[go: up one dir, main page]

TWM673907U - Identity Verification Information System - Google Patents

Identity Verification Information System

Info

Publication number
TWM673907U
TWM673907U TW114204039U TW114204039U TWM673907U TW M673907 U TWM673907 U TW M673907U TW 114204039 U TW114204039 U TW 114204039U TW 114204039 U TW114204039 U TW 114204039U TW M673907 U TWM673907 U TW M673907U
Authority
TW
Taiwan
Prior art keywords
data
verification
identity
biometric
client device
Prior art date
Application number
TW114204039U
Other languages
Chinese (zh)
Inventor
李明翰
廖元暉
賴泱璁
羅育文
陳昊
何孟軒
Original Assignee
國泰人壽保險股份有限公司
Filing date
Publication date
Application filed by 國泰人壽保險股份有限公司 filed Critical 國泰人壽保險股份有限公司
Publication of TWM673907U publication Critical patent/TWM673907U/en

Links

Abstract

一種身分驗證資訊系統,包含一用戶端裝置及一伺服器設備。其中,用戶端裝置接收特定用戶輸入的一身分識別資訊,並啟動一應用程式。用戶端裝置傳送一裝置識別資料至伺服器設備,並由伺服器設備執行一裝置驗證程序。若裝置驗證程序的結果為通過,用戶端裝置藉由應用程式啟動一生物特徵獲取單元,並產生一生物特徵採集資料。用戶端裝置執行一生物特徵驗證程序。若生物特徵驗證程序的結果為通過,用戶端裝置讀取身分驗證私鑰資料,並傳送一包括身分識別資訊及身分驗證私鑰資料的身分驗證請求至伺服器設備,以執行一身分驗證程序。An identity verification information system includes a client device and a server device. The client device receives identity information input by a specific user and activates an application. The client device transmits device identification data to the server device, which then performs a device verification process. If the device verification process passes, the client device activates a biometric feature acquisition unit via the application and generates biometric feature collection data. The client device then performs a biometric feature verification process. If the result of the biometric authentication process is passed, the client device reads the authentication private key data and sends an authentication request including the identity identification information and the authentication private key data to the server device to perform an authentication process.

Description

身分驗證資訊系統Identity Verification Information System

本新型是有關於一種資訊系統,特別是指一種身分驗證資訊系統。 This novel invention relates to an information system, in particular to an identity verification information system.

目前使用者在進行各類網站的帳戶登入程序時,通常是藉由輸入帳戶名稱、帳戶密碼的方式來進行身分驗證。然而,若使用者的帳戶名稱及帳戶密碼不慎外洩或被盜取,就會導致帳戶被盜用的狀況發生,造成諸多不便。此外,當使用者在眾多網站分別設定帳戶名稱及帳戶密碼後,常容易因混淆、遺忘帳戶名稱或帳戶密碼之緣故,導致無法順利進行帳戶登入程序。 Currently, users typically authenticate their identities by entering their account name and password when logging into various websites. However, if a user's account name and password are accidentally leaked or stolen, their account could be hijacked, causing significant inconvenience. Furthermore, when users set up account names and passwords on multiple websites, they often become confused or forgetful, resulting in login issues.

因此,本新型之其中一目的,即在提供一種能解決前述問題的身分驗證資訊系統。 Therefore, one of the objectives of this invention is to provide an identity verification information system that can solve the aforementioned problems.

於是,本新型身分驗證資訊系統在一些實施態樣中,包含一用戶端裝置及一伺服器設備。該用戶端裝置包括一處理單元、一儲存單元及一生物特徵獲取單元。該儲存單元電連接於該處理單元,且安裝一應用程式,並儲存一生物特徵儲存資料、一身分驗證私鑰資料以及一對應於該用戶端裝置的裝置識別資料。該生物特徵儲存資料具有對應於一特定用戶 的生物特徵資訊,該身分驗證私鑰資料是基於該特定用戶的一身分識別資訊所產生。該生物特徵獲取單元電連接於該處理單元,用於產生一生物特徵採集資料。該伺服器設備能與該用戶端裝置連線通訊,並儲存多筆帳戶資料、多筆裝置識別驗證資料以及多筆身分驗證公鑰資料。每一帳戶資料具有對應於一用戶的一身分識別資訊,每一裝置識別驗證資料對應於一用戶的一用戶端裝置的該裝置識別資料,每一身分驗證公鑰資料是依據一用戶的該身分識別資訊,藉由一預定的演算法與一相對應的身分驗證私鑰資料一併產生。其中,該用戶端裝置接收該特定用戶輸入的一身分識別資訊,並接收一身分驗證指令而啟動該應用程式。該用戶端裝置藉由該應用程式啟動傳送該裝置識別資料至該伺服器設備的程序,並由該伺服器設備透過該裝置識別資料與該裝置識別驗證資料的比對執行一裝置驗證程序。若該裝置驗證程序的結果為通過,該用戶端裝置藉由該應用程式啟動該生物特徵獲取單元,並由該生物特徵獲取單元產生一對應於該特定用戶的生物特徵採集資料。該用戶端裝置比對該生物特徵採集資料與該生物特徵儲存資料的生物特徵資訊是否相符,以執行一生物特徵驗證程序。若該生物特徵驗證程序的結果為通過,該用戶端裝置讀取該身分驗證私鑰資料,並傳送一包括該身分識別資訊及該身分驗證私鑰資料的身分驗證請求至該伺服器設備,由該伺服器設備依據該身分識別資訊與該等帳戶資料的比對,以及該身分驗證私鑰資料與該身分驗證公鑰資料的驗證分析,執行一身分驗證程序。 Therefore, in some embodiments, the novel identity authentication information system includes a client device and a server device. The client device includes a processing unit, a storage unit, and a biometric acquisition unit. The storage unit is electrically connected to the processing unit and has an application installed therein. The storage unit stores biometric storage data, identity authentication private key data, and device identification data corresponding to the client device. The biometric storage data contains biometric information corresponding to a specific user, and the identity authentication private key data is generated based on the identity identification information of the specific user. The biometric acquisition unit is electrically connected to the processing unit and is used to generate biometric collection data. The server device is capable of connecting and communicating with the client device and storing multiple account data, multiple device identification and verification data, and multiple identity verification public key data. Each account data has identity identification information corresponding to a user, each device identification and verification data corresponds to the device identification data of a client device of a user, and each identity verification public key data is generated based on the identity identification information of a user using a predetermined algorithm and a corresponding identity verification private key data. The client device receives the identity identification information input by the specific user and receives an identity verification command to activate the application. The client device, through the application, initiates a process that transmits the device identification data to the server device. The server device then performs a device verification process by comparing the device identification data with the device identification verification data. If the device verification process passes, the client device, through the application, activates the biometric acquisition unit, which generates biometric data corresponding to the specific user. The client device then compares the biometric data with the biometric information in the stored biometric data to determine if it matches, thereby performing a biometric verification process. If the biometric authentication process is successful, the client device reads the authentication private key data and sends an authentication request including the identification information and the authentication private key data to the server device. The server device then performs an authentication process based on a comparison of the identification information with the account information and a verification analysis of the authentication private key data and the authentication public key data.

在一些實施態樣中,該生物特徵驗證程序及該身分驗證程序是依循FIDO標準所進行。 In some implementations, the biometric authentication procedure and the identity authentication procedure are performed in accordance with the FIDO standard.

在一些實施態樣中,該生物特徵資訊是對應於面容、虹膜、指紋、掌紋、掌形、聲紋的至少一者。 In some embodiments, the biometric information corresponds to at least one of face, iris, fingerprint, palm print, palm shape, and voice print.

