TWI733590B - Identity recognition system and method using active nfc tag and tokenization - Google Patents

Identity recognition system and method using active nfc tag and tokenization Download PDF

Info

Publication number
TWI733590B
TWI733590B TW109131688A TW109131688A TWI733590B TW I733590 B TWI733590 B TW I733590B TW 109131688 A TW109131688 A TW 109131688A TW 109131688 A TW109131688 A TW 109131688A TW I733590 B TWI733590 B TW I733590B
Authority
TW
Taiwan
Prior art keywords
code
information
verification information
identity
key
Prior art date
Application number
TW109131688A
Other languages
Chinese (zh)
Other versions
TW202213139A (en
Inventor
宋育展
游政群
官有富
Original Assignee
中華電信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中華電信股份有限公司 filed Critical 中華電信股份有限公司
Priority to TW109131688A priority Critical patent/TWI733590B/en
Application granted granted Critical
Publication of TWI733590B publication Critical patent/TWI733590B/en
Publication of TW202213139A publication Critical patent/TW202213139A/en

Links

Images

Landscapes

  • Telephone Function (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The present invention provides an identity recognition system and method using active NFC (Near-field communication) tag and tokenization, and the identity recognition system including a mobile device with NFC function, an active NFC tag, an execution module and a tokenization subsystem, in which a user’s tokenization verification information for identity verification is written into the active NFC tag through the mobile device with NFC function, so that the active NFC tag actively transmits the tokenization verification information . In this way, the active NFC tag actively sent the tokenization verification information to the tokenization subsystem, so that the user's identity is verified by the tokenization subsystem.

Description

採用主動式NFC標籤與代碼化技術之身分識別系統及其方法 Identity recognition system and method adopting active NFC tag and coding technology

本發明係為一種身分識別技術,尤其指採用主動式NFC(Near-field communication,近距離無線通訊)標籤與代碼化(Tokenization)技術之身分識別系統及其方法。 The present invention is an identity recognition technology, and particularly refers to an identity recognition system and method using active NFC (Near-field communication) tags and Tokenization technology.

於習知技術中,NFC常用於短距離的資訊傳遞,如傳輸多媒體資訊(照片、影片或音樂等檔案),或作為電子票券、電子身分證、電子鑰匙以取代傳統的票證。 In conventional technologies, NFC is often used for short-distance information transmission, such as the transmission of multimedia information (photos, videos, or music files), or as an electronic ticket, electronic ID card, or electronic key to replace traditional tickets.

再者,習知具有NFC功能之裝置通常具有以下三種模式之至少一種:卡類比模式(Card emulation mode)、讀卡機模式(Reader/Writer mode)或對等模式(Peer-to-Peer mode)。 Furthermore, conventional devices with NFC function usually have at least one of the following three modes: Card emulation mode, Reader/Writer mode or Peer-to-Peer mode .

詳言之,卡類比模式係類似於習知的用於IC卡(Integrated circuit card)之無線射頻辨識(Radio frequency identification,RFID)技術,例如,當具有NFC功能之裝置採用卡類比模式時,可取代傳統的信用卡、交通卡、門禁卡等,以提供一讀卡機讀取該具有NFC功能之裝置,進而達到前述卡片之功能。 In detail, the card analog mode is similar to the conventional radio frequency identification (RFID) technology used for IC cards (Integrated circuit cards). For example, when the NFC-enabled device adopts the card analog mode, it can be Instead of traditional credit cards, transportation cards, access cards, etc., to provide a card reader to read the device with NFC function, and then achieve the function of the aforementioned card.

而採用讀卡機模式時,可透過該具有NFC功能之裝置作為非接觸式讀卡機以讀取NFC標籤,進而取得NFC標籤內的資訊,例如,讀取設置於藝文展覽的NFC標籤,以取得展覽介紹資料。或是,該具有NFC功能之裝置可寫入資訊至NFC標籤。 When the card reader mode is adopted, the NFC-enabled device can be used as a non-contact card reader to read the NFC tag, and then obtain the information in the NFC tag, for example, read the NFC tag set in the art exhibition, In order to obtain exhibition introduction materials. Or, the device with NFC function can write information to the NFC tag.

又,採用對等模式時,可於兩個具有NFC功能之裝置之間傳輸多媒體資訊(照片、影片或音樂等檔案),且快速建立兩裝置之間的連接。然而,NFC的傳輸距離較短,且NFC的每秒傳輸量低於藍牙(Bluetooth)的每秒傳輸量,故習知技術通常會結合NFC及藍牙,以快速建立連線,並提升傳輸量及傳輸距離。 In addition, when the peer-to-peer mode is adopted, multimedia information (files such as photos, videos or music) can be transferred between two NFC-enabled devices, and a connection between the two devices can be quickly established. However, the transmission distance of NFC is relatively short, and the transmission volume per second of NFC is lower than that of Bluetooth (Bluetooth). Therefore, conventional technologies usually combine NFC and Bluetooth to quickly establish a connection and increase the transmission volume. Transmission distance.

另一方面,現今NFC技術常用於行動裝置(如智慧型手機),以取代信用卡、交通卡(悠遊卡、一卡通、八達通等)等功能,以使用戶在生活上更加便利。惟,目前採用主流作業系統之行動裝置,如採用蘋果(Apple)公司的iOS系統或谷歌(Google)的Android系統之行動裝置,其中,採用iOS系統之行動裝置(如iPhone)不支援NFC的卡類比模式,故難以達到上述卡片功能,而採用Android系統之行動裝置需更換NFC SIM(Subscriber Identity Module,用戶身分模組)卡,才能使用上述卡片功能。因此,在使用上還有諸多不便處。 On the other hand, nowadays NFC technology is often used in mobile devices (such as smart phones) to replace credit cards, transportation cards (youyou cards, all-in-one cards, Octopus, etc.) functions to make life more convenient for users. However, currently mobile devices using mainstream operating systems, such as those using Apple’s iOS system or Google’s Android system, among which mobile devices using iOS systems (such as iPhone) do not support NFC cards In the analog mode, it is difficult to achieve the above-mentioned card function, and the mobile device using the Android system needs to replace the NFC SIM (Subscriber Identity Module) card in order to use the above-mentioned card function. Therefore, there are many inconveniences in use.

再者,當行動裝置使用NFC的卡類比模式時,必須內建硬體的安全元件(Security Element,SE)或軟體的主機卡類比(Host Card Emulation,HCE)才能保障用戶於交易時的安全性。但安全元件(SE)需綁定於硬體上(如行動裝置內部、外接SD卡或NFC的晶片),故設置成本較高且彈性較低。此外,雖主機卡類比(HCE)係採用純軟體實施,能降低設置成本及提高配置彈性,但也較容易遭受外部惡意攻擊,故安全性上也有相當地疑慮。 Furthermore, when the mobile device uses the NFC card analog mode, the security element (SE) of the hardware or the host card emulation (HCE) of the software must be built-in to ensure the security of the user during the transaction. . However, the secure element (SE) needs to be bound to the hardware (such as the internal mobile device, external SD card or NFC chip), so the set-up cost is higher and the flexibility is lower. In addition, although the host card analog (HCE) is implemented by pure software, it can reduce the setup cost and increase the configuration flexibility, but it is also more vulnerable to external malicious attacks, so there are considerable doubts about security.

因此,如何提高NFC於裝置上之相容性,以有效降低系統建置成本,且具有更高的安全性,以避免具有NFC功能之裝置遭受惡意攻擊,即為目前所亟待解決的課題之一。 Therefore, how to improve the compatibility of NFC on the device to effectively reduce the cost of system construction and have higher security to avoid malicious attacks on devices with NFC function is one of the urgent issues to be solved. .

本發明提供一種採用主動式近距離無線通信(Near-field communication,NFC)標籤與代碼化技術之身分識別系統,係包括:一具有應用程式之行動裝置,用以於該應用程式上輸入認證密碼,以令該應用程式解密一代碼封包,其中,該應用程式依據當下時間、該代碼封包中之資訊及該認證密碼形成一身分驗證資訊,再依據該代碼封包中之資訊及該身分驗證資訊形成一代碼驗證資訊;一主動式NFC標籤,係通訊連接該行動裝置,用以接收來自該行動裝置之應用程式的該代碼驗證資訊,以由該主動式NFC標籤主動地傳遞該代碼驗證資訊;一執行設備,係通訊連接該主動式NFC標籤,用以傳遞來自該主動式NFC標籤的代碼驗證資訊;以及一代碼化子系統,係通訊連接該執行設備,用以接收與驗證來自該執行設備的代碼驗證資訊,以由該代碼化子系統命令該執行設備作動。 The present invention provides an identity recognition system using active Near-field communication (NFC) tags and coding technology, which includes: a mobile device with an application program for inputting an authentication password on the application program To enable the application to decrypt a code packet, where the application forms identity verification information based on the current time, information in the code packet, and the authentication password, and then forms identity verification information based on the information in the code packet and the identity verification information A code verification information; an active NFC tag, which is communicatively connected to the mobile device to receive the code verification information from an application of the mobile device, so that the active NFC tag actively transmits the code verification information; The execution device is communicatively connected to the active NFC tag to transmit code verification information from the active NFC tag; and a coding subsystem is communicatively connected to the execution device to receive and verify the code from the execution device Code verification information, so that the coded subsystem commands the execution device to act.

