TWI655589B - Information service payment system of two stage role authorization and passive heterogeneous integration method of single token thereof - Google Patents

Abstract

本發明係揭露一種兩階段角色授權之資訊服務付費系統及其單權杖被動式異質整合方法。資訊服務付費系統包含乙太網路供電模組、無線射頻識別模組、中央存取控制模組及分層授權身分辨識模組。乙太網路供電模組供電予資訊服務付費系統。無線射頻識別模組連結乙太網路供電模組，且對應使用者卡片取得卡片資訊。中央存取控制模組連結乙太網路供電模組及無線射頻識別模組，且對應卡片資訊產生授權資訊。分層授權身分辨識模組連結乙太網路供電模組及中央存取控制模組，且對應授權資訊提供至少一服務項目。 The invention discloses a two-stage role authorization information service payment system and a single weighted passive heterogeneous integration method thereof. The information service payment system includes an Ethernet power supply module, a radio frequency identification module, a central access control module, and a layered authorized identity recognition module. The Ethernet power supply module supplies power to the information service payment system. The RFID module is connected to the Ethernet power supply module, and the card information is obtained corresponding to the user card. The central access control module is coupled to the Ethernet power supply module and the radio frequency identification module, and generates authorization information corresponding to the card information. The layered authorized identity identification module is coupled to the Ethernet power supply module and the central access control module, and provides at least one service item corresponding to the authorization information.

Description

兩階段角色授權之資訊服務付費系統及其單權杖被動式異質 整合方法 Two-stage role authorization information service payment system and its single-scepter passive heterogeneity Integration method

本發明是有關於一種資訊服務付費系統及其異質整合方法，特別是有關於一種兩階段角色授權之資訊服務付費系統及其單權杖被動式異質整合方法。 The invention relates to an information service payment system and a heterogeneous integration method thereof, in particular to a two-stage role authorization information service payment system and a passive weight heterogeneous integration method thereof.

企業傳統上為某一目的而發展或購入的MIS各型獨立系統，面臨多元化性質的使用者需求及複雜作業程序產生高度的維護成本，除操作不方便外，還有資料產生時間落差問題，面對此不一致的異質系統整合上的挑戰，及愈來愈多客戶有直接消費為主的服務需求，大部份企業都有重新建構資訊系統的迫切需要。 The MIS-type independent systems that enterprises have traditionally developed or purchased for a certain purpose face a high degree of maintenance costs due to the diversified user needs and complex operating procedures. In addition to the inconvenient operation, there is also a problem of data generation time gap. Faced with the challenges of heterogeneous system integration, and more and more customers have direct consumption-oriented service needs, most companies have an urgent need to rebuild information systems.

當舊的設計架構與新一代架構整合時，需有結構化對應關係，就會面臨的幾個問題： When the old design architecture is integrated with the new generation architecture, there are several issues that need to be structured:

(1)新舊型系統整合機制架構不一，佈署困難，勢必考量重新架構系統或改寫程式，如此花費更多的成本，企業實難以負擔。 (1) The old and new system integration mechanisms are different in structure and difficult to deploy. It is necessary to consider re-architecting the system or rewriting the program. This will cost more and the enterprise will not be able to afford it.

(2)新舊型系統資料無法同步，或採用不同型態的資料庫需花費大量時間在資料的轉移上，造成使用者時常抱怨資料不即時及資料不同步。 (2) The old and new system data cannot be synchronized, or the different types of databases need to spend a lot of time on the data transfer, causing users to complain frequently and the data is not synchronized.

(3)無法統一授權管理使用者權限，或權限管理層次過於簡略，大幅影響系統的安全性及未來發展。 (3) It is impossible to uniformly authorize and manage user rights, or the level of authority management is too simple, which greatly affects the security and future development of the system.

(4)無法利用原有的分散資源，產生出新價值。 (4) It is impossible to use the original scattered resources to generate new value.

(5)受到地理位置限制，硬體資源分散各地，佈署以客戶為主的服務操作，及小額收費的困難，即使有良好的商業模式，也因成本考量難以實現。 (5) Due to geographical restrictions, the distribution of hardware resources, the deployment of customer-oriented service operations, and the difficulty of small fees, even if there is a good business model, it is difficult to achieve due to cost considerations.

有鑑於上述習知之問題，本發明的目的在於提供一種兩階段角色授權之資訊服務付費系統及其單權杖被動式異質整合方法，用以解決習知技術中所面臨之問題。 In view of the above-mentioned problems, an object of the present invention is to provide a two-stage role authorization information service payment system and a single-single passive heterogeneous integration method for solving the problems faced by the prior art.

基於上述目的，本發明係提供一種資訊服務付費系統，係包含乙太網路供電模組、無線射頻識別模組、中央存取控制模組及分層授權身分辨識模組。乙太網路供電模組供電予資訊服務付費系統。無線射頻識別模組連結乙太網路供電模組，且對應使用者卡片取得卡片資訊。中央存取控制模組連結乙太網路供電模組及無線射頻識別模組，且對應卡片資訊產生授權資訊。分層授權身分辨識模組連結乙太網路供電模組及中央存取控制模組，且對應授權資訊提供至少一服務項目。 Based on the above objective, the present invention provides an information service payment system, which comprises an Ethernet power supply module, a radio frequency identification module, a central access control module, and a layered authorized identity recognition module. The Ethernet power supply module supplies power to the information service payment system. The RFID module is connected to the Ethernet power supply module, and the card information is obtained corresponding to the user card. The central access control module is coupled to the Ethernet power supply module and the radio frequency identification module, and generates authorization information corresponding to the card information. The layered authorized identity identification module is coupled to the Ethernet power supply module and the central access control module, and provides at least one service item corresponding to the authorization information.

較佳地，資訊服務付費系統更可包含觸控互動主題式模組，其連結乙太網路供電模組、中央存取控制模組及分層授權身分辨識模組，且對應授權資訊及所提供之至少一服務項目顯示操作介面，操作介面包含複數個語系選項及複數個介面主題選項。 Preferably, the information service payment system further comprises a touch interactive theme module, which is connected to the Ethernet power supply module, the central access control module and the layered authorized identity identification module, and corresponds to the authorization information and the location. At least one service item is provided to display an operation interface, and the operation interface includes a plurality of language options and a plurality of interface theme options.

較佳地，資訊服務付費系統更可包含語音導引服務模組，連結乙太網路供電模組及觸控互動主題式模組，且依據使用者所選之複數個語系選項中的其中一個提供對應之導覽語音。 Preferably, the information service payment system further comprises a voice guidance service module, which is connected to the Ethernet power supply module and the touch interactive theme module, and is based on one of a plurality of language options selected by the user. Provide a corresponding navigation voice.

較佳地，資訊服務付費系統更可包含列印模組，其連結乙太網路供電模組，且對應使用者操作至少一服務項目所產生列印訊號而進行列印作業。 Preferably, the information service payment system further includes a printing module that is connected to the Ethernet power supply module and performs a printing operation corresponding to the printing signal generated by the user operating at least one service item.

較佳地，資訊服務付費系統更可包含智慧判斷模組及中央處理模組，智慧判斷模組連結乙太網路供電模組及中央存取控制模組，其對應授權資訊產生列表清單，且依據列表清單及使用者所選之繳款項目產生帳務資料，中央處理模組連結乙太網路供電模組、無線射頻識別模組及智慧判斷模組，且與銀行端定時批次溝通，中央處理模組依據卡片資訊及帳務資料進行付款作業，且對應產生列印訊號。 Preferably, the information service payment system further includes a smart judgment module and a central processing module, and the smart judgment module is connected to the Ethernet power supply module and the central access control module, and the corresponding authorization information generates a list of the list, and The account processing data is generated according to the list of the list and the payment item selected by the user, and the central processing module is connected to the Ethernet power supply module, the radio frequency identification module and the smart judgment module, and communicates with the bank terminal. The central processing module performs payment operations based on the card information and the accounting information, and correspondingly generates a printing signal.

