[go: up one dir, main page]

TWI767254B - Authorization system and method thereof - Google Patents

Authorization system and method thereof Download PDF

Info

Publication number
TWI767254B
TWI767254B TW109120399A TW109120399A TWI767254B TW I767254 B TWI767254 B TW I767254B TW 109120399 A TW109120399 A TW 109120399A TW 109120399 A TW109120399 A TW 109120399A TW I767254 B TWI767254 B TW I767254B
Authority
TW
Taiwan
Prior art keywords
authorization
user
chip card
identity
authentication server
Prior art date
Application number
TW109120399A
Other languages
Chinese (zh)
Other versions
TW202201311A (en
Inventor
李嘉銘
廖卉
Original Assignee
玉山商業銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 玉山商業銀行股份有限公司 filed Critical 玉山商業銀行股份有限公司
Priority to TW109120399A priority Critical patent/TWI767254B/en
Publication of TW202201311A publication Critical patent/TW202201311A/en
Application granted granted Critical
Publication of TWI767254B publication Critical patent/TWI767254B/en

Links

Images

Landscapes

  • Alarm Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

An authorization system comprises a transaction server end, a certification server end and a user end unit. The user end unit obtains first identity data from a first chip card, and transfers an authorization request to the certification server end according to the first identity data. Upon the certification server receiving and determining the authorization request conforms to an authorization required condition, the certification server end outputs an authorization demand notification which can be read by the user end unit. The user end unit obtains second identity data from a second chip card, and transfers an authorization agreement indication corresponding to the authorization request to the certification server end according to the second identity data. Upon the certification server end determining the authorization agreement indication conforms to an authorization qualification condition, the certification server end outputs an authorized accomplished notification to the transaction server end, so that the transaction server end executes an online financial service process.

Description

金融服務處理系統及方法Financial Services Processing System and Method

本發明是有關於一種金融服務處理系統及方法,特別是指一種利用晶片卡進行授權的金融服務處理系統及方法。The present invention relates to a financial service processing system and method, in particular to a financial service processing system and method using a chip card for authorization.

在網路通訊發達的現代社會中,使用者能夠輕鬆地透過電腦或手機等電子裝置進行各式各樣的線上交易。然而,對於未成年的使用者來說,若其在監護人不知情的情況下使用線上交易服務,則後續便可能衍生出許多爭議,因此,如何對前述的情形作出預防,便成為本案所欲探討的議題。In the modern society with developed network communication, users can easily conduct various online transactions through electronic devices such as computers or mobile phones. However, for underage users, if they use online transaction services without the knowledge of their guardians, many disputes may arise in the future. Therefore, how to prevent the aforementioned situation has become the purpose of this case. issue.

本發明的其中一目的,在於提供一種能改善現有技術之不便的金融服務處理系統。One of the objects of the present invention is to provide a financial service processing system which can improve the inconvenience of the prior art.

本發明金融服務處理系統適用於一第一晶片卡及一第二晶片卡;該金融服務處理系統包含一交易伺服端、一電連接該交易伺服端的認證伺服端及一用於電連接該交易伺服端的使用端單元。該使用端單元於傳送一金融服務請求至該交易伺服端之後自該第一晶片卡獲得一第一身分資料,且產生並提供一包含該第一身分資料的授權請求至該認證伺服端。該認證伺服端於接收到該授權請求,且判斷出該授權請求符合一需授權條件時,輸出一能被該使用端單元讀取的授權需求通知。該使用端單元自該第二晶片卡獲得一第二身分資料,且產生並提供一對應該授權請求且包含該第二身分資料的同意授權指示至該認證伺服端。該認證伺服端於接收到該同意授權指示,且判斷出該同意授權指示符合一相關於該第一身分資料的授權資格條件時,輸出一授權完成通知至該交易伺服端,以致該交易伺服端根據該授權完成通知執行一對應該金融服務請求的線上金融服務程序。The financial service processing system of the present invention is suitable for a first chip card and a second chip card; the financial service processing system comprises a transaction server, an authentication server electrically connected to the transaction server, and an authentication server for electrically connecting the transaction server end-use unit. The user unit obtains a first identity data from the first chip card after sending a financial service request to the transaction server, and generates and provides an authorization request including the first identity data to the authentication server. When the authentication server receives the authorization request and determines that the authorization request meets an authorization requirement, it outputs an authorization requirement notification that can be read by the user unit. The user-end unit obtains a second identity data from the second chip card, and generates and provides a pair of consent authorization instructions corresponding to the authorization request and including the second identity data to the authentication server. When the authentication server receives the consent and authorization instruction and determines that the consent and authorization instruction meets an authorization qualification condition related to the first identity data, it outputs an authorization completion notification to the transaction server, so that the transaction server Execute a pair of online financial service programs in response to the financial service request according to the authorization completion notification.

在本發明金融服務處理系統的一些實施態樣中,該使用端單元包括一用於電連接該交易伺服端的第一使用端,以及一用於電連接該交易伺服端的第二使用端。該第一身分資料是由該第一使用端自該第一晶片卡所獲得,且該授權請求是由該第一使用端產生並經由該交易伺服端傳送至該認證伺服端。該認證伺服端所輸出的該授權需求通知是能被該第二使用端所讀取。該第二身分資料是由該第二使用端自該第二晶片卡所獲得,且該同意授權指示是由該第二使用端產生並經由該交易伺服端傳送至該認證伺服端。In some implementation aspects of the financial service processing system of the present invention, the consumer unit includes a first consumer for electrically connecting to the transaction server, and a second consumer for electrically connecting to the transaction server. The first identity information is obtained from the first chip card by the first user, and the authorization request is generated by the first user and transmitted to the authentication server via the transaction server. The authorization requirement notification output by the authentication server can be read by the second user. The second identity information is obtained by the second user terminal from the second chip card, and the consent authorization instruction is generated by the second user terminal and transmitted to the authentication server through the transaction server.

在本發明金融服務處理系統的一些實施態樣中,該需授權條件包含該第一身分資料所指示出的一當前年齡未達一預設年齡門檻值,且該授權資格條件包含該第二身分資料所包含的一識別資料相符於該第一身分資料所包含的一監護者資料。In some implementation aspects of the financial service processing system of the present invention, the authorization requirement includes that a current age indicated by the first identity information does not reach a predetermined age threshold, and the authorization qualification includes the second identity An identification data included in the data matches a guardian data included in the first identity data.

在本發明金融服務處理系統的一些實施態樣中,該授權請求還包含一由該使用端單元根據使用者的輸入所產生的第一輸入識別碼,且該第一身分資料包含一被儲存於該第一晶片卡的第一身分識別碼。該認證伺服端是在判斷出該授權請求符合一第一檢核條件及該需授權條件時,才輸出該授權需求通知,其中,該第一檢核條件包含該第一輸入識別碼所具有的一第一參考部分相符於該第一身分識別碼所具有的一第一目標部分。該同意授權指示還包含一由該使用端單元根據使用者的輸入所產生的第二輸入識別碼,且該第二身分資料包含一被儲存於該第二晶片卡的第二身分識別碼。該認證伺服端是在判斷出該同意授權指示符合一第二檢核條件及該授權資格條件時,才輸出該授權完成通知至該交易伺服端,其中,該第二檢核條件包含該第二輸入識別碼所具有的一第二參考部分相符於該第二身分識別碼所具有的一第二目標部分。In some implementation aspects of the financial service processing system of the present invention, the authorization request further includes a first input identification code generated by the user unit according to the user's input, and the first identity information includes a stored in the The first identification code of the first chip card. The authentication server only outputs the authorization request notification when it determines that the authorization request meets a first check condition and the authorization-required condition, wherein the first check condition includes the first input identification code. A first reference portion corresponds to a first target portion of the first ID. The consent authorization instruction further includes a second input identification code generated by the user-end unit according to the user's input, and the second identity data includes a second identification code stored in the second chip card. The authentication server only outputs the authorization completion notification to the transaction server when it determines that the consent and authorization instruction meets a second check condition and the authorization qualification condition, wherein the second check condition includes the second check condition A second reference portion of the input identification code corresponds to a second target portion of the second identity identification code.

