TWI642010B - Electronic transaction password reset system and method thereof - Google Patents

Electronic transaction password reset system and method thereof Download PDF

Info

Publication number
TWI642010B
TWI642010B TW105124249A TW105124249A TWI642010B TW I642010 B TWI642010 B TW I642010B TW 105124249 A TW105124249 A TW 105124249A TW 105124249 A TW105124249 A TW 105124249A TW I642010 B TWI642010 B TW I642010B
Authority
TW
Taiwan
Prior art keywords
password
mobile device
card
application
platform server
Prior art date
Application number
TW105124249A
Other languages
Chinese (zh)
Other versions
TW201804389A (en
Inventor
潘同勇
何昱辰
Original Assignee
臺灣行動支付股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 臺灣行動支付股份有限公司 filed Critical 臺灣行動支付股份有限公司
Priority to TW105124249A priority Critical patent/TWI642010B/en
Publication of TW201804389A publication Critical patent/TW201804389A/en
Application granted granted Critical
Publication of TWI642010B publication Critical patent/TWI642010B/en

Links

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

本發明提供一種電子交易之密碼重設系統及其方法,包含有行動裝置訊號連接平台伺服器及發卡伺服器,首先利用行動裝置選擇密碼忘記或鎖定之設定,行動裝置藉由預設虛擬卡對應輸入核驗資料,將所輸入的核驗資料傳輸到平台伺服器,藉由平台伺服器與發卡伺服器確認核驗資料,確認後,自發卡伺服器接收密碼訊息,輸入密碼訊息經由平台伺服器與發卡伺服器核驗,核驗成功後使平台伺服器啟動密碼重設,再藉由行動裝置設定新密碼。本發明利用第三方平台伺服器及嚴謹的驗證過程,以增加密碼忘記或鎖定時,重新設定的安全性,避免虛擬卡被盜用。The invention provides a password reset system for electronic transaction and a method thereof, comprising a mobile device signal connection platform server and a card issuing server, firstly selecting a password forgetting or locking setting by using a mobile device, and the mobile device corresponding to the virtual card by using a preset virtual card Enter the verification data, transfer the verification data entered to the platform server, and confirm the verification data by the platform server and the card issuer server. After confirmation, the self-issued card server receives the password message, and enters the password message via the platform server and the card issuer. After the verification, the platform server starts the password reset and the new password is set by the mobile device. The invention utilizes a third-party platform server and a rigorous verification process to increase the security of the password when the password is forgotten or locked, and the virtual card is prevented from being stolen.

Description

電子交易之密碼重設系統及其方法Electronic transaction password reset system and method thereof

本發明係關於一種具有重新設定密碼的系統及其方法,尤其是一種可以使用虛擬卡的行動裝置,其係利用與發卡伺服器及第三方平台伺服器之訊號連接,並在密碼忘記或鎖定時所形成的電子交易之密碼重設系統及其方法。The present invention relates to a system having a reset password and a method thereof, and more particularly to a mobile device that can use a virtual card, which uses a signal connection with a card issuing server and a third-party platform server, and when the password is forgotten or locked The formed electronic transaction password reset system and method thereof.

自上個世紀以來,全球網際網路普及後,數十年之間隨著科技產品的成長以及網路普及化,產生出新的商業模式,例如電子商務(e-commerce)的發展,可以在線上販賣商品、進行交易以及完成支付,造成使用者在家即可瀏覽商品。或是隨著智慧型手機等行動裝置的普及,再結合網路傳輸,改善使用者外出購物的消費方式,例如電子錢包或雲端行動支付等,可讓使用者不用帶太多現金及卡片在身上,以避免使用者錢包遺失時帶來不便及困擾。Since the last century, after the global Internet has become popular, with the growth of technology products and the popularity of the Internet, new business models have emerged, such as the development of e-commerce. Selling goods online, making transactions, and completing payments, allowing users to browse products at home. Or with the popularity of mobile devices such as smart phones, combined with network transmission, to improve the way consumers spend shopping, such as e-wallet or cloud mobile payment, so that users do not have to bring too much cash and cards on their bodies. To avoid inconvenience and trouble when the user's wallet is lost.

雲端行動支付主要係利用使用者的行動裝置中,透過近場通信(Neat Field Communication,NFC)這種短距離的無線連接技術,再結合網路雲端以達成近端行動支付,但利用NFC之技術,則缺乏安全性。因此產生一主機卡仿真(Host Card Emulation,HCE)系統,並提供ISO 14443及ISO 7816的NFC標準通訊方法,雖然使用者智慧型手機所能提供之資料或對於行動支付的保護有限,但HCE可以搭配強大的後端伺服器平台,以使儲存在手機上的機敏資料減少,或限定使用次數及時間等,利用HCE的強大後端伺服器平台作風險偵測及管控,以降低行動支付的安全風險。Cloud mobile payment mainly utilizes the user's mobile device, through short-range wireless connection technology such as Neat Field Communication (NFC), combined with the network cloud to achieve near-end mobile payment, but using NFC technology , there is a lack of security. Therefore, a Host Card Emulation (HCE) system is generated, and the NFC standard communication method of ISO 14443 and ISO 7816 is provided. Although the information provided by the user's smart phone or the protection for mobile payment is limited, the HCE can With a powerful back-end server platform to reduce the amount of smart data stored on mobile phones, or limit the number of uses and time, use HCE's powerful back-end server platform for risk detection and control to reduce the security of mobile payments. risk.

