CN108027920A - For electronic transaction and the safety measure of user authentication - Google Patents

Abstract

System and method for generating, propagating, controlling and handling the safety code for being used for the limited validity period of certification user, electronic finance trade of the safety code particularly for such as payment transaction.Contemplate the individual security code that provides to the user and can be used across multiple accounts or other security systems, each safety code has limited validity period.Each safety code is the random number from random number generator.The corresponding safety code safety code term of validity corresponding to finite duration for each user is corresponding.Therefore, generate multiple users form or matrix associated with the corresponding set for the safety code for randomly choosing (being respectively provided with their own term of validity), and the matrix is provided to the corresponding entity that each user requires secure access.Concurrently, at least one current safety code is provided to each user, and it is currently valid that thus accessed corresponding entity, which can track which code from which user,.

Description

For electronic transaction and the safety measure of user authentication

Technical field

Present invention relates in general to user authentication, the user's certification is as with it is expected to carry out some form of access to it Entity carries out the preamble of electronic transaction.More particularly, the present invention relate to by using generating as disclosed herein And the safety code managed ensures safe system and method that electronic transaction or other safe electronics access.

Background technology

The wherein reliable very important example of user authentication is in the field of electric payment transaction.

The swindle of online credit card, debit card and prepaid card is just as online shopping and a large amount of of third party's bill payment make With and increase.Although new technology is by using EMV (Europay, Mastercard and Visa --- namely " microarray strip " blocks) And card terminal encryption solves " having card (card present) " swindle of trade company point of sale (POS) terminal, but currently It still is apparent not enough for the safety measure of online " no card (Card Not Present) " (CNP) fraud concerns.

In the U.S., CNP swindles substantial amounts and is still increasing.Damage is swindled in estimation only for credit card trade in 2013 Mistake just reaches 2,800,000,000 dollars, and between ensuing 10 years, the credit card purchase swindled online is expected with double figures to increase, and ends Reach within 2018 6400000000 dollars of estimation.

Debit card and prepaid card are swindled so that economic loss numeral more deteriorates.Since swindle increases, the thing followed is For higher financial institution (FI) cost of swindle reparation, management and operation.Financial institution also faces holder's frustration And potential client's loss.Therefore there is great market clout.

In addition, withholing for Automatic Clearing House (ACH) is paid just as increasing for virtual check (no check) payment has Increased.ACH debit is cheap, but extremely limited simultaneously for the control of account holder side.In consumer and seller Establish when paying, seller/trade company/beneficiary, which is often given, accesses the loose (and often unrestricted of personal check account ) license.

In the field of Payment Card (being included in the use in CNP transaction), it is known that will brief (being usually 3 or 4) digital code Be associated with Payment Card improve given payment transaction utilize hand in Truth cards, or by (for trade company or its He payee) establish holder CNP merchandise during by card in hand held (for example, passing through phone) instruction carry out it is credible Degree.

These existing several conventional security codes.

The first conventional security code is generally known as CVV1 (card validation value).The code is sometimes referred to as in this area CVC1 (card identifying code).The code is encoded on the magnetic stripe of card and for example belonged to during having card transaction in a visible manner It is acquired when the POS terminal of trade company is swiped the card.It is passed as a part for transaction, and is verified by card issuer. The verification of CVV1 codes confirms that Payment Card is actually just being brushed trade company (or other entities) physics disposal of this card.

The CVV1 codes being recorded on card magnetic stripe are static, and are specific for given Payment Card.If card Piece is copied by physical copy and magnetic stripe data, then CVV1 codes will still can even be made effectively and by unauthorized user With.

Second of conventional security code is generally known as CVV2 (or sometimes referred to as CVC2).CVV2 codes are the accounts with card Number be separately imprinted on the stationary digital on Payment Card (for example, in signature strip overleaf, or once in a while above with account number Separation).CVV2 codes be used to CNP transaction (phone of such as commodity or service or on-line purchase) and be intended to suggest that initiate the friendship Easy people possesses the card or has had been observed that the physical record of the card (thereon with CVV2 codes).Except the mistake of other forms By mistake outside use, the use of CVV2 codes helps to prevent being spoofed property of entry information copy (technically says it is relatively simple Step) and be subsequently used in CNP transaction situation.Most of CNP transaction will require additionally to understand CVV2 codes.It is public according to industry About, CVV2 codes are not stored during electric payment transaction by trade company and beneficiary.Therefore, if Transaction Information is (for example, bag Include consumer payment card account number) it is stolen or is otherwise stolen at trade company or beneficiary, which is not knowing about It is also less useful in the case of corresponding CVV2 codes.

As CVV1 codes, CVV2 codes are static (that is, can not change for given physical payment), and With the single Payment Card unique association.(even if according to pact or according to the clearly agreement between trade company and payment processes side) CVV2 codes in theory and are not preserved, but can not still avoid copying or retaining in the dark the bad personnel of the code.It should be noted that , used by routine, CVV2 codes are high-visible in the one side of Payment Card, so that in the case where card is stolen It can be stolen.

The use of Personal Identification Number (PIN) is also commonly known, for example, making in association with the use of credit card With.In convenient example, brush Payment Card reads the account information in card magnetic stripe, and by user in keyboard or other inputs PIN is manually entered in equipment.Communication link is established with bank or financial institution, it is allowed to card image and the biography of the PIN inputted It is defeated.

Routinely, it is real that other electronics that PIN code is usually wanted to access with single respective pay card or user are given Body or system are associated.This exacerbates user and must manage, remember and ensure that safety (that is, protects it from losing and/or non-awarding Power access) independent safety code diffusion.

FI, trade company and consumer all it is expected a solution, the solution by swindle it is minimized, subtract A small number of evidences leak, reduce brand reputation risk, while when reinforcement is to being traded, they when and how are authorized to and goods Control that when coin shifts reduces transaction risk.

Therefore, it is desirable to find a kind of security solution of some for solving the problems, such as the prior art：So that FI and trade company exempt from In unauthorized transaction or the monetary loss of loss from fraud；The control to bigger of merchandising is provided for account holder；So that at mandate Conflict during reason and transaction are completed minimizes；Improve the use of more powerful security process.

FI will not sacrifice non-change (disintermediation) risk between two parties that subject Payment Card or check trading (namely lose the wind of the transaction of the third-party involvement person from safer or different mode of doing business may have been had been built up The market share nearly), account holder and on-line purchase turnover.Trade company is wanted so that abandoning purchase, reimbursement and disputed transaction It is minimized.A kind of preferred solution will cause it is to be easy to integrate, is scalable using maximizing to existing processing, and And the speed of authentication processing will not be undermined.

A kind of attractive solution will solve all each side --- FI, holder and the account of on-line purchase transaction Family holder and trade company --- demand.Preferably, such solution will reduce CNP swindles, limit FI hidden danger, reduce Swindle, dispute and reimbursement cost, and provide additional benefit for holder and account holder.

The content of the invention

The most usually, the present invention relates to for accessing secure entity that user desires access to and when interacting therewith The system and method for user authentication, the secure entity especially electronic entity, such as fail-safe computer network or it is privately owned or Business website.However, the present invention can be clearly applied to for being to the progress physical access such as safe building by individual System.Certain aspects of the present disclosure is related to the generation, propagation and management of the safety code for user authentication.

In the specific non-restrictive example of the present invention, the present invention relates to for improving electronic transaction --- especially electronics branch Pay transaction --- in user authentication process security, while also cause during safety code of the user required by use and manage Minimized using burden and cause the system and method for maximum convenience.

The present invention depends on the randomization safety code of the single limited validity period for user authentication, and the safety code can Use, rather than possess point across a series of payment modes (credit card, debit card, checking account etc.) for belonging to the user Multiple safety codes of respective pay pattern are not tied to.This advantageously reduces the number for the safety code that user must remember and protect Amount.

However, at the same time, the safety code has limited validity period (for example, one day) and correspondingly changes, Which reduce security risk of the code in the case where any given time is lost.Moreover, the code can take advantage of detecting Swindleness property is easily changed in the case of using the sign waited, or (among multiple) particular account or payment mode can respond Lost in card or detect that limited fraudulent is used (that is, for some accounts or payment mode) and in situation about may need Under selectively (or automatically) locked and unlock.

The present invention example in, generate virtual matrix, plurality of relative users (for example, payment account holder) with The corresponding set of the safety code generated at random is associated.Each safety code has some effectual time, its not be associated with to The validity for determining other safety codes in the set of user coincides (or having minimum overlap as explained below).It is described Current (on user and/or the current collection of the safety code) version of matrix is periodically distributed to payment processes side or financial machine Structure, and so as to which referenced be used for certification.Concurrently, the currently active safety code of at least given user is passed to The user.

In the particular example of the present invention, the information in relation to the matrix (particularly safety code) is distributed in the matrix Obscured (for example, using hash function) with mathematical way before to respective pay processing side.Preferably, blur method for Each payment processes side is unique, such as by using unique respective Hash salt figure (hash for each payment processes side salt)。

In practice, the request of electric payment transaction is handled together with for the sound to initiating the electronic payment transaction request One of safety code of certification of authorized user is claimed to be received together by related payment processes side.For corresponding to processing e-payment The term of validity of the time of the request of transaction, by the payment processes side by the safety code received with claiming mandate corresponding to described Safety code in the current matrix of user is compared.The transaction is approved or declined according to comparing.

Brief description of the drawings

With reference to the word description, reference is more clearly understood the present invention with the attached drawing appended by text, wherein：

Fig. 1 is the interconnection and hardware associated therewith deployment between each " player " illustrated in electric payment transaction High-order schematic illustration；

Fig. 2 is illustrated between the process for the group for generating safety code according to the present invention, including each payment processes entity Associated interaction；

Fig. 2A illustrates how the example for the stochastic model matrix that generation is known temporarily；

Fig. 3 illustrates the process registered for the initial user carried out using the present invention；

Fig. 3 A-3H illustrate various registration processes, including each account are grouped or are required safety code so as to have There is the other embodiment of all securities；

Fig. 4 illustrates the process that safety code according to the present invention is transferred to user；

Fig. 5 is illustrated using the safety code of the present invention and is used credit or debit card or check to carry out e-payment Step；

Fig. 6 illustrates the further step to electric payment transaction mandate；

Fig. 7 illustrates the further step of the safety code that verification is submitted in the framework of Fig. 6；

Fig. 8 illustrates the step of being recorded in the framework of Fig. 6 and analyzing transaction results；

Fig. 9 illustrates the process that notice is sent to user, a part of the process as other some processes of the present invention To use；

Figure 10 illustrates the process for selectively locking or unlocking finance account related to the present invention；

Figure 11 illustrates the process that notice is sent to payment processes side or financial institution；With

Figure 12 illustrates the process of verification electric payment transaction.

