CN102663642A - Financial transaction verification method and system thereof - Google Patents
Financial transaction verification method and system thereof Download PDFInfo
- Publication number
- CN102663642A CN102663642A CN2012100772756A CN201210077275A CN102663642A CN 102663642 A CN102663642 A CN 102663642A CN 2012100772756 A CN2012100772756 A CN 2012100772756A CN 201210077275 A CN201210077275 A CN 201210077275A CN 102663642 A CN102663642 A CN 102663642A
- Authority
- CN
- China
- Prior art keywords
- authentication code
- information
- bank card
- portable terminal
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
Abstract
The invention belongs to the financial transaction safety technology field and relates to a financial transaction verification method and a system thereof. According to the invention, a mobile terminal sends a transaction request to a server. The server verifies validity of the transaction request. After the transaction is verified to be valid, the server sends an authentication code. A financial terminal sends the authentication code input by a user to the server so as to perform the verification. The authentication code input by the user is determined whether to be the same with the authentication code which is sent to the mobile terminal by the server. If the two authentication codes are the same, the authentication code is considered to be correct and simultaneously information of a bank card inserted by the user is verified. The bank card information is determined whether to the same with the bank card information which is binding with a telephone card of the mobile terminal. If the bank card information is the same, the identity of people who withdraws money is considered to be valid. And a next transaction operation is allowed to be performed. By using the method and the system of the invention, security is high; the method is simple so that the user operation is simple; and an application scope is wide.
Description
[technical field]
The invention belongs to financial transaction safety technique field, relate to a kind of method and system of financial transaction checking.
[background technology]
In order to strengthen financial transaction process safe property; People figure out various way; All can realize the operations such as password of transferring accounts, pay by mails and revise as safe as a house through mobile phone, PC and POS machine; But, then must go up or bank counter carries out access to ATM (ATM) if relate to money transaction.For small amount the deposit or the withdrawal, operate the very inconvenience that seems to bank counter by bank clerk, and ATM is because its quantity is many; Withdraw the money need not the queuing or queuing time shorter; And not free restriction, the demand that has made things convenient for people in daily life the small amount financial business to be handled greatly, but because ATM is in a kind of open user mode; Be in unserviced state mostly; And ATM relates to money transaction, even and the lawless person stolen the cash of validated user account, if can not find the lawless person; Also be difficult to know the whereabouts of the cash of stealing, so the safety issue of on ATM, concluding the business is particularly outstanding.
In the use of present ATM; The user inserts bank card in the ATM earlier; Propose the input password according to the screen on the ATM then, during the input password, must import through keyboard on the ATM or the PIN PAD on the touch-screen; After password authentification is passed through, the operation of financial business such as can withdrawing deposit and transfer accounts.So the lawless person wants to palm off the validated user business of withdrawing the money; At first must know the bank card information of validated user and the password of bank card; All just have the lawless person that the information that CR obtains bank card is being installed on the ATM or on the gate control system, then through duplicating bank card, and through the password that camera or password register obtain bank card is installed; Just can palm off validated user and easily money stolen away, bring property loss to the user of this card.
So in order to improve the security of ATM transaction, just must make the lawless person be difficult to obtain validated user bank card information or/and password get final product.The bank card information exposed problems that causes when on ATM, carrying out financial transaction for fear of validated user with bank card; One Chinese patent application number is: 200610028515.8 Chinese invention patent provides a kind of system and implementation method of utilizing mobile phone terminal to withdraw the money or pay, and described method comprises the steps: specific bank card is bound with specific mobile phone number mutually; On financial terminal, show terminal service information; The user utilizes mobile phone directly to dial feature code, also can send note; Service network sends to financial server with information; Financial server is found out the financial terminal that the bank card information corresponding with phone number is sent to the user place; After the user inputs password and identification, carry out the finance operation.This patent is put down in writing utilizes mobile phone terminal to withdraw the money or there is following drawback in the technology paid:
1. feature code is presented on the display screen of ATM, other people is arranged when concluding the business operation when this moment on the ATM, can block the display screen of ATM; Cause the people who is in wait can't see feature code; Also just can not before the operation financial terminal, on mobile phone terminal, carry out the operation of input feature vector code in advance, if just begin to operate when oneself carries out financial transaction being discharged to mobile phone; Obviously make the whole operation process slower, increased the time that other people wait in line to withdraw the money.If feature code is printed on the wall of display screen top, the possibility of being revised by the lawless person is arranged then.
2. after carrying out mobile phone operation, also need on financial terminal, import bank card password, password is is probably intercepted and captured by the lawless person in the process of input bank card password, has caused security decline.
3. through feature code location financial terminal; But the but accurate legal identity of judges; Because the user at an enterprising line operate of financial terminal has a lot, if the user before the operation financial terminal through mobile phone input feature vector code, before this user be the lawless person and just come; He has known user's bank card password in advance, so just is easy to palm off this user operation of withdrawing the money.
So this patent is disclosed utilize mobile phone terminal withdraw the money or the security of the system that pays and implementation method not high, and comparatively inconvenience of operation.
Number of patent application is: 201010116443.9 Chinese invention patent also discloses a kind of authentication method and system based on ATM; Said authentication method based on ATM comprises: receive the reservation request of withdrawing the money that comprises signatory phone number, authentication code, the withdraw the money amount of money and trading password of user's input, obtain the subscription information that comprises bank's card number, authentication code, the withdraw the money amount of money and trading password of preset value according to signatory phone number from Mobile banking; Carry out authentication according to the reservation of the obtaining reservation request of withdrawing the money that information butt joint receives of withdrawing the money, with the amount of money of the amount of money equal number of withdrawing the money in output when the authentication success and the reservation request of withdrawing the money.Because user of the present invention imports signatory phone number, authentication code, the withdraw the money amount of money and trading password etc. are all accomplished on ATM; Because ATM is the platform of an opening; Although protect, as long as the lawless person has peeped the deposit that above information just is easy to steal the user so be provided with multiple password.Security is not high.
