TWI765416B - Method and system for applying services across servers - Google Patents

Method and system for applying services across servers Download PDF

Info

Publication number
TWI765416B
TWI765416B TW109140225A TW109140225A TWI765416B TW I765416 B TWI765416 B TW I765416B TW 109140225 A TW109140225 A TW 109140225A TW 109140225 A TW109140225 A TW 109140225A TW I765416 B TWI765416 B TW I765416B
Authority
TW
Taiwan
Prior art keywords
server module
service
user
server
authentication data
Prior art date
Application number
TW109140225A
Other languages
Chinese (zh)
Other versions
TW202222089A (en
Inventor
周子恆
黃子玲
鄭惠宇
黃詠傑
戢晧維
Original Assignee
玉山商業銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 玉山商業銀行股份有限公司 filed Critical 玉山商業銀行股份有限公司
Priority to TW109140225A priority Critical patent/TWI765416B/en
Application granted granted Critical
Publication of TWI765416B publication Critical patent/TWI765416B/en
Publication of TW202222089A publication Critical patent/TW202222089A/en

Links

Images

Abstract

A method and a system for applying services across servers are provided. The system provides a first server, a second server and a temporary storage that is used to buffer user authentication data. A user can send a request of first service to the first server via a user device. In the meantime, user authentication data is also transmitted to the first server. The first server reviews the request of first service. The user authentication data is then buffered to the temporary storage. When the user sends another request of second service to the second server, the second server can retrieve the user authentication data from the temporary storage after getting authorization from the user, and afterwards reviews the request of second service.

Description

跨伺服器申請服務的方法與系統Method and system for applying for services across servers

說明書提出一種申請服務的方法,特別是一種利用暫存使用者認證資料以實現跨伺服器申請服務的方法與系統。The specification proposes a method for applying for a service, especially a method and system for applying for a service across servers by using temporarily stored user authentication data.

若有需要某公司、企業所提出的服務時,常見的作法除了利用紙本提出申請外,還有連上申請此服務的網頁,使用者可根據網頁的引導填寫相關資料(可稱使用者認證資料)到對應的欄位上,經確認提交內容、儲存與使用者身份驗證等程序後,傳送出申請服務的表單。If there is a need for a service provided by a company or enterprise, the common practice is not only to apply on paper, but also to connect to the webpage for applying for this service. Users can fill in relevant information according to the guidance of the webpage (which can be called user authentication information) to the corresponding field, and after confirming the submitted content, storage and user identity verification and other procedures, the form for applying for the service will be sent out.

接著,若使用者之後又要提出另一服務申請,同樣地除了紙本申請外,還要再次連線申請服務的網頁與填寫相關資料後提交服務申請。若還有更多服務申請,使用者仍需要執行相同的動作。Then, if the user wants to submit another service application later, in addition to the paper application, he also needs to re-connect to the application page for the service and fill in the relevant information to submit the service application. If there are more service requests, the user still needs to perform the same action.

習知技術中,仍有可以稍微簡化填寫一些欄位資料的方案,例如通過網頁瀏覽器上儲存欄位的功能,在下次有相關欄位要填寫時,可以直接引入至對應欄位上,不過,習知技術因為個資保護或是技術限制,仍僅能應用如電子郵件等不涉及安全性的基本資料而已。In the prior art, there are still solutions that can simplify the filling of some fields, for example, through the function of storing fields on a web browser, when there is a related field to be filled in next time, it can be directly imported into the corresponding field, but However, due to personal information protection or technical limitations, the conventional technology can still only be applied to basic information that does not involve security, such as e-mail.

為了提出兼顧方便、快速與安全性的資料交換方案,並且可重複利用用於不同服務申請的應用上,揭露書提出一種跨伺服器申請服務的方法與系統。In order to propose a data exchange solution that takes both convenience, speed and security into consideration, and can be reused for applications of different service applications, the disclosure proposes a method and system for applying for services across servers.

所提出的跨伺服器申請服務的系統主要提出有一第一伺服模組,用於接收使用者提出申請第一服務的請求,並審核第一服務的申請;有一第二伺服模組,用於接收使用者申請第二服務的請求,也審核第二服務的申請;系統另設有一檔案伺服模組,用於暫存可交換於不同伺服模組之間的使用者認證資料。The proposed system for applying for services across servers mainly proposes a first server module for receiving a user's request for applying for the first service and reviewing the application for the first service; and a second server module for receiving When the user applies for the second service, the application for the second service is also checked; the system is further provided with a file server module for temporarily storing user authentication data that can be exchanged between different server modules.

