TWI733590B - Identity recognition system and method using active nfc tag and tokenization - Google Patents
Identity recognition system and method using active nfc tag and tokenization Download PDFInfo
- Publication number
- TWI733590B TWI733590B TW109131688A TW109131688A TWI733590B TW I733590 B TWI733590 B TW I733590B TW 109131688 A TW109131688 A TW 109131688A TW 109131688 A TW109131688 A TW 109131688A TW I733590 B TWI733590 B TW I733590B
- Authority
- TW
- Taiwan
- Prior art keywords
- code
- information
- verification information
- identity
- key
- Prior art date
Links
Images
Landscapes
- Telephone Function (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Description
本發明係為一種身分識別技術,尤其指採用主動式NFC(Near-field communication,近距離無線通訊)標籤與代碼化(Tokenization)技術之身分識別系統及其方法。 The present invention is an identity recognition technology, and particularly refers to an identity recognition system and method using active NFC (Near-field communication) tags and Tokenization technology.
於習知技術中,NFC常用於短距離的資訊傳遞,如傳輸多媒體資訊(照片、影片或音樂等檔案),或作為電子票券、電子身分證、電子鑰匙以取代傳統的票證。 In conventional technologies, NFC is often used for short-distance information transmission, such as the transmission of multimedia information (photos, videos, or music files), or as an electronic ticket, electronic ID card, or electronic key to replace traditional tickets.
再者,習知具有NFC功能之裝置通常具有以下三種模式之至少一種:卡類比模式(Card emulation mode)、讀卡機模式(Reader/Writer mode)或對等模式(Peer-to-Peer mode)。 Furthermore, conventional devices with NFC function usually have at least one of the following three modes: Card emulation mode, Reader/Writer mode or Peer-to-Peer mode .
詳言之,卡類比模式係類似於習知的用於IC卡(Integrated circuit card)之無線射頻辨識(Radio frequency identification,RFID)技術,例如,當具有NFC功能之裝置採用卡類比模式時,可取代傳統的信用卡、交通卡、門禁卡等,以提供一讀卡機讀取該具有NFC功能之裝置,進而達到前述卡片之功能。 In detail, the card analog mode is similar to the conventional radio frequency identification (RFID) technology used for IC cards (Integrated circuit cards). For example, when the NFC-enabled device adopts the card analog mode, it can be Instead of traditional credit cards, transportation cards, access cards, etc., to provide a card reader to read the device with NFC function, and then achieve the function of the aforementioned card.
而採用讀卡機模式時,可透過該具有NFC功能之裝置作為非接觸式讀卡機以讀取NFC標籤,進而取得NFC標籤內的資訊,例如,讀取設置於藝文展覽的NFC標籤,以取得展覽介紹資料。或是,該具有NFC功能之裝置可寫入資訊至NFC標籤。 When the card reader mode is adopted, the NFC-enabled device can be used as a non-contact card reader to read the NFC tag, and then obtain the information in the NFC tag, for example, read the NFC tag set in the art exhibition, In order to obtain exhibition introduction materials. Or, the device with NFC function can write information to the NFC tag.
又,採用對等模式時,可於兩個具有NFC功能之裝置之間傳輸多媒體資訊(照片、影片或音樂等檔案),且快速建立兩裝置之間的連接。然而,NFC的傳輸距離較短,且NFC的每秒傳輸量低於藍牙(Bluetooth)的每秒傳輸量,故習知技術通常會結合NFC及藍牙,以快速建立連線,並提升傳輸量及傳輸距離。 In addition, when the peer-to-peer mode is adopted, multimedia information (files such as photos, videos or music) can be transferred between two NFC-enabled devices, and a connection between the two devices can be quickly established. However, the transmission distance of NFC is relatively short, and the transmission volume per second of NFC is lower than that of Bluetooth (Bluetooth). Therefore, conventional technologies usually combine NFC and Bluetooth to quickly establish a connection and increase the transmission volume. Transmission distance.
另一方面,現今NFC技術常用於行動裝置(如智慧型手機),以取代信用卡、交通卡(悠遊卡、一卡通、八達通等)等功能,以使用戶在生活上更加便利。惟,目前採用主流作業系統之行動裝置,如採用蘋果(Apple)公司的iOS系統或谷歌(Google)的Android系統之行動裝置,其中,採用iOS系統之行動裝置(如iPhone)不支援NFC的卡類比模式,故難以達到上述卡片功能,而採用Android系統之行動裝置需更換NFC SIM(Subscriber Identity Module,用戶身分模組)卡,才能使用上述卡片功能。因此,在使用上還有諸多不便處。 On the other hand, nowadays NFC technology is often used in mobile devices (such as smart phones) to replace credit cards, transportation cards (youyou cards, all-in-one cards, Octopus, etc.) functions to make life more convenient for users. However, currently mobile devices using mainstream operating systems, such as those using Apple’s iOS system or Google’s Android system, among which mobile devices using iOS systems (such as iPhone) do not support NFC cards In the analog mode, it is difficult to achieve the above-mentioned card function, and the mobile device using the Android system needs to replace the NFC SIM (Subscriber Identity Module) card in order to use the above-mentioned card function. Therefore, there are many inconveniences in use.
