TW201824051A - Citizen digital certificate authentication method - Google Patents

Citizen digital certificate authentication method Download PDF

Info

Publication number
TW201824051A
TW201824051A TW105144306A TW105144306A TW201824051A TW 201824051 A TW201824051 A TW 201824051A TW 105144306 A TW105144306 A TW 105144306A TW 105144306 A TW105144306 A TW 105144306A TW 201824051 A TW201824051 A TW 201824051A
Authority
TW
Taiwan
Prior art keywords
authenticated
natural person
module
password
authentication
Prior art date
Application number
TW105144306A
Other languages
Chinese (zh)
Other versions
TWI612436B (en
Inventor
梁若珮
Original Assignee
臺灣銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 臺灣銀行股份有限公司 filed Critical 臺灣銀行股份有限公司
Priority to TW105144306A priority Critical patent/TWI612436B/en
Application granted granted Critical
Publication of TWI612436B publication Critical patent/TWI612436B/en
Publication of TW201824051A publication Critical patent/TW201824051A/en

Links

Abstract

A citizen digital certificate authentication method is provided. The method includes transmitting a citizen digital certificate authentication request to a cloud server, obtaining an authentication link responsive to the request from the sever by a certified module, obtaining an uncertified data of citizen digital certificate responsive to the request according to the link by the certified module, determining whether the uncertified data matches a certified data of citizen digital certificate by the certified module, generating a password input request when the uncertified data matches the certified data, receiving an input password corresponding to the password input request by the cloud server or the certified module, and determining whether the input password matches a predetermined password responsive to the certified data by the cloud server or the certified module.

Description

自然人憑證認證方法Natural person certificate authentication method

本發明是關於一種自然人憑證認證方法,特別是一種允許待認證裝置透過已認證裝置進行認證的方法。The present invention relates to a natural person voucher authentication method, and more particularly to a method for allowing a device to be authenticated to authenticate through an authenticated device.

隨著網際網路的蓬勃發展,傳統的商業交易及服務活動漸漸地都可以在網路上完成,使電子商務市場之規模逐漸擴大;再者,近年來由於智慧型行動裝置逐漸普及,電子商務更廣泛地應用在行動裝置上。因此,網路資安問題日趨重要,網路交易及服務之提供者也發展出一套相應的線上身份驗證系統,使用者可藉由使用者身份代號及密碼來進行身份驗證,或是以晶片卡搭配讀卡機來進行身份驗證,進而確保在進行網路交易及使用網路服務時之安全性。With the rapid development of the Internet, traditional business transactions and service activities can be gradually completed on the Internet, and the scale of the e-commerce market is gradually expanding. Moreover, in recent years, due to the popularity of smart mobile devices, e-commerce has become more Widely used in mobile devices. Therefore, the issue of network security is becoming more and more important. The providers of online transactions and services have also developed a corresponding online authentication system. Users can use the user ID and password to authenticate or use the chip. The card is paired with a card reader for authentication to ensure security when conducting online transactions and using network services.

然而,在前述的身份認證方法中,以身份代號及密碼進行身份認證之方式容易因側錄程式或木馬程式造成代號及密碼遭盜取,其安全性較差;以晶片卡進行身份驗證之方式中,使用者需先準備讀卡機,並在電腦上安裝讀卡機之驅動程式,此些前置作業完成後始得以將晶片卡插入讀卡機來進行身份驗證,當使用者出門在外時還需要隨身攜帶讀卡機及晶片卡才能進行身份驗證,種種限制,在使用上相當不便。However, in the foregoing identity authentication method, the method of identity authentication by identity code and password is easy to be stolen due to the deletion of the code and password by the skimming program or the Trojan horse program, and the security is poor; The user needs to prepare the card reader first, and install the driver of the card reader on the computer. After the pre-operation is completed, the wafer card can be inserted into the card reader for identity verification, and when the user goes out, It is necessary to carry a card reader and a chip card with you to carry out identity verification, and various restrictions are quite inconvenient to use.

有鑑於此,本發明提出一種自然人憑證認證方法。In view of this, the present invention proposes a natural person voucher authentication method.

在第一實施例中,一種自然人憑證認證方法包含:待認證模組發送一自然人憑證認證請求至一雲端伺服器、該待認證模組取得來自該雲端伺服器之一認證連結、已認證模組自該待認證模組取得該認證連結,該認證連結對應於該自然人憑證認證請求、已認證模組根據認證連結取得對應於自然人憑證認證請求之待認證自然人憑證資訊、已認證模組判斷待認證自然人憑證資訊是否符合已認證自然人憑證資訊、當待認證自然人憑證資訊符合已認證自然人憑證資訊時產生一密碼輸入請求、已認證模組或雲端伺服器接收對應於密碼輸入請求之一輸入密碼以及已認證模組或雲端伺服器判斷輸入密碼是否符合預存密碼,如密碼相符則回傳驗證結果至該待認證模組。其中,已認證模組包含對應於預存密碼之已認證自然人憑證資訊。In the first embodiment, a method for authenticating a natural person certificate includes: a module to be authenticated sends a natural person credential authentication request to a cloud server, and the module to be authenticated obtains an authentication link from the cloud server, and the authenticated module Obtaining the authentication link from the to-be-certified module, the authentication link corresponding to the natural person voucher authentication request, the authenticated module obtaining the natural person voucher information corresponding to the natural person voucher authentication request according to the authentication link, and the authenticated module determining to be authenticated Whether the natural person voucher information meets the certified natural person voucher information, generates a password input request when the certified natural person voucher information conforms to the authenticated natural person voucher information, the authenticated module or the cloud server receives the password corresponding to one of the password input requests, and has The authentication module or the cloud server determines whether the input password meets the pre-stored password. If the password matches, the verification result is returned to the to-be-authenticated module. The authenticated module includes the authenticated natural person credential information corresponding to the pre-stored password.

在第一實施例中,在前述之已認證模組根據認證連結取得對應於自然人憑證認證請求之待認證自然人憑證資訊之步驟包含:已認證模組根據認證連結連線於雲端伺服器,認證連結包含對應於自然人憑證認證請求之一標記,以及雲端伺服器根據標記將對應於自然人憑證認證請求之待認證自然人憑證資訊發送至已認證模組。In the first embodiment, the step of obtaining, by the authenticated module, the natural person voucher information corresponding to the natural person voucher authentication request according to the authentication link includes: the authenticated module is connected to the cloud server according to the authentication link, and the authentication link is The tag corresponding to the natural person voucher authentication request is included, and the cloud server sends the information to be authenticated natural person voucher corresponding to the natural person voucher authentication request to the authenticated module according to the tag.

在第一實施例中,在前述之雲端伺服器根據標記將對應於自然人憑證認證請求之待認證自然人憑證資訊發送至已認證模組之步驟中,雲端伺服器根據認證連結之一產生時間至已認證模組連線於雲端伺服器之一時間差是否小於一預設時間,來決定是否執行將待認證自然人憑證資訊發送至已認證模組之步驟。In the first embodiment, in the step that the foregoing cloud server sends the natural person credential information corresponding to the natural person credential authentication request to the authenticated module according to the mark, the cloud server generates the time according to one of the authentication links. Whether the time difference of one of the authentication modules connected to the cloud server is less than a preset time determines whether to execute the step of sending the natural person voucher information to be authenticated to the authenticated module.

在第一實施例中,前述之自然人憑證認證方法更包含:雲端伺服器根據自然人憑證認證請求產生包含標記之認證連結,且標記一對一對應於自然人憑證認證請求。In the first embodiment, the foregoing natural person credential authentication method further includes: the cloud server generates an authentication link including the mark according to the natural person credential authentication request, and the mark corresponds to the natural person credential authentication request one-to-one.

