TWI695608B - Mobile network address based verification system and method thereof - Google Patents

Mobile network address based verification system and method thereof Download PDF

Info

Publication number
TWI695608B
TWI695608B TW108121608A TW108121608A TWI695608B TW I695608 B TWI695608 B TW I695608B TW 108121608 A TW108121608 A TW 108121608A TW 108121608 A TW108121608 A TW 108121608A TW I695608 B TWI695608 B TW I695608B
Authority
TW
Taiwan
Prior art keywords
verification
kyc
result
mobile network
network address
Prior art date
Application number
TW108121608A
Other languages
Chinese (zh)
Other versions
TW202101950A (en
Inventor
林崇頤
林晉賢
張繼軒
邱華洲
Original Assignee
中華電信股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中華電信股份有限公司 filed Critical 中華電信股份有限公司
Priority to TW108121608A priority Critical patent/TWI695608B/en
Application granted granted Critical
Publication of TWI695608B publication Critical patent/TWI695608B/en
Publication of TW202101950A publication Critical patent/TW202101950A/en

Links

Images

Landscapes

  • Mobile Radio Communication Systems (AREA)

Abstract

The present disclosure provides a mobile network address based verification system and method thereof. The method includes: receiving the verification data input by the user, and generating and initiating a Know your customer (KYC) verification request; receiving the KYC verification request; obtaining a mobile network address associated with the mobile device; and directing the mobile network address and the user's verification data to the telecommunications ISP data interface; generating the KYC verification result according to the result code; adding a time stamp to the KYC verification result, and generating a verification result token.

Description

基於行動網路位址之核實系統及其方法Verification system and method based on mobile network address

本發明是有關於一種核實系統及其方法,且特別是有關於一種基於行動網路位址之認識你的客戶(Know your customer,KYC)核實系統及其方法。The present invention relates to a verification system and method, and in particular to a know your customer (KYC) verification system and method based on mobile network addresses.

雖然透過金融科技(Fintech)可在金融服務上提供更便利更即時的使用者體驗,但相較於傳統臨櫃申辦的作業方式,因無法直接面對客戶進行身分資料審查,當操作金融服務之線上(非臨櫃)申辦作業流程中,會需要使用者進行KYC核實以確認是否真實為其所宣稱之身分,藉此降低身分冒用之資安風險。Although Fintech can provide a more convenient and more real-time user experience in financial services, compared with the traditional way of bidding, because of the inability to directly check the customer's identity data, when operating financial services In the online (non-counter-counter) bidding process, users will be required to perform KYC verification to confirm whether they are actually their claimed identity, thereby reducing the security risk of identity fraud.

目前在金融服務廣泛使用簡訊一次性密碼(One Time Password,OTP)技術來驗證用戶輸入的話號是否真實為本人之話號。然而,美國國家標準技術研究所(National Institute of Standards and Technology,NIST)在2016年發表的「數位身分認證指南」(NIST SP 800-63, Digital Authentication Guideline)中指出簡訊OTP技術主要有兩個安全性問題:(1)、透過電信通訊基礎發送之簡訊可能存在被轉導到攻擊者行動裝置上之風險;以及(2)、使用者行動裝置上可能被安裝木馬程式攔截簡訊OTP內容,導致驗證資訊外洩。因此,不建議使用簡訊技術來辨識使用者身份。At present, one-time password (OTP) technology is widely used in financial services to verify whether the number entered by the user is actually his own number. However, the National Institute of Standards and Technology (NIST) published in 2016 the "Digital Authentication Guide" (NIST SP 800-63, Digital Authentication Guideline) pointed out that the SMS OTP technology mainly has two security Sexual issues: (1) The text message sent through the telecommunications communication base may have the risk of being redirected to the attacker's mobile device; and (2) The user's mobile device may be installed with a Trojan horse to intercept the text message OTP content, resulting in verification Information leakage. Therefore, it is not recommended to use SMS technology to identify users.

習用技術曾提到應用服務可透過一資料保管中心提供客戶識別驗證來符合KYC需求之概念,使用者先於一行動裝置上產生並顯示一組識別碼(如:QR碼)並提供給一應用服務,該應用服務再利用使用者識別碼向資料保管中心取回對應之客戶識別資訊,若應用服務判定該客戶識別資訊足以滿足需要之KYC驗證需求,則允許使用者執行其所提供之申辦作業。然而,若有惡意人士透過拍照或截圖功能取得他人行動裝置所顯示之識別碼畫面,並於KYC過程中出示被害者的識別碼,將可能成功利用被害者識別碼取回被害者之客戶識別資訊,最終導致被害者的身分被盜用。Conventional technology has mentioned that application services can provide customer identification verification through a data storage center to meet the concept of KYC requirements. The user first generates and displays a set of identification codes (such as a QR code) on a mobile device and provides it to an application. Service, the application service uses the user identification code to retrieve the corresponding customer identification information from the data storage center. If the application service determines that the customer identification information is sufficient to meet the required KYC verification requirements, the user is allowed to perform the bid operation provided by the user . However, if a malicious person obtains the identification code screen displayed by another person's mobile device through the photo or screenshot function, and presents the victim's identification code during the KYC process, the victim's identification code may be successfully used to retrieve the victim's customer identification information , Eventually leading to the victim’s identity being misappropriated.

習用技術曾提到利用一資料發行模組依據認證請求分別產生第一身分資料及第二身分資料,接著利用一話號反查模組將該第一身分資料進行解密以取得SIM卡所對應之電話話碼及一第一時戳,最後再利用一身分核實模組接收由應用服務伺服器所傳送的SIM卡所對應之電話話碼、該驗證資料及該第二身分資料並進行資料比對及驗證。然而,由於該技術將驗證資料送至身分核實模組進行比對及驗證之前,需要先分別透過資料發行模組及話號反查模組的前置資料交換作業取得對應第一身分資料、第二身分資料、及電話話碼,若前置資料交換作業過程多次資料來回傳輸之等待時間過長,可能延長整體身分核實作業的執行時間。Conventional technology once mentioned that a data issuance module is used to generate the first identity data and the second identity data respectively according to the authentication request, and then the first identity data is decrypted using a speech number reverse search module to obtain the corresponding SIM card. Phone code and a first timestamp, and finally use an identity verification module to receive the phone code corresponding to the SIM card sent by the application service server, the verification data and the second identity data and compare the data And verification. However, because the technology sends verification data to the identity verification module for comparison and verification, it is necessary to obtain the corresponding first identity data and 2. For the identity data and phone code, if the waiting time for multiple data transmission back and forth during the pre-data exchange operation is too long, the execution time of the overall identity verification operation may be extended.

