[go: up one dir, main page]

TW201816646A - Electronic transaction authentication method and system using mobile device application program providing high security in financial electronic transaction - Google Patents

Electronic transaction authentication method and system using mobile device application program providing high security in financial electronic transaction Download PDF

Info

Publication number
TW201816646A
TW201816646A TW105133504A TW105133504A TW201816646A TW 201816646 A TW201816646 A TW 201816646A TW 105133504 A TW105133504 A TW 105133504A TW 105133504 A TW105133504 A TW 105133504A TW 201816646 A TW201816646 A TW 201816646A
Authority
TW
Taiwan
Prior art keywords
data
transaction
biometric
account identification
user
Prior art date
Application number
TW105133504A
Other languages
Chinese (zh)
Other versions
TWI645308B (en
Inventor
邵弘龍
Original Assignee
富邦綜合證券股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 富邦綜合證券股份有限公司 filed Critical 富邦綜合證券股份有限公司
Priority to TW105133504A priority Critical patent/TWI645308B/en
Publication of TW201816646A publication Critical patent/TW201816646A/en
Application granted granted Critical
Publication of TWI645308B publication Critical patent/TWI645308B/en

Links

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Collating Specific Patterns (AREA)

Abstract

In an electronic transaction authentication method and system, when a mobile device executes a saved application program related to a financial transaction and determines that the obtained login authentication data is identical to the saved reference login authentication data related to a user, a login request comprising the account identification data related to the user is transmitted to a server for determining whether the mobile device is allowed to log in a user account assigned to the user. When the obtained transaction authentication data corresponding to an electronic transaction is identical to the saved reference transaction authentication data related to the user during the period of logging in the user account, a transaction request comprising the account identification data and transaction data is transmitted to the server for determining whether to execute the electronic transaction.

Description

利用行動裝置應用程式的電子交易認證方法及系統Electronic transaction authentication method and system using mobile device application

本發明是有關於電子交易認證,特別是指一種利用行動裝置應用程式的電子交易認證方法及系統。The present invention relates to electronic transaction authentication, and particularly to an electronic transaction authentication method and system using a mobile device application.

隨著金融科技(FinTech)風潮興起,一般投資人通常可經由執行一安裝於一行動裝置的應用程式來進行相關於金融的操作,例如在線的股票看盤、股票電子下單的電子交易等。由於執行應用程式期間,使用者在登入使用者電子帳戶之前或者欲進行一電子交易時,通常需要以手動方式輸入使用者相關資料,諸如使用者電子帳號及密碼,作為判定是否准予登入該使用者電子帳戶或者執行該電子交易的使用者身分識別資料。然而,此手動輸入操作恐因無法避免的誤動作,例如按錯輸入鍵而導致密碼鎖定或無法登入/交易的窘境。如此,對於例如股票投資人而言上述的使用者身分驗證方式恐無法滿足「速度」、「安全」與「便利」的需求。因此,現有使用者身分驗證方法仍有改良的空間。With the rise of financial technology (FinTech), investors generally can perform financial-related operations by executing an application installed on a mobile device, such as online stock checking, electronic trading of electronic stock orders, and the like. During the execution of the application, before the user logs in to the user's electronic account or wants to conduct an electronic transaction, it is usually necessary to manually enter user-related information, such as the user's electronic account number and password, as a determination of whether to allow the user to log in. Electronic account or identification of the user who performed the electronic transaction. However, this manual input operation may cause dilemma due to unavoidable misoperations, such as password lock or inability to log in / transaction due to pressing the wrong input key. In this way, for the stock investor, for example, the above-mentioned user identity verification method may not meet the requirements of "speed", "security" and "convenience". Therefore, there is still room for improvement in existing user identity verification methods.

因此,本發明的目的,即在提供一種電子交易認證方法,能克服習知技藝至少一個缺點。Therefore, an object of the present invention is to provide an electronic transaction authentication method, which can overcome at least one disadvantage of conventional techniques.

於是,本發明一種電子交易認證方法,藉由一行動裝置來實施,該行動裝置係屬於一使用者,並包含一儲存模組、一生物特徵擷取單元、一使用者輸入輸出單元、一可經由一通訊網路連接一伺服器的通訊模組,及一電連接該儲存模組、該生物特徵擷取單元、該使用者輸入輸出單元及該通訊模組的處理單元,該方法包含以下步驟:(A)藉由該處理單元,將一相關於金融交易的應用程式,以及相關於該使用者的帳戶識別資料、參考登入認證資料及參考交易認證資料儲存於該儲存模組,該帳號識別資料已預先儲存於該伺服器且包含一對應於一由該伺服器所提供且指派給該使用者之使用者帳戶的使用者帳號、及一唯一對應於該使用者帳號之密碼,該參考登入認證資料包含該帳戶識別資料及登入生物特徵資料其中至少一者,該登入生物特徵資料相關於至少一生物特徵,該參考交易認證資料包含該帳戶識別資料及交易生物特徵資料其中至少一者,該交易生物特徵資料相關於至少一生物特徵;(B)藉由該處理單元,經由執行該儲存模組所儲存的該應用程式,並經由該使用者輸入輸出單元與該生物特徵擷取單元其中至少一者的操作,獲得登入認證資料,並且判定該登入認證資料與該儲存模組所儲存的該參考登入認證資料是否相同;(C)藉由該處理單元,在判定出該登入認證資料與該參考登入認證資料相同時,經由該應用程式的執行,產生一包含該儲存模組所儲存的該帳戶識別資料的登入請求,並將該登入請求藉由該通訊模組經由該通訊網路傳送至該伺服器,以致該伺服器根據所接收到來自該行動裝置的該登入請求及所儲存的該帳戶識別資料,決定是否允許該行動裝置登入該使用者帳戶;(D)當在該行動裝置登入該使用者帳戶期間內該處理單元接收到相關於該使用者帳戶的一電子交易之交易資料時,藉由該處理單元,經由該應用程式的執行,並經由該使用者輸入輸出單元與該生物特徵擷取單元其中至少一者的操作,獲得交易認證資料,並且判定該交易認證資料與該儲存模組所儲存的該參考交易認證資料是否相同;及(E)藉由該處理單元,在判定出該交易認證資料與該參考交易認證資料相同時,經由該應用程式的執行,產生一包含該儲存模組所儲存的該帳戶識別資料及所接收的該交易資料的交易請求,並將該交易請求藉由該通訊模組經由該通訊網路傳送至該伺服器,以致該伺服器根據所接收到來自該行動裝置的該交易請求及所儲存的該帳戶識別資料,決定是否執行該電子交易。Therefore, the electronic transaction authentication method of the present invention is implemented by a mobile device, which belongs to a user and includes a storage module, a biometric acquisition unit, a user input-output unit, and a A communication module connected to a server via a communication network, and a processing unit electrically connected to the storage module, the biometric extraction unit, the user input-output unit and the communication module. The method includes the following steps: (A) using the processing unit to store an application program related to financial transactions, and account identification data, reference login authentication data, and reference transaction authentication data related to the user in the storage module, and the account identification data Pre-stored in the server and including a user account corresponding to a user account provided by the server and assigned to the user, and a password unique to the user account, the reference login authentication The data includes at least one of the account identification data and the login biometric data, and the login biometric data is related to at least one lifetime. Feature, the reference transaction authentication data includes at least one of the account identification data and the transaction biometric data, the transaction biometric data is related to at least one biometric; (B) by the processing unit, by executing the storage module The stored application program obtains login authentication data through operation of at least one of the user input-output unit and the biometric extraction unit, and determines the login authentication data and the reference login stored in the storage module. Whether the authentication information is the same; (C) by the processing unit, when it is determined that the login authentication data is the same as the reference login authentication data, through the execution of the application program, an account ID containing the account stored in the storage module is generated Data login request, and the login request is transmitted to the server through the communication network through the communication module, so that the server is based on the received login request from the mobile device and the stored account identification data , Decide whether to allow the mobile device to log in to the user account; (D) when logging in to the mobile device When the processing unit receives the transaction data of an electronic transaction related to the user account during the user account period, the processing unit, the execution of the application program, and the user input and output unit and the biometric feature The operation of at least one of the acquisition units obtains the transaction authentication data, and determines whether the transaction authentication data is the same as the reference transaction authentication data stored in the storage module; and (E) the processing unit determines When the transaction authentication data is the same as the reference transaction authentication data, a transaction request including the account identification data stored in the storage module and the received transaction data is generated through execution of the application, and the transaction request is generated. The communication module is transmitted to the server through the communication network, so that the server decides whether to execute the electronic transaction according to the transaction request received from the mobile device and the stored account identification data.

