201101215 六、發明說明: 【發明所屬之技術領域】 本發明主要關於一種安全認證技術,特別係有關於一 種雙因子線上交易(online transaction )安全認證方法及系 統0 【先前技術】 隨著網路的普及與相關應用的迅速發展,使得傳統商 業行為的一部份逐漸轉向於線上進行,而由於線上交易所 具備的便利性讓人們在不需出門的情況下即可在網路上尋 得所需之商品並進行交易,所以線上交易的數量在近年來 呈倍數快速成長。然而,線上交易是透過網路遠端進行, 在父易款項的給付上必須仰賴特定的貨幣種類,例如.作 用卡金融卡等機制,而該等機制於交易過程中必項透過 網路傳送的交易資料包括有使用者資料及貨款資料,因 此,線上交易比起傳統的商業行為更需要有一套安全性佳 的認證方法以保護使用者資料。其它相關應用諸如:網^ 銀行、證券期貨下單、自然人資料查詢等也同樣需要安全 認證方法來保護使用者資料。 —I前市面上常見的安全認證方法可分為兩類,其〜為使用 固定密碣,使用者在電腦上輪入使用者名稱與固定密螞’、',、此方 法的問題是透過網際網路傳送資料時,容易被網路=侧 錄或監聽,造成資料外洩,所以安全性不足;其一·Λ 動態密碼(One Time password,0ΤΡ ),根據不 =用 NMI98005/0213-A42053TW-f 一 入勿或同一 201101215 交易中的不同事件隨機產生不同的密碼,由於—個密喝只使用 一次,所以可以防堵密碼被盜取的問題,而此方法又可依其所 搭配之硬體裝置分為三種型式: ' (一) 使用外接的手持動態密碼硬體: 運用動態密碼產生器或晶片金融卡搭配讀卡機,隨機 產生該次父易的動態密碼,然而,此方法採購與建置成本 較馬且使用者需額外保管裝置並隨身攜帶,使用上並不方 便。 (二) 使用具動態密碼運算功能之手機: 運用具有動態密碼運算功能之手機運算產生動態密 碼,不需使用額外的裝置,安全性高且不增加使用者負擔, 然而’具有動態搶碼運鼻功能之手機屬於高階手機’導入門 檻高’且目前市面上此種手機普及率低。 (三) 使用簡訊(Short Message Service,SMS )搭配 一般手機: 由服務端產生動態密碼後,透過簡訊將動態密碼發送 到使用者的手機上’可減輕使用者負擔且所有手機皆可支 援’然而,簡訊的保密安全性不高且當手機失竊或用戶識 別模組(Subscriber Identity Module,SIM)卡遭冒用時, 他人可以接收動態密碼後,假冒該用戶進行交易。 【發明内容】 因此,本發明之目的在於提供一種安全性高、導入門 檻低、且普及度高的線上交易安全認證方法,運用手機的用 NMI98005/0213-A42053TW-f 201101215 二::模組卡以及使用者密碼等雙因子,提高線上交易之 證系、ί發Γ括之交實易供了 一種雙因子線上交易安全認 父易伺服盜、一用戶端電腦、以及一 =電= = =線接收來自上述 驗證碼,將上述第一驗證❹ 通訊裝置,以及以一第二驗證函式、 一使用者密碼驗證上述用戶 " 以及 加密後m & 電 戶端電腦係用以將 达第i碼解密取得上述第一驗證碼,以上 述第一驗證函式、上述第一驗鐵 以上 證上述交易彻哭 以及一使用者密碼驗 二驗證碼並透過上述網路連線傳送至上述交易伺服i述第 置具有接ί簡訊之功能,係用以接收簡訊 一方^ t另一實施例提供了—種雙因子線上交易安全 包括—用戶端電腦透過一網路連線傳送一交易靖 生一第服器;上述交易伺服驗證函式i 生、第:驗也碼;上述交易伺服器將上述第一驗 並透過簡訊傳送至一行動通訊裝置 ·‘'口 *、 =後的上逃第-驗賴解密取得上述第—驗 戶端電腦以上述第-驗證函式、上述第—驗證石馬、=用 使交μ㈣;上述用戶端電腦以 一驗=函式產生-第二驗證碼並透過上述網路連線 上述父易伺服器;以及上述交易伺服器以上述第二驗證函 /VMS50i75/0213-A42053TW-f 201101215 式、上述第二驗證竭、以及上述使用者密碼驗證上 端電腦。 尸 關於本發明其他附加的特徵與優點,此領域之熟習技 術人士,在不脫離本發明之精神和範圍内,當可根^本案 實施方法中所揭露在行動通訊系統中執行聯繫程序之使用 者裝置、系統、以及方法,做些許的更動與潤飾而得到。 【實施方式】 ❹ ❹ 為使本發明之上述目的、特徵和優點能更明顯易懂, 下文特舉一些較佳實施例,並配合所附圖式,作詳細說明 如下: 第1圖為根據本發明一實施例所述之雙因子線上交易 安全認證系統之示意圖。雙因子線上交易安全認證系統 100包含有代表使用者110之電子裝置_用戶端電腦m 與行動通訊裝置112’以及交易伺服器120。其中用戶端電 腦ill與交易伺服器120係分別連接於網際網路13〇,並 透過網際網路130相互傳遞資料以進行線上交易所需之訊 息溝通,此外’行動通域置112透過無線通訊連二於;于 動通訊系統140,而行動通訊系統14〇則進一步與網際網 路130連接’使得連接至網際網路13〇的任何電腦能夠在 知悉行動通訊裝置i 12之門號或用戶識別模組( identify Module,SIM)糾的前提下,傳送簡訊至行 訊裝置112。 第2圖為根據本發明—實施倒所述之雙因子線上交易 Λ/Μ550ί?5/0213-A42053TW-f 201101215 女全§忍s登方法之訊息序列圖。第2圖所不之§凡息序列係根 據第1圖之雙因子線上交易安全認證系統所進行。根據一 般線上交易模式,使用者110在進行線上交易之前會先透 過用戶端電腦111連結上交易伺服器120,並瀏覽交易伺 服器120所提供之線上交易網頁’經由該線上交易網頁向 交易伺服器120註冊其使用者識別代號與使用者密碼,若 該線上交易方法需要利用使用者110之行動通訊裝置112 協助進行’則行動通訊裝置112之用戶識別模組號碼,即 手機門號’也需於註冊時一併填入。 如第2圖所示,當使用者110欲進行線上交易時,會 操作用戶端電腦111發出交易請求至交易伺服器120 (步 驟S201),交易伺服器120在收到交易請求後,以第一驗 證函式產生第一驗證碼(步驟S202),並將第一驗證碼加 密後透過簡訊傳送至行動通訊裝置U2 (步驟S2〇3),使 用者110在收到簡訊後,將簡訊所含之密文以及使用者密 碼手動輸入用戶端電腦U1 (步驟S2〇4),用戶端電腦ui 進行解碼以取得第-驗證碼(步驟S2G5),用戶端電腦iu 進步以第-驗證函式、第一驗證蜂、以及使用者密碼驗 證交易伺服器no (步驟S206),然後繼續以第二驗證函 式產生第二驗證碼並傳送至交易词服器酬步驟謂)。 交易舰器m在收到第二驗_後,以第二驗證函式、 第-驗證碼、以及使用者密碼驗證用戶端電腦⑴是 法(步驟S208)。 由用戶 其中上述關於第-驗證碼之加密與解密可使用 NMI98005/Q213-A42053TW-f 201101215 端電腦111與交易伺服器120所共同協商產生的共用通訊 金鑰來進行,而該金鑰協商程序可採用迪菲赫夫曼 (Diffie-Hellman )協定、類安全資料傳輸層(SSL(Secure201101215 VI. Description of the Invention: [Technical Field] The present invention relates to a security authentication technology, in particular to a two-factor online transaction security authentication method and system 0 [Prior Art] With the network The rapid development of popularization and related applications has gradually shifted part of traditional business practices to online, and the convenience of online transactions allows people to find what they need on the Internet without going out. Commodities are traded, so the number of online transactions has grown exponentially in recent years. However, online transactions are conducted through the remote end of the network. In the payment of the parent's money, it is necessary to rely on a specific currency type, such as a card-funding card, which must be transmitted through the network during the transaction. The information includes user data and payment information. Therefore, online transactions require a more secure authentication method to protect user data than traditional business practices. Other related applications such as: network ^ bank, securities futures orders, natural person data query, etc. also need security authentication methods to protect user data. - The common security authentication methods on the market before I can be divided into two categories. The use of fixed passwords is used by users to insert user names and fixed secrets on the computer. The problem with this method is through the Internet. When the network transmits data, it is easy to be screened or monitored by the network = the data is leaked, so the security is insufficient; the one is Λ dynamic password (One Time password, 0ΤΡ), according to the non-use NMI98005/0213-A42053TW- f One entry or the same event in the same 201101215 transaction randomly generates different passwords. Because it is used only once, it can prevent the password from being stolen, and this method can be based on the hardware it is equipped with. The device is divided into three types: ' (1) Using an external