因此,本創作有鑑於上述HCE行動支付之優勢,提供一種電子交易之密碼重設系統及其方法,在行動支付方面提供一種更為安全的密碼重設方法,以避免自身的電子交易應用程式之密碼容易被有心人士盜用。Therefore, in view of the above advantages of HCE action payment, the present invention provides a password reset system for electronic transactions and a method thereof, and provides a more secure password reset method for mobile payment to avoid its own electronic transaction application. Passwords are easily stolen by people with a heart.

本發明之主要目的係在提供一種電子交易之密碼重設系統及其方法,當使用者忘記密碼或是密碼被鎖定時,利用一第三方的平台伺服器,作為使用者端的行動裝置與發卡單位的溝通橋樑,並確實執行行動裝置對發卡單位的訊息傳輸,以成為密碼重設的管理媒介,透過多一層的防護,避免行動裝置中的虛擬卡容易被有心士盜用。The main purpose of the present invention is to provide a password reset system for electronic transactions and a method thereof. When a user forgets a password or a password is locked, a third-party platform server is used as a mobile device and a card issuing unit of the user end. The communication bridge, and indeed the mobile device's message transmission to the card issuer, to become the management medium for password reset, through a layer of protection, to avoid the virtual card in the mobile device is easily stolen by the mind.

本發明之另一目的係在提供一種電子交易之密碼重設系統及其方法,當使用者忘記密碼或是不慎打錯太多次時,可利用像是使用者的個人電話或是身分證字號等私人核驗資料以及得知發卡單位之密碼訊息,使用者僅需在行動裝置上正確輸入所有的私人資料,即可重新進行密碼重設,以避免因忘記密碼而無法使用虛擬卡之困擾。Another object of the present invention is to provide a password reset system for electronic transactions and a method thereof, which can utilize a personal telephone or an identity card such as a user when the user forgets the password or accidentally makes a mistake too many times. Personal verification data such as the font size and the password information of the card issuer, the user only needs to correctly input all the personal data on the mobile device, and then re-set the password to avoid the trouble of not using the virtual card for forgetting the password.

為了達到上述的目的,本發明提供一種電子交易之密碼重設系統,包含一行動裝置,在行動裝置中設有虛擬卡,且行動裝置可執行密碼忘記或鎖定時的設定,並在設定中輸入一核驗資料;一平台伺服器係訊號連接行動裝置,並接收行動裝置所傳輸的核驗資料;以及一發卡伺服器訊號連接平台伺服器及行動裝置,發卡伺服器接收並確認平台伺服器所傳輸的核驗資料,再傳輸一密碼訊息至行動裝置,行動裝置再輸入密碼訊息並藉由平台伺服器回傳至發卡伺服器確定後,發卡伺服器則使平台伺服器重新啟動密碼的設定,以使行動裝置可以開始設定一新密碼。In order to achieve the above object, the present invention provides a password resetting system for electronic transactions, comprising a mobile device, wherein a virtual card is provided in the mobile device, and the mobile device can perform setting when the password is forgotten or locked, and input in the setting. a verification data; a platform server is connected to the mobile device and receives the verification data transmitted by the mobile device; and a card issuing server is connected to the platform server and the mobile device, and the card issuing server receives and confirms the transmission transmitted by the platform server. Verifying the data, and then transmitting a password message to the mobile device. After the mobile device enters the password message and returns it to the card issuing server through the platform server, the card issuing server causes the platform server to restart the password setting to make the action. The device can start setting a new password.

為了達到上述的目的,本發明亦提供一種電子交易之密碼重設方法,包含以下步驟,利用一行動裝置選擇密碼忘記或鎖定的設定,行動裝置再藉由一預設虛擬卡,以對應輸入一核驗資料,將所輸入的核驗資料傳輸到一平台伺服器,並藉由平台伺服器與預設虛擬卡的發卡伺服器確認核驗資料;行動裝置自發卡伺服器接收一密碼訊息;自行動裝置輸入密碼訊息,並傳輸密碼訊息到平台伺服器,以藉由平台伺服器與發卡伺服器核驗密碼訊息;發卡伺服器核驗成功後,以使平台伺服器啟動密碼的重新設定;最後,行動裝置藉由平台伺服器的密碼重新設定,以設定一組新密碼。In order to achieve the above object, the present invention also provides a password resetting method for an electronic transaction, comprising the steps of: using a mobile device to select a password forgotten or locked setting, and the mobile device further inputs a corresponding virtual card by using a preset virtual card. Verification data, the input verification data is transmitted to a platform server, and the verification data is confirmed by the platform server and the card issuing server of the preset virtual card; the mobile device receives a password message from the server; the mobile device inputs The password message and the password message is transmitted to the platform server to verify the password message by the platform server and the card issuing server; after the card issuing server verifies the verification, the platform server starts the password resetting; finally, the mobile device uses the The platform server password is reset to set a new set of passwords.

在本發明的行動裝置中更設有一應用程式,其係設有一預設虛擬卡,並可執行密碼忘記或鎖定之設定。In the mobile device of the present invention, an application is further provided, which is provided with a preset virtual card, and can perform setting of password forgetting or locking.

