TWM609176U - Authorization system - Google Patents

Abstract

An authorization system is provided. The authorization system includes a card authorization system, a simplified process authorization system, a dual factor authorization system, a one time password authorization system, a securities certificate authorization system, a mobile identity authorization system, and a controller. The controller is coupled to the card authorization system, the simplified process authorization system, the dual factor authorization system, the one time password authorization system, the securities certificate authorization system, and the mobile identity authorization system, wherein the controller is configured to operate the card authorization system, the simplified process authorization System, the dual factor authorization system, the one time password authorization system, the securities certificate authorization system, and the mobile identity authorization system.

Description

Authorization system

This new creation is about an authorization system.

When the applicant submits an application for a specific transaction with the debit bank to the debit bank, the applicant or the debit bank must complete identity verification with the debit bank to obtain authorization for the transaction. Traditionally, applicants can use paper authorization to apply for authorization transactions. However, the applicant needs to deliver the paper authorization letter by hand or by post. In this way, it takes a lot of time for the applicant. In addition, the debiting bank needs to manually check the paper authorization letter, and the manpower or time required to manually review the authorization far exceeds the manpower or time required to verify the authorization with an automated system. On the other hand, with the paper authorization method, neither the applicant nor the industry can confirm the authorization result immediately. Based on this, an improved authorization system needs to be proposed.

The new creation provides an authorization system, which can provide customers with diversified authorization channels.

The authorization system created by the new model includes a card-insertion authorization system, a simplified process authorization system, a dual-factor authorization system, a one-time password authorization system, a securities certificate authorization system, a mobile identity authorization system, and a controller. The controller is coupled to the card authorization system, the process simplification authorization system, the dual-factor authorization system, the one-time password authorization system, the securities certificate authorization system, and the mobile identity authorization system. The controller is configured to operate the card authorization system and the process simplification authorization system System, dual-factor authorization system, one-time password authorization system, securities certificate authorization system, and mobile identity authorization system.

Based on the above, the authorization system of the new creation can provide diversified authorization channels such as a card authorization system, a simplified process authorization system, a dual-factor authorization system, a one-time password authorization system, a securities certificate authorization system, and a mobile identity authorization system for customers. Financial deduction authorization service or identity confirmation service.

In order to make the above-mentioned features and advantages of the new creation more obvious and understandable, the following specific examples are given in conjunction with the accompanying drawings to describe in detail as follows.

Fig. 1 is a schematic diagram illustrating an authorization system 100 according to an embodiment of the present invention. 1, the authorization system 100 may include a card authorization system 110, a simplified process authorization system 120, a dual-factor authorization system 130, a one-time password authorization system 140, a securities certificate authorization system 150, a mobile identity authorization system 160, and a controller 170 . The controller 170 can be coupled to the card authorization system 110, the simplified process authorization system 120, the dual-factor authorization system 130, the one-time password authorization system 140, the securities certificate authorization system 150, and the mobile identity authorization system 160.

The controller 170 can be configured to operate the card authorization system 110, the process simplification authorization system 120, the dual-factor authorization system 130, the one-time password authorization system 140, the securities certificate authorization system 150, and the mobile identity authorization system 160, so that the various systems can Provide customers with financial deduction authorization or identity confirmation services.

FIG. 2 is a schematic diagram illustrating a card insertion authorization system 110 according to an embodiment of the invention. 2, the card insertion authorization system 110 may include a client terminal 111, an initiator terminal 112, an electronic direct debit authorization (EDDA) server 113, and a debit bank terminal 114.

The client terminal 111 is, for example, an electronic device with computing capability commonly used by general customers, including a smart phone, a tablet computer, or a personal computer. The client terminal 111 may also include a card reading device (such as a contact card reader or a non-contact card reader) to read the card input data of the customer card, where the card includes, for example, an identity card, an insurance card, and a natural person. Vouchers, financial cards or credit cards, etc., the creation of the new model is not limited to this. The client terminal 111 may have input and output components (such as but not limited to: display, touch screen, keyboard or mouse), processing unit (such as but not limited to processor), communication unit (such as various communication chips, mobile Communication chip, Bluetooth chip or WiFi chip, but not limited to these, and storage units (such as removable random access memory, flash memory or hard disk, but not limited to, etc.) and other necessary components for running the client terminal 111 .

The initiator terminal 112 may be communicatively connected to the client terminal 111. The initiator terminal 112 is, for example, an electronic device with computing capability. For example, the initiator terminal 112 may be a terminal device of a store selling goods or a server in a bank. The initiator terminal 112 may have input and output components (such as but not limited to: display, touch screen, keyboard or mouse), processing unit (such as processor but not limited to this), communication unit (such as various communication chips) , Mobile communication chip, Bluetooth chip or WiFi chip, etc. but not limited to this) and storage unit (for example: removable random access memory, flash memory or hard disk, etc. but not limited to these), etc. to run the initiator terminal 112 The necessary components. The initiator terminal 112 may be an electronic device capable of decoding card input data to obtain card data. For example, the initiator terminal 112 may provide a card reading element. The card reading component has the function of decoding the input data of the card. After the customer inserts a card into the card reader of the customer terminal 111 to obtain the card input data, the initiator terminal 112 can obtain the card input data from the customer terminal 111 and decode the card input data through the card reading element to obtain the card input data Card information.

In an embodiment, the initiator terminal 112 may also include a card reading device (such as a contact card reader or a non-contact card reader) to read the card input data of the customer's card, where the card contains, for example, Identity cards, insurance cards, natural person certificates, financial cards or credit cards, etc., the creation of the new model is not limited to this. After obtaining the card input data, the initiator terminal 112 can decode the card input data through the card reading element to obtain the card data from the card input data.

The electronic authorization deduction server 113 can be communicatively connected to the initiator terminal 112 or the client terminal 111. The electronic authorization deduction server 113 is, for example, an electronic device with computing capability. The electronic authorization deduction server 113 may have input and output components (for example, but not limited to: display, touch screen, keyboard or mouse), processing unit (for example, processor but not limited to this), communication unit (for example: various types of Communication chip, mobile communication chip, Bluetooth chip or WiFi chip, but not limited to this, and storage unit (for example: removable random access memory, flash memory or hard disk, etc. but not limited to, etc.) to run electronic authorization A necessary component of the deduction server 113. The electronic authorization debit server 113 may be a server capable of decoding card input data to obtain card data. For example, the electronic authorization debit server 113 can provide a card reading component. The card reading component has the function of decoding the input data of the card. After the customer inserts the card into the card reader of the customer terminal 111 to obtain the card input data, the electronic authorization debit server 113 can obtain the card input data from the customer terminal 111 and decode the card input data through the card reading component to input the card input data Obtain the card data from the data.

The debit bank terminal 114 can be communicatively connected to the electronic authorized debit server 113, the initiator terminal 112 or the client terminal 111. The debit bank terminal 114 is, for example, an electronic device with computing capability. The debit bank terminal 114 may be a terminal device of a bank where the customer has an account. The debit bank terminal 114 may have input and output components (such as but not limited to: display, touch screen, keyboard or mouse), processing unit (such as processor but not limited to this), communication unit (such as various communication chips) , Mobile communication chip, Bluetooth chip or WiFi chip, but not limited to this) and storage unit (for example: removable random access memory, flash memory or hard disk, but not limited to, etc.) and other operating deduction bank terminals 114 necessary components.

In this embodiment, the customer can obtain the authorization of the debit bank terminal 114 through the customer terminal 111 to use a specific financial deduction service or identity confirmation service. The following will illustrate the method of obtaining the authorization result with an embodiment.

In this embodiment, the card insertion authorization system 110 may include implementation aspects such as a forwarding authorization subsystem and a general card insertion authorization subsystem.

FIG. 3A is a flow chart of obtaining an authorization result through the implementation mode of the forwarding authorization subsystem of the card insertion authorization system 110 according to an embodiment of the creation of the present invention. In step S301, the client can use the client terminal 111 to transmit authorization application materials (or identity confirmation application materials) to the initiator terminal 112. The authorization application information can include the information required to apply for deduction from the bank (for example, debit from the account opened by the customer at the bank), such as the bank branch code or account number. The authorization application data can also include transaction information, such as (but not limited to) the transaction code of authorized deduction, the number of authorized deduction user and other information.

In step S302, the initiator terminal 112 may send authorization application data to the electronic authorization deduction server 113.

