Nothing Special   »   [go: up one dir, main page]

TW201439934A - Authentication system using dynamic ciphertext and method thereof - Google Patents

Authentication system using dynamic ciphertext and method thereof Download PDF

Info

Publication number
TW201439934A
TW201439934A TW102112968A TW102112968A TW201439934A TW 201439934 A TW201439934 A TW 201439934A TW 102112968 A TW102112968 A TW 102112968A TW 102112968 A TW102112968 A TW 102112968A TW 201439934 A TW201439934 A TW 201439934A
Authority
TW
Taiwan
Prior art keywords
transaction
ciphertext
authentication
store
platform
Prior art date
Application number
TW102112968A
Other languages
Chinese (zh)
Other versions
TWI514296B (en
Inventor
jun-yu Zhu
Original Assignee
Yankey Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Yankey Inc filed Critical Yankey Inc
Priority to TW102112968A priority Critical patent/TW201439934A/en
Publication of TW201439934A publication Critical patent/TW201439934A/en
Application granted granted Critical
Publication of TWI514296B publication Critical patent/TWI514296B/zh

Links

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The present invention provides an authentication system using dynamic ciphertext and method thereof, which comprises an electronic device used by a consumer end, an authorized store transaction platform and an authentication host platform. In which, the electronic device is installed with a transaction program and can perform the transaction, billing and encrypting with the transaction program. Therefore, after the billing the transaction information is transmitted to the authorized store transaction platform, the authorized store transaction platform will issue an authentication request to the authentication host platform for encrypting the transaction information as encrypted ciphertext and then transmitting to the authorized store transaction platform to be provided to the consumer end by the authorized store transaction platform. Then, the consumer end may receive the encrypted ciphertext through the electronic device, and transmit to the authentication host platform after further encryption. Finally, the authentication host platform will perform the decryption to decrypt the encrypted ciphertext with twice encryption into the transaction information to confirm the completion of transaction.

Description

使用動態密文之認證系統及其方法 Dynamic ciphertext authentication system and method thereof

本發明係關於一種使用動態密文之認證系統及其方法,特別是指一種能夠將消費者結帳所產生的交易資訊進行加密以加強交易認證與避免交易資訊的外洩,並於加密密文最後傳送至認證單位後再進行解密,以完成最後交易。 The invention relates to an authentication system using dynamic ciphertext and a method thereof, in particular to a method for encrypting transaction information generated by a consumer checkout to enhance transaction authentication and avoiding leakage of transaction information, and encrypting the ciphertext. Finally, it is transmitted to the certification unit and then decrypted to complete the final transaction.

在科技日新月異的時代中,現今智慧型手機已成為生活一部分,而隨著智慧型手機普及化及多功能化,越來越多使用者於生活中高度的透過智慧型手機進行購物,因此業界現今採用技術皆為讓使用者能夠利用智慧型手機作為購物車,並掃描商品海報上的靜態條碼,以進而取得商品的網址,再加以確認後,則會將此商品加入智慧型手機的購物車中,再由智慧型手機去進行後續結帳。 In the era of rapid technological advancement, today's smart phones have become a part of life. With the popularity and multi-functionality of smart phones, more and more users are shopping through smart phones in their lives. The technology is used to enable users to use the smart phone as a shopping cart and scan the static bar code on the product poster to obtain the product's website address. After confirming, the product will be added to the smart phone shopping cart. Then, the smart phone will go through the subsequent checkout.

然而,在進行結帳的動作時,若是直接將交易資訊傳送出去,而沒有經過是否為授權商家及是否為消費者認可的交易內容,對於消費者來說,很有可能會發生不安全的交易,甚至會導致交易資訊外洩的情況發生;因此,若能夠將消費者結帳所產生的交易資訊進行加密,並於加密密文最後傳送至認證單位後再進行解密,以完成最後交易,藉此處理方式加強交易安全性,如此應為一最佳解決方案。 However, in the case of the checkout action, if the transaction information is directly transmitted without passing through the transaction content that is authorized for the merchant and whether it is recognized by the consumer, it is very likely that the consumer will have an unsafe transaction. , even lead to the leakage of transaction information; therefore, if the transaction information generated by the consumer checkout can be encrypted, and then the encrypted ciphertext is finally transmitted to the certification unit and then decrypted, to complete the final transaction, borrow This approach enhances transaction security and should be an optimal solution.

本發明即在於提供一種使用動態密文之認證系統及其方法,係能夠將消費者結帳所產生的交易資訊進行加密,並於加密密文最後傳送至認證單位後再進行解密,以完成最後交易,如此將能夠加強交易的安全性,並且為了增加便利性以及安全性,將原本網路上交易的結帳流程,由原先要在每個購物的網站上輸入卡號以及個人資訊的提供(如地址,電話等),改由使用者身上的電子裝置主動發動消費訊息給認證端,可以減少在購物網站上頭輸入個人重要資訊的機會,也降低要把重要的卡號經由網路店家傳輸所產生的風險。 The present invention is to provide an authentication system using dynamic ciphertext and a method thereof, which are capable of encrypting transaction information generated by a consumer checkout, and transmitting the encrypted ciphertext to the authentication unit and then decrypting it to complete the finalization. Transaction, which will enhance the security of the transaction, and in order to increase convenience and security, the billing process of the original online transaction will be provided by the card number and the personal information (such as the address). , telephone, etc.), the electronic device on the user actively initiates the consumption message to the authentication terminal, which can reduce the chance of inputting important personal information on the shopping website, and reduce the transmission of the important card number through the online store. risk.