在一些實施態樣中,該用戶端裝置的該儲存單元還安裝一網頁瀏覽程式。該用戶端裝置接收的該身分識別資訊是由該特定用戶輸入至該網頁瀏覽程式,且該身分驗證指令是該特定用戶藉由對該網頁瀏覽程式之操作所發出。該身分驗證程序完成後,該伺服器設備傳送一身分驗證結果至該用戶端裝置;若該身分驗證結果為通過,則該網頁瀏覽程式依據該身分識別資訊執行一網站登入程序。 In some embodiments, the storage unit of the client device further includes a web browser. The identity information received by the client device is input into the web browser by the specific user, and the authentication command is issued by the specific user through an operation on the web browser. After the authentication process is completed, the server device transmits an authentication result to the client device. If the authentication result is successful, the web browser performs a website login process based on the identity information.

在一些實施態樣中,該用戶端裝置的該儲存單元還儲存至少一筆個人識別碼資料;若該裝置驗證程序的結果為未通過,該用戶端裝置能接收一待驗識別碼資料,並依據該待驗識別碼資料與該等個人識別碼資料的比對執行一相應的識別碼驗證程序;若該識別碼驗證程序的結果為通過,則執行該身分驗證程序。 In some embodiments, the storage unit of the client device further stores at least one piece of personal identification code data. If the device verification process fails, the client device can receive a piece of identification code data to be verified and perform a corresponding identification code verification process based on a comparison between the piece of identification code data to be verified and the personal identification code data. If the result of the identification code verification process is a pass, the identity verification process is performed.

本新型的另一目的,在於提出一種身分驗證資訊系統。該身分驗證資訊系統包含一用戶端裝置、一伺服器設備及一終端裝置。該用戶端裝置包括一處理單元、一儲存單元、一生物特徵獲取單元及一攝像單元。該儲存單元電連接於該處理單元,且安裝一應用程式,並儲存一生物特徵儲存資料、一身分驗證私鑰資料以及一對應該用戶端裝置的裝置識別 資料。該生物特徵儲存資料具有對應於一特定用戶的生物特徵資訊,該身分驗證私鑰資料是基於該特定用戶的一身分識別資訊所產生。該生物特徵獲取單元電連接於該處理單元,用於產生一生物特徵採集資料。該攝像單元電連接於該處理單元,用於產生一影像資料。該伺服器設備能與該用戶端裝置連線通訊,並儲存多筆帳戶資料、多筆裝置識別驗證資料以及多筆身分驗證公鑰資料。每一帳戶資料具有對應於一用戶的一身分識別資訊,每一裝置識別驗證資料對應於一用戶的一用戶端裝置的該裝置識別資料,每一身分驗證公鑰資料是依據一用戶的該身分識別資訊,藉由一預定的演算法與一相對應的身分驗證私鑰資料一併產生。該終端裝置能與該伺服器設備及/或該用戶端裝置連線通訊,並包括一運算單元、一記憶單元及一顯示單元。該記憶單元電連接於該運算單元,並安裝一網頁瀏覽程式。該顯示單元電連接於該運算單元,用於顯示一螢幕畫面。其中,該終端裝置運行該網頁瀏覽程式,並接收該特定用戶輸入至該網頁瀏覽程式的一身分識別資訊。該終端裝置接收一身分驗證指令,並由該顯示單元顯示一包括一驗證用條碼資料的螢幕畫面,該驗證用條碼資料包括對應於該身分識別資訊的訊息。該用戶端裝置運行該應用程式,並藉由該應用程式啟動傳送該裝置識別資料至該伺服器設備的程序,而由該伺服器設備透過該裝置識別資料與該裝置識別驗證資料的比對執行一裝置驗證程序。該裝置驗證程序的結果為通過後,該用戶端裝置的該攝像單元產生一內容包括該驗證用條碼資料的影像資料,並藉由該處理單元分析該影像資料而獲取該 身分識別資訊。該用戶端裝置藉由該應用程式啟動該生物特徵獲取單元,並由該生物特徵獲取單元產生一對應於該特定用戶的生物特徵採集資料。該用戶端裝置比對該生物特徵採集資料與該生物特徵儲存資料的生物特徵資訊是否相符,以執行一生物特徵驗證程序。若該生物特徵驗證程序的結果為通過,該用戶端裝置讀取該身分驗證私鑰資料,並傳送一包括該身分識別資訊及該身分驗證私鑰資料的身分驗證請求至該伺服器設備,由該伺服器設備依據該身分識別資訊與該等帳戶資料的比對,以及該身分驗證私鑰資料與該身分驗證公鑰資料的驗證分析,執行一身分驗證程序。 Another object of the present invention is to provide an identity verification information system. The identity verification information system includes a client device, a server device, and a terminal device. The client device includes a processing unit, a storage unit, a biometric feature acquisition unit, and a camera unit. The storage unit is electrically connected to the processing unit and has an application installed therein. The storage unit stores biometric feature storage data, identity verification private key data, and device identification data corresponding to the client device. The biometric feature storage data contains biometric information corresponding to a specific user, and the identity verification private key data is generated based on the identity identification information of the specific user. The biometric acquisition unit is electrically connected to the processing unit and is used to generate biometric collection data. The imaging unit is electrically connected to the processing unit and is used to generate image data. The server device is capable of communicating with the client device and storing multiple account data, multiple device identification and verification data, and multiple identity verification public key data. Each account data has identity identification information corresponding to a user, each device identification and verification data corresponds to the device identification data of a client device of a user, and each identity verification public key data is generated based on the identity identification information of a user through a predetermined algorithm together with a corresponding identity verification private key data. The terminal device is capable of connecting and communicating with the server device and/or the client device, and includes a computing unit, a memory unit, and a display unit. The memory unit is electrically connected to the computing unit and is installed with a web browser. The display unit is electrically connected to the computing unit and is used to display a screen. The terminal device runs the web browser and receives identity identification information input into the web browser by the specific user. The terminal device receives an identity verification command, and the display unit displays a screen including a verification barcode data, wherein the verification barcode data includes a message corresponding to the identity identification information. The client device runs the application, which initiates a process that transmits the device identification data to the server device. The server device then performs a device verification process by comparing the device identification data with the device identification verification data. If the device verification process passes, the camera unit of the client device generates image data containing the verification barcode data. The processing unit analyzes the image data to obtain the identity information. The client device activates the biometric acquisition unit through the application, which generates biometric data corresponding to the specific user. The client device compares the biometric information in the collected biometric data with the biometric information in the stored biometric data to determine if they match, thereby performing a biometric verification process. If the biometric verification process passes, the client device reads the authentication private key data and transmits an authentication request including the identification information and the authentication private key data to the server device. The server device then performs an authentication process based on a comparison of the identification information with the account data and a verification analysis of the authentication private key data with the authentication public key data.

在一些實施態樣中,該生物特徵驗證程序及該身分驗證程序是依循FIDO標準所進行。 In some implementations, the biometric authentication procedure and the identity authentication procedure are performed in accordance with the FIDO standard.

在一些實施態樣中,該生物特徵資訊是對應於面容、虹膜、指紋、掌紋、掌形、聲紋的至少一者。 In some embodiments, the biometric information corresponds to at least one of face, iris, fingerprint, palm print, palm shape, and voice print.

在一些實施態樣中,該身分驗證程序完成後,該伺服器設備傳送一身分驗證結果至該終端裝置。若該身分驗證結果為通過,則該網頁瀏覽程式依據該身分識別資訊執行一網站登入程序。 In some implementations, after the authentication process is completed, the server device transmits an authentication result to the terminal device. If the authentication result is successful, the web browser performs a website login process based on the identity identification information.

