TWM642404U - System for identity verification applied to financial system - Google Patents
System for identity verification applied to financial system Download PDFInfo
- Publication number
- TWM642404U TWM642404U TW112200425U TW112200425U TWM642404U TW M642404 U TWM642404 U TW M642404U TW 112200425 U TW112200425 U TW 112200425U TW 112200425 U TW112200425 U TW 112200425U TW M642404 U TWM642404 U TW M642404U
- Authority
- TW
- Taiwan
- Prior art keywords
- verification
- financial
- user device
- background
- information
- Prior art date
Links
Images
Abstract
Description
說明書公開一種使用不同裝置進行特定金融服務驗證的技術,特別是一種利用金融資訊機進行跨裝置驗證的身份驗證系統。The description discloses a technology for using different devices to verify specific financial services, especially an identity verification system for cross-device verification using a financial information machine.
在金融科技推波助瀾下,讓民眾更方便地執行各種金融服務,隨之而來的就是加入各種資訊安全的技術,包括各種身份驗證的技術也發展出來。常見的是當使用者要進行特定金融服務時,除了傳統的密碼帳號外,還會要求進行使用者裝置的二次驗證服務,例如存取金融服務的銀行網站會要求使用者註冊時的手機號碼電信服務商進行一次式密碼(OTP)的驗證,讓使用者可以此具有時間限制的一次式密碼驗證自己的身份後,取得金融服務。Fueled by financial technology, it is easier for the public to perform various financial services, followed by the addition of various information security technologies, including the development of various identity verification technologies. It is common that when a user wants to perform a specific financial service, in addition to the traditional password account, a second verification service of the user's device is also required. For example, the bank website for accessing financial services will require the user's mobile phone number when registering Telecom service providers conduct one-time password (OTP) verification, allowing users to obtain financial services after verifying their identity with this time-limited one-time password.
為了要通過一跨裝置驗證以提供更安全的金融服務,揭露書提出一種身份驗證系統,身份驗證系統提出一金融資訊機後台,為以一電腦系統實現針對設於各處的金融資訊機的後台管理伺服器,設於金融系統中,以提供金融資訊機的信息往來的服務,以及一使用者裝置後台,為使用者裝置的後台,連接服務使用者裝置的資料庫,用於提供使用者裝置取得金融服務的驗證服務。In order to provide more secure financial services through a cross-device verification, the disclosure document proposes an identity verification system. The identity verification system proposes a financial information machine background, which is to realize the background of financial information machines located in various places with a computer system. The management server is installed in the financial system to provide the information exchange service of the financial information machine, and a user device background, which is the background of the user device, connected to the database serving the user device, and used to provide the user device Get authentication services for financial services.
在身份驗證系統執行的身份驗證方法中,主要流程包括通過金融資訊機啟動一驗證流程,用於驗證是否允許使用者裝置執行特定金融服務,金融資訊機即產生一請求驗證服務的信息至金融資訊機後台。接著,金融資訊機後台向使用者裝置後台要求產生一驗證資訊,即由使用者裝置後台產生驗證資訊,再將驗證資訊回傳至金融資訊機後台,再轉送至金融資訊機。In the identity verification method implemented by the identity verification system, the main process includes starting a verification process through the financial information machine to verify whether the user device is allowed to perform a specific financial service, and the financial information machine generates a message requesting the verification service to the financial information machine background. Then, the background of the financial information machine requests the background of the user device to generate verification information, that is, the background of the user device generates verification information, and then sends the verification information back to the background of the financial information machine, and then forwards it to the financial information machine.
之後,使用者操作使用者裝置自金融資訊機取得驗證資訊,再傳送至使用者裝置後台,由使用者裝置後台比對接收的驗證資訊以及根據金融資訊機後台要求所產生的驗證資訊,產生一驗證結果,當驗證結果為驗證成功,通知使用者裝置執行金融服務。Afterwards, the user operates the user device to obtain verification information from the financial information machine, and then sends it to the background of the user device, and the background of the user device compares the received verification information with the verification information generated according to the background requirements of the financial information machine to generate a The verification result, when the verification result is successful, the user device is notified to execute the financial service.
優選地,使用者使用可識別身份的金融卡片插入至金融資訊機,以啟動驗證流程。Preferably, the user inserts an identifiable financial card into the financial information machine to start the verification process.
