TWI806646B - Security swiping-code method and operation system - Google Patents
Security swiping-code method and operation system Download PDFInfo
- Publication number
- TWI806646B TWI806646B TW111121148A TW111121148A TWI806646B TW I806646 B TWI806646 B TW I806646B TW 111121148 A TW111121148 A TW 111121148A TW 111121148 A TW111121148 A TW 111121148A TW I806646 B TWI806646 B TW I806646B
- Authority
- TW
- Taiwan
- Prior art keywords
- initial random
- random code
- dimensional barcode
- server
- code
- Prior art date
Links
Images
Abstract
Description
本發明是關於一種安全刷碼方法,特別是關於一種二維條碼的刷碼安全機制。The invention relates to a method for safely swiping codes, in particular to a safety mechanism for swiping codes of two-dimensional barcodes.
目前,在日常生活中,存在一些使用二維條碼驗證的場景,例如門票、車票、消費券等票券。預先產生二維條碼後(此時的二維條碼又稱靜態二維條碼),當要使用時,再呈現出來給店家掃碼驗證。靜態二維條碼的好處在於,票券可以讓可家人使用。但若是需要實名制使用時,一旦二維條碼被複製或拍照盜取時,就會產生盜用的問題。At present, in daily life, there are some scenarios that use two-dimensional barcode verification, such as tickets, train tickets, consumption coupons and other tickets. After the two-dimensional barcode is generated in advance (the two-dimensional barcode at this time is also called the static two-dimensional barcode), when it is to be used, it will be presented to the store to scan the code for verification. The advantage of the static two-dimensional barcode is that the coupons can be used by family members. However, if the real-name system is required, once the two-dimensional barcode is copied or stolen by taking pictures, the problem of embezzlement will arise.
本發明公開了一種二維條碼的刷碼安全機制,主要目的在於解決現在技術中,票券條碼依賴靜態的二維條碼。一旦二維條碼複製或拍照盜取,就會產生盜用的問題。為達到上述目的,本發明提供一種安全刷碼方法,包括產生一初始隨機碼;加密初始隨機碼,用以產生一加密結果;將加密結果與一票券資訊相結合,用以產生一二維條碼;提供二維條碼及初始隨機碼予一伺服器端;命令伺服器端解碼二維條碼,用以取得一密碼資訊,並解密密碼資訊,用以得到一解密碼;比較解密碼及初始隨機碼。當解密碼相同於初始隨機碼時,核銷票券資訊。當解密碼不同於初始隨機碼時,拒絕核銷票券資訊。The invention discloses a security mechanism for swiping two-dimensional barcodes, the main purpose of which is to solve the problem that ticket barcodes rely on static two-dimensional barcodes in the prior art. Once the two-dimensional barcode is copied or stolen by taking pictures, the problem of embezzlement will arise. In order to achieve the above object, the present invention provides a method for safely swiping codes, including generating an initial random code; encrypting the initial random code to generate an encryption result; combining the encryption result with a ticket information to generate a two-dimensional Barcode; provide two-dimensional barcode and initial random code to a server; command the server to decode the two-dimensional barcode to obtain a password information, and decrypt the password information to obtain a decryption code; compare the decryption code and the initial random code code. When the decryption code is the same as the initial random code, the ticket information is canceled. When the decryption code is different from the initial random code, refuse to write off the ticket information.
在另一實施例中,本發明另提供一種操作系統,包括一掃描端、一用戶端以及一伺服器端。掃描端產生一初始隨機碼。用戶端接收並加密初始隨機碼,用以產生一加密結果,並將加密結果與一票券資訊相結合,用以產生一二維條碼。伺服器端解碼二維條碼,用以取得一密碼資訊,並解密密碼資訊,用以得到一解密碼,並比較解密碼及初始隨機碼。當解密碼相同於初始隨機碼時,伺服器端核銷票券資訊。當解密碼不同於初始隨機碼時,伺服器端拒絕核銷票券資訊。掃描端接收/掃描用戶端產生的二維條碼,並傳送給伺服器端。In another embodiment, the present invention further provides an operating system, which includes a scanning terminal, a client terminal and a server terminal. The scanning end generates an initial random code. The user terminal receives and encrypts the initial random code to generate an encryption result, and combines the encryption result with a ticket information to generate a two-dimensional barcode. The server side decodes the two-dimensional barcode to obtain a password information, and decrypts the password information to obtain a decryption code, and compares the decryption code with the initial random code. When the decryption code is the same as the initial random code, the server side verifies the ticket information. When the decryption code is different from the initial random code, the server side refuses to write off the ticket information. The scanning end receives/scans the two-dimensional barcode generated by the user end and sends it to the server end.
