[go: up one dir, main page]

TWI901928B - Method and system for identity verification applied to financial system - Google Patents

Method and system for identity verification applied to financial system

Info

Publication number
TWI901928B
TWI901928B TW112101478A TW112101478A TWI901928B TW I901928 B TWI901928 B TW I901928B TW 112101478 A TW112101478 A TW 112101478A TW 112101478 A TW112101478 A TW 112101478A TW I901928 B TWI901928 B TW I901928B
Authority
TW
Taiwan
Prior art keywords
verification
user device
backend
financial
information
Prior art date
Application number
TW112101478A
Other languages
Chinese (zh)
Other versions
TW202429356A (en
Inventor
楊吉閔
蔡佳縈
林昭君
劉明昀
徐忠瑜
李志鴻
陳怡君
賴冠廷
許素雯
林恒茂
徐琡雅
袁育婷
Original Assignee
玉山商業銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 玉山商業銀行股份有限公司 filed Critical 玉山商業銀行股份有限公司
Priority to TW112101478A priority Critical patent/TWI901928B/en
Publication of TW202429356A publication Critical patent/TW202429356A/en
Application granted granted Critical
Publication of TWI901928B publication Critical patent/TWI901928B/en

Links

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

A method and a system for identity verification are provided. The system provides a financial machine back-end server and a user device back-end server that provides verification service for a user device. In the method, a verification process is initiated by a financial machine for verifying a permission that allows the user device to perform a financial service. The financial machine generates a verification service request. The financial machine back-end server asks the user device back-end server to generate a verification data after receiving the request. The user device back-end server generates the verification data and forwards the verification data to the financial machine via the financial machine back-end server. The user device obtains the verification data from the financial machine, and then transmits to the user device back-end server for verification. The user device is allowed to perform the financial service if the verification is successful.

Description

應用於金融系統的身份驗證方法與身份驗證系統Identity verification methods and systems applied to financial systems

說明書公開一種使用不同裝置進行特定金融服務驗證的技術,特別是一種利用金融資訊機進行跨裝置驗證的身份驗證方法與系統。The manual discloses a technology for verifying specific financial services using different devices, and in particular, a method and system for cross-device identity verification using financial information machines.

在金融科技推波助瀾下,讓民眾更方便地執行各種金融服務,隨之而來的就是加入各種資訊安全的技術,包括各種身份驗證的技術也發展出來。常見的是當使用者要進行特定金融服務時,除了傳統的密碼帳號外,還會要求進行使用者裝置的二次驗證服務,例如存取金融服務的銀行網站會要求使用者註冊時的手機號碼電信服務商進行一次式密碼(OTP)的驗證,讓使用者可以此具有時間限制的一次式密碼驗證自己的身份後,取得金融服務。Driven by fintech, which makes it easier for people to access various financial services, various information security technologies have been developed, including identity verification technologies. Commonly, when users want to access specific financial services, in addition to traditional passwords and accounts, they are required to undergo secondary verification via their devices. For example, bank websites accessing financial services may require users to verify their mobile phone number registered with their telecommunications service provider using a one-time password (OTP). This time-limited OTP allows users to verify their identity and obtain financial services.

為了要通過一跨裝置驗證以提供更安全的金融服務,揭露書提出一種身份驗證方法與系統,身份驗證系統提出一金融資訊機後台,用於連線設於各處的金融資訊機,以提供金融資訊機的信息往來的服務,以及一使用者裝置後台,用於提供使用者裝置取得金融服務的驗證服務。In order to provide more secure financial services through cross-device authentication, the disclosure proposes an identity verification method and system. The identity verification system includes a financial information machine backend for connecting financial information machines located in various locations to provide information exchange services between financial information machines, and a user device backend for providing authentication services for user devices to obtain financial services.

在身份驗證系統執行的身份驗證方法中,主要流程包括通過金融資訊機啟動一驗證流程,用於驗證是否允許使用者裝置執行特定金融服務,金融資訊機即產生一請求驗證服務的信息至金融資訊機後台。接著,金融資訊機後台向使用者裝置後台要求產生一驗證資訊,即由使用者裝置後台產生驗證資訊,再將驗證資訊回傳至金融資訊機後台,再轉送至金融資訊機。The identity verification method executed by the identity verification system mainly involves initiating an verification process through a financial information terminal to verify whether the user device is allowed to perform specific financial services. The financial information terminal generates a request for verification service information to its backend. Then, the financial information terminal's backend requests the user device's backend to generate verification information. That is, the user device's backend generates the verification information and sends it back to the financial information terminal's backend, which then forwards it to the financial information terminal.

之後,使用者操作使用者裝置自金融資訊機取得驗證資訊,再傳送至使用者裝置後台,由使用者裝置後台比對接收的驗證資訊以及根據金融資訊機後台要求所產生的驗證資訊,產生一驗證結果,當驗證結果為驗證成功,通知使用者裝置執行金融服務。Afterwards, the user operates the user device to obtain verification information from the financial information machine, and then sends it to the user device's backend. The user device's backend compares the received verification information with the verification information generated according to the requirements of the financial information machine's backend, and generates a verification result. When the verification result is successful, the user device is notified to execute the financial service.

優選地,身份驗證系統還包括執行於使用者裝置的應用程式,以此應用程式執行所述金融服務時,等待通過金融資訊機執行身份驗證的驗證結果後,判斷是否繼續執行金融服務。Preferably, the identity verification system also includes an application running on the user's device, which, when performing the financial service, waits for the verification result from the financial information machine before determining whether to continue performing the financial service.

優選地,金融資訊機可自金融卡片或使用者裝置的無線訊號接收使用者識別資料,使用者識別資料隨同請求驗證服務的信息傳送至金融資訊機後台,並傳遞至使用者裝置後台,使得使用者裝置後台能根據使用者識別資料驗證所接收的驗證資訊。Preferably, the financial information terminal can receive user identification data from the wireless signal of the financial card or user device. The user identification data, along with the information requesting the verification service, is transmitted to the backend of the financial information terminal and then to the backend of the user device, so that the backend of the user device can verify the received verification information based on the user identification data.