進一步地,金融資訊機通過金融卡片取得使用者識別資料,使用者識別資料即隨同請求驗證服務的信息傳送至金融資訊機後台,再傳遞至使用者裝置後台,使得使用者裝置後台能根據使用者識別資料驗證所接收的驗證資訊。Furthermore, the financial information machine obtains the user identification data through the financial card, and the user identification data is sent to the background of the financial information machine along with the information requesting the verification service, and then to the background of the user device, so that the background of the user device can The verification information received by the identification data verification.
優選地,金融資訊機可自金融卡片或使用者裝置的無線訊號接收使用者識別資料,使用者識別資料隨同請求驗證服務的信息傳送至金融資訊機後台,並傳遞至使用者裝置後台,使得使用者裝置後台能根據使用者識別資料驗證所接收的驗證資訊。Preferably, the financial information machine can receive user identification data from the financial card or the wireless signal of the user device, and the user identification data is sent to the background of the financial information machine along with the information requesting the verification service, and then transmitted to the background of the user device, so that the user can use Or the background of the device can verify the received verification information according to the user identification data.
優選地,使用者裝置可通過二維條碼、推播信息、近場通訊信息或簡訊取得驗證資訊。進一步地,可於金融資訊機的螢幕上顯示二維條碼,或以一射頻信號傳遞近場通訊信息,使執行於使用者裝置中的應用程式接收驗證資訊。Preferably, the user device can obtain the verification information through a two-dimensional barcode, push information, near field communication information or short message. Furthermore, a two-dimensional barcode can be displayed on the screen of the financial information machine, or a radio frequency signal can be used to transmit near field communication information, so that the application program running in the user device can receive the verification information.
進一步地,所述應用程式可為安裝於使用者裝置中的網路銀行或行動銀行應用程式,提供選擇要執行的金融服務,金融服務包括需要通過特定交易安全設計的身份驗證的服務。Further, the application program can be an online banking or mobile banking application program installed in the user's device, providing financial services to be selected for execution, and the financial services include services that require authentication through a specific transaction security design.
進一步地,使用者裝置後台產生驗證資訊的方法包括,先以一亂數產生器產生具有時效性的第一亂數與第二亂數,以儲存裝置儲存第二亂數以及自金融資訊機後台取得的使用者識別資料,接著基於第一亂數與一固定字串,以一雜湊演算法演算一雜湊值,再基於使用者識別資料、雜湊值以及第二亂數,以一密碼演算法演算一次式密碼,此一次式密碼與第一亂數即形成驗證資訊。Further, the method for generating verification information in the background of the user device includes firstly generating a time-sensitive first random number and a second random number with a random number generator, storing the second random number with a storage device, and generating the second random number from the background of the financial information machine. The obtained user identification data, then based on the first random number and a fixed word string, a hash value is calculated by a hash algorithm, and then based on the user identification data, the hash value and the second random number, a cryptographic calculation is performed One-time password, the one-time password and the first random number form verification information.
進一步地,當使用者裝置後台自使用者裝置接收驗證資訊時,將從此驗證資訊取得一次式密碼與第一亂數,再從儲存裝置中取得對應本次驗證程序的第二亂數與使用者識別資料,再次演算用於驗證的另一雜湊值,可稱第二雜湊值,並再次基於使用者識別資料、第二雜湊值與第二亂數,以密碼演算法再次演算用於驗證的一次式密碼,可稱第二一次式密碼,用於驗證自使用者裝置接收的一次式密碼。Further, when the background of the user device receives the verification information from the user device, it will obtain the one-time password and the first random number from the verification information, and then obtain the second random number corresponding to the verification procedure and the user password from the storage device. The identification data, another hash value used for verification is calculated again, which can be called the second hash value, and based on the user identification data, the second hash value and the second random number, the first hash value used for verification is calculated again with a cryptographic algorithm A one-time password, which may be called a second one-time password, is used to verify the one-time password received from the user device.
為使能更進一步瞭解本新型的特徵及技術內容,請參閱以下有關本新型的詳細說明與圖式,然而所提供的圖式僅用於提供參考與說明,並非用來對本新型加以限制。In order to further understand the features and technical content of the present invention, please refer to the following detailed description and drawings related to the present invention. However, the provided drawings are only for reference and description, and are not intended to limit the present invention.
