WO2007100202A1 - Authentication system for online financial transactions and user terminal for authentication of online financial transactions - Google Patents
Authentication system for online financial transactions and user terminal for authentication of online financial transactions Download PDFInfo
- Publication number
- WO2007100202A1 WO2007100202A1 PCT/KR2007/000986 KR2007000986W WO2007100202A1 WO 2007100202 A1 WO2007100202 A1 WO 2007100202A1 KR 2007000986 W KR2007000986 W KR 2007000986W WO 2007100202 A1 WO2007100202 A1 WO 2007100202A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- key
- encryption
- approval
- terminal
- financial
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/10—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
- G07F7/1016—Devices or methods for securing the PIN and other transaction-data, e.g. by encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3823—Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
Definitions
- the present invention relates to an authentication system for electronic commerce and, more particularly, to an authentication system for online financial transactions and a user terminal for authentication of online financial transactions.
- an authorized authentication key is required to be used to enhance the security of online financial transactions.
- an encryption key is required to be entered through an encryption card or the like.
- the present invention provides an authentication system for online financial transactions, which can ensure the security of online financial transactions.
- the present invention further provides a user terminal which can ensure the security of online financial transactions.
- Fig. 1 is an authentication system for online financial transactions over a communication network according to an exemplary embodiment of the present invention.
- FIG. 2 is a block diagram of a financial terminal shown in FIG. 1.
- FIG. 3 is a block diagram of a user terminal shown in FIG. 1.
- Fig. 4 is a flow chart for explaining the operation of the authentication system shown in FTG. 1. Best Mode for Carrying Out the Invention
- the present invention discloses an authentication system for online financial transactions over a communication network, including: a central management server which includes an approval-key generation unit to generate an approval key and an encryption-key generation unit to generate an encryption key from the approval key and a private password, controls online financial transactions, transmits the approval key to a user terminal over a wireless network, encrypts and decrypts data transmitted and received to and from a financial terminal using the encryption key; a user terminal which is connected to the central management server and a financial terminal over a wireless network, and includes an approval-key receiving unit to receive the approval key through the wireless network, an input unit to allow a user to input a private password, an encryption-key generation unit to generate an encryption key from the approval key and the private password, and a data transceiver unit to transmit the encryption key to a financial terminal over the wireless network; and a financial terminal to encrypt and decrypt data transmitted and received to and from the central management server using the encryption key transmitted from the user terminal.
- the present invention also discloses a terminal for authentication of online financial transactions, including: a first communication unit to receive an approval key over a first communication network; a second communication unit to transmit an encryption key over a second communication network; an input unit to allow a user to input a private password; and an encryption-key generation unit to generate an encryption key from the approval key and the private password.
- Fig. 1 is an authentication system for online financial transactions over a communication network according to an exemplary embodiment of the present invention.
- the authentication system includes a central management server 10, a financial terminal 20, an approval-key transmission unit 30 and a user terminal 40.
- the central management server 10 controls general online financial transactions.
- the central management server 10 is linked, for example, to a main computer of a bank over a financial management network.
- the central management server 10 conducts financial transactions with the financial terminal 20, and transmits transaction data to the main computer over the financial management network.
- the central management server 10 refers to authentication information, such as ID and password, or account information of a user which is input through the financial terminal 20. When the user is a normal user, it generates an approval key for the normal user. The approval key is generated when an authentication procedure is performed, and is used once.
- the central management server 10 may have an approval- key algorithm to generate an approval key, or receive an approval key from another approval-key generation unit. The central management server 10 stores therein the approval key, together with the authentication information, and transmits them to the approval-key transmission unit 30.
- a user uses two kinds of passwords; one for user authentication that is conducted by the central management server 10 (hereinafter referred to as 'authentication password', and one for encryption of data that is transmitted between the central management server 10 and the financial terminal 20 (hereinafter referred to as 'private password').
- the private password is assigned to a user on initial registration. Thereafter, the private password will not be transmitted between the central management server 10 and the financial terminal 20. An encryption procedure through the private password will be described in detail.
