TW201824130A - System for opening account and applying mobile banking account online and method thereof - Google Patents
System for opening account and applying mobile banking account online and method thereof Download PDFInfo
- Publication number
- TW201824130A TW201824130A TW105143955A TW105143955A TW201824130A TW 201824130 A TW201824130 A TW 201824130A TW 105143955 A TW105143955 A TW 105143955A TW 105143955 A TW105143955 A TW 105143955A TW 201824130 A TW201824130 A TW 201824130A
- Authority
- TW
- Taiwan
- Prior art keywords
- data
- client
- voucher
- server
- mobile banking
- Prior art date
Links
Landscapes
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
Description
一種數位帳戶開戶系統及其方法,特別係指一種於線上完成開戶並申請行動銀行之系統及其方法。A digital account opening system and method thereof, in particular, a system and method for completing an account opening online and applying for a mobile banking.
近年來,由於通訊及網路相關產業的高度發展,人們對各項產業電子化與行動化的要求日益升高,而金融業在這方面的改進亦不落人後,除了提供網路銀行之外,也提供行動銀行的服務,使得使用者可以使用電腦、智慧型手機等各式的電子裝置,通過網際網路來登入網路銀行或行動銀行,藉以直接在網路上進行查帳、轉帳、繳費、外匯兌換、匯款等金融交易。如此,使用者不但不需要攜帶金融卡,甚至根本不需要離開所在位置,即可完成所需的金融交易。In recent years, due to the high development of communication and network-related industries, people are increasingly demanding the electronic and mobileization of various industries, and the improvement of the financial industry in this respect is not lost, except for the provision of online banking. In addition, it also provides mobile banking services, allowing users to use a computer, smart phone and other electronic devices to log in to online banking or mobile banking via the Internet, so that they can directly check and transfer funds on the Internet. Financial transactions such as payment, foreign exchange, and remittance. In this way, users not only do not need to carry a financial card, or even need to leave their location, they can complete the required financial transactions.
然而,要使用網路銀行或行動銀行,先決條件是要有實體帳戶或數位帳戶。不過,不論是實體帳戶或數位帳戶,目前銀行端的做法都是要求使用者臨櫃申請。但銀行的營業時間往往與使用者的上班時間重疊,使用者並不方便臨櫃開戶,進而無法使用網路銀行或行動銀行。However, to use online banking or mobile banking, the prerequisite is to have a physical account or a digital account. However, whether it is a physical account or a digital account, the current bank-side approach requires users to apply. However, the business hours of banks often overlap with the working hours of users, and users are not convenient to open accounts, so they cannot use online banking or mobile banking.
綜上所述,可知先前技術中長期以來一直存在需要臨櫃才能開戶並使用線上銀行的問題,因此有必要提出改進的技術手段,來解決此一問題。In summary, it can be seen that in the prior art, there has been a long-standing problem that it is necessary to open a cabinet to open an account and use an online bank. Therefore, it is necessary to propose an improved technical means to solve this problem.
有鑒於先前技術存在需要臨櫃才能開戶並使用線上銀行的問題,本發明遂揭露一種於線上完成開戶並申請行動銀行之系統及其方法,其中:In view of the prior art, there is a need to open an account to open an account and use online banking. The present invention discloses a system and method for completing an account opening and applying for a mobile banking on-line, wherein:
本發明所揭露之於線上完成開戶並申請行動銀行之系統,至少包含:第一客戶端,用以提供輸入開戶註冊資料及識別資料,其中開戶註冊資料包含檢核資料及登入資料;網路銀行伺服器,提供第一客戶端連接,用以接收第一客戶端所傳送之開戶註冊資料及識別資料;憑證管理中心;銀行後台伺服器,提供網路銀行伺服器連接,用以接收網路銀行伺服器所傳送之開戶註冊資料及識別資料,並驗證識別資料,及用以於識別資料通過驗證後,依據開戶註冊資料完成開戶程序;第二客戶端,用以提供輸入憑證申請資料,其中憑證申請資料包含驗證資料;行動銀行伺服器,與銀行後台伺服器及憑證管理中心連接,並提供第二客戶端連接,用以接收第二客戶端所傳送之憑證申請資料,並於銀行後台伺服器判斷驗證資料與檢核資料相符時,傳送憑證申請資料至憑證管理中心,使憑證管理中心依據憑證申請資料申請與第二客戶端對應之交易憑證,並透過行動銀行伺服器傳送交易憑證至第二客戶端,及用以傳送簽署資料至第二客戶端,並接收第二客戶端使用交易憑證對簽署資料進行簽章所產生之資料簽章,及透過憑證管理中心驗證資料簽章,並於資料簽章通過驗證時依完成行動銀行之註冊程序。The system disclosed in the present invention for completing an account opening and applying for a mobile banking includes at least: a first client for providing input account registration information and identification data, wherein the account opening registration information includes checking data and login data; and online banking The server provides a first client connection for receiving the account registration data and identification data transmitted by the first client; a credential management center; a bank server, providing an online banking server connection for receiving the online banking The account registration data and identification data transmitted by the server, and verify the identification data, and after the verification data is verified, the account opening procedure is completed according to the account opening registration data; the second client is used to provide the input document application information, wherein the certificate The application data includes verification data; the mobile banking server is connected to the bank server and the credential management center, and provides a second client connection for receiving the voucher application data transmitted by the second client, and is in the bank server. When judging that the verification data is consistent with the verification data, the document application information is transmitted to The management center enables the voucher management center to apply for the transaction voucher corresponding to the second client according to the voucher application data, and transmits the transaction voucher to the second client through the mobile banking server, and transmits the signing information to the second client, and Receiving the data signature generated by the second client using the transaction voucher to sign the signed data, and verifying the data signature through the voucher management center, and completing the registration procedure of the mobile bank when the data signature is verified.
本發明所揭露之於線上完成開戶並申請行動銀行之方法,其步驟至少包括:第一客戶端連線至網路銀行伺服器;第一客戶端提供輸入開戶註冊資料及識別資料,其中開戶註冊資料包含檢核資料及登入資料;第一客戶端傳送識別資料及開戶註冊資料至網路銀行伺服器;網路銀行伺服器傳送識別資料及開戶註冊資料至銀行後台伺服器;銀行後台伺服器驗證識別資料,並於識別資料通過驗證時,依據開戶註冊資料完成開戶程序;第二客戶端使用登入資料登入行動銀行伺服器;第二客戶端提供輸入憑證申請資料,並傳送憑證申請資料至行動銀行伺服器,其中憑證申請資料包含驗證資料;行動銀行伺服器透過銀行後台伺服器判斷驗證資料與檢核資料相符時,傳送憑證申請資料至憑證管理中心;憑證管理中心依據憑證申請資料申請與第二客戶端對應之交易憑證,並透過行動銀行伺服器傳送交易憑證給第二客戶端;行動銀行伺服器傳送簽署資料至第二客戶端;第二客戶端使用交易憑證對簽署資料進行簽章以產生資料簽章,並傳送資料簽章至行動銀行伺服器;行動銀行伺服器透過憑證管理中心驗證資料簽章,並於資料簽章通過驗證時完成行動銀行之註冊程序。The method disclosed in the present invention for completing an account opening and applying for a mobile banking includes at least: the first client is connected to an online banking server; and the first client provides input account opening registration information and identification data, wherein the account opening registration is performed. The information includes the check data and the login data; the first client transmits the identification data and the account registration data to the online banking server; the online banking server transmits the identification data and the account registration data to the bank server; the bank server server verifies Identify the data, and when the identification data passes the verification, complete the account opening procedure according to the account opening registration data; the second client uses the login data to log in to the mobile banking server; the second client provides the input voucher application data, and transmits the voucher application information to the mobile bank The server, wherein the voucher application data includes verification data; when the mobile banking server judges that the verification data and the verification data are consistent by the bank background server, the voucher application data is transmitted to the voucher management center; the voucher management center applies and the second application according to the voucher application data. Transaction certificate corresponding to the client And transmitting the transaction voucher to the second client through the mobile banking server; the mobile banking server transmits the signing information to the second client; the second client uses the transaction voucher to sign the signed data to generate the data signature and transmit the data Signing to the mobile banking server; the mobile banking server verifies the data signature through the voucher management center and completes the mobile banking registration process when the data signature is verified.
本發明所揭露之系統與方法如上,與先前技術之間的差異在於本發明透過第一客戶端可以透過網路銀行伺服器將識別資料與開戶註冊資料傳送至銀行後台伺服器,銀行後台伺服器可以在識別資料通過驗證後,依據開戶註冊資料完成帳戶開戶程序,行動銀行伺服器可以在透過銀行後台伺服器驗證第二客戶端所傳送的驗證資料後,傳送憑證申請資料至憑證管理中心,憑證管理中心可以申請交易憑證並將申請到之交易憑證透過行動銀行伺服器傳送到第二客戶端,第二客戶端可以使用交易憑證對行動銀行所傳送的簽署資料簽章後,傳送到資料簽章行動銀行伺服器,行動銀行伺服器可以在透過銀行後台伺服器驗證資料簽章後,完成行動銀行的註冊程序,藉以解決先前技術所存在的問題,並可以達成讓帳戶所有人線上開戶並申請行動銀行帳號的技術功效。The system and method disclosed in the present invention are as above, and the difference between the prior art and the prior art is that the first client can transmit the identification data and the account opening registration data to the bank background server through the online banking server, and the bank background server After the identification data is verified, the account opening procedure can be completed according to the account opening registration data, and the mobile banking server can transmit the voucher application data to the voucher management center after verifying the verification data transmitted by the second client through the bank background server. The management center may apply for the transaction voucher and transmit the requested transaction voucher to the second client through the mobile banking server. The second client may use the transaction voucher to sign the signed information transmitted by the mobile bank and then transmit the signature to the data signature. The mobile banking server, the mobile banking server can complete the mobile banking registration process after verifying the data signature through the bank back-end server, so as to solve the problems existing in the prior art, and can achieve the account opening and online application for the account owner. The technical effect of the bank account.