以下是通過特定的具體實施例來說明本創作的實施方式,本領域技術人員可由本說明書所公開的內容瞭解本創作的優點與效果。本創作可通過其他不同的具體實施例加以施行或應用,本說明書中的各項細節也可基於不同觀點與應用,在不悖離本創作的構思下進行各種修改與變更。另外,本創作的附圖僅為簡單示意說明,並非依實際尺寸的描繪,事先聲明。以下的實施方式將進一步詳細說明本創作的相關技術內容,但所公開的內容並非用以限制本創作的保護範圍。The implementation of the invention is described below through specific specific examples, and those skilled in the art can understand the advantages and effects of the invention from the content disclosed in this specification. This creation can be implemented or applied through other different specific embodiments, and the details in this specification can also be modified and changed based on different viewpoints and applications without departing from the idea of this creation. In addition, the drawings of this creation are only for simple illustration, not according to the actual size of the depiction, prior statement. The following embodiments will further describe the relevant technical content of this creation in detail, but the disclosed content is not intended to limit the protection scope of this creation.
應當可以理解的是,雖然本文中可能會使用到“第一”、“第二”、“第三”等術語來描述各種元件或者信號,但這些元件或者信號不應受這些術語的限制。這些術語主要是用以區分一元件與另一元件,或者一信號與另一信號。另外,本文中所使用的術語“或”,應視實際情況可能包括相關聯的列出項目中的任一個或者多個的組合。It should be understood that although terms such as "first", "second", and "third" may be used herein to describe various elements or signals, these elements or signals should not be limited by these terms. These terms are mainly used to distinguish one element from another element, or one signal from another signal. In addition, the term "or" used herein may include any one or a combination of more of the associated listed items depending on the actual situation.
揭露書公開一種應用於金融系統的身份驗證系統,其中主要技術概念使通過使用者裝置與金融資訊機以及各自的後台伺服器相互傳遞的驗證資訊確認使用者可以執行一特定金融服務,實現身份驗證的目標,提供更為安全的金融環境。The disclosure document discloses an identity verification system applied to the financial system, in which the main technical concept is to confirm that the user can perform a specific financial service through the verification information transmitted between the user device, the financial information machine, and the respective background servers, and realize identity verification The goal is to provide a safer financial environment.
先參考圖1顯示執行所述身份驗證方法的系統的架構實施例圖,圖示之系統架構包括通過網路10相互串接的各端裝置,其中主要裝置包括設於客戶端的金融資訊機101(如:ATM機台,或是金融卡等金融卡片的讀卡機)以及設於金融系統伺服器端的金融資訊機後台103,金融資訊機後台103為以電腦系統與資料庫等軟體元件與硬體架構實現針對設於各處的金融資訊機101的後台管理伺服器,可通過網路10提供金融資訊機101的信息往來的服務;使用者則持有執行對應金融系統的特定應用程式(如行動網銀APP)的使用者裝置105,伺服器端則設有對應的使用者裝置後台107,使用者裝置後台107為以電腦系統與資料庫等軟體元件與硬體架構實現針對使用者裝置105中執行的應用程式的管理伺服器,使用者裝置後台107應用上如行動裝置的後台,提供使用者裝置取得金融服務的驗證服務,連接服務使用者裝置105的對應資料庫109,資料庫109內容主要是記錄註冊驗證服務的使用者資料,包括綁定的使用者裝置105的相關資訊。Referring first to FIG. 1 , it shows a diagram of an embodiment of the system architecture for executing the identity verification method. The system architecture shown in the figure includes various terminal devices connected in series through the