handheld dynamic password hardware: Using a dynamic password generator or a chip financial card with a card reader, the dynamic password of the parent is randomly generated. However, this method is purchased and built. The cost is higher than the horse and the user needs to keep the device and carry it with him. It is not convenient to use. (2) Using a mobile phone with dynamic cryptographic operation function: Using a mobile phone with dynamic cryptographic computing function to generate a dynamic password, without using an extra device, high security and no burden on the user, but 'has a dynamic rushing nose The function of the mobile phone belongs to the high-end mobile phone 'import threshold is high' and the current popularity of such mobile phones on the market is low. (3) Using Short Message Service (SMS) with a normal mobile phone: After the dynamic password is generated by the server, the dynamic password is sent to the user's mobile phone through the short message, which can reduce the burden on the user and can be supported by all mobile phones. The privacy of the newsletter is not high. When the mobile phone is stolen or the Subscriber Identity Module (SIM) card is fraudulently used, the user can fake the user and then perform the transaction. SUMMARY OF THE INVENTION Therefore, the object of the present invention is to provide an online transaction security authentication method with high security, low import threshold, and high popularity. The NMI98005/0213-A42053TW-f 201101215 two:: module card is used for mobile phones. And the user password and other two factors, improve the online transaction of the card system, the Γ Γ 实 实 实 实 供 供 供 供 供 供 供 供 供 供 供 供 供 供 供 供 供 供 供 供 供 供 供 供 供 供 供 供 供 供 供 供 供Receiving the verification code from the above, the first verification 通讯 communication device, and verifying the user by a second verification function, a user password, and the encrypted m & The first decryption code is obtained by the code decryption, and the first verification function, the first iron verification certificate, the above-mentioned transaction crying, and a user password verification verification code are transmitted to the transaction servo through the network connection. The first function of receiving a short message is for receiving a short message. Another embodiment provides a two-factor online transaction security including: a client computer through a network The connection transmits a transaction to the Jingsheng one server; the above-mentioned transaction servo verification function i, the first: the code is also verified; the above transaction server transmits the first test and transmits the message to a mobile communication device, 'port* = After the escape - the first verification, the above-mentioned first-verification computer, the above-mentioned first-verification function, the above-mentioned first-verification stone horse, = use the intersection of μ (four); the above-mentioned user-side computer is generated by a test = function a second verification code for connecting to the parent server via the network; and the transaction server using the second verification letter/VMS50i75/0213-A42053TW-f 201101215, the second verification, and the user Password verification of the upper computer. </ RTI> </ RTI> <RTIgt; </ RTI> <RTIgt; </ RTI> <RTIgt; </ RTI> <RTIgt; </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> </ RTI> <RTIgt; Devices, systems, and methods are made with a few changes and retouching. DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS In order to make the above objects, features and advantages of the present invention more comprehensible, the following detailed description of the preferred embodiments of the invention A schematic diagram of a two-factor online transaction security authentication system according to an embodiment of the invention. The two-factor online transaction security authentication system 100 includes an electronic device _ user computer m and mobile communication device 112' representing the user 110 and a transaction server 120. The client computer ill and the transaction server 120 are respectively connected to the Internet 13 and communicate with each other through the Internet 130 to communicate the information required for online transactions, and the mobile terminal 112 is connected through the wireless communication. Second, the communication system 140 is activated, and the mobile communication system 14 is further connected to the Internet 130' so that any computer connected to the Internet 13 can know the mobile communication device or the user identification module. Under the premise of the identification (identification, SIM), the short message is transmitted to the communication device 112. Fig. 2 is a message sequence diagram of a two-factor online transaction according to the present invention-implemented Λ/Μ550ί?5/0213-A42053TW-f 201101215. The § sequence in Figure 2 is based on the two-factor online transaction security certification system in Figure 1. According to the general online transaction mode, the user 110 first connects to the transaction server 120 through the client computer 111 before browsing the online transaction, and browses the online transaction webpage provided by the transaction server 120 via the online transaction webpage to the transaction server. 