[go: up one dir, main page]

TW201351312A - Third party authentication method for cloud transaction system - Google Patents

Third party authentication method for cloud transaction system Download PDF

Info

Publication number
TW201351312A
TW201351312A TW101120455A TW101120455A TW201351312A TW 201351312 A TW201351312 A TW 201351312A TW 101120455 A TW101120455 A TW 101120455A TW 101120455 A TW101120455 A TW 101120455A TW 201351312 A TW201351312 A TW 201351312A
Authority
TW
Taiwan
Prior art keywords
host
authentication
terminal unit
data
encrypted data
Prior art date
Application number
TW101120455A
Other languages
Chinese (zh)
Other versions
TWI478082B (en
Inventor
Gong-Zheng Lin
Original Assignee
Rdonline Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Rdonline Co Ltd filed Critical Rdonline Co Ltd
Priority to TW101120455A priority Critical patent/TW201351312A/en
Publication of TW201351312A publication Critical patent/TW201351312A/en
Application granted granted Critical
Publication of TWI478082B publication Critical patent/TWI478082B/zh

Links

Landscapes

  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A third party authentication method for a cloud transaction system includes the following steps: (a) a terminal unit encrypting a sole identification code into a first encryption data which is transmitted to an authentication host; (b) the authentication host decrypting the first encryption data to obtain the sole identification code, and transmitting a shopping webpage with a merchandise hyperlink and its corresponding second encryption data to the terminal unit; (c) the terminal unit displaying the shopping webpage and transmitting the second encryption data of the merchandise hyperlink to a corresponding manufacture host; (d) the manufacture host transmitting the second encryption data to the authentication host; (e) the authentication host decrypting the second encryption data and returning a confirmation signal to the manufacture host if the data has been confirmed to be legitimate; and (f) the manufacture host returning a processing signal to the terminal unit. The method increases the transaction safety.

Description

雲端交易系統之第三方認證方法 Third-party authentication method for cloud trading system

本發明是有關於一種認證交易系統,特別是指一種用於雲端交易系統之第三方認證方法。 The present invention relates to an authentication transaction system, and more particularly to a third party authentication method for a cloud transaction system.

隨著智慧手機的普及化,以及雲端作業系統的發展,越來越多消費者藉由手機、個人電腦,或是平板電腦進行線上交易。 With the popularity of smart phones and the development of cloud operating systems, more and more consumers are making online transactions via mobile phones, personal computers, or tablets.

例如,消費者利用手機進入某一線上應用程式商店,選擇喜歡的應用程式後,即可利用該手機下載該應用程式,而該線上應用程式商店的業者隨即根據該消費者的個人資料及手機號碼,向該手機號碼所屬的電信營運商請求一筆對應的消費金額,該電信營運商收取該筆消費金額後,再與該業者拆帳。 For example, if a consumer uses a mobile phone to enter an online application store and selects a favorite application, the application can be downloaded using the mobile phone, and the online application store operator immediately follows the consumer's personal data and mobile phone number. And requesting a corresponding consumption amount from the telecommunications operator to which the mobile phone number belongs, and the telecommunications operator collects the consumption amount and then debits the account with the operator.

或者,消費者利用個人電腦並以一組已註冊過的個人資料或是會員帳號登入某一購物網站,選擇想要的商品後,再以讀卡器讀取信用卡或金融卡資料,以讓該購物網站的業者得以向金融機構請款,而完成此一購物動作。 Or, the consumer uses a personal computer and logs in to a shopping website with a set of registered personal data or member accounts, selects the desired product, and then reads the credit card or financial card information with the card reader to make the The shopper of the shopping site is able to make a payment to the financial institution to complete the shopping action.

然而,這樣的交易模式,卻會把消費者所輸入的個人資料儲存於該線上應用程式商店或該購物網站的伺服器,而該伺服器所儲存的個人資料或許會在交易過程中被駭客竊取,或許事後會被業者惡意外流,而使消費者的個人資料暴露於風險中,成為線上交易的一大安全死角。 However, such a transaction mode stores the personal data input by the consumer in the online application store or the server of the shopping website, and the personal data stored by the server may be hacked during the transaction. Stealing, perhaps afterwards, will be maliciously drained by the industry, and expose the consumer's personal data to risk, becoming a big security corner for online transactions.

此外,所述線上應用程式商店或購物網站並非都具有 嚴謹的會員認證機制,不法集團也可能僅僅以消費者的少數幾項個人資料,例如姓名及信用卡號,用於註冊購物網站的會員帳號,再以該會員帳號進行線上購物並盜刷,使得不知情的消費者蒙受損失。 In addition, the online application store or shopping website does not have A rigorous member authentication mechanism, the illegal group may also use only a few personal data of the consumer, such as name and credit card number, to register the member account of the shopping website, and then use the member account to conduct online shopping and stealing, so that I do not know Consumers in love suffer losses.

因此,本發明之目的,即在提供一種能夠增進買賣過程中資料安全性的雲端交易系統之第三方認證方法。 Accordingly, it is an object of the present invention to provide a third party authentication method for a cloud transaction system that enhances data security during the sale and purchase process.

於是,本發明雲端交易系統之第三方認證方法,適用於實施在一終端單元、一訊號連接於該終端單元的認證主機,及一訊號連接於該認證主機和該終端單元的廠商主機間,以供消費者進行消費交易。所述消費者具有一內含有唯一識別碼的晶片。 Therefore, the third-party authentication method of the cloud transaction system of the present invention is applicable to an authentication host connected to the terminal unit, a signal connected to the terminal unit, and a manufacturer connected between the authentication host and the terminal unit of the terminal unit. For consumers to conduct consumer transactions. The consumer has a wafer containing a unique identification code.

