TWI753102B - Real-name authentication service system and real-name authentication service method - Google Patents

Real-name authentication service system and real-name authentication service method Download PDF

Info

Publication number
TWI753102B
TWI753102B TW107104792A TW107104792A TWI753102B TW I753102 B TWI753102 B TW I753102B TW 107104792 A TW107104792 A TW 107104792A TW 107104792 A TW107104792 A TW 107104792A TW I753102 B TWI753102 B TW I753102B
Authority
TW
Taiwan
Prior art keywords
real
application
authentication
key
name authentication
Prior art date
Application number
TW107104792A
Other languages
Chinese (zh)
Other versions
TW201935295A (en
Inventor
劉根田
郭家銘
陳羿亘
王坤星
王自雄
Original Assignee
劉根田
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 劉根田 filed Critical 劉根田
Priority to TW107104792A priority Critical patent/TWI753102B/en
Publication of TW201935295A publication Critical patent/TW201935295A/en
Application granted granted Critical
Publication of TWI753102B publication Critical patent/TWI753102B/en

Links

Images

Classifications

    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y04INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
    • Y04SSYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
    • Y04S10/00Systems supporting electrical power generation, transmission or distribution
    • Y04S10/50Systems or methods supporting the power network operation or management, involving a certain degree of interaction with the load-side end user applications

Landscapes

  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephone Function (AREA)

Abstract

A real-name authentication service system and method mainly encrypts and sends a mobile phone serial number and a mobile phone number identification number to a real-name authentication server by using an identity authentication application installed in a smart electronic device, The authentication server is authenticated by a carrier of the telecommunication company, and the real name authentication server transmits a authentication token to the intelligent electronic device after passing the authentication so as to utilize the real-name authentication service of the authentication token.

Description

實名認證服務系統及實名認證服務方 法 Real-name authentication service system and real-name authentication service party Law

本發明係關於一種實名認證服務系統及實名認證服務方法,尤其是指一種提供智慧型電子裝置使用實名認證服務之實名認證服務系統及實名認證服務方法。 The present invention relates to a real-name authentication service system and a real-name authentication service method, in particular to a real-name authentication service system and a real-name authentication service method for providing real-name authentication services for intelligent electronic devices.

近年來由於智慧型手機的產業發展迅速,製造智慧型手機的技術也越來越純熟精進,使得智慧型手機的製造成本大幅降低,也因此人們取得智慧型手機的門檻也越來越低,導致大部分人通常都擁有一支甚至多支智慧型手機。 In recent years, due to the rapid development of the smart phone industry, the technology for manufacturing smart phones has become more and more sophisticated, which has greatly reduced the manufacturing cost of smart phones. Most people usually own one or more smartphones.

由於智慧型手機的普及,透過智慧型手機進行的商業活動也越來越多,其中又以行動支付最為人所注目。其中由於智慧型手機具有上網的功能,因此很多人會使用智慧型手機在網路上進行購物、訂票或繳款等需要輸入信用卡號、銀行帳號或個人資料等機密敏感資料,而當智慧型手機或連上的網站遭駭時,使用者的 機密敏感資料很容易會被竊取,進而造成使用者的財產損失。 Due to the popularity of smart phones, more and more business activities are conducted through smart phones, among which mobile payment is the most notable. Among them, because smart phones have the function of surfing the Internet, many people will use smart phones to make purchases, book tickets or make payments on the Internet and need to enter confidential and sensitive information such as credit card numbers, bank account numbers or personal information. or when the connected website is hacked, the user's Confidential and sensitive information can easily be stolen, resulting in property damage to users.

有鑑於在先前技術中,絕大多數的民眾都會利用智慧型手機上網,並在網路上進行各種需要輸入金融帳號或個人資料的行為,也因此很容易使機敏資料遭竊;緣此,本發明的目的在於提供一種實名認證服務系統及實名認證服務方法,藉以有效的解決使用者再透過智慧型手機進行支付時所產生容易遭竊的問題。 In view of the fact that in the prior art, the vast majority of people use smart phones to surf the Internet, and conduct various behaviors on the Internet that require input of financial account numbers or personal information, and therefore it is easy to steal sensitive information; for this reason, the present invention The purpose of the invention is to provide a real-name authentication service system and a real-name authentication service method, so as to effectively solve the problem of easy theft when users make payments through smart phones.

為了達到上述目的,本發明提供了一種實名認證服務系統,包含一智慧型電子裝置、一實名認證伺服器以及一第三方裝置。 In order to achieve the above object, the present invention provides a real-name authentication service system, which includes an intelligent electronic device, a real-name authentication server, and a third-party device.

智慧型電子裝置係內建有一身分驗證應用程式,身分驗證應用程式係在一身分驗證階段時,將一手機號碼、一手機序號(International Mobile Equipment Identity,IMEI)與一門號識別碼(International Mobile Subscriber Identity,IMSI)透過一雜湊函數結合一加密金鑰計算出一身分驗證金鑰雜湊訊息鑑別碼(Hash-based message authentication code,HMAC)。 The smart electronic device has a built-in identity verification application. The identity verification application uses a mobile phone number, a mobile phone serial number (International Mobile Equipment Identity, IMEI) and a door number identification code (International Mobile Subscriber ID) in an identity verification stage. Identity, IMSI) uses a hash function combined with an encryption key to calculate an identity verification key hash message authentication code (Hash-based message authentication code, HMAC).

實名認證伺服器係通訊連結於智慧型電子裝置,用以接收手機號碼、手機序號、門號識別碼以及身分驗證金鑰雜湊訊息鑑別碼,並以雜湊函數結合加密金鑰對身分驗證金鑰雜湊訊息鑑別碼進行驗證,當身 分驗證金鑰雜湊訊息鑑別碼通過驗證後,實名認證伺服器更透過一電信公司伺服器對手機號碼與門號識別碼進行驗證而產生一授權令牌,並將授權令牌傳送至智慧型電子裝置。 The real-name authentication server is communicatively connected to the smart electronic device to receive the mobile phone number, mobile phone serial number, door number identification code and authentication key hash message authentication code, and hash the authentication key hash with the hash function combined with the encryption key message authentication code for verification After the sub-authentication key hash message authentication code is verified, the real-name authentication server verifies the mobile phone number and the door number identification code through a telecommunications company server to generate an authorization token, and transmits the authorization token to the intelligent electronic device.

第三方裝置係通訊連結於智慧型電子裝置,並內建有一第三方應用程式與一對應於身分驗證應用程式之應用程式金鑰(application programming interface key,API key),第三方應用程式係依據手機號碼與應用程式金鑰透過一軟體開發套件(Software Development Kit,SDK)呼叫訊號至智慧型電子裝置,進而喚醒身分驗證應用程式顯示一認證確認資訊,當認證確認資訊受到確認後,身分驗證應用程式係將授權令牌與應用程式金鑰發送至實名認證伺服器,使實名認證伺服器對應用程式金鑰與授權令牌進行認證,並在認證成功後發送一認證成功訊號至智慧型電子裝置,進而使身分驗證應用程式通知第三方應用程式認證成功。 The third-party device is communicatively connected to the smart electronic device, and has a built-in third-party application and an application programming interface key (API key) corresponding to the authentication application. The third-party application is based on the mobile phone The number and the application key are called by a software development kit (SDK) to the smart electronic device, and then the authentication application is awakened to display an authentication confirmation message. When the authentication confirmation information is confirmed, the authentication application It sends the authorization token and the application key to the real-name authentication server, so that the real-name authentication server authenticates the application key and the authorization token, and sends an authentication success signal to the smart electronic device after the authentication is successful. This in turn enables the authentication application to notify the third-party application that the authentication was successful.

較佳者,實名認證服務系統更包含一銀行伺服器,係通訊連結於實名認證伺服器,當智慧型電子裝置接收到授權令牌後,身分驗證應用程式更將一銀行帳號資料與一身分證明影像資料透過雜湊函數與加密金鑰來產生一銀行綁定金鑰雜湊訊息鑑別碼,並將銀行帳號資料、身分證明影像資料與銀行綁定金鑰雜湊訊息鑑別碼傳送至實名認證伺服器;實名認證伺服器在接收到銀行帳號資料、身分證明影像資料與銀行綁定金鑰雜湊訊息鑑別碼時,係先利用雜湊函數與加密金鑰對銀行綁 定金鑰雜湊訊息鑑別碼進行驗證,並在通過驗證後利用一光學字元識別程式自身分證明影像資料中擷取出一身分資訊,進而將身分資訊與銀行帳號資料進行驗證,並在驗證成功後將銀行帳號資料加密儲存於實名認證伺服器。 Preferably, the real-name authentication service system further includes a bank server, which is communicatively connected to the real-name authentication server. When the smart electronic device receives the authorization token, the identity verification application further stores a bank account information and an identity certificate. The image data generates a bank-bound key hash message authentication code through a hash function and an encryption key, and transmits the bank account information, identity proof image data and bank-bound key hash message authentication code to the real-name authentication server; real-name authentication When the authentication server receives the bank account information, the identification image data and the bank binding key hash message authentication code, it first uses the hash function and the encryption key to bind the bank to the bank. The key hash message authentication code is used for verification, and after the verification, an optical character recognition program is used to extract an identity information from the identification image data, and then the identity information and bank account information are verified. The bank account information is encrypted and stored in the real-name authentication server.

