TWI801744B - Financial transaction device, method and system with non-contact authentication function - Google Patents

Financial transaction device, method and system with non-contact authentication function Download PDF

Info

Publication number
TWI801744B
TWI801744B TW109121585A TW109121585A TWI801744B TW I801744 B TWI801744 B TW I801744B TW 109121585 A TW109121585 A TW 109121585A TW 109121585 A TW109121585 A TW 109121585A TW I801744 B TWI801744 B TW I801744B
Authority
TW
Taiwan
Prior art keywords
user
financial
financial transaction
information
transaction
Prior art date
Application number
TW109121585A
Other languages
Chinese (zh)
Other versions
TW202201309A (en
Inventor
李嘉銘
廖卉
林宛儒
Original Assignee
玉山商業銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 玉山商業銀行股份有限公司 filed Critical 玉山商業銀行股份有限公司
Priority to TW109121585A priority Critical patent/TWI801744B/en
Publication of TW202201309A publication Critical patent/TW202201309A/en
Application granted granted Critical
Publication of TWI801744B publication Critical patent/TWI801744B/en

Links

Images

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A financial transaction device, a method and a system thereof with non-contact authentication function are provided. In the method, the financial transaction device receives a transaction data generated by a user’s operation, and activates a wireless sensing unit to sense an identification device held by a user and receive identification information therein. After verifying the user’s identity, a golden key can be retrieved from the identification device. A digital signature can be calculated using the key and an authentication data that is used to verify the user. After transmitting the transaction data signed with the digital signature to a financial transaction device server, authenticity of the transaction data can be confirmed when the digital signature is verified by an authentication server. Consequently, a financial server will treat the transaction data, and show a result to the user.

Description

具非接觸式認證的金融交易裝置、方法與系統Financial transaction device, method and system with contactless authentication

說明書公開一種金融交易裝置以及其中運行的方法,特別是指一種具非接觸式認證的金融交易裝置、方法與系統。The specification discloses a financial transaction device and a method thereof, in particular, a financial transaction device, method and system with non-contact authentication.

一般使用者操作如自動櫃員機(Automatic Teller Machine,ATM)等的金融交易裝置執行如存款、提款、轉帳、查詢餘額等金融服務,目前常見的使用者身份認證方式包括使用銀行提供的信用卡或金融卡,或是可以採用無卡存提款服務,或者自動櫃員機提供生物識別功能,目的都是確認使用者身份。General users operate financial transaction devices such as automatic teller machines (Automatic Teller Machine, ATM) to perform financial services such as deposits, withdrawals, transfers, and balance inquiries. Currently, common user identity authentication methods include using credit cards provided by banks or financial services. Card, or can use cardless deposit and withdrawal service, or automatic teller machine provides biometric function, the purpose is to confirm the identity of the user.

一旦完成身份認證,接著即操作自動櫃員機選擇要進行的服務,之後就是交由自動櫃員機以及銀行端的系統繼續後台程序,最後顯示出交易結果。Once the identity authentication is completed, then the ATM is operated to select the service to be performed, and then the ATM and the bank-side system continue the background process, and finally the transaction result is displayed.

說明書公開一種具非接觸式認證的金融交易裝置、方法與系統,其中金融交易裝置具有非接觸式感應的相關電路與功能,可以感應用於認證使用者身份的身份證明裝置,並據此處理使用者操作金融交易裝置產生的交易信息,經過安全的演算與處理後,可以在安全考量下完成交易。The description discloses a financial transaction device, method and system with non-contact authentication, wherein the financial transaction device has relevant circuits and functions of non-contact sensing, which can sense the identification device used to authenticate the user's identity, and process and use it accordingly After the transaction information generated by the operator operating the financial transaction device is safely calculated and processed, the transaction can be completed under security considerations.

根據實施例,所述具非接觸式認證的金融交易方法執行於金融交易裝置中,主要步驟包括以金融交易裝置接收使用者操作金融交易裝置啟始的使用者介面產生的一交易信息,接著啟動其中無線感應單元,用以感應使用者所持的身份證明裝置以接收其中無線識別晶片中的身份識別資訊,之後能根據身份識別資訊認證使用者的身份,再取得身份證明裝置的一金鑰。於金融交易裝置中,以此金鑰以及認證使用者身份時使用的一認證資訊演算一數位簽章,之後傳送以此數位簽章簽署的交易信息至一金融交易裝置服務器,並由一驗證伺服器驗證此數位簽章後,確認此筆交易信息的完整性,最後可自一金融伺服器接收處理交易信息的一交易結果。According to an embodiment, the financial transaction method with non-contact authentication is implemented in a financial transaction device, and the main steps include using the financial transaction device to receive a transaction information generated by the user interface initiated by the user operating the financial transaction device, and then start The wireless induction unit is used to sense the identification device held by the user to receive the identification information in the wireless identification chip, and then can authenticate the user's identity according to the identification information, and then obtain a key of the identification device. In the financial transaction device, a digital signature is calculated with the key and an authentication information used for authenticating the identity of the user, and then the transaction information signed with the digital signature is sent to a financial transaction device server, and a verification server After verifying the digital signature, the server confirms the integrity of the transaction information, and finally receives a transaction result of processing the transaction information from a financial server.

優選地,其中認證使用者身份時使用的認證資訊為要求使用者輸入的密碼或生物識別資料。所述身份證明裝置可為一具無線感應功能的裝置,例如為使用者所持的自一金融機構核發的認證卡片或經過金融機構認證的使用者裝置。Preferably, the authentication information used when authenticating the identity of the user is a password or biometric information required to be input by the user. The identity verification device can be a device with wireless sensing function, such as an authentication card issued by a financial institution held by the user or a user device authenticated by the financial institution.