- the central management server 10 includes an encryption/decryption unit to encrypt/ decrypt data which is transmitted and received to and from the financial terminal 20.
- the encryption/decryption unit is made in software or in hardware.
- the central management server 10 transmits the approval key and generates an encryption key from an authorized authentication key, an approval key and a private password.
- the central management server 10 encrypts and decrypts the data by the encryption/ decryption unit using the encryption key. Any typical encryption/decryption unit may be used in the encryption/decryption procedure.
- the financial terminal 20 enables a user to conduct online financial transactions.
- the financial terminal 20 may be an automated teller machine (ATM) or a personal computer.
- ATM automated teller machine
- VAN value- added network
- the financial terminal 20 is a personal computer, they are connected to each other over the Internet.
- FIG. 2 is a block diagram of the financial terminal 20.
- the financial terminal 20 includes a controller 21, a network interface 22, an encryption/decryption unit 23, a data transceiver unit 24, an input unit 25 and a monitor 26.
- the controller 21 generally controls the financial terminal 20.
- the network interface 21 generally controls the financial terminal 20.
- the encryption/decryption unit 23 encrypts data to be transmitted to the central management server 10 and decrypts data received from the central management server 10.
- the encryption/decryption unit 23 uses an encryption key to encrypt and decrypt the data, in which the encryption key is provided from the controller 21.
- the encryption/decryption unit 23 is made in software or in hardware.
- the data transceiver unit 24 exchanges data with a user terminal 40.
- the financial terminal 20 and the user terminal 40 exchanges data with each other through a radio frequency (RF) signal.
- the data transceiver unit 24 converts an electrical data signal received from the controller 21 into an RF signal, and transmits the RF signal over an antenna.
- the RF signal from the user terminal 40 is converted to an electrical signal and provided to the controller 21.
- the communication between the financial terminal 20 and the user terminal 40 may be made with an infrared signal or in a wireless or wired data communication manner.
- the input unit 25 enables a user to input authentication information, such as ID and password, and other transaction information.
- the monitor 26 displays state information or transaction information to the user.
- the approval-key transmission unit 30 receives approval-key information from the central management server 10 and transmits it to the user terminal 40.
- the approval- key transmission unit 30 is connected to the central management server 10, for example, over a local area network (LAN), and to the user terminal 40 over a wireless communication network.
- the approval-key transmission unit 30 is a short message service (SMS) unit which receives the approval key from the central management server 10 and transmits it to the user terminal 40 in a text message.
- SMS short message service
- the user terminal 40 may be one used only for the above-mentioned financial transactions, or an existing mobile communication terminal.
- Fig. 3 is a block diagram of the user terminal 40.
- the user terminal 40 includes a controller 41, a network interface 42, an input unit 43, an encryption-key generation unit 44, a data transceiver unit 45 and a monitor 46.
- the controller 41 generally controls the user terminal 40.
- the network interface 42 provides an interface between the user terminal 40 and a communication network.
- the network interface 42 provides an interface between the user terminal 40 and the mobile communication network.
- the input unit 43 includes, for example, a 10-key keypad.
- the input unit 43 enables a user to input a private password.
- the encryption-key generation unit 44 generates an encryption key by combining an approval key, which is received through the network interface 42, and a private password, which is input through the input unit 43.
- the encryption-key generation unit 44 may be made in software or in hardware. Any typical encryption-key generation unit may be used in the encryption-key generation procedure.
- the data transceiver unit 45 is one for wireless communication between the user terminal 40 and the financial terminal 20.
- the data transceiver unit 45 converts encryption-key information, which is transmitted from the controller 41 to the financial terminal 20, into, for example, an RF signal, or converts an RF signal, which is received from the financial terminal 20, into an electrical signal and provides it to the controller 41.
- any typical data transceiver unit may be used which allows infrared communication or other wireless or wired communication with the financial terminal 20.
- the monitor 46 displays information to users.
- Fig. 4 is a flow chart for explaining the operation of an authentication system according to an exemplary embodiment of the present invention.
- the user accesses the central management server 10 through the financial terminal 20 and selects a desired financial transaction.
