TWI673626B - Method for verifying electronic files using biometrics, terminal electronic device and computer readable recording medium - Google Patents

Method for verifying electronic files using biometrics, terminal electronic device and computer readable recording medium Download PDF

Info

Publication number
TWI673626B
TWI673626B TW107113365A TW107113365A TWI673626B TW I673626 B TWI673626 B TW I673626B TW 107113365 A TW107113365 A TW 107113365A TW 107113365 A TW107113365 A TW 107113365A TW I673626 B TWI673626 B TW I673626B
Authority
TW
Taiwan
Prior art keywords
time stamp
module
electronic
signature
coordinate information
Prior art date
Application number
TW107113365A
Other languages
Chinese (zh)
Other versions
TW201944278A (en
Inventor
葉瑜君
王正男
郭明瓚
Original Assignee
中國信託金融控股股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中國信託金融控股股份有限公司 filed Critical 中國信託金融控股股份有限公司
Priority to TW107113365A priority Critical patent/TWI673626B/en
Application granted granted Critical
Publication of TWI673626B publication Critical patent/TWI673626B/en
Publication of TW201944278A publication Critical patent/TW201944278A/en

Links

Landscapes

  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

一種利用生物特徵驗證電子文件的方法,應用於一顯示一原始電子文件供一使用者簽署的終端電子裝置,該終端電子裝置取得該使用者的一簽名軌跡及至少一生物特徵,並向一憑證伺服器取得包含一公鑰及一私鑰的一金鑰對,且根據該至少一生物特徵及該私鑰產生一簽章值,並且將該簽章值及該簽名軌跡封裝成一第一資料,並以該私鑰對該至少一生物特徵加密而產生一第二資料,且將該第一資料合併於該原始電子文件中而產生一第三資料,再將該第一資料、該第二資料及該第三資料提供給一驗證伺服器。A method for verifying an electronic file by using biometrics is applied to a terminal electronic device that displays an original electronic file for signature by a user. The terminal electronic device obtains a signature track of the user and at least one biometric, and sends a certificate to the terminal. The server obtains a key pair including a public key and a private key, generates a signature value according to the at least one biological characteristic and the private key, and encapsulates the signature value and the signature track into a first data, And encrypting the at least one biometric with the private key to generate a second data, and combining the first data into the original electronic file to generate a third data, and then combining the first data and the second data And the third data is provided to a verification server.

Description

利用生物特徵驗證電子文件的方法、終端電子裝置及電腦可讀取的記錄媒體Method for verifying electronic file using biometrics, terminal electronic device and computer-readable recording medium

本發明是有關於一種電子文件驗證方法,特別是指一種利用生物特徵驗證電子文件的方法。 The present invention relates to a method for verifying an electronic file, and more particularly to a method for verifying an electronic file using a biological feature.

現行的金融交易涉及需要客戶本人親自簽署交易相關文件的業務時,大多需要客戶親臨金融單位的櫃檯辦理,或者由銀行人員親訪客戶並完成親晤親簽作業,以鑑別客戶本人的真實身分並確認客戶本人的交易意願。然而上述做法受限於銀行營業時間,以致無法即時提供滿足客戶需求的金融服務。 When the current financial transaction involves a business that requires the customer to personally sign the transaction-related documents, most of the customers need to go to the counter of the financial unit to handle it, or a bank person visits the customer and completes the in-person signing operation to identify the true identity of the customer and Confirm the client's willingness to trade. However, the above approach is limited by the bank's business hours, so that financial services that meet customer needs cannot be provided immediately.

因此,為了能即時提供滿足客戶需求的金融服務,現行一種電子交易方式能讓金融單位與客戶端透過約定機制進行遠距電子化交易指示。但這種交易方式只能間接地識別客戶身分,並無法鑑別提出交易指示的對象身分的真實性及其不可否認性。 Therefore, in order to provide financial services that meet customer needs in real time, an existing electronic transaction method allows financial units and clients to conduct remote electronic transaction instructions through an agreed mechanism. However, this transaction method can only indirectly identify the identity of the customer, and cannot identify the authenticity of the object of the transaction instruction and its undeniability.

因此,本發明之目的,即在提供一種利用生物特徵驗證電子文件的方法,其能讓驗證單位藉由驗證根據生物特徵產生的 簽章值,鑑別電子文件的署名者身分的真實性及其不可否認性。 Therefore, an object of the present invention is to provide a method for verifying an electronic file using biometrics, which allows a verification unit to verify Signature value, authenticity and non-repudiation of the identity of the person who signed the electronic file.

於是,本發明利用生物特徵驗證電子文件的方法,應用於一終端電子裝置,且該終端電子裝置的一顯示單元顯示一原始電子文件供一使用者簽署;該方法包括:(A)該終端電子裝置透過其一輸入介面接收該使用者的一簽名軌跡,並透過其一生物特徵擷取模組取得該使用者的至少一生物特徵;(B)該終端電子裝置透過其一通訊模組向一憑證伺服器取得包含一公鑰及一私鑰的一金鑰對;(C)該終端電子裝置透過其一簽章產生模組根據該至少一生物特徵及該私鑰產生一簽章值,且將該簽章值及該簽名軌跡封裝成一第一資料;(D)該終端電子裝置透過其一加密模組以該私鑰對該至少一生物特徵加密而產生一第二資料;(E)該終端電子裝置透過其一合併模組將該第一資料合併於該原始電子文件中而產生一第三資料;及(F)該終端電子裝置透過該通訊模組將該第一資料、該第二資料及該第三資料提供給一驗證伺服器。 Therefore, the method for verifying an electronic file using biometrics of the present invention is applied to a terminal electronic device, and a display unit of the terminal electronic device displays an original electronic file for a user to sign; the method includes: (A) the terminal electronic The device receives a signature track of the user through an input interface, and obtains at least one biometric of the user through a biometric extraction module; (B) the terminal electronic device sends a The certificate server obtains a key pair including a public key and a private key; (C) the terminal electronic device generates a signature value based on the at least one biometric and the private key through a signature generation module, and Encapsulate the signature value and the signature track into a first piece of data; (D) the terminal electronic device encrypts the at least one biometric with the private key through a cryptographic module to generate a second piece of data; (E) the The terminal electronic device merges the first data into the original electronic file through a merge module to generate a third data; and (F) the terminal electronic device uses the communication module to convert the first data, the Two data and the information provided to a third authentication server.

在本發明的一些實施態樣中,該驗證伺服器能向該憑證伺服器或該終端電子裝置取得該金鑰對,並具有與該終端電子裝置相同的該簽章產生模組,且該驗證伺服器藉由該金鑰對中的該公鑰對該第二資料解密,而取得該至少一生物特徵,並透過該簽章產生模組根據解密取得的該至少一生物特徵及該金鑰對中的該私鑰產生一待驗證簽章值,並比對該待驗證簽章值與該第一資料中的該 簽章值是否相同,以驗證該第一資料中的該簽名軌跡的真實性,並根據該簽名軌跡的真實性確認該第三資料的不可否認性。 In some embodiments of the present invention, the verification server can obtain the key pair from the certificate server or the terminal electronic device, and has the same signature generation module as the terminal electronic device, and the verification The server decrypts the second data by using the public key in the key pair to obtain the at least one biometric, and uses the signature generation module to obtain the at least one biometric and the key pair according to the decryption. The private key in generates a signature value to be verified, and compares the signature value to be verified with the value in the first data. Whether the signature value is the same to verify the authenticity of the signature track in the first material, and confirm the non-repudiation of the third material according to the authenticity of the signature track.

在本發明的一些實施態樣中,在步驟(A)中,該輸入介面還接收該使用者的一視訊影像,且在步驟(C)中,該簽章產生模組將該簽章值、該簽名軌跡及該視訊影像封裝成該第一資料;藉此,該驗證伺服器藉由比對該待驗證簽章值與該第一資料中的該簽章值是否相同,以驗證該第一資料中的該簽名軌跡及該視訊影像的真實性,而根據該簽名軌跡及該視訊影像的真實性確認該第三資料的不可否認性。 In some embodiments of the present invention, in step (A), the input interface further receives a video image of the user, and in step (C), the signature generation module changes the value of the signature, The signature track and the video image are packaged into the first data; thereby, the verification server verifies the first data by comparing whether the value of the signature to be verified is the same as the value of the signature in the first data. And the authenticity of the signature track and the video image, and the non-repudiation of the third data is confirmed according to the authenticity of the signature track and the video image.

在本發明的一些實施態樣中,在步驟(A)中,該終端電子裝置還透過其一GPS模組取得當下的一GPS座標資訊,且該方法還包括在步驟(C)之前的步驟(G):該終端電子裝置的一時戳請求模組向一時戳伺服器請求一電子時戳,或者該時戳請求模組以該GPS座標資訊向該時戳伺服器請求一電子時戳,使回傳具有電子時戳的該GPS座標資訊;且在步驟(C)中,該簽章產生模組是根據該至少一生物特徵、該私鑰以及該GPS座標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一產生該簽章值,在步驟(D)中,該加密模組以該私鑰對該至少一生物特徵及該GPS座標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一用來產生該簽章值者加密而產生該第二資料;藉此,該驗證伺服器藉由 該公鑰對該第二資料解密,而取得該至少一生物特徵及該GPS座標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一,並透過該簽章產生模組根據該私鑰及解密取得的該至少一生物特徵、該GPS座標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一產生該待驗證簽章值。 In some embodiments of the present invention, in step (A), the terminal electronic device also obtains current GPS coordinate information through a GPS module, and the method further includes a step (c) before (c). G): The time stamp request module of the terminal electronic device requests an electronic time stamp from a time stamp server, or the time stamp request module requests the electronic time stamp from the time stamp server with the GPS coordinate information, and returns Transmitting the GPS coordinate information with an electronic time stamp; and in step (C), the signature generating module is based on the at least one biometric feature, the private key and the GPS coordinate information, the electronic time stamp, and an electronic time stamp. One of the three GPS coordinate information stamped generates the signature value. In step (D), the encryption module uses the private key to the at least one biometric and the GPS coordinate information, the electronic time stamp, and has One of the three GPS coordinate information of the electronic time stamp is used for generating the signature value encrypted to generate the second data; thereby, the verification server uses the The public key decrypts the second data to obtain one of the at least one biometric feature and the GPS coordinate information, the electronic time stamp, and the GPS coordinate information with the electronic time stamp, and generates a model through the signature. The group generates the to-be-verified signature value according to one of the private key and the at least one biometric obtained by decryption, the GPS coordinate information, the electronic timestamp, and the GPS coordinate information with an electronic timestamp.

