KR101686158B1 - Token generator, Financial transaction system and method using that token generator - Google Patents

Token generator, Financial transaction system and method using that token generator Download PDF

Info

Publication number
KR101686158B1
KR101686158B1 KR1020150044924A KR20150044924A KR101686158B1 KR 101686158 B1 KR101686158 B1 KR 101686158B1 KR 1020150044924 A KR1020150044924 A KR 1020150044924A KR 20150044924 A KR20150044924 A KR 20150044924A KR 101686158 B1 KR101686158 B1 KR 101686158B1
Authority
KR
South Korea
Prior art keywords
information
token
counter value
memory
value
Prior art date
Application number
KR1020150044924A
Other languages
Korean (ko)
Other versions
KR20160116737A (en
Inventor
윤재호
Original Assignee
윤재호
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 윤재호 filed Critical 윤재호
Priority to KR1020150044924A priority Critical patent/KR101686158B1/en
Publication of KR20160116737A publication Critical patent/KR20160116737A/en
Application granted granted Critical
Publication of KR101686158B1 publication Critical patent/KR101686158B1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3228One-time or temporary data, i.e. information which is sent for every authentication or authorization, e.g. one-time-password, one-time-token or one-time-key

Abstract

A financial transaction method of a financial transaction system for receiving payment information and token information from a user terminal and authenticating a financial transaction is disclosed. The financial transaction method includes: receiving, from the user terminal, token information including payment information and a counter value, a value obtained by digitally signing the counter value and a receipt account, and authorized certificate information; The server decrypts the digitally signed value in the token information, and determines whether the decrypted value matches the received counter value and the received account contained in the received counter value and the payment information, And a step in which the server completes settlement processing using the settlement information if the decrypted value, the received counter value, and the payout account included in the settlement information match, and in addition to transaction signing, By combining transactional technologies through an independent token generator, security can be enhanced without a separate security program or ActiveX.

Description

Technical Field [0001] The present invention relates to a token generator and a financial transaction system and method using the token generator,

The present invention relates to a token generator that can be used in Internet commerce and Internet banking, and a financial transaction system and method using the token generator. More particularly, the present invention relates to a token generator for generating a token signal of a file type, System and method.

In general, security is very important in financial transactions such as bank transfer, remittance transaction or credit card loan.

Therefore, various security programs are installed in the user terminal for security, and an official certificate, an account password, a security card, OTP, or the like is used.

However, existing one-time passwords have been vulnerable to reuse attacks despite high security.

In particular, in the case of OTP using time synchronization or event synchronization, the generated value can be reused within the validity period, so that related attacks are constantly being continued.

In addition, due to the nature of the OTP technology, the client and the server generate and verify the same value, which can not achieve the anti-repudiation effect of the domestic digital signature scheme, which uses only a unique value generated by the client Independent use was not possible.

On the other hand, the existing authorized certificate method requires separate software, ActiveX, for signing, but it is currently not using these programs.

SUMMARY OF THE INVENTION The present invention is directed to a token generator for enhancing security by cooperating with an authorized certificate (security token) in a financial transaction such as an account transfer, and a financial transaction system and method using the token generator.

Further, it is another object of the present invention to provide a token generator that uses a public certificate scheme but does not require separate software, ActiveX, and a financial transaction system and method using the same.

The present invention provides a token generator for performing a financial transaction using a token obtained by digitally signing a receipt account and a counter value by a client, and a financial transaction system and method using the token generator.

The present invention also provides a token generator having enhanced security and a financial transaction system and method using the token generator.

The present invention also provides a token generator for enhancing security using transaction signing, and a financial transaction system and method using the token generator.

According to an aspect of the present invention, there is provided a token generator comprising:

A token generator capable of being connected to or disconnected from a user terminal and generating token information according to a user operation,

An input unit for receiving information from a user;

A first memory for storing the user's authorized certificate information;

A second memory for storing the token information;

A USB connector for connecting the second memory with the user terminal in a USB connection manner;

Receiving a part or all of the account receivable from the user through the input unit, adding a counter value, digitally signing with the public key certificate of the first memory, generating the token information, and storing the token information in the second memory And a control unit.

