WO2007100202A1 - Authentication system for online financial transactions and user terminal for authentication of online financial transactions - Google Patents

Authentication system for online financial transactions and user terminal for authentication of online financial transactions Download PDF

Info

Publication number
WO2007100202A1
WO2007100202A1 PCT/KR2007/000986 KR2007000986W WO2007100202A1 WO 2007100202 A1 WO2007100202 A1 WO 2007100202A1 KR 2007000986 W KR2007000986 W KR 2007000986W WO 2007100202 A1 WO2007100202 A1 WO 2007100202A1
Authority
WO
WIPO (PCT)
Prior art keywords
key
encryption
approval
terminal
financial
Prior art date
Application number
PCT/KR2007/000986
Other languages
French (fr)
Inventor
Byung-Sung Lee
Original Assignee
Mazetech
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mazetech filed Critical Mazetech
Publication of WO2007100202A1 publication Critical patent/WO2007100202A1/en

Links

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1016Devices or methods for securing the PIN and other transaction-data, e.g. by encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3829Payment protocols; Details thereof insuring higher security of transaction involving key management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance

Definitions

  • the present invention relates to an authentication system for electronic commerce and, more particularly, to an authentication system for online financial transactions and a user terminal for authentication of online financial transactions.
  • an authorized authentication key is required to be used to enhance the security of online financial transactions.
  • an encryption key is required to be entered through an encryption card or the like.
  • the present invention provides an authentication system for online financial transactions, which can ensure the security of online financial transactions.
  • the present invention further provides a user terminal which can ensure the security of online financial transactions.
  • Fig. 1 is an authentication system for online financial transactions over a communication network according to an exemplary embodiment of the present invention.
  • FIG. 2 is a block diagram of a financial terminal shown in FIG. 1.
  • FIG. 3 is a block diagram of a user terminal shown in FIG. 1.
  • Fig. 4 is a flow chart for explaining the operation of the authentication system shown in FTG. 1. Best Mode for Carrying Out the Invention
  • the present invention discloses an authentication system for online financial transactions over a communication network, including: a central management server which includes an approval-key generation unit to generate an approval key and an encryption-key generation unit to generate an encryption key from the approval key and a private password, controls online financial transactions, transmits the approval key to a user terminal over a wireless network, encrypts and decrypts data transmitted and received to and from a financial terminal using the encryption key; a user terminal which is connected to the central management server and a financial terminal over a wireless network, and includes an approval-key receiving unit to receive the approval key through the wireless network, an input unit to allow a user to input a private password, an encryption-key generation unit to generate an encryption key from the approval key and the private password, and a data transceiver unit to transmit the encryption key to a financial terminal over the wireless network; and a financial terminal to encrypt and decrypt data transmitted and received to and from the central management server using the encryption key transmitted from the user terminal.
  • the present invention also discloses a terminal for authentication of online financial transactions, including: a first communication unit to receive an approval key over a first communication network; a second communication unit to transmit an encryption key over a second communication network; an input unit to allow a user to input a private password; and an encryption-key generation unit to generate an encryption key from the approval key and the private password.
  • Fig. 1 is an authentication system for online financial transactions over a communication network according to an exemplary embodiment of the present invention.
  • the authentication system includes a central management server 10, a financial terminal 20, an approval-key transmission unit 30 and a user terminal 40.
  • the central management server 10 controls general online financial transactions.
  • the central management server 10 is linked, for example, to a main computer of a bank over a financial management network.
  • the central management server 10 conducts financial transactions with the financial terminal 20, and transmits transaction data to the main computer over the financial management network.
  • the central management server 10 refers to authentication information, such as ID and password, or account information of a user which is input through the financial terminal 20. When the user is a normal user, it generates an approval key for the normal user. The approval key is generated when an authentication procedure is performed, and is used once.