本發明之安全刷碼方法可經由本發明之操作系統來實作,其為可執行特定功能之硬體或韌體,亦可以透過程式碼方式收錄於一紀錄媒體中,並結合特定硬體來實作。當程式碼被電子裝置、處理器、電腦或機器載入且執行時,電子裝置、處理器、電腦或機器變成用以實行本發明之操作系統。The security flashing method of the present invention can be implemented through the operating system of the present invention, which is hardware or firmware that can perform specific functions, and can also be recorded in a recording medium through program codes, and combined with specific hardware. practice. When the program code is loaded and executed by the electronic device, processor, computer or machine, the electronic device, processor, computer or machine becomes an operating system for implementing the present invention.
為讓本發明之目的、特徵和優點能更明顯易懂,下文特舉出實施例,並配合所附圖式,做詳細之說明。本發明說明書提供不同的實施例來說明本發明不同實施方式的技術特徵。其中,實施例中的各元件之配置係為說明之用,並非用以限制本發明。另外,實施例中圖式標號之部分重覆,係為了簡化說明,並非意指不同實施例之間的關聯性。In order to make the purpose, features and advantages of the present invention more comprehensible, the following specifically cites the embodiments, together with the accompanying drawings, for a detailed description. The description of the present invention provides different examples to illustrate the technical features of different implementations of the present invention. Wherein, the arrangement of each element in the embodiment is for illustration, not for limiting the present invention. In addition, the partial repetition of the symbols in the figures in the embodiments is for the purpose of simplifying the description, and does not imply the relationship between different embodiments.
第1圖為本發明之安全刷碼方法的流程示意圖。首先,產生一初始隨機碼(步驟S111)。在一可能實施例中,步驟S111係利用一掃描端,產生一初始隨機碼,並提供初始隨機碼予一用戶端。在一些實施例中,用戶端觸發掃描端,使得掃描端產生初始隨機碼。本發明並不限定掃描端如何提供初始隨機碼予一用戶端。在一可能實施例中,掃描端可能利用一電信網路,以簡訊的方式,提供一初始隨機予用戶端。在一可能實施例中,掃描端係為一智慧型手機。在此例中,當智慧型手機的一應用程式(APP)被開啟時,應用程式呈現一初始隨機碼。Fig. 1 is a schematic flow chart of the method for safely swiping codes according to the present invention. First, an initial random code is generated (step S111). In a possible embodiment, step S111 is to use a scanning terminal to generate an initial random code, and provide the initial random code to a user terminal. In some embodiments, the user end triggers the scanning end, so that the scanning end generates an initial random code. The present invention does not limit how the scanner provides the initial random code to a user terminal. In a possible embodiment, the scanning end may use a telecommunication network to provide an initial randomness to the user end in the form of a short message. In a possible embodiment, the scanning end is a smart phone. In this example, when an application program (APP) of the smart phone is opened, the application program presents an initial random code.
加密初始隨機碼,用以產生一加密結果(步驟S112)。在一可能實施例中,步驟S112係利用一用戶端加密初始隨機碼。在此例中,用戶端可能利用掃描方式,掃描輸入該初始隨機碼。在另一可能實施例中,用戶端可能偵測一輸入介面(如鍵盤或觸碰面板)的資訊,並根據該資訊,得知初始隨機碼。在其它實施例中,用戶端可能透過一電信網路或是一網際網路,接收初始隨機碼。本發明並不限定用戶端的種類。在一可能實施例中,用戶端也是一智慧型手機。Encrypt the initial random code to generate an encryption result (step S112). In a possible embodiment, step S112 is to use a client to encrypt the initial random code. In this example, the user terminal may use a scanning method to scan and input the initial random code. In another possible embodiment, the user terminal may detect information of an input interface (such as a keyboard or a touch panel), and obtain the initial random code according to the information. In other embodiments, the UE may receive the initial random code through a telecommunication network or an Internet. The present invention does not limit the type of the client. In a possible embodiment, the client is also a smart phone.
本發明並不限定步驟S112如何加密初始隨機碼。在一可能實施例中,步驟S112利用一對稱式加密法或是一非對稱式加密法,加密初始隨機碼。對稱式加密法係利用一密鑰(security key)加密初始隨機碼。在一些實施例中,對稱式加密法係為一進階加密標準法(Advanced Encryption Standard;AES)、流加密演算法(如ChaCha20或Salsa20)、三重資料加密演算法(Triple Data Encryption Algorithm;3DES)、資料加密標準法(Data Encryption Standard;DES)、區塊加密演算法(如Blowfish)、國際資料加密演算法(International Data Encryption Algorithm;IDEA)、對稱分組加密演算法(如RC5、RC6)或是Camellia演算法。非對稱式加密法係利用一私鑰(private key)或是一公鑰(public)加密初始隨機碼。在一些實施例中,非對稱式加密法係為RSA演算法或是橢圓曲線密碼學(ECC)演算法。The present invention does not limit how to encrypt the initial random code in step S112. In a possible embodiment, step S112 uses a symmetric encryption method or an asymmetric encryption method to encrypt the initial random code. Symmetric encryption uses a security key to encrypt an initial random code. In some embodiments, the symmetric encryption method is an Advanced Encryption Standard (Advanced Encryption Standard; AES), a stream encryption algorithm (such as ChaCha20 or Salsa20), a triple data encryption algorithm (Triple Data Encryption Algorithm; 3DES) , Data Encryption Standard (Data Encryption Standard; DES), block encryption algorithm (such as Blowfish), International Data Encryption Algorithm (International Data Encryption Algorithm; IDEA), symmetric block encryption algorithm (such as RC5, RC6) or Camellia algorithm. The asymmetric encryption method utilizes a private key (private key) or a public key (public) to encrypt the initial random code. In some embodiments, the asymmetric encryption method is RSA algorithm or Elliptic Curve Cryptography (ECC) algorithm.
