TWM580206U - System for identifying identity through telecommunication server by identification data device - Google Patents

System for identifying identity through telecommunication server by identification data device Download PDF

Info

Publication number
TWM580206U
TWM580206U TW108204773U TW108204773U TWM580206U TW M580206 U TWM580206 U TW M580206U TW 108204773 U TW108204773 U TW 108204773U TW 108204773 U TW108204773 U TW 108204773U TW M580206 U TWM580206 U TW M580206U
Authority
TW
Taiwan
Prior art keywords
data
server
identity
user
mobile device
Prior art date
Application number
TW108204773U
Other languages
Chinese (zh)
Inventor
連子清
林志能
Original Assignee
臺灣網路認證股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 臺灣網路認證股份有限公司 filed Critical 臺灣網路認證股份有限公司
Priority to TW108204773U priority Critical patent/TWM580206U/en
Publication of TWM580206U publication Critical patent/TWM580206U/en

Links

Abstract

一種以裝置識別資料透過電信伺服器識別身份之系統,其透過行動裝置透過行動通訊網路傳送裝置識別資料至電信伺服器並接收電信伺服器所傳回的許可信物後,經由服務伺服器傳送許可信物以及使用者資料至電信伺服器,電信伺服器依據許可信物及使用者資料產生身份辨識結果並傳送身份辨識結果給服務伺服器之技術手段,可以達成單獨使用行動裝置完成身份辨識的技術功效。A system for identifying an identity by means of a device identification data through a telecommunications server, which transmits a license information through a mobile device to transmit a device identification information to a telecommunications server through a mobile communication network and receives a license token returned by the telecommunications server And the user data to the telecom server, the telecommunication server generates the identity identification result according to the license token and the user data and transmits the identity identification result to the service server, and the technical effect of separately using the mobile device to complete the identity recognition can be achieved.

Description

以裝置識別資料透過電信伺服器識別身份之系統System for identifying identity through device identification by device identification data

一種身份識別系統,特別係指一種以裝置識別資料透過電信伺服器識別身份之系統。An identification system, in particular, a system for identifying an identity by means of a device identification data via a telecommunications server.

近年來,由於通訊及網路相關產業的高度發展,人們對各種服務電子化與行動化的需求日益升高,這樣的需求也反映在金融業與政府公部門上,舉例來說,券商、銀行、保險公司、投顧公司、政府單位除了提供網路服務之外,也開始提供行動應用程式(APP),使用者可以使用手機或平板等各種的行動裝置執行行動應用程式,行動應用程式通過網際網路連線到對應的服務主機(或稱為應用主機)後,使用者可以操作行動裝置進行證券交易、轉帳、投保、申請文件等行動服務。如此,使用者可以不需要離開所在位置,即可進行所需的行動服務。In recent years, due to the high development of communication and network-related industries, people's demand for electronic and mobile services has increased. This demand is also reflected in the financial industry and the government's public sector. For example, brokers and banks. In addition to providing Internet services, insurance companies, investment companies, and government agencies have also begun to provide mobile applications (APPs). Users can use mobile devices or tablets to execute mobile applications. Mobile applications are available through the Internet. After the network is connected to the corresponding service host (or application host), the user can operate the mobile device for securities transactions, transfer, insurance, application documents and other mobile services. In this way, the user can perform the required action service without leaving the location.

使用者在使用網路服務或行動服務時,通常需要先進行身份辨識。目前,透過網路進行身份辨識的方式,大多需要使用硬體載具來辨識使用者的身份,例如,使用特定的USB隨身碟或智慧卡(晶片卡)儲存使用者的憑證資料,藉以在使用者進行行動服務時,透過連接儲存憑證資料的USB隨身碟或智慧卡來進行身份辨識。When users use network services or mobile services, they usually need to identify themselves first. At present, the identification method through the network mostly needs to use a hardware carrier to identify the user's identity. For example, using a specific USB flash drive or a smart card (wafer card) to store the user's credentials, thereby using it. When performing mobile services, identify the USB flash drive or smart card that stores the voucher data.

然而,使用硬體載具來辨識使用者身份的方式,大多只能在電腦上進行,主要原因是硬體載具需要透過USB等連接插槽與電腦連接,或透過如讀卡機等外接裝置讀取,但目前的行動裝置大多沒有設置可以與硬體載具連接的連接插槽,或使用者需另備外接裝置讀取硬體載具,因此,大部分的行動裝置並無法連接硬體載具,如此,導致使用者無法使用行動裝置進行身份辨識,以至於無法使用行動服務,造成使用者的不便。However, the way to use the hardware carrier to identify the user's identity can only be carried out on the computer. The main reason is that the hardware carrier needs to be connected to the computer through a connection slot such as USB, or through an external device such as a card reader. Read, but most of the current mobile devices do not have a connection slot that can be connected to the hardware carrier, or the user needs to provide an external device to read the hardware carrier. Therefore, most mobile devices cannot be connected to the hardware. The vehicle, as a result, prevents the user from using the mobile device for identification, so that the mobile service cannot be used, causing inconvenience to the user.

綜上所述,可知先前技術中長期以來一直存在行動裝置不易連接硬體載具以辨識使用者身份的問題,因此有必要提出改進的技術手段,來解決此一問題。In summary, it can be seen that in the prior art, there has been a long-standing problem that the mobile device is not easy to connect the hardware carrier to identify the user, and therefore it is necessary to propose an improved technical means to solve the problem.

有鑒於先前技術存在行動裝置不易連接硬體載具以辨識使用者身份的問題,本創作遂揭露一種以裝置識別資料透過電信伺服器識別身份之系統,其中:In view of the prior art, there is a problem that the mobile device is difficult to connect the hardware carrier to identify the user. The present invention discloses a system for identifying the identity of the device through the telecommunication server, wherein:

本創作所揭露之以裝置識別資料透過電信伺服器識別身份之系統,至少包含:服務伺服器;電信伺服器,與服務伺服器連接;行動裝置,用以執行身份識別元件,身份識別元件更包含:資料取得模組,用以獲取使用者資料及裝置識別資料;通訊模組,用以透過行動通訊網路傳送裝置識別資料至電信伺服器,並接收電信伺服器所傳送之許可信物,及用以透過行動通訊網路經由服務伺服器傳送許可信物與使用者資料至電信伺服器,使電信伺服器依據許可信物及使用者資料產生身份辨識結果,並傳送身份辨識結果至服務伺服器。The system for identifying the identity of the device identification data through the telecommunication server disclosed in the present invention comprises at least: a service server; a telecommunication server connected to the service server; and a mobile device for executing the identity component, and the identity component further comprises a data acquisition module for obtaining user data and device identification data; a communication module for transmitting device identification data to a telecommunications server via a mobile communication network, and receiving a license information transmitted by the telecommunications server, and for The license information and the user data are transmitted to the telecommunications server via the service server via the service communication network, so that the telecommunications server generates the identity identification result according to the license information and the user data, and transmits the identity identification result to the service server.

本創作所揭露之系統如上,與先前技術之間的差異在於本創作透過行動裝置透過行動通訊網路傳送裝置識別資料至電信伺服器並接收電信伺服器所傳回的許可信物後,經由服務伺服器傳送許可信物以及使用者資料至電信伺服器,電信伺服器依據許可信物及使用者資料產生身份辨識結果並傳送身份辨識結果給服務伺服器,藉以解決先前技術所存在的問題,並可以達成單獨使用行動裝置完成身份辨識的技術功效。The system disclosed in the present application is as above, and the difference from the prior art is that the author transmits the device identification information to the telecommunication server through the mobile communication network through the mobile device and receives the license information returned by the telecommunication server, and then passes through the service server. Transmitting the license information and the user data to the telecom server, the telecommunication server generates the identity recognition result according to the license information and the user data and transmits the identity identification result to the service server, thereby solving the problems of the prior art and achieving the separate use. The technical function of the mobile device to complete the identification.

以下將配合圖式及實施例來詳細說明本創作之特徵與實施方式,內容足以使任何熟習相關技藝者能夠輕易地充分理解本創作解決技術問題所應用的技術手段並據以實施,藉此實現本創作可達成的功效。The features and implementations of the present invention will be described in detail below in conjunction with the drawings and the embodiments, which are sufficient to enable any skilled person to fully understand the technical means to which the present invention solves the technical problems and implement them accordingly. The achievable effect of this creation.

本創作可以在行動裝置與服務伺服器連接後,透過電信伺服器進行身份識別,並由電信伺服器將身份辨識結果傳送至行動裝置所連接的服務伺服器。The author can identify the mobile device after the mobile device is connected to the service server, and the telecommunication server transmits the identity recognition result to the service server connected to the mobile device.

以下先以「第1A圖」與「第1B圖」本創作所提之以裝置識別資料透過電信伺服器識別身份之系統架構圖來說明本創作的系統。如「第1A圖」所示,本創作之系統含有應用主機111、身份識別主機112、身份驗證伺服器113、行動裝置120、以及電信伺服器130。其中,應用主機111、身份識別主機112、身份驗證伺服器113、行動裝置120、電信伺服器130都是計算設備。The following is a system architecture diagram in which the device identification data is identified by the telecommunication server by "1A" and "1B". As shown in "FIG. 1A", the system of the present creation includes an application host 111, an identity host 112, an authentication server 113, a mobile device 120, and a telecommunications server 130. The application host 111, the identity recognition host 112, the identity verification server 113, the mobile device 120, and the telecommunications server 130 are all computing devices.