Wherein the token information includes a counter value, a value obtained by digitally signing the counter value and an account for acceptance, and authorized certificate information, and the first memory is physically separated from the USB connector.

The server decrypts the digitally signed value, and compares the decrypted value with the received counter value and the payment account included in the payment information to perform authentication.

According to an aspect of the present invention, there is provided a financial transaction system comprising:

A financial transaction system for receiving token information generated from a token generator from a user terminal to authenticate a financial transaction,

A database unit for storing customer information and account information;

When the token information including the settlement information and the counter value, the counter value, the value obtained by digitally signing the account receivable, and the authorized certificate information are received from the user terminal, the digital signature value is decrypted in the token information, And a server for performing authentication by comparing the received counter value with the receipt account included in the payment information.

The database unit,

A member DB for storing customer information;

An authentication information DB for storing information including an ID and a password for the login;

And a ledger DB for storing account information.

The server comprises:

A member management unit for performing login processing with reference to an authentication information DB other than the member DB;

When the token information including the settlement information and the counter value, the counter value, the value obtained by digitally signing the account receivable, and the authorized certificate information are received from the user terminal, the digital signature value is decrypted in the token information, An authentication processing unit for comparing the received counter value with a payment account included in the payment information to perform authentication;

And a financial processing unit for completing settlement processing using the settlement information when the authentication processing unit completes the authentication.

According to an aspect of the present invention,

A financial transaction method of a financial transaction system for receiving payment information and token information from a user terminal and authenticating a financial transaction,

Receiving, from the user terminal, token information including payment information and a counter value, a value obtained by digitally signing the counter value and a payee account, and authorized certificate information from the user terminal;

The server decrypts the digitally signed value in the token information, and determines whether the decrypted value matches the received counter value and the received account contained in the received counter value and the payment information,

And a step of the server completing the settlement processing using the settlement information if the decrypted value, the received counter value, and the payout account included in the settlement information match.

In an embodiment of the present invention, a token generator that enhances security while interworking with a certificate (security token) sent by a financial transaction, such as an account transfer, and a financial transaction system and method using the token generator.

Further, it is possible to provide a token generator that uses a public certificate scheme but does not require separate software, ActiveX, and a financial transaction system and method using the same.

A token generator for performing a financial transaction using a token to which a client digitally signs a receipt account and a counter value, and a financial transaction system and method using the token generator.

Also, a token generator having enhanced security and a financial transaction system and method using the same can be provided.

Also, a token generator for enhancing security using transaction signing and a financial transaction system and method using the token generator can be provided.

1 is a configuration diagram of a financial transaction system according to an embodiment of the present invention.
2 is a block diagram of the token generator of FIG.
3 is a flowchart illustrating an operation of a financial transaction method according to an embodiment of the present invention.

Hereinafter, embodiments of the present invention will be described in detail with reference to the accompanying drawings so that those skilled in the art can easily carry out the present invention. The present invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. In order to clearly illustrate the present invention, parts not related to the description are omitted, and similar parts are denoted by like reference characters throughout the specification.

Throughout the specification, when an element is referred to as "comprising ", it means that it can include other elements as well, without excluding other elements unless specifically stated otherwise. Also, the terms " part, "" module," and " module ", etc. in the specification mean a unit for processing at least one function or operation and may be implemented by hardware or software or a combination of hardware and software have.

1 is a configuration diagram of a financial transaction system according to an embodiment of the present invention.

Referring to FIG. 1, a financial transaction system according to an embodiment of the present invention includes:

A financial transaction system (100) for receiving token information generated from a token generator (200) from a user terminal (400) and authenticating a financial transaction,

A database unit 120 for storing customer information and account information;

When the token information including the payment information and the counter value, the value obtained by digitally signing the counter value and the account receivable from the user terminal 400, and the authorized certificate information are received, the digital signature value is decrypted in the token information, And a server 110 for performing authentication by comparing the received value with the received counter value and the payment account included in the payment information.

The database unit 120 may include:

A member DB 121 for storing customer information;

An authentication information DB 122 for storing information including an ID and a password for the login;

And a ledger DB 123 for storing account information.

