TWI637620B - Dynamic attribute authentication agent signature system and method thereof - Google Patents

Dynamic attribute authentication agent signature system and method thereof Download PDF

Info

Publication number
TWI637620B
TWI637620B TW105143154A TW105143154A TWI637620B TW I637620 B TWI637620 B TW I637620B TW 105143154 A TW105143154 A TW 105143154A TW 105143154 A TW105143154 A TW 105143154A TW I637620 B TWI637620 B TW I637620B
Authority
TW
Taiwan
Prior art keywords
message
server
dynamic password
dynamic
voucher
Prior art date
Application number
TW105143154A
Other languages
Chinese (zh)
Other versions
TW201824810A (en
Inventor
賴昌祈
張明信
Original Assignee
中華電信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中華電信股份有限公司 filed Critical 中華電信股份有限公司
Priority to TW105143154A priority Critical patent/TWI637620B/en
Publication of TW201824810A publication Critical patent/TW201824810A/en
Application granted granted Critical
Publication of TWI637620B publication Critical patent/TWI637620B/en

Links

Landscapes

  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本發明係一種動態屬性認證代理簽章系統及方法,其透過電子商店端接收用戶端傳送之結帳與憑證訊息;動態密碼伺服端接收用戶端傳送之密碼訊息,據以產生動態密碼訊息;代理簽章伺服端、動態密碼伺服端、紀錄伺服端與電子商店端相互連結。其中,電子商店端判斷憑證訊息正確有效時,傳送結帳訊息之交易時間參數至動態密碼伺服端,動態密碼伺服端回傳動態密碼訊息;電子商店端再傳送結帳訊息、動態密碼訊息與用戶私鑰訊息至代理簽章伺服端,代理簽章伺服端接收並以雜湊函式產生區塊連結雜湊值,紀錄伺服端將其儲存以結束動態簽章。 The invention relates to a dynamic attribute authentication agent signature system and method, which receives a checkout and voucher message transmitted by a client through an electronic store; the dynamic password server receives a password message transmitted by a client, thereby generating a dynamic password message; The signature server, the dynamic password server, the record server and the electronic store are connected to each other. Wherein, when the electronic store determines that the voucher message is valid, the transaction time parameter of the checkout message is transmitted to the dynamic password server, and the dynamic password server returns the dynamic password message; the electronic store then transmits the checkout message, the dynamic password message and the user. The private key message is sent to the proxy signature server. The proxy signature server receives and hashes the hash value with the hash function, and the record server stores it to end the dynamic signature.

Description

動態屬性認證代理簽章系統及其方法 Dynamic attribute authentication agent signature system and method thereof

本發明是有關於一種認證系統及其方法,特別是有關於一種以OTP(One Time Password)動態密碼認證加入代理簽章機制之動態屬性認證代理簽章系統及其方法。 The invention relates to an authentication system and a method thereof, in particular to a dynamic attribute authentication agent signature system and method thereof, which adopts OTP (One Time Password) dynamic password authentication to join a proxy signature mechanism.

近年來,由於網際網路的普及化,使得藉由網際網路所形成的商業模式或是商品交易模式越來越成熟,故自動化交易的交易模式也越容易使消費者接受,因此類似的網路購物、線上拍賣等電子商務因應而生,各家銀行亦陸續推出網路銀行的服務,用戶/客戶可選擇不出門購物、不親臨櫃檯、不排隊等待,只需在家透過電腦登入購物網站或網路銀行網站,即可進行付款、轉帳等各種交易。 In recent years, due to the popularity of the Internet, the business model or commodity trading model formed by the Internet has become more and more mature, so the trading mode of automated trading is more easily accepted by consumers, so similar networks E-commerce such as road shopping and online auctions have emerged. Banks have also launched online banking services. Users/customers can choose not to go out shopping, not to visit the counter, not to wait in line, just log in to the shopping website through the computer at home or Online banking websites can make various transactions such as payment and transfer.

然而,目前線上交易存在伺服器金鑰代管容易有偽造的問題,而衍伸出伺服器金鑰代管偽造簽章之問題。 However, the current online transaction has the problem that the server key escrow is easy to be forged, and the server key is used to spoof the signature.

綜觀前所述,本發明之發明人思索並設計一種動態屬性認證代理簽章系統及其方法,以期針對習知技術之缺失加以改善,進而增進產業上之實施利用。 As described above, the inventors of the present invention contemplate and design a dynamic attribute authentication agent signature system and method thereof, in order to improve the lack of the prior art, thereby enhancing the implementation and utilization of the industry.

有鑑於上述習知技藝之問題,本發明之目的就是在提供一種動態屬性認證代理簽章系統及其方法,以解決習知技術所存在之缺失。 In view of the above-mentioned problems of the prior art, it is an object of the present invention to provide a dynamic attribute authentication agent signature system and method thereof to solve the shortcomings of the prior art.

根據本發明之目的,提出一種動態屬性認證代理簽章系統,其包含電子商店端、動態密碼伺服端、代理簽章伺服端、紀錄伺服端與憑證狀態伺服端。電子商店端接收用戶端所傳送之結帳訊息與憑證訊息。動態密碼伺服端通訊連接電子商店端,動態密碼伺服端接收用戶端所傳送之密碼訊息,並據以產生動態密碼訊息。代理簽章伺服端通訊連接動態密碼伺服端。紀錄伺服端通訊連接代理簽章伺服端。憑證狀態伺服端通訊連接電子商店端。其中,在電子商店端判斷憑證訊息為正確之狀態,且電子商店端經由憑證狀態伺服端驗證憑證訊息為有效之狀態時,電子商店端則傳送結帳訊息之交易時間參數至動態密碼伺服端,且動態密碼伺服端傳送動態密碼訊息至電子商店端;並且,電子商店端傳送結帳訊息、動態密碼訊息與用戶私鑰訊息至代理簽章伺服端,以使代理簽章伺服端根據結帳訊息、動態密碼訊息與用戶私鑰訊息,以雜湊函式產生區塊連結雜湊值,且代理簽章伺服端傳送區塊連結雜湊值至紀錄伺服端進行儲存,儲存完後,並產生動態簽章結束訊息,代理簽章伺服端傳送動態簽章結束訊息至電子商店端。 According to the purpose of the present invention, a dynamic attribute authentication proxy signature system is provided, which comprises an electronic store end, a dynamic password server, a proxy signature server, a record server and a voucher state server. The e-shop receives the checkout message and credential message transmitted by the client. The dynamic password server communicates with the electronic store, and the dynamic password server receives the password message transmitted by the client and generates a dynamic password message accordingly. The proxy signature server communicates with the dynamic password server. Record the server communication link agent signature server. The voucher status server communication is connected to the electronic store. Wherein, when the electronic store determines that the credential message is in the correct state, and the electronic store verifies that the credential message is valid via the credential status server, the electronic store transmits the transaction time parameter of the checkout message to the dynamic password server. And the dynamic password server transmits the dynamic password message to the electronic store; and the electronic store transmits the checkout message, the dynamic password message and the user private key message to the proxy signature server, so that the proxy signature server is based on the checkout message. The dynamic password message and the user private key message are generated by the hash function, and the proxy signature server transmits the hash value to the record server for storage, and after the storage is completed, the dynamic signature end is generated. The message, the proxy signature server sends a dynamic signature end message to the electronic store.

較佳地,動態屬性認證代理簽章系統更可包含憑證管理端,其通訊連接代理簽章伺服端,在代理簽章伺服端接收並依據用戶端之申請作業訊息而產生憑證申請訊息且代理簽章伺服端傳送憑證申請訊息至憑證管理端時,憑證管理端則依據憑證申請訊息而產生憑證訊息。其中,在憑證狀態伺服端接收憑證管理端所傳送之憑證訊息時,憑證狀態伺服端則據以產生申請完成訊息,並傳送申 請完成訊息至代理簽章伺服端,且代理簽章伺服端傳送動態碼申請訊息與憑證訊息至動態密碼伺服端,以使動態密碼伺服端據以產生密碼訊息,動態密碼伺服端經由代理簽章伺服端傳送密碼訊息至用戶端。 Preferably, the dynamic attribute authentication proxy signature system further comprises a credential management terminal, and the communication connection proxy signature server end receives the voucher application message according to the application operation message of the user end and the proxy sign is received at the proxy signature server. When the server transmits the voucher application message to the voucher management terminal, the voucher management terminal generates a voucher message according to the voucher application message. Wherein, when the credential status server receives the credential message transmitted by the credential management terminal, the credential status server generates an application completion message and transmits the application Please complete the message to the proxy signature server, and the proxy signature server sends the dynamic code request message and the credential message to the dynamic password server so that the dynamic password server generates the password message, and the dynamic password server signs the signature via the proxy. The server transmits a password message to the client.