本創作所提之計算設備包含但不限於一個或多個處理器、一個或多個記憶體模組、以及連接不同元件(包括記憶體模組和處理器)的匯流排等元件。透過所包含之多個元件,計算設備可以載入並執行作業系統,使作業系統在計算設備上運行。The computing devices referred to in this creation include, but are not limited to, one or more processors, one or more memory modules, and components such as bus bars that connect different components, including memory modules and processors. Through the various components included, the computing device can load and execute the operating system to cause the operating system to run on the computing device.

本創作所提之計算設備的匯流排可以包含一種或多個類型,例如包含資料匯流排(data bus)、位址匯流排(address bus)、控制匯流排(control bus)、擴充功能匯流排(expansion bus)、及/或局域匯流排(local bus)等類型的匯流排。計算設備的匯流排包括但不限於並列的工業標準架構(ISA)匯流排、周邊元件互連(PCI)匯流排、視頻電子標準協會(VESA)局域匯流排、以及串列的通用序列匯流排(USB)、快速周邊元件互連(PCI-E)匯流排等。The bus of the computing device proposed by the present application may include one or more types, for example, including a data bus, an address bus, a control bus, and an expansion bus ( Expansion bus), and / or local bus and other types of bus. Busbars for computing devices include, but are not limited to, side-by-side industry standard architecture (ISA) busses, peripheral component interconnect (PCI) busses, video electronic standards associations (VESA) local busses, and tandem universal sequence busses (USB), Fast Peripheral Component Interconnect (PCI-E) bus, etc.

本創作所提之計算設備的處理器與匯流排耦接。處理器包含暫存器(Register)組或暫存器空間,暫存器組或暫存器空間可以完全的被設置在處理晶片上,或全部或部分被設置在處理晶片外並經由專用電氣連接及/或經由匯流排耦接至處理器。處理器可為處理單元、微處理器或任何合適的處理元件。若計算設備為多處理器設備,也就是計算設備包含多個處理器,則計算設備所包含的處理器都相同或類似,且透過匯流排耦接與通訊。處理器可以解釋一連串的多個指令使得計算設備執行特定的運算或操作,例如,數學運算、資料比對等,藉以運行作業系統或執行作業系統中的各種程式、模組、及/或元件。The processor of the computing device proposed by the present invention is coupled to the bus bar. The processor includes a register group or a scratchpad space, and the scratchpad group or scratchpad space can be completely disposed on the processing wafer, or all or part of the processor is disposed outside the processing chip and via a dedicated electrical connection. And/or coupled to the processor via a bus. The processor can be a processing unit, a microprocessor, or any suitable processing element. If the computing device is a multi-processor device, that is, the computing device includes multiple processors, the computing device includes the same or similar processors and is coupled and communicated through the bus. The processor can interpret a series of instructions that cause the computing device to perform particular operations or operations, such as mathematical operations, data comparisons, etc., to operate the operating system or execute various programs, modules, and/or components in the operating system.

計算設備的處理器可以與晶片組耦接或透過匯流排與晶片組電性連接。晶片組是由一個或多個積體電路(IC)組成,包含記憶體控制器以及周邊輸出入(I/O)控制器,也就是說,記憶體控制器以及周邊輸出入控制器可以包含在一個積體電路內,也可以使用兩個或更多的積體電路實現。晶片組通常提供了輸出入和記憶體管理功能、以及提供多個通用及/或專用暫存器、計時器等,其中,上述之通用及/或專用暫存器與計時器可以讓耦接或電性連接至晶片組的一個或多個處理器存取或使用。The processor of the computing device can be coupled to the chip set or electrically connected to the chip set through the bus bar. The chipset is composed of one or more integrated circuits (ICs), including a memory controller and a peripheral input/output (I/O) controller, that is, the memory controller and the peripheral output controller can be included in In an integrated circuit, two or more integrated circuits can also be used. The chipset typically provides input and memory management functions, as well as providing a plurality of general purpose and/or dedicated registers, timers, etc., wherein the general purpose and/or dedicated registers and timers are coupled or One or more processors electrically coupled to the chip set are accessed or used.

計算設備的處理器也可以透過記憶體控制器存取安裝於計算設備上的記憶體模組和大容量儲存區中的資料。上述之記憶體模組包含任何類型的揮發性記憶體(volatile memory)及/或非揮發性(non-volatile memory, NVRAM)記憶體,例如靜態隨機存取記憶體(SRAM)、動態隨機存取記憶體(DRAM)、快閃記憶體(Flash)、唯讀記憶體(ROM)等。上述之大容量儲存區可以包含任何類型的儲存裝置或儲存媒體,例如,硬碟機、光碟片、隨身碟(快閃記憶體)、記憶卡(memory card)、固態硬碟(Solid State Disk, SSD)、或任何其他儲存裝置等。也就是說,記憶體控制器可以存取靜態隨機存取記憶體、動態隨機存取記憶體、快閃記憶體、硬碟機、固態硬碟中的資料。The processor of the computing device can also access the data stored in the memory module and the large-capacity storage area of the computing device through the memory controller. The above memory module includes any type of volatile memory and/or non-volatile memory (NVRAM) memory, such as static random access memory (SRAM), dynamic random access. Memory (DRAM), flash memory (Flash), read-only memory (ROM), etc. The above-mentioned mass storage area may include any type of storage device or storage medium, such as a hard disk drive, a compact disc, a flash drive (flash memory), a memory card, and a solid state disk (Solid State Disk, SSD), or any other storage device, etc. That is to say, the memory controller can access data in the static random access memory, the dynamic random access memory, the flash memory, the hard disk drive, and the solid state hard disk.

計算設備的處理器也可以透過周邊輸出入控制器經由周邊輸出入匯流排與周邊輸出裝置、周邊輸入裝置、通訊介面、以及GPS接收器等周邊裝置或介面通訊連接。周邊輸入裝置可以是任何類型的輸入裝置,例如鍵盤、滑鼠、軌跡球、觸控板、搖桿等,周邊輸出裝置可以是任何類型的輸出裝置,例如顯示器、印表機等,周邊輸入裝置與周邊輸出裝置也可以是同一裝置,例如觸控螢幕等。通訊介面可以包含無線通訊介面及/或有線通訊介面,無線通訊介面可以包含支援Wi-Fi、Zigbee等無線區域網路、藍牙、紅外線、近場通訊(NFC)、3G/4G/5G等行動通訊網路或其他無線資料傳輸協定的介面,有線通訊介面可為乙太網路設備、非同步傳輸模式(ATM)設備、DSL數據機、纜線(Cable)數據機等。處理器可以週期性地輪詢(polling)各種周邊裝置與介面,使得計算設備能夠進行資料的輸入與輸出,也能夠與具有上述描述之元件的另一個計算設備進行通訊。The processor of the computing device can also communicate with the peripheral device or interface such as the peripheral output device, the peripheral input device, the communication interface, and the GPS receiver through the peripheral output/input bus through the peripheral output/input controller. The peripheral input device can be any type of input device, such as a keyboard, a mouse, a trackball, a trackpad, a rocker, etc., and the peripheral output device can be any type of output device, such as a display, a printer, etc., peripheral input device It can also be the same device as the peripheral output device, such as a touch screen. The communication interface can include a wireless communication interface and/or a wired communication interface, and the wireless communication interface can include a wireless communication network such as Wi-Fi, Zigbee, Bluetooth, infrared, near field communication (NFC), 3G/4G/5G, etc. The interface of the road or other wireless data transmission protocol, the wired communication interface can be an Ethernet device, an asynchronous transfer mode (ATM) device, a DSL data machine, a cable (data) data machine, and the like. The processor can periodically poll various peripheral devices and interfaces to enable the computing device to perform input and output of data, as well as to communicate with another computing device having the elements described above.

行動裝置120可以透過通訊介面使用有線或無線網路與應用主機111連接,並可以透過通訊介面使用行動通訊網路與電信伺服器130連接。行動裝置120透過通訊介面可以接收應用主機111及/或電信伺服器130所傳送的資料或訊號,並可以傳送資料或訊號給應用主機111及/或電信伺服器130。The mobile device 120 can be connected to the application host 111 via a communication interface using a wired or wireless network, and can be connected to the telecom server 130 via a communication interface using a mobile communication network. The mobile device 120 can receive data or signals transmitted by the application host 111 and/or the telecommunication server 130 through the communication interface, and can transmit data or signals to the application host 111 and/or the telecommunication server 130.

行動裝置120負責使用應用主機111所提供的應用服務,並負責在應用服務需要進行身份識別時,透過電信伺服器130完成身份識別。其中,本創作所提之應用服務通常為需要確認行動裝置120之使用者身份的服務,例如:網路下單、網路銀行、線上投保、報稅繳費等,但本創作並不以此為限。The mobile device 120 is responsible for using the application service provided by the application host 111 and is responsible for completing the identification through the telecommunications server 130 when the application service needs to be identified. The application service proposed by the present application is usually a service that needs to confirm the identity of the user of the mobile device 120, such as online ordering, online banking, online insurance, tax payment, etc., but the creation is not limited thereto. .