本發明為解決先前技術之問題所採用之另一必要技術手段是提供一種實名認證服務方法,包含以下步驟:步驟(a)是利用安裝於一智慧型電子裝置之一身分驗證應用程式將一手機號碼、一手機序號與一門號識別碼透過一雜湊函數結合一加密金鑰來產生一身分驗證金鑰雜湊訊息鑑別碼;步驟(b)是透過身分驗證應用程式將手機號碼、手機序號、門號識別碼以及金鑰雜湊訊息鑑別碼傳送至一實名認證伺服器;步驟(c)是實名認證伺服器透過一電信公司伺服器對手機號碼與門號識別碼進行驗證;步驟(d)當手機號碼與門號識別碼通過驗證後,實名認證伺服器產生一授權令牌,並將授權令牌傳送至智慧型電子裝置。 Another necessary technical means adopted by the present invention to solve the problems of the prior art is to provide a real-name authentication service method, comprising the following steps: step (a) is to use an identity verification application installed in a smart electronic device to authenticate a mobile phone The mobile phone number, a mobile phone serial number and a door number identification code are combined with an encryption key through a hash function to generate an identity verification key hash message authentication code; step (b) is to use the identity verification application to convert the mobile phone number, mobile phone serial number, door number The identification code and the key hash message authentication code are sent to a real-name authentication server; step (c) is that the real-name authentication server verifies the mobile phone number and the door number identification code through a telecommunications company server; step (d) when the mobile phone number After passing the verification with the door number identification code, the real-name authentication server generates an authorization token and transmits the authorization token to the intelligent electronic device.

較佳者,認證服務方法更包含以下步驟:步驟(e)利用身分驗證應用程式將一銀行帳號資料與一身分證明影像資料透過雜湊函數與加密金鑰來產生一銀行綁定金鑰雜湊訊息鑑別碼;步驟(f)將銀行帳號資料、身分證明影像資料與銀行綁定金鑰雜湊訊息鑑別碼傳送至實名認證伺服器;步驟(g)實名認證伺服器在接收到銀行帳號資料、身分證明影像資料與銀行綁定金鑰雜湊訊息鑑別碼時,先利用雜湊函數與加密金鑰對銀行綁定金 鑰雜湊訊息鑑別碼進行驗證,並在通過驗證後利用一光學字元識別程式自身分證明影像資料中擷取出一身分資訊,進而將身分資訊與銀行帳號資料進行驗證;步驟(h)在驗證成功後將銀行帳號資料加密儲存於實名認證伺服器。 Preferably, the authentication service method further includes the following steps: step (e) using an identity verification application to generate a bank-bound key hash message to authenticate a bank account information and an identity certificate image data through a hash function and an encryption key step (f) sending the bank account information, identity proof image data and bank binding key hash message authentication code to the real-name authentication server; step (g) the real-name authentication server receives the bank account information, identity proof image When hashing the message authentication code between the data and the bank binding key, first use the hash function and the encryption key to pair the bank binding key. The key hash message authentication code is used for verification, and after passing the verification, an optical character recognition program is used to extract an identity information from the self-identified image data, and then the identity information and the bank account information are verified; step (h) after the verification is successful After that, the bank account information is encrypted and stored in the real-name authentication server.

此外,更包含以下步驟:步驟(i)一第三方應用程式依據手機號碼、一支付金額與一應用程式金鑰透過一應用程式呼叫訊號至智慧型電子裝置;步驟(j)身分驗證應用程式依據應用程式呼叫訊號向實名認證伺服器詢問第三方應用程式是否通過審核;步驟(k)當實名認證伺服器確認第三方應用程式通過審核時,實名認證伺服器係發送一審核通過訊號至智慧型電子裝置,使智慧型電子裝置顯示一允許支付確認訊息供使用者確認;步驟(l)當允許支付確認訊息被確認後,身分驗證應用程式係將授權令牌與應用程式金鑰發送至實名認證伺服器;步驟(m)實名認證伺服器在接收到授權令牌與應用程式金鑰後,係對應用程式金鑰與授權令牌進行認證,並在認證成功後向一銀行伺服器進行交易請求;步驟(n)當實名認證伺服器向銀行伺服器進行交易請求完成後,實名認證伺服器係將一交易完成資訊傳送至智慧型電子裝置,而智慧型電子裝置更將交易完成資訊傳送至第三方裝置。 In addition, it further includes the following steps: step (i) a third-party application calls a signal to the smart electronic device through an application according to the mobile phone number, a payment amount and an application key; step (j) the identity verification application is based on The application calls the signal to the real-name authentication server to inquire whether the third-party application has passed the review; step (k) when the real-name authentication server confirms that the third-party application has passed the review, the real-name authentication server sends an approval signal to the smart electronic The device enables the smart electronic device to display a payment permission confirmation message for the user to confirm; in step (1), after the payment permission confirmation message is confirmed, the identity verification application sends the authorization token and the application key to the real-name authentication server Step (m) After receiving the authorization token and the application key, the real-name authentication server authenticates the application key and the authorization token, and sends a transaction request to a bank server after the authentication is successful; Step (n) After the real-name authentication server completes the transaction request to the bank server, the real-name authentication server transmits a transaction completion information to the smart electronic device, and the smart electronic device further transmits the transaction completion information to a third party device.

另一較佳者,認證服務方法包含以下步驟:步驟(o)一第三方應用程式依據手機號碼與一應用程式金鑰透過一應用程式呼叫訊號至智慧型電子裝置;步 驟(p)身分驗證應用程式係受到應用程式呼叫訊號所喚醒,並顯示一認證確認資訊;步驟(q)當認證確認資訊受到確認後,身分驗證應用程式係將授權令牌與應用程式金鑰發送至實名認證伺服器;步驟(r)實名認證伺服器在接收到授權令牌與應用程式金鑰後,係對應用程式金鑰與授權令牌進行認證,並在認證成功後發送一認證成功訊號至智慧型電子裝置,使身分驗證應用程式通知第三方應用程式認證成功。 In another preferred embodiment, the authentication service method includes the following steps: step (o) a third-party application calls a signal to the smart electronic device through an application according to the mobile phone number and an application key; step In step (p), the authentication application is awakened by the application call signal, and an authentication confirmation message is displayed; in step (q), when the authentication confirmation information is confirmed, the authentication application transfers the authorization token and the application key. Send to the real-name authentication server; step (r) After receiving the authorization token and the application key, the real-name authentication server authenticates the application key and the authorization token, and sends an authentication success after the authentication is successful. Signal to the smart electronic device for the authentication application to notify the third-party application that the authentication is successful.

如上所述,由於本發明所提供之實名認證服務系統及實名認證服務方法中,主要是利用手機號碼、手機序號與門號識別碼透過雜湊函數結合加密金鑰計算出身分驗證金鑰雜湊訊息鑑別碼,並將手機號碼、手機序號、門號識別碼與身分驗證金鑰雜湊訊息鑑別碼傳送至實名認證服務器進行驗證,而實名認證服務器更在電信公司伺服器驗證通過後傳送授權令牌至智慧型電子裝置,藉此使用者便可以在不用提供任何金融資料或個人資料的情況下,透過授權令牌使用實名認證服務,有效的避免個人資料或金融資料被駭而損失財產。 As mentioned above, in the real-name authentication service system and the real-name authentication service method provided by the present invention, the authentication key is mainly calculated by using the mobile phone number, the mobile phone serial number and the door number identification code through the hash function combined with the encryption key to identify the hash message. The mobile phone number, mobile phone serial number, door number identification code and identity verification key hash message authentication code are sent to the real-name authentication server for verification, and the real-name authentication server also sends the authorization token to the smart phone after the verification of the telecommunications company server is passed. This is a type of electronic device, whereby users can use the real-name authentication service through the authorization token without providing any financial information or personal information, effectively avoiding personal information or financial information being hacked and loss of property.

100‧‧‧實名認證服務系統 100‧‧‧Real-name authentication service system

1‧‧‧智慧型電子裝置 1‧‧‧Smart Electronic Devices

11‧‧‧第一儲存模組 11‧‧‧First storage module

111‧‧‧手機號碼 111‧‧‧Mobile number

112‧‧‧手機序號 112‧‧‧Mobile phone number

113‧‧‧門號識別碼 113‧‧‧Door ID

12‧‧‧處理模組 12‧‧‧Processing module

121‧‧‧身分驗證應用程式 121‧‧‧Authentication Apps

2‧‧‧實名認證伺服器 2‧‧‧Real-name authentication server

21‧‧‧身分驗證模組 21‧‧‧Authentication Module

211‧‧‧光學字元識別程式 211‧‧‧Optical Character Recognition Programs

22‧‧‧第二儲存模組 22‧‧‧Second storage module

3‧‧‧第三方裝置 3‧‧‧Third party device

31‧‧‧實名認證模組 31‧‧‧Real-name authentication module

311‧‧‧第三方應用程式 311‧‧‧Third-party applications

312‧‧‧應用程式金鑰 312‧‧‧Application Key

4‧‧‧銀行伺服器 4‧‧‧Bank Server

200‧‧‧電信公司伺服器 200‧‧‧Telecommunications company server

第一圖係顯示本發明第一較佳實施例所提供之實名認證服務系統之方塊示意圖;第二圖係顯示本發明第二較佳實施例所提供之實名認證服務方法之步驟流程圖; 第三圖係顯示本發明第三較佳實施例所提供之實名認證服務方法之步驟流程圖;以及第四A圖與第四B圖係顯示本發明第四較佳實施例所提供之實名認證服務方法之步驟流程圖。 The first figure is a block diagram showing the real-name authentication service system provided by the first preferred embodiment of the present invention; the second figure is a flowchart showing the steps of the real-name authentication service method provided by the second preferred embodiment of the present invention; Figure 3 shows a flow chart of the steps of the real-name authentication service method provided by the third preferred embodiment of the present invention; and Figures 4 A and B show the real-name authentication provided by the fourth preferred embodiment of the present invention A flowchart of the steps of the service method.

