TWM590732U - Account stealing detection system - Google Patents

Account stealing detection system Download PDF

Info

Publication number
TWM590732U
TWM590732U TW108215263U TW108215263U TWM590732U TW M590732 U TWM590732 U TW M590732U TW 108215263 U TW108215263 U TW 108215263U TW 108215263 U TW108215263 U TW 108215263U TW M590732 U TWM590732 U TW M590732U
Authority
TW
Taiwan
Prior art keywords
user behavior
server
account
login
detection system
Prior art date
Application number
TW108215263U
Other languages
Chinese (zh)
Inventor
陳嘉華
Original Assignee
兆豐國際商業銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 兆豐國際商業銀行股份有限公司 filed Critical 兆豐國際商業銀行股份有限公司
Priority to TW108215263U priority Critical patent/TWM590732U/en
Publication of TWM590732U publication Critical patent/TWM590732U/en

Links

Images

Landscapes

  • Alarm Systems (AREA)

Abstract

The present disclosure provides an account stealing detection system, including: a server; and an electronic device coupled to the server. The electronic device login to the server through an account, and the server detects a user behavior after the account login to the server. The server searches a historical user behavior corresponding to the account, and determines whether the user behavior matches the historical user behavior. When the server determines the user behavior does not match the historical user behavior, the server transmits an authentication request to the electronic device, and receives an authentication information corresponding to the authentication request from the electronic device in a predetermined time interval after sending the authentication request. If the authentication information matches a predetermined authentication information corresponding to the account, the server adds the user behavior into the historical user behavior corresponding to the account.

Description

帳號盜用偵測系統Account theft detection system

本揭露是有關於一種異常狀態偵測系統,且特別是有關於一種帳號盜用偵測系統。This disclosure relates to an abnormal state detection system, and in particular to an account theft detection system.

隨著科技的發展,現在利用智慧型手機登入行動銀行以進行金融相關操作的使用者越來越多。雖然行動銀行提供了一個方便的介面給使用者進行金融相關操作,但使用者帳號遭到盜用的情況也層出不窮。因此,如何防止使用者帳號被不肖人士盜用是本領域技術人員應致力的目標。With the development of technology, more and more users are now using smartphones to log in to mobile banks for financial-related operations. Although Mobile Banking provides a convenient interface for users to perform financial-related operations, there are endless cases of user accounts being stolen. Therefore, how to prevent user accounts from being misappropriated by unscrupulous persons is the goal of those skilled in the art.

有鑑於此,本揭露提供一種盜用偵測系統,能在發現異常登入時發出警示訊息。In view of this, the present disclosure provides a theft detection system that can issue a warning message when an abnormal login is found.

本揭露提出一種帳號盜用偵測系統,包括:伺服器;以及電子裝置,耦接到伺服器。電子裝置透過帳號登入伺服器,且伺服器偵測帳號登入伺服器後的使用者行為。伺服器搜尋對應帳號的歷史使用者行為,並判斷使用者行為與歷史使用者行為是否相符。當伺服器判斷使用者行為與歷史使用者行為不相符時,伺服器傳送認證請求到電子裝置,並在送出認證請求後的預定時間間隔內從電子裝置接收對應認證請求的認證資訊。若認證資訊符合對應帳號的預設認證資訊,則伺服器將使用者行為加入對應帳號的歷史使用者行為中。The present disclosure proposes an account fraud detection system, including: a server; and an electronic device, coupled to the server. The electronic device logs into the server through the account, and the server detects the user behavior after the account logs into the server. The server searches the historical user behavior of the corresponding account and determines whether the user behavior is consistent with the historical user behavior. When the server determines that the user behavior does not match the historical user behavior, the server sends an authentication request to the electronic device, and receives authentication information corresponding to the authentication request from the electronic device within a predetermined time interval after sending the authentication request. If the authentication information matches the default authentication information of the corresponding account, the server adds the user behavior to the historical user behavior of the corresponding account.

