TWM578432U - System for assisting a financial card holder in setting password for the first time - Google Patents
System for assisting a financial card holder in setting password for the first time Download PDFInfo
- Publication number
- TWM578432U TWM578432U TW107217000U TW107217000U TWM578432U TW M578432 U TWM578432 U TW M578432U TW 107217000 U TW107217000 U TW 107217000U TW 107217000 U TW107217000 U TW 107217000U TW M578432 U TWM578432 U TW M578432U
- Authority
- TW
- Taiwan
- Prior art keywords
- financial card
- password
- authentication
- app
- setting module
- Prior art date
Links
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Description
本創作係關於一種用於幫助持卡人首次設定金融卡密碼之系統,特別係關於一種無需紙本金融卡密碼函的系統。This creation is about a system for helping cardholders to first set a financial card password, especially for a system that does not require a paper currency card cryptogram.
現行金融卡密碼函係由金融卡系統相關功能產出密碼檔後,由特定安管人員於指定環境下,以人工操作指定機器設備與交易功能,完成金融卡密碼函列印作業;之後,經由專人打包、運送、郵遞到各指定分行;最後,由各分行指定專人清點收妥後入庫、儲藏、保管;於客戶到分行臨櫃辦理新金融卡申請時,再經指定專人於主管審核後,自保險庫取得該金融卡之密碼函,連同新申請之金融卡一起交付持卡人簽收。After the current financial card password function is generated by the financial card system related function, the specific security personnel can manually specify the machine equipment and transaction function in the specified environment, and complete the financial card password letter printing operation; Special personnel shall be packaged, transported and mailed to the designated branches; in the end, the designated branches of each branch shall be inspected and put into storage, storage and storage; when the customer applies for the new financial card to the branch, the designated person shall be examined by the supervisor after the appointment. The cryptogram of the financial card is obtained from the vault and delivered to the cardholder for signing together with the newly applied financial card.
因此,對於金融業者而言,仍需要一種系統或方法,以取代現行通過人工操作列印密碼函的繁瑣程序,節省其間配套的相關人工作業、環境設施、列印機器、紙張、郵遞、保管儲存、資安控管及風險稽查等等作業成本負擔。此外,若能消除紙本金融卡密碼函之使用,亦能達到節能減碳的效果,有助於地球之環境保護。Therefore, for financial operators, there is still a need for a system or method to replace the current cumbersome procedures for printing cryptographic functions by manual operation, saving related manual work, environmental facilities, printing machines, paper, postal, storage and storage. Cost of operation, such as security control and risk auditing. In addition, if the use of the paper financial card password letter can be eliminated, the effect of energy saving and carbon reduction can be achieved, which contributes to the environmental protection of the earth.
有鑑於此,本創作提供用於幫助持卡人首次設定金融卡密碼之系統及其方法,其無需紙本金融卡密碼函即可完成金融卡密碼之首次設定,並能兼顧密碼設定之安全性。In view of this, the present invention provides a system and method for helping a cardholder to first set a financial card password, which can complete the first setting of the financial card password without the need for a paper financial card password, and can balance the security of the password setting. .
在一方面,本創作揭示一種用於幫助持卡人首次設定金融卡密碼之系統,包含: 一第一伺服器,設有一密碼設定模組,其包括一儲存子模組; 一第二伺服器,與該第一伺服器電性連接,並設有一金融卡管理模組; 一軟體產品(App),與該第一伺服器通訊連接,該App係安裝於該持卡人所持有的一行動裝置,且該App係經該密碼設定模組認證;以及 一認證裝置,與該第二伺服器通訊連接,該認證裝置具有一顯示元件、一輸入元件及一金融卡讀寫元件; 其中: 該密碼設定模組於一預先註冊程序中:接收一第一認證資料,其係由該行動裝置的識別資訊以及該持卡人的個人資訊所組成,並將該第一認證資料儲存於該儲存子模組;以及,接收一第二認證資料,其為一自選文摘,並將該第二認證資料儲存於該儲存子模組; 該App於啟動後自動觸發一事件,要求輸入個人資訊及金融卡之帳號,並將輸入之個人資訊及帳號傳送予該密碼設定模組; 該密碼設定模組於向該金融卡管理模組確認該金融卡之狀態之後:根據一組合方法組合該第一認證資料,以產生一第一金鑰,其中,該組合方法係隨機挑選自複數個組合方法,並具有一第一編號;自複數個加密方法中隨機挑選一加密方法,該加密方法具有一第二編號;以及,向該App傳送該第一編號,及基於該第一金鑰加密後的確認資料,該確認資料包括一加密資訊及該自選文摘,其中,該加密資訊包括該第二編號,及一開始取樣位置; 該App自該行動裝置取得該行動裝置的識別資訊以及該持卡人的個人資訊,並根據該第一編號所對應的組合方法,組合所述識別資訊及個人資訊,以產生一第二金鑰;使用該第二金鑰解譯得到該加密資訊及該自選文摘,並根據該第二編號所對應的加密方法及該開始取樣位置,對該自選文摘進行加密,得到一加密值;以及,基於該第二金鑰對該加密值進行加密後傳送予該密碼設定模組; 該密碼設定模組於確認該加密值的正確性後,向該金融卡管理模組發送取得認證碼之請求,並取得一認證碼;以及,產生一認證碼圖像,並傳送予該App; 該App顯示該認證碼圖像,以供該持卡人藉由認證裝置首次設定該金融卡之密碼時使用;以及 該認證裝置藉由該金融卡讀寫元件讀取該金融卡,並向該金融卡管理模組確認該金融卡之狀態,接著藉由該顯示元件提供一第一使用者介面,供該持卡人藉由該輸入元件輸入該認證碼以及該金融卡之新密碼,以完成首次密碼設定。In one aspect, the present disclosure discloses a system for assisting a cardholder to first set a financial card password, comprising: a first server having a password setting module including a storage sub-module; a second server And the first server is electrically connected, and is provided with a financial card management module; a software product (App) is connected to the first server, and the app is installed on the card holder. a mobile device, wherein the app is authenticated by the password setting module; and an authentication device communicatively coupled to the second server, the authentication device having a display component, an input component, and a financial card reading and writing component; The password setting module is configured to receive a first authentication data, which is composed of the identification information of the mobile device and the personal information of the card holder, and stores the first authentication data in the storage. a sub-module; and receiving a second authentication data, which is an optional digest, and storing the second authentication data in the storage sub-module; the app automatically triggers an event after starting, requesting to lose Entering the account number of the personal information and the financial card, and transmitting the entered personal information and account number to the password setting module; the password setting module confirms the status of the financial card to the financial card management module: according to a combination method Combining the first authentication data to generate a first key, wherein the combining method randomly selects a plurality of combining methods and has a first number; randomly selecting an encryption method from the plurality of encryption methods, the encryption The method has a second number; and, transmitting the first number to the App, and based on the first key encrypted data, the confirmation data includes an encrypted information and the optional abstract, wherein the encrypted information includes the a second number, and a sampling location at the beginning; the App obtains the identification information of the mobile device and the personal information of the card holder from the mobile device, and combines the identification information according to a combination method corresponding to the first number Personal information to generate a second key; the second key is used to interpret the encrypted information and the optional abstract, and according to the second number Corresponding encryption method and the starting sampling location, encrypting the self-selected abstract to obtain an encrypted value; and encrypting the encrypted value based on the second key and transmitting the encrypted value to the password setting module; the password setting module After confirming the correctness of the encrypted value, sending a request for obtaining an authentication code to the financial card management module, and obtaining an authentication code; and generating an authentication code image and transmitting the image to the App; the App displaying the authentication a code image for use by the card holder by first setting the password of the financial card by the authentication device; and the authentication device reads the financial card by the financial card reading and writing component, and the financial card management module Confirming the status of the financial card, and then providing a first user interface by the display component, for the cardholder to input the authentication code and the new password of the financial card by the input component to complete the first password setting.
在本創作之部分具體實施例中,該密碼設定模組提供一第二使用者介面,供該金融卡之發卡方作業人員輸入該第一認證資料及該第二認證資料。In some embodiments of the present invention, the password setting module provides a second user interface for the card issuer operator of the financial card to input the first authentication data and the second authentication data.
在本創作之部分具體實施例中,該App要求一啟動密碼。In some embodiments of the present creation, the App requires a activation password.
在本創作之部分具體實施例中,該認證裝置的該第一使用者介面要求輸入認證碼及新密碼,以及該個人資訊的至少一部分,並基於所輸入的資料向該金融卡管理模組發送設定新密碼之請求。在特定具體實施例中,該金融卡管理模組確認接收到的認證碼及個人資料無誤後,取得經亂碼化的新密碼,並傳送予該認證裝置,供其藉由該金融卡讀寫元件寫入該經亂碼化的新密碼至該金融卡。In some embodiments of the present invention, the first user interface of the authentication device requires input of an authentication code and a new password, and at least a portion of the personal information, and sends the financial card management module to the financial card management module based on the input data. A request to set a new password. In a specific embodiment, after the financial card management module confirms that the received authentication code and personal data are correct, the cryptographic new password is obtained and transmitted to the authentication device for reading and writing components by the financial card. The garbled new password is written to the financial card.