因此,本發明的再一目的,即在提供一種電子交易認證系統,能克服習知技藝至少一個缺點。Therefore, another object of the present invention is to provide an electronic transaction authentication system that can overcome at least one of the disadvantages of conventional techniques.

於是,本發明一種電子交易認證系統,包含一行動裝置,屬於一使用者,並包括一組配來經由一通訊網路連接一伺服器的通訊模組、一儲存模組、一可被操作來產生輸入資料的使用者輸入輸出單元、一可用來擷取至少一個相關於人的特徵以產生對應的生物特徵資料的生物特徵擷取單元、及一處理單元。該儲存模組組配來儲存一相關於金融交易的應用程式,以及相關於該使用者的帳號識別資料、參考登入認證資料及參考交易認證資料,該帳戶識別資料已預先儲存於該伺服器且包含一對應於一由該伺服器所提供且指派給該使用者的使用者帳戶的使用者帳號、及一唯一對應於該使用者帳號之密碼,該參考登入認證資料包含該帳戶識別資料及登入生物特徵資料其中至少一者,該登入生物特徵資料相關於至少一生物特徵,該參考交易認證資料包含該帳戶識別資料及交易生物特徵資料其中至少一者,該交易生物特徵資料相關於至少一生物特徵。該處理單元電連接該通訊模組、該儲存模組、該生物特徵擷取單元及該使用者輸入輸出單元,其中,當該處理單元執行儲存於該儲存模組的該應用程式時,該處理單元接收到來自於該使用者輸入輸出單元與該生物特徵擷取單元其中至少一者且經由該使用者輸入輸出單元與該生物特徵擷取單元其中該至少一者之操作所產生的登入認證資料,並判定該登入認證資料與該儲存模組所儲存的該參考登入認證資料是否相同,而且在判定出該登入認證資料與該參考登入認證資料相同時,產生一包含該儲存模組所儲存的該帳戶識別資料的登入請求,並將該登入請求藉由該通訊模組經由該通訊網路傳送至該伺服器,以致該伺服器根據所接收到來自該行動裝置的該登入請求資料及所儲存的該帳戶識別資料,決定是否允許該行動裝置登入該使用者帳戶。該處理單元在該行動裝置登入該使用者帳戶期間內接收到經由該使用者輸入輸出單元之操作所產生且相關於該使用者帳戶的一電子交易之交易資料時,該處理單元接收到來自於該使用者輸入輸出單元與該生物特徵擷取單元其中至少一者且經由該使用者輸入輸出單元與該生物特徵擷取單元其中該至少一者之操作所產生的交易認證資料,並判定該交易認證資料與該儲存模組所儲存的該參考交易認證資料是否相同,而且在判定出該交易認證資料與該參考交易認證資料相同時,產生一包含該儲存模組所儲存的該帳戶識別資料及所接收的該交易資料的交易請求,並且將該交易請求藉由該通訊模組經由該通訊網路傳送至該伺服器,以致該伺服器根據所接收到來自該行動裝置的該交易請求及所儲存的該帳戶識別資料,決定是否執行該電子交易。Therefore, the electronic transaction authentication system of the present invention includes a mobile device, which belongs to a user, and includes a group of communication modules configured to connect to a server via a communication network, a storage module, and one that can be operated to generate A user input and output unit for inputting data, a biometric extraction unit that can be used to capture at least one person-related feature to generate corresponding biometric data, and a processing unit. The storage module is configured to store an application related to financial transactions, and account identification information, reference login authentication information, and reference transaction authentication information related to the user. The account identification data has been stored in the server in advance and Including a user account corresponding to a user account provided by the server and assigned to the user, and a password uniquely corresponding to the user account, the reference login authentication data including the account identification data and login At least one of the biometric data, the login biometric data is related to at least one biometric, the reference transaction authentication data includes at least one of the account identification data and the transaction biometric data, and the transaction biometric data is related to at least one biometric feature. The processing unit is electrically connected to the communication module, the storage module, the biometric extraction unit, and the user input-output unit, wherein when the processing unit executes the application program stored in the storage module, the processing The unit receives login authentication data from at least one of the user input-output unit and the biometric extraction unit and is generated by operations of the user input-output unit and the biometric extraction unit. And determine whether the login authentication data is the same as the reference login authentication data stored in the storage module, and when it is determined that the login authentication data is the same as the reference login authentication data, a storage file containing the storage module is generated. The login request of the account identification data, and the login request is transmitted to the server through the communication network through the communication module, so that the server is based on the received login request data from the mobile device and the stored The account identification information determines whether the mobile device is allowed to sign in to the user account. When the processing unit receives transaction data of an electronic transaction generated by the operation of the user input and output unit and related to the user account during the mobile device login to the user account, the processing unit receives the data from Transaction authentication data generated by the operation of at least one of the user input-output unit and the biometric extraction unit and the operation of the at least one of the user input-output unit and the biometric extraction unit, and determining the transaction Whether the authentication data is the same as the reference transaction authentication data stored in the storage module, and when it is determined that the transaction authentication data is the same as the reference transaction authentication data, an account identification data and The received transaction request of the transaction data, and the transaction request is transmitted to the server through the communication network through the communication module, so that the server according to the received transaction request from the mobile device and the stored Of the account identification information to determine whether to execute the electronic transaction.

本發明的功效在於:該行動裝置在傳送該登入/交易請求至該伺服器之前,該行動裝置的該處理單元必須先藉由執行該應用程式進行欲登入/交易者的身分驗證程序,以便安全且正確地驗證使用者身分。特別是,在該身分驗證程序中,被該處理單元用來作為比對標的的該參考登入/交易認證資料除了是可含有習知文字形式的該帳戶識別資料(即,該使用者帳號及該密碼)外,還可以是含有相關於至少一生物特徵的資料,或者是不僅含有該帳戶識別資料而且含有相關於至少一生物特徵的資料,故在登入該使用者帳戶及執行該電子交易前,確實能以高度安全性來驗證使用者身分。The effect of the present invention is that before the mobile device sends the login / transaction request to the server, the processing unit of the mobile device must first execute the application to perform the identity verification procedure of the login / transactioner in order to be secure. And correctly verify user identity. In particular, in the identity verification procedure, the reference login / transaction authentication data used by the processing unit as a comparison target is in addition to the account identification data (i.e., the user account and the Password), it may also contain data related to at least one biometric, or it may contain not only the account identification data but also data related to at least one biometric, so before logging into the user account and executing the electronic transaction, Users can indeed be authenticated with a high degree of security.

參閱圖1,本發明實施例的一種電子交易認證系統100包含一行動裝置1及一伺服器2。該行動裝置1係屬於一使用者,且該使用者擁有一個由例如一證劵公司的金融機構所提供並指派給該使用者的使用者帳戶,例如一證券帳戶。該伺服器2係屬於該金融機構,並能決定是否允許該行動裝置1登入該使用者帳戶以及是否執行相關於該使用者帳戶的任何交易。Referring to FIG. 1, an electronic transaction authentication system 100 according to an embodiment of the present invention includes a mobile device 1 and a server 2. The mobile device 1 belongs to a user, and the user has a user account, such as a securities account, provided by a financial institution such as a securities company and assigned to the user. The server 2 belongs to the financial institution and can decide whether to allow the mobile device 1 to log in to the user account and whether to perform any transaction related to the user account.

