TWM590732U - Account stealing detection system - Google Patents
Account stealing detection system Download PDFInfo
- Publication number
- TWM590732U TWM590732U TW108215263U TW108215263U TWM590732U TW M590732 U TWM590732 U TW M590732U TW 108215263 U TW108215263 U TW 108215263U TW 108215263 U TW108215263 U TW 108215263U TW M590732 U TWM590732 U TW M590732U
- Authority
- TW
- Taiwan
- Prior art keywords
- user behavior
- server
- account
- login
- detection system
- Prior art date
Links
Images
Landscapes
- Alarm Systems (AREA)
Abstract
Description
本揭露是有關於一種異常狀態偵測系統,且特別是有關於一種帳號盜用偵測系統。This disclosure relates to an abnormal state detection system, and in particular to an account theft detection system.
隨著科技的發展,現在利用智慧型手機登入行動銀行以進行金融相關操作的使用者越來越多。雖然行動銀行提供了一個方便的介面給使用者進行金融相關操作,但使用者帳號遭到盜用的情況也層出不窮。因此,如何防止使用者帳號被不肖人士盜用是本領域技術人員應致力的目標。With the development of technology, more and more users are now using smartphones to log in to mobile banks for financial-related operations. Although Mobile Banking provides a convenient interface for users to perform financial-related operations, there are endless cases of user accounts being stolen. Therefore, how to prevent user accounts from being misappropriated by unscrupulous persons is the goal of those skilled in the art.
有鑑於此,本揭露提供一種盜用偵測系統,能在發現異常登入時發出警示訊息。In view of this, the present disclosure provides a theft detection system that can issue a warning message when an abnormal login is found.
本揭露提出一種帳號盜用偵測系統,包括:伺服器;以及電子裝置,耦接到伺服器。電子裝置透過帳號登入伺服器,且伺服器偵測帳號登入伺服器後的使用者行為。伺服器搜尋對應帳號的歷史使用者行為,並判斷使用者行為與歷史使用者行為是否相符。當伺服器判斷使用者行為與歷史使用者行為不相符時,伺服器傳送認證請求到電子裝置,並在送出認證請求後的預定時間間隔內從電子裝置接收對應認證請求的認證資訊。若認證資訊符合對應帳號的預設認證資訊,則伺服器將使用者行為加入對應帳號的歷史使用者行為中。The present disclosure proposes an account fraud detection system, including: a server; and an electronic device, coupled to the server. The electronic device logs into the server through the account, and the server detects the user behavior after the account logs into the server. The server searches the historical user behavior of the corresponding account and determines whether the user behavior is consistent with the historical user behavior. When the server determines that the user behavior does not match the historical user behavior, the server sends an authentication request to the electronic device, and receives authentication information corresponding to the authentication request from the electronic device within a predetermined time interval after sending the authentication request. If the authentication information matches the default authentication information of the corresponding account, the server adds the user behavior to the historical user behavior of the corresponding account.
基於上述,本揭露的帳號盜用偵測系統對在使用者登入伺服器之後判斷使用者行為與歷史使用者行為是否相符。若伺服器判斷使用者行為與歷史使用者行為不相符,伺服器會進行認證程序並要求使用者在預定時間間隔內完成認證。若使用者完成認證,則伺服器可將新的使用者行為加入此帳號的歷史使用者行為中,以更新歷史使用者行為。Based on the above, the disclosed account theft detection system determines whether the user behavior is consistent with the historical user behavior after the user logs in to the server. If the server determines that the user's behavior does not match the historical user's behavior, the server will perform the authentication process and require the user to complete the authentication within a predetermined time interval. If the user completes the authentication, the server can add the new user behavior to the historical user behavior of this account to update the historical user behavior.
為讓本揭露的上述特徵和優點能更明顯易懂,下文特舉實施例,並配合所附圖式作詳細說明如下。In order to make the above-mentioned features and advantages of the present disclosure more comprehensible, the embodiments are specifically described below and described in detail in conjunction with the accompanying drawings.
圖1為根據本揭露一實施例的帳號盜用偵測系統的方塊圖。FIG. 1 is a block diagram of an account theft detection system according to an embodiment of the present disclosure.
