TWM586390U - A system for performing identity verification according to the service instruction to execute the corresponding service - Google Patents

A system for performing identity verification according to the service instruction to execute the corresponding service Download PDF

Info

Publication number
TWM586390U
TWM586390U TW108209736U TW108209736U TWM586390U TW M586390 U TWM586390 U TW M586390U TW 108209736 U TW108209736 U TW 108209736U TW 108209736 U TW108209736 U TW 108209736U TW M586390 U TWM586390 U TW M586390U
Authority
TW
Taiwan
Prior art keywords
server
service
identity
data
mobile device
Prior art date
Application number
TW108209736U
Other languages
Chinese (zh)
Inventor
連子清
陳仕峰
Original Assignee
臺灣網路認證股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 臺灣網路認證股份有限公司 filed Critical 臺灣網路認證股份有限公司
Priority to TW108209736U priority Critical patent/TWM586390U/en
Publication of TWM586390U publication Critical patent/TWM586390U/en

Links

Abstract

一種依服務指令進行身份確認以執行對應服務之系統,其透過行動裝置在服務伺服器要求進行身份確認時,傳送與身份確認之類型對應的服務指令給服務伺服器,服務伺服器依身份確認之類型選擇連線方式,並依所選的連線方式傳送服務指令中的識別資料及使用者資料至電信伺服器,使電信伺服器驗證識別資料及使用者資料而產生驗證結果,並傳送驗證結果至服務伺服器,服務伺服器在驗證結果表示通過驗證時,依據使用者資料執行與身份確認之類型對應的作業之技術手段,可達成單獨使用行動裝置完成身份辨識的技術功效。A system for performing identity confirmation according to a service instruction to perform corresponding services. When a service server requests identity confirmation through a mobile device, it sends a service instruction corresponding to the type of identity confirmation to the service server, and the service server confirms the identity by Select the connection method for the type, and send the identification data and user data in the service instruction to the telecommunication server according to the selected connection method, so that the telecommunication server verifies the identification data and user data to generate a verification result, and sends the verification result To the service server, when the verification result indicates that the verification is passed, the service server performs technical operations corresponding to the type of identity confirmation according to the user data, and can achieve the technical effect of using the mobile device alone to complete the identity identification.

Description

依服務指令進行身份確認以執行對應服務之系統System for confirming identity according to service instruction to execute corresponding service

一種服務執行系統,特別係指一種依服務指令進行身份確認以執行對應服務之系統。 A service execution system, in particular, refers to a system that performs identity verification in accordance with service instructions to perform corresponding services.

近年來,由於通訊及網路相關產業的高度發展,人們對各種服務電子化與行動化的需求日益升高,這樣的需求也反映在金融業與政府公部門上,舉例來說,券商、銀行、保險公司、投顧公司、政府單位除了提供網路服務之外,也開始提供行動應用程式(APP),使用者可以使用手機或平板等各種的行動裝置執行行動應用程式,行動應用程式通過網際網路連線到對應的服務伺服器(或稱為應用主機)後,使用者可以操作行動裝置進行證券交易、轉帳、投保、申請文件等行動服務。如此,使用者可以不需要離開所在位置,即可進行所需的行動服務。 In recent years, due to the rapid development of the communications and Internet-related industries, the demand for electronic and mobile services has been increasing. This demand is also reflected in the financial industry and government departments. For example, brokers, banks In addition to providing Internet services, insurance companies, investment consulting companies, and government units have also begun to provide mobile applications (APPs). Users can use various mobile devices such as mobile phones or tablets to run mobile applications. After the network is connected to the corresponding service server (or called the application host), the user can operate the mobile device to perform mobile services such as securities transactions, transfers, insurance, application documents, etc. In this way, the user can perform the required mobile service without leaving the location.

使用者在使用網路服務或行動服務時,通常需要先進行身份辨識。目前,透過網路進行身份辨識的方式,大多需要使用硬體載具來辨識使用者的身份,例如,使用特定的USB隨身碟或智慧卡(晶片卡)儲存使用者的憑證資料,藉以在使用者進行行動服務時,透過連接儲存憑證資料的USB隨身碟或智慧卡來進行身份辨識。 When users use online or mobile services, they usually need to be identified first. At present, most of the methods for identifying through the network require the use of a hardware carrier to identify the user's identity. For example, a specific USB flash drive or smart card (chip card) is used to store the user's credential data for use. When carrying out mobile services, the identity is identified by connecting a USB flash drive or a smart card that stores credential data.

然而,使用硬體載具來辨識使用者身份的方式,大多只能在電腦上進行,主要原因是硬體載具需要透過USB等連接插槽與電腦連接,或透過如讀卡機等外接裝置讀取,但目前的行動裝置大多沒有設置可以與硬體載具連接的連接插槽,或使用者需另備外接裝置讀取硬體載具,因此,大部分的行動裝置並無法連接硬體載具,如此,導致使用者無法使用行動裝置進行身份辨識,以至於無法使用行動服務,造成使用者的不便。 However, most of the methods of using hardware carriers to identify users can only be performed on a computer. The main reason is that the hardware carriers need to be connected to the computer through a connection slot such as a USB or an external device such as a card reader. Read, but most current mobile devices do not have a connection slot that can be connected to the hardware carrier, or the user needs to prepare an external device to read the hardware carrier. Therefore, most mobile devices cannot connect to the hardware. Vehicles, as a result, users cannot use mobile devices for identification, so that they cannot use mobile services, causing inconvenience to users.

綜上所述,可知先前技術中長期以來一直存在行動裝置不易連接硬體載具以辨識使用者身份的問題,因此有必要提出改進的技術手段,來解決此一問題。 In summary, it can be known that in the prior art, there has been a problem that mobile devices cannot easily connect to a hardware carrier to identify a user's identity for a long time. Therefore, it is necessary to propose improved technical means to solve this problem.

有鑒於先前技術存在行動裝置不易連接硬體載具以辨識使用者身份的問題,本創作遂揭露一種依服務指令進行身份確認以執行對應服務之系統,其中:本創作所揭露之依服務指令進行身份確認以執行對應服務之系統,至少包含:行動裝置;服務伺服器,提供行動裝置連接,用以要求行動裝置進行身份確認,並接收行動裝置所產生之與身份確認之類型對應之服務指令,及用以依據身份確認之類型選擇連線方式,其中,服務指令包含識別資料及使用者資料;身份驗證伺服器,用以接收服務伺服器依據連線方式所傳送之服務指令;電信伺服器,用以接收身份驗證伺服器所傳送之識別資料及使用者資料,及用以驗證識別資料及使用者資料以產生驗證結果,並透過身份驗證伺 服器傳送驗證結果至服務伺服器,使服務伺服器於驗證結果表示通過驗證時,依據使用者資料執行與身份確認之類型對應之作業。 In view of the problem that the mobile device cannot be easily connected to a hardware device to identify the user's identity in the prior art, this creation discloses a system for confirming the identity in accordance with a service instruction to perform a corresponding service. A system for confirming identity to perform corresponding services includes at least: a mobile device; a service server that provides a connection to the mobile device to request the identity confirmation of the mobile device and receive a service instruction corresponding to the type of identity confirmation generated by the mobile device, And used to select a connection method according to the type of identity confirmation, wherein the service instruction includes identification data and user data; an authentication server for receiving a service instruction transmitted by the service server according to the connection method; a telecommunications server, It is used to receive the identification data and user data transmitted by the authentication server, and used to authenticate the identification data and user data to generate a verification result, and through the authentication server The server sends the verification result to the service server, so that when the verification result indicates that the verification is passed, the service server performs operations corresponding to the type of identity confirmation according to the user data.