接著,結合加密結果與一票券資訊,用以產生一二維條碼(步驟S113)。在一可能實施例中,用戶端透過編碼,將加密結果與一票券資訊相結合。在此例中,雖然票券資訊屬於一種靜態資訊,但因加密結果屬於一種動態資訊,故兩者相結合後所產生的二維條碼屬於動態資訊。在一些實施例中,當用戶端接收不同的初始隨機碼,針對同一票券資訊,用戶端產生不同的二維條碼。Next, combine the encrypted result with a ticket information to generate a two-dimensional barcode (step S113). In a possible embodiment, the client combines the encryption result with a ticket information through encoding. In this example, although the ticket information is a kind of static information, because the encryption result is a kind of dynamic information, the two-dimensional barcode generated after the combination of the two is a kind of dynamic information. In some embodiments, when the user terminal receives different initial random codes, the user terminal generates different two-dimensional barcodes for the same ticket information.
提供二維條碼及初始隨機碼予一伺服器端(步驟S114)。在一可能實施例中,掃描端接收用戶端所產生的二維條碼,並且本身所產生的初始隨機碼,一併提供予伺服器端。在另一可能實施例中,用戶端將未加密的初始隨機碼作為一輸出碼,並將該輸出碼及二維條碼提供予掃描端。在此例中,掃描端先判斷來自用戶端的輸出碼是否相同於本身所產生的初始隨機碼。當輸出碼不同於初始隨機碼時,表示用戶端不屬於合法的用戶端。因此,掃描端不提供二維條碼予伺服器端。當輸出碼相同於初始隨機碼時,表示用戶端屬於合法的用戶端。因此,掃描端將初始隨機碼與二維條碼一起提供予伺服器端。在一些實施例中,由於掃描端先進行了簡單的判斷,故可減輕伺服器端的負擔(loading)。Provide the two-dimensional barcode and the initial random code to a server (step S114). In a possible embodiment, the scanning end receives the two-dimensional barcode generated by the user end, and provides the initial random code generated by itself to the server end. In another possible embodiment, the user end uses the unencrypted initial random code as an output code, and provides the output code and the two-dimensional barcode to the scanning end. In this example, the scanner first determines whether the output code from the user terminal is the same as the initial random code generated by itself. When the output code is different from the initial random code, it means that the UE does not belong to a legal UE. Therefore, the scanner does not provide the 2D barcode to the server. When the output code is the same as the initial random code, it means that the user terminal is a legitimate user terminal. Therefore, the scanner provides the initial random code and the two-dimensional barcode to the server. In some embodiments, since the scanning side makes a simple judgment first, the load on the server side can be reduced.
接著,命令伺服器端解碼二維條碼,用以取得一密碼資訊,並解密密碼資訊,用以得到一解密碼(步驟S115)。在一可能實施例中,伺服器端解碼二維條碼,用以取得一票券資訊以及一密碼資訊。伺服器端對密碼資訊進行一解密操作,用以得到一解密碼。本發明並不限定伺服器端如何進行解密操作。在一可能實施例中,當用戶端係利用一對稱式加密法加密初始隨機碼時,伺服器端利用相同的密鑰(相同於用戶端加密初始隨機碼的密鑰)對密碼資訊進行解密。在另一可能實施例中,當用戶端係利用一非對稱式加密法時,伺服器端用一私鑰或一公鑰對密碼資訊進行解密。舉例而言,當用戶端利用一私鑰加密初始隨機碼時,伺服器端利用用戶端所公開的一公鑰解密密碼資訊。然而,當用戶端利用公鑰加密初始隨機碼時,伺服器端利用私鑰(對應於用戶端所使用的公鑰),對密碼資訊進行解密。Next, instruct the server to decode the two-dimensional barcode to obtain a password, and decrypt the password to obtain a decryption code (step S115). In a possible embodiment, the server side decodes the two-dimensional barcode to obtain a ticket information and a password information. The server side performs a decryption operation on the password information to obtain a decryption password. The present invention does not limit how the server side performs the decryption operation. In a possible embodiment, when the client uses a symmetric encryption method to encrypt the initial random code, the server uses the same key (same as the key used to encrypt the initial random code) to decrypt the encrypted information. In another possible embodiment, when the client uses an asymmetric encryption method, the server uses a private key or a public key to decrypt the encrypted information. For example, when the client uses a private key to encrypt the initial random code, the server uses a public key disclosed by the client to decrypt the encrypted information. However, when the client uses the public key to encrypt the initial random code, the server uses the private key (corresponding to the public key used by the client) to decrypt the encrypted information.
