TWI529641B - System for verifying data displayed dynamically by mobile and method thereof - Google Patents

System for verifying data displayed dynamically by mobile and method thereof Download PDF

Info

Publication number
TWI529641B
TWI529641B TW103124465A TW103124465A TWI529641B TW I529641 B TWI529641 B TW I529641B TW 103124465 A TW103124465 A TW 103124465A TW 103124465 A TW103124465 A TW 103124465A TW I529641 B TWI529641 B TW I529641B
Authority
TW
Taiwan
Prior art keywords
data
verification
mobile terminal
action
authentication
Prior art date
Application number
TW103124465A
Other languages
Chinese (zh)
Other versions
TW201604804A (en
Inventor
黃介宏
Original Assignee
捷碼數位科技股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 捷碼數位科技股份有限公司 filed Critical 捷碼數位科技股份有限公司
Priority to TW103124465A priority Critical patent/TWI529641B/en
Publication of TW201604804A publication Critical patent/TW201604804A/en
Application granted granted Critical
Publication of TWI529641B publication Critical patent/TWI529641B/en

Links

Landscapes

  • Telephonic Communication Services (AREA)

Description

驗證行動端動態顯示之資料之系統及其方法System and method for verifying data dynamically displayed on the mobile terminal

一種資料驗證系統及其方法,特別係指一種驗證行動端動態顯示之資料之系統及其方法。A data verification system and method thereof, in particular, a system and method for verifying data dynamically displayed on an action end.

現今,條碼係普遍地被運用在資料之管理上。不論條碼的種類,至今的運用大多僅止於將其列印於書面等物品上,再以讀取裝置來加以讀取,進而取得條碼中所包含之資料。Today, bar codes are commonly used in the management of data. Regardless of the type of bar code, most of the applications so far have only been printed on articles such as papers, and then read by a reading device to obtain the data contained in the bar code.

而隨著無線通訊科技之進步,現今個人化的行動裝置幾乎已是生活上不可或缺的使用物品。若是將電子條碼顯示於特定人士所持有之行動裝置的顯示器上,或是將該特定人士所取得之條碼傳送至條碼解讀裝置上,則可作為各種判別或解讀的用途。舉例而言,特定人士可經由其所持有之行動電話或個人電子秘書裝置(PDA)等行動裝置來訂購其所需之商品,例如票卷等,而售票單位則可以使用電子條碼的方式將被訂購之入場票傳送至該位人士之行動裝置中,如此,對顯示於行動裝置上之電子條碼進行解讀後,解讀到的資料即可以作為該位人士入場的憑證。With the advancement of wireless communication technology, today's personalized mobile devices are almost indispensable items in life. If the electronic barcode is displayed on the display of the mobile device held by the specific person, or the barcode obtained by the specific person is transmitted to the barcode interpretation device, it can be used for various discrimination or interpretation purposes. For example, a specific person may order a desired item, such as a ticket, via a mobile device such as a mobile phone or a personal electronic secretary device (PDA), and the ticketing unit may use an electronic barcode. The ordered ticket is sent to the mobile device of the person. After the electronic barcode displayed on the mobile device is interpreted, the interpreted data can be used as a voucher for the person to enter the venue.

然而,若是該位人士複製其所接收之電子條碼並傳送給其他人士,則於入場時,其他人士同樣可以經由其所持有之行動裝置顯示電子條碼,作為入場憑證。由此可知,若電子條碼被複製,則可能會被冒用。However, if the person copies the electronic barcode received by him and transmits it to other people, other people can also display the electronic barcode as the admission ticket through the mobile device they hold when entering the venue. It can be seen that if the electronic barcode is copied, it may be fraudulently used.

綜上所述,可知先前技術中長期以來一直存在可以使用複製的電子條碼冒用身分的問題,因此有必要提出改進的技術手段,來解決此一問題。In summary, it can be seen that there has been a problem in the prior art that the use of duplicated electronic barcodes can be fraudulently used, and therefore it is necessary to propose an improved technical means to solve this problem.

有鑒於先前技術存在可以使用複製的電子條碼冒用身分的問題,本發明遂揭露一種驗證行動端動態顯示之資料之系統及其方法,其中:In view of the prior art, there is a problem that a duplicated electronic barcode can be used for fraudulent use, and the present invention discloses a system and method for verifying the dynamic display of the mobile terminal, wherein:

本發明所揭露之驗證行動端動態顯示之資料之系統,至少包含:驗證裝置以及驗證伺服器。驗證裝置用以掃描行動端所顯示之待認證資料及用以對待認證資料進行解碼以取得目標資料、時間戳、身分識別資料及行動認證資料,其中,待認證資料係行動端以行動認證金鑰產生,且與目標資料及時間戳對應;驗證伺服器,與該驗證裝置連接,用以依據身分識別資料載入伺服認證金鑰,並以伺服認證金鑰驗證行動認證資料以產生驗證結果,及用以傳送驗證結果至驗證裝置顯示。The system for verifying the dynamic display of the information on the mobile terminal disclosed by the present invention comprises at least: a verification device and a verification server. The verification device is configured to scan the data to be authenticated displayed on the mobile terminal and decode the data to be authenticated to obtain the target data, the time stamp, the identity identification data, and the action authentication data, wherein the data to be authenticated is the action authentication key. Generating, and corresponding to the target data and time stamp; the verification server is connected to the verification device for loading the servo authentication key according to the identity identification data, and verifying the action authentication data with the servo authentication key to generate the verification result, and Used to transmit the verification result to the verification device display.

本發明所揭露之驗證行動端動態顯示之資料之方法,其步驟至少包括:行動端取得目標資料及身分識別資料;行動端載入預先儲存之行動認證金鑰;行動端以行動認證金鑰產生與目標資料及時間戳對應之行動認證資料;行動端至少依據目標資料、時間戳、行動認證資料、及身分識別資料產生相對應之待認證資料;行動端顯示待認證資料;驗證裝置掃描被行動端顯示之待認證資料;驗證裝置對待認證資料進行解碼以取得目標資料、時間戳、身分識別資料及行動認證資料;驗證裝置傳送目標資料、時間戳、身分識別資料及行動認證資料至驗證伺服器;驗證伺服器依據身分識別資料載入伺服認證金鑰;驗證伺服器以伺服認證金鑰驗證行動認證資料並產生驗證結果;驗證伺服器傳送驗證結果至驗證裝置;驗證裝置顯示驗證結果。The method for verifying the dynamic display of the information on the mobile terminal includes at least: the mobile terminal acquires the target data and the identity identification data; the mobile terminal loads the pre-stored action authentication key; and the mobile terminal generates the action authentication key. Action authentication data corresponding to the target data and time stamp; the mobile terminal generates corresponding data to be authenticated based on at least the target data, time stamp, action authentication data, and identity identification data; the mobile terminal displays the data to be authenticated; and the verification device scan is acted upon. The verification device reads the authentication data to obtain the target data, the time stamp, the identity identification data, and the action authentication data; the verification device transmits the target data, the time stamp, the identity identification data, and the action authentication data to the verification server. The verification server loads the servo authentication key according to the identity identification data; the verification server verifies the action authentication data with the servo authentication key and generates a verification result; the verification server transmits the verification result to the verification device; and the verification device displays the verification result.

本發明所揭露之系統與方法如上,與先前技術之間的差異在於本發明透過行動端以行動認證金鑰產生與目標資料對應之行動認證資料後,依據目標資料、時間戳、行動認證資料、及身分識別資料產生相對應之待認證資料,驗證裝置掃描被行動端顯示之待認證資料後,對待認證資料進行解碼以取得目標資料、時間戳、身分識別資料及行動認證資料,驗證伺服器依據身分識別資料載入伺服認證金鑰後,以伺服認證金鑰驗證行動認證資料並產生驗證結果,藉以解決先前技術所存在的問題,並可以達成動態提供待認證資料,且能夠快速簡易的進行認證之技術功效。The system and method disclosed in the present invention are as above, and the difference between the prior art and the prior art is that the present invention generates the action authentication data corresponding to the target data by using the action authentication key, and according to the target data, time stamp, action authentication data, And the identity identification data generates corresponding data to be authenticated, and after the verification device scans the data to be authenticated displayed by the mobile terminal, the authentication data is decoded to obtain the target data, the time stamp, the identity identification data, and the action authentication data, and the verification server is based on the verification data. After the identity identification data is loaded into the servo authentication key, the action authentication data is verified by the servo authentication key and the verification result is generated, thereby solving the problems existing in the prior art, and the dynamic provision of the information to be authenticated can be achieved, and the authentication can be performed quickly and easily. Technical efficacy.

以下將配合圖式及實施例來詳細說明本發明之特徵與實施方式,內容足以使任何熟習相關技藝者能夠輕易地充分理解本發明解決技術問題所應用的技術手段並據以實施,藉此實現本發明可達成的功效。The features and embodiments of the present invention will be described in detail below with reference to the drawings and embodiments, which are sufficient to enable those skilled in the art to fully understand the technical means to which the present invention solves the technical problems, and The achievable effects of the present invention.

本發明可以由行動端產生並顯示待認證資料,在驗證裝置掃描行動端所顯示的待認證資料後,將解析出的目標資料、時間戳、身分識別資料以及行動認證資料傳送到驗證伺服器進行驗證,藉以提供具有防偽、防複製、且具有時效性的驗證機制。The invention can generate and display the data to be authenticated by the mobile terminal, and after the verification device scans the data to be authenticated displayed on the mobile terminal, the parsed target data, time stamp, identity identification data and action authentication data are transmitted to the verification server. Verification to provide an authentication mechanism that is anti-counterfeiting, anti-copy, and time-sensitive.

本發明所提之「目標資料」為需要驗證的資料,可以是使用者的身分資料,也可以是電子票卷的票卷資料,還可以是電子交易的交易資料等,但本發明所提之「目標資料」並不以上述為限,凡需要進行驗證的資料都可以做為本發明所提之目標資料。The "target data" mentioned in the present invention is the information to be verified, and may be the identity data of the user, the ticket data of the electronic ticket, or the transaction data of the electronic transaction, etc., but the present invention proposes The "target data" is not limited to the above, and any information that needs to be verified can be used as the target data for the present invention.

本發明所提之「時間戳」為可以表示時間的資料。例如,「2014/7/8 17:39:13」等以特定格式記載的資料,或是特定時間至某一時間所經過的秒數等,本發明並沒有特別的限制。The "time stamp" proposed by the present invention is data that can represent time. For example, the data described in a specific format such as "2014/7/8 17:39:13", or the number of seconds elapsed from a specific time to a certain time, is not particularly limited.

本發明所提之「待認證資料」為對資料進行特定運算所產生的資料,且可以解析待認證資料而取得原先進行運算的資料,例如,一維條碼或二維條碼、快速響應矩陣碼(Quick Response Code, QR-Code)、圖片等,但本發明所提之待認證資料並不以上述為限。The "data to be authenticated" mentioned in the present invention is data generated by performing specific operations on the data, and can analyze the data to be authenticated to obtain the original calculation data, for example, a one-dimensional barcode or a two-dimensional barcode, a fast response matrix code ( Quick Response Code, QR-Code, pictures, etc., but the information to be authenticated mentioned in the present invention is not limited to the above.

本發明所提之「身分識別資料」可以是使用者預先建立的帳號、電子郵件地址、行動裝置的機碼、裝置識別碼、或發話號碼等可以對應至使用者的資料,但本發明所提之身分識別資料並不以上述為限。另外,本發明所提之「行動認證資料」為經過特定編碼運算後所產生的資料,可以是文字、數字、符號的任意組合。The "identity identification data" mentioned in the present invention may be an account number, an email address, a machine code of a mobile device, a device identification code, or a phone number that the user has established in advance, and may correspond to the user, but the present invention proposes The identity identification information is not limited to the above. In addition, the "action authentication data" proposed by the present invention is data generated after a specific coding operation, and may be any combination of characters, numbers, and symbols.