本創作所揭露之系統如上,與先前技術之間的差異在於本創作透過行動裝置在服務伺服器要求進行身份確認時,傳送與身份確認之類型對應的服務指令給服務伺服器,服務伺服器依據身份確認之類型選擇連線方式,並依據所選擇的連線方式透過身份驗證伺服器傳送服務指令中的識別資料及使用者資料至電信伺服器,使電信伺服器驗證識別資料及使用者資料而產生驗證結果,並透過身份驗證伺服器傳送驗證結果至服務伺服器,服務伺服器在驗證結果表示通過驗證時,依據使用者資料執行與身份確認之類型對應之作業,藉以解決先前技術所存在的問題,並可以達成單獨使用行動裝置完成身份辨識的技術功效。 The system disclosed in this creation is as above. The difference from the previous technology lies in the fact that when the service server requests identity confirmation through a mobile device, this creation sends a service instruction corresponding to the type of identity confirmation to the service server. Select the connection method for the type of identity confirmation, and send the identification data and user data in the service instruction to the telecommunication server through the authentication server according to the selected connection method, so that the telecommunication server verifies the identification data and user data. Generate verification results, and send the verification results to the service server through the identity verification server. When the verification results indicate that the verification is passed, the service server performs operations corresponding to the type of identity verification based on user data, thereby solving the problems existing in the prior art. Problems, and can achieve the technical effect of using a mobile device alone for identification.

110‧‧‧行動裝置 110‧‧‧ mobile device

120‧‧‧服務伺服器 120‧‧‧Service Server

121‧‧‧應用主機 121‧‧‧Application Host

125‧‧‧身份識別主機 125‧‧‧Identification Host

130‧‧‧身份驗證伺服器 130‧‧‧Authentication Server

140‧‧‧電信伺服器 140‧‧‧Telecom server

步驟210‧‧‧連接行動裝置及服務伺服器 Step 210‧‧‧ connect mobile device and service server

步驟220‧‧‧行動裝置於服務伺服器要求進行身份確認時,產生與身份確認之類型對應之服務指令,並傳送服務指令至服務伺服器 Step 220‧‧‧ When the service server requests identity confirmation, the mobile device generates a service instruction corresponding to the type of identity confirmation, and sends the service instruction to the service server

步驟223‧‧‧行動裝置連線至電信伺服器取得許可信物 Step 223‧‧‧Mobile device connects to telecommunication server to obtain permission token

步驟225‧‧‧行動裝置產生與身份確認之類型對應之服務指令,並將許可信物加入服務指令中 Step 225‧‧‧ The mobile device generates a service instruction corresponding to the type of identity confirmation, and adds a license token to the service instruction

步驟227‧‧‧行動裝置傳送服務指令至服務伺服器 Step 227‧‧‧ The mobile device sends a service instruction to the service server

步驟230‧‧‧服務伺服器依據身份確認之類型選擇連線方式,並依據連線方式傳送服務指令至身份驗證伺服器 Step 230‧‧‧ The service server selects a connection method according to the type of identity confirmation, and sends a service instruction to the identity authentication server according to the connection method.

步驟240‧‧‧身份驗證伺服器傳送識別資料及使用者資料至電信伺服器 Step 240‧‧‧ The authentication server sends identification data and user data to the telecommunication server

步驟250‧‧‧電信伺服器驗證識別資料及使用者資料以產生驗證結果,並傳送驗證結果至身份驗證伺服器 Step 250‧‧‧ The telecommunication server verifies the identification data and user data to generate a verification result, and sends the verification result to the identity verification server

步驟260‧‧‧身份驗證伺服器傳送驗證結果至服務伺服器 Step 260‧‧‧ The authentication server sends the authentication result to the service server

步驟270‧‧‧服務伺服器於驗證結果表示通過驗證時,依據使用者資料執行與身份確認之類型對應之作業 Step 270‧‧‧ The service server performs the operation corresponding to the type of identity confirmation according to the user data when the verification result indicates that the verification is passed

第1A圖為本創作所提之依服務指令進行身份確認以執行對應服務之系統架構圖。 FIG. 1A is a system architecture diagram for performing identity verification according to a service instruction and performing corresponding services mentioned in the creation.

第1B圖為本創作所提之另一種依服務指令進行身份確認以執行對應服務之系統架構圖。 FIG. 1B is another system architecture diagram for identifying the identity of a service instruction to execute a corresponding service.

第2A圖為本創作所提之依服務指令進行身份確認以執行對應服務之流程圖。 FIG. 2A is a flowchart of performing identity verification according to a service instruction to execute a corresponding service mentioned in the creation.

第2B圖為本創作所提之行動裝置取得許可信物並傳送至服務伺服器之流程圖。 FIG. 2B is a flowchart of obtaining a license token from a mobile device mentioned in the creation and transmitting it to a service server.

以下將配合圖式及實施例來詳細說明本創作之特徵與實施方式,內容足以使任何熟習相關技藝者能夠輕易地充分理解本創作解決技術問題所應用的技術手段並據以實施,藉此實現本創作可達成的功效。 The following will describe the features and implementation of this creation in detail with drawings and examples. The content is sufficient to enable any person skilled in the art to fully understand and implement the technical means applied to solve technical problems in this creation, thereby realizing What this creation can achieve.

本創作可以由行動裝置在服務伺服器要求身份確認時,透過服務伺服器與身份驗證伺服器將進行身份確認之相關資料傳送至電信伺服器進行相關資料的確認,使得服務伺服器可以在相關資料經過驗證後確認使用者身份。其中,本創作進行身份確認的相關資料包含但不限於識別資料以及使用者資料,稍後將有更詳細的說明。 In this creation, when the service server requests identity confirmation, the mobile device can send the relevant information for identity confirmation to the telecommunication server for confirmation of the relevant information through the service server and the authentication server, so that the service server can verify the relevant information. Verify user identity after verification. Among them, the relevant information for identity verification of this creation includes but is not limited to identification data and user data, which will be explained in more detail later.

以下先以「第1A圖」本創作所提之依服務指令進行身份確認以執行對應服務之系統架構圖來說明本創作。如「第1A圖」所示,本創作之系統含有行動裝置110、服務伺服器120、身份驗證伺服器130、及電信伺服器140。其中,行動裝置110、服務伺服器120、身份驗證伺服器130、與電信伺服器140都是計算設備。 The following first illustrates the creation of the system architecture diagram for the identification of the service according to the service instructions mentioned in the "Figure 1A". As shown in "Figure 1A", the system of the present invention includes a mobile device 110, a service server 120, an identity verification server 130, and a telecommunications server 140. Among them, the mobile device 110, the service server 120, the identity verification server 130, and the telecommunications server 140 are computing devices.

本創作所提之計算設備包含但不限於一個或多個處理器、一個或多個記憶體模組、以及連接不同元件(包括記憶體模組和處理器)的匯流排等元件。透過所包含之多個元件,計算設備可以載入並執行作業系統,使作業系統在計算設備上運行,也可以執行軟體或程式。另外,計算設備也包含一個外殼,上述之各個元件設置於外殼內。 The computing devices mentioned in this creation include, but are not limited to, one or more processors, one or more memory modules, and buses and other components that connect different components (including memory modules and processors). Through the contained multiple components, the computing device can load and execute the operating system, so that the operating system can run on the computing device, and can also execute software or programs. In addition, the computing device also includes a housing, and each of the above components is disposed in the housing.

