TWM659947U - Transaction Verification System - Google Patents
Transaction Verification System Download PDFInfo
- Publication number
- TWM659947U TWM659947U TW113203714U TW113203714U TWM659947U TW M659947 U TWM659947 U TW M659947U TW 113203714 U TW113203714 U TW 113203714U TW 113203714 U TW113203714 U TW 113203714U TW M659947 U TWM659947 U TW M659947U
- Authority
- TW
- Taiwan
- Prior art keywords
- verification
- file
- module
- characteristic value
- transaction
- Prior art date
Links
- 238000012795 verification Methods 0.000 title claims abstract description 206
- 238000004891 communication Methods 0.000 claims description 10
- 238000004364 calculation method Methods 0.000 claims description 6
- 238000000034 method Methods 0.000 description 21
- 238000010586 diagram Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 4
- 238000004590 computer program Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 101001121408 Homo sapiens L-amino-acid oxidase Proteins 0.000 description 2
- 102100026388 L-amino-acid oxidase Human genes 0.000 description 2
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 2
- 238000004422 calculation algorithm Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Images
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
提供一種交易驗證系統,設置在交易伺服器中。交易驗證系統包含下述各硬體模組。設定模組接收行動裝置之網銀應用程式所傳來客戶之驗證設定,將客戶的行動裝置之內部檔案或外部檔案設定為第一驗證檔案,並產生第一驗證資訊。加密模組自設定模組接收第一驗證資訊,加密模組將第一驗證資訊加密,產生第一檔案特徵值。驗證模組自加密模組接收並儲存第一檔案特徵值。當客戶使用網銀應用程式傳送一交易請求時,驗證模組會驗證客戶新輸入之第二驗證檔案的第二檔案特徵值。當第一檔案特徵值和第二檔案特徵值相同時,才允許交易進行。 A transaction verification system is provided, which is set in a transaction server. The transaction verification system includes the following hardware modules. The setting module receives the verification setting of the customer transmitted from the online banking application of the mobile device, sets the internal file or external file of the customer's mobile device as the first verification file, and generates the first verification information. The encryption module receives the first verification information from the setting module, encrypts the first verification information, and generates the first file characteristic value. The verification module receives and stores the first file characteristic value from the encryption module. When the customer uses the online banking application to send a transaction request, the verification module verifies the second file characteristic value of the second verification file newly input by the customer. The transaction is allowed to proceed only when the first file characteristic value and the second file characteristic value are the same.
Description
本新型是有關於一種交易系統,且特別是有關於一種交易驗證系統。 This novel invention relates to a transaction system, and in particular to a transaction verification system.
目前部分行動裝置應用程式僅使用帳號和密碼進行交易驗證,或者要求使用者下載並安裝憑證檔以完成交易,例如在進行證卷下單時。然而,這種方式存在著一些風險。 Currently, some mobile device applications only use account and password for transaction verification, or require users to download and install certificate files to complete transactions, such as when placing securities orders. However, this method has some risks.
首先,如果使用者的帳號和密碼遭到盜用,惡意第三方就能夠輕易進入使用者的帳戶,並進行未授權的交易或其他操作。其次,即使是使用憑證檔進行驗證,如果憑證檔存放於特定的路徑或具有易被竊取的檔名,也可能導致憑證檔被盜取或外流的情況發生。這樣一來,攻擊者可以使用這些憑證檔進入系統並進行未授權的操作,從而造成使用者資訊和財產上的損失。 First, if the user's account and password are stolen, a malicious third party can easily access the user's account and perform unauthorized transactions or other operations. Second, even if a certificate file is used for verification, if the certificate file is stored in a specific path or has a file name that is easily stolen, it may lead to the theft or leakage of the certificate file. In this way, attackers can use these certificate files to enter the system and perform unauthorized operations, resulting in loss of user information and property.
因此,需要一種更強大和靈活的交易驗證系統來解決這些問題,提高安全性並保護使用者的資訊。 Therefore, a more powerful and flexible transaction verification system is needed to address these issues, improve security and protect user information.