以下將配合圖式及實施例來詳細說明本發明之特徵與實施方式,內容足以使任何熟習相關技藝者能夠輕易地充分理解本發明解決技術問題所應用的技術手段並據以實施,藉此實現本發明可達成的功效。The features and embodiments of the present invention will be described in detail below with reference to the drawings and embodiments, which are sufficient to enable those skilled in the art to fully understand the technical means to which the present invention solves the technical problems, and The achievable effects of the present invention.
本發明提供使用者在網路銀行伺服器上完成身份確認後,操作行動裝置申請交易憑證,藉以使用行動裝置在行動銀行伺服器中完成開戶作業。The invention provides a user to apply for a transaction voucher after completing the identity confirmation on the online banking server, thereby using the mobile device to complete the account opening operation in the mobile banking server.
以下先以「第1圖」本發明所提之於線上完成開戶並申請行動銀行之系統架構圖來說明本發明的系統運作。如「第1圖」所示,本發明之系統含有第一客戶端110、網路銀行伺服器120、銀行後台伺服器130、憑證管理中心150、第二客戶端160、以及行動銀行伺服器170。In the following, the system operation of the present invention will be described with reference to the system architecture diagram of the present invention for completing the account opening and applying for the mobile banking. As shown in FIG. 1, the system of the present invention includes a first client 110, an online banking server 120, a bank server 130, a credential management center 150, a second client 160, and a mobile banking server 170. .
本發明所提之客戶端(包含第一客戶端110與第二客戶端160)為一種計算設備。計算設備可以包含但不限於一個或多個處理器、記憶體模組、以及連接不同元件(包括記憶體模組和處理器)的匯流排等。本發明所提之各種伺服器或主機(包含網路銀行伺服器120、銀行後台伺服器130、行動銀行伺服器170等)都可以使用計算設備的形式表現。The client (including the first client 110 and the second client 160) of the present invention is a computing device. The computing device can include, but is not limited to, one or more processors, memory modules, and bus bars that connect different components, including memory modules and processors. The various servers or hosts (including the online banking server 120, the bank backend server 130, the mobile banking server 170, etc.) of the present invention can all be represented in the form of computing devices.
本發明所提之計算設備的處理器與匯流排耦接。處理器包含暫存器(Register)組或暫存器空間,暫存器組或暫存器空間可以完全的在處理晶片上,或可替代地完全或部分在處理晶片外並經由專用電氣連接及/或經由匯流排直接耦接至處理器。處理器可為處理單元、微處理器或任何合適的處理元件。客戶端也可以是多處理器設備,因此客戶端也可以包含一個或多個另外的處理器,這些處理器都相同或類似,且透過匯流排耦接與通訊。The processor of the computing device of the present invention is coupled to the bus bar. The processor includes a register group or a scratchpad space, and the register bank or scratchpad space may be entirely on the processing wafer, or alternatively wholly or partially outside the processing wafer and via a dedicated electrical connection and / or directly coupled to the processor via the bus. The processor can be a processing unit, a microprocessor, or any suitable processing element. The client can also be a multi-processor device, so the client can also contain one or more additional processors that are identical or similar and that are coupled and communicated via the bus.
計算設備的處理器被耦接至晶片組。晶片組是由一個或多個積體電路(IC)組成,包含記憶體控制器以及週邊輸出入(I/O)控制器。晶片組通常提供了輸出入和記憶體管理功能、以及提供多個通用及/或專用暫存器、計時器等,其中,上述之通用及/或專用暫存器與計時器可以讓耦接至晶片組的一個或多個處理器存取或使用。另外,記憶體控制器以及週邊輸出入控制器可以包含在一個積體電路內,也可以使用兩個或更多的積體電路實現。A processor of the computing device is coupled to the chip set. A chipset consists of one or more integrated circuits (ICs) that contain a memory controller and a peripheral input/output (I/O) controller. The chipset typically provides input and memory management functions, as well as providing a plurality of general purpose and/or dedicated registers, timers, etc., wherein the general purpose and/or dedicated registers and timers are coupled to One or more processors of the chipset access or use. In addition, the memory controller and the peripheral input/output controller may be included in one integrated circuit, or may be implemented using two or more integrated circuits.
處理器可以透過記憶體控制器存取記憶體模組和大容量儲存區中的資料,例如,記憶體控制器可以存取包含快取記憶體、或硬碟機中的資料。上述之記憶體模組包含任何類型的揮發性記憶體(volatile memory)及/或非揮發性(non-volatile memory, NVRAM)記憶體,例如靜態隨機存取記憶體(SRAM)、動態隨機存取記憶體(DRAM)、快閃記憶體(Flash)、唯讀記憶體(ROM)等。上述之大容量儲存區可以包含任何類型的儲存裝置,例如,硬碟機、光碟、磁帶機、隨身碟(快閃記憶體)、固態硬碟(Solid State Disk, SSD)、或任何其他儲存裝置等。The processor can access the memory module and the data in the large-capacity storage area through the memory controller. For example, the memory controller can access the data contained in the cache memory or the hard disk drive. The above memory module includes any type of volatile memory and/or non-volatile memory (NVRAM) memory, such as static random access memory (SRAM), dynamic random access. Memory (DRAM), flash memory (Flash), read-only memory (ROM), etc. The mass storage area described above may include any type of storage device, such as a hard disk drive, a compact disc, a tape drive, a flash drive (flash memory), a solid state disk (SSD), or any other storage device. Wait.
處理器也可以透過週邊輸出入控制器經由週邊輸出入匯流排與週邊輸出入設備、無線通訊介面,有線通訊介面、以及GPS接收器等週邊設備或介面通訊。週邊輸出入設備可以是任何類型的輸出入設備,例如鍵盤、滑鼠、軌跡球、觸控板、搖桿、顯示器、印表機等。無線通訊介面可以包含支援Wi-Fi等無線網路、藍牙、紅外線、近場通訊(NFC)、行動通訊網路或其他無線資料傳輸協定的介面。有線通訊介面可例如為乙太網路設備、非同步傳輸模式(ATM)設備、DSL數據機、纜線(Cable)數據機等。處理器可以週期性地輪詢(polling)各種週邊設備與介面,使得客戶端能夠進行資料的輸入與輸出,也能夠與具有上述描述之元件的另一個計算設備進行通訊。The processor can also communicate with peripheral devices or interfaces such as a peripheral device such as a peripheral device, a wireless communication interface, a wired communication interface, and a GPS receiver through a peripheral output/input controller via a peripheral output/input bus. The peripheral output device can be any type of input and output device, such as a keyboard, a mouse, a trackball, a trackpad, a joystick, a display, a printer, and the like. The wireless communication interface can include an interface that supports wireless networks such as Wi-Fi, Bluetooth, infrared, near field communication (NFC), mobile communication networks, or other wireless data transfer protocols. The wired communication interface can be, for example, an Ethernet device, an asynchronous transfer mode (ATM) device, a DSL modem, a cable modem, or the like. The processor can periodically poll various peripheral devices and interfaces to enable the client to input and output data, as well as to communicate with another computing device having the components described above.
計算設備的匯流排可以包含一種或多個類型,例如包含資料匯流排(data bus)、位址匯流排(address bus)、控制匯流排(control bus)、擴充功能匯流排(expansion bus)、及/或局域匯流排(local bus)等類型的匯流排。計算設備的匯流排包括但不限於並列的工業標準架構(ISA)匯流排、週邊元件互連(PCI)匯流排、視頻電子標準協會(VESA)局域匯流排、以及串列的通用序列匯流排(USB)、快速週邊元件互連(PCI-E)匯流排等。The busbar of the computing device can include one or more types, such as a data bus, an address bus, a control bus, an expansion bus, and / or a bus such as a local bus. Busbars for computing devices include, but are not limited to, side-by-side industry standard architecture (ISA) busses, peripheral component interconnect (PCI) busses, video electronic standards associations (VESA) local busses, and tandem universal sequence busses (USB), Fast Peripheral Component Interconnect (PCI-E) bus, etc.
第一客戶端110為具有資料處理功能與通訊功能的裝置,包含但不限於電視、個人電腦、筆記型電腦、手機、平板、導航裝置、多媒體播放機、電子書閱讀器、電子字典、車用電腦、電視遊樂器等。The first client 110 is a device having data processing functions and communication functions, including but not limited to televisions, personal computers, notebook computers, mobile phones, tablets, navigation devices, multimedia players, e-book readers, electronic dictionaries, and automobiles. Computers, TV games, etc.