可達成上述使用動態密文之認證系統及其方法,係包含一電子裝置、一授權店家交易平台及一認證主機平台,其中該電子裝置係安裝有一交易程式,而該交易程式中係包含一交易結帳模組,係由消費者端透由網路或是使用該電子裝置進行消費購物,並於消費購物後,該交易結帳模組能夠對一授權店家交易平台提出結帳需求,並將交易資訊傳送至一認證主機平台;一加密模組,係能夠接收該授權店家交易平台所傳送之第一交密密文,並藉由該加密模組,使用消費者加密金鑰再次加密第一交密密文,以產生出一第二加密密文;一交易密文傳送模組,係與該加密模組相連接,並透過網路將第二加密密文傳送至該認證主機平台;而該授權店家交易平台係包含一認證資訊傳送模組,係能夠對該認證主機平台提出認證需求;一交易密文接收與處理模組,係用以接收該認證主機平台所傳送之第一交易密文,並再由該交易密文接收與處理模組將第一交易密文傳送給消費者端之電子裝置;一認證主機平台,係與該授權店家交易平台相連線, 而該認證主機平台係包含一交易密文產生模組,係用以接收該交易結帳模組所傳送之交易資訊,並使用一店家金鑰對交易資訊進行加密,以產生出一第一交易密文;一交易密文傳送模組,係與該交易密文產生模組相連接,而該交易密文傳送模組能夠透過網路傳送第一交易密文至該授權店家交易平台;一交易密文解碼模組,係能夠接收該交易密文傳送模組所傳送之第二加密密文,並藉由消費者加密金鑰解開第二加密密文,以取得第一加密密文,之後再利用店家金鑰解開第一加密密文,以取得交易資訊;一交易確認模組,係與該交易密文解碼模組相連接,用以接收已解密後之交易資訊,並完成交易處理。 The above-mentioned authentication system and method for using the dynamic ciphertext can be implemented, comprising an electronic device, an authorized store trading platform and an authentication host platform, wherein the electronic device is installed with a transaction program, and the transaction program includes a transaction The checkout module is used by the consumer to make purchases through the network or using the electronic device, and after the consumer purchases, the transaction checkout module can request the checkout of an authorized store transaction platform, and Transaction information is transmitted to an authentication host platform; an encryption module is capable of receiving the first confidential ciphertext transmitted by the authorized store transaction platform, and re-encrypting the first using the consumer encryption key by the encryption module Transmitting the ciphertext to generate a second encrypted ciphertext; a transaction ciphertext transmission module is connected to the encryption module, and transmitting the second encrypted ciphertext to the authentication host platform through the network; The authorized store trading platform includes a certification information transmission module, which can provide authentication requirements for the authentication host platform; a transaction ciphertext receiving and processing module is used for Receiving the first transaction ciphertext transmitted by the authentication host platform, and then transmitting the first transaction ciphertext to the electronic device of the consumer terminal by the transaction ciphertext receiving and processing module; an authentication host platform, and the authorization The store's trading platform is connected, The authentication host platform includes a transaction ciphertext generating module for receiving transaction information transmitted by the transaction checkout module, and encrypting the transaction information by using a store key to generate a first transaction. a ciphertext transmission module, which is connected to the transaction ciphertext generation module, and the transaction ciphertext transmission module can transmit the first transaction ciphertext to the authorized store transaction platform through the network; The ciphertext decoding module is configured to receive the second encrypted ciphertext transmitted by the transaction ciphertext transmitting module, and decrypt the second encrypted ciphertext by using the consumer encryption key to obtain the first encrypted ciphertext, and then obtain the first encrypted ciphertext, and then Reusing the store key to unlock the first encrypted ciphertext to obtain transaction information; a transaction confirmation module is connected with the transaction ciphertext decoding module for receiving the decrypted transaction information and completing the transaction processing .

更具體的說,所述電子裝置係為智慧型手機、電腦或平板電腦。 More specifically, the electronic device is a smart phone, a computer or a tablet.

更具體的說,所述交易資訊係為交易時間、購物清單編號、店家端代號、認證模式、消費金額。 More specifically, the transaction information is transaction time, shopping list number, store-side code, authentication mode, and consumption amount.

更具體的說,所述第一交易密文以及第二交易密文係為一次性使用以及時效性且無法修改。 More specifically, the first transaction ciphertext and the second transaction ciphertext are one-time use and time-sensitive and cannot be modified.

更具體的說,所述交易程式之交易密文傳送模組,係能夠透過網路的加密通道,將第二加密密文傳送至該認證主機平台。 More specifically, the transaction ciphertext transmission module of the transaction program is capable of transmitting the second encrypted ciphertext to the authentication host platform through an encrypted channel of the network.

更具體的說,所述消費者加密金鑰係為通用唯一識別碼、國際行動設備識別碼、使用者密碼或使用者加密憑證。 More specifically, the consumer encryption key is a universal unique identifier, an international mobile device identifier, a user password, or a user encrypted credential.

更具體的說,所述授權店家交易平台係能夠用於網路線上虛擬的店家端或是具有實體商店之店家端。 More specifically, the authorized store trading platform can be used for a virtual storefront on a network line or a storefront with a physical store.

更具體的說,所述交易密文接收與處理模組係能夠以條碼、 圖形、影像、聲音、電波或近距離無線通訊(NFC)的傳輸形態,將第一交易密文傳送給消費者端之電子裝置。 More specifically, the transaction ciphertext receiving and processing module can be barcoded, The transmission form of graphics, video, sound, radio waves or Near Field Communication (NFC) transmits the first transaction ciphertext to the electronic device of the consumer.