在第一實施例中,前述之已認證模組或雲端伺服器判斷輸入密碼是否符合預存密碼之步驟中,已認證模組或雲端伺服器根據密碼輸入請求之一產生時間至輸入密碼之一接收時間之一時間差是否小於一預設時間,來決定是否執行判斷輸入密碼是否符合預存密碼之步驟。In the first embodiment, in the step that the authenticated module or the cloud server determines whether the input password meets the pre-stored password, the authenticated module or the cloud server generates the time to one of the input passwords according to one of the password input requests. Whether the time difference of one time is less than a preset time determines whether to perform the step of judging whether the input password conforms to the pre-stored password.

在第一實施例中,前述之已認證模組取得來自雲端伺服器之認證連結之步驟中,認證連結為一網址連結或一二維條碼。In the first embodiment, in the step that the authenticated module obtains the authentication link from the cloud server, the authentication link is a web link or a two-dimensional barcode.

在第二實施例中,一種自然人憑證認證方法包含:待認證模組接收一待認證自然人憑證資訊;待認證模組啟動一已認證模組,已認證模組包含一已認證自然人憑證資訊,已認證自然人憑證資訊對應於一預存密碼;已認證模組判斷待認證自然人憑證資訊是否符合已認證自然人憑證資訊;當待認證自然人憑證資訊符合已認證自然人憑證資訊時,已認證模組產生一密碼輸入請求;已認證模組接收一輸入密碼;以及已認證模組判斷輸入密碼是否符合預存密碼。In the second embodiment, a natural person voucher authentication method includes: the to-be-authenticated module receives a natural person voucher information to be authenticated; the to-be-authenticated module starts an authenticated module, and the authenticated module includes an authenticated natural person voucher information, The certified natural person voucher information corresponds to a pre-stored password; the authenticated module determines whether the natural person voucher information to be authenticated conforms to the authenticated natural person voucher information; and when the natural person voucher information to be authenticated conforms to the authenticated natural person voucher information, the authenticated module generates a password input. The request; the authenticated module receives an input password; and the authenticated module determines whether the input password conforms to the pre-stored password.

在第二實施例中,前述之自然人憑證認證方法更包含:當待認證自然人憑證資訊不符合已認證自然人憑證資訊時,已認證模組產生一自然人憑證匯入請求或一自然人憑證更新請求。In the second embodiment, the foregoing natural person voucher authentication method further includes: when the natural person voucher information to be authenticated does not meet the authenticated natural person voucher information, the authenticated module generates a natural person voucher remit request or a natural person voucher update request.

在第二實施例中,在前述已認證模組判斷輸入密碼是否符合預存密碼之步驟中,已認證模組根據密碼輸入請求之一產生時間至輸入密碼之一接收時間之一時間差是否小於一預設時間,來決定是否執行判斷輸入密碼是否符合預存密碼之步驟。In the second embodiment, in the step that the authenticated module determines whether the input password meets the pre-stored password, whether the time difference between the time that the authenticated module generates the time according to one of the password input requests and the one of the received passwords is less than one Set the time to decide whether to perform the step of judging whether the input password conforms to the pre-stored password.

在第二實施例中,在前述待認證模組啟動已認證模組之步驟中,待認證模組係根據一預設選擇啟動已認證模組。In the second embodiment, in the step of starting the authenticated module by the module to be authenticated, the module to be authenticated starts the authenticated module according to a preset selection.

在第二實施例中,在前述待認證模組啟動已認證模組之步驟中,待認證模組係根據標示已認證模組之一標籤啟動已認證模組。In the second embodiment, in the step of starting the authenticated module by the module to be authenticated, the module to be authenticated starts the authenticated module according to the label indicating one of the authenticated modules.

請參照圖1,為應用本發明之自然人憑證認證方法之第一實施例之自然人憑證認證系統100之示意圖。自然人憑證認證系統100包含兩客戶端裝置11、12(為方便描述,分別稱為第一客戶端裝置11及第二客戶端裝置12)、雲端伺服器13及網際網路14。第一客戶端裝置11以及第二客戶端裝置12可分別經由網際網路14連接於雲端伺服器13。在此,圖1係以第一客戶端裝置11及第二客戶端裝置12分別為筆記型電腦及手機為例,然本發明不以此為限,第一客戶端裝置11亦可為個人電腦、手機或個人行動助理等電子裝置,第二客戶端裝置12亦可為個人電腦、筆記型電腦或個人行動助理等電子裝置。Please refer to FIG. 1, which is a schematic diagram of a natural person voucher authentication system 100 of a first embodiment of a natural person voucher authentication method to which the present invention is applied. The natural person voucher authentication system 100 includes two client devices 11, 12 (referred to as a first client device 11 and a second client device 12, respectively for convenience of description), a cloud server 13, and an internetwork 14. The first client device 11 and the second client device 12 can be connected to the cloud server 13 via the Internet 14, respectively. Here, FIG. 1 is an example in which the first client device 11 and the second client device 12 are respectively a notebook computer and a mobile phone. However, the present invention is not limited thereto, and the first client device 11 may also be a personal computer. The electronic device such as a mobile phone or a personal mobile assistant can also be an electronic device such as a personal computer, a notebook computer or a personal mobile assistant.

在本實施例中,雲端伺服器13係由金融機構所架設且可提供各種類型之線上服務。當使用者操作第一客戶端裝置11的應用程式(APP)、網頁(Website)或其他軟體,並透過網際網路14連線至雲端伺服器13以進行個人之線上服務時,為避免使用者的身份遭到冒用,雲端伺服器13會對使用者進行身份認證,此時應用程式、網頁或其他軟體即為一待認證模組(圖未示)。本實施例之自然人憑證認證方法可讓使用者以已認證過之第二客戶端裝置12來進行第一客戶端裝置11之身份認證,而不需透過讀卡機與實體自然人憑證卡片進行認證。詳細而言,第二客戶端裝置12包含一已認證模組121,已認證模組121可為應用程式或其他類型的軟體。已認證模組121包含由自然人憑證之憑證發行單位(例如內政部)授權之行動自然人憑證,換言之,第二客戶端裝置12綁定有使用者之已認證自然人憑證資訊,已認證自然人憑證資訊可為身份證字號、姓名、年齡、性別或前述項目之組合。使用者可藉由第二客戶端裝置12之已認證模組121使第一客戶端裝置11通過身份驗證而可以執行所欲進行的線上服務。In the present embodiment, the cloud server 13 is erected by a financial institution and can provide various types of online services. When the user operates the application (APP), webpage or other software of the first client device 11 and connects to the cloud server 13 via the Internet 14 for personal online service, in order to avoid the user The identity is fraudulently used, and the cloud server 13 authenticates the user. At this time, the application, webpage or other software is a standby authentication module (not shown). The natural person voucher authentication method of the embodiment allows the user to authenticate the identity of the first client device 11 with the authenticated second client device 12 without authentication by the card reader and the entity natural person voucher card. In detail, the second client device 12 includes an authenticated module 121, and the authenticated module 121 can be an application or other type of software. The authenticated module 121 includes the action natural person certificate authorized by the certificate issuing unit of the natural person certificate (for example, the Ministry of the Interior). In other words, the second client device 12 is bound with the authenticated natural person voucher information of the user, and the authenticated natural person voucher information can be Is the ID number, name, age, gender or a combination of the above. The user can enable the first client device 11 to perform the online service to be performed by the authenticated module 121 of the second client device 12.