120 registers its user identification code and user password. If the online transaction method needs to use the mobile communication device 112 of the user 110 to assist the user identification module number of the mobile communication device 112, that is, the mobile phone door number is also required. Fill in with the registration. As shown in FIG. 2, when the user 110 wants to conduct an online transaction, the client computer 111 is operated to issue a transaction request to the transaction server 120 (step S201), and the transaction server 120 first receives the transaction request. The verification function generates a first verification code (step S202), and the first verification code is encrypted and transmitted to the mobile communication device U2 through the short message (step S2〇3), and the user 110 receives the short message and then includes the short message. The ciphertext and the user password are manually input into the client computer U1 (step S2〇4), the client computer ui decodes to obtain the first verification code (step S2G5), and the client computer iu progresses to the first verification function, first The verification bee and the user password verification transaction server no (step S206), and then continue to generate the second verification code in the second verification function and transmit to the transaction word processor step). After receiving the second verification _, the transaction ship m verifies the client computer (1) by the second verification function, the first verification code, and the user password (step S208). The encryption and decryption of the above-mentioned first-verification code by the user may be performed by using a shared communication key generated by the NMI98005/Q213-A42053TW-f 201101215 end computer 111 and the transaction server 120, and the key negotiation procedure may be performed. Adopt Diffie-Hellman protocol, class-safe data transfer layer (SSL (Secure
Sockets LayerHike)協定、或金鑰分配協定(key出批化此⑽ protocol),其中上述之類安全資料傳輸層協定包括一般安全 資料傳輸層協定、使用RSA演算法之安全資料傳輸層協定、 以及使用迪菲赫夫曼演算法之安全#料傳輸層協定。且該金 Ο 〇 鑰協商程序可針對單次線上交易進行以得到一僅供單^使 用之共用通訊金鍮,或者可針對多次線上交易進行以得到 一供多次使用之共用通訊金鑰,前者由於每次線上交易 會重新產生共料訊金餘,因此安全性較佳;而後者 進行-次金鑰協商程序取得—共用通訊金鑰後即可適用、 多次連續的線上交易’因此就計算資源上較前者來' 但安全性則較低。 由於上述步驟同時運用了行動通訊裝置 112接收密女 簡訊,再加上交易進行前於交易舰器12G註冊的使用去 密碼’因此可避免因為手機失竊造顧戶識職組卡遭田 用而使得不法人士獲取上述之飧目 使獲取上狀蚊簡訊,在沒有使时密碼 1 無法通過本發明實施你丨%、+、 卜 亦 良苑例所述之身份認證,所以此 =本r:=:r 一方法具有二 者110必須耗時將之丰t k成使用 之另-實施例中可將輪::用戶端電腦111 ’在本發明 达加费後的第一驗證礴切割為 WM9S〇〇5/〇213-A42053TW-f 4 °Γ 201101215 分,其中第一部份透過簡訊傳送至行動通訊裝置1丨2,而 第二部分則透過上述網路連線傳送至用戶端電腦1〗丨,待 使用者110將簡訊所含之第一部份輸入用戶端電腦nl 後,再由用戶端電腦111將第一部份與第二部份重組,以 進行後續解密程序,如此一來,便可減輕使用者的負擔。 第3圖為根據本發明一實施例所述之雙因子線上交易 安全認證方法之流程圖。首先,當使用者11()欲進行線上 交易時,會操作用戶端電腦lu透過網路連線傳送交易請 求至交易舰器12G (步驟㈣),交易祠服器12〇在收 到交易請求後,以第_賴函式產生第―驗證碼(步驟 S302),將第-贿喝加雜料簡訊料至行動通訊裝 置112 (步驟S3G3) ’使用者在收到簡訊後,將簡訊所含 之密文手動輸入用戶端電腦⑴,用戶端電腦iu將加 後的第-驗證碼解碼取得第—驗證碼(步驟S3Q4) 用戶端電腦111進-步以第—驗證函式、第一驗證竭 及使用者密碼驗證交易伺服器12G (步驟S3Q5),再 以第二驗證函式產生第二驗證碼並透過網路連線傳送: 易伺服器120 (步驟S3〇6),而交易飼服器12〇在收^ 二驗證碼後’以第二驗證函式、第二驗證碼、以及使 密碼驗證用戶端電腦m (步驟S307),流程結束。 第4圖係根據本發明一實施例所述之使用迪菲赫 協定之雙因子線上交易安全認證方法之訊息序列圖又 者110在進行線上交易之前會先透過用戶端電腦111 ^ 上交易伺服器120,並澍覽交易伺服器12〇所提供之線: NM/98005/0213-A42053TVJ-{ 201101215 交易網頁(步驟S401),使用者110可經由該線上交易網 頁向交易伺服器120註冊其使用者識別代號、使用者密 碼、以及行動通訊裝置112之用戶識別模組號碼(手機門 號)(步驟S402),並且交易伺服器120會於線上交易網 頁上提示用戶端電腦111下載後續線上交易程序中會使用 到的安全認證相關設定(步驟S403),包括金鑰協商協定、 第一驗證函式、第二驗證函式、以及第三驗證函式。其中 ❹ 上述步驟S402與S403亦可於該次線上交易之前進行,意 即於步驟S401之前即完成。在此實施例中所使用之金鑰協 商程序係採用迪菲赫夫曼(Diffie-Hellman)協定。 接下來,當使用者110欲進行線上交易時,會操作用 戶端電腦111以迪菲赫夫曼協定進行金鑰協商程序,首先, 用戶端電腦111產生第一金鑰協商參數p(步驟S404),並 連同交易請求傳送至交易伺服器120 (步驟S405),其中 上述之交易請求包含使用者110之使用者識別代號。交易 Q 伺服器12〇在收到交易請求後,以迪菲赫夫曼協定先產生 第二金鑰協商參數q,並根據第一金鑰協商參數p與第二金 錄協商參數q計算得到共用通訊金錄(Session Key) SK (步 驟S406) ’然後將第二金鑰協商參數q傳送至用戶端電腦 111 (步驟S407),使用戶端電腦m能夠同樣根據第一金 鑰協商參數p與第二金鑰協商參數q計算得到共用通訊金鑰 SK (步驟 S408)。 上述金鑰協商程序結束後,則繼續進行雙向交易認證 程序。首先’*交易伺服器12〇進一步產生第一驗證函式fl ΝΜ/98005/0213-Α42053ΤΨ-Ϊ 201101215 之參數C ( challenge),將參數C與使用者no所註冊之 使用者密碼輸入第一驗證函式Π計算得到雜湊值Η (步驟 S409),以參數C與雜湊值Η為第一驗證碼,將第一驗證 碼以共用通訊金錄SK加密後(步驟S410),透過簡訊傳送 至用戶端電腦111(步驟S411)。使用者11〇確認行動通訊 裝置112收到該簡訊後,透過用戶端電腦lu將簡訊所含 之密文以及使用者密碼一併手動輸入交易伺服器12〇所提 供之線上父易網頁上(步驊S412 ),用戶端電腦m再以 共用通訊金鑰SK將簡訊所含之密文解密得到第一驗證碼 0 (步驟S413),然後以第一驗證碼中的參數c與使用者密 碼帶入第一驗證函式fl計算,以驗證計算得到的雜湊值是 否為第一驗證碼中的雜湊值Η (步驟S414),若是,則代 表交易伺服器120通過驗證;若否’則代表交易伺服器12〇 未通過驗證,用戶端電腦111於視窗介面顯示「交易飼服 器驗證失敗」以通知使用者110,然後終止該次線上交易。