201135619 、發明說明: 【發明所屬之技術領域】 的是 本發明係關於一種電子交易方法及系統,更特 關於-種利用QR碼之電子交易方法及系統。 【先前技術】 +隨著社會及金融業之曰益發展,信用交易之行為可邮 連勃發展,而在各項信較W,使用侧切塑^ 之消費模式由於具有便利性,因此廣受消費者之直愛/ 利用手機、電視或電腦進行線上購物並以信 二 ^方㈣便利之購物消費模式逐漸成為消費者常之^ 易方式。 人 習用之信用卡付款方式如第j圖所示,首 會透過資訊平台,如前述之手機、 &費者 電腦係透過網際網路連上購物網頁,:電手機及 物請行商品確認及付款動作),取得預購買之二= ==,)接二Γ預支付商品款項之信用卡二資 n C步驟103),通常為信用卡卡 證碼(CVV)等,接著資訊平台傳送°限及信用卡驗 位,如:發卡銀行及聯合信用卡處^里中貝^至授信管理單 Card Center,NCCC),進行資 =at職1 &咖 (半职π ^ 及校推’並取得授權碼 (步‘叫,錢,付款成功,完錢易( 。 上述不需實體卡片進行刷卡動作 消費者所接受,然而,—日作料〜付秋購物方式已被 一L用卡之相關資料外浅,如此 201135619 便利之付款方式卻也成為不肖人士絲信时的途徑。現 今雖有各種線上加密方式讓交易過程中,信用卡之相關資 料不被第三者竊取U若第三者透過其他方式取得消費 者之信用卡資料時,此種線上加密之方式亦無法有效地避 免盜刷信用卡的行為。 、,再者,倘若消費者欲進行消費之網頁遭受網址绑架, 消費者所輸人之㈣與密碼資料就會被竊取 損失。 ^又河座( 【發明内容】 —树明之—目的在於提出—種消f者與商家之間授權 安全交易之方法及系統,不但可提高信用卡交易的安全性 與不可否認性(Non,—),更兼具行動㈣之機動 性。201135619, invention description: [Technical field to which the invention pertains] The present invention relates to an electronic transaction method and system, and more particularly to an electronic transaction method and system using a QR code. [Previous technology] + With the development of the social and financial industry, the behavior of credit transactions can be developed by postal cooperation, and in various letters, the consumption pattern of using side-cutting is very convenient because of its convenience. The direct love of people / using mobile phones, TV or computers for online shopping and the letter of the two (four) convenient shopping and consumption patterns have gradually become the consumer's usual way. The credit card payment method used by people is as shown in Figure j. The first session is through the information platform. For example, the aforementioned mobile phone and & fee computer system are connected to the shopping webpage through the Internet: electronic mobile phone and goods, please confirm and pay for the goods. Action), obtain the pre-purchased two ===,) Secondly, the credit card of the prepaid product, the second credit n C step 103), usually the credit card card code (CVV), etc., and then the information platform transmission limit and credit card verification For example, the issuing bank and the joint credit card office ^中中中 ^ to the credit management card (Card Center, NCCC), for the funding = at job 1 & coffee (half job π ^ and school push ' and obtain the authorization code (step ' Call, money, payment success, end of money easy (. The above does not require physical card for credit card action consumers accept, however, the Japanese-made material ~ Fuqiu shopping method has been used by a L card related information, so 201135619 convenience The payment method has also become a way for the unscrupulous people to use the online encryption method. Although there are various online encryption methods in the transaction process, the credit card related information is not stolen by the third party. If the third party obtains the consumer through other means. In the case of credit card information, such online encryption cannot effectively prevent theft of credit cards. Moreover, if the consumer wants to consume the webpage and is abducted by the website, the consumer’s (4) and password information will be Theft is stolen. ^There is a river block (invention content) - the purpose of the tree - the purpose is to propose a method and system for authorizing secure transactions between the consumer and the merchant, which not only improves the security and non-repudiation of credit card transactions ( Non, -), more action (4) mobility.
