201239790 六、發明說明: 【發明所屬之技術領域】 本發明係關於一種動態交易密碼認證系統及其方法,尤其是—種用於 商口口父易之女全機制,為了能夠簡化商品交易流程,以及自動化記帳的功 能’和增加交易的可靠度以及增強交易的安全性。 【先前技術】 近年來,由於網際網路的普及化,使得藉由網際網路所形成的商業模 式或是商品交易模式越來越成熟,故自動化交易以及C2C (c_mer τ〇 Consumer)的交易模式也越容易使消費者接受,因此類似的網路購物線上 拍賣等電子商務因應而生,各家銀行亦陸續推出網路銀行的服務,用戶/客 戶可選擇不出門購物、不親_檯、不排隊等待,只需在家透過電腦登入 購物網站或網路銀行晴,即可進行付款、轉帳等各種交易。 目月’』所常見的交易付款方法有現金、支票、***付款(Credit Ca⑷、 RFID小額付款(悠遊卡)、金融卡轉帳或是借記卡(d咖㈤)等等大 夕非見金交易’且都需要用到卡片’由於卡片太多管理不易,以及使用卡 片風險太π ’谷易被偽造以及盜用,故需要—個很簡便、建置成本很低、 很合易可以取代現有付款方法的交易模式;以下所述為目前常見不需要卡 片之交易付款方法及其所產生的缺點; Π手機付々方法(第—種)’目前市面上的技術大多是將非接觸式晶 片(RFID)嵌人在手機背板,但缺點是容易有無線訊號干擾,以 及店家和'肖費者均需要有特殊裝置進行發送以及讀取,因此會造 成整體建置的成本變高。 201239790 (2)手機付款方法(第二種),是於手機的sim卡中做加密以及動態 ,、I產生再將此密碼作為交胃的憑證,但雜是這種方法需 要修改手機的晶片以及讀卡的裝置,成本和推行都有一定的阻礙。 ⑺㈣的SSL加密認證付款方法,其缺點是容易被有心人士娜内 ”並且破解其密碼,並且認證能力薄弱,很難以確認消費者的 唯-性,現行的業者都會搭配用规搭配其他的方案。 ⑷Paypal付款方法,係經由電子郵件或簡訊付款,消費者發送付款 電子郵件或是付款簡訊給商家,商家收到交易訊息後,依照收到 的交易訊雜_理題付款,付款途巾雖财便,但缺點是缺 乏深-層的安全性,·並不適用於快速的結帳方法,比較適用 於網路上比較沒有時效性的付款。 、上所述之網路線上模式的共通點,是使用者皆必織入自身的 金融資料,如***資料、銀行帳戶、密碼、登人帳號或是相關交易資料 ·##並透過網路傳輸到指定的***中心或網路銀行網站的飼服器;然 而’在使用者享受網路所帶來便利性極高的交易模式時,也存在著很大的 風險性,最常見賴險的就是網賴客所帶來喊脅…旦網路骇客入侵 使用者的電腦或;I:商店端關服H,很容易會被側錄或盜取使用者的私人 金融資料,這些私人金融資料很容易被網路駭客所盜用來洗劫網路銀行, 甚至亦有可能會把這些私人金融資料販賣給予一些非法的犯罪集團,其嚴 重性及影響性是無法評估與彌補的;另外由反網路釣魚工作小組(Anti_ Phishing Working Group , APWG)的統計資料中可知,70%以上的網路詐欺 行為皆直接鎖定網路銀行及網路金流服務,目的在於盜取帳號資料,洗劫 201239790 網路銀行。 因此,若能提供—種動態交易密碼認證系統及其方法能夠提供—種 很簡便、建置成本很低、交易安全性極高,並且很容易可以取代現有付款 方法的交易模式’應為一最佳解決方案。 秋 【發明内容】 本發明之目的即在於提供—種_交易密碼認證系統及其方法,係為 -種能夠簡化商品交易流程’同時可取代現有付款方法,並且具有自動化 記帳功能之商品交易系統及方法。 本發明之又-目的即在於提供—種動態交易密碼認證系統及其方法, 係為了增加交易的可靠度以及增強交易的安全性。 可達成上述發明目的之—種動駐易密碼認證緖及其方法係由消 費者應用模組 '商店端應用模組、交易伺服器模組、通訊模組、加密模组、 風險控管模組及金融帳戶模組所組成,因此當消費者需要金流服務時係 由消費者向商店端提出交易要求(向該商店端應用模組或是交易飼服器模 組提出«要求),並於該商店端取·費者帳號後,再域商店端將商家 代號以及消費者帳號經由該加密模組加密後傳輸至該交易舰器模組,同 時該交易舰ϋ模組會驗證商店端以及龍者資訊,接著再經由該風險控 管模組判斷交易的可行性後,隨即由交易舰器模組產生-次性動態交易 認證碼,並且透由通訊模組傳動到消費者手持裝置上,並提供給該商店端 應用模組,以作為結帳的交易憑證,因此能夠確認其交易正確性,使交易 流程能夠進行簡化之外,同時亦能夠增加交易的安全性、方便性及可靠度。 更具體的說,所述交易恤賴組能觸·生交騎需要的交易認 201239790 證碼’該交易認證碼具有-定有效使用時間及使用次數限制,並再經由該 通訊模·组(例如GSM)發送到消費者的手持裝置上,讓消費者在收到該密 碼函後’於-定有效使㈣㈣,以及認證:欠數内提供給鑛店端應用模 組,以作為認證使用。 更具體的說,所述商店端取得消費者提供的交易認證碼後,能夠經由 該加密模組與該交易舰器模組進行交易認證碼確認,以確認消f者以及 商店端的正確性,再與後端的金融帳戶模組進行交易成功扣款,或交易失 敗處理以及通知。 更具體的說’所述動態交易密碼認證系統係由消費者應用模組、商店 端應用模組、交易伺服器模組、通訊模組、加密模組、風險控管模組及金 融帳戶模組所組成,目此若是任何―方不㈣财訊,或是遭由駭客入侵 的情況下,會使得整體交易無法輕易的進行轉帳作業,以解決了***容 易被盜刷,眾多卡片攜帶不易之問題。 更具體的說,若是商店端的資料外洩,或是消費者的電腦遭竊或是被 植入木馬,導致他人取得商家代號或是消費者帳號,但他人無法使用此類 資訊進行交易,由於交易的過程,必須由該交易伺服器模組進行認證亦 會由電彳§公司發送簡§fL通知§忍證密碼’以進行雙重認證,達到快速且安全 之目的。 【實施方式】 有關於本發明之前述及其他技術内容、特點與功效,在以下配合參考 圖式之較佳實施例的詳細說明中,將可清楚的呈現。 請參閱圖一為本發明一種動態交易密碼認證系統及其方法之整體架構 6 201239790 圖’由圖中可知,該動態交易密碼認證系統係包含: -消費者應用模組卜係'為消f者進行交易付款所操作之裝置; 一商店端應關組2 ’ _«費者制· 1相介接,其中該商店 端應用模組2係為商店端提供消f者輸人資訊(消f者所輸人的消費者帳 號或疋交易認證碼)及辨識消費者輸入資訊之裝置; 加在、模組3,係與销店端應用模組2相介接,用以將該商店端應 用模組2所輸入之資料進行加密處理; -交易舰器模組4,係與該商店端應職組2及該加密模組3相介 接,該交易伺服器模組4係能夠將該加密模組3所輸入之資料進行驗證(檢 查該商店端、消費者或是交易認證碼的正確性),並㈣向該商店端應用模 組2回報處理結果;另外該交易舰繩組4魏夠祕產生交易所需要 的交易認證碼; 風險控s模組5 ’係與该交易飼服器模組4相介接,該風險控管模 組5 進行驗證消費者的帳戶餘額或是信用額度是否足夠用以判斷消 費者帳戶是否能夠進行扣款(經由該風險控管模組5驗證消費者帳戶是否 可以扣款,若是無法認證或是餘額从,會將錯誤訊息回報於該商店端應 用模組2,若是認證成功,會將_次性使用且有時效性的交易認證碼透由 該通訊模組6傳送該交易認證碼至該消f者顧模組i ); 通雜組6,係與该消費者應用模組】及該交易伺服器模組*相介 接用以將该乂易伺服器模組4所產生之交易認證碼傳送至該消費者應用 模組1 ; -金融帳戶模組7 ’係與該交易伺服器模組4及該風險控管模組5相 201239790 介接,能夠藉由該交易舰器模組4通知該金融帳戶模組7,以進行帳務處 理之動作(進行㈣者帳戶扣款),並將扣款處理結果(扣款成功訊息或是 扣款失敗訊息)藉由該交易舰器模組4回報至該商店端應用模組2 ; 因此當消f者需要金流服務時,係由_者向商店端提出交易要求(向 該商店端應用模組2或是交易飼服器模組4提出交易要求),因此商店端取 得消費者帳號後,再由商店端將商家代號以及消費者帳號經由該加密模組3 加密後傳輸至驗純服賭組4,同_交純服賴組4會驗證商店端 以及消費者資訊’接著再經由該風險控管漁5判斷交易的可行性(是否 能夠進行扣款)後’隨即由交易舰器模組4產生一次性動態交易認證碼, 並且透由通賴組6傳動制費者手縣置上,並提供給顧店端應用模 組2,以作為結帳的交易憑證,因此能夠確認其交易正確性,使交易流程能 夠進行簡化之外’同__增加交Μ安全性、枝性及可靠度。 值得-提的是’霸費者應闕組丨係為—手縣置,而該手持裝置 係為高階智慧餘動通織備錢僅純發文㈣歡㈣行動通訊設 備’其中該高階智慧型手機之運算能力強大,並且作綠體平台開放,例 如 Android、iPhone、Windows Phone、BlackBeny、Symbian 等手持裝置。 值得-提的是’該商店端係為實體商家、賣場、網路上商家、自動結 帳機β、公共或私人交通J1具、個人工作者、停車場或是計時制機器。 值得-提的是,該商店端取得消費者提供的交易認證碼後,能夠經由 該加密模組3與鼓純服賴組4進行以認證碼確認,以確認消費者 以及商店端的正確性,再與後端的金融帳戶模組7進行交易成功扣款,或 交易失敗處理以及通知。 8 201239790 值得-提的是’該商店端應用模組2係具有一輸入介面及一辨識介 面’其中該輸人介面係為鍵盤,滑鼠,觸㈣幕等,用以讓消費者能夠輸 入消費者帳號;另外該辨識介面係麟自動化辨識料#者_模組所提 供之條碼或是文字訊息,用以辨識取得消費者帳號。 值得-提的是,該加密模組3所使用之加密方法係為胸(d咖201239790 VI. Description of the Invention: [Technical Field of the Invention] The present invention relates to a dynamic transaction password authentication system and a method thereof, and more particularly to a mechanism for the commercialization of a commercial transaction, in order to simplify the commodity transaction process. And the ability to automate billing' and increase the reliability of transactions and enhance the security of transactions. [Prior Art] In recent years, due to the popularity of the Internet, the business model or commodity trading model formed by the Internet has become more and more mature, so the automated trading and C2C (c_mer τ〇Consumer) trading mode The easier it is for consumers to accept, so similar e-commerce such as online shopping online auctions have emerged. Banks have also launched online banking services. Users/customers can choose not to go shopping, not to stay, not to Waiting in line, you can log in to the shopping website or online banking through your computer at home, and you can make various transactions such as payment and transfer. The common payment methods for the month are: cash, check, credit card payment (Credit Ca (4), RFID micropayment (youyou card), financial card transfer or debit card (d coffee (five)), etc. 'And all need to use the card' because the card is too difficult to manage, and the risk of using the card is too π 'Gu Yi is forged and stolen, so need to be - very simple, low construction cost, very easy to replace the existing payment method The transaction mode; the following is a common transaction payment method for cards that are not required at present; and the disadvantages caused by the problem of the mobile phone payment method (the first type). Most of the technologies currently on the market are non-contact wafers (RFID). Embedded in the back of the phone, but the disadvantage is that it is easy to have wireless signal interference, and the store and the "Shaffer" need to have special devices to send and read, so the overall cost of the construction will become higher. 