基於上述目的，本發明再提供一種單權杖被動式異質整合方法，適用於資訊服務付費系統，單權杖被動式異質整合方法包含下列步驟：依據使用者識別碼、使用者密碼及異質亂數產生拋棄式權杖；被動開啟遠端異質系統，且檢查是否帶入使用者識別碼及拋棄式權杖；對應帶入使用者識別碼及拋棄式權杖，傳送剖析後之授權資訊至遠端異質系統，且據以判斷拋棄式權杖之有效性；對應具有有效性之拋棄式權杖取得登入資訊；以及依據登入資訊進行遠端異質系統之操作。 Based on the above object, the present invention further provides a passive heterogeneous integration method for a single scepter, which is suitable for an information service payment system. The method for passive heterogeneous integration of a single scepter comprises the following steps: discarding based on a user identification code, a user password, and a heterogeneous random number Type scepter; passively open the remote heterogeneous system, and check whether the user identification code and the disposable scepter are brought in; correspondingly bring in the user identification code and the disposable scepter, and transmit the analyzed authorization information to the remote heterogeneous system. And determining the validity of the abandoned scepter; obtaining the login information corresponding to the discarding scepter with validity; and performing the operation of the remote heterogeneous system according to the login information.

較佳地，單權杖被動式異質整合方法更可包含下列步驟：依據使用者個資回傳至少一身分角色以供使用者選擇；依據二階段角色授權機制，對應使用者所選之身分角色，產生角色存取控制清單；以對話期 間緩存角色存取控制清單而產生存取控制列表物件；檢查存取控制列表物件是否授權；以及對應授權之存取控制列表物件啟動遠端異質系統。 Preferably, the single-single passive heterogeneous integration method further comprises the following steps: returning at least one identity role according to the user's personal resources for the user to select; according to the two-stage role authorization mechanism, corresponding to the user's selected identity role, Generate a list of role access controls; Cache the role access control list to generate an access control list object; check if the access control list object is authorized; and the corresponding authorized access control list object initiates the remote heterogeneous system.

較佳地，單權杖被動式異質整合方法更可包含下列步驟：在第一階段授權，透過限制特定使用者或群組對應存取控制清單進行授權；以及在第二階度授權，透過驗證身分角色產生角色存取控制清單。 Preferably, the single token passive heterogeneous integration method further comprises the steps of: authorizing in the first phase, authorizing the access control list by restricting the specific user or group; and authorizing the authentication in the second degree. The role generates a list of role access controls.

承上所述，本發明之兩階段角色授權之資訊服務付費系統及其單權杖被動式異質整合方法具有下列優點： As described above, the information service payment system authorized by the two-stage role of the present invention and its passive weight heterogeneous integration method have the following advantages:

(1)集中管理異質系統：集中管理分散在各地之異質系統，容易提升管理效率並掌控使用者的使用權限，客戶端安全也受到政策規範的保護，並且適時地提供個人化的服務。 (1) Centralized management of heterogeneous systems: centralized management of heterogeneous systems scattered throughout the country, easy to improve management efficiency and control user access rights, client security is also protected by policy norms, and timely provision of personalized services.

(2)解決異質系統資料不一致問題：以多樣態的資料庫連結形式確保資料同步。 (2) Solving the inconsistency of heterogeneous system data: Ensure data synchronization in a variety of database links.

(3)MVC模組載入制度化：以MVC模組型式整合不同來源的系統，可隨時移植模組至其他系統，將可提供更多客製化組合。 (3) Institutionalization of MVC module loading: Integrating different sources of systems with MVC modules, you can migrate modules to other systems at any time, and will provide more customized combinations.

(4)分進合擊的彈性設計：因支援跨主機整合不同程式語言開發的系統，幾乎不用改寫原有系統下，各自擅長不同程式語言發展專業系統，並可以混合方式展現同一子系統概念，因此可依據不同客戶需求快速完成設計。 (4) Flexible design of the split-and-click attack: Because it supports systems developed by integrating different programming languages across hosts, it is almost unnecessary to rewrite the original system, each specializes in different programming languages to develop professional systems, and can display the same subsystem concept in a mixed manner. The design can be completed quickly according to different customer needs.

(5)新舊系統無縫接軌：在新舊系統上可相互同步不同格式資料，無須重新開發系統，可增加異質系統整合的效率並節省開發的成本。 (5) Seamless integration of new and old systems: Different formats can be synchronized with each other on new and old systems. There is no need to redevelop the system, which can increase the efficiency of heterogeneous system integration and save development costs.

(6)以一個低成本方式進行資訊整合，由企業提供許多異質專業系統組織成全方位服務，讓使用者在安全機制下，透過中央控制系統，創建一套 異質企業資源規劃(HERP)系統，有別於受制於傳統ERP廠商，可自由開發或尋覓外包專業系統，然後輕易整合起來。 (6) Integrating information in a low-cost way, providing a variety of heterogeneous professional systems to provide a full range of services, allowing users to create a set of security systems through a central control system. The heterogeneous enterprise resource planning (HERP) system, unlike the traditional ERP vendors, is free to develop or find outsourcing professional systems and then easily integrate them.

100‧‧‧資訊服務付費系統 100‧‧‧Information Service Payment System

110‧‧‧乙太網路供電模組 110‧‧‧Ethernet Power Supply Module

120‧‧‧無線射頻識別模組 120‧‧‧radio frequency identification module

130‧‧‧中央存取控制模組 130‧‧‧Central Access Control Module

140‧‧‧分層授權身分辨識模組 140‧‧‧Layered Authorized Identity Identification Module

150‧‧‧觸控互動主題式模組 150‧‧‧Touch interactive theme module

160‧‧‧語音導引服務模組 160‧‧‧Voice Guide Service Module

170‧‧‧列印模組 170‧‧‧Printing module

180‧‧‧智慧判斷模組 180‧‧‧Smart Judgment Module

190‧‧‧中央處理模組 190‧‧‧Central Processing Module

200‧‧‧銀行端 200‧‧‧Bank side

S41至S45‧‧‧步驟 S41 to S45‧‧‧ steps

第1圖係為本發明之資訊服務付費系統之第一方塊圖。 Figure 1 is a first block diagram of the information service payment system of the present invention.

第2圖係為本發明之資訊服務付費系統之第二方塊圖。 Figure 2 is a second block diagram of the information service payment system of the present invention.

第3圖係為本發明之資訊服務付費系統之智慧判斷小額付費流程圖。 Figure 3 is a flow chart of the smart judgment micropayment of the information service payment system of the present invention.

第4圖係為本發明之單權杖被動式異質整合方法之流程圖。 Figure 4 is a flow chart of the passive heterogeneous integration method of the single scepter of the present invention.

第5圖係為本發明之單權杖被動式異質整合方法之被動式權杖來進行驗證及授權流程圖。 Figure 5 is a flow chart of the passive token of the passive heterogeneous integration method of the single-scepter of the present invention for verification and authorization.

第6圖係為本發明之單權杖被動式異質整合方法之HTML5之postMessage溝通機制流程圖。 Figure 6 is a flow chart of the HTML5 postMessage communication mechanism of the single-single passive heterogeneous integration method of the present invention.

第7圖係為本發明之單權杖被動式異質整合方法之兩階段ACL角色授權流程圖。 Figure 7 is a flow chart of the two-stage ACL role authorization of the single-single passive heterogeneous integration method of the present invention.