本备明之另-目的在於提出—種不受網頁鄉架威脅之 女全交易方法及系統。 為達上述目的及其他目的,本發明提出一種利用咪 交易方法’其包含以下步驟:⑴利用—可攜式電 擷取-商品QR碼並反譯出—商品識別資訊及一驗 ^易位址,藉由該驗證交易位輯線至—電子交易終端 付恤㈣及產生一次性存證f訊;(2)輸入欲支付 =分卡號f訊與㈣卡驗證m,利用該可 子裝置擷取-使用者憑證QR碼,將其反譯為一使 者身伤貝科及-信用卡卡號資訊雜凑值,並與該商品識 m 4 201135619 別資訊、該可攜式電子裝置之行動電話號碼及一次性存證 資訊一併提交至該電子交易終端;(3)該電子交易終端進行 該使用者身份資料及該行動電話號碼之核對,並核對該商 品識別資訊是否與該支付伺服器之内存相符,皆符合後始 允許後續步驟;(4)該電子交易終端將該部分卡號資訊、該 信用卡驗證碼、一次性存證資訊及該信用卡卡號資訊雜凑 值一併提交至一授信銀行,該授信銀行解密該信用卡資訊 雜湊值以取得一解密卡號資訊,並與該部分卡號資訊組合 為一完整卡號資訊;及(5)授信銀行將該完整卡號資訊及該 信用卡驗證碼提交至一信用卡處理中心進行授權,以進行 後續付款動作。 於本發明之一實施例中,更包含以下步驟:(a)使用者 預先向該電子交易終端提出申請;(b)該電子交易終端根據 該使用者之身份資料及經該授信銀行處理之信用卡卡號資 訊雜湊值,產生該使用者憑證QR碼;及(c)該電子交易終 端内儲存有該使用者登錄之可攜式電子裝置之行動電話號 碼。其中於⑷步驟中,更包含以下步驟:(al)連線至該授 信銀行並輸入信用卡之部份卡號資訊;及(a2)該授信銀行對 該部份卡號資訊進行加密程序以產生該信用卡卡號資訊雜 湊值,並回傳至該電子交易終端。其中,該部份卡號資訊 可為信用卡卡號之前12位數字。 為達上述目的及其他目的,本發明之一種利用QR碼 之電子交易系統,其包含:一使用者憑證卡,其上具有内 含一使用者身份資料及一信用卡卡號資訊雜湊值之一使用 201135619 者憑證QR碼;及一電子交易終端,係包含内儲存至少一 商品識別資訊之一支付伺服器,供一電子裝置透過擷取之 一商品QR碼所反譯之一驗證交易位址來連線,該電子交 易終端並用於核對由該電子裝置所提交之該使用者身份資 料、一行動電話號碼、及一商品識別資訊,並用於供核對 成功後送出由該電子裝置提交之部分卡號資訊、信用卡驗 證碼、一次性存證資訊及該信用卡卡號資訊雜湊值至一授 信銀行,以供該授信銀行組合該部分卡號資訊與解密該信 用卡卡號資訊雜湊值後取得之解密卡號資訊來形成一完整 卡號資訊,其中,該商品識別資訊係透過該電子裝置擷取 該商品QR碼並經過反譯後取得,該使用者身份資料及該 信用卡卡號資訊雜湊值係透過該電子裝置擷取該使用者憑 證QR碼並經過反譯後取得。 於本發明之一實施例中,該可攜式電子裝置更包含一 行動通訊國際識別碼(IMEI)以與該行動電話號碼一同被送 出及認證,該電子交易終端内並儲存有該使用者登錄之該 行動通訊國際識別碼(IMEI),而對於交易的安全性更加一 層保護。《 於本發明之一實施例中,該可攜式電子裝置可為行動 電話、手提電腦及個人數位助理三者中的其中一種。 藉此,本發明係以憑證貫穿使用者、銀行與電子交易 終端之間,藉由該使用者憑證QR碼、該行動通訊電話號 碼及於該電子交易終端註冊之使用者身份資料,可強化電 子交易的整體安全性,且商品網頁之連結亦透過該電子交 '201135619 易終端之驗證^因而不受網頁被鄉架之威脅’整體之父易 流程不但可提高信用卡交易的安全性,更兼具行動消費之 機動性。 【實施方式】 為充分瞭解本發明之目的、特徵及功效,茲藉由下述 具體之實施例,並配合所附之圖式,對本發明做一詳細說 明,說明如後: 首先請參閱第2圖,係本發明於一實施例中之電子交 易系統架構示意圖。此電子交易系統200包含:一使用者 憑證卡202、一可攜式電子裝置204、一電子交易終端206、 一授信銀行212及一信用卡處理中心214。該可攜式電子裝 置204可為行動電話、手提電腦、個人數位助理或其他等 效之裝置,並可透過電信系統,如:GSM系統、CDMA系 統、WIMAX系統、3G/3.5G系統、PHS系統、GPRS系統、 實體網路線、無線網路或其他等效之連線方式連線至該電 子交易終端206。該可攜式電子裝置204並具有攝像裝置或 其他等效之裝置以擷取一種二維條碼形式之QR碼。 接著請同時參閱第2圖及第3圖,第3圖係為本發明 於一實施例中之電子交易流程示意圖。首先,進行步驟 302,利用該可攜式電子裝置204擷取一商品QR碼2101, 使用者可透過電腦210於網際網路上瀏覽商品資訊並透過 取得該商品QR碼2101。其中,該商品QR碼2101亦可以 其他種形式出現,例如:透過廣告海報,將商品QR碼2101 7 201135619 直接印製於海報上,或者是透過報章雜誌、,亦或是其他電 子裝置、廣告裝置等可顯示該商品(^尺碼21〇1之等效裝置。 接著進行步驟304’該可攜式電子裝置2〇4内儲存有一 反譯程式,用以將擷取到之商品(^11碼21〇1反譯出一商品 識別資訊及一驗證交易位址。該商品識別資訊係該商品之 特有編碼,用以於後續核對時使用,該商品識別資訊益不 帶有商品之價錢資訊。該驗證交易位址係供該可攜式電子 裝置204透過前述之電信系统連線至該電子交易終端 206,以及連線至與該電子交易終端2〇6連結之一支付伺服 器2〇7,以進行後續之付款交易動作。於該可攜式電子裝置 綱連線至該電子U終端施之該支付舰器2Q7時’即 產生-次性存證資訊,該—次性存證資訊係指每一次交易 的軌跡β己錄(可包含進行交易時之執行時間、行動通訊國 際識^ (1_)、行動電話號碼或Ιρ位址等),其係經過一 可逆Λ、^_去加狯後所得之憑證值。交易階段被儲存下來之 該一次性存證資訊可作為日後發生任何交易糾紛時,可利 用此值反追蹤當下之交易軌跡。此外,本發明之該一次性 存證資訊可為—多方存證資訊,例如:該交易軌跡會記錄 在支㈣服器(商店端)、電子交易終端及授信銀行端。 W述存證資訊之紀錄即可為交易過程提供—種交易的 不可否認性,而本發明再加上使用者身分的認證以及於 料傳輸過程中之機密性、完整性與安全性,皆可 二、 的不可否認性。 捉问父易 該支付伺服器207⑽存有各種商品識別資訊以供核 201135619 201135619 對,此外,藉由此種商品識別資訊的設置,於汰換商品時 並不需要更換商品QR碼,而使該舊有之商品(^尺碼直接對 應一新的商品即可。亦即,透過商品識別資料傳輸至該驗 證交易位址(API URL)的可變動性,達到商品(^尺碼不需修 改的情況下,變更QR碼所屬商品及其傳輸取得商品資訊 的驗證交易位址(API URL)。 再者,該支付伺服器207可直接與該電子交易終端2〇6 連接,或為-廠商端之舰n,~,該支付舰器2〇7係 商二口廠商端之-介接主機,透過該驗證交易位址可供該電 子又易、',、知206連接至對應的支付伺服器。此外,第2 圖之,支付飼服器2G7之數量僅為—種示例,#,該支付 祠服器207可為複數個。 =著進仃步驟306,使用者透過該可攜式電子裝置2〇4 支付應付款項之信用卡相關資訊,如:輸入欲支 卡號#訊與信用卡驗證碼,該部分卡號資 聽如元料號之後四碼等衫整The other purpose of this statement is to propose a female full trading method and system that is not threatened by the webpage. In order to achieve the above and other objects, the present invention proposes a method for utilizing a microphone transaction, which comprises the following steps: (1) utilizing - portable electric pickup - commodity QR code and translating - product identification information and an inspection address By using the verification device, the transaction transaction line is connected to the electronic transaction terminal (4) and the one-time deposit certificate is generated; (2) the input is required to be paid = the card number f message and (4) the card verification m, and the card device is used to capture - the