在一實施方案中,檔案伺服模組實現一暫存區,暫存區可設於第一伺服模組中、第二伺服模組中,或為一獨立運作的檔案伺服器,能以安全加密技術暫存經過使用者授權而取得的使用者認證資料。所述第一伺服模組、第二伺服模組與檔案伺服模組可以同為一個伺服系統中提供不同服務的功能模組,或是為分別提供不同服務的不同伺服器。In one embodiment, the file server module implements a temporary storage area, and the temporary storage area can be set in the first server module, in the second server module, or as an independent file server, which can be encrypted with security. The technology temporarily stores user authentication data obtained through user authorization. The first servo module, the second servo module and the file servo module can be the same as functional modules providing different services in the same server system, or can be different servers providing different services respectively.

系統所執行的跨伺服器申請服務的方法步驟包括以使用者裝置連線第一伺服模組後,提出第一服務的申請,並由第一伺服模組審核第一服務的申請,接著使用者裝置傳送使用者認證資料至第一伺服模組,並暫存於檔案伺服模組中,接著,當使用者裝置連線第二伺服模組並提出第二服務的申請時,第二伺服模組可經授權而由檔案伺服模組取得使用者認證資料,使用者不用重複提出申請資料,即可由第二伺服模組審核第二服務的申請。The method and steps of the cross-server application service performed by the system include connecting the first server module with the user device, submitting an application for the first service, and the first server module examines the application for the first service, and then the user The device transmits the user authentication data to the first server module and temporarily stores it in the file server module. Then, when the user device connects to the second server module and applies for the second service, the second server module The user authentication data can be obtained by the file server module upon authorization, and the user can check the application of the second service by the second server module without repeatedly submitting the application data.

優選地,所述經暫存的使用者認證資料可設有一時效性,當使用者認證資料於儲存於暫存區後一設定時間後即被自動刪除,如此可以適當地保護使用者個人隱私資料。Preferably, the temporarily stored user authentication data can be provided with a time limit, and the user authentication data will be automatically deleted after a set period of time after being stored in the temporary storage area, so that the user's personal privacy data can be properly protected. .

為使能更進一步瞭解本發明的特徵及技術內容,請參閱以下有關本發明的詳細說明與圖式,然而所提供的圖式僅用於提供參考與說明,並非用來對本發明加以限制。For a further understanding of the features and technical content of the present invention, please refer to the following detailed descriptions and drawings of the present invention. However, the drawings provided are only for reference and description, and are not intended to limit the present invention.

以下是通過特定的具體實施例來說明本發明的實施方式,本領域技術人員可由本說明書所公開的內容瞭解本發明的優點與效果。本發明可通過其他不同的具體實施例加以施行或應用,本說明書中的各項細節也可基於不同觀點與應用,在不悖離本發明的構思下進行各種修改與變更。另外,本發明的附圖僅為簡單示意說明,並非依實際尺寸的描繪,事先聲明。以下的實施方式將進一步詳細說明本發明的相關技術內容,但所公開的內容並非用以限制本發明的保護範圍。The following are specific embodiments to illustrate the embodiments of the present invention, and those skilled in the art can understand the advantages and effects of the present invention from the content disclosed in this specification. The present invention can be implemented or applied through other different specific embodiments, and various details in this specification can also be modified and changed based on different viewpoints and applications without departing from the concept of the present invention. In addition, the drawings of the present invention are merely schematic illustrations, and are not drawn according to the actual size, and are stated in advance. The following embodiments will further describe the related technical contents of the present invention in detail, but the disclosed contents are not intended to limit the protection scope of the present invention.

應當可以理解的是,雖然本文中可能會使用到“第一”、“第二”、“第三”等術語來描述各種元件或者信號,但這些元件或者信號不應受這些術語的限制。這些術語主要是用以區分一元件與另一元件,或者一信號與另一信號。另外,本文中所使用的術語“或”,應視實際情況可能包括相關聯的列出項目中的任一個或者多個的組合。It should be understood that although terms such as "first", "second" and "third" may be used herein to describe various elements or signals, these elements or signals should not be limited by these terms. These terms are primarily used to distinguish one element from another element, or a signal from another signal. In addition, the term "or", as used herein, should include any one or a combination of more of the associated listed items, as the case may be.

若能有效利用使用者認證資料在不同的服務申請中,可避免使用者重複填寫資料的麻煩,以一暫存區保留資料外,更提出安全保密措施,提供使用者安全、快速且安全的跨伺服器申請服務的解決方案,根據揭露書所提出的跨伺服器申請服務的系統實施例,可以參考圖1顯示跨伺服器申請服務的系統架構實施例示意圖,並可參考圖2所示系統實現跨伺服器申請服務的方法實施例流程圖。If the user authentication information can be effectively used in different service applications, it can avoid the trouble for users to fill in the information repeatedly. In addition to retaining the information in a temporary storage area, security and confidentiality measures are also proposed to provide users with a safe, fast and secure cross-connection. The solution to the server application service, according to the system embodiment of the cross-server application service proposed in the disclosure, can refer to FIG. A flowchart of an embodiment of a method for applying for services across servers.