較佳地,動態屬性認證代理簽章系統更可包含驗證伺服端,其通訊連接動態密碼伺服端與紀錄伺服端,在驗證伺服端接收用戶端所傳送驗證請求訊息時,驗證伺服端則依據驗證請求訊息之交易驗證時間參數而產生提供數據請求訊息,並且,在驗證伺服端傳送提供數據請求訊息至紀錄伺服端,且在紀錄伺服端比對其資料庫中具有符合對應交易驗證時間參數之區塊連結雜湊值時,紀錄伺服端則傳送區塊連結雜湊值至驗證伺服端,以使驗證伺服端據以傳送啟動動態密碼訊息至用戶端。其中,在用戶端傳送密碼訊息至動態密碼伺服端且驗證伺服端傳送交易驗證時間參數至動態密碼伺服端時,動態密碼伺服端則據以產生動態密碼訊息,且動態密碼伺服端傳送動態密碼訊息至驗證伺服端;並且,驗證伺服端依據動態密碼訊息、用戶私鑰訊息與驗證請求訊息,以雜湊函式產生另一區塊連結雜湊值,且驗證伺服端比對另一區塊連結雜湊值與區塊連結雜湊值,以產生比對結果訊息,並傳送比對結果訊息至用戶端。 Preferably, the dynamic attribute authentication proxy signature system further comprises a verification server, and the communication connection is connected with the dynamic password server and the record server. When the verification server receives the verification request message sent by the client, the verification server is verified according to the verification. Requesting a transaction verification time parameter of the message to generate a data request message, and transmitting a data request message to the record server at the verification server, and having a zone corresponding to the corresponding transaction verification time parameter in the database on the record server When the block joins the hash value, the record server transmits the block link hash value to the verification server, so that the verification server transmits the start dynamic password message to the client. Wherein, when the client transmits a password message to the dynamic password server and the verification server transmits the transaction verification time parameter to the dynamic password server, the dynamic password server generates a dynamic password message, and the dynamic password server transmits the dynamic password message. To verify the server; and, the verification server generates another block-connected hash value by using a hash function according to the dynamic password message, the user private key message, and the verification request message, and the verification server compares the hash value with another block. The hash value is linked to the block to generate a comparison result message, and the comparison result message is transmitted to the client.

根據本發明之目的,另提出一種動態屬性認證代理簽章方法,其包含下列步驟:透過電子商店端接收結帳訊息與憑證訊息,在電子商店端判斷憑證訊息為正確之狀態,且電子商店端經由憑證狀態伺服端驗證憑證訊息為有效之狀態時,電子商店端則傳送結帳訊息之交易時間參數至動態密碼伺服端; 透過動態密碼伺服端接收密碼訊息,並據以產生動態密碼訊息;藉由動態密碼伺服端傳送動態密碼訊息至電子商店端;透過電子商店端傳送結帳訊息、動態密碼訊息與用戶私鑰訊息至代理簽章伺服端,以使代理簽章伺服端根據結帳訊息、動態密碼訊息與用戶私鑰訊息,以雜湊函式產生區塊連結雜湊值;以及利用代理簽章伺服端傳送區塊連結雜湊值至紀錄伺服端進行儲存,儲存完後,並產生動態簽章結束訊息,且代理簽章伺服端傳送動態簽章結束訊息至電子商店端。 According to the purpose of the present invention, a dynamic attribute authentication proxy signing method is further provided, which comprises the steps of: receiving a checkout message and a voucher message through an electronic store, determining that the voucher message is in a correct state at the electronic store end, and the electronic store side When the voucher status server verifies that the voucher message is valid, the e-shop transmits the transaction time parameter of the checkout message to the dynamic password server; Receiving password messages through the dynamic password server and generating dynamic password messages; transmitting dynamic password messages to the electronic store via the dynamic password server; transmitting checkout messages, dynamic password messages and user private key messages through the electronic store to Proxy signature server, so that the proxy signature server generates block-blocking hash values based on the checkout message, dynamic password message and user private key message, and uses the proxy signature server to transmit the block link hash. The value is stored in the record server, and after the storage is completed, a dynamic signature end message is generated, and the proxy signature server transmits the dynamic signature end message to the electronic store.

較佳地,在電子商店端接收結帳訊息與憑證訊息之步驟前,更可包含下列步驟:透過代理簽章伺服端接收並依據用戶端之申請作業訊息,以產生憑證申請訊息;藉由代理簽章伺服端傳送憑證申請訊息至憑證管理端,且憑證管理端依據憑證申請訊息產生憑證訊息;利用憑證管理端傳送憑證訊息至憑證狀態伺服端,並產生申請完成訊息,且憑證管理端傳送申請完成訊息至代理簽章伺服端;以及透過代理簽章伺服端傳送動態碼申請訊息與憑證訊息至動態密碼伺服端,以使動態密碼伺服端據以產生密碼訊息,且動態密碼伺服端傳送密碼訊息至代理簽章伺服端;以及藉由代理簽章伺服端傳送密碼訊息至用戶端。 Preferably, before the step of receiving the checkout message and the voucher message on the electronic store side, the method further includes the following steps: receiving, by the proxy signature server, the job request message according to the application of the client to generate the voucher application message; The signature server sends a voucher application message to the voucher management terminal, and the voucher management terminal generates a voucher message according to the voucher application message; the voucher management terminal transmits the voucher message to the voucher status server, and generates an application completion message, and the voucher management terminal transmits the application. Complete the message to the proxy signature server; and send the dynamic code request message and credential message to the dynamic password server through the proxy signature server, so that the dynamic password server generates the password message, and the dynamic password server transmits the password message. To the proxy signature server; and send the password message to the client through the proxy signature server.

較佳地,在代理簽章伺服端傳送動態簽章結束訊息至電子商店端之步驟後,更可包含下列步驟: 透過驗證伺服端接收用戶端所傳送之驗證請求訊息,且驗證伺服端依據驗證請求訊息之交易驗證時間參數而產生提供數據請求訊息;透過驗證伺服端傳送提供數據請求訊息至紀錄伺服端,且在紀錄伺服端比對其資料庫中具有符合對應交易驗證時間參數之區塊連結雜湊值時,紀錄伺服端則傳送區塊連結雜湊值至驗證伺服端;藉由驗證伺服端傳送啟動動態密碼訊息至用戶端;透過用戶端傳送密碼訊息至動態密碼伺服端;以及利用驗證伺服端傳送交易驗證時間參數至動態密碼伺服端,以使動態密碼伺服端據以產生動態密碼訊息,且動態密碼伺服端傳送動態密碼訊息至驗證伺服端;透過驗證伺服端依據動態密碼訊息、用戶私鑰訊息與驗證請求訊息,以雜湊函式產生另一區塊連結雜湊值,且驗證伺服端比對另一區塊連結雜湊值與區塊連結雜湊值,以產生比對結果訊息;以及利用驗證伺服端傳送比對結果訊息至用戶端。 Preferably, after the step of transmitting the dynamic signature end message to the electronic store end on the proxy signature server, the following steps may be further included: The verification server receives the verification request message transmitted by the client, and the verification server generates a data request message according to the transaction verification time parameter of the verification request message; and transmits the data request message to the record server through the verification server, and When the record server connects the hash value of the block with the corresponding transaction verification time parameter in the database, the record server transmits the block connection hash value to the verification server; by verifying that the server transmits the start dynamic password message to The user terminal transmits the password message to the dynamic password server through the client; and transmits the transaction verification time parameter to the dynamic password server by using the verification server, so that the dynamic password server generates the dynamic password message, and the dynamic password server transmits the data. Dynamic password message to the verification server; through the verification server, according to the dynamic password message, the user private key message and the verification request message, another block connection hash value is generated by the hash function, and the verification server compares the other block connection The hash value is associated with the block to match the hash value to generate a match If the message; and a server end using the authentication message delivery ratio results to the client.

承上所述,依本發明之動態屬性認證代理簽章系統及其方法,其可具有一或多個下述優點: In view of the above, the dynamic attribute authentication agent signature system and method thereof according to the present invention may have one or more of the following advantages:

(1)此動態屬性認證代理簽章系統及其方法可在代理簽章機制中加入一次性OTP動態密碼,以防止代理簽章端有可能偽造簽章的問題。 (1) The dynamic attribute authentication agent signature system and its method can add a one-time OTP dynamic password in the proxy signature mechanism to prevent the agent signature end from forging the signature.