user's voucher QR code, which is translated into a messenger's body and the credit card number information hash value, and the product knowledge m 4 201135619 other information, the mobile phone number of the portable electronic device and once The sexual deposit information is submitted to the electronic transaction terminal; (3) the electronic transaction terminal performs verification of the user identity data and the mobile phone number, and checks whether the product identification information matches the memory of the payment server. (4) The electronic transaction terminal submits the partial card number information, the credit card verification code, the one-time deposit certificate information, and the credit card number information hash value to one credit a bank, the credit bank decrypts the credit card information hash value to obtain a decryption card number information, and combines the partial card number information into a complete card number information; and (5) the credit bank submits the complete card number information and the credit card verification code to the first The credit card processing center authorizes for subsequent payment actions. In an embodiment of the present invention, the method further includes the following steps: (a) the user submits an application to the electronic transaction terminal in advance; and (b) the electronic transaction terminal according to the identity information of the user and the credit card processed by the credit bank The card number information hash value is generated to generate the user credential QR code; and (c) the mobile phone number of the portable electronic device in which the user logs in is stored in the electronic transaction terminal. In the step (4), the method further comprises the steps of: (al) connecting to the credit bank and inputting part of the card number information of the credit card; and (a2) the credit bank encrypting the part of the card number information to generate the credit card number. The information is hashed and passed back to the electronic trading terminal. The part of the card number information may be 12 digits before the credit card number. For the above purpose and other purposes, an electronic transaction system using a QR code according to the present invention includes: a user credential card having one of the user identification data and a credit card number of the information hash value used 201135619 a voucher QR code; and an electronic transaction terminal, comprising a payment server storing at least one item identification information, for an electronic device to connect by verifying a transaction address by extracting one of the commodity QR codes The electronic transaction terminal is further configured to check the user identity data, a mobile phone number, and a product identification information submitted by the electronic device, and is used for sending a part of the card number information and the credit card submitted by the electronic device after the verification is successful. The verification code, the one-time deposit certificate information and the credit card number information hash value are sent to a credit bank for the credit bank to combine the card number information and the decryption card number information obtained by decrypting the hash card value of the credit card number to form a complete card number information. The product identification information is obtained by extracting the QR code of the product through the electronic device. After the translation is obtained, the user identity data and the credit card number information hash