In step S303, the electronic authorization deduction server 113 may send an instruction message to the client terminal 111 in response to receiving the authorization application data, wherein the instruction message may instruct the client terminal 111 to provide the card input data to the electronic authorization deduction server 113. For example, after the electronic authorization deduction server 113 receives authorization application data (such as the customer's bank account number and transaction information), the electronic authorization deduction server 113 may send an instruction message to the client terminal 111 to request the customer to use the client terminal 111 reads the customer's card to obtain card input data, and provides the card input data to the electronic authorization debit server 113. The client terminal 111 may display a reminder message on the display to request the client to insert the card into the card reader of the client terminal 111.

In step S304, the client terminal 111 can read the client's card to obtain card input data.

In step S305, the client terminal 111 may send the card input data to the electronic authorization deduction server 113.

In step S306, the electronic authorization debit server 113 can decode the card input data to obtain the card data. For example, the electronic authorization debit server 113 can decode the card input data through a card reading component pre-stored in the electronic authorization debit server 113 to obtain card data. The electronic authorization deduction server 113 can also generate authorization data based on the authorization application data and the card data. For example, the electronic authorization debit server 113 can generate authorization data (or identity confirmation data) based on authorization application data (such as the customer's bank account number or transaction information) and card data (such as the transaction verification code in the card, card transaction serial number) .

In step S307, the electronic authorization deduction server 113 may send authorization data (related to the authorization application data and the card input data) to the debit bank terminal 114.

In step S308, the debit bank terminal 114 may generate an authorization result (or identity confirmation result) corresponding to the client terminal 111 according to the authorization data, and store the authorization result. For example, the debit bank terminal 114 may pre-store customer information related to the customers of the customer terminal 111. The debit bank terminal 114 can compare the customer information and authorization data. If the debit bank terminal 114 confirms that the authorization data matches the customer information, the debit bank terminal 114 can generate an authorization result instructing the client terminal 111 to obtain authorization.

In step S309, the debit bank terminal 114 may send an authorization reply (or an identity confirmation reply) (including the authorization result) to the electronic authorization deduction server 113. The electronic authorization deduction server 113 may send the authorization reply to the initiator terminal 112. The initiator terminal 112 may transmit the authorization reply to the client terminal 111.

FIG. 3B is a flow chart of obtaining authorization results through the implementation mode of the forwarding authorization subsystem of the card insertion authorization system 110 according to another embodiment of the creation of the present invention. In step S401, the client can use the client terminal 111 to transmit authorization application materials (or identity confirmation application materials) to the initiator terminal 112. The authorization application information can include the information required to apply for deduction from the bank (for example, debit from the account opened by the customer at the bank), such as the bank branch code or account number. The authorization application data can also include transaction information, such as (but not limited to) the product name, product number, or product price of the product purchased by the customer.

In step S402, the initiator terminal 112 may send a request message to the electronic authorization deduction server 113 in response to receiving the authorization application data, wherein the request message can be used to request the electronic authorization deduction server 113 to start the electronic authorization process.

In step S403, the electronic authorization deduction server 113 may send an instruction message to the client terminal 111 in response to receiving the request message, wherein the instruction message may instruct the client terminal 111 to provide the card input data to the electronic authorization deduction server 113. The client terminal 111 may display a reminder message on the display to request the client to insert the card into the card reader of the client terminal 111.

In step S404, the client terminal 111 can read the client's card to obtain card input data.

In step S405, the client terminal 111 may send the card input data to the electronic authorization deduction server 113.

In step S406, the electronic authorization deduction server 113 can decode the card input data to obtain the card data (for example, the transaction verification code in the card, the card transaction serial number). For example, the electronic authorization debit server 113 can decode the card input data through a card reading component pre-stored in the electronic authorization debit server 113 to obtain card data.

In step S407, the electronic authorization deduction server 113 may send the card data to the initiator terminal 112.

In step S408, the initiator terminal 112 can generate authorization data (or identity confirmation data) based on the authorization application data (for example, the customer's bank account number) and card data (for example, the transaction verification code in the card, the card transaction serial number).

In step S409, the initiator terminal 112 may send the authorization data to the electronic authorization deduction server 113.

In step S410, the electronic authorization deduction server 113 may send authorization data (related to the authorization application data and the card input data) to the debit bank terminal 114.

In step S411, the debit bank terminal 114 may generate an authorization result (or identity confirmation result) corresponding to the client terminal 111 according to the authorization data, and store the authorization result. For example, the debit bank terminal 114 may pre-store customer information related to the customers of the customer terminal 111. The debit bank terminal 114 can compare the customer information and authorization data. If the debit bank terminal 114 confirms that the authorization data matches the customer information, the debit bank terminal 114 can generate an authorization result instructing the client terminal 111 to obtain authorization.

In step S412, the debit bank terminal 114 may send an authorization reply (or an identity confirmation reply) (including the authorization result) to the electronic authorization deduction server 113. The electronic authorization deduction server 113 may send the authorization reply to the initiator terminal 112. The initiator terminal 112 may transmit the authorization reply to the client terminal 111.

After receiving the authorization reply, the client terminal 111 can directly or indirectly (for example, through the initiator terminal 112) communicate with the debit bank terminal 114 to use the debit bank terminal 114 according to the authorization result contained in the authorization reply. Financial deduction service or identity confirmation service. For example, if the authorization result in the authorization reply received by the client terminal 111 indicates that the client terminal 111 is authorized, the client terminal 111 can communicate with the debit bank terminal 114 to use the financial deduction service or identity provided by the debit bank terminal 114 Confirm service. Financial deduction services can include but are not limited to: electronic payment, digital account transfer deposit, insurance premium payment, credit card loan, auto loan, housing loan, consumer loan, school loan, telecommunications fee payment, gas fee payment, water fee payment, delivery Account, sub-account deposit, trust fund transaction, securities trading, delivery account or margin payment.

FIG. 4 is a flowchart of obtaining authorization results through the implementation mode of the general card insertion authorization subsystem of the card insertion authorization system 110 according to an embodiment of the creation of the present invention. In step S501, the client can use the client terminal 111 to transmit authorization application materials (or identity confirmation application materials) to the initiator terminal 112. The authorization application information can include the information required to apply for deduction from the bank (for example, debit from the account opened by the customer at the bank), such as the bank branch code or account number. The authorization application data can also include transaction information, such as (but not limited to) the product name, product number, or product price of the product purchased by the customer.

In step S502, the initiator terminal 112 may decode the card input data to obtain the card data. For example, the initiator terminal 112 can decode the card input data through a card reading component pre-stored in the initiator terminal 112 to obtain card data. The initiator terminal 112 can also generate authorization data based on the authorization application data and the card data. For example, the initiator terminal 112 may generate authorization data (or identity confirmation data) based on authorization application data (such as the customer's bank account number or transaction information) and card data (such as the transaction verification code in the card, the card transaction serial number). The initiator terminal 112 can obtain the card input data through a card reader.

In step S503, the initiator terminal 112 may send the authorization data (related to the authorization application data and the card input data (or card data)) to the electronic authorization deduction server 113.

In step S504, the electronic authorization deduction server 113 may send authorization data (correlated to the authorization application data and the card input data (or card data)) to the debit bank terminal 114.

In step S505, the debit bank terminal 114 may generate an authorization result (or identity confirmation result) corresponding to the client terminal 111 according to the authorization data, and store the authorization result. For example, the debit bank terminal 114 may pre-store customer information related to the customers of the customer terminal 111. The debit bank terminal 114 can compare the customer information and authorization data. If the debit bank terminal 114 confirms that the authorization data matches the customer information, the debit bank terminal 114 can generate an authorization result instructing the client terminal 111 to obtain authorization.

In step S506, the debit bank terminal 114 may send an authorization reply (or identity confirmation reply) including the authorization result to the electronic authorization deduction server 113. The electronic authorization deduction server 113 may send the authorization reply to the initiator terminal 112. The initiator terminal 112 may transmit the authorization reply to the client terminal 111.

Based on the above, the card insertion authorization system 110 of the present invention can use the electronic authorization deduction server to decode the card input data provided by the client terminal, and transmit the authorization data associated with the authorization application data and the card input data to the debit bank terminal. In this way, even if the initiator terminal has not developed a card reading component for its customers to use, the debit bank terminal can also obtain the authorization data related to the card input data through the electronic authorization deduction server.

FIG. 5 is a schematic diagram illustrating a simplified process authorization system 120 according to an embodiment of the new creation. 5, the simplified process authorization system 120 may include a client terminal 121, an initiator terminal 122, an electronic authorization debit server 123, and a debit bank terminal 124.

