[go: up one dir, main page]

TW201414328A - System for generating one time password and generating method using for the same - Google Patents

System for generating one time password and generating method using for the same Download PDF

Info

Publication number
TW201414328A
TW201414328A TW101134936A TW101134936A TW201414328A TW 201414328 A TW201414328 A TW 201414328A TW 101134936 A TW101134936 A TW 101134936A TW 101134936 A TW101134936 A TW 101134936A TW 201414328 A TW201414328 A TW 201414328A
Authority
TW
Taiwan
Prior art keywords
mobile device
time password
memory card
time
generating
Prior art date
Application number
TW101134936A
Other languages
Chinese (zh)
Inventor
Wen-Yuan Chen
Hsiu-Kang Chen
Original Assignee
Sage Information Systems Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sage Information Systems Co Ltd filed Critical Sage Information Systems Co Ltd
Priority to TW101134936A priority Critical patent/TW201414328A/en
Publication of TW201414328A publication Critical patent/TW201414328A/en

Links

Landscapes

  • Telephone Function (AREA)

Abstract

A system for generating one time password (OTP) includes an intellectual mobile device and a store card, wherein the intellectual mobile device and the store card interconnect with each other in non-physical contact manner. The store card stores therein an algorithm, which is used to generate the OTP. When an OTP is required, user makes the store card in proximity to the intellectual mobile device, and the store card can receive wirelessly electrical power and a time-parameter from the intellectual mobile device within a certain range. The store card is turned-on through receiving the electrical power from the intellectual mobile device, and generates the OTP in accordance with the algorithm therein and the received time-parameter after it is turned-on.

Description

一次性密碼的產生系統及其產生方法One-time password generation system and its production method

本發明係有關於一次性密碼,尤其更有關於通過行動裝置及儲存卡來產生一次性密碼的產生系統及產生方法。The present invention relates to a one-time password, and more particularly to a generation system and a production method for generating a one-time password by using a mobile device and a memory card.

現今網路發達,使用者可操控各式的電子設備,例如個人電腦、平板電腦、或智慧型行動電話等,以連接網際網路。即使使用者待在家中,亦可通過網路來執行各項工作,例如購物、繳費、或登入網路銀行,以管理銀行帳戶等。Nowadays, the Internet is developed, and users can control various electronic devices, such as personal computers, tablets, or smart mobile phones, to connect to the Internet. Even if the user is at home, they can perform various tasks through the Internet, such as shopping, paying, or logging into an online bank to manage bank accounts.

以上述的網路銀行為例,一般在使用網路銀行的服務時,為了安全起見,皆會通過各式的驗證機制來確認使用者的使用權限,而在現有的驗證機制中,更以密碼的驗證最為便利亦最常見。當一網路交易程序進行到驗證步驟時,使用者只要輸入密碼,並上傳至後端伺服器進行驗證,就可以在驗證通過後,完成整個網路交易程序。Taking the above-mentioned online banking as an example, when using the online banking service, in order to be safe, all kinds of authentication mechanisms are used to confirm the user's usage rights, and in the existing verification mechanism, Password verification is the most convenient and most common. When an online transaction program proceeds to the verification step, the user simply enters the password and uploads it to the backend server for verification, and then completes the entire network transaction process after the verification is passed.

而為了提高密碼的安全性,目前市面上更以一次性密碼(One Time Password,OTP)的使用模式最為常見。OTP主要是將特定的參數套入特定的演算法中,以動態計算出一個密碼,並且,不同時間、狀況或事件下所使用的參數皆不相同,因此計算出的OTP亦不相同,如此可避免使用固定密碼而遭到竊取的問題。而在後端的伺服器上,則會以相同的參數與相同的演算法來計算出一個驗證密碼,並與使用者上傳的OTP進行比對,判斷使用者輸入的OTP是否正確。In order to improve the security of passwords, the one-time password (OTP) usage mode is the most common. OTP mainly puts specific parameters into a specific algorithm to dynamically calculate a password, and the parameters used in different time, situation or event are different, so the calculated OTP is also different. Avoid the problem of being stolen with a fixed password. On the server at the back end, a verification password is calculated with the same parameters and the same algorithm, and compared with the OTP uploaded by the user to determine whether the OTP input by the user is correct.

目前市場上常見的,是在一個外部的輔助工具(token)中置入一個驗證碼(identification code),當使用者需要使用OTP時,由該輔助工具將該驗證碼傳至使用者的手機或電腦,再由手機或電腦內部的軟體將該驗證碼做為參數,以計算出一組OTP,供使用者使用。然而,這樣的問題在於,只要是通過軟體來進行運算的數值,就會產生容易被竊取的中間值。更甚者,若手機或電腦被駭客入侵或被植入病毒,更可能導致整個OTP的計算過程遭到破解,進而被仿造出假的輔助工具出來。It is common in the market to put an identification code in an external token. When the user needs to use the OTP, the auxiliary tool transmits the verification code to the user's mobile phone or The computer then uses the verification code as a parameter by the software inside the mobile phone or the computer to calculate a set of OTP for the user to use. However, such a problem is that as long as the value is calculated by the software, an intermediate value that is easily stolen is generated. What's more, if a mobile phone or computer is invaded by a hacker or is implanted with a virus, it is more likely that the entire OTP calculation process will be cracked, and then it will be faked as a fake auxiliary tool.

有鑑於此,市場上實急需一種新穎的機制,讓使用者在使用OTP進行驗證時,可以在不影響便利性的前提之下,提高OTP在產生過程以及使用上的安全性。In view of this, there is an urgent need in the market for a novel mechanism for users to improve the security of the OTP process and its use without compromising convenience when using OTP for verification.

本發明之主要目的,在於提供一種一次性密碼的產生系統及其產生方法,係可由獨立的儲存卡來計算並產生一次性密碼,以供使用者使用,藉此降低通過行動裝置來運算一次性密碼時,易遭第三人竊取或破解之風險。The main object of the present invention is to provide a one-time password generating system and a generating method thereof, which can be calculated by a separate memory card and generate a one-time password for use by a user, thereby reducing one-time operation by a mobile device. When you use a password, you are at risk of being stolen or cracked by a third person.