value are obtained by the electronic device capturing the user's certificate QR code and after being translated. In an embodiment of the present invention, the portable electronic device further includes an International Mobile Identity (IMEI) to be sent and authenticated together with the mobile phone number, and the user login is stored in the electronic transaction terminal. The Mobile Communications International Identity (IMEI) is a further layer of protection for transaction security. In one embodiment of the present invention, the portable electronic device can be one of a mobile phone, a laptop, and a personal digital assistant. Accordingly, the present invention is capable of enforcing electrons between the user, the bank, and the electronic transaction terminal by using the user certificate QR code, the mobile communication telephone number, and the user identity data registered in the electronic transaction terminal. The overall security of the transaction, and the link to the product page is also verified by the electronic payment '201135619 Easy Terminal' and thus not subject to the threat of the website. The overall father's easy process not only improves the security of credit card transactions, but also enhances the security of credit card transactions. The mobility of mobile consumption. [Embodiment] In order to fully understand the object, features and effects of the present invention, the present invention will be described in detail by the following specific embodiments and the accompanying drawings. The figure is a schematic diagram of the architecture of an electronic transaction system in an embodiment of the present invention. The electronic transaction system 200 includes a user credential card 202, a portable electronic device 204, an electronic transaction terminal 206, a credit bank 212, and a credit card processing center 214. The portable electronic device 204 can be a mobile phone, a laptop, a personal digital assistant or other equivalent device, and can be transmitted through a telecommunication system such as a GSM system, a CDMA system, a WIMAX system, a 3G/3.5G system, or a PHS system. A GPRS system, a physical network route, a wireless network, or other equivalent connection method is connected to the electronic transaction terminal 206. The portable electronic device 204 has an imaging device or other equivalent device to capture a QR code in the form of a two-dimensional barcode. Please refer to FIG. 2 and FIG. 3 at the same time. FIG. 3 is a schematic diagram of an electronic transaction process in an embodiment of the present invention. First, step 302 is performed to capture a product QR code 2101 by using the portable electronic device 204. The user can browse the product information on the Internet through the computer 210 and obtain the QR code 2101 of the product. The product QR code 2101 may also appear in other forms, for example, by directly printing the product QR code 2101 7 201135619 on the poster through an advertisement poster, or through a newspaper or magazine, or other electronic device or advertising device. The product can be displayed (the equivalent device of the size 21〇1. Then proceed to step 304). The portable electronic device 2〇4 stores a reverse translation program for the product to be retrieved (^11 code 21) 〇1 deciphers a product identification information and a verification transaction address. The product identification information is a unique code of the product, which is used for subsequent verification, and the product identification information does not have the price information of the product. The