本發明又提供一種採用主動式近距離無線通信(Near-field communication,NFC)標籤與代碼化技術之身分識別方法,係包括:令一行動裝置中之應用程式接收認證密碼,以令該應用程式解密一代碼封包;令該應用程式依據當下時間、該代碼封包中之資訊及該認證密碼形成一身分驗證資訊;令該應用程式依據該代碼封包中之資訊及該身分驗證資訊形成一代碼驗證資訊;令一主動式NFC標籤接收來自該行動裝置之應用程式的該代 碼驗證資訊,以由該主動式NFC標籤主動地傳遞該代碼驗證資訊;令一執行設備傳遞來自該主動式NFC標籤的代碼驗證資訊;以及令一代碼化子系統接收與驗證來自該執行設備的代碼驗證資訊,以由該代碼化子系統命令該執行設備作動。 The present invention also provides an identity recognition method using active Near-field communication (NFC) tags and coding technology, which includes: enabling an application in a mobile device to receive an authentication password to make the application Decrypt a code packet; make the application form an identity verification information based on the current time, information in the code packet, and the authentication password; make the application form a code verification information based on the information in the code packet and the identity verification information ; Make an active NFC tag receive the code from the application of the mobile device Code verification information, so that the active NFC tag actively transmits the code verification information; causes an execution device to transmit the code verification information from the active NFC tag; and causes a coding subsystem to receive and verify the code verification information from the execution device Code verification information, so that the coded subsystem commands the execution device to act.

於一實施例中,該代碼封包中之資訊係包括一代碼化資訊及相對應之代碼ID(識別碼)、一次性驗證金鑰組及相對應之金鑰ID組,該一次性驗證金鑰組包括複數個一次性驗證金鑰,且該金鑰ID組包括複數個金鑰ID。 In one embodiment, the information in the code packet includes a coded information and a corresponding code ID (identification code), a one-time verification key group and a corresponding key ID group, the one-time verification key The group includes a plurality of one-time verification keys, and the key ID group includes a plurality of key IDs.

於一實施例中,該應用程式組合該當下時間、該代碼封包中之代碼化資訊及該認證密碼以形成該身分驗證資訊。 In one embodiment, the application program combines the current time, the coded information in the code packet, and the authentication password to form the identity verification information.

於一實施例中,該應用程式利用該代碼封包中之一次性驗證金鑰對該身分驗證資訊進行加密以形成一加密的身分驗證資訊。 In one embodiment, the application program uses the one-time verification key in the code packet to encrypt the identity verification information to form an encrypted identity verification information.

於一實施例中,該應用程式再利用該代碼封包中之一次性驗證金鑰將該加密的身分驗證資訊、該代碼ID、及該一次性驗證金鑰所對應之金鑰ID進行壓碼以產生一簽章,該應用程式再將該加密的身分驗證資訊、該代碼ID、該一次性驗證金鑰所對應之金鑰ID及該簽章形成該代碼驗證資訊。 In one embodiment, the application program then uses the one-time verification key in the code packet to compress the encrypted identity verification information, the code ID, and the key ID corresponding to the one-time verification key to A signature is generated, and the application program then forms the code verification information with the encrypted identity verification information, the code ID, the key ID corresponding to the one-time verification key, and the signature.

於一實施例中,該代碼化子系統依據該代碼驗證資訊中之代碼ID向該代碼化子系統中之儲存模組取得對應之解密金鑰組,且該代碼化子系統依據該代碼封包中之一次性驗證金鑰所對應之金鑰ID取得該解密金鑰組中之一解碼金鑰。 In one embodiment, the coding subsystem obtains the corresponding decryption key set from the storage module in the coding subsystem according to the code ID in the code verification information, and the coding subsystem obtains the corresponding decryption key set according to the code packet The key ID corresponding to the one-time verification key obtains one of the decryption keys in the decryption key group.

於一實施例中,該代碼化子系統透過該解碼金鑰對該代碼驗證資訊中之加密的身分驗證資訊進行解密,以獲得該身分驗證資訊中的該當下時間、該代碼化資訊及該認證密碼。 In one embodiment, the coding subsystem decrypts the encrypted identity verification information in the code verification information through the decryption key to obtain the current time, the coding information, and the certification in the identity verification information password.

於一實施例中,該代碼化子系統驗證該身分驗證資訊及該代碼驗證資訊中之簽章是否正確,而當該身分驗證資訊及該代碼驗證資訊中之簽章驗證通過後,該代碼化子系統依據該代碼ID向該儲存模組取得一真實代號,以將該真實代號回傳至該執行設備。 In one embodiment, the coding subsystem verifies whether the identity verification information and the signature in the code verification information are correct, and when the identity verification information and the signature in the code verification information are verified, the coding The subsystem obtains a real code from the storage module according to the code ID, so as to return the real code to the execution device.

於一實施例中,於初次使用該應用程式時,該應用程式接收用以驗證之有效資訊及設定該認證密碼,使該應用程式傳送該有效資訊及該認證密碼至該代碼化子系統以請求取得該代碼封包。 In one embodiment, when the application is used for the first time, the application receives valid information for verification and sets the authentication password, so that the application sends the valid information and the authentication password to the coding subsystem to request Get the code packet.

於一實施例中,當該代碼化子系統驗證該有效資訊正確後,該代碼化子系統產生且傳送該代碼封包至該應用程式中,以使該應用程式對該代碼封包進行加密與儲存該代碼封包於該行動裝置中之一安全儲存位置。 In one embodiment, after the coding subsystem verifies that the valid information is correct, the coding subsystem generates and transmits the code packet to the application program, so that the application program encrypts the code packet and stores the code packet The code is packaged in a secure storage location in the mobile device.

由上可知,本發明之採用主動式NFC標籤與代碼化技術之身分識別系統及其方法,透過具有NFC功能之行動裝置將一用戶用以身分驗證之代碼驗證資訊寫入主動式NFC標籤,藉此,將該代碼驗證資訊傳送至後端的代碼化子系統,以驗證該用戶之身分是否為正確,故相較於習知技術,即使具有NFC功能之行動裝置不具備卡類比模式(如iPhone),或是未安裝NFC SIM卡(如Android),也可以透過行動裝置的讀卡機模式進行用戶身分之驗證。因此,相較於過去將驗證資訊存放於硬體(如NFC SIM), 可相容於更多不同類型的裝置,且亦可達到相同或更高等級的安全驗證程度。 It can be seen from the above that the identity recognition system and method using active NFC tag and coding technology of the present invention writes a user’s code verification information for identity verification into the active NFC tag through a mobile device with NFC function. Therefore, the code verification information is sent to the back-end coding subsystem to verify whether the user's identity is correct. Therefore, compared with the conventional technology, even mobile devices with NFC function do not have the card analog mode (such as iPhone) , Or the NFC SIM card (such as Android) is not installed, the user identity can also be verified through the card reader mode of the mobile device. Therefore, compared to storing the verification information in hardware (such as NFC SIM) in the past, Compatible with more different types of devices, and can also achieve the same or higher level of security verification.

1:採用主動式NFC標籤與代碼化技術之身分識別系統 1: An identity recognition system using active NFC tags and coding technology

10:行動裝置 10: Mobile device

100:應用程式 100: application

11:主動式NFC標籤 11: Active NFC tag

12:執行設備 12: Execution equipment

13:代碼化子系統 13: Coding subsystem

130:儲存模組 130: storage module

S21至S26:步驟 S21 to S26: steps

S31至S314:步驟 S31 to S314: steps

圖1係為本發明之採用主動式NFC標籤與代碼化技術之身分識別系統示意圖; Figure 1 is a schematic diagram of the identity recognition system using active NFC tags and coding technology of the present invention;

圖2係為本發明之採用主動式NFC標籤與代碼化技術之身分識別方法之申請流程圖;以及 Figure 2 is an application flow chart of the identity identification method using active NFC tags and coding technology according to the present invention; and

圖3係為本發明之採用主動式NFC標籤與代碼化技術之身分識別方法之驗證流程圖。 Fig. 3 is a flow chart of the authentication method of the identity recognition method using active NFC tag and coding technology of the present invention.

