TWM642599U - identity verification system - Google Patents
identity verification system Download PDFInfo
- Publication number
- TWM642599U TWM642599U TW112202215U TW112202215U TWM642599U TW M642599 U TWM642599 U TW M642599U TW 112202215 U TW112202215 U TW 112202215U TW 112202215 U TW112202215 U TW 112202215U TW M642599 U TWM642599 U TW M642599U
- Authority
- TW
- Taiwan
- Prior art keywords
- verification
- identity
- server
- user device
- user
- Prior art date
Links
Images
Abstract
一種多重確認該用戶身分的系統及裝置,應用於一金融單位的帳戶認證,其訊號連接至少一用戶所屬的一用戶裝置,透過一帳號及密碼的方式登入網路行動銀行網頁進行第一次檢核,進而結合用戶裝置的生物辨識資訊做第二次查核,接著再透過Fast IDentity Online技術,以外部驗證伺服器與電信端伺服器比對用戶資料比對,透過用戶裝置的生物辨識資訊產生的私鑰及行動裝置的電信資訊產生的公鑰加身分資訊檢核後,產生數位簽章綁定用戶得用戶裝置,可有效避免該用戶使用者身分模組被盜用的可能,且其檢核運作方式與現行認證相同不會對用戶造成更多負擔。 A system and device for multiple confirmation of the user's identity, which is applied to the account authentication of a financial institution, and its signal is connected to a user device belonging to at least one user, and the first check is performed by logging in to the webpage of the online mobile bank through an account number and password. Then, combined with the biometric information of the user device for a second check, and then through the Fast IDentity Online technology, the external verification server is compared with the telecommunications server to compare the user data, and the biometric information generated by the user device After verification of the public key and identity information generated by the private key and telecommunications information of the mobile device, a digital signature is generated to bind the user's device, which can effectively prevent the possibility of the user's user identity module being stolen, and its verification operation The method is the same as the current authentication and will not impose more burden on users.
Description
一種身分驗證系統,該用戶利用該行動裝置輸入帳號密碼,進一步通過Fast IDentity Online的技術,銀行端與電信端會對該用戶資料進行比對後,利用該外部驗證伺服器及該用戶行動裝置的生物辨識配對,更進一步完成用戶身分認證。 An identity verification system, the user uses the mobile device to enter the account password, further through Fast IDentity Online technology, the bank and the telecommunications end will compare the user information, and then use the external verification server and the user's mobile device Biometric pairing further completes user identity authentication.
現行銀行帳戶的線上申請僅透過簡訊方式進行與個人行動裝置例如手機等的業務綁定服務,但行動裝置可能會非客戶本人使用或遺失,如此易造成用戶帳戶被誤用或詐騙,或行動裝置是被有心人士盜用或利用使用者身分模組卡(Subscriber Identity Module,SIM)用於其他電信公司申請以至於非法使用。 The current online application for bank accounts is only done through text messages to bind services with personal mobile devices such as mobile phones. Misappropriation or use of Subscriber Identity Module (SIM) for other telecommunications companies to apply for illegal use.
然而電信公司確認在個人資料時並不像銀行專業規定,需核對印鑑,並確認身分證件真偽,再來進行業務申請,因此使得銀行確認客戶留存資料但無法確認客戶真偽,造成客戶的帳戶遭詐騙或是信用受損。 However, the telecommunications company confirms that personal information is not like the bank's professional regulations. It needs to check the seal and confirm the authenticity of the identity certificate before applying for the business. Therefore, the bank confirms the customer's retained information but cannot confirm the customer's authenticity, resulting in the customer's account. Be defrauded or have your credit damaged.
再者,單純透過簡訊方式與客戶聯繫或線上申請業務,其手機的使用者身分模組的驗證核實申請本人確認身分風險掌握在第三方電信公司,會造成銀行進行線上申請核對身分機制風險變高。 Furthermore, simply by contacting customers through SMS or applying for business online, the risk of verifying the identity of the user identity module of the mobile phone is controlled by the third-party telecommunications company, which will cause the risk of the bank's online application verification mechanism to increase. .