transaction address is for the portable electronic device 204 to connect to the electronic transaction terminal 206 through the aforementioned telecommunication system, and to the payment server 2〇7 connected to the electronic transaction terminal 2〇6 for performing Subsequent payment transaction action. When the portable electronic device is connected to the electronic U terminal to apply the payment vehicle 2Q7, the information is generated, and the secondary storage information refers to each The trajectory of the transaction is recorded (including the execution time when the transaction is performed, the international communication knowledge (^_), the mobile phone number or the 位ρ address, etc.), which is obtained after a reversible ^, ^_ Voucher value. The one-time deposit certificate information stored in the transaction stage can be used as a future transaction trajectory when any transaction dispute occurs. In addition, the one-time deposit information of the present invention can be multi-party The deposit information, for example, the transaction track will be recorded in the branch (four) server (store side), the electronic trading terminal and the credit bank. The record of the deposit information can provide the non-repudiation of the transaction. The invention, together with the authentication of the user identity and the confidentiality, integrity and security in the process of material transmission, can be undeniable. The father of the payment server 207 (10) has various product identifications. The information is for nuclear 201135619 201135619. In addition, with the setting of such product identification information, it is not necessary to replace the QR code of the product when replacing the product, and the old product is replaced. ^The size directly corresponds to a new product. That is, the variability of the product identification data transmitted to the verification transaction address (API URL) reaches the product (when the size does not need to be modified, the QR code is changed. The product and its transmission obtain the verification transaction address (API URL) of the product information. Furthermore, the payment server 207 can be directly connected to the electronic transaction terminal 2〇6, or the ship-to-vendor ship n,~, the payment The ship 2〇7 is the manufacturer's second-end manufacturer-intermediate host, through which the verification transaction address is available for the electronic, and the ',, know 206 is connected to the corresponding payment server. In addition, the second figure, The number of payment feeders 2G7 is only an example, #, the payment server 207 can be plural. In step 306, the user pays the credit card related information of the payables through the portable electronic device 2〇4, for example, inputting the card number and the credit card verification code, and the card number is after the element number. Four yards
用該可攜式電子梦晉观描一 現貝1此卜才J 用者馮W ΓΠ^ 、 擷取该使用者憑證卡202上之使 )馬碼2021 ’並透過對應之反譯程式將該使用者 =轉出—使时身份資料及一㈣卡卡號 可攜式電子梦置:^: 3〇4中取得之商品識別資訊與該 前述之該使之訊電話號碼,及 卡號::::-併提交至該電子=:_卡 订/驟308 ’該電子交易終端2()6根據接收到之 201135619 者身份資料及該行動電話號碼進行核對,亦即,节 之行^终端2G6内儲存有使用者登錄之身份資料及特^ ::使3號碼’假使非持有該使用者憑證妙碼2021 : 中之核姆:热法登入該電子交易終端206。若於步驟3〇8 交易“不符合時’進入㈣3081,取消交易,結束電子 若相符則進入步驟训。