M415521 五、新型說明: 【新型所屬之技術領域】 本創作係關於一種使用者認證系統。更具體而言,本創作之使 用者認證系統係可透過前端之認證方式,判斷使用者之合法性, 俾使用者進行後端之相關操作。 【先前技術】 於習知技術中,臨時性業務處理之身分認證流程主要係採人工 判斷方式,於確認使用者身份之合法性後,同意使用者進行後續 之相關流程。舉例來說,一般企業公司判斷訪客之合法性皆利用 人工處理之方式,更具體而言,一般企業公司通常於門口設立數 名作業人員,當有訪客欲進入公司内部時,便透過作業人員以人 工之方式進行訪客身分之辨識,並於確認訪客之合法性後發給訪 客識別證,俾訪客獲得進入公司之權限。 又或者,當客戶欲進入銀行或公家機關等服務端點,進行臨時 性之業務處理時,通常須先行填寫業務相關表單,並接著排隊等 候處理。而當等候時間結束,客戶可至櫃檯處理相關業務時,業 務處理人員此時始得以人工之方式進行客戶之身分認證,並於確 認客戶身分之合法性後方進行後續業務處裡。 然而,於前述臨時性業務處理流程中,採人工判斷客戶身分之 方式,通常有額外配置特殊人力之要求,且人工判斷之不確定性 易造成業務處理整體流程之延遲,使得處理成本之增加及負擔。 因此,如何提供一種有效率、低成本之使用者認證系統,乃業界 M415521 亟需努力之目標。 、 【新型内容】 為解決前述臨時性業務處理流程中,採人工判斷客戶身分之方 式所產生之問題,本創作提供了 一種使用者認證系統,其主要係 透過預約、識別及認證等程序,自動完成使用者認證流程。 為完成前述目的,本創作提供一種使用者認證系統,包含影像 擷取元件、處理元件以及識別碼提供元件,並與資料庫以及資料 • 存取控制元件連結。影像擷取元件用以擷取使用者之身分辨識資 訊。處理元件透過網路連接資料庫,用以判斷使用者之身分辨識 資訊符合資料庫所記錄之認證資訊。識別碼提供元件用以根據身 分辨識資訊與認證資訊相符的結果提供使用者身分識別資訊,並 將身分識別資訊註冊於資料存取控制元件,俾使用者利用身分識 別資訊進行資料存取控制元件之操作。 【實施方式】 • 以下將透過實施例來解釋本創作内容。然而,本創作的實施例 並非用以限制本創作需在如實施例所述之任何環境、應用或方式 方能實施。因此,關於實施例之說明僅為闡釋本創作之目的,而 非用以直接限制本創作。需説明者,以下實施例及圖示中,與本 創作非直接相關之元件已省略而未繪示。 首先,請同時參考第1A圖、第1B圖以及第1C圖,其分別為 本創作第一實施例之一使用者認證系統1之正面圖、側面圖以及 元件連結關係示意圖。使用者認證系統1包含一影像擷取元件1卜 M415521 一處理元件13以及一識別碼提供元件15,並透過一'第一連線Ll 以及一第二連線L2,分別與一資料庫20以及一資料存取控制元 件30連結,其中,處理元件13分別與影像擷取元件11以及識別 碼提供元件15電性連結。而各元件之功能及互動,將於下述之内 容中詳細說明。 首先’當一使用者欲進行身分確認時,影像擷取元件11將擷取 該使用者之一身分辨識資訊S1。具體來說,若該使用者之身分辨 識資訊S1係身分證明文件,例如身分證、護照、健保卡或駕照等 文件’則影像擷取元件11可為掃描器或攝影機,用以揭取掃描該 身分證明文件影像,並進一步透過對身分證明文件上的資料進行 光學子元辨識(Optical Character Recognition, OCR)或是影像辨 識等處理,進而取得身分辨識資訊S1。 另一方面,若身分辨識資訊S1係生物特徵,例如指紋、臉型特 徵或眼睛虹膜等,則影像擷取元件U可為指紋辨識裝置、虹膜辨 識裝置或臉型特徵擷取設備,以生物特徵掃描之方式掃描身分辨 識資訊si。接著,當影像擷取元件u擷取了身分辨識資訊S1後, 處理元件13便利用第一網路L1所連接之資料庫2〇所存之資料, 加以判斷該使用者之身分辨識資訊S1是否符合資料庫2〇所記錄 之一認證資訊D1。 須特別說明者’資料庫20中預先储存認證資訊m係該使用者 透過預先申請之方式,將其身分相關資料註冊於資料庫2〇中。例 如’使用者可先透過企業公司之_,利用使用者相關身分認證 資料進行訪談時狀簡;承者,使用者可先録行或公家機關 M415521 等服務端點’先行巾請個人帳號’並同時提交身分認證資料。如 此一來’使用者認證系統1將可根據資料庫2〇中已存之認證資料 D1進行該使用者之身分比對。 隨即’若處理元件13判斷該使用者之身分辨識資訊si符合資 料庫20所記錄之認證資訊D1,則識別碼提供元件15便據以提供 該使用者一身分識別資訊N1,並同時將身分識别資訊见透過第 二網路L2註冊於資料存取控制元件3G,俾該使歸可利用身分 鲁識別資ΙΠΝ1進行資料存取控制元件3〇之操作。而身分識別資訊 N1可以下述至少兩種實施態樣完成。 具體而言’第-種身分識別資mN1之實施態樣,主要係於處理 元件13判斷該使用者之身分辨識資訊以符合資料庫⑽所記錄之 認證資訊D1後,由識別碼提供元件15產生一身分識別物件i5i, 並將身分識別資訊N1記錄於身分識別物件151中,則該使用者便 可利用具有身分識別資訊N1之身分識別物件151進行資料存取控 _ 制元件30之操作。 另一方面,第二種身分識別資訊N2之實施態樣,主要係於處理 兀件13判斷該使用者之身分辨識資訊S1符合資料庫2〇所記錄之 資訊D1後,由識別碼提供元件15擷取該使用者所提供之物 件(例如具無線射頻辨識(Radio Frequency IDentification,RFID ) 之卡片)之一電子標籤,並根據該電子標籤產生身分識別資訊N1, 則同樣地’該使用者便可利用與身分識別資訊Ni相關之該電子標 鐵連行資料存取控制元件30之操作。 為便於理解’以下將以範例解釋前述使用者認證系統1之作業 7 M415521 流程。舉例來說’當訪客欲中請進人企業公司時,其可先透過企 業公司之網站、電話或其他途徑,直接進行登錄註冊或預约之 動作,以預先將認證資訊D1建立於資料庫2〇中。如此一來,訪 客便可於預約時間’前往企業公司進行使用者認證系統i之操作。 而當訪客依約到企業公司時,便可利用使用者認證系統i進行 身分認證。首先’訪客可切本人之身分證件置於影像擷取元件 11處進行影像插取’並且進一步透過光學字元辨識或影像辨識等 方式,獲取訪客之身分辨識資訊S1。接著,處理元件13便可判斷 訪客之身分辨識資訊S1與資料庫2〇中的認證資訊D1相符,以確 認訪客具有進入企業公司的權限。 隨後’識別碼提供元件15便以至少以下二種方式提供訪客身分 辨識資訊N1,俾訪客操作後端之門禁系統(即資料存取控制元件 30)。第一種方式,具體而言,當處理元件13判斷訪客之身分辨 識資訊S1與認證資訊D1相符後,識別碼提供元件15便提供訪客 記錄有合法之身分識別資訊N1之身分識別物件151,並同時將身 分識別資訊N1透過第二網路L2註冊於資料存取控制元件30,如 此一來,當訪客便利用身分識別物件151操作資料存取控制元件 30時’資料控制元件30便可根據以註冊之身分識別資訊Ni,確 認訪客之合法性。 另一方面,第二種方式,當處理元件13判斷訪客之身分辨識資 訊S1與認證資訊D1相符後,識別碼提供元件15便要求訪客提供 具電子標籤之物件(例如悠遊卡),並根據電子標籤產生身分識別 資訊N卜且同時將身分識別資訊N1透過第二網路L2註冊於資料 M415521 存取控制元件30。如此一采,訪客便可刹 〜用具有與身公饵沿丨二4 關之電子標籤,合法地進行資料存取控 』疋件30之操作 N1相 -n〜仟30之操作。 於另一範例令,當使用者欲至銀行進行業務 -、處理前,必 銀行進行開戶,而使用者於開戶的同時,銀Γ 丁更可先行註冊使用 者之認證資訊D1 (例如使用者之指紋等生物待徵) 於資料庫20中,俾後續辨識使用者之用途。 並將其6己錄 灸’當使用者至銀M415521 V. New description: [New technical field] This creation is about a user authentication system. More specifically, the user authentication system of the present invention can determine the legitimacy of the user through the authentication method of the front end, and the user can perform related operations on the back end. [Prior Art] In the prior art, the identity authentication process of the temporary business process mainly adopts the manual judgment mode, and after confirming the legality of the user identity, the user is allowed to perform the