Embodiment

It should be understood that be specially intended to can be in maximum possible model for the details of invention disclosed herein various aspects The broad concept of the present invention is applied in enclosing with various combinations, is retouched even if not carrying out specific language with regard to this meaning herein State.

For the purpose of this disclosure, it is generally expected defined below, because may further change herein.

" account " is storage fund and can be shifted for purchase and sale commodity and the purpose of service appointing for fund Meaning financial relationship.In general, account can include but is not limited to：It is check, savings, line of credit, credit card, debit card, pre- Card (including pay sheet, gift ＆ reward), digital wallet, personal tokens ACH cards, unbinding debit card are paid, with and without For being bought, electronic funds transfer (EFT) or otherwise carry out fund transfer virtually or physically card or branch Ticket.

" transaction " is either to pass through calculating between enterprise, family, individual, government or other public or private organizations The currency that machine is carried out by the network of medium shifts, it can be carried out with online or offline mode.

" payment processes side " refers to that receiving electronic payment requests and serving as verifies the details of the electronic payment requests simultaneously Entity of the processing fund from associated financial institution (such as issuing bank) to the intermediary of the transfer of trade company or beneficiary.As indicated , payment processes side for example can be card payment processes side or gathering keeping financial institution or bank.With regard to them in payment processes For the scope being involved in side's activity, it, which is also intended to, covers Automatic Clearing House (ACH) and Federal Reserve.However, for The reason for simplifying disclosure, will be not intended to above-mentioned solution using term " payment processes side " within a context in principle It is defined under the background released.

Fig. 1 schematically illustrates the present invention and is integrated in the system therein for performing electric payment transaction.

Critical piece shown in Fig. 1 can directly or be operationally in communication with each other.It is in " operable logical with another component Letter " is intended to comprising there is a possibility that intermediate member in the communication path between two components, even if such intermediate member is simultaneously Not necessarily is explicitly indicated." packet " (such as in " center system ") of illustrated component is not intended to requirement with regard to them and appoints It is schematical for the meaning of the physical proximity (in the limitation of general networks principle) of what degree, although close to clearly It is admissible.Moreover, the communication " link " between component in Fig. 1 is intended to the overall correlation for reflecting these components, and It is not intended to limit or is especially not intended to that exclusive (that is, in Fig. 1 and other communication links (not shown) are likely to be present in institute Between the component of diagram).

" center system " as shown in Figure 1 includes performing the component of the major part of operations according to the instant invention.As showing Example and it is unrestricted, central database server 1 is hosted in special or virtual hardware system, positioned at high in the clouds or local data Data base set in center, it concentrates the support data preserved for the present invention, including：Account holder's registration material and he Corresponding information and preference, such as notification preference or condition trading rules or account locking preference；The safety code generated (stochastic model sometimes referred to as known temporarily herein), it is generated so as to which they are outside as explained herein below The payment processes side of participation is distributed to, and notifies them to be currently directed to account holder's to the account holder registered The effective current safety code of all accounts registered in data；And the letter of the transaction in relation to attempting to carry out in institute's login account Breath.The example of central database server 1 is Amazon Relational Database Service (sometimes referred to as Amazon RDS), it allows to create and operate virtual server on the remote system.The embodiment of physical server is according to the present invention To be effective.

Hardware security module (HSM) 2 can be located at high in the clouds or local, and be used to safely generate, store and manage Encryption key, the encryption key be used to generated in operations according to the instant invention process and handle sensitive information carry out Encryption or hash.As explained below, it may be utilized for true random number generation (that is, will be used with filling safety code matrix The family matrix associated with corresponding safety code set, wherein each personal safety code has the respective term of validity).It is available commercial The embodiment example of HSM 2 can such as be obtained from Amazon Web Services, and for example based on public from SafeNet The Luna SA 700HSM applications using Luna SA softwares (the 5th edition) of department.As known in the art, "true" generating random number Dependent in science with baseband physical phenomenon (atmospheric noise or radiation decay detected by such as radio receiver Become) and make it that the randomness for generating numeral maximizes, and be therefore the method for optimizing for being used in the present invention.

Central application server 3 is the middle level application server or server set positioned at high in the clouds or local, it is exclusively used in Perform effectively the function and process of the business logic of implementation system.(" middle level " typically refer to perform application business logic and Operationally between (multiple) database server positioned at user interface or web server and as a part for sandwich construction Application server.) it preserves framework necessary to performing these software modules, and is connected to central database server 1 To support necessary data-centered operation.Also for the API of external client or supplier, (application program connects for trustship for it Mouthful) call to communicate to account executive holder registration, account holder's preference with central database server 1, or Person receives Transaction Information from processing side (or publisher or financial institution).For the purpose of these process descriptions, it is also responsible for Other suppliers are outwards connected to transmit file or data payload so as to fulfill different application feature, such as B2B (enterprises To enterprise) communicate or by notifying server 9 (for example, email exchange servers, SMS integrators, mobile application push Warning service, or by these all or some web services providers combined in servicing, such as Amazon The Amazon Simple Notifications Service of a part for Web Services solutions) carry out account Holder notifies.Some in these functions can also be in for multi-layer framework that is deeper, being more distributed independent hardware system Implement in system.The example of central application server 3 that can be commercially-available is that Amazon Elastic Compute Cloud (have When be referred to as Amazon EC2), but physical server embodiment is also suitable according to the present invention.

Indicated by Fig. 1 example " payment processes side " (or dispose in a similar manner e-payment processing involved by Financial institution), there is provided one or more database servers 4,6, they so that dispose and handle multiple various databases. In general, payment processes side will possess one or more database servers (and the database run on it) to hold Row routine operation.Some operations at place of payment processes side according to the present invention are also to reside at database server, and energy The enough implementation in existing hardware can be real on separate database server (or multiple servers) in the case of desired Apply.Using appropriate connection, required embodiment simultaneously needs not be at payment processes side local, but can for example be located at Center system is local or in another physical location.As background, for the simplicity of the disclosure and the reason for understand, this The disclosure of invention is described by taking two servers associated with payment processes side as an example, and described two servers are things Independent unit in reason.However, above all of consider to be suitable for the present invention, and it is attributed to a data as described herein The function of storehouse server can be implemented in other database servers.

It is, therefore, possible to provide the payment processes side with code data storehouse according to the present invention server 4, itself and center System communicates (that is, including central database server 1, HSM 2 and application server 3).Code data storehouse server 4 Available commercial example be Dell 13G PowerEdge R730xd.Code data storehouse server 4 is represented comprising permission The example of the necessary data of transaction and the data base set of process, including verification root are completed according to the present invention in the payment processes side of participation The safety code for generating and being inputted by registered account holder when performing electric payment transaction according to the present invention.These examples Can be special or virtual to be embodied as independent hardware system, it is beyond the clouds or local, or the existing database in payment processes side (that is, it is integrated into existing database example on server in the existing device of payment processes side).Payment processes side is usual Also by the data with existing storehouse server 6 with one or more their own.Database server 6 is typically the payment processes participated in The data base set that side or financial institution possess and/or operate, is hosted in special or virtual hardware system, is saved in cloud End or local data center, it includes the number necessary to processing transaction authentication generally (that is, according to or not according to the present invention) According to and method.

Illustrating representational account holder in Fig. 5 (or in other words, has one or more finance accounts and seeks Ask the consumer paid via electric payment transaction for commodity or service etc.).In general, account can include but not limit to In：Check, savings, line of credit, credit card, debit card, prepaid card (including pay sheet, gift ＆ reward), digital wallet, private People marks ACH cards, unbinding debit card (that is, to be issued but linked to associated with another entity by an entity Account (be typically funds source) account), with and without for being bought, electronic funds transfer (EFT) or with The virtually or physically card or check for the fund transfer that other modes carry out.Especially, on Payment Card, the invention is intended to applied to Open loop, closed loop, the card of single Stored Value and repeatable Stored Value.As known in the art, " open loop " Payment Card refers to have between trade company There is the type of card of general acceptance (such asAmericanDeng), and " closed loop " Payment Card is then limited In limited Merchant web or group of trade company (such as credit card of department store's distribution).

Account holder 5 can complete financial transaction every now and then, particularly electric payment transaction." transaction " is by terms of Calculation machine is being the currency that is carried out between enterprise, family, individual, government and other public or private organizations for the network of medium Transfer, the transfer can carry out online or offline.

Account holder 5 can initiate desired financial transaction, the electronic equipment such as platform from personal electronic equipments Formula or laptop computer, tablet PC, smart phone, cell phone, or other any portable or auxiliary devices, but simultaneously It is not limited to this.Alternatively, transaction can via " scene " Customer Service Agent (by phone or Face to face) come into OK.

Appropriate interface for being docked with the system of the present invention can include website, movement or desktop computer application or small Program or text message, they and be hosted in central application server 3 Application Programming Interface (API) be attached and to It sends direct or indirect calling, and so that (as example) manages registration material and preference according to the present invention, including notice is inclined Good or have ready conditions transaction or account locking preference；The warning changed in relation to transaction, registration material is received according to the present invention and is led to Know, or obtain current safety code according to the present invention；The request of account executive state or system action is initiated, it is such as permanent or face When, completely or conditionally lock an account without participating in business, either to the bank of issue inform international travel or Payment Card or Equipment has been stolen, has damaged, has lost or has been stolen.

Account holder can be interacted every now and then with trade company's (or beneficiary) 7 or Intermediate Charging ICH entity (not shown) with Bought or other payment transactions and submit transaction authentication request.Transaction authentication may include：In website, movement or desk-top The transaction authentication request (such as without card merchandise) being absent from the scene using the consumer of upper progress, or it is (such as logical by voice communication Cross phone and presence proxy or automatic speech recognition system), or by by using such as fingerprint or speech recognition or view The equipment that Transaction Information is transmitted to trade company or beneficiary 7 by the biometric feature scanning of film scanning；Or consumer's friendship on the scene Easily (for example, having card transaction), wherein account holder 5 is shown to trade company's (or beneficiary 7) and is bought or propped up using it in person Payment Card, check, equipment, the chip for the finance account paid, or any representation.

For purposes of the present invention, trade company's (or beneficiary 7) is for example to be initiated by being utilized to complete account holder 5 Card transaction authentication device and receive any reality of such as method of payment of debit, credit, check or ACH etc Body.This can be applied or be moved by the web on account holder's Internet access or the equipment otherwise operated Represented by dynamic application.It may also is that the physical equipment (such as point of sales terminal) in merchant location, account holder can profit With it by keying in or scanning the card information that either its physics or virtual representation are included in form or by scanning account The biometric feature of family holder the above is only to input Transaction Information and enumerate several examples.In some examples of the present invention In, trade company 7 can for example operate HP Moonshot ProLiant m350.

