TWI700643B - Multi-dimensional barcode mobile identity authentication method - Google Patents
Multi-dimensional barcode mobile identity authentication method Download PDFInfo
- Publication number
- TWI700643B TWI700643B TW107144134A TW107144134A TWI700643B TW I700643 B TWI700643 B TW I700643B TW 107144134 A TW107144134 A TW 107144134A TW 107144134 A TW107144134 A TW 107144134A TW I700643 B TWI700643 B TW I700643B
- Authority
- TW
- Taiwan
- Prior art keywords
- authentication
- identification information
- verification
- digital certificate
- dimensional barcode
- Prior art date
Links
Images
Landscapes
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
一種多維條碼行動身分認證方法,其令一數位證件裝置顯示包含一驗證資訊及一識別資訊的一多維條碼,該識別資訊是由一認證伺服機構提供,該驗證資訊是數位證件裝置向認證伺服機構要求一認證參數並使用一密鑰對該認證參數押碼而產生,一檢驗裝置掃描該多維條碼並傳送一包含該認證參數的驗證指令給認證伺服機構,使其確認該驗證指令中的認證參數正確後,使用一密鑰對認證參數押碼以產生一確認碼,並確認該驗證指令中的該驗證資訊與該確認碼相同後,以儲存的該識別資訊對該驗證指令中的該識別資訊進行認證並回傳一認證結果給該檢驗裝置。A multi-dimensional bar code mobile identity authentication method, which enables a digital certificate device to display a multi-dimensional bar code including a verification information and an identification information, the identification information is provided by a verification server, and the verification information is sent to the verification server The organization requests an authentication parameter and uses a key to code the authentication parameter. An inspection device scans the multi-dimensional bar code and sends a verification instruction containing the authentication parameter to the authentication server to confirm the authentication in the verification instruction. After the parameters are correct, use a key to code the authentication parameters to generate a confirmation code, and after confirming that the verification information in the verification command is the same as the confirmation code, use the stored identification information for the identification in the verification command The information is authenticated and an authentication result is returned to the inspection device.
Description
本發明是有關於一種身分認證方法,特別是指一種多維條碼行動身分認證方法。 The invention relates to an identity authentication method, in particular to a multi-dimensional barcode mobile identity authentication method.
人們在進行特定事項時,為了確認其身分,常免不了要提出身分證明,例如去銀行提款時需要提供身分證件,出國搭機需要出示護照,看病需要提供健保卡,開車遇到攔檢時需要出示行車駕照等,所以人們總要記得隨身攜帶各種不同的實體證件,以防漏帶或遺失某一相關證件,而無法完成相關事項。因此,若能將該些實體證件數位化並統一儲存於一行動裝置,例如行動電話中,就能解決上述漏帶或遺失實體證件的問題。此外,當實體證件被數位化並儲存於行動裝置後,證件的查驗單位如何判定出示數位證件的人就是證件的真正持有人,以防止證件被不當仿冒或盜用,則是查驗單位需要積極研究的課題。 In order to confirm their identity when doing certain things, people often have to provide an identity certificate. For example, they need to provide their identity documents when going to the bank to withdraw money, they need to show their passports when traveling abroad, they need to provide health insurance cards for medical treatment, and they need to be blocked when driving. Show a driving license, etc., so people always remember to carry a variety of different physical documents with them to prevent missing or missing a relevant document and failing to complete related matters. Therefore, if these physical certificates can be digitized and stored in a mobile device, such as a mobile phone, the above-mentioned problem of missing or missing physical certificates can be solved. In addition, when the physical certificate is digitized and stored in the mobile device, how the certificate inspection unit determines that the person who presents the digital certificate is the true holder of the certificate, so as to prevent the certificate from being improperly counterfeited or embezzled, it is the inspection unit that needs to actively study Subject.
因此,本發明的目的,即在提供一種能驗證數位證件及其持有人的真偽之多維條碼行動身分認證方法。 Therefore, the purpose of the present invention is to provide a multi-dimensional barcode mobile identity authentication method that can verify the authenticity of digital certificates and their holders.
於是,本發明的多維條碼行動身分認證方法,應用於一數位證件裝置、一檢驗裝置及一能與該數位證件裝置及該檢驗裝置通訊的認證伺服機構,並包括下列步驟:(A)該數位證件裝置顯示一多維條碼,該多維條碼包含一驗證資訊及一識別資訊;(B)該檢驗裝置掃描該多維條碼,且根據該多維條碼產生一驗證指令並傳送給該認證伺服機構;(C)該認證伺服機構從該驗證指令中得到該驗證資訊,並於驗證該驗證資訊正確後,對該驗證指令中的該識別資訊進行認證;及(D)該認證伺服機構回傳與該識別資訊相關的一認證結果給該檢驗裝置。 Therefore, the multidimensional barcode mobile identity authentication method of the present invention is applied to a digital certificate device, a verification device, and an authentication server that can communicate with the digital certificate device and the verification device, and includes the following steps: (A) the digital The credential device displays a multi-dimensional bar code, the multi-dimensional bar code includes a verification information and an identification information; (B) the verification device scans the multi-dimensional bar code, and generates a verification command based on the multi-dimensional bar code and sends it to the authentication server; (C) ) The authentication server obtains the verification information from the verification instruction, and after verifying that the verification information is correct, authenticates the identification information in the verification instruction; and (D) the authentication server returns the identification information A related certification result is given to the inspection device.
在本發明的一些實施態樣中,在步驟(A)中,該多維條碼是由該認證伺服機構提供的一固定式多維條碼,且儲存在該數位證件裝置的一硬體安全載具中。 In some embodiments of the present invention, in step (A), the multi-dimensional barcode is a fixed multi-dimensional barcode provided by the authentication server and stored in a hardware security carrier of the digital certificate device.
在本發明的一些實施態樣中,在步驟(A)中,該多維條碼是由該認證伺服機構提供的一固定式多維條碼,且該多維條碼的一部分儲存在該數位證件裝置的一硬體安全載具中,一部分儲存在該認證伺服機構或一雲端伺服器,當該數位證件裝置要顯示該多維條碼時,其與該認證伺服機構或該雲端伺服器連線以取得該部分多維條碼,並與該硬體安全載具儲存的該部分多維條碼組合成該多維條碼。 In some embodiments of the present invention, in step (A), the multi-dimensional bar code is a fixed multi-dimensional bar code provided by the authentication server, and a part of the multi-dimensional bar code is stored in a hardware of the digital certificate device A part of the security vehicle is stored in the certification server or a cloud server. When the digital certificate device wants to display the multi-dimensional barcode, it connects with the certification server or the cloud server to obtain the part of the multi-dimensional barcode. And combined with the part of the multi-dimensional bar code stored in the hardware safety carrier to form the multi-dimensional bar code.
在本發明的一些實施態樣中,在步驟(A)中,該多維條碼 是由該認證伺服機構提供的一固定式多維條碼,且該多維條碼被分割成多個檔案儲存在該數位證件裝置的一硬體安全載具中,當該數位證件裝置要顯示該多維條碼時,其從該硬體安全載具讀取該等檔案並組合成該多維條碼。 In some embodiments of the present invention, in step (A), the multi-dimensional barcode It is a fixed multi-dimensional barcode provided by the authentication server, and the multi-dimensional barcode is divided into multiple files and stored in a hardware security carrier of the digital certificate device. When the digital certificate device wants to display the multi-dimensional barcode , Which reads the files from the hardware security vehicle and assembles the multi-dimensional barcode.
在本發明的一些實施態樣中,在步驟(A)中,該多維條碼是由該認證伺服機構提供的一固定式多維條碼,且該多維條碼被分割成至少兩個檔案並儲存在該數位證件裝置的一儲存單元中,且該等檔案其中至少一個檔案被加密保護,當該數位證件裝置要顯示該多維條碼時,其讀取該等檔案,並根據輸入的至少一密碼將被加密保護的該至少一個檔案解密後,將該等檔案組合成該多維條碼。 In some embodiments of the present invention, in step (A), the multi-dimensional barcode is a fixed multi-dimensional barcode provided by the authentication server, and the multi-dimensional barcode is divided into at least two files and stored in the digital In a storage unit of the credential device, and at least one of the files is encrypted and protected, when the digital credential device wants to display the multi-dimensional bar code, it reads the files and will be encrypted and protected according to the entered at least one password After decrypting the at least one file, the files are combined into the multi-dimensional barcode.
在本發明的一些實施態樣中,在步驟(A)中,該多維條碼是該數位證件裝置內安裝的一應用程式透過線上申請方式,經由該數位證件裝置向該認證伺服機構取得的一固定式多維條碼,且該應用程式以軟體加密方式將該多維條碼儲存在其中或該數位證件裝置的一儲存單元中。 In some embodiments of the present invention, in step (A), the multi-dimensional barcode is an application program installed in the digital certificate device through an online application method, which is obtained from the authentication server through the digital certificate device. Multi-dimensional bar code, and the application program stores the multi-dimensional bar code in it or a storage unit of the digital certificate device in a software encryption manner.
