TWI831029B - System for confirming identity on different devices by verifying certification and verification code and method thereof - Google Patents

System for confirming identity on different devices by verifying certification and verification code and method thereof Download PDF

Info

Publication number
TWI831029B
TWI831029B TW110126375A TW110126375A TWI831029B TW I831029 B TWI831029 B TW I831029B TW 110126375 A TW110126375 A TW 110126375A TW 110126375 A TW110126375 A TW 110126375A TW I831029 B TWI831029 B TW I831029B
Authority
TW
Taiwan
Prior art keywords
client
server
verification
data
identity
Prior art date
Application number
TW110126375A
Other languages
Chinese (zh)
Other versions
TW202305635A (en
Inventor
連子清
蔡家宏
Original Assignee
臺灣網路認證股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 臺灣網路認證股份有限公司 filed Critical 臺灣網路認證股份有限公司
Priority to TW110126375A priority Critical patent/TWI831029B/en
Publication of TW202305635A publication Critical patent/TW202305635A/en
Application granted granted Critical
Publication of TWI831029B publication Critical patent/TWI831029B/en

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)

Abstract

A system for confirming identity on different devices by verifying a certification and a verification code and a method thereof are provided. By signing personal data to generate a signature value by a first client, generating a coded message by a server after verifying the signature value, transmitting the coded message from the server to the first client, obtaining the coded message through the first client by a second client, transmitting he personal data and a token from the second client to the server based on connection information after the second client decodes the coded message for obtaining the connection information, the personal data and the token, generating a verification code after the server confirms the token, transmitting the verification code from the server to the second client, obtaining the verification code via the second client by the first client, and transmitting the verification code from the first client to the server, and verifying the verification code by the server for confirming user identity, the system and the method can confirm user identity via server, and can achieve the effect of using certificates to confirm users of different devices are the same one.

Description

依憑證及驗證資料在不同裝置上確認身分之系統及方法System and method for confirming identity on different devices based on certificates and verification data

一種身分驗證系統及其方法,特別係指一種依憑證及驗證資料在不同裝置上確認身分之系統及方法。 An identity verification system and method thereof, specifically refers to a system and method for confirming identity on different devices based on certificates and verification data.

電子憑證,又稱為數位憑證,是一種用於電腦系統的身分識別機制。電子憑證是身分認證機構在確認使用者的數位身分證明後在該數位身分證明中加上身分認證機構的簽名,這一行為表示身分認證機構已認定擁有數位身分證明的使用者。電子憑證是一個或一組電腦檔案,其中記載了擁有人的身分資料及一組公開資料(公鑰),其中公鑰對應一組專屬於電子憑證之擁有人的私鑰。電子憑證的擁有人可透過私鑰向電腦系統認證自己的身分,從而存取或使用某一特定的電腦服務。 Electronic vouchers, also known as digital vouchers, are an identification mechanism used in computer systems. An electronic certificate is an identity certification agency that adds the signature of the identity certification agency to the digital identity certificate after confirming the user's digital identity certificate. This behavior indicates that the identity certification agency has identified the user as possessing the digital identity certificate. An electronic certificate is a computer file or a set of computer files, which records the owner's identity information and a set of public information (public keys). The public key corresponds to a set of private keys unique to the owner of the electronic certificate. The owner of the electronic certificate can authenticate his or her identity to the computer system through the private key to access or use a specific computer service.

近年來由於網路服務的普及,網路上的身分識別方式益發重要,目前在網路上進行身分識別的主要方式之一為使用電子憑證。然而,目前電子憑證的申請過程都需要進行身分確認,也就是要申請人攜帶身分證明文件親自 到申請電子憑證之業務的櫃檯辦理,一旦申請人因為個人因素或是環境因素不方便親自臨櫃辦理,便無法完成電子憑證的申請,這對於電子憑證的申請人而言並不方便。 In recent years, due to the popularity of Internet services, identification methods on the Internet have become increasingly important. Currently, one of the main methods of identification on the Internet is the use of electronic vouchers. However, the current application process for electronic vouchers requires identity confirmation, which means that the applicant must bring his or her identity document in person. Go to the counter for applying for electronic vouchers. Once the applicant is inconvenient to go to the counter in person due to personal or environmental factors, he will not be able to complete the application for electronic vouchers. This is inconvenient for applicants of electronic vouchers.

綜上所述,可知先前技術中長期以來一直存在申請電子憑證需要申請人需要親自臨櫃以確認身分而造成申請人不便的問題,因此有必要提出改進的技術手段,來解決此一問題。 In summary, it can be seen that there has long been a problem in the prior art that applying for an electronic voucher requires the applicant to visit the counter in person to confirm the identity, causing inconvenience to the applicant. Therefore, it is necessary to propose improved technical means to solve this problem.

有鑒於先前技術存在申請電子憑證需要申請人親自臨櫃以確認身分而造成申請人不便的問題,本發明遂揭露一種依憑證及驗證資料在不同裝置上確認身分之系統及方法,其中:本發明所揭露之依憑證及驗證資料在不同裝置上確認身分之系統,至少包含:第一客戶端,用以輸入個人資料,並對個人資料簽章以產生簽章值;伺服器,用以接收第一客戶端所傳送之個人資料與簽章值,並驗證個人資料與簽章值,及用以於個人資料與簽章值通過驗證後,產生驗證信物,並產生包含個人資料、驗證信物、及連線資訊之編碼訊息,及傳送編碼訊息給第一客戶端;第二客戶端,用以透過第一客戶端取得編碼訊息,並解碼編碼訊息以依據連線資訊傳送個人資料與驗證信物至伺服器,使伺服器於確認驗證信物後產生驗證資料,及用以接收伺服器所傳送之驗證資料,並提供驗證資料給第一客戶端;其中,第一客戶端更用以傳送驗證資料至伺服器,伺服器更用以驗證驗證資料以產生身分驗證結果,並傳送身分驗證結果至第二客戶端。 In view of the problem in the prior art that applying for an electronic voucher requires the applicant to come to the counter in person to confirm the identity, causing inconvenience to the applicant, the present invention discloses a system and method for confirming identity on different devices based on the voucher and verification data, wherein: The disclosed system for confirming identities on different devices based on certificates and verification data at least includes: a first client, which is used to input personal data and sign the personal data to generate a signature value; a server, which is used to receive the third The personal information and signature value sent by a client are verified, and used to generate a verification token after the personal information and signature value are verified, and generate a verification token including personal information, verification token, and The encoded message of the connection information, and sends the encoded message to the first client; the second client is used to obtain the encoded message through the first client, and decode the encoded message to send personal data and verification tokens to the server based on the connection information. The server enables the server to generate verification data after confirming the verification token, and is used to receive the verification data sent by the server, and provide the verification data to the first client; wherein, the first client is further used to send the verification data to the server. The server is further used to verify the verification data to generate an identity verification result, and send the identity verification result to the second client.

本發明所揭露之依憑證及驗證資料在不同裝置上確認身分之方法,其步驟至少包括:第一客戶端輸入個人資料,並對個人資料簽章以產生簽章值;第一客戶端傳送個人資料與簽章值至伺服器,伺服器驗證個人資料與簽章值;伺服器於個人資料與簽章值通過驗證後,產生驗證信物;伺服器產生包含個人資料、驗證信物、及連線資訊之編碼訊息,並傳送編碼訊息給第一客戶端;第二客戶端透過第一客戶端取得編碼訊息;第二客戶端解碼編碼訊息以依據連線資訊傳送個人資料與驗證信物至伺服器;伺服器確認驗證信物後,產生驗證資料,並傳送驗證資料至第二客戶端;第一客戶端透過第二客戶端取得驗證資料,並傳送驗證資料至該伺服器;伺服器驗證驗證資料以產生身分驗證結果,並傳送身分驗證結果至第二客戶端。 The method disclosed by the present invention for confirming identity on different devices based on certificates and verification data includes at least the following steps: the first client inputs personal information and signs the personal information to generate a signature value; the first client transmits the personal information The data and signature value are sent to the server, and the server verifies the personal data and signature value; after the personal data and signature value are verified, the server generates a verification token; the server generates personal information, verification token, and connection information. The encoded message is sent to the first client; the second client obtains the encoded message through the first client; the second client decodes the encoded message to send personal data and verification tokens to the server based on the connection information; the server After the server confirms the verification token, it generates verification data and sends the verification data to the second client; the first client obtains the verification data through the second client and sends the verification data to the server; the server verifies the verification data to generate an identity. Verify the result and send the identity verification result to the second client.

本發明所揭露之系統與方法如上,與先前技術之間的差異在於本發明透過由伺服器驗證第一客戶端之簽章後產生編碼訊息並傳回第一客戶端,第二客戶端透過第一客戶端取得編碼訊息後,解碼編碼訊息以取得連線資訊、個人資料與驗證信物,並依據連線資訊傳送個人資料與驗證信物至伺服器,伺服器於確認驗證信物後產生並傳送驗證資料至第二客戶端,第一客戶端透過第二客戶端取得驗證資料並傳送驗證資料至伺服器驗證以產生身分驗證結果,藉以解決先前技術所存在的問題,並可以達成以電子憑證確認不同裝置之使用者相同的技術功效。 The system and method disclosed by the present invention are as above. The difference between them and the prior art is that the present invention generates an encoded message by the server after verifying the signature of the first client and sends it back to the first client. The second client verifies the signature through the first client. After a client obtains the encoded message, it decodes the encoded message to obtain connection information, personal data and verification tokens, and sends personal data and verification tokens to the server based on the connection information. The server generates and sends verification data after confirming the verification tokens. To the second client, the first client obtains the verification data through the second client and sends the verification data to the server for verification to generate an identity verification result, thereby solving the problems existing in the previous technology and enabling the use of electronic certificates to confirm different devices. The same technical functions as the users.

110:第一客戶端 110:First client

120:伺服器 120:Server

130:第二客戶端 130: Second client

310:使用者介面 310:User interface

311:區塊 311:Block

320:密碼輸入介面 320: Password input interface

步驟210:第一客戶端輸入個人資料及確認密碼,並對個人資料簽章以產生簽章值 Step 210: The first client enters personal information and confirms the password, and signs the personal information to generate a signature value

步驟220:第一客戶端傳送個人資料與簽章值至伺服器,伺服器驗證個人資料與簽章值 Step 220: The first client sends personal information and signature value to the server, and the server verifies the personal information and signature value.

