the 'real market should provide - Lai _ _ _ code generation and application, * but can use dynamic passwords to improve the security of online transactions or non-transactions' and also allow dynamic passwords Τ It has considerable flexibility so that users can easily learn and be happy to make = ❹ [0(8)7] [0008]
【發明内容】 本發明之主要目的,在於提供一種動態密碼的產生與 用方法。係可於使用者在網路上請求執行特定事件時應 產生動態密碼以待驗證’藉以提高網路行為的^全 本發明之另一主要目❾,在於S供一種動態密瑪的產 與應用方法。使用者可以選擇各種不同的使用 生 及傳輸管道’將待驗證的動態密碼回覆給網路费, 人 以提高使用上的便利性。 T 藉 [0009] 為達上述目的,本發明係於使用者在網 路銀行的網站 上 100117126 表單編號Α0101 第5頁/共24頁 1002028792-0 201249158 請求執行一事件時,由一網路銀行伺服器對一動態密碼 伺服器發出請求,並由動態密碼伺服器依據請求資料產 生動態密碼。接著,由一簡訊伺服器產生記載有動態密 碼的一簡訊,並將簡訊傳送給使用者。使用者可通過各 種使用者終端,以不同的管道將簡訊中記載的動態密碼 回覆給網路銀行,當回覆的動態密碼通過驗證後,網路 銀行即可允許使用者執行所請求的事件。 [0010] 通過本發明的動態密碼的產生與應用方法,主要係令使 用者可以使用不同的終端設備,例如電腦、行動電話、 傳真機等,通過不同的管道,例如網際網路或行動通訊 網路,將所接收、待驗證的動態密碼回覆給網路銀行。 如此,可在不降低動態密碼的安全性的前提之下,大幅 提昇動態密碼在使用上的便利性。 【實施方式】 [0011] 茲就本發明之一較佳實施例,配合圖式,詳細說明如後 〇 [0012] 首請參閱第一圖,為本發明之一較佳具體實施例之系統 架構圖。本發明的動態密碼(又稱為一次性密碼,One Time Password, OTP)的產生與應用方法,主要係應用 於一網路銀行10、一網路銀行伺服器1、一動態密碼伺服 器2、一簡訊伺服器3、及至少一使用者終端4之間。 [0013] 該至少一使用者終端4主要可包括一第一終端41、一第二 終端42、與一第三終端43,該第一終端41、該第二終端 42、及該第三終端43可為相同的一個電子設備,亦可為 不同的兩個或三個電子設備(容下詳述),藉以分別達成 100117126 表單編號 A0101 第 6 頁/共 24 頁 1002028792-0 201249158 [0014]SUMMARY OF THE INVENTION A primary object of the present invention is to provide a method for generating and using a dynamic password. Another major goal of the present invention is to generate a dynamic password for the user to perform a specific event on the network to be verified. . The user can select a variety of different usage and transmission channels to reply the network password to the network fee, so as to improve the convenience of use. T [0009] For the above purposes, the present invention is applied to a user on the Internet Banking website 100117126 Form No. 1010101 Page 5 / Total 24 Page 1002028792-0 201249158 When an event is requested, an online banking server The device makes a request to a dynamic password server, and the dynamic password server generates a dynamic password based on the requested data. Then, a short message server generates a short message in which the dynamic password is recorded, and transmits the short message to the user. The user can reply the dynamic password recorded in the newsletter to the online bank through different channels through various user terminals. After the replying dynamic password is verified, the online bank can allow the user to execute the requested event. [0010] The method for generating and applying a dynamic password according to the present invention mainly enables a user to use different terminal devices, such as a computer, a mobile phone, a fax machine, etc., through different pipes, such as an internet or a mobile communication network. , reply the received dynamic password to be verified to the online bank. In this way, the convenience of using the dynamic password can be greatly improved without reducing the security of the dynamic password. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS [0011] A preferred embodiment of the present invention, in conjunction with the drawings, is described in detail below. [0012] Referring first to the first figure, a system architecture is a preferred embodiment of the present invention. Figure. The method and application method of the dynamic password (also known as One Time Password, OTP) of the present invention are mainly applied to an online banking 10, an online banking server 1, a dynamic password server 2, A short message server 3 and at least one user terminal 4. [0013] The at least one user terminal 4 can mainly include a first terminal 41, a second terminal 42, and a third terminal 43, the first terminal 41, the second terminal 42, and the third terminal 43. Can be the same electronic device, can also be two or three different electronic devices (to be detailed), to achieve 100117126 respectively Form No. A0101 Page 6 / 24 Page 1002028792-0 201249158 [0014]
不同功效,不應加以限定。 請同時參閱第_ 一圏,為本發明之一較佳具體實施例之流 程圖。首先,你田 κ用者使用該第一終端41登入該網路銀行 10(步驟S200),* θ 更具體而言,係使用該第一終端41,通 過網際網路a Λ 、' 且入該網路銀行10的網站,並操作該網站上 頁1〇〇(例如第三圖中所示的網頁100)。接著’於該 社銀行1〇明求執行一事件(步驟S202),其中,主要是 '' f 而要'經過驗證後才能被允許執行的特殊事件 ’例如查詢帳戶明細、登出等非交易行為,或轉帳、兒 換外幣等交$行為ϋ,網路行為是需要經過驗 迅後才旎被允許執行的特殊事件,係可由該網路銀行1〇 的管理者設;t,或由使用者自訂,不應加以限定。 [_值得-提的是,本發㈣令較易行為也能通過動態密 碼來判斷是否允許執行,實可大大提昇網路行為的安全 性。並且’在非交易行為中,使用者並不需要輸入任何 資料,因此操作上也會更快速、更直覺。Different functions should not be limited. Please also refer to the first section, which is a flow chart of a preferred embodiment of the present invention. First, the user of the field κ uses the first terminal 41 to log in to the online bank 10 (step S200), * θ more specifically, using the first terminal 41, through the Internet a 、 , ' The website of the online banking 10, and operate on the first page of the website (for example, the web page 100 shown in the third figure). Then, the company bank executes an event (step S202), which is mainly a special event that is ''f' and is verified to be allowed to execute', for example, querying account details, logout, etc. , or transfer money, change foreign currency, etc., the behavior of the Internet is a special event that needs to be executed after the expedited test, which can be set by the administrator of the online bank; t, or by the user Customized, should not be limited. [_Worth-mentioned is that this (4) makes it easier for behaviors to judge whether or not to allow execution through dynamic passwords, which can greatly improve the security of network behavior. And in the non-transaction behavior, the user does not need to input any information, so the operation will be faster and more intuitive.
[0016] 上述該步驟S202之後’ _路銀行lQ透過朗路銀行飼 服器i,請求該動態密碼伺服器2產生一組動態密碼ρι ( 4S204) t具體而& ’係由該網路銀行伺服器^發出 -請求資料R1至該動態密仙服器2,藉以請求該動態密 碼伺服器2產生動態密碼pi。其中 該網路銀行伺服器1 主要係可通過安全套接層 Secure Sockets Lay- e r,S S L)封包格式,傳送該請灰次n , 邊明永賁料R1至該動態密碼伺 服器2,但不以此為限。 100117126 表單編號A0101 第7頁/共24頁 1002028792-0 201249158 [0017] 值得一提的是,若上述事件為一不需使用者輪 料,例如為查詢帳戶明細、登出等非交易行 ^^ 馬時’該網 路銀行伺服器1僅發出該請求資料R1至該動態$。[0016] After the step S202, the _ road bank lQ requests the dynamic password server 2 to generate a set of dynamic passwords ρι (4S204) t by the lang bank feeding device i, and the network bank The server sends a request data R1 to the dynamic secret server 2, thereby requesting the dynamic password server 2 to generate the dynamic password pi. The online banking server 1 is mainly capable of transmitting the request through the Secure Sockets Layer (SSL) packet format, and the R1 to the dynamic password server 2, but not Limited. 100117126 Form No. A0101 Page 7 / Total 24 Page 1002028792-0 201249158 [0017] It is worth mentioning that if the above event is a non-user rotation, for example, to query account details, logout and other non-transaction lines ^^ Ma Shi's online banking server 1 only sends the request data R1 to the dynamic $.