為解決上述問題,根據本創作的一實施例,提供一種多重確認該用戶身分的系統及裝置,應用於一金融單位的帳戶認證,其訊號連接至少一用戶所屬的一用戶裝置,透過一帳號及密碼的方式登入網路行動銀行網頁進行第一次檢核,進而結合用戶裝置的生物辨識資訊做第二次查核,接著再透過Fast IDentity Online技術,以外部驗證伺服器與電信端伺服器比對用戶資料比對,透過用戶裝置的生物辨識資訊產生的私鑰及行動裝置的電信資訊產生的公鑰加身分資訊檢核後,產生數位簽章綁定用戶得用戶裝置,可有效避免該用戶使用者身分模組被盜用的可能,且其檢核運作方式與現行認證相同不會對用戶造成更多負擔。 In order to solve the above problems, according to an embodiment of the present invention, a system and device for multiple confirmation of the user's identity are provided, which is applied to account authentication of a financial institution, and its signal is connected to a user device belonging to at least one user, through an account number and Log in to the online mobile banking website with a password for the first check, and then combine the biometric information of the user device for the second check, and then use the Fast IDentity Online technology to compare the external verification server with the telecommunications server User data comparison, after checking the private key generated by the biometric information of the user device and the public key generated by the telecommunications information of the mobile device plus identity information, a digital signature is generated to bind the user device of the user, which can effectively prevent the user from using The possibility of the identity module being stolen, and its verification operation mode is the same as the current authentication will not cause more burden to the user.
100:身分驗證系統 100: Identity Verification System
120:第一驗證模組 120: The first verification module
121:第一認證資訊 121: The first certification information
122:第一驗證代碼 122: The first verification code
140:第二驗證模組 140: The second verification module
141:第二驗證代碼 141: The second verification code
142:生物辨識資訊 142:Biometric information
160:第三驗證模組 160: The third verification module
161:私鑰 161: private key
162:公鑰加身分資訊 162:Public key plus identity information
164:數位簽章 164: Digital signature
200:用戶裝置 200: user device
300:電子信箱 300: E-mail
400:外部驗證伺服器 400: External authentication server
500:電信伺服器 500: Telecom server
圖1所繪為根據本新型之一實施例之一種身分驗證系統的示意圖;圖2所繪為根據本新型之一實施例之一種身分驗證系統的流程圖。 FIG. 1 is a schematic diagram of an identity verification system according to an embodiment of the present invention; FIG. 2 is a flowchart of an identity verification system according to an embodiment of the present invention.
為使所屬技術領域之通常知識者進一步了解本新型創作的技術特徵、內容與優點及其所能達成之功效,以下茲以適當實施例配合圖式之表達形式詳細說明本新型的內容,實施例僅為示意及輔助說明本新型創作之用,非侷限本新型創作於實際實施例上的權利範圍。 In order to make those with ordinary knowledge in the technical field further understand the technical features, content and advantages of this new creation and the effects it can achieve, the content of this new model will be described in detail below in the form of appropriate embodiments in conjunction with drawings. Embodiments It is only for the purpose of illustration and auxiliary explanation of this new creation, and does not limit the scope of rights of this new creation on actual embodiments.