在本發明金融服務處理系統的一些實施態樣中,該授權請求還包含一由該第一晶片卡至少根據該第一身分資料所產生的第一簽章結果,並且,該第一檢核條件還包含該第一簽章結果能被用於判定該授權請求所包含的該第一身分資料具有資料完整性及不可否認性。該同意授權指示還包含一由該第二晶片卡至少根據該第二身分資料所產生的第二簽章結果,並且,該第二檢核條件還包含該第二簽章結果能被用於判定該同意授權指示所包含的該第二身分資料具有資料完整性及不可否認性。In some implementation aspects of the financial service processing system of the present invention, the authorization request further includes a first signature result generated by the first chip card at least according to the first identity information, and the first verification condition It also includes that the first signature result can be used to determine that the first identity data included in the authorization request has data integrity and non-repudiation. The consent authorization instruction further includes a second signature result generated by the second chip card based on at least the second identity information, and the second verification condition further includes that the second signature result can be used to determine The second identity information contained in the consent authorization instruction has data integrity and non-repudiation.

本發明的另一目的,在於提供該金融服務處理系統所實施的一種金融服務處理方法。Another object of the present invention is to provide a financial service processing method implemented by the financial service processing system.

本發明金融服務處理方法由一金融服務處理系統實施,該金融服務處理系統適用於一第一晶片卡及一第二晶片卡,且包含一交易伺服端、一認證伺服端及一使用端單元;該金融服務處理方法包含:(A)該使用端單元於傳送一金融服務請求至該交易伺服端之後,自該第一晶片卡獲得一第一身分資料,且產生並提供一包含該第一身分資料的授權請求至該認證伺服端;(B) 該認證伺服端於接收到該授權請求,且判斷出該授權請求符合一需授權條件時,輸出一能被該使用端單元讀取的授權需求通知;(C) 該使用端單元自該第二晶片卡獲得一第二身分資料,且產生並提供一對應該授權請求且包含該第二身分資料的同意授權指示至該認證伺服端;(D) 該認證伺服端於接收到該同意授權指示,且判斷出該同意授權指示符合一相關於該第一身分資料的授權資格條件時,輸出一授權完成通知至該交易伺服端,以致該交易伺服端根據該授權完成通知執行一對應該金融服務請求的線上金融服務程序。The financial service processing method of the present invention is implemented by a financial service processing system, the financial service processing system is suitable for a first chip card and a second chip card, and includes a transaction server, an authentication server and a user unit; The financial service processing method includes: (A) after the user unit transmits a financial service request to the transaction server, obtains a first identity data from the first chip card, and generates and provides a data containing the first identity The authorization request for the data is sent to the authentication server; (B) when the authentication server receives the authorization request and determines that the authorization request meets a required authorization condition, it outputs an authorization request that can be read by the user unit Notify; (C) the user-end unit obtains a second identity data from the second chip card, and generates and provides a consent authorization instruction corresponding to the authorization request and including the second identity data to the authentication server; (D ) When the authentication server receives the consent and authorization instruction and determines that the consent and authorization instruction meets an authorization qualification condition related to the first identity data, it outputs an authorization completion notification to the transaction server, so that the transaction server The terminal executes a pair of online financial service programs in response to the financial service request according to the authorization completion notification.

在本發明金融服務處理方法的一些實施態樣中,該使用端單元包括一用於電連接該交易伺服端的第一使用端,以及一用於電連接該交易伺服端的第二使用端。在步驟(A)中,該第一身分資料是由該第一使用端自該第一晶片卡所獲得,且該授權請求是由該第一使用端產生並經由該交易伺服端傳送至該認證伺服端。在步驟(B)中,該認證伺服端所輸出的該授權需求通知是能被該第二使用端所讀取。在步驟(C)中,該第二身分資料是由該第二使用端自該第二晶片卡所獲得,且該同意授權指示是由該第二使用端產生並經由該交易伺服端傳送至該認證伺服端。In some implementation aspects of the financial service processing method of the present invention, the consumer unit includes a first consumer electrically connected to the transaction server, and a second consumer electrically connected to the transaction server. In step (A), the first identity information is obtained by the first user from the first chip card, and the authorization request is generated by the first user and sent to the authentication via the transaction server server side. In step (B), the authorization requirement notification output by the authentication server can be read by the second user. In step (C), the second identity information is obtained by the second user terminal from the second chip card, and the consent authorization instruction is generated by the second user terminal and transmitted to the transaction server through the transaction server Authentication server.

在本發明金融服務處理方法的一些實施態樣中,在步驟(B)中,該需授權條件包含該第一身分資料所指示出的一當前年齡未達一預設年齡門檻值,在步驟(D)中,該授權資格條件包含該第二身分資料所包含的一識別資料相符於該第一身分資料所包含的一監護者資料。In some implementation aspects of the financial service processing method of the present invention, in step (B), the authorization requirement includes that a current age indicated by the first identity data does not reach a predetermined age threshold, and in step (B) In D), the authorization qualification condition includes that an identification data contained in the second identity data matches a guardian data contained in the first identity data.

在本發明金融服務處理方法的一些實施態樣中,在步驟(A)中,該授權請求還包含一由該使用端單元根據使用者的輸入所產生的第一輸入識別碼,且該第一身分資料包含一被儲存於該第一晶片卡的第一身分識別碼。在步驟(B)中,該認證伺服端是在判斷出該授權請求符合一第一檢核條件及該需授權條件時,才輸出該授權需求通知,其中,該第一檢核條件包含該第一輸入識別碼所具有的一第一參考部分相符於該第一身分識別碼所具有的一第一目標部分。在步驟(C)中,該同意授權指示還包含一由該使用端單元根據使用者的輸入所產生的第二輸入識別碼,且該第二身分資料包含一被儲存於該第二晶片卡的第二身分識別碼。在步驟(D)中,該認證伺服端是在判斷出該同意授權指示符合一第二檢核條件及該授權資格條件時,才輸出該授權完成通知至該交易伺服端,其中,該第二檢核條件包含該第二輸入識別碼所具有的一第二參考部分相符於該第二身分識別碼所具有的一第二目標部分。In some implementation aspects of the financial service processing method of the present invention, in step (A), the authorization request further includes a first input identification code generated by the user unit according to the user's input, and the first input identification code is The identity data includes a first identity code stored in the first chip card. In step (B), the authentication server only outputs the authorization request notification when it determines that the authorization request meets a first check condition and the authorization-needed condition, wherein the first check condition includes the first check condition. A first reference portion of an input identification code corresponds to a first target portion of the first identity identification code. In step (C), the consent and authorization instruction further includes a second input identification code generated by the user-end unit according to the user's input, and the second identity data includes a stored in the second chip card. Secondary ID. In step (D), the authentication server only outputs the authorization completion notification to the transaction server when it determines that the consent authorization instruction meets a second check condition and the authorization qualification condition, wherein the second The check condition includes that a second reference part of the second input ID matches a second target part of the second ID.

在本發明金融服務處理方法的一些實施態樣中,在步驟(A)中,該授權請求還包含一由該第一晶片卡至少根據該第一身分資料所產生的第一簽章結果。在步驟(B)中,該第一檢核條件還包含該第一簽章結果能被用於判定該授權請求所包含的該第一身分資料具有資料完整性及不可否認性。在步驟(C)中,該同意授權指示還包含一由該第二晶片卡至少根據該第二身分資料所產生的第二簽章結果。在步驟(D)中,該第二檢核條件還包含該第二簽章結果能被用於判定該同意授權指示所包含的該第二身分資料具有資料完整性及不可否認性。In some implementation aspects of the financial service processing method of the present invention, in step (A), the authorization request further includes a first signature result generated by the first chip card at least according to the first identity information. In step (B), the first verification condition further includes that the first signature result can be used to determine that the first identity data included in the authorization request has data integrity and non-repudiation. In step (C), the consent authorization instruction further includes a second signature result generated by the second chip card at least according to the second identity information. In step (D), the second verification condition further includes that the second signature result can be used to determine that the second identity data included in the consent authorization instruction has data integrity and non-repudiation.

本發明之功效在於:該金融服務處理系統的使用端單元能先利用該第一晶片卡產生並傳送該授權請求至該認證伺服端,再利用該第二晶片卡產生並傳送該同意授權指示至該認證伺服端,並且,該交易伺服端會在該認證伺服端判斷出該同意授權指示符合該授權資格條件後,才執行對應該金融服務請求的該線上金融服務程序,藉此,該金融服務處理系統有助於確保該線上金融服務程序是經過可授權者對待授權者的授權才被執行,而能避免衍生出後續爭議,故確實能有效改善現有技術之不便。The effect of the present invention is that the consumer unit of the financial service processing system can first generate and transmit the authorization request to the authentication server by using the first chip card, and then generate and transmit the consent authorization instruction by using the second chip card to The authentication server, and the transaction server will execute the online financial service program corresponding to the financial service request only after the authentication server determines that the consent authorization instruction meets the authorization qualification conditions, whereby the financial service The processing system helps to ensure that the online financial service program is executed only after being authorized by the licensor to treat the licensor, and can avoid subsequent disputes, so it can effectively improve the inconvenience of the existing technology.

