TWI853750B - Proximity digital authorization sharing system, method and computer-readable medium combining selfie image - Google Patents
Proximity digital authorization sharing system, method and computer-readable medium combining selfie image Download PDFInfo
- Publication number
- TWI853750B TWI853750B TW112145869A TW112145869A TWI853750B TW I853750 B TWI853750 B TW I853750B TW 112145869 A TW112145869 A TW 112145869A TW 112145869 A TW112145869 A TW 112145869A TW I853750 B TWI853750 B TW I853750B
- Authority
- TW
- Taiwan
- Prior art keywords
- digital
- sensing
- cloud server
- delegator
- dispatched person
- Prior art date
Links
Images
Landscapes
- Studio Devices (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
Description
本發明係關於一種近端數位授權分享技術,特別是指一種結合自拍影像之近端數位授權分享系統、方法及電腦可讀媒介。 The present invention relates to a near-end digital authorization sharing technology, and more particularly to a near-end digital authorization sharing system, method and computer-readable medium combined with selfie images.
一般組織(如企業/公司行號/機關/社區)採用之近場通訊(Near Field Communication;NFC)技術對使用者進行數位身分識別服務,在諸如短期使用者(如訪客)及委外門禁等各種應用上存在下列問題。 Near Field Communication (NFC) technology used by general organizations (such as enterprises/companies/institutions/communities) to provide digital identity services for users has the following problems in various applications such as short-term users (such as visitors) and outsourced access control.
首先,為了正確識別使用者,使用者在加入識別服務時之必要條件為需提交足以保證其真實身分之個人資訊,此必要條件並未對組織(如企業)內之使用者(如正職員工)造成負面影響,但對於非組織內之使用者之短期使用者(如訪客)而言,則須自行承擔個資外洩風險,導致個資外洩風險常成為短期使用者拒絕加入數位識別服務之關鍵因素。 First, in order to correctly identify users, users are required to submit personal information sufficient to guarantee their true identity when joining the identification service. This requirement does not have a negative impact on users within an organization (such as a company) (such as full-time employees), but for short-term users who are not users within the organization (such as visitors), they must bear the risk of personal information leakage themselves, resulting in the risk of personal information leakage often becoming a key factor for short-term users to refuse to join the digital identification service.
其次,以數位身分識別服務作為入口,短期使用者經過識別完成後才可使用獲得授權之應用(如門禁權限)。對於僅需要部分門禁權限之短期使用 者(如訪客),卻需要經過與組織(如企業)內之使用者(如正職員工)相同之完整流程才能獲得此門禁權限,此流程對於短期使用者(如訪客)而言明顯過於繁瑣。 Secondly, with digital identity service as the entrance, short-term users can use authorized applications (such as access control permissions) only after completing the identification. For short-term users who only need partial access control permissions (such as visitors), they need to go through the same complete process as users (such as full-time employees) within the organization (such as enterprises) to obtain this access control permission. This process is obviously too cumbersome for short-term users (such as visitors).
再者,使用者之手機一經破解,便無法信任來自手機之偵測模組中既有定位技術所提供之資料數據。衛星定位資訊在使用者之手機上是可以被偽造的,無線網路與藍牙定位皆可利用中間人攻擊手法來製造不在場定位。過去習知技術可能同時使用衛星、無線網路與藍牙等多樣定位技術以避免單一定位技術之造假情形及解決可靠度問題,但同時使用衛星、無線網路與藍牙等多樣定位技術之成本相當高昂,且有其困難度。 Furthermore, once the user's mobile phone is cracked, the data provided by the existing positioning technology in the detection module of the mobile phone cannot be trusted. Satellite positioning information can be forged on the user's mobile phone, and both wireless network and Bluetooth positioning can use the middleman attack method to create absent positioning. In the past, the known technology may use multiple positioning technologies such as satellite, wireless network and Bluetooth at the same time to avoid the fraud of a single positioning technology and solve the reliability problem, but the cost of using multiple positioning technologies such as satellite, wireless network and Bluetooth at the same time is very high and has its difficulties.
因此,如何提供一種創新之近端數位授權分享技術,以解決上述之任一問題並提供相關之系統或方法,已成為本領域技術人員之一大研究課題。 Therefore, how to provide an innovative near-end digital authorization sharing technology to solve any of the above problems and provide a related system or method has become a major research topic for technical personnel in this field.
本發明所述結合自拍影像之近端數位授權分享系統包括:一數位識別雲端伺服器;一委派人被驗裝置,係要求數位識別雲端伺服器執行分享請求,以由數位識別雲端伺服器回覆一分享代碼予委派人被驗裝置;至少一受派人被驗裝置,係通訊連結委派人被驗裝置,以由委派人被驗裝置通知數位識別雲端伺服器所回覆之分享代碼予受派人被驗裝置,再由受派人被驗裝置提交分享代碼至數位識別雲端伺服器,俾由受派人被驗裝置利用分享代碼向數位識別雲端伺服器請求下載數位授權;以及一近端感應機,係通訊連結受派人被驗裝置,且由受派人持受派人被驗裝置靠近近端感應機以進行近端感應,其中,當受派人欲啟用受派人被驗裝置從數位識別雲端伺服器所下載之數位授權時,由受派人透過受派人被驗裝置之自拍鏡頭完成擷取受派人之自拍影像,以將自拍 影像之檔案之雜湊值作為感應資料之一部份,經受派人被驗裝置與近端感應機兩者對感應資料進行雙重簽章,且將受派人被驗裝置之自拍鏡頭所擷取之受派人之自拍影像作為在場證明,俾供委派人依據自拍影像確認受派人確實在近端感應機之現場完成擷取自拍影像。 The near-end digital authorization sharing system combined with self-portrait images described in the present invention includes: a digital identification cloud server; a delegator verified device, which requires the digital identification cloud server to execute a sharing request, so that the digital identification cloud server replies a sharing code to the delegator verified device; at least one dispatched verified device, which is a communication link to the delegator verified device, so that the delegator verified device notifies the digital identification cloud server of the sharing code replied to the dispatched verified device, and then the dispatched verified device submits the sharing code to the digital identification cloud server, so that the dispatched verified device uses the sharing code to request the digital identification cloud server to download the digital authorization; and a near-end sensor, which is a communication link The dispatchee is provided with a device for inspection, and the dispatchee holds the device for inspection close to the proximity sensor for proximity sensing. When the dispatchee wants to activate the digital authorization downloaded from the digital identification cloud server by the dispatchee's device for inspection, the dispatchee completes the capture of the dispatchee's selfie image through the selfie camera of the dispatchee's device for inspection, and uses the hash value of the selfie image file as part of the sensing data. The dispatchee's device for inspection and the proximity sensor both double-sign the sensing data, and the dispatchee's selfie image captured by the selfie camera of the dispatchee's device for inspection is used as a proof of presence, so that the delegator can confirm based on the selfie image that the dispatchee has indeed completed the capture of the selfie image at the proximity sensor.
本發明所述結合自拍影像之近端數位授權分享方法包括:由一委派人被驗裝置要求一數位識別雲端伺服器執行分享請求,以由數位識別雲端伺服器回覆一分享代碼予委派人被驗裝置;由委派人被驗裝置通知數位識別雲端伺服器所回覆之分享代碼予至少一受派人被驗裝置,再由受派人被驗裝置提交分享代碼至數位識別雲端伺服器,俾由受派人被驗裝置利用分享代碼向數位識別雲端伺服器請求下載數位授權;以及由受派人持受派人被驗裝置靠近一近端感應機以進行近端感應,其中,當受派人欲啟用受派人被驗裝置從數位識別雲端伺服器所下載之數位授權時,由受派人透過受派人被驗裝置之自拍鏡頭完成擷取受派人之自拍影像,以將自拍影像之檔案之雜湊值作為感應資料之一部份,經受派人被驗裝置與近端感應機兩者對感應資料進行雙重簽章,且將受派人被驗裝置之自拍鏡頭所擷取之受派人之自拍影像作為在場證明,俾供委派人依據自拍影像確認受派人確實在近端感應機之現場完成擷取自拍影像。 The method for sharing near-end digital authorization combined with self-portrait images of the present invention comprises: a delegator's detected device requests a digital identification cloud server to execute a sharing request, so that the digital identification cloud server replies with a sharing code to the delegator's detected device; the delegator's detected device notifies the sharing code replied by the digital identification cloud server to at least one dispatched detected device, and then the dispatched detected device submits the sharing code to the digital identification cloud server, so that the dispatched detected device uses the sharing code to request the digital identification cloud server to download the digital authorization; and the dispatched person holds the dispatched detected device close to a near-end sensor. The dispatcher shall use the selfie camera of the dispatcher’s inspection device to capture the dispatcher’s selfie image when the dispatcher wants to activate the digital authorization downloaded from the digital identification cloud server by the dispatcher’s inspection device. The hash value of the selfie image file is used as part of the sensing data. The dispatcher’s inspection device and the near-end sensor both double-sign the sensing data. The dispatcher’s selfie image captured by the selfie camera of the dispatcher’s inspection device is used as a proof of presence, so that the delegator can confirm that the dispatcher has indeed completed the capture of the selfie image at the near-end sensor based on the selfie image.
本發明之電腦可讀媒介應用於計算裝置或電腦中,係儲存有指令,以執行上述結合自拍影像之近端數位授權分享方法。 The computer-readable medium of the present invention is applied to a computing device or a computer, and stores instructions to execute the aforementioned near-end digital authorization sharing method combined with selfie images.