201239790 (2) mobile phone The payment method (the second type) is to encrypt and dynamically in the sim card of the mobile phone, and I generate the password as a voucher for the stomach, but the method is to modify the hand. The chip and the device for reading the card have certain obstacles to the cost and implementation. (7) (4) The SSL encryption authentication payment method has the disadvantage that it is easy to be trusted by the person Naina and cracks the password, and the authentication ability is weak, it is difficult to confirm the consumption. The only nature of the person, the current industry will match the rules with other programs. (4) Paypal payment method, through email or SMS payment, consumers send payment emails or payment newsletters to merchants, after the merchant receives the transaction message, According to the received transaction news, the payment method is financial, but the shortcoming is the lack of deep-layer security. · It is not suitable for the fast checkout method. It is more suitable for the Internet. The common point of the online online mode mentioned above is that the user must weave his own financial information, such as credit card information, bank account, password, login account or related transaction information. The network is transmitted to the feeder of the designated credit card center or online banking website; however, 'the convenience of users enjoying the Internet is extremely high. In the easy mode, there is also a lot of risk. The most common risk is the screaming threat of the Internet hacker... Once the Internet hacker invades the user's computer or; I: The store is closed to the service H, it is easy They will be screened or stolen from users' private financial information. These private financial materials are easily stolen by Internet hackers to smuggle online banking. They may even sell these private financial materials to illegal criminal groups. The severity and impact of this cannot be assessed and compensated. In addition, the statistics of the Anti-Phishing Working Group (APWG) show that more than 70% of online frauds directly lock online banking. And the network flow service, the purpose is to steal account information, looting 201239790 online banking. Therefore, if you can provide a dynamic transaction password authentication system and its methods can provide - a very simple, low construction costs, transaction security The transaction model that is extremely high and can easily replace the existing payment method 'should be an optimal solution. Autumn [Invention] The object of the present invention is to provide a transaction password authentication system and method thereof, which is a commodity transaction system capable of simplifying the commodity transaction process and capable of replacing the existing payment method and having an automated billing function. method. Still another object of the present invention is to provide a dynamic transaction password authentication system and method thereof for increasing the reliability of transactions and enhancing the security of transactions. The utility model can be achieved by the consumer application module, the store application module, the transaction server module, the communication module, the encryption module, and the risk control module. And the financial account module, so when the consumer needs the cash flow service, the consumer requests the transaction from the store side (to the store application module or the transaction feeder module to make a «requirement), and After the store picks up the fee account, the domain store and the consumer account are encrypted by the encryption module and transmitted to the transaction ship module, and the transaction ship module verifies the store side and the dragon. Information, and then through the risk control module to determine the feasibility of the transaction, then the transactional ship module generates a sub-dynamic transaction authentication code, and through the communication module to the consumer handheld device, and Provided to the store-side application module as a transaction voucher for checkout, thus being able to confirm the correctness of the transaction, simplify the transaction process, and increase the security of the transaction. Sex, convenience and reliability. More specifically, the transaction-receiving group can touch the transaction required for the rider to recognize the 201239790 certificate. The transaction authentication code has a valid use time and a limit on the number of uses, and then via the communication mode group (for example) GSM) is sent to the consumer's handheld device, and the consumer is provided to the mine-side application module for use as a certification after receiving the password letter, and then providing the certificate to the mine-side application module. More specifically, after obtaining the transaction authentication code provided by the consumer, the store terminal can perform a transaction authentication code confirmation with the transaction ship module via the encryption module to confirm the correctness of the consumer and the store, and then Successful debit, or transaction failure processing and notification with the backend financial account module. More specifically, the dynamic transaction password