2;然而,若該事件為一需要輸入交易資料Tl DD 乂·易^(于为> ,則於使用者輸入該交易資料T1並請求執行該事~ 該網路銀行伺服器1將該交易資料T1及該請求= 貧料R1 (即 ,SSL封包)同時傳送至該動態密碼伺服器2。其中該产易 資料T1,可例如為第三圖B中所示的交易帳號Tll、上 金額T12等,但不加以限定。 [0018] 該動態密碼伺服器2接收該請求資料R1後,即依诚 f) 队爆該請求 資料R1產生該動態密碼P1 (步驟S206)。更具體而+, 本實施例中,該動態密碼伺服器2主要係採用以時間為基 礎(Time based)的OATH (initiative f〇r 〇pen Authentication)規範,並依據SSL封包的區段碼 (Section ID)作為參數,以產生該動態密碼P1,但不以 此為限。 [0019]於該步驟32〇6之後,該動態密碼伺服器2將所產生的該動 態密碼P1傳送至該簡訊伺服器3(步驟S208)。並且,若 於上列步驟中’有該交易資料T1的產生’則該動態密瑪 伺服器2同時將該交易資料T1與該動態密碼P1傳送至該簡 訊祠服器3。該簡訊伺服器3於接收資料後’依據所接收 的資料内容產生一簡訊S1(步驟S210),更具體而言,該 簡訊S1中記栽有該動態密碼pi,而若該簡訊伺服器3同時 接收該交易資料T1及該動態密碼P1,則該簡訊S1中同時 記載有該交易資料T1及該動態密碼P1。接著,該簡訊飼 100117126 表單編號A0101 第8頁/共24頁 1002028792-0 201249158 服器3將所產生的該簡訊si傳送至該第二終端42(步驟 S212),更具體而言,該簡訊伺服器3係通過行動通訊網 路’將該簡訊S1傳送至該第二終端42。 [0020] 0 [0021] [0022] 於該步驟S212之後,使用者可通過該第二終端42所接收 的該簡訊S1,得到該動態密碼P1的内容。並且,若該簡 訊S1中同時記載有該交易資料T1,則使用者可藉由該簡 訊S1再次確認於該網路銀行1〇中輸入的該交易資料T1有 無錯誤,藉以避免潛在的風險。 接著,使用者通過該第三終端43,回覆該簡訊S1中記栽 的該動態密碼P1至該網路銀行1〇(步驟S214)。值得一提 的是’該第三終端43可與該第一終端41,及/或該第二 終端42為同一電子設備,或為完全不同的電子設備,藉 以,可通過網際網路或行動通訊網路回覆該動態密碼?1 至該網路銀行10 ’不應加以限定。 該網路銀行10接收使用者回覆的該動態密碼P1之後,通 過該網路銀行伺服器1,將所接收的該動態密碼?丨轉發至 該動態密碼伺服器2(步驟S216)。藉以,由該動態密碼词 服器2來進行使用者所回覆的該動態密碼pi的驗證動作( 步驟S218)。即’於本實施例中,該網路銀行10僅接收並 轉發使用者回覆的該動態密碼P1,但無法直接判斷該動 態密碼P1是否正確’如此更可提高該動態密碼?1的安全 性。 最後’該動態密碼伺服器2回傳驗證結果至該網路銀行飼 服器1(步驟S220) ’藉以,由該網路銀行來判斷該動 100117126 表單編號A0101 第9頁/共24頁 1002028792-0 [0023] 201249158 態密碼P1是否通過驗證(步驟S222)。若使用者回覆的該 動態密碼P1沒有通過驗證,則該網路銀行10不允許該事 件的執行(步驟S224);反之,若使用者回覆的該動態密 碼P1通過驗證,則該網路銀行10允許該事件的執行(步驟 S226)。 [0024] 續請參閱第三圖A及第三圖B,為本發明的第一具體實施 例及第二具體實施例之事件請求示意圖。該第一終端41 主要為具有網際網路功能的電子設備,例如桌上型電腦 、個人數位助理、平板電腦、行動電話等,但不加以限 定。該第一終端41主要係通過網際網路連接該網路銀行 10,並用來顯示、操作該網路銀行10的網頁100。第三圖 A中所示,使用者係通過該第一終端41,於該網路銀行10 請求執行一非交易行為,如圖中所示為請求查詢帳戶明 細,當使用者按下確定鍵後,該網路銀行10隨即請求該 動態密碼伺服器2產生該動態密碼P1。而如第三圖B中所 示,係通過該第一終端41,於該網路銀行10請求執行一 交易行為,如圖中所示,該網頁100顯示使用者在該交易 行為中,自行輸入的該交易帳號T11與該交易金額T12, 以令使用者於再次確認之後,確定或取消進行交易。然 而,該交易資料T1更可包含其他資訊,例如約定曰期、 轉入銀行等,不可加以限定。 [0025] 續請參閱第四圖A及第四圖B,為本發明的第一具體實施 例及第二具體實施例之簡訊内容示意圖。該第二終端42 主要係通過行動通訊網路與該簡訊伺服器3連接,以接收 該簡訊伺服器3產生並傳送的該簡訊S1。 100117126 表單編號A0101 第10頁/共24頁 1002028792-0 201249158 100261值得〜提的是,該第二終端42係可與該第一終端41為相 同的電子設備,例如為兼具網際網路功能及行動通訊功 能的行動電話或平板電腦等,使用者可使用該電子設備 ’通過網際網路登入該網路銀行1〇,以請求執行該事件 ’並通過行動通訊網路接收該簡訊S1 ;再者,該第二終 端42可與該第一終端41為完全不同的電子設備,例如該 第一终端41為一可連接網際網路的筆記型電腦,而該第 一終端42為一可收發簡訊的行動電話,但不加以限定。 Q [〇〇2?]如第四圖A中所示,若該使用者係請求執行一非交易行為 ,則该簡訊S1中僅記載有該動態密碼pi ;而如第四圖B中 所示,若該使用者係請求執行一交易行為,則該簡訊S1 中同時記載有該交易資料T1及該動態密碼ρι ◊值得一提 的是,該動態密碼伺服器2主要係通過TIME MSED的 oath規範來產生該動態密碼?1,因此每一組動態密碼?1 皆有使用期限’該簡訊51中可同時記載該動態密瑪?1的 使用期限。 〇 闺最後請參閱第五圖卜第五圖B及第五圖C,為本發明的第 -具體實施例、第二具體實施例、及第三具體實施例的 動態雄碼使用示意圖。該第三終端43主要係通過預定管 道與該網路銀行1Q連接,藉以將該簡訊S1中記載的該動 態密碼P1回覆給該網路銀行1(),以進行驗證。該第三終 端43主要可具有下列幾種型態: [0029] i•該第三終端43可與該第—終端41為相同的電子裝置, 例如為具網際網路功能的電腦。當使用者通過電腦, 在該網路銀行10清求執行該事件時,該網路銀行Η請求 100117126 表單編號麵 第U心24 i __ 201249158 該動態密碼伺服器2產生該動態密碼pi,同時,該網路銀 行10傳輸一動態密碼的輪入頁面並顯示於該電腦上。藉 以’使用者通過該第二終端42接收該簡訊S1後,可使用 該電腦,於該動態密碼的輸入頁面上,輸入該簡訊S1中 記載的該動態密碼P1 ; [0030] 2.該第三終端43可與該第二終端42為相同的電子裝置, 例如為一具行動通訊功能的行動電話。當使用者通過該 行動電話接收該簡訊S1時,可直接將該簡訊S1轉寄至該 網路銀行10,更具體而言,係轉寄至該網路銀行10指定 的號碼。如此一來’該網路銀行10可於接收該轉寄的該 簡訊S1後,再將該簡訊S1中記載的該動態密碼P1傳送至 該動態密碼伺服器2進行驗證; [〇〇31] 3.該第一終端41、該第二終端42、及該第三終端43可為 相同的電子裝置’例如為一兼具網際網路功能及行動通 訊功能的行動電話。於本實施例中,使用者可使用單一 的行動電話,通過網際網路及行動通訊網路二種管道, 分別執行該事件的請求、該簡訊“的接收,以及該動態 密瑪P1的回覆等動作’ [〇〇32] 4.