因此,本發明提供一種創新之結合自拍影像之近端數位授權分享系統、方法及電腦可讀媒介,係提供數位授權分享機制,即委派人可將自身已啟用之數位授權委派給至少一(如複數)受派人,且此數位授權分享機制能結合受派人之自拍影像之近端感應簽章方法,使得受派人於啟用數位授權時,必須先 透過受派人被驗裝置之自拍鏡頭完成擷取受派人之自拍影像,以將自拍影像之檔案之雜湊值作為感應資料之一部份,經受派人被驗裝置與近端感應機兩者對感應資料進行雙重簽章,俾保證雙重簽章之資料之完整性及可信度。 Therefore, the present invention provides an innovative near-end digital authorization sharing system, method and computer-readable medium combined with self-portrait images, which provides a digital authorization sharing mechanism, that is, the delegator can delegate his own activated digital authorization to at least one (such as multiple) assignees, and this digital authorization sharing mechanism can be combined with the near-end sensor signature method of the assignee's self-portrait image, so that when the assignee activates the digital authorization, he must first completely capture the assignee's self-portrait image through the self-portrait camera of the assignee's verification device, so as to use the hash value of the self-portrait image file as part of the sensing data, and the assignee's verification device and the near-end sensor both double-sign the sensing data to ensure the integrity and credibility of the double-signed data.
此外,本發明之雙重簽章可指感應資料經過受派人被驗裝置之簽章後,此簽章連同感應資料再由近端感應機進行簽章,以利經過雙重簽章之資料無法由受派人被驗裝置與近端感應機之任一者作片面修改,從而保證雙重簽章之資料之完整性及可信度。 In addition, the double signature of the present invention may refer to the signature of the sensor data by the dispatched person's verification device, and then the signature and the sensor data are signed by the proximal sensor, so that the double-signed data cannot be unilaterally modified by either the dispatched person's verification device or the proximal sensor, thereby ensuring the integrity and credibility of the double-signed data.
再者,本發明能提供給受派人以感應時之自拍影像作為具體之在場證明,亦能使委派人依據自拍影像有效地確認受派人確實在近端感應機之現場完成擷取自拍影像。 Furthermore, the present invention can provide the dispatched person with a self-portrait image taken during the sensing process as a concrete proof of presence, and can also enable the delegating person to effectively confirm based on the self-portrait image that the dispatched person has indeed completed the capture of the self-portrait image at the site of the proximal sensor.
為使本發明之上述特徵與優點能更明顯易懂,下文特舉實施例,並配合所附圖式作詳細說明。在以下描述內容中將部分闡述本發明之額外特徵及優點,且此等特徵及優點將部分自所述描述內容可得而知,或可藉由對本發明之實踐習得。應理解,前文一般描述與以下詳細描述二者均為例示性及解釋性的,且不欲約束本發明所欲主張之範圍。 In order to make the above features and advantages of the present invention more clearly understandable, the following examples are given and detailed descriptions are provided in conjunction with the attached drawings. The following description will partially explain the additional features and advantages of the present invention, and these features and advantages will be partially known from the description or can be learned through the practice of the present invention. It should be understood that both the general description above and the detailed description below are exemplary and explanatory, and are not intended to limit the scope of the present invention.
1:近端數位授權分享系統 1: Near-end digital authorization sharing system
10:委派人被驗裝置 10: The delegate is inspected by the device
11:第一感應應用程式 11: First Sense App
20:受派人被驗裝置 20: The assigned person is inspected for equipment
21:第二感應應用程式 21: Second Sense Application
22:自拍鏡頭 22: Selfie camera
30:近端感應機 30: Proximal sensor
31:安全元件 31: Security element
32:處理模組 32: Processing module
33:近端感應模組 33: Proximal sensing module
40:數位識別雲端伺服器 40: Digital identification of cloud servers
41:資料庫 41: Database
A:委派人 A: Delegator
B:受派人 B: Assignee
B1:自拍影像 B1: Selfie image
C:使用者識別序號 C: User identification number
D:外部通訊管道 D: External communication channels
E:分享代碼 E: Share code
F:近端感應通道 F: Proximal sensing channel
P1至P5:程序 P1 to P5: Procedure
S11至S13,S21至S24:步驟 S11 to S13, S21 to S24: Steps
S31至S36,S41至S49:步驟 S31 to S36, S41 to S49: Steps
圖1為本發明所述結合自拍影像之近端數位授權分享系統之架構示意圖。 Figure 1 is a schematic diagram of the architecture of the near-end digital authorization sharing system combined with selfie images described in the present invention.
圖2為本發明所述結合自拍影像之近端數位授權分享方法中,有關第一感應應用程式與第二感應應用程式之初始化流程示意圖。 Figure 2 is a schematic diagram of the initialization process of the first sensing application and the second sensing application in the near-end digital authorization sharing method combined with the selfie image described in the present invention.
圖3為本發明所述結合自拍影像之近端數位授權分享方法中,有 關執行數位授權分享程序之流程示意圖。 FIG3 is a schematic diagram of the process of executing the digital authorization sharing procedure in the near-end digital authorization sharing method combined with the selfie image described in the present invention.
圖4為本發明所述結合自拍影像之近端數位授權分享方法中,有關執行數位授權啟用程序中「組成數位授權啟用通知」之流程示意圖。 FIG4 is a schematic diagram of the process of "composing a digital authorization activation notification" in the execution of the digital authorization activation procedure in the near-end digital authorization sharing method combined with selfie images described in the present invention.
圖5為本發明所述結合自拍影像之近端數位授權分享方法中,有關執行數位授權啟用程序之流程示意圖。 FIG5 is a schematic diagram of the process of executing the digital authorization activation procedure in the near-end digital authorization sharing method combined with the selfie image described in the present invention.
以下藉由特定的具體實施形態說明本發明之實施方式,熟悉此技術之人士可由本說明書所揭示之內容瞭解本發明之其他優點與功效,亦可因而藉由其他不同具體等同實施形態加以施行或運用。 The following describes the implementation of the present invention through a specific concrete implementation form. People familiar with this technology can understand other advantages and effects of the present invention from the content disclosed in this manual, and can also implement or use it through other different specific equivalent implementation forms.
圖1為本發明所述結合自拍影像之近端數位授權分享系統1之架構示意圖。如圖1所示,結合自拍影像之近端數位授權分享系統1至少包括互相通訊連結之一委派人A之委派人被驗裝置10、至少一(如複數)受派人B之受派人被驗裝置20、至少一(如複數)近端感應機30與至少一數位識別雲端伺服器40。
FIG1 is a schematic diagram of the structure of the near-end digital authorization sharing system 1 combined with self-portrait images of the present invention. As shown in FIG1, the near-end digital authorization sharing system 1 combined with self-portrait images at least includes a
在一實施例中,委派人A可為長期/永久使用者、老闆、正職員工、會議主辦人、住戶、房東等擁有權限者,而受派人B可為短期/臨時使用者、委外員工、訪客、旅客、背包客等非擁有權限者。委派人被驗裝置10可為行動裝置(如智慧型手機)、電腦(如平板電腦/筆記型電腦/桌上型電腦)、使用者裝置(如個人數位助理PDA)等,受派人被驗裝置20可為行動裝置(如智慧型手機)、電腦(如平板電腦/筆記型電腦)、使用者裝置(如個人數位助理PDA)、影像擷取裝置(如數位相機)等。近端感應機30可為近場通訊(NFC)感應機、藍牙(Bluetooth)感應機、超寬頻(Ultra-wideband;UWB)感應機、無線網路(Wi-Fi)感應機等,且數位識
別雲端伺服器40可為具有數位識別功能之雲端伺服器、雲端伺服主機等。
In one embodiment, the delegator A may be a long-term/permanent user, boss, full-time employee, conference organizer, resident, landlord, etc., and the assignee B may be a short-term/temporary user, outsourced employee, visitor, traveler, backpacker, etc., who does not have the authority. The delegator's inspected
再者,委派人被驗裝置10可具有一第一感應應用程式11,受派人被驗裝置20可具有一第二感應應用程式21與一自拍鏡頭22,近端感應機30可具有一安全元件31、一處理模組32與一近端感應模組33,且數位識別雲端伺服器40可具有至少一(如複數)資料庫41。
Furthermore, the delegate's verified
在一實施例中,第一感應應用程式11或第二感應應用程式21可為感應軟體等,處理模組32可為處理器、處理晶片、處理電路、處理軟體、處理程式等,近端感應模組33可為近場通訊(NFC)感應模組、藍牙感應模組、超寬頻(UWB)感應模組、無線網路(Wi-Fi)感應模組等,資料庫41可為數位授權資料庫、使用者資料庫、感應紀錄資料庫、近端感應機資料庫等。
In one embodiment, the
本發明所述「至少一」代表一個以上(如一、二或三個以上),「複數」代表二個以上(如二、三、四、十或百個以上),「通訊連結」代表透過資料、訊號、電性、有線方式(如有線網路)或無線方式(如無線網路)等各種方式互相通訊或連結,「組織」可為企業、公司行號、機關、機構、單位、社區等。但是,本發明並不以各實施例所提及者為限。 The term "at least one" in the present invention means more than one (such as one, two or three), "plurality" means more than two (such as two, three, four, ten or one hundred), "communication link" means communication or connection through various means such as data, signal, electrical, wired (such as wired network) or wireless (such as wireless network), and "organization" can be an enterprise, company, agency, institution, unit, community, etc. However, the present invention is not limited to those mentioned in the embodiments.