authentication system is composed of a consumer application module, a store application module, a transaction server module, a communication module, an encryption module, a risk control module, and a financial account module. The composition, if any of the "not" (four) financial news, or invaded by the hacker, will make the entire transaction can not easily transfer the account, to solve the problem that the credit card is easy to be stolen, many cards are not easy to carry problem. More specifically, if the information on the store side is leaked, or the consumer's computer is stolen or implanted in a Trojan, the other person can obtain the merchant code or the consumer account, but others cannot use this information to trade, due to the transaction. The process must be authenticated by the transaction server module and will be sent by the company § § fL to inform the 忍 证 密码 密码 for double authentication for fast and secure purposes. The above and other technical contents, features, and advantages of the present invention will be apparent from the following detailed description of the preferred embodiments. Please refer to FIG. 1 for the overall architecture of a dynamic transaction password authentication system and method thereof. 201239790 As shown in the figure, the dynamic transaction password authentication system includes: - a consumer application module is a consumer The device operated by the transaction payment; a store end should be set to 2 ' _ « fee system · 1 interface, wherein the store application module 2 is for the store to provide information on the loss of the person The consumer account or the transaction authentication code of the input person and the device for identifying the input information of the consumer; the addition module 3 is connected with the application module 2 of the storefront for the application of the store end The data input by the group 2 is encrypted; the transaction ship module 4 is connected to the store-side application group 2 and the encryption module 3, and the transaction server module 4 is capable of encrypting the encryption module. The data entered in group 3 is verified (checking the correctness of the store, the consumer or the transaction authentication code), and (4) reporting the processing result to the store application module 2; in addition, the transaction ship group 4 Wei is secret Generate the transaction authentication code required for the exchange; risk control The s module 5' is interfaced with the transaction feeder module 4, and the risk control module 5 verifies whether the consumer's account balance or the credit limit is sufficient to determine whether the consumer account can be debited. (Through the risk control module 5 to verify whether the consumer account can be debited, if the authentication is not possible or the balance is received, the error message will be reported to the store application module 2, and if the authentication is successful, the _ secondary use will be used. And the time-sensitive transaction authentication code transmits the transaction authentication code to the consumer module i); the communication group 6 is associated with the consumer application module] and the transaction server The module* is configured to transmit the transaction authentication code generated by the transaction server module 4 to the consumer application module 1; the financial account module 7' and the transaction server module 4 The risk control module 5 is connected to 201239790, and the financial account module 7 can be notified by the transaction ship module 4 to perform the account processing action (for (4) account deduction), and the charge will be deducted Processing result (deduction success message or debit failure message) Returned to the store-side application module 2 by the transaction ship module 4; therefore, when the consumer needs the gold flow service, the transaction request is submitted to the store by the _ person (to the store application module 2 or The transaction feeding device module 4 proposes a transaction request), so after the store obtains the consumer account, the store side encrypts the merchant code and the consumer account through the encryption module 3 and transmits the result to the verification service group 4, _ 纯 服 赖 组 4 4 will verify the store side and consumer information 'and then through the risk control fish 5 to determine the feasibility of the transaction (whether it can be debited), then the transaction ship module 4 will be generated once The dynamic transaction authentication code is set by the driver of the gambling group 6 and is provided to the store application module 2 as a transaction certificate for the checkout, thereby confirming the correctness of the transaction and making the transaction The process can be simplified beyond the same __ to increase the security, branching and reliability. It is worth mentioning that the 'heavy fee 阙 阙 阙 手 手 手 手 手 手 手 , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , It has powerful computing power and is open to the green platform, such as Android, iPhone, Windows Phone, BlackBeny, Symbian and other handheld devices. It is worth mentioning that the store is a physical business, a store, an online merchant, an automated checkout machine, a public or private transportation J1, a personal worker, a parking lot or a time-based machine. It is worth mentioning that after obtaining the transaction authentication code provided by the consumer, the store can confirm with the authentication code via the encryption module 3 and the drum service group 4 to confirm the correctness of the consumer and the store, and then The transaction is successfully debited with the financial account module 7 of the back end, or the transaction failure processing and notification. 8 201239790 It is worth mentioning that 'the store-side application module 2 has an input interface and a recognition interface', wherein the input interface is a keyboard, a mouse, a touch (four) screen, etc., for the consumer to input consumption The account number; in addition, the identification interface is a barcode or text message provided by the module. The module is used to identify the consumer account. It is worth mentioning that the encryption method used by the encryption module 3 is chest (d coffee)