subsequent related process. For example, a general corporate company judges the legality of visitors to use manual processing. More specifically, a general corporate company usually sets up several operators at the door. When a visitor wants to enter the company, he or she Manual identification of the identity of the visitor, and after confirming the legality of the visitor, the visitor identification certificate is issued, and the visitor gains access to the company. Or, when a customer wants to enter a service endpoint such as a bank or a public agency to conduct temporary business processing, it is usually necessary to fill in the business related form first, and then wait in line for processing. When the waiting time is over and the customer can go to the counter to handle the related business, the business processing personnel can manually authenticate the customer's identity at the time, and confirm the legality of the customer's identity before proceeding to the subsequent business office. However, in the foregoing temporary business process, the method of manually determining the customer's identity usually requires additional special manpower, and the uncertainty of the manual judgment is likely to cause delay in the overall process of the business process, resulting in an increase in the processing cost. burden. Therefore, how to provide an efficient and low-cost user authentication system is the goal of the industry M415521. [New Content] In order to solve the problems arising from the manual judgment of the customer's identity in the above-mentioned temporary business process, this creation provides a user authentication system, which is mainly through the procedures of appointment, identification and authentication. Complete the user authentication process. To accomplish the foregoing objectives, the present author provides a user authentication system that includes an image capture component, a processing component, and an identification code providing component, and is coupled to a database and data access control components. The image capture component is used to retrieve the user's identity identification information. The processing component is connected to the database through the network to determine that the user's identity identification information conforms to the authentication information recorded in the database. The identifier providing component is configured to provide the user identity identification information according to the result of the identity identification information and the authentication information, and register the identity identification information in the data access control component, and the user uses the identity identification information to perform the data access control component. operating. [Embodiment] The present creation will be explained below by way of examples. However, the embodiments of the present invention are not intended to limit the present invention to be implemented in any environment, application or manner as described in the embodiments. Therefore, the description of the embodiments is merely illustrative of the purpose of the present invention and is not intended to limit the present invention directly. It should be noted that in the following embodiments and illustrations, elements that are not directly related to the present creation have been omitted and are not shown. First, please refer to FIG. 1A, FIG. 1B, and FIG. 1C, respectively, which are front view, side view, and component connection diagram of the user authentication system 1 of the first embodiment of the present invention. The user authentication system 1 includes an image capturing component 1 M415521, a processing component 13 and an identification code providing component 15, and is connected to a database 20 through a first connection L1 and a second