具體而言,委派人A可將已啟用之數位授權分享給受派人B。亦即,委派人A可透過委派人被驗裝置10取得受派人B之使用者識別序號C,並透過委派人被驗裝置10之第一感應應用程式11要求數位識別雲端伺服器40執行分享請求及回覆(見圖1之程序P1)。數位識別雲端伺服器40對委派人被驗裝置10之回覆(如回覆訊息)可具有一分享代碼E,以由委派人A之委派人被驗裝置10透過外部通訊管道D(如電子郵件/簡訊服務/即時訊息)通知分享代碼E予受派人B之受派人被驗裝置20,再由受派人被驗裝置20之第二感應應用程式21
提交分享代碼E至數位識別雲端伺服器40,俾由受派人被驗裝置20之第二感應應用程式21利用分享代碼E向數位識別雲端伺服器40請求下載數位授權(見圖1之程序P3)。
Specifically, the delegator A can share the activated digital authorization with the assignee B. That is, the delegator A can obtain the user identification number C of the assignee B through the delegator verified
此時,從數位識別雲端伺服器40下載至受派人被驗裝置20之數位授權需要啟用,第二感應應用程式21可導引受派人B以受派人被驗裝置20之自拍鏡頭22執行自動擷取受派人B之自拍影像B1,再透過受派人被驗裝置20與近端感應機30間之近端感應通道F完成感應簽章。受派人被驗裝置20之第二感應應用程式21執行上傳感應紀錄(見圖1之程序P4)至數位識別雲端伺服器40,此感應紀錄形成一數位授權啟用通知,以由數位識別雲端伺服器40執行推送數位授權啟用通知及回覆(見圖1之程序P2)至委派人A之委派人被驗裝置10。
At this time, the digital authorization downloaded from the digital
接著,由委派人被驗裝置10將委派人A對數位授權啟用通知之確認結果傳回數位識別雲端伺服器40,以由數位識別雲端伺服器40依據數位授權啟用通知之確認結果推送委派人A之啟用決定(見圖1之程序P5)至受派人被驗裝置20之第二感應應用程式21,俾由受派人被驗裝置20之第二感應應用程式21依據委派人A之啟用決定為同意啟用或不同意啟用,分別對此數位授權執行標記啟用或刪除此數位授權。
Next, the delegator's verified
本發明所述結合自拍影像之近端數位授權分享系統1中,當進行感應識別時,受派人B可持受派人被驗裝置20靠近近端感應機30以進行近端感應。近端感應機30之安全元件31可用於儲存解密金鑰與感應機金鑰,其中,解密金鑰與感應機金鑰於近端感應機30出廠前便已經寫入於安全元件31中,而近端感應機30之處理模組32可用於解密、簽章驗證及簽署等。近端感應機30
之近端感應模組33可為使用近場通訊(NFC)技術之近場通訊感應模組,亦可為使用藍牙技術之藍牙感應模組、使用超寬頻(UWB)技術之超寬頻感應模組、使用無線網路(Wi-Fi)技術之無線網路感應模組,以提供更廣泛的感應範圍。
In the near-end digital authorization sharing system 1 combined with self-portrait images of the present invention, when performing sensing identification, the dispatched person B can hold the dispatched
數位識別雲端伺服器40可管理所有委派人A與受派人B之數位授權、委派人A與受派人B之被驗金鑰,並同時儲存(保存)感應紀錄。數位識別雲端伺服器40亦能管理近端感應機30,包括管理所有近端感應機30之感應機金鑰與加解密金鑰。上述紀錄與管理可透過數位識別雲端伺服器40之資料庫41來實作,若近端感應機30採用固定安裝方式,則數位識別雲端伺服器40之資料庫41可紀錄近端感應機30之實際佈署位置及管理者資訊。
The digital
例如,數位識別雲端伺服器40之資料庫41可包括至少一數位授權資料庫、至少一使用者資料庫、至少一感應紀錄資料庫及/或至少一近端感應機資料庫,以由數位授權資料庫儲存或管理所有使用者(如委派人A及受派人B)所屬之數位授權,由使用者資料庫儲存或管理所有使用者(如委派人A及受派人B)之被驗金鑰,並由感應紀錄資料庫儲存或管理感應紀錄,且由近端感應機資料庫儲存或管理所有近端感應機40所擁有之感應機金鑰及加密金鑰。
For example, the
本發明所述結合自拍影像之近端數位授權分享系統1係揭露一數位授權分享機制,即一使用者以委派人A之身分將自身已啟用之數位授權委派給另一使用者(如複數使用者),且另一使用者接受此委派人A所委派之數位授權以作為受派人B。 The near-end digital authorization sharing system 1 combined with self-portrait images described in the present invention discloses a digital authorization sharing mechanism, that is, a user delegates his own activated digital authorization to another user (such as multiple users) as a delegator A, and the other user accepts the digital authorization delegated by the delegator A as the assignee B.
本發明亦揭露此數位授權分享機制結合受派人B之自拍影像B1之近端感應簽章方法,即受派人B於啟用數位授權時,必須先透過受派人被驗裝置20之自拍鏡頭22完成擷取受派人B之自拍影像B1,以將自拍影像B1之
檔案之雜湊值作為感應資料之一部份,經受派人被驗裝置20與近端感應機30兩者對感應資料進行簽章(如雙重簽章)。此外,自拍影像B1之檔案連同感應資料及簽章,均於感應完成後被上傳至數位識別雲端伺服器40中存查。
The present invention also discloses a method for combining this digital authorization sharing mechanism with the near-end sensing signature method of the self-portrait image B1 of the assignee B, that is, when the assignee B activates the digital authorization, he must first complete the capture of the self-portrait image B1 of the assignee B through the self-
此受派人B之自拍影像B1之近端感應簽章方法,使得委派人A可透過檢視受派人B於啟用數位授權時所提供之具有簽章且可信之自拍影像B1來決定本次數位授權之啟用是否生效,且自拍影像B1於數位識別雲端伺服器40中亦可作為授權啟用之有效證明。上述設計能使委派人A可具體知悉所分享之數位授權之啟用,且具有簽章保證之自拍影像B1於分享委派紀錄被審視時能具有更高的可信度。
The near-end sensing signature method of the self-portrait image B1 of the assignee B enables the delegator A to determine whether the activation of the digital authorization is effective by viewing the signed and reliable self-portrait image B1 provided by the assignee B when activating the digital authorization, and the self-portrait image B1 in the digital
換言之,本發明之一特點為提供一數位授權分享機制,即委派人A(如一使用者)可透過委派人被驗裝置10將自身已啟用之數位授權委派給至少一(如複數)受派人B(如另一使用者)。此外,此數位授權分享機制能結合受派人B之自拍影像B1之近端感應簽章方法,即受派人B於啟用從數位識別雲端伺服器40所下載之數位授權時,必須先透過受派人被驗裝置20之自拍鏡頭22完成擷取受派人B之自拍影像B1,以將受派人B之自拍影像B1之檔案之雜湊值作為感應資料之一部份,經受派人被驗裝置20與近端感應機30兩者對感應資料進行簽章(簡稱雙重簽章)。繼之,自拍影像B1之檔案連同感應資料及簽章,均於感應完成後被上傳至數位識別雲端伺服器40中存查。此特點之功效為提供給受派人B以感應時之自拍影像B1作為具體之在場證明,使得委派人A依據自拍影像B1有效地確認受派人B確實在近端感應機30之現場完成擷取自拍影像B1。
In other words, one feature of the present invention is to provide a digital authorization sharing mechanism, that is, a delegator A (such as a user) can delegate his own activated digital authorization to at least one (such as multiple) assignees B (such as another user) through the
本發明可以不使用其他既有之定位技術於感應資料內,主要考量是使用者之手機一經破解,便無法信任來自手機之偵測模組中既有定位技術所 提供之資料數據。衛星定位資訊在使用者之手機上是可以被偽造的,無線網路與藍牙定位皆可利用中間人攻擊手法來製造不在場定位。過去習知技術可能同時仰賴衛星、無線網路、藍牙等多樣定位技術來避免單一定位技術之造假情形以及解決可靠度問題,但其成本顯然高出本發明甚多,且較為困難。因此,本發明之受派人B之自拍影像B1之近端感應簽章方法,較習知技術不僅成本合理及具高可靠度,且自拍影像B1有簽章擔保以及通過委派人A之親自(人工)確認,亦具有更高的可信度。 The present invention does not use other existing positioning technologies in the sensing data. The main consideration is that once the user's mobile phone is cracked, the data provided by the existing positioning technology in the detection module of the mobile phone cannot be trusted. Satellite positioning information can be forged on the user's mobile phone, and both wireless network and Bluetooth positioning can use the middleman attack method to create absent positioning. In the past, the known technology may rely on multiple positioning technologies such as satellites, wireless networks, and Bluetooth to avoid the falsification of a single positioning technology and solve the reliability problem, but its cost is obviously much higher than the present invention and it is more difficult. Therefore, the near-end sensing signature method of the self-portrait image B1 of the assignee B of the present invention is not only more cost-effective and highly reliable than the conventional technology, but also has a higher credibility because the self-portrait image B1 is guaranteed by the signature and has been personally (manually) confirmed by the assignor A.
再者,本發明之另一特點包括可相容於開放授權(Open Authorization;OAuth)標準之第三方使用者認證服務,使得委派人A與受派人B可用自身信任且慣用之帳號密碼認證服務來使用此結合自拍影像之近端數位授權分享系統1。此特點之功效在於易於快速擴大受派人B(使用者)之數量,亦能藉由數位授權分享機制,由委派人A對受派人B同步做安全上之擔保。因此,上述特點適合於服務受派人B(如臨時使用者)、及短效期授權之應用場域等,但不以此為限。 Furthermore, another feature of the present invention includes a third-party user authentication service that is compatible with the Open Authorization (OAuth) standard, so that the delegator A and the assignee B can use the self-portrait image-combined near-end digital authorization sharing system 1 with their own trusted and commonly used account password authentication service. The effect of this feature is that it is easy to quickly expand the number of assignees B (users), and the delegator A can also provide security guarantees for assignee B simultaneously through the digital authorization sharing mechanism. Therefore, the above-mentioned features are suitable for serving assignee B (such as temporary users) and short-term authorization application scenarios, but are not limited to this.