因此,本新型提供一種交易驗證系統,以防範憑證檔被盜取的風險而進行未授權的操作。 Therefore, the present invention provides a transaction verification system to prevent the risk of unauthorized operations caused by stolen credentials.
依據本新型之一方面,上述交易驗證系統設置在一交易伺服器中,該交易伺服器與一客戶之一行動裝置通訊相接,其中該行動裝置有安裝一銀行之一網銀應用程式。該交易驗證系統包含彼此電性連接之由複數個硬體電路組成之複數個硬體模組,該些硬體模組包含設定模組、加密模組以及驗證模組。 According to one aspect of the present invention, the transaction verification system is set in a transaction server, which is connected to a mobile device of a customer, wherein the mobile device has an online banking application of a bank installed. The transaction verification system includes a plurality of hardware modules composed of a plurality of hardware circuits electrically connected to each other, and the hardware modules include a setting module, an encryption module and a verification module.
設定模組接收該行動裝置之該網銀應用程式所傳來該客戶之一驗證設定,將該行動裝置之一內部檔案或一外部檔案設定為一第一驗證檔案,並依據該驗證設定產生該第一驗證檔案之一第一驗證資訊,其中該外部檔案位於一外部伺服器中,該網銀應用程式透過該行動裝置之一通訊模組來存取該外部檔案。加密模組與該設定模組電性相接,自該設定模組接收該第一驗證資訊,該加密模組將該第一驗證資訊加密,產生一第一檔案特徵值。驗證模組,與該加密模組電性相接,自該加密模組接收並儲存該第一檔案特徵值。 The setting module receives a verification setting of the customer transmitted by the online banking application of the mobile device, sets an internal file or an external file of the mobile device as a first verification file, and generates a first verification information of the first verification file according to the verification setting, wherein the external file is located in an external server, and the online banking application accesses the external file through a communication module of the mobile device. The encryption module is electrically connected to the setting module, receives the first verification information from the setting module, and encrypts the first verification information to generate a first file characteristic value. The verification module is electrically connected to the encryption module, receives and stores the first file characteristic value from the encryption module.
當該客戶使用該網銀應用程式傳送一交易請求給該驗證模組時,該驗證模組發出一驗證請求至該網銀應用程式,讓該網銀應用程式傳送該客戶之一第二驗證檔案給該設定模組。該設定模組產生該第二驗證檔案之一第二驗證資訊給該加密模組,讓該加密模組加密該第二驗證資訊,得到一第二檔案特徵值。該驗證模組比較該第一檔案特徵值和該第二檔案特徵值。當該第一檔案特徵值和該第二檔案特徵值相同時,該驗證模組將該交易請求傳送給該交易伺服器之一交易模組以執行該交易請求。 When the customer uses the online banking application to send a transaction request to the verification module, the verification module sends a verification request to the online banking application, so that the online banking application sends a second verification file of the customer to the setting module. The setting module generates a second verification information of the second verification file to the encryption module, so that the encryption module encrypts the second verification information to obtain a second file characteristic value. The verification module compares the first file characteristic value and the second file characteristic value. When the first file characteristic value and the second file characteristic value are the same, the verification module sends the transaction request to a transaction module of the transaction server to execute the transaction request.
依據本新型一實施例,該第一驗證資訊包含該第一驗證檔案之檔案內容、檔案大小、存放路徑、儲存日期或前述之任意組合,該第二驗證資訊包含該第二驗證檔案之檔案內容、檔案大小、存放路徑、儲存日期或前述之任意組合。 According to an embodiment of the present invention, the first verification information includes the file content, file size, storage path, storage date, or any combination of the foregoing of the first verification file, and the second verification information includes the file content, file size, storage path, storage date, or any combination of the foregoing of the second verification file.
依據本新型一實施例,該加密模組使用一雜湊函數對該第一驗證資訊或該第二驗證資訊進行加密計算以得到該第一檔案特徵值或該第二檔案特徵值。 According to an embodiment of the present invention, the encryption module uses a hash function to perform encryption calculation on the first verification information or the second verification information to obtain the first file characteristic value or the second file characteristic value.