根據身份驗證方法的實施方式,主要可分為產生驗證資訊的流程以及執行特定金融服務的流程,其中使用者裝置105取得驗證資訊的方式包含但不限於二維條碼(如QR Code)、推播信息、近場通訊信息(NFC)與簡訊等,並可以直接呈現文字由使用者輸入至使用者裝置105的方式。以下實施例列舉裝置綁定、非約定轉帳以及手機號碼收款設定等的流程,其中驗證資訊的流程主要是通過金融資訊機101機驗證使用者手持的使用者裝置105與使用者身份,藉此安全驗證確認可執行通過使用者裝置105中執行的應用程式提出的金融服務。According to the implementation of the identity verification method, it can be mainly divided into the process of generating verification information and the process of executing specific financial services. The ways for the
運行於身份驗證系統的方法可參考圖1中描述的流程,一開始金融資訊機101經觸發後啟動一驗證流程,用於驗證是否允許執行金融系統提供的一金融服務(步驟S101),其中觸發啟動驗證流程的方式可以是,由使用者插入一金融卡片啟動,或是以使用者裝置105接近金融服務機101,通過其中交換的無線訊號啟動。The method running on the identity verification system can refer to the process described in FIG. 1. At the beginning, the
在上述啟動驗證的流程中,金融資訊機101即接收了使用者識別資料,接著金融資訊機101產生一請求驗證服務的信息至金融系統中的金融資訊機後台103,請求驗證服務將包括使用者識別資料(步驟S103)。In the above-mentioned process of starting verification, the
在上述流程中,金融資訊機101可自金融卡片或使用者裝置105的無線訊號接收使用者識別資料(如user ID),使用者識別資料將隨同請求驗證服務的信息傳送至金融資訊機後台103,請求使用者裝置後台107產生一驗證資訊(步驟S105)。當使用者裝置後台107產生驗證資訊,即將驗證資訊回傳至金融資訊機後台103(步驟S107),再轉送至金融資訊機101(步驟S109)。In the above process, the
金融資訊機101接收到驗證資訊後,可以驗證圖形或是驗證碼的形式提供給使用者裝置105(步驟S111),經使用者裝置105自金融資訊機101取得驗證資訊,再傳送至使用者裝置後台107,使用者裝置後台107將根據取得的使用者識別資料,比對接收的驗證資訊以及在此驗證流程中根據金融資訊機後台103要求所產生的驗證資訊,產生一驗證結果(步驟S113)。之後將驗證結果傳送至使用者裝置105,當驗證結果為驗證成功,即通知使用者裝置105可以繼續執行金融服務(步驟S115)。After the
根據實施方式,相關細節流程可參考圖2顯示運行於使用者裝置105、金融資訊機101、使用者裝置後台107以及金融資訊機後台103之間的身份驗證方法實施例流程圖,以及參考圖3的流程文字說明。According to the embodiment, the relevant detailed process can refer to FIG. 2, which shows the flow chart of an embodiment of the identity verification method running between the
一開始,使用者操作金融資訊機101,例如插入金融卡、信用卡等相關可識別身份的金融卡片,即可通過金融資訊機101執行驗證,其中金融資訊機101可通過金融卡片取得的信息包括使用者識別資料(步驟S301)。另有實施例是由使用者裝置105發出無線訊號,如一種射頻識別訊號(RFID),讓金融資訊機101接收到無線訊號後取得其中識別碼。At the beginning, the user operates the
在此一提的是,驗證流程的主要目的是要驗證使用者操作使用者裝置105所要執行的金融服務,使用者可以通過應用程式選擇要執行的金融服務,特別的是,金融服務可指需要通過特定交易安全設計的身份驗證的服務,如(但不限制)使用者裝置105綁定、轉帳、提款、存款或借貸等,主要是達成客戶可確認各筆交易內容且防止身份確認資料與交易內容被竄改的目標。而此執行金融服務的時機可以在啟動驗證流程之前、之中,或是得到驗證資訊之後。What is mentioned here is that the main purpose of the verification process is to verify the financial service to be executed by the user operating the
接著,金融資訊機101啟動驗證流程,通過網路連線並通知金融資訊機後台103,請求驗證服務(步驟S303),先經金融資訊機後台103回應信息,可以通過金融資訊機101以顯示的信息要求使用者確認開始驗證服務,例如顯示一個開始驗證的按鈕,使用者可以按下確認開始驗證流程(步驟S305)。Then, the
經使用者確認開始驗證流程,相關信息傳送到金融資訊機後台103(步驟S307),再由金融資訊機後台103通知使用者裝置後台107,要求產生驗證資訊,使用者裝置後台107可從接收的信息中取得使用者識別資料(如user ID)(步驟S309)。After the user confirms to start the verification process, the relevant information is sent to the financial information machine background 103 (step S307), and then the financial
在產生驗證資訊的實施例中,使用者裝置後台107將先產生驗證用的數值,舉例來說,可通過亂數產生器產生亂數,根據其中之一實施方式,可提出具有時效性的第一亂數(random1)與第二亂數(random2),可由使用者裝置後台設定一有效時間,過了有效時間即失效,驗證也就失敗。使用者裝置後台107通過其中儲存裝置儲存當下取得的使用者識別資料以及第二亂數,作為之後驗證使用者裝置105傳送的驗證資訊之用(步驟S311)。In the embodiment of generating verification information, the