進一步地,使用者裝置後台產生驗證資訊的方法包括,先以一亂數產生器產生具有時效性的第一亂數與第二亂數,以儲存裝置儲存第二亂數以及自金融資訊機後台取得的使用者識別資料,接著基於第一亂數與一固定字串,以一雜湊演算法演算一雜湊值,再基於使用者識別資料、雜湊值以及第二亂數,以一密碼演算法演算一次式密碼,此一次式密碼與第一亂數即形成驗證資訊。Furthermore, the method for generating verification information in the user device backend includes: first, generating a time-sensitive first random number and a second random number using a random number generator; storing the second random number and user identification data obtained from the financial information machine backend using a storage device; then, calculating a hash value using a hash algorithm based on the first random number and a fixed string; and finally, calculating a linear password using a cryptographic algorithm based on the user identification data, the hash value, and the second random number. This linear password and the first random number together form the verification information.

進一步地,當使用者裝置後台自使用者裝置接收驗證資訊時,將從此驗證資訊取得一次式密碼與第一亂數,再從儲存裝置中取得對應本次驗證程序的第二亂數與使用者識別資料,再次演算用於驗證的另一雜湊值,可稱第二雜湊值,並再次基於使用者識別資料、第二雜湊值與第二亂數,以密碼演算法再次演算用於驗證的一次式密碼,可稱第二一次式密碼,用於驗證自使用者裝置接收的一次式密碼。Furthermore, when the user device backend receives authentication information from the user device, it obtains the primary password and the first random number from this authentication information, and then obtains the second random number and user identification data corresponding to this authentication process from the storage device. It then calculates another hash value for authentication, which can be called the second hash value. Based on the user identification data, the second hash value, and the second random number, it calculates the primary password for authentication again using a cryptographic algorithm, which can be called the second primary password, and uses it to verify the primary password received from the user device.

為使能更進一步瞭解本發明的特徵及技術內容,請參閱以下有關本發明的詳細說明與圖式,然而所提供的圖式僅用於提供參考與說明,並非用來對本發明加以限制。To further understand the features and technical content of this invention, please refer to the following detailed description and drawings of this invention. However, the drawings provided are for reference and illustration only and are not intended to limit this invention.

以下是通過特定的具體實施例來說明本發明的實施方式,本領域技術人員可由本說明書所公開的內容瞭解本發明的優點與效果。本發明可通過其他不同的具體實施例加以施行或應用,本說明書中的各項細節也可基於不同觀點與應用,在不悖離本發明的構思下進行各種修改與變更。另外,本發明的附圖僅為簡單示意說明,並非依實際尺寸的描繪,事先聲明。以下的實施方式將進一步詳細說明本發明的相關技術內容,但所公開的內容並非用以限制本發明的保護範圍。The following specific embodiments illustrate the implementation of this invention. Those skilled in the art can understand the advantages and effects of this invention from the content disclosed in this specification. This invention can be implemented or applied through other different specific embodiments, and various details in this specification can also be modified and changed based on different viewpoints and applications without departing from the concept of this invention. In addition, the accompanying drawings of this invention are only simple illustrative drawings and are not depictions based on actual dimensions, as stated in advance. The following embodiments will further explain the relevant technical content of this invention in detail, but the disclosed content is not intended to limit the scope of protection of this invention.

應當可以理解的是,雖然本文中可能會使用到“第一”、“第二”、“第三”等術語來描述各種元件或者信號,但這些元件或者信號不應受這些術語的限制。這些術語主要是用以區分一元件與另一元件,或者一信號與另一信號。另外,本文中所使用的術語“或”,應視實際情況可能包括相關聯的列出項目中的任一個或者多個的組合。It should be understood that although terms such as "first," "second," and "third" may be used in this document to describe various components or signals, these components or signals should not be limited by these terms. These terms are primarily used to distinguish one component from another, or one signal from another. Furthermore, the term "or" used in this document should, as appropriate, include any combination of one or more of the related listed items.

揭露書公開一種應用於金融系統的身份驗證方法與系統,其中主要技術概念使通過使用者裝置與金融資訊機以及各自的後台伺服器相互傳遞的驗證資訊確認使用者可以執行一特定金融服務,實現身份驗證的目標,提供更為安全的金融環境。The disclosure reveals an identity verification method and system applied to the financial system. The main technical concept is to confirm that a user can perform a specific financial service by exchanging verification information between the user device, the financial information machine, and their respective back-end servers, thereby achieving the goal of identity verification and providing a more secure financial environment.

先參考圖1顯示執行所述身份驗證方法的系統的架構實施例圖,圖示之系統架構包括通過網路10相互串接的各端裝置,其中主要裝置包括設於客戶端的金融資訊機101(如:ATM機台,或是金融卡等金融卡片的讀卡機)以及設於金融系統伺服器端的金融資訊機後台103,金融資訊機後台103為以電腦系統與資料庫等軟體元件與硬體架構實現針對設於各處的金融資訊機101的後台管理伺服器,可通過網路10提供金融資訊機101的信息往來的服務;使用者則持有執行特定應用程式(如行動網銀APP)的使用者裝置105,伺服器端則設有對應的使用者裝置後台107,使用者裝置後台107為以電腦系統與資料庫等軟體元件與硬體架構實現針對使用者裝置105中執行的應用程式的管理伺服器,使用者裝置後台107應用上如行動裝置的後台,提供使用者裝置取得金融服務的驗證服務,其中設有服務使用者裝置105的對應資料庫109。Referring first to Figure 1, which shows an example of the system architecture for implementing the aforementioned identity verification method, the system architecture includes various terminal devices interconnected via network 10. The main devices include a financial information machine 101 (such as an ATM or a card reader for financial cards) located at the customer end and a financial information machine backend 103 located on the financial system server end. The financial information machine backend 103 is a backend management server implemented using computer systems, databases, and other software and hardware components and architecture for the financial information machines 101 located in various locations. It can provide financial information services via network 10. The communication device 101 provides information exchange services; the user holds a user device 105 that runs a specific application (such as a mobile banking APP), and the server side has a corresponding user device backend 107. The user device backend 107 is a management server for the application running on the user device 105, which is implemented by computer system and database software components and hardware architecture. The user device backend 107 is like the backend of the mobile device, providing the user device with verification services to obtain financial services, and has a corresponding database 109 serving the user device 105.