基於上述,本揭露的帳號盜用偵測系統對在使用者登入伺服器之後判斷使用者行為與歷史使用者行為是否相符。若伺服器判斷使用者行為與歷史使用者行為不相符,伺服器會進行認證程序並要求使用者在預定時間間隔內完成認證。若使用者完成認證,則伺服器可將新的使用者行為加入此帳號的歷史使用者行為中,以更新歷史使用者行為。Based on the above, the disclosed account theft detection system determines whether the user behavior is consistent with the historical user behavior after the user logs in to the server. If the server determines that the user's behavior does not match the historical user's behavior, the server will perform the authentication process and require the user to complete the authentication within a predetermined time interval. If the user completes the authentication, the server can add the new user behavior to the historical user behavior of this account to update the historical user behavior.

為讓本揭露的上述特徵和優點能更明顯易懂,下文特舉實施例,並配合所附圖式作詳細說明如下。In order to make the above-mentioned features and advantages of the present disclosure more comprehensible, the embodiments are specifically described below and described in detail in conjunction with the accompanying drawings.

圖1為根據本揭露一實施例的帳號盜用偵測系統的方塊圖。FIG. 1 is a block diagram of an account theft detection system according to an embodiment of the present disclosure.

請參照圖1,本揭露一實施例的帳號盜用偵測系統100包括伺服器110及電子裝置120。電子裝置120透過有線或無線通訊耦接到伺服器110。伺服器110例如是銀行伺服器,且電子裝置120例如是使用者的智慧型手機、平板電腦、個人電腦或其他類似裝置。使用者可利用電子裝置120登入伺服器110來進行各種操作。Referring to FIG. 1, an account fraud detection system 100 according to an embodiment of the present disclosure includes a server 110 and an electronic device 120. The electronic device 120 is coupled to the server 110 through wired or wireless communication. The server 110 is, for example, a bank server, and the electronic device 120 is, for example, a user's smartphone, tablet computer, personal computer, or other similar device. The user can log in to the server 110 using the electronic device 120 to perform various operations.

在一實施例中,使用者利用電子裝置120透過帳號登入伺服器110進行金融相關操作、瀏覽操作或其他操作,且伺服器110偵測帳號登入伺服器110後的使用者行為。使用者行為包括使用者登入相關資訊及使用者登入伺服器110後的各種操作。伺服器110搜尋對應帳號的歷史使用者行為,並判斷使用者行為與歷史使用者行為是否相符。當伺服器110判斷使用者行為與歷史使用者行為不相符時,伺服器110傳送認證請求到電子裝置120以要求使用者輸入認證碼及生物特徵(例如,指紋、聲紋、虹膜、靜脈資訊)或其他認證資料,並在送出認證請求後的預定時間間隔(例如,五分鐘)內從電子裝置120接收對應認證請求認證資訊。若認證資訊符合對應帳號的預設認證資訊,則伺服器110將使用者行為加入對應帳號的歷史使用者行為中。如此一來,認證成功的新的使用者行為會被更新到歷史使用者行為中,使得之後伺服器110判斷使用者帳號是否被盜用可以更加精確。In one embodiment, the user uses the electronic device 120 to log in to the server 110 through the account to perform financial-related operations, browsing operations, or other operations, and the server 110 detects the user behavior after the account is logged in to the server 110. The user behavior includes user login related information and various operations after the user logs in to the server 110. The server 110 searches the historical user behavior of the corresponding account and determines whether the user behavior is consistent with the historical user behavior. When the server 110 determines that the user behavior does not match the historical user behavior, the server 110 sends an authentication request to the electronic device 120 to request the user to enter the authentication code and biometrics (eg, fingerprint, voiceprint, iris, vein information) Or other authentication data, and receive the corresponding authentication request authentication information from the electronic device 120 within a predetermined time interval (for example, five minutes) after the authentication request is sent. If the authentication information matches the default authentication information of the corresponding account, the server 110 adds the user behavior to the historical user behavior of the corresponding account. In this way, the new user behavior with successful authentication will be updated to the historical user behavior, so that the server 110 can more accurately determine whether the user account has been stolen later.