(2)此動態屬性認證代理簽章系統及其方法可藉由在每次的交易明細(資訊)加入OTP動態密碼資訊,只有用戶端有權獲得當次的OTP動態密碼,可自行驗證。 (2) The dynamic attribute authentication agent signature system and its method can join the OTP dynamic password information in each transaction detail (information), and only the user terminal has the right to obtain the current OTP dynamic password, and can self-verify.

(3)此動態屬性認證代理簽章系統及其方法可藉由在每次的交易資訊使用區塊鏈結(Block Chain)機制串接,以雜湊函式(Hash)對電子交易進行區塊鏈結(Block Chain),對交易結果產生不可否認性之認證機制。 (3) The dynamic attribute authentication agent signature system and its method can perform blockchain on electronic transactions by hash function by using a blockchain mechanism in each transaction information. Block Chain, a non-repudiation certification mechanism for trading results.

1‧‧‧動態屬性認證代理簽章系統 1‧‧‧Dynamic Attribute Authentication Agent Signature System

10‧‧‧電子商店端 10‧‧‧Electronic store side

11‧‧‧動態密碼伺服端 11‧‧‧Dynamic password server

110‧‧‧動態密碼訊息 110‧‧‧Dynamic password message

12‧‧‧代理簽章伺服端 12‧‧‧Proxy signature server

120‧‧‧區塊連結雜湊值 120‧‧‧block link hash value

121‧‧‧動態簽章結束訊息 121‧‧‧Dynamic signature end message

122‧‧‧憑證申請訊息 122‧‧‧Voucher application message

123‧‧‧動態碼申請訊息 123‧‧‧Dynamic code application message

13‧‧‧紀錄伺服端 13‧‧‧record server

14‧‧‧憑證狀態伺服端 14‧‧‧Voucher Status Server

140‧‧‧申請完成訊息 140‧‧‧Application completion message

15‧‧‧憑證管理端 15‧‧‧Voucher management side

16‧‧‧驗證伺服端 16‧‧‧Verification server

160‧‧‧提供數據請求訊息 160‧‧‧ Provide data request message

161‧‧‧啟動動態密碼訊息 161‧‧‧Start dynamic password message

162‧‧‧另一區塊連結雜湊值 162‧‧‧ another block link hash value

163‧‧‧結果訊息 163‧‧‧ Results message

2‧‧‧用戶端 2‧‧‧Client

20‧‧‧結帳訊息 20‧‧‧Checkout message

21‧‧‧憑證訊息 21‧‧‧Voucher Information

22‧‧‧密碼訊息 22‧‧‧ Password Message

23‧‧‧用戶私鑰訊息 23‧‧‧User private key message

24‧‧‧申請作業訊息 24‧‧‧Application for job information

25‧‧‧驗證請求訊息 25‧‧‧Verification request message

S31~S35、S300~S304、S360~S366‧‧‧步驟 S31~S35, S300~S304, S360~S366‧‧‧ steps

第1圖係為本發明之動態屬性認證代理簽章系統之第一實施例之系統示意圖。 1 is a schematic diagram of a system of a first embodiment of a dynamic attribute authentication proxy signature system of the present invention.

第2圖係為本發明之動態屬性認證代理簽章系統之第一實施例之系統方塊圖。 Figure 2 is a system block diagram of a first embodiment of the dynamic attribute authentication proxy signature system of the present invention.

第3圖係為本發明之動態屬性認證代理簽章系統之第二實施例之系統示意圖。 Figure 3 is a system diagram of a second embodiment of the dynamic attribute authentication agent signature system of the present invention.

第4圖係為本發明之動態屬性認證代理簽章系統之第二實施例之系統方塊圖。 Figure 4 is a system block diagram of a second embodiment of the dynamic attribute authentication proxy signature system of the present invention.

第5圖係為本發明之動態屬性認證代理簽章系統之第三實施例之系統示意圖。 Figure 5 is a system diagram of a third embodiment of the dynamic attribute authentication agent signature system of the present invention.

第6圖係為本發明之動態屬性認證代理簽章系統之第三實施例之系統方塊圖。 Figure 6 is a system block diagram of a third embodiment of the dynamic attribute authentication agent signature system of the present invention.

第7圖係為本發明之動態屬性認證代理簽章方法之第一流程圖。 Figure 7 is a first flow chart of the dynamic attribute authentication agent signature method of the present invention.

第8圖係為本發明之動態屬性認證代理簽章方法之第二流程圖。 Figure 8 is a second flow chart of the dynamic attribute authentication agent signature method of the present invention.

第9圖係為本發明之動態屬性認證代理簽章方法之第三流程圖。 Figure 9 is a third flow chart of the dynamic attribute authentication agent signature method of the present invention.

為利 貴審查員瞭解本發明之技術特徵、內容與優點及其所能達成之功效,茲將本發明配合附圖,並以實施例之表達形式詳細說明如下,而其中所使用之圖式,其主旨僅為示意及輔助說明書之用,未必為本發明實施後之真實比例與精準配置,故不應就所附之圖式的比例與配置關係侷限本發明於實際實施上的專利範圍,合先敘明。 The technical features, contents, and advantages of the present invention, as well as the advantages thereof, can be understood by the present inventors, and the present invention will be described in detail with reference to the accompanying drawings. The subject matter is only for the purpose of illustration and supplementary description. It is not necessarily the true proportion and precise configuration after the implementation of the present invention. Therefore, the scope and configuration relationship of the attached drawings should not be limited to the scope of patent application of the present invention. Narration.

以下將參照相關圖式,說明依本發明之動態屬性認證代理簽章系統及其方法之實施例,為使便於理解,下述實施例中之相同元件係以相同之符號標示來說明。 The embodiments of the dynamic attribute authentication agent signature system and the method thereof according to the present invention will be described below with reference to the related drawings. For the sake of understanding, the same components in the following embodiments are denoted by the same reference numerals.

請參閱第1圖及第2圖,其分別為本發明之動態屬性認證代理簽章系統之第一實施例之系統示意圖及系統方塊圖。如圖所示,動態屬性認證代理簽章系統1包含電子商店端10、動態密碼伺服端11、代理簽章伺服端12、紀錄伺服端13與憑證狀態伺服端14。電子商店端10接收用戶端2所傳送之結帳訊息20與憑證訊息21。動態密碼伺服端11通訊連接電子商店端10,動態密碼伺服端11接收用戶端2所傳送之密碼訊息22,並據以產生動態密碼訊息110。代理簽章伺服端12通訊連接動態密碼伺服端11。紀錄伺服端13通訊連接代理簽章伺服端12。憑證狀態伺服端14通訊連接電子商店端10。其中,在電子商店端10判斷憑證訊息21為正確之狀態,且電子商店端10經由憑證狀態伺服端14驗證憑證訊息21為有效之狀態時,電子商店端10則傳送結帳訊息20之交易時間參數至動態密碼伺服端11,且動態密碼伺服端11傳送動態密碼訊息22至電子商店端10;並且,電子商店端10傳送結帳訊息20、動態密碼訊息22與用戶私鑰訊息23至代理簽章伺服端12,以使代理簽章伺服端12根據結帳訊息20、動態密碼訊息22與用戶私鑰訊息23,以雜湊 函式產生區塊連結雜湊值120,且代理簽章伺服端12傳送區塊連結雜湊值120至紀錄伺服端13進行儲存,儲存完後,並產生動態簽章結束訊息121,代理簽章伺服端12傳送動態簽章結束訊息121至電子商店端10。 Please refer to FIG. 1 and FIG. 2 , which are respectively a system schematic diagram and a system block diagram of a first embodiment of a dynamic attribute authentication proxy signature system according to the present invention. As shown in the figure, the dynamic attribute authentication agent signature system 1 includes an electronic store terminal 10, a dynamic password server 11, a proxy signature server 12, a record server 13 and a voucher state server 14. The electronic store 10 receives the checkout message 20 and the voucher message 21 transmitted by the client 2. The dynamic password server 11 communicates with the electronic store 10, and the dynamic password server 11 receives the password message 22 transmitted by the client 2, and generates a dynamic password message 110 accordingly. The proxy signature server 12 communicates with the dynamic password server 11. The record server 13 communicates with the proxy signature server 12 . The voucher status server 14 communicates with the electronic store end 10. Wherein, when the electronic store 10 determines that the voucher message 21 is in the correct state, and the electronic store end 10 verifies that the voucher message 21 is valid via the voucher status server 14, the e-shop 10 transmits the transaction time of the checkout message 20. The parameter is sent to the dynamic password server 11, and the dynamic password server 11 transmits the dynamic password message 22 to the electronic store 10; and the electronic store 10 transmits the checkout message 20, the dynamic password message 22 and the user private key message 23 to the agent sign. The server 12 is configured to cause the proxy signature server 12 to hash according to the checkout message 20, the dynamic password message 22, and the user private key message 23. The function generation block joins the hash value 120, and the proxy signature server 12 transmits the block connection hash value 120 to the record server 13 for storage. After the storage, the dynamic signature end message 121 is generated, and the proxy signature server is generated. 12 transmits the dynamic signature end message 121 to the electronic store end 10.