所述具非接觸式認證的金融交易裝置的主要電路為控制電路,以及金融交易裝置中各電路元件,金融交易裝置設有無線感應單元,用以感應使用者手持並接近金融交易裝置的身份證明裝置,一金融交易服務模組,此為處理使用者在使用者介面上操作而產生的交易信息,以及用於連線金融交易裝置服務器的網路單元。The main circuit of the financial transaction device with non-contact authentication is the control circuit and the circuit components in the financial transaction device. The financial transaction device is equipped with a wireless sensing unit to sense the user's hand-held and close to the identity certificate of the financial transaction device. The device is a financial transaction service module, which is used to process the transaction information generated by the user's operation on the user interface, and a network unit for connecting to the server of the financial transaction device.

揭露書所提出的具非接觸式認證的金融交易系統則主要包括獨立運行或是以軟體模組運行於特定伺服系統中的金融伺服器,用以提供金融服務、金融交易裝置服務器,用以管理與處理設於各終端的金融交易裝置產生的信息,以及驗證伺服器,用以驗證各金融交易裝置傳送的信息。The financial transaction system with contactless authentication proposed in the disclosure mainly includes financial servers that operate independently or in a specific server system with software modules to provide financial services and financial transaction device servers to manage and processing the information generated by the financial transaction devices installed in each terminal, and a verification server for verifying the information transmitted by each financial transaction device.

所述方法即運行於系統中設於終端的金融交易裝置中。The method is run in the financial transaction device installed in the terminal in the system.

為使能更進一步瞭解本發明的特徵及技術內容,請參閱以下有關本發明的詳細說明與圖式,然而所提供的圖式僅用於提供參考與說明,並非用來對本發明加以限制。In order to further understand the features and technical content of the present invention, please refer to the following detailed description and drawings related to the present invention. However, the provided drawings are only for reference and description, and are not intended to limit the present invention.

以下是通過特定的具體實施例來說明本發明的實施方式,本領域技術人員可由本說明書所公開的內容瞭解本發明的優點與效果。本發明可通過其他不同的具體實施例加以施行或應用,本說明書中的各項細節也可基於不同觀點與應用,在不悖離本發明的構思下進行各種修改與變更。另外,本發明的附圖僅為簡單示意說明,並非依實際尺寸的描繪,事先聲明。以下的實施方式將進一步詳細說明本發明的相關技術內容,但所公開的內容並非用以限制本發明的保護範圍。The implementation of the present invention is described below through specific specific examples, and those skilled in the art can understand the advantages and effects of the present invention from the content disclosed in this specification. The present invention can be implemented or applied through other different specific embodiments, and various modifications and changes can be made to the details in this specification based on different viewpoints and applications without departing from the concept of the present invention. In addition, the drawings of the present invention are only for simple illustration, and are not drawn according to the actual size, which is stated in advance. The following embodiments will further describe the relevant technical content of the present invention in detail, but the disclosed content is not intended to limit the protection scope of the present invention.

應當可以理解的是,雖然本文中可能會使用到“第一”、“第二”、“第三”等術語來描述各種元件或者信號,但這些元件或者信號不應受這些術語的限制。這些術語主要是用以區分一元件與另一元件,或者一信號與另一信號。另外,本文中所使用的術語“或”,應視實際情況可能包括相關聯的列出項目中的任一個或者多個的組合。It should be understood that although terms such as "first", "second", and "third" may be used herein to describe various elements or signals, these elements or signals should not be limited by these terms. These terms are mainly used to distinguish one element from another element, or one signal from another signal. In addition, the term "or" used herein may include any one or a combination of more of the associated listed items depending on the actual situation.

有別於使用者在習知的自動櫃員機(ATM)或特定可執行金融服務的裝置(統稱金融交易裝置)上的操作與身份認證(如金融卡密碼)方式,揭露書公開一種具非接觸式認證的金融交易裝置、方法與系統,讓使用者可以一具非接觸式認證功能的身份證明裝置在支援無線識別技術的金融交易裝置進行身份認證,完成身份認證後可以其中安全資訊(如金鑰)繼續執行後續程序。Different from the user's operation and identity authentication (such as financial card password) on the known automatic teller machine (ATM) or specific financial service devices (collectively referred to as financial transaction devices), the disclosure discloses a contactless The authenticated financial transaction device, method, and system allow users to perform identity authentication on a financial transaction device that supports wireless identification technology with an identity verification device with a non-contact authentication function, and after completing the identity authentication, security information (such as a key) can be obtained. ) to continue the follow-up procedure.

所述金融交易系統的架構可參考圖1顯示的架構實施例示意圖,如圖所示,金融交易裝置103如設於各處終端的自動櫃員機或其他可以執行金融交易的裝置,特別的是,金融交易裝置103設有無線模組,用於執行無線身份識別的功能,可以感應使用者所持的身份證明裝置101,取得其中身份識別資訊,除了用以認證使用者身份外,其中儲存的安全資訊(如金鑰),可作為後續演算數位簽章(digital signature)的參數之一。The architecture of the financial transaction system can refer to the schematic diagram of an embodiment of the architecture shown in FIG. The transaction device 103 is equipped with a wireless module, which is used to implement the function of wireless identification. It can sense the identification device 101 held by the user and obtain the identification information in it. In addition to authenticating the user's identity, the security information stored therein ( Such as a key), which can be used as one of the parameters for the subsequent calculation of digital signatures.