該第三方認證方法包含以下步驟:(a)該終端單元讀取該晶片的唯一識別碼,並以一第一金鑰加密該唯一識別碼成為一第一加密資料,且傳送該第一加密資料至該認證主機;(b)該認證主機以該第一金鑰解密該第一加密資料而取得該唯一識別碼,於確認該唯一識別碼為已註冊時,分別加密多個商品超連結成為多個第二加密資料,並傳送一具有所述商品超連結及對應的第二加密資料的購物網頁至該終端單元;(c)該終端單元顯示該購物網頁供所述消費者瀏覽,並於該購物網頁的其中一商品超連結被點選時,傳送該商品超連結的第二加密資料至對應的廠商主機;(d)該廠商主機傳送該第二加密資料至該認證主機;(e)該認證主機解密該第二加密資料,並確認為合法時,回傳一確認訊號 至該廠商主機;及(f)該廠商主機根據該確認訊號,回傳一對應於該商品超連結的處理訊號至該終端單元。 The third-party authentication method includes the following steps: (a) the terminal unit reads the unique identification code of the chip, encrypts the unique identification code into a first encrypted data by using a first key, and transmits the first encrypted data. Up to the authentication host; (b) the authentication host decrypts the first encrypted data by using the first key to obtain the unique identification code, and when the unique identification code is confirmed to be registered, respectively encrypting a plurality of commodity hyperlinks into multiple a second encrypted data, and transmitting a shopping webpage having the commodity hyperlink and the corresponding second encrypted material to the terminal unit; (c) the terminal unit displays the shopping webpage for browsing by the consumer, and When one of the product hyperlinks of the shopping webpage is selected, the second encrypted data of the product hyperlink is transmitted to the corresponding vendor host; (d) the manufacturer host transmits the second encrypted data to the authentication host; (e) When the authentication host decrypts the second encrypted data and confirms that it is legal, it returns a confirmation signal. And to the manufacturer host; and (f) the manufacturer host returns a processing signal corresponding to the hyperlink of the product to the terminal unit according to the confirmation signal.

本發明之有益功效在於:透過前述該終端單元、該認證主機與該廠商主機三方的協同運作,可確保交易過程中所述消費者資料的安全性。 The beneficial effect of the present invention is that the security of the consumer data during the transaction process can be ensured through the cooperative operation of the terminal unit, the authentication host and the vendor host.

有關本發明之前述及其他技術內容、特點與功效,在以下配合參考圖式之一個較佳實施例的詳細說明中,將可清楚的呈現。 The above and other technical contents, features and advantages of the present invention will be apparent from the following detailed description of the preferred embodiments.

參閱圖1、圖2,本發明雲端交易系統之第三方認證方法之一較佳實施例,適用於實施在一終端單元1、一訊號連接於該終端單元1的認證主機2,及一台訊號連接於該終端單元1和該認證主機2的廠商主機3間,以供消費者進行消費交易。 Referring to FIG. 1 and FIG. 2, a preferred embodiment of the third-party authentication method of the cloud transaction system of the present invention is applicable to an authentication host 2 that is connected to the terminal unit 1 in a terminal unit 1, and a signal, and a signal. Connected between the terminal unit 1 and the vendor host 3 of the authentication host 2 for consumer transactions.

所述消費者具有一內含有唯一識別碼的晶片4。本實施例中,該晶片4是設置於一張圖未示出的晶片智慧卡,所述消費者進行交易時需持有該晶片智慧卡,但實施時該晶片4設置的態樣不需限制,例如該晶片4也可以植入所述消費者的體內。 The consumer has a wafer 4 containing a unique identification code. In this embodiment, the wafer 4 is disposed on a wafer smart card not shown in the figure. The consumer needs to hold the wafer smart card when conducting a transaction, but the aspect of the wafer 4 is not limited when implemented. For example, the wafer 4 can also be implanted in the body of the consumer.

該終端單元1是一台可上網收發訊息的個人電腦,並包括一用於讀取該晶片4的唯一識別碼的讀卡器11、一用於顯示畫面的顯示器12,及一可供所述消費者操作的輸入器13,該終端單元1可加密該唯一識別碼並傳送給該認證主機2。該終端單元1也可以是一台智慧型手機或是一台平 板電腦,而其顯示器12及輸入器13則相對應地整合為一觸控顯示面板。本實施例中,該讀卡器11是利用無線射頻技術(RFID)感應讀取該晶片4的唯一識別碼,當然實施時不需限定,例如該讀卡器11也可以是被該晶片智慧卡插入而接觸讀取該晶片4。 The terminal unit 1 is a personal computer capable of transmitting and receiving information on the Internet, and includes a card reader 11 for reading a unique identification code of the wafer 4, a display 12 for displaying a picture, and a An input device 13 operated by the consumer, the terminal unit 1 can encrypt the unique identification code and transmit it to the authentication host 2. The terminal unit 1 can also be a smart phone or a flat The tablet computer and the display 12 and the input device 13 are correspondingly integrated into a touch display panel. In this embodiment, the card reader 11 is a unique identification code for reading the wafer 4 by using a radio frequency technology (RFID). Of course, the implementation does not need to be limited. For example, the card reader 11 may also be a smart card by the chip. The wafer 4 is read by contact and inserted.