第一客戶端110負責提供輸入開戶註冊資料。第一客戶端110提供輸入的開戶註冊資料包含用來判斷行動銀行使用者身份的檢核資料以及登入行動銀行的登入資料。開戶註冊資料除了包含檢核資料與登入資料外,也可以包含開戶人的個人資料。其中,上述之個人資料包含但不限於姓名、出生日期、手機號碼、電子郵件帳號、身分證影像、第二證件影像等,本發明所提之檢核資料可以由任意數量的文字、數字、符號等字符任意排列而成,本發明並沒有特別的限制,本發明所提之登入資料可以包含帳號或密碼,本發明亦沒有特別的限制。The first client 110 is responsible for providing input account opening registration information. The account opening registration information provided by the first client 110 includes the check information used to determine the identity of the mobile banking user and the login information of the login mobile bank. The account opening registration data may include the personal data of the account holder in addition to the check information and the login data. The personal data mentioned above includes, but is not limited to, a name, a date of birth, a mobile phone number, an email account, an identity card image, a second document image, etc., and the verification data provided by the present invention may be any number of characters, numbers, symbols. The present invention is not limited in any way, and the login information provided by the present invention may include an account number or a password, and the present invention is not particularly limited.
第一客戶端110也負責提供輸入識別資料。第一客戶端110可以透過連接線或匯流排與讀卡機(圖中未示)連接,並透過讀卡機連接硬體載具111,以及透過讀卡機讀取硬體載具111所記錄的識別資料。本發明所提之硬體載具為記錄足以驗證持有者之身份的物品,例如可以進行密碼驗證的金融卡、自然人憑證、或是透過簡訊驗證的信用卡等,但本發明並不以此為限。第一客戶端110也可以使用數位憑證對開戶註冊資料進行簽章以產生識別資料,其中,本發明所提之數位憑證可以是FXML憑證、或金融憑證等。The first client 110 is also responsible for providing input identification information. The first client 110 can be connected to a card reader (not shown) through a connection line or a bus bar, and connected to the hardware carrier 111 through the card reader, and read by the hardware carrier 111 through the card reader. Identification data. The hardware carrier of the present invention records an item sufficient to verify the identity of the holder, such as a financial card that can perform password verification, a natural person certificate, or a credit card verified by a short message, but the present invention does not limit. The first client 110 may also use the digital certificate to sign the account opening registration data to generate the identification data, wherein the digital certificate provided by the present invention may be an FXML certificate, a financial certificate or the like.
第一客戶端110也與網路銀行伺服器120連接,並負責將提供輸入的開戶註冊資料以及識別資料傳送到網路銀行伺服器120。在部分的實施例中,第一客戶端110也可以接收網路銀行伺服器120所傳送的通知訊息。第一客戶端110接收之銀行後台伺服器130所傳送的通知訊息通常可以包含註冊成功的訊息,另外,通知訊息也可能包含提供進行金融交易之應用程式(以下將以「交易應用程式」的描述表示)的下載鏈結或下載方法,但本發明並不以此為限。The first client 110 is also connected to the online banking server 120 and is responsible for transmitting the account opening registration information and identification data provided for the input to the online banking server 120. In some embodiments, the first client 110 can also receive the notification message transmitted by the online banking server 120. The notification message transmitted by the bank server 130 received by the first client 110 may generally include a message of successful registration. In addition, the notification message may also include an application for providing a financial transaction (hereinafter referred to as a "transaction application". The download link or download method is indicated, but the invention is not limited thereto.
網路銀行伺服器120提供第一客戶端160連接,並與銀行後台伺服器130連接。網路銀行伺服器120負責接收第一客戶端110所傳送的識別資料以及開戶註冊資料。網路銀行伺服器120也負責將所接收到的識別資料以及開戶註冊資料傳送到銀行後台伺服器130。The online banking server 120 provides a connection to the first client 160 and is coupled to the bank backend server 130. The online banking server 120 is responsible for receiving the identification data transmitted by the first client 110 and the account opening registration data. The online banking server 120 is also responsible for transmitting the received identification data and the account opening registration data to the bank backend server 130.
銀行後台伺服器130負責接收網路銀行伺服器120所傳送的識別資料與開戶註冊資料,也負責驗證所接收到的識別資料。一般而言,銀行後台伺服器130可以對識別資料進行押碼驗證,或透過憑證管理中心150對識別資料進行驗證,但本發明並不以此為限。The bank backend server 130 is responsible for receiving the identification data and the account opening registration data transmitted by the online banking server 120, and is also responsible for verifying the received identification data. In general, the bank server 130 can perform the code verification on the identification data or verify the identification data through the certificate management center 150, but the invention is not limited thereto.
銀行後台伺服器130也負責在網路銀行伺服器120所傳送的識別資料通過驗證時,依據網路銀行伺服器120所傳送的開戶註冊資料完成實體帳戶及/或數位帳戶的開戶程序。例如,銀行後台伺服器130可以由開戶註冊資料中讀出各項資料,再將所讀出的資料儲存為一筆或多筆記錄,同時在需要時執行預定的業務(business)邏輯,藉以完成開戶程序。The bank backend server 130 is also responsible for completing the account opening procedure of the entity account and/or the digital account according to the account opening registration data transmitted by the online banking server 120 when the identification data transmitted by the online banking server 120 is verified. For example, the bank background server 130 may read each item of information from the account opening registration data, and then store the read data as one or more records, and execute predetermined business logic when needed to complete the account opening. program.
在部分的實施例中,銀行後台伺服器130也可以在網路銀行伺服器120所傳送的識別資料通過驗證時,產生通知訊息並將所產生的通知訊息傳送給第一客戶端110及/或第二客戶端160。銀行後台伺服器130可以依據網路銀行伺服器120所傳送之開戶註冊資料中的手機號碼、即時通訊帳號、電子郵件地址等資料透過簡訊、即時通訊、電子郵件等方式傳送通知訊息給第一客戶端110及/或第二客戶端160,但本發明並不以此為限。In some embodiments, the bank server 130 may also generate a notification message and transmit the generated notification message to the first client 110 and/or when the identification data transmitted by the online banking server 120 is verified. The second client 160. The bank server 130 can transmit the notification message to the first client via SMS, instant messaging, email, etc. according to the mobile phone number, instant messaging account, email address and the like in the account registration data transmitted by the online banking server 120. End 110 and/or second client 160, but the invention is not limited thereto.
銀行後台伺服器130也負責接收行動銀行伺服器170所傳送的登入資料以及驗證資料。銀行後台伺服器130負責判斷行動銀行伺服器170所傳送的登入資料是否與網路銀行伺服器120所傳送之開戶註冊資料中的檢核資料相符,並在判斷後產生相對應的判斷結果,並將所產生的判斷結果傳回行動銀行伺服器170。相似的,銀行後台伺服器130也負責比對接收自行動銀行伺服器170的驗證資料以及接收自網路銀行伺服器120之開戶註冊資料中的檢核資料是否相符,並在比對後產生相對應的比對結果,並將所產生的比對結果傳回行動銀行伺服器170。The bank backend server 130 is also responsible for receiving the login data and verification data transmitted by the mobile banking server 170. The bank background server 130 is responsible for determining whether the login data transmitted by the mobile banking server 170 matches the verification data in the account registration data transmitted by the online banking server 120, and generates a corresponding judgment result after the judgment, and The generated judgment result is transmitted back to the mobile banking server 170. Similarly, the bank backend server 130 is also responsible for comparing the verification data received from the mobile banking server 170 with the verification data received from the online banking server 120, and generating the correlation after the comparison. Corresponding alignment results are passed and the resulting comparison results are passed back to the mobile banking server 170.
憑證管理中心可以與銀行後台伺服器130、行動銀行伺服器連接。憑證管理中心150可以包含一個或多個伺服器或計算設備,藉以進行交易憑證的申請、展延、密碼變更等作業,並進行資料簽章的驗證。在部分的實施例中,憑證管理中心150可以包含憑證註冊主機(Registration Authority, RA)151及/或憑證驗證主機152。The credential management center can be connected to the bank backend server 130 and the mobile banking server. The voucher management center 150 may include one or more servers or computing devices for performing transaction voucher application, extension, password change, etc., and verifying the data signature. In some embodiments, the credential management center 150 can include a credential registration authority (RA) 151 and/or a credential verification host 152.
憑證管理中心150負責依據行動銀行伺服器170所傳送的憑證申請資料申請與第二客戶端160對應的交易憑證,並將所申請到的交易憑證透過行動銀行伺服器170傳送到第二客戶端160。一般而言,憑證管理中心150可以透過所包含之憑證註冊主機151由接收到之憑證申請資料中讀出必需的資料,並將所讀出的資料傳送到憑證發布中心(Certificate Authority, CA)180申請交易憑證,以及接收憑證發布中心180簽署並傳回的交易憑證。The voucher management center 150 is responsible for requesting the transaction voucher corresponding to the second client 160 according to the voucher application data transmitted by the action banking server 170, and transmitting the applied transaction voucher to the second client 160 through the mobile banking server 170. . In general, the voucher management center 150 can read the necessary information from the received voucher application data through the included voucher registration host 151, and transmit the read data to a certificate authority (CA) 180. The transaction voucher is applied, and the transaction voucher signed and returned by the voucher publishing center 180 is received.