亦即,本發明顧及受派人B(如短期或臨時使用者),以及短效期授權之應用案例,設計可相容於開放授權(OAuth)標準之第三方使用者認證服務,以利受派人B可使用自身信任且慣用之帳號密碼認證服務來使用此結合自拍影像之近端數位授權分享系統1。此特點之功效在於受派人B毋須另行註冊帳號,也毋須另行提供密碼,便能直接透過第三方使用者認證服務成為本發明所述結合自拍影像之近端數位授權分享系統1之使用者。 That is, the present invention takes into account the assignee B (such as a short-term or temporary user) and the application case of short-term authorization, and designs a third-party user authentication service that is compatible with the open authorization (OAuth) standard, so that the assignee B can use the account password authentication service that he trusts and is accustomed to to use this near-end digital authorization sharing system 1 combined with self-portrait images. The effect of this feature is that the assignee B does not need to register an account separately, nor does he need to provide a password separately, and can directly become a user of the near-end digital authorization sharing system 1 combined with self-portrait images described in the present invention through the third-party user authentication service.
上述第三方使用者認證服務在受派人B完成認證後,本發明之數位識別雲端伺服器40可取得能識別受派人B之一使用者識別序號C及有效存取
令牌,且數位識別雲端伺服器40能以使用者識別序號C及有效存取令牌向第三方使用者認證服務取得所需之受派人B之個人資料,例如個人資料包括姓名、生日、電子郵件(Email)信箱及/或電話號碼等。然後,數位識別雲端伺服器40可建立關於受派人B(使用者)之紀錄,並產生受派人B所屬之被驗金鑰,再由數位識別雲端伺服器40將受派人B之被驗金鑰派送至受派人被驗裝置20之第二感應應用程式21以儲存(保存)於受派人被驗裝置20中。
After the assignee B completes the authentication of the third-party user authentication service, the digital
本發明中具體之數位授權為一組含有加密資料與簽章之資料結構,用以紀錄委派人A及/或受派人B可使用之外部近端應用服務。外部近端應用服務可指與近端感應相關之外部應用服務,且外部應用服務可為採用近場通訊(NFC)技術或非近場通訊(NFC)技術之應用服務。例如,外部應用服務可為採用近場通訊(NFC)技術之門禁應用服務、差勤應用服務、會議報到應用服務,亦可為採用二維條碼、藍牙、超寬頻(UWB)、無線網路(Wi-Fi)等非近場通訊(NFC)技術之門禁應用服務、差勤應用服務、會議報到應用服務。如果一委派人A(使用者)具有已啟用之數位授權,則此數位授權會被自動派送到委派人A(使用者)之委派人被驗裝置10之第一感應應用程式11。
The specific digital authorization in the present invention is a data structure containing encrypted data and a signature, which is used to record the external near-end application services that can be used by the delegator A and/or the assignee B. The external near-end application service may refer to an external application service related to near-end sensing, and the external application service may be an application service that adopts near-field communication (NFC) technology or non-near-field communication (NFC) technology. For example, the external application service may be an access control application service, attendance application service, and conference registration application service that adopts near-field communication (NFC) technology, or an access control application service, attendance application service, and conference registration application service that adopts non-near-field communication (NFC) technology such as a two-dimensional barcode, Bluetooth, ultra-wideband (UWB), and wireless network (Wi-Fi). If a delegator A (user) has an activated digital authorization, the digital authorization will be automatically sent to the
本發明中具體之數位授權分享係指委派人A對受派人B進行授權分享之機制,當委派人A透過委派人被驗裝置10向數位識別雲端伺服器40請求分享某數位授權時,數位識別雲端伺服器40會產生一針對此數位授權之分享代碼E予委派人A之委派人被驗裝置10,再由委派人A之委派人被驗裝置10將此數位授權之分享代碼E透過外部通訊管道D通知(知會)受派人B之受派人被驗裝置20,以將此數位授權之分享代碼E作為受派人B之受派人被驗裝置20向數位識別雲端伺服器40確認接受委派之依據。例如,外部通訊管道D可包括
電子郵件、簡訊服務(Short Message Service;SMS)、即時訊息(如Line或Messenger)等。
The specific digital authorization sharing in the present invention refers to the mechanism of authorization sharing between the delegator A and the assignee B. When the delegator A requests the digital
此數位授權被派送給受派人B之受派人被驗裝置20後並未立即生效,受派人B需要透過受派人被驗裝置20進行數位授權之近端感應啟用。對此,本發明之數位授權之近端感應啟用方式為一結合受派人B之自拍影像B1之近端感應簽章方法,亦即受派人B於啟用數位授權時,必須先依照受派人被驗裝置20之第二感應應用程式21之導引以完成受派人B在現場之自拍影像B1之自動擷取,以將自拍影像B1之檔案之雜湊值作為感應資料之一部份,由受派人被驗裝置20與近端感應機30兩者對感應資料進行雙重簽章。本發明之雙重簽章可指感應資料經過受派人被驗裝置20之簽章後,此簽章連同感應資料再由近端感應機30進行簽章。經過雙重簽章之資料無法由受派人被驗裝置20與近端感應機30之任一者作片面修改,從而保證雙重簽章之資料之完整性及可信度。在雙重簽章後,由受派人被驗裝置20將自拍影像B1之檔案連同感應資料組成感應紀錄(如啟用感應紀錄),以於感應完成後,由受派人被驗裝置20(如行動裝置)上傳感應紀錄(如啟用感應紀錄)至數位識別雲端伺服器40中存查。
This digital authorization is not immediately effective after being sent to the dispatchee's
前述受派人B之自拍影像B1之目標主要是受派人B之臉部,或者受派人B可同時持能證明自己身分之實體證件(如身分證/健保卡)進行影像擷取,亦即由受派人被驗裝置20同時擷取受派人B之臉部與實體證件以作為自拍影像B1。若自拍影像B1中受派人B有持實體證件,則受派人B之受派人被驗裝置20或其第二感應應用程式21可使用光學字元辨識(Optical Character Recognition;OCR)技術,對受派人B之實體證件進行品質識別。
The target of the aforementioned self-portrait image B1 of the dispatchee B is mainly the face of the dispatchee B, or the dispatchee B can also hold a physical document that can prove his identity (such as an ID card/health insurance card) for image capture, that is, the
受派人被驗裝置20除應完整擷取受派人B之臉部或再包括實體
證件等要素外,受派人B之自拍影像B1亦可包括受派人B之足夠的現場背景,以利受派人被驗裝置20同時擷取受派人B之現場背景。為了確保上述自拍影像B1之品質,受派人B之受派人被驗裝置20之第二感應應用程式21亦可利用基於人工智慧(Artificial Intelligence;AI)之擴增實境(Augmented Reality;AR)影像辨識技術,導引受派人B調整受派人被驗裝置20(如行動裝置)之手持角度,以利受派人被驗裝置20之第二感應應用程式21對受派人B自動擷取符合系統要求之自拍影像B1。
In addition to completely capturing the face of the dispatchee B or including physical
documents and other elements, the dispatchee B's selfie image B1 may also include sufficient on-site background of the dispatchee B, so that the dispatchee B's on-site background can be captured by the dispatchee B's
當數位識別雲端伺服器40收到受派人B之感應紀錄(如啟用感應紀錄)時,數位識別雲端伺服器40可將有關受派人B之感應紀錄(如啟用感應紀錄)與自拍影像B1之檔案之通知傳送至委派人A之委派人被驗裝置10。受派人B以感應時之自拍影像B1作為具體之在場證明,使得接獲通知之委派人A能透過受派人B之自拍影像B1確認受派人B是否在近端感應機30之現場。
When the digital
然後,委派人被驗裝置A之第一感應應用程式11可詢問委派人A以確認本次數位授權啟用通知是否成立,若委派人A確認本次數位授權啟用通知為成立,則本次數位授權分享啟用已完成,數位識別雲端伺服器40通知受派人B之受派人被驗裝置20之第二感應應用程式21取得此數位授權所定義之授權內容;反之,若委派人A確認本次數位授權啟用通知為不成立,則本次數位授權分享啟用未完成,數位識別雲端伺服器40通知受派人B之受派人被驗裝置20之第二感應應用程式21刪除此數位授權。
Then, the
另外,本發明所述受派人B之自拍影像B1之近端感應簽章方法可包括下列[1]至[5]之技術內容。 In addition, the method for near-end sensing signature of the self-portrait image B1 of the assignee B described in the present invention may include the following technical contents [1] to [5].