具體而言,本發明之動態屬性認證代理簽章系統1包含了電子商店端10、動態密碼伺服端11、代理簽章伺服端12、紀錄伺服端13與憑證狀態伺服端14。電子商店端10可為一般的線上購物平台,紀錄伺服端13可為資料儲存伺服器。電子商店端10通訊連接動態密碼伺服端11,代理簽章伺服端12通訊連接動態密碼伺服端11,紀錄伺服端13通訊連接代理簽章伺服端12,而憑證狀態伺服端14通訊連接電子商店端10。因此,在使用者在電子商店端10進行購買商品,並於完成後,要求電子商店端10進行結帳,此時,電子商店端10會檢驗用戶端2之憑證訊息21的正確性,並向憑證狀態伺服端14查驗憑證訊息21的有效性201。若憑證訊息21為正確且有效,電子商店端10會提供交易時間參數(即結帳簽章時間參數,為一時間點,如幾年幾月幾日幾分幾秒)至動態密碼伺服端11。接著,動態密碼伺服端11會要求使用者提供密碼訊息22以產生一次性動態密碼訊息110,而在使用者提供密碼訊息22給動態密碼伺服端11後,動態密碼伺服端11則產生動態密碼訊息110。而後,動態密碼伺服端11將動態密碼訊息110提供給電子商店端10,而電子商店端10要求代理簽章伺服端12以此動態密碼訊息110、使用者的交易時間,及其所選購之商品,以使用者的用戶私鑰訊息23進行簽章,此時,代理簽章伺服端12會以此動態密碼訊息110、使用者的交易時間,及其所選購之商品,一起以雜湊函式進行區塊鏈結,再將此區塊鏈結之區塊連結雜湊值120傳送至紀錄伺服端13。最後, 紀錄伺服端13將區塊連結雜湊值120進行儲存後,會通知代理簽章伺服端12已完成區塊連結雜湊值120儲存,代理簽章伺服端12則傳送動態簽章結束訊息121至電子商店端10,通知已完成動態屬性認證代理簽章程序,而電子商店端10亦會通知使用者,已完成商品購買與結帳交易。 Specifically, the dynamic attribute authentication agent signature system 1 of the present invention includes an electronic store terminal 10, a dynamic password server terminal 11, a proxy signature server terminal 12, a record server terminal 13, and a voucher state server terminal 14. The electronic store end 10 can be a general online shopping platform, and the record server 13 can be a data storage server. The electronic store terminal 10 communicates with the dynamic password server terminal 11, the proxy signature server terminal 12 communicates with the dynamic password server terminal 11, the record server terminal 13 communicates with the agent signature server terminal 12, and the voucher state server terminal 14 communicates with the electronic store terminal. 10. Therefore, the user purchases the product at the electronic store end 10, and upon completion, asks the electronic store 10 to perform checkout. At this time, the electronic store 10 checks the correctness of the voucher message 21 of the client 2, and The voucher status server 14 checks the validity 201 of the voucher message 21. If the voucher message 21 is correct and valid, the e-shop 10 will provide the transaction time parameter (ie, the checkout signature time parameter, which is a time point, such as a few minutes and a few days) to the dynamic password server 11 . Then, the dynamic password server 11 requests the user to provide the password message 22 to generate the one-time dynamic password message 110. After the user provides the password message 22 to the dynamic password server 11, the dynamic password server 11 generates a dynamic password message. 110. Then, the dynamic password server 11 provides the dynamic password message 110 to the electronic store 10, and the electronic store 10 requests the proxy signature server 12 to use the dynamic password message 110, the user's transaction time, and the purchase thereof. The product is signed by the user's private key message 23. At this time, the proxy signature server 12 will use the dynamic password message 110, the user's transaction time, and the purchased item together with the hash letter. The block link is performed, and the block-connected hash value 120 of the block link is transmitted to the record server 13. At last, After the record server 13 stores the block connection hash value 120, it will notify the agent signature server 12 that the block connection hash value 120 has been completed, and the agent signature server 12 transmits the dynamic signature end message 121 to the electronic store. End 10, notifying that the dynamic attribute authentication agent signature procedure has been completed, and the electronic store terminal 10 notifying the user that the purchase of the goods and the checkout transaction have been completed.

藉此,本發明提供一種安全的交易機制,在使用者完成選購商品,要求交易結帳簽章的流程,代理簽章伺服端12以OTP動態密碼、交易時間,及其所選購之商品,以使用者的私鑰簽章,再將OTP動態密碼、交易時間,及其所選購之商品一起以雜湊函式進行區塊鏈結,將此區塊鏈結雜湊值傳送至記錄伺服器保存。 Thereby, the present invention provides a secure transaction mechanism, in which the user completes the purchase of the product, requires the transaction checkout signature process, and the agent signature server 12 uses the OTP dynamic password, the transaction time, and the purchased product. The user's private key is signed, and then the OTP dynamic password, the transaction time, and the purchased goods are chained together in a hash function, and the hash value of the block link is transmitted to the record server. save.

請參閱第3圖及第4圖,其分別為本發明之動態屬性認證代理簽章系統之第二實施例之系統示意圖及系統方塊圖,並請一併參閱第1圖及第2圖。如圖所示,本實施例中之動態屬性認證代理簽章系統與上述第一實施例之動態屬性認證代理簽章系統所述的相同元件的作動方式相似,故不在此贅述。然而,值得一提的是,在本實施例中,動態屬性認證代理簽章系統1較佳更可包含憑證管理端15,其通訊連接代理簽章伺服端12,在代理簽章伺服端12接收並依據用戶端2之申請作業訊息24而產生憑證申請訊息122且代理簽章伺服端12傳送憑證申請訊息122至憑證管理端15時,憑證管理端15則依據憑證申請訊息122而產生憑證訊息21。其中,在憑證狀態伺服端14接收憑證管理端15所傳送之憑證訊息21時,憑證狀態伺服端14則據以產生申請完成訊息140,並傳送申請完成訊息140至代理簽章伺服端12,且代理簽章伺服端12傳送動態碼申請訊息123與憑證訊息21至動態密碼伺服端11,以使動態密碼伺服端11據以產生密碼訊息22,動態密碼伺服端11經由代理簽章伺服 端12傳送密碼訊息22至用戶端2。 Please refer to FIG. 3 and FIG. 4 , which are respectively a system diagram and a system block diagram of a second embodiment of the dynamic attribute authentication proxy signing system of the present invention, and please refer to FIG. 1 and FIG. 2 together. As shown in the figure, the dynamic attribute authentication agent signature system in this embodiment is similar to the operation of the same component described in the dynamic attribute authentication agent signature system of the first embodiment, and therefore will not be described herein. However, it is worth mentioning that, in this embodiment, the dynamic attribute authentication proxy signature system 1 preferably further includes a credential management terminal 15 whose communication connection proxy signature server 12 receives on the proxy signature server 12 When the voucher application message 122 is generated according to the application operation message 24 of the client 2 and the proxy signature server 12 transmits the voucher application message 122 to the voucher management terminal 15, the voucher management terminal 15 generates the voucher message 21 according to the voucher application message 122. . When the voucher status server 14 receives the voucher message 21 transmitted by the voucher management terminal 15, the voucher status server 14 generates an application completion message 140 and transmits an application completion message 140 to the agent signature server 12, and The proxy signature server 12 transmits the dynamic code request message 123 and the credential message 21 to the dynamic password server 11 so that the dynamic password server 11 generates the password message 22, and the dynamic password server 11 performs the proxy signature servo. Terminal 12 transmits password message 22 to client 2.