在一些實施態樣中,該用戶端裝置的該儲存單元還儲存至少一筆個人識別碼資料;該用戶端裝置獲取該身分識別資訊後,若該生物特徵驗證程序的結果為未通過,該用戶端裝置能接收一待驗識別碼資料,並依據該待驗識別碼資料與該個人識別碼資料的比對,執行一相應的識別碼驗證程序;若該識別碼驗證程序的結果為通過,則執行該身分驗證程序。 In some embodiments, the storage unit of the client device further stores at least one piece of personal identification code data. After the client device obtains the identity information, if the biometric verification process fails, the client device can receive a piece of pending identification code data and, based on a comparison between the pending identification code data and the personal identification code data, perform a corresponding identification code verification process. If the identification code verification process passes, the identity verification process is performed.

本新型至少具有以下功效:該身分驗證資訊系統在進行該身分驗證程序時,是要在該用戶端裝置運行該應用程式並通過該裝置驗證程序的情況下,藉由該生物特徵驗證程序或個人識別碼驗證程序來識別是否為該特定用戶本人親自操作該用戶端裝置及/或該終端裝置,如此即使不輸入任何驗證密碼也能完成該身分驗證程序,藉以提升整體過程的效率、便利性及安全性。 This novel system has at least the following benefits: When performing the identity verification process, the identity verification information system uses the biometric verification process or personal identification code verification process to identify whether the specific user is personally operating the client device and/or the terminal device, provided that the application is running on the client device and the device verification process is passed. This allows the identity verification process to be completed even without entering any verification password, thereby improving the efficiency, convenience, and security of the overall process.

100:身分驗證資訊系統 100: Identity Verification Information System

1:用戶端裝置 1: Client device

11:處理單元 11: Processing unit

12:儲存單元 12: Storage unit

13:生物特徵獲取單元 13: Biological Characteristic Acquisition Unit

14:攝像單元 14: Camera unit

2:伺服器設備 2: Server equipment

3:終端裝置 3: Terminal device

31:運算單元 31: Arithmetic Unit

32:記憶單元 32: Memory unit

33:顯示單元 33: Display unit

S01~S06、S11~S18:步驟 S01~S06, S11~S18: Steps

本新型之其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中:圖1是一系統圖,說明本新型身分驗證資訊系統的第一實施例;圖2是該第一實施例的運行流程圖;圖3是一系統圖,說明本新型身分驗證資訊系統的第二實施例;及圖4是該第二實施例的運行流程圖。 Other features and functions of the present invention will be clearly presented in the embodiments with reference to the accompanying drawings, wherein: Figure 1 is a system diagram illustrating a first embodiment of the present invention's identity verification information system; Figure 2 is an operational flow chart of the first embodiment; Figure 3 is a system diagram illustrating a second embodiment of the present invention's identity verification information system; and Figure 4 is an operational flow chart of the second embodiment.

在本新型被詳細描述之前,應當注意在以下的說明內容中,類似的元件是以相同的編號來表示。 Before the present invention is described in detail, it should be noted that similar components are represented by the same reference numerals in the following description.

參閱圖1與圖2,為本新型身分驗證資訊系統100的第一實施例。該身分驗證資訊系統100可用於執行例如網站帳戶登入時所需的身分驗證程序,並包含一用戶端裝置1及一伺服器設備2。 Referring to Figures 1 and 2 , a first embodiment of the novel identity verification information system 100 is shown. The identity verification information system 100 can be used to perform identity verification procedures, such as those required when logging into a website account, and includes a client device 1 and a server device 2.

該用戶端裝置1例如是一特定用戶操作的行動電話、平板電 腦、筆記型電腦、桌上型電腦等電子裝置,包括一處理單元11、一儲存單元12及一生物特徵獲取單元13。 The client device 1 is, for example, an electronic device such as a mobile phone, tablet computer, laptop computer, or desktop computer operated by a specific user, and includes a processing unit 11, a storage unit 12, and a biometric feature acquisition unit 13.

該處理單元11是該用戶端裝置1的運作控制中樞,可藉由中央處理器(CPU)等控制組件來實現。 The processing unit 11 is the operation control center of the client device 1 and can be implemented by a control component such as a central processing unit (CPU).

該儲存單元12電連接於該處理單元11,可藉由硬碟等各類型資料儲存媒介來實現。本實施例中,該儲存單元12安裝一配合該伺服器設備2連線運作的應用程式,並儲存一生物特徵儲存資料、一身分驗證私鑰資料以及一對應於該用戶端裝置1的裝置識別資料。該生物特徵儲存資料具有對應於該特定用戶的生物特徵資訊,該生物特徵資訊例如(但不限於)是對應於該特定用戶的面容、虹膜、指紋、掌紋、掌形、聲紋的至少一者的生理特徵,可用於該特定用戶的身分識別。該身分驗證私鑰資料是基於該特定用戶的一身分識別資訊所產生,該身分識別資訊例如可以是該特定用戶的帳戶名稱、身分證號、電子郵件信箱等可代表身分的訊息,但不以此處示例的內容為限。該裝置識別資料例如可以是國際行動裝置識別碼(international mobile equipment identity,IMEI)或其他可用於辨識該用戶端裝置1的資訊。 The storage unit 12 is electrically connected to the processing unit 11 and can be implemented using various types of data storage media, such as a hard drive. In this embodiment, the storage unit 12 is installed with an application that operates in conjunction with the server device 2 and stores biometric storage data, identity verification private key data, and device identification data corresponding to the client device 1. The biometric storage data contains biometric information corresponding to the specific user. This biometric information includes, for example (but not limited to), at least one of the specific user's physiological characteristics, including face, iris, fingerprint, palm print, palm shape, and voice print, and can be used to identify the specific user. The authentication private key data is generated based on the specific user's identity information. The identity information may be, but is not limited to, information representing the specific user's identity, such as their account name, ID number, or email address. The device identification data may be, for example, the International Mobile Equipment Identity (IMEI) or other information that can be used to identify the client device 1.

該生物特徵獲取單元13電連接於該處理單元11,用於產生一生物特徵採集資料,以運用於該特定用戶的身分識別。對應於該生物特徵資訊,該生物特徵獲取單元13的組成構件例如可包括鏡頭模組、紅外線模組、指紋辨識模組、掌紋辨識模組、麥可風收音模組的至少一者,藉由透 過適當的硬體配置實現所需之功能。 The biometric acquisition unit 13 is electrically connected to the processing unit 11 and is used to generate biometric data for use in identifying the specific user. Corresponding to the biometric information, the components of the biometric acquisition unit 13 may include, for example, at least one of a camera module, an infrared module, a fingerprint recognition module, a palm print recognition module, and a microphone module. The required functionality is achieved through appropriate hardware configuration.