One or more additional Web servers 8 may be needed according to the present invention, such as should for trustship website or Web With to be docked with account holder 5.Here the example of above mentioned Amazon EC2 can also be used.Web takes Business device 8 is centrally located in system, high in the clouds, or in local data center.Web server 8 can also be payment processes A part for the LAN of side.The function can also be used to from account holder 5 receiving input by trustship manage registration and The registration and application of other relevant informations is presented by account holder 5, the third party entity of website or API provides, it is described its His relevant information current safety code such as according to the present invention.

Finally, notify that server 9 (as an example, not a limit, HP Moonshot ProLiant m800) can be filled When being transmitted to account holder 5 or any server of the intermediary of sending out notice.The one of such server or server farm A little examples can be the swap server for handling and transmitting email message, or handle and hold to account is belonged to The cell phone of people 5 transmits the SMS sides of the collecting server of SMS text, or by all or some in these servers Collect web services provider together (for example, the Amazon Simple in Amazon Web Services solutions Notifications Service)。

It is hereafter the general introduction of server interaction/connection represented in Fig. 1.Many contents will be on each according to the present invention The specific explanations of kind of process are discussed in detail.

<A>：Central database server 1 for example sends calling by SQL CLR Assembly to HSM2API, so as to from Hardware based True Random Number Generator (RNG) obtains true random number, or secure storage and obtains encryption key with to sensitivity Information is hashed or encrypted, the sensitive information such as according to the present invention and generate safety code.

<B>：Central application server 3 is connected to central database 1 to submit the registration of account holder to change, or The Transaction Information received from payment processes side is updated, or obtains information to send notice or using such as to account holder Account holder registers the relevant information renewal payment processes side of change or new safety code (stochastic model known temporarily) etc.

<C>：Central application server 3 may be layered by the one or more in the network of processing side in this case Server communicates with the database server 4 of payment processes side, to register change or new safety code using account holder (stochastic model known temporarily) updates payment processes side, or obtains the information collected by payment processes side or handling number formulary According to caused change in storehouse server 4 and store it on central database server 1.

<D>：Account holder 5 is by one or more means of communication used in account holder (for example, desk-top or knee Upper computer, smart phone, or portable tablet computer) with the web that is hosted in the example of Web server 8 apply into Row docking obtains such as current safety code etc to create, be deleted or modified registration material or user preference, and from system Information.

<E>：Information (for example, registration change) collected by Web server 8 is transferred into center via API Calls should With server 3.Web server 8 also sends API Calls with from system acquisition information and by described in central application server 3 Information is presented to account holder 5.

<F>：Central application server 3 is connected to notice server 9 to push such as current safety to account holder 5 The warning of code, or in relation to being related to the information of activity and the transaction of institute's login account under the registration material of account holder.

<G>：Notice server pushes such as email message, SMS text or mobile application to account holder 5 The warning of push warning etc.

<H>：Such as via merchant website, via installed in the portable of such as smart phone, tablet computer or wrist-watch etc Movement or remote application in formula equipment, it is whole via automatic telephone system or presence proxy, or via the physics of merchant location The interface of end, account holder and trade company or beneficiary 7 is interacted to carry out payment transaction for commodity or service.

<I>：Trade company or beneficiary 7 by can application network and passage send the Transaction Information that account holder 5 submitted To be processed for ratifying or be refused by the database server 6 of processing side.

<J>：In the case of the transaction that can be carried out according to the present invention, the database server 6 and facture of the side of processing Code data storehouse server 4 communicate to verify safety code according to the present invention, the safety code is awarded as transaction Weigh a part for request and be transfused to.Transaction Information can also be transmitted to the number of processing side by the database server 6 of processing side According to storehouse server 4, either the code data storehouse server 4 of processing side can receive account holder 5 or center should The information generated with server 3 is sent to the database server 6 of processing side.

Fig. 2 illustrates the process of generation safety code according to the present invention, particular illustrates the process of generation combinatorial matrix, institute Combinatorial matrix is stated to be closed multiple account holders 5 (being sometimes referred to as herein " user ") and the corresponding set of some safety codes Connection.(for the purpose of this disclosure, each safety code set sometimes this paper can be referred to as in a variety of ways " pattern " or " with Machine pattern " or " stochastic model known temporarily ").

In the particular example of the present invention, corresponding safety code is mathematically random numeral, when it is with limited use Between or the term of validity (generally but not inevitably, the magnitude in a couple of days or a few hours).The random number is preferably by truly random Number maker (as known in the art) generates and the unpredictability for generating safety code sequence is maximized.

In further aspect of the present invention, the corresponding term of validity of safety code is continuous in time so that in fact, One safety code it is expired after exist can used in account holder " next " safety code (in chronological order).Effectively Phase may purely be it is substantially continuous overlapped without any time, but end and subsequent validity in term of validity Beginning between form relatively small time (compared with the length of the term of validity) and overlap (for example, in the situation that the term of validity is one day Under one hour overlap) can be useful.That is, a safety code is during the term of validity of " next " safety code starts Can keep effective in a short time.It is in order to which avoid occurring in a case where any disappears to provide the reason for overlapping validity The worry or sense of defeat of the person of expense (that is, user/account holder)：One term of validity terminate before short time (for example, 11: 30p.m., wherein, in the case of based on daily, the term of validity terminates for 12 points at midnight) enter transaction, and such as herein Disclosed information exchange or other during there is unexpected delay, the actual treatment of e-payment is postponed till in the delay After 12 points of midnight, this requires the Subsequent secure code for submitting account holder in theory.Relatively short coincidence is intended to balance one Aspect ensures the ease of use of account holder, while causes the same time to have more than one safety code to keep effective peace Full risk minimization.

Generation such as the discribed new matrixes of Fig. 2 and 2A initiated on central application server 3 (for example, utilize with pacify Arrange the software work application of frequency operation).For the purpose of the non-restrictive example, it is assumed that daily operation, but be their ability to be pacified Arrange to be run repeatedly during one day, or not as so frequent (for example, once every three days) daily.

Matrix according to the present invention is used or with its other party to requiring the access that safety code is protected in a general sense Formula accesses the user of electronic entity or other people are grouped.In general, include participating in the system according to the present invention to set matrix All user/customer/paying parties associated with given payment processes side etc. (for example, associated with the payment processes side All Payment Card holders).Can it is spare as certain and generate add-on security code collection conjunction, its can need replace originally (for example, in the case where detecting fraud) uses during the safety code set specified.However, due to as disclosed herein The attribute of invention, as will be further discussed, by the same place associated with given safety code set of the user of unnecessary one Within the scope of the present invention.

Equally, for purposes of illustration, herein mainly using the certification for electric payment transaction as background to the present invention into Row description, but it can be applied to be directed to the other kinds of of the electronic entity of private network, government organs website etc. Digital certificate accesses.

In general, first with random number filled matrix to define corresponding safety code set, wherein each in given set Safety code is respectively provided with specific limited valid period, it is one day such as specific in a few hours length time, or specific calendar day. Each safety code set is associated with unique identifier.Once be filled with matrix by this way, user just and unique identifier One of it is associated so as to associated with the safety code set for matching the identifier (in referred to herein as pattern ID).As base Plinth, given user is associated with particular security code set in given time, and user should be used for the current of authenticating transactions and have The code of effect can be identified relative to the applicable term of validity (for example, some calendar day).

The safety code generating process is preferably circulated and effective at this in the given term of validity through all pattern ID New (such as predetermined length of 4 digits) random number is specified to each pattern ID in phase.Continuing generation the 3rd, the 4th Before set, it then continues to one by one generate the second random number for all corresponding modes ID in next term of validity Value set.

In other words, which is preferably set up by generating random number for each different mode ID, is not The complete set of random numbers of first mode ID, is followed by the full set of second mode ID, followed by the 3rd, the 4th, Five, etc..If as a result, for the random number generated by used random number generator (for example, in HSM 2) Sequence just there are any kind of identifiable predictability, then the predictability will be distributed between different user and not In set of random numbers in unique user.This is illustrated hereinafter with reference to Fig. 2A.

As seen, the first step of the generating random number is to obtain new random number from RNG in each iteration Value 101, the RNG such as hardware security modules (HSM) 2.HSM 2 preferably provides true RNG, but other are based on hardware or software Any other kinds of RNG --- including pseudo-random number generator --- can be used for the purpose.For example, it can also make Interface is provided with the Web service for providing true random number or for the algorithm based on software or hardware to generate the 3rd of random number the Square binary implementation, or database engine.

RNG on HSM 2 produces new random number 104, it is assigned to for example corresponding to current iteration in step 106 One day (or any other desired time cycles) 105 current iteration pattern ID 104.The example is for each Corresponding modes ID 104 generates a random number 103 for every day 105.However, multiple random numbers can be assigned to often A pattern ID, the pattern ID may or may not be bound to specific one day or time cycle, or can with it is more shorter than one day Or the longer time cycle is associated.Random number can also be associated with specific procedure identifier, or with some event Or the occurrence frequency of process is associated.Such as schematic illustration in Fig. 2, the process of generation random number 103 is iteration, the One level is directed to a series of pattern ID, is then incremented by next term of validity (as an example, the term of validity of this paper is one day).

Fig. 2A is schematically showing for matrix according to the present invention, and which illustrates the preferred process of filled matrix.Left-hand line Comprising pattern identification (ID) (being reduced to scope from 0...99999), its set (according to row) phase with random number safety code respectively Association.Here, for example, each pattern ID each random number (first day, second day, the 3rd day based on validity day by day Deng).The row of the every day indexed for primary cursor (the black down arrows of the row in " the 7th day "), auxiliary cursor is (here At the row corresponding to pattern ID 3) moved through each pattern ID to insert next safety generated at random Code (in the step of corresponding to Fig. 2 " it is grouped for each pattern ID ").Therefore, in fig. 2, the code ultimately produced is (pattern ID 3；7th day) place 0166.Auxiliary cursor then will be moved to next pattern ID (that is, 4) and be directed to (pattern ID 4；The Seven days) the new random code of generation, and for all pattern ID in the 7th day and so on, subsequent primary cursor will advance to down The row (that is, the 8th day) (corresponding in Fig. 2 as the following iteration level indicated by " for every day ") of one day, and random number Specify and would be repeated for.As a result, as the above mentioned, if (that is, giving mould-fixed for any for any given user ID randomization safety code) is unfavorable, then in the generating random number being likely to occur any pattern or randomness missing by The direction of row arrangement is all by simultaneously unobvious.

It will be noted that, matrix generation more pattern (that is, safe code collections compared with consumer/user can be directed to Close).This can allow for " spare " code collection for example can be in the case where the initial sets of safety code seem stolen It is used as replacing code collection by consumer.For example, it see below the public affairs in relation to reassigning new pattern ID relative to Fig. 4 Open.