舉例而言,本發明之動態屬性認證代理簽章系統1進一步還可包含憑證管理端15,其可通訊連接代理簽章伺服端12。因此,使用者在申請註冊建立動態屬性憑證時,可先向代理簽章伺服端12申請憑證前置作業,以使代理簽章伺服端12產製金鑰對,管理私密金鑰,產製憑證申請訊息122(即憑證申請檔)。接著,代理簽章伺服端12向憑證管理端15申請憑證,而由憑證管理端15簽發憑證訊息21,且憑證管理端15將使用者申請的憑證訊息21發行至憑證狀態伺服端14,提供電子交易系統查詢憑證信任來源。而後,憑證狀態伺服端14通知憑證管理端15其憑證發行完成,而憑證管理端15通知代理簽章伺服端12完成使用者憑證申請。 For example, the dynamic attribute authentication agent signature system 1 of the present invention may further include a credential management terminal 15 that can communicatively connect to the proxy signature server 12 . Therefore, when applying for registration to establish a dynamic attribute certificate, the user may first apply for a voucher pre-work to the agent signature server 12 to enable the agent signature server 12 to produce a key pair, manage the private key, and manufacture the certificate. Application message 122 (ie, voucher application file). Then, the proxy signature server 12 applies for the voucher to the voucher management terminal 15, and the voucher management terminal 15 issues the voucher message 21, and the voucher management terminal 15 issues the voucher message 21 requested by the user to the voucher state server 14 to provide electronic The trading system queries the source of the credential trust. Then, the voucher status server 14 notifies the voucher management terminal 15 that its voucher issuance is completed, and the voucher management terminal 15 notifies the agent signature server 12 to complete the user voucher application.

代理簽章伺服端12向動態密碼伺服端11,申請使用產生動態密碼訊息110,此時,動態密碼伺服端11確認使用者的憑證訊息21,並在確認正確後,動態密碼伺服端11通知代理簽章伺服端12,完成使用者申請啟動密碼,而代理簽章伺服端12亦通知使用者,申請註冊建立動態屬性憑證的程序完成。 The proxy signature server 12 applies to the dynamic password server 11 to generate a dynamic password message 110. At this time, the dynamic password server 11 confirms the user's credential message 21, and after confirming the correctness, the dynamic password server 11 notifies the proxy. The signature server 12 completes the user's application for the activation password, and the proxy signature server 12 also notifies the user that the application for registration to establish the dynamic attribute certificate is completed.

藉此,本發明提供使用者申請註冊建立動態屬性憑證,使用者可委由代理簽章伺服端12向憑證管理端15(即憑證管理中心)申請憑證,並將使用者的憑證發行至線上憑證狀態查詢系統,再向OTP動態密碼伺服器,申請使用產生OTP動態密碼 Thereby, the present invention provides a user to apply for registration to establish a dynamic attribute certificate, and the user can submit the certificate to the voucher management terminal 15 (ie, the voucher management center) by the agent signature server 12, and issue the user's certificate to the online certificate. The status inquiry system, and then apply to the OTP dynamic password server to generate an OTP dynamic password.

請參閱第5圖及第6圖,其分別為本發明之動態屬性認證代理簽章系統之第三實施例之系統示意圖及系統方塊圖,並請一併參閱第1圖至第4圖。如圖所示,本實施例中之動態屬性認證代理簽章系統與上述各實施例之動態屬性認證代理簽章系統所述的 相同元件的作動方式相似,故不在此贅述。然而,值得一提的是,在本實施例中,動態屬性認證代理簽章系統1較佳更可包含驗證伺服端16,其通訊連接動態密碼伺服端11與紀錄伺服端13,在驗證伺服端16接收用戶端2所傳送驗證請求訊息25時,驗證伺服端16則依據驗證請求訊息25之交易驗證時間參數而產生提供數據請求訊息160,並且,在驗證伺服端16傳送提供數據請求訊息160至紀錄伺服端13,且在紀錄伺服端13比對其資料庫中具有符合對應交易驗證時間參數之區塊連結雜湊值120時,紀錄伺服端13則傳送區塊連結雜湊值120至驗證伺服端16,以使驗證伺服端160據以傳送啟動動態密碼訊息161至用戶端2。其中,在用戶端2傳送密碼訊息22至動態密碼伺服端11且驗證伺服端16傳送交易驗證時間參數至動態密碼伺服端11時,動態密碼伺服端11則據以產生動態密碼訊息110,且動態密碼伺服端11傳送動態密碼訊息110至驗證伺服端16;並且,驗證伺服端16依據動態密碼訊息110、用戶私鑰訊息23與驗證請求訊息25,以雜湊函式產生另一區塊連結雜湊值162,且驗證伺服端16比對另一區塊連結雜湊值162與區塊連結雜湊值120,以產生比對結果訊息163,並傳送比對結果訊息163至用戶端2。 Please refer to FIG. 5 and FIG. 6 , which are respectively a system diagram and a system block diagram of a third embodiment of the dynamic attribute authentication proxy signing system of the present invention, and please refer to FIG. 1 to FIG. 4 together. As shown in the figure, the dynamic attribute authentication agent signature system in the embodiment is the same as the dynamic attribute authentication agent signature system of the above embodiments. The same components are operated in a similar manner, so they are not described here. However, it is worth mentioning that, in this embodiment, the dynamic attribute authentication proxy signature system 1 preferably further includes a verification server 16 that communicates with the dynamic password server 11 and the record server 13 at the verification server. 16, when receiving the verification request message 25 sent by the client 2, the verification server 16 generates a data request message 160 according to the transaction verification time parameter of the verification request message 25, and transmits the data request message 160 to the verification server 16 to The server 13 is recorded, and when the record server 13 has a block connection hash value 120 corresponding to the corresponding transaction verification time parameter in the database, the record server 13 transmits the block link hash value 120 to the verification server 16 So that the verification server 160 transmits the startup dynamic password message 161 to the client terminal 2 accordingly. When the user terminal 2 transmits the password message 22 to the dynamic password server 11 and the verification server 16 transmits the transaction verification time parameter to the dynamic password server 11, the dynamic password server 11 generates the dynamic password message 110, and the dynamic The password server 11 transmits the dynamic password message 110 to the verification server 16; and the verification server 16 generates another block-connected hash value in the hash function according to the dynamic password message 110, the user private key message 23 and the verification request message 25. 162, and the verification server 16 connects the hash value 162 and the block connection hash value 120 to another block to generate a comparison result message 163, and transmits the comparison result message 163 to the user terminal 2.

具體而言,本發明之動態屬性認證代理簽章系統1進一步還可包含驗證伺服端16,其通訊連接動態密碼伺服端11與紀錄伺服端13。因此,在使用者發生交易疑問時,可以發生交易疑問的時間點向驗證伺服端16要求驗證某一筆交易的正確性,而驗證伺服端16會要求紀錄伺服端13提供該筆交易時間之區塊鏈資料的內容。而在紀錄伺服端13提供驗證伺服端16此一筆交易時間之區塊鏈資料的內容後,驗證伺服端16會要求使用者以密碼訊息22啟動動態密碼伺服端11,而產生動態密碼訊息110。在使用者以密碼訊 息22啟動動態密碼伺服端11後,驗證伺服端16會提供動態密碼伺服端11當時交易的時間,而使動態密碼伺服端11產生與當時交易時間相同的動態密碼訊息110。 Specifically, the dynamic attribute authentication agent signature system 1 of the present invention may further include a verification server 16 that communicates with the dynamic password server 11 and the record server 13. Therefore, when the user has a transaction inquiry, the verification server 16 is required to verify the correctness of a transaction at the time when the transaction inquiry occurs, and the verification server 16 requests the record server 13 to provide the block of the transaction time. The content of the chain information. After the record server 13 provides the content of the blockchain data for verifying the transaction time of the server 16, the verification server 16 requests the user to activate the dynamic password server 11 with the password message 22 to generate the dynamic password message 110. In the user's password After the dynamic password server 11 is activated, the verification server 16 provides the time when the dynamic password server 11 is currently trading, and causes the dynamic password server 11 to generate the dynamic password message 110 which is the same as the transaction time at that time.