為達上述目的,本發明主要包括一智慧型行動裝置及一儲存卡,其中智慧型行動裝置與儲存卡可通過非接觸式的傳輸介面進行通訊連接。儲存卡中儲存有用來產生一次性密碼的演算法,當使用者需要使用一次性密碼時,係將儲存卡靠近智慧型行動裝置,藉以智慧型行動裝置通過傳輸介面傳輸電力及一時間參數給儲存卡。儲存卡可於接收電力後啟動,並且通過所接收的時間參數以及內部的演算法來進行計算,藉以產生一組一次性密碼。To achieve the above objective, the present invention mainly includes a smart mobile device and a memory card, wherein the smart mobile device and the memory card can be communicatively connected through a contactless transmission interface. The memory card stores an algorithm for generating a one-time password. When the user needs to use the one-time password, the memory card is brought close to the smart mobile device, so that the smart mobile device transmits power and a time parameter to the storage through the transmission interface. card. The memory card can be started after receiving power and calculated by the received time parameters and an internal algorithm to generate a set of one-time passwords.

本發明對照先前技術所能達成之功效在於,由一獨立的儲存卡來儲存產生一次性密碼所需的演算法,並且在接收了外部提供的電力和時間參數後,直接在該儲存卡上計算並產生一組一次性密碼。藉此,不需要由使用者的行動裝置來執行一次性密碼的運算程序,因此可以避免該行動裝置遭到竊聽或植入病毒,因而在密碼的產生過程中遭到竊取、甚至是密碼的運算程序遭到破解的風險。The effect achieved by the present invention over the prior art is that the algorithm required to generate the one-time password is stored by a separate memory card, and after receiving the externally supplied power and time parameters, the calculation is performed directly on the memory card. And generate a set of one-time passwords. Thereby, the operation program of the one-time password is not required to be executed by the user's mobile device, so that the mobile device can be prevented from being eavesdropped or implanted with a virus, thereby being stolen or even cryptographically operated during the generation of the password. The risk of the program being cracked.

茲就本發明之一較佳實施例,配合圖式,詳細說明如後。DETAILED DESCRIPTION OF THE INVENTION A preferred embodiment of the present invention will be described in detail with reference to the drawings.

首請參閱第一圖,為本發明的一較佳具體實施例的系統架構圖。本發明的一次性密碼(One Time Password,OTP)的產生系統主要包括一智慧型行動裝置1(下面將於說明書內文中簡稱為該行動裝置1)及一儲存卡2。本發明提供使用者於網路上執行一網路交易程序,並且需要使用一OTP來驗證身份時,可以通過該行動裝置1及該儲存卡2來產生一組OTP,以供使用者運用。並且,如第一圖中所示,使用者主要可通過該行動裝置1來執行該網路交易程序,或是使用額外的一電腦裝置4來執行該網路交易程序,不應加以限定。然而,無論使用者通過哪一種電子裝置來執行該網路交易程序,皆可通過本發明中的該行動裝置1及該儲存卡2來產生該OTP並加以使用。Referring first to the first figure, a system architecture diagram of a preferred embodiment of the present invention is shown. The One Time Password (OTP) generation system of the present invention mainly includes a smart mobile device 1 (hereinafter referred to as the mobile device 1 in the specification) and a memory card 2. The invention provides a set of OTPs for the user to use when the user executes a network transaction program on the network and needs to use an OTP to verify the identity. The mobile device 1 and the memory card 2 can be used to generate a set of OTPs for the user to use. Moreover, as shown in the first figure, the user can execute the network transaction program mainly through the mobile device 1, or use an additional computer device 4 to execute the network transaction program, which should not be limited. However, regardless of which electronic device the user performs the network transaction program, the OTP can be generated and used by the mobile device 1 and the memory card 2 of the present invention.

本實施例中所指的該儲存卡2,主要可為一種內部儲存有數值或數據的卡片,例如晶片卡、悠遊卡等,並且於其上設置有可與該行動裝置1通訊連接之傳輸介面。然而,該儲存卡2亦可為廠商所特別製作之工具(token),僅用以產生該OTP,不應加以限定。The memory card 2 referred to in this embodiment may be a card in which a numerical value or data is stored, such as a chip card, a leisure card, etc., and a transmission interface capable of communicating with the mobile device 1 is disposed thereon. . However, the memory card 2 can also be a token specially made by the manufacturer, and is only used to generate the OTP, and should not be limited.

請參閱第二A圖,為本發明的一較佳具體實施例的網路交易頁面示意圖。第二圖A中係以該行動裝置1來執行該網路交易程序為例,舉例說明。當使用者通過該行動裝置1來執行該網路交易程序時,主要會進入一網路交易頁面W1,並且使用者可於該網路交易頁面W1中輸入一或多項的交易資料D1。例如圖中所示,係以網路銀行的轉帳頁面為例,並且該交易資料D1可為轉入帳號及轉入金額,但不加以限定。而在執行上述的網路交易程序時,為了安全考量,銀行業者可以要求使用者輸入一組OTP以進行驗證,待驗證通過後,該行動裝置1才會被允許繼續執行尚未完成的該網路交易程序。Please refer to FIG. 2A, which is a schematic diagram of a network transaction page according to a preferred embodiment of the present invention. In the second figure A, the mobile device 1 is executed by the mobile device 1 as an example. When the user executes the online transaction program through the mobile device 1, the network transaction page W1 is mainly entered, and the user can input one or more transaction materials D1 in the network transaction page W1. For example, as shown in the figure, the online bank transfer page is taken as an example, and the transaction data D1 can be transferred to an account number and transferred amount, but is not limited. In the implementation of the above network transaction procedure, for security reasons, the banker can ask the user to input a set of OTPs for verification. After the verification is passed, the mobile device 1 is allowed to continue to execute the network that has not been completed. Trading procedures.

本實施例中,使用者可以通過該儲存卡2來產生一組OTP,並通過該OTP來進行驗證。更具體而言,如第二A圖中所示,在需要使用該OTP時,該行動裝置1可以指示使用者開啟該行動裝置1上的一非接觸式的傳輸模組,例如近場通訊(Near Field Communication,NFC)模組,並且讓該行動裝置1靠近該儲存卡2。藉此,即可由該行動裝置1來提供資料給該儲存卡2、由該儲存卡2來產生一組OTP並回傳給該行動裝置1、再由該行動裝置1直接將該OTP上傳至一驗證伺服器4來進行驗證。本實施例中,係可由該行動裝置1自動上傳該OTP,故可省去使用者手動輸入的步驟,以避免輸入錯誤。並且,通過此一技術手段,該OTP不會被顯示,因此可降低該OTP被第三人所窺視之風險。然而,以上所述僅為本發明的較佳具體實例,不應加以限定。In this embodiment, the user can generate a set of OTPs through the memory card 2, and perform verification by using the OTP. More specifically, as shown in FIG. 2A, when the OTP is required to be used, the mobile device 1 can instruct the user to turn on a contactless transmission module on the mobile device 1, such as near field communication ( Near Field Communication (NFC) module, and the mobile device 1 is brought close to the memory card 2. Thereby, the mobile device 1 can provide information to the memory card 2, and the storage card 2 generates a set of OTPs and transmits them back to the mobile device 1. The mobile device 1 directly uploads the OTP to the mobile device 1. The verification server 4 is used for verification. In this embodiment, the OTP can be automatically uploaded by the mobile device 1, so that the manual input by the user can be omitted to avoid input errors. Moreover, by this technical means, the OTP is not displayed, so the risk that the OTP is peeped by a third person can be reduced. However, the above description is only a preferred embodiment of the present invention and should not be limited.

