TWI242348B - System and method for integration of multiple authentication processes - Google Patents

System and method for integration of multiple authentication processes Download PDF

Info

Publication number
TWI242348B
TWI242348B TW92137390A TW92137390A TWI242348B TW I242348 B TWI242348 B TW I242348B TW 92137390 A TW92137390 A TW 92137390A TW 92137390 A TW92137390 A TW 92137390A TW I242348 B TWI242348 B TW I242348B
Authority
TW
Taiwan
Prior art keywords
certificate
authentication
data
voucher
patent application
Prior art date
Application number
TW92137390A
Other languages
Chinese (zh)
Other versions
TW200522653A (en
Inventor
Tien-Ching Hsu
Pin-Chen Liu
Original Assignee
Systex Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Systex Corp filed Critical Systex Corp
Priority to TW92137390A priority Critical patent/TWI242348B/en
Publication of TW200522653A publication Critical patent/TW200522653A/en
Application granted granted Critical
Publication of TWI242348B publication Critical patent/TWI242348B/en

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The invention discloses a system and method for integration of multiple authentication processes, which uses a communication network to communicate with at least two or more remote authentication systems. The two or more authentication systems each can issue a certificate in different format and the certificate can be authenticated by each other. This invention therefore enables receiving the related data in terms of the certificate transmitted from the operation system, determining the authentication system corresponding to the certificate, then transmitting the data related to the certificate to the corresponding v authentication system to carry out authentication, and also transmitting the authentication result back to the operation system for determining whether to proceed the operation procedure or not.

Description

1242348 五、發明說明(1) 【發明所屬之技術領域】 本發明係有關於網路上電子憑證之認證作業的技術領 域,特定而言,係有關於整合多項認證作業的技術領域。 開業的 界們們送電 另品、企務管 世人我整考 了務式著商務。統見認完思 啟服方隨子服脅傳不確是前 開升通。電的威與聽何息目 業提溝間述新的到、如訊們 企、的時上與有得見?認我 為率間的,會未能不們確是 路效業市增機有遞看人何脅 網加企上擴展前傳們任如威 用增和品漸發受的我信?與 利如内產逐的遭料在以的慮 於諸業了量奮正資何可密顧 等點企短換興也要如還保些 ,優進縮交人全需。候是這 化其改也料令安們任時輸? 子,、、資個訊我信的傳上 電間本場,一資,與名料手 的空成市及了的中護簽資者 1務展低的普供業界保到的信 術商發減大漸提企世的得路收 技業的、廣逐然是子級法網的 前企能度更化雖但電等無際期 先 可速了子性, 樣至網預 ί 個與闢電特道 同甚在到1242348 V. Description of the invention (1) [Technical field to which the invention belongs] The present invention relates to the technical field of the authentication operation of electronic credentials on the Internet. In particular, it relates to the technical field of integrating multiple authentication operations. The business people who opened the business sent electricity, other products, and business management. All see the recognition of the completion of the first service party to follow the sub-service threatening pass is not exactly before the opening. The prestige of electricity and the news of hearing what the industry has said about new arrivals, such as the news of the enterprise, the time and the visibility? Think of me as a leader, wouldn't it be true that the road effect industry has increased its chances to see people threaten to increase the predecessors of online processing companies, such as my letter that Ren Ruwei used Zenghe products? It is expected that the domestic industry and the industry will be able to pay close attention to the needs of various industries, and to pay close attention to the short-term changes in the enterprises. When this change is made, is it expected that the Ans will lose at any time? The letter, the letter, the letter, the letter, and the letter passed to the electricity room in this field, a fund, with the famous masters of the empty city and the Sino-Prosperity signatories, a low-cost, universally-secured insurer sent by the industry Reducing the size and increasing the success of the world and gaining access to the technology industry, the former company is a child of the French Open. The power of the former company has been changed. Detectives are even here

第4頁Page 4

1242348 五、發明說明(2) c ·完整性(i n t e g r i t y ):確認交易或通訊的内容是正 碟未被竄改的。 d ·不可否認性(η ο η - r e p u d i a t i〇η ) ··確認交易的雙方 及其交易行為是不可否認的,增強交易在法律上的有效 性0 因此,基於上述有關安全性的要求,在網路上往往必 須採用特有的認證方式來進行可靠的商業交易行為。 一般金融業務採行認證的方式可參考第一圖加以說 明’其概要地繪示出進行認證作業的系統架構。客戶端i 〇 想t執行金融交易如銀行交易、證券交易或期貨交易等業 務日寸’經由通訊網路2 〇、認證系統所採用的對外通訊裝置 而連,至到銀行、證券商的交易系統4 〇。為了提高網路 1易的安全性’銀行、證券商會要求客戶先向認證體系之 刖端糸統50進行電子憑證註冊(register ’_RA),一般由客戶提供其個人資料、密碼 通過::用ί ϊ 1 ’經過銀行、證券商的管理人員審核 的後端系統)進則行端=先^遠^的認證系統60 (認證體系 後簡稱為憑證)交由子憑證(certificate,以 適當之儲存媒體中,並將盥=馬〜磁—片、I C卡、硬碟或其他 端系統5 0中。前浐系綠^ 也證貧料的相關資料儲存於前 ^ j而糸統5 〇通常包合古枝— 資料的憑證資料庫5丨、提供 有儲存客戶及憑證相關 提供管理人員執行憑證註冊作二=介面的操作模組52和 分。 冊作業的管理模組53等主要部1242348 V. Description of the invention (2) c · Integrity (i n t e g r i t y): Confirm that the content of the transaction or communication has not been tampered with. d · Non-repudiation (η ο η-repudiati〇η) ·· Confirm that both parties to the transaction and their transaction behavior are undeniable, and enhance the legal validity of the transaction 0 Therefore, based on the above security requirements, On the road, unique authentication methods must often be used to conduct reliable business transactions. The method of certification for general financial services can be explained with reference to the first figure ', which outlines the system architecture of the certification operation. The client i 〇 wants to perform financial transactions such as banking transactions, securities trading, or futures trading. It is connected via the communication network 2 0, the external communication device used by the authentication system, and to the transaction systems of banks and securities dealers 4 〇. In order to improve the security of the Internet, 'banks and securities companies will require customers to register with the electronic certificate system (register' _RA) of the authentication system 50. Generally, customers provide their personal information and passwords. '1' The back-end system that has been reviewed by the managers of banks and securities dealers.] The certification system 60 (the certification system is referred to as the credential for short) is passed to the sub-certificate (certificate, in the appropriate storage medium, And the toilet = horse ~ magnetic-chip, IC card, hard disk or other end systems 50. The former system is green ^ It also shows that the relevant information of the poor material is stored in the former ^ j and the system 5 〇 usually includes ancient branches- Data voucher database 5 丨 Provides storage of customers and vouchers related management personnel to perform voucher registration as the second operation interface 52 and sub-interfaces. Management module 53 for register operations

1242348 五、發明說明(3)1242348 V. Description of the invention (3)