Sockets LayerHike) protocol, or key distribution protocol (key protocol), wherein the above-mentioned secure data transport layer protocol includes a general secure data transport layer protocol, a secure data transport layer protocol using the RSA algorithm, and Diffie Huffman algorithm security #material transport layer agreement. And the key negotiation procedure can be performed for a single online transaction to obtain a shared communication key for use only, or for a plurality of online transactions to obtain a shared communication key for multiple use. The former is better because each time the online transaction will regenerate the reconciliation, so the latter is better. The latter is obtained by the sub-key negotiation procedure. The shared communication key can be applied and multiple consecutive online transactions. Computing resources are better than the former' but the security is lower. Since the above steps simultaneously use the mobile communication device 112 to receive the secret female newsletter, plus the use of the password to be registered with the transaction ship 12G before the transaction is performed, it is therefore possible to avoid the fact that the mobile phone theft is not affected by the mobile phone. The unlawful person obtains the above-mentioned items to obtain the superscript mosquito newsletter. In the absence of the password 1, the identity authentication described in the example of 丨%,+, 卜亦良苑 cannot be implemented by the present invention, so this = this r:=:r The method has the other 110 must be time-consuming to use it in another embodiment - in the embodiment, the round:: client computer 111' can be cut into WM9S〇〇5/〇 after the first verification of the invention. 213-A42053TW-f 4 °Γ 201101215 points, the first part is transmitted to the mobile communication device 1丨2 via SMS, and the second part is transmitted to the user computer through the above network connection. 110, after inputting the first part of the newsletter into the client computer nl, the user computer 111 reassembles the first part and the second part for subsequent decryption procedures, thereby reducing the user. The burden. FIG. 3 is a flow chart of a two-factor online transaction security authentication method according to an embodiment of the invention. First, when the user 11() wants to conduct an online transaction, the user terminal computer 15 is operated to transmit a transaction request to the transaction vessel 12G via the Internet connection (step (4)), and the transaction server 12 receives the transaction request. The first verification code is generated by the first function (step S302), and the first-bribery information is sent to the mobile communication device 112 (step S3G3). 'The user includes the short message after receiving the short message. The ciphertext is manually input into the client computer (1), and the client computer iu decodes the added first-verification code to obtain the first verification code (step S3Q4). The client computer 111 proceeds to the first verification function and the first verification. The user password verification transaction server 12G (step S3Q5), and then generating the second verification code by the second verification function and transmitting through the network connection: the easy server 120 (step S3〇6), and the transaction feeding device 12 After the second verification code is received, the second verification function, the second verification code, and the password verification client computer m (step S307) are terminated. 4 is a message sequence diagram of a two-factor online transaction security authentication method using the Duffy agreement according to an embodiment of the present invention. The user 110 first transmits the server through the client computer 111. 120, and browsing the line provided by the transaction server 12: NM/98005/0213-A42053TVJ-{201101215 transaction page (step S401), the user 110 can register the user with the transaction server 120 via the online transaction page Identifying the code, the user password, and the user identification module number (handset number) of the mobile communication device 112 (step S402), and the transaction server 120 prompts the client computer 111 to download the subsequent online transaction program on the online transaction webpage. The security authentication related settings that will be used (step S403) include a key agreement, a first verification function, a second verification function, and a third verification function. Wherein the above steps S402 and S403 can also be performed before the transaction on the secondary line, that is, before step S401. The key agreement procedure used in this embodiment employs the Diffie-Hellman protocol. Next, when the user 110 wants to conduct an online transaction, the client computer 111 is operated to perform a key agreement procedure under the Diffie Huffman agreement. First, the client computer 111 generates a first key negotiation parameter p (step S404). And transmitting to the transaction server 120 together with the transaction request (step S405), wherein the transaction request includes the user identification code of the user 110. After receiving the transaction request, the transaction Q server 12 first generates the second key negotiation parameter q by using the Diffie Huffman agreement, and calculates the sharing according to the first key negotiation