在本發明被詳細描述之前應當注意:本專利說明書中所述的「電連接」是泛指多個電子設備/裝置/元件之間透過導電材料相連接而達成的有線電連接,以及透過無線通訊技術進行無線信號傳輸的無線電連接。並且,本專利說明書中所述的「電連接」亦泛指兩個電子設備/裝置/元件之間直接相連而形成的「直接電連接」,以及兩個電子設備/裝置/元件之間還透過其他電子設備/裝置/元件相連而形成的「間接電連接」。Before the present invention is described in detail, it should be noted that the "electrical connection" mentioned in this patent specification generally refers to a wired electrical connection between a plurality of electronic devices/devices/elements connected through conductive materials, as well as through wireless communication. Technology A radio connection for wireless signal transmission. In addition, the "electrical connection" mentioned in this patent specification also generally refers to the "direct electrical connection" formed by the direct connection between two electronic devices/devices/components, and the two electronic devices/devices/components are also connected through An "indirect electrical connection" formed by connecting other electronic equipment/devices/components.

參閱圖1,本發明金融服務處理系統1之一第一實施例例如適用於一對應於一待授權者的第一晶片卡101,以及一對應於一可授權者的第二晶片卡102。在本實施例的應用中,該待授權者可例如是一個當前年齡未達成年年齡的使用者,該可授權者則可例如是該待授權者的監護人(例如該待授權者的父親或母親),而該第一晶片卡101及該第二晶片卡102則例如分為該待授權者的一張數位身分識別證(亦可稱作New eID),以及該可授權者的一張數位身分識別證,但並不以此為限。Referring to FIG. 1 , a first embodiment of a financial service processing system 1 of the present invention is suitable, for example, for a first chip card 101 corresponding to a person to be authorized, and a second chip card 102 corresponding to an authorized person. In the application of this embodiment, the person to be authorized may be, for example, a user whose current age is under the age of majority, and the person to be authorized may be, for example, the guardian of the person to be authorized (for example, the father or mother of the person to be authorized) ), and the first chip card 101 and the second chip card 102 are, for example, divided into a digital identity card (also called New eID) of the person to be authorized, and a digital identity of the authorized person identification card, but not limited to this.

該金融服務處理系統1包含一交易伺服端10、一電連接該交易伺服端10的認證伺服端11,以及一用於經由一通訊網路(可例如為網際網路,圖未示出)電連接該交易伺服端10的使用端單元12。在本實施例中,該交易伺服端10及該認證伺服端11可例如是由一金融機構所管理,但並不以此為限。另一方面,該使用端單元12可例如包括一用於電連接該認證伺服端11的第一使用端121,以及一用於電連接該認證伺服端11的第二使用端122。其中,該第一使用端121可例如是由該待授權者所持有,且該第一使用端121可例如被實施為一智慧型電子裝置(例如智慧型手機或者平板電腦)或者是一電腦裝置(例如平板電腦或桌上型電腦)。另一方面,該第二使用端122可例如是由該可授權者所持有,且該第二使用端122可例如被實施為一智慧型電子裝置或者是一電腦裝置。The financial service processing system 1 includes a transaction server 10, an authentication server 11 electrically connected to the transaction server 10, and an authentication server 11 for electrically connecting via a communication network (such as the Internet, not shown in the figure). The user unit 12 of the transaction server 10 . In this embodiment, the transaction server 10 and the authentication server 11 may be managed by, for example, a financial institution, but not limited thereto. On the other hand, the user end unit 12 may include, for example, a first user end 121 for electrically connecting to the authentication server 11 , and a second user end 122 for electrically connecting the authentication server 11 . The first user terminal 121 may be, for example, held by the person to be authorized, and the first user terminal 121 may be implemented, for example, as a smart electronic device (such as a smart phone or a tablet computer) or a computer device (such as a tablet or desktop computer). On the other hand, the second user terminal 122 can be, for example, held by the licensor, and the second user terminal 122 can be implemented as an intelligent electronic device or a computer device, for example.

參閱圖2(由圖2A及2B組成),以下示例性地詳細說明本實施例的該金融服務處理系統1如何實施一金融服務處理方法。Referring to FIG. 2 (composed of FIGS. 2A and 2B ), the following exemplarily describes in detail how the financial service processing system 1 of the present embodiment implements a financial service processing method.

首先,在步驟S1中,該第一使用端121根據使用者操作地(例如是由該待授權者操作)產生並傳送一金融服務請求至該交易伺服端10。在本實施例中,該金融服務請求例如指示出一金融服務項目(例如開立一數位存款帳戶),但並不以此為限。接著,流程進行至步驟S2。First, in step S1 , the first user 121 generates and transmits a financial service request to the transaction server 10 according to the operation of the user (for example, the operation by the person to be authorized). In this embodiment, the financial service request indicates, for example, a financial service item (eg, opening a digital deposit account), but not limited thereto. Next, the flow proceeds to step S2.

在步驟S2中,當該交易伺服端10接收到來自於該第一使用端121的該金融服務請求,並且判斷出該金融服務請求所指示出的金融服務項目需要由該認證伺服端11認證申請者是否成年時,該交易伺服端10產生並傳送一授權資料輸入通知至該第一使用端121,以供該第一使用端121將該授權資料輸入通知顯示,藉此提示使用者利用該第一晶片卡101及該第一使用端121輸入用於進行認證的相關資料。接著,流程進行至步驟S3。In step S2, when the transaction server 10 receives the financial service request from the first user 121, and determines that the financial service item indicated by the financial service request needs to be authenticated by the authentication server 11 When the user is an adult, the transaction server 10 generates and transmits an authorization data input notification to the first user terminal 121 for the first user terminal 121 to display the authorization data input notification, thereby prompting the user to use the authorization data input notification. A chip card 101 and the first user terminal 121 input relevant data for authentication. Next, the flow proceeds to step S3.

在步驟S3中,該第一使用端121根據使用者操作地(例如是由該待授權者操作)與該第一晶片卡101建立電連接。更具體地說,在本實施例中,該第一使用端121可例如是透過其本身所具有的近場通訊功能(即Near Field Communication,簡稱NFC)與該第一晶片卡101建立無線電連接,亦可例如是透過一讀卡機(圖未示出)與該第一晶片卡101建立有線電連接。接著,流程進行至步驟S4。In step S3, the first user terminal 121 establishes an electrical connection with the first chip card 101 according to the operation of the user (eg, the operation by the person to be authorized). More specifically, in this embodiment, the first user terminal 121 may establish a radio connection with the first chip card 101 through its own near field communication function (ie, Near Field Communication, NFC for short), for example, A wired electrical connection with the first chip card 101 can also be established, for example, through a card reader (not shown). Next, the flow proceeds to step S4.

在步驟S4中,在該第一使用端121與該第一晶片卡101電連接的情況下,當該第一使用端121接收到一包含一第一輸入密碼及一第一輸入識別碼的第一登入資料時,該第一使用端121將該第一輸入密碼傳送至該第一晶片卡101,以供該第一晶片卡101所具有的一處理器(圖未示出)判定該第一輸入密碼是否正確。補充說明的是,該第一登入資料例如是該第一使用端121根據使用者(例如為該待授權者)的手動輸入而產生,且該第一輸入識別碼可例如是由該待授權者依據該第一使用端121所顯示的介面引導而手動輸入於該第一使用端121的身分證字號,但並不以此為限。接著,流程進行至步驟S5。In step S4, when the first user end 121 is electrically connected to the first chip card 101, when the first user end 121 receives a first input password and a first input identification code When logging in data, the first user terminal 121 transmits the first input password to the first chip card 101 for a processor (not shown) of the first chip card 101 to determine the first Is the password entered correctly. It should be added that the first login data is generated by the first user terminal 121 according to the manual input of the user (for example, the person to be authorized), and the first input identification code can be generated by the person to be authorized, for example. The ID number of the first user terminal 121 is manually input according to the guidance of the interface displayed by the first user terminal 121, but not limited thereto. Next, the flow proceeds to step S5.