另一方面,本創作提供一種用於幫助持卡人首次設定金融卡密碼之方法,包含: 提供一第一伺服器,設有一密碼設定模組,其包括一儲存子模組; 一第二伺服器,與該第一伺服器電性連接,並設有一金融卡管理模組;一軟體產品(App),與該第一伺服器通訊連接,該App係安裝於該持卡人所持有的一行動裝置,且該App係經該密碼設定模組認證;以及一認證裝置,與該第二伺服器通訊連接,該認證裝置具有一顯示元件、一輸入元件及一金融卡讀寫元件; 該密碼設定模組於一預先註冊程序中:接收一第一認證資料,其係由該行動裝置的識別資訊以及該持卡人的個人資訊所組成,並將該第一認證資料儲存於該儲存子模組;以及,接收一第二認證資料,其為一自選文摘,並將該第二認證資料儲存於該儲存子模組; 該App於啟動後自動觸發一事件,要求輸入個人資訊及金融卡之帳號,並將輸入之個人資訊及帳號傳送予該密碼設定模組; 該密碼設定模組於向該金融卡管理模組確認該金融卡之狀態之後:根據一組合方法組合該第一認證資料,以產生一第一金鑰,其中,該組合方法係隨機挑選自複數個組合方法,並具有一第一編號;自複數個加密方法中隨機挑選一加密方法,該加密方法具有一第二編號;以及,向該App傳送該第一編號,及基於該第一金鑰加密後的確認資料,該確認資料包括一加密資訊及該自選文摘,其中,該加密資訊包括該第二編號,及一開始取樣位置; 該App自該行動裝置取得該行動裝置的識別資訊以及該持卡人的個人資訊,並根據該第一編號所對應的組合方法,組合所述識別資訊及個人資訊,以產生一第二金鑰;使用該第二金鑰解譯得到該加密資訊及該自選文摘,並根據該第二編號所對應的加密方法及該開始取樣位置,對該自選文摘進行加密,得到一加密值;以及,基於該第二金鑰對該加密值進行加密後傳送予該密碼設定模組; 該密碼設定模組於確認該加密值的正確性後,向該金融卡管理模組發送取得認證碼之請求,並取得一認證碼;以及,產生一認證碼圖像,並傳送予該App; 該App顯示該認證碼圖像,以供該持卡人藉由認證裝置首次設定該金融卡之密碼時使用;以及 該認證裝置藉由該金融卡讀寫元件讀取該金融卡,並向該金融卡管理模組確認該金融卡之狀態,接著藉由該顯示元件提供一第一使用者介面,供該持卡人藉由該輸入元件輸入該認證碼以及該金融卡之新密碼,以完成首次密碼設定。On the other hand, the present invention provides a method for helping a cardholder to first set a financial card password, comprising: providing a first server, providing a password setting module, including a storage submodule; and a second servo The device is electrically connected to the first server, and is provided with a financial card management module; a software product (App) is connected to the first server, and the application system is installed on the card holder. a mobile device, wherein the app is authenticated by the password setting module; and an authentication device communicatively coupled to the second server, the authentication device having a display component, an input component, and a financial card reading and writing component; The password setting module is configured to receive a first authentication data, which is composed of the identification information of the mobile device and the personal information of the card holder, and stores the first authentication data in the storage device. And receiving a second authentication data, which is a self-selected abstract, and storing the second authentication data in the storage sub-module; the application automatically triggers an event after starting, requesting to input The account information of the person information and the financial card is transmitted to the password setting module; the password setting module confirms the state of the financial card to the financial card management module: according to a combination method The first authentication data is generated to generate a first key, wherein the combining method randomly selects a plurality of combining methods and has a first number; and randomly selects an encryption method from the plurality of encryption methods, the encryption method Having a second number; and transmitting the first number to the App, and based on the first key encrypted data, the confirmation data includes an encrypted information and the optional abstract, wherein the encrypted information includes the first a second number, and a sampling location at the beginning; the App obtains the identification information of the mobile device from the mobile device and the personal information of the card holder, and combines the identification information and the individual according to the combination method corresponding to the first number Information to generate a second key; using the second key to interpret the encrypted information and the optional abstract, and according to the second number The encryption method and the starting sampling location, encrypting the optional abstract to obtain an encrypted value; and encrypting the encrypted value based on the second key and transmitting the encrypted value to the password setting module; the password setting module is After confirming the correctness of the encrypted value, sending a request for obtaining an authentication code to the financial card management module, and obtaining an authentication code; and generating an authentication code image and transmitting the image to the App; the App displaying the authentication code And an image for the card holder to use when the authentication device first sets the password of the financial card; and the authentication device reads the financial card by the financial card reading and writing component, and confirms to the financial card management module The status of the financial card is followed by the display component providing a first user interface for the cardholder to input the authentication code and the new password of the financial card by the input component to complete the first password setting.
在本創作之部分具體實施例中,該密碼設定模組提供一第二使用者介面,供該金融卡之發卡方作業人員輸入該第一認證資料及該第二認證資料。In some embodiments of the present invention, the password setting module provides a second user interface for the card issuer operator of the financial card to input the first authentication data and the second authentication data.
在本創作之部分具體實施例中,該App要求一啟動密碼。In some embodiments of the present creation, the App requires a activation password.
在本創作之部分具體實施例中,該認證裝置的該第一使用者介面要求輸入認證碼及新密碼,以及該個人資訊的至少一部分,並基於所輸入的資料向該金融卡管理模組發送設定新密碼之請求。在特定具體實施例中,該金融卡管理模組確認接收到的認證碼及個人資料無誤後,取得經亂碼化的新密碼,並傳送予該認證裝置,供其藉由該金融卡讀寫元件寫入該經亂碼化的新密碼至該金融卡。In some embodiments of the present invention, the first user interface of the authentication device requires input of an authentication code and a new password, and at least a portion of the personal information, and sends the financial card management module to the financial card management module based on the input data. A request to set a new password. In a specific embodiment, after the financial card management module confirms that the received authentication code and personal data are correct, the cryptographic new password is obtained and transmitted to the authentication device for reading and writing components by the financial card. The garbled new password is written to the financial card.
本創作之其他目的及優點一部分記載於下述說明中,或者可透過本創作的實施例而理解。應了解前文之創作內容及下文之實施方式僅為例示性及闡釋性之說明,而非如申請專利範圍般限定本創作。Other objects and advantages of the present invention are described in the following description or may be understood by the embodiments of the present invention. It is to be understood that the foregoing description of the present invention and the following description of the present invention are intended to be illustrative and illustrative only.
需注意的是,除非另有指明,所有在此處使用的技術性和科學性術語具有如同本創作所屬技術領域中之通常技術者一般所瞭解的意義。再者,本說明書所使用的「一」乙詞,如未特別指明,係指至少一個(一個或一個以上)之數量,合先說明。It is to be noted that all technical and scientific terms used herein have the meaning as commonly understood by one of ordinary skill in the art to which this invention belongs, unless otherwise indicated. In addition, the word "a" used in the specification, unless otherwise specified, means the quantity of at least one (one or more).
在一方面,本創作提供一種一種用於幫助持卡人首次設定金融卡密碼之系統。所述系統包含:一第一伺服器、一第二伺服器、一軟體產品(App)以及一認證裝置。In one aspect, the present disclosure provides a system for assisting a cardholder in setting a financial card password for the first time. The system comprises: a first server, a second server, a software product (App) and an authentication device.
該第一伺服器設有一密碼設定模組,其包括一儲存子模組。The first server is provided with a password setting module, which includes a storage sub-module.
該第二伺服器係與該第一伺服器電性連接,並設有一金融卡管理模組。The second server is electrically connected to the first server and is provided with a financial card management module.
根據本創作之較佳具體實施例,該第一及第二伺服器係設於該金融卡的發卡方。According to a preferred embodiment of the present invention, the first and second servers are provided to the card issuer of the financial card.
該軟體產品(App)係與該第一伺服器通訊連接,並安裝於該持卡人所持有的一行動裝置,且該App係經該密碼設定模組認證。根據本創作,該行動裝置包括但不限於一平板電腦或一智慧型手機,且較佳為一智慧型手機。該行動裝置較佳不包括一筆記型電腦。所述通訊連接較佳為藉由一網際網路通訊連接。根據本創作,該軟體產品較佳係為一行動軟體產品(mobile application)。根據本創作,該行動裝置可包含一儲存單元,儲存有該軟體產品之程式碼,以及一處理單元,用於執行該軟體產品之程式碼。The software product (App) is communicatively connected to the first server, and is installed on a mobile device held by the card holder, and the app is authenticated by the password setting module. According to the present creation, the mobile device includes but is not limited to a tablet computer or a smart phone, and is preferably a smart phone. Preferably, the mobile device does not include a notebook computer. Preferably, the communication connection is via an internet communication connection. According to the present creation, the software product is preferably a mobile application. According to the present invention, the mobile device can include a storage unit storing the code of the software product, and a processing unit for executing the code of the software product.
該認證裝置係與該第二伺服器通訊連接,且其具有一顯示元件、一輸入元件及一金融卡讀寫元件。在本創作之部分具體實施例中,該認證裝置為一自動櫃員機或一自動存提款機。根據本創作,該認證裝置較佳係藉由一專屬網路與該第二伺服器通訊連接。The authentication device is communicatively coupled to the second server and has a display component, an input component, and a financial card read/write component. In some embodiments of the present invention, the authentication device is an automated teller machine or an automatic depositing and dispensing machine. According to the present invention, the authentication device is preferably in communication with the second server via a dedicated network.
在一預先註冊程序中,該密碼設定模組接收一第一認證資料及一第二認證資料,並將該第一及第二認證資料儲存於該儲存子模組。該第一認證資料係由該行動裝置的識別資訊以及該持卡人的個人資訊所組成,該第二認證資料則為一自選文摘。在該預先註冊程序中,該密碼設定模組可提供一第二使用者介面,以供該金融卡之發卡的方作業人員輸入該第一認證資料及該第二認證資料。前述識別資訊包含IMEI、UDID、鑰匙圈(Keychain)、MAC位址或其組合。該自選文摘可由該持卡人自行提供、或由該作業人員自該儲存子模組的資料庫中挑選、或由該密碼設定模組隨機自該儲存子模組的資料庫中挑選。In a pre-registration process, the password setting module receives a first authentication data and a second authentication data, and stores the first and second authentication data in the storage sub-module. The first authentication data is composed of the identification information of the mobile device and the personal information of the card holder, and the second authentication data is an optional digest. In the pre-registration process, the password setting module can provide a second user interface for the operator of the card issuing the financial card to input the first authentication data and the second authentication data. The aforementioned identification information includes an IMEI, a UDID, a keychain, a MAC address, or a combination thereof. The self-selected digest may be provided by the card holder or selected by the operator from the database of the storage sub-module or randomly selected by the password setting module from the database of the storage sub-module.