再者,當行動裝置使用NFC的卡類比模式時,必須內建硬體的安全元件(Security Element,SE)或軟體的主機卡類比(Host Card Emulation,HCE)才能保障用戶於交易時的安全性。但安全元件(SE)需綁定於硬體上(如行動裝置內部、外接SD卡或NFC的晶片),故設置成本較高且彈性較低。此外,雖主機卡類比(HCE)係採用純軟體實施,能降低設置成本及提高配置彈性,但也較容易遭受外部惡意攻擊,故安全性上也有相當地疑慮。 Furthermore, when the mobile device uses the NFC card analog mode, the security element (SE) of the hardware or the host card emulation (HCE) of the software must be built-in to ensure the security of the user during the transaction. . However, the secure element (SE) needs to be bound to the hardware (such as the internal mobile device, external SD card or NFC chip), so the set-up cost is higher and the flexibility is lower. In addition, although the host card analog (HCE) is implemented by pure software, it can reduce the setup cost and increase the configuration flexibility, but it is also more vulnerable to external malicious attacks, so there are considerable doubts about security.
因此,如何提高NFC於裝置上之相容性,以有效降低系統建置成本,且具有更高的安全性,以避免具有NFC功能之裝置遭受惡意攻擊,即為目前所亟待解決的課題之一。 Therefore, how to improve the compatibility of NFC on the device to effectively reduce the cost of system construction and have higher security to avoid malicious attacks on devices with NFC function is one of the urgent issues to be solved. .
本發明提供一種採用主動式近距離無線通信(Near-field communication,NFC)標籤與代碼化技術之身分識別系統,係包括:一具有應用程式之行動裝置,用以於該應用程式上輸入認證密碼,以令該應用程式解密一代碼封包,其中,該應用程式依據當下時間、該代碼封包中之資訊及該認證密碼形成一身分驗證資訊,再依據該代碼封包中之資訊及該身分驗證資訊形成一代碼驗證資訊;一主動式NFC標籤,係通訊連接該行動裝置,用以接收來自該行動裝置之應用程式的該代碼驗證資訊,以由該主動式NFC標籤主動地傳遞該代碼驗證資訊;一執行設備,係通訊連接該主動式NFC標籤,用以傳遞來自該主動式NFC標籤的代碼驗證資訊;以及一代碼化子系統,係通訊連接該執行設備,用以接收與驗證來自該執行設備的代碼驗證資訊,以由該代碼化子系統命令該執行設備作動。 The present invention provides an identity recognition system using active Near-field communication (NFC) tags and coding technology, which includes: a mobile device with an application program for inputting an authentication password on the application program To enable the application to decrypt a code packet, where the application forms identity verification information based on the current time, information in the code packet, and the authentication password, and then forms identity verification information based on the information in the code packet and the identity verification information A code verification information; an active NFC tag, which is communicatively connected to the mobile device to receive the code verification information from an application of the mobile device, so that the active NFC tag actively transmits the code verification information; The execution device is communicatively connected to the active NFC tag to transmit code verification information from the active NFC tag; and a coding subsystem is communicatively connected to the execution device to receive and verify the code from the execution device Code verification information, so that the coded subsystem commands the execution device to act.
本發明又提供一種採用主動式近距離無線通信(Near-field communication,NFC)標籤與代碼化技術之身分識別方法,係包括:令一行動裝置中之應用程式接收認證密碼,以令該應用程式解密一代碼封包;令該應用程式依據當下時間、該代碼封包中之資訊及該認證密碼形成一身分驗證資訊;令該應用程式依據該代碼封包中之資訊及該身分驗證資訊形成一代碼驗證資訊;令一主動式NFC標籤接收來自該行動裝置之應用程式的該代 碼驗證資訊,以由該主動式NFC標籤主動地傳遞該代碼驗證資訊;令一執行設備傳遞來自該主動式NFC標籤的代碼驗證資訊;以及令一代碼化子系統接收與驗證來自該執行設備的代碼驗證資訊,以由該代碼化子系統命令該執行設備作動。 The present invention also provides an identity recognition method using active Near-field communication (NFC) tags and coding technology, which includes: enabling an application in a mobile device to receive an authentication password to make the application Decrypt a code packet; make the application form an identity verification information based on the current time, information in the code packet, and the authentication password; make the application form a code verification information based on the information in the code packet and the identity verification information ; Make an active NFC tag receive the code from the application of the mobile device Code verification information, so that the active NFC tag actively transmits the code verification information; causes an execution device to transmit the code verification information from the active NFC tag; and causes a coding subsystem to receive and verify the code verification information from the execution device Code verification information, so that the coded subsystem commands the execution device to act.
於一實施例中,該代碼封包中之資訊係包括一代碼化資訊及相對應之代碼ID(識別碼)、一次性驗證金鑰組及相對應之金鑰ID組,該一次性驗證金鑰組包括複數個一次性驗證金鑰,且該金鑰ID組包括複數個金鑰ID。 In one embodiment, the information in the code packet includes a coded information and a corresponding code ID (identification code), a one-time verification key group and a corresponding key ID group, the one-time verification key The group includes a plurality of one-time verification keys, and the key ID group includes a plurality of key IDs.