在步驟S5中,在該第一晶片卡101的處理器判定該第一輸入密碼正確的情形下,該第一使用端121自該第一晶片卡101獲得一第一身分資料及一第一簽章結果。在本實施例中,該第一身分資料例如包含被儲存於該第一晶片卡101的一第一身分識別碼、一出生日期及兩筆監護者資料,而該第一簽章結果則例如是由該第一晶片卡101的處理器至少根據該第一身分資料以及一儲存於該第一晶片卡101內的私鑰所產生,但並不以此為限。更具體地說,該第一身分識別碼可例如為儲存於該第一晶片卡101之內的該待授權者的身分證字號,該出生日期可例如為儲存於該第一晶片卡101之內的該待授權者的生日,而該兩監護者資料則可例如分別為儲存於該第一晶片卡101之內的該待授權者的一父親姓名及一母親姓名,但並不以此為限。接著,流程進行至步驟S6。In step S5 , when the processor of the first chip card 101 determines that the first input password is correct, the first user 121 obtains a first identity information and a first signature from the first chip card 101 Chapter results. In this embodiment, the first identity information includes, for example, a first identity code, a date of birth and two pieces of guardian information stored in the first chip card 101 , and the first signature result is, for example, It is generated by the processor of the first chip card 101 according to at least the first identity information and a private key stored in the first chip card 101, but not limited thereto. More specifically, the first identity code can be, for example, the identity card number of the person to be authorized stored in the first chip card 101 , and the date of birth can be, for example, stored in the first chip card 101 The birthday of the person to be authorized, and the two guardian data can be, for example, a father's name and a mother's name of the person to be authorized stored in the first chip card 101, respectively, but not limited thereto . Next, the flow proceeds to step S6.

在步驟S6中,該第一使用端121例如根據該待授權者的操作而產生並提供一授權請求至該認證伺服端11,且該授權請求在本實施例中例如包含該第一身分資料、該第一簽章結果以及該第一輸入識別碼。補充說明的是,在本實施例中,該第一使用端121將該授權請求提供至該認證伺服端11的方式,例如是先將該授權請求傳送至該交易伺服端10,再由該交易伺服端10將該授權請求透過該金融機構的內部網路傳送至該認證伺服端11,但並不以此為限。接著,流程進行至步驟S7。In step S6, the first user 121 generates and provides an authorization request to the authentication server 11 according to the operation of the person to be authorized, for example, and the authorization request in this embodiment includes, for example, the first identity information, The first signature result and the first input identification code. It should be added that, in this embodiment, the first user 121 provides the authorization request to the authentication server 11, for example, the authorization request is first transmitted to the transaction server 10, and then the transaction The server 10 transmits the authorization request to the authentication server 11 through the internal network of the financial institution, but is not limited thereto. Next, the flow proceeds to step S7.

在步驟S7中,當該認證伺服端11接收到來自於該第一使用端121的該授權請求時,該認證伺服端11判斷該授權請求是否符合一第一檢核條件以及一需授權條件。In step S7, when the authentication server 11 receives the authorization request from the first user 121, the authentication server 11 determines whether the authorization request complies with a first check condition and an authorization requirement.

具體而言,在本實施例中,該第一檢核條件例如包含該授權請求的第一輸入識別碼所具有的一第一參考部分相符於該授權請求的第一身分識別碼所具有的一第一目標部分,以及該授權請求的第一簽章結果能被用於判定該授權請求的第一身分資料具有資料完整性及不可否認性,但並不以此為限。Specifically, in this embodiment, the first check condition includes, for example, that a first reference part of the first input identification code of the authorization request matches a first identification code of the authorization request. The first target part and the first signature result of the authorization request can be used to determine that the first identity information of the authorization request has data integrity and non-repudiation, but is not limited thereto.

在本實施例中,該第一參考部分可例如是該第一輸入識別碼的最後四碼,而該第一目標部分則例如是該第一身分識別碼的最後四碼,但並不以此為限。換句話說,若該第一參考部分相符於該第一目標部分,即代表使用者(例如為該待授權者)自行輸入之身分證字號的末四碼與該第一晶片卡101內所儲存之身分證字號的末四碼相同。In this embodiment, the first reference part may be, for example, the last four codes of the first input identification code, and the first target part may be, for example, the last four codes of the first identification code, but not limited. In other words, if the first reference part matches the first target part, it means that the last four codes of the identity card number entered by the user (for example, the person to be authorized) are stored in the first chip card 101 The last four digits of the ID number are the same.

並且,在本實施例中,該認證伺服端11可例如是利用公鑰加密標準(即Public Key Cryptography Standards,簡稱PKCS)、公開金鑰基礎建設架構(即Public Key Infrastructure,簡稱PKI)、X.509、憑證吊銷列表(即Certificate Revocation List,簡稱CRL)及線上憑證狀態協定(即Online Certificate Status Protocol,簡稱OCSP)等國際標準的其中至少一者的技術來對該第一簽章結果進行驗證,以判定該授權請求所包含的該第一身分資料是否具有資料完整性及不可否認性,但並不以此為限。Moreover, in this embodiment, the authentication server 11 may, for example, utilize public key encryption standards (ie Public Key Cryptography Standards, referred to as PKCS), public key infrastructure (ie Public Key Infrastructure, referred to as PKI), X. 509. Verify the first signature result using at least one of international standards such as Certificate Revocation List (Certificate Revocation List, CRL for short) and Online Certificate Status Protocol (OCSP for short), etc. To determine whether the first identity data included in the authorization request has data integrity and non-repudiation, but not limited thereto.

另一方面,在本實施例中,該需授權條件例如包含該第一身分資料的出生日期所指示出的一當前年齡未達一預設年齡門檻值,且該預設年齡門檻值可例如被實施為成年年齡值(例如18歲),但並不以此為限。On the other hand, in this embodiment, the authorization requirement includes, for example, that a current age indicated by the date of birth of the first identity data does not reach a predetermined age threshold, and the predetermined age threshold can be set, for example, by Implemented as an age of majority value (eg, 18), but not limited to this.

若該認證伺服端11判斷出該授權請求不符合該第一檢核條件及該需授權條件的其中任一者時,流程進行至步驟S8。另一方面,若該認證伺服端11判斷出該授權請求符合該第一檢核條件以及該需授權條件時,流程進行至步驟S9。If the authentication server 11 determines that the authorization request does not meet any one of the first checking condition and the authorization-needing condition, the process proceeds to step S8. On the other hand, if the authentication server 11 determines that the authorization request complies with the first verification condition and the authorization-required condition, the flow proceeds to step S9.

在接續於步驟S7之後的步驟S8中,一旦該認證伺服端11判斷出該授權請求不符合該第一檢核條件及該需授權條件的其中任一者,該認證伺服端11產生並傳送一授權請求失敗通知至該第一使用端121,以致該第一使用端121將該授權請求失敗通知輸出以供使用者(例如為該待授權者)參考。In step S8 following step S7, once the authentication server 11 determines that the authorization request does not meet any one of the first verification condition and the authorization-required condition, the authentication server 11 generates and transmits a The authorization request failure notification is notified to the first user terminal 121, so that the first user terminal 121 outputs the authorization request failure notification for the user (eg, the person to be authorized) to refer to.

在接續於步驟S7之後的步驟S9中,一旦該認證伺服端11判斷出該授權請求符合該第一檢核條件以及該需授權條件,該認證伺服端11產生並輸出一能被該第二使用端122所讀取的授權需求通知。具體來說,該授權需求通知可例如被實施為一能被該第二使用端122所讀取的電子郵件、一被傳送至該第二使用端122的通知簡訊,或者是一被傳送至該第二使用端122的應用程式推播,但並不以此為限。接著,流程進行至步驟S10。In step S9 following step S7, once the authentication server 11 determines that the authorization request complies with the first verification condition and the authorization requirement, the authentication server 11 generates and outputs an output that can be used by the second The authorization requirement notification read by the terminal 122. Specifically, the authorization requirement notification can be implemented, for example, as an email that can be read by the second consumer 122, a notification message sent to the second consumer 122, or a notification sent to the second consumer 122. The application program of the second user terminal 122 is pushed, but not limited to this. Next, the flow proceeds to step S10.

在步驟S10中,該第二使用端122根據使用者操作地(例如是在該可授權者透過該第二使用端122讀取該授權需求通知後由該可授權者操作)與該第二晶片卡102建立電連接。在本實施例中,類似於該第一使用端121地,該第二使用端122可例如是透過其本身所具有的近場通訊功能與該第二晶片卡102無線電連接,亦可例如是透過一讀卡機(圖未示出)與該第二晶片卡102有線電連接。接著,流程進行至步驟S11。In step S10 , the second user terminal 122 communicates with the second chip according to the user's operation (for example, after the licensor reads the authorization requirement notification through the second user terminal 122 ) and the second chip Card 102 establishes an electrical connection. In this embodiment, similar to the first user end 121 , the second user end 122 can be wirelessly connected to the second chip card 102 through its own near field communication function, or it can also be through A card reader (not shown) is wired and electrically connected to the second chip card 102 . Next, the flow proceeds to step S11.