使用者裝置後台107接著通過一密碼演算法根據取得的資訊(例如使用者識別資料與特定值)演算出一次式密碼(one-time password,OTP),所述特定值可以是通過雜湊演算法(hash algorithm)基於第一亂數與特定數值(如一系統提供的固定字串(fixedstring))演算得出的雜湊值(hash value)(步驟S313)。舉例來說,使用者裝置後台107執行的密碼演算法使用了使用者識別資料(如後台取得的user ID)、基於第一亂數與特定數值演算得出的雜湊值以及第二亂數演算產生提供使用者裝置取得一次式密碼(OTP),並可以是一種基於雜湊信息驗證碼的一次式密碼(HOTP,HMAC-based One-Time Password,HMAC: hashed message authentication code)。The
在此一提的是,上述實施例所描述的亂數與一次式密碼等的描述並非用於限制揭露書提出的身份驗證方法的實施範圍,而是可以應用以密碼學方式傳遞隨機產生的一組隨機值或者是經過演算的任何參數值。What should be mentioned here is that the descriptions of random numbers and one-time passwords described in the above embodiments are not used to limit the scope of implementation of the identity verification method proposed in the disclosure document, but can be used to transfer a randomly generated password in a cryptographic manner. Set random values or any parameter values that have been calculated.
上述一次式密碼與基於本案驗證流程產生的第一亂數將形成驗證資訊,使用者裝置後台107即將此驗證資訊傳送至金融資訊機後台103(步驟S315),再由金融資訊機後台103將驗證資訊轉送至金融資訊機101(步驟S317)。The above-mentioned one-time password and the first random number generated based on the verification process of this case will form verification information, and the
在金融資訊機101中,可以通過轉換程式將一次式密碼(或加上第一亂數)轉換為驗證圖形,此例如QR碼(還可為其他形式的驗證資訊),再將QR碼顯示在螢幕上,作為提供使用者的驗證資料(步驟S319)。另有方法可以使用一種無線驗證碼,如以近場通信(NFC)格式編碼的射頻信號傳遞近場通訊信息,可以通過無線通訊方式傳送至使用者裝置105。In the
當使用者看到驗證圖形或是特定要求驗證的信息時,使用者可在其使用者裝置105上操作應用程式(如網路銀行應用程式(APP)),選擇要執行的金融服務(步驟S321),例如使用者裝置105綁定、轉帳、提款、存款或借貸等。此步驟可以是在上述流程之前、之中或之後進行,接著使用者操作應用程式讀取金融資訊機101上顯示的驗證資訊,或是以無線方式接收到驗證資訊,也就是得到上述使用者裝置後台107為了本次驗證需求產生的一次式密碼(步驟S323)。When the user sees the verification graphic or the information that specifically requires verification, the user can operate an application program (such as an online banking application program (APP)) on the
使用者繼續操作應用程式,將得到的驗證資訊傳送至使用者裝置後台107(步驟S325),由使用者裝置後台107中的驗證程式轉碼為密碼字串後,比對在此流程中產生的一次式密碼,進行驗證(步驟S327),經驗證成功後,將同意使用者繼續執行使用者裝置105上所選擇要進行的金融服務。(步驟S329)。The user continues to operate the application program, and sends the obtained verification information to the user device background 107 (step S325). The one-time password is verified (step S327 ). After the verification is successful, the user is allowed to continue executing the financial service selected on the
進一步地,上述身份驗證方法流程中,其中 特別的是由使用者裝置後台107產生驗證資訊,其中的方法主要可以軟體方法搭配硬體運算的方式,先以一亂數產生器產生具有時效性的第一亂數(random1)與第二亂數(random2),並以一儲存裝置儲存第二亂數以及自金融資訊機後台取得的使用者識別資料,用於之後驗證使用者裝置回傳的驗證資訊之用。Further, in the process of the above-mentioned identity verification method, especially the verification information is generated by the
接著,在使用者裝置後台中,基於第一亂數與一固定字串(fixedstring),以一雜湊演算法演算雜湊值,再基於所述使用者識別資料、雜湊值以及第二亂數,以一密碼演算法演算一次式密碼,此一次式密碼與第一亂數可形成傳送至使用者裝置的驗證資訊。Then, in the background of the user device, based on the first random number and a fixed string (fixed string), a hash value is calculated by a hash algorithm, and then based on the user identification data, the hash value and the second random number, to A cryptographic algorithm calculates a one-time password, and the one-time password and the first random number can form verification information sent to the user device.