本創作所提之計算設備的匯流排可以包含一種或多個類型,例如包含資料匯流排(data bus)、位址匯流排(address bus)、控制匯流排(control bus)、擴充功能匯流排(expansion bus)、及/或局域匯流排(local bus)等類型的匯流排。計算設備的匯流排包括但不限於並列的工業標準架構(ISA)匯流排、周邊元件互連(PCI)匯流排、視頻電子標準協會(VESA)局域匯流排、以及串列的通用序列匯流排(USB)、快速周邊元件互連(PCI-E)匯流排等。 The buses of the computing devices mentioned in this creation can include one or more types, such as data buses, address buses, and control buses. buses, expansion buses, and / or local buses. Computing device buses include, but are not limited to, side-by-side Industry Standard Architecture (ISA) buses, peripheral component interconnect (PCI) buses, Video Electronics Standards Association (VESA) local buses, and serial universal buses (USB), PCI-E bus and so on.

本創作所提之計算設備的處理器與匯流排耦接。處理器包含暫存器(Register)組或暫存器空間,暫存器組或暫存器空間可以完全的被設置在處理晶片上,或全部或部分被設置在處理晶片外並經由專用電氣連接及/或經由匯流排耦接至處理器。處理器可為處理單元、微處理器或任何合適的處理元件。若計算設備為多處理器設備,也就是計算設備包含多個處理器,則計算設備所包含的處理器都相同或類似,且透過匯流排耦接與通訊。處理器可以解釋一連串的多個指令以進行特定的運算或操作,例如,數學運算、邏輯運算、資料比對、複製/移動資料等,藉以運行作業系統或執行各種程式、模組、及/或元件。 The processor of the computing device mentioned in this creation is coupled to the bus. The processor contains a register group or register space. The register group or register space can be completely set on the processing chip, or all or part of it can be set outside the processing chip and connected through a dedicated electrical connection. And / or coupled to the processor via a bus. The processor may be a processing unit, a microprocessor, or any suitable processing element. If the computing device is a multi-processor device, that is, the computing device includes multiple processors, the processors included in the computing device are all the same or similar, and are coupled and communicated through a bus. The processor can interpret a series of multiple instructions to perform specific operations or operations, such as mathematical operations, logical operations, data comparison, copying / moving data, etc., to run the operating system or execute various programs, modules, and / or element.

計算設備的處理器可以與晶片組耦接或透過匯流排與晶片組電性連接。晶片組是由一個或多個積體電路(IC)組成,包含記憶體控制器以及周邊輸出入(I/O)控制器,也就是說,記憶體控制器以及周邊輸出入控制器可以包含在一個積體電路內,也可以使用兩個或更多的積體電路實現。晶片組通常提供了輸出入和記憶體管理功能、以及提供多個通用及/或專用暫存器、計時器等,其中,上述之通用及/或專用暫存器與計時器可以讓耦接或電性連接至晶片組的一個或多個處理器存取或使用。 The processor of the computing device may be coupled to the chipset or electrically connected to the chipset through a bus. The chipset is composed of one or more integrated circuits (ICs), including a memory controller and peripheral input / output (I / O) controllers, that is, the memory controller and peripheral input / output controllers can be included in Within an integrated circuit, two or more integrated circuits can also be used. The chipset usually provides I / O and memory management functions, and provides multiple general and / or special registers, timers, etc., among which the above general and / or special registers and timers can be coupled or One or more processors electrically connected to the chipset are accessed or used.

計算設備的處理器也可以透過記憶體控制器存取安裝於計算設備上的記憶體模組和大容量儲存區中的資料。上述之記憶體模組包含任何類型的揮發性記憶體(volatile memory)及/或非揮發性(non-volatile memory,NVRAM) 記憶體,例如靜態隨機存取記憶體(SRAM)、動態隨機存取記憶體(DRAM)、快閃記憶體(Flash)、唯讀記憶體(ROM)等。上述之大容量儲存區可以包含任何類型的儲存裝置或儲存媒體,例如,硬碟機、光碟片、隨身碟(快閃記憶體)、記憶卡(memory card)、固態硬碟(Solid State Disk,SSD)、或任何其他儲存裝置等。也就是說,記憶體控制器可以存取靜態隨機存取記憶體、動態隨機存取記憶體、快閃記憶體、硬碟機、固態硬碟中的資料。 The processor of the computing device can also access the data in the memory module and the mass storage area installed on the computing device through the memory controller. The above memory modules include any type of volatile memory (volatile memory) and / or non-volatile memory (NVRAM) Memory, such as static random access memory (SRAM), dynamic random access memory (DRAM), flash memory (Flash), read-only memory (ROM), and the like. The above-mentioned large-capacity storage area may include any type of storage device or storage medium, such as a hard disk drive, a compact disc, a flash drive (flash memory), a memory card, a solid state disk (Solid State Disk, SSD), or any other storage device. That is, the memory controller can access data in static random access memory, dynamic random access memory, flash memory, hard drives, and solid-state hard drives.

計算設備的處理器也可以透過周邊輸出入控制器經由周邊輸出入匯流排與周邊輸出裝置、周邊輸入裝置、通訊介面、以及GPS接收器等周邊裝置或介面連接並通訊。周邊輸入裝置可以是任何類型的輸入裝置,例如鍵盤、滑鼠、軌跡球、觸控板、搖桿等,周邊輸出裝置可以是任何類型的輸出裝置,例如顯示器、印表機等,周邊輸入裝置與周邊輸出裝置也可以是同一裝置,例如觸控螢幕等。通訊介面可以包含無線通訊介面及/或有線通訊介面,無線通訊介面可以包含支援Wi-Fi、Zigbee等無線區域網路、藍牙、紅外線、近場通訊(NFC)、3G/4G/5G等行動通訊網路或其他無線資料傳輸協定的介面,有線通訊介面可為乙太網路裝置、非同步傳輸模式(ATM)裝置、DSL數據機、纜線(Cable)數據機等。處理器可以週期性地輪詢(polling)各種周邊裝置與介面,使得計算設備能夠透過各種周邊裝置與介面進行資料的輸入與輸出,也能夠與具有上面描述之元件的另一個計算設備進行通訊。 The processor of the computing device can also connect and communicate with peripheral devices such as peripheral output devices, peripheral input devices, communication interfaces, and GPS receivers through peripheral input / output controllers via peripheral input / output buses. The peripheral input device can be any type of input device, such as a keyboard, mouse, trackball, touchpad, joystick, etc. The peripheral output device can be any type of output device, such as a monitor, printer, etc. It may be the same device as the peripheral output device, such as a touch screen. The communication interface may include a wireless communication interface and / or a wired communication interface. The wireless communication interface may include a mobile communication network supporting Wi-Fi, Zigbee and other wireless LANs, Bluetooth, infrared, near field communication (NFC), 3G / 4G / 5G, etc. Interface of wireless or data transmission protocols, and the wired communication interface may be an Ethernet device, an asynchronous transfer mode (ATM) device, a DSL modem, a cable modem, etc. The processor may poll various peripheral devices and interfaces periodically, so that the computing device can input and output data through the various peripheral devices and interfaces, and can also communicate with another computing device having the components described above.

行動裝置110可以透過無線網路與服務伺服器120連接,並可以傳送資料或訊號給服務伺服器120,也可以接收服務伺服器120所傳送的資料或訊號。 The mobile device 110 can be connected to the service server 120 through a wireless network, and can send data or signals to the service server 120, and can also receive data or signals transmitted by the service server 120.