在本發明的一些實施態樣中,在步驟(A)中,該多維條碼是該數位證件裝置內安裝的一應用程式透過線上申請方式,經由該數位證件裝置向該認證伺服機構取得的一固定式多維條碼,且該應用程式將該多維條碼的一部分儲存在該數位證件裝置的一儲存單元及/或一部分儲存在該應用程式中,一部分儲存在該認證伺服機 構或一雲端伺服器,當該數位證件裝置要顯示該多維條碼時,該應用程式經由該數位證件裝置與該認證伺服機構或該雲端伺服器連線以取得該部分多維條碼,再與儲存其中及/或儲存在該儲存單元中的該部分多維條碼組合成該多維條碼。 In some embodiments of the present invention, in step (A), the multi-dimensional barcode is an application program installed in the digital certificate device through an online application method, which is obtained from the authentication server through the digital certificate device. Multi-dimensional bar code, and the application program stores a part of the multi-dimensional bar code in a storage unit of the digital certificate device and/or a part in the application program and a part in the authentication server When the digital certificate device wants to display the multi-dimensional barcode, the application connects to the authentication server or the cloud server through the digital certificate device to obtain the part of the multi-dimensional barcode, and then stores it And/or the part of the multi-dimensional barcode stored in the storage unit is combined to form the multi-dimensional barcode.
在本發明的一些實施態樣中,在步驟(A)中,該多維條碼是該數位證件裝置內安裝的一應用程式透過線上申請方式,經由該數位證件裝置向該認證伺服機構取得的一固定式多維條碼,且該應用程式將該多維條碼分割成多個檔案並儲存在該數位證件裝置的一儲存單元或儲存在該應用程式中,當該數位證件裝置要顯示該多維條碼時,該應用程式從其中或從該儲存單元讀取該等檔案並組合成該多維條碼;或者該應用程式將該多維條碼分割成至少兩個檔案,並將該等檔案其中至少一個檔案加密保護後,將該等檔案儲存在該數位證件裝置的該儲存單元或儲存在該應用程式中,當該數位證件裝置要顯示該多維條碼時,該應用程式從其中或從該儲存單元讀取該等檔案,並根據輸入的至少一密碼將被加密保護的該至少一個檔案解密,以將該等檔案組合成該多維條碼。 In some embodiments of the present invention, in step (A), the multi-dimensional barcode is an application program installed in the digital certificate device through an online application method, which is obtained from the authentication server through the digital certificate device. Multi-dimensional bar code, and the application program divides the multi-dimensional bar code into multiple files and stores them in a storage unit of the digital certificate device or in the application program. When the digital certificate device wants to display the multi-dimensional bar code, the application The program reads the files from it or from the storage unit and combines them into the multi-dimensional bar code; or the application program divides the multi-dimensional bar code into at least two files, encrypts and protects at least one of the files, and then the When files are stored in the storage unit of the digital certificate device or in the application program, when the digital certificate device wants to display the multi-dimensional barcode, the application program reads the files from it or from the storage unit, and according to The entered at least one password decrypts the at least one file that is encrypted and protected, so as to combine the files into the multi-dimensional barcode.
在本發明的一些實施態樣中,在步驟(A)中,該多維條碼是由該數位證件裝置的一硬體安全載具動態產生,且該識別資訊是由該認證伺服機構事先核發並儲存在該硬體安全載具中,或者該識別資訊是由該認證伺服機構事先提供給該數位證件裝置,並由該數 位證件裝置根據輸入的一證件選項取出對應的該識別資訊並提供給該硬體安全載具,當該數位證件裝置要顯示該多維條碼時,該硬體安全載具要求輸入一密碼,並於驗證該密碼正確後,由該數位證件裝置向該認證伺服機構要求一認證參數,並由該硬體安全載具使用一密鑰對該認證參數押碼以產生該驗證資訊,且根據該驗證資訊及該識別資訊以及該認證參數產生該多維條碼。 In some embodiments of the present invention, in step (A), the multi-dimensional barcode is dynamically generated by a hardware security vehicle of the digital certificate device, and the identification information is issued and stored in advance by the authentication server In the hardware security vehicle, or the identification information is provided to the digital certificate device by the authentication server in advance, and the digital The digital certificate device extracts the corresponding identification information according to a certificate option input and provides it to the hardware security carrier. When the digital certificate device wants to display the multi-dimensional barcode, the hardware security carrier requires a password to be entered and After verifying that the password is correct, the digital certificate device requests an authentication parameter from the authentication server, and the hardware security vehicle uses a key to code the authentication parameter to generate the authentication information, and according to the authentication information And the identification information and the authentication parameters to generate the multi-dimensional barcode.
在本發明的一些實施態樣中,在步驟(A)中,該多維條碼是由該數位證件裝置內安裝的一應用程式動態產生,且該識別資訊是由該認證伺服機構事先核發並儲存在該應用程式中,或者該識別資訊是由該認證伺服機構事先提供給該數位證件裝置,並由該數位證件裝置根據輸入的一證件選項取出對應的該識別資訊並提供給該應用程式,當該數位證件裝置要顯示該多維條碼而執行該應用程式時,該應用程式要求輸入一密碼,並於驗證該密碼正確後,該應用程式經由該數位證件裝置向該認證伺服機構要求一認證參數,並使用一密鑰對該認證參數押碼以產生該驗證資訊,且根據該驗證資訊及該識別資訊以及該認證參數產生該多維條碼。 In some embodiments of the present invention, in step (A), the multi-dimensional barcode is dynamically generated by an application program installed in the digital certificate device, and the identification information is issued in advance by the authentication server and stored in In the application, or the identification information is provided to the digital certificate device by the authentication server in advance, and the digital certificate device retrieves the corresponding identification information according to a certificate option entered and provides it to the application. When the digital certificate device wants to display the multi-dimensional barcode to execute the application, the application requires a password. After verifying that the password is correct, the application requests an authentication parameter from the authentication server through the digital certificate device, and A key is used to code the authentication parameter to generate the authentication information, and the multi-dimensional bar code is generated according to the authentication information, the identification information and the authentication parameter.
在本發明的一些實施態樣中,該認證伺服機構包括一存有該密鑰及該認證參數的商務平台及一核發該識別資訊的營運單位,且在步驟(A)中,該數位證件裝置的該硬體安全載具向該商務平台要求該認證參數,在步驟(B)中,該驗證指令還包含該認證參 數,在步驟(C)中,該商務平台接收該驗證指令並比對該驗證指令中的該認證參數與存於該商務平台本身的該認證參數相同後,該商務平台使用存於該商務平台本身的該密鑰對該認證參數押碼以產生一確認碼,並於確認該驗證指令中的該驗證資訊與其產生的該確認碼相同後,傳送該驗證指令中的該識別資訊給該營運單位,使該營運單位以其本身儲存的該識別資訊對該商務平台傳來的該識別資訊進行認證。 In some embodiments of the present invention, the authentication server includes a business platform storing the key and the authentication parameters, and an operating unit that issues the identification information, and in step (A), the digital certificate device The hardware security vehicle requires the authentication parameter from the business platform. In step (B), the verification instruction also includes the authentication parameter In step (C), after the business platform receives the verification instruction and compares the verification parameters in the verification instruction with the verification parameters stored in the business platform itself, the business platform uses the verification parameters stored in the business platform The key of its own code the authentication parameter to generate a confirmation code, and after confirming that the verification information in the verification command is the same as the generated confirmation code, send the identification information in the verification command to the operating unit , Enabling the operating unit to authenticate the identification information sent from the business platform with the identification information stored by itself.
在本發明的一些實施態樣中,該認證伺服機構包括一商務平台及一存有該密鑰及該認證參數且核發該識別資訊的營運單位,且在步驟(A)中,該數位證件裝置的該硬體安全載具向該營運單位要求該認證參數,在步驟(B)中,該驗證指令還包含該認證參數,在步驟(C)中,該商務平台接收該驗證指令並傳送給該營運單位,該營運單位比對該驗證指令中的該認證參數與存於該營運單位本身的該認證參數相同後,該營運單位使用存於該營運單位的該密鑰對該認證參數押碼以產生一確認碼,並於確認該驗證指令中的該驗證資訊與其產生的該確認碼相同後,以其本身儲存的該識別資訊對該驗證指令中的該識別資訊進行認證。 In some embodiments of the present invention, the authentication server includes a business platform and an operating unit that stores the key and the authentication parameters and issues the identification information, and in step (A), the digital certificate device The hardware security vehicle requires the authentication parameter from the operating organization. In step (B), the verification instruction also includes the authentication parameter. In step (C), the business platform receives the verification instruction and transmits it to the The operating organization, after the operating organization compares the authentication parameter in the verification instruction with the authentication parameter stored in the operating organization itself, the operating organization uses the key stored in the operating organization to code the authentication parameter with A confirmation code is generated, and after confirming that the verification information in the verification instruction is the same as the generated verification code, the identification information in the verification instruction is verified with the identification information stored by itself.