由此可見,上述習用方式仍有諸多缺失,實非一良善之設計,而亟待加以改良。It can be seen that there are still many deficiencies in the above-mentioned idiomatic methods, which is not a good design and needs to be improved urgently.

有鑑於此,本發明提供一種基於行動網路位址之核實系統及其方法,其可用以解決上述技術問題。In view of this, the present invention provides a verification system and method based on mobile network addresses, which can be used to solve the above technical problems.

本發明提供一種基於行動網路位址之核實系統,包含發起端及一KYC核實作業端。發起端向一行動裝置端提供一遠端操作介面以接收使用者輸入的一核實資料,再將核實資料進行組合以產生一認識你的客戶(Know Your Customer,KYC)核實請求,並經由行動裝置端連結之電信網際網路服務供應商(Internet Service Provider,ISP)行動網路發起KYC核實請求。KYC核實作業端經配置以:接收KYC核實請求;取得關聯於行動裝置端的一行動網路位址;將行動網路位址以及使用者的核實資料分流至電信ISP資料介接端,其中電信ISP資料介接端基於行動網路位址以及核實資料回傳一結果代碼;依結果代碼判斷以產生一KYC核實結果;將KYC核實結果加上一時間戳記,並加密以產製一核實結果符記並回傳給發起端。The invention provides a verification system based on a mobile network address, including an initiator and a KYC verification operator. The initiator provides a remote operation interface to a mobile device to receive verification data input by the user, and then combines the verification data to generate a Know Your Customer (KYC) verification request, and passes the mobile device The mobile Internet service provider (Internet Service Provider, ISP) mobile network that initiated the connection initiates a KYC verification request. The KYC verification operation terminal is configured to: receive the KYC verification request; obtain a mobile network address associated with the mobile device side; distribute the mobile network address and user verification data to the telecommunication ISP data interface, in which the telecommunication ISP The data interface returns a result code based on the mobile network address and verification data; judge according to the result code to generate a KYC verification result; add a time stamp to the KYC verification result, and encrypt to produce a verification result token And pass it back to the initiator.

本發明提供一種基於行動網路位址之核實方法,包含:由一發起端向一行動裝置端提供一遠端操作介面以接收使用者輸入的一核實資料,再將核實資料進行組合以產生一KYC核實請求,並經由行動裝置端連結之電信ISP行動網路發起KYC核實請求;由一KYC核實作業端接收KYC核實請求;由KYC核實作業端取得關聯於行動裝置端的一行動網路位址;由KYC核實作業端將行動網路位址以及使用者的核實資料分流至一電信ISP資料介接端,其中電信ISP資料介接端基於行動網路位址以及核實資料回傳一結果代碼;由KYC核實作業端依結果代碼判斷以產生一KYC核實結果;由KYC核實作業端將KYC核實結果加上一時間戳記,並加密以產製一核實結果符記並回傳給發起端。The invention provides a verification method based on a mobile network address, which includes: providing a remote operation interface to a mobile device from an initiator to receive a verification data input by a user, and then combining the verification data to generate a KYC verification request, and initiate a KYC verification request through the telecommunication ISP mobile network connected to the mobile device; a KYC verification operator receives the KYC verification request; KYC verification operator obtains a mobile network address associated with the mobile device; The KYC verification operator distributes the mobile network address and user verification data to a telecom ISP data interface, where the telecom ISP data interface returns a result code based on the mobile network address and verification data; by The KYC verification operation terminal judges according to the result code to generate a KYC verification result; the KYC verification operation terminal adds a time stamp to the KYC verification result and encrypts it to produce a verification result token and sends it back to the initiator.

基於上述,本發明提供一種基於行動網路位址之KYC核實系統及其方法,其主要目的在於,經由電信ISP行動網路發起KYC核實請求,並利用於行動網路封包擷取電信ISP動態配發之行動網路位址進行KYC核實驗證,於使用者透過行動裝置操作線上申辦服務時,提供更安全、更便利、更即時之KYC核實機制。Based on the above, the present invention provides a KYC verification system and method based on a mobile network address. Its main purpose is to initiate a KYC verification request via a telecommunication ISP mobile network and use it to capture the telecom ISP dynamic configuration through a mobile network packet. The mobile network address issued by KYC verification and verification provides a safer, more convenient and more real-time KYC verification mechanism when users operate online bidding services through mobile devices.

為讓本發明的上述特徵和優點能更明顯易懂,下文特舉實施例,並配合所附圖式作詳細說明如下。In order to make the above-mentioned features and advantages of the present invention more obvious and understandable, the embodiments are specifically described below in conjunction with the accompanying drawings for detailed description as follows.

請參照圖1,其是依據本發明之一實施例繪示的核實系統示意圖。如圖1所示,核實系統100包括電信ISP行動網路101、發起端110、行動裝置端120、電信ISP資料介接端130及KYC核實作業端140。Please refer to FIG. 1, which is a schematic diagram of a verification system according to an embodiment of the present invention. As shown in FIG. 1, the verification system 100 includes a telecommunications ISP mobile network 101, an initiator 110, a mobile device 120, a telecommunications ISP data interface 130, and a KYC verification operator 140.

發起端110為線上申辦服務供應商(如:網路銀行)提供之伺服器,主要目的是發起KYC核實請求來確認使用者身分資料真實性。行動裝置端120為可連結至電信ISP行動網路101的智慧型手機、桌上型電腦、筆記型電腦、平板電腦或個人數位助理,並可存取發起端110提供之遠端操作介面。The originating terminal 110 is a server provided by an online bidding service provider (such as an internet bank), and its main purpose is to initiate a KYC verification request to confirm the authenticity of user identity data. The mobile device terminal 120 is a smart phone, desktop computer, notebook computer, tablet computer or personal digital assistant that can be connected to the telecommunication ISP mobile network 101, and can access the remote operation interface provided by the initiator 110.