為利貴審查員瞭解本發明之特徵、內容與優點及其所能達成之功效，茲將本發明配合圖式，並以實施例之表達形式詳細說明如下，而其中所使用之圖式，其主旨僅為示意及輔助說明書之用，未必為本發明實施後之真實比例與精準配置，故不應就所附之圖式的比例與配置關係解讀、侷限本發明於實際實施上的權利範圍。 The features, contents, and advantages of the present invention, as well as the advantages thereof, will be understood by the present invention. The present invention will be described in detail with reference to the accompanying drawings. The use of the present invention is not intended to be a limitation of the scope of the present invention, and the scope of the present invention is not limited by the scope and configuration of the accompanying drawings.

本發明之優點、特徵以及達到之技術方法將參照例示性實施例及所附圖式進行更詳細地描述而更容易理解，且本發明或可以不同形式來實現，故不應被理解僅限於此處所陳述的實施例，相反地，對所屬技術領域具有通常 知識者而言，所提供的實施例將使本揭露更加透徹與全面且完整地傳達本發明的範疇，且本發明將僅為所附加的申請專利範圍所定義。 The advantages and features of the present invention, as well as the technical methods of the present invention, are described in more detail with reference to the exemplary embodiments and the accompanying drawings, and the present invention may be implemented in various forms and should not be construed as limited thereby. The embodiments stated by the premises, on the contrary, have the usual The scope of the present invention will be more fully and fully conveyed by those skilled in the art, and the present invention will be limited only by the scope of the appended claims.

請參閱第1圖，其係為本發明之資訊服務付費系統之第一方塊圖。如圖所示，本發明之資訊服務付費系統100包含了乙太網路供電(Power over Ethernet,PoE)模組110、無線射頻識別(Radio Frequency Identification,RFID)模組120、中央存取控制模組130及分層授權身分辨識模組140。 Please refer to FIG. 1 , which is a first block diagram of the information service payment system of the present invention. As shown in the figure, the information service payment system 100 of the present invention comprises a Power over Ethernet (PoE) module 110, a Radio Frequency Identification (RFID) module 120, and a central access control module. The group 130 and the hierarchical authorization identity identification module 140.

乙太網路供電模組110供電予資訊服務付費系統100中的各模組；其中，通過POE供電技術驅動如觸控平板電腦、黑白鐳射印表機、RFID讀卡機、USB擴充卡、熱感印表機等，以無所不在的供電方式整合多項軟硬體資源，建構一個通用性服務機制，只要使用一般網路線就可以擴大服務範圍的限制。 The Ethernet power supply module 110 supplies power to each module in the information service payment system 100; among them, the POE power supply technology drives a touch tablet computer, a black and white laser printer, an RFID card reader, a USB expansion card, and a hot Sensing printers, etc., integrate multiple software and hardware resources with ubiquitous power supply, and construct a universal service mechanism. As long as the general network route is used, the service scope limit can be expanded.

無線射頻識別模組120連結乙太網路供電模組110，且對應使用者卡片取得卡片資訊；其中，透過RFID辨識技術取得使用者卡片資訊，經由授權模組及中央處理系統模組，進行的資料驗證消費扣款及其他服務。為增進使用效率，因此必須讓第一次使用的人也能快速熟悉操作方法，進入該頁面時，學生資訊服務付費系統會根據使用者在首頁選擇的語言來朗讀對應語言的「請放上學生證來登入系統」之語音，並且在頁面左邊會利用刷卡動畫來增強教學效果。 The RFID module 120 is connected to the Ethernet power supply module 110, and obtains card information corresponding to the user card; wherein the user identification information is obtained through the RFID identification technology, and is performed by the authorization module and the central processing system module. Data verification of consumer deductions and other services. In order to improve the efficiency of use, it is necessary to let the first-time users quickly familiarize themselves with the operation method. When entering this page, the student information service payment system will read the corresponding language according to the language selected by the user in the homepage. The voice of the login system is used, and the card animation is used on the left side of the page to enhance the teaching effect.

中央存取控制模130組連結乙太網路供電模組110及無線射頻識別模組120，且對應卡片資訊產生授權資訊。 The central access control module 130 is connected to the Ethernet power supply module 110 and the radio frequency identification module 120, and generates authorization information corresponding to the card information.

分層授權身分辨識模組140連結乙太網路供電模組110及中央存取控制模組130，且對應授權資訊提供至少一服務項目；其中，資訊服務付費系統透過中央存取控制模組授權，依據特定的身份及群組，允許使用不同的服務項目，例如：成績查詢可使用學生證或教師證登入。亦可辨識出同時具有多項身份的卡片，例：同時具有教師資格與職員資格的教職員，可使用教師的成績查詢與職員的簽退系統兩種不同身份之服務。 The layered authorized identity identification module 140 is coupled to the Ethernet power supply module 110 and the central access control module 130, and provides at least one service item corresponding to the authorization information; wherein the information service payment system is authorized by the central access control module Different service items are allowed depending on the specific identity and group. For example, the result inquiry can be logged in using a student ID or teacher ID. It is also possible to identify cards that have multiple identities at the same time. For example, a faculty member who has both teacher qualifications and staff qualifications can use the teacher's grade query and the employee's signature system to serve two different identities.

請參閱第2圖，其係為本發明之資訊服務付費系統之第一方塊圖。如圖所示，資訊服務付費系統100更可包含觸控互動主題式模組150，其連結乙太網路供電模組110、中央存取控制模組130及分層授權身分辨識模組140，且對應授權資訊及所提供之至少一服務項目顯示操作介面，操作介面包含複數個語系選項及複數個介面主題選項；其中，觸控互動主題式模組150以混合圖形網頁面之跨域溝通，產生高安全性且一致性操作介面，使用簡單操作流程，利用觸控螢幕特性，讓使用者可以清楚了解操作流程。系統界面會直接影響使用者對於服務的感受，個人化介面能夠提升使用者滿意度。因此介面上採用，使用者自定主題的模式，讓使用者依照自己喜好設定系統介面。為了將服務拓展更廣，另提供多國語系來供使用者選擇操作，使用者可以選取中文或英文。各個語言的文字透過外部的xml儲存，可在不重新編譯程式的情況下修改文字內容，亦可新增其他國家語言，例：日語、韓語。 Please refer to FIG. 2, which is a first block diagram of the information service payment system of the present invention. As shown in the figure, the information service payment system 100 further includes a touch interactive theme module 150, which is connected to the Ethernet power supply module 110, the central access control module 130, and the layered authorized identity recognition module 140. And corresponding to the authorization information and the at least one service item display operation interface, the operation interface includes a plurality of language options and a plurality of interface theme options; wherein the touch interactive theme module 150 communicates across the domain of the mixed graphic webpage. Produce a highly secure and consistent interface, use a simple operating process, and use the touch screen features to give users a clear understanding of the operational process. The system interface directly affects the user's perception of the service, and the personalized interface can improve user satisfaction. Therefore, the interface is adopted by the user, and the user-defined theme mode allows the user to set the system interface according to his or her preference. In order to expand the service more widely, a multi-language system is also available for the user to select and operate, and the user can select Chinese or English. The text of each language can be stored in an external xml, and the text content can be modified without recompiling the program. Other languages can be added, for example, Japanese and Korean.