而後,動態密碼伺服端11將該動態密碼訊息110提供給驗證伺服端16,而驗證伺服端16則將動態密碼訊息110、使用者的用戶私鑰訊息23、當時的交易時間,及當時選購的商品,以雜湊函式產生另一區塊連結雜湊值162,再將此另一區塊連結雜湊值162與紀錄伺服端13區塊鏈結的區塊連結雜湊值120(即交易紀錄雜湊值資料)比對。最後,將比對結果傳送回使用者。 Then, the dynamic password server 11 provides the dynamic password message 110 to the verification server 16, and the verification server 16 sets the dynamic password message 110, the user's private key message 23, the current transaction time, and the current purchase. The commodity, the hash function is used to generate another block-connected hash value 162, and the other block-connected hash value 162 is combined with the block of the record server-side block block to join the hash value 120 (ie, the transaction record hash value). Information) Comparison. Finally, the comparison results are transmitted back to the user.

藉此,本發明所提供一種驗證所有交易結果資料紀錄的機制,在使用者要求驗證某一筆交易的正確性時,驗證伺服端16以OTP動態密碼、當時的交易時間,及當時選購的商品,並以雜湊函式產生雜湊值,再將此雜湊值與記錄伺服器中區塊鏈結的交易紀錄雜湊值資料比對,而對交易結果產生不可否認性之效果。 Accordingly, the present invention provides a mechanism for verifying all transaction result data records. When the user requests verification of the correctness of a transaction, the verification server 16 verifies the OTP dynamic password, the current transaction time, and the goods purchased at that time. And the hash value is generated by the hash function, and the hash value is compared with the transaction record hash value data of the block link in the record server, and the transaction result has a non-repudiation effect.

儘管於前述說明本發明之動態屬性認證代理簽章系統之過程中,亦已同時說明本發明之動態屬性認證代理簽章方法之概念,但為求清楚起見,以下另繪示步驟流程圖以詳細說明。 Although the concept of the dynamic attribute authentication agent signing method of the present invention has been described in the foregoing description of the dynamic attribute authentication agent signing system of the present invention, for the sake of clarity, the step flow chart is further illustrated below. Detailed description.

請參閱第7圖,其係為本發明之動態屬性認證代理簽章方法之第一流程圖,並請一併參閱第1圖及第2圖。如圖所示,本發明之動態屬性認證代理簽章方法可包含下列步驟:步驟S31:透過電子商店端接收結帳訊息與憑證訊息,在電子商店端判斷憑證訊息為正確之狀態,且電子商店端經由憑證狀態伺服端驗證憑證訊息為有效之狀態時,電子商店端則傳送結帳訊息之交易時間參數至動態密碼伺服端; 步驟S32:透過動態密碼伺服端接收密碼訊息,並據以產生動態密碼訊息;步驟S33:藉由動態密碼伺服端傳送動態密碼訊息至電子商店端;步驟S34:透過電子商店端傳送結帳訊息、動態密碼訊息與用戶私鑰訊息至代理簽章伺服端,以使代理簽章伺服端根據結帳訊息、動態密碼訊息與用戶私鑰訊息,以雜湊函式產生區塊連結雜湊值;以及步驟S35:利用代理簽章伺服端傳送區塊連結雜湊值至紀錄伺服端進行儲存,儲存完後,並產生動態簽章結束訊息,且代理簽章伺服端傳送動態簽章結束訊息至電子商店端。 Please refer to FIG. 7 , which is the first flow chart of the dynamic attribute authentication agent signature method of the present invention, and please refer to FIG. 1 and FIG. 2 together. As shown in the figure, the dynamic attribute authentication proxy signature method of the present invention may include the following steps: Step S31: receiving a checkout message and a voucher message through an electronic store, determining that the voucher message is in a correct state at the electronic store, and the electronic store When the voucher status server verifies that the credential message is valid, the electronic store transmits the transaction time parameter of the checkout message to the dynamic password server; Step S32: receiving a password message through the dynamic password server, and generating a dynamic password message according to the step; step S33: transmitting the dynamic password message to the electronic store by the dynamic password server; step S34: transmitting the checkout message through the electronic store, The dynamic password message and the user private key message are sent to the proxy signature server, so that the proxy signature server generates the block connection hash value by the hash function according to the checkout message, the dynamic password message and the user private key message; and step S35 : Using the proxy signature server to transfer the hash value to the record server for storage, after the storage, a dynamic signature end message is generated, and the proxy signature server transmits the dynamic signature end message to the electronic store.

請參閱第8圖,其係為本發明之動態屬性認證代理簽章方法之第二流程圖,並請一併參閱第1圖至第4圖。如圖所示,本發明之動態屬性認證代理簽章方法較佳地,在電子商店端接收結帳訊息與憑證訊息之步驟S31前,更可包含下列步驟:步驟S300:透過代理簽章伺服端接收並依據用戶端之申請作業訊息,以產生憑證申請訊息;步驟S301:藉由代理簽章伺服端傳送憑證申請訊息至憑證管理端,且憑證管理端依據憑證申請訊息產生憑證訊息;步驟S302:利用憑證管理端傳送憑證訊息至憑證狀態伺服端,並產生申請完成訊息,且憑證管理端傳送申請完成訊息至代理簽章伺服端;以及步驟S303:透過代理簽章伺服端傳送動態碼申請訊息 與憑證訊息至動態密碼伺服端,以使動態密碼伺服端據以產生密碼訊息,且動態密碼伺服端傳送密碼訊息至代理簽章伺服端;以及步驟S304:藉由代理簽章伺服端傳送密碼訊息至用戶端。 Please refer to FIG. 8 , which is a second flowchart of the dynamic attribute authentication proxy signature method of the present invention, and please refer to FIG. 1 to FIG. 4 together. As shown in the figure, the dynamic attribute authentication agent signature method of the present invention preferably further includes the following steps before the step S31 of receiving the checkout message and the voucher message at the electronic store: Step S300: signing the server through the proxy Receiving and processing the job information according to the application of the client to generate the voucher application message; step S301: transmitting the voucher application message to the voucher management terminal by the proxy signature server, and the voucher management terminal generates the voucher message according to the voucher application message; step S302: Using the credential management terminal to transmit the credential message to the credential status server, and generating an application completion message, and the credential management end transmits the application completion message to the proxy signature server; and step S303: transmitting the dynamic code request message through the proxy signature server And the credential message to the dynamic password server, so that the dynamic password server generates the password message, and the dynamic password server transmits the password message to the proxy signature server; and step S304: the password message is transmitted by the proxy signature server To the client.

請參閱第9圖,其係為本發明之動態屬性認證代理簽章方法之第三流程圖,並請一併參閱第1圖至第6圖。如圖所示,本發明之動態屬性認證代理簽章方法較佳地,在代理簽章伺服端傳送動態簽章結束訊息至電子商店端之步驟後,更可包含下列步驟:步驟S360:透過驗證伺服端接收用戶端所傳送之驗證請求訊息,且驗證伺服端依據驗證請求訊息之交易驗證時間參數而產生提供數據請求訊息;步驟S361:透過驗證伺服端傳送提供數據請求訊息至紀錄伺服端,且在紀錄伺服端比對其資料庫中具有符合對應交易驗證時間參數之區塊連結雜湊值時,紀錄伺服端則傳送區塊連結雜湊值至驗證伺服端;步驟S362:藉由驗證伺服端傳送啟動動態密碼訊息至用戶端;步驟S363:透過用戶端傳送密碼訊息至動態密碼伺服端;以及步驟S364:利用驗證伺服端傳送交易驗證時間參數至動態密碼伺服端,以使動態密碼伺服端據以產生動態密碼訊息,且動態密碼伺服端傳送動態密碼訊息至驗證伺服端;步驟S365:透過驗證伺服端依據動態密碼訊息、用戶 私鑰訊息與驗證請求訊息,以雜湊函式產生另一區塊連結雜湊值,且驗證伺服端比對另一區塊連結雜湊值與區塊連結雜湊值,以產生比對結果訊息;以及步驟S366:利用驗證伺服端傳送比對結果訊息至用戶端。 Please refer to FIG. 9 , which is a third flowchart of the dynamic attribute authentication agent signature method of the present invention, and please refer to FIG. 1 to FIG. 6 together. As shown in the figure, the dynamic attribute authentication agent signature method of the present invention preferably further includes the following steps after the step of transmitting the dynamic signature end message to the electronic store end on the proxy signature server: Step S360: The server receives the verification request message transmitted by the client, and the verification server generates a data request message according to the transaction verification time parameter of the verification request message; step S361: transmitting the data request message to the record server through the verification server, and When the record server has a block connection hash value corresponding to the corresponding transaction verification time parameter in the database, the record server transmits the block link hash value to the verification server; step S362: start by verifying the server transfer Dynamic password message to the user end; step S363: transmitting the password message to the dynamic password server through the client; and step S364: transmitting the transaction verification time parameter to the dynamic password server by using the verification server, so that the dynamic password server generates Dynamic password message, and dynamic password server transmits dynamic password message Authentication server end; Step S365: Through dynamic password authentication message based on the server end, the user The private key message and the verification request message generate another block-connected hash value by using a hash function, and the verification server compares the hash value of the hash value with the block to generate a comparison result message; and the step S366: The verification server is used to transmit the comparison result message to the client.