在本發明的發卡伺服器係直接傳輸密碼訊息至行動裝置中,例如以簡訊方式發送。In the card issuing server of the present invention, the password message is directly transmitted to the mobile device, for example, in a short message.

在本發明的行動裝置中可設定至少一虛擬卡,行動裝置所設定之第一張虛擬卡可被視為預設虛擬卡,或是行動裝置可以在這些虛擬卡中,自行選擇一張虛擬卡作為預設虛擬卡。At least one virtual card may be set in the mobile device of the present invention, and the first virtual card set by the mobile device may be regarded as a preset virtual card, or the mobile device may select a virtual card in the virtual card. As a preset virtual card.

在本發明的核驗資料係為發卡伺服器所提供,以作為驗證行動裝置的使用者身分之資料。The verification data of the present invention is provided by the card issuing server as information for verifying the identity of the user of the mobile device.

在本發明的行動裝置藉由預設虛擬卡對應輸入核驗資料的步驟之前,更包括以下步驟,判斷行動裝置是否設有虛擬卡,若是則行動裝置直接輸入核驗資料,若否則行動裝置進行安全問題的核驗,並判斷安全問題的回答是否正確,回答正確時,平台伺服器重新啟動密碼的設定,並讓行動裝置設定一組新密碼;若回答不正確時,則重新註冊,自平台伺服器取得一唯一識別碼。Before the step of inputting the verification data by the preset virtual card, the mobile device of the present invention further includes the following steps: determining whether the mobile device is provided with a virtual card, and if so, the mobile device directly inputs the verification data, if otherwise, the mobile device performs security problems. Check and judge whether the answer to the security question is correct. When the answer is correct, the platform server restarts the password setting and allows the mobile device to set a new password. If the answer is incorrect, re-register and obtain it from the platform server. A unique identifier.

底下藉由具體實施例配合所附的圖式詳加說明,當更容易瞭解本發明之目的、技術內容、特點及其所達成之功效。The purpose, technical contents, features and effects achieved by the present invention will be more readily understood by the detailed description of the embodiments and the accompanying drawings.

現今,使用行動裝置進行付款的方式,已經成為未來消費付款的趨勢,除了利用行動裝置作電子錢包,以進行小額付款外,更可利用HCE系統,將各家銀行或發卡機構所發行的信用卡、金融卡或是各種儲值卡等變成虛擬卡,並儲存在使用者的行動裝置中,以形成一種數位皮夾的創新概念,減少使用者日後所需要攜帶在身上的物件,因此在數位皮夾中,對於虛擬卡的保管安全性則更是十分重要。Nowadays, the use of mobile devices for payment has become a trend of future consumer payments. In addition to using mobile devices as e-wallets for small payments, the HCE system can be used to transfer credit cards issued by banks or card issuers. The financial card or various stored value cards become virtual cards and are stored in the user's mobile device to form an innovative concept of a digital wallet, which reduces the number of objects that the user needs to carry on the body in the future, so the digital wallet In the middle, it is more important to keep the security of the virtual card.

首先,請先參照本發明第一圖所示,一種電子交易之密碼重設系統10包含一行動裝置12,其中設有一應用程式122,且應用程式122中設有虛擬卡124,虛擬卡124係可代表信用卡、金融卡、簽帳卡、儲值卡或電子票證智慧卡,本發明不限制虛擬卡124的數量,本實施例先以一代表信用卡的虛擬卡124為例,並係為預設虛擬卡124,而行動裝置12係為智慧型手機及應用程式122係為行動應用程式(Mobile Application,Mobile App),但本創作並不限制行動裝置12是否非為智慧型手機,亦可選用平板電腦;一平台伺服器14係訊號連接行動裝置12及一發卡伺服器16,本實施例中行動裝置12、平台伺服器及發卡伺服器16的訊號連接係為無線連接的方式,發卡伺服器16係為特定的虛擬卡124的發卡機構的伺服器,假設虛擬卡124係為玉山銀行所發行之,則發卡伺服器16則係為玉山銀行的伺服器,在本發明中不限制虛擬卡124及發卡伺服器16該為哪一家銀行所提供。First, referring to the first figure of the present invention, an electronic transaction password resetting system 10 includes a mobile device 12, wherein an application 122 is disposed, and the application 122 is provided with a virtual card 124, and the virtual card 124 is provided. The credit card, the financial card, the charge card, the stored value card or the electronic ticket smart card may be used. The present invention does not limit the number of the virtual card 124. In this embodiment, a virtual card 124 representing a credit card is taken as an example, and is preset. The virtual card 124, and the mobile device 12 is a smart phone and the application 122 is a mobile application (Mobile Application), but the creation does not limit whether the mobile device 12 is not a smart phone, or a tablet. A platform server 14 is connected to the mobile device 12 and a card issuing server 16. In this embodiment, the signal connection of the mobile device 12, the platform server and the card issuing server 16 is a wireless connection mode, and the card issuing server 16 is provided. As the server of the card issuing institution of the specific virtual card 124, if the virtual card 124 is issued by Yushan Bank, the card issuing server 16 is the server of Yushan Bank. In the present invention, it is not limited to which bank the virtual card 124 and the card issuing server 16 should provide.