資訊服務付費系統100更可包含語音導引服務模組160，連結乙太網路供電模組110及觸控互動主題式模組150，且依據使用者所選之複數個語系選項中的其中一個提供對應之導覽語音；其中，使用者進入系 統每一頁面就會自動以具國籍使用語音來提醒使用者要如何操作。例如：當使用者將卡片靠近登入的頁面時系統就會語音朗讀「請問XXX是否要登入系統」。本發明語音使用真人朗讀來錄製語音，或使用文字轉語音技術產生語音。 The information service payment system 100 further includes a voice guidance service module 160, which is connected to the Ethernet power supply module 110 and the touch interactive theme module 150, and is based on one of a plurality of language options selected by the user. Providing a corresponding navigation voice; wherein the user enters the system Each page will automatically use the voice to remind the user how to operate. For example, when the user approaches the card to the login page, the system will read the voice "Do you want to log in to the system?" The speech of the present invention uses human voice reading to record speech, or uses text-to-speech technology to generate speech.

資訊服務付費系統110更可包含列印模組170，其連結乙太網路供電模組110，且對應使用者操作至少一服務項目所產生列印訊號而進行列印作業；其中，列印模組170提供遠距與本地多重自動列印切換的服務，例如可由一台本地端個人化資訊服務付費系統上，操作歷年成績單、班級排名證明或歷年嘉獎證明等輸入，但指定由遠距端個人化資訊服務付費系統印出。 The information service payment system 110 further includes a printing module 170, which is connected to the Ethernet power supply module 110, and performs a printing operation corresponding to the printing signal generated by the user operating at least one service item; wherein, the printing mode Group 170 provides remote and local multi-automatic printing switching services, such as input from a local-end personalized information service payment system, operating calendar transcripts, class ranking certificates or calendar awards, but specified by the telephoto end The personalized information service payment system is printed.

資訊服務付費系統110更可包含智慧判斷模組180及中央處理模組190，智慧判斷模組180連結乙太網路供電模組110及中央存取控制模組130，其對應授權資訊產生列表清單，且依據列表清單及使用者所選之繳款項目產生帳務資料，中央處理模組190連結乙太網路供電模組110、無線射頻識別模組120及智慧判斷模組180，且與銀行端200定時批次溝通，中央處理模組190依據卡片資訊及帳務資料進行付款作業，且對應產生列印訊號。再由上述之列印模組依據列印訊號進行列印。 The information service payment system 110 further includes a smart judgment module 180 and a central processing module 190. The smart judgment module 180 is connected to the Ethernet power supply module 110 and the central access control module 130, and the corresponding authorization information generation list is generated. And the accounting data is generated according to the list of the list and the payment item selected by the user, and the central processing module 190 is connected to the Ethernet power supply module 110, the radio frequency identification module 120, and the smart judgment module 180, and the bank The terminal 200 communicates with the batch batch, and the central processing module 190 performs the payment operation according to the card information and the account information, and correspondingly generates the printing signal. Then, the above printing module prints according to the printing signal.

承上述，本發明主要目的是為了實作物聯網感測端(資訊服務站)，除了蒐集卡片交易資料外，另外跨主機匯集校務系統資料，如收集師生進出活動紀錄或各項會議或活動簽到記錄等，經由異質企業資源規劃(HERP)系統進行安全日誌授權分析，提供各種資訊及金融的預知型服務。目前已發展出的小額扣款列印服務外，還可查詢、登記、繳款等多功 能類型之服務，更可智慧判斷使用者服務需求並提前通知。其著重在以PoE的供電方式遠距佈署硬體設備之整合技術，採兩階段角色授權及其單權杖被動式異質整合方法提供更智慧的付款服務，最後針對各種安全性因素設立部署技術。 In view of the above, the main purpose of the present invention is to provide a network-connected sensing terminal (information service station), in addition to collecting card transaction data, and collecting information on the school system across the host, such as collecting student and student activity records or meetings or events. Check-in records, etc., through the heterogeneous enterprise resource planning (HERP) system for security log authorization analysis, providing a variety of information and financial predictive services. At present, it has developed a small amount of deduction and printing services, and can also query, register, pay, etc. The type of service can more intelligently judge the user's service needs and notify in advance. It focuses on the integrated technology of remotely deploying hardware devices using PoE's power supply mode. It adopts two-stage role authorization and its single-scepter passive heterogeneous integration method to provide smarter payment services, and finally sets up deployment technologies for various security factors.

舉例而言，本發明可跟餐廳原有的各項服務進行深度配合，藉由資訊服務付費系統之付款服務進行遠端個人化點餐與付費並經由智慧判斷模組提供使用者何時取餐、建議菜單、行動取餐代號QRCODE等智慧服務。 For example, the present invention can cooperate with the original services of the restaurant in depth, and use the payment service of the information service payment system to perform remote personalized ordering and payment, and provide the user when to take the meal through the smart judgment module. Suggested menu, action take meal code QRCODE and other smart services.

更詳細地說，其更可包含下列服務：智慧付款：透過身份辨識，顯示出該使用者需要繳交的款項。例如：A學生在資訊服務付費系統登記了某一活動，此活動需要300元報名費，此時系統就會提示該學生餘額是否足夠繳款。 In more detail, it can also include the following services: Smart Payment: Through identification, it shows the amount the user needs to pay. For example, A student registers an activity in the information service payment system. This activity requires a registration fee of 300 yuan. At this time, the system will prompt whether the student's balance is sufficient for payment.

智慧餘額查詢：資訊服務付費系統可依據感應卡片上的資料提供智慧查詢餘額功能。 Smart Balance Inquiry: The information service payment system can provide smart inquiry balance function based on the information on the sensor card.

智慧地圖導引：開啟地圖可依據使用者感應的地點顯示地圖位置，例如：在商城應用上，可告知使用者位於何樓層及過去在此樓層偏好的商店及活動紀錄。 Smart Map Guide: Open the map to display the map location according to the location sensed by the user. For example, on the mall application, the user can be informed of the floor and the store and activity records that were preferred on this floor.

活動紀錄與智慧查詢：資訊服務付費系統可作為各式活動紀錄，例如：開會紀律、上下班缺勤記錄、房間的門禁紀錄等透過資訊服務付費系統與後台查詢分析過去資訊提供使用者建議，例如：在學生出缺勤記錄上，查詢出缺勤記錄既與校務系統連結並依據學生學習狀況提示建議改善，有助於減少學生曠課率。 Activity Record and Wisdom Enquiry: The information service payment system can be used as a record of various activities, such as meeting discipline, absenteeism records, room access control records, etc., through the information service payment system and background query analysis of past information to provide user suggestions, such as: On the student's absence record, the absence of the absence record is linked to the school administration system and suggested to improve according to the student's learning status, which helps to reduce the student absenteeism rate.

智慧商品租借服務：提供商品租借服務並依據租借規定及時間智慧提醒歸還時間及規定項目。例如：應用在圖書館借書上，學生在借書後沒有在規定時間內歸還，該學生的一些服務就會受到限制，雖然系統會立即通知該學生且告知尚有餘額是否直接扣除，免除學生必須當場付費及提升使用者滿意度。 Smart Merchandise Lease Service: Provides merchandise rental services and reminds you of the return time and required items based on the rental rules and time wisdom. For example, if the application is borrowed from the library and the student does not return it within the specified time after borrowing the book, some services of the student will be restricted, although the system will immediately notify the student and inform whether the remaining balance is directly deducted, exempting the student. Pay on the spot and increase user satisfaction.

遠距與本地多重自動列印：提供遠距與本地多重自動列印的服務，並可以大幅縮短作業時間，同時解決等待問題。例如：在學校學生可透過各資訊服務付費系統扣款列印成績單，並選擇指定地點領取。 Remote and local multiple automatic printing: Provides remote and local multiple automatic printing services, and can greatly shorten the working time while solving the waiting problem. For example, students at school can deduct a transcript from each information service payment system and choose a designated place to pick it up.

