CN101154309A - Trading system, trading method and trading server - Google Patents
Trading system, trading method and trading server Download PDFInfo
- Publication number
- CN101154309A CN101154309A CN 200710138092 CN200710138092A CN101154309A CN 101154309 A CN101154309 A CN 101154309A CN 200710138092 CN200710138092 CN 200710138092 CN 200710138092 A CN200710138092 A CN 200710138092A CN 101154309 A CN101154309 A CN 101154309A
- Authority
- CN
- China
- Prior art keywords
- mentioned
- transaction
- different information
- user
- terminal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a trade system, a trade method and a trade server, which enables the legal user of the account to prevent the illegal attack to the account. The trade system comprises an operational trade terminal, a trade server accepting the trade requirement from the trade terminal, which is characterized in that the trade server has: a user identification portion for identifying the user at the trade terminal, who proposes the trade requirement to the operation, a dissimilarity information management portion for storing the dissimilarity information in the storage device and transmitting to the dissimilarity information management portion at the trade terminal, wherein the dissimilarity information shows the identification results that the user is not allowed to trade by the user identification portion; the trade terminal has a dissimilarity information processing portion outputting the dissimilarity information received from the trade server.
Description
Technical field
The present invention relates to the technology of transaction system, method of commerce and trading server.
Background technology
In the past, ATM (Automated Teller Machine) terminal was carried out authentification of users such as requirement input password to the user of requests transaction before beginning transaction.Then to transaction such as the authenticated licensed user who concludes the business begin to transfer accounts.Transactions history record in the past confirmed in the transactions history record of user by checking that the ATM terminal is shown.
[patent documentation 1] Japanese kokai publication hei 8-36665 communique (claim 1,0013~0015 section, Fig. 5)
But illegal sometimes person can carry out rogue attacks, attempts the careless cash etc. that extracts from other people account.In this case, illegal person for example steals other people cash card, and this cash card is inserted the ATM terminal, the beginning rogue attacks.If the password of illegal person's input is correct, just then rogue attacks is succeedd.
On the other hand, even because of the not success of not reciprocity 1 rogue attacks of password, it is safe to say so.Sometimes illegal person still can carry out rogue attacks after the trial and error time and again time and again.And, in rogue attacks time and again, as long as authentication success is arranged 1 time, just rogue attacks is succeedd.Therefore, do not wish to leave repeatedly the chance of rogue attacks to illegal person.
In addition, have a kind ofly behind continuous 3 authentification failures of password, stop the mode of the such set point number of account trading restriction automatically.But in this case, even existing 2 failures, validated user also has no to discover to the danger that oneself account has been subjected to rogue attacks.Therefore, because under the situation without any sign, taking to change password or change number of the account etc. seldom on one's own initiative, validated user prevents illegal attack, so the chance of more carrying out rogue attacks is provided for illegal person.
Summary of the invention
Therefore, fundamental purpose of the present invention provides transaction system, method of commerce and the trading server that a kind of user can confirm different information, finally impels the validated user of account to take to prevent that account is subjected to illegal attack.
In order to solve the above problems, the invention provides a kind of transaction system, this transaction system comprises the transaction terminal that the user operates and accepts trading server from the transaction request of above-mentioned transaction terminal, above-mentioned trading server has: authentification of user portion, and its user that the above-mentioned transaction terminal of above-mentioned transaction request is carried out in operation authenticates; And different Information Management Department, its different information storage and sends to above-mentioned transaction terminal in memory storage, and wherein this different information representation is judged to be the authentication result that does not allow the user that begins to conclude the business by above-mentioned authentification of user portion; Above-mentioned transaction terminal has the different information treatment part of the above-mentioned different information that output receives from above-mentioned trading server.
According to the present invention, the user can confirm different information.Have or not rogue attacks by identification, for example in banking system, can impel the validated user of account to take to change password etc. and prevent illegal attack.
