TWM608197U - System for applying services across servers - Google Patents

System for applying services across servers Download PDF

Info

Publication number
TWM608197U
TWM608197U TW109215171U TW109215171U TWM608197U TW M608197 U TWM608197 U TW M608197U TW 109215171 U TW109215171 U TW 109215171U TW 109215171 U TW109215171 U TW 109215171U TW M608197 U TWM608197 U TW M608197U
Authority
TW
Taiwan
Prior art keywords
server
service
user
authentication data
user authentication
Prior art date
Application number
TW109215171U
Other languages
Chinese (zh)
Inventor
周子恆
黃子玲
鄭惠宇
黃詠傑
戢晧維
Original Assignee
玉山商業銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 玉山商業銀行股份有限公司 filed Critical 玉山商業銀行股份有限公司
Priority to TW109215171U priority Critical patent/TWM608197U/en
Publication of TWM608197U publication Critical patent/TWM608197U/en

Links

Images

Landscapes

  • Storage Device Security (AREA)

Abstract

A system for applying services across servers is provided. The system provides a first server, a second server and a temporary storage that is used to buffer user authentication data. A user can send a request of first service to the first server via a user device. In the meantime, user authentication data is also transmitted to the first server. The first server reviews the request of first service. The user authentication data is then buffered to the temporary storage. When the user sends another request of second service to the second server, the second server can retrieve the user authentication data from the temporary storage after getting authorization from the user, and afterwards reviews the request of second service.

Description

跨伺服器申請服務的系統 Cross-server application service system

說明書提出一種申請服務的系統,特別是一種利用暫存使用者認證資料以實現跨伺服器申請服務的系統。 The manual proposes a service application system, especially a system that uses temporary user authentication data to implement cross-server application service.

若有需要某公司、企業所提出的服務時,常見的作法除了利用紙本提出申請外,還有連上申請此服務的網頁,使用者可根據網頁的引導填寫相關資料(可稱使用者認證資料)到對應的欄位上,經確認提交內容、儲存與使用者身份驗證等程序後,傳送出申請服務的表單。 If there is a need for a service provided by a company or enterprise, the common practice is not only to submit an application in paper form, but also to connect to the web page where the service is applied. The user can fill in the relevant information according to the guidance of the web page (it can be called user authentication). Data) to the corresponding field, after confirming the submitted content, storing and user identity verification procedures, the application form for the service is sent out.

接著,若使用者之後又要提出另一服務申請,同樣地除了紙本申請外,還要再次連線申請服務的網頁與填寫相關資料後提交服務申請。若還有更多服務申請,使用者仍需要執行相同的動作。 Then, if the user wants to apply for another service later, in addition to the paper application, he also needs to connect to the service application webpage again and fill in the relevant information to submit the service application. If there are more service requests, users still need to perform the same actions.

習知技術中,仍有可以稍微簡化填寫一些欄位資料的方案,例如通過網頁瀏覽器上儲存欄位的功能,在下次有相關欄位要填寫時,可以直接引入至對應欄位上,不過,習知技術因為個資保護或是技術限制,仍僅能應用如電子郵件等不涉及安全性的基本資料而已。 In the conventional technology, there are still solutions that can slightly simplify the filling of some field data. For example, through the function of saving the field on the web browser, the next time there is a relevant field to be filled in, it can be directly imported into the corresponding field, but Because of the protection of personal information or technical limitations, the conventional technology can still only be applied to basic information that does not involve security, such as e-mail.

為了提出兼顧方便、快速與安全性的資料交換方案,並且可重複利用用於不同服務申請的應用上,揭露書提出一種跨伺服器申請服務的系 統。 In order to propose a data exchange solution that takes into account convenience, speed and security, and can be reused for applications for different service applications, the disclosure paper proposes a system of cross-server application services. System.

所提出的跨伺服器申請服務的系統主要提出有一第一伺服器,用於接收使用者提出申請第一服務的請求,並審核第一服務的申請;有一第二伺服器,用於接收使用者申請第二服務的請求,也審核第二服務的申請;系統另設有一檔案伺服器,用於暫存可交換於不同伺服器之間的使用者認證資料。 The proposed cross-server application service system mainly proposes a first server for receiving users' requests for applying for the first service, and reviewing applications for the first service; and a second server for receiving users The request for applying for the second service is also reviewed; the system also has a file server for temporarily storing user authentication data that can be exchanged between different servers.