Eruption Standard)、AES (Rijndad加密法)、RSA (非對稱加密演算法广 SSL (Secure Sockets Layer)通訊協定等。 值得-提的是,駐易伺服器模組4能夠動態產生交易所需要的交易 認證碼,該交易認證碼係、為-次性使用密碼及具有使用次數限制,並再經 由該通訊歡(.GSM)魏⑽_者顧顯,讓;肖費者在收到交 易認證碼後,於-线效使用時間内,以及認證次數内提供給該商店端= 用模組2,以作為認證使用。 值得-提的是,該交易認證碼係、為有時效性的—次性使用密碼或是無 時效性的一次性使用密碼。 值得-提的是,該交易認證碼係由驗證交易的相關資訊(係由時間序 號、消費者帳號、商店端代號)採用錄加密編碼而成。 值付k的疋,a玄通机模組6係能夠藉由簡訊、傳直七a 姆網_简糊心瓣魏_=== 的傳送*該仃動式通訊協定係為GSM、PHS、CDMA、3Γ + _ G 或是 WiMAX。 4 j的疋,該通訊模組6係為通訊系統服務商或是電信營運商。 值得一提的是,該金融帳戶模組7係為銀行或是麵帳戶:翠位。 201239790 值得一提的是,該動態交易密碼認證系統係由消費者應用模組1、商 店端應用模組2、加密模組3、交易伺服器模組4、風險控管模組5、通訊 模組6及金融帳戶模組7所組成,因此若是任何一方不慎洩漏資訊,或是 遭由骇客入侵的情況下,會使得整體交易無法輕易的進行轉帳作業,以解 決了***容易被盜刷,眾多卡片攜帶不易之問題。 值得一提的是’若是商店端的資料外洩,或是消費者的電腦遭竊或是 被植入木馬,導致他人取得商家代號或是消費者帳號’但他人無法使用此 類資訊進行交易,由於交易的過程,必須由該交易伺服器模組進行認證, 亦會由電信公司發送簡訊通知認證密碼,以進行雙重認證,達到快速且安 全之目的。 請參閱圖二為本發明一種動態交易密碼認證系統及其方法之用於有一 般曰常消費性質的商品交易流程圖,由圖中可知,這一類用於一般日常消 費的產品之流程步驟為: 1.消費者向商店端提出結帳要求201 ; 2·若商店端收到消費者的要求後,即能夠取得消費者帳號,再透由 該加密模組加密後,會傳送加密後的交易資訊(消費者帳號、商 店端代號以及交易金額)輸入該交易伺服器模組2〇2 ; 3. 經由該交易伺服器模組判斷商店端、消費者及單據的正確性,若 判斷結果為否,則將錯誤訊息回傳至該提出交易需求的商店端 203 ; 4. 若該交易伺服器模組判斷結果為是,則由該風險控管模組判斷消 費者的帳戶餘額或是信用額度是否足夠,若判斷結果為否(無法 201239790 認證或是餘額不足),則會將錯誤訊息回傳至該提出交易需求的商 店端204 ; 5. 若該風險控管模組判斷結果為是,則會將一次性使用且有時效性 的交易認證碼,藉由該通訊模組傳送至該消費者205 ; 6. 當该消費者收到交易認證碼之後,會將交易認證碼提供給商家端 (商店端取得交易認證碼的方法係為消費者於—般輸入介面中輸 入交易認證碼’或是消費者提供條瑪或文字供商店端自動化辨 識,以取得交易認證碼),並再由該加密模組進行加密後,即輸入 該交易伺服器模組作為交易身分的確認2〇6 ;以及 7·當该父易伺服器模組檢查交易認證碼之有效性後,會向該金融帳 戶模組提出帳務處理要求,以執行扣款動作,並且將扣款後之訊 息(扣款成功訊息或是扣款失敗訊息)傳給商店端,由該商店端 通知消費者交易結果2〇7。 值得-提的是,該交㈣服H馳收顺#認證碼後,依照賴運算 先比對交易資訊(Μ者帳號、商店端代號、交易金額以及_ )的正確 性,再由資料庫中比對交易認證碼是否正確。 虽用於-般日常消費的產品時,例如網路店家消費或是自動商品販賣 機消費’其交易流程詳述如下: 1.網路店家消費實施流程: 0)消費者於網路上的商店中,先選定好消f的商品,並且進入 結帳流程時,於該轉縣(商店端)騎帳介面中,消費 者提供會員編號給該商店端應用模組要求結帳; 201239790 (2) 因此當該網路店家(商店端)的商店端應用模組收到消費者 的結帳要求以及會員編號之後,能夠再經由該加密模組進行 加密,並傳送商店端代號、會員編號以及交易金額進入該交 易伺服器模組,以認證商店端的正確性以及消費者的正確 性,並且再由該風險控管模組驗證帳戶是否可以扣款,若是 無法為證或疋餘額不足’會將錯誤訊息回傳於該網路店家(商 店端),若是認證成功,會將-次性使用且有時效性的認證 碼,透由該通訊模組傳送交易認證碼到該消費者應用模組; (3) 而當消費者收到交易認證碼之後,於該網路店家(商店端) 的交易認證碼輸人介財,將接收_交易認證碼提供於該 網路店家(商店端); ⑷當該網路店家(商店端)接收到交易認證碼後,再透由該加 密模組進行加密,並回傳至敍易值器顯作為交易身分 的確認,再由駐純顧模組檢查Μ認證碼的有效性 後,並通知該金融帳戶模組執行扣款動作,再將扣款成功或 失敗訊息回覆至朗路縣(商店端),以由該祕絲(商 店端)回覆消費者交易相關的訊息。 擬鍵ΓΓ—提岐,當㈣者操倫人設備付款時,«店夠提供虛 琎'。消費者輸入會員編號;反之,若消 麵鍵盤亦能夠提供會⑽。_使用網路消費·要 2. 自動商品販賣機消費實施例: 201239790 ⑴:費者在自動商品販賣機(商店端)前透由該自動商品販 :(商㈣)提供的介面’選擇要消費的商品後,開啟結 程並於結帳的操作介面中,提供會員編號,並向自動 商品販賣機(商店端)要求結帳(會員編號提供方法除了商 店端提供虛擬或是實體鍵盤給消費者輪入會員編號外,亦能 夠藉由該消費者應賴組提供條碼,供自動商品販賣機的條 碼掃描機進行掃描辨識); (2) 因此當該自動商品販賴(商店端)的商店端顧模組收到 消費者的結帳要求後,會將龍端代號、會員編號以及交易 金額’透由該加賴組進行加密後,再傳送於财易舰器 模組’以認證商店端的正確性以及㈣者的正雜,並且再 由該風險控管廳驗證帳戶是河以扣款,若是無法認證或 是餘額从,會將錯誤訊息回傳於該自動商品販賣機(商店 端),若是認證成功,餘—她使社辦雜的認證碼, 透由該通訊额傳送交易認證碼到歸費者應用模組,· (3)而當消費者收到交易認證碼之後,於該自動商品販賣機(商 店端)的交易認證碼輸人介面中,將接收_交易認證媽提 供於該自動商品販賣機(商店端);提供交易認證碼的方法除 了利用虛擬或實體鍵盤提供外,也可以利用手持裝置(消費 者應用模組)上收到交易伺服器提供的條碼’提供於該自動 商品販賣機(商店端)的條碼掃指器掃描辨識後,自動化輪 入交易認證碼; 13 201239790 ⑷當該自動商品販賣機(商店端)接收到交易認證碼後,再透 由該加密模組進行加密,並回傳至該交易舰器模組作為交 易身分的確認,再由該交㈣服器模組檢查交易認證碼的有 效性後’會通知該金鎌戶模組執行扣款動作,並將扣款成 功或失敗訊息喃至該自動商品販賴(商店端),並由該自 動商品販賣機(商店端)回覆消費者交易相關的訊息。 請參閱圖三為本發明-種動態交易密碼認證系統及其方法之用於有時 間消費性質的商品交易流程圖’這-類有時間消費性質的商品(例如停車 場的電子票《是計程車的服務費)通常有進人時_及出稱間並且 往往於使用完服務後才能得知交綠額,這_類交易適合先取得交易許可 證’並於消費完畢後才進行確歸制費麵,以完成整做紐程,用 以節省交易結帳時間;由圖三中可知,這—類用於有時間消費性質的商品 之流程步驟為: 1. 消費者向該商店端提出認證要求301 ; 2. 商店端收到消費者的要求後,即能夠取得消費者帳號,再透由該 加密模組加密後’會傳送加密後的消費者帳號以及商店端代號輸 入該交易伺服器模組3〇2 ; 3. 經由4 ㈣服器模組判斷商店端、消費者及單據的正確性 303,若判斷結果為否,則將錯誤訊息回傳至該提出交易需求的商 店端;若判斷結果為是,則將-次性使用且沒有時效性的交易認 證碼,藉由該通訊模組傳送至該消費者304 ; 4·當該消費者收败㈣證取後,則料_者完成於該商店端 14 201239790 之消費後,即能夠向該商店端提出結帳要求,並會將交易認證碼 提供給商家端,再將交易認證碼以及交易金額,經由該加密模組 進行加密後’即輸入該父易祠服器模組作為交易的碟認305 ; 5. 藉由該交易伺服器模組判斷交易認證碼之有效性,若判斷结果為 否,則會將錯誤訊息回傳至該提出交易需求的商店端;若判斷結 果為是,則再藉由該風險控管模組判斷是否能夠扣款3〇6,· 6. 藉由該風險控管模組判斷消費者的帳戶餘額或是信用額度是否足 夠’若判斷結果於(無法認證或是餘财足),騎將錯誤訊息 回傳至該提出交易需求的商店端;若判斷結果為是,則繼續輸入 s亥金融帳戶模組進行扣款307 ;以及 7. 藉由該金融帳戶模組進行帳務處理,以執行扣款動作,並將扣款 後之訊息(扣款成功訊息或是扣款失敗訊息)回傳給商店端,由 商店端知會消費者交易結果308。 值得一提的是,這一種用於有時間消費性質的商品交易方式大多用於 小額度的金額交易,但由於缺乏時效性的認證碼,故安全性會略低一層, 但結帳過程會比較快速。 本交易流程能夠用於有時間消費性質的產品,例如停車場消費,其流 程詳述如下: 1.停車場消費實施流程: ⑴當消f者在停車場(商店端)人明道前提供的„機,透 由介面提供會員錢,《該停車場(商純)要求取得交 易認證碼(會員編號提供方法除了商店端提供虛擬或是實體 15 201239790 鍵盤給消費者輸入會員編號外,亦能夠藉由該消費者應用模 組提供條碼,供停車場的條碼掃描機進行掃描辨識); (2) 接著該停車場(商店端)的·端應職組係會將商店端代 號、會員編號、時間等相關加密資訊經由該加密模組進行加 密’並傳送進入該交易伺服器模組,以認證商店端的正確性 以及消費者的正確性,若是無法認證,會魏誤訊息回傳於 該提出交易需求的停車場(商店端),若是認證成功,會將一 次性使用且沒有時效性的認證碼,透由該通訊模組傳送交易 認證碼到該消費者應用模組; (3) 而當消費者收到交易認證碼之後,等觸f者需要離開停車 場(商店端)時’於該停車場(商店端)的出σ閘道將交易 認證碼提供給停車場(商店端);提供交易認證碼的方法除了 利用虛擬或實體鍵盤提供外,也可以利用手持裝置(消費者 應用模組)上收到交易飼服器提供的條碼,提供於該停車場 (商店端)的條碼掃描器掃描辨識後,自動化輸人交易認證 碼; ⑷因此當該停車場(商店端)接收到交易認證碼以及消費的金 額後,再透由該加密模組進行加密,並回傳至該交易伺服器 模組作為交易身分的確認,並由該交㈣服H模組檢查交易 碼的有效性後’再由該風險控管模組進行認可此次交易 的可行性(驗證帳戶是否可以扣款)後,最後再通知該金融 帳戶模組執行扣款動作,並將扣款成功或失敗訊息回覆至該 201239790 停車場(商店端),最後由該停車場(商店端)回覆消費者交 易相關的訊息。 之提供帳號 請參閱圖四為本發明一種動態交易密碼認證系統及其方法 流程圖,由圖中可知,其流程步驟為: 1·判斷是否為商店端所支援之智慧型手機401,若判斷結果 進一步判斷是否要藉由智慧型手機提供條碼或文字給該商店端 402,若判斷結果為不支援之智慧型手機,則自行提供會員編號給 該商店端403,即可使該商店端能夠收到會員編號4〇4,並再提供 會員編號給該交易伺服器模組408 ; 2. 若判斷結果為是(藉由智慧型手機提供條碼給該商店端的商店端 應用模組),則開啟程式提供條碼讓該商店端進行掃描辨識4〇5 (由 消費者提供條碼於手婦幕上,並由顧料糊條碼掃描器進 行掃指辨識)’崎該商店端應用模組能夠接收會員編號4〇7,並 再提供會員編號給該交易伺服器模組4〇8 ;若判斷結果為否則開 啟相機辨贿麟條碼406,並使該商店端應賴域夠接收會員 編號407 ’以提供會員編號給該交易飼服器模組408 ;以及 3. 再由該交易伺服器模組進行認證會員編號及商店端代號,若認 證結果為正確,則進行後續交易流程410。 值侍-提的;^ ’該條碼係只—維條碼(例如upc/£AN/iAN、臟如^、 IATA 機制 Matrix、interieaved、c⑽p、c〇de 39、、蕭_7、 CODE 128 )—維條碼或是三祕碼(例如⑺顶)。 