TWM592134U - System for verifying identity for opening an account using a vehicle in an ATM - Google Patents

System for verifying identity for opening an account using a vehicle in an ATM Download PDF

Info

Publication number
TWM592134U
TWM592134U TW108215313U TW108215313U TWM592134U TW M592134 U TWM592134 U TW M592134U TW 108215313 U TW108215313 U TW 108215313U TW 108215313 U TW108215313 U TW 108215313U TW M592134 U TWM592134 U TW M592134U
Authority
TW
Taiwan
Prior art keywords
account
data
atm
certificate
account opening
Prior art date
Application number
TW108215313U
Other languages
Chinese (zh)
Inventor
王國河
蔡國正
Original Assignee
臺灣網路認證股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 臺灣網路認證股份有限公司 filed Critical 臺灣網路認證股份有限公司
Priority to TW108215313U priority Critical patent/TWM592134U/en
Publication of TWM592134U publication Critical patent/TWM592134U/en

Links

Images

Abstract

一種在自動櫃員機中使用載具驗證身分以開戶之系統,其透過在自動櫃員機中安裝硬體載具之驅動程式,使自動櫃員機可以透過硬體載具對開戶資料簽章,並將開戶資料與簽章資料傳送給開戶伺服器,開戶伺服器可以透過憑證驗證伺服器驗證簽章資料後,使用開戶資料完成開戶程序之技術手段,可以無需臨櫃進行開戶,並達成讓開戶者選擇合適的時間與地點完成開戶的技術功效。A system for verifying identity by using a vehicle in an ATM to open an account. By installing a hardware vehicle driver in the ATM, the ATM can sign the account opening data through the hardware vehicle and sign the account opening data with The signature data is sent to the account opening server. After the account opening server can verify the signature data through the certificate verification server, the account opening data can be used to complete the account opening process. It can be used to open the account without going to the counter and achieve the right time for the account opener. Complete the technical effect of opening an account with the location.

Description

在自動櫃員機中使用載具驗證身分以開戶之系統System for verifying identity using vehicle in ATM to open account

一種遠端開戶系統,特別係指一種在自動櫃員機中使用載具驗證身分以開戶之系統。A remote account opening system, especially a system that uses a vehicle to verify identity in an ATM to open an account.

銀行是提供支付、存款、儲蓄、貸款、電匯等業務的金融機構。要使用銀行所提供的業務,通常需要先在銀行開戶。Banks are financial institutions that provide services such as payment, deposits, savings, loans, and wire transfers. To use the services provided by the bank, you usually need to open an account with the bank first.

目前要在銀行開戶通常需要臨櫃進行,服務人員檢視開戶者所提供的開戶資料,並在需要時詢問開戶者一個或多個與開戶者相關的問題,藉以判斷是否允許開戶者開戶。Currently, opening an account at a bank usually needs to be done in the counter. The service staff examines the account opening information provided by the account opener, and asks the account opener one or more questions related to the account opener when necessary to determine whether the account opener is allowed to open the account.

然而,銀行的服務時間往往與大多數人工作的時間重疊,因此,開戶者需要請假才能夠到銀行開戶,造成開戶者的不便。However, the service hours of banks often overlap with the working hours of most people. Therefore, account holders need to take time off to open an account at the bank, causing inconvenience to the account holder.

綜上所述,可知先前技術中長期以來一直存在需要臨櫃才能開戶導致開戶不便的問題,因此有必要提出改進的技術手段,來解決此一問題。In summary, it can be seen that the prior art has long had the problem of inconvenience in opening an account in order to open an account, so it is necessary to propose improved technical means to solve this problem.

有鑒於先前技術存在需要臨櫃才能開戶導致開戶不便的問題,本創作遂揭露一種在自動櫃員機中使用載具驗證身分以開戶之系統,其中:In view of the prior art's problem that it is inconvenient to open an account to open an account, this creation discloses a system for using a vehicle to verify identity in an ATM to open an account, in which:

本創作所揭露之在自動櫃員機中使用載具驗證身分以開戶之系統,至少包含:憑證驗證伺服器;硬體載具,用以儲存私鑰及數位憑證;自動櫃員機,提供硬體載具連接,用以輸入開戶資料,及用以驅動硬體載具並提供開戶資料給硬體載具,使硬體載具使用私鑰對開戶資料簽章以產生簽章資料,並將簽章資料傳回自動櫃員機,其中,簽章資料包含數位憑證;開戶伺服器,用以接收自動櫃員機所傳送之開戶資料及簽章資料,並傳送開戶資料及簽章資料至憑證驗證伺服器以透過憑證驗證伺服器驗證簽章資料,及用以於簽章資料通過憑證驗證伺服器之驗證後,使用開戶資料完成開戶程序。The system disclosed in this creation that uses a vehicle to verify identity in an ATM to open an account includes at least: a certificate verification server; a hardware vehicle to store private keys and digital certificates; an ATM to provide a hardware vehicle connection , Used to input account opening data, and used to drive the hardware vehicle and provide account opening data to the hardware vehicle, so that the hardware vehicle uses the private key to sign the account opening data to generate signature data, and transfer the signature data Back to the ATM, where the signature data contains digital certificates; the account opening server is used to receive the account opening data and signature data sent by the ATM, and send the account opening data and signature data to the certificate verification server to verify the server through the certificate Device to verify the signature data, and to use the account opening data to complete the account opening process after the signature data is verified by the certificate verification server.

本創作所揭露之系統如上,與先前技術之間的差異在於本創作透過在自動櫃員機中安裝硬體載具之驅動程式,使自動櫃員機可以透過硬體載具對開戶資料簽章,並將開戶資料與簽章資料傳送給開戶伺服器,開戶伺服器可以透過憑證驗證伺服器驗證簽章資料後,使用開戶資料完成開戶程序,藉以解決先前技術所存在的問題,並可以達成讓開戶者選擇合適的時間與地點完成開戶的技術功效。The system disclosed in this creation is the same as above, and the difference between it and the previous technology is that this creation allows the ATM to sign the account opening data through the hardware vehicle and install the account by installing the hardware carrier driver in the ATM The data and signature data are sent to the account opening server. After the account opening server can verify the signature data through the certificate verification server, the account opening data can be used to complete the account opening process, so as to solve the problems in the previous technology and allow the account opener to choose the right Time and place to complete the technical effect of opening an account.

以下將配合圖式及實施例來詳細說明本創作之特徵與實施方式,內容足以使任何熟習相關技藝者能夠輕易地充分理解本創作解決技術問題所應用的技術手段並據以實施,藉此實現本創作可達成的功效。The following will describe the features and implementation of this creation in detail with reference to the drawings and examples. The content is sufficient for any person skilled in the relevant arts to easily fully understand and implement the technical means applied to solve the technical problems of this creation to implement accordingly, thereby realizing The effect that this creation can achieve.

本創作可以讓使用者使用具有數位憑證(digital certificate)的硬體載具透過自動櫃員機完成如銀行等金融機構的開戶程序。其中,本創作所提之硬體載具為可以管理數位憑證並可以加密資料或對資料簽章的硬體裝置,例如晶片卡(IC卡)或特殊的隨身碟等,但本創作並不以此為限;本創作所提之自動櫃員機包含但不限於自動提款機(Automated Teller Machine, ATM)或自動存款機(Cash Deposit Machine, CDM)等。This creation allows users to complete the account opening procedures of financial institutions such as banks through ATMs using hardware vehicles with digital certificates. Among them, the hardware carrier mentioned in this creation is a hardware device that can manage digital certificates and can encrypt data or sign data, such as chip cards (IC cards) or special pen drives, etc., but this creation does not use This is limited; the ATMs mentioned in this creation include but are not limited to Automated Teller Machine (ATM) or Cash Deposit Machine (CDM), etc.

以下先以「第1圖」本創作所提之在自動櫃員機中使用載具驗證身分以開戶之系統架構圖來說明本創作的系統。如「第1圖」所示,本創作之系統含有硬體載具110、自動櫃員機120、開戶伺服器130、憑證驗證伺服器150,以及可以附加的身分確認伺服器170、客戶端190。其中,自動櫃員機120、開戶伺服器130、憑證驗證伺服器150,、身分確認伺服器170、與客戶端190都是計算裝置。The following first describes the system of the system of creation with the system architecture diagram of using the vehicle verification identity to open an account in the ATM, which is mentioned in the creation of "Picture 1". As shown in "Figure 1", the system of this creation includes a hardware carrier 110, an ATM 120, an account opening server 130, a certificate verification server 150, and an identity verification server 170 and a client 190 that can be attached. Among them, the ATM 120, the account opening server 130, the certificate verification server 150, the identity verification server 170, and the client 190 are all computing devices.