或者,在本發明的一些實施態樣中,在步驟(A)中,該終端電子裝置還透過其一GPS模組取得當下的一GPS座標資訊,且該方法還包括在步驟(C)之前的步驟(G):該終端電子裝置的一時戳請求模組向一時戳伺服器請求一電子時戳,或者該時戳請求模組以該GPS座標資訊向該時戳伺服器請求一電子時戳,使回傳具有電子時戳的該GPS座標資訊;且在步驟(C)中,該簽章產生模組是根據該至少一生物特徵、該私鑰以及該GPS座標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一產生該簽章值,且將該簽章值、該簽名軌跡及該視訊影像封裝成該第一資料;在步驟(D)中,該加密模組以該私鑰對該至少一生物特徵及該GPS座標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一用來產生該簽章值者加密而產生該第二資料;藉此,該驗證伺服器藉由該公鑰對該第二資料解密,而取得該至少一生物特徵及該GPS座標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一,並透過該簽章產生模組根據該私鑰及解密取得的該至少一生物 特徵、該GPS座標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一產生該待驗證簽章值。 Or, in some embodiments of the present invention, in step (A), the terminal electronic device further obtains current GPS coordinate information through a GPS module, and the method further includes a step before step (C). Step (G): The time stamp request module of the terminal electronic device requests an electronic time stamp from a time stamp server, or the time stamp request module requests the electronic time stamp from the time stamp server with the GPS coordinate information, Enabling the GPS coordinate information with an electronic time stamp to be transmitted back; and in step (C), the signature generating module is based on the at least one biometric feature, the private key and the GPS coordinate information, the electronic time stamp, and having One of the three GPS coordinate information of the electronic time stamp generates the signature value, and encapsulates the signature value, the signature track, and the video image into the first data; in step (D), the encryption mode The group uses the private key to encrypt the at least one biometric and the GPS coordinate information, the electronic time stamp, and the GPS coordinate information with the electronic time stamp to generate the signature value to generate the second Data; by this, the authentication server uses the public key The second data is decrypted to obtain one of the at least one biometric feature and the GPS coordinate information, the electronic timestamp, and the GPS coordinate information with an electronic timestamp, and a module is generated according to the private information through the signature generation module. Key and the at least one creature obtained by decryption One of the characteristics, the GPS coordinate information, the electronic time stamp, and the GPS coordinate information with an electronic time stamp generates the signature value to be verified.

或者,在本發明的一些實施態樣中,在步驟(A)中,該終端電子裝置還透過其一時戳伺服模組產生一電子時戳,或者該終端電子裝置還透過其一GPS模組取得當下的一GPS座標資訊,並以該GPS座標資訊向該時戳伺服模組請求一電子時戳,使回傳具有電子時戳的該GPS座標資訊;且在步驟(C)中,該簽章產生模組根據該至少一生物特徵、該電子時戳或具有電子時戳的該GPS座標資訊及該私鑰產生該簽章值,而且在步驟(D)中,該加密模組以該私鑰對該至少一生物特徵及該電子時戳或具有電子時戳的該GPS座標資訊其中之一用以產生該簽章值者加密而產生該第二資料;藉此,該驗證伺服器藉由該金鑰對中的該公鑰對該第二資料解密,而取得該至少一生物特徵及該電子時戳或具有電子時戳的該GPS座標資訊,並透過該簽章產生模組根據解密取得的該至少一生物特徵、該電子時戳或具有電子時戳的該GPS座標資訊及該私鑰產生該待驗證簽章值。 Or, in some embodiments of the present invention, in step (A), the terminal electronic device also generates an electronic time stamp through its time stamp servo module, or the terminal electronic device also obtains it through its GPS module. A current GPS coordinate information, and using the GPS coordinate information to request an electronic time stamp from the time stamp servo module, so that the GPS coordinate information with the electronic time stamp is returned; and in step (C), the signature The generating module generates the signature value according to the at least one biological feature, the electronic time stamp or the GPS coordinate information with the electronic time stamp, and the private key, and in step (D), the encryption module uses the private key One of the at least one biometric feature and the electronic time stamp or the GPS coordinate information with the electronic time stamp is used to generate the signature value to encrypt and generate the second data; thereby, the verification server uses the The public key in the key pair decrypts the second data, and obtains the at least one biometric and the electronic time stamp or the GPS coordinate information with the electronic time stamp, and obtains the decrypted information obtained through the signature generation module through the signature generating module. The at least one biological feature, the electron Stamp or the electronic stamp with GPS coordinate information and the secret key to generate the signature value to be validated.

或者,在本發明的一些實施態樣中,在步驟(A)中,該終端電子裝置還透過其一時戳伺服模組產生一電子時戳,或者該終端電子裝置還透過其一GPS模組取得當下的一GPS座標資訊,並以該GPS座標資訊向該時戳伺服模組請求一電子時戳,使回傳具有電 子時戳的該GPS座標資訊;且在步驟(C)中,該簽章產生模組根據該至少一生物特徵、該電子時戳或具有電子時戳的該GPS座標資訊及該私鑰產生該簽章值,且將該簽章值、該簽名軌跡及該視訊影像封裝成該第一資料;在步驟(D)中,該加密模組以該私鑰對該至少一生物特徵及該電子時戳或具有電子時戳的該GPS座標資訊其中之一用以產生該簽章值者加密而產生該第二資料;藉此,該驗證伺服器藉由該金鑰對中的該公鑰對該第二資料解密,而取得該至少一生物特徵及該電子時戳或具有電子時戳的該GPS座標資訊,並透過該簽章產生模組根據解密取得的該至少一生物特徵、該電子時戳或具有電子時戳的該GPS座標資訊及該私鑰產生該待驗證簽章值。 Or, in some embodiments of the present invention, in step (A), the terminal electronic device also generates an electronic time stamp through its time stamp servo module, or the terminal electronic device also obtains it through its GPS module. A current GPS coordinate information, and use the GPS coordinate information to request an electronic time stamp from the time stamp servo module, so that the return has electrical The GPS coordinate information of the sub-time stamp; and in step (C), the signature generation module generates the GPS coordinate information based on the at least one biometric feature, the electronic time stamp or the GPS coordinate information with the electronic time stamp, and the private key; The signature value, and the signature value, the signature track and the video image are encapsulated into the first data; in step (D), the encryption module uses the private key to the at least one biological feature and the electronic time One of the GPS coordinate information with an electronic time stamp or an electronic time stamp is used to generate the second value by encrypting the signature value; thereby, the verification server uses the public key in the key pair to The second data is decrypted to obtain the at least one biometric and the electronic time stamp or the GPS coordinate information with the electronic time stamp, and the signature generating module uses the signature generation module to obtain the at least one biometric and the electronic time stamp according to the decryption. Or the GPS coordinate information with the electronic time stamp and the private key generate the signature value to be verified.

在本發明的一些實施態樣中,該終端電子裝置是執行一安裝於其中的應用程式而完成該等步驟,且該應用程式包含該簽章產生模組、該加密模組、該合併模組及該時戳請求模組。 In some embodiments of the present invention, the terminal electronic device executes an application program installed therein to complete the steps, and the application program includes the signature generation module, the encryption module, and the merge module. And the timestamp request module.

在本發明的一些實施態樣中,該終端電子裝置是執行一安裝於其中的應用程式而完成該等步驟,且該應用程式包含該簽章產生模組、該加密模組、該合併模組及該時戳伺服模組。 In some embodiments of the present invention, the terminal electronic device executes an application program installed therein to complete the steps, and the application program includes the signature generation module, the encryption module, and the merge module. And the time stamp servo module.

再者,本發明實現上述方法的一種終端電子裝置,能與一憑證伺服器及一驗證伺服器通訊,且該終端電子裝置顯示一原始電子文件供一使用者簽署;該終端電子裝置包括:一顯示單元;一生物特徵擷取模組;一通訊模組;一輸入介面;及一處理單元, 其與該顯示單元、該生物特徵擷取模組、該通訊模組及該輸入介面電耦接,而令該顯示單元顯示該原始電子文件,並令該輸入介面接受該使用者輸入的一簽名軌跡以在該原始電子文件上簽名,且令該生物特徵擷取模組取得該使用者的至少一生物特徵,並透過該通訊模組向該憑證伺服器取得包含一公鑰及一私鑰的一金鑰對;該處理單元的一簽章產生模組根據該至少一生物特徵及該私鑰產生一簽章值,且將該簽章值及該簽名軌跡封裝成一第一資料,該處理單元的一加密模組並以該私鑰對該至少一生物特徵加密而產生一第二資料,並且該處理單元的一合併模組將該第一資料合併於該原始電子文件中而產生一第三資料,該處理單元再將該第一資料、該第二資料及該第三資料透過該通訊模組提供給該驗證伺服器。 Furthermore, a terminal electronic device implementing the method of the present invention can communicate with a certificate server and an authentication server, and the terminal electronic device displays an original electronic document for a user to sign; the terminal electronic device includes: a A display unit; a biometric acquisition module; a communication module; an input interface; and a processing unit, It is electrically coupled with the display unit, the biometric extraction module, the communication module and the input interface, so that the display unit displays the original electronic file, and the input interface accepts a signature input by the user. The track is used to sign the original electronic document, and the biometric extraction module obtains at least one biometric of the user, and obtains a public key and a private key from the certificate server through the communication module. A key pair; a signature generation module of the processing unit generates a signature value according to the at least one biological characteristic and the private key, and encapsulates the signature value and the signature track into a first data, the processing unit An encryption module and encrypts the at least one biometric with the private key to generate a second data, and a merge module of the processing unit merges the first data into the original electronic file to generate a third Data, the processing unit then provides the first data, the second data, and the third data to the verification server through the communication module.