〇月 > 閱圖五為本發明一種動態交易密碼認證系統及其方法之取得消費 17 201239790 清單流程圖’而取得消費清單的方法係有兩種,其中—種是由商店端原有 的POS系統提供,而另外一種則是由消費者主動產生,如圖五中所示,其 流程步驟為: 1.取得商店端的商品選單501; 2· /肖費者係藉由具有相機或是條碼掃描功能的智慧型裝置,對準商 店端提供的商雜碼,輝得商店端贿店端傾观,再將該商 店端商品選單上的商品條碼,並經由智慧型裝置的辨識程式辨 識後取得商品代號5〇3 ; 3.判斷是否要繼續產生訂單5〇4,若判斷結果為否,則繼續新增商品 505且再次掃描與辨識取得商品代號5()3 :若判斷結果為是,則 將取得的商品代號經彙整後產生商品清單,再經由網路傳送於商 店端的資訊系統506 ;以及 4·最後,回傳確認訂單給消費者5〇7。 :值得—提的是,若轉飲店㈣《選單做躲得消費清單的實施例 說明’則是點菜選單上有商店端的條碼代號提供掃描_,而選單中的每 -道菜旁邊有印製條碼,可以提供新增菜單,當餐點新增完畢按下產生 &後,隨即透由網路傳送訂單給商店端,消費者的手機亦會有留—份清單 作為紀錄。 •本發明所提供之-種動駐易密碼認證系統及其方法,與其他應用技 術相互比較時,更具備下列優點: 本發m夠簡化商品交易流程,同時可取代現有付款方法,並且 具有自動化記帳之功能。 201239790 2·本發明能夠增加交料可靠度以及職交㈣安全性;另外本發 明亦能夠讓商家快速、輕易且安全的取得會員編號,並能夠減少 人為的介入,降低錯誤的產生。 3·本發霞觸消費者收到交易成㈣誠及交易清單明細,並能 夠使用自動匯入理財軟體中,成為交易流水帳,整理並且統計分 析後成表格以及圖表呈現,實現自動化記帳以及財務分析之目 藉由以上較佳·實施例之詳述,係希望能更加清楚描述本發明之特 徵與精神’而並非社述所揭露的較佳具體實施例來對本發明之範嘴加以 限制,反地’其目的是希望能涵蓋各種改變及具相等性的安排於本發明 所欲申請之專利範圍的範疇内。 【圖式簡單說明】 圖-為本發明-種動態交易密碼認證系統及其方法之整體架構圖· 法之用於有一般曰常 圖二為本發明一種動態交易密碼認證系統及其方 消費性質的商品交易流程圖; 用於有時間消費 圖二為本發明一種動態交易密瑪認證系統及其方、去之 性質的商品交易流程圖; 及其方法之提供帳號流程 圖四為本發明一種動態交易密碼認證系統 圖;以及 及其方法之取得消f清單流 圖五為本發明一種動態交易密碼認證系統 裎圖。 19 201239790 【主要元件符號說明】 1 消費者應用模組 2 商店端應用模組 3 加密模組 4 交易伺服器模組 5 風險控管模組 6 通訊模組 7 金融帳戶模組Eruption Standard), AES (Rijndad Encryption), RSA (Secure Sockets Layer), etc. It is worth mentioning that the Resident Server Module 4 can dynamically generate transactions required for transactions. The authentication code, the transaction authentication code, the password for the use of the password, and the limit of the number of uses, and then via the communication (.GSM) Wei (10) _ Gu Xian, let; Xiao Fei after receiving the transaction authentication code , in the - line effect time, and the number of certifications provided to the store side = use module 2, as a certification use. It is worth mentioning that the transaction authentication code system, for time-sensitive use - secondary use Password or non-time-sensitive one-time use password. It is worth mentioning that the transaction authentication code is encrypted and encoded by the relevant information of the verification transaction (by time serial number, consumer account number, store-side code). The value of k is 疋, a Xuan Tong machine module 6 can be transmitted by SMS, the transmission of the seven _ _ _ _ _ _ _ _ _ = = = = = = = = CDMA, 3Γ + _ G or WiMAX. 4 j 疋, the communication mode The 6 Series is a communication system service provider or a telecom operator. It is worth mentioning that the financial account module 7 is a bank or face account: Cui Bit. 201239790 It is worth mentioning that the dynamic transaction password authentication system is It consists of a consumer application module 1, a store application module 2, an encryption module 3, a transaction server module 4, a risk management module 5, a communication module 6, and a financial account module 7, so if any If one party accidentally leaks information or is invaded by a hacker, the whole transaction cannot be easily transferred, so as to solve the problem that the credit card is easy to be stolen and many cards are not easy to carry. It is worth mentioning that ' If the information on the store side is leaked, or the consumer's computer is stolen or implanted in a Trojan, causing others to obtain the merchant code or consumer account's but others cannot use such information to conduct transactions, due to the transaction process, it must be The transaction server module is authenticated, and the telecommunication company sends a short message notification authentication password for dual authentication for fast and secure purposes. See Figure 2 The invention relates to a dynamic transaction password authentication system and a method thereof for a commodity transaction flow chart having a general consumption characteristic. As can be seen from the figure, the process steps of the product for general daily consumption are as follows: 1. Consumers The checkout request 201 is submitted to the store; 2. If the store receives the consumer's request, the consumer account can be obtained, and after being encrypted by the encryption module, the encrypted transaction information (consumer account) is transmitted. Enter the transaction server module 2〇2; 3. Determine the correctness of the store, the consumer, and the document via the transaction server module. If the judgment result is no, the error message will be generated. Returning to the store side 203 that proposes the transaction demand; 4. If the transaction server module determines that the result is yes, the risk control module determines whether the consumer's account balance or the credit limit is sufficient, and if the result is judged If no (cannot 201239790 certification or insufficient balance), the error message will be sent back to the store side 204 that requests the transaction; 5. If the risk control module judges the result Yes, a one-time and time-sensitive transaction authentication code is transmitted to the consumer 205 by the communication module; 6. when the consumer receives the transaction authentication code, the transaction authentication code is provided to The merchant side (the method of obtaining the transaction authentication code on the store side is for the consumer to enter the transaction authentication code in the general input interface or the consumer to provide the bar or text for the store-side automatic identification to obtain the transaction authentication code), and then After the encryption module encrypts, the transaction server module is input as the confirmation of the transaction identity 2〇6; and 7. When the parent easy server module checks the validity of the transaction authentication code, the financial is The account module proposes a transaction processing request to perform the debit action, and transmits the post-deduction message (deduction success message or deduction failure message) to the store, and the store informs the consumer of the transaction result. 