以下先以「第1圖」本發明所提之驗證行動端動態顯示之資料之系統架構圖來說明本發明的系統運作。如「第1圖」所示,本發明之系統含有行動端100、驗證伺服器200、以及驗證裝置290。其中,行動端100可以透過網際網路400與驗證伺服器200連接;驗證裝置290與驗證伺服器200則可以直接連接,例如,透過串列(Serial)線與驗證伺服器200連接,驗證裝置290也可以透過如近端網路(local network)、或內部網路(intranet)等網路連接,本發明並沒有特別的限制。In the following, the system operation of the present invention will be described with reference to the system architecture diagram of the data of the dynamic display of the verification mobile terminal proposed by the present invention. As shown in FIG. 1, the system of the present invention includes a mobile terminal 100, a verification server 200, and a verification device 290. The mobile terminal 400 can be connected to the verification server 200 through the Internet 400. The verification device 290 and the verification server 200 can be directly connected, for example, connected to the verification server 200 through a serial line, and the verification device 290 is connected. The present invention is also not particularly limited by a network connection such as a local network or an intranet.

行動端100可以是行動裝置,也可以是執行於行動裝置上的應用程式,本發明並沒有特別的限制。其中,行動端100可以如「第2A圖」所示,包含讀取模組120、認證資料產生模組150、編碼模組160、顯示模組180,以及可附加的傳輸模組110、輸入模組130、加解密模組140。The mobile terminal 100 may be a mobile device or an application executed on the mobile device, and the present invention is not particularly limited. The mobile terminal 100 can include a reading module 120, an authentication data generating module 150, an encoding module 160, a display module 180, and an additional transmission module 110 and an input module, as shown in FIG. 2A. Group 130, encryption and decryption module 140.

傳輸模組110可以與驗證伺服器200連接,藉以讓行動裝置的使用者可以至驗證伺服器200進行註冊程序。例如,接收驗證伺服器200所傳送的驗證資料與伺服認證金鑰、傳送身分識別資料與驗證資料至驗證伺服器200等,甚至,傳輸模組110還可以將驗證伺服器200所傳送的伺服認證金鑰做為行動認證金鑰儲存至執行有本發明之行動裝置的儲存媒體中。The transmission module 110 can be connected to the verification server 200, so that the user of the mobile device can go to the verification server 200 to perform the registration process. For example, the verification data transmitted by the verification server 200 and the servo authentication key, the identity identification data and the verification data are transmitted to the verification server 200, and the transmission module 110 can also perform the servo authentication transmitted by the verification server 200. The key is stored as a mobile authentication key in a storage medium on which the mobile device of the present invention is executed.

一般而言,傳輸模組110會透過使用安全連接層(Secure Sockets Layer, SSL)或虛擬私人網路(Virtual Private Network, VPN)等技術所產生的安全通道與驗證伺服器200連線,但本發明並不以此為限。Generally, the transmission module 110 is connected to the verification server 200 through a secure channel generated by using a Secure Sockets Layer (SSL) or a Virtual Private Network (VPN) technology, but The invention is not limited to this.

讀取模組120負責讀取目標資料、身分識別資料以及行動認證金鑰。在部份的實施例中,目標資料即為身分識別資料,但本發明並不以此為限。在部分的實施例中,輸入模組130也可以讀取行動端100之使用者的通訊資料。其中,通訊資料為可以與使用者聯絡的資料,包含但不限於電子郵件地址、手機門號、即時通訊帳號等。The reading module 120 is responsible for reading the target data, the identity identification data, and the action authentication key. In some embodiments, the target data is identity identification data, but the invention is not limited thereto. In some embodiments, the input module 130 can also read the communication data of the user of the mobile terminal 100. The communication data is information that can be contacted by the user, including but not limited to an email address, a mobile phone number, an instant messaging account, and the like.

目標資料、身分識別資料、通訊資料以及行動認證金鑰通常預先被儲存於執行本發明之行動裝置的儲存媒體中。行動裝置之儲存媒體可以是內嵌於行動裝置的隨機存取記憶體(RAM)、唯讀記憶體(ROM)、可擦寫可程式化唯讀記憶體(RPROM)、快閃記憶體(Flash)等記憶體,也可以是與行動裝置連接的儲存裝置,本發明並沒有特別的限制,凡可以儲存資料者都可以做為本發明所提之儲存媒體。The target data, the identity identification data, the communication data, and the mobile authentication key are usually stored in advance in a storage medium for executing the mobile device of the present invention. The storage medium of the mobile device may be a random access memory (RAM), a read only memory (ROM), a rewritable programmable read only memory (RPROM), or a flash memory (Flash) embedded in the mobile device. The memory may also be a storage device connected to the mobile device. The present invention is not particularly limited, and any person who can store the data can be used as the storage medium of the present invention.

本發明所提之「行動認證金鑰」可以由特定數量的文字、數字、符號任意組合而成。在某些實施例中,行動認證金鑰可以是由驗證伺服器所產生的資料,而在某些實施例中,行動認證金鑰則可以是使用者所申請之電子憑證中的私鑰(Private key)。另外,在部分的實施例中,行動認證金鑰通常會在被加密後才會被儲存,但本發明並不以此為限。The "action authentication key" proposed by the present invention can be arbitrarily combined by a specific number of characters, numbers, and symbols. In some embodiments, the action authentication key may be the data generated by the authentication server, and in some embodiments, the action authentication key may be the private key in the electronic voucher applied by the user (Private) Key). In addition, in some embodiments, the mobile authentication key is usually stored after being encrypted, but the invention is not limited thereto.

目標資料、身分識別資料、通訊資料以及行動認證金鑰並不一定會儲存在同一種儲存媒體中,例如,目標資料可以被儲存在隨機存取記憶體、身分識別資料可以被儲存在可擦寫可程式化唯讀記憶體、通訊資料與行動認證金鑰可以被儲存在快閃記憶體中等,如此,讀取模組120會分別至隨機存取記憶體、可擦寫可程式化唯讀記憶體、快閃記憶體中讀取目標資料、身分識別資料、通訊資料與行動認證金鑰。Target data, identity identification data, communication data, and mobile authentication keys are not necessarily stored in the same storage medium. For example, target data can be stored in random access memory, and identity identification data can be stored in rewritable. The programmable read-only memory, communication data and mobile authentication keys can be stored in the flash memory, so that the reading module 120 respectively goes to the random access memory, the rewritable programmable vocal memory Read target data, identity identification data, communication data, and action authentication key in body and flash memory.

實務上,讀取模組120並不一定只能從行動端100之儲存媒體中讀取目標資料、身分識別資料、通訊資料、以及行動認證金鑰等資料,也可以讀取傳輸模組110接受自外部伺服器或應用程式所提供之目標資料,甚至可以對一維條碼、二維條碼、或影像進行解析以取得資料,或是提供使用者介面使得使用者可以直接輸入資料,本發明並沒有特別的限制,凡可以讓讀取模組120取得資料的方式都可以在本發明中被使用。In practice, the reading module 120 does not necessarily read the target data, the identity identification data, the communication data, and the action authentication key from the storage medium of the mobile terminal 100, and can also read the transmission module 110. The target data provided by the external server or application can even parse the 1D barcode, 2D barcode, or image to obtain the data, or provide the user interface so that the user can directly input the data. The present invention does not In particular, any manner in which the reading module 120 can obtain data can be used in the present invention.

輸入模組130可以提供輸入對行動認證金鑰進行加解密所使用的密碼。例如,在讀取模組120所讀出之行動認證金鑰被加密時,輸入模組130可以提供使用者介面,藉以讓使用者輸入解密的密碼。而在傳輸模組110接收到行動認證金鑰時,輸入模組130也可以提供使用者介面,藉以讓使用者輸入對行動認證金鑰加密的密碼。The input module 130 can provide a password for inputting the encryption and decryption of the mobile authentication key. For example, when the action authentication key read by the reading module 120 is encrypted, the input module 130 can provide a user interface for the user to input the decrypted password. When the transmission module 110 receives the action authentication key, the input module 130 can also provide a user interface for the user to input a password for encrypting the action authentication key.

加解密模組140可以依據輸入模組130提供輸入的密碼對讀取模組120所讀出之行動認證金鑰進行解密,並將解密後的行動認證金鑰提供給認證資料產生模組150。加解密模組140也可以依據輸入模組130提供輸入的密碼對傳輸模組110所接收到的行動認證金鑰進行加密,並將加密後的行動認證金鑰儲存至執行有本發明之行動裝置的儲存媒體中。The encryption and decryption module 140 can decrypt the action authentication key read by the reading module 120 according to the input password provided by the input module 130, and provide the decrypted action authentication key to the authentication data generation module 150. The encryption and decryption module 140 may also encrypt the action authentication key received by the transmission module 110 according to the input password provided by the input module 130, and store the encrypted action authentication key to the mobile device executing the invention. In the storage medium.

認證資料產生模組150負責以行動認證金鑰產生行動認證資料。當行動認證金鑰為驗證伺服器所產生之資料時,認證資料產生模組150可以依據訊息認證碼(Message Authentication Code, MAC)、雜湊訊息認證碼(Hash Message Authentication Code, HMAC)、RFC 4226:HMAC式一次性密碼(HMAC-Based One-Time Password, HOPT)、或RFC 6238:時間式一次性密碼(Time-based One-Time Password, TOPT)等演算法,使用行動認證金鑰對目標資料進行運算,並將運算後產生的押碼做為行動認證資料;而當行動認證金鑰為使用者所申請的私鑰時,認證資料產生模組150可以使用習知之簽章演算法對目標資料進行運算,並將運算後所產生的簽章作為行動認證資料。The authentication data generation module 150 is responsible for generating action authentication data using the action authentication key. When the action authentication key is the data generated by the authentication server, the authentication data generating module 150 can be based on a message authentication code (MAC), a hash message authentication code (HMAC), and an RFC 4226: HMAC-Based One-Time Password (HOPT), or RFC 6238: Time-based One-Time Password (TOPT) algorithm, using the action authentication key to target data The operation, and the hack code generated after the operation is used as the action authentication data; and when the action authentication key is the private key applied by the user, the authentication data generating module 150 can use the conventional signature algorithm to perform the target data. The operation, and the signature generated after the operation is used as the action authentication data.

在部分的實施例中,認證資料產生模組150在使用行動認證金鑰進行運算產生行動認證資料時,被運算的資料並非只有目標資料,而是還包含用來表示當前時間的時間戳。也就是說,行動認證資料也可能是認證資料產生模組150使用行動認證金鑰對包含目標資料以及時間戳的資料進行運算所產生,如此,認證資料產生模組150每一次所產生的行動認證資料都會不同,也就是說,認證資料產生模組150可以動態的產生行動認證資料。In some embodiments, when the authentication data generation module 150 uses the action authentication key to generate the action authentication data, the data to be operated is not only the target data, but also includes a time stamp indicating the current time. That is to say, the action authentication data may also be generated by the authentication data generating module 150 using the action authentication key to calculate the data including the target data and the time stamp, and thus, the authentication authentication generated by the authentication data generating module 150 each time. The data will be different, that is, the authentication data generation module 150 can dynamically generate the action authentication data.

編碼模組160負責產生待認證資料。一般而言,編碼模組160至少會依據讀取模組120所讀出之目標資料與身分識別資料、認證資料產生模組150所產生之行動認證資料,以及認證資料產生模組150產生行動認證資料所使用之時間戳產生待認證資料。The encoding module 160 is responsible for generating the data to be authenticated. In general, the encoding module 160 generates the action authentication based on the target data and the identity identification data read by the reading module 120, the action authentication data generated by the authentication data generating module 150, and the authentication data generating module 150. The timestamp used by the data generates the data to be authenticated.

顯示模組180負責顯示編碼模組160運算產生的待認證資料,使得編碼模組160產生的待認證資料被顯示在執行本發明之行動裝置的顯示螢幕上。The display module 180 is responsible for displaying the data to be authenticated generated by the operation of the encoding module 160, so that the data to be authenticated generated by the encoding module 160 is displayed on the display screen of the mobile device executing the present invention.