在本發明的一些實施態樣中,該輸入介面包含一手寫輸入單元及一影像擷取單元,該手寫輸入單元供手寫以輸入該簽名軌跡,該影像擷取單元擷取該使用者的一視訊影像,且該處理單元的該簽章產生模組將該簽章值、該簽名軌跡及該視訊影像封裝成該第一資料;藉此,該驗證伺服器藉由比對該待驗證簽章值與該第一資料中的該簽章值是否相同,以驗證該第一資料中的該簽名軌跡及該視訊影像的真實性,而根據該簽名軌跡及該視訊影像的真實性確認該第三資料的不可否認性。 In some embodiments of the present invention, the input interface includes a handwriting input unit and an image capture unit, the handwriting input unit is used for handwriting to input the signature track, and the image capture unit captures a video of the user Image, and the signature generation module of the processing unit encapsulates the signature value, the signature track, and the video image into the first data; thereby, the verification server compares the signature value to be verified with the first value. Whether the value of the signature in the first data is the same to verify the authenticity of the signature track and the video image in the first data, and confirm the authenticity of the third data based on the authenticity of the signature track and the video image Undeniable.

在本發明的一些實施態樣中,該處理單元還包括一時 戳伺服模組,且該處理單元還令該時戳伺服模組產生一電子時戳,或者該終端電子裝置還包括一GPS模組,且該處理單元還透過該GPS模組取得當下的一GPS座標資訊,並以該GPS座標資訊向該時戳伺服模組請求一電子時戳,使回傳具有電子時戳的該GPS座標資訊;並且該處理單元的該簽章產生模組根據該至少一生物特徵、該電子時戳或具有電子時戳的該GPS座標資訊及該私鑰產生該簽章值,且將該簽章值、該簽名軌跡及該視訊影像封裝成該第一資料;而且該處理單元的該加密模組以該私鑰對該至少一生物特徵及該電子時戳或具有電子時戳的該GPS座標資訊其中之一用以產生該簽章值者加密而產生該第二資料;藉此,該驗證伺服器藉由該金鑰對中的該公鑰對該第二資料解密,而取得該至少一生物特徵及該電子時戳或具有電子時戳的該GPS座標資訊,並透過該簽章產生模組根據解密取得的該至少一生物特徵、該電子時戳或具有電子時戳的該GPS座標資訊及該私鑰產生該待驗證簽章值。 In some aspects of the invention, the processing unit further includes a time Stamp the servo module, and the processing unit further causes the time stamp servo module to generate an electronic time stamp, or the terminal electronic device further includes a GPS module, and the processing unit also obtains a current GPS through the GPS module Coordinate information, and using the GPS coordinate information to request an electronic time stamp from the time stamp servo module, so that the GPS coordinate information with the electronic time stamp is returned; and the signature generation module of the processing unit is based on the at least one The biometric feature, the electronic time stamp or the GPS coordinate information with the electronic time stamp and the private key generate the signature value, and the signature value, the signature trajectory and the video image are packaged as the first data; and the The encryption module of the processing unit uses the private key to encrypt the at least one biometric and the electronic time stamp or the GPS coordinate information with the electronic time stamp to generate the signature value to generate the second data. ; Thereby, the verification server decrypts the second data by using the public key in the key pair to obtain the at least one biometric and the electronic time stamp or the GPS coordinate information with the electronic time stamp, and Produced through the seal At least one module based on the acquired biometric decrypted, timestamp or time stamps with GPS coordinates of the electronic information and the secret key to generate the signature to be verified when the electronic value.

在本發明的一些實施態樣中,該處理單元是執行一安裝於該終端電子裝置中的應用程式,該應用程式包含該時戳伺服模組、該簽章產生模組、該加密模組及該合併模組。 In some embodiments of the present invention, the processing unit executes an application program installed in the electronic device of the terminal, and the application program includes the time stamp servo module, the signature generation module, the encryption module, and The merged module.

一種電腦可讀取的記錄媒體,其中儲存一包含一簽章產生模組、一加密模組、一合併模組及一時戳請求模組或一時戳伺 服模組的應用程式,且該應用程式被一具有一顯示單元、一生物特徵擷取模組、一通訊模組、一輸入介面及一GPS模組的終端電子裝置載入並執行後,該終端電子裝置能完成如上所述利用生物特徵驗證電子文件的方法。 A computer-readable recording medium storing a signature-generating module, an encryption module, a merging module, and a time stamp request module or a time stamp server. After the application program of the server module is loaded and executed by a terminal electronic device having a display unit, a biometric acquisition module, a communication module, an input interface, and a GPS module, the application program is The terminal electronic device can complete the method for verifying an electronic file using a biometric feature as described above.

本發明之功效在於:藉由根據該至少一生物特徵(及該GPS座標資訊、該電子時戳或具有電子時戳的該GPS座標資訊)及該私鑰產生該簽章值,且將該簽章值及該簽名軌跡(及該視訊影像)封裝成該第一資料,並以該私鑰對該至少一生物特徵(及該GPS座標資訊、該電子時戳或具有電子時戳的該GPS座標資訊)加密而產生該第二資料,並將該第一資料合併於該原始電子文件中而產生該第三資料,且將該第一資料、第二資料及第三資料記錄在該驗證伺服器中,藉此,該驗證伺服器能藉由對該第二資料解密而獲得該至少一生物特徵(及該GPS座標資訊、該電子時戳或具有電子時戳的該GPS座標資訊),並根據該至少一生物特徵(及該GPS座標資訊、該電子時戳或具有電子時戳的該GPS座標資訊)及該私鑰產生該待驗證簽章值,並比對該待驗證簽章值與該第一資料中的該簽章值是否一致,而判定第一資料中的該簽名軌跡(及該視訊影像)的真實性,並在驗證第一資料中的該簽名軌跡(及該視訊影像)的真實性之後,即可根據第一資料確認第三資料(即完成數位簽章的電子文件)確實為簽署人表示同意及不可否認的文件。 The effect of the present invention is: generating the signature value according to the at least one biological characteristic (and the GPS coordinate information, the electronic timestamp or the GPS coordinate information with the electronic timestamp) and the private key, and the signature The chapter value and the signature track (and the video image) are encapsulated into the first data, and the at least one biological feature (and the GPS coordinate information, the electronic time stamp, or the GPS coordinate with the electronic time stamp) is sealed with the private key. Information) encryption to generate the second data, merge the first data into the original electronic file to generate the third data, and record the first data, the second data, and the third data in the verification server In this way, the verification server can obtain the at least one biometric (and the GPS coordinate information, the electronic time stamp, or the GPS coordinate information with an electronic time stamp) by decrypting the second data, and according to The at least one biometric (and the GPS coordinate information, the electronic timestamp or the GPS coordinate information with an electronic timestamp) and the private key generate the signature value to be verified, and compare the signature value to be verified with the signature value. Whether the value of the signature in the first document is consistent , And determine the authenticity of the signature track (and the video image) in the first data, and after verifying the authenticity of the signature track (and the video image) in the first data, you can confirm based on the first data The third piece of information (ie, the electronic document that completed the digital signature) is indeed a document that the signatory expressed its consent and undeniable.

S1~S7‧‧‧步驟 S1 ~ S7‧‧‧step

100‧‧‧終端電子裝置 100‧‧‧ terminal electronics

200‧‧‧網際網路 200‧‧‧Internet

1‧‧‧顯示單元 1‧‧‧display unit

2‧‧‧生物特徵擷取模組 2‧‧‧Biometric Capture Module

3‧‧‧GPS模組 3‧‧‧GPS Module

4‧‧‧通訊模組 4‧‧‧Communication Module

5‧‧‧輸入介面 5‧‧‧ input interface

51‧‧‧手寫輸入單元 51‧‧‧Handwriting input unit

52‧‧‧影像擷取單元 52‧‧‧Image Acquisition Unit

6‧‧‧處理單元 6‧‧‧ processing unit

61‧‧‧時戳請求模組 61‧‧‧Time stamp request module

62‧‧‧簽章產生模組 62‧‧‧Sign generation module

63‧‧‧加密模組 63‧‧‧Encryption Module

64‧‧‧合併模組 64‧‧‧Merge modules

65‧‧‧時戳伺服模組 65‧‧‧time stamp servo module

7‧‧‧憑證伺服器 7‧‧‧Certificate server

8‧‧‧時戳伺服器 8‧‧‧time stamp server

9‧‧‧驗證伺服器 9‧‧‧ authentication server

本發明之其他的特徵及功效,將於參照圖式的實施方式中清楚地顯示,其中:圖1是本發明利用生物特徵驗證電子文件的方法的一實施例的主要流程圖;圖2是本發明終端電子裝置的一實施例的主要電路及模組方塊圖;及圖3是本發明終端電子裝置的另一實施例的主要電路及模組方塊圖。 Other features and effects of the present invention will be clearly shown in the embodiments with reference to the drawings, in which: FIG. 1 is a main flowchart of an embodiment of a method for verifying an electronic file by using a biometric feature of the present invention; FIG. 2 is the present invention. A block diagram of the main circuit and module of an embodiment of the terminal electronic device of the invention; and FIG. 3 is a block diagram of the main circuit and module of another embodiment of the terminal electronic device of the invention.

在本發明被詳細描述之前,應當注意在以下的說明內容中,類似的元件是以相同的編號來表示。 Before the present invention is described in detail, it should be noted that in the following description, similar elements are represented by the same numbers.

參閱圖1,是本發明利用生物特徵驗證電子文件的方法的一實施例的主要流程,其應用於如圖2所示的一終端電子裝置100而由該終端電子裝置100實現,該終端電子裝置100可以是使用者所持有的行動電話、平板電腦、個人電腦,或者是金融機構設置的可供用戶直接操作以購買/賣出理財產品、申請貸款、預借現金及提款...等多種金融服務的金融服務終端設備,且其主要包括一顯示單元1、一生物特徵擷取模組2、一GPS模組3、一通訊模組4、一輸入介面5及一與前述元件電耦接的處理單元6。 Referring to FIG. 1, a main flow of an embodiment of a method for verifying an electronic file by using a biometric feature of the present invention is applied to a terminal electronic device 100 shown in FIG. 2 and implemented by the terminal electronic device 100. The terminal electronic device 100 can be a mobile phone, tablet, personal computer held by the user, or a financial institution that can be directly operated by the user to buy / sell wealth management products, apply for loans, advance cash and withdraw money ... etc. Financial service terminal equipment for various financial services, which mainly includes a display unit 1, a biometric acquisition module 2, a GPS module 3, a communication module 4, an input interface 5 and an electrical coupling with the aforementioned components接 Processing Unit 6.