金融交易裝置103通過網路10連線金融交易裝置服務器105,金融交易裝置服務器105用以管理與處理設於各終端的金融交易裝置103產生的信息,金融交易裝置103中產生的數位簽章以及所簽署的信息(如交易信息),可以通過網路10傳送到金融交易裝置服務器105,並繼續將數位簽章轉交驗證伺服器107進行簽章的驗證,驗證成功後可將交易信息轉送給提供金融服務的金融伺服器109。The financial transaction device 103 is connected to the financial transaction device server 105 through the network 10, and the financial transaction device server 105 is used to manage and process the information generated by the financial transaction device 103 located at each terminal, the digital signature and the digital signature generated in the financial transaction device 103. The signed information (such as transaction information) can be transmitted to the financial transaction device server 105 through the network 10, and continue to transfer the digital signature to the verification server 107 for signature verification. After the verification is successful, the transaction information can be forwarded to the provider. A financial server 109 for financial services.

根據實施例,所述驗證伺服器107可為一獨立運行的伺服主機,或是執行於特定伺服器中的軟體模組,用以驗證各金融交易裝置103傳送的信息。所述金融伺服器109可為金融機構(如銀行)中提供金融服務的伺服器,可為獨立運行的伺服主機,或是運行於特定主機中的軟體服務,所提供的金融服務可為提供給使用者通過金融交易裝置103選擇的多種服務項目,例如查詢餘額、轉帳、繳費、提款或存款等,經選擇其中之一後產生一交易信息,以提款為例,即產生一帳戶帳號與提款金額。According to an embodiment, the verification server 107 may be an independently running server host, or a software module executed in a specific server to verify the information transmitted by each financial transaction device 103 . The financial server 109 can be a server in a financial institution (such as a bank) that provides financial services, can be a server host running independently, or a software service running on a specific host, and the financial services provided can be provided to A variety of service items selected by the user through the financial transaction device 103, such as balance inquiry, transfer, payment, withdrawal or deposit, etc., will generate a transaction message after selecting one of them. Taking cash withdrawal as an example, an account number and Withdrawal amount.

使用者操作金融交易裝置103產生交易信息之前或是之後,金融交易裝置103可以要求驗證使用者身份,在所述具非接觸式認證的金融交易方法中,金融交易裝置103中無線身份識別的功能感應使用者所持的身份證明裝置101,可以要求輸入密碼認證其中身份識別資訊,並且還取得其中金鑰,金鑰與所述密碼可以作為以特定憑證演算方法演算數位簽章的參數。Before or after the user operates the financial transaction device 103 to generate transaction information, the financial transaction device 103 may require verification of the user's identity. In the financial transaction method with non-contact authentication, the wireless identity recognition function in the financial transaction device 103 Sensing the identity verification device 101 held by the user, it may require input of a password to authenticate the identification information therein, and obtain a key therein, and the key and the password may be used as parameters for calculating a digital signature with a specific certificate calculation method.

值得一提的是,所述數位簽章(Digital Signature)是一種針對資料內容(如所述交易信息)確保正確性的安全機制,先用不可逆的演算法(如一種雜湊演算法(hash algorithm),如SHA1或MD5)演算得出一雜湊值,或稱雜湊摘要(Digest),接著利用上述金鑰(為一種由認證機構發的私鑰)用以對特定資料(如交易信息)進行簽章,形成數位簽章,即對要保護的資料(如交易信息)進行簽署,當經上述實施例所提出的驗證伺服器107驗證數位簽章後,可確保資料的完整性,表示資料沒有在傳輸過程中途被攔截而竄改。其中驗證數位簽章的方法是在驗證伺服器107中以相同的雜湊演算法對交易信息演算雜湊值,比對所接收的數位簽章解密後(以對應的公鑰解密)的雜湊值,產生驗證結果。It is worth mentioning that the digital signature (Digital Signature) is a security mechanism to ensure the correctness of the data content (such as the transaction information), first using an irreversible algorithm (such as a hash algorithm (hash algorithm) , such as SHA1 or MD5) calculate a hash value, or hash summary (Digest), and then use the above key (a private key issued by a certification authority) to sign specific materials (such as transaction information) , to form a digital signature, that is, to sign the data to be protected (such as transaction information). After the digital signature is verified by the verification server 107 proposed in the above embodiment, the integrity of the data can be ensured, indicating that the data is not being transmitted The process was intercepted and tampered with. The method of verifying the digital signature is to use the same hash algorithm to calculate the hash value of the transaction information in the verification server 107, compare the hash value of the received digital signature decrypted (decrypted with the corresponding public key), and generate Validation results.

所述金融交易裝置103的描述可以參考圖2所示具非接觸式認證的金融交易裝置的電路模組實施例示意圖。The description of the financial transaction device 103 can refer to the schematic diagram of a circuit module embodiment of a financial transaction device with contactless authentication shown in FIG. 2 .

圖中顯示具非接觸式認證的金融交易裝置103的主要電路元件如一控制電路201,控制電路201電性連接金融交易裝置103中各電路元件,或連接各軟體模組,為主要控制元件,用以處理金融交易裝置103中執行的一非接觸式認證流程。金融交易裝置103包括有無線感應單元203,電性連接控制電路201,用以感應使用者手持並接近金融交易裝置103的身份證明裝置101。The main circuit components of the financial transaction device 103 with non-contact authentication are shown in the figure, such as a control circuit 201. The control circuit 201 is electrically connected to each circuit component in the financial transaction device 103, or connected to each software module, and is the main control component. To process a non-contact authentication process performed in the financial transaction device 103 . The financial transaction device 103 includes a wireless sensing unit 203 electrically connected to the control circuit 201 for sensing the identity verification device 101 held by a user and approaching the financial transaction device 103 .