請參閱第二B圖,為本發明的一較佳具體實施例的密碼顯示頁面示意圖。於另一實施例中,使用者亦可通過該電腦裝置3來執行該網路交易程序,而當使用者需要通過OTP來進行驗證時,再通過該行動裝置1與該儲存卡2來產生該OTP。如圖所示,該儲存卡2可在該OTP產生完成後,自動回傳至該行動裝置1,並且通過該行動裝置1上的一螢幕10來顯示。例如第二B圖中所示,該行動裝置1接收該儲存卡2回傳的OTP後,會開啟一密碼顯示頁面W2,並於該密碼顯示頁面W2上顯示OTP(例如圖中所示的“12345678”)。使用者可查看該行動裝置1上的該螢幕10,以得到該OTP,並將該OTP輸入該電腦裝置3中,讓該電腦裝置3上傳至該驗證伺服器4以進行驗證。Please refer to FIG. 2B, which is a schematic diagram of a password display page according to a preferred embodiment of the present invention. In another embodiment, the user can execute the network transaction program through the computer device 3, and when the user needs to perform verification through the OTP, the mobile device 1 and the memory card 2 are used to generate the network transaction program. OTP. As shown, the memory card 2 can be automatically transmitted back to the mobile device 1 after the OTP is generated, and displayed by a screen 10 on the mobile device 1. For example, as shown in FIG. 2B, after receiving the OTP returned by the memory card 2, the mobile device 1 opens a password display page W2 and displays an OTP on the password display page W2 (for example, as shown in the figure). 12345678"). The user can view the screen 10 on the mobile device 1 to obtain the OTP, and input the OTP into the computer device 3, and upload the computer device 3 to the verification server 4 for verification.

續請參閱第三圖,為本發明的一較佳具體實施例的方塊圖。本實施例中,該行動裝置1與該儲存卡2主要可通過非接觸式的傳輸介面來進行通訊連接,更具體而言,該行動裝置1與該儲存卡2主要可通過NFC介面來建立無線連接,但並不以此為限。Referring to the third figure, a block diagram of a preferred embodiment of the present invention is shown. In this embodiment, the mobile device 1 and the memory card 2 can be mainly connected through a contactless transmission interface. More specifically, the mobile device 1 and the memory card 2 can establish wireless through the NFC interface. Connected, but not limited to this.

如圖所示,該儲存卡2主要包括一微處理器21、一NFC傳輸介面22及一記憶體23,其中該微處理器21電性連接該NFC傳輸介面22及該記憶體23。本實施側中,該儲存卡2主要是一種沒有內建電池的卡片,該記憶體23中主要儲存有一用來產生OTP的演算法231,並且該記憶體23主要可為一非揮發性記憶體,例如唯讀記憶體(Read Only Memory,ROM),故即使該儲存卡2沒有內建電池,該演算法231亦可永久保存。As shown in the figure, the memory card 2 mainly includes a microprocessor 21, an NFC transmission interface 22 and a memory 23, wherein the microprocessor 21 is electrically connected to the NFC transmission interface 22 and the memory 23. In the implementation side, the memory card 2 is mainly a card without a built-in battery. The memory 23 mainly stores an algorithm 231 for generating an OTP, and the memory 23 can be mainly a non-volatile memory. For example, Read Only Memory (ROM), the algorithm 231 can be permanently saved even if the memory card 2 does not have a built-in battery.

該行動裝置1內部具有相對應的NFC模組(圖未標示),當該NFC模組被開啟,並且該儲存卡2靠近該行動裝置1時,該行動裝置1即可與該儲存卡2建立通訊連接。藉此,該儲存卡2可通過該NFC傳輸介面22接收該行動裝置1傳來的電力P1,並且該微處理器21可藉由該電力P1而啟動。該儲存卡2啟動之後,即可進一步接收該行動裝置1傳來的一時間參數T1,藉以,該微處理器21可以依據所接收的該時間參數T1,以及該記憶體23中儲存的該演算法231來進行計算,並產生一組OTP20。其中,該時間參數T1主要是該行動裝置1所使用的時間,並且該OTP20為一以時間為基礎(Time-based)的OTP,但不加以限定。本實施例中,該儲存卡2主要是在該OTP20產生後,通過該NFC傳輸介面22回傳至該行動裝置1,由該行動裝置1來顯示,或是直接上傳至該驗證伺服器4以進行驗證。The mobile device 1 has a corresponding NFC module (not shown). When the NFC module is turned on and the memory card 2 is close to the mobile device 1, the mobile device 1 can be established with the memory card 2. Communication connection. Thereby, the memory card 2 can receive the power P1 transmitted by the mobile device 1 through the NFC transmission interface 22, and the microprocessor 21 can be activated by the power P1. After the memory card 2 is activated, a time parameter T1 transmitted by the mobile device 1 can be further received, so that the microprocessor 21 can calculate the time parameter T1 received and the calculation stored in the memory 23. Method 231 performs the calculation and produces a set of OTPs 20. The time parameter T1 is mainly the time used by the mobile device 1, and the OTP 20 is a time-based OTP, but is not limited. In this embodiment, the memory card 2 is mainly transmitted back to the mobile device 1 through the NFC transmission interface 22 after being generated by the OTP 20, and is displayed by the mobile device 1 or directly uploaded to the verification server 4 authenticating.

本實施例主要可套用一符合OATH協定之時間規則,舉例來說,該行動裝置1係可以每30秒為一個單位,產生一時戳(stamp),並且該儲存卡2可將該時戳做為參數來產生該OTP20。更具體而言,該行動裝置1係可視目前的時間,套用一對應的時戳參數(圖未標示),並將該時戳參數傳送至該儲存卡2,藉以該儲存卡2依據該時戳參數與該演算法231來計算並產生該OTP20。然而,以上所述僅為本發明的較佳具體實例,不應以此為限。In this embodiment, a time rule conforming to the OATH protocol can be applied. For example, the mobile device 1 can generate a time stamp every 30 seconds, and the memory card 2 can use the time stamp as Parameters to generate the OTP20. More specifically, the mobile device 1 applies a corresponding time stamp parameter (not shown) according to the current time, and transmits the time stamp parameter to the memory card 2, whereby the memory card 2 is based on the time stamp. The algorithm and the algorithm 231 calculate and generate the OTP 20. However, the above description is only a preferred embodiment of the present invention and should not be limited thereto.