在步驟S11中,在該第二使用端122與該第二晶片卡102電連接的情況下,當該第二使用端122接收到一包含一第二輸入密碼及一第二輸入識別碼的第二登入資料時,該第二使用端122將該第二輸入密碼傳送至該第二晶片卡102,以供該第二晶片卡102所具有的一處理器(圖未示出)判定該第二輸入密碼是否正確。補充說明的是,該第二登入資料例如是該第二使用端122根據使用者(例如為該可授權者)的手動輸入而產生,且該第二輸入識別碼可例如是由該可授權者依據該第一使用端121所顯示的介面引導而手動輸入於該第二使用端122的身分證字號,但並不以此為限。接著,流程進行至步驟S12。In step S11, when the second user terminal 122 is electrically connected to the second chip card 102, when the second user terminal 122 receives a first input code including a second input password and a second input identification code When logging in the data, the second user terminal 122 transmits the second input password to the second chip card 102 for a processor (not shown) of the second chip card 102 to determine the second Is the password entered correctly. It should be added that the second login information is generated by the second user terminal 122 according to the manual input of the user (for example, the authorizable person), and the second input identification code can be, for example, the authorizable person. The ID number of the second user terminal 122 is manually input according to the guidance of the interface displayed by the first user terminal 121, but not limited thereto. Next, the flow proceeds to step S12.

在步驟S12中,在該第二晶片卡102的處理器判定該第二輸入密碼正確的情形下,該第二使用端122自該第二晶片卡102獲得一第二身分資料及一第二簽章結果。在本實施例中,該第二身分資料例如包含被儲存於該第二晶片卡102的一第二身分識別碼及一識別資料,而該第二簽章結果則例如是由該第二晶片卡102的處理器至少根據該第二身分資料所產生,但並不以此為限。更具體地說,該第二身分識別碼可例如為儲存於該第二晶片卡102之內的該可授權者的身分證字號,而該識別資料則可例如是儲存於該第二晶片卡102之內的該可授權者的姓名,但並不以此為限。接著,流程進行至步驟S13。In step S12 , when the processor of the second chip card 102 determines that the second input password is correct, the second user terminal 122 obtains a second identity information and a second signature from the second chip card 102 Chapter results. In this embodiment, the second identity data includes, for example, a second identity code and an identification data stored in the second chip card 102, and the second signature result is, for example, obtained from the second chip card The processor of 102 is generated at least according to the second identity data, but not limited thereto. More specifically, the second identification code can be, for example, the identity card number of the authorized person stored in the second chip card 102 , and the identification data can be, for example, stored in the second chip card 102 but not limited to the name of the licensor within. Next, the flow proceeds to step S13.

在步驟S13中,該第二使用端122例如根據該可授權者的操作而產生並提供一對應該授權請求的同意授權指示至該認證伺服端11,且該同意授權指示例如包含該第二身分資料、該第二簽章結果以及該第二輸入識別碼。補充說明的是,在本實施例中,該第二使用端122將該同意授權指示提供至該認證伺服端11的方式,例如是先將該同意授權指示傳送至該交易伺服端10,再由該交易伺服端10將該同意授權指示透過該金融機構的內部網路傳送至該認證伺服端11,但並不以此為限。接著,流程進行至步驟S14。In step S13 , the second user 122 generates and provides an authorization instruction corresponding to the authorization request to the authentication server 11 , for example, according to the operation of the licensor, and the authorization instruction includes the second identity, for example data, the second signature result and the second input identification code. It should be added that, in this embodiment, the second user 122 provides the consent and authorization instruction to the authentication server 11, for example, firstly transmits the consent and authorization instruction to the transaction server 10, and then sends the consent and authorization instruction to the transaction server 10. The transaction server 10 transmits the consent and authorization instruction to the authentication server 11 through the internal network of the financial institution, but is not limited thereto. Next, the flow proceeds to step S14.

在步驟S14中,當該認證伺服端11接收到來自於該第二使用端122的該同意授權指示時,該認證伺服端11判斷該同意授權指示是否符合一第二檢核條件以及一授權資格條件。In step S14, when the authentication server 11 receives the consent authorization instruction from the second user 122, the authentication server 11 determines whether the consent authorization instruction complies with a second check condition and an authorization qualification condition.

具體而言,在本實施例中,該第二檢核條件例如包含該同意授權指示的第二輸入識別碼所具有的一第二參考部分相符於該同意授權指示的第一身分識別碼所具有的一第二目標部分,以及該同意授權指示的第二簽章結果能被用於判定該同意授權指示的該第二身分資料具有資料完整性及不可否認性,但並不以此為限。Specifically, in this embodiment, the second check condition includes, for example, that a second reference part of the second input identification code of the consent authorization instruction matches that of the first identification code of the consent authorization instruction A second target part of the consent and authorization instruction, and the second signature result of the consent authorization instruction can be used to determine the data integrity and non-repudiation of the second identity information of the consent authorization instruction, but not limited thereto.

在本實施例中,該第二參考部分可例如是該第二輸入識別碼的最後四碼,而該第二目標部分則例如是該第二身分識別碼的最後四碼,但並不以此為限。換句話說,若該第二參考部分相符於該第二目標部分,即代表使用者(例如為該可授權者)自行輸入之身分證字號的末四碼與該第二晶片卡102內所儲存之身分證字號的末四碼相同。並且,該認證伺服端11可例如是利用公鑰加密標準、公開金鑰基礎建設架構、X.509、憑證吊銷列表及線上憑證狀態協定等其中至少一者的技術來對該第二簽章結果進行驗證,以判定該同意授權指示所包含的該第二身分資料是否具有資料完整性及不可否認性,但並不以此為限。In this embodiment, the second reference part may be, for example, the last four digits of the second input identification code, and the second target part may be, for example, the last four digits of the second identification code, but not limited. In other words, if the second reference part matches the second target part, it means that the last four codes of the identity card number input by the user (eg, the authorized person) and stored in the second chip card 102 The last four digits of the ID number are the same. In addition, the authentication server 11 can, for example, utilize at least one of the public key encryption standard, the public key infrastructure, X.509, the certificate revocation list and the online certificate status agreement to obtain the second signature result. Verification is performed to determine whether the second identity information included in the consent and authorization instruction has data integrity and non-repudiation, but not limited thereto.

另一方面,在本實施例中,該授權資格條件例如包含該第二身分資料的識別資料(亦即該可授權者的姓名)相符於該第一身分資料之該兩監護者資料(亦即該父親姓名及該母親姓名)的其中一者。然而,在其他實施例中,該授權資格條件亦可例如代表該第二身分資料所指示出的一當前年齡已達到達該預設年齡門檻值,而並不以本實施例為限。On the other hand, in this embodiment, the authorization qualification condition includes, for example, that the identification data of the second identity data (that is, the name of the authorizable person) matches the data of the two guardians of the first identity data (that is, the name of the authorizable person). one of the father’s name and the mother’s name). However, in other embodiments, the authorization qualification condition may also represent, for example, that a current age indicated by the second identity data has reached the predetermined age threshold, which is not limited to this embodiment.

若該認證伺服端11判斷出該同意授權指示不符合該第二檢核條件及該授權資格條件的其中任一者時,流程進行至步驟S15。另一方面,若該認證伺服端11判斷出該同意授權指示符合該第二檢核條件以及該授權資格條件時,流程進行至步驟S16。If the authentication server 11 determines that the authorization approval instruction does not meet any one of the second verification condition and the authorization qualification condition, the process proceeds to step S15 . On the other hand, if the authentication server 11 determines that the authorization approval instruction complies with the second verification condition and the authorization qualification condition, the flow proceeds to step S16.

在接續於步驟S14之後的步驟S15中,一旦該認證伺服端11判斷出該同意授權指示不符合該第二檢核條件以及該授權資格條件的其中任一者,該認證伺服端11產生並傳送一授權失敗通知至該第二使用端122,以致該第二使用端122將該授權失敗通知輸出以供使用者(例如為該可授權者)參考。In step S15 subsequent to step S14, once the authentication server 11 determines that the approval authorization instruction does not meet any one of the second verification condition and the authorization qualification condition, the authentication server 11 generates and transmits An authorization failure notification is sent to the second user terminal 122, so that the second user terminal 122 outputs the authorization failure notification for the user (eg, the licensor) to refer to.