更具體的說,所述交易確認模組係與一付款閘道平台相連線,以於確認交易資訊後,則完成交易。 More specifically, the transaction confirmation module is connected to a payment gateway platform to complete the transaction after confirming the transaction information.

更具體的說,所述認證主機平台更包含有一授權店家確認模組,係與該認證資訊傳送模組相連接,用以比對傳送交易資訊之店家端是否為已授權店家。 More specifically, the authentication host platform further includes an authorized store confirmation module connected to the authentication information transmission module for comparing whether the storefront of the transaction information is an authorized store.

更具體的說,所述認證主機平台更包含有一店家金鑰模組,係與該授權店家確認模組及該交易密文產生模組相連接,用以產生或是取出一組對應交易資訊的店家金鑰。 More specifically, the authentication host platform further includes a store key module connected to the authorized store confirmation module and the transaction ciphertext generating module for generating or extracting a set of corresponding transaction information. Store key.

而本發明之使用動態密文之認證方法,其認證方法為:1.消費者端於網路上、實體店面或是電子裝置上之內建之交易程式購物完成後,向店家端之授權店家交易平台提出結賬需求;2.再由授權店家交易平台向認證主機平台提出認證需求,並由消費者端傳送交易資訊至認證主機平台;3.於認證主機平台收到交易資訊後,藉由一店家金鑰對交易資訊進行加密為第一交易密文,並再透過網路傳送給授權店家交易平台;4.之後,授權店家交易平台收到第一交易密文後,將第一交易密文提供給消費者端之電子裝置;5.而消費者端能夠使用內建之交易程式,取得本次交易之第一交易密文,並再使用消費者加密金鑰再次加密第一交密密文,以產生出一第二加密密文後,再將第二加密密文透過網路傳送給認證主機平 台;6.最後,認證主機平台能夠藉由消費者加密金鑰解開第二加密密文,以取得第一加密密文,之後再利用店家金鑰解開第一加密密文,以取得交易資訊後,則由認證主機平台完成交易。 The authentication method using the dynamic ciphertext of the present invention is as follows: 1. After the consumer completes the shopping program on the network, the physical storefront or the electronic device, the authorized store transaction is performed to the storefront. The platform proposes the checkout requirement; 2. The authorized store transaction platform proposes the authentication requirement to the authentication host platform, and the client transmits the transaction information to the authentication host platform; 3. After the authentication host platform receives the transaction information, the store owner The key encrypts the transaction information into the first transaction ciphertext, and then transmits it to the authorized store transaction platform through the network; 4. After the authorized store transaction platform receives the first transaction ciphertext, the first transaction ciphertext is provided. The electronic device for the consumer; 5. The consumer can use the built-in transaction program to obtain the first transaction ciphertext of the transaction, and then encrypt the first ciphertext again using the consumer encryption key. After generating a second encrypted ciphertext, the second encrypted ciphertext is transmitted to the authentication host through the network. Finally, the authentication host platform can unlock the second encrypted ciphertext by the consumer encryption key to obtain the first encrypted ciphertext, and then use the store key to unlock the first encrypted ciphertext to obtain the transaction. After the information, the transaction is completed by the authentication host platform.

更具體的說,所述店家端係為網路線上虛擬的店家端或是具有實體商店的店家端。 More specifically, the storefront is a virtual storefront on a network line or a storefront with a physical store.

更具體的說,所述交易資訊係為交易時間、購物清單編號、店家端代號、認證模式以及消費金額。 More specifically, the transaction information is transaction time, shopping list number, store-side code, authentication mode, and consumption amount.

更具體的說,所述第一交易密文及第二交易密文係為一次性使用,有時效性並且無法修改。 More specifically, the first transaction ciphertext and the second transaction ciphertext are single-use, time-sensitive, and cannot be modified.

更具體的說,所述第一交易密文提供給消費者端之電子裝置的形式係為條碼、圖形、影像、聲音、電波或近距離無線通訊(NFC)。 More specifically, the electronic device provided by the first transaction ciphertext to the consumer is in the form of bar code, graphics, video, sound, radio wave or Near Field Communication (NFC).

如更具體的說,所述消費者加密金鑰係為通用唯一識別碼、國際行動設備識別碼、使用者密碼或使用者加密憑證。 More specifically, the consumer encryption key is a universal unique identifier, an international mobile device identifier, a user password, or a user encrypted credential.

更具體的說,所述認證主機平台能夠依據交易資訊比對傳送交易資訊之店家端是否為已授權店家,並產生或是取出一組對應交易資訊的店家金鑰。 More specifically, the authentication host platform can compare whether the storefront of the transaction information is an authorized store according to the transaction information, and generate or retrieve a set of store keys corresponding to the transaction information.

〔本發明〕 〔this invention〕

1‧‧‧電子裝置 1‧‧‧Electronic device

11‧‧‧交易程式 11‧‧‧Transaction program

111‧‧‧交易結帳模組 111‧‧‧Transaction Checkout Module

112‧‧‧加密模組 112‧‧‧Encryption Module

113‧‧‧交易密文傳送模組 113‧‧‧Transaction ciphertext transmission module

2‧‧‧授權店家交易平台 2‧‧‧ Authorized store trading platform

21‧‧‧認證資訊傳送模組 21‧‧‧Certified Information Transfer Module

22‧‧‧交易密文接收與處理模組 22‧‧‧Transaction ciphertext receiving and processing module

3‧‧‧認證主機平台 3‧‧‧Certified host platform

31‧‧‧授權店家確認模組 31‧‧‧Authorized store confirmation module

32‧‧‧店家金鑰模組 32‧‧‧Store Key Module

33‧‧‧交易密文產生模組 33‧‧‧Transaction ciphertext generation module

34‧‧‧交易密文傳送模組 34‧‧‧Transaction ciphertext transmission module

35‧‧‧交易密文解碼模組 35‧‧‧Transaction ciphertext decoding module

36‧‧‧交易確認模組 36‧‧‧Transaction Confirmation Module

4‧‧‧付款閘道平台 4‧‧‧ Payment gateway platform

第1A圖係本發明使用動態密文之認證系統及其方法之架構示意圖。 FIG. 1A is a schematic diagram showing the architecture of the authentication system and method using the dynamic ciphertext of the present invention.