Because the confidentiality of bank card information is not as the confidentiality of password, thus the most crucial basic of financial transaction security will be become to the confidentiality of password, and bank card can play the effect of accurate identification user identity as a kind of material object.Withdraw the money if adopt not have to block, as long as after the disabled user gets access to the related data about card number and password, will be easy to steal deposit, so it is not high that employing is not had the card safety of withdrawing money.
In order to solve password by the illegal problem of intercepting and capturing, patent publication No. is the Chinese invention patent of CN10763692A, discloses a kind of system of ATM password input; The user utilizes the input media replacement on the mobile phone originally to be arranged on the input media on the ATM through emitter and ATM line on the own mobile phone, avoids suffering video camera or palms off keyboard record password with this; In this patent, mobile phone comprises a transmitter unit, and transmitter unit is the transmitter module that utilizes short-range transmission technique; ATM comprises receiving element, and receiving element is the receiver module that utilizes short-range transmission technique, in order to receive the personal identification number of transmitter module emission; Transmitter unit and receiving element are respectively transmitter module and the receiver modules that utilizes Bluetooth transmission protocol, in this patent, just can use in the time of need on ATM and on the mobile phone, all possessing bluetooth module; Like this, increased the manufacturing cost of ATM significantly, and on the existing ATM machine bluetooth module has not been set all; So also increased the cost of upgrading ATM, moreover, because two processes that bluetooth module need match when setting up communication link; Have only both sides to know that all pairing just can successful matching during password,, can increase transaction risk obviously if the password that need not match of acquiescence gets final product successful matching; Can give simultaneously the lawless person with opportunity like this, the lawless person also can be through inputing the operation of password with the bluetooth module pairing of ATM, and the password through input error comes to upset user's arm's length transaction process; On the other hand, sending trading password through the Bluetooth of mobile phone module to ATM, is unworkable if for mobile phone itself, there is not install software itself; So, some special softwares need be installed on mobile phone just can carry out this operation, obviously be the upgrade cost that has increased the user; So user's utilization rate is certain to descend; The popularization of this technology of giving brings difficulty, on the other hand, owing to be not that each mobile phone all has bluetooth communication module; So also limited this The Application of Technology scope; So the technology put down in writing of this patent is that a consuming cost is huge in sum, but but be difficult to bring the unpractical technology of economic benefit and social benefit.
[summary of the invention]
The object of the invention is exactly in order to solve above-mentioned technical matters, to have proposed the method and system that a kind of new financial transaction is verified.The present invention has safe, and method is simple, and the user is simple to operate, advantage of wide range of application.
Concrete technical scheme of the present invention is following:
The present invention provides a kind of financial transaction verification method, it is characterized in that, this method comprises:
Obtain the request of checking in advance that portable terminal sends;
Obtain the card number information of portable terminal;
There is the portable terminal of bank card information to send authentication code information to binding;
Financial terminal obtain the customer transaction account bank card information and user input authentication code information and said bank card information and authentication code information sent to server verify;
Whether the authentication code of verifying said financial terminal transmission is identical with the authentication code that the portable terminal that this bank card information is arranged to binding sends;
The instruction that transaction verification passes through is sent to financial terminal in the identical back of authentication code.
This method further comprises:
Obtain the authorization information that portable terminal sends;
Obtain the trading password information that comprises in this authorization information;
Verify whether said trading password is identical with the pairing trading password of said bank card;
Authentication code information is sent to said portable terminal in the correct back of trading password checking.
Portable terminal sends checking request in advance through calling out or send way of short messages, and said trading password information sends to server through the mode of note or dialing or button input.
The said dynamic authentication codes of authentication code for from the authentication code database, randomly drawing of sending to portable terminal, said authentication code is verified the inefficacy of correct back.
This method further comprises:
Calculating is to the time interval of said portable terminal transmission authentication code with the authentication code that receives said financial terminal transmission;
Judge whether the said time interval exceeds the threshold values of setting;
When the said time interval exceeds the threshold values of setting, send the defective and overtime instruction of authentication code of dealer's authentication to financial terminal;
When the said time interval does not exceed the threshold values of setting, send the qualified instruction of dealer's authentication to financial terminal.
This method further comprises:
Verify when said trading password and the pairing trading password of this bank card are inequality; Send the message information of trading password mistake to portable terminal; In the regular hour section during continuous several times trading password authentication error; Send the message information that authentication is ended to portable terminal, and stop to extract the trading password information that comprises in the checking note.
This method further comprises:
Verify when authentication code that said financial terminal sends and the corresponding authentication code of this bank card information are inequality; Send the message information of authentication code mistake to financial terminal; In the regular hour section during continuous several times authentication code verifying mistake; Send the message information that authentication is ended to financial terminal, and stop the authentication code that financial terminal sends is verified.
This method further comprises:
When the trading password of said portable terminal transmission is the alarm code of user preset,, said portable terminal starts monitoring when sending authentication code to this bank card;
Obtain the financial terminal position of sending monitored bank card information;
Send the positional information of said financial terminal to the public security warning system.