補充一提的是，本發明可具有資訊服務付費系統功能擴充服務，資訊服務付費系統的服務項目可採APP應用程式集的方式，允許後續維護的開發者在不重新編譯系統的情況下，透過編輯外部xml檔案擴充新服務。擴充方式採用C#與web的混合技術，維護的開發人員透過HTML技術就能設計擴充項目的頁面，使用HTML設計界面除了有快速開發與高度彈性的優勢外，也利於可以整合異質系統的服務至資訊服務付費系統當中。 In addition, the present invention may have an information service payment system function expansion service, and the information service payment system service item may adopt an APP application program set manner, allowing developers of subsequent maintenance to pass through without recompiling the system. Edit the external xml file to expand the new service. The expansion method adopts the hybrid technology of C# and web. The maintenance developers can design the pages of the expansion project through HTML technology. In addition to the advantages of rapid development and high flexibility, the HTML design interface is also conducive to the integration of heterogeneous system services to information. Among the service payment systems.

承上述，擴充服務如下所示：資訊服務付費系統編號：每一台資訊服務付費系統都有獨特的編號，可用於記錄與debug。 In view of the above, the expansion services are as follows: Information Service Payment System Number: Each information service payment system has a unique number that can be used for recording and debugging.

顯示訊息方塊：使用javascript原生的alert()函數來顯示網頁訊息，對於使用者觀感會大大扣分，因此提供API來顯示資訊站原生訊息方塊。 Display message box: Use javascript's native alert() function to display webpage messages, which will greatly deduct the user's perception. Therefore, an API is provided to display the information station's native message box.

交易安全防呆機制：當進行扣款時，為了安全性系統並非直接扣款，而是透過中央處理系統(CPS)與銀行溝通，傳入扣款金額及帳務資訊，待交易完成後再將額外封裝的資料解開顯示資訊參數。 Transaction security foolproof mechanism: When the deduction is made, the security system is not directly deducted, but communicates with the bank through the Central Processing System (CPS), the amount of the debit and the account information are transmitted, and the transaction will be completed after the transaction is completed. The extra packaged data unpacks the display information parameters.

彈出式鍵盤：基於安全性及便利性，資訊站並不提供實體鍵盤，但某些場合還是需要使用者輸入資料，因此發展專用虛擬鍵盤，其中還包含三種鍵盤：英數鍵盤、英文鍵盤、數字鍵盤。 Pop-up keyboard: Based on security and convenience, the information station does not provide a physical keyboard, but in some occasions users still need to input data, so the development of a dedicated virtual keyboard, which also contains three kinds of keyboard: English keyboard, English keyboard, digital keyboard.

朗讀特定語音：讓學生資訊服務付費系統到存放語音的資料夾中朗讀特定檔名的語音，該檔案不存在，則不做任何事情。 Read a specific voice: Let the student information service payment system read the voice of a specific file name in the folder where the voice is stored. If the file does not exist, nothing will be done.

自動登出：資訊服務付費系統超過30秒沒有操作就會顯示「登出倒數」，超過60秒沒有操作就會自動登出帳號，可以避免有使用者忘記登出而被冒用身份進行不當操作。 Automatic logout: If the information service payment system does not operate for more than 30 seconds, it will display “Logout Countdown”. If there is no operation for more than 60 seconds, the account will be automatically logged out, which can prevent users from forgetting to log out and be fraudulently used for improper operation. .

系統參數維護：後序維護人員可以在不修改原始碼重新編譯系統的情況下，透過外部的xml來修改學生資訊服務付費系統的設定值，可避免不同硬體設備造成使用者體驗有所落差。例1：CPU運算能力較差的設備，藉由拉長切換頁面的動畫時間，以彌補運算時間，可有效提升使用者滿意度。例2：螢幕較大的設備，藉由增加解析度，讓使用者得到與其他資訊服務付費系統一致的體驗。可設定的項目包含：系統解析度、動畫時間、自動登出秒數、交易持續秒數、讀卡靈敏度、訊息視窗顏色等等...。 System parameter maintenance: The post-order maintenance personnel can modify the setting value of the student information service payment system through the external xml without re-compiling the original code to avoid the user experience difference caused by different hardware devices. Example 1: A device with poor CPU computing power can effectively improve user satisfaction by lengthening the animation time of the page to compensate for the computing time. Example 2: Devices with larger screens, by increasing the resolution, give users the same experience as other information service payment systems. Items that can be set include: system resolution, animation time, automatic logout seconds, transaction duration seconds, card reading sensitivity, message window color, and more.

請參閱第3圖，其係為本發明之資訊服務付費系統之智慧判斷小額付費流程圖。如圖所示，本發明可透過中央處理系統，將使用者付 款卡片裡的帳務資料經處理後，與後台智慧判斷模組及銀行端定時批次溝通，並進行提供列印、付費、查詢餘額等服務。 Please refer to FIG. 3, which is a smart payment micropayment flow chart of the information service payment system of the present invention. As shown, the present invention can be paid by the user through a central processing system. After the accounting information in the card is processed, it communicates with the background smart judgment module and the bank-timed batch, and provides services such as printing, payment, and check balance.

(1)交易前確認餘額：現今電子票證付款，大多採用餘額足夠就直接扣款的機制，往往是扣款完成後才知道卡片剩餘多少錢，然而資訊站屬於自動化服務，因此在交易前智慧判斷使用者剩餘的餘額及本身須付款項目，讓付款的過程更自動化及人性化。 (1) Confirmation of balance before transaction: Most of the current electronic ticket payment is based on the mechanism that the balance is sufficient to directly deduct the payment. It is often known that the card remains after the deduction is completed. However, the information station is an automated service, so it is judged before the transaction. The remaining balance of the user and the payment item itself make the payment process more automated and user-friendly.

(2)交易中定時批次溝通：基於安全性，進入交易中，就會透過中央處理系統與銀行模組進入安全定時批次溝通，並將帳務資料回傳提供後續更多的智慧判斷。 (2) Timed batch communication in the transaction: Based on security, when entering the transaction, the central processing system and the bank module will enter the secure timed batch communication, and the accounting data will be returned to provide more follow-up wisdom judgment.

(3)交易完成再次確認：讓使用者再次確認交易前餘額、交易金額與交易後餘額，並透過智慧判斷模組建議引導結束操作。 (3) Re-confirmation of transaction completion: Let the user reconfirm the pre-transaction balance, transaction amount and post-transaction balance, and recommend the guidance to end the operation through the wisdom judgment module.

其中，付費交易安全性部署機制部分係所有的交易過程都必須同時滿足以下三項條件，才能執行扣款以強化及確保帳務資料交易的安全性，從採購的特定讀卡機(硬體)，接著將每台設備設置專屬的KEY(軟體)，最後設立伺服器認可的IP(網路)。且其採指定規格之硬體設備，例如：讀卡機裡面必須有特定晶片才可進行交易；在資訊站嵌入每台設備專屬的KEY(採用RES非對稱式加密)；在伺服器後台加入設備的使用權限，並給予每台資訊站專屬固定IP；系統使用SQLite記錄使用者的每一項操作，可用於錯誤追蹤，或使用者習性分析。記錄於本機端，因此就算是網路出現問題也不會中斷日誌的記錄。為了避免重要資訊外洩，因此不會記錄使用者密碼之類的敏感資訊；為避免傳輸資料過程中被攔截封包，或是有人利用偽造IP來盜取資料，因此資訊站與後台伺服器傳遞的所有資訊 皆有加密，採用RSA與AES混合加密，且只有特定的IP來源有權限與後台進行溝通。 Among them, the payment transaction security deployment mechanism is partly that all transaction processes must meet the following three conditions in order to execute the deduction to strengthen and ensure the security of the accounting data transaction, from the purchase of a specific card reader (hardware) Then, set each device to a dedicated KEY (software), and finally set up a server-approved IP (network). And it adopts the hardware equipment of the specified specifications. For example, the card reader must have a specific chip to be traded; the KEY of each device is embedded in the information station (using RES asymmetric encryption); the device is added in the background of the server. Permissions and give each kiosk a dedicated fixed IP; the system uses SQLite to record each of the user's actions, which can be used for error tracking, or user habit analysis. Recorded on the local side, so even if there is a problem with the network, the log will not be interrupted. In order to avoid leakage of important information, sensitive information such as user passwords are not recorded; in order to avoid interception of packets during data transmission, or if someone uses fake IP to steal data, the information station and the background server pass All information All are encrypted, using RSA and AES hybrid encryption, and only specific IP sources have the right to communicate with the background.