Description of drawings
Fig. 1 is the pie graph of the transaction system of expression one embodiment of the present invention.
Fig. 2 is the pie graph of the different information D B in expression one embodiment of the present invention.
Fig. 3 is the picture figure of the displaying contents of the different information in expression one embodiment of the present invention.
Fig. 4 is the process flow diagram of the transaction processing of the ATM terminal that comprises different notification of information processing in expression one embodiment of the present invention.
Fig. 5 is the process flow diagram of the transaction processing of the ATM terminal that comprises different notification of information processing in expression one embodiment of the present invention.
Among the figure: the 1-transaction terminal; The 2-trading server; 11-medium input and output portion; The 12-information input unit; The 13-information output part; 14-transaction request portion; The different information treatment part of 15-; 21-transaction processing portion; 22-authentification of user portion; The different Information Management Department of 23-; The different information D B of 24-
Embodiment
Below, with reference to accompanying drawing an embodiment of the invention are described.
Fig. 1 is the pie graph of expression transaction system 100.
Trading server 2 requests of the upper system of conduct of 1 pair of bank of transaction terminal of user operation transaction such as transfer accounts.Trading server 2 whether after legal the authentication, is beginning transaction to being identified as legal users to the user.In addition, so-called authentication is meant for example human body authentication, cipher authentication, password authentication etc.Trading server 2 is pressed each user's account, the balance of deposits of regulation is stored in the memory storage manage.
In addition, transaction terminal 1 also can constitute the ATM terminal of the addressable bank internal network that is arranged in banking office and the convenience store.In this case, so-called transaction is meant, for example at the withdrawing the money of user account, deposit, externally transfer accounts, of the same namely transfer accounts, query the balance, booklet book keeping operation and unloading and change password.For example, when withdrawing the money, transaction terminal 1 is exported the amount of money of withdrawing the money with note form to the user, and trading server 2 deducts the amount of money of withdrawing the money from the balance of deposits of user account.
In addition, transaction terminal 1 also can constitute PC (PersonalComputer) terminal of utilizing Web bank.In this case, so-called transaction is meant, for example at externally the transferring accounts of user account, of the same namely transfer accounts, buy in bond, query the balance and change password.
Fig. 2 is an example of the pie graph of the different information D B24 of expression.
The stored different information of different information D B24 comprises different content, and this different content is as authentication result, and trading server 2 is judged to be the authentication result (operation note) when not allowing to begin to conclude the business.And, different information also can constitute when making different content and authenticating date and constantly and the place set up related structure.For example, on the date and constantly when " 2004/12/2012:00 ", (transaction terminal 1) " zero * bank, No. 5 machines of sesame Pu branch " in the place, it is different to have produced the password that 2 expressions have inputed illegal password.Like this, be under the situation of ATM terminal at transaction terminal 1, store branch and machine number information.
In addition, be to utilize under the situation of PC terminal of Web bank at transaction terminal 1, as the information corresponding, store expression and be information from the utilization of " Web bank " with the place of ATM.For example, on the date and constantly when " 2004/12/25 21:00 ", (transaction terminal) " zero * bank, Web bank " in the place, it is different to have produced the password that 2 expressions have imported invalid password.
Like this, in different information D B24, the unified storage of different information that produces in different information that will in the ATM of business office of financial institution etc., produce and the PC terminal of utilizing Web bank.That is, if the different information that conducts interviews and produce because of account, then different information and the end message that in visit, uses record in addition together to the user of financial institution.In addition, different information D B24 manages with Subscriber Unit.
Fig. 3 is the picture figure of the displaying contents of the different information of expression.According to the content of different information D B24, be presented at the different information that produces among ATM, the both sides of Web bank.Information output part 13 is when the processing of each execution Fig. 4 described later or Fig. 5, on the picture of transaction terminal 1, all show the different information that receives from trading server 2, or carry out paper (detail form) by the medium input and output portion 11 of transaction terminal 1 and print, or export different information with speech form from loudspeaker.When pressing acknowledgement key 13a, finish the demonstration of different information.