The present invention also provides a kind of financial transaction verification system, it is characterized in that, this system comprises:
Portable terminal is used for sending checking request in advance to server;
Server is used to obtain the card number information of portable terminal and has the portable terminal of bank card information to send authentication code information to binding;
Financial terminal, be used to obtain the customer transaction account bank card information and user's input authentication code information and said bank card information and authentication code information sent to server verify;
Whether the authentication code that the said financial terminal of server authentication sends is identical with the authentication code that the portable terminal that this bank card information is arranged to binding sends, and server sends the instruction that transaction verification passes through to financial terminal in the identical back of authentication code.
Said portable terminal also is used to send authorization information; Whether the said trading password of said server authentication is identical with the pairing trading password of said bank card, and server sends authentication code information to portable terminal in the correct back of trading password.
Portable terminal sends checking request in advance through calling out or send way of short messages, and said trading password information sends to server through the mode of note or dialing.
The said dynamic authentication codes of authentication code for from the authentication code database, randomly drawing of sending to portable terminal, said authentication code is verified the inefficacy of correct back.
When the trading password of said portable terminal transmission was the alarm code of user preset, startup of server was to the monitoring of this bank card when said portable terminal sends authentication code; Server obtains the financial terminal position of sending monitored bank card information, and sends the positional information of said financial terminal to the public security warning system.
Said server also comprises:
Time set was used to calculate to the time interval of said portable terminal transmission authentication code with the authentication code that receives said financial terminal transmission;
The analysis and judgement device is used to judge whether the said time interval exceeds the threshold values of setting;
When the said time interval exceeded the threshold values of setting, server sent the defective and overtime instruction of authentication code of dealer's authentication to financial terminal;
When the said time interval did not exceed the threshold values of setting, server sent the qualified instruction of dealer's authentication to financial terminal.
Said server also comprises:
Metering apparatus; Be used to calculate the number of times of in the regular hour section, verifying trading password and authentication code mistake continuously; After the number of times of checking trading password mistake surpassed certain threshold values continuously in the regular hour section, server was ended the dealer who holds said bank card is carried out authentication.
Beneficial technical effects of the present invention is:
The present invention sends trading password through portable terminal; Send authentication code through financial terminal again then; And make authentication code, trading password corresponding with bank card number and portable terminal card number respectively; Simultaneously bank card information is corresponding with the card number information of portable terminal again, makes dealer's identity to be carried out double authentication in the process of exchange, has improved the security of transaction.
The present invention sends transaction request through portable terminal to server, when sending transaction request through the mode of calling out and through the mode of dialing, imports trading password, can make the user to use very convenient., after server sends transaction request, also may not request the user to carry out the trading password checking and directly send authentication code at portable terminal, setting can be user-friendly like this, and more convenient to operate, but can reduce the security of transaction.
Owing to send trading password through portable terminal; Avoid the lawless person to peep and perhaps illegally intercept and capture trading password; And the authentication code that server sends to portable terminal is the dynamic authentication codes of sending at random; Even peeped or illegally intercept and capture by the lawless person, also can not bring unsafe factor to bank account.
Though the input process of authentication code is in public; But authentication code is a stochastic and dynamic, and through dynamic authentication code is set, this authentication code ceased to be in force automatically after using once; And it is only effective in the regular hour; It is invalid having surpassed the regular hour, compares fixing trading password, has very high security.
Through alarm code is set; Can be when the user meets with violence and coerces; The method flow that ingenious and concealed utilization is verified dealer's identity sends warning message to server, makes things convenient for the police timely bank account to be followed the tracks of and protected, and has avoided user's account to be coerced the problem appearance of withdrawing the money; Simultaneously can play extraordinary strike and threat power, improve user's account safety the lawless person.
[description of drawings]
Fig. 1 is the method flow diagram of the embodiment of the invention 1;
Fig. 2 is the system architecture diagram of the embodiment of the invention 1;
Fig. 3 is the method flow diagram of the embodiment of the invention 2;
Fig. 4 is the system architecture diagram of the embodiment of the invention 2;
Fig. 5 is the method flow diagram of the embodiment of the invention 3;
Fig. 6 is the system architecture money figure of the embodiment of the invention 3.
[embodiment]
The present invention provides a kind of method and system of financial transaction checking.The present invention sends trading password through portable terminal; Send authentication code through financial terminal again then; And make authentication code, trading password corresponding with bank card number and portable terminal card number respectively; Simultaneously bank card information is corresponding with the card number information of portable terminal again, makes dealer's identity to be carried out double authentication in the process of exchange, has improved the security of transaction.
Financial terminal of the present invention comprises POS machine, ATM, bank cashier machine and other bank transaction terminals.
Owing to have time enough to go to carry out the checking of trading password before the user withdraws the money on ATM through portable terminal; So when method of the present invention relatively is suitable on ATM, concluding the business dealer's identity is verified; It is that example describes financial trade method of the present invention and system that following embodiment withdraws the money on ATM with the user, but is not that protection scope of the present invention is limited.
As shown in Figure 1, present embodiment provides a kind of method that dealer's identity on the ATM is verified, this method comprises the steps:
S11: obtain the checking note in advance that portable terminal sends;
This step is specially: the user is before withdrawing the money on the ATM; Send the checking note of trading password in advance to server through portable terminal (for example mobile phone); For example can send trading password: 457523 to the server of the National Industrial and Commercial Bank of China; Can write short message content for the mobile phone of " 13510617608 " through phone number and send to " 955881000 " for " QK#457523# " (QK is the initial of the phonetic of withdrawing the money); Said trading password " 457523 " is accomplished the legal trading password that is provided with after the authentication for the user at industrial and commercial bank's sales counter through manual work; After the user has only the note of transmission to comprise the content of correct trading password, could be by the server of bank through checking.