行動裝置110可以使用所連接之服務伺服器120所提供的服務,並可以在使用服務伺服器120所提供的某些服務前,接收到服務伺服器120所傳送之身份確認的請求時,負責產生與服務伺服器120所要求之身份確認之類型對應的服務指令。在本創作中,身份確認的類型通常是由服務伺服器120所定義,至少包含使用者的門號身份識別以及裝置確認兩種,但本創作並不以此為限。 The mobile device 110 may use the services provided by the connected service server 120, and may be responsible for generating an identity confirmation request sent by the service server 120 before using certain services provided by the service server 120. A service instruction corresponding to the type of identity confirmation requested by the service server 120. In this creation, the type of identity confirmation is usually defined by the service server 120, which includes at least the user's door number identification and device confirmation, but this creation is not limited to this.

行動裝置110所產生的服務指令包含識別資料以及使用者資料。服務指令中的識別資料與使用者資料可能隨著身份確認之類型的不同而有不同。例如,當身份確認的類型為裝置確認時,識別資料可以是行動裝置110的裝置識別資料(例如行動裝置110用來連接行動通訊網路所使用之SIM卡的卡號或門號等),也可以是行動裝置110連接行動通訊網路的網路識別資料(如行動裝置110所使用的網路位址),使用者資料可以是行動裝置110用來連接行動通訊網路所使用之SIM卡所對應的門號;又如,當身份確認的類型為門號身份識別時,識別資料同樣可以是行動裝置110的裝置識別資料或網路識別資料,使用者資料除了可以包含行動裝置110用來連接行動通訊網路所使用之SIM卡所對應的門號之外,還可以包含行動裝置110之使用者的身分證號等使用者識別資料與行動裝置之使用者的生日,甚至,使用者資料還可以包含註冊服務伺服器120所提供之服務所需要的個人資料等。其中,使用者識別資料為足以辨識行動裝置110之使用者的資料,個人資料可以是性別、住址、電子郵件帳號等與行動裝置110之使用者相關的資料,但本創作並不以此為限。 The service instruction generated by the mobile device 110 includes identification data and user data. The identification information and user data in the service order may vary depending on the type of identification. For example, when the type of identity confirmation is device confirmation, the identification data may be device identification data of the mobile device 110 (such as the card number or door number of the SIM card used by the mobile device 110 to connect to the mobile communication network), or it may be The network identification data of the mobile device 110 connected to the mobile communication network (such as the network address used by the mobile device 110). The user data may be the door number corresponding to the SIM card used by the mobile device 110 to connect to the mobile communication network. ; For another example, when the type of identity confirmation is door number identification, the identification data may also be device identification data or network identification data of the mobile device 110, in addition to the user data may include the mobile device 110 used to connect to a mobile communication network. In addition to the gate number corresponding to the SIM card used, it can also contain user identification information such as the identity card number of the user of the mobile device 110 and the birthday of the user of the mobile device, and even the user data can include the registration service server Personal data and other services required by the server 120. Among them, the user identification data is data sufficient to identify the user of the mobile device 110, and the personal data may be data related to the user of the mobile device 110 such as gender, address, email account, etc., but this creation is not limited to this .

行動裝置110也可以透過行動通訊網路連線至電信伺服器140取得電信伺服器140所發出的許可信物(token),並可以在產生服務指令時,將所取得的許可信物加入服務指令中,也就是可以產生包含許可信物的服務指令。 其中,許可信物為電信伺服器140對特定資料進行特定編碼方式所產生的資料,通常是由一定數量的字母、數字、符號任意排列而成,且具有時間性。 The mobile device 110 may also connect to the telecommunications server 140 through a mobile communication network to obtain a license token issued by the telecommunications server 140, and may add the obtained license token to the service instruction when generating a service instruction, or It is possible to generate a service instruction containing a license token. Among them, the license token is data generated by the telecommunication server 140 in a specific encoding method for the specific data, and is usually formed by arbitrarily arranging a certain number of letters, numbers, and symbols, and has a temporal nature.

服務伺服器120可以提供服務給行動裝置110使用。在部分的實施例中,服務伺服器120可以如「第1B圖」所示,包含應用主機121以及身份識別主機125。也就是說,服務伺服器120包含應用主機121與身份識別主機125所有的功能。 The service server 120 may provide services to the mobile device 110 for use. In some embodiments, the service server 120 may include an application host 121 and an identification host 125 as shown in FIG. 1B. That is, the service server 120 includes all functions of the application host 121 and the identification host 125.

應用主機121可以透過無線網路提供行動裝置110連接,並可以傳送資料或訊號給行動裝置110,也可以接收行動裝置110所傳送的資料或訊號。相似的,應用主機121可以透過實體線路或電路、有線或無線網路與身份識別主機125連接,並可以傳送資料或訊號給身份識別主機125,也可以接收身份識別主機125所傳送的資料或訊號。 The application host 121 can provide the mobile device 110 connection through a wireless network, and can send data or signals to the mobile device 110, and can also receive data or signals sent by the mobile device 110. Similarly, the application host 121 may be connected to the identification host 125 through a physical line or circuit, a wired or wireless network, and may transmit data or signals to the identification host 125, or may receive data or signals transmitted by the identification host 125. .

行動裝置110所使用的服務通常是由應用主機121所提供,其中,應用主機121可以先要求行動裝置110進行身份確認,並可以在行動裝置110通過身份確認後才提供特定的服務給行動裝置110使用。 The services used by the mobile device 110 are usually provided by the application host 121. The application host 121 may first request the mobile device 110 to confirm the identity, and may provide specific services to the mobile device 110 after the mobile device 110 passes the identity confirmation. use.

應用主機121也可以接收行動裝置110所產生之與身份確認之類型對應的服務指令,並可以將所接收到之服務指令傳送給身份識別主機125。 The application host 121 may also receive a service instruction corresponding to the type of identity confirmation generated by the mobile device 110, and may transmit the received service instruction to the identity identification host 125.

應用主機121也可以接收驗證結果,並可以在所接收到的驗證結果表示通過驗證時,依據所接收到的使用者資料執行與身份確認之類型對應的作業。例如,當身份確認之類型為門號身份識別時,應用主機121可以執行使用者註冊的作業;當身份確認之類型為裝置確認時,應用主機121可以執行使用者登入的作業,但本創作並不以上述為限。 The application host 121 may also receive a verification result, and may perform an operation corresponding to a type of identity confirmation according to the received user data when the received verification result indicates that the verification is passed. For example, when the type of identity confirmation is door number identification, the application host 121 can perform user registration; when the type of identity confirmation is device confirmation, the application host 121 can perform user login operations. Not limited to the above.

身份識別主機125可以透過實體線路或電路、有線或無線網路與應用主機121連接,身份識別主機125也可以透過有線或無線網路與身份驗證伺服器130連接,身份識別主機125並可以傳送資料或訊號給應用主機121或身份驗證伺服器130,還可以接收應用主機121或身份驗證伺服器130所傳送的資料或訊號。 The identification host 125 can be connected to the application host 121 through a physical line or circuit, a wired or wireless network, and the identification host 125 can also be connected to the authentication server 130 through a wired or wireless network. The identification host 125 can also transmit data Or a signal to the application host 121 or the authentication server 130, and may also receive data or signals transmitted by the application host 121 or the authentication server 130.

身份識別主機125可以依據所接收到之身份確認的類型選擇連線方式,並可以依據所選擇的連線方式將所接收到之服務指令傳送給身份驗證伺服器130。在本創作中,身份識別主機125選擇連線方式可以是依據身份確認之不同類型選擇身份驗證伺服器130所提供之不同的傳輸介面,並使用所選擇的傳輸介面與身份驗證伺服器130建立連線,但本創作並不以此為限。 The identification host 125 may select a connection method according to the type of the received identity confirmation, and may transmit the received service instruction to the identity verification server 130 according to the selected connection method. In this creation, the connection mode selected by the identity recognition host 125 may be to select different transmission interfaces provided by the authentication server 130 according to different types of identity confirmation, and use the selected transmission interface to establish a connection with the authentication server 130. Line, but this creation is not limited to this.