電信ISP資料介接端130為由一電信ISP提供之伺服器,主要目的是介接電信ISP內部之電信行動網址與話號反查資料庫131以及電信用戶登錄資料庫132進行資料比對並回傳結果代碼。The telecommunications ISP data interface 130 is a server provided by a telecommunications ISP. The main purpose is to interface the telecommunications mobile website and the telephone number anti-check database 131 within the telecommunications ISP and the telecommunications user login database 132 for data comparison and return Pass the result code.

KYC核實作業端140為KYC核實服務供應商提供之伺服器,主要目的是接收KYC核實請求並從行動網路封包擷取行動網路位址後進行KYC核實作業。如圖1所示,KYC核實作業端140可包括KYC核實請求接收模組141、行動網路位址擷取模組142、電信ISP分流模組143、核實結果判斷模組144、核實結果符記產製模組145以及核實結果符記驗證模組146。The KYC verification operation terminal 140 is a server provided by the KYC verification service provider. The main purpose is to receive the KYC verification request and retrieve the mobile network address from the mobile network packet to perform the KYC verification operation. As shown in FIG. 1, the KYC verification operation terminal 140 may include a KYC verification request receiving module 141, a mobile network address acquisition module 142, a telecommunications ISP distribution module 143, a verification result judgment module 144, and a verification result token Production module 145 and verification result signature verification module 146.

在本發明的實施例中,核實系統100可執行基於行動網路位址之核實方法,以完成對於行動裝置端101的KYC核實操作,以下將作進一步說明。In the embodiment of the present invention, the verification system 100 can perform a verification method based on the mobile network address to complete the KYC verification operation on the mobile device 101, as will be described further below.

請參照圖2,其是依據本發明之一實施例繪示的基於行動網路位址之核實方法流程圖。本實施例的方法可由圖1的核實系統100執行,以下即搭配圖1的內容來說明圖2各步驟的細節。Please refer to FIG. 2, which is a flowchart of a verification method based on a mobile network address according to an embodiment of the present invention. The method of this embodiment may be executed by the verification system 100 of FIG. 1, and the details of each step of FIG. 2 will be described below in conjunction with the content of FIG. 1.

首先,在步驟S210中,發起端110可向行動裝置端120提供遠端操作介面以接收使用者輸入的核實資料A410,再將核實資料A410進行組合以產生KYC核實請求D1,並經由行動裝置端120連結之電信ISP行動網路101發起KYC核實請求D1。在不同的實施例中,核實資料A410可包括話號、身分證號、或生日等資料的至少其中之一,而發起端110之遠端操作介面可再將核實資料A410進行組合以產生KYC核實請求D1,但本發明可不限於此。First, in step S210, the initiator 110 may provide a remote operation interface to the mobile device 120 to receive the verification data A410 input by the user, and then combine the verification data A410 to generate a KYC verification request D1, and pass the mobile device The 120 connected telecommunications ISP mobile network 101 initiates a KYC verification request D1. In different embodiments, the verification data A410 may include at least one of data such as a phone number, identity card number, or birthday, and the remote operation interface of the initiator 110 may further combine the verification data A410 to generate KYC verification. D1 is requested, but the present invention may not be limited to this.

在步驟S220中,KYC核實作業端140可接收KYC核實請求D1。具體而言,在一實施例中,KYC核實作業端140的KYC核實請求接收模組141可用於接收發起端110的KYC核實請求D1。In step S220, the KYC verification operation terminal 140 may receive the KYC verification request D1. Specifically, in an embodiment, the KYC verification request receiving module 141 of the KYC verification operation terminal 140 may be used to receive the KYC verification request D1 from the initiator 110.

此外,在其他實施例中,KYC核實請求接收模組141還可用於發起與發起端110的介接端雙向驗證。具體而言,發起端110可進一步將動態隨機亂數字串加密以產生識別符記D2,並將識別符記D2與發起端110的識別代碼放入KYC核實請求D1中。In addition, in other embodiments, the KYC verification request receiving module 141 can also be used to initiate two-way authentication between the initiator and the initiator 110. Specifically, the initiator 110 may further encrypt the dynamic random random number string to generate the identifier D2, and put the identifier D2 and the identification code of the initiator 110 in the KYC verification request D1.

基此,在KYC核實請求接收端141接收核實請求D1之後,可從所接收的KYC核實請求D1中取得發起端110的識別代碼。之後,KYC核實請求接收端141可判定發起端110的識別代碼是否屬於白名單。若是,則KYC核實請求接收端141可判定發起端110為合法,並將所接收的KYC核實請求D1中的識別符記D2回傳至發起端110進行驗證。在一實施例中,發起端識別代碼的白名單可設定於檔案或資料庫中,若發起端識別代碼不合法,則KYC核實請求接收端141可拒絕KYC核實請求D1。Based on this, after the KYC verification request receiving terminal 141 receives the verification request D1, the identification code of the initiator 110 can be obtained from the received KYC verification request D1. After that, the KYC verification request receiver 141 can determine whether the identification code of the initiator 110 belongs to the white list. If yes, the KYC verification request receiver 141 may determine that the initiator 110 is legal, and send back the identifier D2 in the received KYC verification request D1 to the initiator 110 for verification. In one embodiment, the white list of the initiator identification code can be set in a file or database. If the initiator identification code is invalid, the KYC verification request receiver 141 can reject the KYC verification request D1.