承接上段,行動裝置12可以執行密碼忘記或是密碼鎖定時的設定,例如開啟應用程式122欲使用預設虛擬卡時,要進行密碼登入,而使用者忘記應用程式122的密碼是多少,或是此應用程式122有設定輸入密碼錯誤超過幾次會進行密碼鎖定,以避免有心人士嘗試破解密碼。此時,使用者可以輸入核驗資料登入,核驗資料係為發卡伺服器16所提供作為驗證行動裝置12之使用者的身分資料,例如使用者的出生年月日、身分證字號、或是各種自行設定的資料數據。平台伺服器14可以接收行動裝置12所傳輸的核驗資料,並再傳輸至發卡伺服器16確認,發卡伺服器16確認完核驗資料無誤後,則會傳輸一密碼訊息至行動裝置12,本實施例的密碼訊息係為單次有效密碼(One Time Password,OTP),例如可以用簡訊的方式傳輸至行動裝置12,以通知使用者密碼訊息為何,使用者再從行動裝置12中輸入密碼訊息至平台伺服器14,平台伺服器14再回傳回發卡伺服器16以確認密碼訊息,接著發卡伺服器16則會通知平台伺服器14重新啟動密碼的設定,使用者再透過平台伺服器14得知,並可以於行動裝置12上設定一新密碼。In the above paragraph, the mobile device 12 can perform the setting of the password forgotten or the password is locked. For example, when the application 122 is used to use the preset virtual card, the password is logged in, and the user forgets the password of the application 122, or This application 122 has a password setting error for more than a few times to prevent the person from trying to crack the password. At this time, the user can enter the verification data to log in. The verification data is the identity information provided by the card issuing server 16 as the user of the verification mobile device 12, such as the date of birth of the user, the identity card number, or various self-identifications. Set data data. The platform server 14 can receive the verification data transmitted by the mobile device 12, and then transmit it to the card issuing server 16 for confirmation. After the card issuing server 16 confirms that the verification data is correct, a password message is transmitted to the mobile device 12, this embodiment The password information is a One Time Password (OTP), for example, can be transmitted to the mobile device 12 by means of a short message to notify the user of the password message, and the user inputs the password message from the mobile device 12 to the platform. The server 14 and the platform server 14 are sent back to the card issuing server 16 to confirm the password message, and then the card issuing server 16 notifies the platform server 14 to restart the setting of the password, and the user then knows through the platform server 14. A new password can be set on the mobile device 12.

說明完本發明的連接關係及作動方式後,接著詳細說明本發明的電子交易之密碼重設方法,請參照本發明第二圖所示,並請同時參照第一圖。當使用者欲使用預設虛擬卡124,而忘記密碼或是密碼被鎖定時,首先,如步驟S10所示,利用行動裝置12選擇密碼忘記或密碼鎖定之設定,例如忘記密碼時可以點選行動裝置12中應用程式122的密碼忘記,或是當輸入太多次錯誤密碼後,密碼被鎖定時可以點選行動裝置12中應用程式122的密碼鎖定,以進行下一步驟。如步驟S12所示,行動裝置12藉由預設虛擬卡124,對應輸入一核驗資料,此時應用程式122中會記錄預設虛擬卡124所對應的核驗資料,例如使用者的身分證字號、預設電話號碼或是生日資料等,本發明不限制核驗資料的項數及內容。如步驟S14所示,使用者透過行動裝置12輸入核驗資料後,再傳輸至平台伺服器14中,接著,藉由平台伺服器14與發卡伺服器16確認核驗資料,並進入到下一步驟。如步驟S16所示,當發卡伺服器16確認核驗資料正確後,則會直接傳輸一密碼訊息至行動裝置12中,例如,使用者可以自行動裝置12中接受一組具有密碼訊息的簡訊。如步驟S18所示,使用者當得知密碼訊息後,可以將密碼訊息在行動裝置12中輸入,可輸入至行動裝置12的應用程式122中並傳輸至平台伺服器14,再藉由平台伺服器14與發卡伺服器16核驗密碼訊息。如步驟S20所示,發卡伺服器16核驗成功之後,則會通知平台伺服器14,以使平台伺服器14可以準備啟動密碼之重新設定。如步驟S22所示,當平台伺服器14準備啟動密碼重設時,使用者則可以在行動裝置12上設定一組新的密碼,以解決密碼忘記或是密碼鎖定時的困境。After explaining the connection relationship and the operation method of the present invention, the password reset method for the electronic transaction of the present invention will be described in detail. Please refer to the second figure of the present invention, and refer to the first figure at the same time. When the user wants to use the preset virtual card 124 and forgets the password or the password is locked, first, as shown in step S10, the mobile device 12 is used to select a password forgotten or password lock setting, for example, when the password is forgotten, the action can be clicked. The password of the application 122 in the device 12 is forgotten, or when the wrong password is entered too many times, the password lock of the application 122 in the mobile device 12 can be clicked when the password is locked for the next step. As shown in step S12, the mobile device 12 inputs a verification data correspondingly by the preset virtual card 124. At this time, the verification data corresponding to the preset virtual card 124 is recorded in the application 122, for example, the user's identity card number, The preset telephone number or birthday data, etc., the present invention does not limit the number and content of the verification data. As shown in step S14, the user inputs the verification data through the mobile device 12, and then transmits the verification data to the platform server 14. Then, the platform server 14 and the card issuing server 16 confirm the verification data, and proceeds to the next step. As shown in step S16, when the card issuing server 16 confirms that the verification data is correct, a password message is directly transmitted to the mobile device 12. For example, the user can accept a group of short messages with a password message from the mobile device 12. As shown in step S18, after the user knows the password message, the password information can be input into the mobile device 12, input into the application 122 of the mobile device 12, and transmitted to the platform server 14, and then served by the platform servo. The device 14 and the card issuing server 16 verify the password message. After the verification of the card issuer server 16 as shown in step S20, the platform server 14 is notified to enable the platform server 14 to prepare for resetting the activation password. As shown in step S22, when the platform server 14 is ready to initiate a password reset, the user can set a new set of passwords on the mobile device 12 to resolve the dilemma when the password is forgotten or the password is locked.