值得一提的是,若使用者是通過該行動裝置1來執行該網路交易程序,則該行動裝置1在傳送該電力P1與該時間參數T1至該儲存卡2的同時,亦可傳送使用者在該網路交易程序中輸入的該交易資料D1。藉此,該儲存卡2中的該微處理器21,可以依據該交易資料D1、該時間參數T1及該演算法231來計算並產生上述該OTP20。然而,該儲存卡2要通過哪些資料來做為該演算法231之計算參數,應視實際所需而定,不應以此為限。本實施例中,當該儲存卡2產生了該OTP20後,會自動回傳至該行動裝置1,並由該行動裝置1自動上傳至該驗證伺服器4進行驗證。藉此,當該驗證伺服器4驗證該OTP20通過,並且回覆該行動裝置1之後,該行動裝置1即可被允許繼續執行尚未完成的該網路交易程序。It is worth mentioning that if the mobile device is executed by the mobile device 1 , the mobile device 1 can transmit the power P1 and the time parameter T1 to the memory card 2 The transaction data D1 entered in the online transaction program. Thereby, the microprocessor 21 in the memory card 2 can calculate and generate the OTP 20 according to the transaction data D1, the time parameter T1 and the algorithm 231. However, the data to be used by the memory card 2 as the calculation parameter of the algorithm 231 should be determined according to actual needs, and should not be limited thereto. In this embodiment, when the OTP 20 is generated by the memory card 2, it is automatically transmitted back to the mobile device 1 and automatically uploaded by the mobile device 1 to the verification server 4 for verification. Thereby, after the verification server 4 verifies that the OTP 20 has passed and replies to the mobile device 1, the mobile device 1 can be allowed to continue to execute the network transaction program that has not been completed.

請同時參閱第四圖,為本發明的一較佳具體實施例的密碼產生流程圖。如圖所示,若要通過本發明的方法來得到該OTP20,首先,必須開啟該行動裝置1上的NFC模組,並將該儲存卡2靠近該行動裝置1,藉以讓該儲存卡2接收外部傳來的該電力P1及該時間參數T1(步驟S10)。並且更具體而言,係由該行動裝置1來傳送該電力P1及該時間參數T1至該儲存卡2。Please refer to the fourth figure at the same time, which is a flow chart of password generation according to a preferred embodiment of the present invention. As shown, if the OTP 20 is to be obtained by the method of the present invention, first, the NFC module on the mobile device 1 must be turned on, and the memory card 2 is brought close to the mobile device 1 so that the memory card 2 can be received. The power P1 transmitted from the outside and the time parameter T1 (step S10). More specifically, the mobile device 1 transmits the power P1 and the time parameter T1 to the memory card 2.

該儲存卡2接收該行動裝置1傳來的該電力P1後,其內部的該微處理器21即可據以啟動,藉以,進一步依據該時間參數T1及該演算法231進行計算,並產生該OTP20(步驟S12)。最後,該儲存卡2在產生了該OTP20後,係自動對外傳送該OTP20(步驟S14),並且更具體而言,該儲存卡2係自動將計算完成的該OTP20傳送至該行動裝置1(即,該電力P1與該時間參數T1的提供者)。該行動裝置1接收該OTP20後,可通過其上的該螢幕10來顯示,或是直接上傳至該驗證伺服器4以進行驗證,端看使用者是否通過該行動裝置1來執行該網路交易程序而定。After the memory card 2 receives the power P1 transmitted by the mobile device 1, the microprocessor 21 therein can be activated according to the time parameter T1 and the algorithm 231, and the OTP 20 (step S12). Finally, the memory card 2 automatically transmits the OTP 20 after the OTP 20 is generated (step S14), and more specifically, the memory card 2 automatically transmits the calculated OTP 20 to the mobile device 1 (ie, , the power P1 and the provider of the time parameter T1). After receiving the OTP 20, the mobile device 1 can be displayed by the screen 10 on the mobile device 1 or directly uploaded to the verification server 4 for verification, and whether the user performs the network transaction through the mobile device 1 Depending on the program.

續請參閱第五圖,為本發明的另一較佳具體實施例的密碼產生流程圖。本實施例中,使用者係通過該行動裝置1執行該網路交易程序(步驟S20),並且,於該網路交易程序執行至一特定步驟時,該網路交易程序請求該行動裝置1輸入一組OTP,以進行驗證。此時,使用者可開啟該行動裝置1上的NFC模組,並將該儲存卡2靠近該行動裝置1,以讓該儲存卡2接收該行動裝置1傳送的電力P1並據以啟動(步驟S22)。Continuing to refer to the fifth figure, a flow chart of password generation according to another preferred embodiment of the present invention. In this embodiment, the user executes the network transaction program through the mobile device 1 (step S20), and when the network transaction program executes to a specific step, the network transaction program requests the mobile device 1 to input. A set of OTPs for verification. At this time, the user can open the NFC module on the mobile device 1 and bring the memory card 2 close to the mobile device 1 to allow the memory card 2 to receive the power P1 transmitted by the mobile device 1 and start up according to the steps (steps). S22).

值得一提的是,該儲存卡2在啟動後,可先對使用者進行驗證,以確認該使用者具有請求該OTP20的權限。如上述第三圖中所示,該儲存卡2的該記憶體23中更儲存有一金鑰232,當該儲存卡2啟動後,該行動裝置1上會出現一識別碼(Personal Identification Number,PIN)的輸入視窗(圖未標示),以請求使用者於該輸入視窗中輸入識別碼。該行動裝置1接收使用者輸入的一識別碼後,會將該識別碼傳送至該儲存卡2進行驗證(步驟S24)。該儲存卡2接收該識別碼後,主要是與內部儲存的該金鑰232進行比對驗證,藉以判斷該識別碼是否可以通過驗證(步驟S26)。若該識別碼無法通過驗證,即,與該金鑰232比對不符,則回到該步驟S24,請求使用者於該行動裝置1上重新輸入一正確之識別碼,否則該儲存卡2將不會執行該OTP20的產生程序。而若該識別碼通過驗證,即表示該使用者具有該OTP20的請求權限,因此該儲存卡2可以進一步接收該行動裝置1傳來的資料。It is worth mentioning that after the memory card 2 is started, the user can be authenticated to confirm that the user has the right to request the OTP 20. As shown in the third figure, a memory key 232 is further stored in the memory 23 of the memory card 2. When the memory card 2 is activated, an identification code (Personal Identification Number, PIN) appears on the mobile device 1. The input window (not shown) allows the user to enter an identification code in the input window. After receiving the identification code input by the user, the mobile device 1 transmits the identification code to the memory card 2 for verification (step S24). After receiving the identification code, the memory card 2 mainly performs comparison verification with the internally stored key 232 to determine whether the identification code can pass the verification (step S26). If the identification code fails to pass the verification, that is, the comparison with the key 232 does not match, then the process returns to the step S24, requesting the user to re-enter a correct identification code on the mobile device 1, otherwise the memory card 2 will not The OTP20 generation program will be executed. If the identification code passes the verification, it means that the user has the request authority of the OTP 20, so the memory card 2 can further receive the data transmitted by the mobile device 1.