在一實施例中,發起端110可具備驗證來自KYC核實請求接收端141的識別符記D2是否符合先前發起端110在發起KYC核實請求D1時所紀錄的識別符記D2之功能。舉例而言,在發起端110從KYC核實請求接收端141接收識別符記D2後,可對識別符記D2解密,並查詢是否符合之前KYC核實請求D1中的識別符記D2的紀錄。若有找到符合且在有效時間內之紀錄,則發起端110可回傳成功至KYC核實請求接收端141。相反地,若無任何紀錄或紀錄已經超過有效時間,則回傳失敗至KYC核實請求接收端141。如此一來,發起端110可藉由此識別符記驗證功能來確認KYC核實請求D1是否為本身所發起,避免其他惡意端點冒用自己的發起端識別代碼來發起KYC核實請求D1。In one embodiment, the initiator 110 may have a function of verifying whether the identifier D2 from the KYC verification request receiver 141 matches the identifier D2 recorded by the previous initiator 110 when the KYC verification request D1 was initiated. For example, after the initiator 110 receives the identifier D2 from the KYC verification request receiver 141, it can decrypt the identifier D2 and query whether it matches the record of the identifier D2 in the previous KYC verification request D1. If a match is found and the record is within the valid time, the initiator 110 can return the success to the KYC verification request receiver 141. Conversely, if there is no record or the record has exceeded the validity time, the return fails to the KYC verification request receiver 141. In this way, the initiator 110 can confirm whether the KYC verification request D1 is initiated by itself through this identifier verification function, so as to prevent other malicious endpoints from using their own initiator identification code to initiate the KYC verification request D1.

因此,若發起端110回傳驗證識別符記D2成功,則KYC核實請求接收端141可判定介接端雙向驗證通過,反之則可判定介接端雙向驗證失敗。Therefore, if the initiator 110 returns the verification identifier D2 successfully, the KYC verification request receiver 141 can determine that the two-way authentication of the interface is passed, otherwise it can be determined that the two-way authentication of the interface fails.

接著,在步驟S230中,KYC核實作業端140可取得關聯於行動裝置端120的行動網路位址D3。在一實施例中,KYC核實作業端140可透過行動網路位址擷取模組142解析行動裝置端120與KYC核實請求接收模組141之間的行動網路封包,並據以取得行動網路位址D3。在不同的實施例中,行動網路位址D3可包括網路識別代碼及/或主機識別代碼等資料(例如IP位址),但本發明可不限於此。Next, in step S230, the KYC verifies that the operation terminal 140 can obtain the mobile network address D3 associated with the mobile device terminal 120. In one embodiment, the KYC verification operation terminal 140 can parse the mobile network packet between the mobile device terminal 120 and the KYC verification request receiving module 141 through the mobile network address acquisition module 142, and obtain the mobile network accordingly Road address D3. In different embodiments, the mobile network address D3 may include data such as a network identification code and/or host identification code (such as an IP address), but the invention may not be limited thereto.

在步驟S240中,KYC核實作業端140可將行動網路位址D3以及使用者的核實資料A410分流至電信ISP資料介接端130。在一實施例中,KYC核實作業端140可透過電信ISP分流模組143依行動裝置端120連結之電信ISP,將行動網路位址D3以及使用者的核實資料A410分流至電信ISP資料介接端130。In step S240, the KYC verification terminal 140 can shunt the mobile network address D3 and the user verification data A410 to the telecommunications ISP data interface 130. In one embodiment, the KYC verification operation terminal 140 can distribute the mobile network address D3 and the user's verification data A410 to the telecommunications ISP data interface through the telecommunications ISP distribution module 143 connected to the telecommunications ISP of the mobile device terminal 120130。 End 130.

在一實施例中,可先建立電信ISP行動網路位址範圍之清單表,再利用該清單表來判斷行動網路位址所屬之電信ISP,或者,利用使用者核實資料中話號前綴(prefix)(例如:台灣話號前四碼)來預先判斷電信ISP,再分流至對應的電信ISP提供的電信ISP資料介接端130,但可不限於此。In one embodiment, a list of telecommunication ISP mobile network address ranges can be created first, and then the list can be used to determine the telecommunication ISP to which the mobile network address belongs, or the user can verify the prefix of the phone number in the data ( prefix) (for example: the first four digits of the Taiwanese phone number) to determine the telecommunications ISP in advance, and then shunt to the telecommunications ISP data interface 130 provided by the corresponding telecommunications ISP, but it is not limited to this.

在一實施例中,在電信ISP資料介接端130接收行動網路位址D3以及使用者的核實資料A410之後,可以行動網路位址D3反查所登錄之話號,並以此話號查詢電信用戶登錄資料,以及比對電信用戶登錄資料與所接收的核實資料A410,並依比對之多種組合結果回傳結果代碼D4。具體來說,電信ISP資料介接端130可首先可介接電信行動網址與話號反查資料庫131以行動網路位址D3反查登錄之話號,再介接電信用戶登錄資料庫132以話號查詢對應之電信用戶登錄資料,再依據查詢結果回傳結果代碼D4,但可不限於此。In an embodiment, after the telecommunication ISP data interface 130 receives the mobile network address D3 and the user's verification data A410, the mobile network address D3 may be used to check the registered phone number and use the phone number Query the telecommunication user login data, and compare the telecommunication user login data with the received verification data A410, and return the result code D4 according to the results of multiple combinations of comparison. Specifically, the telecommunication ISP data interface 130 may first interface the telecommunication mobile website and the phone number reverse search database 131 to check the registered phone number with the mobile network address D3, and then connect the telecommunication user login database 132 Query the login information of the corresponding telecommunications user by phone number, and then return the result code D4 according to the query result, but it is not limited to this.

在不同的實施例中,電信用戶登錄資料可包括話號、身分證號、生日的至少其中之一,但可不限於此。舉例而言,若話號、身分證號、生日均比對正確回傳結果代碼0;若身分證號、生日比對正確但話號比對錯誤回傳結果代碼1;若話號、生日比對正確但身分證號比對錯誤回傳結果代碼2;若話號、身分證號比對但生日比對錯誤正確回傳結果代碼3,但本發明可不限於此。In different embodiments, the telecommunication user login information may include at least one of a phone number, identity card number, and birthday, but may not be limited thereto. For example, if the phone number, ID card number, and birthday are all compared correctly, the result code 0 will be returned correctly; if the ID card number and birthday match are correct, but the phone number matching error is returned, the result code 1 will be returned; if the phone number, birthday match The result code 2 is returned for the correct but incorrect identity card number comparison; if the speech number and identity card number are matched but the birthday comparison error is correct, the result code 3 is correctly returned, but the present invention is not limited to this.