第1B圖係本發明使用動態密文之認證系統及其方法之交易程式內部架構示意圖。 FIG. 1B is a schematic diagram showing the internal structure of a transaction program using the dynamic ciphertext authentication system and the method thereof.

第1C圖係本發明使用動態密文之認證系統及其方法之授權店家交易平台內部架構示意圖。 1C is a schematic diagram of the internal architecture of an authorized store trading platform using the dynamic ciphertext authentication system and method thereof.

第1D圖係本發明使用動態密文之認證系統及其方法之認證主機平台內部架構示意圖。 The 1D figure is a schematic diagram of the internal architecture of the authentication host platform using the dynamic ciphertext authentication system and the method thereof.

第2圖係本發明使用動態密文之認證系統及其方法之認證方法流程圖。 2 is a flow chart of an authentication method using the dynamic ciphertext authentication system and method thereof.

有關於本發明之前述及其他技術內容、特點與功效,在以下配合參考圖式之較佳實施例的詳細說明中,將可清楚的呈現。 The above and other technical contents, features and advantages of the present invention will be apparent from the following detailed description of the preferred embodiments.

請參閱第1A圖、第1B圖、第1C圖及第1D圖,為本發明使用動態密文之認證系統及其方法之架構示意圖、交易程式內部架構示意圖、授權店家交易平台內部架構示意圖及認證主機平台內部架構示意圖,由圖中可知,消費者端能夠使用電子裝置1(例如智慧型手機、電腦或平板電腦),並開啟電子裝置1內安裝之交易程式11,以使用交易程式11進行購物,並於購物完成要結帳時後,能夠由該交易結帳模組111對授權店家交易平台2提出結帳需求,之後,再將結帳之交易資訊傳送至該交易密文產生模組33,而該授權店家交易平台2之認證資訊傳送模組21則會再對認證主機平台3提出認證需求。 Please refer to FIG. 1A, FIG. 1B, FIG. 1C and FIG. 1D, which are schematic diagrams of the architecture of the authentication system and method using the dynamic ciphertext, the internal architecture of the transaction program, the internal architecture diagram of the authorized store transaction platform and the authentication. A schematic diagram of the internal architecture of the host platform. As can be seen from the figure, the consumer can use the electronic device 1 (such as a smart phone, a computer or a tablet) and open the transaction program 11 installed in the electronic device 1 to use the transaction program 11 for shopping. And after the completion of the shopping to be settled, the transaction settlement module 111 can present a settlement request to the authorized store transaction platform 2, and then transfer the transaction information of the settlement to the transaction ciphertext generation module 33. And the authentication information transmission module 21 of the authorized store trading platform 2 will further request the authentication host platform 3.

該店家端必須先與認證主機平台3申請授權,因此交易資訊傳送到認證主機平台3並提出認證需求時,該認證主機平台3之授權店家確認模組31必須先確認店家端是否為已授權店家,若確認無誤,則再由該店家金鑰模組32,依據交易資訊產生或是取出一組店家金鑰,而該認證主機平台3之交易密文產生模組33能夠再藉由店家金鑰對交易資訊進行加 密,以加密為第一交易密文,之後,再由該認證主機平台3之交易密文傳送模組34透過網路將第一交易密文至該授權店家交易平台2之交易密文接收與處理模組22,而該交易密文接收與處理模組22能夠以條碼、圖形、影像、聲音或近距離無線通訊的形式將第一交易密文傳送至該消費者端的電子裝置1上,而消費者端則能夠開啟交易程式11並接收第一交易密文,再由該加密模組112將接收授權店家交易平台2所傳送的第一交密密文,並以消費者加密金鑰(例如通用唯一識別碼、國際行動設備識別碼、使用者密碼或使用者加密憑證)再次加密第一交密密文,以產生出第二加密密文。 The store owner must first apply for authorization with the authentication host platform 3, so when the transaction information is transmitted to the authentication host platform 3 and the authentication request is made, the authorized store confirmation module 31 of the authentication host platform 3 must first confirm whether the store owner is an authorized store. If the confirmation is correct, the store key module 32 generates or retrieves a set of store keys according to the transaction information, and the transaction ciphertext generation module 33 of the authentication host platform 3 can further use the store key. Add transaction information The encryption is the first transaction ciphertext, and then the transaction ciphertext transmission module 34 of the authentication host platform 3 receives the transaction ciphertext of the first transaction ciphertext to the authorized store transaction platform 2 through the network. Processing the module 22, and the transaction ciphertext receiving and processing module 22 can transmit the first transaction ciphertext to the electronic device 1 of the consumer terminal in the form of bar code, graphics, video, sound or short-range wireless communication, and The consumer can then open the transaction program 11 and receive the first transaction ciphertext, and the encryption module 112 will receive the first ciphertext transmitted by the authorized store transaction platform 2, and use the consumer encryption key (for example) The first secret ciphertext is again encrypted by the universal unique identifier, the international mobile device identifier, the user password or the user encrypted credential to generate the second encrypted ciphertext.