Using the portable electronic dream view, the user can use the von W ΓΠ ^ to retrieve the horse code 2021 ' on the user certificate card 202 and use the corresponding translation program to User = Transfer Out - Time ID and One (4) Card Number Portable Electronic Dream Set: ^: Product identification information obtained in 3〇4 and the aforementioned telephone number, and card number:::: - and submit to the electronic =: _ card order / step 308 'The electronic transaction terminal 2 () 6 based on the received 201135619 identity data and the mobile phone number to check, that is, the section of the line ^ terminal 2G6 storage The identity data of the user login and the special number: :: the 3 number 'if the non-holding of the user certificate code 2021 : the core of the core: thermal login to the electronic transaction terminal 206. If the transaction “Non-conformity” enters (4) 3081 in step 3〇8, cancel the transaction and end the electronic. If it matches, enter the step training.
子交易终端^乂驟310 ’登入該電子交易終端206後,該電 盥掛廊夕^ 206會核對使用者提交之該商品識別資訊是否 指定)之 ^服為207 (由該驗證交易位址API URL 易,結束電子二符,若不符合時,進入步驟3101,取消交 技岔、子父易流程;反之則進入步驟312。 306中產生 :312 ’該電子交易終端206會提交步驟 梦眘和私之部分卡號資訊、該信用卡驗證碼及該信用卡卡 m貝訊雜凑佶 用卡次* 知信銀行212,該授信銀行212解密該信 值以取得—解密卡號資訊,並與使用者提供 S卡號資訊組合為一完整卡號資訊。其中,該信用 貝Λ雜凑值係使用者預先登錄於該授信銀行212之信用 卡卡戒亚經過加密程序之結果,因此非正確之使用者將不 ,使用者登錄之信用卡為哪—張,因此無法輸人正確的該 二刀卡號資δ孔,也因此再次增加電子交易之安全性。於一 貫也例中以σ用卡資訊雜湊值可為該信用卡卡號之前i2 位數予,而此時,使用者提供之該部分卡號資訊則可為最 =4位數字以組合成完整之信用卡卡號資訊;然而,該部 卡號資A亦可有-部分與該前12位信用卡卡號重疊。 10 201135619 接著進行步驟314,該授信銀行212將該完整卡號資訊 及該信用卡驗證碼提交至一信用卡處理中心214中以進行 授權,並進行後續付款動作結束電子交易流程。 接著請參閱第4圖,係本發明於一實施例中之電子交 易前置流程之示意圖。如前所述,該信用卡卡號資訊雜湊 值係為預先產生,因此如第4圖所示,首先為步驟402,使 用者預先向該電子交易終端206提出申請,如:註冊為會 員,使用者必須輸入身份資料以通過申請程序。 此外,申請程序亦包含取得該信用卡卡號資訊雜湊 值,此雜湊值並非由該電子交易終端206所產生,而係經 過一步驟402a,透過該電子交易終端206連線至該授信銀 行212,此授信銀行係由使用者決定,使用者於該授信銀行 212之介面中輸入欲用來支付款項之信用卡的部份卡號資 訊,如前所述之示例,可輸入該信用卡卡號之前12位數字; 接著進入步驟402b,該授信銀行212對該部分卡號資訊進 行加密程序以產生該信用卡卡號資訊雜湊值,並回傳至該 電子交易終端206。其中,該授信銀行212採用之加密法則 僅該銀行本身知道,任何其他單位並不知道其反譯之編碼 方式,且該銀行亦無存下任何使用者信用卡完整卡號資 料,更符合個人資料保護法範疇。 接著進入步驟404,該電子交易終端206根據該使用者 之身份資料及經該授信銀行212加密處理之信用卡卡號資 訊雜湊值,產生該使用者憑證QR碼2021。該使用者憑證 QR碼2021可利用例如:印製之方式,將其印製於該使用 .201135619 者憑證卡204之上,以供使用者攜帶以及欲擷取該使用者 憑證QR碼2021時使用。 最後進入步驟406,該電子交易終端206會内儲存該使 用者登錄之可攜式電子裝置204之行動電話號碼,以供電 子交易流程之核對程序使用,並完成前置程序。 於本發明之另一實施例中,該可攜式電子裝置更包含 一行動通訊國際識別碼(IMEI),其係與該行動電話號碼於 交易過程中一同被送出及認證。 請參閱第5及6圖,係分別為本發明於另一實施例中 之電子交易流程示意圖及電子交易前置流程示意圖。其與 前一實施例之差異在於步驟308A及步驟406A。於步驟 308A中,該電子交易終端206 (請參閱第2圖)根據接收 到之該使用者身份資料、該行動電話號碼及該行動通訊國 際識別碼(IMEI)進行核對,亦即,該電子交易終端206内 儲存有使用者登錄之身份資料及特定之行動電話號碼與行 動通訊國際識別碼(IMEI),假使非持有該使用者憑證QR碼 2021之其他使用者即無法登入該電子交易終端206。若於 步驟308中之核對不符合時,進入步驟3081,取消交易, 結束電子交易流程;若相符則進入步驟310。 因此,如第6圖所示,本實施例中之該行動電話號碼 及該行動通訊國際識別碼(IMEI)會内儲存於該電子交易終 端206中,以供電子交易流程之核對程序使用,並完成前 置程序。 綜上所述,使用者憑證QR碼係貫穿於使用者、銀行 12 201135619 與電子交易終端之間,再加上可攜式電子裝置之行動電話 號碼,使得電子交易流程中具有交叉式的驗證機制,其他 使用者不易取得可通過所有驗證機制之資料,而可大幅提 高電子交易之安全性且亦保有行動消費之機動性;再者, 行動通訊國際識別碼(IMEI)的加入更可對電子交易之安全 性有更佳的提升。 本發明在上文中已以較佳實施例揭露,然熟習本項技 術者應理解的是,該實施例僅用於描繪本發明,而不應解 ® 讀為限制本發明之範圍。應注意的是,舉凡與該實施例等 效之變化與置換,均應設為涵蓋於本發明之範疇内。因此, 本發明之保護範圍當以申請專利範圍所界定者為準。 【圖式簡單說明】 第1圖為習用之信用卡付款方式流程圖。 第2圖為本發明於一實施例中之電子交易系統架構示 φ 意圖。 第3圖為本發明於一實施例中之電子交易流程示意圖。 第4圖為本發明於一實施例中之電子交易前置流程之 示意圖。 第5圖為本發明於另一實施例中之電子交易流程示意 圖。 第6圖為本發明於另一實施例中之電子交易前置流程 之示意圖。 13 201135619Sub-transaction terminal ^ step 310 'After logging in to the electronic transaction terminal 206, the e-shopping hall will check whether the product identification information submitted by the user is specified or not. 207 (by the verification transaction address API) The URL is easy, and the electronic two-character is ended. If it is not met, the process proceeds to step 3101, where the technique and the child-father process are canceled; otherwise, the process proceeds to step 312. 