請進一步參照圖2,圖2為根據本發明之自然人憑證認證方法之第一實施例之流程圖。當使用者在進行身份驗證時,使用者藉由第一客戶端裝置11的應用程式、網頁或其他軟體將帶有使用者之待認證自然人憑證資訊(例如身份證字號、個人識別碼(Personal Identification Number)、名稱或出生日期)之自然人憑證認證請求經由網際網路14發送至雲端伺服器13(步驟S01)。雲端伺服器13收到來自第一客戶端裝置11之自然人憑證認證請求後,會產生對應於自然人憑證認證請求之認證連結,並將認證連結經由網際網路14發送至第一客戶端裝置11,使第一客戶端裝置11之待認證模組取得認證連結(步驟S02)。接著,使用者操作第二客戶端裝置12以自第一客戶端裝置11之待認證模組取得來自雲端伺服器13之認證連結(步驟S03),然後第二客戶端裝置12之已認證模組121根據認證連結取得對應於自然人憑證認證請求之待認證自然人憑證資訊(步驟S04)。已認證模組121接著判斷待認證自然人憑證資訊是否符合已認證自然人憑證資訊(步驟S05),當待認證自然人憑證資訊符合已認證自然人憑證資訊時(已認證模組121的判斷結果為「是」),表示有人正試圖以第二客戶端裝置12之行動自然人憑證的所有者的名義在第一客戶端裝置11取得身分驗證。此時,已認證模組121或者雲端伺服器13產生密碼輸入請求(步驟S06),然後第一客戶端裝置11或者第二客戶端裝置12會收到密碼輸入請求,以對使用者進行進一步的身份驗證。若是由雲端伺服器13產生密碼輸入請求並由第一客戶端裝置11接收密碼輸入請求,使用者可將密碼鍵入第一客戶端裝置11,雲端伺服器13經由網際網路14接收使用者鍵入之輸入密碼(步驟S07),然後判斷輸入密碼是否符合對應於已認證自然人憑證資訊之預存密碼(步驟S08)。當輸入密碼符合預存密碼時(雲端伺服器13的判斷結果為「是」),雲端伺服器13可將表示認證成功之驗證結果發送至第一客戶端裝置11之待認證模組(步驟S09),如此便完成自然人憑證認證請求;當輸入密碼不符合預存密碼時(雲端伺服器13的判斷結果為「否」),雲端伺服器13可將表示認證失敗之驗證結果發送至第一客戶端裝置11(步驟S10)。倘若是由已認證模組121產生密碼輸入請求,則第二客戶端裝置12接收前述密碼輸入請求,此時使用者可將密碼鍵入第二客戶端裝置12,當第二客戶端裝置12之已認證模組接收使用者鍵入之輸入密碼(步驟S07)後,便判斷輸入密碼是否符合對應於已認證自然人憑證資訊之預存密碼(步驟S08)。當輸入密碼符合預存密碼時,第二客戶端裝置12之已認證模組便將表示認證成功之驗證結果發送至第一客戶端裝置11之待認證模組(步驟S09),如此便完成自然人憑證認證請求;當輸入密碼不符合預存密碼時,第二客戶端裝置12之已認證模組可將表示認證失敗之驗證結果發送至第一客戶端裝置11(步驟S10)。Please refer to FIG. 2 further. FIG. 2 is a flow chart of a first embodiment of a natural person voucher authentication method according to the present invention. When the user is authenticated, the user, with the application, webpage or other software of the first client device 11, will have the user's certificate of the natural person to be authenticated (eg, ID number, personal identification number (Personal Identification). The natural person credential authentication request of Number, name or date of birth is sent to the cloud server 13 via the Internet 14 (step S01). After receiving the natural person credential authentication request from the first client device 11, the cloud server 13 generates an authentication link corresponding to the natural person credential authentication request, and sends the authentication link to the first client device 11 via the Internet 14. The authentication module to be authenticated by the first client device 11 is obtained (step S02). Then, the user operates the second client device 12 to obtain the authentication link from the cloud server 13 from the to-be-authenticated module of the first client device 11 (step S03), and then the authenticated module of the second client device 12 121 obtains the natural person voucher information to be authenticated corresponding to the natural person voucher authentication request according to the authentication link (step S04). The authenticated module 121 then determines whether the natural person voucher information to be authenticated meets the authenticated natural person voucher information (step S05), and when the natural person voucher information to be authenticated conforms to the authenticated natural person voucher information (the authentication result of the authenticated module 121 is "Yes") ), indicating that someone is attempting to obtain identity verification at the first client device 11 in the name of the owner of the action natural person voucher of the second client device 12. At this time, the authenticated module 121 or the cloud server 13 generates a password input request (step S06), and then the first client device 11 or the second client device 12 receives a password input request to further the user. Authentication. If the password input request is generated by the cloud server 13 and the password input request is received by the first client device 11, the user can enter the password into the first client device 11, and the cloud server 13 receives the user's type via the Internet 14. The password is input (step S07), and then it is judged whether or not the input password conforms to the pre-stored password corresponding to the authenticated natural person voucher information (step S08). When the input password meets the pre-stored password (the determination result of the cloud server 13 is YES), the cloud server 13 can transmit the verification result indicating that the authentication is successful to the to-be-authenticated module of the first client device 11 (step S09). In this way, the natural person credential authentication request is completed; when the input password does not match the pre-stored password (the determination result of the cloud server 13 is "NO"), the cloud server 13 can transmit the verification result indicating the authentication failure to the first client device. 11 (step S10). If the password input request is generated by the authenticated module 121, the second client device 12 receives the password input request, and the user can input the password into the second client device 12 when the second client device 12 has After receiving the input password entered by the user (step S07), the authentication module determines whether the input password meets the pre-stored password corresponding to the authenticated natural person credential information (step S08). When the input password meets the pre-stored password, the authenticated module of the second client device 12 sends the verification result indicating that the authentication is successful to the to-be-authenticated module of the first client device 11 (step S09), so that the natural person certificate is completed. The authentication request; when the input password does not match the pre-stored password, the authenticated module of the second client device 12 may transmit the verification result indicating the authentication failure to the first client device 11 (step S10).

在一實施態樣中,對應於已認證自然人憑證資訊之預存密碼可儲存於雲端伺服器13或第二客戶端裝置12。當預存密碼儲存在第二客戶端裝置12且由第二客戶端裝置12之已認證模組來接收密碼輸入請求時,已認證模組可直接進行步驟S08來判斷輸入密碼是否符合對應於已認證自然人憑證資訊之預存密碼。然而當預存密碼儲存在第二客戶端裝置12且並非由第二客戶端裝置12之已認證模組來接收密碼輸入請求時,已認證模組121可將預存密碼經由網際網路14發送至雲端伺服器13,使雲端伺服器13執行步驟S08以判斷輸入密碼是否符合預存密碼。再者,當雲端伺服器13接收到來自已認證模組121之密碼輸入請求時,雲端伺服器13可根據密碼輸入請求將表示密碼輸入欄位之訊號發送至第一客戶端裝置11,使第一客戶端裝置11顯示密碼輸入欄位,以便於使用者在密碼輸入欄位將密碼鍵入第一客戶端裝置11。In an embodiment, the pre-stored password corresponding to the authenticated natural person credential information may be stored in the cloud server 13 or the second client device 12. When the pre-stored password is stored in the second client device 12 and the password input request is received by the authenticated module of the second client device 12, the authenticated module can directly perform step S08 to determine whether the input password meets the corresponding authentication. Pre-stored password for natural person voucher information. However, when the pre-stored password is stored in the second client device 12 and the password input request is not received by the authenticated module of the second client device 12, the authenticated module 121 can send the pre-stored password to the cloud via the Internet 14. The server 13 causes the cloud server 13 to execute step S08 to determine whether the input password conforms to the pre-stored password. Moreover, when the cloud server 13 receives the password input request from the authenticated module 121, the cloud server 13 can send a signal indicating the password input field to the first client device 11 according to the password input request, so that the first A client device 11 displays a password entry field to facilitate the user entering the password into the first client device 11 in the password entry field.