在部分的實施例中,憑證管理中心150可以接收第二客戶端160透過行動銀行伺服器170所傳送的憑證密碼,並依據所接收到的憑證密碼加密與第二客戶端160對應的交易憑證,再將經過加密的交易憑證透過行動銀行伺服器170傳送給第二客戶端160。其中,本發明所提的交易密碼可以由任意數量的字母、數字、符號等字符任意排列而成,本發明並沒有特別的限制。In some embodiments, the credential management center 150 may receive the credential password transmitted by the second client 160 through the mobile banking server 170, and encrypt the transaction credential corresponding to the second client 160 according to the received credential password. The encrypted transaction credentials are then transmitted to the second client 160 via the mobile banking server 170. The transaction password provided by the present invention may be arbitrarily arranged by any number of characters such as letters, numbers, symbols, etc., and the present invention is not particularly limited.
憑證管理中心150也可以接收行動銀行伺服器170所傳送的資料簽章,並驗證所接收到的資料簽章。憑證管理中心150也可以產生資料簽章的驗證結果,並將所產生的驗證結果傳回行動銀行伺服器170。一般而言,憑證管理中心150可以透過憑證驗證主機152驗證所接收到的資料簽章並產生相對應的驗證結果,但本發明並不以此為限。The credential management center 150 can also receive the data signature transmitted by the mobile banking server 170 and verify the received data signature. The credential management center 150 may also generate a verification result of the data signature and transmit the generated verification result back to the mobile banking server 170. In general, the credential management center 150 can verify the received data signature through the credential verification host 152 and generate a corresponding verification result, but the invention is not limited thereto.
在部分的實施例中,憑證管理中心150可以接收行動銀行伺服器170所傳送之第二客戶端160的裝置識別資料,並可以在接收自憑證發布中心180的交易憑證加入第二客戶端160的裝置識別資料,使第二客戶端160的裝置識別資料成為交易憑證中的裝置確認資料。憑證管理中心150也可以接收行動銀行伺服器170在傳送資料簽章時一併傳送的裝置識別資料,並在驗證資料簽章時,比對與第二客戶端160對應之交易憑證中的裝置確認資料以及行動銀行伺服器170所傳送的裝置識別資料是否相符,若不相符,則表示資料簽章沒有通過驗證。其中,第二客戶端160的裝置識別資料為專屬於第二客戶端160,可以用來識別第二客戶端160的資料,包含但不限於第二客戶端160的出廠序號、第二客戶端160中之一個或多個元件的序號、第二客戶端160的網路卡號、憑證管理中心150提供給第二客戶端160的識別碼等。In some embodiments, the credential management center 150 may receive the device identification data of the second client 160 transmitted by the mobile banking server 170, and may join the second client 160 at the transaction credential received from the credential issuing center 180. The device identifies the data so that the device identification data of the second client 160 becomes the device confirmation data in the transaction voucher. The voucher management center 150 can also receive the device identification data transmitted by the mobile banking server 170 when transmitting the data signature, and compare the device identification in the transaction voucher corresponding to the second client 160 when verifying the data signature. The data and the device identification data transmitted by the mobile banking server 170 are consistent. If they do not match, it indicates that the data signature has not been verified. The device identification data of the second client 160 is specific to the second client 160, and can be used to identify the data of the second client 160, including but not limited to the factory serial number of the second client 160, and the second client 160. The serial number of one or more components, the network card number of the second client 160, the identification code provided by the credential management center 150 to the second client 160, and the like.
另外,憑證管理中心150也可以在驗證所接收到的資料簽章前,先連線至憑證發布中心180查詢第二客戶端160所具有之交易憑證的憑證狀態,並在憑證狀態表示交易憑證有效時,再驗證資料簽章,若憑證狀態表示交易憑證無效,例如已過期等,憑證管理中心150可以不驗證資料簽章而產生驗證失敗的驗證結果。In addition, the voucher management center 150 may also connect to the voucher issuing center 180 to query the voucher status of the transaction voucher possessed by the second client 160 before verifying the received data signature, and indicate that the transaction voucher is valid in the voucher status. At the same time, the data signature is re-verified. If the voucher status indicates that the transaction voucher is invalid, for example, has expired, the voucher management center 150 may generate a verification result of the verification failure without verifying the data signature.
第二客戶端160亦為具有資料處理功能與通訊功能的裝置,包含但不限於筆記型電腦、手機、平板、導航裝置、電子書閱讀器、電子字典、車用電腦、隨身聽、掌上型遊樂器等。The second client 160 is also a device with data processing function and communication function, including but not limited to a notebook computer, a mobile phone, a tablet, a navigation device, an e-book reader, an electronic dictionary, a car computer, a walkman, a palm-type amusement device. And so on.
第二客戶端160可以與行動銀行伺服器170連接,並使用第一客戶端110提供輸入之開戶註冊資料中的登入資料登入行動銀行伺服器170。第二客戶端160也可以接收網路銀行伺服器120或行動銀行伺服器170直接或間接傳送的通知訊息,並可以依據網路銀行伺服器120或行動銀行伺服器170所傳送的通知訊息與行動網路銀行170連線。例如,第二客戶端160可以依據通知訊息下載並安裝交易應用程式,並在執行交易應用程式後透過交易應用程式連線到憑證管理中心150 。The second client 160 can be connected to the mobile banking server 170 and log into the mobile banking server 170 using the login information in the incoming account registration data provided by the first client 110. The second client 160 can also receive the notification message directly or indirectly transmitted by the online banking server 120 or the mobile banking server 170, and can follow the notification message and action transmitted by the online banking server 120 or the mobile banking server 170. Internet Banking 170 is connected. For example, the second client 160 can download and install the transaction application according to the notification message, and connect to the voucher management center 150 through the transaction application after executing the transaction application.
第二客戶端160負責提供輸入憑證申請資料。本發明所提的憑證申請資料可以包含用來驗證行動銀行使用者之身份的驗證資料。在部分的實施例中,憑證申請資料也可以包含申請交易憑證所需要的申請人資料。其中,驗證資料可以由任意數量的文字、數字、符號等字符任意排列而成,本發明並沒有特別的限制,而申請人資料可以包含姓名、出生日期、手機號碼、電子郵件地址等,但本發明並不以此為限。The second client 160 is responsible for providing input voucher application materials. The voucher application data provided by the present invention may include verification data for verifying the identity of the mobile banking user. In some embodiments, the voucher application information may also include applicant information required to apply for the voucher. The verification data may be arbitrarily arranged by any number of characters, numbers, symbols, etc., and the invention is not particularly limited, and the applicant information may include a name, a date of birth, a mobile phone number, an email address, etc., but The invention is not limited to this.
第二客戶端160也負責將被輸入的憑證申請資料傳送至行動銀行伺服器170。第二客戶端160也可以將裝置識別資料連同憑證申請資料一併傳送到行動銀行伺服器170。在部分的實施例中,第二客戶端160可以執行交易應用程式,交易應用程式可以顯示憑證申請資料的輸入介面(圖中未示),並將被輸入的憑證申請資料傳送到行動銀行伺服器170,藉以進行交易憑證的申請,同時交易應用程式也可以取得第二客戶端160的裝置識別資料,並連同被輸入的憑證申請資料一併將所取得之第二客戶端160的裝置識別資料傳送到行動銀行伺服器170。The second client 160 is also responsible for transmitting the entered voucher application data to the mobile banking server 170. The second client 160 can also transmit the device identification data along with the voucher application data to the mobile banking server 170. In some embodiments, the second client 160 can execute a transaction application, and the transaction application can display an input interface (not shown) of the voucher application data, and transmit the input voucher application data to the mobile banking server. 170. The application for the transaction voucher is performed, and the transaction application can also obtain the device identification data of the second client 160, and send the device identification data of the obtained second client 160 together with the input voucher application data. Go to the mobile banking server 170.
第二客戶端160也負責接收憑證管理中心150透過行動銀行伺服器170所傳送的交易憑證。在部分的實施例中,第二客戶端160提供輸入的憑證申請資料可以包含憑證密碼,使得憑證管理中心150所傳回的交易憑證經過憑證申請資料中的憑證密碼加密,如此,第二客戶端160也需要在使用交易憑證時,再次提供輸入憑證密碼,並使用被輸入的憑證密碼將交易憑證解密。其中,憑證密碼可以由任意數量的字母、數字、符號等字符任意排列而成,本發明並沒有特別的限制。The second client 160 is also responsible for receiving transaction credentials transmitted by the credential management center 150 via the mobile banking server 170. In some embodiments, the second client 160 provides the entered voucher application data to include the voucher password, so that the transaction voucher returned by the voucher management center 150 is encrypted by the voucher password in the voucher application data, such that the second client 160 also needs to provide the input credential password again when using the transaction credential, and decrypt the transaction credential using the entered credential password. The certificate password may be arbitrarily arranged by any number of characters such as letters, numbers, symbols, etc., and the present invention is not particularly limited.