該伺服器設備2例如是由建置該應用程式的機構組織所設置,能與該用戶端裝置1連線通訊,並可透過網頁伺服器、應用程式伺服器、資料庫伺服器、驗證伺服器等多種類型的伺服器主機配合運行,在本實施例中為簡化說明內容便未細分具體的實施方式。該伺服器設備2儲存多筆帳戶資料、多筆裝置識別驗證資料以及多筆身分驗證公鑰資料。每一帳戶資料具有對應於一用戶的一身分識別資訊。每一裝置識別驗證資料對應於一用戶的一用戶端裝置1的該裝置識別資料,可由該特定用戶操作其用戶端裝置1藉由裝置綁定程序的執行,將其用戶端裝置1的該裝置識別資料留存在該伺服器設備2而對應產生該裝置識別驗證資料。每一身分驗證公鑰資料是依據一用戶的該身分識別資訊,藉由一預定的演算法與一相對應的身分驗證私鑰資料一併產生。舉例來說,該身分驗證私鑰資料及該身分驗證公鑰資料例如是由該特定用戶在該用戶端裝置1上,透過例如FIDO(fast identity online)認證等方式註冊個人帳號所產生,其產生方式是由公開金鑰加密機制同時產生相對應的該身分驗證私鑰資料及該身分驗證公鑰資料,該身分驗證私鑰資料會留存於該用戶端裝置1,該身分驗證公鑰資料則由該用戶端裝置1上傳至該伺服器設備2備存。在本實施例中,前述關於FIDO認證的相關技術標準例如可以是藉由FIDO 2來實施,但往後根據需要也可以採用不同版本的FIDO標準,因而不以特定實施方式為限。 The server device 2 is, for example, installed by the organization that developed the application. It can communicate with the client device 1 and operate in conjunction with various server hosts, such as web servers, application servers, database servers, and authentication servers. For simplicity, this embodiment does not detail the specific implementations. The server device 2 stores multiple account data, multiple device identification verification data, and multiple identity verification public key data. Each account data entry contains identity information corresponding to a user. Each device identification verification data corresponds to the device identification data of a user's client device 1. This device identification verification data can be generated by the specific user operating their client device 1 and executing a device binding program to store the device identification data of their client device 1 on the server device 2. Each public authentication key data is generated based on the user's identity information using a predetermined algorithm and a corresponding private authentication key data. For example, the private authentication key and the public authentication key are generated by the specific user registering a personal account on the client device 1 through methods such as FIDO (Fast Identity Online) authentication. The corresponding private authentication key and public authentication key are generated simultaneously using a public key encryption mechanism. The private authentication key is stored on the client device 1, while the public authentication key is uploaded by the client device 1 to the server device 2 for storage. In this embodiment, the aforementioned FIDO authentication-related technical standards may be implemented using FIDO 2, for example. However, different versions of the FIDO standard may be adopted in the future as needed, and the present invention is not limited to a specific implementation.

續參閱圖1及圖2,以下說明第一實施例中該身分驗證資訊系統100的運行流程。 Continuing with Figures 1 and 2, the following describes the operation process of the identity verification information system 100 in the first embodiment.

於步驟S01~S02,當操作該用戶端裝置1的該特定用戶要進行例如企業內部網站的登入作業而需要執行一身分驗證程序時,可以在該用戶端裝置1上輸入帳戶名稱、員工編號等身分識別資訊並發出一身分驗證指令,使該用戶端裝置1接收該特定用戶輸入的該身分識別資訊,並接收該身分驗證指令而啟動該應用程式。具體來說,在執行網站登入作業的情況下,該用戶端裝置1的該儲存單元12會安裝一網頁瀏覽程式,該用戶端裝置1接收的該身分識別資訊是由該特定用戶輸入至該網頁瀏覽程式,且該身分驗證指令是該特定用戶藉由對該網頁瀏覽程式之操作所發出。 In steps S01-S02, when the specific user operating the client device 1 needs to perform an identity verification process, such as logging into a company's internal website, the user can enter identification information such as an account name and employee ID on the client device 1 and issue an identity verification command. The client device 1 receives the identification information entered by the specific user and, upon receiving the identity verification command, activates the application. Specifically, when performing a website login operation, the storage unit 12 of the client device 1 is installed with a web browser. The identity information received by the client device 1 is input into the web browser by the specific user, and the identity verification command is issued by the specific user through an operation on the web browser.

於步驟S03,該用戶端裝置1會藉由該應用程式啟動傳送該置識別資料至該伺服器設備2的程序,並由該伺服器設備2透過該裝置識別資料與該裝置識別驗證資料的比對執行一裝置驗證程序。 In step S03, the client device 1 initiates a process to transmit the device identification data to the server device 2 through the application. The server device 2 then performs a device verification process by comparing the device identification data with the device identification verification data.

於步驟S04,若該裝置驗證程序的結果為通過,該用戶端裝置1藉由該應用程式啟動該生物特徵獲取單元13,並由該生物特徵獲取單元13產生一對應於該特定用戶的生物特徵採集資料。隨後,可由該用戶端裝置的該處理單元11比對該生物特徵採集資料與該生物特徵儲存資料的生物特徵資訊是否相符,藉以執行一生物特徵驗證程序。在上述生物特徵驗證程序中,可由前述的面容、虹膜、指紋、掌紋、掌形、聲紋等生物特徵資訊即時性地在該用戶端裝置1上進行該特定用戶的生物特徵識別,例 如(但不限於)可藉由臉部辨識、指紋辨識等方式來進行。 In step S04, if the device verification process passes, the client device 1 activates the biometric acquisition unit 13 via the application. The biometric acquisition unit 13 generates biometric data corresponding to the specific user. The client device's processing unit 11 then compares the biometric information in the biometric storage data with the biometric data to determine if they match, thereby performing a biometric verification process. In the aforementioned biometric verification process, the aforementioned biometric information, such as facial features, irises, fingerprints, palm prints, palm shape, and voice prints, can be used to perform real-time biometric identification of the specific user on the client device 1. This can be performed, for example (but not limited to), through facial recognition, fingerprint recognition, and the like.

於步驟S05~S06,若該生物特徵驗證程序的結果為通過,該用戶端裝置1便能夠開啟權限讀取該身分驗證私鑰資料,並傳送一包括該身分識別資訊及該身分驗證私鑰資料的身分驗證請求至該伺服器設備2,由該伺服器設備2依據該身分識別資訊與該等帳戶資料的比對,以及該身分驗證私鑰資料與該身分驗證公鑰資料的驗證分析,執行一身分驗證程序(步驟S05)。該身分驗證程序完成後,該伺服器設備2會傳送一身分驗證結果至該用戶端裝置1(步驟S06)。若該身分驗證結果為通過,則該用戶端裝置1上的該網頁瀏覽程式便會依據該身分識別資訊執行一網站登入程序,使得該特定用戶能夠順利登入企業內部網站。 In steps S05-S06, if the biometric verification process passes, the client device 1 is authorized to access the private authentication key data and transmits an authentication request including the identification information and the private authentication key data to the server device 2. Server device 2 then performs an authentication process based on a comparison of the identification information with the account information and a verification analysis of the private authentication key data with the public authentication key data (step S05). After the authentication process is complete, server device 2 transmits an authentication result to the client device 1 (step S06). If the identity verification result is successful, the web browser on the client device 1 will execute a website login process based on the identity identification information, allowing the specific user to successfully log in to the company's internal website.

在上述過程中,該生物特徵驗證程序及該身分驗證程序例如是依循FIDO標準所進行,因而該用戶端裝置1是在運行該應用程式並通過該裝置驗證程序的情況下,藉由該生物特徵驗證程序識別是否由該特定用戶本人操作該用戶端裝置1。在通過該生物特徵驗證程序後,該用戶端裝置1就能進一步讀取該身分驗證私鑰資料,並透過該身分驗證請求的發出來執行該身分驗證程序,如此在整體過程中不需要輸入帳戶密碼,並可由多重驗證機制(該應用程式、該裝置驗證程序、該生物特徵驗證程序)來確保該身分驗證程序的安全進行,藉此提升整體過程的效率、便利性及安全性。 In the above process, the biometric authentication process and the identity authentication process are performed in accordance with the FIDO standard, for example. Therefore, when the client device 1 runs the application and passes the device authentication process, the biometric authentication process determines whether the specific user is operating the client device 1. After passing the biometric authentication process, the client device 1 can further access the identity authentication private key data and execute the identity authentication process by issuing an authentication request. This eliminates the need to enter an account password during the entire process, and the multi-factor authentication mechanism (the application, the device authentication process, and the biometric authentication process) ensures the security of the identity authentication process, thereby improving the efficiency, convenience, and security of the entire process.