parameter p and the second record negotiation parameter q. The Session Key SK (step S406) 'The second key negotiation parameter q is then transmitted to the client computer 111 (step S407), so that the client computer m can also negotiate the parameter p and the same according to the first key. The second key negotiation parameter q calculates the shared communication key SK (step S408). After the above key agreement procedure is completed, the two-way transaction authentication procedure is continued. First, the '*transaction server 12' further generates the parameter C (challenge) of the first verification function fl ΝΜ/98005/0213-Α42053ΤΨ-Ϊ 201101215, and inputs the user password registered by the parameter C and the user no into the first verification. The function Π calculates the hash value Η (step S409), and uses the parameter C and the hash value Η as the first verification code, and encrypts the first verification code with the shared communication record SK (step S410), and transmits the message to the client through the short message. The computer 111 (step S411). After the user 11 confirms that the mobile communication device 112 receives the short message, the ciphertext and the user password included in the short message are manually input into the online parent-friendly webpage provided by the transaction server 12 through the user computer lu (step骅S412), the client computer m decrypts the ciphertext included in the short message by using the shared communication key SK to obtain the first verification code 0 (step S413), and then brings in the parameter c and the user password in the first verification code. The first verification function fl is calculated to verify whether the calculated hash value is the hash value 第一 in the first verification code (step S414), and if so, the transaction server 120 is verified; if not, the transaction server is represented. 12〇 failed verification, the client computer 111 displays “Transaction Feeder Verification Failure” on the window interface to notify the user 110, and then terminates the online transaction.
驗證完交易伺服器120後,用戶端電腦111則繼續將 參數C與使用者11〇所註冊之使用者密碼輸入第二驗證函 CJ 式f2計算得到雜湊值R1 (步驟S415),以雜湊值ri為第 二驗證碼,並將第二驗證碼傳送至交易伺服器12〇(步驟 S416) ’交易伺服器12〇再以參數c與使用者密碼帶入第 二驗證函式f2計算,以驗證計算得到的雜湊值是否為第二 驗證碼中的雜湊值ΪΠ (步驟s417),若是,則代表用戶端 電腦111通過驗證;若否,則代表用戶端電腦Ul未通過 驗證’交易伺服器120可回覆交易錯誤訊息至用戶端電腦 NMI98005/0213-A42053TW-f 12 201101215 ill ’使用戶端電腦ill重新發起交易請求。 本發明除了如上述之雙向交易認證(用戶端電腦驗證交 易伺服器、以及交易伺服器驗證用戶端電腦)之外,更可 用以驗證交易訊息以罐保交易訊息之安全性。在上述交易 伺服器120驗證用戶端電腦111結東後,用戶端電腦lu 將參數C、使用者密瑪、以及交易訊息Μ輸入第三驗證函 式f3 &十鼻得到雜凑值R2 (步驟S418 ),以雜凑值R2為第 ❹ 二驗證碼’並將第三驗證竭連同交易訊息Μ傳送至交易飼 服器120 (步驟S419) ’交易伺服器120再以參數C、使 用者密碼、以及交易訊息Μ帶入第三驗證函式f3計算, 以驗證計算得到的雜凑值是否為第三驗證石馬中的雜凑值 R2 (步驟 S420)。 第5圖係根據本發明一實施例所述之使用一般安全資 料傳輸層協定之雙因子線上交易安全認證方法之訊息序列 圖。在此實施例中,使用者110先透過用戶端電腦111連 Q 結上交易伺服器120以瀏覽交易伺服器120所提供之線上 交易網頁,並經由該線上交易網頁向父易飼服器120註冊 其使用者識別代號、使用者密碼、以及行動通訊裝置Π2 之用戶識別模組號碼,而交易伺服器12〇可於線上交易網 頁上提示用戶端電腦111下載後續線上交易程序中會使用 到的安全認證相關設定,包括金鑰協商協定、第一驗證函 式、第二驗證函式、以及第三驗證函式。以上步驟同於第 4圖中之步驟S401〜S403,且步驟s402與S403亦可於該 次線上交易之前進行,意即於步驟S401之前即完成。 NM198005/0213-A42053TW-f 13 201101215 接下來,當使用者110欲進行線上交易時’會操作用 戶端電腦111以一般安全資料傳輸層協定進行金鑰協商程 序,首先,用戶端電腦111產生協商遨請訊息ClientHello(步 驟S501),並連同交易請求傳送至交易伺服器120 (步驟 S502)。該協商邀請訊息包含了用戶端電腦111所支援的安 全資料傳輸層協定之版本、密碼演算法列表、以及壓縮方法。 交易伺服器120根據所收到的協商邀請訊息ClientHello,同 樣以一般安全資料傳輸層協定產生協商回應訊息ServerHello (步驟S503),並將協商回應訊息ServerHello傳送至用戶端 Ο 電腦111 (步驟S504)。用戶端電腦111在接收到協商回應 訊息ServerHello後,與交易伺服器120雙方共同進行金鑰 參數交換以產生共用通訊金鑰SK(步驟S505),然後用戶 端電腦111與交易伺服器120共同以雙向訊息 ChangeCipherSpec告知彼此密文變更規格訊息並已達成協 商之設定(步驟S506)。完成上述金鑰協商程序後,即繼 續進行後續的雙向交易認證(用戶端電腦驗證交易伺服 器、以及交易伺服器驗證用戶端電腦)以及線上交易程序, ◎ 同第4圖中步驟S409〜S419。 第6圖係根據本發明一實施例所述之使用rSa演算法 之安全資料傳輸層協定之雙因子線上交易安全認證方法之 訊息序列圖。在此實施例中,使用者110透過用戶端電腦 111連結上交易伺服器120以完成瀏覽交易伺服器12〇所 提供之線上交易網頁、向交易伺服器120註冊、以及從交 易佝服器120下載後續線上交易程序中會使用到的安全認 NMI98005/0213-A42053TW-f 14 201101215 證相關設定。以上步驟同於第4圖中之步驟S401〜S403, 且步驟S402與S403亦可於該次線上交易之前進行,意即 於步驟S401之前即完成。 接下來,當使用者110欲進行線上交易時,會操作用 戶端電腦111以使用RSA演算法之安全資料傳輸層協定進行 金錄協商程序,首先,用戶端電腦111以安全資料傳輸層協 疋產生協商邀请訊息ClientHello (步驟S601),並連同交易 ❹請求傳送至交易伺服器120 (步驟S602),該協商邀請訊 息包含了用戶端電腦111所支援的安全資料傳輸層協定之版 本、岔碼演算法列表、以及壓縮方法。交易伺服器根據 所收到的協商邀請訊息ClientHello,同樣以安全資料傳輸層 協定產生協商回應訊息ServerHello (步驟S603),並將協商 回應訊息ServerHello傳送至用戶端電腦ill (步驟S6〇4)。 當用戶端電腦111接收到協商回應訊息ServerHello時,則以 RS A决算法產生共用通訊金錄SK並以交易飼服器120之公 ❹ 鑰(Public key)進行加密(步驟S605)後傳送至交易伺服 器120’交易伺服器120在收到加密的共用通訊金錄sk後, 則以其使用之私鑰(private key)進行解密以取得共用通訊金 鑰SK (步驟S606) ’然後用戶端電腦111與交易祠服器12〇 共同以雙向訊息ChangeCipherSpec告知彼此密文變更規格 訊息並已達成協商之設定(步驟S607),則金餘協商程序 結束。後續進行的雙向交易認證(用戶端電腦驗證交易伺服 器、以及交易伺服器驗證用戶端電腦)以及線上交易程序, 同第4圖中步驟S409〜S419。 * NMI98005/0213-A42053TW-f 15 201101215 〜…第7圖係根據本發明一實施例所述之使用迪菲赫夫曼 演算法之安全資料傳輪層協定之雙因子線上交易安全認ς =法之訊息序列圖。在此實施例中,使用者110透過用戶 端電腦111連結上交易祠服器12〇以完成劇覽交易飼服器 120所提供之線上交易網頁、向交易伺服器12〇註冊、二 士從交易伺服器12G下載後續線上交易程序中會使用到的 安全認證相關設定。以上步驟同於第4圖中之步驟 S401〜S403 ’且步驟S4〇2與S4〇3亦可於該次線上交易之 前進行,意即於步驟S4〇1之前即完成。 接下來,當使用者110欲進行線上交易時,會操作用 二端電腦111以使料祕夫曼演算法之安全資料傳輸層協 疋進行金鑰協商程序。首先,用戶端電腦ln以安全資料傳 輸層協定產生協商邀請訊息clientHell〇 (步驟S7〇1),並連 同交易請求傳送至交㈣麗m(步驟讀),該協商 ,請訊息包含了用戶端電腦U1所支援的安全資料傳輸層協 定之版本、密碼演算法列表、以及壓縮方法。交易飼服器 根據所㈣的協商料訊纟clientHell。