該認證主機2是透過網路通訊協定而訊號連接於該終端單元1,並儲存有多個已註冊的唯一識別碼,及多個商品超連結,該認證主機2可解密一組經過該終端單元1加密的資料,還可利用多個不同的第二金鑰分別加密所述商品超連結,或利用其中一個唯一識別碼配合所述第二金鑰分別加密所述商品超連結。 The authentication host 2 is connected to the terminal unit 1 through a network communication protocol, and stores a plurality of registered unique identification codes, and a plurality of commodity hyperlinks, and the authentication host 2 can decrypt a group through the terminal unit. 1 encrypted data, the plurality of different second keys may also be used to separately encrypt the commodity hyperlink, or one of the unique identifiers may be used to encrypt the commodity hyperlink with the second key.

該廠商主機3是透過網路通訊協定而分別訊號連接於該終端單元1及該認證主機2,並具有一表彰其身份正當性的廠商資料,該廠商主機3用於提供所述消費者選購的商品,並處理來自該終端單元1的訊息。實施時所述廠商主機3的數目也可以為二個以上,但本較佳實施例僅以其中一廠商主機3作為說明。 The manufacturer host 3 is separately connected to the terminal unit 1 and the authentication host 2 through a network communication protocol, and has a vendor profile for recognizing the identity of the manufacturer. The vendor host 3 is used to provide the consumer purchase. The item and process the message from the terminal unit 1. The number of the vendor hosts 3 may be two or more in the implementation, but the preferred embodiment is described by only one of the vendor hosts 3.

該注意的是,本發明在實施以前,為了確保該認證主機2能夠解密由該終端單元1所加密過的資料,可先在該終端單元1安裝一個由該認證主機2所配發的第一金鑰,或是在該終端單元1與該認證主機2皆安裝一套資安程式,並由所述資安程式分別產生一個相同的第一金鑰。 It should be noted that, before the implementation of the present invention, in order to ensure that the authentication host 2 can decrypt the data encrypted by the terminal unit 1, a first first issued by the authentication host 2 can be installed in the terminal unit 1. The key, or both the terminal unit 1 and the authentication host 2 are installed with a set of security programs, and the same first key is generated by the security program.

本發明第三方認證方法包含以下步驟。首先,如步驟61所示,該終端單元1讀取該晶片4的唯一識別碼,並以 一第一金鑰加密該唯一識別碼成為一第一加密資料,且傳送該第一加密資料至該認證主機2。例如,所述消費者欲使用購物網站選購商品,於是利用該終端單元1的讀卡器11讀取該晶片智慧卡的晶片4,而該終端單元1隨即以該第一金鑰加密該唯一識別碼成為該第一加密資料,並將該第一加密資料傳送至該認證主機2。 The third party authentication method of the present invention comprises the following steps. First, as shown in step 61, the terminal unit 1 reads the unique identification code of the wafer 4, and A first key encrypts the unique identification code into a first encrypted data, and transmits the first encrypted data to the authentication host 2. For example, the consumer wants to use the shopping website to purchase goods, and then reads the wafer 4 of the wafer smart card by using the card reader 11 of the terminal unit 1, and the terminal unit 1 then encrypts the unique one with the first key. The identification code becomes the first encrypted data, and the first encrypted data is transmitted to the authentication host 2.

接著,如步驟62所示,該認證主機2以該第一金鑰解密該第一加密資料而取得該唯一識別碼,於確認該唯一識別碼為已註冊時,分別加密多個商品超連結成為多個第二加密資料,並傳送一具有所述商品超連結及對應的第二加密資料的購物網頁至該終端單元1。例如,該認證主機2以該第一金鑰解密該第一加密資料而取得該唯一識別碼,再與所儲存的多個已註冊的唯一識別碼作比對,確認該唯一識別碼是否為已註冊,若判斷結果為已註冊,該認證主機2會以多個不同的第二金鑰分別加密所述商品超連結而成為多個第二加密資料,並將所述商品超連結及對應的第二加密資料整合成一購物網頁,然後傳送該購物網頁至該終端單元1。 Next, as shown in step 62, the authentication host 2 decrypts the first encrypted data with the first key to obtain the unique identification code, and when it is confirmed that the unique identification code is registered, respectively encrypts multiple product hyperlinks. And a plurality of second encrypted data, and transmitting a shopping webpage having the commodity hyperlink and the corresponding second encrypted data to the terminal unit 1. For example, the authentication host 2 decrypts the first encrypted data by using the first key to obtain the unique identifier, and compares with the stored plurality of registered unique identifiers to confirm whether the unique identifier is If the result of the determination is that the registration result is registered, the authentication host 2 encrypts the product hyperlink with a plurality of different second keys to become a plurality of second encrypted data, and hyperlinks the product and the corresponding The two encrypted data are integrated into a shopping webpage, and then the shopping webpage is transmitted to the terminal unit 1.

然後,如步驟63所示,該終端單元1顯示該購物網頁供所述消費者瀏覽,並於該購物網頁的其中一商品超連結被點選時,傳送該商品超連結的第二加密資料至對應的廠商主機3。例如,該終端單元1接收到來自該認證主機2的購物網頁後,以該顯示器12顯示該購物網頁供所述消費者瀏覽,所述消費者可利用該輸入器13點選喜歡的任何一商 品超連結,該終端單元1於該購物網頁的其中一商品超連結被點選時會轉連結至對應的廠商主機3,並根據該商品超連結傳送該第二加密資料至該廠商主機3。本實施例的所述商品是應用程式,而該商品超連結的內容則可以是請求下載或執行該商品;當然所述商品也可為影音資料或實體物品,而該商品超連結的內容則為請求試用或購買該商品。 Then, as shown in step 63, the terminal unit 1 displays the shopping webpage for the consumer to browse, and when the one of the product hyperlinks of the shopping webpage is clicked, the second encrypted data of the commodity hyperlink is transmitted to Corresponding vendor host 3. For example, after the terminal unit 1 receives the shopping webpage from the authentication host 2, the shopping webpage is displayed by the display 12 for browsing by the consumer, and the consumer can use the input device 13 to select any favorite quotient. When the product hyperlink is tapped, the terminal unit 1 transfers the link to the corresponding vendor host 3, and transmits the second encrypted data to the vendor host 3 according to the product hyperlink. The product in this embodiment is an application, and the content of the product hyperlink may be requested to download or execute the product; of course, the product may also be a video material or a physical item, and the content of the product hyperlink is Request a trial or purchase of this item.