步驟231:伺服器於個人資料與簽章值通過驗證後產生驗證信物 Step 231: The server generates a verification token after the personal information and signature value are verified.

步驟235:伺服器產生包含個人資料、驗證信物及連線資訊之編碼訊息,並傳送編碼訊息給第一客戶端 Step 235: The server generates an encoded message including personal information, verification token and connection information, and sends the encoded message to the first client.

步驟240:第二客戶端透過第一客戶端取得編碼訊息 Step 240: The second client obtains the encoded message through the first client

步驟250:第二客戶端解碼編碼訊息以依據連線資訊傳送個人資料與驗證信物至伺服器 Step 250: The second client decodes the encoded message to send personal data and verification tokens to the server based on the connection information.

步驟260:伺服器確認驗證信物後產生驗證資料,並傳送驗證資料至第二客戶端 Step 260: The server generates verification data after confirming the verification token, and sends the verification data to the second client.

步驟261:伺服器確認驗證信物後傳送認證資料至第二客戶端 Step 261: The server confirms the verification token and sends the authentication information to the second client.

步驟265:第二客戶端傳送驗證密碼及認證資料至伺服器 Step 265: The second client sends the verification password and authentication information to the server

步驟267:伺服器比對驗證密碼及確認密碼相同後產生並傳送驗證資料至第二客戶端 Step 267: The server compares the verification password and the confirmation password to generate and send verification data to the second client.

步驟270:第一客戶端透過第二客戶端取得驗證資料,並傳送驗證資料至伺服器 Step 270: The first client obtains the verification data through the second client and sends the verification data to the server.

步驟280:伺服器驗證驗證資料以產生身分驗證結果,並傳送身分驗證結果至第二客戶端 Step 280: The server verifies the verification data to generate an identity verification result, and sends the identity verification result to the second client.

步驟290:第二客戶端判斷身分驗證結果表示使用者通過驗證後,使用個人資料及驗證密碼申請數位憑證 Step 290: After the second client determines that the identity verification result indicates that the user has passed the verification, it uses personal information and verification password to apply for a digital certificate.

第1圖為本發明所提之依憑證及驗證資料在不同裝置上確認身分之系統架構圖。 Figure 1 is a system architecture diagram for confirming identity on different devices based on certificates and verification data according to the present invention.

第2A圖為本發明所提之依憑證及驗證資料在不同裝置上確認身分之方法流程圖。 Figure 2A is a flow chart of the method for confirming identity on different devices based on certificates and verification data according to the present invention.

第2B圖為本發明所提之依憑證及驗證資料在不同裝置上確認身分之附加方法流程圖。 Figure 2B is a flow chart of an additional method for confirming identity on different devices based on certificates and verification data according to the present invention.

第2C圖為本發明所提之伺服器確認驗證密碼之方法流程圖。 Figure 2C is a flow chart of a method for the server to confirm the verification password according to the present invention.

第3A圖為本發明實施例所提之開啟應用程式操作畫面之示意圖。 Figure 3A is a schematic diagram of the application opening operation screen according to the embodiment of the present invention.

第3B圖為本發明實施例所提之驗證密碼輸入畫面之示意圖。 Figure 3B is a schematic diagram of the verification password input screen according to the embodiment of the present invention.

以下將配合圖式及實施例來詳細說明本發明之特徵與實施方式,內容足以使任何熟習相關技藝者能夠輕易地充分理解本發明解決技術問題所應用的技術手段並據以實施,藉此實現本發明可達成的功效。 The features and implementations of the present invention will be described in detail below with reference to the drawings and examples. The content is sufficient to enable any person familiar with the relevant art to easily fully understand the technical means used to solve the technical problems of the present invention and implement them accordingly, thereby achieving The effect that the present invention can achieve.

本發明可以透過伺服器驗證使用者在第一客戶端上有效憑證以讓使用者所使用之第二客戶端透過伺服器確認使用者身分。其中,本發明所提之有效憑證為可以當下通過憑證驗證伺服器(Validation Authority,VA)驗證的數位憑證,包含但不限於金融憑證、自然人憑證、工商憑證等。 The present invention can verify the user's valid credentials on the first client through the server, so that the second client used by the user can confirm the user's identity through the server. Among them, the valid certificates mentioned in the present invention are digital certificates that can be verified by the certificate verification server (Validation Authority, VA) at the moment, including but not limited to financial certificates, natural person certificates, industrial and commercial certificates, etc.

本發明所提之伺服器、第一客戶端、第二客戶端都可以是計算設備。本發明所提之計算設備包含但不限於一個或多個處理模組、一條或多條記憶體模組、以及連接不同硬體元件(包括記憶體模組和處理模組)的匯流排等硬體元件。透過所包含之多個硬體元件,計算設備可以載入並執行作業系統, 使作業系統在計算設備上運行,也可以執行軟體或程式。另外,計算設備也包含一個外殼,上述之各個硬體元件設置於外殼內。 The server, first client, and second client mentioned in the present invention can all be computing devices. The computing device mentioned in the present invention includes but is not limited to one or more processing modules, one or more memory modules, and buses and other hardware connecting different hardware components (including memory modules and processing modules). body components. Through the multiple hardware components included, the computing device can load and execute the operating system. Causes an operating system to run on a computing device and can also execute software or programs. In addition, the computing device also includes a casing, and the above-mentioned hardware components are arranged in the casing.

本發明所提之計算設備的匯流排可以包含一種或多個類型,例如包含資料匯流排(data bus)、位址匯流排(address bus)、控制匯流排(control bus)、擴充功能匯流排(expansion bus)、及/或局域匯流排(local bus)等類型的匯流排。計算設備的匯流排包括但不限於的工業標準架構(Industry Standard Architecture,ISA)匯流排、周邊元件互連(Peripheral Component Interconnect,PCI)匯流排、視頻電子標準協會(Video Electronics Standards Association,VESA)局域匯流排、以及串列的通用序列匯流排(Universal Serial Bus,USB)、快速周邊元件互連(PCI Express,PCI-E/PCIe)匯流排等。 The bus of the computing device mentioned in the present invention may include one or more types, such as a data bus, an address bus, a control bus, and an extended function bus. expansion bus), and/or local bus (local bus) and other types of buses. Buses for computing equipment include, but are not limited to, Industry Standard Architecture (ISA) buses, Peripheral Component Interconnect (PCI) buses, Video Electronics Standards Association (VESA) Domain bus, serial Universal Serial Bus (USB), Peripheral Component Interconnect Express (PCI Express, PCI-E/PCIe) bus, etc.

本發明所提之計算設備的處理模組與匯流排耦接。處理模組包含暫存器(Register)組或暫存器空間,暫存器組或暫存器空間可以完全的被設置在處理模組之處理晶片上,或全部或部分被設置在處理晶片外並經由專用電氣連接及/或經由匯流排耦接至處理晶片。處理模組可為中央處理器、微處理器或任何合適的處理元件。若計算設備為多處理器設備,也就是計算設備包含多個處理模組,則計算設備所包含的處理模組都相同或類似,且透過匯流排耦接與通訊。處理模組可以解釋一個計算機指令或一連串的多個計算機指令以進行特定的運算或操作,例如,數學運算、邏輯運算、資料比對、複製/移動資料等,藉以驅動計算設備中的其他硬體元件或運行作業系統或執行各種程式及/或模組。 The processing module of the computing device of the present invention is coupled to the bus. The processing module includes a register group or register space. The register group or register space can be completely set on the processing chip of the processing module, or all or part of it can be set outside the processing chip. and coupled to the processing chip via dedicated electrical connections and/or via busbars. The processing module can be a central processing unit, a microprocessor, or any suitable processing element. If the computing device is a multi-processor device, that is, the computing device includes multiple processing modules, the processing modules included in the computing device are all the same or similar, and are coupled and communicated through a bus. The processing module can interpret a computer instruction or a series of multiple computer instructions to perform specific calculations or operations, such as mathematical operations, logical operations, data comparison, copying/moving data, etc., to drive other hardware in the computing device The components may run the operating system or execute various programs and/or modules.

計算設備中通常也包含一個或多個晶片組(Chipset)。計算設備的處理模組可以與晶片組耦接或透過匯流排與晶片組電性連接。晶片組是由一 個或多個積體電路(Integrated Circuit,IC)組成,包含記憶體控制器以及周邊輸出入(I/O)控制器等,也就是說,記憶體控制器以及周邊輸出入控制器可以包含在一個積體電路內,也可以使用兩個或更多的積體電路實現。晶片組通常提供了輸出入和記憶體管理功能、以及提供多個通用及/或專用暫存器、計時器等,其中,上述之通用及/或專用暫存器與計時器可以讓耦接或電性連接至晶片組的一個或多個處理模組存取或使用。 Computing devices usually also contain one or more chipsets. The processing module of the computing device may be coupled to the chipset or electrically connected to the chipset through a bus. The chipset is composed of a It is composed of one or more integrated circuits (ICs), including memory controllers and peripheral input/output (I/O) controllers. In other words, memory controllers and peripheral I/O controllers can be included in Within one integrated circuit, it can also be implemented using two or more integrated circuits. The chipset usually provides input/output and memory management functions, as well as multiple general-purpose and/or special-purpose registers, timers, etc., where the above-mentioned general-purpose and/or special-purpose registers and timers can be coupled or One or more processing modules electrically connected to the chipset for access or use.

計算設備的處理模組也可以透過記憶體控制器存取安裝於計算設備上的記憶體模組和大容量儲存區中的資料。上述之記憶體模組包含任何類型的揮發性記憶體(volatile memory)及/或非揮發性(non-volatile memory,NVRAM)記憶體,例如靜態隨機存取記憶體(Static Random Access Memory,SRAM)、動態隨機存取記憶體(Dynamic Random Access Memory,DRAM)、唯讀記憶體(Read-Only Memory,ROM)、快閃記憶體(Flash memory)等。上述之大容量儲存區可以包含任何類型的儲存裝置或儲存媒體,例如,硬碟機、光碟(optical disc)、隨身碟(flash drive)、記憶卡(memory card)、固態硬碟(Solid State Disk,SSD)、或任何其他儲存裝置等。也就是說,記憶體控制器可以存取靜態隨機存取記憶體、動態隨機存取記憶體、快閃記憶體、硬碟機、固態硬碟中的資料。 The processing module of the computing device can also access data in the memory modules and mass storage areas installed on the computing device through the memory controller. The above memory modules include any type of volatile memory (volatile memory) and/or non-volatile memory (NVRAM) memory, such as static random access memory (Static Random Access Memory, SRAM) , dynamic random access memory (Dynamic Random Access Memory, DRAM), read-only memory (Read-Only Memory, ROM), flash memory (Flash memory), etc. The above-mentioned mass storage area can include any type of storage device or storage media, such as a hard drive, optical disc, flash drive, memory card, solid state disk ,SSD), or any other storage device, etc. In other words, the memory controller can access data in static random access memory, dynamic random access memory, flash memory, hard disk drives, and solid state drives.