在前述執行步驟中,該身分驗證程序除了以該生物特徵驗證 程序來查驗該特定用戶的身分資訊外,也可以透過個人識別碼(personal identification number,PIN)的查驗來進行。具體來說,在此實施態樣中該用戶端裝置1的該儲存單元12還儲存至少一筆個人識別碼資料,於步驟S04執行該生物特徵驗證程序一次或多次後,若該生物特徵驗證程序的結果為未通過,則可改為由該用戶端裝置1接收一由該特定用戶輸入的待驗識別碼資料,並由該用戶端裝置1依據該待驗識別碼資料與該個人識別碼資料的比對,執行一相應的識別碼驗證程序。若該識別碼驗證程序的結果為通過,便會執行一如前述的身分驗證程序(步驟S05)。類似於前述說明,該身分驗證程序完成後,該伺服器設備2會傳送一身分驗證結果至該用戶端裝置1(步驟S06)。若該身分驗證結果為通過,則該用戶端裝置1上的該網頁瀏覽程式便會依據該身分識別資訊執行一網站登入程序,使得該特定用戶能夠順利登入企業內部網站。 In the aforementioned execution steps, the identity verification process can be performed not only through the biometric verification process to verify the identity information of the specific user, but also through verification of a personal identification number (PIN). Specifically, in this embodiment, the storage unit 12 of the client device 1 also stores at least one PIN data. After executing the biometric verification process one or more times in step S04, if the biometric verification process fails, the client device 1 can instead receive a verification code data input by the specific user. Based on the comparison of the verification code data with the PIN data, the client device 1 can execute a corresponding PIN verification process. If the identification code verification process passes, the aforementioned identity verification process is executed (step S05). Similar to the above description, after the identity verification process is completed, the server device 2 transmits an identity verification result to the client device 1 (step S06). If the identity verification result passes, the web browser on the client device 1 executes a website login process based on the identity identification information, allowing the specific user to successfully log into the company's internal website.

參閱圖3及圖4,為該身分驗證資訊系統100的第二實施例。在第二實施例中,該身分驗證資訊系統100是以包含一用戶端裝置1、一伺服器設備2及一終端裝置3為例進行說明。 Referring to Figures 3 and 4 , a second embodiment of the identity verification information system 100 is shown. In the second embodiment, the identity verification information system 100 is described as including a client device 1, a server device 2, and a terminal device 3.

在第二實施例中,該用戶端裝置1的實施方式與第一實施例大致相同,可以是由一特定用戶操作的行動電話、平板電腦、筆記型電腦、桌上型電腦等電子裝置,主要差別在於第二實施例之該用戶端裝置1除了包含一處理單元11、一儲存單元12及一生物特徵獲取單元13外,還包含一攝像單元14。該處理單元11、該儲存單元12、該生物特徵獲取單元13 的實施方式與第一實施例相同,在此不重複贅述。該攝像單元14電連接於該處理單元11,用於產生一影像資料,可透過鏡頭模組等構件來實施。 In the second embodiment, the client device 1 is implemented in a manner substantially similar to the first embodiment and can be an electronic device such as a mobile phone, tablet computer, laptop computer, or desktop computer operated by a specific user. The primary difference is that the client device 1 of the second embodiment includes a camera unit 14 in addition to a processing unit 11, a storage unit 12, and a biometric acquisition unit 13. The implementation of the processing unit 11, storage unit 12, and biometric acquisition unit 13 is the same as in the first embodiment and will not be repeated here. The camera unit 14 is electrically connected to the processing unit 11 and is used to generate image data, which can be implemented using components such as a lens module.

在第二實施例中,該伺服器設備2的硬體配置及儲存的資料與第一實施例大致相同,在此不重複贅述。 In the second embodiment, the hardware configuration and stored data of the server device 2 are substantially the same as those of the first embodiment and will not be repeated here.

該終端裝置3例如是該特定用戶操作的筆記型電腦、桌上型電腦或其他電子裝置,包括一運算單元31、一記憶單元32及一顯示單元33。 The terminal device 3 is, for example, a laptop, desktop computer, or other electronic device operated by the specific user, and includes a computing unit 31, a memory unit 32, and a display unit 33.

該運算單元31是該終端裝置3的運作控制中樞,可藉由中央處理器(CPU)等控制組件來實現。 The computing unit 31 is the operation control center of the terminal device 3 and can be implemented by a control component such as a central processing unit (CPU).

該記憶單元32電連接於該運算單元31,並安裝一網頁瀏覽程式,可藉由硬碟等各類型資料儲存媒介來實現。 The memory unit 32 is electrically connected to the computing unit 31 and is installed with a web browser program, which can be implemented through various types of data storage media such as hard drives.

該顯示單元33電連接於該運算單元31,用於顯示一螢幕畫面,可藉由液晶螢幕、OLED螢幕等各類型螢幕來實現。 The display unit 33 is electrically connected to the computing unit 31 and is used to display a screen image. This can be achieved through various types of screens such as liquid crystal screens and OLED screens.

續參閱圖3及圖4,以下說明第二實施例之該身分驗證資訊系統的運行流程。 Continuing with Figures 3 and 4, the following describes the operational flow of the identity verification information system of the second embodiment.

於步驟S11~S12,當操作該終端裝置3(例如為桌上型電腦)的該特定用戶要在該終端裝置3上進行例如企業內部網站的登入作業,而需要執行一身分驗證程序時,可以透過該終端裝置3的該網頁瀏覽程式進行相關操作,使該終端裝置3運行該網頁瀏覽程式,並接收該特定用戶輸入至該網頁瀏覽程式的一例如為帳戶名稱、員工編號等訊息的身分識別資 訊(步驟S11)。隨後,該特定用戶便可進行後續操作,使該終端裝置3接收一身分驗證指令,並由該顯示單元33顯示一包括一驗證用條碼資料的螢幕畫面(步驟S12),該驗證用條碼資料例如為QR條碼且包括對應於該身分識別資訊的訊息。 In steps S11-S12, when the specific user operating the terminal device 3 (e.g., a desktop computer) wishes to perform an identity verification process on the terminal device 3, such as logging into a corporate intranet website, the user can perform the relevant operations through the web browser of the terminal device 3. The terminal device 3 runs the web browser and receives identity identification information, such as an account name or employee ID, entered by the specific user into the web browser (step S11). The specific user can then perform subsequent operations, causing the terminal device 3 to receive an identity verification command and the display unit 33 to display a screen including a verification barcode (step S12). The verification barcode is, for example, a QR code and includes information corresponding to the identity identification information.

於步驟S13~S14,該特定用戶改為操作該用戶端裝置1(例如為行動電話),使該用戶端裝置1運行該應用程式(步驟S13),並藉由該應用程式啟動傳送該用戶端裝置1之該裝置識別資料至該伺服器設備2的程序,而由該伺服器設備2透過該裝置識別資料與該裝置識別驗證資料的比對執行一裝置驗證程序(步驟S14)。 In steps S13 and S14, the specific user operates the client device 1 (e.g., a mobile phone) and causes the client device 1 to run the application (step S13). The application initiates a process that transmits the device identification data of the client device 1 to the server device 2. The server device 2 then performs a device verification process by comparing the device identification data with the device identification verification data (step S14).