The client terminal 121 is, for example, an electronic device with computing capability commonly used by general customers, including a smart phone, a tablet computer, or a personal computer. The client terminal 121 may also include a card reading device (such as a contact card reader or a non-contact card reader) to read the card input data of the customer card, where the card includes, for example, an identity card, an insurance card, and a natural person. Vouchers, financial cards or credit cards, etc., the creation of the new model is not limited to this. The client terminal 121 may have input and output components (such as but not limited to: display, touch screen, keyboard or mouse), processing unit (such as but not limited to processor), communication unit (such as various communication chips, mobile Communication chip, Bluetooth chip or WiFi chip, but not limited to this, and storage unit (for example: removable random access memory, flash memory or hard disk, but not limited to, etc.) and other necessary components for running the client terminal 121 .

The initiator terminal 122 can be communicatively connected to the client terminal 121. The initiator terminal 122 is, for example, an electronic device with computing capability. For example, the initiator terminal 122 may be a terminal device of a store selling goods or a server in a bank. The initiator terminal 122 may have input and output components (such as but not limited to: display, touch screen, keyboard or mouse), processing unit (such as processor but not limited to this), communication unit (such as various communication chips) , Mobile communication chip, Bluetooth chip or WiFi chip, etc. but not limited to this) and storage unit (for example: removable random access memory, flash memory or hard disk, etc. but not limited to this) etc. to run the initiator terminal 122 The necessary components.

The electronic authorization deduction server 123 may be communicatively connected to the client terminal 121. The electronic authorization deduction server 123 is, for example, an electronic device with computing capability. The electronic authorization deduction server 123 can have input and output components (such as but not limited to: display, touch screen, keyboard or mouse), processing unit (such as processor but not limited to this), communication unit (such as: various types of Communication chip, mobile communication chip, Bluetooth chip or WiFi chip, but not limited to this, and storage unit (for example: removable random access memory, flash memory or hard disk, etc. but not limited to, etc.) to run electronic authorization A necessary component of the deduction server 123. The electronic authorization deduction server 123 may be a server capable of decoding card input data to obtain card input data. For example, the electronic authorization debit server 123 can provide a card reading component. The card reading component has the function of decoding the input data of the card. After the customer inserts the card into the card reader of the client terminal 121, the electronic authorization debit server 123 can decode the card input data through the card reading element to obtain the card data from the card input data.

The debit bank terminal 124 can be communicatively connected to the electronic authorized debit server 123, the initiator terminal 122, or the client terminal 121. The debit bank terminal 124 is, for example, an electronic device with computing capability. The debit bank terminal 124 may be a terminal device of a bank where the customer has an account. The debit bank terminal 124 may have input and output components (such as but not limited to: display, touch screen, keyboard or mouse), processing unit (such as processor but not limited to this), communication unit (such as various communication chips) , Mobile communication chip, Bluetooth chip or WiFi chip, but not limited to this) and storage unit (for example: removable random access memory, flash memory or hard disk, but not limited to, etc.) and other operating deduction bank terminals 124 necessary components.

FIG. 6 is a flow chart of obtaining authorization results through the simplified process authorization system 120 according to an embodiment of the creation of the present invention. In step S601, the initiator terminal 122 may send authorization application data (or identity confirmation application data) to the electronic authorization deduction server 123. For example, when a customer spends in a store selling goods, the store can use the initiator terminal 122 to transmit authorization application data to the electronic authorization deduction server 123. The authorization application information can include the information required to apply for deduction from the bank (for example, debit from the account opened by the customer at the bank), such as the bank branch code or account number. The authorization application data can also include transaction information, such as (but not limited to) the product name, product number, or product price of the product purchased by the customer. The authorization application materials can also contain basic information about the customer. After receiving the authorization application data from the initiator terminal 122, the electronic authorization deduction server 123 can return the connection information to the initiator terminal 122. The connection information may include information required to establish a connection with the electronic authorization debit server 123. The connection information may also include basic information about the customer. In an embodiment, the authorization application data may be associated with a financial deduction service or an identity confirmation service.

In step S602, the initiator terminal 122 may transmit connection information to the client terminal 121. The initiator terminal 122 may, for example, transmit the connection information to the client terminal 121 in the form of a QR Code.

In step S603, the client terminal 121 can communicate with the electronic authorization deduction server 123 according to the connection information. For example, the client terminal 121 may communicate and connect to the electronic authorization deduction server 123 in a hypertext transfer protocol (HTTP GET) manner according to the connection information.

In one embodiment, the authorization application data may be sent to the electronic authorization deduction server 123 by the client terminal 121. If the connection information obtained by the client terminal 121 includes the client's basic data, the client terminal 121 can generate authorization application data (or identity confirmation application data) based on the client's basic data. For example, when a customer inputs authorization application materials into the client terminal 121, part of the content in the authorization application materials can be automatically filled in by the client terminal 121 according to the customer's basic information, instead of being filled in by the customer.

In step S604, the client terminal 121 may send a message to the electronic authorization deduction server 123, and the message may indicate the authorization method selected by the client. The electronic authorization deduction server 123 may generate authorization data (or identity confirmation data) based on the authorization application data based on the authorization method. Authorization methods include, but are not limited to: card authorization (such as the authorization method provided by the card authorization system 110), online banking dual-factor authorization (such as the authorization method provided by the dual-factor authorization system 130), and one-time password authorization (such as once The authorization method provided by the security password authorization system 140), the securities certificate authorization (such as the authorization method provided by the securities certificate authorization system 150), or the mobile identity authorization (such as the authorization method provided by the mobile identity authorization system 160).

In step S605, the electronic authorization deduction server 123 can transmit the authorization data associated with the authorization application data to the debit bank terminal 124.

In step S606, the debit bank terminal 124 may generate an authorization result (or identity confirmation result) corresponding to the client terminal 121 according to the authorization data, and store the authorization result. For example, the debit bank terminal 124 may pre-store customer information related to the customer of the customer terminal 121. The debit bank terminal 124 can compare the customer information and authorization data. If the debit bank terminal 124 confirms that the authorization data matches the customer information, the debit bank terminal 124 can generate an authorization result instructing the client terminal 121 to obtain authorization

In step S607, the debit bank terminal 124 may send an authorization reply (or an identity confirmation reply) (including the authorization result) to the electronic authorization deduction server 123.

In step S608, the electronic authorization deduction server 123 sends the authorization reply to the client terminal 121, and the initiator terminal 122 can periodically download the authorization result from the electronic authorization deduction server 123.

After receiving the authorization reply, the client terminal 121 can directly or indirectly (for example, through the initiator terminal 122) communicate with the debit bank terminal 124 to use the debit bank terminal 124 according to the authorization result contained in the authorization reply. Financial deduction service or identity confirmation service. For example, if the authorization result in the authorization reply received by the client terminal 121 indicates that the client terminal 121 is authorized, the client terminal 121 can communicate with the debit bank terminal 124 to use the financial deduction service or identity provided by the debit bank terminal 124 Confirm service. Financial deduction services can include but are not limited to: electronic payment, digital account transfer deposit, insurance premium payment, credit card loan, auto loan, housing loan, consumer loan, school loan, telecommunications fee payment, gas fee payment, water fee payment, delivery Account, sub-account deposit, trust fund transaction, securities trading, delivery account or margin payment.

Based on the above, the simplified authorization system 120 created by the present invention can send connection information from the initiator terminal to the client terminal for the client terminal to connect to the electronic authorization deduction server, thereby providing a simplified authorization process.

FIG. 7 is a schematic diagram illustrating a dual-cause authorization system 130 according to an embodiment of the creation of the present invention. Referring to FIG. 7, the dual-cause authorization system 130 may include a client terminal 131, an initiator terminal 132, an electronic authorization deduction server 133, and a debit bank terminal 134.

The client terminal 131 is, for example, an electronic device with computing capabilities commonly used by general customers, including a smart phone, a tablet computer, or a personal computer. The client terminal 131 may have input and output components (such as but not limited to: display, touch screen, keyboard or mouse), processing unit (such as but not limited to processor), communication unit (such as various communication chips, mobile Communication chip, Bluetooth chip or WiFi chip, but not limited to these, and storage units (such as removable random access memory, flash memory, or hard disk, but not limited to, etc.) and other necessary components for running the client terminal 131 .

