TWI753679B - Online transaction management method and system - Google Patents

Online transaction management method and system Download PDF

Info

Publication number
TWI753679B
TWI753679B TW109142201A TW109142201A TWI753679B TW I753679 B TWI753679 B TW I753679B TW 109142201 A TW109142201 A TW 109142201A TW 109142201 A TW109142201 A TW 109142201A TW I753679 B TWI753679 B TW I753679B
Authority
TW
Taiwan
Prior art keywords
transaction
server
identification code
client terminal
request
Prior art date
Application number
TW109142201A
Other languages
Chinese (zh)
Other versions
TW202223809A (en
Inventor
林子鈞
許家蓉
蔡文城
劉韋杰
王新翔
林宛貞
曹芯瑜
曹孟偉
沈祐慧
郭昱宏
Original Assignee
第一商業銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 第一商業銀行股份有限公司 filed Critical 第一商業銀行股份有限公司
Priority to TW109142201A priority Critical patent/TWI753679B/en
Application granted granted Critical
Publication of TWI753679B publication Critical patent/TWI753679B/en
Publication of TW202223809A publication Critical patent/TW202223809A/en

Links

Images

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

一種線上交易管理方法及系統中,代理伺服器在接收到來自客戶終端且含經由執行第一應用程式產生的交易內容的交易識別碼請求時,儲存該交易內容和唯一對應的交易識別碼並傳送該交易識別碼至該客戶終端以供其儲存;該客戶終端執行第二應用程式以對交易伺服器傳送該交易識別碼、唯一對應於客戶的身分識別料和該交易內容,以供其確認該身分識別資料和該交易內容;該交易伺服器根據確認結果處理該交易並儲存對應於該交易識別碼的交易結果資料,其包含指示出交易成功或交易失敗的交易狀態、及當該交易狀態指示出交易成功時的交易明細。In an online transaction management method and system, when a proxy server receives a transaction identification code request from a client terminal and contains transaction content generated by executing a first application program, it stores the transaction content and the unique corresponding transaction identification code and transmits it. The transaction identification code is sent to the client terminal for its storage; the client terminal executes a second application program to transmit the transaction identification code, the identification material uniquely corresponding to the client, and the transaction content to the transaction server for its confirmation of the transaction The identification information and the transaction content; the transaction server processes the transaction according to the confirmation result and stores the transaction result data corresponding to the transaction identification code, which includes the transaction status indicating the success or failure of the transaction, and when the transaction status indicates The transaction details when the transaction is successful.

Description

線上交易管理方法及系統Online transaction management method and system

本發明是有關於線上交易,特別是指一種線上交易管理方法及系統。The present invention relates to online transactions, in particular to an online transaction management method and system.

現有的線上交易管理系統,如台灣新型專利M589851揭示的一種儲蓄規劃管理系統,需使用一與一使用者裝置和一交易伺服器(如帳戶伺服器)通訊連接的代理伺服器,其是用來將來自於使用者裝置的交易資訊(如轉帳設定資訊及儲蓄指令)傳送至該交易伺服器,以便該交易伺服器根據該交易資訊執行相關交易(如轉帳儲蓄)。請注意,在上述的交易過程中,該代理伺服器除了必須傳遞如帳戶和轉帳設定資訊外,還必須安全地紀錄或儲存該交易資訊以利後續管理。Existing online transaction management systems, such as a savings planning management system disclosed in Taiwan's new patent M589851, need to use a proxy server that communicates with a user device and a transaction server (such as an account server). The transaction information (such as transfer setting information and saving instruction) from the user device is sent to the transaction server, so that the transaction server can execute related transactions (such as transfer and savings) according to the transaction information. Please note that in the above transaction process, the proxy server must not only transmit account and transfer setting information, but also securely record or store the transaction information for subsequent management.

然而,由於目前朝向開放銀行的政策趨勢,為了確保資安以避免個資外洩之風險,對於提供上述交易管理系統中的代理伺服器的第三方服務提供者(Third-Party Service Provider;以下簡稱TSP業者),若以符合於當前開放銀行第二階段的風險控管,TSP業者在實體安全、機敏資料、營運、資安、網路、生命週期、委外作業、法遵等方面必須進行合規處理。如此,金融機構與TSP業者的合作門檻將大幅提升,因而不利於開放銀行之推展。However, due to the current policy trend towards open banking, in order to ensure information security and avoid the risk of personal information leakage, for the third-party service provider (Third-Party Service Provider; hereinafter referred to as the proxy server in the above transaction management system) TSP operators), if they are in line with the current second-stage risk control of Open Banking, TSP operators must cooperate in physical security, sensitive data, operations, information security, network, life cycle, outsourcing operations, and legal compliance. Regulation processing. In this way, the threshold for cooperation between financial institutions and TSP operators will be greatly increased, which is not conducive to the promotion of open banking.

因此,如何發想出一種能夠有效避免個資外洩之風險、降低TSP業者之合作門檻並有利開放銀行之推展的線上交易管理方式遂成為目前金融服務急需解決的議題之一。Therefore, how to devise an online transaction management method that can effectively avoid the risk of personal capital leakage, lower the cooperation threshold for TSP operators, and facilitate the promotion of open banking has become one of the urgent issues in financial services.

因此,本發明的目的,即在提供一種線上交易管理方法及系統,其能克服現有技術至少一個缺點。Therefore, the purpose of the present invention is to provide an online transaction management method and system, which can overcome at least one disadvantage of the prior art.