於步驟S15,該裝置驗證程序的結果為通過後,該特定用戶可以繼續操作該用戶端裝置1,由該用戶端裝置1的該攝像單元14對該終端裝置3的該顯示單元33所顯示的該驗證用條碼資料進行影像拍攝,讓該用戶端裝置1的該攝像單元14產生一內容包括該驗證用條碼資料的影像資料(步驟S15),並藉由該處理單元11分析包括該驗證用條碼資料的該影像資料而獲取該身分識別資訊。 In step S15, after the device verification process is successful, the specific user can continue to operate the client device 1. The camera unit 14 of the client device 1 captures the verification barcode data displayed by the display unit 33 of the terminal device 3, allowing the camera unit 14 of the client device 1 to generate image data containing the verification barcode data (step S15). The processing unit 11 then analyzes the image data containing the verification barcode data to obtain the identity identification information.

於步驟S16,該特定用戶可以對該用戶端裝置1進行後續操作,具體來說是讓該用戶端裝置1藉由該應用程式啟動該生物特徵獲取單元13,並由該生物特徵獲取單元產生一對應於該特定用戶的生物特徵採集資料。如前述說明,該生物特徵採集資料可包括對應於面容、虹膜、指紋、掌紋、掌形、聲紋的至少一者的生物特徵資訊。隨後,該用戶端裝置1會 比對該生物特徵採集資料與該生物特徵儲存資料的生物特徵資訊是否相符,以執行一生物特徵驗證程序。 In step S16, the specific user can perform subsequent operations on the client device 1. Specifically, the client device 1 activates the biometric acquisition unit 13 via the application, which then generates biometric data corresponding to the specific user. As previously described, the biometric data may include biometric information corresponding to at least one of the following: face, iris, fingerprint, palm print, palm shape, and voice print. The client device 1 then compares the biometric data with the biometric information in the stored biometric data to determine whether it matches, thereby performing a biometric verification process.

於步驟S17,若該生物特徵驗證程序的結果為通過,該用戶端裝置1便能讀取該身分驗證私鑰資料,並傳送一包括該身分識別資訊及該身分驗證私鑰資料的身分驗證請求至該伺服器設備2,由該伺服器設備2依據該身分識別資訊與該等帳戶資料的比對,以及該身分驗證私鑰資料與該身分驗證公鑰資料的驗證分析,執行一身分驗證程序。 In step S17, if the biometric verification process is successful, the client device 1 reads the authentication private key data and sends an authentication request including the identification information and the authentication private key data to the server device 2. The server device 2 then performs an authentication process based on a comparison of the identification information with the account information and a verification analysis of the authentication private key data and the authentication public key data.

於步驟S18,該身分驗證程序完成後,該伺服器設備2會傳送一身分驗證結果至該終端裝置3。若該身分驗證結果為通過,則該網頁瀏覽程式會依據該身分識別資訊執行一網站登入程序,完成企業內部網站的登入程序,讓該特定用戶能夠在該終端裝置3上進行所需的作業。 In step S18, after the identity verification process is completed, the server device 2 transmits an identity verification result to the terminal device 3. If the identity verification result is passed, the web browser will execute a website login process based on the identity identification information, completing the login process for the enterprise intranet website, allowing the specific user to perform the required operations on the terminal device 3.

在前述第二實施例之運行過程中,該生物特徵驗證程序及該身分驗證程序例如同樣是依循FIDO標準所進行,該特定用戶要在該終端裝置3上進行例如網站登入作業而需要進行身分驗證時,只要簡單地透過該用戶端裝置1掃描該終端裝置3顯示的該驗證用條碼資料,並通過該生物特徵驗證程序,就能在該用戶端裝置1藉由藍牙通訊連線至該終端裝置3或是該用戶端裝置1未由藍牙通訊連線至該終端裝置的狀態下,由該身分驗證資訊系統100完成後續流程。在整體執行過程中,不需要輸入帳戶密碼,並可由多重驗證機制(該應用程式、該裝置驗證程序、該生物特徵驗證程序)來確保該身分驗證程序的安全進行,藉此提升整體過程的效率、 便利性及安全性。 During the operation of the aforementioned second embodiment, the biometric verification process and the identity verification process are both performed in accordance with the FIDO standard. When the specific user needs to perform identity verification on the terminal device 3, such as logging into a website, the specific user simply scans the verification barcode data displayed by the terminal device 3 through the client device 1 and passes the biometric verification process. The identity verification information system 100 can then complete the subsequent process even if the client device 1 is connected to the terminal device 3 via Bluetooth communication or the client device 1 is not connected to the terminal device via Bluetooth communication. During the entire process, no password is required, and a multi-factor authentication mechanism (app, device, and biometrics) ensures the security of the authentication process, thereby improving the efficiency, convenience, and security of the entire process.

類似於前述第一實施例之說明,在第二實施例中,該身分驗證程序也可以藉由個人識別碼(PIN)的查驗來進行。具體來說,在此實施態樣中該用戶端裝置1的該儲存單元12還儲存至少一筆個人識別碼資料。在該步驟S15該用戶端裝置1獲取該身分識別資訊後,於該步驟S16該特定用戶可以在執行該生物特徵驗證程序一次或多次但結果均未通過時,改為由該用戶端裝置1接收一由該特定用戶輸入的待驗識別碼資料,並由該用戶端裝置1依據該待驗識別碼資料與該等個人識別碼資料的比對,執行一相應的識別碼驗證程序。若該識別碼驗證程序的結果為通過,便會執行一如前述的身分驗證程序(該步驟S17)。於該步驟S18,該伺服器設備2會傳送一身分驗證結果至該用戶端裝置1,若該身分驗證結果為通過,則該終端裝置3的該網頁瀏覽程式會依據該身分識別資訊執行一網站登入程序,完成企業內部網站的登入程序,讓該特定用戶同樣能夠在該終端裝置3上進行所需的作業。 Similar to the description of the first embodiment, in the second embodiment, the identity verification process can also be performed by checking a personal identification number (PIN). Specifically, in this embodiment, the storage unit 12 of the client device 1 also stores at least one PIN data. After the client device 1 obtains the identity information in step S15, if the specific user fails to pass the biometric verification process one or more times, the client device 1 can instead receive a verification code data input by the specific user. The client device 1 then performs a corresponding verification process based on the comparison of the verification code data with the PIN data. If the identification code verification process passes, the aforementioned identity verification process is performed (step S17). In step S18, the server device 2 transmits an identity verification result to the client device 1. If the identity verification result passes, the web browser on the terminal device 3 executes a website login process based on the identity identification information, completing the login process for the company's internal website, allowing the specific user to perform the required operations on the terminal device 3.

綜合前述說明,本新型身分驗證資訊系統100在進行該身分驗證程序時,是要在該用戶端裝置1運行該應用程式並通過該裝置驗證程序的情況下,藉由該生物特徵驗證程序或個人識別碼驗證程序來識別是否為該特定用戶本人親自操作該用戶端裝置1及/或該終端裝置3,如此即使不輸入驗證密碼也能完成該身分驗證程序,能夠有效提升整體過程的效率、便利性及安全性,故確實能達成本新型的目的。 In summary, when performing the identity verification process, the novel identity verification information system 100 uses the biometric verification process or the personal identification code verification process to identify whether the specific user is personally operating the client device 1 and/or the terminal device 3 when the application is run on the client device 1 and the device verification process is passed. This allows the identity verification process to be completed even without entering a verification password, effectively improving the efficiency, convenience, and security of the entire process, thereby achieving the purpose of the novel system.