此例顯示跨伺服器申請服務的系統設有提供不同服務的第一伺服器11與第二伺服器12,然而更可以延伸至更多伺服器所提供的服務,系統更提出一檔案伺服器13,這是用於暫存使用者申請特定服務時所提供的使用者認證資料,一旦經使用者授權,第一伺服器11、第二伺服器12或是更多伺服器都可以共享檔案伺服器13所儲存的使用者認證資料。This example shows that the system for applying for services across servers has a first server 11 and a second server 12 that provide different services. However, it can be extended to services provided by more servers. The system also proposes a file server 13 , which is used to temporarily store the user authentication data provided by the user when applying for a specific service. Once the user is authorized, the first server 11, the second server 12 or more servers can share the file server 13 Stored user authentication data.

跨伺服器申請服務的系統提供使用者利用使用者裝置15經網路10對任一伺服器提出服務請求。舉例來說,若以金融系統而言,第一伺服器11、第二伺服器12或是更多伺服器可以是金融機構中提供不同服務,所述服務可以是申請數位帳戶、證券戶以及信用卡戶的申請服務,這些服務都需要使用者提供重要而隱私的資料,因此需要具有安全防護的儲存技術。所述方法所適用的服務也不排除金融業外的服務,如電信服務等。在所述跨伺服器申請服務的方法中,可以讓使用者可以一次同意申請多個服務,使用者的認證資料將暫存於檔案伺服器13內,當有任何服務經過使用者允許與授權,第一伺服器11或第二伺服器12可自檔案伺服器13取得暫存的使用者認證資料,直接審核多個服務,使用者不必要逐一提出申請。The system for applying for services across servers provides the user to make a service request to any server through the network 10 by using the user device 15 . For example, in the case of a financial system, the first server 11, the second server 12 or more servers may provide different services in financial institutions, and the services may be applying for digital accounts, securities accounts and credit cards These services require users to provide important and private information, so storage technology with security protection is required. The services to which the method is applicable also do not exclude services outside the financial industry, such as telecommunication services. In the cross-server application service method, the user can agree to apply for multiple services at one time, and the user's authentication data will be temporarily stored in the file server 13. When any service is approved and authorized by the user, The first server 11 or the second server 12 can obtain the temporarily stored user authentication data from the file server 13 to directly check multiple services, and users do not need to apply one by one.

根據圖2描述的流程,一開始,如流程步驟S101,使用者操作使用者裝置15中的軟體程式(如網頁瀏覽器或特定應用程式)連線第一伺服器11,並根據第一伺服器11提供的申請表單填寫資料(產生全部或部份的使用者認證資料),以申請第一服務,同時也傳遞了使用者認證資料至第一伺服器11。According to the process described in FIG. 2 , at the beginning, as in process step S101 , the user operates a software program (such as a web browser or a specific application) in the user device 15 to connect to the first server 11 , and according to the first server The application form provided by 11 fills in the data (generates all or part of the user authentication data) to apply for the first service, and also transmits the user authentication data to the first server 11 .

第一伺服器11接著根據使用者提供的申請資料審核是否同意提供服務,此時,如步驟S103,第一伺服器11經授權後可將使用者提供的使用者認證資料(可以是全部或部份)暫存在檔案伺服器13中。檔案伺服器13中設有儲存資料的資料庫與相關安全加密措施,使得使用者認證資料可以根據使用者識別資料(如user ID)安全地暫存在檔案伺服器13中。The first server 11 then verifies whether to agree to provide the service according to the application information provided by the user. At this time, as in step S103, the first server 11 can use the user authentication information (which may be all or part of the user authentication information provided by the user) after being authorized. copies) are temporarily stored in the file server 13. The file server 13 is provided with a database for storing data and related security encryption measures, so that the user authentication data can be safely temporarily stored in the file server 13 according to user identification data (eg, user ID).

接著,如步驟S105,當使用者通過使用者裝置15連線第二伺服器12,並向第二伺服器12申請第二服務,這時第二伺服器12可以經過授權允許而向檔案伺服器13取得使用者認證資料,檔案伺服器13中運作的電腦程序可以根據第二伺服器12提供的使用者識別資料取出(解密)使用者認證資料(部份或全部),再提供給第二伺服器12。之後即如步驟S107,進行申請第二服務的程序,由第二伺服器12審核第二服務的申請。Next, in step S105 , when the user connects to the second server 12 through the user device 15 and applies for the second service to the second server 12 , the second server 12 can request the file server 13 through authorization. After obtaining the user authentication data, the computer program running in the file server 13 can extract (decrypt) the user authentication data (part or all) according to the user identification data provided by the second server 12, and then provide it to the second server 12. Then, as in step S107, the procedure of applying for the second service is performed, and the second server 12 examines the application for the second service.

