[go: up one dir, main page]

TWI837960B - System and method for automatic locational service delivery based on mobile identification and authentication and computer-readable medium thereof - Google Patents

System and method for automatic locational service delivery based on mobile identification and authentication and computer-readable medium thereof Download PDF

Info

Publication number
TWI837960B
TWI837960B TW111144618A TW111144618A TWI837960B TW I837960 B TWI837960 B TW I837960B TW 111144618 A TW111144618 A TW 111144618A TW 111144618 A TW111144618 A TW 111144618A TW I837960 B TWI837960 B TW I837960B
Authority
TW
Taiwan
Prior art keywords
service
verification
request data
mobile communication
communication device
Prior art date
Application number
TW111144618A
Other languages
Chinese (zh)
Other versions
TW202423075A (en
Inventor
歐智文
林柏廷
宋育展
繆嘉新
Original Assignee
中華電信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中華電信股份有限公司 filed Critical 中華電信股份有限公司
Priority to TW111144618A priority Critical patent/TWI837960B/en
Application granted granted Critical
Publication of TWI837960B publication Critical patent/TWI837960B/en
Publication of TW202423075A publication Critical patent/TW202423075A/en

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A system and a method for automatic locational service delivery based on mobile identification and authentication and a computer-readable medium are provided, wherein a first user can authenticate the identity of a second user holding a mobile communication device through an authentication device and an authentication server in the cloud at the venue of an event, and send the services related to the event to the second user after the authentication passes. The present disclosure transmits the authentication data of the authentication device through the near-end communication connection between the mobile communication device and the authentication device, as well as the mobile network connection of the mobile communication device itself or the Internet connection of the authentication device itself, to the authentication server in the cloud so that the second user can finish his/her identity authentication and obtain locational services based on the time and the venue of the event quickly and precisely.

Description

基於行動識別驗證之場域服務自動派送系統、方法及其電腦可讀媒體 Field service automatic delivery system, method and computer-readable medium based on mobile identification verification

本發明係有關一種場域服務自動派送技術,且特別係有關一種基於行動識別驗證之場域服務自動派送系統、方法及其電腦可讀媒體。 The present invention relates to a field service automatic delivery technology, and in particular to a field service automatic delivery system, method and computer-readable medium based on mobile identification and verification.

一般的會議、展覽或宴會等活動的參與者報到時,主辦方通常需先認證參與者的身分,再提供與活動相關之資料給參與者。在一習知技術中,於參與者報到時,利用近端通訊技術協助主辦方定位參與者的位置,同時傳送識別資訊以確認參與者身分,據此判定參與者是否完成報到。然而,此過程並無足夠安全可靠之身分認證機制。 When participants of general meetings, exhibitions, banquets and other activities check in, the organizer usually needs to verify the identity of the participants first, and then provide the participants with information related to the event. In a known technology, when participants check in, near-end communication technology is used to assist the organizer in locating the location of the participants, and at the same time, identification information is transmitted to confirm the identity of the participants, and then determine whether the participants have completed the check-in. However, this process does not have a sufficiently secure and reliable identity authentication mechanism.

此外,參與者報到後,需要發送給參與者之相關資料,在一習知技術中,係提供二維條碼給參與者掃描下載,或由主辦方以電子郵件通知活動資訊,以供參與者自行下載,但這些技術較不便利,且仍有改善空間。 In addition, after the participants register, relevant information needs to be sent to the participants. In a known technology, a two-dimensional barcode is provided for the participants to scan and download, or the organizer notifies the event information by email for the participants to download by themselves. However, these technologies are not convenient and there is still room for improvement.

為解決上述問題,本發明提供一種基於行動識別驗證之場域服務自動派送系統,包括:主驗裝置,部署於第一位置,用於接收一使用者的行動通訊裝置所產生之被驗請求資料,且驗證該被驗請求資料之簽章,以於該簽章通過驗證後,根據該被驗請求資料產生主驗請求資料,且傳送該主驗請求資料;主驗伺服器,用於接收該主驗請求資料,以根據該主驗請求資料判定該使用者是否通過身分驗證;以及場域服務子系統,用於在該使用者通過該身分驗證後,產生服務資料包,以供該行動通訊裝置顯示由該服務資料包所產生之服務索引畫面,其中,該服務索引畫面包括至少一或複數服務連結,以為該使用者提供服務。 To solve the above problems, the present invention provides a field service automatic delivery system based on mobile identification verification, including: a primary verification device, deployed at a first location, for receiving a verified request data generated by a user's mobile communication device, and verifying the signature of the verified request data, so that after the signature is verified, the primary verification request data is generated according to the verified request data, and the primary verification request data is transmitted; a primary verification server, for receiving the primary verification request data, and determining whether the user has passed the identity verification according to the primary verification request data; and a field service subsystem, for generating a service data package after the user has passed the identity verification, so that the mobile communication device can display a service index screen generated by the service data package, wherein the service index screen includes at least one or more service links to provide services to the user.

本發明另提供一種基於行動識別驗證之場域服務自動派送方法,包括:接收一使用者的行動通訊裝置所產生之被驗請求資料;驗證該被驗請求資料之簽章;於該簽章通過驗證後,根據該被驗請求資料產生主驗請求資料;根據該主驗請求資料判定該使用者是否通過身分驗證;以及在該使用者通過該身分驗證後,產生服務資料包,以供該行動通訊裝置顯示由該服務資料包所產生之服務索引畫面,其中,該服務索引畫面包括至少一或複數服務連結,以為該使用者提供服務。 The present invention also provides a method for automatically delivering field services based on mobile identification verification, including: receiving verified request data generated by a user's mobile communication device; verifying the signature of the verified request data; generating main verification request data based on the verified request data after the signature is verified; determining whether the user has passed the identity verification based on the main verification request data; and generating a service data package after the user has passed the identity verification, so that the mobile communication device can display a service index screen generated by the service data package, wherein the service index screen includes at least one or more service links to provide services to the user.

本發明又提供一種電腦可讀媒體,應用於終端裝置、電腦及/或伺服器中,係儲存有指令,以執行上述之場域服務自動派送方法。 The present invention also provides a computer-readable medium for use in a terminal device, a computer and/or a server, which stores instructions for executing the above-mentioned field service automatic delivery method.

基於上述技術內容,本發明之活動主辦方可以在活動場地透過主驗裝置與主驗伺服器,驗證持行動通訊裝置之活動參與者的身分,並於驗證通過後,向該參與者派送與該活動相關之服務。 Based on the above technical content, the event organizer of the present invention can verify the identity of the event participants holding mobile communication devices at the event venue through the main verification device and the main verification server, and after the verification is passed, send the event-related services to the participants.

10:主驗裝置 10: Main test device

11:運算模組 11: Computation module

12:近端通訊模組 12: Near-end communication module

13:安全元件 13: Security element

14:定位模組 14: Positioning module

15:供電模組 15: Power supply module

16:網路模組 16: Network module

20:行動通訊裝置 20: Mobile communication devices

21:近端通訊模組 21: Near-end communication module

22:應用程式 22: Applications

30:主驗伺服器 30: Main verification server

31:安全模組 31: Security module

32:事件資料庫 32: Event database

33:使用者資料庫 33: User database

34:主驗裝置資料庫 34: Main test device database

35:令牌模組 35:Token module

40:場域服務子系統 40: Field service subsystem

41:服務提供者資料庫 41: Service provider database

42:服務資料庫 42: Service database

43:活動主辦者資料庫 43:Event organizer database

44:活動營運資料庫 44:Activity operation database

45:擴充列表產生模組 45: Expand list generation module

46:畫面產生模組 46: Screen generation module

100:場域服務自動派送系統 100: Field service automatic delivery system

300:場域服務自動派送方法 300: Automatic delivery method for field services

301~310:步驟 301~310: Steps

600:報到畫面 600: Check-in screen

601:感應報到按鈕 601: Sensor check-in button

610:第一感應提示畫面 610: First sensor prompt screen

611:第一感應狀態 611: First Sensing State

612:感應取消按鈕 612:Sensor cancel button

620:第二感應提示畫面 620: Second sensor prompt screen

621:第二感應狀態 621: Second Sensing State

630:服務索引畫面 630: Service index screen

631:第一服務連結 631: First service link

632:第二服務連結 632: Second service link

633:第三服務連結 633: Third service link

634:第四服務連結 634: Fourth service link

圖1為本發明一實施例的一種基於行動識別驗證之場域服務自動派送系統的示意方塊圖。 Figure 1 is a schematic block diagram of a field service automatic delivery system based on mobile identification verification according to an embodiment of the present invention.