身份證明裝置101為一具無線感應功能的裝置,可為使用者所持的自一金融機構核發的認證卡片,其中可載有一無線識別晶片200,作為認證使用者身份的身份識別資訊;或者,身份證明裝置101可為經過金融機構認證的使用者裝置,例如為手機,其中載有軟體實現的身份識別技術,通過軟體技術產生經過金融機構認證的身份識別資訊,使得儲存此身份識別資訊的記憶體區塊實現了如無線識別晶片200的功能。也就是,一旦金融交易裝置103中無線感應單元203感應到身份證明裝置101,可以取得其中無論是硬體或是軟體實現的無線識別晶片200的身份識別資訊。The identity verification device 101 is a device with a wireless sensing function, which can be an authentication card issued by a financial institution held by the user, which can contain a wireless identification chip 200 as identification information for authenticating the identity of the user; The certification device 101 can be a user device certified by a financial institution, such as a mobile phone, which carries an identification technology implemented by software, and generates identification information certified by a financial institution through software technology, so that the memory for storing the identification information The block implements the functions of the wireless identification chip 200 . That is, once the wireless sensing unit 203 of the financial transaction device 103 senses the identification device 101 , the identification information of the wireless identification chip 200 , whether implemented by hardware or software, can be obtained.

金融交易裝置103為服務使用者執行多種金融服務的裝置,其中包括金融交易服務模組207,用以處理使用者於顯示單元209上顯示的一使用者介面211上操作而產生的交易信息。金融交易裝置103設有網路單元205,可通過網路連線所述的 金融交易裝置服務器105,或者也可連線如圖1顯示的系統架構中的驗證伺服器107與金融伺服器109。The financial transaction device 103 is a device for serving users to perform various financial services, and includes a financial transaction service module 207 for processing transaction information generated by users operating on a user interface 211 displayed on the display unit 209 . The financial transaction device 103 is provided with a network unit 205, which can be connected to the financial transaction device server 105 through the network, or can also be connected to the verification server 107 and the financial server 109 in the system architecture shown in Figure 1 .

通過以上描述的金融交易裝置103,執行如圖3所示以非接觸式認證方法執行金融交易的方法實施例流程,其中細節步驟為金融交易裝置103本身執行或與金融交易裝置服務器105協同運作的流程。Through the financial transaction device 103 described above, the process of the embodiment of the method for performing financial transactions as shown in Figure 3 is executed with a non-contact authentication method, wherein the detailed steps are executed by the financial transaction device 103 itself or in cooperation with the financial transaction device server 105 process.

一開始,金融交易裝置103根據使用者的操作顯示提供各種金融服務選項的使用者介面,之後根據使用者的選擇與操作產生一交易信息(步驟S301),這時(可以在步驟S301之前或之後),金融交易裝置103啟動其中的無線感應單元,用以感應到使用者所持有的身份證明裝置,以能取得儲存於其中的身份識別資訊(步驟S303),這時可要求使用者輸入一認證資訊,如存取此身份證明裝置中身份識別資訊的密碼或一生物識別資料(如手機上的指紋或臉部識別技術),才能取得身份識別資訊。At the beginning, the financial transaction device 103 displays a user interface that provides various financial service options according to the user's operation, and then generates a transaction information according to the user's selection and operation (step S301), at this time (it can be before or after step S301) , the financial transaction device 103 activates the wireless sensing unit therein to sense the identification device held by the user, so as to obtain the identification information stored therein (step S303), at this time, the user may be required to input an authentication information , such as a password for accessing the identification information in the identity verification device or a biometric data (such as fingerprint or face recognition technology on a mobile phone), the identification information can be obtained.

經過認證使用者身份後,繼續取得儲存於身份證明裝置的金鑰(步驟S305),可以此金鑰(或包括認證使用者身份時使用的認證資訊)對交易信息演算形成數位簽章(步驟S307),包括交易信息,金融交易裝置103傳送經數位簽章簽署的交易信息至金融交易裝置服務器105(步驟S309),再由驗證伺服器107驗證數位簽章,驗證後取得驗證結果(步驟S311),若驗證失敗,表示數位簽章可能曾經被竄改,或是交易信息有異狀,即終止流程,否則將繼續請求金融伺服器109處理經解密得出的交易信息(步驟S313),完成後,由金融交易裝置103接收並顯示交易結果(步驟S315)。After the user's identity is authenticated, continue to obtain the key stored in the identity verification device (step S305), and use this key (or including the authentication information used when authenticating the user's identity) to form a digital signature on the transaction information (step S307 ), including transaction information, the financial transaction device 103 sends the transaction information signed by the digital signature to the financial transaction device server 105 (step S309), and then the verification server 107 verifies the digital signature, and obtains the verification result after verification (step S311) , if the verification fails, it means that the digital signature may have been tampered with, or the transaction information is abnormal, that is, the process is terminated, otherwise it will continue to request the financial server 109 to process the decrypted transaction information (step S313), after completion, The transaction result is received and displayed by the financial transaction device 103 (step S315 ).

根據所述具無線識別技術的金融交易方法實施例,整體流程可參考圖4所示運行於身份證明裝置101、金融交易裝置103、金融交易裝置服務器105、驗證伺服器107以及金融伺服器109之間的金融交易方法實施例流程圖。According to the embodiment of the financial transaction method with wireless identification technology, the overall process can refer to the process shown in FIG. The flow chart of the embodiment of the financial transaction method between.