於是,本發明所提供的一種線上交易管理方法至少利用由一代理方提供的一代理伺服器、由一銀行機構提供的一交易伺服器、及由一客戶所持有且與該代理伺服器和該交易伺服器通訊連接的客戶終端來實施,該客戶終端儲存有一由該代理方提供且與該代理方的代理業務有關的第一應用程式和一由該銀行機構提供且與交易授權有關的第二應用程式,該線上交易管理方法包含以下步驟:(A)該客戶終端,經由執行該第一應用程式,產生並顯示一對應於該代理業務的使用者操作介面,並對該代理伺服器傳送有關該客戶所欲進行的一交易的交易識別碼請求,該交易識別碼請求包含經由人為操作該使用者操作介面而產生的交易內容;(B)該代理伺服器回應於接收自該客戶終端的該交易識別碼請求,產生唯一對應於該交易的一交易識別碼,儲存具有對應關係的該交易識別碼和該交易內容,並將該交易識別碼傳送至該客戶終端;(C)該客戶終端在接收到來自該代理伺服器的該交易識別碼時,儲存該交易識別碼且開始執行該第二應用程式,並經由該第二應用程式的執行對該交易伺服器傳送一交易請求,該交易請求包含該交易識別碼、唯一對應於該客戶的身分識別資料和該交易內容;及(D)該交易伺服器回應於接收自該客戶終端的該交易請求,確認該身分識別資料和該交易內容,並根據確認結果處理該交易,以獲得並儲存一對應於該交易識別碼的交易結果資料,該交易結果資料包含指示出交易成功或交易失敗的交易狀態、及當該交易狀態指示出交易成功時的交易明細。Therefore, an online transaction management method provided by the present invention utilizes at least an agent server provided by an agent, a transaction server provided by a banking institution, and a transaction server held by a client and connected with the agent server and the agent server. The transaction server is communicatively connected to a client terminal that stores a first application program provided by the agent and related to the agent's agency business and a first application program provided by the banking institution and related to transaction authorization. Two application programs, the online transaction management method includes the following steps: (A) the client terminal, by executing the first application program, generates and displays a user operation interface corresponding to the agency business, and transmits it to the agency server A transaction ID request for a transaction to be performed by the client, the transaction ID request including the transaction content generated by man-operating the user interface; (B) the proxy server responds to the request received from the client terminal The transaction identification code request generates a transaction identification code uniquely corresponding to the transaction, stores the transaction identification code and the transaction content with the corresponding relationship, and transmits the transaction identification code to the client terminal; (C) the client terminal When receiving the transaction identifier from the proxy server, store the transaction identifier and start executing the second application, and transmit a transaction request to the transaction server through the execution of the second application, the transaction The request includes the transaction identifier, the identification information uniquely corresponding to the client, and the transaction content; and (D) the transaction server confirms the identification information and the transaction content in response to the transaction request received from the client terminal , and process the transaction according to the confirmation result, so as to obtain and store a transaction result data corresponding to the transaction ID, the transaction result data includes the transaction status indicating that the transaction is successful or failed, and when the transaction status indicates that the transaction is successful transaction details at the time.

本發明的線上交易管理方法還利用一與該代理伺服器和該交易伺服器通訊連接的閘道伺服器來實施,並在步驟(D)之後還包含以下步驟:(E)該客戶終端經由該第一應用程式的執行,對該代理伺服器傳送一含有該交易識別碼的交易查詢請求;(F)該代理伺服器回應於接收自該客戶終端的該交易查詢請求,經由該閘道伺服器,對該交易伺服器傳送一含有該交易識別碼的交易結果請求;(G)該交易伺服器回應於接收到的該交易結果請求,將對應於該交易識別碼的該交易結果資料傳送至該閘道伺服器; (H)該閘道伺服器透過一符合於該代理伺服器的應用程式介面,將一含有該交易結果資料的交易結果回覆傳送至該代理伺服器;及(I)該代理伺服器在接收到來自該閘道伺服器的該交易結果回覆時,對該客戶終端傳送一含有該交易結果資料的交易查詢回覆,以供該客戶終端顯示該交易結果資料。The online transaction management method of the present invention is also implemented by using a gateway server in communication with the proxy server and the transaction server, and further includes the following steps after step (D): (E) the client terminal via the The execution of the first application program sends a transaction inquiry request containing the transaction identification code to the proxy server; (F) the proxy server responds to the transaction inquiry request received from the client terminal through the gateway server , send a transaction result request containing the transaction identification code to the transaction server; (G) the transaction server responds to the transaction result request received, and transmits the transaction result data corresponding to the transaction identification code to the transaction result data. the gateway server; (H) the gateway server transmits a transaction result reply containing the transaction result information to the proxy server through an application programming interface compliant with the proxy server; and (I) the proxy When receiving the transaction result reply from the gateway server, the server transmits a transaction inquiry reply containing the transaction result data to the client terminal, so that the client terminal can display the transaction result data.

於是,本發明所提供的一種線上交易管理系統包含一客戶終端、一代理伺服器、及一交易伺服器。Therefore, an online transaction management system provided by the present invention includes a client terminal, an agent server, and a transaction server.

該客戶終端是由一客戶所持有,並儲存有由一代理方提供且與代理業務有關的一第一應用程式和由一銀行機構提供且與交易授權有關的一第二應用程式。The client terminal is held by a client and stores a first application program provided by an agent and related to agency business and a second application program provided by a banking institution and related to transaction authorization.

該代理伺服器是由該代理方提供,並與該客戶終端通訊連接。The proxy server is provided by the proxy and communicates with the client terminal.

該交易伺服器是由該銀行機構提供,並與該客戶終端通訊連接。The transaction server is provided by the banking institution and communicates with the client terminal.

該客戶終端,經由執行該第一應用程式,產生並顯示一對應於該代理業務的使用者操作介面,並對該代理伺服器傳送有關該客戶所欲進行的一交易的交易識別碼請求,該交易識別碼請求包含經由人為操作該使用者操作介面而產生的交易內容。The client terminal, by executing the first application program, generates and displays a user operation interface corresponding to the agency business, and transmits a transaction identification code request related to a transaction that the client wants to perform to the agency server, the The transaction ID request includes transaction content generated by man-operating the user interface.

該代理伺服器回應於接收自該客戶終端的該交易識別碼請求,產生唯一對應於該交易的一交易識別碼,儲存具有對應關係的該交易識別碼和該交易內容,並將該交易識別碼傳送至該客戶終端。In response to the transaction ID request received from the client terminal, the proxy server generates a transaction ID uniquely corresponding to the transaction, stores the transaction ID and the transaction content having a corresponding relationship, and converts the transaction ID to the transaction ID. transmitted to the client terminal.