圖2繪示本發明一實施例的行動通訊裝置顯示的示意操作畫面。 Figure 2 shows a schematic operation screen displayed by a mobile communication device of an embodiment of the present invention.

圖3為本發明一實施例的一種基於行動識別驗證之場域服務自動派送方法的示意流程圖。 Figure 3 is a schematic flow chart of a method for automatic delivery of field services based on mobile identification and verification according to an embodiment of the present invention.

圖1為根據本發明一實施例的一種基於行動識別驗證之場域服務自動派送系統100的示意方塊圖。 FIG1 is a schematic block diagram of a field service automatic delivery system 100 based on mobile identification and verification according to an embodiment of the present invention.

場域服務自動派送系統100包括主驗裝置10、主驗伺服器30及場域服務子系統40,其中,主驗裝置10即專用於採集行動通訊裝置資訊以進行例如會議、展覽、宴會或文藝演出等活動之參與者的身分識別與驗證之終端裝置,例如報到機,且部署於該活動的報到處。主驗伺服器30與場域服務子系統40均為網際網路之雲端伺服器或伺服器叢集。主驗伺服器30通訊連接主驗裝置10及場域服務子系統40。 The field service automatic delivery system 100 includes a main verification device 10, a main verification server 30 and a field service subsystem 40, wherein the main verification device 10 is a terminal device dedicated to collecting mobile communication device information for identity identification and verification of participants of activities such as conferences, exhibitions, banquets or cultural performances, such as a check-in machine, and is deployed at the check-in point of the activity. The main verification server 30 and the field service subsystem 40 are both cloud servers or server clusters of the Internet. The main verification server 30 is connected to the main verification device 10 and the field service subsystem 40 in communication.

此外,活動參與者之行動通訊裝置20可通訊連接主驗裝置10及主驗伺服器30。行動通訊裝置20係一般可上網以及可進行近端通訊連線之行動裝置,例如智慧型手機、平板電腦或筆記型電腦。行動通訊裝置20包括近端通訊模組21及應用程式22,其中,應用程式22可以是專為參與該活動而設計的應用程式,或至少包括參與該活動所需之功能的應用程式。 In addition, the mobile communication device 20 of the activity participant can communicate with the main verification device 10 and the main verification server 30. The mobile communication device 20 is a mobile device that can generally access the Internet and perform near-end communication connection, such as a smart phone, a tablet computer or a laptop. The mobile communication device 20 includes a near-end communication module 21 and an application 22, wherein the application 22 can be an application designed specifically for participating in the activity, or at least an application that includes the functions required for participating in the activity.

主驗裝置10包括運算模組11、近端通訊模組12、安全元件13、定位模組14、供電模組15、以及網路模組16。 The main test device 10 includes a computing module 11, a near-end communication module 12, a security element 13, a positioning module 14, a power supply module 15, and a network module 16.

在一實施例中,運算模組11用於控制主驗裝置10之運作與計算處理資料等。近端通訊模組12電性連接運算模組11,用於在驗證行動通訊裝置20的被驗請求資料時與其進行資料交換。主驗裝置10的近端通訊模組12和行動通訊裝置20的近端通訊模組21可進行近端通訊連線,例如近場通訊(Near Field Communication,NFC)協定、藍芽(Bluetooth)通訊協定、無線高保真(Wi-Fi)通訊協定、或超寬頻(ultra-wideband,UWB)通訊協定之連線,以互相傳遞資料。 In one embodiment, the computing module 11 is used to control the operation of the main verification device 10 and calculate and process data. The near-end communication module 12 is electrically connected to the computing module 11 and is used to exchange data with the mobile communication device 20 when verifying the verification request data. The near-end communication module 12 of the main verification device 10 and the near-end communication module 21 of the mobile communication device 20 can perform near-end communication connection, such as Near Field Communication (NFC) protocol, Bluetooth communication protocol, Wireless High Fidelity (Wi-Fi) communication protocol, or Ultra-Wideband (UWB) communication protocol connection to transmit data to each other.

此外,網路模組16電性連接運算模組11,用於以有線或無線形式連線至主驗伺服器30,並傳送資料至主驗伺服器30。安全元件13電性連接運算模組11,用於儲存預載金鑰、處理被驗請求資料之解密驗證簽章運算、以及產生主驗請求資料之加密簽章運算。定位模組14電性連接運算模組11,用於接收全球定位系統(Global Positioning System,GPS)之定位訊號,以提供主驗請求資料內之主驗裝置10的定位資訊。 In addition, the network module 16 is electrically connected to the computing module 11, and is used to connect to the main verification server 30 in a wired or wireless form, and transmit data to the main verification server 30. The security element 13 is electrically connected to the computing module 11, and is used to store preloaded keys, process the decryption verification signature operation of the verification request data, and generate the encryption signature operation of the main verification request data. The positioning module 14 is electrically connected to the computing module 11, and is used to receive the positioning signal of the Global Positioning System (GPS) to provide the positioning information of the main verification device 10 in the main verification request data.

再者,供電模組15用於為主驗裝置10及其所有內部模組與元件供電,其包括充電電池,且包括設置於主驗裝置10之外殼的電源開關,供電模組15可外接有線電源供應。 Furthermore, the power supply module 15 is used to supply power to the main test device 10 and all its internal modules and components. It includes a rechargeable battery and a power switch disposed on the outer shell of the main test device 10. The power supply module 15 can be connected to an external wired power supply.

主驗伺服器30包括安全模組31、事件資料庫32、使用者資料庫33、主驗裝置資料庫34、以及令牌模組35。 The authentication server 30 includes a security module 31, an event database 32, a user database 33, a authentication device database 34, and a token module 35.

在一實施例中,令牌模組35用於參與者的令牌的產生與驗證。使用者資料庫33用於記錄參與者的識別資訊、行動通訊裝置20的識別訊息、通訊金鑰,以及由令牌模組35產生之令牌。主驗裝置資料庫34用於記錄主驗裝置 10的識別資訊、預載金鑰、主驗裝置10的部署定位資訊、部署組態資訊、或其他與主驗裝置10相關之服務所需之資料。 In one embodiment, the token module 35 is used to generate and verify the token of the participant. The user database 33 is used to record the identification information of the participant, the identification information of the mobile communication device 20, the communication key, and the token generated by the token module 35. The master verification device database 34 is used to record the identification information of the master verification device 10, the preloaded key, the deployment location information of the master verification device 10, the deployment configuration information, or other data required for services related to the master verification device 10.

此外,安全模組31用於主驗請求資料之解密驗證簽章運算。事件資料庫32用於記錄主驗時間戳記、主驗裝置10的識別訊息、行動通訊裝置20的識別訊息、被驗時間戳記、主驗裝置10的定位資訊、行動通訊裝置20的定位資訊、以及參與者的身分驗證結果。 In addition, the security module 31 is used for decryption and verification signature calculation of the master verification request data. The event database 32 is used to record the master verification timestamp, the identification information of the master verification device 10, the identification information of the mobile communication device 20, the verified timestamp, the location information of the master verification device 10, the location information of the mobile communication device 20, and the identity verification results of the participants.

場域服務子系統40包括服務提供者資料庫41、服務資料庫42、活動主辦者資料庫43、活動營運資料庫44、擴充列表產生模組45、以及畫面產生模組46。 The venue service subsystem 40 includes a service provider database 41, a service database 42, an event organizer database 43, an event operation database 44, an expansion list generation module 45, and a screen generation module 46.

在一實施例中,服務提供者資料庫41用於記錄服務提供者的識別資訊、名稱、聯絡人與聯絡資料。服務資料庫42用於記錄服務識別資訊、服務擁有者識別資訊、服務營運狀態、服務型態與服務通訊資料。 In one embodiment, the service provider database 41 is used to record the service provider's identification information, name, contact person, and contact information. The service database 42 is used to record service identification information, service owner identification information, service operation status, service type, and service communication data.

此外,活動主辦者資料庫43用於記錄活動主辦者的識別資訊、名稱、聯絡人與聯絡資料。活動營運資料庫44用於記錄活動序號、活動有效時間區間、活動名稱、活動主辦者的識別資訊、主驗裝置識別資訊列表、以及預設服務列表。 In addition, the event organizer database 43 is used to record the identification information, name, contact person and contact information of the event organizer. The event operation database 44 is used to record the event serial number, event effective time period, event name, identification information of the event organizer, main verification device identification information list, and default service list.