該行動裝置1包括一組配來經由例如網際網路的一通訊網路200連接該伺服器2的通訊模組11、一儲存模組12、一使用者輸入輸出單元13、一生物特徵擷取單元14、及一處理單元15。在本實施例中,該行動裝置1可被實施為例如一智慧型手機,並不以此為限,而在其他的實施態樣中,該行動裝置1亦可被實施為一平板電腦。The mobile device 1 includes a set of a communication module 11, a storage module 12, a user input-output unit 13, and a biometric acquisition unit that are connected to the server 2 via a communication network 200 such as the Internet. 14, and a processing unit 15. In this embodiment, the mobile device 1 may be implemented as, for example, a smart phone, and is not limited thereto. In other implementation forms, the mobile device 1 may also be implemented as a tablet computer.

該使用者輸入輸出單元13可被操作來產生輸入資料,在本實施例中,該使用者輸入輸出單元13可被實施為例如一觸控顯示面板,但不以此為限。The user input-output unit 13 may be operated to generate input data. In this embodiment, the user input-output unit 13 may be implemented as, for example, a touch display panel, but is not limited thereto.

該生物特徵擷取單元14可用來擷取至少一個相關於人的特徵以產生對應的生物特徵資料。在本實施例中,生物特徵擷取單元14能擷取多個人的特徵,例如人聲、指紋人臉及虹膜等特徵,且例如包括一用於收集人聲的音頻信號的收音模組141、一用於拍攝例如人臉及虹膜的影像的影像拍攝模組142、及一用於掃描例如指紋的影像的影像掃描模組143,並不以此為限。The biometric extraction unit 14 can be used to acquire at least one human-related feature to generate corresponding biometric data. In this embodiment, the biological feature extraction unit 14 can capture features of multiple people, such as human voice, fingerprint face, and iris, and includes a radio module 141 for collecting audio signals of human voice, a The image capturing module 142 for capturing images such as faces and iris, and an image scanning module 143 for scanning images such as fingerprints are not limited thereto.

該處理單元15電連接該通訊模組11、該儲存模組12、該使用者輸入輸出單元13、及該生物特徵擷取單元14。The processing unit 15 is electrically connected to the communication module 11, the storage module 12, the user input-output unit 13, and the biometric extraction unit 14.

在本實施例中,該伺服器2已預先儲存相關於該使用者的帳戶識別資料3,該帳戶識別資料3例如包含一對應於該使用者帳戶該的使用者帳號31、及一唯一對應於該使用者帳號31的密碼32,該伺服器2還提供一相關於金融交易的應用程式4。In this embodiment, the server 2 has previously stored account identification data 3 related to the user, and the account identification data 3 includes, for example, a user account 31 corresponding to the user account and a unique corresponding account The password 32 of the user account 31, and the server 2 also provides an application 4 related to financial transactions.

以下將配合圖1及圖2,示例性地說明利該電子交易認證系統100如何利用該應用程式4來執行電子交易認證程序。該電子交易認證程序包含以下步驟。The following will exemplarily explain how the electronic transaction authentication system 100 uses the application program 4 to execute an electronic transaction authentication procedure in conjunction with FIG. 1 and FIG. 2. The electronic transaction certification process includes the following steps.

在步驟S21中,在建立該通訊模組11與該伺服器2之間的連接後,該處理單元15藉由該通訊模組11且經由該通訊網路200下載來自於該伺服器2的該應用程式4。In step S21, after establishing a connection between the communication module 11 and the server 2, the processing unit 15 downloads the application from the server 2 through the communication module 11 and through the communication network 200 Formula 4.

在步驟S22中,該處理單元15初始執行在步驟S21所下載的該應用程式4以便經由該使用者輸入輸出單元13的操作獲得該帳戶識別資料3且經由該使用者輸入輸出單元13及該生物特徵擷取單元14其中至少一者的操作獲得參考登入認證資料5及參考交易認證資料6,並將所獲得的該帳戶識別資料3、該參考登入認證資料5、該參考交易認證資料6及該應用程式4儲存於該儲存模組12。值得注意的是,該參考登入認證資料5包含該帳戶識別資料3及登入生物特徵資料其中至少一者,且該登入生物特徵資料相關於至少一生物特徵,而該參考交易認證資料6包含該帳戶識別資料3及交易生物特徵資料其中至少一者,且該交易生物特徵資料相關於至少一生物特徵。本實施例中,該登入生物特徵資料所相關的該至少一生物特徵係選自例如聲音特徵、指紋特徵、虹膜特徵及人臉特徵的任一組合。同樣地,該交易生物特徵資料所相關的該至少一生物特徵係選自例如聲音特徵、指紋特徵、虹膜特徵及人臉特徵的任一組合,但不以此為限。In step S22, the processing unit 15 initially executes the application 4 downloaded in step S21 to obtain the account identification data 3 through the operation of the user input-output unit 13 and via the user input-output unit 13 and the creature The operation of at least one of the feature extraction units 14 obtains the reference login authentication data 5 and the reference transaction authentication data 6, and obtains the account identification data 3, the reference login authentication data 5, the reference transaction authentication data 6 and the obtained The application program 4 is stored in the storage module 12. It is worth noting that the reference login authentication data 5 contains at least one of the account identification data 3 and the login biometric data, and the login biometric data is related to at least one biometric, and the reference transaction authentication data 6 contains the account At least one of the identification data 3 and the transaction biometric data, and the transaction biometric data is related to at least one biometric. In this embodiment, the at least one biometric related to the login biometric data is selected from any combination of, for example, a voice feature, a fingerprint feature, an iris feature, and a face feature. Similarly, the at least one biometric related to the transaction biometric data is selected from, for example, any combination of sound features, fingerprint features, iris features, and face features, but is not limited thereto.

更具體地,當該處理單元初始執行該應用程式4時,使得該使用者輸入輸出單元13經由人為操作而產生該帳戶識別資料3,值得注意的是,該帳戶識別資料3的該密碼32可是一由該伺服器2所給予的密碼,或者是一由該使用者所決定的密碼。於是,該處理單元15在接收到該使用者輸入輸出單元13所產生的該帳戶識別資料3時,先將所接收的該帳戶識別資料3加密後再儲存於該儲存模組12,換言之,該處理單元15是以一加密形式儲存該帳戶識別資料3,但不在此限。此外,依照該使用者所決定,該使用者輸入輸出單元13或(及)該生物特徵擷取單元14(共同)產生該參考登入認證資料122及該參考交易認證資料123。舉例而言,若該參考登入認證資料僅包含該登入生物特徵資料且該登入生物特徵資料僅相關於例如虹膜特徵的單一生物特徵時,在此情況下,僅需藉由該生物特徵擷取單元14的該影像拍攝模組142拍攝該使用者眼睛以擷取具有虹膜特徵的影像資料作為該登入生物特徵資料,且另一方面,若該參考交易認證資料包含該帳戶識別資料及該交易生物特徵資料且同時該交易生物特徵資料相關於例如指紋特徵及虹膜特徵的兩個生物特徵時,在此情況下,不僅需藉由該使用者輸入輸出單元13產生該帳戶識別資料3,而且需藉由該生物特徵擷取單元14的該影像拍攝模組142拍攝該使用者眼睛以擷取具有虹膜特徵的影像資料並藉由該影像掃描模組143掃描該使用者指紋以擷取具有指紋特徵的指紋資料,在此情況下,該影像資料與該指紋資料共同構成該交易生物特徵資料。於是,該處理單元15在接收到該使用者輸入輸出單元13或(及)該生物特徵擷取單元14所(共同)產生的該參考登入認證資料122及該參考交易認證資料123時,將該參考登入認證資料122及該參考交易認證資料123儲存於該儲存模組12。More specifically, when the processing unit initially executes the application program 4, the user input-output unit 13 causes the account identification data 3 to be generated by human operation. It is worth noting that the password 32 of the account identification data 3 may be A password given by the server 2, or a password determined by the user. Therefore, when receiving the account identification data 3 generated by the user input-output unit 13, the processing unit 15 encrypts the received account identification data 3 before storing it in the storage module 12, in other words, the The processing unit 15 stores the account identification data 3 in an encrypted form, but not limited to this. In addition, according to the user's decision, the user input / output unit 13 or (and) the biometric extraction unit 14 (commonly) generates the reference login authentication data 122 and the reference transaction authentication data 123. For example, if the reference login authentication data includes only the login biometric data and the login biometric data is only related to a single biometric such as an iris feature, in this case, only the biometric acquisition unit is needed The image capture module 142 of 14 captures the eyes of the user to capture image data with iris characteristics as the login biometric data, and on the other hand, if the reference transaction authentication data includes the account identification data and the transaction biometrics When the transaction biometric data is related to two biometric features such as fingerprint characteristics and iris features, in this case, not only the account identification data 3 needs to be generated by the user input-output unit 13, but also by The image capturing module 142 of the biometric capturing unit 14 captures the eyes of the user to capture image data with iris characteristics and scans the user's fingerprint with the image scanning module 143 to capture fingerprints with fingerprint characteristics Data, in this case, the image data and the fingerprint data together constitute the transaction biometric data. Therefore, when receiving the reference login authentication data 122 and the reference transaction authentication data 123 (commonly) generated by the user input-output unit 13 or (and) the biometric extraction unit 14, the processing unit 15 changes the The reference login authentication data 122 and the reference transaction authentication data 123 are stored in the storage module 12.