connection L2. A data access control element 30 is coupled, wherein the processing element 13 is electrically coupled to the image capturing element 11 and the identification code providing element 15, respectively. The functions and interactions of the various components are described in detail below. First, when a user wants to perform identity verification, the image capturing component 11 will retrieve the identity identification information S1 of the user. Specifically, if the user's identity identification information S1 is an identity document, such as an identity card, a passport, a health insurance card, or a driver's license, the image capturing component 11 may be a scanner or a camera for uncovering the scan. The identity document image is further processed by optical character recognition (OCR) or image recognition on the data on the identity document to obtain the identity identification information S1. On the other hand, if the identity identification information S1 is a biometric feature, such as a fingerprint, a face feature, or an iris of the eye, the image capture component U can be a fingerprint recognition device, an iris recognition device, or a face feature extraction device, and scan the biometric feature. The method scans the identity identification information si. Then, after the image capturing component u captures the identity identification information S1, the processing component 13 facilitates using the data stored in the database 2 connected to the first network L1 to determine whether the identity identification information S1 of the user matches. One of the records of the certification information D1 recorded in the database. It is necessary to specify that the authentication information is stored in the database 20 in advance. The user registers the identity-related information in the database by means of a pre-application. For example, the user can first use the user's relevant identity authentication data to conduct interviews. The user can first record the service or the public agency M415521 and other service endpoints. Submit identity information at the same time. As a result, the user authentication system 1 will perform the identity comparison of the user based on the existing authentication data D1 in the database. Then, if the processing component 13 determines that the identity identification information si of the user meets the authentication information D1 recorded by the database 20, the identification code providing component 15 provides the identity identification information N1 of the user and simultaneously identifies the identity. The information can be registered in the data access control element 3G through the second network L2, so that the user can use the identity identification resource 1 to perform the operation of the data access control element 3. The identity identification information N1 can be completed in at least two implementation manners described below. Specifically, the implementation aspect of the 'first identity identification element mN1 is mainly generated by the identification code providing component 15 after the processing component 13 determines the identity identification information of the user to conform to the authentication information D1 recorded by the database (10). When the identity identification item i5i is identified and the identity identification information N1 is recorded in the identity identification object 151, the user can perform the operation of the data access control element 30 using the identity identification object 151 having the identity identification information N1. On the other hand, the implementation of the second identity identification information N2 is mainly provided by the processing component 13 after the processing component 13 determines that the identity identification information