如圖1系統示意圖所示,本創作是一種身分驗證系統100,特別是應用於一金融機構的帳戶身分認證,例如:銀行的儲蓄帳戶等。其中,身分驗證系統100訊號連接至少一用戶所屬的一用戶裝置200以及一外部驗證伺服器400,其中該用戶裝置200可以是一行動電話具備一電信門號用以綁定銀行的儲蓄帳戶使用,而外部驗證伺服器400則於第三驗證模組160再進一步說明。
As shown in the schematic diagram of the system in FIG. 1 , the present invention is an
身分驗證系統100包括:一第一驗證模組120,訊號連接該用戶裝置200,其中儲存複數個註冊用戶資訊,用以接收一第一認證資訊121,第一認證資訊121為用戶裝置200在實體或網路銀行申請帳戶時,銀行給予的帳號及密碼,用以讓用戶裝置200的登入該金融機構網頁的登入資訊。繼續參考圖2的S11到S13步驟說明第一驗證模組120的操作,當該登入資訊與該些註冊用戶資訊(指用戶裝置200留存在銀行的手機號碼及電子信箱)相符時,即產生一第一驗證代碼122,並透過電子信箱300傳輸至用戶裝置200以完成第一驗證模組120的檢核。
The
參考圖1及圖2的S21到S22說明第二驗證模組140的操作模式,用戶裝置200接收到第一驗證代碼122後啟動第二驗證模組140,根據第一驗證代碼122,第二驗證模組140向用戶裝置200取得儲存於其中的生物辨別資訊,也就是第二驗證代碼141,當該第一驗證代碼122以及該第二驗證代碼141均相符時,便產生用戶所屬的一生物辨識資訊142傳輸到外部驗證伺服器400,以完成第二驗證模組140的檢核。
Referring to FIG. 1 and S21 to S22 of FIG. 2, the operation mode of the
由圖1及圖2流程圖的S31到S33繼續說明本創作之第三驗證模組160運作模式,第三驗證模組160主要透過連結電信伺服器500完成外部驗證機制,其中第三驗證模組160已FIDO認證來完成,FIDO是一種簡化身份驗證
的開放式標準,其全稱為“Fast Identity Online”(快速身份線上驗證)通過使用公共金鑰加密技術,為用戶和服務提供者提供更安全和方便的身份驗證方式。
From S31 to S33 of the flow chart in Fig. 1 and Fig. 2, continue to illustrate the operation mode of the
FIDO聯盟是由多個公司組成的聯盟推廣並發展FIDO標準。該標準由兩個主要組成部分組成:Universal Authentication Framework(通用認證框架)和Universal 2nd Factor(通用二次因素)。前者旨在提供各種認證方式的通用框架,包括密碼、生物識別、智慧卡等,後者則利用硬體安全金鑰來為使用者提供更安全的二次驗證方式。FIDO技術被廣泛應用於各種設備和應用程式,包括智慧手機、電腦、網路服務等並由FIDO聯盟所訂定的一套網路識別標準,以確保登入流程中伺服器及終端裝置協定的安全性。而這套識別標準透過公開金鑰加密(Public Key Cryptography)的架構進行多重因素驗證(MFA)以及生物辨識登入來強力且嚴密地保護雲端帳號的個資。 The FIDO Alliance is an alliance of companies promoting and developing the FIDO standard. The standard consists of two main components: Universal Authentication Framework (Universal Authentication Framework) and Universal 2nd Factor (Universal Second Factor). The former aims to provide a common framework for various authentication methods, including passwords, biometrics, smart cards, etc., while the latter uses hardware security keys to provide users with a more secure secondary verification method. FIDO technology is widely used in various devices and applications, including smartphones, computers, network services, etc. It is a set of network identification standards established by the FIDO Alliance to ensure the security of servers and terminal device protocols during the login process sex. And this set of identification standards uses the framework of public key encryption (Public Key Cryptography) to perform multi-factor authentication (MFA) and biometric login to strongly and strictly protect the personal data of cloud accounts.
2007年FIDO聯盟成立至現今,全球知名的第三方支付平台PayPal為了軟體資安的把關,致力於推行一次性密碼(OTP)給其用戶。在2009年,研發指紋辨識的維立科技(Validity Sensors)向PayPal探討以指紋辨識的科技來登入服務的想法及可能性並訂定一套更嚴密的身份識別標準的資安意識。於是FIDO聯盟便於2012年成立了,成員公司PayPal、Lenovo、Validity Sensors等科技巨擘攜手引領了無密碼登入的創新思維,隨後也陸續吸引了Google、微軟、NTT等知名科技公司加入,成員總數也在2016年超過了260家公司,並且持續秉持著三大原則:便於使用(ease of use)、隱私安全(privacy and security)以及標準化。 Since the establishment of the FIDO Alliance in 2007, PayPal, a world-renowned third-party payment platform, is committed to implementing one-time passwords (OTP) to its users for software information security. In 2009, Validity Sensors, which developed fingerprint identification, discussed with PayPal the idea and possibility of using fingerprint identification technology to log in to the service and set a set of stricter identification standards for information security awareness. Therefore, the FIDO Alliance was established in 2012. Member companies such as PayPal, Lenovo, Validity Sensors and other technology giants joined hands to lead the innovative thinking of password-free login, and then attracted well-known technology companies such as Google, Microsoft, and NTT to join. In 2016, there were more than 260 companies, and they continued to uphold three principles: ease of use, privacy and security, and standardization.