等到客戶要進行交易時,例如進入銀行、證券或期貨 的交易系統4 0時,該交易系統4 0會要求客戶端1 0提供憑證 及密碼,並將該憑證進行認證所需的相關資料傳送到認證 體系之認證系統6 0以進行認證(c e r t i f i c a t e a u t h o r i z a t i 〇 n,C A )。認證系統6 0接收交易系統4 0所傳來 請求認證的相關資料,經由特定的方式進行解密及/或檢 驗該憑證是否為合法憑證,產生一認證結果,再將認證結 果回覆給交易系統4 0,以供交易系統4 0依據該認證結果, 藉以判斷是否可繼續執行該交易流程。一般而言,唯有通 過認證之後才可以繼續交易流程,若未通過認證,則終止 或中斷此交易流程,以防他人冒名進行交易。交易系統4 〇 一般和認證體系的前端系統5 0、認證系統6 0為互相獨立, 即在認證體系外,只是在其執行交易流程中需要認證時, 會將客戶所提供的憑證及密碼等資料傳送到認證體系的認 證系統6 0以請求認證,再接收回覆的認證結果,以判斷是 否繼續執行該交易流程。When the customer wants to conduct a transaction, for example, when entering the banking, securities or futures trading system 40, the trading system 40 will ask the client 10 to provide a voucher and password, and transmit the relevant information required for authentication of the voucher to The certification system of the certification system 60 for certification (certificateauthorizat i ON, CA). The authentication system 60 receives the relevant information from the transaction system 40 requesting authentication, decrypts it in a specific way and / or checks whether the certificate is a legitimate certificate, generates an authentication result, and then returns the authentication result to the transaction system 40. In order for the trading system 40 to judge whether the transaction process can continue to be performed based on the authentication result. Generally speaking, the transaction process can be continued only after passing the authentication. If the authentication is not passed, the transaction process will be terminated or interrupted to prevent others from transacting under the pretext of authentication. Transaction system 4 〇 Generally, the front-end system 50 of the authentication system and the authentication system 60 are independent of each other, that is, outside the authentication system, only when the authentication is required in the execution of the transaction process, the credentials and passwords provided by customers It is transmitted to the authentication system 60 of the authentication system to request authentication, and then receives the reply authentication result to determine whether to continue the transaction process.

在習知技術中’多個前端系統5 〇可以分別建置在銀 行、證券商或政府機構等業務提供者處,以供配合業務提 供者的業務系統的需求,例如交易系統、服務系統、資料 處理系統等,各自接受客戶的請求以進行憑證的註冊及發 證給其客戶,並可進一步對客戶的憑證加以管理。而認證 系統60—般並不會開放給一般人連線,通常是和業務提供 者的業務系統連線,以依據該業務系統的請求進行認證。 認證體系的收費’一般是針對發證的數量和執行認證的次In the conventional technology, 'a plurality of front-end systems 50 can be separately established at business providers such as banks, securities dealers, or government agencies to meet the needs of business providers' business systems, such as trading systems, service systems, and data. Processing systems, etc., each accept a customer's request to register and issue a certificate to its customer, and can further manage the customer's certificate. The authentication system 60 is generally not open to the general public, and is usually connected to the business system of the service provider to perform authentication according to the request of the business system. Charges for certification systems ’are generally based on the number of certificates issued and the number of times the certification is performed.

第6頁 1242348 五、發明說明(4) 數來向業矛力k供者收費,而業務提供者可再向客戶收取發 證、服矛力費用,但也可能其自行吸收成本不向客戶另行收 費0 目&已有°午夕與此相關的電子憑證技術,舉例而言, 中華民=專利案公告第548 5 64號所揭示的實施電子交易的 :ί : \置β I在λ進行一電子商務交易時,其提供一智慧型 行認證,以提高網: = 丄:送到網路上-伺服器進 行電子交易的方:::易的該案所揭示的,進 之-交易要求;b #::=收在一伺服器上之-使用者 從該使用者接收^使用者;C.根據該口令 e.組合供該交易使處理該回應以驗證該使用者; ;至少ί憑證之-部分給該使用*;g;;;用:接 ::要求,該第二要求包含該憑證之 吏=收- 鑰確認該憑證之該部分服及h.以該 就國内現況來看,日义卜丄1;又易服務。 和VeriSlgn(Hltrutt)’V'j^„大的二大認證體系為MCa 其所核發的憑證通常且右、還有RSA等不同的認證體系, 同的憑證格式二=二的加解密方法並分別採用不 統,甚至同一機:普銀行通常擁有不同業務系 劃時選定的認證體系而:二::務系統也常因特殊需求或規 證。這些憑證往往因A ::不同’而各自設定所需要的憑 必須由各自的前端不同的憑證格式且互不相通, 而糸統來進行憑證的申請和管理作業,也Page 6 1242348 V. Description of the invention (4) The supplier is charged in several ways, and the service provider can charge the customer for license issuance and service charges, but it may also absorb the cost by itself without charging the customer separately. 0 item & already has the related electronic voucher technology at midnight, for example, the Chinese people = Patent Case Announcement No. 548 5 64 to implement electronic transactions: ί: \ 置 β I conduct a When e-commerce transactions, it provides a smart line authentication to improve the network: = 丄: sent to the Internet-the server for electronic transactions: ::: disclosed in the case of Yi, enter-transaction requirements; b # :: = received on a server-the user receives the user from the user; C. according to the password e. The combination for the transaction to process the response to verify the user; at least the certificate of- Partially for the use of *; g ;;; use: pick up :: request, the second request contains the voucher = receive-key to confirm the part of the voucher and h. In view of the current domestic situation, Japan义 卜 丄 1; and easy service. VeraSlgn (Hltrutt) 'V'j ^ „The two largest authentication systems are MCa. The certificates issued by them are usually different authentication systems such as the right and RSA. The same certificate format two = two encryption and decryption methods are separately used. Use of inconsistent or even the same machine: General Bank usually has the authentication system selected when different business systems are planned: 2: The service system is also often due to special needs or regulations. These certificates are often set up separately because of A :: ' The required certificates must have different voucher formats and are not connected to each other, and the voucher application and management operations are also performed by the system.

第7頁 1242348 五、發明說明(5) 須配合不同的 時通常已指定 一旦憑證發了 憑證用途中的 常面臨要需要 由此現況 別使用和管理 令人困擾。而 供多樣化的業 請和管理作業 統,增加作業 重。 為了解決 4 3 4 5 1 6號揭示 位憑證的方法 由同一後端認 批次驗證多個 證來自同一簽 證的合法性, 處理單元計算 積,並利用該 以比對該解密 所有公输憑證 該案雖然Page 7 1242348 V. Description of the invention (5) It must be specified when it is different. Once the voucher is issued, it is often required in the voucher application. Therefore, it is confusing to use and manage. And for a variety of industries, please contact the management system to increase the workload. In order to solve the method of No. 4 3 4 5 16 revealing the voucher by the same backend to verify the validity of multiple certificates from the same visa, the processing unit calculates the product and uses this to decrypt all public input vouchers in this case. although

認證系 其可適 出去之 其他業 重新發 可知, 多種憑 對商家 務系統 ,往往 成本, 多種憑 了 種 ’提出 證糸統 數位憑 章者的 其步驟 該些公 簽章者 結果及 的合法 提出了Authentication is reissued by other industries that it can adapt to. It can be seen that many kinds of business processes are often costly, and many kinds of kinds are based on the steps of the certificate issuer and the digital certificate holders. Up

用的範圍,亦即 後’往往無法被 務,往後所開發 憑證或是更換憑 客戶面對眾多的 證,甚至增加申 或政府機構等業 而必須管理和進 必須同時維護多 以也使得憑證的 證的困擾, 批次驗證多 可一次驗證 的驗證模組 證的方法, 多個公输憑 包括:提供 鑰的雜湊值 的公鑰解密 該些公鑰的 性0 已設定 許可應 的業務 證的問 業務系 請憑證 務提供 行各式 種憑證 管理人 其憑證用途, 用在未包含在 糸統’因而經 題。 統,則需要分 的成本,相當 者而言,因提 各樣憑證的申 的不同前端系 員工作更加繁 甲華民國專利案公告 個數位憑證及識別非 多個數位憑證,然而 來進行。如該案所揭 在不安全的通訊通道 證,以便確認所有公 一處理單元;以及利 乘積及該些公鑰憑證 5亥些公鍮憑證的乘積 雜湊值的乘積,進而 第 法數 須是 示之 中驗 输憑 用該 的乘,藉 確認 次驗證多個數位憑證的解決方法The scope of use, that is, the latter is often unable to be serviced. In the future, the voucher developed or replaced depends on the number of certificates that customers face, and even applications such as application or government agencies must be managed and maintained simultaneously. The method of verifying the module certificate that can be verified by batch verification is more than one verification. The multiple public input vouchers include: the public key that provides the hash value of the key to decrypt the public key. Q business department asks the voucher service to provide a variety of voucher managers for their voucher use, which is not included in the system. However, it is necessary to divide the costs. For the equivalent, it is more complicated for different front-end members to apply for various certificates. The Republic of China Patent Case Announcement Digital Certificates and Identification of Non-Multiple Digital Certificates, however. The unsecured communication channel certificate as disclosed in this case, in order to confirm all public processing units; and the product of the profit product and the product hash value of the public key certificates and the public certificate, and the law must be shown The solution to verifying multiple digital vouchers is to use the multiplication to verify the loss.