其中,顯示單元1在本實施例中用以顯示一供一使用者閱覽並簽署的原始電子文件(圖未示);該生物特徵擷取模組2用以取得使用者的至少一生物特徵,例如使用者的臉部、聲音、指靜脈、指紋等其中至少一者,但不以此為限。該GPS模組3用以取得該終端電子裝置1當下的一GPS座標資訊。該通訊模組4用以透過網際網路200與一憑證伺服器7、一時戳伺服器8及一驗證伺服器9通訊;該輸入介面5在本實施例中包含一手寫輸入單元51及一影像擷取單元52,該手寫輸入單元51可以是例如一手寫板、一電子簽名板或者與該顯示單元1整合在一起的一觸控顯示面板等,但不以此為限;該影像擷取單元52可以是一照相機或攝影機,用以取得該使用者的一視訊影像。 The display unit 1 is used in this embodiment to display an original electronic document (not shown) for a user to view and sign; the biometric extraction module 2 is used to obtain at least one biometric of the user, For example, at least one of the user's face, voice, finger veins, fingerprints, etc. is not limited thereto. The GPS module 3 is used to obtain current GPS coordinate information of the terminal electronic device 1. The communication module 4 is used to communicate with a certificate server 7, a time stamp server 8 and a verification server 9 through the Internet 200. The input interface 5 includes a handwriting input unit 51 and an image in this embodiment. Capture unit 52, the handwriting input unit 51 may be, for example, a handwriting tablet, an electronic signature pad, or a touch display panel integrated with the display unit 1, but is not limited thereto; the image capture unit 52 may be a camera or a video camera to obtain a video image of the user.

該處理單元6在本實施例中是執行預先安裝於該終端電子裝置100中的一應用程式而完成本實施例的方法,且如圖2所示,該應用程式包含一時戳請求模組61、一簽章產生模組62、一加密模組63及一合併模組64。當然該等模組61~64也可以韌體方式實現而被燒錄在該處理單元6中,並不以軟體為限。 The processing unit 6 in this embodiment executes an application program pre-installed in the terminal electronic device 100 to complete the method of this embodiment. As shown in FIG. 2, the application program includes a time stamp request module 61, A signature generation module 62, an encryption module 63, and a merge module 64. Of course, these modules 61 to 64 can also be implemented in firmware and burned into the processing unit 6 without being limited to software.

因此,當使用者要在原始電子文件上簽名而透過手寫輸入單元51輸入其一簽名軌跡時,該處理單元6將收到由該手寫輸入單元51傳來的該簽名軌跡,此時,如圖1的步驟S1,該處理單元6控制該影像擷取單元52取得該使用者的該視訊影像,例如該使用 者的臉部影像,並控制該生物特徵擷取模組2取得該使用者的至少一生物特徵。並且,如圖1的步驟S2,該處理單元6透過該通訊模組4向該憑證伺服器7要求提供包含一公鑰及一私鑰的一金鑰對(憑證);而且如圖1的步驟S3,該處理單元6的該時戳請求模組61向該GPS模組3取得當下的該GPS座標資訊,並透過該通訊模組4傳送該GPS座標資訊給該時戳伺服器8,向該時戳伺服器8請求一電子時戳。因此,該時戳伺服器8將在該GPS座標資訊押上電子時戳,並記錄具有電子時戳的該GPS座標資訊後,透過該通訊模組4回傳具有電子時戳的該GPS座標資訊給該處理單元6。值得一提的是,上述步驟S1、S2、S3並無先後之分,也可以同時執行或對調順序執行。 Therefore, when the user wants to sign the original electronic file and enters one of the signature tracks through the handwriting input unit 51, the processing unit 6 will receive the signature track transmitted from the handwriting input unit 51. At this time, as shown in FIG. In step S1 of 1, the processing unit 6 controls the image capturing unit 52 to obtain the video image of the user, such as the use The user's face image, and control the biometric capture module 2 to obtain at least one biometric of the user. Moreover, as shown in step S2 in FIG. 1, the processing unit 6 requests the certificate server 7 through the communication module 4 to provide a key pair (certificate) including a public key and a private key; and as shown in step 1 in FIG. 1. S3. The time stamp request module 61 of the processing unit 6 obtains the current GPS coordinate information from the GPS module 3, and transmits the GPS coordinate information to the time stamp server 8 through the communication module 4, and sends the GPS coordinate information to the time stamp server 8. The timestamp server 8 requests an electronic timestamp. Therefore, the time stamp server 8 will place an electronic time stamp on the GPS coordinate information, record the GPS coordinate information with the electronic time stamp, and return the GPS coordinate information with the electronic time stamp to the communication module 4 through the communication module 4. The processing unit 6. It is worth mentioning that the above steps S1, S2, and S3 are not sequential, and they can also be performed simultaneously or sequentially.

然後,如圖1的步驟S4,該處理單元6的該簽章產生模組62根據該至少一生物特徵、具有電子時戳的該GPS座標資訊及該私鑰產生一簽章值,且將該簽章值、該簽名軌跡及該視訊影像封裝成一第一資料;具體而言,該簽章產生模組62會將該至少一生物特徵、具有電子時戳的該GPS座標資訊及該私鑰以不可逆的雜湊摘要演算法(Digest Hash)(或稱雜湊函數),例如SHA1或MD5進行演算,產生一雜湊摘要(Digest),即本實施例所稱的該簽章值(或稱數位指紋),再將該簽章值、該簽名軌跡及該視訊影像封裝成具有一標準資料格式,例如PKCS#7的該第一資料。 Then, as shown in step S4 of FIG. 1, the signature generation module 62 of the processing unit 6 generates a signature value based on the at least one biological characteristic, the GPS coordinate information with an electronic time stamp, and the private key, and applies the signature value. The signature value, the signature track and the video image are packaged into a first piece of data; specifically, the signature generation module 62 will include the at least one biometric feature, the GPS coordinate information with an electronic time stamp, and the private key to An irreversible hash digest algorithm (or hash function), such as SHA1 or MD5, performs a calculation to generate a hash digest, which is the signature value (or digital fingerprint) in this embodiment. Then, the signature value, the signature track and the video image are encapsulated into a first data with a standard data format, such as PKCS # 7.

接著,如圖1的步驟S5,該處理單元6的該加密模組63以該私鑰對該至少一生物特徵及具有電子時戳的該GPS座標資訊進行非對稱式加密而產生一第二資料;然後,如圖1的步驟S6,該處理單元6的該合併模組64將該第一資料合併於該原始電子文件中而產生一第三資料,即完成數位簽章的電子文件。最後,如圖1的步驟S7,該處理單元6透過該通訊模組4將該第一資料、該第二資料及該第三資料傳送至該驗證伺服器9,即完成該原始電子文件及其數位簽章的儲存作業。 Next, as shown in step S5 of FIG. 1, the encryption module 63 of the processing unit 6 uses the private key to asymmetrically encrypt the at least one biological characteristic and the GPS coordinate information with an electronic time stamp to generate a second data. Then, as shown in step S6 in FIG. 1, the merging module 64 of the processing unit 6 merges the first data into the original electronic file to generate a third data, ie, an electronic file that has been digitally signed. Finally, as shown in step S7 in FIG. 1, the processing unit 6 transmits the first data, the second data, and the third data to the verification server 9 through the communication module 4, thereby completing the original electronic file and its Digital signature storage operation.

而且,該驗證伺服器9具有與該終端電子裝置相同的該簽章產生模組62。藉此,當該驗證伺服器9之後(或日後)欲驗證該原始電子文件的數位簽章真實性及其簽署人的表示同意及不可否認性時,該驗證伺服器9能向該憑證伺服器7(或該終端電子裝置100)取得該金鑰對,並藉由該金鑰對中的公鑰及預設的一解密演算法,對該第二資料進行非對稱式解密,而從中取得該至少一生物特徵及具有電子時戳的該GPS座標資訊,並利用該簽章產生模組62根據解密取得的該至少一生物特徵、具有電子時戳的該GPS座標資訊及該金鑰對中的私鑰產生一待驗證簽章值,並比對該待驗證簽章值與該第一資料中的該簽章值是否相同,若是,即代表該第一資料中的該簽名軌跡及該視訊影像在傳送過程中沒有被竄改,而具有其真實性。 Moreover, the verification server 9 has the signature generating module 62 which is the same as the terminal electronic device. Therefore, when the verification server 9 (or in the future) wants to verify the authenticity of the digital signature of the original electronic document and the consent and non-repudiation of the signatory of the original electronic document, the verification server 9 can provide the certificate server with 7 (or the terminal electronic device 100) obtains the key pair, and uses the public key in the key pair and a preset decryption algorithm to perform asymmetric decryption on the second data, and obtains the second data therefrom. At least one biometric feature and the GPS coordinate information with an electronic time stamp, and using the signature generation module 62 to obtain the at least one biometric feature, the GPS coordinate information with an electronic time stamp, and the key pair in the key pair obtained by decryption The private key generates a signature value to be verified and compares the signature value to be verified with the signature value in the first data. If yes, it represents the signature track and the video image in the first data. It has not been tampered with during transmission, but has its authenticity.

因此,在驗證第一資料中的該簽名軌跡及該視訊影像的真實性之後,即可根據第一資料確認第三資料(即完成數位簽章的電子文件)確實為簽署人表示同意及不可否認的文件,而具有不可否認性。 Therefore, after verifying the authenticity of the signature track and the video image in the first document, you can confirm that the third document (that is, the electronic document that completed the digital signing) really expresses the consent and undeniability of the signatory based on the first document. The document is undeniable.

值得一提的是,本實施例亦可由該時戳請求模組61直接向該時戳伺服器8請求一電子時戳,且該簽章產生模組62根據該至少一生物特徵、該電子時戳及該私鑰產生該簽章值,且該加密模組63以該私鑰對該至少一生物特徵及該電子時戳加密而產生該第二資料;因此,該驗證伺服器9藉由該金鑰對中的該公鑰對該第二資料解密後,將取得該至少一生物特徵及該電子時戳,並透過該簽章產生模組62根據解密取得的該至少一生物特徵、該電子時戳及該私鑰產生該待驗證簽章值;此外,本實施例亦可因應其他應用上的需求而省略擷取視訊影像的步驟以及/或者省略上述的時戳請求模組61(即省略上述的步驟S3),同樣能達到本案上述的目的。 It is worth mentioning that in this embodiment, the time stamp request module 61 can also directly request an electronic time stamp from the time stamp server 8, and the signature generation module 62 is based on the at least one biological characteristic and the electronic time. The stamp and the private key generate the signature value, and the encryption module 63 uses the private key to encrypt the at least one biometric and the electronic time stamp to generate the second data; therefore, the verification server 9 uses the After the public key in the key pair decrypts the second data, the at least one biometric and the electronic time stamp will be obtained, and the at least one biometric, the electronic obtained by the decryption through the signature generation module 62 will be obtained through the signature generation module 62. The timestamp and the private key generate the signature value to be verified; in addition, this embodiment can also omit the step of capturing video images and / or the timestamp request module 61 (that is, omitted) according to the requirements of other applications. The above-mentioned step S3) can also achieve the above-mentioned purpose in this case.