在本發明的一些實施態樣中,在步驟(A)中,該多維條碼是由該數位證件裝置的一硬體安全載具動態產生,且該識別資訊是由該認證伺服機構事先核發並儲存在該硬體安全載具中,或者該識 別資訊是由該認證伺服機構事先提供給該數位證件裝置,並由該數位證件裝置根據輸入的一證件選項取出對應的該識別資訊並提供給該硬體安全載具,當該數位證件裝置要顯示該多維條碼時,該硬體安全載具要求輸入一密碼,並於驗證該密碼正確後,該硬體安全載具根據儲存於其中的該驗證資訊及該識別資訊產生該多維條碼。 In some embodiments of the present invention, in step (A), the multi-dimensional barcode is dynamically generated by a hardware security vehicle of the digital certificate device, and the identification information is issued and stored in advance by the authentication server In the hardware safety vehicle, or the knowledge The identification information is provided to the digital certificate device by the authentication server in advance, and the digital certificate device extracts the corresponding identification information according to a certificate option entered and provides it to the hardware security vehicle. When the digital certificate device requires When displaying the multi-dimensional bar code, the hardware security vehicle requires a password, and after verifying that the password is correct, the hardware security vehicle generates the multi-dimensional bar code according to the verification information and the identification information stored therein.
在本發明的一些實施態樣中,在步驟(A)中,該多維條碼是由該數位證件裝置內安裝的一應用程式動態產生,且該識別資訊是由該認證伺服機構事先核發並儲存在該應用程式中,或者該識別資訊是由該認證伺服機構事先提供給該數位證件裝置,並由該數位證件裝置根據輸入的一證件選項取出對應的該識別資訊並提供給該應用程式,當該數位證件裝置要顯示該多維條碼時,該應用程式要求輸入一密碼,並於驗證該密碼正確後,該應用程式根據儲存於其中的該驗證資訊及該識別資訊產生該多維條碼。 In some embodiments of the present invention, in step (A), the multi-dimensional barcode is dynamically generated by an application program installed in the digital certificate device, and the identification information is issued in advance by the authentication server and stored in In the application, or the identification information is provided to the digital certificate device by the authentication server in advance, and the digital certificate device retrieves the corresponding identification information according to a certificate option entered and provides it to the application. When the digital certificate device wants to display the multi-dimensional bar code, the application program requires a password, and after verifying that the password is correct, the application program generates the multi-dimensional bar code according to the verification information and the identification information stored therein.
在本發明的一些實施態樣中,該認證伺服機構包括一存有該驗證資訊的商務平台及一核發該識別資訊的營運單位,且在步驟(C)中,該商務平台接收該驗證指令並於驗證該驗證指令中的該驗證資訊與其本身儲存的該驗證資訊相同後,傳送該識別資訊給該營運單位,使該營運單位以其本身儲存的該識別資訊對該商務平台傳來的該識別資訊進行認證。 In some embodiments of the present invention, the authentication server includes a business platform that stores the verification information and an operating unit that issues the identification information, and in step (C), the business platform receives the verification instruction and After verifying that the verification information in the verification command is the same as the verification information stored by itself, the identification information is sent to the operating unit, so that the operating unit uses the identification information stored by itself to send the identification to the business platform Information is certified.
在本發明的一些實施態樣中,該認證伺服機構包括一商 務平台及一存有該驗證資訊及核發該識別資訊的營運單位,且在步驟(C)中,該商務平台接收該驗證指令並傳送該驗證指令給該營運單位,該營運單位於驗證該驗證指令中的該驗證資訊與其本身儲存的該驗證資訊相同後,以其本身儲存的該識別資訊對該驗證指令中的該識別資訊進行認證。 In some embodiments of the present invention, the authentication server includes a business Business platform and an operating organization that stores the verification information and issued the identification information, and in step (C), the business platform receives the verification instruction and sends the verification instruction to the business organization, and the business organization verifies the verification After the verification information in the command is the same as the verification information stored by itself, the identification information in the verification command is authenticated with the identification information stored by itself.
在本發明的一些實施態樣中,在步驟(A)中,該多維條碼是由該認證伺服機構提供且動態產生,且該識別資訊是儲存在該認證伺服機構中,或者由該認證伺服機構根據該數位證件裝置提供的一證件選項從多個識別資訊中取出與該證件選項對應的該識別資訊,當該數位證件裝置要顯示該多維條碼而與該認證伺服機構連線並要求該多維條碼時,該認證伺服機構根據儲存於其中的該驗證資訊及該識別資訊產生該多維條碼,或者根據該數位證件裝置提供的該證件選項取出與該證件選項對應的該識別資訊,且該認證伺服機構根據該識別資訊及其儲存的該驗證資訊產生該多維條碼,並傳送該多維條碼給該數位證件裝置。 In some embodiments of the present invention, in step (A), the multi-dimensional barcode is provided and dynamically generated by the authentication server, and the identification information is stored in the authentication server, or by the authentication server According to a credential option provided by the digital credential device, the identification information corresponding to the credential option is retrieved from multiple identification information. When the digital credential device wants to display the multi-dimensional bar code, it connects to the authentication server and requests the multi-dimensional bar code At this time, the authentication server generates the multi-dimensional barcode according to the verification information and the identification information stored therein, or retrieves the identification information corresponding to the certificate option according to the certificate option provided by the digital certificate device, and the authentication server The multi-dimensional bar code is generated according to the identification information and the stored verification information, and the multi-dimensional bar code is sent to the digital certificate device.
在本發明的一些實施態樣中,該認證伺服機構包括一商務平台以及一營運單位,且在步驟(A)中,該多維條碼是由該商務平台動態產生,且該識別資訊是儲存在該營運單位,或者由該營運單位根據該數位證件裝置提供的該證件選項從多個識別資訊中取出與該證件選項對應的該識別資訊;當該數位證件裝置要顯示該多 維條碼而與該商務平台連線並要求該多維條碼時,該商務平台根據儲存於其中的該驗證資訊及該營運單位提供的該識別資訊產生該多維條碼,並傳送該多維條碼給該數位證件裝置,且在步驟(C)中,該商務平台接收該驗證指令並於驗證該驗證指令中的該驗證資訊正確後,傳送該識別資訊給該營運單位,使該營運單位以其本身儲存的該識別資訊對該商務平台傳來的該識別資訊進行認證。 In some embodiments of the present invention, the authentication server includes a business platform and an operating unit, and in step (A), the multi-dimensional barcode is dynamically generated by the business platform, and the identification information is stored in the The operating organization, or the operating organization extracts the identification information corresponding to the identification option from multiple identification information based on the identification option provided by the digital identification device; when the digital identification device needs to display the multiple identification information When connecting to the business platform and requesting the multi-dimensional bar code, the business platform generates the multi-dimensional bar code based on the verification information stored therein and the identification information provided by the operating unit, and transmits the multi-dimensional bar code to the digital certificate Device, and in step (C), the business platform receives the verification instruction and after verifying that the verification information in the verification instruction is correct, transmits the identification information to the operating organization so that the operating organization uses the stored The identification information authenticates the identification information transmitted from the business platform.
在本發明的一些實施態樣中,該認證伺服機構包括一商務平台以及一營運單位,且在步驟(A)中,該多維條碼是由該營運單位動態產生,且該識別資訊是儲存在該營運單位或者由該營運單位根據該數位證件裝置提供的該證件選項從多個識別資訊中取出與該證件選項對應的該識別資訊;當該數位證件裝置要顯示該多維條碼而與該營運單位連線並要求該多維條碼時,該營運單位根據儲存於其中的該驗證資訊及該識別資訊產生該多維條碼,或者根據該數位證件裝置提供的該證件選項取出對應的該識別資訊,且根據該識別資訊及儲存於其中的該驗證資訊產生該多維條碼,並傳送該多維條碼給該數位證件裝置,且在步驟(C)中,該商務平台接收該驗證指令並傳送該驗證指令給該營運單位,該營運單位以其本身儲存的該驗證資訊驗證該驗證指令中的該驗證資訊正確後,以其本身儲存的該識別資訊對該驗證指令中的該識別資訊進行認證。 In some embodiments of the present invention, the authentication server includes a business platform and an operating organization, and in step (A), the multi-dimensional barcode is dynamically generated by the operating organization, and the identification information is stored in the The operating organization or the operating organization retrieves the identification information corresponding to the identification option from multiple identification information based on the identification option provided by the digital identification device; when the digital identification device needs to display the multi-dimensional barcode, it is connected to the operating organization When the multi-dimensional bar code is requested, the operating unit generates the multi-dimensional bar code according to the verification information and the identification information stored therein, or retrieves the corresponding identification information according to the certificate options provided by the digital certificate device, and according to the identification Information and the verification information stored therein generate the multi-dimensional barcode, and transmit the multi-dimensional barcode to the digital certificate device, and in step (C), the business platform receives the verification instruction and transmits the verification instruction to the operating unit, After the operating unit verifies that the verification information in the verification instruction is correct with the verification information stored by itself, the identification information in the verification instruction is verified with the identification information stored by itself.