第8頁Page 8

認證所需之相關資料,進行初步辨識,依據該憑證資料庫 中的憑證資料,將該憑證進行認證所需之相關資料經由該 通訊網路傳送到對應的認證系統以進行認證,並接收其認 證結果以傳回該業務系統,其中,該憑證進行認證所需之 相關資料係為該憑證的一部分資料。 依據本發明另一特色,本發明所提出整合多項認證作 業的方法,經由通訊網路與遠端的二個或更多個認證系統 通訊,其中,該二個或更多個認證系統可各自核發具有不 同格式之憑證並可對其所核發之憑證進行認證,且該方法 應認證系 系統所核 業;執行 務系統傳 的憑證資 訊網路傳 結果以傳 關資料係 技術的缺 用者及其 資料可以 出之操作 別對多個 可提供管 包含的步驟有:儲存至少一使用者資料及其所擁有至少一 憑證之 該二個 至少一 作業; 依據該 之相關 認證, 證進行 相 證資料 料’其 同的憑 面,藉 所提出 識別資 或更多 憑證的 以及接 憑證資 資料經 並接收 認證所 較於前 庫,可 中該多 證格式 以讓使 之管理 料及對 個認證 相關作 收一業 料庫中 由該通 其認證 需之相 述習知 儲存使 個憑證 ;所提 用者分 模組, 統貧料 發之任 管理者 來之憑 料,將 送到對 回該業 為该憑 點,本 所擁有 來自不 模組, 憑證提 理者對 ,其中, 一憑證; 對使用者 證及進行 該憑證進 應的認證 務系統, 證的一部 發明系統 多個憑證 同認證體 可提供便 出申請和 多個憑證 執行使用 憑證的管 初步辨識 行認證所 系統以進 其中,該 分資料。 所提出之 的相關資 系且具有 利的操作 進行維護 進行審核Relevant information required for authentication is initially identified. According to the voucher information in the voucher database, the relevant data required for authentication of the voucher is transmitted to the corresponding authentication system for authentication via the communication network, and the authentication result is received. To return the business system, in which the relevant information required for authentication of the certificate is part of the information of the certificate. According to another feature of the present invention, the method for integrating multiple authentication operations provided by the present invention communicates with two or more remote authentication systems via a communication network, wherein the two or more authentication systems can each issue Certificates in different formats can be authenticated, and the method should be authenticated by the system; the certificate information transmitted by the executive system is transmitted online to pass the data to the lack of technology and its data. The operations that can be performed on the plurality of available tubes include the steps of: storing at least one user data and the two at least one operation of the at least one voucher that it possesses; and carrying out phase verification data according to the relevant certification. In the same way, by using the identification certificate or more certificates and receiving the certificate information and receiving and verifying the certificate, compared with the previous database, the multi-certificate format can be used to allow the management of the materials and the related certification. Store the vouchers in the industry database by the related knowledge required for its certification; the user's sub-module is used to manage the poor materials. The voucher will be sent back to the industry as the voucher. The firm has a pair of vouchers from the module, one of which is a voucher; the user certificate and the authentication service system that responds to the voucher. An invented system of the certificate, multiple certificates, and a certification body can provide a certificate application and multiple certificates to perform the use of the certificate management system of the preliminary identification bank to enter into the sub-data. Proposed related assets and beneficial operations for maintenance and review

1242348 發明說明(8) 5主冊*、發證等管理作業;且所提供之處理模組,更可辨識 =判斷待認證之憑證,並將待認證之憑證傳送到對應的叼 也系統以請求認證。因而本發明至少可以達成以下功效· 1 ·可支援多種憑證格式,經由本發明的系統和方法, 可與多個認證系統連結,並可為多個憑證進行註冊和發 也 且在驗證流程中,可接收多種憑證中的任一憑證資 料’經過辨識和判斷後,將該憑證進行認證所需的相關資 料傳送到其對應的認證系統以請求進行驗證,可大幅節省 糸統建置成本。 2·使用者可藉由本發明所提供的操作介面,來申請、 變更、驗證、註銷多個憑證等,有助於統一管理’操^使 用上相當便利。 3.經由本發明的糸統和方法,憑證用途 憑證用途可以予以擴1242348 Description of the invention (8) 5 master book *, certificate issuance and other management operations; and the provided processing module is more recognizable = judge the certificate to be authenticated, and send the certificate to be authenticated to the corresponding system to request Certified. Therefore, the present invention can achieve at least the following effects: 1. It can support multiple credential formats. Through the system and method of the present invention, it can be connected with multiple authentication systems, and can register and issue multiple credentials. During the verification process, Can receive any kind of voucher data from multiple vouchers. After identification and judgment, the relevant data required for authentication of the voucher is transmitted to its corresponding authentication system to request verification, which can greatly save the cost of unified system construction. 2. The user can apply for, change, verify, cancel multiple certificates, etc. through the operation interface provided by the present invention, which is helpful for unified management and operation. It is quite convenient to use. 3. Through the system and method of the present invention, the use of certificates can be expanded.

系統,增加憑證的使用效 展,一、… 結果,使用 改憑證,可 本,且可使 益0 【實施方式】System, increase the use of vouchers, one,… as a result, using vouchers can save money and benefit

1242348 五、發明說明(9) 7 3以及一處理模組7 4。其中,第二圖中係以三個認證系統 6 1〜6 3及三個使用者終端裝置1 1〜1 3來作為複數個的舉例說 明,並非用以限定本發明所適用的認證系統及使用者終端 裝置之數量。 通訊網路2 0可以是網際網路、區域網路、電信網路、 專線、虛擬私有網路(V P N)或無線網路等其中之任一種, 或是其中二種以上的任何組合,而通訊裝置3 0可為一般市 售通訊裝置,配合使用上述所採用的通訊網路而規格有所 不同。通訊網路2 0及通訊裝置3 0皆屬於習知技術,在此不 予贅述。 一般而言,為了提高資料的處理速度及資料的安全 性,系統7 0與多個認證體系外的業務系統4卜4 3以建置在 同一區域網路為較佳,如第二圖所示,其中,該業務系統 4 1〜4 3可以是一交易系統、一服務系統或是一資料處理系 統。然而,本發明另一種實施方式,亦可將多個業務系統 建置在不同的區域網路上,再經由通訊裝置與通訊網路與 系統7 0進行通訊,以進行資料的傳送與處理,該通訊裝置 和通訊網路可以與上述認證系統共用通訊裝置3 0和通訊網 路2 0,亦可另行設置。 憑證資料庫7 1係用以儲存多個使用者(即前述之客戶) 及其所擁有憑證的相關資料,例如,使用者的姓名、I D、 帳號等基本資料,以及所擁有的至少一憑證中,每個憑證 的辨識資料(如憑證序號)、對應的認證系統資料、憑證用 途資料(可使用憑證的業務系統)以及憑證有效期間等。使1242348 V. Description of the invention (9) 7 3 and a processing module 74. Among them, in the second figure, three authentication systems 6 1 to 6 3 and three user terminal devices 1 1 to 13 are used as examples for illustration, and are not intended to limit the authentication system and application to which the present invention is applicable. Number of terminal devices. The communication network 20 may be any one of the Internet, a local area network, a telecommunication network, a dedicated line, a virtual private network (VPN), or a wireless network, or any combination of two or more of them. The communication device 30 can be a general commercially available communication device, and the specifications vary depending on the communication network used above. The communication network 20 and the communication device 30 are all conventional technologies, and are not described in detail here. Generally speaking, in order to improve the data processing speed and data security, system 70 and business systems outside multiple authentication systems 4 and 43 are better to be built in the same local network, as shown in the second figure. Among them, the business system 41 to 43 can be a transaction system, a service system, or a data processing system. However, in another embodiment of the present invention, multiple business systems can also be built on different local area networks, and then communicate with the system 70 through a communication device to communicate with the system 70 for data transmission and processing. The communication device The communication device and the communication network can share the communication device 30 and the communication network 20 with the above-mentioned authentication system, and can also be set separately. The credential database 71 is used to store multiple users (that is, the aforementioned customers) and related information about their credentials, such as the user's name, ID, account number and other basic information, and at least one of the credentials , The identification information of each certificate (such as the certificate serial number), the corresponding authentication system information, the certificate usage data (the business system that can use the certificate), and the validity period of the certificate. Make

1242348 五、發明說明(10) 用者所擁有的多個 不同的憑證格式, 資料庫7 1可以採用 式。1242348 V. Description of the invention (10) Many different voucher formats owned by the user can be used in the database 71.