在一實施方案中,檔案伺服器實現一暫存區,暫存區可設於第一伺服器中、第二伺服器中,或為一獨立運作的檔案伺服器,能以安全加密技術暫存經過使用者授權而取得的使用者認證資料。所述第一伺服器、第二伺服器與檔案伺服器可以同為一個伺服系統中提供不同服務的功能模組,或是為分別提供不同服務的不同伺服器。 In one embodiment, the file server implements a temporary storage area. The temporary storage area can be set in the first server, the second server, or a stand-alone file server that can be temporarily stored with secure encryption technology User authentication data obtained through user authorization. The first server, the second server, and the file server may be functional modules that provide different services in the same server system, or may be different servers that provide different services.

系統所執行的跨伺服器申請服務的方法步驟包括以使用者裝置連線第一伺服器後,提出第一服務的申請,並由第一伺服器審核第一服務的申請,接著使用者裝置傳送使用者認證資料至第一伺服器,並暫存於檔案伺服器中,接著,當使用者裝置連線第二伺服器並提出第二服務的申請時,第二伺服器可經授權而由檔案伺服器取得使用者認證資料,使用者不用重複提出申請資料,即可由第二伺服器審核第二服務的申請。 The method steps of the cross-server application service executed by the system include after the user device connects to the first server, an application for the first service is submitted, and the application for the first service is reviewed by the first server, and then the user device sends The user authentication data is sent to the first server and temporarily stored in the file server. Then, when the user device connects to the second server and applies for the second service, the second server can be authorized by the file server The server obtains user authentication data, and the user does not need to repeatedly submit application data, and the second server can review the application for the second service.

優選地,所述經暫存的使用者認證資料可設有一時效性,當使用者認證資料於儲存於暫存區後一設定時間後即被自動刪除,如此可以適當地保護使用者個人隱私資料。 Preferably, the temporarily stored user authentication data can be set with a timeliness, when the user authentication data is automatically deleted after a set time after being stored in the temporary storage area, so that the user's personal privacy data can be appropriately protected .

為使能更進一步瞭解本新型的特徵及技術內容,請參閱以下有關本新型的詳細說明與圖式,然而所提供的圖式僅用於提供參考與說明,並非用來對本新型加以限制。 In order to further understand the features and technical content of the present invention, please refer to the following detailed descriptions and drawings about the present invention. However, the drawings provided are only for reference and explanation, and are not used to limit the present invention.

10:網路 10: Internet

15:使用者裝置 15: User device

11:第一伺服器 11: The first server

12:第二伺服器 12: The second server

13:檔案伺服器 13: file server

31:使用者裝置 31: User device

33:第一伺服模組 33: The first servo module

35:檔案伺服模組 35: File Servo Module

37:第二伺服模組 37: The second servo module

步驟S101~S107:跨伺服器申請服務的流程 Steps S101~S107: The process of applying for services across servers

步驟S301~S323:跨伺服器申請服務的流程 Steps S301~S323: The process of applying for services across servers

步驟S401~S419:跨伺服器申請服務的流程 Steps S401~S419: The process of applying for services across servers

步驟S501~S511:跨伺服器申請服務的流程 Steps S501~S511: Process of applying for services across servers

圖1顯示跨伺服器申請服務的系統架構實施例示意圖;圖2顯示系統實現跨伺服器申請服務的方法實施例流程圖;圖3顯示跨伺服器申請服務的方法實施例流程圖;圖4顯示跨伺服器申請服務的方法實施範例之一流程圖;以及圖5顯示跨伺服器申請服務的方法實施範例之二流程圖。 Figure 1 shows a schematic diagram of an embodiment of the system architecture for applying for services across servers; Figure 2 shows a flowchart of an embodiment of a method for applying services across servers in a system; Figure 3 shows a flowchart of an embodiment of a method for applying for services across servers; Figure 4 shows A flow chart of one of the implementation examples of the method for applying for services across servers; and FIG. 5 shows a flow chart of the second implementation example of the method for applying for services across servers.

以下是通過特定的具體實施例來說明本創作的實施方式,本領域技術人員可由本說明書所公開的內容瞭解本創作的優點與效果。本創作可通過其他不同的具體實施例加以施行或應用,本說明書中的各項細節也可基於不同觀點與應用,在不悖離本創作的構思下進行各種修改與變更。另外,本創作的附圖僅為簡單示意說明,並非依實際尺寸的描繪,事先聲明。以下的實施方式將進一步詳細說明本創作的相關技術內容,但所公開的內容並非用以限制本創作的保護範圍。 The following is a specific specific embodiment to illustrate the implementation of this creation, and those skilled in the art can understand the advantages and effects of this creation from the content disclosed in this specification. This creation can be implemented or applied through other different specific embodiments, and various details in this specification can also be based on different viewpoints and applications, and various modifications and changes can be made without departing from the concept of this creation. In addition, the drawings of this creation are merely schematic illustrations, and are not depicted in actual size, and are stated in advance. The following implementations will further describe the related technical content of this creation in detail, but the disclosed content is not intended to limit the protection scope of this creation.