上述的實施例是在說明行動裝置的應用程式具有虛擬卡時的密碼忘記或密碼鎖定的方法,本發明更新增一種判斷是否設有虛擬卡的步驟,請參照本發明第三圖所示,並請同時參照第一圖及第二圖。在進行步驟S12之前及步驟S10之後具有一步驟S11,如步驟S11所示,先判斷行動裝置12中是否設有虛擬卡124,若行動裝置12中沒有設置虛擬卡124時則進入步驟S24。如步驟S24所示,使用者可在行動裝置12上進行安全問題之檢核,例如應用程式122中會設置一或多個問題,以供使用者對應進行回答,並判斷使用者針對安全問題是否有回答正確,若是則進入到步驟S26中,藉由平台伺服器14重新啟動密碼設定,再經由行動裝置12重新設定一組新的密碼;若使用者針對安全問題,沒有回答正確時則進入到步驟S28,使用者則需要利用行動裝置12重新註冊。接著請再回到上述的步驟S11,若行動裝置12中有虛擬卡124,則進入到步驟S12,行動裝置12則藉由預設虛擬卡124,對應輸入一核驗資料,然而後續的步驟則如上個段落中,接續步驟S12後的後續步驟,直到行動裝置12上可以設定一組新的密碼為止,恕不在此贅述。The above embodiment is a method for explaining password forgetting or password locking when the application of the mobile device has a virtual card. The present invention updates a step of determining whether a virtual card is provided, please refer to the third figure of the present invention, and Please refer to the first figure and the second figure at the same time. Before step S12 and after step S10, there is a step S11. As shown in step S11, it is first determined whether or not the virtual card 124 is provided in the mobile device 12. If the virtual card 124 is not provided in the mobile device 12, the process proceeds to step S24. As shown in step S24, the user can check the security problem on the mobile device 12. For example, the application 122 may set one or more questions for the user to respond to, and determine whether the user has a security question. If the answer is correct, if yes, proceed to step S26, restart the password setting by the platform server 14, and then reset a new set of passwords via the mobile device 12; if the user does not answer correctly for the security question, the user enters In step S28, the user needs to re-register with the mobile device 12. Then, please go back to the above step S11. If there is a virtual card 124 in the mobile device 12, then the process goes to step S12, and the mobile device 12 inputs a verification data correspondingly by the preset virtual card 124, but the subsequent steps are as above. In the following paragraphs, the subsequent steps after step S12 are continued until a new set of passwords can be set on the mobile device 12, and will not be described here.

承接上段,以詳加說明第三圖中的步驟S28之各個細部步驟,以說明重新註冊的方法,並請參照本發明第四圖所示,且同時參照第一圖。首先,如步驟S280所示,使用者利用行動裝置12以輸入自身的手機電話號碼,並且傳輸至平台伺服器14中,以進入到下一步驟。如步驟S282所示,平台伺服器14再利用使用者的電話號碼,以簡訊方式發送驗證訊息至行動裝置12中,藉此以確認使用者所輸入的電話號碼是否正確,本實施例中的驗證訊息係為單次有效密碼。如步驟S284所示,使用者再自行動裝置12中回覆驗證訊息,將所收到的一組數字輸入,以傳輸至平台伺服器14中。如步驟S286所示,平台伺服器14則會驗證所收的數字是否為驗證訊息,以驗證使用者手機號碼的正確性。如步驟S288所示,驗證完之後,使用者則可以在行動裝置12設定自己的安全性問題及註冊密碼,並將設定好的安全性問題及註冊密碼傳輸至平台伺服器14,以自平台伺服器14取得屬於使用者本身唯一的識別碼,則完成重新註冊的程序。The upper part is taken to explain in detail the detailed steps of step S28 in the third figure to explain the method of re-registration, and please refer to the fourth figure of the present invention, and refer to the first figure at the same time. First, as shown in step S280, the user uses the mobile device 12 to input his own mobile phone number and transmits it to the platform server 14 to proceed to the next step. As shown in step S282, the platform server 14 uses the user's phone number to send a verification message to the mobile device 12 in a short message manner, thereby confirming whether the phone number input by the user is correct, and the verification in this embodiment. The message is a single valid password. As shown in step S284, the user replies to the verification message from the mobile device 12 and inputs the received set of numbers for transmission to the platform server 14. As shown in step S286, the platform server 14 verifies whether the received number is a verification message to verify the correctness of the user's mobile number. As shown in step S288, after the verification is completed, the user can set his own security question and registration password in the mobile device 12, and transmit the set security question and registration password to the platform server 14 to self-platform servo. The device 14 obtains the identification code belonging to the user's own uniqueness, and completes the procedure of re-registration.