當該識別碼通過驗證後,該行動裝置1即傳送該時間參數T1至該儲存卡2(步驟S28),藉以,該儲存卡2可依據所接收的該時間參數T1,以及內部儲存的該演算法231來進行計算,並產生該OTP20(步驟S30)。值得一提的是,本實施例中主要是通過該行動裝置1來執行該網路交易程序,例如網路匯款、轉帳或查詢餘額等,是以,除了上述該時間參數T1之外,該儲存卡2還可同時接收該行動裝置1於該網路交易程序中輸入的該交易資料D1。藉此,該儲存卡2係可同時依據該交易資料D1、該時間參數T1以及該演算法231來計算並產生該OTP20。After the identification code passes the verification, the mobile device 1 transmits the time parameter T1 to the memory card 2 (step S28), whereby the memory card 2 can be based on the received time parameter T1 and the internally stored calculation The method 231 performs calculations and generates the OTP 20 (step S30). It is worth mentioning that, in this embodiment, the network transaction program is mainly executed by the mobile device 1, such as network remittance, transfer, or inquiry balance, etc., in addition to the time parameter T1 described above, the storage The card 2 can also simultaneously receive the transaction data D1 input by the mobile device 1 in the online transaction program. Thereby, the memory card 2 can calculate and generate the OTP 20 according to the transaction data D1, the time parameter T1 and the algorithm 231 at the same time.

該步驟S30之後,該儲存卡2通過該NFC傳輸介面22,自動將該OTP20回傳至該行動裝置1(步驟S32),並且,由該行動裝置1自動上傳該OTP20至該驗證伺服器4,以進行驗證動作(步驟S34)。本實施例中,該驗證伺服器4中係儲存有與該儲存卡2中相同的該演算法231,因此,在該驗證伺服器4接收該OTP20之後,可以依據相同的參數(例如該時間參數T1及/或該交易資料D1),套入相同的該演算法231中進行計算,以得到一組驗證OTP。如此一來,該驗證伺服器1可通過該OTP20與該驗證OTP之比對,判斷該行動裝置1上傳的該OTP20是否可通過驗證(步驟S36)。After the step S30, the memory card 2 automatically transmits the OTP 20 to the mobile device 1 through the NFC transmission interface 22 (step S32), and the mobile device 1 automatically uploads the OTP 20 to the verification server 4, The verification operation is performed (step S34). In this embodiment, the verification server 4 stores the same algorithm 231 as in the memory card 2, and therefore, after the verification server 4 receives the OTP 20, it can be based on the same parameter (for example, the time parameter). T1 and/or the transaction data D1) are nested into the same algorithm 231 for calculation to obtain a set of verification OTPs. In this way, the verification server 1 can determine whether the OTP 20 uploaded by the mobile device 1 can pass the verification by comparing the OTP 20 with the verification OTP (step S36).

若該OTP20無法通過驗證,則該網路交易程序無法被順利執行;反之,若該驗證伺服器4驗證該OTP20通過,並且回覆該行動裝置1後,該行動裝置1即可被允許繼續執行尚未完成的該網路交易程序(步驟S38)。If the OTP 20 fails to pass the verification, the network transaction program cannot be successfully executed; conversely, if the verification server 4 verifies that the OTP 20 passes and responds to the mobile device 1, the mobile device 1 is allowed to continue to execute yet. The completed network transaction procedure (step S38).

通過上述方法,則在該儲存卡2靠近該行動裝置1後,該OTP20即可自動產生並上傳至該驗證伺服器4中進行驗證。換句話說,使用者只要開啟該行動裝置1上的NFC模組(或是設定讓該NFC模組常態性開啟),並讓該儲存卡2靠近該行動裝置1,即可自動完成整個驗證程序,並讓該行動裝置1繼續執行該網路交易程序。在上述過程中,使用者甚至可以不必知道該OTP20的實際數值為何,也不必手動輸入,因此可以避免被第三人所竊取,或是使用者輸入錯誤而導致無法驗證通過的問題。Through the above method, after the memory card 2 is close to the mobile device 1, the OTP 20 can be automatically generated and uploaded to the verification server 4 for verification. In other words, the user can automatically complete the verification process by simply turning on the NFC module on the mobile device 1 (or setting the NFC module to be normally turned on) and bringing the memory card 2 close to the mobile device 1. And let the mobile device 1 continue to execute the network transaction program. In the above process, the user does not even need to know the actual value of the OTP 20, and does not need to manually input, so that the problem that the third person is stolen or the user input is incorrect and the verification cannot be passed can be avoided.

請同時參閱第六圖及第七圖,分別為 本發明的另一較佳具體實施例的系統架構圖與又一較佳具體實施例的密碼產生流程圖。如第六圖所示,本實施例中揭露了另一儲存卡2’,與上述實施例中的該儲存卡2的差異在於,該儲存卡2’更具有一顯示單元24,電性連接至內部的該微處理器21。該顯示單元24用以顯示該微處理器21產生的該OTP20,並且於本實施例中,該顯示單元24主要係以一電子紙來實現,但並不加以限定。Please refer to the sixth and seventh figures, which are respectively a system architecture diagram of another preferred embodiment of the present invention and a password generation flowchart of still another preferred embodiment. As shown in the sixth embodiment, another memory card 2' is disclosed in the embodiment, which is different from the memory card 2 in the above embodiment in that the memory card 2' further has a display unit 24 electrically connected to The microprocessor 21 is internal. The display unit 24 is configured to display the OTP 20 generated by the microprocessor 21, and in the embodiment, the display unit 24 is mainly implemented by an electronic paper, but is not limited thereto.