’可以是來自不同認證體系、罝 且可使用在不同的業務系統中,而二: 一般市售儲存裝置或專用資料庫的^ 中 產 資 維 流’Can be from different certification systems, 罝 and can be used in different business systems, and the second: general commercial storage devices or special data base

上述各項資料係來自於 請資料、憑噔管理者於勒吏用者於申請憑證時所提供 料:::::及認證系統核發憑證時的相關資料1 2 3依其需求將其儲存在憑證資料庫7丨中,以供使二 口 W设時、管理者進行憑證管理作業時、或是 程時使用。 订W … 操作模組7 2係用以執行使用者及其多個憑證的相關作 業’包括提出申請憑證、註銷憑證、檢核憑證、查詢或修 改使用者資料等。一般而言,操作模組7 2以提供—網頁^ 為操作介面為較佳,可於該網頁上呈現上述各項作業的選 項’讓使用者來輸入資料以進行上述作業,亦可由管理^ ^據使用者所提供資料來進行輸入。另一種實施方式,亦 可將操作模組7 2設置在使用者終端裝置1 1〜1 3,以在使用、 ^終纟而裝置1 1〜1 3上產生一特定之操作晝面,供客戶輪入 貧料、進行操作,並將相關資料傳送到系統7 0以進行7述 作業。熟於此技藝者顯然可對此等功能細節加以適當選擇 和设計’以用於所要的特定用途,而不違反本發明的精 神0 官理模組7 3係用以供管理者對使用者的多個憑證進行 各項官理作業,例如審核使用者提出申請憑證的相關資The above information comes from the application information, the information provided by the administrator and the user when applying for the certificate :::::, and the relevant information when the certification system issues the certificate 1 2 3 The voucher database 7 丨 is used for setting up the two ports, when the administrator performs voucher management operations, or during the process. Order W… The operation module 72 is used to perform related tasks of the user and its multiple certificates, including submitting application certificates, canceling certificates, checking certificates, querying or modifying user data, and so on. Generally speaking, the operation module 72 is preferably provided with a web page ^ as an operation interface. The above-mentioned options for various operations can be presented on the web page, allowing users to enter data to perform the above operations, and can also be managed by ^ ^ Enter based on the information provided by the user. In another embodiment, the operation module 7 2 may also be set on the user terminal device 1 1 to 1 3 to generate a specific operation day and time on the device 1 1 to 13 for use by the customer. Rotate lean materials, perform operations, and transfer related data to the system 70 for the operations described above. Those skilled in the art can obviously select and design these functional details appropriately for the specific purpose desired, without violating the spirit of the present invention. 0 The management module 7 3 is for managers to users. Multiple vouchers for various administrative tasks, such as reviewing the relevant information for users applying for vouchers

第13頁 1242348Page 13 1242348

五、發明說明(π) 料、進行新憑證的註冊、發證作業、對既有憑證執行更 新、暫禁、解禁、註銷、記錄查詢等作業。其中,$理模 組7 3於進行新憑證的註冊、發證作業時,係將申請^遇證 所需資料及其密碼傳送到對應的認證系統6丨〜6 3以^求'主# 冊’該認證系統6 1〜6 3予以註冊之後,將新憑證及其辨識 資料(如憑證序號)傳回管理模組73,由管理模組73將新曰憑 證的辨識資料、對應的認證系統、所核准的憑證用途等^ =,儲存在憑證資料庫7丨中,並將新憑證傳送至使用指V. Description of the invention (π) materials, registration of new vouchers, issuance of permits, implementation of existing vouchers for renewal, suspension, lifting of bans, cancellations, record inquiry, etc. Among them, $ 理 Module 7 3 transmits the information required for applying for a certificate and its password to the corresponding authentication system 6 for registration and issuance of new certificates to the corresponding authentication system 6 丨 ~ 6 3 以 ^ 求 '主 # Book 'After the authentication system 6 1 ~ 6 3 is registered, the new certificate and its identification data (such as the certificate serial number) are returned to the management module 73, and the management module 73 transmits the identification data of the new certificate, the corresponding authentication system, Approved certificate usage etc. ^ =, stored in the certificate database 7 丨, and send the new certificate to the user

=的儲存媒體(例如磁片、1(:卡、硬碟等)予以儲存,由= 用者保管。 類似於操作模組以的形式,管理模組73亦以提供一網 作^為操作介面為較佳,可於該網f上呈現各項憑證管理 業=遥項,讓管理者來輸入資料以進行上述作業。同 ^官理杈組7 3亦可設置在一管理者終端裝置(圖中未顯 τ、並予以顯不一特定晝面作為操作介面,以供管理者輸 姑行心也嘗理相關作業所需資料,該管理者終端裝置可 二,通讯網路2 0與系統7 〇通訊,藉以將上述資料傳送到系 、、、7 0以執行憑證管理相關作業。= Storage media (such as magnetic disks, 1 (: cards, hard disks, etc.) to be stored by = users. Similar to the form of the operation module, the management module 73 also provides a network as the operation interface For better, various credential management industry = remote items can be presented on the network f, allowing managers to input data to perform the above operations. The same official management group 7 3 can also be set on a manager terminal device (Figure Τ is not displayed, and a specific day surface is displayed as an operating interface for the manager to lose his mind and to understand the information required for the relevant operation. The manager's terminal device can be two, the communication network 2 0 and the system 7 〇Communication, to transfer the above information to the department, 70, 70 to perform credential management related operations.

求業私系統4 1〜4 3於執行業務流程需要進行認證時,要 進,^ ^提供憑證資料’經由通訊網路2 0及通訊裝置3 0將 來^ w 1所需的相關資料傳送到系統7 0。處理模組7 4接收 ,業^系統41〜4 3傳送來憑證進行認證所需的相關資料 、$订初步辨識該憑證,讀取憑證資料庫7丨中該憑證的 哉貝料及對應的認證系統資料,將進行認證所需的相關Private industry system 4 1 ~ 4 3 When you need to perform authentication in the execution of business processes, you must enter, ^ ^ Provide credential data 'via communication network 2 0 and communication device 3 0 future ^ w 1 required data is transmitted to the system 7 0. The processing module 74 receives it, and the system 41 ~ 4 3 sends the relevant information required for the certificate to be authenticated, orders the initial identification of the certificate, and reads the material of the certificate in the certificate database 7 丨 and the corresponding authentication system. Information that will be required for certification