S12: the card number information that obtains the portable terminal that sends note;
This step is specially: the note of sending through mobile phone, thus know the card number information of the SIM of this this portable terminal of registration.In above-mentioned steps, phone number for the portable terminal of " 13510617608 " to server send verify note in advance after, short message server can know that this phone number is 13510617608.
S13: obtain the bank card information of binding with the card number of this portable terminal;
This step is specially: number is provided with through artificial at bank counter for the mobile phone of " 13510617608 " in advance; With this phone number with card number be: the bank card of " 6240993233994435 " is bound mutually; Can inquire and the corresponding bank card number of this phone number through phone number; Also can inquire and the corresponding phone number of this bank card number through bank card number; A phone number can be bound with a card number of a tame bank mutually, and a phone number can be bound the bank card of how tame bank.Difference is that the bank card of which bank of family can be through sending note the other side's number.Short message server obtains after this phone number through in database, searching out the card number information with the corresponding bank card of this phone number; If in database, seek card number information less than the corresponding bank card of this phone number; Show that then this user does not bind mobile phone card and bank card in advance, stop the checking work of dealer's identity this moment.
S14: extract the trading password information that comprises in the checking note;
This step is specially: mobile phone is through sending the short message server of note in the mobile communications network, and short message server sends to the financial server checking with this trading password after extracting the trading password " 457523 " in the short message content " QK#457523# ".
S15: verify whether said trading password is identical with the pairing trading password of this bank card;
This step is specially: the trading password " 457523 " that mobile phone is sent and find bank card number and the corresponding trading password of this bank card number stored in bank card number and the financial server through the mobile phone card number and compare; If the trading password of identical bank card number also is identical; Show that then the trading password checking is correct; If the trading password of identical bank card number is inequality; Show that then trading password is incorrect, this moment the Sideliner identity checking work and remind to the note that mobile phone sends the trading password mistake.The user can send the checking note through mobile phone to server once more; Whether server continues the trading password of checking user mobile phone transmission correct; Like the trading password mistake that within one day, authenticates to same bank card continuously three times; End the trading password of this bank card and verify 24 hours, and send the short message that the trading password checking is ended to mobile phone.
S151: the message information that sends the trading password mistake during trading password mistake to said portable terminal;
This step is specially: after financial server checking trading password mistake, to the card number of this bank card corresponding mobile phone card of short message server transmission, send the short message of trading password mistake to mobile phone through short message server.
S152: authentication code is sent to said portable terminal in the correct back of trading password checking;
This step is specially: after financial server checking trading password is correct, from the authentication code database, extracts a dynamic authentication code at random and send to this bank card corresponding mobile phone through short message server.
The S16:ATM machine obtains the authentication code information of bank card information that the user inserts and user's input and said bank card information and authentication code information is sent to server and verifies;
This step is specially: receive the authentication code of short message server transmission at user mobile phone after, after the user inserted bank card, ATM obtained the information of bank card through card reader; And the information of this bank card is passed through internet transmission give financial server; Financial server is analyzed the information of this bank card, judges this bank card and whether has bound mobile phone, gives tacit consent to through authentication code user's legal identity is verified if this bank card binding has mobile phone; If this bank card is not bound mobile phone; Then give tacit consent to through trading password the legal identity through the user is verified, after the financial server of bank detects this bank card binding mobile phone is arranged, send through authentication code the legal instruction of carrying out authentication of user as ATM; The screen display authentication code input window of ATM; The keyboard of user through ATM will receive authentication code and be input in the authentication code input window, and ATM obtains the authentication code of user's input, authentication code information is issued financial server verify.
S17: obtain and the corresponding authentication code information of said bank card information;
This step is specially: through bank card corresponding mobile phone card card number, the card number through the mobile phone card finds out the authentication code that sends to said mobile phone from short message server again.
S18: whether the authentication code of verifying said ATM transmission is identical with the corresponding authentication code of this bank card information;
This step is specially: the authentication code that authentication code that ATM is sent and short message server send to mobile phone compares; Whether the authentication code of judging said ATM transmission is identical with the corresponding authentication code of this bank card information; If both authentication codes are identical; Think that then the authentication code that ATM sends is correct authentication code,, think that then the authentication code that ATM sends is wrong identifying code if both authentication codes are inequality.
S181: the qualified instruction of dealer's authentication is sent to ATM in the correct back of authentication code verifying.
This step is specially: after authentication code verifying is correct, send the correct instruction of authentication code to ATM, at this moment, accomplish the whole process of dealer's authentication; After authentication code and trading password are all correct; Judge that dealer's authentication is qualified, the transaction operation that allows this moment the user to get into next step is when the user need withdraw the money; Obtain the number instruction of withdrawing the money of user's input; Whether send to its number of withdrawing the money of financial server analysis and judgement and be allowed to, number if this is withdrawn the money, through ATM output cash if being allowed to.
S182: during the authentication code verifying mistake, send the message information of authentication code mistake to ATM.
This step is specially: verify when authentication code that said ATM sends and the corresponding authentication code of this bank card information are inequality; Send the message information of authentication code mistake to ATM; Can allow this moment the user once more through ATM input authentication sign indicating number, get access to the authentication code of user's input once more when ATM after, send to financial server analysis once more; Judge input is whether authentication code is correct once more; The authentication code mistake of user's continuous 3 inputs within a day is then ended the checking to the corresponding authentication code of this bank card, and sends the message information that authentication is ended to ATM.