依據本新型之另一方面,上述交易驗證系統設置在一交易伺服器中,該交易伺服器與一客戶之一行動裝置通訊相接,其中該行動裝置有安裝一銀行之一網銀應用程式。該交易驗證系統包含彼此電性連接之由複數個硬體電路組成之複數個硬體模組,該些硬體模組包含設定模組、加密模組以及驗證模組。 According to another aspect of the present invention, the transaction verification system is set in a transaction server, which is connected to a mobile device of a customer in communication, wherein the mobile device has an online banking application of a bank installed. The transaction verification system includes a plurality of hardware modules composed of a plurality of hardware circuits electrically connected to each other, and the hardware modules include a setting module, an encryption module and a verification module.
設定模組接收該行動裝置之該網銀應用程式所傳來該客戶之一驗證設定和一第一加密密碼,將該行動裝置之一內部檔案或一外部檔案設定為一第一驗證檔案,並依據該驗證設定產生該第一驗證檔案之一第一驗證資訊,其中該外部檔案位於一外部伺服器中,該網銀應用程式透過該行動裝置之一通訊模組來存取該外部檔案。加密模組與該設定模組電性相接,自該設定模組接收該第一驗證資訊和該第一加密密碼,該加密模組將該第一驗證資訊加密,產生一第一檔案特徵值,再將該第一檔案特徵值和該第一加密密碼一起加密,產生一第一加密特徵值。驗證模組與該加密模組電性相接,自該加密模組接收並儲存該第一加密特徵值。 The setting module receives a verification setting and a first encryption password of the customer transmitted by the online banking application of the mobile device, sets an internal file or an external file of the mobile device as a first verification file, and generates a first verification information of the first verification file according to the verification setting, wherein the external file is located in an external server, and the online banking application accesses the external file through a communication module of the mobile device. The encryption module is electrically connected to the setting module, receives the first verification information and the first encryption password from the setting module, encrypts the first verification information, generates a first file characteristic value, and then encrypts the first file characteristic value and the first encryption password together to generate a first encrypted characteristic value. The verification module is electrically connected to the encryption module, and receives and stores the first encryption characteristic value from the encryption module.
當該客戶使用該網銀應用程式傳送一交易請求給該驗證模組時,該驗證模組發出一驗證請求至該網銀應用程式,讓該網銀應用程式傳送該客戶之一第二驗證檔案和一第二加密密碼給該設定模組。由該設定模組產生該第二驗證檔案之一第二驗證資訊,並將第二驗證資訊和該第二加密密碼傳送給該加密模組,讓該加密模組加密該第二驗證資訊得到一第二檔案特徵值,再將該第二檔案特徵值和該第二加密密碼一起加密,得到一第二加密特徵值。該驗證模組比較該第一加密特徵值和該第二加密特徵值。當該第一加密特徵值和該第二加密特徵值相同時,該驗證模組將該交易請求傳送給該交易伺服器之一交易模組以執行該交易請求。 When the customer uses the online banking application to send a transaction request to the verification module, the verification module sends a verification request to the online banking application, so that the online banking application sends a second verification file and a second encrypted password of the customer to the setting module. The setting module generates a second verification information of the second verification file, and sends the second verification information and the second encrypted password to the encryption module, so that the encryption module encrypts the second verification information to obtain a second file characteristic value, and then encrypts the second file characteristic value and the second encrypted password together to obtain a second encrypted characteristic value. The verification module compares the first encrypted characteristic value with the second encrypted characteristic value. When the first encrypted characteristic value and the second encrypted characteristic value are the same, the verification module transmits the transaction request to a transaction module of the transaction server to execute the transaction request.
依據本新型一實施例,該第一驗證資訊包含該第一驗證檔案之檔案內容、檔案大小、存放路徑、儲存日期或前述之任意組合,該第二驗證資訊包含該第二驗證檔案之檔案內容、檔案大小、存放路徑、儲存日期或前述之任意組合。 According to an embodiment of the present invention, the first verification information includes the file content, file size, storage path, storage date, or any combination of the foregoing of the first verification file, and the second verification information includes the file content, file size, storage path, storage date, or any combination of the foregoing of the second verification file.