- the central management server 10 requests the user to enter ID and authentication password through the financial terminal 20.
- the central management server 10 may request the user to further enter information such as a user name or a bank account.
- the user enters the authentication information according to a typical online financial transaction procedure.
- the central management server 10 When the user enters information requested by the central management server 10 to log in, the central management server 10 conducts a typical authentication procedure to determine whether or not the user is genuine.
- the central management server 10 When the user is determined to be genuine, the central management server 10 generates an approval key for a current financial transaction.
- the approval key together with user information, is stored and transmitted to the approval-key transmission unit 30.
- the user information includes an access number of the user terminal 40.
- the approval-key transmission unit 30 transmits the approval-key information received from the central management server 10 to the user terminal 40 over the wireless communication network.
- the controller 41 when the user terminal 40 receives the approval-key information through the network interface 42, the controller 41 outputs on the monitor 46 a message to enter a private password.
- the controller 41 provides both the approval key information received through the network interface 42 and the private password entered through the input unit 43 to the encryption-key generation unit 44, and drives the encryption-key generation unit 44 to generate an encryption key.
- the controller 41 transmits the encryption key to the financial terminal 20 through the data transceiver unit 45.
- the encryption key may be automatically transmitted or selectively transmitted by the input unit 43.
- the central management server 10 transmits the approval key through the approval- key transmission unit 30, and generates an encryption key in the same manner as the user terminal 40.
- the financial terminal 20 when the financial terminal 20 receives the encryption key through the data transceiver unit 24, it notifies the central management server 10 that the encryption key has been received.
- the financial terminal 20 uses the encryption key received from the user terminal 40 to initialize the encryption/decryption unit 23.
- the central management server 10 receives from the financial terminal 20 a message indicating that the encryption key has been received, it uses the encryption key to initialize an encryption/decryption unit. Subsequently, the central management server 10 and the financial terminal 20 encrypt data with the encryption key and make communications .
- the central management server 10 transmits the approval key to the user terminal 40 and is not acknowledged by the financial terminal 20 in a predetermined time that the encryption key has been received, the central management server 10 determines that the current financial transaction is not normal, and initializes the current financial transaction.
- the central management server 10 and the financial terminal 20 individually generate an encryption key.
- a private password which is not transmitted through a network, is used between the central management server 10 and the financial terminal 20.
- the central management server 10 and the financial terminal 20 encrypt and decrypt information which is transmitted with the encryption key.
- the third party cannot recognize the information. Therefore, it is possible to greatly enhance the security of financial transactions.
- the user terminal 40 generates and provides an encryption key to the financial terminal 20.
- the user terminal 40 may store an authorized authentication key for a current financial transaction, and provide an encryption key, together with the authorized authentication key, to the financial terminal 20.
- the 40 and the central management server 10 may generate an encryption key by combining the approval key, authorized authentication key, and private password.
- the present invention can efficiently be applied to an authentication system for online financial transactions, which can ensure the security of online financial transactions, and a user terminal which can ensure the security of online financial transactions.
Abstract
An authentication system for online financial transactions over a communication network is provided, including a central management server which has an approval-key generation unit and an encryption-key generation unit, controls online financial transactions, transmits the approval key to a user terminal over a wireless network, encrypts and decrypts data transmitted and received to and from a financial terminal using the encryption key, a user terminal which is connected to the central management server and a financial terminal over a wireless network, and includes an approval-key receiving unit, an input unit to input a private password, an encryption-key generation unit to generate an encryption key from the approval key and the private password, and a data transceiver unit to transmit the encryption key to a financial terminal, and a financial terminal to encrypt and decrypt data transmitted and received to and from the central management server using the encryption key.
Description
Description AUTHENTICATION SYSTEM FOR ONLINE FINANCIAL
TRANSACTIONS AND USER TERMINAL FOR AUTHENTICATION OF ONLINE FINANCIAL TRANSACTIONS
Technical Field
[1] The present invention relates to an authentication system for electronic commerce and, more particularly, to an authentication system for online financial transactions and a user terminal for authentication of online financial transactions. Background Art
[2] The development of advanced communications technology has enabled users to conduct various kinds of electronic commercial transactions over the Internet and other networks. Most of the electronic commercial transactions involve financial transactions that are conducted online. Examples of the online financial transactions include a simple financial settlement, a wire transfer through a financial computer network, and cash withdrawal, deposit and transfer through a value-added network (VAN) and a financial computer network, such as an automatic teller machine (ATM).