As shown in Figure 2, present embodiment also provides a kind of system that dealer's identity on the ATM is verified, this system comprises:
Reading device 22, the corresponding bank card information of card number information that is used to read and send the portable terminal of verifying note;
Trading password demo plant 23 is used for extracting and verifies the trading password information that note comprises and verify whether whether this trading password identical with the pairing trading password of this bank card;
Authentication code generates and dispensing device 24; After the trading password checking was correct, the server authentication code data was randomly drawed an authentication code in the storehouse, and this authentication code is sent to said portable terminal;
Said server also comprises authentication code verifying apparatus 25, and whether the authentication code that is used to verify said ATM transmission is with said authentication code generation and dispensing device generation and identical with the corresponding authentication code of bank card information;
After authentication code verifying was correct, server sent the qualified instruction of dealer's authentication to ATM.
Said server also comprises metering apparatus 26; Be used to calculate the number of times of in the regular hour section, verifying trading password and authentication code mistake continuously; After the number of times of checking trading password mistake surpassed certain threshold values continuously in the regular hour section, server was ended the dealer who holds said bank card is carried out authentication
Said portable terminal 1 also is used for the authentication code that reception server sends.
In the above embodiments; The user sends to server through sending way of short messages with trading password; For some users were arranged, the transmission note was comparatively loaded down with trivial details, also allowed it to send the checking request and verify link with server foundation to server through calling out specific transaction number for these custom systems; User's trading password also can be through the mode of dialing or in server requirement user input, and the user is through the button input.
On the other hand, peeping or illegally intercepting and capturing the authentication code that server sends to portable terminal, authentication code is being arranged in the regular hour effectively, and after use, ceases to be in force automatically for fear of the lawless person.Concrete, as shown in Figure 3, present embodiment provides a kind of method that dealer's identity on the ATM is verified in addition, and this method comprises the steps:
S21: obtain the checking request that portable terminal sends;
S22: the card number information that obtains the portable terminal of call server;
S23: obtain the bank card information of binding with the card number of this portable terminal;
S24: the trading password information of obtaining user's input;
S25: verify whether said trading password is identical with the pairing trading password of this bank card;
S251: the message information that sends the trading password mistake during trading password mistake to said portable terminal;
S252: authentication code is sent to said portable terminal in the correct back of trading password checking;
S26: record sends the moment of authentication code to portable terminal;
This step is specially: when server when portable terminal sends authentication code; The moment when calculating authentication code is sent out; Certainly sometimes; Because of the reason of note receive delay, server to moment that portable terminal sends authentication code with portable terminal receive authentication code the time engrave and have bigger interval, receive that to judge portable terminal the note that includes authentication code is the starting point of timing this moment.
The S27:ATM machine obtains the authentication code information of bank card information that the user inserts and user's input and said bank card information and authentication code information is sent to server and verifies;
S28: the record ATM sends to authentication code information the moment of server;
This step is specially: when server receives the authentication code of ATM transmission, note the moment that server receives authentication code.
S29: calculate to the time interval of said portable terminal transmission authentication code with the authentication code that receives said ATM transmission;
S30: judge whether the said time interval exceeds the threshold values of setting;
S301: when the said time interval exceeds the threshold values of setting, send the defective and overtime instruction of authentication code of dealer's authentication to ATM;
This step is specially: to send authentication code from server to portable terminal be 1 hour to receiving the maximum time interval of authentication code that ATM sends if set before; When the time interval that calculates both above 1 hour; Judge that then authentication code lost efficacy; The deletion authentication code record corresponding from server with this bank card; After correct authentication code corresponding with this bank card in the server was deleted, the authentication code that ATM sends then was judged as illegal authentication code, judged that the dealer is the authentication failure.This moment, server sent the result of authentication code verifying failure and the reason of authentication code verifying failure to the ATM that carries out transaction processing: the prompting that the authentication code input is overtime.
S302: when the said time interval does not exceed the threshold values of setting, obtain and the corresponding authentication code information of said bank card information;
S31: whether the authentication code of verifying said ATM transmission is identical with the corresponding authentication code of this bank card information;
S311: the qualified instruction of dealer's authentication is sent to ATM in the correct back of authentication code verifying.
S312: during the authentication code verifying mistake, send the message information of authentication code mistake to ATM.
As shown in Figure 4, on the basis of embodiment 1, present embodiment provides a kind of system that dealer's identity on the ATM is verified in addition,
Reading device 22 is used to read and send the corresponding bank card information of card number information of verifying the portable terminal of asking;
Trading password demo plant 23 is used to verify whether whether trading password identical with the pairing trading password of this bank card;
Authentication code generates and dispensing device 24; After the trading password checking was correct, the server authentication code data was randomly drawed an authentication code in the storehouse, and this authentication code is sent to said portable terminal;
Said server also comprises authentication code verifying apparatus 25, and whether the authentication code that is used to verify said ATM transmission is with said authentication code generation and dispensing device generation and identical with the corresponding authentication code of bank card information;
After authentication code verifying was correct, server sent the qualified instruction of dealer's authentication to ATM.
Said server also comprises metering apparatus 26; Be used to calculate the number of times of in the regular hour section, verifying trading password and authentication code mistake continuously; After the number of times of checking trading password mistake surpassed certain threshold values continuously in the regular hour section, server was ended the dealer who holds said bank card is carried out authentication
Said portable terminal 1 also is used for the authentication code that reception server sends.
The server 2 of this system also comprises:
Time set 28 was used to calculate to the time interval of said portable terminal transmission authentication code with the authentication code that receives said ATM transmission;
Analysis and judgement device 29 is used to judge whether the said time interval exceeds the threshold values of setting;
When the said time interval exceeded the threshold values of setting, server sent the defective and overtime instruction of authentication code of dealer's authentication to ATM;
When the said time interval did not exceed the threshold values of setting, server sent the qualified instruction of dealer's authentication to ATM.