請參閱第4圖，其係為本發明之單權杖被動式異質整合方法之流程圖。如圖所示，本發明之單權杖被動式異質整合方法，適用於上述之資訊服務付費系統，單權杖被動式異質整合方法包含下列步驟： Please refer to FIG. 4, which is a flow chart of the passive heterogeneous integration method of the single-scepter of the present invention. As shown in the figure, the passive heterogeneous integration method of the single-scepter of the present invention is applicable to the above-mentioned information service payment system, and the single-scepter passive heterogeneous integration method comprises the following steps:

在步驟S41：依據使用者識別碼、使用者密碼及異質亂數產生拋棄式權杖。 In step S41, a discarding token is generated according to the user identification code, the user password, and the heterogeneous random number.

在步驟S42：被動開啟遠端異質系統，且檢查是否帶入使用者識別碼及拋棄式權杖。 In step S42: the remote heterogeneous system is passively turned on, and it is checked whether the user identification code and the disposable token are brought in.

在步驟S43：對應帶入使用者識別碼及拋棄式權杖，傳送剖析後之授權資訊至遠端異質系統，且據以判斷拋棄式權杖之有效性。 In step S43: correspondingly bringing in the user identification code and the disposable token, transmitting the parsed authorization information to the remote heterogeneous system, and judging the validity of the discarded token.

在步驟S44：對應具有有效性之拋棄式權杖取得登入資訊。 In step S44, the login information is obtained corresponding to the discarding token with validity.

在步驟S45：依據登入資訊進行遠端異質系統之操作。 In step S45, the operation of the remote heterogeneous system is performed according to the login information.

更詳細地說，本發明運用了： In more detail, the present invention utilizes:

(1)拋棄式權杖技術：以單次用完即丟之權杖，附掛於原有異質軟體載點，由中央存取控制之個人化選單被動地在本地端啟動遠端異質軟體實現本地整合操作介面。拋棄式權杖為一組經過加密雜湊的函數，內容包含使用者為一識別ID、使用者登入密碼及異質亂數，而異質亂數則透過每次授權後產生新的亂數，形成用完即丟之權杖機制。然而個人化選單被動地在本地端啟動遠端異質軟體，則是將遠端異質軟體網址URL、使用者ID、拋棄式權杖及異質亂數以http的格式串接起來，再由使用者去執行。 (1) Disposable scepter technology: the scepter that is thrown away in a single use, attached to the original heterogeneous software loading point, and the personalized menu of central access control passively activates the remote heterogeneous software at the local end. Local integrated operation interface. The discarding token is a set of encrypted hash function, the content includes the user ID, the user login password and the heterogeneous random number, and the heterogeneous random number is generated by using a new random number after each authorization. That is, the mechanism of the scepter. However, if the personalized menu passively launches the remote heterogeneous software on the local end, the URL of the remote heterogeneous software URL, the user ID, the discarding token and the heterogeneous random number are concatenated in the format of http, and then the user goes. carried out.

(2)被動式Token驗證機制：如第5圖所示，使其在不同系統間接進行溝通，進一步達到異質系統整合的特質，然而因各自採用不同的開發技術、系統架構等，在系統整合上的成本較高，為了減低異質系統間整合的成本，本發明提出採用被動式權杖來進行驗證及授權，各系統間之身分驗證均透過中央存取控制系統進行登入驗證並動態產生存取權杖附掛於原有異質軟體載點，當使用者執行個人化選單既啟動遠端異質系統，透過內置框架(iFrame)被動開啟遠端異質系統並檢查是否帶入權杖及使用者ID，若無則被導向原系統驗證流程，若有則送出HTTP請求給授權中心驗證模組，驗證權杖之有效性並取得該使用者的必要登入資訊，然後將授權資訊(JSON格式)經剖析後傳送至遠端異質系統並判斷驗證權杖是否為有效，若為有效就可取得登入者之身分及各項個人資料並依該資料進行各項操作功能。 (2) Passive Token verification mechanism: As shown in Figure 5, it communicates indirectly in different systems to further achieve the characteristics of heterogeneous system integration. However, due to different development technologies and system architectures, system integration is adopted. The cost is relatively high. In order to reduce the cost of integration between heterogeneous systems, the present invention proposes to use a passive token to perform verification and authorization. The identity verification between the systems is verified by the central access control system and the access token is dynamically generated. Hanging on the original heterogeneous software load point, when the user performs a personalized menu, the remote heterogeneous system is activated, and the remote heterogeneous system is passively opened through the built-in frame (iFrame) and checked whether the token and the user ID are brought in, if not Oriented to the original system verification process, if any, send an HTTP request to the authorization center verification module, verify the validity of the token and obtain the necessary login information of the user, and then transfer the authorization information (JSON format) to the far End heterogeneous system and determine whether the verification token is valid. If it is valid, the identity of the login person and each personal data can be obtained and Materials for various operational functions.

(3)跨網域訊息傳遞技術：如第6圖所示，跨系統間之整合，除開發技術不同外，也存在部署於不同主機、網域的可能。舊系統在整合上若需要重新開發前端頁面亦是一大成本，雖然可採用內置框架(iFrame)方式來嵌入被整合端的各式網頁(ASP,PHP,JSP…)，但在網頁瀏覽器中跨網域之網頁是無法互相存取資源，以致難以深度整合。本發明以HTML5中postMessage溝通機制來解決跨網域訊息傳遞問題，並於主網站建立事件監聽器，傾聽內置框架中之網頁傳出之各項事件。例如當高度發生變動時，立即透過前述之溝通機制向父框架站台推送事件訊息，用以告知高度發生變化，並由父框架程式動態變更內置框架之高度，同時將該頁面之網頁卷軸隱藏，使其猶如相同的框架頁面一般。此外，若網站需採用覆蓋整 頁面式彈跳視窗、光箱效果(LightBox)，或其他需要控制整體網頁之效果，就會因執行於內置框架中而導致效果只呈像在框架區域，產生非預期的效果。有鑑於此，基於前述之事件傳遞機制，於父框架設置多項應用程式介面(Application Programming Interface,API)以供內置框架頁面呼叫，透過該介面之呼叫即可保有原有之安全性，又控制原本無法跨網域存取的父框架網站。 (3) Cross-domain messaging technology: As shown in Figure 6, cross-system integration, in addition to different development technologies, may also be deployed in different hosts and domains. If the old system needs to re-develop the front-end page in the integration, it is also a big cost. Although the built-in framework (iFrame) can be used to embed all kinds of web pages (ASP, PHP, JSP...) on the integrated side, but in the web browser Web pages on the domain cannot access each other's resources, making it difficult to integrate deeply. The invention solves the cross-domain message transmission problem by using the postMessage communication mechanism in HTML5, and establishes an event listener on the main website to listen to various events transmitted from the webpage in the built-in framework. For example, when the height changes, the event message is immediately pushed to the parent frame station through the aforementioned communication mechanism to notify the height of the change, and the height of the built-in frame is dynamically changed by the parent frame program, and the page scroll of the page is hidden. It's like the same frame page. In addition, if the website needs to cover the whole Page-style bounce windows, lightbox effects (LightBox), or other effects that require control of the overall web page, can be effected in the frame area due to execution in the built-in frame, producing unintended effects. In view of the above, based on the foregoing event delivery mechanism, a plurality of application programming interfaces (APIs) are set in the parent framework for the built-in frame page call, and the original security can be maintained through the call of the interface, and the original control is maintained. Parent frame sites that cannot be accessed across domains.