在本發明的一些實施態樣中,在步驟(B)中,該檢驗裝置 掃描該多維條碼但未對該多維條碼解碼,並產生包含該多維條碼的該驗證指令傳送給該認證伺服機構,且在步驟(C)中,該認證伺服機構對該驗證指令中之該多維條碼解碼以取得該識別資訊及該驗證資訊。 In some embodiments of the present invention, in step (B), the inspection device Scan the multi-dimensional bar code but not decode the multi-dimensional bar code, and generate the verification instruction containing the multi-dimensional bar code and send it to the certification server, and in step (C), the certification server verifies the multi-dimensional bar code in the verification instruction Decode to obtain the identification information and the verification information.
在本發明的一些實施態樣中,在步驟(B)中,該檢驗裝置掃描該多維條碼並對其解碼以取得該識別資訊及該驗證資訊,並產生包含該識別資訊及該驗證資訊的該驗證指令傳送給該認證伺服機構,且在步驟(C)中,該認證伺服機構從該驗證指令中取出該識別資訊及該驗證資訊。 In some embodiments of the present invention, in step (B), the inspection device scans the multi-dimensional barcode and decodes it to obtain the identification information and the verification information, and generates the identification information and the verification information. The verification command is sent to the certification server, and in step (C), the certification server retrieves the identification information and the verification information from the verification command.
在本發明的一些實施態樣中,上述該硬體安全載具是一可移除地與該數位證件裝置電連接的身分識別卡或一內建在該數位證件裝置中的身分識別模組。 In some embodiments of the present invention, the above-mentioned hardware security carrier is an identity identification card that is removably electrically connected to the digital ID device or an identity recognition module built in the digital ID device.
再者,本發明的另一種多維條碼行動身分認證方法,應用於一數位證件裝置及一檢驗裝置之間,並包括下列步驟:(A)該數位證件裝置顯示一多維條碼,該多維條碼包含一驗證資訊及一識別資訊;(B)該檢驗裝置掃描該多維條碼並對其解碼,以取得該驗證資訊及該識別資訊,並於驗證該驗證資訊正確後,對該識別資訊進行認證;及(C)該檢驗裝置記錄且顯示一認證結果並回傳該認證結果給該數位證件裝置,或該檢驗裝置記錄該認證結果並回傳該認證結果給該數位證件裝置,或該檢驗裝置記錄且顯示該認證結果。 Furthermore, another multi-dimensional barcode mobile identity authentication method of the present invention is applied between a digital certificate device and a verification device, and includes the following steps: (A) the digital certificate device displays a multi-dimensional barcode, the multi-dimensional barcode includes One verification information and one identification information; (B) The inspection device scans the multi-dimensional barcode and decodes it to obtain the verification information and the identification information, and after verifying that the verification information is correct, authenticate the identification information; and (C) The inspection device records and displays an authentication result and returns the authentication result to the digital certificate device, or the inspection device records the authentication result and returns the authentication result to the digital certificate device, or the inspection device records and The authentication result is displayed.
根據在第0026段所述之該多維條碼行動支付方法,在本發明的一些實施態樣中,步驟(A)中的該多維條碼是以如上第0005段至第0011段、第0016段、第0017和第0020段所述的方式產生,於此不再贅述。且該硬體安全載具如上第0025段所述。 According to the multi-dimensional barcode mobile payment method described in paragraph 0026, in some embodiments of the present invention, the multi-dimensional barcode in step (A) is based on the above paragraphs 0005 to 0011, 0016, and The methods described in paragraphs 0017 and 0020 are generated, so I will not repeat them here. And the hardware safety vehicle is as described in paragraph 0025 above.
另外,本發明實現上述方法的一種數位證件裝置,能與一認證伺服機構通訊,且該認證伺服機構能與一檢驗裝置通訊;該數位證件裝置包括:一通訊單元,其能透過網路與該認證伺服機構進行通訊;一顯示單元,用以顯示一多維條碼,該多維條碼包含一驗證資訊及一識別資訊;一處理單元,與該顯示單元電耦接;一多維條碼產生模組;及一輸入單元,其供輸入一密碼,且透過該處理單元將該密碼提供給該多維條碼產生模組;其中該多維條碼產生模組驗證該密碼正確後,根據該驗證資訊及該識別資訊動態產生該多維條碼,且透過該處理單元將該多維條碼輸出至該顯示單元顯示,以供該檢驗裝置掃描;藉此,使得該檢驗裝置能根據該多維條碼產生一驗證指令並傳送給該認證伺服機構,使得該認證伺服機構能從該驗證指令中得到該驗證資訊,且於驗證該驗證資訊正確後,對該驗證指令中的該識別資訊進行認證,並回傳與該識別資訊相關的一認證結果給該檢驗裝置。 In addition, a digital certificate device implementing the above method of the present invention can communicate with an authentication server, and the authentication server can communicate with an inspection device; the digital certificate device includes: a communication unit that can communicate with the The authentication server communicates; a display unit for displaying a multi-dimensional bar code, the multi-dimensional bar code including a verification information and an identification information; a processing unit electrically coupled to the display unit; a multi-dimensional bar code generation module; And an input unit for inputting a password and providing the password to the multi-dimensional bar code generation module through the processing unit; wherein the multi-dimensional bar code generation module verifies that the password is correct, according to the verification information and the identification information Generate the multi-dimensional bar code, and output the multi-dimensional bar code to the display unit for display through the processing unit for the inspection device to scan; thereby, the inspection device can generate a verification command based on the multi-dimensional bar code and send it to the authentication server Organization so that the authentication server can obtain the verification information from the verification instruction, and after verifying that the verification information is correct, authenticate the identification information in the verification instruction, and return a certification related to the identification information The results are given to the inspection device.
在本發明的一些實施態樣中,該多維條碼產生模組是一硬體安全載具或是一安裝於該數位證件裝置內的應用程式,且該硬 體安全載具是一可移除地與該數位證件裝置電連接的身分識別卡或一內建在該數位證件裝置中的身分識別模組。 In some embodiments of the present invention, the multi-dimensional barcode generation module is a hardware security carrier or an application program installed in the digital certificate device, and the hardware The physical security carrier is an identity identification card that is removably electrically connected to the digital identification device or an identity identification module built in the digital identification device.
此外,本發明實現上述方法的一種認證伺服機構,能與一數位證件裝置及一檢驗裝置通訊,並包括:一商務平台,其能透過網路與該數位證件裝置及該檢驗裝置進行通訊;及一營運單位,其能與該商務平台通訊;其中該商務平台提供一包含一驗證資訊及一識別資訊的多維條碼給該數位證件裝置,使該數位證件裝置能顯示該多維條碼以供該檢驗裝置掃描該多維條碼,且該檢驗裝置根據該多維條碼產生一驗證指令並傳送給該商務平台;該商務平台從該驗證指令中得到該驗證資訊,並於驗證該驗證資訊正確後,傳送該驗證指令中的該識別資訊給該營運單位,使該營運單位對該識別資訊進行驗證並產生一驗證結果,且透過該商務平台回傳該驗證結果給該檢驗裝置;其中該多維條碼是固定式多維條碼,或者由該商務平台動態產生,且該識別資訊是儲存在該營運單位中,或者由該營運單位根據該數位證件裝置提供的一證件選項從多個識別資訊中取出與該證件選項對應的該識別資訊,當該數位證件裝置要顯示該多維條碼而與該商務平台連線並要求該多維條碼時,該商務平台根據儲存於其中的該驗證資訊及該營運單位提供的該識別資訊產生該多維條碼,並傳送該多維條碼給該數位證件裝置。 In addition, the present invention implements the above-mentioned method of a certification server, which can communicate with a digital certificate device and a verification device, and includes: a business platform that can communicate with the digital certificate device and the verification device via a network; and An operating organization that can communicate with the business platform; wherein the business platform provides a multi-dimensional bar code containing a verification information and an identification information to the digital certificate device, so that the digital certificate device can display the multi-dimensional bar code for the verification device Scan the multi-dimensional bar code, and the verification device generates a verification instruction based on the multi-dimensional bar code and sends it to the business platform; the business platform obtains the verification information from the verification instruction, and after verifying that the verification information is correct, transmits the verification instruction The identification information in the file is sent to the operating unit, so that the operating unit verifies the identification information and generates a verification result, and returns the verification result to the inspection device through the business platform; wherein the multi-dimensional barcode is a fixed multi-dimensional barcode , Or dynamically generated by the business platform, and the identification information is stored in the operating organization, or the operating organization extracts the identification information corresponding to the identification option from a plurality of identification information based on a identification option provided by the digital identification device Identification information. When the digital certificate device connects to the business platform to display the multi-dimensional bar code and requests the multi-dimensional bar code, the business platform generates the multi-dimensional bar code based on the verification information stored therein and the identification information provided by the operating unit Bar code, and transmit the multi-dimensional bar code to the digital certificate device.