Thus, the user utilizes ATM, not only can confirm the different information that produces in ATM, but also can confirm the different information that produces in the bank on the net, thereby can confirm to have or not rogue attacks effectively.
As shown in Figure 3, also can notify different information according to illegal classification (human body authentication, password, password).Like this, owing to wish to take the user who takes precautions against illegal attack to take different countermeasures according to illegal classification, so can deal with rogue attacks with low cost.For example, repeatedly carried out under the situation of password attack, only needing the change password to get final product.
Produced under the different situation of password phase XOR human body information in the ATM terminal, produced the different date and constantly, end message (bank's name, branch's name, machine number No), different content be used as different information and be notified to trading server 2.In addition, produced in the bank on the net under the different situation of password, different information is notified to trading server 2 similarly.
In addition, constitute each handling part of transaction terminal 1 and trading server 2, carry out the program that is stored among the not shown ROM (ReadOnly Memory) by not shown CPU (Central Processing Unit), perhaps by in not shown RAM (Random AccessMemory), launching to be stored in the program in the not shown hard disk, and, come specific implementation by not shown CPU execution.
Fig. 4 is the process flow diagram that expression comprises the transaction processing of the ATM terminal that different notification of information handles.This flow chart illustration is as the state of the touch-screen that touched the ATM terminal from the user.
Medium input and output portion 11 accepts the insertion (S111) from user's the cash card relevant with user account.Information input unit 12 is accepted the input (S112) of the required authentication informations such as password of authentication according to the input operation of user to touch-screen or keyboard etc.In addition, information input unit 12 is is also accepted the input (S113) from the Transaction Information of user's the transfer accounts amount of money and the transaction classification etc. that are used for determining that exchange needs.
(S121 when not satisfying the decision condition of S121, not), different Information Management Department 23 carries out being appended to (S124) among the different information D B24 being judged as the current authentication result that does not allow to begin to conclude the business, and carries out it is notified to as the transaction response communication process (S125) of transaction terminal 1.Transaction terminal 1 receives the communication process (S114) of transaction response.
When satisfying the decision condition of S121 (S121 is), transaction processing portion 21 begins transaction (S122) according to the Transaction Information of S113.Trading server 2 is included in the transaction response transaction results (allowing to begin transaction) of transaction processing portion 21 and the different information that is stored among the different information D B24, and carries out it is notified to the communication process (S123) of transaction terminal 1.Transaction terminal 1 receives the communication process (S114) of transaction response.
Medium input and output portion 11 sends medium (card, cash etc.) (S116) according to the transaction results that is comprised in the transaction response by trading server 2 notices to the user.Different information treatment part 15 the different information that is comprised in the transaction response by trading server 2 notices by information output part 13 outputs (demonstration) (S117).
Thus, by when concluding the business at every turn to the different information of user notification, the user can judge that the information that has or not Transaction Information etc. flows out.
In addition, information output part 13 can show be stored among the different information D B24 with the regulation user-dependent different information, also can show nearest different information.So-called nearest different information for example is different information, the different information till from now on before the specified time limit and the different information after having implemented change password etc. to take precautions against the rogue attacks countermeasure according to new and old tactic stated number.Like this,, can not show error message long ago, prevent to cause confusion to the user by from different information, filtering out a part of different information as display object.
In this process flow diagram of above explanation, in 1 communication process (S114) back and forth, concentrate and carry out transaction step (S113, S116) and different information processing step (S112, S117).On the other hand, also can not carry out transaction step, and only carry out different information processing step.
In addition, when authentication unsuccessful (S121 denys), though be that a user who carries out transaction request is considered as illegal person, and in S125, do not send different information, also can in S125, send different information, and in S117, export this different information.