再者,擴充列表產生模組45用於將預設服務列表擴充成完整服務列表。畫面產生模組46用於根據服務資料包產生服務索引畫面。 Furthermore, the extended list generation module 45 is used to expand the default service list into a complete service list. The screen generation module 46 is used to generate a service index screen according to the service data package.

上述之運算模組11、近端通訊模組12及21、安全元件13、定位模組14、供電模組15與網路模組16均可為軟體、硬體或韌體;安全模組31、令牌模組35、擴充列表產生模組45、以及畫面產生模組46均可為軟體、硬體或韌體。若為硬體,則可為具有資料處理與運算能力之處理單元、處理器、電腦 或伺服器;若為軟體或韌體,則可包括處理單元、處理器、電腦或伺服器可執行之指令。 The computing module 11, near-end communication modules 12 and 21, security element 13, positioning module 14, power supply module 15 and network module 16 mentioned above can all be software, hardware or firmware; the security module 31, token module 35, expansion list generation module 45 and screen generation module 46 can all be software, hardware or firmware. If it is hardware, it can be a processing unit, processor, computer or server with data processing and computing capabilities; if it is software or firmware, it can include instructions that can be executed by the processing unit, processor, computer or server.

在一實施例中,活動的參與者在參加活動前,必須使用其行動通訊裝置20上的應用程式22連線至主驗伺服器30以完成註冊供裝程序。詳言之,參與者操作應用程式22將參與者的識別資訊與行動通訊裝置20的識別資訊透過網際網路傳送至主驗伺服器30。主驗伺服器30至少將參與者的識別資訊、行動通訊裝置20的識別資訊、通訊金鑰、以及參與者的個人資料記錄於使用者資料庫33。註冊成功之後,主驗伺服器30將該參與者之通訊金鑰、已加密個人資料(參與者的個人資料可由行動通訊裝置20或另一雲端裝置提供)、或其他與該參與者相關之資料,傳回行動通訊裝置20之應用程式22進行儲存。 In one embodiment, before participating in the event, participants of the event must use the application 22 on their mobile communication device 20 to connect to the main authentication server 30 to complete the registration and installation process. In detail, the participant operates the application 22 to transmit the participant's identification information and the identification information of the mobile communication device 20 to the main authentication server 30 via the Internet. The main authentication server 30 records at least the participant's identification information, the identification information of the mobile communication device 20, the communication key, and the participant's personal information in the user database 33. After successful registration, the main verification server 30 returns the participant's communication key, encrypted personal information (the participant's personal information can be provided by the mobile communication device 20 or another cloud device), or other data related to the participant to the application 22 of the mobile communication device 20 for storage.

場域服務子系統40的管理者可將參與者參與活動時會使用到的各類服務的提供商新增至場域服務子系統40的服務提供者資料庫41,且將這些服務新增至場域服務子系統40之服務資料庫42。其中,各該服務之網路入口端的網址與呼叫該網址可用之參數等資訊,以可延伸標記式語言(Extensible Markup Language,XML)或JavaScript物件表示法(JavaScript Object Notation,JSON)格式定義,並進一步整合成該等服務之服務資料包。參與者的行動通訊裝置20在取得該服務資料包後,其應用程式22便可根據該服務資料包,產生指向各該服務之網址的服務連結,提供給參與者在活動報到後之活動進行期間操作使用。 The administrator of the field service subsystem 40 can add the providers of various services that participants will use when participating in the event to the service provider database 41 of the field service subsystem 40, and add these services to the service database 42 of the field service subsystem 40. The URL of the network entry of each service and the parameters available for calling the URL are defined in the format of Extensible Markup Language (XML) or JavaScript Object Notation (JSON), and further integrated into the service data package of the services. After the mobile communication device 20 of the participant obtains the service data package, its application 22 can generate a service link pointing to the URL of each service according to the service data package, and provide it to the participant for operation and use during the event after checking in for the event.

活動主辦方則須於場域服務子系統40之活動主辦者資料庫43留有資料。另外,主辦方於活動開始之前,於場域服務子系統40之活動營運資料庫44新增一活動記錄,並具體填入本次活動的資訊與設定,以及本次活動參與者在報到之後可以取用的服務與該等服務的資料。例如,該等服務可包括酒水點 心服務,且該酒水點心服務的資料可包括各種酒類、飲料和點心的選單,以供參與者點選。該等服務亦可包括計程車服務,且該計程車服務的資料可包括主辦方安排的等車地點,以及多種車型與費率,以供參與者選擇。若該活動為國際活動,則該等服務可包括翻譯人員服務,且該翻譯人員服務的資料可包括翻譯人員的照片和簡介。若該活動為多日活動,則該等服務可包括配套的旅館服務,且該旅館服務的資料可包括旅館的說明資料。 The event organizer must leave data in the event organizer database 43 of the venue service subsystem 40. In addition, before the event begins, the organizer adds an event record to the event operation database 44 of the venue service subsystem 40, and specifically fills in the information and settings of this event, as well as the services and data of these services that the participants of this event can use after checking in. For example, these services may include wine and snack services, and the data of the wine and snack services may include a menu of various wines, drinks and snacks for participants to choose from. These services may also include taxi services, and the data of the taxi services may include the waiting location arranged by the organizer, as well as a variety of car models and rates for participants to choose from. If the event is an international event, such services may include translator services, and the information on the translator services may include photos and profiles of the translators. If the event is a multi-day event, such services may include supporting hotel services, and the information on the hotel services may include hotel descriptions.

主辦方將主驗裝置10部署於舉行該活動的場地的報到處,且於部署時將主驗裝置10的部署相關資訊,包含主驗裝置10的識別資訊、部署定位資訊(例如主驗裝置10部署後的地理位置)、部署組態資訊(例如網路模組16是否啟用)、以及其他相關資料(例如主辦方的宣傳資料與聯絡方式等),記錄於主驗伺服器30之主驗裝置資料庫34。若部署地點可提供電源,則該電源可直接提供給主驗裝置10運作,並可對其供電模組15充電。 The organizer deploys the main test device 10 at the registration point of the venue where the event is held, and during deployment, the deployment-related information of the main test device 10, including the identification information of the main test device 10, deployment location information (e.g., the geographic location of the main test device 10 after deployment), deployment configuration information (e.g., whether the network module 16 is enabled), and other related information (e.g., the organizer's promotional materials and contact information, etc.), is recorded in the main test device database 34 of the main test server 30. If the deployment site can provide power, the power can be directly provided to the main test device 10 for operation, and its power supply module 15 can be charged.

當活動參與者抵達舉辦該活動的場地時,可持該參與者的行動通訊裝置20靠近主驗裝置10以進行報到,行動通訊裝置20的應用程式22會嘗試透過近端通訊模組21以近場通訊協定(NFC)等近端通訊協定感應主驗裝置10。若能感應到主驗裝置10,則應用程式22令近端通訊模組21與主驗裝置10的近端通訊模組12建立近端通訊連線,且應用程式22組合參與者的已加密個人資料、被驗時間戳記(即參與者的報到時間)、行動通訊裝置20的定位資訊,並以通訊金鑰對上述組合資料進行簽章後,產生被驗請求資料,再透過近端通訊模組21將被驗請求資料傳送至主驗裝置10。主驗裝置10以近端通訊模組12接收到被驗請求資料之後,透過運算模組11與安全元件13內儲存的預載金鑰驗證被驗請求資料的簽章。通訊金鑰和預載金鑰均為同一密鑰的衍生密鑰,因此,通 訊金鑰和預載金鑰可以互相驗證對方所產生的簽章。被驗請求資料的簽章驗證通過後,運算模組11組合參與者的已加密個人資料、被驗時間戳記、行動通訊裝置20的定位資訊、主驗時間戳記、定位模組14產生之主驗裝置10的定位資訊,再用安全元件13內儲存的預載金鑰進行簽章後,產生主驗請求資料。 When an event participant arrives at the venue of the event, he/she can check in by bringing his/her mobile communication device 20 close to the main experience device 10. The application 22 of the mobile communication device 20 will try to sense the main experience device 10 through the near-end communication module 21 using a near-field communication protocol such as NFC. If the main verification device 10 can be sensed, the application 22 instructs the proximal communication module 21 to establish a proximal communication connection with the proximal communication module 12 of the main verification device 10, and the application 22 combines the encrypted personal data of the participant, the verified timestamp (i.e. the participant's check-in time), and the location information of the mobile communication device 20, and signs the above combined data with the communication key to generate the verified request data, and then transmits the verified request data to the main verification device 10 through the proximal communication module 21. After the main verification device 10 receives the verified request data with the proximal communication module 12, it verifies the signature of the verified request data through the preloaded key stored in the computing module 11 and the security element 13. The communication key and the preload key are both derived keys of the same key, so the communication key and the preload key can verify each other's signatures. After the signature verification of the verified request data is passed, the computing module 11 combines the encrypted personal data of the participant, the verified timestamp, the location information of the mobile communication device 20, the main verification timestamp, and the location information of the main verification device 10 generated by the positioning module 14, and then signs it with the preload key stored in the security element 13 to generate the main verification request data.