身份驗證伺服器130可以透過有線或無線網路與服務伺服器120連接,並可以傳送資料或訊號至服務伺服器120,也可以接收服務伺服器120所傳送的資料或訊號。 The identity authentication server 130 may be connected to the service server 120 through a wired or wireless network, and may transmit data or signals to the service server 120, and may also receive data or signals transmitted by the service server 120.

身份驗證伺服器130負責接收服務伺服器120所傳送的服務指令。一般而言,身份驗證伺服器130可以依據接收到服務指令的傳輸介面定義服務指令的資料格式,並依據所定義之資料格式由所接收到之服務指令中讀取出識別資料以及使用者資料。 The identity verification server 130 is responsible for receiving service instructions transmitted by the service server 120. Generally speaking, the identity verification server 130 can define the data format of the service order according to the transmission interface receiving the service order, and read the identification data and user data from the received service order according to the defined data format.

身份驗證伺服器130也可以在接收到服務指令時,先判斷服務指令是否正確,並在判斷服務指令正確時,再讀出識別資料以及使用者資料。例如,身份驗證伺服器130可以判斷服務指令與接收到服務指令之傳輸介面是否相符,更詳細的,身份驗證伺服器130可以依據服務指令的長度是否與資料格式相符、服務指令中之指定位置是否包含特定字元或特定資料等方式來判斷服務指 令是否正確,但身份驗證伺服器130判斷服務指令是否正確之方式並不以上述為限。 The identity verification server 130 may also determine whether the service instruction is correct when receiving the service instruction, and read out the identification data and user data when determining that the service instruction is correct. For example, the identity verification server 130 may determine whether the service order matches the transmission interface of the received service order. In more detail, the identity verification server 130 may determine whether the length of the service order is consistent with the data format and whether the specified position in the service order is Including specific characters or specific data to determine service instructions The order is correct, but the manner in which the identity verification server 130 determines whether the service instruction is correct is not limited to the above.

身份驗證伺服器130也負責將由服務指令中所取出的識別資料以及使用者資料傳送給電信伺服器140,若服務指令中也包含許可信物,則身份驗證伺服器130也可以將許可信物由服務指令中取出並傳送給電信伺服器140。身份驗證伺服器130可以依據服務伺服器120所使用之連線方式(或接收到服務指令之傳輸介面)選擇與電信伺服器140連線之方式,藉以傳送所取出之識別資料及使用者資料至電信伺服器140,身份驗證伺服器130也可以產生與服務伺服器120所使用之連線方式對應的服務訊息,並可以在傳送識別資料及使用者資料至電信伺服器140時,一併將所產生之服務訊息傳送給電信伺服器140。其中,服務訊息可以使電信伺服器140判斷需要進行的驗證方式,例如,驗證識別資料(行動裝置110的裝置識別資料或網路識別資料)與使用者資料(行動裝置110連接行動通訊網路的門號)是否經過註冊,或依據識別資料(行動裝置110的裝置識別資料或網路識別資料)驗證使用者資料(行動裝置110連接行動通訊網路的門號與行動裝置110之使用者的使用者識別資料)是否相符等。 The identity verification server 130 is also responsible for transmitting the identification data and user data retrieved from the service order to the telecommunication server 140. If the service order also includes a license token, the identity verification server 130 may also send the license token to the service instruction It is taken out and transmitted to the telecommunication server 140. The authentication server 130 may select a connection method with the telecommunication server 140 according to the connection method (or the transmission interface receiving the service instruction) used by the service server 120 to transmit the extracted identification data and user data to The telecommunication server 140 and the identity verification server 130 can also generate service messages corresponding to the connection methods used by the service server 120, and can send identification data and user data to the telecommunication server 140 at the same time. The generated service message is transmitted to the telecommunication server 140. The service information may enable the telecommunications server 140 to determine the authentication method that needs to be performed, for example, authentication identification data (device identification data or network identification data of the mobile device 110) and user data (the door of the mobile device 110 connected to the mobile communication network). No.) Is it registered or is the user data verified based on the identification data (device identification data or network identification data of the mobile device 110) (the door number of the mobile device 110 connected to the mobile communication network and the user identification of the user of the mobile device 110) Information) whether they match.

身份驗證伺服器130也負責接收電信伺服器140所傳回的驗證結果,及負責將所接收到的驗證結果傳回服務伺服器120。 The identity verification server 130 is also responsible for receiving the verification results returned by the telecommunications server 140, and is responsible for transmitting the received verification results back to the service server 120.

電信伺服器140可以透過有線或無線網路與身份驗證伺服器130連接,並可以傳送資料或訊號給身份驗證伺服器130,也可以接收身份驗證伺服器130所傳送的資料或訊號。 The telecommunication server 140 may be connected to the authentication server 130 through a wired or wireless network, and may transmit data or signals to the authentication server 130, and may also receive data or signals transmitted by the authentication server 130.

電信伺服器140負責接收身份驗證伺服器130所傳送的識別資料以及使用者資料,並負責對識別資料與使用者資料進行驗證以產生驗證結果,及負責將所產生的驗證結果傳送給身份驗證伺服器130。 The telecommunication server 140 is responsible for receiving the identification data and user data transmitted by the identity verification server 130, and for verifying the identity data and user data to generate verification results, and is responsible for transmitting the generated verification results to the identity verification server器 130。 130.

電信伺服器140可以判斷所儲存的資料中,是否存在一筆資料同時包含所接收到之識別資料及使用者資料,藉以驗證識別資料及使用者資料。其中,當電信伺服器140儲存有一筆同時包含識別資料及使用者資料之資料時,電信伺服器140可以產生通過驗證的驗證結果;反之,則產生未通過驗證的驗證結果。 The telecommunication server 140 can determine whether there is a piece of data in the stored data containing both the received identification data and user data, so as to verify the identification data and user data. Wherein, when the telecommunication server 140 stores a piece of data containing both identification data and user data, the telecommunication server 140 can generate a verification result that passes the verification; otherwise, it generates a verification result that fails the verification.

電信伺服器140也可以接收身份驗證伺服器130所傳送的許可信物,並可以驗證許可信物,也就是判斷許可信物是否由電信伺服器140所發出,甚至可以判斷許可信物是否在有效時間內。當許可信物通過電信伺服器140的驗證,則電信伺服器140可以產生通過驗證的驗證結果;反之,電信伺服器140可以產生未通過驗證的驗證結果。其中,電信伺服器140可以將所發出之許可信物以及發給許可信物之行動裝置的識別資料儲存為一筆許可驗證資料,並依據所儲存的許可驗證資料判斷許可信物是否由電信伺服器140所發出,但本創作並不以此為限。 The telecommunication server 140 can also receive the permission token transmitted by the identity verification server 130, and can verify the permission token, that is, determine whether the permission token is issued by the telecommunication server 140, or even determine whether the permission token is within the valid time. When the authorized token passes the verification of the telecommunication server 140, the telecommunication server 140 may generate a verification result that passes the verification; otherwise, the telecommunication server 140 may generate a verification result that fails the verification. Among them, the telecommunication server 140 may store the identification information of the issued license token and the mobile device issued to the license token as a piece of license verification data, and determine whether the license token is issued by the telecommunications server 140 according to the stored license verification data. , But this creation is not limited to this.