此外,本實施例未使用上述的時戳請求模組61時,在步驟S4中,該簽章產生模組62即根據該至少一生物特徵、該GPS座標資訊及該私鑰產生該簽章值,且在步驟S5中,該加密模組以該私鑰對該至少一生物特徵及該GPS座標資訊加密而產生該第二資料;因此,該驗證伺服器9藉由該金鑰對中的該公鑰對該第二資料解密後,將取得該至少一生物特徵及該GPS座標資訊,並透過該簽 章產生模組62根據解密取得的該至少一生物特徵、該GPS座標資訊及該私鑰產生該待驗證簽章值。 In addition, when the above-mentioned time stamp request module 61 is not used in this embodiment, in step S4, the signature generation module 62 generates the signature value according to the at least one biometric feature, the GPS coordinate information, and the private key. And, in step S5, the encryption module encrypts the at least one biometric feature and the GPS coordinate information with the private key to generate the second data; therefore, the verification server 9 uses the key in the key pair. After the public key decrypts the second data, the at least one biometric and the GPS coordinate information will be obtained, and the signature will be obtained through the signature. The chapter generation module 62 generates the to-be-verified signature value based on the at least one biometric, the GPS coordinate information, and the private key obtained by decryption.

或者,在其他的實施態樣中,亦可省略上述的該時戳請求模組61(即省略上述的步驟S3),亦即不透過該時戳請求模組61向該時戳伺服器8取得電子時戳,而是如圖3所示,令該處理單元6還包含一時戳伺服模組65,該時戳伺服模組65能取代該時戳伺服器8而具有產生電子時戳的功能。因此,在步驟S1中,該處理單元6還令該時戳伺服模組65產生一電子時戳,或者以該GPS座標資訊向該時戳伺服模組65請求一電子時戳,使回傳具有電子時戳的該GPS座標資訊,且在步驟S4中,該簽章產生模組62根據該至少一生物特徵、該電子時戳或具有電子時戳的該GPS座標資訊及該私鑰產生該簽章值,而且在步驟S5中,該加密模組63以該私鑰對該至少一生物特徵及該電子時戳或具有電子時戳的該GPS座標資訊加密而產生該第二資料;因此,該驗證伺服器9藉由該金鑰對中的該公鑰對該第二資料解密,將取得該至少一生物特徵及該電子時戳或具有電子時戳的該GPS座標資訊,並透過該簽章產生模組62根據解密取得的該至少一生物特徵、該電子時戳或具有電子時戳的該GPS座標資訊及該私鑰產生該待驗證簽章值。 Or, in other embodiments, the time stamp request module 61 described above may be omitted (that is, the above-mentioned step S3 is omitted), that is, the time stamp request module 61 is not obtained from the time stamp server 8 through the time stamp request module 61. The electronic time stamp is shown in FIG. 3, so that the processing unit 6 further includes a time stamp servo module 65, which can replace the time stamp server 8 and have a function of generating an electronic time stamp. Therefore, in step S1, the processing unit 6 further causes the time stamp servo module 65 to generate an electronic time stamp, or requests the time stamp servo module 65 for an electronic time stamp with the GPS coordinate information, so that the return has The GPS coordinate information of the electronic time stamp, and in step S4, the signature generation module 62 generates the signature based on the at least one biometric feature, the electronic time stamp, or the GPS coordinate information with the electronic time stamp and the private key. Chapter value, and in step S5, the encryption module 63 uses the private key to encrypt the at least one biological feature and the electronic time stamp or the GPS coordinate information with the electronic time stamp to generate the second data; therefore, the The verification server 9 decrypts the second data by using the public key in the key pair, and obtains the at least one biometric and the electronic time stamp or the GPS coordinate information with the electronic time stamp, and passes the signature The generating module 62 generates the to-be-verified signature value according to the at least one biometric obtained by decryption, the electronic time stamp or the GPS coordinate information having the electronic time stamp, and the private key.

綜上所述,上述實施例藉由簽章產生模組62根據該至少一生物特徵(及該GPS座標資訊、該電子時戳或具有電子時戳的 該GPS座標資訊)及該私鑰產生該簽章值,且將該簽章值及該簽名軌跡(及該視訊影像)封裝成該第一資料,並藉由加密模組63以該私鑰對該至少一生物特徵(及該GPS座標資訊、該電子時戳或具有電子時戳的該GPS座標資訊)加密而產生該第二資料,並藉由該合併模組64將該第一資料合併於該原始電子文件中而產生該第三資料,且將該第一資料、第二資料及第三資料記錄在該驗證伺服器9中,藉此,該驗證伺服器9能藉由對該第二資料解密而獲得該至少一生物特徵(及該GPS座標資訊、該電子時戳或具有電子時戳的該GPS座標資訊),並根據該至少一生物特徵(及該GPS座標資訊、該電子時戳或具有電子時戳的該GPS座標資訊)及該私鑰產生該待驗證簽章值,並比對該待驗證簽章值與該第一資料中的該簽章值是否一致,而判定第一資料中的該簽名軌跡(及該視訊影像)的真實性,並在驗證第一資料中的該簽名軌跡(及該視訊影像)的真實性之後,即可根據第一資料確認第三資料(即完成數位簽章的電子文件)確實為簽署人表示同意及不可否認的文件,而達到本發明之功效與目的。 To sum up, in the above embodiment, the signature generating module 62 uses the signature generating module 62 according to the at least one biological characteristic (and the GPS coordinate information, the electronic time stamp, or the electronic time stamp). The GPS coordinate information) and the private key generate the signature value, and the signature value and the signature trajectory (and the video image) are encapsulated into the first data, and the encryption module 63 uses the private key pair The at least one biometric feature (and the GPS coordinate information, the electronic timestamp, or the GPS coordinate information with an electronic timestamp) is encrypted to generate the second data, and the first data is merged with the merge module 64 by the merge module 64. The third data is generated in the original electronic file, and the first data, the second data, and the third data are recorded in the verification server 9, whereby the verification server 9 can detect the second data by The data is decrypted to obtain the at least one biological feature (and the GPS coordinate information, the electronic time stamp or the GPS coordinate information with an electronic time stamp), and according to the at least one biological feature (and the GPS coordinate information, the electronic time stamp) Or the GPS coordinate information with an electronic time stamp) and the private key to generate the signature value to be verified, and compare whether the signature value to be verified is consistent with the signature value in the first data, and determine the first The authenticity of the signature track (and the video image) in the data, After verifying the authenticity of the signature trajectory (and the video image) in the first document, you can confirm that the third document (that is, the electronic document that completes the digital signature) truly indicates the signatory ’s consent and cannot be denied based on the first document Document to achieve the efficacy and purpose of the present invention.

惟以上所述者,僅為本發明之實施例而已,當不能以此限定本發明實施之範圍,凡是依本發明申請專利範圍及專利說明書內容所作之簡單的等效變化與修飾,皆仍屬本發明專利涵蓋之範圍內。 However, the above are only examples of the present invention. When the scope of implementation of the present invention cannot be limited in this way, any simple equivalent changes and modifications made in accordance with the scope of the patent application and the content of the patent specification of the present invention are still Within the scope of the invention patent.

Claims (21)