第14頁 1242348 五、發明說明(12) --一 資料傳送到其對應的認證系統61〜63以進行認證,並接收 對應的認證系統6卜63所回覆的認證結果,再傳回業務系 統4丨~43,以供其判斷是否可繼續業務流程。在本發明系 統中,使用者所提供的憑證為其擁有的多個憑證的其中之 -’須經過處理模組74進行初步辨識及判斷,方能將憑證 的相關資料傳送到正確的認證系統61〜63,完成認證程 序。該憑t登進行認證所需的相關資料,可為該憑證中的至 少一部分貧料,或是該憑證中的全部資料,依據各認證系 統所需而定,各認證系統不完全相同,通常可包含有該憑 證的憑證序號、憑證有效日期、客戶特定資料等。 此外,一般憑證均有其適用的憑證用^,並非任何業 務均可使用,如前所述,管理者於核發憑證時,已事先將 該憑證用途(即其所適用的交易、服務或資料處理項目等) 儲存在認證資料庫71中。為了避免進行無謂的認證,處理 模組74於初步辨識憑證時,更可讀取憑證資料庫71中該憑 證用途資料,判斷該憑證是否可使用於目前所執行之業務 項目,若疋,則繼續該認證程序,將憑證及密碼傳送到對 應的認證系統61〜6 3 ;若否,則終止認證流程,並回覆相 關訊息給使用者,告知該憑證不適用於該項業務中。同 理,一般憑證亦均設定有效期間,其可儲存在憑證本身 中’亦可儲存在憑證資料庫7 1中,處理模組7 4於初步辨識 憑證時,亦可讀取憑證或憑證資料庫7丨中該憑證的有效曰 期,以判斷該憑證是否仍在有效期間,以決定是否可繼續 該認證程序。 ' 'Page 14 1242348 V. Description of the invention (12)-A document is transmitted to its corresponding authentication system 61 ~ 63 for authentication, and the authentication result returned by the corresponding authentication system 6 and 63 is returned to the business system 4丨 ~ 43 for them to judge whether they can continue the business process. In the system of the present invention, the certificate provided by the user is one of the multiple certificates that the user possesses-'must be initially identified and judged by the processing module 74 before the relevant data of the certificate can be transmitted to the correct authentication system 61 ~ 63, complete the certification process. The relevant information required for authentication by t-login can be at least a part of the voucher in the voucher or all the data in the voucher. Depending on the requirements of each authentication system, each authentication system is not exactly the same, and usually can be Contains the voucher serial number, voucher validity date, customer specific information, etc. of the voucher. In addition, general vouchers have their own applicable vouchers ^ and are not applicable to any business. As mentioned earlier, when issuing vouchers, managers have previously used the vouchers for their purposes (that is, their applicable transactions, services, or data processing). Items, etc.) are stored in the certification database 71. In order to avoid unnecessary authentication, the processing module 74 can read the certificate usage data in the certificate database 71 to determine whether the certificate can be used for the currently executed business project when it initially identifies the certificate. If not, continue This authentication procedure transmits the credentials and password to the corresponding authentication systems 61 ~ 63; if not, the authentication process is terminated, and the relevant message is returned to the user, informing that the credentials are not applicable to the business. In the same way, general vouchers also have a valid period, which can be stored in the voucher itself 'or stored in the voucher database 71, and the processing module 74 can also read the voucher or voucher database when it initially recognizes the voucher The date of validity of the certificate in 7 丨 to determine whether the certificate is still valid, to determine whether the certification process can continue. ''

第15頁 1242348 五、發明說明(14) ---- 其中,該憑證可為該二個或更多個認證系統所核 一 憑證,且憑證資料包含有該憑證之識別資料及其=% 系統資料; 、蚵應“迅 步驟3 0 3,執行使用者及其多個憑證的相關作勺 括提出申清憑證、註銷憑證、檢核憑證、查詢〃 者資料等; &修改使用 步驟3 0 5,提供管理者對使用者的憑證進行憑證的管 理作業’包括審核使用者提出申請憑證的相關資料、進行 新憑證的註冊、發證作業、對既有憑證執行更新、'暫焚灯 解禁、註銷、記錄查詢等作業; 不 步驟3 0 7,接收一業務系統傳來之憑證進行認證所需 的相關資料,並進行初步辨識,例如依據憑證資料庫所儲 存之該憑證的相關辨識資料,判斷使用者和傳來的憑證是 否相付、4憑證疋否仍在有效期間’以決定是否可繼續該 認證程序;以及 步驟3 0 9,依據該憑證資料庫中的憑證資料,將該憑 證進行認證所需的相關資料經由該通訊網路傳送到對應的 δ忍ό登糸統以進行認證’並接收其§忍證結果以傳回該業務系 統。 其中,該步驟3 0 7之後,可包含有一額外步驟3 0 8,即 進行初步辨識後,依據憑證用途資料,判斷該憑證是否可 使用於目前所執行之業務項目;若是,則繼續步驟3 0 9 ; 若否,則終止認證流程,並回覆相關訊息給使用者,告知 該憑證不適用於該項業務中。Page 15 1242348 V. Description of the invention (14) ---- The certificate can be a certificate verified by the two or more authentication systems, and the certificate data includes the identification information of the certificate and its =% system Information;, "Response step 3 0 3, perform the relevant work of the user and its multiple vouchers, including submitting a clearing voucher, canceling vouchers, checking vouchers, querying the information of the person, etc .; & modify the use of step 3 0 5. Provide administrators with the management of the user's credentials, including reviewing the relevant information of the user's application for vouchers, registering new credentials, issuing certifications, performing updates on existing credentials, 'temporarily lifting the ban, Cancellation, record inquiry, etc .; Step 3 07: Receive the relevant information required for authentication from a business system and perform preliminary identification, such as judging based on the relevant identification data of the certificate stored in the certificate database. Whether the user and the passed voucher pay, 4 vouchers are still valid, to determine whether the authentication process can continue; and step 309, according to the voucher database The certificate data, and the relevant information required for authentication of the certificate is transmitted to the corresponding delta tolerance system for authentication via the communication network, and the result of the § forbearance certificate is received to return to the business system. Wherein, this step After 3 07, an additional step 3 0 8 may be included, that is, after preliminary identification, based on the voucher usage data, determine whether the voucher can be used for the currently executed business project; if yes, continue to step 3 0 9; if not , Then terminate the authentication process and reply to the user with a message informing them that the certificate is not applicable to the business.

第17頁 1242348 五、發明說明(15) 為了能擴展憑證的用途,上述步驟3 0 5之中,憑證的 管理作業可包含有紀錄憑證用途擴展登記資料並予以儲 存;且在上述步驟3 0 8之中,係依據憑證用途資料以及該 憑證用途擴展登記資料,以判斷該憑證是否可使用在該項 業務中。Page 17 1242348 V. Description of the invention (15) In order to expand the use of the voucher, in the above step 305, the management of the voucher may include and store the registration information of the voucher extended use; and in the above step 308 Among them, it is based on the voucher usage data and the voucher extension registration data to determine whether the voucher can be used in the business.

前面以特定具體態樣所做的描述已充分揭露了本發明 的特色。對於熟悉此類技術者而言,可以應用其既有的知 識,在不偏離本發明的精神和範圍下輕易地加以修改或變 化,以用於各種特定的用途。同時要了解,在此所採用的 術語是為了要描述而沒有限制的意思,因此,本發明想要 包含所有落於所附申請專利範圍之精義和範圍内的各種修 改和變化。The foregoing descriptions in specific embodiments have fully disclosed the features of the present invention. For those skilled in the art, they can apply their existing knowledge and easily modify or change it for various specific uses without departing from the spirit and scope of the present invention. It should also be understood that the terminology used herein is for the purpose of description without limitation, and therefore, the present invention is intended to include all modifications and changes that fall within the meaning and scope of the scope of the attached patent application.