However, according to the present invention also it is conceivable that generating the situation of pattern less compared with consumer/user.So In the case of, more than one user may be associated to mould-fixed ID with one.For example, even if strictly, two users May be and so knows that the safety code of another person, but to remember to specify user to pattern ID and be actually for a user It is opaque, thus due to actually any one user be usually quite can not can know that he with another user " shared " His safety code set, or even he unlikely knows which specific user possesses same safety code, so security risks It is still very low.

Optionally, random number generation can with will from matrix exclude number list mutually with reference to or otherwise It is compared therewith.For example, there is offensive or otherwise sensitive numerical value can be excluded (such as in some culture " 4 " in " 13 " or some oriental cultural in Western Culture).As may be required, Exclude Lists can be directed to give birth to RNG Into numerical value verified, and if it is found, then carry out new calling to RNG to generate replacement numerical value, until being generated Numerical value is not on the Exclude Lists.

In this example, once the matrix of complete safety code (knowing stochastic model temporarily) is filled, it just then by Send to be stored in step 107 on central database server 1, the central database server 1 is in step 108 by institute Matrix is stated to be loaded into database table.The matrix can also be stored in other formats, such as be stored in file system Stored in system or with pictograph representation.

For the purpose of described process, generated as discribed in the flow chart it is interim know stochastic model Matrix will then be utilized for each registered account holder designated mode ID, as the step 211 in Fig. 3 is discribed, And new random code is caused to can be used for the transaction that account holder 5 is initiated.

In order to which payment processes side can support payment transaction according to the present invention, the matrix of identical version is (because may be even You update or are otherwise corrected) the payment processes side of each participation is distributed in step 109.Preferably, Mei Gecan With payment processes side matrix version before being distributed by for the payment processes side it is unique in a manner of hashed.Through only The matrix of one hash is then loaded in the code data associated with the payment processes side in local by each payment processes side On storehouse server 4.

Random number value in the matrix is preferably by Secure Hash Algorithm (SHA) and is hashed, and the algorithm is gone Industry standards and norms are proved to be safely and reliably.For example, SHA-512 can be used according to this aspect of the invention.Including The Federal Information Processing Standards publication that a variety of Secure Hash Algorithm including SHA-512 are for example announced in March, 2012 There is disclosed, its content in (Federal Information Processing Standards Publication) 180-4 It is incorporated herein by reference in the range of related patents office will allow.In order to which random number value in a matrix is outwards transmitted They are hashed before to payment processes side or bank, each payment processes side is for example designated with step 110 (example Such as, from HSM 2) unique hash salt figure (hash salt) 111 for obtaining or otherwise it is further associated.The hash salt Value 111 also by safety and it is encrypted in a manner of be transferred to each corresponding payment processes side to make in transaction authorization process With.As known in the art, " hash salt figure " is the Fundamentals of Mathematics of given Hash process.It should be noted that dissipated using given Row algorithm will produce the string all the time on the hash salt figure that given string (for example, one of security code of the present invention) is applied Identical version.

Using corresponding unique hash salt figure 111 (that is, unique hash salt figure of each respective pay processor), for not Same payment processes side creates unique hash copy (step 112) of same matrix, and the warp that each matrix includes random number is unique The representation of hash.Therefore, the actual set of random numbers for being assigned to each pattern ID is generated only in central database clothes Plain code is preserved to transmit them to registered account holder in business device 1.Each payment processes side will be only in their phases " it " different hash representation (steps 113) of these numerical value are preserved on the example in corresponding code data storehouse 4, it is not It is same as the hash representation of other any payment processes sides.

Fig. 3 illustrate account holder 5 according to the present invention how the process of the registration carried out in systems.Account is held People 5 initiates registration request.If for account holder's registration material there are 201, account holder 5 can be in step 212 Continue new to existing Details Registration/adjunct account.Otherwise, registered if necessary to new account holder, then account holder 5 Continue input in step 202 and create registration material required information.The information can for example include full name, Billing Address, contact People's information (such as Mobile Directory Number or e-mail address) and notification preference.Described information central application server 3 by Subprocess 203 verify so as to verify inputted account holder information.The subprocess 203 can include address validation, Authentication service, and other kinds of your client (Know-Your-Customer) verification step of understanding.

Once the account holder information inputted has passed through verification step (step 204), just 205 generations it is interim with Machine alphanumeric or digital code and pass through inputted e-mail address or Mobile Directory Number via notice subprocess 800 send it to account holder, to verify e-mail address described in 5 Internet access of account holder or with being carried The physical equipment that the Mobile Directory Number of confession is associated.Once receiving temporary designator in step 206, (it is with limited validity period Limit), account holder 5 is just required to transfer back to it into registration application service again in step 207, it is then taken by center application Business 3 certifications of device.If matching that the temporary designator that account holder is inputted and step 205 are generated and in time still So effectively (step 208), then collected account information be just used to create an account holder's data (step 209) and in step Rapid 210 are stored on central database server 1.When registration material is created in central database server 1, pattern ID 104 (for example, with reference to Fig. 2A) is assigned to account holder's data for newly creating 211, and account holder 5 will be in safety It is identified in code matrix using the pattern ID 104.As depicted in figure 4, therefore this will drive account holder 5 will The safety code being presented.Account holder will then be led to according to their notification preference via subprocess 800 (referring to Fig. 9) Know created with data as a result, the notification preference can include to offer Mobile Directory Number SMS text, to being carried One or more in the email message of supplied for electronic addresses of items of mail, or mobile application sending out notice.Account holder Enrollment results notice can include interacting necessary information with service, including but not limited to unique account holder Data identifier and the code used when carrying out electric payment transaction.

Once account holder's data exists, account holder 5 can be just continued thereafter with one or more accounts and he Account holder's data be associated (212).Account Registration process 212 can include identification New Account 213 (such as by means of Note, credit or checking account) and input account information (step 214).For bank account, this include account number and The remittance path number (RTN) of bank.For card account, it (is usually 15-16, sometimes that this, which can include complete card number, It is less and sometimes more), expiration date, the identifying code of the arbitrary shape being imprinted on physical card or form, or EMV Digital verification code in the case of (Europay, MasterCard and Visa), or can be under applicable cases virtual card.

Central application server 3 verifies whether inputted account information is effective.Using by the bank identification number of card (BIN) or account ABA remittance paths number (RTN) be mapped to corresponding bank or payment processes side (be registered for support root According to the present invention system mutual reference financial institution and/or payment processes side) conventional available resources, 215 check to Determine the qualification that account participates in the system of the present invention.

If account qualification (step 215), which proceeds to subprocessing 216 to verify by the account category of proper input In account holder, otherwise the account holder via notice subprocessing 800 and being notified the account can not be added. Account verification step can include for (for example, as operated by payment processes side or card issuer or another third party) verification The calling of the web services of account holder information, or the zero value of the dollar (Zero that address validation and CVV are verified can be included Dollar Value) authorization requests, or other any services for being used for verifying account authenticity that authorized organization is provided. In the case of bank account, which can include a series of small amounts experiment deposit, such as random number between 1 and 99 cent Two deposits of volume, account holder must then be verified by acknowledging receipt of the number.

In account after 217 are verified as effectively belonging to account holder 5, which continues to hold to account 218 Someone's data adds account, and is stored it in 219 on central database server 1.Then pass through in step 220 in Search 221 on the database server 1 of centre and get payment processes side or the bank's id information of account.Using the id information 222, The system is then 223 by calling API that payment processes side provided or being transmitted and be loaded into payment processes side is File on system or payment processes side provide be used for updating their system so as to record given New Account be added it is any Other means and send this information to the database server of payment processes side.Being transferred into the information of payment processes side includes The registration material information of account holder, particularly pattern ID associated therewith, so as to allow the processing side in future The safety code of the account holder in current safety code matrix is verified in transaction authorization request.

Finally, account holder is notified via notice subprocess 800 and receives Account Registration really 224 Recognize.

The presently disclosed method and system for being used to generate and manage safety code can be in electronic payment safety and finance Used in field beyond transaction security.For example, building site, laboratory, office etc. can implement the present invention with daily to employee Send safety code and be used as add certification or access control mechanisms.In different field, code according to the present invention can be by The additional proof of the identity of account holder is embodied as so as to be applied to come from trade company, service provider or other kinds of government Or credit, New Account or the service of privately owned mechanism.

As described above, account holder can be registered with receive according to the present invention daily safety code so as to Used in particular area or across many (particularly many correlations) fields.For example, account holder can be registered from two not The credit card of same publisher/processing side, and registered relative to the workplace access control system of account holder, etc. Deng.Account holder with multiple materialss for registration as described above may wish to selection and be grouped in these data together In one or more groups, there is corresponding safety code according to the present invention respectively.That is, therefore account holder can It is effective single (or with requiring safety code using all different embodiments for being registered of the account holder are directed to daily Field sum compared to less) safety code.

In the example of this embodiment packet, safety code materials for registration (SCRP) is personal user and requires safety The single finance account or the single instance of non-financial account accessed.Non-financial account include but is not limited to website visiting, Computer login screen or physical access control situation.In the present invention, SCRP is single account holder in single processing side Data in database.

In order to more easily using reducing the quantity of the safety code to be remembered and used at the same time, multiple credits card, Debit card, finance account and secure log can be desirably grouped.Once being grouped, all SCRP in the group are just By with identical pattern ID, and identical safety code will be received daily.By this way, for example, individual being capable of pin Identical safety code is received to their all debit cards and credit card.

The packet is not necessarily limited to single individual.For example, family can select all credits card of the whole family and Debit card is put into same packets, and therefore whole kinsfolks will gather around for their all credits card and debit card daily There is identical safety code.

In another example, possessing the enterprise employees of company credit's card can be grouped together and therefore by daily For them, everyone respective company credit's clamping receives identical safety code.In another example, military class/row/army Deng all members can receive daily identical safety code as confirm they arrange in membership qualification mode.

Individual can be the member of some groups, and the SCRP with the not member of any group.For each group Group and non-group SCRP, individual will receive unique safety code.For example, a people can be by its all credits card, debit Card is placed in " group of family "；Its single business standing card is placed on " group of company "；And its checking account is set to " not Packet ".In this case, this people will receive three secure unique codes daily according to the present invention.

Packet standard can be by the system either privilege management person institute of each account holder or one or more group Rule set in advance determines.For example, automatic rule of classification can include, if two account holder's resources sharings are identical Email, phone or the associated person informations verified before other, then daily for produced by those matching data and transmitting Code will be grouped and be synchronized to identical.

In another example, the account holder registered be given initiate with the data of another account holder into The ability for the invitation request that row is grouped, to be directed to spy daily in the case of account with power of attorney holder or group administrator's mandate Determine embodiment and receive same code.

Fig. 3 A illustrate account holder data will it is automatic with another account holder or packet or desirably by Introduced high-order step when being grouped together.