IDO所有的協定都是建立於公開金鑰加密(Public Key Cryptography),這樣的架構使「伺服器端將不再保管祕密」。在傳統密碼的
驗證架構中,使用者的終端裝置與伺服器之間互相都知道帳號與密碼,或是以密碼產生的雜湊函式來驗證。另一方面,FIDO則是採用公開金鑰基礎架構的驗證模式,在FIDO認證伺服器端(FIDO Authentication Server)只保存相對應的公鑰,而私鑰則僅保存在使用者的裝置端,因此使用者在登入時只需提供個資給終端裝置解鎖私鑰,再透過這個步驟解鎖公鑰進行登入。所以本創作外部驗證伺服器400即為FIDO認證伺服器端,帳戶使用者的機密個資不再集中於銀行雲端服務的伺服器上管理,而是採用分散式處理的方式將個資分別存放在使用者的終端裝置上,再透過公鑰及私鑰的架構來登入雲端服務,藉以讓使用者的個資就不必被上傳到雲端,除了能有效保護資料,也能讓使用者在登入的過程中更放心。
All of IDO's protocols are based on Public Key Cryptography (Public Key Cryptography). Such a structure makes "the server will no longer keep secrets." in traditional cipher
In the verification framework, the user's terminal device and the server both know the account number and password, or use the hash function generated by the password to verify. On the other hand, FIDO adopts the verification mode of the public key infrastructure. Only the corresponding public key is stored on the FIDO Authentication Server (FIDO Authentication Server), while the private key is only stored on the user's device side. Therefore, When logging in, the user only needs to provide personal information to the terminal device to unlock the private key, and then unlock the public key through this step to log in. Therefore, the
公開金鑰架構分別應用在FIDO的三大認證協議上,分別為FIDO UAF、FIDO U2F以及FIDO2。本創作以FIDO UAF(Universal Authentication Framework)為具體實施的方式,說明如下:UAF是指透過結合生物辨識等認證途徑,提供使用者順暢的無密碼登入體驗。透過安裝在裝置上的FIDO UAF堆疊(stack),使用者可以選擇在終端裝置上透過指紋辨識、聲音辨識、輸入個人識別碼PIN等方式進行線上登入,擺脫傳統輸入冗長密碼的流程。 The public key architecture is applied to the three major authentication protocols of FIDO, namely FIDO UAF, FIDO U2F and FIDO2. This creation uses FIDO UAF (Universal Authentication Framework) as the specific implementation method, and the description is as follows: UAF refers to providing users with a smooth password-free login experience by combining authentication methods such as biometrics. Through the FIDO UAF stack installed on the device, users can choose to log in online through fingerprint recognition, voice recognition, and personal identification code PIN input on the terminal device, getting rid of the traditional process of entering lengthy passwords.