一般來說,在保護客戶隱私資料的原則下,當使用者提出不同的服務申請(如對客戶資料具有高度安全性要求的金融服務),若沒有經過使用者同意,認證資料不應相互流通。而在揭露書所提出的跨伺服器申請服務的方法中,可以在使用者授權下,不同服務申請可以通過所述檔案伺服器13共享使用者認證資料,因此可以快速而方便地讓使用者在伺服系統中申請多種服務。Generally speaking, under the principle of protecting customer privacy data, when users apply for different services (such as financial services with high security requirements for customer data), the authentication data should not be exchanged without the user's consent. In the cross-server application service method proposed in the disclosure, different service applications can share user authentication data through the file server 13 under the authorization of the user, so that the user can quickly and conveniently Apply for a variety of services in the servo system.

值得一提的是,所述第一伺服器11、第二伺服器12與檔案伺服器13除了為分別提供不同服務的不同伺服器,也可以是由軟體程式與硬體搭配的功能模組,分別形成了第一伺服模組、第二伺服模組與檔案伺服模組,這些功能模組可以同為一個伺服系統中提供不同服務的功能模組。更者,所述檔案伺服模組實現一暫存區,暫存區可以為實體儲存裝置或是設於第一伺服模組、第二伺服模組或為一獨立運作的檔案伺服器的記憶體中,並以一安全加密技術暫存經過使用者授權而取得的使用者認證資料。其中獨立運作的檔案伺服器可以是伺服系統中的某一獨立運作的資料庫,或是第三方提出的儲存器。It is worth mentioning that the first server 11 , the second server 12 and the file server 13 are not only different servers providing different services, but also function modules that are combined with software programs and hardware. A first servo module, a second servo module and a file servo module are respectively formed, and these function modules can be the function modules that provide different services in one servo system. Furthermore, the file servo module implements a temporary storage area, and the temporary storage area can be a physical storage device or a memory provided in the first servo module, the second servo module or an independently operating file server. , and use a secure encryption technology to temporarily store the user authentication data obtained by the user's authorization. The independently operating file server may be an independently operating database in the server system, or a storage provided by a third party.

相關流程可參考圖3顯示運行於使用者裝置31、第一伺服模組33、檔案伺服模組35以及第二伺服模組37之間的跨伺服器申請服務的方法實施例流程圖。For the related process, please refer to FIG. 3 , which shows a flowchart of an embodiment of a method for applying for a service across servers running among the user device 31 , the first server module 33 , the file server module 35 , and the second server module 37 .

一開始由使用者裝置31向第一伺服模組33提出第一服務的請求(步驟S301),這時,第一伺服模組33產生一服務介面(步驟S303),要求驗證使用者身份(步驟S305)。其中第一伺服模組33驗證使用者身份的方式可利用密碼、一次式密碼(OTP)、自然人憑證或其他驗證方式,例如其他第三方的驗證結果(如聯徵結果)等驗證方式,以確認使用者身份。Initially, the user device 31 submits a request for the first service to the first server module 33 (step S301 ). At this time, the first server module 33 generates a service interface (step S303 ) to request the user identity verification (step S305 ). ). The first servo module 33 may use a password, a one-time password (OTP), a natural person certificate, or other verification methods, such as verification results of other third parties (such as joint test results), to confirm the user's identity. User identity.

接著使用者通過使用者裝置31產生並傳遞使用者認證資料,以申請第一服務(步驟S307),再由第一伺服模組33審核使用者發出的第一服務申請(步驟S309)。在此例中,當第一伺服模組33完成審核後,可將審核結果傳遞給使用者裝置31(步驟S311),其中還可包括申請第二服務的連結。舉例來說,以申請金融服務為例,當使用者完成信用卡申請時,相關頁面可以接續推薦使用者申請貸款業務,根據所述跨伺服器申請服務的方法實施例,讓後續的申請服務可以取得第一次申請時提供的使用者認證資料,可以改善重複填寫使用者認證資料的不便。Next, the user generates and transmits user authentication data through the user device 31 to apply for the first service (step S307 ), and the first server module 33 checks the first service application issued by the user (step S309 ). In this example, after the first servo module 33 completes the verification, it can transmit the verification result to the user device 31 (step S311 ), which can also include a link to apply for the second service. For example, taking applying for financial services as an example, when a user completes a credit card application, the relevant page can continue to recommend the user to apply for a loan business. According to the method embodiment of the cross-server application service, subsequent application services can obtain The user authentication information provided at the first application can improve the inconvenience of repeatedly filling in the user authentication information.

在這個時間點,經過使用者授權,第一伺服模組33可以將使用者提出第一服務申請所提供的使用者認證資料暫存於檔案伺服模組35中(步驟S313)。在一實施例中,在檔案伺服模組35中,經暫存的使用者認證資料可設有一時效性,也就是設定資料失效的時間,當使用者認證資料於儲存於此暫存區後一設定時間後即被自動刪除。若檔案伺服模組35中的使用者認證資料被刪除後,日後要申請任一服務時,使用者就需要重新提供認證資料。At this point in time, after the user's authorization, the first server module 33 can temporarily store the user authentication data provided by the user for the first service application in the file server module 35 (step S313 ). In one embodiment, in the file server module 35, the temporarily stored user authentication data may be provided with a validity period, that is, the set data expiration time, when the user authentication data is stored in the temporary storage area a later It will be deleted automatically after the set time. If the user authentication data in the file server module 35 is deleted, the user needs to provide the authentication data again when applying for any service in the future.