下面將結合示意圖對本發明的具體實施方式進行更詳細的描述。根據下列描述和申請專利範圍,本發明的優點和特徵將更清楚。需說明的是,圖式均採用非常簡化的形式且均使用非精準的比例,僅用以方便、明晰地輔助說明本發明實施例的目的。 The specific embodiments of the present invention will be described in more detail below with reference to the schematic diagrams. The advantages and features of the present invention will become more apparent from the following description and the scope of the claims. It should be noted that the drawings are all in a very simplified form and use inaccurate scales, and are only used to facilitate and clearly assist the purpose of explaining the embodiments of the present invention.

請參閱第一圖,第一圖係顯示本發明第一較佳實施例所提供之實名認證服務系統之方塊示意圖。如圖所示,一種實名認證服務系統100,包含一智慧型電子裝置1、一實名認證伺服器2、一第三方裝置3以及一銀行伺服器4。 Please refer to the first figure. The first figure is a block diagram showing the real-name authentication service system provided by the first preferred embodiment of the present invention. As shown in the figure, a real-name authentication service system 100 includes an intelligent electronic device 1 , a real-name authentication server 2 , a third-party device 3 and a bank server 4 .

智慧型電子裝置1包含一第一儲存模組11與一處理模組12。第一儲存模組11係儲存有一手機號碼111、一手機序號112(International Mobile Equipment Identity,IMEI)與一門號識別碼113(International Mobile Subscriber Identity,IMSI)。處理模組12係電性連結於第一儲存模組11,並內建有一身分驗證應用程式121,身分驗證應用程式121係在一身分驗證階段時,將手機號碼111、手機序號112與門號識別碼113透過一雜湊函數結合一加密金鑰計算出一身分驗證金鑰雜湊訊息鑑 別碼(Hash-based message authentication code,HMAC),並將手機號碼111、手機序號112與門號識別碼113與身分驗證金鑰雜湊訊息鑑別碼傳送出。在實務上,智慧型電子裝置1為具有行動通訊連網功能之電子裝置,可以用來傳輸與運算資料,而第一儲存模組11例如為一記憶體,儲存有對應智慧型電子裝置1之裝置本體之手機序號112以及SIM(Subscriber Identity Module)卡所提供之手機號碼111與門號識別碼113;處理模組12例如為處理器。 The intelligent electronic device 1 includes a first storage module 11 and a processing module 12 . The first storage module 11 stores a mobile phone number 111 , a mobile phone serial number 112 (International Mobile Equipment Identity, IMEI) and a door number identification code 113 (International Mobile Subscriber Identity, IMSI). The processing module 12 is electrically connected to the first storage module 11, and has a built-in identity verification application 121. The identity verification application 121 is connected to the mobile phone number 111, the mobile phone serial number 112 and the door number during an identity verification stage. The identification code 113 is combined with an encryption key through a hash function to calculate an authentication key hash message authentication Hash-based message authentication code (HMAC), and transmits the mobile phone number 111, the mobile phone serial number 112, the door number identification code 113 and the authentication key hash message authentication code. In practice, the intelligent electronic device 1 is an electronic device with the function of mobile communication and networking, which can be used to transmit and calculate data, and the first storage module 11 is, for example, a memory, which stores the data corresponding to the intelligent electronic device 1 . The mobile phone serial number 112 of the device body and the mobile phone number 111 and the door number identification code 113 provided by the SIM (Subscriber Identity Module) card; the processing module 12 is, for example, a processor.

實名認證伺服器2包含一身分驗證模組21與一第二儲存模組22。身分驗證模組21係通訊連結於智慧型電子裝置1與一電信公司伺服器200,且身分驗證模組21內建有一光學字元識別程式211。第二儲存模組22係電性連結於身分驗證模組21。其中,實名認證伺服器2是指用來提供實名認證服務之伺服器。此外,身分驗證模組21實務上是透過安全通道與智慧型電子裝置1進行連線,例如是透過傳輸層安全性協定TLS1.2(Transport Layer Security)進行傳輸。 The real-name authentication server 2 includes an identity verification module 21 and a second storage module 22 . The identity verification module 21 is communicatively connected to the intelligent electronic device 1 and a telecommunication company server 200 , and an optical character recognition program 211 is built in the identity verification module 21 . The second storage module 22 is electrically connected to the identity verification module 21 . The real-name authentication server 2 refers to a server used to provide real-name authentication services. In addition, the identity verification module 21 is actually connected to the smart electronic device 1 through a secure channel, for example, the transmission is performed through the transport layer security protocol TLS1.2 (Transport Layer Security).

承上所述,身分驗證模組21在身分驗證階段時,是用以接收智慧型電子裝置1所傳送之手機號碼111、手機序號112、門號識別碼113以及身分驗證金鑰雜湊訊息鑑別碼,並以雜湊函數結合加密金鑰對身分驗證金鑰雜湊訊息鑑別碼進行驗證;其中,身分驗證模組21與身分驗證應用程式121是以相同雜湊函數(MD5或SHA-512)與加密金鑰進行加密與解密,意即身分驗證模組21與身分驗證應用程式121是先約定好,或每次通訊 前協商好使用相同的雜湊函數與加密金鑰,藉以驗證手機號碼111、手機序號112、門號識別碼113是否在傳輸的過程中被竄改資料。實務上更可在加密的過程中加入時間戳,藉以防止重送攻擊。 As mentioned above, the identity verification module 21 is used to receive the mobile phone number 111 , the mobile phone serial number 112 , the door number identification code 113 and the authentication key hash message authentication code transmitted by the smart electronic device 1 during the identity verification stage. , and use the hash function combined with the encryption key to verify the authentication key hash message authentication code; wherein, the authentication module 21 and the authentication application 121 use the same hash function (MD5 or SHA-512) and encryption key Encryption and decryption are performed, which means that the authentication module 21 and the authentication application 121 are agreed in advance, or each communication It has been negotiated before that the same hash function and encryption key are used to verify whether the mobile phone number 111, the mobile phone serial number 112, and the door number identification code 113 have been tampered with during the transmission process. In practice, a timestamp can be added to the encryption process to prevent retransmission attacks.

此外,當身分驗證金鑰雜湊訊息鑑別碼通過身分驗證模組21之驗證後,實名認證伺服器2更透過一電信公司伺服器200對手機號碼111與門號識別碼113進行驗證而產生一授權令牌(token),並將授權令牌傳送至智慧型電子裝置1。在實務上,門號識別碼113即為國際移動用戶識別碼,且在使用者申請手機號碼111時,電信公司便已將獨一無二的門號識別碼113與手機號碼111做連結而儲存於電信公司伺服器200,因此電信公司伺服器200是比對手機號碼111與門號識別碼113是否相對應而進行辨識,並可進一步取得使用者申請手機號碼111時所留下的身分證字號與姓名等個人資料。此外,為了增加整體安全性,當智慧型電子裝置1接收到實名認證伺服器2所傳送之授權令牌時,更可以增加輸入用戶個人識別號碼(Personal Identification Number,PIN)的方式來加密授權令牌。 In addition, after the identity verification key hash message authentication code is verified by the identity verification module 21, the real-name authentication server 2 further verifies the mobile phone number 111 and the door number identification code 113 through a telecommunication company server 200 to generate an authorization token (token), and transmit the authorization token to the smart electronic device 1 . In practice, the door number identification code 113 is the international mobile subscriber identification code, and when the user applies for the mobile phone number 111, the telecommunications company has linked the unique door number identification code 113 with the mobile phone number 111 and stored it in the telecommunications company The server 200, so the telecommunications company server 200 compares the mobile phone number 111 with the door number identification code 113 to identify whether it corresponds, and can further obtain the identity card number and name left by the user when applying for the mobile phone number 111. personal information. In addition, in order to increase the overall security, when the smart electronic device 1 receives the authorization token sent by the real-name authentication server 2, it can also add a way of entering the user's personal identification number (PIN) to encrypt the authorization order Card.