於一實施例中,該應用程式組合該當下時間、該代碼封包中之代碼化資訊及該認證密碼以形成該身分驗證資訊。 In one embodiment, the application program combines the current time, the coded information in the code packet, and the authentication password to form the identity verification information.
於一實施例中,該應用程式利用該代碼封包中之一次性驗證金鑰對該身分驗證資訊進行加密以形成一加密的身分驗證資訊。 In one embodiment, the application program uses the one-time verification key in the code packet to encrypt the identity verification information to form an encrypted identity verification information.
於一實施例中,該應用程式再利用該代碼封包中之一次性驗證金鑰將該加密的身分驗證資訊、該代碼ID、及該一次性驗證金鑰所對應之金鑰ID進行壓碼以產生一簽章,該應用程式再將該加密的身分驗證資訊、該代碼ID、該一次性驗證金鑰所對應之金鑰ID及該簽章形成該代碼驗證資訊。 In one embodiment, the application program then uses the one-time verification key in the code packet to compress the encrypted identity verification information, the code ID, and the key ID corresponding to the one-time verification key to A signature is generated, and the application program then forms the code verification information with the encrypted identity verification information, the code ID, the key ID corresponding to the one-time verification key, and the signature.
於一實施例中,該代碼化子系統依據該代碼驗證資訊中之代碼ID向該代碼化子系統中之儲存模組取得對應之解密金鑰組,且該代碼化子系統依據該代碼封包中之一次性驗證金鑰所對應之金鑰ID取得該解密金鑰組中之一解碼金鑰。 In one embodiment, the coding subsystem obtains the corresponding decryption key set from the storage module in the coding subsystem according to the code ID in the code verification information, and the coding subsystem obtains the corresponding decryption key set according to the code packet The key ID corresponding to the one-time verification key obtains one of the decryption keys in the decryption key group.
於一實施例中,該代碼化子系統透過該解碼金鑰對該代碼驗證資訊中之加密的身分驗證資訊進行解密,以獲得該身分驗證資訊中的該當下時間、該代碼化資訊及該認證密碼。 In one embodiment, the coding subsystem decrypts the encrypted identity verification information in the code verification information through the decryption key to obtain the current time, the coding information, and the certification in the identity verification information password.
於一實施例中,該代碼化子系統驗證該身分驗證資訊及該代碼驗證資訊中之簽章是否正確,而當該身分驗證資訊及該代碼驗證資訊中之簽章驗證通過後,該代碼化子系統依據該代碼ID向該儲存模組取得一真實代號,以將該真實代號回傳至該執行設備。 In one embodiment, the coding subsystem verifies whether the identity verification information and the signature in the code verification information are correct, and when the identity verification information and the signature in the code verification information are verified, the coding The subsystem obtains a real code from the storage module according to the code ID, so as to return the real code to the execution device.
於一實施例中,於初次使用該應用程式時,該應用程式接收用以驗證之有效資訊及設定該認證密碼,使該應用程式傳送該有效資訊及該認證密碼至該代碼化子系統以請求取得該代碼封包。 In one embodiment, when the application is used for the first time, the application receives valid information for verification and sets the authentication password, so that the application sends the valid information and the authentication password to the coding subsystem to request Get the code packet.
於一實施例中,當該代碼化子系統驗證該有效資訊正確後,該代碼化子系統產生且傳送該代碼封包至該應用程式中,以使該應用程式對該代碼封包進行加密與儲存該代碼封包於該行動裝置中之一安全儲存位置。 In one embodiment, after the coding subsystem verifies that the valid information is correct, the coding subsystem generates and transmits the code packet to the application program, so that the application program encrypts the code packet and stores the code packet The code is packaged in a secure storage location in the mobile device.
由上可知,本發明之採用主動式NFC標籤與代碼化技術之身分識別系統及其方法,透過具有NFC功能之行動裝置將一用戶用以身分驗證之代碼驗證資訊寫入主動式NFC標籤,藉此,將該代碼驗證資訊傳送至後端的代碼化子系統,以驗證該用戶之身分是否為正確,故相較於習知技術,即使具有NFC功能之行動裝置不具備卡類比模式(如iPhone),或是未安裝NFC SIM卡(如Android),也可以透過行動裝置的讀卡機模式進行用戶身分之驗證。因此,相較於過去將驗證資訊存放於硬體(如NFC SIM), 可相容於更多不同類型的裝置,且亦可達到相同或更高等級的安全驗證程度。 It can be seen from the above that the identity recognition system and method using active NFC tag and coding technology of the present invention writes a user’s code verification information for identity verification into the active NFC tag through a mobile device with NFC function. Therefore, the code verification information is sent to the back-end coding subsystem to verify whether the user's identity is correct. Therefore, compared with the conventional technology, even mobile devices with NFC function do not have the card analog mode (such as iPhone) , Or the NFC SIM card (such as Android) is not installed, the user identity can also be verified through the card reader mode of the mobile device. Therefore, compared to storing the verification information in hardware (such as NFC SIM) in the past, Compatible with more different types of devices, and can also achieve the same or higher level of security verification.