  • the central management server 10 may have an approval- key algorithm to generate an approval key, or receive an approval key from another approval-key generation unit. The central management server 10 stores therein the approval key, together with the authentication information, and transmits them to the approval-key transmission unit 30.
  • a user uses two kinds of passwords; one for user authentication that is conducted by the central management server 10 (hereinafter referred to as 'authentication password', and one for encryption of data that is transmitted between the central management server 10 and the financial terminal 20 (hereinafter referred to as 'private password').
  • the private password is assigned to a user on initial registration. Thereafter, the private password will not be transmitted between the central management server 10 and the financial terminal 20. An encryption procedure through the private password will be described in detail.
  • the central management server 10 includes an encryption/decryption unit to encrypt/ decrypt data which is transmitted and received to and from the financial terminal 20.
  • the encryption/decryption unit is made in software or in hardware.
  • the central management server 10 transmits the approval key and generates an encryption key from an authorized authentication key, an approval key and a private password.
  • the central management server 10 encrypts and decrypts the data by the encryption/ decryption unit using the encryption key. Any typical encryption/decryption unit may be used in the encryption/decryption procedure.
  • the financial terminal 20 enables a user to conduct online financial transactions.
  • the financial terminal 20 may be an automated teller machine (ATM) or a personal computer.
  • ATM automated teller machine
  • VAN value- added network
  • the financial terminal 20 is a personal computer, they are connected to each other over the Internet.
  • FIG. 2 is a block diagram of the financial terminal 20.
  • the financial terminal 20 includes a controller 21, a network interface 22, an encryption/decryption unit 23, a data transceiver unit 24, an input unit 25 and a monitor 26.
  • the controller 21 generally controls the financial terminal 20.
  • the network interface 21 generally controls the financial terminal 20.
  • the encryption/decryption unit 23 encrypts data to be transmitted to the central management server 10 and decrypts data received from the central management server 10.
  • the encryption/decryption unit 23 uses an encryption key to encrypt and decrypt the data, in which the encryption key is provided from the controller 21.
  • the encryption/decryption unit 23 is made in software or in hardware.
  • the data transceiver unit 24 exchanges data with a user terminal 40.
  • the financial terminal 20 and the user terminal 40 exchanges data with each other through a radio frequency (RF) signal.
  • the data transceiver unit 24 converts an electrical data signal received from the controller 21 into an RF signal, and transmits the RF signal over an antenna.
  • the RF signal from the user terminal 40 is converted to an electrical signal and provided to the controller 21.
  • the communication between the financial terminal 20 and the user terminal 40 may be made with an infrared signal or in a wireless or wired data communication manner.
  • the input unit 25 enables a user to input authentication information, such as ID and password, and other transaction information.
  • the monitor 26 displays state information or transaction information to the user.
  • the approval-key transmission unit 30 receives approval-key information from the central management server 10 and transmits it to the user terminal 40.
  • the approval- key transmission unit 30 is connected to the central management server 10, for example, over a local area network (LAN), and to the user terminal 40 over a wireless communication network.
  • the approval-key transmission unit 30 is a short message service (SMS) unit which receives the approval key from the central management server 10 and transmits it to the user terminal 40 in a text message.
  • SMS short message service
  • the user terminal 40 may be one used only for the above-mentioned financial transactions, or an existing mobile communication terminal.
  • Fig. 3 is a block diagram of the user terminal 40.
  • the user terminal 40 includes a controller 41, a network interface 42, an input unit 43, an encryption-key generation unit 44, a data transceiver unit 45 and a monitor 46.
  • the controller 41 generally controls the user terminal 40.
  • the network interface 42 provides an interface between the user terminal 40 and a communication network.
  • the network interface 42 provides an interface between the user terminal 40 and the mobile communication network.
  • the input unit 43 includes, for example, a 10-key keypad.
  • the input unit 43 enables a user to input a private password.
  • the encryption-key generation unit 44 generates an encryption key by combining an approval key, which is received through the network interface 42, and a private password, which is input through the input unit 43.
  • the encryption-key generation unit 44 may be made in software or in hardware. Any typical encryption-key generation unit may be used in the encryption-key generation procedure.