在接續於步驟S14之後的步驟S16中,一旦該認證伺服端11判斷出該同意授權指示符合該第二檢核條件以及該授權資格條件,該認證伺服端11產生並傳送一對應該金融服務請求的授權完成通知至該交易伺服端10。接著,流程進行至步驟S17。In step S16 following step S14, once the authentication server 11 determines that the approval authorization instruction meets the second verification condition and the authorization qualification condition, the authentication server 11 generates and transmits a corresponding financial service request The authorization completion notification is sent to the transaction server 10 . Next, the flow proceeds to step S17.

在步驟S17中,當該交易伺服端10接收到來自該認證伺服端11的該授權完成通知時,該交易伺服端10根據該授權完成通知執行一對應該金融服務請求的線上金融服務程序。舉例來說,該線上金融服務程序例如是開立一歸屬於該待授權者的數位存款帳戶,但並不以此為限。In step S17, when the transaction server 10 receives the authorization completion notification from the authentication server 11, the transaction server 10 executes an online financial service program corresponding to the financial service request according to the authorization completion notification. For example, the online financial service program opens a digital deposit account belonging to the person to be authorized, but not limited thereto.

以上即為本實施例之金融服務處理系統1所實施的金融服務處理方法。補充說明的是,本實施例亦可用於需要多位可授權者進行多人授權的應用。更具體地說,在該金融服務處理方法中,該金融服務處理系統1還可透過該使用端單元12進一步利用其他可授權者的晶片卡重覆執行如步驟S10至S14的授權流程。The above is the financial service processing method implemented by the financial service processing system 1 of this embodiment. It should be supplemented that this embodiment can also be used in applications requiring multiple authentifiers to perform multiple authorizations. More specifically, in the financial service processing method, the financial service processing system 1 may further use the chip cards of other licensors through the consumer unit 12 to repeatedly perform the authorization process of steps S10 to S14.

本發明還提供了該金融服務處理系統1的一第二實施例。與第一實施例不同的是,在第二實施例中,該使用端單元12例如是被實施為單一台供該待授權者及該可授權者共用的使用端,並且,在第二實施例的金融服務處理方法中,該使用端能夠實施在第一實施例中由該第一使用端121及該第二使用端122所執行的每一步驟,因此,該金融服務處理系統1及該金融服務處理方法的具體實施態樣並不以第一實施例為限。並且,在進一步的實施態樣中,當該認證伺服端11接收到該授權請求及該同意授權指示時,可例如進一步向一身分資料庫(圖未示)進行查詢,以確認該授權請求的該第一身分資料及該同意授權指示的第二身分資料是否正確,其中,該身分資料庫可例如是由金融聯合徵信中心或者政府機關(例如戶政事務所或是由國家發展委員會)所管理,但並不以此為限。The present invention also provides a second embodiment of the financial service processing system 1 . Different from the first embodiment, in the second embodiment, the user unit 12 is implemented as a single user end shared by the person to be authorized and the authorized person, for example, and in the second embodiment In the financial service processing method, the consumer can implement each step performed by the first consumer 121 and the second consumer 122 in the first embodiment. Therefore, the financial service processing system 1 and the financial The specific implementation aspect of the service processing method is not limited to the first embodiment. Moreover, in a further implementation aspect, when the authentication server 11 receives the authorization request and the consent authorization instruction, it may, for example, further query an identity database (not shown) to confirm the authorization request. Whether the first identity information and the second identity information of the consent authorization instruction are correct, wherein, the identity database may be, for example, a financial joint credit information center or a government agency (such as a household registration office or by the National Development Commission) management, but not limited to this.

本發明還提供了該金融服務處理系統1的一第三實施例。與第一實施例不同的是,由於待授權者的法定監護人並不一定是父母親,因此,在第三實施例之金融服務處理方法的步驟S5中,該第一身分資料並不包含第一實施例中所述的該兩筆監護者資料。而且,在第三實施例的步驟S7中,當該認證伺服端11接收到該授權請求時,該認證伺服端11例如還進一步地根據該授權請求所包含的該第一身分識別碼即時向一身分資料庫查詢該待授權者的一代理監護人,以自該身分資料庫獲得該代理監護人的身分證字號及姓名。其中,該身分資料庫可例如是由金融聯合徵信中心或者政府機關所管理,但並不以此為限。並且,在第三實施例的步驟S14中,該授權資格條件則例如是代表該同意授權指示的第二身分識別碼及該識別資料分別相符於該代理監護人的身分證字號及姓名。The present invention also provides a third embodiment of the financial service processing system 1 . Different from the first embodiment, since the legal guardian of the person to be authorized is not necessarily a parent, in step S5 of the financial service processing method of the third embodiment, the first identity information does not include the first identity information. The two guardian data described in the embodiment. Moreover, in step S7 of the third embodiment, when the authentication server 11 receives the authorization request, the authentication server 11, for example, further sends an instant message to a user according to the first identity code included in the authorization request. The identity database queries a proxy guardian of the person to be authorized, and obtains the identity card number and name of the proxy guardian from the identity database. Wherein, the identity database may be managed by, for example, a financial joint credit information center or a government agency, but it is not limited thereto. In addition, in step S14 of the third embodiment, the authorization qualification condition is, for example, that the second identification code representing the consent authorization instruction and the identification data correspond to the ID number and name of the proxy guardian, respectively.

綜上所述,藉由實施該金融服務處理方法,該金融服務處理系統1的第一使用端121能先利用該第一晶片卡101產生並傳送該授權請求至該認證伺服端11,接著,該第二使用端122再利用該第二晶片卡102產生並傳送該同意授權指示至該認證伺服端11,並且,該交易伺服端10會在該認證伺服端11判斷出該同意授權指示符合該第二檢核條件及該授權資格條件後,才執行對應該金融服務請求的該線上金融服務程序,藉此,該金融服務處理系統1有助於確保該線上金融服務程序是經過可授權者對待授權者的授權才被執行,而能避免衍生出後續爭議,故確實能達成本發明之目的。To sum up, by implementing the financial service processing method, the first user 121 of the financial service processing system 1 can first generate and transmit the authorization request to the authentication server 11 by using the first chip card 101, and then, The second user 122 then uses the second chip card 102 to generate and transmit the consent and authorization instruction to the authentication server 11 , and the transaction server 10 will determine in the authentication server 11 that the consent and authorization instruction conforms to the The online financial service program corresponding to the financial service request is executed only after the second checking condition and the authorization qualification condition, whereby the financial service processing system 1 helps to ensure that the online financial service program is treated by an authorized person Only the authorization of the licensor is executed, and subsequent disputes can be avoided, so the purpose of the present invention can indeed be achieved.

惟以上所述者,僅為本發明之實施例而已,當不能以此限定本發明實施之範圍,凡是依本發明申請專利範圍及專利說明書內容所作之簡單的等效變化與修飾,皆仍屬本發明專利涵蓋之範圍內。However, the above are only examples of the present invention, and should not limit the scope of the present invention. Any simple equivalent changes and modifications made according to the scope of the application for patent of the present invention and the content of the patent specification are still within the scope of the present invention. within the scope of the invention patent.

1:金融服務處理系統 10:交易伺服端 11:認證伺服端 12:使用端單元 121:第一使用端 122:第二使用端 101:第一晶片卡 102:第二晶片卡 S1~S17:步驟1: Financial Services Processing System 10: Transaction Server 11: Authentication server 12: Use end unit 121: The first user end 122: The second user terminal 101: The first chip card 102: Second chip card S1~S17: Steps

本發明之其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中: 圖1是本發明金融服務處理系統之一第一實施例的一方塊示意圖;及 圖2(由圖2A及2B組成)是一流程圖,示例性地說明該第一實施例如何實施一金融服務處理方法。Other features and effects of the present invention will be clearly presented in the embodiments with reference to the drawings, wherein: FIG. 1 is a schematic block diagram of a first embodiment of a financial service processing system of the present invention; and FIG. 2 (consisting of FIGS. 2A and 2B ) is a flow chart illustrating how the first embodiment implements a financial services processing method.