根據身份驗證方法的實施方式,主要可分為產生驗證資訊的流程以及執行特定金融服務的流程,其中使用者裝置105取得驗證資訊的方式包含但不限於二維條碼(如QR Code)、推播信息、近場通訊信息(NFC)與簡訊等,並可以直接呈現文字由使用者輸入至使用者裝置105的方式。以下實施例列舉裝置綁定、非約定轉帳以及手機號碼收款設定等的流程,其中驗證資訊的流程主要是通過金融資訊機101驗證使用者手持的使用者裝置105與使用者身份,藉此安全驗證確認可執行通過使用者裝置105中執行的應用程式提出的金融服務。Based on the implementation method of identity verification, it can be mainly divided into the process of generating verification information and the process of executing specific financial services. The user device 105 obtains verification information in ways including, but not limited to, two-dimensional barcodes (such as QR codes), push notifications, near-field communication (NFC) information, and SMS messages, and can also directly present text input by the user into the user device 105. The following implementation examples illustrate the processes of device binding, non-contractual transfers, and mobile phone number payment settings. The verification information process mainly involves the financial information machine 101 verifying the user's handheld user device 105 and the user's identity, thereby securely verifying that the financial services offered by the application executed through the user device 105 can be performed.

運行於身份驗證系統的方法可參考圖1中描述的流程,一開始金融資訊機101經觸發後啟動一驗證流程,用於驗證是否允許執行一金融服務(步驟S101),其中觸發啟動驗證流程的方式可以是,由使用者插入一金融卡片啟動,或是以使用者裝置105接近金融資訊機101,通過其中交換的無線訊號啟動。The method of running the identity verification system can be referred to the process described in Figure 1. At the beginning, after the financial information machine 101 is triggered, an verification process is started to verify whether a financial service is allowed to be performed (step S101). The verification process can be triggered by the user inserting a financial card or by the user device 105 approaching the financial information machine 101 and starting through the wireless signal exchanged therein.

在上述啟動驗證的流程中,金融資訊機101即接收了使用者識別資料,接著金融資訊機101產生一請求驗證服務的信息至金融資訊機後台103,請求驗證服務將包括使用者識別資料(步驟S103)。In the above-mentioned verification activation process, the financial information machine 101 receives the user identification data, and then the financial information machine 101 generates a verification service request to the financial information machine backend 103. The verification service request will include the user identification data (step S103).

在上述流程中,金融資訊機101可自金融卡片或使用者裝置105的無線訊號接收使用者識別資料(如user ID),使用者識別資料將隨同請求驗證服務的信息傳送至金融資訊機後台103,請求使用者裝置後台107產生一驗證資訊(步驟S105)。當使用者裝置後台107產生驗證資訊,即將驗證資訊回傳至金融資訊機後台103(步驟S107),再轉送至金融資訊機101(步驟S109)。In the above process, the financial information machine 101 can receive user identification data (such as user ID) from the wireless signal of the financial card or user device 105. The user identification data, along with the information requesting verification service, is sent to the financial information machine backend 103, requesting the user device backend 107 to generate verification information (step S105). When the user device backend 107 generates verification information, it sends the verification information back to the financial information machine backend 103 (step S107), and then forwards it to the financial information machine 101 (step S109).

金融資訊機101接收到驗證資訊後,可以驗證圖形或是驗證碼的形式提供給使用者裝置105(步驟S111),經使用者裝置105自金融資訊機101取得驗證資訊,再傳送至使用者裝置後台107,使用者裝置後台107將根據取得的使用者識別資料,比對接收的驗證資訊以及在此驗證流程中根據金融資訊機後台103要求所產生的驗證資訊,產生一驗證結果(步驟S113)。之後將驗證結果傳送至使用者裝置105,當驗證結果為驗證成功,即通知使用者裝置105可以繼續執行金融服務(步驟S115)。After receiving the verification information, the financial information machine 101 can provide it to the user device 105 in the form of a verification graphic or a verification code (step S111). The user device 105 obtains the verification information from the financial information machine 101 and then transmits it to the user device backend 107. The user device backend 107 compares the received verification information with the verification information generated in this verification process according to the requirements of the financial information machine backend 103 based on the obtained user identification data, and generates a verification result (step S113). The verification result is then transmitted to the user device 105. When the verification result is successful, the user device 105 is notified that it can continue to perform financial services (step S115).

根據實施方式,相關細節流程可參考圖2顯示運行於使用者裝置105、金融資訊機101、使用者裝置後台107以及金融資訊機後台103之間的身份驗證方法實施例流程圖,以及參考圖3的流程文字說明。According to the implementation method, the relevant details can be found in Figure 2, which shows the implementation flowchart of the identity verification method running between the user device 105, the financial information machine 101, the user device backend 107, and the financial information machine backend 103, as well as the process description in Figure 3.

一開始,使用者操作金融資訊機101,例如插入金融卡、信用卡等相關可識別身份的金融卡片,即可通過金融資訊機101執行驗證,其中金融資訊機101可通過金融卡片取得的信息包括使用者識別資料(步驟S301)。另有實施例是由使用者裝置105發出無線訊號,如一種射頻識別訊號(RFID),讓金融資訊機101接收到無線訊號後取得其中識別碼。Initially, the user operates the financial information machine 101, for example, by inserting a debit card, credit card, or other identifiable financial card. Verification is then performed by the financial information machine 101, which obtains user identification data from the financial card (step S301). In another embodiment, the user device 105 emits a wireless signal, such as an RFID signal, which the financial information machine 101 receives and retrieves the identification code.

在此一提的是,驗證流程的主要目的是要驗證使用者操作使用者裝置105所要執行的金融服務,使用者可以通過應用程式選擇要執行的金融服務,特別的是,金融服務可指需要通過特定交易安全設計的身份驗證的服務,如(但不限制)使用者裝置105綁定、轉帳、提款、存款或借貸等,主要是達成客戶可確認各筆交易內容且防止身份確認資料與交易內容被竄改的目標。而此執行金融服務的時機可以在啟動驗證流程之前、之中,或是得到驗證資訊之後。It's worth mentioning that the main purpose of the verification process is to verify the financial services that the user intends to perform on their device 105. Users can select the financial services they wish to perform through the application. Specifically, financial services can refer to services requiring identity verification through specific transaction security designs, such as (but not limited to) device 105 binding, transfers, withdrawals, deposits, or loans. The primary goal is to ensure customers can verify the details of each transaction and prevent the tampering of identity verification data and transaction information. This financial service can be performed before, during, or after the verification process is initiated.