在一實施態樣中,雲端伺服器13產生之認證連結可為二維條碼,例如快速響應矩陣碼(Quick Response,QR)碼,QR碼可顯示於第一客戶端裝置11之待認證模組上,使用者可以透過第二客戶端裝置12掃描QR碼,使已認證模組121取得認證連結;或者,認證連結可為網址連結,使用者可直接將網址連結鍵入第二客戶端裝置12,使已認證模組121取得認證連結;或者,第一客戶端裝置11以無線或有線傳輸之方式將認證連結發送至第二客戶端裝置12,使已認證模組121取得認證連結。In an implementation manner, the authentication link generated by the cloud server 13 may be a two-dimensional barcode, such as a Quick Response (QR) code, and the QR code may be displayed on the first client device 11 to be authenticated. The user can scan the QR code through the second client device 12 to enable the authenticated module 121 to obtain the authentication link. Alternatively, the authentication link can be a web link, and the user can directly input the URL link into the second client device 12. The authenticated module 121 obtains the authentication link; or the first client device 11 transmits the authentication link to the second client device 12 by wireless or wired transmission, so that the authenticated module 121 obtains the authentication link.

雲端伺服器13產生之認證連結係包含標記(token),標記係對應於自然人憑證認證請求,因而對應於待認證自然人憑證資訊。在已認證模組121接收認證連結之後,在步驟S04中,已認證模組121根據認證連結連線至雲端伺服器13,由於認證連結包含標記,雲端伺服器13根據與已認證模組121之間之連線取得標記,雲端伺服器13選擇標記所對應之待認證自然人憑證資訊,並將標記所對應之待認證自然人憑證資訊發送至已認證模組121。再者,由於雲端伺服器13本身會收到來自不同使用者之自然人憑證認證請求,為將不同使用者產生之自然人憑證認證請求進行區隔,每一標記係一對一對應於每一自然人憑證認證請求,於此,雲端伺服器13可根據標記將待認證自然人憑證資訊一對一地發送至不同客戶端裝置的已認證模組。The authentication link generated by the cloud server 13 includes a token corresponding to the natural person credential authentication request, and thus corresponds to the natural person credential information to be authenticated. After the authenticated module 121 receives the authentication link, in step S04, the authenticated module 121 is connected to the cloud server 13 according to the authentication link. Since the authentication link includes the mark, the cloud server 13 is based on the authenticated module 121. The connection between the connections is obtained, and the cloud server 13 selects the natural person voucher information to be authenticated corresponding to the tag, and sends the natural person voucher information corresponding to the tag to the authenticated module 121. Moreover, since the cloud server 13 itself receives the natural person credential authentication request from different users, in order to separate the natural person credential authentication request generated by different users, each mark corresponds one-to-one to each natural person credential. The authentication request, here, the cloud server 13 can send the natural person voucher information to be authenticated to the authenticated module of different client devices one by one according to the mark.

再者,為提高安全性,在步驟S04中,雲端伺服器13可記錄認證連結的產生時間,且雲端伺服器13在已認證模組121與其連線時判斷認證連結的產生時間至已認證模組121與其連線的時間點之間的時間差是否小於一預設時間(為方便描述以下稱為第一預設時間),只有當前述時間差小於第一預設時間時,雲端伺服器13始將待認證自然人憑證資訊發送至已認證模組121。當前述之時間差等於或大於第一預設時間時,雲端伺服器13便不會將待認證自然人憑證資訊發送至已認證模組121,而可選擇性地產生訊息提示使用者重新產生自然人憑證認證請求。此外,雲端伺服器13也可以在其產生認證連結一預設時間內沒有收到已認證模組121的回應後,便令該認證連結失效。Furthermore, in order to improve security, in step S04, the cloud server 13 can record the generation time of the authentication link, and the cloud server 13 determines the generation time of the authentication link to the authenticated mode when the authenticated module 121 is connected thereto. Whether the time difference between the group 121 and the time point of the connection is less than a preset time (hereinafter referred to as a first preset time for convenience of description), and only when the foregoing time difference is less than the first preset time, the cloud server 13 will start The natural person voucher information to be authenticated is sent to the authenticated module 121. When the foregoing time difference is equal to or greater than the first preset time, the cloud server 13 does not send the natural person credential information to be authenticated to the authenticated module 121, but selectively generates a message prompting the user to regenerate the natural person credential authentication. request. In addition, the cloud server 13 may also invalidate the authentication link after receiving the authentication link for a predetermined period of time without receiving the response from the authenticated module 121.

進一步,在步驟S08中,若是由第一客戶端裝置11接收輸入密碼且經由網際網路14將輸入密碼傳送至雲端伺服器13,雲端伺服器13可判斷密碼輸入請求之產生時間點至雲端伺服器13接收輸入密碼之時間點之間的時間差是否小於一預設時間(為方便描述,以下稱為第二預設時間),第二預設時間可相同或不同於第一預設時間。當前述時間差小於第二預設時間時,雲端伺服器13始判斷輸入密碼是否符合預存密碼。當前述時間差等於或大於第二預設時間時,雲端伺服器13便不判斷輸入密碼是否符合預存密碼,雲端伺服器13可產生訊息提示使用者重新輸入密碼。此外,雲端伺服器13也可以在其發送密碼輸入請求一預設時間內沒有接收到輸入密碼後,於該次身分驗證中便不再接收輸入密碼。同樣地,在步驟S08中,若是由第二客戶端裝置12接收輸入密碼,第二客戶端裝置12之已認證模組可判斷密碼輸入請求之產生時間點至第二客戶端裝置12接收輸入密碼之時間點之間的時間差是否小於一第二預設時間。當前述時間差小於第二預設時間時,第二客戶端裝置12之已認證模組始判斷輸入密碼是否符合預存密碼。當前述時間差等於或大於第二預設時間時,第二客戶端裝置12之已認證模組便不判斷輸入密碼是否符合預存密碼,且可產生訊息提示使用者重新輸入密碼。此外,第二客戶端裝置12之已認證模組也可以在其發送密碼輸入請求一預設時間內沒有接收到輸入密碼後,於該次身分驗證中便不再接收輸入密碼。Further, in step S08, if the input password is received by the first client device 11 and the input password is transmitted to the cloud server 13 via the Internet 14, the cloud server 13 can determine the time point of the password input request to the cloud server. Whether the time difference between the time points when the device 13 receives the password is less than a preset time (hereinafter referred to as a second preset time for convenience of description), and the second preset time may be the same or different from the first preset time. When the foregoing time difference is less than the second preset time, the cloud server 13 first determines whether the input password conforms to the pre-stored password. When the foregoing time difference is equal to or greater than the second preset time, the cloud server 13 does not determine whether the input password meets the pre-stored password, and the cloud server 13 may generate a message prompting the user to re-enter the password. In addition, the cloud server 13 may not receive the input password in the identity verification after receiving the password input request for a preset time. Similarly, in step S08, if the input password is received by the second client device 12, the authenticated module of the second client device 12 can determine the time point when the password input request is generated until the second client device 12 receives the input password. Whether the time difference between the time points is less than a second preset time. When the foregoing time difference is less than the second preset time, the authenticated module of the second client device 12 first determines whether the input password meets the pre-stored password. When the foregoing time difference is equal to or greater than the second preset time, the authenticated module of the second client device 12 does not determine whether the input password meets the pre-stored password, and may generate a message prompting the user to re-enter the password. In addition, the authenticated module of the second client device 12 may not receive the input password in the identity verification after receiving the password input request for a preset time.