本創作所提之計算設備包含但不限於一個或多個處理器、一個或多個記憶體模組、以及連接不同元件(包括記憶體模組和處理器)的匯流排等元件。透過所包含之多個元件,計算設備可以載入並執行作業系統,使作業系統在計算設備上運行,也可以執行軟體或程式。另外,計算設備也包含一個外殼,上述之各個元件設置於外殼內。The computing devices mentioned in this creation include but are not limited to one or more processors, one or more memory modules, and buses that connect different components (including memory modules and processors). Through the included multiple components, the computing device can load and execute the operating system, so that the operating system runs on the computing device, and can also execute software or programs. In addition, the computing device also includes a housing, and the above-mentioned components are disposed in the housing.

本創作所提之計算設備的匯流排可以包含一種或多個類型,例如包含資料匯流排(data bus)、位址匯流排(address bus)、控制匯流排(control bus)、擴充功能匯流排(expansion bus)、及/或局域匯流排(local bus)等類型的匯流排。計算設備的匯流排包括但不限於並列的工業標準架構(ISA)匯流排、周邊元件互連(PCI)匯流排、視頻電子標準協會(VESA)局域匯流排、以及串列的通用序列匯流排(USB)、快速周邊元件互連(PCI-E)匯流排等。The bus of the computing device mentioned in this creation may include one or more types, for example, including a data bus, an address bus, a control bus, and an extended function bus ( Expansion bus), and/or local bus (local bus) and other types of bus. Computing equipment buses include but are not limited to parallel industrial standard architecture (ISA) buses, peripheral component interconnect (PCI) buses, video electronics standards association (VESA) local buses, and serial universal serial buses (USB), fast peripheral component interconnect (PCI-E) bus, etc.

本創作所提之計算設備的處理器與匯流排耦接。處理器包含暫存器(Register)組或暫存器空間,暫存器組或暫存器空間可以完全的被設置在處理晶片上,或全部或部分被設置在處理晶片外並經由專用電氣連接及/或經由匯流排耦接至處理器。處理器可為處理單元、微處理器或任何合適的處理元件。若計算設備為多處理器設備,也就是計算設備包含多個處理器,則計算設備所包含的處理器都相同或類似,且透過匯流排耦接與通訊。處理器可以解釋一連串的多個指令以進行特定的運算或操作,例如,數學運算、邏輯運算、資料比對、複製/移動資料等,藉以運行作業系統或執行各種程式、模組、及/或元件。The processor of the computing device mentioned in this creation is coupled to the bus. The processor includes a register group or register space. The register group or register space can be completely set on the processing wafer, or all or part of it can be set outside the processing wafer and connected via a dedicated electrical connection. And/or coupled to the processor via a bus. The processor may be a processing unit, a microprocessor, or any suitable processing element. If the computing device is a multi-processor device, that is, the computing device includes multiple processors, the processors included in the computing device are all the same or similar, and are coupled and communicated through the bus. The processor can interpret a series of multiple instructions to perform specific operations or operations, such as mathematical operations, logical operations, data comparison, copy/move data, etc., to run the operating system or execute various programs, modules, and/or element.

計算設備的處理器可以與晶片組耦接或透過匯流排與晶片組電性連接。晶片組是由一個或多個積體電路(IC)組成,包含記憶體控制器以及周邊輸出入(I/O)控制器,也就是說,記憶體控制器以及周邊輸出入控制器可以包含在一個積體電路內,也可以使用兩個或更多的積體電路實現。晶片組通常提供了輸出入和記憶體管理功能、以及提供多個通用及/或專用暫存器、計時器等,其中,上述之通用及/或專用暫存器與計時器可以讓耦接或電性連接至晶片組的一個或多個處理器存取或使用。The processor of the computing device may be coupled to the chipset or electrically connected to the chipset through the bus. The chipset is composed of one or more integrated circuits (ICs), including a memory controller and peripheral I/O controller, that is, the memory controller and peripheral I/O controller can be included in Within an integrated circuit, two or more integrated circuits can also be used. The chipset usually provides I/O and memory management functions, and provides multiple general-purpose and/or dedicated registers, timers, etc. Among them, the above-mentioned general-purpose and/or dedicated registers and timers can be coupled or One or more processors electrically connected to the chipset are accessed or used.

計算設備的處理器也可以透過記憶體控制器存取安裝於計算設備上的記憶體模組和大容量儲存區中的資料。上述之記憶體模組包含任何類型的揮發性記憶體(volatile memory)及/或非揮發性(non-volatile memory, NVRAM)記憶體,例如靜態隨機存取記憶體(SRAM)、動態隨機存取記憶體(DRAM)、快閃記憶體(Flash)、唯讀記憶體(ROM)等。上述之大容量儲存區可以包含任何類型的儲存裝置或儲存媒體,例如,硬碟機、光碟片、隨身碟(快閃記憶體)、記憶卡(memory card)、固態硬碟(Solid State Disk, SSD)、或任何其他儲存裝置等。也就是說,記憶體控制器可以存取靜態隨機存取記憶體、動態隨機存取記憶體、快閃記憶體、硬碟機、固態硬碟中的資料。The processor of the computing device can also access the data in the memory module and the mass storage area installed on the computing device through the memory controller. The above memory module includes any type of volatile memory (volatile memory) and/or non-volatile (non-volatile memory, NVRAM) memory, such as static random access memory (SRAM), dynamic random access Memory (DRAM), flash memory (Flash), read-only memory (ROM), etc. The above-mentioned large-capacity storage area may include any type of storage device or storage medium, for example, a hard disk drive, an optical disc, a flash drive (flash memory), a memory card (memory card), a solid state drive (Solid State Disk, SSD), or any other storage device, etc. In other words, the memory controller can access data in static random access memory, dynamic random access memory, flash memory, hard drives, and solid state drives.

計算設備的處理器也可以透過周邊輸出入控制器經由周邊輸出入匯流排與周邊輸出裝置、周邊輸入裝置、通訊介面、以及GPS接收器等周邊裝置或介面連接並通訊。周邊輸入裝置可以是任何類型的輸入裝置,例如鍵盤、滑鼠、軌跡球、觸控板、搖桿等,周邊輸出裝置可以是任何類型的輸出裝置,例如顯示器、印表機等,周邊輸入裝置與周邊輸出裝置也可以是同一裝置,例如觸控螢幕等。通訊介面可以包含無線通訊介面及/或有線通訊介面,無線通訊介面可以包含支援Wi-Fi、Zigbee等無線區域網路、藍牙、紅外線、近場通訊(NFC)、3G/4G/5G等行動通訊網路或其他無線資料傳輸協定的介面,有線通訊介面可為乙太網路裝置、非同步傳輸模式(ATM)裝置、DSL數據機、纜線(Cable)數據機等。處理器可以週期性地輪詢(polling)各種周邊裝置與介面,使得計算設備能夠透過各種周邊裝置與介面進行資料的輸入與輸出,也能夠與具有上面描述之元件的另一個計算設備進行通訊。The processor of the computing device can also connect and communicate with peripheral devices or interfaces such as peripheral output devices, peripheral input devices, communication interfaces, and GPS receivers through the peripheral input and output busses through the peripheral input and output controllers. The peripheral input device can be any type of input device, such as a keyboard, mouse, trackball, trackpad, joystick, etc. The peripheral output device can be any type of output device, such as a display, printer, etc., peripheral input device It can also be the same device as the peripheral output device, such as a touch screen. The communication interface may include a wireless communication interface and/or a wired communication interface. The wireless communication interface may include a wireless communication network supporting Wi-Fi, Zigbee, etc., Bluetooth, infrared, near field communication (NFC), 3G/4G/5G and other mobile communication networks The interface of wireless communication or other wireless data transmission protocol, wired communication interface can be Ethernet device, asynchronous transmission mode (ATM) device, DSL modem, cable modem, etc. The processor can periodically poll various peripheral devices and interfaces, so that the computing device can input and output data through the various peripheral devices and interfaces, and can also communicate with another computing device having the components described above.