使用者裝置31接著向第二伺服模組37 請求第二服務(步驟S315),同時也將使用者識別資料(user ID)傳送給第二伺服模組37,同樣地,第二伺服模組37也可通過密碼、一次式密碼、自然人憑證或其他驗證方式確認使用者身份(步驟S317)。之後,第二伺服模組37根據所得到的使用者識別資料向檔案伺服模組35請求使用者認證資料(步驟S319),經確認使用者授權後,也自檔案伺服模組35取得使用者認證資料(步驟S321),讓第二伺服模組37根據所取得的使用者認證資料審核使用者提出的第二服務的申請(步驟S323)。The user device 31 then requests the second server module 37 for the second service (step S315 ), and also transmits the user identification data (user ID) to the second server module 37 . Similarly, the second server module 37 The user's identity can also be confirmed through a password, a one-time password, a natural person certificate or other verification methods (step S317). After that, the second server module 37 requests the user authentication data from the file server module 35 according to the obtained user identification data (step S319 ). After confirming the user authorization, the second server module 37 also obtains user authentication from the file server module 35 . data (step S321 ), let the second servo module 37 verify the application for the second service proposed by the user according to the obtained user authentication data (step S323 ).

根據以上流程實施例,所述第一伺服模組33與第二伺服模組37分別提供的第一服務與第二服務可為金融機構提供的多種金融服務,經過使用者授權,可使得多種金融服務都可通過檔案伺服模組35共享使用者認證資料,針對申請資料有高度重複的服務,可以讓使用者順利提出申請。其中,可參考圖4實施例流程,在使用者通過使用者裝置31傳送使用者認證資料至第一伺服模組33時(如步驟S305),同時使用者還可通過申請服務的介面授權第二伺服模組37至檔案伺服模組35中取得使用者認證資料。相關實施例流程可參考圖4。According to the above process embodiment, the first service and the second service respectively provided by the first servo module 33 and the second servo module 37 can be various financial services provided by financial institutions. All services can share user authentication data through the file server module 35 , and for services with highly repetitive application data, users can smoothly apply. 4 , when the user transmits the user authentication data to the first servo module 33 through the user device 31 (such as step S305 ), the user can also authorize the second server through the service application interface. The server module 37 obtains user authentication data from the file server module 35 . Refer to FIG. 4 for the flow of the related embodiment.

在圖4中,一開始第一伺服器通過服務介面接收使用者裝置連線(步驟S401),也通過服務介面驗證使用者身份(步驟S403),並接收第一服務申請與使用者認證資料(步驟S405),同時,在所述服務介面上還提供使用者可以向第二伺服器申請第二服務的信息,如一個推薦廣告,一旦使用者同意後,即通過服務介面授權第二伺服器可以取得本次由使用者提交的使用者認證資料(步驟S407)。In FIG. 4 , the first server initially receives the connection of the user device through the service interface (step S401 ), verifies the user identity through the service interface (step S403 ), and receives the first service application and user authentication data ( Step S405), at the same time, the information that the user can apply for the second service from the second server is also provided on the service interface, such as a recommended advertisement. Once the user agrees, the second server can be authorized through the service interface. The user authentication data submitted by the user this time is acquired (step S407 ).

在流程中,第一伺服器一方面審核本次第一服務的申請(步驟S409),第一伺服器另一方面將使用者認證資料儲存至檔案伺服器(步驟S411)。第一伺服器於完成審核後,可以將審核結果告知使用者。In the process, on the one hand, the first server verifies the application for the first service this time (step S409 ), and on the other hand, the first server stores the user authentication data in the file server (step S411 ). After completing the review, the first server may notify the user of the review result.

檔案伺服器可以對每一筆使用者認證資料設定一時效性,也就是資料失效的期限,因此,使用者可以在此規定的期限內向第二伺服器提出第二服務的申請。在流程中,第二伺服器接收使用者裝置連線(步驟S413),接著通過服務介面接收第二服務申請,其中可包括使用者識別資料(步驟S415),使得第二伺服器可以此使用者識別資料向檔案伺服器提出取得使用者認證資料的請求,確認後,第二伺服器取得使用者認證資料(步驟S417),也就能直接審核第二服務的申請(步驟S419)。The file server can set a time limit for each piece of user authentication data, that is, a time limit for data expiration. Therefore, the user can apply for the second service to the second server within the specified time limit. In the process, the second server receives the user device connection (step S413 ), and then receives a second service application through the service interface, which may include user identification information (step S415 ), so that the second server can access the user The identification data submits a request to the file server to obtain the user authentication data, and after confirmation, the second server obtains the user authentication data (step S417 ), and can directly examine the application for the second service (step S419 ).