流程一開始由使用者操作金融交易裝置103產生交易信息(步驟S401),例如於相同或不同銀行之間進行轉帳(如A銀行與B銀行之間的轉帳、不同人之間的轉帳等),交易信息包括轉帳對象的帳戶帳號以及轉帳金額,還包括使用者本身的轉帳帳戶等,接著要求感應身份證明裝置(步驟S403),感應到裝置後,可要求輸入認證資訊,如密碼或生物識別資料,以同意存取其中身份識別資訊,如身份證字號,經金融交易裝置103接收輸入密碼(或生物識別資料)後(步驟S405),認證後取得金鑰(步驟S407),也同時建立各端之間的一會議通道(session)。At the beginning of the process, the user operates the financial transaction device 103 to generate transaction information (step S401), such as transferring funds between the same or different banks (such as transfers between Bank A and Bank B, transfers between different people, etc.), The transaction information includes the account number of the transfer object and the transfer amount, and also includes the user's own transfer account, etc., and then requires the induction of the identity verification device (step S403). After the device is sensed, the input of authentication information, such as a password or biometric data, can be required , to agree to access the identification information, such as the ID number, after the financial transaction device 103 receives the input password (or biometric data) (step S405), obtains the key after authentication (step S407), and also establishes the A conference channel (session) between them.

在金融交易裝置103內,執行一演算法,利用所取得的金鑰,或加上認證資訊,對產生的交易信息演算形成數位簽章(步驟S409),之後傳送數位簽章簽署的交易信息至金融交易裝置服務器105(步驟S411),再由金融交易裝置服務器105將數位簽章提供給驗證伺服器107(步驟S413),由驗證伺服器107取得對應所述金鑰(如私鑰)的另一金鑰(如公鑰)驗證數位簽章(步驟S415),完成驗證後,產生驗證結果。在此一提的是,驗證伺服器107應於固定時間連線至發出憑證的第三方認證機構下載憑證註銷檔,於收到數位簽章後,會檢查本身與上一個憑證效期、再檢查數位簽章以及檢查是否記載在憑證註銷檔內,以及最上層憑證的發行者。In the financial transaction device 103, execute an algorithm, use the obtained key, or add authentication information to generate a digital signature for the generated transaction information (step S409), and then send the transaction information signed by the digital signature to The financial transaction device server 105 (step S411), and then the financial transaction device server 105 provides the digital signature to the verification server 107 (step S413), and the verification server 107 obtains another key corresponding to the key (such as a private key). A key (such as a public key) verifies the digital signature (step S415 ), and after the verification is completed, a verification result is generated. What is mentioned here is that the verification server 107 should connect to the third-party certification agency that issued the certificate at a fixed time to download the certificate cancellation file. After receiving the digital signature, it will check itself and the validity period of the previous certificate, and then check again Digital signature and check whether it is recorded in the certificate cancellation file, and the issuer of the top-level certificate.

接著,驗證伺服器107可將驗證結果通知金融交易裝置服務器105(步驟S417),由金融交易裝置服務器105傳送驗證成功的信息(並包括交易信息)到負責處理金融服務的金融伺服器109(步驟S419),由金融伺服器109處理此筆交易信息,例如是成功地將帳款由A銀行轉至B銀行(步驟S421),完成後產生交易結果,交易結果可傳回金融交易裝置服務器105(步驟S423),再提供金融交易裝置103顯示此筆交易結果(步驟S425)。Next, the verification server 107 can notify the financial transaction device server 105 of the verification result (step S417), and the financial transaction device server 105 sends the information of successful verification (including transaction information) to the financial server 109 responsible for processing financial services (step S417). S419), the financial server 109 processes the transaction information, such as successfully transferring the account from bank A to bank B (step S421), and generates a transaction result after completion, which can be sent back to the financial transaction device server 105 ( Step S423), then provide the financial transaction device 103 to display the transaction result (step S425).

根據圖4所描述的流程,在此列舉一範例,一開始由使用者手持身份證明裝置101至A銀行的金融交易裝置103前執行某項金融交易,例如業務申請、轉帳匯款或繳費稅等,金融交易裝置103可以泛指ATM(自動櫃員機)、VTM(遠程視訊櫃員機)、KIOSK(公共資訊機)、POS(端末設備),或一行動裝置(如手機)等,這時,在金融交易裝置103中,通過以上步驟S405、S407與S409產生數位簽章,即可對使用者所提出的電子申請文件進行簽章。之後,通過金融交易裝置103,由A銀行傳送申請文件及簽章,經財金公司傳送至B銀行,這時,B銀行通過驗證伺服器107驗證此數位簽章,一旦確認無誤後,即產生驗證成功信息,並通知B銀行的金融伺服器執行交易,也就是執行A銀行與B銀行之間的某項業務申請、轉帳匯款或繳費稅。According to the process described in FIG. 4 , an example is given here. At the beginning, the user carries the identity verification device 101 to the financial transaction device 103 of Bank A to perform a certain financial transaction, such as business application, transfer or remittance, or tax payment, etc. The financial transaction device 103 can generally refer to an ATM (automatic teller machine), VTM (remote video teller machine), KIOSK (public information machine), POS (terminal device), or a mobile device (such as a mobile phone), etc. At this time, the financial transaction device 103 In the above steps S405, S407 and S409, a digital signature is generated to sign the electronic application document submitted by the user. Afterwards, through the financial transaction device 103, Bank A sends the application documents and signature, and then sends them to Bank B through the financial company. At this time, Bank B verifies the digital signature through the verification server 107. Once it is confirmed that it is correct, the verification will be generated. Success information, and notify the financial server of Bank B to execute the transaction, that is, to execute a certain business application, transfer or remittance or tax payment between Bank A and Bank B.