硬體載具110負責儲存私鑰(private key)及數位憑證,其中,私鑰通常為開戶者所擁有,數位憑證包含相對應的憑證序號及與硬體載具110所儲存之私鑰對應的公鑰(public key)。更詳細的說,硬體載具110可以是能夠執行如晶片作業系統(Chip Operating System, COS)等具有管理數位憑證之功能的硬體裝置。The hardware carrier 110 is responsible for storing the private key and the digital certificate. The private key is usually owned by the account opener. The digital certificate includes the corresponding certificate serial number and the private key corresponding to the private key stored in the hardware carrier 110. Public key. In more detail, the hardware carrier 110 may be a hardware device capable of performing functions such as a chip operating system (COS) and having a function of managing digital certificates.

硬體載具110也可以使用所儲存的私鑰加密目標資料或對目標資料簽章。硬體載具110在對目標資料簽章後,可以產生簽章資料。在本創作中,硬體載具110所產生的簽章資料可以包含目標資料及硬體載具110對目標資料簽章所產生的簽章值,簽章資料也可以包含硬體載具110所儲存的數位憑證。The hardware vehicle 110 may also use the stored private key to encrypt the target data or sign the target data. After the hardware vehicle 110 signs the target data, the signature data can be generated. In this creation, the signature data generated by the hardware carrier 110 may include target data and the signature value generated by the hardware carrier 110 to the target data signature, and the signature data may also include the hardware carrier 110 Stored digital certificate.

自動櫃員機120可以提供硬體載具110連接,並可以驅動硬體載具110,藉以在硬體載具110被驅動後傳送資料到硬體載具110,及接收硬體載具110所傳送的資料。一般而言,自動櫃員機120可以設有連接介面(圖中未示),使得硬體載具110可以透過連接介面與自動櫃員機120連接。其中,連接介面包含但不限於晶片卡插槽或USB插槽等。The ATM 120 can provide a hardware carrier 110 connection, and can drive the hardware carrier 110, so as to transmit data to the hardware carrier 110 after the hardware carrier 110 is driven, and receive the hardware carrier 110 transmitted data. Generally speaking, the ATM 120 may be provided with a connection interface (not shown), so that the hardware carrier 110 can be connected to the ATM 120 through the connection interface. The connection interface includes but is not limited to a chip card slot or a USB slot.

需要說明的是,自動櫃員機120在驅動硬體載具110時,可以先載入與硬體載具110連接之連接介面的驅動程式。自動櫃員機120在載入連接介面之驅動程式時,通常是以預先設定於自動櫃員機120的檔案存取順序至各個存取位置中尋找連接介面的驅動程式,也就是依序至檔案存取順序所定義的存取位置中搜尋連接介面的驅動程式,在自動櫃員機120找到連接介面的驅動程式後,便不會再至其他存取位置中搜尋驅動程式。由於習知之ATM/CDM等自動櫃員機120中通常安裝或儲存有連接介面的預設驅動程式,但預設驅動程式通常僅能夠讓習知之自動櫃員機120驅動金融卡,但無法驅動本創作所提之硬體載具110,所以,為了讓習知的ATM/CDM等自動櫃員機120可以驅動金融卡之外的硬體載具110,可以將與硬體載具110對應之連接介面的介面驅動程式安裝或儲存在順序優先於連接介面之預設驅動程式所安裝或存放的預設存取位置之前的自設存取位置中,使得自動櫃員機120在載入連接介面的驅動程式時,依據檔案存取順序優先選擇至自設存放位置搜尋連接介面的介面驅動程式,進而載入介面驅動程式,而不是由安裝或存放預設驅動程式的預設存取位置中載入預設驅動程式,藉以在保留預設驅動程式的情況下讓自動櫃員機120可以改為載入與硬體載具110對應之連接介面的介面驅動程式,進而與硬體載具110通訊。其中,本創作所提之存取位置通常為特定的目錄,例如,自訂存取位置為介面驅動程式的安裝目錄、預設存取位置為作業系統的驅動程式存放目錄等。It should be noted that, when the ATM 120 drives the hardware carrier 110, it can first load the driver of the connection interface connected to the hardware carrier 110. When loading the driver of the connection interface, the ATM 120 usually searches for the driver of the connection interface in each access location according to the file access sequence preset in the ATM 120, that is, sequentially from the file access sequence. After searching for the driver of the connection interface in the defined access location, after the ATM 120 finds the driver of the connection interface, it will not search for the driver in other access locations. Since the conventional ATM/CDM and other ATMs 120 usually have a default driver for the connection interface installed or stored, the default driver usually only allows the conventional ATM 120 to drive the financial card, but it cannot drive the The hardware carrier 110, so in order to allow the conventional ATM 120 such as ATM/CDM to drive the hardware carrier 110 other than the financial card, the interface driver corresponding to the hardware carrier 110 connection interface can be installed Or stored in a custom access location prior to the default access location where the default driver installed or stored in the connection interface takes precedence, so that when the ATM 120 loads the driver for the connection interface, it accesses according to the file Prioritize the search for the interface driver of the connected interface to the self-storage location, and then load the interface driver instead of loading the default driver from the default access location where the default driver is installed or stored. In the case of the default driver, the ATM 120 can be loaded with an interface driver corresponding to the connection interface of the hardware carrier 110, and then communicate with the hardware carrier 110. Among them, the access location mentioned in this creation is usually a specific directory, for example, the custom access location is the installation directory of the interface driver, and the default access location is the operating system driver storage directory.

自動櫃員機120也負責輸入開戶資料。自動櫃員機120可以在一般螢幕或觸控螢幕等顯示器上顯示輸入介面,並提供觸控螢幕或鍵盤等輸入裝置給開戶者輸入開戶資料。自動櫃員機120輸入之開戶資料包含但不限於開戶者的姓名、識別資料、性別、生日、住址、手機號碼、電子郵件帳號等,其中,開戶者的識別資料通常為身分證號、護照號碼或簽證號碼,但本創作並不以此為限。The ATM 120 is also responsible for inputting account opening information. The ATM 120 can display an input interface on a display such as a general screen or a touch screen, and provide an input device such as a touch screen or a keyboard for the account opener to input account opening data. The account opening information input by the ATM 120 includes but is not limited to the name, identification information, gender, birthday, address, mobile phone number, e-mail account number, etc. of the account opener, where the identification information of the account opener is usually an identity card number, passport number or visa Number, but this creation is not limited to this.

在部分的實施例中,自動櫃員機120所輸入的開戶資料也可以包含開戶者持有之身分證件的證件影像,在部分的實施例中,開戶資料還可以包含開戶者使用本創作之當下的影像(在本創作中亦以「開戶者影像」表示)。其中,開戶者的身分證件通常是身分證、駕照、健保卡等具有開戶者之面部影像的證件,開戶者影像包含完整的開戶者臉部。In some embodiments, the account opening data input by the ATM 120 may also include the identity image of the identity document held by the account opener. In some embodiments, the account opening data may also include the current image of the account opened by the account opener. (In this creation, it is also represented by "video of account opener"). Among them, the identity card of the account opener is usually an ID card, a driver's license, a health insurance card, etc., which has a facial image of the account opener, and the image of the account opener contains the complete face of the account opener.

自動櫃員機120可以使用相同或不同的影像擷取模組(圖中未示)擷取證件影像及開戶者影像,本創作沒有特別的限制。其中,影像擷取模組包含但不限於相機、攝影機等。The ATM 120 can use the same or different image capture modules (not shown in the figure) to capture the ID image and the account opener image. There is no particular limitation on this creation. Among them, the image capture module includes but is not limited to cameras, cameras, etc.

自動櫃員機120負責提供開戶資料給硬體載具110,使硬體載具110使用所儲存的私鑰對開戶資料簽章;自動櫃員機120也負責接收硬體載具110所傳回的簽章資料。更詳細的,自動櫃員機120可以呼叫連接硬體載具110之連接介面的驅動程式,並透過所呼叫之驅動程式產生與硬體載具110相容的指令,藉以使用所產生的指令與硬體載具110通訊,進而傳送資料給硬體載具110、執行指令及由硬體載具110接收資料。The ATM 120 is responsible for providing account opening data to the hardware carrier 110, so that the hardware carrier 110 uses the stored private key to sign the account opening data; the ATM 120 is also responsible for receiving the signature data returned by the hardware carrier 110 . In more detail, the ATM 120 can call the driver of the connection interface connecting the hardware carrier 110, and generate commands compatible with the hardware carrier 110 through the called driver, so as to use the generated commands and hardware The vehicle 110 communicates, and then transmits data to the hardware vehicle 110, executes instructions, and receives data from the hardware vehicle 110.