一種利用生物特徵驗證電子文件的方法,應用於一終端電子裝置,且該終端電子裝置的一顯示單元顯示一原始電子文件供一使用者簽署;該方法包括:(A)該終端電子裝置透過其一輸入介面接收該使用者的一簽名軌跡,並透過其一生物特徵擷取模組取得該使用者的至少一生物特徵;(B)該終端電子裝置透過其一通訊模組向一憑證伺服器取得包含一公鑰及一私鑰的一金鑰對;(C)該終端電子裝置透過其一簽章產生模組根據該至少一生物特徵及該私鑰產生一簽章值,且將該簽章值及該簽名軌跡封裝成一第一資料;(D)該終端電子裝置透過其一加密模組以該私鑰對該至少一生物特徵加密而產生一第二資料;(E)該終端電子裝置透過其一合併模組將該第一資料合併於該原始電子文件中而產生一第三資料;及(F)該終端電子裝置透過該通訊模組將該第一資料、該第二資料及該第三資料提供給一驗證伺服器。 A method for verifying an electronic file by using biometrics is applied to a terminal electronic device, and a display unit of the terminal electronic device displays an original electronic file for a user to sign; the method includes: (A) the terminal electronic device passes through it An input interface receives a signature trajectory of the user, and obtains at least one biometric of the user through a biometric extraction module; (B) the terminal electronic device sends a certificate server to a certificate server through a communication module. Obtain a key pair including a public key and a private key; (C) the terminal electronic device generates a signature value based on the at least one biometric and the private key through a signature generation module, and applies the signature The chapter value and the signature track are encapsulated into a first piece of data; (D) the terminal electronic device encrypts the at least one biometric with the private key through its encryption module to generate a second piece of data; (E) the terminal electronic device Combining the first data into the original electronic file through a merge module to generate a third data; and (F) the terminal electronic device using the communication module to combine the first data and the second data The information provided to a third authentication server. 如請求項1所述的利用生物特徵驗證電子文件的方法,其中,該驗證伺服器能向該憑證伺服器或該終端電子裝置取得該金鑰對,並具有與該終端電子裝置相同的該簽章產生模組,且該驗證伺服器藉由該金鑰對中的該公鑰對該第二資料解密,而取得該至少一生物特徵,並透過該簽章產生模組根據解密取得的該至少一生物特徵及該金鑰對中的 該私鑰產生一待驗證簽章值,並比對該待驗證簽章值與該第一資料中的該簽章值是否相同,以驗證該第一資料中的該簽名軌跡的真實性,並根據該簽名軌跡的真實性確認該第三資料的不可否認性。 The method for verifying an electronic file using biometrics as described in claim 1, wherein the authentication server can obtain the key pair from the certificate server or the terminal electronic device, and has the same signature as the terminal electronic device. A seal generation module, and the verification server decrypts the second data by using the public key in the key pair to obtain the at least one biometric, and uses the signature generation module to obtain the at least one biometric based on the decryption. A biometric and the key pair The private key generates a signature value to be verified, and compares the signature value to be verified with the signature value in the first data to verify the authenticity of the signature track in the first data, and The non-repudiation of the third material is confirmed according to the authenticity of the signature track. 如請求項2所述的利用生物特徵驗證電子文件的方法,在步驟(A)中,該輸入介面還接收該使用者的一視訊影像,且在步驟(C)中,該簽章產生模組將該簽章值、該簽名軌跡及該視訊影像封裝成該第一資料;藉此,該驗證伺服器藉由比對該待驗證簽章值與該第一資料中的該簽章值是否相同,以驗證該第一資料中的該簽名軌跡及該視訊影像的真實性,而根據該簽名軌跡及該視訊影像的真實性確認該第三資料的不可否認性。 According to the method for verifying an electronic file using biometrics as described in claim 2, in step (A), the input interface further receives a video image of the user, and in step (C), the signature generation module Package the signature value, the signature track and the video image into the first data; thereby, the verification server compares whether the signature value to be verified is the same as the signature value in the first data, The authenticity of the signature track and the video image in the first data is verified, and the non-repudiation of the third data is confirmed according to the authenticity of the signature track and the video image. 如請求項2所述的利用生物特徵驗證電子文件的方法,在步驟(A)中,該終端電子裝置還透過其一GPS模組取得當下的一GPS座標資訊,且該方法還包括在步驟(C)之前的步驟(G):該終端電子裝置的一時戳請求模組向一時戳伺服器請求一電子時戳,或者該時戳請求模組以該GPS座標資訊向該時戳伺服器請求一電子時戳,使回傳具有電子時戳的該GPS座標資訊;且在步驟(C)中,該簽章產生模組是根據該至少一生物特徵、該私鑰以及該GPS座標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一產生該簽章值,在步驟(D)中,該加密模組以該私鑰對該至少一生物特徵及該GPS座標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一用來產生該 簽章值者加密而產生該第二資料;藉此,該驗證伺服器藉由該公鑰對該第二資料解密,而取得該至少一生物特徵及該GPS座標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一,並透過該簽章產生模組根據該私鑰及解密取得的該至少一生物特徵、該GPS座標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一產生該待驗證簽章值。 The method for verifying an electronic file using biometrics as described in claim 2, in step (A), the terminal electronic device also obtains current GPS coordinate information through a GPS module, and the method further includes step ( C) The previous step (G): The time stamp request module of the terminal electronic device requests an electronic time stamp from a time stamp server, or the time stamp request module requests the time stamp server with the GPS coordinate information. The electronic time stamp enables the GPS coordinate information with an electronic time stamp to be transmitted back; and in step (C), the signature generation module is based on the at least one biometric feature, the private key and the GPS coordinate information, the electronic One of the three timestamps and the GPS coordinate information with an electronic timestamp generates the signature value. In step (D), the encryption module uses the private key to the at least one biological feature and the GPS coordinate information, One of the electronic time stamp and the GPS coordinate information with the electronic time stamp is used to generate the The signer is encrypted to generate the second data; thereby, the verification server decrypts the second data by using the public key to obtain the at least one biometric and the GPS coordinate information, the electronic time stamp and the One of the three GPS coordinate information of the electronic time stamp, and the at least one biometric, the GPS coordinate information, the electronic time stamp, and the electronic time stamp obtained by the signature generation module according to the private key and decryption. One of the three GPS coordinate information is to generate the signature value to be verified. 如請求項3所述的利用生物特徵驗證電子文件的方法,在步驟(A)中,該終端電子裝置還透過其一GPS模組取得當下的一GPS座標資訊,且該方法還包括在步驟(C)之前的步驟(G):該終端電子裝置的一時戳請求模組向一時戳伺服器請求一電子時戳,或者該時戳請求模組以該GPS座標資訊向該時戳伺服器請求一電子時戳,使回傳具有電子時戳的該GPS座標資訊;且在步驟(C)中,該簽章產生模組是根據該至少一生物特徵、該私鑰以及該GPS座標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一產生該簽章值,且將該簽章值、該簽名軌跡及該視訊影像封裝成該第一資料;在步驟(D)中,該加密模組以該私鑰對該至少一生物特徵及該GPS座標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一用來產生該簽章值者加密而產生該第二資料;藉此,該驗證伺服器藉由該公鑰對該第二資料解密,而取得該至少一生物特徵及該GPS座標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一,並透過該簽章產生模組根據 該私鑰及解密取得的該至少一生物特徵、該GPS座標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一產生該待驗證簽章值。 The method for verifying an electronic file using biometrics as described in claim 3, in step (A), the terminal electronic device also obtains current GPS coordinate information through a GPS module, and the method further includes step ( C) The previous step (G): The time stamp request module of the terminal electronic device requests an electronic time stamp from a time stamp server, or the time stamp request module requests the time stamp server with the GPS coordinate information. The electronic time stamp enables the GPS coordinate information with an electronic time stamp to be transmitted back; and in step (C), the signature generation module is based on the at least one biometric feature, the private key and the GPS coordinate information, the electronic One of a time stamp and the GPS coordinate information with an electronic time stamp generates the signature value, and encapsulates the signature value, the signature track, and the video image into the first data; in step (D) , The encryption module uses the private key to encrypt the at least one biometric and the GPS coordinate information, the electronic timestamp, and the GPS coordinate information with the electronic timestamp to generate the signature value, and Generating the second data; by this, the verification server The server decrypts the second data by using the public key to obtain one of the at least one biometric feature and the GPS coordinate information, the electronic time stamp, and the GPS coordinate information with an electronic time stamp, and passes the The signature generation module is based on One of the private key and the at least one biometric obtained by decryption, the GPS coordinate information, the electronic time stamp, and the GPS coordinate information with an electronic time stamp generates the to-be-verified signature value. 如請求項2所述的利用生物特徵驗證電子文件的方法,在步驟(A)中,該終端電子裝置還透過其一時戳伺服模組產生一電子時戳,或者該終端電子裝置還透過其一GPS模組取得當下的一GPS座標資訊,並以該GPS座標資訊向該時戳伺服模組請求一電子時戳,使回傳具有電子時戳的該GPS座標資訊;且在步驟(C)中,該簽章產生模組根據該至少一生物特徵、該電子時戳或具有電子時戳的該GPS座標資訊及該私鑰產生該簽章值,而且在步驟(D)中,該加密模組以該私鑰對該至少一生物特徵及該電子時戳或具有電子時戳的該GPS座標資訊其中之一用以產生該簽章值者加密而產生該第二資料;藉此,該驗證伺服器藉由該金鑰對中的該公鑰對該第二資料解密,而取得該至少一生物特徵及該電子時戳或具有電子時戳的該GPS座標資訊,並透過該簽章產生模組根據解密取得的該至少一生物特徵、該電子時戳或具有電子時戳的該GPS座標資訊及該私鑰產生該待驗證簽章值。 According to the method for verifying an electronic file using biometrics as described in claim 2, in step (A), the terminal electronic device also generates an electronic time stamp through a time stamp servo module, or the terminal electronic device also uses an The GPS module obtains current GPS coordinate information, and uses the GPS coordinate information to request an electronic time stamp from the time stamp servo module, so that the GPS coordinate information with the electronic time stamp is returned; and in step (C) , The signature generation module generates the signature value according to the at least one biometric feature, the electronic timestamp or the GPS coordinate information with the electronic timestamp, and the private key, and in step (D), the encryption module One of the at least one biological feature and the electronic time stamp or the GPS coordinate information with the electronic time stamp is encrypted by the private key to generate the signature value and generate the second data; thereby, the verification server The device decrypts the second data by using the public key in the key pair to obtain the at least one biometric and the electronic time stamp or the GPS coordinate information with the electronic time stamp, and generates a module through the signature. The at least one life obtained according to the decryption The object characteristics, the electronic time stamp or the GPS coordinate information with the electronic time stamp and the private key generate the signature value to be verified. 如請求項3所述的利用生物特徵驗證電子文件的方法,在步驟(A)中,該終端電子裝置還透過其一時戳伺服模組產生一電子時戳,或者該終端電子裝置還透過其一GPS模組取得當下的一GPS座標資訊,並以該GPS座標資訊向該時戳伺服模組請求一電子時戳,使回傳具有電子時戳的該 GPS座標資訊;且在步驟(C)中,該簽章產生模組根據該至少一生物特徵、該電子時戳或具有電子時戳的該GPS座標資訊及該私鑰產生該簽章值,且將該簽章值、該簽名軌跡及該視訊影像封裝成該第一資料;在步驟(D)中,該加密模組以該私鑰對該至少一生物特徵及該電子時戳或具有電子時戳的該GPS座標資訊其中之一用以產生該簽章值者加密而產生該第二資料;藉此,該驗證伺服器藉由該金鑰對中的該公鑰對該第二資料解密,而取得該至少一生物特徵及該電子時戳或具有電子時戳的該GPS座標資訊,並透過該簽章產生模組根據解密取得的該至少一生物特徵、該電子時戳或具有電子時戳的該GPS座標資訊及該私鑰產生該待驗證簽章值。 According to the method for verifying an electronic file using biometrics as described in claim 3, in step (A), the terminal electronic device also generates an electronic time stamp through a time stamp servo module, or the terminal electronic device also uses an The GPS module obtains current GPS coordinate information, and uses the GPS coordinate information to request an electronic time stamp from the time stamp servo module, so as to return the electronic time stamp with the electronic time stamp. GPS coordinate information; and in step (C), the signature generation module generates the signature value based on the at least one biometric feature, the electronic timestamp, or the GPS coordinate information with the electronic timestamp and the private key, and Encapsulate the signature value, the signature track and the video image into the first data; in step (D), the encryption module uses the private key to the at least one biological feature and the electronic time stamp or has an electronic time stamp One of the GPS coordinate information stamped is used to generate encryption of the signature valuer to generate the second data; thereby, the verification server decrypts the second data by using the public key in the key pair, And obtaining the at least one biometric and the electronic time stamp or the GPS coordinate information with the electronic time stamp, and obtaining the at least one biometric, the electronic time stamp, or the electronic time stamp through the signature generation module according to the decryption. The GPS coordinate information and the private key are used to generate the signature value to be verified. 如請求項4或5所述的利用生物特徵驗證電子文件的方法,其中該終端電子裝置是執行一安裝於其中的應用程式而完成該等步驟,且該應用程式包含該簽章產生模組、該加密模組、該合併模組及該時戳請求模組。 The method for verifying an electronic file using biometrics as described in claim 4 or 5, wherein the terminal electronic device executes an application installed therein to complete the steps, and the application includes the signature generation module, The encryption module, the merge module, and the timestamp request module. 如請求項6或7所述的利用生物特徵驗證電子文件的方法,其中該終端電子裝置是執行一安裝於其中的應用程式而完成該等步驟,且該應用程式包含該簽章產生模組、該加密模組、該合併模組及該時戳伺服模組。 The method for verifying an electronic file using biometrics as described in claim 6 or 7, wherein the terminal electronic device executes an application installed therein to complete the steps, and the application includes the signature generation module, The encryption module, the merge module, and the time stamp servo module. 一種終端電子裝置,能與一憑證伺服器及一驗證伺服器通訊,且該終端電子裝置顯示一原始電子文件供一使用者簽署;該終端電子裝置包括:一顯示單元; 一生物特徵擷取模組;一通訊模組;一輸入介面;及一處理單元,其與該顯示單元、該生物特徵擷取模組、該通訊模組及該輸入介面電耦接,而令該顯示單元顯示該原始電子文件,並令該輸入介面接受該使用者輸入的一簽名軌跡以在該原始電子文件上簽名,且令該生物特徵擷取模組取得該使用者的至少一生物特徵,並透過該通訊模組向該憑證伺服器取得包含一公鑰及一私鑰的一金鑰對;該處理單元的一簽章產生模組根據該至少一生物特徵及該私鑰產生一簽章值,且將該簽章值及該簽名軌跡封裝成一第一資料,該處理單元的一加密模組並以該私鑰對該至少一生物特徵加密而產生一第二資料,並且該處理單元的一合併模組將該第一資料合併於該原始電子文件中而產生一第三資料,該處理單元再將該第一資料、該第二資料及該第三資料透過該通訊模組提供給該驗證伺服器。 