The initiator terminal 132 may be communicatively connected to the client terminal 131. The initiator terminal 132 is, for example, an electronic device with computing capability. For example, the initiator terminal 132 may be a terminal device of a store selling goods or a server in a bank. The initiator terminal 132 may have input and output components (such as but not limited to: display, touch screen, keyboard or mouse), processing unit (such as processor but not limited to this), communication unit (such as various communication chips) , Mobile communication chip, Bluetooth chip or WiFi chip, but not limited to this) and storage unit (for example: removable random access memory, flash memory or hard disk, etc. but not limited to these), etc. to run the initiator terminal 132 The necessary components.

The electronic authorization deduction server 133 can be communicatively connected to the initiator terminal 132 or the client terminal 131. The electronic authorization deduction server 133 is, for example, an electronic device with computing capability. The electronic authorization deduction server 133 may have input and output components (such as but not limited to: display, touch screen, keyboard or mouse), processing unit (such as: processor but not limited to this), communication unit (such as: various types of Communication chip, mobile communication chip, Bluetooth chip or WiFi chip, but not limited to this, and storage unit (for example: removable random access memory, flash memory or hard disk, etc. but not limited to, etc.) to run electronic authorization A necessary component of the deduction server 133.

The debit bank terminal 134 can be communicatively connected to the electronic authorized debit server 133, the initiator terminal 132 or the client terminal 131. The debit bank terminal 134 is, for example, an electronic device with computing capability. The debit bank terminal 134 may be a terminal device of a bank where the customer has an account. The debit bank terminal 134 may have input and output components (such as but not limited to: display, touch screen, keyboard or mouse), processing unit (such as but not limited to processor), communication unit (such as various communication chips) , Mobile communication chip, Bluetooth chip or WiFi chip, but not limited to this) and storage unit (for example: removable random access memory, flash memory or hard disk, but not limited to, etc.) and other operating deduction bank terminals 134 necessary components.

FIG. 8 is a flow chart of obtaining authorization results through the dual-cause authorization system 130 according to an embodiment of the creation of the present invention. In this embodiment, the client terminal 131 can open a pre-stored online banking application or online banking login page. The online banking application is, for example, provided to the client terminal 131 by the bank where the client has opened an account (for example, the bank holding the debit bank terminal 134). The debit bank terminal 134 may pre-store the online banking account information corresponding to the customer using the client terminal 131. The online banking account information may include, but is not limited to, information such as the customer's unified number, online banking login account number, and password.

In step S801, the initiator terminal 132 may receive authorization application materials (or identity confirmation application materials) from the client terminal 131. The authorization application information can include the information required to apply for deduction from the bank (for example, debit from the account opened by the customer at the bank), such as the bank branch code or account number. The authorization application data can also include transaction information, such as (but not limited to) the product name, product number, or product price of the product purchased by the customer. For example, the client can browse the webpage provided by the initiator terminal 132 through the client terminal 131, and input authorization application information in the webpage. The initiator terminal 132 can obtain the authorization application data from the client terminal 131 from the webpage. In an embodiment, the authorization application data may be associated with a financial deduction service or an identity confirmation service.

In step S802, the electronic authorization deduction server 133 may receive authorization application data from the initiator terminal 132.

In step S803, the debit bank terminal 134 may receive authorization application data from the electronic authorization debit server 133.

In step S804, the debit bank terminal 134 may send the authorization (via the electronic authorization debit server 133 and the initiator terminal 132) in response to the matching of the customer uniform number in the authorization application data with the customer uniform number in the online bank account information Notify to the client terminal 131. For example, if the customer uniform number in the authorization application data matches the customer uniform number in the online banking account information of the debit bank terminal 134, the debit bank terminal 134 may decide to send an authorization notice (or identity confirmation notice) to Client terminal 131.

In step S805, the client terminal 131 can open the online banking application to receive the input data in response to the authorization notification. For example, the client terminal 131 can open an online banking application or an online banking login page. The client terminal 131 may prompt the client to input input data such as an online banking account number and password into an online banking application or an online banking login page.

In step S806, the client terminal 131 electronically authorizes the debit to send the input data to the debit bank terminal 134.

In step S807, the debit bank terminal 134 may respond to the input data and the online banking account information matching, and then use the second factor (such as one-time password, password generator, biometrics) agreed by the debit bank and the customer to perform identity After confirmation, an authorization result (or identity confirmation result) corresponding to the client terminal 131 is generated, and the authorization result is stored. For example, if the online banking login account and password in the input data match the online banking login account and password registered in the debit bank terminal 134 in advance by the customer, then the debit bank of the corresponding debit bank terminal 134 and the debit bank After confirming the identity corresponding to the second factor (such as one-time password, password generator, biometrics) agreed by the client of the client terminal 131, the debit bank terminal 134 may generate an authorization result and store the authorization result.

In step S808, the debit bank terminal 134 may send an authorization reply (or an identity confirmation reply) (including the authorization result) to the electronic authorization deduction server 133. The electronic authorization deduction server 133 may send the authorization reply to the initiator terminal 132. The initiator terminal 132 may transmit the authorization reply to the client terminal 131.

After receiving the authorization reply, the client terminal 131 can directly or indirectly (for example, through the initiator terminal 132) communicate with the debit bank terminal 134 to use the debit bank terminal 134 according to the authorization result contained in the authorization reply. Financial deduction service or identity confirmation service. For example, if the authorization result in the authorization reply received by the client terminal 131 indicates that the client terminal 131 is authorized, the client terminal 131 can communicate with the debit bank terminal 134 to use the financial deduction service or identity provided by the debit bank terminal 134 Confirm service. Financial deduction services can include but are not limited to: electronic payment, digital account transfer deposit, insurance premium payment, credit card loan, auto loan, housing loan, consumer loan, school loan, telecommunications fee payment, gas fee payment, water fee payment, delivery Account, sub-account deposit, trust fund transaction, securities trading, delivery account or margin payment.

Based on the above, the dual-factor authorization system 130 created by the present invention can use dual factors such as authorization application data and input data transmitted by the client terminal to verify the identity of the client, so that the client terminal obtains the authorization to use financial services.

FIG. 9 is a schematic diagram illustrating a one-time password authorization system 140 according to an embodiment of the present invention. 9, the one-time password authorization system 140 may include a client terminal 141, an initiator terminal 142, an electronic authorization debit server 143, and a debit bank terminal 144.

The client terminal 141 is, for example, an electronic device with computing capabilities commonly used by general customers, including a smart phone, a tablet computer, or a personal computer. The client terminal 141 may have input and output components (such as but not limited to: display, touch screen, keyboard or mouse), processing unit (such as but not limited to processor), communication unit (such as various communication chips, mobile Communication chip, Bluetooth chip or WiFi chip, but not limited to these, and storage units (such as removable random access memory, flash memory or hard disk, but not limited to, etc.) and other necessary components for running the client terminal 141 .

The initiator terminal 142 may be communicatively connected to the client terminal 141. The initiator terminal 142 is, for example, an electronic device with computing capability. For example, the initiator terminal 142 may be a terminal device of a store selling goods or a server in a bank. The initiator terminal 142 may have input and output components (such as but not limited to: display, touch screen, keyboard or mouse), processing unit (such as processor but not limited to this), communication unit (such as various communication chips) , Mobile communication chip, Bluetooth chip or WiFi chip, but not limited to this) and storage unit (for example: removable random access memory, flash memory or hard disk, etc. but not limited to this), etc. to run the initiator terminal 142 The necessary components.

The electronic authorization deduction server 143 can be communicatively connected to the initiator terminal 142 or the client terminal 141. The electronic authorization deduction server 143 is, for example, an electronic device with computing capability. The electronic authorization deduction server 143 may have input and output components (such as but not limited to: display, touch screen, keyboard or mouse), processing unit (such as processor but not limited to this), communication unit (such as: various types of Communication chip, mobile communication chip, Bluetooth chip or WiFi chip, but not limited to this, and storage unit (for example: removable random access memory, flash memory or hard disk, etc. but not limited to, etc.) to run electronic authorization A necessary component of the deduction server 143.

The debit bank terminal 144 can be communicatively connected to the electronic authorized debit server 143, the initiator terminal 142 or the client terminal 141. The debit bank terminal 144 is, for example, an electronic device with computing capability. The debit bank terminal 144 may be a terminal device of a bank where the customer has an account. The debit bank terminal 144 may have input and output components (such as but not limited to: display, touch screen, keyboard or mouse), processing unit (such as but not limited to processor), communication unit (such as various types of communication chips) , Mobile communication chip, Bluetooth chip or WiFi chip, but not limited to this) and storage unit (for example: removable random access memory, flash memory or hard disk, but not limited to, etc.) and other operating deduction bank terminals 144 necessary components.

