KR101686158B1 - Token generator, Financial transaction system and method using that token generator - Google Patents
Token generator, Financial transaction system and method using that token generator Download PDFInfo
- Publication number
- KR101686158B1 KR101686158B1 KR1020150044924A KR20150044924A KR101686158B1 KR 101686158 B1 KR101686158 B1 KR 101686158B1 KR 1020150044924 A KR1020150044924 A KR 1020150044924A KR 20150044924 A KR20150044924 A KR 20150044924A KR 101686158 B1 KR101686158 B1 KR 101686158B1
- Authority
- KR
- South Korea
- Prior art keywords
- information
- token
- counter value
- memory
- value
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3226—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
- H04L9/3228—One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key
Abstract
A financial transaction method of a financial transaction system for receiving payment information and token information from a user terminal and authenticating a financial transaction is disclosed. The financial transaction method includes: receiving, from the user terminal, token information including payment information and a counter value, a value obtained by digitally signing the counter value and a receipt account, and authorized certificate information; The server decrypts the digitally signed value in the token information, and determines whether the decrypted value matches the received counter value and the received account contained in the received counter value and the payment information, And a step in which the server completes settlement processing using the settlement information if the decrypted value, the received counter value, and the payout account included in the settlement information match, and in addition to transaction signing, By combining transactional technologies through an independent token generator, security can be enhanced without a separate security program or ActiveX.
Description
The present invention relates to a token generator that can be used in Internet commerce and Internet banking, and a financial transaction system and method using the token generator. More particularly, the present invention relates to a token generator for generating a token signal of a file type, System and method.
In general, security is very important in financial transactions such as bank transfer, remittance transaction or credit card loan.
Therefore, various security programs are installed in the user terminal for security, and an official certificate, an account password, a security card, OTP, or the like is used.
However, existing one-time passwords have been vulnerable to reuse attacks despite high security.
In particular, in the case of OTP using time synchronization or event synchronization, the generated value can be reused within the validity period, so that related attacks are constantly being continued.
In addition, due to the nature of the OTP technology, the client and the server generate and verify the same value, which can not achieve the anti-repudiation effect of the domestic digital signature scheme, which uses only a unique value generated by the client Independent use was not possible.
On the other hand, the existing authorized certificate method requires separate software, ActiveX, for signing, but it is currently not using these programs.
SUMMARY OF THE INVENTION The present invention is directed to a token generator for enhancing security by cooperating with an authorized certificate (security token) in a financial transaction such as an account transfer, and a financial transaction system and method using the token generator.
Further, it is another object of the present invention to provide a token generator that uses a public certificate scheme but does not require separate software, ActiveX, and a financial transaction system and method using the same.
The present invention provides a token generator for performing a financial transaction using a token obtained by digitally signing a receipt account and a counter value by a client, and a financial transaction system and method using the token generator.
The present invention also provides a token generator having enhanced security and a financial transaction system and method using the token generator.
The present invention also provides a token generator for enhancing security using transaction signing, and a financial transaction system and method using the token generator.
According to an aspect of the present invention, there is provided a token generator comprising:
A token generator capable of being connected to or disconnected from a user terminal and generating token information according to a user operation,
An input unit for receiving information from a user;
A first memory for storing the user's authorized certificate information;
A second memory for storing the token information;
A USB connector for connecting the second memory with the user terminal in a USB connection manner;
Receiving a part or all of the account receivable from the user through the input unit, adding a counter value, digitally signing with the public key certificate of the first memory, generating the token information, and storing the token information in the second memory And a control unit.
Wherein the token information includes a counter value, a value obtained by digitally signing the counter value and an account for acceptance, and authorized certificate information, and the first memory is physically separated from the USB connector.
The server decrypts the digitally signed value, and compares the decrypted value with the received counter value and the payment account included in the payment information to perform authentication.
According to an aspect of the present invention, there is provided a financial transaction system comprising:
A financial transaction system for receiving token information generated from a token generator from a user terminal to authenticate a financial transaction,
A database unit for storing customer information and account information;
When the token information including the settlement information and the counter value, the counter value, the value obtained by digitally signing the account receivable, and the authorized certificate information are received from the user terminal, the digital signature value is decrypted in the token information, And a server for performing authentication by comparing the received counter value with the receipt account included in the payment information.