A terminal electronic device capable of communicating with a certificate server and a verification server, and the terminal electronic device displays an original electronic document for a user to sign; the terminal electronic device includes: a display unit; A biometric acquisition module; a communication module; an input interface; and a processing unit which is electrically coupled with the display unit, the biometric acquisition module, the communication module and the input interface, so that The display unit displays the original electronic file, and causes the input interface to accept a signature track input by the user to sign the original electronic file, and causes the biometric extraction module to obtain at least one biometric of the user. And obtain a key pair including a public key and a private key from the certificate server through the communication module; a signature generation module of the processing unit generates a signature based on the at least one biological characteristic and the private key And the seal value and the signature track are encapsulated into a first piece of data, an encryption module of the processing unit encrypts the at least one biometric with the private key to generate a second piece of data, and the processing unit A merging module of the merging the first data into the original electronic file to generate a third data, and the processing unit extracts the first data, the second data and the third data through the communication module To the authentication server. 如請求項10所述的終端電子裝置,其中,該驗證伺服器能向該憑證伺服器或該終端電子裝置取得該金鑰對,並具有與該終端電子裝置的該處理單元中的該簽章產生模組相同的一簽章產生模組,且該驗證伺服器藉由該金鑰對中的該公鑰對該第二資料解密,而取得該至少一生物特徵,並透過其中的該簽章產生模組根據解密取得的該至少一生物特徵及該金鑰對中的該私鑰產生一待驗證簽章值,並比對該待驗證簽章值與該第一資料中的該簽章值是否相 同,以驗證該第一資料中的該簽名軌跡的真實性,並根據該簽名軌跡的真實性確認該第三資料的不可否認性。 The terminal electronic device according to claim 10, wherein the authentication server can obtain the key pair from the certificate server or the terminal electronic device, and has the signature with the signature in the processing unit of the terminal electronic device. A signature generating module with the same generating module, and the verification server decrypts the second data by using the public key in the key pair, obtains the at least one biometric, and passes the signature through the signature The generating module generates a signature value to be verified according to the at least one biometric obtained from the decryption and the private key in the key pair, and compares the signature value to be verified with the signature value in the first data. Whether phase Similarly, to verify the authenticity of the signature track in the first material, and to confirm the non-repudiation of the third material according to the authenticity of the signature track. 如請求項11所述的終端電子裝置,其中該輸入介面包含一手寫輸入單元及一影像擷取單元,該手寫輸入單元供手寫以輸入該簽名軌跡,該影像擷取單元擷取該使用者的一視訊影像,且該處理單元將該簽章值、該簽名軌跡及該視訊影像封裝成該第一資料;藉此,該驗證伺服器藉由比對該待驗證簽章值與該第一資料中的該簽章值是否相同,以驗證該第一資料中的該簽名軌跡及該視訊影像的真實性,而根據該簽名軌跡及該視訊影像的真實性確認該第三資料的不可否認性。 The terminal electronic device according to claim 11, wherein the input interface includes a handwriting input unit and an image capture unit, the handwriting input unit is used for handwriting to input the signature track, and the image capture unit captures the user's A video image, and the processing unit encapsulates the signature value, the signature track, and the video image into the first data; thereby, the verification server compares the signature value to be verified with the first data Whether the value of the signature is the same to verify the authenticity of the signature track and the video image in the first data, and confirm the non-repudiation of the third data based on the authenticity of the signature track and the video image. 如請求項11所述的終端電子裝置,還包括一GPS模組,且該處理單元還透過該GPS模組取得當下的一GPS座標資訊,並且該處理單元的一時戳請求模組還透過該通訊模組向一時戳伺服器請求一電子時戳,或者以該GPS座標資訊向該時戳伺服器請求一電子時戳,使回傳具有電子時戳的該GPS座標資訊;且該處理單元的該簽章產生模組根據該至少一生物特徵、該私鑰以及該GPS座標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一產生該簽章值,該處理單元的該加密模組並以該私鑰對該至少一生物特徵及該GPS座標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一用來產生該簽章值者加密而產生該第二資料;藉此,該驗證伺服器藉由該公鑰對該第二資料解密,而取得該至少一生物特徵及該GPS座 標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一,並透過該簽章產生模組根據該私鑰及解密取得的該至少一生物特徵、該GPS座標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一產生該待驗證簽章值。 The terminal electronic device according to claim 11, further comprising a GPS module, and the processing unit also obtains current GPS coordinate information through the GPS module, and a time stamp request module of the processing unit further communicates through the communication. The module requests an electronic time stamp from a time stamp server, or requests an electronic time stamp from the time stamp server with the GPS coordinate information, so as to return the GPS coordinate information with the electronic time stamp; and the processing unit's The signature generation module generates the signature value according to one of the at least one biometric feature, the private key and the GPS coordinate information, the electronic timestamp, and the GPS coordinate information with the electronic timestamp. The encryption module uses the private key to encrypt the at least one biometric and the GPS coordinate information, the electronic timestamp, and the GPS coordinate information with the electronic timestamp to generate the signature value. Generate the second data; thereby, the verification server decrypts the second data by using the public key to obtain the at least one biometric and the GPS socket One of three of the tag information, the electronic timestamp, and the GPS coordinate information with the electronic timestamp, and the at least one biological characteristic, the GPS coordinate information, One of the electronic time stamp and the GPS coordinate information with the electronic time stamp generates the signature value to be verified. 如請求項12所述的終端電子裝置,還包括一GPS模組,且該處理單元還透過該GPS模組取得當下的一GPS座標資訊,並且該處理單元的一時戳請求模組還透過該通訊模組向一時戳伺服器請求一電子時戳,或者以該GPS座標資訊向該時戳伺服器請求一電子時戳,使回傳具有電子時戳的該GPS座標資訊;且該處理單元的該簽章產生模組根據該至少一生物特徵、該私鑰以及該GPS座標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一產生該簽章值,且將該簽章值、該簽名軌跡及該視訊影像封裝成該第一資料,該處理單元的該加密模組並以該私鑰對該至少一生物特徵及該GPS座標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一用來產生該簽章值者加密而產生該第二資料;藉此,該驗證伺服器藉由該公鑰對該第二資料解密,而取得該至少一生物特徵及該GPS座標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一,並透過該簽章產生模組根據該私鑰及解密取得的該至少一生物特徵、該GPS座標資訊、該電子時戳和具有電子時戳的該GPS座標資訊三者其中之一產生該待驗證簽章值。 The terminal electronic device according to claim 12, further comprising a GPS module, and the processing unit also obtains current GPS coordinate information through the GPS module, and a time stamp request module of the processing unit further communicates through the communication. The module requests an electronic time stamp from a time stamp server, or requests an electronic time stamp from the time stamp server with the GPS coordinate information, so as to return the GPS coordinate information with the electronic time stamp; and the processing unit's The signature generation module generates the signature value according to one of the at least one biometric feature, the private key and the GPS coordinate information, the electronic time stamp, and the GPS coordinate information with the electronic time stamp, and applies the signature The chapter value, the signature track and the video image are packaged into the first data, and the encryption module of the processing unit uses the private key to the at least one biological feature and the GPS coordinate information, the electronic time stamp, and the electronic time One of the three GPS coordinate information stamped is used to generate the encrypted value of the signature valuer to generate the second data; thereby, the verification server decrypts the second data by using the public key to obtain the at least A creature Retrieve one of the GPS coordinate information, the electronic time stamp, and the GPS coordinate information with an electronic time stamp, and use the signature generation module to obtain the at least one biometric, the One of the GPS coordinate information, the electronic time stamp, and the GPS coordinate information with an electronic time stamp generates the signature value to be verified. 如請求項11所述的終端電子裝置,其中該處理單元還包括一時戳伺服模組,且該處理單元還令該時戳伺服模組產生一電子時戳,或者該終端電子裝置還包括一GPS模組,且該處理單元還透過該GPS模組取得當下的一GPS座標資訊,並以該GPS座標資訊向該時戳伺服模組請求一電子時戳,使回傳具有電子時戳的該GPS座標資訊;並且該處理單元的該簽章產生模組根據該至少一生物特徵、該電子時戳或具有電子時戳的該GPS座標資訊及該私鑰產生該簽章值,且將該簽章值及該簽名軌跡封裝成該第一資料,而且該處理單元的該加密模組以該私鑰對該至少一生物特徵及該電子時戳或具有電子時戳的該GPS座標資訊其中之一用以產生該簽章值者加密而產生該第二資料;藉此,該驗證伺服器藉由該金鑰對中的該公鑰對該第二資料解密,而取得該至少一生物特徵及該電子時戳或具有電子時戳的該GPS座標資訊,並透過該簽章產生模組根據解密取得的該至少一生物特徵、該電子時戳或具有電子時戳的該GPS座標資訊及該私鑰產生該待驗證簽章值。 The terminal electronic device according to claim 11, wherein the processing unit further includes a time stamp servo module, and the processing unit further causes the time stamp servo module to generate an electronic time stamp, or the terminal electronic device further includes a GPS Module, and the processing unit also obtains current GPS coordinate information through the GPS module, and uses the GPS coordinate information to request an electronic time stamp from the time stamp servo module, so that the GPS with the electronic time stamp is returned. Coordinate information; and the signature generation module of the processing unit generates the signature value based on the at least one biological characteristic, the electronic timestamp or the GPS coordinate information with the electronic timestamp, and the private key, and the signature The value and the signature track are encapsulated into the first data, and the encryption module of the processing unit uses the private key for one of the at least one biometric and the electronic time stamp or the GPS coordinate information with the electronic time stamp. The second data is generated by encrypting the signature generating person; thereby, the verification server decrypts the second data by using the public key in the key pair to obtain the at least one biometric and the electronic Timestamp or The GPS coordinate information with an electronic time stamp is generated by the signature generation module according to the at least one biometric, the electronic time stamp, or the GPS coordinate information with the electronic time stamp and the private key, and the private key is generated to be verified. Signature value. 如請求項12所述的終端電子裝置,其中該處理單元還包括一時戳伺服模組,且該處理單元還令該時戳伺服模組產生一電子時戳,或者該終端電子裝置還包括一GPS模組,且該處理單元還透過該GPS模組取得當下的一GPS座標資訊,並以該GPS座標資訊向該時戳伺服模組請求一電子時戳,使回傳具有電子時戳的該GPS座標資訊;並且該處理單元的該簽章產生模組根據該至少一生物特徵、該電子時 戳或具有電子時戳的該GPS座標資訊及該私鑰產生該簽章值,且將該簽章值、該簽名軌跡及該視訊影像封裝成該第一資料;而且該處理單元的該加密模組以該私鑰對該至少一生物特徵及該電子時戳或具有電子時戳的該GPS座標資訊其中之一用以產生該簽章值者加密而產生該第二資料;藉此,該驗證伺服器藉由該金鑰對中的該公鑰對該第二資料解密,而取得該至少一生物特徵及該電子時戳或具有電子時戳的該GPS座標資訊,並透過該簽章產生模組根據解密取得的該至少一生物特徵、該電子時戳或具有電子時戳的該GPS座標資訊及該私鑰產生該待驗證簽章值。 The terminal electronic device according to claim 12, wherein the processing unit further includes a time stamp servo module, and the processing unit further causes the time stamp servo module to generate an electronic time stamp, or the terminal electronic device further includes a GPS Module, and the processing unit also obtains current GPS coordinate information through the GPS module, and uses the GPS coordinate information to request an electronic time stamp from the time stamp servo module, so that the GPS with the electronic time stamp is returned. Coordinate information; and the signature generation module of the processing unit is based on the at least one biological characteristic, the electronic time The GPS coordinate information and the private key with an electronic time stamp generate the signature value, and the signature value, the signature track and the video image are encapsulated into the first data; and the encryption module of the processing unit The group uses the private key to encrypt the at least one biometric and the electronic time stamp or the GPS coordinate information with the electronic time stamp to generate the signature value to generate the second data; thereby, the verification The server decrypts the second data by using the public key in the key pair to obtain the at least one biometric and the electronic time stamp or the GPS coordinate information with the electronic time stamp, and generates a model through the signature. The group generates the to-be-verified signature value based on the at least one biometric obtained by decryption, the electronic time stamp or the GPS coordinate information with the electronic time stamp, and the private key. 如請求項13或14所述的終端電子裝置,其中該處理單元是執行一安裝於該終端電子裝置中的應用程式,該應用程式包含該時戳請求模組、該簽章產生模組、該加密模組及該合併模組。 The terminal electronic device according to claim 13 or 14, wherein the processing unit executes an application program installed in the terminal electronic device, the application program including the time stamp request module, the signature generation module, the Encryption module and the combined module. 如請求項15或16所述的終端電子裝置,其中該處理單元是執行一安裝於該終端電子裝置中的應用程式,該應用程式包含該時戳伺服模組、該簽章產生模組、該加密模組及該合併模組。 The terminal electronic device according to claim 15 or 16, wherein the processing unit executes an application program installed in the terminal electronic device, the application program including the time stamp servo module, the signature generation module, the Encryption module and the combined module. 如請求項13或14所述的終端電子裝置,其中該時戳請求模組、該簽章產生模組、該加密模組及該合併模組是燒錄在該處理單元中的韌體。 The terminal electronic device according to claim 13 or 14, wherein the time stamp requesting module, the signature generating module, the encryption module, and the merging module are firmware burned into the processing unit. 如請求項15或16所述的終端電子裝置,其中該時戳伺服模組、該簽章產生模組、該加密模組及該合併模組是燒錄在該處理單元中的韌體。 The terminal electronic device according to claim 15 or 16, wherein the time stamp servo module, the signature generation module, the encryption module and the merge module are firmware burned into the processing unit. 一種電腦可讀取的記錄媒體,其中儲存一包含一簽章產生模組、一加密模組、一合併模組及一時戳請求模組或一時戳伺服模組的應用程式,且該應用程式被一具有一顯示單元、一生物特徵擷取模組、一通訊模組、一輸入介面及一GPS模組的終端電子裝置載入並執行後,該終端電子裝置能完成如請求項1至7其中任一項所述利用生物特徵驗證電子文件的方法。 A computer-readable recording medium storing an application program including a signature generation module, an encryption module, a merge module, and a time stamp request module or a time stamp servo module, and the application program is After a terminal electronic device having a display unit, a biometric acquisition module, a communication module, an input interface, and a GPS module is loaded and executed, the terminal electronic device can be completed as requested in items 1 to 7 A method for verifying an electronic file using biometrics according to any one of the foregoing.
TW107113365A 2018-04-19 2018-04-19 Method for verifying electronic files using biometrics, terminal electronic device and computer readable recording medium TWI673626B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW107113365A TWI673626B (en) 2018-04-19 2018-04-19 Method for verifying electronic files using biometrics, terminal electronic device and computer readable recording medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW107113365A TWI673626B (en) 2018-04-19 2018-04-19 Method for verifying electronic files using biometrics, terminal electronic device and computer readable recording medium