綜上所述,經由上述具非接觸式認證的金融交易方法的整理流程可知,一開始由金融交易裝置103以非接觸式認證技術認證使用者,再以使用者所持的自金融機構核發的認證卡片或使用者裝置中的金鑰進行交易信息的簽章,可以確認交易信息的完整性,所述方法提出了在金融交易裝置(如自動櫃員機)中設有如近場通訊(NFC)技術的讀卡機,其中的安全憑證也應定期更新,如此,利用無線識別技術傳遞身份識別資訊以及金鑰,讓所要執行的金融交易更具有保障,實現了一個具有高度安全性的金融交易機制。To sum up, it can be known from the arrangement process of the above-mentioned financial transaction method with non-contact authentication that the financial transaction device 103 first authenticates the user with the non-contact authentication technology, and then uses the authentication issued by the financial institution held by the user to authenticate the user. The key in the card or user device is used to sign the transaction information, and the integrity of the transaction information can be confirmed. The method proposes that the financial transaction device (such as an automatic teller machine) is equipped with a reading device such as near-field communication (NFC) technology. The security credentials in the card machine should also be updated regularly. In this way, the use of wireless identification technology to transmit identification information and keys makes the financial transactions to be executed more secure and realizes a highly secure financial transaction mechanism.

以上所公開的內容僅為本發明的優選可行實施例,並非因此侷限本發明的申請專利範圍,所以凡是運用本發明說明書及圖式內容所做的等效技術變化,均包含於本發明的申請專利範圍內。The content disclosed above is only a preferred feasible embodiment of the present invention, and does not therefore limit the scope of the patent application of the present invention. Therefore, all equivalent technical changes made by using the description and drawings of the present invention are included in the application of the present invention. within the scope of the patent.

10:網路 101:身份證明裝置 103:金融交易裝置 105:金融交易裝置服務器 107:驗證伺服器 109:金融伺服器 200:無線識別晶片 201:控制電路 203:無線感應單元 205:網路單元 207:金融交易服務模組 209:顯示單元 211:使用者介面 步驟S301~S315:以非接觸式認證方法執行金融交易的流程圖 步驟S401~S425:以非接觸式認證方法執行金融交易的流程圖10: Internet 101: Identification device 103: Financial transaction device 105: financial transaction device server 107:Authentication server 109: Financial server 200: wireless identification chip 201: control circuit 203: Wireless induction unit 205: Network unit 207: Financial transaction service module 209: display unit 211: user interface Steps S301-S315: Flowchart of performing financial transactions with a non-contact authentication method Steps S401-S425: Flowchart of performing financial transactions by non-contact authentication method

圖1顯示金融交易系統的架構實施例示意圖;Figure 1 shows a schematic diagram of an embodiment of the architecture of a financial transaction system;

圖2顯示具非接觸式認證的金融交易裝置的電路模組實施例示意圖;Figure 2 shows a schematic diagram of an embodiment of a circuit module of a financial transaction device with contactless authentication;

圖3顯示以非接觸式認證方法執行金融交易的方法實施例流程圖;以及Figure 3 shows a flowchart of an embodiment of a method of performing a financial transaction with a contactless authentication method; and

圖4顯示運行於多端之間的金融交易方法實施例流程圖。Fig. 4 shows a flow chart of an embodiment of a financial transaction method running between multiple terminals.

101:身份證明裝置101: Identification device

200:無線識別晶片200: wireless identification chip

103:金融交易裝置103: Financial transaction device

201:控制電路201: control circuit

203:無線感應單元203: Wireless induction unit

205:網路單元205: Network unit

207:金融交易服務模組207: Financial transaction service module

209:顯示單元209: display unit

211:使用者介面211: user interface

105:金融交易裝置服務器105: financial transaction device server

Claims (5)