在驗證程序中,當使用者裝置從金融資訊機讀取到驗證資訊後,傳送至使用者裝置後台,使用者裝置後台中的軟體程序可以從驗證資訊取得其中的一次式密碼與第一亂數,這時,再從儲存裝置中取得之前儲存的第二亂數與使用者識別資料,再次以相同演算法演算用於驗證的第二雜湊值,並再次基於使用者識別資料、第二雜湊值與第二亂數,以密碼演算法(如方程式一)再次演算出第二一次式密碼,用於比對之前為了本次驗證流程產生的一次式密碼,即驗證自使用者裝置接收的一次式密碼,產生驗證結果。In the verification procedure, after the user device reads the verification information from the financial information machine, it is sent to the background of the user device, and the software program in the background of the user device can obtain the one-time password and the first random number from the verification information , at this time, obtain the previously stored second random number and user identification data from the storage device, calculate the second hash value used for verification with the same algorithm again, and again based on the user identification data, the second hash value and The second random number is to calculate the second one-time password again with a cryptographic algorithm (such as Equation 1), which is used to compare the one-time password generated for this verification process before, that is, to verify the one-time password received from the user device password to generate the verification result.
在此一提的是,身份驗證方法所運用的一次式密碼可以具備時效性,並且其中時間會以使用者裝置後台進行控管;另一實施方式是可採用基於時間的一次性密碼演算法(TOTP algorithm)產生具有時效性的一次式密碼。What is mentioned here is that the one-time password used in the identity verification method can be time-sensitive, and the time will be controlled by the background of the user device; another implementation method can use a time-based one-time password algorithm ( TOTP algorithm) to generate time-sensitive one-time passwords.
在一實施例中,使用者裝置105執行相關金融服務的應用程式,於應用程式執行某特定金融服務時,將等待通過金融資訊機101執行身份驗證的驗證結果,最後,當自使用者裝置105後台取得驗證成功的信息,即繼續執行最初所要進行的金融服務,例如以下實施例所描述的裝置綁定、非約定轉帳與手機號碼收款等服務。In one embodiment, the
身份驗證方法應用於特定交易程序驗證的流程之一可參考圖4所示執行使用者裝置綁定的實施範例流程圖,其中流程可配合圖5A至圖5E。One of the processes of applying the identity verification method to the verification of a specific transaction program can refer to the flow chart of an implementation example of performing user device binding shown in FIG. 4 , wherein the process can cooperate with FIGS. 5A to 5E .
使用者操作一使用者裝置進入一綁定流程(步驟S401),可以運用使用者裝置安裝的一應用程式,如圖5A所示應用程式啟始的一裝置綁定頁面501的實施例示意圖,使用者可以點擊其中按鈕開始綁定流程。The user operates a user device to enter a binding process (step S401), and can use an application program installed on the user device, as shown in Figure 5A, a schematic diagram of an embodiment of a
接著應用程式引導使用者進入如圖5B示意顯示的驗證方法選擇頁面50,所示範例包括有語音OTP503、SIM卡認證504與ATM驗證505等選項,在所述身份驗證方法中主要是通過金融資訊機進行驗證(選項505)(步驟S403)。Then the application program guides the user to enter the authentication
根據上述身份驗證方法流程實施例中,通過金融資訊機啟動驗證流程,由金融資訊機向其後台請求驗證服務,再由金融資訊機後台向使用者裝置後台要求產生驗證資訊,經使用者裝置後台產生本次驗證流程中的驗證資訊後,將通過金融資訊機後台轉送至使用者面前的金融資訊機。According to the embodiment of the above-mentioned identity verification method flow, the verification process is started by the financial information machine, the financial information machine requests verification services from its background, and then the financial information machine background requests the user device background to generate verification information, and the user device background After the verification information in this verification process is generated, it will be transferred to the financial information machine in front of the user through the background of the financial information machine.