在電信ISP資料介接端130回傳結果代碼D4之後,電信ISP分流模組143可接收結果代碼D4,並提供予核實結果判斷模組144。After the telecom ISP data interface 130 returns the result code D4, the telecom ISP shunt module 143 can receive the result code D4 and provide it to the verification result judgment module 144.

之後,在步驟S250中,KYC核實作業端140可依結果代碼D4判斷以產生KYC核實結果D5。在一實施例中,KYC核實作業端140的核實結果判斷模組144可透過一結果代碼表查詢電信ISP資料介接端130所回傳的結果代碼D4之對應的KYC核實結果D5。在一實施例中,上述結果代碼表例如可以下表1的方式呈現。 結果代碼 KYC核實結果 0 通過 1 不通過 2 不通過 3 通過 4 不通過 表1 Then, in step S250, the KYC verification operation terminal 140 may determine according to the result code D4 to generate a KYC verification result D5. In one embodiment, the verification result judgment module 144 of the KYC verification operation terminal 140 can query the corresponding KYC verification result D5 of the result code D4 returned by the telecommunication ISP data interface 130 through a result code table. In an embodiment, the above result code table can be presented in the manner of Table 1 below, for example. Result code KYC verification results 0 by 1 Fail 2 Fail 3 by 4 Fail Table 1

由上表1可知,若結果代碼D4為0、3,則所對應的KYC核實結果D5可以是「通過」,而若結果代碼D4為1、2、4,則所對應的KYC核實結果D5可以是「不通過」,但本發明可不限於此。It can be seen from Table 1 above that if the result code D4 is 0, 3, the corresponding KYC verification result D5 can be "pass", and if the result code D4 is 1, 2, 4, the corresponding KYC verification result D5 can be It is "no pass", but the invention is not limited to this.

之後,在步驟S260中,KYC核實作業端140可透過核實結果符記產製模組145將KYC核實結果D5加上時間戳記,並加密以產製核實結果符記D6並回傳給發起端110。After that, in step S260, the KYC verification operation terminal 140 may add a time stamp to the KYC verification result D5 through the verification result token production module 145, and encrypt it to produce the verification result token D6 and send it back to the initiator 110 .

請參照圖3,其是依據圖1及圖2繪示的驗證核實結果符記的流程圖。在本實施例中,在發起端110接收核實結果符記D6之後,可在步驟S310中向KYC核實作業端140的實結果符記驗證模組146發起核實結果符記驗證。Please refer to FIG. 3, which is a flowchart of the verification verification result token shown in FIGS. 1 and 2. In this embodiment, after receiving the verification result token D6, the initiator 110 may initiate verification result token verification to the KYC verification result token verification module 146 of the operation terminal 140 in step S310.

在核實結果符記驗證模組146從發起端110接收核實結果符記D6後,可在步驟S311中對核實結果符記D6進行解密以取得KYC核實結果D5’及時間戳記。之後,核實結果符記驗證模組146可在步驟S312中比對KYC核實結果D5’與核實結果判斷模組146產生的KYC核實結果D5是否相同。若相同,則代表KYC核實通過,故可接續執行步驟S313,反之則代表KYC核實不通過,故可接續執行步驟S315。After the verification result token verification module 146 receives the verification result token D6 from the initiator 110, it may decrypt the verification result token D6 in step S311 to obtain the KYC verification result D5' and the time stamp. Thereafter, the verification result token verification module 146 may compare the KYC verification result D5' with the verification result judgment module 146 to determine whether the KYC verification result D5 is the same in step S312. If they are the same, it means that KYC verification is passed, so step S313 can be continued, otherwise, it means that KYC verification is not passed, so step S315 can be continued.

在步驟S313中,核實結果符記驗證模組146可檢查時間戳記是否在所設定之合法時間範圍內,若是則可執行步驟S314,以回傳結果符記驗證成功,反之則可執行步驟S315,以回傳結果符記驗證失敗。In step S313, the verification result token verification module 146 can check whether the timestamp is within the set legal time range. If so, step S314 can be executed to verify the success of the returned result token, otherwise, step S315 can be executed. Failed to verify with the return result token.

請參照圖4,其是依據本發明之一實施例繪示的核實資料示意圖。如圖4所示,本實施例的核實資料A410可包括話號、身分証號、生日等資料,但可不限於此。Please refer to FIG. 4, which is a schematic diagram of verification data according to an embodiment of the present invention. As shown in FIG. 4, the verification material A410 in this embodiment may include information such as a phone number, an identity card number, and a birthday, but it may not be limited to this.

綜上所述,本發明係揭露一種基於行動網路位址之KYC核實系統及其方法,透過發起端提供一遠端操作介面於行動裝置端接收使用者輸入之核實資料並產生KYC核實請求;經由電信ISP行動網路發起KYC核實請求;透過行動網路位址擷取模組解析行動網路封包並取得行動網路位址;透過KYC核實請求接收模組接收KYC核實請求,並與該發起端進行介接端雙向驗證;透過電信ISP分流模組將行動網路位址以及核實資料傳送至對應電信ISP提供之電信ISP資料介接端;電信ISP資料介接端比對行動網路位址及電信用戶登錄資料,並依比對之多種組合結果回傳結果代碼;透過核實結果判斷模組依結果代碼判斷以產生KYC核實結果;透過核實結果符記產製模組將KYC核實結果加上時間戳記,並加密產製核實結果符記並回傳給該發起端。In summary, the present invention discloses a KYC verification system and method based on mobile network address, which provides a remote operation interface through the initiator to receive the verification data input by the user on the mobile device and generates a KYC verification request; Initiate the KYC verification request through the telecommunication ISP mobile network; analyze the mobile network packet through the mobile network address acquisition module and obtain the mobile network address; receive the KYC verification request through the KYC verification request receiving module, and initiate The two-way authentication of the interface is carried out; the mobile network address and verification data are sent to the telecommunication ISP data interface provided by the corresponding telecommunication ISP through the telecommunication ISP shunt module; the telecommunication ISP data interface compares the mobile network address And telecommunication user login data, and return the result code according to the results of multiple combinations of comparison; judge the result code by the verification result module to generate the KYC verification result; add the KYC verification result to the production module by verifying the result code Timestamp, and encrypted production verification result sign and back to the initiator.