在一實施例中,預載金鑰的保存方式有兩種,第一種是在主驗裝置10部署前,將預載金鑰寫入安全元件13的儲存空間;第二種是使用安全存取模組(secure access module,SAM)儲存預載金鑰,而已儲存預載金鑰之SAM係於主驗裝置10部署之前或部署時安裝入安全元件13。 In one embodiment, there are two ways to save the preloaded key. The first is to write the preloaded key into the storage space of the security element 13 before the main verification device 10 is deployed. The second is to use a secure access module (SAM) to store the preloaded key, and the SAM storing the preloaded key is installed into the security element 13 before or during the deployment of the main verification device 10.

本實施例之主驗裝置10內的預載金鑰可於部署後更新,若使用可替換的SAM則可透過替換SAM完成更新。在不調整主驗裝置10的硬體配置的前提下,亦可透過軟體方式寫入新的預載金鑰,以更新預載金鑰。其中,寫入新預載金鑰之操作指令至少應包含簽章,且必須以既有之預載金鑰對該指令簽章進行合法性驗證。 The preloaded key in the main verification device 10 of this embodiment can be updated after deployment. If a replaceable SAM is used, the update can be completed by replacing the SAM. Without adjusting the hardware configuration of the main verification device 10, a new preloaded key can also be written through software to update the preloaded key. Among them, the operation instruction for writing the new preloaded key should at least include a signature, and the legitimacy of the instruction signature must be verified with the existing preloaded key.

上述簽章與驗證所使用之演算法可例如為RSA(Rivest-Shamir-Adleman)演算法或橢圓曲線數位簽章演算法(Elliptic Curve Digital Signature Algorithm,ECDSA),其雜湊函數可採用安全雜湊演算法1(Secure Hash Algorithm 1,SHA-1)或安全雜湊演算法256(SHA-256)等,金鑰具體形式由上述演算法之選用而決定,但具有相同或類似功能之演算法均可實現。 The algorithm used for the above-mentioned signature and verification may be, for example, the RSA (Rivest-Shamir-Adleman) algorithm or the Elliptic Curve Digital Signature Algorithm (ECDSA), and its hash function may adopt the Secure Hash Algorithm 1 (SHA-1) or the Secure Hash Algorithm 256 (SHA-256), etc. The specific form of the key is determined by the selection of the above-mentioned algorithm, but algorithms with the same or similar functions can be implemented.

然後,若主驗裝置10的網路模組16已啟用,且舉辦活動之場地具有網路連線環境,則主驗裝置10可將主驗請求資料透過網路模組16傳送至主驗伺服器30。若主驗裝置10的網路模組16未啟用,則主驗裝置10可將主驗請求資料透過近端通訊模組12傳回行動通訊裝置20的近端通訊模組21,再由 行動通訊裝置20的應用程式22轉送至主驗伺服器30。主驗伺服器30收到主驗裝置10產生之主驗請求資料後,透過事先儲存於主驗裝置資料庫34內的預載金鑰,以安全模組31驗證該主驗請求資料的簽章。 Then, if the network module 16 of the master verification device 10 is enabled and the venue of the event has a network connection environment, the master verification device 10 can transmit the master verification request data to the master verification server 30 through the network module 16. If the network module 16 of the master verification device 10 is not enabled, the master verification device 10 can transmit the master verification request data back to the proximal communication module 21 of the mobile communication device 20 through the proximal communication module 12, and then forwarded to the master verification server 30 by the application 22 of the mobile communication device 20. After receiving the master verification request data generated by the master verification device 10, the master verification server 30 verifies the signature of the master verification request data with the security module 31 through the pre-loaded key stored in the master verification device database 34 in advance.

若主驗請求資料的簽章未通過驗證,則主驗伺服器30判定該參與者未通過身分驗證。若主驗請求資料的簽章通過驗證,則主驗伺服器30可進行下列檢查:比對主驗請求資料中的被驗時間戳記與主驗伺服器30收到主驗請求資料之時間的誤差值是否在誤差容許範圍內、比對主驗請求資料中的行動通訊裝置20的定位資訊與主驗裝置10的定位資訊兩者的定位誤差距離是否在誤差容許範圍內、以及比對主驗請求資料中的主驗裝置10的定位資訊與主驗裝置資料庫34內的主驗裝置10的部署定位資訊兩者的定位誤差距離是否在誤差容許範圍內。 If the signature of the verification request data fails to pass the verification, the verification server 30 determines that the participant has failed the identity verification. If the signature of the verification request data passes the verification, the verification server 30 can perform the following checks: compare the error value between the verified timestamp in the verification request data and the time when the verification server 30 receives the verification request data to see if it is within the error tolerance range, compare the positioning error between the positioning information of the mobile communication device 20 in the verification request data and the positioning information of the verification device 10 to see if it is within the error tolerance range, and compare the positioning error between the positioning information of the verification device 10 in the verification request data and the deployment positioning information of the verification device 10 in the verification device database 34 to see if it is within the error tolerance range.

若上述每一項檢查的誤差值或定位誤差距離均在其誤差容許範圍內,則主驗伺服器30判定該參與者通過身分驗證。若上述任一項檢查的誤差值或定位誤差距離超出其誤差容許範圍,則主驗伺服器30判定該參與者未通過身分驗證。 If the error value or positioning error distance of each of the above checks is within the error tolerance range, the main verification server 30 determines that the participant has passed the identity verification. If the error value or positioning error distance of any of the above checks exceeds the error tolerance range, the main verification server 30 determines that the participant has not passed the identity verification.

進行身分驗證後,主驗伺服器30將行動通訊裝置20的識別資訊、主驗裝置10的識別資訊、主驗請求資料、以及本次身分驗證結果寫入事件資料庫32。 After identity verification, the main verification server 30 writes the identification information of the mobile communication device 20, the identification information of the main verification device 10, the main verification request data, and the result of this identity verification into the event database 32.

若參與者通過身分驗證,則令牌模組35會產生該參與者的令牌,並將該令牌寫入主驗伺服器30之使用者資料庫33內的該參與者所屬記錄之令牌欄位。此外,主驗伺服器30將主驗裝置10與行動通訊裝置20的相關資訊(包括該令牌)傳送給場域服務子系統40,以供場域服務子系統40依據該等資訊產 生要派送給行動通訊裝置20之服務資料包或服務索引畫面(細節後述)。若參與者未通過身分驗證,則主驗伺服器30不進行後續處理。 If the participant passes the identity verification, the token module 35 will generate a token for the participant and write the token into the token field of the record to which the participant belongs in the user database 33 of the main verification server 30. In addition, the main verification server 30 transmits the relevant information of the main verification device 10 and the mobile communication device 20 (including the token) to the field service subsystem 40, so that the field service subsystem 40 can generate a service data package or a service index screen (details will be described later) to be sent to the mobile communication device 20 based on the information. If the participant fails to pass the identity verification, the main verification server 30 will not perform subsequent processing.

圖2繪示本實施例的行動通訊裝置20中之應用程式22在行動通訊裝置20的螢幕上顯示的示意操作畫面。 FIG. 2 shows a schematic operation screen of the application 22 in the mobile communication device 20 of the present embodiment displayed on the screen of the mobile communication device 20.

首先是提供給參與者的報到畫面600,參與者於報到時可按下報到畫面600中的感應報到按鈕601,應用程式22隨即轉至顯示第一感應提示畫面610,且開始感應主驗裝置10,並顯示第一感應狀態611,例如表示正在感應中,以提示參與者,同時顯示感應取消按鈕612。參與者可按下感應取消按鈕612以取消感應,即取消報到。 First, a check-in screen 600 is provided to the participants. When checking in, the participants can press the sensing check-in button 601 in the check-in screen 600, and the application 22 will immediately switch to displaying the first sensing prompt screen 610, and start sensing the main testing device 10, and display the first sensing state 611, such as indicating that sensing is in progress, to prompt the participants, and display a sensing cancel button 612 at the same time. The participants can press the sensing cancel button 612 to cancel the sensing, that is, cancel the check-in.