When packet assignment procedure 231 is initiated, if by account holder's on-demand request 232, then initiate to be directed to add Enter the request 233 of the mandate of asked group.If account holder, which is authorized to 234 additions, asks group, account is held The registration material example of people is assigned to asked group in step 235, and initiates notification procedure 800 with the institute into group There is relevant Stakeholder notice assignment procedure.Add however, if account holder is not considered being authorized in step 234 Enter asked group, then do not take action and account holder is retained in current specified group according to step 236. In this case same trigger notice process 800 with to Stakeholder warning access request group unauthorized trial.

The request for adding the group in step 232 is identified as the alternative path of non-(that is, it is automatic) on demand On, the process for being used for that automatic data packet rule to be found out for account holder is performed in step 240.If looked in step 241 To the rule to match with set day-mark standard, then the registration material example of account holder step 242 be automatically designated to Existing group and correspondingly step 800 send notify.Otherwise, action is not taken and account holder is according to step 236 And be maintained at current or the group that newly specifies in, and notice is initiated in step 800.

Then illustrated in Fig. 3 B into 3G and be previously mentioned some examples of group.For example, Fig. 3 B are illustrated with single The single individual PI of a safety code materials for registration --- being Credit Card P1C1 in this example ---, its own belongs to it The group G1 of oneself.This means account P1C1 does not share safety code with any other login account.In other words, pattern ID And its associated safety code is not intended that and is matched.

It should be noted that each safety code materials for registration (SCRP) is designated IP in mode, the pattern ID is any Preset time section is designated with specific safety code.Due to available safety code limited amount, so even if the numeral is very big, To be also quite possible with the identical safety code specified by them in any two different mode ID of given time.

Fig. 3 C are illustrated with three different credit card SCRP P2C1, P2C2, P2C3 and a debit card SCRP The single account holder P2 of P2D1, above-mentioned all SCRP are grouped together in single group G2.This means basis The present invention, all four accounts registered under these SCRP will all receive the identical safety for corresponding to group G2 daily Code.The account that all cards that the actual example of such situation is intended in his wallet all receive identical safety code daily is held People.

Fig. 3 D are shown with a credit card SCRP P3C1 and two other credit card itself being in group G3 The single account holder P3 of SCRP P3C2, P3C3 and debit card SCRP P3D1, rear three SCRP quilts in group G4 It is grouped together.This illustrates wherein account holder can select one or more SCRP to be grouped in a group and by one Other a or multiple SCRP are grouped in the example for receiving independent safety code daily so as to Liang Ge groups in individually packet.For example, account Family holder can cause all the personal credit cards and debit card that he is grouped together to receive daily to be had for all of which The single safety code of effect, and the independent group for being used for its commerce credits card and debit card account is then received with acknowledging a debt for his a That effective different safety code of family.

Fig. 3 E are shown in which that the different SCRP for belonging to Different Individual account holder can be also grouped together with every It receives the example of identical safety code.This feature can for example be wanted to be directed to not in family, enterprise, tissue or public organization The member for receiving identical safety code daily with the account aggregation under safety code materials for registration is used.In this example, account is belonged to The SCRP P5C1 of the credit card SCRP P4C1 and account holder P5 of family holder P4 and belong to account holder P6's SCRP P6C1 and P6D1 are all registered under single group G5.Therefore each account holder P4, P5 and P6 receives phase daily Same safety code.

As indicated in above before, safety code can be in the field beyond electronic payment safety and financial payment safety Use.Fig. 3 F illustrate multiple individual account holder P7-P11 with access code SCRP, and the access code SCRP for example may be used Be for physical access office building or virtual access be public safely or private network on website or network safety code. In the diagram, all access code SCRP P7A2, P9A1, P10A1 of individual account holder P7, P9, P10 and P11 are belonging respectively to It is grouped together with P11A1 in single group G7 to receive identical safety code daily.At the same time, individual account is held Someone P7 also holds the independent SCRP P7A1 for belonging to independent group G6, and the group G6 is with belonging to Different Individual account holder Another SCRP P8A1 of P8 shares.As long as SCRP P7A1 and P8A1 are associated with same group G6, they are also daily Receive identical safety code.In this example, single account holder P7, which holds to register and be in, has Different Individual account Multiple SCRP in the different group G6 and G7 of family holder.Such exemplary concrete application can be intended to play the part of two kinds of angles Color --- such as " limited users " and " administrator " on heterogeneous networks --- and for every kind of role need with it is each The individual for the different safety codes that other people in group share.

Another field described herein is referred to as social code, it can be used for accessing society by individual account holder The safety code for hand over group, enjoying privilege or be simply identified or be identified to belong to the social group wherein, the society Hand over for example secret social club of group.Fig. 3 G illustrate multiple individual account holder P12, P13, P14, P15 and P16, it Be respectively provided with respective social code SCRP P12S1, P13S1, P14S1, P15S1, the P16S1 being completely in same group G8, this It ensure that they all receive identical safety code daily.

Fig. 3 H show how SCRP and their appointed groups can be indicated and store in a tabular form In the database so as to implement the present invention example.Form T1 preserves each example of SCRP, its affiliated account (entity) PID, and the group ID (for example, Gl, G2, G3 etc.) of specified group.Form T2A, T2B and T2C are which peace preserved Points of the pattern ID of all-key pattern in the form to the group ID that each group is assigned in (that is, the term of validity) that fixes the date the cycle Section.The cycle on date, it indicated specified pattern ID effective each cycle represented by " from the date " and " to the date " The beginning and end date.Each pattern ID is then indicated in form T3, and the form T3 is different to specify every day Safety code Day1Code, Day2Code etc..By this way, every day can be referred to by traveling through these table lookups SCRP It is fixed which group of group ID to determine which safety code is effective for specific SCRP to；Which pattern ID is then looked up at this It is effective for pattern ID during the given date/time cycle, and which safety code is then looked up in the specified date/time Pattern ID is assigned in cycle (being one day in the example).The combination of group ID and date provide identical safety code all the time (in a short time two codes of date/time mechanical periodicity), how this is rotated for each group ID independently of pattern ID. Therefore, two SCRP that same group ID is specified are shared to be guaranteed also to share identical safety code daily.

Fig. 4 is described is providing them corresponding (multiple) effective and safe by login account holder of the basis of rule The step of being carried out during the process of code.

In order to receive the currently valid safety code associated with the data of account holder, account holder 5 can ask Seek safety code or receive it automatically via the automatic push driven from central application server 3.

If account holder 5 requests the code, request 301 is sent from account holder 5, such as via equipment institute The application of installation, or communicated by calling and then with the API at central application server 3 to obtain account holder's The web of at least one current safety code applies (the Internet bank website pages such as from payment processes side or account holder The API Calls in face), or the brief mobile SMS texts initiated of code offer of the SMS by being provided to system, the SMS Text message is directed toward central application server 3 by brief code, and the subsequent initiation of the central application server 3 is back to account and holds The SMS responses (including current safety code) of someone 5.

Request from account holder 5 should include the data ID 302 for identifying the account holder, and identification The source identifier of the equipment of the request or application is initiated from it.Data ID should uniquely identify related to account holder 5 The registration material of connection.The source identifier of equipment can be then the Mobile Directory Number for sending request, or mobile application mark Know symbol, or be tied to other any ID of the equipment for performing and (that is, sending) request.Preferably, the request Comprising source identifier (source ID) and data ID to verify the authenticity of the request.

In order to find out the data (step 303) of account holder, central application server 3 calls central database server Process in 1 is to search (step 304) account holder's data.In order to enable authentication security maximizes, which tests first Card source ID is the known authorisation device/input source associated with institute registered user or account holder.If 305 using being connect The source ID of receipts have found account holder's data, and indicated data ID is directed to what is identified to account holder in the request Account holder's data is effective (step 306), then central application server 3 continues to meet the safety code request (step 307).Otherwise, if data ID and mismatching identified account holder's data, notice subprocess 800 is used to account Family holder notice receives invalid safety code request.Subprocess 800 can access to your account specified in holder's data One or more notification preferences, such as SMS message or email message.

Account holder 5 can also can make the notice received from system reply, or initiate request (for example, In the case of being suspect to be fraud) update or replace current safety code.In this case, central database server 1 Specified to the registration material of corresponding account holder with different pattern ID 104, and the renewal is pushed into all ginsengs With payment processes side.Account holder is then notified that (and actually new basic with (step 800) and new pattern ID Matrix) associated new current safety code.

Automatic regular " push " for current safety code, request 312 are automatically sent to search central database service Qualified 5 (the step 313) of account holder for being provided to updated safety code notice in device 1.The frequency energy of these renewals It such as can be the time that renewal is sent in one day enough as selected by account holder.Once establish the account for needing to automatically update The group of family holder, just runs subprocess (being marked as in Fig. 4 " being directed to each account holder ") with to those accounts Each in holder notifies their current safety code.

In order to which (in the case of any of the above) sends notice to account holder or alerts, central application server 3 is sent out Request 307 is played to search the safety code (step 308) of given account holder.Phase is obtained from the registration material ID of account holder Corresponding pattern ID, and know that stochastic model matrix or form are taken out within the currently active phase (for example, when previous from interim My god) corresponding to the safety code of pattern ID.Account holder 5 is then notified that (800) with current safety code.

The notice of current safety code can be simply in Web or the request of desktop computer or mobile application or according in account Web browser plugin in the equipment of family holder applies upper return.The safety code can also be based on before account holder The notification preference set up is transmitted, such as via to for the Mobile Directory Number that account holder registers and verifies SMS text, either email message or mobile application sending out notice.

In the version of the present invention, the mould periodically changed can also be integrated by providing the process of new safety code to the user Formulas I D (that is, not only updating the safety code in given safety code set) and cause user therefore actually with completely new safety Code collection is closed associated.For example, on a regular basis (for example, every 7 days), it is able to carry out regularly to reassign each user To the subprocess (being not shown herein) of new pattern ID.For example, if pattern ID is digital, RNG (may but might not It is identical with being used in HSM 2) it can be used to generate at random in the range of the enabled mode ID reassigned in user New model ID.

Periodically reassign pattern ID and preferably further increase associating for any given safety code and any given user Randomness, and therefore contribute to that system resists attack, pattern derives, and other access the safety code of users and/or pre- Survey the effort of future secure code.

With high level illustration, account holder 5 is directed to trade company or beneficiary payment interface institute to Fig. 5 for example when being bought The e-payment authorization requests of progress.Here concern is primarily with calling Trading Authorization subprocess 500, it is then relative to Fig. 6 It is described in more detail.

When buying or initiating similar electronic payment transaction request, account holder 5, which submits, initiates payment authorization request Necessary information (step 401) is with completion and the transaction of trade company or beneficiary 7.