該客戶終端在接收到來自該代理伺服器的該交易識別碼時,儲存該交易識別碼且開始執行該第二應用程式,並經由該第二應用程式的執行對該交易伺服器傳送一交易請求,該交易請求包含該交易識別碼、唯一對應於該客戶的身分識別資料和該交易內容。When the client terminal receives the transaction identification code from the proxy server, it stores the transaction identification code and starts to execute the second application, and sends a transaction request to the transaction server through the execution of the second application , the transaction request includes the transaction identification code, the identification data uniquely corresponding to the customer, and the transaction content.

該交易伺服器回應於接收自該客戶終端的該交易請求,確認該身分識別資料和該交易內容,並根據確認結果處理該交易,以獲得並儲存一對應於該交易識別碼的交易結果資料,該交易結果資料包含指示出交易成功或交易失敗的交易狀態、及當該交易狀態指示出交易成功時的交易明細。In response to the transaction request received from the client terminal, the transaction server confirms the identity information and the transaction content, and processes the transaction according to the confirmation result, so as to obtain and store a transaction result data corresponding to the transaction identifier, The transaction result data includes a transaction status indicating that the transaction is successful or unsuccessful, and transaction details when the transaction status indicates that the transaction is successful.

本發明的線上交易管理系統還包含一由該銀行機構提供且與該代理伺服器和該交易伺服器通訊連接的閘道伺服器。該客戶終端經由該第一應用程式的執行,對該代理伺服器傳送一含有該交易識別碼的交易查詢請求。該代理伺服器回應於接收自該客戶終端的該交易查詢請求,經由該閘道伺服器,對該交易伺服器傳送一含有該交易識別碼的交易結果請求。該交易伺服器回應於接收到的該交易結果請求,將對應於該交易識別碼的該交易結果資料傳送至該閘道伺服器。該閘道伺服器透過一符合於該代理伺服器的應用程式介面,將一含有該交易結果資料的交易結果回覆傳送至該代理伺服器。該代理伺服器在接收到來自該閘道伺服器的該交易結果回覆時,對該客戶終端傳送一含有該交易結果資料的交易查詢回覆,以供該客戶終端顯示該交易結果資料。The online transaction management system of the present invention further comprises a gateway server provided by the banking institution and in communication with the proxy server and the transaction server. The client terminal transmits a transaction inquiry request including the transaction identification code to the proxy server through the execution of the first application program. In response to the transaction inquiry request received from the client terminal, the proxy server sends a transaction result request including the transaction identification code to the transaction server via the gateway server. In response to the received transaction result request, the transaction server transmits the transaction result data corresponding to the transaction identifier to the gateway server. The gateway server transmits a transaction result reply containing the transaction result data to the proxy server through an application programming interface compliant with the proxy server. When receiving the transaction result reply from the gateway server, the proxy server transmits a transaction inquiry reply containing the transaction result data to the client terminal, so that the client terminal can display the transaction result data.

本發明的功效在於:由於由該代理方僅負責提供該代理伺服器、及儲存於該客戶終端的第一應用程式,並且該代理伺服器僅儲存了去識別化的交易識別碼和對應的交易內容,因此對於該代理伺服器而言,將可完全避免個資外洩的風險,因而大幅降低該代理方與該銀行機構的合作門檻;並且對於該銀行機構而言,可容易地藉由該閘道伺服器建立該交易伺服器與多個分別由代理各種不同代理業務的多個其他代理方所提供的代理伺服器的通訊,因此有利於開放銀行之推展。The effect of the present invention is: because the agent is only responsible for providing the agent server and the first application program stored in the client terminal, and the agent server only stores the de-identified transaction identification code and the corresponding transaction Therefore, for the proxy server, the risk of personal information leakage can be completely avoided, thus greatly reducing the cooperation threshold between the agency and the banking institution; and for the banking institution, it is easy to use the The gateway server establishes the communication between the transaction server and a plurality of proxy servers respectively provided by a plurality of other agencies that represent various agency services, so it is beneficial to the promotion of open banking.

在本發明被詳細描述之前,應當注意在以下的說明內容中,類似的元件是以相同的編號來表示。Before the present invention is described in detail, it should be noted that in the following description, similar elements are designated by the same reference numerals.

參閱圖1,本發明實施例的一種線上交易管理系統是用來提供一個或多個客戶的線上交易服務及/或線上查詢服務,並可包含例如一個或多個代理伺服器2(圖1僅繪示出一個代理伺服器)、一個或多個客戶終端(圖1僅繪示出一個客戶終端)、一交易伺服器3、及一閘道伺服器4,其中該交易伺服器3與該閘道伺服器4例如經由一通訊網路(圖未示,如網際網路或區域網路)彼此連接,而且二者例如均由一銀行機構提供並可共同構成一銀行伺服單元;每一代理伺服器21是由一對應的代理方來提供,且每一客戶終端1是由一對應客戶所持有並可例如經由一通訊網路(圖未示)與該交易伺服器3通訊連接。在此情況下,該銀行機構可與該(等)代理方共同合作來對該(等)客戶提供與銀行業務有關的各種不同類型之交易(例如,轉帳交易、定存交易、基金交易等)的線上交易服務及/或線上查詢服務。Referring to FIG. 1, an online transaction management system according to an embodiment of the present invention is used to provide online transaction services and/or online inquiry services for one or more customers, and may include, for example, one or more proxy servers 2 (FIG. 1 only A proxy server is shown), one or more client terminals (only one client terminal is shown in FIG. 1), a transaction server 3, and a gateway server 4, wherein the transaction server 3 and the gateway The channel servers 4 are connected to each other, for example, via a communication network (not shown, such as the Internet or a local area network), and both are provided by a banking institution, for example, and can together form a bank server unit; each proxy server 21 is provided by a corresponding agent, and each client terminal 1 is held by a corresponding client and can be communicated with the transaction server 3 via, for example, a communication network (not shown). In this case, the banking institution may cooperate with the agent(s) to provide the client(s) with various types of banking-related transactions (eg, transfer transactions, time deposit transactions, fund transactions, etc.) online transaction services and/or online enquiry services.