Said time set 28 is used for also calculating that buffer storage stores and the corresponding existing time of authentication code information of bank card number information; The time that exists when said authentication code exceeds the time threshold values identical with the said time interval, then deletes the authentication code information of storing in the buffer storage.
In the present embodiment, portable terminal is set up the checking link after server sends transaction request and with portable terminal after, portable terminal sends to server authentication with the trading password of user's input again.Certainly, portable terminal also may not request the user to carry out the trading password checking and is directly sent authentication code after server sends transaction request, and setting can be user-friendly like this, and more convenient to operate, but can reduce the security of transaction.
On the embodiment 2 described system-based that dealer's identity on the ATM is verified, present embodiment also provides the method for utilizing this system to report to the police, and is concrete, as shown in Figure 5, and this method comprises:
S41: be provided with and the corresponding alarm code of bank card;
S42: obtain the checking request that portable terminal sends;
S43: the card number information that obtains the portable terminal of call server;
S44: obtain the bank card information of binding with the card number of this portable terminal;
S45: the trading password information of obtaining user's input;
S46: verify whether said trading password is identical with the pairing alarm code of this bank card;
S461: when the alarm code of trading password and user preset is inequality, verify whether said trading password is identical with the pairing trading password of this bank card;
S462: when trading password is the alarm code of user preset, send authentication code, start monitoring simultaneously to this bank card to portable terminal;
This step is specially: during alarm code that the trading password that sends to portable terminal when server monitoring is provided with for the user in advance, show that the user possibly suffer from kidnapping and dangerous situation such as perhaps coerce, need the trading activity of bank card be monitored this moment; The deposit that prevents the user is compelled to take away; And situation about can not in time find, because the user suffers from kidnapping or coerces situation, the user is in unsafe state; In order to protect user's security; Server sends authentication code to portable terminal equally, has both played the effect of warning, is unlikely to make the lawless person to find that their lawbreaking activities is monitored again.
S4611: the message information that sends the trading password mistake during trading password mistake to said portable terminal;
S4612: authentication code is sent to said portable terminal in the correct back of trading password checking;
S47: record sends the moment of authentication code to portable terminal;
The S48:ATM machine obtains the authentication code information of bank card information that the user inserts and user's input and said bank card information and authentication code information is sent to server and verifies;
S49: the positional information of obtaining the position of the ATM that sends monitored bank card information and sending said ATM to the public security warning system;
This step is specially: when the bank card information of the user being inserted when ATM sends to financial server; Server detects said bank card and whether is in monitored state; If this bank card is in monitored state; Then will find out the coded message of the ATM that sends this bank card information; Thereby can seek out the position of this ATM through the coded message of ATM, the positional information of this ATM is sent to the public security warning system after, be easy to the lawless person is arrested and on the spot tracking.When no matter said bank card is not monitored bank card, all operate according to the step of embodiment 2.The benefit of operation is to make all the time the lawless person to be in a kind of concealed monitored and state of being followed the tracks of like this; In conjunction with the video monitoring system in the public security warning system; Be easy to follow the tracks of lawless person's whereabouts, can either protect the user can play good strike lawless person's purpose again.Promptly remaining step comprises:
S50: the record ATM sends to authentication code information the moment of server;
S51: calculate to the time interval of said portable terminal transmission authentication code with the authentication code that receives said ATM transmission;
S52: judge whether the said time interval exceeds the threshold values of setting;
S521: when the said time interval exceeds the threshold values of setting, send the defective and overtime instruction of authentication code of dealer's authentication to ATM;
S522: when the said time interval does not exceed the threshold values of setting, obtain and the corresponding authentication code information of said bank card information;
S53: whether the authentication code of verifying said ATM transmission is identical with the corresponding authentication code of this bank card information;
S531: the qualified instruction of dealer's authentication is sent to ATM in the correct back of authentication code verifying.
S532: during the authentication code verifying mistake, send the message information of authentication code mistake to ATM.
The server of the system that the dealer's identity on the ATM of present embodiment is verified also comprises on the basis of embodiment 2, and is as shown in Figure 6:
Bank card supervising device 30 is used for when trading password is the alarm code of user preset, starts the monitoring to this bank card;
Need to prove; Those skilled in the art can also expect other technical scheme easily to the above embodiments; As long as these technical schemes in concept of the present invention, should be equal to the technical scheme of this patent, belong to the protection domain of this patent.
Claims (10)
1. a financial transaction verification method is characterized in that, this method comprises:
Obtain the request of checking in advance that portable terminal sends;
Obtain the card number information of portable terminal;
There is the portable terminal of bank card information to send authentication code information to binding;
Financial terminal obtain the customer transaction account bank card information and user input authentication code information and said bank card information and authentication code information sent to server verify;
Whether the authentication code of verifying said financial terminal transmission is identical with the authentication code that the portable terminal that this bank card information is arranged to binding sends;
The instruction that transaction verification passes through is sent to financial terminal in the identical back of authentication code.
2. financial transaction verification method according to claim 1 is characterized in that, this method further comprises:
Obtain the authorization information that portable terminal sends;
Obtain the trading password information that comprises in this authorization information;
Verify whether said trading password is identical with the pairing trading password of said bank card;
Authentication code information is sent to said portable terminal in the correct back of trading password checking.
3. financial transaction verification method according to claim 2; It is characterized in that; Portable terminal sends checking request in advance through calling out or send way of short messages, and said trading password information sends to server through the mode of note or dialing or button input.
4. according to the arbitrary described financial transaction verification method of claim 1-3, it is characterized in that, the said dynamic authentication codes of authentication code for from the authentication code database, randomly drawing of sending to portable terminal, said authentication code is verified the inefficacy of correct back.