接著,金融資訊機101啟動驗證流程,通過網路連線並通知金融資訊機後台103,請求驗證服務(步驟S303),先經金融資訊機後台103回應信息,可以通過金融資訊機101以顯示的信息要求使用者確認開始驗證服務,例如顯示一個開始驗證的按鈕,使用者可以按下確認開始驗證流程(步驟S305)。Next, the financial information machine 101 initiates the verification process by connecting to the network and notifying the financial information machine backend 103 to request verification service (step S303). After the financial information machine backend 103 responds with information, the financial information machine 101 can display information to ask the user to confirm the start of the verification service, such as displaying a start verification button, which the user can press to confirm the start of the verification process (step S305).

經使用者確認開始驗證流程,相關信息傳送到金融資訊機後台103(步驟S307),再由金融資訊機後台103通知使用者裝置後台107,要求產生驗證資訊,使用者裝置後台107可從接收的信息中取得使用者識別資料(如user ID)(步驟S309)。Once the user confirms and the verification process begins, the relevant information is transmitted to the financial information machine backend 103 (step S307). The financial information machine backend 103 then notifies the user device backend 107 to generate verification information. The user device backend 107 can obtain the user identification data (such as user ID) from the received information (step S309).

在產生驗證資訊的實施例中,使用者裝置後台107將先產生驗證用的數值,舉例來說,可通過亂數產生器產生亂數,根據其中之一實施方式,可提出具有時效性的第一亂數(random1)與第二亂數(random2),可由使用者裝置後台設定一有效時間,過了有效時間即失效,驗證也就失敗。使用者裝置後台107通過其中儲存裝置儲存當下取得的使用者識別資料以及第二亂數,作為之後驗證使用者裝置105傳送的驗證資訊之用(步驟S311)。In an embodiment of generating verification information, the user device backend 107 first generates a verification value. For example, a random number generator can generate a random number. According to one embodiment, a first random number (random1) and a second random number (random2) with time expiration can be generated. The user device backend can set a validity period, after which the value expires and the verification fails. The user device backend 107 stores the currently acquired user identification data and the second random number through its storage device for use in verifying the verification information transmitted by the user device 105 (step S311).

使用者裝置後台107接著通過一密碼演算法根據取得的資訊(例如使用者識別資料與特定值)演算出一次式密碼(one-time password,OTP),所述特定值可以是通過雜湊演算法(hash algorithm)基於第一亂數與特定數值(如一系統提供的固定字串(fixedstring))演算得出的雜湊值(hash value)(步驟S313)。舉例來說,使用者裝置後台107執行的密碼演算法使用了使用者識別資料(如後台取得的user ID)、基於第一亂數與特定數值演算得出的雜湊值以及第二亂數演算產生提供使用者裝置取得一次式密碼(OTP),並可以是一種基於雜湊信息驗證碼的一次式密碼(HOTP,HMAC-based One-Time Password,HMAC: hashed message authentication code)。The user device backend 107 then uses a password algorithm to calculate a one-time password (OTP) based on the obtained information (such as user identification data and a specific value). The specific value can be a hash value calculated by a hash algorithm based on a first random number and a specific value (such as a fixed string provided by the system) (step S313). For example, the password algorithm executed by the user device backend 107 uses user identification data (such as the user ID obtained by the backend), a hash value calculated based on a first random number and a specific value, and a second random number calculation to generate an One-Time Password (OTP) for the user device to obtain. It can also be a One-Time Password based on HMAC (HMAC: hashed message authentication code).

在此一提的是,上述實施例所描述的亂數與一次式密碼等的描述並非用於限制揭露書提出的身份驗證方法的實施範圍,而是可以應用以密碼學方式傳遞隨機產生的一組隨機值或者是經過演算的任何參數值。It should be noted that the descriptions of random numbers and one-dimensional cryptography in the above embodiments are not intended to limit the scope of the identity verification method proposed in the disclosure, but can be applied to transmit a set of randomly generated random values or any calculated parameter values in a cryptographic manner.

上述一次式密碼與基於本案驗證流程產生的第一亂數將形成驗證資訊,使用者裝置後台107即將此驗證資訊傳送至金融資訊機後台103(步驟S315),再由金融資訊機後台103將驗證資訊轉送至金融資訊機101(步驟S317)。The aforementioned one-time password and the first random number generated based on the verification process of this case will form verification information. The user device backend 107 will then transmit this verification information to the financial information machine backend 103 (step S315), and the financial information machine backend 103 will then forward the verification information to the financial information machine 101 (step S317).

在金融資訊機101中,可以通過轉換程式將一次式密碼(或加上第一亂數)轉換為驗證圖形,此例如QR碼(還可為其他形式的驗證資訊),再將QR碼顯示在螢幕上,作為提供使用者的驗證資料(步驟S319)。另有方法可以使用一種無線驗證碼,如以近場通信(NFC)格式編碼的射頻信號,可以通過無線通訊方式傳送至使用者裝置105。In the financial information machine 101, a one-time password (or with a first random number added) can be converted into a verification image, such as a QR code (or other forms of verification information), through a conversion program. The QR code is then displayed on the screen as verification data provided to the user (step S319). Alternatively, a wireless verification code, such as a radio frequency signal encoded in Near Field Communication (NFC) format, can be transmitted to the user device 105 via wireless communication.

當使用者看到驗證圖形或是特定要求驗證的信息時,使用者可在其使用者裝置105上操作應用程式(如網路銀行APP),選擇要執行的金融服務(步驟S321),例如使用者裝置105綁定、轉帳、提款、存款或借貸等。此步驟可以是在上述流程之前、之中或之後進行,接著使用者操作應用程式讀取金融資訊機101上顯示的驗證資訊,或是以無線方式接收到驗證資訊,也就是得到上述使用者裝置後台107為了本次驗證需求產生的一次式密碼(步驟S323)。When a user sees a verification graphic or information requiring specific verification, the user can operate an application (such as an online banking app) on their user device 105 to select the financial service to be performed (step S321), such as binding the user device 105, transferring funds, withdrawing money, depositing money, or borrowing. This step can be performed before, during, or after the above process. Then, the user operates the application to read the verification information displayed on the financial information machine 101, or receives the verification information wirelessly, which is to obtain the one-time password generated by the user device backend 107 for this verification requirement (step S323).