And, also can after having shown different information (S117), send medium (card, cash etc.) (S116) to the user.Thus, for when having exported medium, thinking the shorttempered user who has finished transaction by mistake, can prevent that it from forgetting and confirm different information.
And different information treatment part 15 also can urge the user to take the prevent illegal attack relevant with different information exported different information (S117) to the user after.For example, when being subjected to 3 password attacks, urge the change password, change to the character password longer than current password.Thus, from understanding different information to taking to prevent illegal attack, the user can finish by 1 processing, so the burden of bringing to the user is little.
In addition, in Fig. 4, be that prerequisite is illustrated, but also can replace with the PC terminal of utilizing Web bank with the ATM terminal.At this moment, can omit the insertion (S111) of cash card and the processing of sending (S116) of medium.
In addition, for when implementing to prevent illegal attack to the content of user prompt, for example can list following content.
Reach stipulated number when above → " whether the PLSCONFM password is difficult to is analogized " in " password is different "
Reach stipulated number when above → " whether the PLSCONFM password is difficult to is analogized " in " password is different ".In addition, " suggestion changes to the password than current length "
In " password is different " or " password is different ", and when not logining human body information → " the suggestion end user realizes card "
In addition, also can send to user terminal by Email different information with to the content of user prompt by trading server 2.Thus, the user can understand the different information of sending before the account of visit oneself, rogue attacks is taken some countermeasures.
Fig. 5 is the performed flow process of alternative flow of process flow diagram shown in Figure 4.In Fig. 4, the communication process that is used to authenticate and the communication process of transaction after being used to authenticate be concentrated into 1 time (S114) and carry out.And in Fig. 5, the communication process that is used to authenticate (S213) and the communication process that begins to conclude the business (S216) after being used to authenticate divide and to carry out for 2 times.And, be authenticated to be when not allowing to begin to conclude the business, transaction terminal 1 end process, and need not import Transaction Information.Thus, for illegal person, the input of not carrying out Transaction Information can be judged to be authentication and get nowhere.Below, the process flow diagram of Fig. 5 is elaborated.
Medium input and output portion 11 accepts the insertion (S211) from user's the cash card relevant with user account.Information input unit 12 is accepted the input (S212) of the required authentication informations such as password of authentication according to the input operation of user to touch-screen or keyboard etc.
(S221 when not satisfying the decision condition of S221, not), different Information Management Department 23 is appended to (S225) among the different information D B24 being judged to be the current authentication result that does not allow to begin to conclude the business, and carries out it is notified to as authentication response the communication process (S226) of transaction terminal 1.Transaction terminal 1 receives the communication process (S213) of authentication response.
When satisfying the decision condition of S221 (S221 is), trading server 2 carries out being notified to the communication process (S222) of transaction terminal 1 as authentication response being judged to be the current authentication result that allows to begin to conclude the business.Transaction terminal 1 receives the communication process (S213) of authentication response.
Medium input and output portion 11 sends medium (card, cash etc.) (S217) according to the transaction results that is comprised in the transaction response by trading server 2 notices to the user.The different information (S218) of different information treatment part 15 by being comprised in the transaction response of information output part 13 outputs (demonstration) by trading server 2 notices.
In addition, medium input and output portion 11 not only accepts the insertion of cash card, also can accept the insertion of credit card.Under the situation of having imported credit card, in the server of the management company of credit card, different information is managed.
In addition, also can be afterwards in the whether successful judgement (S214) of authentication, the output (S218) of different information is carried out in the input of Transaction Information (S215) before.
Claims (10)
1. transaction system to comprise the transaction terminal that the user operates in order concluding the business and to accept trading server from the transaction request of above-mentioned transaction terminal, it is characterized in that,
Above-mentioned trading server has: authentification of user portion, and the user who operation is carried out the above-mentioned transaction terminal of above-mentioned transaction request authenticates; And different Information Management Department, different information storage in memory storage, and is sent to above-mentioned transaction terminal, wherein, this different information representation is judged to be the authentication result that does not allow the user that begins to conclude the business by above-mentioned authentification of user portion;
Above-mentioned transaction terminal has the different information treatment part of the above-mentioned different information that output receives from above-mentioned trading server.