接著以一個實施例來解說本創作的系統運作,並請參照「第2A圖」本創作所提之依服務指令進行身份確認以執行對應服務之流程圖。在本實施例中,假設行動裝置110為手機,服務伺服器120包含應用主機121與身份識別主機125,但本創作並不以此為限。 Next, an embodiment is used to explain the operation of the system of this creation, and please refer to the flow chart of “2A” in this creation for confirming the identity according to the service instruction to execute the corresponding service. In this embodiment, it is assumed that the mobile device 110 is a mobile phone, and the service server 120 includes an application host 121 and an identification host 125, but this creation is not limited thereto.

當使用者操作行動裝置110連線到服務伺服器120(步驟210)後,使用者可以操作行動裝置110使用可以使用服務伺服器120中之應用主機121所 提供的服務。當使用者操作行動裝置110所使用的服務需要進行身份確認時,例如,使用者所使用的服務需要先登入或是需要再次確認使用者身份時,應用主機121可以要求行動裝置110進行身份確認。 After the user operates the mobile device 110 to connect to the service server 120 (step 210), the user can operate the mobile device 110 to use the application host 121 in the service server 120. service provided. When the user needs to perform identity verification when operating the service used by the mobile device 110, for example, when the service used by the user needs to log in first or the user identity needs to be confirmed again, the application host 121 may request the mobile device 110 to perform identity verification.

行動裝置110可以在服務伺服器120中的應用主機121要求進行身份確認時,產生與應用主機121所要求之身份確認的類別對應之服務指令,並將所產生的服務指令傳送給服務伺服器120(步驟220)。在本實施例中,假設應用主機121所要求之身份確認的類別有使用者登入與使用者確認兩種,行動裝置110在身份確認之類別為使用者登入時,所產生之服務指令可以包含行動裝置110的裝置識別資料或網路識別資料(識別資料)以及行動裝置110之使用者的身分證號、生日、與使用者在行動裝置110上所使用的門號(使用者資料);且行動裝置110在身份確認之類別為使用者確認時,所產生之服務指令可以包含行動裝置110的裝置識別資料或網路識別資料(識別資料)以及使用者在行動裝置110上所使用的門號(使用者資料)。 The mobile device 110 may generate a service instruction corresponding to the type of identity confirmation requested by the application host 121 when the application host 121 in the service server 120 requests identity confirmation, and transmit the generated service instruction to the service server 120 (Step 220). In this embodiment, it is assumed that the types of identity confirmation required by the application host 121 are user login and user confirmation. When the type of identity confirmation is user login, the service command generated by the mobile device 110 may include actions. Device identification data or network identification data (identification data) of the device 110 and the identity card number, birthday, and door number (user data) of the user on the mobile device 110; and mobile When the type of the identity confirmation of the device 110 is user confirmation, the service instruction generated may include device identification data or network identification data (identification data) of the mobile device 110 and a door number used by the user on the mobile device 110 ( User profile).

在服務伺服器120接收到行動裝置110所傳送的服務指令後,服務伺服器120可以依據要求行動裝置110進行身份確認之類型選擇連線方式,並依據所選擇的連線方式將接收自行動裝置110的服務指令傳送到身份驗證伺服器130(步驟230)。在本實施例中,服務伺服器120的應用主機121在接收到服務指令後,可以產生與要求行動裝置110進行之身份確認之類型對應的類型訊息,並可以將所接收到的服務指令以及所產生的類型訊息傳送給服務伺服器120中的身份識別主機125,身份識別主機在接收到應用主機121所傳送的服務指令以及類型訊息後,可以依據所接收到的類型訊息選擇身份驗證伺服器130所提供之 對應的傳輸介面(連線方式),並透過所選擇的傳輸介面將所接收到的服務指令傳送給身份驗證伺服器130。 After the service server 120 receives the service instruction sent by the mobile device 110, the service server 120 may select a connection method according to the type of identity confirmation required by the mobile device 110, and receive the mobile device 110 according to the selected connection method. The service instruction of 110 is transmitted to the authentication server 130 (step 230). In this embodiment, after receiving the service instruction, the application host 121 of the service server 120 may generate a type message corresponding to the type of identity confirmation required by the mobile device 110, and may receive the received service instruction and the The generated type message is transmitted to the identification host 125 in the service server 120. After receiving the service instruction and the type message transmitted by the application host 121, the identification host can select the authentication server 130 according to the received type message. Provided The corresponding transmission interface (connection mode), and the received service instruction is transmitted to the identity verification server 130 through the selected transmission interface.

在身份驗證伺服器130接收到服務伺服器120所傳送的服務指令後,身份驗證伺服器130可以由所接收到的服務指令中讀取出識別資料以及使用者資料,並可以將所讀取出之識別資料以及使用者資料送給電信伺服器140(步驟240)。 After the identity authentication server 130 receives the service instruction transmitted by the service server 120, the identity authentication server 130 can read the identification data and user data from the received service instruction, and can read the read out The identification data and user data are sent to the telecommunication server 140 (step 240).

電信伺服器140在接收到身份驗證伺服器130所傳送的識別資料以及使用者資料後,電信伺服器140可以驗證所接收到的識別資料與使用者資料。在本實施例中,假設電信伺服器140可以判斷所儲存的資料中,是否存在一筆資料包含所接收到的識別資料與使用者資料,藉以驗證識別資料與使用者資料。若電信伺服器140所儲存的資料中存在包含識別資料與使用者資料的資料,則電信伺服器140可以產生通過驗證的驗證結果,反之,若電信伺服器140所儲存的資料中不存在同時包含識別資料與使用者資料的資料,則電信伺服器140可以產生未通過驗證的驗證結果。 After the telecommunications server 140 receives the identification data and user data transmitted by the identity verification server 130, the telecommunications server 140 can verify the received identification data and user data. In this embodiment, it is assumed that the telecommunications server 140 can determine whether there is a piece of data including the received identification data and user data in the stored data, so as to verify the identification data and user data. If the data stored by the telecommunication server 140 includes identification data and user data, the telecommunication server 140 can generate a verification verification result. On the contrary, if the data stored by the telecommunication server 140 does not exist and contains both The data of the identification data and the user data, the telecommunication server 140 may generate a verification result that fails the verification.

在電信伺服器140驗證識別資料與使用者資料並產生驗證結果後,電信伺服器140可以將所產生的驗證結果傳送給身份驗證伺服器130(步驟250)。 After the telecommunication server 140 verifies the identification data and the user data and generates a verification result, the telecommunication server 140 may transmit the generated verification result to the identity verification server 130 (step 250).

身份驗證伺服器130在接收到電信伺服器140所傳回的驗證結果後,可以將所接收到的驗證結果傳回服務伺服器120(步驟260)。在本實施例中,服務伺服器120的身份識別主機125可以接收到身份驗證伺服器130所傳送的驗證結果,並可以將所接收到的驗證結果傳送給服務伺服器120的應用主機121。 After receiving the verification result returned by the telecommunications server 140, the identity verification server 130 may return the received verification result to the service server 120 (step 260). In this embodiment, the identity host 125 of the service server 120 may receive the verification result transmitted by the identity verification server 130, and may transmit the received verification result to the application host 121 of the service server 120.