使用者繼續操作應用程式,將得到的驗證資訊傳送至使用者裝置後台107(步驟S325),由使用者裝置後台107中的驗證程式轉碼為密碼字串後,比對在此流程中產生的一次式密碼,進行驗證(步驟S327),經驗證成功後,將同意使用者繼續執行使用者裝置105上所選擇要進行的金融服務。(步驟S329)。The user continues to operate the application, sending the obtained verification information to the user device backend 107 (step S325). The verification program in the user device backend 107 converts the information into a password string and compares it with the one-time password generated in this process for verification (step S327). If the verification is successful, the user is allowed to continue to perform the financial service selected on the user device 105 (step S329).

進一步地,上述身份驗證方法流程中,其中 特別的是由使用者裝置後台107產生驗證資訊,其中的方法主要可以軟體方法搭配硬體運算的方式,先以一亂數產生器產生具有時效性的第一亂數(random1)與第二亂數(random2),並以一儲存裝置儲存第二亂數以及自金融資訊機後台取得的使用者識別資料,用於之後驗證使用者裝置回傳的驗證資訊之用。Furthermore, in the aforementioned identity verification process, a key feature is that the verification information is generated by the user device backend 107. The method primarily combines software and hardware computation. First, a random number generator generates a first random number (random1) and a second random number (random2) with timeliness. Then, a storage device stores the second random number and the user identification data obtained from the financial information machine backend for use in verifying the verification information returned by the user device.

接著,在使用者裝置後台中,基於第一亂數與一固定字串(fixedstring),以一雜湊演算法演算雜湊值,再基於所述使用者識別資料、雜湊值以及第二亂數,以一密碼演算法演算一次式密碼,此一次式密碼與第一亂數可形成傳送至使用者裝置的驗證資訊。Next, in the user device backend, a hash value is calculated using a hash algorithm based on the first random number and a fixed string. Then, based on the user identification data, the hash value, and the second random number, a cryptographic algorithm is used to calculate a linear password. This linear password and the first random number can form the verification information transmitted to the user device.

在驗證程序中,當使用者裝置從金融資訊機讀取到驗證資訊後,傳送至使用者裝置後台,使用者裝置後台中的軟體程序可以從驗證資訊取得其中的一次式密碼與第一亂數,這時,再從儲存裝置中取得之前儲存的第二亂數與使用者識別資料,再次以相同演算法演算用於驗證的第二雜湊值,並再次基於使用者識別資料、第二雜湊值與第二亂數,以密碼演算法(如方程式一)再次演算出第二一次式密碼,用於比對之前為了本次驗證流程產生的一次式密碼,即驗證自使用者裝置接收的一次式密碼,產生驗證結果。In the verification process, after the user device reads the verification information from the financial information machine, it transmits it to the user device's backend. The software program in the user device's backend can obtain the linear password and the first random number from the verification information. Then, it retrieves the previously stored second random number and user identification data from the storage device, and calculates the second hash value used for verification again using the same algorithm. Based on the user identification data, the second hash value, and the second random number, it calculates the second linear password again using the password algorithm (such as Equation 1). This second linear password is used to compare with the linear password generated for this verification process, that is, to verify the linear password received from the user device, and to generate the verification result.

在此一提的是,身份驗證方法所運用的一次式密碼可以具備時效性,並且其中時間會以使用者裝置後台進行控管;另一實施方式是可採用基於時間的一次性密碼演算法(TOTP algorithm)產生具有時效性的一次式密碼。It is worth mentioning that the one-time password used in the identity verification method can be time-sensitive, and the time is controlled by the user's device backend; another implementation method is to use the time-based one-time password algorithm (TOTP algorithm) to generate time-sensitive one-time passwords.

在一實施例中,使用者裝置105執行相關金融服務的應用程式,於應用程式執行某特定金融服務時,將等待通過金融資訊機101執行身份驗證的驗證結果,最後,當自使用者裝置105後台取得驗證成功的信息,即繼續執行最初所要進行的金融服務,例如以下實施例所描述的裝置綁定、非約定轉帳與手機號碼收款等服務。In one embodiment, a user device 105 executes an application for a related financial service. When the application executes a specific financial service, it will wait for the verification result of identity verification through the financial information machine 101. Finally, when the user device 105 obtains the verification success information from the backend, it will continue to execute the financial service originally intended, such as device binding, non-contractual transfer, and mobile phone number payment services as described in the following embodiments.

身份驗證方法應用於特定交易程序驗證的流程之一可參考圖4所示執行使用者裝置綁定的實施範例流程圖,其中流程可配合圖5A至圖5E。One example of an identity verification method applied to the verification process of a specific transaction procedure can be found in the implementation flowchart of user device binding shown in Figure 4, which can be used in conjunction with Figures 5A to 5E.

使用者操作一使用者裝置進入一綁定流程(步驟S401),可以運用使用者裝置安裝的一應用程式,如圖5A所示應用程式啟始的一裝置綁定頁面501的實施例示意圖,使用者可以點擊其中按鈕開始綁定流程。The user operates a user device to enter a binding process (step S401). The user can use an application installed on the user device. As shown in Figure 5A, the device binding page 501 at the start of the application is an example diagram. The user can click on the button to start the binding process.

接著應用程式引導使用者進入如圖5B示意顯示的驗證方法選擇頁面502,所示範例包括有語音OTP503、SIM卡認證504與ATM驗證505等選項,在所述身份驗證方法中主要是通過金融資訊機進行驗證(選項505)(步驟S403)。The application then guides the user to the verification method selection page 502 shown in Figure 5B. Examples shown include options such as voice OTP 503, SIM card authentication 504, and ATM verification 505. The identity verification method is mainly performed through a financial information machine (option 505) (step S403).

根據上述身份驗證方法流程實施例中,通過金融資訊機啟動驗證流程,由金融資訊機向其後台請求驗證服務,再由金融資訊機後台向使用者裝置後台要求產生驗證資訊,經使用者裝置後台產生本次驗證流程中的驗證資訊後,將通過金融資訊機後台轉送至使用者面前的金融資訊機。According to the above-mentioned identity verification method and process implementation example, the verification process is initiated through the financial information machine. The financial information machine requests verification services from its backend, and then the financial information machine's backend requests the user device's backend to generate verification information. After the user device's backend generates the verification information for this verification process, it is forwarded to the financial information machine in front of the user through the financial information machine's backend.