應當可以理解的是,雖然本文中可能會使用到“第一”、“第二”、“第三”等術語來描述各種元件或者信號,但這些元件或者信號不應受這些術語的限制。這些術語主要是用以區分一元件與另一元件,或者一信號與另一信號。另外,本文中所使用的術語“或”,應視實際情況可能包括相關聯的列出項目中的任一個或者多個的組合。 It should be understood that although terms such as "first", "second", and "third" may be used herein to describe various elements or signals, these elements or signals should not be limited by these terms. These terms are mainly used to distinguish one element from another, or one signal from another signal. In addition, the term "or" used in this document may include any one or a combination of more of the associated listed items depending on the actual situation.

若能有效利用使用者認證資料在不同的服務申請中,可避免使用者重複填寫資料的麻煩,以一暫存區保留資料外,更提出安全保密措施,提供使用者安全、快速且安全的跨伺服器申請服務的解決方案,根據揭露書所提出的跨伺服器申請服務的系統實施例,可以參考圖1顯示跨伺服器申請服 務的系統架構實施例示意圖,並可參考圖2所示系統實現跨伺服器申請服務的方法實施例流程圖。 If the user authentication information can be effectively used in different service applications, the user can avoid the trouble of repeatedly filling in the information. In addition to retaining the information in a temporary storage area, it also proposes security and confidentiality measures to provide users with safe, fast and safe cross-checking. The server application service solution, according to the system embodiment of the cross-server application service proposed in the disclosure, you can refer to Figure 1 which shows the cross-server application service A schematic diagram of an embodiment of a service system architecture, and a flowchart of an embodiment of a method for implementing a cross-server application service in the system shown in FIG. 2 may be referred to.

此例顯示跨伺服器申請服務的系統設有提供不同服務的第一伺服器11與第二伺服器12,然而更可以延伸至更多伺服器所提供的服務,系統更提出一檔案伺服器13,這是用於暫存使用者申請特定服務時所提供的使用者認證資料,一旦經使用者授權,第一伺服器11、第二伺服器12或是更多伺服器都可以共享檔案伺服器13所儲存的使用者認證資料。 This example shows that a cross-server application service system has a first server 11 and a second server 12 that provide different services. However, it can be extended to services provided by more servers. The system also proposes a file server 13 , This is used to temporarily store the user authentication data provided when the user applies for a specific service. Once authorized by the user, the first server 11, the second server 12, or more servers can share the file server 13 User authentication data stored.

跨伺服器申請服務的系統提供使用者利用使用者裝置15經網路10對任一伺服器提出服務請求。舉例來說,若以金融系統而言,第一伺服器11、第二伺服器12或是更多伺服器可以是金融機構中提供不同服務,所述服務可以是申請數位帳戶、證券戶以及信用卡戶的申請服務,這些服務都需要使用者提供重要而隱私的資料,因此需要具有安全防護的儲存技術。所述方法所適用的服務也不排除金融業外的服務,如電信服務等。在所述跨伺服器申請服務的方法中,可以讓使用者可以一次同意申請多個服務,使用者的認證資料將暫存於檔案伺服器13內,當有任何服務經過使用者允許與授權,第一伺服器11或第二伺服器12可自檔案伺服器13取得暫存的使用者認證資料,直接審核多個服務,使用者不必要逐一提出申請。 The cross-server application service system provides a user to use the user device 15 to make a service request to any server via the network 10. For example, in the case of a financial system, the first server 11, the second server 12, or more servers can provide different services in financial institutions. The services can be application for digital accounts, securities accounts, and credit cards. User’s application services, these services require users to provide important and private information, and therefore require storage technology with security protection. The services to which the method is applicable also do not exclude services outside the financial industry, such as telecommunications services. In the cross-server service application method, the user can agree to apply for multiple services at once, and the user's authentication data will be temporarily stored in the file server 13. When any service is allowed and authorized by the user, The first server 11 or the second server 12 can obtain temporary user authentication data from the file server 13 and directly audit multiple services, and the user does not need to apply one by one.

根據圖2描述的流程,一開始,如流程步驟S101,使用者操作使用者裝置15中的軟體程式(如網頁瀏覽器或特定應用程式)連線第一伺服器11,並根據第一伺服器11提供的申請表單填寫資料(產生全部或部份的使用者認證資料),以申請第一服務,同時也傳遞了使用者認證資料至第一伺服器11。 According to the process described in FIG. 2, at the beginning, such as process step S101, the user operates a software program (such as a web browser or a specific application) in the user device 15 to connect to the first server 11, and according to the first server 11 provides the application form to fill in data (generating all or part of the user authentication data) to apply for the first service, and at the same time, it also transmits the user authentication data to the first server 11.