在另一實施例中,使用者可能不會在申請第一服務時即授權第二伺服器自檔案伺服器取得使用者認證資料,而是在向第二伺服器提出第二服務的申請時,才授權第二伺服器至檔案伺服器中取得使用者認證資料。實施例可參考圖5所示的流程圖。In another embodiment, the user may not authorize the second server to obtain user authentication data from the file server when applying for the first service, but when applying for the second service to the second server, The second server is authorized to obtain user authentication data from the file server. For an embodiment, reference may be made to the flowchart shown in FIG. 5 .

同理,一開始第一伺服器自使用者裝置接收申請第一服務的請求與使用者認證資料(步驟S501),第一伺服器即審核第一服務的申請(步驟S503),也將使用者認證資料儲存至檔案伺服器中(步驟S505)。Similarly, at the beginning, the first server receives the request for applying for the first service and the user authentication data from the user device (step S501 ). The authentication data is stored in the file server (step S505 ).

之後,第二伺服器接收使用者裝置所發出的申請第二服務的請求,其中還包括了使用者識別資料以及授權取得使用者認證資料(步驟S507),使得第二伺服器可從檔案伺服器取得使用者認證資料(步驟S509),並直接審核第二服務的申請(步驟S511)。After that, the second server receives the request for applying for the second service sent by the user device, which also includes the user identification information and authorization to obtain the user authentication information (step S507 ), so that the second server can obtain the user authentication information from the file server. Obtain user authentication data (step S509 ), and directly examine the application for the second service (step S511 ).

綜上所述,根據以上實施例,其中第一伺服器(或模組)與第二伺服器(或模組)接收到使用者裝置發出的服務申請請求時,會先確認使用者身份,並且向使用者裝置傳送出服務介面,如以網頁介面或是特定應用程式產生的使用者介面呈現的服務介面,經使用者填寫後產生第一同意書後,也將其中使用者認證資料傳送到檔案伺服器(或模組),同時也能授權第二伺服器取得使用者認證資料,以便申請第二服務,產生第二同意書,其中可以將使用者認證資料自動套用申請服務的表格而產生第二同意書。最後第一伺服器與第二伺服器即分別審核第一同意書與第二同意書。值得一提的是,所提出的方案除了可重複授權使用的特點外,所述檔案伺服器可以對其中的使用者認證資料設定時效性,以此措施實現個資的資料刪除權(或稱被遺忘權),也實現資料可攜權等符合如歐盟資料保護(GDPR)的精神。To sum up, according to the above embodiments, when the first server (or module) and the second server (or module) receive the service application request sent by the user device, they will first confirm the user identity, and Send the service interface to the user device, such as the service interface presented by a web interface or a user interface generated by a specific application, after the user fills in and generates the first consent form, the user authentication information is also sent to the file The server (or module) can also authorize the second server to obtain user authentication information in order to apply for the second service and generate a second consent form, in which the user authentication information can be automatically applied to the service application form to generate the first 2. Consent. Finally, the first server and the second server review the first consent form and the second consent form respectively. It is worth mentioning that, in addition to the characteristics of re-authorization of the proposed solution, the file server can set a timeliness for the user authentication data in it, so as to realize the data deletion right of personal data (or called the right to be deleted). The right to forget), and also realize the right to data portability in line with the spirit of the European Union Data Protection (GDPR).

以上所公開的內容僅為本發明的優選可行實施例,並非因此侷限本發明的申請專利範圍,所以凡是運用本發明說明書及圖式內容所做的等效技術變化,均包含於本發明的申請專利範圍內。The contents disclosed above are only preferred feasible embodiments of the present invention, and are not intended to limit the scope of the present invention. Therefore, any equivalent technical changes made by using the contents of the description and drawings of the present invention are included in the application of the present invention. within the scope of the patent.

10:網路 15:使用者裝置 11:第一伺服器 12:第二伺服器 13:檔案伺服器 31:使用者裝置 33:第一伺服模組 35:檔案伺服模組 37:第二伺服模組 步驟S101~S107:跨伺服器申請服務的流程 步驟S301~S323:跨伺服器申請服務的流程 步驟S401~S419:跨伺服器申請服務的流程 步驟S501~S511:跨伺服器申請服務的流程 10: Internet 15: User device 11: The first server 12: Second server 13: File server 31: User device 33: The first servo module 35: File Servo Module 37: Second Servo Module Steps S101 to S107: the process of applying for services across servers Steps S301-S323: the process of applying for services across servers Steps S401 to S419: the process of applying for services across servers Steps S501-S511: the process of applying for services across servers

圖1顯示跨伺服器申請服務的系統架構實施例示意圖;FIG. 1 shows a schematic diagram of an embodiment of a system architecture for cross-server application service;

圖2顯示系統實現跨伺服器申請服務的方法實施例流程圖;FIG. 2 shows a flow chart of an embodiment of a method for implementing a cross-server application service by the system;

圖3顯示跨伺服器申請服務的方法實施例流程圖;3 shows a flowchart of an embodiment of a method for applying for services across servers;

圖4顯示跨伺服器申請服務的方法實施範例之一流程圖;以及FIG. 4 shows a flow chart of one embodiment of a method for applying for a service across servers; and

圖5顯示跨伺服器申請服務的方法實施範例之二流程圖。FIG. 5 shows a flowchart of the second embodiment of the method for applying for services across servers.