以上所述僅為舉例性,而非為限制性者。任何未脫離本發明之精神與範疇,而對其進行之等效修改或變更,均應包含於後附之申請專利範圍中。 The above is intended to be illustrative only and not limiting. Any equivalent modifications or alterations to the spirit and scope of the invention are intended to be included in the scope of the appended claims.

Claims (6)

一種動態屬性認證代理簽章系統,其包含:一電子商店端,其接收一用戶端所傳送之一結帳訊息與一憑證訊息;一動態密碼伺服端,其通訊連接該電子商店端,該動態密碼伺服端接收該用戶端所傳送之一密碼訊息,並據以產生一動態密碼訊息;一代理簽章伺服端,其通訊連接該動態密碼伺服端;一紀錄伺服端,其通訊連接該代理簽章伺服端;以及一憑證狀態伺服端,其通訊連接該電子商店端;其中,在該電子商店端判斷該憑證訊息為正確之狀態,且該電子商店端經由該憑證狀態伺服端驗證該憑證訊息為有效之狀態時,該電子商店端則傳送該結帳訊息之一交易時間參數至該動態密碼伺服端,且該動態密碼伺服端傳送該動態密碼訊息至該電子商店端;並且,該電子商店端傳送該結帳訊息、該動態密碼訊息與一用戶私鑰訊息至該代理簽章伺服端,以使該代理簽章伺服端根據該結帳訊息、該動態密碼訊息與該用戶私鑰訊息,以一雜湊函式產生一區塊連結雜湊值,且該代理簽章伺服端傳送該區塊連結雜湊值至該紀錄伺服端進行儲存,儲存完後,並產生一動態簽章結束訊息,該代理簽章伺服端傳送該動態簽章結束訊息至該電子商店端。 A dynamic attribute authentication agent signing system comprises: an electronic store end, which receives a checkout message and a voucher message transmitted by a client; and a dynamic password server that communicates with the electronic store, the dynamic The password server receives a password message transmitted by the client, and generates a dynamic password message accordingly; a proxy signature server that communicates with the dynamic password server; and a record server that communicates with the proxy a server; and a voucher status server connected to the electronic store; wherein the electronic store determines that the voucher message is in a correct state, and the electronic store verifies the voucher message via the credential status server When the status is valid, the electronic store transmits a transaction time parameter of the checkout message to the dynamic password server, and the dynamic password server transmits the dynamic password message to the electronic store; and the electronic store Transmitting the checkout message, the dynamic password message and a user private key message to the proxy signature server to enable the The signature server sends a block-connected hash value in a hash function according to the checkout message, the dynamic password message and the user private key message, and the proxy signature server transmits the block-connected hash value to The record server stores, after storage, generates a dynamic signature end message, and the proxy signature server transmits the dynamic signature end message to the electronic store. 如申請專利範圍第1項所述之動態屬性認證代理簽章系統,其更包含一憑證管理端,其通訊連接該代理簽章伺服端,在該代理簽章伺服端接收並依據該用戶端之一申請作業訊息而產生一憑證申請訊息且該代理簽章伺服端傳送該憑證申請訊息至該憑證管 理端時,該憑證管理端則依據該憑證申請訊息而產生該憑證訊息;其中,在該憑證狀態伺服端接收該憑證管理端所傳送之該憑證訊息時,該憑證狀態伺服端則據以產生一申請完成訊息,並傳送該申請完成訊息至該代理簽章伺服端,且該代理簽章伺服端傳送一動態碼申請訊息與該憑證訊息至該動態密碼伺服端,以使該動態密碼伺服端據以產生該密碼訊息,該動態密碼伺服端經由該代理簽章伺服端傳送該密碼訊息至該用戶端。 For example, the dynamic attribute authentication agent signing system described in claim 1 further includes a voucher management terminal, wherein the communication is connected to the proxy signature server, and is received by the proxy signature server according to the user terminal. Generating a voucher application message by applying for an operation message, and the agent signature server transmits the voucher application message to the voucher tube When the management end, the voucher management end generates the voucher message according to the voucher application message; wherein, when the voucher status server receives the voucher message transmitted by the voucher management terminal, the voucher status server generates Applying a completion message and transmitting the application completion message to the proxy signature server, and the proxy signature server transmits a dynamic code request message and the credential message to the dynamic password server to enable the dynamic password server According to the password message, the dynamic password server transmits the password message to the client via the proxy signature server. 如申請專利範圍第1項所述之動態屬性認證代理簽章系統,其更包含一驗證伺服端,其通訊連接該動態密碼伺服端與該紀錄伺服端,在該驗證伺服端接收該用戶端所傳送一驗證請求訊息時,該驗證伺服端則依據該驗證請求訊息之一交易驗證時間參數而產生一提供數據請求訊息,並且,在該驗證伺服端傳送該提供數據請求訊息至該紀錄伺服端,且在該紀錄伺服端比對其資料庫中具有符合對應該交易驗證時間參數之該區塊連結雜湊值時,該紀錄伺服端則傳送該區塊連結雜湊值至該驗證伺服端,以使該驗證伺服端據以傳送一啟動動態密碼訊息至該用戶端;其中,在該用戶端傳送該密碼訊息至該動態密碼伺服端且該驗證伺服端傳送該交易驗證時間參數至該動態密碼伺服端時,該動態密碼伺服端則據以產生該動態密碼訊息,且該動態密碼伺服端傳送該動態密碼訊息至該驗證伺服端;並且,該驗證伺服端依據該動態密碼訊息、該用戶私鑰訊息與該驗證請求訊息,以該雜湊函式產生另一區塊連結雜湊值,且該驗證伺服端比對另一區塊連結雜湊值與該區塊連結雜湊值,以產生一比對結果訊息,並傳送該比對結果訊息至該用戶端。 The dynamic attribute authentication agent signing system of claim 1, further comprising a verification server that communicates with the dynamic password server and the record server, and receives the client at the verification server. When the verification request message is transmitted, the verification server generates a data request message according to the transaction verification time parameter of the verification request message, and transmits the providing data request message to the record server at the verification server. And when the record server has a hash value of the block corresponding to the corresponding transaction verification time parameter in the database, the record server transmits the block link hash value to the verification server, so that the record server Verifying that the server transmits a dynamic password message to the client; wherein, when the client transmits the password message to the dynamic password server and the verification server transmits the transaction verification time parameter to the dynamic password server The dynamic password server generates the dynamic password message, and the dynamic password server transmits the dynamic password. Sending a message to the verification server; and the verification server generates another block connection hash value according to the dynamic password message, the user private key message and the verification request message, and the verification server ratio The hash value of the other block is connected to the hash value of the block to generate a comparison result message, and the comparison result message is transmitted to the client. 一種動態屬性認證代理簽章方法,其包含下列步驟: 透過一電子商店端接收一結帳訊息與一憑證訊息,在該電子商店端判斷該憑證訊息為正確之狀態,且該電子商店端經由一憑證狀態伺服端驗證該憑證訊息為有效之狀態時,該電子商店端則傳送該結帳訊息之一交易時間參數至一動態密碼伺服端;透過該動態密碼伺服端接收一密碼訊息,並據以產生一動態密碼訊息;藉由該動態密碼伺服端傳送該動態密碼訊息至該電子商店端;透過該電子商店端傳送該結帳訊息、該動態密碼訊息與一用戶私鑰訊息至一代理簽章伺服端,以使該代理簽章伺服端根據該結帳訊息、該動態密碼訊息與該用戶私鑰訊息,以一雜湊函式產生一區塊連結雜湊值;以及利用該代理簽章伺服端傳送該區塊連結雜湊值至一紀錄伺服端進行儲存,儲存完後,並產生一動態簽章結束訊息,且該代理簽章伺服端傳送該動態簽章結束訊息至該電子商店端。 A dynamic attribute authentication proxy signature method includes the following steps: Receiving a checkout message and a voucher message through an electronic store, determining, at the electronic store, that the voucher message is in a correct state, and the e-shop verifies that the voucher message is valid via a credential status server The electronic store transmits a transaction time parameter of the checkout message to a dynamic password server; receives a password message through the dynamic password server, and generates a dynamic password message; and transmits the dynamic password server by the dynamic password server Transmitting the dynamic password message to the electronic store; transmitting, by the electronic store, the checkout message, the dynamic password message and a user private key message to a proxy signature server, so that the proxy signature server is based on the node The account message, the dynamic password message and the user private key message generate a block-connected hash value in a hash function; and use the proxy-signature server to transmit the block-connected hash value to a record server for storage. After the storage is completed, a dynamic signature end message is generated, and the proxy signature server transmits the dynamic signature end message to the electronic Shop end. 如申請專利範圍第4項所述之動態屬性認證代理簽章方法,其中在該電子商店端接收該結帳訊息與該憑證訊息之步驟前,更包含下列步驟:透過該代理簽章伺服端接收並依據用戶端之一申請作業訊息,以產生一憑證申請訊息;藉由該代理簽章伺服端傳送該憑證申請訊息至一憑證管理端,且該憑證管理端依據該憑證申請訊息產生該憑證訊息;利用該憑證管理端傳送該憑證訊息至該憑證狀態伺服端,並產生一申請完成訊息,且該憑證管理端傳送該申請完成訊息至該代理簽章伺服端;以及 透過該代理簽章伺服端傳送一動態碼申請訊息與該憑證訊息至該動態密碼伺服端,以使該動態密碼伺服端據以產生該密碼訊息,且該動態密碼伺服端傳送該密碼訊息至該代理簽章伺服端;以及藉由該代理簽章伺服端傳送該密碼訊息至該用戶端。 The method for signing a dynamic attribute authentication agent according to claim 4, wherein before the step of receiving the checkout message and the voucher message at the electronic store, the method further comprises the following steps: receiving, by the proxy signature server, And applying the job message according to one of the user terminals to generate a voucher application message; the proxy signature server transmits the voucher application message to a voucher management terminal, and the voucher management terminal generates the voucher message according to the voucher application message Transmitting the credential message to the credential status server by using the credential management terminal, and generating an application completion message, and the credential management end transmits the application completion message to the proxy signature server; Transmitting, by the proxy signature server, a dynamic code request message and the credential message to the dynamic password server, so that the dynamic password server generates the password message, and the dynamic password server transmits the password message to the The proxy signature server; and the proxy message is transmitted to the client by the proxy signature server. 如申請專利範圍第4項所述之動態屬性認證代理簽章方法,其中在該代理簽章伺服端傳送該動態簽章結束訊息至該電子商店端之步驟後,更包含下列步驟:透過一驗證伺服端接收用戶端所傳送之一驗證請求訊息,且該驗證伺服端依據該驗證請求訊息之一交易驗證時間參數而產生一提供數據請求訊息;透過該驗證伺服端傳送該提供數據請求訊息至該紀錄伺服端,且在該紀錄伺服端比對其資料庫中具有符合對應該交易驗證時間參數之該區塊連結雜湊值時,該紀錄伺服端則傳送該區塊連結雜湊值至該驗證伺服端;藉由該驗證伺服端傳送一啟動動態密碼訊息至該用戶端;透過該用戶端傳送該密碼訊息至該動態密碼伺服端;以及利用該驗證伺服端傳送該交易驗證時間參數至該動態密碼伺服端,以使該動態密碼伺服端據以產生該動態密碼訊息,且該動態密碼伺服端傳送該動態密碼訊息至該驗證伺服端;透過該驗證伺服端依據該動態密碼訊息、該用戶私鑰訊息與該驗證請求訊息,以該雜湊函式產生另一區塊連結雜湊值,且該驗證伺服端比對另一區塊連結雜湊值與該區塊連結雜湊值,以產生一比對結果訊息;以及利用該驗證伺服端傳送該比對結果訊息至該用戶端。 The method for claiming a dynamic attribute authentication agent according to claim 4, wherein after the step of transmitting the dynamic signature end message to the electronic store end, the proxy signature server further comprises the following steps: The server receives a verification request message transmitted by the client, and the verification server generates a data request message according to the transaction verification time parameter of the verification request message; and transmits the data request message to the server through the verification server. Recording the server, and when the record server has a hash value of the block corresponding to the corresponding transaction verification time parameter in the database, the record server transmits the block link hash value to the verification server Sending a dynamic password message to the client by the verification server; transmitting the password message to the dynamic password server through the client; and transmitting the transaction verification time parameter to the dynamic password server by using the verification server End, so that the dynamic password server generates the dynamic password message, and the dynamic password servo Transmitting the dynamic password message to the verification server; the verification server generates another block connection hash value by using the hash function according to the dynamic password message, the user private key message and the verification request message, and the The verification server connects the hash value of the other block to the hash value of the block to generate a comparison result message; and uses the verification server to transmit the comparison result message to the client.
TW105143154A 2016-12-26 2016-12-26 Dynamic attribute authentication agent signature system and method thereof TWI637620B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW105143154A TWI637620B (en) 2016-12-26 2016-12-26 Dynamic attribute authentication agent signature system and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW105143154A TWI637620B (en) 2016-12-26 2016-12-26 Dynamic attribute authentication agent signature system and method thereof