第一伺服器11接著根據使用者提供的申請資料審核是否同意提供服務,此時,如步驟S103,第一伺服器11經授權後可將使用者提供的使用 者認證資料(可以是全部或部份)暫存在檔案伺服器13中。檔案伺服器13中設有儲存資料的資料庫與相關安全加密措施,使得使用者認證資料可以根據使用者識別資料(如user ID)安全地暫存在檔案伺服器13中。 The first server 11 then reviews whether it agrees to provide the service according to the application information provided by the user. At this time, in step S103, the first server 11 can use the service provided by the user after authorization. The user authentication data (which can be all or part of it) is temporarily stored in the file server 13. The file server 13 is provided with a database for storing data and related security encryption measures, so that the user authentication data can be safely temporarily stored in the file server 13 based on user identification data (such as user ID).

接著,如步驟S105,當使用者通過使用者裝置15連線第二伺服器12,並向第二伺服器12申請第二服務,這時第二伺服器12可以經過授權允許而向檔案伺服器13取得使用者認證資料,檔案伺服器13中運作的電腦程序可以根據第二伺服器12提供的使用者識別資料取出(解密)使用者認證資料(部份或全部),再提供給第二伺服器12。之後即如步驟S107,進行申請第二服務的程序,由第二伺服器12審核第二服務的申請。 Then, in step S105, when the user connects to the second server 12 through the user device 15 and applies for the second service from the second server 12, then the second server 12 can request the file server 13 with authorization. To obtain user authentication data, the computer program running in the file server 13 can extract (decrypt) user authentication data (part or all) based on the user identification data provided by the second server 12, and then provide it to the second server 12. Then, as in step S107, the procedure of applying for the second service is performed, and the second server 12 reviews the application for the second service.

一般來說,在保護客戶隱私資料的原則下,當使用者提出不同的服務申請(如對客戶資料具有高度安全性要求的金融服務),若沒有經過使用者同意,認證資料不應相互流通。而在揭露書所提出的跨伺服器申請服務的方法中,可以在使用者授權下,不同服務申請可以通過所述檔案伺服器13共享使用者認證資料,因此可以快速而方便地讓使用者在伺服系統中申請多種服務。 Generally speaking, under the principle of protecting customer privacy data, when users apply for different services (such as financial services with high security requirements for customer data), authentication data should not be circulated without the user’s consent. In the cross-server service application method proposed in the disclosure, different service applications can share user authentication data through the file server 13 under the authorization of the user, so that the user can quickly and easily Apply for multiple services in the servo system.

值得一提的是,所述第一伺服器11、第二伺服器12與檔案伺服器13除了為分別提供不同服務的不同伺服器,也可以是由軟體程式與硬體搭配的功能模組,分別形成了第一伺服模組、第二伺服模組與檔案伺服模組,這些功能模組可以同為一個伺服系統中提供不同服務的功能模組。更者,所述檔案伺服模組實現一暫存器,暫存器可以為實體儲存裝置或是設於第一伺服模組、第二伺服模組或為一獨立運作的檔案伺服器的記憶體中,並以一安全加密技術暫存經過使用者授權而取得的使用者認證資料。其中獨立運作的檔案伺服器可以是伺服系統中的某一獨立運作的資料庫,或是第三方提出的儲存器。 It is worth mentioning that the first server 11, the second server 12, and the file server 13 are not only different servers providing different services, but also functional modules that are matched by software programs and hardware. The first servo module, the second servo module, and the file servo module are formed respectively, and these functional modules can be the same functional modules that provide different services in the same servo system. Furthermore, the file server module implements a register, and the register can be a physical storage device or a memory set in the first server module, the second server module, or an independent file server In the process, a secure encryption technology is used to temporarily store user authentication data obtained through user authorization. The independently operated file server may be an independently operated database in the server system, or a storage proposed by a third party.

相關流程可參考圖3顯示運行於使用者裝置31、第一伺服模組33(可實現如圖1所示的第一伺服器)、檔案伺服模組35(可實現如圖1所示的檔案伺服器)以及第二伺服模組37(可實現如圖1所示的第二伺服器)之間的跨伺服器申請服務的方法實施例流程圖。 For the related process, refer to FIG. 3, which shows running on the user device 31, the first servo module 33 (which can realize the first server as shown in FIG. 1), and the file servo module 35 (which can realize the file as shown in FIG. 1). Server) and the second server module 37 (which can implement the second server as shown in FIG. 1) cross-server application for service method embodiment flowchart.