如上所述,若應用程式22能感應到主驗裝置10,則將被驗請求資料傳送至主驗裝置10。若主驗裝置10的網路模組16未啟用,則主驗裝置10驗證被驗請求資料後,會將主驗請求資料傳給行動通訊裝置20,以透過行動通訊裝置20將主驗請求資料傳給主驗伺服器30。若主驗裝置10的網路模組16已啟用,且舉辦活動之場地具有網路連線環境,則主驗裝置10驗證被驗請求資料後,會透過網路模組16將主驗請求資料直接傳給主驗伺服器30,且發送對應之通知給行動通訊裝置20。 As described above, if the application 22 can sense the main verification device 10, the verification request data will be transmitted to the main verification device 10. If the network module 16 of the main verification device 10 is not enabled, the main verification device 10 will transmit the main verification request data to the mobile communication device 20 after verifying the verification request data, so that the main verification request data will be transmitted to the main verification server 30 through the mobile communication device 20. If the network module 16 of the main verification device 10 is enabled and the venue of the event has a network connection environment, the main verification device 10 will directly transmit the main verification request data to the main verification server 30 through the network module 16 after verifying the verification request data, and send a corresponding notification to the mobile communication device 20.

承上,當行動通訊裝置20收到該主驗請求資料或該通知時,即獲知參與者之報到已經成功。或者,若行動通訊裝置20在一段預設時間後未收到該主驗請求資料或該通知,或收到來自主驗裝置10的該被驗請求資料驗證失敗的通知,則獲知參與者之報到已經失敗。獲知報到結果後,應用程式22轉至顯示第二感應提示畫面620,其中,第二感應狀態621顯示感應報到結果是成功或 失敗。若為成功,則應用程式22可透過主驗伺服器30向場域服務子系統40發送產生服務資料包之請求。 As mentioned above, when the mobile communication device 20 receives the master verification request data or the notification, it is informed that the participant's registration has been successful. Alternatively, if the mobile communication device 20 does not receive the master verification request data or the notification after a preset period of time, or receives a notification from the master verification device 10 that the verification request data has failed to be verified, it is informed that the participant's registration has failed. After knowing the registration result, the application 22 switches to display the second sensing prompt screen 620, wherein the second sensing status 621 shows whether the sensing registration result is successful or failed. If it is successful, the application 22 can send a request to generate a service data package to the field service subsystem 40 through the master verification server 30.

場域服務子系統40收到該請求後,確認主驗伺服器30對於參與者的身分驗證結果。若主驗伺服器30判定參與者未通過身分驗證,則場域服務子系統40直接拒絕該請求。若主驗伺服器30判定參與者通過身分驗證,則場域服務子系統40透過擴充列表產生模組45產生前述之完整服務列表,並將該完整服務列表進一步整合成服務資料包。 After receiving the request, the field service subsystem 40 confirms the identity verification result of the participant by the main verification server 30. If the main verification server 30 determines that the participant has not passed the identity verification, the field service subsystem 40 directly rejects the request. If the main verification server 30 determines that the participant has passed the identity verification, the field service subsystem 40 generates the aforementioned complete service list through the extended list generation module 45, and further integrates the complete service list into a service data package.

該完整服務列表中的服務,一部分是由活動主辦方在活動前於場域服務子系統40的服務資料庫42中預設的,另一部分則是由擴充列表產生模組45所篩選產生。詳言之,場域服務子系統40在參與者通過身分驗證後根據主驗裝置10的識別資訊,於活動營運資料庫44內取得主驗裝置10的識別資訊相對應之預設服務列表。此外,擴充列表產生模組45接受當前時間、用戶對服務提供者的評分、服務提供者與活動場地之間的距離、及/或服務提供者的目前忙碌程度等參數,根據上述參數篩選記錄於服務資料庫42中之服務,且對通過篩選之服務排序,以產生擴充服務列表。該擴充服務列表即包括通過上述篩選與排序之服務。然後,擴充列表產生模組45將該擴充服務列表與該預設服務列表合併為前述之完整服務列表。 Some of the services in the complete service list are preset by the event organizer in the service database 42 of the field service subsystem 40 before the event, and the other part is screened and generated by the extended list generation module 45. In detail, after the participant passes the identity verification, the field service subsystem 40 obtains the preset service list corresponding to the identification information of the main verification device 10 in the event operation database 44 according to the identification information of the main verification device 10. In addition, the extended list generation module 45 receives parameters such as the current time, the user's rating of the service provider, the distance between the service provider and the event venue, and/or the current busyness of the service provider, and filters the services recorded in the service database 42 according to the above parameters, and sorts the services that pass the screening to generate an extended service list. The extended service list includes the services that pass the above screening and sorting. Then, the extended list generation module 45 merges the extended service list with the default service list into the aforementioned complete service list.

接著,場域服務子系統40根據完整服務列表內之每一筆服務的識別資訊,自服務資料庫42提取各該服務之服務通訊資料(例如提供各該服務之網址與呼叫該網址可用之參數等資料),且根據主驗裝置10的識別資訊,於活動營運資料庫44內取得主驗裝置10相對應之活動序號、活動有效時間區間、活動名稱、活動主辦者識別資訊,連同該參與者之令牌,一併組成服務資料包。 Next, the field service subsystem 40 extracts the service communication data of each service from the service database 42 (such as the URL of each service and the parameters available for calling the URL) according to the identification information of each service in the complete service list, and obtains the activity serial number, activity effective time range, activity name, and activity organizer identification information corresponding to the main verification device 10 from the activity operation database 44 according to the identification information of the main verification device 10, together with the token of the participant, to form a service data package.

該服務資料包透過主驗伺服器30回傳至應用程式22。應用程式22解析服務資料包,依照該服務資料包內之每一服務的服務通訊資料,逐一產生對應之服務連結,且據以產生及顯示服務索引畫面630。或者,場域服務子系統40之畫面產生模組46亦可直接解析服務資料包以產生服務索引畫面630,再將服務索引畫面630傳送回應用程式22,以供應用程式22顯示。 The service data packet is returned to the application 22 through the main verification server 30. The application 22 parses the service data packet, generates corresponding service links one by one according to the service communication data of each service in the service data packet, and generates and displays the service index screen 630 accordingly. Alternatively, the screen generation module 46 of the field service subsystem 40 can also directly parse the service data packet to generate the service index screen 630, and then send the service index screen 630 back to the application 22 for display by the application 22.

上述應用程式22與場域服務子系統40之畫面產生模組46產生的兩者之任一服務索引畫面630,最終顯示於行動通訊裝置20的螢幕上。以圖2為例,服務資料包中之完整服務列表共有四筆記錄,則對應產生服務索引畫面630中的四個服務連結,分別是第一服務連結631、第二服務連結632、第三服務連結633與第四服務連結634。各該服務連結可為文字或圖示形式,且包括其對應之服務的網址與呼叫該網址可用之參數等資訊。參與者點選任一服務連結,即可連線至該服務連結所對應之服務的網址,以快速轉往提供該服務之網站,並使用該服務。另外,服務索引畫面630可進一步包括本次活動的序號、名稱、有效時間區間、以及主辦者識別資訊,與服務連結一併顯示,以供參與者進行點選、複製或轉傳等操作。 Any service index screen 630 generated by the screen generation module 46 of the above-mentioned application 22 and the field service subsystem 40 is finally displayed on the screen of the mobile communication device 20. Taking FIG. 2 as an example, there are four records in the complete service list in the service data package, and the corresponding four service links in the service index screen 630 are the first service link 631, the second service link 632, the third service link 633 and the fourth service link 634. Each service link can be in the form of text or icon, and includes information such as the URL of the corresponding service and the parameters available for calling the URL. When a participant clicks on any service link, he can connect to the URL of the service corresponding to the service link to quickly transfer to the website providing the service and use the service. In addition, the service index screen 630 may further include the serial number, name, effective time period, and organizer identification information of this event, and display it together with the service link for participants to click, copy, or forward.