續言之，單權杖被動式異質整合方法更可包含下列步驟：依據使用者個資回傳至少一身分角色以供使用者選擇。 In other words, the single-scepter passive heterogeneous integration method may further include the following steps: returning at least one identity role according to the user's personal resources for the user to select.

依據二階段角色授權機制，對應使用者所選之身分角色，產生角色存取控制清單。 According to the two-stage role authorization mechanism, a role access control list is generated corresponding to the identity role selected by the user.

以對話期間緩存角色存取控制清單而產生存取控制列表物件。 The access control list object is generated by caching the role access control list during the session.

檢查存取控制列表物件是否授權。 Check if the access control list object is authorized.

對應授權之存取控制列表物件啟動遠端異質系統。 The remote access heterogeneous system is initiated by the corresponding authorized access control list object.

以及，進一步包含下列步驟：在第一階段授權，透過限制特定使用者或群組對應存取控制清單進行授權。 And, further comprising the steps of: authorizing in the first phase, by restricting the access control list corresponding to a specific user or group.

在第二階度授權，透過驗證身分角色產生角色存取控制清單。 In the second degree of authorization, a role access control list is generated by verifying the identity role.

請參閱第7圖，其係為本發明之單權杖被動式異質整合方法之兩階段ACL角色授權流程圖。如圖所示，兩階段ACL角色授權機制(Access Control List,ACL)用以管控使用者的安全機制，當使用者登入時，中央存取控制中心會 依據個資回傳身分角色(例如：主任、組長)供選擇，接著依據選擇的單一角色進行兩階段授權。 Please refer to FIG. 7 , which is a flow chart of the two-stage ACL role authorization of the single-single passive heterogeneous integration method of the present invention. As shown in the figure, the two-stage ACL role authorization mechanism (ACL) is used to control the security mechanism of the user. When the user logs in, the central access control center will According to the personal return role (for example: director, team leader) for selection, and then a two-stage authorization based on the selected single role.

在第一階段授權，透過中央存取控制中心所產生的限制特定使用者或群組對應存取控制清單進行授權。此階段的角色為目標角色又分為職務角色(role)、任務角色(task)。職務角色為制度上所設定之角色，任務角色(task)則為任務型，可隨時新增且可設定權限時限，當時限一到立即自動取消權限。接著透過前段權限攔截模組，驗證後產生目標角色存取控制清單完成第一階段授權。舉例，若想限制特定使用者角色如主任讀取某個程式功能，就可以建立設定一個特定的角色及功能對應表並套用到存取控制清單即可。 In the first phase of authorization, the authorization is restricted by the specific access control list generated by the central access control center. The role of this stage is divided into the role role (role) and the task role (task). The role role is the role set in the system, the task role (task) is task-type, can be added at any time and can set the permission time limit, the time limit is automatically canceled immediately. Then, through the previous permission interception module, after verification, the target role access control list is generated to complete the first stage authorization. For example, if you want to restrict a specific user role, such as the director reading a program function, you can create a specific role and function correspondence table and apply the access control list.

在第二階段授權，透過尾段權限攔截模組驗證特徵角色產生最終的角色存取控制清單，其特徵角色以JSON格式，主要因為此格式兼容性很高可處理多重複雜限制，定義如下：[{“key”：“value”,“key”：“value”},{“key”：“value”}……]，每個大括號內代表一個物件，以逗號代表邏輯的且(AND)，大括號間的逗號代表邏輯的或(OR)，key都代表特一群組，而value則代表此一群組對應之項目。這機制甚至可以情境方式深入至個別使用者或特定群組，例如各部門因多重角色，可能出現重複角色的複雜情形，在本ACL授權機制下只需在第二階段設置情境特權既可區分開複雜的需求。舉例，若想限制特定使用者角色如主任加上特定單位如人事室且僅在特定IP上讀取某個程式功能，只須將特徵角色JSON設定成[{"角色"："主任","單位"："人事室","IP"："120.114.222.123"}]。 In the second phase of authorization, the feature role is generated through the tail segment permission interception module to generate the final role access control list. The feature role is in JSON format, mainly because the format compatibility is high, and multiple complex constraints can be handled, as defined below: {"key": "value", "key": "value"}, {"key": "value"}......], each braces represents an object, with a comma representing logical and (AND), The comma between the braces represents a logical OR, the key represents a special group, and the value represents the item corresponding to this group. This mechanism can even be drilled down to individual users or specific groups in a situational manner. For example, in various departments, multiple roles may have complex situations in which duplicate roles may occur. Under this ACL authorization mechanism, it is only necessary to set context privilege in the second phase. Complex needs. For example, if you want to restrict a specific user role such as a director plus a specific unit such as a personnel room and only read a program function on a specific IP, you only need to set the feature role JSON to [{"role": "director", " Unit ":" Personnel Room", "IP": "120.114.222.123"}].

經過兩階段ACL角色授權後，透過權限授權模組將角色存取控制清單以對話期間緩存，此本地緩衝之ACL全域物件除了供中央存取控制模組檢 查ACL外，還可防止大量存取資料庫影響效能。接著當使用者執行選單功能URL，需經過中央存取控制模組驗證本地緩衝之ACL全域物件授權來判斷啟動遠端異質系統或重置轉向。 After the two-stage ACL role is authorized, the role access control list is cached during the session through the rights authorization module. The local buffered ACL global object is provided for the central access control module. In addition to checking ACLs, it also prevents a large number of access databases from affecting performance. Then, when the user executes the menu function URL, the central access control module is required to verify the local buffered ACL global object authorization to determine whether to start the remote heterogeneous system or reset the steering.

承上所述，本發明之兩階段角色授權之資訊服務付費系統及其單權杖被動式異質整合方法具有下列優點： As described above, the information service payment system authorized by the two-stage role of the present invention and its passive weight heterogeneous integration method have the following advantages:

(1)集中管理異質系統：集中管理分散在各地之異質系統，容易提升管理效率並掌控使用者的使用權限，客戶端安全也受到政策規範的保護，並且適時地提供個人化的服務。 (1) Centralized management of heterogeneous systems: centralized management of heterogeneous systems scattered throughout the country, easy to improve management efficiency and control user access rights, client security is also protected by policy norms, and timely provision of personalized services.

(2)解決異質系統資料不一致問題：以多樣態的資料庫連結形式確保資料同步。 (2) Solving the inconsistency of heterogeneous system data: Ensure data synchronization in a variety of database links.

(3)MVC模組載入制度化：以MVC模組型式整合不同來源的系統，可隨時移植模組至其他系統，將可提供更多客製化組合。 (3) Institutionalization of MVC module loading: Integrating different sources of systems with MVC modules, you can migrate modules to other systems at any time, and will provide more customized combinations.