S1 of the user meets the information D1 recorded in the database 2 Taking an electronic tag of an object provided by the user (for example, a card with a radio frequency identification (RFID)), and generating identity identification information N1 according to the electronic tag, the user can The operation of the electronic access control element 30 is performed by the electronic standard associated with the identity identification information Ni. For ease of understanding, the operation of the aforementioned user authentication system 1 7 M415521 will be explained by way of example. For example, when a visitor wants to enter a corporate company, he or she can directly log in to register or make an appointment through the company's website, telephone or other means to establish the authentication information D1 in the database 2 in advance. In the middle. In this way, the visitor can go to the corporate company to perform the user authentication system i at the time of the appointment. When the visitor agrees to the company, the user authentication system i can be used for identity authentication. First, the 'visitor can cut his identity card to the image capturing component 11 for image insertion' and further obtain the identity identification information S1 of the visitor by means of optical character recognition or image recognition. Next, the processing component 13 can determine that the identity identification information S1 of the visitor matches the authentication information D1 in the database 2 to confirm that the visitor has the right to enter the company. Subsequently, the identification code providing unit 15 provides the visitor identification information N1 in at least two ways, and the visitor operates the access control system of the back end (i.e., the material access control element 30). In the first mode, specifically, when the processing component 13 determines that the identity identification information S1 of the visitor matches the authentication information D1, the identification code providing component 15 provides the identity identification object 151 in which the visitor records the legal identity identification information N1, and At the same time, the identity identification information N1 is registered in the data access control component 30 through the second network L2. Thus, when the visitor conveniently operates the data access control component 30 with the identity recognition object 151, the data control component 30 can Registered identity identification information Ni to confirm the legality of the visitor. On the other hand, in the second mode, when the processing component 13 determines that the identity identification information S1 of the visitor matches the authentication information D1, the identification code providing component 15 requests the visitor to provide an electronic tagged object (for example, a leisure card), and according to the electronic The tag generates the identity identification information Nb and simultaneously registers the identity identification information N1 with the access control element 30 via the second network L2. In this way, the visitor can brake the operation of the data access control with the electronic tag having the body and the bait along the 丨2, and operate the N1 phase -n~仟30. In another example, when the user wants to go to the bank for business--processing, the bank will open the account, and the user can register the user's authentication information D1 (for example, the user's account). The biometrics such as fingerprints are included in the database 20, and the user is subsequently identified for use. And have recorded their own moxibustion’ as a user to silver