  • the data transceiver unit 45 is one for wireless communication between the user terminal 40 and the financial terminal 20.
  • the data transceiver unit 45 converts encryption-key information, which is transmitted from the controller 41 to the financial terminal 20, into, for example, an RF signal, or converts an RF signal, which is received from the financial terminal 20, into an electrical signal and provides it to the controller 41.
  • any typical data transceiver unit may be used which allows infrared communication or other wireless or wired communication with the financial terminal 20.
  • the monitor 46 displays information to users.
  • Fig. 4 is a flow chart for explaining the operation of an authentication system according to an exemplary embodiment of the present invention.
  • the user accesses the central management server 10 through the financial terminal 20 and selects a desired financial transaction.
  • the central management server 10 requests the user to enter ID and authentication password through the financial terminal 20.
  • the central management server 10 may request the user to further enter information such as a user name or a bank account.
  • the user enters the authentication information according to a typical online financial transaction procedure.
  • the central management server 10 When the user enters information requested by the central management server 10 to log in, the central management server 10 conducts a typical authentication procedure to determine whether or not the user is genuine.
  • the central management server 10 When the user is determined to be genuine, the central management server 10 generates an approval key for a current financial transaction.
  • the approval key together with user information, is stored and transmitted to the approval-key transmission unit 30.
  • the user information includes an access number of the user terminal 40.
  • the approval-key transmission unit 30 transmits the approval-key information received from the central management server 10 to the user terminal 40 over the wireless communication network.
  • the controller 41 when the user terminal 40 receives the approval-key information through the network interface 42, the controller 41 outputs on the monitor 46 a message to enter a private password.
  • the controller 41 provides both the approval key information received through the network interface 42 and the private password entered through the input unit 43 to the encryption-key generation unit 44, and drives the encryption-key generation unit 44 to generate an encryption key.
  • the controller 41 transmits the encryption key to the financial terminal 20 through the data transceiver unit 45.
  • the encryption key may be automatically transmitted or selectively transmitted by the input unit 43.
  • the central management server 10 transmits the approval key through the approval- key transmission unit 30, and generates an encryption key in the same manner as the user terminal 40.
  • the financial terminal 20 when the financial terminal 20 receives the encryption key through the data transceiver unit 24, it notifies the central management server 10 that the encryption key has been received.
  • the financial terminal 20 uses the encryption key received from the user terminal 40 to initialize the encryption/decryption unit 23.
  • the central management server 10 receives from the financial terminal 20 a message indicating that the encryption key has been received, it uses the encryption key to initialize an encryption/decryption unit. Subsequently, the central management server 10 and the financial terminal 20 encrypt data with the encryption key and make communications .
  • the central management server 10 transmits the approval key to the user terminal 40 and is not acknowledged by the financial terminal 20 in a predetermined time that the encryption key has been received, the central management server 10 determines that the current financial transaction is not normal, and initializes the current financial transaction.
  • the central management server 10 and the financial terminal 20 individually generate an encryption key.
  • a private password which is not transmitted through a network, is used between the central management server 10 and the financial terminal 20.
  • the central management server 10 and the financial terminal 20 encrypt and decrypt information which is transmitted with the encryption key.
  • the third party cannot recognize the information. Therefore, it is possible to greatly enhance the security of financial transactions.
  • the user terminal 40 generates and provides an encryption key to the financial terminal 20.
  • the user terminal 40 may store an authorized authentication key for a current financial transaction, and provide an encryption key, together with the authorized authentication key, to the financial terminal 20.
  • the 40 and the central management server 10 may generate an encryption key by combining the approval key, authorized authentication key, and private password.
  • the present invention can efficiently be applied to an authentication system for online financial transactions, which can ensure the security of online financial transactions, and a user terminal which can ensure the security of online financial transactions.