(4)分進合擊的彈性設計：因支援跨主機整合不同程式語言開發的系統，幾乎不用改寫原有系統下，各自擅長不同程式語言發展專業系統，並可以混合方式展現同一子系統概念，因此可依據不同客戶需求快速完成設計。 (4) Flexible design of the split-and-click attack: Because it supports systems developed by integrating different programming languages across hosts, it is almost unnecessary to rewrite the original system, each specializes in different programming languages to develop professional systems, and can display the same subsystem concept in a mixed manner. The design can be completed quickly according to different customer needs.

(5)新舊系統無縫接軌：在新舊系統上可相互同步不同格式資料，無須重新開發系統，可增加異質系統整合的效率並節省開發的成本。 (5) Seamless integration of new and old systems: Different formats can be synchronized with each other on new and old systems. There is no need to redevelop the system, which can increase the efficiency of heterogeneous system integration and save development costs.

(6)以一個低成本方式進行資訊整合，由企業提供許多異質專業系統組織成全方位服務，讓使用者在安全機制下，透過中央控制系統，創建一套異質企業資源規劃(HERP)系統，有別於受制於傳統ERP廠商，可自由開發或尋覓外包專業系統，然後輕易整合起來。 (6) Integrating information in a low-cost way, providing a variety of heterogeneous professional systems to provide a full range of services, allowing users to create a heterogeneous enterprise resource planning (HERP) system through a central control system under security mechanisms. Unlike traditional ERP vendors, they are free to develop or find outsourced professional systems and then easily integrate them.

以上所述之實施例僅係為說明本發明之技術思想及特點，其目的在使熟習此項技藝之人士能夠瞭解本發明之內容並據以實施，當不能以之限定本發明之專利範圍，即大凡依本發明所揭示之精神所作之均等變化或修飾，仍應涵蓋在本發明之專利範圍內。 The embodiments described above are merely illustrative of the technical spirit and the features of the present invention, and the objects of the present invention can be understood by those skilled in the art, and the scope of the present invention cannot be limited thereto. That is, the equivalent variations or modifications made by the spirit of the present invention should still be included in the scope of the present invention.

Claims (6)

一種資訊服務付費系統，係包含：一乙太網路供電模組，係供電予該資訊服務付費系統；一無線射頻識別模組，係連結該乙太網路供電模組，且對應一使用者卡片取得一卡片資訊；一中央存取控制模組，係連結該乙太網路供電模組及該無線射頻識別模組，且對應該卡片資訊產生一授權資訊；一分層授權身分辨識模組，係連結該乙太網路供電模組及該中央存取控制模組，且對應該授權資訊提供至少一服務項目；以及一智慧判斷模組及中央處理模組，該智慧判斷模組係連結該乙太網路供電模組及該中央存取控制模組，係對應該授權資訊產生一列表清單，且依據該列表清單及使用者所選之一繳款項目產生一帳務資料，該中央處理模組係連結該乙太網路供電模組、該無線射頻識別模組及該智慧判斷模組，且與一銀行端定時批次溝通，該中央處理模組係依據該卡片資訊及該帳務資料進行付款作業，且對應產生一列印訊號。 An information service payment system includes: an Ethernet power supply module that supplies power to the information service payment system; a radio frequency identification module that connects the Ethernet power supply module and corresponds to a user The card obtains a card information; a central access control module connects the Ethernet power supply module and the radio frequency identification module, and generates an authorization information corresponding to the card information; and a layered authorized identity recognition module Connecting the Ethernet power supply module and the central access control module, and providing at least one service item corresponding to the authorization information; and a smart judgment module and a central processing module, the smart judgment module is connected The Ethernet power supply module and the central access control module generate a list of the information corresponding to the authorization information, and generate a billing data according to the list of the list and the payment item selected by the user, the central The processing module is connected to the Ethernet power supply module, the radio frequency identification module and the smart judgment module, and communicates with a bank terminal timing batch, and the central processing module is based on The card information and billing information for payment operations, and correspondingly generates a print signal. 如申請專利範圍第1項所述之資訊服務付費系統，其更包含一觸控互動主題式模組，係連結該乙太網路供電模組、該中央存取控制模組及該分層授權身分辨識模組，且對應該授權資訊及所提供之該至少一服務項目顯示一操作介面，該操作介面係包含複數個語系選項及複數個介面主題選項。 For example, the information service payment system described in claim 1 further includes a touch interactive theme module that connects the Ethernet power supply module, the central access control module, and the layered authorization. The identity recognition module displays an operation interface corresponding to the authorization information and the at least one service item provided, and the operation interface includes a plurality of language options and a plurality of interface theme options. 如申請專利範圍第2項所述之資訊服務付費系統，其更包含一語音導引服務模組，係連結該乙太網路供電模組及該觸控互動主題式 模組，且依據使用者所選之該複數個語系選項中的其中一個提供對應之導覽語音。 For example, the information service payment system described in claim 2 further includes a voice guidance service module, which is connected to the Ethernet power supply module and the touch interactive theme. The module provides a corresponding navigation voice according to one of the plurality of language options selected by the user. 如申請專利範圍第1項所述之資訊服務付費系統，其更包含一列印模組，係連結該乙太網路供電模組，且對應使用者操作該至少一服務項目所產生一列印訊號而進行列印作業。 The information service payment system of claim 1, further comprising a printing module, which is connected to the Ethernet power supply module, and corresponding to the user operating the at least one service item to generate a printed signal number. Print the job. 一種單權杖被動式異質整合方法，適用於一資訊服務付費系統，該單權杖被動式異質整合方法係包含下列步驟：依據一使用者識別碼、一使用者密碼及一異質亂數產生一拋棄式權杖；被動開啟一遠端異質系統，且檢查是否帶入該使用者識別碼及該拋棄式權杖；對應帶入該使用者識別碼及該拋棄式權杖，傳送剖析後之一授權資訊至該遠端異質系統，且據以判斷該拋棄式權杖之有效性；對應具有有效性之該拋棄式權杖取得一登入資訊；以及依據該登入資訊進行該遠端異質系統之操作；其中，更包含下列步驟：依據一使用者個資回傳至少一身分角色以供使用者選擇；依據二階段角色授權機制，對應使用者所選之該身分角色，產生一角色存取控制清單；以對話期間緩存該角色存取控制清單而產生一存取控制列表物件；檢查該存取控制列表物件是否授權；以及 對應授權之存取控制列表物件啟動該遠端異質系統。 A method for passive heterogeneous integration of a single-scepter for an information service payment system, the method for passive heterogeneous integration of the single-scepter includes the following steps: generating a discard based on a user identification code, a user password, and a heterogeneous random number a scepter; passively opening a remote heterogeneous system, and checking whether the user identification code and the disposable scepter are brought in; correspondingly bringing in the user identification code and the disposable scepter, transmitting one of the authorized information after parsing Up to the remote heterogeneous system, and determining the validity of the disposable token; obtaining the login information corresponding to the discarding token having validity; and performing the operation of the remote heterogeneous system according to the login information; The method further includes the following steps: returning at least one identity role according to a user identity for the user to select; according to the two-stage role authorization mechanism, generating a role access control list corresponding to the identity role selected by the user; Caching the role access control list during the session to generate an access control list object; checking whether the access control list object is authorized; The remote access heterogeneous system is initiated by the corresponding authorized access control list object. 如申請專利範圍第5項所述之單權杖被動式異質整合方法，其更包含下列步驟：在第一階段授權，透過限制特定使用者或群組對應存取控制清單進行授權；以及在第二階度授權，透過驗證該身分角色產生該角色存取控制清單。 The method of passive heterogeneous integration of the single-scepter as described in claim 5, further comprising the steps of: authorizing in the first stage, authorizing the access control list by restricting the specific user or group; and A metric authorization that generates the role access control list by verifying the identity role.