Publications (2)

Publication Number Publication Date
TW201824810A TW201824810A (en) 2018-07-01
TWI637620B true TWI637620B (en) 2018-10-01

Family

ID=63639905

Family Applications (1)

Application Number Title Priority Date Filing Date
TW105143154A TWI637620B (en) 2016-12-26 2016-12-26 Dynamic attribute authentication agent signature system and method thereof

Country Status (1)

Country Link
TW (1) TWI637620B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI674788B (en) * 2018-09-03 2019-10-11 台灣海耶克股份有限公司 Digital cryptocurrency delivery method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201121280A (en) * 2009-12-10 2011-06-16 Mao-Cong Lin Network security verification method and device and handheld electronic device verification method.
US20130268444A1 (en) * 2010-05-28 2013-10-10 Jong Namgoong Three-factor user authentication method for generating otp using iris information and secure mutual authentication system using otp authentication module of wireless communication terminal
CN104898507A (en) * 2015-04-29 2015-09-09 德施曼机电(中国)有限公司 Bluetooth intelligent cloud lock system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201121280A (en) * 2009-12-10 2011-06-16 Mao-Cong Lin Network security verification method and device and handheld electronic device verification method.
US20130268444A1 (en) * 2010-05-28 2013-10-10 Jong Namgoong Three-factor user authentication method for generating otp using iris information and secure mutual authentication system using otp authentication module of wireless communication terminal
CN104898507A (en) * 2015-04-29 2015-09-09 德施曼机电(中国)有限公司 Bluetooth intelligent cloud lock system

Also Published As

Publication number Publication date
TW201824810A (en) 2018-07-01

Similar Documents

Publication Publication Date Title
US11271921B2 (en) Browser integration with cryptogram
CN107180350B (en) Method, device and system for multi-party sharing transaction metadata based on block chain
US7983993B2 (en) Authenticated payment
US10601774B2 (en) Domain name hi-jack prevention
CA2943562C (en) Real time virtual draft system and method
WO2021043063A1 (en) Certificate verification method, apparatus, and device, and readable storage medium
JP4509611B2 (en) Electronic signature assurance system, program and apparatus
KR20160136415A (en) Performing transactions using virtual card values
TW201023067A (en) Payment method, system and payment platform capable of improving payment safety by virtual card
AU2001259080A1 (en) Authenticated payment
US9602328B2 (en) System, method and computer program product for secure peer-to-peer transactions
US11271933B1 (en) Systems and methods for hosted authentication service
CN102956000A (en) Method and device for payment intermediation transaction data processing and payment intermediation network system
JP2018533131A (en) Authentication service customer data management method and system
TWI637620B (en) Dynamic attribute authentication agent signature system and method thereof
CA2947281C (en) Method and system for authentication token generation
JP2023500260A (en) Proxy mutual ledger authentication
JP2002251492A (en) Apparatus, method and system for electronic transaction
US20120005739A1 (en) Linked identities
US20150081546A1 (en) Systems and methods for authentication of an entity
CN104753673B (en) A kind of more Service Ticket correlating methods of user based on random associated code
CN108268500A (en) It transmits information and shows method, equipment and the system of information
US20240152912A1 (en) Authentication system and method
WO2017012058A1 (en) Method and system for issuing electronic certificate
CN117557360A (en) Digital creditor certificate generation method and device, computer equipment and storage medium

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees