TWI657399B - Method for performing anti-counterfeiting authentication on transaction voucher by using ultrasonic verification code and transaction verification method - Google Patents

Method for performing anti-counterfeiting authentication on transaction voucher by using ultrasonic verification code and transaction verification method Download PDF

Info

Publication number
TWI657399B
TWI657399B TW106139892A TW106139892A TWI657399B TW I657399 B TWI657399 B TW I657399B TW 106139892 A TW106139892 A TW 106139892A TW 106139892 A TW106139892 A TW 106139892A TW I657399 B TWI657399 B TW I657399B
Authority
TW
Taiwan
Prior art keywords
transaction
ultrasonic
terminal device
verification code
secure
Prior art date
Application number
TW106139892A
Other languages
Chinese (zh)
Other versions
TW201923683A (en
Inventor
彭正彥
楊麗玉
Original Assignee
匯智通訊有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 匯智通訊有限公司 filed Critical 匯智通訊有限公司
Priority to TW106139892A priority Critical patent/TWI657399B/en
Application granted granted Critical
Publication of TWI657399B publication Critical patent/TWI657399B/en
Publication of TW201923683A publication Critical patent/TW201923683A/en

Links

Landscapes

  • Lock And Its Accessories (AREA)

Abstract

一種利用超音波驗證碼對交易憑證進行防偽認證的方法與交易驗證方法,當一交易憑證主機根據交易請求資料建立一安全二維碼時,在該安全二維碼中係含有一超音波驗證碼及一交易序號;當讀取該安全二維碼之終端裝置在執行付款之前,係回傳該交易序號至該交易憑證主機,使交易憑證主機依據該交易序號取出相對應之超音波驗證碼並轉換為一超音波文檔,該終端裝置於接收該超音波文檔後將其還原為超音波驗證碼,並與該安全二維碼中所含之超音波驗證碼互相比對,當兩者比對一致時即確定該安全二維碼為真實之交易憑證;藉此,可確保該交易憑證於資產交易過程中之真為及有效性。A method and method for verifying transaction vouchers by using ultrasonic verification codes. When a transaction voucher host establishes a secure two-dimensional code based on transaction request data, the secure two-dimensional code contains an ultrasonic verification code. And a transaction serial number; before the terminal device reading the secure two-dimensional code executes the payment, it returns the transaction serial number to the transaction voucher host, so that the transaction voucher host retrieves the corresponding ultrasonic verification code according to the transaction serial number and Converted into an ultrasonic file, the terminal device restores the ultrasonic file to an ultrasonic verification code after receiving it, and compares it with the ultrasonic verification code contained in the secure two-dimensional code. When the two are compared When they are consistent, it is determined that the secure QR code is a real transaction certificate; thereby, the authenticity and validity of the transaction certificate in the asset transaction process can be ensured.

Description

利用超音波驗證碼對交易憑證進行防偽認證的方法與交易驗證方法Method for performing anti-counterfeiting authentication on transaction voucher by using ultrasonic verification code and transaction verification method

本發明關於一種防偽認證技術,特別是指一種利用超音波作為對交易憑證進行二次真偽驗證(2FA)的方法。 The invention relates to an anti-counterfeiting authentication technology, in particular to a method using ultrasonic waves as a method of performing secondary authenticity verification (2FA) on transaction vouchers.

在資產交易的過程中,資產可以包含有價物品、債權、房地產等。交易行為的模式從實體通路漸漸演化至虛擬通路,例如透過網路進行的各種電子交易。對進行交易的雙方而言,為了提高交易的安全及可信度,在交易過程中會加入由第三方單位所發出的交易憑證,令交易雙方在信賴該交易憑證的基礎上順利實現資產買賣。 In the process of asset transactions, assets can include valuables, claims, real estate, etc. The mode of transaction behavior has gradually evolved from physical channels to virtual channels, such as various electronic transactions conducted through the Internet. For both parties to a transaction, in order to improve the security and credibility of the transaction, a transaction certificate issued by a third party unit will be added during the transaction, so that the two parties to the transaction can successfully realize the purchase and sale of assets on the basis of trusting the transaction certificate.

由此可知,「交易憑證」在整個交易過程中佔據極為重要的角色,若有他人惡易偽造交易憑證,對交易雙方而言將造成極大的損失並嚴重影響交易市場的安定性。因此,對交易憑證的真偽性加以識別、驗證確實有其需要。 It can be seen that "transaction vouchers" play an extremely important role in the entire transaction process. If anyone else easily forges transaction vouchers, it will cause great losses to both parties to the transaction and seriously affect the stability of the transaction market. Therefore, it is really necessary to identify and verify the authenticity of transaction vouchers.

本發明之一目的是提供一種基於超音波驗證碼作為二次防偽認證的方法,利用超音波驗證碼識別交易憑證之真實性。 An object of the present invention is to provide a method based on an ultrasonic verification code as a secondary anti-counterfeit authentication, and the ultrasonic verification code is used to identify the authenticity of a transaction voucher.

為達成前述目的,本發明的利用超音波驗證碼對交易憑證進行防偽認證的方法,係由一交易憑證主機執行,該方法包含:接收由一第一終端裝置發出之交易請求資料,其中該交易請求資料包含有交易幣別、交易金額及交易序號; 利用一私鑰對該筆交易請求資料及一超音波驗證碼進行加密以產生一安全二維碼,並回傳該安全二維碼給該第一終端裝置,供第一終端裝置提供該安全二維碼給一第二終端裝置進行讀取,其中該安全二維碼係作為一交易憑證;接收由該第二終端裝置發出之交易序號,該交易序號為第二終端裝置解譯該安全二維碼後所得到;根據從第二終端裝置接收到之交易序號從一資料庫取出相對應之超音波驗證碼,產生一超音波文檔並傳送給該第二終端裝置;供該第二終端裝置解譯該音波文檔後取出超音波驗證碼,使該第二終端裝置得以比對從超音波文檔取出之超音波驗證碼與從安全二維碼取出之超音波驗證碼是否一致。 In order to achieve the foregoing object, the method for performing anti-counterfeit authentication of a transaction voucher using an ultrasonic verification code of the present invention is executed by a transaction voucher host. The method includes: receiving transaction request data sent by a first terminal device, wherein the transaction The requested information includes the transaction currency, transaction amount and transaction serial number; Use a private key to encrypt the transaction request data and an ultrasonic verification code to generate a secure two-dimensional code, and return the secure two-dimensional code to the first terminal device for the first terminal device to provide the secure two The dimension code is read to a second terminal device, wherein the secure two-dimensional code is used as a transaction voucher; a transaction serial number received by the second terminal device is received, and the transaction serial number is the second terminal device to interpret the secure two-dimensional device. It is obtained after the code; according to the transaction serial number received from the second terminal device, a corresponding ultrasonic verification code is taken from a database, an ultrasonic file is generated and transmitted to the second terminal device; After translating the ultrasonic document, the ultrasonic verification code is taken out, so that the second terminal device can compare whether the ultrasonic verification code taken out from the ultrasonic file is consistent with the ultrasonic verification code taken out from the secure two-dimensional code.

在上述方法中,交易憑證主機以其擁有之私鑰產生二維安全碼,供持有對應公鑰之第二終端裝置解密而得出其中的超音波驗證碼,當交易憑證主機接收第二終端裝置發出之交易序號時,取出相對應之超音波驗證碼並轉換為超音波文檔後回傳至第二終端裝置,可提供第二終端裝置進行二次認證之依據,提高該交易憑證之可信度。 In the above method, the transaction certificate host generates a two-dimensional security code with the private key it owns, and the second terminal device holding the corresponding public key decrypts it to obtain the ultrasonic verification code. When the transaction certificate host receives the second terminal, When the transaction serial number sent by the device, the corresponding ultrasonic verification code is taken out and converted into an ultrasonic file and returned to the second terminal device, which can provide the basis for the second terminal device to perform secondary authentication and improve the credibility of the transaction certificate. degree.

本發明之另一目的係提供一種利用超音波驗證碼的交易驗證方法,包含:利用一第一終端裝置發出一交易請求資料至一交易憑證主機,其中該交易請求資料包含有交易幣別、交易金額及交易序號;該交易憑證主機根據對應該第一終端裝置的一私鑰對該筆交易請求資料及一超音波驗證碼進行加密以產生一安全二維碼,並回傳該安全二維碼給該第一終端裝置,其中,該超音波驗證碼為該交易憑證主機所產生,其中該安全二維碼作為一交易憑證; 利用一第二終端裝置向該第一終端裝置讀取該安全二維碼,其中,該第二終端裝置利用對應的一公鑰解譯出該安全二維碼,取出該安全二維碼中的交易序號及超音波驗證碼;以第二終端裝置傳送該安全二維碼中的交易序號至該交易憑證主機;該交易憑證主機根據該第二終端裝置回傳之交易序號,取出對應之超音波驗證碼,並轉換該超音波驗證碼成為一超音波文檔,並回傳該超音波文檔至第二終端裝置;利用該第二終端裝置解譯該超音波文檔而取得超音波驗證碼,其中,該第二終端裝置比對從超音波文檔取出之超音波驗證碼與從安全二維碼取出之超音波驗證碼是否一致,若兩者一致即表示該交易憑證為真正;當第二終端裝置比對該超音波驗證碼為一致,由第二終端裝置向第一終端置執行一支付動作。 Another object of the present invention is to provide a transaction verification method using an ultrasonic verification code, comprising: using a first terminal device to send a transaction request data to a transaction voucher host, wherein the transaction request data includes a transaction currency, a transaction Amount and transaction serial number; the transaction certificate host encrypts the transaction request data and an ultrasonic verification code according to a private key corresponding to the first terminal device to generate a secure two-dimensional code, and returns the secure two-dimensional code To the first terminal device, wherein the ultrasonic verification code is generated by the transaction voucher host, and the secure two-dimensional code is used as a transaction voucher; A second terminal device is used to read the secure two-dimensional code from the first terminal device, wherein the second terminal device uses a corresponding public key to decipher the secure two-dimensional code, and takes out the secure two-dimensional code. The transaction serial number and the ultrasonic verification code; the transaction serial number in the secure two-dimensional code is transmitted to the transaction voucher host by the second terminal device; the transaction voucher host takes out the corresponding ultrasonic wave according to the transaction serial number returned by the second terminal device A verification code, and convert the ultrasound verification code into an ultrasound document, and return the ultrasound document to a second terminal device; use the second terminal device to interpret the ultrasound document to obtain an ultrasound verification code, wherein, The second terminal device compares whether the ultrasonic verification code obtained from the ultrasonic file is consistent with the ultrasonic verification code obtained from the secure two-dimensional code. If the two are consistent, the transaction voucher is authentic. The ultrasonic verification code is consistent, and the second terminal device performs a payment operation to the first terminal device.

該利用超音波驗證碼的交易驗證方法確保了第一終端裝置及第二終端裝置雙方在執行資產交易時的可靠度,藉助該超音波驗證碼實現二次認證目的,保護第二終端裝置在交易過程中係採用真實之交易憑證,避免惡意之第三方對交易憑證進行變造或篡改。 The transaction verification method using an ultrasonic verification code ensures the reliability of both the first terminal device and the second terminal device when performing asset transactions. The ultrasonic verification code is used to achieve secondary authentication purposes and protect the second terminal device during transactions. In the process, real transaction credentials are used to prevent malicious third parties from altering or tampering with the transaction credentials.

10‧‧‧第一終端裝置 10‧‧‧First terminal device

20‧‧‧第二終端裝置 20‧‧‧Second terminal device

30‧‧‧交易憑證主機 30‧‧‧Transaction voucher host

31‧‧‧資料庫 31‧‧‧Database

40‧‧‧安全二維碼 40‧‧‧Security QR code

50‧‧‧超音波文檔 50‧‧‧ Ultrasonic File

圖1:本創作交易憑證驗證方法之執行系統示意圖。 Figure 1: Schematic diagram of the execution system of the authoring transaction voucher verification method.

圖2:本創作執行交易憑證驗證的時序圖。 Figure 2: The sequence diagram of the transaction certificate verification performed by this author.

圖3:本創作中的超音波驗證碼的產生方式示意圖。 Figure 3: Schematic diagram of how to generate the ultrasonic verification code in this creation.

圖4:本創作中的超音波文檔的產生方式示意圖。 Figure 4: Schematic diagram of how to generate the ultrasound file in this creation.

請參考圖1所示,本創作防偽認證方法係由一交易憑證主機30行,該交易憑證主機30與一第一終端裝置10及一第二終端裝置20可進行通訊,其中該第一終端裝置10與第二終端裝置20之間為進行交易的雙方裝置,在本實施例中,該第一終端裝置10可以是商家的一收款裝置或行動裝置,該第二終端裝置20可以是消費者所擁有的付款終端裝置,例如消費者本身的行動裝置。 Please refer to FIG. 1, this method for authorizing anti-counterfeiting authentication is composed of a transaction voucher host 30, which can communicate with a first terminal device 10 and a second terminal device 20, wherein the first terminal device 10 and the second terminal device 20 are two devices for performing transactions. In this embodiment, the first terminal device 10 may be a payment device or mobile device of a merchant, and the second terminal device 20 may be a consumer. Owned payment terminal devices, such as the consumer ’s own mobile device.

該交易憑證主機30用於在交易過程中發行一交易憑證,其中,該第一終端裝置10及第二終端裝置20可先向該交易憑證主機30進行註冊以分別取得各自的公鑰(例如public key),使該第一終端裝置10及第二終端裝置20內儲存有各別的公鑰,在該交易憑證主機30內部係具有對應該些公鑰的私鑰(例如private key)。藉此,由該交易憑證主機30發行的資料經由該私鑰加密後,只能允許具有對應公鑰的接收者才能解密而還原,因此第一終端裝置10或第二終端裝置20接收由交易憑證主機30發行的資料後若能以對應的公鑰加以解密還原,即可初步驗證由交易憑證主機30發佈出來的資料。此利用公鑰與私鑰加解密的過程採用的是RSA演算法,這是一種非對稱的加密演算法,因非屬本創作之技術重點,在此不予贅述。 The transaction voucher host 30 is used to issue a transaction voucher during a transaction. The first terminal device 10 and the second terminal device 20 may first register with the transaction voucher host 30 to obtain their respective public keys (for example, public). key), so that the first terminal device 10 and the second terminal device 20 store respective public keys, and the transaction certificate host 30 has private keys (for example, private keys) corresponding to the public keys. As a result, after the data issued by the transaction voucher host 30 is encrypted by the private key, only recipients with the corresponding public key can be decrypted and restored. Therefore, the first terminal device 10 or the second terminal device 20 receives the transaction voucher. After the data issued by the host 30 can be decrypted and restored with the corresponding public key, the data issued by the transaction certificate host 30 can be initially verified. This process of using public and private key encryption and decryption uses the RSA algorithm, which is an asymmetric encryption algorithm. Because it is not the technical focus of this creation, it will not be repeated here.

進一步參看圖2,為說明本創作之防偽認證方法,以下利用一交易過程為範例,說明當第一終端裝置10與第二終端裝置20之間欲進行交易時,如何對交易憑證進行驗證。 Further referring to FIG. 2, in order to explain the anti-counterfeiting authentication method of the present invention, a transaction process is used as an example to explain how to verify the transaction voucher when the first terminal device 10 and the second terminal device 20 want to perform transactions.

S11:由第一終端裝置10向交易憑證主機30送出一筆交易請求資料以要求該交易憑證主機30發行一交易憑證,其中,在該筆交易請求資料中會包含有本次交易活動的交易幣別、交易金額及交易序號。 S11: The first terminal device 10 sends a transaction request data to the transaction voucher host 30 to request the transaction voucher host 30 to issue a transaction voucher, where the transaction request data will include the transaction currency of the transaction activity , Transaction amount and transaction serial number.

S12:交易憑證主機30根據接收到的該筆交易請求資料及交易憑證主機30自行產生的一超音波驗證碼,利用對應該第一終端裝置的私鑰對該筆交易請求資料及超音波驗證碼進行加密而產生一安全二維碼(secured QRcode)40,並將該安全二維碼40回傳給第一終端裝置10,其中該安全二維碼40即為本次交易之交易憑證。在該交易憑證主機30的一資料庫31中,將會儲存該筆交易請求資料中的交易序號以及該超音波驗證碼,作為該安全二維碼40的驗證依據。請參考圖3所示以說明該超音波驗證碼的產出步驟,在步驟S12中,該交易憑證主機30係以一特定時間資訊作為根源,例如該特定時間資訊可以是第一終端裝置10送出該筆交易請求資料的時間,或是交易憑證主機30接收到該筆交易請求資料的時間;該特定時間資訊作為根源,利用一虛擬隨機函數產生器(pseudo random number generator)對該特定時間資訊進行亂數運算可產出一隨機數字密碼,該隨機數字密碼再經過快速傅利葉(FFT)轉換後,即形成該超音波驗證碼。 S12: According to the received transaction request data and an ultrasonic verification code generated by the transaction voucher host 30, the transaction voucher host 30 uses the private key corresponding to the first terminal device to process the transaction request data and the ultrasonic verification code. Encrypted to generate a secure QR code QRcode) 40, and transmits the secure two-dimensional code 40 to the first terminal device 10, where the secure two-dimensional code 40 is the transaction certificate of the transaction. In a database 31 of the transaction voucher host 30, the transaction serial number and the ultrasonic verification code in the transaction request data will be stored as the verification basis of the secure two-dimensional code 40. Please refer to FIG. 3 to explain the steps of generating the ultrasonic verification code. In step S12, the transaction voucher host 30 uses a specific time information as a source. For example, the specific time information may be sent by the first terminal device 10. The time of the transaction request data, or the time when the transaction voucher host 30 received the transaction request data; the specific time information is used as the source, and a specific random number generator is used to perform the specific time information The random number operation can generate a random number password, and the random number password is further subjected to a fast Fourier transform (FFT) to form the ultrasonic verification code.

S13:第二終端裝置20讀取該安全二維碼40,並以對應該第一終端裝置的公鑰解開該安全二維碼40,取得當中的交易序號。在一實施例,該第二終端裝置20可以是直接掃描該第一終端裝置10而讀取到該安全二維碼40;在另一實施例中,該第一終端裝置10經由分享或傳送的方式,將該安全二維碼40傳遞給該第二終端裝置20,令第二終端裝置20讀取該安全二維碼。 S13: The second terminal device 20 reads the secure two-dimensional code 40, and unlocks the secure two-dimensional code 40 with the public key corresponding to the first terminal device, and obtains the transaction serial number therein. In one embodiment, the second terminal device 20 may directly scan the first terminal device 10 to read the secure two-dimensional code 40. In another embodiment, the first terminal device 10 is shared or transmitted. By way of example, the secure two-dimensional code 40 is transmitted to the second terminal device 20, so that the second terminal device 20 can read the secure two-dimensional code.

S14:第二終端裝置20發送該取得的交易序號至該交易憑證主機30。 S14: The second terminal device 20 sends the acquired transaction serial number to the transaction voucher host 30.

S15:交易憑證主機30根據從第二終端裝置20接收到的該交易序號,從資料庫31中取出對應該交易序號的超音波驗證碼,並建立一超音波文檔50並回傳至第二終端裝置20,也就是將數位格式超音波驗證碼轉換為類比格式的超音波文檔50。請參考圖4所示以說明超音波文檔50的建立步驟,首先將該超音波驗證碼轉換為二進制數據(S151),這是因為採用二進制進行資料傳輸的效率及可靠性較高,因此先將原始的超音波驗證碼轉換為二進制數據;將二進制數據轉換為信號流(S152),在這個步驟中,係根據預設好的編碼規則,利用 單位時間內存在的高頻率聲波/低頻率聲波來分別表示二進制的1/0兩種符號,也就是定義不同頻率分佈與1/0的映射關係,從而將二進制數據轉換為信號流(signal stream),該信號流在一定的頻率範圍內(18KHz~20KHz)可以被劃分為在多個頻道同時傳輸,以加大單位時間的內的信息容量,從而提高傳輸速度;利用頻率偏移調制算法(FSK)對該信號流進行數位調制(S153),轉換成以載波波形的疏密分別代表高頻/低頻的正弦波信號,從而表示二進制符號的1/0兩種符號,產生波形疏密相間的數位信號;對數位調制後的信號進行快速傅利葉轉換,以產生超音波文檔50(S154),由於聲波傳輸容易受到干擾,因此再使用快速傅利葉轉換將調制後的信號變換為不易受到干擾而能夠區分二進制0與1的頻率值,成為加載有該超音波驗證碼的超音波文檔50。 S15: According to the transaction serial number received from the second terminal device 20, the transaction voucher host 30 retrieves the ultrasonic verification code corresponding to the transaction serial number from the database 31, and creates an ultrasonic file 50 and transmits it to the second terminal. The device 20 is an ultrasonic file 50 for converting a digital format ultrasonic verification code into an analog format. Please refer to FIG. 4 to explain the creation steps of the ultrasonic file 50. First, the ultrasonic verification code is converted into binary data (S151). This is because the efficiency and reliability of data transmission using binary is high. The original ultrasonic verification code is converted into binary data; the binary data is converted into a signal stream (S152). In this step, according to a preset encoding rule, the The high-frequency sound wave / low-frequency sound wave existing in a unit time respectively represents two kinds of binary 1/0 symbols, which is to define the mapping relationship between different frequency distributions and 1/0, so as to convert binary data into a signal stream. In a certain frequency range (18KHz ~ 20KHz), the signal stream can be divided into multiple channels for transmission at the same time to increase the information capacity within a unit time, thereby increasing the transmission speed; using the frequency offset modulation algorithm (FSK ) Digitally modulate the signal stream (S153), and convert it into a sine wave signal representing high frequency / low frequency respectively with the denseness of the carrier waveform, so as to represent two symbols of 1/0 of the binary symbol, resulting in densely spaced digits of the waveform. Signal; fast Fourier transform the digitally modulated signal to generate an ultrasound file 50 (S154). Since the sound wave transmission is susceptible to interference, the fast Fourier transform is used to transform the modulated signal into a signal that is not easily disturbed and can distinguish between binary The frequency values of 0 and 1 become the ultrasonic file 50 loaded with the ultrasonic verification code.

為了更進一步詳細說明前述步驟S151~S153,以下利用一範例加以解釋。假設欲傳送之超音波驗證碼為"1234",首先在步驟S151中會先將個這4個數字分別轉換為4組二進制的數據"0001"、"0010"、"0011"、"0100"。 In order to explain the foregoing steps S151 to S153 in more detail, an example is used for explanation below. Assuming that the ultrasonic verification code to be transmitted is "1234", first in step S151, these four numbers are first converted into four sets of binary data "0001", "0010", "0011", and "0100".

在步驟S152中,預傳送的二進制位元0與1可依照預設的一套編碼規則轉換成可以在不同頻道傳輸的資料。如下表一所示,本創作以介於18KHz~20KHz的超音波頻率作為資料傳輸頻率,在18KHz~20KHz的範圍內劃分成4個傳輸頻道A、B、C、D,每一個傳輸頻道A、B、C、D有各別對應的頻率分佈。在每一個傳輸頻道中,分別以兩種不同頻率來表示二進制的0與1。 In step S152, the pre-transmitted binary bits 0 and 1 can be converted into data that can be transmitted on different channels according to a preset set of encoding rules. As shown in Table 1 below, this creation uses the ultrasonic frequency between 18KHz ~ 20KHz as the data transmission frequency, and is divided into 4 transmission channels A, B, C, and D in the range of 18KHz ~ 20KHz. Each transmission channel A, B, C, D have their corresponding frequency distributions. In each transmission channel, binary 0s and 1s are represented at two different frequencies.

例如在頻道A中,如果要傳輸的數據是"0",代表應傳送一段頻率為18.0K Hz的聲波;如果要傳輸的數據是"1",代表會傳送一段頻率為18.2K Hz的聲波。 For example, in channel A, if the data to be transmitted is "0", it means that a sound wave with a frequency of 18.0K Hz should be transmitted; if the data to be transmitted is "1", it means that a sound wave with a frequency of 18.2K Hz is transmitted.

每組二進制數據"0001"、"0010"、"0011"、"0100"當中的0、1位元可以利用不同的傳輸頻道A、B、C、D中傳送,且可以預設傳輸頻道A、B、C、D的傳輸次序,例如傳輸次序可以預設為A、B、C、D;或是預設為B、A、D、C或是其它組合排列方式。在此以A、B、C、D依序傳輸為例,如果二進制數據"0001"根據表一的編碼規則並以4個傳輸頻道A、B、C、D依序傳送,則信號流可以表示為"0A 0B 0C 1D",代表在步驟S153中將會被依序編碼成18.0K、18.5K、19.0K、19.7K四段聲波。若使用不同的傳輸次序,則同樣一組二進制數據"0001"也會隨之變成不同的組合,故經過步驟S152得到的信號流可以表現出不同頻率分佈與1/0的映射關係。 Each group of binary data "0001", "0010", "0011", and "0100" can be transmitted using different transmission channels A, B, C, and D, and preset transmission channels A, B, C, and D. The transmission order of B, C, D, for example, the transmission order can be preset to A, B, C, D; or preset to B, A, D, C, or other combinations. Here, take A, B, C, and D as an example. If the binary data "0001" is transmitted according to the encoding rules of Table 1 and transmitted in sequence on 4 transmission channels A, B, C, and D, the signal flow can be expressed. It is "0A 0B 0C 1D", which means that it will be sequentially encoded into four bands of 18.0K, 18.5K, 19.0K, and 19.7K in step S153. If different transmission orders are used, the same set of binary data "0001" will also become different combinations, so the signal flow obtained through step S152 can show the mapping relationship between different frequency distributions and 1/0.

請參考下列表二所示,在欲傳送的超音波驗證碼的前、後分別會加入標頭(header)及檢查碼等欄位,構成完整的資料封包。 Please refer to the second table below. The header and check code fields are added before and after the ultrasonic verification code to be transmitted to form a complete data packet.

標頭欄位既可以作為分隔符號,用以在迴圈時定義接收聲波的起始位置,又可以作為頻道標識,用以區分不同頻道的聲波,亦可以定義為發送端與接收端之間的祕密協議。在本創作中,在標頭中使用一個位元組(1Byte)定義資訊傳輸次序,例如十六進位的0~F可以代表多種的資訊傳輸次序,舉例來說標頭"A"代表傳輸次序為頻道B、頻道A、頻道D、頻道C,而標頭"F"代表傳輸次序為頻道A、頻道C、頻道D、頻道B;而預設的傳輸次序只有發送端及接收端才會得知,因此即使有第三人惡意接收超音波文檔50,在無法得知通道傳輸次序的情況下仍無法即時解碼還原。在資料封包中段的資料欄位,即要傳 輸的超音波驗證碼。資料封包末段的檢查碼欄位,用以校驗超音波驗證碼的正確性與完整性,本實施例中是以CRC演算法計算出校驗用的位元,在此不再贅述。 The header field can be used as a separation symbol to define the starting position of receiving sound waves during a loop, and can also be used as a channel identifier to distinguish sound waves of different channels.It can also be defined as the distance between the transmitting end and the receiving end. Secret agreement. In this creation, a byte (1Byte) is used to define the information transmission order in the header. For example, hexadecimal 0 ~ F can represent multiple information transmission orders. For example, the header "A" means the transmission order is Channel B, Channel A, Channel D, Channel C, and the header "F" indicates that the transmission order is Channel A, Channel C, Channel D, Channel B; and the preset transmission order is only known to the sender and receiver. Therefore, even if a third person maliciously receives the ultrasound file 50, it cannot be decoded and restored immediately without knowing the transmission order of the channel. The data field in the middle of the data packet Lost ultrasonic verification code. The check code field at the end of the data packet is used to check the correctness and completeness of the ultrasonic verification code. In this embodiment, the CRC algorithm is used to calculate the bits used for the check, which will not be repeated here.

S16:第二終端裝置20接收並解譯該超音波文檔50,取得該超音波文檔50解譯出來之後得到的超音波驗證碼,並與從該安全二維碼40取出的超音波驗證碼互相比對,根據比對結果判定本次交易憑證的真偽,比對結果一致即表示該交易憑證為真實,反之則否。其中,第二終端裝置20係執行反向傅利葉轉換(IFFT),即可將該超音波文檔50解譯出超音波驗證碼。該第二終端裝置20在向交易憑證主機30註冊時,除了得到對應的公鑰之外,亦得到交易憑證主機30之編碼規則及傳輸頻道的順序,因此可以還原解出該超音波驗證碼。 S16: The second terminal device 20 receives and interprets the ultrasound document 50, obtains the ultrasound verification code obtained after the ultrasound document 50 is interpreted, and mutually interacts with the ultrasound verification code extracted from the secure two-dimensional code 40. The comparison is based on the comparison result to determine the authenticity of the transaction voucher. If the comparison result is consistent, it means that the transaction voucher is true, otherwise it is not. Wherein, the second terminal device 20 performs an inverse Fourier transform (IFFT), so as to decode the ultrasonic document 50 into an ultrasonic verification code. When the second terminal device 20 is registered with the transaction voucher host 30, in addition to the corresponding public key, it also obtains the encoding rules and the order of the transmission channels of the transaction voucher host 30. Therefore, the ultrasonic verification code can be restored and solved.

S17:當該超音波驗證碼比對通過,則由第二終端裝置20執行支付,反之比對失敗則會中止交易。 S17: When the comparison of the ultrasonic verification code is passed, the payment is performed by the second terminal device 20. Otherwise, the transaction is suspended if the comparison fails.

S18:第一終端裝置10確認交易完成後,將發送一交易完成信息至交易憑證主機30。 S18: After the first terminal device 10 confirms the completion of the transaction, it will send a transaction completion message to the transaction voucher host 30.

S19:交易憑證主機30於接收該交易完成信息時,更新該資料庫31中該交易憑證的狀態,記錄該交易憑證已使用而不得再次重複用於其它交易。 S19: When the transaction voucher host 30 receives the transaction completion information, it updates the status of the transaction voucher in the database 31 to record that the transaction voucher has been used and cannot be reused for other transactions.