另一方面,當伺服器110並未在預定時間間隔內從電子裝置120接收認證資訊或認證資訊不符合對應帳號的預設認證資訊時,伺服器110產生對應帳號的警示訊息。On the other hand, when the server 110 does not receive the authentication information from the electronic device 120 within a predetermined time interval or the authentication information does not match the default authentication information of the corresponding account, the server 110 generates a warning message corresponding to the account.

在一實施例中,使用者行為包括電子裝置120的裝置識別碼。裝置識別碼例如是國際行動裝置辨識碼(International Mobile Equipment Identity,IMEI)。當裝置識別碼與對應帳號的預設裝置識別碼不同時,伺服器110判斷使用者行為與歷史使用者行為不相符。若使用者本人利用另一電子裝置(例如,新手機)登入伺服器110並認證成功後,伺服器110會將使用者新手機的裝置識別碼加入歷史使用者行為中,因此不會在使用者用新手機再次登入時產生警示訊息。In one embodiment, the user behavior includes the device identification code of the electronic device 120. The device identification code is, for example, an International Mobile Equipment Identity (IMEI). When the device identification code is different from the default device identification code of the corresponding account, the server 110 determines that the user behavior does not match the historical user behavior. If the user logs into the server 110 with another electronic device (for example, a new mobile phone) and the authentication is successful, the server 110 will add the device identification code of the user's new mobile phone to the historical user behavior, so it will not An alert message is generated when logging in again with a new mobile phone.

在一實施例中,使用者行為包括登入地點。伺服器110可從電子裝置120的全球定位系統(Global Positioning System,GPS)模組獲得電子裝置120的定位資訊。伺服器110可判斷電子裝置120已開啟GPS功能才允許登入,否則會提示使用者先開啟GPS功能再進行登入。當登入地點與對應帳號的多個歷史登入地點的距離差異皆大於距離門檻值時,伺服器110判斷使用者行為與歷史使用者行為不相符,因此進一步發出認證請求。若使用者傳送正確的認證資訊並認證成功後,伺服器110可將此登入地點加入歷史登入地點中。In one embodiment, the user behavior includes login location. The server 110 can obtain positioning information of the electronic device 120 from a Global Positioning System (GPS) module of the electronic device 120. The server 110 can determine that the electronic device 120 has turned on the GPS function before allowing login, otherwise the user will be prompted to turn on the GPS function before logging in. When the distance difference between the login location and the multiple historical login locations of the corresponding account is greater than the distance threshold, the server 110 determines that the user behavior does not match the historical user behavior, and therefore further issues an authentication request. If the user sends correct authentication information and the authentication is successful, the server 110 may add this login location to the historical login location.

此外,伺服器110還可獲得對應登入地點的登入時間點及帳號前次登入伺服器110的前次登入時間點及前次登入地點,並計算前次登入時間點與登入時間點的時間差及對應前次登入地點及登入地點的最短交通時間。若時間差小於最短交通時間則伺服器110判斷使用者行為與歷史使用者行為不相符。也就是說,當伺服器110判斷不同時間的兩次登入地點有改變且兩次登入地點的距離並非現行交通方式可在時間差之內抵達,則伺服器110可直接發出警示訊息,並可暫停此帳號的所有功能。In addition, the server 110 can also obtain the login time point corresponding to the login location and the previous login time point and the previous login location of the account previous login server 110, and calculate the time difference and correspondence between the previous login time point and the login time point The last login location and the minimum travel time of the login location. If the time difference is less than the shortest traffic time, the server 110 determines that the user behavior does not match the historical user behavior. In other words, when the server 110 determines that the two login locations at different times have changed and the distance between the two login locations is not within the current transportation mode, the server 110 can directly issue a warning message and can suspend this All functions of the account.

在一實施例中,使用者行為包括登入時間。伺服器110取得帳號在登入時間登入伺服器110的登入區域(例如,國外)。若登入時間在登入區域的預定時段(例如,國外的凌晨零時到凌晨六時)中,則伺服器110判斷使用者行為與歷史使用者行為不相符。In one embodiment, user behavior includes login time. The server 110 obtains an account to log in to the login area of the server 110 at the login time (for example, abroad). If the login time is within a predetermined period of time in the login area (for example, 0AM to 6AM in foreign countries), the server 110 determines that the user behavior does not match the historical user behavior.