第三方裝置3係通訊連結於智慧型電子裝置1,並包含一實名認證模組31,實名認證模組31內建有一第三方應用程式311與一對應於身分驗證應用程式121之應用程式金鑰312(application programming interface key,API key)。其中,在一認證階段中,第三方應用程式311係依據手機號碼111與應用程式金鑰312透過一軟 體開發套件(Software Development Kit,SDK)呼叫訊號至智慧型電子裝置1,進而喚醒身分驗證應用程式121顯示一認證確認資訊,當認證確認資訊受到確認後,身分驗證應用程式121係將授權令牌與應用程式金鑰312發送至實名認證伺服器2,使實名認證伺服器2對應用程式金鑰312與授權令牌進行認證,並在認證成功後發送一認證成功訊號至智慧型電子裝置1,進而使身分驗證應用程式121通知第三方應用程式311認證成功。在實務上,第三方裝置3例如為桌上型電腦、平板電腦、智慧型手機或智慧型收銀機等可以執行應用程式的電子裝置。 The third-party device 3 is communicatively connected to the smart electronic device 1, and includes a real-name authentication module 31. The real-name authentication module 31 has a built-in third-party application 311 and an application key corresponding to the identity verification application 121 312 (application programming interface key, API key). Among them, in an authentication stage, the third-party application 311 is based on the mobile phone number 111 and the application key 312 through a software The software development kit (SDK) calls the signal to the smart electronic device 1, and then wakes up the identity verification application 121 to display an authentication confirmation message. After the authentication confirmation information is confirmed, the identity verification application 121 will authorize the token and the application key 312 are sent to the real-name authentication server 2, so that the real-name authentication server 2 authenticates the application key 312 and the authorization token, and sends an authentication success signal to the smart electronic device 1 after the authentication is successful, Then, the identity verification application 121 notifies the third-party application 311 that the authentication is successful. In practice, the third-party device 3 is, for example, an electronic device that can execute an application program, such as a desktop computer, a tablet computer, a smart phone, or a smart cash register.

銀行伺服器4係通訊連結於實名認證伺服器2。其中,在認證階段中,當智慧型電子裝置1接收到第三方裝置3所傳送之授權令牌後,使用者更可輸入一銀行帳號資料與一身分證明影像資料,使身分驗證應用程式121將銀行帳號資料與身分證明影像資料透過雜湊函數與加密金鑰來產生一銀行綁定金鑰雜湊訊息鑑別碼,並將銀行帳號資料、身分證明影像資料與銀行綁定金鑰雜湊訊息鑑別碼傳送至實名認證伺服器2。實名認證伺服器2在接收到銀行帳號資料、身分證明影像資料與銀行綁定金鑰雜湊訊息鑑別碼時,同樣是先利用雜湊函數與加密金鑰對銀行綁定金鑰雜湊訊息鑑別碼進行驗證,並在通過驗證後利用身分驗證模組21所內建之一光學字元識別(Optical Character Recognition,OCR)程式211自身分證明影像資料中擷取出一身分資訊,進而將身分資訊與銀行帳號資料進行驗證,並在驗證成功後將銀行帳號 資料以AES256加密儲存於實名認證伺服器2之第二儲存模組22。在實務上,身分證明影像資料例如為身分證或護照等可以證明身分之證件的影像檔案。 The bank server 4 is connected to the real-name authentication server 2 for communication. Among them, in the authentication stage, after the smart electronic device 1 receives the authorization token sent by the third-party device 3, the user can further input a bank account information and an identity proof image data, so that the identity verification application 121 will The bank account information and the identity proof image data generate a bank binding key hash message authentication code through the hash function and the encryption key, and send the bank account information, the identity proof image data and the bank binding key hash message authentication code to the Real-name authentication server 2. When the real-name authentication server 2 receives the bank account information, the identification image data and the bank-bound key hash message authentication code, it also firstly uses the hash function and the encryption key to verify the bank-bound key hash message authentication code. , and after passing the verification, an Optical Character Recognition (OCR) program 211 built in the identity verification module 21 is used to extract an identity information from the self-identification image data, and then the identity information and bank account information Verify, and after successful verification add the bank account The data is encrypted and stored in the second storage module 22 of the real-name authentication server 2 with AES256 encryption. In practice, the identity proof image data is, for example, the image file of the identity card or passport and other documents that can prove identity.

請一併參閱第一圖與第二圖,第二圖係顯示本發明第二較佳實施例所提供之實名認證服務方法之步驟流程圖。如圖所示,在上述之實名認證服務系統100之架構下,一種實名認證服務方法包含以下步驟:首先步驟S101是利用安裝於一智慧型電子裝置1之一身分驗證應用程式121將一手機號碼111、一手機序號112與一門號識別碼113透過一雜湊函數結合一加密金鑰來產生一身分驗證金鑰雜湊訊息鑑別碼。 Please refer to the first figure and the second figure together. The second figure is a flowchart showing the steps of the real-name authentication service method provided by the second preferred embodiment of the present invention. As shown in the figure, under the framework of the above-mentioned real-name authentication service system 100, a real-name authentication service method includes the following steps: First, step S101 is to use an identity verification application 121 installed in a smart electronic device 1 to convert a mobile phone number 111. A mobile phone serial number 112 and a door number identification code 113 are combined with an encryption key through a hash function to generate an authentication key hash message authentication code.

步驟S102是透過身分驗證應用程式121將手機號碼111、手機序號112、門號識別碼113以及該金鑰雜湊訊息鑑別碼傳送至一實名認證伺服器2。在實務上,身分驗證應用程式121在將手機號碼111、手機序號112與門號識別碼113透過雜湊函數結合加密金鑰來產生身分驗證金鑰雜湊訊息鑑別碼後,便將手機號碼111、手機序號112、門號識別碼113與身分驗證金鑰雜湊訊息鑑別碼透過無線傳輸模組傳送至實名認證伺服器2;其中,智慧型電子裝置1為具有連上網際網路功能的裝置,且連上網際網路的方式可以是透過行動通訊晶片或WIFI無線通訊連接至網際網路。 Step S102 is to transmit the mobile phone number 111 , the mobile phone serial number 112 , the door number identification code 113 and the key hash message authentication code to a real-name authentication server 2 through the identity verification application 121 . In practice, the identity verification application 121 combines the mobile phone number 111, the mobile phone serial number 112 and the door number identification code 113 with the encryption key to generate the identity verification key hash message authentication code through the hash function, and then the mobile phone number 111, the mobile phone number 111, the mobile phone number 111 and the mobile phone number The serial number 112 , the door number identification code 113 and the authentication key hash message authentication code are transmitted to the real-name authentication server 2 through the wireless transmission module; wherein, the intelligent electronic device 1 is a device with the function of connecting to the Internet, and is connected to the real-name authentication server 2 . The way to connect to the Internet may be to connect to the Internet through a mobile communication chip or WIFI wireless communication.

步驟S103是實名認證伺服器2透過一電信公司伺服器200對手機號碼111與門號識別碼113進行驗證。在實務上,電信公司伺服器200為對應於手機號碼111 與門號識別碼113之電信公司的訊號處理中心,也因此電信公司伺服器200預先儲存有對應於手機號碼111與門號識別碼113之使用者個人資料。 Step S103 is that the real-name authentication server 2 verifies the mobile phone number 111 and the door number identification code 113 through a telecommunication company server 200 . In practice, the telecommunication company server 200 corresponds to the mobile phone number 111 The signal processing center of the telecommunications company with the door number identification code 113, and therefore, the telecommunications company server 200 pre-stores the user personal data corresponding to the mobile phone number 111 and the door number identification code 113.

步驟S104是當手機號碼111與門號識別碼113通過驗證後,實名認證伺服器2產生一授權令牌,並將授權令牌傳送至智慧型電子裝置1。 In step S104 , after the mobile phone number 111 and the door number identification code 113 are verified, the real-name authentication server 2 generates an authorization token, and transmits the authorization token to the smart electronic device 1 .

如上所述,由於智慧型電子裝置1可以透過身分驗證應用程式121將手機號碼111、手機序號112與門號識別碼113進行加密傳給實名認證伺服器2,而實名認證伺服器2透過解密驗證後,再將手機號碼111與門號識別碼113傳送至電信公司伺服器200,以使電信公司伺服器200依據使用者辦理手機號碼111所留下之個人資料來驗證使用者的身分,而實名認證伺服器2在得知電信公司伺服器200之驗證通過後,便會傳送授權令牌至智慧型電子裝置1,藉此,當使用者需要進一步使用證明身分之服務時,便可透過授權令牌傳送至實名認證伺服器2來證明身分。 As mentioned above, because the smart electronic device 1 can encrypt the mobile phone number 111, the mobile phone serial number 112 and the door number identification code 113 through the identity verification application 121 to the real-name authentication server 2, and the real-name authentication server 2 passes the decryption verification Then, the mobile phone number 111 and the door number identification code 113 are sent to the telecommunications company server 200, so that the telecommunications company server 200 can verify the identity of the user according to the personal information left by the user for the mobile phone number 111, and the real name The authentication server 2 will send the authorization token to the smart electronic device 1 after learning that the verification of the telecommunication company server 200 has passed, so that when the user needs to use the service for further identification, he can pass the authorization token The card is sent to the real-name authentication server 2 to prove the identity.