Abstract

An authentication system for online financial transactions over a communication network is provided, including a central management server which has an approval-key generation unit and an encryption-key generation unit, controls online financial transactions, transmits the approval key to a user terminal over a wireless network, encrypts and decrypts data transmitted and received to and from a financial terminal using the encryption key, a user terminal which is connected to the central management server and a financial terminal over a wireless network, and includes an approval-key receiving unit, an input unit to input a private password, an encryption-key generation unit to generate an encryption key from the approval key and the private password, and a data transceiver unit to transmit the encryption key to a financial terminal, and a financial terminal to encrypt and decrypt data transmitted and received to and from the central management server using the encryption key.

Description

Description AUTHENTICATION SYSTEM FOR ONLINE FINANCIAL
TRANSACTIONS AND USER TERMINAL FOR AUTHENTICATION OF ONLINE FINANCIAL TRANSACTIONS
Technical Field
[1] The present invention relates to an authentication system for electronic commerce and, more particularly, to an authentication system for online financial transactions and a user terminal for authentication of online financial transactions. Background Art
[2] The development of advanced communications technology has enabled users to conduct various kinds of electronic commercial transactions over the Internet and other networks. Most of the electronic commercial transactions involve financial transactions that are conducted online. Examples of the online financial transactions include a simple financial settlement, a wire transfer through a financial computer network, and cash withdrawal, deposit and transfer through a value-added network (VAN) and a financial computer network, such as an automatic teller machine (ATM).
[3] In general, an authorized authentication key is required to be used to enhance the security of online financial transactions. Besides, an encryption key is required to be entered through an encryption card or the like.
[4] Recently, there have been developed and widely used methods for enhancing the security of online financial transactions using a mobile communication terminal. Such methods are disclosed in Korean Patent Application Nos. 2001-81122, 2004-75159 and 2003-89125.
[5] However, the above-mentioned methods cannot offer a full guarantee for the security of online financial transactions since information concerning authentication and encryption is transferred from user terminals over networks.
[6] Therefore, methods for ensuring the security of online financial transactions are demanded.
Disclosure of Invention Technical Solution
[7] The present invention provides an authentication system for online financial transactions, which can ensure the security of online financial transactions.
[8] The present invention further provides a user terminal which can ensure the security of online financial transactions.
[9] Additional features of the invention will be set forth in the description which follows, and in part will be apparent from the description, or may be learned by practice of the invention.
Advantageous Effects
[10] It is possible to provide an authentication system for online financial transactions over a communication network which can greatly enhance the security of online financial transactions, and a user terminal therefor. Brief Description of the Drawings
[11] The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention, and together with the description serve to explain the principles of the invention.
[12] Fig. 1 is an authentication system for online financial transactions over a communication network according to an exemplary embodiment of the present invention.
[13] Fig. 2 is a block diagram of a financial terminal shown in FIG. 1.
[14] Fig. 3 is a block diagram of a user terminal shown in FIG. 1.
[15] Fig. 4 is a flow chart for explaining the operation of the authentication system shown in FTG. 1. Best Mode for Carrying Out the Invention
[16] The present invention discloses an authentication system for online financial transactions over a communication network, including: a central management server which includes an approval-key generation unit to generate an approval key and an encryption-key generation unit to generate an encryption key from the approval key and a private password, controls online financial transactions, transmits the approval key to a user terminal over a wireless network, encrypts and decrypts data transmitted and received to and from a financial terminal using the encryption key; a user terminal which is connected to the central management server and a financial terminal over a wireless network, and includes an approval-key receiving unit to receive the approval key through the wireless network, an input unit to allow a user to input a private password, an encryption-key generation unit to generate an encryption key from the approval key and the private password, and a data transceiver unit to transmit the encryption key to a financial terminal over the wireless network; and a financial terminal to encrypt and decrypt data transmitted and received to and from the central management server using the encryption key transmitted from the user terminal.
[17] The present invention also discloses a terminal for authentication of online financial transactions, including: a first communication unit to receive an approval key over a first communication network; a second communication unit to transmit an encryption key over a second communication network; an input unit to allow a user to input a private password; and an encryption-key generation unit to generate an encryption key from the approval key and the private password.
[18] It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention as claimed. Mode for the Invention
[19] The invention is described more fully hereinafter with reference to the accompanying drawings, in which exemplary embodiments of the invention are shown. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure is thorough, and will fully convey the scope of the invention to those skilled in the art. In the drawings, the size and relative sizes of layers and regions may be exaggerated for clarity. Like reference numerals in the drawings denote like elements.
[20] It will be understood that when an element or layer is referred to as being "on" or