須知,本說明書所附圖式所繪示之結構、比例、大小等,均僅用以配合說明書所揭示之內容,以供熟悉此技藝之人士之瞭解與閱讀,並非用以限定本發明可實施之限定條件,故不具技術上之實質意義,任何結構之修飾、比例關係之改變或大小之調整,在不影響本發明所能產生之功效及所能達成之目的下,均應仍落在本發明所揭示之技術內容得能涵蓋之範圍內。同時,本說明書中所引用之如「一」、「第一」、「第二」、「上」及「下」等之用語,亦僅為便於敘述之明瞭,而非用以限定本發明可實施之範圍,其相對關係之改變或調整,在無實質變更技術內容下,當視為本發明可實施之範疇。 It should be noted that the structure, ratio, size, etc. shown in the drawings in this manual are only used to match the content disclosed in the manual for the understanding and reading of those who are familiar with the art, and are not intended to limit the implementation of the present invention. Therefore, it does not have any technical significance. Any structural modification, proportional relationship change or size adjustment, without affecting the effects and objectives that can be achieved by the present invention, should still fall within the scope of the present invention. The technical content disclosed by the invention can be covered. At the same time, the terms such as "一", "first", "second", "上" and "下" cited in this manual are only for ease of description and are not used to limit the scope of the present invention. The scope of implementation, and the change or adjustment of the relative relationship, shall be regarded as the scope of the implementation of the present invention without substantial changes to the technical content.

圖1係為本發明之採用主動式NFC(近距離無線通訊)標籤與代碼化技術之身分識別系統示意圖。如圖1所示,該身分識別系統1係包括:一具有NFC功能之行動裝置10、一主動式NFC標籤11、一執行設備12以及一代碼化子系統13,其中,該行動裝置10具有一NFC晶片(圖中未式)及一應用程式100,而該代碼化子系統13具有一儲存模組130。應可理解地,該行動裝置10包括但不限於智慧型手機、平板電腦、智慧型手錶及其他穿戴式裝置。 FIG. 1 is a schematic diagram of the identity recognition system using active NFC (near field communication) tags and coding technology according to the present invention. As shown in FIG. 1, the identity recognition system 1 includes: a mobile device 10 with NFC function, an active NFC tag 11, an execution device 12, and a coding subsystem 13, wherein the mobile device 10 has a An NFC chip (not shown in the figure) and an application program 100, and the coding subsystem 13 has a storage module 130. It should be understood that the mobile device 10 includes, but is not limited to, a smart phone, a tablet computer, a smart watch, and other wearable devices.

具體而言,該行動裝置10透過設置於其內部的NFC晶片,以使該行動裝置10具有NFC功能,且該應用程式100具有可操作之使用者介面(User Interface,UI),以提供下載、儲存或操作等動作,而該主動式NFC標籤11係可主動地將寫入的資訊傳遞至後端設備(如執行設備12)。又,該執行設備12係建立於一電腦(如個人電腦、筆記型電腦、嵌入式電腦)或一微控制器(或稱單晶片微電腦),或透過執行模組以軟體、韌體或硬體之形式呈現於具有一計算能力之實體裝置。代碼化子系統13係建立於一伺服器(如通用伺服器、檔案伺服器、儲存單元伺服器等)。應可理解地,本發明之具有NFC功能的該行動裝置10至少可執行NFC之讀卡機模式,而該應用程式100係可為智慧型手機之應用程式(Application,APP),又,相較於習知的NFC標籤僅能提供資訊給一裝置(如讀卡機)讀取或只是單純寫入資料於該習知的NFC標籤中,而本發明之主動式NFC標籤11更能主動地將寫入的資訊傳遞出去。 Specifically, the mobile device 10 enables the mobile device 10 to have the NFC function through the NFC chip provided in the mobile device 10, and the application 100 has an operable user interface (UI) to provide downloading, For storage or operation, the active NFC tag 11 can actively transmit the written information to the back-end device (such as the execution device 12). In addition, the execution device 12 is built on a computer (such as a personal computer, a notebook computer, an embedded computer) or a microcontroller (or a single-chip microcomputer), or is implemented by software, firmware, or hardware through an execution module The form is presented in a physical device with a computing capability. The coding subsystem 13 is built on a server (such as a general server, a file server, a storage unit server, etc.). It should be understood that the mobile device 10 with the NFC function of the present invention can at least perform the NFC card reader mode, and the application 100 can be an application (APP) of a smart phone. While the conventional NFC tag can only provide information to a device (such as a card reader) to read or simply write data in the conventional NFC tag, the active NFC tag 11 of the present invention can more actively The written information is passed out.

再者,該行動裝置10係透過各種網路,如網際網路(Internet),通訊連接該代碼化子系統13,而該主動式NFC標籤11係透過 有線或無線之方式通訊連接該設備12,又,該執行設備12亦透過各種網路,如網際網路,通訊連接該代碼化子系統13。 Furthermore, the mobile device 10 communicates with the coding subsystem 13 through various networks, such as the Internet, and the active NFC tag 11 communicates through The device 12 is connected to the device 12 in a wired or wireless manner, and the execution device 12 is also connected to the coding subsystem 13 via various networks, such as the Internet.

於本實施例中,一用戶(圖中未示)使用該行動裝置10之應用程式100,以於該應用程式100上輸入可驗證該用戶之身分之有效資訊及設定該應用程式100之認證密碼,接著,該應用程式100傳送該有效資訊及該認證密碼至該代碼化子系統13,以依據該有效資訊及該認證密碼向該代碼化子系統13請求取得一代碼封包,其中,該代碼封包係包括一代碼化資訊及相對應之代碼ID(Identification,識別碼)、一次性驗證金鑰組及相對應之金鑰ID組。應可理解地,該一次性驗證金鑰組及相對應之金鑰ID組係分別包含複數個一次性驗證金鑰及相對應之金鑰ID,而該代碼ID係為專屬該用戶之亂數,故無法以數學公式反推該代碼ID,以避免遭受惡意破解,進而產生資訊安全問題。此外,該有效資訊可包括但不限於用戶之身分證字號、生日、姓名、員工號碼及手機號碼等個人資料,而該認證密碼可包括但不限於PIN碼等密碼。 In this embodiment, a user (not shown in the figure) uses the application 100 of the mobile device 10 to input valid information that can verify the user's identity on the application 100 and set the authentication password of the application 100 Then, the application program 100 transmits the valid information and the authentication password to the coding subsystem 13, so as to request the coding subsystem 13 to obtain a code packet based on the valid information and the authentication password, wherein the code packet It includes a coded information and a corresponding code ID (Identification, identification code), a one-time verification key group and a corresponding key ID group. It should be understood that the one-time verification key set and the corresponding key ID set respectively include a plurality of one-time verification keys and corresponding key IDs, and the code ID is a random number unique to the user , So the code ID cannot be reversed by mathematical formulas to avoid malicious cracking, which may cause information security problems. In addition, the valid information may include, but is not limited to, the user's personal information such as the user's ID number, birthday, name, employee number, and mobile phone number, and the authentication password may include, but is not limited to, passwords such as PIN codes.

再者,當該代碼化子系統13驗證該有效資訊為正確無誤後,該代碼化子系統13產生並傳送該代碼封包至該行動裝置10之應用程式100中。於該行動裝置10之應用程式100接收到該代碼化資訊後,該應用程式100對該代碼封包進行加密與儲存於該行動裝置10中之一安全儲存位置或安全存放處。具言之,可透過該行動裝置10中用於硬體加密的iOS Secure enclave(Apple)或Android Keystore(Google)內的金鑰對該代碼封包中的該代碼化資訊及相對應之代碼ID、該一次性驗證金鑰組及相對應之金鑰ID組進行加密,且該應用程式100將再將硬體加密後的該代碼化資訊及相 對應之代碼ID、該一次性驗證金鑰組及相對應之金鑰ID組儲存於該應用程式100權限保護下的區域,亦即,儲存於該行動裝置10中之一安全儲存位置或安全存放處。 Furthermore, after the coding subsystem 13 verifies that the valid information is correct, the coding subsystem 13 generates and transmits the code packet to the application program 100 of the mobile device 10. After the application program 100 of the mobile device 10 receives the coded information, the application program 100 encrypts the code packet and stores it in a safe storage location or a safe storage place in the mobile device 10. In particular, the coded information and the corresponding code ID in the code package can be obtained through the key in the iOS Secure enclave (Apple) or Android Keystore (Google) used for hardware encryption in the mobile device 10 The one-time verification key set and the corresponding key ID set are encrypted, and the application 100 will then encrypt the coded information and relative information after hardware encryption. The corresponding code ID, the one-time verification key set, and the corresponding key ID set are stored in an area protected by the application 100 permissions, that is, stored in a safe storage location or safe storage in the mobile device 10 Place.