而該交易程式11之交易密文傳送模組113於產生第二加密密文後,能夠再透過網路將第二加密密文傳送至該認證主機平台3之交易密文解碼模組35,之後該交易密文解碼模組35會先由消費者加密金鑰解開第二加密密文,以取得第一加密密文後,之後再利用店家金鑰解開第一加密密文,以取得原始交易資訊,若是解碼成功則表示已認證成功,並再藉由該交易確認模組36接收已解密後之交易資訊,並連接至一付款閘道平台4以於確認交易資訊後,則完成交易。 After the second encrypted ciphertext is generated, the transaction ciphertext transmission module 113 of the transaction program 11 can transmit the second encrypted ciphertext to the transaction ciphertext decoding module 35 of the authentication host platform 3 through the network. The transaction ciphertext decoding module 35 first unlocks the second encrypted ciphertext by the consumer encryption key to obtain the first encrypted ciphertext, and then uses the store key to unlock the first encrypted ciphertext to obtain the original The transaction information, if the decoding is successful, indicates that the authentication is successful, and the transaction confirmation module 36 receives the decrypted transaction information and connects to a payment gateway platform 4 to confirm the transaction information, and then completes the transaction.

由上述說明可知,由第2圖中可知,本發明之使用動態密文之認證方法,其認證方法為:1.消費者端於網路上、實體店面或是電子裝置上之內建之交易程式購物完成後,向店家端之授權店家交易平台提出結賬需求201;2.再由授權店家交易平台向認證主機平台提出認證需求,並由消費者端傳送交易資訊至認證主機平台202;3.於認證主機平台收到交易資訊後,藉由一店家金鑰對交易資訊進 行加密為第一交易密文,並再透過網路傳送給授權店家交易平台203;4.之後,授權店家交易平台收到第一交易密文後,將第一交易密文提供給消費者端之電子裝置204;5.而消費者端能夠使用內建之交易程式,取得本次交易之第一交易密文,並再使用消費者加密金鑰再次加密第一交密密文,以產生出一第二加密密文後,再將第二加密密文透過網路傳送給認證主機平台205;6.最後,認證主機平台能夠藉由消費者加密金鑰解開第二加密密文,以取得第一加密密文,之後再利用店家金鑰解開第一加密密文,以取得交易資訊後,則由認證主機平台完成交易206。 It can be seen from the above description that, as can be seen from FIG. 2, the authentication method using the dynamic ciphertext of the present invention has the following authentication methods: 1. The built-in transaction program of the consumer on the network, the physical storefront or the electronic device. After the completion of the shopping, the checkout demand 201 is submitted to the authorized store trading platform of the store; 2. The authorized store trading platform then submits the authentication request to the authentication host platform, and the client transmits the transaction information to the authentication host platform 202; 3. After the authentication host platform receives the transaction information, the transaction information is entered by a store key. The line is encrypted into the first transaction ciphertext, and then transmitted to the authorized store trading platform 203 through the network; 4. After the authorized store trading platform receives the first transaction ciphertext, the first transaction ciphertext is provided to the consumer. The electronic device 204; 5. The consumer can use the built-in transaction program to obtain the first transaction ciphertext of the transaction, and then encrypt the first ciphertext again by using the consumer encryption key to generate After the second encrypted ciphertext, the second encrypted ciphertext is transmitted to the authentication host platform 205 through the network; 6. Finally, the authentication host platform can unlock the second encrypted ciphertext by using the consumer encryption key to obtain After encrypting the ciphertext first, and then using the store key to unlock the first encrypted ciphertext, to obtain the transaction information, the transaction 206 is completed by the authentication host platform.

而店家端係能夠網路線上虛擬的店家端或是具有實體商店的店家端,本發明雖然是以網路線上虛擬的店家端進行說明,但店家端亦能夠為具有實體商店的店家端,而消費者端於實體商店內消費結帳後,店家端亦會提出認證需求。 The store side can be a virtual storefront on the Internet or a storefront with a physical store. Although the invention is described by a virtual storefront on the Internet, the storefront can also be a storefront with a physical store. After the consumer ends the checkout in the physical store, the store owner will also ask for certification requirements.

另外由於所產生之第一交易密文係為一次性使用、有時效性且無法修改,因此店家端僅能一次性使用,並於下一次消費者端提出交易結帳時,店家端必須再一次提出認證需求。 In addition, since the first transaction ciphertext generated is one-time use, time-sensitive and cannot be modified, the store side can only be used once, and the store side must once again submit the transaction checkout at the next consumer end. Propose certification requirements.

本發明所提供之一種使用動態密文之認證系統及其方法,與其他習用技術相互比較時,優點如下: The invention provides an authentication system using dynamic ciphertext and a method thereof, and when compared with other conventional technologies, the advantages are as follows:

1.本發明係能夠將消費者結帳所產生的交易資訊進行二次加密,並於加密密文最後傳送至認證單位後再進行解密,以完成最後交易,如 此將能夠加強交易的安全性以及正確性,因為有經過認證端,店家以及消費者的多層加密確認。 1. The invention is capable of secondarily encrypting the transaction information generated by the consumer checkout, and then transmitting the encrypted ciphertext to the authentication unit before decrypting to complete the final transaction, such as This will enhance the security and correctness of the transaction, as there are multiple layers of encryption confirmation by the authenticated end, store and consumer.