1:採用主動式NFC標籤與代碼化技術之身分識別系統 1: An identity recognition system using active NFC tags and coding technology
10:行動裝置 10: Mobile device
100:應用程式 100: application
11:主動式NFC標籤 11: Active NFC tag
12:執行設備 12: Execution equipment
13:代碼化子系統 13: Coding subsystem
130:儲存模組 130: storage module
S21至S26:步驟 S21 to S26: steps
S31至S314:步驟 S31 to S314: steps
圖1係為本發明之採用主動式NFC標籤與代碼化技術之身分識別系統示意圖; Figure 1 is a schematic diagram of the identity recognition system using active NFC tags and coding technology of the present invention;
圖2係為本發明之採用主動式NFC標籤與代碼化技術之身分識別方法之申請流程圖;以及 Figure 2 is an application flow chart of the identity identification method using active NFC tags and coding technology according to the present invention; and
圖3係為本發明之採用主動式NFC標籤與代碼化技術之身分識別方法之驗證流程圖。 Fig. 3 is a flow chart of the authentication method of the identity recognition method using active NFC tag and coding technology of the present invention.
須知,本說明書所附圖式所繪示之結構、比例、大小等,均僅用以配合說明書所揭示之內容,以供熟悉此技藝之人士之瞭解與閱讀,並非用以限定本發明可實施之限定條件,故不具技術上之實質意義,任何結構之修飾、比例關係之改變或大小之調整,在不影響本發明所能產生之功效及所能達成之目的下,均應仍落在本發明所揭示之技術內容得能涵蓋之範圍內。同時,本說明書中所引用之如「一」、「第一」、「第二」、「上」及「下」等之用語,亦僅為便於敘述之明瞭,而非用以限定本發明可實施之範圍,其相對關係之改變或調整,在無實質變更技術內容下,當視為本發明可實施之範疇。 It should be noted that the structure, ratio, size, etc. shown in the drawings in this manual are only used to match the content disclosed in the manual for the understanding and reading of those who are familiar with the art, and are not intended to limit the implementation of the present invention. Therefore, it does not have any technical significance. Any structural modification, proportional relationship change or size adjustment, without affecting the effects and objectives that can be achieved by the present invention, should still fall within the scope of the present invention. The technical content disclosed by the invention can be covered. At the same time, the terms such as "一", "first", "second", "上" and "下" cited in this manual are only for ease of description and are not used to limit the scope of the present invention. The scope of implementation, and the change or adjustment of the relative relationship, shall be regarded as the scope of the implementation of the present invention without substantial changes to the technical content.
圖1係為本發明之採用主動式NFC(近距離無線通訊)標籤與代碼化技術之身分識別系統示意圖。如圖1所示,該身分識別系統1係包括:一具有NFC功能之行動裝置10、一主動式NFC標籤11、一執行設備12以及一代碼化子系統13,其中,該行動裝置10具有一NFC晶片(圖中未式)及一應用程式100,而該代碼化子系統13具有一儲存模組130。應可理解地,該行動裝置10包括但不限於智慧型手機、平板電腦、智慧型手錶及其他穿戴式裝置。
FIG. 1 is a schematic diagram of the identity recognition system using active NFC (near field communication) tags and coding technology according to the present invention. As shown in FIG. 1, the
具體而言,該行動裝置10透過設置於其內部的NFC晶片,以使該行動裝置10具有NFC功能,且該應用程式100具有可操作之使用者介面(User Interface,UI),以提供下載、儲存或操作等動作,而該主動式NFC標籤11係可主動地將寫入的資訊傳遞至後端設備(如執行設備12)。又,該執行設備12係建立於一電腦(如個人電腦、筆記型電腦、嵌入式電腦)或一微控制器(或稱單晶片微電腦),或透過執行模組以軟體、韌體或硬體之形式呈現於具有一計算能力之實體裝置。代碼化子系統13係建立於一伺服器(如通用伺服器、檔案伺服器、儲存單元伺服器等)。應可理解地,本發明之具有NFC功能的該行動裝置10至少可執行NFC之讀卡機模式,而該應用程式100係可為智慧型手機之應用程式(Application,APP),又,相較於習知的NFC標籤僅能提供資訊給一裝置(如讀卡機)讀取或只是單純寫入資料於該習知的NFC標籤中,而本發明之主動式NFC標籤11更能主動地將寫入的資訊傳遞出去。