第18頁 1242348 圖式簡單說明 第一圖繪示出習知技術之進行認證作業的系統架構。 第二圖繪示出根據本發明之整合多項認證作業的系統 架構。 第三圖係繪示出本發明方法中之步驟流程圖。 圖式元件符號說明Page 18 1242348 Brief description of the drawings The first diagram shows the system architecture of the conventional technology for authentication. The second figure illustrates a system architecture for integrating multiple authentication operations according to the present invention. The third diagram is a flowchart showing steps in the method of the present invention. Schematic component symbol description

1 0〜客戶端;1 1 - 1 3〜使用者終端裝置;2 0〜通訊網路; 3 0〜通訊裝置;4 0〜交易系統;4 1 - 4 3〜業務系統;5 0〜前端 系統;5卜憑證資料庫;5 2〜操作模組;5 3〜管理模組; 6 0 - 6 3〜認證系統;7 0〜本發明系統;7卜憑證資料庫;7 2〜 操作模組;7 3〜管理模組;7 4〜處理模組。1 0 ~ client; 1 1 ~ 1 3 ~ user terminal device; 2 0 ~ communication network; 3 0 ~ communication device; 40 ~ transaction system; 4 1-4 3 ~ business system; 50 ~ front-end system; 5 certificate database; 5 2 to operation module; 53 to management module; 60 to 63 3 to authentication system; 70 to the system of the present invention; 7 certificate database; 7 2 to operation module; 7 3 ~ management module; 7 4 ~ processing module.

第19頁Page 19

Claims (1)