當金融資訊機自金融資訊機後台接收驗證資訊時,通過一轉換程式轉換驗證資訊為驗證圖形(如QR碼)、驗證碼字串或一無線驗證碼,使得使用者裝置可以讀取驗證資訊(步驟S405)。實施例之一可參考圖5C所示的ATM驗證掃描頁面506,應用程式啟始一掃描視窗507,用於掃描顯示在金融資訊機上的驗證圖形,實施範例可參考圖5D顯示以使用者裝置50,利用其中應用程式掃描顯示在金融資訊機500上的驗證圖形510,能讀取其中驗證資訊,之後再傳送驗證資訊至使用者裝置後台(步驟S407)。When the financial information machine receives verification information from its backend, a conversion program converts the verification information into a verification image (such as a QR code), a verification code string, or a wireless verification code, enabling the user device to read the verification information (step S405). One embodiment can be seen in Figure 5C, which shows an ATM verification scanning page 506. The application starts a scanning window 507 to scan the verification image displayed on the financial information machine. Another embodiment can be seen in Figure 5D, which shows a user device 50 using its application to scan the verification image 510 displayed on the financial information machine 500, reading the verification information, and then transmitting the verification information to the user device's backend (step S407).

接著在伺服器端,由使用者裝置後台驗證自使用者裝置傳送的驗證資訊,產生驗證結果,再由使用者裝置接收驗證結果(步驟S409),判斷是否驗證成功(步驟S411)。如果驗證不成功,將終止此裝置綁定流程,顯示驗證錯誤信息(步驟S413);若驗證成功,使用者裝置可接收到相關信息後,如圖5E所示之綁定成功頁面508,讓使用者確認後可點擊其中按鈕後繼續綁定流程(步驟S415)。Next, on the server side, the user device's backend verifies the authentication information sent from the user device, generates an authentication result, and then the user device receives the authentication result (step S409) to determine whether the authentication was successful (step S411). If the authentication fails, the device binding process will be terminated, and an authentication error message will be displayed (step S413); if the authentication is successful, the user device will receive the relevant information and display the binding success page 508 as shown in Figure 5E, allowing the user to confirm and click the button to continue the binding process (step S415).

綜上所述,根據上述實施例所描述應用於金融系統的身份驗證方法與系統,因應金融服務愈來愈重視的資安需求,身份驗證方法的技術概念即以設於各處的金融資訊機(如金融櫃員機ATM或是讀卡機)驗證使用者操作使用者裝置(如手機等行動裝置)所要進行的金融服務,實作即採用兩階段驗證,第一階段驗證即為使用者登入金融機構提供的應用程式,第二階段即通過金融資訊機取得驗證資訊,再由使用者裝置後台進行驗證,如此可有效提升使用者交易安全。In summary, the identity verification methods and systems applied to financial systems as described in the above embodiments address the increasingly important information security needs of financial services. The technical concept of the identity verification method is to use financial information terminals (such as ATMs or card readers) located in various places to verify the financial services that users want to perform when operating user devices (such as mobile devices such as mobile phones). The implementation adopts a two-stage verification process. The first stage of verification is for the user to log in to the application provided by the financial institution. The second stage is to obtain verification information through the financial information terminal and then verify it in the backend of the user device. This can effectively improve the security of user transactions.

以上所公開的內容僅為本發明的優選可行實施例,並非因此侷限本發明的申請專利範圍,所以凡是運用本發明說明書及圖式內容所做的等效技術變化,均包含於本發明的申請專利範圍內。The above-disclosed content is merely a preferred feasible embodiment of the present invention and is not intended to limit the scope of the patent application of the present invention. Therefore, all equivalent technical changes made using the contents of the present invention's description and drawings are included within the scope of the patent application of the present invention.

10:網路101:金融資訊機103:金融資訊機後台105:使用者裝置107:使用者裝置後台109:資料庫50:使用者裝置500:金融資訊機510:驗證圖形501:裝置綁定頁面502:驗證方法選擇頁面503:語音OTP504:SIM卡認證505:ATM驗證506:ATM驗證掃描頁面507:掃描視窗508:綁定成功頁面步驟S101~S115:身份驗證流程步驟S301~S329:身份驗證流程步驟S401~S415:使用者裝置綁定流程10: Network 101: Financial Information Machine 103: Financial Information Machine Backend 105: User Device 107: User Device Backend 109: Database 50: User Device 500: Financial Information Machine 510: Verification Graphic 501: Device Binding Page 502: Verification Method Selection Page 503: Voice OTP 504: SIM Card Authentication 505: ATM Verification 506: ATM Verification Scan Page 507: Scan Window 508: Binding Success Page Steps S101~S115: Identity Verification Process Steps S301~S329: Identity Verification Process Steps S401~S415: User Device Binding Process

圖1顯示執行身份驗證方法的系統架構實施例示意圖;Figure 1 shows a schematic diagram of a system architecture implementation example for performing the identity verification method;

圖2顯示運行於使用者裝置、金融資訊機、使用者裝置後台以及金融資訊機後台之間的身份驗證方法實施例流程圖;Figure 2 shows a flowchart of an implementation example of an identity verification method operating between a user device, a financial information terminal, a user device backend, and a financial information terminal backend;

圖3顯示為身份驗證方法實施例流程圖;Figure 3 shows a flowchart of an implementation example of the identity verification method;

圖4顯示利用身份驗證方法執行使用者裝置綁定的實施範例流程圖;以及Figure 4 shows a flowchart illustrating an implementation example of user device binding using identity verification methods; and

圖5A至圖5E顯示使用者裝置執行裝置綁定的實施例圖。Figures 5A to 5E show examples of user device execution device binding.