"connected to" another element or layer, it can be directly on or directly connected to the other element or layer, or intervening elements or layers may be present. In contrast, when an element is referred to as being "directly on" or "directly connected to" another element or layer, there are no intervening elements or layers present.
[21] Fig. 1 is an authentication system for online financial transactions over a communication network according to an exemplary embodiment of the present invention.
[22] The authentication system includes a central management server 10, a financial terminal 20, an approval-key transmission unit 30 and a user terminal 40.
[23] The central management server 10 controls general online financial transactions. The central management server 10 is linked, for example, to a main computer of a bank over a financial management network. The central management server 10 conducts financial transactions with the financial terminal 20, and transmits transaction data to the main computer over the financial management network.
[24] The central management server 10 refers to authentication information, such as ID and password, or account information of a user which is input through the financial terminal 20. When the user is a normal user, it generates an approval key for the normal user. The approval key is generated when an authentication procedure is performed, and is used once. The central management server 10 may have an approval- key algorithm to generate an approval key, or receive an approval key from another approval-key generation unit. The central management server 10 stores therein the approval key, together with the authentication information, and transmits them to the approval-key transmission unit 30. [25] According to an exemplary embodiment of the present invention, a user uses two kinds of passwords; one for user authentication that is conducted by the central management server 10 (hereinafter referred to as 'authentication password', and one for encryption of data that is transmitted between the central management server 10 and the financial terminal 20 (hereinafter referred to as 'private password'). The private password is assigned to a user on initial registration. Thereafter, the private password will not be transmitted between the central management server 10 and the financial terminal 20. An encryption procedure through the private password will be described in detail.
[26] The central management server 10 includes an encryption/decryption unit to encrypt/ decrypt data which is transmitted and received to and from the financial terminal 20. The encryption/decryption unit is made in software or in hardware. The central management server 10 transmits the approval key and generates an encryption key from an authorized authentication key, an approval key and a private password. The central management server 10 encrypts and decrypts the data by the encryption/ decryption unit using the encryption key. Any typical encryption/decryption unit may be used in the encryption/decryption procedure.
[27] The financial terminal 20 enables a user to conduct online financial transactions. The financial terminal 20 may be an automated teller machine (ATM) or a personal computer. When the financial terminal 20 is an ATM, the financial terminal 20 and the central management server 10 are connected to each other, for example, over a value- added network (VAN). When the financial terminal 20 is a personal computer, they are connected to each other over the Internet.
[28] Fig. 2 is a block diagram of the financial terminal 20.
[29] The financial terminal 20 includes a controller 21, a network interface 22, an encryption/decryption unit 23, a data transceiver unit 24, an input unit 25 and a monitor 26.
[30] The controller 21 generally controls the financial terminal 20. The network interface
22 provides an interface with the VAN or Internet. The encryption/decryption unit 23 encrypts data to be transmitted to the central management server 10 and decrypts data received from the central management server 10. The encryption/decryption unit 23 uses an encryption key to encrypt and decrypt the data, in which the encryption key is provided from the controller 21. The encryption/decryption unit 23 is made in software or in hardware.
[31] The data transceiver unit 24 exchanges data with a user terminal 40. The financial terminal 20 and the user terminal 40 exchanges data with each other through a radio frequency (RF) signal. The data transceiver unit 24 converts an electrical data signal received from the controller 21 into an RF signal, and transmits the RF signal over an antenna. The RF signal from the user terminal 40 is converted to an electrical signal and provided to the controller 21. The communication between the financial terminal 20 and the user terminal 40 may be made with an infrared signal or in a wireless or wired data communication manner.
[32] The input unit 25 enables a user to input authentication information, such as ID and password, and other transaction information. The monitor 26 displays state information or transaction information to the user.
[33] The approval-key transmission unit 30 receives approval-key information from the central management server 10 and transmits it to the user terminal 40. The approval- key transmission unit 30 is connected to the central management server 10, for example, over a local area network (LAN), and to the user terminal 40 over a wireless communication network. When the user terminal 40 is a mobile communication terminal, the approval-key transmission unit 30 is a short message service (SMS) unit which receives the approval key from the central management server 10 and transmits it to the user terminal 40 in a text message.
[34] The user terminal 40 may be one used only for the above-mentioned financial transactions, or an existing mobile communication terminal.
[35] Fig. 3 is a block diagram of the user terminal 40. The user terminal 40 includes a controller 41, a network interface 42, an input unit 43, an encryption-key generation unit 44, a data transceiver unit 45 and a monitor 46.
[36] The controller 41 generally controls the user terminal 40. The network interface 42 provides an interface between the user terminal 40 and a communication network. When the user terminal 40 is a mobile communication terminal, the network interface 42 provides an interface between the user terminal 40 and the mobile communication network.
[37] The input unit 43 includes, for example, a 10-key keypad. The input unit 43 enables a user to input a private password.