The database unit,
A member DB for storing customer information;
An authentication information DB for storing information including an ID and a password for the login;
And a ledger DB for storing account information.
The server comprises:
A member management unit for performing login processing with reference to an authentication information DB other than the member DB;
When the token information including the settlement information and the counter value, the counter value, the value obtained by digitally signing the account receivable, and the authorized certificate information are received from the user terminal, the digital signature value is decrypted in the token information, An authentication processing unit for comparing the received counter value with a payment account included in the payment information to perform authentication;
And a financial processing unit for completing settlement processing using the settlement information when the authentication processing unit completes the authentication.
According to an aspect of the present invention,
A financial transaction method of a financial transaction system for receiving payment information and token information from a user terminal and authenticating a financial transaction,
Receiving, from the user terminal, token information including payment information and a counter value, a value obtained by digitally signing the counter value and a payee account, and authorized certificate information from the user terminal;
The server decrypts the digitally signed value in the token information, and determines whether the decrypted value matches the received counter value and the received account contained in the received counter value and the payment information,
And a step of the server completing the settlement processing using the settlement information if the decrypted value, the received counter value, and the payout account included in the settlement information match.
In an embodiment of the present invention, a token generator that enhances security while interworking with a certificate (security token) sent by a financial transaction, such as an account transfer, and a financial transaction system and method using the token generator.
Further, it is possible to provide a token generator that uses a public certificate scheme but does not require separate software, ActiveX, and a financial transaction system and method using the same.
A token generator for performing a financial transaction using a token to which a client digitally signs a receipt account and a counter value, and a financial transaction system and method using the token generator.
Also, a token generator having enhanced security and a financial transaction system and method using the same can be provided.
Also, a token generator for enhancing security using transaction signing and a financial transaction system and method using the token generator can be provided.
1 is a configuration diagram of a financial transaction system according to an embodiment of the present invention.
2 is a block diagram of the token generator of FIG.
3 is a flowchart illustrating an operation of a financial transaction method according to an embodiment of the present invention.
Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily carry out the present invention. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.
Throughout the specification, when an element is referred to as "comprising ", it means that it can include other elements as well, without excluding other elements unless specifically stated otherwise. Also, the terms " part, "" module," and " module ", etc. in the specification mean a unit for processing at least one function or operation and may be implemented by hardware or software or a combination of hardware and software have.
1 is a configuration diagram of a financial transaction system according to an embodiment of the present invention.
Referring to FIG. 1, a financial transaction system according to an embodiment of the present invention includes:
A financial transaction system (100) for receiving token information generated from a token generator (200) from a user terminal (400) and authenticating a financial transaction,
A
When the token information including the payment information and the counter value, the value obtained by digitally signing the counter value and the account receivable from the
The
A member DB 121 for storing customer information;
An
And a ledger DB 123 for storing account information.
The server (110)
A member management unit 111 for performing login processing with reference to the
When the token information including the payment information and the counter value, the value obtained by digitally signing the counter value and the account receivable from the
And a financial processing unit (113) for completing settlement processing using the settlement information when the authentication processing unit (112) completes the authentication.
2 is a block diagram of the token generator of FIG.
2, the
A token generator (200) capable of connecting to or disconnecting from a user terminal (400) and generating token information according to a user's operation,
A
A
An
A first memory (260) for storing the user's authorized certificate information;
A second memory (250) for storing the token information;
A
Receives a part or all of the accounts receivable from the user through the
An IC card connector may be used in place of the
The token information includes a counter value, a value obtained by electronically signing the counter value, a payment account, and authorized certificate information, and the
The
The operation of the financial transaction system according to the embodiment of the present invention having such a configuration will now be described in detail.
3 is a flowchart illustrating an operation of a financial transaction method according to an embodiment of the present invention.
Referring to FIG. 3, a user accesses a server 110 (financial institution) with a terminal 400 such as a PC or a smart phone, and inputs an ID and a password. Then, the member management unit 111 of the
If it is determined that the user is a legitimate user, the
The customer who has confirmed the account information inputs the payment information such as the account number and the money amount, uploads the token information of the token generator, and requests the
Here, the process of confirming the account number is well known in the art, so that detailed description is omitted.