The server (110)

A member management unit 111 for performing login processing with reference to the membership DB 121 and the authentication information DB 122;

When the token information including the payment information and the counter value, the value obtained by digitally signing the counter value and the account receivable from the user terminal 400, and the authorized certificate information are received, the digital signature value is decrypted in the token information, An authentication processing unit (112) for performing authentication by comparing a received value and a received counter value with a payment account included in the payment information;

And a financial processing unit (113) for completing settlement processing using the settlement information when the authentication processing unit (112) completes the authentication.

2 is a block diagram of the token generator of FIG.

2, the token generator 200 generates a token

A token generator (200) capable of connecting to or disconnecting from a user terminal (400) and generating token information according to a user's operation,

A power supply unit 240 for supplying power to each part;

A display unit 220 for displaying information;

An input unit 210 for receiving information from a user;

A first memory (260) for storing the user's authorized certificate information;

A second memory (250) for storing the token information;

A USB connector 270 connecting the second memory 250 to the user terminal 400 in a USB connection manner;

Receives a part or all of the accounts receivable from the user through the input unit 210, adds a counter value, digitally signs the authorized certificate of the first memory 260, generates the token information, And a controller 230 for storing the data in the second memory 250.

An IC card connector may be used in place of the USB connector 270 and the second memory 250 may be connected to the user terminal using an IC card connection method.

The token information includes a counter value, a value obtained by electronically signing the counter value, a payment account, and authorized certificate information, and the first memory 260 is physically separated from the USB connector.

The server 110 decrypts the digitally signed value and compares the decrypted value with the received counter value and the account received in the payment information to perform authentication.

The operation of the financial transaction system according to the embodiment of the present invention having such a configuration will now be described in detail.

3 is a flowchart illustrating an operation of a financial transaction method according to an embodiment of the present invention.

Referring to FIG. 3, a user accesses a server 110 (financial institution) with a terminal 400 such as a PC or a smart phone, and inputs an ID and a password. Then, the member management unit 111 of the server 110 performs the login procedure (S310).

If it is determined that the user is a legitimate user, the authentication processing unit 112 transmits the customer information (account information, etc.) to the terminal 400 (S320). Here, an example mainly focusing on Internet banking will be described, and the authentication method of the present invention can be applied to other financial transactions as needed.

The customer who has confirmed the account information inputs the payment information such as the account number and the money amount, uploads the token information of the token generator, and requests the server 110 for a financial transaction such as transfer application (S330). At this time, the token generator 200 generates the token information by pressing the button of the input unit 210. [

Here, the process of confirming the account number is well known in the art, so that detailed description is omitted.

The token information generation process of the token generator 200 will be described in detail.

First, the user customer inputs the account number (all or a part of the account number) using the number buttons of the input unit 210. (This account number is called RA (receiver account).)

Then, the control unit 230 digitally signs the input RA value and the counter value.

That is, the signature value = S (counter, RA). (Since the digital signature process is standardized, detailed procedures are omitted in this document.)

Then, the control unit 230 combines the electronic signature value and the counter value to generate token information in the form of a text file.

At this time, the token information (TS_counter.txt) = counter || S (counter, RA) || (eg if the counter value is 5, the token information file name is TS_5.txt)

Here, the token generator 200 may be implemented as a key input type such as a USB, an IC card, or the like. The token generator 200 may be inserted into a USB port of the user terminal 400 to input a token information file.

The operation for the private key and the signature is stored in the first memory 260, which is a safe area such as the existing security token, so that the token information is generated and stored in the second memory 250 area where only the token information, .

After receiving the payment information and the token information value (TS_counter.txt) from the user terminal 400, the server 110 verifies the same value and transmits the verification result (S340).

First, the authentication processing unit 112 of the server 110 decrypts the signature value using the received public key certificate.

Then, the authentication processing unit 112 confirms RA and counter values from the decrypted value.

Next, the authentication processing unit 112 compares the decrypted value with the received counter value and the account received in the payment information.