如第七圖所示,在該儲存卡2’靠近該行動裝置1後,該儲存卡2’可以通過該NFC傳輸介面22接收該行動裝置1傳來的該電力P1及該時間參數T1(步驟S40)。該步驟S40後,該儲存卡2’內部的該微處理器21因接收了該電力P1而啟動,並且,依據所接收的該時間參數T1,以及內部儲存的該演算法231進行計算,並產生上述的該OTP20(步驟S42)。As shown in FIG. 7 , after the memory card 2 ′ is close to the mobile device 1 , the memory card 2 ′ can receive the power P1 and the time parameter T1 transmitted by the mobile device 1 through the NFC transmission interface 22 (steps). S40). After the step S40, the microprocessor 21 inside the memory card 2' is started by receiving the power P1, and is calculated according to the received time parameter T1 and the internally stored algorithm 231, and is generated. The OTP 20 described above (step S42).

與前述實施例的差別在於,在該OTP20產生後,該儲存卡2’並不將該OTP20回傳至該行動裝置1,而是於該顯示單元24上顯示該OTP20(步驟S44),以令使用者查看。通過本實施例的技術手段,無論使用者是通過該行動裝置1或該電腦裝置3來執行該網路交易程序,皆可由該儲存卡2’上的該顯示單元24來查看該OTP20,並且手動輸入至對應的欄位中,進而上傳至該驗證伺服器4以進行驗證。待該驗證伺服器4驗證該OTP20通過後,該行動裝置1與該電腦裝置3可被允許繼續執行尚未完成的該網路交易程序。The difference from the foregoing embodiment is that after the OTP 20 is generated, the memory card 2' does not return the OTP 20 to the mobile device 1, but displays the OTP 20 on the display unit 24 (step S44). User view. Through the technical means of the embodiment, whether the user executes the network transaction program through the mobile device 1 or the computer device 3, the OTP 20 can be viewed by the display unit 24 on the memory card 2', and manually It is input to the corresponding field and uploaded to the verification server 4 for verification. After the verification server 4 verifies that the OTP 20 has passed, the mobile device 1 and the computer device 3 can be allowed to continue to execute the network transaction program that has not been completed.

如上所述,本發明的一次性密碼的產生系統,主要具有下列三種實施態樣:As described above, the one-time password generating system of the present invention mainly has the following three embodiments:

1.將該行動裝置1與該儲存卡2視為一OTP的自動驗證裝置,在該儲存卡2產生該OTP20後,自動將該OTP20回傳至該行動裝置1,並由該行動裝置1自動上傳至該驗證伺服器4進行驗證。使用者不需要查看該OTP20的實際數值,亦不需手動將該OTP20輸入該行動裝置1或該電腦裝置3上的對應欄位,如此可避免該OTP20被窺視、或是使用者手動輸入錯誤等問題;1. The mobile device 1 and the memory card 2 are regarded as an automatic verification device of the OTP. After the OTP 20 is generated by the memory card 2, the OTP 20 is automatically transmitted back to the mobile device 1, and the mobile device 1 automatically Upload to the verification server 4 for verification. The user does not need to view the actual value of the OTP 20, and does not need to manually input the OTP 20 into the corresponding field on the mobile device 1 or the computer device 3, so as to avoid the OTP 20 being peeped, or the user manually inputting errors, etc. problem;

2.在該儲存卡2產生該OTP20後,自動將該OTP20回傳至該行動裝置1,並通過該行動裝置1來加以顯示。使用者可由該行動裝置1上查看該OTP20後,手動輸入該電腦裝置3上的對應欄位,並由該電腦裝置3上傳至該驗證伺服器4以進行驗證。藉此,將該儲存卡2視為OTP20的產生工具,而將該行動裝置1視為該OTP20的顯示工具;以及2. After the OTP 20 is generated by the memory card 2, the OTP 20 is automatically transmitted back to the mobile device 1 and displayed by the mobile device 1. After the user can view the OTP 20 on the mobile device 1, the corresponding field on the computer device 3 is manually input, and uploaded to the verification server 4 by the computer device 3 for verification. Thereby, the memory card 2 is regarded as a generation tool of the OTP 20, and the mobile device 1 is regarded as a display tool of the OTP 20;

3.將該儲存卡2’視為一OTP的產生工具(token),當該儲存卡2’產生該OTP20後,會顯示於其上的該顯示單元24,以令使用者查看。藉以,使用者可記錄該OTP20,並且將該OTP20輸入該行動裝置1、該電腦裝置3或是其他的電子裝置中的對應欄位,如此將使該OTP20可以被運用於更多的電子裝置上。3. The memory card 2' is regarded as an OTP creation token. When the memory card 2' generates the OTP 20, the display unit 24 is displayed thereon for viewing by the user. Therefore, the user can record the OTP 20 and input the OTP 20 into the corresponding field in the mobile device 1, the computer device 3 or other electronic devices, so that the OTP 20 can be applied to more electronic devices. .

以上所述僅為本發明之較佳具體實例,非因此即侷限本發明之專利範圍,故舉凡運用本發明內容所為之等效變化,均同理皆包含於本發明之範圍內,合予陳明。The above is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Therefore, equivalent changes to the scope of the present invention are included in the scope of the present invention. Bright.

1...行動裝置1. . . Mobile device

10...螢幕10. . . Screen

2、2’...儲存卡2, 2’. . . Memory card

20...一次性密碼20. . . One-time password

21...微處理器twenty one. . . microprocessor

22...近場通訊傳輸介面twenty two. . . Near field communication transmission interface

23...記憶體twenty three. . . Memory

231...演算法231. . . Algorithm

232...金鑰232. . . Key

24...顯示單元twenty four. . . Display unit

3...電腦裝置3. . . Computer device

4...驗證伺服器4. . . Authentication server

D1...交易資料D1. . . Transaction data

P1...電力P1. . . electric power

T1...時間參數T1. . . Time parameter

W1...網路交易頁面W1. . . Online trading page

W2...密碼顯示頁面W2. . . Password display page

S10~S14...步驟S10~S14. . . step

S20~S38...步驟S20~S38. . . step

S40~S44...步驟S40~S44. . . step

第一圖為本發明的一較佳具體實施例的系統架構圖。The first figure is a system architecture diagram of a preferred embodiment of the present invention.

第二A圖為本發明的一較佳具體實施例的網路交易頁面示意圖。FIG. 2A is a schematic diagram of a network transaction page according to a preferred embodiment of the present invention.

第二B圖為本發明的一較佳具體實施例的密碼顯示頁面示意圖。FIG. 2B is a schematic diagram of a password display page according to a preferred embodiment of the present invention.

第三圖為本發明的一較佳具體實施例的方塊圖。The third figure is a block diagram of a preferred embodiment of the present invention.

