TWI569162B - Identity identification system and its implementing method - Google Patents

Description

Identification system and implementation method thereof

The invention relates to an identification system and an implementation method thereof, in particular to an identification system using an identification barcode and a variation barcode to improve the security of identity recognition and an implementation method thereof.

With the development of information and communication technologies and the maturity of smart phone technology, various online transactions through the Internet and communication types have been widely used by consumers to observe the consumption habits of modern consumers, including cash-sending transactions. Or use credit cards, financial cards, e-tickets, etc.; however, the use of cash transactions, usually accompanied by the risk of inconvenience, loss, etc., but even the use of credit card type of plastic money for consumption, but also generated a pseudo Cards, stolen brushes and other issues, that is to say, the industry has not been able to completely solve the problem of transaction security risks during consumption; in addition, in recent years, the use of smart phones has become highly popular, and the use of smart As a vehicle for payment methods, mobile phones have become an imperative trend. However, the core issue that remains to be solved is how to achieve convenience and high security in the process of providing transactions. Identity identification; at present, the industry has been focusing on near field communication technology (Near Based on Field Communication, NFC, for example, US Pat. No. 8,360,329, US Pat. No. 8,041,338, and US Pat. No. 85,778,10, but because the mainstream smart phones on the market currently have three operating systems, namely IOS, Android, and Windows, therefore, There is a problem that the identification device (reader) of the identification mechanism is difficult to read. For example, so far, there is not yet an NFC reader that can simultaneously read Apple Pay and Google wallet; in addition, in the payment mode conversion In the initial stage, the number of users is not large. In the initial stage, if the merchants need to meet a small number of consumers, they need to invest in additional costs to purchase an NFC reader. Usually, the merchants are not willing to be high. This situation will result in The vicious circle, that is, the customer will not have many NFC readers due to the installation device, and is not willing to apply for mobile wallet and mobile payment.

Under the problem, at present, the simplest solution is to use the encrypted barcode as the identification basis, and the merchant can directly apply the existing linear CCD (Linear charge-coupled device) barcode reading device for identification. The barcode is read. This application mode does not need to spend money to purchase the device. After directly reading the barcode displayed by the customer's mobile phone, and then verifying, the identification can be completed. However, if only this method is used, the application still exists. There is a risk that the barcode will be forged, even if the barcode has been encrypted, but because the existing mechanism is to store the encryption and decryption data in the identification system, it has the possibility of being cracked after being broken.

In view of the above problems, the main object of the present invention is to provide For the above purpose, the present invention mainly utilizes an identification barcode and a changeable barcode that can change with time as the identity of the user. The identification basis, and within a predetermined time (for example, preset to 1 minute), the change bar code will change due to time change, so that when the user end uses the identity generated by his smart phone The identification basis formed by the bar code after matching the bar code is unique at each time point. Further, when the server device of the identification device receives the above identification basis, the same rule is adopted. The barcode is verified, and the identification is completed after the verification is passed. In addition, when the time is changed, even the verified identification basis is still invalid, so that the barcode can be effectively prevented from being forged. No matter whether it is the smart phone of the user end or the server device of the identification device, the above identification basis will not be accessed. Of preventing, for example due to hacking, skimming, etc. causing the problem of lost passwords.

In order to enable your review committee to clearly understand the system composition of the present invention, the flow of the implementation method, and the goals and effects that can be achieved after implementation, the following descriptions are used together with the illustrations, please refer to it.