自動櫃員機120也可以透過有線或無線網路與開戶伺服器130或客戶端190連接,並可以接收開戶伺服器130/客戶端190所傳送的資料或訊號,也可以傳送資料或訊號至開戶伺服器130/客戶端190。例如,自動櫃員機120可以將所輸入之開戶資料及硬體載具110所提供的簽章資料傳送給開戶伺服器130。The ATM 120 can also be connected to the account opening server 130 or the client 190 through a wired or wireless network, and can receive data or signals transmitted by the account opening server 130/client 190, and can also transmit data or signals to the account opening server 130/Client 190. For example, the ATM 120 may transmit the entered account opening data and the signature data provided by the hardware carrier 110 to the account opening server 130.

在部分的實施例中,自動櫃員機120也可以在所輸入的開戶資料包含證件影像及開戶者影像時,先判斷證件影像上之面部影像的臉部是否與開戶者影像所包含的開戶者臉部相符,並在兩者相符時將開戶資料及硬體載具110所提供的簽章資料傳送給開戶伺服器130,而當自動櫃員機120判斷證件影像上之面部影像的臉部與開戶者影像中之開戶者臉部不符時,可以在顯示器上顯示對應的提示訊息,並可以結束開戶程序。其中,自動櫃員機120可以在本地端(自動櫃員機120自身)或透過遠端伺服器(圖中未示)使用人臉辨識技術判斷證件影像上之面部影像的臉部特徵與開戶者影像中之開戶者臉部的特徵是否相符,藉以判斷證件影像上之面部影像是否與開戶者影像是否相符,但本創作並不以此為限。In some embodiments, the ATM 120 may also determine whether the face of the facial image on the document image is the same as the account opener's face included in the account opener image when the account opening data entered includes the certificate image and the account opener image Match, and when the two match, send the account opening data and the signature data provided by the hardware carrier 110 to the account opening server 130, and when the ATM 120 judges the face of the facial image on the ID image and the account opener image If the face of the account opener does not match, the corresponding prompt message can be displayed on the display, and the account opening process can be ended. Among them, the ATM 120 can use face recognition technology to determine the facial features of the facial image on the ID image and the account opening in the account opener's image at the local end (the ATM 120 itself) or through a remote server (not shown). Whether the characteristics of the face of the user match, so as to determine whether the facial image on the ID image matches the image of the account opener, but this creation is not limited to this.

自動櫃員機120也可以接收並播放客戶端190所傳送的聲音及/或影像,也可以接收開戶者所發出的聲音及/或擷取開戶者的即時影像,藉以提供開戶者與客戶端190即時通訊。The ATM 120 can also receive and play the sound and/or image transmitted by the client 190, and can also receive the sound from the account opener and/or capture the real-time image of the account opener, thereby providing the account opener with the client 190 for instant communication .

開戶伺服器130可以透過有線或無線網路與自動櫃員機120及憑證驗證伺服器150連接,並可以接收自動櫃員機120/憑證驗證伺服器150所傳送的資料或訊號,也可以傳送資料或訊號給自動櫃員機120/憑證驗證伺服器150。例如,開戶伺服器130可以接收自動櫃員機120所傳送的開戶資料及簽章資料,並可以將所接收到的開戶資料以及簽章資料傳送給憑證驗證伺服器150,也可以接收憑證驗證伺服器150所傳送的驗證結果。The account opening server 130 can be connected to the ATM 120 and the certificate verification server 150 through a wired or wireless network, and can receive data or signals transmitted by the ATM 120/certificate verification server 150, and can also transmit data or signals to the automatic ATM 120/certificate verification server 150. For example, the account opening server 130 can receive the account opening data and signature data transmitted by the ATM 120, and can transmit the received account opening data and signature data to the certificate verification server 150, and can also receive the certificate verification server 150 The verification result transmitted.

開戶伺服器130負責在自動櫃員機120所傳送的簽章資料通過憑證驗證伺服器150的驗證時,使用接收自自動櫃員機120的開戶資料完成開戶程序。一般而言,開戶伺服器130是依據憑證驗證伺服器150所產生的驗證結果判斷簽章資料是否通過憑證驗證伺服器150的驗證。The account opening server 130 is responsible for completing the account opening procedure using the account opening data received from the ATM 120 when the signature data transmitted by the ATM 120 passes the verification by the certificate verification server 150. Generally speaking, the account opening server 130 determines whether the signature data passes the verification of the certificate verification server 150 according to the verification result generated by the certificate verification server 150.

憑證驗證伺服器150可以透過有線或無線網路與開戶伺服器130及身分確認伺服器170連接,並可以接收開戶伺服器130/身分確認伺服器170所傳送的資料或訊號,也可以傳送資料或訊號給開戶伺服器130/身分確認伺服器170。The certificate verification server 150 can be connected to the account opening server 130 and the identity verification server 170 through a wired or wireless network, and can receive the data or signals transmitted by the account opening server 130/identity verification server 170, and can also transmit data or The signal is given to the account opening server 130/identity verification server 170.

憑證驗證伺服器150負責接收開戶伺服器130所傳送的開戶資料及簽章資料,也負責產生所接收之簽章資料的驗證結果,並負責將所產生的驗證結果傳回給開戶伺服器130。一般而言,憑證驗證伺服器150可以如習知驗證簽章的方式,由簽章資料所包含的數位憑證中取得開戶者的公鑰,並使用開戶者的公鑰與開戶資料驗證簽章資料以產生對應的驗證結果。The certificate verification server 150 is responsible for receiving the account opening data and signature data transmitted by the account opening server 130, and is also responsible for generating the verification result of the received signature data, and is responsible for returning the generated verification result to the account opening server 130. Generally speaking, the certificate verification server 150 can obtain the public key of the account opener from the digital certificate included in the signature data as is conventionally used to verify the signature, and use the public key of the account opener and the account opening data to verify the signature data To produce the corresponding verification result.

在部分的實施例中,憑證驗證伺服器150還可以由所接收到之開戶資料中讀出開戶者識別資料,及由所接收到之簽章資料包含的數位憑證中讀出憑證序號,並可以產生包含所讀出之開戶者識別資料及憑證序號的憑證確認資料,也可以將所產生的憑證確認資料傳送給身分確認伺服器170。In some embodiments, the certificate verification server 150 can also read the account opener identification data from the received account opening data, and read the certificate serial number from the digital certificate included in the received signature data, and can Generate the certificate confirmation data containing the read account opener identification data and certificate serial number, or you can send the generated certificate confirmation data to the identity verification server 170.

憑證驗證伺服器150也可以接收身分確認伺服器170所傳送的身分確認結果,並可以在所接收到之簽章資料通過憑證驗證伺服器150自身的驗證且所接收到之身分確認結果表示所產生之憑證確認資料通過身分確認伺服器170的驗證時,才產生表示簽章資料通過驗證的驗證結果,反之,若簽章資料沒有通過憑證驗證伺服器150的驗證,或身分確認結果表示憑證確認資料沒有通過身分確認伺服器170的驗證時,憑證驗證伺服器150可以產生表示簽章資料沒有通過驗證的驗證結果。The certificate verification server 150 can also receive the identity verification result sent by the identity verification server 170, and can pass the verification of the certificate verification server 150 itself on the received signature data and the received identity verification result indicates that it is generated When the certificate confirmation data passes the verification of the identity verification server 170, the verification result indicating that the signature data passes the verification is generated, otherwise, if the signature data does not pass the verification of the certificate verification server 150, or the identity verification result indicates the certificate confirmation data When the verification by the identity verification server 170 is not passed, the certificate verification server 150 may generate a verification result indicating that the signature data has not passed the verification.

身分確認伺服器170可以透過有線或無線網路與憑證驗證伺服器150連接,並可以接收憑證驗證伺服器150所傳送的資料或訊號,也可以傳送資料或訊號給憑證驗證伺服器150。The identity verification server 170 may be connected to the certificate verification server 150 through a wired or wireless network, and may receive data or signals sent by the certificate verification server 150, or may send data or signals to the certificate verification server 150.

身分確認伺服器170可以接收憑證驗證伺服器150所傳送的憑證確認資料,並可以依據憑證確認資料中之憑證序號讀出相對應之數位憑證的相關資料。身分確認伺服器170所讀出之數位憑證的相關資料包含憑證擁有者的擁有者識別資料。The identity verification server 170 can receive the certificate confirmation data sent by the certificate verification server 150, and can read out the relevant data of the corresponding digital certificate according to the certificate serial number in the certificate confirmation data. The data related to the digital certificate read by the identity verification server 170 includes owner identification data of the certificate owner.