計算設備的處理模組也可以透過周邊輸出入控制器經由周邊輸出入匯流排與周邊輸出裝置、周邊輸入裝置、通訊介面、及GPS接收器等周邊裝置或介面連接並通訊。周邊輸入裝置可以是任何類型的輸入裝置,例如鍵盤、滑鼠、軌跡球、觸控板、搖桿等,周邊輸出裝置可以是任何類型的輸出裝置,例如顯示器、印表機等,周邊輸入裝置與周邊輸出裝置也可以是同一裝置,例 如觸控螢幕等。通訊介面可以包含無線通訊介面及/或有線通訊介面,無線通訊介面可以包含支援無線區域網路(如Wi-Fi、Zigbee等)、藍牙、紅外線、近場通訊(Near-field communication,NFC)、3G/4G/5G等行動通訊網路(蜂巢式網路)或其他無線資料傳輸協定的介面,有線通訊介面可為乙太網路裝置、DSL數據機、纜線(Cable)數據機、非同步傳輸模式(Asynchronous Transfer Mode,ATM)裝置、或光纖通訊介面及/或元件等。處理模組可以週期性地輪詢(polling)各種周邊裝置與介面,使得計算設備能夠透過各種周邊裝置與介面進行資料的輸入與輸出,也能夠與具有上面描述之硬體元件的另一個計算設備進行通訊。 The processing module of the computing device can also connect and communicate with peripheral devices or interfaces such as peripheral output devices, peripheral input devices, communication interfaces, and GPS receivers through the peripheral I/O bus through the peripheral I/O controller. The peripheral input device can be any type of input device, such as keyboard, mouse, trackball, touch pad, joystick, etc. The peripheral output device can be any type of output device, such as a monitor, printer, etc. The peripheral input device It can also be the same device as the peripheral output device, for example Such as touch screen, etc. The communication interface may include a wireless communication interface and/or a wired communication interface. The wireless communication interface may include support for wireless local area network (such as Wi-Fi, Zigbee, etc.), Bluetooth, infrared, near-field communication (NFC), The interface of mobile communication networks (cellular networks) or other wireless data transmission protocols such as 3G/4G/5G. The wired communication interface can be an Ethernet device, a DSL modem, a cable modem, or asynchronous transmission. Mode (Asynchronous Transfer Mode, ATM) devices, or optical fiber communication interfaces and/or components, etc. The processing module can periodically poll various peripheral devices and interfaces, so that the computing device can input and output data through various peripheral devices and interfaces, and can also communicate with another computing device having the hardware components described above. Communicate.

以下先以「第1圖」本發明所提之依憑證及驗證資料在不同裝置上確認身分之系統架構圖來說明本發明的系統運作。如「第1圖」所示,本發明之系統含有第一客戶端110、伺服器120、第二客戶端130。其中,第一客戶端110與伺服器120間及伺服器120與第二客戶端130間,可以透過有線或無線網路相互傳遞資料或訊號。 The system operation of the present invention is first explained below with reference to "Figure 1", a system architecture diagram of the present invention for confirming identity on different devices based on certificates and verification data. As shown in "Figure 1", the system of the present invention includes a first client 110, a server 120, and a second client 130. Among them, data or signals can be transmitted between the first client 110 and the server 120 and between the server 120 and the second client 130 through wired or wireless networks.

第一客戶端110負責輸入個人資料。一般而言,第一客戶端110可以提供資料輸入介面以輸入個人資料。第一客戶端110所輸入之個人資料包含使用者識別資料,在部分的實施例中,個人資料也可以包含使用者所輸入的確認密碼,其中,使用者識別資料可以是使用者的身分證號、護照號碼等,但本發明並不以此為限;確認密碼則可以由一定數量的字母、數字、符號排列產生。 The first client 110 is responsible for inputting personal information. Generally speaking, the first client 110 can provide a data input interface for inputting personal data. The personal information entered by the first client 110 includes user identification information. In some embodiments, the personal information may also include a confirmation password entered by the user, where the user identification information may be the user's identity card number. , passport number, etc., but the present invention is not limited to this; the confirmation password can be generated by a certain number of letters, numbers, and symbols.

第一客戶端110也負責使用與有效憑證中之公鑰(public key)對應的私鑰(private key)對所輸入之個人資料簽章以產生與個人資料對應的簽章值。在部分的實施例中,第一客戶端110也可以將個人資料中的確認密碼刪除後再對刪除確認密碼的個人資料簽章以產生簽章值。 The first client 110 is also responsible for signing the input personal data using the private key corresponding to the public key in the valid certificate to generate a signature value corresponding to the personal data. In some embodiments, the first client 110 may also delete the confirmation password in the personal data and then sign the personal data with the deleted confirmation password to generate a signature value.

第一客戶端110也負責將所輸入之個人資料及所產生之簽章值傳送到伺服器120,並負責接收伺服器120所傳送的編碼訊息。本發明所提之編碼訊息為可以取得伺服器120之連線方式且可以取得伺服器120所產生之一個或多個資料的資料,編碼訊息可以文字、條碼、或圖形的方式呈現,但本發明並不以此為限。其中,上述之取得資料的方式包含但不限於解碼編碼訊息或依據編碼訊息連線到特定目標(如特定主機或伺服器)下載。 The first client 110 is also responsible for transmitting the input personal information and the generated signature value to the server 120, and is responsible for receiving the encoded message sent by the server 120. The encoded information mentioned in the present invention is data that can obtain the connection method of the server 120 and obtain one or more data generated by the server 120. The encoded information can be presented in the form of text, barcode, or graphics, but the present invention It is not limited to this. Among them, the above-mentioned methods of obtaining data include but are not limited to decoding the encoded message or connecting to a specific target (such as a specific host or server) for downloading based on the encoded message.

第一客戶端110也負責透過第二客戶端130取得驗證資料,並可以將所取得之驗證資料傳送給伺服器120。第一客戶端110可以透過使用者輸入第二客戶端130所顯示的驗證資料,也可以接收第二客戶端130所傳送的驗證資料,或可以掃描並辨識第二客戶端130所顯示的驗證資料,但第一客戶端110透過第二客戶端130取得驗證資料之方式並不以上述為限,例如,第一客戶端110也可以接收第二客戶端130所推播之驗證資料、依據與第二客戶端130預先約定之資料勾稽值至伺服器120下載驗證資料、透過電子郵件或即時訊息接收第二客戶端130所傳送之驗證資料、或透過跨應用程式(cross APP)之方式接收來自第二客戶端130的驗證資料。 The first client 110 is also responsible for obtaining verification data through the second client 130 and can transmit the obtained verification data to the server 120 . The first client 110 can input the verification information displayed by the second client 130 through the user, can also receive the verification information sent by the second client 130, or can scan and identify the verification information displayed by the second client 130. , but the method for the first client 110 to obtain the verification information through the second client 130 is not limited to the above. For example, the first client 110 can also receive the verification information pushed by the second client 130, the basis and the third The two clients 130 download the verification data from the pre-agreed data to the server 120, receive the verification data sent by the second client 130 via email or instant message, or receive the verification data from the second client 130 through cross APP. 2. Verification information of client 130.

要特別說明的是,第一客戶端110通常可以在同一會話期間(Session)的第一時間將所輸入之個人資料與所產生之簽章值傳送至伺服器120,並在第二時間將接收自第二客戶端130的驗證資料傳送至伺服器120。也就是說,第一客戶端110在將個人資料與簽章值傳送到伺服器120後,可以不中斷與伺服器120的連線,即第一客戶端110可以維持與伺服器120的連線,並至少持續到將驗證資料傳送給伺服器120後才中斷與伺服器120的連線;第一客戶端110與伺服器120之間也可以透過保持狀態的方式維持會話期間,例如在超文本傳輸 協定(Hyper Text Transfer Protocol,HTTP)中以Session或cookie機制維持會話期間等,但第一客戶端110與伺服器120間維持會話期間的方式並不以上述為限。 It should be noted that the first client 110 can usually transmit the input personal information and the generated signature value to the server 120 at the first time during the same session (Session), and receive the received signature value at the second time. The verification data from the second client 130 is sent to the server 120 . That is to say, after the first client 110 transmits the personal data and signature value to the server 120, it does not need to interrupt the connection with the server 120. That is, the first client 110 can maintain the connection with the server 120. , and continues at least until the verification data is sent to the server 120 before interrupting the connection with the server 120; the first client 110 and the server 120 can also maintain the session by maintaining state, for example, in a hypertext transmission In the protocol (Hyper Text Transfer Protocol, HTTP), Session or cookie mechanisms are used to maintain the session period, etc., but the method of maintaining the session period between the first client 110 and the server 120 is not limited to the above.

第一客戶端110也可以接收伺服器120所傳送之身分驗證結果,並可以依據身分驗證結果顯示對應之驗證結果訊息,例如,顯示身分驗證成功或失敗等。 The first client 110 can also receive the identity verification result sent by the server 120, and can display the corresponding verification result message according to the identity verification result, for example, displaying whether the identity verification is successful or failed.

伺服器120負責接收第一客戶端110所傳送的個人資料及簽章值,並負責驗證個人資料與簽章值。由於驗證個人資料與對應之簽章值的方式已為習知,故本發明不再多加描述。 The server 120 is responsible for receiving the personal information and signature value sent by the first client 110, and is responsible for verifying the personal information and signature value. Since the method of verifying personal data and the corresponding signature value is already known, the present invention will not describe it further.