2. transaction system according to claim 1 is characterized in that, above-mentioned trading server sends above-mentioned different information by Email to user terminal.
3. transaction system according to claim 1 and 2, it is characterized in that, above-mentioned transaction terminal constitutes the ATM terminal of addressable bank internal network, and above-mentioned transaction is at the withdrawing the money of user account, deposit, externally transfer accounts, of the same namely transfer accounts, query the balance, booklet book keeping operation and unloading and change password.
4. transaction system according to claim 1 and 2, it is characterized in that, above-mentioned transaction terminal constitutes the PC terminal of addressable Internet, and above-mentioned transaction is at externally the transferring accounts of user account, of the same namely transfers accounts, buys in bond, queries the balance and change password.
5. according to any described transaction system in the claim 1 to 4, it is characterized in that the nearest above-mentioned different information in above-mentioned different information treatment part output and the user-dependent above-mentioned different information.
6. according to any described transaction system in the claim 1 to 5, it is characterized in that above-mentioned different information comprises the authentication classification by the authentication at least a that constitute, that undertaken by above-mentioned authentification of user portion in human body authentication, password authentication and the cipher authentication.
7. transaction system according to claim 6 is characterized in that, above-mentioned different information treatment part carry out with above-mentioned different information in the corresponding rogue attacks countermeasure processing of above-mentioned authentication classification that comprised.
8. according to any described transaction system in the claim 1 to 7, it is characterized in that above-mentioned trading server makes the transaction results of above-mentioned transaction request and is included in 1 transaction response with the user-dependent above-mentioned different information of above-mentioned transaction request and sends to above-mentioned transaction terminal.
9. method of commerce of being carried out by transaction system, this transaction system to comprise the transaction terminal that the user operates in order concluding the business and to accept trading server from the transaction request of above-mentioned transaction terminal, it is characterized in that,
Above-mentioned trading server, the user who operation is carried out the above-mentioned transaction terminal of above-mentioned transaction request authenticates, and different information storage in memory storage, and is sent to above-mentioned transaction terminal, wherein, this different information representation is judged as the authentication result that does not allow the user that begins to conclude the business;
The above-mentioned different information that above-mentioned transaction terminal output receives from above-mentioned trading server.
10. trading server that uses in transaction system, this transaction system to comprise the transaction terminal that the user operates in order concluding the business and to accept trading server from the transaction request of above-mentioned transaction terminal, it is characterized in that,
Above-mentioned trading server has: authentification of user portion, and the user who operation is carried out the above-mentioned transaction terminal of above-mentioned transaction request authenticates; And different information storage in memory storage, and send to the different Information Management Department of above-mentioned transaction terminal, wherein, this different information representation is judged to be the authentication result that does not allow the user that begins to conclude the business by above-mentioned authentification of user portion.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2006259113 | 2006-09-25 | ||
JP2006259113A JP2008077587A (en) | 2006-09-25 | 2006-09-25 | Transaction system, transaction method and transaction server |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101154309A true CN101154309A (en) | 2008-04-02 |
CN100585652C CN100585652C (en) | 2010-01-27 |
Family
ID=39255944
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN 200710138092 Expired - Fee Related CN100585652C (en) | 2006-09-25 | 2007-08-15 | Trading system, trading method and trading server |