該App於啟動後自動觸發一事件,要求輸入個人資訊及金融卡之帳號,並將輸入之個人資訊及帳號傳送予該密碼設定模組。根據本創作的較佳具體實施例,該App要求一啟動密碼,驗證啟動密碼為正確後才會啟動該App。所述啟動密碼包括但不限於:圖形密碼、按鍵式密碼、指紋辨識或臉部辨識。The app automatically triggers an event after startup, requires input of personal information and a financial card account number, and transmits the entered personal information and account number to the password setting module. According to a preferred embodiment of the present invention, the App requires a boot password to verify that the boot password is correct before launching the App. The activation password includes, but is not limited to, a graphic password, a push-tone password, fingerprint recognition, or face recognition.
該密碼設定模組於向該金融卡管理模組確認該金融卡之狀態之後會執行以下步驟:(1) 根據一組合方法組合該第一認證資料,以產生一第一金鑰,其中,該組合方法係隨機挑選自複數個組合方法,並具有一第一編號;(2) 自複數個加密方法中隨機挑選一加密方法,該加密方法具有一第二編號;以及,(3) 將該第一編號以及基於該第一金鑰加密後的確認資料傳送予該App,該確認資料包括一加密資訊以及如前述之自選文摘,其中,該加密資訊包括該第二編號,及一開始取樣位置。根據本創作,所述組合方法包括但不限於:對該第一認證資料的單一欄位、或多個欄位的完整資料進行組合、或對該第一認證資料的多個欄位之部份資料進行組合、或對該第一認證資料的同一欄位資料進行多次組合。After confirming the status of the financial card to the financial card management module, the password setting module performs the following steps: (1) combining the first authentication data according to a combination method to generate a first key, wherein the The combination method randomly selects a plurality of combination methods and has a first number; (2) randomly selects an encryption method from the plurality of encryption methods, the encryption method has a second number; and, (3) the first A number and a confirmation data encrypted based on the first key are transmitted to the App, the confirmation data including an encrypted message and the optional digest as described above, wherein the encrypted information includes the second number, and a sampling position at the beginning. According to the present invention, the combined method includes, but is not limited to, combining a single field of the first authentication material, or a complete data of multiple fields, or a part of multiple fields of the first authentication data. The data is combined or the same field data of the first authentication material is combined multiple times.
該App自該行動裝置取得該行動裝置的識別資訊以及該持卡人的個人資訊,並根據該第一編號所對應的組合方法,組合所述識別資訊及個人資訊,以產生一第二金鑰;使用該第二金鑰解譯得到該加密資訊及該自選文摘,並根據該第二編號所對應的加密方法及該開始取樣位置,對該自選文摘進行加密,得到一加密值;以及,基於該第二金鑰對該加密值進行加密後傳送予該密碼設定模組。該持卡人的個人資訊可由該持卡人自行登錄並儲存於該行動裝置。所述開始取樣位置指示加密方法從該自選文摘的哪個位置的文字開始取樣進行加密。The App obtains the identification information of the mobile device and the personal information of the card holder from the mobile device, and combines the identification information and the personal information according to the combination method corresponding to the first number to generate a second key. And using the second key to obtain the encrypted information and the optional abstract, and encrypting the self-selected abstract according to the encryption method corresponding to the second number and the starting sampling location to obtain an encrypted value; and, based on The second key encrypts the encrypted value and transmits the encrypted value to the password setting module. The cardholder's personal information can be logged in and stored by the cardholder on the mobile device. The start sampling position indicates that the encryption method starts sampling at a position of the character of the optional digest for encryption.
該密碼設定模組於確認該加密值的正確性後,向該金融卡管理模組發送取得認證碼之請求,並取得一認證碼;以及,產生一認證碼圖像,並傳送予該App。所述認證碼較佳為6至8碼的隨機數字,但不以此為限。在本創作一具體實施例中,採用視覺密碼學理論方法對該認證碼加密產出所述認證碼圖像,使其明碼值需要人工以眼睛目視方式才能正確讀取。After confirming the correctness of the encrypted value, the password setting module sends a request for obtaining an authentication code to the financial card management module, and obtains an authentication code; and generates an authentication code image and transmits the image to the App. The authentication code is preferably a random number of 6 to 8 codes, but is not limited thereto. In a specific embodiment of the present invention, the authentication code is encrypted by using the visual cryptography theory method to generate the authentication code image, so that the clear code value needs to be manually visually read by the eye.
接著,該App會顯示該認證碼圖像,以供該持卡人藉由認證裝置首次設定該金融卡之密碼時使用。Then, the App displays the authentication code image for use by the card holder when the authentication device first sets the password of the financial card.
最後,該認證裝置藉由該金融卡讀寫元件讀取該金融卡,並向該金融卡管理模組確認該金融卡之狀態,接著藉由該顯示元件提供一第一使用者介面,供該持卡人藉由該輸入元件輸入該認證碼以及該金融卡之新密碼,以完成首次密碼設定。Finally, the authentication device reads the financial card by the financial card reading and writing component, and confirms the state of the financial card to the financial card management module, and then provides a first user interface by the display component for the The cardholder inputs the authentication code and the new password of the financial card by the input component to complete the first password setting.
在本創作之部分具體實施例中,該認證裝置的該第一使用者介面要求輸入認證碼及新密碼,以及該個人資訊的至少一部分,並基於所輸入的資料向該金融卡管理模組發送設定新密碼之請求。在特定具體實施例中,該金融卡管理模組確認接收到的認證碼及個人資料無誤後,取得經亂碼化的新密碼,並傳送予該認證裝置,供其藉由該金融卡讀寫元件寫入該經亂碼化的新密碼至該金融卡。In some embodiments of the present invention, the first user interface of the authentication device requires input of an authentication code and a new password, and at least a portion of the personal information, and sends the financial card management module to the financial card management module based on the input data. A request to set a new password. In a specific embodiment, after the financial card management module confirms that the received authentication code and personal data are correct, the cryptographic new password is obtained and transmitted to the authentication device for reading and writing components by the financial card. The garbled new password is written to the financial card.
另一方面,本創作提供一種用於幫助持卡人首次設定金融卡密碼之方法,包含: 提供一第一伺服器,設有一密碼設定模組,其包括一儲存子模組; 一第二伺服器,與該第一伺服器電性連接,並設有一金融卡管理模組;一軟體產品(App),與該第一伺服器通訊連接,該App係安裝於該持卡人所持有的一行動裝置,且該App係經該密碼設定模組認證;以及一認證裝置,與該第二伺服器通訊連接,該認證裝置具有一顯示元件、一輸入元件及一金融卡讀寫元件; 該密碼設定模組於一預先註冊程序中:接收一第一認證資料,其係由該行動裝置的識別資訊以及該持卡人的個人資訊所組成,並將該第一認證資料儲存於該儲存子模組;以及,接收一第二認證資料,其為一自選文摘,並將該第二認證資料儲存於該儲存子模組; 該App於啟動後自動觸發一事件,要求輸入個人資訊及金融卡之帳號,並將輸入之個人資訊及帳號傳送予該密碼設定模組; 該密碼設定模組於向該金融卡管理模組確認該金融卡之狀態之後:根據一組合方法組合該第一認證資料,以產生一第一金鑰,其中,該組合方法係隨機挑選自複數個組合方法,並具有一第一編號;自複數個加密方法中隨機挑選一加密方法,該加密方法具有一第二編號;以及,向該App傳送該第一編號,及基於該第一金鑰加密後的確認資料,該確認資料包括一加密資訊及該自選文摘,其中,該加密資訊包括該第二編號,及一開始取樣位置; 該App自該行動裝置取得該行動裝置的識別資訊以及該持卡人的個人資訊,並根據該第一編號所對應的組合方法,組合所述識別資訊及個人資訊,以產生一第二金鑰;使用該第二金鑰解譯得到該加密資訊及該自選文摘,並根據該第二編號所對應的加密方法及該開始取樣位置,對該自選文摘進行加密,得到一加密值;以及,基於該第二金鑰對該加密值進行加密後傳送予該密碼設定模組; 該密碼設定模組於確認該加密值的正確性後,向該金融卡管理模組發送取得認證碼之請求,並取得一認證碼;以及,產生一認證碼圖像,並傳送予該App; 該App顯示該認證碼圖像,以供該持卡人藉由認證裝置首次設定該金融卡之密碼時使用;以及 該認證裝置藉由該金融卡讀寫元件讀取該金融卡,並向該金融卡管理模組確認該金融卡之狀態,接著藉由該顯示元件提供一第一使用者介面,供該持卡人藉由該輸入元件輸入該認證碼以及該金融卡之新密碼,以完成首次密碼設定。On the other hand, the present invention provides a method for helping a cardholder to first set a financial card password, comprising: providing a first server, providing a password setting module, including a storage submodule; and a second servo The device is electrically connected to the first server, and is provided with a financial card management module; a software product (App) is connected to the first server, and the application system is installed on the card holder. a mobile device, wherein the app is authenticated by the password setting module; and an authentication device communicatively coupled to the second server, the authentication device having a display component, an input component, and a financial card reading and writing component; The password setting module is configured to receive a first authentication data, which is composed of the identification information of the mobile device and the personal information of the card holder, and stores the first authentication data in the storage device. And receiving a second authentication data, which is a self-selected abstract, and storing the second authentication data in the storage sub-module; the application automatically triggers an event after starting, requesting to input The account information of the person information and the financial card is transmitted to the password setting module; the password setting module confirms the state of the financial card to the financial card management module: according to a combination method The first authentication data is generated to generate a first key, wherein the combining method randomly selects a plurality of combining methods and has a first number; and randomly selects an encryption method from the plurality of encryption methods, the encryption method Having a second number; and transmitting the first number to the App, and based on the first key encrypted data, the confirmation data includes an encrypted information and the optional abstract, wherein the encrypted information includes the first a second number, and a sampling location at the beginning; the App obtains the identification information of the mobile device from the mobile device and the personal information of the card holder, and combines the identification information and the individual according to the combination method corresponding to the first number Information to generate a second key; using the second key to interpret the encrypted information and the optional abstract, and according to the second number The encryption method and the starting sampling location, encrypting the optional abstract to obtain an encrypted value; and encrypting the encrypted value based on the second key and transmitting the encrypted value to the password setting module; the password setting module is After confirming the correctness of the encrypted value, sending a request for obtaining an authentication code to the financial card management module, and obtaining an authentication code; and generating an authentication code image and transmitting the image to the App; the App displaying the authentication code And an image for the card holder to use when the authentication device first sets the password of the financial card; and the authentication device reads the financial card by the financial card reading and writing component, and confirms to the financial card management module The status of the financial card is followed by the display component providing a first user interface for the cardholder to input the authentication code and the new password of the financial card by the input component to complete the first password setting.