2.本發明能夠讓由店家端提出認證需求並由認證主機平台產生交易密文後,再由店家端提供給消費者端,以讓消費者端能夠再次確認交易資訊並再次進行加密後,則傳送給認證主機平台進行解密,並於解密完成後則完成交易,如此將能夠於消費者端確認的情況下完成交易,並能夠避免交易資訊外洩的情況發生。 2. The present invention enables the store owner to submit the authentication request and generate the transaction ciphertext by the authentication host platform, and then the store owner provides the transaction to the consumer, so that the consumer can reconfirm the transaction information and encrypt again. It is transmitted to the authentication host platform for decryption, and the transaction is completed after the decryption is completed, so that the transaction can be completed with the confirmation of the consumer, and the leakage of the transaction information can be avoided.

藉由以上較佳具體實施例之詳述,係希望能更加清楚描述本發明之特徵與精神,而並非以上述所揭露的較佳具體實施例來對本發明之範疇加以限制。相反地,其目的是希望能涵蓋各種改變及具相等性的安排於本發明所欲申請之專利範圍的範疇內。 The features and spirit of the present invention will be more apparent from the detailed description of the preferred embodiments. On the contrary, the intention is to cover various modifications and equivalents within the scope of the invention as claimed.

1‧‧‧電子裝置 1‧‧‧Electronic device

11‧‧‧交易程式 11‧‧‧Transaction program

2‧‧‧授權店家交易平台 2‧‧‧ Authorized store trading platform

3‧‧‧認證主機平台 3‧‧‧Certified host platform

4‧‧‧付款閘道平台 4‧‧‧ Payment gateway platform

Claims (18)