[3] In general, an authorized authentication key is required to be used to enhance the security of online financial transactions. Besides, an encryption key is required to be entered through an encryption card or the like.
[4] Recently, there have been developed and widely used methods for enhancing the security of online financial transactions using a mobile communication terminal. Such methods are disclosed in Korean Patent Application Nos. 2001-81122, 2004-75159 and 2003-89125.
[5] However, the above-mentioned methods cannot offer a full guarantee for the security of online financial transactions since information concerning authentication and encryption is transferred from user terminals over networks.
[6] Therefore, methods for ensuring the security of online financial transactions are demanded.
Disclosure of Invention Technical Solution
[7] The present invention provides an authentication system for online financial transactions, which can ensure the security of online financial transactions.
[8] The present invention further provides a user terminal which can ensure the security of online financial transactions.
[9] Additional features of the invention will be set forth in the description which follows,
and in part will be apparent from the description, or may be learned by practice of the invention.
Advantageous Effects
[10] It is possible to provide an authentication system for online financial transactions over a communication network which can greatly enhance the security of online financial transactions, and a user terminal therefor. Brief Description of the Drawings
[11] The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention, and together with the description serve to explain the principles of the invention.
[12] Fig. 1 is an authentication system for online financial transactions over a communication network according to an exemplary embodiment of the present invention.
[13] Fig. 2 is a block diagram of a financial terminal shown in FIG. 1.
[14] Fig. 3 is a block diagram of a user terminal shown in FIG. 1.
[15] Fig. 4 is a flow chart for explaining the operation of the authentication system shown in FTG. 1. Best Mode for Carrying Out the Invention
[16] The present invention discloses an authentication system for online financial transactions over a communication network, including: a central management server which includes an approval-key generation unit to generate an approval key and an encryption-key generation unit to generate an encryption key from the approval key and a private password, controls online financial transactions, transmits the approval key to a user terminal over a wireless network, encrypts and decrypts data transmitted and received to and from a financial terminal using the encryption key; a user terminal which is connected to the central management server and a financial terminal over a wireless network, and includes an approval-key receiving unit to receive the approval key through the wireless network, an input unit to allow a user to input a private password, an encryption-key generation unit to generate an encryption key from the approval key and the private password, and a data transceiver unit to transmit the encryption key to a financial terminal over the wireless network; and a financial terminal to encrypt and decrypt data transmitted and received to and from the central management server using the encryption key transmitted from the user terminal.
[17] The present invention also discloses a terminal for authentication of online financial transactions, including: a first communication unit to receive an approval key over a first communication network; a second communication unit to transmit an encryption key over a second communication network; an input unit to allow a user to input a
private password; and an encryption-key generation unit to generate an encryption key from the approval key and the private password.
[18] It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory and are intended to provide further explanation of the invention as claimed. Mode for the Invention
[19] The invention is described more fully hereinafter with reference to the accompanying drawings, in which exemplary embodiments of the invention are shown. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure is thorough, and will fully convey the scope of the invention to those skilled in the art. In the drawings, the size and relative sizes of layers and regions may be exaggerated for clarity. Like reference numerals in the drawings denote like elements.
[20] It will be understood that when an element or layer is referred to as being "on" or
"connected to" another element or layer, it can be directly on or directly connected to the other element or layer, or intervening elements or layers may be present. In contrast, when an element is referred to as being "directly on" or "directly connected to" another element or layer, there are no intervening elements or layers present.
[21] Fig. 1 is an authentication system for online financial transactions over a communication network according to an exemplary embodiment of the present invention.
[22] The authentication system includes a central management server 10, a financial terminal 20, an approval-key transmission unit 30 and a user terminal 40.