FIG. 10 is a flow chart of obtaining authorization results through the one-time password authorization system 140 according to an embodiment of the creation of the present invention. In this embodiment, the debit bank terminal 144 may pre-store bank account information corresponding to the customer using the client terminal 141, where the bank account information may include bank account number, ID number or serial number and mobile phone number, etc.

In step S1001, the initiator terminal 142 may receive a transaction request from the client terminal 141. The transaction request can include the customer's bank account number. In an embodiment, the transaction request may be associated with a financial deduction service or an identity confirmation service.

In step S1002, the electronic authorization deduction server 143 may receive the transaction request from the initiator terminal 142.

In step S1003, the debit bank terminal 144 may receive the transaction request from the electronic authorized debit server 143.

In step S1004, the debit bank terminal 144 can generate a one-time password and a bank token in response to the transaction request matching the bank account information pre-existing in the debit bank terminal 144.

In step S1005, the debit bank terminal 144 electronically authorizes debit to send a one-time password to the client terminal 141. The client terminal 141 may display the received one-time password on the display of the client terminal 141.

In step S1006, the debit bank terminal 144 may send the bank token to the initiator terminal 142 (via the electronic authorized debit server 143).

In step S1007, the client terminal 141 can receive input data corresponding to the one-time password. For example, the customer can enter a one-time password at the customer terminal 141.

In step S1008, the client terminal 141 can transmit the input data to the initiator terminal 142.

In step S1009, the initiator terminal 142 can generate authorization data (or identity confirmation data) based on the input data, the bank token, and the transaction request.

In step S1010, the initiator terminal 142 may send authorization data to the debit bank terminal 144 (via the electronic authorization deduction server 143).

In step S1011, the debit bank terminal 144 may generate an authorization result (or identity confirmation result) corresponding to the client terminal 141 in response to the authorization data being matched with the one-time password, bank token, and transaction request, and store the authorization result.

In step S1012, the debit bank terminal 144 may send an authorization reply (or an identity confirmation reply) (including the authorization result) to the electronic authorization deduction server 143. The electronic authorization deduction server 143 can send the authorization reply to the initiator terminal 142. The initiator terminal 142 can send the authorization reply to the client terminal 141.

After receiving the authorization reply, the client terminal 141 can directly or indirectly (for example, through the initiator terminal 142) communicate with the debit bank terminal 144 to use the debit bank terminal 144 according to the authorization result contained in the authorization reply. Financial deduction service or identity confirmation service. For example, if the authorization result in the authorization reply received by the client terminal 141 indicates that the client terminal 141 is authorized, the client terminal 141 can communicate with the debit bank terminal 144 to use the financial deduction service or identity provided by the debit bank terminal 144 Confirm service. Financial deduction services can include but are not limited to: electronic payment, digital account transfer deposit, insurance premium payment, credit card loan, auto loan, housing loan, consumer loan, school loan, telecommunications fee payment, gas fee payment, water fee payment, delivery Account, sub-account deposit, trust fund transaction, securities trading, delivery account or margin payment.

Based on the above, the one-time password authorization system 140 created by the present invention can use the debit bank terminal to determine that the transaction request matches the bank account information to generate a one-time password, and the customer enters the one-time password to provide one-time password authorization.

FIG. 11 is a schematic diagram of a securities certificate authorization system 150 according to an embodiment of the new creation. 11, the securities certificate authorization system 150 may include a client terminal 151, an initiator terminal 152, an electronic authorization deduction server 153, and a debit bank terminal 154.

The client terminal 151 is, for example, an electronic device with computing capabilities commonly used by general customers, including a smart phone, a tablet computer, or a personal computer. The client terminal 151 may have input and output components (such as but not limited to: display, touch screen, keyboard or mouse), processing unit (such as but not limited to processor), communication unit (such as various communication chips, mobile Communication chip, Bluetooth chip or WiFi chip, but not limited to this, and storage unit (for example: removable random access memory, flash memory or hard disk, but not limited to, etc.) and other necessary components for running the client terminal 151 .

The initiator terminal 152 can be communicatively connected to the client terminal 151. The initiator terminal 152 is, for example, an electronic device with computing capability. For example, the initiator terminal 152 may be a terminal device of a store selling goods or a server in a bank. The initiator terminal 152 may have input and output components (such as but not limited to: display, touch screen, keyboard or mouse), processing unit (such as processor but not limited to this), communication unit (such as various communication chips) , Mobile communication chip, Bluetooth chip or WiFi chip, but not limited to this) and storage unit (for example: removable random access memory, flash memory or hard disk, etc. but not limited to these), etc. to run the initiator terminal 152 The necessary components.

The electronic authorization deduction server 153 can be communicatively connected to the initiator terminal 152, the client terminal 151, or the identity server 155, where the identity server 155 can be an external server for providing securities certificate verification services (such as TWID ID center). The electronic authorization deduction server 153 is, for example, an electronic device with computing capability. The electronic authorization deduction server 153 can have input and output components (such as but not limited to: display, touch screen, keyboard or mouse), processing unit (such as processor but not limited to this), communication unit (such as: various types of Communication chip, mobile communication chip, Bluetooth chip or WiFi chip, but not limited to this, and storage unit (for example: removable random access memory, flash memory or hard disk, etc. but not limited to, etc.) to run electronic authorization A necessary component of the deduction server 153.

The debit bank terminal 154 may be communicatively connected to the electronic authorized debit server 153, the initiator terminal 152, or the client terminal 151. The debit bank terminal 154 is, for example, an electronic device with computing capability. The debit bank terminal 154 may be a terminal device of a bank where the customer has an account. The debit bank terminal 154 may have input and output components (such as but not limited to: display, touch screen, keyboard or mouse), processing unit (such as but not limited to processor), communication unit (such as various types of communication chips) , Mobile communication chip, Bluetooth chip or WiFi chip, but not limited to this) and storage unit (for example: removable random access memory, flash memory or hard disk, but not limited to, etc.) and other operating deduction bank terminals 154 necessary components.

FIG. 12 is a flow chart of obtaining authorization results through the securities certificate authorization system 150 according to an embodiment of the creation of the present invention. In step S1201, the initiator terminal 152 receives authorization application materials (or identity confirmation application materials) and the securities certificate signature from the client terminal 151. The authorization application information can include the information required to apply for deduction from the bank (for example, debit from the account opened by the customer at the bank), such as the bank branch code or account number. The authorization application data can also include transaction information, such as (but not limited to) the product name, product number, or product price of the product purchased by the customer.

In step S1202, the initiator terminal 152 may send the authorization application data and the signature of the securities certificate to the electronic authorization deduction server 153.

In step S1203, the electronic authorization deduction server 153 may send the securities certificate signature to the identity recognition server 155. The identity server 155 can determine the validity of the securities certificate signature. If the signature of the securities certificate is valid, the identity server 155 can generate a confirmation result corresponding to the signature of the securities certificate, wherein the confirmation result may indicate that the signature of the securities certificate has been verified.

In step S1204, the electronic authorization deduction server 153 can sub-identify the server 155 to receive the confirmation result corresponding to the signature of the securities certificate.

In step S1205, the electronic authorization deduction server 153 can generate authorization data (or identity confirmation data) based on the confirmation result and the authorization application data. For example, if the confirmation result is "securities certificate signature confirmation is valid", the authorization data can record that the securities certificate signature of the client terminal is valid.

In step S1206, the electronic authorization debit server 153 can send the authorization data to the debit bank terminal 154.

In step S1207, the debit bank terminal 154 may generate an authorization result (or identity confirmation result) corresponding to the client terminal 151 based on the authorization data, and store the authorization result.

In step S1208, the debit bank terminal 154 may send an authorization reply (or an identity confirmation reply) (including the authorization result) to the electronic authorization deduction server 153. The electronic authorization deduction server 153 may send the authorization reply to the initiator terminal 152. The initiator terminal 152 can transmit the authorization reply to the client terminal 151.