在本實施例中,由於每一代理方是專責於一特定代理業務(例如,與轉帳、定存或基金有關的業務),所以其所提供的代理伺服器2是用來處理該特定代理業務。值得注意的是,在使用前,每一代理方還須提供與該特定代理業務有關的一第一應用程式,而該銀行機構必須提供與交易授權有關的一第二應用程式。In this embodiment, since each agency is dedicated to a specific agency business (for example, business related to transfer, fixed deposit or fund), the agency server 2 provided by it is used to process the specific agency business . It is worth noting that, before use, each agent must also provide a first application related to the specific agency business, and the banking institution must provide a second application related to transaction authorization.

在本實施例中,每一客戶終端1例如可以一行動裝置(如智慧型手機或平板電腦)來實施,並在使用前,必須先儲存有該第二應用程式、及一個或多個與客戶所欲進行之線上交易有關的第一應用程式。舉例來說,若客戶所欲進行的線上交易僅有基金交易時,則所持有之客戶終端1僅須預先儲存由專責於基金業務的代理方所提供的(單一)第一應用程式(見圖1);而若客戶所欲進行的線上交易包含轉帳交易及定存交易時,則所持有之客戶終端1必須預先儲存由分別專責於轉帳業務及定存業務的(兩個)代理方所提供的(兩個)第一應用程式(圖1僅示出一個第一應用程式)。因此,對於客戶而言,可視其交易需求,來對其所持有之客戶終端1選擇性地安裝並儲存所需的第一應用程式,以便後續進行線上交易。在使用時,每一客戶終端1經由執行每一第一應用程式可透過一通訊網路(圖未示)建立與對應的代理伺服器2的通訊連接,而經由執行該第二應用程式可建立與該交易伺服器3的通訊連接。In this embodiment, each client terminal 1 can be implemented by, for example, a mobile device (such as a smart phone or a tablet computer), and before use, must store the second application program, and one or more communication with the client The first application related to the desired online transaction. For example, if the online transaction that the client wants to conduct is only fund transaction, the client terminal 1 held by the client only needs to pre-store the (single) first application provided by the agent specializing in the fund business (see Figure 1); and if the online transaction that the customer wants to carry out includes transfer transaction and fixed deposit transaction, the client terminal 1 held must be pre-stored by (two) agents who are respectively dedicated to the transfer business and the fixed deposit business. (two) first applications provided (only one first application is shown in Figure 1). Therefore, for the client, the client terminal 1 held by the client can selectively install and store the required first application program according to his transaction requirements, so as to conduct subsequent online transactions. When in use, each client terminal 1 can establish a communication connection with the corresponding proxy server 2 through a communication network (not shown) by executing each first application, and can establish communication with the corresponding proxy server 2 by executing the second application. The communication connection of the transaction server 3.

該閘道伺服器4組配來提供可符合於每一代理伺服器2的應用程式介面(Application Programming Interface,以下簡稱API),以供後續對該(等)代理伺服器2進行資料傳輸之用。The gateway server 4 is configured to provide an Application Programming Interface (API) conforming to each proxy server 2 for subsequent data transmission to the proxy server(s) 2 .

以下,將參閱圖1及圖2來示例地詳細說明對於欲進行例如有關於例如一零存整付的儲蓄計劃的定存交易的一客戶(以下,亦稱作目標客戶)時,該線上交易管理系統中的一客戶終端1(即,該目標客戶所持有的客戶終端)、一代理伺服器2(即,處理有關定存業務的代理伺服器)和該交易伺服器3如何進行有關該(定存)交易的線上交易程序。該線上交易程序例如可包含以下步驟S21~S24。Hereinafter, referring to FIG. 1 and FIG. 2 , the online transaction for a customer (hereinafter, also referred to as a target customer) who wants to conduct a fixed deposit transaction such as a savings plan such as a zero deposit and lump sum payment will be exemplarily explained in detail. How to manage a client terminal 1 (ie, the client terminal held by the target client), a proxy server 2 (ie, the proxy server that handles the fixed deposit business) and the transaction server 3 in the management system. An online transaction program for (fixed deposit) transactions. The online transaction program may include, for example, the following steps S21 to S24.

首先,在步驟S21中,該客戶終端1先經由執行該第一應用程式,產生並顯示一對應於該代理業務(即,有關於該儲蓄計劃的定存業務)的使用者操作介面,然後經由人為操作該使用者操作介面產生所欲的交易內容(即,定存內容),並對該代理伺服器2傳送有關該交易且包含該交易內容的交易識別碼請求。在本實施例中,該使用者操作介面例如可提供與該儲蓄計畫有關的多種不同內容的定存選項。First, in step S21, the client terminal 1 generates and displays a user interface corresponding to the agency business (ie, the fixed deposit business related to the savings plan) by executing the first application program, and then executes the The user operation interface is manually operated to generate desired transaction content (ie, fixed storage content), and a transaction identification code request relating to the transaction and including the transaction content is transmitted to the proxy server 2 . In this embodiment, the user operation interface may, for example, provide fixed deposit options of various contents related to the savings plan.

然後,在步驟S22中,該代理伺服器2回應於接收自該客戶終端1的該交易識別碼請求,產生唯一對應於該交易的一交易識別碼,儲存具有對應關係的該交易識別碼和該交易內容,並將該交易識別碼傳送至該客戶終端1。值得注意的是,在此情況下,該代理伺服器2僅會保留唯一對應於該交易的交易識別碼以及與該交易識別碼對應的交易內容,而由於此交易識別碼與該交易內容不含有任何個資,於是其對於惡意第三方(如駭客)而言可視為一種去識別化之資料。Then, in step S22, the proxy server 2 responds to the transaction ID request received from the client terminal 1, generates a transaction ID uniquely corresponding to the transaction, and stores the corresponding transaction ID and the transaction ID. transaction content, and transmit the transaction identification code to the client terminal 1 . It is worth noting that in this case, the proxy server 2 will only keep the transaction ID corresponding to the transaction and the transaction content corresponding to the transaction ID only, because the transaction ID and the transaction content do not contain Any personal information, so it can be regarded as a kind of de-identified information for malicious third parties (such as hackers).