1242348 六、申請專利範圍 1 · 一種整合多項認證作業的系統,其經由通訊網路與 遠端二個或更多個認證系統通訊,其中,該二個或更多個 認證系統可各自核發具有不同格式之憑證並可對其所核發 之憑證進行認證,且該系統包含有: 义 一憑證資料庫’用以儲存至少一使用者資料及其所擁 有至少一憑證的識別資料及對應認證系統資料,其/中,該 憑證可為該二個或更多個認證系統所核發之任一憑證; 一操作模組,供使用者執行其至少一憑證的相關作 業; 一管理模組,供管理者執行對使用者憑證的管理作 業;以及 一處理模組,其接收一業務系統傳來一憑證進行認證 所需之相關資料,進行初步辨識,依據該憑證資料庫中的 憑證資料,將該憑證進行認證所需之相關資料經由該通訊 網路傳送到對應的認證系統以進行認證,並接收其認證結 果以傳回該業務系統,其中,該憑證進行認證所需之相關 資料係為該憑證的一部分資料。 2 ·如申請專利範圍第1項的系統,其中,該通訊網路 係為網際網路、區域網路、電信網路、專線、虛擬私有網 路和無線網路等其中之任一,或其中二種以上之組合。 3 ·如申請專利範圍第2項的系統,其中,該業務系統 係與該整合多項認證作業系統設置在同一區域網路。 4 ·如申請專利範圍第1項的系統,其中,該業務系統 係為一交易系統,用以執行至少一交易流程。1242348 VI. Scope of patent application 1 · A system integrating multiple authentication operations, which communicates with two or more remote authentication systems via a communication network, wherein the two or more authentication systems can each issue different formats The certificate can be authenticated and the certificate issued by it can be authenticated, and the system includes: a certificate database 'used to store at least one user data and identification information of the at least one certificate and corresponding authentication system data, which /, The certificate may be any certificate issued by the two or more authentication systems; an operation module for users to perform related operations of at least one certificate thereof; a management module for managers to perform Management of user credentials; and a processing module that receives relevant information required for authentication from a business system and performs initial identification, and authenticates the credentials based on the credential data in the credential database Relevant required information is transmitted to the corresponding authentication system for authentication via the communication network, and the authentication result is received for transmission. The business systems, which were part of the evidence-based information on relevant information necessary for the authentication credentials. 2 · If the system of the first patent application scope, wherein the communication network is any one of the Internet, local area network, telecommunication network, dedicated line, virtual private network and wireless network, or two of them More than one combination. 3. If the system of item 2 of the patent application scope, the business system is set on the same local area network as the integrated multiple authentication operating systems. 4 · The system according to item 1 of the scope of patent application, wherein the business system is a transaction system for executing at least one transaction process. 第20頁 1242348 六、申請專利範圍 既有憑證進行更新、暫禁、解禁、註銷、記錄查詢等。 1 2.如申請專利範圍第丨丨項的系統,其中,該管理模 組於進行新憑證的發證作業時,係將申請新憑證所需資料 及其密碼資料傳送到其所申請的認證系統以請求註冊,由 該認證系統予以註冊之後,將新憑證及其辨識資料傳回管 理模組;以及 其中’該管理模組將新憑證的辨識資料、對應的認證 系統、指定憑證用途等資料儲存在該憑證資料庫中,並將 新憑證傳送至使用者端供其儲存。 1 3 ·如申請專利範圍第1項的系統,其中,該管理模組 係藉由提供一網頁作為操作介面,以供該管理者執行馮證 管理作業。 〜也 1 4 ·如申請專利範圍第1項的系統,其中,該管理者係 藉由一管理者終端裝置經由通訊網路連接至該系統;以及 其中,該管理模組係設置於該管理者終端裝置,並於 該官理者終端裝置顯示一特定晝面作為操作介面,以供管 理者輸入進行憑證管理相關作業所需資料,經由通訊網路 傳送到該系統以執行憑證管理相關作業。 1 5 ·如申請專利範圍第1項的系統,其中該憑證資料更 包含該憑證之憑證用途資料;以及 、 其中’該處理模組於將該憑證傳送到對應的認證系統 之刖’依據該憑證用途資料以判斷該憑證是否可使用在該 業務系統中,並依據該判斷結果以決定是否將該憑證進g 認證所需之相關資料傳送到其對應的認證系統。〜° 仃Page 20 1242348 VI. Scope of patent application Existing vouchers are updated, suspended, lifted, cancelled, records checked, etc. 1 2. If the system of item 丨 丨 of the scope of patent application, the management module transmits the information required for applying for a new certificate and its password information to the authentication system that it applies for when issuing a new certificate After requesting registration, after being registered by the authentication system, the new certificate and its identification data are returned to the management module; and where 'the management module stores the identification information of the new certificate, the corresponding authentication system, and the designated certificate purpose, etc. In the certificate database, the new certificate is sent to the client for storage. 1 3 · The system of item 1 in the scope of patent application, wherein the management module provides a web page as an operation interface for the manager to perform Feng Zheng management operations. ~ Also 1 4 · If the system of the first scope of the patent application, the manager is connected to the system via a communication network via a manager terminal device; and wherein the management module is provided on the manager terminal Device, and display a specific daylight surface as an operation interface on the official manager ’s terminal device for the administrator to input data required for performing credential management-related operations and transmit it to the system via the communication network to perform credential management-related operations. 1 5 If the system of item 1 of the scope of patent application, the voucher information further includes the voucher usage information of the voucher; and, where 'the processing module sends the voucher to the corresponding authentication system' according to the voucher Use the data to determine whether the certificate can be used in the business system, and based on the judgment result, decide whether to transfer the relevant information required for the certificate to the corresponding authentication system. ~ ° 仃 第22頁 1242348 六、申請專利範圍 ^- 1 6 ·如申請專利範圍第丨5項的系統,其中,該管理模 組所提供的使用者憑證管理作業更包含有憑證用途擴展^登 記’用以將該憑證用途擴展登記的相關資料儲存在該崎證 資料庫中,以紀錄該憑證原先憑證用途之外的擴展用 料;以及 ' 其中,該處理模組將該憑證傳送到對應的認證系統之 前,依據該憑證用途資料及憑證用途擴展登記資料,以判 斷該憑證是否可使用在該業務系統中,並依據該判斷結果 以決定是否將憑證進行認證所需之相關資料傳送到其對應 的認證系統。 、〜 1 7 ·如申請專利範圍第1項的系統,其中,該憑證資料 更包含該憑證之有效日期資料;以及 其中’該處理模組將該憑證進行認證所需之相關資料 傳送到對應的認證系統之前,依據該憑證有效日期資料, 以判斷該憑證是否可使用在該業務系統中,並依據該判斷 結果以決定是否將該憑證進行認證所需之相關資料傳送到 其對應的認證系統。 1 8 · —種整合多項認證作業的系統,其經由通訊網路 與遠端二個或更多個認證系統通訊,其中,該二個或更多 個認證系統可各自核發具有不同格式之憑證並可對其所核 發之憑證進行認證,且該系統包含: 一憑證資料庫,用以儲存至少一使用者資料及其所擁 有至少一憑證之識別資料、用途資料、有效日期資料及對 應認證系統資料,其中,該憑證可為該二個或更多個認證Page 22 1242348 VI. Scope of Patent Application ^-1 6 · If the system of patent application No. 丨 5, in which the user certificate management operation provided by the management module also includes certificate use extension ^ registration 'for Store the relevant data of the certificate usage extension registration in the Saki certificate database to record the expansion materials beyond the original certificate use of the certificate; and 'Wherein, the processing module transmits the certificate to the corresponding authentication system before , According to the voucher usage data and voucher expansion registration data, to determine whether the voucher can be used in the business system, and based on the judgment result, decide whether to transfer the relevant data required for voucher authentication to its corresponding authentication system . , ~ 1 7 · If the system of the scope of patent application No. 1, wherein the voucher data further includes the date of validity of the voucher; and where 'the processing module transmits the relevant data required for authentication of the voucher to the corresponding Before the authentication system, according to the validity date of the certificate, to determine whether the certificate can be used in the business system, and to determine whether to transfer the relevant information required for the certificate to its corresponding authentication system. 18 · — A system integrating multiple authentication operations, which communicates with two or more remote authentication systems via a communication network, wherein the two or more authentication systems can each issue certificates with different formats and The certificates issued by it are authenticated, and the system includes: a certificate database for storing at least one user data and identification information, purpose data, valid date data and corresponding authentication system data of at least one certificate owned by the user, The certificate may be the two or more certificates. 第23頁 1242348 六、申請專利範圍 系統所核發之任一憑證; …一操作模組’供使用者執行其至少一憑證的相關作 業,包含申請憑證、註銷憑證、檢核憑證、查詢修改使用 者資料等作業; ,一官理模組’供管理者執行對使用者憑證的管理作 業’包含審核使用者所提出申請憑證的相關資料、進行新 憑證的發證作業、對既有憑證進行更新、暫禁、解禁、註 銷、記錄查詢、用途擴展登記等;以及Page 23 1242348 VI. Any certificate issued by the patent application system;… an operation module for users to perform at least one related operation of the certificate, including applying for a certificate, canceling a certificate, checking a certificate, and querying and modifying a user Data and other operations; an official management module 'for managers to perform management operations on user credentials' includes reviewing relevant information on application credentials submitted by users, issuing new credentials, updating existing credentials, Suspension, lifting of ban, cancellation, record inquiry, use extension registration, etc .; and 二處理模組’其接收一業務系統傳來之憑證進行認證 所,資料及進行初步辨識,依據該憑證資料庫中的憑證用 途資料、用途擴展登記資料、有效日期資料,以判斷該憑 證疋否可使用在该業務系統中,若可使用,則依據該憑證 資料庫中的對應認證系統資料,將該憑證進行認證所需之 相關資料經由該通訊網路傳送到對應的認證系統以進行認 證,並接收其認證結果以傳回該業務系統,其中,該憑證 進行認證所需之相關資料係為該憑證的一部分資料。Two processing modules: It receives the certificate from a business system for certification, data and preliminary identification, and determines whether the certificate is valid or not according to the certificate use data, use extension registration data, and effective date data in the certificate database. It can be used in the business system. If it is available, according to the corresponding authentication system data in the credential database, the relevant data required for authenticating the credential is transmitted to the corresponding authentication system for authentication through the communication network, and Receive its authentication results to return to the business system, where the relevant information required for the certificate to be authenticated is part of the certificate. 19.一種整合多項認證作業的方法,經由通訊網路與 运端的一個或更多個$忍證系統通訊,其中,該二個或更多 個認證系統可各自核發具有不同格式之憑證並可對其所核 發之憑證進行認證,且該方法包含的步驟有: 八 儲存至少一使用者資料及其所擁有至少一憑證之識別 資料及對應認證系統資料,其中,該憑證可為該二個或更 多個認證系統所核發之任一憑證; 執行使用者至少一憑證的相關作業;19. A method for integrating a plurality of authentication operations, communicating with one or more $ tolerance card systems of a transport terminal via a communication network, wherein the two or more authentication systems can each issue certificates with different formats and The issued certificate performs authentication, and the method includes the steps of: 8 storing at least one user data and identification information of the at least one certificate and corresponding authentication system data, wherein the certificate may be the two or more Any certificate issued by an authentication system; performing related operations of at least one certificate of the user; 第24頁 1242348 六、申請專利範圍 ^ ^^—- 檢核憑證、查詢修改使用者資料等作業。 27.如申請專利範圍第19項的方法、,其中,係藉由 供-網:作為操作介面,供一使用者執行其至少 相關作業。 心€的 2 8 ·如申π專利範圍第丨9項的方法,其中, 包含的步驟有: 乃,云又 經由通訊網路與一使用者終端裝置進行通訊;以及 於4使用者終端裝置顯示一特定晝面作為操作介面, 以供該使用者輸入執行其憑證相關作業的所需資料,以執 行憑證相關作業。 m 29·如申請專利範圍第19項的方法,其中,該管理者 =使用者,證的管理作業包含有審核使用者所提出申請憑 證的相關身料、進行新憑證的發證作業、對既有憑證進行 更新、暫禁、解禁、註銷、記錄查詢等。 3 0 ·如申請專利範圍第2 9項的方法,其中,於進行新 憑證的發證作業時,係將申請新憑證所需資料及其密碼資 料傳送到其所申請的認證系統以請求註冊,由該認證系統 予以"主冊之後’將新憑證及其辨識資料傳回;以及 、 其中’將新憑證的辨識資料、對應的認證系統、指定 憑證用途等貧料予以儲存,並將新憑證傳送給使用者供其 儲存。 3 1 ·如申請專利範圍第1 9項的方法,其中,係藉由提 供一網頁作為操作介面,讓管理者執行憑證管理作業。 3 2 ·如申凊專利範圍第1 9項的方法,其中,該方法更Page 24 1242348 VI. Scope of patent application ^ ^^ —- Checking vouchers, querying and modifying user data, etc. 27. The method according to item 19 of the scope of patent application, wherein the method is provided by a supply-net: as an operation interface for a user to perform at least related operations. Heart 2 8 · The method of claiming item 9 of the patent scope, which includes the following steps: However, the cloud communicates with a user terminal device via a communication network; and displays a message on the 4 user terminal device. The specific day surface is used as an operation interface for the user to input necessary data for performing his / her voucher-related operations to perform voucher-related operations. m 29. According to the method of applying for item 19 in the scope of patent application, where the administrator = user, the management of the certificate includes checking the relevant stature of the application certificate submitted by the user, issuing a new certificate, and verifying the existing certificate. There are credentials to update, suspend, lift, cancel, and query records. 30 · If the method of item 29 of the scope of patent application is applied, in the process of issuing a new certificate, the information required for applying for a new certificate and its password information are transmitted to the authentication system to which it is applied to request registration, The authentication system will "return the new certificate and its identification data after the master book"; and, of which, "the identification information of the new certificate, the corresponding authentication system, and the designated certificate use will be stored and the new certificate will be stored" Send to user for storage. 3 1 · The method according to item 19 of the scope of patent application, in which a web page is provided as an operation interface, so that the administrator can perform credential management operations. 3 2 · The method of item 19 in the scope of patent application, wherein the method is more 第26頁 1242348 六、申請專利範圍 包含的步驟有· 經由通訊網路與一管理者終端裝置進行通訊;以及 於違管理者終端裝置顯示一特定畫面作為操作介面, 以供該管理者輸入進行憑證管理相關作業所需資料,經由 通訊網路傳回,以執行憑證管理相關作業。 3 3 ·如申請專利範圍第1 9項的方法,其中,該憑證資 料更包含有該憑證之憑證用途資料,且該方法更包含的步 驟有· 將該憑證進行認證所需之相關資料傳送到對應的認證 系統之前,依據該憑證用途資料以判斷該憑證是否可使用 在該業務系統中,並依據該判斷結果以決定是否將該憑證 進行認證所需之相關資料傳送到對應的認證系統。 3 4 ·如申請專利範圍第3 3項的方法,其中,該憑證的 管理作業更包含有憑證用途擴展登記,且該方法更包含的 步驟有: 將該憑證用途擴展登記的相關資料予以儲存,以紀錄 原先憑證用途之外的擴展用途資料;以及 將該憑證傳送到對應的認證系統之前,依據該憑證用 途資料及憑證用途擴展登記資料,以判斷該憑證疋否可使 用在該業務系統中,並依據該判斷結果以決定是否將憑證 進行認證所需之相關資料傳送到對應的認證系統。 3 5.如申請專利範圍第19項的方法,其中,該憑證資 料更包含有該憑證之有效日期資料,且該方法更包含的步 驟有:Page 26 1242348 VI. The steps included in the scope of patent application are: · Communicating with a manager terminal device via a communication network; and displaying a specific screen on the manager terminal device as an operation interface for the manager to enter for credential management The data required for related operations is returned via the communication network to perform related operations for certificate management. 3 3 · If you apply for the method of item 19 in the scope of patent application, the voucher data also includes the voucher usage data of the voucher, and the method further includes the steps of: · Sending the relevant data required for authentication of the voucher to Before the corresponding authentication system, it is judged whether the certificate can be used in the business system based on the use information of the certificate, and according to the judgment result, it is decided whether to transfer the relevant information required for the certificate to the corresponding authentication system. 34. If the method according to item 33 of the scope of patent application, the management of the voucher further includes the registration of the extended use of the voucher, and the method further includes the steps of: storing the relevant data of the extended registration of the voucher, To record the extended use data other than the original certificate use; and to send the certificate to the corresponding authentication system, according to the certificate use data and the certificate use extended registration data to determine whether the certificate can be used in the business system, And according to the judgment result, it is decided whether to transmit the relevant data required for the certificate authentication to the corresponding authentication system. 3 5. The method according to item 19 of the scope of patent application, wherein the voucher data further includes valid date information of the voucher, and the method further includes the steps of: 第27頁 1242348 六、申請專利範圍 將該憑證進行認證所需之相關資料傳送到對應的認證 系統之前,依據該憑證有效曰期資料,以判斷該憑證是否 玎使用在該業務系統中,並依據該判斷結果以決定是否將 該憑證進行認證所需之相關資料傳送到對應的認證系統。 3 6 · —種整合多項認證作業的方法,經由通訊網路與 遠端的二個或更多個認證系統通訊,其中,該二個或更多 個認證系統可各自核發具有不同格式之憑證並可對其所核 發之憑證進行認證,且該方法包含的步驟有: 儲存至少一使用者資料及其所擁有至少一憑證之識別 資料、用途資料、有效日期資料及其對應認證系統資料, 其中,該憑證可為該二個或更多個認證系統所核發之任一 憑證; 執行使用者至少一憑證的相關作業,包含有申請憑 證、註銷憑證、檢核憑證、查詢修改使用者資料等作業; 執行管理者對使用者憑證的管理作業,包含有審核使 用者所提出申請憑證的相關資料、進行新憑證的發證作 業、對既有憑證進行更新、暫禁、解禁、註銷、記錄查 詢、用途擴展登記等;以及 接收一業務系統傳來之憑證,依據該憑證用途資料、 用途擴展登記資料及有效日期資料,以判斷該憑證是否可 使用在該業務系統中,若可使用,則將該憑證進行認證所 需之相關資料經由該通訊網路傳送到對應的認證系統以進 行認證,並接收其認證結果以傳回該業務系統,其中,該 憑證進行認證所需之相關資料係為該憑證的一部分資料。Page 27 1242348 VI. Before applying for the scope of the patent, the relevant information required for the certification of the certificate is transmitted to the corresponding certification system, based on the validity date of the certificate, to determine whether the certificate is not used in the business system, and according to The result of this judgment is to decide whether to transmit the relevant data required for authentication of the certificate to the corresponding authentication system. 3 6 · — A method of integrating multiple authentication operations, communicating with two or more remote authentication systems via a communication network, wherein the two or more authentication systems can each issue certificates with different formats and can The certificate issued by it is authenticated, and the method includes the steps of: storing at least one user data and identification information, purpose data, expiration date data and corresponding authentication system data of the at least one certificate owned by the user, wherein, the The voucher can be any voucher issued by the two or more authentication systems. Perform at least one voucher related operation of the user, including operations such as applying for voucher, canceling voucher, checking voucher, querying and modifying user data, etc .; The management of the user credentials by the administrator includes the relevant information of reviewing the application credentials submitted by the users, the issuing of new credentials, the updating of existing credentials, the suspension, lifting, cancellation, record query, and use expansion Registration, etc .; and receiving a voucher from a business system, based on the voucher usage data and usage expansion Record data and valid date data to determine whether the certificate can be used in the business system, and if it can be used, the relevant data required for authentication of the certificate is transmitted to the corresponding authentication system for authentication through the communication network, and Receive its authentication results to return to the business system, where the relevant information required for the certificate to be authenticated is part of the certificate. 第28頁Page 28
TW92137390A 2003-12-30 2003-12-30 System and method for integration of multiple authentication processes TWI242348B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW92137390A TWI242348B (en) 2003-12-30 2003-12-30 System and method for integration of multiple authentication processes