在一實施態樣中,在執行步驟S05之後,當待認證自然人憑證資訊不符合已認證自然人憑證資訊時(已認證模組121的判斷結果為「否」),表示使用者之行動自然人憑證可能已經無效,或是使用者未將自然人憑證匯入已認證模組121,此時已認證模組121不產生密碼輸入請求。因此,當待認證自然人憑證資訊不符合已認證自然人憑證資訊時,已認證模組121可產生自然人憑證匯入請求或是自然人憑證更新請求(步驟S11),以提示使用者將自然人憑證資訊匯入已認證模組121或是將已認證模組121中的行動自然人憑證進行更新。In an implementation manner, after the step S05 is performed, when the natural person voucher information to be authenticated does not meet the authenticated natural person voucher information (the judgment result of the authenticated module 121 is “No”), the user’s action natural person voucher may be It has been invalidated, or the user has not imported the natural person certificate into the authenticated module 121. At this time, the authenticated module 121 does not generate a password input request. Therefore, when the natural person voucher information to be authenticated does not meet the authenticated natural person voucher information, the authenticated module 121 may generate a natural person voucher import request or a natural person voucher update request (step S11) to prompt the user to import the natural person voucher information. The authenticated module 121 either updates the action natural person credentials in the authenticated module 121.

在一實施態樣中,雲端伺服器13可將第一客戶端裝置11發送自然人憑證認證請求的時間點儲存於一記錄檔(log)中,且雲端伺服器13可將身份認證為成功或失敗之認證結果儲存於記錄檔中,以便於雲端伺服器13之管理者管理線上服務之相關資訊。In an implementation, the cloud server 13 may store the time point at which the first client device 11 sends the natural person credential authentication request in a log, and the cloud server 13 may authenticate the identity as a success or failure. The authentication result is stored in the log file, so that the administrator of the cloud server 13 manages information related to the online service.

請進一步參照圖3,圖3為應用本發明之自然人憑證認證方法之第一實施例之另一自然人憑證認證系統200之示意圖。自然人憑證認證系統200與自然人憑證認證系統100之差異在於,自然人憑證認證系統200只有包含單一個客戶端裝置(第三客戶端裝置15)。第三客戶端裝置15經由網際網路14連接於雲端伺服器13,且第三客戶端裝置15包含已認證模組151及待認證模組152。Please refer to FIG. 3, which is a schematic diagram of another natural person voucher authentication system 200 applying the first embodiment of the natural person voucher authentication method of the present invention. The natural person voucher authentication system 200 differs from the natural person voucher authentication system 100 in that the natural person voucher authentication system 200 includes only a single client device (third client device 15). The third client device 15 is connected to the cloud server 13 via the Internet 14, and the third client device 15 includes the authenticated module 151 and the module to be authenticated 152.

在本實施態樣中,待認證模組152可為網頁、應用程式或其他軟體,使用者可藉由待認證模組152進行需要身分驗證之線上服務。當使用者在進行身分驗證時,使用者藉由第三客戶端裝置15之待認證模組152將帶有使用者之待認證自然人憑證資訊(例如身份證字號)之自然人憑證認證請求經由網際網路14發送至雲端伺服器13以執行步驟S01。雲端伺服器13收到來自第三客戶端裝置15之自然人憑證認證請求後,會產生對應於自然人憑證認證請求之認證連結,並將認證連結經由網際網路14發送至第三客戶端裝置15之待認證模組152(步驟S02)。認證連結可為網址連結。此時使用者可以操作已認證模組151而自待認證模組152取得來自於雲端伺服器13之認證連結(步驟S03),並根據認證連結自雲端伺服器13取得待認證自然人憑證資訊(步驟S04)。已認證模組151接著判斷待認證自然人憑證資訊是否符合已認證自然人憑證資訊(步驟S05),當待認證自然人憑證資訊符合已認證自然人憑證資訊時(已認證模組151的判斷結果為「是」),時,待認證模組152會顯示密碼輸入請求,以對使用者進行進一步的身份驗證。當使用者根據密碼輸入請求將密碼鍵入第三客戶端裝置15後,雲端伺服器13執行步驟S07至S08。在雲端伺服器13執行步驟S08之後,雲端伺服器13可將驗證結果發送至第三客戶端裝置15,使待認證模組152顯示認證成功或認證失敗之驗證結果(步驟S09、S10)。此外,在一實施態樣中也可以是由已認證模組151顯示密碼輸入請求,並且由已認證模組151執行步驟S07至S10。In this embodiment, the to-be-authenticated module 152 can be a webpage, an application, or other software. The user can perform an online service that requires identity verification by the module to be authenticated 152. When the user performs the identity verification, the user passes the natural person voucher authentication request with the user's natural person voucher information (eg, ID number) to be authenticated by the third client device 15 to be authenticated module 152 via the Internet. The way 14 is sent to the cloud server 13 to perform step S01. After receiving the natural person credential authentication request from the third client device 15, the cloud server 13 generates an authentication link corresponding to the natural person credential authentication request, and transmits the authentication link to the third client device 15 via the Internet 14. The module 152 to be authenticated (step S02). The authentication link can be a URL link. At this time, the user can operate the authenticated module 151 and obtain the authentication link from the cloud server 13 from the standby authentication module 152 (step S03), and obtain the natural person credential information to be authenticated from the cloud server 13 according to the authentication link (step S04). The authenticated module 151 then determines whether the natural person voucher information to be authenticated meets the authenticated natural person voucher information (step S05), and when the natural person voucher information to be authenticated conforms to the authenticated natural person voucher information (the authentication result of the authenticated module 151 is "Yes") At the time, the to-be-authenticated module 152 displays a password input request for further authentication of the user. When the user types the password into the third client device 15 according to the password input request, the cloud server 13 performs steps S07 to S08. After the cloud server 13 performs step S08, the cloud server 13 can send the verification result to the third client device 15 to cause the to-be-authenticated module 152 to display the verification result of the authentication success or the authentication failure (steps S09, S10). Further, in an embodiment, the password input request may be displayed by the authenticated module 151, and steps S07 to S10 are executed by the authenticated module 151.

在本實施態樣中,雲端伺服器13產生之認證連結同樣可包含標記,且可根據使用者是否在一預設時間內完成特定步驟來判斷是否中止該次身分驗證。此外,雲端伺服器13還可產生自然人憑證匯入請求或是自然人憑證更新請求(步驟S11)。In this embodiment, the authentication link generated by the cloud server 13 may also include a tag, and may determine whether to suspend the identity verification according to whether the user completes a specific step within a preset time. Further, the cloud server 13 may also generate a natural person voucher import request or a natural person voucher update request (step S11).

請參照圖4及圖5,分別為根據本發明之自然人憑證認證方法之第二實施例之流程圖以及應用本發明之自然人憑證認證方法之第二實施例之自然人憑證認證系統300之示意圖。相較於第一實施例,本實施例之自然人憑證認證系統300包含第四客戶端裝置16但未包含雲端伺服器13,且第四客戶端裝置16可以是智慧型手機或者是平板電腦,其包含可相互傳值之已認證模組161(例如A銀行所發行之應用程式)及待認證模組162(例如B銀行所發行之應用程式)。已認證模組161已向憑證發行單位(例如內政部)取得授權之行動自然人憑證,因而包含行動自然人憑證,且行動自然人憑證包含已認證自然人憑證資訊。4 and FIG. 5, which are respectively a flowchart of a second embodiment of a natural person voucher authentication method according to the present invention and a schematic diagram of a natural person voucher authentication system 300 of a second embodiment of the natural person voucher authentication method to which the present invention is applied. Compared with the first embodiment, the natural person credential authentication system 300 of the present embodiment includes the fourth client device 16 but does not include the cloud server 13, and the fourth client device 16 can be a smart phone or a tablet computer. It includes a certified module 161 (for example, an application issued by Bank A) and a module 162 to be authenticated (for example, an application issued by Bank B). The authenticated module 161 has obtained an authorized action natural person certificate from the voucher issuing unit (for example, the Ministry of the Interior), thus including the action natural person voucher, and the action natural person voucher contains the authenticated natural person voucher information.