該第三終端43可為獨立的電子裝置,例如為一傳真機 ,益通過行動通訊網路與該網路銀行10連接。如此一來 ,使用者可使用該第二終端42接收該簡訊S1後,將該簡 訊S1中記載的該動態密瑪P1填寫於一文件F1上,再使用 該第三終端43,通過行動通訊網路將該文件傳真至該網 路銀行。 100117126 表單煸號A0101 第12頁/共24頁 201249158 [0033]本發明中,係不限制該動態密碼pi的回覆方式及回覆管 道,亦不限制該第一終端41、該第二終端42、及該第三 終端43的種類及數量,因此,使用者在運用動態密碼時 ’係可具有較大的便利性。並且,不會因為提昇了使用 上的便利性’而降低了動態密碼的本身的安全性。 [0034] 以上所述僅為本發明之較佳具體實例,非因此即侷限本 發明之專利範圍,故舉凡運用本發明内容所為之等效變 化,均同理皆包含於本發明之範圍内,合予陳明。 0 【圖式簡單說明】 [0035] 第一圖係本發明之一較佳具體實施例之系統架構圖。 [0036] 第二圖係本發明之一較佳具體實施例之流程圖。 [0〇37]第三圖A係本發明之第一具體實施例之事件請求示意圖。 [0038]第三圖B係本發明之第二具體實施例之事件請求示意圖。 _]帛四圖A係本發明之第一具體實施例之簡訊内容示意圖。 闺帛”本發狀第二具體實_之簡㈣容示意圖。 _1]帛五圖A係本發明之第-具體實施例之動態密碼使用示意 圖。 [0042] 第五圖B係本發明之第二具體實施例之動態密瑪使用示意 圖。 [0043] 第五圖C係本發明之第三具體實施例之動態密瑪使用承意 圖。 【主要元件符號說明】 1002028792-0 100117126 表單編號A0101 第13頁/共24頁 201249158 [0044] 1…網路銀行伺服器 [0045] 10…網路銀行 [0046] 1 00…網頁 [0047] 2…動態密碼伺服器 [0048] 3…簡訊伺服器 [0049] 4…使用者終端 [0050] 41…第一終端 [0051] 42···第二終端 [0052] 43…第三終端 [0053] T1···交易資料 [0054] T11…交易帳號 [0055] T12…交易金額 [0056] R1…請求資料 [0057] P1 · · ·動態密瑪 [0058] S1…簡訊 [0059] F1…文件 [0060] S200~S226…步驟 100117126 表單編號A0101 第14頁/共24頁 1002028792-02; However, if the event is a need to enter the transaction data Tl DD 乂 · 易 ^ (Yu Wei >, then the user enters the transaction data T1 and requests to perform the matter ~ the online banking server 1 the transaction The data T1 and the request = the poor material R1 (ie, the SSL packet) are simultaneously transmitted to the dynamic password server 2. The production data T1 can be, for example, the transaction account number T11 and the upper amount T12 shown in the third figure B. [0018] After receiving the request data R1, the dynamic password server 2 generates the dynamic password P1 by the team expiring the request data R1 (step S206). More specifically, in this embodiment, the dynamic cryptographic server 2 mainly adopts a time-based OATH (initiative f〇r 〇pen Authentication) specification, and according to the section code of the SSL packet (Section) ID) as a parameter to generate the dynamic password P1, but not limited thereto. After the step 32〇6, the dynamic password server 2 transmits the generated dynamic password P1 to the short message server 3 (step S208). Further, if the generation of the transaction data T1 is performed in the above step, the dynamic MME server 2 simultaneously transmits the transaction data T1 and the dynamic password P1 to the short message server 3. After receiving the data, the short message server 3 generates a short message S1 according to the received data content (step S210), and more specifically, the dynamic password pi is recorded in the short message S1, and if the short message server 3 is simultaneously Receiving the transaction data T1 and the dynamic password P1, the transaction data T1 and the dynamic password P1 are simultaneously recorded in the SMS S1. Next, the newsletter feed 100117126 Form No. A0101 Page 8 / Total 24 pages 1002028792-0 201249158 The server 3 transmits the generated SMS si to the second terminal 42 (step S212), more specifically, the SMS servo The device 3 transmits the short message S1 to the second terminal 42 via the mobile communication network. [0022] [0022] After the step S212, the user can obtain the content of the dynamic password P1 through