請一併參閱第一圖與第三圖,第三圖係顯示本發明第三較佳實施例所提供之實名認證服務方法之步驟流程圖。如圖所示,在上述之實名認證服務系統100之架構下,一種實名認證服務方法包含以下步驟:首先步驟S201是利用安裝於一智慧型電子裝置1之一身分驗證應用程式121將一手機號碼111、一手機序號112與一門號識別碼113透過一雜湊函數結合一加密金鑰來產生一身分驗證金鑰雜湊訊息鑑別碼。 Please refer to the first figure and the third figure together. The third figure is a flowchart showing the steps of the real-name authentication service method provided by the third preferred embodiment of the present invention. As shown in the figure, under the framework of the above-mentioned real-name authentication service system 100, a real-name authentication service method includes the following steps: First, step S201 is to use an identity verification application 121 installed in a smart electronic device 1 to convert a mobile phone number 111. A mobile phone serial number 112 and a door number identification code 113 are combined with an encryption key through a hash function to generate an authentication key hash message authentication code.

步驟S202是透過身分驗證應用程式121將手機號碼111、手機序號112、門號識別碼113以及該金鑰雜湊訊息鑑別碼傳送至一實名認證伺服器2。在實務上,身分驗證應用程式121在將手機號碼111、手機序號112與門號識別碼113透過雜湊函數結合加密金鑰來產生身分驗證金鑰雜湊訊息鑑別碼後,便將手機號碼111、手機序號112、門號識別碼113與身分驗證金鑰雜湊訊息鑑別碼透過無線傳輸模組傳送至實名認證伺服器2;其中,智慧型電子裝置1為具有連上網際網路功能的裝置,且連上網際網路的方式可以是透過行動通訊晶片或WIFI無線通訊連接至網際網路。 Step S202 is to transmit the mobile phone number 111 , the mobile phone serial number 112 , the door number identification code 113 and the key hash message authentication code to a real-name authentication server 2 through the identity verification application 121 . In practice, the identity verification application 121 combines the mobile phone number 111, the mobile phone serial number 112 and the door number identification code 113 with the encryption key to generate the identity verification key hash message authentication code through the hash function, and then the mobile phone number 111, the mobile phone number 111, the mobile phone number 111 and the mobile phone number The serial number 112 , the door number identification code 113 and the authentication key hash message authentication code are transmitted to the real-name authentication server 2 through the wireless transmission module; wherein, the intelligent electronic device 1 is a device with the function of connecting to the Internet, and is connected to the real-name authentication server 2 . The way to connect to the Internet may be to connect to the Internet through a mobile communication chip or WIFI wireless communication.

步驟S203是實名認證伺服器2透過一電信公司伺服器200對手機號碼111與門號識別碼113進行驗證。在實務上,電信公司伺服器200為對應於手機號碼111與門號識別碼113之電信公司的訊號處理中心,也因此電信公司伺服器200預先儲存有對應於手機號碼111與門號識別碼113之使用者個人資料。 Step S203 is that the real-name authentication server 2 verifies the mobile phone number 111 and the door number identification code 113 through a telecommunication company server 200 . In practice, the telecommunications company server 200 is the signal processing center of the telecommunications company corresponding to the mobile phone number 111 and the door number identification code 113. Therefore, the telecommunications company server 200 pre-stores the corresponding mobile phone number 111 and the door number identification code 113. user personal data.

步驟S204是當手機號碼111與門號識別碼113通過驗證後,實名認證伺服器2產生一授權令牌,並將授權令牌傳送至智慧型電子裝置1。 In step S204 , after the mobile phone number 111 and the door number identification code 113 are verified, the real-name authentication server 2 generates an authorization token, and transmits the authorization token to the smart electronic device 1 .

步驟S205是一第三方應用程式311依據手機號碼111與一應用程式金鑰312透過一應用程式呼叫訊號至智慧型電子裝置1。 Step S205 is that a third-party application 311 calls the signal to the smart electronic device 1 through an application according to the mobile phone number 111 and an application key 312 .

步驟S206是身分驗證應用程式121受到應用程式呼叫訊號所喚醒,並顯示一認證確認資訊。 In step S206, the identity verification application 121 is awakened by the application calling signal, and an authentication confirmation message is displayed.

步驟S207是當認證確認資訊受到確認後,身分驗證應用程式121係將授權令牌與應用程式金鑰312發送至實名認證伺服器2。 In step S207 , after the authentication confirmation information is confirmed, the identity verification application 121 sends the authorization token and the application key 312 to the real-name authentication server 2 .

步驟S208是實名認證伺服器2在接收到授權令牌與應用程式金鑰312後,對應用程式金鑰312與授權令牌進行認證,並在認證成功後發送一認證成功訊號至智慧型電子裝置1,使身分驗證應用程式121通知第三方應用程式311認證成功。 Step S208 is that after receiving the authorization token and the application key 312, the real-name authentication server 2 authenticates the application key 312 and the authorization token, and sends an authentication success signal to the smart electronic device after the authentication is successful 1. Make the authentication application 121 notify the third-party application 311 that the authentication is successful.

如上所述,本實施例在實務上主要是應用於使用者身分之確認,例如透過本實施例所提供之實名認證服務方法來證明身分以辦理身分證或是在銀行開戶時確認使用者身分,相較於現有技術需要準備各種證件進行辦哩,由於本實施例所提供之實名認證服務方法已先利用手機號碼、手機序號與門號識別碼透過實名認證伺服器與電信公司伺服器進行驗證而產生授權令牌,因此可以進一步利用授權令牌快速的證明使用者身分。 As mentioned above, this embodiment is mainly applied to the confirmation of user identity in practice. For example, the real-name authentication service method provided by this embodiment is used to prove identity to apply for identity card or to confirm user identity when opening a bank account. Compared with the prior art, it is necessary to prepare various certificates for application, because the real-name authentication service method provided by this embodiment has already used the mobile phone number, mobile phone serial number and door number identification code to verify through the real-name authentication server and the server of the telecommunications company. An authorization token is generated, so the authorization token can be further used to quickly prove the user's identity.

請一併參閱第一圖、第四A圖與第四B圖,第四A圖與第四B圖係顯示本發明第四較佳實施例所提供之實名認證服務方法之步驟流程圖。如圖所示,在上述之實名認證服務系統100之架構下,一種實名認證服務方法包含以下步驟:首先步驟S301是利用安裝於一智慧型電子裝置1之一身分驗證應用程式121將一手機號碼111、一手機序號112與一門號識別碼113透過一雜湊函數結合一加密金鑰來產生一身分驗證金鑰雜湊訊息鑑別碼。 Please refer to Figure 1, Figure 4A and Figure 4B together. Figures 4A and 4B are flowcharts showing the steps of the real-name authentication service method provided by the fourth preferred embodiment of the present invention. As shown in the figure, under the framework of the above-mentioned real-name authentication service system 100 , a real-name authentication service method includes the following steps: First, step S301 is to use an identity verification application 121 installed in a smart electronic device 1 to convert a mobile phone number 111. A mobile phone serial number 112 and a door number identification code 113 are combined with an encryption key through a hash function to generate an authentication key hash message authentication code.

步驟S302是透過身分驗證應用程式121將手機號碼111、手機序號112、門號識別碼113以及該金鑰雜湊訊息鑑別碼傳送至一實名認證伺服器2。在實務上,身分驗證應用程式121在將手機號碼111、手機序號112與門號識別碼113透過雜湊函數結合加密金鑰來產生身分驗證金鑰雜湊訊息鑑別碼後,便將手機號碼111、手機序號112、門號識別碼113與身分驗證金鑰雜湊訊息鑑別碼透過無線傳輸模組傳送至實名認證伺服器2;其中,智慧型電子裝置1為具有連上網際網路功能的裝置,且連上網際網路的方式可以是透過行動通訊晶片或WIFI無線通訊連接至網際網路。 Step S302 is to transmit the mobile phone number 111 , the mobile phone serial number 112 , the door number identification code 113 and the key hash message authentication code to a real-name authentication server 2 through the identity verification application 121 . In practice, the identity verification application 121 combines the mobile phone number 111, the mobile phone serial number 112 and the door number identification code 113 with the encryption key to generate the identity verification key hash message authentication code through the hash function, and then the mobile phone number 111, the mobile phone number 111, the mobile phone number 111 and the mobile phone number The serial number 112 , the door number identification code 113 and the authentication key hash message authentication code are transmitted to the real-name authentication server 2 through the wireless transmission module; wherein, the intelligent electronic device 1 is a device with the function of connecting to the Internet, and is connected to the real-name authentication server 2 . The way to connect to the Internet may be to connect to the Internet through a mobile communication chip or WIFI wireless communication.

步驟S303是實名認證伺服器2透過一電信公司伺服器200對手機號碼111與門號識別碼113進行驗證。在實務上,電信公司伺服器200為對應於手機號碼111與門號識別碼113之電信公司的訊號處理中心,也因此電信公司伺服器200預先儲存有對應於手機號碼111與門號識別碼113之使用者個人資料。 Step S303 is that the real-name authentication server 2 verifies the mobile phone number 111 and the door number identification code 113 through a telecommunication company server 200 . In practice, the telecommunications company server 200 is the signal processing center of the telecommunications company corresponding to the mobile phone number 111 and the door number identification code 113. Therefore, the telecommunications company server 200 pre-stores the corresponding mobile phone number 111 and the door number identification code 113. user personal data.

步驟S304是當手機號碼111與門號識別碼113通過驗證後,實名認證伺服器2更將授權令牌傳送至智慧型電子裝置1。 In step S304 , after the mobile phone number 111 and the door number identification code 113 are verified, the real-name authentication server 2 further transmits the authorization token to the smart electronic device 1 .