本發明的功效在於:藉由數位證件裝置顯示一多維條碼 供檢驗裝置掃描,並由檢驗裝置根據該多維條碼產生一驗證指令並傳送給認證伺服機構,使對該驗證指令中包含的該驗證資訊及該識別資訊進行驗證,或者由檢驗裝置直接對該多維條碼中包含的該驗證資訊及該識別資訊進行驗證並產生一認證結果供查驗單位查驗,藉此達到驗證數位證件及其持有人真偽的目的。 The effect of the present invention is to display a multi-dimensional bar code by the digital certificate device For the inspection device to scan, and the inspection device generates a verification command based on the multi-dimensional barcode and sends it to the authentication server, so that the verification information and the identification information contained in the verification command are verified, or the verification device directly The verification information and the identification information contained in the barcode are verified and a verification result is generated for inspection by the inspection unit, thereby achieving the purpose of verifying the authenticity of the digital certificate and its holder.
1:數位證件裝置 1: Digital ID device
2:檢驗裝置 2: Inspection device
3:認證伺服機構 3: Authentication server
11:通訊單元 11: Communication unit
12:顯示單元 12: Display unit
13:處理單元 13: processing unit
14:硬體安全載具 14: Hardware safety vehicle
15:輸入單元 15: Input unit
16:儲存單元 16: storage unit
31:商務平台 31: Business Platform
32:營運單位 32: Operating organization
S1~S9、S41~S48:步驟 S1~S9, S41~S48: steps
本發明的其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中:圖1是一流程圖,說明本發明多維條碼行動身分認證方法的第一實施例的主要流程步驟;圖2是一電路方塊圖,主要說明第一實施例中的數位證件裝置包含的電路方塊;圖3是一電路方塊圖,主要說明數位證件裝置省略了硬體安全載具且處理單元執行一應用程式;圖4是一示意圖,說明第一實施例產生的多維條碼(身分驗證QR碼);圖5及圖6是一示意圖,說明第一實施例顯示的數位證件及其相關資料;及圖7是一流程圖,說明本發明多維條碼行動身分認證方法的第二實施例的主要流程步驟。 Other features and effects of the present invention will be clearly presented in the embodiments with reference to the drawings, in which: FIG. 1 is a flowchart illustrating the main process steps of the first embodiment of the multi-dimensional barcode mobile identity authentication method of the present invention; Figure 2 is a circuit block diagram, mainly illustrating the circuit blocks included in the digital ID device in the first embodiment; Figure 3 is a circuit block diagram, mainly illustrating that the digital ID device omits the hardware security carrier and the processing unit executes an application Program; Figure 4 is a schematic diagram illustrating the multi-dimensional barcode (identity verification QR code) generated by the first embodiment; Figures 5 and 6 are schematic diagrams illustrating the digital certificate and its related information displayed in the first embodiment; and Figure 7 It is a flowchart illustrating the main process steps of the second embodiment of the multi-dimensional barcode mobile identity authentication method of the present invention.
在本發明被詳細描述之前,應當注意在以下的說明內容中,類似的元件是以相同的編號來表示。 Before the present invention is described in detail, it should be noted that in the following description, similar elements are represented by the same numbers.
參閱圖1,是本發明多維條碼行動身分認證方法的第一實施例的流程圖,本實施例應用於如圖2所示的一數位證件裝置1、一檢驗裝置2及一能與該數位證件裝置1及該檢驗裝置2經由網路通訊的認證伺服機構3;其中數位證件裝置1可以是由數位證件之使用者持有的一智慧型手機、一平板電腦或其他具有無線通訊能力的行動電子裝置等,而檢驗裝置2可以是任何需要檢視身分證件的查驗單位所提供的一部個人電腦、筆記型電腦、平板電腦、智慧型手機或其他具有網路通訊能力的行動電子裝置等。
1 is a flowchart of the first embodiment of the multi-dimensional barcode mobile identity authentication method of the present invention. This embodiment is applied to a digital certificate device 1, a
如圖1所示,本實施例的多維條碼行動身分認證方法如下。首先,當查驗單位需要使用者出示一身分證件時,使用者開啟所持有的數位證件裝置1安裝的一應用程式160(例如多維條碼身分驗證軟體,由圖2或圖3所示之處理單元16執行)後,該應用程式160執行如圖1的步驟S1,於數位證件裝置1上顯示一多維條碼供檢驗裝置2掃描,該多維條碼可以是一維條碼、二維條碼、QR碼或三維條碼等,但不以此為限,且其中主要包含一驗證資訊及一識別資訊,且該認證伺服機構3中存有該識別資訊及與該驗證
資訊相關的資料。接著,如圖1的步驟S2,檢驗裝置2掃描該多維條碼後,執行圖1的步驟S3及S4,根據該多維條碼產生一驗證指令,並傳送該驗證指令給認證伺服機構3。
As shown in Fig. 1, the mobile identity authentication method of the multi-dimensional barcode of this embodiment is as follows. First, when the inspection unit requires the user to present an identity certificate, the user opens an
然後,如圖1的步驟S5,該認證伺服機構3從該驗證指令中得到該驗證資訊,並執行圖1的步驟S6,以其本身儲存之與該驗證資訊相關的資料驗證該驗證資訊是否正確,若是,則執行圖1的步驟S7,以其本身儲存的該識別資訊對該驗證指令中的該識別資訊進行認證,然後,如圖1的步驟S8所示,該認證伺服機構3回傳與該識別資訊相關的一認證結果給該檢驗裝置2,其中該認證結果可能是認證成功或認證失敗,因此,如圖1的步驟S9所示,該檢驗裝置2顯示該認證結果,查驗單位得知認證結果為認證成功時,即可請數位證件裝置1的使用者藉由例如點選圖4所示的該多維條碼,使應用程式160(多維條碼身分驗證軟體)顯示如圖5及圖6所示的該數位證件及其相關資料,供查驗單位查驗。藉此,達到驗證數位證件及其持有人真偽的目的。
Then, in step S5 of FIG. 1, the
此外,值得一提的是,該認證伺服機構3還存有與該識別資訊對應的該數位證件及其相關資料,因此在上述步驟S8中,當該認證伺服機構3傳送給檢驗裝置2的該驗證結果為認證成功時,該驗證結果中還可包含與該識別資訊對應的該數位證件及其相關資料,使檢驗裝置2可以直接顯示如圖5及圖6所示的該數位證件
及其相關資料,供查驗單位查驗。或者,當該驗證結果為認證成功時,該認證伺服機構3還可將該驗證結果傳送給該數位證件裝置1,並觸發該數位證件裝置1的應用程式160自動顯示如圖5及圖6所示的該數位證件及其相關資料,供查驗單位查驗。
In addition, it is worth mentioning that the
而若在上述步驟S6中,該認證伺服機構3驗證該驗證資訊不正確時,則如圖1的步驟S10,該認證伺服機構3會傳送一驗證失敗訊息給該數位證件裝置1和該檢驗裝置2,使顯示驗證失敗訊息,以通知查驗單位驗證不成功。
If in the above step S6, the
具體而言,如圖2所示,本實施例的數位證件裝置1主要包括一通訊單元11、一顯示單元12、一儲存單元13、一硬體安全載具14、一輸入單元15及一與前述元件電連接的處理單元16。且認證伺服機構3包含一能經由網路(例如網際網路)與數位證件裝置1及檢驗裝置2通訊的商務平台31及一能與該商務平台31通訊的營運單位32。
Specifically, as shown in FIG. 2, the digital certificate device 1 of this embodiment mainly includes a
其中通訊單元11能透過網路(例如網際網路)與該認證伺服機構3的商務平台31進行通訊,儲存單元13儲存上述該應用程式160;硬體安全載具14儲存該多維條碼並被設定一密碼,且該多維條碼是由該認證伺服機構3的商務平台31預先提供的一固定式多維條碼(其中包含的該識別資訊則來自該營運單位32)。在本實施例中,該硬體安全載具14是一可移除地與該數位證件裝置1
電連接的身分識別卡(例如能插置於數位證件裝置1的一卡片插槽內的SD卡)或是一內建在該數位證件裝置1中的身分識別模組。輸入單元15可以是任何可供使用者輸入以操控數位證件裝置1的輸入介面,例如鍵盤、觸控式鍵盤或觸控式螢幕等。
The
因此,在上述步驟S1中,當使用者欲使用多維條碼而透過輸入單元15開啟數位證件裝置1安裝的應用程式160時,處理單元16會要求使用者輸入一密碼,並提供該密碼給硬體安全載具14,硬體安全載具14驗證該密碼正確後,才將該多維條碼經由處理單元16輸出至顯示單元12顯示。
Therefore, in the above step S1, when the user wants to use the multi-dimensional barcode and opens the
此外,在上述步驟S1中,本實施例顯示多維條碼的方式還有下列幾種。 In addition, in the above step S1, there are the following ways of displaying the multi-dimensional barcode in this embodiment.