在第二實施例中,當使用者藉由待認證模組162進行必須進行身份驗證之線上服務時,待認證模組162會接收來自使用者輸入之待認證自然人憑證資訊,例如身份證字號(步驟S12)、個人識別碼(Personal Identification Number)、名稱或出生日期等,但不限於此。由於待認證模組162本身尚未向憑證發行單位取得授權之行動自然人憑證,因此待認證模組162會透過模組中已預設之啟動連結去呼叫已認證模組161,藉此啟動已認證模組161(步驟S13),在其他實施態樣中,啟動連結可以是使用者經由待認證模組162指定已認證模組161而產生,也可以由待認證模組162透過詢問方式尋找已認證模組161後產生,但不限於此。此時,已認證模組161會判斷待認證模組162所接收之待認證自然人憑證資訊是否符合已認證自然人憑證資訊(步驟S14)。當待認證自然人憑證資訊符合已認證自然人憑證資訊時(已認證模組161的判斷結果為「是」),表示有人正試圖以已認證模組161之行動自然人憑證的所有者的名義在待認證模組162取得身份驗證。此時,已認證模組161會產生密碼輸入請求(步驟S15),使用者可根據密碼輸入請求將密碼鍵入已認證模組161。已認證模組161接收到輸入密碼(步驟S16)後,接著便判斷輸入密碼是否符合第四客戶端裝置16中對應於已認證自然人憑證資訊之預存密碼(步驟S17)。In the second embodiment, when the user performs an online service that needs to be authenticated by the module to be authenticated 162, the to-be-authenticated module 162 receives the information of the natural person to be authenticated input from the user, such as an ID number ( Step S12), Personal Identification Number, name or date of birth, etc., but are not limited thereto. Since the module to be authenticated 162 has not obtained the authorized action person certificate from the certificate issuing unit, the module to be authenticated 162 calls the authenticated module 161 through the preset activation link in the module, thereby starting the authenticated module. The group 161 (step S13), in other implementations, the activation link may be generated by the user specifying the authenticated module 161 via the module to be authenticated 162, or may be searched by the module to be authenticated 162 to find the authenticated module. Group 161 is produced, but is not limited thereto. At this time, the authenticated module 161 determines whether the natural person voucher information to be authenticated received by the module to be authenticated 162 meets the authenticated natural person voucher information (step S14). When the natural person voucher information to be authenticated conforms to the authenticated natural person voucher information (the judgment result of the authenticated module 161 is "Yes"), it indicates that someone is trying to be authenticated in the name of the owner of the action natural person voucher of the authenticated module 161. Module 162 obtains authentication. At this time, the authenticated module 161 generates a password input request (step S15), and the user can input the password into the authenticated module 161 according to the password input request. After receiving the input password (step S16), the authenticated module 161 then determines whether the input password conforms to the pre-stored password corresponding to the authenticated natural person credential information in the fourth client device 16 (step S17).

當輸入密碼符合預存密碼時,亦即已認證模組161的判斷結果為「是」,已認證模組161可將表示認證成功之驗證結果發送至待認證模組162(步驟S18)。當輸入密碼不符合預存密碼時,已認證模組161的判斷結果為「否」,已認證模組161可將表示認證失敗之驗證結果發送至待認證模組162(步驟S20),此時,可令已認證模組161再次產生密碼輸入請求(步驟S15)或者直接中止認證。再者,在執行步驟S14之後,當已認證模組161的判斷結果為「否」時,已認證模組161可產生自然人憑證匯入請求或是自然人憑證更新請求(步驟S19)。When the input password meets the pre-stored password, that is, the determination result of the authenticated module 161 is YES, the authenticated module 161 can transmit the verification result indicating that the authentication is successful to the to-be-authenticated module 162 (step S18). When the input password does not match the pre-stored password, the verification result of the authenticated module 161 is "NO", and the authenticated module 161 can send the verification result indicating the authentication failure to the to-be-authenticated module 162 (step S20). The authenticated module 161 may be caused to generate a password input request again (step S15) or directly suspend the authentication. Furthermore, after the execution of step S14, when the determination result of the authenticated module 161 is "NO", the authenticated module 161 may generate a natural person voucher remittance request or a natural person voucher update request (step S19).

在一實施態樣中,為提高安全性,在步驟S17中,已認證模組161於判斷輸入密碼是否符合預存密碼前,可先判斷密碼輸入請求之產生時間至輸入密碼之接收時間之間之時間差是否小於一預設時間,只有當前述時間差小於預設時間時,已認證模組161始判斷輸入密碼是否符合預存密碼。當前述時間差大於或等於預設時間時,已認證模組161便可不判斷輸入密碼是否符合預存密碼,而產生訊息提示使用者已逾時未輸入密碼。In an implementation manner, in order to improve the security, in step S17, the authenticated module 161 may first determine the time between the generation of the password input request and the receiving time of the input password before determining whether the input password meets the pre-stored password. Whether the time difference is less than a preset time, and only when the foregoing time difference is less than the preset time, the authenticated module 161 first determines whether the input password conforms to the pre-stored password. When the foregoing time difference is greater than or equal to the preset time, the authenticated module 161 may not determine whether the input password meets the pre-stored password, and generate a message prompting the user that the password has not been entered.

在一實施態樣中,自然人憑證認證系統可以包含有多個待認證模組,無論使用者藉由哪一待認證模組執行線上服務而必須以自然人憑證進行身份驗證,所執行的待認證模組可根據一預設選擇啟動預選的已認證模組161,然後已認證模組161可接收使用者所輸入的密碼,並判斷輸入密碼是否符合預存密碼。在步驟S18及步驟S20中,已認證模組161可將密碼認證為成功或失敗之驗證結果發送至發出自然人憑證認證請求之待認證模組。In an implementation manner, the natural person credential authentication system may include a plurality of modules to be authenticated, and the user must perform authentication by using a natural person credential, which is to be authenticated by the user. The group can start the pre-selected authenticated module 161 according to a preset selection, and then the authenticated module 161 can receive the password input by the user and determine whether the input password meets the pre-stored password. In step S18 and step S20, the authenticated module 161 can send the verification result of the password authentication to success or failure to the to-be-authenticated module that issues the natural person credential authentication request.

在一實施態樣中,在步驟S13中,待認證模組162可根據一標籤(tag)來得知已認證模組161的存在進而啟動已認證模組161。標籤可儲存在第四客戶端裝置16中,其可記錄有表示已認證模組161之軟體類型以及是否已認證等資訊,俾供待認證模組識別出已認證模組161。於此,在待認證模組162根據標籤啟動已認證模組161之後,已認證模組161可根據與待認證模組162之間之連結得知發出待認證自然人憑證資訊之待認證模組為何,進而在步驟S18中將認證成功或失敗之驗證結果發送至待認證模組162。In an embodiment, in step S13, the to-be-authenticated module 162 can learn the existence of the authenticated module 161 according to a tag and activate the authenticated module 161. The tag can be stored in the fourth client device 16, and can record information indicating the type of the software of the authenticated module 161 and whether it has been authenticated, and the authentication module 161 is recognized by the module to be authenticated. After the authentication module 162 is activated according to the label, the authenticated module 161 can know, according to the connection with the module to be authenticated 162, the module to be authenticated that issues the information of the natural person to be authenticated. Then, in step S18, the verification result of the authentication success or failure is sent to the to-be-authenticated module 162.