伺服器120也負責在個人資料與簽章值通過驗證後,產生驗證信物(token)。伺服器120所產生的驗證信物包含驗證值,一般而言,驗證值是由伺服器120以一定方式產生,例如,隨機產生或使用當前的時間值等,但本發明並不以此為限。在部分的實施例中,驗證信物還可以包含時間戳,其中,時間戳可以表示當前時間或有效時間。 The server 120 is also responsible for generating a verification token (token) after the personal information and signature value are verified. The verification token generated by the server 120 includes a verification value. Generally speaking, the verification value is generated by the server 120 in a certain manner, for example, randomly generated or using the current time value, but the present invention is not limited to this. In some embodiments, the verification token may also include a timestamp, where the timestamp may represent the current time or valid time.

伺服器120也負責產生編碼訊息,並負責將所產生的編碼訊息傳送給第一客戶端110。一般而言,伺服器120可以使用習知之各種演算法產生文字、條碼、或圖形的編碼訊息。透過伺服器120所產生的編碼訊息可以取得伺服器120所接收到的個人資料、伺服器120所產生的驗證信物、及伺服器120的連線資訊。其中,連線資訊包含但不限於URI/URL Scheme及/或伺服器120所提供的API。在部分的實施例中,編碼訊息所包含的個人資料可以不包含確認密碼。 The server 120 is also responsible for generating the encoded message and transmitting the generated encoded message to the first client 110 . Generally speaking, the server 120 can use various known algorithms to generate text, barcode, or graphic encoded information. The personal information received by the server 120, the verification token generated by the server 120, and the connection information of the server 120 can be obtained through the encoded message generated by the server 120. Among them, the connection information includes but is not limited to URI/URL Scheme and/or API provided by the server 120. In some embodiments, the personal information contained in the encoded message may not include a confirmation password.

在部分的實施例中,伺服器120也可以提供第一客戶端110設定與編碼訊息對應的訊息勾稽值,並可以在接收到第二客戶端130所傳送之相同的訊息勾稽值時,將相對應的編碼訊息傳送給第二客戶端130。 In some embodiments, the server 120 can also provide the first client 110 to set the message hook value corresponding to the encoded message, and can change the corresponding message hook value when receiving the same message hook value sent by the second client 130. The corresponding encoded message is sent to the second client 130.

伺服器120也負責儲存所產生之驗證信物與所接收到之個人資料中的確認密碼。一般而言,伺服器120可以將所產生之驗證信物與認證資料做為一筆資料儲存於資料對應表中。在部分的實施例中,伺服器120也可以在產生驗證信物時,也就是在個人資料與簽章值通過驗證後,產生認證資料,並可以將所產生之驗證信物、確認密碼、及認證資料做為一筆資料儲存於資料對應表中。伺服器120產生認證資料的方式可以是隨機產生或依據流水號產生,但本發明並不以此為限,凡可以產生出具有唯一值或足以在一定時間內識別出多個特定資料的方式都可以被伺服器120用來產生認證資料。 The server 120 is also responsible for storing the generated verification token and the confirmation password in the received personal data. Generally speaking, the server 120 can store the generated verification token and authentication data as a piece of data in the data correspondence table. In some embodiments, the server 120 can also generate authentication information when generating the verification token, that is, after the personal information and signature value are verified, and can use the generated verification token, confirmation password, and authentication information. It is stored in the data correspondence table as a piece of data. The server 120 can generate authentication data randomly or based on serial numbers, but the present invention is not limited to this. Any method that can generate unique values or is sufficient to identify multiple specific data within a certain period of time can be used. Can be used by server 120 to generate authentication information.

伺服器120也負責接收第二客戶端130所傳送的個人資料與驗證信物,並確認所接收到的驗證信物。舉例來說,伺服器120可以判斷所接收到的驗證信物是否存在於資料對應表中,若是,則伺服器120可以判斷所接收到的驗證信物通過驗證,並可以確認所接收到的驗證信物,也可以將接收到的驗證信物記錄為已接收,而若資料對應表中沒有相同的驗證信物,或驗證信物已被記錄為已接收,則伺服器120可以判斷所接收到的驗證信物沒有通過驗證。 The server 120 is also responsible for receiving the personal information and verification token sent by the second client 130, and confirming the received verification token. For example, the server 120 can determine whether the received verification token exists in the data correspondence table. If so, the server 120 can determine that the received verification token has passed the verification, and can confirm the received verification token, The received verification token can also be recorded as received. If there is no identical verification token in the data correspondence table, or the verification token has been recorded as received, the server 120 can determine that the received verification token has not passed the verification. .

在部分的實施例中,伺服器120在確認驗證信物時,還可以檢查所接收到之驗證信物的有效期限是否有效,即判斷驗證信物中之時間戳所表示之時間是否在有效時間內,例如,時間戳所表示之時間為產生驗證信物之當前時間時,伺服器120可以依據時間戳所表示之時間與當前時間的時間差是否在預定範圍內判斷驗證信物的有效期限是否有效,又如,時間戳所表示之時間為驗證信物的有效時間時,伺服器120可以依據時間戳所表示之時間是否晚於當前時間判斷驗證信物的有效期限是否有效,當驗證信物的有效期限有效時,伺服器120可以判斷所接收到的驗證信物沒有通過驗證,反之,伺服器120可以判斷所 接收到的驗證信物沒有通過驗證;伺服器120也可以檢查驗證信物是否已被確認,即檢查驗證信物中之驗證值是否曾經接收過,若是,則伺服器120可以判斷所接收到的驗證信物沒有通過驗證,若否,則伺服器120可以判斷所接收到的驗證信物通過驗證。 In some embodiments, when confirming the verification token, the server 120 can also check whether the validity period of the received verification token is valid, that is, determine whether the time represented by the timestamp in the verification token is within the valid time, for example , when the time represented by the timestamp is the current time when the verification token is generated, the server 120 can determine whether the validity period of the verification token is valid based on whether the time difference between the time represented by the timestamp and the current time is within a predetermined range. For example, time When the time represented by the stamp is the validity time of the verification token, the server 120 can determine whether the validity period of the verification token is valid based on whether the time represented by the timestamp is later than the current time. When the validity period of the verification token is valid, the server 120 It can be determined that the received verification token has not passed the verification. On the contrary, the server 120 can determine that the received verification token has not passed the verification. The received verification token has not passed the verification; the server 120 can also check whether the verification token has been confirmed, that is, whether the verification value in the verification token has been received before. If so, the server 120 can determine that the received verification token has not been received. Passes the verification, if not, the server 120 can determine that the received verification token passes the verification.

伺服器120也負責在確認驗證信物後,產生驗證資料,並將所產生的驗證資料傳送給第二客戶端130。伺服器120所產生的驗證資料通常為一定數量之字母、數字、符號排列而成,伺服器120可以隨機產生驗證資料,但本發明並不以此為限,例如,伺服器120也可以對當前時間、第一客戶端110及/或第二客戶端130的網路位址或硬體序號進行預定編碼以產生驗證資料。其中,上述之預定編碼包含但不限於雜湊運算或位元重新排列等。 The server 120 is also responsible for generating verification data after confirming the verification token, and transmitting the generated verification data to the second client 130 . The verification data generated by the server 120 is usually composed of a certain number of letters, numbers, and symbols. The server 120 can randomly generate the verification data, but the present invention is not limited to this. For example, the server 120 can also generate the current verification data. The time, the network address or the hardware serial number of the first client 110 and/or the second client 130 are predetermined encoded to generate verification data. The above-mentioned predetermined coding includes but is not limited to hash operation or bit rearrangement.

伺服器120也可以在確認驗證信物後,由資料對應表中讀取與驗證信物儲存為同一筆資料的認證資料,並將所讀出之認證資料連同驗證資料傳送到第二客戶端130。 After confirming the verification token, the server 120 may also read the authentication data stored as the same data as the verification token from the data correspondence table, and send the read authentication data together with the verification data to the second client 130 .

在部分的實施例中,伺服器120也可以提供第二客戶端130設定與驗證資料對應的資料勾稽值,並可以在接收到第一客戶端110所傳送之相同的資料勾稽值時,將相對應的驗證資料傳送給第一客戶端110。 In some embodiments, the server 120 can also provide the second client 130 to set the data check value corresponding to the verification data, and can add the corresponding data check value when receiving the same data check value sent by the first client 110. The corresponding verification data is sent to the first client 110.

伺服器120也可以接收第二客戶端130所傳送的驗證密碼及認證資料,並可以依據所接收到的認證資料讀出儲存在資料對應表中的確認密碼,及比對所接收到之驗證密碼與所讀出之確認密碼是否相同。一般而言,驗證密碼與認證資料可以包含在結果查詢請求中,當驗證密碼與確認密碼不同時,伺服器120可以直接產生表示的密碼未通過驗證或身分未通過驗證的身分驗證結 果,並可以將所產生之身分驗證結果傳回第二客戶端130,而當驗證密碼與確認密碼相同時,伺服器120可以產生驗證資料。 The server 120 can also receive the verification password and authentication data sent by the second client 130, and can read the confirmation password stored in the data correspondence table based on the received authentication data, and compare the received verification password. Is it the same as the confirmation password read out? Generally speaking, the verification password and authentication information can be included in the result query request. When the verification password and the confirmation password are different, the server 120 can directly generate an identity verification result indicating that the password has not passed verification or the identity has not passed verification. As a result, the generated identity verification result can be sent back to the second client 130, and when the verification password and the confirmation password are the same, the server 120 can generate verification data.

伺服器120也負責接收第一客戶端110所傳送的驗證資料,並驗證所接收到的驗證資料以產生相對應的身分驗證結果,及可以將所產生的身分驗證結果傳回第一客戶端110。更詳細的,伺服器120可以比對所接收到的驗證資料與先前所產生的確認密碼是否相同以確認使用者的身分,當驗證資料與確認密碼相同時,伺服器120可以判斷第一客戶端110與第二客戶端130的使用者相同,並產生表示驗證資料通過驗證或身分通過驗證的身分驗證結果,反之,當驗證資料與確認密碼不同時,伺服器120可以要求第一客戶端110重新傳送驗證資料,並可以在驗證資料沒有通過驗證的次數達到預定值時,判斷第一客戶端110與第二客戶端130的使用者不同,並產生表示驗證資料沒有通過驗證或身分沒有通過驗證的身分驗證結果。 The server 120 is also responsible for receiving the verification data sent by the first client 110, verifying the received verification data to generate a corresponding identity verification result, and transmitting the generated identity verification result back to the first client 110. . In more detail, the server 120 can compare whether the received verification data is the same as the previously generated confirmation password to confirm the user's identity. When the verification data and the confirmation password are the same, the server 120 can determine whether the first client 110 is the same user as the second client 130 and generates an identity verification result indicating that the verification data is verified or the identity is verified. On the contrary, when the verification data is different from the confirmation password, the server 120 can require the first client 110 to re- Send verification data, and when the number of times the verification data fails to pass verification reaches a predetermined value, it can be determined that the users of the first client 110 and the second client 130 are different, and generate a message indicating that the verification data has not passed verification or the identity has not passed verification. Identity verification result.