依據本新型一實施例,該加密模組使用一第一雜湊函數對該第一驗證資訊或該第二驗證資訊進行加密計算以得到該第一檔案特徵值或該第二檔案特徵值。 According to an embodiment of the present invention, the encryption module uses a first hash function to perform encryption calculation on the first verification information or the second verification information to obtain the first file characteristic value or the second file characteristic value.
依據本新型一實施例,該加密模組使用一第二雜湊函數對該第一檔案特徵值和該第一加密密碼一起加密得到該第一加密特徵值,或是使用該第二雜湊函數對該第二檔案特徵值和該第二加密密碼一起加密得到該第二加密特徵值。 According to an embodiment of the present invention, the encryption module uses a second hash function to encrypt the first file characteristic value and the first encryption password together to obtain the first encrypted characteristic value, or uses the second hash function to encrypt the second file characteristic value and the second encryption password together to obtain the second encrypted characteristic value.
依據本新型一實施例,該第一雜湊函數和該第二雜湊函數不相同。 According to an embodiment of the present invention, the first hash function and the second hash function are different.
由上述可知,上述交易驗證系統結合了帳號密碼驗證和任意檔案驗證,提高了交易的安全性。使用者必須提供特定檔案進行驗證,防範了憑證檔被盜取的風險。同時提供了多重驗證的機制,這不僅增強了系統的安全性,還提供了更靈活和個性化的安全解決方案,使得惡意攻擊者更難進行未授權的操作,有效保護了使用者的資訊安全。 As can be seen from the above, the transaction verification system combines account password verification and arbitrary file verification to improve transaction security. Users must provide specific files for verification, which prevents the risk of certificate files being stolen. At the same time, a multi-verification mechanism is provided, which not only enhances the security of the system, but also provides a more flexible and personalized security solution, making it more difficult for malicious attackers to perform unauthorized operations, effectively protecting the user's information security.
上述新型內容旨在提供本新型內容的簡化摘要,以使閱讀者對本新型內容具備基本的理解。此新型內容並非本新型內容的完整概述,且其用意並非在指出本新型實施例的重要/關鍵元件或界定本新型的範圍。在參閱下文實施方式後,本新型所屬技術領域中具有通常知識者當可輕易瞭解本新型之基本精神及其他新型目的,以及本新型所採用之技術手段與實施方面。 The above novel contents are intended to provide a simplified summary of the contents of the novel so that readers can have a basic understanding of the contents of the novel. This novel content is not a complete overview of the contents of the novel, and its intention is not to point out the important/key elements of the embodiments of the novel or to define the scope of the novel. After reading the implementation method below, a person with ordinary knowledge in the technical field to which the novel belongs should be able to easily understand the basic spirit and other novel purposes of the novel, as well as the technical means and implementation aspects adopted by the novel.
100:交易伺服器 100: Trading server
110:交易驗證系統 110: Transaction verification system
112:設定模組 112: Setting module
114:加密模組 114: Encryption module
116:驗證模組 116: Verification module
120:交易模組 120: Trading module
200:行動裝置 200: Mobile device
210:網銀應用程式 210: Online banking application
220:內部檔案 220: Internal files
230:通訊模組 230: Communication module
300:外部伺服器 300: External server
310:外部檔案 310: External files
為讓本新型之上述和其他目的、特徵、優點與實施例能更明顯易懂,所附附圖之說明如下。 In order to make the above and other purposes, features, advantages and embodiments of the present invention more clearly understood, the attached drawings are described as follows.
圖1為依據本新型一實施例之一種交易驗證系統之功能架構示意圖。 Figure 1 is a functional architecture diagram of a transaction verification system according to an embodiment of the present invention.
依據上述,提供一種交易驗證系統。此交易驗證系統能結合了帳號密碼驗證和任意檔案驗證,提高了交易的安全性。在下面的敘述中,將會介紹上述之交易驗證系統的例示功能架構與其例示之執行方法。 為了容易瞭解所述實施例之故,下面將會提供不少技術細節。當然,並不是所有的實施例皆需要這些技術細節。同時,一些廣為人知之結構或元件,僅會以示意的方式在附圖中繪出,以適當地簡化附圖內容。 Based on the above, a transaction verification system is provided. This transaction verification system can combine account password verification and arbitrary file verification to improve the security of transactions. In the following description, the exemplary functional architecture of the above transaction verification system and its exemplary execution method will be introduced. In order to easily understand the embodiments, many technical details will be provided below. Of course, not all embodiments require these technical details. At the same time, some well-known structures or components will only be drawn in the attached drawings in a schematic manner to appropriately simplify the contents of the attached drawings.