由上述可知,步驟S21及S22可被視為實際上利用該應用程式4進行登入該使用者帳戶之前的前置準備程序,此前置準備程序是為了準備好對於之後所進行的登入程序及交易程序時要被用來驗證使用者身分的驗證資料。From the above, it can be seen that steps S21 and S22 can be regarded as actually using the application 4 to perform pre-preparation procedures before logging into the user account. Authentication data to be used to authenticate the user during the process.

當一使用者欲藉由該行動裝置1登入該使用者帳戶時,在步驟S23中,該處理單元15經由執行儲存於該儲存模組12的該應用程式4,接收到來自於該使用者輸入輸出單元13與該生物特徵擷取單元14其中至少一者且經由該使用者輸入輸出單元13與該生物特徵擷取單元14其中該至少一者之操作所產生的登入認證資料。依照前例,在此階段,相似於該參考登入認證資料,該處理單元15所接收到的該登入認證資料例如僅包含由該生物特徵擷取單元14的該影像拍攝模組142所拍攝欲登入者之眼睛而擷取到具有虹膜特徵的影像資料。When a user wants to log in to the user account through the mobile device 1, in step S23, the processing unit 15 receives input from the user by executing the application 4 stored in the storage module 12. At least one of the output unit 13 and the biometric extraction unit 14 and login authentication data generated by the operation of the user input and output unit 13 and the at least one of the biometric extraction unit 14. According to the previous example, at this stage, similar to the reference login authentication data, the login authentication data received by the processing unit 15 includes, for example, only those who want to log in as captured by the image capture module 142 of the biometric capture unit 14 Eyes and captured image data with iris characteristics.

在步驟S24中,該處理單元15判定該登入認證資料與該儲存模組12所儲存的該參考登入認證資料5是否相同。當該判定結果為肯定時,流程進行步驟S25,否則流程進行步驟S26。更具體地,依照前例,若該處理單元15判定出該登入認證資料(即具有欲登入者之虹膜特徵的該影像資料)相同於該參考登入認證資料5(即具有該使用者之虹膜特徵的該影像資料)時,意謂欲登入該使用者帳戶的使用者身分被成功驗證。相反地,若該處理單元15判定出該登入認證資料不同於該參考登入認證資料5時,意謂欲登入者的使用者身分未被成功驗證(即驗證失敗),在此情況下,該處理單元15將一指示出身分驗證失敗的錯誤訊息輸出至該使用者輸入輸出單元13並控制該使用者輸入輸出單元13顯示該錯誤訊息(步驟S26)。In step S24, the processing unit 15 determines whether the login authentication data is the same as the reference login authentication data 5 stored in the storage module 12. When the determination result is positive, the flow proceeds to step S25, otherwise the flow proceeds to step S26. More specifically, according to the previous example, if the processing unit 15 determines that the login authentication data (i.e., the image data having the iris characteristics of the user to be logged in) is the same as the reference login authentication data 5 (i.e. The image data), meaning that the identity of the user who wants to log in to the user account is successfully verified. Conversely, if the processing unit 15 determines that the login authentication data is different from the reference login authentication data 5, it means that the identity of the user who wants to log in is not successfully verified (that is, authentication fails). In this case, the process The unit 15 outputs an error message indicating the identity verification failure to the user input-output unit 13 and controls the user input-output unit 13 to display the error message (step S26).

在步驟S25中,該處理單元15在判定出該登入認證資料與該參考登入認證資料5相同時,產生一包含該儲存模組12所儲存的該帳戶識別資料3的登入請求,並將該登入請求藉由該通訊模組11經由該通訊網路200傳送至該伺服器2。值得一提的是,為了傳輸安全,該登入請求所包含的該帳戶識別資料3例如可以是一加密形式,但不在此限。In step S25, when the processing unit 15 determines that the login authentication data is the same as the reference login authentication data 5, it generates a login request including the account identification data 3 stored in the storage module 12, and sends the login The request is transmitted to the server 2 through the communication network 200 through the communication module 11. It is worth mentioning that, for transmission security, the account identification data 3 included in the login request may be in an encrypted form, for example, but not limited thereto.

跟隨在步驟S25的步驟S27中,該伺服器2在接收到來自該行動裝置1的該登入請求時,判定該登入請求的該帳戶識別資料3與所儲存的該帳戶識別資料3是否相同。當該判定結果為肯定時,該伺服器2允許該行動裝置2登入該使用者帳戶(步驟S28),否則流程進行步驟S29。如此,該伺服器2可根據所接收到的該登入請求及所儲存的該帳戶識別資料3,決定是否允許該行動裝置1登入該使用者帳戶。值得一提的是,若該登入請求的該帳戶識別資料3為加密資料時,該伺服器2須先以一對應於先前加密方式的解密方式將該帳戶識別資料解密後再行比對。理想上,該登入請求的該帳戶識別資料3應相同於該伺服器2所儲存的該帳戶識別資料3。惟,若在資料傳輸過程中因故導致該登入請求的該帳戶識別資料3發生缺損的情況下,該伺服器2恐將判定出該登入請求的該帳戶識別資料3不同於該伺服器2所儲存的該帳戶識別資料3。在此情況下,該伺服器2經由該通訊網路200傳送一指示出登入失敗的錯誤訊息至該行動裝置1(步驟S29)。In step S27 following step S25, when receiving the login request from the mobile device 1, the server 2 determines whether the account identification data 3 of the login request is the same as the stored account identification data 3. When the determination result is positive, the server 2 allows the mobile device 2 to log in to the user account (step S28), otherwise the flow proceeds to step S29. In this way, the server 2 can decide whether to allow the mobile device 1 to log in to the user account according to the received login request and the stored account identification data 3. It is worth mentioning that if the account identification data 3 of the login request is encrypted data, the server 2 must first decrypt the account identification data by a decryption method corresponding to the previous encryption method, and then compare them. Ideally, the account identification data 3 of the login request should be the same as the account identification data 3 stored by the server 2. However, if, for any reason, the account identification data 3 of the login request is defective during the data transmission process, the server 2 may determine that the account identification data 3 of the login request is different from that of the server 2. Stored account identification data 3. In this case, the server 2 sends an error message indicating the login failure to the mobile device 1 via the communication network 200 (step S29).