當該客戶終端1接收到來自該代理伺服器2的該交易識別碼時,在步驟S23中,該客戶終端1經由該第一應用程式的執行,儲存該交易識別碼且開始執行該第二應用程式,並經由該第二應用程式的執行對該交易伺服器3傳送一交易請求,該交易請求包含例如經過加密的該交易識別碼、唯一對應於該目標客戶的身分識別資料、該交易內容和帳戶資料(例如,轉出帳戶之帳號)。When the client terminal 1 receives the transaction identification code from the proxy server 2, in step S23, the client terminal 1 stores the transaction identification code and starts to execute the second application through the execution of the first application program program, and transmit a transaction request to the transaction server 3 through the execution of the second application program, the transaction request includes, for example, the encrypted transaction identification code, the identification information uniquely corresponding to the target customer, the transaction content and Account information (for example, the account number from which the account was transferred).

當該交易伺服器3接收到來自該客戶終端1的該交易請求時,在步驟S24中,該交易伺服器3回應於該交易請求,例如確認(解密後的)該身分識別資料和該帳戶資料是否正確且確認該轉出帳戶之帳戶餘額是否符合於該交易內容,並根據確認結果處理該交易,以獲得並儲存一對應於該交易識別碼的交易結果資料。在本實施例中,該交易結果資料包含例如指示出交易成功或交易失敗的交易狀態、及當該交易狀態指示出交易成功時的交易明細。舉例來說,若該交易伺服器3成功確認該身分識別資料且該帳戶資料無誤以及該帳戶餘額符合於該交易內容,則該交易結果資料將包含指示出交易成功的交易狀態、及對應的交易明細(例如,儲蓄次數及儲蓄總額)。至此,該線上交易程序執行完畢。When the transaction server 3 receives the transaction request from the client terminal 1, in step S24, the transaction server 3 responds to the transaction request, for example, confirms (decrypted) the identity information and the account information Check whether it is correct and confirm whether the account balance of the transfer account conforms to the transaction content, and process the transaction according to the confirmation result, so as to obtain and store a transaction result data corresponding to the transaction identification code. In this embodiment, the transaction result data includes, for example, a transaction status indicating a successful transaction or a failed transaction, and transaction details when the transaction status indicates a successful transaction. For example, if the transaction server 3 successfully confirms the identification information and the account information is correct and the account balance is consistent with the transaction content, the transaction result data will include the transaction status indicating that the transaction is successful, and the corresponding transaction. Details (eg, number of savings and total savings). At this point, the online transaction procedure is completed.

該線上交易管理系統在執行完上述線上交易程序後,還可進一步對該目標客戶提供線上查詢服務。以下,將參閱圖1及圖3來示例地詳細說明該線上交易管理系統如何執行有關該(定存)交易的一交易查詢程序。該交易查詢程序包含以下步驟S31~S37。After executing the above-mentioned online transaction procedure, the online transaction management system can further provide online inquiry service to the target customer. Hereinafter, referring to FIG. 1 and FIG. 3 , how the online transaction management system executes a transaction inquiry procedure related to the (fixed deposit) transaction will be exemplarily described in detail. The transaction inquiry program includes the following steps S31 to S37.

首先,在步驟S31中,該客戶終端1經由該第一應用程式的執行,對該代理伺服器2傳送一交易查詢請求。該交易查詢請求包含在上述線交易程序中儲存的該交易識別碼。First, in step S31, the client terminal 1 transmits a transaction inquiry request to the proxy server 2 through the execution of the first application program. The transaction inquiry request includes the transaction identification code stored in the above-mentioned online transaction program.

當該代理伺服器2接收到來自該客戶終端1的該交易查詢請求時,在步驟S32中,該代理伺服器2回應於該交易查詢請求,將一含有該交易識別碼的交易結果請求傳送至該閘道伺服器4。於是,該閘道伺服器4將來自於該代理伺服器2的該交易結果請求傳送至該交易伺服器3(步驟S33)。When the proxy server 2 receives the transaction inquiry request from the client terminal 1, in step S32, the proxy server 2 responds to the transaction inquiry request and sends a transaction result request containing the transaction identification code to The gateway server 4. Then, the gateway server 4 transmits the transaction result request from the proxy server 2 to the transaction server 3 (step S33).

當該交易伺服器3接收到來自該閘道伺服器4的該交易結果請求時,在步驟S34中,該交易伺服器3回應於該交易結果請求,將對應於該交易識別碼的該交易結果資料傳送至該閘道伺服器4。When the transaction server 3 receives the transaction result request from the gateway server 4, in step S34, the transaction server 3 responds to the transaction result request and sends the transaction result corresponding to the transaction identification code The data is sent to the gateway server 4 .

然後,在步驟S35中,該閘道伺服器4透過該API,將來自於該交易伺服器3的該交易結果資料轉換成符合於該代理伺服器2所需之形式或格式,並將一含有(轉換後的)該交易結果資料的交易結果回覆傳送至該代理伺服器2。Then, in step S35, the gateway server 4 converts the transaction result data from the transaction server 3 into the form or format required by the proxy server 2 through the API, and converts a data containing a The (transformed) transaction result reply of the transaction result data is sent to the proxy server 2 .

之後,在步驟S36中,該代理伺服器2在接收到來自該閘道伺服器4的該交易結果回覆時,對該客戶終端1傳送一含有該交易結果資料的交易查詢回覆。於是,該客戶終端1可將來自該代理伺服器2的該交易結果資料顯示給該目標客戶,以使該目標客戶獲取該交易的執行情況。至此,該交易查詢程序執行完畢。Then, in step S36, when the proxy server 2 receives the transaction result reply from the gateway server 4, it transmits a transaction inquiry reply containing the transaction result data to the client terminal 1. Therefore, the client terminal 1 can display the transaction result data from the proxy server 2 to the target client, so that the target client can obtain the execution status of the transaction. So far, the execution of the transaction query program is completed.