一種具非接觸式認證的金融交易方法,包括:一金融交易裝置接收一使用者操作該金融交易裝置啟始的一使用者介面產生的一交易信息;該金融交易裝置啟動一無線感應單元以感應該使用者所持的一身份證明裝置,使該使用者輸入的一密碼或一生物識別資料以取得一身份識別資訊;該金融交易裝置根據該身份識別資訊認證該使用者的身份,再取得儲存於該身份證明裝置的一金鑰;於該金融交易裝置中,以該金鑰以及認證該使用者身份時該使用者輸入的該密碼或該生物識別資料形成的一認證資訊演算一數位簽章;該金融交易裝置傳送以該數位簽章簽署的該交易信息至一金融交易裝置服務器,並由一驗證伺服器驗證該數位簽章後,確認該交易信息的完整性;以及該金融交易裝置自一金融伺服器接收處理該交易信息的一交易結果;其中,該金融伺服器通過該金融交易裝置提供該使用者從多項金融服務中選擇其中之一,並輸入一需求後形成該交易信息;其中,該身份證明裝置為一具無線感應功能的裝置,為該使用者所持作為認證該使用者身份的自一金融機構核發的一認證卡片,或經過該金融機構認證的一使用者裝置。 A financial transaction method with non-contact authentication, comprising: a financial transaction device receives a transaction information generated by a user operating a user interface initiated by the financial transaction device; the financial transaction device activates a wireless sensing unit to sense According to an identification device held by the user, a password or a biometric data input by the user is used to obtain identification information; the financial transaction device authenticates the user's identity based on the identification information, and then obtains the A key of the identity verification device; in the financial transaction device, a digital signature is calculated with the key and the password entered by the user when authenticating the user's identity or an authentication information formed by the biometric data; The financial transaction device sends the transaction information signed by the digital signature to a financial transaction device server, and after verifying the digital signature by a verification server, the integrity of the transaction information is confirmed; The financial server receives a transaction result of processing the transaction information; wherein, the financial server provides the user with the financial transaction device to select one of multiple financial services and input a requirement to form the transaction information; wherein, The identification device is a device with wireless sensing function, and is a verification card issued by a financial institution held by the user to verify the identity of the user, or a user device certified by the financial institution. 如請求項1所述的具非接觸式認證的金融交易方法,其中於產生該交易信息時,啟動該金融交易裝置中的該無線感應單元,經感應到該身份證明裝置後取得儲存於其中的一無線識別晶片的該身份識別資訊。 The financial transaction method with non-contact authentication as described in Claim 1, wherein when the transaction information is generated, the wireless sensing unit in the financial transaction device is activated, and after being sensed by the identity verification device, the information stored therein is obtained. The identification information of a wireless identification chip. 一種具非接觸式認證的金融交易裝置,包括:一控制電路,電性連接該金融交易裝置中各電路元件,用以處理該金融交易裝置中執行的一非接觸式認證流程;一無線感應單元,電性連接該控制電路,用以感應一使用者手持並接近該金融交易裝置的一身份證明裝置;一金融交易服務模組,電性連接該控制電路,用以處理該使用者於一使用者介面上操作而產生的一交易信息;以及一網路單元,電性連接該控制電路,通過一網路連線一金融交易裝置服務器;其中該非接觸式認證流程包括:接收該使用者通過該使用者介面產生的該交易信息;感應該身份證明裝置,使該使用者輸入的一密碼或一生物識別資料以取得一身份識別資訊;根據該身份識別資訊認證該使用者的身份,再取得該身份證明裝置的一金鑰;以該金鑰以及認證該使用者身份時使用的一認證資訊演算一數位簽章;傳送以該數位簽章簽署的該交易信息至該金融交易裝置服務器,並由一驗證伺服器驗證該數位簽章後,確認該交易信息的完整性;自一金融伺服器接收處理該交易信息的一交易結果;以及該金融伺服器通過該金融交易裝置提供該使用者從多項金融服務中選擇其中之一,並輸入一需求後形成該交易信息;該身份證明裝置為一具無線感應功能的裝置,為該使用者所持作為認證該使用者身份的自一金融機構核發的一認證卡片,或經該金融機構認證的一使用者裝置。 A financial transaction device with non-contact authentication, comprising: a control circuit, electrically connected to each circuit element in the financial transaction device, for processing a non-contact authentication process executed in the financial transaction device; a wireless sensing unit , electrically connected to the control circuit, used to sense an identity verification device held by a user and approaching the financial transaction device; a financial transaction service module, electrically connected to the control circuit, used to process the user in a use A transaction information generated by operating on the operator interface; and a network unit, electrically connected to the control circuit, and connected to a financial transaction device server through a network; wherein the non-contact authentication process includes: receiving the user through the The transaction information generated by the user interface; the identification device is sensed, and a password or a biometric data input by the user is obtained to obtain identification information; according to the identification information, the identity of the user is authenticated, and then the identification information is obtained. A key of the identity verification device; calculating a digital signature with the key and an authentication information used for authenticating the user's identity; sending the transaction information signed with the digital signature to the financial transaction device server, and by After verifying the digital signature, a verification server confirms the integrity of the transaction information; receives a transaction result of processing the transaction information from a financial server; and the financial server provides the user with multiple Select one of them in the financial service, and input a requirement to form the transaction information; the identity verification device is a device with a wireless sensing function, which is held by the user as a certificate issued by a financial institution to authenticate the user's identity. Authentication card, or a user device authenticated by the financial institution. 如請求項3所述的具非接觸式認證的金融交易裝置,其中於產生該交易信息時,啟動該金融交易裝置中的該無線感應單元,經感應到該身份證明裝置後取得儲存於其中的一無線識別晶片的該身份識別資訊。 The financial transaction device with non-contact authentication as described in claim 3, wherein when the transaction information is generated, the wireless sensing unit in the financial transaction device is activated, and after being sensed by the identity verification device, the information stored therein is obtained. The identification information of a wireless identification chip. 一種具非接觸式認證的金融交易系統,包括:一金融伺服器,用以提供金融服務;一金融交易裝置服務器,用以管理與處理設於各終端的一金融交易裝置產生的信息;一驗證伺服器,用以驗證各金融交易裝置傳送的信息;其中該金融交易裝置包括:一控制電路,電性連接該金融交易裝置中各電路元件,用以處理該金融交易裝置中執行的一非接觸式認證流程;一無線感應單元,電性連接該控制電路,用以感應一使用者手持並接近該金融交易裝置的一身份證明裝置,其中該身份證明裝置具有一無線識別晶片;一金融交易服務模組,電性連接該控制電路,用以處理該使用者於一使用者介面上操作而產生的一交易信息;以及一網路單元,電性連接該控制電路,通過一網路連線該金融交易裝置服務器;其中該非接觸式認證流程包括:接收該使用者通過該使用者介面產生的該交易信息;感應該身份證明裝置,使該使用者輸入的一密碼或一生物識別資料以取得一身份識別資訊;根據該身份識別資訊認證該使用者的身份,再取得該身份證明裝置的一金鑰; 以該金鑰以及認證該使用者身份時使用的一認證資訊演算一數位簽章;傳送以該數位簽章簽署的該交易信息至該金融交易裝置服務器,並由該驗證伺服器驗證該數位簽章後,確認該交易信息的完整性;自該金融伺服器接收處理該交易信息的一交易結果;以及該金融伺服器通過該金融交易裝置提供該使用者從多項金融服務中選擇其中之一,並輸入一需求後形成該交易信息;該身份證明裝置為一具無線感應功能的裝置,為該使用者所持作為認證該使用者身份的自一金融機構核發的一認證卡片,或經該金融機構認證的一使用者裝置。 A financial transaction system with non-contact authentication, including: a financial server for providing financial services; a financial transaction device server for managing and processing information generated by a financial transaction device installed in each terminal; a verification The server is used to verify the information transmitted by each financial transaction device; wherein the financial transaction device includes: a control circuit electrically connected to each circuit element in the financial transaction device, and is used to process a non-contact function executed in the financial transaction device authentication process; a wireless sensing unit, electrically connected to the control circuit, to sense an identity verification device held by a user and approaching the financial transaction device, wherein the identity verification device has a wireless identification chip; a financial transaction service a module, electrically connected to the control circuit, for processing a transaction information generated by the user operating on a user interface; and a network unit, electrically connected to the control circuit, and connected to the A financial transaction device server; wherein the non-contact authentication process includes: receiving the transaction information generated by the user through the user interface; sensing the identity verification device, so that the user enters a password or a biometric data to obtain a Identification information; authenticate the user's identity according to the identification information, and then obtain a key of the identification device; Calculating a digital signature with the key and authentication information used to authenticate the user; sending the transaction information signed with the digital signature to the financial transaction device server, and verifying the digital signature by the verification server After confirming the integrity of the transaction information; receiving a transaction result of processing the transaction information from the financial server; and the financial server providing the user with a choice of one of multiple financial services through the financial transaction device, And input a requirement to form the transaction information; the identity verification device is a device with wireless induction function, which is a verification card issued by a financial institution held by the user as a verification of the user's identity, or passed through the financial institution An authenticated user device.
TW109121585A 2020-06-24 2020-06-24 Financial transaction device, method and system with non-contact authentication function TWI801744B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW109121585A TWI801744B (en) 2020-06-24 2020-06-24 Financial transaction device, method and system with non-contact authentication function