在一實施例中,當該用戶需驗證其身分以令該執行設備12作動時,該應用程式100請求該用戶輸入該應用程式100之認證密碼,又,該應用程式100將位於該安全之處的該代碼封包進行解密後取出。接著,該應用程式100對當下時間、該代碼化資訊及該認證密碼進行組合,以形成一身分驗證資訊,且選擇該一次性驗證金鑰組之一者對該身分驗證資訊進行加密,以形成加密的身分驗證資訊,同時註記該一次性驗證金鑰組之一者已使用。 In one embodiment, when the user needs to verify his identity to enable the execution device 12 to operate, the application 100 requests the user to enter the authentication password of the application 100, and the application 100 will be located in the safe place After decrypting the code packet, take it out. Then, the application 100 combines the current time, the coded information, and the authentication password to form an identity verification information, and selects one of the one-time verification key sets to encrypt the identity verification information to form Encrypted identity verification information, and note that one of the one-time verification key sets has been used.

又,該應用程式100再使用該一次性驗證金鑰組之一者對該加密的身分驗證資訊、該一次性驗證金鑰組之一者所對應之金鑰ID及該代碼ID進行壓碼以產生一簽章,最後將該加密的身分驗證資訊、該代碼ID、該一次性驗證金鑰組之一者所對應之金鑰ID及該簽章形成一代碼驗證資訊,進而透過行動裝置10將該代碼驗證資訊寫入該主動式NFC標籤11中。 In addition, the application 100 uses one of the one-time verification key sets to compress the encrypted identity verification information, the key ID and the code ID corresponding to one of the one-time verification key sets to A signature is generated, and finally the encrypted identity verification information, the code ID, the key ID corresponding to one of the one-time verification key sets, and the signature form a code verification information, and then the mobile device 10 The code verification information is written into the active NFC tag 11.

詳言之,該一次性驗證金鑰經使用後即失去效用,且該應用程式100內所有的該一次性驗證金鑰組及相對應之金鑰ID組皆失去效用時,該應用程式100可透過網路向該代碼化子系統13請求補充新的一次性驗證金鑰組及相對應之金鑰ID組,而該代碼化子系統13可視該應用程式100的使用狀況評估目前該行動裝置10之風險後,再次發送該新的一次性驗證金鑰組及相對應之金鑰ID組至該行動裝置10之應用程式100。 In detail, the one-time verification key loses its effectiveness after being used, and when all the one-time verification key sets and the corresponding key ID sets in the application 100 lose their effectiveness, the application 100 can The coding subsystem 13 is requested to supplement the new one-time verification key set and the corresponding key ID set through the network, and the coding subsystem 13 can evaluate the current mobile device 10 according to the usage status of the application 100 After the risk, the new one-time verification key set and the corresponding key ID set are sent to the application 100 of the mobile device 10 again.

在一實施例中,當該主動式NFC標籤11接收該代碼驗證資訊時,該主動式NFC標籤11將該代碼驗證資訊透過線路介面傳送至該執行設備12,且藉由該執行設備12再經由網路將該代碼驗證資訊傳送至該代碼化子系統13,以由該代碼化子系統13對該代碼驗證資訊進行驗證。詳言之,該代碼化子系統13依據該代碼驗證資訊中的該代碼ID向該儲存模組130取得對應之解密金鑰組,再依據該一次性驗證金鑰組之一者所對應之金鑰ID取得該解密金鑰組中之一解碼金鑰,進而透過該解碼金鑰對該加密的身分驗證資訊進行解密以獲得該身分驗證資訊中的該當下時間、該代碼化資訊及該認證密碼。 In one embodiment, when the active NFC tag 11 receives the code verification information, the active NFC tag 11 transmits the code verification information to the execution device 12 through a line interface, and the execution device 12 then passes The network transmits the code verification information to the coding subsystem 13 so that the coding subsystem 13 verifies the code verification information. In detail, the coding subsystem 13 obtains the corresponding decryption key set from the storage module 130 according to the code ID in the code verification information, and then obtains the corresponding decryption key set according to one of the one-time verification key sets. The key ID obtains one of the decryption keys in the decryption key group, and then decrypts the encrypted authentication information through the decryption key to obtain the current time, the coded information, and the authentication password in the identity authentication information .

再者,該代碼化子系統13驗證該身分驗證資訊及該簽章是否為正確無誤,當驗證通過後該代碼化子系統13依據該代碼ID向該儲存模組130取得該用戶之真實代號且回傳至該執行設備12,以令該執行設備12作動。應可理解地,該用戶之真實代號可包括但不限於用戶之身分證字號、生日、姓名、員工號碼及手機號碼等個人資料。 Furthermore, the coding subsystem 13 verifies whether the identity verification information and the signature are correct, and when the verification is passed, the coding subsystem 13 obtains the user's real code from the storage module 130 according to the code ID and It is sent back to the execution device 12 to make the execution device 12 act. It should be understandable that the user's real code may include, but is not limited to, the user's personal information such as the user's ID number, birthday, name, employee number, and mobile phone number.

此實施例係為本發明之採用主動式NFC標籤與代碼化技術之身分識別系統1之實施例,如圖1所示。當公司內的員工需使用本發明之採用主動式NFC標籤與代碼化技術之身分識別系統1進行其身分辨識時,該員工需透過其一具有NFC功能之行動裝置10中之一應用程式100以先行進行申請。 This embodiment is an embodiment of the identity recognition system 1 using active NFC tags and coding technology of the present invention, as shown in FIG. 1. When an employee in the company needs to use the identity recognition system 1 of the present invention that uses active NFC tags and coding technology to identify his identity, the employee needs to use one of the applications 100 in one of the NFC-enabled mobile devices 10 Apply first.

具言之,該員工先將該應用程式100安裝至具有NFC功能之行動裝置10上,且於該應用程式100上輸入其公司配發給該員工之帳號與密碼(如前述之有效資訊),並設定該應用程式100之認證密碼(如PIN碼), 以使該應用程式100將該員工之帳號與密碼及該應用程式100之認證密碼經由網路傳送至一代碼化子系統13以提出申請。 In other words, the employee first installs the application 100 on the mobile device 10 with NFC function, and enters the account and password issued by the company to the employee on the application 100 (such as the valid information mentioned above). And set the authentication password (such as PIN code) of the application 100, The application program 100 transmits the account and password of the employee and the authentication password of the application program 100 via the network to a coding subsystem 13 for application.

此時,該代碼化子系統13接收該員工之帳號與密碼、及該認證密碼,且該代碼化子系統13驗證該員工之帳號與密碼的合法性,當確認該員工之帳號與密碼具合法性後,該代碼化子系統13發出一代碼封包傳送至該應用程式100,其中,該代碼封包係包括一代碼化資訊及相對應之代碼ID、一次性驗證金鑰組及相對應之金鑰ID。再者,該應用程式100將該代碼封包加密與儲存該代碼封包於行動裝置10中之一安全儲存位置或安全存放處。 At this time, the coding subsystem 13 receives the employee’s account and password, and the authentication password, and the coding subsystem 13 verifies the validity of the employee’s account and password, and confirms that the employee’s account and password are legal After sex, the coding subsystem 13 sends a code packet to the application program 100, where the code packet includes a coded information and a corresponding code ID, a one-time verification key set and a corresponding key ID. Furthermore, the application program 100 encrypts the code packet and stores the code packet in a safe storage location or a safe storage place in the mobile device 10.

於本實施例中,當該員工進入其公司且需驗證其身分時,該員工先行輸入該應用程式100之認證密碼,且該應用程式100將儲存於安全存放處的該代碼封包解密後取出,以將當下時間、該代碼化資訊及該認證密碼進行組合以形成一身分驗證資訊。接著,該應用程式100選擇該一次性驗證金鑰組之一者對該身分驗證資訊進行加密,以形成加密的身分驗證資訊。 In this embodiment, when the employee enters his company and needs to verify his identity, the employee first enters the authentication password of the application 100, and the application 100 decrypts the code packet stored in the secure storage and takes it out. Combine the current time, the coded information, and the authentication password to form an identity authentication information. Then, the application program 100 selects one of the one-time verification key sets to encrypt the identity verification information to form encrypted identity verification information.