第四圖為本發明的一較佳具體實施例的密碼產生流程圖。The fourth figure is a flow chart of password generation according to a preferred embodiment of the present invention.

第五圖為本發明的另一較佳具體實施例的密碼產生流程圖。The fifth figure is a flow chart of password generation according to another preferred embodiment of the present invention.

第六圖為本發明的另一較佳具體實施例的系統架構圖。Figure 6 is a system architecture diagram of another preferred embodiment of the present invention.

第七圖為本發明的又一較佳具體實施例的密碼產生流程圖。Figure 7 is a flow chart showing the generation of a password according to still another preferred embodiment of the present invention.

S10~S14...步驟S10~S14. . . step

Claims (14)

一種一次性密碼的產生系統,包括一行動裝置及一儲存卡,該行動裝置具有一近場通訊(Near Field Communication,NFC)模組,當該近場通訊模組被開啟時,可與該儲存卡進行非接觸式的通訊連接,其中該儲存卡包括:
一近場通訊傳輸介面,當該儲存卡靠近該行動裝置時與該行動裝置建立通訊連接,並接收該行動裝置傳來的電力及一時間參數,其中該時間參數為該行動裝置使用的時間;
一記憶體,儲存有一演算法;及
一微處理器,電性連接該近場通訊傳輸介面及該記憶體,該微處理器於該接收該行動裝置傳來的電力後啟動,並且啟動後依據該時間參數及該演算法進行計算,並產生一以時間為基礎(Time-based)的一次性密碼(One Time Password,OTP)。A one-time password generating system includes a mobile device and a memory card, and the mobile device has a Near Field Communication (NFC) module, and the near field communication module can be stored when the near field communication module is turned on. The card performs a contactless communication connection, wherein the memory card includes:
a near field communication transmission interface, when the memory card is close to the mobile device, establishes a communication connection with the mobile device, and receives power and a time parameter transmitted by the mobile device, wherein the time parameter is a time used by the mobile device;
a memory storing an algorithm; and a microprocessor electrically connected to the near field communication transmission interface and the memory, the microprocessor is started after receiving the power transmitted by the mobile device, and is activated according to the startup The time parameter and the algorithm are calculated and a Time-based One Time Password (OTP) is generated. 如請求項1所述的一次性密碼的產生系統,其中該儲存卡更包括一顯示單元,電性連接該微處理器,用以顯示該一次性密碼。The system for generating a one-time password according to claim 1, wherein the memory card further comprises a display unit electrically connected to the microprocessor for displaying the one-time password. 如請求項2所述的一次性密碼的產生系統,其中該顯示單元為電子紙。The system for generating a one-time password according to claim 2, wherein the display unit is electronic paper. 如請求項1所述的一次性密碼的產生系統,其中該記憶體為一唯讀記憶體(Read Only Memory,ROM)。The system for generating a one-time password according to claim 1, wherein the memory is a read only memory (ROM). 如請求項1所述的一次性密碼的產生系統,其中更包括一驗證伺服器,通過網際網路與該行動裝置連接,該儲存卡產生該一次性密碼後,係自動回傳至該行動裝置,並由該行動裝置自動將該一次性密碼上傳至該驗證伺服器進行驗證。The one-time password generating system of claim 1, further comprising a verification server connected to the mobile device via the Internet, the memory card being automatically returned to the mobile device after the one-time password is generated And the mobile device automatically uploads the one-time password to the verification server for verification. 如請求項5所述的一次性密碼的產生系統,其中該儲存卡更接收該行動裝置執行一網路交易程序時所輸入的一交易資料,該微處理器依據該交易資料、該時間參數及該演算法來計算並產生該一次性密碼,當該驗證伺服器驗證該一次性密碼通過,並且回覆該行動裝置後,該行動裝置被允許繼續執行該網路交易程序。The one-time password generating system of claim 5, wherein the memory card further receives a transaction data input by the mobile device when executing a network transaction program, the microprocessor according to the transaction data, the time parameter, and The algorithm calculates and generates the one-time password, and when the verification server verifies that the one-time password has passed and responds to the mobile device, the mobile device is allowed to continue executing the network transaction program. 如請求項1所述的一次性密碼的產生系統,其中該記憶體中更儲存有一金鑰,用以與該行動裝置傳來的一識別碼進行比對驗證,並且該儲存卡係於該識別碼驗證通過後接收該行動裝置傳送的該時間參數。The system for generating a one-time password according to claim 1, wherein the memory further stores a key for performing comparison verification with an identification code transmitted by the mobile device, and the memory card is associated with the identification. The time parameter transmitted by the mobile device is received after the code verification is passed. 一種一次性密碼的產生方法,運用於一行動裝置與一儲存卡,其中該行動裝置具有一近場通訊(Near Field Communication,NFC)模組,當該近場通訊模組被開啟,且該儲存卡靠近該行動裝置時,該行動裝置與該儲存卡進行非接觸式的通訊連接,其中該儲存卡內儲存有一演算法,並且該一次性密碼的產生方法包括:
a)該儲存卡接收該行動裝置傳來的電力並據以啟動;
b)該儲存卡於啟動後接收該行動裝置傳來的一時間參數;及
c)該儲存卡依據該時間參數及該演算法進行計算,並產生一組以時間為基礎的一次性密碼。A method for generating a one-time password for a mobile device and a memory card, wherein the mobile device has a Near Field Communication (NFC) module, when the near field communication module is turned on, and the storage When the card is close to the mobile device, the mobile device performs a contactless communication connection with the memory card, wherein the memory card stores an algorithm, and the method for generating the one-time password includes:
a) the memory card receives the power transmitted by the mobile device and is activated accordingly;
b) receiving, by the memory card, a time parameter transmitted by the mobile device after starting; and
c) The memory card is calculated according to the time parameter and the algorithm, and generates a set of time-based one-time passwords. 如請求項8所述的一次性密碼的產生方法,其中該儲存卡具有一顯示單元,該一次性密碼的產生方法更包括一步驟d:步驟c後,於該顯示單元上顯示該一次性密碼。The method for generating a one-time password according to claim 8, wherein the memory card has a display unit, and the method for generating the one-time password further includes a step d: after the step c, displaying the one-time password on the display unit . 如請求項8所述的一次性密碼的產生方法,其中該步驟c後更包括下列步驟:
e)該儲存卡回傳該一次性密碼至該行動裝置;及
f)該行動裝置通過其上的螢幕顯示該一次性密碼。The method for generating a one-time password according to claim 8, wherein the step c further comprises the following steps:
e) the memory card returns the one-time password to the mobile device; and
f) The mobile device displays the one-time password through the screen on it. 如請求項8所述的一次性密碼的產生方法,其中該步驟b之前更包括下列步驟:
g)該行動裝置接收外部輸入的一識別碼,並將該識別碼傳送至該儲存卡;
h)該儲存卡對該識別碼進行驗證;及
i)若該識別碼通過驗證,執行該步驟b。The method for generating a one-time password according to claim 8, wherein the step b further includes the following steps:
g) the mobile device receives an externally input identification code and transmits the identification code to the memory card;
h) the memory card verifies the identification code; and
i) If the identification code passes verification, perform step b. 如請求項8所述的一次性密碼的產生方法,其中該步驟a之前更包括下列步驟:
a01)該行動裝置執行一網路交易程序;及
a02)該網路交易程序請求該行動裝置輸入該一次性密碼。The method for generating a one-time password according to claim 8, wherein the step a further includes the following steps:
A01) the mobile device performs an internet transaction procedure; and
A02) The network transaction program requests the mobile device to input the one-time password. 如請求項12所述的一次性密碼的產生方法,其中該步驟b中,該儲存卡係同時接收該行動裝置於該網路交易程序中輸入的一交易資料,並且該步驟c中,該儲存卡係依據該交易資料、該時間參數及該演算法來計算並產生該一次性密碼。The method for generating a one-time password according to claim 12, wherein in the step b, the storage card simultaneously receives a transaction data input by the mobile device in the network transaction program, and in the step c, the storing The card calculates and generates the one-time password based on the transaction data, the time parameter, and the algorithm. 如請求項12所述的一次性密碼的產生方法,其中該步驟c後更包括下列步驟:
j)該儲存卡回傳該一次性密碼至該行動裝置;
k)該行動裝置自動將該一次性密碼上傳至一驗證伺服器以進行驗證;及
l)當該該一次性密碼通過驗證後,該行動裝置被允許繼續執行該網路交易程序。The method for generating a one-time password according to claim 12, wherein the step c further comprises the following steps:
j) the memory card returns the one-time password to the mobile device;
k) the mobile device automatically uploads the one-time password to a verification server for verification; and
l) After the one-time password is verified, the mobile device is allowed to continue executing the network transaction procedure.
TW101134936A 2012-09-24 2012-09-24 System for generating one time password and generating method using for the same TW201414328A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW101134936A TW201414328A (en) 2012-09-24 2012-09-24 System for generating one time password and generating method using for the same