After receiving the authorization reply, the client terminal 151 can directly or indirectly (for example, through the initiator terminal 152) communicate with the debit bank terminal 154 to use the debit bank terminal 154 according to the authorization result contained in the authorization reply. Financial deduction service or identity confirmation service. For example, if the authorization result in the authorization reply received by the client terminal 151 indicates that the client terminal 151 is authorized, the client terminal 151 can communicate with the debit bank terminal 154 to use the financial deduction service or identity provided by the debit bank terminal 154 Confirm service. Financial deduction services can include but are not limited to: electronic payment, digital account transfer deposit, insurance premium payment, credit card loan, auto loan, housing loan, consumer loan, school loan, telecommunications fee payment, gas fee payment, water fee payment, delivery Account, sub-account deposit, trust fund transaction, securities trading, delivery account or margin payment.

Based on the foregoing, the securities certificate authorization system 150 created by the present invention can provide a securities certificate signature from a client terminal and receive a confirmation result corresponding to the securities certificate signature, thereby enabling the client to obtain authorization to use financial services.

FIG. 13 is a schematic diagram illustrating a mobile identity authorization system 160 according to an embodiment of the present invention. Please refer to FIG. 13, the mobile identity authorization system 160 may include a client terminal 161, an initiator terminal 162, an electronic authorization deduction server 163, and a debit bank terminal 164.

The client terminal 161 is, for example, an electronic device with computing capability commonly used by general customers, including a smart phone, a tablet computer, or a personal computer. The client terminal 161 may have input and output components (such as but not limited to: display, touch screen, keyboard or mouse), processing unit (such as but not limited to processor), communication unit (such as various communication chips, mobile Communication chip, Bluetooth chip or WiFi chip, etc. but not limited to this) and storage unit (for example: removable random access memory, flash memory or hard disk, etc. but not limited to these) and other necessary components for running the client terminal 161 .

The initiator terminal 162 may be communicatively connected to the client terminal 161. The initiator terminal 162 is, for example, an electronic device with computing capability. For example, the initiator terminal 162 may be a terminal device of a store selling goods or a server in a bank. The initiator terminal 162 can have input and output components (such as but not limited to: display, touch screen, keyboard or mouse), processing unit (such as processor but not limited to this), communication unit (such as various communication chips) , Mobile communication chip, Bluetooth chip or WiFi chip, but not limited to this) and storage unit (for example: removable random access memory, flash memory or hard disk, etc. but not limited to these), etc. to run the initiator terminal 162 The necessary components.

The electronic authorization deduction server 163 may be communicatively connected to the initiator terminal 162, the client terminal 161, or the identity recognition server 165. The electronic authorization deduction server 163 is, for example, an electronic device with computing capability. The electronic authorization deduction server 163 may have input and output components (such as but not limited to: display, touch screen, keyboard or mouse), processing unit (such as processor but not limited to this), communication unit (such as various types of Communication chip, mobile communication chip, Bluetooth chip or WiFi chip, but not limited to this, and storage unit (for example: removable random access memory, flash memory or hard disk, etc. but not limited to, etc.) to run electronic authorization A necessary component of the deduction server 163.

The debit bank terminal 164 may be communicatively connected to the electronic authorized debit server 163, the initiator terminal 162, or the client terminal 161. The debit bank terminal 164 is, for example, an electronic device with computing capability. The debit bank terminal 164 may be a terminal device of a bank where the customer has an account. The debit bank terminal 164 may have input and output components (such as but not limited to: display, touch screen, keyboard or mouse), processing unit (such as but not limited to processor), communication unit (such as various communication chips) , Mobile communication chip, Bluetooth chip or WiFi chip, but not limited to this) and storage unit (for example: removable random access memory, flash memory or hard disk, but not limited to, etc.) and other operating deduction bank terminals 164 necessary components.

FIG. 14 is a flow chart of obtaining authorization results through the mobile identity authorization system 160 according to an embodiment of the creation of the present invention. In step S1401, the initiator terminal 162 may receive authorization application materials (or identity confirmation application materials) and basic customer information from the client terminal 161. The authorization application data can include information such as the debiting bank code or bank account information. Basic customer information can include relevant information such as mobile phone number, unified number, or birth date.

In step S1402, the electronic authorization deduction server 163 may receive authorization application information and basic customer information from the initiator terminal 162.

In step S1403, the electronic authorization deduction server 163 may send authorization application data and basic customer information to the debit bank terminal 164.

In step S1404, the electronic authorization deduction server 163 may receive the confirmation result corresponding to the authorization application data and the customer's basic information from the debit bank terminal 164. For example, the debit bank terminal 164 may confirm that the customer's basic information is correct and the bank account in the authorization application data can perform the authorization deduction, and the reply confirmation result is "validated".

In step S1405, the electronic authorization deduction server 163 may send a transaction application including the customer's basic information to the identity server 165 according to the confirmation result. In an embodiment, the transaction application may be associated with a financial deduction service or an identity confirmation service.

In step S1406, the electronic authorization deduction server 163 can sub-identify the server 165 to receive the access token corresponding to the customer's basic data.

In step S1407, the electronic authorization deduction server 163 may send the access token to the client terminal 161 via the initiator terminal 162.

In step S1408, the client terminal 161 can connect to the carrier server 166 after receiving the access token. For example, if the identity software development kit (SDK) of the application of the client terminal 161 (for example, a smart phone) confirms that the access rights are valid, the identity software development kit can retrieve the SIM card number information in the client terminal 161. And the client terminal 161 can send SIM card door number information and basic customer information (mobile phone number, uniform number, date of birth and other related information) (for example, through the fourth-generation mobile communication technology (4G) telecommunication network) to the telecommunication service provider The server 166 is verified by the power provider server 166. The carrier server 166 can verify the SIM card number information and the basic customer data to generate the first verification result.

In step S1409, the client terminal 161 may receive the first verification result corresponding to the SIM card number information and the basic customer information from the carrier server 166.

In step S1410, the client terminal 161 can send the client's basic information and the access token to the identity server 165. For example, the client terminal 161 can send the basic customer information (such as mobile phone number, unified number, or birth date and other related information) and the access token to the identity server 165.

In step S1411, the identity server 165 may send the customer's basic data to the carrier server 166, and the carrier server 166 may generate a second verification result based on the customer's basic data. For example, the identity server 165 may send the basic customer information (such as mobile phone number, uniform number, or birth date and other related information) provided by the customer to the carrier server 166 to generate the second verification result.

In step S1412, the carrier server 166 may send the second verification result to the identity recognition server 165. For example, the carrier server 166 may send the second verification result after the comparison and verification to the identity recognition server 165, and the identity recognition server 165 may generate the third verification result according to the second verification result.

In step S1413, the identity server 165 may send a third verification result corresponding to the client's basic information to the client terminal 161.

In step S1414, the client terminal 161 may transmit the third verification result to the initiator terminal 162.

In step S1415, the initiator terminal 162 may send the authorization application data, the basic customer data, and the access token to the electronic authorization deduction server 163 according to the third verification result. For example, after the initiator terminal 162 receives the third verification result, if the third verification result indicates that the verification is successful, the initiator terminal 162 may send authorization application data, customer basic information, and access tokens to the electronic authorization deduction server 163 for the electronic authorization deduction server 163 to review and confirm with the identity recognition server 165.

In step S1416, the electronic authorization deduction server 163 may send the token to the identity server 165 in response to the access token matching the customer's basic information. After the identity server 165 confirms that the access token matches the customer's basic data, the identity server 165 can generate a corresponding fourth verification result.

In step S1417, the electronic authorization deduction server 163 can sub-identify the server 165 to receive the fourth verification result corresponding to the access token. Electronic authorization deduction.

In step S1418, the electronic authorization deduction server 163 may send authorization data corresponding to the authorization application data and the customer's basic information to the debit bank terminal 164 according to the fourth verification result. For example, if the electronic authorization deduction server 163 determines that the customer has passed the verification of the mobile identity authorization system 160 according to the fourth verification result, the electronic authorization deduction server 163 may send authorization application data (such as bank account) and basic customer information (Mobile phone number, unified number, date of birth and other relevant information) authorization data (or identity confirmation data) to the debit bank terminal 164.

In step S1419, the debit bank terminal 164 may generate an authorization result (or identity confirmation result) corresponding to the client terminal 161 according to the authorization data, and store the authorization result. Specifically, the debit bank terminal 164 can verify whether the authorization application information in the authorization information matches the customer's basic information. If it matches, the debit bank terminal 164 can generate an authorization result.