1‧‧‧identification system

11‧‧‧User side

12‧‧‧Transaction side

112‧‧‧Smart mobile phone

122‧‧‧Barcode data acquisition device

113‧‧‧Application (APP)

114‧‧‧Time Countdown Area

13‧‧‧ Identification mechanism end

132‧‧‧Server device

2‧‧‧Internet

B‧‧‧Initial login

B11‧‧‧ initial login request

B12‧‧‧Accept login request

C01‧‧‧First algorithm

C02‧‧‧Second algorithm

C03‧‧‧ third algorithm

R‧‧‧identification verification

R11‧‧‧Start verification request

R12‧‧‧ barcode capture

R13‧‧‧Receive bar code

R14‧‧‧identification verification

R15‧‧‧ Identification result message

S1‧‧‧Storage Master Key (KEY)

IN01‧‧‧Master Key (KEY)

IN02‧‧‧Virtual Key (KEY)

IN02’‧‧‧Virtual Key (KEY)

IN03‧‧‧Verification Key (KEY)

IN03’‧‧‧Verification Key (KEY)

IN04‧‧‧Change barcode

IN05‧‧‧identification barcode

OUT01‧‧‧Range Change Barcode

Figure 1 is a schematic diagram showing the composition of the system of the present invention.

Fig. 2 is a schematic view showing the flow of the implementation of the present invention.

Please refer to FIG. 1 , which is a schematic diagram of the system composition of the present invention. As shown in the figure, the identity recognition system 1 of the present invention is mainly composed of a smart phone 112 of a user terminal 11 and a The bar code data capturing device 122 of the transaction terminal 12 and the server device 132 of the identification device terminal 13; wherein the smart phone 112 generally refers to a general smart phone, which has a display screen and a smart phone. The display screen displays the barcode and information generated by the application (APP) 113, and has a time countdown area 114, which can be, for example, a graphic display, a digital display, or the like, for displaying the time reciprocal state; The transaction terminal 12 generally refers to a unit that provides a product consumption transaction or a service consumption transaction, for example, a physical store, and the barcode data extraction device 122 can be, for example, a POS machine, and can actively read bar code data. Or an electronic device that can passively input bar code data; in addition, the identification mechanism terminal 13 refers to a unit that provides identity recognition, or refers to a combination of identity identification functions and has a transaction amount. The financial unit to be paid, such as a bank, a credit card issuer, or a provider that can provide a third party payment service, has a server device 132 that is operatively controlled by the identification mechanism terminal 13, mainly through the Internet 2 The barcode data extraction device 122 of the transaction terminal 12 of each cooperation is linked by information.

Please refer to "Fig. 2", which is a method for implementing the identity recognition system of the present invention. As shown in the figure, when a user terminal 11 (or user) wants to use the identity recognition system 1 as Identification of transaction payment instruments At the time of initial use, it is necessary to first perform the procedure of initial login B. This is mainly to enable the user to use the smart phone 112 that he or she carries with him, and to first provide an identification mechanism for providing transaction payment (including payment, appropriation) services. The server device 132 of the terminal 13 completes the initial login (registration), so that the server device 132 can record the identity information of the user terminal 11, please refer to the figure, the process of initial login B is as follows: 1) The client 11 installs an application (APP) 113 with its smart phone 112; (2) executes an application (APP) 113 to send an initial login request to the server device 132 of the identification device 13 B11, the information included in the login request is referred to as a primary key (KEY) IN01, and the content included therein includes user identification information of the user terminal 11, such as the mobile phone of the smart phone 112, and the user terminal 11 ID card number, which must have a single non-repetitive feature, in order to improve the information security level, the application (APP) 113 can also be accompanied by a set of ID codes conforming to a single non-repetitive characteristic, and the above Alleged The user identification information is used together as the master key (KEY) (IN01). To confirm that the user and the mobile phone registrant are the same person, the server device 132 uses the short message to transmit an authentication code to the smart phone application (APP). 113, then the application (APP) 113 then passes the master key (KEY) (IN01) and the authentication code back to the server device 132 of the identification mechanism terminal 13; (3) the server device 132 of the identification mechanism terminal 13 receives To the main key After (KEY) (IN01) (that is, accepting the login request B12), a virtual key (KEY) (IN02) is generated by a preset first algorithm C01, and is transmitted back to the user terminal 11 The application (APP) 113 of the smart phone 112, and at the same time, the server device 132 performs the process of "storing the master key (KEY) (IN01)" S1 by the received master key (KEY) (IN01); (4) After the application (APP) 113 of the smartphone 112 receives the virtual key (KEY) (IN02), the storage B13 is executed.