第二客戶端160也負責使用憑證管理中心150所申請到的交易憑證對行動銀行伺服器170所提供之簽署資料簽章,並在簽章後產生相對應的資料簽章,第二客戶端160也負責將所產生的資料簽章傳送到行動銀行伺服器170。第二客戶端160可以透過所安裝並執行之交易應用程式中的安控元件(圖中未示)對簽署資料簽章,但本發明並不以此為限。在部分的實施例中,第二客戶端160可以在傳送資料簽章到行動銀行伺服器170時,一併將第二客戶端160的裝置識別資料傳送給行動銀行伺服器170。The second client 160 is also responsible for signing the signature of the signed data provided by the mobile banking server 170 using the transaction voucher applied by the voucher management center 150, and generating a corresponding data signature after the signature, the second client 160 It is also responsible for transmitting the generated data signature to the mobile banking server 170. The second client 160 can sign the signed data through the security control component (not shown) in the installed and executed transaction application, but the invention is not limited thereto. In some embodiments, the second client 160 can transmit the device identification data of the second client 160 to the mobile banking server 170 when transmitting the data signature to the mobile banking server 170.
行動銀行伺服器170與銀行後台伺服器130以及憑證管理中心150連接,並提供第二客戶端160連接。行動銀行伺服器170負責接收第二客戶端160所傳送的登入資料,並負責將所接收到的登入資料傳送到銀行後台伺服器130判斷第二客戶端160是否可以登入。若銀行後台伺服器130所傳回的判斷結果表示登入資料不相符,則行動銀行伺服器170可以產生表示登入資料錯誤的登入訊息,並將所產生的登入訊息傳回第二客戶端160顯示,或可以在第二客戶端160所傳送的登入資料連續被銀行後台伺服器130判斷為不相符的次數達到一定次數後,拒絕第二客戶端160的登入。而若銀行後台伺服器130所傳回的判斷結果表示登入資料相符,則行動銀行伺服器170可以允許第二客戶端160登入行動銀行伺服器170。The mobile banking server 170 is coupled to the bank backend server 130 and the credential management center 150 and provides a second client 160 connection. The mobile banking server 170 is responsible for receiving the login data transmitted by the second client 160, and is responsible for transmitting the received login data to the bank server 130 to determine whether the second client 160 can log in. If the judgment result returned by the bank server 130 indicates that the login data does not match, the mobile banking server 170 may generate a login message indicating that the login data is incorrect, and transmit the generated login message back to the second client 160 for display. Alternatively, after the login data transmitted by the second client 160 is continuously determined by the bank background server 130 to be a certain number of times of non-conformity, the login of the second client 160 is rejected. If the result of the judgment returned by the bank server 130 indicates that the login data matches, the mobile banking server 170 may allow the second client 160 to log into the mobile banking server 170.
行動銀行伺服器170也負責接收第二客戶端160所傳送的憑證申請資料,並負責透過銀行後台伺服器130判斷第二客戶端160所傳送之憑證申請資料中的驗證資料與接收自網路銀行伺服器120之開戶註冊資料中的檢核資料是否相符,以及負責在依據銀行後台伺服器130所傳回的比對結果判斷所接收到的驗證資料與所接收到的檢核資料相符時,將第二客戶端160所傳送的憑證申請資料傳送到憑證管理中心150。而若銀行後台伺服器130所傳回的比對結果表示所接收到的驗證資料與所接收到的檢核資料不相符時,行動銀行伺服器170可以產生表示驗證資料錯誤的訊息,並將所產生的訊息傳回第二客戶端160顯示,或可以在銀行後台伺服器130判斷第二客戶端160所傳送的驗證資料與檢核資料不相符的連續次數達到一定次數後,停止服務第二客戶端160。The mobile banking server 170 is also responsible for receiving the voucher application data transmitted by the second client 160, and is responsible for judging the verification information in the voucher application data transmitted by the second client 160 through the bank background server 130 and receiving the online banking from the online banking server. Whether the verification data in the account registration data of the server 120 matches, and is responsible for judging that the received verification data matches the received verification data according to the comparison result returned by the bank background server 130, The voucher application data transmitted by the second client 160 is transmitted to the voucher management center 150. If the comparison result returned by the bank server 130 indicates that the received verification data does not match the received verification data, the mobile banking server 170 may generate a message indicating that the verification data is incorrect, and The generated message is sent back to the second client 160 for display, or may be stopped after the bank server 130 determines that the verification data transmitted by the second client 160 does not match the verification data for a certain number of consecutive times. End 160.
行動銀行伺服器170也負責預先儲存或即時產生提供給第二客戶端160的簽署資料,並可以接收第二客戶端所傳送的資料簽章(以及裝置識別資料),以及將所接收自第二客戶端160的資料簽章(以及裝置識別資料)傳送給憑證管理中心150,藉以透過憑證管理中心150驗證第二客戶端160所傳送的資料簽章。The mobile banking server 170 is also responsible for pre-storing or generating the signature information provided to the second client 160 in advance, and can receive the data signature (and device identification data) transmitted by the second client, and will receive the second data received. The data signature (and device identification data) of the client 160 is transmitted to the credential management center 150 to verify the data signature transmitted by the second client 160 through the credential management center 150.
行動銀行伺服器170也負責在第二客戶端160所傳送的資料簽章通過憑證管理中心150的驗證時,完成行動銀行的註冊程序。更詳細的說,行動銀行伺服器170可以接收憑證管理中心150所傳回之與資料簽章對應的驗證結果,並在所接收到的驗證結果表示資料簽章沒有通過驗證時,產生表示簽章驗證失敗的提示訊息,並將所產生的提示訊息傳回第二客戶端160顯示;而行動銀行伺服器170在所接收到之驗證結果表示資料簽章通過驗證時,可以執行預定的業務邏輯,並儲存資料簽章,藉以完成行動銀行的註冊程序。The mobile banking server 170 is also responsible for completing the registration procedure of the mobile banking when the data signature transmitted by the second client 160 is verified by the credential management center 150. In more detail, the mobile banking server 170 can receive the verification result corresponding to the data signature returned by the certificate management center 150, and generate a signature when the received verification result indicates that the data signature has not passed the verification. Verifying the failed prompt message and transmitting the generated prompt message back to the second client 160 for display; and the mobile banking server 170 can execute the predetermined business logic when the received verification result indicates that the data signature is verified. The data signature is stored to complete the registration process for the Mobile Bank.
接著以一個實施例來解說本發明的運作系統與方法,並請參照「第2A圖」本發明所提之於線上申請行動銀行帳號之方法流程圖以及「第2B圖」本發明所提之透過行動銀行中完成開戶之方法流程圖。在本實施例中,假設第一客戶端110為個人電腦、第二客戶端160為智慧型手機,但本發明並不以此為限。The operation system and method of the present invention are explained by using an embodiment. Please refer to the "2A" diagram of the method for applying for a mobile banking account online and the "B2B". Flow chart of the method of opening an account in the mobile banking. In this embodiment, it is assumed that the first client 110 is a personal computer and the second client 160 is a smart phone, but the invention is not limited thereto.
首先,第一客戶端110可以連線到網路銀行伺服器120(步驟201)。在本實施例中,假設使用者可以操作第一客戶端110連接網路銀行伺服器120,網路銀行伺服器120可以將填寫開戶註冊資料的網頁傳回給第一客戶端110顯示。First, the first client 110 can connect to the online banking server 120 (step 201). In this embodiment, it is assumed that the user can operate the first client 110 to connect to the online banking server 120, and the online banking server 120 can transmit the webpage filling the account opening registration information to the first client 110 for display.
接著,第一客戶端110可以提供輸入開戶註冊資料以及識別資料(步驟210)。在本實施例中,假設使用者具有銀行端的金融卡,也就是使用者為銀行舊戶,則使用者可以依據第一客戶端110所顯示之網頁中的提示,上傳身分證以及第二證件的影像,輸入行動銀行的帳號密碼與檢核資料藉以完成開戶註冊資料的輸入,以及連接第一客戶端110與讀卡機,並將晶片金融卡(硬體載具111)插入讀卡機中,使得第一客戶端110可以透過讀卡機讀取晶片金融卡所記錄的識別資料,其中,使用者可能需要在第一客戶端110所顯示之網頁中輸入晶片金融卡的密碼,使得讀卡機可以依據被輸入的密碼解密晶片金融卡所記錄的識別資料。而若使用者沒有銀行端的金融卡,例如使用者為銀行新戶,則使用者除了上傳身分證以及第二證件的影像,以及輸入行動銀行的帳號密碼與檢核資料已完成開戶註冊資料的輸入外,還可以操作第一客戶端110使用以具有的數位憑證對開戶註冊資料簽章,第一客戶端110可以將簽章產生的結果作為識別資料。Next, the first client 110 can provide input account opening registration data and identification data (step 210). In this embodiment, if the user has a financial card on the bank side, that is, the user is a bank old user, the user can upload the identity card and the second certificate according to the prompt in the webpage displayed by the first client 110. Image, input the account password and check data of the mobile bank to complete the input of the account opening registration data, and connect the first client 110 and the card reader, and insert the wafer financial card (hardware carrier 111) into the card reader. The first client 110 can read the identification data recorded by the chip financial card through the card reader, wherein the user may need to input the password of the chip financial card in the webpage displayed by the first client 110, so that the card reader The identification data recorded by the chip financial card can be decrypted according to the entered password. If the user does not have a financial card at the bank, for example, if the user is a new bank account, the user has to upload the identity card and the image of the second document, and input the mobile bank account password and check data to complete the input of the account opening registration data. In addition, the first client 110 can also be operated to sign the account registration data with the digital certificate, and the first client 110 can use the result generated by the signature as the identification data.