接著,判斷解密碼是否相同於初始隨機碼(步驟S116)。當解密碼相同於初始隨機碼時,表示二維條碼來自合法的用戶端。因此,根據二維條碼的票券資訊來核銷票券資訊(步驟S117)。當解密碼不同於初始隨機碼時,表示二維條碼來自非法的用戶端。因此,拒絕核銷二維條碼的票券資訊(步驟S118)。在一可能實施例中,核銷的動作係由伺服器端執行。掃描端根據伺服器端的核銷結果進行下一步動作。舉例而言,票券資訊可能是高鐵公司的車票。在此例中,當伺服器端告知驗證結果合法時,車端的閘門自動打開。當伺服器端告知驗證結果不合法時,車端的閘門不打開,並顯示異常。Next, it is judged whether the decryption code is the same as the initial random code (step S116). When the decryption code is the same as the initial random code, it means that the two-dimensional barcode comes from a legal client. Therefore, the ticket information is verified according to the ticket information of the two-dimensional barcode (step S117). When the decryption code is different from the initial random code, it means that the two-dimensional barcode comes from an illegal client. Therefore, the ticket information of the two-dimensional barcode is rejected (step S118). In a possible embodiment, the verification action is performed by the server. The scanning side proceeds to the next step according to the verification result of the server side. For example, ticket information may be tickets for high-speed rail companies. In this example, when the server informs that the verification result is legal, the gate on the vehicle will automatically open. When the server informs that the verification result is invalid, the vehicle gate does not open and displays an exception.
由於一般的二維條碼係為靜態的二維條碼,如果被複製或拍照盜取,伺服器端無法判別二維條碼是否來自合法的用戶端,因而讓非法的用戶端得以使用票券(如高鐵票或是電影票)。然而,本發明的用戶端將一動態資訊(即初始隨機碼)加密後,結合票券資訊後,產生一具有動態資訊的二維條碼。伺服器端解碼二維條碼後,便可得到票券資訊以及密碼資訊。伺服器端解密密碼資訊,用以得到一解密碼。伺服器端將解密碼與掃描端所產生的初始隨機碼作比較。當解密碼相同於初始隨機碼時,便可得知票券資訊係來自合法的用戶端,故伺服器端或是掃描端核銷票券資訊。由於掃描端所提供的隨機碼無法預測,且用戶端所使用的密鑰也無法預測,故即使票券資訊遭到拍照盜取,盜取者無法提供合法的初始隨機碼予伺服器端,故無法使用票券資訊,因而大幅提高電子票券的安全性。Since the general two-dimensional barcode is a static two-dimensional barcode, if it is copied or stolen by taking pictures, the server cannot tell whether the two-dimensional barcode is from a legitimate client, thus allowing illegal clients to use tickets (such as high-speed rail tickets or movie tickets). However, the user end of the present invention encrypts a dynamic information (ie, the initial random code) and combines it with ticket information to generate a two-dimensional barcode with dynamic information. After the server side decodes the two-dimensional barcode, the ticket information and password information can be obtained. The server side decrypts the password information to obtain a decryption password. The server side compares the decryption code with the initial random code generated by the scanning side. When the decryption code is the same as the initial random code, it can be known that the ticket information comes from a legal client, so the server or the scanning terminal will cancel the ticket information. Since the random code provided by the scanner is unpredictable, and the key used by the client is also unpredictable, so even if the ticket information is stolen by taking pictures, the thief cannot provide a legal initial random code to the server, so Ticket information cannot be used, thus greatly improving the security of electronic tickets.
在其它實施例中,第1圖的安全刷碼方法更包括步驟S119。步驟S119顯示或回應驗證/核銷結果。舉例而言,當解密碼相同於初始隨機碼,步驟S117核銷票券資訊,然後步驟S119顯示驗證/核銷結果,如顯示驗證成功及/或顯示核銷成功。在一些實施例中,步驟S119回應驗證/核銷結果,如開啟車站閘門。當解密碼不同於初始隨機碼時,步驟S118拒絕核銷票券資訊,步驟S119接著顯示或回應核銷結果,如顯示驗證失敗或顯示核銷失敗。在一些實施例中,步驟S119回應驗證/核銷結果,如不開啟車站閘門。In other embodiments, the secure flashing method in FIG. 1 further includes step S119. Step S119 displays or responds to the verification/write-off result. For example, when the decryption code is the same as the initial random code, step S117 verifies the ticket information, and then step S119 displays the verification/verification result, such as indicating that the verification is successful and/or that the verification is successful. In some embodiments, step S119 responds to the verification/verification result, such as opening the gate of the station. When the decryption code is different from the initial random code, step S118 refuses to cancel the ticket information, and step S119 then displays or responds to the verification result, such as displaying verification failure or verification failure. In some embodiments, step S119 responds to the verification/verification result, such as not opening the gate of the station.