身分確認伺服器170也可以判斷所讀出之數位憑證的相關資料所包含之憑證擁有者的擁有者識別資料是否與憑證確認資料中的開戶者識別資料相同,並產生相對應的身分確認結果,及將所產生的身分確認結果傳回憑證驗證伺服器150。若擁有者識別資料與開戶者識別資料相同,則身分確認伺服器170可以確認憑證確認資料與憑證驗證伺服器150所接收到之簽章資料中的數位憑證的擁有者相符,反之,若擁有者識別資料與開戶者識別資料不同,身分確認伺服器170可以判斷憑證確認資料與數位憑證之擁有者不符。The identity verification server 170 can also determine whether the owner identification data of the certificate owner included in the read data of the digital certificate is the same as the account opener identification data in the certificate verification data, and generates a corresponding identity verification result, And return the generated identity confirmation result to the certificate verification server 150. If the owner identification data is the same as the account opener identification data, the identity verification server 170 can confirm that the certificate verification data matches the owner of the digital certificate in the signature data received by the certificate verification server 150, otherwise, if the owner The identification data is different from the account opener identification data, and the identity verification server 170 can determine that the certificate verification data does not match the owner of the digital certificate.

客戶端190可以透過有線或無線網路與自動櫃員機120連接,並可以接收自動櫃員機120所傳送的資料或訊號,也可以傳送資料或訊號給自動櫃員機120。The client 190 can be connected to the ATM 120 through a wired or wireless network, and can receive data or signals transmitted by the ATM 120, and can also transmit data or signals to the ATM 120.

客戶端190可以接收自動櫃員機120所輸入之開戶資料中的證件影像及開戶者影像,並可以將證件影像及開戶者影像顯示給服務人員,使得服務人員可以確認客戶端190所顯示之證件影像與開戶者影像,並判斷證件影像與開戶者影像是否相符。The client 190 can receive the certificate image and the account opener image in the account opening data input by the ATM 120, and can display the certificate image and the account opener image to the service personnel, so that the service personnel can confirm the certificate image and the image displayed by the client 190 Account opener image, and judge whether the certificate image and the account opener image are consistent.

客戶端190也可以透過即時傳遞之文字、聲音及/或影像的通訊方式提供使用客戶端190的服務人員與開戶者對談,使得服務人員可以向開戶者確認開戶資料的內容,藉以確認開戶者的開戶資料是否正確,服務人員也可以詢問開戶者開戶相關問題,藉以了解開戶者的開戶動機與目的。The client 190 can also provide service personnel using the client 190 to communicate with the account opener through real-time communication of text, sound and/or images, so that the service person can confirm the content of the account opening data with the account opener to confirm the account opener If the account opening information is correct, the service staff can also ask the account opener questions about account opening to understand the account opening motivation and purpose of the account opener.

接著以一個實施例來解說本創作的系統運作,並請參照「第2A圖」本創作所提之在自動櫃員機中使用載具驗證身分以開戶之流程圖。Next, an embodiment is used to explain the operation of the system of this creation, and please refer to the flow chart of using the vehicle to verify the identity in the ATM mentioned in this creation in "Figure 2A" to open an account.

首先,自動櫃員機120可以輸入開戶資料(步驟210)。在本實施例中,假設自動櫃員機120為設有觸控螢幕、照相機及IC卡讀卡機的ATM或CDM,開戶者在觸控螢幕上點選開戶的選項後,可以依照觸控螢幕所顯示的指示,在自動櫃員機120中輸入姓名、身分證號、性別、地址、手機號碼、電子郵件帳號,並將身分證及健保卡放置在自動櫃員機120上的指定位置以提供照相機拍照,使得自動櫃員機120可以輸入包含開戶者所輸入之資料及身分證與健保卡正反面之影像資料的開戶資料。First, the ATM 120 can enter account opening information (step 210). In this embodiment, it is assumed that the ATM 120 is an ATM or CDM equipped with a touch screen, a camera, and an IC card reader. After the account opener clicks the account opening option on the touch screen, it can be displayed according to the touch screen Instructions, enter the name, identity card number, gender, address, mobile phone number, e-mail account in the ATM 120, and place the identity card and health insurance card at a designated location on the ATM 120 to provide a camera to take pictures, making the ATM 120 can enter account opening information including the data entered by the account opener and the image data on the front and back of the identity card and health insurance card.

在自動櫃員機120輸入開戶資料(步驟210)後,自動櫃員機120可以提示使用者插入硬體載具110,藉以連接硬體載具110與自動櫃員機120(步驟230)。在本實施例中,假設開戶者使用自然人憑證IC卡作為硬體載具110,並將自然人憑證IC卡插入自動櫃員機120的IC卡讀卡機中。After the ATM 120 enters the account opening data (step 210), the ATM 120 may prompt the user to insert the hardware carrier 110, thereby connecting the hardware carrier 110 and the ATM 120 (step 230). In this embodiment, it is assumed that the account opener uses a natural person certificate IC card as the hardware carrier 110, and inserts the natural person certificate IC card into the IC card reader of the ATM 120.

在硬體載具110與自動櫃員機120連接(步驟230)後,自動櫃員機120可以驅動硬體載具110,並可以將所輸入的開戶資料提供給硬體載具110(步驟241),硬體載具110在接收到自動櫃員機120所提供的開戶資料後,可以使用所儲存的私鑰對所接收到的開戶資料簽章,並產生包含所儲存之數位憑證的簽章資料(步驟245),以及將所產生的簽章資料傳回自動櫃員機120(步驟249)。在本實施例中,假設自動櫃員機120所安裝之IC卡讀卡機的預設驅動程式只能產生與一般IC金融卡通訊的指令,也就是自動櫃員機120無法透過IC卡讀卡機的預設驅動程式與自然人憑證IC卡通訊,因此,自動櫃員機120的提供者可以預先在自動櫃員機120中安裝可以讓IC卡讀卡機與一般IC金融卡及自然人憑證IC卡都能通訊之與自然人憑證IC卡對應的介面驅動程式,使得自動櫃員機120在自然人憑證IC卡被插入IC卡讀卡機後,載入IC卡讀卡機的驅動程式時,可以依照預先設定的檔案存取順序,優先由自設存放位置(也就是安裝介面驅動程式的目錄)載入介面驅動程式,而不是由存放預設驅動程式的目錄中載入預設驅動程式,如此,自動櫃員機120便可以執行與自然人憑證IC卡對應介面驅動程式,藉以產生讓自然人憑證IC卡接收開戶資料,並對開戶資料簽章,以及將簽章所產生之簽章資料傳回的指令。After the hardware carrier 110 is connected to the ATM 120 (step 230), the ATM 120 can drive the hardware carrier 110, and can provide the account opening data input to the hardware carrier 110 (step 241), the hardware After receiving the account opening data provided by the ATM 120, the vehicle 110 can use the stored private key to sign the received account opening data, and generate signature data containing the stored digital certificate (step 245), And send the generated signature data back to the ATM 120 (step 249). In this embodiment, it is assumed that the default driver of the IC card reader installed in the ATM 120 can only generate commands to communicate with general IC financial cards, that is, the ATM 120 cannot pass the IC card reader's default The driver communicates with the natural person certificate IC card. Therefore, the provider of the ATM 120 can install the ATM 120 in advance to allow the IC card reader to communicate with the general IC financial card and the natural person certificate IC card. The interface driver corresponding to the card allows the ATM 120 to load the driver of the IC card reader after the natural person certificate IC card is inserted into the IC card reader Set the storage location (that is, the directory where the interface driver is installed) to load the interface driver instead of loading the default driver from the directory where the default driver is stored, so that the ATM 120 can execute the IC card with the natural person certificate Corresponding to the interface driver, it generates instructions for the natural person certificate IC card to receive account opening data, sign the account opening data, and return the signing data generated by the signing.