本發明利用一連串的驗證方式以避免有心人士不斷地試圖破解使用者的密碼,並利用設定核驗資料以避免他人撿走使用者的行動裝置後,可以輕易地更改密碼,以保護虛擬卡不會輕易被人盜用、盜刷。或著,本發明利用密碼訊息之設置,一旦遇到有心人士企圖利用入侵程式,試圖破解使用者的核驗資料時,也仍然需要行動裝置以得知密碼訊息。本發明經由平台伺服器的設置則可以管理預設虛擬卡的核驗資料,並且作為虛擬卡與發卡機構的發卡伺服器的溝通橋樑,透過多一個平台伺服器的設置,更對主機卡仿真系統作出多一層的防護,更增強了數位皮夾的使用安全性。上述的虛擬卡數量係為一張,當使用者在行動裝置中存有複數張虛擬卡時,則需要平台伺服器作卡片的管理,並且對應不同的發卡機構會有不同的發卡伺服器。然而,設置預設虛擬卡方法可以利用使用者所設置的第一張虛擬卡作為預設虛擬卡,或是使用者可以自行從多張虛擬卡中,挑選一張做為預設虛擬卡,本發明不限制預設虛擬卡的選擇方式。The invention utilizes a series of verification methods to avoid the intention of the person who is continually trying to crack the user's password, and uses the verification data to prevent others from taking the user's mobile device, and can easily change the password to protect the virtual card. It was stolen and stolen. Alternatively, the present invention utilizes the setting of the cryptographic message, and when an attempted person attempts to use the hacking program to attempt to crack the user's verification data, the mobile device still needs the mobile device to learn the cryptographic message. The invention can manage the verification data of the preset virtual card via the setting of the platform server, and serves as a communication bridge between the virtual card and the card issuing server of the card issuing institution, and through the setting of one platform server, the host card simulation system is further made. One layer of protection enhances the safety of the digital wallet. The number of virtual cards mentioned above is one. When the user stores a plurality of virtual cards in the mobile device, the platform server is required to manage the cards, and different card issuing servers may have different card issuing servers. However, the method of setting the preset virtual card may use the first virtual card set by the user as the preset virtual card, or the user may select one of the multiple virtual cards as the preset virtual card. The invention does not limit the selection of the preset virtual card.

以上所述之實施例僅係為說明本發明之技術思想及特點,其目的在使熟習此項技藝之人士能夠瞭解本發明之內容並據以實施,當不能以之限定本發明之專利範圍,即大凡依本發明所揭示之精神所作之均等變化或修飾,仍應涵蓋在本發明之專利範圍。The embodiments described above are merely illustrative of the technical spirit and the features of the present invention, and the objects of the present invention can be understood by those skilled in the art, and the scope of the present invention cannot be limited thereto. That is, the equivalent variations or modifications made by the spirit of the present invention should still be covered by the scope of the present invention.

10‧‧‧密碼重設系統10‧‧‧ password reset system

12‧‧‧行動裝置12‧‧‧Mobile devices

122‧‧‧應用程式122‧‧‧Application

124‧‧‧虛擬卡124‧‧‧Virtual Card

14‧‧‧平台伺服器14‧‧‧ Platform Server

16‧‧‧發卡伺服器16‧‧‧ card issuing server

第一圖為本發明之電子交易之密碼重設系統的方塊示意圖。 第二圖為本發明之電子交易之密碼重設方法的步驟流程圖。 第三圖為本發明第二圖中步驟S10及步驟S12間判斷是否具有虛擬卡的步驟流程圖。 第四圖為本發明中詳細說明第三圖之步驟S28的步驟流程圖。The first figure is a block diagram of a password reset system for an electronic transaction of the present invention. The second figure is a flow chart of the steps of the method for resetting the password of the electronic transaction of the present invention. The third figure is a flow chart of the steps of determining whether there is a virtual card between step S10 and step S12 in the second figure of the present invention. The fourth figure is a flow chart showing the steps of step S28 of the third figure in detail in the present invention.

Claims (13)