101:金融資訊機 101: Financial Information Machine

103:金融資訊機後台 103: Financial Information Machine Backend

105:使用者裝置 105: User Device

107:使用者裝置後台 107: User Device Backend

步驟S301~S329:身份驗證流程 Steps S301~S329: Identity Verification Process

Claims (8)

一種應用於一金融系統的身份驗證方法,包括:通過一金融資訊機啟動一驗證流程,用於驗證是否允許一使用者裝置執行一金融服務;該金融資訊機自一金融卡片或一使用者裝置的無線訊號接收一使用者識別資料;該金融資訊機產生一請求驗證服務的信息,將該請求驗證服務的信息隨同該使用者識別資料一併傳送至一金融資訊機後台;該金融資訊機後台將該使用者識別資料傳送至一使用者裝置後台,以請求該使用者裝置後台基於該使用者識別資料產生一驗證資訊;該使用者裝置後台將該驗證資訊回傳至該金融資訊機後台,再轉送至該金融資訊機;以該使用者裝置自該金融資訊機取得該驗證資訊,再由該使用者裝置傳送該驗證資訊至該使用者裝置後台;由該使用者裝置後台比對自該使用者裝置接收的該驗證資訊以及該使用者裝置後台根據該金融資訊機後台的請求所產生的該驗證資訊,藉此,該使用者裝置後台根據一使用者的該使用者識別資料所產生的該驗證資訊比對自該使用者裝置傳送的該驗證資訊,用以驗證持有該使用者裝置的該使用者的身份,產生一驗證結果;以及當該驗證結果為驗證成功,通知該使用者裝置執行該金融服務。An identity verification method applied to a financial system includes: initiating an verification process through a financial information terminal (FIC) to verify whether a user device is allowed to perform a financial service; the FIC receiving user identification data from a financial card or a wireless signal from the user device; the FIC generating a verification service request and transmitting the verification service request information along with the user identification data to the FIC backend; the FIC backend transmitting the user identification data to the user device backend to request the user device backend to generate verification information based on the user identification data; and the user device backend sending the verification information back to the FIC backend. The system then forwards the verification information to the financial information machine. The user device obtains the verification information from the financial information machine and then transmits the verification information to the user device's backend. The user device's backend compares the verification information received from the user device with the verification information generated by the user device's backend based on the request from the financial information machine's backend. Thus, the user device's backend compares the verification information generated based on a user's user identification data with the verification information transmitted from the user device to verify the identity of the user holding the user device and generate a verification result. When the verification result is successful, the user device is notified to execute the financial service. 如請求項1所述的身份驗證方法,其中該使用者裝置執行一應用程式,於該應用程式執行該金融服務時,等待通過該金融資訊機執行身份驗證的該驗證結果;當自該使用者裝置後台取得驗證成功的信息,即繼續執行該金融服務。The identity verification method described in claim 1, wherein the user device executes an application, and while the application is performing the financial service, it waits for the verification result of identity verification performed through the financial information machine; when the user device obtains the verification success information from the backend, it continues to perform the financial service. 如請求項1所述的身份驗證方法,其中,於該金融資訊機自該金融資訊機後台接收該驗證資訊時,通過一轉換程式轉換該驗證資訊為一驗證圖形或一無線驗證碼,再由該使用者裝置讀取後取得該驗證資訊。In the identity verification method described in claim 1, when the financial information machine receives the verification information from the backend of the financial information machine, the verification information is converted into a verification image or a wireless verification code by a conversion program, and then the user device reads and obtains the verification information. 如請求項1至3中任一項所述的身份驗證方法,其中該使用者裝置後台產生該驗證資訊的方法包括:以一亂數產生器產生具有時效性的一第一亂數與一第二亂數,其中以該使用者裝置後台的一儲存裝置儲存該第二亂數以及自該金融資訊機後台取得的該使用者識別資料;基於該第一亂數與一固定字串,以一雜湊演算法演算一雜湊值;以及基於該使用者識別資料、該雜湊值以及該第二亂數,以一密碼演算法演算一一次式密碼,該一次式密碼與該第一亂數形成該驗證資訊。The identity verification method as described in any one of claims 1 to 3, wherein the method for generating the verification information in the user device backend includes: generating a first random number and a second random number with timeliness using a random number generator, wherein the second random number and the user identification data obtained from the financial information machine backend are stored in a storage device of the user device backend; calculating a hash value using a hash algorithm based on the first random number and a fixed string; and calculating a linear password using a cryptographic algorithm based on the user identification data, the hash value and the second random number, wherein the linear password and the first random number form the verification information. 如請求項4所述的身份驗證方法,其中,於該使用者裝置後台自該使用者裝置接收該驗證資訊時,從該驗證資訊取得該一次式密碼與該第一亂數,再從該儲存裝置中取得該第二亂數與該使用者識別資料,再次以該雜湊演算法基於該第一亂數與該固定字串演算用於驗證的一第二雜湊值,並再次基於該使用者識別資料、該第二雜湊值與該第二亂數,以該密碼演算法再次演算一第二一次式密碼,用以比對自該使用者裝置接收的該一次式密碼以產生該驗證結果。The identity verification method as described in claim 4, wherein when the user device receives the verification information from the user device in the background, the linear password and the first random number are obtained from the verification information, the second random number and the user identification data are obtained from the storage device, a second hash value for verification is calculated again based on the first random number and the fixed string using the hash algorithm, and a second linear password is calculated again based on the user identification data, the second hash value and the second random number using the password algorithm, and a second linear password is calculated again to compare with the linear password received from the user device to generate the verification result. 一種身份驗證系統,包括:一金融資訊機後台,連線一金融資訊機,提供該金融資訊機的信息往來的服務;以及一使用者裝置後台,提供一使用者裝置取得一金融服務的驗證服務;其中該身份驗證系統執行的一身份驗證方法包括:通過該金融資訊機啟動一驗證流程,用於驗證是否允許該使用者裝置執行該金融服務;該金融資訊機自一金融卡片或該使用者裝置的無線訊號接收一使用者識別資料;該金融資訊機產生一請求驗證服務的信息,將該請求驗證服務的信息隨同該使用者識別資料一併傳送至該金融資訊機後台;該金融資訊機後台將該使用者識別資料傳送至該使用者裝置後台,以請求該使用者裝置後台基於該使用者識別資料產生一驗證資訊;該使用者裝置後台將該驗證資訊回傳至該金融資訊機後台,再轉送至該金融資訊機;以該使用者裝置自該金融資訊機取得該驗證資訊,再由該使用者裝置傳送該驗證資訊至該使用者裝置後台;由該使用者裝置後台比對自該使用者裝置接收的該驗證資訊以及該使用者裝置後台根據該金融資訊機後台的請求所產生的該驗證資訊,藉此,該使用者裝置後台根據一使用者的該使用者識別資料所產生的該驗證資訊比對自該使用者裝置傳送的該驗證資訊,用以驗證持有該使用者裝置的該使用者的身份,產生一驗證結果;以及當該驗證結果為驗證成功,通知該使用者裝置執行該金融服務。An identity verification system includes: a financial information machine backend connected to the financial information machine, providing information exchange services between the financial information machine and a user device backend, providing verification services for a user device to obtain a financial service; wherein an identity verification method performed by the identity verification system includes: initiating an verification process through the financial information machine to verify whether the user device is allowed to perform the financial service; the financial information machine receiving user identification data from a financial card or a wireless signal from the user device; the financial information machine generating a request for verification service information and transmitting the request for verification service information along with the user identification data to the financial information machine backend; the financial information machine backend transmitting the user identification data to the user device backend to request the user device backend to perform a verification service based on... The user identification data generates verification information; the user device backend sends the verification information back to the financial information machine backend, which then forwards it to the financial information machine; the user device obtains the verification information from the financial information machine and then sends the verification information back to the user device backend; the user device backend compares the verification information received from the user device with the verification information generated by the user device backend according to the request from the financial information machine backend. Thus, the user device backend compares the verification information generated based on a user's user identification data with the verification information transmitted from the user device to verify the identity of the user holding the user device and generates a verification result; and when the verification result is successful, the user device is notified to execute the financial service. 如請求項6所述的身份驗證系統,其中還包括執行於該使用者裝置的一應用程式,以該應用程式執行該金融服務,並等待通過該金融資訊機執行身份驗證的該驗證結果後,判斷是否繼續執行該金融服務。The identity verification system as described in claim 6 further includes an application running on the user's device, which performs the financial service and, after waiting for the verification result of identity verification performed through the financial information machine, determines whether to continue performing the financial service. 如請求項6或7所述的身份驗證系統,其中該使用者裝置後台產生該驗證資訊的方法包括:以一亂數產生器產生具有時效性的一第一亂數與一第二亂數,其中以該使用者裝置後台的一儲存裝置儲存該第二亂數以及自該金融資訊機後台取得的該使用者識別資料;基於該第一亂數與一固定字串,以一雜湊演算法演算一雜湊值;以及基於該使用者識別資料、該雜湊值以及該第二亂數,以一密碼演算法演算一一次式密碼,該一次式密碼與該第一亂數形成該驗證資訊。The identity verification system as described in claim 6 or 7, wherein the method by which the user device backend generates the verification information includes: generating a first random number and a second random number with timeliness using a random number generator, wherein the second random number and the user identification data obtained from the financial information machine backend are stored in a storage device of the user device backend; calculating a hash value using a hash algorithm based on the first random number and a fixed string; and calculating a linear password using a cryptographic algorithm based on the user identification data, the hash value and the second random number, wherein the linear password and the first random number form the verification information.
TW112101478A 2023-01-13 2023-01-13 Method and system for identity verification applied to financial system TWI901928B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW112101478A TWI901928B (en) 2023-01-13 2023-01-13 Method and system for identity verification applied to financial system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW112101478A TWI901928B (en) 2023-01-13 2023-01-13 Method and system for identity verification applied to financial system