the SMS S1 received by the second terminal 42. Moreover, if the transaction data T1 is simultaneously recorded in the message S1, the user can reconfirm the transaction data T1 entered in the online bank 1 by the short message S1 to avoid potential risks. Then, the user replies to the dynamic password P1 recorded in the SMS S1 to the online bank through the third terminal 43 (step S214). It is worth mentioning that the third terminal 43 can be the same electronic device as the first terminal 41 and/or the second terminal 42 or be a completely different electronic device, thereby being available through the Internet or a mobile communication network. Reply to the dynamic password? 1 to the online bank 10 ’ should not be limited. After the online bank 10 receives the dynamic password P1 replied by the user, the online banking server 1 receives the dynamic password. The message is forwarded to the dynamic password server 2 (step S216). Therefore, the dynamic password cipher 2 performs the verification operation of the dynamic password pi that the user replies (step S218). That is, in the embodiment, the online bank 10 only receives and forwards the dynamic password P1 replied by the user, but cannot directly determine whether the dynamic password P1 is correct. Thus, the dynamic password can be improved. 1 security. Finally, the dynamic password server 2 returns the verification result to the online bank server 1 (step S220) 'by the network bank to determine the motion 100117126 form number A0101 page 9 / total 24 page 1002028792- [0023] 201249158 Whether the state password P1 passes the verification (step S222). If the dynamic password P1 replied by the user fails to pass the verification, the online bank 10 does not allow the execution of the event (step S224); otherwise, if the dynamic password P1 replied by the user passes the verification, the online bank 10 The execution of the event is allowed (step S226). [0024] Referring to FIG. 3A and FIG. BB, FIG. 3 is a schematic diagram of an event request according to a first embodiment and a second embodiment of the present invention. The first terminal 41 is mainly an electronic device having an Internet function, such as a desktop computer, a personal digital assistant, a tablet computer, a mobile phone, etc., but is not limited. The first terminal 41 is mainly connected to the online bank 10 via the Internet, and is used to display and operate the webpage 100 of the online bank 10. As shown in the third figure A, the user requests to perform a non-transaction behavior at the online bank 10 through the first terminal 41, as shown in the figure, requesting to query the account details, when the user presses the OK button. The online bank 10 then requests the dynamic password server 2 to generate the dynamic password P1. As shown in the third figure B, the online terminal 10 requests to perform a transaction behavior through the first terminal 41. As shown in the figure, the web page 100 displays the user inputting the transaction behavior. The transaction account number T11 and the transaction amount T12 are used to confirm or cancel the transaction after the user confirms again. However, the transaction data T1 may contain other information, such as appointments, transfer to banks, etc., and cannot be limited. [0025] Referring to FIG. 4A and FIG. 24B, FIG. 4 is a schematic diagram showing the contents of the first embodiment and the second embodiment of the present invention. The second terminal 42 is mainly connected to the SMS server 3 via a mobile communication network to receive the SMS S1 generated and transmitted by the SMS server 3. 