行進行業務處理時’使用者可先填寫業務處理表格(例如^ 單),隨後使用者便可同時將手指指紋(身分辨識資訊si)以 務處理表格置於影像擷取元件11上進行指紋影像婦_,如士二 來’處理元件13便可利用使用者之手指指紋判斷使用者之身分符 合資料庫20中之認證資料D1,進一步確認使用者確為銀行之客 戶,同時,處理單元13亦可利用業務處理表格之掃描結果判斷使 用者欲處理冬業務。 而當處理元件13確認使用者身分之後,識別瑪提供元件15就 會提供使用者具身分識別資訊N1之號碼牌,並將身分識別資訊 N1註冊於資料存取控制元件30 (例如銀行後端作業之伺服器)。 待銀行系統呼叫具身分識別資訊N1之號碼牌時,使用者便可將具 身分識別資訊N1之號碼牌交給銀行作業人員,俾銀行作業人員據 以利用後端作業之伺服器,迅速地判斷使用者之身分以及欲處理 之業務。 接下來’請參考第2A圖、第2B圖及第2C圖,其分別為本創 作第二實施例之一使用者認證系統Γ之正面圖、側面圖以及元件 連結關係示意圖。其中,第二實施例中所使用之元件與第一實施 9 M415521 例相同者,其功能亦相同,於此將不再贅述。而須特別說明者, 第二實施例與第一實施例之差別在於使用者認證系統r更包含 一顯示元件17以及一註冊元件19。 詳言之,顯示元件17係用以顯示處理元件13之一處理狀態資 訊170。具體來說,處理元件13於進行各項操作處理時,可將其 處理狀態資訊170 (例如使用者確認掃描的身分辨識資訊S1、顯 示判斷結果相符資訊等)以顯示於顯示元件17之方式回饋予該使 用者,俾使用者得知目前操作之流程以及進度。更者,該顯示元 件17亦可為一互動式觸控螢幕,該使用者亦可透過此互動式觸控 螢幕進行簡易之資料確認輸入。 而註冊元件19與資料庫20連接,其主要係用於接受現場註冊。 詳細來說,註冊元件19係用以接受該使用者之一系統使用要求 REQ,而註冊元件19可根據系統使用要求REQ,判斷該使用者之 合法性,並據以產生一認證資訊D2,隨後,註冊元件19便將認 證資訊D2傳送至資料庫20,俾該使用者再次透過前述之内容, 進行身分認證之流程。 更具體而言,當使用者於利用使用者認證系統Γ前、或於處理 元件13判斷身分辨識資訊S1與認證資訊為不相符後,皆可透過 註冊元件19重新進行註冊,則該使用者便得以進行認證並取得身 分識別資訊。須特別說明者,使用者可透過註冊元件19所具之攝 影機、麥克風或鍵盤滑鼠組等任何形式之輸入裝置,讓後端操作 人員利用註冊元件19確認使用者之身分,而於確認使用者合法 後,操作人員便可再透過註冊元件19將認證資料D2輸入資料庫 20 M415521 综上所述,本創作之使用者認證系統主要係透過預約= 認證等程序,使得使用者認證流程將得以更有效率 識別及 如此一來,以往以人工進行身分認證導致業務處理整體^ =成, 遲之缺點將可輕易克服。 ❶程之延 惟上述實施例僅為例示性說明本創作之實施態樣, .. 及閣释本 此When performing business processing, the user can fill in the business processing form (for example, ^ single), and then the user can simultaneously put the finger fingerprint (identification information si) on the image capturing component 11 for fingerprint image processing. The __, 士二来' processing component 13 can use the user's finger fingerprint to determine that the user's identity meets the authentication data D1 in the database 20, further confirming that the user is indeed a bank customer, and at the same time, the processing unit 13 The scanning result of the business processing table can be used to judge the user's desire to handle the winter business. When the processing component 13 confirms the user identity, the identification device providing component 15 provides the user's identification card with the identity identification information N1, and registers the identity identification information N1 with the data access control component 30 (for example, the bank backend operation). Server). When the banking system calls the number card with the identity identification information N1, the user can hand the number card with the identity identification information N1 to the bank operator, and the bank operator can quickly judge by using the server of the back-end operation. The identity of the user and the business to be processed. Next, please refer to FIG. 2A, FIG. 2B and FIG. 2C, which are respectively a front view, a side view and a component connection relationship of a user authentication system according to a second embodiment. The components used in the second embodiment are the same as those in the first embodiment of the present invention, and the functions thereof are also the same, and will not be described again. Specifically, the second embodiment differs from the first embodiment in that the user authentication system r further includes a display element 17 and a registration element 19. In particular, display component 17 is used to display one of processing element 13 processing status information 170. Specifically, when the processing component 13 performs various operations, the processing status information 170 (for example, the user confirms the scanned identity identification information S1, the display judgment result matching information, etc.) can be fed back in the manner of being displayed on the display component 17. To the user, the user is informed of the current operation process and progress. Moreover, the display element 17 can also be an interactive touch screen, and the user can also perform simple data confirmation input through the interactive touch screen. The registration component 19 is connected to the repository 20, which is primarily used for on-site