[23] The central management server 10 controls general online financial transactions. The central management server 10 is linked, for example, to a main computer of a bank over a financial management network. The central management server 10 conducts financial transactions with the financial terminal 20, and transmits transaction data to the main computer over the financial management network.
[24] The central management server 10 refers to authentication information, such as ID and password, or account information of a user which is input through the financial terminal 20. When the user is a normal user, it generates an approval key for the normal user. The approval key is generated when an authentication procedure is performed, and is used once. The central management server 10 may have an approval- key algorithm to generate an approval key, or receive an approval key from another approval-key generation unit. The central management server 10 stores therein the approval key, together with the authentication information, and transmits them to the approval-key transmission unit 30.
[25] According to an exemplary embodiment of the present invention, a user uses two kinds of passwords; one for user authentication that is conducted by the central management server 10 (hereinafter referred to as 'authentication password', and one for encryption of data that is transmitted between the central management server 10 and the financial terminal 20 (hereinafter referred to as 'private password'). The private password is assigned to a user on initial registration. Thereafter, the private password will not be transmitted between the central management server 10 and the financial terminal 20. An encryption procedure through the private password will be described in detail.
[26] The central management server 10 includes an encryption/decryption unit to encrypt/ decrypt data which is transmitted and received to and from the financial terminal 20. The encryption/decryption unit is made in software or in hardware. The central management server 10 transmits the approval key and generates an encryption key from an authorized authentication key, an approval key and a private password. The central management server 10 encrypts and decrypts the data by the encryption/ decryption unit using the encryption key. Any typical encryption/decryption unit may be used in the encryption/decryption procedure.
[27] The financial terminal 20 enables a user to conduct online financial transactions. The financial terminal 20 may be an automated teller machine (ATM) or a personal computer. When the financial terminal 20 is an ATM, the financial terminal 20 and the central management server 10 are connected to each other, for example, over a value- added network (VAN). When the financial terminal 20 is a personal computer, they are connected to each other over the Internet.
[28] Fig. 2 is a block diagram of the financial terminal 20.
[29] The financial terminal 20 includes a controller 21, a network interface 22, an encryption/decryption unit 23, a data transceiver unit 24, an input unit 25 and a monitor 26.
[30] The controller 21 generally controls the financial terminal 20. The network interface
22 provides an interface with the VAN or Internet. The encryption/decryption unit 23 encrypts data to be transmitted to the central management server 10 and decrypts data received from the central management server 10. The encryption/decryption unit 23 uses an encryption key to encrypt and decrypt the data, in which the encryption key is provided from the controller 21. The encryption/decryption unit 23 is made in software or in hardware.
[31] The data transceiver unit 24 exchanges data with a user terminal 40. The financial terminal 20 and the user terminal 40 exchanges data with each other through a radio frequency (RF) signal. The data transceiver unit 24 converts an electrical data signal received from the controller 21 into an RF signal, and transmits the RF signal over an
antenna. The RF signal from the user terminal 40 is converted to an electrical signal and provided to the controller 21. The communication between the financial terminal 20 and the user terminal 40 may be made with an infrared signal or in a wireless or wired data communication manner.
[32] The input unit 25 enables a user to input authentication information, such as ID and password, and other transaction information. The monitor 26 displays state information or transaction information to the user.
[33] The approval-key transmission unit 30 receives approval-key information from the central management server 10 and transmits it to the user terminal 40. The approval- key transmission unit 30 is connected to the central management server 10, for example, over a local area network (LAN), and to the user terminal 40 over a wireless communication network. When the user terminal 40 is a mobile communication terminal, the approval-key transmission unit 30 is a short message service (SMS) unit which receives the approval key from the central management server 10 and transmits it to the user terminal 40 in a text message.
[34] The user terminal 40 may be one used only for the above-mentioned financial transactions, or an existing mobile communication terminal.
[35] Fig. 3 is a block diagram of the user terminal 40. The user terminal 40 includes a controller 41, a network interface 42, an input unit 43, an encryption-key generation unit 44, a data transceiver unit 45 and a monitor 46.