It is related to account associated with the data of account holder 5 before assuming that merchandising, then account holder 5 one As by currently valid safety code include for transaction request a part.For example, safety code can be with the routine with Payment Card The identical mode of CVV2 codes is still alternatively submitted, either substitute similar CVV other card informations or with card number string Connection, either by e-token or acts on behalf of numeral and embodies or dedicated for receiving according to the safety code of this hair sold to you In independent field.

For paying by check, safety code of the invention can for example utilize the memorandum of check in the memo field of check The field indicator in field is recorded to specify.For example, 4 safety codes according to the present invention can using a word or symbol as Prefix.It can also be delimited in both sides with predetermined symbol or character, such as "+" in "+4567+ ".

Alternatively, the safety code can connect together with the cheque number being printed on check, effectively to create According to predefined and generally receive and the extension cheque number of expected form.For example, it is used together with such as 456 safety code Cheque number 101 can essentially to be printed in common cheque number field be " 101456 ".The check then can be by Bank is received to be handled with the usual way in ACH files using cheque number " 101456 " is extended.

In other examples, the safety code can be write manually by account holder in input field Or individually provided by parole to those present or speech recognition system.Trade company then includes the information into ACH requests In file (for example, in annex or entry detail field).

Trade company or payee 7 have the conventional payment interface for receiving the information that account holder 5 is submitted.Held according to account Someone 5 is using card or check 402, and if trade company's on-line joining process, the system is immediately by e-payment authorization requests 405 send to related payment processes side (referring to 6 in Fig. 1), or scheduling, formed ACH transmission request 403 and then via That is established before between trade company or beneficiary 7 and corresponding payment processes side, reception bank or other financial institutions is logical Road sends it to related payment processes side is asked with handling the ACH.This can include payment gateway service provider, pay Handle between network, Federal Reserve Bank or e-payment network, or trade company or beneficiary 7 and processing side or reception bank Other any services or server.

Payment processes side then by receive card payment request or as processing ACH transaction requests 404 a part and Initiate the Trading Authorization subprocess 500 being described in detail below with respect to Fig. 6.The Trading Authorization is ratified or refused to the subprocess 500 Request, and result 406 is sent back to trade company or beneficiary in step 407 in a manner of adapting to the demand of trade company or beneficiary 7 7.And then trade company or beneficiary 7 at account holder interface 409 to 5 notified on authorization result of account holder.

Fig. 6 illustrates the subprocess 500 of Trading Authorization.When initiating card or paying by check processing 400 according to Fig. 5, pay Processing side receives bank in type of transaction used in 502 decisions and the whether qualified place for carrying out the follow-up present invention of account Reason.Payment processes side is by inquiring about the database table comprising necessary information or configuration file (for example, being located at and payment processes side On one of associated server, such as code data storehouse server 4 or database server 4) to determine that the transaction is It is no it is qualified carry out follow-up the present invention processing, either by be hosted in the network of payment processes side or (opposite) remotely API of the ground in the center system shown in Fig. 1 initiates to call to carry out the operation.Can also be by checking in transaction authorization request Included on payload --- such as being included in one of 8583 fields of ISO --- or the NACHA ACH files received Designator determine qualification.

Do not continue if merchandised 502 with the qualification handled according to the present invention, payment processes side 509 The normally mandate ratification process (that is, and without using the conventional of safety code of the invention).Otherwise, the database server of the side of processing 6 to processing side code data storehouse server 4 (its may be at the network of processing side it is local or in remote location) The application or processing implemented and installed send the verification process called so as to initiate transaction.The database server 6 of processing side Docked with the code data storehouse 4 of processing side, such as by sending the calling or extension storage of remote stored procedure Process, or the component pair with the code data storehouse 4 of Internet access processing side on the database server 6 of processing side The SQLCLR connect.Alternatively, service or API of the database server 6 of the side of processing with Local or Remote communicates, the latter And then the code data storehouse 4 of Internet access processing side.

To being checked from the database server 6 of processing side as the information that a part for authorization requests is received with true Whether fixed discussed account is related to active account holder's registration material on the code data storehouse 4 for being stored in processing side Connection.The transaction data received from the database server 6 of processing side be used to look up account holder registration material ID and Corresponding pattern ID 104 is with acquisition and account holder and the used effective and safe code blocked or account is associated. According in embodiments described herein example, the transaction data can include account nickname 604 (referring to Fig. 7) and It is not card number actual used in account holder or bank account numbers (further to limit the biography of sensitive financial information Broadcast).Account nickname under this meaning is payment processes side's used card number or bank account on the basis of inside in principle The representation of number, so that the propagation of card number or bank account numbers minimizes.It might not be by account holder It is known.In general, payment processes side is using token or acts on behalf of number, but according to the invention, it is possible to use card number or bank account Number (although and not preferred) or data ID or pattern ID itself.

Once the account used in transaction authorization request is confirmed to be registered (503), then the peace of payment processes side It is (504) and therefore unqualified for transaction authorization request that all-key database server 4 also determines whether the account is locked.Account Family should can be locked by the request of account holder, or the sign based on the fraud detected by system and it is permanent Or temporary locking.The detection can be performed internal analysis and algorithm, or third party's swindle or risk management rules System, or it is such as available commercialThe third parties risks management service of Falcon Platform etc.If Account marks in the code data storehouse 4 of processing side, then it is invalid transaction trial will be logged 510 so as into Row report or record are retained.Account holder 5 also will be informed for example to be asked to attempt to correct interception in case of need Topic.

If account 504 and is being not labeled as being locked, and safety code is correctly included in transaction request 501 In (as determined by 505), then the code data storehouse server 4 of payment processes side continue subprocess 600 verification connect Received safety code (discussion for participating in FIG. 7 below).If subprocess 600 is effectively indicated in 506 return safety codes, then For the subprocess 1100 for verifying trade detail (referring to Figure 12).

Pay attention to 505 " safety code presence" judge.It will be noted that, even if safety code is in step 505 and is not present (that is, being submitted as a part for transaction authorization request), the process will direct descendant to subprocess 1100 with based on other Because usually verifying the details of transaction, and finally go to the authorisation process for not including the safety code processing of the present invention (509). By this way, even if not finding safety code according to the present invention in particular transaction, remain able to use as institute is public herein Other security functions opened.

If verification trade detail subprocess 1100 determines that payment transaction request is effective 508, the safety of the side of processing Code database server 4 is successfully back to the database server 6 of processing side, and the database server 6 of the side of processing is then 509 The normal procedure of continuous business authorization requests approval.

Verification process according to the present invention can only be a part for electric payment transaction licensing process, and cause according to this The success of the verification process of invention may not necessarily cause mandate of the payment processes side finally to transaction.

However, according to verification trade detail subprocess 1100, if safety code verification is in 506 failures or merchandises 508 If being considered invalid, invalid transaction is attempted to be logged for being reported 509 and records retention, and account Holder is notified and makes it possible to take correction to act in the case of suitable.It is sent to (multiple) warps of account holder The notice for verifying equipment can include effective safety code in the case of in transaction being attempted by account holder is proper, and cause it It can be again attempted to using correct safety code.Notify invalid attempt also provides for account holder 5 to adopt to account holder Measure is taken to prevent chance that the fraud of discussed account uses, including is quickly and easily locked any into one on the account The possibility that step transaction is attempted, such as by simply replying the received notice with lock instruction 900.The notice is handed over Transducing is enough to carry out via the SMS text in the data of account holder on the Mobile Directory Number of the registration of empirical tests, Or via according to being registered in the equipment that account holder is possessed and correctly and the application that is previously certified carries out.

509 continuation ratification process are been proposed in payment processes side or after 511 refusal to pay authorization requests, processing The database server 6 of side can be that system send back final Trading Authorization result to be recorded and in subprocess 700 further analyses.

Fig. 7 illustrates as according to the present invention right by its in initiated during Trading Authorization subprocess 500 in figure 6 The subprocess 600 that safety code is verified.Subprocess 600 determines that the safety code that account holder 5 is submitted is effective or nothing Effect.

The code data storehouse server 4 of processing side receives 601 and verifies the request for receiving safety code, the safety code Submitted by account holder 5 as a part for transaction authorization request 500.Safety code 601 is then connect 602 using industry The Secure Hash Algorithm (SHA) --- such as SHA-512 --- received carries out hash and hashed receives peace so as to be obtained 603 All-key.More specifically, matched using the hash salt figure with being hashed in script generator matrix to the safety code in matrix The hash salt figure 111 specific to same payment processes side the safety code 601 received is hashed so that such as at payment The hash salt figure 111 that place of reason side preserves is used to mirror image and safety code in matrix is hashed by it in generator matrix Hashing algorithm.

Use the account nickname 604 for representing the payment account associated with being verified transaction, code data storehouse server 4 Corresponding pattern ID is searched in step 605.Pattern ID 606 is subsequently used to be stored in the peace of processing side in step 609 search The hash matrix version being locally stored in all-key database server 4, it is corresponding with the pattern ID 606 found to search Hashed value.In safety code group corresponding to pattern ID 606 correct safety code numerical value by using payment transaction date and Time 607 and account holder selection the deadline 608 stored and be determined, the deadline 608 determines When corresponding safety code should be updated and (that is, support follow-up one when the validity of given safety code is expired).This is looked into The result of operation 609 is looked for obtain the hash of the current safety code associated with received account nickname 604 with reference to version 610.Should Hashed value is then compared with step 611 submits version 603 with the hash of safety code in a known way.

It should be noted that submitted safety code and the certification stored (in matrix) between safety code are relatively two Carried out while a code is all hashed.That is, safety code in the matrix preserved by respective pay processing side all the time with The form of hashed (that is, being blurred) preserves.In addition, hash is " unidirectional " --- it is clear so as to obtain that it can not be reversed The essential information of form.Therefore, the situation attacked or otherwise slipped into even in the code data storehouse of processing side Under, safety code is also further protected, this is because only the hashed version of safety code matrix is located at the sheet of respective pay side Ground.The hash of this mode helps to solve the non-honest employee of payment processes side or may otherwise Internet access disappear The potential problems of other internal staff of the person's of expense safety code.

In order to be authorized to ACH or check trading, may only be specified in authorization requests (for example, check) date And non-temporal (considering such as mail delay or the delay of sequential processes).In this case, the safety code submitted is by phase For on matrix that day each effective safety code of device verify, regardless of whether deadline how.Due to reality Trading approving may check preparation and submit after carry out, it may be necessary to search before the current date of processing up to 1st, 7,30 or may 90 days date safety code.

If the hashed value of received hashed value 603 and the local version from the matrix specific to payment processes side 610 match (step 612), then the process indicates that submitted safety code is effective (613).Otherwise, which refers to 614 It is invalid to show the code.

Fig. 8 illustrates the step of subprocess 700 being previously mentioned in figure 6 (record and analyze transaction results).The data example Such as simultaneously or nearly can simultaneously it be received with the transaction request in payment processes side side received and processed.Otherwise, believe Breath can be deposited in for example at the end of daily in the report that is periodically generated.