,㈣以安全資料傳 輸層協定產生協商回應訊息ServerHell〇 (步驟S7〇3),並將 協商回應訊息ServerHello傳送至用戶端電腦lu (步驟 5704) 。當用戶端電腦U1接收到協商回應訊息ServerHeii〇 時’則以迪菲赫夫曼蚊產生第—金㈣商參數p (步驟 5705) ,並將第一金錄協商參數p傳送至交易伺服器 (步驟S706),而交易伺服器120進一步以以迪菲赫夫曼 協疋產生第二金鑰協商參數q,根據第一金鑰協商參數士與 /VA//55^i?5/0213-A42053TW-f 16 201101215 第二金餘協商參數q計算得到共用通訊金鑰 SK (步驟 S707) ’並將第二金餘協商參&傳送至用戶端電腦nl (步 驟S708),然後’用戶端電腦Ul根據第一金鑰協商參數p 與第二金鑰協商參數q同樣計算得到共用通訊金鑰SK (步驟 S709)。最後,用戶端電腦1U與交易伺服器12〇共同以雙 向訊息ChangeCipherSpec告知彼此密文變更規格訊息並已 達成協商之设定(步驟S710) ’則金鑰協商程序結束。後 續進行的雙向交易認證(用戶端電腦驗證交易伺服器、以及 交易伺服器驗證用戶端電腦)以及線上交易程序,同第4 圖中步驟S409〜S419。 第4〜7圖所示之雙因子線上交易安全認證方法在進行 線上交易之前之註冊步驟雖然是透過網路以線上註冊的方 式進行,但在其它實施例中,亦可由使用者親自到該線 交易公司之服務櫃臺填寫註冊申請文件,將使用者璣别 號、使用者密碼、以及行動通訊裝置11:2之用戶識別根、 Q 號碼(手機門號)等使用者資訊寫入註冊申請文件中,、'且 由該線上交易公司將註冊申請文件所記錄之内容輪入, 易伺服器120;或者,使用者資訊可獨立儲存於另〜父 裝置,父易伺服器120再透過網路連線至該儲存裝―、存 取使用者資訊。 '"夏以讀 本發明雖以各種實施例揭露如上,然而其僅為範 考而非用以限定本發明的範圍,任何熟習此項技藝^列參 不脫離本發明之精神和範圍内,當可做些許的更動逝在 飾。因此上述實施例並非用以限定本發明之範圍,本日閑 NMI98005/Q213-A42053TW-f ^ 201101215 之保護範圍當視後附之申請專利範圍所界定者為準。 【圖式簡單說明】 第1圖為根據本發明一實施例所述之雙因子線上交易 安全認證系統之示意圖。 第2圖為根據本發明一實施例所述之雙因子線上交易 安全認證方法之訊息序列圖。 第3圖為根據本發明一實施例所述之雙因子線上交易 安全認證方法之流程圖。 第4圖係根據本發明一實施例所述之使用迪菲赫夫曼 協定之雙因子線上交易安全認證方法之訊息序列圖。 第5圖係根據本發明一實施例所述之使用一般安全資 料傳輸層協定之雙因子線上交易安全認證方法之訊息序列 圖。 第6圖係根據本發明一實施例所述之使用RSA演算法 之安全資料傳輸層協定之雙因子線上交易安全認證方法之 訊息序列圖。 第7圖係根據本發明一實施例所述之使用迪菲赫夫曼 演算法之安全資料傳輸層協定之雙因子線上交易安全認證 方法之訊息序列圖。 【主要元件符號說明】 100〜雙因子線上交易安全認證系統; 110〜使用者; 111〜用戶端電腦; 112〜行動通訊裝置; NMI98005/0213-A42053TW-f 18 201101215 120〜交易伺服器; 130〜網際網路; 140〜行動通訊系統。After verifying the transaction server 120, the client computer 111 continues to input the parameter C and the user password registered by the user 11 into the second verification function CJ formula f2 to calculate the hash value R1 (step S415), with a hash value ri Is the second verification code, and transmits the second verification code to the transaction server 12 (step S416). The transaction server 12 is further calculated by the parameter c and the user password into the second verification function f2 to verify the calculation. Whether the obtained hash value is the hash value 第二 in the second verification code (step s417), and if so, the user computer 111 passes the verification; if not, the user computer U1 does not pass the verification 'the transaction server 120 can reply Transaction error message to the client computer NMI98005/0213-A42053TW-f 12 201101215 ill 'Make the client computer ill re-initiate the transaction request. In addition to the two-way transaction authentication (the client computer verification transaction server and the transaction server verification client computer) as described above, the present invention can be used to verify the security of the transaction message to the canned transaction message. After the transaction server 120 verifies that the client computer 111 is in the east, the client computer lu inputs the parameter C, the user MME, and the transaction message Μ into the third verification function f3 & ten nose to obtain the hash value R2 (step S418), the hash value R2 is the second verification code' and the third verification is sent to the transaction server 120 together with the transaction message (step S419). The transaction server 120 further uses the parameter C, the user password, And the transaction message is brought into the third verification function f3 calculation to verify whether the calculated hash value is the hash value R2 in the third verification stone horse (step S420). Figure 5 is a message sequence diagram of a two-factor online transaction security authentication method using a general secure data transport layer protocol, in accordance with an embodiment of the present invention. In this embodiment, the user 110 first connects to the transaction server 120 through the client computer 111 to browse the online transaction webpage provided by the transaction server 120, and registers with the parent easy feeder 120 via the online transaction webpage. The user identification code, the user password, and the user identification module number of the mobile communication device ,2, and the transaction server 12 can prompt the user computer 111 to download the security used in the subsequent online transaction program on the online transaction webpage. Authentication related settings, including key agreement, first verification function, second verification function, and third verification function. The above steps are the same as steps S401 to S403 in Fig. 4, and steps s402 and S403 can also be performed before the transaction on the secondary line, that is, before step S401. NM198005/0213-A42053TW-f 13 201101215 Next, when the user 110 wants to conduct an online transaction, the client computer 111 is operated to perform a key agreement procedure under the general secure data transfer layer protocol. First, the client computer 111 generates a negotiation. The message ClientHello is requested (step S501) and transmitted to the transaction server 120 in conjunction with the transaction request (step S502). The negotiation invitation message includes a version of the secure data transport layer protocol supported by the