在一些實施例中,用戶端和掃描端為兩電子裝置,如智慧型手機。在此例中,當掃描端的一應用程式(APP)被開啟時,應用程式提供一初始隨機碼。用戶端掃描並加密初始隨機碼,再根據加密初始隨機碼與一票券資訊,產生一二維條碼。掃描端掃描二維條碼,並連同初始隨機碼一起提供予伺服器端,供伺服器端驗證用戶端是否合法使用票券資訊。In some embodiments, the user terminal and the scanning terminal are two electronic devices, such as smart phones. In this example, when an application program (APP) on the scanning end is opened, the application program provides an initial random code. The client scans and encrypts the initial random code, and generates a two-dimensional barcode according to the encrypted initial random code and a ticket information. The scanning end scans the two-dimensional barcode and provides it together with the initial random code to the server end for the server end to verify whether the user end uses the ticket information legally.
在其它實施例中,用戶端與伺服器端(如高鐵公司的伺服器端)之間具有會員關係。在此例中,伺服器端提供一密鑰予會員的電子裝置(即用戶端)。密鑰將會綁在會員的電子裝置上。伺服器端亦記錄該密鑰。然後,當伺服器端接收到相對應電子裝置(即會員的電子裝置)提供的二維條碼時,伺服器端先解碼二維條碼,用以取得密碼資訊,再利用該會員相對應的密鑰進行對密碼資訊進行解密。在另一實施例中,用戶端與伺服器端不是會員關係。在此例中,當會員購買票券時,密鑰隨著票券資訊附上(密鑰綁在票券上) 。伺服器端記錄該密鑰。當伺服器端接收到相對應電子裝置提供的二維條碼時,伺服器端先解碼二維條碼,用以取得密碼資訊,再利用該票券相對應的密鑰進行對密碼資訊進行解密。In other embodiments, there is a membership relationship between the user end and the server end (such as the server end of the high-speed rail company). In this example, the server provides a key to the member's electronic device (ie, the client). The key will be tied to the member's electronic device. The server side also records the key. Then, when the server receives the two-dimensional barcode provided by the corresponding electronic device (that is, the member's electronic device), the server first decodes the two-dimensional barcode to obtain password information, and then uses the key corresponding to the member to Decrypt the password information. In another embodiment, the client and the server are not in a membership relationship. In this example, when a member purchases a ticket, the key is attached with the ticket information (the key is tied to the ticket). The server side records the key. When the server receives the two-dimensional barcode provided by the corresponding electronic device, the server first decodes the two-dimensional barcode to obtain password information, and then uses the key corresponding to the ticket to decrypt the password information.
在其它實施例中,掃描端可能是一電子看板。電子看板可能位於高鐵站。電子看板每隔一固定時間(如5分鐘),便呈現一隨機碼,並上傳隨機碼至一伺服器端。在此例中,使用者可能開啟手機的一應用程式,並輸入電子看板上的隨機碼。手機加密隨機碼,並將加密結果與一票券資訊整合成一二維條碼,並上傳至同一伺服器端。伺服器端解碼二維條碼,用以得到票券資訊以及密碼資訊。伺服器端對密碼資訊進行解密,並判斷解密結果是否相同的電子看板提供的隨機碼。若是,伺服器端令車站的閘門打開,讓使用者通行。In other embodiments, the scanning end may be an electronic signage. Electronic signage may be located at high-speed rail stations. The electronic signboard presents a random code at regular intervals (such as 5 minutes), and uploads the random code to a server. In this example, the user may open an application on the mobile phone and enter a random code on the digital signage. The mobile phone encrypts the random code, and integrates the encrypted result and a ticket information into a two-dimensional barcode, and uploads it to the same server. The server side decodes the two-dimensional barcode to obtain ticket information and password information. The server side decrypts the password information and judges whether the decryption result is the same as the random code provided by the electronic signage. If so, the server side opens the gates of the station to allow the user to pass.
在其它實施例中,當電子裝置登入一特定伺服器端(如高鐵公司的伺服器端)時,伺服器端提供一密鑰予電子裝置。在此例中,伺服器端記錄該密鑰。當伺服器端接收到相對應電子裝置提供的二維條碼時,伺服器端先解碼二維條碼,用以取得密碼資訊,再利用相對應的密鑰進行對密碼資訊進行解密。在此例中,伺服器端可能發送不同的密鑰予不同的登入者。In other embodiments, when the electronic device logs into a specific server (such as the server of the high-speed rail company), the server provides a key to the electronic device. In this example, the server side records the key. When the server receives the two-dimensional barcode provided by the corresponding electronic device, the server first decodes the two-dimensional barcode to obtain password information, and then uses the corresponding key to decrypt the password information. In this example, the server may send different keys to different registrants.