如上所述,當參與者通過身分驗證後,主驗伺服器30會將該參與者的令牌傳給場域服務子系統40。場域服務子系統40會將該令牌加入服務資料包,或加入服務索引畫面。因此,應用程式22接收服務資料包或服務索引畫面時,也會接收該令牌。當參與者點選服務索引畫面中的某一網路連結時,應用程式22會將該令牌及行動通訊裝置20或參與者的識別資訊傳給該網路連結所對應之服務網站。該服務網站可向主驗伺服器30發出令牌驗證之請求,該請求包括該令牌及行動通訊裝置20或參與者的識別資訊。主驗伺服器30收到該請求 後,其令牌模組35根據該令牌及行動通訊裝置20或參與者的識別資訊,向事件資料庫32查詢該參與者的身分驗證結果。 As described above, when a participant passes identity verification, the main verification server 30 transmits the participant's token to the field service subsystem 40. The field service subsystem 40 adds the token to the service data package or the service index screen. Therefore, when the application 22 receives the service data package or the service index screen, it also receives the token. When the participant clicks on a network link in the service index screen, the application 22 transmits the token and the identification information of the mobile communication device 20 or the participant to the service website corresponding to the network link. The service website can send a token verification request to the main verification server 30, and the request includes the token and the identification information of the mobile communication device 20 or the participant. After the main verification server 30 receives the request, its token module 35 queries the event database 32 for the participant's identity verification result based on the token and the identification information of the mobile communication device 20 or the participant.

若該身分驗證結果為通過,且該身分驗證結果對應之被驗時間戳記或主驗時間戳記在預設之有效時間範圍內,則該令牌驗證之結果為通過,否則該令牌驗證之結果為未通過。令牌模組35會將令牌驗證結果傳回該服務網站。該服務網站可在令牌驗證結果為通過時,方提供服務。 If the identity verification result is passed, and the verified timestamp or main verification timestamp corresponding to the identity verification result is within the preset valid time range, then the result of the token verification is passed, otherwise the result of the token verification is not passed. The token module 35 will return the token verification result to the service website. The service website can provide services only when the token verification result is passed.

前述之實施例係先由主驗伺服器30驗證參與者身分,再由場域服務子系統40產生服務資料包。在另一實施例,上述過程可以相反,即先由場域服務子系統40產生服務資料包,再由主驗伺服器30驗證參與者身分。詳言之,該實施例之行動通訊裝置20或主驗裝置10可通訊連接場域服務子系統40。可由行動通訊裝置20將接收自主驗裝置10的主驗請求資料傳送給場域服務子系統40,或由主驗裝置10將主驗請求資料直接傳送給場域服務子系統40。場域服務子系統40可依據該主驗請求資料產生服務資料包。 In the aforementioned embodiment, the main verification server 30 first verifies the identity of the participant, and then the field service subsystem 40 generates a service data packet. In another embodiment, the above process can be reversed, that is, the field service subsystem 40 first generates a service data packet, and then the main verification server 30 verifies the identity of the participant. In detail, the mobile communication device 20 or the main verification device 10 of the embodiment can be connected to the field service subsystem 40 for communication. The mobile communication device 20 can transmit the main verification request data received from the main verification device 10 to the field service subsystem 40, or the main verification device 10 can directly transmit the main verification request data to the field service subsystem 40. The field service subsystem 40 can generate a service data packet based on the main verification request data.

在產生過程中,場域服務子系統40會將主驗請求資料傳送給主驗伺服器30,以供主驗伺服器30進行參與者之身分驗證。若主驗伺服器30判定參與者未通過身分驗證,則場域服務子系統40可中止服務資料包之產生,或拒絕行動通訊裝置20為取得服務資料包所發送的請求。 During the generation process, the field service subsystem 40 will transmit the authentication request data to the authentication server 30 for the authentication server 30 to authenticate the participant. If the authentication server 30 determines that the participant has not passed the authentication, the field service subsystem 40 may terminate the generation of the service data package or reject the request sent by the mobile communication device 20 to obtain the service data package.

本發明在實施時具有彈性,可與其他本發明以外之外部服務整合實施,其中,應用程式22可藉由軟體模組形式整合於外部服務應用程式中。 The present invention is flexible in implementation and can be integrated with other external services other than the present invention. The application 22 can be integrated into the external service application in the form of a software module.

在報到時,行動通訊裝置20的應用程式22產生被驗請求資料並傳給主驗裝置10,主驗裝置10驗證後產生主驗請求資料。然後,若主驗裝置10的網路模組16有啟用,則主驗裝置10通過網路模組16、外部服務應用程式與 其後端伺服器,將主驗請求資料轉送至主驗伺服器30以進行身分驗證。若網路模組16未啟用,則主驗裝置10將主驗請求資料回傳給行動通訊裝置20,行動通訊裝置20再通過外部服務應用程式與其後端伺服器,將主驗請求資料轉送至主驗伺服器30以進行身分驗證。主驗伺服器30進行身分驗證後,會將驗證結果回報給外部服務應用程式與其後端伺服器。 When checking in, the application 22 of the mobile communication device 20 generates the verification request data and transmits it to the main verification device 10. After verification, the main verification device 10 generates the main verification request data. Then, if the network module 16 of the main verification device 10 is enabled, the main verification device 10 transmits the main verification request data to the main verification server 30 through the network module 16, the external service application and its backend server for identity verification. If the network module 16 is not enabled, the main verification device 10 transmits the main verification request data back to the mobile communication device 20, and the mobile communication device 20 transmits the main verification request data to the main verification server 30 through the external service application and its backend server for identity verification. After the main authentication server 30 performs identity authentication, it will report the authentication result to the external service application and its backend server.

另外,外部服務應用程式與其後端伺服器亦可對場域服務子系統40發送產生服務資料包之請求,場域服務子系統40可將所產之服務資料包傳送給外部服務應用程式與其後端伺服器以進行後續處理。 In addition, the external service application and its backend server can also send a request to generate a service data packet to the field service subsystem 40, and the field service subsystem 40 can transmit the generated service data packet to the external service application and its backend server for subsequent processing.

圖3為本發明一實施例的一種基於行動識別驗證之場域服務自動派送方法300的示意流程圖。場域服務自動派送方法300可由場域服務自動派送系統100與活動參與者的行動通訊裝置20執行。 FIG3 is a schematic flow chart of a method 300 for automatic delivery of field services based on mobile identification verification according to an embodiment of the present invention. The method 300 for automatic delivery of field services can be executed by the automatic delivery system 100 for field services and the mobile communication device 20 of the activity participant.

在步驟301,活動參與者使用行動通訊裝置20連線至主驗伺服器30以完成註冊供裝程序。 In step 301, the activity participant uses the mobile communication device 20 to connect to the main verification server 30 to complete the registration and installation process.

在步驟302,該參與者手持行動通訊裝置20報到,因此,行動通訊裝置20產生被驗請求資料,且將被驗請求資料傳給主驗裝置10。 In step 302, the participant checks in with the mobile communication device 20, so the mobile communication device 20 generates verification request data and transmits the verification request data to the main verification device 10.

在步驟303,主驗裝置10驗證被驗請求資料,於驗證通過後產生主驗請求資料,且將主驗請求資料傳給主驗伺服器30。 In step 303, the main verification device 10 verifies the verified request data, generates the main verification request data after the verification is passed, and transmits the main verification request data to the main verification server 30.

在步驟304,主驗伺服器30根據主驗請求資料進行參與者的身分驗證。 In step 304, the authentication server 30 performs identity authentication of the participant based on the authentication request data.

在步驟305,行動通訊裝置20的應用程式22發送產生服務資料包之請求。 In step 305, the application 22 of the mobile communication device 20 sends a request to generate a service data packet.

在步驟306,若該參與者通過身分驗證,則場域服務子系統40響應該請求而產生完整服務列表。 In step 306, if the participant passes the identity verification, the field service subsystem 40 responds to the request and generates a complete service list.

在步驟307,場域服務子系統40根據完整服務列表產生服務資料包。 In step 307, the field service subsystem 40 generates a service data package based on the complete service list.

在步驟308,應用程式22或場域服務子系統40解析服務資料包以產生服務索引畫面。 In step 308, the application 22 or the field service subsystem 40 parses the service data packet to generate a service index screen.

在步驟309,應用程式22在行動通訊裝置20的螢幕上顯示服務索引畫面。 In step 309, the application 22 displays a service index screen on the screen of the mobile communication device 20.

在步驟310,活動參與者點選服務索引畫面中的某一服務連結。該服務連結所指向的服務網站向主驗伺服器30請求令牌驗證,且於驗證通過後為該參與者提供服務。 In step 310, the activity participant clicks a service link in the service index screen. The service website pointed to by the service link requests token verification from the main verification server 30, and provides services to the participant after the verification is passed.

場域服務自動派送方法300之各步驟的技術細節已詳述於前文之各實施例中,故此處不予贅述。 The technical details of each step of the field service automatic delivery method 300 have been described in detail in the previous embodiments, so they will not be repeated here.