If the decrypted value, the received counter value, and the payment account included in the payment information match, the financial processing unit 113 of the server 110 completes the payment processing using the payment information at step S350. For example, settlement such as account transfer or card settlement may be performed.

Meanwhile, in case of authentication inconsistency, the server 110 informs the user terminal 400 of the authentication inconsistency and does not perform the settlement processing (S360).

Although the above embodiment has been described as an example of Internet banking, the present invention can be applied to card settlement of electronic commerce as needed.

In the above embodiment of the present invention, security can be enhanced without using a separate security program or ActiveX-X by combining transaction interlocking techniques through a token generator independent of transaction signing.

In addition, it is possible to enhance the security while cooperating with a public certificate (security token) transmitted from a financial transaction such as an account transfer.

In addition, a client can perform a financial transaction using a token that digitally signs a receipt account and a counter value.

The embodiments of the present invention described above are not only implemented by the apparatus and method but may be implemented through a program for realizing the function corresponding to the configuration of the embodiment of the present invention or a recording medium on which the program is recorded, The embodiments can be easily implemented by those skilled in the art from the description of the embodiments described above.

While the present invention has been particularly shown and described with reference to exemplary embodiments thereof, it is to be understood that the invention is not limited to the disclosed exemplary embodiments, It belongs to the scope of right.

Claims (7)

A token generator capable of being connected to or disconnected from a user terminal and generating token information according to a user operation,
An input unit for receiving information from a user;
A first memory for storing the user's authorized certificate information;
A second memory for storing the token information;
A USB connector for connecting the second memory with the user terminal in a USB connection manner;
Receiving a part or all of the account receivable from the user through the input unit, adding a counter value, digitally signing with the public key certificate of the first memory, generating the token information, and storing the token information in the second memory And a control unit,
Wherein the token information includes a counter value, a value obtained by digitally signing the counter value and an account for acceptance, and authorized certificate information, and the first memory is physically separated from the USB connector (or IC card connector). Generator. delete The method according to claim 1,
Wherein the server decrypts the digitally signed value and performs authentication by comparing the decrypted value with a counter value received and a payment account included in the payment information. A financial transaction system for receiving token information generated from a token generator from a user terminal to authenticate a financial transaction,
A database unit for storing customer information and account information;
When the token information including the settlement information and the counter value, the counter value, the value obtained by digitally signing the account receivable, and the authorized certificate information is received from the user terminal, the digitally signed value is decoded in the token information, And a server for performing authentication by comparing a counter value and a payment account included in the payment information,
The database unit,
A member DB for storing customer information;
An authentication information DB for storing information including an ID and a password for login;
And a ledger DB for storing account information,
The server comprises:
A member management unit for performing login processing with reference to an authentication information DB other than the member DB;
When the token information including the settlement information and the counter value, the counter value, the value obtained by digitally signing the account receivable, and the authorized certificate information are received from the user terminal, the digital signature value is decrypted in the token information, An authentication processing unit for comparing the received counter value with a payment account included in the payment information to perform authentication;
And a financing processing unit for finishing the settlement processing using the settlement information when the authentication processing unit completes the authentication,
Wherein the token generator comprises:
An input unit for receiving information from a user;
A first memory for storing the user's authorized certificate information;
A second memory for storing the token information;
A USB connector for connecting the second memory with the user terminal in a USB connection manner;
Receiving a part or all of the account receivable from the user through the input unit, adding a counter value, digitally signing with the public key certificate of the first memory, generating the token information, and storing the token information in the second memory And a control unit,
Wherein the token information includes a counter value, a value obtained by digitally signing the counter value, a receipt account, and public certificate information, and the first memory is physically separated from the USB connector (or the IC card connector)
Financial transaction system. delete A token generator capable of being connected to or disconnected from a user terminal and generating token information according to a user operation,
An input unit for receiving information from a user;
A first memory for storing the user's authorized certificate information;
A second memory for storing the token information;
An IC card connector for connecting the second memory with the user terminal in an IC card connection manner;
Receiving a part or all of the account receivable from the user through the input unit, adding a counter value, digitally signing with the public key certificate of the first memory, generating the token information, and storing the token information in the second memory And a control unit,
Wherein the token information includes a counter value, a value obtained by digitally signing the counter value, a receipt account, and public certificate information, and the first memory is physically separated from the USB connector (or the IC card connector)
Token generator. A financial transaction method of a financial transaction system for receiving payment information and token information from a user terminal and authenticating a financial transaction,
Receiving, from the user terminal, token information including payment information and a counter value, a value obtained by digitally signing the counter value and a payee account, and authorized certificate information from the user terminal;
Decrypting the digitally signed value in the token information, comparing the decrypted value with the received counter value and comparing the received account included in the payment information with the received account value;
And completing payment processing using the payment information if the decrypted value, the received counter value, and the payment account included in the payment information coincide with each other,
Wherein the token generator for generating the token information comprises:
An input unit for receiving information from a user;
A first memory for storing the user's authorized certificate information;
A second memory for storing the token information;
A USB connector for connecting the second memory with the user terminal in a USB connection manner;
Receiving a part or all of the account receivable from the user through the input unit, adding a counter value, digitally signing with the public key certificate of the first memory, generating the token information, and storing the token information in the second memory And a control unit,
Wherein the token information includes a counter value, a value obtained by digitally signing the counter value, a receipt account, and public certificate information, and the first memory is physically separated from the USB connector (or the IC card connector)
Financial transaction method.
KR1020150044924A 2015-03-31 2015-03-31 Token generator, Financial transaction system and method using that token generator KR101686158B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150044924A KR101686158B1 (en) 2015-03-31 2015-03-31 Token generator, Financial transaction system and method using that token generator