步驟S305是利用身分驗證應用程式121將一銀行帳號資料與一身分證明影像資料透過雜湊函數與加密金鑰來產生一銀行綁定金鑰雜湊訊息鑑別碼。 Step S305 is to use the identity verification application 121 to generate a bank binding key hash message authentication code by applying a hash function and an encryption key to a bank account data and an identity proof image data.

步驟S306是將銀行帳號資料、身分證明影像資料與銀行綁定金鑰雜湊訊息鑑別碼傳送至實名認證 伺服器2。 Step S306 is to transmit the bank account information, the identity certificate image data and the bank binding key hash message authentication code to the real-name authentication Server 2.

步驟S307是實名認證伺服器2在接收到銀行帳號資料、身分證明影像資料與銀行綁定金鑰雜湊訊息鑑別碼時,先利用雜湊函數與加密金鑰對銀行綁定金鑰雜湊訊息鑑別碼進行驗證,並在通過驗證後利用一光學字元識別程式211自身分證明影像資料中擷取出一身分資訊,進而將身分資訊與銀行帳號資料進行驗證。 Step S307 is that when the real-name authentication server 2 receives the bank account information, the identification image data and the bank binding key hash message authentication code, it first uses the hash function and the encryption key to perform the bank binding key hash message authentication code. After the verification, an optical character recognition program 211 is used to extract an identity information from the self-identifying image data, and then the identity information and the bank account information are verified.

步驟S308是在驗證成功後將銀行帳號資料加密儲存於實名認證伺服器2。 Step S308 is to encrypt and store the bank account information in the real-name authentication server 2 after the verification is successful.

步驟S309是第三方應用程式311依據手機號碼111、一支付金額與一應用程式金鑰312透過一應用程式呼叫訊號至智慧型電子裝置1。 Step S309 is that the third-party application 311 calls the signal to the smart electronic device 1 through an application according to the mobile phone number 111 , a payment amount and an application key 312 .

步驟S310是身分驗證應用程式121依據應用程式呼叫訊號向實名認證伺服器2詢問第三方應用程式311是否通過審核。 In step S310, the identity verification application 121 asks the real-name authentication server 2 whether the third-party application 311 has passed the audit according to the application calling signal.

步驟S311是當實名認證伺服器2確認第三方應用程式311通過審核時,實名認證伺服器2發送一審核通過訊號至智慧型電子裝置1,使智慧型電子裝置1顯示一允許支付確認訊息供使用者確認。 In step S311, when the real-name authentication server 2 confirms that the third-party application 311 has passed the review, the real-name authentication server 2 sends an approval signal to the smart electronic device 1, so that the smart electronic device 1 displays a payment permission confirmation message for use the person confirms.

步驟S312是當允許支付確認訊息被確認後,身分驗證應用程式121係將授權令牌與應用程式金鑰312發送至實名認證伺服器2。 In step S312 , after the payment permission confirmation message is confirmed, the identity verification application 121 sends the authorization token and the application key 312 to the real-name authentication server 2 .

步驟S313是實名認證伺服器2在接收到授權令牌與應用程式金鑰312後,係對應用程式金鑰312與授權令牌進行認證,並在認證成功後向一銀行伺服器4 進行交易請求。 Step S313 is that after the real-name authentication server 2 receives the authorization token and the application key 312, it authenticates the application key 312 and the authorization token, and reports to a bank server 4 after the authentication is successful. Make a trade request.

步驟S314是當實名認證伺服器2向銀行伺服器4進行交易請求完成後,實名認證伺服器2係將一交易完成資訊傳送至智慧型電子裝置1,而智慧型電子裝置1更將交易完成資訊傳送至第三方裝置3。 In step S314, after the real-name authentication server 2 completes the transaction request to the bank server 4, the real-name authentication server 2 transmits a transaction completion information to the intelligent electronic device 1, and the intelligent electronic device 1 further transmits the transaction completion information. to third-party device 3.

在其他實施例中,第三方裝置3例如為一電子帳單服務器,而第三方應用程式311亦可為一電子帳單應用程式,並用以供使用者安裝於智慧型電子裝置1中,在商家欲使用電子帳單服務器為使用者服務時,需先向服務商申請商家ID,當通過驗證後便會取得商家ID與用來提出發單申請的憑證;其中,使用者在使用電子帳單服務時,安裝於智慧型電子裝置1之電子帳單應用程式會發送軟體開發套件呼叫訊號來喚起身分驗證應用程式121來完成身分認證,當認證成功之後,電子帳單應用程式便會將手機序號112發送給電子帳單服務器,進而完成裝置註冊之過程,之後使用者便可透過電子帳單應用程式來查看帳單資訊,並直接利用身分驗證應用程式121連線到實名認證伺服器2,並透過實名認證伺服器2與銀行伺服器4之配何來進行電子帳單之扣款。 In other embodiments, the third-party device 3 is, for example, an e-billing server, and the third-party application 311 can also be an e-bill application, which is installed in the smart electronic device 1 by the user and used in the merchant. When you want to use the e-billing server to serve users, you need to apply for a merchant ID from the service provider first, and after passing the verification, you will get the merchant ID and the certificate used to apply for billing; among them, the user is using the e-bill service. , the e-billing application installed on the smart electronic device 1 will send a software development kit call signal to call up the identity verification application 121 to complete the identity verification. After the verification is successful, the e-billing application will send the mobile phone serial number 112 Send it to the electronic billing server to complete the process of device registration. After that, the user can view the billing information through the electronic billing application, and directly use the identity verification application 121 to connect to the real-name authentication server 2 and pass How can the real-name authentication server 2 and the bank server 4 be used for deduction of electronic bills?

第三方應用程式311係依據手機號碼111與應用程式金鑰312透過一軟體開發套件(Software Development Kit,SDK)呼叫訊號至智慧型電子裝置1,進而喚醒身分驗證應用程式121顯示一認證確認資訊,而電子帳單應用程式會透過 The third-party application 311 calls the smart electronic device 1 through a software development kit (SDK) according to the mobile phone number 111 and the application key 312, and then wakes up the identity verification application 121 to display an authentication confirmation message. The e-bill application will pass

如上所述,本實施例之實名認證服務方法 是在身分驗證階段時將驗證所得之授權令牌與銀行帳號資料傳送至實名認證伺服器,並經過驗證後將銀行帳號資料加密儲存於實名認證伺服器中,藉此使智慧型電子裝置上不需儲存銀行帳號資料,並可在需要付款時,將支付金額與授權令牌一併傳送至實名認證伺服器,並在驗證通過後,直接依據實名認證伺服器所儲存之銀行帳號資料通知銀行伺服器進行扣款。 As described above, the real-name authentication service method of this embodiment In the identity verification stage, the authorization token and bank account information obtained from the verification are sent to the real-name authentication server, and after verification, the bank account information is encrypted and stored in the real-name authentication server, so that the smart electronic device does not The bank account information needs to be stored, and when payment is required, the payment amount and the authorization token can be sent to the real-name authentication server, and after the verification is passed, the bank server will be notified directly based on the bank account information stored in the real-name authentication server. device for deduction.

綜上所述,由於智慧型電子裝置在身分驗證階段時,可以透過身分驗證應用程式將手機號碼、手機序號與門號識別碼進行加密傳給實名認證伺服器,而實名認證伺服器透過解密驗證後,再將手機號碼與門號識別碼傳送至電信公司伺服器,以使電信公司伺服器依據使用者辦理手機號碼所留下之個人資料來驗證使用者的身分,而實名認證伺服器在得知電信公司伺服器之驗證通過後,便會依據使用者個人資訊產生授權令牌並傳送至智慧型電子裝置,藉此,當使用者需要進一步使用證明身分之服務時,便可透過授權令牌傳送至實名認證伺服器來證明身分。 To sum up, since the smart electronic device is in the identity verification stage, the mobile phone number, mobile phone serial number and door number identification code can be encrypted and transmitted to the real-name authentication server through the identity verification application, and the real-name authentication server can pass the decryption verification. After that, the mobile phone number and the door number identification code are sent to the server of the telecommunications company, so that the server of the telecommunications company can verify the identity of the user according to the personal information left by the user for the mobile phone number. After the verification of the telecommunications company's server is passed, an authorization token will be generated based on the user's personal information and sent to the smart electronic device. Sent to the real-name authentication server to prove identity.

上述僅為本發明較佳之實施例而已,並不對本發明進行任何限制。任何所屬技術領域的技術人員,在不脫離本發明的技術手段的範圍內,對本發明揭露的技術手段和技術內容做任何形式的等同替換或修改等變動,均屬未脫離本發明的技術手段的內容,仍屬於本發明的保護範圍之內。 The above are only preferred embodiments of the present invention, and do not limit the present invention in any way. Any person skilled in the art, within the scope of not departing from the technical means of the present invention, makes any form of equivalent replacement or modification to the technical means and technical content disclosed in the present invention, all of which do not depart from the technical means of the present invention. content still falls within the protection scope of the present invention.