第2圖為本發明之操作系統的結構示意圖。如圖所示,操作系統200包括一用戶端210、一掃描端220以及一伺服器端230。掃描端220產生一初始隨機碼RNC。在一可能實施例中,用戶端210要求掃描端220產生初始隨機碼RNC。Fig. 2 is a structural schematic diagram of the operating system of the present invention. As shown in the figure, the
用戶端220接收初始隨機碼RNC。本發明並不限定用戶端220如何接收初始隨機碼RNC。在一可能實施例中,用戶端220根據一輸入介面,接收初始隨機碼RNC。在另一可能實施例中,用戶端220掃描初始隨機碼RNC。在本實施例中,用戶端220加密初始隨機碼RNC,用以產生一加密結果ER。在此例中,用戶端220儲存一金鑰KY_A,並利用金鑰KY_A加密初始隨機碼RNC。The
用戶端220將加密結果ER與一票券資訊TK相結合,用以產生一二維條碼QRC。用戶端220輸出二維條碼QRC予掃描端220。掃描端220接收二維條碼QRC,並連同初始隨機碼RNC一起輸出予伺服器端230。在一些實施例中,用戶端210與掃描端220分別為兩獨立的電子裝置,如兩智慧型手機。The
舉例而言,用戶端210可能是第一智慧型手機,並具有一第一應用程式(APP),掃描端為第二智慧型手機,並具有一第二應用程式。當第二應用程式被開啟時,第二智慧型手機提供一初始隨機碼RNC。在一可能實施例中,第二智慧型手機可能發送初始隨機碼RNC予第一智慧型手機,如利用電信網路,發送簡訊予第一智慧型手機。在另一可能實施例中,第二智慧型手機可能呈現初始隨機碼RNC。在此例中,使用者利用手動方式,輸入初始隨機碼RNC至第二智慧型手機中。在其它實施例中,第二智慧型手機以條碼方式,呈現初始隨機碼RNC。在此例中,使用者手持第一智慧型手機,並利用第一智慧型手機的掃描軟體,掃描第二智慧型手機所呈現的初始隨機碼RNC。在一些實施例中,第一智慧型手機加密初始隨機碼RNC,並將加密結果ER與票券資訊TK相結合,產生一二維條碼QRC。第二智慧型手機再掃描輸入二維條碼QRC,並連同初始隨機碼RNC一起上傳至伺服器端230。For example, the
伺服器端230接收掃描端220所傳來的初始隨機碼RNC及二維條碼QRC。伺服器端230解碼二維條碼QRC,用以取得一票券資訊以及一密碼資訊。伺服器端230對密碼資訊進行解密,用以得到一解密碼DR,並驗證解密碼DR是否相同於初始隨機碼RNC。本發明並不限定伺服端230如何解密二維條碼QRC。在本實施例中,伺服器端230利用一金鑰KY_B解密二維條碼QRC的密碼資訊。金鑰KY_B可能相同或不同於金鑰KY_A。舉例而言,當用戶端210利用一對稱加密法加密初始隨機碼RN時,金鑰KY_B相同於金鑰KY_A。當用戶端210利用一非對稱加密法加密初始隨機碼RN時,金鑰KY_B不同於金鑰KY_A。在此例中,金鑰KY_A及KY_B之一者為公鑰,另一者為私鑰。The
伺服器端230驗證解密碼DR是否相同於初始隨機碼RNC。當解密碼DR相同於初始隨機碼RNC時,伺服器端230核銷票券資訊TK。當解密碼DR不同於初始隨機碼RNC時,伺服器端230拒絕核銷票券資訊TK。在一可能實施例中,伺服器端230傳送驗證結果或是核銷票券資訊的結果予掃描端220。掃描端220根據驗證結果,決定是否核銷票券資訊,或是顯示驗證結果。The
在其它實施例中,用戶端210將未加密的初始隨機碼作為一輸出碼OTC,並將輸出碼OTC及二維條碼QRC提供予掃描端220。在此例中,掃描端220判斷輸出碼OTC是否相同於初始隨機碼RNC。當輸出碼OTC不同於初始隨機碼RNC時,掃描端220不輸出初始隨機碼RNC及二維條碼QRC予伺服器端230。當輸出碼OTC相同於初始隨機碼RNC時,掃描端220輸出初始隨機碼RNC及二維條碼QRC予伺服器端230。In other embodiments, the
第3圖為本發明之操作系統200的動作示意圖。首先,掃描端220產生一初始隨機碼。在一可能實施例中,用戶端210要求掃描端220顯示初始隨機碼。在此例中,用戶端210提出要使用票券要求,要求掃描端220顯示初始隨機碼。FIG. 3 is a schematic diagram of the operation of the
用戶端220輸入或掃描初始隨機碼。用戶端220加密初始隨機碼,並與票券資訊產生一二維條碼。在一可能實施例中,用戶端220利用一私鑰加密初始隨機碼。掃描端220接收二維條碼。在一可能實施例中,掃描端220係掃描用戶端210產生的二維條碼。掃描端220將初始隨機碼與用戶端210產生的二維條碼傳送到伺服器端230。The
伺服器端230接收掃描端220所傳來的初始隨機碼及用戶端210的二維條碼。伺服器端230解碼二維條碼,用以取得票券資訊以及密碼資訊。伺服器端230對密碼資訊進行解密,用以得到一解密碼,並驗證解密碼是否相同於初始隨機碼。本發明並不限定伺服端230如何對密碼資訊進行解密操作。在一可能實施例中,伺服器端230利用用戶端210所公開的一公鑰,對密碼資訊進行解密。在另一可能實施例中,當用戶端210利用一對稱加密法加密初始隨機碼時,伺服器端230利用同一密鑰(相同於用戶端210加密初始隨機碼所使用的密鑰),對密碼資訊進行解密。The
當解密碼相同於初始隨機碼時,伺服器端230核銷票券資訊。當解密碼不同於初始隨機碼時,伺服器端230拒絕核銷票券資訊。在一可能實施例中,伺服器端230傳送驗證結果或是核銷票券資訊的結果予掃描端220。在此例中,掃描端220接收伺服器端230的驗證結果並顯示驗證結果。在一些實施例中,掃描端220根據驗證結果,回應用戶端210,如打開閘門。When the decryption code is the same as the initial random code, the
在其它實施例中,用戶端210將未加密的初始隨機碼作為一輸出碼,並將輸出碼及二維條碼提供予掃描端220。在此例中,掃描端220判斷輸出碼是否相同於初始隨機碼。當輸出碼不同於初始隨機碼時,掃描端220不輸出初始隨機碼及二維條碼予伺服器端230。當輸出碼相同於初始隨機碼時,掃描端220輸出初始隨機碼及二維條碼予伺服器端230。In other embodiments, the