一種使用動態密文之認證系統,係包含:一電子裝置,係安裝有一交易程式,而該交易程式中係包含:一交易結帳模組,係由消費者端透由網路或是使用該電子裝置進行消費購物,並於消費購物後,該交易結帳模組能夠對一授權店家交易平台提出結帳需求,並將交易資訊傳送至一認證主機平台;一加密模組,係能夠接收該授權店家交易平台所傳送之第一交密密文,並藉由該加密模組,使用消費者加密金鑰再次加密第一交密密文,以產生出一第二加密密文;一交易密文傳送模組,係與該加密模組相連接,並透過網路將第二加密密文傳送至該認證主機平台;一授權店家交易平台,係包含:一認證資訊傳送模組,係能夠對該認證主機平台提出認證需求;一交易密文接收與處理模組,係用以接收該認證主機平台所傳送之第一交易密文,並再由該交易密文接收與處理模組將第一交易密文傳送給消費者端之電子裝置;一認證主機平台,係與該授權店家交易平台相連線,而該認證主機平台係包含:一交易密文產生模組,係用以接收該交易結帳模組所傳送之交易資訊,並使用一店家金鑰對交易資訊進行加密,以產生出一第一交易密文;一交易密文傳送模組,係與該交易密文產生模組相連接,而該交易 密文傳送模組能夠透過網路傳送第一交易密文至該授權店家交易平台;一交易密文解碼模組,係能夠接收該交易密文傳送模組所傳送之第二加密密文,並藉由消費者加密金鑰解開第二加密密文,以取得第一加密密文,之後再利用店家金鑰解開第一加密密文,以取得交易資訊;一交易確認模組,係與該交易密文解碼模組相連接,用以接收已解密後之交易資訊,並完成交易處理。 An authentication system using dynamic ciphertext includes: an electronic device, which is installed with a transaction program, and the transaction program includes: a transaction checkout module, which is used by the consumer to access the network or use the The electronic device performs consumer shopping, and after the consumer purchases, the transaction checkout module can present a checkout request to an authorized store transaction platform, and transmit the transaction information to an authentication host platform; an encryption module is capable of receiving the Authorizing the first confidential ciphertext transmitted by the store trading platform, and using the encryption module, encrypting the first secret ciphertext again by using the consumer encryption key to generate a second encrypted ciphertext; The text transmission module is connected to the encryption module and transmits the second encrypted ciphertext to the authentication host platform through the network; and an authorized store transaction platform includes: an authentication information transmission module, which is capable of The authentication host platform proposes an authentication requirement; a transaction ciphertext receiving and processing module is configured to receive the first transaction ciphertext transmitted by the authentication host platform, and then receive the transaction ciphertext And the processing module transmits the first transaction ciphertext to the electronic device of the consumer; an authentication host platform is connected to the authorized store transaction platform, and the authentication host platform comprises: a transaction ciphertext generation module For receiving the transaction information transmitted by the transaction checkout module, and encrypting the transaction information using a store key to generate a first transaction ciphertext; a transaction ciphertext transmission module, Transaction ciphertext generation module is connected, and the transaction The ciphertext transmission module can transmit the first transaction ciphertext to the authorized store transaction platform through the network; and the transaction ciphertext decoding module can receive the second encrypted ciphertext transmitted by the transaction ciphertext transmission module, and Unpacking the second encrypted ciphertext by the consumer encryption key to obtain the first encrypted ciphertext, and then using the store key to unlock the first encrypted ciphertext to obtain transaction information; a transaction confirmation module, The transaction ciphertext decoding module is connected to receive the decrypted transaction information and complete the transaction processing. 如申請專利範圍第1項所述之使用動態密文之認證系統,其中該電子裝置係為智慧型手機、電腦或平板電腦。 The authentication system using dynamic ciphertext as described in claim 1 , wherein the electronic device is a smart phone, a computer or a tablet. 如申請專利範圍第1項所述之使用動態密文之認證系統,其中該交易資訊係為交易時間、購物清單編號、店家端代號、認證模式、消費金額。 As used herein the dynamic cipher text in item 1 patentable scope of the authentication system, wherein the transaction information is based transactions, shopping list number, stores terminal code, the authentication mode, the amount of consumption. 如申請專利範圍第1項所述之使用動態密文之認證系統,其中該第一交易密文以及第二交易密文係為一次性使用以及時效性且無法修改。 As used herein the dynamic cipher text in item 1 patentable scope of the authentication system, wherein the first transaction and second transaction ciphertext ciphertext-based one-time use and can not be modified and timeliness. 如申請專利範圍第1項所述之使用動態密文之認證系統,其中該交易程式之交易密文傳送模組,係能夠透過網路的加密通道,將第二加密密文傳送至該認證主機平台。 The authentication system using the dynamic ciphertext as described in claim 1 , wherein the transaction ciphertext transmission module of the transaction program is capable of transmitting the second encrypted ciphertext to the authentication host through an encrypted channel of the network. platform. 如申請專利範圍第1項所述之使用動態密文之認證系統,其中該消費者加密金鑰係為通用唯一識別碼、國際行動設備識別碼、使用者密碼或使用者加密憑證。 The authentication system using dynamic ciphertext as described in claim 1 , wherein the consumer encryption key is a universal unique identification code, an international mobile device identification code, a user password, or a user encrypted certificate. 如申請專利範圍第1項所述之使用動態密文之認證系統,其中該授權店家交易平台係能夠用於網路線上虛擬的店家端或是具有實體商店之店 家端。 For example, the authentication system using the dynamic ciphertext described in claim 1 of the patent scope, wherein the authorized store transaction platform can be used for a virtual storefront on a network line or a storefront with a physical store. 如申請專利範圍第1項所述之使用動態密文之認證系統,其中該交易密文接收與處理模組係能夠以條碼、圖形、影像、聲音、電波或近距離無線通訊(NFC)的傳輸形態,將第一交易密文傳送給消費者端之電子裝置。 The authentication system using dynamic ciphertext as described in claim 1 , wherein the transaction ciphertext receiving and processing module is capable of transmitting by bar code, graphics, video, sound, radio wave or short-range wireless communication (NFC). Form, the first transaction ciphertext is transmitted to the electronic device of the consumer. 如申請專利範圍第1項所述之使用動態密文之認證系統,其中該交易確認模組係與一付款閘道平台相連線,以於確認交易資訊後,則完成交易。 For example, the authentication system using the dynamic ciphertext described in claim 1 wherein the transaction confirmation module is connected to a payment gateway platform to confirm the transaction information, and then complete the transaction. 如申請專利範圍第1項所述之使用動態密文之認證系統,其中該認證主機平台更包含有一授權店家確認模組,係與該認證資訊傳送模組相連接,用以比對傳送交易資訊之店家端是否為已授權店家。 The authentication system using the dynamic ciphertext as described in claim 1 , wherein the authentication host platform further includes an authorized store confirmation module, which is connected to the authentication information transmission module for comparing and transmitting transaction information. Whether the store is an authorized store. 如申請專利範圍第10項所述之使用動態密文之認證系統,其中該認證主機平台更包含有一店家金鑰模組,係與該授權店家確認模組及該交易密文產生模組相連接,用以產生或是取出一組對應交易資訊的店家金鑰。 For example, the authentication system using the dynamic ciphertext described in claim 10 , wherein the authentication host platform further includes a store key module, which is connected to the authorized store confirmation module and the transaction ciphertext generation module. A store key used to generate or retrieve a set of corresponding transaction information. 一種使用動態密文之認證方法,其認證方法為:消費者端於網路上、實體店面或是電子裝置上之內建之交易程式購物完成後,向店家端之授權店家交易平台提出結賬需求;再由授權店家交易平台向認證主機平台提出認證需求,並由消費者端傳送交易資訊至認證主機平台;於認證主機平台收到交易資訊後,藉由一店家金鑰對交易資訊進行加密為第一交易密文,並再透過網路傳送給授權店家交易平台;之後,授權店家交易平台收到第一交易密文後,將第一交易密文提供給消費者端之電子裝置; 而消費者端能夠使用內建之交易程式,取得本次交易之第一交易密文,並再使用消費者加密金鑰再次加密第一交密密文,以產生出一第二加密密文後,再將第二加密密文透過網路傳送給認證主機平台;最後,認證主機平台能夠藉由消費者加密金鑰解開第二加密密文,以取得第一加密密文,之後再利用店家金鑰解開第一加密密文,以取得交易資訊後,則由認證主機平台完成交易。 An authentication method using dynamic ciphertext, the authentication method is: after the consumer completes the shopping program built on the network, the physical storefront or the electronic device, the payment request is submitted to the authorized store transaction platform of the storefront; Then, the authorized store transaction platform proposes the authentication requirement to the authentication host platform, and the client transmits the transaction information to the authentication host platform; after the authentication host platform receives the transaction information, the transaction information is encrypted by a store key. Transmitting a ciphertext and then transmitting it to an authorized store trading platform through the network; after that, the authorized store trading platform receives the first transaction ciphertext and provides the first transaction ciphertext to the electronic device of the consumer; The consumer can use the built-in transaction program to obtain the first transaction ciphertext of the transaction, and then encrypt the first ciphertext again by using the consumer encryption key to generate a second encrypted ciphertext. And then transmitting the second encrypted ciphertext to the authentication host platform through the network; finally, the authentication host platform can unlock the second encrypted ciphertext by using the consumer encryption key to obtain the first encrypted ciphertext, and then use the store After the key unlocks the first encrypted ciphertext to obtain the transaction information, the transaction is completed by the authentication host platform. 如申請專利範圍第12項所述之使用動態密文之認證方法,其中店家端係為網路線上虛擬的店家端或是具有實體商店的店家端。 For example, the method for authenticating a ciphertext using the dynamic ciphertext described in claim 12 , wherein the storefront is a virtual storefront on a network line or a storefront with a physical store. 如申請專利範圍第12項所述之使用動態密文之認證方法,其中交易資訊係為交易時間、購物清單編號、店家端代號、認證模式或消費金額。 For example, the method for authenticating a ciphertext using the dynamic ciphertext described in claim 12 , wherein the transaction information is a transaction time, a shopping list number, a store-side code, an authentication mode, or a consumption amount. 如申請專利範圍第12項所述之使用動態密文之認證方法,其中第一交易密文及第二交易密文係為一次性使用,有時效性並且無法修改。 The authentication method using a dynamic application of the ciphertext patentable scope of item 12, wherein the first transaction and second transaction ciphertext ciphertext-based one-time use, timeliness and can not be modified. 如申請專利範圍第12項所述之使用動態密文之認證方法,其中第一交易密文提供給消費者端之電子裝置的形式係為條碼、圖形、影像、聲音、電波或近距離無線通訊(NFC)。 The method for authenticating a ciphertext using the dynamic ciphertext described in claim 12 , wherein the electronic device provided by the first transaction ciphertext to the consumer is in the form of bar code, graphics, video, sound, radio wave or short-range wireless communication. (NFC). 如申請專利範圍第12項所述之使用動態密文之認證方法,其中消費者加密金鑰係為通用唯一識別碼、國際行動設備識別碼、使用者密碼或使用者加密憑證。 The method for authenticating a ciphertext using the dynamic ciphertext described in claim 12 , wherein the consumer encryption key is a universal unique identifier, an international mobile device identifier, a user password, or a user encrypted credential. 如申請專利範圍第12項所述之使用動態密文之認證方法,其中認證主機平台能夠依據交易資訊比對傳送交易資訊之店家端是否為已授權店家,並產生或取出一組對應交易資訊的店家金鑰。 For example, the method for authenticating a ciphertext using the dynamic ciphertext described in claim 12 , wherein the authentication host platform can compare whether the storefront of the transaction information is an authorized store according to the transaction information, and generate or retrieve a set of corresponding transaction information. Store key.
TW102112968A 2013-04-12 2013-04-12 Authentication system using dynamic ciphertext and method thereof TW201439934A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW102112968A TW201439934A (en) 2013-04-12 2013-04-12 Authentication system using dynamic ciphertext and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW102112968A TW201439934A (en) 2013-04-12 2013-04-12 Authentication system using dynamic ciphertext and method thereof