伺服器120也負責將所產生的身分驗證結果傳送給第二客戶端130。一般而言,伺服器120可以在接收到第二客戶端130所傳送的結果查詢請求時,才傳送身分驗證結果給第二客戶端130,但本發明並不以此為限,伺服器120也可以在產生身分驗證結果後就將身分驗證結果傳送到第二客戶端130。 The server 120 is also responsible for transmitting the generated identity verification result to the second client 130 . Generally speaking, the server 120 can send the identity verification result to the second client 130 only after receiving the result query request sent by the second client 130. However, the present invention is not limited to this, and the server 120 can also The identity verification result may be transmitted to the second client 130 after the identity verification result is generated.

第二客戶端130負責透過第一客戶端110取得伺服器120所產生的編碼訊息。更詳細的,第二客戶端130可以擷取第一客戶端110所顯示之編碼訊息、接收第一客戶端110所推播之編碼訊息、依據與第一客戶端110預先約定之訊息勾稽值至伺服器120下載編碼訊息、透過電子郵件或即時訊息接收第一客戶端110所傳送之編碼訊息、或透過跨應用程式之方式接收來自第一客戶端110的編碼訊息。 The second client 130 is responsible for obtaining the encoded information generated by the server 120 through the first client 110 . In more detail, the second client 130 can retrieve the coded message displayed by the first client 110, receive the coded message pushed by the first client 110, and check the value based on the message pre-agreed with the first client 110. The server 120 downloads the encoded message, receives the encoded message sent by the first client 110 through email or instant message, or receives the encoded message from the first client 110 through a cross-application method.

第二客戶端130也負責解碼所取得之編碼訊息以取得編碼訊息所表示的連線資訊、個人資料及驗證信物,其中,第二客戶端130可以使用與產生編碼訊息對應的解碼演算法解碼編碼訊息以取得連線資訊、個人資料及驗證信物,或第二客戶端130也可依據編碼訊息連線到特定目標下載連線資訊、個人資料及驗證信物。但第二客戶端130解碼編碼訊息之方式並不以上述為限。 The second client 130 is also responsible for decoding the obtained encoded message to obtain the connection information, personal information and verification token represented by the encoded message. The second client 130 can decode the encoded message using a decoding algorithm corresponding to the generated encoded message. message to obtain connection information, personal data and verification tokens, or the second client 130 can also connect to a specific target according to the encoded message to download connection information, personal data and verification tokens. However, the method in which the second client 130 decodes the encoded message is not limited to the above.

第二客戶端130也負責依據所取得之連線資訊將所取得之驗證信物與全部或部分的個人資料傳送至伺服器120。舉例來說,第二客戶端130可以直接依據連線資訊所包含之伺服器120的API將個人資料與驗證信物傳送給伺服器120;第二客戶端130也可以依據連線資訊所包含之URL Scheme開啟特定應用程式並將伺服器120的API及個人資料與驗證信物提供給被開啟的應用程式,使得被開啟的應用程式依據伺服器120的API將全部或部分之個人資料與驗證信物傳送給伺服器120,但第二客戶端130依據連線資訊將驗證信物與個人資料傳送至伺服器120之方式並不以上述為限。 The second client 130 is also responsible for transmitting the obtained verification token and all or part of the personal data to the server 120 based on the obtained connection information. For example, the second client 130 can directly transmit the personal information and verification token to the server 120 according to the API of the server 120 included in the connection information; the second client 130 can also transmit the personal information and verification token to the server 120 according to the URL included in the connection information. Scheme opens a specific application and provides the API of the server 120 and personal data and verification tokens to the opened application, so that the opened application transmits all or part of the personal data and verification tokens to the server according to the API of the server 120 The server 120, but the method in which the second client 130 transmits the verification token and personal data to the server 120 based on the connection information is not limited to the above.

第二客戶端130也可以接收伺服器120所傳送的認證資料,並可以輸入驗證密碼,及可以將所接收到的認證資料及被輸入的驗證密碼傳送到伺服器120。一般而言,第二客戶端130可以提供密碼輸入介面以輸入驗證密碼。 The second client 130 can also receive the authentication information sent by the server 120, enter the verification password, and can transmit the received authentication information and the entered verification password to the server 120. Generally speaking, the second client 130 can provide a password input interface for inputting the verification password.

第二客戶端130也負責接收伺服器120所傳送的驗證資料,並可以將所接收到的驗證資料提供給第一客戶端110;第二客戶端130也可以在收到驗證資料後,產生結果查詢請求,並可以將所產生的結果查詢請求傳送到伺服器120以下載身分驗證結果。 The second client 130 is also responsible for receiving the verification data sent by the server 120, and can provide the received verification data to the first client 110; the second client 130 can also generate results after receiving the verification data. query request, and the generated result query request can be sent to the server 120 to download the identity verification result.

第二客戶端130也負責接收伺服器120所產生的身分驗證結果,並可以在身分驗證結果表示驗證資料通過確認時,也就是使用者身分通過驗證 時,使用所取得之個人資料與被輸入之驗證資料向憑證伺服器(圖中未示)申請數位憑證。 The second client 130 is also responsible for receiving the identity verification result generated by the server 120, and can when the identity verification result indicates that the verification data has been verified, that is, the user's identity has been verified. When using the obtained personal information and the entered verification information to apply for a digital certificate from the certificate server (not shown in the figure).

接著以一個實施例來解說本發明的運作系統與方法,並請參照「第2A圖」本發明所提之依憑證及驗證資料在不同裝置上確認身分之方法流程圖。在本實施例中,假設第一客戶端110為個人電腦或筆記型電腦、第二客戶端130為智慧型手機,但本發明並不以此為限。 Next, an embodiment will be used to explain the operating system and method of the present invention, and please refer to "Figure 2A" for the flow chart of the method of confirming identity on different devices based on certificates and verification data according to the present invention. In this embodiment, it is assumed that the first client 110 is a personal computer or a laptop and the second client 130 is a smartphone, but the invention is not limited thereto.

當使用者欲在第二客戶端130上進行身分確認以申請數位憑證時,若選擇使用本發明,則使用者可以操作已有有效之數位憑證的第一客戶端110,並在第一客戶端110上輸入個人資料,使得第一客戶端110對被輸入之個人資料簽章而產生簽章值(步驟210)。在本實施例中,假設使用者可以操作第一客戶端110執行瀏覽器連線到伺服器120,接著,瀏覽器可以顯示資料輸入介面以提供使用者輸入個人資料,並可以在使用者完成個人資料的輸入後,使用與數位憑證對應的私鑰對被輸入之個人資料(不包含確認密碼)簽章而產生相對應的簽章值。 When the user wants to confirm his identity on the second client 130 to apply for a digital certificate, if he chooses to use the present invention, the user can operate the first client 110 that already has a valid digital certificate, and apply for a digital certificate on the first client. Personal information is input on the client 110, so that the first client 110 signs the input personal information to generate a signature value (step 210). In this embodiment, it is assumed that the user can operate the first client 110 to execute the browser connection to the server 120. Then, the browser can display a data input interface to provide the user with input personal information, and can complete the personal information when the user completes the process. After the data is entered, the private key corresponding to the digital certificate is used to sign the entered personal data (excluding the confirmation password) to generate the corresponding signature value.

在第一客戶端110產生簽章值後,第一客戶端110可以將所輸入之個人資料與所產生的簽章值傳送到伺服器120,伺服器120可以在接收到第一客戶端110所傳送之個人資料與簽章值後,驗證所接收到的個人資料與簽章值(步驟220)。在本實施例中,假設第一客戶端110可以將不包含確認密碼之個人資料、及對不包含確認密碼之個人資料簽章所產生的簽章值傳送給伺服器120,並保持與伺服器120連線,伺服器120可以對個人資料及簽章值進行驗證。 After the first client 110 generates the signature value, the first client 110 can transmit the input personal information and the generated signature value to the server 120. The server 120 can receive the signature value from the first client 110. After transmitting the personal information and signature value, the received personal information and signature value are verified (step 220). In this embodiment, it is assumed that the first client 110 can transmit the personal data that does not include the confirmation password and the signature value generated by signing the personal data that does not include the confirmation password to the server 120, and maintain it with the server. 120 connection, server 120 can verify personal information and signature value.

若個人資料與簽章值沒有通過伺服器120的驗證,則伺服器120可以不產生提示訊息,並可以將所產生之提示訊息傳回第一客戶端110,使第一客 戶端110顯示伺服器120所產生的提示訊息;而若個人資料與簽章值通過伺服器120的驗證,則伺服器120可以產生驗證信物(步驟231)。在本實施例中,假設伺服器120可以透過隨機的方式產生驗證信物中的驗證值,並可以在驗證信物加入表示有效期限的時間戳,同時,伺服器120也可以將所接收到之個人資料中的使用者識別資料(與確認密碼)及所產生之驗證信物做為一筆資料儲存到資料對應表中。 If the personal data and signature value do not pass the verification of the server 120, the server 120 may not generate a prompt message, and may send the generated prompt message back to the first client 110, so that the first client The client 110 displays the prompt message generated by the server 120; and if the personal information and signature value pass the verification of the server 120, the server 120 can generate a verification token (step 231). In this embodiment, it is assumed that the server 120 can generate the verification value in the verification token in a random manner, and can add a timestamp indicating the validity period to the verification token. At the same time, the server 120 can also process the received personal data. The user identification information (and confirmation password) and the generated verification token are stored in the data correspondence table as a piece of information.