因此,對於該交易憑證主機30而言,係執行了一種利用超音波驗證碼對交易憑證進行防偽認證的方法,包含如下步驟:接收由一第一終端裝置10發出之交易請求資料,其中該交易請求資料包含有交易幣別、交易金額及交易序號;利用對應該第一終端裝置10的一私鑰對該筆交易請求資料及一超音波驗證碼進行加密以產生一安全二維碼40,並回傳該安全二維碼給該第一 終端裝置10,供第一終端裝置10提供該安全二維碼給一第二終端裝置20進行讀取;接收由該第二終端裝置20發出之交易序號,該交易序號為第二終端裝置20解譯該安全二維碼40後得到;根據從第二終端裝置20接收到之交易序號從一資料庫31取出相對應之超音波驗證碼,建立一超音波文檔50並傳送給該第二終端裝置20;供該第二終端裝置解譯該音波文檔50後而取出之超音波驗證碼,使該第二終端裝置20得以比對從超音波文檔取出之超音波驗證碼與從安全二維碼取出之超音波驗證碼是否一致。 Therefore, for the transaction voucher host 30, a method for performing anti-counterfeit authentication of a transaction voucher using an ultrasonic verification code is performed, including the following steps: receiving transaction request data sent by a first terminal device 10, wherein the transaction The requested information includes the transaction currency, transaction amount, and transaction serial number; the transaction request data and an ultrasonic verification code are encrypted using a private key corresponding to the first terminal device 10 to generate a secure two-dimensional code 40, and Return the secure QR code to the first Terminal device 10 for the first terminal device 10 to provide the secure two-dimensional code to a second terminal device 20 for reading; receiving a transaction serial number issued by the second terminal device 20, the transaction serial number is the second terminal device 20 solution Obtained after translating the secure two-dimensional code 40; taking out the corresponding ultrasonic verification code from a database 31 according to the transaction serial number received from the second terminal device 20, creating an ultrasonic file 50 and transmitting it to the second terminal device 20; the ultrasonic verification code for the second terminal device after deciphering the acoustic file 50, so that the second terminal device 20 can compare the ultrasonic verification code taken from the ultrasonic file with the secure two-dimensional code Whether the ultrasonic verification code is consistent.

綜上所述,本創作對交易憑證進行了二次防偽認證,首先,當第二終端裝置可利用對應之公鑰解開該安全二維碼時,可初步認證該安全二維碼應為交易憑證主機所發出;其次,為了確保該安全二維碼中所含的超音波驗證碼為真正而未被篡改,第二終端裝置可發送該交易序號至交易憑證主機以取得一超音波文檔,再根據超音波文檔解譯出一超音波驗證碼,若安全二維碼中所含的超音波驗證碼與根據超音波文檔解譯出來的超音波驗證碼互為一致時,即二次認證該安全二維碼為合法之交易憑證。藉此,可以確認該交易憑證之真偽性以及其唯一性。 To sum up, this creation has carried out secondary anti-counterfeit authentication on transaction credentials. First, when the second terminal device can use the corresponding public key to unlock the secure QR code, it can be initially verified that the secure QR code should be a transaction. Issued by the certificate host; secondly, in order to ensure that the ultrasonic verification code contained in the secure two-dimensional code is genuine and has not been tampered with, the second terminal device may send the transaction serial number to the transaction certificate host to obtain an ultrasonic file, and An ultrasound verification code is interpreted according to the ultrasound document. If the ultrasound verification code contained in the secure two-dimensional code and the ultrasound verification code interpreted according to the ultrasound document are consistent with each other, the security is re-authenticated. The QR code is a legal transaction certificate. By this, the authenticity and uniqueness of the transaction certificate can be confirmed.

Claims (12)