在自動櫃員機120接收到硬體載具110所傳回的簽章資料後,自動櫃員機120可以將所輸入的開戶資料以及所接收到的簽章資料傳送到開戶伺服器130(步驟250)。開戶伺服器130在接收到自動櫃員機120所傳送的開戶資料以及簽章資料後,可以將所接收到的開戶資料以及簽章資料傳送給憑證驗證伺服器150驗證(步驟260)。在本實施例中,假設憑證驗證伺服器150可以先使用所接收到之簽章資料中的數位憑證所包含之公鑰對所接收到的開戶資料進行演算,藉以產生驗證值,並可以比對所產生之驗證值與簽章資料中的簽章值,若兩者不同,則憑證驗證伺服器150可以產生表示驗證失敗的驗證結果。After the ATM 120 receives the signature data returned by the hardware vehicle 110, the ATM 120 may transmit the entered account opening data and the received signature data to the account opening server 130 (step 250). After receiving the account opening data and signature data transmitted by the ATM 120, the account opening server 130 may send the received account opening data and signature data to the certificate verification server 150 for verification (step 260). In this embodiment, it is assumed that the certificate verification server 150 can first use the public key contained in the digital certificate in the received signature data to perform calculation on the received account opening data to generate a verification value and can compare If the generated verification value is different from the signature value in the signature data, the certificate verification server 150 may generate a verification result indicating that the verification has failed.

而若憑證驗證伺服器150所產生之驗證值與簽章資料中的簽章值相同,則憑證驗證伺服器150除了可以產生表示驗證通過的驗證結果外,也可以如「第2B圖」之流程所示,產生憑證確認資料,並將所產生的憑證確認資料傳送給身分確認伺服器170(步驟273)。在本實施例中,假設身分確認伺服器170為執行身分確認服務(Identity Confirmation Service, ICS)的計算設備,憑證驗證伺服器150可以先讀出開戶資料中的身分證號(開戶者識別資料)及數位憑證中的憑證序號,並對所讀出之身分證號與憑證序號簽章,再將簽章所產生的資料作為憑證確認資料,並將憑證確認資料傳送給身分確認伺服器170。If the verification value generated by the certificate verification server 150 is the same as the signature value in the signature data, then the certificate verification server 150 can generate the verification result indicating that the verification is passed, or it can be as shown in the flow of "Figure 2B" As shown, the certificate confirmation data is generated, and the generated certificate confirmation data is sent to the identity confirmation server 170 (step 273). In this embodiment, assuming that the identity confirmation server 170 is a computing device that performs an identity confirmation service (ICS), the certificate verification server 150 can first read out the identity certificate number (account opener identification data) in the account opening data And the serial number of the certificate in the digital certificate, and sign the read identity certificate number and the certificate serial number, and then use the data generated by the signature as the certificate confirmation data, and send the certificate confirmation data to the identity confirmation server 170.

身分確認伺服器170接收到憑證驗證伺服器150所傳送的憑證確認資料後,身分確認伺服器170可以依據所接收到的憑證確認資料確認開戶資料中的身分證號(開戶者識別資料)是否與數位憑證之擁有者相符(步驟275),並產生相對應的驗證結果(步驟277)。例如,身分確認伺服器170可以依據憑證序號讀取數位憑證之擁有者的擁有者訊息,並比對擁有者訊息中之身分證號(擁有者識別資料)與開戶資料中的身分證號是否相同,當兩者相同時,身分確認伺服器170可以產生表示確認成功的驗證結果,反之,若擁有者識別資料與開戶資料中的開戶者識別資料不同,身分確認伺服器170可以產生表示確認失敗的驗證結果。After the identity confirmation server 170 receives the certificate confirmation data sent by the certificate verification server 150, the identity confirmation server 170 can confirm whether the identity certificate number (account opener identification data) in the account opening data is in accordance with the received certificate confirmation data The owner of the digital certificate matches (step 275) and generates the corresponding verification result (step 277). For example, the identity verification server 170 can read the owner information of the owner of the digital certificate according to the certificate serial number, and compare whether the identity certificate number (owner identification data) in the owner message is the same as the identity certificate number in the account opening data , When the two are the same, the identity verification server 170 can generate a verification result indicating that the verification is successful, otherwise, if the owner identification data and the account opening identification data in the account opening data are different, the identity verification server 170 can generate a verification failure Validation results.

在身分確認伺服器170產生驗證結果後,可以將所產生的驗證結果傳回憑證驗證伺服器150。憑證驗證伺服器150在接收到身分確認伺服器170所產生之驗證結果後,可以在判斷所接收到之驗證結果是否表示確認成功。憑證驗證伺服器150可以在驗證結果表示確認成功時,產生表示簽章資料通過驗證的驗證結果,也可以在判斷驗證結果表示確認失敗時,產生表示簽章資料未通過驗證的驗證結果。After the identity verification server 170 generates the verification result, the generated verification result can be returned to the certificate verification server 150. After receiving the verification result generated by the identity verification server 170, the certificate verification server 150 can determine whether the received verification result indicates that the verification is successful. The certificate verification server 150 may generate a verification result indicating that the signature data passes verification when the verification result indicates that the verification is successful, or may generate a verification result indicating that the signature data fails verification when determining that the verification result indicates that the verification fails.

在憑證驗證伺服器150產生驗證結果後,可以將所產生的驗證結果傳回開戶伺服器130。在開戶伺服器130接收到憑證驗證伺服器150所產生的驗證結果後,可以在判斷驗證結果表示簽章資料為未通過驗證時,產生對應的回應訊息,並將所產生的回應訊息傳回自動櫃員機120,使得自動櫃員機120顯示回應訊息以通知開戶者沒有通過驗證,未完成開戶。After the certificate verification server 150 generates the verification result, the generated verification result can be returned to the account opening server 130. After the account opening server 130 receives the verification result generated by the certificate verification server 150, it can generate a corresponding response message when the verification result indicates that the signature data is not verified, and return the generated response message to the automatic The teller machine 120 causes the ATM 120 to display a response message to inform the account opener that the account has not been verified and the account opening has not been completed.

而若開戶伺服器130判斷所接收到的驗證結果表示簽章資料通過驗證時,則開戶伺服器130可以使用所接收到的開戶資料完成開戶程序(步驟280),並可以在完成開戶程序後產生表示開戶完成的回應訊息,以及將所產生的回應訊息傳回自動櫃員機120,使得自動櫃員機120顯示回應訊息以通知開戶者開戶完成。如此,透過本創作,開戶者便可以透過隨處可見的自動櫃員機進行開戶,不再需要配合金融機構的營業時間。If the account opening server 130 judges that the received verification result indicates that the signature data passes the verification, the account opening server 130 may use the received account opening data to complete the account opening procedure (step 280), and may be generated after the account opening procedure is completed A response message indicating that the account opening is completed, and transmitting the generated response message back to the ATM 120, so that the ATM 120 displays the response message to notify the account opener that the account opening is completed. In this way, through this creation, an account opener can open an account through an automated teller machine everywhere, and no longer needs to cooperate with the business hours of financial institutions.

上述實施例中,在自動櫃員機120輸入開戶資料(步驟210)後,連接自動櫃員機120與硬體載具110(步驟230)前,自動櫃員機120也可以判斷所輸入之開戶資料包含之證件影像上的面部影像的特徵是否與開戶資料所包含之開戶者影像中的開戶者臉部的特徵相符,或可以如「第2C圖」所示之流程,將開戶資料包含之證件影像與開戶者影像傳送給客戶端190(步驟221),客戶端190在接收到證件影像與開戶者影像後,可以顯示所接收到的證件影像與開戶者影像,使得客戶端190的服務人員可以透過客戶端190所顯示之證件影像中的面部影像與開戶者影像中包含的開戶者臉部確認證件影像與開戶者影像是否相符(步驟223)。當客戶端190的服務人員依據證件影像中的面部影像與開戶者影像中包含的開戶者臉部的相似度判斷證件影像與開戶者影像相符時,服務人員可以操作客戶端190傳送影像相符的確認訊息至自動櫃員機120,使得自動櫃員機120在接收到影像相符的確認訊息後,可以提示開戶者連接硬體載具110與自動櫃員機120(步驟230)並繼續進行開戶程序;而當客戶端190的服務人員依據證件影像中的面部影像與開戶者影像中包含的開戶者臉部判斷證件影像與開戶者影像不相符時,服務人員可以操作客戶端190傳送影像不相符的確認訊息至自動櫃員機120,自動櫃員機120在接收到影像不相符的確認訊息後,可以產生提示訊息以提示開戶者證件影像與開戶者不符,並可以結束開戶服務。In the above embodiment, after the ATM 120 enters the account opening data (step 210), before connecting the ATM 120 and the hardware carrier 110 (step 230), the ATM 120 can also determine the image of the document contained in the input account opening data Whether the features of the facial image match the features of the account opener's face in the account opener image included in the account opening data, or can the identity image included in the account opening data and the account opener image be transmitted as shown in the "Figure 2C" process To the client 190 (step 221), after receiving the certificate image and the account opener image, the client 190 can display the received certificate image and the account opener image, so that the service personnel of the client 190 can display it through the client 190 The facial image in the ID image and the account opener's face included in the account opener image confirms whether the ID image and the account opener image match (step 223). When the service staff of the client 190 judges that the ID image matches the account opener's image based on the similarity between the facial image in the ID image and the account opener's face included in the account opener image, the service personnel can operate the client 190 to send a confirmation that the image matches Message to the ATM 120, so that the ATM 120 can prompt the account opener to connect the hardware carrier 110 and the ATM 120 (step 230) and continue the account opening procedure after receiving the confirmation message that the image matches, and when the client 190 When the service personnel judges that the ID image does not match the account opener's image based on the facial image in the ID image and the account opener's face contained in the account opener image, the service personnel can operate the client 190 to send a confirmation message that the image does not match to the ATM 120, After receiving the confirmation message that the image does not match, the ATM 120 may generate a prompt message to remind the account opener that the image of the certificate does not match the account opener, and may end the account opening service.