client computer 111, a list of cryptographic algorithms, and a compression method. The transaction server 120 generates a negotiation response message ServerHello in accordance with the received negotiation invitation message ClientHello, in the same manner as the general security data transmission layer protocol (step S503), and transmits the negotiation response message ServerHello to the client computer 111 (step S504). After receiving the negotiation response message ServerHello, the client computer 111 performs key key exchange with the transaction server 120 to generate a shared communication key SK (step S505), and then the client computer 111 and the transaction server 120 cooperate in both directions. The message ChangeCipherSpec informs each other of the ciphertext change specification message and has reached a negotiated setting (step S506). After completing the above-mentioned key agreement procedure, the subsequent two-way transaction authentication (the client computer verification transaction server and the transaction server verification client computer) and the online transaction program are continued, and steps S409 to S419 in Fig. 4 are continued. Figure 6 is a message sequence diagram of a two-factor online transaction security authentication method using a secure data transport layer protocol using the rSa algorithm, in accordance with an embodiment of the present invention. In this embodiment, the user 110 connects to the transaction server 120 through the client computer 111 to complete the online transaction webpage provided by the browsing transaction server 12, registers with the transaction server 120, and downloads from the transaction server 120. The security settings that will be used in subsequent online trading procedures are NMI98005/0213-A42053TW-f 14 201101215. The above steps are the same as steps S401 to S403 in Fig. 4, and steps S402 and S403 can also be performed before the transaction on the secondary line, that is, before step S401. Next, when the user 110 wants to conduct an online transaction, the client computer 111 is operated to perform the golden record negotiation procedure using the secure data transfer layer protocol of the RSA algorithm. First, the client computer 111 is generated by the secure data transfer layer. The invitation message ClientHello is negotiated (step S601), and transmitted to the transaction server 120 along with the transaction request (step S602), the negotiation invitation message includes the version of the secure data transmission layer protocol supported by the client computer 111, and the weight algorithm. List, and compression methods. The transaction server generates a negotiation response message ServerHello according to the received negotiation invitation message ClientHello (also in the secure data transmission layer protocol) (step S603), and transmits the negotiation response message ServerHello to the client computer ill (step S6〇4). When the client computer 111 receives the negotiation response message ServerHello, the shared communication record SK is generated by the RS A algorithm and encrypted by the public key of the transaction server 120 (step S605) and then transmitted to the transaction. After receiving the encrypted shared communication record sk, the server 120' transaction server 120 decrypts with the private key used to obtain the shared communication key SK (step S606). Then the client computer 111 Together with the transaction server 12A, the mutual message change specification message is notified by the two-way message ChangeCipherSpec and the negotiation setting is reached (step S607), and the Jinyu negotiation process ends. The subsequent two-way transaction authentication (the client computer verification transaction server and the transaction server verification client computer) and the online transaction program are the same as steps S409 to S419 in Fig. 4. * NMI98005/0213-A42053TW-f 15 201101215 ~ Fig. 7 is a two-factor online transaction security reference method using the Diffie Huffman algorithm for secure data transfer layer protocol according to an embodiment of the present invention. The sequence of messages. In this embodiment, the user 110 connects to the transaction server 12 via the client computer 111 to complete the online transaction webpage provided by the drama transaction server 120, register with the transaction server 12, and convert the transaction from the transaction server. The server 12G downloads the security authentication related settings that will be used in subsequent online transaction procedures. The above steps are the same as steps S401 to S403' in Fig. 4 and steps S4〇2 and S4〇3 can also be performed before the transaction on the secondary line, that is, before step S4〇1. Next, when the user 110 wants to conduct an online transaction, the two-terminal computer 111 is operated to perform a key agreement procedure for the secure data transfer layer protocol of the Miftman algorithm. First, the client computer ln