綜上所述,根據本發明之自然人憑證認證方法之一實施例,使用者本身只需具有一個已包含來自憑證發行單位(內政部)授權之行動自然人憑證之客戶端裝置,便可以讓未包含來自憑證發行單位授權之行動自然人憑證之其他客戶端裝置也能通過身分驗證而執行所需的線上服務。而根據本發明之自然人憑證認證方法之另一實施例,使用者之行動電子裝置只需包含一個已向憑證發行單位取得授權之行動自然人憑證之已認證模組,便可以讓安裝於同一行動電子裝置中但尚未向憑證發行單位取得授權之行動自然人憑證之其他待認證模組也能通過身分驗證而執行所需的線上服務。亦即使用者不再受限於實體自然人憑證晶片卡必須插入讀卡機使用之限制,在任何具有網路連線的地點都可藉由已認證模組進行身份驗證,以使用政府機關及金融服務業所開發的線上服務,提升了使用之便利性。In summary, according to an embodiment of the natural person voucher authentication method of the present invention, the user itself only needs to have a client device that includes the action natural person certificate authorized by the voucher issuing unit (Ministry of the Interior), so that the user does not include Other client devices from the action natural person credentials authorized by the voucher issuing authority can also perform the required online services through identity verification. According to another embodiment of the natural person certificate authentication method of the present invention, the user's mobile electronic device only needs to include an authenticated module of the action natural person certificate that has been authorized to the voucher issuing unit, so that the user can be installed in the same mobile electronic device. Other modules to be authenticated in the device but not yet authorized by the voucher issuing unit can also perform the required online services through identity verification. That is to say, the user is no longer limited by the restriction that the physical person's voucher chip card must be inserted into the card reader. In any place with network connection, the authenticated module can be used for authentication to use government agencies and finance. The online services developed by the service industry have improved the convenience of use.

雖然本案已以實施例揭露如上然其並非用以限定本案,任何所屬技術領域中具有通常知識者,在不脫離本案之精神和範圍內,當可作些許之更動與潤飾,故本案之保護範圍當視後附之專利申請範圍所界定者為準。Although the present invention has been disclosed in the above embodiments, it is not intended to limit the present invention. Any person having ordinary knowledge in the technical field can make some changes and refinements without departing from the spirit and scope of the present case. This is subject to the definition of the scope of the patent application.

100‧‧‧自然人憑證認證系統100‧‧‧ Natural Person Voucher Certification System

11‧‧‧第一客戶端裝置11‧‧‧First client device

12‧‧‧第二客戶端裝置12‧‧‧Second client device

121‧‧‧已認證模組121‧‧‧Certified modules

13‧‧‧雲端伺服器13‧‧‧Cloud Server

14‧‧‧網際網路14‧‧‧Internet

200‧‧‧自然人憑證認證系統200‧‧‧ natural person certificate authentication system

15‧‧‧第三客戶端裝置15‧‧‧ Third client device

151‧‧‧已認證模組151‧‧‧Certified modules

152‧‧‧待認證模組152‧‧‧Pending modules

300‧‧‧自然人憑證認證系統300‧‧‧Natural Personnel Certification System

16‧‧‧第四客戶端裝置16‧‧‧Fourth client device

161‧‧‧已認證模組161‧‧‧Certified modules

162‧‧‧待認證模組162‧‧‧Pending modules

S01-S20‧‧‧步驟S01-S20‧‧‧Steps

[圖1] 為應用本發明之自然人憑證認證方法之第一實施例之自然人憑證認證系統之示意圖。 [圖2] 為根據本發明之自然人憑證認證方法之第一實施例之流程圖。 [圖3] 為應用本發明之自然人憑證認證方法之第一實施例之另一自然人憑證認證系統之示意圖。 [圖4] 為根據本發明之自然人憑證認證方法之第二實施例之流程圖。 [圖5] 為應用本發明之自然人憑證認證方法之第二實施例之自然人憑證認證系統之示意圖。[Fig. 1] A schematic diagram of a natural person voucher authentication system of a first embodiment of a natural person voucher authentication method to which the present invention is applied. Fig. 2 is a flow chart showing a first embodiment of a natural person voucher authentication method according to the present invention. [Fig. 3] A schematic diagram of another natural person voucher authentication system which is a first embodiment of the natural person voucher authentication method to which the present invention is applied. Fig. 4 is a flow chart showing a second embodiment of the natural person voucher authentication method according to the present invention. [Fig. 5] A schematic diagram of a natural person voucher authentication system of a second embodiment of the natural person voucher authentication method to which the present invention is applied.

Claims (11)