綜上所述,可知本創作與先前技術之間的差異在於具有在自動櫃員機中安裝硬體載具之驅動程式,使自動櫃員機可以透過硬體載具對開戶資料簽章,並將開戶資料與簽章資料傳送給開戶伺服器,開戶伺服器可以透過憑證驗證伺服器驗證簽章資料後,使用開戶資料完成開戶程序之技術手段,藉由此一技術手段可以解決先前技術所存在需要臨櫃才能開戶導致開戶不便的問題,進而達成讓開戶者選擇合適的時間與地點完成開戶之技術功效。In summary, the difference between this creation and the previous technology is that it has a driver for installing a hardware carrier in the ATM, so that the ATM can sign the account opening data through the hardware carrier, and the account opening data and The signature data is sent to the account opening server. The account opening server can verify the signature data through the certificate verification server, and then use the account opening data to complete the account opening process. This technical method can solve the need of the previous technology to be in the cabinet. Opening an account leads to the problem of inconvenience in opening an account, thereby achieving the technical effect of allowing the account opener to choose an appropriate time and place to complete the account opening.

再者,本創作之在自動櫃員機中使用載具驗證身分以開戶之系統,可實現於硬體、軟體或硬體與軟體之組合中,亦可在電腦系統中以集中方式實現或以不同元件散佈於若干互連之電腦系統的分散方式實現。In addition, the system created by using the vehicle verification identity in the ATM to open an account can be implemented in hardware, software, or a combination of hardware and software, and can also be implemented in a centralized manner or with different components in a computer system. Distributed in several interconnected computer systems.

雖然本創作所揭露之實施方式如上,惟所述之內容並非用以直接限定本創作之專利保護範圍。任何本創作所屬技術領域中具有通常知識者,在不脫離本創作所揭露之精神和範圍的前提下,對本創作之實施的形式上及細節上作些許之更動潤飾,均屬於本創作之專利保護範圍。本創作之專利保護範圍,仍須以所附之申請專利範圍所界定者為準。Although the embodiments disclosed in this creation are as above, the content described is not intended to directly limit the patent protection scope of this creation. Anyone with ordinary knowledge in the technical field to which this creation belongs, without departing from the spirit and scope disclosed in this creation, makes some modifications to the form and details of the implementation of this creation, which belongs to the patent protection of this creation range. The scope of patent protection for this creation must still be as defined in the scope of the attached patent application.

110:硬體載具 120:自動櫃員機 130:開戶伺服器 150:憑證驗證伺服器 170:身分確認伺服器 190:客戶端 步驟210:自動櫃員機輸入開戶資料 步驟221:自動櫃員機傳送開戶資料中之證件影像及開戶者影像至客戶端 步驟223:客戶端確認證件影像與開戶者影像相符 步驟230:連接硬體載具與自動櫃員機 步驟241:自動櫃員機驅動硬體載具並提供開戶資料給硬體載具 步驟245:硬體載具使用私鑰對開戶資料簽章以產生簽章資料 步驟249:自動櫃員機接收硬體載具所傳回之簽章資料 步驟250:自動櫃員機將開戶資料及簽章資料傳送至開戶伺服器 步驟260:開戶伺服器傳送開戶資料及簽章資料至驗證伺服器驗證 步驟273:驗證伺服器產生憑證確認資料並傳送至身分確認伺服器 步驟275:身分確認伺服器依據憑證確認資料確認開戶資料中之開戶者識別資料是否與數位憑證之擁有者相符 步驟277:驗證伺服器產生驗證結果 步驟280:開戶伺服器於簽章資料通過驗證伺服器之驗證後,使用開戶資料完成開戶程序 110: hardware vehicle 120: ATM 130: Account opening server 150: Certificate verification server 170: Identity confirmation server 190: Client Step 210: ATM input account opening information Step 221: The ATM transmits the ID image and account opener image in the account opening data to the client Step 223: The client confirms that the certificate image matches the account opener image Step 230: Connect the hardware vehicle to the ATM Step 241: ATM drives the hardware vehicle and provides account opening information to the hardware vehicle Step 245: The hardware vehicle uses the private key to sign the account opening data to generate the signature data Step 249: The ATM receives the signature data returned by the hardware vehicle Step 250: The ATM sends the account opening information and signature data to the account opening server Step 260: The account opening server sends the account opening data and signature data to the verification server for verification Step 273: The verification server generates the certificate confirmation data and sends it to the identity verification server Step 275: The identity confirmation server confirms whether the account opening identification data in the account opening data matches the owner of the digital certificate based on the certificate confirmation data Step 277: The verification server generates the verification result Step 280: The account opening server uses the account opening data to complete the account opening process after the signature data passes the verification of the verification server

第1圖為本創作所提之在自動櫃員機中使用載具驗證身分以開戶之系統架構圖。 第2A圖為本創作所提之在自動櫃員機中使用載具驗證身分以開戶之流程圖。 第2B圖為本創作所提之透過身分確認伺服器驗證簽章資料之流程圖。 第2C圖為本創作所提之透過客戶端確認開戶者之流程圖。 Figure 1 is a system architecture diagram of using a vehicle to verify identity in an ATM to open an account for the creation. Figure 2A is a flow chart of using the vehicle to verify identity in the ATM to open an account as mentioned in the creation. Figure 2B is a flow chart of verification of signature data through identity verification server mentioned in the creation. Figure 2C is a flow chart of confirming the account opener through the client as mentioned in the creation.

110:硬體載具 110: hardware vehicle

120:自動櫃員機 120: ATM

130:開戶伺服器 130: Account opening server

150:憑證驗證伺服器 150: Certificate verification server

170:身分確認伺服器 170: Identity confirmation server

190:客戶端 190: Client

Claims (8)