, can be by the code data storehouse server 4 of processing side in 701 shapes after the completion of Trading Authorization subprocess 500 Into request to record trade detail.

In step 702, the code data storehouse server 4 in processing side determines whether transaction requires or otherwise It is qualified notify in real time or immediately.An example for needing to notify is：It has submitted invalid security code in transaction, its other party In the case that face can be handled according to the present invention, it is desirable to this notice for account holder 5.As a result, pass through Call the API that central application server 3 is shown and send message to the server.

When central application server 3 is when 703 receive Notice Of Transactions, determine whether to hold to account in step 704 Someone 5 sends notice.If it is required that notice, the subprocess 800 that operation is used to notify account holder is (referring to following figure 9)。

Fraud analysis 705 alternatively can also be traded using conventional algorithm and other standards analysis.Fraud analysis May be by being designed to indicate the internal rule set institute group swindled in the case where the condition of some quantity or set is satisfied Into, or analyze the third party's swindle or risk management service (being not shown here) that can be sent to outside.It is alternatively possible to adopt Action is taken to ensure discussed method of payment, including automatic locking basic account or so that relevant current safety code nothing Effect.

Similar to step 704, step 706 considers whether account holder must be notified on fraud analysis result, And if it is, it is then swindle notice subprocess 707.Subprocess 707 is not explained in detail herein, but generally class (described below) notice subprocess 800 is similar to, but there is specific message payload.

If transaction 702 and is being not labeled as being used for immediately or real-time informing, transaction 708 it is labeled or dispatch with Be included in then to be sent in the report of central application server 3 709 in batch processing etc..This usually represents certification Part, it has had the increment of received new trade detail since last batch file is generated.Central application server 3 Then the batch file received from the code data storehouse 4 of processing side is handled, and them are sent to store 711 On central database 1.The trade detail received step 712 be recorded for it is following for example in order to business intelligence processing, Report or charging and checked, record retention and analysis.

Fig. 9 illustrates the step of subprocess 800 for sending notice to account holder 5.Wherein, subprocess 800 Such as have herein with reference to Fig. 3,4 and 8 it is mentioned.

It is effective with message to the transmission of central application server 3 801 when notice will be pushed to account holder 5 The request (it is, requiring the detail or information 802 of notice) of load.For example, when safety code will be pushed in the notification During to account holder 5, information of the request 801 comprising the safety code, identification account holder 5, and to be sent logical The possibility information for the type known or instruction.

Central application server 3 communicates to (804) with central database 1 803 and searches account holder's Notice transmits preference.It is (or specific logical that the list 805 of selected preference notice transmission method can for example include Email Know storehouse collection), SMS, via one or more of the sending out notice of APP, pager message etc..

Alternatively, in 806 requests templates can be notified so as to right in a desired manner by central application server 3 Notice is formatted.If can apply, account holder that can be specified before 807 and 808 are potentially based on is inclined Well Template Information is searched for account holder 5 on central database 1.

For example, for this meaning, the notice template for transmitting current safety code can be " Dear { first- name},your Security Code for today is{Security-code}”.Variable content in notice is (such as meaning Show, the surname of such as account holder) it can for example be pulled from notice details 802 discussed above, and in necessity In the case of among step 809 is substituted into template.Replacement step 809 creates actual message content 810, such as " Dear Maddy, your Security Code for today is 364 ", it is for example in step 811 via desired (a variety of) Communication means (Email 813, SMS 815 or APP sending out notice 817) is sent to account holder 5.Including its template Notice can be one of multilingual, and be susceptible to use (for example, beyond English) other characters.

Figure 10, which is illustrated, to be used to selectively locking or unlocking the subprocess for registering payment account according to the present invention 900." locking " or " unlock " being previously mentioned in the context is intended to mean that account can used in currently wanting according to the present invention With property (or unavailability).

Subprocess 900 allows account holder 5 by being carried out with single application or service to fetching the multiple institutes of mechanism of management Send and there are multiple payment processes sides or receive multiple accounts that bank is disposed.In one example, in one or more accounts By in the case of misplaced in the case that family is there are suspicious swindle use or in associated Payment Card or checkbook, or Person is even directed in parent for minor under the background of the control of the access of (multiple) account, and account holder may wish to Lock his one or more accounts.

When account holder 5 is when 901 determine his one or more login accounts of locking (or unlock), account holder 5 send request, and the request is for example by the data ID 902 associated with its registration material, the mark of (multiple) account discussed Know (903) and alternatively initiate the ID of the equipment of the request on it (for example, intelligence electricity used in account holder 5 The Mobile Directory Number of words) formed.The request is sent to central application server 3 and is verified 904.Once institute It is effective to state request, and the data (step 905) of account holder is just searched on central database 1.

Account identification (account ID) according to the present invention is typically corresponding with each related account of account holder Write a Chinese character in simplified form and hold catchy representation, and be used to assist in account holder when being traded according to the present invention his It is distinguish between its each account in data.Account ID can be the digital or alphabetical number given by account holder 5 Word word or expression.For example, it can be sequence number or letter, or the combination of letter and number, for example to identify account " Visa Card 4572 " or " BofA Bank Account 1721 " in the data of holder.The account, ID for example could also It is a part for card number or bank account numbers.Account ID can also be keyword or numeral, such as " ALL ", be held as account The quick designator that all accounts under the data of someone will be locked/unlock.

Once account holder's data is positioned and indicated account is effective (906), then exists and be used to change The iterative process of the locking/released state for each account that change/renewal is discussed is (indicated by " being directed to each account " in Figure 10 Step group).

For each account of locked/unlock, central application server 3 starts to ask according to account holder 5 907 The state by the account in central database 1 asked is changed into locking or unlocks the process of (908).Then, central application server 3 In 909 calling payment processes sides or other associated financial institutions, this corresponds to carries out lookup 910 in central database 1.It is once fixed The relevant payment processes side 911 in position, central application server 3 just send renewal request and cause the code data of processing side The state of the more New Account of storehouse 4, this is performed 913.

The holder that accesses to your account notifies subprocess 800, and account holder 5 is notified with requested lock locking/unlocking operation As a result, and account holder 5 receive confirmation 914.

Request for locking (multiple) account can be limited by some conditions and make, and one during such as fixed period Secondary locking, regular in the set period lock, or are locked during some times in one day.For example, account holder 5 Account can be asked to be locked, so that on weekdays 7:00pm to 9:During a few hours of 00pm and/or March 29 in 2016 Any associated transaction is prevented to be given the ratification during one week of day on April 5th, 2016.In some cases, it can be possible to specify Possibility be only period (rather than according to time) according to day, such as in the case where bank settlement carries out in certain day.

The condition can also for example be applied to some trade companies, merchant type (for example, not including cinema) or geography Region.

Figure 11 is illustrated in the subprocess 1000 of the notice on being sent to payment processes side and associated financial institution Step, it is slightly similar with the subprocess 900 in Figure 10.

In addition to locking or the request of unlocking account, account holder 5 for example may want to its related payment processes One of side notifies corresponding Payment Card to lose or be stolen, or instruction account holder 5 will have international travel meter in advance Draw (and fraud analysis has correspondingly been adjusted).In another example, account holder 5 may want to such as pin To the new checkbook for checking account, or request is transmitted for Payment Card is replaced in the case where card is damaged.

Subprocess 1000 is in account holder 5 together with data ID 1002 and one or more accounts of discussed account ID 1003 starts when submitting request or other communications 1001 together.Central application server 3 handles request 1001 1003, and And in the 1004 verifications request (using user and account ID).Once it is verified as effectively, just looking into central database 1 1005 Look for the data of account holder.

In notice request 1001 when 1006 are verified as effective, the processing is through each asking account to be iterated (such as Across central application server 3, central database 1 and processing side database server 6 and be marked as " being directed to each account Indicated by the step group at family "), and be identified to update or dispatch their state or preference.Account ID can be account Numeral or alphanumeric word or expression given by holder 5 and cause the account in the data of system identification account holder Family.Here application such as the identical consideration for being used to build account ID discussed in Fig. 10 above.

For specified each account, central application server 3 step 1007 in 1 invoked procedure of central database and Change the state (step 1008) of account in a manner of account holder 5 is requested.In step 1009, central application server 3 Request corresponds to the payment processes side or bank that account is discussed, this sentences with central database 1 and obtains relevant payment processes The finding step 1010 of side 1011 is corresponding.Discuss that account identifies related payment processes side 1011 once being directed to, center should Just request 1012 is sent to the database server 6 of payment processes side that step (is participated in the state of more New Account with server 3 1013)。

Notice that account holder 5 then (is used notice subprocess 800) is with (multiple) of requested (multiple) operations As a result, and in time receive and described ask the confirmation 1014 that has been carried out.

Finally, Figure 12 illustrates the sub- mistake as mentioned by for example in subprocess 500 (Fig. 6 of the above) on Trading Authorization The step of journey 1100 (verification trade detail).

When subprocess 500 is initiated in the code data storehouse 4 of processing side, or needing relative to before in account That is established in the registration material of holder any when being verified using rule to the details of transaction, safety in processing side Code database 4 runs the subprocess 1100 for being used to verify trade detail.

Given data ID 1101, the registration material of account holder is found (1102) and determines whether there is any The trading rules (1103) that the account holder of application is established.If without applicable trading rules, subprocess 1100 Exit, this instruction trade detail process " passes through " and (that is, completes).

Otherwise, using as the input for the subprocess and usually at the payment of processing Trading Authorization subprocess 500 The trade detail that reason side is received, can apply rule (for example, transaction amount/limit 1106, correlative detail (such as trade company of trade company Title either any applicable business trade company catalog code) 1107, regular transaction signature/designator 1108 or arbitrarily Other transaction correlative details 1109, such as domestic transaction date and time, and the product or the information of service bought) it is clear Look at and be verified as applying 1105.

In more detail, as it is contemplated herein to the example of transaction verification include but is not limited to：

Transaction amount limits：It is fixed in advance that account holder 5 can be directed to any given transaction attempted in login account Adopted maximum or the upper limit.For example, account holder may wish to refusal registered in the registration material of account holder to Determine any transaction for example more than 500.00 on credit card to attempt.

Trade company or trade company's classification limitation：Account holder can select to prevent to be directed to some trade companies in the case where being attempted Or the transaction of trade company's classification.On the contrary, account holder can specify his one or more accounts only can be in some specific business Family is used for some trade company's classifications.Account holder can also specify login account will be directed to its exclusively with business Family or the list of classification, and refuse any transaction attempted in other any trade companies or trade company's classification.For example, trade company holder The account to be used and ratified can be selected only to buy some articles, or bought in some positions or trade company's classification, It such as groceries or gasoline, or may wish to limit some trade company's classifications, such as refuse to attempt to carry out in drinks brand shop any Purchase.