為了使本新型內容的敘述更加詳盡與完備,下文針對本新型的實施方面與具體實施例提出了說明性的描述;但這並非實施或運用本新型具體實施例的唯一形式。實施方式中涵蓋了多個具體實施例的特徵以及用以建構與操作這些具體實施例的方法步驟與其順序。然而,亦可利用其他具體實施例來達成相同或均等的功能與步驟順序。 In order to make the description of the content of the new invention more detailed and complete, the following provides an illustrative description of the implementation aspects and specific embodiments of the new invention; however, this is not the only form of implementing or using the specific embodiments of the new invention. The implementation method covers the features of multiple specific embodiments and the method steps and their sequence for constructing and operating these specific embodiments. However, other specific embodiments can also be used to achieve the same or equal functions and step sequences.
為了描述的方便,描述以下裝置時以功能分為各種單元分別描述。當然,在實施本新型時可以把各單元的功能在同一個或多個軟體和/或硬體中實現。本新型是參照根據本新型實施例的方法、設備(或裝置或系統)、和電腦程式產品的流程圖和/或方框圖來描述的。應理解可由電腦程式指令實現流程圖和/或方框圖中的每一流程和/或方框、以及流程圖和/或方框圖中的流程和/或方框的結合。這些電腦程式指令可被提供到通用電腦、專用電腦、嵌入式處理機或其他可程式設計資料處理設備的處理器以產生一個機器,使得通過電腦或其他可程式設計資料處理設備的處理器執行的指令產生用於實現在流程圖一個流程或多個流程和/或方框圖一個方框或多個方框中指定的功能的裝置。 For the convenience of description, the following devices are described by being divided into various units according to their functions. Of course, when implementing the present invention, the functions of each unit can be implemented in the same or multiple software and/or hardware. The present invention is described with reference to the flow charts and/or block diagrams of the methods, equipment (or devices or systems), and computer program products according to the embodiments of the present invention. It should be understood that each process and/or box in the flow chart and/or block diagram, as well as the combination of the processes and/or boxes in the flow chart and/or block diagram, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, an embedded processor or other programmable data processing device to produce a machine, so that the instructions executed by the processor of the computer or other programmable data processing device produce a device for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.
圖1為依據本新型一實施例之一種交易驗證系統之功能架構示意圖。在圖1中,上述交易驗證系統110設置在一交易伺服器100中,該交易伺服器100與一客戶之一行動裝置200通訊相接,其中該行動裝置200有安裝一銀行之一網銀應用程式210。該交易驗證系統110包含
彼此電性連接之由複數個硬體電路組成之複數個硬體模組,該些硬體模組包含設定模組112、加密模組114以及驗證模組116。
FIG1 is a functional architecture diagram of a transaction verification system according to an embodiment of the present invention. In FIG1, the transaction verification system 110 is set in a transaction server 100, and the transaction server 100 is connected to a mobile device 200 of a customer, wherein the mobile device 200 has an
依據本新型第一方面,交易驗證系統110使用了第一方式來執行之。詳述第一方式如下。 According to the first aspect of the present invention, the transaction verification system 110 uses the first method to execute it. The first method is described in detail as follows.
設定模組112接收該行動裝置200之該網銀應用程式210所傳來該客戶之驗證設定,將該行動裝置200之內部檔案220或外部檔案310設定為第一驗證檔案係並依據該驗證設定產生該第一驗證檔案之第一驗證資訊。其中該外部檔案310位於外部伺服器300中,該網銀應用程式210可以透過該行動裝置200之通訊模組230來存取該外部檔案310。
The
依據本新型一實施例,該第一驗證資訊包含該第一驗證檔案之檔案內容、檔案大小、存放路徑、儲存日期或前述之任意組合,該第二驗證資訊包含該第二驗證檔案之檔案內容、檔案大小、存放路徑、儲存日期或前述之任意組合。 According to an embodiment of the present invention, the first verification information includes the file content, file size, storage path, storage date, or any combination of the foregoing of the first verification file, and the second verification information includes the file content, file size, storage path, storage date, or any combination of the foregoing of the second verification file.