再者,該應用程式100使用該一次性驗證金鑰組之一者對該加密的身分驗證資訊、該一次性驗證金鑰組之一者所對應之金鑰ID及該代碼ID進行壓碼以產生一簽章。又,該應用程式100將該加密的身分驗證資訊、該代碼ID、該一次性驗證金鑰組之一者所對應之金鑰ID及該簽章形成一代碼驗證資訊,進而透過該行動裝置10將該代碼驗證資訊寫入一門禁裝置(圖中未示)中。應可理解地,該門禁裝置係包括一主動式NFC標籤11 及通訊連結該主動式NFC標籤11之執行設備12,且該行動裝置10將該代碼驗證資訊寫入該主動式NFC標籤11。 Furthermore, the application 100 uses one of the one-time verification key sets to compress the encrypted identity verification information, the key ID and the code ID corresponding to one of the one-time verification key sets to Generate a signature. In addition, the application program 100 forms a code verification information with the encrypted identity verification information, the code ID, the key ID corresponding to one of the one-time verification key sets, and the signature, and then transmits the code verification information through the mobile device 10 Write the code verification information into an access control device (not shown in the figure). It should be understood that the access control device includes an active NFC tag 11 And the execution device 12 of the active NFC tag 11 is communicatively connected, and the mobile device 10 writes the code verification information into the active NFC tag 11.

因此,當該門禁裝置接收該代碼驗證資訊時,該門禁裝置之執行設備12將該代碼驗證資訊傳送至該代碼化子系統13,以由該代碼化子系統13依據該代碼驗證資訊中的該代碼ID向一儲存模組130取得對應之解密金鑰組,再依據該一次性驗證金鑰組之一者所對應之金鑰ID取得該解密金鑰組中之一解碼金鑰,進而透過該解碼金鑰對該加密的身分驗證資訊進行解密以獲得該身分驗證資訊中的該當下時間、該代碼化資訊及該認證密碼。 Therefore, when the access control device receives the code verification information, the execution device 12 of the access control device transmits the code verification information to the coding subsystem 13, so that the coding subsystem 13 verifies the information according to the code. The code ID obtains the corresponding decryption key set from a storage module 130, and then obtains one of the decryption key sets in the decryption key set according to the key ID corresponding to one of the one-time verification key sets, and then uses the The decryption key decrypts the encrypted identity verification information to obtain the current time, the coded information, and the authentication password in the identity verification information.

是以,該代碼化子系統13驗證該身分驗證資訊及該簽章是否為正確無誤,若為為正確無誤,則該代碼化子系統13依據該代碼ID向該儲存模組130取得該員工之員工號碼且回傳至該門禁裝置之執行設備12,令該門禁裝置之執行設備12執行解鎖之功能,以使該員工可以進入公司。 Therefore, the coding subsystem 13 verifies whether the identity verification information and the signature are correct. If they are correct, the coding subsystem 13 obtains the employee’s information from the storage module 130 according to the code ID. The employee number is returned to the execution device 12 of the access control device, so that the execution device 12 of the access control device executes the unlocking function, so that the employee can enter the company.

圖2係為本發明之採用主動式NFC標籤與代碼化技術之身分識別方法之申請流程圖,且一併參閱圖1說明之。如圖2所示,此申請流程包含下列步驟S21至步驟S26: FIG. 2 is the application flow chart of the identity recognition method using active NFC tag and coding technology of the present invention, and refer to FIG. 1 as well. As shown in Figure 2, this application process includes the following steps S21 to S26:

於步驟S21中,輸入可驗證一用戶之身分之有效資訊及設定一認證密碼(如PIN碼)於一具有NFC功能之行動裝置10中之應用程式100上。 In step S21, input valid information that can verify the identity of a user and set an authentication password (such as a PIN code) on the application 100 in a mobile device 10 with NFC function.

於步驟S22中,該應用程式100傳送該有效資訊及該認證密碼至一代碼化子系統13。 In step S22, the application program 100 transmits the valid information and the authentication password to a coding subsystem 13.

於步驟S23中,該代碼化子系統13驗證該有效資訊。 In step S23, the coding subsystem 13 verifies the valid information.

於步驟S24中,若該有效資訊為正確無誤,該代碼化子系統13產生一代碼封包,其中,該代碼封包係包括一代碼化資訊及相對應之代碼ID、一次性驗證金鑰組及相對應之金鑰ID組。 In step S24, if the valid information is correct, the coding subsystem 13 generates a code packet, where the code packet includes a coded information and a corresponding code ID, a one-time verification key set, and relative information. The corresponding key ID group.

於步驟S25中,該代碼化子系統13傳送該代碼封包至該行動裝置10之應用程式100中。 In step S25, the coding subsystem 13 transmits the code packet to the application program 100 of the mobile device 10.

於步驟S26中,該應用程式100加密並儲存該代碼封包於該行動裝置10中。 In step S26, the application 100 encrypts and stores the code package in the mobile device 10.

圖3係為本發明之採用主動式NFC標籤與代碼化技術之身分識別方法之驗證流程圖,且一併參閱圖1說明之。如圖3所示,此驗證流程包含下列步驟S31至步驟S314: FIG. 3 is a flowchart of the authentication method of the identity recognition method using active NFC tags and coding technology according to the present invention, and also refer to FIG. 1 for description. As shown in Figure 3, this verification process includes the following steps S31 to S314:

於步驟S31中,一用戶輸入一認證密碼(如PIN碼)於一行動裝置10之應用程式100中。 In step S31, a user inputs an authentication password (such as a PIN code) into the application 100 of a mobile device 10.

於步驟S32中,該應用程式100對一代碼封包進行解密,以取出該代碼封包,其中,該代碼封包係包括一代碼化資訊及相對應之代碼ID、一次性驗證金鑰組及相對應之金鑰ID組。 In step S32, the application program 100 decrypts a code packet to take out the code packet, where the code packet includes a coded information and a corresponding code ID, a one-time verification key set, and a corresponding Key ID group.

於步驟S33中,該應用程式100對當下時間、該代碼化資訊及該認證密碼進行組合以形成一身分驗證資訊,且選擇該一次性驗證金鑰組之一者對該身分驗證資訊進行加密,以形成加密的身分驗證資訊,同時註記該一次性驗證金鑰組之一者已使用。 In step S33, the application 100 combines the current time, the coded information, and the authentication password to form an identity verification information, and selects one of the one-time verification key sets to encrypt the identity verification information. To form encrypted identity verification information, and at the same time note that one of the one-time verification key sets has been used.

於步驟S34中,該應用程式100再使用該一次性驗證金鑰組之一者對該加密的身分驗證資訊、該一次性驗證金鑰組之一者所對應之金鑰ID及該代碼ID進行壓碼以產生一簽章。 In step S34, the application 100 uses one of the one-time verification key sets to perform the encrypted identity verification information, the key ID corresponding to one of the one-time verification key sets, and the code ID. Compress the code to generate a signature.

於步驟S35中,該應用程式100該加密的身分驗證資訊、該代碼ID、該一次性驗證金鑰組之一者所對應之金鑰ID及該簽章形成一代碼驗證資訊。 In step S35, the encrypted identity verification information of the application 100, the code ID, the key ID corresponding to one of the one-time verification key sets, and the signature form a code verification information.

於步驟S36中,該行動裝置10將該代碼驗證資訊寫入該主動式NFC標籤11中。 In step S36, the mobile device 10 writes the code verification information into the active NFC tag 11.

於步驟S37中,該主動式NFC標籤11將接收來自該行動裝置10之應用程式100的該代碼驗證資訊,且透過線路介面主動地傳送該代碼驗證資訊至該執行設備12。 In step S37, the active NFC tag 11 will receive the code verification information from the application program 100 of the mobile device 10, and actively transmit the code verification information to the execution device 12 through a line interface.

於步驟S38中,該執行設備12再經由網路將來自該主動式NFC標籤11的該代碼驗證資訊傳送至一代碼化子系統13。 In step S38, the execution device 12 transmits the code verification information from the active NFC tag 11 to a coding subsystem 13 via the network.