在伺服器120產生驗證信物後,伺服器120可以產生編碼訊息,並可以將所產生之編碼訊息傳送到第一客戶端110(步驟235)。在本實施例中,假設伺服器120可以產生記錄有接收自第一客戶端110之個人資料、所產生之驗證信物、及伺服器120之連線資訊的編碼訊息,且編碼訊息以QR code呈現。 After the server 120 generates the verification token, the server 120 may generate an encoded message, and may transmit the generated encoded message to the first client 110 (step 235). In this embodiment, it is assumed that the server 120 can generate an encoded message that records the personal data received from the first client 110, the generated verification token, and the connection information of the server 120, and the encoded message is presented as a QR code. .

在第一客戶端110接收到伺服器120所傳送的編碼訊息後,第二客戶端130可以透過第一客戶端110取得伺服器120所產生的編碼訊息(步驟240)。在本實施例中,假設第一客戶端110可以透過所包含的觸控螢幕等顯示模組顯示接收自伺服器120的編碼訊息,第二客戶端130可以透過所包含的影像擷取模組(如攝影鏡頭與感光元件)擷取第一客戶端110所顯示的編碼訊息。 After the first client 110 receives the encoded message sent by the server 120, the second client 130 can obtain the encoded message generated by the server 120 through the first client 110 (step 240). In this embodiment, it is assumed that the first client 110 can display the encoded message received from the server 120 through the included display module such as a touch screen, and the second client 130 can display the encoded message received from the server 120 through the included image capture module ( (such as a photographic lens and a photosensitive element) to capture the encoded information displayed by the first client 110.

在第二客戶端130取得伺服器120所產生的編碼訊息後,第二客戶端130可以解碼所取得的編碼訊息以取得編碼訊息所包含之個人資料、驗證信物、及連線資訊,並可以依據連線資訊將驗證信物與全部或部分之個人資料傳送到伺服器120(步驟250)。在本實施例中,假設第二客戶端130可以在解碼編碼訊息後取得以URL Scheme方式記載的資料,則第二客戶端130可以依據URL Scheme中之應用程式識別標誌(identifier)取得對應之應用程式名稱並顯示如「第3A圖」之使用者介面310,當使用者點擊使用者介面310中之「開啟APP」的區 塊311時,開啟相對應的應用程式,並透過第二客戶端130的作業系統將個人資料、驗證信物、連線資訊做為參數傳送給被開啟的應用程式,使得被開啟的應用程式在被第二客戶端130執行後可以依據連線資訊將個人資料中的使用者識別資料與驗證信物傳送給伺服器120。 After the second client 130 obtains the encoded message generated by the server 120, the second client 130 can decode the obtained encoded message to obtain the personal data, verification token, and connection information contained in the encoded message, and can based on The connection information transmits the verification token and all or part of the personal data to the server 120 (step 250). In this embodiment, assuming that the second client 130 can obtain the data recorded in the URL Scheme after decoding the encoded message, the second client 130 can obtain the corresponding application according to the application identifier in the URL Scheme. The program name is displayed in the user interface 310 as shown in "Figure 3A". When the user clicks on the "Open APP" area in the user interface 310 At block 311, the corresponding application program is opened, and the personal information, verification token, and connection information are sent as parameters to the opened application program through the operating system of the second client 130, so that the opened application program is After execution, the second client 130 can transmit the user identification information and verification token in the personal data to the server 120 based on the connection information.

在伺服器120接收到第二客戶端130所傳送的個人資料與驗證信物後,可以確認所接收到的驗證信物。在本實施例中,假設伺服器120可以依據所接收到之個人資料中的使用者識別資料由資料對應表中讀出被儲存為同一筆資料的驗證信物,並可以比對所讀出之驗證信物與所接收到的驗證信物是否相同,若兩驗證信物相同,則伺服器120可以確認所接收到的驗證信物有效,反之,伺服器120可以確認驗證信物無效。伺服器120也可以確認驗證信物是否被記錄為已接收,若是,則伺服器120可以確認所接收到的驗證信物無效。另外,伺服器120也可以在比對所讀出之驗證信物與所接收到的驗證信物相同後,判斷驗證信物所包含之有效期限是否早於當前時間,若是,則伺服器120可以確認驗證信物無效,若否,則伺服器120可以確認驗證信物有效,或伺服器120可以進一步判斷驗證信物中的驗證值是否曾經被驗證,也就是判斷伺服器120是否曾經接收過包含相同驗證值的驗證信物,若是,則伺服器120可以確認驗證信物無效,若否,則伺服器120可以確認驗證信物有效。 After the server 120 receives the personal information and the verification token sent by the second client 130, it can confirm the received verification token. In this embodiment, it is assumed that the server 120 can read the verification token stored as the same data from the data correspondence table based on the user identification data in the received personal data, and can compare the read verification tokens. Whether the token is the same as the received verification token. If the two verification tokens are the same, the server 120 can confirm that the received verification token is valid. Otherwise, the server 120 can confirm that the verification token is invalid. The server 120 may also confirm whether the verification token is recorded as received, and if so, the server 120 may confirm that the received verification token is invalid. In addition, the server 120 can also determine whether the validity period contained in the verification token is earlier than the current time after comparing the read verification token with the received verification token. If so, the server 120 can confirm the verification token. Invalid, if not, the server 120 can confirm that the verification token is valid, or the server 120 can further determine whether the verification value in the verification token has been verified before, that is, determine whether the server 120 has ever received a verification token containing the same verification value. , if yes, the server 120 can confirm that the verification token is invalid; if not, the server 120 can confirm that the verification token is valid.

若伺服器120確認所接收到的驗證信物無效,則伺服器120可以產生表示驗證信物無效的確認結果訊息,並可以將所產生的確認結果訊息傳送至第二客戶端130,第二客戶端130所執行之先前被開啟的應用程式可以在接收到確認結果訊息後,判斷確認結果訊息表示驗證信物無效時,顯示與確認結果訊息對應的提示訊息;而若伺服器120確認驗證信物有效,則伺服器120可以產生 驗證資料,並可以將所產生的驗證資料傳送到第二客戶端130(步驟260)。在本實施例中,假設伺服器120可以隨機產生驗證資料。 If the server 120 confirms that the received verification token is invalid, the server 120 can generate a confirmation result message indicating that the verification token is invalid, and can send the generated confirmation result message to the second client 130. The second client 130 The executed application that was previously opened may, after receiving the confirmation result message, determine that the confirmation result message indicates that the verification token is invalid, and display a prompt message corresponding to the confirmation result message; and if the server 120 confirms that the verification token is valid, the server 120 Device 120 can generate Verification information is generated, and the generated verification information may be transmitted to the second client 130 (step 260). In this embodiment, it is assumed that the server 120 can randomly generate verification data.

在第二客戶端130接收到伺服器120所傳送的驗證資料後,第一客戶端110可以透過第二客戶端130取得伺服器120所產生的驗證資料,並可以將所取得的驗證資料傳送給伺服器120(步驟270)。在本實施例中,假設第二客戶端130可以顯示所接收到的驗證資料,使用者可以在第一客戶端110所提供的驗證輸入介面上輸入第二客戶端130所顯示的驗證資料,並可以透過先前所保持之與伺服器120的連線將被輸入的驗證資料傳送給伺服器120,使得伺服器120可以在與第一客戶端110的同一會話期間先後接收到個人資料/簽章值與驗證資料。 After the second client 130 receives the verification data sent by the server 120, the first client 110 can obtain the verification data generated by the server 120 through the second client 130, and can send the obtained verification data to Server 120 (step 270). In this embodiment, assuming that the second client 130 can display the received verification data, the user can input the verification data displayed by the second client 130 on the verification input interface provided by the first client 110, and The input verification information can be transmitted to the server 120 through the previously maintained connection with the server 120, so that the server 120 can receive the personal information/signature value successively during the same session with the first client 110. and verification information.

在伺服器120接收到第一客戶端110所傳送的驗證資料後,可以對驗證資料進行驗證以產生身分驗證結果,並可以將所產生的身分驗證結果傳送給第一客戶端110。在本實施例中,假設伺服器120可以依據所接收到之驗證信物中的驗證值讀出相對應的確認密碼,並比對所接收到的驗證資料與所讀出的確認密碼,當驗證資料與確認密碼不同時,伺服器120可以產生表示驗證資料確認失敗身分驗證未通過之身分驗證結果並傳送所產生之身分驗證結果給第一客戶端110,使得第一客戶端110依據伺服器120所產生的身分驗證結果顯示相對應的提示訊息;而若驗證資料與確認密碼相同,則伺服器120可以判斷第一客戶端110與第二客戶端130的使用者相同,伺服器120可以產生表示驗證資料確認成功身分通過驗證的身分驗證結果,並可以將所產生之身分驗證結果傳送給第一客戶端110。 After the server 120 receives the verification data sent by the first client 110, it can verify the verification data to generate an identity verification result, and can send the generated identity verification result to the first client 110. In this embodiment, it is assumed that the server 120 can read the corresponding confirmation password based on the verification value in the received verification token, and compare the received verification data with the read confirmation password. When the verification data When different from confirming the password, the server 120 can generate an identity verification result indicating that the verification data confirmation failed and the identity verification failed and transmit the generated identity verification result to the first client 110 so that the first client 110 can The generated identity verification result displays a corresponding prompt message; and if the verification information and the confirmation password are the same, the server 120 can determine that the users of the first client 110 and the second client 130 are the same, and the server 120 can generate a message indicating verification. The data confirms the identity verification result of the successful identity verification, and the generated identity verification result can be sent to the first client 110 .

同樣在伺服器120對第一客戶端110所傳送之驗證資料進行驗證以產生身分驗證結果後,可以將所產生的身分驗證結果傳送給第二客戶端130 (步驟280)。在本實施例中,假設第二客戶端130可以產生並傳送結果查詢請求至伺服器120,伺服器120在接收到結果查詢請求後,可以將所產生的身分驗證結果傳回第二客戶端130。 Similarly, after the server 120 verifies the verification data sent by the first client 110 to generate an identity verification result, the generated identity verification result can be sent to the second client 130 (step 280). In this embodiment, it is assumed that the second client 130 can generate and send a result query request to the server 120. After receiving the result query request, the server 120 can send the generated identity verification result back to the second client 130. .

如此,透過本發明,第二客戶端130便可以經由第一客戶端110與伺服器確認使用者的身分。 In this way, through the present invention, the second client 130 can confirm the user's identity through the first client 110 and the server.