當金融資訊機自金融資訊機後台接收驗證資訊時,通過一轉換程式轉換驗證資訊為驗證圖形(如QR碼)、驗證碼字串或一無線驗證碼,使得使用者裝置可以讀取驗證資訊(步驟S405)。實施例之一可參考圖5C所示的ATM驗證掃描頁面506,應用程式啟始一掃描視窗507,用於掃描顯示在金融資訊機上的驗證圖形,實施範例可參考圖5D顯示以使用者裝置50,利用其中應用程式掃描顯示在金融資訊機500上的驗證圖形510,能讀取其中驗證資訊,之後再傳送驗證資訊至使用者裝置後台(步驟S407)。When the financial information machine receives verification information from the background of the financial information machine, a conversion program converts the verification information into a verification pattern (such as a QR code), a verification code string or a wireless verification code, so that the user device can read the verification information ( Step S405). One of the embodiments can refer to the ATM
接著在伺服器端,由使用者裝置後台驗證自使用者裝置傳送的驗證資訊,產生驗證結果,再由使用者裝置接收驗證結果(步驟S409),判斷是否驗證成功(步驟S411)。如果驗證不成功,將終止此裝置綁定流程,顯示驗證錯誤信息(步驟S413);若驗證成功,使用者裝置可接收到相關信息後,如圖5E所示之綁定成功頁面508,讓使用者確認後可點擊其中按鈕後繼續綁定流程(步驟S415)。Next, on the server side, the user device background verifies the verification information sent from the user device to generate a verification result, and then the user device receives the verification result (step S409 ), and determines whether the verification is successful (step S411 ). If the verification is unsuccessful, the device binding process will be terminated, and a verification error message will be displayed (step S413); if the verification is successful, the user device will display the binding
綜上所述,根據上述實施例所描述應用於金融系統的身份驗證系統,因應金融服務愈來愈重視的資安需求,身份驗證的技術概念即以設於各處的金融資訊機(如金融櫃員機ATM或是讀卡機)驗證使用者操作使用者裝置(如手機等行動裝置)所要進行的金融服務,實作即採用兩階段驗證,第一階段驗證即為使用者登入金融機構提供的應用程式,第二階段即通過金融資訊機取得驗證資訊,再由使用者裝置後台進行驗證,如此可有效提升使用者交易安全。To sum up, according to the identity verification system applied to the financial system described in the above-mentioned embodiments, in response to the information security requirements that financial services pay more and more attention to, the technical concept of identity verification is based on the financial information machines (such as financial Teller machine (ATM or card reader) to verify the financial services that users want to perform when operating user devices (such as mobile phones and other mobile devices). The implementation adopts two-stage verification. The first-stage verification is for the user to log in to the application provided by the financial institution In the second stage, the verification information is obtained through the financial information machine, and then verified by the background of the user's device, which can effectively improve the user's transaction security.
以上所公開的內容僅為本新型的優選可行實施例,並非因此侷限本新型的申請專利範圍,所以凡是運用本新型說明書及圖式內容所做的等效技術變化,均包含於本新型的申請專利範圍內。The content disclosed above is only the preferred feasible embodiment of the new model, and does not limit the scope of the patent application of the new model, so all equivalent technical changes made by using the description and drawings of the new model are included in the application of the new model within the scope of the patent.