於步驟S39中,該代碼化子系統13依據該代碼驗證資訊中的該代碼ID取得對應之解密金鑰組,再依據該一次性驗證金鑰組之一者所對應之金鑰ID取得該解密金鑰組中之一解碼金鑰。 In step S39, the coding subsystem 13 obtains the corresponding decryption key set according to the code ID in the code verification information, and then obtains the decryption according to the key ID corresponding to one of the one-time verification key sets One of the key sets decodes the key.

於步驟S310中,該代碼化子系統13依據該解碼金鑰對該加密的身分驗證資訊進行解密以獲得該身分驗證資訊中的該當下時間、該代碼化資訊及該認證密碼。 In step S310, the coding subsystem 13 decrypts the encrypted identity verification information according to the decryption key to obtain the current time, the coding information, and the authentication password in the identity verification information.

於步驟S311中,該代碼化子系統13驗證該身分驗證資訊及該簽章是否為正確無誤。 In step S311, the coding subsystem 13 verifies whether the identity verification information and the signature are correct.

於步驟S312中,當驗證通過時,該代碼化子系統13依據該代碼ID取得該用戶之真實代號。 In step S312, when the verification is passed, the coding subsystem 13 obtains the real code of the user according to the code ID.

於步驟S313中,該代碼化子系統13傳送該用戶之真實代號至該執行設備12。 In step S313, the coding subsystem 13 transmits the real code of the user to the execution device 12.

於步驟S314中,該執行設備12依據該用戶之真實代號執行其功能,例如,門禁解鎖等。 In step S314, the execution device 12 executes its functions according to the user's real code, such as unlocking the door.

綜上所述,本發明之採用主動式NFC標籤與代碼化技術之身分識別系統及其方法係提供一用戶方便且安全之身分驗證方式。具體而言,本發明透過具有NFC功能之行動裝置將該用戶用以身分驗證之代碼驗證資訊寫入主動式NFC標籤,藉此,將該代碼驗證資訊傳送至後端的代碼化子系統,以驗證該用戶之身分是否為正確。 In summary, the identity recognition system and method using active NFC tags and coding technology of the present invention provide a convenient and safe identity verification method for users. Specifically, the present invention writes the code verification information used by the user for identity verification into the active NFC tag through a mobile device with NFC function, thereby transmitting the code verification information to the back-end coding subsystem for verification Whether the identity of the user is correct.

再者,本發明之採用主動式NFC標籤與代碼化技術之身分識別系統及其方法至少具有以下技術差異及其功效: Furthermore, the identity recognition system and method using active NFC tag and coding technology of the present invention have at least the following technical differences and effects:

一、本發明係透過具有NFC功能之行動裝置,利用軟體加密方式將一用戶自一代碼化子系統所取得之代碼封包存放於行動裝置內,再將該用戶用以身分驗證之代碼驗證資訊寫入主動式NFC標籤,以藉由主動式NFC標籤之設置,即使具有NFC功能之行動裝置不具備卡類比模式(如iPhone),或是未安裝NFC SIM卡(如Android),也可以透過行動裝置的讀卡機模式進行用戶身分之驗證。因此,相較於過去將驗證資訊存放於硬體(如NFC SIM),可相容於更多不同類型的裝置,且亦可達到相同或更高等級的安全驗證程度。 1. The present invention uses a mobile device with NFC function to store a code packet obtained by a user from a coding subsystem in the mobile device by means of software encryption, and then writes the code verification information for the user’s identity verification Into the active NFC tag, through the setting of the active NFC tag, even if the mobile device with NFC function does not have the card analog mode (such as iPhone), or the NFC SIM card (such as Android) is not installed, the mobile device can be used The card reader mode is used to verify user identity. Therefore, compared to storing the verification information in hardware (such as NFC SIM) in the past, it is compatible with more different types of devices and can achieve the same or higher level of security verification.

二、本發明不需要在行動裝置內安裝硬體的安全元件(SE),故可以降低在行動裝置的成本,且使行動裝置不受安全元件(SE)所限制,能更有彈性地應用於不同類型的裝置。 2. The present invention does not require a hardware security element (SE) to be installed in the mobile device, so the cost of the mobile device can be reduced, and the mobile device is not restricted by the security element (SE), and can be applied more flexibly Different types of devices.

三、雖習知技術中,可使用主機卡類比(HCE)取代安全元件(SE),以使行動裝置能不受安全元件(SE)所限制,進而能配合各家 廠商。惟,主機卡類比(HCE)容易遭受外部駭客惡意攻擊,且若行動裝置不具備卡類比模式或是未安裝NFC SIM卡,仍無法使用主機卡類比(HCE)進行驗證。然而,本發明係透過主動式NFC標籤之功能,故行動裝置可不具備卡類比模式或是未安裝NFC SIM卡,也能達到驗證用戶身分之功能。 3. Although in the conventional technology, the host card analog (HCE) can be used to replace the secure element (SE), so that the mobile device can not be restricted by the secure element (SE), and then can cooperate with each family Vendor. However, the host card analog (HCE) is vulnerable to malicious attacks by external hackers, and if the mobile device does not have the card analog mode or the NFC SIM card is not installed, the host card analog (HCE) still cannot be used for verification. However, the present invention uses the function of the active NFC tag, so the mobile device may not have the card analog mode or the NFC SIM card is not installed, and it can also achieve the function of verifying the user's identity.

上述實施形態僅例示性說明本發明之原理及其功效,而非用於限制本發明。任何熟習此項技藝之人士均可在不違背本發明之精神及範疇下,對上述實施形態進行修飾與改變。因此,本發明之權利保護範圍應如申請專利範圍所列。 The above-mentioned embodiments only exemplarily illustrate the principles and effects of the present invention, and are not intended to limit the present invention. Anyone who is familiar with this technique can modify and change the above-mentioned embodiments without departing from the spirit and scope of the present invention. Therefore, the protection scope of the present invention should be as listed in the scope of the patent application.

1:採用主動式NFC標籤與代碼化技術之身分識別系統 1: An identity recognition system using active NFC tags and coding technology

10:行動裝置 10: Mobile device

100:應用程式 100: application

11:主動式NFC標籤 11: Active NFC tag

12:執行設備 12: Execution equipment

13:代碼化子系統 13: Coding subsystem

130:儲存模組 130: storage module

Claims (20)