本發明之安全刷碼方法,或特定型態或其部份,可以以程式碼的型態存在。程式碼可儲存於實體媒體,如軟碟、光碟片、硬碟、或是任何其他機器可讀取(如電腦可讀取)儲存媒體,亦或不限於外在形式之電腦程式產品,其中,當程式碼被機器,如電腦載入且執行時,此機器變成用以參與本發明之操作系統。程式碼也可透過一些傳送媒體,如電線或電纜、光纖、或是任何傳輸型態進行傳送,其中,當程式碼被機器,如電腦接收、載入且執行時,此機器變成用以參與本發明之操作系統。當在一般用途處理單元實作時,程式碼結合處理單元提供一操作類似於應用特定邏輯電路之獨特裝置。The security brush code method of the present invention, or a specific type or part thereof, may exist in the form of program code. The code may be stored on a physical medium, such as a floppy disk, a CD, a hard disk, or any other machine-readable (such as a computer-readable) storage medium, or a computer program product without limitation in an external form, wherein, When the code is loaded and executed by a machine, such as a computer, the machine becomes an operating system for participating in the present invention. Code may also be sent via some transmission medium, such as wire or cable, optical fiber, or any type of transmission in which, when the code is received, loaded, and executed by a machine, such as a computer, the machine becomes the one used to participate in this Invented operating system. When implemented on a general-purpose processing unit, the code combines with the processing unit to provide a unique device that operates similarly to application-specific logic circuits.
除非另作定義,在此所有詞彙(包含技術與科學詞彙)均屬本發明所屬技術領域中具有通常知識者之一般理解。此外,除非明白表示,詞彙於一般字典中之定義應解釋為與其相關技術領域之文章中意義一致,而不應解釋為理想狀態或過分正式之語態。雖然“第一”、“第二”等術語可用於描述各種元件,但這些元件不應受這些術語的限制。這些術語只是用以區分一個元件和另一個元件。Unless otherwise defined, all terms (including technical and scientific terms) used herein are to be understood by those of ordinary skill in the art to which this invention belongs. In addition, unless expressly stated, the definition of a word in a general dictionary should be interpreted as consistent with the meaning in the article in its related technical field, and should not be interpreted as an ideal state or an overly formal voice. Although terms such as 'first' and 'second' may be used to describe various elements, these elements should not be limited by these terms. These terms are only used to distinguish one element from another.
雖然本發明已以較佳實施例揭露如上,然其並非用以限定本發明,任何所屬技術領域中具有通常知識者,在不脫離本發明之精神和範圍內,當可作些許之更動與潤飾。舉例來說,本發明實施例所述之系統、裝置或是方法可以硬體、軟體或硬體以及軟體的組合的實體實施例加以實現。因此本發明之保護範圍當視後附之申請專利範圍所界定者為準。Although the present invention has been disclosed above with preferred embodiments, it is not intended to limit the present invention. Any person with ordinary knowledge in the technical field may make some changes and modifications without departing from the spirit and scope of the present invention. . For example, the system, device or method described in the embodiments of the present invention can be implemented in physical embodiments of hardware, software, or a combination of hardware and software. Therefore, the scope of protection of the present invention should be defined by the scope of the appended patent application.