在第一客戶端110將提供輸入之開戶註冊資料以及識別資料傳送到網路銀行伺服器120(步驟219)後,網路銀行伺服器120可以將接收自第一客戶端110的開戶註冊資料以及識別資料傳送到銀行後台伺服器130。After the first client 110 transmits the input account registration data and the identification data to the online banking server 120 (step 219), the online banking server 120 may receive the account registration data received from the first client 110 and The identification data is transmitted to the bank backend server 130.
銀行後台伺服器130在接收到網路銀行伺服器120所傳送的開戶註冊資料以及識別資料後,可以判斷所接收到的識別資料是否通過驗證(步驟220)。在本實施例中,若識別資料是第一客戶端110由硬體載具111中讀取,則銀行後台伺服器130可以對識別資料進行押碼驗證,並可以將驗證後所產生之相對應的驗證結果傳回網路銀行伺服器120。而若是別資料是第一客戶端110使用數位憑證產生,則銀行後台伺服器130可以透過憑證管理中心150對識別資料進行驗證,憑證管理中心150可以在驗證後產生驗證結果,並由銀行後台伺服器130將驗證結果傳回網路銀行伺服器120。如此,網路銀行伺服器120可以依據銀行後台伺服器130所傳回的驗證結果判斷第一客戶端110所傳送的識別資料是否通過驗證,若網路銀行伺服器120所接收到的驗證結果表示識別資料沒有通過銀行後台伺服器130的驗證,則網路銀行伺服器120可以產生表示驗證失敗的驗證回應訊息,並將所產生的驗證回應訊息傳回第一客戶端110,使得第一客戶端110重新傳送開戶註冊資料以及識別資料(步驟210),或是在判斷第一客戶端110所傳送的識別資料無法通過銀行後台伺服器130之驗證的連續次數達到一定次數後,拒絕第一客戶端110的申請。After receiving the account opening registration data and the identification data transmitted by the online banking server 120, the bank background server 130 can determine whether the received identification data has passed the verification (step 220). In this embodiment, if the identification data is that the first client 110 is read by the hardware carrier 111, the bank background server 130 may perform the code verification on the identification data, and may correspondingly generate the corresponding verification. The verification result is passed back to the online banking server 120. If the other data is generated by the first client 110 using the digital certificate, the bank background server 130 can verify the identification data through the credential management center 150, and the credential management center 150 can generate the verification result after verification, and the background server is provided by the bank. The processor 130 passes the verification result back to the online banking server 120. In this way, the online banking server 120 can determine whether the identification data transmitted by the first client 110 passes the verification according to the verification result returned by the bank server 130, and if the verification result received by the online banking server 120 indicates If the identification data is not verified by the bank server 130, the online banking server 120 may generate a verification response message indicating that the verification failed, and transmit the generated verification response message to the first client 110, so that the first client 110 re-transmitting the account opening registration data and the identification data (step 210), or rejecting the first client after determining that the identification data transmitted by the first client 110 cannot be verified by the bank background server 130 for a certain number of consecutive times. 110 application.
而若銀行後台伺服器130判斷網路銀行伺服器120的識別資料通過驗證,則銀行後台伺服器130可以依據網路銀行伺服器120所傳送的開戶註冊資料完成帳戶的開戶程序(步驟230)。If the bank server 130 determines that the identification data of the online banking server 120 has passed the verification, the bank background server 130 can complete the account opening procedure according to the account opening registration information transmitted by the online banking server 120 (step 230).
在銀行後台伺服器130完成開戶程序後,銀行後台伺服器130可以產生通知訊息並將所產生的通知訊息傳送到第一客戶端110或第二客戶端160(步驟240)。在本實施例中,假設銀行後台伺服器130可以依據開戶註冊資料中的電子郵件地址將表示註冊成功的通知訊息以電子郵件的方式傳送到第一客戶端110與第二客戶端160之使用者的電子郵件伺服器,使得第一客戶端110及/或第二客戶端160可以連線到電子郵件伺服器下載銀行後台伺服器130所傳送的通知訊息,並顯示通知訊息給使用者瀏覽。銀行後台伺服器130也可以依據開戶註冊資料中的手機號碼將表示註冊成功的通知訊息以簡訊的方式傳送到使用者的手機(第二客戶端160)。After the bank backend server 130 completes the account opening process, the bank backend server 130 may generate a notification message and transmit the generated notification message to the first client 110 or the second client 160 (step 240). In this embodiment, it is assumed that the bank server 130 can transmit the notification message indicating that the registration is successful to the user of the first client 110 and the second client 160 by email according to the email address in the account registration data. The email server enables the first client 110 and/or the second client 160 to connect to the email server to download the notification message transmitted by the bank server 130 and display the notification message to the user for browsing. The bank background server 130 may also transmit the notification message indicating that the registration is successful to the user's mobile phone (the second client 160) according to the mobile phone number in the account registration data.
之後,第二客戶端160可以連線到行動銀行伺服器170,並使用第一客戶端110提供輸入之開戶註冊資料中的登入資料登入行動銀行伺服器170(步驟251)。在本實施例中,假設網路銀行伺服器120或行動銀行伺服器170所傳送的通知訊息中包含交易應用程式的下載方式,若第二客戶端160沒有安裝過交易應用程式,則使用者可以依據通知訊息中所記載的下載方式操作第二客戶端160下載並安裝交易應用程式。而若第二客戶端160已經安裝交易應用程式,或是第二客戶160端完成交易應用程式的安裝後,當第二客戶端160執行交易應用程式時,交易應用程式可以取得第二客戶端160的裝置識別資料,同時,交易應用程式也可以要求使用者輸入登入資料,例如帳號密碼,在使用者正確輸入開戶註冊資料中的登入資料後,交易應用程式可以登入行動銀行伺服器170。Thereafter, the second client 160 can connect to the mobile banking server 170 and log in to the mobile banking server 170 using the login data in the entered account registration data provided by the first client 110 (step 251). In this embodiment, it is assumed that the notification message transmitted by the online banking server 120 or the mobile banking server 170 includes the downloading method of the transaction application. If the second client 160 does not have the transaction application installed, the user can The second client 160 is operated to download and install the transaction application according to the download mode described in the notification message. If the second client 160 has installed the transaction application, or the second client 160 completes the installation of the transaction application, when the second client 160 executes the transaction application, the transaction application can obtain the second client 160. The device identification data can also be requested by the user to input the login information, such as the account password. After the user correctly enters the login information in the account registration data, the transaction application can log into the mobile banking server 170.
在第二客戶端160成功登入行動銀行伺服器170後,第二客戶端160可以提供輸入憑證申請資料,並將被輸入的憑證申請資料傳送到行動銀行伺服器170(步驟255)。在本實施中,假設當使用者操作第二客戶端160在交易應用程式中選擇執行簽發交易憑證時,交易應用程式可以顯示憑證申請資料的輸入介面,藉以提供使用者輸入憑證申請資料,並在使用者完成憑證申請資料的輸入後,將提供使用者輸入的憑證申請資料以及所取得的裝置識別資料傳送到行動銀行伺服器170。After the second client 160 successfully logs into the mobile banking server 170, the second client 160 can provide input voucher application information and transmit the entered voucher application data to the mobile banking server 170 (step 255). In this implementation, it is assumed that when the user operates the second client 160 to select to execute the issued transaction voucher in the transaction application, the transaction application can display an input interface of the voucher application data, thereby providing the user to input the voucher application data, and After the user completes the input of the voucher application data, the voucher application data input by the user and the obtained device identification data are transmitted to the mobile banking server 170.
在行動銀行伺服器170接收到第二客戶端160所傳送的憑證申請資料後,行動銀行伺服器170可以將接收自第二客戶端160之憑證申請資料中的驗證資料傳送到銀行後台伺服器130,藉以透過銀行後台伺服器130判斷接收自第二客戶端160的驗證資料與第一客戶端110所提供輸入之開戶註冊資料中的檢核資料是否相符(步驟260)。若銀行後台伺服器130判斷驗證資料與檢核資料不相符,則行動銀行伺服器170可以產生表示未通過驗證的檢核回應訊息,並可以將所產生的檢核回應訊息傳回第二客戶端160,使第二客戶端160顯示表示驗證資料錯誤的訊息,行動銀行伺服器170也可以在檢核資料與第二客戶端160所傳送之驗證資料不相符的次數達到預定次數後,拒絕服務第二客戶端160。After the mobile banking server 170 receives the voucher application data transmitted by the second client 160, the mobile banking server 170 may transmit the verification data received from the voucher application data of the second client 160 to the bank server 130. And determining, by the bank background server 130, whether the verification data received from the second client 160 matches the verification data in the account opening registration data provided by the first client 110 (step 260). If the bank server 130 determines that the verification data does not match the verification data, the mobile banking server 170 may generate a verification response message indicating that the verification has not passed the verification, and may transmit the generated verification response message to the second client. The second client 160 displays a message indicating that the verification data is incorrect. The mobile banking server 170 may also refuse the service after the verification data does not match the verification data transmitted by the second client 160 for a predetermined number of times. Two clients 160.