5. financial transaction verification method according to claim 4 is characterized in that, this method further comprises:
Calculating is to the time interval of said portable terminal transmission authentication code with the authentication code that receives said financial terminal transmission;
Judge whether the said time interval exceeds the threshold values of setting;
When the said time interval exceeds the threshold values of setting, send the defective and overtime instruction of authentication code of dealer's authentication to financial terminal;
When the said time interval does not exceed the threshold values of setting, send the qualified instruction of dealer's authentication to financial terminal.
6. financial transaction verification method according to claim 2 is characterized in that, this method further comprises:
When the trading password of said portable terminal transmission is the alarm code of user preset,, said portable terminal starts monitoring when sending authentication code to this bank card;
Obtain the financial terminal position of sending monitored bank card information;
Send the positional information of said financial terminal to the public security warning system.
7. a financial transaction verification system is characterized in that, this system comprises:
Portable terminal is used for sending checking request in advance to server;
Server is used to obtain the card number information of portable terminal and has the portable terminal of bank card information to send authentication code information to binding;
Financial terminal, be used to obtain the customer transaction account bank card information and user's input authentication code information and said bank card information and authentication code information sent to server verify;
Whether the authentication code that the said financial terminal of server authentication sends is identical with the authentication code that the portable terminal that this bank card information is arranged to binding sends, and server sends the instruction that transaction verification passes through to financial terminal in the identical back of authentication code.
8. financial transaction verification system according to claim 7 is characterized in that said portable terminal also is used to send authorization information; Whether the said trading password of said server authentication is identical with the pairing trading password of said bank card, and server sends authentication code information to portable terminal in the correct back of trading password.
9. according to claim 7 or 8 described financial transaction verification systems, it is characterized in that, the said dynamic authentication codes of authentication code for from the authentication code database, randomly drawing of sending to portable terminal, said authentication code is verified the inefficacy of correct back.
10. financial transaction verification system according to claim 8 is characterized in that, when the trading password of said portable terminal transmission was the alarm code of user preset, startup of server was to the monitoring of this bank card when said portable terminal sends authentication code; Server obtains the financial terminal position of sending monitored bank card information, and sends the positional information of said financial terminal to the public security warning system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012100772756A CN102663642A (en) | 2011-12-14 | 2012-03-12 | Financial transaction verification method and system thereof |
Applications Claiming Priority (3)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110418308.4 | 2011-12-14 | ||
| CN 201110418308 CN102402773A (en) | 2011-12-14 | 2011-12-14 | Financial transaction verification method and system |
| CN2012100772756A CN102663642A (en) | 2011-12-14 | 2012-03-12 | Financial transaction verification method and system thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102663642A true CN102663642A (en) | 2012-09-12 |
Family
ID=45884953
Family Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201110418308 Pending CN102402773A (en) | 2011-12-14 | 2011-12-14 | Financial transaction verification method and system |
| CN2012100772756A Pending CN102663642A (en) | 2011-12-14 | 2012-03-12 | Financial transaction verification method and system thereof |
Family Applications Before (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201110418308 Pending CN102402773A (en) | 2011-12-14 | 2011-12-14 | Financial transaction verification method and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (2) | CN102402773A (en) |
| WO (1) | WO2013086857A1 (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014043905A1 (en) * | 2012-09-22 | 2014-03-27 | Feng Lin | Method and system for authenticating identity information of atm transactor with assistance of smart phone |
| CN104320422A (en) * | 2014-11-18 | 2015-01-28 | 中国建设银行股份有限公司 | Password management method, related device and system |
| CN107016544A (en) * | 2015-11-17 | 2017-08-04 | 国际商业机器公司 | Managed across the proof rule of entity |
| CN110086761A (en) * | 2014-07-31 | 2019-08-02 | 阿里巴巴集团控股有限公司 | It is a kind of that the method and apparatus of resource is provided |
| CN114023015A (en) * | 2021-11-04 | 2022-02-08 | 中国银行股份有限公司 | Service processing method, system and device |
Families Citing this family (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102402773A (en) * | 2011-12-14 | 2012-04-04 | 王筱雨 | Financial transaction verification method and system |
| CN104113514B (en) * | 2013-04-19 | 2019-01-22 | 腾讯科技(深圳)有限公司 | The treating method and apparatus of information security |
| CN103745538B (en) * | 2013-12-31 | 2016-09-21 | 宇龙计算机通信科技(深圳)有限公司 | The cipher code protection method of finance account and system |
| CN106228707B (en) * | 2014-09-24 | 2019-07-09 | 柳欢 | Withdrawal system based on dynamic two-dimension code |
| CN104240371B (en) * | 2014-09-24 | 2016-08-17 | 福建今日特价网络有限公司 | Withdrawal system based on static two dimensional code |
| WO2016070295A1 (en) | 2014-11-06 | 2016-05-12 | Toc S.A. | Two-factor authentication method for increasing the security of transactions between a user and a transaction point or system |