[38] The encryption-key generation unit 44 generates an encryption key by combining an approval key, which is received through the network interface 42, and a private password, which is input through the input unit 43. The encryption-key generation unit 44 may be made in software or in hardware. Any typical encryption-key generation unit may be used in the encryption-key generation procedure.
[39] The data transceiver unit 45 is one for wireless communication between the user terminal 40 and the financial terminal 20. The data transceiver unit 45 converts encryption-key information, which is transmitted from the controller 41 to the financial terminal 20, into, for example, an RF signal, or converts an RF signal, which is received from the financial terminal 20, into an electrical signal and provides it to the controller 41. In this case, any typical data transceiver unit may be used which allows infrared communication or other wireless or wired communication with the financial terminal 20.
[40] The monitor 46 displays information to users.
[41] Fig. 4 is a flow chart for explaining the operation of an authentication system according to an exemplary embodiment of the present invention.
[42] When a user conducts a financial transaction, the user accesses the central management server 10 through the financial terminal 20 and selects a desired financial transaction. The central management server 10 requests the user to enter ID and authentication password through the financial terminal 20. The central management server 10 may request the user to further enter information such as a user name or a bank account. The user enters the authentication information according to a typical online financial transaction procedure.
[43] When the user enters information requested by the central management server 10 to log in, the central management server 10 conducts a typical authentication procedure to determine whether or not the user is genuine.
[44] When the user is determined to be genuine, the central management server 10 generates an approval key for a current financial transaction. The approval key, together with user information, is stored and transmitted to the approval-key transmission unit 30. The user information includes an access number of the user terminal 40.
[45] The approval-key transmission unit 30 transmits the approval-key information received from the central management server 10 to the user terminal 40 over the wireless communication network.
[46] In Fig. 3, when the user terminal 40 receives the approval-key information through the network interface 42, the controller 41 outputs on the monitor 46 a message to enter a private password. When a user enters the private password through the input unit 43, the controller 41 provides both the approval key information received through the network interface 42 and the private password entered through the input unit 43 to the encryption-key generation unit 44, and drives the encryption-key generation unit 44 to generate an encryption key.
[47] The controller 41 transmits the encryption key to the financial terminal 20 through the data transceiver unit 45. The encryption key may be automatically transmitted or selectively transmitted by the input unit 43.
[48] The central management server 10 transmits the approval key through the approval- key transmission unit 30, and generates an encryption key in the same manner as the user terminal 40.
[49] Referring to Fig. 2, when the financial terminal 20 receives the encryption key through the data transceiver unit 24, it notifies the central management server 10 that the encryption key has been received. The financial terminal 20 uses the encryption key received from the user terminal 40 to initialize the encryption/decryption unit 23. When the central management server 10 receives from the financial terminal 20 a message indicating that the encryption key has been received, it uses the encryption key to initialize an encryption/decryption unit. Subsequently, the central management server 10 and the financial terminal 20 encrypt data with the encryption key and make communications .
[50] When the central management server 10 transmits the approval key to the user terminal 40 and is not acknowledged by the financial terminal 20 in a predetermined time that the encryption key has been received, the central management server 10 determines that the current financial transaction is not normal, and initializes the current financial transaction.
[51] In the above-mentioned exemplary embodiment, the central management server 10 and the financial terminal 20 individually generate an encryption key. When the encryption key is generated, a private password, which is not transmitted through a network, is used between the central management server 10 and the financial terminal 20. The central management server 10 and the financial terminal 20 encrypt and decrypt information which is transmitted with the encryption key. Thus, even though a third party has intentionally obtained information transmitted between the central management server 10 and the financial terminal 20, the third party cannot recognize the information. Therefore, it is possible to greatly enhance the security of financial transactions.
[52] In the present embodiment of the invention, the user terminal 40 generates and provides an encryption key to the financial terminal 20. However, the user terminal 40 may store an authorized authentication key for a current financial transaction, and provide an encryption key, together with the authorized authentication key, to the financial terminal 20.
[53] As a result, the user can conduct a secure financial transaction only with the user terminal 40.
[54] When the user terminal 40 stores the authorized authentication key, the user terminal
40 and the central management server 10 may generate an encryption key by combining the approval key, authorized authentication key, and private password.
[55] It will be apparent to those skilled in the art that various modifications and variation can be made in the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention cover the modifications and variations of this invention provided they come within the scope of the appended claims and their equivalents. Industrial Applicability
[56] The present invention can efficiently be applied to an authentication system for online financial transactions, which can ensure the security of online financial transactions, and a user terminal which can ensure the security of online financial transactions.