100‧‧‧實名認證服務系統 100‧‧‧Real-name authentication service system

1‧‧‧智慧型電子裝置 1‧‧‧Smart Electronic Devices

11‧‧‧第一儲存模組 11‧‧‧First storage module

111‧‧‧手機號碼 111‧‧‧Mobile number

112‧‧‧手機序號 112‧‧‧Mobile phone number

113‧‧‧門號識別碼 113‧‧‧Door ID

12‧‧‧處理模組 12‧‧‧Processing module

121‧‧‧身分驗證應用程式 121‧‧‧Authentication Apps

2‧‧‧實名認證伺服器 2‧‧‧Real-name authentication server

21‧‧‧身分驗證模組 21‧‧‧Authentication Module

211‧‧‧光學字元識別程式 211‧‧‧Optical Character Recognition Programs

22‧‧‧第二儲存模組 22‧‧‧Second storage module

3‧‧‧第三方裝置 3‧‧‧Third party device

31‧‧‧實名認證模組 31‧‧‧Real-name authentication module

311‧‧‧第三方應用程式 311‧‧‧Third-party applications

312‧‧‧應用程式金鑰 312‧‧‧Application Key

4‧‧‧銀行伺服器 4‧‧‧Bank Server

200‧‧‧電信公司伺服器 200‧‧‧Telecommunications company server

Claims (7)

一種實名認證服務系統,包含:一智慧型電子裝置,係內建有一身分驗證應用程式,該身分驗證應用程式係在一身分驗證階段時,將一手機號碼、一手機序號(International Mobile Equipment Identity,IMEI)與一門號識別碼(International Mobile Subscriber Identity,IMSI)透過一雜湊函數結合一加密金鑰計算出一身分驗證金鑰雜湊訊息鑑別碼(Hash-based message authentication code,HMAC);一實名認證伺服器,係通訊連結於該智慧型電子裝置,用以接收該手機號碼、該手機序號、該門號識別碼以及該身分驗證金鑰雜湊訊息鑑別碼,並以該雜湊函數結合該加密金鑰對該身分驗證金鑰雜湊訊息鑑別碼進行驗證,當該身分驗證金鑰雜湊訊息鑑別碼通過驗證後,該實名認證伺服器更透過一電信公司伺服器對該手機號碼與該門號識別碼進行驗證而產生一授權令牌,並將該授權令牌傳送至該智慧型電子裝置;以及一第三方裝置,係通訊連結於該智慧型電子裝置,並內建有一第三方應用程式與一對應於該身分驗證應用程式之應用程式金鑰(application programming interface key,API key),該第三方應用程式係依據該手機號碼與該應用程式金鑰透過一軟體開發套件(Software Development Kit,SDK)呼叫訊號至該智慧型電子裝置,進而喚醒該身分驗證應用程式顯示一認證確認資訊,當該認證確認資訊受到確認後,該身分驗證應用 程式係將該授權令牌與該應用程式金鑰發送至該實名認證伺服器,使該實名認證伺服器對該應用程式金鑰與該授權令牌進行認證,並在認證成功後發送一認證成功訊號至該智慧型電子裝置,進而使該身分驗證應用程式通知該第三方應用程式認證成功。 A real-name authentication service system, comprising: an intelligent electronic device with an identity verification application built in, the identity verification application is a mobile phone number, a mobile phone serial number (International Mobile Equipment Identity, IMEI) and an International Mobile Subscriber Identity (IMSI) through a hash function combined with an encryption key to calculate an identity verification key Hash-based message authentication code (HMAC); a real-name authentication server A device, which is communicatively connected to the smart electronic device, is used to receive the mobile phone number, the mobile phone serial number, the door number identification code and the authentication key hash message authentication code, and combine the encryption key pair with the hash function The authentication key hash message authentication code is verified, and after the authentication key hash message authentication code is verified, the real-name authentication server further verifies the mobile phone number and the door number identification code through a telecommunications company server generating an authorization token, and transmitting the authorization token to the intelligent electronic device; and a third-party device, which is communicatively connected to the intelligent electronic device, and has a built-in third-party application program and a corresponding The application programming interface key (API key) of the authentication application, the third-party application calls the signal to the mobile phone number and the application key through a software development kit (SDK) The smart electronic device then wakes up the identity verification application to display an authentication confirmation message. After the authentication confirmation information is confirmed, the identity verification application The program sends the authorization token and the application key to the real-name authentication server, so that the real-name authentication server authenticates the application key and the authorization token, and sends an authentication success after the authentication is successful The signal is sent to the smart electronic device, so that the authentication application notifies the third-party application that the authentication is successful. 如申請專利範圍第1項所述之實名認證服務系統,更包含一銀行伺服器,係通訊連結於該實名認證伺服器,當該智慧型電子裝置接收到該授權令牌後,該身分驗證應用程式更將使用者所輸入之一銀行帳號資料與一身分證明影像資料透過該雜湊函數與該加密金鑰來產生一銀行綁定金鑰雜湊訊息鑑別碼,並將該銀行帳號資料、該身分證明影像資料與該銀行綁定金鑰雜湊訊息鑑別碼傳送至該實名認證伺服器;該實名認證伺服器在接收到該銀行帳號資料、該身分證明影像資料與該銀行綁定金鑰雜湊訊息鑑別碼時,係先利用該雜湊函數與該加密金鑰對該銀行綁定金鑰雜湊訊息鑑別碼進行驗證,並在通過驗證後利用一光學字元識別程式自該身分證明影像資料中擷取出一身分資訊,進而將該身分資訊與該銀行帳號資料進行驗證,並在驗證成功後將該銀行帳號資料加密儲存於該實名認證伺服器,當該第三方應用程式透過一應用程式呼叫訊號至該智慧型電子裝置,該身分驗證應用程式依據該應用程式呼叫訊號向該實名認證伺服器詢問該第三方應用程式是否通過審核,當該實名認證伺服器確認第三方應用程式通過審核 時,實名認證伺服器發送一審核通過訊號至該智慧型電子裝置,使該智慧型電子裝置顯示一允許支付確認訊息供使用者確認,當該允許支付確認訊息被確認後,該身分驗證應用程式係將該授權令牌與該應用程式金鑰發送至該實名認證伺服器,該實名認證伺服器在接收到該授權令牌與該應用程式金鑰後對該應用程式金鑰與該授權令牌進行認證,並在認證成功後向該銀行伺服器進行交易請求。 The real-name authentication service system described in item 1 of the scope of the application further includes a bank server, which is communicatively connected to the real-name authentication server. After the smart electronic device receives the authorization token, the identity authentication application The program further generates a bank binding key hash message authentication code by using a bank account information and an identity proof image data input by the user through the hash function and the encryption key, and converts the bank account information, the identity proof The image data and the bank-bound key hash message authentication code are sent to the real-name authentication server; the real-name authentication server receives the bank account information, the identity proof image data and the bank-bound key hash message authentication code. When the hash function and the encryption key are used, the bank-bound key hash message authentication code is first verified, and after the verification is passed, an optical character recognition program is used to extract an identity from the identification image data information, and then verify the identity information and the bank account information, and after the verification is successful, the bank account information is encrypted and stored in the real-name authentication server. When the third-party application calls a signal to the smart phone through an application An electronic device, the identity verification application asks the real-name authentication server whether the third-party application has passed the audit according to the call signal of the application, and when the real-name authentication server confirms that the third-party application has passed the audit When the real-name authentication server sends an approval signal to the smart electronic device, so that the smart electronic device displays a payment permission confirmation message for the user to confirm. After the payment permission confirmation message is confirmed, the identity verification application sends the authorization token and the application key to the real-name authentication server, and the real-name authentication server receives the authorization token and the application key and the application key and the authorization token Authenticate, and make a transaction request to the bank server after the authentication is successful. 如申請專利範圍第1項所述之實名認證服務系統,其中,該智慧型電子裝置包含一第一儲存模組,該第一儲存模組儲存有該手機號碼、該手機序號以及該門號識別碼。 The real-name authentication service system as described in item 1 of the scope of the application, wherein the intelligent electronic device comprises a first storage module, and the first storage module stores the mobile phone number, the mobile phone serial number and the identification of the door number code. 一種實名認證服務方法,包含以下步驟:(a)利用安裝於一智慧型電子裝置之一身分驗證應用程式將一手機號碼、一手機序號與一門號識別碼透過一雜湊函數結合一加密金鑰來產生一身分驗證金鑰雜湊訊息鑑別碼;(b)透過該身分驗證應用程式將該手機號碼、該手機序號、該門號識別碼以及該身分驗證金鑰雜湊訊息鑑別碼傳送至一實名認證伺服器;(c)該實名認證伺服器透過一電信公司伺服器對該手機號碼與該門號識別碼進行驗證;以及(d)當該手機號碼與該門號識別碼通過驗證後,該實名 認證伺服器產生一授權令牌,並將該授權令牌傳送至該智慧型電子裝置。 A real-name authentication service method, comprising the following steps: (a) using an identity verification application installed on a smart electronic device to combine a mobile phone number, a mobile phone serial number and a door number identification code with an encryption key through a hash function generate an authentication key hash message authentication code; (b) send the mobile phone number, the mobile phone serial number, the door number identification code and the authentication key hash message authentication code to a real-name authentication server through the authentication application program (c) the real-name authentication server verifies the mobile phone number and the door number identification code through a telecommunications company server; and (d) when the mobile phone number and the door number identification code are verified, the real name The authentication server generates an authorization token and transmits the authorization token to the intelligent electronic device. 如申請專利範圍第4項所述之實名認證服務方法,更包含以下步驟:(e)利用該身分驗證應用程式將一銀行帳號資料與一身分證明影像資料透過該雜湊函數與該加密金鑰來產生一銀行綁定金鑰雜湊訊息鑑別碼;(f)將該銀行帳號資料、該身分證明影像資料與該銀行綁定金鑰雜湊訊息鑑別碼傳送至該實名認證伺服器;(g)該實名認證伺服器在接收到該銀行帳號資料、該身分證明影像資料與該銀行綁定金鑰雜湊訊息鑑別碼時,先利用該雜湊函數與該加密金鑰對該銀行綁定金鑰雜湊訊息鑑別碼進行驗證,並在通過驗證後利用一光學字元識別程式自該身分證明影像資料中擷取出一身分資訊,進而將該身分資訊與該銀行帳號資料進行驗證;以及(h)在驗證成功後將該銀行帳號資料加密儲存於該實名認證伺服器。 The real-name authentication service method described in Item 4 of the scope of the patent application further includes the following steps: (e) using the identity authentication application to convert a bank account information and an identity authentication image data through the hash function and the encryption key Generate a bank-bound key hash message authentication code; (f) send the bank account information, the identity proof image data and the bank-bound key hash message authentication code to the real-name authentication server; (g) the real-name authentication server When receiving the bank account information, the identity proof image data and the bank binding key hash message authentication code, the authentication server first uses the hash function and the encryption key to hash the bank binding key hash message authentication code Carry out verification, and after the verification, use an optical character recognition program to extract an identity information from the identity certificate image data, and then verify the identity information and the bank account information; and (h) after the verification is successful, send The bank account information is encrypted and stored in the real-name authentication server. 如申請專利範圍第5項所述之實名認證服務方法,更包含以下步驟:(i)一第三方裝置之一第三方應用程式依據該手機號碼、一支付金額與一應用程式金鑰透過一應用程式 呼叫訊號至該智慧型電子裝置;(j)該身分驗證應用程式依據該應用程式呼叫訊號向該實名認證伺服器詢問該第三方應用程式是否通過審核;(k)當該實名認證伺服器確認該第三方應用程式通過審核時,該實名認證伺服器係發送一審核通過訊號至該智慧型電子裝置,使該智慧型電子裝置顯示一允許支付確認訊息供使用者確認;(l)當該允許支付確認訊息被確認後,該身分驗證應用程式係將該授權令牌與該應用程式金鑰發送至該實名認證伺服器;(m)該實名認證伺服器在接收到該授權令牌與該應用程式金鑰後,係對該應用程式金鑰與該授權令牌進行認證,並在認證成功後向一銀行伺服器進行交易請求;以及(n)當該實名認證伺服器向該銀行伺服器進行交易請求完成後,該實名認證伺服器係將一交易完成資訊傳送至該智慧型電子裝置,而該智慧型電子裝置更將該交易完成資訊傳送至該第三方裝置。 The real-name authentication service method as described in item 5 of the scope of application, further comprising the following steps: (i) a third-party application of a third-party device through an application according to the mobile phone number, a payment amount and an application key program call the signal to the smart electronic device; (j) the identity verification application asks the real-name authentication server whether the third-party application has passed the audit according to the application call signal; (k) when the real-name authentication server confirms the When the third-party application passes the review, the real-name authentication server sends an approval signal to the smart electronic device, so that the smart electronic device displays a payment permission confirmation message for the user to confirm; (l) when the payment permission is granted After the confirmation message is confirmed, the authentication application sends the authorization token and the application key to the real-name authentication server; (m) the real-name authentication server receives the authorization token and the application After the key is generated, the application key and the authorization token are authenticated, and after the authentication is successful, a transaction request is made to a bank server; and (n) when the real-name authentication server conducts a transaction to the bank server After the request is completed, the real-name authentication server transmits a transaction completion information to the intelligent electronic device, and the intelligent electronic device further transmits the transaction completion information to the third-party device. 如申請專利範圍第4項所述之實名認證服務方法,更包含以下步驟:(e)一第三方裝置之一第三方應用程式依據該手機號碼與一應用程式金鑰透過一應用程式呼叫訊號至該智慧型電子裝置; (f)該身分驗證應用程式係受到該應用程式呼叫訊號所喚醒,並顯示一認證確認資訊;(g)當該認證確認資訊受到確認後,該身分驗證應用程式係將該授權令牌與該應用程式金鑰發送至該實名認證伺服器;以及(h)該實名認證伺服器在接收到該授權令牌與該應用程式金鑰後,係對該應用程式金鑰與該授權令牌進行認證,並在認證成功後發送一認證成功訊號至該智慧型電子裝置,使該身分驗證應用程式通知該第三方應用程式認證成功。 The real-name authentication service method described in Item 4 of the scope of the application further includes the following steps: (e) a third-party application of a third-party device calls a signal to a third-party device through an application according to the mobile phone number and an application key. the intelligent electronic device; (f) the identity verification application is awakened by the application call signal and displays an authentication confirmation message; (g) when the authentication confirmation information is confirmed, the identity verification application associates the authorization token with the The application key is sent to the real-name authentication server; and (h) the real-name authentication server authenticates the application key and the authorization token after receiving the authorization token and the application key , and send an authentication success signal to the smart electronic device after the authentication is successful, so that the identity verification application notifies the third-party application that the authentication is successful.
TW107104792A 2018-02-09 2018-02-09 Real-name authentication service system and real-name authentication service method TWI753102B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW107104792A TWI753102B (en) 2018-02-09 2018-02-09 Real-name authentication service system and real-name authentication service method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW107104792A TWI753102B (en) 2018-02-09 2018-02-09 Real-name authentication service system and real-name authentication service method