31:使用者裝置 31: User device

33:第一伺服模組 33: The first servo module

35:檔案伺服模組 35: File Servo Module

37:第二伺服模組 37: Second Servo Module

S301:請求第一服務 S301: Request the first service

S303:要求驗證身份 S303: Authentication required

S305:傳遞使用者認證資料 S305: Pass user authentication data

S307:申請第一服務 S307: Apply for the first service

S309:審核 S309: Review

S311:審核結果 S311: Audit result

S313:暫存使用者認證資料 S313: Temporarily store user authentication data

S315:請求第二服務 S315: Request the second service

S317:確認使用者身份 S317: Confirm user identity

S319:請求使用者認證資料 S319: Request user authentication data

S321:取得使用者認證資料 S321: Obtain user authentication data

S323:審核 S323: Audit

Claims (6)

一種跨伺服器申請服務的方法,包括:一使用者裝置連線一第一伺服模組,並發出申請一第一服務的請求,由該第一伺服模組審核該第一服務的申請;該使用者裝置傳送一使用者認證資料至該第一伺服模組,由該第一伺服模組暫存該使用者認證資料至一檔案伺服模組,其中該檔案伺服模組實現設於該第一伺服模組、該第二伺服模組或一獨立運作的檔案伺服器中的一暫存區,該檔案伺服模組以一安全加密技術暫存經過一使用者授權而取得的該使用者認證資料;以及該使用者裝置連線一第二伺服模組,該使用者裝置向該第二伺服模組發出申請一第二服務的請求,此時才授權該第二伺服模組由該檔案伺服模組取得該使用者認證資料,由該第二伺服模組審核該第二服務的申請。 A method for applying for a service across servers, comprising: a user device connects to a first server module, and sends a request for applying for a first service, and the first server module examines the application for the first service; the The user device transmits a user authentication data to the first server module, and the first server module temporarily stores the user authentication data to a file server module, wherein the file server module is implemented in the first server module. A temporary storage area in the servo module, the second servo module or an independently operating file server, the file server module temporarily stores the user authentication data obtained through a user's authorization by a secure encryption technology ; and the user device is connected to a second server module, the user device sends a request for a second service to the second server module, and then authorizes the second server module to be served by the file server module The group obtains the user authentication data, and the second server module examines the application for the second service. 如請求項1所述的跨伺服器申請服務的方法,其中經暫存的該使用者認證資料設有一時效性,當該使用者認證資料於儲存於該暫存區後一設定時間後即被自動刪除。 The method for applying for services across servers as claimed in claim 1, wherein the temporarily stored user authentication data has a time limit, and when the user authentication data is stored in the temporary storage area after a set period of time, it will be Deleted automatically. 一種跨伺服器申請服務的系統,包括:一第一伺服模組,接收一使用者裝置提出申請一第一服務的請求,並審核該第一服務的申請;一第二伺服模組,接收該使用者裝置提出申請一第二服務的請求,並審核該第二服務的申請;一檔案伺服模組,用以儲存一使用者認證資料;其中該跨伺服器申請服務的系統執行步驟包括:該使用者裝置連線該第一伺服模組,提出該第一服務的申請,由該第一伺服模組審核該第一服務的申請;該使用者裝置傳送該使用者認證資料至該第一伺服模組, 並暫存於該檔案伺服模組中,其中該檔案伺服模組實現設於該第一伺服模組、該第二伺服模組或一獨立運作的檔案伺服器中的一暫存區,該檔案伺服模組以一安全加密技術暫存經過一使用者授權而取得的該使用者認證資料;以及該使用者裝置連線該第二伺服模組,該使用者裝置向該第二伺服模組提出該第二服務的申請,此時才授權該第二伺服模組由該檔案伺服模組取得該使用者認證資料,由該第二伺服模組審核該第二服務的申請。 A system for applying for services across servers, comprising: a first server module for receiving a request from a user device to apply for a first service, and reviewing the application for the first service; a second server module for receiving the The user device makes a request for applying for a second service, and examines the application for the second service; a file server module is used to store a user authentication data; wherein the system execution steps of the cross-server application service include: the The user device connects to the first server module, submits an application for the first service, and the first server module examines the application for the first service; the user device transmits the user authentication data to the first server module, and temporarily stored in the file server module, wherein the file server module implements a temporary storage area set in the first server module, the second server module or an independently operating file server, the file The server module temporarily stores the user authentication data obtained through a user's authorization by a secure encryption technology; and the user device is connected to the second server module, and the user device submits a request to the second server module When applying for the second service, the second server module is authorized to obtain the user authentication data from the file server module, and the second server module examines the application for the second service. 如請求項3所述的跨伺服器申請服務的系統,其中該第一伺服模組、該第二伺服模組與該檔案伺服模組同為一個伺服系統中提供不同服務的功能模組,或是為分別提供不同服務的不同伺服器。 The system for applying for services across servers as described in claim 3, wherein the first servo module, the second servo module and the file server module are the same function modules that provide different services in the same server system, or It is for different servers that provide different services. 如請求項3或4所述的跨伺服器申請服務的系統,其中經暫存的該使用者認證資料設有一時效性,當該使用者認證資料於儲存於該暫存區後一設定時間後即被自動刪除。 The system for cross-server application service according to claim 3 or 4, wherein the temporarily stored user authentication data has a time limit, when the user authentication data is stored in the temporary storage area after a set period of time is automatically deleted. 如請求項5所述的跨伺服器申請服務的系統,其中該第一伺服模組與該第二伺服模組分別提供的該第一服務與該第二服務為一金融機構提供的多種金融服務,經過使用者授權,該多種金融服務通過該檔案伺服模組共享該使用者認證資料。 The system for applying for services across servers as claimed in claim 5, wherein the first service and the second service provided by the first server module and the second server module respectively are multiple financial services provided by a financial institution , after the user's authorization, the various financial services share the user authentication data through the file server module.
TW109140225A 2020-11-18 2020-11-18 Method and system for applying services across servers TWI765416B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW109140225A TWI765416B (en) 2020-11-18 2020-11-18 Method and system for applying services across servers