本發明另提供一種電腦可讀媒體,例如記憶體、軟碟、硬碟或光碟。該電腦可讀媒體可應用於終端裝置、電腦及/或伺服器中,且儲存有指令,以執行上述之場域服務自動派送方法300。例如,該電腦可讀媒體可應用於場域服務自動派送系統100之主驗裝置10、主驗伺服器30與場域服務子系統40中,以配合行動通訊裝置20執行場域服務自動派送方法300。 The present invention also provides a computer-readable medium, such as a memory, a floppy disk, a hard disk or an optical disk. The computer-readable medium can be applied to a terminal device, a computer and/or a server, and stores instructions to execute the above-mentioned field service automatic delivery method 300. For example, the computer-readable medium can be applied to the main verification device 10, the main verification server 30 and the field service subsystem 40 of the field service automatic delivery system 100 to cooperate with the mobile communication device 20 to execute the field service automatic delivery method 300.

本發明具有下列技術特點: The present invention has the following technical features:

第一是參與者的行動通訊裝置產生包含時間戳記之被驗請求資料,並以主驗伺服器配發之通訊金鑰進行簽章後,傳給活動方於現場提供之主驗裝置。主驗裝置隨後以被驗請求資料,加上時間、定位資訊等相關資料,產生主 驗請求資料,以其預載金鑰對主驗請求資料簽章後,傳送至主驗伺服器,主驗伺服器藉由驗證主驗請求資料的簽章,便可確認參與者身份。 The first is that the participant's mobile communication device generates a verification request data containing a timestamp, and after signing it with the communication key distributed by the master verification server, it is sent to the master verification device provided on site by the event organizer. The master verification device then uses the verification request data, plus relevant data such as time and location information, to generate the master verification request data, and after signing the master verification request data with its pre-loaded key, it is sent to the master verification server. The master verification server can confirm the identity of the participant by verifying the signature of the master verification request data.

第二是本發明設計一場域服務子系統,用於管理主驗裝置並產生專屬於參與者之與活動相關之服務列表,並於參與者完成報到與身分驗證後,自動派發至其行動通訊裝置給予使用。 Secondly, the present invention designs a field service subsystem to manage the main verification device and generate a service list related to the activity that is exclusive to the participants, and automatically distributes it to the participants’ mobile communication devices for use after they complete the check-in and identity verification.

第三是本發明之主驗裝置內建的供電模組支援充電電池,使其部署時無需仰賴外部電源供應。 Third, the power supply module built into the main test device of the present invention supports rechargeable batteries, so that it does not need to rely on external power supply when deployed.

另外,本發明具有下列多項: In addition, the present invention has the following features:

第一是參與者透過本發明之報到程序合法性,可藉由上述第一技術特點得到保證。因此,參與者僅需簡單之行動通訊裝置的近端通訊連線操作,便可快速完成身份識別與報到程序。相較於過往利用人眼進行名單核對確認,以及人工活動識別證發放,本發明將整套流程電子化,可大幅節省報到及資料發放之時間成本,亦可為活動主辦方節省可觀人力。 The first is that the legitimacy of the participants' registration process can be guaranteed by the above-mentioned first technical feature. Therefore, participants only need to use a simple near-end communication connection operation of a mobile communication device to quickly complete the identity identification and registration process. Compared with the previous use of human eyes to check and confirm the list and manually issue event identification cards, the present invention digitizes the entire process, which can greatly save the time cost of registration and data issuance, and can also save considerable manpower for the event organizer.

第二是藉由上述第二技術特點所設計之場域服務子系統,會自動將場域服務派送至參與者的行動通訊裝置上,因此,參與者於報到後毋須再手動登入線上活動平台,便可於其行動通訊裝置上存取與該活動相關之個人化資料。本發明提供之服務列表亦形成了在地服務提供平台,將在地的服務提供商、活動方、以及許多外地參與者整合在同一平台上,使得無論是服務資訊的流通,乃至於線上線下商業活動的推廣,都更加快速便利。 Secondly, the field service subsystem designed by the second technical feature above will automatically deliver field services to the participants' mobile communication devices. Therefore, after checking in, participants no longer need to manually log in to the online event platform, and can access the personalized data related to the event on their mobile communication devices. The service list provided by the present invention also forms a local service provision platform, integrating local service providers, event organizers, and many foreign participants on the same platform, making the circulation of service information and the promotion of online and offline business activities faster and more convenient.

第三是藉由第三技術特點提及之無需仰賴外部電源供應,即代表主驗裝置之部署更具彈性,非常適合於會展、會議室與展演等不特定場地提供報到服務。 The third is that there is no need to rely on external power supply as mentioned in the third technical feature, which means that the deployment of the main test device is more flexible, and it is very suitable for providing check-in services in unspecified venues such as exhibitions, meeting rooms and performances.

上述實施形態僅例示性說明本發明之原理及其功效,而非用於限制本發明。任何在本技術領域具有通常知識者均可在不違背本發明之精神及範疇下,對上述實施形態進行修飾與改變。因此,本發明之權利保護範圍,應如後述之申請專利範圍所列。 The above implementation forms are only illustrative of the principles and effects of the present invention, and are not intended to limit the present invention. Anyone with common knowledge in this technical field may modify and change the above implementation forms without violating the spirit and scope of the present invention. Therefore, the scope of protection of the present invention should be as listed in the scope of the patent application described below.

10:主驗裝置 10: Main test device

11:運算模組 11: Computation module

12:近端通訊模組 12: Near-end communication module

13:安全元件 13: Security element

14:定位模組 14: Positioning module

15:供電模組 15: Power supply module

16:網路模組 16: Network module

20:行動通訊裝置 20: Mobile communication devices

21:近端通訊模組 21: Near-end communication module

22:應用程式 22: Applications

30:主驗伺服器 30: Main verification server

31:安全模組 31: Security module

32:事件資料庫 32: Event database

33:使用者資料庫 33: User database

34:主驗裝置資料庫 34: Main test device database

35:令牌模組 35:Token module

40:場域服務子系統 40: Field service subsystem

41:服務提供者資料庫 41: Service provider database

42:服務資料庫 42: Service database

43:活動主辦者資料庫 43:Event organizer database

44:活動營運資料庫 44:Activity operation database

45:擴充列表產生模組 45: Expand list generation module

46:畫面產生模組 46: Screen generation module

100:場域服務自動派送系統 100: Field service automatic delivery system

Claims (9)