一種採用主動式近距離無線通信(Near-field communication,NFC)標籤與代碼化技術之身分識別系統,係包括:一具有應用程式之行動裝置,用以於該應用程式上輸入認證密碼,以令該應用程式解密一代碼封包,其中,該應用程式依據當下時間、該代碼封包中之資訊及該認證密碼形成一身分驗證資訊,再依據該代碼封包中之資訊及該身分驗證資訊形成一代碼驗證資訊;一主動式NFC標籤,係通訊連接該行動裝置,用以接收來自該行動裝置之應用程式的該代碼驗證資訊,以由該主動式NFC標籤主動地傳遞該代碼驗證資訊;一執行設備,係通訊連接該主動式NFC標籤,用以傳遞來自該主動式NFC標籤的代碼驗證資訊;以及一代碼化子系統,係通訊連接該執行設備,用以接收與驗證來自該執行設備的代碼驗證資訊,以由該代碼化子系統命令該執行設備作動,其中,該代碼封包中之資訊係包括一代碼化資訊及相對應之代碼ID(識別碼)、一次性驗證金鑰組及相對應之金鑰ID組。 An identity recognition system using active Near-field communication (NFC) tags and coding technology includes: a mobile device with an application program for inputting an authentication password on the application program to make The application decrypts a code packet, where the application forms an identity verification information based on the current time, the information in the code packet, and the authentication password, and then forms a code verification based on the information in the code packet and the identity verification information Information; an active NFC tag, which is communicatively connected to the mobile device to receive the code verification information from the application of the mobile device, so that the active NFC tag actively transmits the code verification information; an execution device, It is communicatively connected to the active NFC tag to transmit code verification information from the active NFC tag; and a coding subsystem is communicatively connected to the execution device to receive and verify the code verification information from the execution device , The execution device is commanded by the coding subsystem to act, where the information in the code packet includes a coding information and a corresponding code ID (identification code), a one-time verification key set and a corresponding gold Key ID group. 如請求項1所述之身分識別系統,其中,該一次性驗證金鑰組包括複數個一次性驗證金鑰,且該金鑰ID組包括複數個金鑰ID。 The identity recognition system according to claim 1, wherein the one-time verification key set includes a plurality of one-time verification keys, and the key ID set includes a plurality of key IDs. 如請求項2所述之身分識別系統,其中,該應用程式組合該當下時間、該代碼封包中之代碼化資訊及該認證密碼以形成該身分驗證資訊,其中,該當下時間係為該應用程式將該代碼封包進行解密後取出的時點、該代碼封包中之代碼化資訊係用以供該代碼化子系統驗證該身分驗證資訊否為正確,以及該認證密碼係包括由使用者於該應用程式上設定之PIN碼。 The identity recognition system according to claim 2, wherein the application combines the current time, the coded information in the code packet, and the authentication password to form the identity verification information, wherein the current time is the application The time point when the code packet is decrypted and taken out, the coding information in the code packet is used for the coding subsystem to verify whether the identity authentication information is correct, and the authentication password is included by the user in the application PIN code set on the above. 如請求項3所述之身分識別系統,其中,該應用程式利用該代碼封包中之一次性驗證金鑰對該身分驗證資訊進行加密以形成一加密的身分驗證資訊。 The identity recognition system according to claim 3, wherein the application program encrypts the identity verification information by using the one-time verification key in the code packet to form an encrypted identity verification information. 如請求項4所述之身分識別系統,其中,該應用程式再利用該代碼封包中之一次性驗證金鑰將該加密的身分驗證資訊、該代碼ID、及該一次性驗證金鑰所對應之金鑰ID進行壓碼以產生一簽章,該應用程式再將該加密的身分驗證資訊、該代碼ID、該一次性驗證金鑰所對應之金鑰ID及該簽章形成該代碼驗證資訊。 The identity identification system according to claim 4, wherein the application program then uses the one-time verification key in the code packet to correspond to the encrypted identity verification information, the code ID, and the one-time verification key The key ID is compressed to generate a signature, and the application program then forms the code verification information with the encrypted identity verification information, the code ID, the key ID corresponding to the one-time verification key, and the signature. 如請求項2所述之身分識別系統,其中,該代碼化子系統依據該代碼驗證資訊中之代碼ID向該代碼化子系統中之儲存模組取得對應之解密金鑰組,且該代碼化子系統依據該代碼封包中之一次性驗證金鑰所對應之金鑰ID取得該解密金鑰組中之一解碼金鑰。 The identity recognition system according to claim 2, wherein the coding subsystem obtains the corresponding decryption key set from the storage module in the coding subsystem according to the code ID in the code verification information, and the coding The subsystem obtains one of the decryption keys in the decryption key group according to the key ID corresponding to the one-time verification key in the code packet. 如請求項6所述之身分識別系統,其中,該代碼化子系統透過該解碼金鑰對該代碼驗證資訊中之加密的身分驗證資訊進行解密,以獲得該身分驗證資訊中的該當下時間、該代碼化資訊及該認證密碼。 The identity recognition system according to claim 6, wherein the coding subsystem decrypts the encrypted identity verification information in the code verification information through the decoding key to obtain the current time, The coded information and the authentication password. 如請求項7所述之身分識別系統,其中,該代碼化子系統驗證該身分驗證資訊及該代碼驗證資訊中之簽章是否正確,而當該身分驗證資訊及該代碼驗證資訊中之簽章驗證通過後,該代碼化子系統依據該代碼ID向該儲存模組取得一真實代號,以將該真實代號回傳至該執行設備。 Such as the identity recognition system of claim 7, wherein the coding subsystem verifies whether the identity verification information and the signature in the code verification information are correct, and when the identity verification information and the signature in the code verification information are correct After the verification is passed, the coding subsystem obtains a real code from the storage module according to the code ID, so as to return the real code to the execution device. 一種採用主動式近距離無線通信(Near-field communication,NFC)標籤與代碼化技術之身分識別系統,係包括: 一具有應用程式之行動裝置,用以於該應用程式上輸入認證密碼,以令該應用程式解密一代碼封包,其中,該應用程式依據當下時間、該代碼封包中之資訊及該認證密碼形成一身分驗證資訊,再依據該代碼封包中之資訊及該身分驗證資訊形成一代碼驗證資訊;一主動式NFC標籤,係通訊連接該行動裝置,用以接收來自該行動裝置之應用程式的該代碼驗證資訊,以由該主動式NFC標籤主動地傳遞該代碼驗證資訊;一執行設備,係通訊連接該主動式NFC標籤,用以傳遞來自該主動式NFC標籤的代碼驗證資訊;以及一代碼化子系統,係通訊連接該執行設備,用以接收與驗證來自該執行設備的代碼驗證資訊,以由該代碼化子系統命令該執行設備作動,其中,於初次使用該應用程式時,該應用程式接收用以驗證之有效資訊及設定該認證密碼,使該應用程式傳送該有效資訊及該認證密碼至該代碼化子系統,以依據該有效資訊及該認證密碼向該代碼化子系統請求取得該代碼封包。 An identity recognition system using active Near-field communication (NFC) tags and coding technology, including: A mobile device with an application program for entering an authentication password on the application program to enable the application program to decrypt a code packet, wherein the application program forms a code packet based on the current time, the information in the code packet, and the authentication password Identity verification information, and then form a code verification information based on the information in the code packet and the identity verification information; an active NFC tag is communicatively connected to the mobile device to receive the code verification from the mobile device’s application Information to actively transmit the code verification information by the active NFC tag; an execution device is communicatively connected to the active NFC tag to transmit the code verification information from the active NFC tag; and a coding subsystem , Is to communicate with the execution device to receive and verify the code verification information from the execution device, so as to command the execution device to act by the coding subsystem, wherein, when the application is used for the first time, the application receives With the valid information verified and the authentication password set, the application sends the valid information and the authentication password to the coding subsystem, so as to request the coding subsystem to obtain the code packet based on the valid information and the authentication password . 如請求項9所述之身分識別系統,其中,當該代碼化子系統驗證該有效資訊正確後,該代碼化子系統產生與傳送該代碼封包至該應用程式中,以由該應用程式對該代碼封包進行加密與儲存該代碼封包於該行動裝置中之安全儲存位置。 The identity recognition system according to claim 9, wherein, after the coding subsystem verifies that the valid information is correct, the coding subsystem generates and transmits the code packet to the application program, so that the application program can The code packet is encrypted and the code packet is stored in a secure storage location in the mobile device. 一種採用主動式近距離無線通信(Near-field communication,NFC)標籤與代碼化技術之身分識別方法,係包括:令一行動裝置中之應用程式接收認證密碼,以令該應用程式解密一代碼封包; 令該應用程式依據當下時間、該代碼封包中之資訊及該認證密碼形成一身分驗證資訊;令該應用程式依據該代碼封包中之資訊及該身分驗證資訊形成一代碼驗證資訊;令一主動式NFC標籤接收來自該行動裝置之應用程式的該代碼驗證資訊,以由該主動式NFC標籤主動地傳遞該代碼驗證資訊;令一執行設備傳遞來自該主動式NFC標籤的代碼驗證資訊;以及令一代碼化子系統接收與驗證來自該執行設備的代碼驗證資訊,以由該代碼化子系統命令該執行設備作動,其中,該代碼封包中之資訊係包括一代碼化資訊及相對應之代碼ID(識別碼)、一次性驗證金鑰組及相對應之金鑰ID組。 An identity identification method using active Near-field communication (NFC) tags and coding technology includes: enabling an application in a mobile device to receive an authentication password, so that the application can decrypt a code packet ; Make the application form an identity verification information based on the current time, the information in the code packet, and the authentication password; make the application form a code verification information based on the information in the code packet and the identity verification information; make a proactive The NFC tag receives the code verification information from the application of the mobile device, so that the active NFC tag actively transmits the code verification information; causes an execution device to transmit the code verification information from the active NFC tag; and The coding subsystem receives and verifies the code verification information from the execution device to command the execution device to act by the coding subsystem. The information in the code packet includes a coding information and a corresponding code ID ( Identification code), one-time verification key group and corresponding key ID group. 如請求項11所述之身分識別方法,其中,該一次性驗證金鑰組包括複數個一次性驗證金鑰,且該金鑰ID組包括複數個金鑰ID。 The identity identification method of claim 11, wherein the one-time verification key set includes a plurality of one-time verification keys, and the key ID set includes a plurality of key IDs. 如請求項12所述之身分識別方法,其中,令該應用程式組合該當下時間、該代碼封包中之代碼化資訊及該認證密碼以形成該身分驗證資訊,其中,該當下時間係為該應用程式將該代碼封包進行解密後取出的時點,而該代碼封包中之代碼化資訊係用以供該代碼化子系統驗證該身分驗證資訊否為正確,又該認證密碼係包括由使用者於該應用程式上設定之PIN碼。 The identity identification method of claim 12, wherein the application is made to combine the current time, the coded information in the code packet, and the authentication password to form the identity verification information, wherein the current time is the application The time when the program decrypts the code packet and takes it out. The coding information in the code packet is used by the coding subsystem to verify whether the identity authentication information is correct, and the authentication password is included by the user in the The PIN code set on the app. 如請求項13所述之身分識別方法,其中,令該應用程式利用該代碼封包中之一次性驗證金鑰對該身分驗證資訊進行加密以形成一加密的身分驗證資訊。 The identity identification method of claim 13, wherein the application is made to encrypt the identity verification information by using the one-time verification key in the code packet to form an encrypted identity verification information. 如請求項14所述之身分識別方法,其中,令該應用程式再利用該代碼封包中之一次性驗證金鑰將該加密的身分驗證資訊、該代碼ID、及該一次性驗證金鑰所對應之金鑰ID進行壓碼以產生一簽章,令該應用程式再將該加密的身分驗證資訊、該代碼ID、該一次性驗證金鑰所對應之金鑰ID及該簽章形成該代碼驗證資訊。 The identity identification method according to claim 14, wherein the application program is made to reuse the one-time authentication key in the code packet to correspond to the encrypted identity authentication information, the code ID, and the one-time authentication key The key ID of the key ID is compressed to generate a signature, so that the application program then the encrypted identity verification information, the code ID, the key ID corresponding to the one-time verification key, and the signature form the code verification News. 如請求項12所述之身分識別方法,其中,令該代碼化子系統依據該代碼驗證資訊中之代碼ID向該代碼化子系統中之儲存模組取得對應之解密金鑰組,且令該代碼化子系統依據該代碼封包中之一次性驗證金鑰所對應之金鑰ID取得該解密金鑰組中之一解碼金鑰。 The identity identification method of claim 12, wherein the coding subsystem is made to obtain the corresponding decryption key set from the storage module in the coding subsystem according to the code ID in the code verification information, and the The coding subsystem obtains one of the decryption keys in the decryption key group according to the key ID corresponding to the one-time verification key in the code packet. 如請求項16所述之身分識別方法,其中,令該代碼化子系統透過該解碼金鑰對該代碼驗證資訊中之加密的身分驗證資訊進行解密,以獲得該身分驗證資訊中的該當下時間、該代碼化資訊及該認證密碼。 The identity identification method according to claim 16, wherein the coding subsystem is made to decrypt the encrypted identity verification information in the code verification information through the decoding key to obtain the current time in the identity verification information , The coded information and the authentication password. 如請求項17所述之身分識別方法,其中,令該代碼化子系統驗證該身分驗證資訊及該代碼驗證資訊中之簽章是否正確,而當該身分驗證資訊及該代碼驗證資訊中之簽章驗證通過後,令該代碼化子系統依據該代碼ID向該儲存模組取得一真實代號,以將該真實代號回傳至該執行設備。 The identity identification method of claim 17, wherein the coding subsystem is made to verify whether the identity verification information and the signature in the code verification information are correct, and when the signature in the identity verification information and the code verification information is correct After the chapter verification is passed, the coding subsystem is made to obtain a real code from the storage module according to the code ID, so as to return the real code to the execution device. 一種採用主動式近距離無線通信(Near-field communication,NFC)標籤與代碼化技術之身分識別方法,係包括:令一行動裝置中之應用程式接收認證密碼,以令該應用程式解密一代碼封包; 令該應用程式依據當下時間、該代碼封包中之資訊及該認證密碼形成一身分驗證資訊;令該應用程式依據該代碼封包中之資訊及該身分驗證資訊形成一代碼驗證資訊;令一主動式NFC標籤接收來自該行動裝置之應用程式的該代碼驗證資訊,以由該主動式NFC標籤主動地傳遞該代碼驗證資訊;令一執行設備傳遞來自該主動式NFC標籤的代碼驗證資訊;以及令一代碼化子系統接收與驗證來自該執行設備的代碼驗證資訊,以由該代碼化子系統命令該執行設備作動,其中,於初次使用該應用程式時,令該應用程式接收用以驗證之有效資訊及設定該認證密碼,使令該應用程式傳送該有效資訊及該認證密碼至該代碼化子系統,以依據該有效資訊及該認證密碼向該代碼化子系統請求取得該代碼封包。 An identity identification method using active Near-field communication (NFC) tags and coding technology includes: enabling an application in a mobile device to receive an authentication password, so that the application can decrypt a code packet ; Make the application form an identity verification information based on the current time, the information in the code packet, and the authentication password; make the application form a code verification information based on the information in the code packet and the identity verification information; make a proactive The NFC tag receives the code verification information from the application of the mobile device, so that the active NFC tag actively transmits the code verification information; causes an execution device to transmit the code verification information from the active NFC tag; and The coding subsystem receives and verifies the code verification information from the execution device, so that the coding subsystem commands the execution device to act. When the application program is used for the first time, the application program is made to receive valid information for verification. And set the authentication password to enable the application to send the valid information and the authentication password to the coding subsystem, so as to request the coding subsystem to obtain the code packet based on the valid information and the authentication password. 如請求項19所述之身分識別方法,其中,當該代碼化子系統驗證該有效資訊正確後,令該代碼化子系統產生且傳送該代碼封包至該應用程式中,以使該應用程式對該代碼封包進行加密與儲存該代碼封包於該行動裝置中之安全儲存位置。 The identity identification method according to claim 19, wherein after the coding subsystem verifies that the valid information is correct, the coding subsystem is caused to generate and transmit the code packet to the application program, so that the application program can The code packet is encrypted and the code packet is stored in a secure storage location in the mobile device.
TW109131688A 2020-09-15 2020-09-15 Identity recognition system and method using active nfc tag and tokenization TWI733590B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW109131688A TWI733590B (en) 2020-09-15 2020-09-15 Identity recognition system and method using active nfc tag and tokenization