一開始由使用者裝置31向第一伺服模組33提出第一服務的請求(步驟S301),這時,第一伺服模組33產生一服務介面(步驟S303),要求驗證使用者身份(步驟S305)。其中第一伺服模組33驗證使用者身份的方式可利用密碼、一次式密碼(OTP)、自然人憑證或其他驗證方式,例如其他第三方的驗證結果(如聯徵結果)等驗證方式,以確認使用者身份。 Initially, the user device 31 makes a request for the first service to the first server module 33 (step S301). At this time, the first server module 33 generates a service interface (step S303) to request the user's identity to be verified (step S305). ). The first server module 33 may use passwords, one-time passwords (OTP), natural person certificates or other verification methods, such as verification results of other third parties (such as joint registration results), to confirm the user’s identity. User identity.

接著使用者通過使用者裝置31產生並傳遞使用者認證資料,以申請第一服務(步驟S307),再由第一伺服模組33審核使用者發出的第一服務申請(步驟S309)。在此例中,當第一伺服模組33完成審核後,可將審核結果傳遞給使用者裝置31(步驟S311),其中還可包括申請第二服務的連結。舉例來說,以申請金融服務為例,當使用者完成信用卡申請時,相關頁面可以接續推薦使用者申請貸款業務,根據所述跨伺服器申請服務的方法實施例,讓後續的申請服務可以取得第一次申請時提供的使用者認證資料,可以改善重複填寫使用者認證資料的不便。 Then the user generates and transmits user authentication data through the user device 31 to apply for the first service (step S307), and the first server module 33 verifies the first service application sent by the user (step S309). In this example, after the first server module 33 completes the review, the review result may be transmitted to the user device 31 (step S311), which may also include a link to apply for the second service. For example, take the application for financial services as an example. When the user completes the credit card application, the relevant page can continue to recommend the user to apply for the loan business. According to the cross-server application service method embodiment, subsequent application services can be obtained The user authentication information provided in the first application can improve the inconvenience of repeatedly filling in user authentication information.

在這個時間點,經過使用者授權,第一伺服模組33可以將使用者提出第一服務申請所提供的使用者認證資料暫存於檔案伺服模組35中(步驟S313)。在一實施例中,在檔案伺服模組35中,經暫存的使用者認證資料可設有一時效性,也就是設定資料失效的時間,當使用者認證資料於儲存於此暫存區(或暫存器)後一設定時間後即被自動刪除。若檔案伺服模組35中的使用者認證資料被刪除後,日後要申請任一服務時,使用者就需要重新提供認證資料。 At this point in time, after the user's authorization, the first server module 33 can temporarily store the user authentication data provided by the user's first service application in the file server module 35 (step S313). In one embodiment, in the file server module 35, the temporarily stored user authentication data can be set with a timeliness, that is, the time when the data is set to expire, when the user authentication data is stored in this temporary storage area (or Register) will be automatically deleted after the set time. If the user authentication data in the file server module 35 is deleted, the user needs to provide the authentication data again when applying for any service in the future.

使用者裝置31接著向第二伺服模組37請求第二服務(步驟S315),同時也將使用者識別資料(user ID)傳送給第二伺服模組37,同樣地,第二伺服模組37也可通過密碼、一次式密碼、自然人憑證或其他驗證方式確認使用者身份(步驟S317)。之後,第二伺服模組37根據所得到的使用者識別資料向檔案伺服模組35請求使用者認證資料(步驟S319),經確認使用者授權後,也自檔案伺服模組35取得使用者認證資料(步驟S321),讓第二伺服模組37根據所取得的使用者認證資料審核使用者提出的第二服務的申請(步驟S323)。 The user device 31 then requests the second service from the second server module 37 (step S315), and at the same time sends the user identification data (user ID) to the second server module 37. Similarly, the second server module 37 The user identity can also be confirmed through a password, a one-time password, a natural person certificate or other verification methods (step S317). After that, the second server module 37 requests user authentication data from the file server module 35 based on the obtained user identification data (step S319), and after confirming the user authorization, it also obtains user authentication from the file server module 35 Data (step S321), let the second server module 37 review the user's application for the second service based on the obtained user authentication data (step S323).