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW109121585A TWI801744B (en) 2020-06-24 2020-06-24 Financial transaction device, method and system with non-contact authentication function

Publications (2)

Publication Number Publication Date
TW202201309A TW202201309A (en) 2022-01-01
TWI801744B true TWI801744B (en) 2023-05-11

Family

ID=80787919

Family Applications (1)

Application Number Title Priority Date Filing Date
TW109121585A TWI801744B (en) 2020-06-24 2020-06-24 Financial transaction device, method and system with non-contact authentication function

Country Status (1)

Country Link
TW (1) TWI801744B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200836118A (en) * 2008-03-21 2008-09-01 Univ Chang Gung User authentication method, system and computer system with atm ic-card system
US20180039987A1 (en) * 2015-02-27 2018-02-08 David Molino Multi-function transaction card
TWM571549U (en) * 2018-12-11 System for verifying online banking services by using mobile devices in combination with inductive financial cards
TWM582631U (en) * 2019-05-08 2019-08-21 合作金庫商業銀行股份有限公司 Inductive financial card system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWM571549U (en) * 2018-12-11 System for verifying online banking services by using mobile devices in combination with inductive financial cards
TW200836118A (en) * 2008-03-21 2008-09-01 Univ Chang Gung User authentication method, system and computer system with atm ic-card system
US20180039987A1 (en) * 2015-02-27 2018-02-08 David Molino Multi-function transaction card
TWM582631U (en) * 2019-05-08 2019-08-21 合作金庫商業銀行股份有限公司 Inductive financial card system

Also Published As

Publication number Publication date
TW202201309A (en) 2022-01-01

Similar Documents

Publication Publication Date Title
US11706212B2 (en) Method for securing electronic transactions
US10475015B2 (en) Token-based security processing
US7357309B2 (en) EMV transactions in mobile terminals
US20160117673A1 (en) System and method for secured transactions using mobile devices
US20140108265A1 (en) System and method of authenticating a network gateway
CN109716373B (en) Cryptographically authenticated and tokenized transactions
US11936684B2 (en) Systems and methods for protecting against relay attacks
CN110084586B (en) Mobile terminal secure payment system and method
US11604870B2 (en) Systems and methods for authentication code entry using mobile electronic devices
JP6898536B1 (en) Identity verification system, identity verification method, information processing terminal, and program
JP7461241B2 (en) Customer information management server and customer information management method
US20220291979A1 (en) Mobile application integration
TWM603166U (en) Financial transaction device and system with non-contact authentication function
TWI801744B (en) Financial transaction device, method and system with non-contact authentication function
KR101103189B1 (en) System and Method for Issueing Public Certificate of Attestation using USIM Information and Recording Medium
JP2010066917A (en) Personal identification system and personal identification method
EP4254859A1 (en) Method for enrolling a public key on a server
KR20110029038A (en) System and method for managing public certificate of attestation and recording medium
EP4369270A1 (en) Method for authenticating a user of a payment instrument during a face-to-face payment transaction
KR102079667B1 (en) System for proving financial transaction service
TWI645355B (en) System for card-less automated teller transactions
KR20210023172A (en) Method for Additional Authentication of Abroad Residents
KR20110029039A (en) System and method for managing public certificate of attestation with complex password and recording medium