In step S1420, the debit bank terminal 164 may send an authorization reply (or an identity confirmation reply) (including the authorization result) to the electronic authorization deduction server 163. The electronic authorization deduction server 163 may send the authorization reply to the initiator terminal 162. The initiator terminal 162 can transmit the authorization reply to the client terminal 161.

After receiving the authorization reply, the client terminal 161 can directly or indirectly (for example, through the initiator terminal 162) communicate with the debit bank terminal 164 to use the debit bank terminal 164 according to the authorization result contained in the authorization reply. Financial deduction service or identity confirmation service. For example, if the authorization result in the authorization reply received by the client terminal 161 indicates that the client terminal 161 is authorized, the client terminal 161 may communicate with the debit bank terminal 164 to use the financial deduction service or identity provided by the debit bank terminal 164 Confirm service. Financial deduction services can include but are not limited to: electronic payment, digital account transfer deposit, insurance premium payment, credit card loan, auto loan, housing loan, consumer loan, school loan, telecommunications fee payment, gas fee payment, water fee payment, delivery Account, sub-account deposit, trust fund transaction, securities trading, delivery account or margin payment.

Based on the above, the mobile identity authorization system 160 created by the present invention can obtain authorization to use financial services for the customer or perform identity verification for the customer based on the verification results of the customer's basic information on the identity server and the telecommunication operator's server.

In summary, the authorization system created by the present invention may include sub-systems that provide card-insertion authorization system, simplified process authorization system, dual-factor authorization system, one-time password authorization system, securities certificate authorization system, and mobile identity authorization system. Each subsystem can provide different ways of financial deduction authorization or identity confirmation services. Customers or stores can choose the most suitable financial deduction authorization or identity confirmation service method according to different situations.

Although the creation of this new type has been disclosed in the above embodiments, it is not intended to limit the creation of this new type. Anyone with ordinary knowledge in the technical field can make some changes and changes without departing from the spirit and scope of the creation of the new type. Retouching, so the scope of protection of the creation of this new model shall be subject to the scope of the attached patent application.

100: authorization system 110: Card authorization system 120: Process simplification authorization system 130: Dual-Cause Authorization System 140: One-time password authorization system 150: Securities Certificate Authorization System 160: Mobile Identity Authorization System 170: Controller 111, 121, 131, 141, 151, 161: client terminal 112, 122, 132, 142, 152, 162: Initiator terminal 113, 123, 133, 143, 153, 163: electronic authorization deduction server 114, 124, 134, 144, 154, 164: debit bank terminal 155, 165: Identity server 166: Service provider server S301, S302, S303, S304, S305, S306, S307, S308, S309, S401, S402, S403, S404, S405, S406, S407, S408, S409, S410, S411, S412, S501, S502, S503, S504, S505, S506, S601, S602, S603, S604, S605, S606, S607, S608, S801, S802, S803, S804, S805, S806, S807, S808, S1001, S1002, S1003, S1004, S1005, S1006, S1007, S1008, S1009, S1010, S1011, S1012, S1201, S1202, S1203, S1204, S1205, S1206, S1207, S1208, S1401, S1402, S1403, S1404, S1405, S1406, S1407, S1408, S1409, S1410, S1411, S1412 S1413, S1414, S1415, S1416, S1417, S1418, S1419, S1420: steps

Fig. 1 is a schematic diagram illustrating an authorization system according to an embodiment of the present invention. Fig. 2 is a schematic diagram illustrating a card insertion authorization system according to an embodiment of the present invention. Fig. 3A is a flow chart of obtaining an authorization result through the implementation mode of the forwarding authorization subsystem of the card-insertion authorization system according to an embodiment of the creation of the present invention. Fig. 3B is a flow chart of obtaining authorization results through the implementation mode of the forwarding authorization subsystem of the card insertion authorization system according to another embodiment of the creation of the present invention. Fig. 4 is a flow chart of obtaining authorization results through the implementation mode of the general card insertion authorization subsystem of the card insertion authorization system according to an embodiment of the creation of the present invention. Fig. 5 is a schematic diagram illustrating a simplified process authorization system according to an embodiment of the present invention. Fig. 6 is a flow chart of obtaining authorization results through a simplified process authorization system according to an embodiment of the creation of the present invention. Fig. 7 is a schematic diagram illustrating a dual-cause authorization system according to an embodiment of the present invention. Fig. 8 is a flow chart of obtaining authorization results through a dual-cause authorization system according to an embodiment of the creation of the present invention. Fig. 9 is a schematic diagram illustrating a one-time password authorization system according to an embodiment of the present invention. Fig. 10 is a flow chart of obtaining authorization results through a one-time password authorization system according to an embodiment of the present invention. Fig. 11 is a schematic diagram showing a securities certificate authorization system according to an embodiment of the present invention. Fig. 12 is a flow chart of obtaining authorization results through a securities certificate authorization system according to an embodiment of the creation of the present invention. Fig. 13 is a schematic diagram illustrating a mobile identity authorization system according to an embodiment of the present invention. FIG. 14 is a flow chart of obtaining authorization results through a mobile identity authorization system according to an embodiment of the creation of the present invention.

100: authorization system

110: Card authorization system

120: Process simplification authorization system

130: Dual-Cause Authorization System

140: One-time password authorization system

150: Securities Certificate Authorization System

160: Mobile Identity Authorization System

170: Controller

Claims (27)