1:金融服務處理系統1: Financial Services Processing System

10:交易伺服端10: Transaction Server

11:認證伺服端11: Authentication server

12:使用端單元12: Use end unit

121:第一使用端121: The first user end

122:第二使用端122: The second user terminal

101:第一晶片卡101: The first chip card

102:第二晶片卡102: Second chip card

Claims (10)

一種金融服務處理系統,適用於一第一晶片卡及一第二晶片卡;該金融服務處理系統包含: 一交易伺服端; 一認證伺服端,電連接該交易伺服端;及 一使用端單元,用於電連接該交易伺服端; 其中: 該使用端單元於傳送一金融服務請求至該交易伺服端之後,自該第一晶片卡獲得一第一身分資料,且產生並提供一包含該第一身分資料的授權請求至該認證伺服端; 該認證伺服端於接收到該授權請求,且判斷出該授權請求符合一需授權條件時,輸出一能被該使用端單元讀取的授權需求通知; 該使用端單元自該第二晶片卡獲得一第二身分資料,且產生並提供一對應該授權請求且包含該第二身分資料的同意授權指示至該認證伺服端; 該認證伺服端於接收到該同意授權指示,且判斷出該同意授權指示符合一相關於該第一身分資料的授權資格條件時,輸出一授權完成通知至該交易伺服端,以致該交易伺服端根據該授權完成通知執行一對應該金融服務請求的線上金融服務程序。A financial service processing system is applicable to a first chip card and a second chip card; the financial service processing system includes: a transaction server; an authentication server, electrically connected to the transaction server; and a user-end unit for electrically connecting the transaction server; in: After sending a financial service request to the transaction server, the user unit obtains a first identity data from the first chip card, and generates and provides an authorization request including the first identity data to the authentication server; When the authentication server receives the authorization request and determines that the authorization request meets an authorization requirement, it outputs an authorization requirement notification that can be read by the user unit; The user-end unit obtains a second identity data from the second chip card, and generates and provides a pair of consent authorization instructions that respond to the authorization request and include the second identity data to the authentication server; When the authentication server receives the consent and authorization instruction and determines that the consent and authorization instruction meets an authorization qualification condition related to the first identity data, it outputs an authorization completion notification to the transaction server, so that the transaction server Execute a pair of online financial service programs in response to the financial service request according to the authorization completion notification. 如請求項1所述的金融服務處理系統,其中: 該使用端單元包括一用於電連接該交易伺服端的第一使用端,以及一用於電連接該交易伺服端的第二使用端; 該第一身分資料是由該第一使用端自該第一晶片卡所獲得,且該授權請求是由該第一使用端產生並經由該交易伺服端傳送至該認證伺服端; 該認證伺服端所輸出的該授權需求通知是能被該第二使用端所讀取;及 該第二身分資料是由該第二使用端自該第二晶片卡所獲得,且該同意授權指示是由該第二使用端產生並經由該交易伺服端傳送至該認證伺服端。The financial services processing system of claim 1, wherein: The user-end unit includes a first user-end for electrically connecting to the transaction server, and a second user-end for electrically connecting to the transaction server; the first identity data is obtained by the first user from the first chip card, and the authorization request is generated by the first user and sent to the authentication server via the transaction server; The authorization request notification output by the authentication server can be read by the second user; and The second identity information is obtained by the second user terminal from the second chip card, and the consent authorization instruction is generated by the second user terminal and transmitted to the authentication server through the transaction server. 如請求項1所述的金融服務處理系統,其中,該需授權條件包含該第一身分資料所指示出的一當前年齡未達一預設年齡門檻值,且該授權資格條件包含該第二身分資料所包含的一識別資料相符於該第一身分資料所包含的一監護者資料。The financial service processing system of claim 1, wherein the authorization requirement includes that a current age indicated by the first identity information does not reach a predetermined age threshold, and the authorization qualification includes the second identity An identification data included in the data matches a guardian data included in the first identity data. 如請求項3所述的金融服務處理系統,其中: 該授權請求還包含一由該使用端單元根據使用者的輸入所產生的第一輸入識別碼,且該第一身分資料包含一被儲存於該第一晶片卡的第一身分識別碼; 該認證伺服端是在判斷出該授權請求符合一第一檢核條件及該需授權條件時,才輸出該授權需求通知,其中,該第一檢核條件包含該第一輸入識別碼所具有的一第一參考部分相符於該第一身分識別碼所具有的一第一目標部分; 該同意授權指示還包含一由該使用端單元根據使用者的輸入所產生的第二輸入識別碼,且該第二身分資料包含一被儲存於該第二晶片卡的第二身分識別碼;及 該認證伺服端是在判斷出該同意授權指示符合一第二檢核條件及該授權資格條件時,才輸出該授權完成通知至該交易伺服端,其中,該第二檢核條件包含該第二輸入識別碼所具有的一第二參考部分相符於該第二身分識別碼所具有的一第二目標部分。The financial services processing system of claim 3, wherein: The authorization request further includes a first input identification code generated by the user unit according to the user's input, and the first identity data includes a first identification code stored in the first chip card; The authentication server only outputs the authorization request notification when it determines that the authorization request meets a first check condition and the authorization-required condition, wherein the first check condition includes the first input identification code. a first reference portion corresponds to a first target portion of the first ID; The consent authorization instruction further includes a second input identification code generated by the user-end unit according to the user's input, and the second identity data includes a second identification code stored in the second chip card; and The authentication server only outputs the authorization completion notification to the transaction server when it determines that the consent and authorization instruction meets a second check condition and the authorization qualification condition, wherein the second check condition includes the second check condition A second reference portion of the input identification code corresponds to a second target portion of the second identity identification code. 如請求項4所述的金融服務處理系統,其中: 該授權請求還包含一由該第一晶片卡至少根據該第一身分資料所產生的第一簽章結果,並且,該第一檢核條件還包含該第一簽章結果能被用於判定該授權請求所包含的該第一身分資料具有資料完整性及不可否認性;及 該同意授權指示還包含一由該第二晶片卡至少根據該第二身分資料所產生的第二簽章結果,並且,該第二檢核條件還包含該第二簽章結果能被用於判定該同意授權指示所包含的該第二身分資料具有資料完整性及不可否認性。The financial services processing system of claim 4, wherein: The authorization request further includes a first signature result generated by the first chip card based on at least the first identity information, and the first verification condition further includes that the first signature result can be used to determine the that the primary identity data included in the authorization request is data integrity and non-repudiation; and The consent authorization instruction further includes a second signature result generated by the second chip card based on at least the second identity information, and the second verification condition further includes that the second signature result can be used to determine The second identity information contained in the consent authorization instruction has data integrity and non-repudiation. 一種金融服務處理方法,由一金融服務處理系統實施,該金融服務處理系統適用於一第一晶片卡及一第二晶片卡,且包含一交易伺服端、一認證伺服端及一使用端單元;該金融服務處理方法包含: (A)該使用端單元於傳送一金融服務請求至該交易伺服端之後,自該第一晶片卡獲得一第一身分資料,且產生並提供一包含該第一身分資料的授權請求至該認證伺服端; (B) 該認證伺服端於接收到該授權請求,且判斷出該授權請求符合一需授權條件時,輸出一能被該使用端單元讀取的授權需求通知; (C) 該使用端單元自該第二晶片卡獲得一第二身分資料,且產生並提供一對應該授權請求且包含該第二身分資料的同意授權指示至該認證伺服端;及 (D) 該認證伺服端於接收到該同意授權指示,且判斷出該同意授權指示符合一相關於該第一身分資料的授權資格條件時,輸出一授權完成通知至該交易伺服端,以致該交易伺服端根據該授權完成通知執行一對應該金融服務請求的線上金融服務程序。A financial service processing method is implemented by a financial service processing system, the financial service processing system is suitable for a first chip card and a second chip card, and includes a transaction server, an authentication server and a user unit; This financial services processing method includes: (A) After sending a financial service request to the transaction server, the user unit obtains a first identity information from the first chip card, and generates and provides an authorization request including the first identity information to the authentication server side; (B) when the authentication server receives the authorization request and determines that the authorization request meets an authorization requirement, it outputs an authorization requirement notification that can be read by the user unit; (C) the user-end unit obtains a second identity data from the second chip card, and generates and provides a consent authorization instruction that includes the second identity data in response to the authorization request to the authentication server; and (D) When the authentication server receives the consent and authorization instruction and determines that the consent and authorization instruction meets an authorization qualification condition related to the first identity data, it outputs an authorization completion notification to the transaction server, so that the The transaction server executes an online financial service program corresponding to the financial service request according to the authorization completion notification. 如請求項6所述的金融服務處理方法,其中: 該使用端單元包括一用於電連接該交易伺服端的第一使用端,以及一用於電連接該交易伺服端的第二使用端; 在步驟(A)中,該第一身分資料是由該第一使用端自該第一晶片卡所獲得,且該授權請求是由該第一使用端產生並經由該交易伺服端傳送至該認證伺服端; 在步驟(B)中,該認證伺服端所輸出的該授權需求通知是能被該第二使用端所讀取;及 在步驟(C)中,該第二身分資料是由該第二使用端自該第二晶片卡所獲得,且該同意授權指示是由該第二使用端產生並經由該交易伺服端傳送至該認證伺服端。The financial service processing method as claimed in claim 6, wherein: The user-end unit includes a first user-end for electrically connecting to the transaction server, and a second user-end for electrically connecting to the transaction server; In step (A), the first identity information is obtained by the first user from the first chip card, and the authorization request is generated by the first user and sent to the authentication via the transaction server server side; In step (B), the authorization request notification output by the authentication server can be read by the second user; and In step (C), the second identity information is obtained by the second user terminal from the second chip card, and the consent authorization instruction is generated by the second user terminal and transmitted to the transaction server through the transaction server Authentication server. 如請求項6所述的金融服務處理方法,其中,在步驟(B)中,該需授權條件包含該第一身分資料所指示出的一當前年齡未達一預設年齡門檻值,在步驟(D)中,該授權資格條件包含該第二身分資料所包含的一識別資料相符於該第一身分資料所包含的一監護者資料。The financial service processing method according to claim 6, wherein, in step (B), the authorization requirement includes that a current age indicated by the first identity data does not reach a preset age threshold, and in step (B) In D), the authorization qualification condition includes that an identification data contained in the second identity data matches a guardian data contained in the first identity data. 如請求項8所述的金融服務處理方法,其中: 在步驟(A)中,該授權請求還包含一由該使用端單元根據使用者的輸入所產生的第一輸入識別碼,且該第一身分資料包含一被儲存於該第一晶片卡的第一身分識別碼; 在步驟(B)中,該認證伺服端是在判斷出該授權請求符合一第一檢核條件及該需授權條件時,才輸出該授權需求通知,其中,該第一檢核條件包含該第一輸入識別碼所具有的一第一參考部分相符於該第一身分識別碼所具有的一第一目標部分; 在步驟(C)中,該同意授權指示還包含一由該使用端單元根據使用者的輸入所產生的第二輸入識別碼,且該第二身分資料包含一被儲存於該第二晶片卡的第二身分識別碼;及 在步驟(D)中,該認證伺服端是在判斷出該同意授權指示符合一第二檢核條件及該授權資格條件時,才輸出該授權完成通知至該交易伺服端,其中,該第二檢核條件包含該第二輸入識別碼所具有的一第二參考部分相符於該第二身分識別碼所具有的一第二目標部分。The financial service processing method as claimed in claim 8, wherein: In step (A), the authorization request further includes a first input identification code generated by the user unit according to the user's input, and the first identity data includes a first ID stored in the first chip card. an identity code; In step (B), the authentication server only outputs the authorization request notification when it determines that the authorization request meets a first check condition and the authorization-needed condition, wherein the first check condition includes the first check condition. A first reference portion of an input identifier corresponds to a first target portion of the first identity identifier; In step (C), the consent and authorization instruction further includes a second input identification code generated by the user-end unit according to the user's input, and the second identity data includes a stored in the second chip card. secondary identity code; and In step (D), the authentication server only outputs the authorization completion notification to the transaction server when it determines that the consent authorization instruction meets a second check condition and the authorization qualification condition, wherein the second The check condition includes that a second reference part of the second input ID matches a second target part of the second ID. 如請求項9所述的金融服務處理方法,其中: 在步驟(A)中,該授權請求還包含一由該第一晶片卡至少根據該第一身分資料所產生的第一簽章結果; 在步驟(B)中,該第一檢核條件還包含該第一簽章結果能被用於判定該授權請求所包含的該第一身分資料具有資料完整性及不可否認性; 在步驟(C)中,該同意授權指示還包含一由該第二晶片卡至少根據該第二身分資料所產生的第二簽章結果;及 在步驟(D)中,該第二檢核條件還包含該第二簽章結果能被用於判定該同意授權指示所包含的該第二身分資料具有資料完整性及不可否認性。The financial service processing method as claimed in claim 9, wherein: In step (A), the authorization request further includes a first signature result generated by the first chip card at least according to the first identity information; In step (B), the first verification condition further includes that the first signature result can be used to determine that the first identity data included in the authorization request has data integrity and non-repudiation; In step (C), the consent authorization instruction further includes a second signature result generated by the second chip card based on at least the second identity information; and In step (D), the second verification condition further includes that the second signature result can be used to determine that the second identity data included in the consent authorization instruction has data integrity and non-repudiation.
TW109120399A 2020-06-17 2020-06-17 Authorization system and method thereof TWI767254B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW109120399A TWI767254B (en) 2020-06-17 2020-06-17 Authorization system and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW109120399A TWI767254B (en) 2020-06-17 2020-06-17 Authorization system and method thereof