The token information generation process of the
First, the user customer inputs the account number (all or a part of the account number) using the number buttons of the
Then, the
That is, the signature value = S (counter, RA). (Since the digital signature process is standardized, detailed procedures are omitted in this document.)
Then, the
At this time, the token information (TS_counter.txt) = counter || S (counter, RA) || (eg if the counter value is 5, the token information file name is TS_5.txt)
Here, the
The operation for the private key and the signature is stored in the
After receiving the payment information and the token information value (TS_counter.txt) from the
First, the
Then, the
Next, the
If the decrypted value, the received counter value, and the payment account included in the payment information match, the
Meanwhile, in case of authentication inconsistency, the
Although the above embodiment has been described as an example of Internet banking, the present invention can be applied to card settlement of electronic commerce as needed.
In the above embodiment of the present invention, security can be enhanced without using a separate security program or ActiveX-X by combining transaction interlocking techniques through a token generator independent of transaction signing.
In addition, it is possible to enhance the security while cooperating with a public certificate (security token) transmitted from a financial transaction such as an account transfer.
In addition, a client can perform a financial transaction using a token that digitally signs a receipt account and a counter value.
The embodiments of the present invention described above are not only implemented by the apparatus and method but may be implemented through a program for realizing the function corresponding to the configuration of the embodiment of the present invention or a recording medium on which the program is recorded, The embodiments can be easily implemented by those skilled in the art from the description of the embodiments described above.
While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, It belongs to the scope of right.
Claims (7)
An input unit for receiving information from a user;
A first memory for storing the user's authorized certificate information;
A second memory for storing the token information;
A USB connector for connecting the second memory with the user terminal in a USB connection manner;
Receiving a part or all of the account receivable from the user through the input unit, adding a counter value, digitally signing with the public key certificate of the first memory, generating the token information, and storing the token information in the second memory And a control unit,
Wherein the token information includes a counter value, a value obtained by digitally signing the counter value and an account for acceptance, and authorized certificate information, and the first memory is physically separated from the USB connector (or IC card connector). Generator.
Wherein the server decrypts the digitally signed value and performs authentication by comparing the decrypted value with a counter value received and a payment account included in the payment information.
A database unit for storing customer information and account information;
When the token information including the settlement information and the counter value, the counter value, the value obtained by digitally signing the account receivable, and the authorized certificate information is received from the user terminal, the digitally signed value is decoded in the token information, And a server for performing authentication by comparing a counter value and a payment account included in the payment information,
The database unit,
A member DB for storing customer information;
An authentication information DB for storing information including an ID and a password for login;
And a ledger DB for storing account information,
The server comprises:
A member management unit for performing login processing with reference to an authentication information DB other than the member DB;
When the token information including the settlement information and the counter value, the counter value, the value obtained by digitally signing the account receivable, and the authorized certificate information are received from the user terminal, the digital signature value is decrypted in the token information, An authentication processing unit for comparing the received counter value with a payment account included in the payment information to perform authentication;
And a financing processing unit for finishing the settlement processing using the settlement information when the authentication processing unit completes the authentication,
Wherein the token generator comprises:
An input unit for receiving information from a user;
A first memory for storing the user's authorized certificate information;
A second memory for storing the token information;
A USB connector for connecting the second memory with the user terminal in a USB connection manner;
Receiving a part or all of the account receivable from the user through the input unit, adding a counter value, digitally signing with the public key certificate of the first memory, generating the token information, and storing the token information in the second memory And a control unit,
Wherein the token information includes a counter value, a value obtained by digitally signing the counter value, a receipt account, and public certificate information, and the first memory is physically separated from the USB connector (or the IC card connector)
Financial transaction system.
An input unit for receiving information from a user;
A first memory for storing the user's authorized certificate information;
A second memory for storing the token information;
An IC card connector for connecting the second memory with the user terminal in an IC card connection manner;
Receiving a part or all of the account receivable from the user through the input unit, adding a counter value, digitally signing with the public key certificate of the first memory, generating the token information, and storing the token information in the second memory And a control unit,
Wherein the token information includes a counter value, a value obtained by digitally signing the counter value, a receipt account, and public certificate information, and the first memory is physically separated from the USB connector (or the IC card connector)
Token generator.