藉此,本發明所揭露之KYC核實方法僅限使用者在取得合法行動網路位址之行動裝置端上輸入本人核實資料才可成功通過驗證。若輸入非本人的核實資料,則因與行動網路位址查詢對應之電信用戶登錄資料比對不符,將無法通過KYC核實。相較於傳統習知技術,本發明可避免於KYC過程輸入他人核實資料產生之身分盜用問題,進而提升安全性。In this way, the KYC verification method disclosed in the present invention can only be successfully verified if the user enters the verification data on the mobile device that has obtained the legal mobile network address. If you enter non-personal verification data, the KYC verification will not be possible due to the mismatch in the registration information of the telecommunications users corresponding to the mobile network address query. Compared with the conventional technology, the present invention can avoid the identity theft problem caused by inputting the verification data of others in the KYC process, thereby improving the security.

此外,本發明基於從行動網路封包擷取電信ISP動態配發之行動網路位址進行KYC核實驗證,適用於透過行動裝置進行線上(非臨櫃)申辦服務(如:網路銀行)之操作,提供更便利的使用者體驗。In addition, the present invention is based on extracting a mobile network address dynamically allocated by a telecommunications ISP from a mobile network packet for KYC verification and verification, and is suitable for online (non-cash) bidding services (such as online banking) through mobile devices Operation, providing a more convenient user experience.

並且,本發明之KYC核實方法不需執行其他前置資料交換作業,以及不需下載儲存額外cookie、憑證、或金鑰檔案,可減少KYC核實整體流程之執行步驟及資料傳輸量,進一步提供更即時之KYC核實機制。Moreover, the KYC verification method of the present invention does not need to perform other front-end data exchange operations, and does not need to download and store additional cookies, certificates, or key files, which can reduce the execution steps and data transmission volume of the overall KYC verification process, further providing more Instant KYC verification mechanism.

雖然本發明已以實施例揭露如上,然其並非用以限定本發明,任何所屬技術領域中具有通常知識者,在不脫離本發明的精神和範圍內,當可作些許的更動與潤飾,故本發明的保護範圍當視後附的申請專利範圍所界定者為準。Although the present invention has been disclosed as above with examples, it is not intended to limit the present invention. Any person with ordinary knowledge in the technical field can make some changes and modifications without departing from the spirit and scope of the present invention. The scope of protection of the present invention shall be subject to the scope defined in the appended patent application.

100:核實系統 101:電信ISP行動網路 110:發起端 120:行動裝置端 130:電信ISP資料介接端 131:電信行動網址與話號反查資料庫 132:電信用戶登錄資料庫 140:KYC核實作業端 141:KYC核實請求接收模組 142:行動網路位址擷取模組 143:電信ISP分流模組 144:核實結果判斷模組 145:核實結果符記產製模組 146:核實結果符記驗證模組 A410:核實資料 D1:KYC核實請求 D2:識別符記 D3:行動網路位址 D4:結果代碼 D5、D5’:KYC核實結果 D6:核實結果符記 S210~S260、S310~S315:步驟 100: verification system 101: Telecom ISP mobile network 110: initiator 120: mobile device 130: Telecom ISP data interface 131: Telecommunications Mobile Website and Dialogue Database 132: Telecom user login database 140: KYC verification operation end 141: KYC verification request receiving module 142: Mobile network address acquisition module 143: Telecom ISP shunt module 144: Verification result judgment module 145: Verify the result of the production module 146: Verification result token verification module A410: Verify the information D1: KYC verification request D2: Identifier D3: Mobile network address D4: result code D5, D5’: KYC verification results D6: Verification result symbol S210~S260, S310~S315: Steps

圖1是依據本發明之一實施例繪示的核實系統示意圖。 圖2是依據本發明之一實施例繪示的基於行動網路位址之核實方法流程圖。 圖3是依據圖1及圖2繪示的驗證核實結果符記的流程圖。 圖4是依據本發明之一實施例繪示的核實資料示意圖。 FIG. 1 is a schematic diagram of a verification system according to an embodiment of the invention. 2 is a flowchart of a verification method based on mobile network addresses according to an embodiment of the invention. FIG. 3 is a flowchart of the verification verification result token shown in FIGS. 1 and 2. 4 is a schematic diagram of verification data according to an embodiment of the invention.

S210~S260:步驟 S210~S260: Steps

Claims (11)