在一實施例中,使用者行為包括帳號登入伺服器110後的使用者資料變更操作。當帳號執行使用者資料變更操作前並未接收到伺服器110的推播提醒,則伺服器110判斷使用者行為與歷史使用者行為不相符。使用者資料變更操作包括密碼變更操作或手機號碼變更操作等。In one embodiment, the user behavior includes a user data change operation after the account is logged into the server 110. When the account does not receive the push notification from the server 110 before performing the user data change operation, the server 110 determines that the user behavior does not match the historical user behavior. User data change operations include password change operations or mobile phone number change operations.

在一實施例中,使用者行為包括交易金額。當本次交易金額比對應帳號的多個歷史交易金額都大於金額門檻值(例如,此帳號歷史交易金額都在十萬元以下,但本次交易金額為五十萬元),則伺服器110判斷使用者行為與歷史使用者行為不相符。In one embodiment, the user behavior includes the transaction amount. When the transaction amount of this transaction is greater than the threshold value of multiple historical transactions of the corresponding account (for example, the historical transaction amount of this account is below 100,000 yuan, but the transaction amount is 500,000 yuan), the server 110 It is judged that the user behavior is inconsistent with the historical user behavior.

綜上所述,本揭露的帳號盜用偵測系統對在使用者登入伺服器之後判斷使用者行為與歷史使用者行為是否相符。若伺服器判斷使用者行為與歷史使用者行為不相符,伺服器會進行認證程序並要求使用者在預定時間間隔內完成認證。若使用者完成認證,則伺服器可將新的使用者行為加入此帳號的歷史使用者行為中,以更新歷史使用者行為。In summary, the disclosed account theft detection system determines whether the user behavior is consistent with the historical user behavior after the user logs in to the server. If the server determines that the user's behavior does not match the historical user's behavior, the server will perform the authentication process and require the user to complete the authentication within a predetermined time interval. If the user completes the authentication, the server can add the new user behavior to the historical user behavior of this account to update the historical user behavior.

雖然本揭露已以實施例揭露如上,然其並非用以限定本揭露,任何所屬技術領域中具有通常知識者,在不脫離本揭露的精神和範圍內,當可作些許的更動與潤飾,故本揭露的保護範圍當視後附的申請專利範圍所界定者為準。Although this disclosure has been disclosed as above with examples, it is not intended to limit this disclosure. Anyone who has ordinary knowledge in the technical field should make some changes and retouching without departing from the spirit and scope of this disclosure. The scope of protection disclosed in this disclosure shall be subject to the scope defined in the appended patent application.

100‧‧‧帳號盜用偵測系統 110‧‧‧伺服器 120‧‧‧電子裝置 100‧‧‧Account theft detection system 110‧‧‧Server 120‧‧‧Electronic device

圖1為根據本揭露一實施例的帳號盜用偵測系統的方塊圖。FIG. 1 is a block diagram of an account theft detection system according to an embodiment of the present disclosure.

100‧‧‧帳號盜用偵測系統 100‧‧‧Account theft detection system

110‧‧‧伺服器 110‧‧‧Server

120‧‧‧電子裝置 120‧‧‧Electronic device

Claims (10)