在該行動裝置1登入該使用者帳戶期間,當一使用者欲進行一相關於該使用者帳戶的電子交易時,跟隨在步驟S28的步驟S30中,該處理單元15在接收到經由該使用者輸入輸出單元13之操作所產生的該電子交易之交易資料後,經由執行儲存於該儲存模組12的該應用程式4,接收來自於該使用者輸入輸出單元13與該生物特徵擷取單元14其中至少一者且經由該使用者輸入輸出單元13與該生物特徵擷取單元14其中該至少一者之操作所產生的交易認證資料。依照前例,在此階段,相似於該參考交易認證資料,該處理單元15所接收到的該登入認證資料例如不僅包含由該使用者輸入輸出單元13所產生的帳戶資料,還包含由該生物特徵擷取單元14的該影像拍攝模組142所拍攝欲交易者之眼睛所擷取到具有虹膜特徵的影像資料,以及由該影像掃描模組142掃描欲交易者之指紋所擷取到具有指紋特徵的指紋資料。When the mobile device 1 logs in to the user account, when a user wants to perform an electronic transaction related to the user account, following step S30 in step S28, the processing unit 15 receives the information via the user After the transaction data of the electronic transaction generated by the operation of the input-output unit 13 is executed, the application program 4 stored in the storage module 12 is received from the user input-output unit 13 and the biometric extraction unit 14 At least one of them and transaction authentication data generated by the operation of the at least one of the user input-output unit 13 and the biometric extraction unit 14. According to the previous example, at this stage, similar to the reference transaction authentication data, the login authentication data received by the processing unit 15 includes, for example, not only the account data generated by the user input-output unit 13 but also the biometrics. The image data captured by the image capture module 142 of the capture unit 14 with the characteristics of iris captured by the eye of the trader, and the image scan module 142 scans the fingerprint of the desired trader and has fingerprint characteristics Fingerprint information.

在步驟S31中,該處理單元15判定該交易認證資料與該儲存模組12所儲存的該參考交易認證資料6是否相同。當該判定結果為肯定時,流程進行步驟32,否則流程返回至步驟S26。更具體地,依照前例,若該處理單元15判定出該登入認證資料(即該帳戶資料,以及相關於欲交易者的該影像資料及該指紋資料)相同於該參考交易認證資料6(即該帳戶識別資料,以及相關於該使用者的該影像資料及該指紋資料)時,意謂欲交易者的使用者身分被成功驗證。相反地,若該處理單元15判定出該登入認證資料不同於該參考交易認證資料6時,意謂欲交易者的使用者身分未被成功驗證(即驗證失敗),在此情況下,該處理單元15將一指示出身分驗證失敗的錯誤訊息輸出至該使用者輸入輸出單元13並控制該使用者輸入輸出單元13顯示該錯誤訊息(步驟S26)。In step S31, the processing unit 15 determines whether the transaction authentication data is the same as the reference transaction authentication data 6 stored in the storage module 12. When the determination result is positive, the flow proceeds to step 32, otherwise the flow returns to step S26. More specifically, according to the previous example, if the processing unit 15 determines that the login authentication data (that is, the account data, and the image data and the fingerprint data related to the trader) is the same as the reference transaction authentication data 6 (that is, the Account identification data, and the image data and the fingerprint data related to the user), it means that the identity of the user who wants to trade is successfully verified. Conversely, if the processing unit 15 determines that the login authentication data is different from the reference transaction authentication data 6, it means that the user identity of the intended trader has not been successfully verified (that is, the verification fails). In this case, the process The unit 15 outputs an error message indicating the identity verification failure to the user input-output unit 13 and controls the user input-output unit 13 to display the error message (step S26).

在步驟S32中,該處理單元15在判定出該交易認證資料與該參考登入認證資料6相同時,產生一包含該儲存模組12所儲存的該帳戶識別資料3及該交易資料的交易請求,並將該交易請求藉由該通訊模組11經由該通訊網路200傳送至該伺服器2。值得一提的是,為了傳輸安全,該交易請求所包含的該帳戶識別資料3及該交易資料例如可以是一加密形式,但不在此限。In step S32, when the processing unit 15 determines that the transaction authentication data is the same as the reference login authentication data 6, it generates a transaction request including the account identification data 3 and the transaction data stored in the storage module 12, The transaction request is transmitted to the server 2 via the communication network 200 through the communication module 11. It is worth mentioning that, for transmission security, the account identification data 3 and the transaction data included in the transaction request may be in an encrypted form, for example, but not limited thereto.

在步驟S33中,該伺服器2在接收到來自該行動裝置1的該交易請求時,判定該交易請求的該帳戶識別資料3與所儲存的該帳戶識別資料3是否相同。當該判定結果為肯定時,該伺服器2執行該電子交易(步驟S34),否則流程進行步驟S35。如此,該伺服器2可根據所接收到的該交易請求及所儲存的該帳戶識別資料3,決定是否執行該電子交易。值得一提的是,若該交易請求的該帳戶識別資料3及該交易資料均為加密資料時,該伺服器2須先以一對應於先前加密方式的解密方式將該帳戶識別資料及該交易資料解密。理想上,該交易請求的該帳戶識別資料3應相同於該伺服器2所儲存的該帳戶識別資料3。惟,若在資料傳輸過程中因故導致該登入請求的該帳戶識別資料3發生缺損的情況下,該伺服器2恐將判定出該交易請求的該帳戶識別資料3不同於該伺服器2所儲存的該帳戶識別資料3。在此情況下,該伺服器2經由該通訊網路200傳送一指示出交易失敗的錯誤訊息至該行動裝置1(步驟S35)。In step S33, when receiving the transaction request from the mobile device 1, the server 2 determines whether the account identification data 3 of the transaction request is the same as the stored account identification data 3. When the determination result is positive, the server 2 executes the electronic transaction (step S34), otherwise the flow proceeds to step S35. In this way, the server 2 can decide whether to execute the electronic transaction according to the received transaction request and the account identification data 3 stored. It is worth mentioning that if the account identification data 3 and the transaction data requested by the transaction are encrypted data, the server 2 must first decrypt the account identification data and the transaction by a decryption method corresponding to the previous encryption method. Data decryption. Ideally, the account identification data 3 of the transaction request should be the same as the account identification data 3 stored by the server 2. However, if there is a defect in the account identification data 3 of the login request during the data transmission process, the server 2 may determine that the account identification data 3 of the transaction request is different from that of the server 2 Stored account identification data 3. In this case, the server 2 sends an error message indicating the transaction failure to the mobile device 1 via the communication network 200 (step S35).

此外,附帶一提的是,在本實施例中,該應用程式4提了供變更密碼的功能。所以,當該使用者欲更新該帳戶識別資料3的該密碼32時,在該行動裝置1登入該使用者帳戶期間,該處理單元經由該應用程式4的執行,以一來自於該使用者輸入輸出單元13的更新密碼更新該儲存模組12所儲存的該帳戶識別資料3,並藉由該通訊模組11且經由該通訊網路將該儲存模組12所儲存且已被更新的該帳戶識別資料3傳送至該伺服器。於是,該伺服器2在接收到來自該行動裝置1的該帳戶識別資料3時,以所接收的該帳戶識別資料3來更新所儲存的該帳戶識別資料3。In addition, in addition, in this embodiment, the application 4 provides a function for changing the password. Therefore, when the user wants to update the password 32 of the account identification data 3, during the login of the user account by the mobile device 1, the processing unit is executed by the application 4 with an input from the user. The update password of the output unit 13 updates the account identification data 3 stored in the storage module 12, and uses the communication module 11 and the updated account identification stored in the storage module 12 through the communication network. Data 3 is sent to the server. Therefore, when the server 2 receives the account identification data 3 from the mobile device 1, the server 2 updates the stored account identification data 3 with the received account identification data 3.