100117126 Form No. A0101 Page 10 of 24 1002028792-0 201249158 100261 It is worth mentioning that the second terminal 42 can be the same electronic device as the first terminal 41, for example, having both Internet functions and The mobile phone or tablet computer of the mobile communication function, the user can use the electronic device to log in to the online bank through the Internet to request the execution of the event' and receive the newsletter S1 through the mobile communication network; The second terminal 42 can be a completely different electronic device from the first terminal 41. For example, the first terminal 41 is an Internet-connected notebook computer, and the first terminal 42 is an action capable of sending and receiving a short message. Phone, but not limited. Q [〇〇2?] As shown in the fourth figure A, if the user requests to perform a non-transactional behavior, only the dynamic password pi is recorded in the short message S1; and as shown in the fourth figure B If the user requests to perform a transaction, the newsletter S1 also records the transaction data T1 and the dynamic password ρι. It is worth mentioning that the dynamic password server 2 mainly passes the oath specification of TIME MSED. To generate this dynamic password? 1, so each group of dynamic passwords? 1 There is a period of use. 'The dynamic Mima can be recorded in the newsletter 51 at the same time? 1 period of use.闺 闺 Finally, please refer to FIG. 5B, FIG. 5B and FIG. 5C, which are schematic diagrams showing the use of the dynamic male code of the first embodiment, the second embodiment, and the third embodiment of the present invention. The third terminal 43 is mainly connected to the online bank 1Q through a predetermined pipe, so that the dynamic password P1 recorded in the SMS S1 is replied to the online bank 1 () for verification. The third terminal 43 can have the following types: [0029] i The third terminal 43 can be the same electronic device as the first terminal 41, for example, an Internet-enabled computer. When the user passes the computer and asks the online bank 10 to perform the event, the online bank requests 100117126 form number face U heart 24 i __ 201249158 The dynamic password server 2 generates the dynamic password pi, and The online banking 10 transmits a dynamic password wheeled page and displays it on the computer. After the user receives the newsletter S1 through the second terminal 42, the computer can be used to input the dynamic password P1 recorded in the newsletter S1 on the input page of the dynamic password; [0030] 2. The third The terminal 43 can be the same electronic device as the second terminal 42, for example, a mobile phone with mobile communication function. When the user receives