7. It is worth mentioning that after the payment (four) service H is shun the # authentication code, the correctness of the transaction information (the account number, the store code, the transaction amount and the _) is first compared according to the calculation, and then the database is used. Compare the transaction authentication code is correct. Although used for general consumer products, such as online store consumption or automatic merchandise consumption, the transaction process is detailed as follows: 1. Online store consumption implementation process: 0) Consumers in the store on the Internet When the goods are selected first, and when the checkout process is entered, in the transfer account of the transfer county (store side), the consumer provides the member number to the store application module to request checkout; 201239790 (2) When the store-side application module of the online store (store side) receives the checkout request of the consumer and the member number, the encrypted module can be encrypted, and the store-side code, the member number, and the transaction amount are transmitted. The transaction server module is used to authenticate the correctness of the store and the correctness of the consumer, and the risk control module can verify whether the account can be debited. If the certificate cannot be verified or the balance is insufficient, the error message will be returned. Passed to the online store (store side), if the authentication is successful, the authentication code will be used once and time-sensitive, and the transaction authentication code is transmitted to the communication module. Consumer application module; (3) When the consumer receives the transaction authentication code, the transaction authentication code of the online store (store side) is entered into the money, and the receiving transaction authentication code is provided to the online store. (Store side); (4) When the online store (store side) receives the transaction authentication code, it is encrypted by the encryption module, and then transmitted back to the Suiyi value display as a confirmation of the transaction status, and then After the module checks the validity of the authentication code, it notifies the financial account module to perform the deduction action, and then returns the deduction success or failure message to Langlu County (store side) for the secret line (shop side) Respond to messages related to consumer transactions. The key is ΓΓ 岐 岐 岐 岐 岐 当 当 当 当 当 当 当 当 当 当 当 当 当 当 当 当 当 当 当 当 当The consumer enters the membership number; otherwise, the keyboard can also provide the conference (10). _Using Internet consumption·To 2. Automatic merchandising machine consumption example: 201239790 (1): The fee is provided by the automatic merchandiser (shop (four)) before the automatic merchandiser (shop side) After the goods are opened, the settlement is opened and the member number is provided in the checkout operation interface, and the checkout is requested to the automatic merchandiser (shop side) (the member number providing method is provided in addition to the virtual or physical keyboard provided to the consumer on the store side) In addition to the member number, it is also possible to provide a bar code for the barcode scanner of the automatic merchandiser to scan and identify it; (2) Therefore, when the automatic merchandise is sold (store side), the store side After the module receives the consumer's checkout request, it will encrypt the dragon code, member number and transaction amount 'through the Jialai group and then transmit it to the Fortune Ship Module' to authenticate the store. Sexuality and (4) are mixed, and the risk control office verifies that the account is debited by the river. If it is unable to authenticate or the balance is passed, the error message will be returned to the automatic merchandiser. On the store side, if the authentication is successful, the rest-she will make the authentication code of the agency, and transmit the transaction authentication code to the payer application module through the communication amount, (3) and when the consumer receives the transaction authentication code In the transaction authentication code input interface of the automatic merchandising machine (shop side), the receiving_transaction authentication mom is provided to the automatic merchandising machine (store side); the method of providing the transaction authentication code is not only using a virtual or physical keyboard In addition, the handheld device (consumer application module) can also receive the barcode provided by the transaction server, and the barcode scanner provided on the automatic commodity vending machine (store side) scans and recognizes, and automatically enters the transaction authentication. Code; 13 201239790 (4) When the automatic merchandiser (store side) receives the transaction authentication code, it is encrypted by the encryption module and returned to the transaction vessel module as confirmation of the transaction identity, and then After the payment (four) server module checks the validity of the transaction authentication code, the company will notify the gold account module to perform the deduction action, and will revoke the success or failure of the deduction to the auto quotient. The product seller (shop side), and the automatic merchandiser (store side) replies to the consumer transaction related