Claims

Claims
[1] An authentication system for online financial transactions over a communication network, comprising: a central management server which comprises an approval-key generation unit to generate an approval key and an encryption-key generation unit to generate an encryption key from the approval key and a private password, controls online financial transactions, transmits the approval key to a user terminal over a wireless network, encrypts and decrypts data transmitted and received to and from a financial terminal using the encryption key; a user terminal which is connected to the central management server and a financial terminal over a wireless network, and comprises an approval-key receiving unit to receive the approval key through the wireless network, an input unit to allow a user to input a private password, an encryption-key generation unit to generate an encryption key from the approval key and the private password, and a data transceiver unit to transmit the encryption key to a financial terminal over the wireless network; and a financial terminal to encrypt and decrypt data transmitted and received to and from the central management server using the encryption key transmitted from the user terminal.
[2] The authentication system of claim 1, wherein the user terminal and the financial terminal transmit and receive an encryption key to and from each other over a wireless network.
[3] The authentication system of claim 1, wherein the user terminal further comprises a storage unit to store an authorized authentication key, and the authorized authentication key is provided, together with an encryption key, to the financial terminal.
[4] A terminal for authentication of online financial transactions, comprising: a first communication unit to receive an approval key over a first communication network; a second communication unit to transmit an encryption key over a second communication network; an input unit to allow a user to input a private password; and an encryption-key generation unit to generate an encryption key from the approval key and the private password.
[5] The terminal of claim 4, further comprising an authorized authentication-key storage unit to store an authorized authentication key.
PCT/KR2007/000986 2006-02-28 2007-02-27 Authentication system for online financial transactions and user terminal for authentication of online financial transactions WO2007100202A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
KR10-2006-0019452 2006-02-28
KR1020060019452A KR100792163B1 (en) 2006-02-28 2006-02-28 Authentication system for on-line banking, and user terminal for the same

Publications (1)

Publication Number Publication Date
WO2007100202A1 true WO2007100202A1 (en) 2007-09-07

Family

ID=38459272

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2007/000986 WO2007100202A1 (en) 2006-02-28 2007-02-27 Authentication system for online financial transactions and user terminal for authentication of online financial transactions

Country Status (3)

Country Link
KR (1) KR100792163B1 (en)
CN (1) CN101390115A (en)
WO (1) WO2007100202A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140019366A1 (en) * 2011-03-31 2014-01-16 Infosys Limited Method and a system for securing financial transaction