行動裝置120更可以如「第2圖」所示,包含資料取得模組220、通訊模組280,以及可附加的資料輸入模組240、驗證模組250、網路判斷模組260。在部分的實施例中,行動裝置120可以透過處理器執行身份識別元件200以產生並運行本創作所提之各模組。其中,身份識別元件200可以是單一的應用程式,也可以包含在應用程式中,成為組成應用程式的多個元件之一。As shown in FIG. 2, the mobile device 120 further includes a data acquisition module 220, a communication module 280, and an additional data input module 240, a verification module 250, and a network determination module 260. In some embodiments, the mobile device 120 can execute the identity recognition component 200 through the processor to generate and run the modules of the present authoring. The identification component 200 can be a single application or can be included in the application and become one of the multiple components that make up the application.

資料取得模組220負責取得裝置識別資料。更詳細的,資料取得模組220可以偵測行動裝置120的裝置識別資料。資料取得模組220所偵測的裝置識別資料通常為安裝於行動裝置120上之用戶身份模組(Subscriber Identity Module,簡稱SIM,在本創作中將以「SIM卡」表示)或內嵌式用戶身份模組(Embedded-SIM,在本創作中將以「eSIM卡」表示)中所記錄的資料,例如卡號或門號等,但本創作並不以此為限,資料取得模組220也可以偵測行動裝置120的序號或是安裝於行動裝置120中之處理晶片等特定硬體的序號等資料作為裝置識別資料。The data acquisition module 220 is responsible for obtaining device identification data. In more detail, the data acquisition module 220 can detect the device identification data of the mobile device 120. The device identification data detected by the data acquisition module 220 is usually a Subscriber Identity Module (SIM, referred to as "SIM card" in the present creation) installed on the mobile device 120 or an embedded user. The information recorded in the identity module (Embedded-SIM, which will be represented by "eSIM card" in this creation), such as the card number or the door number, etc., but the creation is not limited thereto, and the data acquisition module 220 can also The serial number of the mobile device 120 or the serial number of the specific hardware such as the processing chip mounted in the mobile device 120 is used as the device identification data.

資料取得模組220也負責取得使用者資料。更詳細的,資料取得模組220可以由行動裝置120的記憶體模組或大容量儲存區等記憶單元中讀出使用者已輸入的使用者資料。資料取得模組220所獲取的使用者資料包含行動裝置120所使用的門號以及使用者的身份識別資料,在部分的實施例中,使用者資料還可以包含使用者的生日,但本創作所提之使用者資料並不以上述為限,例如,使用者資料也可以包含性別、地址等。其中,本創作所提之身份識別資料通常為唯一值,也就是不同的使用者有不同的資料,包含但不限於使用者的身份證號、護照號碼等。The data acquisition module 220 is also responsible for obtaining user data. In more detail, the data acquisition module 220 can read the user data input by the user from the memory unit of the mobile device 120 or the memory unit such as the large-capacity storage area. The user data acquired by the data acquisition module 220 includes the door number used by the mobile device 120 and the identification data of the user. In some embodiments, the user data may further include the user's birthday, but the present invention The user data is not limited to the above. For example, the user data may also include gender, address, and the like. Among them, the identification information provided by the creation is usually a unique value, that is, different users have different information, including but not limited to the user's ID number, passport number, and the like.

在部分的實施例中,若行動裝置120上安裝兩張SIM卡,或安裝一張SIM卡與一張eSIM卡,則資料取得模組220可以偵測到兩個裝置識別資料,如此,當資料取得模組220可以提示使用者確認使用者資料中的門號與當前設定行動裝置120連接行動通訊網路所使用之SIM卡對應的門號一致,並在使用者確認後取得使用者資料,否則等待使用者修改使用者資料中的門號。例如,當行動裝置120上安裝一張SIM卡與一張eSIM卡,且行動裝置120使用SIM卡連接行動通訊網路時,資料取得模組220可以透過行動裝置120的周邊輸出裝置提示使用者確認使用者資料中的門號是否與SIM卡對應的門號一致。In some embodiments, if two SIM cards are installed on the mobile device 120, or a SIM card and an eSIM card are installed, the data acquisition module 220 can detect two device identification data, and thus, when the data is The obtaining module 220 can prompt the user to confirm that the door number in the user data is consistent with the door number corresponding to the SIM card used by the currently set mobile device 120 to connect to the mobile communication network, and obtain the user data after the user confirms, otherwise wait The user modifies the door number in the user profile. For example, when a SIM card and an eSIM card are installed on the mobile device 120, and the mobile device 120 is connected to the mobile communication network by using the SIM card, the data acquisition module 220 can prompt the user to confirm the use through the peripheral output device of the mobile device 120. Whether the door number in the data is consistent with the door number corresponding to the SIM card.

資料輸入模組240可以透過行動裝置120的周邊輸入裝置提供使用者輸入使用者資料。更詳細的說,資料輸入模組240可以提供輸入使用者資料的使用者介面,並可以將使用者所輸入的使用者資料儲存到行動裝置120的記憶體模組或大容量儲存區等記憶單元中。The data input module 240 can provide user input user data through the peripheral input device of the mobile device 120. In more detail, the data input module 240 can provide a user interface for inputting user data, and can store the user data input by the user to a memory module such as a memory module or a large-capacity storage area of the mobile device 120. in.

在部分的實施例中,若資料取得模組220偵測到兩個裝置識別資料,則當資料輸入模組240在提供使用者輸入使用者資料時,可以提示使用者在使用者資料中輸入與當前設定行動裝置120連接行動通訊網路所使用之SIM卡對應的門號。例如,當行動裝置120上安裝一張SIM卡與一張eSIM卡,且行動裝置120使用SIM卡連接行動通訊網路時,資料輸入模組240可以透過行動裝置120的周邊輸出裝置提示使用者在使用者資料中輸入與SIM卡對應的門號。In some embodiments, if the data acquisition module 220 detects two device identification data, when the data input module 240 provides the user input user data, the user may be prompted to input the user data. The currently set mobile device 120 is connected to the door number corresponding to the SIM card used by the mobile communication network. For example, when a SIM card and an eSIM card are installed on the mobile device 120, and the mobile device 120 is connected to the mobile communication network by using the SIM card, the data input module 240 can prompt the user to use the peripheral output device of the mobile device 120. Enter the door number corresponding to the SIM card in the profile.

驗證模組250可以透過裝置解鎖資料驗證使用者身份。其中,本創作所提之裝置解鎖資料可以是指紋、聲紋、人臉等生物資料,也可以是使用者設定的密碼或手勢,但本創作並不以上述為限。The verification module 250 can verify the identity of the user through the device unlocking data. The unlocking information of the device proposed by the present invention may be a biological data such as a fingerprint, a voiceprint, a human face, or a password or a gesture set by a user, but the creation is not limited to the above.

更詳細的說,驗證模組250可以依據執行於行動裝置120中之作業系統的類型與版本選擇透過裝置解鎖資料驗證使用者身份的方式,例如:驗證模組250可以選擇要求使用者透過行動裝置120的周邊輸入裝置輸入裝置解鎖資料,並呼叫執行於行動裝置120中之作業系統確認被輸入的裝置解鎖資料是否正確以驗證使用者身份;也可以選擇呼叫執行於行動裝置120中之作業系統所提供的螢幕解鎖應用程式介面以提供使用者輸入裝置解鎖資料,並透過螢幕解鎖應用程式介面判斷被輸入的裝置解鎖資料是否正確以驗證使用者身份;或可以選擇關閉螢幕等待使用者開啟螢幕並輸入裝置解鎖資料完成螢幕解鎖以確認使用者身份等,但驗證模組250的選擇驗證使用者身份的方式並不以上述為限。In more detail, the verification module 250 can select the manner of verifying the identity of the user through the device unlocking data according to the type and version of the operating system executed in the mobile device 120. For example, the verification module 250 can select the user to be required to use the mobile device. The peripheral input device of 120 inputs the device unlocking data, and calls the operating system executed in the mobile device 120 to confirm whether the input device unlocking data is correct to verify the identity of the user; or the call to execute the operating system in the mobile device 120 The screen unlocking application interface is provided to provide the user input device to unlock the data, and the screen unlocking application interface is used to judge whether the input device unlocking data is correct to verify the user identity; or the screen can be closed to wait for the user to open the screen and input The device unlocks the data to complete the screen unlocking to confirm the identity of the user, etc., but the manner in which the verification module 250 selects to verify the identity of the user is not limited to the above.

網路判斷模組260可以判斷行動裝置120當前是否選擇使用行動通訊網路進行通訊,並可以在判斷行動裝置120當前未選擇使用行動通訊網路時,例如當前使用如WiFi等無線區域網路時,透過行動裝置120的周邊輸出裝置提示使用者將行動裝置120改為使用行動通訊網路。The network judging module 260 can determine whether the mobile device 120 currently selects to use the mobile communication network for communication, and can determine when the mobile device 120 is not currently selected to use the mobile communication network, for example, when currently using a wireless local area network such as WiFi. The peripheral output device of the mobile device 120 prompts the user to change the mobile device 120 to use a mobile communication network.

在部分的實施例中,網路判斷模組260也可以在判斷行動裝置120當前未使用行動通訊網路時,透過行動裝置120的周邊輸出裝置提示使用者行動裝置120將改為使用行動通訊網路,並將行動裝置120切換為使用行動通訊網路。In some embodiments, the network determining module 260 may also prompt the user mobile device 120 to use the mobile communication network through the peripheral output device of the mobile device 120 when determining that the mobile device 120 is not currently using the mobile communication network. The mobile device 120 is switched to use a mobile communication network.

通訊模組280負責驅動行動裝置120上所安裝的SIM卡,藉以透過行動裝置120的通訊介面使用行動通訊網路與電信伺服器130連接。一般而言,通訊模組280在驅動SIM卡後,SIM卡可以依據所記錄之伺服器識別資料,透過通訊模組280與相對應的電信伺服器130建立連線,使得行動裝置120可以透過通訊介面連線到與SIM卡對應的電信伺服器130。The communication module 280 is responsible for driving the SIM card installed on the mobile device 120, thereby connecting to the telecom server 130 through the communication interface of the mobile device 120 using the mobile communication network. Generally, after the SIM card is driven by the communication module 280, the SIM card can establish a connection with the corresponding telecommunication server 130 through the communication module 280 according to the recorded server identification data, so that the mobile device 120 can communicate through the communication. The interface is wired to the telecommunications server 130 corresponding to the SIM card.

通訊模組280也負責透過行動裝置120的通訊介面將資料取得模組220所取得之裝置識別資料傳送到電信伺服器130,及接收電信伺服器130所傳送的許可信物(token)。其中,許可信物為電信伺服器130所產生的資料,將於說明電信伺服器130時進一步說明。The communication module 280 is also responsible for transmitting the device identification data obtained by the data acquisition module 220 to the telecommunication server 130 through the communication interface of the mobile device 120, and receiving the permission token transmitted by the telecommunication server 130. The license token is the data generated by the telecommunications server 130 and will be further described when the telecommunications server 130 is described.

通訊模組280也負責經由應用主機111將電信伺服器130傳回的許可信物以及資料取得模組220所取得的使用者資料傳送至電信伺服器130,也可以經由應用主機111接收電信伺服器130所傳送的身份辨識結果。一般而言,通訊模組280是透過行動裝置120的通訊介面使用行動通訊網路與應用主機111交換資料,但在部分的實施例中,通訊模組280也可以透過行動裝置120的通訊介面使用無線區域網路與應用主機111交換資料,如此,通訊模組280可以透過應用主機111將許可信物以及使用者資料傳送給電信伺服器130並接收電信伺服器130所傳送的身份辨識結果。The communication module 280 is also responsible for transmitting the license information returned by the telecommunication server 130 and the user data obtained by the data acquisition module 220 to the telecommunication server 130 via the application host 111, or receiving the telecommunication server 130 via the application host 111. The identity of the identity transmitted. In general, the communication module 280 exchanges data with the application host 111 through the communication interface of the mobile device 120. However, in some embodiments, the communication module 280 can also use the communication interface of the mobile device 120 to use wireless. The local area network exchanges data with the application host 111. Thus, the communication module 280 can transmit the license information and the user data to the telecommunication server 130 through the application host 111 and receive the identity recognition result transmitted by the telecommunication server 130.

應用主機111可以透過通訊介面使用有線或無線網路與身份識別主機112連接,也可以透過通訊介面提供行動裝置120使用有線或無線網路連接。其中,應用主機111透過通訊介面可以接收所連接之行動裝置120及/或身份識別主機112所傳送的資料或訊號,並可以傳送資料或訊號給所連接之行動裝置120及/或身份識別主機112。The application host 111 can connect to the identity host 112 via a communication interface using a wired or wireless network, or can provide a mobile device 120 via a communication interface using a wired or wireless network connection. The application host 111 can receive the data or signal transmitted by the connected mobile device 120 and/or the identity recognition host 112 through the communication interface, and can transmit the data or signal to the connected mobile device 120 and/or the identity recognition host 112. .

應用主機111負責提供應用服務給行動裝置120,並可以在行動裝置請求特定的作業時,要求行動裝置120進行身份識別,例如,在行動裝置120請求註冊時等。The application host 111 is responsible for providing application services to the mobile device 120, and may request the mobile device 120 to perform identification when the mobile device requests a specific job, for example, when the mobile device 120 requests registration.

應用主機111也負責接收行動裝置120所傳送的許可信物以及使用者資料,並將所接收到的許可信物以及使用者資料傳送給身份識別主機112。The application host 111 is also responsible for receiving the license information and user data transmitted by the mobile device 120, and transmitting the received license information and user data to the identity recognition host 112.

應用主機111也負責接收身份識別主機112所傳送的身份辨識結果,並依據所接收到的身份辨識結果選擇是否執行行動裝置120所請求的作業,也就是說,應用主機111可以在身份辨識結果表示身份辨識成功時,執行行動裝置120所請求的作業,並可以在身份辨識結果表示身份辨識失敗時,拒絕執行行動裝置120所請求的作業。The application host 111 is also responsible for receiving the identity recognition result transmitted by the identity recognition host 112, and selecting whether to perform the job requested by the mobile device 120 according to the received identity recognition result, that is, the application host 111 can represent the identity recognition result. When the identity recognition is successful, the job requested by the mobile device 120 is executed, and when the identity recognition result indicates that the identity recognition fails, the job requested by the mobile device 120 is refused.

身份識別主機112可以透過通訊介面使用有線或無線網路分別與應用主機111以及身份驗證伺服器113連接,也可以接收應用主機111及/或身份驗證伺服器113所傳送的資料或訊號,並可以傳送資料或訊號給應用主機111及/或身份驗證伺服器113。The identity host 112 can be connected to the application host 111 and the authentication server 113 via a communication interface using a wired or wireless network, or can receive data or signals transmitted by the application host 111 and/or the authentication server 113, and can The data or signal is transmitted to the application host 111 and/or the authentication server 113.

身份識別主機112負責接收應用主機111所傳送的許可信物以及使用者資料,並將所接收到的許可信物以及使用者資料傳送給身份驗證伺服器113。身份識別主機112也負責接收身份驗證伺服器113所傳送的身份辨識結果,並將所接收到的身份辨識結果傳送給應用主機111。The identity host 112 is responsible for receiving the license information and user data transmitted by the application host 111, and transmitting the received license information and user data to the identity verification server 113. The identity host 112 is also responsible for receiving the identity recognition result transmitted by the identity verification server 113 and transmitting the received identity recognition result to the application host 111.

身份驗證伺服器113可以透過通訊介面使用有線或無線網路分別與身份識別主機112以及電信伺服器130連接,也可以接收身份識別主機112及/或電信伺服器130所傳送的資料或訊號,並可以傳送資料或訊號給身份識別主機112及/或電信伺服器130。The authentication server 113 can be connected to the identity host 112 and the telecommunication server 130 via a communication interface using a wired or wireless network, or can receive data or signals transmitted by the identity host 112 and/or the telecommunication server 130. Data or signals can be transmitted to the identity host 112 and/or the telecommunications server 130.

身份驗證伺服器113負責接收身份識別主機112所傳送的許可信物以及使用者資料,並將所接收到的許可信物以及使用者資料傳送給電信伺服器130。身份驗證伺服器113也負責接收電信伺服器130所傳送的身份辨識結果,並將所接收到的身份辨識結果傳送給身份識別主機112。The authentication server 113 is responsible for receiving the license information and user data transmitted by the identity host 112, and transmitting the received license information and user data to the telecommunications server 130. The authentication server 113 is also responsible for receiving the identity recognition results transmitted by the telecommunications server 130 and transmitting the received identity recognition results to the identity recognition host 112.

在部分的實施例中,應用主機111、身份識別主機112、身份驗證伺服器113可以包含在服務伺服器110中,如「第1B圖」所示。其中,服務伺服器110可以包含應用主機111、身份識別主機112、以及身份驗證伺服器113等實體的計算設備,例如刀鋒伺服器等;服務伺服器110也可以是整合應用主機111對行動裝置120之所有功能以及身份驗證伺服器113對電信伺服器130之所有功能的伺服器。也就是說,服務伺服器110可以透過通訊介面使用有線或無線網路與電信伺服器130連接,也可以提供行動裝置120透過有線或無線網路連接。其中,服務伺服器110透過通訊介面可以接收所連接之行動裝置120及/或電信伺服器130所傳送的資料或訊號,並可以傳送資料或訊號給所連接之行動裝置120及/或電信伺服器130。如此,服務伺服器110可以提供行動裝置120應用服務,並可以將行動裝置120所傳送的許可信物與使用者資料傳送至電信伺服器130。In some embodiments, the application host 111, the identity host 112, and the authentication server 113 may be included in the service server 110, as shown in FIG. 1B. The service server 110 may include a computing device such as an application host 111, an identity host 112, and an authentication server 113, such as a blade server. The service server 110 may also be an integrated application host 111 to the mobile device 120. All of the functions and servers of the authentication server 113 for all functions of the telecommunications server 130. That is to say, the service server 110 can be connected to the telecommunications server 130 via a communication interface using a wired or wireless network, or the mobile device 120 can be connected via a wired or wireless network. The service server 110 can receive the data or signal transmitted by the connected mobile device 120 and/or the telecommunication server 130 through the communication interface, and can transmit the data or signal to the connected mobile device 120 and/or the telecommunication server. 130. As such, the service server 110 can provide the mobile device 120 application service and can transmit the license information and user data transmitted by the mobile device 120 to the telecommunications server 130.

另外,在部分的實施例中,也可以選擇整合應用主機111與身份識別主機112,使得行動裝置120將許可信物與使用者資料透過整合後的計算裝置與身份驗證伺服器傳送給電信伺服器130,或可以選擇整合身份識別主機112與身份驗證伺服器113,使得行動裝置120將許可信物與使用者資料透過應用主機111與整合後的計算裝置傳送給電信伺服器130,本創作不多加贅述。In addition, in some embodiments, the application host 111 and the identity host 112 may be integrated, so that the mobile device 120 transmits the license information and the user data to the telecommunication server 130 through the integrated computing device and the identity verification server. Alternatively, the identity identification host 112 and the identity verification server 113 may be integrated, so that the mobile device 120 transmits the license information and the user data to the telecommunication server 130 through the application host 111 and the integrated computing device, which is not described in detail herein.

電信伺服器130可以透過通訊介面使用行動通訊網路提供行動裝置120連接,也可以透過有線或無線網路與身份驗證伺服器113連接。電信伺服器130可以接收行動裝置120及/或身份驗證伺服器113所傳送的資料或訊號,並可以傳送資料或訊號給行動裝置120及/或身份驗證伺服器113。The telecommunications server 130 can provide a mobile device 120 connection via a communication interface using a mobile communication network, or can be connected to the authentication server 113 via a wired or wireless network. The telecommunications server 130 can receive data or signals transmitted by the mobile device 120 and/or the authentication server 113 and can transmit data or signals to the mobile device 120 and/or the authentication server 113.

電信伺服器130負責接收行動裝置120所傳送的裝置識別資料。在部分的實施例中,電信伺服器130可以判斷裝置識別資料是否為電信伺服器130所屬之電信單位或電信機關所發出,例如,電信單位或電信機關為電信公司時,電信伺服器130可以判斷所接收到的裝置識別資料是否被所屬電信公司預先建立之資料記錄所涵蓋(如資料記錄中記載裝置識別資料或資料記錄所記載之一段範圍包含裝置識別資料等),但本創作並不以此為限。電信伺服器130也可以在判斷裝置識別資料不為所屬之電信單位或電信機關所發出時,拒絕提供行動通訊的服務給行動裝置120。The telecommunications server 130 is responsible for receiving device identification data transmitted by the mobile device 120. In some embodiments, the telecommunications server 130 can determine whether the device identification data is sent by the telecommunications unit or the telecommunications authority to which the telecommunications server 130 belongs. For example, when the telecommunications unit or the telecommunications authority is a telecommunications company, the telecommunications server 130 can determine Whether the received device identification data is covered by the data record pre-established by the affiliated telecommunications company (if the device identification data or the data record records a section of the data record containing the device identification data, etc.), but the creation does not Limited. The telecommunications server 130 may also refuse to provide the mobile communication service to the mobile device 120 when it is determined that the device identification data is not issued by the associated telecommunications unit or telecommunications authority.

電信伺服器130也負責產生與所接收到之裝置識別資料對應的許可信物。一般而言,電信伺服器130所產生的許可信物為對特定資料進行特定編碼方式所產生的資料,通常是由一定數量的字母、數字、符號任意排列而成,且具有時間性。例如,許可信物可以是電信伺服器130對特定資料進行雜湊運算所產生的資料,其中,上述之特定資料包含但不限於裝置識別資料、與裝置識別資料對應之門號、與裝置識別資料對應之使用者的生日、電信伺服器130的伺服器識別資料及/或時間戳等項目,本創作並沒有特別的限制。當特定資料包含兩種或多種項目時,各種項目之間可以預定的順序或位置排列。The telecommunications server 130 is also responsible for generating a license token corresponding to the received device identification data. Generally, the license information generated by the telecom server 130 is generated by a specific encoding method for a specific data, and is usually arbitrarily arranged by a certain number of letters, numbers, and symbols, and is time-sensitive. For example, the license token may be data generated by the telecommunications server 130 performing a hash operation on the specific data, where the specific data includes but is not limited to the device identification data, the gate number corresponding to the device identification data, and the device identification data. There are no particular restrictions on the creation of the user's birthday, the server identification data of the telecommunications server 130, and/or the time stamp. When a particular material contains two or more items, the various items may be arranged in a predetermined order or position.

電信伺服器130也負責接收身份驗證伺服器113所傳送的許可信物以及使用者資料,並負責依據所接收到的許可信物及使用者資料產生身份辨識結果,並傳送身份辨識結果至服務伺服器110或身份驗證伺服器113。The telecom server 130 is also responsible for receiving the license information and user data transmitted by the identity verification server 113, and is responsible for generating an identity recognition result according to the received license information and user data, and transmitting the identity recognition result to the service server 110. Or the authentication server 113.

電信伺服器130可以依據所接收到的許可信物是否為電信伺服器130所產生、所接收到之使用者資料中的門號是否包含於電信伺服器130預先建立的資料記錄中、使用者資料中的門號是否與許可信物對應、及使用者資料中的門號是否與使用者資料中的身份識別資料對應進行判斷並可以在判斷後產生相對應的身份辨識結果。例如,電信伺服器130可以使用與產生許可信物相同的項目、排列順序/位置以及編碼方式,對所接收到之使用者資料中的門號(及使用者的生日)以及電信伺服器130的伺服器識別資料等資料進行編碼,並比對編碼後的資料以及許可信物,當兩者相同時,表示許可信物為電信伺服器130所產生且使用者資料中的門號與許可信物對應,反之,則表示許可信物不是電信伺服器130產生及/或使用者資料中的門號不與許可信物對應,但電信伺服器130判斷許可信物是否為電信伺服器130所產生及使用者資料中的門號是否與許可信物對應的方式並不以上述為限。其中,電信伺服器130在上述任一項目判斷為否時,可以產生表示辨識失敗的身份辨識結果;而當電信伺服器130在上述所有項目都判斷為是時,可以產生表示辨識成功的身份辨識結果。也就是說,當身份辨識結果表示身份辨識成功時,也就表示電信伺服器130判斷行動裝置120之使用者與電信伺服器130所記錄之資料相符,可以確認行動裝置120之使用者的身份;而當身份辨識結果表示身份辨識失敗時,表示電信伺服器130無法確認行動裝置之使用者的身份。The telecom server 130 may be configured according to whether the received license information is generated by the telecommunication server 130, and whether the door number in the received user data is included in the data record pre-established by the telecommunication server 130, and in the user profile. Whether the door number corresponds to the license letter, and whether the door number in the user data corresponds to the identification data in the user data, and can determine the corresponding identity recognition result after the judgment. For example, the telecommunications server 130 can use the same item, ranking/position, and encoding as the license token, the gate number (and the user's birthday) in the received user profile, and the servo of the telecommunications server 130. The device identification data and the like are encoded, and the encoded data and the license information are compared. When the two are the same, the permission letter is generated by the telecommunication server 130 and the door number in the user data corresponds to the license letter. The permission token is not generated by the telecommunication server 130 and/or the door number in the user profile does not correspond to the license token, but the telecommunication server 130 determines whether the license token is the door number generated by the telecommunication server 130 and in the user profile. The manner in which it corresponds to the license is not limited to the above. The telecommunication server 130 may generate an identity recognition result indicating that the identification fails when any of the foregoing items is negative; and when the telecommunication server 130 determines that the item is YES in all the items, the identity identification indicating that the identification is successful may be generated. result. That is, when the identity recognition result indicates that the identity identification is successful, it indicates that the telecommunication server 130 determines that the user of the mobile device 120 matches the data recorded by the telecommunication server 130, and can confirm the identity of the user of the mobile device 120; When the identity recognition result indicates that the identity recognition fails, it indicates that the telecommunication server 130 cannot confirm the identity of the user of the mobile device.

接著以一個實施例來解說本創作之系統的運作,並請參照「第3A圖」以裝置識別資料透過電信伺服器識別身份之流程圖。在本實施例中,假設行動裝置120為手機,且服務伺服器110由應用主機111、身份識別主機112、以及身份驗證伺服器113等計算設備組成,但本創作並不以此為限。Next, an embodiment will be used to illustrate the operation of the system of the present creation, and please refer to "3A" for a flowchart of identifying the identity of the device through the telecommunications server. In this embodiment, it is assumed that the mobile device 120 is a mobile phone, and the service server 110 is composed of a computing device such as the application host 111, the identity recognition host 112, and the identity verification server 113, but the present invention is not limited thereto.

當使用者操作行動裝置120開啟包含身份識別元件200之應用程式後,使用者可以操作行動裝置120執行應用程式中的各種功能。在本實施例中,假設應用程式為政府機關所提供的服務程式,使用者在使用應用程式中的特定功能前,需要先進行使用者註冊的作業。After the user operates the mobile device 120 to open the application including the identity component 200, the user can operate the mobile device 120 to perform various functions in the application. In this embodiment, it is assumed that the application is a service program provided by a government agency, and the user needs to perform a user registration operation before using the specific function in the application.

在使用者選擇執行應用程式中的註冊功能後,應用程式可以顯示個人資料的授權條款並詢問使用者是否同意,使用者在同意授權條款後,應用程式可以顯示輸入使用者資料的使用者介面。在本實施例中,假設使用者資料包含使用者在行動裝置120上所使用的門號、身份證號、生日、以及其他註冊時所需要的個人資料,例如,性別、電子郵件地址、戶籍地址、通信地址等。After the user chooses to execute the registration function in the application, the application can display the authorization terms of the personal data and ask the user whether or not to agree. After the user agrees to the authorization clause, the application can display the user interface for inputting the user data. In this embodiment, it is assumed that the user profile contains the door number, ID number, birthday, and other personal data required by the user on the mobile device 120, such as gender, email address, and household registration address. , communication address, etc.

在使用者完成使用者資料的輸入後,應用程式可以呼叫身份識別元件200,使得身份識別元件200開始執行,如此,身份識別元件200的資料取得模組220可以取得裝置識別資料以及使用者資料(步驟330)。在本實施例中,假設裝置識別資料為行動裝置120所安裝之SIM卡的卡號,則資料取得模組220可以讀取SIM卡的卡號,並可以取得使用者在使用者介面所輸入的使用者資料。After the user completes the input of the user profile, the application can call the identity component 200, so that the identity component 200 begins execution. Thus, the data acquisition module 220 of the identity component 200 can obtain the device identification data and the user profile ( Step 330). In this embodiment, if the device identification data is the card number of the SIM card installed by the mobile device 120, the data acquisition module 220 can read the card number of the SIM card and obtain the user input by the user in the user interface. data.

在身份識別元件200的資料取得模組220取得裝置識別資料以及使用者資料(步驟330)後,身份識別元件200的通訊模組280可以透過行動通訊網路傳送資料取得模組220所取得之裝置識別資料到電信伺服器130(步驟360)。After the data acquisition module 220 of the identity recognition component 200 obtains the device identification data and the user profile (step 330), the communication module 280 of the identity recognition component 200 can transmit the device identification obtained by the data acquisition module 220 through the mobile communication network. The data is sent to telecommunications server 130 (step 360).

在本實施例中,假設身份識別元件200包含驗證模組250,則在身份識別元件200的通訊模組280透過行動通訊網路傳送裝置識別資料到電信伺服器130(步驟360)前,驗證模組250可以先呼叫行動裝置120的作業系統所提供的應用程式介面(API),使得行動裝置120的作業系統要求行動裝置120的使用者輸入裝置解鎖資料並驗證使用者輸入的裝置解鎖資料(步驟340),藉以驗證使用者身份。通訊模組280可以在驗證模組250判斷裝置解鎖資料通過行動裝置120之作業系統的驗證後才傳送裝置識別資料至電信伺服器130(步驟360)。需要說明的是,身份識別元件200的資料取得模組220與驗證模組250並沒有執行先後次序的關係,但一般而言,驗證模組250通常可以在身份識別元件200的資料取得模組220取得裝置識別資料以及使用者資料(步驟330)後,才呼叫行動裝置120的作業系統,使得行動裝置120的作業系統判斷使用者輸入的裝置解鎖資料是否通過驗證(步驟340)。In this embodiment, assuming that the identity component 200 includes the verification module 250, the verification module is used before the communication module 280 of the identity component 200 transmits the device identification information to the telecommunications server 130 (step 360). 250 may first call an application interface (API) provided by the operating system of the mobile device 120, such that the operating system of the mobile device 120 requires the user input device of the mobile device 120 to unlock the data and verify the device unlocking data input by the user (step 340). ) to verify the identity of the user. The communication module 280 can transmit the device identification data to the telecommunications server 130 after the verification module 250 determines that the device unlock data has passed the verification of the operating system of the mobile device 120 (step 360). It should be noted that the data acquisition module 220 and the verification module 250 of the identity component 200 do not have a sequential relationship. Generally, the verification module 250 can generally be in the data acquisition module 220 of the identity component 200. After the device identification data and the user data are acquired (step 330), the operating system of the mobile device 120 is called, so that the operating system of the mobile device 120 determines whether the device unlocking data input by the user passes the verification (step 340).

在身份識別元件200的通訊模組280透過行動通訊網路傳送裝置識別資料到電信伺服器130(步驟360)後,電信伺服器130可以傳送許可信物至行動裝置120(步驟370)。在本實施例中,假設電信伺服器130在接收到行動裝置120所傳送的裝置識別資料後,可以判斷所接收到的裝置識別資料是否由電信伺服器130所屬的電信公司所發出,也就是判斷所接收到的裝置識別資料是否包含於電信伺服器130所屬的電信公司預先建立之資料記錄中,若是,則可以產生許可信物並將所產生的許可信物傳回行動裝置120;而若電信伺服器130判斷所接收到的裝置識別資料未包含於預先建立之資料記錄中,則可以不產生許可信物或拒絕傳回許可信物。After the communication module 280 of the identity component 200 transmits the device identification information to the telecommunications server 130 via the mobile communication network (step 360), the telecommunications server 130 can transmit the license token to the mobile device 120 (step 370). In this embodiment, after the telecom server 130 receives the device identification data transmitted by the mobile device 120, it can determine whether the received device identification data is sent by the telecommunication company to which the telecommunication server 130 belongs, that is, the telecommunication server 130 Whether the received device identification data is included in a pre-established data record of the telecommunications company to which the telecommunications server 130 belongs, and if so, the license information may be generated and the generated license information is transmitted back to the mobile device 120; and if the telecommunications server 130. If it is determined that the received device identification data is not included in the pre-established data record, the license information may not be generated or the permission letter may be refused.

在身份識別元件200的通訊模組280透過行動通訊網路接收到電信伺服器130所傳送的許可信物後,通訊模組280可以經由服務伺服器110將接收自電信伺服器130的許可信物以及資料取得模組220所取得的使用者資料傳送到電信伺服器130(步驟380)。在本實施例中,也就是通訊模組280將許可信物以及使用者資料傳送給應用主機111,並由身份識別主機112透過身份驗證伺服器113將應用主機111所接收到的許可信物以及使用者資料轉送給電信伺服器130。After the communication module 280 of the identity recognition component 200 receives the license information transmitted by the telecommunication server 130 through the mobile communication network, the communication module 280 can obtain the license information and the data received from the telecommunication server 130 via the service server 110. The user data obtained by the module 220 is transmitted to the telecommunications server 130 (step 380). In this embodiment, the communication module 280 transmits the license information and the user data to the application host 111, and the identification host 112 receives the license information and the user received by the application host 111 through the identity verification server 113. The data is forwarded to the telecommunications server 130.

在電信伺服器130接收到行動裝置120所傳送的許可信物以及使用者資料後,電信伺服器130可以依據所接收到的許可信物以及使用者資料產生身份辨識結果。在本實施例中,假設電信伺服器130可以先判斷所接收到的許可信物是否為電信伺服器130所產生,若否,則電信伺服器130可以產生表示辨識失敗的身份辨識結果;若是,電信伺服器130可以接著判斷所接收到之使用者資料中的門號是否包含於預先建立之資料記錄中,若否,則電信伺服器130可以產生表示辨識失敗的身份辨識結果;若是,電信伺服器130可以繼續判斷使用者資料中的門號是否與許可信物對應,若否,則電信伺服器130可以產生表示辨識失敗的身份辨識結果;若是,電信伺服器130再判斷門號與使用者資料中的身份識別資料是否對應,若否,則電信伺服器130可以產生表示辨識失敗的身份辨識結果;若是,電信伺服器130可以產生表示辨識成功的身份辨識結果。After the telecom server 130 receives the license information and the user data transmitted by the mobile device 120, the telecommunication server 130 can generate an identity recognition result according to the received license information and the user data. In this embodiment, it is assumed that the telecommunication server 130 can first determine whether the received license information is generated by the telecommunication server 130. If not, the telecommunication server 130 can generate an identity recognition result indicating that the identification fails; if yes, the telecommunication The server 130 can then determine whether the door number in the received user profile is included in the pre-established data record. If not, the telecommunication server 130 can generate an identity recognition result indicating that the identification failed; if yes, the telecommunication server 130 may continue to determine whether the door number in the user data corresponds to the license information. If not, the telecommunication server 130 may generate an identity recognition result indicating that the identification fails; if yes, the telecommunication server 130 determines the door number and the user data again. Whether the identity data corresponds to, if not, the telecommunications server 130 can generate an identity recognition result indicating that the identification failed; if so, the telecommunications server 130 can generate an identity recognition result indicating that the identification is successful.

在電信伺服器130依據所接收到的許可信物以及使用者資料產生身份辨識結果後,可以將所產生的身份辨識結果傳送給服務伺服器110(步驟390)。在本實施例中,電信伺服器130可以將身份辨識結果傳送給身份驗證伺服器113,並由身份識別主機112將身份驗證伺服器113所接收到的身份辨識結果轉送給應用主機111,使得應用主機111可以依據身份辨識結果選擇是否完成行動裝置120所請求的註冊作業。當身份辨識結果表示辨識失敗時,應用主機111可以判斷使用者資料中的門號並非由與使用者資料中之身份證號對應的使用者所使用,因此可以認定使用者的資料有誤,拒絕行動裝置120的註冊作業;而當身份辨識結果表示辨識成功時,應用主機111可以判斷使用者資料中的門號確實由與使用者資料中之身份證號對應的使用者所使用,因此,可以認定使用者身份為真,如此,應用主機111可以完成行動裝置120的註冊作業,也就是將使用者資料寫入會員資料庫中。如此,透過本創作,服務伺服器110便可以透過電信伺服器130取得行動裝置120的身份辨識結果,藉以透過使用者資料的正確性確認使用者的身份。After the telecom server 130 generates the identity recognition result according to the received permission token and the user profile, the generated identity recognition result may be transmitted to the service server 110 (step 390). In this embodiment, the telecom server 130 can transmit the identity identification result to the identity verification server 113, and the identity recognition host 112 forwards the identity recognition result received by the identity verification server 113 to the application host 111, so that the application The host 111 can select whether to complete the registration operation requested by the mobile device 120 according to the identity recognition result. When the identification result indicates that the identification fails, the application host 111 can determine that the door number in the user data is not used by the user corresponding to the ID number in the user data, so the user's data may be determined to be incorrect, and the user is denied The registration operation of the mobile device 120; and when the identification result indicates that the identification is successful, the application host 111 can determine that the door number in the user data is actually used by the user corresponding to the identification number in the user profile, and therefore, The user identity is determined to be true. Thus, the application host 111 can complete the registration operation of the mobile device 120, that is, the user data is written into the member database. In this way, the service server 110 can obtain the identity identification result of the mobile device 120 through the telecommunication server 130, thereby confirming the identity of the user through the correctness of the user data.

上述實施例中,若身份識別元件200還包含網路判斷模組260,則如「第3B圖」之流程所示,在身份識別元件200的資料取得模組220可以取得裝置識別資料以及使用者資料(步驟330)前,網路判斷模組260可以先判斷行動裝置120是否使用行動通訊網路(步驟321),若網路判斷模組260判斷行動裝置120當前使用行動通訊網路,則資料取得模組220可以取得裝置識別資料以及使用者資料(步驟330);而若網路判斷模組260判斷行動裝置120當前並非使用行動通訊網路,例如判斷當前使用WiFi等無線區域網路,則網路判斷模組260可以提示使用者將行動裝置120設定為使用行動通訊網路(步驟325),或可以直接關閉行動裝置120的無線區域網路功能,藉以將行動裝置120設定為使用行動通 訊網路。In the above embodiment, if the identity recognition component 200 further includes the network determination module 260, the data acquisition module 220 of the identity recognition component 200 can obtain the device identification data and the user as shown in the flow of "FIG. 3B". Before the data (step 330), the network determining module 260 may first determine whether the mobile device 120 uses the mobile communication network (step 321). If the network determining module 260 determines that the mobile device 120 currently uses the mobile communication network, the data acquisition module The group 220 can obtain the device identification data and the user data (step 330); and if the network determining module 260 determines that the mobile device 120 is not currently using the mobile communication network, for example, determining that the wireless local area network such as WiFi is currently used, the network determines The module 260 can prompt the user to set the mobile device 120 to use the mobile communication network (step 325), or can directly disable the wireless local area network function of the mobile device 120, thereby setting the mobile device 120 to use the mobile communication network.

另外,上述實施例中,若身份識別元件200還包含資料輸入模組240,則包含身份識別元件200的應用程式可以在使用者選擇執行註冊功能後,由資料輸入模組240提供使用者輸入使用者資料,使得身份識別元件200的資料取得模組220可以取得裝置識別資料以及使用者資料(步驟330)。其中,在資料取得模組220可以取得裝置識別資料以及使用者資料(步驟330)時,資料取得模組220可以如「第3C圖」之流程所示,先判斷是否偵測到兩個或兩個以上的裝置識別資料(步驟311),若否,則資料取得模組220可以直接取得裝置識別資料以及使用者資料(步驟330);而若資料取得模組220偵測到多個裝置識別資料,則資料取得模組220可以提示使用者在使用者資料中輸入與行動裝置120用來使用之行動通訊網路之SIM卡對應的門號(步驟315),並在使用者確認後取得裝置識別資料以及使用者資料(步驟330)。In addition, in the foregoing embodiment, if the identity recognition component 200 further includes the data input module 240, the application including the identity recognition component 200 can provide user input by the data input module 240 after the user selects to perform the registration function. The data is such that the data acquisition module 220 of the identification component 200 can obtain device identification data and user data (step 330). When the data acquisition module 220 can obtain the device identification data and the user data (step 330), the data acquisition module 220 can first determine whether two or two are detected, as shown in the flow of "3C". More than one device identification data (step 311), if not, the data acquisition module 220 can directly obtain device identification data and user data (step 330); and if the data acquisition module 220 detects multiple device identification data The data obtaining module 220 can prompt the user to input the door number corresponding to the SIM card of the mobile communication network used by the mobile device 120 in the user data (step 315), and obtain the device identification data after the user confirms. And user profile (step 330).

綜上所述,可知本創作與先前技術之間的差異在於具有行動裝置透過行動通訊網路傳送裝置識別資料至電信伺服器並接收電信伺服器所傳回的許可信物後,經由服務伺服器傳送許可信物以及使用者資料至電信伺服器,電信伺服器依據許可信物及使用者資料產生身份辨識結果並傳送身份辨識結果給服務伺服器之技術手段,藉由此一技術手段可以解決先前技術所存在行動裝置不易連接硬體載具以辨識使用者身份的問題,進而達成單獨使用行動裝置完成身份辨識的技術功效。In summary, it can be seen that the difference between the present creation and the prior art is that the mobile device transmits the license via the service server after the mobile device transmits the identification data to the telecommunication server through the mobile communication network and receives the license information returned by the telecommunication server. The technical means that the telecommunication agent and the user data are sent to the telecommunication server, the telecommunication server generates the identification result based on the license information and the user data, and transmits the identification result to the service server, thereby solving the prior art action by using a technical means The device is not easy to connect with the hardware carrier to identify the user's identity, thereby achieving the technical effect of using the mobile device to complete the identification.

再者,本創作之以裝置識別資料透過電信伺服器識別身份之系統,亦可在電腦系統中以集中方式實現或以不同元件散佈於若干互連之電腦系統的分散方式實現。Furthermore, the system for identifying the identity of the device identification information through the telecommunications server can also be implemented in a centralized manner in a computer system or in a decentralized manner in which different components are interspersed among several interconnected computer systems.

雖然本創作所揭露之實施方式如上,惟所述之內容並非用以直接限定本創作之專利保護範圍。任何本創作所屬技術領域中具有通常知識者,在不脫離本創作所揭露之精神和範圍的前提下,對本創作之實施的形式上及細節上作些許之更動潤飾,均屬於本創作之專利保護範圍。本創作之專利保護範圍,仍須以所附之申請專利範圍所界定者為準。Although the embodiments disclosed in the present disclosure are as above, the contents are not intended to directly limit the scope of the patent protection of the present invention. Anyone who has the usual knowledge in the technical field of this creation, without any departure from the spirit and scope disclosed in this creation, makes some modifications to the form and details of the implementation of this creation, which are the patent protection of this creation. range. The scope of patent protection of this creation must be determined by the scope of the attached patent application.

110‧‧‧服務伺服器110‧‧‧Service Server

111‧‧‧應用主機 111‧‧‧Application host

112‧‧‧身份識別主機 112‧‧‧identification host

113‧‧‧身份驗證伺服器 113‧‧‧Authentication Server

120‧‧‧行動裝置 120‧‧‧Mobile devices

130‧‧‧電信伺服器 130‧‧‧Telecom server

200‧‧‧身份識別元件 200‧‧‧identification component

220‧‧‧資料取得模組 220‧‧‧ Data Acquisition Module

240‧‧‧資料輸入模組 240‧‧‧Data input module

250‧‧‧驗證模組 250‧‧‧ verification module

260‧‧‧網路判斷模組 260‧‧‧Network Judgment Module

280‧‧‧通訊模組 280‧‧‧Communication Module

步驟311‧‧‧行動裝置判斷是否取得多個裝置識別資料 Step 311‧‧‧ The mobile device determines whether to obtain multiple device identification data

步驟315‧‧‧行動裝置提示輸入與行動通訊網路對應之裝置識別資料對應之門號 Step 315‧‧‧ The mobile device prompts to input the gate number corresponding to the device identification data corresponding to the mobile communication network

步驟321‧‧‧行動裝置判斷是否使用行動通訊網路 Step 321‧‧‧Mobile device determines whether to use the mobile communication network

步驟325‧‧‧行動裝置提示改用行動通訊網路 Step 325‧‧‧Mobile device prompts to switch to mobile communication network

步驟330‧‧‧行動裝置取得裝置識別資料及使用者資料 Step 330‧‧‧Mobile device acquisition device identification data and user data

步驟340‧‧‧行動裝置判斷裝置解鎖資料是否通過驗證 Step 340‧‧‧ The mobile device determines whether the device unlocks the data or not

步驟360‧‧‧行動裝置透過行動通訊網路傳送裝置識別資料至電信伺服器 Step 360‧‧‧ Mobile device transmits device identification data to the telecommunication server via the mobile communication network

步驟370‧‧‧電信伺服器傳送許可信物至行動裝置 Step 370‧‧‧Telecommunication server transmits the license letter to the mobile device

步驟380‧‧‧行動裝置經由服務伺服器傳送許可信物與使用者資料至電信伺服器 Step 380‧‧‧ The mobile device transmits the license information and user data to the telecommunication server via the service server

步驟390‧‧‧電信伺服器依據許可信物及使用者資料產生身份辨識結果,並傳送身份辨識結果至服務伺服器 Step 390‧‧‧ The telecom server generates an identity identification result based on the license token and the user data, and transmits the identity identification result to the service server

第1A圖為本創作所提之以裝置識別資料透過電信伺服器識別身份之系統架構圖。 第1B圖為本創作所提之另一種以裝置識別資料透過電信伺服器識別身份之系統架構圖。 第2圖為本創作所提之行動裝置之元件示意圖。 第3A圖為本創作實施例所提之以裝置識別資料透過電信伺服器識別身份之流程圖。 第3B圖為本創作實施例所提之提示切換網路之流程圖。 第3C圖為本創作實施例所提之提示輸入用以使用行動通訊網路之門號之流程圖。Figure 1A is a system architecture diagram of the identification of device identification data through a telecom server. FIG. 1B is another system architecture diagram of the identification of the device identification data through the telecommunication server. Figure 2 is a schematic diagram of the components of the mobile device proposed by the author. FIG. 3A is a flow chart of identifying the identity of the device identification data through the telecommunication server according to the embodiment of the present invention. FIG. 3B is a flow chart of the prompt switching network proposed in the creative embodiment. FIG. 3C is a flow chart of prompting the input of the door number of the mobile communication network by the prompting of the present embodiment.

Claims (9)

一種以裝置識別資料透過電信伺服器識別身份之系統,該系統至少包含: 一服務伺服器; 一電信伺服器,與該服務伺服器連接;及 一行動裝置,用以執行一身份識別元件,該身份識別元件包含: 一資料取得模組,用以獲取一使用者資料及一裝置識別資料;及 一通訊模組,用以透過行動通訊網路傳送該裝置識別資料至該電信伺服器,並接收該電信伺服器所傳送之一許可信物,及用以透過行動通訊網路經由該服務伺服器傳送該許可信物與該使用者資料至該電信伺服器,使該電信伺服器依據該許可信物及該使用者資料產生一身份辨識結果,並傳送該身份辨識結果至該服務伺服器。A system for identifying an identity by means of a device identification data through a telecommunications server, the system comprising: at least: a service server; a telecommunications server coupled to the service server; and a mobile device for executing an identity component, The identification component includes: a data acquisition module for acquiring a user data and a device identification data; and a communication module for transmitting the device identification data to the telecommunication server through the mobile communication network, and receiving the a license message transmitted by the telecommunications server, and configured to transmit the license information and the user data to the telecommunications server via the service server via the service communication network, so that the telecommunications server is based on the license information and the user The data generates an identity recognition result and transmits the identity recognition result to the service server. 如申請專利範圍第1項所述之以裝置識別資料透過電信伺服器識別身份之系統,其中該身份識別元件更包含一網路判斷模組,用以判斷該行動裝置當前是否使用行動通訊網路。The system for identifying an identity of a device identification data through a telecommunications server, as described in claim 1, wherein the identification component further includes a network judging module for determining whether the mobile device currently uses the mobile communication network. 如申請專利範圍第2項所述之以裝置識別資料透過電信伺服器識別身份之系統,其中該網路判斷模組更用以於判斷該行動裝置當前未使用行動通訊網路時,提示改用行動通訊網路及/或設定該行動裝置使用行動通訊網路。The system for identifying an identity of a device identification data through a telecommunications server, as described in claim 2, wherein the network determination module is further configured to determine that the mobile device does not currently use the mobile communication network, prompting to use the action The communication network and/or the mobile device is set up to use the mobile communication network. 如申請專利範圍第1項所述之以裝置識別資料透過電信伺服器識別身份之系統,其中該身份識別元件更包含一驗證模組,用以提供輸入一裝置解鎖資料並驗證該裝置解鎖資料。A system for identifying an identity of a device identification data through a telecommunications server, as described in claim 1, wherein the identification component further includes a verification module for providing input to a device to unlock the data and verifying the device to unlock the data. 如申請專利範圍第1項所述之以裝置識別資料透過電信伺服器識別身份之系統,其中該資料取得模組更用以於取得該裝置識別資料外之其他裝置識別資料時,提示於該使用者資料中輸入與該裝置識別資料對應之門號。The system for identifying the identity of the device identification data through the telecommunication server according to the first aspect of the patent application, wherein the data acquisition module is further used for prompting the use of the device identification data other than the device identification data. Enter the door number corresponding to the device identification data in the user data. 如申請專利範圍第1項所述之以裝置識別資料透過電信伺服器識別身份之系統,其中該資料取得模組是讀取使用者所輸入之該使用者資料以取得該使用者資料。A system for identifying an identity of a device identification data through a telecommunications server, as described in claim 1, wherein the data acquisition module reads the user data input by the user to obtain the user profile. 如申請專利範圍第1項所述之以裝置識別資料透過電信伺服器識別身份之系統,其中該電信伺服器更用以判斷該裝置識別資料是否包含於預先建立之資料記錄中。The system for identifying an identity of a device identification data through a telecommunications server, as described in claim 1, wherein the telecom server is further configured to determine whether the device identification data is included in a pre-established data record. 如申請專利範圍第1項所述之以裝置識別資料透過電信伺服器識別身份之系統,其中該電信伺服器是判斷該許可信物為該電信伺服器產生、該使用者資料中之一門號包含於預先建立之資料記錄中、該門號與該許可信物對應、及該門號與該使用者資料中之一身份識別資料對應以判斷該許可信物正確且該使用者資料正確。A system for identifying an identity of a device identification data through a telecommunications server, as described in claim 1, wherein the telecommunications server determines that the license token is generated by the telecommunications server, and a gate number of the user profile is included in In the pre-established data record, the door number corresponds to the license letter, and the door number corresponds to one of the user data in the user data to determine that the license letter is correct and the user data is correct. 如申請專利範圍第1項所述之以裝置識別資料透過電信伺服器識別身份之系統,其中該服務伺服器更包含應用主機、身份識別主機、及身份驗證伺服器。A system for identifying an identity of a device identification data through a telecommunications server, as described in claim 1, wherein the service server further includes an application host, an identity host, and an authentication server.
TW108204773U 2019-04-18 2019-04-18 System for identifying identity through telecommunication server by identification data device TWM580206U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW108204773U TWM580206U (en) 2019-04-18 2019-04-18 System for identifying identity through telecommunication server by identification data device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW108204773U TWM580206U (en) 2019-04-18 2019-04-18 System for identifying identity through telecommunication server by identification data device

Publications (1)

Publication Number Publication Date
TWM580206U true TWM580206U (en) 2019-07-01

Family

ID=68049888

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108204773U TWM580206U (en) 2019-04-18 2019-04-18 System for identifying identity through telecommunication server by identification data device

Country Status (1)

Country Link
TW (1) TWM580206U (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI777105B (en) * 2019-11-21 2022-09-11 臺灣網路認證股份有限公司 System for obtaining additional data when identifying to execute operation and method thereof
TWI780341B (en) * 2019-07-02 2022-10-11 臺灣網路認證股份有限公司 System for using network identification to identify via telecommunication server and method thereof

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI780341B (en) * 2019-07-02 2022-10-11 臺灣網路認證股份有限公司 System for using network identification to identify via telecommunication server and method thereof
TWI777105B (en) * 2019-11-21 2022-09-11 臺灣網路認證股份有限公司 System for obtaining additional data when identifying to execute operation and method thereof

Similar Documents

Publication Publication Date Title
US20230334476A1 (en) Using a contactless card to securely share personal data stored in a blockchain
US10664587B1 (en) Setting an authorization level at enrollment
TWI754811B (en) System for using device identification to identify via telecommunication server and method thereof
TWM580206U (en) System for identifying identity through telecommunication server by identification data device
TWM539668U (en) System for opening account online and applying for mobile banking
TWM592629U (en) System to obtain appended data and execute corresponding operation when identity is confirmed
TWM586494U (en) ID recognition system using network identification data through telecommunication server
TWI754812B (en) System for using a device identification to log in via telecommunication server and method thereof
TWI780341B (en) System for using network identification to identify via telecommunication server and method thereof
TWM580207U (en) System for logging in through telecommunication server by identification data device
TWI704796B (en) System for using network identification to sign in service server via telecommunication server and method thereof
TWM586390U (en) A system for performing identity verification according to the service instruction to execute the corresponding service
TWM576681U (en) Computing device validating user identity during signing
TWM588313U (en) System for confirming user identity through financial account information
TW202018626A (en) System for verifying user identity when processing digital signature and method thereof
TWI777105B (en) System for obtaining additional data when identifying to execute operation and method thereof
TWI729535B (en) System for using financial account to confirm identity and method thereof
TWI790495B (en) System for driving smart card by third-party device for identity verification and method thereof
TWI691859B (en) System for identifying according to instruction to execute service and method thereof
TWI746920B (en) System for using certificate to verify identity from different domain through portal and method thereof
TWI757925B (en) System for making two applications run simultaneously by calling input program and method thereof
TWM586495U (en) System using network identification data for login through telecommunication server
TWI792010B (en) System for using automation machine to scan barcode and verify identity for applying account and method thereof
US20230169596A1 (en) Systems and techniques for authenticating insurance claims
TW202125294A (en) System for combining architectures of fido and pki to identity user and method thereof

Legal Events

Date Code Title Description
MM4K Annulment or lapse of a utility model due to non-payment of fees