請參照圖1,本揭露一實施例的帳號盜用偵測系統100包括伺服器110及電子裝置120。電子裝置120透過有線或無線通訊耦接到伺服器110。伺服器110例如是銀行伺服器,且電子裝置120例如是使用者的智慧型手機、平板電腦、個人電腦或其他類似裝置。使用者可利用電子裝置120登入伺服器110來進行各種操作。Referring to FIG. 1, an account
在一實施例中,使用者利用電子裝置120透過帳號登入伺服器110進行金融相關操作、瀏覽操作或其他操作,且伺服器110偵測帳號登入伺服器110後的使用者行為。使用者行為包括使用者登入相關資訊及使用者登入伺服器110後的各種操作。伺服器110搜尋對應帳號的歷史使用者行為,並判斷使用者行為與歷史使用者行為是否相符。當伺服器110判斷使用者行為與歷史使用者行為不相符時,伺服器110傳送認證請求到電子裝置120以要求使用者輸入認證碼及生物特徵(例如,指紋、聲紋、虹膜、靜脈資訊)或其他認證資料,並在送出認證請求後的預定時間間隔(例如,五分鐘)內從電子裝置120接收對應認證請求認證資訊。若認證資訊符合對應帳號的預設認證資訊,則伺服器110將使用者行為加入對應帳號的歷史使用者行為中。如此一來,認證成功的新的使用者行為會被更新到歷史使用者行為中,使得之後伺服器110判斷使用者帳號是否被盜用可以更加精確。In one embodiment, the user uses the
另一方面,當伺服器110並未在預定時間間隔內從電子裝置120接收認證資訊或認證資訊不符合對應帳號的預設認證資訊時,伺服器110產生對應帳號的警示訊息。On the other hand, when the
在一實施例中,使用者行為包括電子裝置120的裝置識別碼。裝置識別碼例如是國際行動裝置辨識碼(International Mobile Equipment Identity,IMEI)。當裝置識別碼與對應帳號的預設裝置識別碼不同時,伺服器110判斷使用者行為與歷史使用者行為不相符。若使用者本人利用另一電子裝置(例如,新手機)登入伺服器110並認證成功後,伺服器110會將使用者新手機的裝置識別碼加入歷史使用者行為中,因此不會在使用者用新手機再次登入時產生警示訊息。In one embodiment, the user behavior includes the device identification code of the
在一實施例中,使用者行為包括登入地點。伺服器110可從電子裝置120的全球定位系統(Global Positioning System,GPS)模組獲得電子裝置120的定位資訊。伺服器110可判斷電子裝置120已開啟GPS功能才允許登入,否則會提示使用者先開啟GPS功能再進行登入。當登入地點與對應帳號的多個歷史登入地點的距離差異皆大於距離門檻值時,伺服器110判斷使用者行為與歷史使用者行為不相符,因此進一步發出認證請求。若使用者傳送正確的認證資訊並認證成功後,伺服器110可將此登入地點加入歷史登入地點中。In one embodiment, the user behavior includes login location. The
此外,伺服器110還可獲得對應登入地點的登入時間點及帳號前次登入伺服器110的前次登入時間點及前次登入地點,並計算前次登入時間點與登入時間點的時間差及對應前次登入地點及登入地點的最短交通時間。若時間差小於最短交通時間則伺服器110判斷使用者行為與歷史使用者行為不相符。也就是說,當伺服器110判斷不同時間的兩次登入地點有改變且兩次登入地點的距離並非現行交通方式可在時間差之內抵達,則伺服器110可直接發出警示訊息,並可暫停此帳號的所有功能。In addition, the
在一實施例中,使用者行為包括登入時間。伺服器110取得帳號在登入時間登入伺服器110的登入區域(例如,國外)。若登入時間在登入區域的預定時段(例如,國外的凌晨零時到凌晨六時)中,則伺服器110判斷使用者行為與歷史使用者行為不相符。In one embodiment, user behavior includes login time. The
在一實施例中,使用者行為包括帳號登入伺服器110後的使用者資料變更操作。當帳號執行使用者資料變更操作前並未接收到伺服器110的推播提醒,則伺服器110判斷使用者行為與歷史使用者行為不相符。使用者資料變更操作包括密碼變更操作或手機號碼變更操作等。In one embodiment, the user behavior includes a user data change operation after the account is logged into the
在一實施例中,使用者行為包括交易金額。當本次交易金額比對應帳號的多個歷史交易金額都大於金額門檻值(例如,此帳號歷史交易金額都在十萬元以下,但本次交易金額為五十萬元),則伺服器110判斷使用者行為與歷史使用者行為不相符。In one embodiment, the user behavior includes the transaction amount. When the transaction amount of this transaction is greater than the threshold value of multiple historical transactions of the corresponding account (for example, the historical transaction amount of this account is below 100,000 yuan, but the transaction amount is 500,000 yuan), the
綜上所述,本揭露的帳號盜用偵測系統對在使用者登入伺服器之後判斷使用者行為與歷史使用者行為是否相符。若伺服器判斷使用者行為與歷史使用者行為不相符,伺服器會進行認證程序並要求使用者在預定時間間隔內完成認證。若使用者完成認證,則伺服器可將新的使用者行為加入此帳號的歷史使用者行為中,以更新歷史使用者行為。In summary, the disclosed account theft detection system determines whether the user behavior is consistent with the historical user behavior after the user logs in to the server. If the server determines that the user's behavior does not match the historical user's behavior, the server will perform the authentication process and require the user to complete the authentication within a predetermined time interval. If the user completes the authentication, the server can add the new user behavior to the historical user behavior of this account to update the historical user behavior.