Specifically, the
再者,該行動裝置10係透過各種網路,如網際網路(Internet),通訊連接該代碼化子系統13,而該主動式NFC標籤11係透過
有線或無線之方式通訊連接該設備12,又,該執行設備12亦透過各種網路,如網際網路,通訊連接該代碼化子系統13。
Furthermore, the
於本實施例中,一用戶(圖中未示)使用該行動裝置10之應用程式100,以於該應用程式100上輸入可驗證該用戶之身分之有效資訊及設定該應用程式100之認證密碼,接著,該應用程式100傳送該有效資訊及該認證密碼至該代碼化子系統13,以依據該有效資訊及該認證密碼向該代碼化子系統13請求取得一代碼封包,其中,該代碼封包係包括一代碼化資訊及相對應之代碼ID(Identification,識別碼)、一次性驗證金鑰組及相對應之金鑰ID組。應可理解地,該一次性驗證金鑰組及相對應之金鑰ID組係分別包含複數個一次性驗證金鑰及相對應之金鑰ID,而該代碼ID係為專屬該用戶之亂數,故無法以數學公式反推該代碼ID,以避免遭受惡意破解,進而產生資訊安全問題。此外,該有效資訊可包括但不限於用戶之身分證字號、生日、姓名、員工號碼及手機號碼等個人資料,而該認證密碼可包括但不限於PIN碼等密碼。
In this embodiment, a user (not shown in the figure) uses the
再者,當該代碼化子系統13驗證該有效資訊為正確無誤後,該代碼化子系統13產生並傳送該代碼封包至該行動裝置10之應用程式100中。於該行動裝置10之應用程式100接收到該代碼化資訊後,該應用程式100對該代碼封包進行加密與儲存於該行動裝置10中之一安全儲存位置或安全存放處。具言之,可透過該行動裝置10中用於硬體加密的iOS Secure enclave(Apple)或Android Keystore(Google)內的金鑰對該代碼封包中的該代碼化資訊及相對應之代碼ID、該一次性驗證金鑰組及相對應之金鑰ID組進行加密,且該應用程式100將再將硬體加密後的該代碼化資訊及相
對應之代碼ID、該一次性驗證金鑰組及相對應之金鑰ID組儲存於該應用程式100權限保護下的區域,亦即,儲存於該行動裝置10中之一安全儲存位置或安全存放處。
Furthermore, after the
在一實施例中,當該用戶需驗證其身分以令該執行設備12作動時,該應用程式100請求該用戶輸入該應用程式100之認證密碼,又,該應用程式100將位於該安全之處的該代碼封包進行解密後取出。接著,該應用程式100對當下時間、該代碼化資訊及該認證密碼進行組合,以形成一身分驗證資訊,且選擇該一次性驗證金鑰組之一者對該身分驗證資訊進行加密,以形成加密的身分驗證資訊,同時註記該一次性驗證金鑰組之一者已使用。
In one embodiment, when the user needs to verify his identity to enable the
又,該應用程式100再使用該一次性驗證金鑰組之一者對該加密的身分驗證資訊、該一次性驗證金鑰組之一者所對應之金鑰ID及該代碼ID進行壓碼以產生一簽章,最後將該加密的身分驗證資訊、該代碼ID、該一次性驗證金鑰組之一者所對應之金鑰ID及該簽章形成一代碼驗證資訊,進而透過行動裝置10將該代碼驗證資訊寫入該主動式NFC標籤11中。
In addition, the
詳言之,該一次性驗證金鑰經使用後即失去效用,且該應用程式100內所有的該一次性驗證金鑰組及相對應之金鑰ID組皆失去效用時,該應用程式100可透過網路向該代碼化子系統13請求補充新的一次性驗證金鑰組及相對應之金鑰ID組,而該代碼化子系統13可視該應用程式100的使用狀況評估目前該行動裝置10之風險後,再次發送該新的一次性驗證金鑰組及相對應之金鑰ID組至該行動裝置10之應用程式100。
In detail, the one-time verification key loses its effectiveness after being used, and when all the one-time verification key sets and the corresponding key ID sets in the
在一實施例中,當該主動式NFC標籤11接收該代碼驗證資訊時,該主動式NFC標籤11將該代碼驗證資訊透過線路介面傳送至該執行設備12,且藉由該執行設備12再經由網路將該代碼驗證資訊傳送至該代碼化子系統13,以由該代碼化子系統13對該代碼驗證資訊進行驗證。詳言之,該代碼化子系統13依據該代碼驗證資訊中的該代碼ID向該儲存模組130取得對應之解密金鑰組,再依據該一次性驗證金鑰組之一者所對應之金鑰ID取得該解密金鑰組中之一解碼金鑰,進而透過該解碼金鑰對該加密的身分驗證資訊進行解密以獲得該身分驗證資訊中的該當下時間、該代碼化資訊及該認證密碼。
In one embodiment, when the
再者,該代碼化子系統13驗證該身分驗證資訊及該簽章是否為正確無誤,當驗證通過後該代碼化子系統13依據該代碼ID向該儲存模組130取得該用戶之真實代號且回傳至該執行設備12,以令該執行設備12作動。應可理解地,該用戶之真實代號可包括但不限於用戶之身分證字號、生日、姓名、員工號碼及手機號碼等個人資料。
Furthermore, the
此實施例係為本發明之採用主動式NFC標籤與代碼化技術之身分識別系統1之實施例,如圖1所示。當公司內的員工需使用本發明之採用主動式NFC標籤與代碼化技術之身分識別系統1進行其身分辨識時,該員工需透過其一具有NFC功能之行動裝置10中之一應用程式100以先行進行申請。
This embodiment is an embodiment of the
具言之,該員工先將該應用程式100安裝至具有NFC功能之行動裝置10上,且於該應用程式100上輸入其公司配發給該員工之帳號與密碼(如前述之有效資訊),並設定該應用程式100之認證密碼(如PIN碼),
以使該應用程式100將該員工之帳號與密碼及該應用程式100之認證密碼經由網路傳送至一代碼化子系統13以提出申請。
In other words, the employee first installs the
此時,該代碼化子系統13接收該員工之帳號與密碼、及該認證密碼,且該代碼化子系統13驗證該員工之帳號與密碼的合法性,當確認該員工之帳號與密碼具合法性後,該代碼化子系統13發出一代碼封包傳送至該應用程式100,其中,該代碼封包係包括一代碼化資訊及相對應之代碼ID、一次性驗證金鑰組及相對應之金鑰ID。再者,該應用程式100將該代碼封包加密與儲存該代碼封包於行動裝置10中之一安全儲存位置或安全存放處。