一種基於行動網路位址之核實系統,包含:一發起端,向一行動裝置端提供一遠端操作介面以接收使用者輸入的一核實資料,再將該核實資料進行組合以產生一認識你的客戶(Know Your Customer,KYC)核實請求,並經由該行動裝置端連結之電信網際網路服務供應商(Internet Service Provider,ISP)行動網路發起該KYC核實請求;一KYC核實作業端,其包括:一KYC核實請求接收模組,接收該發起端的該KYC核實請求;一行動網路位址擷取模組,解析該行動裝置端與該KYC核實請求接收模組之間的行動網路封包,並據以取得該行動網路位址;一電信ISP分流模組,依該行動裝置端連結之電信ISP,將該行動網路位址以及該使用者的該核實資料分流至該電信ISP資料介接端,並接收該結果代碼;一核實結果判斷模組,依該電信ISP資料介接端回傳的該結果代碼判斷以產生該KYC核實結果;一核實結果符記產製模組,將該KYC核實結果加上該時間戳記,並加密以產製該核實結果符記並回傳給該發起端。 A verification system based on mobile network address includes: an initiator, providing a remote operation interface to a mobile device to receive verification data input by a user, and then combining the verification data to generate a recognition of you (Know Your Customer, KYC) verification request, and initiate the KYC verification request via the Internet Service Provider (ISP) mobile network connected to the mobile device; a KYC verification operation terminal, which Including: a KYC verification request receiving module to receive the KYC verification request from the initiator; a mobile network address retrieval module to analyze the mobile network packet between the mobile device and the KYC verification request receiving module , And accordingly obtain the mobile network address; a telecommunications ISP distribution module, according to the telecommunications ISP connected to the mobile device, the mobile network address and the user’s verified data are distributed to the telecommunications ISP data Interface, and receive the result code; a verification result judgment module, based on the result code returned by the telecommunications ISP data interface to determine the KYC verification result; a verification result that matches the production module, will The KYC verification result is added with the time stamp, and encrypted to produce the verification result token and transmitted back to the initiator. 如申請專利範圍第1項所述的核實系統,其中該KYC核實作業端更包括一核實結果符記驗證模組,且該發起端在接收該 核實結果符記後,更向該核實結果符記驗證模組發起一核實結果符記驗證;a.其中,在該核實結果符記驗證模組從該發起端接收核實結果符記後,對該核實結果符記進行解密以取得另一KYC核實結果及該時間戳記,以及比對該KYC核實結果與該核實結果判斷模組產生之該另一KYC核實結果是否相同;b.反應於該KYC核實結果相同於該核實結果判斷模組產生之該另一KYC核實結果,該核實結果符記驗證模組檢查該時間戳記是否在所設定之合法時間範圍內,若是則回傳結果符記驗證成功;c.反應於該KYC核實結果不同於該核實結果判斷模組產生之該另一KYC核實結果,或該時間戳記未在所設定之合法時間範圍內,回傳結果符記驗證失敗。 The verification system as described in item 1 of the patent application scope, wherein the KYC verification operation terminal further includes a verification result token verification module, and the initiating terminal is receiving the After the verification result token, a verification result token verification is initiated to the verification result token verification module; a. wherein, after the verification result token verification module receives the verification result token from the initiating end, Decrypt the verification result token to obtain another KYC verification result and the timestamp, and compare the KYC verification result with the verification result to determine whether the other KYC verification result generated by the module is the same; b. react to the KYC verification The result is the same as the other KYC verification result generated by the verification result judgment module. The verification result token verification module checks whether the timestamp is within the set legal time range, and if so, returns the result token verification success; c. In response to that the KYC verification result is different from the other KYC verification result generated by the verification result judgment module, or the timestamp is not within the set legal time range, the return result sign verification fails. 如申請專利範圍第1項所述的核實系統,其中該KYC核實請求接收模組更與該發起端進行一介接端雙向驗證。 The verification system as described in item 1 of the patent application scope, wherein the KYC verification request receiving module further performs a bidirectional verification of the interface with the initiator. 如申請專利範圍第3項所述的核實系統,其中該KYC核實請求包括該發起端的一識別代碼以及隨機產生的一識別符記,且該KYC核實請求接收模組執行的該介接端雙向驗證包括:d.從所接收的該KYC核實請求中取得該發起端的該識別代碼;e.判定該發起端的該識別代碼是否屬於一白名單; f.反應於該發起端的該識別代碼屬於該白名單,判定該發起端為合法,並將所接收的該KYC核實請求中的該識別符記回傳至該發起端進行驗證;g.反應於該發起端回傳驗證該識別符記成功,則判定該介接端雙向驗證通過。 The verification system as described in item 3 of the patent application scope, wherein the KYC verification request includes an identification code of the initiator and a randomly generated identifier, and the KYC verification request receives the two-way verification of the interface performed by the receiving module Including: d. Obtain the identification code of the initiator from the received KYC verification request; e. Determine whether the identification code of the initiator belongs to a white list; f. The identification code reflected in the initiator belongs to the white list, determine that the initiator is legal, and record the identifier in the KYC verification request received back to the initiator for verification; g. respond to After the initiator sends back the verification that the identifier is successful, it is determined that the interface has passed the two-way verification. 如申請專利範圍第4項所述的核實系統,其中該發起端進一步具備驗證從該KYC核實請求接收模組接收的該識別符記是否符合該發起端在發起該KYC核實請求時所紀錄的該識別符記之功能。 The verification system as described in item 4 of the patent application scope, wherein the initiating end is further provided to verify whether the identifier received from the KYC verification request receiving module matches the record recorded by the initiating end when initiating the KYC verification request The function of the identifier. 如申請專利範圍第1項所述的核實系統,其中該核實結果判斷模組進一步透過一結果代碼表查詢該電信ISP資料介接端所回傳的該結果代碼之對應的該KYC核實結果。 The verification system as described in item 1 of the patent application scope, wherein the verification result judgment module further queries the KYC verification result corresponding to the result code returned by the telecommunication ISP data interface through a result code table. 如申請專利範圍第1項所述的核實系統,其中該核實資料包括話號、身分證號、生日的至少其中之一。 The verification system as described in item 1 of the patent application scope, wherein the verification information includes at least one of a phone number, an identity card number, and a birthday. 如申請專利範圍第1項所述的核實系統,其中該電信ISP資料介接端接收該行動網路位址以及該核實資料,並在以該行動網路位址反查所登錄之話號後,以該話號查詢一電信用戶登錄資料,以及比對該電信用戶登錄資料與所接收的該核實資料,並依比對之多種組合結果回傳該結果代碼。 The verification system as described in item 1 of the patent application scope, wherein the telecommunication ISP data interface receives the mobile network address and the verification data, and after checking the registered number with the mobile network address Query the log-in information of a telecommunication user with the phone number, and compare the log-in information of the telecommunication user with the verification data received, and return the result code according to the results of multiple combinations of the comparison. 如申請專利範圍第8項所述的核實系統,其中該電信用戶登錄資料包括話號、身分證號、生日的至少其中之一。 The verification system as described in item 8 of the patent application scope, wherein the telecommunication user login information includes at least one of a phone number, an identity card number, and a birthday. 如申請專利範圍第1項所述的核實系統,其中該行動網路位址包括一網路識別代碼以及一主機識別代碼。 The verification system as described in item 1 of the patent application scope, wherein the mobile network address includes a network identification code and a host identification code. 一種基於行動網路位址之核實方法,包含:由一發起端向一行動裝置端提供一遠端操作介面以接收使用者輸入的一核實資料,再將該核實資料進行組合以產生一認識你的客戶(Know Your Customer,KYC)核實請求,並經由該行動裝置端連結之電信網際網路服務供應商(Internet Service Provider,ISP)行動網路發起該KYC核實請求;由一KYC核實作業端接收該KYC核實請求;由該KYC核實作業端取得關聯於該行動裝置端的一行動網路位址;由該KYC核實作業端將該行動網路位址以及該使用者的該核實資料分流至一電信ISP資料介接端,其中該電信ISP資料介接端基於該行動網路位址以及該核實資料回傳一結果代碼;由該KYC核實作業端依該結果代碼判斷以產生一KYC核實結果;由該KYC核實作業端將該KYC核實結果加上一時間戳記,並加密以產製一核實結果符記並回傳給該發起端。 A verification method based on mobile network address includes: providing a remote operation interface to a mobile device end from an initiating end to receive verification data input by a user, and then combining the verification data to generate a recognition of you (Know Your Customer, KYC) verification request, and initiate the KYC verification request via the Internet Service Provider (ISP) mobile network connected to the mobile device; received by a KYC verification operator The KYC verification request; the KYC verification operator obtains a mobile network address associated with the mobile device; the KYC verification operator distributes the mobile network address and the user's verification data to a telecommunication ISP data interface, wherein the telecommunications ISP data interface returns a result code based on the mobile network address and the verification data; the KYC verification operation terminal judges according to the result code to generate a KYC verification result; by The KYC verification operator adds a time stamp to the KYC verification result, and encrypts it to produce a verification result token and sends it back to the initiator.
TW108121608A 2019-06-21 2019-06-21 Mobile network address based verification system and method thereof TWI695608B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW108121608A TWI695608B (en) 2019-06-21 2019-06-21 Mobile network address based verification system and method thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW108121608A TWI695608B (en) 2019-06-21 2019-06-21 Mobile network address based verification system and method thereof