請注意,在該交易查詢程序中,雖由該客戶終端1發動交易查詢請求,但該客戶終端1僅需提供對應於該交易的交易識別碼,而不涉及任何個資的傳輸,此外,透過該閘道伺服器4向該交易伺服器所獲取的該交易結果資料亦不涉及任何個資。因此,該線上交易管理系統亦能避免在交易查詢時個資外洩之風險。Please note that in the transaction inquiry procedure, although the client terminal 1 initiates a transaction inquiry request, the client terminal 1 only needs to provide the transaction identification code corresponding to the transaction, without involving any personal data transmission. The transaction result information obtained by the gateway server 4 from the transaction server also does not involve any personal information. Therefore, the online transaction management system can also avoid the risk of personal capital leakage during transaction inquiry.

綜上所述,由於由每一代理方僅負責提供對應的一代理伺服器2、及儲存於一個(或更多個)客戶終端1的第一應用程式,並且在使用時,每一代理伺服器2僅會儲存對應於每一交易的去識別化的交易識別碼和對應的交易內容(亦即,不會儲存有關客戶的任何個資),因此對於每一代理伺服器2而言,將可完全避免個資外洩的風險,因而大幅降低該代理方與該銀行機構的合作門檻,此外,對於該銀行機構而言,可容易地藉由該閘道伺服器4建立該交易伺服器3與多個分別由代理各種不同代理業務的多個其他代理方所提供的代理伺服器的通訊連接以進行交易查詢,因而有利於開放銀行之推展。因此,本發明線上交易管理系統確實能達成本發明的目的。To sum up, since each proxy party is only responsible for providing a corresponding proxy server 2 and the first application program stored in one (or more) client terminals 1, and when in use, each proxy server The server 2 will only store the de-identified transaction ID corresponding to each transaction and the corresponding transaction content (that is, will not store any personal information about the customer), so for each proxy server 2, the The risk of personal information leakage can be completely avoided, thus greatly reducing the cooperation threshold between the agent and the banking institution. In addition, for the banking institution, the transaction server 3 can be easily established through the gateway server 4 The communication connection with a plurality of proxy servers provided by a plurality of other agencies that represent various agency services is used to conduct transaction inquiry, which is beneficial to the promotion of open banking. Therefore, the online transaction management system of the present invention can indeed achieve the object of the present invention.

惟以上所述者,僅為本發明的實施例而已,當不能以此限定本發明實施的範圍,凡是依本發明申請專利範圍及專利說明書內容所作的簡單的等效變化與修飾,皆仍屬本發明專利涵蓋的範圍內。However, the above are only examples of the present invention, and should not limit the scope of implementation of the present invention. Any simple equivalent changes and modifications made according to the scope of the patent application of the present invention and the contents of the patent specification are still included in the scope of the present invention. within the scope of the invention patent.

1:客戶終端 2:代理伺服器 3:交易伺服器 4:閘道伺服器 S21-S24:步驟 S31-S37:步驟1: Client terminal 2: Proxy server 3: Transaction Server 4: Gateway server S21-S24: Steps S31-S37: Steps

本發明的其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中: 圖1是一方塊圖,示例地說明本發明實施例的線上交易管理系統的架構; 圖2是一流程圖,示例地說明該實施例的一客戶終端、一代理伺服器和一交易伺服器如何進行有關一交易的一線上交易程序;及 圖3是一流程圖,示例地說明該實施例如何進行有關該交易的一交易查詢程序。 Other features and effects of the present invention will be clearly presented in the embodiments with reference to the drawings, wherein: 1 is a block diagram illustrating the architecture of an online transaction management system according to an embodiment of the present invention; FIG. 2 is a flow chart illustrating how a client terminal, a proxy server and a transaction server of this embodiment conduct an on-line transaction procedure for a transaction; and FIG. 3 is a flow chart illustrating how the embodiment performs a transaction inquiry procedure regarding the transaction.

1:客戶終端 1: Client terminal

2:代理伺服器 2: Proxy server

3:交易伺服器 3: Transaction Server

4:閘道伺服器 4: Gateway server

Claims (4)