At this time, the
於本實施例中,當該員工進入其公司且需驗證其身分時,該員工先行輸入該應用程式100之認證密碼,且該應用程式100將儲存於安全存放處的該代碼封包解密後取出,以將當下時間、該代碼化資訊及該認證密碼進行組合以形成一身分驗證資訊。接著,該應用程式100選擇該一次性驗證金鑰組之一者對該身分驗證資訊進行加密,以形成加密的身分驗證資訊。
In this embodiment, when the employee enters his company and needs to verify his identity, the employee first enters the authentication password of the
再者,該應用程式100使用該一次性驗證金鑰組之一者對該加密的身分驗證資訊、該一次性驗證金鑰組之一者所對應之金鑰ID及該代碼ID進行壓碼以產生一簽章。又,該應用程式100將該加密的身分驗證資訊、該代碼ID、該一次性驗證金鑰組之一者所對應之金鑰ID及該簽章形成一代碼驗證資訊,進而透過該行動裝置10將該代碼驗證資訊寫入一門禁裝置(圖中未示)中。應可理解地,該門禁裝置係包括一主動式NFC標籤11
及通訊連結該主動式NFC標籤11之執行設備12,且該行動裝置10將該代碼驗證資訊寫入該主動式NFC標籤11。
Furthermore, the
因此,當該門禁裝置接收該代碼驗證資訊時,該門禁裝置之執行設備12將該代碼驗證資訊傳送至該代碼化子系統13,以由該代碼化子系統13依據該代碼驗證資訊中的該代碼ID向一儲存模組130取得對應之解密金鑰組,再依據該一次性驗證金鑰組之一者所對應之金鑰ID取得該解密金鑰組中之一解碼金鑰,進而透過該解碼金鑰對該加密的身分驗證資訊進行解密以獲得該身分驗證資訊中的該當下時間、該代碼化資訊及該認證密碼。
Therefore, when the access control device receives the code verification information, the
是以,該代碼化子系統13驗證該身分驗證資訊及該簽章是否為正確無誤,若為為正確無誤,則該代碼化子系統13依據該代碼ID向該儲存模組130取得該員工之員工號碼且回傳至該門禁裝置之執行設備12,令該門禁裝置之執行設備12執行解鎖之功能,以使該員工可以進入公司。
Therefore, the
圖2係為本發明之採用主動式NFC標籤與代碼化技術之身分識別方法之申請流程圖,且一併參閱圖1說明之。如圖2所示,此申請流程包含下列步驟S21至步驟S26: FIG. 2 is the application flow chart of the identity recognition method using active NFC tag and coding technology of the present invention, and refer to FIG. 1 as well. As shown in Figure 2, this application process includes the following steps S21 to S26:
於步驟S21中,輸入可驗證一用戶之身分之有效資訊及設定一認證密碼(如PIN碼)於一具有NFC功能之行動裝置10中之應用程式100上。
In step S21, input valid information that can verify the identity of a user and set an authentication password (such as a PIN code) on the
於步驟S22中,該應用程式100傳送該有效資訊及該認證密碼至一代碼化子系統13。
In step S22, the
於步驟S23中,該代碼化子系統13驗證該有效資訊。
In step S23, the
於步驟S24中,若該有效資訊為正確無誤,該代碼化子系統13產生一代碼封包,其中,該代碼封包係包括一代碼化資訊及相對應之代碼ID、一次性驗證金鑰組及相對應之金鑰ID組。
In step S24, if the valid information is correct, the
於步驟S25中,該代碼化子系統13傳送該代碼封包至該行動裝置10之應用程式100中。
In step S25, the
於步驟S26中,該應用程式100加密並儲存該代碼封包於該行動裝置10中。
In step S26, the
圖3係為本發明之採用主動式NFC標籤與代碼化技術之身分識別方法之驗證流程圖,且一併參閱圖1說明之。如圖3所示,此驗證流程包含下列步驟S31至步驟S314: FIG. 3 is a flowchart of the authentication method of the identity recognition method using active NFC tags and coding technology according to the present invention, and also refer to FIG. 1 for description. As shown in Figure 3, this verification process includes the following steps S31 to S314:
於步驟S31中,一用戶輸入一認證密碼(如PIN碼)於一行動裝置10之應用程式100中。
In step S31, a user inputs an authentication password (such as a PIN code) into the
於步驟S32中,該應用程式100對一代碼封包進行解密,以取出該代碼封包,其中,該代碼封包係包括一代碼化資訊及相對應之代碼ID、一次性驗證金鑰組及相對應之金鑰ID組。
In step S32, the
於步驟S33中,該應用程式100對當下時間、該代碼化資訊及該認證密碼進行組合以形成一身分驗證資訊,且選擇該一次性驗證金鑰組之一者對該身分驗證資訊進行加密,以形成加密的身分驗證資訊,同時註記該一次性驗證金鑰組之一者已使用。
In step S33, the
於步驟S34中,該應用程式100再使用該一次性驗證金鑰組之一者對該加密的身分驗證資訊、該一次性驗證金鑰組之一者所對應之金鑰ID及該代碼ID進行壓碼以產生一簽章。
In step S34, the
於步驟S35中,該應用程式100該加密的身分驗證資訊、該代碼ID、該一次性驗證金鑰組之一者所對應之金鑰ID及該簽章形成一代碼驗證資訊。
In step S35, the encrypted identity verification information of the
於步驟S36中,該行動裝置10將該代碼驗證資訊寫入該主動式NFC標籤11中。
In step S36, the