綜上所述,該行動裝置1在傳送該登入/交易請求至該伺服器2之前,該行動裝置4的該處理單元15必須先藉由執行該應用程式4進行欲登入/交易者的身分驗證程序,以便安全且正確地驗證使用者身分。特別是,在該身分驗證程序中,被該處理單元15用來作為比對標的的該登入/交易認證資料5/6除了是可含有習知文字形式的帳戶資料(即,該使用者帳號31及該密碼32)外,還可以是含有相關於至少一生物特徵的資料,或者是不僅含有該帳戶識別資料而且含有相關於至少一生物特徵的資料,故在登入該使用者帳戶及執行該電子交易前,確實能以高度安全性來驗證的使用者身分。另一方面,若該參考登入/交易認證資料5/6為僅含有相關於單一生物特徵(如虹膜特徵或指紋特徵)的資料時,對比於習知需要使用者手動鍵入帳戶資料(即使用者帳號及密碼)之方式,此身分驗證程序不僅對於使用者而言操作上相對方便,而且能確保高度安全性的同時,更可相對快速地完成。故確實能達成本發明的目的。In summary, before the mobile device 1 sends the login / transaction request to the server 2, the processing unit 15 of the mobile device 4 must first execute the application 4 to verify the identity of the login / trader Process to securely and correctly verify user identity. In particular, in the identity verification procedure, the login / transaction authentication data 5/6 used by the processing unit 15 as a comparison target is in addition to account information that can contain a conventional text form (that is, the user account 31 And the password 32), it may also contain data related to at least one biometric, or it may contain not only the account identification data but also data related to at least one biometric, so when logging in to the user account and executing the electronic Before the transaction, the user identity can be verified with a high degree of security. On the other hand, if the reference login / transaction authentication information 5/6 contains only information related to a single biological feature (such as iris feature or fingerprint feature), compared with the conventional practice, the user is required to manually enter account information (that is, the user Account and password), this identity verification procedure is not only relatively convenient for users, but also ensures a high degree of security and can be completed relatively quickly. Therefore, the purpose of the invention can be achieved.

惟以上所述者,僅為本發明的實施例而已,當不能以此限定本發明實施的範圍,凡依本發明申請專利範圍及專利說明書內容所作的簡單的等效變化與修飾,皆仍屬本發明專利涵蓋的範圍內。However, the above are only examples of the present invention. When the scope of implementation of the present invention cannot be limited in this way, simple equivalent changes and modifications made according to the scope of the patent application and the content of the patent specification of the present invention are still Within the scope of the invention patent.

100‧‧‧電子交易認證系統100‧‧‧ electronic transaction authentication system

1‧‧‧行動裝置1‧‧‧ mobile device

11‧‧‧通訊模組11‧‧‧Communication Module

12‧‧‧儲存模組12‧‧‧Storage Module

13‧‧‧使用者輸入輸出單元13‧‧‧User input and output unit

14‧‧‧生物特徵擷取單元14‧‧‧Biometric Extraction Unit

141‧‧‧收音模組141‧‧‧Radio Module

142‧‧‧影像拍攝模組142‧‧‧Image shooting module

143‧‧‧影像掃描模組143‧‧‧Image Scanning Module

2‧‧‧伺服器2‧‧‧Server

3‧‧‧帳戶識別資料3‧‧‧Account Identification Information

31‧‧‧使用者帳號31‧‧‧user account

32‧‧‧密碼32‧‧‧password

4‧‧‧應用程式4‧‧‧ Apps

5‧‧‧參考登入認證資料5‧‧‧Refer to login credentials

6‧‧‧參考交易認證資料6‧‧‧ Reference transaction certification information

200‧‧‧通訊網路200‧‧‧Communication Network

S21~S35‧‧‧步驟 S21 ~ S35‧‧‧step

本發明的其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中: 圖1是一方塊圖,示例性地說明本發明利用行動裝置應用程式的電子交易認證系統的一實施例;及 圖2是一流程圖,示例性地說明該實施例如何利用行動裝置應用程式來執行電子交易認證程序。Other features and effects of the present invention will be clearly presented in the embodiments with reference to the drawings, in which: FIG. 1 is a block diagram exemplarily illustrating an implementation of the electronic transaction authentication system using a mobile device application of the present invention Example; and FIG. 2 is a flow chart exemplifying how the embodiment uses a mobile device application to perform an electronic transaction authentication procedure.

Claims (12)