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW109140225A TWI765416B (en) 2020-11-18 2020-11-18 Method and system for applying services across servers

Publications (2)

Publication Number Publication Date
TWI765416B true TWI765416B (en) 2022-05-21
TW202222089A TW202222089A (en) 2022-06-01

Family

ID=82594498

Family Applications (1)

Application Number Title Priority Date Filing Date
TW109140225A TWI765416B (en) 2020-11-18 2020-11-18 Method and system for applying services across servers

Country Status (1)

Country Link
TW (1) TWI765416B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010127365A1 (en) * 2009-05-01 2010-11-04 Citrix Systems, Inc. Systems and methods for establishing a cloud bridge between virtual storage resources
US20190288996A1 (en) * 2017-03-17 2019-09-19 Verizon Patent And Licensing Inc. System and method for centralized authentication and authorization for cloud platform with multiple deployments

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2010127365A1 (en) * 2009-05-01 2010-11-04 Citrix Systems, Inc. Systems and methods for establishing a cloud bridge between virtual storage resources
US20190288996A1 (en) * 2017-03-17 2019-09-19 Verizon Patent And Licensing Inc. System and method for centralized authentication and authorization for cloud platform with multiple deployments

Also Published As

Publication number Publication date
TW202222089A (en) 2022-06-01

Similar Documents

Publication Publication Date Title
US11025419B2 (en) System for digital identity authentication and methods of use
US10887098B2 (en) System for digital identity authentication and methods of use
TWI576719B (en) Secure service for receiving sensitive information through nested iframes
US6931382B2 (en) Payment instrument authorization technique
US20090106138A1 (en) Transaction authentication over independent network
KR102137115B1 (en) System and method for certificate easily submission service support
US8959595B2 (en) Methods and systems for providing secure transactions
JP2020502865A (en) Managing blockchain sensitive transactions
CN110462658A (en) For providing system and method for the digital identity record to verify the identity of user
US20090271321A1 (en) Method and system for verification of personal information
WO2018222730A1 (en) System of hardware and software to prevent disclosure of personally identifiable information
JP2003510696A (en) Method and system for directory authenticating and executing electronic transactions involving uncertainty dependent payments via secure electronic bank bills
US20240095318A1 (en) Digital identity sign-up
US9825935B2 (en) Gateway facilitating document transactions and related methods
US11233772B1 (en) Methods and systems for secure cross-platform token exchange
WO2005072492A2 (en) Nonredirected authentication
TWI765416B (en) Method and system for applying services across servers
TWM608197U (en) System for applying services across servers
US20040236941A1 (en) Method for secure transfer of information
TW202101267A (en) Account data processing method and account data processing system ensuring that there is encryption protection when account data is returned to an electronic payment dealer
TWI718659B (en) Data transmission method with code verification and system thereof
TWI737139B (en) Personal data protection application system and personal data protection application method
KR20190058940A (en) Method for Inheriting Digital Information USING WELL DIEING LIFE MANAGEMENT SYSTEM
CN107360003A (en) Digital certificate signs and issues method, system, storage medium and mobile terminal
US20210272110A1 (en) Pseudonymous fiat currency transaction logger system and method for payment gateways