Publications (2)

Publication Number Publication Date
TWI673626B true TWI673626B (en) 2019-10-01
TW201944278A TW201944278A (en) 2019-11-16

Family

ID=69023464

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107113365A TWI673626B (en) 2018-04-19 2018-04-19 Method for verifying electronic files using biometrics, terminal electronic device and computer readable recording medium

Country Status (1)

Country Link
TW (1) TWI673626B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI813905B (en) * 2020-09-26 2023-09-01 臺灣網路認證股份有限公司 System for using authentication mechanism of fast identity online to enable certificate and method thereof
TWI826063B (en) * 2022-10-21 2023-12-11 華南商業銀行股份有限公司 Data signing and transmission system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI220502B (en) * 2001-08-07 2004-08-21 Bo-Dung Wang Method of using cryptography with biometric verification on security authentication
US20150331993A1 (en) * 2014-05-16 2015-11-19 Battelle Memorial Institute Custom Knowledgebases and Sequence Datasets
TW201710945A (en) * 2015-07-20 2017-03-16 諾特瑞茲有限公司 System and method for validating authorship of an electronic signature session

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI220502B (en) * 2001-08-07 2004-08-21 Bo-Dung Wang Method of using cryptography with biometric verification on security authentication
US20150331993A1 (en) * 2014-05-16 2015-11-19 Battelle Memorial Institute Custom Knowledgebases and Sequence Datasets
TW201710945A (en) * 2015-07-20 2017-03-16 諾特瑞茲有限公司 System and method for validating authorship of an electronic signature session

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI813905B (en) * 2020-09-26 2023-09-01 臺灣網路認證股份有限公司 System for using authentication mechanism of fast identity online to enable certificate and method thereof
TWI826063B (en) * 2022-10-21 2023-12-11 華南商業銀行股份有限公司 Data signing and transmission system

Also Published As

Publication number Publication date
TW201944278A (en) 2019-11-16

Similar Documents

Publication Publication Date Title
US11799668B2 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
US11722301B2 (en) Blockchain ID connect
US11777726B2 (en) Methods and systems for recovering data using dynamic passwords
US10785032B1 (en) Biometric electronic signature tokens
WO2019237570A1 (en) Electronic contract signing method, device and server
US9992026B2 (en) Electronic biometric (dynamic) signature references enrollment method
US11588638B2 (en) Digital notarization using a biometric identification service
WO2017024934A1 (en) Electronic signing method, device and signing server
US11436597B1 (en) Biometrics-based e-signatures for pre-authorization and acceptance transfer
WO2018145127A1 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
US11070378B1 (en) Signcrypted biometric electronic signature tokens
TWI728587B (en) Computer-implemented methods, systems, apparatus for securely performing cryptographic operations
TWI673626B (en) Method for verifying electronic files using biometrics, terminal electronic device and computer readable recording medium
CN108111311B (en) Method for realizing bank counter electronic signature based on state cryptographic algorithm
JP6616868B1 (en) Information processing system and information processing method
US20200204377A1 (en) Digital notarization station that uses a biometric identification service
TWM569012U (en) Terminal electronic device for verifying electronic files using biometrics
TWM579789U (en) Electronic contract signing device
JP2020022150A (en) Information processing system and information processing method
USRE49968E1 (en) Electronic identification verification methods and systems with storage of certification records to a side chain
KR20220146906A (en) System for digital signing on digital documents of multimedia form and method thereof