the newsletter S1 via the mobile phone, the short message S1 can be forwarded directly to the online bank 10, and more specifically, to the number designated by the online bank 10. In this way, the online bank 10 can transmit the dynamic password P1 recorded in the SMS S1 to the dynamic password server 2 for verification after receiving the forwarded message S1; [〇〇31] 3 The first terminal 41, the second terminal 42, and the third terminal 43 can be the same electronic device, for example, a mobile phone having both an Internet function and a mobile communication function. In this embodiment, the user can use a single mobile phone to perform the request for the event, the reception of the message, and the reply of the dynamic MME P1 through the Internet and the mobile communication network. [〇〇32] 4. The third terminal 43 can be an independent electronic device, such as a facsimile machine, connected to the online bank 10 via a mobile communication network. Thus, the user can use the second terminal. After receiving the short message S1, the terminal 42 fills in the dynamic timma P1 recorded in the short message S1 on a file F1, and then uses the third terminal 43 to fax the file to the online bank through the mobile communication network. Form No. A0101 Page 12 of 24 201249158 [0033] In the present invention, the reply mode and the reply pipe of the dynamic password pi are not limited, and the first terminal 41, the second terminal 42, and the first terminal 41 are not limited. The type and number of the third terminal 43, therefore, the user can have greater convenience when using the dynamic password. And, the user of the dynamic password is not lowered because the convenience in use is improved. The above is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention, and equivalent changes to the present invention are included in the present invention. BRIEF DESCRIPTION OF THE DRAWINGS [0036] The first figure is a system architecture diagram of a preferred embodiment of the present invention. [0036] The second figure is one of the present invention. A flowchart of a specific embodiment of the present invention is a schematic diagram of an event request according to a first embodiment of the present invention. [0038] FIG. 3B is an event request of a second embodiment of the present invention. 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 。 _1] Figure 5 is a schematic diagram of the use of dynamic passwords in the first embodiment of the present invention. [0042] Fig. B is a schematic diagram of the use of dynamic smatter in the second embodiment of the present invention. [0043] FIG. 5C is a diagram of the dynamic mega-use use of the third embodiment of the present invention. [Main component symbol description] 1002028792-0 100117126 Form number A0101 Page 13 of 24 201249158 [0044] 1...Internet banking server [0045] 10...Internet banking [0046] 1 00...Webpage [0047] 2 ...Dynamic Password Server [0048] 3...SMS Server [0049] 4...User Terminal [0050] 41...First Terminal [0051] 42···Second Terminal [0052] 43...Third Terminal [0053] T1···Transaction Information [0054] T11...Transaction Account [0055] T12...Transaction Amount [0056] R1...Request Information [0057] P1 · · Dynamic Mum [0058] S1...Newsletter [0059] F1...File [ 0060] S200~S226...Step 100117126 Form No. A0101 Page 14 of 24 1002028792-0