在服務伺服器120在接收到身份驗證伺服器130所傳送的驗證結果後,服務伺服器120可以判斷驗證結果是否表示通過驗證。若驗證結果表示沒有通過驗證,則服務伺服器120中的應用主機121將可以拒絕提供行動裝置110欲使用的服務;而若驗證結果表示通過驗證,則服務伺服器120中的應用主機121可以依據接收是行動裝置110的使用者資料執行與身份確認之類型對應的作業(步驟270),在本實施例中,也就是使用者註冊作業或使用者登入作業,使得使用者可以操作行動裝置110使用的應用主機121所提供的服務。 After the service server 120 receives the verification result transmitted by the identity verification server 130, the service server 120 may determine whether the verification result indicates that the verification is passed. If the verification result indicates that the verification fails, the application host 121 in the service server 120 may refuse to provide the service intended by the mobile device 110; and if the verification result indicates that the verification is passed, the application host 121 in the service server 120 may The receiving is the user data of the mobile device 110 to perform an operation corresponding to the type of identity confirmation (step 270). In this embodiment, it is a user registration operation or a user login operation, so that the user can operate the mobile device 110 to use The services provided by the application host 121.

如此,透過本創作,服務伺服器120可以透過第三方的電信伺服器140驗證行動裝置110之使用者所提供的資料,藉以在行動裝置110之使用者所提供的資料經過驗證的前提下提供行動裝置110使用服務伺服器120所提供的服務。 Thus, through this creation, the service server 120 can verify the data provided by the user of the mobile device 110 through the third-party telecommunication server 140, so as to provide the action on the premise that the data provided by the user of the mobile device 110 is verified The device 110 uses services provided by the service server 120.

上述實施例中,在行動裝置110產生與服務伺服器120所要求之身份確認的類型對應之服務指令時,可以如「第2B圖」之流程所示,行動裝置110可以先透過行動通訊網路連線至電信伺服器140,並取得電信伺服器140所發出的許可信物(步驟223),接著,行動裝置110在產生服務指令時,可以將取得自電信伺服器140的許可信物加入所產生的服務指令中(步驟225),也就是產生包含許可信物的服務指令,之後,行動裝置110可以將所產生的服務指令傳送給服務伺服器120(步驟227)。 In the above embodiment, when the mobile device 110 generates a service instruction corresponding to the type of identity confirmation requested by the service server 120, the mobile device 110 may first connect through a mobile communication network as shown in the flow chart in FIG. 2B. Go to the telecommunication server 140 and obtain the license token issued by the telecommunications server 140 (step 223). Then, when the mobile device 110 generates a service instruction, it can add the license token obtained from the telecommunications server 140 to the generated service. In the instruction (step 225), that is, a service instruction including a license token is generated. After that, the mobile device 110 may transmit the generated service instruction to the service server 120 (step 227).

如此,在電信伺服器140驗證所接收到的識別資料與使用者資料(步驟250)時,也可以一併驗證許可信物。也就是說,電信伺服器140可以判斷所儲存的資料中,是否存在一筆資料包含所接收到的識別資料與使用者資料,並可以判斷許可信物是否由電信伺服器140自身所發出。若電信伺服器140 所儲存的資料中存在包含識別資料與使用者資料的資料,且許可信物是由電信伺服器140所發出,則電信伺服器140可以產生通過驗證的驗證結果,反之,若電信伺服器140所儲存的資料中不存在同時包含識別資料與使用者資料的資料,或者許可信物不是由電信伺服器140所發出,則電信伺服器140可以產生未通過驗證的驗證結果。 In this way, when the telecommunications server 140 verifies the received identification data and user data (step 250), it is also possible to verify the permitted tokens together. In other words, the telecommunication server 140 can determine whether there is a piece of data including the received identification data and user data among the stored data, and can determine whether the permission token is issued by the telecommunication server 140 itself. If telecommunications server 140 The stored data includes data including identification data and user data, and the license token is issued by the telecommunication server 140, and the telecommunication server 140 can generate a verification verification result. On the contrary, if the telecommunication server 140 stores If there is no data that contains both identification data and user data, or the license is not issued by the telecommunications server 140, the telecommunications server 140 can generate a verification result that fails the verification.

綜上所述,可知本創作與先前技術之間的差異在於具有行動裝置在服務伺服器要求進行身份確認時,傳送與身份確認之類型對應的服務指令給服務伺服器,服務伺服器依據身份確認之類型選擇連線方式,並依據所選擇的連線方式透過身份驗證伺服器傳送服務指令中的識別資料及使用者資料至電信伺服器,使電信伺服器驗證識別資料及使用者資料而產生驗證結果,並透過身份驗證伺服器傳送驗證結果至服務伺服器,服務伺服器在驗證結果表示通過驗證時,依據使用者資料執行與身份確認之類型對應之作業之技術手段,藉由此一技術手段可以來解決先前技術所存在行動裝置不易連接硬體載具以辨識使用者身份的的問題,進而達成單獨使用行動裝置完成身份辨識的技術功效。 In summary, it can be seen that the difference between this creation and the prior art is that a mobile device sends a service instruction corresponding to the type of identity confirmation to the service server when the service server requires identity confirmation, and the service server confirms based on the identity The connection method is selected, and the identification data and user data in the service instruction are transmitted to the telecommunication server through the authentication server according to the selected connection method, so that the telecommunication server verifies the identification data and user data to generate verification. As a result, the verification result is transmitted to the service server through the identity verification server. When the verification result indicates that the verification is passed, the service server performs technical operations corresponding to the type of identity confirmation based on user data. It can solve the problem that the mobile device is difficult to connect to the hardware carrier to identify the user's identity in the prior art, and then achieve the technical effect of using the mobile device to complete the identity identification.

再者,本創作之依服務指令進行身份確認以執行對應服務之系統,可實現於硬體、軟體或硬體與軟體之組合中,亦可在電腦系統中以集中方式實現或以不同元件散佈於若干互連之電腦系統的分散方式實現。 In addition, the system of identity creation in accordance with the service instructions to perform corresponding services in this creation can be implemented in hardware, software or a combination of hardware and software, and can also be implemented in a centralized manner in computer systems or distributed with different components. Decentralized in several interconnected computer systems.

雖然本創作所揭露之實施方式如上,惟所述之內容並非用以直接限定本創作之專利保護範圍。任何本創作所屬技術領域中具有通常知識者,在不脫離本創作所揭露之精神和範圍的前提下,對本創作之實施的形式上及細節上作些許之更動潤飾,均屬於本創作之專利保護範圍。本創作之專利保護範圍,仍須以所附之申請專利範圍所界定者為準。 Although the implementation method disclosed in this creation is as above, the content is not intended to directly limit the scope of patent protection of this creation. Any person with ordinary knowledge in the technical field to which this creation belongs, without departing from the spirit and scope disclosed by this creation, can make some modifications to the form and details of the implementation of this creation, which are all covered by the patent protection of this creation. range. The scope of patent protection for this creation must still be defined by the scope of the attached patent application.

Claims (10)