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW109131688A TWI733590B (en) 2020-09-15 2020-09-15 Identity recognition system and method using active nfc tag and tokenization

Publications (2)

Publication Number Publication Date
TWI733590B true TWI733590B (en) 2021-07-11
TW202213139A TW202213139A (en) 2022-04-01

Family

ID=77911133

Family Applications (1)

Application Number Title Priority Date Filing Date
TW109131688A TWI733590B (en) 2020-09-15 2020-09-15 Identity recognition system and method using active nfc tag and tokenization

Country Status (1)

Country Link
TW (1) TWI733590B (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201627927A (en) * 2015-01-16 2016-08-01 吳有勝 High security mobile payment system and method

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201627927A (en) * 2015-01-16 2016-08-01 吳有勝 High security mobile payment system and method

Also Published As

Publication number Publication date
TW202213139A (en) 2022-04-01

Similar Documents

Publication Publication Date Title
US20210226798A1 (en) Authentication in ubiquitous environment
TWI483204B (en) Multi user electronic wallet and management thereof
US8239681B2 (en) Information processing device and method, recording medium, program and information processing system
JP4009315B1 (en) Security adapter
EP2003589B1 (en) Authentication information management system, server, method and program
US20050137889A1 (en) Remotely binding data to a user device
WO2012031433A1 (en) System and method for remote payment based on mobile terminal
CN117546162A (en) Password authentication for controlling access to a storage device
KR101807645B1 (en) Method and system for appling usim certificate to online infrastructure
TWI733590B (en) Identity recognition system and method using active nfc tag and tokenization
US20230385418A1 (en) Information processing device, information processing method, program, mobile terminal, and information processing system
KR101628615B1 (en) Method for Providing Safety Electronic Signature by using Secure Operating System
JP6451947B2 (en) Remote authentication system
KR102172855B1 (en) Method for Providing Server Type One Time Code for Medium Separation by using User’s Handheld type Medium
KR20110005615A (en) System and method for managing wireless otp using user's media, wireless terminal and recording medium
TWI651624B (en) Smart hardware safety carrier
US10810296B2 (en) Communication apparatus, communication method, and communication system
KR102358598B1 (en) Method for Processing Two Channel Authentication by using Contactless Media
KR101628614B1 (en) Method for Processing Electronic Signature by using Secure Operating System
KR101639794B1 (en) Authentication method and system for user confirmation and user authentication
KR101505735B1 (en) Method for Authenticating Near Field Communication Card by using Time Verification
KR20170010341A (en) Method for Processing Certification by using Secure Operating System
KR101394147B1 (en) How to use Certificate safely at Mobile Terminal
JP6801448B2 (en) Electronic information storage media, authentication systems, authentication methods, and authentication application programs
TW202223700A (en) Identity recognition device, system and method by using nfc