Summary In the above, when the user terminal 11 completes the above steps in the smart phone 112, the initial login B operation is completed. At this time, the smart phone 112 of the user terminal 11 has been stored. In the future transaction, the virtual key (KEY) (IN02), which is the basis of the identification operation, and the server device 132 of the identification mechanism 13 store the master key (KEY) (IN01) of the smart phone.

For the description, please refer to the "Figure 2". As shown in the figure, when the user terminal 11 wants to start applying the system and method for identity verification R, the user terminal 11 can apply the smart phone 112 to execute the application. The program (APP) 113 causes the verification request R11 to be started. After the startup, the execution process is as follows: (1) The virtual key (KEY) (IN02) is operated by a second algorithm C02 to generate a verification key ( KEY) (IN03); (2) The verification key (KEY) (IN03) is followed by a third calculation After the C03 operation, a variable barcode (IN04) in the form of a code is generated and displayed on the screen of the smart phone 112, wherein the third algorithm C03 includes at least one time change to an operation parameter. The calculation program makes the change bar code (IN04) continuously change with time. According to this, when the change bar code (IN04) is generated, the time-reversed time zone 114 starts to generate the countdown action and ends at the preset time countdown. When the third algorithm C03 is repeated, the verification key (KEY) (IN03) is recalculated to generate a new change barcode (IN04); (3) an identification barcode converted from the user identification information is generated. (IN05) and displayed on the screen of the smart phone 112; (4) a bar code data capturing device 122 of the transaction terminal 12, in an active manner, the identification bar code displayed on the screen of the smart phone 112 (IN05) And the change bar code (IN04) performs barcode capture R12, or can passively input the digital information input on the barcode data capture device 122 and attached to the bottom (or periphery) of the barcode; thereby, the barcode data capture device 122 is Get identity After the barcode (IN05) and the change barcode (IN04), it is transmitted to the server device 132 of the identification mechanism terminal 13 via the Internet; (5) the server device 132 of the identification mechanism 13 receives the identity described above. After identifying the barcode (IN05) and the change barcode (IN04), the primary key (KEY) (IN01) stored in the server device 132 is first retrieved via the corresponding identification barcode (IN05), and then, by the server device 132. Based on the above-mentioned master key (KEY) (IN01), first The algorithm C01 calculates the virtual key (KEY) (IN02'), and then uses the virtual key (KEY) (IN02') to calculate the verification key (KEY) (IN03') with the second algorithm C02; (6) In the above, the server device 132 calculates the one or more fixed interval variation barcodes (OUT01) based on the verification key (KEY) (IN03') and the third algorithm C03. The generation of the interval variation bar code (OUT01) is also calculated by the third algorithm C03. Therefore, in the operation process, at least one calculation program with time change as the operation parameter is also included; The time after the identification bar code (IN05) and the change bar code (IN04) of the smart phone 112 of the client 11 are retrieved, until the time when the server device 132 calculates the fixed interval change bar code (OUT01) , there will be a time difference (although the time difference is extremely short), and in order to avoid the time difference caused by the subsequent verification comparison, the calculation program that changes the time to the operation parameter can calculate the time difference as continuity, and then Out of a time interval, for example, The time after the identification bar code (IN05) and the change bar code (IN04) are retrieved, the difference between the time when the server device 132 calculates the fixed interval change bar code (OUT01) is three minutes (actually it may be Shorter or longer, not limited to this, the calculation program that uses time to change the operation parameters can be operated for one time unit per minute, and for three consecutive minutes, so that a set of Interval change bar code (OUT01), if it is three minutes, there are three points in front, middle and back. The three fixed interval change bar codes of the clock; (7) the server device 132 performs the identity verification R14, and the server device 132 compares the bar code (OUT01) based on the fixed interval, and compares the bar code (IN04); (8) the server The device 132 sends a recognition result message R15 back to the barcode data extraction device 122 of the transaction terminal 12, and if the result of the identification result message R15 of the identity verification verification R14 is yes (conformity), the transaction can be performed, otherwise, Subsequent trading actions cannot be performed.