[1]受派人B指定數位授權。亦即,(1)由受派人B透過受派人被
驗裝置20之第二感應應用程式21選定一數位授權。(2)第二感應應用程式21取得此數位授權之數位授權識別序號及對應之數位授權加密資料。
[1] The assignee B specifies the digital authorization. That is, (1) the assignee B selects a digital authorization through the
[2]第二感應應用程式21導引受派人B透過受派人被驗裝置20之自拍鏡頭22進行擷取受派人B之自拍影像B1(如自拍畫面)。亦即,(1)第二感應應用程式21開啟受派人被驗裝置20之自拍鏡頭22並顯示自拍鏡頭22之自拍畫面於受派人被驗裝置20之螢幕上。(2)第二感應應用程式21自動擷取含有受派人B之臉部、或加上實體證件、或再加上現場背景之影像畫面成至少一自拍影像B1之檔案,且自拍影像B1之影像格式或檔案可為靜態圖片或動態影片檔案。
[2] The
[3]受派人B開啟近端感應。亦即,(1)受派人被驗裝置20之第二感應應用程式21以自拍影像B1之檔案計算自拍影像B1之檔案之雜湊值。(2)受派人被驗裝置20之第二感應應用程式21將此數位授權之數位授權識別序號、加密資料、自拍影像B1之檔案之雜湊值與當下時間等組合成感應資料,再使用受派人B之被驗金鑰對感應資料進行簽章以產生被驗簽章。
[3] The dispatched person B turns on the near-end sensing. That is, (1) the
[4]受派人B持受派人被驗裝置20感應近端感應機30。亦即,(1)第二感應應用程式21提示受派人B持受派人被驗裝置20,令受派人被驗裝置20進入近端感應機30之近端感應模組33之有效通訊範圍內以建立至少一近端感應通道F。(2)將受派人被驗裝置20所取得之感應資料與被驗簽章透過近端感應通道F傳送給近端感應機30。(3)近端感應機30使用解密金鑰以解密感應資料內之數位授權加密資料,解密成功後可取得數位授權內容,近端感應機30以其感應機金鑰對感應資料、被驗簽章與感應機識別序號進行簽署以產生主驗簽章。(4)近端感應機30將數位授權內容、感應機識別序號與主驗簽章透過近端感應通道F傳回受派人被驗裝置20。
[4] The assignee B holds the
[5]第二感應應用程式21上傳包括自拍影像B1之檔案之感應紀錄。亦即,(1)受派人被驗裝置20之第二感應應用程式21將數位授權內容儲存於此數位授權。(2)受派人被驗裝置20之第二感應應用程式21將所有自拍影像B1之檔案、感應資料、被驗簽章、感應機識別序號與主驗簽章組合成感應紀錄,以將感應紀錄上傳至數位識別雲端伺服器40。
[5] The
圖2為本發明所述結合自拍影像之近端數位授權分享方法中,有關第一感應應用程式11與第二感應應用程式21之初始化流程示意圖,其中,此流程可包括下列步驟S11至步驟S13,並參閱圖1一併說明。
FIG. 2 is a schematic diagram of the initialization process of the
首先,第二感應應用程式21運作於受派人被驗裝置20中,以由第二感應應用程式21提示受派人B持受派人被驗裝置20靠近近端感應機30以進行(操作)近端感應,再由受派人被驗裝置20儲存(保存)此近端感應之感應紀錄。接著,執行下列步驟S11至步驟S13。
First, the
步驟S11:使用第三方身分服務取得第三方使用者識別資訊以建立使用者數位身分,並產生委派人A與受派人B兩者之使用者識別序號C。例如,先由委派人A或受派人B輸入自己之個人資料(如姓名/生日/電子郵件信箱/電話號碼等相關資訊),可採用相容於開放授權(OAuth)標準之第三方身分認證服務,並在登入第三方身分認證服務後,取得由此第三方身分認證服務所派發之第三方使用者識別資訊與代表本次登入有效之第三方有效登入令牌等資料,俾由委派人被驗裝置10之第一感應應用程式11與受派人被驗裝置20之第二感應應用程式21皆依據第三方使用者識別資訊與第三方有效登入令牌等資料建立使用者數位身分,並產生委派人A與受派人B兩者之使用者識別序號C。
Step S11: Use a third-party identity service to obtain third-party user identification information to establish a user digital identity, and generate user identification numbers C for both the delegator A and the assignee B. For example, the delegator A or the assignee B first inputs his/her personal information (such as name/birthday/email address/telephone number and other related information), and can use a third-party identity authentication service compatible with the open authorization (OAuth) standard. After logging into the third-party identity authentication service, the third-party user identification information and the third-party valid login token representing the validity of this login issued by the third-party identity authentication service are obtained, so that the
步驟S12:將委派人被驗裝置10與受派人被驗裝置20兩者之被
驗裝置資訊(如被驗裝置識別序號)連同委派人A與受派人B兩者之使用者識別序號C提交至數位識別雲端伺服器40。
Step S12: Submit the inspected device information (such as the inspected device identification serial number) of both the delegator's inspected
步驟S13:由數位識別雲端伺服器40建立對應委派人A或受派人B之數位身分,以由委派人A之委派人被驗裝置10之第一感應應用程式11或受派人B之受派人被驗裝置20之第二感應應用程式21查詢數位識別雲端伺服器40,以從數位識別雲端伺服器40中下載委派人A或受派人B各自專屬之被驗金鑰及所屬已啟用之數位授權。
Step S13: The digital
圖3為本發明所述結合自拍影像之近端數位授權分享方法中,有關執行數位授權分享程序之流程示意圖,其中,此流程可包括下列步驟S21至步驟S24,並參閱圖1一併說明。 FIG3 is a schematic diagram of the process of executing the digital authorization sharing procedure in the near-end digital authorization sharing method combined with the selfie image described in the present invention, wherein the process may include the following steps S21 to S24, and refer to FIG1 for explanation.
步驟S21:委派人A透過委派人被驗裝置10選擇要分享之外部近端應用服務及設定分享效期等選項。
Step S21: Delegator A selects the external local application service to be shared and sets the sharing validity period and other options through the delegate tested
步驟S22:委派人A透過委派人被驗裝置10填入受派人B之使用者識別序號C,以由委派人被驗裝置10依據受派人B之使用者識別序號C向數位識別雲端伺服器40發出分享請求(見圖1之程序P1),再由委派人被驗裝置10從數位識別雲端伺服器40取得標示本次分享操作之分享代碼E。
Step S22: The delegator A enters the user identification number C of the assignee B through the delegator verified
步驟S23:委派人A之委派人被驗裝置10透過外部通訊管道D將分享代碼E通知受派人B之受派人被驗裝置20。例如,外部通訊管道D可包括電子郵件、簡訊服務(SMS)、即時訊息等方法,以給予受派人B使用數位授權之權利。
Step S23: The delegator's verified
步驟S24:受派人B透過受派人被驗裝置20之第二感應應用程式21,以分享代碼E向數位識別雲端伺服器40請求下載此數位授權(見圖1之
程序P3)。
Step S24: The dispatchee B requests the digital
圖4為本發明所述結合自拍影像之近端數位授權分享方法中,有關執行數位授權啟用程序中「組成數位授權啟用通知」之流程示意圖,其中,此流程可包括下列步驟S31至步驟S36,並參閱圖1一併說明。 FIG. 4 is a schematic diagram of the process of "composing a digital authorization activation notification" in the execution of the digital authorization activation procedure in the near-end digital authorization sharing method combined with the selfie image described in the present invention, wherein this process may include the following steps S31 to S36, and refer to FIG. 1 for a description thereof.
步驟S31:受派人B透過受派人被驗裝置20之第二感應應用程式21指定數位授權。
Step S31: The dispatchee B specifies the digital authorization through the
步驟S32:第二感應應用程式21導引受派人B透過受派人被驗裝置20之自拍鏡頭22進行擷取受派人B之自拍影像B1(如自拍畫面)。例如,此自拍影像B1僅能由受派人B在現場透過受派人被驗裝置20之自拍鏡頭22(自拍方式)即時取得,而無法透過選擇方式取得其他非在現場之自拍影像B1(如受派人被驗裝置20先前所拍攝或儲存之受派人B之自拍影像B1)。
Step S32: The
步驟S33:受派人被驗裝置20之第二感應應用程式21導引受派人B開啟受派人被驗裝置20之近端感應。
Step S33: The
步驟S34:受派人B持受派人被驗裝置20感應近端感應機30。
Step S34: The dispatchee B holds the
步驟S35:感應完成後,受派人被驗裝置20之第二感應應用程式21將包括自拍影像B1之檔案之感應紀錄上傳至數位識別雲端伺服器40(見圖1之程序P4)。
Step S35: After the sensing is completed, the
步驟S36:由數位識別雲端伺服器40將(1)受派人B之自拍影像B1之檔案、(2)受派人B之使用者識別序號C相關之使用者訊息、以及(3)感應機識別序號相關之近端感應機訊息組成一數位授權啟用通知。例如,受派人B之使用者訊息可包括受派人B之個人資料等(如姓名/生日/電子郵件信箱/電話號碼等相關資訊),且近端感應機訊息可包括近端感應機30之名稱、感應時間、感
應地點或感應代碼等。
Step S36: The digital
圖5為本發明所述結合自拍影像之近端數位授權分享方法中,有關執行數位授權啟用程序之流程示意圖,此流程可接續上方圖4之步驟S36且包括下列步驟S41至步驟S49,並參閱圖1一併說明。 FIG. 5 is a schematic diagram of the process of executing the digital authorization activation procedure in the near-end digital authorization sharing method combined with the selfie image described in the present invention. This process can be continued from step S36 of FIG. 4 above and includes the following steps S41 to S49, and refer to FIG. 1 for a description.