在該預先註冊程序中,該密碼設定模組可提供一第二使用者介面,以供該金融卡之發卡的方作業人員輸入該第一認證資料及該第二認證資料。前述識別資訊包含IMEI、UDID、鑰匙圈(Keychain)、MAC位址或其組合。該自選文摘可由該持卡人自行提供、或由該作業人員自該儲存子模組的資料庫中挑選、或由該密碼設定模組隨機自該儲存子模組的資料庫中挑選。In the pre-registration process, the password setting module can provide a second user interface for the operator of the card issuing the financial card to input the first authentication data and the second authentication data. The aforementioned identification information includes an IMEI, a UDID, a keychain, a MAC address, or a combination thereof. The self-selected digest may be provided by the card holder or selected by the operator from the database of the storage sub-module or randomly selected by the password setting module from the database of the storage sub-module.
在本創作之部分具體實施例中,該App要求一啟動密碼。所述啟動密碼包括但不限於:圖形密碼、按鍵式密碼、指紋辨識或臉部辨識。In some embodiments of the present creation, the App requires a activation password. The activation password includes, but is not limited to, a graphic password, a push-tone password, fingerprint recognition, or face recognition.
在本創作之部分具體實施例中,該認證裝置的該第一使用者介面要求輸入認證碼及新密碼,以及該個人資訊的至少一部分,並基於所輸入的資料向該金融卡管理模組發送設定新密碼之請求。在特定具體實施例中,該金融卡管理模組確認接收到的認證碼及個人資料無誤後,取得經亂碼化的新密碼,並傳送予該認證裝置,供其藉由該金融卡讀寫元件寫入該經亂碼化的新密碼至該金融卡。In some embodiments of the present invention, the first user interface of the authentication device requires input of an authentication code and a new password, and at least a portion of the personal information, and sends the financial card management module to the financial card management module based on the input data. A request to set a new password. In a specific embodiment, after the financial card management module confirms that the received authentication code and personal data are correct, the cryptographic new password is obtained and transmitted to the authentication device for reading and writing components by the financial card. The garbled new password is written to the financial card.
現配合 圖 1及 圖 2說明本創作之幫助持卡人首次設定金融卡密碼之系統及方法的特定較佳具體實施例。 Now with FIG. 1 and FIG. 2 illustrates a first cardholder to help the creation of systems and methods for setting passwords debit card specific preferred embodiments.
首先請參見 圖 1,所示為本創作之一具體實施例之幫助持卡人首次設定金融卡密碼之系統。在本具體實施例中,幫助持卡人首次設定金融卡密碼之系統 1包含一第一伺服器 10、一第二伺服器 20、一軟體產品(App) 30以及一認證裝置 40。該軟體產品 30可為一行動軟體產品,例如,金融業者發行之App。 First, see Figure 1, shown to help cardholders example of one particular implementation of the first set based authoring system debit card passwords. In the specific embodiment, the system 1 for assisting the cardholder to set the financial card password for the first time includes a first server 10 , a second server 20 , a software product (App) 30, and an authentication device 40 . The software product 30 can be an action software product, such as an app issued by a financial industry.
該第一伺服器 10設有一密碼設定模組 12,其包括一儲存子模組 122。 該第二伺服器 20係與該第一伺服器 10電性連接,並設有一金融卡管理模組 22。該第一及第二伺服器 10及 20可設於該金融卡的發卡方。 The first server 10 is provided with a password setting module 12 , which includes a storage sub-module 122 . The second server 20 is electrically connected to the first server 10 and is provided with a financial card management module 22 . The first and second servers 10 and 20 can be located on the card issuer of the financial card.
該App 30係與該第一伺服器 10通訊連接,並安裝於該持卡人所持有的一行動裝置 70,且該App 30係經該密碼設定模組 12認證。該行動裝置 70可為一平板電腦或一智慧型手機,較佳為一智慧型手機。 The App 30 is communicatively coupled to the first server 10 and installed in a mobile device 70 held by the card holder, and the App 30 is authenticated by the password setting module 12 . The mobile device 70 can be a tablet computer or a smart phone, preferably a smart phone.
該認證裝置 40藉由一專屬網路與該第二伺服器 20通訊連接,且其具有一顯示元件 42、一輸入元件 44及一金融卡讀寫元件 46。在部分實例中,該認證裝置 40為一自動櫃員機或一自動存提款機。 The authentication device 40 is communicatively coupled to the second server 20 via a dedicated network and has a display component 42 , an input component 44, and a financial card read/write component 46 . In some examples, the authentication device 40 is an automated teller machine or an automated teller machine.
在一預先註冊程序中,該密碼設定模組 12接收一第一認證資料及一第二認證資料,並將該第一及第二認證資料儲存於該儲存子模組 122。該第一認證資料係由該行動裝置 70的識別資訊以及該持卡人的個人資訊所組成,該第二認證資料則為一自選文摘。該文摘之位元數較佳係介於512位元至1024位元之間。 In a pre-registration process, the password setting module 12 receives a first authentication data and a second authentication data, and stores the first and second authentication data in the storage sub-module 122 . The first authentication data is composed of the identification information of the mobile device 70 and the personal information of the card holder, and the second authentication data is an optional digest. The number of bits in the abstract is preferably between 512 and 1024 bits.
該App 30在啟動後會自動觸發一事件,要求輸入個人資訊及金融卡之帳號,並將輸入之個人資訊及帳號傳送予該密碼設定模組 12。較佳地,該App要求一啟動密碼,驗證啟動密碼為正確後才會啟動該App,以符合安全性需求。 The App 30 automatically triggers an event after activation, requires input of a personal information and a financial card account number, and transmits the entered personal information and account number to the password setting module 12 . Preferably, the App requires a startup password to verify that the startup password is correct before launching the application to meet security requirements.
該密碼設定模組 12於向該金融卡管理模組 22確認該金融卡之狀態之後會執行以下步驟:(1) 根據一組合方法組合該第一認證資料,以產生一第一金鑰,其中,該組合方法係隨機挑選自複數個組合方法,並具有一第一編號;(2) 自複數個加密方法中隨機挑選一加密方法,該加密方法具有一第二編號;以及,(3) 將該第一編號以及基於該第一金鑰加密後的確認資料傳送予該App,該確認資料包括一加密資訊以及如前述之自選文摘,其中,該加密資訊包括該第二編號,及一開始取樣位置。 After confirming the status of the financial card to the financial card management module 22, the password setting module 12 performs the following steps: (1) combining the first authentication data according to a combination method to generate a first key, wherein The combination method is randomly selected from a plurality of combination methods and has a first number; (2) randomly selecting an encryption method from the plurality of encryption methods, the encryption method having a second number; and, (3) The first number and the confirmation data encrypted based on the first key are transmitted to the App, the confirmation data includes an encrypted information and the optional digest as described above, wherein the encrypted information includes the second number, and the sampling is started. position.
該App 30會自該行動裝置 70取得該行動裝置 70的識別資訊以及該持卡人的個人資訊,並根據該第一編號所對應的組合方法,組合所述識別資訊及個人資訊,以產生一第二金鑰;使用該第二金鑰解譯得到該加密資訊及該自選文摘,並根據該第二編號所對應的加密方法及該開始取樣位置,對該自選文摘進行加密,得到一加密值;以及,基於該第二金鑰對該加密值進行加密後傳送予該密碼設定模組 12。 The App 30 obtains the identification information of the mobile device 70 and the personal information of the card holder from the mobile device 70 , and combines the identification information and the personal information according to the combination method corresponding to the first number to generate a a second key; the encrypted information and the optional abstract are obtained by using the second key, and the optional abstract is encrypted according to the encryption method corresponding to the second number and the starting sampling position, to obtain an encrypted value. And encrypting the encrypted value based on the second key and transmitting the encrypted value to the password setting module 12 .
於確認該加密值的正確性後,向該金融卡管理模組 22發送取得認證碼之請求,並取得一認證碼;以及,產生一認證碼圖像,並傳送予該App 30。該密碼設定模組 12可採用視覺密碼學理論方法對該認證碼加密產出所述認證碼圖像,使其明碼值需要人工以眼睛目視方式才能正確讀取。 After confirming the correctness of the encrypted value, the financial card management module 22 transmits a request for obtaining the authentication code, and obtains an authentication code; and generates an authentication code image and transmits the image to the App 30 . The password setting module 12 can use the visual cryptography theory method to encrypt and generate the authentication code image, so that the clear code value needs to be manually visually read by the eye.
接著,該App 30會顯示該認證碼圖像,以供該持卡人藉由該認證裝置 40首次設定該金融卡之密碼時使用。首次設定該金融卡之密碼時,該認證裝置 40藉由該金融卡讀寫元件 46讀取該金融卡,並向該金融卡管理模組 22確認該金融卡之狀態,接著藉由顯示元件 42自動提供一第一使用者介面,供該持卡人藉由該輸入元件 44輸入該認證碼以及該金融卡之新密碼,以完成首次密碼設定。 Then, the App 30 displays the authentication code image for use by the card holder when the authentication device 40 first sets the password of the financial card. When the password of the financial card is set for the first time, the authentication device 40 reads the financial card by the financial card reading and writing component 46 , and confirms the state of the financial card to the financial card management module 22 , and then by the display component 42 A first user interface is automatically provided for the cardholder to input the authentication code and the new password of the financial card by the input component 44 to complete the first password setting.