registration. In detail, the registration component 19 is configured to accept the system usage requirement REQ of the user, and the registration component 19 can determine the legality of the user according to the system usage requirement REQ, and accordingly generate an authentication information D2, and subsequently The registration component 19 transmits the authentication information D2 to the database 20, and the user again performs the identity authentication process through the foregoing contents. More specifically, when the user uses the user authentication system, or after the processing component 13 determines that the identity identification information S1 does not match the authentication information, the user can re-register through the registration component 19, and the user Ability to authenticate and obtain identity identification information. It should be specially stated that the user can use the registration device 19 to confirm the user's identity by using any type of input device such as a camera, a microphone or a keyboard mouse group of the registration component 19, and confirm the user. After legal, the operator can enter the authentication data D2 into the database through the registration component 19. M415521 In summary, the user authentication system of the creation mainly through the procedures of reservation=certification, so that the user authentication process will be more Efficient identification and as a result, in the past, the manual authentication of the business led to the overall processing of the business, and the shortcomings of the delay can be easily overcome. The above embodiments are merely illustrative of the implementation of this creation, .. and the interpretation of this
創作之技術特徵,旅非用來限制本創作之保護範嘴。任何熟乘 主 技藝之人士可輕易完成之改變或均等性之安排均屬於本創作= 張之範圍,本創作之權利保護範圍應以申請專利範圍為準。 【圖式簡單說明】 第1Α圖係本創作第一實施例之使用者認證系統之正面圖; 第圖係本創作第一實施例之使用者認證系統之側面圖; 第1C圖係本創作第一實施例之使用者認證系統之元件連結關 係示意圖; 第2A圖係本創作第二實施例之使用者認證系統之正面圖; 第2B圖係本創作第二實施例之使用者認證系統之側面圖;以及 第2C圖係本創作第二實施例之使用者認證系統之元件連結關 係示意圖。 【主要元件符號說明】 1、:使用者認證系統 11 影像擷取元件 13 :處理元件 15 辨識碼提供元件 151 :身分辨識元件 17 顯示元件 170:處理狀態資訊 19 註冊元件 11 M415521 20 :資料庫 LI :第一連線 S1 :身分辨識資訊 N1 :身分識別資訊 30 :資料存取控制元件 L2 :第二連線 Dl、D2 :認證資訊 REQ :系統使用要求 12The technical characteristics of the creation, the brigade is not used to limit the protection of this creation. Any change or equality of arrangements that can be easily accomplished by anyone skilled in the art is within the scope of this creation = Zhang. The scope of protection of this creation shall be subject to the scope of the patent application. BRIEF DESCRIPTION OF THE DRAWINGS The first drawing is a front view of the user authentication system of the first embodiment of the present creation; the first drawing is a side view of the user authentication system of the first embodiment of the present creation; A schematic diagram of the component connection relationship of the user authentication system of an embodiment; FIG. 2A is a front view of the user authentication system of the second embodiment of the present creation; and FIG. 2B is a side of the user authentication system of the second embodiment of the present creation Figure 2 and Figure 2C are diagrams showing the component connection relationship of the user authentication system of the second embodiment of the present invention. [Main component symbol description] 1. User authentication system 11 Image capturing component 13: Processing component 15 Identification code providing component 151: Identity recognition component 17 Display component 170: Processing status information 19 Registration component 11 M415521 20 : Database LI : First connection S1: Identity identification information N1: Identity identification information 30: Data access control component L2: Second connection Dl, D2: Authentication information REQ: System usage requirement 12