上述實施例中,在第二客戶端130接收到伺服器120所傳送的身分驗證結果後,可以判斷身分驗證結果是否表示使用者身分通過驗證。若身分驗證結果表示驗證資料確認成功,即使用者身分通過驗證,則第二客戶端130可以執行使用者欲執行的作業,如「第2B圖」之流程所示,第二客戶端130可以依據所接收到之個人資料與使用者所輸入之驗證資料向憑證伺服器申請數位憑證(步驟290)。 In the above embodiment, after the second client 130 receives the identity verification result sent by the server 120, it can determine whether the identity verification result indicates that the user's identity has been verified. If the identity verification result indicates that the verification data is confirmed successfully, that is, the user's identity is verified, the second client 130 can perform the operation that the user wants to perform. As shown in the process of "Figure 2B", the second client 130 can perform the operation according to the The received personal information and the verification information entered by the user apply for a digital certificate from the certificate server (step 290).

另外,上述實施例也可以如「第2C圖」所示之流程,在伺服器120產生驗證信物(步驟231)之前或之後,伺服器120可以產生認證資料,例如流水號。之後,在第二客戶端130將個人資料與驗證信物傳送給伺服器120(步驟250)後,伺服器120可以將所產生的確認結果訊息與認證資料傳送到第二客戶端130(步驟261)。 In addition, the above embodiment can also follow the process shown in "Figure 2C". Before or after the server 120 generates the verification token (step 231), the server 120 can generate authentication data, such as a serial number. Afterwards, after the second client 130 sends the personal information and verification token to the server 120 (step 250), the server 120 can send the generated confirmation result message and authentication information to the second client 130 (step 261). .

第二客戶端130所執行的應用程式可以在接收到確認結果訊息後,判斷確認結果訊息表示驗證信物有效時,提供包含所接收到之個人資料中的使用者識別資料之密碼輸入介面320(如「第3B圖」所示)給使用者,使得使用者透過第二客戶端130將驗證密碼輸入到第二客戶端130所執行的應用程式中,並可以由第二客戶端130所執行的應用程式將被輸入的驗證密碼與接收自伺服器120的認證資料傳送到伺服器120(步驟265)。 The application program executed by the second client 130 can, after receiving the confirmation result message, determine that the confirmation result message indicates that the verification token is valid, and provide a password input interface 320 containing the user identification data in the received personal data (such as (shown in "Figure 3B") to the user, so that the user can input the verification password into the application program executed by the second client 130 through the second client 130, and the application program executed by the second client 130 The program sends the entered verification password and the authentication information received from the server 120 to the server 120 (step 265).

伺服器120在接收到第二客戶端130所傳送之驗證密碼與認證資料後,可以依據接收到的認證資料讀出對應的確認密碼,並可以比對所接收到的驗證密碼與所讀出的確認密碼,當驗證密碼與確認密碼相同時,伺服器120可以產生驗證資料並傳送所產生的驗證資料給第二客戶端130(步驟267),使得第二客戶端130提供驗證資料給第一客戶端110。 After receiving the verification password and authentication information sent by the second client 130, the server 120 can read out the corresponding confirmation password based on the received authentication information, and can compare the received verification password with the read out verification password. Confirm the password. When the verification password is the same as the confirmation password, the server 120 can generate verification data and send the generated verification data to the second client 130 (step 267), so that the second client 130 provides the verification data to the first client. End 110.

綜上所述,可知本發明與先前技術之間的差異在於具有由伺服器驗證第一客戶端對個人資料簽章所產生之簽章值後產生編碼訊息並傳回第一客戶端,第二客戶端透過第一客戶端取得編碼訊息後,解碼編碼訊息以取得連線資訊、個人資料與驗證信物,並依據連線資訊傳送個人資料與驗證信物至伺服器,伺服器於確認驗證信物後產生並傳送驗證資料至第二客戶端,第一客戶端透過第二客戶端取得驗證資料並傳送驗證資料至伺服器驗證以產生身分驗證結果之技術手段,藉由此一技術手段可以來解決先前技術所存在申請電子憑證需要申請人親自臨櫃以確認身分而造成申請人不便的問題,進而達成以電子憑證確認不同裝置之使用者相同的技術功效。 In summary, it can be seen that the difference between the present invention and the prior art is that the server verifies the signature value generated by the first client's signature of personal data and then generates an encoded message and sends it back to the first client. After the client obtains the encoded message through the first client, it decodes the encoded message to obtain the connection information, personal data and verification token, and sends the personal data and verification token to the server based on the connection information. The server generates the verification token after confirming the verification token. And send the verification data to the second client. The first client obtains the verification data through the second client and sends the verification data to the server for verification to generate the identity verification result. This technical method can solve the problem of the previous technology. There is a problem that applying for an electronic voucher requires the applicant to come to the counter in person to confirm his or her identity, which causes inconvenience to the applicant. In this way, the same technical effect of using an electronic voucher to confirm users of different devices can be achieved.

再者,本發明之依憑證及驗證資料在不同裝置上確認身分之方法,可實現於硬體、軟體或硬體與軟體之組合中,亦可在電腦系統中以集中方式實現或以不同元件散佈於若干互連之電腦系統的分散方式實現。 Furthermore, the method of confirming identity on different devices based on certificates and verification data of the present invention can be implemented in hardware, software, or a combination of hardware and software. It can also be implemented in a centralized manner in a computer system or as different components. Implemented in a decentralized manner spread over several interconnected computer systems.

雖然本發明所揭露之實施方式如上,惟所述之內容並非用以直接限定本發明之專利保護範圍。任何本發明所屬技術領域中具有通常知識者,在不脫離本發明所揭露之精神和範圍的前提下,對本發明之實施的形式上及細節上作些許之更動潤飾,均屬於本發明之專利保護範圍。本發明之專利保護範圍,仍須以所附之申請專利範圍所界定者為準。 Although the embodiments of the present invention are disclosed above, the content described is not intended to directly limit the scope of patent protection of the present invention. Anyone with ordinary knowledge in the technical field to which the present invention belongs can make slight modifications and modifications to the form and details of the implementation of the present invention without departing from the spirit and scope disclosed by the present invention, which shall fall under the patent protection of the present invention. Scope. The scope of patent protection for this invention must still be defined by the scope of the attached patent application.

步驟210:第一客戶端輸入個人資料及確認密碼,並對個人資料簽章以產生簽章值 Step 210: The first client enters personal information and confirms the password, and signs the personal information to generate a signature value

步驟220:第一客戶端傳送個人資料與簽章值至伺服器,伺服器驗證個人資料與簽章值 Step 220: The first client sends personal information and signature value to the server, and the server verifies the personal information and signature value.

步驟231:伺服器於個人資料與簽章值通過驗證後產生驗證信物 Step 231: The server generates a verification token after the personal information and signature value are verified.

步驟235:伺服器產生包含個人資料、驗證信物及連線資訊之編碼訊息,並傳送編碼訊息給第一客戶端 Step 235: The server generates an encoded message including personal information, verification token and connection information, and sends the encoded message to the first client.

步驟240:第二客戶端透過第一客戶端取得編碼訊息 Step 240: The second client obtains the encoded message through the first client

步驟250:第二客戶端解碼編碼訊息以依據連線資訊傳送個人資料與驗證信物至伺服器 Step 250: The second client decodes the encoded message to send personal data and verification tokens to the server based on the connection information.

步驟260:伺服器確認驗證信物後產生驗證資料,並傳送驗證資料至第二客戶端 Step 260: The server generates verification data after confirming the verification token, and sends the verification data to the second client.

步驟270:第一客戶端透過第二客戶端取得驗證資料,並傳送驗證資料至伺服器 Step 270: The first client obtains the verification data through the second client and sends the verification data to the server.

步驟280:伺服器驗證驗證資料以產生身分驗證結果,並傳送身分驗證結果至第二客戶端 Step 280: The server verifies the verification data to generate an identity verification result, and sends the identity verification result to the second client.

Claims (10)