另一方面,本創作提供一種幫助持卡人首次設定金融卡密碼之方法。請參見 圖 2,其為本創作之幫助持卡人首次設定金融卡密碼之方法的一具體實施例之流程圖。如圖所示,該方法包含下列步驟:( S110)提供一第一伺服器,設有一密碼設定模組,其包括一儲存子模組; 一第二伺服器,與該第一伺服器電性連接,並設有一金融卡管理模組;一軟體產品(App),與該第一伺服器通訊連接,該App係安裝於該持卡人所持有的一行動裝置,且該App係經該密碼設定模組認證;以及一認證裝置,與該第二伺服器通訊連接,該認證裝置具有一顯示元件、一輸入元件及一金融卡讀寫元件;( S120)該密碼設定模組於一預先註冊程序中:接收一第一認證資料,其係由該行動裝置的識別資訊以及該持卡人的個人資訊所組成,並將該第一認證資料儲存於該儲存子模組;以及,接收一第二認證資料,其為一自選文摘,並將該第二認證資料儲存於該儲存子模組;( S210)該App於啟動後自動觸發一事件,要求輸入個人資訊及金融卡之帳號,並將輸入之個人資訊及帳號傳送予該密碼設定模組;( S220)該密碼設定模組於向該金融卡管理模組確認該金融卡之狀態之後:根據一組合方法組合該第一認證資料,以產生一第一金鑰,其中,該組合方法係隨機挑選自複數個組合方法,並具有一第一編號;自複數個加密方法中隨機挑選一加密方法,該加密方法具有一第二編號;以及,向該App傳送該第一編號,及基於該第一金鑰加密後的確認資料,該確認資料包括一加密資訊及該自選文摘,其中,該加密資訊包括該第二編號,及一開始取樣位置;( S230)該App自該行動裝置取得該行動裝置的識別資訊以及該持卡人的個人資訊,並根據該第一編號所對應的組合方法,組合所述識別資訊及個人資訊,以產生一第二金鑰;使用該第二金鑰解譯得到該加密資訊及該自選文摘,並根據該第二編號所對應的加密方法及該開始取樣位置,對該自選文摘進行加密,得到一加密值;以及,基於該第二金鑰對該加密值進行加密後傳送予該密碼設定模組;( S310)該密碼設定模組於確認該加密值的正確性後,向該金融卡管理模組發送取得認證碼之請求,並取得一認證碼;以及,產生一認證碼圖像,並傳送予該App; ( S320)該App顯示該認證碼圖像,以供該持卡人藉由認證裝置首次設定該金融卡之密碼時使用;以及,( S410)該認證裝置藉由該金融卡讀寫元件讀取該金融卡,並向該金融卡管理模組確認該金融卡之狀態,接著藉由該顯示元件提供一第一使用者介面,供該持卡人藉由該輸入元件輸入該認證碼以及該金融卡之新密碼,以完成首次密碼設定。 On the other hand, this creation provides a way to help cardholders set the financial card password for the first time. Refer to the flowchart of Figure 2, which is oriented to help create the cardholder for the first time setting method debit card passwords of a specific implementation. As shown in the figure, the method includes the following steps: ( S110 ) providing a first server, providing a password setting module, comprising a storage submodule; a second server, electrically connected to the first server Connected and provided with a financial card management module; a software product (App) is connected to the first server, the app is installed on a mobile device held by the card holder, and the App is The password setting module is authenticated; and an authentication device is communicably connected to the second server, the authentication device has a display component, an input component, and a financial card reading and writing component; ( S120 ) the password setting module is in advance In the registration process, receiving a first authentication data, which is composed of the identification information of the mobile device and the personal information of the card holder, and storing the first authentication data in the storage sub-module; and receiving one a second authentication material, which is an optional digest, and stores the second authentication data in the storage sub-module; ( S210 ) the application automatically triggers an event after startup, requesting input of personal information and financial card accounts And transmitting the entered personal information and account number to the password setting module; ( S220 ) after the password setting module confirms the status of the financial card to the financial card management module: combining the first according to a combination method Authenticating data to generate a first key, wherein the combining method randomly selects a plurality of combining methods and has a first number; randomly selecting an encryption method from the plurality of encryption methods, the encryption method has a first a second number; and transmitting the first number to the App, and based on the first key encrypted data, the confirmation data includes an encrypted information and the optional abstract, wherein the encrypted information includes the second number, And initially sampling the location; ( S230 ) the App obtains the identification information of the mobile device from the mobile device and the personal information of the cardholder, and combines the identification information and the individual according to the combination method corresponding to the first number Information to generate a second key; using the second key to interpret the encrypted information and the optional abstract, and corresponding to the second number The encryption method and the sampling start position, the encrypted digest managed to obtain an encrypted value; and, after encrypting the second key value based on the encrypted password is transmitted to the setting module; (S310) the password setting mode After confirming the correctness of the encrypted value, the group sends a request for obtaining the authentication code to the financial card management module, and obtains an authentication code; and generates an authentication code image and transmits the image to the App; ( S320 ) The App displays the authentication code image for use by the card holder when the authentication device first sets the password of the financial card; and, ( S410 ) the authentication device reads the financial card by the financial card reading and writing component, And confirming the status of the financial card with the financial card management module, and then providing a first user interface by the display component, for the cardholder to input the authentication code and the new password of the financial card by the input component To complete the first password setting.
本創作之幫助持卡人首次設定金融卡密碼之方法可配合或不配合前述之幫助持卡人首次設定金融卡密碼之系統 1完成。 The method of assisting the cardholder to set the financial card password for the first time may or may not be completed in conjunction with the aforementioned system 1 for helping the cardholder to first set the financial card password.
藉由以下實例更詳細地描述本創作的具體實施方式,但本創作並不受限於其中提供的特定配置、條件及方法。The specific embodiments of the present work are described in more detail by the following examples, but the present invention is not limited to the specific configurations, conditions, and methods provided therein.
實例Instance 11 :前置作業: Front work
金融業者提供一管理伺服器(第一伺服器),其安裝有密碼設定模組,供行員為申請辦理新金融卡的使用者(金融卡持卡人,在實例中以「使用者」稱之),註冊登錄所約定的認證資料,該註冊資料儲存於密碼設定模組的資料庫內。其相關交易功能及註冊內容如下:The financial provider provides a management server (first server) with a password setting module for the operator to apply for a new financial card (financial card holder, in the example "user" ), register and log in the agreed authentication data, and the registration data is stored in the database of the password setting module. Its related trading functions and registration contents are as follows:
1. 綁定使用者行動裝置設備認證資料(第一認證資料): a. 登錄IMEI/UDID/Keychain/MAC/身份證號/生日/手機電話號碼/等認證資料。 此處可由辦理新金融卡的使用者先到金融業者之分行櫃檯或預先在官方網站,自所屬手機查得IMEI/UDID/Keychain/MAC等資料後填入申請表單,行員配合申請單填寫內容將資料登錄系統。前述認證資料可與使用者的身份證號綁定。 b. 第一認證資料之使用: (1) 於綁定第一認證資料時,密碼設定模組當下自動隨機亂數指定其組合方法之初始值,並將該組合方法儲存於資料庫(3個Bytes)。 (2) 該組合方法係用於將IMEI/UDID/Keychain/MAC/身份證號/生日等欄位資料做隨機組合。 (3) 在資料庫儲存的「組合方法」(3個Bytes),實質是個數字,資料庫不 儲存經組合後的資料原始內容。此處資料庫儲存的「組合方法」值,僅為一個初始值,密碼設定模組於每次受理請求時應重新自動隨機亂數產出「組合方法」值,以新的「組合方法」值更新資料庫該欄值。 (4) 經組合後的資料原始內容,後續以「Current_key」(此處為第一金鑰)稱之,其長度應至少128個Bytes。此「Current_key」即為後續欲對敏感性資料以進階加密標準(AES)加密時的金鑰。欲知Current_key需先知它的「組合方法」以及其相對應程式碼,當原註冊登錄綁定的第一認證資料外洩時,亦未直接暴露該使用者的Current_key內容。1. Bind the user mobile device device authentication data (first authentication data): a. Log in to IMEI/UDID/Keychain/MAC/ID number/birthday/mobile phone number/etc. Here, the user who handles the new financial card can go to the branch counter of the financial industry or pre-registered on the official website to find the IMEI/UDID/Keychain/MAC and other information from the mobile phone. The application form will be filled in with the application form. Data login system. The aforementioned authentication information can be bound to the user's ID number. b. Use of the first authentication data: (1) When binding the first authentication data, the password setting module automatically assigns the initial value of the combination method to the current random random number, and stores the combined method in the database (3 Bytes). (2) The combination method is used to randomly combine field data such as IMEI/UDID/Keychain/MAC/ID number/birthday. (3) The "combination method" (3 Bytes) stored in the database is essentially a number. The database does not store the original content of the combined data. The "combination method" value stored in the database here is only an initial value. The password setting module should automatically reproduce the "combination method" value randomly with each random request, with the new "combination method" value. Update the database for this column value. (4) The original content of the combined data, which is subsequently referred to as "Current_key" (here the first key), shall be at least 128 Bytes in length. This "Current_key" is the key to subsequent encryption of sensitive data with Advanced Encryption Standard (AES). In order to know that Current_key needs to know its "combination method" and its corresponding code, when the first authentication data of the original registration login is leaked, the user's Current_key content is not directly exposed.
2. 綁定使用者識別資料(第二認證資料): 行員為申辦新金融卡的使用者登錄自選文摘1則(512 Bytes≦ 文摘 ≦1024 Bytes)。第二認證資料亦可與使用者的身份證號綁定。該自選文摘可由使用者提供、或由行員、或由系統隨機自資料庫為使用者挑選。2. Bind user identification data (second authentication data): The clerk logs in the optional digest 1 (512 Bytes ≦ Digest ≦ 1024 Bytes) for the user who applies for the new financial card. The second authentication material can also be bound to the user's ID number. The self-selected abstracts may be provided by the user, or selected by the staff member, or by the system randomly from the database for the user.