Publications (2)

Publication Number Publication Date
TWI695608B true TWI695608B (en) 2020-06-01
TW202101950A TW202101950A (en) 2021-01-01

Family

ID=72176141

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108121608A TWI695608B (en) 2019-06-21 2019-06-21 Mobile network address based verification system and method thereof

Country Status (1)

Country Link
TW (1) TWI695608B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI760811B (en) * 2020-08-07 2022-04-11 微巨行動科技股份有限公司 Time-effective and regional physical field advertising delivery method and system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7613639B1 (en) * 1999-10-18 2009-11-03 Stamps.Com Secure and recoverable database for on-line value-bearing item system
CN102640526A (en) * 2009-09-22 2012-08-15 特瑞芬恩有限公司 Subscriber identification management broker for fixed/mobile networks
US20120209733A1 (en) * 2007-10-19 2012-08-16 Ebay Inc. Unified identity verification
WO2014105853A1 (en) * 2012-12-28 2014-07-03 Identrust, Inc. Know your customer exchange system and method
US20180005239A1 (en) * 2016-06-29 2018-01-04 Paypal, Inc. Mobile devices enabling customer identity validation via central depository
TWI640189B (en) * 2017-12-25 2018-11-01 中華電信股份有限公司 System for verifying a user's identity of telecommunication certification and method thereof
TW201909013A (en) * 2017-07-14 2019-03-01 中華電信股份有限公司 System and method for identity verification and privacy protection in public blockchain

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7613639B1 (en) * 1999-10-18 2009-11-03 Stamps.Com Secure and recoverable database for on-line value-bearing item system
US20120209733A1 (en) * 2007-10-19 2012-08-16 Ebay Inc. Unified identity verification
CN102640526A (en) * 2009-09-22 2012-08-15 特瑞芬恩有限公司 Subscriber identification management broker for fixed/mobile networks
WO2014105853A1 (en) * 2012-12-28 2014-07-03 Identrust, Inc. Know your customer exchange system and method
US20180005239A1 (en) * 2016-06-29 2018-01-04 Paypal, Inc. Mobile devices enabling customer identity validation via central depository
TW201909013A (en) * 2017-07-14 2019-03-01 中華電信股份有限公司 System and method for identity verification and privacy protection in public blockchain
TWI640189B (en) * 2017-12-25 2018-11-01 中華電信股份有限公司 System for verifying a user's identity of telecommunication certification and method thereof

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI760811B (en) * 2020-08-07 2022-04-11 微巨行動科技股份有限公司 Time-effective and regional physical field advertising delivery method and system

Also Published As

Publication number Publication date
TW202101950A (en) 2021-01-01

Similar Documents

Publication Publication Date Title
US9930040B2 (en) System and method for provisioning a security token
WO2020191928A1 (en) Digital identity authentication method, device, apparatus and system, and storage medium
US11601430B2 (en) Method and system for verifying user identity
US8151326B2 (en) Using audio in N-factor authentication
CN106875173B (en) Method for authenticating transaction
US20170249633A1 (en) One-Time Use Password Systems And Methods
WO2017000829A1 (en) Method for checking security based on biological features, client and server
US8429730B2 (en) Authenticating users and on-line sites
US20140245380A1 (en) Automatic pin creation using password
US10484426B2 (en) Auto-generated synthetic identities for simulating population dynamics to detect fraudulent activity
WO2013184266A2 (en) Enhanced 2chk authentication security with query transactions
KR20130107188A (en) Server and method for authentication using sound code
US20140223185A1 (en) Action verification methods and systems
TWM595792U (en) Authorization system for cross-platform authorizing access to resources
JP2016535881A (en) Method and system for authenticating services
CN101808077A (en) Information security input processing system and method and smart card
TWI695608B (en) Mobile network address based verification system and method thereof
US20160335636A1 (en) Dual-Channel Identity Authentication Selection Device, System and Method
KR20050010430A (en) A method of authenticating users by using one time password and a system thereof
JP2003208408A (en) User authentication system, method and program, and computer-readable recording medium
TWI709097B (en) Online banking login system and method thereof
TWM599939U (en) System for identity verification
KR20090078975A (en) Method and system for user authentication using divided authentication information
TWM598987U (en) System for verifying financial service access privilege using different computer sequences
TWI755693B (en) Method for identity verification and system using the same