惟以上所述者,僅為本新型之實施例而已,當不能以此限定本新型實施之範圍,凡是依本新型申請專利範圍及專利說明書內容所作之簡單的等效變化與修飾,皆仍屬本新型專利涵蓋之範圍內。 However, the above descriptions are merely examples of embodiments of this new invention and should not be construed as limiting the scope of implementation of this new invention. All simple equivalent variations and modifications made within the scope of this patent application and the contents of the patent specification are still covered by this new patent.

100:身分驗證資訊系統 100: Identity Verification Information System

1:用戶端裝置 1: Client device

11:處理單元 11: Processing unit

12:儲存單元 12: Storage unit

13:生物特徵獲取單元 13: Biological Characteristic Acquisition Unit

2:伺服器設備 2: Server equipment

Claims (10)

一種身分驗證資訊系統,包含:一用戶端裝置,包括:一處理單元,一儲存單元,電連接於該處理單元,該儲存單元安裝一應用程式,並儲存一生物特徵儲存資料、一身分驗證私鑰資料以及一對應於該用戶端裝置的裝置識別資料,該生物特徵儲存資料具有對應於一特定用戶的生物特徵資訊,該身分驗證私鑰資料是基於該特定用戶的一身分識別資訊所產生,及一生物特徵獲取單元,電連接於該處理單元,用於產生一生物特徵採集資料;及一伺服器設備,能與該用戶端裝置連線通訊,並儲存多筆帳戶資料、多筆裝置識別驗證資料以及多筆身分驗證公鑰資料,每一帳戶資料具有對應於一用戶的一身分識別資訊,每一裝置識別驗證資料對應於一用戶的一用戶端裝置的該裝置識別資料,每一身分驗證公鑰資料是依據一用戶的該身分識別資訊,藉由一預定的演算法與一相對應的身分驗證私鑰資料一併產生,其中,該用戶端裝置接收該特定用戶輸入的一身分識別資訊,並接收一身分驗證指令而啟動該應用程式,該用戶端裝置藉由該應用程式啟動傳送該裝置識別資料至該伺服器設備的程序,並由該伺服器設備透過該裝置識別資料與該裝置識別驗證資料的比對執行一裝置驗證程序,若該裝置驗證程序的結果為通過,該用戶端裝置藉由該應用程式啟動該生物特徵獲取單元,並由該生物特徵獲取單元產生一對應於該特定用戶的生物特徵採集資料,該用戶端裝置比對該生物特徵採集資料與該生物特徵儲存資料的生物特徵資訊是否相符,以執行一生物特徵驗證程序,若該生物特徵驗證程序的結果為通過,該用戶端裝置讀取該身分驗證私鑰資料,並傳送一包括該身分識別資訊及該身分驗證私鑰資料的身分驗證請求至該伺服器設備,由該伺服器設備依據該身分識別資訊與該等帳戶資料的比對,以及該身分驗證私鑰資料與該身分驗證公鑰資料的驗證分析,執行一身分驗證程序。An identity verification information system includes: a client device including: a processing unit; a storage unit electrically connected to the processing unit; the storage unit having an application installed therein and storing a biometric storage data, an identity verification private key data, and a device identification data corresponding to the client device; the biometric storage data having biometric information corresponding to a specific user; the identity verification private key data being generated based on the identity identification information of the specific user; and a biometric acquisition unit electrically connected to the processing unit for generating a biometric data. The invention relates to a server device that can connect and communicate with the client device and store multiple account data, multiple device identification verification data and multiple identity verification public key data, each account data has an identity identification information corresponding to a user, each device identification verification data corresponds to the device identification data of a client device of a user, and each identity verification public key data is generated based on the identity identification information of a user by a predetermined algorithm together with a corresponding identity verification private key data, wherein the client device receives the specific The user inputs an identification information and receives an identity verification command to start the application. The client device starts the process of transmitting the device identification data to the server device through the application, and the server device performs a device verification process by comparing the device identification data with the device identification verification data. If the result of the device verification process is passed, the client device starts the biometric feature acquisition unit through the application, and the biometric feature acquisition unit generates a biometric feature collection data corresponding to the specific user. The client device The device compares the biometric information of the collected biometric data with the biometric information of the stored biometric data to determine whether they match, thereby executing a biometric verification procedure. If the result of the biometric verification procedure is passed, the client device reads the identity verification private key data and transmits an identity verification request including the identity identification information and the identity verification private key data to the server device. The server device executes an identity verification procedure based on the comparison of the identity identification information with the account data and the verification analysis of the identity verification private key data and the identity verification public key data. 如請求項1所述之身分驗證資訊系統,其中,該生物特徵驗證程序及該身分驗證程序是依循FIDO標準所進行。The identity verification information system as described in claim 1, wherein the biometric verification procedure and the identity verification procedure are performed in accordance with the FIDO standard. 如請求項1所述之身分驗證資訊系統,其中,該生物特徵資訊是對應於面容、虹膜、指紋、掌紋、掌形、聲紋的至少一者。The identity verification information system as described in claim 1, wherein the biometric information corresponds to at least one of face, iris, fingerprint, palm print, palm shape, and voice print. 如請求項1所述之身分驗證資訊系統,其中,該用戶端裝置的該儲存單元還安裝一網頁瀏覽程式;該用戶端裝置接收的該身分識別資訊是由該特定用戶輸入至該網頁瀏覽程式,且該身分驗證指令是該特定用戶藉由對該網頁瀏覽程式之操作所發出;該身分驗證程序完成後,該伺服器設備傳送一身分驗證結果至該用戶端裝置;若該身分驗證結果為通過,則該網頁瀏覽程式依據該身分識別資訊執行一網站登入程序。The identity verification information system as described in claim 1, wherein the storage unit of the client device is also installed with a web browser; the identity identification information received by the client device is input into the web browser by the specific user, and the identity verification instruction is issued by the specific user through an operation on the web browser; after the identity verification process is completed, the server device transmits an identity verification result to the client device; if the identity verification result is passed, the web browser executes a website login process based on the identity identification information. 如請求項1所述之身分驗證資訊系統,其中,該用戶端裝置的該儲存單元還儲存至少一筆個人識別碼資料;若該生物特徵驗證程序的結果為未通過,該用戶端裝置能接收一待驗識別碼資料,並依據該待驗識別碼資料與該個人識別碼資料的比對,執行一相應的識別碼驗證程序;若該識別碼驗證程序的結果為通過,則執行該身分驗證程序。The identity verification information system as described in claim 1, wherein the storage unit of the client device further stores at least one personal identification code data; if the result of the biometric verification procedure is failure, the client device can receive a piece of identification code data to be verified and execute a corresponding identification code verification procedure based on a comparison between the piece of identification code data to be verified and the personal identification code data; if the result of the identification code verification procedure is a pass, the identity verification procedure is executed. 一種身分驗證資訊系統,包含:一用戶端裝置,包括:一處理單元,一儲存單元,電連接於該處理單元,該儲存單元安裝一應用程式,並儲存一生物特徵儲存資料、一身分驗證私鑰資料以及一對應該用戶端裝置的裝置識別資料,該生物特徵儲存資料具有對應於一特定用戶的生物特徵資訊,該身分驗證私鑰資料是基於該特定用戶的一身分識別資訊所產生,一生物特徵獲取單元,電連接於該處理單元,用於產生一生物特徵採集資料,及一攝像單元,電連接於該處理單元,用於產生一影像資料;一伺服器設備,能與該用戶端裝置連線通訊,並儲存多筆帳戶資料、多筆裝置識別驗證資料以及多筆身分驗證公鑰資料,每一帳戶資料具有對應於一用戶的一身分識別資訊,每一裝置識別驗證資料對應於一用戶的一用戶端裝置的該裝置識別資料,每一身分驗證公鑰資料是依據一用戶的該身分識別資訊,藉由一預定的演算法與一相對應的身分驗證私鑰資料一併產生;及一終端裝置,能與該伺服器設備及/或該用戶端裝置連線通訊,包括:一運算單元,一記憶單元,電連接於該運算單元,並安裝一網頁瀏覽程式,及一顯示單元,電連接於該運算單元,用於顯示一螢幕畫面,其中,該終端裝置運行該網頁瀏覽程式,並接收該特定用戶輸入至該網頁瀏覽程式的一身分識別資訊;該終端裝置接收一身分驗證指令,並由該顯示單元顯示一包括一驗證用條碼資料的螢幕畫面,該驗證用條碼資料包括對應於該身分識別資訊的訊息,該用戶端裝置運行該應用程式,並藉由該應用程式啟動傳送該裝置識別資料至該伺服器設備的程序,而由該伺服器設備透過該裝置識別資料與該裝置識別驗證資料的比對執行一裝置驗證程序,該裝置驗證程序的結果為通過後,該用戶端裝置的該攝像單元產生一內容包括該驗證用條碼資料的影像資料,並藉由該處理單元分析該影像資料而獲取該身分識別資訊,該用戶端裝置藉由該應用程式啟動該生物特徵獲取單元,並由該生物特徵獲取單元產生一對應於該特定用戶的生物特徵採集資料,該用戶端裝置比對該生物特徵採集資料與該生物特徵儲存資料的生物特徵資訊是否相符,以執行一生物特徵驗證程序,若該生物特徵驗證程序的結果為通過,該用戶端裝置讀取該身分驗證私鑰資料,並傳送一包括該身分識別資訊及該身分驗證私鑰資料的身分驗證請求至該伺服器設備,由該伺服器設備依據該身分識別資訊與該等帳戶資料的比對,以及該身分驗證私鑰資料與該身分驗證公鑰資料的驗證分析,執行一身分驗證程序。An identity verification information system includes: a client device including: a processing unit, a storage unit electrically connected to the processing unit, the storage unit installing an application and storing a biometric storage data, an identity verification private key data and a device identification data corresponding to the client device, wherein the biometric storage data has a biometric corresponding to a specific user. The identity verification private key data is generated based on the identity identification information of the specific user, a biometric feature acquisition unit electrically connected to the processing unit for generating a biometric feature collection data, and a camera unit electrically connected to the processing unit for generating an image data; a server device capable of connecting to and communicating with the client device and storing multiple account data , multiple device identification verification data and multiple identity verification public key data, each account data has an identity identification information corresponding to a user, each device identification verification data corresponds to the device identification data of a client device of a user, and each identity verification public key data is based on the identity identification information of a user, through a predetermined algorithm and a corresponding identity verification The private key data is generated together; and a terminal device capable of communicating with the server device and/or the client device, comprising: a computing unit, a memory unit electrically connected to the computing unit, and a web browser installed thereon, and a display unit electrically connected to the computing unit for displaying a screen, wherein the terminal device runs the web browser and receives the The specific user inputs an identification information into the web browser; the terminal device receives an identity verification command, and the display unit displays a screen including a verification barcode data, the verification barcode data including a message corresponding to the identity identification information, the client device runs the application, and the application starts to transmit the device identification data to the The server device performs a device verification process by comparing the device identification data with the device identification verification data. If the device verification process is passed, the camera unit of the client device generates image data including the verification barcode data, and the processing unit analyzes the image data to obtain the identity identification information. The client device activates the biometric acquisition unit through the application, and the biometric acquisition unit generates a biometric collection data corresponding to the specific user. The client device compares the biometric collection data with the biometric information of the biometric storage data to perform a biometric verification process. If the result of the biometric verification process is The client device reads the identity verification private key data and transmits an identity verification request including the identity identification information and the identity verification private key data to the server device. The server device performs an identity verification process based on the comparison of the identity identification information with the account data and the verification analysis of the identity verification private key data and the identity verification public key data. 如請求項6所述之身分驗證資訊系統,其中,該生物特徵驗證程序及該身分驗證程序是依循FIDO標準所進行。The identity verification information system as described in claim 6, wherein the biometric verification procedure and the identity verification procedure are performed in accordance with the FIDO standard. 如請求項6所述之身分驗證資訊系統,其中,該生物特徵資訊是對應於面容、虹膜、指紋、掌紋、掌形、聲紋的至少一者。The identity verification information system as described in claim 6, wherein the biometric information corresponds to at least one of face, iris, fingerprint, palm print, palm shape, and voice print. 如請求項6所述之身分驗證資訊系統,其中,該身分驗證程序完成後,該伺服器設備傳送一身分驗證結果至該終端裝置;若該身分驗證結果為通過,則該網頁瀏覽程式依據該身分識別資訊執行一網站登入程序。The identity verification information system as described in claim 6, wherein after the identity verification process is completed, the server device transmits an identity verification result to the terminal device; if the identity verification result is passed, the web browser executes a website login process based on the identity identification information. 如請求項6所述之身分驗證資訊系統,其中,該用戶端裝置的該儲存單元還儲存至少一筆個人識別碼資料;該用戶端裝置獲取該身分識別資訊後,若該生物特徵驗證程序的結果為未通過,該用戶端裝置能接收一待驗識別碼資料,並傳依據該待驗識別碼資料與該等個人識別碼資料的比對,執行一識別碼驗證程序。The identity verification information system as described in claim 6, wherein the storage unit of the client device further stores at least one personal identification code data; after the client device obtains the identity identification information, if the result of the biometric verification procedure is failure, the client device can receive a pending verification code data and transmit an identification code verification procedure based on the comparison of the pending verification code data with the personal identification code data.
TW114204039U 2025-04-23 Identity Verification Information System TWM673907U (en)