一種利用超音波驗證碼對交易憑證進行防偽認證的方法,係由一交易憑證主機執行,該方法包含:接收由一第一終端裝置發出之交易請求資料,其中該交易請求資料包含有交易幣別、交易金額及交易序號;利用對應該第一終端裝置的一私鑰對該筆交易請求資料及一超音波驗證碼進行加密以產生一安全二維碼,並回傳該安全二維碼給該第一終端裝置,供第一終端裝置提供該安全二維碼給一第二終端裝置進行讀取,其中該安全二維碼係作為一交易憑證;接收由該第二終端裝置發出之交易序號,該交易序號為第二終端裝置解譯該安全二維碼後所得到;根據從第二終端裝置接收到之交易序號從一資料庫取出相對應之超音波驗證碼,產生一超音波文檔並傳送給該第二終端裝置;供該第二終端裝置解譯該音波文檔後取出超音波驗證碼,使該第二終端裝置得以比對從超音波文檔取出之超音波驗證碼與從安全二維碼取出之超音波驗證碼是否一致;其中,該超音波驗證碼之建立步驟包含:以一時間資訊作為根源,利用一虛擬隨機函數產生器(pseudo random number generator)對該時間資訊進行運算以產出一隨機數字密碼;對該隨機數字密碼進行快速傅利葉轉換以產生該超音波驗證碼。。A method for performing anti-counterfeiting authentication on a transaction voucher by using an ultrasonic verification code is performed by a transaction voucher host. The method includes: receiving transaction request data sent by a first terminal device, wherein the transaction request data includes a transaction currency. , The transaction amount and the transaction serial number; using a private key corresponding to the first terminal device to encrypt the transaction request data and an ultrasonic verification code to generate a secure two-dimensional code, and return the secure two-dimensional code to the A first terminal device for the first terminal device to provide the secure two-dimensional code to a second terminal device for reading, wherein the secure two-dimensional code serves as a transaction voucher; receiving a transaction serial number issued by the second terminal device, The transaction serial number is obtained by the second terminal device after interpreting the secure two-dimensional code; according to the transaction serial number received from the second terminal device, a corresponding ultrasonic verification code is taken from a database, and an ultrasonic file is generated and transmitted. To the second terminal device; for the second terminal device to interpret the sound wave file and take out an ultrasonic verification code, so that the second terminal device can be compared Whether the ultrasonic verification code obtained from the ultrasonic file is consistent with the ultrasonic verification code obtained from the secure two-dimensional code; wherein the step of establishing the ultrasonic verification code includes: using a time information as a source and generating it using a virtual random function A pseudo random number generator operates on the time information to generate a random number password; and performs a fast Fourier transform on the random number password to generate the ultrasonic verification code. . 如請求項1所述利用超音波驗證碼對交易憑證進行防偽認證的方法,其中,該時間資訊為第一終端裝置發出該筆交易請求資料的時間。The method for performing anti-counterfeit authentication on a transaction voucher by using an ultrasonic verification code as described in claim 1, wherein the time information is the time when the first terminal device sends out the transaction request data. 如請求項1所述利用超音波驗證碼對交易憑證進行防偽認證的方法,其中,該時間資訊為該交易憑證主機接收到該筆交易請求資料的時間。The method for performing anti-counterfeit authentication on a transaction voucher by using an ultrasonic verification code as described in claim 1, wherein the time information is a time when the transaction voucher host receives the transaction request data. 如請求項1所述利用超音波驗證碼對交易憑證進行防偽認證的方法,其中,在產生該安全二維碼之步驟中,該交易憑證主機係在該資料庫中儲存交易序號及其對應的超音波驗證碼。The method for performing anti-counterfeiting authentication on a transaction voucher by using an ultrasonic verification code as described in claim 1, wherein in the step of generating the secure two-dimensional code, the transaction voucher host stores the transaction serial number and its corresponding Ultrasonic verification code. 如請求項1所述利用超音波驗證碼對交易憑證進行防偽認證的方法,其中,該超音波文檔之產生步驟包含:轉換該超音波驗證碼為二進制數據;將二進制數據轉換為信號流;利用頻率偏移調制算法(FSK)對該信號流進行數位調制,轉換成可表示二進制的弦波信號;對數位調制後的弦波信號進行快速傅利葉轉換,以產生超音波文檔。The method for performing anti-counterfeit authentication of a transaction voucher by using an ultrasonic verification code as described in claim 1, wherein the step of generating the ultrasonic document includes: converting the ultrasonic verification code into binary data; converting the binary data into a signal stream; using A frequency offset modulation algorithm (FSK) digitally modulates the signal stream and converts it into a binary sine wave signal; performs fast Fourier transform on the digitally modulated sine wave signal to generate an ultrasound file. 一種利用超音波驗證碼的交易驗證方法,包含:利用一第一終端裝置發出一交易請求資料至一交易憑證主機,其中該交易請求資料包含有交易幣別、交易金額及交易序號;該交易憑證主機根據對應該第一終端裝置的一私鑰對該筆交易請求資料及一超音波驗證碼進行加密以產生一安全二維碼,並回傳該安全二維碼給該第一終端裝置,其中,該超音波驗證碼為該交易憑證主機所產生,其中該安全二維碼作為一交易憑證;利用一第二終端裝置向該第一終端裝置讀取該安全二維碼,其中,該第二終端裝置利用對應的一公鑰解譯出該安全二維碼,取出該安全二維碼中的交易序號及超音波驗證碼;以第二終端裝置傳送該安全二維碼中的交易序號至該交易憑證主機;該交易憑證主機根據該第二終端裝置回傳之交易序號,取出對應之超音波驗證碼,並轉換該超音波驗證碼成為一超音波文檔,並回傳該超音波文檔至第二終端裝置;利用該第二終端裝置解譯該超音波文檔而取得超音波驗證碼,其中,該第二終端裝置比對從超音波文檔取出之超音波驗證碼與從安全二維碼取出之超音波驗證碼是否一致,若兩者一致即表示該交易憑證為真正;當第二終端裝置比對該超音波驗證碼為一致,由第二終端裝置向第一終端置執行一支付動作;其中,該超音波驗證碼之建立步驟包含:以一時間資訊作為根源,利用一虛擬隨機函數產生器(pseudo random number generator)對該時間資訊進行運算以產出一隨機數字密碼;對該隨機數字密碼進行快速傅利葉轉換以產生該超音波驗證碼。A transaction verification method using an ultrasonic verification code includes: using a first terminal device to send a transaction request data to a transaction voucher host, wherein the transaction request data includes a transaction currency, a transaction amount, and a transaction serial number; the transaction voucher The host encrypts the transaction request data and an ultrasonic verification code according to a private key corresponding to the first terminal device to generate a secure two-dimensional code, and returns the secure two-dimensional code to the first terminal device, wherein The ultrasonic verification code is generated by the transaction voucher host, wherein the secure two-dimensional code is used as a transaction voucher; the second terminal device is used to read the secure two-dimensional code from the first terminal device, wherein the second The terminal device uses the corresponding public key to decipher the secure two-dimensional code, and takes out the transaction serial number and the ultrasonic verification code in the secure two-dimensional code; and transmits the transaction serial number in the secure two-dimensional code to the second terminal device to the Transaction voucher host; the transaction voucher host retrieves the corresponding ultrasonic verification code according to the transaction serial number returned by the second terminal device, and converts the ultrasonic wave The code becomes an ultrasound file and returns the ultrasound file to a second terminal device; the second terminal device is used to interpret the ultrasound file to obtain an ultrasound verification code, wherein the second terminal device compares with Whether the ultrasonic verification code obtained from the ultrasonic file is consistent with the ultrasonic verification code obtained from the secure two-dimensional code. If they are the same, it means that the transaction voucher is genuine; when the second terminal device is more consistent than the ultrasonic verification code A second terminal device performs a payment operation to the first terminal device. The step of establishing the ultrasonic verification code includes: using a time information as a source, and using a pseudo random number generator The time information is operated to generate a random number password; the random number password is subjected to fast Fourier transform to generate the ultrasonic verification code. 如請求項6所述利用超音波驗證碼的交易驗證方法,其中,當第二終端裝置執行完該支付動作,該方法進一步包含:由第一終端裝置發送一交易完成信息至該交易憑證主機;該交易憑證主機接收該交易完成信息,並更新該交易憑證的狀態以禁止該該交易憑證重複使用。The transaction verification method using an ultrasonic verification code as described in claim 6, wherein when the second terminal device finishes the payment action, the method further includes: sending a transaction completion information from the first terminal device to the transaction voucher host; The transaction voucher host receives the transaction completion information and updates the status of the transaction voucher to prohibit the transaction voucher from being reused. 如請求項6或7所述利用超音波驗證碼的交易驗證方法,其中,該時間資訊為第一終端裝置發出該筆交易請求資料的時間。The transaction verification method using an ultrasonic verification code according to claim 6 or 7, wherein the time information is a time when the first terminal device sends out the transaction request data. 如請求項6或7所述利用超音波驗證碼的交易驗證方法,其中,該時間資訊為該交易憑證主機接收到該筆交易請求資料的時間。The transaction verification method using an ultrasonic verification code as described in claim 6 or 7, wherein the time information is the time when the transaction voucher host receives the transaction request data. 如請求項6或7所述利用超音波驗證碼的交易驗證方法,其中,在產生該安全二維碼之步驟中,該交易憑證主機係在一資料庫中儲存交易序號及其對應的超音波驗證碼。The transaction verification method using an ultrasonic verification code as described in claim 6 or 7, wherein in the step of generating the secure two-dimensional code, the transaction voucher host stores a transaction serial number and its corresponding ultrasonic wave in a database Verification code. 如請求項6或7所述利用超音波驗證碼的交易驗證方法,其中,該超音波文檔之產生步驟包含:轉換該超音波驗證碼為二進制數據;將二進制數據轉換為信號流;利用頻率偏移調制算法(FSK)對該信號流進行數位調制,轉換成可表示二進制的弦波信號;對數位調制後的弦波信號進行快速傅利葉轉換,以產生超音波文檔。The transaction verification method using an ultrasonic verification code as described in claim 6 or 7, wherein the step of generating the ultrasonic document includes: converting the ultrasonic verification code into binary data; converting the binary data into a signal stream; using a frequency offset Shift modulation algorithm (FSK) digitally modulates the signal stream and converts it into a binary sine wave signal; performs fast Fourier transform on the digitally modulated sine wave signal to generate an ultrasound file. 如請求項11所述利用超音波驗證碼的交易驗證方法,其中,該第二終端裝置對該超音波文檔進行反向傅利葉運算,以解譯出該超音波驗證碼。The transaction verification method using an ultrasonic verification code according to claim 11, wherein the second terminal device performs an inverse Fourier operation on the ultrasonic document to interpret the ultrasonic verification code.
TW106139892A 2017-11-17 2017-11-17 Method for performing anti-counterfeiting authentication on transaction voucher by using ultrasonic verification code and transaction verification method TWI657399B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW106139892A TWI657399B (en) 2017-11-17 2017-11-17 Method for performing anti-counterfeiting authentication on transaction voucher by using ultrasonic verification code and transaction verification method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW106139892A TWI657399B (en) 2017-11-17 2017-11-17 Method for performing anti-counterfeiting authentication on transaction voucher by using ultrasonic verification code and transaction verification method