一種依服務指令進行身份確認以執行對應服務之系統,該系統至少包含:
一行動裝置;
一服務伺服器,提供該行動裝置連接,用以要求該行動裝置進行一身份確認,並接收該行動裝置所產生之與該身份確認之類型對應之一服務指令,及用以依據該身份確認之類型選擇一連線方式,其中,該服務指令包含一識別資料及一使用者資料;
一身份驗證伺服器,用以接收該服務伺服器依據該連線方式所傳送之該服務指令;及
一電信伺服器,用以接收該身份驗證伺服器所傳送之該識別資料及該使用者資料,及用以驗證該識別資料及該使用者資料以產生一驗證結果,並透過該身份驗證伺服器傳送該驗證結果至該服務伺服器,使該服務伺服器於該驗證結果表示通過驗證時,依據該使用者資料執行與該身份確認之類型對應之作業。 A system for confirming identity in accordance with a service instruction to perform a corresponding service, the system includes at least:
A mobile device
A service server providing the mobile device connection, for requesting the mobile device to perform an identity confirmation, and receiving a service instruction corresponding to the type of the identity confirmation generated by the mobile device, and for confirming the identity based on the identity The type selects a connection method, wherein the service instruction includes an identification data and a user data;
An authentication server for receiving the service instruction transmitted by the service server according to the connection mode; and a telecommunication server for receiving the identification data and the user data transmitted by the authentication server , And for verifying the identification data and the user data to generate a verification result, and transmitting the verification result to the service server through the identity verification server, so that the service server indicates that the verification result passes the verification, The operation corresponding to the type of the identity confirmation is performed according to the user data. 如申請專利範圍第1項所述之依服務指令進行身份確認以執行對應服務之系統,其中該服務伺服器更包含一應用主機及一身份識別主機,該應用主機用以傳送該服務指令及與該身份確認之類型對應之一類型訊息至該服務伺服器中之一身份識別主機,該身份識別主機依據該類型訊息選擇該連線方式,並依據該連線方式傳送該服務指令至該身份識別主機。The system for performing identity verification according to a service instruction as described in item 1 of the scope of the patent application to perform corresponding services, wherein the service server further includes an application host and an identification host, and the application host is used to transmit the service instruction and the The type of identity confirmation corresponds to a type of message to an identity host in the service server. The identity host selects the connection method according to the type of message, and sends the service instruction to the identity according to the connection method. Host. 如申請專利範圍第1項所述之依服務指令進行身份確認以執行對應服務之系統,其中該服務伺服器是選擇該身份驗證伺服器所提供之一傳輸介面以選擇該連線方式。The system for performing identity confirmation according to a service instruction as described in item 1 of the scope of patent application to perform corresponding services, wherein the service server selects a transmission interface provided by the authentication server to select the connection method. 如申請專利範圍第1項所述之依服務指令進行身份確認以執行對應服務之系統,其中該身份驗證伺服器是依據該連線方式選擇與該電信伺服器連線之方式,藉以傳送該識別資料及該使用者資料至該電信伺服器,或於傳送該識別資料及該使用者資料至該電信伺服器時,一併傳送與該連線方式對應之服務訊息至該電信伺服器。The system for performing identity verification according to a service instruction as described in item 1 of the scope of patent application to perform corresponding services, wherein the authentication server selects a connection method with the telecommunication server according to the connection method, thereby transmitting the identification The data and the user data are transmitted to the telecommunication server, or when the identification data and the user data are transmitted to the telecommunication server, a service message corresponding to the connection method is also transmitted to the telecommunication server. 如申請專利範圍第1項所述之依服務指令進行身份確認以執行對應服務之系統,其中該身份驗證伺服器是在判斷該服務指令正確時,由該服務指令中讀取該識別資料及該使用者資料。The system for performing identity verification according to a service instruction as described in item 1 of the scope of patent application to perform corresponding services, wherein the identity verification server reads the identification information and the service instruction from the service instruction when determining that the service instruction is correct. User data. 如申請專利範圍第1項所述之依服務指令進行身份確認以執行對應服務之系統,其中該行動裝置更用以連線至該電信伺服器取得一許可信物,並將該許可信物加入該服務指令中。The system for performing identity verification according to a service instruction as described in item 1 of the scope of patent application to perform corresponding services, wherein the mobile device is further used to connect to the telecommunication server to obtain a license token and add the license token to the service Instruction. 如申請專利範圍第1項所述之依服務指令進行身份確認以執行對應服務之系統,其中該許可信物具有時間性。The system for confirming identity in accordance with a service instruction to perform corresponding services as described in item 1 of the scope of patent application, wherein the license token is time-sensitive. 如申請專利範圍第1項所述之依服務指令進行身份確認以執行對應服務之系統,其中該電信伺服器是判斷是否存在一筆資料包含該識別資料及該使用者資料以驗證該識別資料及該使用者資料。The system for performing identity confirmation according to a service instruction as described in item 1 of the scope of patent application to perform corresponding services, wherein the telecommunication server determines whether a piece of data contains the identification data and the user data to verify the identification data and User data. 如申請專利範圍第1項所述之依服務指令進行身份確認以執行對應服務之系統,其中該識別資料為該行動裝置之裝置識別資料或該行動裝置連接行動通訊網路之網路識別資料。The system for performing identity verification according to a service instruction as described in item 1 of the scope of patent application to perform corresponding services, wherein the identification data is device identification data of the mobile device or network identification data of the mobile device connected to a mobile communication network. 如申請專利範圍第1項所述之依服務指令進行身份確認以執行對應服務之系統,其中該使用者資料包含該行動裝置連接行動通訊網路之門號。The system for performing identity verification according to a service instruction as described in item 1 of the scope of patent application to perform corresponding services, wherein the user data includes a gate number of the mobile device connected to a mobile communication network.
TW108209736U 2019-07-25 2019-07-25 A system for performing identity verification according to the service instruction to execute the corresponding service TWM586390U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW108209736U TWM586390U (en) 2019-07-25 2019-07-25 A system for performing identity verification according to the service instruction to execute the corresponding service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW108209736U TWM586390U (en) 2019-07-25 2019-07-25 A system for performing identity verification according to the service instruction to execute the corresponding service

Publications (1)

Publication Number Publication Date
TWM586390U true TWM586390U (en) 2019-11-11

Family

ID=69189713

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108209736U TWM586390U (en) 2019-07-25 2019-07-25 A system for performing identity verification according to the service instruction to execute the corresponding service

Country Status (1)

Country Link
TW (1) TWM586390U (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI777105B (en) * 2019-11-21 2022-09-11 臺灣網路認證股份有限公司 System for obtaining additional data when identifying to execute operation and method thereof

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI777105B (en) * 2019-11-21 2022-09-11 臺灣網路認證股份有限公司 System for obtaining additional data when identifying to execute operation and method thereof

Similar Documents

Publication Publication Date Title
TWI754811B (en) System for using device identification to identify via telecommunication server and method thereof
TWM539667U (en) System of online credentials application for network transaction via carrier
TWI644276B (en) System for opening account and applying mobile banking account online and method thereof
CN115408707A (en) Data transmission method, device and system, electronic equipment and storage medium
TWM594186U (en) Device and system combining online rapid authentication and public key infrastructure to identify identity
TWM592629U (en) System to obtain appended data and execute corresponding operation when identity is confirmed
TWM586390U (en) A system for performing identity verification according to the service instruction to execute the corresponding service
TWM539668U (en) System for opening account online and applying for mobile banking
TWM580206U (en) System for identifying identity through telecommunication server by identification data device
TWM588313U (en) System for confirming user identity through financial account information
TWI691859B (en) System for identifying according to instruction to execute service and method thereof
TWM620550U (en) System for verifying identity on different devices by verifying valid certificates
TWI724638B (en) System for using carrier to verity identity in machine for opening account and method thereof
TWI729535B (en) System for using financial account to confirm identity and method thereof
TWI777105B (en) System for obtaining additional data when identifying to execute operation and method thereof
TWI690820B (en) System for using embedded browser module to manage certificate and method thereof
TWM586494U (en) ID recognition system using network identification data through telecommunication server
TWM583978U (en) System of using physical carrier to store digital certificate for performing online transaction
TWI745015B (en) System and method for providing authorized content generated during identity authentication for verifying transaction data before transaction
TWI790495B (en) System for driving smart card by third-party device for identity verification and method thereof
TWI767113B (en) System for using certificate stored in carrier to conduct online transactions and method thereof
TWI746920B (en) System for using certificate to verify identity from different domain through portal and method thereof
TWI780341B (en) System for using network identification to identify via telecommunication server and method thereof
TWM580295U (en) System for managing certificate with embedded browser module and computing equipment
TWI803907B (en) System for confirming identity on different devices by verifying valid certification and method thereof