而若銀行後台伺服器130判斷驗證資料與檢核資料相符,則行動銀行伺服器170可以將所接收到的憑證申請資料傳送到憑證管理中心150(步驟271)。If the bank server 130 determines that the verification data matches the verification data, the mobile banking server 170 may transmit the received voucher application data to the voucher management center 150 (step 271).
在憑證管理中心150接收到行動銀行伺服器170所傳送的憑證申請資料後,憑證管理中心150可以連線到憑證發布中心180申請與第二客戶端160相對應的交易憑證,並透過行動銀行伺服器170將所申請到的交易憑證傳送到第二客戶端160(步驟275)。在本實施例中,假設憑證管理中心150包含憑證註冊主機151,憑證註冊主機151可以將接收自行動銀行伺服器170之憑證申請資料中的必要資料傳送到憑證發布中心180,藉以申請與第二客戶端160相對應的交易憑證,並可以在憑證發布中心180核發與第二客戶端160對應的交易憑證後,在與第二客戶端160對應的交易憑證中加入行動銀行伺服器170所傳送之第二客戶端160的裝置識別資料,使得被加入交易憑證中的裝置識別資料成為交易憑證的裝置確認資料,以及可以將交易憑證傳送到行動銀行伺服器170,使得行動銀行伺服器170將交易憑證轉送給執行於第二客戶端160的交易應用程式,藉以讓交易應用程式儲存所接收到的交易憑證。After the voucher management center 150 receives the voucher application data transmitted by the mobile banking server 170, the voucher management center 150 can connect to the voucher issuing center 180 to apply for the transaction voucher corresponding to the second client 160, and use the mobile banking server. The merchant 170 transmits the requested transaction voucher to the second client 160 (step 275). In this embodiment, it is assumed that the voucher management center 150 includes a voucher registration host 151, and the voucher registration host 151 can transmit the necessary information in the voucher application data received from the mobile banking server 170 to the voucher issuing center 180, thereby applying and second. The transaction voucher corresponding to the client 160 can be added to the transaction voucher corresponding to the second client 160 after the voucher issuing center 180 issues the transaction voucher corresponding to the second client 160. The device identification information of the second client 160 causes the device identification data added to the transaction voucher to become the device confirmation data of the transaction voucher, and the transaction voucher can be transmitted to the mobile banking server 170, so that the mobile banking server 170 will execute the transaction voucher. The transaction application is forwarded to the second client 160 to allow the transaction application to store the received transaction credentials.
事實上,在行動銀行伺服器170將憑證管理中心150所申請到之交易憑證傳送給第二客戶端160時,也可以一併將簽署資料傳送給第二客戶端160(步驟281)。In fact, when the mobile banking server 170 transmits the transaction certificate applied by the voucher management center 150 to the second client 160, the signature data may also be transmitted to the second client 160 (step 281).
第二客戶端160可以使用接收自憑證管理中心150的交易憑證對所行動銀行伺服器170所傳送的簽署資料簽章以產生相對應的資料簽章,以及將所產生的資料簽章傳送到行動銀行伺服器170(步驟285)。The second client 160 can use the transaction credentials received from the credential management center 150 to sign the signed data transmitted by the mobile banking server 170 to generate a corresponding data signature, and transmit the generated data signature to the action. Bank server 170 (step 285).
在行動銀行伺服器170接收到第二客戶端160所傳送的資料簽章後,行動銀行伺服器170可以透過憑證管理中心150驗證所接收到的資料簽章。在本實施例中,假設憑證管理中心150包含憑證驗證主機152,行動銀行伺服器170可以將接收自第二客戶端160的簽署資料、資料簽章、以及裝置識別資料傳送到憑證驗證主機152,之後,憑證驗證主機152可以先判斷與第二客戶端160對應之交易憑證中的裝置確認資料與接收自行動銀行伺服器170的裝置識別資料是否相同,若裝置確認資料與裝置識別資料不同,則憑證驗證主機152可以產生表示資料簽章未通過驗證的驗證結果,而若裝置確認資料與裝置識別資料相同,憑證驗證主機152可以連線到憑證發布中心180查詢與第二客戶端160對應的交易憑證是否有效,若與第二客戶端160對應的交易憑證無效,則憑證驗證主機152可以產生表示資料簽章未通過驗證的驗證結果,而若與第二客戶端160對應的交易憑證有效,則憑證驗證主機152可以依據接收自行動銀行伺服器170的簽署資料以及與第二客戶端160對應的交易憑證驗證所接收到的資料簽章,並依據資料簽章是否通過驗證,則產生表示資料簽章通過驗證或未通過驗證的驗證結果。After the mobile banking server 170 receives the data signature transmitted by the second client 160, the mobile banking server 170 can verify the received data signature through the credential management center 150. In this embodiment, it is assumed that the credential management center 150 includes a credential verification host 152, and the mobile banking server 170 can transmit the signature data, the data signature, and the device identification data received from the second client 160 to the credential verification host 152. Thereafter, the credential verification host 152 may first determine whether the device confirmation data in the transaction voucher corresponding to the second client 160 is the same as the device identification data received from the mobile banking server 170, and if the device confirmation data is different from the device identification data, The voucher verification host 152 can generate a verification result indicating that the data signature has not passed the verification, and if the device confirmation data is the same as the device identification data, the voucher verification host 152 can connect to the voucher issuing center 180 to query the transaction corresponding to the second client 160. Whether the voucher is valid, if the transaction voucher corresponding to the second client 160 is invalid, the voucher verification host 152 may generate a verification result indicating that the data signature has not passed the verification, and if the transaction voucher corresponding to the second client 160 is valid, then The credential verification host 152 can be based on the signature received from the mobile banking server 170. Materials and information 160 corresponding to the second client transaction certificate to verify the signature received, and based on whether the signature data is verified, the signature data generated indicates authenticated or verified by the verification result.
在憑證管理中心150驗證行動銀行伺服器170所傳送的資料簽章後,行動銀行伺服器170可以在判斷資料簽章通過憑證管理中心150的驗證時,完成行動銀行的註冊程序(步驟290)。在本實施例中,行動銀行伺服器170可以在接收到憑證驗證主機152所傳回之與資料簽章對應的驗證結果後,依據驗證結果判斷資料簽章是否通過驗證,若資料簽章沒有通過驗證,則行動銀行伺服器170可以產生簽章沒有通過驗證的提示訊息,並可以將所產生的提示訊息傳送到第二客戶端160顯示,或是拒絕服務第二客戶端160。而若資料簽章通過驗證,則行動銀行伺服器170可以完成行動銀行的註冊程序。如此,使用者便可以線上完成數位帳戶的開戶作業,不再需要臨櫃開戶。After the voucher management center 150 verifies the data signature transmitted by the mobile banking server 170, the mobile banking server 170 may complete the registration procedure of the mobile banking when determining that the data signature is verified by the voucher management center 150 (step 290). In this embodiment, after receiving the verification result corresponding to the data signature returned by the credential verification host 152, the mobile banking server 170 may determine whether the data signature has passed the verification according to the verification result, and if the data signature fails. In the verification, the mobile banking server 170 may generate a prompt message that the signature has not passed the verification, and may transmit the generated prompt message to the second client 160 for display or refuse to serve the second client 160. And if the data signature is verified, the mobile banking server 170 can complete the registration procedure of the mobile banking. In this way, the user can complete the account opening operation of the digital account online, and no longer need to open an account.
綜上所述,可知本發明與先前技術之間的差異在於具有第一客戶端可以透過網路銀行伺服器將識別資料與開戶註冊資料傳送至銀行後台伺服器,銀行後台伺服器可以在識別資料通過驗證後,依據開戶註冊資料完成帳戶開戶程序,行動銀行伺服器可以在透過銀行後台伺服器驗證第二客戶端所傳送的驗證資料後,傳送憑證申請資料至憑證管理中心,憑證管理中心可以申請交易憑證並將申請到之交易憑證透過行動銀行伺服器傳送到第二客戶端,第二客戶端可以使用交易憑證對行動銀行所傳送的簽署資料簽章後,傳送到資料簽章行動銀行伺服器,行動銀行伺服器可以在透過銀行後台伺服器驗證資料簽章後,完成行動銀行的註冊程序之技術手段,藉由此一技術手段可以解決先前技術所存在需要臨櫃才能開戶並使用線上銀行的問題,進而達成讓帳戶所有人線上開戶並申請行動銀行帳號的技術功效。In summary, it can be seen that the difference between the present invention and the prior art is that the first client can transmit the identification data and the account opening registration data to the bank background server through the online banking server, and the bank background server can identify the data. After verification, the account opening procedure is completed according to the account opening registration data, and the mobile banking server can transmit the voucher application data to the voucher management center after verifying the verification data transmitted by the second client through the bank server, and the voucher management center can apply. Transaction vouchers and the transaction vouchers sent to the second client through the mobile banking server, the second client can use the transaction vouchers to sign the signed data transmitted by the mobile banking, and then transmit to the data signature mobile banking server The mobile banking server can complete the mobile banking registration procedure after verifying the data signature through the bank back-end server. By means of this technical means, the prior art can be solved to open an account and use online banking. Problem, and then reach the account owner online Household operations and application technology efficacy bank account.