參考圖1及圖2,當生物辨識資訊142傳輸到外部驗證伺服器400也就是FIDO認證伺服器,會啟動FIDO UAF,外部驗證伺服器400依照FIDO標準註冊產生私鑰161並回傳第三驗證模組160,同時以用戶裝置200的電信資訊連結電信伺服器500,依據FIDO標準產生一公鑰加身分資訊162登記於外部驗證伺服器400,此時如S33所述,外部驗證伺服器400此私鑰161對外部驗證
伺服器400提供之亂數(Challenge)進行亂數運算,然後傳到外部驗證伺服器400與對應的公鑰加身分資訊162進行比對確認結合電子憑證(ID)產生一數位簽章164並完成用戶裝置200綁定。
Referring to Figures 1 and 2, when the
本新型在本文中僅以較佳實施例揭露,然任何熟習本技術領域者應能理解的是,上述實施例僅用於描述本新型,並非用以限定本新型所主張之專利權利範圍。舉凡與上述實施例均等或等效之變化或置換,皆應解讀為涵蓋於本新型之精神或範疇內。因此,本新型之保護範圍應以下述之申請專利範圍所界定者為準。 The present invention is only disclosed in preferred embodiments, but anyone skilled in the art should understand that the above embodiments are only used to describe the present invention, and are not intended to limit the scope of patent rights claimed by the present invention. All changes or substitutions that are equal or equivalent to the above-mentioned embodiments should be interpreted as falling within the spirit or scope of the present invention. Therefore, the scope of protection of the present invention should be defined by the scope of the following patent application.
100:身分驗證系統 100: Identity Verification System
120:第一驗證模組 120: The first verification module
121:第一認證資訊 121: The first certification information
122:第一驗證代碼 122: The first verification code
140:第二驗證模組 140: The second verification module
141:第二驗證代碼 141: The second verification code
142:生物辨識資訊 142:Biometric information
160:第三驗證模組 160: The third verification module
161:私鑰 161: private key
162:公鑰加身分資訊 162:Public key plus identity information
164:數位簽章 164: Digital signature
200:用戶裝置 200: user device
300:電子信箱 300: E-mail
400:外部驗證伺服器 400: External authentication server
500:電信伺服器 500: Telecom server
Claims (7)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW112202215U TWM642599U (en) | 2023-03-13 | 2023-03-13 | identity verification system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW112202215U TWM642599U (en) | 2023-03-13 | 2023-03-13 | identity verification system |
Publications (1)
Publication Number | Publication Date |
---|---|
TWM642599U true TWM642599U (en) | 2023-06-11 |
Family
ID=87805036
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW112202215U TWM642599U (en) | 2023-03-13 | 2023-03-13 | identity verification system |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWM642599U (en) |
-
2023
- 2023-03-13 TW TW112202215U patent/TWM642599U/en unknown
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106664208B (en) | System and method for establishing trust using secure transport protocol | |
CA2875563C (en) | Enchanced 2chk authentication security with query transactions | |
US20130166450A1 (en) | Identity Verification System Using Network Initiated USSD | |
CN106027501B (en) | A kind of system and method for being traded safety certification in a mobile device | |
Gupta et al. | A new framework for credit card transactions involving mutual authentication between cardholder and merchant | |
WO2009094949A1 (en) | Creditable remote service method and system | |
TWI632798B (en) | Server, mobile terminal, and network real-name authentication system and method | |
CN109308416B (en) | Business service data processing method, device, system, storage medium and equipment | |
TWI640189B (en) | System for verifying a user's identity of telecommunication certification and method thereof | |
CN103401686B (en) | A kind of user's OTP WEB Authentication System and application process thereof | |
WO2010128451A2 (en) | Methods of robust multi-factor authentication and authorization and systems thereof | |
WO2017016039A1 (en) | Method and device for transferring business data between accounts | |
CN117336092A (en) | Client login method and device, electronic equipment and storage medium | |
TW201328280A (en) | Instant communication identity authentication system and method | |
TWI753102B (en) | Real-name authentication service system and real-name authentication service method | |
TWM642599U (en) | identity verification system | |
WO2011060739A1 (en) | Security system and method | |
KR101400736B1 (en) | Telephone certification system and method for providing non-repudiation function conjoined with trusted third party | |
US20240005312A1 (en) | Multi-Factor User Authentication Using Blockchain Tokens | |
TWI778319B (en) | Method for cross-platform authorizing access to resources and authorization system thereof | |
TWI569168B (en) | Mobile device application authentication system and method | |
CN117097508A (en) | Method and device for cross-device security management of NFT (network File transfer protocol) | |
KR101267489B1 (en) | Method and system for preventing phishing fraud using call authentication | |
CN114549192A (en) | Mobile terminal digital currency transaction method free of digital wallet installation | |
CN117396866A (en) | Authorized transaction escrow service |