Publications (1)

Publication Number Publication Date
TWM673907U true TWM673907U (en) 2025-08-21

Family

ID=

Similar Documents

Publication Publication Date Title
US12361777B2 (en) System and method for providing credential activation layered security
US11847199B2 (en) Remote usage of locally stored biometric authentication data
US11394712B2 (en) Secure account access
US11777930B2 (en) Transaction authentication
KR100464755B1 (en) User authentication method using user's e-mail address and hardware information
US20140090039A1 (en) Secure System Access Using Mobile Biometric Devices
US20060021003A1 (en) Biometric authentication system
US20030120934A1 (en) Random biometric authentication apparatus
US20150082390A1 (en) Method and a system for secure login to a computer, computer network, and computer website using biometrics and a mobile computing wireless electronic communication device
US10003971B2 (en) Compartmentalized multi-factor authentication for mobile devices
KR20170126444A (en) Face detection
US8667577B2 (en) Remote registration of biometric data into a computer
JP7536175B2 (en) Mobile app login and device registration
WO2019123291A1 (en) System and method for user authentication using biometric data
US20190182229A1 (en) Advanced application security utilizing an application key
TWM673907U (en) Identity Verification Information System
JP7178681B1 (en) Login management system and program
US20240106823A1 (en) Sharing a biometric token across platforms and devices for authentication
US10003464B1 (en) Biometric identification system and associated methods
US20250202709A1 (en) Management device, management method, and management program
KR20010070904A (en) The iris cognizance security system and user certification method using PC camera
KR102310912B1 (en) Biometric Identification System and its operating method
JP4810240B2 (en) Authentication management method and system