generates a negotiation invitation message clientHell〇 (step S7〇1) according to the secure data transmission layer protocol, and transmits it to the transaction (four) 丽 m (step reading) together with the transaction request, the negotiation, the message includes the client computer U1 The version of the supported Secure Data Transport Layer Agreement, the list of cryptographic algorithms, and the compression method. Trading Feeder According to the (4) consultation news, clientHell. (4) generating a negotiation response message ServerHell〇 (step S7〇3) by the secure data transmission layer protocol, and transmitting the negotiation response message ServerHello to the client computer lu (step 5704). When the client computer U1 receives the negotiation response message ServerHeii〇, then the first-gold (four) quotient parameter p is generated by Diffy Huffman mosquito (step 5705), and the first record negotiation parameter p is transmitted to the transaction server ( Step S706), and the transaction server 120 further generates the second key negotiation parameter q by the Diffie Huffman Coordination, and negotiates the parameter according to the first key with /VA//55^i?5/0213-A42053TW -f 16 201101215 The second remnant negotiation parameter q calculates the shared communication key SK (step S707) 'and transmits the second remnant negotiation parameter to the client computer nl (step S708), and then 'the client computer Ul The shared communication key SK is calculated in the same manner as the second key negotiation parameter q according to the first key negotiation parameter p (step S709). Finally, the client computer 1U and the transaction server 12A together notify the mutual ciphertext change specification message with the two-way message ChangeCipherSpec and have reached the negotiated setting (step S710), and the key agreement procedure ends. The subsequent two-way transaction authentication (the client computer verification transaction server, and the transaction server verification client computer) and the online transaction program are the same as steps S409 to S419 in Fig. 4. The two-factor online transaction security authentication method shown in Figures 4 to 7 is performed by online registration before the online transaction, but in other embodiments, the user can also go to the line in person. The service counter of the trading company fills in the registration application file, and writes the user identification number, the user password, and the user identification root of the mobile communication device 11:2, the Q number (the mobile phone door number) and other user information into the registration application file. , and 'the online trading company will record the content recorded in the registration application file, easy server 120; or, the user information can be stored separately in the other ~ parent device, the parent easy server 120 and then through the network connection To the storage device - access user information. The invention is not limited to the scope of the invention, and is not intended to limit the scope of the invention. You can make a little more change in the decoration. Therefore, the above embodiments are not intended to limit the scope of the present invention. The scope of protection of NMI98005/Q213-A42053TW-f ^ 201101215 is determined by the scope of the appended patent application. BRIEF DESCRIPTION OF THE DRAWINGS FIG. 1 is a schematic diagram of a two-factor online transaction security authentication system according to an embodiment of the invention. FIG. 2 is a message sequence diagram of a two-factor online transaction security authentication method according to an embodiment of the invention. FIG. 3 is a flow chart of a two-factor online transaction security authentication method according to an embodiment of the invention. Figure 4 is a message sequence diagram of a two-factor online transaction security authentication method using the Dieffie Huffman protocol according to an embodiment of the present invention. Figure 5 is a message sequence diagram of a two-factor online transaction security authentication method using a general secure data transport layer protocol, in accordance with an embodiment of the present invention. Figure 6 is a message sequence diagram of a two-factor online transaction security authentication method using a secure data transport layer protocol of the RSA algorithm according to an embodiment of the invention. Figure 7 is a message sequence diagram of a two-factor online transaction security authentication method using a secure data transmission layer protocol of the Dieffie Huffman algorithm according to an embodiment of the present invention. [Main component symbol description] 100~ two-factor online transaction security authentication system; 110~user; 111~user computer; 112~ mobile communication device; NMI98005/0213-A42053TW-f 18 201101215 120~transaction server; 130~ Internet; 140~ mobile communication system.
/VMP5i7i?5/0213-A42053TW-f/VMP5i7i?5/0213-A42053TW-f