雖然本揭露已以實施例揭露如上,然其並非用以限定本揭露,任何所屬技術領域中具有通常知識者,在不脫離本揭露的精神和範圍內,當可作些許的更動與潤飾,故本揭露的保護範圍當視後附的申請專利範圍所界定者為準。Although this disclosure has been disclosed as above with examples, it is not intended to limit this disclosure. Anyone who has ordinary knowledge in the technical field should make some changes and retouching without departing from the spirit and scope of this disclosure. The scope of protection disclosed in this disclosure shall be subject to the scope defined in the appended patent application.
100‧‧‧帳號盜用偵測系統
110‧‧‧伺服器
120‧‧‧電子裝置
100‧‧‧Account
圖1為根據本揭露一實施例的帳號盜用偵測系統的方塊圖。FIG. 1 is a block diagram of an account theft detection system according to an embodiment of the present disclosure.
100‧‧‧帳號盜用偵測系統 100‧‧‧Account theft detection system
110‧‧‧伺服器 110‧‧‧Server
120‧‧‧電子裝置 120‧‧‧Electronic device
Claims (10)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW108215263U TWM590732U (en) | 2019-11-18 | 2019-11-18 | Account stealing detection system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
TW108215263U TWM590732U (en) | 2019-11-18 | 2019-11-18 | Account stealing detection system |
Publications (1)
Publication Number | Publication Date |
---|---|
TWM590732U true TWM590732U (en) | 2020-02-11 |
Family
ID=70414724
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
TW108215263U TWM590732U (en) | 2019-11-18 | 2019-11-18 | Account stealing detection system |
Country Status (1)
Country | Link |
---|---|
TW (1) | TWM590732U (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI728557B (en) * | 2019-11-18 | 2021-05-21 | 兆豐國際商業銀行股份有限公司 | Account stealing detection system |
-
2019
- 2019-11-18 TW TW108215263U patent/TWM590732U/en unknown
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
TWI728557B (en) * | 2019-11-18 | 2021-05-21 | 兆豐國際商業銀行股份有限公司 | Account stealing detection system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11669338B2 (en) | Device locator disable authentication | |
US8412158B2 (en) | Mobile device having increased security that is less obtrusive | |
US8286227B1 (en) | Enhanced multi-factor authentication | |
CN108780475B (en) | Personalized inference authentication for virtual assistance | |
US10419427B2 (en) | Authenticating identity for password changes | |
US9875347B2 (en) | System and method for performing authentication using data analytics | |
CN109076067B (en) | System and method for authenticating a user for secure data access using a multiparty authentication system | |
EP2130357B1 (en) | Method for tracking credit card fraud | |
US9852416B2 (en) | System and method for authorizing a payment transaction | |
US10148692B2 (en) | Aggregation of asynchronous trust outcomes in a mobile device | |
US20200279263A1 (en) | System and method for processing a payment transaction based on point-of-sale device and user device locations | |
US11978053B2 (en) | Systems and methods for estimating authenticity of local network of device initiating remote transaction | |
US11341223B1 (en) | Wearable computing device secure access badge | |
US20190279212A1 (en) | Using location paths of user-possessed devices to increase transaction security | |
US11381576B2 (en) | Multi-factor authentication | |
US11855976B2 (en) | Utilizing behavioral features to authenticate a user entering login credentials | |
US20240007476A1 (en) | Multi-factor authentication using confidant verification of user identity | |
US20150373051A1 (en) | Dynamic authentication using distributed mobile sensors | |
CA3228679A1 (en) | Systems and methods for continuous user authentication | |
TWM590732U (en) | Account stealing detection system | |
US9300661B1 (en) | Method, apparatus, and computer program product for determining whether to suspend authentication by an authentication device | |
WO2018166142A1 (en) | Authentication processing method and apparatus | |
TWI728557B (en) | Account stealing detection system | |
US20230252476A1 (en) | Computationally efficient theft detection | |
US20230342748A1 (en) | Enhanced credential security based on a usage status of a wearable device |