Claims (1)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW100117126A TW201249158A (en) | 2011-05-16 | 2011-05-16 | Producing and application method for one time password |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW100117126A TW201249158A (en) | 2011-05-16 | 2011-05-16 | Producing and application method for one time password |
Publications (1)
Publication Number | Publication Date |
---|---|
TW201249158A true TW201249158A (en) | 2012-12-01 |
Family
ID=48138930
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW100117126A TW201249158A (en) | 2011-05-16 | 2011-05-16 | Producing and application method for one time password |
Country Status (1)
Country | Link |
---|---|
TW (1) | TW201249158A (en) |
-
2011
- 2011-05-16 TW TW100117126A patent/TW201249158A/en unknown
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11222312B2 (en) | Method and system for a secure registration | |
US20220198415A1 (en) | Vendor token generator | |
US11979390B2 (en) | Email-based authentication for account login, account creation and security for passwordless transactions | |
CN104094270B (en) | User certificate is protected for computing device | |
US11551209B2 (en) | Financial account authentication | |
JP6012125B2 (en) | Enhanced 2CHK authentication security through inquiry-type transactions | |
TWI260146B (en) | Method and system for native authentication protocols in a heterogeneous federated environment | |
JP5802137B2 (en) | Centralized authentication system and method with secure private data storage | |
CN109417574A (en) | Manage the authority of multiple users on electronic equipment | |
CN116128497A (en) | Facilitating funds transfer between user accounts | |
JP2005269158A (en) | Electronic signature guarantee system, method, program, and apparatus | |
TW201027384A (en) | Digital rights management (DRM)-enabled policy management for an identify provider in a federated environment | |
CN102694781A (en) | Internet-based system and method for security information interaction | |
CN104200365A (en) | Writing and paying method for electronic check | |
TW201317911A (en) | Cloud credit card transaction system and transaction method thereof | |
JP2018139078A (en) | Signature assist server, relay server, signature assist program, and relay program | |
WO2019027409A1 (en) | Modular data processing and storage system | |
US10592898B2 (en) | Obtaining a signature from a remote user | |
TW201101215A (en) | Two-factor authentication method and system for securing online transactions | |
TWI607402B (en) | Online fund transfer methods and systems | |
TW201249158A (en) | Producing and application method for one time password | |
Al-Dala’in et al. | A prototype design for enhancing customer trust in online payments | |
Al-Dala'in et al. | Using a mobile device to enhance customer trust in the security of remote transactions | |
CN103337021A (en) | Film card and secure transaction method based on same | |
Al-Dala’in et al. | A review of current online payment systems related to security and trust solutions |