306 is generated: 312 'The electronic transaction terminal 206 submits the steps of Meng Shenhe Private card number information, the credit card verification code and the credit card m. The credit card 212, the credit bank 212 decrypts the signal to obtain the decryption card number information, and provides the user with the S The card number information combination is a complete card number information, wherein the credit card hash value is a result of the user encrypting the credit card card of the credit bank 212 in advance by the encryption program, so the incorrect user will not, the user Which credit card is logged in, so it is impossible to lose the correct 二 孔 hole of the second knives card, and thus increase the security of electronic transactions again. In the usual case, σ card information is used. It can be the i2 digits before the credit card number. At this time, the part of the card number information provided by the user can be the most = 4 digits to be combined into a complete credit card number information; however, the card number A can also have - part overlaps with the first 12 credit card numbers. 10 201135619 Next, in step 314, the credit bank 212 submits the complete card number information and the credit card verification code to a credit card processing center 214 for authorization, and the subsequent payment action ends. Electronic transaction flow. Next, please refer to FIG. 4, which is a schematic diagram of an electronic transaction pre-flow process in an embodiment of the present invention. As described above, the credit card number information hash value is pre-generated, so as shown in FIG. First, in step 402, the user submits an application to the electronic transaction terminal 206 in advance, for example, registration as a member, the user must input identity information to pass the application process. In addition, the application procedure also includes obtaining the information hash value of the credit card number. The hash value is not generated by the electronic transaction terminal 206, but is passed through a step 402a through which the electronic transaction is terminated. 206 is connected to the credit bank 212. The credit bank is determined by the user. The user inputs the card number information of the credit card to be used for payment in the interface of the credit bank 212, as described above. Enter the 12 digits before the credit card number; then proceed to step 402b, the credit bank 212 encrypts the partial card number information to generate the credit card number information hash value, and returns it to the electronic transaction terminal 206. The credit bank The encryption law adopted by 212 is only known to the bank itself. Any other unit does not know the encoding method of its anti-translation, and the bank does not have any user card full card number information, which is more in line with the personal data protection law. Next, proceeding to step 404, the electronic transaction terminal 206 generates the user credential QR code 2021 based on the identity data of the user and the credit card number hash value encrypted by the credit bank 212. The user credential QR code 2021 can be printed on the use of the .201135619 credential card 204 by way of printing, for use by the user and to retrieve the user credential QR code 2021. . Finally, in step 406, the electronic transaction terminal 206 stores the mobile phone number of the portable electronic device 204 registered by the user, uses the verification program of the power supply transaction process, and completes the pre-program. In another embodiment of the present invention, the portable electronic device further includes an International Mobile Identity (IMEI), which is sent and authenticated along with the mobile phone number during the transaction. Please refer to the fifth and sixth figures, which are respectively a schematic diagram of an electronic transaction process and a schematic diagram of an electronic