一種電子交易認證方法,藉由一行動裝置來實施,該行動裝置係屬於一使用者,並包含一儲存模組、一生物特徵擷取單元、一使用者輸入輸出單元、一可經由一通訊網路連接一伺服器的通訊模組,及一電連接該儲存模組、該生物特徵擷取單元、該使用者輸入輸出單元及該通訊模組的處理單元,該方法包含以下步驟: (A)藉由該處理單元,將一相關於金融交易的應用程式,以及相關於該使用者的帳號識別資料、參考登入認證資料及參考交易認證資料儲存於該儲存模組,該帳戶識別資料已預先儲存於該伺服器且包含一對應於一由該伺服器所提供且指派給該使用者的使用者帳戶的使用者帳號、及一唯一對應於該使用者帳號之密碼,該參考登入認證資料包含該帳戶識別資料及登入生物特徵資料其中至少一者,該登入生物特徵資料相關於至少一生物特徵,該參考交易認證資料包含該帳戶識別資料及交易生物特徵資料其中至少一者,該交易生物特徵資料相關於至少一生物特徵; (B)藉由該處理單元,經由執行該儲存模組所儲存的該應用程式,並經由該使用者輸入輸出單元與該生物特徵擷取單元其中至少一者的操作,獲得登入認證資料,並且判定該登入認證資料與該儲存模組所儲存的該參考登入認證資料是否相同; (C)藉由該處理單元,在判定出該登入認證資料與該參考登入認證資料相同時,經由該應用程式的執行,產生一包含該儲存模組所儲存的該帳戶識別資料的登入請求,並將該登入請求藉由該通訊模組經由該通訊網路傳送至該伺服器,以致該伺服器根據所接收到來自該行動裝置的該登入請求及所儲存的該帳戶識別資料,決定是否允許該行動裝置登入該使用者帳戶; (D)當在該行動裝置登入該使用者帳戶期間內該處理單元接收到相關於該使用者帳戶的一電子交易之交易資料後,藉由該處理單元,經由該應用程式的執行,並經由該使用者輸入輸出單元與該生物特徵擷取單元其中至少一者的操作,獲得交易認證資料,並且判定該交易認證資料與該儲存模組所儲存的該參考交易認證資料是否相同;及 (E)藉由該處理單元,在判定出該交易認證資料與該參考交易認證資料相同時,經由該應用程式的執行,產生一包含該儲存模組所儲存的該帳戶識別資料及所接收的該交易資料的交易請求,並將該交易請求藉由該通訊模組經由該通訊網路傳送至該伺服器,以致該伺服器根據所接收到來自該行動裝置的該交易請求及所儲存的該帳戶識別資料,決定是否執行該電子交易。An electronic transaction authentication method is implemented by a mobile device, which belongs to a user and includes a storage module, a biometric acquisition unit, a user input-output unit, and a communication network. A communication module connected to a server, and a processing unit electrically connected to the storage module, the biometric extraction unit, the user input-output unit and the communication module. The method includes the following steps: (A) borrowing The processing unit stores an application program related to financial transactions, and account identification data, reference login authentication data, and reference transaction authentication data related to the user in the storage module, and the account identification data has been stored in advance The server also includes a user account corresponding to a user account provided by the server and assigned to the user, and a unique password corresponding to the user account, and the reference login authentication data includes the account At least one of identification data and registered biometric data, the registered biometric data is related to at least one biometric, and the parameter The test transaction authentication data includes at least one of the account identification data and the transaction biometric data, and the transaction biometric data is related to at least one biometric; (B) by the processing unit, executing the stored in the storage module An application, and obtains login authentication data through the operation of at least one of the user input-output unit and the biometric extraction unit, and determines whether the login authentication data and the reference login authentication data stored in the storage module are The same; (C) by the processing unit, when it is determined that the login authentication data is the same as the reference login authentication data, the execution of the application program generates a login containing the account identification data stored by the storage module Request, and the login request is transmitted to the server through the communication network through the communication module, so that the server determines whether to receive the login request from the mobile device and the account identification data stored Allow the mobile device to log in to the user account; (D) log in to the user account on the mobile device After the processing unit receives transaction data of an electronic transaction related to the user account, the processing unit executes the application program through the processing unit and the user input / output unit and the biometric extraction unit. At least one of the operations obtains the transaction authentication data, and determines whether the transaction authentication data is the same as the reference transaction authentication data stored in the storage module; and (E) the processing unit determines the transaction authentication When the data is the same as the reference transaction authentication data, a transaction request including the account identification data stored in the storage module and the received transaction data is generated through execution of the application, and the transaction request is passed through the application. The communication module transmits to the server through the communication network, so that the server decides whether to execute the electronic transaction according to the transaction request received from the mobile device and the stored account identification data. 如請求項1所述的電子交易認證方法,在步驟(A)之前,還包含以下步驟: (F)藉由該通訊模組,經由該通訊網路連接該伺服器; (G)藉由該處理單元,經由該通訊網路與該通訊模組下載來自於該伺服器的該應用程式,並執行該應用程式以便經由該使用者輸入輸出單元的操作獲得該帳戶識別資料且經由該使用者輸入輸出單元及該生物特徵擷取單元其中至少一者的操作獲得該參考登入認證資料及該參考交易認證資料。According to the electronic transaction authentication method described in claim 1, before step (A), the method further includes the following steps: (F) connecting the server through the communication module through the communication module; (G) using the processing Unit, downloading the application program from the server via the communication network and the communication module, and executing the application program to obtain the account identification data through the operation of the user input and output unit and via the user input and output unit And at least one operation of the biometric extraction unit obtains the reference login authentication data and the reference transaction authentication data. 如請求項1所述的電子交易認證方法,其中,在步驟(A)中,該處理單元係以一加密的形式儲存該帳戶識別資料。The electronic transaction authentication method according to claim 1, wherein, in step (A), the processing unit stores the account identification data in an encrypted form. 如請求項1所述的電子交易認證方法,其中,在步驟(A)中,該帳戶識別資料的該密碼是一由該伺服器所給予的密碼,或者是一由該使用者所決定的密碼。The electronic transaction authentication method according to claim 1, wherein, in step (A), the password of the account identification data is a password given by the server, or a password determined by the user . 如請求項1所述的電子交易認證方法,其中,在步驟(A)中,該登入生物特徵資料所相關的該至少一生物特徵係選自聲音特徵、指紋特徵、虹膜特徵及人臉特徵的任一組合,並且該交易生物特徵資料所相關的該至少一生物特徵係選自聲音特徵、指紋特徵、虹膜特徵及人臉特徵的任一組合。The electronic transaction authentication method according to claim 1, wherein in step (A), the at least one biometric associated with the login biometric data is selected from the group consisting of a voice feature, a fingerprint feature, an iris feature, and a face feature. Any combination, and the at least one biometric associated with the transaction biometric data is selected from any combination of sound features, fingerprint features, iris features, and face features. 一種電子交易認證系統,包含: 一行動裝置,屬於一使用者,並包括 一通訊模組,組配來經由一通訊網路連接一伺服器, 一儲存模組,組配來儲存一相關於金融交易的應用程式,以及相關於該使用者的帳戶識別資料、參考登入認證資料及參考交易認證資料,該帳戶識別資料已預先儲存於該伺服器且包含一對應於一由該伺服器所提供且指派給該使用者的使用者帳戶的使用者帳號、及一唯一對應於該使用者帳號之密碼,該參考登入認證資料包含該帳戶識別資料及登入生物特徵資料其中至少一者,該登入生物特徵資料相關於至少一生物特徵,該參考交易認證資料包含該帳戶識別資料及交易生物特徵資料其中至少一者,該交易生物特徵資料相關於至少一生物特徵, 一使用者輸入輸出單元,可被操作來產生輸入資料, 一生物特徵擷取單元,可用來擷取至少一個相關於人的特徵,以產生對應的生物特徵資料,及 一處理單元,電連接該通訊模組、該儲存模組、該生物特徵擷取單元及該使用者輸入輸出單元; 其中,當該處理單元執行儲存於該儲存模組的該應用程式時, 該處理單元接收到來自於該使用者輸入輸出單元與該生物特徵擷取單元其中至少一者且經由該使用者輸入輸出單元與該生物特徵擷取單元其中該至少一者之操作所產生的登入認證資料,並判定該登入認證資料與該儲存模組所儲存的該參考登入認證資料是否相同,而且在判定出該登入認證資料與該參考登入認證資料相同時,產生一包含該儲存模組所儲存的該帳戶識別資料的登入請求,並將該登入請求藉由該通訊模組經由該通訊網路傳送至該伺服器,以致該伺服器根據所接收到來自該行動裝置的該登入請求資料及所儲存的該帳戶識別資料,決定是否允許該行動裝置登入該使用者帳戶,及 該處理單元在該行動裝置登入該使用者帳戶期間內接收到經由該使用者輸入輸出單元之操作所產生且相關於該使用者帳戶的一電子交易之交易資料後,該處理單元接收到來自於該使用者輸入輸出單元與該生物特徵擷取單元其中至少一者且經由該使用者輸入輸出單元與該生物特徵擷取單元其中該至少一者之操作所產生的交易認證資料,並判定該交易認證資料與該儲存模組所儲存的該參考交易認證資料是否相同,而且在判定出該交易認證資料與該參考交易認證資料相同時,產生一包含該儲存模組所儲存的該帳戶識別資料及所接收的該交易資料的交易請求,並且將該交易請求藉由該通訊模組經由該通訊網路傳送至該伺服器,以致該伺服器根據所接收到來自該行動裝置的該交易請求及所儲存的該帳戶識別資料,決定是否執行該電子交易。An electronic transaction authentication system includes: a mobile device belonging to a user and including a communication module configured to connect to a server via a communication network, and a storage module configured to store a related financial transaction Application, and account identification information, reference login authentication information, and reference transaction authentication information related to the user, the account identification information has been stored in the server in advance and includes a corresponding one provided by the server and assigned A user account for the user's user account, and a password unique to the user account, the reference login authentication data including at least one of the account identification data and the login biometric data, the login biometric data Related to at least one biometric, the reference transaction authentication data includes at least one of the account identification data and transaction biometric data. The transaction biometric data is related to at least one biometric. A user input and output unit can be operated to Generate input data, a biometric capture unit that can be used to capture A feature related to a person to generate corresponding biometric data, and a processing unit electrically connected to the communication module, the storage module, the biometric extraction unit, and the user input-output unit; wherein when the When the processing unit executes the application program stored in the storage module, the processing unit receives at least one of the user input-output unit and the biometric extraction unit and passes the user input-output unit and the creature The feature authentication unit has the login authentication data generated by the operation of the at least one of them, and determines whether the login authentication data is the same as the reference login authentication data stored in the storage module, and determines that the login authentication data is the same as the When the reference login authentication data is the same, a login request containing the account identification data stored in the storage module is generated, and the login request is transmitted to the server through the communication network through the communication module, so that the server Based on the received login request data from the mobile device and the stored account identification data, Determine whether the mobile device is allowed to log in to the user account, and the processing unit receives an electronic generated by the operation of the user input and output unit and related to the user account during the time when the mobile device logs in to the user account After the transaction data of the transaction, the processing unit receives at least one of the user input-output unit and the biometric extraction unit and passes the at least one of the user input-output unit and the biometric extraction unit. The transaction authentication data generated by the operation, and determine whether the transaction authentication data is the same as the reference transaction authentication data stored in the storage module, and when it is determined that the transaction authentication data is the same as the reference transaction authentication data, a A transaction request containing the account identification data stored by the storage module and the received transaction data, and transmitting the transaction request to the server through the communication network through the communication module, so that the server Receiving the transaction request from the mobile device and the stored account identification information, Decide whether to execute the electronic transaction. 如請求項6所述的電子交易認證系統,還包含該伺服器,其中,該伺服器提供該應用程式,該行動裝置的該儲存模組所儲存的該應用程式係下載自於該伺服器,該處理單元在初始執行該應用程式時,接收到來自該使用者輸入輸出單元且經由該使用者輸入輸出單元之操作所產生的該帳戶識別資料,以及來自該使用者輸入輸出單元及該生物特徵擷取單元其中至少一者且經由該使用者輸入輸出單元及該生物特徵擷取單元其中該至少一者之操作所產生的該參考登入認證資料及該參考交易認證資料,並將該帳戶識別資料、該參考登入認證資料及該參考交易認證資料儲存於該儲存模組。The electronic transaction authentication system according to claim 6, further comprising the server, wherein the server provides the application, and the application stored in the storage module of the mobile device is downloaded from the server, When the processing unit initially executes the application program, the processing unit receives the account identification data from the user input-output unit and generated by the operation of the user input-output unit, as well as from the user input-output unit and the biometric feature. The reference login authentication data and the reference transaction authentication data generated by at least one of the acquisition units and generated by the operation of the user input-output unit and the at least one of the biometric extraction units, and the account identification data The reference login authentication information and the reference transaction authentication information are stored in the storage module. 如請求項7所述的電子交易認證系統,其中: 當該使用者欲更新該帳戶識別資料的該密碼時,在該行動裝置登入該使用者帳戶期間,該處理單元經由該應用程式的執行,以一來自於該使用者輸入輸出單元的更新密碼更新該儲存模組所儲存的該帳戶識別資料,並藉由該通訊模組且經由該通訊網路將該儲存模組所儲存且已被更新的該帳戶識別資料傳送至該伺服器;及 該伺服器在接收到來自該行動裝置的該帳戶識別資料時,以所接收的該帳戶識別資料來更新所儲存的該帳戶識別資料。The electronic transaction authentication system according to claim 7, wherein: when the user wants to update the password of the account identification data, the processing unit executes the application via the application while the mobile device logs in to the user account, Updating the account identification data stored in the storage module with an update password from the user input and output unit, and using the communication module and the communication network to store the updated and stored The account identification data is transmitted to the server; and when the server receives the account identification data from the mobile device, the server uses the received account identification data to update the stored account identification data. 如請求項7所述的電子交易認證系統,其中: 該伺服器在接收到來自該行動裝置的該登入請求時,判定該登入請求的該帳戶識別資料與所儲存的該帳戶識別資料是否相同,並在判定出該登入請求的該帳戶識別資料與所儲存的該帳戶識別資料相同時,允許該行動裝置登入該使用者帳戶;及 該伺服器在接收到來自該行動裝置的該交易請求時,判定該交易請求的該帳戶識別資料與所儲存的該帳戶識別資料是否相同,並在判定出該交易請求的該帳戶識別資料與所儲存的該帳戶識別資料相同時,執行該電子交易。The electronic transaction authentication system according to claim 7, wherein: when receiving the login request from the mobile device, the server determines whether the account identification data of the login request is the same as the stored account identification data, And when determining that the account identification information of the login request is the same as the stored account identification information, allowing the mobile device to log in to the user account; and when the server receives the transaction request from the mobile device, It is determined whether the account identification data of the transaction request is the same as the stored account identification data, and when it is determined that the account identification data of the transaction request is the same as the account identification data stored, the electronic transaction is executed. 如請求項6所述的電子交易認證系統,其中,該行動通訊裝置的該處理單元先將所接收的該帳戶識別資料加密後再儲存於該儲存模組。The electronic transaction authentication system according to claim 6, wherein the processing unit of the mobile communication device encrypts the received account identification data before storing it in the storage module. 如請求項6所述的電子交易認證系統,其中,該帳戶識別資料的該密碼是一由該伺服器所給予的密碼,或者是一由該使用者所決定的密碼。The electronic transaction authentication system according to claim 6, wherein the password of the account identification data is a password given by the server, or a password determined by the user. 如請求項6所述的電子交易認證系統,其中: 該登入生物特徵資料所相關的該至少一生物特徵係選自聲音特徵、指紋特徵、虹膜特徵及人臉特徵的任一組合,並且該交易生物特徵資料所相關的該至少一生物特徵係選自聲音特徵、指紋特徵、虹膜特徵及人臉特徵的任一組合;及 該行動裝置的該生物特徵擷取單元包括一用於收集音頻信號的收音模組、一用於拍攝影像的影像拍攝模組、及一用於掃描影像的影像掃描模組。The electronic transaction authentication system according to claim 6, wherein: the at least one biometric related to the login biometric data is selected from any combination of a voice feature, a fingerprint feature, an iris feature, and a face feature, and the transaction The at least one biometric associated with the biometric data is selected from any combination of sound features, fingerprint features, iris features, and face features; and the biometric extraction unit of the mobile device includes a device for collecting audio signals. A radio module, an image capturing module for capturing images, and an image scanning module for scanning images.
TW105133504A 2016-10-18 2016-10-18 Electronic transaction authentication method and system using mobile device application TWI645308B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW105133504A TWI645308B (en) 2016-10-18 2016-10-18 Electronic transaction authentication method and system using mobile device application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW105133504A TWI645308B (en) 2016-10-18 2016-10-18 Electronic transaction authentication method and system using mobile device application