一種電子交易之密碼重設方法,包含下列步驟:利用一行動裝置選擇密碼忘記或鎖定之設定;該行動裝置可設定至少一虛擬卡,該行動裝置中設有一應用程式,其所設定之第一該虛擬卡則係為一預設虛擬卡,或是該行動裝置之該應用程式係可自該至少一虛擬卡中,選擇一該虛擬卡作為該預設虛擬卡,當該行動裝置之該應用程式尚未設有該虛擬卡時,先進行安全問題之檢核,並判斷該安全問題之回答是否正確,若是則需藉由一平台伺服器重新啟動該密碼之設定,若否則需重新註冊,而當該行動裝置之該應用程式設有任一該虛擬卡時,該行動裝置之該應用程式藉由該預設虛擬卡,並對應輸入一核驗資料;將所輸入之該核驗資料傳輸至該平台伺服器,並藉由該平台伺服器與該預設虛擬卡之發卡伺服器確認;自該發卡伺服器接收一密碼訊息;輸入該密碼訊息並傳輸至該平台伺服器,並藉由該平台伺服器與該發卡伺服器核驗該密碼訊息;該發卡伺服器核驗成功,以使該平台伺服器啟動該密碼之重設;以及該行動裝置之該應用程式藉由該平台伺服器之該密碼重設,以設定 一新密碼。 A method for resetting a password of an electronic transaction, comprising the steps of: selecting a password forgotten or locked setting by using a mobile device; the mobile device can set at least one virtual card, and the mobile device is provided with an application, and the first set is set The virtual card is a preset virtual card, or the application of the mobile device can select a virtual card as the preset virtual card from the at least one virtual card, when the application of the mobile device When the program does not have the virtual card, check the security question first, and determine whether the security question is correct. If yes, restart the password setting by a platform server. Otherwise, you need to re-register. When the application of the mobile device is provided with any of the virtual cards, the application of the mobile device uses the preset virtual card and correspondingly inputs a verification data; and transmits the verified verification data to the platform. The server is confirmed by the platform server and the card issuing server of the preset virtual card; receiving a password message from the card issuing server; inputting the password message And transmitting to the platform server, and verifying the password message by the platform server and the card issuing server; the card issuing server is successfully verified, so that the platform server initiates resetting of the password; and the mobile device The application is reset by the password of the platform server to set A new password. 如請求項1所述之電子交易之密碼重設方法,其中該行動裝置係為智慧型手機或平板電腦,及該應用程式係為行動應用程式(Mobile Application,Mobile App)。 The password reset method of the electronic transaction described in claim 1, wherein the mobile device is a smart phone or a tablet, and the application is a mobile application (Mobile Application). 如請求項1所述之電子交易之密碼重設方法,其中該發卡伺服器係直接傳輸該密碼訊息至該行動裝置中。 The method for resetting an electronic transaction according to claim 1, wherein the card issuing server directly transmits the password message to the mobile device. 如請求項1所述之電子交易之密碼重設方法,其中該虛擬卡係可代表信用卡、金融卡、簽帳卡、儲值卡或電子票證智慧卡。 The password reset method of the electronic transaction as claimed in claim 1, wherein the virtual card can represent a credit card, a financial card, a charge card, a stored value card or an electronic ticket smart card. 如請求項1所述之電子交易之密碼重設方法,其中該核驗資料係為該發卡伺服器所提供,以作為驗證該行動裝置的使用者身分之資料。 The method for resetting a password for an electronic transaction as claimed in claim 1, wherein the verification data is provided by the card issuing server as information for verifying the identity of the user of the mobile device. 如請求項1所述之電子交易之密碼重設方法,其中該密碼訊息係為單次有效密碼(One Time Password,OTP)。 The method for resetting an electronic transaction according to claim 1, wherein the password message is a One Time Password (OTP). 如請求項1所述之電子交易之密碼重設方法,其中該重新註冊的步驟更包含:藉由該行動裝置輸入使用者的手機號碼,並傳輸至該平台伺服器;該平台伺服器係發送驗證訊息至該行動裝置;藉由該行動裝置回覆該驗證訊息;該平台伺服器則驗證該手機號碼的正確性;及藉由該行動裝置設定安全性問題及註冊密碼,以自該平台伺服器取得一唯一識別碼。 The method for resetting the password of the electronic transaction as described in claim 1, wherein the step of re-registering further comprises: inputting, by the mobile device, the mobile phone number of the user and transmitting to the platform server; the platform server sends Verifying the message to the mobile device; replying to the verification message by the mobile device; the platform server verifies the correctness of the mobile phone number; and setting a security question and a registration password by the mobile device from the platform server Get a unique identification code. 一種電子交易之密碼重設系統,包含:一行動裝置,其係設有一應用程式,該應用程式中可選擇性設有虛擬卡,且該行動裝置之該應用程式係可執行密碼忘記或鎖定之設定,該行動裝置之該應用程式所設定之第一該虛擬卡係為一預設虛擬卡,或是該行動裝置之該應用程式係可自該至少一虛擬卡中,選擇一該虛擬卡作為該預設虛擬卡,而當該行動裝置之該應用程式設有任一該虛擬卡時,可以輸入一核驗資料,在該行動裝置之該應用程式尚未設有該虛擬卡時,該行動裝置會先藉由該應用程式進行安全問題之檢核,以判斷該安全問題之回答是否正確,若是則重新設定該密碼,若否則需使該行動裝置重新註冊;一平台伺服器,其係訊號連接該行動裝置,並接收該行動裝置所傳輸之該核驗資料,並可重新啟動該行動裝置之該密碼的設定;以及一發卡伺服器,其係訊號連接該平台伺服器及該行動裝置,該發卡伺服器係接收並確認該平台伺服器所傳輸之該核驗資料,並且傳輸一密碼訊息至該行動裝置,該發卡伺服器經該行動裝置輸入該密碼訊息並藉由該平台伺服器回傳且確定後,則使該平台伺服器重新啟動該密碼之設定,以使該行動裝置設定一新密碼。 An electronic transaction password resetting system includes: a mobile device having an application, wherein the application is selectively provided with a virtual card, and the application of the mobile device can execute a password forgotten or locked Setting, the first virtual card set by the application of the mobile device is a preset virtual card, or the application of the mobile device can select one virtual card from the at least one virtual card. The preset virtual card, and when the application of the mobile device is provided with any of the virtual cards, a verification data may be input, and when the application device of the mobile device has not provided the virtual card, the mobile device may First, the application checks the security question to determine whether the security question is correct. If yes, reset the password. Otherwise, the mobile device needs to be re-registered. A platform server connects the signal to the signal. a mobile device, and receiving the verification data transmitted by the mobile device, and restarting the setting of the password of the mobile device; and a card issuing server, The signal is connected to the platform server and the mobile device, and the card issuing server receives and confirms the verification data transmitted by the platform server, and transmits a password message to the mobile device, and the card issuing server inputs through the mobile device. After the password message is returned and determined by the platform server, the platform server is restarted to set the password to enable the mobile device to set a new password. 如請求項8之電子交易之密碼重設系統,其中該行動裝置、該平台伺服器及該發卡伺服器之訊號連接方式係為無線連接。 The password resetting system of the electronic transaction of claim 8, wherein the mobile device, the platform server and the card issuing server are connected by a wireless connection. 如請求項8之電子交易之密碼重設系統,其中該行動裝置係為智慧型 手機或平板電腦,及該應用程式係為行動應用程式(Mobile Application,Mobile App)。 The password resetting system of the electronic transaction of claim 8, wherein the mobile device is intelligent The mobile phone or tablet, and the application is a mobile application (Mobile Application, Mobile App). 如請求項8之電子交易之密碼重設系統,其中該核驗資料係為該發卡伺服器所提供作為驗證該行動裝置之使用者的身分資料。 The password resetting system of the electronic transaction of claim 8, wherein the verification data is provided by the card issuing server as identity data for verifying the user of the mobile device. 如請求項8之電子交易之密碼重設系統,其中該密碼訊息係為單次有效密碼(One Time Password,OTP)。 The password reset system of the electronic transaction of claim 8, wherein the password message is a One Time Password (OTP). 如請求項8之電子交易之密碼重設系統,其中該虛擬卡係可代表信用卡、金融卡、簽帳卡、儲值卡或電子票證智慧卡。 The password reset system of the electronic transaction of claim 8, wherein the virtual card can represent a credit card, a financial card, a charge card, a stored value card, or an electronic ticket smart card.
TW105124249A 2016-07-29 2016-07-29 Electronic transaction password reset system and method thereof TWI642010B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW105124249A TWI642010B (en) 2016-07-29 2016-07-29 Electronic transaction password reset system and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW105124249A TWI642010B (en) 2016-07-29 2016-07-29 Electronic transaction password reset system and method thereof