根據以上流程實施例,所述第一伺服模組33與第二伺服模組37分別提供的第一服務與第二服務可為金融機構提供的多種金融服務,經過使用者授權,可使得多種金融服務都可通過檔案伺服模組35共享使用者認證資料,針對申請資料有高度重複的服務,可以讓使用者順利提出申請。其中,可參考圖4實施例流程,在使用者通過使用者裝置31傳送使用者認證資料至第一伺服模組33時(如步驟S305),同時使用者還可通過申請服務的介面授權第二伺服模組37至檔案伺服模組35中取得使用者認證資料。相關實施例流程可參考圖4。 According to the above process embodiment, the first service and the second service respectively provided by the first server module 33 and the second server module 37 can be a variety of financial services provided by financial institutions. After user authorization, a variety of financial services can be used. All services can share user authentication data through the file server module 35, and there are highly repetitive services for application data, allowing users to apply smoothly. Wherein, referring to the flow of the embodiment in FIG. 4, when the user sends user authentication data to the first server module 33 through the user device 31 (such as step S305), the user can also authorize the second through the service application interface The server module 37 to the file server module 35 obtain user authentication data. Refer to FIG. 4 for the flow of related embodiments.

在圖4中,一開始第一伺服器通過服務介面接收使用者裝置連線(步驟S401),也通過服務介面驗證使用者身份(步驟S403),並接收第一服務申請與使用者認證資料(步驟S405),同時,在所述服務介面上還提供使用者可以向第二伺服器申請第二服務的信息,如一個推薦廣告,一旦使用者同意後,即通過服務介面授權第二伺服器可以取得本次由使用者提交的使用者認證資料(步驟S407)。 In Figure 4, the first server initially receives the user device connection through the service interface (step S401), and also verifies the user's identity through the service interface (step S403), and receives the first service application and user authentication data ( Step S405). At the same time, the service interface also provides information that the user can apply for the second service from the second server, such as a recommended advertisement. Once the user agrees, the second server can be authorized through the service interface. Obtain the user authentication data submitted by the user this time (step S407).

在流程中,第一伺服器一方面審核本次第一服務的申請(步驟S409),第一伺服器另一方面將使用者認證資料儲存至檔案伺服器(步驟 S411)。第一伺服器於完成審核後,可以將審核結果告知使用者。 In the process, on the one hand, the first server reviews the application for the first service (step S409), and on the other hand, the first server saves the user authentication data to the file server (step S409). S411). After the first server completes the review, it can notify the user of the review result.

檔案伺服器可以對每一筆使用者認證資料設定一時效性,也就是資料失效的期限,因此,使用者可以在此規定的期限內向第二伺服器提出第二服務的申請。在流程中,第二伺服器接收使用者裝置連線(步驟S413),接著通過服務介面接收第二服務申請,其中可包括使用者識別資料(步驟S415),使得第二伺服器可以此使用者識別資料向檔案伺服器提出取得使用者認證資料的請求,確認後,第二伺服器取得使用者認證資料(步驟S417),也就能直接審核第二服務的申請(步驟S419)。 The file server can set a timeliness for each user authentication data, that is, the time limit for the data to become invalid. Therefore, the user can apply for the second service to the second server within the specified time limit. In the process, the second server receives the user device connection (step S413), and then receives the second service application through the service interface, which may include user identification data (step S415), so that the second server can access the user The identification data requests the file server to obtain the user authentication data. After confirmation, the second server obtains the user authentication data (step S417), and can also directly review the application for the second service (step S419).

在另一實施例中,使用者可能不會在申請第一服務時即授權第二伺服器自檔案伺服器取得使用者認證資料,而是在向第二伺服器提出第二服務的申請時,才授權第二伺服器至檔案伺服器中取得使用者認證資料。實施例可參考圖5所示的流程圖。 In another embodiment, the user may not authorize the second server to obtain user authentication data from the file server when applying for the first service, but when applying for the second service to the second server, Only authorize the second server to obtain user authentication data from the file server. For the embodiment, reference may be made to the flowchart shown in FIG. 5.

同理,一開始第一伺服器自使用者裝置接收申請第一服務的請求與使用者認證資料(步驟S501),第一伺服器即審核第一服務的申請(步驟S503),也將使用者認證資料儲存至檔案伺服器中(步驟S505)。 In the same way, at the beginning, the first server receives the request for applying for the first service and the user authentication data from the user device (step S501), the first server reviews the application for the first service (step S503), and also sends the user The authentication data is stored in the file server (step S505).

之後,第二伺服器接收使用者裝置所發出的申請第二服務的請求,其中還包括了使用者識別資料以及授權取得使用者認證資料(步驟S507),使得第二伺服器可從檔案伺服器取得使用者認證資料(步驟S509),並直接審核第二服務的申請(步驟S511)。 After that, the second server receives the request for applying for the second service sent by the user device, which also includes the user identification data and the authorization to obtain user authentication data (step S507), so that the second server can obtain the request from the file server Obtain user authentication data (step S509), and directly review the application for the second service (step S511).