使用者於以上前置作業註冊資料完成後,即可操作交易裝置,從網路環境(Internet)下載/安裝「初始密碼應用程式」(軟體產品(App)),於完成安裝作業後,始告前置作業完成:After the above pre-work registration data is completed, the user can operate the transaction device and download/install the "initial password application" (software (App)) from the network environment (Internet), and after the installation is completed, the report is started. Pre-job completion:
1. App須強制提供圖形密碼、按鍵式密碼、指紋辨識、或臉部辨識等選項,供使用者設定App的啟動密碼。1. The app must be forced to provide graphical password, touch-tone password, fingerprint identification, or face recognition options for the user to set the startup password of the app.
2. 使用者於每次執行該App時,App須要求使用者輸入使用者身份證號、生日、及金融卡帳號,並即時發送上行電文給密碼設定模組完成初步鑑別使用者身份。 a. 上行電文內容需包含身份證號、生日、金融卡帳號、及App的版號、日期等資訊。 b. 伺服器端的密碼設定模組鑑別使用者身份及其行動裝置設備無誤之後,須儲存該App的版號、日期、本次申請金融卡帳號等上行電文資訊,供未來在交易作業階段鑑別App合法性之用。 c. 該「金融卡帳號」須為新申請且尚未變更金融卡初始密碼之金融卡帳號。2. Each time the user executes the app, the app must ask the user to enter the user ID number, birthday, and financial card account number, and immediately send the uplink message to the password setting module to complete the initial identification of the user identity. a. The content of the uplink message must include the ID number, birthday, financial card account number, and the version number and date of the app. b. After the password setting module of the server end authenticates the user identity and the mobile device device is correct, the app's version number, date, and the application for the financial card account and other uplink message information must be stored for future identification in the transaction operation phase. Use for legality. c. The “Financial Card Account Number” must be a new financial card account that has not yet changed the initial password of the financial card.
實例Instance 22 :交易作業: Trading assignments
1. 使用者在個人裝置介面登入「啟動密碼」後啟動如實例1之App,App要求使用者輸入身份鑑別資訊: a. App於個人裝置介面顯示訊息,要求輸入使用者身份證號、生日、及金融卡帳號。 b. 上行電文關鍵內容 = 身份證號、生日、金融卡帳號、以及安裝該APP之版號與日期等資訊。 c. 上行電文訊息經防火牆(Web AP F/W)解譯SSL加密內容後傳遞給密碼設定模組主機。 d. 密碼設定模組依據上行電文訊息審核該使用者所安裝App的合法性、以及確認使用者之金融卡帳號當下狀態。 (1) 該金融卡帳號須為新申請且尚未變更金融卡初始密碼之金融卡帳號。 (2) 該金融卡狀態須為正常戶。 (3) 當密碼設定模組資料庫有該帳號資料、但未逾時10分鐘以上,應拒絕App之本次交易重覆請求。 (4) 於鑑別使用者身份(身份證號、生日、金融卡帳號)不符合時,密碼設定模組須同步透過簡訊、電子郵件等通報持卡人。於累積錯誤次數超過4次時,系統應拒絕交易,並請使用者聯繫客服人員審核使用者身份之後重設累積錯誤次數。 e. 密碼設定模組審核上行電文訊息無誤後,產出下行電文回覆App: (1) 系統依據資料庫儲存該使用者的「組合方法」,以使用者原始綁定之行動裝置認證資料產出「Current_key」(第一金鑰)。 (2) 下行電文關鍵內容 = 網頁識別碼 + 組合方法 + 以「Current_key」AES(加密方法 + 自選文摘 + SHA-256(「Current_key」)) + App合法性鑑別結果,其中,SHA-256為一雜湊函式。 (a) 「加密方法」欄共計10個Bytes,前3個Bytes放置產出「Current_key」的「組合方法」、第4~6個Bytes放置當次加密方法項目、末4個Bytes放置當次加密時「自選文摘」的開始取樣位置。 (b) 上述「加密方法」值及「開始取樣位置」值均於交易當下隨機亂數產出,此隨機亂數值需異於前三次記錄。 (c)「網頁識別碼」為密碼設定模組、App、金融卡系統等多方系統針 對同一請求交易的共同識別序號,網頁識別碼值由密碼設定模組產生。網頁識別碼值生命週期,於密碼設定模組在此產出下行電文回覆App時產生、於App取得認證碼值圖像、持卡人操作自動存提款機特定功能完成金融卡新密碼設定後結束。 f. 將前述上行電文及下行電文內容儲存於密碼設定模組的資料庫,供後續交易鑑別勾稽使用者身份之用。1. After the user enters the "Startup Password" on the personal device interface, the App starts as shown in Example 1. The App asks the user to enter the identity authentication information: a. The App displays a message on the personal device interface, asking for the user ID number, birthday, And financial card account number. b. Key content of the uplink message = ID number, birthday, financial card account number, and the version number and date of installing the app. c. The uplink message is interpreted by the firewall (Web AP F/W) and transmitted to the password setting module host. d. The password setting module reviews the legality of the application installed by the user according to the uplink message, and confirms the current status of the user's financial card account. (1) The financial card account number must be a new financial card account that has not yet changed the initial password of the financial card. (2) The status of the financial card must be a normal household. (3) When the password setting module database has the account information but has not exceeded the time of more than 10 minutes, the application should be rejected for the transaction. (4) When the identity of the user (ID card number, birthday, financial card account number) is not met, the password setting module must simultaneously notify the cardholder via SMS, email, etc. When the cumulative number of errors exceeds 4 times, the system should reject the transaction, and ask the user to contact the customer service staff to review the user's identity and reset the cumulative number of errors. e. After the password setting module verifies that the uplink message is correct, it outputs the downlink message reply App: (1) The system stores the user's "combination method" according to the database, and the user's original binding mobile device authentication data is output. "Current_key" (first key). (2) The key content of the downlink message = Web page identification code + combination method + "Current_key" AES (encryption method + optional digest + SHA-256 ("Current_key")) + App legality identification result, where SHA-256 is one Hash function. (a) The "Encryption Method" column has a total of 10 Bytes. The first 3 Bytes are placed with the "Current_key" "Combination Method", the 4th to 6th Bytes are placed for the next encryption method item, and the last 4 Bytes are placed for the next encryption. The sampling position at the beginning of "Self-Selected Digest". (b) The above "encryption method" value and the "start sampling position" value are all generated randomly in the current random number of transactions. This random chaotic value is different from the first three records. (c) "Web page identification code" is a common identification number for a multi-party system such as a password setting module, an App, and a financial card system for the same request transaction, and the web page identification code value is generated by the password setting module. The webpage identification code value life cycle is generated when the password setting module outputs the downlink message replying app, the app obtains the authentication code value image, and the cardholder operates the automatic depositing and dispensing machine specific function to complete the financial card new password setting. End. f. Store the foregoing uplink message and the downlink message content in the database of the password setting module for subsequent transaction identification to identify the identity of the user.
2. App於收到密碼設定模組的下行電文後: a. 當下行電文內容之「App合法性鑑別結果」值是成功時,依據下行電文之「組合方法」值(下行電文之「加密方法」欄的前3個Bytes值),自使用者的行動裝置取得該裝置資料(包含IMEI/UDID/ Keychain/MAC等資訊),以及該使用者的個人資訊(身份證號/生日等資訊,可由該使用者自行登錄並儲存於該行動裝置),以 產出「Current_key」(第二金鑰)(亦即,該App內建有複數個組合方法,可依據所接獲的編號來確定使用的組合方法),一來對下行電文之「加密方法」欄做解密,取得當次「加密方法」明碼值;二來鑑別下行電文之SHA-256 (「Current_key」)欄值的一致性(鑑別當下App所連結之密碼設定模組主機的合法性)。 b. App再依當次「加密方法」(下行電文之「加密方法」欄的第4~6個Bytes值、以及末4個Bytes值)對「自選文摘」內容做加密並產出上行電文,向密碼設定模組發動取得認證碼請求(亦即,該App內建有複數個加密方法,可依據所接獲的編號來確定使用的加密方法)。 (1) 上行電文關鍵內容 = 網頁識別碼 + Mobile值 + Verify值 + 前述各步驟上下行電文的部份資料 (a) Mobile值 = SHA-256(從交易裝置本機產出的「Current_key」 (b) Verify值 = 以「Current_key」AES{(依加密方法對「自選文摘」內容做加密) + SHA-256(「自選文摘」內容)} ;「加密方法」欄共計10個Bytes,前3個Bytes放置產出「Current_key」的「組合方法」、第4~6個Bytes放置當次加密方法項目、末4個Bytes放置當次加密時「自選文摘」的開始取樣位置。App依據前述下行電文取得的「加密方法」值,以所指定「自選文摘」的「開始取樣位置」值做開始取樣、以所指定的「加密方法」編號值執行對應的加密用程式碼,經加密後產出x值,其長度應至少128個Bytes。之後,再以「Current_key」(第二金鑰)AES加密保護該x值以及相關雜湊函數值。 (2) App將本次上行電文經SSL加密後,傳送給密碼設定模組主機。2. After receiving the downlink message of the password setting module: a. When the value of the “Applicability Identification Result” of the downlink message content is successful, according to the “combination method” value of the downlink message (the encryption method of the downlink message) The first three Bytes values in the column), the device data (including IMEI/UDID/Keychain/MAC information) obtained from the user's mobile device, and the user's personal information (ID number/birthday, etc.) The user logs in and stores in the mobile device to generate "Current_key" (ie, the second key is built in the app), and the application can be determined according to the received number. The combination method), first decrypts the "encryption method" column of the downlink message, obtains the current "encryption method" clear code value; second, identifies the consistency of the SHA-256 ("Current_key") column value of the downlink message (identification of the present The password linked to the app sets the legality of the module host). b. The App encrypts the content of the "Self-Selected Digest" and outputs the uplink message according to the "Encryption Method" (the 4th to 6th Bytes value and the last 4 Bytes values in the "Encryption Method" column of the downlink message). The authentication code request is sent to the password setting module (that is, the application has a plurality of encryption methods built in, and the encryption method used can be determined according to the received number). (1) The key content of the uplink message = Web page identification code + Mobile value + Verify value + Part of the data of the uplink and downlink messages in the above steps (a) Mobile value = SHA-256 (Current_key) (from the local device of the trading device) b) Verify value = "Current_key" AES{ (encrypt the contents of "Selected Digest" according to the encryption method) + SHA-256 ("Selected Digest" content)}; "Encryption Method" column totals 10 Bytes, the first 3 Bytes places the "combination method" of "Current_key", the 4th to 6th Bytes to place the current encryption method item, and the last 4 Bytes to place the sampling position of "Self-Selected Digest" when the encryption is performed. The App obtains the following downlink message. The "encryption method" value starts sampling with the "start sampling position" value of the specified "automatic abstracts", and executes the corresponding encryption code with the specified "encryption method" number value, and outputs an x value after encryption. The length should be at least 128 Bytes. After that, the value of the x value and the associated hash function are protected by the "Current_key" (Second Key) AES. (2) The App encrypts the uplink message by SSL and transmits it to Password setting Host module.