[36] The controller 41 generally controls the user terminal 40. The network interface 42 provides an interface between the user terminal 40 and a communication network. When the user terminal 40 is a mobile communication terminal, the network interface 42 provides an interface between the user terminal 40 and the mobile communication network.
[37] The input unit 43 includes, for example, a 10-key keypad. The input unit 43 enables a user to input a private password.
[38] The encryption-key generation unit 44 generates an encryption key by combining an approval key, which is received through the network interface 42, and a private password, which is input through the input unit 43. The encryption-key generation unit 44 may be made in software or in hardware. Any typical encryption-key generation unit may be used in the encryption-key generation procedure.
[39] The data transceiver unit 45 is one for wireless communication between the user terminal 40 and the financial terminal 20. The data transceiver unit 45 converts encryption-key information, which is transmitted from the controller 41 to the financial terminal 20, into, for example, an RF signal, or converts an RF signal, which is received from the financial terminal 20, into an electrical signal and provides it to the controller 41. In this case, any typical data transceiver unit may be used which allows
infrared communication or other wireless or wired communication with the financial terminal 20.
[40] The monitor 46 displays information to users.
[41] Fig. 4 is a flow chart for explaining the operation of an authentication system according to an exemplary embodiment of the present invention.
[42] When a user conducts a financial transaction, the user accesses the central management server 10 through the financial terminal 20 and selects a desired financial transaction. The central management server 10 requests the user to enter ID and authentication password through the financial terminal 20. The central management server 10 may request the user to further enter information such as a user name or a bank account. The user enters the authentication information according to a typical online financial transaction procedure.
[43] When the user enters information requested by the central management server 10 to log in, the central management server 10 conducts a typical authentication procedure to determine whether or not the user is genuine.
[44] When the user is determined to be genuine, the central management server 10 generates an approval key for a current financial transaction. The approval key, together with user information, is stored and transmitted to the approval-key transmission unit 30. The user information includes an access number of the user terminal 40.
[45] The approval-key transmission unit 30 transmits the approval-key information received from the central management server 10 to the user terminal 40 over the wireless communication network.
[46] In Fig. 3, when the user terminal 40 receives the approval-key information through the network interface 42, the controller 41 outputs on the monitor 46 a message to enter a private password. When a user enters the private password through the input unit 43, the controller 41 provides both the approval key information received through the network interface 42 and the private password entered through the input unit 43 to the encryption-key generation unit 44, and drives the encryption-key generation unit 44 to generate an encryption key.
[47] The controller 41 transmits the encryption key to the financial terminal 20 through the data transceiver unit 45. The encryption key may be automatically transmitted or selectively transmitted by the input unit 43.
[48] The central management server 10 transmits the approval key through the approval- key transmission unit 30, and generates an encryption key in the same manner as the user terminal 40.
[49] Referring to Fig. 2, when the financial terminal 20 receives the encryption key through the data transceiver unit 24, it notifies the central management server 10 that
the encryption key has been received. The financial terminal 20 uses the encryption key received from the user terminal 40 to initialize the encryption/decryption unit 23. When the central management server 10 receives from the financial terminal 20 a message indicating that the encryption key has been received, it uses the encryption key to initialize an encryption/decryption unit. Subsequently, the central management server 10 and the financial terminal 20 encrypt data with the encryption key and make communications .
[50] When the central management server 10 transmits the approval key to the user terminal 40 and is not acknowledged by the financial terminal 20 in a predetermined time that the encryption key has been received, the central management server 10 determines that the current financial transaction is not normal, and initializes the current financial transaction.
[51] In the above-mentioned exemplary embodiment, the central management server 10 and the financial terminal 20 individually generate an encryption key. When the encryption key is generated, a private password, which is not transmitted through a network, is used between the central management server 10 and the financial terminal 20. The central management server 10 and the financial terminal 20 encrypt and decrypt information which is transmitted with the encryption key. Thus, even though a third party has intentionally obtained information transmitted between the central management server 10 and the financial terminal 20, the third party cannot recognize the information. Therefore, it is possible to greatly enhance the security of financial transactions.