Regular trading rules：Account holder may determine whether to agree to or refuse from some trade companies or bill side Frequent sexual transaction, or specify how many regular transaction to be agreed and agree to which kind of frequency.Account holder can To select all often sexual transactions for institute's login account to be all rejected for registration, unless being arranged at account holder's It is specified in transaction verification rule on registration material.For example, account holder be able to should be only from coming from destiny account The quarterly amount of money not higher than $ 1200.00 of specific Utilities Electric Co. and from cable provider monthly $ 150.00 or more The frequent sexual transaction of the low amount of money.Account holder can set these rules as effectively until be removed, or specified expiration date Phase, agree to serial quantity.

Other rules or any combination of these can also be specified.For example, regular trading rules can include trade company Classification limits or the trade maximum amount of money.

After 1105 checked transaction verification rule, if transaction passed through at 1110 it is all using rule, Processing returns to " passing through " result 1104.Otherwise, it returns to " failure " result 1111, and account holder can also be alternatively The notice of failure is verified via notice subprocess 800.

The change of the embodiment can also relate to real-time with account holder in the case of rule verification failure Communication, so that account holder is actively engaged among transaction approval process.If for example, receive regular ACH branch Pay and account holder not yet sets rule for certain types of pay, then account holder for example can be by automatic Or presence proxy call or SMS text or mobile application sending out notice and be notified, to hold from account People requests for permission or confirms to refuse, and may be directed to other any transaction from the specific beneficiary or bill side at this moment Attempt to set regular trading rules.Can also be carried out during transaction authorization request with account holder other are logical in real time Letter, is in most cases during the processing of the off-line trading of such as check or ACH payments etc, so as to for example so that account Holder corrects the invalid security code having been enter into.

Although for the description and interpretation purpose of the present invention, with reference to some particular examples, invention has been described above, But it must be understood that, the present invention is not limited only with reference to those exemplary details.More specifically, this area Technical staff will be readily appreciated that, can modify and develop in a preferred embodiment.

Although using electric payment transaction as background, invention has been described above, disclosed concept can be more To be usually applied to for sensitive electron network or requiring to reduce other electricity of the user authentication of basic security code leakage The safe electronic of fructification accesses.For example, the present invention can be applied to user authentication so as to allow in taxation authority's affairs Taxation declaration or on such as refund the problems such as with taxation authority interact when carry out user authentication.More generally, its energy Enough allow user easily with above-mentioned described multiple financial institutions used in same way and use single safety code Come with being interacted such as multiple government organs (the tax, law enforcement agency).It can be included away from institute's access entity by long-range and Run (for example, being accessed via API), and will for example receive data ID, requesting party ID (correspond to user seek access Entity, and similar in the description of payment processes side's mark with being directed to before), the password of requesting party, and user submitted Safety code.

Although for the description and interpretation purpose of the present invention, with reference to some particular examples, invention has been described above, But it must be understood that, the present invention is not limited only with reference to those exemplary details.More specifically, this area Technical staff will be readily appreciated that, can modify and develop in a preferred embodiment and therefore not exceed the present invention Scope.

Claims (32)

1. a kind of safety code using limited validity period allows the method for financial entity certification electric payment transaction, including：

Receive the matrix that multiple users are associated with respective unique safety code set established before, the safety each gathered Code has the term of validity；

The request of processing electric payment transaction is received, the request includes the safety code for certification, the safety code quilt received Claim associated with a user in the multiple user；

For described effective in the matrix established before described in being preserved by the safety code received and in the financial entity Phase compared with the corresponding safety code of user claimed in the multiple user, the term of validity corresponds to institute State the time of the request of processing electric payment transaction；And

According in the safety code and matrix received be directed to the corresponding term of validity corresponding safety code between correspondence or The missing of the correspondence and ratify or disapprove the transaction.

2. according to the method described in claim 1, the safety code of wherein described limited validity period is for belonging to the more of the user Kind e-payment pattern is shared.

3. according to the method described in claim 2, the payment mode of wherein described user include it is following in one or more：Branch Ticket account, credit card, Automatic Clearing House transaction, debit card account, prepaid credit card account, gift card accounts and nothing Paying by check.

4. according to the method described in claim 2, wherein carried corresponding to multiple financial entities of a variety of payment modes It is provided with identical safety code matrix so that can be used for the use in the given term of validity for the given safety code of the user All payment modes at family.

5. according to the method described in claim 4, it is included in the matrix by the given finance in the financial entity Entity uses unique hash salt figure for the financial entity given in the multiple financial entity before receiving To be hashed to the code in each safety code matrix.

6. according to the method described in claim 5, further comprise using identical with for being hashed to safety code matrix Hash salt figure the safety code received is hashed so that by the safety code received with it is described before the matrix established In corresponding safety code be compared including the use will be directed in the hashed safety code received and the matrix Family and hashed safety code for the related term of validity are compared.

7. according to the method described in claim 1, each safety code in wherein described matrix is generated by random number generator.

8. according to the method described in claim 1, the wherein described term of validity is a calendar day.

9. according to the method described in claim 1, further comprise that the use will be transferred to for the safety code of the currently active phase Family.

10. according to the method described in claim 1, wherein current safety code can be selectively deactivated.

11. according to the method described in claim 1, wherein current safety code can before its term of validity terminates selectively by Substitute, so as to cause generation to include being directed to the new square of the hashed safety code by replacement safety code of the still not complete term of validity Battle array.

12. according to the method described in claim 2, wherein one or more payment modes of user can have choosing by following It is locked or unlocks with selects：

Receive locking/unlocking request from the user, user identity evidence and to be locked locking/unlocking one kind or A variety of payment modes；

New locking or unlock are notified to the financial institution associated with each or a variety of payment modes and/or payment processes side State；And

Confirm locking or unlock with user.

13. according to the method described in claim 1, further comprise in addition to the certification of the safety code of the user also to Determine the predefined trading approving rule of transaction application.

14. according to the method for claim 13, wherein trading approving rule is including one or more of following：Hand over The limitation of the easy amount of money；Limitation pair with the transaction of particular merchant or trade company's classification；And the limitation to frequent sexual transaction.

15. a kind of safety code for generating and distributing limited validity period is so as to the side of the progress user authentication in electric payment transaction Method, including：

Multiple users are associated with respective unique pattern identification；

For the set of each pattern identification generation random number safety code, each safety code in each set has corresponding to difference The effect phase, each safety code was corresponding to each to be derived from the multiple user matrix associated with respective safety code set From the term of validity；

The matrix algebraic eqation is paid at least one with least one user in the multiple user in the matrix The respective pay processing side that pattern is associated；And

At least one currently valid safety code is transferred to each user in the user so as in electric payment transaction Used in certification, wherein the certification include using user as the safety code that a part for electric payment transaction is submitted with it is described Compared for the user in matrix and for the safety code of the related term of validity of the time relative to the electric payment transaction Compared with.

16. according to the method for claim 15, wherein the term of validity of the safety code is with day, hour or day and small When measure.

17. according to the method for claim 15, wherein the term of validity of safety code is one day.

18. according to the method for claim 15, wherein transmitting at least one currently valid safety code includes transmitting currently Effective safety code and subsequently will effective one or more safety codes.

19. according to the method for claim 15, wherein transmit at least one currently valid safety code include it is following in It is one or more：At least one currently valid safety code is transmitted when user asks and push is at least one currently valid Safety code.

20. according to the method for claim 15, wherein at least one payment mode include it is following in one or more：Branch Ticket account, credit card, Automatic Clearing House transaction, debit card account, prepaid credit card account, gift card accounts and nothing Paying by check.

21. according to the method for claim 15, wherein the set of generation random number safety code is included in for follow-up effective Phase is that the respective safety code of each user generation in the multiple user is before the multiple user for the given term of validity In each user generate respective safety code.

22. according to the method for claim 15, wherein the different terms of validity is continuous in time.

23. according to the method for claim 22, wherein for the first safety code the term of validity end with for follow-up Existence time overlaps between the beginning of the term of validity of second safety code.

24. according to the method for claim 15, wherein being used before by the matrix algebraic eqation to respective pay processing side Unique corresponding hash salt figure hashes the matrix for respective pay processing side.

25. a kind of generate and manage multiple limited validity periods and the set of the specific safety code of user is allowed to use accordingly The method that family is interacted using single corresponding safety code and multiple electronic entities, including：

Multiple random numbers of predetermined number bit length are generated using random number generator；

The matrix of multiple corresponding safety code set is filled using the random number generated accordingly, wherein each safe code collection Associated with the respective term of validity in the matrix and each safety code set of each safety code in conjunction has unique mark Know symbol；

Corresponding safety code set is associated with corresponding user；

The pair of the matrix of safety code is generated using the safety code for each electronic entity in the multiple electronic entity This so as to allow to interact therewith and using correspond to the multiple electronic entity in each electronic entity difference and Unique hash salt figure mathematically hashes the safety code in each copy, is derived from the more of the safety code matrix A unique hashed version；

Corresponding unique hashed version of the safety code matrix is transferred to corresponding electronic entity, and is dissipated corresponding Row salt figure is individually transmitted to corresponding electronic entity；And

At least one currently valid safety code being associated in safety code set with corresponding user is transferred to the user.

26. according to the method for claim 25, wherein the electronic entity is including one or more of following：Bank is real Body, payment processes side's entity and fail-safe computer network.

27. according to the method for claim 25, wherein hashing algorithm safe to use carries out the random number in the matrix Hash.

28. according to the method for claim 25, wherein the term of validity of each safety code is day when 24 be pre-selected are small Calendar day.

29. according to the method for claim 25, wherein the term of validity of each safety code in each set is in time Continuously.

30. a kind of safety code using limited validity period to be to allow the method that financial entity is authenticated e-payment application, Including：

The matrix established before is received, the matrix is associated with respective unique safety code set by multiple users, Mei Geji The safety code of conjunction is respectively provided with the term of validity, wherein each safety code mathematically utilizes the unique hash being uniquely corresponding to set matrix Salt figure is hashed；

The request of processing electric payment transaction is received, the request includes the safety code for certification, receives safety code by sound Claim associated with a user in the multiple user；

The safety code received is hashed using the same Hash salt figure joined with the matrix correlation received；

The hashed safety code received is described effective with being directed in the matrix established before financial entity is preserved Phase compared with the corresponding hashed safety code of a user claimed in the multiple user, the term of validity Corresponding to the time of the request of the processing electric payment transaction；And

Safety code is received with being directed to the corresponding hashed safety of the corresponding term of validity in the matrix according to hashed Code between correspondence or correspondence missing and ratify or disapprove the transaction.

31. according to the method for claim 30, wherein it is multiple pre- to generate to fill the matrix using random number generator The random number of fixed number bit length.

32. according to the method for claim 31, wherein the random number generator is True Random Number Generator.