數位證件裝置1可將上述固定式的多維條碼分割成多個檔案,該等檔案其中至少一個或多個檔案儲存在該數位證件裝置1的硬體安全載具14中,該等檔案其中至少一個或多個檔案儲存在該認證伺服機構3的商務平台31或一雲端伺服器4;當使用者欲使用多維條碼而開啟數位證件裝置1的應用程式160時,處理單元16會透過通訊單元11與該認證伺服機構3的商務平台31或該雲端伺服器4連線,且要求使用者輸入一密碼,並提供該密碼給該硬體安全載具14驗證該密碼正確後,才從該認證伺服機構3的商務平台31或該雲端伺服器4取得該至少一個或多個檔案,並將其與
該硬體安全載具14儲存的該至少一個或多個檔案組合成該多維條碼後顯示於顯示單元12。
The digital certificate device 1 can divide the fixed multi-dimensional bar code into a plurality of files. At least one or more of these files are stored in the
或者,該多維條碼亦可被處理單元16分割成多個檔案儲存在該數位證件裝置1的硬體安全載具14中,當使用者欲使用多維條碼而開啟數位證件裝置1的應用程式160時,處理單元16會要求使用者輸入一密碼,並提供該密碼給硬體安全載具14,硬體安全載具14驗證該密碼正確後,處理單元16即可從該硬體安全載具14讀取該等檔案並組合成該多維條碼後顯示於顯示單元12。
Alternatively, the multi-dimensional barcode can also be divided into multiple files by the
或者,當數位證件裝置1不具有該硬體安全載具14時,如圖3所示,該多維條碼亦可被處理單元16分割成至少兩個檔案並儲存在該數位證件裝置1的儲存單元13中,且該等檔案其中至少一個檔案被加密保護。因此,當使用者欲使用多維條碼而開啟數位證件裝置1的應用程式160時,處理單元16會從儲存單元13讀取該等檔案,並要求使用者輸入至少一密碼,且根據該密碼將被加密保護的該至少一個檔案解密後,將該等檔案組合成該多維條碼並顯示於顯示單元12。
Alternatively, when the digital document device 1 does not have the
或者,該多維條碼也可以是該數位證件裝置1內安裝的應用程式160透過線上申請方式,經由該數位證件裝置1向該認證伺服機構3的商務平台31取得的一固定式多維條碼,且該應用程式160還以軟體加密方式將該多維條碼儲存在其中或該數位證件
裝置1的儲存單元13中。因此,當使用者欲使用多維條碼而透過輸入單元15開啟數位證件裝置1安裝的應用程式160時,應用程式160會要求使用者輸入一密碼,並由應用程式160驗證該密碼正確後,應用程式160才將該多維條碼從其中或儲存單元13取出並解密後,經由處理單元16輸出至顯示單元12顯示。
Alternatively, the multi-dimensional barcode can also be a fixed multi-dimensional barcode obtained by the
或者,前述的應用程式160亦可將該多維條碼分割成多個檔案,該等檔案其中至少一個或多個檔案儲存在該數位證件裝置1的儲存單元13及/或儲存在該應用程式160中,該等檔案其中至少一個或多個檔案儲存在該認證伺服機構3的商務平台31或雲端伺服器4。因此,當使用者欲使用多維條碼而開啟數位證件裝置1的應用程式160時,應用程式160會要求使用者輸入一密碼,並由應用程式160驗證該密碼正確後,該應用程式160會經由該數位證件裝置1與該認證伺服機構3的商務平台31或該雲端伺服器4連線,以取得該至少一個或多個檔案,再將其與儲存其中及/或儲存在該儲存單元13中的該至少一個或多個檔案組合成該多維條碼後,經由處理單元16輸出至顯示單元12顯示。
Alternatively, the
或者,該應用程式160也可將該多維條碼分割成多個檔案並儲存在該數位證件裝置1的儲存單元13或儲存在該應用程式160中,當使用者欲使用多維條碼而開啟數位證件裝置1的應用程式160時,應用程式160會要求使用者輸入一密碼,並由應用程
式160驗證該密碼正確後,該應用程式160從其中或從該儲存單元13讀取該等檔案並組合成該多維條碼後,經由處理單元16輸出至顯示單元12顯示。亦或者,該應用程式160將該多維條碼分割成至少兩個檔案,並將該等檔案其中至少一個檔案加密保護後,將該等檔案儲存在該數位證件裝置1的該儲存單元13或儲存在該應用程式160本身中,當該數位證件裝置1要顯示該多維條碼時,該應用程式160從其中或從該儲存單元13讀取該等檔案,並根據輸入的至少一密碼將被加密保護的該至少一個檔案解密後,再將該等檔案組合成該多維條碼,並經由處理單元16輸出該多維條碼至顯示單元12顯示。
Alternatively, the
另外,該多維條碼也可由該數位證件裝置1的硬體安全載具14動態產生,在此實施態樣中,當數位證件只有一種,例如使用者在數位證件裝置1的應用程式160中設定的數位證件只有數位身分證一種,則與該數位身分證對應的該識別資訊(唯一識別碼,例如一虛擬帳號或使用者的一身分證號碼等)會被預先儲存在該硬體安全載具14中,且該數位身分證及其對應的該識別資訊是由該營運單位32,例如內政部提供;或者,當數位證件有兩種以上時,例如使用者在數位證件裝置1的應用程式160中設定的數位證件有例如數位身分證、數位護照、數位健保卡、數位行車駕照...等數種證件時,則由該數位證件裝置1的顯示單元12顯示與該等數位證
件對應的多個證件選項供使用者選取,再由處理單元16根據使用者輸入的一證件選項產生與該證件選項對應的該識別資訊並提供給該硬體安全載具14,且各該數位證件及其對應的該識別資訊是由相對應的該營運單位32提供並存入數位證件裝置1的儲存單元13中,例如數位護照由外交部核發,數位健保卡由健保局核發等。因此,當該數位證件裝置1要顯示該多維條碼時,該硬體安全載具14會要求使用者輸入一密碼,並於驗證該密碼正確後,該硬體安全載具14透過處理單元16及通訊單元11與該認證伺服機構3的商務平台31連線,以向該認證伺服機構3要求一認證參數,並使用一與該認證伺服機構3的商務平台31共有的密鑰對該認證參數押碼以產生該驗證資訊,且根據該驗證資訊及該識別資訊以及該認證參數產生該多維條碼後,將該多維條碼經由處理單元16輸出至顯示單元12顯示。
In addition, the multi-dimensional barcode can also be dynamically generated by the
或者,當數位證件裝置1不具有硬體安全載具14時,如圖3所示,該多維條碼也可由該數位證件裝置1安裝的應用程式160動態產生,在此實施態樣中,當數位證件只有一種,例如使用者在數位證件裝置1的應用程式160中設定的數位證件只有一數位身分證,則與該數位身分證對應的該識別資訊會被預先儲存在該應用程式160,且該數位身分證及其對應的該識別資訊是由該營運單位32,例如內政部提供;或者當數位證件有兩種以上時,例如使
用者在數位證件裝置1的應用程式160中設定的數位證件有例如數位身分證、數位護照、數位健保卡、數位行車駕照...等數種證件時,則由該數位證件裝置1的顯示單元12顯示與該等數位證件對應的多個證件選項供使用者選取,再由處理單元16根據使用者輸入的一證件選項產生與該證件選項對應的該識別資訊並提供給該應用程式160。同樣地,各該數位證件及其對應的該識別資訊是由相對應的該營運單位32提供並存入數位證件裝置1的儲存單元13中,例如數位護照由外交部核發,數位健保卡由健保局核發等。因此,當該數位證件裝置1要顯示該多維條碼而執行該應用程式160時,該應用程式160要求使用者輸入一密碼,並於驗證該密碼正確後,該應用程式160才經由該數位證件裝置1向該認證伺服機構3的商務平台31要求一認證參數,並使用一與商務平台31共有的密鑰對該認證參數押碼以產生該驗證資訊,且根據該驗證資訊及該識別資訊以及該認證參數產生該多維條碼,以經由處理單元16輸出該多維條碼至顯示單元12顯示。
Alternatively, when the digital ID device 1 does not have a
因此,在上述步驟S5中,該商務平台31存有該密鑰及該認證參數,且當該商務平台31接收到該驗證指令並從中得到該驗證資訊後,在上述步驟S6中,商務平台31比對該驗證指令中的該認證參數與商務平台31本身儲存的該認證參數是否相同,若是,商務平台31就使用其本身儲存的該密鑰對其本身儲存的該認證參
數押碼以產生一確認碼,並於確認該驗證指令中的該驗證資訊與其本身產生的該確認碼相同(即驗證資訊正確)後,才傳送該驗證指令中的該識別資訊給該營運單位32,以執行上述步驟S7、S8,該營運單位32對該識別資訊進行認證並產生該認證結果,且傳送該認證結果給檢驗裝置2。
Therefore, in the above step S5, the
此外,另一替代方案是上述的營運單位32存有該密鑰及該認證參數,且檢驗裝置1的該硬體安全載具14或該應用程式160是經由該數位證件裝置1向該營運單位32要求該認證參數,並使用一與營運單位32共有的密鑰對該認證參數押碼以產生該驗證資訊。因此在上述步驟S5中,該商務平台31會將接收到的該驗證指令傳送給該營運單位32,且在上述步驟S6中,營運單位32比對該驗證指令中的該認證參數與其本身儲存的該認證參數是否相同,若是,營運單位32使用其本身儲存的該密鑰對其本身儲存的該認證參數押碼以產生一確認碼,並於確認該驗證指令中的該驗證資訊與其本身產生的該確認碼相同(即驗證資訊正確)後,才執行上述步驟S7、S8,該營運單位32以其本身儲存的該識別資訊對該驗證指令中的該識別資訊進行認證。
In addition, another alternative is that the above-mentioned operating unit 32 stores the key and the authentication parameters, and the
再者,上述硬體安全載具14動態產生多維條碼的另一種方式是不需向認證伺服機構3取得認證參數,直接產生多維條碼,在此實施態樣中,硬體安全載具14及認證伺服機構3的商務平台
31需分別預先儲存事先設定(約定)好的該驗證資訊。則當該數位證件裝置1要顯示該多維條碼時,該硬體安全載具14要求使用者輸入一密碼,並於驗證該密碼正確後,該硬體安全載具14即根據儲存於其中的該驗證資訊及該識別資訊(識別資訊的取得方式如上第0049段所述)產生該多維條碼並經由處理單元16輸出至顯示單元12顯示。
Furthermore, another way for the
或者,當數位證件裝置1不具有硬體安全載具14時,上述該多維條碼也可由該數位證件裝置1內安裝的應用程式160在不需經由該數位證件裝置1向認證伺服機構3取得認證參數的情況下動態產生,亦即應用程式160及認證伺服機構3的商務平台31需分別預先儲存該驗證資訊,則當該數位證件裝置1要顯示該多維條碼而執行應用程式160時,該應用程式160要求使用者輸入一密碼,並於驗證該密碼正確後,該應用程式160即根據儲存於其中的該驗證資訊及該識別資訊(識別資訊的取得方式如上第0049段所述)產生該多維條碼並經由處理單元16輸出至顯示單元12顯示。
Or, when the digital certificate device 1 does not have a
因此,在上述步驟S5中,該商務平台31接收該驗證指令並從中得到該驗證資訊後,在上述步驟S6中,商務平台31以其中儲存的驗證資訊驗證從該驗證指令取出的該驗證資訊正確後,才傳送該識別資訊給該營運單位32,使該營運單位32以其本身儲存的該識別資訊對該商務平台31傳來的該識別資訊進行認證。
Therefore, in step S5, after the