步驟S41:數位識別雲端伺服器40推送數位授權啟用通知給委派人A之委派人被驗裝置10之第一感應應用程式11。
Step S41: The digital
步驟S42:委派人A之委派人被驗裝置10之第一感應應用程式11顯示數位授權啟用通知中受派人B之自拍影像B1(如自拍畫面)、受派人B之使用者識別序號C相關之使用者訊息、以及感應機識別序號相關之近端感應機訊息。
Step S42: The
步驟S43至步驟S45:委派人被驗裝置10之第一感應應用程式11取得委派人A是否同意啟用此數位授權之啟用決定?若是(委派人A之啟用決定為同意啟用此數位授權),則委派人被驗裝置10之第一感應應用程式11以委派人A之啟用決定為「同意啟用此數位授權」傳回數位識別雲端伺服器40;反之,若否(委派人A之啟用決定為不同意啟用此數位授權),則委派人被驗裝置10之第一感應應用程式11以委派人A之啟用決定為「不同意啟用此數位授權」傳回數位識別雲端伺服器40。
Step S43 to step S45: The
步驟S46:數位識別雲端伺服器40推送委派人A之啟用決定為「同意啟用此數位授權」或「不同意啟用此數位授權」給受派人B之受派人被驗裝置20之第二感應應用程式21。
Step S46: The digital
步驟S47至步驟S49:若委派人A之啟用決定為同意啟用此數位授權,則受派人B之受派人被驗裝置20之第二感應應用程式21將此數位授權
標示為已啟用;反之,若委派人A之啟用決定為不同意啟用此數位授權,則受派人B之受派人被驗裝置20之第二感應應用程式21刪除此數位授權。
Step S47 to Step S49: If the activation decision of the delegator A is to agree to activate the digital authorization, the
至此,按照上述圖3至圖5之技術內容,本發明已完成數位授權分享程序或數位授權分享機制。 At this point, according to the technical contents of Figures 3 to 5 above, the present invention has completed the digital authorization sharing procedure or digital authorization sharing mechanism.
此外,上述數位授權啟用通知給委派人被驗裝置10之第一感應應用程式11之實作,具體可採用透過雲端傳送通知給應用程式(App)之服務,例如雲端通訊(Cloud Messaging)服務或推播通知(Push Notification;PN)服務。當數位授權分享程序執行完畢時,關於數位授權內容之確認,委派人被驗裝置10之第二感應應用程式21可於啟用後,將數位授權內容顯示於委派人被驗裝置10之第二感應應用程式21之畫面上給受派人B確認。
In addition, the implementation of the above-mentioned digital authorization activation notification to the
數位授權可包括數位授權識別序號、數位授權加密資料及數位授權內容,且數位授權經過啟用後,數位授權加密資料才會被解密為數位授權內容。此外,數位識別雲端伺服器40可執行數位授權產生程序,包括:[1]將至少一外部近端應用服務識別序號、委派人A/受派人B之使用者識別序號C與數位授權效期等資訊組成數位授權內容;以及[2]將數位授權內容以近端感應機30之加密金鑰進行加密而產生數位授權加密資料,且產生一數位授權識別序號以代表此數位授權加密資料。前述外部近端應用服務識別序號代表本次數位授權啟用後,可以使用之外部近端應用服務。若此外部近端應用服務識別序號為複數筆,則代表本次數位授權啟用後,可以使用之複數外部近端應用服務。
The digital authorization may include a digital authorization identification serial number, digital authorization encrypted data and digital authorization content, and the digital authorization encrypted data will be decrypted into the digital authorization content only after the digital authorization is activated. In addition, the digital
數位識別雲端伺服器40可配合委派人被驗裝置10之第一感應應用程式11以執行數位授權分享程序,委派人被驗裝置10之第一感應應用程式11向數位識別雲端伺服器40發出分享請求,以由數位識別雲端伺服器40依據
分享請求產生本次分享操作之分享代碼E,再由數位識別雲端伺服器40傳回分享代碼E予委派人被驗裝置10之第一感應應用程式11,俾由委派人被驗裝置10之第一感應應用程式11傳送分享代碼E至受派人被驗裝置20。數位識別雲端伺服器40收到受派人B之受派人被驗裝置20所上傳之分享代碼E,以確認受派人B所上傳(提供)之分享代碼E正確後,再由數位識別雲端伺服器40通知受派人被驗裝置20之受派人被驗裝置20下載此分享代碼E所對應之數位授權。
The digital
舉例而言,「數位授權」具有多種應用形式,包括數位識別證或數位會員卡等之數位授權,例如:[1]數位識別證派發數位臨時訪客證、[2]數位識別證派發委外識別證、[3]數位會員卡派發共享空間...等,說明如下: For example, "digital authorization" has many application forms, including digital authorization of digital ID cards or digital membership cards, such as: [1] digital ID cards are used to distribute digital temporary visitor cards, [2] digital ID cards are used to distribute outsourced ID cards, [3] digital membership cards are used to distribute shared spaces, etc., as explained below:
[1]數位識別證派發數位臨時訪客證:數位識別證以數位授權方式派發數位臨時訪客證,使受派人B(如訪客)擁有短期會議室之近場通訊(NFC)報到及近場通訊(NFC)門禁為例。一委派人A(如會議主辦人)在取得會議場地之授權後,可用委派人A之數位識別證將所擁有之短期會議室之近場通訊(NFC)門禁之使用權限分享成一數位臨時訪客證,再將此數位臨時訪客證委派給受派人B(如訪客)。與委派人A(如會議主辦人)不同的是,此數位臨時訪客證之效期符合受派人B(如訪客)之會議時間需求即可。受派人B(如訪客)在使用此數位臨時訪客證之前需要進行啟用程序,此數位臨時訪客證之啟用佐證係採用受派人B(如訪客)在會議場地之現場進行報到以啟用近場通訊(NFC)感應時,所拍攝之自拍影像B1(如自拍畫面)作為證明並通知委派人A(如會議主辦人)之委派人被驗裝置10,俾由此委派人A(如會議主辦人)完成確認背書及紀錄於系統。此數位臨時訪客證在完成啟用後直到效期到期前,皆可供受派人B(如訪客)作為短期會議室之近場通訊(NFC)門禁之使用。
[1] Digital ID card issued as a digital temporary visitor card: Digital ID card issues a digital temporary visitor card in a digital authorization manner, so that the assignee B (such as a visitor) has the Near Field Communication (NFC) check-in and Near Field Communication (NFC) access control of the short-term meeting room. After obtaining authorization from the conference venue, a delegate A (such as a conference organizer) can use the digital ID card of the delegate A to share the use rights of the Near Field Communication (NFC) access control of the short-term meeting room with a digital temporary visitor card, and then delegate this digital temporary visitor card to the assignee B (such as a visitor). Unlike the delegator A (such as the conference organizer), the validity period of this digital temporary visitor card only needs to meet the meeting time requirements of the assignee B (such as the visitor). The assignee B (such as the visitor) needs to go through the activation procedure before using this digital temporary visitor card. The activation evidence of this digital temporary visitor card is the self-portrait image B1 (such as the self-portrait screen) taken by the assignee B (such as the visitor) when checking in at the venue of the conference to activate the near field communication (NFC) sensor as proof and notifying the
以上述數位識別證派發數位臨時訪客證為例,用圖1進行說明:委派人A(如會議主辦人)可將已啟用之數位授權分享給受派人B(如訪客),例如此數位授權為短期會議室之近場通訊(NFC)門禁之使用權限。委派人A(如會議主辦人)透過委派人被驗裝置10取得受派人B(如訪客)之使用者識別序號C,並透過委派人被驗裝置10之第一感應應用程式11要求數位識別雲端伺服器40執行分享請求及回覆(見圖1之程序P1)。數位識別雲端伺服器40之回覆(如回覆訊息)可具有一分享代碼E,以由委派人A(如會議主辦人)之委派人被驗裝置10透過外部通訊管道D(如電子郵件)通知分享代碼E予受派人B(如訪客)之受派人被驗裝置20。受派人B(如訪客)可透過受派人被驗裝置20之第二感應應用程式21提交分享代碼E至數位識別雲端伺服器40,以由第二感應應用程式21利用分享代碼E向數位識別雲端伺服器40請求下載數位授權(見圖1之程序P3)。
Taking the above-mentioned digital identification card distribution of digital temporary visitor card as an example, Figure 1 is used for explanation: the delegator A (such as the conference organizer) can share the activated digital authorization with the assignee B (such as the visitor), for example, this digital authorization is the use permission of the near field communication (NFC) access control of the short-term conference room. The delegator A (such as the conference organizer) obtains the user identification serial number C of the assignee B (such as the visitor) through the
此時,從數位識別雲端伺服器40下載至受派人被驗裝置20之數位授權需要啟用,第二感應應用程式21可導引受派人B(如訪客)以受派人被驗裝置20之自拍鏡頭22執行自動擷取受派人B之自拍影像B1後,再透過受派人被驗裝置20與近端感應機30間之近端感應通道F完成感應簽章。受派人被驗裝置20之第二感應應用程式21執行上傳感應紀錄(見圖1之程序P4)至數位識別雲端伺服器40,此感應紀錄形成一數位授權啟用通知,以由數位識別雲端伺服器40執行推送數位授權啟用通知及回覆(見圖1之程序P2)至委派人A(如會議主辦人)之委派人被驗裝置10。
At this time, the digital authorization downloaded from the digital
接著,由委派人被驗裝置10將委派人A(如會議主辦人)對數位授權啟用通知之確認結果傳回數位識別雲端伺服器40,以由數位識別雲端伺服器40依據數位授權啟用通知之確認結果推送委派人A之啟用決定(見圖1之程序
P5)至受派人被驗裝置20之第二感應應用程式21,俾由受派人被驗裝置20之第二感應應用程式21依據受派人B(如訪客)之啟用決定為同意啟用或不同意啟用,對此數位授權(如短期會議室之近場通訊門禁之使用權限)執行標記啟用或刪除此數位授權。此數位授權經啟用後,受派人B(如訪客)即可依據此數位授權之數位授權內容所指定之短期會議室之近場通訊(NFC)門禁之使用權限,於受派人B(如訪客)之受派人被驗裝置20下載此使用權限之相關資料以開啟近場通訊(NFC)門禁之功能,進而於效期內進出短期會議室之近場通訊(NFC)門禁。
Next, the delegator's verified
[2]數位識別證派發委外識別證:數位識別證以數位授權方式派發委外識別證,使受派人B(如委外員工)擁有效期內組織(如企業)之近場通訊(NFC)門禁差勤權限為例。一委派人A(如正職員工)在取得此組織(如企業)之授權後,可用委派人A之數位識別證將所擁有之近場通訊(NFC)門禁差勤權限分享成一委外識別證,再將此委外識別證委派給受派人B(如委外員工)。與委派人A(如正職員工)不同的是,此委外識別證之效期符合受派人B(如訪客)之短期需求即可。受派人B(如委外員工)在使用此委外識別證之前需要進行啟用程序,此委外識別證之啟用佐證係採用受派人B(如委外員工)在組織(如企業)之現場進行委外識別證啟用近場通訊(NFC)感應時,所拍攝之自拍影像B1(如自拍畫面)作為證明並通知委派人A(如正職員工)之委派人被驗裝置10,俾由此委派人A(如正職員工)完成確認及紀錄於系統。此委外識別證在完成啟用後直到效期到期前,皆可供受派人B(如委外員工)作為門禁差勤之使用。