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101635075B (en) * 2009-05-31 2013-08-14 飞天诚信科技股份有限公司 Trading method and trading system
CN104751364B (en) * 2013-12-30 2018-11-16 上海方付通商务服务有限公司 A kind of trans-regional direct selling bank federation method of commerce and system by safety certification
KR101649908B1 (en) * 2015-07-14 2016-08-22 한국전자통신연구원 Apparatus for keyboard security and method for inputting key on keyboard
KR101941625B1 (en) * 2017-12-28 2019-01-24 주식회사 더봄에스 System for SNS finetech using authentication based selecting and method for operating the same

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20010026309A (en) * 1999-09-04 2001-04-06 정희원 Banking System and Method thereof using Smart-Card
US6230269B1 (en) * 1998-03-04 2001-05-08 Microsoft Corporation Distributed authentication system and method
KR20030005986A (en) * 2001-07-11 2003-01-23 주식회사 비즈모델라인 Method for the process of certification using mobile communication devices with the function of wireless certification(digital signature)
US6539479B1 (en) * 1997-07-15 2003-03-25 The Board Of Trustees Of The Leland Stanford Junior University System and method for securely logging onto a remotely located computer

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR100315387B1 (en) * 1999-08-02 2001-11-26 윤금 Private Key, Certificate Administration System and Method Thereof

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6539479B1 (en) * 1997-07-15 2003-03-25 The Board Of Trustees Of The Leland Stanford Junior University System and method for securely logging onto a remotely located computer
US6230269B1 (en) * 1998-03-04 2001-05-08 Microsoft Corporation Distributed authentication system and method
KR20010026309A (en) * 1999-09-04 2001-04-06 정희원 Banking System and Method thereof using Smart-Card
KR20030005986A (en) * 2001-07-11 2003-01-23 주식회사 비즈모델라인 Method for the process of certification using mobile communication devices with the function of wireless certification(digital signature)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140019366A1 (en) * 2011-03-31 2014-01-16 Infosys Limited Method and a system for securing financial transaction

Also Published As

Publication number Publication date
KR100792163B1 (en) 2008-01-04
CN101390115A (en) 2009-03-18
KR20070089427A (en) 2007-08-31

Similar Documents

Publication Publication Date Title
US11647385B1 (en) Security system for handheld wireless devices using time-variable encryption keys
CN113169971B (en) Secure extended range application data exchange
EP1710980B1 (en) Authentication services using mobile device
CN112823335A (en) System and method for password authentication of contactless cards
EP2481230B1 (en) Authentication method, payment authorisation method and corresponding electronic equipments
EP2380308B1 (en) Secure remote authentication through an untrusted network
US20100010932A1 (en) Secure wireless deposit system and method
US8132244B2 (en) Mobile smartcard based authentication
CN102314576A (en) In NFC equipment, carry out the method for Secure Application
CN101098225A (en) Safety data transmission method and paying method, paying terminal and paying server
CN112789643A (en) System and method for password authentication of contactless cards
CN112602104A (en) System and method for password authentication of contactless cards
CN112889046A (en) System and method for password authentication of contactless cards
CN113168631A (en) System and method for password authentication of contactless cards
US8577766B2 (en) Secure transactions using non-secure communications
CN101944216A (en) Two-factor online transaction safety authentication method and system
US20090015374A1 (en) User authentication system and method
WO2007100202A1 (en) Authentication system for online financial transactions and user terminal for authentication of online financial transactions
JP2022502881A (en) Systems and methods for notifying potential attacks on non-contact cards
US11562346B2 (en) Contactless card with multiple rotating security keys
US20060173694A1 (en) Information processing system, information processing device, method, and program
KR101695097B1 (en) Method for Providing Simple Payment based on One Time Password Card
KR101395315B1 (en) Near field communication based payment security authentication system and security authentication method thereof
US20240064004A1 (en) Parallel secret salt generation and authentication for encrypted communication
KR20040031434A (en) Real Time Account Information Control System using on Mobile Device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 200780006680.6

Country of ref document: CN

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 07715399

Country of ref document: EP

Kind code of ref document: A1