再者,本發明之於線上完成開戶並申請行動銀行之方法,可實現於硬體、軟體或硬體與軟體之組合中,亦可在電腦系統中以集中方式實現或以不同元件散佈於若干互連之電腦系統的分散方式實現。Furthermore, the method for completing an account opening and applying for a mobile banking in the present invention can be implemented in a combination of hardware, software or a combination of hardware and software, or can be implemented in a centralized manner in a computer system or distributed in a plurality of different components. The decentralized implementation of interconnected computer systems.
雖然本發明所揭露之實施方式如上,惟所述之內容並非用以直接限定本發明之專利保護範圍。任何本發明所屬技術領域中具有通常知識者,在不脫離本發明所揭露之精神和範圍的前提下,對本發明之實施的形式上及細節上作些許之更動潤飾,均屬於本發明之專利保護範圍。本發明之專利保護範圍,仍須以所附之申請專利範圍所界定者為準。While the embodiments of the present invention have been described above, the above description is not intended to limit the scope of the invention. Any modification of the form and details of the practice of the present invention, which is a matter of ordinary skill in the art to which the present invention pertains, is a patent protection of the present invention. range. The scope of the invention is to be determined by the scope of the appended claims.
110‧‧‧第一客戶端110‧‧‧First client
111‧‧‧硬體載具111‧‧‧ hardware carrier
120‧‧‧網路銀行伺服器120‧‧‧Internet Banking Server
130‧‧‧銀行後台伺服器130‧‧‧Bank back-end server
150‧‧‧憑證管理中心150‧‧‧Voucher Management Center
151‧‧‧憑證註冊主機151‧‧‧Voucher registration host
152‧‧‧憑證驗證主機152‧‧‧Voucher verification host
160‧‧‧第二客戶端160‧‧‧Second client
170‧‧‧行動銀行伺服器170‧‧‧Mobile Bank Server
180‧‧‧憑證發布中心180‧‧‧Voucher Publishing Center
步驟201‧‧‧第一客戶端連線至網路銀行伺服器Step 201‧‧‧Connect the first client to the online banking server
步驟210‧‧‧第一客戶端提供輸入開戶註冊資料及識別資料Step 210‧‧‧ The first client provides input account registration information and identification data
步驟218‧‧‧第一客戶端傳送識別資料及開戶註冊資料至網路銀行伺服器Step 218‧‧‧ The first client transmits the identification data and the account registration data to the online banking server
步驟219‧‧‧網路銀行伺服器傳送識別資料及開戶註冊資料至銀行後台伺服器Step 219‧‧‧ The online banking server transmits the identification data and the account registration data to the bank server
步驟220‧‧‧銀行後台伺服器判斷識別資料是否通過驗證Step 220‧‧‧ Bank server determines whether the identification data has passed verification
步驟230‧‧‧銀行後台伺服器依據開戶註冊資料完成開戶程序Step 230‧‧‧The bank server completes the account opening procedure based on the account registration information
步驟240‧‧‧銀行後台伺服器傳送通知訊息Step 240‧‧‧Bank server sends notification message
步驟251‧‧‧第二客戶端連線至行動銀行伺服器Step 251‧‧‧Second client connection to mobile banking server
步驟255‧‧‧第二客戶端提供輸入憑證申請資料,並傳送憑證申請資料至行動銀行伺服器Step 255‧‧‧ The second client provides input of the voucher application information and transmits the voucher application information to the mobile banking server
步驟260‧‧‧行動銀行伺服器透過銀行後台伺服器判斷驗證資料與檢核資料是否相符Step 260‧‧‧ The mobile banking server determines whether the verification data matches the verification data through the bank server
步驟271‧‧‧行動銀行伺服器傳送憑證申請資料到憑證管理中心Step 271‧‧‧ Mobile Bank Server transmits the voucher application information to the Voucher Management Center
步驟275‧‧‧憑證管理中心申請與第二客戶端對應之交易憑證,並透過行動銀行伺服器傳送交易憑證給第二客戶端Step 275‧‧ The voucher management center applies for the transaction voucher corresponding to the second client, and transmits the transaction voucher to the second client through the mobile banking server
步驟281‧‧‧行動銀行伺服器傳送簽署資料至第二客戶端Step 281‧‧‧ Mobile banking server transmits the signed data to the second client
步驟285‧‧‧第二客戶端使用交易憑證對簽署資料進行簽章以產生資料簽章,並傳送簽署資料及資料簽章至行動銀行伺服器Step 285‧‧‧ The second client uses the transaction voucher to sign the signed data to generate the data signature, and transmits the signed information and data signature to the mobile banking server
步驟290‧‧‧行動銀行伺服器透過憑證管理中心驗證資料簽章,並於資料簽章通過驗證時完成行動銀行之註冊程序Step 290‧‧ The mobile banking server verifies the data signature through the voucher management center and completes the mobile banking registration process when the data signature is verified
第1圖為本發明所提之於線上完成開戶並申請行動銀行之系統架構圖。 第2A圖為本發明所提之於線上開啟帳戶之方法流程圖。 第2B圖為本發明所提之於線上申請行動銀行之方法流程圖。The first figure is a system architecture diagram of the invention for completing an account opening online and applying for a mobile banking. 2A is a flow chart of a method for opening an account online by the present invention. FIG. 2B is a flow chart of a method for applying for an online mobile bank in accordance with the present invention.
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW105143955A TWI644276B (en) | 2016-12-29 | 2016-12-29 | System for opening account and applying mobile banking account online and method thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW105143955A TWI644276B (en) | 2016-12-29 | 2016-12-29 | System for opening account and applying mobile banking account online and method thereof |
Publications (2)
Publication Number | Publication Date |
---|---|
TW201824130A true TW201824130A (en) | 2018-07-01 |
TWI644276B TWI644276B (en) | 2018-12-11 |
Family
ID=63640115
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW105143955A TWI644276B (en) | 2016-12-29 | 2016-12-29 | System for opening account and applying mobile banking account online and method thereof |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWI644276B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI724638B (en) * | 2019-11-19 | 2021-04-11 | 臺灣網路認證股份有限公司 | System for using carrier to verity identity in machine for opening account and method thereof |
TWI771696B (en) * | 2020-06-10 | 2022-07-21 | 中國信託商業銀行股份有限公司 | Identity authentication system and method |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI767113B (en) * | 2019-03-19 | 2022-06-11 | 彰化商業銀行股份有限公司 | System for using certificate stored in carrier to conduct online transactions and method thereof |
TWI767254B (en) * | 2020-06-17 | 2022-06-11 | 玉山商業銀行股份有限公司 | Authorization system and method thereof |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020120582A1 (en) * | 2001-02-26 | 2002-08-29 | Stephen Elston | Method for establishing an electronic commerce account |
TWI512663B (en) * | 2013-07-31 | 2015-12-11 | Univ Far East | Online to offline electronic commerce system and method thereof |
TWM518371U (en) * | 2015-09-15 | 2016-03-01 | Systex Corp | Remote securities account-opening system |
-
2016
- 2016-12-29 TW TW105143955A patent/TWI644276B/en active
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI724638B (en) * | 2019-11-19 | 2021-04-11 | 臺灣網路認證股份有限公司 | System for using carrier to verity identity in machine for opening account and method thereof |
TWI771696B (en) * | 2020-06-10 | 2022-07-21 | 中國信託商業銀行股份有限公司 | Identity authentication system and method |
Also Published As
Publication number | Publication date |
---|---|
TWI644276B (en) | 2018-12-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108476227B (en) | System and method for device push provisioning | |
CN113557753B (en) | Flick card for securely generating card data for copying to clipboard | |
US20150120559A1 (en) | Enhancements to transaction processing in a secure environment | |
CN113272845A (en) | One touch payment using a contactless card | |
KR20160006185A (en) | Two factor authentication | |
TWI644276B (en) | System for opening account and applying mobile banking account online and method thereof | |
US20130218779A1 (en) | Dual factor digital certificate security algorithms | |
TWM539667U (en) | System of online credentials application for network transaction via carrier | |
TWI811323B (en) | Mobile payment system and method using a mobile payment device without an installed application | |
TWI720738B (en) | System for combining architectures of fido and pki to identity user and method thereof | |
TWM601411U (en) | System for digital account application by using ATM to obtain authentication | |
TWM539668U (en) | System for opening account online and applying for mobile banking | |
TWM594186U (en) | Device and system combining online rapid authentication and public key infrastructure to identify identity | |
TWM618092U (en) | Certificate management system for automated domain verification | |
TWM592629U (en) | System to obtain appended data and execute corresponding operation when identity is confirmed | |
TW201824129A (en) | System for applying for certificate online through carrier for transaction and method thereof | |
TWM609003U (en) | System for transferring to client end to continue operation after confirming the identity on the public equipment | |
TWM618726U (en) | System for verifying identity on different devices based on certificates and verification data | |
TWM603573U (en) | System generating authorization content during identity verification before transaction | |
TWM588313U (en) | System for confirming user identity through financial account information | |
TWI729535B (en) | System for using financial account to confirm identity and method thereof | |
TWI792010B (en) | System for using automation machine to scan barcode and verify identity for applying account and method thereof | |
TWM583978U (en) | System of using physical carrier to store digital certificate for performing online transaction | |
TWI784339B (en) | System for changing to client to continue operations after confirming identity on public device and method thereof | |
TWI774011B (en) | System for getting certification through automation machine for applying account and method thereof |