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW101134936A TW201414328A (en) 2012-09-24 2012-09-24 System for generating one time password and generating method using for the same

Publications (1)

Publication Number Publication Date
TW201414328A true TW201414328A (en) 2014-04-01

Family

ID=55181894

Family Applications (1)

Application Number Title Priority Date Filing Date
TW101134936A TW201414328A (en) 2012-09-24 2012-09-24 System for generating one time password and generating method using for the same

Country Status (1)

Country Link
TW (1) TW201414328A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107370711A (en) * 2016-05-11 2017-11-21 阿里巴巴集团控股有限公司 A method and system for verifying identity, and smart wearable device
TWI612793B (en) * 2016-07-04 2018-01-21 中華電信股份有限公司 System and method for providing one-time password over telephone network
TWI703522B (en) * 2015-03-26 2020-09-01 菲律賓商智慧通訊公司 System and method for facilitating remittance

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI703522B (en) * 2015-03-26 2020-09-01 菲律賓商智慧通訊公司 System and method for facilitating remittance
CN107370711A (en) * 2016-05-11 2017-11-21 阿里巴巴集团控股有限公司 A method and system for verifying identity, and smart wearable device
KR20190005985A (en) * 2016-05-11 2019-01-16 알리바바 그룹 홀딩 리미티드 An identity verification method and system, and an intelligent wearable device
EP3457656A4 (en) * 2016-05-11 2019-04-10 Alibaba Group Holding Limited METHOD AND SYSTEM FOR IDENTITY VERIFICATION AND INTELLIGENT CLOTHING DEVICE
KR102151338B1 (en) 2016-05-11 2020-09-03 알리바바 그룹 홀딩 리미티드 Identity verification method and system, and intelligent wearable device
US10878074B2 (en) 2016-05-11 2020-12-29 Advanced New Technologies Co., Ltd. Identity verification method and system, and intelligent wearable device
US10891364B2 (en) 2016-05-11 2021-01-12 Advanced New Technologies Co., Ltd. Identity verification method and system, and intelligent wearable device
CN107370711B (en) * 2016-05-11 2021-05-11 创新先进技术有限公司 A method and system for verifying identity, and a smart wearable device
TWI612793B (en) * 2016-07-04 2018-01-21 中華電信股份有限公司 System and method for providing one-time password over telephone network

Similar Documents

Publication Publication Date Title
US11736468B2 (en) Enhanced authorization
US11170369B2 (en) Systems and methods for biometric authentication of transactions
US9471919B2 (en) Systems and methods for biometric authentication of transactions
US9208492B2 (en) Systems and methods for biometric authentication of transactions
US9053304B2 (en) Methods and systems for using derived credentials to authenticate a device across multiple platforms
EP3090373A1 (en) An authentication apparatus with a bluetooth interface
WO2014022778A1 (en) User-convenient authentication method and apparatus using a mobile authentication application
TW201610858A (en) Multi-card-in-one device, system and loading method of card information
KR20180087739A (en) A FIDO authentication device capable of identity confirmation or non-repudiation and the method thereof
JP2015138545A (en) Electronic payment system and electronic payment method
KR101804182B1 (en) Online financial transactions, identity authentication system and method using real cards
US10984131B2 (en) Method for providing personal information of a user requested by a given online service
TW201414328A (en) System for generating one time password and generating method using for the same
KR20110002967A (en) Method and system for providing real name authentication service using biometric authentication and portable storage device therefor
KR101566011B1 (en) Method for Operating OTP using Biometric
KR20130038086A (en) Recording medium, method and system for financial transactions use of automated teller machine
KR20110005611A (en) OTP operation method and system using user media and OTP device and recording medium for it
KR20150096366A (en) Method for Operating OTP using Biometric
KR101378810B1 (en) Certificate saving method
US11695548B1 (en) Systems and methods for network authentication with a shared secret
KR20150038774A (en) Method for Linking Transaction to One Time Authentication Code
KR101575023B1 (en) Authentication method using portable electronic device
US11429955B2 (en) Method for securing a transaction from a mobile terminal
KR101636068B1 (en) Method for Operating OTP using Biometric
KR20140092051A (en) Security device and system using short range wireless communication