information. Please refer to FIG. 3, which is a flow chart of a commodity trading transaction with a time-consuming nature of a dynamic transaction password authentication system and a method thereof. [This type of goods with time-consuming nature (for example, an electronic ticket for a parking lot "is a service of a taxi) Fees) usually have time to enter and _ and often after the service is used to know the amount of green payment, this type of transaction is suitable for obtaining a trading license first, and after the consumption is completed, the realizing fee is Complete the whole process to save the transaction checkout time; as can be seen from Figure 3, the process steps for the goods with time consumption are: 1. The consumer submits the certification request to the store 301; 2 After receiving the request from the consumer, the store can obtain the consumer account, and then encrypt the encrypted consumer account and the store-side code to input the transaction server module 3〇2. 3. Determine the correctness of the store, the consumer and the document via the 4 (four) server module 303. If the result of the determination is no, the error message is transmitted back to the store where the transaction request is made; If yes, the transaction authentication code that is used once and has no timeliness is transmitted to the consumer 304 by the communication module; 4. When the consumer wins (four), the material is completed. After the purchase of the store end 14 201239790, the merchant can submit a checkout request to the store, and provide the transaction authentication code to the merchant, and then encrypt the transaction authentication code and the transaction amount through the encryption module. That is, the parent server module is input as the disc recognition of the transaction 305; 5. The validity of the transaction authentication code is judged by the transaction server module, and if the judgment result is no, the error message is transmitted back to the The store side that proposes the transaction demand; if the judgment result is yes, the risk control module determines whether the charge can be deducted 3,6, and the risk control module determines the consumer's account balance or Is the credit line sufficient? If the result of the judgment is (unable to be authenticated or surplus), the rider will return the error message to the store where the transaction request is made; if the judgment is yes, continue to input the s financial account module. Deduct 307; to 7. The account processing is performed by the financial account module to perform the deduction action, and the post-deduction message (deduction success message or deduction failure message) is transmitted back to the store, and the store knows to consume The result of the transaction is 308. It is worth mentioning that this kind of commodity trading method for time-consuming consumption is mostly used for small amount of money transactions, but due to the lack of time-sensitive authentication code, the security will be slightly lower, but the checkout process will be compared. fast. This transaction process can be used for products with time-consuming consumption, such as parking lot consumption. The process is detailed as follows: 1. Parking lot consumption implementation process: (1) When the consumer is in the parking lot (shop side), the machine provided by the person Providing member money by the interface, "The parking lot (Shangchun) requires the transaction authentication code (the member number providing method can be used by the consumer application in addition to the virtual or physical 15 201239790 keyboard for the consumer to enter the member number. The module provides bar code for the barcode scanner of the parking lot to scan and recognize); (2) Then, the terminal group of the parking lot (store side) will encrypt the relevant information such as the store code, member number and time. The module encrypts and transmits to the transaction server module to authenticate the correctness of the store and the correctness of the consumer. If the authentication is not possible, the message will be transmitted back to the parking lot (store side) where the transaction is requested. If the authentication is successful, the one-time use and no time-sensitive authentication code will be transmitted through the communication module. The authentication code is sent to the consumer application module; (3) When the consumer receives the transaction authentication code, when the user needs to leave the parking lot (shop side), the sigma gate of the parking lot (store side) will be The transaction authentication code is provided to the parking lot (store side); the method of providing the transaction authentication code can be provided by using a barcode provided by the transaction feeding device on the handheld device (consumer application module) in addition to the virtual or physical keyboard. After the bar code scanner of the parking lot (store side) scans and recognizes, the automatic input transaction authentication code is obtained; (4) Therefore, when the parking lot (store side) receives the transaction authentication code and the amount of consumption, the encryption module performs the encryption module. Encrypted and passed back to the transaction server module as a confirmation of the transaction status, and the service module checks the validity of the transaction code by the (4) service H module, and then the risk management module approves the transaction. After verifying whether the account can be debited, the financial account module is finally notified to perform the deduction action, and the deduction or success