[2] Digital ID card distribution of outsourced ID cards: Digital ID cards are distributed through digital authorization, so that the assignee B (such as an outsourced employee) has the Near Field Communication (NFC) access control and attendance permissions of the organization (such as a company) within the validity period. After obtaining authorization from the organization (such as a company), a delegator A (such as a full-time employee) can use the digital ID card of delegator A to share the Near Field Communication (NFC) access control and attendance permissions he possesses into an outsourced ID card, and then delegate this outsourced ID card to assignee B (such as an outsourced employee). Unlike delegator A (such as a full-time employee), the validity period of this outsourced ID card only needs to meet the short-term needs of assignee B (such as a visitor). The dispatchee B (such as an outsourced employee) needs to go through the activation process before using this outsourced identification card. The activation evidence of this outsourced identification card is the self-portrait image B1 (such as a self-portrait screen) taken by the dispatchee B (such as an outsourced employee) when performing the near field communication (NFC) sensing for outsourced identification card activation at the site of the organization (such as an enterprise) as proof and notifying the
[3]數位會員卡派發共享空間:將數位會員卡以數位授權分享共享空間之近場通訊(NFC)門禁為例。一共享空間管理系統(圖略)產生一用於此共享空間之數位會員卡後委派給一委派人A(如承租使用者),委派人A(如承租使用 者)在完成共享空間現場之啟用程序後,便可用此數位會員卡於此共享空間之近場通訊(NFC)門禁進出。委派人A(如承租使用者)亦可向共享空間管理系統提交分享請求,即欲使受派人B(如訪客)可自行進出此共享空間。委派人A(如承租使用者)可將其數位會員卡分享給此受派人B(如訪客),此受派人B(如訪客)之數位會員卡為具有較短效期之短期數位會員卡。受派人B(如訪客)在使用此短期數位會員卡之前需要進行啟用程序,即提交受派人B(如訪客)在現場進行啟用近場通訊(NFC)感應時所拍攝之自拍影像B1(如自拍畫面)作為證明,再由委派人A(如承租使用者)完成確認背書及紀錄於共享空間管理系統。此短期數位會員卡在完成啟用後直到效期到期前,皆可供受派人B(如訪客)使用此短期數位會員卡進出於共享空間之近場通訊(NFC)門禁。 [3] Digital membership card distribution in shared spaces: Take the digital membership card as an example of digital authorization to share the near field communication (NFC) access control of shared spaces. A shared space management system (not shown) generates a digital membership card for this shared space and then assigns it to a delegator A (such as the lessee). After completing the activation process at the shared space, delegator A (such as the lessee) can use this digital membership card to enter and exit the shared space through the near field communication (NFC) access control. Delegator A (such as the lessee) can also submit a sharing request to the shared space management system, that is, to allow assignee B (such as a visitor) to enter and exit the shared space on his own. The delegator A (such as the lessee) can share his digital membership card with the assignee B (such as the visitor). The digital membership card of the assignee B (such as the visitor) is a short-term digital membership card with a shorter validity period. Before using this short-term digital membership card, the assignee B (such as the visitor) needs to go through the activation process, that is, submit the selfie image B1 (such as the selfie screen) taken by the assignee B (such as the visitor) when activating the near field communication (NFC) sensing on site as proof, and then the delegator A (such as the lessee) completes the confirmation endorsement and records it in the shared space management system. After the activation is completed until the expiration of the validity period, the assignee B (such as the visitor) can use this short-term digital membership card to enter and exit the near field communication (NFC) access control of the shared space.
此外,本發明還提供一種針對結合自拍影像之近端數位授權分享方法之電腦可讀媒介,係應用於具有處理器與記憶體之計算裝置或電腦中,且電腦可讀媒介儲存有指令,並可利用計算裝置或電腦透過處理器與記憶體執行電腦可讀媒介,以於執行電腦可讀媒介時執行上述內容。在一實施例中,該電腦可讀媒介係非暫態(non-transitory)的電腦可讀儲存媒介。 In addition, the present invention also provides a computer-readable medium for a near-end digital authorization sharing method combined with a selfie image, which is applied to a computing device or a computer having a processor and a memory, and the computer-readable medium stores instructions, and the computing device or the computer can execute the computer-readable medium through the processor and the memory to execute the above content when executing the computer-readable medium. In one embodiment, the computer-readable medium is a non-transitory computer-readable storage medium.
在一實施例中,處理器可為中央處理器(CPU)、圖形處理器(GPU)、微處理器(MPU)、微控制器(MCU)等,記憶體可為隨機存取記憶體(RAM)、唯讀記憶體(ROM)、快閃(Flash)記憶體、記憶卡、硬碟(如雲端/網路/外接式硬碟)、光碟、隨身碟、資料庫等,且計算裝置或電腦可為計算機、智慧型手機、平板電腦、個人電腦、筆記型電腦、桌上型電腦、伺服器(如雲端/遠端/網路伺服器)等。 In one embodiment, the processor may be a central processing unit (CPU), a graphics processing unit (GPU), a microprocessor (MPU), a microcontroller (MCU), etc., the memory may be a random access memory (RAM), a read-only memory (ROM), a flash memory, a memory card, a hard drive (such as a cloud/network/external hard drive), an optical disk, a flash drive, a database, etc., and the computing device or computer may be a computer, a smartphone, a tablet computer, a personal computer, a laptop, a desktop computer, a server (such as a cloud/remote/network server), etc.
綜上,本發明所述結合自拍影像之近端數位授權分享系統、方法 及電腦可讀媒介係至少具有下列特色、優點或技術功效。 In summary, the near-end digital authorization sharing system, method and computer-readable medium combined with self-portrait images described in the present invention have at least the following characteristics, advantages or technical effects.
一、本發明能提供數位授權分享機制,即委派人可將自身已啟用之數位授權委派給至少一(如複數)受派人,且此數位授權分享機制能結合受派人之自拍影像之近端感應簽章方法,使得受派人於啟用數位授權時,必須先透過受派人被驗裝置之自拍鏡頭完成擷取受派人之自拍影像,以將自拍影像之檔案之雜湊值作為感應資料之一部份,經受派人被驗裝置與近端感應機兩者對感應資料進行雙重簽章,俾保證雙重簽章之資料之完整性及可信度。 1. The present invention can provide a digital authorization sharing mechanism, that is, the delegator can delegate his/her activated digital authorization to at least one (or multiple) assignees, and this digital authorization sharing mechanism can be combined with the proximal sensing signature method of the assignee's selfie image, so that when the assignee activates the digital authorization, the selfie image of the assignee must be captured through the selfie camera of the assignee's verification device, and the hash value of the selfie image file is used as part of the sensing data. The sensing data is double-signed by both the assignee's verification device and the proximal sensor to ensure the integrity and credibility of the double-signed data.
二、本發明之雙重簽章可指感應資料經過受派人被驗裝置之簽章後,此簽章連同感應資料再由近端感應機進行簽章,以利經過雙重簽章之資料無法由受派人被驗裝置與近端感應機之任一者作片面修改,從而保證雙重簽章之資料之完整性及可信度。 2. The double signature of the present invention refers to the signature of the sensor data by the dispatched person's verification device, and then the signature and the sensor data are signed by the proximal sensor, so that the double-signed data cannot be unilaterally modified by either the dispatched person's verification device or the proximal sensor, thereby ensuring the integrity and credibility of the double-signed data.
三、本發明能將自拍影像之檔案連同感應資料及簽章均於感應完成後上傳至數位識別雲端伺服器中存查,有利於提供給受派人以感應時之自拍影像作為具體之在場證明,亦能使委派人依據自拍影像有效地確認受派人確實在近端感應機之現場完成擷取自拍影像。 3. The present invention can upload the self-portrait image file together with the sensing data and signature to the digital identification cloud server for storage after the sensing is completed, which is beneficial for providing the dispatched person with the self-portrait image taken during the sensing as a specific proof of presence, and also enables the delegator to effectively confirm that the dispatched person has indeed completed the capture of the self-portrait image at the site of the proximal sensor based on the self-portrait image.