此外,另一替代方案是上述的硬體安全載具14及營運單位32分別預先儲存事先設定(約定)好的該驗證資訊,且在上述步驟S5中,該商務平台31接收該驗證指令並傳送該驗證指令給該營運單位32,因此在上述步驟S6中,該營運單位32以其本身儲存的驗證資訊驗證該驗證指令中的該驗證資訊正確後,才執行上述步驟S7,以其本身儲存的該識別資訊對該驗證指令中的該識別資訊進行認證。
In addition, another alternative is that the aforementioned
或者,該多維條碼亦可由該認證伺服機構3動態產生,在此實施態樣中,該驗證資訊被預先儲存在該認證伺服機構3的商務平台31中,該識別資訊是預先儲存在該認證伺服機構3的營運單位32中或者如上第0049段所述,當數位證件有多種時,各該數位證件及其對應的該識別資訊是由相對應的該營運單位32提供,故該營運單位32會根據該數位證件裝置1提供的一證件選項從多個數位證件中取出與該證件選項對應的該識別資訊。因此,當該數位證件裝置1要顯示該多維條碼而與該認證伺服機構3的商務平台31連線並要求該多維條碼時,該認證伺服機構3的商務平台31會要求使用者輸入一密碼,並於驗證該密碼正確後,商務平台31向營運單位32要求提供該識別資訊,並根據儲存於其中的該驗證資訊及營運單位32提供的該識別資訊產生該多維條碼;或者商務平台31傳送該數位證件裝置1傳來的該證件選項給營運單位32,使
提供與該證件選項對應的該識別資訊,再根據該識別資訊及儲存於其中的該驗證資訊產生該多維條碼,並傳送該多維條碼給該數位證件裝置1。
Alternatively, the multi-dimensional barcode can also be dynamically generated by the
因此,在上述步驟S5中,該商務平台31接收該驗證指令並從中得到該驗證資訊,且於上述步驟S6中,商務平台31驗證該驗證指令中的該驗證資訊正確後,才傳送該驗證指令中的該識別資訊給該營運單位32,使該營運單位32以其本身儲存的該識別資訊對該商務平台31傳來的該識別資訊進行認證。
Therefore, in the above step S5, the
再者,另一替代方案是上述的該識別資訊及該驗證資訊兩者是被預先儲存在該認證伺服機構3的營運單位32中,或者,該識別資訊是由該營運單位32根據該數位證件裝置1提供的一證件選項而產生。因此,當該數位證件裝置1要顯示該多維條碼而與該營運單位32連線並要求該多維條碼時,該營運單位32要求使用者輸入一密碼,並於驗證該密碼正確後,該營運單位32才根據儲存於其中的該驗證資訊及該識別資訊產生該多維條碼,或者根據該數位證件裝置1提供的該證件選項產生該識別資訊,且根據該識別資訊及儲存於其中的該驗證資訊產生該多維條碼,並傳送該多維條碼給該數位證件裝置1。因此,在上述步驟S5中,該商務平台31接收該驗證指令並傳送該驗證指令給該營運單位32,在上述步驟S6、S7中,該營運單位32於驗證該驗證指令中的該驗證資訊正確
後,再以其本身儲存的該識別資訊對該驗證指令中的該識別資訊進行認證。
Furthermore, another alternative is that both the identification information and the verification information mentioned above are pre-stored in the operating unit 32 of the
此外,在上述步驟S3中,該檢驗裝置2掃描該多維條碼後,並未對該多維條碼解碼,且將該多維條碼包含在該驗證指令中,並在步驟S4中傳送包含該多維條碼之該驗證指令給該認證伺服機構3,且在步驟S5中,該認證伺服機構3的商務平台31對該驗證指令中之該多維條碼解碼以取得該識別資訊及該驗證資訊,並於驗證該驗證資訊正確後,將該識別資訊傳送給該營運單位32,使營運單位32對該識別資訊進行認證。
In addition, in the above step S3, after the
或者,在上述步驟S3、S4中,該檢驗裝置2掃描該多維條碼後即直接對其解碼,以從中取得該識別資訊及該驗證資訊,並將該識別資訊及該驗證資訊包含在該驗證指令後傳送給該認證伺服機構3,且在步驟S5中,該認證伺服機構3的商務平台31驗證該驗證指令中的該驗證資訊正確後,傳送該識別資訊給該營運單位32,使營運單位32進行上述步驟S7,對該識別資訊進行認證。
Or, in the above steps S3 and S4, the
值得一提的是,上述能動態產生多維條碼的硬體安全載具14及應用程式160亦可被稱為一多維條碼產生模組。且上述由單一商務平台31執行的該等步驟亦可由多個商務平台31來執行(亦即認證伺服機構3可包含多個商務平台31),而且上述由單一
營運單位32執行的步驟亦可由多個營運單位32來執行(即認證伺服機構3亦可包含多個營運單位32)。
It is worth mentioning that the
再參見圖7所示,是本發明多維條碼行動身分認證方法的第二實施例的流程圖,與上述第一實施例不同的是,本實施例不需由上述的認證伺服機構3執行驗證作業,只要使用者持有之數位證件裝置1與查驗單位擁有之檢驗裝置2兩者即能完成身分驗證流程,除此之外,本實施例的數位證件裝置1與上述第一實施例及圖2、圖3所示相同,故於此不再贅述。
Referring to FIG. 7 again, it is a flowchart of the second embodiment of the multi-dimensional barcode mobile identity authentication method of the present invention. Unlike the first embodiment described above, this embodiment does not require the
本實施例的多維條碼行動身分認證方法如下。首先,當使用者欲提供存於數位證件裝置1中的數位證件供查驗單位查驗時,使用者開啟所持有的數位證件裝置1安裝的一應用程式160(例如多維條碼支付軟體),則該應用程式160執行如圖7的步驟S41,於數位證件裝置1上顯示一多維條碼供檢驗裝置2掃描,其中該多維條碼包含一驗證資訊及一識別資訊(相同於上述第一實施例的識別資訊),且該檢驗裝置2中存有該識別資訊及與該驗證資訊相關的資料;接著,如圖7的步驟S42,檢驗裝置2掃描該多維條碼後,執行圖7的步驟S43,對多維條碼解碼,以從中取得該驗證資訊及該識別資訊。
The multi-dimensional barcode mobile identity authentication method of this embodiment is as follows. First, when the user wants to provide the digital certificate stored in the digital certificate device 1 for inspection by the inspection unit, the user opens an application 160 (such as multi-dimensional barcode payment software) installed on the digital certificate device 1 he holds. The
然後,如圖7的步驟S44,檢驗裝置2以其本身儲存之與該驗證資訊相關的資料驗證該驗證資訊是否正確,若是,則執行
圖7的步驟S45,以其本身儲存的該識別資訊對數位證件裝置1傳來的該識別資訊進行認證,並產生一認證結果,然後如圖7的步驟S46,檢驗裝置2記錄並顯示該認證結果,同時,如圖7的步驟S47,檢驗裝置2透過短距離無線通訊功能,例如NFC與該數位證件裝置1的通訊單元11進行短距離無線通訊,並傳送該認證結果給該數位證件裝置1,而如圖7的步驟S48所示,該數位證件裝置1顯示該認證結果,讓使用者能即時確認認證結果。此外,在上述步驟S46、S47中,該檢驗裝置2也可只記錄該認證結果並傳送該認證結果給該數位證件裝置1,或者該檢驗裝置2只執行上述步驟S46,記錄並顯示該認證結果,並省略上述步驟S47。
Then, in step S44 of FIG. 7, the
而若在上述步驟S44中,該檢驗裝置2驗證該驗證資訊不正確時,則如圖7的步驟S49,檢驗裝置2會傳送一驗證失敗訊息給該數位證件裝置1,使顯示驗證失敗訊息。
If, in step S44, the
此外,本實施例的該多維條碼是由圖2所示之該認證伺服機構3的商務平台31預先提供的一固定式多維條碼,且該固定式多維條碼被儲存及讀取的各種方式與上述第一實施例相同,故於此不再贅述。
In addition, the multi-dimensional bar code of this embodiment is a fixed multi-dimensional bar code provided in advance by the
另外,如同第一實施例所述,本實施例的該多維條碼也可由該數位證件裝置1的硬體安全載具14或應用程式160在不需
取得認證參數的情況下動態產生,或者由認證伺服機構3的商務平台31或營運單位32動態產生,故於此不再贅述。
In addition, as described in the first embodiment, the multi-dimensional barcode of this embodiment can also be used by the
綜上所述,本發明藉由數位證件裝置1顯示一多維條碼供檢驗裝置2掃描,並由檢驗裝置2根據該多維條碼產生一驗證指令並傳送給認證伺服機構3,使對該驗證指令中包含的該驗證資訊及該識別資訊進行驗證,或者由檢驗裝置2直接對該多維條碼中包含的該驗證資訊及該識別資訊進行驗證並產生一認證結果供查驗單位查驗,藉此達到驗證數位證件及其持有人真偽的功效與目的。
To sum up, the present invention uses the digital certificate device 1 to display a multi-dimensional barcode for the
惟以上所述者,僅為本發明的實施例而已,當不能以此限定本發明實施的範圍,凡是依本發明申請專利範圍及專利說明書內容所作的簡單的等效變化與修飾,皆仍屬本發明專利涵蓋的範圍內。 However, the above are only examples of the present invention. When the scope of implementation of the present invention cannot be limited by this, all simple equivalent changes and modifications made in accordance with the scope of the patent application of the present invention and the content of the patent specification still belong to Within the scope of the patent for the present invention.
1‧‧‧數位證件裝置 1‧‧‧Digital ID Device
2‧‧‧檢驗裝置 2‧‧‧Inspection device
3‧‧‧認證伺服機構 3‧‧‧Certification Servo Organization
S1~S9‧‧‧步驟 S1~S9‧‧‧Step