3. 密碼設定模組於收到App的上行電文(請求取得認證碼)後: a. 依據該使用者本次交易資訊,檢核App的本次上行電文內容,鑑別該行動裝置設備內容(IMEI/UDID/Keychain/MAC)、該使用者的個人資訊(身份證號/生日)等資料的合法性、以及所安裝App的正確性,從而達到鑑別使用者身份的目的。 b. 於鑑別使用者身份不符合時,密碼設定模組須同步透過簡訊、電子郵件等通報持卡人。於累積錯誤次數超過4次時,系統應拒絕交易,並請使用者聯繫客服人員審核使用者身份之後重設累積錯誤次數。 c. 於鑑別使用者身份符合後,密碼設定模組產出上行電文內容,向金融卡系統主機(第二伺服器)發動請求取得當次認證碼值。 (1) 上行電文內容包括:網頁識別碼、金融卡帳號、交易日期、交易時間、ATM機號(此處為空白值)、ATM交易序號(此處為空白值)、認證碼值(此處為空白值)等資料。 (2) 金融卡系統(金融卡管理模組)核驗上行電文無誤後,隨機產出「認證碼值」並回覆給密碼設定模組。 (a)「認證碼」係為後續供持卡人以新申請實體金融卡插入自動存提款機(認證裝置)並操作特定交易、完成金融卡新密碼設定作業時,做為金融卡系統對持卡人身份鑑別之用。 (b) 金融卡管理模組每次動態隨機產出的「認證碼」,有效期10分鐘、認證碼值為6~8碼隨機數字。 (c) 金融卡管理模組儲存此交易需求內容,供後續持卡人以新申請實體金融卡插入自動存提款機並操作特定交易、完成金融卡新密碼設定作業時,做為金融卡系統對持卡人身份鑑別之用。 d. 密碼設定模組於收妥認證碼值後,先採「視覺密碼學理論方法」對金融卡初始密碼值明碼 產出「認證碼值圖像」,之後再產出下行電文(含加密後認證碼值圖像),經SSL加密後回覆給App。 (1) 採「視覺密碼學理論方法」加密產出「認證碼值圖像」: (a) 步驟一:隨機取得底圖或底色 (b) 步驟二:在背景產製數條干擾線(線條顏色、粗細、長短、位置均隨機產生) (c) 步驟三:產製數字(隨機數字顏色、字體、字形、向不同方向(PIXEL)移位產製多 次相同數字) (d) 步驟四:在前景產製數條干擾線(線條顏色、粗細、長短、位置均隨機產生) (e) 步驟五:產生JPEG圖檔 (f) 經此方法將密碼值明碼做妥適加密保護之後,該圖像之明碼值需要人工以眼睛目視方式才能正確讀取。 (2) 下行電文關鍵內容:網頁識別碼、認證碼值圖像、App合法性鑑別結果等資料。 (3) 密碼設定模組更新資料庫之該使用者本次交易處理狀況與身份鑑別結果等資訊。 (4) 本次下行電文內容除了包含認證碼值圖像,另應包含通知持卡人儘速在限時內(例如,10分鐘) 操作自動存提款機特定功能完成金融卡新密碼設定。 (5) 密碼設定模組須同步透過簡訊、電子郵件通知持卡人:認證碼值完成交付,請持卡人儘速在限時內操作自動存提款機特定功能完成金融卡新密碼設定等訊息。3. After receiving the uplink message of the App (requesting the authentication code): a. According to the transaction information of the user, check the content of the uplink message of the App to identify the device content of the mobile device (IMEI) /UDID/Keychain/MAC), the legality of the user's personal information (ID number/birthday), and the correctness of the installed app, so as to identify the user. b. When the identity of the user is not met, the password setting module must simultaneously notify the cardholder via SMS, email, etc. When the cumulative number of errors exceeds 4 times, the system should reject the transaction, and ask the user to contact the customer service staff to review the user's identity and reset the cumulative number of errors. c. After the identity of the user is verified, the password setting module outputs the uplink message content, and sends a request to the financial card system host (the second server) to obtain the current authentication code value. (1) The content of the uplink message includes: web page identification code, financial card account number, transaction date, transaction time, ATM machine number (here is blank value), ATM transaction serial number (here is blank value), authentication code value (here For blank values) and other information. (2) After verifying that the uplink message is correct, the financial card system (financial card management module) randomly generates the "authentication code value" and replies to the password setting module. (a) "Authentication Code" is used as a financial card system for subsequent cardholders to insert a new application entity financial card into an automatic depositing machine (authentication device) and operate a specific transaction and complete the new password setting operation of the financial card. Cardholder identity identification. (b) The "authentication code" of the financial card management module for each dynamic random output, valid for 10 minutes, and the authentication code value is 6~8 code random numbers. (c) The financial card management module stores the content of the transaction request for subsequent cardholders to use the new application entity financial card to insert the automatic deposit and withdrawal machine and operate the specific transaction, complete the financial card new password setting operation, as the financial card system For the identification of cardholders. d. After receiving the authentication code value, the password setting module first adopts the "visual cryptography theory method" to produce the "authentication code value image" for the initial password value of the financial card, and then outputs the downlink message (including the encrypted message). The authentication code value image) is encrypted and then replied to the App. (1) Encrypted the "Certificate Code Value Image" using the "Visual Cryptography Theory Method": (a) Step 1: Randomly obtain the basemap or background color (b) Step 2: Produce several interference lines in the background ( Line color, thickness, length, position are randomly generated) (c) Step 3: Production number (random number color, font, glyph, shifting in different directions (PIXEL) multiple times the same number) (d) Step 4 : Produce several interference lines in the foreground (line color, thickness, length, position are randomly generated) (e) Step 5: Generate JPEG image file (f) After this method is used to properly encrypt and encrypt the password value, The clear value of the image needs to be manually visually read by the eye. (2) The key content of the downlink message: webpage identification code, authentication code value image, App legality identification result and other data. (3) The password setting module updates the information of the transaction processing status and the identity identification result of the user of the database. (4) In addition to the image of the authentication code value, the content of the downlink message should include notifying the cardholder to operate the automatic cash register specific function within the time limit (for example, 10 minutes) to complete the new password setting of the financial card. (5) The password setting module must simultaneously notify the cardholder via SMS or email: the authentication code value is delivered. Please wait for the cardholder to operate the automatic depositing machine specific function within the time limit to complete the financial card new password setting and other information. .
4. App於收到密碼設定模組的下行電文(含認證碼值圖像)後: a. 顯示認證碼值圖像於個人裝置介面。 b. 顯示通知持卡人儘速在限時內操作自動存提款機特定功能完成金融卡新密碼設定等訊息於個人裝置介面。 c. App將本筆交易選擇重點資料儲存於個人裝置設備端的加密型檔案。該檔 案採先進先出法,最多儲存十筆交易記錄軌跡。4. After receiving the downlink message (including the authentication code value image) of the password setting module: a. Display the authentication code value image on the personal device interface. b. Display the notification cardholder to operate the ATM function in the limited time as soon as possible to complete the financial card new password setting and other information in the personal device interface. c. The App stores the key selection data of this transaction in the encrypted file on the device side of the personal device. The file adopts the first-in, first-out method and stores up to ten transaction record tracks.
5. 使用者(持卡人)於取得認證碼後,須在限時內,以新申請實體金融卡插入自動存提款機(認證裝置)並操作特定交易,完成金融卡新密碼的設定作業。 a. 認證裝置的特定交易功能: (1) 該特定交易功能係參照現行分行櫃檯「金融卡重設密碼」交易功能(非金融卡密碼變更交易),供持卡人以新申請實體金融卡插入自動存提款機、在自動存提款機介面輸入當次認證碼值、以及自行設定的金融卡新密碼值,完成金融卡新密碼的設定作業。 (2) 特定交易功能資料處理流程: (a) 特定交易功能連線呼叫實體金融卡晶片內軟體,請其隨機產出一組亂數。 (b) 產出上行電文,向金融卡管理模組發動產出該金融卡新密碼值請求。上行電文關鍵資料:金融卡帳號、認證碼、金融卡新密碼、金融卡晶片軟體當次產出之亂數值等資料。 (c) 金融卡管理模組審核上行電文無誤後,連線呼叫實體亂碼化設備(Hardware DES)產出經亂碼化後的金融卡新密碼值。 (d) 金融卡管理模組產出下行電文(內含「經亂碼化後的金融卡新密碼值」)回覆給自動存提款機特定交易功能。 (e) 特定交易功能連線呼叫實體金融卡晶片內軟體,請其解鎖卡片、以及寫入「經亂碼化後的金融卡新密碼值」至晶片。 b. 金融卡管理模組每次動態隨機產出的「認證碼」,其具有特定有效時限,持卡人須在限時內)完成設定金融卡新密碼。 c. 當該金融卡已完成新密碼設定作業,自動存提款機應拒絕持卡人重覆執行特定交易功能。5. After obtaining the authentication code, the user (cardholder) must insert the new application physical financial card into the automatic depositing and dispensing machine (authentication device) and operate the specific transaction within the time limit to complete the setting of the new financial card password. a. Specific transaction function of the authentication device: (1) The specific transaction function refers to the current branch counter "Financial Card Reset Password" transaction function (non-financial card password change transaction) for the cardholder to insert the new application entity financial card The automatic depositing and dispensing machine, inputting the current authentication code value in the automatic depositing and dispensing machine interface, and the new financial card password value set by itself, complete the setting operation of the new financial card password. (2) Specific transaction function data processing flow: (a) The specific transaction function connects the software in the physical financial card chip, and asks it to randomly generate a random number. (b) Produce an uplink message and initiate a request for the new password value of the financial card to the financial card management module. The key information of the uplink message: the financial card account number, the authentication code, the new password of the financial card, and the chaotic value of the financial chip chip software output. (c) After the financial card management module verifies that the uplink message is correct, the connected call entity garbled device (Hardware DES) outputs the garbled financial card new password value. (d) The financial card management module outputs a downlink message (including the "new password value of the garbled financial card") to the automatic deposit and withdrawal machine specific transaction function. (e) The specific transaction function connects to the software in the physical financial card chip, please unlock the card and write the "garbled new financial card password value" to the chip. b. Each time the financial card management module randomly generates an "authentication code" with a specific valid time limit, the cardholder must complete the new financial card password within a limited time. c. When the financial card has completed the new password setting operation, the automatic depositing machine should refuse the cardholder to repeatedly perform the specific transaction function.
6. 當使用者(持卡人)忘記認證碼值時,使用者須重新執行交易作業(上述步驟1.~5.)的完整程序,以取得新的認證碼值。6. When the user (cardholder) forgets the authentication code value, the user must re-execute the complete procedure of the transaction operation (steps 1. to 5. above) to obtain a new authentication code value.
7. 當使用者(持卡人)未能在限時內從自動存提款機完成金融卡新密碼設定時,當次認證碼將逾時失效,使用者須重新執行交易作業(上述步驟1.~6.)的完整程序,以取得新的認證碼值。7. When the user (cardholder) fails to complete the new financial card password setting from the automatic cash dispenser within the time limit, the current authentication code will expire and the user must re-execute the transaction (step 1. above). The complete procedure of ~6.) to obtain a new authentication code value.
綜上所述,本創作在交易裝置(行動裝置設備)及認證裝置(自動存提款機)兩個實體裝置相互分離下,藉由持卡人以人工操作行動裝置取得認證碼,促使兩個實體裝置分工處理同一筆交易請求,限時限次的完成身份勾稽暨鑑別程序,讓持卡人可及時手持金融卡在自動存提款機操作完成金融卡新密碼的設定作業。此等多因子交易安全模式,不僅符合主管機關對於交易安全設計應具使用「兩項(含)以上技術」的要求、更可確保該電子交易為人工操作完成,完全防範木馬程式自遠端操控交易的風險。In summary, in the creation of the transaction device (mobile device device) and the authentication device (automatic depositing and dispensing machine), the two physical devices are separated from each other, and the cardholder obtains the authentication code by manually operating the mobile device, thereby causing two The physical device divides and processes the same transaction request, and completes the identity check and identification process within a limited time limit, so that the cardholder can hold the financial card in time to complete the setting operation of the new financial card in the automatic depositing and dispensing machine operation. These multi-factor transaction security modes not only meet the requirements of the competent authority for the use of "two or more technologies" for transaction security design, but also ensure that the electronic transaction is completed manually, completely preventing the Trojan from remotely controlling. The risk of trading.
本創作係採二階段身份鑑別模式(包含對使用者個資資料、對所綁定的交易裝置認證資料及使用者識別資料、對交易是否為人工操作),有別於往常以「密碼」為唯一鑑別模式,對於使用者身份鑑別的交易安全門檻,可收到全面性的、實質性的強化效果。This creative department adopts a two-stage identification mode (including the user's personal information, the binding transaction device authentication data and the user identification data, and whether the transaction is manual operation), which is different from the usual "password". The unique authentication mode, for the security threshold of user identification, can receive comprehensive and substantial enhancement effects.
本創作之交易框架的操作行為,需要使用者手持實體金融卡片插入自動存提款機操作特定交易功能,輸入當次認證碼值、以及自行設定的金融卡新密碼值後,完成金融卡新密碼的設定作業。駭客無法自遠端操控上述人工操作行為來完成金融卡新密碼的設定作業。The operation behavior of the transaction framework of this creation requires the user to insert the physical financial card into the automatic depositing and dispensing machine to operate the specific transaction function, input the current authentication code value, and the new financial card password value, and complete the new financial card password. Setting up the job. The hacker cannot control the above manual operation behavior from the remote end to complete the setting operation of the new password of the financial card.
對於使用者而言,可排除紙本密碼函之相關保管、遺失、遭竊的負擔與風險。對於歹徒、駭客而言,需要同時取得使用者的實體金融卡、綁定的實體行動裝置、App的「啟動密碼」以及使用者個資之後,才有機會取得認證碼值 ,並需在限時內完成金融卡新密碼的設定作業。較諸往常只要取得紙本密碼函及實體金融卡後就可犯案,其防範門檻已明顯提昇。For the user, the burden and risk of keeping, losing, and stolen the paper password letter can be ruled out. For gangsters and hackers, it is necessary to obtain the user's physical financial card, the bound physical mobile device, the App's "start password" and the user's personal capital before they have the opportunity to obtain the authentication code value. Complete the setting of the new password for the financial card. As long as you can obtain a paper password letter and a physical financial card, you can commit crimes, and the threshold for prevention has been significantly improved.
對於金融機構而言,本創作除了確保資訊安全門檻提昇外,可為金融機構取代現行人工操作列印密碼函的繁瑣程序,節省其間配套的相關人工作業、環境設施、列印機器、紙張、郵遞、保管儲存、資安控管及風險稽查等等作業成本負擔,並能達到節能減碳的效果。For financial institutions, in addition to ensuring the improvement of the information security threshold, this creation can replace the cumbersome procedures of the current manual operation of printing password letters for financial institutions, saving related manual work, environmental facilities, printing machines, paper, and postal services. The cost of operation, such as storage and storage, security control and risk auditing, can achieve the effect of energy saving and carbon reduction.
1‧‧‧用於幫助持卡人首次設定金融卡密碼之系統 1 ‧‧‧System for helping cardholders to set the financial card password for the first time
10‧‧‧第一伺服器 10 ‧‧‧First server
12‧‧‧密碼設定模組 12 ‧‧‧ password setting module
122‧‧‧儲存子模組 122 ‧‧‧Storage submodule
20‧‧‧第二伺服器 20 ‧‧‧Second server
22‧‧‧金融卡管理模組 22 ‧‧‧Financial Card Management Module
30‧‧‧軟體產品 30 ‧‧‧Software products
40‧‧‧認證裝置 40 ‧‧‧Certified device
42‧‧‧顯示元件 42 ‧‧‧Display components
44‧‧‧輸入元件 44 ‧‧‧Input components
46‧‧‧金融卡讀寫元件 46 ‧‧‧Financial card reading and writing components
70‧‧‧行動裝置 70 ‧‧‧ mobile devices
S110~S410‧‧‧步驟流程 S110~S410 ‧‧‧Step process
圖 1係繪示本創作之一具體實施例之系統之方塊圖。 Figure 1 is a block schematic diagram of one embodiment of a system of the present embodiment DETAILED creation.
圖 2係繪示本創作之一具體實施例之方法之流程圖。 FIG 2 shows a flowchart of a method of the system of one embodiment according to the present embodiment DETAILED creation.
Claims (5)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW107217000U TWM578432U (en) | 2018-12-14 | 2018-12-14 | System for assisting a financial card holder in setting password for the first time |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW107217000U TWM578432U (en) | 2018-12-14 | 2018-12-14 | System for assisting a financial card holder in setting password for the first time |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| TWM578432U true TWM578432U (en) | 2019-05-21 |
Family
ID=67352908
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW107217000U TWM578432U (en) | 2018-12-14 | 2018-12-14 | System for assisting a financial card holder in setting password for the first time |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWM578432U (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI679603B (en) * | 2018-12-14 | 2019-12-11 | 台新國際商業銀行股份有限公司 | System for assisting a financial card holder in setting password for the first time and method thereof |
-
2018
- 2018-12-14 TW TW107217000U patent/TWM578432U/en unknown
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TWI679603B (en) * | 2018-12-14 | 2019-12-11 | 台新國際商業銀行股份有限公司 | System for assisting a financial card holder in setting password for the first time and method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11461764B2 (en) | Systems and methods for performing a reissue of a contactless card | |
| US10586229B2 (en) | Anytime validation tokens | |
| CN106688004B (en) | Transaction authentication method and device, mobile terminal, POS terminal and server | |
| EP4287151A2 (en) | Contactless card personal identification system | |
| CN113170299A (en) | System and method for password authentication of contactless cards | |
| CN105027153A (en) | Methods, devices, and systems for secure provisioning, transmission, and authentication of payment data | |
| CN101335754B (en) | Method for information verification using remote server | |
| US20230085206A1 (en) | Augmented reality card activation experience | |
| KR20120108599A (en) | Credit card payment service using online credit card payment device | |
| CA3122948A1 (en) | Authentication for third party digital wallet provisioning | |
| WO2005072492A2 (en) | Nonredirected authentication | |
| US11631074B2 (en) | Device account verification and activation | |
| EP3026620A1 (en) | Network authentication method using a card device | |
| JP5431804B2 (en) | Authentication system and authentication method | |
| TWM578432U (en) | System for assisting a financial card holder in setting password for the first time | |
| TWI677842B (en) | System for assisting a financial card holder in setting password for the first time and method thereof | |
| TWM578411U (en) | System for assisting a financial card holder in setting password for the first time | |
| AU2020343996B2 (en) | Systems and methods for performing a reissue of a contactless card | |
| TWM580720U (en) | System for assisting a network service user in setting password for the first time | |
| CN111260343A (en) | Information authentication method, device and system based on confirmation code | |
| TWI679603B (en) | System for assisting a financial card holder in setting password for the first time and method thereof | |
| CN116868217A (en) | Non-contact delivery system and method | |
| AU2015200701B2 (en) | Anytime validation for verification tokens | |
| KR101619282B1 (en) | Cloud system for manging combined password and control method thereof | |
| CN109284999A (en) | Business confirmation method and system based on mobile network's terminal |