四、本發明能提供受派人之自拍影像之近端感應簽章方法,使得委派人可透過檢視受派人於啟用數位授權時所提供之具有簽章且可信之自拍影像來決定數位授權之啟用是否生效,且自拍影像於數位識別雲端伺服器中亦可作為授權啟用之有效證明,此種設計能使委派人具體知悉所分享之數位授權之啟用,且具有簽章保證之自拍影像於分享委派紀錄被審視時能具有更高的可信度。 4. The present invention can provide a near-end sensing signature method for the self-portrait image of the assignee, so that the delegator can determine whether the activation of the digital authorization is effective by viewing the signed and reliable self-portrait image provided by the assignee when activating the digital authorization. The self-portrait image in the digital identification cloud server can also be used as a valid proof of authorization activation. This design enables the delegator to specifically know the activation of the shared digital authorization, and the self-portrait image with signature guarantee can have a higher credibility when the shared delegation record is reviewed.
五、本發明能提供受派人之自拍影像之近端感應簽章方法,不僅 成本合理及具高可靠度,且自拍影像有簽章擔保以及通過委派人之親自(人工)確認,亦具有更高的可信度。 5. The present invention can provide a near-end sensing signature method for the self-portrait image of the dispatched person, which is not only cost-effective and highly reliable, but also has a higher credibility because the self-portrait image is guaranteed by the signature and is personally (manually) confirmed by the dispatcher.
六、本發明能提供可相容於開放授權(OAuth)標準之第三方使用者認證服務,使得委派人與受派人可用自身信任且慣用之帳號密碼認證服務來使用此近端數位授權分享系統,以利易於快速擴大受派人(使用者)之數量,亦能藉由數位授權分享機制,由委派人對受派人同步做安全上之擔保。 6. The present invention can provide a third-party user authentication service that is compatible with the Open Authorization (OAuth) standard, so that the delegator and the assignee can use the account password authentication service that they trust and are accustomed to using to use this local digital authorization sharing system, so as to facilitate the rapid expansion of the number of assignees (users). The delegator can also provide security guarantees for the assignee simultaneously through the digital authorization sharing mechanism.
七、本發明設計可相容於開放授權(OAuth)標準之第三方使用者認證服務,使受派人能使用自身信任且慣用之帳號密碼認證服務,有利於受派人毋須另行註冊帳號,也毋須另行提供密碼,便能直接透過第三方使用者認證服務成為此近端數位授權分享系統之使用者。 7. The invention is designed to be compatible with the third-party user authentication service of the open authorization (OAuth) standard, so that the assignee can use the account and password authentication service that he trusts and is accustomed to. It is beneficial for the assignee to become a user of this near-end digital authorization sharing system directly through the third-party user authentication service without having to register an account or provide a password.
八、本發明能顧及受派人之便利性,方便受派人如同委派人可使用數位身分識別服務,且透過具有啟用查核設計之分享方法,執行過程全部會自動紀錄於數位識別雲端伺服器之資料庫,且紀錄含有具有簽章保證之分享啟用當下受派人擷取之自拍影像,令受派人得以安全快速地獲取來自委派人給予之權限。 8. The present invention can take into account the convenience of the assignee, allowing the assignee to use the digital identity service just like the principal. Through the sharing method with activation verification design, the entire execution process will be automatically recorded in the database of the digital identification cloud server, and the record contains the selfie image captured by the assignee at the time of sharing activation with a signature guarantee, so that the assignee can safely and quickly obtain the authority granted by the principal.
九、本發明可能應用之產業為例如企業數位園區、數位校園等,且可能應用之產品為例如訪客管理系統、會議報到系統、共享辦公室等,但不以此為限。 9. The industries to which this invention may be applied include, for example, enterprise digital parks, digital campuses, etc., and the products to which this invention may be applied include, for example, visitor management systems, conference check-in systems, shared offices, etc., but are not limited thereto.
上述實施形態僅例示性說明本發明之原理、特點及其功效,並非用以限制本發明之可實施範疇,任何熟習此項技藝之人士均能在不違背本發明之精神及範疇下,對上述實施形態進行修飾與改變。任何使用本發明所揭示內容而完成之等效改變及修飾,均仍應為申請專利範圍所涵蓋。因此,本發明之 權利保護範圍應如申請專利範圍所列。 The above implementation forms are only illustrative of the principles, features and effects of the present invention, and are not intended to limit the scope of implementation of the present invention. Anyone familiar with this technology can modify and change the above implementation forms without violating the spirit and scope of the present invention. Any equivalent changes and modifications completed using the content disclosed by the present invention should still be covered by the scope of the patent application. Therefore, the scope of protection of the present invention should be as listed in the scope of the patent application.
1:近端數位授權分享系統 1: Near-end digital authorization sharing system
10:委派人被驗裝置 10: The delegate is inspected by the device
11:第一感應應用程式 11: First Sense App
20:受派人被驗裝置 20: The assigned person is inspected for equipment
21:第二感應應用程式 21: Second Sense Application
22:自拍鏡頭 22: Selfie camera
30:近端感應機 30: Proximal sensor
31:安全元件 31: Security element
32:處理模組 32: Processing module
33:近端感應模組 33: Proximal sensing module
40:數位識別雲端伺服器 40: Digital identification of cloud servers
41:資料庫 41: Database
A:委派人 A: Delegator
B:受派人 B: Assignee
B1:自拍影像 B1: Self-portrait image
C:使用者識別序號 C: User identification number
D:外部通訊管道 D: External communication channels
E:分享代碼 E: Share code
F:近端感應通道 F: Proximal sensing channel
P1至P5:程序 P1 to P5: Procedure
Claims (15)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW112145869A TWI853750B (en) | 2023-11-27 | 2023-11-27 | Proximity digital authorization sharing system, method and computer-readable medium combining selfie image |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW112145869A TWI853750B (en) | 2023-11-27 | 2023-11-27 | Proximity digital authorization sharing system, method and computer-readable medium combining selfie image |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| TWI853750B true TWI853750B (en) | 2024-08-21 |
| TW202522312A TW202522312A (en) | 2025-06-01 |
Family
ID=93284432
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW112145869A TWI853750B (en) | 2023-11-27 | 2023-11-27 | Proximity digital authorization sharing system, method and computer-readable medium combining selfie image |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TWI853750B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW201346824A (en) * | 2012-03-01 | 2013-11-16 | 米娜娃Ip控股有限責任公司 | Systems and methods for generating, managing, and sharing digital scripts |
| US20180365641A1 (en) * | 2017-06-16 | 2018-12-20 | Zipcodexpress, Inc. | Locker-Based Logistics Management System |
| TW202131257A (en) * | 2016-02-01 | 2021-08-16 | 美商蘋果公司 | Methods for validating online access to secure device functionality |
| TW202143136A (en) * | 2019-08-09 | 2021-11-16 | 英商路昂有限公司 | User media platform server system |
-
2023
- 2023-11-27 TW TW112145869A patent/TWI853750B/en active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| TW201346824A (en) * | 2012-03-01 | 2013-11-16 | 米娜娃Ip控股有限責任公司 | Systems and methods for generating, managing, and sharing digital scripts |
| TW202131257A (en) * | 2016-02-01 | 2021-08-16 | 美商蘋果公司 | Methods for validating online access to secure device functionality |
| US20180365641A1 (en) * | 2017-06-16 | 2018-12-20 | Zipcodexpress, Inc. | Locker-Based Logistics Management System |
| TW202143136A (en) * | 2019-08-09 | 2021-11-16 | 英商路昂有限公司 | User media platform server system |
Also Published As
| Publication number | Publication date |
|---|---|
| TW202522312A (en) | 2025-06-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR102400395B1 (en) | Systems and methods for electronically providing legal documents | |
| US9934544B1 (en) | Secure consent management system | |
| US9698992B2 (en) | Method for signing electronic documents with an analog-digital signature with additional verification | |
| CA2778851C (en) | Device, system, and method for registering and authenticating handwritten signatures and archiving handwritten information | |
| JP4515910B2 (en) | Image recognition | |
| CN110795753B (en) | File security protection system, file security sharing method and safe reading method | |
| US20180026790A1 (en) | Evidence system and method to determine whether digital file is forged or falsified by using smart phone and smart phone having certification function of smart phone screen capture image and method thereof | |
| US20220393882A1 (en) | Secured private credential certificate | |
| US11444784B2 (en) | System and method for generation and verification of a subject's identity based on the subject's association with an organization | |
| CN110612698A (en) | Security authentication system and security authentication method for generating security key by combining authentication factors of multiple users | |
| US20210383029A1 (en) | Information processing program, information processing device, and information processing method | |
| EA036443B1 (en) | System and method for communicating credentials | |
| JP2020024603A (en) | Authentication management device and authentication management system | |
| US12375484B2 (en) | Decentralized secure true digital ID for communication | |
| KR102001607B1 (en) | Method and system for security service using position information | |
| TWI853750B (en) | Proximity digital authorization sharing system, method and computer-readable medium combining selfie image | |
| US11977661B2 (en) | System for generating a digital handwritten signature using a mobile device | |
| JP7776844B2 (en) | Management server, terminal, method, program, and information recording medium for managing meeting attendance confirmations and attendees using machine-recognizable codes | |
| JP2019049790A (en) | Information processing device, access control system, and program | |
| KR102774174B1 (en) | Video signature live contract system and method thereof | |
| WO2024095755A1 (en) | Management server, information processing system, and information processing method | |
| AU2024204034A1 (en) | Generation and sharing of secure data records for point-in-time verification of identity and location, including for enabling robust identity exchange, process for robust identity exchange via external user verification process which generates unique check-in event data | |
| WO2025257933A1 (en) | Terminal, terminal control method, and storage medium | |
| Corella et al. | Traveler Authentication at Airports Provisional Patent Application | |
| KR20110029400A (en) | Authentication system and authentication method for authenticating the signature of a document or authenticity of a product by using SSM of a mobile phone |