S111~S119:步驟 200:操作系統 210:用戶端 220:掃描端 230:伺服器端 RNC:初始隨機碼 QRC:二維條碼 OTC:輸出碼 ER:加密結果 TK:票券資訊 KY_A、KY_B:金鑰 DR:解密碼 VR:驗證結果 S111~S119: steps 200: operating system 210: client 220: scanning terminal 230: server side RNC: initial random code QRC: Two-dimensional barcode OTC: output code ER:encrypted result TK: Ticket Information KY_A, KY_B: key DR: decrypt code VR: Verification Results
第1圖為本發明之安全刷碼方法的流程示意圖。 第2圖為本發明之操作系統的結構示意圖。 第3圖為本發明之操作系統的動作示意圖。 Fig. 1 is a schematic flow chart of the method for safely swiping codes according to the present invention. Fig. 2 is a structural schematic diagram of the operating system of the present invention. Fig. 3 is a schematic diagram of the operation of the operating system of the present invention.
S111~S119:步驟 S111~S119: steps
Claims (9)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW111121148A TWI806646B (en) | 2022-06-08 | 2022-06-08 | Security swiping-code method and operation system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW111121148A TWI806646B (en) | 2022-06-08 | 2022-06-08 | Security swiping-code method and operation system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TWI806646B true TWI806646B (en) | 2023-06-21 |
| TW202349236A TW202349236A (en) | 2023-12-16 |
Family
ID=87803171
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW111121148A TWI806646B (en) | 2022-06-08 | 2022-06-08 | Security swiping-code method and operation system |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWI806646B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120066740A1 (en) * | 2002-03-28 | 2012-03-15 | Rampart-Id Systems, Inc. | System, method and apparatus for enabling transactions using a user enabled programmable magnetic stripe |
| WO2016169423A1 (en) * | 2015-04-20 | 2016-10-27 | 信码互通(北京)科技有限公司 | Data authenticity identification method for safety check of two-dimensional code |
| TW201931225A (en) * | 2018-01-11 | 2019-08-01 | 優仕達資訊股份有限公司 | Ticket issuance and admission verification system and method including a ticket issuance system and an admission verification system |
-
2022
- 2022-06-08 TW TW111121148A patent/TWI806646B/en active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120066740A1 (en) * | 2002-03-28 | 2012-03-15 | Rampart-Id Systems, Inc. | System, method and apparatus for enabling transactions using a user enabled programmable magnetic stripe |
| WO2016169423A1 (en) * | 2015-04-20 | 2016-10-27 | 信码互通(北京)科技有限公司 | Data authenticity identification method for safety check of two-dimensional code |
| TW201931225A (en) * | 2018-01-11 | 2019-08-01 | 優仕達資訊股份有限公司 | Ticket issuance and admission verification system and method including a ticket issuance system and an admission verification system |
Also Published As
| Publication number | Publication date |
|---|---|
| TW202349236A (en) | 2023-12-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8280056B2 (en) | System and methods for encryption with authentication integrity | |
| WO2020000786A1 (en) | Voting method and apparatus, and computer device and computer readable storage medium | |
| US20180219688A1 (en) | Information Transmission Method and Mobile Device | |
| CN101977190B (en) | Digital content encryption transmission method and server side | |
| JP2008529044A (en) | Secure encryption system, apparatus and method | |
| CN109510802B (en) | Authentication method, device and system | |
| TW200818838A (en) | Mutual authentication and secure channel establishment between two parties using consecutive one-time passwords | |
| TWI529641B (en) | System for verifying data displayed dynamically by mobile and method thereof | |
| CN110868291B (en) | Data encryption transmission method, device, system and storage medium | |
| WO2016054905A1 (en) | Method for processing data | |
| CN103237010B (en) | The server end of digital content is cryptographically provided | |
| US20140258718A1 (en) | Method and system for secure transmission of biometric data | |
| EP4032225A2 (en) | Quantum communication system | |
| US20160132871A1 (en) | Secure redemption code generation for gift cards and promotions | |
| CN103560892A (en) | Secret key generation method and secret key generation device | |
| US20180225428A1 (en) | Secure recording and rendering of encrypted multimedia content | |
| WO2012053886A1 (en) | A method and system for file encryption and decryption in a server | |
| JP7362676B2 (en) | Devices for data encryption and integrity | |
| CN103237011B (en) | Digital content encryption transmission method and server end | |
| US8769301B2 (en) | Product authentication based upon a hyperelliptic curve equation and a curve pairing function | |
| CN107886007B (en) | Abnormal ticket buying behavior processing method and device | |
| TWI827906B (en) | Message transmitting system, user device and hardware security module for use therein | |
| JPH10340255A (en) | System for authenticating network user | |
| TWI806646B (en) | Security swiping-code method and operation system | |
| WO2016184087A1 (en) | Method and system for transmitting information inter-device, source terminal and storage medium |