以下將進一步說明驗證伺服器200。驗證伺服器200負責進行資料的驗證。驗證伺服器200可以如「第2B圖」所示,包含儲存媒體201、傳輸模組210、識別載入模組220、認證資料驗證模組230,以及可附加的驗證資料產生模組250、驗證資料檢查模組260、金鑰產生模組270、憑證驗證模組280。The verification server 200 will be further explained below. The verification server 200 is responsible for verifying the data. The verification server 200 can include a storage medium 201, a transmission module 210, an identification loading module 220, an authentication data verification module 230, and an additional verification data generation module 250, as shown in FIG. 2B. The data checking module 260, the key generating module 270, and the credential verification module 280.

儲存媒體201負責儲存資料。儲存媒體201所儲存的資料中,有部份資料中的每一筆資料都包含身分識別資料以及相對應之伺服認證金鑰。本發明所提之「伺服認證金鑰」可以由特定數量的文字、數字、符號任意組合而成。在某些實施例中,伺服認證金鑰可以是由金鑰產生模組270所產生的資料,而在某些實施例中,伺服認證金鑰則可以是使用者所申請之電子憑證中的公鑰(Public key)。另外,在部分的實施例中,伺服認證金鑰會在被加密後才會被儲存,但本發明並不以此為限。The storage medium 201 is responsible for storing data. Among the data stored in the storage medium 201, each of the data includes the identity identification data and the corresponding servo authentication key. The "servo authentication key" proposed by the present invention can be arbitrarily combined by a specific number of characters, numbers, and symbols. In some embodiments, the servo authentication key may be the data generated by the key generation module 270, and in some embodiments, the servo authentication key may be the public one of the electronic credentials applied by the user. Key (Public key). In addition, in some embodiments, the servo authentication key will be stored after being encrypted, but the invention is not limited thereto.

傳輸模組210與驗證裝置290連接,負責與驗證裝置290交換資料,藉以完成目標資料的驗證。The transmission module 210 is connected to the verification device 290 and is responsible for exchanging data with the verification device 290 to complete verification of the target data.

傳輸模組210也可以與行動端100連接,可以與行動端100交換資料,藉以完成行動端100之使用者的註冊程序。一般而言,傳輸模組210可以透過網際網路400與行動端100連接。The transmission module 210 can also be connected to the mobile terminal 100, and can exchange data with the mobile terminal 100, thereby completing the registration procedure of the user of the mobile terminal 100. In general, the transmission module 210 can be connected to the mobile terminal 100 via the Internet 400.

識別載入模組220負責在傳輸模組210接收到驗證裝置290所傳送的身分識別資料後,載入與傳輸模組210所接收之身分識別資料對應的伺服認證金鑰。例如,識別載入模組220可以至儲存媒體201中搜尋到傳輸模組210所接收之身分識別資料,並讀取相對應的伺服認證金鑰,藉以完成伺服認證金鑰的載入。The identification loading module 220 is responsible for loading the servo authentication key corresponding to the identity identification data received by the transmission module 210 after the transmission module 210 receives the identity identification data transmitted by the verification device 290. For example, the identification loading module 220 can search the storage medium 201 for the identity identification data received by the transmission module 210, and read the corresponding servo authentication key, so as to complete the loading of the servo authentication key.

在部分的實施例中,若伺服認證金鑰是在被加密後才被儲存,則識別載入模組220可以先將伺服認證金鑰解密後才提供給認證資料驗證模組230。In some embodiments, if the servo authentication key is stored after being encrypted, the identification loading module 220 may first decrypt the servo authentication key before providing the authentication data verification module 230.

認證資料驗證模組230負責以識別資料載入模組220所載入的伺服認證金鑰驗證行動認證資料,並在驗證後產生相對應的驗證結果。The authentication data verification module 230 is responsible for verifying the action authentication data by the servo authentication key loaded by the identification data loading module 220, and generating a corresponding verification result after verification.

一般而言,認證資料驗證模組230可以以伺服認證金鑰產生伺服認證資料,並接著比對所產生的伺服認證資料以及傳輸模組210所接收到的行動認證資料,藉以依據比對結果產生驗證結果。其中,認證資料驗證模組230需要使用與行動端100之認證資料產生模組150產生行動認證金鑰所使用之演算法相同的演算法進行運算,也就是說,不論認證資料產生模組150是依據MAC、Hash-MAC、HOTP、或TOPT等演算法,或是依據簽章演算法,使用行動認證金鑰對目標資料進行運算而產生行動認證資料,認證資料驗證模組230也需要依據相同的演算法,使用伺服認證金鑰對目標資料進行運算而產生伺服認證資料。In general, the authentication data verification module 230 can generate the servo authentication data by using the servo authentication key, and then compare the generated servo authentication data with the action authentication data received by the transmission module 210, thereby generating a comparison result. Validation results. The authentication data verification module 230 needs to perform an operation using the same algorithm as the algorithm used by the authentication data generation module 150 of the mobile terminal 100 to generate the action authentication key, that is, regardless of the authentication data generation module 150. According to the algorithms such as MAC, Hash-MAC, HOTP, or TOPT, or according to the signature algorithm, the action authentication key is used to calculate the target data to generate the action authentication data, and the authentication data verification module 230 also needs to be based on the same The algorithm uses the servo authentication key to calculate the target data to generate the servo authentication data.

當認證資料驗證模組230所產生的伺服認證資料與傳輸模組210所接收到的行動認證資料不同時,表示行動認證資料通過驗證,認證資料驗證模組230可以產生表示行動認證資料通過驗證的驗證結果,而若伺服認證資料與行動認證資料不同,表示行動認證資料無法通過驗證,認證資料驗證模組230可以產生表示行動認證資料未通過驗證的驗證結果。When the server authentication data generated by the authentication data verification module 230 is different from the action authentication data received by the transmission module 210, it indicates that the action authentication data is verified, and the authentication data verification module 230 can generate the verification that the action authentication data is verified. The verification result, and if the servo authentication data is different from the action authentication data, indicating that the action authentication data cannot be verified, the authentication data verification module 230 may generate a verification result indicating that the action authentication data has not passed the verification.

在部分的實施例中,在認證資料驗證模組230判斷行動認證資料通過驗證後,認證資料驗證模組230通常不會直接產生驗證結果,而是會進一步判斷當前之時間與傳輸模組210所接收到之時間戳所表示的時間之時間差是否在預定的時間範圍內,若是,則認證資料驗證模組230才會產生表示行動認證資料通過驗證的驗證結果,而若當前之時間與時間戳所表示的時間之時間差沒有落在預定的時間範圍內,則認證資料驗證模組230依然會產生表示行動認證資料未通過驗證的驗證結果。但認證資料驗證模組230產生驗證結果之方式並不以上述為限。其中,上述之預定的時間範圍例如10分鐘、半小時等,但本發明並不以此為限。In some embodiments, after the authentication data verification module 230 determines that the action authentication data has passed the verification, the authentication data verification module 230 does not directly generate the verification result, but further determines the current time and transmission module 210. Whether the time difference of the time indicated by the received time stamp is within a predetermined time range, and if so, the authentication data verification module 230 generates a verification result indicating that the action authentication data passes the verification, and if the current time and time stamp are used The time difference of the indicated time does not fall within the predetermined time range, and the authentication data verification module 230 still generates a verification result indicating that the action authentication data has not passed the verification. However, the manner in which the authentication data verification module 230 generates the verification result is not limited to the above. The predetermined time range is, for example, 10 minutes, half an hour, etc., but the invention is not limited thereto.

驗證資料產生模組250可以在傳輸模組210接收到行動端100所傳送的使用者資料後,產生驗證資料,並將傳輸模組210接收到的使用者資料以及所產生的驗證資料做為一筆資料,儲存至儲存媒體201中。其中,傳輸模組210所接收到之使用者資料包含身分識別資料、或身分識別資料與通訊資料,其中,若使用者資料僅包含身分識別資料,則表示足以依據身分識別資料與使用者通訊,例如為電子郵件帳號或手機門號等;驗證資料產生模組250所產生驗證資料為隨機產生的一次性資料,且具有時效性,但本發明並不以此為限。The verification data generation module 250 may generate verification data after the transmission module 210 receives the user data transmitted by the mobile terminal 100, and use the user data received by the transmission module 210 and the generated verification data as a The data is stored in the storage medium 201. The user data received by the transmission module 210 includes the identity identification data, or the identity identification data and the communication data. If the user data only includes the identity identification data, it indicates that the user identification data is sufficient to communicate with the user according to the identity identification data. For example, the email account or the mobile phone number, etc.; the verification data generated by the verification data generation module 250 is a randomly generated one-time data, and has timeliness, but the invention is not limited thereto.

驗證資料產生模組250也可以透過傳輸模組210將所產生的驗證資料傳送至行動端100。一般而言,傳輸模組210可以依據使用者資料中的身分識別資料或通訊資料選擇使用簡訊、電子郵件、或即時訊息等方式傳送驗證資料,但本發明並不以此為限。The verification data generation module 250 can also transmit the generated verification data to the mobile terminal 100 through the transmission module 210. Generally, the transmission module 210 can select to use the short message, email, or instant message to transmit the verification data according to the identity identification data or the communication data in the user data, but the invention is not limited thereto.

驗證資料檢查模組260可以在傳輸模組210接收到行動端100所傳送的身分識別資料以及驗證資料後,依據傳輸模組210所接收到的身分識別資料至儲存媒體201讀取驗證資料,並比對被讀出的驗證資料以及被接收到的驗證資料,藉以判斷行動端100所傳送的驗證資料是否正確。當被讀出的驗證資料與被接收到的驗證資料相同,表示行動端100所傳送的驗證資料正確,而若被讀出的驗證資料與被接收到的驗證資料不同,表示行動端100所傳送的驗證資料不正確。After the transmission module 210 receives the identity identification data and the verification data transmitted by the mobile terminal 100, the verification data checking module 260 can read the verification data according to the identity identification data received by the transmission module 210 to the storage medium 201, and The verification data read out and the verification data received are compared to determine whether the verification data transmitted by the mobile terminal 100 is correct. When the verified verification data is the same as the received verification data, it indicates that the verification data transmitted by the mobile terminal 100 is correct, and if the verification verification data is different from the received verification data, it indicates that the verification data is transmitted by the mobile terminal 100. The verification information is incorrect.

金鑰產生模組270可以在驗證資料檢查模組260判斷行動端100所傳送的驗證資料正確時,產生伺服認證金鑰。一般而言,金鑰產生模組270可以使用特定的演算法產生伺服認證金鑰,但本發明並不以此為限,例如,金鑰產生模組270也可以隨機產生伺服認證金鑰。其中,上述金鑰產生模組270可以使用之演算法例如但不限於在RFC 5968、NIST SP 800-108、NIST SP 800-132等文件中所提之衍生金鑰(Key Derivation)演算法。The key generation module 270 can generate a servo authentication key when the verification data inspection module 260 determines that the verification data transmitted by the mobile terminal 100 is correct. In general, the key generation module 270 can generate a servo authentication key using a specific algorithm. However, the present invention is not limited thereto. For example, the key generation module 270 can also randomly generate a servo authentication key. The algorithm used by the key generation module 270 can be used, for example, but not limited to, a Key Derivation algorithm proposed in documents such as RFC 5968, NIST SP 800-108, NIST SP 800-132, and the like.

金鑰產生模組270也可以將所產生的伺服認證金鑰以及傳輸模組210所接收到的使用者資料做為一筆資料,儲存到儲存媒體201中。一般而言,金鑰產生模組270會先將伺服認證金鑰加密後才將加密後的伺服認證金鑰與身分識別資料儲存至儲存媒體201中,但本發明並不以此為限。The key generation module 270 can also store the generated servo authentication key and the user data received by the transmission module 210 as a piece of data and store it in the storage medium 201. Generally, the key generation module 270 encrypts the servo authentication key and then stores the encrypted servo authentication key and the identity identification data into the storage medium 201. However, the present invention is not limited thereto.