於步驟S37中,該主動式NFC標籤11將接收來自該行動裝置10之應用程式100的該代碼驗證資訊,且透過線路介面主動地傳送該代碼驗證資訊至該執行設備12。
In step S37, the
於步驟S38中,該執行設備12再經由網路將來自該主動式NFC標籤11的該代碼驗證資訊傳送至一代碼化子系統13。
In step S38, the
於步驟S39中,該代碼化子系統13依據該代碼驗證資訊中的該代碼ID取得對應之解密金鑰組,再依據該一次性驗證金鑰組之一者所對應之金鑰ID取得該解密金鑰組中之一解碼金鑰。
In step S39, the
於步驟S310中,該代碼化子系統13依據該解碼金鑰對該加密的身分驗證資訊進行解密以獲得該身分驗證資訊中的該當下時間、該代碼化資訊及該認證密碼。
In step S310, the
於步驟S311中,該代碼化子系統13驗證該身分驗證資訊及該簽章是否為正確無誤。
In step S311, the
於步驟S312中,當驗證通過時,該代碼化子系統13依據該代碼ID取得該用戶之真實代號。
In step S312, when the verification is passed, the
於步驟S313中,該代碼化子系統13傳送該用戶之真實代號至該執行設備12。
In step S313, the
於步驟S314中,該執行設備12依據該用戶之真實代號執行其功能,例如,門禁解鎖等。
In step S314, the
綜上所述,本發明之採用主動式NFC標籤與代碼化技術之身分識別系統及其方法係提供一用戶方便且安全之身分驗證方式。具體而言,本發明透過具有NFC功能之行動裝置將該用戶用以身分驗證之代碼驗證資訊寫入主動式NFC標籤,藉此,將該代碼驗證資訊傳送至後端的代碼化子系統,以驗證該用戶之身分是否為正確。 In summary, the identity recognition system and method using active NFC tags and coding technology of the present invention provide a convenient and safe identity verification method for users. Specifically, the present invention writes the code verification information used by the user for identity verification into the active NFC tag through a mobile device with NFC function, thereby transmitting the code verification information to the back-end coding subsystem for verification Whether the identity of the user is correct.
再者,本發明之採用主動式NFC標籤與代碼化技術之身分識別系統及其方法至少具有以下技術差異及其功效: Furthermore, the identity recognition system and method using active NFC tag and coding technology of the present invention have at least the following technical differences and effects:
一、本發明係透過具有NFC功能之行動裝置,利用軟體加密方式將一用戶自一代碼化子系統所取得之代碼封包存放於行動裝置內,再將該用戶用以身分驗證之代碼驗證資訊寫入主動式NFC標籤,以藉由主動式NFC標籤之設置,即使具有NFC功能之行動裝置不具備卡類比模式(如iPhone),或是未安裝NFC SIM卡(如Android),也可以透過行動裝置的讀卡機模式進行用戶身分之驗證。因此,相較於過去將驗證資訊存放於硬體(如NFC SIM),可相容於更多不同類型的裝置,且亦可達到相同或更高等級的安全驗證程度。 1. The present invention uses a mobile device with NFC function to store a code packet obtained by a user from a coding subsystem in the mobile device by means of software encryption, and then writes the code verification information for the user’s identity verification Into the active NFC tag, through the setting of the active NFC tag, even if the mobile device with NFC function does not have the card analog mode (such as iPhone), or the NFC SIM card (such as Android) is not installed, the mobile device can be used The card reader mode is used to verify user identity. Therefore, compared to storing the verification information in hardware (such as NFC SIM) in the past, it is compatible with more different types of devices and can achieve the same or higher level of security verification.
二、本發明不需要在行動裝置內安裝硬體的安全元件(SE),故可以降低在行動裝置的成本,且使行動裝置不受安全元件(SE)所限制,能更有彈性地應用於不同類型的裝置。 2. The present invention does not require a hardware security element (SE) to be installed in the mobile device, so the cost of the mobile device can be reduced, and the mobile device is not restricted by the security element (SE), and can be applied more flexibly Different types of devices.