一種基於行動識別驗證之場域服務自動派送系統,包括:主驗裝置,部署於第一位置,用於接收一使用者的行動通訊裝置所產生之被驗請求資料,驗證該被驗請求資料之簽章,以於該簽章通過驗證後,根據該被驗請求資料產生主驗請求資料,俾傳送該主驗請求資料;主驗伺服器,用於接收該主驗請求資料,以根據該主驗請求資料判定該參與者是否通過身分驗證;以及場域服務子系統,用於在該使用者通過該身分驗證後,產生服務資料包,以供該行動通訊裝置顯示由該服務資料包所產生之服務索引畫面,其中,該服務索引畫面包括至少一服務連結,以為該使用者提供服務;其中,該行動通訊裝置係使用該行動通訊裝置之通訊金鑰產生該簽章,該主驗裝置係使用該主驗裝置之預載金鑰驗證該簽章,且該通訊金鑰和該預載金鑰均為同一密鑰之衍生密鑰。 A field service automatic delivery system based on mobile identification verification includes: a primary verification device, deployed at a first location, for receiving a verified request data generated by a user's mobile communication device, verifying the signature of the verified request data, and generating a primary verification request data according to the verified request data after the signature is verified, so as to transmit the primary verification request data; a primary verification server, for receiving the primary verification request data, and determining whether the participant has passed the identity verification according to the primary verification request data; and a field service sub-server. The system is used to generate a service data package after the user passes the identity verification, so that the mobile communication device can display a service index screen generated by the service data package, wherein the service index screen includes at least one service link to provide services to the user; wherein the mobile communication device uses the communication key of the mobile communication device to generate the signature, the main verification device uses the preloaded key of the main verification device to verify the signature, and the communication key and the preloaded key are both derived keys of the same key. 如請求項1所述之場域服務自動派送系統,其中,該主驗伺服器復用於驗證該主驗請求資料之簽章。 The field service automatic delivery system as described in claim 1, wherein the primary verification server is reused to verify the signature of the primary verification request data. 如請求項2所述之場域服務自動派送系統,其中,若該主驗請求資料之該簽章通過驗證,則該主驗伺服器進一步根據該主驗請求資料中之被驗時間戳記、該行動通訊裝置之定位資訊、以及該主驗裝置之定位資訊,判定該參與者是否通過該身分驗證,而若該主驗請求資料之該簽章未通過驗證,則該主驗伺服器判定該參與者未通過該身分驗證。 The automatic delivery system for field services as described in claim 2, wherein if the signature of the master verification request data passes verification, the master verification server further determines whether the participant has passed the identity verification based on the verified timestamp in the master verification request data, the location information of the mobile communication device, and the location information of the master verification device, and if the signature of the master verification request data fails verification, the master verification server determines that the participant has failed the identity verification. 如請求項1所述之場域服務自動派送系統,其中,該場域服務子系統包括服務資料庫,該場域服務子系統復用於根據複數參數篩選記錄於該服務資料庫中之服務,且對通過該篩選之該等服務排序,以產生擴充服務列表。 The field service automatic delivery system as described in claim 1, wherein the field service subsystem includes a service database, and the field service subsystem is reused to filter the services recorded in the service database according to multiple parameters, and sort the services that pass the filtering to generate an extended service list. 如請求項4所述之場域服務自動派送系統,其中,該等參數包括當前時間、用戶對該等服務之提供者的評分、該等服務之提供者與舉行該活動的場地之間的距離、及/或該等服務之提供者的目前忙碌程度。 The automatic delivery system for venue services as described in claim 4, wherein the parameters include the current time, the user's rating of the providers of the services, the distance between the providers of the services and the venue where the event is held, and/or the current busyness of the providers of the services. 如請求項1所述之場域服務自動派送系統,其中,該服務索引畫面係由該行動通訊裝置或該場域服務子系統解析該服務資料包而產生。 The field service automatic delivery system as described in claim 1, wherein the service index screen is generated by the mobile communication device or the field service subsystem parsing the service data packet. 如請求項1所述之場域服務自動派送系統,其中,若該主驗伺服器判定該參與者通過該身分驗證,則記錄該身分驗證之結果,且產生該參與者之令牌,再將該令牌傳送至該場域服務子系統,以令該場域服務子系統將該令牌加入該服務資料包或該服務索引畫面,俾使當該參與者點選該等服務連結中之一者時,該行動通訊裝置將該令牌傳送至該服務連結所指向之服務網站,而該主驗伺服器復用於根據該服務網站提供之該令牌與該身分驗證之該結果,進行令牌驗證,以將該令牌驗證之結果傳回該服務網站。 The field service automatic delivery system as described in claim 1, wherein if the main verification server determines that the participant passes the identity verification, the result of the identity verification is recorded, and a token of the participant is generated, and the token is then transmitted to the field service subsystem, so that the field service subsystem adds the token to the service data package or the service index screen, so that when the participant clicks on one of the service links, the mobile communication device transmits the token to the service website pointed to by the service link, and the main verification server is reused to perform token verification according to the token provided by the service website and the result of the identity verification, so as to return the result of the token verification to the service website. 一種基於行動識別驗證之場域服務自動派送方法,包括:接收一使用者的行動通訊裝置所產生之被驗請求資料,並使用該行動通訊裝置之通訊金鑰產生該被驗請求資料之簽章;使用預載金鑰驗證該被驗請求資料之簽章;於該簽章通過驗證後,根據該被驗請求資料產生主驗請求資料;根據該主驗請求資料判定該使用者是否通過身分驗證;以及 在該使用者通過該身分驗證後,產生服務資料包,以供該行動通訊裝置顯示由該服務資料包所產生之服務索引畫面,其中,該服務索引畫面包括至少一服務連結,以為該使用者提供服務;其中,該通訊金鑰和該預載金鑰均為同一密鑰之衍生密鑰。 A method for automatically delivering field services based on mobile identification verification includes: receiving verified request data generated by a mobile communication device of a user, and using the communication key of the mobile communication device to generate a signature of the verified request data; using a preloaded key to verify the signature of the verified request data; after the signature is verified, generating a primary verification request data according to the verified request data; determining whether the user has passed the identity verification according to the primary verification request data; and after the user has passed the identity verification, generating a service data package for the mobile communication device to display a service index screen generated by the service data package, wherein the service index screen includes at least one service link to provide services to the user; wherein the communication key and the preloaded key are both derived keys of the same key. 一種電腦可讀媒體,應用於終端裝置、電腦及/或伺服器中,係儲存有指令,以執行如請求項8所述之場域服務自動派送方法。 A computer-readable medium, used in a terminal device, a computer and/or a server, stores instructions for executing the method for automatically delivering field services as described in claim 8.
TW111144618A 2022-11-22 2022-11-22 System and method for automatic locational service delivery based on mobile identification and authentication and computer-readable medium thereof TWI837960B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW111144618A TWI837960B (en) 2022-11-22 2022-11-22 System and method for automatic locational service delivery based on mobile identification and authentication and computer-readable medium thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW111144618A TWI837960B (en) 2022-11-22 2022-11-22 System and method for automatic locational service delivery based on mobile identification and authentication and computer-readable medium thereof

Publications (2)

Publication Number Publication Date
TWI837960B true TWI837960B (en) 2024-04-01
TW202423075A TW202423075A (en) 2024-06-01

Family

ID=91618899

Family Applications (1)

Application Number Title Priority Date Filing Date
TW111144618A TWI837960B (en) 2022-11-22 2022-11-22 System and method for automatic locational service delivery based on mobile identification and authentication and computer-readable medium thereof

Country Status (1)

Country Link
TW (1) TWI837960B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI439965B (en) * 2012-03-07 2014-06-01 Jogtek Corp Authentication system for electrical ticket and authentication method for the same
CN104408779A (en) * 2014-11-14 2015-03-11 苏州盖雅信息技术有限公司 A smartphone-based NFC attendance system and usage method
TW201619893A (en) * 2014-11-28 2016-06-01 遠東科技大學 System and method for providing navigation and marketing information with respect to tickets
TWI733590B (en) * 2020-09-15 2021-07-11 中華電信股份有限公司 Identity recognition system and method using active nfc tag and tokenization

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI439965B (en) * 2012-03-07 2014-06-01 Jogtek Corp Authentication system for electrical ticket and authentication method for the same
CN104408779A (en) * 2014-11-14 2015-03-11 苏州盖雅信息技术有限公司 A smartphone-based NFC attendance system and usage method
TW201619893A (en) * 2014-11-28 2016-06-01 遠東科技大學 System and method for providing navigation and marketing information with respect to tickets
TWI733590B (en) * 2020-09-15 2021-07-11 中華電信股份有限公司 Identity recognition system and method using active nfc tag and tokenization

Also Published As

Publication number Publication date
TW202423075A (en) 2024-06-01

Similar Documents

Publication Publication Date Title
CN111612168B (en) Management method and related device for machine learning task
US11887176B2 (en) Method for registering customized device, server, and terminal
US8745401B1 (en) Authorizing actions performed by an online service provider
CN111475841B (en) Access control method, related device, equipment, system and storage medium
TW201836322A (en) Certificate management method and system
US20220224720A1 (en) Link detection method and apparatus, electronic device, and storage medium
KR20180048600A (en) Systems and methods for providing legal writing electronically
JP2012529715A (en) Integrating updates into social networking services
TW200838257A (en) Provisioning of digital identity representations
CN108933656A (en) Online works voting method and device, computer equipment, readable storage medium storing program for executing
AU2016201219B2 (en) Communication exchanges and methods of use thereof
CN107086984A (en) A kind of method, terminal and server for obtaining and generating identifying code
US12229771B2 (en) Account binding method and apparatus, computer device, and storage medium
CN110489946A (en) Copyright authentication method, apparatus, equipment and storage medium based on block chain
CN109428725A (en) Information processing equipment, control method and storage medium
Choi et al. Location based authentication scheme using BLE for high performance digital content management system
TWI837960B (en) System and method for automatic locational service delivery based on mobile identification and authentication and computer-readable medium thereof
CN110889264A (en) Multimedia information processing method, device, equipment and storage medium
CN114189344B (en) Method, device and electronic device for processing authorization
CN114418573A (en) Certificate issuing method and certificate verifying method in block chain
JP2019176251A (en) Authentication system and authentication method
CN109150880B (en) Data reporting method, device and computer-readable storage medium
JP2021108040A (en) Invitation system, management server, and invitation method
CN118470830A (en) Device operation method, device, computer device and storage medium
CN116415996A (en) Rights and interests information display method and device