金鑰產生模組270也可以透過傳輸模組210將所產生的伺服認證金鑰傳送到行動端100,使得行動端100將接收到的伺服認證金鑰做為行動認證金鑰。其中,傳輸模組210可以依據儲存媒體201中所儲存之身分識別資料或與身分識別資料一同被儲存之通訊資料,選擇使用簡訊、電子郵件、或即時訊息等方式傳送伺服認證金鑰,但本發明並不以此為限,例如,傳輸模組210也可以使用行動端100所建立的SSL或VPN連線,直接傳送伺服認證金鑰給行動端100。The key generation module 270 can also transmit the generated servo authentication key to the mobile terminal 100 through the transmission module 210, so that the mobile terminal 100 uses the received servo authentication key as the action authentication key. The transmission module 210 may select to use a short message, an email, or an instant message to transmit a servo authentication key according to the identity identification data stored in the storage medium 201 or the communication data stored together with the identity identification data, but The invention is not limited thereto. For example, the transmission module 210 can directly transmit the servo authentication key to the mobile terminal 100 by using the SSL or VPN connection established by the mobile terminal 100.

憑證驗證模組280可以在傳輸模組210接收到行動端100所傳送的身分識別資料、識別資料以及使用者所申請的電子憑證後,且驗證資料檢查模組260判斷行動端100所傳送的驗證資料正確時,進一步判斷傳輸模組210所接收到的電子憑證是否正確。The voucher verification module 280 can receive the identity identification data transmitted by the mobile terminal 100, the identification data, and the electronic voucher applied by the user, and the verification data checking module 260 determines the verification transmitted by the mobile terminal 100. When the data is correct, it is further determined whether the electronic certificate received by the transmission module 210 is correct.

若憑證驗證模組280判斷傳輸模組210所接收到的電子憑證正確,則憑證驗證模組280可以將傳輸模組210所接收到之電子憑證中的公鑰做為伺服認證金鑰,並將電子憑證中的公鑰以及傳輸模組210所接收到的身分識別資料做為一筆資料,儲存到儲存媒體201中。與金鑰產生模組270相似的,憑證驗證模組280可以先將伺服認證金鑰加密後,才將加密後的伺服認證金鑰與身分識別資料儲存至儲存媒體201中,但本發明並不以此為限。If the voucher verification module 280 determines that the electronic voucher received by the transmission module 210 is correct, the voucher verification module 280 can use the public key in the electronic voucher received by the transmission module 210 as the servo authentication key, and The public key in the electronic voucher and the identity identification data received by the transmission module 210 are stored as a piece of data in the storage medium 201. Similar to the key generation module 270, the credential verification module 280 may first encrypt the servo authentication key before storing the encrypted servo authentication key and the identity identification data in the storage medium 201, but the present invention does not This is limited to this.

以下將繼續說明驗證裝置290。驗證裝置290負責掃描行動端100所顯示的待認證資料。驗證裝置290會隨著待認證資料的不同而使用不同的掃瞄技術,例如,當待認證資料為一維條碼時,驗證裝置290可以使用一維條碼掃瞄設備掃描待認證資料,而當待認證資料為QR-code或圖像時,驗證裝置290則為具有攝像鏡頭的裝置,藉以掃描待認證資料。The verification device 290 will continue to be described below. The verification device 290 is responsible for scanning the data to be authenticated displayed by the mobile terminal 100. The verification device 290 may use different scanning technologies depending on the data to be authenticated. For example, when the data to be authenticated is a one-dimensional barcode, the verification device 290 may scan the data to be authenticated by using the one-dimensional barcode scanning device. When the authentication material is a QR-code or an image, the verification device 290 is a device having an imaging lens to scan the data to be authenticated.

驗證裝置290也負責對掃描所得之待認證資料進行解碼,並在解碼後取得目標資料、時間戳、身分識別資料、以及行動認證資料。The verification device 290 is also responsible for decoding the scanned data to be authenticated, and obtaining the target data, time stamp, identity identification data, and action authentication data after decoding.

驗證裝置290還負責將解碼待認證資料所取得的目標資料、時間戳、身分識別資料、行動認證資料等資料傳送到驗證伺服器200進行驗證,並顯示驗證伺服器200所傳回的驗證結果。The verification device 290 is also responsible for transmitting the target data, the time stamp, the identity identification data, the action authentication data and the like obtained by decoding the data to be authenticated to the verification server 200 for verification, and displaying the verification result returned by the verification server 200.

在部份的實施例中,待認證資料在解碼後還可以取得交易識別資料,驗證裝置290可以在驗證伺服器200所產生之驗證結果表示行動認證資料通過驗證時,依據解碼待認證資料後所取得的交易識別資料,進行相對應的交易。In some embodiments, the data to be authenticated may also obtain the transaction identification data after the decoding, and the verification device 290 may, after verifying that the verification result generated by the verification server 200 indicates that the action authentication data passes the verification, according to the decoding of the data to be authenticated. The acquired transaction identification data is used for the corresponding transaction.

接著以第一個實施例來解說本發明的運作系統與方法,並請參照「第3A圖」本發明所提之使用者註冊之方法流程圖以及「第3C圖」本發明所提之驗證行動端動態顯示之資料之方法流程圖。在本實施例中,假設有本發明外部之會員系統欲透過本發明驗證會員的身分。Next, the operation system and method of the present invention will be explained in the first embodiment, and the flow chart of the user registration method and the "3C chart" proposed by the present invention will be described with reference to "3A". A flow chart of the method of dynamically displaying the data. In the present embodiment, it is assumed that the member system external to the present invention intends to verify the identity of the member through the present invention.

首先,該會員系統的會員(以下稱使用者)需要在其所使用的手機等行動裝置上安裝支援本發明的應用程式(行動端100),並完成註冊程序。First, members of the member system (hereinafter referred to as users) need to install an application (action terminal 100) supporting the present invention on a mobile device such as a mobile phone used, and complete the registration process.

在使用者安裝並執行支援本發明的應用程式後,行動端100的輸入模組130可以提供使用者輸入身分識別資料,或身分識別資料與通訊資料等使用者資料,並在使用者完成輸入後,透過行動端100的傳輸模組110將使用者所輸入的使用者資料透過SSL或VPN傳送給驗證伺服器200(步驟312)。在本實施例中,假設身分識別資料為使用者在該會員系統中的帳號,例如,電子郵件地址。After the user installs and executes the application supporting the present invention, the input module 130 of the mobile terminal 100 can provide the user to input the identity identification data, or the user identification data and the communication data, and after the user completes the input. The user data input by the user is transmitted to the verification server 200 via SSL or VPN through the transmission module 110 of the mobile terminal 100 (step 312). In the present embodiment, it is assumed that the identity identification material is an account number of the user in the member system, for example, an email address.

在驗證伺服器200的傳輸模組210接收到行動端100所傳送的使用者資料後,驗證伺服器200的驗證資料產生模組250可以產生一次性的驗證資料,並將所產生的驗證資料以及傳輸模組210所接收到的使用者資料做為一筆資料暫存在驗證伺服器200的儲存媒體201中,以及透過傳輸模組210將所產生的驗證資料傳送給行動端100(步驟316)。在本實施例中,假設傳輸模組210是透過電子郵件將驗證資料傳送到使用者的電子郵件信箱(也就是使用者在該會員系統中的帳號)中。After the transmission module 210 of the verification server 200 receives the user data transmitted by the mobile terminal 100, the verification data generation module 250 of the verification server 200 can generate a one-time verification data, and generate the verification data and The user data received by the transmission module 210 is temporarily stored in the storage medium 201 of the verification server 200, and the generated verification data is transmitted to the mobile terminal 100 through the transmission module 210 (step 316). In this embodiment, it is assumed that the transmission module 210 transmits the verification data to the user's email mailbox (that is, the user's account number in the member system) via email.

在使用者至電子郵件信箱中閱讀驗證伺服器200所傳送之包含驗證資料的電子郵件後,使用者可以透過行動端100的輸入模組130輸入驗證資料,如此,行動端100的傳輸模組110可以透過SSL或VPN的連線,將輸入模組130提供使用者輸入的驗證資料以及使用者先前所輸入的身分識別資料傳送給驗證伺服器200(步驟318a)。After the user-to-email mailbox reads the email containing the verification data transmitted by the verification server 200, the user can input the verification data through the input module 130 of the mobile terminal 100. Thus, the transmission module 110 of the mobile terminal 100 The authentication module input by the input module 130 and the identity identification data previously input by the user may be transmitted to the verification server 200 via the SSL or VPN connection (step 318a).

在驗證伺服器200的傳輸模組210接收到行動端100所傳送的驗證資料以及身分識別資料後,驗證伺服器200的驗證資料檢查模組260可以判斷傳輸模組210所接收到的驗證資料是否正確(步驟321)。在本實施例中,假設驗證資料檢查模組260會至驗證伺服器200的儲存媒體201中搜尋傳輸模組210所接收到的身分識別資料,並在搜尋到相同的身分識別資料時,讀取與被搜尋到之身分識別資料一同被儲存的驗證資料,接著,驗證資料檢查模組260會比對傳輸模組210所接收到的驗證資料以及被讀取出之驗證資料。若兩者相同,則表示傳輸模組210所接收到的驗證資料正確;而若兩者不同,則表示傳輸模組210所接收到的驗證資料錯誤,驗證伺服器200將不再進行後續處理。After the transmission module 210 of the verification server 200 receives the verification data and the identity identification data transmitted by the mobile terminal 100, the verification data inspection module 260 of the verification server 200 can determine whether the verification data received by the transmission module 210 is Correct (step 321). In this embodiment, it is assumed that the verification data inspection module 260 searches the storage medium 201 of the verification server 200 for the identity identification data received by the transmission module 210, and reads the same identity identification data when it is searched. The verification data stored together with the identified identity identification data, and then the verification data inspection module 260 compares the verification data received by the transmission module 210 with the verified verification data. If the two are the same, it means that the verification data received by the transmission module 210 is correct; if the two are different, it means that the verification data received by the transmission module 210 is incorrect, and the verification server 200 will not perform subsequent processing.

當驗證伺服器200的驗證資料檢查模組260判斷驗證伺服器200之傳輸模組210所接收到的驗證資料正確時,驗證伺服器200的金鑰產生模組270可以產生伺服認證金鑰(步驟323)。在本實施例中,假設金鑰產生模組270會使用衍生金鑰演算法產生伺服認證金鑰。When the verification data check module 260 of the verification server 200 determines that the verification data received by the transmission module 210 of the verification server 200 is correct, the key generation module 270 of the verification server 200 can generate a servo authentication key (step 323). In this embodiment, it is assumed that the key generation module 270 generates a servo authentication key using a derivative key algorithm.

在驗證伺服器200的金鑰產生模組270產生伺服認證金鑰(步驟323)後,金鑰產生模組270可以將所產生的伺服認證金鑰以及驗證伺服器200之傳輸模組210所接收到的身分識別資料做為一筆資料,儲存到驗證伺服器200的儲存媒體201中(步驟327),並透過傳輸模組210將所產生的伺服認證金鑰傳送至行動端100(步驟328)。在本實施例中,假設傳輸模組210會通過行動端100所建立的SSL和VPN連線,將伺服認證金鑰傳送給行動端100。After the key generation module 270 of the verification server 200 generates the servo authentication key (step 323), the key generation module 270 can receive the generated servo authentication key and the transmission module 210 of the verification server 200. The obtained identity identification data is stored as a piece of data, stored in the storage medium 201 of the verification server 200 (step 327), and the generated servo authentication key is transmitted to the mobile terminal 100 through the transmission module 210 (step 328). In this embodiment, it is assumed that the transmission module 210 transmits the servo authentication key to the mobile terminal 100 through the SSL and VPN connection established by the mobile terminal 100.