Country Status (2)
Country | Link |
---|---|
JP (1) | JP2008077587A (en) |
CN (1) | CN100585652C (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105339972A (en) * | 2013-06-04 | 2016-02-17 | 决济电算院 | Win-win payment method for goods received |
Families Citing this family (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2010238102A (en) * | 2009-03-31 | 2010-10-21 | Fujitsu Ltd | Information processor, authentication system, authentication method, authentication device and program |
JP5664759B2 (en) * | 2013-12-26 | 2015-02-04 | 富士通株式会社 | Information processing apparatus, authentication system, authentication method, authentication apparatus, and program |
JP6411037B2 (en) * | 2014-03-07 | 2018-10-24 | 株式会社日本総合研究所 | Identification system and cash accounting system |
Family Cites Families (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3809857B2 (en) * | 2001-03-15 | 2006-08-16 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Transaction system, transaction terminal, transaction history output device, server, transaction history display method, computer program |
JP2002358417A (en) * | 2001-03-30 | 2002-12-13 | Mizuho Corporate Bank Ltd | Method, system, and program for banking processing |
JP2004234434A (en) * | 2003-01-31 | 2004-08-19 | Tama Chuo Shinkin Bank | Automatic cash transaction system and its latest transaction history display method |
JP2005084822A (en) * | 2003-09-05 | 2005-03-31 | Omron Corp | Unauthorized utilization notification method, and unauthorized utilization notification program |
JP2006011919A (en) * | 2004-06-28 | 2006-01-12 | Oki Electric Ind Co Ltd | Unauthorized trading reporting system |
JP2006235666A (en) * | 2005-02-22 | 2006-09-07 | Hitachi Software Eng Co Ltd | User authentication system |
-
2006
- 2006-09-25 JP JP2006259113A patent/JP2008077587A/en active Pending
-
2007
- 2007-08-15 CN CN 200710138092 patent/CN100585652C/en not_active Expired - Fee Related
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105339972A (en) * | 2013-06-04 | 2016-02-17 | 决济电算院 | Win-win payment method for goods received |
Also Published As
Publication number | Publication date |
---|---|
CN100585652C (en) | 2010-01-27 |
JP2008077587A (en) | 2008-04-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10672009B2 (en) | Method for authenticating financial instruments and financial transaction requests | |
CN100334830C (en) | Automated transaction machine digital signature system and method | |
CN101669133A (en) | Generation of electronic negotiable instruments using predefined electronic files for providing promise of payment | |
US11042851B2 (en) | Token based transactions | |
US20090222367A1 (en) | System and Method for the Activation and Use of a Temporary Financial Card | |
CN108074095A (en) | A kind of ticket processing method and device | |
US8714445B1 (en) | Secured and unsecured cash transfer system and method | |
WO2011090281A2 (en) | System for inputting information online and performing financial transactions using personal identification medium, method for same, and recording medium for recording programs for same | |
EP1649631A2 (en) | Systems and methods for facilitating transactions | |
JP2011034556A (en) | Information system, processing station, credit card payment method | |
CN109949120A (en) | It is related to the system and method for digital identity | |
US6954740B2 (en) | Action verification system using central verification authority | |
CN101223729B (en) | Updating a mobile payment device | |
US20150269542A1 (en) | Secure and Unsecured Cash Transfer System and Method | |
CN100585652C (en) | Trading system, trading method and trading server | |
EP2613287A1 (en) | Computer system and method for initiating payments based on cheques | |
EP1828999A1 (en) | A method and system for securely distributing a personal identification number and associating the number with a financial instrument | |
CN101676960B (en) | Display condition judgement device and transaction acknowledgement system | |
JP2008015867A (en) | Automatic cash transaction system | |
WO2013000966A1 (en) | Method of dematerialized transaction | |
WO2001009855A1 (en) | Secure electronic transactions | |
JP2006065715A (en) | Transfer processor and program | |
de Jong | Cash: The once and future king | |
KR102249497B1 (en) | Financial terminal and method for providing financial service using the same | |
CN100382071C (en) | Automatic bank machines and system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100127 Termination date: 20170815 |
|
CF01 | Termination of patent right due to non-payment of annual fee |