三、雖習知技術中,可使用主機卡類比(HCE)取代安全元件(SE),以使行動裝置能不受安全元件(SE)所限制,進而能配合各家 廠商。惟,主機卡類比(HCE)容易遭受外部駭客惡意攻擊,且若行動裝置不具備卡類比模式或是未安裝NFC SIM卡,仍無法使用主機卡類比(HCE)進行驗證。然而,本發明係透過主動式NFC標籤之功能,故行動裝置可不具備卡類比模式或是未安裝NFC SIM卡,也能達到驗證用戶身分之功能。 3. Although in the conventional technology, the host card analog (HCE) can be used to replace the secure element (SE), so that the mobile device can not be restricted by the secure element (SE), and then can cooperate with each family Vendor. However, the host card analog (HCE) is vulnerable to malicious attacks by external hackers, and if the mobile device does not have the card analog mode or the NFC SIM card is not installed, the host card analog (HCE) still cannot be used for verification. However, the present invention uses the function of the active NFC tag, so the mobile device may not have the card analog mode or the NFC SIM card is not installed, and it can also achieve the function of verifying the user's identity.
上述實施形態僅例示性說明本發明之原理及其功效,而非用於限制本發明。任何熟習此項技藝之人士均可在不違背本發明之精神及範疇下,對上述實施形態進行修飾與改變。因此,本發明之權利保護範圍應如申請專利範圍所列。 The above-mentioned embodiments only exemplarily illustrate the principles and effects of the present invention, and are not intended to limit the present invention. Anyone who is familiar with this technique can modify and change the above-mentioned embodiments without departing from the spirit and scope of the present invention. Therefore, the protection scope of the present invention should be as listed in the scope of the patent application.
1:採用主動式NFC標籤與代碼化技術之身分識別系統 1: An identity recognition system using active NFC tags and coding technology
10:行動裝置 10: Mobile device
100:應用程式 100: application
11:主動式NFC標籤 11: Active NFC tag
12:執行設備 12: Execution equipment
13:代碼化子系統 13: Coding subsystem
130:儲存模組 130: storage module
Claims (20)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW109131688A TWI733590B (en) | 2020-09-15 | 2020-09-15 | Identity recognition system and method using active nfc tag and tokenization |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW109131688A TWI733590B (en) | 2020-09-15 | 2020-09-15 | Identity recognition system and method using active nfc tag and tokenization |
Publications (2)
Publication Number | Publication Date |
---|---|
TWI733590B true TWI733590B (en) | 2021-07-11 |
TW202213139A TW202213139A (en) | 2022-04-01 |
Family
ID=77911133
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW109131688A TWI733590B (en) | 2020-09-15 | 2020-09-15 | Identity recognition system and method using active nfc tag and tokenization |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI733590B (en) |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW201627927A (en) * | 2015-01-16 | 2016-08-01 | 吳有勝 | High security mobile payment system and method |
-
2020
- 2020-09-15 TW TW109131688A patent/TWI733590B/en active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TW201627927A (en) * | 2015-01-16 | 2016-08-01 | 吳有勝 | High security mobile payment system and method |
Also Published As
Publication number | Publication date |
---|---|
TW202213139A (en) | 2022-04-01 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210226798A1 (en) | Authentication in ubiquitous environment | |
TWI483204B (en) | Multi user electronic wallet and management thereof | |
US8239681B2 (en) | Information processing device and method, recording medium, program and information processing system | |
JP4009315B1 (en) | Security adapter | |
EP2003589B1 (en) | Authentication information management system, server, method and program | |
US20050137889A1 (en) | Remotely binding data to a user device | |
WO2012031433A1 (en) | System and method for remote payment based on mobile terminal | |
CN117546162A (en) | Password authentication for controlling access to a storage device | |
KR101807645B1 (en) | Method and system for appling usim certificate to online infrastructure | |
TWI733590B (en) | Identity recognition system and method using active nfc tag and tokenization | |
US20230385418A1 (en) | Information processing device, information processing method, program, mobile terminal, and information processing system | |
KR101628615B1 (en) | Method for Providing Safety Electronic Signature by using Secure Operating System | |
JP6451947B2 (en) | Remote authentication system | |
KR102172855B1 (en) | Method for Providing Server Type One Time Code for Medium Separation by using User’s Handheld type Medium | |
KR20110005615A (en) | System and method for managing wireless otp using user's media, wireless terminal and recording medium | |
TWI651624B (en) | Smart hardware safety carrier | |
US10810296B2 (en) | Communication apparatus, communication method, and communication system | |
KR102358598B1 (en) | Method for Processing Two Channel Authentication by using Contactless Media | |
KR101628614B1 (en) | Method for Processing Electronic Signature by using Secure Operating System | |
KR101639794B1 (en) | Authentication method and system for user confirmation and user authentication | |
KR101505735B1 (en) | Method for Authenticating Near Field Communication Card by using Time Verification | |
KR20170010341A (en) | Method for Processing Certification by using Secure Operating System | |
KR101394147B1 (en) | How to use Certificate safely at Mobile Terminal | |
JP6801448B2 (en) | Electronic information storage media, authentication systems, authentication methods, and authentication application programs | |
TW202223700A (en) | Identity recognition device, system and method by using nfc |