Receiving, from the user terminal, token information including payment information and a counter value, a value obtained by digitally signing the counter value and a payee account, and authorized certificate information from the user terminal;
Decrypting the digitally signed value in the token information, comparing the decrypted value with the received counter value and comparing the received account included in the payment information with the received account value;
And completing payment processing using the payment information if the decrypted value, the received counter value, and the payment account included in the payment information coincide with each other,
Wherein the token generator for generating the token information comprises:
An input unit for receiving information from a user;
A first memory for storing the user's authorized certificate information;
A second memory for storing the token information;
A USB connector for connecting the second memory with the user terminal in a USB connection manner;
Receiving a part or all of the account receivable from the user through the input unit, adding a counter value, digitally signing with the public key certificate of the first memory, generating the token information, and storing the token information in the second memory And a control unit,
Wherein the token information includes a counter value, a value obtained by digitally signing the counter value, a receipt account, and public certificate information, and the first memory is physically separated from the USB connector (or the IC card connector)
Financial transaction method.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150044924A KR101686158B1 (en) | 2015-03-31 | 2015-03-31 | Token generator, Financial transaction system and method using that token generator |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150044924A KR101686158B1 (en) | 2015-03-31 | 2015-03-31 | Token generator, Financial transaction system and method using that token generator |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20160116737A KR20160116737A (en) | 2016-10-10 |
KR101686158B1 true KR101686158B1 (en) | 2016-12-13 |
Family
ID=57146264
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150044924A KR101686158B1 (en) | 2015-03-31 | 2015-03-31 | Token generator, Financial transaction system and method using that token generator |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101686158B1 (en) |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101494838B1 (en) * | 2014-06-17 | 2015-02-25 | 유한회사 실릭스 | Account transfer method and system using transaction related otp |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20070117371A (en) * | 2006-06-08 | 2007-12-12 | 주식회사 프럼나우 | Apparatus for generating random numbers for object oriented otp |
-
2015
- 2015-03-31 KR KR1020150044924A patent/KR101686158B1/en active IP Right Grant
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101494838B1 (en) * | 2014-06-17 | 2015-02-25 | 유한회사 실릭스 | Account transfer method and system using transaction related otp |
Also Published As
Publication number | Publication date |
---|---|
KR20160116737A (en) | 2016-10-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11868997B2 (en) | Secure payments using a mobile wallet application | |
US11218480B2 (en) | Authenticator centralization and protection based on authenticator type and authentication policy | |
CN106575416B (en) | System and method for authenticating a client to a device | |
US10586229B2 (en) | Anytime validation tokens | |
US9614845B2 (en) | Anonymous authentication and remote wireless token access | |
US7330836B2 (en) | Method and system for secure authenticated payment on a computer network | |
US20180276664A1 (en) | Key download method and apparatus for pos terminal | |
EP3400696A1 (en) | Systems and methods for device push provisioning | |
JP6585038B2 (en) | Systems and methods for encryption | |
US11562351B2 (en) | Interoperable mobile-initiated transactions with dynamic authentication | |
US20120254041A1 (en) | One-time credit card numbers | |
US20210209582A1 (en) | Virtual smart card for banking and payments | |
CN104282096A (en) | Method for achieving digital signature and POS terminal used for achieving digital signature | |
CN106355404B (en) | Debit credit transaction system and method with security vulnerability protection mechanism | |
KR101686158B1 (en) | Token generator, Financial transaction system and method using that token generator | |
GB2515763A (en) | Improvements relating to unpredictable number generation | |
KR101686157B1 (en) | Password generator, Financial transaction system and method using that password generator | |
AU2015200701B2 (en) | Anytime validation for verification tokens | |
AU2014100650A4 (en) | NFC digital authentication | |
Alenius et al. | Online Banking Security |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E701 | Decision to grant or registration of patent right | ||
GRNT | Written decision to grant | ||
FPAY | Annual fee payment |
Payment date: 20191007 Year of fee payment: 4 |