Publications (2)

Publication Number Publication Date
TW201935295A TW201935295A (en) 2019-09-01
TWI753102B true TWI753102B (en) 2022-01-21

Family

ID=68618455

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107104792A TWI753102B (en) 2018-02-09 2018-02-09 Real-name authentication service system and real-name authentication service method

Country Status (1)

Country Link
TW (1) TWI753102B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111010363B (en) * 2019-09-20 2022-04-05 中国银联股份有限公司 Information authentication method and system, authentication module and user terminal
TWI745015B (en) * 2020-08-10 2021-11-01 捷碼數位科技股份有限公司 System and method for providing authorized content generated during identity authentication for verifying transaction data before transaction
CN112182552B (en) * 2020-09-22 2024-07-16 京东科技控股股份有限公司 Real-name authentication method and device, electronic equipment and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104753674A (en) * 2013-12-31 2015-07-01 中国移动通信集团公司 Application identity authentication method and device
CN104867012A (en) * 2006-08-01 2015-08-26 Q佩控股有限公司 Transaction authorization system and method and remote payment system
US20170012969A1 (en) * 2015-07-08 2017-01-12 Alibaba Group Holding Limited Method and device for authentication using dynamic passwords

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104867012A (en) * 2006-08-01 2015-08-26 Q佩控股有限公司 Transaction authorization system and method and remote payment system
CN104753674A (en) * 2013-12-31 2015-07-01 中国移动通信集团公司 Application identity authentication method and device
US20170012969A1 (en) * 2015-07-08 2017-01-12 Alibaba Group Holding Limited Method and device for authentication using dynamic passwords
TW201706900A (en) * 2015-07-08 2017-02-16 Alibaba Group Services Ltd Method and device for authentication using dynamic passwords

Also Published As

Publication number Publication date
TW201935295A (en) 2019-09-01

Similar Documents

Publication Publication Date Title
US11521194B2 (en) Trusted service manager (TSM) architectures and methods
US12022282B2 (en) Anonymous authentication and remote wireless token access
US9886688B2 (en) System and method for secure transaction process via mobile device
CN108012268B (en) SIM card for ensuring safe use of application software on mobile phone terminal
JP6704919B2 (en) How to secure your payment token
TW201741922A (en) Biological feature based safety certification method and device
CN109039652B (en) Digital certificate generation and application method
US9065806B2 (en) Internet based security information interaction apparatus and method
US20130061051A1 (en) Method for authenticating electronic transaction, server, and terminal
TWI775288B (en) Payment token application method, equipment, system and server
TWI753102B (en) Real-name authentication service system and real-name authentication service method
TWM589842U (en) Mobile trading desk with real-name phone
KR101754486B1 (en) Method for Providing Mobile Payment Service by Using Account Information
US20230237172A1 (en) Data broker
KR101625065B1 (en) User authentification method in mobile terminal
US20240232853A9 (en) Payment card, authentication method and use for a remote payment
TWI626606B (en) Electronic card establishment system and method thereof
KR20100136329A (en) System and method for settling mobile phone by multiple authentication mode network's otp authentication with index exchange and recording medium
TWI678674B (en) Ticket top-up system, method and mobile apparatus
JP2003032749A (en) Method for prohibiting communication, method for digital authentication and server
TWM642599U (en) identity verification system
KR20120137022A (en) Method and system for preventing phishing fraud using call authentication
KR20100136370A (en) System and method for settling mobile phone by otp authentication and recording medium
KR20100136375A (en) System and method for settling mobile phone by network otp authentication and recording medium