10:網路 101:金融資訊機 103:金融資訊機後台 105:使用者裝置 107:使用者裝置後台 109:資料庫 50:使用者裝置 500:金融資訊機 510:驗證圖形 501:裝置綁定頁面 502:驗證方法選擇頁面 503:語音OTP 504:SIM卡認證 505:ATM驗證 506:ATM驗證掃描頁面 507:掃描視窗 508:綁定成功頁面 步驟S101~S115身份驗證流程 步驟S301~S329身份驗證流程 步驟S401~S415使用者裝置綁定流程10: Internet 101: Financial information machine 103: Financial information machine background 105: User device 107: User device background 109: Database 50: User device 500: Financial information machine 510: verify graphics 501: Device binding page 502: Verification method selection page 503: Voice OTP 504: SIM card authentication 505: ATM verification 506: ATM verification scan page 507: Scan window 508: binding success page Steps S101-S115 identity verification process Steps S301-S329 identity verification process Steps S401-S415 User Device Binding Process
圖1顯示執行身份驗證方法的系統架構實施例示意圖;Fig. 1 shows the schematic diagram of the embodiment of the system framework of carrying out identity verification method;
圖2顯示運行於使用者裝置、金融資訊機、使用者裝置後台以及金融資訊機後台之間的身份驗證方法實施例流程圖;Figure 2 shows a flow chart of an embodiment of an identity verification method running between the user device, the financial information machine, the background of the user device, and the background of the financial information machine;
圖3顯示為身份驗證方法實施例流程圖;Fig. 3 is shown as the flowchart of identity verification method embodiment;
圖4顯示利用身份驗證方法執行使用者裝置綁定的實施範例流程圖;以及FIG. 4 shows a flow chart of an implementation example of binding a user device using an identity verification method; and
圖5A至圖5E顯示使用者裝置執行裝置綁定的實施例圖。FIG. 5A to FIG. 5E are diagrams showing embodiments of device binding performed by a user device.
101:金融資訊機 101: Financial information machine
103:金融資訊機後台 103: Financial information machine background
105:使用者裝置 105: User device
107:使用者裝置後台 107: User device background
步驟S301~S329:身份驗證流程 Steps S301~S329: identity verification process
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW112200425U TWM642404U (en) | 2023-01-13 | 2023-01-13 | System for identity verification applied to financial system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW112200425U TWM642404U (en) | 2023-01-13 | 2023-01-13 | System for identity verification applied to financial system |
Publications (1)
Publication Number | Publication Date |
---|---|
TWM642404U true TWM642404U (en) | 2023-06-11 |
Family
ID=87804590
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW112200425U TWM642404U (en) | 2023-01-13 | 2023-01-13 | System for identity verification applied to financial system |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWM642404U (en) |
-
2023
- 2023-01-13 TW TW112200425U patent/TWM642404U/en unknown
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11405380B2 (en) | Systems and methods for using imaging to authenticate online users | |
US10475015B2 (en) | Token-based security processing | |
EP2693687B1 (en) | Method for generating a code, authorization method and authorization system for authorizing an operation | |
US8555355B2 (en) | Mobile pin pad | |
RU2698767C2 (en) | Remote variable authentication processing | |
US8869255B2 (en) | Method and system for abstracted and randomized one-time use passwords for transactional authentication | |
US10439813B2 (en) | Authentication and fraud prevention architecture | |
US20120054046A1 (en) | Mobile Payment Using Picture Messaging | |
US20090172402A1 (en) | Multi-factor authentication and certification system for electronic transactions | |
US20150046330A1 (en) | Transaction processing system and method | |
CA3142324A1 (en) | Method, device and system for transferring data | |
EP1807966A1 (en) | Authentication method | |
WO2016022058A1 (en) | Method and system for authenticating a user | |
US20120303527A1 (en) | Process and host and computer system for card-free authentication | |
WO2016022057A1 (en) | Method and system for authenticating a user | |
CN112889046A (en) | System and method for password authentication of contactless cards | |
CN101699892A (en) | Method and device for generating dynamic passwords and network system | |
US20130046689A1 (en) | System and Method for Facilitating Transactions | |
CN103942897A (en) | Method for money withdrawing without card on ATM | |
KR20210039920A (en) | Mobile communication terminal for personal authentification, personal authentification system and personal authentification method using the mobile communication terminal | |
KR20070084801A (en) | Creating and authenticating one time password using smartcard and the smartcard therefor | |
CN101958024B (en) | Financial transaction system, automated teller machine and method for operating automated teller machine | |
CN113169873A (en) | System and method for password authentication of contactless cards | |
TWM642404U (en) | System for identity verification applied to financial system | |
KR20120007434A (en) | Settlement process sever and the driving method |