綜上所述,根據以上實施例,其中第一伺服器(或模組)與第二伺服器(或模組)接收到使用者裝置發出的服務申請請求時,會先確認使用者身份,並且向使用者裝置傳送出服務介面,如以網頁介面或是特定應用程式產生的使用者介面呈現的服務介面,經使用者填寫後產生第一同意書後,也將其中使用者認證資料傳送到檔案伺服器(或模組),同時也能授權 第二伺服器取得使用者認證資料,以便申請第二服務,產生第二同意書,其中可以將使用者認證資料自動套用申請服務的表格而產生第二同意書。最後第一伺服器與第二伺服器即分別審核第一同意書與第二同意書。值得一提的是,所提出的方案除了可重複授權使用的特點外,所述檔案伺服器可以對其中的使用者認證資料設定時效性,以此措施實現個資的資料刪除權(或稱被遺忘權),也實現資料可攜權等符合如歐盟資料保護(GDPR)的精神。 In summary, according to the above embodiments, the first server (or module) and the second server (or module) will first confirm the user's identity when receiving a service request request from the user device, and Send a service interface to the user device, such as a web interface or a user interface generated by a specific application. After the user fills in the first consent form, the user authentication information is also sent to the file Server (or module), which can also authorize The second server obtains the user authentication data to apply for the second service, and generates a second consent form, where the user authentication data can be automatically applied to the service application form to generate the second consent form. Finally, the first server and the second server respectively review the first consent letter and the second consent letter. It is worth mentioning that, in addition to the features of the proposed solution that can be re-licensed, the file server can set the timeliness of the user authentication data in it, so as to achieve the right to delete data (or be The right to forget) and the right to data portability are also in line with the spirit of the European Union Data Protection (GDPR).

以上所公開的內容僅為本新型的優選可行實施例,並非因此侷限本新型的申請專利範圍,所以凡是運用本新型說明書及圖式內容所做的等效技術變化,均包含於本新型的申請專利範圍內。 The content disclosed above is only a preferred and feasible embodiment of the present model, and does not limit the scope of the patent application of the present model. Therefore, all equivalent technical changes made by using the description and schematic content of the present model are included in the application of the present model. Within the scope of the patent.

10:網路 10: Internet

15:使用者裝置 15: User device

11:第一伺服器 11: The first server

12:第二伺服器 12: The second server

13:檔案伺服器 13: file server

Claims (10)

一種跨伺服器申請服務的系統,包括: 一第一伺服器,接收一使用者裝置提出申請一第一服務的請求,並接收該使用者裝置傳送的一使用者認證資料,以審核該第一服務的申請; 一檔案伺服器,通過網路連線該第一伺服器,用以儲存自該第一伺服器取得的該使用者認證資料;以及 一第二伺服器,通過網路連線該檔案伺服器,接收該使用者裝置提出申請一第二服務的請求,以自該檔案伺服器取得該使用者認證資料,以審核該第二服務的申請。 A system for applying for services across servers, including: A first server, receiving a request from a user device to apply for a first service, and receiving a user authentication data sent by the user device to review the application for the first service; A file server, connected to the first server via a network, for storing the user authentication data obtained from the first server; and A second server connects to the file server via the network, receives a request from the user device to apply for a second service, and obtains the user authentication data from the file server to verify the second service Application. 如請求項1所述的跨伺服器申請服務的系統,其中該檔案伺服器實現一暫存器,該暫存器設於該第一伺服器中、該第二伺服器中,或為一獨立運作的檔案伺服器,以一安全加密技術暫存經過一使用者授權而取得的該使用者認證資料。The cross-server application service system according to claim 1, wherein the file server implements a register, and the register is provided in the first server, the second server, or is an independent The operating file server temporarily stores the user authentication data obtained through the authorization of a user with a secure encryption technology. 如請求項2所述的跨伺服器申請服務的系統,其中經暫存的該使用者認證資料設有一時效性,當該使用者認證資料於儲存於該暫存器後一設定時間後即被自動刪除。For the cross-server application service system described in claim 2, the temporarily stored user authentication data has a timeliness, when the user authentication data is stored in the register after a set time, it will be Automatically delete. 如請求項2所述的跨伺服器申請服務的系統,其中該第一伺服器與該第二伺服器分別提供的該第一服務與該第二服務為一金融機構提供的多種金融服務,經過該使用者授權,該多種金融服務通過該檔案伺服器共享該使用者認證資料。The system for applying for services across servers as described in claim 2, wherein the first service and the second service provided by the first server and the second server are multiple financial services provided by a financial institution. The user authorizes the multiple financial services to share the user authentication data through the file server. 如請求項4所述的跨伺服器申請服務的系統,其中該第一伺服器通過一服務介面接收該第一服務的請求,並取得該使用者認證資料,該第一伺服器通過服務介面要求驗證該該使用者的身份。The system for applying for services across servers according to claim 4, wherein the first server receives the request for the first service through a service interface and obtains the user authentication data, and the first server requests through the service interface Verify the identity of the user. 如請求項5所述的跨伺服器申請服務的系統,其中,當第一伺服器完成審核該第一服務的請求後,將審核結果傳遞給該使用者裝置,其中包括該第二服務的連結。The system for applying for services across servers according to claim 5, wherein after the first server completes the request for reviewing the first service, it transmits the review result to the user device, which includes the link to the second service . 如請求項5所述的跨伺服器申請服務的系統,其中該第一伺服器通過該服務介面以密碼、一次式密碼、自然人憑證或第三方驗證方式驗證該使用者的身份。The system for applying for a service across servers according to claim 5, wherein the first server verifies the identity of the user by means of a password, a one-time password, a natural person certificate, or a third-party verification method through the service interface. 如請求項7所述的跨伺服器申請服務的系統,其中,當該使用者通過該使用者裝置傳送該使用者認證資料至該第一伺服器時,同時還通過該服務介面授權該第二伺服器至該檔案伺服器中取得該使用者認證資料。The system for applying for services across servers according to claim 7, wherein when the user transmits the user authentication data to the first server through the user device, the second server is also authorized through the service interface at the same time The server obtains the user authentication data from the file server. 如請求項7所述的跨伺服器申請服務的系統,其中,當該使用者裝置向該第二伺服器提出該第二服務的申請時,才授權該第二伺服器至該檔案伺服器中取得該使用者認證資料。The cross-server application service system according to claim 7, wherein only when the user device submits an application for the second service to the second server, the second server is authorized to the file server Obtain the user authentication data. 如請求項1至9中任一項所述的跨伺服器申請服務的系統,其中經暫存的該使用者認證資料設有一時效性,當該使用者認證資料於儲存於該檔案伺服器後一設定時間後即被自動刪除。For example, the cross-server application service system described in any one of claim items 1 to 9, wherein the temporarily stored user authentication data has a timeliness, when the user authentication data is stored in the file server It will be deleted automatically after a set time.
TW109215171U 2020-11-18 2020-11-18 System for applying services across servers TWM608197U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW109215171U TWM608197U (en) 2020-11-18 2020-11-18 System for applying services across servers