行動端100的傳輸模組110在接收到驗證伺服器200所傳送的伺服認證金鑰後,可以將所接收到的伺服認證金鑰做為行動認證金鑰,儲存至執行本發明之行動裝置(使用者所使用之手機)的儲存媒體中(步驟329),藉以完成註冊程序。在本實施例中,假設行動端100還包含加解密模組140,在行動認證金鑰被儲存至儲存媒體之前,加解密模組140更可以使用密碼加密行動認證金鑰,使得儲存媒體中儲存經過加密的行動認證金鑰。其中,加解密模組140用來加密行動認證金鑰的密碼是加解密模組140透過行動端100的輸入模組130要求使用者輸入。After receiving the servo authentication key transmitted by the verification server 200, the transmission module 110 of the mobile terminal 100 can use the received servo authentication key as an action authentication key and store it in the mobile device that executes the present invention ( In the storage medium of the mobile phone used by the user (step 329), the registration process is completed. In this embodiment, it is assumed that the mobile terminal 100 further includes an encryption and decryption module 140. Before the mobile authentication key is stored in the storage medium, the encryption and decryption module 140 can further encrypt the mobile authentication key by using a password, so that the storage medium is stored. Encrypted action authentication key. The encryption and decryption module 140 is used to encrypt the password of the mobile authentication key. The encryption and decryption module 140 requests the user to input through the input module 130 of the mobile terminal 100.

在使用者完成註冊程序後,當該會員系統要求使用者進行身分驗證時,使用者可以在手機上執行支援本發明的應用程式,如此,行動端100的讀取模組120可以至執行本發明之行動裝置的儲存媒體中取得目標資料以及身分識別資料(步驟332),並載入先前在註冊程序中被儲存的行動認證金鑰(步驟336)。在本實施例中,讀取模組120所取得的目標資料可以是使用者的個人資料、或是與身分識別資料相同的會員帳號等;另外,由於行動認證金鑰經過加密,因此,加解密模組140可以透過輸入模組130要求使用者輸入與加密行動認證金鑰時相同的密碼,並使用使用者透過輸入模組130所輸入的密碼解密讀取模組120所讀出的行動認證金鑰。After the user completes the registration process, when the member system requests the user to perform the identity verification, the user can execute the application supporting the invention on the mobile phone, so that the reading module 120 of the mobile terminal 100 can execute the present invention. The target device and the identity identification data are retrieved from the storage medium of the mobile device (step 332), and the action authentication key previously stored in the registration process is loaded (step 336). In this embodiment, the target data obtained by the reading module 120 may be the user's personal data or the same member account number as the identity identification data; in addition, since the mobile authentication key is encrypted, the encryption and decryption are performed. The module 140 can request the user to input the same password as that when encrypting the action authentication key through the input module 130, and decrypt the action authentication fund read by the reading module 120 by using the password input by the user through the input module 130. key.

在行動端100的讀取模組120取得目標資料以及身分識別資料(步驟332),並載入行動認證金鑰(步驟336)後,行動端100的認證資料產生模組150可以以行動認證金鑰產生與目標資料以及表示當前時間之時間戳對應的行動認證資料(步驟340)。在本實施例中,假設認證資料產生模組150會使用行動認證金鑰對目標資料與當前的時間(時間戳)所組成的資料進行RFC 4226或RFC 6238的演算以產生一次性的行動認證資料。After the reading module 120 of the mobile terminal 100 obtains the target data and the identity identification data (step 332), and loads the action authentication key (step 336), the authentication data generating module 150 of the mobile terminal 100 can use the action authentication fund. The key generates action authentication data corresponding to the target data and a timestamp indicating the current time (step 340). In this embodiment, it is assumed that the authentication data generation module 150 performs the calculation of the RFC 4226 or RFC 6238 on the data composed of the target data and the current time (time stamp) using the action authentication key to generate a one-time action authentication data. .

在行動端100的認證資料產生模組150以行動認證金鑰產生行動認證資料(步驟340)後,行動端100的編碼模組160可以產生待認證資料(步驟350)。在本實施例中,由於認證資料產生模組150是以行動認證金鑰對目標資料與時間戳所組成的資料進行演算而產生行動認證資料,因此,編碼模組160會對行動端100之讀取模組120所取得的目標資料、身分識別資料、認證資料產生模組150所產生的行動認證資料、以及認證資料產生模組150所使用的時間戳進行編碼,藉以產生相對應的QR-code(待認證資料)。After the authentication data generation module 150 of the mobile terminal 100 generates the action authentication data with the action authentication key (step 340), the encoding module 160 of the mobile terminal 100 can generate the data to be authenticated (step 350). In this embodiment, since the authentication data generation module 150 calculates the data composed of the target data and the time stamp by using the action authentication key to generate the action authentication data, the encoding module 160 reads the mobile terminal 100. The target data acquired by the module 120, the identity identification data, the action authentication data generated by the authentication data generation module 150, and the timestamp used by the authentication data generation module 150 are encoded to generate a corresponding QR-code. (to be certified).

在行動端100的編碼模組160產生待認證資料(步驟350)後,行動端100的顯示模組180可以顯示編碼模組160所產生的待認證資料(步驟361),使得待認證資料被顯示在執行本發明之行動裝置的顯示螢幕上。After the encoding module 160 of the mobile terminal 100 generates the data to be authenticated (step 350), the display module 180 of the mobile terminal 100 can display the data to be authenticated generated by the encoding module 160 (step 361), so that the data to be authenticated is displayed. On the display screen of the mobile device of the present invention.

在行動端100的顯示模組180顯示待認證資料(步驟361)後,使用者可以將執行本發明之行動裝置的顯示螢幕接近驗證裝置290,使得驗證裝置290可以掃瞄被顯示在顯示螢幕上的待認證資料(步驟363)。在本實施例中,由於待認證資料為QR-code,因此,驗證裝置290需要包含攝像鏡頭,藉以掃描執行本發明之行動裝置所顯示的QR-code。After the display module 180 of the mobile terminal 100 displays the data to be authenticated (step 361), the user can display the display screen of the mobile device of the present invention close to the verification device 290, so that the verification device 290 can be scanned and displayed on the display screen. The information to be certified (step 363). In the present embodiment, since the to-be-certified material is QR-code, the verification device 290 needs to include an imaging lens to scan the QR-code displayed by the mobile device of the present invention.

在驗證裝置290掃瞄待認證資料(步驟363)後,驗證裝置290可以對待認證資料進行解碼以取得行動端100的編碼模組160產生待認證資料所使用的目標資料、時間戳、身分識別資料、以及行動認證資料等資料(步驟367),並將解碼所取得的資料傳送到驗證伺服器200。After the verification device 290 scans the data to be authenticated (step 363), the verification device 290 can decode the authentication data to obtain the target data, time stamp, and identity identification data used by the encoding module 160 of the mobile terminal 100 to generate the data to be authenticated. And the information such as the action authentication data (step 367), and the decoded data is transmitted to the verification server 200.

在驗證伺服器200的傳輸模組210接收到驗證裝置290所傳送的資料後,驗證伺服器200的識別載入模組220可以依據傳輸模組210所接收到的身分識別資料載入伺服認證金鑰(步驟372)。在本實施例中,假設識別載入模組220會至驗證伺服器200的儲存媒體201中搜尋傳輸模組210所接收到的身分識別資料,並在搜尋到傳輸模組210所接收到的身分識別資料後,讀取在註冊程序中與被搜尋到之身分識別資料一同被儲存的伺服認證金鑰。After the transmission module 210 of the verification server 200 receives the data transmitted by the verification device 290, the identification loading module 220 of the verification server 200 can load the servo authentication fund according to the identity identification data received by the transmission module 210. Key (step 372). In this embodiment, it is assumed that the identification loading module 220 searches the storage medium 201 of the verification server 200 for the identity identification data received by the transmission module 210, and searches for the identity received by the transmission module 210. After identifying the data, the servo authentication key stored in the registration program along with the identified identity identification data is read.

在實務上,若註冊程序中,驗證伺服器200的金鑰產生模組270在儲存伺服認證金鑰(步驟327)時,先加密伺服認證金鑰才儲存加密後的伺服認證金鑰,則識別載入模組220需要在讀出經過加密的伺服認證金鑰後,將經過加密的伺服認證金鑰解密,藉以載入伺服認證金鑰。In practice, in the registration procedure, the key generation module 270 of the verification server 200 stores the servo authentication key (step 327), encrypts the servo authentication key before storing the encrypted servo authentication key, and recognizes The load module 220 needs to decrypt the encrypted servo authentication key after reading the encrypted servo authentication key, thereby loading the servo authentication key.

在驗證伺服器200的識別載入模組220載入伺服認證金鑰(步驟372)後,驗證伺服器200的認證資料驗證模組230可以對驗證伺服器200之傳輸模組210所接收到的行動認證資料進行驗證,並在驗證後產生驗證結果(步驟376)。在本實施例中,假設認證資料驗證模組230會先使用識別載入模組220所載入的伺服認證金鑰,以與行動端100之認證資料產生模組150產生行動認證資料相同的演算法對傳輸模組210所接收到的目標資料與時間戳進行運算,藉以在運算後產生伺服認證資料。接著,認證資料驗證模組230會比對所產生的伺服認證資料以及傳輸模組210所接收到的行動認證資料。After the identification loading module 220 of the verification server 200 loads the servo authentication key (step 372), the authentication data verification module 230 of the verification server 200 can receive the transmission module 210 of the verification server 200. The action certification data is verified and a verification result is generated after verification (step 376). In this embodiment, it is assumed that the authentication data verification module 230 first uses the servo authentication key loaded by the recognition loading module 220 to generate the same calculation algorithm as the authentication authentication data generated by the authentication data generation module 150 of the mobile terminal 100. The method calculates the target data and the time stamp received by the transmission module 210, so as to generate the servo authentication data after the operation. Then, the authentication data verification module 230 compares the generated servo authentication data with the action authentication data received by the transmission module 210.

若伺服認證資料與行動認證資料不同,則認證資料驗證模組230會產生表示行動認證資料未通過驗證的驗證結果;而當伺服認證資料與行動認證資料相同,驗證伺服器200的認證資料驗證模組230可以進一步判斷當前之時間與傳輸模組210所接收到之時間戳所表示之時間的時間差是否在預定時間範圍內,若是,則認證資料驗證模組230會產生表示行動認證資料通過驗證的驗證結果,而若當前之時間與時間戳所表示之時間的時間差沒有落在預定時間範圍內,則認證資料驗證模組230將產生表示行動認證資料未通過驗證的驗證結果。If the servo authentication data is different from the action authentication data, the authentication data verification module 230 generates a verification result indicating that the action authentication data has not passed the verification; and when the servo authentication data is the same as the action authentication data, the authentication data verification mode of the verification server 200 is verified. The group 230 can further determine whether the time difference between the current time and the time indicated by the timestamp received by the transmission module 210 is within a predetermined time range. If so, the authentication data verification module 230 generates a verification that the action authentication data is verified. The verification result, and if the time difference between the current time and the time indicated by the time stamp does not fall within the predetermined time range, the authentication data verification module 230 will generate a verification result indicating that the action authentication data has not passed the verification.

在驗證伺服器200的認證資料驗證模組230產生驗證結果後,驗證伺服器200的傳輸模組210可以將認證資料驗證模組230所產生的驗證結果傳回驗證裝置290(步驟381)。驗證裝置290在接收到驗證伺服器200所傳送的驗證結果後,可以顯示所接收到的驗證結果。如此,透過本發明,使用者便可以完成身分驗證。After the authentication data verification module 230 of the verification server 200 generates the verification result, the transmission module 210 of the verification server 200 can transmit the verification result generated by the authentication data verification module 230 to the verification device 290 (step 381). After receiving the verification result transmitted by the verification server 200, the verification device 290 can display the received verification result. Thus, with the present invention, the user can complete the identity verification.

以下繼續以第二個實施例來解說本發明的運作系統與方法,並請參照「第3B圖」本發明所提之另一種使用者註冊之方法流程圖以及「第3C圖」。在本實施例中,假設有本發明外部之票務系統欲使用本發明驗證票卷的正確性。In the following, the operation system and method of the present invention will be explained in the second embodiment. Please refer to the "3B diagram" for another method of user registration and "C3C". In the present embodiment, it is assumed that there is a ticketing system external to the present invention to verify the correctness of the ticket using the present invention.

首先,與第一實施例相同的,票卷的使用者需要在其所使用的手機(行動端100)上完成註冊程序。First, as in the first embodiment, the user of the ticket needs to complete the registration process on the mobile phone (mobile terminal 100) that he is using.