Publications (2)

Publication Number Publication Date
TW201804389A TW201804389A (en) 2018-02-01
TWI642010B true TWI642010B (en) 2018-11-21

Family

ID=62014316

Family Applications (1)

Application Number Title Priority Date Filing Date
TW105124249A TWI642010B (en) 2016-07-29 2016-07-29 Electronic transaction password reset system and method thereof

Country Status (1)

Country Link
TW (1) TWI642010B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108564366A (en) 2018-03-15 2018-09-21 阿里巴巴集团控股有限公司 Payment cipher remapping method, device and electronic equipment
TWI679603B (en) * 2018-12-14 2019-12-11 台新國際商業銀行股份有限公司 System for assisting a financial card holder in setting password for the first time and method thereof
CN111355708B (en) * 2020-02-17 2022-06-24 浙江大华技术股份有限公司 Equipment password resetting method and device

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100198728A1 (en) * 2008-09-22 2010-08-05 Christian Aabye Over the air management of payment application installed in mobile device
TW201525899A (en) * 2013-12-24 2015-07-01 Tencent Tech Shenzhen Co Ltd Method of resetting payment password, terminal device and system thereof

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100198728A1 (en) * 2008-09-22 2010-08-05 Christian Aabye Over the air management of payment application installed in mobile device
TW201525899A (en) * 2013-12-24 2015-07-01 Tencent Tech Shenzhen Co Ltd Method of resetting payment password, terminal device and system thereof

Also Published As

Publication number Publication date
TW201804389A (en) 2018-02-01

Similar Documents

Publication Publication Date Title
US11461760B2 (en) Authentication using application authentication element
RU2679343C1 (en) Verification of contactless payment card for issuing payment certificate for mobile device
US20170039566A1 (en) Method and system for secured processing of a credit card
US10922672B2 (en) Authentication systems and methods using location matching
US10037516B2 (en) Secure transactions using a point of sale device
US11295294B1 (en) Mobile wallet account provisioning systems and methods
US20160217461A1 (en) Transaction utilizing anonymized user data
US20160239833A1 (en) Methods and systems for processing an electronic payment
US20160005038A1 (en) Enhanced user authentication platform
US10108958B2 (en) Method for processing a payment, and system and electronic device for implementing the same
US11861600B2 (en) Systems and methods for providing card interactions
US20180047022A1 (en) Method and system for secured processing of a credit payment
US20160162893A1 (en) Open, on-device cardholder verification method for mobile devices
US20160104161A1 (en) Smart Credit Card with Enhanced Security Features
US11868988B2 (en) Devices and methods for selective contactless communication
CA3055977A1 (en) Systems and methods for providing card interactions
TWI642010B (en) Electronic transaction password reset system and method thereof
RU2644132C2 (en) Method, system and device for checking validation of transaction process
KR101865879B1 (en) System and method for providing financial transaction using pre-approval
RU2568782C1 (en) Method and system for authentication and payment using mobile terminal
US11823200B2 (en) Smart physical payment cards
CN111937021B (en) Electronic transaction system
AU2016277629A1 (en) Authentication using application authentication element
AU2015200732B2 (en) Authentication using application authentication element
TW202403629A (en) Inductive credit card transaction system, method and computer readable medium