接著,如步驟64所示,該廠商主機3傳送該第二加密資料至該認證主機2。例如,該廠商主機3接收到該終端單元1所傳送的該第二加密資料後,為了確保該第二加密資料是來自合法安全的終端單元1,於是將該第二加密資料傳送至該認證主機2。 Next, as shown in step 64, the vendor host 3 transmits the second encrypted data to the authentication host 2. For example, after the manufacturer host 3 receives the second encrypted data transmitted by the terminal unit 1, in order to ensure that the second encrypted data is from the legally secure terminal unit 1, the second encrypted data is transmitted to the authentication host. 2.

然後,如步驟65所示,該認證主機2解密該第二加密資料,並確認為合法時,回傳一確認訊號至該廠商主機3。例如,該認證主機2收到來自該廠商主機3的該第二加密資料後,利用其中一對應的第二金鑰解密該第二加密資料而取得該商品超連結,並將所述第二金鑰及該商品超連結分別作比對,確認皆為合法後,回傳該確認訊號至該廠商主機3。 Then, as shown in step 65, the authentication host 2 decrypts the second encrypted data and confirms that it is legal, and returns a confirmation signal to the vendor host 3. For example, after receiving the second encrypted data from the vendor host 3, the authentication host 2 decrypts the second encrypted data by using one of the corresponding second keys to obtain the commodity hyperlink, and the second gold is obtained. After the key and the product hyperlink are respectively compared, after the confirmation is legal, the confirmation signal is returned to the manufacturer host 3.

接著,如步驟66所示,該廠商主機3根據該確認訊號,回傳一對應於該商品超連結的處理訊號至該終端單元1。例如,該廠商主機3接收到來自該認證主機2的確認訊號,因而可確認該第二加密資料及該終端單元1是合法安全的,所以就根據該確認訊號及商品超連結的內容,回傳一對應的處理訊號至該終端單元1。若該商品超連結是用於請 求下載一應用程式,則該處理訊號的內容為該應用程式的檔案。若該商品超連結是用於請求執行該應用程式,則該處理訊號的內容為該廠商主機3執行該應用程式的結果。 Then, as shown in step 66, the manufacturer host 3 returns a processing signal corresponding to the hyperlink of the product to the terminal unit 1 according to the confirmation signal. For example, the manufacturer host 3 receives the confirmation signal from the authentication host 2, and thus can confirm that the second encrypted data and the terminal unit 1 are legal and secure, so the return is based on the confirmation signal and the content of the product hyperlink. A corresponding processing signal is sent to the terminal unit 1. If the product hyperlink is used for please To download an application, the content of the processed signal is the file of the application. If the product hyperlink is used to request execution of the application, the content of the processing signal is the result of the vendor 3 executing the application.

因此,藉由該認證主機2的設置,以及該第一金鑰及所述第二金鑰的雙重認證,可確保消費者與廠商雙方的交易安全性。此外,在該步驟62中,該認證主機2還可利用解密所得到的該唯一識別碼分別配合所述第二金鑰,來分別加密多個商品超連結成為多個第二加密資料,而在該步驟65中,該認證主機2是以該唯一識別碼配合其中一對應的第二金鑰解密該第二加密資料,如此一來能提高資料的安全性,防止所述第二加密資料在傳輸過程中被破解和偽造,因為假冒的廠商主機3若想要偽造出某位消費者的購物記錄,不但得具備完整的所述第二金鑰,還得握有該消費者的晶片4的唯一識別碼,才能製造出被該認證主機2所承認的第二加密資料,難度可說是相當的高。 Therefore, by the setting of the authentication host 2 and the dual authentication of the first key and the second key, transaction security between the consumer and the manufacturer can be ensured. In addition, in the step 62, the authentication host 2 can also use the unique identifier obtained by the decryption to cooperate with the second key to encrypt multiple products to be hyperlinked into a plurality of second encrypted data, respectively. In the step 65, the authentication host 2 decrypts the second encrypted data by using the unique identifier and one of the corresponding second keys, so as to improve the security of the data and prevent the second encrypted data from being transmitted. The process is cracked and forged, because the counterfeit manufacturer host 3 wants to forge a customer's shopping record, not only has to have the complete second key, but also has to hold the consumer's wafer 4 unique The identification code can be used to create the second encrypted data recognized by the authentication host 2, and the difficulty can be said to be quite high.

不僅如此,本發明第三方認證方法實施時,還可使該認證主機2儲存有多個已註冊的廠商資料,在該步驟64中,該廠商主機3還傳送該廠商資料至該認證主機2,在該步驟65中,該認證主機2還比對該廠商資料並確認為已註冊後,才回傳該確認訊號至該廠商主機3,如此一來該認證主機2能更佳地掌控所述廠商主機3的真實性,避免回傳該確認訊號給假冒的廠商主機3。 In addition, when the third-party authentication method of the present invention is implemented, the authentication host 2 may also store a plurality of registered vendor data. In the step 64, the vendor host 3 also transmits the vendor data to the authentication host 2, In the step 65, the authentication host 2 returns the confirmation signal to the vendor host 3 after the vendor data is confirmed as being registered, so that the authentication host 2 can better control the vendor. The authenticity of the host 3 avoids returning the confirmation signal to the counterfeit vendor host 3.