使用者可以先操作行動端100申請並下載電子憑證。在使用者完成電子憑證的下載後,行動端100的讀取模組120可以讀取行動端100所使用的電話門號(身分識別資料),行動端100的傳輸模組110可以透過SSL或VPN等安全通道,將身分識別資料傳送給驗證伺服器200(步驟312)。The user can first operate the mobile terminal 100 to apply for and download the electronic voucher. After the user completes the download of the electronic voucher, the reading module 120 of the mobile terminal 100 can read the phone door number (identity identification data) used by the mobile terminal 100, and the transmission module 110 of the mobile terminal 100 can transmit the SSL or VPN. The secure channel is transmitted to the authentication server 200 (step 312).

在驗證伺服器200的傳輸模組210接收到行動端100所傳送的身分識別資料後,驗證伺服器200的驗證資料產生模組250可以產生一次性的驗證資料,並將所產生的驗證資料以及傳輸模組210所接收到的身分識別資料做為一筆資料暫存在驗證伺服器200的儲存媒體201中,以及透過傳輸模組210將所產生的驗證資料傳送給行動端100(步驟316)。在本實施例中,假設傳輸模組210是透過簡訊將驗證資料傳送到使用所接收到之身分識別資料(電話號碼)的行動端100。After the transmission module 210 of the verification server 200 receives the identity identification data transmitted by the mobile terminal 100, the verification data generation module 250 of the verification server 200 can generate a one-time verification data, and generate the verification data and The identity identification data received by the transmission module 210 is temporarily stored in the storage medium 201 of the verification server 200, and the generated verification data is transmitted to the mobile terminal 100 through the transmission module 210 (step 316). In this embodiment, it is assumed that the transmission module 210 transmits the verification data to the mobile terminal 100 using the received identity identification data (telephone number) through the short message.

在行動端100接收到包含驗證資料的簡訊後,行動端100的讀取模組120可以讀取簡訊中的驗證資料,或是行動端100的輸入模組130可以提供使用者輸入記錄於簡訊中的驗證資料,如此,行動端100的傳輸模組110可以再次透過SSL或VPN的連線,將簡訊中的驗證資料、讀取模組120先前所讀取到的身分識別資料、以及儲存於行動端100之儲存媒體中的電子憑證傳送給驗證伺服器200(步驟318b)。After the mobile terminal 100 receives the short message including the verification data, the reading module 120 of the mobile terminal 100 can read the verification data in the short message, or the input module 130 of the mobile terminal 100 can provide the user input record in the short message. The verification data, in this way, the transmission module 110 of the mobile terminal 100 can again transmit the verification data in the SMS, the identity identification data previously read by the reading module 120, and the action in the action through the SSL or VPN connection. The electronic voucher in the storage medium of the terminal 100 is transmitted to the authentication server 200 (step 318b).

在驗證伺服器200的傳輸模組210接收到行動端100所傳送的驗證資料、身分識別資料以及電子憑證後,驗證伺服器200的驗證資料檢查模組260可以如第一實施例中的描述,判斷傳輸模組210所接收到的驗證資料是否正確(步驟321)。並在驗證資料檢查模組260判斷傳輸模組210所接收到的驗證資料正確時,驗證伺服器200的憑證驗證模組280可以進一步判斷傳輸模組210所接收到的電子憑證是否正確(步驟325)。After the transmission module 210 of the verification server 200 receives the verification data, the identity identification data and the electronic certificate transmitted by the mobile terminal 100, the verification data inspection module 260 of the verification server 200 can be as described in the first embodiment. It is judged whether the verification data received by the transmission module 210 is correct (step 321). And when the verification data checking module 260 determines that the verification data received by the transmission module 210 is correct, the voucher verification module 280 of the verification server 200 can further determine whether the electronic voucher received by the transmission module 210 is correct (step 325). ).

在驗證伺服器200的驗證資料檢查模組260判斷驗證伺服器200之傳輸模組210所接收到的驗證資料以及驗證伺服器200的憑證驗證模組判斷傳輸模組210所接收到的電子憑證都正確時,驗證伺服器200的憑證驗證模組280可以將傳輸模組210所接收到之身分識別資料以及電子憑證中的公鑰(伺服認證金鑰)做為一筆資料,儲存至驗證伺服器200的儲存媒體201中(步驟327),如此,便完成註冊程序。The verification data check module 260 of the verification server 200 determines the verification data received by the transmission module 210 of the verification server 200 and the certificate verification module of the verification server 200 determines that the electronic certificate received by the transmission module 210 is When correct, the credential verification module 280 of the verification server 200 can store the identity identification data received by the transmission module 210 and the public key (servo authentication key) in the electronic voucher as a piece of data, and store it in the verification server 200. In the storage medium 201 (step 327), the registration process is completed.

在註冊程序完成後,當票務系統欲驗證使用者所擁有的票卷時,使用者可以在手機(行動端100)上進行操作,藉以讓產生票卷之外部伺服器或外部應用程式可以將票卷資料提供給行動端100。在本實施例中,票卷資料是以明文被提供給行動端100。After the registration process is completed, when the ticketing system wants to verify the ticket owned by the user, the user can operate on the mobile phone (the mobile terminal 100), so that the external server or the external application that generated the ticket can vote. Volume data is provided to the mobile terminal 100. In the present embodiment, the ticket data is provided to the mobile terminal 100 in clear text.

如此,行動端100的讀取模組120可以至行動端100的儲存媒體中取得目標資料以及身分識別資料(步驟332),並載入電子憑證中的私鑰(行動認證金鑰)(步驟336)。在本實施例中,讀取模組120所取得的目標資料包含票卷資料以及交易識別資料。In this way, the reading module 120 of the mobile terminal 100 can obtain the target data and the identity identification data into the storage medium of the mobile terminal 100 (step 332), and load the private key (the action authentication key) in the electronic certificate (step 336). ). In this embodiment, the target data acquired by the reading module 120 includes ticket data and transaction identification data.

在行動端100的讀取模組120取得目標資料以及身分識別資料(步驟332),並載入行動認證金鑰(步驟336)後,行動端100的認證資料產生模組150可以以行動認證金鑰產生與目標資料對應的行動認證資料(步驟340)。在本實施例中,假設認證資料產生模組150會使用行動認證金鑰(私鑰)對目標資料與表示當前時間的時間戳進行簽章以產生行動認證資料。After the reading module 120 of the mobile terminal 100 obtains the target data and the identity identification data (step 332), and loads the action authentication key (step 336), the authentication data generating module 150 of the mobile terminal 100 can use the action authentication fund. The key generates action authentication data corresponding to the target data (step 340). In this embodiment, it is assumed that the authentication data generation module 150 uses the action authentication key (private key) to sign the target data and the time stamp indicating the current time to generate the action authentication data.

在行動端100的認證資料產生模組150以行動認證金鑰產生與目標資料對應的行動認證資料(步驟340)後,行動端100的編碼模組160可以依據行動端100之讀取模組120所取得的目標資料、認證資料產生模組150所使用的時間戳、以及認證資料產生模組150所產生的行動認證資料產生待認證資料(步驟350)。在本實施例中,假設編碼模組160所產生的待認證資料為QR-code。After the authentication data generating module 150 of the mobile terminal 100 generates the action authentication data corresponding to the target data by using the action authentication key (step 340), the encoding module 160 of the mobile terminal 100 can be configured according to the reading module 120 of the mobile terminal 100. The acquired target data, the time stamp used by the authentication data generation module 150, and the action authentication data generated by the authentication data generation module 150 generate the data to be authenticated (step 350). In this embodiment, it is assumed that the data to be authenticated generated by the encoding module 160 is QR-code.

在行動端100的編碼模組160產生待認證資料(步驟350)後,行動端100的顯示模組180可以顯示編碼模組160所產生的待認證資料(步驟361),使得待認證資料被顯示在執行本發明之行動裝置的顯示螢幕上。After the encoding module 160 of the mobile terminal 100 generates the data to be authenticated (step 350), the display module 180 of the mobile terminal 100 can display the data to be authenticated generated by the encoding module 160 (step 361), so that the data to be authenticated is displayed. On the display screen of the mobile device of the present invention.

在行動端100的顯示模組180顯示待認證資料(步驟361)後,使用者可以將執行本發明之行動裝置的顯示螢幕接近驗證裝置290,使得驗證裝置290可以掃瞄被顯示在顯示螢幕上的待認證資料(步驟363)。After the display module 180 of the mobile terminal 100 displays the data to be authenticated (step 361), the user can display the display screen of the mobile device of the present invention close to the verification device 290, so that the verification device 290 can be scanned and displayed on the display screen. The information to be certified (step 363).

之後,驗證裝置290可以對待認證資料進行解碼以取得行動端100的編碼模組160產生待認證資料所使用的目標資料、時間戳、身分識別資料、以及行動認證資料(步驟367),並將解碼所取得的目標資料、時間戳、身分識別資料、以及行動認證資料傳送到驗證伺服器200。Thereafter, the verification device 290 can decode the authentication data to obtain the target data, the time stamp, the identity identification data, and the action authentication data used by the encoding module 160 of the mobile terminal 100 to generate the data to be authenticated (step 367), and decode the data. The acquired target data, time stamp, identity identification data, and action authentication data are transmitted to the verification server 200.

在驗證伺服器200的傳輸模組210接收到驗證裝置290所傳送的目標資料、時間戳、身分識別資料、以及行動認證資料後,驗證伺服器200的識別載入模組220可以依據傳輸模組210所接收到的身分識別資料載入伺服認證金鑰(步驟372)。在本實施例中,假設識別載入模組220會至驗證伺服器200的儲存媒體201中搜尋傳輸模組210所接收到的身分識別資料,並在搜尋到傳輸模組210所接收到的身分識別資料後,讀取在註冊程序中與被搜尋到之身分識別資料一同被儲存的伺服認證金鑰,也就是使用者所申請的公鑰。After the transmission module 210 of the verification server 200 receives the target data, the time stamp, the identity identification data, and the action authentication data transmitted by the verification device 290, the identification loading module 220 of the verification server 200 can be based on the transmission module. The identity identification data received by 210 is loaded into the servo authentication key (step 372). In this embodiment, it is assumed that the identification loading module 220 searches the storage medium 201 of the verification server 200 for the identity identification data received by the transmission module 210, and searches for the identity received by the transmission module 210. After identifying the data, the servo authentication key stored in the registration program together with the identified identity identification data is read, that is, the public key applied by the user.

在驗證伺服器200的識別載入模組220載入伺服認證金鑰(步驟372)後,驗證伺服器200的認證資料驗證模組230可以對驗證伺服器200之傳輸模組210所接收到的行動認證資料進行驗證,並在驗證後產生驗證結果(步驟376)。在本實施例中,假設認證資料驗證模組230會先使用識別載入模組220所載入的伺服認證金鑰(使用者所申請的公鑰)對傳輸模組210所接收到的目標資料與時間戳進行驗章。若驗章失敗,也就是目標資料與時間戳沒有通過驗章伺服認證資料與行動認證資料不同,則認證資料驗證模組230會產生表示行動認證資料未通過驗證的驗證結果;而當伺服認證資料與行動認證資料相同若驗章成功,驗證伺服器200的認證資料驗證模組230可以進一步判斷當前之時間與傳輸模組210所接收到之時間戳所表示之時間的時間差是否在預定時間範圍內,若是,則認證資料驗證模組230會產生表示行動認證資料通過驗證的驗證結果,而若當前之時間與時間戳所表示之時間的時間差沒有落在預定時間範圍內,則認證資料驗證模組230同樣可以產生表示未通過驗證的驗證結果。After the identification loading module 220 of the verification server 200 loads the servo authentication key (step 372), the authentication data verification module 230 of the verification server 200 can receive the transmission module 210 of the verification server 200. The action certification data is verified and a verification result is generated after verification (step 376). In this embodiment, it is assumed that the authentication data verification module 230 first uses the servo authentication key (the public key applied by the user) loaded by the recognition loading module 220 to access the target data received by the transmission module 210. Check with the timestamp. If the verification fails, that is, the target data and the time stamp do not pass the verification servo authentication data and the action authentication data, the authentication data verification module 230 generates a verification result indicating that the action authentication data has not passed the verification; and when the servo authentication data is obtained If the authentication is successful, the authentication data verification module 230 of the verification server 200 can further determine whether the time difference between the current time and the time indicated by the time stamp received by the transmission module 210 is within a predetermined time range. If yes, the authentication data verification module 230 generates a verification result indicating that the action authentication data passes the verification, and if the time difference between the current time and the time indicated by the time stamp does not fall within the predetermined time range, the authentication data verification module 230 can also produce verification results indicating that the verification has not been verified.