Publications (2)

Publication Number Publication Date
TW201439934A true TW201439934A (en) 2014-10-16
TWI514296B TWI514296B (en) 2015-12-21

Family

ID=52113844

Family Applications (1)

Application Number Title Priority Date Filing Date
TW102112968A TW201439934A (en) 2013-04-12 2013-04-12 Authentication system using dynamic ciphertext and method thereof

Country Status (1)

Country Link
TW (1) TW201439934A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110414192A (en) * 2019-06-14 2019-11-05 伊格拉斯控股有限公司 Keyholed back plate system and method applied to safe manufacturing

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107274183B (en) * 2017-03-21 2020-05-22 中国银联股份有限公司 Transaction verification method and system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101098225B (en) * 2006-06-29 2012-07-25 中国银联股份有限公司 Safety data transmission method and paying method, paying terminal and paying server
US20100027786A1 (en) * 2008-02-14 2010-02-04 Patrick Faith Dynamic encryption authentication
TWI588761B (en) * 2010-12-28 2017-06-21 li-he Yao Wireless secure transaction payment system and its method
TWI442332B (en) * 2011-03-17 2014-06-21 Dynamic password authentication system and method for trading

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110414192A (en) * 2019-06-14 2019-11-05 伊格拉斯控股有限公司 Keyholed back plate system and method applied to safe manufacturing
CN110414192B (en) * 2019-06-14 2023-09-26 尚承科技股份有限公司 Control and management system and method applied to safety manufacture

Also Published As

Publication number Publication date
TWI514296B (en) 2015-12-21

Similar Documents

Publication Publication Date Title
WO2015161699A1 (en) Secure data interaction method and system
JP6117317B2 (en) Non-repudiation method, settlement management server for this, and user terminal
JP2022508010A (en) Systems and methods for cryptographic authentication of non-contact cards
US8601268B2 (en) Methods for securing transactions by applying crytographic methods to assure mutual identity
US20130311382A1 (en) Obtaining information for a payment transaction
US20130054473A1 (en) Secure Payment Method, Mobile Device and Secure Payment System
WO2019050527A1 (en) System and method for generating trust tokens
US20150066778A1 (en) Digital card-based payment system and method
US20130308778A1 (en) Secure registration of a mobile device for use with a session
KR20150036512A (en) Method to send payment data through various air interfaces without compromising user data
TWI591553B (en) Systems and methods for mobile devices to trade financial documents
KR101702748B1 (en) Method, system and recording medium for user authentication using double encryption
WO2015161690A1 (en) Secure data interaction method and system
CN103944736A (en) Data security interactive method
CN103942687A (en) Data security interactive system
CN103942688A (en) Data security interactive system
JP2022501872A (en) Systems and methods for cryptographic authentication of non-contact cards
CN103942690A (en) Data security interactive system
CN103944729A (en) Data security interactive method
US20130061051A1 (en) Method for authenticating electronic transaction, server, and terminal
JP2022501871A (en) Systems and methods for cryptographic authentication of non-contact cards
JP2022501861A (en) Systems and methods for cryptographic authentication of non-contact cards
CN103944728A (en) Data security interactive system
CN101944216A (en) Two-factor online transaction safety authentication method and system
CN103944735A (en) Data security interactive method