加密模組114與該設定模組112電性相接,自該設定模組112接收該第一驗證資訊。該加密模組114將該第一驗證資訊加密,產生第一檔案特徵值。依據本新型一實施例,該加密模組114使用一雜湊函數對該第一驗證資訊或該第二驗證資訊進行加密計算以得到該第一檔案特徵值或該第二檔案特徵值。例如,該雜湊函數例如可為安全雜湊演算法(Secure Hash Algorithm,SHA)家族中的SHA256函數。
The
雜湊函數(Hash Function)是一種在資料處理中常見的技術,它將輸入的資料映射成固定長度的字串,稱為雜湊值。雜湊函數具有下述特性。由於不論輸入什麼值,都能得到一個固定長度的字串,因此具 有確定性。由於即使只更改輸入中的一個比特位,也會導致最終得出的雜湊值截然不同,因此具有雪崩效應。而且,好的雜湊函數讓攻擊者極難找到方法來找出對應同一個雜湊值的不同輸入,因此還具備抗碰撞性。因此,雜湊函數常被應用來驗證資料完整性、加密和解密以及資料的真實性。 Hash function is a common technique in data processing. It maps input data into a string of fixed length, called a hash value. Hash function has the following characteristics. Since a string of fixed length can be obtained regardless of the input value, it is deterministic. Since even changing only one bit in the input will result in a completely different hash value, it has an avalanche effect. Moreover, a good hash function makes it extremely difficult for attackers to find a way to find different inputs corresponding to the same hash value, so it is also collision-resistant. Therefore, hash functions are often used to verify data integrity, encryption and decryption, and the authenticity of data.
驗證模組116與該加密模組114電性相接,自該加密模組114接收並儲存該第一檔案特徵值。
The
當該客戶使用該網銀應用程式210傳送交易請求給該驗證模組116時,該驗證模組116發出驗證請求至該網銀應用程式210,讓該網銀應用程式210傳送該客戶之第二驗證檔案給該設定模組112。然後,該設定模組112產生該第二驗證檔案之第二驗證資訊給該加密模組114,讓該加密模組114加密該第二驗證資訊,得到第二檔案特徵值。接著,該驗證模組116比較該第一檔案特徵值和該第二檔案特徵值。當該第一檔案特徵值和該第二檔案特徵值相同時,該驗證模組116將該交易請求傳送給該交易伺服器100之交易模組120以執行該交易請求。
When the customer uses the
依據本新型第二方面,交易驗證系統110使用了第二方式來執行之。第二方式和第一方式的不同點在於該客戶還可以設定一加密密碼,和檔案特徵值一起加密,得到加密特徵值,提供給驗證模組116來進行驗證。詳述第二方式如下,和第一方式相同的內容會適度地省略之,以增加內容的可讀性。
According to the second aspect of the present invention, the transaction verification system 110 uses the second method to execute it. The difference between the second method and the first method is that the customer can also set an encryption password, encrypt it together with the file feature value, obtain the encrypted feature value, and provide it to the
設定模組112除了接收該行動裝置200之該網銀應用程式210所傳來該客戶之驗證設定之外,還接收第一加密密碼。設定模組112
將該行動裝置200之內部檔案220或外部檔案310設定為第一驗證檔案,並依據該驗證設定產生該第一驗證檔案之第一驗證資訊。
In addition to receiving the customer's verification settings transmitted by the
加密模組114與該設定模組112電性相接,自該設定模組112接收該第一驗證資訊和該第一加密密碼。該加密模組114將該第一驗證資訊加密,產生第一檔案特徵值。該加密模組114再將該第一檔案特徵值和該第一加密密碼一起加密,產生第一加密特徵值。
The
驗證模組116與該加密模組114電性相接,自該加密模組114接收並儲存該第一加密特徵值。
The
當該客戶使用該網銀應用程式210傳送交易請求給該驗證模組116時,該驗證模組116發出驗證請求至該網銀應用程式210,讓該網銀應用程式210傳送該客戶之第二驗證檔案和第二加密密碼給該設定模組112。然後,由該設定模組112產生該第二驗證檔案之第二驗證資訊,並將第二驗證資訊和該第二加密密碼傳送給該加密模組114,讓該加密模組114加密該第二驗證資訊得到第二檔案特徵值。然後,再將該第二檔案特徵值和該第二加密密碼一起加密,得到第二加密特徵值。該驗證模組116比較該第一加密特徵值和該第二加密特徵值。當該第一加密特徵值和該第二加密特徵值相同時,該驗證模組116將該交易請求傳送給該交易伺服器100之交易模組120以執行該交易請求。