在驗證伺服器200的認證資料驗證模組230產生驗證結果後,驗證伺服器200的傳輸模組210可以將認證資料驗證模組230所產生的驗證結果傳回驗證裝置290(步驟381)。After the authentication data verification module 230 of the verification server 200 generates the verification result, the transmission module 210 of the verification server 200 can transmit the verification result generated by the authentication data verification module 230 to the verification device 290 (step 381).

驗證裝置290在接收到驗證伺服器200所傳送的驗證結果後,可以顯示所接收到的驗證結果(步驟385),並可以依據待認證資料中所包含的交易識別資料進行對應之交易(步驟390)。如此,透過本發明,便可以完成票卷的驗證。After receiving the verification result transmitted by the verification server 200, the verification device 290 may display the received verification result (step 385), and may perform the corresponding transaction according to the transaction identification data included in the to-be-certified data (step 390). ). Thus, through the present invention, the verification of the ticket can be completed.

綜上所述,可知本發明與先前技術之間的差異在於具有行動端以行動認證金鑰產生與目標資料對應之行動認證資料後,依據目標資料、時間戳、行動認證資料、及身分識別資料產生相對應之待認證資料,驗證裝置掃描被行動端顯示之待認證資料後,對待認證資料進行解碼以取得目標資料、時間戳、身分識別資料及行動認證資料,驗證伺服器依據身分識別資料載入伺服認證金鑰後,以伺服認證金鑰驗證行動認證資料並產生驗證結果之技術手段,藉由此一技術手段可以來解決先前技術所存在可以使用複製的電子條碼冒用身分的問題,進而達成動態提供待認證資料,且能夠快速簡易的進行認證之技術功效。In summary, it can be seen that the difference between the present invention and the prior art is that after the mobile terminal generates the action authentication data corresponding to the target data by using the action authentication key, the target data, the time stamp, the action authentication data, and the identity identification data are obtained. The corresponding information to be authenticated is generated, and after the verification device scans the data to be authenticated displayed by the mobile terminal, the authentication data is decoded to obtain the target data, the time stamp, the identity identification data, and the action authentication data, and the verification server carries the identification information according to the identity. After entering the servo authentication key, the method of verifying the action authentication data by using the servo authentication key and generating the verification result, the technical means can solve the problem that the prior art can use the duplicated electronic barcode to take the identity, and then Achieve dynamic technical solutions that provide information to be certified and that can be quickly and easily certified.

再者,本發明之驗證行動端動態顯示之資料之方法,可實現於硬體、軟體或硬體與軟體之組合中,亦可在電腦系統中以集中方式實現或以不同元件散佈於若干互連之電腦系統的分散方式實現。Furthermore, the method for verifying the dynamic display of the data on the mobile terminal can be implemented in hardware, software or a combination of hardware and software, or can be implemented in a centralized manner in a computer system or spread over several different components by different components. Even the decentralized way of implementing computer systems.

雖然本發明所揭露之實施方式如上,惟所述之內容並非用以直接限定本發明之專利保護範圍。任何本發明所屬技術領域中具有通常知識者,在不脫離本發明所揭露之精神和範圍的前提下,對本發明之實施的形式上及細節上作些許之更動潤飾,均屬於本發明之專利保護範圍。本發明之專利保護範圍,仍須以所附之申請專利範圍所界定者為準。While the embodiments of the present invention have been described above, the above description is not intended to limit the scope of the invention. Any modification of the form and details of the practice of the present invention, which is a matter of ordinary skill in the art to which the present invention pertains, is a patent protection of the present invention. range. The scope of the invention is to be determined by the scope of the appended claims.

100                 行動端 110                 傳輸模組 120                 讀取模組 130                 輸入模組 140                 加解密模組 150                 認證資料產生模組 160                 編碼模組 180                 顯示模組 200                 驗證伺服器 201                 儲存媒體 210                 傳輸模組 220                 識別載入模組 230                 認證資料驗證模組 250                 驗證資料產生模組 260                 驗證資料檢查模組 270                 金鑰產生模組 280                 憑證驗證模組 290                 驗證裝置 400                 網際網路 步驟301        行動端下載包含行動認證金鑰及伺服認證金鑰之電子憑證 步驟312        行動端傳送身分識別資料至驗證伺服器 步驟316        驗證伺服器傳送驗證資料至行動端 步驟318a       行動端傳送驗證資料至驗證伺服器 步驟318b      行動端傳送驗證資料及電子憑證至驗證伺服器 步驟321        驗證伺服器判斷驗證資料是否正確 步驟323        驗證伺服器產生伺服認證金鑰 步驟325        驗證伺服器驗證電子憑證是否正確 步驟327        驗證伺服器儲存身分識別資料及伺服認證金鑰 步驟328        驗證伺服器傳送伺服認證金鑰至行動端 步驟329        行動端以伺服認證金鑰做為行動認證金鑰 步驟332        行動端取得目標資料及身分識別資料 步驟336        行動端載入預先儲存之行動認證金鑰 步驟340        行動端以行動認證金鑰產生與目標資料及時間戳對應之行動認證資料 步驟350        行動端依據目標資料、時間戳、行動認證資料、身分識別資料產生相對應之待認證資料 步驟361        行動端顯示待認證資料 步驟363        驗證裝置掃描被行動端顯示之待認證資料 步驟367        驗證裝置對待認證資料進行解碼以取得目標資料、時間戳、身分識別資料及行動認證資料 步驟369        驗證裝置傳送目標資料、時間戳、身分識別資料及行動認證資料至驗證伺服器 步驟372        驗證伺服器依據身分識別資料載入伺服認證金鑰 步驟376        驗證伺服器以伺服認證金鑰驗證行動認證資料並產生驗證結果 步驟381        驗證伺服器傳送驗證結果至驗證裝置 步驟385        驗證裝置顯示驗證結果 步驟390        驗證裝置依據待認證資料中所包含之交易識別資料進行對應交易100 mobile terminal 110 transmission module 120 reading module 130 input module 140 encryption and decryption module 150 authentication data generation module 160 encoding module 180 display module 200 verification server 201 storage medium 210 transmission module 220 recognition loading Module 230 authentication data verification module 250 verification data generation module 260 verification data inspection module 270 key generation module 280 certificate verification module 290 verification device 400 internet Step 301: The mobile terminal downloads the electronic certificate including the action authentication key and the server authentication key. Step 312: The mobile terminal transmits the identity identification data to the verification server. Step 316: The verification server transmits the verification data to the mobile terminal. Step 318a: The mobile terminal transmits the verification data to the verification. Server Step 318b The mobile terminal transmits the verification data and the electronic certificate to the verification server. Step 321 Verify that the server determines whether the verification data is correct. Step 323 Verify that the server generates the servo authentication key. Step 325 Verify that the server verifies that the electronic certificate is correct. Step 327 Verify the servo. The device stores the identity identification data and the servo authentication key. Step 328: The verification server transmits the servo authentication key to the mobile terminal. Step 329: The mobile terminal uses the servo authentication key as the action authentication key. Step 332: The action end acquires the target data and the identity identification data step 336 The mobile terminal loads the pre-stored action authentication key step 340 The action end generates the action authentication data corresponding to the target data and the time stamp by using the action authentication key. Step 350: The action end generates the corresponding data to be authenticated according to the target data, the time stamp, the action authentication data, and the identity identification data. Step 361 The authentication data step 363: the verification device scans the data to be authenticated displayed by the mobile terminal. Step 367: The verification device decodes the authentication data to obtain the target data, the time stamp, the identity identification data, and the action authentication data. Step 369: The verification device transmits the target data, the time stamp, The identity identification data and the action authentication data to the verification server step 372. The verification server loads the servo authentication key according to the identity identification data. Step 376. The verification server verifies the action authentication data with the servo authentication key and generates a verification result. Step 381. Verify the server transmission. Verification result to verification device step 385 verification device displays verification result step 390 verification installation The corresponding transactions carried out based transaction authentication data identifying information to be contained in the

第1圖為本發明所提之驗證行動端動態顯示之資料之系統架構圖。 第2A圖為本發明所提之行動端之元件示意圖。 第2B圖為本發明所提之驗證伺服器之元件示意圖。 第3A圖為本發明所提之使用者註冊之方法流程圖。 第3B圖為本發明所提之另一種使用者註冊之方法流程圖。 第3C圖為本發明所提之驗證行動端動態顯示之資料之方法流程圖。FIG. 1 is a system architecture diagram of the information for verifying the dynamic display of the mobile terminal according to the present invention. Figure 2A is a schematic diagram of the components of the mobile terminal of the present invention. FIG. 2B is a schematic diagram of components of the verification server according to the present invention. FIG. 3A is a flow chart of a method for user registration proposed by the present invention. FIG. 3B is a flow chart of another method for user registration proposed by the present invention. FIG. 3C is a flow chart of a method for verifying dynamic display of information on the mobile terminal according to the present invention.

步驟332        行動端取得目標資料及身分識別資料 步驟336        行動端載入預先儲存之行動認證金鑰 步驟340        行動端以行動認證金鑰產生與目標資料及時間戳對應之行動認證資料 步驟350        行動端依據目標資料、時間戳、行動認證資料、身分識別資料產生相對應之待認證資料 步驟361        行動端顯示待認證資料 步驟363        驗證裝置掃描被行動端顯示之待認證資料 步驟367        驗證裝置對待認證資料進行解碼以取得目標資料、時間戳、身分識別資料及行動認證資料 步驟369        驗證裝置傳送目標資料、時間戳、身分識別資料及行動認證資料至驗證伺服器 步驟372        驗證伺服器依據身分識別資料載入伺服認證金鑰 步驟376        驗證伺服器以伺服認證金鑰驗證行動認證資料並產生驗證結果 步驟381        驗證伺服器傳送驗證結果至驗證裝置 步驟385        驗證裝置顯示驗證結果 步驟390        驗證裝置依據待認證資料中所包含之交易識別資料進行對應交易Step 332: Obtain the target data and the identity identification data on the mobile terminal. Step 336: Load the pre-stored action authentication key on the mobile terminal. Step 340. The mobile terminal generates the action authentication data corresponding to the target data and the time stamp by using the action authentication key. Step 350 The target data, the time stamp, the action authentication data, and the identity identification data generate corresponding data to be authenticated. Step 361: The mobile terminal displays the data to be authenticated. Step 363. The verification device scans the data to be authenticated displayed by the mobile terminal. Step 367: The verification device decodes the authentication data. In order to obtain the target data, the time stamp, the identity identification data, and the action authentication data, step 369, the verification device transmits the target data, the time stamp, the identity identification data, and the action authentication data to the verification server. Step 372: The verification server loads the servo authentication according to the identity identification data. Key step 376 verifies that the server verifies the action authentication data with the servo authentication key and generates a verification result step Step 381, the verification server transmits the verification result to the verification device. Step 385. The verification device displays the verification result. Step 390 The verification device performs the corresponding transaction according to the transaction identification data included in the data to be authenticated.