| CN104462934B (en) * | 2014-12-01 | 2018-02-27 | 联想(北京)有限公司 | A kind of information processing method and electronic equipment |
| CN105426735A (en) * | 2015-11-05 | 2016-03-23 | 上海斐讯数据通信技术有限公司 | Mobile terminal based identity verification system and method |
| CN106228368A (en) * | 2016-08-03 | 2016-12-14 | 四川易想电子商务有限公司 | A kind of method for secure transactions of multiple authentication |
| CN106846666B (en) * | 2017-01-18 | 2019-05-07 | 北京云知科技有限公司 | A kind of withdrawal method based on block chain |
| CN114582078B (en) * | 2020-12-01 | 2024-04-16 | 比亚迪股份有限公司 | Self-service deposit and withdrawal method and self-service deposit and withdrawal system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1435985A (en) * | 2002-01-30 | 2003-08-13 | 鸿联九五信息产业股份有限公司 | Dynamic cipher safety system and dynamic cipher generating method |
| CN1612518A (en) * | 2003-10-31 | 2005-05-04 | 三星电子株式会社 | User authentication system and method for controlling same |
| CN101140672A (en) * | 2007-10-23 | 2008-03-12 | 张师祝 | Method for indentifying true identification of bank card owner |
| CN102368338A (en) * | 2011-04-09 | 2012-03-07 | 冯林 | Method and system for verifying trader identity on ATM (Automatic Teller Machine) |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100454809C (en) * | 2001-12-20 | 2009-01-21 | 西北工业大学 | Nonrecurring countersign and business confirmation method |
| CN1832401A (en) * | 2006-04-06 | 2006-09-13 | 陈珂 | Method for protecting safety of account number cipher |
| CN101727646A (en) * | 2008-10-31 | 2010-06-09 | 深圳富泰宏精密工业有限公司 | Alarm system and method thereof of network bank |
| CN102402773A (en) * | 2011-12-14 | 2012-04-04 | 王筱雨 | Financial transaction verification method and system |
-
2011
- 2011-12-14 CN CN 201110418308 patent/CN102402773A/en active Pending
-
2012
- 2012-03-12 CN CN2012100772756A patent/CN102663642A/en active Pending
- 2012-07-19 WO PCT/CN2012/078842 patent/WO2013086857A1/en active Application Filing
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1435985A (en) * | 2002-01-30 | 2003-08-13 | 鸿联九五信息产业股份有限公司 | Dynamic cipher safety system and dynamic cipher generating method |
| CN1612518A (en) * | 2003-10-31 | 2005-05-04 | 三星电子株式会社 | User authentication system and method for controlling same |
| CN101140672A (en) * | 2007-10-23 | 2008-03-12 | 张师祝 | Method for indentifying true identification of bank card owner |
| CN102368338A (en) * | 2011-04-09 | 2012-03-07 | 冯林 | Method and system for verifying trader identity on ATM (Automatic Teller Machine) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014043905A1 (en) * | 2012-09-22 | 2014-03-27 | Feng Lin | Method and system for authenticating identity information of atm transactor with assistance of smart phone |
| CN110086761A (en) * | 2014-07-31 | 2019-08-02 | 阿里巴巴集团控股有限公司 | It is a kind of that the method and apparatus of resource is provided |
| CN110086761B (en) * | 2014-07-31 | 2022-03-04 | 创新先进技术有限公司 | Method and equipment for providing resources |
| CN104320422A (en) * | 2014-11-18 | 2015-01-28 | 中国建设银行股份有限公司 | Password management method, related device and system |
| CN107016544A (en) * | 2015-11-17 | 2017-08-04 | 国际商业机器公司 | Managed across the proof rule of entity |
| CN107016544B (en) * | 2015-11-17 | 2021-01-15 | 国际商业机器公司 | Cross-entity authentication rule management |
| CN114023015A (en) * | 2021-11-04 | 2022-02-08 | 中国银行股份有限公司 | Service processing method, system and device |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2013086857A1 (en) | 2013-06-20 |
| CN102402773A (en) | 2012-04-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102663642A (en) | Financial transaction verification method and system thereof | |
| CN102368338A (en) | Method and system for verifying trader identity on ATM (Automatic Teller Machine) | |
| US11328288B2 (en) | System and method for authenticating electronic money using a smart card and a communication terminal | |
| US8887997B2 (en) | Method for making secure a transaction with a payment card, and center for authorizing implementation of said method | |
| CN101523427A (en) | A system and method for verifying a user's identity in electronic transactions | |
| US20070187482A1 (en) | Point of Sale Transaction Method and System | |
| CN101588577A (en) | Safe system and method for bank transaction system | |
| CN102197407A (en) | System and method of secure payment transactions | |
| NO20003971L (en) | Real-time remote payment and transactions using mobile phone | |
| CN101093566A (en) | Safe mobile payment system, device and method | |
| CN102201143A (en) | Bank card transaction system and method based on real-time interaction of short-message platform | |
| CN102027495A (en) | Method and system for authenticating an electronic payment request | |
| CN103164911A (en) | Swiping-card payment system and method | |
| CN1996839A (en) | A low-cost and easy-to-distribute identity verification method and device | |
| EP3396611A1 (en) | Settlement system, user terminal and method executed thereby, settlement device and method executed thereby, and program | |
| JP2005122266A (en) | System and method for card-usage transaction processing, and program for card-usage transaction processing | |
| CN101615314A (en) | Electronic information card safety protection system and using method thereof | |
| JP4371084B2 (en) | ATM usage limit setting method, ATM usage limit setting device, and ATM usage limit setting program | |
| JP5280722B2 (en) | Account ledger server, financial application server, mobile passbook entry system, deposit processing method, account ledger program, and financial application program | |
| KR100644203B1 (en) | A PIN authentication method for mobile banking using a mobile phone | |
| KR20040098407A (en) | System and Method of financial transaction using Emergency Password Number | |
| CN102129742A (en) | Method for preventing embezzlement of bank card | |
| JP2007025907A (en) | Authentication system and authentication method | |
| JP2002324219A (en) | Card authentication system | |
| KR200478211Y1 (en) | Smart security card providing integrated security information of security code card and On-Time-Password |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120912 |
|
| WD01 | Invention patent application deemed withdrawn after publication |