一種線上交易管理方法,至少利用由一代理方提供的一代理伺服器、由一銀行機構提供的一交易伺服器、及由一客戶所持有且與該代理伺服器和該交易伺服器通訊連接的客戶終端來實施,該客戶終端儲存有一由該代理方提供且與該代理方的代理業務有關的第一應用程式和一由該銀行機構提供且與交易授權有關的第二應用程式,該線上交易管理方法包含以下步驟: (A)該客戶終端,經由執行該第一應用程式,產生並顯示一對應於該代理業務的使用者操作介面,並對該代理伺服器傳送有關該客戶所欲進行的一交易的交易識別碼請求,該交易識別碼請求包含經由人為操作該使用者操作介面而產生的交易內容; (B)該代理伺服器回應於接收自該客戶終端的該交易識別碼請求,產生唯一對應於該交易的一交易識別碼,儲存具有對應關係的該交易識別碼和該交易內容,並將該交易識別碼傳送至該客戶終端; (C)該客戶終端在接收到來自該代理伺服器的該交易識別碼時,儲存該交易識別碼且開始執行該第二應用程式,並經由該第二應用程式的執行對該交易伺服器傳送一交易請求,該交易請求包含該交易識別碼、唯一對應於該客戶的身分識別資料和該交易內容;及 (D)該交易伺服器回應於接收自該客戶終端的該交易請求,確認該身分識別資料和該交易內容,並根據確認結果處理該交易,以獲得並儲存一對應於該交易識別碼的交易結果資料,該交易結果資料包含指示出交易成功或交易失敗的交易狀態、及當該交易狀態指示出交易成功時的交易明細。 An online transaction management method, at least utilizing an agent server provided by an agent, a transaction server provided by a banking institution, and a client held by a client and communicating with the agent server and the transaction server. The client terminal stores a first application provided by the agent and related to the agency business of the agent and a second application provided by the banking institution and related to transaction authorization. The transaction management method consists of the following steps: (A) The client terminal, by executing the first application program, generates and displays a user operation interface corresponding to the agency business, and transmits to the agency server a transaction identification code related to a transaction that the client wants to perform request, the transaction ID request includes transaction content generated by man-operating the user interface; (B) In response to the transaction identification code request received from the client terminal, the proxy server generates a transaction identification code uniquely corresponding to the transaction, stores the transaction identification code and the transaction content with a corresponding relationship, and stores the transaction identification code with the corresponding relationship. The transaction identification code is transmitted to the client terminal; (C) When the client terminal receives the transaction identification code from the proxy server, it stores the transaction identification code and starts to execute the second application, and sends the transaction server through the execution of the second application. a transaction request, the transaction request including the transaction identification code, the identification information uniquely corresponding to the customer, and the transaction content; and (D) In response to the transaction request received from the client terminal, the transaction server confirms the identity information and the transaction content, and processes the transaction according to the confirmation result, so as to obtain and store a transaction corresponding to the transaction identifier Result data, the transaction result data includes a transaction status indicating a successful transaction or a failed transaction, and transaction details when the transaction status indicates a successful transaction. 如請求項1所述的線上交易管理方法,還利用一與該代理伺服器和該交易伺服器通訊連接的閘道伺服器來實施,並在步驟(D)之後還包含以下步驟: (E)該客戶終端經由該第一應用程式的執行,對該代理伺服器傳送一含有該交易識別碼的交易查詢請求; (F)該代理伺服器回應於接收自該客戶終端的該交易查詢請求,經由該閘道伺服器,對該交易伺服器傳送一含有該交易識別碼的交易結果請求; (G)該交易伺服器回應於接收到的該交易結果請求,將對應於該交易識別碼的該交易結果資料傳送至該閘道伺服器; (H)該閘道伺服器透過一符合於該代理伺服器的應用程式介面,將一含有該交易結果資料的交易結果回覆傳送至該代理伺服器;及 (I)該代理伺服器在接收到來自該閘道伺服器的該交易結果回覆時,對該客戶終端傳送一含有該交易結果資料的交易查詢回覆,以供該客戶終端顯示該交易結果資料。 The online transaction management method according to claim 1 is further implemented by using a gateway server in communication with the proxy server and the transaction server, and further comprises the following steps after step (D): (E) the client terminal transmits a transaction inquiry request containing the transaction identification code to the proxy server through the execution of the first application; (F) the proxy server, in response to the transaction inquiry request received from the client terminal, transmits a transaction result request containing the transaction identification code to the transaction server via the gateway server; (G) the transaction server transmits the transaction result data corresponding to the transaction identifier to the gateway server in response to the received transaction result request; (H) the gateway server transmits a transaction result reply containing the transaction result information to the proxy server through an application programming interface compliant with the proxy server; and (1) When receiving the transaction result reply from the gateway server, the proxy server transmits a transaction inquiry reply containing the transaction result data to the client terminal, so that the client terminal can display the transaction result data. 一種線上交易管理系統,包含: 一客戶終端,由一客戶所持有並儲存有由一代理方提供且與代理業務有關的一第一應用程式和由一銀行機構提供且與交易授權有關的一第二應用程式; 一代理伺服器,由該代理方提供並與該客戶終端通訊連接;及 一交易伺服器,由該銀行機構提供並與該客戶終端通訊連接; 其中,該客戶終端,經由執行該第一應用程式,產生並顯示一對應於該代理業務的使用者操作介面,並對該代理伺服器傳送有關該客戶所欲進行的一交易的交易識別碼請求,該交易識別碼請求包含經由人為操作該使用者操作介面而產生的交易內容; 其中,該代理伺服器回應於接收自該客戶終端的該交易識別碼請求,產生唯一對應於該交易的一交易識別碼,儲存具有對應關係的該交易識別碼和該交易內容,並將該交易識別碼傳送至該客戶終端; 其中,該客戶終端在接收到來自該代理伺服器的該交易識別碼時,儲存該交易識別碼且開始執行該第二應用程式,並經由該第二應用程式的執行對該交易伺服器傳送一交易請求,該交易請求包含該交易識別碼、唯一對應於該客戶的身分識別資料和該交易內容;及 其中,該交易伺服器回應於接收自該客戶終端的該交易請求,確認該身分識別資料和該交易內容,並根據確認結果處理該交易,以獲得並儲存一對應於該交易識別碼的交易結果資料,該交易結果資料包含指示出交易成功或交易失敗的交易狀態、及當該交易狀態指示出交易成功時的交易明細。 An online transaction management system, including: a client terminal, held by a client and storing a first application program provided by an agent and related to agency business and a second application program provided by a banking institution and related to transaction authorization; a proxy server provided by the proxy and connected to the client terminal; and a transaction server provided by the banking institution and communicatively connected to the client terminal; The client terminal, by executing the first application program, generates and displays a user interface corresponding to the agency business, and transmits a transaction identification code request related to a transaction that the client wants to perform to the agency server , the transaction ID request includes transaction content generated by man-operating the user interface; The proxy server, in response to the transaction identification code request received from the client terminal, generates a transaction identification code uniquely corresponding to the transaction, stores the transaction identification code and the transaction content with a corresponding relationship, and converts the transaction identification code to the transaction. The identification code is transmitted to the client terminal; Wherein, when the client terminal receives the transaction identification code from the proxy server, it stores the transaction identification code and starts to execute the second application, and sends a message to the transaction server through the execution of the second application. A transaction request, which includes the transaction identification code, the identification information uniquely corresponding to the customer, and the transaction content; and The transaction server confirms the identity information and the transaction content in response to the transaction request received from the client terminal, and processes the transaction according to the confirmation result, so as to obtain and store a transaction result corresponding to the transaction identifier. Data, the transaction result data includes a transaction status indicating that the transaction is successful or unsuccessful, and the transaction details when the transaction status indicates that the transaction is successful. 如請求項3所述的線上交易管理系統,還包含: 一閘道伺服器,由該銀行機構提供且與該代理伺服器和該交易伺服器連接; 其中,該客戶終端經由該第一應用程式的執行,對該代理伺服器傳送一含有該交易識別碼的交易查詢請求; 其中,該代理伺服器回應於接收自該客戶終端的該交易查詢請求,經由該閘道伺服器,對該交易伺服器傳送一含有該交易識別碼的交易結果請求; 其中,該交易伺服器回應於接收到的該交易結果請求,將對應於該交易識別碼的該交易結果資料傳送至該閘道伺服器; 其中,該閘道伺服器透過一符合於該代理伺服器的應用程式介面,將一含有該交易結果資料的交易結果回覆傳送至該代理伺服器;及 其中,該代理伺服器在接收到來自該閘道伺服器的該交易結果回覆時,對該客戶終端傳送一含有該交易結果資料的交易查詢回覆,以供該客戶終端顯示該交易結果資料。 The online transaction management system according to claim 3, further comprising: a gateway server provided by the banking institution and connected to the proxy server and the transaction server; Wherein, the client terminal transmits a transaction inquiry request containing the transaction identification code to the proxy server through the execution of the first application program; Wherein, in response to the transaction query request received from the client terminal, the proxy server sends a transaction result request including the transaction identification code to the transaction server via the gateway server; Wherein, the transaction server transmits the transaction result data corresponding to the transaction identification code to the gateway server in response to the received transaction result request; wherein, the gateway server transmits a transaction result reply containing the transaction result information to the proxy server through an application programming interface conforming to the proxy server; and Wherein, when receiving the transaction result reply from the gateway server, the proxy server transmits a transaction inquiry reply containing the transaction result data to the client terminal, so that the client terminal can display the transaction result data.
TW109142201A 2020-12-01 2020-12-01 Online transaction management method and system TWI753679B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW109142201A TWI753679B (en) 2020-12-01 2020-12-01 Online transaction management method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW109142201A TWI753679B (en) 2020-12-01 2020-12-01 Online transaction management method and system