Summary As can be seen from the above, after the user terminal initially completes, for example, login (registration) using the server device of the smart phone and the identification mechanism, the server device only retains the key (KEY) data of the smart phone at the initial login. And the key (KEY) data is encrypted and has a high degree of security; and, in the smart phone of the user end, if the identity recognition application is not executed (ie, the verification request has not been started), then only The virtual key (KEY) is saved, and the virtual key (KEY) described above is also encrypted by the algorithm, which is also highly secure; even if the server device is really invaded, or the data of the smart phone Stolen, there is no correlation between the key (KEY) data stored by a separate server or the virtual key (KEY) data of the user; accordingly, only under normal use, the user After the original initial login smart phone, after executing the identity recognition application (initiating the verification request), the original stored virtual key (KEY) can be calculated to generate a verification key (KEY). And the verification key (KEY) will be processed and the barcode will be generated in the form of one-time data. The barcode is transmitted to the server device for identification after being retrieved by the barcode data acquisition device on the transaction side; further, the server device can only obtain the verification key (KEY) of the user terminal. Only when there is a way to find the primary key (KEY) of the initial login of the user end, and it is necessary to find the key (KEY), it is possible to continue the calculation and obtain a fixed interval change barcode that can be verified. And verifying; that is, after the system composition and method according to the present invention is implemented, at least the following advantages are included:

(1) The security is high. Even if the server device is invaded by the hacker and the data is stolen, the hacker only obtains the separate key (KEY) data. In fact, it does not make any sense because the master key (KEY) The follow-up calculation of the data must be based on the user's verification key (KEY).

(2) The change bar code sent by the smart phone of the user end and the fixed range change bar code generated by the server device are used as the basis for identity verification, and the effective time is extremely short, and both will change continuously according to time. Security can effectively prevent problems such as data being recorded and stolen.

(3) When requesting identity identification, the user only needs to open the application (APP), which can be achieved without any network environment or communication, and does not need to form an information link with the server device.

It can be seen from the above that after the implementation of the present invention, it is indeed possible to provide an identity recognition system with high security and convenient operation and an implementation method thereof.

The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention; any changes and modifications made by those skilled in the art without departing from the spirit and scope of the invention All should be covered by the patent of the present invention.

In summary, the effects of the present invention are patents such as "industry availability," "novelty," and "progressiveness" of the invention; the applicant filed an invention patent with the bureau in accordance with the provisions of the Patent Law. Application.

1‧‧‧identification system

11‧‧‧User side

12‧‧‧Transaction side

112‧‧‧Smart mobile phone

122‧‧‧Barcode data acquisition device

114‧‧‧Time Countdown Area

13‧‧‧ Identification mechanism end

132‧‧‧Server device

2‧‧‧Internet

Claims (9)