When the customer uses the
依據本新型一實施例,該加密模組114使用一第一雜湊函數對該第一驗證資訊或該第二驗證資訊進行加密計算以得到該第一檔案特徵值或該第二檔案特徵值。
According to an embodiment of the present invention, the
依據本新型一實施例,該加密模組114使用一第二雜湊函數對該第一檔案特徵值和該第一加密密碼起加密得到該第一加密特徵值,或是使用該第二雜湊函數對該第二檔案特徵值和該第二加密密碼起加密得到該第二加密特徵值。
According to an embodiment of the present invention, the
依據本新型一實施例,該第一雜湊函數和該第二雜湊函數不相同。例如,該第一雜湊函數可為SHA256函數,該第二雜湊函數可為SHA1函數。 According to an embodiment of the present invention, the first hash function and the second hash function are different. For example, the first hash function may be a SHA256 function, and the second hash function may be a SHA1 function.
為第二方式試舉一例如下。當客戶指定第一驗證檔案後,加密模組114可使用SHA256函數來對驗證檔案的驗證資訊進行加密計算,例如得到雜湊值(亦即上述驗證資訊的檔案特徵值)為「2A2F0E859495CAED」。再加上客戶設定的加密密碼為「123456」,加密模組114可使用SHA1函數對「2A2F0E859495CAED123456」進行加密計算,而得到新的雜湊值(亦即上述加密特徵值)「X」。
Let's take an example of the second method. When the customer specifies the first verification file, the
由上述可知,本新型提供之交易驗證系統至少具有下述多個優點。 From the above, it can be seen that the transaction verification system provided by this new model has at least the following advantages.
強化安全性:透過使用任意檔案進行交易驗證,系統在驗證過程中加入了額外的因素,提高了安全性。除了傳統的帳號密碼驗證外,使用者必須提供特定的檔案進行驗證,使得惡意攻擊者難以破解或模仿。 Enhanced security: By using any file for transaction verification, the system adds an additional factor to the verification process, improving security. In addition to traditional account password verification, users must provide specific files for verification, making it difficult for malicious attackers to crack or imitate.
防範憑證檔盜取:相較於傳統的憑證檔驗證方式,此系統使用任意檔案進行驗證,降低了憑證檔被盜取的風險。因為即使憑證檔被盜取,攻擊者仍需要知道特定檔案以及相應的資訊才能進行驗證。 Prevent credential file theft: Compared with the traditional credential file verification method, this system uses any file for verification, which reduces the risk of credential file theft. Because even if the credential file is stolen, the attacker still needs to know the specific file and corresponding information to verify.
雙因子或多因子驗證:結合了帳號密碼驗證和任意檔案驗證,可視為雙因子或多因子驗證的一部分。這樣的組合增加了系統的安全性,因為攻擊者需要破解多個層次的驗證才能進行未授權的操作。 Two-factor or multi-factor authentication: Combining account password authentication and arbitrary file authentication can be considered as part of two-factor or multi-factor authentication. Such a combination increases the security of the system because attackers need to crack multiple levels of authentication to perform unauthorized operations.