一種自然人憑證認證方法,包含: 待認證模組發送一自然人憑證認證請求至一雲端伺服器; 該待認證模組取得來自該雲端伺服器之一認證連結; 一已認證模組自該待認證模組取得該認證連結,該認證連結對應於該自然人憑證認證請求; 該已認證模組根據該認證連結取得對應於該自然人憑證認證請求之一待認證自然人憑證資訊,該已認證模組包含一已認證自然人憑證資訊,該已認證自然人憑證資訊對應於一預存密碼; 該已認證模組判斷該待認證自然人憑證資訊是否符合該已認證自然人憑證資訊; 當該待認證自然人憑證資訊符合該已認證自然人憑證資訊時,產生一密碼輸入請求; 該雲端伺服器或該已認證模組接收對應於該密碼輸入請求之一輸入密碼;及 當由該雲端伺服器接收該輸入密碼時,該雲端伺服器判斷該輸入密碼是否符合該預存密碼,如相符則回傳驗證結果至該待認證模組;當由已認證模組接收該輸入密碼時,該已認證模組判斷該輸入密碼是否符合該預存密碼。A method for authenticating a natural person voucher includes: the module to be authenticated sends a natural person credential authentication request to a cloud server; the module to be authenticated obtains an authentication link from the cloud server; an authenticated module is from the to-be-authenticated module The group obtains the authentication link, and the authentication link corresponds to the natural person voucher authentication request; the authenticated module obtains one of the natural person voucher information corresponding to the natural person voucher authentication request according to the authentication link, and the authenticated module includes one The certified natural person voucher information corresponds to a pre-stored password; the authenticated module determines whether the natural person voucher information to be authenticated meets the authenticated natural person voucher information; and when the natural person voucher information to be authenticated meets the authenticated natural person When the voucher information is generated, a password input request is generated; the cloud server or the authenticated module receives a password corresponding to one of the password input requests; and when the input password is received by the cloud server, the cloud server determines Whether the input password matches the pre-stored password, such as The operator to return a verification result to be the authentication module; when receiving the password is authenticated by the module, the module determines whether the authenticated password meets the password stored. 如請求項1所述之自然人憑證認證方法,其中該已認證模組根據該認證連結取得對應於該自然人憑證認證請求之該待認證自然人憑證資訊之步驟包含: 該已認證模組根據該認證連結連線至該雲端伺服器,該認證連結包含對應於該自然人憑證認證請求之一標記;及 該雲端伺服器根據該標記將對應於該自然人憑證認證請求之該待認證自然人憑證資訊發送至該已認證模組。The method for authenticating a natural person voucher according to claim 1, wherein the step of obtaining, by the authenticated module, the voucher information of the natural person to be authenticated corresponding to the natural person voucher authentication request according to the authentication link comprises: the authenticated module according to the authentication link Connecting to the cloud server, the authentication link includes one of the tokens corresponding to the natural person credential authentication request; and the cloud server sends the credential natural person credential information corresponding to the natural person credential authentication request to the Authentication module. 如請求項2所述之自然人憑證認證方法,其中該雲端伺服器根據該標記將對應於該自然人憑證認證請求之該待認證自然人憑證資訊發送至該已認證模組之步驟中,該雲端伺服器根據該認證連結之一產生時間至該已認證模組連線於該雲端伺服器之一時間差是否小於一預設時間,來決定是否執行將該待認證自然人憑證資訊發送至該已認證模組之步驟。The method for authenticating a natural person voucher according to claim 2, wherein the cloud server sends the information of the natural person to be authenticated corresponding to the natural person voucher authentication request to the authenticated module according to the flag, the cloud server Determining whether to perform the sending of the natural person voucher information to be authenticated to the authenticated module according to whether the time difference between one of the authentication links and the time that the authenticated module is connected to the cloud server is less than a preset time step. 如請求項2所述之自然人憑證認證方法,更包含:該雲端伺服器根據該自然人憑證認證請求產生包含該標記之該認證連結,且該標記一對一對應於該自然人憑證認證請求。The method for authenticating a natural person certificate according to claim 2, further comprising: the cloud server generating the authentication link including the tag according to the natural person voucher authentication request, and the tag corresponds to the natural person voucher authentication request one-to-one. 如請求項1所述之自然人憑證認證方法,其中於判斷該輸入密碼是否符合該預存密碼之步驟中,該雲端伺服器或該已認證模組根據該密碼輸入請求之一產生時間至該輸入密碼之一接收時間之一時間差是否小於一預設時間,來決定是否執行判斷該輸入密碼是否符合該預存密碼之步驟。The method of claim 1, wherein the cloud server or the authenticated module generates a time according to one of the password input requests to the input password. Whether the time difference of one of the receiving times is less than a preset time determines whether to perform the step of determining whether the input password conforms to the pre-stored password. 如請求項1至5中任一項所述之自然人憑證認證方法,其中該已認證模組取得來自該雲端伺服器之該認證連結之步驟中,該認證連結為一網址連結或一二維條碼。The method of authenticating a natural person certificate according to any one of claims 1 to 5, wherein the authenticated module obtains the authentication link from the cloud server, the authentication link is a web link or a two-dimensional barcode . 一種自然人憑證認證方法,包含: 一待認證模組接收一待認證自然人憑證資訊; 該待認證模組啟動一已認證模組,該已認證模組包含一已認證自然人憑證資訊,該已認證自然人憑證資訊對應於一預存密碼; 該已認證模組判斷該待認證自然人憑證資訊是否符合該已認證自然人憑證資訊; 當該待認證自然人憑證資訊符合該已認證自然人憑證資訊時, 該已認證模組產生一密碼輸入請求; 該已認證模組接收一輸入密碼;及 該已認證模組判斷該輸入密碼是否符合該預存密碼,如相符則回傳驗證結果至該待認證模組。A natural person voucher authentication method includes: a to-be-certified module receives a natural person voucher information to be authenticated; the to-be-certified module activates an authenticated module, and the authenticated module includes an authenticated natural person voucher information, the authenticated natural person The credential information corresponds to a pre-stored password; the authenticated module determines whether the credential natural person voucher information meets the authenticated natural person voucher information; and when the natural person voucher information to be authenticated meets the authenticated natural person voucher information, the authenticated module Generating a password input request; the authenticated module receives an input password; and the authenticated module determines whether the input password meets the pre-stored password, and if yes, returns the verification result to the to-be-authenticated module. 如請求項1或7所述之自然人憑證認證方法,更包含:當該待認證自然人憑證資訊不符合該已認證自然人憑證資訊時,該已認證模組產生一自然人憑證匯入請求或一自然人憑證更新請求。The natural person voucher authentication method according to claim 1 or 7, further comprising: when the natural person voucher information to be authenticated does not meet the authenticated natural person voucher information, the authenticated module generates a natural person voucher remit request or a natural person voucher Update request. 如請求項7所述之自然人憑證認證方法,其中該已認證模組判斷該輸入密碼是否符合該預存密碼之步驟中,該已認證模組根據該密碼輸入請求之一產生時間至該輸入密碼之一接收時間之一時間差是否小於一預設時間來決定是否執行判斷該輸入密碼是否符合該預存密碼之步驟。The natural person certificate authentication method according to claim 7, wherein the authenticated module determines whether the input password meets the pre-stored password, and the authenticated module generates a time according to the password input request to the input password. Whether a time difference of one of the receiving times is less than a preset time determines whether to perform a step of determining whether the input password conforms to the pre-stored password. 如請求項7所述之自然人憑證認證方法,其中於該待認證模組啟動該已認證模組之步驟中,該待認證模組係根據一預設選擇啟動該已認證模組。The natural person certificate authentication method according to claim 7, wherein in the step of the module to be authenticated to activate the authenticated module, the module to be authenticated starts the authenticated module according to a preset selection. 如請求項7所述之自然人憑證認證方法,其中於該待認證模組啟動該已認證模組之步驟中,該待認證模組係根據標示該已認證模組之一標籤啟動該已認證模組。The method for authenticating a natural person certificate according to claim 7, wherein in the step of the module to be authenticated to activate the authenticated module, the module to be authenticated starts the authenticated module according to a label indicating one of the authenticated modules. group.
TW105144306A 2016-12-30 2016-12-30 Citizen digital certificate authentication method TWI612436B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW105144306A TWI612436B (en) 2016-12-30 2016-12-30 Citizen digital certificate authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW105144306A TWI612436B (en) 2016-12-30 2016-12-30 Citizen digital certificate authentication method

Publications (2)

Publication Number Publication Date
TWI612436B TWI612436B (en) 2018-01-21
TW201824051A true TW201824051A (en) 2018-07-01

Family

ID=61728692

Family Applications (1)

Application Number Title Priority Date Filing Date
TW105144306A TWI612436B (en) 2016-12-30 2016-12-30 Citizen digital certificate authentication method

Country Status (1)

Country Link
TW (1) TWI612436B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI767254B (en) * 2020-06-17 2022-06-11 玉山商業銀行股份有限公司 Authorization system and method thereof

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI331870B (en) * 2007-01-04 2010-10-11 Kinghood Technology Co Ltd Network data security system and protection method therefore
US9438575B2 (en) * 2011-12-22 2016-09-06 Paypal, Inc. Smart phone login using QR code
CN103581105B (en) * 2012-07-18 2017-09-22 财付通支付科技有限公司 Login validation method and login authentication system
TWI473507B (en) * 2012-10-25 2015-02-11 Univ Chien Hsin Sci & Tech QR code interactive OTP password authentication method
CN105933353B (en) * 2016-07-05 2019-05-17 北京万维星辰科技有限公司 The realization method and system of secure log

Also Published As

Publication number Publication date
TWI612436B (en) 2018-01-21

Similar Documents

Publication Publication Date Title
US9730065B1 (en) Credential management
JP5585969B2 (en) Method, program and computer system for reading attribute from ID token
US11424930B2 (en) Systems and methods for providing account information
WO2017084013A1 (en) Transaction authentication method, device, mobile terminal, pos terminal and server
KR101214839B1 (en) Authentication method and authentication system
EP3709567A1 (en) Electronic signature authentication system on the basis of biometric information and electronic signature authentication method thereof
JP2018515011A (en) Method and apparatus for authenticating user, method and apparatus for registering wearable device
KR20110081103A (en) Secure transaction systems and methods
WO2019179394A1 (en) Method, terminal, and authentication server for retrieving identity information
JP6538872B2 (en) Common identification data replacement system and method
KR20100126291A (en) Method for reading attributes from an id token
JP6134371B1 (en) User information management apparatus, user information management method, and user information management program
JP5710565B2 (en) User information management device, user information management method, and user information management program
US20210377309A1 (en) System and method for establishing secure session with online disambiguation data
JP2016535881A (en) Method and system for authenticating services
TWM539667U (en) System of online credentials application for network transaction via carrier
KR20150106198A (en) Method, server and device for certification
KR101603963B1 (en) Authentication method using fingerprint information and certification number, user terminal and financial institution server
JP2017102842A (en) Personal identification system, personal identification information output system, authentication server, personal identification method, personal identification information output method, and program
JP2012027530A (en) One-time password generator, server apparatus, authentication system, method, program, and recording medium
KR101115511B1 (en) Authentication system and method using smart card web server
TWI612436B (en) Citizen digital certificate authentication method
JP2010237741A (en) Authentication system and authentication method
TW202117631A (en) Method for verifying financial service access privilege using different computer sequences and system thereof
TWM598987U (en) System for verifying financial service access privilege using different computer sequences