An identification system for providing an authentication process for a user to perform an identity verification using a smart phone held by the user terminal, comprising: the smart phone is installed with an application, and after executing the application, A verification request is initiated, and a virtual key stored in the smart phone is subjected to a second algorithm operation to generate a verification key, and the verification key is further processed by a third algorithm to generate a set of variable barcodes. And the change bar code and a simultaneously generated identification bar code are synchronously displayed on a display screen of the smart phone; a bar code data capture device on the transaction end is configured to retrieve the identity bar code and the change bar code, and then transmit And a server device at the end of the identification mechanism; and the server device searches for the identity recognition bar code obtained by the server device, and searches for the initial registration procedure of the smart phone that was once stored in the server device a master key, and the first key algorithm is retrieved by a first algorithm to generate another virtual key, and then another virtual key The second algorithm operates to generate another verification key, and the other verification key is operated by the third algorithm to obtain a set of fixed interval change barcodes, wherein the set of interval change barcodes is preceded by at least three timings. The medium and long fixed interval variation bar codes are composed, and the server device performs the identity identification verification process by using the set interval variable bar code and the variable bar code. The identity recognition system according to claim 1, wherein the third algorithm includes at least one calculation program that changes time to an operation parameter, so that the variation barcode and the fixed interval variation barcode can change with time. Constantly changing. The identification system of claim 1, wherein the display screen of the smart phone has a time countdown area, and when the change bar code is generated, the time countdown area begins to generate a countdown operation, and Repeat at the end of a preset time countdown The third algorithm generates a new change bar code after the verification key is recalculated. The identity recognition system of claim 3, wherein the presentation of the time countdown zone is any one of a graphic display or a digital display or a combination thereof. An implementation method for an identity recognition system is provided to provide a user terminal to initiate an authentication request with a smart phone held by the user terminal for identity verification. When the verification request is initiated, the implementation method includes: A virtual key stored in the smart phone is subjected to a second algorithm to generate a verification key; after the third algorithm is operated by the third algorithm, a variable bar code in the form of a code is generated and displayed on the virtual key. a display screen of the smart phone, and the third algorithm includes at least one calculation program that changes the time into an operation parameter, so that the change bar code can be continuously changed with time, and the change The barcode is generated according to the identification barcode of the smart phone and the time after the change bar code is captured, until the time when the server device calculates the fixed interval change bar code, the third time In the algorithm, the calculation program that changes the time to the operation parameter can calculate the time difference as continuity, and then obtain a time interval. The change bar code in the set interval may be obtained, and the set interval change bar code is composed of at least three fixed interval bar codes of the front, middle and back; and an identity bar code converted by the user identification information is generated and displayed on The display screen of the smart phone; a barcode data capture device on the transaction side, capturing the identification barcode and the change barcode displayed on the display screen of the smart phone, and the identification barcode and the change The barcode is transmitted to a server device of an identification device via an internet network; after receiving the identification barcode and the change barcode, the server device first searches for the previous storage based on the identification barcode. a master key of the server device, Then, based on the master key, the server device calculates a virtual key by using a first algorithm, and then, based on the virtual key, calculates a verification key by using the second algorithm, and then Based on the verification key, the third algorithm is calculated to obtain a fixed interval variation bar code, and the operation process of the third algorithm includes at least one calculation program that changes time into an operation parameter; and the server The device is based on the fixed interval variation bar code, whether the change bar code matches the fixed interval change bar code, and after the comparison is completed, a recognition result message is generated according to the result; and the server device returns the identification result message A code data capture device to a transaction end, if the result of the identification result message is yes, the transaction can be performed, and if the result of the identification result message is no, the subsequent transaction action cannot be performed. The method for implementing an identity recognition system according to claim 5, wherein the change bar code is in accordance with the identity verification if it falls within the interval of the fixed interval change bar code. The method for implementing the identity recognition system according to claim 5, wherein before the program for verifying the request is started, if the smart phone is the first implementation method of the identity recognition system of the present invention, the information link must be first An initial login procedure is performed to the server device. The method for implementing the identity recognition system according to the seventh aspect of the invention, wherein the initial login procedure comprises: the user terminal installing an application (APP) on the smart phone; executing the application to make the application The server device at the identification mechanism sends an initial login request, and the initial login request is defined as a master key. The master key content includes at least one user identification information of the user end, and the user identification information must have a match. a single non-repeating feature, in order to confirm that the user is the same person as the registrant of the smart phone, The server device transmits the authentication code to the application (APP) of the smart phone in a short message manner, and then the application program (APP) transmits the master key and the authentication code to the server at the identification mechanism end. After receiving the master key, the server device generates a virtual key through a preset first algorithm operation, and transmits the virtual key to the smart phone of the user end for storage, and At the same time, the server device stores the received master key. In the method for implementing the identity recognition system described in claim 8, the application may also be accompanied by generating a set of ID codes conforming to a single non-repetitive characteristic, and together with the above-mentioned user identification information. Match the information content as the master key.