參閱圖1、圖3,假如該晶片4的唯一識別碼尚未註冊於該認證主機2,則在步驟62及步驟63間,還包含以下步 驟。 Referring to FIG. 1 and FIG. 3, if the unique identification code of the wafer 4 has not been registered in the authentication host 2, the following steps are further included between step 62 and step 63. Step.

如步驟71所示,該認證主機2以該第一金鑰解密該第一加密資料而取得該唯一識別碼,於確認該唯一識別碼為未註冊時,傳送一註冊網頁至該終端單元1。例如,該認證主機2以該第一金鑰解密該第一加密資料,並於取得該唯一識別碼且判斷該唯一識別碼為尚未註冊時,會傳送一註冊訊網頁至該終端單元1。 As shown in step 71, the authentication host 2 decrypts the first encrypted data with the first key to obtain the unique identification code, and transmits a registration webpage to the terminal unit 1 when it is confirmed that the unique identification code is unregistered. For example, the authentication host 2 decrypts the first encrypted data by using the first key, and when the unique identifier is obtained and it is determined that the unique identifier is not yet registered, a registration webpage is transmitted to the terminal unit 1.

接著,如步驟72所示,該終端單元1顯示該註冊網頁供所述消費者操作,並傳送一由所述消費者所輸入且具有一組行動電話號碼的註冊資料至該認證主機2。例如,該終端單元1接收來自該認證主機2的註冊網頁後,該顯示器12會顯示該註冊網頁,所述消費者根據該註冊網頁的指示,操作該輸入器13並輸入具有一組行動電話號碼的註冊資料到該終端單元1,而該終端單元1隨即將該註冊資料傳送至該認證主機2。 Next, as shown in step 72, the terminal unit 1 displays the registration web page for the consumer to operate, and transmits a registration data entered by the consumer and having a set of mobile phone numbers to the authentication host 2. For example, after the terminal unit 1 receives the registration webpage from the authentication host 2, the display 12 displays the registration webpage, and the consumer operates the inputter 13 according to the instruction of the registration webpage and inputs a set of mobile phone numbers. The registration data is sent to the terminal unit 1, and the terminal unit 1 immediately transmits the registration data to the authentication host 2.

然後,如步驟73所示,該認證主機2根據該註冊資料,傳送一具有認證資料的認證簡訊至一設置有該行動電話號碼的通訊裝置5。例如,該認證主機2接收到來自該終端單元1的註冊資料後,為了確保所述消費者的註冊資料正確無誤,則根據該註冊資料的該行動電話號碼,傳送一含有認證資料的認證簡訊至該設置有該行動電話號碼的通訊裝置5。該通訊裝置5可為手機,或是平板電腦。 Then, as shown in step 73, the authentication host 2 transmits an authentication short message with authentication data to a communication device 5 provided with the mobile phone number based on the registration data. For example, after the authentication host 2 receives the registration data from the terminal unit 1, in order to ensure that the registration data of the consumer is correct, the authentication message containing the authentication data is transmitted according to the mobile phone number of the registration data. The communication device 5 is provided with the mobile phone number. The communication device 5 can be a mobile phone or a tablet computer.

接著,如步驟74所示,該終端單元1傳送一由所述消費者所輸入的該認證資料至該認證主機2。例如,所述消費 者利用設置有該行動電話號碼的通訊裝置5,接收該認證簡訊並讀取該認證資料,再操作該輸入器13而輸入該認證資料,該終端單元1隨即傳送該認證資料至該認證主機2。 Next, as shown in step 74, the terminal unit 1 transmits the authentication material input by the consumer to the authentication host 2. For example, the consumption The communication device 5 provided with the mobile phone number receives the authentication message and reads the authentication data, and then operates the input device 13 to input the authentication data, and the terminal unit 1 then transmits the authentication data to the authentication host 2 .

然後,如步驟75所示,該認證主機2於確認該認證資料為正確時,配對儲存該註冊資料及該唯一識別碼,並將該唯一識別碼歸類為已註冊,且分別加密多個商品超連結成為多個第二加密資料,並傳送一具有所述商品超連結及對應的第二加密資料的購物網頁至該終端單元1。例如,該認證主機2接收來自該終端單元1的認證資料後,確認該認證資料為正確後,隨即配對儲存該註冊資料及該唯一識別碼,並將該唯一識別碼歸類為已註冊,接著加密所述商品超連結成為多個第二加密資料,並回傳一具有所述商品超連結及對應的第二加密資料的購物網頁至該終端單元1。完成步驟75後,則繼續前述的步驟63至步驟66(見圖2)。 Then, as shown in step 75, when the authentication host 2 confirms that the authentication data is correct, the registration stores the registration data and the unique identification code, and classifies the unique identification code as registered, and encrypts multiple products separately. The hyperlink is a plurality of second encrypted data, and a shopping webpage having the commodity hyperlink and the corresponding second encrypted material is transmitted to the terminal unit 1. For example, after the authentication host 2 receives the authentication data from the terminal unit 1 and confirms that the authentication data is correct, the authentication data is paired and stored, and the unique identification code is classified as registered, and then Encrypting the commodity hyperlink to become a plurality of second encrypted data, and returning a shopping webpage having the commodity hyperlink and the corresponding second encrypted material to the terminal unit 1. After completing step 75, the foregoing steps 63 to 66 are continued (see Fig. 2).