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW92137390A TWI242348B (en) 2003-12-30 2003-12-30 System and method for integration of multiple authentication processes

Publications (2)

Publication Number Publication Date
TW200522653A TW200522653A (en) 2005-07-01
TWI242348B true TWI242348B (en) 2005-10-21

Family

ID=37021537

Family Applications (1)

Application Number Title Priority Date Filing Date
TW92137390A TWI242348B (en) 2003-12-30 2003-12-30 System and method for integration of multiple authentication processes

Country Status (1)

Country Link
TW (1) TWI242348B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI825298B (en) * 2020-03-26 2023-12-11 臺灣銀行股份有限公司 Financial business undertaking and review integration system and method thereof

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI825298B (en) * 2020-03-26 2023-12-11 臺灣銀行股份有限公司 Financial business undertaking and review integration system and method thereof

Also Published As

Publication number Publication date
TW200522653A (en) 2005-07-01

Similar Documents

Publication Publication Date Title
RU2292589C2 (en) Authentified payment
EP3485448B1 (en) Digital asset distribution by transaction device
CN103186861B (en) Electric paying method based on cloud data processing technique
US7596530B1 (en) Method for internet payments for content
AU2010202454B2 (en) Data authentication and provisioning method and system
RU2438172C2 (en) Method and system for performing two-factor authentication in mail order and telephone order transactions
CN107392601B (en) Application method and system for digital currency wallet
US20180225659A1 (en) Information processing device and information processing method
US20020083008A1 (en) Method and system for identity verification for e-transactions
US20090292642A1 (en) Method and system for automatically issuing digital merchant based online payment card
CN108369700A (en) Mobile-payment system
US20100306087A1 (en) Systems and methods for electronically circulating a currency
JP2013539561A (en) Management method of electronic money
JP2008504612A (en) Payment processing system
JP2000194770A (en) Method and system for electronic commercial transaction and computer program product
JPH10149394A (en) Electronic transaction method
CN109716373A (en) Cipher authentication and tokenized transaction
KR20170058950A (en) System and method for electronic payments
JPH10171887A (en) On-line shopping system
CN107851142A (en) Method and apparatus for being authenticated to the service user for the service to be provided
CN107230071B (en) Method and system for exchanging digital currency into physical cash
TWM589842U (en) Mobile trading desk with real-name phone
CN116802661A (en) Token-based out-of-chain interaction authorization
KR101984620B1 (en) Electronic Payment System
JP2001331646A (en) System and method for financial transaction using fingerprint matching