Claims (6)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW107144134A TWI700643B (en) | 2017-03-29 | 2017-03-29 | Multi-dimensional barcode mobile identity authentication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW107144134A TWI700643B (en) | 2017-03-29 | 2017-03-29 | Multi-dimensional barcode mobile identity authentication method |
Publications (2)
Publication Number | Publication Date |
---|---|
TW201921292A TW201921292A (en) | 2019-06-01 |
TWI700643B true TWI700643B (en) | 2020-08-01 |
Family
ID=67702265
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW107144134A TWI700643B (en) | 2017-03-29 | 2017-03-29 | Multi-dimensional barcode mobile identity authentication method |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI700643B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWM410932U (en) * | 2010-12-13 | 2011-09-01 | Mxtran Inc | Mobile device capable of displaying barcode for electronic transaction and integrated circuit film thereof |
US20110231268A1 (en) * | 2010-03-17 | 2011-09-22 | Jay Ungos | Online barcode directory and systems for facilitating transactions utilizing the same |
CN103957105A (en) * | 2014-04-28 | 2014-07-30 | 中国联合网络通信集团有限公司 | Use identity authentication method and SIM card |
US20140351589A1 (en) * | 2013-05-23 | 2014-11-27 | Symantec, Inc. | Performing client authentication using onetime values recovered from barcode graphics |
TW201643791A (en) * | 2015-06-12 | 2016-12-16 | 蓋特資訊系統股份有限公司 | Method and system for generating personal transaction code with term of validity, and method of identification for the same |
-
2017
- 2017-03-29 TW TW107144134A patent/TWI700643B/en active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20110231268A1 (en) * | 2010-03-17 | 2011-09-22 | Jay Ungos | Online barcode directory and systems for facilitating transactions utilizing the same |
TWM410932U (en) * | 2010-12-13 | 2011-09-01 | Mxtran Inc | Mobile device capable of displaying barcode for electronic transaction and integrated circuit film thereof |
US20140351589A1 (en) * | 2013-05-23 | 2014-11-27 | Symantec, Inc. | Performing client authentication using onetime values recovered from barcode graphics |
CN103957105A (en) * | 2014-04-28 | 2014-07-30 | 中国联合网络通信集团有限公司 | Use identity authentication method and SIM card |
TW201643791A (en) * | 2015-06-12 | 2016-12-16 | 蓋特資訊系統股份有限公司 | Method and system for generating personal transaction code with term of validity, and method of identification for the same |
Also Published As
Publication number | Publication date |
---|---|
TW201921292A (en) | 2019-06-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
TWI651656B (en) | Multidimensional barcode action identity authentication method, digital certificate device | |
US9876646B2 (en) | User identification management system and method | |
CN105590199B (en) | Payment method and payment system based on dynamic two-dimensional code | |
TWI734764B (en) | Multi-dimensional barcode mobile payment method | |
ES2680152T3 (en) | Authentication method and device convenient for the user using a mobile authentication application | |
US9413753B2 (en) | Method for generating a soft token, computer program product and service computer system | |
CN101918954B (en) | Method for reading attributes from an ID token | |
US20180268415A1 (en) | Biometric information personal identity authenticating system and method using financial card information stored in mobile communication terminal | |
CN103116842A (en) | Multi-factor and multi-channel id authentication and transaction control and multi-option payment system and method | |
US8271391B2 (en) | Method for securing an on-line transaction | |
KR102073563B1 (en) | Financial transaction method and system using financial automation device based on qr code | |
JP6760631B1 (en) | Authentication request system and authentication request method | |
KR20100006004A (en) | Autentification processing method and system using card, card terminal for authentification processing using card | |
KR102122555B1 (en) | System and Method for Identification Based on Finanace Card Possessed by User | |
JP5981507B2 (en) | How to process payments | |
TWI700643B (en) | Multi-dimensional barcode mobile identity authentication method | |
KR101459283B1 (en) | 2 Channel authentication device and method | |
TWI711975B (en) | Multi-dimensional barcode mobile identity authentication method and authentication server mechanism | |
KR101360843B1 (en) | Next Generation Financial System | |
KR20120007591A (en) | System and method for providing financial transaction service using complex media | |
GB2587075A (en) | Proving identity | |
TW202025051A (en) | System for assisting a financial card holder in setting password for the first time and method thereof | |
JP6994209B1 (en) | Authentication system and authentication method | |
WO2022255151A1 (en) | Data management system, data management method, and non-transitory recording medium | |
TW201921306A (en) | Multi-dimensional barcode based mobile payment method and mobile payment server system in which a payment server system inspects and confirms authentication data is correct and carries out a payment process and returns a payment result back to a mobile payment device and a seller side device |