本發明第三方認證方法實施時,所述消費者的註冊資料是儲存於該認證主機2內,不會被該廠商主機3所竊取盜用,而所述消費者是以該晶片4的唯一識別碼加上行動電話號碼註冊於該認證主機2,且交易過程必須以該唯一識別碼作為通行證,因此其身份正確可靠,不易讓詐騙集團仿冒消費者的資料而欺騙該認證主機2。另一方面,該廠商主機3和該終端單元1間是透過加密過的第二加密資料及商品超連結來溝通,而不涉及所述消費者的註冊資料、該唯一識別碼,或是該廠商主機3的廠商資料,且該第二加密資料只有該認證主機2能分別加密發出與解密判讀,所 以對於買賣雙方的資料保密性皆有更嚴謹的保障。 When the third-party authentication method of the present invention is implemented, the registration data of the consumer is stored in the authentication host 2, and is not stolen by the manufacturer host 3, and the consumer is the unique identification code of the wafer 4. In addition, the mobile phone number is registered on the authentication host 2, and the transaction process must use the unique identification code as a pass, so the identity is correct and reliable, and it is not easy for the fraud group to spoof the consumer's data to deceive the authentication host 2. On the other hand, the manufacturer host 3 and the terminal unit 1 communicate through the encrypted second encrypted data and the product hyperlink, without involving the consumer's registration data, the unique identifier, or the manufacturer. Vendor data of the host 3, and the second encrypted data can only be encrypted and sent out by the authentication host 2, There is more stringent protection for the confidentiality of the information of both buyers and sellers.

綜上所述,本發明雲端交易系統之第三方認證方法的確能避免以往交易過程中所產生的諸多安全性疑慮,對於網路犯罪也能有效防範,故確實能達到本發明之目的。 In summary, the third-party authentication method of the cloud transaction system of the present invention can avoid many security concerns generated in the past transaction process, and can effectively prevent cybercrime, so it can achieve the purpose of the present invention.

惟以上所述者,僅為本發明之較佳實施例而已,當不能以此限定本發明實施之範圍,即大凡依本發明申請專利範圍及發明說明內容所作之簡單的等效變化與修飾,皆仍屬本發明專利涵蓋之範圍內。 The above is only the preferred embodiment of the present invention, and the scope of the invention is not limited thereto, that is, the simple equivalent changes and modifications made by the scope of the invention and the description of the invention are All remain within the scope of the invention patent.

1‧‧‧終端單元 1‧‧‧terminal unit

11‧‧‧讀卡器 11‧‧‧ card reader

12‧‧‧顯示器 12‧‧‧ display

13‧‧‧輸入器 13‧‧‧ Inputs

2‧‧‧認證主機 2‧‧‧Authorized host

3‧‧‧廠商主機 3‧‧‧Manufacturer host

4‧‧‧晶片 4‧‧‧ wafer

5‧‧‧通訊裝置 5‧‧‧Communication device

61~66‧‧‧步驟 61~66‧‧‧Steps

71~75‧‧‧步驟 71~75‧‧‧Steps

圖1是一功能方塊圖,顯示本發明雲端交易系統之第三方認證方法的一較佳實施例中各裝置的連結關係;圖2是一流程圖,說明該較佳實施例的實施步驟;及圖3是一流程圖,更進一步說明該較佳實施例的詳細實施步驟。 1 is a functional block diagram showing the connection relationship of devices in a preferred embodiment of the third party authentication method of the cloud transaction system of the present invention; FIG. 2 is a flowchart illustrating the implementation steps of the preferred embodiment; Figure 3 is a flow chart further illustrating the detailed implementation steps of the preferred embodiment.

61~66‧‧‧步驟 61~66‧‧‧Steps

Claims (12)