[52] In the present embodiment of the invention, the user terminal 40 generates and provides an encryption key to the financial terminal 20. However, the user terminal 40 may store an authorized authentication key for a current financial transaction, and provide an encryption key, together with the authorized authentication key, to the financial terminal 20.
[53] As a result, the user can conduct a secure financial transaction only with the user terminal 40.
[54] When the user terminal 40 stores the authorized authentication key, the user terminal
40 and the central management server 10 may generate an encryption key by combining the approval key, authorized authentication key, and private password.
[55] It will be apparent to those skilled in the art that various modifications and variation can be made in the present invention without departing from the spirit or scope of the invention. Thus, it is intended that the present invention cover the modifications and variations of this invention provided they come within the scope of the appended claims and their equivalents.
Industrial Applicability
[56] The present invention can efficiently be applied to an authentication system for online financial transactions, which can ensure the security of online financial transactions, and a user terminal which can ensure the security of online financial transactions.
Claims
[1] An authentication system for online financial transactions over a communication network, comprising: a central management server which comprises an approval-key generation unit to generate an approval key and an encryption-key generation unit to generate an encryption key from the approval key and a private password, controls online financial transactions, transmits the approval key to a user terminal over a wireless network, encrypts and decrypts data transmitted and received to and from a financial terminal using the encryption key; a user terminal which is connected to the central management server and a financial terminal over a wireless network, and comprises an approval-key receiving unit to receive the approval key through the wireless network, an input unit to allow a user to input a private password, an encryption-key generation unit to generate an encryption key from the approval key and the private password, and a data transceiver unit to transmit the encryption key to a financial terminal over the wireless network; and a financial terminal to encrypt and decrypt data transmitted and received to and from the central management server using the encryption key transmitted from the user terminal.
[2] The authentication system of claim 1, wherein the user terminal and the financial terminal transmit and receive an encryption key to and from each other over a wireless network.
[3] The authentication system of claim 1, wherein the user terminal further comprises a storage unit to store an authorized authentication key, and the authorized authentication key is provided, together with an encryption key, to the financial terminal.
[4] A terminal for authentication of online financial transactions, comprising: a first communication unit to receive an approval key over a first communication network; a second communication unit to transmit an encryption key over a second communication network; an input unit to allow a user to input a private password; and an encryption-key generation unit to generate an encryption key from the approval key and the private password.
[5] The terminal of claim 4, further comprising an authorized authentication-key storage unit to store an authorized authentication key.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR10-2006-0019452 | 2006-02-28 | ||
KR1020060019452A KR100792163B1 (en) | 2006-02-28 | 2006-02-28 | Authentication system for on-line banking, and user terminal for the same |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2007100202A1 true WO2007100202A1 (en) | 2007-09-07 |
Family
ID=38459272
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/KR2007/000986 WO2007100202A1 (en) | 2006-02-28 | 2007-02-27 | Authentication system for online financial transactions and user terminal for authentication of online financial transactions |
Country Status (3)
Country | Link |
---|---|
KR (1) | KR100792163B1 (en) |
CN (1) | CN101390115A (en) |
WO (1) | WO2007100202A1 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140019366A1 (en) * | 2011-03-31 | 2014-01-16 | Infosys Limited | Method and a system for securing financial transaction |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101635075B (en) * | 2009-05-31 | 2013-08-14 | 飞天诚信科技股份有限公司 | Trading method and trading system |
CN104751364B (en) * | 2013-12-30 | 2018-11-16 | 上海方付通商务服务有限公司 | A kind of trans-regional direct selling bank federation method of commerce and system by safety certification |
KR101649908B1 (en) * | 2015-07-14 | 2016-08-22 | 한국전자통신연구원 | Apparatus for keyboard security and method for inputting key on keyboard |