Publications (2)

Publication Number Publication Date
TWI657399B true TWI657399B (en) 2019-04-21
TW201923683A TW201923683A (en) 2019-06-16

Family

ID=66996248

Family Applications (1)

Application Number Title Priority Date Filing Date
TW106139892A TWI657399B (en) 2017-11-17 2017-11-17 Method for performing anti-counterfeiting authentication on transaction voucher by using ultrasonic verification code and transaction verification method

Country Status (1)

Country Link
TW (1) TWI657399B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112541823A (en) * 2020-12-09 2021-03-23 深圳市快付通金融网络科技服务有限公司 Transaction risk control method, device and equipment based on block chain and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120323717A1 (en) * 2011-06-16 2012-12-20 OneID, Inc. Method and system for determining authentication levels in transactions
CN103714458A (en) * 2013-12-20 2014-04-09 江苏大学 Two-dimension code-based mobile terminal transaction encryption method
TW201524177A (en) * 2013-12-10 2015-06-16 Beijing Anxunben Science & Technology Co Ltd Authentication and authorization platform system and method with multiple communication channels
TW201717081A (en) * 2015-11-10 2017-05-16 國民技術股份有限公司 Method for confirming on-line transaction security by means of mobile phone and system thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120323717A1 (en) * 2011-06-16 2012-12-20 OneID, Inc. Method and system for determining authentication levels in transactions
TW201524177A (en) * 2013-12-10 2015-06-16 Beijing Anxunben Science & Technology Co Ltd Authentication and authorization platform system and method with multiple communication channels
CN103714458A (en) * 2013-12-20 2014-04-09 江苏大学 Two-dimension code-based mobile terminal transaction encryption method
TW201717081A (en) * 2015-11-10 2017-05-16 國民技術股份有限公司 Method for confirming on-line transaction security by means of mobile phone and system thereof

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112541823A (en) * 2020-12-09 2021-03-23 深圳市快付通金融网络科技服务有限公司 Transaction risk control method, device and equipment based on block chain and storage medium

Also Published As

Publication number Publication date
TW201923683A (en) 2019-06-16

Similar Documents

Publication Publication Date Title
US10944575B2 (en) Implicitly certified digital signatures
AU2015277000B2 (en) Efficient methods for authenticated communication
US10148422B2 (en) Implicitly certified public keys
JP5790319B2 (en) Signature verification apparatus, signature verification method, program, and recording medium
US20060195402A1 (en) Secure data transmission using undiscoverable or black data
CN107810617A (en) Secret certification and supply
JP5593850B2 (en) Authentication device, authentication method, program, and signature generation device
CN110381055B (en) RFID system privacy protection authentication protocol method in medical supply chain
WO2015149658A1 (en) Entity authentication method and device
Datta et al. An efficient sound and data steganography based secure authentication system
TWI657399B (en) Method for performing anti-counterfeiting authentication on transaction voucher by using ultrasonic verification code and transaction verification method
CN117675285A (en) Identity verification method, chip and equipment
CN109840776B (en) Transaction certificate authentication method and transaction verification method using ultrasonic verification code
EP3185504A1 (en) Security management system for securing a communication between a remote server and an electronic device
JP5389347B2 (en) Message authentication device, authentication center device, and message authentication system
CN114117392A (en) Security verification code obtaining method based on paillier encryption
JP5300026B2 (en) Card authentication system for IC card system
CN113793149B (en) Off-line transaction authentication system, method, central server and client
KR20180089951A (en) Method and system for processing transaction of electronic cash
KR101006803B1 (en) RFID Authentication Apparatus for comprising Authentication Function and Method thereof
CN101425163A (en) Trading, identifying and arbitraging method, system and equipment based on watermark technology
CN116680736A (en) Data confusion-based trace query system and method
WO2013031413A1 (en) Information processing device, information processing method, program, and recording medium
CN113793149A (en) Off-line transaction authentication system and method, central server and client
KR20180089952A (en) Method and system for processing transaction of electronic cash