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150044924A KR101686158B1 (en) 2015-03-31 2015-03-31 Token generator, Financial transaction system and method using that token generator

Publications (2)

Publication Number Publication Date
KR20160116737A KR20160116737A (en) 2016-10-10
KR101686158B1 true KR101686158B1 (en) 2016-12-13

Family

ID=57146264

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150044924A KR101686158B1 (en) 2015-03-31 2015-03-31 Token generator, Financial transaction system and method using that token generator

Country Status (1)

Country Link
KR (1) KR101686158B1 (en)

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101494838B1 (en) * 2014-06-17 2015-02-25 유한회사 실릭스 Account transfer method and system using transaction related otp

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20070117371A (en) * 2006-06-08 2007-12-12 주식회사 프럼나우 Apparatus for generating random numbers for object oriented otp

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101494838B1 (en) * 2014-06-17 2015-02-25 유한회사 실릭스 Account transfer method and system using transaction related otp

Also Published As

Publication number Publication date
KR20160116737A (en) 2016-10-10

Similar Documents

Publication Publication Date Title
US11868997B2 (en) Secure payments using a mobile wallet application
US11218480B2 (en) Authenticator centralization and protection based on authenticator type and authentication policy
CN106575416B (en) System and method for authenticating a client to a device
US10586229B2 (en) Anytime validation tokens
US9614845B2 (en) Anonymous authentication and remote wireless token access
US7330836B2 (en) Method and system for secure authenticated payment on a computer network
US20180276664A1 (en) Key download method and apparatus for pos terminal
EP3400696A1 (en) Systems and methods for device push provisioning
JP6585038B2 (en) Systems and methods for encryption
US11562351B2 (en) Interoperable mobile-initiated transactions with dynamic authentication
US20120254041A1 (en) One-time credit card numbers
US20210209582A1 (en) Virtual smart card for banking and payments
CN104282096A (en) Method for achieving digital signature and POS terminal used for achieving digital signature
CN106355404B (en) Debit credit transaction system and method with security vulnerability protection mechanism
KR101686158B1 (en) Token generator, Financial transaction system and method using that token generator
GB2515763A (en) Improvements relating to unpredictable number generation
KR101686157B1 (en) Password generator, Financial transaction system and method using that password generator
AU2015200701B2 (en) Anytime validation for verification tokens
AU2014100650A4 (en) NFC digital authentication
Alenius et al. Online Banking Security

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right
GRNT Written decision to grant
FPAY Annual fee payment

Payment date: 20191007

Year of fee payment: 4