Publications (2)

Publication Number Publication Date
TW202201311A TW202201311A (en) 2022-01-01
TWI767254B true TWI767254B (en) 2022-06-11

Family

ID=80787897

Family Applications (1)

Application Number Title Priority Date Filing Date
TW109120399A TWI767254B (en) 2020-06-17 2020-06-17 Authorization system and method thereof

Country Status (1)

Country Link
TW (1) TWI767254B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW200929039A (en) * 2007-12-31 2009-07-01 Financial Information Service Co Ltd Small amount expense payment method using SmartPay
US20120290482A1 (en) * 2004-12-07 2012-11-15 Farsheed Atef System and method for identity verification and management
US20120303521A1 (en) * 2005-09-16 2012-11-29 Bous Joseph M Methods and systems for protection of identity
TW201743235A (en) * 2016-05-31 2017-12-16 方建強 Method and system for identity authentication
TWI612436B (en) * 2016-12-30 2018-01-21 臺灣銀行股份有限公司 Citizen digital certificate authentication method
CN108921510A (en) * 2018-06-27 2018-11-30 中国建设银行股份有限公司 Banking remote auto checking method and system
TWI644276B (en) * 2016-12-29 2018-12-11 臺灣中小企業銀行股份有限公司 System for opening account and applying mobile banking account online and method thereof

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120290482A1 (en) * 2004-12-07 2012-11-15 Farsheed Atef System and method for identity verification and management
US20120303521A1 (en) * 2005-09-16 2012-11-29 Bous Joseph M Methods and systems for protection of identity
TW200929039A (en) * 2007-12-31 2009-07-01 Financial Information Service Co Ltd Small amount expense payment method using SmartPay
TW201743235A (en) * 2016-05-31 2017-12-16 方建強 Method and system for identity authentication
TWI644276B (en) * 2016-12-29 2018-12-11 臺灣中小企業銀行股份有限公司 System for opening account and applying mobile banking account online and method thereof
TWI612436B (en) * 2016-12-30 2018-01-21 臺灣銀行股份有限公司 Citizen digital certificate authentication method
CN108921510A (en) * 2018-06-27 2018-11-30 中国建设银行股份有限公司 Banking remote auto checking method and system

Also Published As

Publication number Publication date
TW202201311A (en) 2022-01-01

Similar Documents

Publication Publication Date Title
CN110537195B (en) Method for permitting card use and server using same
US11539690B2 (en) Authentication system, authentication method, and application providing method
KR101883156B1 (en) System and method for authentication, user terminal, authentication server and service server for executing the same
CN109684801B (en) Method and device for generating, issuing and verifying electronic certificate
US9124571B1 (en) Network authentication method for secure user identity verification
US20130103802A1 (en) Service providing system
TW201903637A (en) Query system, method and non-transitory machine-readable medium to determine authentication capabilities
US20210243037A1 (en) Method for information processing in digital asset certificate inheritance transfer, and related device
US20170155629A1 (en) Network-based user authentication device, method, and program that securely authenticate a user's identity by using a pre-registered authenticator in a remote portable terminal of the user
CN112912875A (en) Authentication system, authentication method, application providing device, authentication device, authentication program
CN115086005B (en) Electronic signature mutual signing method and system among multiple systems, electronic equipment and storage medium
CN113676332B (en) Two-dimensional code authentication method, communication device and storage medium
JP6447949B1 (en) Authentication system, authentication server, authentication method, and authentication program
JP7218840B1 (en) System, method, server, server control method and program
KR20140081041A (en) Authentication Method and System for Service Connection of Internet Site using Phone Number
KR101856530B1 (en) Encryption system providing user cognition-based encryption protocol and method for processing on-line settlement, security apparatus and transaction approval server using thereof
CN113904774B (en) Block chain address authentication method and device and computer equipment
EP2916509B1 (en) Network authentication method for secure user identity verification
TWI767254B (en) Authorization system and method thereof
KR101412159B1 (en) An authentication system using mobile phone and the authentication method
CN106779672A (en) The method and device that mobile terminal safety pays
CN119652526A (en) A blockchain-based information authentication method and related equipment
TWM602247U (en) Financial Services Processing System
US12368592B2 (en) Cryptographic signing of a data item
CN120641895A (en) System and method for multi-factor authentication