一種帳號盜用偵測系統,包括: 一伺服器;以及 一電子裝置,耦接到該伺服器,其中 該電子裝置透過一帳號登入該伺服器,且該伺服器偵測該帳號登入該伺服器後的一使用者行為, 該伺服器搜尋對應該帳號的一歷史使用者行為,並判斷該使用者行為與該歷史使用者行為是否相符, 當該伺服器判斷該使用者行為與該歷史使用者行為不相符時,該伺服器傳送一認證請求到該電子裝置,並在送出該認證請求後的一預定時間間隔內從該電子裝置接收對應該認證請求的一認證資訊, 若該認證資訊符合對應該帳號的一預設認證資訊,則該伺服器將該使用者行為加入對應該帳號的該歷史使用者行為中。 An account theft detection system, including: A server; and An electronic device coupled to the server, wherein The electronic device logs into the server through an account, and the server detects a user behavior after the account logs into the server, The server searches for a historical user behavior corresponding to the account and determines whether the user behavior matches the historical user behavior, When the server judges that the user behavior does not match the historical user behavior, the server sends an authentication request to the electronic device, and receives the pair from the electronic device within a predetermined time interval after sending the authentication request A piece of authentication information that should be requested for authentication, If the authentication information matches the default authentication information corresponding to the account, the server adds the user behavior to the historical user behavior corresponding to the account. 如申請專利範圍第1項所述的帳號盜用偵測系統,其中當該伺服器並未在該預定時間間隔內從該電子裝置接收該認證資訊或該認證資訊不符合對應該帳號的該預設認證資訊時,該伺服器產生對應該帳號的一警示訊息。The account theft detection system as described in item 1 of the patent application scope, wherein when the server does not receive the authentication information from the electronic device within the predetermined time interval or the authentication information does not meet the preset corresponding to the account During authentication, the server generates a warning message corresponding to the account. 如申請專利範圍第1項所述的帳號盜用偵測系統,其中該使用者行為包括一裝置識別碼、一登入地點、一登入時間、一使用者資料變更操作及一交易金額的至少其中之一。The account theft detection system as described in item 1 of the patent application scope, wherein the user behavior includes at least one of a device identification code, a login location, a login time, a user data change operation, and a transaction amount . 如申請專利範圍第1項所述的帳號盜用偵測系統,其中該認證資訊包括一認證碼及一生物特徵的至少其中之一。The account theft detection system as described in item 1 of the patent application scope, wherein the authentication information includes at least one of an authentication code and a biological feature. 如申請專利範圍第1項所述的帳號盜用偵測系統,其中該使用者行為包括該電子裝置的一裝置識別碼,當該裝置識別碼與對應該帳號的一預設裝置識別碼不同時,該伺服器判斷該使用者行為與該歷史使用者行為不相符,其中該裝置識別碼包括一國際行動裝置辨識碼。The account theft detection system as described in item 1 of the patent application scope, wherein the user behavior includes a device identification code of the electronic device, when the device identification code is different from a default device identification code corresponding to the account, The server determines that the user behavior does not match the historical user behavior, where the device identification code includes an international mobile device identification code. 如申請專利範圍第1項所述的帳號盜用偵測系統,其中該使用者行為包括一登入地點,當該登入地點與對應該帳號的多個歷史登入地點的一距離差異皆大於一距離門檻值時,該伺服器判斷該使用者行為與該歷史使用者行為不相符。The account theft detection system as described in item 1 of the patent application scope, wherein the user behavior includes a login location, when the distance between the login location and the multiple historical login locations corresponding to the account is greater than a distance threshold At this time, the server determines that the user behavior does not match the historical user behavior. 如申請專利範圍第6項所述的帳號盜用偵測系統,其中該伺服器獲得對應該登入地點的一登入時間點及該帳號前次登入該伺服器的一前次登入時間點及一前次登入地點,並計算該前次登入時間點與該登入時間點的一時間差及對應該前次登入地點及該登入地點的一最短交通時間,若該時間差小於該最短交通時間則該伺服器判斷該使用者行為與該歷史使用者行為不相符。An account theft detection system as described in item 6 of the patent application scope, wherein the server obtains a login time point corresponding to the login location and a previous login time point and a previous time of the previous login of the account to the server The login location, and calculate a time difference between the previous login time point and the login time point and a shortest traffic time corresponding to the previous login point and the login location, if the time difference is less than the shortest traffic time, the server determines the The user behavior does not match the historical user behavior. 如申請專利範圍第1項所述的帳號盜用偵測系統,其中該使用者行為包括一登入時間,該伺服器取得該帳號在該登入時間登入該伺服器的一登入區域,若該登入時間在該登入區域的一預定時段中,則該伺服器判斷該使用者行為與該歷史使用者行為不相符。The account theft detection system as described in item 1 of the patent application scope, wherein the user behavior includes a login time, the server obtains a login area where the account is logged into the server at the login time, if the login time is During a predetermined period of time in the login area, the server determines that the user behavior does not match the historical user behavior. 如申請專利範圍第1項所述的帳號盜用偵測系統,其中該使用者行為包括該帳號登入該伺服器後的一使用者資料變更操作,當該帳號執行該使用者資料變更操作前並未接收到該伺服器的一推播提醒,則該伺服器判斷該使用者行為與該歷史使用者行為不相符,其中該使用者資料變更操作包括密碼變更操作或手機號碼變更操作。The account theft detection system as described in item 1 of the patent application scope, wherein the user behavior includes a user data change operation after the account is logged into the server, but the account does not perform the user data change operation before Receiving a push notification from the server, the server determines that the user behavior does not match the historical user behavior. The user data change operation includes a password change operation or a mobile phone number change operation. 如申請專利範圍第1項所述的帳號盜用偵測系統,其中該使用者行為包括一交易金額,當該交易金額大於對應該帳號的多個歷史交易金額一金額門檻值,則該伺服器判斷該使用者行為與該歷史使用者行為不相符。The account fraud detection system as described in item 1 of the patent application scope, wherein the user behavior includes a transaction amount, and when the transaction amount is greater than the threshold value of multiple historical transaction amounts corresponding to the account, the server determines The user behavior does not match the historical user behavior.
TW108215263U 2019-11-18 2019-11-18 Account stealing detection system TWM590732U (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW108215263U TWM590732U (en) 2019-11-18 2019-11-18 Account stealing detection system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW108215263U TWM590732U (en) 2019-11-18 2019-11-18 Account stealing detection system