message is replied to the 201239790 At the parking lot (shop side), the parking lot (store side) is finally replied to the consumer transaction related information. For the account number, please refer to FIG. 4 is a flow chart of a dynamic transaction password authentication system and a method thereof according to the present invention. The process steps are as follows: 1. Determine whether the smart phone 401 supported by the store terminal is further determined whether the bar code or the text is to be provided to the store terminal 402 by the smart phone, and if the result is an unsupported smart type. The mobile phone provides the member number to the store 403, so that the store can receive the member number 4〇4, and then provide the member number to the transaction server module 408; 2. If the judgment result is yes ( The barcode is provided to the store-side application module of the store by the smart phone, and the barcode is opened by the program to enable the store to perform scanning identification 4〇5 (the barcode is provided by the consumer on the screen of the hand-held woman, and the Barcode scanner for sweeping finger identification) 'Saki's store-side application module can receive member number 4〇7 and provide member number to the transaction server module 4〇8; if the result of the judgment is otherwise, the camera discriminates the barcode 406, and the store end should receive the member number 407' to provide the member number to the transaction feeder module 408; and 3. The transaction server module performs the authentication member number and the store-side code. If the authentication result is correct, the subsequent transaction process 410 is performed. Value of the waiter - mention; ^ 'The bar code is only - dimension bar code (such as upc / £ AN / iAN, dirty such as ^, IATA mechanism Matrix, interieaved, c (10) p, c〇de 39, Xiao _7, CODE 128) - Dimension barcode or third secret code (for example, (7) top). 〇月> Read Figure 5 is a dynamic transaction password authentication system and its method for obtaining a consumption 17 201239790 list flow chart' and there are two methods for obtaining a consumption list, one of which is the original POS of the store side. The system provides, and the other is generated by the consumer initiative, as shown in Figure 5, the process steps are: 1. Get the store-side merchandise menu 501; 2 · / Shaw fee by scanning with a camera or barcode The functional smart device, which is aimed at the store code provided by the store, is the store's bribe store, and then the product barcode on the store's merchandise menu is identified by the smart device identification program. Code 5〇3; 3. Determine whether to continue to generate order 5〇4, if the judgment result is no, continue to add product 505 and scan and identify again to obtain product code 5 () 3: If the judgment result is yes, then After the obtained product code is collected, a list of goods is generated, and then transmitted to the information system 506 of the store via the network; and 4. Finally, the order is returned to the consumer 5〇7. : It is worth mentioning that if the tea-drinking shop (4) "The description of the example of the menu to avoid the consumption list" is on the order menu, there is a bar code code on the store side to provide scanning _, and each dish in the menu is printed next to it. Bar code, you can provide a new menu, when the meal is added and pressed to generate & then, the order is sent to the store through the network, the consumer's mobile phone will also have a checklist as a record. The invention provides a mobile station password authentication system and a method thereof, which have the following advantages when compared with other application technologies: The present invention can simplify the commodity transaction process, and can replace the existing payment method and has automation. Billing function. 201239790 2. The invention can increase the reliability of delivery and the safety of the service (4); in addition, the invention can enable the merchant to obtain the member number quickly, easily and safely, and can reduce the human intervention and reduce the error. 3. Benfa Xia touches the consumer to receive the transaction (4) Cheng and the transaction list details, and can use the automatic remittance financial software to become the transaction flow account, sort and statistical analysis into a form and chart presentation, to achieve automated billing and finance The purpose of the present invention is to limit the scope and spirit of the present invention by the detailed description of the preferred embodiments and the preferred embodiments of the present invention. The purpose of the present invention is to cover all kinds of changes and equivalents within the scope of the patent application scope of the invention. BRIEF DESCRIPTION OF THE DRAWINGS The present invention is a dynamic transaction password authentication system and its method. Commodity transaction flow chart; for time consumption consumption Fig. 2 is a dynamic transaction MME certification system of the present invention, and the nature of the commodity transaction flow chart; and the method of providing account flow chart four is a dynamic of the present invention A transaction password authentication system diagram; and a method for obtaining the same. The fifth embodiment of the present invention is a dynamic transaction password authentication system. 19 201239790 [Description of main component symbols] 1 Consumer application module 2 Store application module 3 Encryption module 4 Transaction server module 5 Risk management module 6 Communication module 7 Financial account module