提高使用者控制權:使用者可以自行選擇用於驗證的檔案,這提高了使用者對自己資訊安全的控制權。使用者可以選擇他們認為安全的檔案來進行驗證,使得系統更符合使用者個人偏好和安全需求。 Improved user control: Users can choose the files they want to verify, which increases their control over the security of their information. Users can choose files they think are safe to verify, making the system more in line with users' personal preferences and security needs.
綜合以上優點,這個新型交易驗證系統不僅提高了安全性,還提供了更靈活和強大的驗證方式,有助於防範惡意攻擊並保護使用者的資訊安全。 Combining the above advantages, this new transaction verification system not only improves security, but also provides a more flexible and powerful verification method, which helps prevent malicious attacks and protect user information security.
雖然本新型已以實施方式揭露如上,然其並非用以限定本新型,任何熟習此技藝者,在不脫離本新型之精神和範圍內,當可作各種之更動與潤飾,因此本新型之保護範圍當視後附之申請專利範圍所界定者為準。 Although the present invention has been disclosed in the form of implementation as above, it is not intended to limit the present invention. Anyone familiar with this art can make various changes and modifications without departing from the spirit and scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the scope of the patent application attached hereto.
100:交易伺服器 100: Trading server
110:交易驗證系統 110: Transaction verification system
112:設定模組 112: Setting module
114:加密模組 114: Encryption module
116:驗證模組 116: Verification module
120:交易模組 120: Trading module
200:行動裝置 200: Mobile device
210:網銀應用程式 210: Online banking application
220:內部檔案 220: Internal files
230:通訊模組 230: Communication module
300:外部伺服器 300: External server
310:外部檔案 310: External files
Claims (8)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW113203714U TWM659947U (en) | 2024-04-15 | 2024-04-15 | Transaction Verification System |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW113203714U TWM659947U (en) | 2024-04-15 | 2024-04-15 | Transaction Verification System |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| TWM659947U true TWM659947U (en) | 2024-09-01 |
Family
ID=93609995
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW113203714U TWM659947U (en) | 2024-04-15 | 2024-04-15 | Transaction Verification System |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWM659947U (en) |
-
2024
- 2024-04-15 TW TW113203714U patent/TWM659947U/en unknown
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11606348B2 (en) | User authentication using multi-party computation and public key cryptography | |
| US9875368B1 (en) | Remote authorization of usage of protected data in trusted execution environments | |
| KR101878149B1 (en) | Device, system, and method of secure entry and handling of passwords | |
| US11711213B2 (en) | Master key escrow process | |
| CN101350723B (en) | USB Key equipment and method for implementing verification thereof | |
| WO2020073513A1 (en) | Blockchain-based user authentication method and terminal device | |
| JP6751545B1 (en) | Electronic signature system and anti-tamper device | |
| WO2021190197A1 (en) | Method and apparatus for authenticating biometric payment device, computer device and storage medium | |
| US20240113898A1 (en) | Secure Module and Method for App-to-App Mutual Trust Through App-Based Identity | |
| CN114553557B (en) | Key calling method, device, computer equipment and storage medium | |
| JP2021111925A (en) | Electronic signature system | |
| CN113508380B (en) | Methods used for end-entity authentication | |
| CN114520735A (en) | User identity authentication method, system and medium based on trusted execution environment | |
| CN114491481B (en) | Safety calculation method and device based on FPGA | |
| KR101210411B1 (en) | Transaction Protection System and Method using Connection of Certificate and OTP Generated by Keystream | |
| TWM659947U (en) | Transaction Verification System | |
| CN111902815B (en) | Data transmission method, system, device, electronic device and readable storage medium | |
| CN108985079B (en) | Data verification method and verification system | |
| CN119232376B (en) | User identity verification method and system | |
| CN109523258A (en) | POS client public key safety certifying method, device and terminal device | |
| Rudd et al. | Caliper: continuous authentication layered with integrated PKI encoding recognition | |
| CN114240435A (en) | Data verification system and method for preventing payment data from being tampered | |
| CN116432220A (en) | Host access control method, device, equipment and storage medium of numerical control system | |
| CN114238996A (en) | A method and system for bypassing login JavaScript decryption | |
| CN119513839A (en) | Login verification method, device, equipment, medium and program product based on Ukey |