一種雲端交易系統之第三方認證方法,適用於實施在一終端單元、一訊號連接於該終端單元的認證主機,及一訊號連接於該認證主機和該終端單元的廠商主機間,以供消費者進行消費交易,所述消費者具有一內含有唯一識別碼的晶片,該第三方認證方法包含以下步驟:(a)該終端單元讀取該晶片的唯一識別碼,並以一第一金鑰加密該唯一識別碼成為一第一加密資料,且傳送該第一加密資料至該認證主機;(b)該認證主機以該第一金鑰解密該第一加密資料而取得該唯一識別碼,於確認該唯一識別碼為已註冊時,分別加密多個商品超連結成為多個第二加密資料,並傳送一具有所述商品超連結及對應的第二加密資料的購物網頁至該終端單元;(c)該終端單元顯示該購物網頁供所述消費者瀏覽,並於該購物網頁的其中一商品超連結被點選時,傳送該商品超連結的第二加密資料至對應的廠商主機;(d)該廠商主機傳送該第二加密資料至該認證主機;(e)該認證主機解密該第二加密資料,並確認為合法時,回傳一確認訊號至該廠商主機;及(f)該廠商主機根據該確認訊號,回傳一對應於該商品超連結的處理訊號至該終端單元。 A third-party authentication method for a cloud transaction system, which is suitable for implementing an authentication host connected to the terminal unit in a terminal unit and a signal, and a signal connection between the authentication host and the manufacturer host of the terminal unit for the consumer Performing a consumer transaction, the consumer having a wafer containing a unique identification code, the third party authentication method comprising the steps of: (a) the terminal unit reads the unique identification code of the wafer and encrypts it with a first key The unique identification code becomes a first encrypted data, and the first encrypted data is transmitted to the authentication host; (b) the authentication host decrypts the first encrypted data by using the first key to obtain the unique identification code, and confirms When the unique identifier is registered, each of the plurality of products is super-linked into a plurality of second encrypted data, and a shopping webpage having the commodity hyperlink and the corresponding second encrypted data is transmitted to the terminal unit; The terminal unit displays the shopping webpage for browsing by the consumer, and transmits the hyperlink of the commodity when one of the product hyperlinks of the shopping webpage is selected 2. Encrypting the data to the corresponding manufacturer host; (d) the manufacturer host transmits the second encrypted data to the authentication host; (e) the authentication host decrypts the second encrypted data and confirms that it is legal, and returns a confirmation signal And to the manufacturer host; and (f) the manufacturer host returns a processing signal corresponding to the hyperlink of the product to the terminal unit according to the confirmation signal. 根據申請專利範圍第1項所述的雲端交易系統之第三方認證方法,該步驟(b)和該步驟(c)間還包含下列步驟: (g)該認證主機以該第一金鑰解密該第一加密資料而取得該唯一識別碼,於確認該唯一識別碼為未註冊時,傳送一註冊網頁至該終端單元;(h)該終端單元顯示該註冊網頁供所述消費者操作,並傳送一由所述消費者所輸入且具有一組行動電話號碼的註冊資料至該認證主機;(1)該認證主機根據該註冊資料,傳送一具有認證資料的認證簡訊至一設置有該行動電話號碼的通訊裝置;(j)該終端單元傳送一由所述消費者所輸入的該認證資料至該認證主機;及(k)該認證主機於確認該認證資料為正確時,配對儲存該註冊資料及該唯一識別碼,並將該唯一識別碼歸類為已註冊,且分別加密多個商品超連結成為多個第二加密資料,並傳送一具有所述商品超連結及對應的第二加密資料的購物網頁至該終端單元。 According to the third-party authentication method of the cloud trading system described in claim 1 of the patent application, the following steps are also included between the step (b) and the step (c): (g) the authentication host decrypts the first encrypted data with the first key to obtain the unique identification code, and transmits a registration webpage to the terminal unit when confirming that the unique identification code is unregistered; (h) the terminal The unit displays the registration webpage for the consumer to operate, and transmits a registration data entered by the consumer and having a set of mobile phone numbers to the authentication host; (1) the authentication host transmits a registration message according to the registration data. a certification message having authentication data to a communication device provided with the mobile phone number; (j) the terminal unit transmits the authentication data input by the consumer to the authentication host; and (k) the authentication host When confirming that the authentication data is correct, the pairing stores the registration data and the unique identification code, and classifies the unique identification code as registered, and separately encrypts multiple items of hyperlinks into a plurality of second encrypted materials, and transmits one a shopping webpage having the product hyperlink and the corresponding second encrypted material to the terminal unit. 根據申請專利範圍第1項所述的雲端交易系統之第三方認證方法,其中,該步驟(b)中該認證主機是以多個不同的第二金鑰分別加密多個商品超連結成為多個第二加密資料,該步驟(e)中該認證主機是以其中一對應的第二金鑰解密該第二加密資料。 According to the third party authentication method of the cloud transaction system according to claim 1, wherein in the step (b), the authentication host encrypts a plurality of commodity hyperlinks into a plurality of different second keys. The second encrypted data, in the step (e), the authentication host decrypts the second encrypted data by using one of the corresponding second keys. 根據申請專利範圍第1項所述的雲端交易系統之第三方認證方法,其中,該步驟(b)中該認證主機是以該唯一識別碼分別配合多個不同的第二金鑰來分別加密多個商品超連結成為多個第二加密資料,該步驟(e)中該認證主機 是以該唯一識別碼配合其中一對應的第二金鑰解密該第二加密資料。 According to the third party authentication method of the cloud transaction system according to the first aspect of the patent application, in the step (b), the authentication host encrypts each of the unique identifiers with a plurality of different second keys respectively. The product hyperlink is a plurality of second encrypted data, and the authentication host in the step (e) The second encrypted data is decrypted by the unique identification code and one of the corresponding second keys. 根據申請專利範圍第1項或第2項所述的雲端交易系統之第三方認證方法,其中,該廠商主機具有一廠商資料,該步驟(d)中該廠商主機還傳送該廠商資料至該認證主機,該步驟(e)中該認證主機還比對該廠商資料並確認為已註冊後,才回傳該確認訊號至該廠商主機。 According to the third party authentication method of the cloud trading system according to the first or second aspect of the patent application, wherein the manufacturer host has a vendor data, and in the step (d), the vendor host further transmits the vendor data to the certification. The host, in the step (e), the authentication host also returns the confirmation signal to the vendor host after confirming that the vendor data is registered. 根據申請專利範圍第1項或第2項所述的雲端交易系統之第三方認證方法,其中,所述商品超連結是用於請求下載一應用程式,該處理訊號的內容為該應用程式的檔案。 The third party authentication method of the cloud transaction system according to the first or the second aspect of the patent application, wherein the product hyperlink is used to request to download an application, and the content of the processing signal is the file of the application. . 根據申請專利範圍第1項或第2項所述的雲端交易系統之第三方認證方法,其中,所述商品超連結是用於請求執行一應用程式,該處理訊號的內容為執行該應用程式的結果。 The third party authentication method of the cloud transaction system according to the first or the second aspect of the patent application, wherein the product hyperlink is used to request execution of an application, and the content of the processing signal is to execute the application. result. 根據申請專利範圍第2項所述的雲端交易系統之第三方認證方法,其中,該步驟(k)中該認證主機是以多個不同的第二金鑰分別加密多個商品超連結成為多個第二加密資料,該步驟(e)中該認證主機是以其中一對應的第二金鑰解密該第二加密資料。 According to the third-party authentication method of the cloud transaction system described in claim 2, in the step (k), the authentication host encrypts a plurality of commodity hyperlinks into a plurality of different second keys. The second encrypted data, in the step (e), the authentication host decrypts the second encrypted data by using one of the corresponding second keys. 根據申請專利範圍第2項所述的雲端交易系統之第三方認證方法,其中,該步驟(k)中該認證主機是以該唯一識別碼分別配合多個不同的第二金鑰來分別加密多個商品超連結成為多個第二加密資料,該步驟(e)中該認證主機 是以該唯一識別碼配合其中一對應的第二金鑰解密該第二加密資料。 According to the third-party authentication method of the cloud transaction system described in claim 2, wherein the authentication host in the step (k) encrypts the plurality of different second keys separately with the unique identification code. The product hyperlink is a plurality of second encrypted data, and the authentication host in the step (e) The second encrypted data is decrypted by the unique identification code and one of the corresponding second keys. 根據申請專利範圍第2項所述的雲端交易系統之第三方認證方法,其中,該通訊裝置為手機或平板電腦。 The third party authentication method of the cloud transaction system according to claim 2, wherein the communication device is a mobile phone or a tablet computer. 根據申請專利範圍第1項或第2項所述的雲端交易系統之第三方認證方法,其中,該晶片是設置於一晶片智慧卡,該步驟(a)中該終端單元是透過一讀卡器讀取該晶片的唯一識別碼。 The third-party authentication method of the cloud transaction system according to claim 1 or 2, wherein the chip is disposed on a chip smart card, and the terminal unit is through a card reader in the step (a) Read the unique identification code of the wafer. 根據申請專利範圍第11項所述的雲端交易系統之第三方認證方法,其中,該步驟(a)中該讀卡器是利用無線射頻技術感應讀取該晶片的唯一識別碼。 The third party authentication method of the cloud transaction system according to claim 11, wherein the card reader in the step (a) is a unique identification code for sensing the wafer by using a radio frequency technology.
TW101120455A 2012-06-07 2012-06-07 Third party authentication method for cloud transaction system TW201351312A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW101120455A TW201351312A (en) 2012-06-07 2012-06-07 Third party authentication method for cloud transaction system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW101120455A TW201351312A (en) 2012-06-07 2012-06-07 Third party authentication method for cloud transaction system