Publications (2)

Publication Number Publication Date
TW201816646A true TW201816646A (en) 2018-05-01
TWI645308B TWI645308B (en) 2018-12-21

Family

ID=62949289

Family Applications (1)

Application Number Title Priority Date Filing Date
TW105133504A TWI645308B (en) 2016-10-18 2016-10-18 Electronic transaction authentication method and system using mobile device application

Country Status (1)

Country Link
TW (1) TWI645308B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI797227B (en) * 2018-12-28 2023-04-01 日商Jcb股份有限公司 authentication system
TWI817331B (en) * 2022-01-20 2023-10-01 三竹資訊股份有限公司 System, device and method for multi-purpose of a financial quotes application on a tv

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110189136A (en) * 2019-05-20 2019-08-30 中国银联股份有限公司 Transaction processing method, device, equipment, medium and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8245292B2 (en) * 2005-11-16 2012-08-14 Broadcom Corporation Multi-factor authentication using a smartcard
US8972297B2 (en) * 2011-11-15 2015-03-03 Citibank, N.A. System and method for conducting a transaction at a financial transaction terminal using a mobile device
US9374369B2 (en) * 2012-12-28 2016-06-21 Lookout, Inc. Multi-factor authentication and comprehensive login system for client-server networks
TWM536775U (en) * 2016-10-18 2017-02-11 Fubon Securities Co Ltd Authentication system of electronic transaction utilizing mobile device application

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI797227B (en) * 2018-12-28 2023-04-01 日商Jcb股份有限公司 authentication system
TWI817331B (en) * 2022-01-20 2023-10-01 三竹資訊股份有限公司 System, device and method for multi-purpose of a financial quotes application on a tv

Also Published As

Publication number Publication date
TWI645308B (en) 2018-12-21

Similar Documents

Publication Publication Date Title
US20230129693A1 (en) Transaction authentication and verification using text messages and a distributed ledger
CN113302894B (en) Secure account access
EP3744067B1 (en) Method and apparatus for managing user authentication in a blockchain network
US7613929B2 (en) Method and system for biometric identification and authentication having an exception mode
EP4443930A2 (en) Universal digital identity authentication service
KR20200110605A (en) Method and device for acquiring tracking information and recording it on the blockchain
EP3721578A1 (en) Methods and systems for recovering data using dynamic passwords
US20210294880A1 (en) System and Method for Confirming a Person's Identity
KR101520511B1 (en) User authenication system by using personal identification number, user terminal device, inquiry apparatus, authenication server, and user authenication method therefor
US20180373919A1 (en) Fingerprint Lock Control Method and Fingerprint Lock System
TWI645308B (en) Electronic transaction authentication method and system using mobile device application
WO2018148900A1 (en) Fingerprint identification-based authentication method and device, and transaction system
WO2023239760A1 (en) Computer-implemented user identity verification method
JP6841781B2 (en) Authentication server device, authentication system and authentication method
KR101285362B1 (en) Authentication system for electronic signature
TWM536775U (en) Authentication system of electronic transaction utilizing mobile device application
US20140215586A1 (en) Methods and systems for generating and using a derived authentication credential
JP4643313B2 (en) Relief method when biometric authentication is impossible for client / server system with biometric authentication function
CN110535649A (en) Data circulation method, system and service platform, first terminal equipment
KR20160144534A (en) Iris Scan USB Device using an OTP Function and Controlling Method for the Same
JP5793593B2 (en) Network authentication method for securely verifying user identification information
JP6801146B2 (en) Electronic approval systems, methods, and programs using biometrics
US20210136062A1 (en) Form based biometric data collection and authentication
CN111787023B (en) Approval login system and method
US20220321347A1 (en) System, method and apparatus for transaction access and security