Publications (2)

Publication Number Publication Date
TW202429356A TW202429356A (en) 2024-07-16
TWI901928B true TWI901928B (en) 2025-10-21

Family

ID=92928709

Family Applications (1)

Application Number Title Priority Date Filing Date
TW112101478A TWI901928B (en) 2023-01-13 2023-01-13 Method and system for identity verification applied to financial system

Country Status (1)

Country Link
TW (1) TWI901928B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWM563015U (en) * 2017-12-28 2018-07-01 兆豐國際商業銀行股份有限公司 Identity verification system
WO2019144738A1 (en) * 2018-01-29 2019-08-01 深圳壹账通智能科技有限公司 Financial service verification method, apparatus and device, and computer storage medium
TWI689883B (en) * 2019-05-10 2020-04-01 第一商業銀行股份有限公司 Automatic push broadcast cardless withdrawal system and its control method
TW202226124A (en) * 2020-12-29 2022-07-01 合作金庫商業銀行股份有限公司 Financial service system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWM563015U (en) * 2017-12-28 2018-07-01 兆豐國際商業銀行股份有限公司 Identity verification system
WO2019144738A1 (en) * 2018-01-29 2019-08-01 深圳壹账通智能科技有限公司 Financial service verification method, apparatus and device, and computer storage medium
TWI689883B (en) * 2019-05-10 2020-04-01 第一商業銀行股份有限公司 Automatic push broadcast cardless withdrawal system and its control method
TW202226124A (en) * 2020-12-29 2022-07-01 合作金庫商業銀行股份有限公司 Financial service system

Also Published As

Publication number Publication date
TW202429356A (en) 2024-07-16

Similar Documents

Publication Publication Date Title
US10475015B2 (en) Token-based security processing
JP7483688B2 (en) System and method for cryptographic authentication of contactless cards - Patents.com
RU2698767C2 (en) Remote variable authentication processing
CN113507377B (en) Apparatus and method for transaction processing using a token and password based on transaction specific information
US8555355B2 (en) Mobile pin pad
US8930694B2 (en) Method for the generation of a code, and method and system for the authorization of an operation
US10439813B2 (en) Authentication and fraud prevention architecture
AU2019236733A1 (en) Transaction Processing System and Method
US20110103586A1 (en) System, Method and Device To Authenticate Relationships By Electronic Means
US20070203850A1 (en) Multifactor authentication system
JP2024170412A (en) System and method for cryptographic authentication of contactless cards - Patents.com
EP4196944A1 (en) Atm transactions using barcodes in multiple states
US20230052901A1 (en) Method and system for point of sale payment using a mobile device
CN114207578B (en) Method and apparatus for mobile application integration
JP2015133684A (en) authentication server, authentication method, and computer program product
WO2023285073A1 (en) Method for managing a smart card
TWM642404U (en) System for identity verification applied to financial system
CN101958024B (en) Financial transaction system, automated teller machine, and method of operating an automated teller machine
TWI901928B (en) Method and system for identity verification applied to financial system
JP7310522B2 (en) Personal authentication system, authenticator, program and personal authentication method
JP2022114535A (en) Identity verification system, identity verification method, information processing terminal, and program
US20170323287A1 (en) System and method for providing payment service
KR20190003267A (en) System for providing payment service based on customer's account
TWI817096B (en) A tokenization scanning code payment system, method and computer readable medium
TWI801744B (en) Financial transaction device, method and system with non-contact authentication function