Publications (2)

Publication Number Publication Date
TWI753679B true TWI753679B (en) 2022-01-21
TW202223809A TW202223809A (en) 2022-06-16

Family

ID=80809027

Family Applications (1)

Application Number Title Priority Date Filing Date
TW109142201A TWI753679B (en) 2020-12-01 2020-12-01 Online transaction management method and system

Country Status (1)

Country Link
TW (1) TWI753679B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080015987A1 (en) * 2006-06-30 2008-01-17 Bharathi Ramavarjula Managing transaction accounts
US20130006810A1 (en) * 2011-06-30 2013-01-03 Aurelio Elias Method and system for the execution of non-bank Third Party Services Transactions over Financial Networks through Electronic Terminals utilizing a Non-Depository Virtual Account Management System
CN104079632A (en) * 2014-06-09 2014-10-01 中国建设银行股份有限公司 Third-party service processing method and device
CN110363638A (en) * 2019-06-27 2019-10-22 上海淇毓信息科技有限公司 The method for processing business, device and electronic equipment of non-targeted user in financial business
TWM595792U (en) * 2020-01-10 2020-05-21 玉山商業銀行股份有限公司 Authorization system for cross-platform authorizing access to resources
TWM609198U (en) * 2020-12-01 2021-03-11 第一商業銀行股份有限公司 Online transaction management system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080015987A1 (en) * 2006-06-30 2008-01-17 Bharathi Ramavarjula Managing transaction accounts
US20130006810A1 (en) * 2011-06-30 2013-01-03 Aurelio Elias Method and system for the execution of non-bank Third Party Services Transactions over Financial Networks through Electronic Terminals utilizing a Non-Depository Virtual Account Management System
CN104079632A (en) * 2014-06-09 2014-10-01 中国建设银行股份有限公司 Third-party service processing method and device
CN110363638A (en) * 2019-06-27 2019-10-22 上海淇毓信息科技有限公司 The method for processing business, device and electronic equipment of non-targeted user in financial business
TWM595792U (en) * 2020-01-10 2020-05-21 玉山商業銀行股份有限公司 Authorization system for cross-platform authorizing access to resources
TWM609198U (en) * 2020-12-01 2021-03-11 第一商業銀行股份有限公司 Online transaction management system

Also Published As

Publication number Publication date
TW202223809A (en) 2022-06-16

Similar Documents

Publication Publication Date Title
US12062039B2 (en) Digital asset distribution by transaction device
US20200065804A1 (en) Mobile commerce payment system
US11151523B2 (en) Secure transactions with offline device
US11151522B2 (en) Secure transactions with offline device
US11157884B2 (en) Secure transactions with offline device
AU2011207602B2 (en) Verification mechanism
US11972029B2 (en) System and method for providing trusted links between applications
WO2013067282A1 (en) Receipt processing and access service
US11580531B2 (en) Systems and methods for minimizing user interactions for cardholder authentication
US20190124157A1 (en) System and Method for Processing Context Data for Interaction Sessions
US20240211913A1 (en) Secure real-time transactions
SE531960C2 (en) Method of securely executing a payment transaction
TWM609198U (en) Online transaction management system
TWI753679B (en) Online transaction management method and system
US11257063B2 (en) Telephone call purchase with payment using mobile payment device
US20220122138A1 (en) Systems and methods for real time system onboarding using identifier pooling
KR101587475B1 (en) Method for loan transaction without visitation, Apparatus and computer program therefor
US20210326890A1 (en) System and method for providing temporal card verification value (cvv) for secure online transaction processing
TW201837820A (en) Automatic financial transaction management system and control method thereof having a processing unit to receive an automatic transaction setting of a registered user, and transmit an adding or enabling message of host to a cloud platform system to request the cloud platform system to add or enable a virtual host
CA3081898A1 (en) System and method for providing trusted links between applications
JP2020187570A (en) Document preparation system, document preparation method and server device
US20200242612A1 (en) Initiating resource event processing across international real-time processing networks
US20240005308A1 (en) System and method for a cross-platform key across digital wallet providers
US20220051232A1 (en) Payment information correlation system and method
US20230289792A1 (en) System and Method for Authorizing Temporary Use of Accounts