一種在自動櫃員機中使用載具驗證身分以開戶之系統,該系統至少包含: 一憑證驗證伺服器; 一硬體載具,用以儲存一私鑰及一數位憑證; 一自動櫃員機,提供該硬體載具連接,用以輸入一開戶資料,及用以驅動該硬體載具並提供該開戶資料給該硬體載具,使該硬體載具使用該私鑰對該開戶資料簽章以產生一簽章資料,並將該簽章資料傳回該自動櫃員機,其中,該簽章資料包含該數位憑證;及 一開戶伺服器,用以接收該自動櫃員機所傳送之該開戶資料及該簽章資料,並傳送該開戶資料及該簽章資料至該憑證驗證伺服器以透過該憑證驗證伺服器驗證該簽章資料,及用以於該簽章資料通過該憑證驗證伺服器之驗證後,使用該開戶資料完成開戶程序。 A system for verifying identity using a vehicle in an ATM to open an account. The system includes at least: A certificate verification server; A hardware carrier for storing a private key and a digital certificate; An automated teller machine that provides the hardware carrier connection to input an account opening data, and drives the hardware carrier and provides the account opening data to the hardware carrier, so that the hardware carrier uses the private key Sign the account opening data to generate a signing data, and return the signing data to the ATM, where the signing data includes the digital certificate; and An account opening server for receiving the account opening data and the signature data sent by the ATM, and sending the account opening data and the signature data to the certificate verification server to verify the signature through the certificate verification server The information, and used to complete the account opening process using the account opening data after the signature data is verified by the certificate verification server. 如申請專利範圍第1項所述之在自動櫃員機中使用載具驗證身分以開戶之系統,其中該系統更包含一身分確認伺服器,用以接收該憑證驗證伺服器所傳送之該開戶資料中之一憑證確認資料,及用以確認該憑證確認資料與該數位憑證之擁有者相符。As described in item 1 of the scope of the patent application, a system for using a vehicle to verify identity in an ATM to open an account, wherein the system further includes an identity confirmation server to receive the account opening data transmitted by the certificate verification server One of the certificate confirmation data and the certificate confirmation data used to confirm that the digital certificate owner matches. 如申請專利範圍第2項所述之在自動櫃員機中使用載具驗證身分以開戶之系統,其中該憑證驗證伺服器是由該開戶資料中讀出一開戶者識別資料,並由該簽章資料包含之數位憑證中讀出一憑證序號,及產生包含該開戶者識別資料及該憑證序號之該憑證確認資料。As described in item 2 of the patent application scope, a system for using a vehicle to verify identity in an ATM to open an account, where the certificate verification server reads an account opener identification data from the account opening data and the signature data The included digital certificate reads out a certificate serial number, and generates the certificate confirmation data including the account opener identification data and the certificate serial number. 如申請專利範圍第2項所述之在自動櫃員機中使用載具驗證身分以開戶之系統,其中該身份確認伺服器更用以依據該數位憑證之擁有者的擁有者識別資料是否與憑證確認資料中的開戶者識別資料相同產生一身份確認結果,該憑證驗證伺服器是在該簽章資料通過驗證且該身份確認結果表示該憑證確認資料通過驗證時,產生表示該簽章資料通過驗證之該驗證結果,並在該簽章資料沒有通過驗證,或該身份確認結果表示該憑證確認資料沒有通過驗證時,產生表示該簽章資料沒有通過驗證之該驗證結果。As described in item 2 of the scope of the patent application, a system for using a vehicle to verify identity in an ATM to open an account, wherein the identity verification server is further used to determine whether the owner of the digital certificate and the certificate confirmation data The account opener identification data in the same generates an identity confirmation result. The certificate verification server generates the signification data that indicates that the signature data passes the verification when the signature data passes the verification and the identity verification result indicates that the certificate confirmation data passes the verification. The verification result, and when the signature information fails the verification, or when the identity confirmation result indicates that the certificate confirmation data fails the verification, the verification result indicating that the signature information fails the verification is generated. 如申請專利範圍第1項所述之在自動櫃員機中使用載具驗證身分以開戶之系統,其中該自動櫃員機更用以將與該硬體載具對應之一介面驅動程式安裝或儲存至一自設存放位置,該自設存放位置於該自動櫃員機所設定之一檔案存取順序中之順位優先於預設驅動程式所安裝或存放之預設存放位置,使該自動櫃員機依據該檔案存取順序優先選擇由該自設存放位置載入該介面驅動程式以驅動該硬體載具。As described in item 1 of the scope of the patent application, a system for using a vehicle to verify identity in an ATM to open an account, wherein the ATM is also used to install or store an interface driver corresponding to the hardware vehicle to a self-service A storage location is set, and the priority of the self-set storage location in a file access sequence set by the ATM has priority over the default storage location where the default driver is installed or stored, so that the ATM is based on the file access sequence It is preferred to load the interface driver from the self-set storage location to drive the hardware carrier. 如申請專利範圍第1項所述之在自動櫃員機中使用載具驗證身分以開戶之系統,其中該系統更包含一客戶端,用以接收該自動櫃員機所傳送之該開戶資料中之一證件影像及一開戶者影像,及用以確認該證件影像與該開戶者影像相符。As described in item 1 of the scope of the patent application, a system for using a vehicle to verify identity in an ATM to open an account, wherein the system further includes a client for receiving a certificate image from the account opening data transmitted by the ATM And an account opener image, and to confirm that the certificate image is consistent with the account opener image. 如申請專利範圍第1項所述之在自動櫃員機中使用載具驗證身分以開戶之系統,其中該自動櫃員機更用以判斷該開戶資料所包含之證件影像上之面部影像是否與該開戶資料所包含之開戶者影像相符。A system for using a vehicle to verify identity in an ATM to open an account as described in item 1 of the scope of the patent application, wherein the ATM is also used to determine whether the facial image on the document image included in the account opening data is the same as the account opening data The included image of the account opener matches. 如申請專利範圍第1項所述之在自動櫃員機中使用載具驗證身分以開戶之系統,其中該自動櫃員機是呼叫連接該硬體載具之連接介面之一驅動程式,並透過該驅動程式產生與該硬體載具相容之一指令,藉以使用該指令與該硬體載具通訊。As described in item 1 of the patent application scope, a system for verifying identity using a vehicle in an ATM to open an account, wherein the ATM is a driver that calls a connection interface that connects to the hardware vehicle and generates it through the driver An instruction compatible with the hardware carrier, so as to use the instruction to communicate with the hardware carrier.
TW108215313U 2019-11-19 2019-11-19 System for verifying identity for opening an account using a vehicle in an ATM TWM592134U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW108215313U TWM592134U (en) 2019-11-19 2019-11-19 System for verifying identity for opening an account using a vehicle in an ATM

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW108215313U TWM592134U (en) 2019-11-19 2019-11-19 System for verifying identity for opening an account using a vehicle in an ATM

Publications (1)

Publication Number Publication Date
TWM592134U true TWM592134U (en) 2020-03-11

Family

ID=70768312

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108215313U TWM592134U (en) 2019-11-19 2019-11-19 System for verifying identity for opening an account using a vehicle in an ATM

Country Status (1)

Country Link
TW (1) TWM592134U (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI724638B (en) * 2019-11-19 2021-04-11 臺灣網路認證股份有限公司 System for using carrier to verity identity in machine for opening account and method thereof
TWI774011B (en) * 2020-06-23 2022-08-11 國泰世華商業銀行股份有限公司 System for getting certification through automation machine for applying account and method thereof
TWI792010B (en) * 2020-06-23 2023-02-11 國泰世華商業銀行股份有限公司 System for using automation machine to scan barcode and verify identity for applying account and method thereof

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI724638B (en) * 2019-11-19 2021-04-11 臺灣網路認證股份有限公司 System for using carrier to verity identity in machine for opening account and method thereof
TWI774011B (en) * 2020-06-23 2022-08-11 國泰世華商業銀行股份有限公司 System for getting certification through automation machine for applying account and method thereof
TWI792010B (en) * 2020-06-23 2023-02-11 國泰世華商業銀行股份有限公司 System for using automation machine to scan barcode and verify identity for applying account and method thereof

Similar Documents

Publication Publication Date Title
US20040122774A1 (en) Method and system for executing applications on a mobile device
TWM592134U (en) System for verifying identity for opening an account using a vehicle in an ATM
TWM601411U (en) System for digital account application by using ATM to obtain authentication
TW202040385A (en) System for using device identification to identify via telecommunication server and method thereof
TWI724638B (en) System for using carrier to verity identity in machine for opening account and method thereof
TWM606868U (en) Device for identifying identity based on document image and living body image
TWM592629U (en) System to obtain appended data and execute corresponding operation when identity is confirmed
TWM539668U (en) System for opening account online and applying for mobile banking
TWM586390U (en) A system for performing identity verification according to the service instruction to execute the corresponding service
TWM588313U (en) System for confirming user identity through financial account information
TWI691859B (en) System for identifying according to instruction to execute service and method thereof
TWI729535B (en) System for using financial account to confirm identity and method thereof
TWM586494U (en) ID recognition system using network identification data through telecommunication server
TWI745015B (en) System and method for providing authorized content generated during identity authentication for verifying transaction data before transaction
TWI787655B (en) System for identification based on comparing id photo and live photo and method thereof
TWM583978U (en) System of using physical carrier to store digital certificate for performing online transaction
TWI774011B (en) System for getting certification through automation machine for applying account and method thereof
TWI792010B (en) System for using automation machine to scan barcode and verify identity for applying account and method thereof
TWI807219B (en) System for performing identification based on comparing photo stored in chip and real-time live photo and method thereof
TWI780341B (en) System for using network identification to identify via telecommunication server and method thereof
TWI757925B (en) System for making two applications run simultaneously by calling input program and method thereof
TWI767113B (en) System for using certificate stored in carrier to conduct online transactions and method thereof
TWI704796B (en) System for using network identification to sign in service server via telecommunication server and method thereof
TWI746920B (en) System for using certificate to verify identity from different domain through portal and method thereof
TW202121304A (en) System for obtaining additional data when identifying to execute operation and method thereof

Legal Events

Date Code Title Description
MM4K Annulment or lapse of a utility model due to non-payment of fees