Claims (10)

一種驗證行動端動態顯示之資料之方法,該方法至少包含下列步驟: 一行動端取得一目標資料及一身分識別資料; 該行動端載入預先儲存之一行動認證金鑰; 該行動端以該行動認證金鑰產生與該目標資料及一時間戳對應之一行動認證資料; 該行動端至少依據該目標資料、該時間戳、該行動認證資料、及一身分識別資料產生相對應之一待認證資料; 該行動端顯示該待認證資料; 一驗證裝置掃描被該行動端顯示之該待認證資料; 該驗證裝置對該待認證資料進行解碼以取得該目標資料、該時間戳、該身分識別資料及該行動認證資料; 該驗證裝置傳送該目標資料、該時間戳、該身分識別資料及該行動認證資料至一驗證伺服器; 該驗證伺服器依據該身分識別資料載入一伺服認證金鑰; 該驗證伺服器以該伺服認證金鑰驗證該行動認證資料並產生一驗證結果; 該驗證伺服器傳送該驗證結果至該驗證裝置;及 該驗證裝置顯示該驗證結果。A method for verifying data displayed dynamically by an action terminal, the method comprising at least the following steps: an action end acquires a target data and a identity identification data; the action end loads a pre-stored action authentication key; the action end uses the action The action authentication key generates one of the action authentication data corresponding to the target data and a time stamp; the action end generates a corresponding one to be authenticated according to at least the target data, the time stamp, the action authentication data, and the identity identification data. The action end displays the to-be-certified data; a verification device scans the to-be-certified data displayed by the mobile terminal; the verification device decodes the to-be-certified data to obtain the target data, the time stamp, and the identity identification data And the action authentication data; the verification device transmits the target data, the time stamp, the identity identification data and the action authentication data to a verification server; the verification server loads a servo authentication key according to the identity identification data; The verification server verifies the action authentication data with the servo authentication key and generates a verification result The verification server transmits the verification result to the verification device; and the verification device displays the verification result. 如申請專利範圍第1項所述之驗證行動端動態顯示之資料之方法,其中該方法於該驗證伺服器傳送該驗證結果至該驗證裝置之步驟後,更包含該驗證裝置依據該待認證資料中所包含之一交易識別資料進行對應交易之步驟。The method for verifying the information dynamically displayed by the mobile terminal according to the first aspect of the patent application, wherein the method further comprises the verification device according to the data to be authenticated after the step of transmitting the verification result to the verification device by the verification server The step of including one transaction identification data in the corresponding transaction. 如申請專利範圍第1項所述之驗證行動端動態顯示之資料之方法,其中該方法於該行動端載入預先儲存之該行動認證金鑰之步驟前,更包含該行動端傳送該身分識別資料至該驗證伺服器,該驗證伺服器傳送一驗證資料至該行動端,該行動端傳送該驗證資料回該驗證伺服器,該驗證伺服器判斷該驗證資料正確後產生該伺服認證金鑰、儲存該身分識別資料及該伺服認證金鑰、並傳送該伺服認證金鑰至該行動端做為該行動認證金鑰之步驟。The method for verifying the information dynamically displayed by the mobile terminal according to the first aspect of the patent application, wherein the method further comprises the mobile terminal transmitting the identity identification before the step of loading the pre-stored mobile authentication key on the mobile terminal. Data to the verification server, the verification server transmits a verification data to the mobile terminal, and the mobile terminal transmits the verification data to the verification server, and the verification server determines that the verification data is correct, and generates the servo authentication key, The step of storing the identity identification data and the servo authentication key and transmitting the servo authentication key to the mobile terminal as the action authentication key. 如申請專利範圍第1項所述之驗證行動端動態顯示之資料之方法,其中該方法於該行動端載入預先儲存之該行動認證金鑰之步驟前,更包含該行動端下載包含該行動認證金鑰及該伺服認證金鑰之一電子憑證,該行動端傳送該身分識別資料至該驗證伺服器,該驗證伺服器傳送一驗證資料至該行動端,該行動端傳送該驗證資料及該電子憑證至該驗證伺服器,該驗證伺服器判斷該驗證資料正確並驗證該電子憑證正確後儲存該身分識別資料及該伺服認證金鑰之步驟。The method for verifying the dynamic display of the information of the mobile terminal according to the first aspect of the patent application, wherein the method includes the action download before the step of loading the pre-stored action authentication key on the mobile terminal An authentication key and an electronic voucher of the server authentication key, the mobile terminal transmits the identity identification data to the verification server, the verification server transmits a verification data to the mobile terminal, and the mobile terminal transmits the verification data and the The electronic credential is sent to the verification server, and the verification server determines the correctness of the verification data and verifies the step of storing the identity identification data and the servo authentication key after the electronic certificate is correct. 如申請專利範圍第1項所述之驗證行動端動態顯示之資料之方法,其中該行動端取得該目標資料之步驟為讀取儲存於該行動端中之資料、接收外部伺服器或應用程式所提供之資料、解析一維條碼、二維條碼、或影像以取得資料、及/或提供輸入資料。The method for verifying the information dynamically displayed by the mobile terminal according to the first aspect of the patent application, wherein the step of obtaining the target data by the mobile terminal is to read the data stored in the mobile terminal, and receive the external server or the application program. Provide information, parse 1D barcodes, 2D barcodes, or images to obtain information and/or provide input. 如申請專利範圍第1項所述之驗證行動端動態顯示之資料之方法,其中該驗證伺服器驗證該行動認證資料之步驟為該驗證伺服器以該伺服認證金鑰產生與該目標資料對應之一伺服認證資料,並比對該行動認證資料與該伺服認證資料之步驟。The method for verifying the information dynamically displayed by the mobile terminal according to the first aspect of the patent application, wherein the step of the verification server verifying the action authentication data is that the verification server generates the corresponding data corresponding to the target data by using the servo authentication key. A servo authentication data, and a step of comparing the action authentication data with the servo authentication data. 一種驗證行動端動態顯示之資料之系統,該系統至少包含: 一驗證裝置,用以掃描一行動端所顯示之一待認證資料,及用以對該待認證資料進行解碼以取得一目標資料、一時間戳、一身分識別資料及一行動認證資料,其中,該待認證資料係該行動端以該行動認證金鑰產生,且與該目標資料及該時間戳對應;及 一驗證伺服器,與該驗證裝置連接,用以依據該身分識別資料載入一伺服認證金鑰,並以該伺服認證金鑰驗證該行動認證資料以產生一驗證結果,及用以傳送該驗證結果至該驗證裝置顯示。A system for verifying data dynamically displayed on a mobile terminal, the system comprising: at least: a verification device for scanning one of the information to be authenticated displayed by an action terminal, and for decoding the data to be authenticated to obtain a target data, a time stamp, a identity identification data, and an action authentication data, wherein the data to be authenticated is generated by the action authentication key and corresponding to the target data and the time stamp; and a verification server, and The verification device is connected to load a servo authentication key according to the identity identification data, and verify the action authentication data by using the servo authentication key to generate a verification result, and send the verification result to the verification device to display . 如申請專利範圍第7項所述之驗證行動端動態顯示之資料之系統,其中該驗證裝置更用以依據該待認證資料中所包含之一交易識別資料進行對應交易。The system for verifying the information dynamically displayed by the mobile terminal according to the seventh aspect of the patent application, wherein the verification device is further configured to perform a corresponding transaction according to one of the transaction identification data included in the to-be-certified data. 如申請專利範圍第7項所述之驗證行動端動態顯示之資料之系統,其中該驗證伺服器更用以於接收到該行動端所傳送之該身分識別資料時,並傳送一驗證資料至該行動端,及用以判斷該行動端所傳送之該驗證資料正確後,產生該伺服認證金鑰、儲存該身分識別資料及該伺服認證金鑰、並傳送該伺服認證金鑰至該行動端做為該行動認證金鑰。The system for verifying the information dynamically displayed by the mobile terminal according to the seventh aspect of the patent application, wherein the verification server is further configured to receive the identity identification data transmitted by the mobile terminal, and send a verification data to the After the action end, and determining that the verification data transmitted by the mobile terminal is correct, generating the servo authentication key, storing the identity identification data and the servo authentication key, and transmitting the servo authentication key to the mobile terminal The key to the action certification. 如申請專利範圍第7項所述之驗證行動端動態顯示之資料之系統,其中該驗證伺服器更用以於接收到該行動端所傳送之該身分識別資料後,傳送一驗證資料至該行動端,及用以於判斷該行動端所傳送之該驗證資料正確且該行動端所傳送之包含該行動認證金鑰及該伺服認證金鑰之一電子憑證正確後,儲存該身分識別資料及該伺服認證金鑰。The system for verifying the information dynamically displayed by the mobile terminal according to the seventh aspect of the patent application, wherein the verification server is further configured to: after receiving the identity identification data transmitted by the mobile terminal, transmitting a verification data to the action And determining, after determining that the verification data transmitted by the mobile terminal is correct, and the electronic certificate corresponding to the action authentication key and the servo authentication key transmitted by the mobile terminal is correct, storing the identity identification data and the Servo authentication key.
TW103124465A 2014-07-17 2014-07-17 System for verifying data displayed dynamically by mobile and method thereof TWI529641B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW103124465A TWI529641B (en) 2014-07-17 2014-07-17 System for verifying data displayed dynamically by mobile and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW103124465A TWI529641B (en) 2014-07-17 2014-07-17 System for verifying data displayed dynamically by mobile and method thereof

Publications (2)

Publication Number Publication Date
TW201604804A TW201604804A (en) 2016-02-01
TWI529641B true TWI529641B (en) 2016-04-11

Family

ID=55809673

Family Applications (1)

Application Number Title Priority Date Filing Date
TW103124465A TWI529641B (en) 2014-07-17 2014-07-17 System for verifying data displayed dynamically by mobile and method thereof

Country Status (1)

Country Link
TW (1) TWI529641B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI649706B (en) * 2017-09-15 2019-02-01 網路家庭國際資訊股份有限公司 Verification method of trading platform and trading platform service
TWI760811B (en) * 2020-08-07 2022-04-11 微巨行動科技股份有限公司 Time-effective and regional physical field advertising delivery method and system
US11321439B2 (en) 2018-12-07 2022-05-03 Chunghwa Telecom Co., Ltd. Identity authentication system and method thereof

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI608361B (en) * 2016-09-23 2017-12-11 群暉科技股份有限公司 Electrionic device, server, communication system and communication method
CN106899570B (en) 2016-12-14 2019-11-05 阿里巴巴集团控股有限公司 The processing method of two dimensional code, apparatus and system
TWI620087B (en) * 2017-02-15 2018-04-01 財團法人資訊工業策進會 Authorization server, authorization method and computer program product thereof
TWI644227B (en) * 2017-05-19 2018-12-11 台新國際商業銀行股份有限公司 Cross verification system implemented along with a mobile device and method thereof
TWI640887B (en) * 2017-05-26 2018-11-11 台新國際商業銀行股份有限公司 User verification system implemented along with a mobile device and method thereof
TWI711988B (en) * 2018-03-30 2020-12-01 財金資訊股份有限公司 Mobile payment system and method, computer-readable recording medium and computer program product

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI649706B (en) * 2017-09-15 2019-02-01 網路家庭國際資訊股份有限公司 Verification method of trading platform and trading platform service
US11321439B2 (en) 2018-12-07 2022-05-03 Chunghwa Telecom Co., Ltd. Identity authentication system and method thereof
TWI760811B (en) * 2020-08-07 2022-04-11 微巨行動科技股份有限公司 Time-effective and regional physical field advertising delivery method and system

Also Published As

Publication number Publication date
TW201604804A (en) 2016-02-01

Similar Documents

Publication Publication Date Title
US11323272B2 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
TWI529641B (en) System for verifying data displayed dynamically by mobile and method thereof
US20220342973A1 (en) Systems, apparatus and methods for secure electrical communication of biometric personal identification information to validate the identity of an individual
US9525550B2 (en) Method and apparatus for securing a mobile application
DK2885904T3 (en) PROCEDURE FOR USER-EASY AUTHENTICATION AND DEVICE USING A MOBILE APPLICATION FOR AUTHENTICATION
CN106464673B (en) Enhanced security for authenticating device registration
KR101863953B1 (en) System and method for providing electronic signature service
WO2018145127A1 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
US20130308778A1 (en) Secure registration of a mobile device for use with a session
JPWO2007094165A1 (en) Identification system and program, and identification method
JP6760631B1 (en) Authentication request system and authentication request method
US20130090059A1 (en) Identity verification
KR101933090B1 (en) System and method for providing electronic signature service
USRE49968E1 (en) Electronic identification verification methods and systems with storage of certification records to a side chain