Publications (2)

Publication Number Publication Date
TW201351312A true TW201351312A (en) 2013-12-16
TWI478082B TWI478082B (en) 2015-03-21

Family

ID=50158057

Family Applications (1)

Application Number Title Priority Date Filing Date
TW101120455A TW201351312A (en) 2012-06-07 2012-06-07 Third party authentication method for cloud transaction system

Country Status (1)

Country Link
TW (1) TW201351312A (en)

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10140596B2 (en) * 2004-07-16 2018-11-27 Bryan S. M. Chua Third party authentication of an electronic transaction
US20080147548A1 (en) * 2006-12-13 2008-06-19 Lixian Jiang Online third party payment system as a guarantor for business transaction safety
CN101582896A (en) * 2009-06-24 2009-11-18 周哲 Third-party network authentication system and authentication method thereof
TW201115491A (en) * 2009-10-28 2011-05-01 Systex Corp Network transaction system and operating method
US20110307381A1 (en) * 2010-06-10 2011-12-15 Paul Kim Methods and systems for third party authentication and fraud detection for a payment transaction

Also Published As

Publication number Publication date
TWI478082B (en) 2015-03-21

Similar Documents

Publication Publication Date Title
JP7407254B2 (en) Authentication system and method using location matching
CN111582859B (en) Method, electronic device and medium for conducting point-of-sale transactions
US9530126B2 (en) Secure mobile payment processing
JP2025029021A (en) System and method for cryptographic authentication of contactless cards - Patents.com
AU2012370407B2 (en) Hub and spokes PIN verification
TWI605397B (en) Secure element and portable electronic device for financial transaction
KR101809221B1 (en) Method and system for secure authentication of user and mobile device without secure elements
JP7594999B2 (en) System and method for cryptographic authentication of contactless cards - Patents.com
JP2022501875A (en) Systems and methods for cryptographic authentication of non-contact cards
CN104424565A (en) Digital card-based payment system and method
KR20160106059A (en) Method and system for secure transmission of remote notification service messages to mobile devices without secure elements
TWI546748B (en) Portable electronic trading device
JP2024516604A (en) On-demand applications that extend web services
WO2016118087A1 (en) System and method for secure online payment using integrated circuit card
CA3173933A1 (en) Application-based point of sale system in mobile operating systems
KR20220033480A (en) Authenticate voice transaction with payment card
US20050138429A1 (en) Data communication intermediation program and apparatus for promoting authentication processing in cooperation with purchaser portable terminal having personal identification information and communication function
US20210390546A1 (en) Systems and Methods for Secure Transaction Processing
WO2003105037A1 (en) Data communication mediation apparatus cooperating with purchaser mobile terminal
TW201619880A (en) Network authentication method using card device
WO2017076173A1 (en) Mobile terminal, trade confirmation method and apparatus therefor, and smart card
US20230252463A1 (en) System and method for secure web service access control
AU2021329996A1 (en) Electronic payments systems, methods and apparatus
TW201351312A (en) Third party authentication method for cloud transaction system