transaction pre-process in another embodiment of the present invention. This differs from the previous embodiment in steps 308A and 406A. In step 308A, the electronic transaction terminal 206 (see FIG. 2) checks according to the received user identity data, the mobile phone number, and the mobile communication international identification number (IMEI), that is, the electronic transaction. The terminal 206 stores the identity information of the user login and the specific mobile phone number and the mobile communication international identification number (IMEI). If other users who do not hold the user certificate QR code 2021 cannot log in to the electronic transaction terminal 206 . If the check in step 308 is not met, proceed to step 3081 to cancel the transaction and end the electronic transaction process; if yes, proceed to step 310. Therefore, as shown in FIG. 6, the mobile phone number and the mobile communication international identification number (IMEI) in this embodiment are stored in the electronic transaction terminal 206 for use in the verification procedure of the electronic transaction process, and Complete the pre-program. In summary, the user credential QR code runs through the user, the bank 12 201135619 and the electronic transaction terminal, plus the mobile phone number of the portable electronic device, so that the electronic transaction process has a cross-validation mechanism. Other users are not easy to obtain information that can pass all verification mechanisms, but can greatly improve the security of electronic transactions and also maintain the mobility of mobile consumption. Furthermore, the addition of the International Identification of Mobile Communications (IMEI) can be more electronic transactions. There is a better improvement in security. The invention has been described above in terms of the preferred embodiments thereof, and it is understood by those skilled in the art that the present invention is not intended to limit the scope of the invention. It should be noted that variations and permutations that are equivalent to the embodiments are intended to be within the scope of the present invention. Therefore, the scope of protection of the present invention is defined by the scope of the patent application. [Simple description of the diagram] Figure 1 is a flow chart of the credit card payment method used by the reader. Figure 2 is a diagram showing the architecture of an electronic transaction system in an embodiment of the present invention. FIG. 3 is a schematic diagram of an electronic transaction flow in an embodiment of the present invention. Figure 4 is a schematic diagram of an electronic transaction pre-flow process in an embodiment of the present invention. Figure 5 is a schematic diagram of an electronic transaction flow in another embodiment of the present invention. Figure 6 is a schematic diagram of an electronic transaction pre-flow process in another embodiment of the present invention. 13 201135619
主要元件符號說明】 101〜107 步驟 200 電子交易系統 202 使用者憑證卡 2021 使用者憑證QR碼 204 可攜式電子裝置 206 電子交易終端 207 支付伺服器 210 電腦 2101 商品QR碼 212 授信銀行 214 信用卡處理中心 302〜314 步驟 308A 步驟 3081 步驟 3101 步驟 3121 步驟 402 步驟 402a > 402b 步驟 404 步驟 406 、 406A 步驟 t Si 14Main component symbol description] 101~107 Step 200 Electronic transaction system 202 User credential card 2021 User credential QR code 204 Portable electronic device 206 Electronic transaction terminal 207 Payment server 210 Computer 2101 Commodity QR code 212 Credit bank 214 Credit card processing Center 302~314 Step 308A Step 3081 Step 3101 Step 3121 Step 402 Step 402a > 402b Step 404 Step 406, 406A Step t Si 14