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW109215171U TWM608197U (en) 2020-11-18 2020-11-18 System for applying services across servers

Publications (1)

Publication Number Publication Date
TWM608197U true TWM608197U (en) 2021-02-21

Family

ID=75641946

Family Applications (1)

Application Number Title Priority Date Filing Date
TW109215171U TWM608197U (en) 2020-11-18 2020-11-18 System for applying services across servers

Country Status (1)

Country Link
TW (1) TWM608197U (en)

Similar Documents

Publication Publication Date Title
US11777726B2 (en) Methods and systems for recovering data using dynamic passwords
US20210314174A1 (en) System and method for verifying an identity of a user using a cryptographic challenge based on a cryptographic operation
US11025419B2 (en) System for digital identity authentication and methods of use
US11991175B2 (en) User authentication based on device identifier further identifying software agent
US11082221B2 (en) Methods and systems for creating and recovering accounts using dynamic passwords
US10887098B2 (en) System for digital identity authentication and methods of use
US20180349894A1 (en) System of hardware and software to prevent disclosure of personally identifiable information, preserve anonymity and perform settlement of transactions between parties using created and stored secure credentials
US20090106138A1 (en) Transaction authentication over independent network
KR102137115B1 (en) System and method for certificate easily submission service support
US10992683B2 (en) System and method for authenticating, storing, retrieving, and verifying documents
US9294918B2 (en) Method and system for secure remote login of a mobile device
US20210392003A1 (en) Decentralized computing systems and methods for performing actions using stored private data
US20240095318A1 (en) Digital identity sign-up
US20050160298A1 (en) Nonredirected authentication
TWI765416B (en) Method and system for applying services across servers
TWM608197U (en) System for applying services across servers
US11916916B2 (en) System and method for authenticating, storing, retrieving, and verifying documents
TWM617427U (en) Risk information exchange system with privacy protection
KR20130048532A (en) Next generation financial system
US20040236941A1 (en) Method for secure transfer of information
US20210377039A1 (en) Checkout with mac
TWI737139B (en) Personal data protection application system and personal data protection application method
KR20190058940A (en) Method for Inheriting Digital Information USING WELL DIEING LIFE MANAGEMENT SYSTEM
US20220067735A1 (en) Systems and methods for use with network authentication
TWM589295U (en) Data transmission system with code verification