An authorization system including: Card authorization system; Simplified process authorization system; Dual-cause authorization system; One-time password authorization system; Securities certificate authorization system; Mobile identity authorization system; and The controller is coupled to the card insertion authorization system, the process simplified authorization system, the dual-factor authorization system, the one-time password authorization system, the securities certificate authorization system, and the mobile identity authorization system, wherein The controller is configured to operate the card insertion authorization system, the process simplified authorization system, the dual-factor authorization system, the one-time password authorization system, the securities certificate authorization system, and the mobile identity authorization system. The authorization system according to claim 1, wherein the card insertion authorization system includes: Client terminal The initiator terminal is communicatively connected to the client terminal, wherein the initiator terminal receives authorization application data from the client terminal; An electronic authorization deduction server, which is communicatively connected to the initiator terminal; and The debit bank terminal is communicatively connected to the electronic authorized debit server, where The electronic authorization deduction server transmits authorization data associated with the authorization application data and card input data to the debit bank terminal, wherein The debit bank terminal generates an authorization result corresponding to the client terminal according to the authorization data, and stores the authorization result. The authorization system according to claim 2, wherein The initiator terminal transmits the authorization application data to the electronic authorization deduction server, where The electronic authorization deduction server decodes the card input data to obtain card data, and generates the authorization data based on the authorization application data and the card data. The authorization system according to claim 2, wherein The electronic authorization debit server decodes the card input data to obtain card data, and transmits the card data to the initiator terminal, wherein The initiator terminal generates the authorization data according to the authorization application data and the card data, and transmits the authorization data to the electronic authorization deduction server. The authorization system according to claim 2, wherein The initiator terminal decodes the card input data to obtain card data, and generates the authorization data according to the authorization application data and the card data, wherein The initiator terminal transmits the authorization data to the electronic authorization deduction server. The authorization system according to claim 2, wherein The debit bank terminal sends an authorization reply to the electronic authorization deduction server, wherein the authorization reply includes the authorization result, wherein The electronic authorization deduction server sends the authorization reply to the initiator terminal, where The initiator terminal transmits the authorization reply to the client terminal. The authorization system according to claim 2, wherein the client terminal communicates with the debit bank terminal according to the authorization result to use the financial deduction service or identity confirmation service provided by the debit bank terminal. The authorization system according to claim 3, wherein The electronic authorization deduction server is communicatively connected to the client terminal, wherein The electronic authorization deduction server transmits an instruction message to the client terminal in response to receiving the authorization application data, wherein the instruction message instructs the client terminal to provide the card input data to the electronic authorization deduction server. The authorization system according to claim 4, wherein The initiator terminal transmits a request message to the electronic authorization deduction server in response to receiving the authorization application data, wherein The electronic authorization deduction server is communicatively connected to the client terminal, wherein The electronic authorization deduction server sends an instruction message to the client terminal in response to receiving the request message, wherein the instruction message instructs the client terminal to provide the card input data to the electronic authorization deduction server Device. The authorization system according to claim 1, wherein the process simplified authorization system includes: Client terminal The initiator terminal is communicatively connected to the client terminal, and transmits connection information to the client terminal; An electronic authorization deduction server communicatively connected to the initiator terminal, wherein the client terminal is communicatively connected to the electronic authorization deduction server according to the connection information; and The debit bank terminal is communicatively connected to the electronic authorized debit server, where The initiator terminal transmits authorization application data to the electronic authorization deduction server, where The electronic authorization deduction server transmits authorization data associated with the authorization application data to the debit bank terminal, wherein The debit bank terminal generates an authorization result corresponding to the client terminal according to the authorization data, and stores the authorization result. The authorization system according to claim 10, wherein the client terminal sends a message to the electronic authorization deduction server, wherein the message indicates an authorization method, and the electronic authorization deduction server generates a message according to the authorization method The authorization information. The authorization system according to claim 11, wherein the authorization method includes at least one of the following: Card authorization, online banking dual-factor authorization, one-time password authorization, securities certificate authorization, and mobile identity authorization. The authorization system according to claim 10, wherein The debit bank terminal sends an authorization reply to the electronic authorization deduction server, wherein the authorization reply includes the authorization result, wherein The electronic authorization deduction server transmits the authorization reply to at least one of the client terminal and the initiator terminal. The authorization system according to claim 10, wherein the client terminal communicates with the debit bank terminal according to the authorization result to use the financial deduction service or identity confirmation service provided by the debit bank terminal. The authorization system according to claim 1, wherein the dual-cause authorization system includes: Client terminal The initiator terminal is communicatively connected to the client terminal, wherein the initiator terminal receives authorization application data from the client terminal; An electronic authorization deduction server, which is communicatively connected to the initiator terminal; and The debit bank terminal is communicatively connected to the electronic authorized deduction server and the client terminal, wherein the debit bank terminal pre-stores the online bank account information corresponding to the client terminal, and debits from the electronic authorization The money server receives the authorization application data, where the online banking account information includes the first customer’s unified number, the online banking login account and password, where The debit bank terminal transmits an authorization notification to the client terminal in response to the second customer uniform number in the authorization application data matching the first customer uniform number in the online bank account information, wherein In response to the authorization notification, the client terminal opens an online banking application or an online banking login screen to receive input data, and transmits the input data to the debit bank terminal, wherein The deducting bank terminal responds to the input data and the online bank account information matching, and then after the deducting bank terminal and the customer agree on the second factor to confirm the identity, generate the corresponding to the client terminal Authorization result, and store the authorization result. The authorization system according to claim 15, wherein The debit bank terminal sends an authorization reply to the electronic authorization deduction server, wherein the authorization reply includes the authorization result, wherein The electronic authorization deduction server sends the authorization reply to the initiator terminal, where The initiator terminal transmits the authorization reply to the client terminal. The authorization system according to claim 15, wherein the client terminal communicates with the debit bank terminal according to the authorization result to use the financial deduction service or identity confirmation service provided by the debit bank terminal. The authorization system according to claim 1, wherein the one-time password authorization system includes: Client terminal The initiator terminal is communicatively connected to the client terminal, wherein the initiator terminal receives a transaction request from the client terminal; An electronic authorization deduction server, which is communicatively connected to the initiator terminal, wherein the electronic authorization deduction server receives the transaction request from the initiator terminal; The debit bank terminal is communicatively connected to the electronic authorized deduction server and the client terminal, wherein the debit bank terminal pre-stores bank account information corresponding to the client terminal, and the debit bank terminal pre-stores the bank account information from the electronic authorized debit server The device receives the transaction request, where The debit bank terminal generates a one-time password and a bank token in response to the transaction request matching the bank account information, transmits the one-time password to the client terminal, and transmits the bank token to all The initiator’s terminal, where The client terminal receives input data corresponding to the one-time password, and transmits the input data to the initiator terminal, wherein The initiator terminal generates authorization data according to the input data and the bank token, and transmits the authorization data to the debit bank terminal, wherein The debit bank terminal generates an authorization result corresponding to the client terminal in response to the authorization data being matched with the one-time password and the bank token, and stores the authorization result. The authorization system according to claim 18, wherein The debit bank terminal sends an authorization reply to the electronic authorization deduction server, wherein the authorization reply includes the authorization result, wherein The electronic authorization deduction server sends the authorization reply to the initiator terminal, where The initiator terminal transmits the authorization reply to the client terminal. The authorization system according to claim 18, wherein the client terminal communicates with the debit bank terminal according to the authorization result to use the financial deduction service or identity confirmation service provided by the debit bank terminal. The authorization system according to claim 1, wherein the securities certificate authorization system includes: Client terminal The initiator terminal is communicatively connected to the client terminal, wherein the initiator terminal receives authorization application materials and securities certificate signatures from the client terminal; An electronic authorization deduction server, which is communicatively connected to the initiator terminal and the identity recognition server, and receives the authorization application data and the securities certificate signature from the initiator terminal; and The debit bank terminal is communicatively connected to the electronic authorized debit server, where The electronic authorization deduction server transmits the securities certificate signature to the identity recognition server to receive a confirmation result corresponding to the securities certificate signature, wherein The electronic authorization deduction server generates authorization data according to the confirmation result and the authorization application data, and transmits the authorization data to the debit bank terminal, wherein The debit bank terminal generates an authorization result corresponding to the client terminal according to the authorization data, and stores the authorization result. The authorization system according to claim 21, wherein The debit bank terminal sends an authorization reply to the electronic authorization deduction server, wherein the authorization reply includes the authorization result, wherein The electronic authorization deduction server sends the authorization reply to the initiator terminal, where The initiator terminal transmits the authorization reply to the client terminal. The authorization system according to claim 21, wherein the client terminal communicates with the debit bank terminal according to the authorization result to use the financial deduction service or identity confirmation service provided by the debit bank terminal. The authorization system according to claim 1, wherein the mobile identity authorization system includes: Client terminal The initiator terminal is communicatively connected to the client terminal, wherein the initiator terminal receives authorization application materials and basic customer information from the client terminal; An electronic authorization deduction server, which is communicatively connected to the initiator terminal and the identity recognition server, and receives the authorization application data and the customer basic information from the initiator terminal; and The debit bank terminal is communicatively connected to the electronic authorized debit server, where The electronic authorization deduction server transmits the basic customer data to the identity recognition server, and receives an access token corresponding to the basic customer data from the identity recognition server, wherein The electronic authorization deduction server transmits the access token to the client terminal via the initiator terminal, wherein After receiving the access token, the client terminal connects to the service provider server, wherein in response to the identity recognition software development kit of the client terminal’s application confirming that the access permission is valid, the identity The identification software development kit takes out the door number information in the client terminal, and sends the door number information and the basic customer data to the telecommunication company server, where The carrier server verifies the house number information and the basic customer data to generate a first verification result, and transmits the first verification result to the client terminal, and the client terminal transmits the basic customer data And the access token to the identity server, where The identity recognition server transmits the basic customer data to the carrier server, wherein the carrier server generates a second verification result according to the basic customer data, wherein The carrier server sends the second verification result to the identity server, wherein the identity server generates a third verification result according to the second verification result, and the identity server sends a corresponding The third verification result of the client's basic information to the client terminal, wherein The client terminal transmits the third verification result to the initiator terminal, wherein The initiator terminal transmits the authorization application data, the basic customer data, and the access token to the electronic authorization deduction server according to the third verification result, wherein the electronic authorization deduction server The server sends the access token to the identity server in response to the access token matching the customer’s basic data, wherein the identity server generates a fourth verification based on the access token As a result, where The electronic authorization deduction server receives the fourth verification result corresponding to the access token from the identity server, and transmits the authorization application data corresponding to the authorization application and all the verification results according to the fourth verification result. The authorization information of the customer’s basic information is sent to the terminal of the debit bank, where The debit bank terminal generates an authorization result corresponding to the client terminal according to the authorization data, and stores the authorization result. The authorization system according to claim 24, wherein The debit bank terminal sends an authorization reply to the electronic authorization deduction server, wherein the authorization reply includes the authorization result, wherein The electronic authorization deduction server sends the authorization reply to the initiator terminal, where The initiator terminal transmits the authorization reply to the client terminal. The authorization system according to claim 24, wherein The electronic authorization deduction server transmits the authorization application data and the customer basic information to the debit bank terminal, and receives from the debit bank terminal corresponding to the authorization application information and the customer basic information The result of the confirmation, where The electronic authorization deduction server transmits the basic customer data to the identity recognition server according to the confirmation result. The authorization system according to claim 24, wherein the client terminal communicates with the debit bank terminal according to the authorization result to use the financial deduction service or identity confirmation service provided by the debit bank terminal.

Images