Publications (1)

Publication Number Publication Date
TWM590732U true TWM590732U (en) 2020-02-11

Family

ID=70414724

Family Applications (1)

Application Number Title Priority Date Filing Date
TW108215263U TWM590732U (en) 2019-11-18 2019-11-18 Account stealing detection system

Country Status (1)

Country Link
TW (1) TWM590732U (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI728557B (en) * 2019-11-18 2021-05-21 兆豐國際商業銀行股份有限公司 Account stealing detection system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI728557B (en) * 2019-11-18 2021-05-21 兆豐國際商業銀行股份有限公司 Account stealing detection system

Similar Documents

Publication Publication Date Title
US11669338B2 (en) Device locator disable authentication
US8412158B2 (en) Mobile device having increased security that is less obtrusive
US8286227B1 (en) Enhanced multi-factor authentication
CN108780475B (en) Personalized inference authentication for virtual assistance
US10419427B2 (en) Authenticating identity for password changes
US9875347B2 (en) System and method for performing authentication using data analytics
CN109076067B (en) System and method for authenticating a user for secure data access using a multiparty authentication system
EP2130357B1 (en) Method for tracking credit card fraud
US9852416B2 (en) System and method for authorizing a payment transaction
US10148692B2 (en) Aggregation of asynchronous trust outcomes in a mobile device
US20200279263A1 (en) System and method for processing a payment transaction based on point-of-sale device and user device locations
US11978053B2 (en) Systems and methods for estimating authenticity of local network of device initiating remote transaction
US11341223B1 (en) Wearable computing device secure access badge
US20190279212A1 (en) Using location paths of user-possessed devices to increase transaction security
US11381576B2 (en) Multi-factor authentication
US11855976B2 (en) Utilizing behavioral features to authenticate a user entering login credentials
US20240007476A1 (en) Multi-factor authentication using confidant verification of user identity
US20150373051A1 (en) Dynamic authentication using distributed mobile sensors
CA3228679A1 (en) Systems and methods for continuous user authentication
TWM590732U (en) Account stealing detection system
US9300661B1 (en) Method, apparatus, and computer program product for determining whether to suspend authentication by an authentication device
WO2018166142A1 (en) Authentication processing method and apparatus
TWI728557B (en) Account stealing detection system
US20230252476A1 (en) Computationally efficient theft detection
US20230342748A1 (en) Enhanced credential security based on a usage status of a wearable device