KR101941625B1 (en) * | 2017-12-28 | 2019-01-24 | 주식회사 더봄에스 | System for SNS finetech using authentication based selecting and method for operating the same |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20010026309A (en) * | 1999-09-04 | 2001-04-06 | 정희원 | Banking System and Method thereof using Smart-Card |
US6230269B1 (en) * | 1998-03-04 | 2001-05-08 | Microsoft Corporation | Distributed authentication system and method |
KR20030005986A (en) * | 2001-07-11 | 2003-01-23 | 주식회사 비즈모델라인 | Method for the process of certification using mobile communication devices with the function of wireless certification(digital signature) |
US6539479B1 (en) * | 1997-07-15 | 2003-03-25 | The Board Of Trustees Of The Leland Stanford Junior University | System and method for securely logging onto a remotely located computer |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR100315387B1 (en) * | 1999-08-02 | 2001-11-26 | 윤금 | Private Key, Certificate Administration System and Method Thereof |
-
2006
- 2006-02-28 KR KR1020060019452A patent/KR100792163B1/en not_active IP Right Cessation
-
2007
- 2007-02-27 CN CNA2007800066806A patent/CN101390115A/en active Pending
- 2007-02-27 WO PCT/KR2007/000986 patent/WO2007100202A1/en active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6539479B1 (en) * | 1997-07-15 | 2003-03-25 | The Board Of Trustees Of The Leland Stanford Junior University | System and method for securely logging onto a remotely located computer |
US6230269B1 (en) * | 1998-03-04 | 2001-05-08 | Microsoft Corporation | Distributed authentication system and method |
KR20010026309A (en) * | 1999-09-04 | 2001-04-06 | 정희원 | Banking System and Method thereof using Smart-Card |
KR20030005986A (en) * | 2001-07-11 | 2003-01-23 | 주식회사 비즈모델라인 | Method for the process of certification using mobile communication devices with the function of wireless certification(digital signature) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20140019366A1 (en) * | 2011-03-31 | 2014-01-16 | Infosys Limited | Method and a system for securing financial transaction |
Also Published As
Publication number | Publication date |
---|---|
KR100792163B1 (en) | 2008-01-04 |
CN101390115A (en) | 2009-03-18 |
KR20070089427A (en) | 2007-08-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11647385B1 (en) | Security system for handheld wireless devices using time-variable encryption keys | |
CN113169971B (en) | Secure extended range application data exchange | |
EP1710980B1 (en) | Authentication services using mobile device | |
CN112823335A (en) | System and method for password authentication of contactless cards | |
EP2481230B1 (en) | Authentication method, payment authorisation method and corresponding electronic equipments | |
EP2380308B1 (en) | Secure remote authentication through an untrusted network | |
US20100010932A1 (en) | Secure wireless deposit system and method | |
US8132244B2 (en) | Mobile smartcard based authentication | |
CN102314576A (en) | In NFC equipment, carry out the method for Secure Application | |
CN101098225A (en) | Safety data transmission method and paying method, paying terminal and paying server | |
CN112789643A (en) | System and method for password authentication of contactless cards | |
CN112602104A (en) | System and method for password authentication of contactless cards | |
CN112889046A (en) | System and method for password authentication of contactless cards | |
CN113168631A (en) | System and method for password authentication of contactless cards | |
US8577766B2 (en) | Secure transactions using non-secure communications | |
CN101944216A (en) | Two-factor online transaction safety authentication method and system | |
US20090015374A1 (en) | User authentication system and method | |
WO2007100202A1 (en) | Authentication system for online financial transactions and user terminal for authentication of online financial transactions | |
JP2022502881A (en) | Systems and methods for notifying potential attacks on non-contact cards | |
US11562346B2 (en) | Contactless card with multiple rotating security keys | |
US20060173694A1 (en) | Information processing system, information processing device, method, and program | |
KR101695097B1 (en) | Method for Providing Simple Payment based on One Time Password Card | |
KR101395315B1 (en) | Near field communication based payment security authentication system and security authentication method thereof | |
US20240064004A1 (en) | Parallel secret salt generation and authentication for encrypted communication | |
KR20040031434A (en) | Real Time Account Information Control System using on Mobile Device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
WWE | Wipo information: entry into national phase |
Ref document number: 200780006680.6 Country of ref document: CN |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 07715399 Country of ref document: EP Kind code of ref document: A1 |