一種依憑證及驗證資料在不同裝置上確認身分之系統,該系統至少包含:一第一客戶端,用以輸入一個人資料,並對該個人資料簽章以產生一簽章值;一伺服器,用以接收該第一客戶端所傳送之該個人資料與該簽章值,並驗證該個人資料與該簽章值,及用以於該個人資料與該簽章值通過驗證後,產生一驗證信物與一編碼訊息,及傳送該編碼訊息給該第一客戶端,其中,該編碼訊息包含該第一客戶端所輸入之該個人資料、該伺服器所產生之該驗證信物、及該伺服器之一連線資訊;及一第二客戶端,用以透過該第一客戶端取得該伺服器所產生之該編碼訊息,並解碼該編碼訊息以取得該第一客戶端所輸入之該個人資料、該伺服器所產生之該驗證信物、及該伺服器之該連線資訊,並依據該連線資訊傳送該個人資料與該驗證信物至該伺服器,使該伺服器於確認該驗證信物後產生一驗證資料,該第二客戶端也用以接收該伺服器所傳送之該驗證資料;其中,該第一客戶端更用以透過該第二客戶端取得該伺服器所產生之該驗證資料,並傳送該驗證資料至該伺服器,該伺服器更用以驗證該驗證資料以產生一身分驗證結果,並傳送該身分驗證結果至該第二客戶端。 A system for confirming identity on different devices based on certificates and verification data. The system at least includes: a first client for inputting personal information and signing the personal information to generate a signature value; a server, For receiving the personal data and the signature value sent by the first client, verifying the personal data and the signature value, and for generating a verification after the personal data and the signature value are verified. token and an encoded message, and transmit the encoded message to the first client, wherein the encoded message includes the personal information input by the first client, the verification token generated by the server, and the server a connection information; and a second client, used to obtain the encoded message generated by the server through the first client, and decode the encoded message to obtain the personal information input by the first client , the verification token generated by the server, and the connection information of the server, and transmit the personal data and the verification token to the server based on the connection information, so that the server can confirm the verification token after Generate a verification data, and the second client is also used to receive the verification data sent by the server; wherein, the first client is further used to obtain the verification data generated by the server through the second client. , and transmits the verification information to the server. The server is further used to verify the verification information to generate an identity verification result, and transmit the identity verification result to the second client. 如請求項1所述之依憑證及驗證資料在不同裝置上確認身分之系統,其中該第二客戶端更用以於該伺服器判斷該驗證資料與該個人資料所包含之確認密碼相同時,使用該個人資料申請數位憑證。 As described in request 1, the system for confirming identity on different devices based on certificates and verification information, wherein the second client is further used to determine when the server determines that the verification information is the same as the confirmation password included in the personal information, Use this profile to apply for a digital voucher. 如請求項1所述之依憑證及驗證資料在不同裝置上確認身分之系統,其中該伺服器是在接收到該第二客戶端所傳送之結果查詢請求時傳送該身分驗證結果至該第二客戶端。 The system for confirming identity on different devices based on certificates and verification data as described in request item 1, wherein the server sends the identity verification result to the second client when receiving the result query request sent by the second client. client. 如請求項1所述之依憑證及驗證資料在不同裝置上確認身分之系統,其中該第一客戶端是在同一會話期間(Session)傳送該個人資料與該簽章值及該驗證資料至該伺服器。 The system for confirming identity on different devices based on certificates and verification data as described in request item 1, wherein the first client sends the personal data, the signature value and the verification data to the server. 如請求項1所述之依憑證及驗證資料在不同裝置上確認身分之系統,其中該第二客戶端更用以傳送一驗證密碼至該伺服器,該伺服器更用以比對該驗證密碼及該個人資料所包含之一確認密碼是否相同,當該驗證密碼與該確認密碼相同時產生該驗證資料。 The system for confirming identity on different devices based on certificates and verification information as described in request item 1, wherein the second client is further used to send a verification password to the server, and the server is further used to compare the verification password and whether a confirmation password contained in the personal information is the same. When the verification password is the same as the confirmation password, the verification data is generated. 一種依憑證及驗證資料在不同裝置上確認身分之方法,該方法至少包含下列步驟:一第一客戶端輸入一個人資料,並對該個人資料簽章以產生一簽章值,及傳送該個人資料與該簽章值至一伺服器;該伺服器驗證該個人資料與該簽章值,並於該個人資料與該簽章值通過驗證後,產生一驗證信物;該伺服器產生一編碼訊息,並傳送該編碼訊息給該第一客戶端,該編碼訊息包含該第一客戶端所輸入之該個人資料、該伺服器所產生之該驗證信物、及該伺服器之一連線資訊;一第二客戶端透過該第一客戶端取得該伺服器所產生之該編碼訊息; 該第二客戶端解碼該編碼訊息以取得該第一客戶端所輸入之該個人資料、該伺服器所產生之該驗證信物、及該伺服器之該連線資訊,並依據該連線資訊傳送該個人資料與該驗證信物至該伺服器;該伺服器確認該驗證信物後,產生一驗證資料,並傳送該驗證資料至該第二客戶端;該第一客戶端透過該第二客戶端取得該伺服器所產生之該驗證資料,並傳送該驗證資料至該伺服器;及該伺服器驗證該驗證資料以產生一身分驗證結果,並傳送該身分驗證結果至該第二客戶端。 A method for confirming identity on different devices based on certificates and verification data. The method at least includes the following steps: a first client inputs a personal data, signs the personal data to generate a signature value, and transmits the personal data and the signature value to a server; the server verifies the personal data and the signature value, and generates a verification token after the personal data and the signature value are verified; the server generates an encoded message, and transmit the coded message to the first client, the coded message including the personal information input by the first client, the verification token generated by the server, and the connection information of the server; a first The second client obtains the encoded message generated by the server through the first client; The second client decodes the encoded message to obtain the personal information entered by the first client, the verification token generated by the server, and the connection information of the server, and transmits it based on the connection information. The personal information and the verification token are sent to the server; after the server confirms the verification token, it generates verification data and sends the verification data to the second client; the first client obtains it through the second client The server generates the verification data and sends the verification data to the server; and the server verifies the verification data to generate an identity verification result and sends the identity verification result to the second client. 如請求項6所述之依憑證及驗證資料在不同裝置上確認身分之方法,其中該方法於該伺服器傳送該身分驗證結果至該第二客戶端之步驟後,更包含該第二客戶端判斷該身分驗證結果表示該驗證資料通過驗證時,使用該個人資料申請數位憑證之步驟。 The method of confirming identity on different devices based on certificates and verification data as described in request item 6, wherein the method further includes the second client after the step of sending the identity verification result from the server to the second client When it is determined that the identity verification result indicates that the verification information has passed the verification, the steps are to use the personal information to apply for a digital certificate. 如請求項6所述之依憑證及驗證資料在不同裝置上確認身分之方法,其中該伺服器傳送該身分驗證結果至該第二客戶端之步驟,更包含該第二客戶端傳送結果查詢請求至該伺服器之步驟。 The method for confirming identity on different devices based on certificates and verification data as described in request item 6, wherein the server sends the identity verification result to the second client, and further includes the second client sending a result query request Steps to reach this server. 如請求項6所述之依憑證及驗證資料在不同裝置上確認身分之方法,其中該第二客戶端透過該第一客戶端取得該編碼訊息之步驟為該第二客戶端擷取該第一客戶端所顯示之該編碼訊息、該第一客戶端推播該編碼訊息至該第二客戶端、該第二客戶端依據與該第一客戶端約定之訊息勾稽值至該伺服器下載該編碼訊息、該第一客戶端透過電子郵件或即時訊息將該編碼訊息傳送 給第二客戶端、或透過跨應用程式(cross APP)之方式將該編碼訊息由該第一客戶端傳送到該第二客戶端。 The method for confirming identity on different devices based on certificates and verification data as described in request item 6, wherein the step for the second client to obtain the encoded message through the first client is for the second client to retrieve the first The coded message displayed by the client, the first client pushes the coded message to the second client, and the second client downloads the code from the server based on the message hook value agreed with the first client. message, the first client sends the encoded message via email or instant message to the second client, or transmit the encoded message from the first client to the second client in a cross APP manner. 如請求項6所述之依憑證及驗證資料在不同裝置上確認身分之方法,其中該方法於該伺服器產生該驗證資料之步驟前,更包含該伺服器傳送一認證資料至該第二客戶端,該第二客戶端傳送一驗證密碼及該認證資料至該伺服器,該伺服器比對該驗證密碼及該個人資料所包含之一確認密碼是否相同之步驟。 The method for confirming identity on different devices based on certificates and verification information as described in request item 6, wherein the method further includes the server sending an authentication information to the second client before the step of generating the verification information by the server. At the end, the second client sends a verification password and the authentication information to the server, and the server compares the verification password with a step of confirming whether the passwords included in the personal data are the same.
TW110126375A 2021-07-19 2021-07-19 System for confirming identity on different devices by verifying certification and verification code and method thereof TWI831029B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW110126375A TWI831029B (en) 2021-07-19 2021-07-19 System for confirming identity on different devices by verifying certification and verification code and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW110126375A TWI831029B (en) 2021-07-19 2021-07-19 System for confirming identity on different devices by verifying certification and verification code and method thereof

Publications (2)

Publication Number Publication Date
TW202305635A TW202305635A (en) 2023-02-01
TWI831029B true TWI831029B (en) 2024-02-01

Family

ID=86661358

Family Applications (1)

Application Number Title Priority Date Filing Date
TW110126375A TWI831029B (en) 2021-07-19 2021-07-19 System for confirming identity on different devices by verifying certification and verification code and method thereof

Country Status (1)

Country Link
TW (1) TWI831029B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI600308B (en) * 2015-04-30 2017-09-21 臺灣網路認證股份有限公司 System for using valid certificate to apply mobile certificate online and method thereof
CN109962781A (en) * 2017-12-26 2019-07-02 浙江宇视科技有限公司 A kind of digital certificate diostribution device
CN110222496A (en) * 2019-04-02 2019-09-10 公安部第三研究所 The method for realizing seal lifecycle management based on electronic identity voucher
TWM592134U (en) * 2019-11-19 2020-03-11 臺灣網路認證股份有限公司 System for verifying identity for opening an account using a vehicle in an ATM

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI600308B (en) * 2015-04-30 2017-09-21 臺灣網路認證股份有限公司 System for using valid certificate to apply mobile certificate online and method thereof
CN109962781A (en) * 2017-12-26 2019-07-02 浙江宇视科技有限公司 A kind of digital certificate diostribution device
CN110222496A (en) * 2019-04-02 2019-09-10 公安部第三研究所 The method for realizing seal lifecycle management based on electronic identity voucher
TWM592134U (en) * 2019-11-19 2020-03-11 臺灣網路認證股份有限公司 System for verifying identity for opening an account using a vehicle in an ATM

Also Published As

Publication number Publication date
TW202305635A (en) 2023-02-01

Similar Documents

Publication Publication Date Title
US8681642B2 (en) Equipment-information transmitting apparatus, service control apparatus, equipment-information transmitting method, and computer products
JP5193787B2 (en) Information processing method, relay server, and network system
JP2009032070A (en) Authentication system and authentication method
TWM539667U (en) System of online credentials application for network transaction via carrier
TWI720738B (en) System for combining architectures of fido and pki to identity user and method thereof
US12107956B2 (en) Information processing device, information processing method, and non-transitory computer readable storage medium
TWI644276B (en) System for opening account and applying mobile banking account online and method thereof
TWM594186U (en) Device and system combining online rapid authentication and public key infrastructure to identify identity
CN115037480A (en) Method, device, equipment and storage medium for equipment authentication and verification
TWM618726U (en) System for verifying identity on different devices based on certificates and verification data
TWM592629U (en) System to obtain appended data and execute corresponding operation when identity is confirmed
TWM539668U (en) System for opening account online and applying for mobile banking
TWI831029B (en) System for confirming identity on different devices by verifying certification and verification code and method thereof
TWM620550U (en) System for verifying identity on different devices by verifying valid certificates
TWM641468U (en) Electronic certificate and digital certificate verification system through third-party platform
TWI803907B (en) System for confirming identity on different devices by verifying valid certification and method thereof
WO2022073336A1 (en) Secure payment method and apparatus, electronic device, and storage medium
EP3410331A1 (en) A system and method for transferring data to an authentication device
JP5793593B2 (en) Network authentication method for securely verifying user identification information
TWM609003U (en) System for transferring to client end to continue operation after confirming the identity on the public equipment
TWM583978U (en) System of using physical carrier to store digital certificate for performing online transaction
TWM588313U (en) System for confirming user identity through financial account information
TWI767113B (en) System for using certificate stored in carrier to conduct online transactions and method thereof
CN113645239B (en) Application login method and device, user terminal and storage medium
TWI777105B (en) System for obtaining additional data when identifying to execute operation and method thereof